mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-11 13:14:25 +01:00
* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
particular user ID, use that ID as the one to ask about when prompting whether to use the key anyway. (build_pk_list): Similar change here when adding keys to the recipient list. * trustdb.c (update_validity): Fix bug that prevented more than one validity record per trust record. (get_validity): When retrieving validity for a (user) supplied user ID, return the validity for that user ID only, and do not fall back to the general key validity. (validate_one_keyblock): Some commentary on whether non-self-signed user IDs belong in the web of trust (arguably, they do).
This commit is contained in:
parent
f09fe68e76
commit
4b502c70bf
@ -1,3 +1,20 @@
|
|||||||
|
2003-04-30 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
|
||||||
|
particular user ID, use that ID as the one to ask about when
|
||||||
|
prompting whether to use the key anyway.
|
||||||
|
(build_pk_list): Similar change here when adding keys to the
|
||||||
|
recipient list.
|
||||||
|
|
||||||
|
* trustdb.c (update_validity): Fix bug that prevented more than
|
||||||
|
one validity record per trust record.
|
||||||
|
(get_validity): When retrieving validity for a (user) supplied
|
||||||
|
user ID, return the validity for that user ID only, and do not
|
||||||
|
fall back to the general key validity.
|
||||||
|
(validate_one_keyblock): Some commentary on whether
|
||||||
|
non-self-signed user IDs belong in the web of trust (arguably,
|
||||||
|
they do).
|
||||||
|
|
||||||
2003-04-29 Werner Koch <wk@gnupg.org>
|
2003-04-29 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* sig-check.c (check_key_signature2): Made "no subkey for subkey
|
* sig-check.c (check_key_signature2): Made "no subkey for subkey
|
||||||
|
@ -525,17 +525,23 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if( !opt.batch && !rc ) {
|
if( !opt.batch && !rc ) {
|
||||||
char *p;
|
|
||||||
u32 keyid[2];
|
u32 keyid[2];
|
||||||
size_t n;
|
|
||||||
|
|
||||||
keyid_from_pk( pk, keyid);
|
keyid_from_pk( pk, keyid);
|
||||||
tty_printf( "%4u%c/%08lX %s \"",
|
tty_printf( "%4u%c/%08lX %s \"",
|
||||||
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
|
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
|
||||||
(ulong)keyid[1], datestr_from_pk( pk ) );
|
(ulong)keyid[1], datestr_from_pk( pk ) );
|
||||||
p = get_user_id( keyid, &n );
|
/* If the pk was chosen by a particular user ID, this is the
|
||||||
tty_print_utf8_string( p, n ),
|
one to ask about. */
|
||||||
m_free(p);
|
if(pk->user_id)
|
||||||
|
tty_print_utf8_string(pk->user_id->name,pk->user_id->len);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
size_t n;
|
||||||
|
char *p = get_user_id( keyid, &n );
|
||||||
|
tty_print_utf8_string( p, n );
|
||||||
|
m_free(p);
|
||||||
|
}
|
||||||
tty_printf("\"\n");
|
tty_printf("\"\n");
|
||||||
print_fingerprint (pk, NULL, 2);
|
print_fingerprint (pk, NULL, 2);
|
||||||
tty_printf("\n");
|
tty_printf("\n");
|
||||||
@ -890,7 +896,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
else {
|
else {
|
||||||
int trustlevel;
|
int trustlevel;
|
||||||
|
|
||||||
trustlevel = get_validity (pk, NULL);
|
trustlevel = get_validity (pk, pk->user_id);
|
||||||
if( (trustlevel & TRUST_FLAG_DISABLED) ) {
|
if( (trustlevel & TRUST_FLAG_DISABLED) ) {
|
||||||
