1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00

gpg: Allow building without any trust model support.

* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above.  Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.

* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.

* tests/openpgp/defs.inc (opt_always): New.  Use in all tests instead
of --always-trust.
This commit is contained in:
Werner Koch 2014-02-10 17:05:54 +01:00
parent ea7f895319
commit 62fb86c658
23 changed files with 960 additions and 650 deletions

View File

@ -87,6 +87,7 @@ have_adns=no
use_zip=yes use_zip=yes
use_bzip2=yes use_bzip2=yes
use_exec=yes use_exec=yes
use_trust_models=yes
disable_keyserver_path=no disable_keyserver_path=no
card_support=yes card_support=yes
use_ccid_driver=yes use_ccid_driver=yes
@ -215,6 +216,18 @@ AC_ARG_ENABLE(selinux-support,
AC_MSG_RESULT($selinux_support) AC_MSG_RESULT($selinux_support)
AC_MSG_CHECKING([whether to enable trust models])
AC_ARG_ENABLE(trust-models,
AC_HELP_STRING([--disable-trust-models],
[disable all trust models except "always"]),
use_trust_models=$enableval)
AC_MSG_RESULT($use_trust_models)
if test "$use_trust_models" = no ; then
AC_DEFINE(NO_TRUST_MODELS, 1,
[Define to include only trust-model always])
fi
# #
# Options to disable algorithm # Options to disable algorithm
# #
@ -1615,6 +1628,7 @@ AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes") AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes")
AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes) AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no)
AM_CONDITIONAL(RUN_GPG_TESTS, AM_CONDITIONAL(RUN_GPG_TESTS,
test x$cross_compiling = xno -a "$build_gpg" = yes ) test x$cross_compiling = xno -a "$build_gpg" = yes )

View File

@ -48,6 +48,13 @@ else
card_source = card_source =
endif endif
if NO_TRUST_MODELS
trust_source =
else
trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h
endif
if HAVE_W32_SYSTEM if HAVE_W32_SYSTEM
resource_objs += gpg-w32info.o resource_objs += gpg-w32info.o
endif endif
@ -103,11 +110,6 @@ gpg2_SOURCES = gpg.c \
dearmor.c \ dearmor.c \
import.c \ import.c \
export.c \ export.c \
trustdb.c \
trustdb.h \
tdbdump.c \
tdbio.c \
tdbio.h \
delkey.c \ delkey.c \
keygen.c \ keygen.c \
helptext.c \ helptext.c \
@ -116,6 +118,7 @@ gpg2_SOURCES = gpg.c \
call-dirmngr.c call-dirmngr.h \ call-dirmngr.c call-dirmngr.h \
photoid.c photoid.h \ photoid.c photoid.h \
call-agent.c call-agent.h \ call-agent.c call-agent.h \
trust.c $(trust_source) \
$(card_source) \ $(card_source) \
exec.c exec.h exec.c exec.h

View File

@ -431,12 +431,16 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ), ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ), ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
ARGPARSE_c (aListPackets, "list-packets","@"), ARGPARSE_c (aListPackets, "list-packets","@"),
#ifndef NO_TRUST_MODELS
ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"), ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"), ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
ARGPARSE_c (aUpdateTrustDB,"update-trustdb", ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
N_("update the trust database")), N_("update the trust database")),
ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"), ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"), ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
#endif
ARGPARSE_c (aDeArmor, "dearmor", "@"), ARGPARSE_c (aDeArmor, "dearmor", "@"),
ARGPARSE_c (aDeArmor, "dearmour", "@"), ARGPARSE_c (aDeArmor, "dearmour", "@"),
ARGPARSE_c (aEnArmor, "enarmor", "@"), ARGPARSE_c (aEnArmor, "enarmor", "@"),
@ -603,7 +607,10 @@ static ARGPARSE_OPTS opts[] = {
/* More hidden commands and options. */ /* More hidden commands and options. */
ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */ ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
#ifndef NO_TRUST_MODELS
ARGPARSE_c (aListTrustDB, "list-trustdb", "@"), ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
#endif
/* Not yet used: /* Not yet used:
ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */ ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
ARGPARSE_c (aDeleteSecretAndPublicKeys, ARGPARSE_c (aDeleteSecretAndPublicKeys,
@ -619,7 +626,14 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oCommandFile, "command-file", "@"), ARGPARSE_s_s (oCommandFile, "command-file", "@"),
ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"), ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"), ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
#ifndef NO_TRUST_MODELS
ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"), ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
#endif
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"), ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"), ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"), ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
@ -647,7 +661,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */ ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"), ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
ARGPARSE_s_s (oTrustModel, "trust-model", "@"), ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
ARGPARSE_s_s (oSetFilename, "set-filename", "@"), ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"), ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"), ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
@ -704,8 +717,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"), ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"), ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"), ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"),
ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ), ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"), ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"), ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
@ -1844,6 +1855,8 @@ collapse_args(int argc,char *argv[])
return str; return str;
} }
#ifndef NO_TRUST_MODELS
static void static void
parse_trust_model(const char *model) parse_trust_model(const char *model)
{ {
@ -1860,6 +1873,7 @@ parse_trust_model(const char *model)
else else
log_error("unknown trust model '%s'\n",model); log_error("unknown trust model '%s'\n",model);
} }
#endif /*NO_TRUST_MODELS*/
/* This fucntion called to initialized a new control object. It is /* This fucntion called to initialized a new control object. It is
@ -1967,7 +1981,9 @@ main (int argc, char **argv)
int use_random_seed = 1; int use_random_seed = 1;
enum cmd_and_opt_values cmd = 0; enum cmd_and_opt_values cmd = 0;
const char *debug_level = NULL; const char *debug_level = NULL;
#ifndef NO_TRUST_MODELS
const char *trustdb_name = NULL; const char *trustdb_name = NULL;
#endif /*!NO_TRUST_MODELS*/
char *def_cipher_string = NULL; char *def_cipher_string = NULL;
char *def_digest_string = NULL; char *def_digest_string = NULL;
char *compress_algo_string = NULL; char *compress_algo_string = NULL;
@ -2056,7 +2072,11 @@ main (int argc, char **argv)
opt.verify_options = (VERIFY_SHOW_POLICY_URLS opt.verify_options = (VERIFY_SHOW_POLICY_URLS
| VERIFY_SHOW_STD_NOTATIONS | VERIFY_SHOW_STD_NOTATIONS
| VERIFY_SHOW_KEYSERVER_URLS); | VERIFY_SHOW_KEYSERVER_URLS);
#ifdef NO_TRUST_MODELS
opt.trust_model = TM_ALWAYS;
#else
opt.trust_model = TM_AUTO; opt.trust_model = TM_AUTO;
#endif
opt.mangle_dos_filenames = 0; opt.mangle_dos_filenames = 0;
opt.min_cert_level = 2; opt.min_cert_level = 2;
set_screen_dimensions (); set_screen_dimensions ();
@ -2376,7 +2396,11 @@ main (int argc, char **argv)
case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break; case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break; case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break; case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
#ifndef NO_TRUST_MODELS
case oTrustDBName: trustdb_name = pargs.r.ret_str; break; case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
#endif /*!NO_TRUST_MODELS*/
case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break; case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
case oDefRecipient: case oDefRecipient:
if( *pargs.r.ret_str ) if( *pargs.r.ret_str )
@ -2407,6 +2431,8 @@ main (int argc, char **argv)
case oCompressKeys: opt.compress_keys = 1; break; case oCompressKeys: opt.compress_keys = 1; break;
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break; case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
#ifndef NO_TRUST_MODELS
/* There are many programs (like mutt) that call gpg with /* There are many programs (like mutt) that call gpg with
--always-trust so keep this option around for a long --always-trust so keep this option around for a long
time. */ time. */
@ -2414,6 +2440,8 @@ main (int argc, char **argv)
case oTrustModel: case oTrustModel:
parse_trust_model(pargs.r.ret_str); parse_trust_model(pargs.r.ret_str);
break; break;
#endif /*!NO_TRUST_MODELS*/
case oForceOwnertrust: case oForceOwnertrust:
log_info(_("NOTE: %s is not for normal use!\n"), log_info(_("NOTE: %s is not for normal use!\n"),
"--force-ownertrust"); "--force-ownertrust");
@ -3494,6 +3522,7 @@ main (int argc, char **argv)
ctrl = xcalloc (1, sizeof *ctrl); ctrl = xcalloc (1, sizeof *ctrl);
gpg_init_default_ctrl (ctrl); gpg_init_default_ctrl (ctrl);
#ifndef NO_TRUST_MODELS
switch (cmd) switch (cmd)
{ {
case aPrimegen: case aPrimegen:
@ -3522,7 +3551,7 @@ main (int argc, char **argv)
} }
if (rc) if (rc)
log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc)); log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
#endif /*!NO_TRUST_MODELS*/
switch (cmd) switch (cmd)
{ {
@ -4023,6 +4052,7 @@ main (int argc, char **argv)
} }
break; break;
#ifndef NO_TRUST_MODELS
case aListTrustDB: case aListTrustDB:
if( !argc ) if( !argc )
list_trustdb(NULL); list_trustdb(NULL);
@ -4068,6 +4098,7 @@ main (int argc, char **argv)
wrong_args("--import-ownertrust [file]"); wrong_args("--import-ownertrust [file]");
import_ownertrust( argc? *argv:NULL ); import_ownertrust( argc? *argv:NULL );
break; break;
#endif /*!NO_TRUST_MODELS*/
case aRebuildKeydbCaches: case aRebuildKeydbCaches:
if (argc) if (argc)

