mirror of git://git.gnupg.org/gnupg.git
* trustdb.c (trust_model_string, check_trustdb, update_trustdb,
validate_one_keyblock): It's not clear what a trustdb rebuild or check means with a trust model other than "classic" or "openpgp", so disallow this.
This commit is contained in:
David Shaw
parent
f7b357ebfe
commit
731ab598ad
|
|
@ -1,3 +1,10 @@
|
||||||
|
2002-11-04 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* trustdb.c (trust_model_string, check_trustdb, update_trustdb,
|
||||||
|
validate_one_keyblock): It's not clear what a trustdb rebuild or
|
||||||
|
check means with a trust model other than "classic" or "openpgp",
|
||||||
|
so disallow this.
|
||||||
|
|
||||||
2002-11-03 David Shaw <dshaw@jabberwocky.com>
|
2002-11-03 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* options.h, g10.c (main): Add --trust-model option. Current
|
* options.h, g10.c (main): Add --trust-model option. Current
|
||||||
|
|
|
||||||
|
|
@ -471,6 +471,18 @@ trust_string (unsigned int value)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
trust_model_string(void)
|
||||||
|
{
|
||||||
|
switch(opt.trust_model)
|
||||||
|
{
|
||||||
|
case TM_OPENPGP: return "OpenPGP";
|
||||||
|
case TM_CLASSIC: return "classic";
|
||||||
|
case TM_ALWAYS: return "always";
|
||||||
|
default: return "unknown";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Recreate the WoT but do not ask for new ownertrusts. Special
|
* Recreate the WoT but do not ask for new ownertrusts. Special
|
||||||
* feature: In batch mode and without a forced yes, this is only done
|
* feature: In batch mode and without a forced yes, this is only done
|
||||||
|
|
@ -479,27 +491,33 @@ trust_string (unsigned int value)
|
||||||
void
|
void
|
||||||
check_trustdb ()
|
check_trustdb ()
|
||||||
{
|
{
|
||||||
init_trustdb();
|
if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC)
|
||||||
if (opt.batch && !opt.answer_yes)
|
|
||||||
{
|
{
|
||||||
ulong scheduled;
|
init_trustdb();
|
||||||
|
if (opt.batch && !opt.answer_yes)
|
||||||
|
{
|
||||||
|
ulong scheduled;
|
||||||
|
|
||||||
scheduled = tdbio_read_nextcheck ();
|
scheduled = tdbio_read_nextcheck ();
|
||||||
if (!scheduled)
|
if (!scheduled)
|
||||||
{
|
{
|
||||||
log_info (_("no need for a trustdb check\n"));
|
log_info (_("no need for a trustdb check\n"));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (scheduled > make_timestamp ())
|
if (scheduled > make_timestamp ())
|
||||||
{
|
{
|
||||||
log_info (_("next trustdb check due at %s\n"),
|
log_info (_("next trustdb check due at %s\n"),
|
||||||
strtimestamp (scheduled));
|
strtimestamp (scheduled));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
validate_keys (0);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
validate_keys (0);
|
log_info (_("no need for a trustdb check with \"%s\" trust model\n"),
|
||||||
|
trust_model_string());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -509,8 +527,14 @@ check_trustdb ()
|
||||||
void
|
void
|
||||||
update_trustdb()
|
update_trustdb()
|
||||||
{
|
{
|
||||||
init_trustdb();
|
if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC)
|
||||||
validate_keys (1);
|
{
|
||||||
|
init_trustdb();
|
||||||
|
validate_keys (1);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
log_info (_("no need for a trustdb update with \"%s\" trust model\n"),
|
||||||
|
trust_model_string());
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
@ -875,7 +899,7 @@ get_validity (PKT_public_key *pk, const byte *namehash)
|
||||||
unsigned int validity;
|
unsigned int validity;
|
||||||
u32 kid[2];
|
u32 kid[2];
|
||||||
PKT_public_key *main_pk;
|
PKT_public_key *main_pk;
|
||||||
|
|
||||||
init_trustdb ();
|
init_trustdb ();
|
||||||
if (!did_nextcheck)
|
if (!did_nextcheck)
|
||||||
{
|
{
|
||||||
|
|
@ -1405,11 +1429,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
||||||
did not exist. This is safe for non-trust sigs as well
|
did not exist. This is safe for non-trust sigs as well
|
||||||
since we don't accept a regexp on the sig unless it's a
|
since we don't accept a regexp on the sig unless it's a
|
||||||
trust sig. */
|
trust sig. */
|
||||||
if (kr && (kr->trust_regexp==NULL || opt.trust_model==TM_CLASSIC ||
|
if (kr && (kr->trust_regexp==NULL || opt.trust_model!=TM_OPENPGP ||
|
||||||
(uidnode && check_regexp(kr->trust_regexp,
|
(uidnode && check_regexp(kr->trust_regexp,
|
||||||
uidnode->pkt->pkt.user_id->name))))
|
uidnode->pkt->pkt.user_id->name))))
|
||||||
{
|
{
|
||||||
if(DBG_TRUST && opt.trust_model!=TM_CLASSIC && sig->trust_depth)
|
if(DBG_TRUST && opt.trust_model==TM_OPENPGP && sig->trust_depth)
|
||||||
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
|
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
|
||||||
uidnode->pkt->pkt.user_id->name,sig->trust_depth,
|
uidnode->pkt->pkt.user_id->name,sig->trust_depth,
|
||||||
kr->trust_depth);
|
kr->trust_depth);
|
||||||
|
|
@ -1419,7 +1443,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
||||||
lesser trust sig or value. I could make a decent
|
lesser trust sig or value. I could make a decent
|
||||||
argument for any of these cases, but this seems to be
|
argument for any of these cases, but this seems to be
|
||||||
what PGP does, and I'd like to be compatible. -dms */
|
what PGP does, and I'd like to be compatible. -dms */
|
||||||
if(opt.trust_model!=TM_CLASSIC && sig->trust_depth
|
if(opt.trust_model==TM_OPENPGP && sig->trust_depth
|
||||||
&& pk->trust_timestamp<=sig->timestamp
|
&& pk->trust_timestamp<=sig->timestamp
|
||||||
&& (sig->trust_depth<=kr->trust_depth
|
&& (sig->trust_depth<=kr->trust_depth
|
||||||
|| kr->ownertrust==TRUST_ULTIMATE))
|
|| kr->ownertrust==TRUST_ULTIMATE))
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue