1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Ensure TOFU bindings associated with UTKs are registered as usual

* g10/tofu.c (get_trust): Call get_policy before short-circuiting the
policy lookup for ultimately trusted keys to make sure the binding is
added to the bindings table, if necessary.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2929
This commit is contained in:
Neal H. Walfield 2017-02-02 14:24:38 +01:00
parent a08c781739
commit 769272ba87

View File

@ -2306,7 +2306,11 @@ build_conflict_set (tofu_dbs_t dbs,
/* Return the effective policy for the binding <FINGERPRINT, EMAIL> /* Return the effective policy for the binding <FINGERPRINT, EMAIL>
* (email has already been normalized) and any conflict information in * (email has already been normalized) and any conflict information in
* *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns * *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns
* _tofu_GET_POLICY_ERROR if an error occurs. */ * _tofu_GET_POLICY_ERROR if an error occurs.
*
* This function registers the binding in the bindings table if it has
* not yet been registered.
*/
static enum tofu_policy static enum tofu_policy
get_policy (tofu_dbs_t dbs, PKT_public_key *pk, get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
const char *fingerprint, const char *user_id, const char *email, const char *fingerprint, const char *user_id, const char *email,
@ -2677,6 +2681,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
&& _tofu_GET_TRUST_ERROR != TRUST_FULLY && _tofu_GET_TRUST_ERROR != TRUST_FULLY
&& _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE); && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
begin_transaction (ctrl, 0);
in_transaction = 1;
/* We need to call get_policy even if the key is ultimately trusted
* to make sure the binding has been registered. */
policy = get_policy (dbs, pk, fingerprint, user_id, email,
&conflict_set, now);
/* If the key is ultimately trusted, there is nothing to do. */ /* If the key is ultimately trusted, there is nothing to do. */
{ {
u32 kid[2]; u32 kid[2];
@ -2690,11 +2702,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
} }
} }
begin_transaction (ctrl, 0);
in_transaction = 1;
policy = get_policy (dbs, pk, fingerprint, user_id, email,
&conflict_set, now);
if (policy == TOFU_POLICY_AUTO) if (policy == TOFU_POLICY_AUTO)
{ {
policy = opt.tofu_default_policy; policy = opt.tofu_default_policy;