View File

@ -222,7 +222,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames,
interactive or by not setting no-auto-check-trustdb */ interactive or by not setting no-auto-check-trustdb */
if(!(options&IMPORT_FAST)) if(!(options&IMPORT_FAST))
trustdb_check_or_update(); check_or_update_trustdb ();
return rc; return rc;
} }

View File

@ -81,7 +81,9 @@ static int menu_revsig (KBNODE keyblock);
static int menu_revuid (KBNODE keyblock); static int menu_revuid (KBNODE keyblock);
static int menu_revkey (KBNODE pub_keyblock); static int menu_revkey (KBNODE pub_keyblock);
static int menu_revsubkey (KBNODE pub_keyblock); static int menu_revsubkey (KBNODE pub_keyblock);
#ifndef NO_TRUST_MODELS
static int enable_disable_key (KBNODE keyblock, int disable); static int enable_disable_key (KBNODE keyblock, int disable);
#endif /*!NO_TRUST_MODELS*/
static void menu_showphoto (KBNODE keyblock); static void menu_showphoto (KBNODE keyblock);
static int update_trust = 0; static int update_trust = 0;
@ -1305,7 +1307,11 @@ enum cmdids
cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG, cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdEXPIRE, cmdBACKSIGN,
#ifndef NO_TRUST_MODELS
cmdENABLEKEY, cmdDISABLEKEY,
#endif /*!NO_TRUST_MODELS*/
cmdSHOWPREF,
cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCHECKBKUPKEY, cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCHECKBKUPKEY,
cmdCLEAN, cmdMINIMIZE, cmdNOP cmdCLEAN, cmdMINIMIZE, cmdNOP
@ -1384,7 +1390,9 @@ static struct
{ "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, { "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
N_("change the passphrase")}, N_("change the passphrase")},
{ "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, { "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
#ifndef NO_TRUST_MODELS
{ "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")}, { "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")},
#endif /*!NO_TRUST_MODELS*/
{ "revsig", cmdREVSIG, KEYEDIT_NOT_SK, { "revsig", cmdREVSIG, KEYEDIT_NOT_SK,
N_("revoke signatures on the selected user IDs")}, N_("revoke signatures on the selected user IDs")},
{ "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, { "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
@ -1392,8 +1400,10 @@ static struct
{ "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, { "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
{ "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, { "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
N_("revoke key or selected subkeys")}, N_("revoke key or selected subkeys")},
#ifndef NO_TRUST_MODELS
{ "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")}, { "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")},
{ "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")}, { "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")},
#endif /*!NO_TRUST_MODELS*/
{ "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")}, { "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")},
{ "clean", cmdCLEAN, KEYEDIT_NOT_SK, { "clean", cmdCLEAN, KEYEDIT_NOT_SK,
N_("compact unusable user IDs and remove unusable signatures from key")}, N_("compact unusable user IDs and remove unusable signatures from key")},
@ -2059,6 +2069,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
change_passphrase (ctrl, keyblock); change_passphrase (ctrl, keyblock);
break; break;
#ifndef NO_TRUST_MODELS
case cmdTRUST: case cmdTRUST:
if (opt.trust_model == TM_EXTERNAL) if (opt.trust_model == TM_EXTERNAL)
{ {
@ -2080,6 +2091,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
update_trust = 1; update_trust = 1;
} }
break; break;
#endif /*!NO_TRUST_MODELS*/
case cmdPREF: case cmdPREF:
{ {
@ -2158,6 +2170,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
} }
break; break;
#ifndef NO_TRUST_MODELS
case cmdENABLEKEY: case cmdENABLEKEY:
case cmdDISABLEKEY: case cmdDISABLEKEY:
if (enable_disable_key (keyblock, cmd == cmdDISABLEKEY)) if (enable_disable_key (keyblock, cmd == cmdDISABLEKEY))
@ -2166,6 +2179,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
modified = 1; modified = 1;
} }
break; break;
#endif /*!NO_TRUST_MODELS*/
case cmdSHOWPHOTO: case cmdSHOWPHOTO:
menu_showphoto (keyblock); menu_showphoto (keyblock);
@ -4837,12 +4851,14 @@ menu_revuid (KBNODE pub_keyblock)
pkt->pkt.signature = sig; pkt->pkt.signature = sig;
insert_kbnode (node, new_kbnode (pkt), 0); insert_kbnode (node, new_kbnode (pkt), 0);
#ifndef NO_TRUST_MODELS
/* If the trustdb has an entry for this key+uid then the /* If the trustdb has an entry for this key+uid then the
trustdb needs an update. */ trustdb needs an update. */
if (!update_trust if (!update_trust
&& (get_validity (pk, uid) & TRUST_MASK) >= && (get_validity (pk, uid) & TRUST_MASK) >=
TRUST_UNDEFINED) TRUST_UNDEFINED)
update_trust = 1; update_trust = 1;
#endif /*!NO_TRUST_MODELS*/
changed = 1; changed = 1;
node->pkt->pkt.user_id->is_revoked = 1; node->pkt->pkt.user_id->is_revoked = 1;
@ -4978,6 +4994,7 @@ menu_revsubkey (KBNODE pub_keyblock)
enabling or disabling a key. This is arguably sub-optimal as enabling or disabling a key. This is arguably sub-optimal as
disabled keys are still counted in the web of trust, but perhaps disabled keys are still counted in the web of trust, but perhaps
not worth adding extra complexity to change. -ds */ not worth adding extra complexity to change. -ds */
#ifndef NO_TRUST_MODELS
static int static int
enable_disable_key (KBNODE keyblock, int disable) enable_disable_key (KBNODE keyblock, int disable)
{ {
@ -4994,6 +5011,7 @@ enable_disable_key (KBNODE keyblock, int disable)
update_ownertrust (pk, newtrust); update_ownertrust (pk, newtrust);
return 0; return 0;
} }
#endif /*!NO_TRUST_MODELS*/
static void static void

View File

@ -64,6 +64,7 @@ static estream_t attrib_fp;
void void
public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode) public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
{ {
#ifndef NO_TRUST_MODELS
if (opt.with_colons) if (opt.with_colons)
{ {
byte trust_model, marginals, completes, cert_depth, min_cert_level; byte trust_model, marginals, completes, cert_depth, min_cert_level;
@ -98,9 +99,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
if (trust_model == TM_PGP || trust_model == TM_CLASSIC) if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth); es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
es_fprintf (es_stdout, "\n"); es_fprintf (es_stdout, "\n");
} }
#endif /*!NO_TRUST_MODELS*/
/* We need to do the stale check right here because it might need to /* We need to do the stale check right here because it might need to
update the keyring while we already have the keyring open. This update the keyring while we already have the keyring open. This

View File

@ -1344,7 +1344,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
/* If the original options didn't have fast import, and the trustdb /* If the original options didn't have fast import, and the trustdb
is dirty, rebuild. */ is dirty, rebuild. */
if(!(opt.keyserver_options.import_options&IMPORT_FAST)) if(!(opt.keyserver_options.import_options&IMPORT_FAST))
trustdb_check_or_update(); check_or_update_trustdb ();
return rc; return rc;
} }
@ -1688,7 +1688,7 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
/* If the original options didn't have fast import, and the trustdb /* If the original options didn't have fast import, and the trustdb
is dirty, rebuild. */ is dirty, rebuild. */
if (!(opt.keyserver_options.import_options&IMPORT_FAST)) if (!(opt.keyserver_options.import_options&IMPORT_FAST))
trustdb_check_or_update (); check_or_update_trustdb ();
return 0; return 0;
} }

View File

@ -176,6 +176,7 @@ show_revocation_reason( PKT_public_key *pk, int mode )
* 0 = nothing changed * 0 = nothing changed
* 1 = new ownertrust now in new_trust * 1 = new ownertrust now in new_trust
*/ */
#ifndef NO_TRUST_MODELS
static int static int
do_edit_ownertrust (PKT_public_key *pk, int mode, do_edit_ownertrust (PKT_public_key *pk, int mode,
unsigned *new_trust, int defer_help ) unsigned *new_trust, int defer_help )
@ -187,7 +188,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
int show=0; int show=0;
int min_num; int min_num;
int did_help=defer_help; int did_help=defer_help;
unsigned int minimum=get_min_ownertrust(pk); unsigned int minimum = tdb_get_min_ownertrust (pk);
char pkstrbuf[PUBKEY_STRING_SIZE]; char pkstrbuf[PUBKEY_STRING_SIZE];
switch(minimum) switch(minimum)
@ -365,12 +366,15 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
xfree(p); xfree(p);
return show? -2: quit? -1 : changed; return show? -2: quit? -1 : changed;
} }
#endif /*!NO_TRUST_MODELS*/
/* /*
* Display a menu to change the ownertrust of the key PK (which should * Display a menu to change the ownertrust of the key PK (which should
* be a primary key). * be a primary key).
* For mode values see do_edit_ownertrust () * For mode values see do_edit_ownertrust ()
*/ */
#ifndef NO_TRUST_MODELS
int int
edit_ownertrust (PKT_public_key *pk, int mode ) edit_ownertrust (PKT_public_key *pk, int mode )
{ {
@ -396,6 +400,7 @@ edit_ownertrust (PKT_public_key *pk, int mode )
} }
} }
} }
#endif /*!NO_TRUST_MODELS*/
/**************** /****************

