* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a

particular user ID, use that ID as the one to ask about when prompting whether to use the key anyway. (build_pk_list): Similar change here when adding keys to the recipient list. * trustdb.c (update_validity): Fix bug that prevented more than one validity record per trust record. (get_validity): When retrieving validity for a (user) supplied user ID, return the validity for that user ID only, and do not fall back to the general key validity. (validate_one_keyblock): Some commentary on whether non-self-signed user IDs belong in the web of trust (arguably, they do).
2024-12-23 10:29:58 +01:00 · 2003-04-30 04:45:25 +00:00 · 2003-04-30 04:45:25 +00:00 · 4b502c70bf
commit 4b502c70bf
parent f09fe68e76
3 changed files with 82 additions and 25 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,20 @@
+2003-04-30  David Shaw  <dshaw@jabberwocky.com>
+
+	* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
+	particular user ID, use that ID as the one to ask about when
+	prompting whether to use the key anyway.
+	(build_pk_list): Similar change here when adding keys to the
+	recipient list.
+
+	* trustdb.c (update_validity): Fix bug that prevented more than
+	one validity record per trust record.
+	(get_validity): When retrieving validity for a (user) supplied
+	user ID, return the validity for that user ID only, and do not
+	fall back to the general key validity.
+	(validate_one_keyblock): Some commentary on whether
+	non-self-signed user IDs belong in the web of trust (arguably,
+	they do).
+
 2003-04-29  Werner Koch  <wk@gnupg.org>

 	* sig-check.c (check_key_signature2): Made "no subkey for subkey
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -525,17 +525,23 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
 	return 0;

    if( !opt.batch && !rc ) {
-	char *p;
 	u32 keyid[2];
-	size_t n;

 	keyid_from_pk( pk, keyid);
 	tty_printf( "%4u%c/%08lX %s \"",
 		  nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
 		  (ulong)keyid[1], datestr_from_pk( pk ) );
-	p = get_user_id( keyid, &n );
-	tty_print_utf8_string( p, n ),
-	m_free(p);
+	/* If the pk was chosen by a particular user ID, this is the
+	   one to ask about. */
+	if(pk->user_id)
+	  tty_print_utf8_string(pk->user_id->name,pk->user_id->len);
+	else
+	  {
+	    size_t n;
+	    char *p = get_user_id( keyid, &n );
+	    tty_print_utf8_string( p, n );
+	    m_free(p);
+	  }
 	tty_printf("\"\n");
        print_fingerprint (pk, NULL, 2);
 	tty_printf("\n");
@ -889,8 +895,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 		}
 		else {
 		    int trustlevel;
-
-		    trustlevel = get_validity (pk, NULL);
+		    
+		    trustlevel = get_validity (pk, pk->user_id);
 		    if( (trustlevel & TRUST_FLAG_DISABLED) ) {
 			tty_printf(_("Public key is disabled.\n") );
 		    }
@ -903,8 +909,6 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 			}
 			else {
 			    PK_LIST r;
-			    char *p;
-			    size_t n;
 			    u32 keyid[2];

 			    keyid_from_pk( pk, keyid);
@ -913,9 +917,16 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 				       pubkey_letter( pk->pubkey_algo ),
 				       (ulong)keyid[1],
 				       datestr_from_pk( pk ) );
-			    p = get_user_id( keyid, &n );
-			    tty_print_utf8_string( p, n );
-			    m_free(p);
+			    if(pk->user_id)
+			      tty_print_utf8_string(pk->user_id->name,
+						    pk->user_id->len);
+			    else
+			      {
+				size_t n;
+				char *p = get_user_id( keyid, &n );
+				tty_print_utf8_string( p, n );
+				m_free(p);
+			      }
 			    tty_printf("\"\n");

 			    r = m_alloc( sizeof *r );
@ -985,7 +996,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
 	    else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) {
 		int trustlevel;

