security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Pass CTRL to many more functions.

Browse source 
--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-03-31 20:03:52 +02:00
parent 5e89144cbc
commit 8f2671d2cc
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
38 changed files with 885 additions and 751 deletions
Download patch file Download diff file Expand all files Collapse all files

189
g10/trustdb.c
View file

@ -248,7 +248,7 @@ add_utk (u32 *kid)
* Verify that all our secret keys are usable and put them into the utk_list.
*/
static void
verify_own_keys(void)
verify_own_keys (ctrl_t ctrl)
{
TRUSTREC rec;
ulong recnum;
@ -275,7 +275,7 @@ verify_own_keys(void)
* the whole validation code to only work with
* fingerprints */
fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
keyid_from_fingerprint (fpr, fprlen, kid);
keyid_from_fingerprint (ctrl, fpr, fprlen, kid);
if (!add_utk (kid))
log_info(_("key %s occurs more than once in the trustdb\n"),
keystr(kid));
@ -290,15 +290,15 @@ verify_own_keys(void)
PKT_public_key pk;
memset (&pk, 0, sizeof pk);
rc = get_pubkey (&pk, k->kid);
rc = get_pubkey (ctrl, &pk, k->kid);
if (rc)
log_info(_("key %s: no public key for trusted key - skipped\n"),
keystr(k->kid));
else
{
tdb_update_ownertrust
(&pk, ((tdb_get_ownertrust (&pk, 0) & ~TRUST_MASK)
| TRUST_ULTIMATE ));
(ctrl, &pk, ((tdb_get_ownertrust (ctrl, &pk, 0) & ~TRUST_MASK)
| TRUST_ULTIMATE ));
release_public_key_parts (&pk);
}
@ -361,9 +361,9 @@ read_record (ulong recno, TRUSTREC *rec, int rectype )
* Write a record and die on error
*/
static void
write_record (TRUSTREC *rec)
write_record (ctrl_t ctrl, TRUSTREC *rec)
{
int rc = tdbio_write_record (rec);
int rc = tdbio_write_record (ctrl, rec);
if (rc)
{
log_error(_("trust record %lu, type %d: write failed: %s\n"),
@ -444,7 +444,7 @@ how_to_fix_the_trustdb ()
* in that case 0 is returned if there is a trustdb or an error code
* if no trustdb is available. */
gpg_error_t
init_trustdb (int no_create)
init_trustdb (ctrl_t ctrl, int no_create)
{
int level = trustdb_args.level;
const char* dbname = trustdb_args.dbname;
@ -456,7 +456,7 @@ init_trustdb (int no_create)
if(level==0 || level==1)
{
int rc = tdbio_set_dbname (dbname, (!no_create && level),
int rc = tdbio_set_dbname (ctrl, dbname, (!no_create && level),
&trustdb_args.no_trustdb);
if (no_create && trustdb_args.no_trustdb)
{
@ -501,7 +501,7 @@ init_trustdb (int no_create)
/* Verify the list of ultimately trusted keys and move the
--trusted-keys list there as well. */
if(level==1)
verify_own_keys();
verify_own_keys (ctrl);
if(!tdbio_db_matches_options())
pending_check_trustdb=1;
@ -515,9 +515,9 @@ init_trustdb (int no_create)
necessary if the trust model is not 'always trust'. Returns true
if we do have a usable trust database. */
int
have_trustdb (void)
have_trustdb (ctrl_t ctrl)
{
return init_trustdb (opt.trust_model == TM_ALWAYS) == 0;
return !init_trustdb (ctrl, opt.trust_model == TM_ALWAYS);
}
@ -529,7 +529,7 @@ have_trustdb (void)
void
check_trustdb (ctrl_t ctrl)
{
init_trustdb (0);
init_trustdb (ctrl, 0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
{
@ -566,7 +566,7 @@ check_trustdb (ctrl_t ctrl)
void
update_trustdb (ctrl_t ctrl)
{
init_trustdb (0);
init_trustdb (ctrl, 0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (ctrl, 1);
@ -576,15 +576,15 @@ update_trustdb (ctrl_t ctrl)
}
void
tdb_revalidation_mark (void)
tdb_revalidation_mark (ctrl_t ctrl)
{
init_trustdb (0);
init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
/* We simply set the time for the next check to 1 (far back in 1970)
so that a --update-trustdb will be scheduled. */
if (tdbio_write_nextcheck (1))
if (tdbio_write_nextcheck (ctrl, 1))
do_sync ();
pending_check_trustdb = 1;
}
@ -610,13 +610,14 @@ tdb_check_or_update (ctrl_t ctrl)
}
void
read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level)
read_trust_options (ctrl_t ctrl,
byte *trust_model, ulong *created, ulong *nextcheck,
byte *marginals, byte *completes, byte *cert_depth,
byte *min_cert_level)
{
TRUSTREC opts;
init_trustdb (0);
init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
memset (&opts, 0, sizeof opts);
else
@ -643,11 +644,11 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
***********************************************/
static int
read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
read_trust_record (ctrl_t ctrl, PKT_public_key *pk, TRUSTREC *rec)
{
int rc;
init_trustdb (0);
init_trustdb (ctrl, 0);
rc = tdbio_search_trust_bypk (pk, rec);
if (rc)
{
@ -676,7 +677,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
* values but we usually use --always-trust.