740
g10/trust.c Normal file
View File

@ -0,0 +1,740 @@
/* trust.c - High level trust functions
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008, 2012 Free Software Foundation, Inc.
* Copyright (C) 2014 Werner Koch
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "gpg.h"
#include "keydb.h"
#include "util.h"
#include "options.h"
#include "packet.h"
#include "main.h"
#include "i18n.h"
#include "trustdb.h"
/* Return true if key is disabled. Note that this is usually used via
the pk_is_disabled macro. */
int
cache_disabled_value (PKT_public_key *pk)
{
#ifdef NO_TRUST_MODELS
(void)pk;
return 0;
#else
return tdb_cache_disabled_value (pk);
#endif
}
void
register_trusted_keyid (u32 *keyid)
{
#ifdef NO_TRUST_MODELS
(void)keyid;
#else
register_trusted_keyid (keyid);
#endif
}
void
register_trusted_key (const char *string)
{
#ifdef NO_TRUST_MODELS
(void)string;
#else
register_trusted_key (string);
#endif
}
/*
* This function returns a letter for a trust value. Trust flags
* are ignored.
*/
static int
trust_letter (unsigned int value)
{
switch( (value & TRUST_MASK) )
{
case TRUST_UNKNOWN: return '-';
case TRUST_EXPIRED: return 'e';
case TRUST_UNDEFINED: return 'q';
case TRUST_NEVER: return 'n';
case TRUST_MARGINAL: return 'm';
case TRUST_FULLY: return 'f';
case TRUST_ULTIMATE: return 'u';
default: return '?';
}
}
/* The strings here are similar to those in
pkclist.c:do_edit_ownertrust() */
const char *
trust_value_to_string (unsigned int value)
{
switch ((value & TRUST_MASK))
{
case TRUST_UNKNOWN: return _("unknown");
case TRUST_EXPIRED: return _("expired");
case TRUST_UNDEFINED: return _("undefined");
case TRUST_NEVER: return _("never");
case TRUST_MARGINAL: return _("marginal");
case TRUST_FULLY: return _("full");
case TRUST_ULTIMATE: return _("ultimate");
default: return "err";
}
}
int
string_to_trust_value (const char *str)
{
if (!ascii_strcasecmp (str, "undefined"))
return TRUST_UNDEFINED;
else if (!ascii_strcasecmp (str, "never"))
return TRUST_NEVER;
else if (!ascii_strcasecmp (str, "marginal"))
return TRUST_MARGINAL;
else if (!ascii_strcasecmp (str, "full"))
return TRUST_FULLY;
else if (!ascii_strcasecmp(str, "ultimate"))
return TRUST_ULTIMATE;
else
return -1;
}
const char *
uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
{
if (!key && !uid)
{
/* TRANSLATORS: these strings are similar to those in
trust_value_to_string(), but are a fixed length. This is needed to
make attractive information listings where columns line up
properly. The value "10" should be the length of the strings you
choose to translate to. This is the length in printable columns.
It gets passed to atoi() so everything after the number is
essentially a comment and need not be translated. Either key and
uid are both NULL, or neither are NULL. */
return _("10 translator see trust.c:uid_trust_string_fixed");
}
else if(uid->is_revoked || (key && key->flags.revoked))
return _("[ revoked]");
else if(uid->is_expired)
return _("[ expired]");
else if(key)
{
switch (get_validity(key,uid)&TRUST_MASK)
{
case TRUST_UNKNOWN: return _("[ unknown]");
case TRUST_EXPIRED: return _("[ expired]");
case TRUST_UNDEFINED: return _("[ undef ]");
case TRUST_MARGINAL: return _("[marginal]");
case TRUST_FULLY: return _("[ full ]");
case TRUST_ULTIMATE: return _("[ultimate]");
}
}
return "err";
}
/*
* Return the assigned ownertrust value for the given public key.
* The key should be the primary key.
*/
unsigned int
get_ownertrust (PKT_public_key *pk)
{
#ifdef NO_TRUST_MODELS
(void)pk;
return TRUST_UNKNOWN;
#else
return tdb_get_ownertrust (pk);
#endif
}
/*
* Same as get_ownertrust but this takes the minimum ownertrust value
* into into account, and will bump up the value as needed.
*/
static int
get_ownertrust_with_min (PKT_public_key *pk)
{
#ifdef NO_TRUST_MODELS
(void)pk;
return TRUST_UNKNOWN;
#else
unsigned int otrust, otrust_min;
otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
otrust_min = tdb_get_min_ownertrust (pk);
if (otrust < otrust_min)
{
/* If the trust that the user has set is less than the trust
that was calculated from a trust signature chain, use the
higher of the two. We do this here and not in
get_ownertrust since the underlying ownertrust should not
really be set - just the appearance of the ownertrust. */
otrust = otrust_min;
}
return otrust;
#endif
}
/*
* Same as get_ownertrust but return a trust letter instead of an
* value. This takes the minimum ownertrust value into account.
*/
int
get_ownertrust_info (PKT_public_key *pk)
{
return trust_letter (get_ownertrust_with_min (pk));
}
/*
* Same as get_ownertrust but return a trust string instead of an
* value. This takes the minimum ownertrust value into account.
*/
const char *
get_ownertrust_string (PKT_public_key *pk)
{
return trust_value_to_string (get_ownertrust_with_min (pk));
}
/*
* Set the trust value of the given public key to the new value.
* The key should be a primary one.
*/
void
update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
{
#ifdef NO_TRUST_MODELS
(void)pk;
(void)new_trust;
#else
update_ownertrust (pk, new_trust);
#endif
}
int
clear_ownertrusts (PKT_public_key *pk)
{
#ifdef NO_TRUST_MODELS
(void)pk;
return 0;
#else
return tdb_clear_ownertrusts (pk);
#endif
}
void
revalidation_mark (void)
{
#ifndef NO_TRUST_MODELS
tdb_revalidation_mark ();
#endif
}
void
check_trustdb_stale (void)
{
#ifndef NO_TRUST_MODELS
tdb_check_trustdb_stale ();
#endif
}
void
check_or_update_trustdb (void)
{
#ifndef NO_TRUST_MODELS
tdb_check_or_update ();
#endif
}
/*
* Return the validity information for PK. If the namehash is not
* NULL, the validity of the corresponsing user ID is returned,
* otherwise, a reasonable value for the entire key is returned.
*/
unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid)
{
int rc;
unsigned int validity;
u32 kid[2];
PKT_public_key *main_pk;
if (uid)
namehash_from_uid (uid);
keyid_from_pk (pk, kid);
if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
{
/* This is a subkey - get the mainkey. */
main_pk = xmalloc_clear (sizeof *main_pk);
rc = get_pubkey (main_pk, pk->main_keyid);
if (rc)
{
char *tempkeystr = xstrdup (keystr (pk->main_keyid));
log_error ("error getting main key %s of subkey %s: %s\n",
tempkeystr, keystr (kid), g10_errstr (rc));
xfree (tempkeystr);
validity = TRUST_UNKNOWN;
goto leave;
}
}
else
main_pk = pk;
#ifdef NO_TRUST_MODELS
validity = TRUST_UNKNOWN;
#else
validity = tdb_get_validity_core (pk, uid, main_pk);
#endif
leave:
/* Set some flags direct from the key */
if (main_pk->flags.revoked)
validity |= TRUST_FLAG_REVOKED;
if (main_pk != pk && pk->flags.revoked)
validity |= TRUST_FLAG_SUB_REVOKED;
/* Note: expiration is a trust value and not a flag - don't know why
* I initially designed it that way. */
if (main_pk->has_expired || pk->has_expired)
validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
| TRUST_EXPIRED);
if (main_pk != pk)
free_public_key (main_pk);
return validity;
}
int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
{
int trustlevel;
if (!pk)
return '?'; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (pk, uid);
if ((trustlevel & TRUST_FLAG_REVOKED))
return 'r';
return trust_letter (trustlevel);
}
const char *
get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
{
int trustlevel;
if (!pk)
return "err"; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (pk, uid);
if ((trustlevel & TRUST_FLAG_REVOKED))
return _("revoked");
return trust_value_to_string (trustlevel);
}
/*
* Mark the signature of the given UID which are used to certify it.
* To do this, we first revmove all signatures which are not valid and
* from the remain ones we look for the latest one. If this is not a
* certification revocation signature we mark the signature by setting
* node flag bit 8. Revocations are marked with flag 11, and sigs
* from unavailable keys are marked with flag 12. Note that flag bits
* 9 and 10 are used for internal purposes.
*/
void
mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
u32 *main_kid, struct key_item *klist,
u32 curtime, u32 *next_expire)
{
kbnode_t node;
PKT_signature *sig;
/* First check all signatures. */
for (node=uidnode->next; node; node = node->next)
{
int rc;
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
if (node->pkt->pkttype == PKT_USER_ID
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
break; /* ready */
if (node->pkt->pkttype != PKT_SIGNATURE)
continue;
sig = node->pkt->pkt.signature;
if (main_kid
&& sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
continue; /* ignore self-signatures if we pass in a main_kid */
if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
continue; /* we only look at these signature classes */
if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
sig->sig_class-0x10<opt.min_cert_level)
continue; /* treat anything under our min_cert_level as an
invalid signature */
if (klist && !is_in_klist (klist, sig))
continue; /* no need to check it then */
if ((rc=check_key_signature (keyblock, node, NULL)))
{
/* we ignore anything that won't verify, but tag the
