From 4847eadcd8f2efd4d6bc6b441267376bb4ea09d3 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 19 Apr 2002 09:18:57 +0000 Subject: [PATCH] * tdbio.c (tdbio_write_nextcheck): Return a status whether the stamp was actually changed. * trustdb.c (revalidation_mark): Sync the changes. Removed the sync operation done by its callers. (get_validity): Add logic for maintaining a pending_check flag. (clear_ownertrust): New. * keyedit.c (sign_uids): Don't call revalidation_mark depending on primary_pk. (keyedit_menu): Call revalidation_mark after "trust". (show_key_with_all_names): Print a warning on the wrong listed key validity. * delkey.c (do_delete_key): Clear the owenertrust information when deleting a public key. --- g10/ChangeLog | 18 ++++++++++++++++ g10/delkey.c | 4 ++++ g10/keyedit.c | 27 ++++++++++++++++++----- g10/tdbio.c | 6 ++++-- g10/tdbio.h | 2 +- g10/trustdb.c | 59 ++++++++++++++++++++++++++++++++++++++++----------- g10/trustdb.h | 3 ++- 7 files changed, 98 insertions(+), 21 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 8527827d8..fa0441ffe 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,21 @@ +2002-04-19 Werner Koch + + * tdbio.c (tdbio_write_nextcheck): Return a status whether the + stamp was actually changed. + * trustdb.c (revalidation_mark): Sync the changes. Removed the + sync operation done by its callers. + (get_validity): Add logic for maintaining a pending_check flag. + (clear_ownertrust): New. + + * keyedit.c (sign_uids): Don't call revalidation_mark depending on + primary_pk. + (keyedit_menu): Call revalidation_mark after "trust". + (show_key_with_all_names): Print a warning on the wrong listed key + validity. + + * delkey.c (do_delete_key): Clear the owenertrust information when + deleting a public key. + 2002-04-18 Werner Koch * seskey.c (encode_md_value): Print an error message if a wrong diff --git a/g10/delkey.c b/g10/delkey.c index 0b51ea899..d16a076b4 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -156,6 +156,10 @@ do_delete_key( const char *username, int secret, int *r_sec_avail ) log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) ); goto leave; } + if (!secret && pk && clear_ownertrust (pk)) { + if (opt.verbose) + log_info (_("ownertrust information cleared\n")); + } } leave: diff --git a/g10/keyedit.c b/g10/keyedit.c index 786873d3d..23472d7c1 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -611,9 +611,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, if( node->flag & NODFLG_DELSIG) delete_kbnode(node); } /* end loop over signators */ - if( upd_trust && primary_pk ) { + if (upd_trust) revalidation_mark (); - } leave: @@ -799,7 +798,8 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, cmdPRIMARY, cmdDEBUG, cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, - cmdSETPREF, cmdUPDPREF, cmdINVCMD, cmdSHOWPHOTO, cmdNOP }; + cmdSETPREF, cmdUPDPREF, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, + cmdCHKTRUST, cmdNOP }; static struct { const char *name; enum cmdids id; int need_sk; @@ -1215,8 +1215,10 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 ); tty_printf("\n"); if( edit_ownertrust( find_kbnode( keyblock, - PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) + PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) { redisplay = 1; + revalidation_mark (); + } break; case cmdPREF: @@ -1439,6 +1441,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker, { KBNODE node; int i, rc; + int do_warn = 0; /* the keys */ for( node = keyblock; node; node = node->next ) { @@ -1450,9 +1453,17 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker, if( node->pkt->pkttype == PKT_PUBLIC_KEY ) { /* do it here, so that debug messages don't clutter the * output */ - + static int did_warn = 0; + trust = get_validity_info (pk, NULL); otrust = get_ownertrust_info (pk); + + /* Show a warning once */ + if (!did_warn + && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) { + did_warn = 1; + do_warn = 1; + } } if(with_revoker) @@ -1549,6 +1560,12 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker, } } } + + if (do_warn) + tty_printf (_("Please note that the shown key validity " + "is not necessary correct\n" + "unless you restart the program.