mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
* tdbio.c (tdbio_write_nextcheck): Return a status whether the
stamp was actually changed. * trustdb.c (revalidation_mark): Sync the changes. Removed the sync operation done by its callers. (get_validity): Add logic for maintaining a pending_check flag. (clear_ownertrust): New. * keyedit.c (sign_uids): Don't call revalidation_mark depending on primary_pk. (keyedit_menu): Call revalidation_mark after "trust". (show_key_with_all_names): Print a warning on the wrong listed key validity. * delkey.c (do_delete_key): Clear the owenertrust information when deleting a public key.
This commit is contained in:
parent
aedeefcc5f
commit
4847eadcd8
@ -1,3 +1,21 @@
|
||||
2002-04-19 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* tdbio.c (tdbio_write_nextcheck): Return a status whether the
|
||||
stamp was actually changed.
|
||||
* trustdb.c (revalidation_mark): Sync the changes. Removed the
|
||||
sync operation done by its callers.
|
||||
(get_validity): Add logic for maintaining a pending_check flag.
|
||||
(clear_ownertrust): New.
|
||||
|
||||
* keyedit.c (sign_uids): Don't call revalidation_mark depending on
|
||||
primary_pk.
|
||||
(keyedit_menu): Call revalidation_mark after "trust".
|
||||
(show_key_with_all_names): Print a warning on the wrong listed key
|
||||
validity.
|
||||
|
||||
* delkey.c (do_delete_key): Clear the owenertrust information when
|
||||
deleting a public key.
|
||||
|
||||
2002-04-18 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* seskey.c (encode_md_value): Print an error message if a wrong
|
||||
|
@ -156,6 +156,10 @@ do_delete_key( const char *username, int secret, int *r_sec_avail )
|
||||
log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) );
|
||||
goto leave;
|
||||
}
|
||||
if (!secret && pk && clear_ownertrust (pk)) {
|
||||
if (opt.verbose)
|
||||
log_info (_("ownertrust information cleared\n"));
|
||||
}
|
||||
}
|
||||
|
||||
leave:
|
||||
|
@ -611,9 +611,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
if( node->flag & NODFLG_DELSIG)
|
||||
delete_kbnode(node);
|
||||
} /* end loop over signators */
|
||||
if( upd_trust && primary_pk ) {
|
||||
if (upd_trust)
|
||||
revalidation_mark ();
|
||||
}
|
||||
|
||||
|
||||
leave:
|
||||
@ -799,7 +798,8 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
||||
cmdPRIMARY, cmdDEBUG, cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID,
|
||||
cmdADDKEY, cmdDELKEY, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST,
|
||||
cmdPREF, cmdEXPIRE, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF,
|
||||
cmdSETPREF, cmdUPDPREF, cmdINVCMD, cmdSHOWPHOTO, cmdNOP };
|
||||
cmdSETPREF, cmdUPDPREF, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
|
||||
cmdCHKTRUST, cmdNOP };
|
||||
static struct { const char *name;
|
||||
enum cmdids id;
|
||||
int need_sk;
|
||||
@ -1215,8 +1215,10 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
||||
show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 );
|
||||
tty_printf("\n");
|
||||
if( edit_ownertrust( find_kbnode( keyblock,
|
||||
PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) )
|
||||
PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) {
|
||||
redisplay = 1;
|
||||
revalidation_mark ();
|
||||
}
|
||||
break;
|
||||
|
||||
case cmdPREF:
|
||||
@ -1439,6 +1441,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
|
||||
{
|
||||
KBNODE node;
|
||||
int i, rc;
|
||||
int do_warn = 0;
|
||||
|
||||
/* the keys */
|
||||
for( node = keyblock; node; node = node->next ) {
|
||||
@ -1450,9 +1453,17 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
|
||||
if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
|
||||
/* do it here, so that debug messages don't clutter the
|
||||
* output */
|
||||
|
||||
static int did_warn = 0;
|
||||
|
||||
trust = get_validity_info (pk, NULL);
|
||||
otrust = get_ownertrust_info (pk);
|
||||
|
||||
/* Show a warning once */
|
||||
if (!did_warn
|
||||
&& (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) {
|
||||
did_warn = 1;
|
||||
do_warn = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if(with_revoker)
|
||||
@ -1549,6 +1560,12 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (do_warn)
|
||||
tty_printf (_("Please note that the shown key validity "
|
||||
"is not necessary correct\n"
|
||||
"unless you restart the program.\n"));
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -659,7 +659,8 @@ tdbio_read_nextcheck ()
|
||||
return vr.r.ver.nextcheck;
|
||||
}
|
||||
|
||||
void
|
||||
/* Return true when the stamp was actually changed. */
|
||||
int
|
||||
tdbio_write_nextcheck (ulong stamp)
|
||||
{
|
||||
TRUSTREC vr;
|
||||
@ -671,13 +672,14 @@ tdbio_write_nextcheck (ulong stamp)
|
||||
db_name, g10_errstr(rc) );
|
||||
|
||||
if (vr.r.ver.nextcheck == stamp)
|
||||
return;
|
||||
return 0;
|
||||
|
||||
vr.r.ver.nextcheck = stamp;
|
||||
rc = tdbio_write_record( &vr );