*/
unsigned int
tdb_get_ownertrust (PKT_public_key *pk, int no_create)
tdb_get_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
@ -687,10 +688,10 @@ tdb_get_ownertrust (PKT_public_key *pk, int no_create)
/* If the caller asked not to create a trustdb we call init_trustdb
* directly and allow it to fail with an error code for a
* non-existing trustdb. */
if (no_create && init_trustdb (1))
if (no_create && init_trustdb (ctrl, 1))
return TRUST_UNKNOWN;
err = read_trust_record (pk, &rec);
err = read_trust_record (ctrl, pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
if (err)
@ -704,7 +705,7 @@ tdb_get_ownertrust (PKT_public_key *pk, int no_create)
unsigned int
tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
tdb_get_min_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
@ -715,10 +716,10 @@ tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
/* If the caller asked not to create a trustdb we call init_trustdb
* directly and allow it to fail with an error code for a
* non-existing trustdb. */
if (no_create && init_trustdb (1))
if (no_create && init_trustdb (ctrl, 1))
return TRUST_UNKNOWN;
err = read_trust_record (pk, &rec);
err = read_trust_record (ctrl, pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
if (err)
@ -736,7 +737,7 @@ tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
* The key should be a primary one.
*/
void
tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust )
{
TRUSTREC rec;
gpg_error_t err;
@ -744,7 +745,7 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
err = read_trust_record (pk, &rec);
err = read_trust_record (ctrl, pk, &rec);
if (!err)
{
if (DBG_TRUST)
@ -753,8 +754,8 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
if (rec.r.trust.ownertrust != new_trust)
{
rec.r.trust.ownertrust = new_trust;
write_record( &rec );
tdb_revalidation_mark ();
write_record (ctrl, &rec);
tdb_revalidation_mark (ctrl);
do_sync ();
}
}
@ -766,12 +767,12 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
log_debug ("insert ownertrust %u\n", new_trust );
memset (&rec, 0, sizeof rec);
rec.recnum = tdbio_new_recnum ();
rec.recnum = tdbio_new_recnum (ctrl);
rec.rectype = RECTYPE_TRUST;
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.ownertrust = new_trust;
write_record (&rec);
tdb_revalidation_mark ();
write_record (ctrl, &rec);
tdb_revalidation_mark (ctrl);
do_sync ();
}
else
@ -781,7 +782,7 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
}
static void
update_min_ownertrust (u32 *kid, unsigned int new_trust )
update_min_ownertrust (ctrl_t ctrl, u32 *kid, unsigned int new_trust)
{
PKT_public_key *pk;
TRUSTREC rec;
@ -791,7 +792,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
return;
pk = xmalloc_clear (sizeof *pk);
err = get_pubkey (pk, kid);
err = get_pubkey (ctrl, pk, kid);
if (err)
{
log_error (_("public key %s not found: %s\n"),
@ -799,7 +800,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
return;
}
err = read_trust_record (pk, &rec);
err = read_trust_record (ctrl, pk, &rec);
if (!err)
{
if (DBG_TRUST)
@ -810,8 +811,8 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
if (rec.r.trust.min_ownertrust != new_trust)
{
rec.r.trust.min_ownertrust = new_trust;
write_record( &rec );
tdb_revalidation_mark ();
write_record (ctrl, &rec);
tdb_revalidation_mark (ctrl);
do_sync ();
}
}
@ -823,12 +824,12 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
log_debug ("insert min_ownertrust %u\n", new_trust );
memset (&rec, 0, sizeof rec);
rec.recnum = tdbio_new_recnum ();
rec.recnum = tdbio_new_recnum (ctrl);
rec.rectype = RECTYPE_TRUST;
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.min_ownertrust = new_trust;
write_record (&rec);
tdb_revalidation_mark ();
write_record (ctrl, &rec);
tdb_revalidation_mark (ctrl);
do_sync ();
}
else
@ -844,17 +845,17 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
* Return: True if a change actually happened.