no_pubkey case */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
node->flag |= 1<<12;
continue;
}
node->flag |= 1<<9;
}
/* Reset the remaining flags. */
for (; node; node = node->next)
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
/* kbnode flag usage: bit 9 is here set for signatures to consider,
* bit 10 will be set by the loop to keep track of keyIDs already
* processed, bit 8 will be set for the usable signatures, and bit
* 11 will be set for usable revocations. */
/* For each cert figure out the latest valid one. */
for (node=uidnode->next; node; node = node->next)
{
KBNODE n, signode;
u32 kid[2];
u32 sigdate;
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
break;
if ( !(node->flag & (1<<9)) )
continue; /* not a node to look at */
if ( (node->flag & (1<<10)) )
continue; /* signature with a keyID already processed */
node->flag |= (1<<10); /* mark this node as processed */
sig = node->pkt->pkt.signature;
signode = node;
sigdate = sig->timestamp;
kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
/* Now find the latest and greatest signature */
for (n=uidnode->next; n; n = n->next)
{
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
break;
if ( !(n->flag & (1<<9)) )
continue;
if ( (n->flag & (1<<10)) )
continue; /* shortcut already processed signatures */
sig = n->pkt->pkt.signature;
if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
continue;
n->flag |= (1<<10); /* mark this node as processed */
/* If signode is nonrevocable and unexpired and n isn't,
then take signode (skip). It doesn't matter which is
older: if signode was older then we don't want to take n
as signode is nonrevocable. If n was older then we're
automatically fine. */
if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
!signode->pkt->pkt.signature->flags.revocable &&
(signode->pkt->pkt.signature->expiredate==0 ||
signode->pkt->pkt.signature->expiredate>curtime))) &&
(!(IS_UID_SIG(n->pkt->pkt.signature) &&
!n->pkt->pkt.signature->flags.revocable &&
(n->pkt->pkt.signature->expiredate==0 ||
n->pkt->pkt.signature->expiredate>curtime))))
continue;
/* If n is nonrevocable and unexpired and signode isn't,
then take n. Again, it doesn't matter which is older: if
n was older then we don't want to take signode as n is
nonrevocable. If signode was older then we're
automatically fine. */
if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
!signode->pkt->pkt.signature->flags.revocable &&
(signode->pkt->pkt.signature->expiredate==0 ||
signode->pkt->pkt.signature->expiredate>curtime))) &&
((IS_UID_SIG(n->pkt->pkt.signature) &&
!n->pkt->pkt.signature->flags.revocable &&
(n->pkt->pkt.signature->expiredate==0 ||
n->pkt->pkt.signature->expiredate>curtime))))
{
signode = n;
sigdate = sig->timestamp;
continue;
}
/* At this point, if it's newer, it goes in as the only
remaining possibilities are signode and n are both either
revocable or expired or both nonrevocable and unexpired.
If the timestamps are equal take the later ordered
packet, presuming that the key packets are hopefully in
their original order. */
if (sig->timestamp >= sigdate)
{
signode = n;
sigdate = sig->timestamp;
}
}
sig = signode->pkt->pkt.signature;
if (IS_UID_SIG (sig))
{ /* this seems to be a usable one which is not revoked.
* Just need to check whether there is an expiration time,
* We do the expired certification after finding a suitable
* certification, the assumption is that a signator does not
* want that after the expiration of his certificate the
* system falls back to an older certification which has a
* different expiration time */
const byte *p;
u32 expire;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
expire = p? sig->timestamp + buffer_to_u32(p) : 0;
if (expire==0 || expire > curtime )
{
signode->flag |= (1<<8); /* yeah, found a good cert */
if (next_expire && expire && expire < *next_expire)
*next_expire = expire;
}
}
else
signode->flag |= (1<<11);
}
}
static int
clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
int noisy, int self_only)
{
int deleted = 0;
kbnode_t node;
u32 keyid[2];
assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
/* Passing in a 0 for current time here means that we'll never weed
out an expired sig. This is correct behavior since we want to
keep the most recent expired sig in a series. */
mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
/* What we want to do here is remove signatures that are not
considered as part of the trust calculations. Thus, all invalid
signatures are out, as are any signatures that aren't the last of
a series of uid sigs or revocations It breaks down like this:
coming out of mark_usable_uid_certs, if a sig is unflagged, it is
not even a candidate. If a sig has flag 9 or 10, that means it
was selected as a candidate and vetted. If a sig has flag 8 it
is a usable signature. If a sig has flag 11 it is a usable
revocation. If a sig has flag 12 it was issued by an unavailable
key. "Usable" here means the most recent valid
signature/revocation in a series from a particular signer.
Delete everything that isn't a usable uid sig (which might be
expired), a usable revocation, or a sig from an unavailable
key. */
for (node=uidnode->next;
node && node->pkt->pkttype==PKT_SIGNATURE;
node=node->next)
{
int keep;
keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
&& node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
/* Keep usable uid sigs ... */
if ((node->flag & (1<<8)) && keep)
continue;
/* ... and usable revocations... */
if ((node->flag & (1<<11)) && keep)
continue;
/* ... and sigs from unavailable keys. */
/* disabled for now since more people seem to want sigs from
unavailable keys removed altogether. */
/*
if(node->flag & (1<<12))
continue;
*/
/* Everything else we delete */
/* At this point, if 12 is set, the signing key was unavailable.
If 9 or 10 is set, it's superseded. Otherwise, it's
invalid. */
if (noisy)
log_info ("removing signature from key %s on user ID \"%s\": %s\n",
keystr (node->pkt->pkt.signature->keyid),
uidnode->pkt->pkt.user_id->name,
node->flag&(1<<12)? "key unavailable":
node->flag&(1<<9)? "signature superseded"
/* */ :"invalid signature" );
delete_kbnode (node);
deleted++;
}
return deleted;
}
/* This is substantially easier than clean_sigs_from_uid since we just
have to establish if the uid has a valid self-sig, is not revoked,
and is not expired. Note that this does not take into account
whether the uid has a trust path to it - just whether the keyholder
themselves has certified the uid. Returns true if the uid was
compacted. To "compact" a user ID, we simply remove ALL signatures
except the self-sig that caused the user ID to be remove-worthy.
We don't actually remove the user ID packet itself since it might
be ressurected in a later merge. Note that this function requires
that the caller has already done a merge_keys_and_selfsig().
TODO: change the import code to allow importing a uid with only a
revocation if the uid already exists on the keyring. */
static int
clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
{
kbnode_t node;
PKT_user_id *uid = uidnode->pkt->pkt.user_id;
int deleted = 0;
assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
assert (uidnode->pkt->pkttype==PKT_USER_ID);
/* Skip valid user IDs, compacted user IDs, and non-self-signed user
IDs if --allow-non-selfsigned-uid is set. */
if (uid->created
|| uid->flags.compacted
|| (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
return 0;
for (node=uidnode->next;
node && node->pkt->pkttype == PKT_SIGNATURE;
node=node->next)
{
if (!node->pkt->pkt.signature->flags.chosen_selfsig)
{
delete_kbnode (node);
deleted = 1;
uidnode->pkt->pkt.user_id->flags.compacted = 1;
}
}
if (noisy)
{
const char *reason;
char *user = utf8_to_native (uid->name, uid->len, 0);
if (uid->is_revoked)
reason = _("revoked");
else if (uid->is_expired)
reason = _("expired");
else
reason = _("invalid");
log_info ("compacting user ID \"%s\" on key %s: %s\n",
user, keystr_from_pk (keyblock->pkt->pkt.public_key),
reason);
xfree (user);
}
return deleted;
}
/* Needs to be called after a merge_keys_and_selfsig() */
void
clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
int *uids_cleaned, int *sigs_cleaned)
{
int dummy;
assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
assert (uidnode->pkt->pkttype==PKT_USER_ID);
if (!uids_cleaned)
uids_cleaned = &dummy;
if (!sigs_cleaned)
sigs_cleaned = &dummy;
/* Do clean_uid_from_key first since if it fires off, we don't have
to bother with the other. */
*uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
if (!uidnode->pkt->pkt.user_id->flags.compacted)
*sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
}
void
clean_key (kbnode_t keyblock, int noisy, int self_only,
int *uids_cleaned, int *sigs_cleaned)
{
kbnode_t uidnode;
merge_keys_and_selfsig (keyblock);
for (uidnode = keyblock->next;
uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
uidnode = uidnode->next)
{
if (uidnode->pkt->pkttype == PKT_USER_ID)
clean_one_uid (keyblock, uidnode,noisy, self_only,
uids_cleaned, sigs_cleaned);
}
}