|
||||
if( rc )
|
||||
log_fatal( _("%s: error writing version record: %s\n"),
|
||||
db_name, g10_errstr(rc) );
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
@ -95,7 +95,7 @@ int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
|
||||
int tdbio_write_record( TRUSTREC *rec );
|
||||
int tdbio_db_matches_options(void);
|
||||
ulong tdbio_read_nextcheck (void);
|
||||
void tdbio_write_nextcheck (ulong stamp);
|
||||
int tdbio_write_nextcheck (ulong stamp);
|
||||
int tdbio_is_dirty(void);
|
||||
int tdbio_sync(void);
|
||||
int tdbio_begin_transaction(void);
|
||||
|
@ -71,9 +71,7 @@ static struct {
|
||||
static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
|
||||
static struct key_item *utk_list; /* all ultimately trusted keys */
|
||||
|
||||
/* Keep track on whether we did an update trustDB already */
|
||||
static int did_nextcheck;
|
||||
|
||||
static int pending_check_trustdb;
|
||||
|
||||
static int validate_keys (int interactive);
|
||||
|
||||
@ -499,7 +497,9 @@ revalidation_mark (void)
|
||||
init_trustdb();
|
||||
/* we simply set the time for the next check to 1 (far back in 1970)
|
||||
* so that a --update-trustdb will be scheduled */
|
||||
tdbio_write_nextcheck (1);
|
||||
if (tdbio_write_nextcheck (1))
|
||||
do_sync ();
|
||||
pending_check_trustdb = 1;
|
||||
}
|
||||
|
||||
|
||||
@ -593,7 +593,6 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
|
||||
rec.r.trust.ownertrust = new_trust;
|
||||
write_record( &rec );
|
||||
revalidation_mark ();
|
||||
do_sync();
|
||||
}
|
||||
}
|
||||
else if (rc == -1)
|
||||
@ -610,7 +609,6 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
|
||||
rec.r.trust.ownertrust = new_trust;
|
||||
write_record (&rec);
|
||||
revalidation_mark ();
|
||||
do_sync();
|
||||
rc = 0;
|
||||
}
|
||||
else
|
||||
@ -619,6 +617,34 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
|
||||
}
|
||||
}
|
||||
|
||||
/* Clear the ownertrust value. Return true if a changed actually happend. */
|
||||
int
|
||||
clear_ownertrust (PKT_public_key *pk)
|
||||
{
|
||||
TRUSTREC rec;
|
||||
int rc;
|
||||
|
||||
rc = read_trust_record (pk, &rec);
|
||||
if (!rc)
|
||||
{
|
||||
if (DBG_TRUST)
|
||||
log_debug ("clearing ownertrust (old value %u)\n",
|
||||
(unsigned int)rec.r.trust.ownertrust);
|
||||
if (rec.r.trust.ownertrust)
|
||||
{
|
||||
rec.r.trust.ownertrust = 0;
|
||||
write_record( &rec );
|
||||
revalidation_mark ();
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
else if (rc != -1)
|
||||
{
|
||||
tdbio_invalid ();
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Note: Caller has to do a sync
|
||||
*/
|
||||
@ -723,6 +749,7 @@ clear_validity (PKT_public_key *pk)
|
||||
unsigned int
|
||||
get_validity (PKT_public_key *pk, const byte *namehash)
|
||||
{
|
||||
static int did_nextcheck;
|
||||
TRUSTREC trec, vrec;
|
||||
int rc;
|
||||
ulong recno;
|
||||
@ -739,12 +766,16 @@ get_validity (PKT_public_key *pk, const byte *namehash)
|
||||
scheduled = tdbio_read_nextcheck ();
|
||||
if (scheduled && scheduled <= make_timestamp ())
|
||||
{
|
||||
if (opt.no_auto_check_trustdb)
|
||||
log_info ("please do a --check-trustdb\n");
|
||||
else {
|
||||
log_info (_("checking the trustdb\n"));
|
||||
validate_keys (0);
|
||||
}
|
||||
if (opt.no_auto_check_trustdb)
|
||||
{
|
||||
pending_check_trustdb = 1;
|
||||
log_info ("please do a --check-trustdb\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
log_info (_("checking the trustdb\n"));
|
||||
validate_keys (0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -805,6 +836,9 @@ get_validity (PKT_public_key *pk, const byte *namehash)
|
||||
* I initially designed it that way */
|
||||
if (main_pk->has_expired || pk->has_expired)
|
||||
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
|
||||
|
||||
if (pending_check_trustdb)
|
||||
validity |= TRUST_FLAG_PENDING_CHECK;
|
||||
|
||||
if (main_pk != pk)
|
||||
free_public_key (main_pk);
|
||||
@ -1605,6 +1639,7 @@ validate_keys (int interactive)
|
||||
strtimestamp (next_expire));
|
||||
}
|
||||
do_sync ();
|
||||
pending_check_trustdb = 0;
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
@ -35,7 +35,7 @@
|
||||
#define TRUST_FLAG_REVOKED 32 /* r: revoked */
|
||||
#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
|
||||
#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
|
||||
|
||||
#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
|
||||
|
||||
/*-- trustdb.c --*/
|
||||
void register_trusted_key( const char *string );
|
||||
@ -62,6 +62,7 @@ void enum_cert_paths_print( void **context, FILE *fp,
|
||||
unsigned int get_ownertrust (PKT_public_key *pk);
|
||||
int get_ownertrust_info (PKT_public_key *pk);
|
||||
void update_ownertrust (PKT_public_key *pk, unsigned int new_trust );
|
||||
int clear_ownertrust (PKT_public_key *pk);
|
||||
|
||||
|
||||
/*-- tdbdump.c --*/
|
||||
|
Loading…
x
Reference in New Issue
Block a user