security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

See ChangeLog: Mon Mar 8 20:47:17 CET 1999 Werner Koch

Browse source
This commit is contained in:
Werner Koch 1999-03-08 19:50:18 +00:00
parent 6d5eecb706
commit b31145f3e2
39 changed files with 2458 additions and 2355 deletions
Download patch file Download diff file Expand all files Collapse all files

14
g10/ChangeLog
View file

@ -1,3 +1,17 @@
Mon Mar 8 20:47:17 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* getkey.c (classify_user_id): Add new mode 12 (#<lid>).
* seckey-cert.c (check_secret_key): replaced error by info.
* trustdb.c (query_trust_info): Add another arg, changed all callers.
(check_trust): Ditto.
(do_check): Ditto.
(verify_key): Handle namehash.
* keylist.c (list_keyblock): print trust info for user ids.
* sig-check.c (signature_check): Add sig-created to status output.
Tue Mar 2 16:44:57 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* textfilter.c (copy_clearsig_text): New.

197
g10/getkey.c
View file

@ -506,6 +506,7 @@ hextobyte( const byte *s )
* 6 = word match mode
* 10 = it is a short KEYID (don't care about keyid[0])
* 11 = it is a long KEYID
* 12 = it is a trustdb index (keyid is looked up)
* 16 = it is a 16 byte fingerprint
* 20 = it is a 20 byte fingerprint
*
@ -624,7 +625,12 @@ classify_user_id( const char *name, u32 *keyid, byte *fprint,
s++;
}
else if( *s == '#' ) { /* use local id */
return 0;
mode = 12;
s++;
if( keyid ) {
if( keyid_from_lid( strtoul( s, NULL, 10), keyid ) )
keyid[0] = keyid[1] = 0;
}
}
else if( !*s ) /* empty string */
return 0;
@ -1561,54 +1567,6 @@ finish_lookup_sk( KBNODE keyblock, PKT_secret_key *sk, KBNODE k, int primary )
}
/****** old code from lookup_read ******/
#if 0 /* can't use it anymore - invent a more general approach */
/* try the quick functions */
if( !ctx->count ) {
k = NULL;
switch( ctx->mode ) {
case 10:
case 11:
rc = locate_keyblock_by_keyid( &ctx->kbpos, ctx->keyid,
ctx->mode==10, 0 );
if( !rc )
rc = read_keyblock( &ctx->kbpos, &ctx->keyblock );
if( !rc )
k = find_by_keyid( ctx->keyblock, pk, ctx->keyid, ctx->mode );
break;
case 16:
case 20:
rc = locate_keyblock_by_fpr( &ctx->kbpos, ctx->name, ctx->mode, 0 );
if( !rc )
rc = read_keyblock( &ctx->kbpos, &ctx->keyblock );
if( !rc )
k = find_by_fpr( ctx->keyblock, pk, ctx->name, ctx->mode );
break;
default: rc = G10ERR_UNSUPPORTED;
}
if( !rc ) {
if( !k ) {
log_error("lookup: key has been located but was not found\n");
rc = G10ERR_INV_KEYRING;
}
else
finish_lookup( ctx->keyblock, pk, k, namehash, 0, ctx->primary );
}
}
else
rc = G10ERR_UNSUPPORTED;
/* if this was not possible, loop over all keyblocks
* fixme: If one of the resources in the quick functions above
* works, but the key was not found, we will not find it
* in the other resources */
if( rc == G10ERR_UNSUPPORTED ) {
}
#endif
static int
lookup_pk( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock )
{
@ -1636,7 +1594,7 @@ lookup_pk( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock )
k = find_by_name( ctx->keyblock, pk,
item->name, item->mode,
namehash, &use_namehash );
else if( item->mode == 10 || item->mode == 11 )
else if( item->mode >= 10 && item->mode <= 12 )
k = find_by_keyid( ctx->keyblock, pk,
item->keyid, item->mode );
else if( item->mode == 15 )
@ -1723,7 +1681,7 @@ lookup_sk( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock )
if( item->mode < 10 )
k = find_by_name_sk( ctx->keyblock, sk,
item->name, item->mode );
else if( item->mode == 10 || item->mode == 11 )
else if( item->mode >= 10 && item->mode <= 12 )
k = find_by_keyid_sk( ctx->keyblock, sk,
item->keyid, item->mode );
else if( item->mode == 15 )
@ -1765,143 +1723,6 @@ lookup_sk( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock )
}
#if 0
OLD/************
OLD * Ditto for secret keys WORK!!!!!!
OLD */