View File

@ -42,20 +42,6 @@
#include "trustdb.h" #include "trustdb.h"
/*
* A structure to store key identification as well as some stuff needed
* for validation
*/
struct key_item {
struct key_item *next;
unsigned int ownertrust,min_ownertrust;
byte trust_depth;
byte trust_value;
char *trust_regexp;
u32 kid[2];
};
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */ typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
/* /*
@ -200,7 +186,7 @@ release_key_array ( struct key_array *keys )
* FIXME: Should be replaced by a function to add those keys to the trustdb. * FIXME: Should be replaced by a function to add those keys to the trustdb.
*/ */
void void
register_trusted_keyid(u32 *keyid) tdb_register_trusted_keyid (u32 *keyid)
{ {
struct key_item *k; struct key_item *k;
@ -212,7 +198,7 @@ register_trusted_keyid(u32 *keyid)
} }
void void
register_trusted_key( const char *string ) tdb_register_trusted_key( const char *string )
{ {
gpg_error_t err; gpg_error_t err;
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
@ -308,9 +294,9 @@ verify_own_keys(void)
keystr(k->kid)); keystr(k->kid));
else else
{ {
update_ownertrust (&pk, tdb_update_ownertrust (&pk,
((get_ownertrust (&pk) & ~TRUST_MASK) ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
| TRUST_ULTIMATE )); | TRUST_ULTIMATE ));
release_public_key_parts (&pk); release_public_key_parts (&pk);
} }
@ -483,96 +469,6 @@ init_trustdb()
} }
/***********************************************
************* Print helpers ****************
***********************************************/
/****************
* This function returns a letter for a trustvalue Trust flags
* are ignore.
*/
static int
trust_letter (unsigned int value)
{
switch( (value & TRUST_MASK) )
{
case TRUST_UNKNOWN: return '-';
case TRUST_EXPIRED: return 'e';
case TRUST_UNDEFINED: return 'q';
case TRUST_NEVER: return 'n';
case TRUST_MARGINAL: return 'm';
case TRUST_FULLY: return 'f';
case TRUST_ULTIMATE: return 'u';
default: return '?';
}
}
const char *
uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
{
if(!key && !uid)
/* TRANSLATORS: these strings are similar to those in
trust_value_to_string(), but are a fixed length. This is needed to
make attractive information listings where columns line up
properly. The value "10" should be the length of the strings you
choose to translate to. This is the length in printable columns.
It gets passed to atoi() so everything after the number is
essentially a comment and need not be translated. Either key and
uid are both NULL, or neither are NULL. */
return _("10 translator see trustdb.c:uid_trust_string_fixed");
else if(uid->is_revoked || (key && key->flags.revoked))
return _("[ revoked]");
else if(uid->is_expired)
return _("[ expired]");
else if(key)
switch(get_validity(key,uid)&TRUST_MASK)
{
case TRUST_UNKNOWN: return _("[ unknown]");
case TRUST_EXPIRED: return _("[ expired]");
case TRUST_UNDEFINED: return _("[ undef ]");
case TRUST_MARGINAL: return _("[marginal]");
case TRUST_FULLY: return _("[ full ]");
case TRUST_ULTIMATE: return _("[ultimate]");
}
return "err";
}
/* The strings here are similar to those in
pkclist.c:do_edit_ownertrust() */
const char *
trust_value_to_string (unsigned int value)
{
switch( (value & TRUST_MASK) )
{
case TRUST_UNKNOWN: return _("unknown");
case TRUST_EXPIRED: return _("expired");
case TRUST_UNDEFINED: return _("undefined");
case TRUST_NEVER: return _("never");
case TRUST_MARGINAL: return _("marginal");
case TRUST_FULLY: return _("full");
case TRUST_ULTIMATE: return _("ultimate");
default: return "err";
}
}
int
string_to_trust_value (const char *str)
{
if(ascii_strcasecmp(str,"undefined")==0)
return TRUST_UNDEFINED;
else if(ascii_strcasecmp(str,"never")==0)
return TRUST_NEVER;
else if(ascii_strcasecmp(str,"marginal")==0)
return TRUST_MARGINAL;
else if(ascii_strcasecmp(str,"full")==0)
return TRUST_FULLY;
else if(ascii_strcasecmp(str,"ultimate")==0)
return TRUST_ULTIMATE;
else
return -1;
}
/**************** /****************
* Recreate the WoT but do not ask for new ownertrusts. Special * Recreate the WoT but do not ask for new ownertrusts. Special
* feature: In batch mode and without a forced yes, this is only done * feature: In batch mode and without a forced yes, this is only done
@ -626,7 +522,7 @@ update_trustdb()
} }
void void
revalidation_mark (void) tdb_revalidation_mark (void)
{ {
init_trustdb(); init_trustdb();
/* we simply set the time for the next check to 1 (far back in 1970) /* we simply set the time for the next check to 1 (far back in 1970)
@ -645,7 +541,7 @@ trustdb_pending_check(void)
/* If the trustdb is dirty, and we're interactive, update it. /* If the trustdb is dirty, and we're interactive, update it.
Otherwise, check it unless no-auto-check-trustdb is set. */ Otherwise, check it unless no-auto-check-trustdb is set. */
void void
trustdb_check_or_update(void) tdb_check_or_update (void)
{ {
if(trustdb_pending_check()) if(trustdb_pending_check())
{ {
@ -718,7 +614,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
* The key should be the primary key. * The key should be the primary key.
*/ */
unsigned int unsigned int
get_ownertrust ( PKT_public_key *pk) tdb_get_ownertrust ( PKT_public_key *pk)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
@ -735,8 +631,9 @@ get_ownertrust ( PKT_public_key *pk)
return rec.r.trust.ownertrust; return rec.r.trust.ownertrust;
} }
unsigned int unsigned int
get_min_ownertrust (PKT_public_key *pk) tdb_get_min_ownertrust (PKT_public_key *pk)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
@ -753,57 +650,13 @@ get_min_ownertrust (PKT_public_key *pk)
return rec.r.trust.min_ownertrust; return rec.r.trust.min_ownertrust;
} }
/*
* Same as get_ownertrust but this takes the minimum ownertrust value
* into into account, and will bump up the value as needed.
*/
static int
get_ownertrust_with_min (PKT_public_key *pk)
{
unsigned int otrust,otrust_min;
otrust = (get_ownertrust (pk) & TRUST_MASK);
otrust_min = get_min_ownertrust (pk);
if(otrust<otrust_min)
{
/* If the trust that the user has set is less than the trust
that was calculated from a trust signature chain, use the
higher of the two. We do this here and not in
get_ownertrust since the underlying ownertrust should not
really be set - just the appearance of the ownertrust. */
otrust=otrust_min;
}
return otrust;
}
/*
* Same as get_ownertrust but return a trust letter instead of an
* value. This takes the minimum ownertrust value into account.
*/
int
get_ownertrust_info (PKT_public_key *pk)
{
return trust_letter(get_ownertrust_with_min(pk));
}
/*
* Same as get_ownertrust but return a trust string instead of an
* value. This takes the minimum ownertrust value into account.
*/
const char *
get_ownertrust_string (PKT_public_key *pk)
{
return trust_value_to_string(get_ownertrust_with_min(pk));
}
/* /*
* Set the trust value of the given public key to the new value. * Set the trust value of the given public key to the new value.
* The key should be a primary one. * The key should be a primary one.
*/ */
void void
update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
@ -818,7 +671,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
{ {
rec.r.trust.ownertrust = new_trust; rec.r.trust.ownertrust = new_trust;
write_record( &rec ); write_record( &rec );
revalidation_mark (); tdb_revalidation_mark ();
do_sync (); do_sync ();
} }
} }
@ -835,7 +688,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy); fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.ownertrust = new_trust; rec.r.trust.ownertrust = new_trust;
write_record (&rec); write_record (&rec);
revalidation_mark (); tdb_revalidation_mark ();
do_sync (); do_sync ();
rc = 0; rc = 0;
} }
@ -872,7 +725,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
{ {
rec.r.trust.min_ownertrust = new_trust; rec.r.trust.min_ownertrust = new_trust;
write_record( &rec ); write_record( &rec );
revalidation_mark (); tdb_revalidation_mark ();
do_sync (); do_sync ();
} }
} }
@ -889,7 +742,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy); fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.min_ownertrust = new_trust; rec.r.trust.min_ownertrust = new_trust;
write_record (&rec); write_record (&rec);
revalidation_mark (); tdb_revalidation_mark ();
do_sync (); do_sync ();
rc = 0; rc = 0;
} }
