mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-31 11:41:32 +01:00
* options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print, pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it is a verify-option now.
This commit is contained in:
parent
81e2591421
commit
4f9efb7a79
@ -1,3 +1,10 @@
|
||||
2006-03-07 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* options.h, gpg.c (main, parse_trust_model), pkclist.c
|
||||
(check_signatures_trust), mainproc.c (check_sig_and_print,
|
||||
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so
|
||||
that it is a verify-option now.
|
||||
|
||||
2006-03-07 Werner Koch <wk@g10code.com>
|
||||
|
||||
* mainproc.c (proc_signature_packets): Return any_sig_seen to caller.
|
||||
|
48
g10/gpg.c
48
g10/gpg.c
@ -243,7 +243,6 @@ enum cmd_and_opt_values
|
||||
oAlwaysTrust,
|
||||
oTrustModel,
|
||||
oForceOwnertrust,
|
||||
oAllowPkaLookup,
|
||||
oRunAsShmCP,
|
||||
oSetFilename,
|
||||
oForYourEyesOnly,
|
||||
@ -601,7 +600,6 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oAlwaysTrust, "always-trust", 0, "@"},
|
||||
{ oTrustModel, "trust-model", 2, "@"},
|
||||
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
|
||||
{ oAllowPkaLookup, "allow-pka-lookup", 0, "@" },
|
||||
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
|
||||
{ oSetFilename, "set-filename", 2, "@" },
|
||||
{ oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
|
||||
@ -1452,7 +1450,6 @@ gpgconf_list (const char *configfile)
|
||||
printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
printf ("allow-pka-lookup:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
}
|
||||
|
||||
|
||||
@ -1608,47 +1605,20 @@ collapse_args(int argc,char *argv[])
|
||||
static void
|
||||
parse_trust_model(const char *model)
|
||||
{
|
||||
opt.pka_trust_increase = 0;
|
||||
if(ascii_strcasecmp(model,"pgp")==0)
|
||||
{
|
||||
opt.trust_model=TM_PGP;
|
||||
}
|
||||
else if(ascii_strcasecmp(model,"pgp+pka")==0)
|
||||
{
|
||||
opt.trust_model=TM_PGP;
|
||||
opt.pka_trust_increase = 1;
|
||||
}
|
||||
opt.trust_model=TM_PGP;
|
||||
else if(ascii_strcasecmp(model,"classic")==0)
|
||||
{
|
||||
opt.trust_model=TM_CLASSIC;
|
||||
}
|
||||
opt.trust_model=TM_CLASSIC;
|
||||
else if(ascii_strcasecmp(model,"always")==0)
|
||||
{
|
||||
opt.trust_model=TM_ALWAYS;
|
||||
}
|
||||
opt.trust_model=TM_ALWAYS;
|
||||
else if(ascii_strcasecmp(model,"direct")==0)
|
||||
{
|
||||
opt.trust_model=TM_DIRECT;
|
||||
}
|
||||
else if(ascii_strcasecmp(model,"direct+pka")==0)
|
||||
{
|
||||
opt.trust_model=TM_DIRECT;
|
||||
opt.pka_trust_increase = 1;
|
||||
}
|
||||
opt.trust_model=TM_DIRECT;
|
||||
else if(ascii_strcasecmp(model,"auto")==0)
|
||||
{
|
||||
opt.trust_model=TM_AUTO;
|
||||
}
|
||||
else if(ascii_strcasecmp(model,"auto+pka")==0)
|
||||
{
|
||||
opt.trust_model=TM_AUTO;
|
||||
opt.pka_trust_increase = 1;
|
||||
}
|
||||
opt.trust_model=TM_AUTO;
|
||||
else
|
||||
log_error("unknown trust model `%s'\n",model);
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
main (int argc, char **argv )
|
||||
{
|
||||
@ -1740,7 +1710,6 @@ main (int argc, char **argv )
|
||||
opt.verify_options=
|
||||
VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
|
||||
opt.trust_model=TM_AUTO;
|
||||