OLDstatic int
OLDlookup_sk( PKT_secret_key *sk, int mode, u32 *keyid, const char *name,
OLD int primary )
OLD{
OLD int rc;
OLD KBNODE keyblock = NULL;
OLD KBPOS kbpos;
OLD int oldmode = set_packet_list_mode(0);
OLD
OLD rc = enum_keyblocks( 5 /* open secret */, &kbpos, &keyblock );
OLD if( rc ) {
OLD if( rc == -1 )
OLD rc = G10ERR_NO_SECKEY;
OLD else if( rc )
OLD log_error("enum_keyblocks(open secret) failed: %s\n", g10_errstr(rc) );
OLD goto leave;
OLD }
OLD
OLD while( !(rc = enum_keyblocks( 1, &kbpos, &keyblock )) ) {
OLD KBNODE k, kk;
OLD if( mode < 10 ) { /* name lookup */
OLD for(k=keyblock; k; k = k->next ) {
OLD if( k->pkt->pkttype == PKT_USER_ID
OLD && !compare_name( k->pkt->pkt.user_id->name,
OLD k->pkt->pkt.user_id->len, name, mode)) {
OLD /* we found a matching name, look for the key */
OLD for(kk=keyblock; kk; kk = kk->next ) {
OLD if( ( kk->pkt->pkttype == PKT_SECRET_KEY
OLD || kk->pkt->pkttype == PKT_SECRET_SUBKEY )
OLD && ( !sk->pubkey_algo
OLD || sk->pubkey_algo
OLD == kk->pkt->pkt.secret_key->pubkey_algo)
OLD && ( !sk->pubkey_usage
OLD || !check_pubkey_algo2(
OLD kk->pkt->pkt.secret_key->pubkey_algo,
OLD sk->pubkey_usage ))
OLD )
OLD break;
OLD }
OLD if( kk ) {
OLD u32 aki[2];
OLD keyid_from_sk( kk->pkt->pkt.secret_key, aki );
OLD cache_user_id( k->pkt->pkt.user_id, aki );
OLD k = kk;
OLD break;
OLD }
OLD else
OLD log_error("No key for userid (in sk)\n");
OLD }
OLD }
OLD }
OLD else { /* keyid or fingerprint lookup */
OLD if( DBG_CACHE && (mode== 10 || mode==11) ) {
OLD log_debug("lookup_sk keyid=%08lx%08lx req_algo=%d mode=%d\n",
OLD (ulong)keyid[0], (ulong)keyid[1],
OLD sk->pubkey_algo, mode );
OLD }
OLD for(k=keyblock; k; k = k->next ) {
OLD if( k->pkt->pkttype == PKT_SECRET_KEY
OLD || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
OLD if( mode == 10 || mode == 11 ) {
OLD u32 aki[2];
OLD keyid_from_sk( k->pkt->pkt.secret_key, aki );
OLD if( DBG_CACHE ) {
OLD log_debug(" aki=%08lx%08lx algo=%d\n",
OLD (ulong)aki[0], (ulong)aki[1],
OLD k->pkt->pkt.secret_key->pubkey_algo );
OLD }
OLD if( aki[1] == keyid[1]
OLD && ( mode == 10 || aki[0] == keyid[0] )
OLD && ( !sk->pubkey_algo
OLD || sk->pubkey_algo
OLD == k->pkt->pkt.secret_key->pubkey_algo) ){
OLD /* cache the userid */
OLD for(kk=keyblock; kk; kk = kk->next )
OLD if( kk->pkt->pkttype == PKT_USER_ID )
OLD break;
OLD if( kk )
OLD cache_user_id( kk->pkt->pkt.user_id, aki );
OLD else
OLD log_error("No userid for key\n");
OLD break; /* found */
OLD }
OLD }
OLD else if( mode == 15 ) { /* get the first key */
OLD if( !sk->pubkey_algo
OLD || sk->pubkey_algo
OLD == k->pkt->pkt.secret_key->pubkey_algo )
OLD break;
OLD }
OLD else if( mode == 16 || mode == 20 ) {
OLD size_t an;
OLD byte afp[MAX_FINGERPRINT_LEN];
OLD
OLD fingerprint_from_sk(k->pkt->pkt.secret_key, afp, &an );
OLD if( an == mode && !memcmp( afp, name, an)
OLD && ( !sk->pubkey_algo
OLD || sk->pubkey_algo
OLD == k->pkt->pkt.secret_key->pubkey_algo) ) {
OLD break;
OLD }
OLD }
OLD else
OLD BUG();
OLD } /* end compare secret keys */
OLD }
OLD }
OLD if( k ) { /* found */
OLD assert( k->pkt->pkttype == PKT_SECRET_KEY
OLD || k->pkt->pkttype == PKT_SECRET_SUBKEY );
OLD assert( keyblock->pkt->pkttype == PKT_SECRET_KEY );
OLD if( primary && !sk->pubkey_usage )
OLD copy_secret_key( sk, keyblock->pkt->pkt.secret_key );
OLD else
OLD copy_secret_key( sk, k->pkt->pkt.secret_key );
OLD break; /* enumeration */
OLD }
OLD release_kbnode( keyblock );
OLD keyblock = NULL;
OLD }
OLD if( rc == -1 )
OLD rc = G10ERR_NO_SECKEY;
OLD else if( rc )
OLD log_error("enum_keyblocks(read) failed: %s\n", g10_errstr(rc));
OLD
OLD leave:
OLD enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
OLD release_kbnode( keyblock );
OLD set_packet_list_mode(oldmode);
OLD return rc;
OLD}
#endif
/****************
* fixme: replace by the generic function