tty_printf(_("Public key is disabled.\n") );
|
tty_printf(_("Public key is disabled.\n") );
|
||||||
}
|
}
|
||||||
@ -903,8 +909,6 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
PK_LIST r;
|
PK_LIST r;
|
||||||
char *p;
|
|
||||||
size_t n;
|
|
||||||
u32 keyid[2];
|
u32 keyid[2];
|
||||||
|
|
||||||
keyid_from_pk( pk, keyid);
|
keyid_from_pk( pk, keyid);
|
||||||
@ -913,9 +917,16 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
pubkey_letter( pk->pubkey_algo ),
|
pubkey_letter( pk->pubkey_algo ),
|
||||||
(ulong)keyid[1],
|
(ulong)keyid[1],
|
||||||
datestr_from_pk( pk ) );
|
datestr_from_pk( pk ) );
|
||||||
p = get_user_id( keyid, &n );
|
if(pk->user_id)
|
||||||
tty_print_utf8_string( p, n );
|
tty_print_utf8_string(pk->user_id->name,
|
||||||
m_free(p);
|
pk->user_id->len);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
size_t n;
|
||||||
|
char *p = get_user_id( keyid, &n );
|
||||||
|
tty_print_utf8_string( p, n );
|
||||||
|
m_free(p);
|
||||||
|
}
|
||||||
tty_printf("\"\n");
|
tty_printf("\"\n");
|
||||||
|
|
||||||
r = m_alloc( sizeof *r );
|
r = m_alloc( sizeof *r );
|
||||||
@ -985,7 +996,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) {
|
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) {
|
||||||
int trustlevel;
|
int trustlevel;
|
||||||
|
|
||||||
trustlevel = get_validity (pk, NULL);
|
trustlevel = get_validity (pk, pk->user_id);
|
||||||
if( (trustlevel & TRUST_FLAG_DISABLED) ) {
|
if( (trustlevel & TRUST_FLAG_DISABLED) ) {
|
||||||
free_public_key(pk); pk = NULL;
|
free_public_key(pk); pk = NULL;
|
||||||
log_info(_("%s: skipped: public key is disabled\n"),
|
log_info(_("%s: skipped: public key is disabled\n"),
|
||||||
|
@ -692,13 +692,13 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
|
|||||||
vrec.rectype = RECTYPE_VALID;
|
vrec.rectype = RECTYPE_VALID;
|
||||||
memcpy (vrec.r.valid.namehash, namehash, 20);
|
memcpy (vrec.r.valid.namehash, namehash, 20);
|
||||||
vrec.r.valid.next = trec.r.trust.validlist;
|
vrec.r.valid.next = trec.r.trust.validlist;
|
||||||
|
trec.r.trust.validlist = vrec.recnum;
|
||||||
}
|
}
|
||||||
vrec.r.valid.validity = validity;
|
vrec.r.valid.validity = validity;
|
||||||
vrec.r.valid.full_count = uid->help_full_count;
|
vrec.r.valid.full_count = uid->help_full_count;
|
||||||
vrec.r.valid.marginal_count = uid->help_marginal_count;
|
vrec.r.valid.marginal_count = uid->help_marginal_count;
|
||||||
write_record (&vrec);
|
write_record (&vrec);
|
||||||
trec.r.trust.depth = depth;
|
trec.r.trust.depth = depth;
|
||||||
trec.r.trust.validlist = vrec.recnum;
|
|
||||||
write_record (&trec);
|
write_record (&trec);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -739,7 +739,6 @@ clear_validity (PKT_public_key *pk)
|
|||||||
return any;
|
return any;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/***********************************************
|
/***********************************************
|
||||||
********* Query trustdb values **************
|
********* Query trustdb values **************
|
||||||
***********************************************/
|
***********************************************/
|
||||||
@ -861,16 +860,30 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
|||||||
while (recno)
|
while (recno)
|
||||||
{
|
{
|
||||||
read_record (recno, &vrec, RECTYPE_VALID);
|
read_record (recno, &vrec, RECTYPE_VALID);
|
||||||
if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
