security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-22 14:57:02 +01:00
Code Activity

* options.h, g10.c (main): Add --trust-model option. Current models are

Browse Source 
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works).  Default is "openpgp".

* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.

* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
This commit is contained in:
David Shaw 2002-11-03 20:18:56 +00:00
parent 1b593c0515
commit 91a8e4a6fb
7 changed files with 45 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
g10/ChangeLog
View File

@ -1,5 +1,17 @@
2002-11-03 David Shaw <dshaw@jabberwocky.com> 2002-11-03 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main): Add --trust-model option. Current
models are "openpgp" which is classic+trustsigs, "classic" which
is classic only, and "always" which is the same as the current
option --always-trust (which still works). Default is "openpgp".
* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to
enable trust sigs.
* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c
(do_we_trust, do_we_trust_pre, check_signatures_trust): Use new
--trust-model option in place of --always-trust.
* keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids,
keyedit_menu): Prompt for and create a trust signature with keyedit_menu): Prompt for and create a trust signature with
"tsign". This is functional, but needs better UI text. "tsign". This is functional, but needs better UI text.

18
g10/g10.c
View File

@ -205,6 +205,7 @@ enum cmd_and_opt_values { aNull = 0,
oCompressKeys, oCompressKeys,
oCompressSigs, oCompressSigs,
oAlwaysTrust, oAlwaysTrust,
oTrustModel,
oEmuChecksumBug, oEmuChecksumBug,
oRunAsShmCP, oRunAsShmCP,
oSetFilename, oSetFilename,
@ -522,6 +523,7 @@ static ARGPARSE_OPTS opts[] = {
{ oCompressSigs, "compress-sigs",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"},
{ oDefCertCheckLevel, "default-cert-check-level", 1, "@"}, { oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
{ oAlwaysTrust, "always-trust", 0, "@"}, { oAlwaysTrust, "always-trust", 0, "@"},
{ oTrustModel, "trust-model", 2, "@"},
{ oEmuChecksumBug, "emulate-checksum-bug", 0, "@"}, { oEmuChecksumBug, "emulate-checksum-bug", 0, "@"},
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" }, { oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
{ oSetFilename, "set-filename", 2, "@" }, { oSetFilename, "set-filename", 2, "@" },
@ -1142,6 +1144,7 @@ main( int argc, char **argv )
EXPORT_INCLUDE_NON_RFC|EXPORT_INCLUDE_ATTRIBUTES; EXPORT_INCLUDE_NON_RFC|EXPORT_INCLUDE_ATTRIBUTES;
opt.keyserver_options.include_subkeys=1; opt.keyserver_options.include_subkeys=1;
opt.keyserver_options.include_revoked=1; opt.keyserver_options.include_revoked=1;
opt.trust_model=TM_OPENPGP;
#if defined (__MINGW32__) || defined (__CYGWIN32__) #if defined (__MINGW32__) || defined (__CYGWIN32__)
set_homedir ( read_w32_registry_string( NULL, set_homedir ( read_w32_registry_string( NULL,
"Software\\GNU\\GnuPG", "HomeDir" )); "Software\\GNU\\GnuPG", "HomeDir" ));
@ -1443,7 +1446,20 @@ main( int argc, char **argv )
case oCompressAlgo: opt.def_compress_algo = pargs.r.ret_int; break; case oCompressAlgo: opt.def_compress_algo = pargs.r.ret_int; break;
case oCompressKeys: opt.compress_keys = 1; break; case oCompressKeys: opt.compress_keys = 1; break;
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break; case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
case oAlwaysTrust: opt.always_trust = 1; break; /* There are many programs (like mutt) that call gpg with
--always-trust so keep this option around for a long
time. */
case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
case oTrustModel:
if(ascii_strcasecmp(pargs.r.ret_str,"openpgp")==0)
opt.trust_model=TM_OPENPGP;
else if(ascii_strcasecmp(pargs.r.ret_str,"classic")==0)
opt.trust_model=TM_CLASSIC;
else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0)
opt.trust_model=TM_ALWAYS;
else
log_error("unknown trust model \"%s\"\n",pargs.r.ret_str);
break;
case oLoadExtension: case oLoadExtension:
#ifndef __riscos__ #ifndef __riscos__
#if defined(USE_DYNAMIC_LINKING) || defined(__MINGW32__) #if defined(USE_DYNAMIC_LINKING) || defined(__MINGW32__)

2
g10/gpgv.c
View File

@ -150,7 +150,7 @@ main( int argc, char **argv )
opt.command_fd = -1; /* no command fd */ opt.command_fd = -1; /* no command fd */
opt.pgp2_workarounds = 1; opt.pgp2_workarounds = 1;
opt.keyserver_options.auto_key_retrieve = 1; opt.keyserver_options.auto_key_retrieve = 1;
opt.always_trust = 1; opt.trust_model = TM_ALWAYS;
opt.batch = 1; opt.batch = 1;
#if defined (__MINGW32__) || defined (__CYGWIN32__) #if defined (__MINGW32__) || defined (__CYGWIN32__)