*/
int
tdb_clear_ownertrusts (PKT_public_key *pk)
tdb_clear_ownertrusts (ctrl_t ctrl, PKT_public_key *pk)
{
TRUSTREC rec;
gpg_error_t err;
init_trustdb (0);
init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0;
err = read_trust_record (pk, &rec);
err = read_trust_record (ctrl, pk, &rec);
if (!err)
{
if (DBG_TRUST)
@ -868,8 +869,8 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
{
rec.r.trust.ownertrust = 0;
rec.r.trust.min_ownertrust = 0;
write_record( &rec );
tdb_revalidation_mark ();
write_record (ctrl, &rec);
tdb_revalidation_mark (ctrl);
do_sync ();
return 1;
}
@ -885,7 +886,7 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
* Note: Caller has to do a sync
*/
static void
update_validity (PKT_public_key *pk, PKT_user_id *uid,
update_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
int depth, int validity)
{
TRUSTREC trec, vrec;
@ -894,7 +895,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
namehash_from_uid(uid);
err = read_trust_record (pk, &trec);
err = read_trust_record (ctrl, pk, &trec);
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
{
tdbio_invalid ();
@ -906,7 +907,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
size_t dummy;
memset (&trec, 0, sizeof trec);
trec.recnum = tdbio_new_recnum ();
trec.recnum = tdbio_new_recnum (ctrl);
trec.rectype = RECTYPE_TRUST;
fingerprint_from_pk (pk, trec.r.trust.fingerprint, &dummy);
trec.r.trust.ownertrust = 0;
@ -925,7 +926,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
if (!recno) /* insert a new validity record */
{
memset (&vrec, 0, sizeof vrec);
vrec.recnum = tdbio_new_recnum ();
vrec.recnum = tdbio_new_recnum (ctrl);
vrec.rectype = RECTYPE_VALID;
memcpy (vrec.r.valid.namehash, uid->namehash, 20);
vrec.r.valid.next = trec.r.trust.validlist;
@ -934,9 +935,9 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
vrec.r.valid.validity = validity;
vrec.r.valid.full_count = uid->help_full_count;
vrec.r.valid.marginal_count = uid->help_marginal_count;
write_record (&vrec);
write_record (ctrl, &vrec);
trec.r.trust.depth = depth;
write_record (&trec);
write_record (ctrl, &trec);
}
@ -947,7 +948,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
/* Return true if key is disabled. Note that this is usually used via
the pk_is_disabled macro. */
int
tdb_cache_disabled_value (PKT_public_key *pk)
tdb_cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
{
gpg_error_t err;
TRUSTREC trec;
@ -956,12 +957,12 @@ tdb_cache_disabled_value (PKT_public_key *pk)
if (pk->flags.disabled_valid)
return pk->flags.disabled;
init_trustdb (0);
init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb)
return 0; /* No trustdb => not disabled. */
err = read_trust_record (pk, &trec);
err = read_trust_record (ctrl, pk, &trec);
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
{
tdbio_invalid ();
@ -991,7 +992,7 @@ tdb_check_trustdb_stale (ctrl_t ctrl)
{
static int did_nextcheck=0;
init_trustdb (0);
init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb)
return; /* No trustdb => can't be stale. */
@ -1062,7 +1063,7 @@ tdb_get_validity_core (ctrl_t ctrl,
(void)may_ask;
#endif
init_trustdb (0);
init_trustdb (ctrl, 0);
/* If we have no trustdb (which also means it has not been created)
and the trust-model is always, we don't know the validity -