@ -899,10 +752,11 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
} }
} }
/* Clear the ownertrust and min_ownertrust values. Return true if a /* Clear the ownertrust and min_ownertrust values. Return true if a
change actually happened. */ change actually happened. */
int int
clear_ownertrusts (PKT_public_key *pk) tdb_clear_ownertrusts (PKT_public_key *pk)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
@ -922,7 +776,7 @@ clear_ownertrusts (PKT_public_key *pk)
rec.r.trust.ownertrust = 0; rec.r.trust.ownertrust = 0;
rec.r.trust.min_ownertrust = 0; rec.r.trust.min_ownertrust = 0;
write_record( &rec ); write_record( &rec );
revalidation_mark (); tdb_revalidation_mark ();
do_sync (); do_sync ();
return 1; return 1;
} }
@ -1000,7 +854,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
/* Return true if key is disabled. Note that this is usually used via /* Return true if key is disabled. Note that this is usually used via
the pk_is_disabled macro. */ the pk_is_disabled macro. */
int int
cache_disabled_value (PKT_public_key *pk) tdb_cache_disabled_value (PKT_public_key *pk)
{ {
int rc; int rc;
TRUSTREC trec; TRUSTREC trec;
@ -1032,8 +886,9 @@ cache_disabled_value (PKT_public_key *pk)
return disabled; return disabled;
} }
void void
check_trustdb_stale(void) tdb_check_trustdb_stale (void)
{ {
static int did_nextcheck=0; static int did_nextcheck=0;
@ -1063,49 +918,26 @@ check_trustdb_stale(void)
} }
/* /*
* Return the validity information for PK. If the namehash is not * Return the validity information for PK. This is the core of
* NULL, the validity of the corresponsing user ID is returned, * get_validity.
* otherwise, a reasonable value for the entire key is returned.
*/ */
unsigned int unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid) tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk)
{ {
TRUSTREC trec, vrec; TRUSTREC trec, vrec;
int rc; int rc;
ulong recno; ulong recno;
unsigned int validity; unsigned int validity;
u32 kid[2];
PKT_public_key *main_pk;
if(uid)
namehash_from_uid(uid);
init_trustdb (); init_trustdb ();
check_trustdb_stale(); check_trustdb_stale();
keyid_from_pk (pk, kid);
if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
{ /* this is a subkey - get the mainkey */
main_pk = xmalloc_clear (sizeof *main_pk);
rc = get_pubkey (main_pk, pk->main_keyid);
if (rc)
{
char *tempkeystr=xstrdup(keystr(pk->main_keyid));
log_error ("error getting main key %s of subkey %s: %s\n",
tempkeystr, keystr(kid), g10_errstr(rc));
xfree(tempkeystr);
validity = TRUST_UNKNOWN;
goto leave;
}
}
else
main_pk = pk;
if(opt.trust_model==TM_DIRECT) if(opt.trust_model==TM_DIRECT)
{ {
/* Note that this happens BEFORE any user ID stuff is checked. /* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */ The direct trust model applies to keys as a whole. */
validity=get_ownertrust(main_pk); validity = tdb_get_ownertrust (main_pk);
goto leave; goto leave;
} }
@ -1161,51 +993,12 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
pk->flags.disabled_valid = 1; pk->flags.disabled_valid = 1;
leave: leave:
/* set some flags direct from the key */
if (main_pk->flags.revoked)
validity |= TRUST_FLAG_REVOKED;
if (main_pk != pk && pk->flags.revoked)
validity |= TRUST_FLAG_SUB_REVOKED;
/* Note: expiration is a trust value and not a flag - don't know why
* I initially designed it that way */
if (main_pk->has_expired || pk->has_expired)
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
if (pending_check_trustdb) if (pending_check_trustdb)
validity |= TRUST_FLAG_PENDING_CHECK; validity |= TRUST_FLAG_PENDING_CHECK;
if (main_pk != pk)
free_public_key (main_pk);
return validity; return validity;
} }
int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
{
int trustlevel;
if (!pk)
return '?'; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (pk, uid);
if ( (trustlevel & TRUST_FLAG_REVOKED) )
return 'r';
return trust_letter (trustlevel);
}
const char *
get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
{
int trustlevel;
if (!pk)
return "err"; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (pk, uid);
if( trustlevel & TRUST_FLAG_REVOKED )
return _("revoked");
return trust_value_to_string(trustlevel);
}
static void static void
get_validity_counts (PKT_public_key *pk, PKT_user_id *uid) get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
@ -1318,14 +1111,14 @@ ask_ownertrust (u32 *kid,int minimum)
{ {
log_info("force trust for key %s to %s\n", log_info("force trust for key %s to %s\n",
keystr(kid),trust_value_to_string(opt.force_ownertrust)); keystr(kid),trust_value_to_string(opt.force_ownertrust));
update_ownertrust(pk,opt.force_ownertrust); tdb_update_ownertrust (pk, opt.force_ownertrust);
ot=opt.force_ownertrust; ot=opt.force_ownertrust;
} }
else else
{ {
ot=edit_ownertrust(pk,0); ot=edit_ownertrust(pk,0);
if(ot>0) if(ot>0)
ot = get_ownertrust (pk); ot = tdb_get_ownertrust (pk);
else if(ot==0) else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED; ot = minimum?minimum:TRUST_UNDEFINED;
else else
@ -1427,365 +1220,6 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
do_sync (); do_sync ();
} }
/*
* check whether the signature sig is in the klist k
*/
static struct key_item *
is_in_klist (struct key_item *k, PKT_signature *sig)
{
for (; k; k = k->next)
{
if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
return k;
}
return NULL;
}
/*
* Mark the signature of the given UID which are used to certify it.
* To do this, we first revmove all signatures which are not valid and
* from the remain ones we look for the latest one. If this is not a
* certification revocation signature we mark the signature by setting
* node flag bit 8. Revocations are marked with flag 11, and sigs
* from unavailable keys are marked with flag 12. Note that flag bits
* 9 and 10 are used for internal purposes.
*/
static void
mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
u32 *main_kid, struct key_item *klist,
u32 curtime, u32 *next_expire)
{
KBNODE node;
PKT_signature *sig;
/* first check all signatures */
for (node=uidnode->next; node; node = node->next)
{
int rc;
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
if (node->pkt->pkttype == PKT_USER_ID
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
break; /* ready */
if (node->pkt->pkttype != PKT_SIGNATURE)
continue;
sig = node->pkt->pkt.signature;
if (main_kid
&& sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
continue; /* ignore self-signatures if we pass in a main_kid */
if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
continue; /* we only look at these signature classes */
if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
sig->sig_class-0x10<opt.min_cert_level)
continue; /* treat anything under our min_cert_level as an
invalid signature */
if (klist && !is_in_klist (klist, sig))
continue; /* no need to check it then */
if ((rc=check_key_signature (keyblock, node, NULL)))
{
/* we ignore anything that won't verify, but tag the
no_pubkey case */
if(rc==G10ERR_NO_PUBKEY)
node->flag |= 1<<12;
continue;
}
node->flag |= 1<<9;
}
/* reset the remaining flags */
for (; node; node = node->next)
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
/* kbnode flag usage: bit 9 is here set for signatures to consider,
* bit 10 will be set by the loop to keep track of keyIDs already
* processed, bit 8 will be set for the usable signatures, and bit
* 11 will be set for usable revocations. */
/* for each cert figure out the latest valid one */
for (node=uidnode->next; node; node = node->next)
{
KBNODE n, signode;
u32 kid[2];
u32 sigdate;
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
break;
if ( !(node->flag & (1<<9)) )
continue; /* not a node to look at */
if ( (node->flag & (1<<10)) )
continue; /* signature with a keyID already processed */
node->flag |= (1<<10); /* mark this node as processed */
sig = node->pkt->pkt.signature;
signode = node;
sigdate = sig->timestamp;
kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
/* Now find the latest and greatest signature */
for (n=uidnode->next; n; n = n->next)
{
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
break;
if ( !(n->flag & (1<<9)) )
continue;
if ( (n->flag & (1<<10)) )
continue; /* shortcut already processed signatures */
sig = n->pkt->pkt.signature;
if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
continue;
n->flag |= (1<<10); /* mark this node as processed */