4
g10/mainproc.c
View File

@ -1382,7 +1382,7 @@ check_sig_and_print( CTX c, KBNODE node )
} }
} }
if (opt.always_trust || !un) if (opt.trust_model==TM_ALWAYS || !un)
keyid_str[17] = 0; /* cut off the "[uncertain]" part */ keyid_str[17] = 0; /* cut off the "[uncertain]" part */
write_status_text_and_buffer (statno, keyid_str, write_status_text_and_buffer (statno, keyid_str,
@ -1393,7 +1393,7 @@ check_sig_and_print( CTX c, KBNODE node )
log_info(rc? _("BAD signature from \"") log_info(rc? _("BAD signature from \"")
: sig->flags.expired ? _("Expired signature from \"") : sig->flags.expired ? _("Expired signature from \"")
: _("Good signature from \"")); : _("Good signature from \""));
if (!opt.always_trust && un) { if (opt.trust_model!=TM_ALWAYS && un) {
fputs(_("[uncertain]"), log_stream() ); fputs(_("[uncertain]"), log_stream() );
putc(' ', log_stream() ); putc(' ', log_stream() );
} }

2
g10/options.h
View File

@ -88,7 +88,7 @@ struct {
int skip_verify; int skip_verify;
int compress_keys; int compress_keys;
int compress_sigs; int compress_sigs;
int always_trust; enum {TM_OPENPGP, TM_CLASSIC, TM_ALWAYS} trust_model;
int pgp2; int pgp2;
int pgp6; int pgp6;
int pgp7; /* if we get any more of these, it's time to look at a int pgp7; /* if we get any more of these, it's time to look at a

8
g10/pkclist.c
View File

@ -475,9 +475,9 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
} }
*trustlevel &= ~trustmask; *trustlevel &= ~trustmask;
if( opt.always_trust) { if( opt.trust_model==TM_ALWAYS ) {
if( opt.verbose ) if( opt.verbose )
log_info("No trust check due to --always-trust option\n"); log_info("No trust check due to --trust-model always option\n");
return 1; return 1;
} }
@ -570,7 +570,7 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
* his decision the next time he encrypts for this recipient? * his decision the next time he encrypts for this recipient?
*/ */
} }
else if( opt.always_trust && !rc ) { else if( opt.trust_model==TM_ALWAYS && !rc ) {
if( !opt.quiet ) if( !opt.quiet )
log_info(_("WARNING: Using untrusted key!\n")); log_info(_("WARNING: Using untrusted key!\n"));
rc = 1; rc = 1;
@ -591,7 +591,7 @@ check_signatures_trust( PKT_signature *sig )
unsigned int trustlevel; unsigned int trustlevel;
int rc=0; int rc=0;
if ( opt.always_trust) if ( opt.trust_model==TM_ALWAYS )
{ {
if( !opt.quiet ) if( !opt.quiet )
log_info(_("WARNING: Using untrusted key!\n")); log_info(_("WARNING: Using untrusted key!\n"));

15
g10/trustdb.c
View File

@ -1405,11 +1405,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
did not exist. This is safe for non-trust sigs as well did not exist. This is safe for non-trust sigs as well
since we don't accept a regexp on the sig unless it's a since we don't accept a regexp on the sig unless it's a
trust sig. */ trust sig. */
if (kr && (kr->trust_regexp==NULL || if (kr && (kr->trust_regexp==NULL || opt.trust_model==TM_CLASSIC ||
(uidnode && check_regexp(kr->trust_regexp, (uidnode && check_regexp(kr->trust_regexp,
uidnode->pkt->pkt.user_id->name)))) uidnode->pkt->pkt.user_id->name))))
{ {
if(DBG_TRUST && sig->trust_depth) if(DBG_TRUST && opt.trust_model!=TM_CLASSIC && sig->trust_depth)
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n", log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
uidnode->pkt->pkt.user_id->name,sig->trust_depth, uidnode->pkt->pkt.user_id->name,sig->trust_depth,
kr->trust_depth); kr->trust_depth);
@ -1419,10 +1419,10 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
lesser trust sig or value. I could make a decent lesser trust sig or value. I could make a decent
argument for any of these cases, but this seems to be argument for any of these cases, but this seems to be
what PGP does, and I'd like to be compatible. -dms */ what PGP does, and I'd like to be compatible. -dms */
if(sig->trust_depth && if(opt.trust_model!=TM_CLASSIC && sig->trust_depth
pk->trust_timestamp<=sig->timestamp && && pk->trust_timestamp<=sig->timestamp
(sig->trust_depth<=kr->trust_depth || && (sig->trust_depth<=kr->trust_depth
kr->ownertrust==TRUST_ULTIMATE)) || kr->ownertrust==TRUST_ULTIMATE))
{ {
/* If we got here, we know that: /* If we got here, we know that:
@ -1773,7 +1773,8 @@ validate_keys (int interactive)
/* This can happen during transition from an old trustdb /* This can happen during transition from an old trustdb
before trust sigs. It can also happen if a user uses two before trust sigs. It can also happen if a user uses two
different versions of GnuPG. */ different versions of GnuPG or changes the --trust-model
setting. */
if(k->ownertrust<min) if(k->ownertrust<min)
{ {
if(DBG_TRUST) if(DBG_TRUST)