2
g10/keyedit.c
View file

@ -889,7 +889,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked,
if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
/* do it here, so that debug messages don't clutter the
* output */
trust = query_trust_info(pk);
trust = query_trust_info(pk, NULL);
otrust = get_ownertrust_info( pk->local_id );
}

13
g10/keylist.c
View file

@ -196,7 +196,7 @@ list_keyblock( KBNODE keyblock, int secret )
sk = NULL;
keyid_from_pk( pk, keyid );
if( opt.with_colons ) {
trustletter = query_trust_info( pk );
trustletter = query_trust_info( pk, NULL );
printf("pub:%c:%u:%d:%08lX%08lX:%s:%s:",
trustletter,
nbits_from_pk( pk ),
@ -222,8 +222,15 @@ list_keyblock( KBNODE keyblock, int secret )
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( node->pkt->pkttype == PKT_USER_ID ) {
if( any ) {
if( opt.with_colons )
printf("uid:::::::::");
if( opt.with_colons ) {
byte namehash[20];
rmd160_hash_buffer( namehash,
node->pkt->pkt.user_id->name,
node->pkt->pkt.user_id->len );
trustletter = query_trust_info( pk, namehash );
printf("uid:%c::::::::", trustletter);
}
else
printf("uid%*s", 28, "");
}

2
g10/mainproc.c
View file

@ -481,7 +481,7 @@ list_node( CTX c, KBNODE node )
keyid_from_pk( pk, keyid );
if( mainkey ) {
c->local_id = pk->local_id;
c->trustletter = query_trust_info( pk );
c->trustletter = query_trust_info( pk, NULL );
}
printf("%s:%c:%u:%d:%08lX%08lX:%s:%s:",
mainkey? "pub":"sub",