@ -1077,7 +1078,7 @@ tdb_get_validity_core (ctrl_t ctrl,
{
/* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */
validity = tdb_get_ownertrust (main_pk, 0);
validity = tdb_get_ownertrust (ctrl, main_pk, 0);
goto leave;
}
@ -1093,7 +1094,7 @@ tdb_get_validity_core (ctrl_t ctrl,
{
if (! kb)
{
kb = get_pubkeyblock (main_pk->keyid);
kb = get_pubkeyblock (ctrl, main_pk->keyid);
free_kb = 1;
}
n = kb;
@ -1201,7 +1202,7 @@ tdb_get_validity_core (ctrl_t ctrl,
|| opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_PGP)
{
err = read_trust_record (main_pk, &trec);
err = read_trust_record (ctrl, main_pk, &trec);
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
{
tdbio_invalid ();
@ -1277,7 +1278,7 @@ tdb_get_validity_core (ctrl_t ctrl,
static void
get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
get_validity_counts (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{
TRUSTREC trec, vrec;
ulong recno;
@ -1289,9 +1290,9 @@ get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
uid->help_marginal_count=uid->help_full_count=0;
init_trustdb (0);
init_trustdb (ctrl, 0);
if(read_trust_record (pk, &trec))
if(read_trust_record (ctrl, pk, &trec))
return;
/* loop over all user IDs */
@ -1375,7 +1376,7 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
int ot;
pk = xmalloc_clear (sizeof *pk);
rc = get_pubkey (pk, kid);
rc = get_pubkey (ctrl, pk, kid);
if (rc)
{
log_error (_("public key %s not found: %s\n"),
@ -1387,14 +1388,14 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
{
log_info("force trust for key %s to %s\n",
keystr(kid),trust_value_to_string(opt.force_ownertrust));
tdb_update_ownertrust (pk, opt.force_ownertrust);
tdb_update_ownertrust (ctrl, pk, opt.force_ownertrust);
ot=opt.force_ownertrust;
}
else
{
ot=edit_ownertrust (ctrl, pk, 0);
if(ot>0)
ot = tdb_get_ownertrust (pk, 0);
ot = tdb_get_ownertrust (ctrl, pk, 0);
else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED;
else
@ -1460,7 +1461,8 @@ dump_key_array (int depth, struct key_array *keys)
static void
store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
store_validation_status (ctrl_t ctrl, int depth,
kbnode_t keyblock, KeyHashTable stored)
{
KBNODE node;
int status;
@ -1482,7 +1484,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
if (status)
{
update_validity (keyblock->pkt->pkt.public_key,
update_validity (ctrl, keyblock->pkt->pkt.public_key,
uid, depth, status);
mark_keyblock_seen(stored,keyblock);
@ -1619,7 +1621,7 @@ check_regexp(const char *expr,const char *string)
* This function assumes that all kbnode flags are cleared on entry.
*/
static int
validate_one_keyblock (KBNODE kb, struct key_item *klist,
validate_one_keyblock (ctrl_t ctrl, kbnode_t kb, struct key_item *klist,
u32 curtime, u32 *next_expire)
{
struct key_item *kr;
@ -1666,8 +1668,8 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
*next_expire = uid->expiredate;
issigned = 0;
get_validity_counts(pk,uid);
mark_usable_uid_certs (kb, uidnode, main_kid, klist,
get_validity_counts (ctrl, pk, uid);
mark_usable_uid_certs (ctrl, kb, uidnode, main_kid, klist,
curtime, next_expire);
}
else if (node->pkt->pkttype == PKT_SIGNATURE
@ -1799,7 +1801,7 @@ search_skipfnc (void *opaque, u32 *kid, int dummy_uid_no)
* Caller hast to release the returned array.
