1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

g10: When changing a TOFU binding's policy, update the conflict info

* g10/tofu.c (record_binding): Take an additional argument, CONFLICT.
Set the binding's conflict accordingly.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield 2016-10-12 21:42:10 +02:00
parent ca84f65c7c
commit 3ad17e72fa

View File

@ -797,8 +797,9 @@ get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName,
If SHOW_OLD is set, the binding's old policy is displayed. */ If SHOW_OLD is set, the binding's old policy is displayed. */
static gpg_error_t static gpg_error_t
record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email, record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
const char *user_id, enum tofu_policy policy, int show_old, const char *user_id, enum tofu_policy policy,
time_t now) const char *conflict,
int show_old, time_t now)
{ {
char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0);
gpg_error_t rc; gpg_error_t rc;
@ -850,12 +851,6 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
" <key: %s, user id: %s> to %s.\n", " <key: %s, user id: %s> to %s.\n",
fingerprint, show_old ? user_id : email, fingerprint, show_old ? user_id : email,
tofu_policy_str (policy)); tofu_policy_str (policy));
if (policy_old == policy)
{
rc = 0;
goto leave; /* Nothing to do. */
}
} }
if (opt.dry_run) if (opt.dry_run)
@ -868,18 +863,19 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
rc = gpgsql_stepx rc = gpgsql_stepx
(dbs->db, &dbs->s.record_binding_update, NULL, NULL, &err, (dbs->db, &dbs->s.record_binding_update, NULL, NULL, &err,
"insert or replace into bindings\n" "insert or replace into bindings\n"
" (oid, fingerprint, email, user_id, time, policy)\n" " (oid, fingerprint, email, user_id, time, policy, conflict)\n"
" values (\n" " values (\n"
/* If we don't explicitly reuse the OID, then SQLite will /* If we don't explicitly reuse the OID, then SQLite will
reallocate a new one. We just need to search for the OID reallocate a new one. We just need to search for the OID
based on the fingerprint and email since they are unique. */ based on the fingerprint and email since they are unique. */
" (select oid from bindings where fingerprint = ? and email = ?),\n" " (select oid from bindings where fingerprint = ? and email = ?),\n"
" ?, ?, ?, ?, ?);", " ?, ?, ?, ?, ?, ?);",
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, user_id, GPGSQL_ARG_STRING, user_id,
GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_INT, (int) policy, GPGSQL_ARG_INT, (int) policy,
GPGSQL_ARG_STRING, conflict ? conflict : "",
GPGSQL_ARG_END); GPGSQL_ARG_END);
if (rc) if (rc)
{ {
@ -1747,7 +1743,7 @@ ask_about_binding (ctrl_t ctrl,
} }
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
*policy, 0, now)) *policy, NULL, 0, now))
{ {
/* If there's an error registering the /* If there's an error registering the
* binding, don't save the signature. */ * binding, don't save the signature. */
@ -2087,7 +2083,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
/* New binding. */ /* New binding. */
{ {
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_GOOD, 0, now) != 0) TOFU_POLICY_GOOD, NULL, 0, now) != 0)
{ {
log_error (_("error setting TOFU binding's trust level" log_error (_("error setting TOFU binding's trust level"
" to %s\n"), "good"); " to %s\n"), "good");
@ -2206,7 +2202,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
if (is_signed_by_utk) if (is_signed_by_utk)
{ {
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_GOOD, 0, now) != 0) TOFU_POLICY_GOOD, NULL, 0, now) != 0)
{ {
log_error (_("error setting TOFU binding's trust level" log_error (_("error setting TOFU binding's trust level"
" to %s\n"), "good"); " to %s\n"), "good");
@ -2246,7 +2242,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
fingerprint, email); fingerprint, email);
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_AUTO, 0, now) != 0) TOFU_POLICY_AUTO, NULL, 0, now) != 0)
{ {
log_error (_("error setting TOFU binding's trust level to %s\n"), log_error (_("error setting TOFU binding's trust level to %s\n"),
"auto"); "auto");
@ -2275,7 +2271,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
fingerprint, email); fingerprint, email);
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_AUTO, 0, now) != 0) TOFU_POLICY_AUTO, NULL, 0, now) != 0)
log_error (_("error setting TOFU binding's trust level to %s\n"), log_error (_("error setting TOFU binding's trust level to %s\n"),
"auto"); "auto");
@ -2297,7 +2293,10 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
log_assert (policy == TOFU_POLICY_NONE); log_assert (policy == TOFU_POLICY_NONE);
if (record_binding (dbs, fingerprint, email, user_id, if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_ASK, 0, now) != 0) TOFU_POLICY_ASK,
conflict_set && conflict_set->next
? conflict_set->next->d : NULL,
0, now) != 0)
log_error (_("error setting TOFU binding's trust level to %s\n"), log_error (_("error setting TOFU binding's trust level to %s\n"),
"ask"); "ask");
@ -3378,7 +3377,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
email = email_from_user_id (user_id->name); email = email_from_user_id (user_id->name);
err = record_binding (dbs, fingerprint, email, user_id->name, err = record_binding (dbs, fingerprint, email, user_id->name,
policy, 1, now); policy, NULL, 1, now);
if (err) if (err)
{ {
log_error (_("error setting policy for key %s, user id \"%s\": %s"), log_error (_("error setting policy for key %s, user id \"%s\": %s"),