29
g10/pkclist.c
View file

@ -50,7 +50,7 @@ show_paths( ulong lid, int only_first )
last_level = 0;
while( (level=enum_cert_paths( &context, &lid, &otrust, &validity)) != -1){
char *p;
int rc;
int c, rc;
size_t n;
u32 keyid[2];
PKT_public_key *pk ;
@ -77,7 +77,7 @@ show_paths( ulong lid, int only_first )
level*2, "",
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], lid, datestr_from_pk( pk ) );
#if 0
c = trust_letter(otrust);
if( c )
putchar( c );
@ -90,8 +90,6 @@ show_paths( ulong lid, int only_first )
else
printf( "%02x", validity );
putchar(' ');
#endif
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
@ -230,7 +228,6 @@ _("Could not find a valid trust path to the key. Let's see whether we\n"
}
lid = pk->local_id;
#if 0 /* FIXME: enable this when trustdb stuff works again */
while( enum_cert_paths( &context, &lid, &otrust, &validity ) != -1 ) {
if( lid == pk->local_id )
continue;
@ -242,6 +239,7 @@ _("Could not find a valid trust path to the key. Let's see whether we\n"
* those values from then on
*/
otrust = get_ownertrust( lid );
/* fixme: and the validity? */
}
if( otrust == TRUST_UNDEFINED ) {
any_undefined=1;
@ -257,7 +255,6 @@ _("Could not find a valid trust path to the key. Let's see whether we\n"
}
}
enum_cert_paths( &context, NULL, NULL, NULL ); /* release context */
#endif
if( !any )
tty_printf(_("No path leading to one of our keys found.\n\n") );
@ -298,12 +295,14 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
g10_errstr(rc) );
return 0; /* no */
}
rc = check_trust( pk, &trustlevel );
rc = check_trust( pk, &trustlevel, NULL );
if( rc )
log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) );
if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED )
BUG();
if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED ) {
log_debug("do_we_trust: oops at %d\n", __LINE__ );
return 0;
}
return do_we_trust( pk, trustlevel );
case TRUST_EXPIRED:
@ -320,7 +319,7 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
rc = add_ownertrust( pk, &quit );
if( !rc && !quit ) {
rc = check_trust( pk, &trustlevel );
rc = check_trust( pk, &trustlevel, NULL );
if( rc )
log_fatal("trust check after add_ownertrust failed: %s\n",
g10_errstr(rc) );
@ -431,7 +430,7 @@ check_signatures_trust( PKT_signature *sig )
}
retry:
rc = check_trust( pk, &trustlevel );
rc = check_trust( pk, &trustlevel, NULL );
if( rc ) {
log_error("check trust failed: %s\n", g10_errstr(rc));
goto leave;
@ -452,7 +451,7 @@ check_signatures_trust( PKT_signature *sig )
g10_errstr(rc) );
goto leave;
}
rc = check_trust( pk, &trustlevel );
rc = check_trust( pk, &trustlevel, NULL );
if( rc )
log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) );
@ -592,7 +591,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) {
int trustlevel;
rc = check_trust( pk, &trustlevel );
rc = check_trust( pk, &trustlevel, NULL );
if( rc ) {
log_error("error checking pk of `%s': %s\n",
answer, g10_errstr(rc) );
@ -631,7 +630,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) {
int trustlevel;
rc = check_trust( pk, &trustlevel );
rc = check_trust( pk, &trustlevel, NULL );
if( rc ) {
free_public_key( pk ); pk = NULL;
log_error(_("%s: error checking key: %s\n"),
@ -712,7 +711,7 @@ select_algo_from_prefs( PK_LIST pk_list, int preftype )
memset( mask, 0, 8 * sizeof *mask );
if( !pkr->pk->local_id ) { /* try to set the local id */
query_trust_info( pkr->pk );
query_trust_info( pkr->pk, NULL );
if( !pkr->pk->local_id ) {
log_debug("select_algo_from_prefs: can't get LID\n");
continue;