-		trustlevel = get_validity (pk, NULL);
+		trustlevel = get_validity (pk, pk->user_id);
 		if( (trustlevel & TRUST_FLAG_DISABLED) ) {
 		    free_public_key(pk); pk = NULL;
 		    log_info(_("%s: skipped: public key is disabled\n"),
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -692,13 +692,13 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
      vrec.rectype = RECTYPE_VALID;
      memcpy (vrec.r.valid.namehash, namehash, 20);
      vrec.r.valid.next = trec.r.trust.validlist;
+      trec.r.trust.validlist = vrec.recnum;
    }
  vrec.r.valid.validity = validity;
  vrec.r.valid.full_count = uid->help_full_count;
  vrec.r.valid.marginal_count = uid->help_marginal_count;
  write_record (&vrec);
  trec.r.trust.depth = depth;
-  trec.r.trust.validlist = vrec.recnum;
  write_record (&trec);
 }

@ -739,7 +739,6 @@ clear_validity (PKT_public_key *pk)
  return any;
 }

-
 /***********************************************
 *********  Query trustdb values  **************
 ***********************************************/
@ -804,7 +803,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
      else
 	rmd160_hash_buffer (namehash, uid->name, uid->len );
    }
-  
+
  init_trustdb ();
  if (!did_nextcheck)
    {
@ -861,16 +860,30 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
  while (recno)
    {
      read_record (recno, &vrec, RECTYPE_VALID);
-      if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
-        validity = (vrec.r.valid.validity & TRUST_MASK);
-      if ( uid && !memcmp (vrec.r.valid.namehash, namehash, 20) )
-        break;
+
+      if(uid)
+	{
+	  /* If a user ID is given we return the validity for that
+	     user ID ONLY.  If the namehash is not found, then there
+	     is no validity at all (i.e. the user ID wasn't
+	     signed). */
+	  if(memcmp(vrec.r.valid.namehash,namehash,20)==0)
+	    {
+	      validity=(vrec.r.valid.validity & TRUST_MASK);
+	      break;
+	    }
+	}
+      else
+	{
+	  /* If no namehash is given, we take the maximum validity
+	     over all user IDs */
+	  if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
+	    validity = (vrec.r.valid.validity & TRUST_MASK);
+	}
+
      recno = vrec.r.valid.next;
    }
  
-  if (recno) /* okay, use the user ID associated one */
-    validity = (vrec.r.valid.validity & TRUST_MASK);
-
  if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
    validity |= TRUST_FLAG_DISABLED;

@ -1304,6 +1317,16 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
  keyid_from_pk(pk, main_kid);
  for (node=kb; node; node = node->next)
    {
+      /* A bit of discussion here: is it better for the web of trust
+	 to be built among only self-signed uids?  On the one hand, a
+	 self-signed uid is a statement that the key owner definitely
+	 intended that uid to be there, but on the other hand, a
+	 signed (but not self-signed) uid does carry trust, of a sort,
+	 even if it is a statement being made by people other than the
+	 key owner "through" the uids on the key owner's key.  I'm
+	 going with the latter. -dshaw */
+
+      /* && node->pkt->pkt.user_id->created) */
      if (node->pkt->pkttype == PKT_USER_ID)
        {
          if (uidnode && issigned)
@ -1318,13 +1341,19 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
            }
          uidnode = node;
 	  uid=uidnode->pkt->pkt.user_id;
+#if 0
+	  /* If the selfsig is going to expire...  This is disabled as
+	     we do count un-self-signed uids in the web of trust. */
+	  if(uid->expiredate && uid->expiredate<*next_expire)
+	    *next_expire = uid->expiredate;
+#endif
          issigned = 0;
 	  get_validity_counts(pk,uid);
          mark_usable_uid_certs (kb, uidnode, main_kid, klist, 
                                 curtime, next_expire);
        }
-      else if (node->pkt->pkttype == PKT_SIGNATURE 
-               && (node->flag & (1<<8)) && uid)
+      else if (node->pkt->pkttype == PKT_SIGNATURE
+	       && (node->flag & (1<<8)) && uid)
        {
          PKT_signature *sig = node->pkt->pkt.signature;