*/
static struct key_array *
validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
validate_key_list (ctrl_t ctrl, KEYDB_HANDLE hd, KeyHashTable full_trust,
struct key_item *klist, u32 curtime, u32 *next_expire)
{
KBNODE keyblock = NULL;
@ -1858,7 +1860,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
}
/* prepare the keyblock for further processing */
merge_keys_and_selfsig (keyblock);
merge_keys_and_selfsig (ctrl, keyblock);
clear_kbnode_flags (keyblock);
pk = keyblock->pkt->pkt.public_key;
if (pk->has_expired || pk->flags.revoked)
@ -1866,7 +1868,8 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
/* it does not make sense to look further at those keys */
mark_keyblock_seen (full_trust, keyblock);
}
else if (validate_one_keyblock (keyblock, klist, curtime, next_expire))
else if (validate_one_keyblock (ctrl, keyblock, klist,
curtime, next_expire))
{
KBNODE node;
@ -1915,7 +1918,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
/* Caller must sync */
static void
reset_trust_records(void)
reset_trust_records (ctrl_t ctrl)
{
TRUSTREC rec;
ulong recnum;
@ -1929,7 +1932,7 @@ reset_trust_records(void)
if(rec.r.trust.min_ownertrust)
{
rec.r.trust.min_ownertrust=0;
write_record(&rec);
write_record (ctrl, &rec);
}
}
@ -1941,7 +1944,7 @@ reset_trust_records(void)
rec.r.valid.validity &= ~TRUST_MASK;
rec.r.valid.marginal_count=rec.r.valid.full_count=0;
nreset++;
write_record(&rec);
write_record (ctrl, &rec);
}
}
@ -2002,7 +2005,7 @@ validate_keys (ctrl_t ctrl, int interactive)
Perhaps combine this with reset_trust_records(), or only check
the caches on keys that are actually involved in the web of
trust. */
keydb_rebuild_caches(0);
keydb_rebuild_caches (ctrl, 0);
kdb = keydb_new ();
if (!kdb)
@ -2014,7 +2017,7 @@ validate_keys (ctrl_t ctrl, int interactive)
used = new_key_hash_table ();
full_trust = new_key_hash_table ();
reset_trust_records();
reset_trust_records (ctrl);
/* Fixme: Instead of always building a UTK list, we could just build it
* here when needed */
@ -2032,7 +2035,7 @@ validate_keys (ctrl_t ctrl, int interactive)
KBNODE keyblock;
PKT_public_key *pk;
keyblock = get_pubkeyblock (k->kid);
keyblock = get_pubkeyblock (ctrl, k->kid);
if (!keyblock)
{
log_error (_("public key of ultimately"
@ -2046,7 +2049,8 @@ validate_keys (ctrl_t ctrl, int interactive)
for (node=keyblock; node; node = node->next)
{
if (node->pkt->pkttype == PKT_USER_ID)
update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE);
update_validity (ctrl, pk, node->pkt->pkt.user_id,
0, TRUST_ULTIMATE);
}
if ( pk->expiredate && pk->expiredate >= start_time
&& pk->expiredate < next_expire)
@ -2086,7 +2090,7 @@ validate_keys (ctrl_t ctrl, int interactive)
min=TRUST_MARGINAL;
if(min!=k->min_ownertrust)
update_min_ownertrust(k->kid,min);
update_min_ownertrust (ctrl, k->kid,min);
if (interactive && k->ownertrust == TRUST_UNKNOWN)
{
@ -2132,7 +2136,7 @@ validate_keys (ctrl_t ctrl, int interactive)
}
/* Find all keys which are signed by a key in kdlist */
keys = validate_key_list (kdb, full_trust, klist,
keys = validate_key_list (ctrl, kdb, full_trust, klist,
start_time, &next_expire);
if (!keys)
{
@ -2149,7 +2153,7 @@ validate_keys (ctrl_t ctrl, int interactive)
dump_key_array (depth, keys);
for (kar=keys; kar->keyblock; kar++)
store_validation_status (depth, kar->keyblock, stored);
store_validation_status (ctrl, depth, kar->keyblock, stored);
if (!opt.quiet)
log_info (_("depth: %d valid: %3d signed: %3d"
@ -2183,9 +2187,10 @@ validate_keys (ctrl_t ctrl, int interactive)
k->kid[1]=kid[1];
k->ownertrust =
(tdb_get_ownertrust
(kar->keyblock->pkt->pkt.public_key, 0) & TRUST_MASK);
(ctrl, kar->keyblock->pkt->pkt.public_key, 0)
& TRUST_MASK);
k->min_ownertrust = tdb_get_min_ownertrust
(kar->keyblock->pkt->pkt.public_key, 0);
(ctrl, kar->keyblock->pkt->pkt.public_key, 0);
k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value=
@ -2220,16 +2225,16 @@ validate_keys (ctrl_t ctrl, int interactive)
int rc2;
if (next_expire == 0xffffffff || next_expire < start_time )
tdbio_write_nextcheck (0);
tdbio_write_nextcheck (ctrl, 0);
else
{
tdbio_write_nextcheck (next_expire);
tdbio_write_nextcheck (ctrl, next_expire);
if (!opt.quiet)
log_info (_("next trustdb check due at %s\n"),
strtimestamp (next_expire));
}
rc2 = tdbio_update_version_record ();
rc2 = tdbio_update_version_record (ctrl);
if (rc2)
{
log_error (_("unable to update trustdb version record: "