security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

* options.h, gpg.c (main, parse_trust_model), pkclist.c 

(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
This commit is contained in:
David Shaw 2006-03-07 20:14:20 +00:00
parent 81e2591421
commit 4f9efb7a79
6 changed files with 23 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
g10/ChangeLog
View File

@ -1,3 +1,10 @@
2006-03-07 David Shaw <dshaw@jabberwocky.com>
* options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so
that it is a verify-option now.
2006-03-07 Werner Koch <wk@g10code.com>
* mainproc.c (proc_signature_packets): Return any_sig_seen to caller.

48
g10/gpg.c
View File

@ -243,7 +243,6 @@ enum cmd_and_opt_values
oAlwaysTrust,
oTrustModel,
oForceOwnertrust,
oAllowPkaLookup,
oRunAsShmCP,
oSetFilename,
oForYourEyesOnly,
@ -601,7 +600,6 @@ static ARGPARSE_OPTS opts[] = {
{ oAlwaysTrust, "always-trust", 0, "@"},
{ oTrustModel, "trust-model", 2, "@"},
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
{ oAllowPkaLookup, "allow-pka-lookup", 0, "@" },
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
{ oSetFilename, "set-filename", 2, "@" },
{ oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
@ -1452,7 +1450,6 @@ gpgconf_list (const char *configfile)
printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
printf ("allow-pka-lookup:%lu:\n", GC_OPT_FLAG_NONE);
}
@ -1608,47 +1605,20 @@ collapse_args(int argc,char *argv[])
static void
parse_trust_model(const char *model)
{
opt.pka_trust_increase = 0;
if(ascii_strcasecmp(model,"pgp")==0)
{
opt.trust_model=TM_PGP;
}
else if(ascii_strcasecmp(model,"pgp+pka")==0)
{
opt.trust_model=TM_PGP;
opt.pka_trust_increase = 1;
}
opt.trust_model=TM_PGP;
else if(ascii_strcasecmp(model,"classic")==0)
{
opt.trust_model=TM_CLASSIC;
}
opt.trust_model=TM_CLASSIC;
else if(ascii_strcasecmp(model,"always")==0)
{
opt.trust_model=TM_ALWAYS;
}
opt.trust_model=TM_ALWAYS;
else if(ascii_strcasecmp(model,"direct")==0)
{
opt.trust_model=TM_DIRECT;
}
else if(ascii_strcasecmp(model,"direct+pka")==0)
{
opt.trust_model=TM_DIRECT;
opt.pka_trust_increase = 1;
}
opt.trust_model=TM_DIRECT;
else if(ascii_strcasecmp(model,"auto")==0)
{
opt.trust_model=TM_AUTO;
}
else if(ascii_strcasecmp(model,"auto+pka")==0)
{
opt.trust_model=TM_AUTO;
opt.pka_trust_increase = 1;
}
opt.trust_model=TM_AUTO;
else
log_error("unknown trust model `%s'\n",model);
}
int
main (int argc, char **argv )
{
@ -1740,7 +1710,6 @@ main (int argc, char **argv )
opt.verify_options=
VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
opt.trust_model=TM_AUTO;
opt.pka_trust_increase=0;
opt.mangle_dos_filenames=0;
opt.min_cert_level=2;
set_screen_dimensions();
@ -2153,9 +2122,6 @@ main (int argc, char **argv )
opt.force_ownertrust=0;
}
break;
case oAllowPkaLookup:
opt.allow_pka_lookup = 1;
break;
case oLoadExtension:
#ifndef __riscos__
#if defined(USE_DYNAMIC_LINKING) || defined(_WIN32)
@ -2496,6 +2462,10 @@ main (int argc, char **argv )
N_("show user ID validity during signature verification")},
{"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
N_("show revoked and expired user IDs in signature verification")},
{"pka-lookup",VERIFY_PKA_LOOKUP,NULL,
N_("validate signatures with PKA data")},
{"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
N_("elevate the trust of signatures with valid PKA data")},
{NULL,0,NULL,NULL}
};

5
g10/mainproc.c
View File

@ -1390,7 +1390,7 @@ pka_uri_from_sig (PKT_signature *sig)
assert (!sig->pka_info);
sig->flags.pka_tried = 1;
sig->pka_info = get_pka_address (sig);
if (sig->pka_info && opt.allow_pka_lookup)
if (sig->pka_info)
{
char *uri;
@ -1866,7 +1866,8 @@ check_sig_and_print( CTX c, KBNODE node )
if (!rc)
{
pka_uri_from_sig (sig); /* Make sure PKA info is available. */
if(opt.verify_options&VERIFY_PKA_LOOKUP)
pka_uri_from_sig (sig); /* Make sure PKA info is available. */
rc = check_signatures_trust( sig );
}

4
g10/options.h
View File

@ -103,8 +103,6 @@ struct
TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_DIRECT, TM_AUTO
} trust_model;
int force_ownertrust;
int pka_trust_increase; /* Valid PKA information increases the trust. */
int allow_pka_lookup; /* PKA lookups are only done if this is set. */
enum
{
CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8
@ -316,6 +314,8 @@ struct {
#define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
#define VERIFY_SHOW_UID_VALIDITY (1<<5)
#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
#define VERIFY_PKA_LOOKUP (1<<7)
#define VERIFY_PKA_TRUST_INCREASE (1<<8)
#define KEYSERVER_USE_TEMP_FILES (1<<0)
#define KEYSERVER_KEEP_TEMP_FILES (1<<1)

2
g10/pkclist.c
View File

@ -566,7 +566,7 @@ check_signatures_trust( PKT_signature *sig )
case TRUST_UNKNOWN:
case TRUST_UNDEFINED:
case TRUST_MARGINAL:
if (okay && opt.pka_trust_increase)
if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
{
trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
log_info (_("trustlevel adjusted to FULL"

7
g10/trustdb.c
View File

@ -450,12 +450,7 @@ init_trustdb()
}
if(opt.verbose)
{
log_info(_("using %s trust model\n"),trust_model_string());
if (opt.pka_trust_increase)
log_info(_("PKA verification is allowed to"
" leverage trust to full\n"));
}
log_info(_("using %s trust model\n"),trust_model_string());
}
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)