|
|
||||||
validity = (vrec.r.valid.validity & TRUST_MASK);
|
if(uid)
|
||||||
if ( uid && !memcmp (vrec.r.valid.namehash, namehash, 20) )
|
{
|
||||||
break;
|
/* If a user ID is given we return the validity for that
|
||||||
|
user ID ONLY. If the namehash is not found, then there
|
||||||
|
is no validity at all (i.e. the user ID wasn't
|
||||||
|
signed). */
|
||||||
|
if(memcmp(vrec.r.valid.namehash,namehash,20)==0)
|
||||||
|
{
|
||||||
|
validity=(vrec.r.valid.validity & TRUST_MASK);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* If no namehash is given, we take the maximum validity
|
||||||
|
over all user IDs */
|
||||||
|
if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
|
||||||
|
validity = (vrec.r.valid.validity & TRUST_MASK);
|
||||||
|
}
|
||||||
|
|
||||||
recno = vrec.r.valid.next;
|
recno = vrec.r.valid.next;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (recno) /* okay, use the user ID associated one */
|
|
||||||
validity = (vrec.r.valid.validity & TRUST_MASK);
|
|
||||||
|
|
||||||
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
|
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
|
||||||
validity |= TRUST_FLAG_DISABLED;
|
validity |= TRUST_FLAG_DISABLED;
|
||||||
|
|
||||||
@ -1304,6 +1317,16 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
|||||||
keyid_from_pk(pk, main_kid);
|
keyid_from_pk(pk, main_kid);
|
||||||
for (node=kb; node; node = node->next)
|
for (node=kb; node; node = node->next)
|
||||||
{
|
{
|
||||||
|
/* A bit of discussion here: is it better for the web of trust
|
||||||
|
to be built among only self-signed uids? On the one hand, a
|
||||||
|
self-signed uid is a statement that the key owner definitely
|
||||||
|
intended that uid to be there, but on the other hand, a
|
||||||
|
signed (but not self-signed) uid does carry trust, of a sort,
|
||||||
|
even if it is a statement being made by people other than the
|
||||||
|
key owner "through" the uids on the key owner's key. I'm
|
||||||
|
going with the latter. -dshaw */
|
||||||
|
|
||||||
|
/* && node->pkt->pkt.user_id->created) */
|
||||||
if (node->pkt->pkttype == PKT_USER_ID)
|
if (node->pkt->pkttype == PKT_USER_ID)
|
||||||
{
|
{
|
||||||
if (uidnode && issigned)
|
if (uidnode && issigned)
|
||||||
@ -1318,13 +1341,19 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
|||||||
}
|
}
|
||||||
uidnode = node;
|
uidnode = node;
|
||||||
uid=uidnode->pkt->pkt.user_id;
|
uid=uidnode->pkt->pkt.user_id;
|
||||||
|
#if 0
|
||||||
|
/* If the selfsig is going to expire... This is disabled as
|
||||||
|
we do count un-self-signed uids in the web of trust. */
|
||||||
|
if(uid->expiredate && uid->expiredate<*next_expire)
|
||||||
|
*next_expire = uid->expiredate;
|
||||||
|
#endif
|
||||||
issigned = 0;
|
issigned = 0;
|
||||||
get_validity_counts(pk,uid);
|
get_validity_counts(pk,uid);
|
||||||
mark_usable_uid_certs (kb, uidnode, main_kid, klist,
|
mark_usable_uid_certs (kb, uidnode, main_kid, klist,
|
||||||
curtime, next_expire);
|
curtime, next_expire);
|
||||||
}
|
}
|
||||||
else if (node->pkt->pkttype == PKT_SIGNATURE
|
else if (node->pkt->pkttype == PKT_SIGNATURE
|
||||||
&& (node->flag & (1<<8)) && uid)
|
&& (node->flag & (1<<8)) && uid)
|
||||||
{
|
{
|
||||||
PKT_signature *sig = node->pkt->pkt.signature;
|
PKT_signature *sig = node->pkt->pkt.signature;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user