\n")); + } static void diff --git a/g10/tdbio.c b/g10/tdbio.c index d404f3896..da71247ee 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -659,7 +659,8 @@ tdbio_read_nextcheck () return vr.r.ver.nextcheck; } -void +/* Return true when the stamp was actually changed. */ +int tdbio_write_nextcheck (ulong stamp) { TRUSTREC vr; @@ -671,13 +672,14 @@ tdbio_write_nextcheck (ulong stamp) db_name, g10_errstr(rc) ); if (vr.r.ver.nextcheck == stamp) - return; + return 0; vr.r.ver.nextcheck = stamp; rc = tdbio_write_record( &vr ); if( rc ) log_fatal( _("%s: error writing version record: %s\n"), db_name, g10_errstr(rc) ); + return 1; } diff --git a/g10/tdbio.h b/g10/tdbio.h index f1148240a..a1efa6751 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -95,7 +95,7 @@ int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ); int tdbio_write_record( TRUSTREC *rec ); int tdbio_db_matches_options(void); ulong tdbio_read_nextcheck (void); -void tdbio_write_nextcheck (ulong stamp); +int tdbio_write_nextcheck (ulong stamp); int tdbio_is_dirty(void); int tdbio_sync(void); int tdbio_begin_transaction(void); diff --git a/g10/trustdb.c b/g10/trustdb.c index 6d84c6796..4abdeeef1 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -71,9 +71,7 @@ static struct { static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */ static struct key_item *utk_list; /* all ultimately trusted keys */ -/* Keep track on whether we did an update trustDB already */ -static int did_nextcheck; - +static int pending_check_trustdb; static int validate_keys (int interactive); @@ -499,7 +497,9 @@ revalidation_mark (void) init_trustdb(); /* we simply set the time for the next check to 1 (far back in 1970) * so that a --update-trustdb will be scheduled */ - tdbio_write_nextcheck (1); + if (tdbio_write_nextcheck (1)) + do_sync (); + pending_check_trustdb = 1; } @@ -593,7 +593,6 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) rec.r.trust.ownertrust = new_trust; write_record( &rec ); revalidation_mark (); - do_sync(); } } else if (rc == -1) @@ -610,7 +609,6 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) rec.r.trust.ownertrust = new_trust; write_record (&rec); revalidation_mark (); - do_sync(); rc = 0; } else @@ -619,6 +617,34 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) } } +/* Clear the ownertrust value. Return true if a changed actually happend. */ +int +clear_ownertrust (PKT_public_key *pk) +{ + TRUSTREC rec; + int rc; + + rc = read_trust_record (pk, &rec); + if (!rc) + { + if (DBG_TRUST) + log_debug ("clearing ownertrust (old value %u)\n", + (unsigned int)rec.r.trust.ownertrust); + if (rec.r.trust.ownertrust) + { + rec.r.trust.ownertrust = 0; + write_record( &rec ); + revalidation_mark (); + return 1; + } + } + else if (rc != -1) + { + tdbio_invalid (); + } + return 0; +} + /* * Note: Caller has to do a sync */ @@ -723,6 +749,7 @@ clear_validity (PKT_public_key *pk) unsigned int get_validity (PKT_public_key *pk, const byte *namehash) { + static int did_nextcheck; TRUSTREC trec, vrec; int rc; ulong recno; @@ -739,12 +766,16 @@ get_validity (PKT_public_key *pk, const byte *namehash) scheduled = tdbio_read_nextcheck (); if (scheduled && scheduled <= make_timestamp ()) { - if (opt.no_auto_check_trustdb) - log_info ("please do a --check-trustdb\n"); - else { - log_info (_("checking the trustdb\n")); - validate_keys (0); - } + if (opt.no_auto_check_trustdb) + { + pending_check_trustdb = 1; + log_info ("please do a --check-trustdb\n"); + } + else + { + log_info (_("checking the trustdb\n")); + validate_keys (0); + } } } @@ -805,6 +836,9 @@ get_validity (PKT_public_key *pk, const byte *namehash) * I initially designed it that way */ if (main_pk->has_expired || pk->has_expired) validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED; + + if (pending_check_trustdb) + validity |= TRUST_FLAG_PENDING_CHECK; if (main_pk != pk) free_public_key (main_pk); @@ -1605,6 +1639,7 @@ validate_keys (int interactive) strtimestamp (next_expire)); } do_sync (); + pending_check_trustdb = 0; } return rc; } diff --git a/g10/trustdb.h b/g10/trustdb.h index e9c62670c..2a1297044 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -35,7 +35,7 @@ #define TRUST_FLAG_REVOKED 32 /* r: revoked */ #define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */ #define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */ - +#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */ /*-- trustdb.c --*/ void register_trusted_key( const char *string ); @@ -62,6 +62,7 @@ void enum_cert_paths_print( void **context, FILE *fp, unsigned int get_ownertrust (PKT_public_key *pk); int get_ownertrust_info (PKT_public_key *pk); void update_ownertrust (PKT_public_key *pk, unsigned int new_trust ); +int clear_ownertrust (PKT_public_key *pk); /*-- tdbdump.c --*/