2
g10/seckey-cert.c
View file

@ -173,7 +173,7 @@ check_secret_key( PKT_secret_key *sk, int n )
for(i=0; i < n && rc == G10ERR_BAD_PASS; i++ ) {
if( i )
log_error(_("Invalid passphrase; please try again ...\n"));
log_info(_("Invalid passphrase; please try again ...\n"));
rc = do_check( sk );
if( have_static_passphrase() )
break;

7
g10/sig-check.c
View file

@ -76,7 +76,7 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
MD_HANDLE md;
u32 a = sig->timestamp;
int i, nsig = pubkey_get_nsig( sig->pubkey_algo );
byte *p;
byte *p, *buffer;
md = md_open( DIGEST_ALGO_RMD160, 0);
md_putc( digest, sig->pubkey_algo );
@ -96,7 +96,10 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
}
md_final( md );
p = make_radix64_string( md_read( md, 0 ), 20 );
write_status_text( STATUS_SIG_ID, p );
buffer = m_alloc( strlen(p) + 40 );
sprintf( buffer, "%s %s", p, strtimestamp( sig->timestamp ) );
write_status_text( STATUS_SIG_ID, buffer );
m_free(buffer);
m_free(p);
md_close(md);
}

640
g10/trustdb.c
View file

@ -1,5 +1,5 @@
/* trustdb.c
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -66,25 +66,8 @@ struct local_id_table {
typedef struct local_id_table *LOCAL_ID_TABLE;
typedef struct trust_info TRUST_INFO;
struct trust_info {
ulong lid;
byte otrust; /* ownertrust (assigned trust) */
byte trust; /* calculated trust (validity) */
};
typedef struct trust_seg_list *TRUST_SEG_LIST;
struct trust_seg_list {
TRUST_SEG_LIST next;
int pathlen;
TRUST_INFO path[1];
};
struct enum_cert_paths_ctx {
int init;
TRUST_SEG_LIST tsl_head;
TRUST_SEG_LIST tsl;
int idx;
};
@ -97,6 +80,35 @@ struct recno_list_struct {
typedef struct recno_list_struct *RECNO_LIST;
typedef struct trust_node *TN;
struct trust_node {
TN back; /* parent */
TN list; /* list of other node (should all be of the same type)*/
TN next; /* used to build the list */
int is_uid; /* set if this is an uid node */
ulong lid; /* key or uid recordnumber */
union {
struct {
int ownertrust;
int validity;
/* helper */
int buckstop;
} k;
struct {
int marginal_count;
int fully_count;
int validity;
} u;
} n;
};
static TN used_tns;
static int alloced_tns;
static int max_alloced_tns;
static int walk_sigrecs( SIGREC_CONTEXT *c );
static LOCAL_ID_TABLE new_lid_table(void);
@ -105,11 +117,11 @@ static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag );
static int qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag );
static int propagate_validity( TN node );
static void print_user_id( const char *text, u32 *keyid );
static void sort_tsl_list( TRUST_SEG_LIST *trust_seg_list );
static int list_sigs( ulong pubkey_id );
static int do_check( TRUSTREC *drec, unsigned *trustlevel );
static int do_check( TRUSTREC *drec, unsigned *trustlevel, const char *nhash);
static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec );
static void upd_pref_record( TRUSTREC *urec, u32 *keyid, PKT_signature *sig );
@ -450,7 +462,7 @@ walk_sigrecs( SIGREC_CONTEXT *c )
************* Trust stuff ******************
***********************************************/
static int
int
trust_letter( unsigned value )
{
switch( value ) {
@ -639,35 +651,6 @@ print_user_id( const char *text, u32 *keyid )
m_free(p);
}
#if 0