/* If signode is nonrevocable and unexpired and n isn't,
then take signode (skip). It doesn't matter which is
older: if signode was older then we don't want to take n
as signode is nonrevocable. If n was older then we're
automatically fine. */
if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
!signode->pkt->pkt.signature->flags.revocable &&
(signode->pkt->pkt.signature->expiredate==0 ||
signode->pkt->pkt.signature->expiredate>curtime))) &&
(!(IS_UID_SIG(n->pkt->pkt.signature) &&
!n->pkt->pkt.signature->flags.revocable &&
(n->pkt->pkt.signature->expiredate==0 ||
n->pkt->pkt.signature->expiredate>curtime))))
continue;
/* If n is nonrevocable and unexpired and signode isn't,
then take n. Again, it doesn't matter which is older: if
n was older then we don't want to take signode as n is
nonrevocable. If signode was older then we're
automatically fine. */
if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
!signode->pkt->pkt.signature->flags.revocable &&
(signode->pkt->pkt.signature->expiredate==0 ||
signode->pkt->pkt.signature->expiredate>curtime))) &&
((IS_UID_SIG(n->pkt->pkt.signature) &&
!n->pkt->pkt.signature->flags.revocable &&
(n->pkt->pkt.signature->expiredate==0 ||
n->pkt->pkt.signature->expiredate>curtime))))
{
signode = n;
sigdate = sig->timestamp;
continue;
}
/* At this point, if it's newer, it goes in as the only
remaining possibilities are signode and n are both either
revocable or expired or both nonrevocable and unexpired.
If the timestamps are equal take the later ordered
packet, presuming that the key packets are hopefully in
their original order. */
if (sig->timestamp >= sigdate)
{
signode = n;
sigdate = sig->timestamp;
}
}
sig = signode->pkt->pkt.signature;
if (IS_UID_SIG (sig))
{ /* this seems to be a usable one which is not revoked.
* Just need to check whether there is an expiration time,
* We do the expired certification after finding a suitable
* certification, the assumption is that a signator does not
* want that after the expiration of his certificate the
* system falls back to an older certification which has a
* different expiration time */
const byte *p;
u32 expire;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
expire = p? sig->timestamp + buffer_to_u32(p) : 0;
if (expire==0 || expire > curtime )
{
signode->flag |= (1<<8); /* yeah, found a good cert */
if (next_expire && expire && expire < *next_expire)
*next_expire = expire;
}
}
else
signode->flag |= (1<<11);
}
}
static int
clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
{
int deleted=0;
KBNODE node;
u32 keyid[2];
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
keyid_from_pk(keyblock->pkt->pkt.public_key,keyid);
/* Passing in a 0 for current time here means that we'll never weed
out an expired sig. This is correct behavior since we want to
keep the most recent expired sig in a series. */
mark_usable_uid_certs(keyblock,uidnode,NULL,NULL,0,NULL);
/* What we want to do here is remove signatures that are not
considered as part of the trust calculations. Thus, all invalid
signatures are out, as are any signatures that aren't the last of
a series of uid sigs or revocations It breaks down like this:
coming out of mark_usable_uid_certs, if a sig is unflagged, it is
not even a candidate. If a sig has flag 9 or 10, that means it
was selected as a candidate and vetted. If a sig has flag 8 it
is a usable signature. If a sig has flag 11 it is a usable
revocation. If a sig has flag 12 it was issued by an unavailable
key. "Usable" here means the most recent valid
signature/revocation in a series from a particular signer.
Delete everything that isn't a usable uid sig (which might be
expired), a usable revocation, or a sig from an unavailable
key. */
for(node=uidnode->next;
node && node->pkt->pkttype==PKT_SIGNATURE;
node=node->next)
{
int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0]
&& node->pkt->pkt.signature->keyid[1]==keyid[1]):1;
/* Keep usable uid sigs ... */
if((node->flag & (1<<8)) && keep)
continue;
/* ... and usable revocations... */
if((node->flag & (1<<11)) && keep)
continue;
/* ... and sigs from unavailable keys. */
/* disabled for now since more people seem to want sigs from
unavailable keys removed altogether. */
/*
if(node->flag & (1<<12))
continue;
*/
/* Everything else we delete */
/* At this point, if 12 is set, the signing key was unavailable.
If 9 or 10 is set, it's superseded. Otherwise, it's
invalid. */
if(noisy)
log_info("removing signature from key %s on user ID \"%s\": %s\n",
keystr(node->pkt->pkt.signature->keyid),
uidnode->pkt->pkt.user_id->name,
node->flag&(1<<12)?"key unavailable":
node->flag&(1<<9)?"signature superseded":"invalid signature");
delete_kbnode(node);
deleted++;
}
return deleted;
}
/* This is substantially easier than clean_sigs_from_uid since we just
have to establish if the uid has a valid self-sig, is not revoked,
and is not expired. Note that this does not take into account
whether the uid has a trust path to it - just whether the keyholder
themselves has certified the uid. Returns true if the uid was
compacted. To "compact" a user ID, we simply remove ALL signatures
except the self-sig that caused the user ID to be remove-worthy.
We don't actually remove the user ID packet itself since it might
be ressurected in a later merge. Note that this function requires
that the caller has already done a merge_keys_and_selfsig().
TODO: change the import code to allow importing a uid with only a
revocation if the uid already exists on the keyring. */
static int
clean_uid_from_key(KBNODE keyblock,KBNODE uidnode,int noisy)
{
KBNODE node;
PKT_user_id *uid=uidnode->pkt->pkt.user_id;
int deleted=0;
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
assert(uidnode->pkt->pkttype==PKT_USER_ID);
/* Skip valid user IDs, compacted user IDs, and non-self-signed user
IDs if --allow-non-selfsigned-uid is set. */
if(uid->created || uid->flags.compacted
|| (!uid->is_expired && !uid->is_revoked
&& opt.allow_non_selfsigned_uid))
return 0;
for(node=uidnode->next;
node && node->pkt->pkttype==PKT_SIGNATURE;
node=node->next)
if(!node->pkt->pkt.signature->flags.chosen_selfsig)
{
delete_kbnode(node);
deleted=1;
uidnode->pkt->pkt.user_id->flags.compacted=1;
}
if(noisy)
{
const char *reason;
char *user=utf8_to_native(uid->name,uid->len,0);
if(uid->is_revoked)
reason=_("revoked");
else if(uid->is_expired)
reason=_("expired");
else
reason=_("invalid");
log_info("compacting user ID \"%s\" on key %s: %s\n",
user,keystr_from_pk(keyblock->pkt->pkt.public_key),
reason);
xfree(user);
}
return deleted;
}
/* Needs to be called after a merge_keys_and_selfsig() */
void
clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only,
int *uids_cleaned,int *sigs_cleaned)
{
int dummy;
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
assert(uidnode->pkt->pkttype==PKT_USER_ID);
if(!uids_cleaned)
uids_cleaned=&dummy;
if(!sigs_cleaned)
sigs_cleaned=&dummy;
/* Do clean_uid_from_key first since if it fires off, we don't
have to bother with the other */
*uids_cleaned+=clean_uid_from_key(keyblock,uidnode,noisy);
if(!uidnode->pkt->pkt.user_id->flags.compacted)
*sigs_cleaned+=clean_sigs_from_uid(keyblock,uidnode,noisy,self_only);
}
void
clean_key(KBNODE keyblock,int noisy,int self_only,
int *uids_cleaned,int *sigs_cleaned)
{
KBNODE uidnode;
merge_keys_and_selfsig(keyblock);
for(uidnode=keyblock->next;
uidnode && uidnode->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
uidnode=uidnode->next)
if(uidnode->pkt->pkttype==PKT_USER_ID)
clean_one_uid(keyblock,uidnode,noisy,self_only,
uids_cleaned,sigs_cleaned);
}
/* Returns a sanitized copy of the regexp (which might be "", but not /* Returns a sanitized copy of the regexp (which might be "", but not
NULL). */ NULL). */
@ -2449,10 +1883,10 @@ validate_keys (int interactive)
k->kid[0]=kid[0]; k->kid[0]=kid[0];
k->kid[1]=kid[1]; k->kid[1]=kid[1];
k->ownertrust = k->ownertrust =
(get_ownertrust (kar->keyblock->pkt->pkt.public_key) (tdb_get_ownertrust
& TRUST_MASK); (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
k->min_ownertrust = k->min_ownertrust = tdb_get_min_ownertrust
get_min_ownertrust(kar->keyblock->pkt->pkt.public_key); (kar->keyblock->pkt->pkt.public_key);
k->trust_depth= k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth; kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value= k->trust_value=