opt.pka_trust_increase=0;
|
||||
opt.mangle_dos_filenames=0;
|
||||
opt.min_cert_level=2;
|
||||
set_screen_dimensions();
|
||||
@ -2153,9 +2122,6 @@ main (int argc, char **argv )
|
||||
opt.force_ownertrust=0;
|
||||
}
|
||||
break;
|
||||
case oAllowPkaLookup:
|
||||
opt.allow_pka_lookup = 1;
|
||||
break;
|
||||
case oLoadExtension:
|
||||
#ifndef __riscos__
|
||||
#if defined(USE_DYNAMIC_LINKING) || defined(_WIN32)
|
||||
@ -2496,6 +2462,10 @@ main (int argc, char **argv )
|
||||
N_("show user ID validity during signature verification")},
|
||||
{"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
|
||||
N_("show revoked and expired user IDs in signature verification")},
|
||||
{"pka-lookup",VERIFY_PKA_LOOKUP,NULL,
|
||||
N_("validate signatures with PKA data")},
|
||||
{"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
|
||||
N_("elevate the trust of signatures with valid PKA data")},
|
||||
{NULL,0,NULL,NULL}
|
||||
};
|
||||
|
||||
|
@ -1390,7 +1390,7 @@ pka_uri_from_sig (PKT_signature *sig)
|
||||
assert (!sig->pka_info);
|
||||
sig->flags.pka_tried = 1;
|
||||
sig->pka_info = get_pka_address (sig);
|
||||
if (sig->pka_info && opt.allow_pka_lookup)
|
||||
if (sig->pka_info)
|
||||
{
|
||||
char *uri;
|
||||
|
||||
@ -1866,7 +1866,8 @@ check_sig_and_print( CTX c, KBNODE node )
|
||||
|
||||
if (!rc)
|
||||
{
|
||||
pka_uri_from_sig (sig); /* Make sure PKA info is available. */
|
||||
if(opt.verify_options&VERIFY_PKA_LOOKUP)
|
||||
pka_uri_from_sig (sig); /* Make sure PKA info is available. */
|
||||
rc = check_signatures_trust( sig );
|
||||
}
|
||||
|
||||
|
@ -103,8 +103,6 @@ struct
|
||||
TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_DIRECT, TM_AUTO
|
||||
} trust_model;
|
||||
int force_ownertrust;
|
||||
int pka_trust_increase; /* Valid PKA information increases the trust. */
|
||||
int allow_pka_lookup; /* PKA lookups are only done if this is set. */
|
||||
enum
|
||||
{
|
||||
CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8
|
||||
@ -316,6 +314,8 @@ struct {
|
||||
#define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
|
||||
#define VERIFY_SHOW_UID_VALIDITY (1<<5)
|
||||
#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
|
||||
#define VERIFY_PKA_LOOKUP (1<<7)
|
||||
#define VERIFY_PKA_TRUST_INCREASE (1<<8)
|
||||
|
||||
#define KEYSERVER_USE_TEMP_FILES (1<<0)
|
||||
#define KEYSERVER_KEEP_TEMP_FILES (1<<1)
|
||||
|
@ -566,7 +566,7 @@ check_signatures_trust( PKT_signature *sig )
|
||||
case TRUST_UNKNOWN:
|
||||
case TRUST_UNDEFINED:
|
||||
case TRUST_MARGINAL:
|
||||
if (okay && opt.pka_trust_increase)
|
||||
if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
|
||||
{
|
||||
trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
|
||||
log_info (_("trustlevel adjusted to FULL"
|
||||
|
@ -450,12 +450,7 @@ init_trustdb()
|
||||
}
|
||||
|
||||
if(opt.verbose)
|
||||
{
|
||||
log_info(_("using %s trust model\n"),trust_model_string());
|
||||
if (opt.pka_trust_increase)
|
||||
log_info(_("PKA verification is allowed to"
|
||||
" leverage trust to full\n"));
|
||||
}
|
||||
log_info(_("using %s trust model\n"),trust_model_string());
|
||||
}
|
||||
|
||||
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
||||
|
Loading…
x
Reference in New Issue
Block a user