View File

@ -38,30 +38,89 @@
#define NAMEHASH_LEN 20 #define NAMEHASH_LEN 20
/*
* A structure to store key identification as well as some stuff needed
* for validation
*/
struct key_item {
struct key_item *next;
unsigned int ownertrust,min_ownertrust;
byte trust_depth;
byte trust_value;
char *trust_regexp;
u32 kid[2];
};
/*
* Check whether the signature SIG is in the klist K.
*/
static inline struct key_item *
is_in_klist (struct key_item *k, PKT_signature *sig)
{
for (; k; k = k->next)
{
if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
return k;
}
return NULL;
}
/*-- trust.c --*/
int cache_disabled_value (PKT_public_key *pk);
void register_trusted_keyid (u32 *keyid);
void register_trusted_key (const char *string);
const char *trust_value_to_string (unsigned int value);
int string_to_trust_value (const char *str);
const char *uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid);
unsigned int get_ownertrust (PKT_public_key *pk);
void update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
int clear_ownertrusts (PKT_public_key *pk);
void revalidation_mark (void);
void check_trustdb_stale (void);
void check_or_update_trustdb (void);
unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid);
int get_validity_info (PKT_public_key *pk, PKT_user_id *uid);
const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid);
void mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
u32 *main_kid, struct key_item *klist,
u32 curtime, u32 *next_expire);
void clean_one_uid (kbnode_t keyblock, kbnode_t uidnode,
int noisy, int self_only,
int *uids_cleaned, int *sigs_cleaned);
void clean_key (kbnode_t keyblock, int noisy, int self_only,
int *uids_cleaned,int *sigs_cleaned);
/*-- trustdb.c --*/ /*-- trustdb.c --*/
void register_trusted_keyid(u32 *keyid); void tdb_register_trusted_keyid (u32 *keyid);
void register_trusted_key( const char *string ); void tdb_register_trusted_key (const char *string);
void check_trustdb (void); void check_trustdb (void);
void update_trustdb (void); void update_trustdb (void);
int setup_trustdb( int level, const char *dbname ); int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void); void how_to_fix_the_trustdb (void);
void init_trustdb( void ); void init_trustdb( void );
void check_trustdb_stale(void); void tdb_check_trustdb_stale (void);
void sync_trustdb( void ); void sync_trustdb( void );
const char *uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid); void tdb_revalidation_mark (void);
const char *trust_value_to_string (unsigned int value);
int string_to_trust_value (const char *str);
void revalidation_mark (void);
int trustdb_pending_check(void); int trustdb_pending_check(void);
void trustdb_check_or_update(void); void tdb_check_or_update (void);
int cache_disabled_value(PKT_public_key *pk); int tdb_cache_disabled_value (PKT_public_key *pk);
unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid); unsigned int tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
int get_validity_info (PKT_public_key *pk, PKT_user_id *uid); PKT_public_key *main_pk);
const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid);
void list_trust_path( const char *username ); void list_trust_path( const char *username );
int enum_cert_paths( void **context, ulong *lid, int enum_cert_paths( void **context, ulong *lid,
@ -73,18 +132,13 @@ void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth, byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level); byte *min_cert_level);
unsigned int get_ownertrust (PKT_public_key *pk); unsigned int tdb_get_ownertrust (PKT_public_key *pk);
unsigned int get_min_ownertrust (PKT_public_key *pk); unsigned int tdb_get_min_ownertrust (PKT_public_key *pk);
int get_ownertrust_info (PKT_public_key *pk); int get_ownertrust_info (PKT_public_key *pk);
const char *get_ownertrust_string (PKT_public_key *pk); const char *get_ownertrust_string (PKT_public_key *pk);
void update_ownertrust (PKT_public_key *pk, unsigned int new_trust ); void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
int clear_ownertrusts (PKT_public_key *pk); int tdb_clear_ownertrusts (PKT_public_key *pk);
void clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only,
int *uids_cleaned,int *sigs_cleaned);
void clean_key(KBNODE keyblock,int noisy,int self_only,
int *uids_cleaned,int *sigs_cleaned);
/*-- tdbdump.c --*/ /*-- tdbdump.c --*/
void list_trustdb(const char *username); void list_trustdb(const char *username);

View File

@ -12,7 +12,7 @@
#info Checking armored encryption #info Checking armored encryption
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust -ea -o x --yes -r "$usrname2" $i $GPG ${opt_always} -ea -o x --yes -r "$usrname2" $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done

View File

@ -12,7 +12,7 @@
#info Checking armored encryption with a pipe #info Checking armored encryption with a pipe
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust -ea --yes -r "$usrname2" < $i | tee x | $GPG -o y --yes $GPG ${opt_always} -ea --yes -r "$usrname2" < $i | tee x | $GPG -o y --yes
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
$GPG --yes < x > y $GPG --yes < x > y
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"

View File

@ -13,7 +13,7 @@
#info Checking armored signing and encryption #info Checking armored signing and encryption
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust \ echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} \
-sae -o x --yes -r "$usrname2" $i -sae -o x --yes -r "$usrname2" $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"

View File

@ -226,6 +226,15 @@ PINENTRY="$(cd $srcdir && /bin/pwd)/pinentry.sh"
# Default to empty passphrase for pinentry.sh # Default to empty passphrase for pinentry.sh
PINENTRY_USER_DATA= PINENTRY_USER_DATA=
# If --check-trustdb is not an option, GPG has been build without
# trust model support. Thus we can't use --always-trust and some
# other options.
if $GPG --dump-options | grep '^--check-trustdb$' >/dev/null ; then
opt_always="--always-trust"
else
opt_always=
fi
# Make sure we have a valid option files even with VPATH builds. # Make sure we have a valid option files even with VPATH builds.
for f in gpg.conf gpg-agent.conf ; do for f in gpg.conf gpg-agent.conf ; do
if [ -f ./$f ]; then if [ -f ./$f ]; then
@ -234,8 +243,10 @@ for f in gpg.conf gpg-agent.conf ; do
cat $srcdir/$f.tmpl >$f cat $srcdir/$f.tmpl >$f
case "$f" in case "$f" in
gpg.conf) gpg.conf)
[ -n "${opt_always}" ] && echo "no-auto-check-trustdb" >>"$f"
echo "agent-program $GPG_AGENT" >>"$f" echo "agent-program $GPG_AGENT" >>"$f"
;;
;;
gpg-agent.conf) gpg-agent.conf)
echo "pinentry-program $PINENTRY" >>"$f" echo "pinentry-program $PINENTRY" >>"$f"
;; ;;

View File

@ -203,7 +203,7 @@ info "Checking ECC encryption and decryption."
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
for k in $mainkeyids ; do for k in $mainkeyids ; do
info "file: $i key: $k" info "file: $i key: $k"
$GPG --always-trust -e -o x --yes -r $k $i $GPG ${opt_always} -e -o x --yes -r $k $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i,$k: mismatch" cmp $i y || error "$i,$k: mismatch"
done done

View File

@ -12,7 +12,7 @@
#info Checking encryption #info Checking encryption
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust -e -o x --yes -r "$dsa_usrname2" $i $GPG ${opt_always} -e -o x --yes -r "$dsa_usrname2" $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
@ -20,7 +20,7 @@ done
for ca in `all_cipher_algos` ; do for ca in `all_cipher_algos` ; do
progress "$ca" progress "$ca"
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust --cipher-algo $ca -e \ $GPG ${opt_always} --cipher-algo $ca -e \
-o x --yes -r "$dsa_usrname2" $i -o x --yes -r "$dsa_usrname2" $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"

View File

@ -12,7 +12,7 @@
#info Checking encryption #info Checking encryption
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust -e -o x --yes -r "$usrname2" $i $GPG ${opt_always} -e -o x --yes -r "$usrname2" $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
@ -21,7 +21,7 @@ echo_n " > "
for ca in `all_cipher_algos` ; do for ca in `all_cipher_algos` ; do
echo_n "$ca " echo_n "$ca "
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust -e -o x --yes -r "$usrname2" --cipher-algo $ca $i $GPG ${opt_always} -e -o x --yes -r "$usrname2" --cipher-algo $ca $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done

View File

@ -12,7 +12,7 @@
#info Checking encryption with a pipe #info Checking encryption with a pipe
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust -e --yes -r "$usrname2" <$i | $GPG --yes > y $GPG ${opt_always} -e --yes -r "$usrname2" <$i | $GPG --yes > y
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done

View File

@ -2,4 +2,3 @@ no-greeting
no-secmem-warning no-secmem-warning
no-permission-warning no-permission-warning
batch batch
no-auto-check-trustdb

View File

@ -11,7 +11,7 @@
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
for i in $plain_files ; do for i in $plain_files ; do
echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust -seat \ echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} -seat \
-r two@example.com -o x --yes $i -r two@example.com -o x --yes $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"

View File

@ -12,7 +12,7 @@
#info Checking signing and encryption for DSA #info Checking signing and encryption for DSA
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust -se -o x --yes \ $GPG ${opt_always} -se -o x --yes \
-u "$dsa_usrname1" -r "$dsa_usrname2" $i -u "$dsa_usrname1" -r "$dsa_usrname2" $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
@ -27,7 +27,7 @@ fi
for da in $algos; do for da in $algos; do
for i in $plain_files; do for i in $plain_files; do
$GPG --always-trust -se -o x --yes --digest-algo $da \ $GPG ${opt_always} -se -o x --yes --digest-algo $da \
-u "$dsa_usrname1" -r "$dsa_usrname2" $i -u "$dsa_usrname1" -r "$dsa_usrname2" $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"

View File

@ -13,7 +13,7 @@
info "Checking signing and encryption" info "Checking signing and encryption"
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust \ echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} \
-se -o x --yes -r "$usrname2" $i -se -o x --yes -r "$usrname2" $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"