static int
print_keyid( FILE *fp, ulong lid )
{
u32 ki[2];
if( keyid_from_lid( lid, ki ) )
return fprintf(fp, "????????.%lu", lid );
else
return fprintf(fp, "%08lX.%lu", (ulong)ki[1], lid );
}
static int
print_trust( FILE *fp, unsigned trust )
{
int c;
switch( trust ) {
case TRUST_UNKNOWN: c = 'o'; break;
case TRUST_EXPIRED: c = 'e'; break;
case TRUST_UNDEFINED: c = 'q'; break;
case TRUST_NEVER: c = 'n'; break;
case TRUST_MARGINAL: c = 'm'; break;
case TRUST_FULLY: c = 'f'; break;
case TRUST_ULTIMATE: c = 'u'; break;
default: fprintf(fp, "%02x", trust ); return 2;
}
putc(c, fp);
return 1;
}
#endif
static int
print_sigflags( FILE *fp, unsigned flags )
@ -698,7 +681,7 @@ do_list_sigs( ulong root, ulong pk_lid, int depth,
sx.lid = pk_lid;
for(;;) {
rc = walk_sigrecs( &sx ); /* should we replace it and use */
if( rc ) /* use a loop like in collect_paths ??*/
if( rc )
break;
rc = keyid_from_lid( sx.sig_lid, keyid );
if( rc ) {
@ -839,199 +822,45 @@ list_records( ulong lid )
/****************
* stack is an array of (max_path+1) elements. If trust_seg_head is not
* NULL it is a pointer to a variable which will receive a linked list
* of trust paths - The caller has to free the memory.
*/
static int
collect_paths( int depth, int max_depth, int all, TRUSTREC *drec,
TRUST_INFO *stack, TRUST_SEG_LIST *trust_seg_head )
static TN
new_tn(void)
{
ulong rn, uidrn;
int marginal=0;
int fully=0;
/*LOCAL_ID_TABLE sigs_seen = NULL;*/
TN t;
if( depth >= max_depth ) /* max cert_depth reached */
return TRUST_UNDEFINED;
/* loop over all user-ids */
/*if( !all ) sigs_seen = new_lid_table();*/
for( rn = drec->r.dir.uidlist; rn; rn = uidrn ) {
TRUSTREC rec; /* used for uids and sigs */
ulong sigrn;
read_record( rn, &rec, RECTYPE_UID );
uidrn = rec.r.uid.next;
if( !(rec.r.uid.uidflags & UIDF_CHECKED) )
continue; /* user id has not been checked */
if( !(rec.r.uid.uidflags & UIDF_VALID) )
continue; /* user id is not valid */
if( (rec.r.uid.uidflags & UIDF_REVOKED) )
continue; /* user id has been revoked */
stack[depth].lid = drec->r.dir.lid;
stack[depth].otrust = drec->r.dir.ownertrust;
stack[depth].trust = 0;
{ int i;
for(i=0; i < depth; i++ )
if( stack[i].lid == drec->r.dir.lid )
return TRUST_UNDEFINED; /* closed (we already visited this lid) */
}
if( !qry_lid_table_flag( ultikey_table, drec->r.dir.lid, NULL ) ) {
/* we are at the end of a path */
TRUST_SEG_LIST tsl;
int i;
stack[depth].trust = TRUST_ULTIMATE;
stack[depth].otrust = TRUST_ULTIMATE;
if( trust_seg_head ) {
/* we can now put copy our current stack to the trust_seg_list */
tsl = m_alloc( sizeof *tsl + (depth+1)*sizeof( TRUST_INFO ) );
for(i=0; i <= depth; i++ )
tsl->path[i] = stack[i];
tsl->pathlen = i;
tsl->next = *trust_seg_head;
*trust_seg_head = tsl;
}
return TRUST_ULTIMATE;
}
/* loop over all signature records of this user id */
for( rn = rec.r.uid.siglist; rn; rn = sigrn ) {
int i;
read_record( rn, &rec, RECTYPE_SIG );
sigrn = rec.r.sig.next;
for(i=0; i < SIGS_PER_RECORD; i++ ) {
TRUSTREC tmp;
int ot, nt;
int unchecked = 0;
if( !rec.r.sig.sig[i].lid )
continue; /* skip deleted sigs */
if( !(rec.r.sig.sig[i].flag & SIGF_CHECKED) ) {
if( !all )
continue; /* skip unchecked signatures */
unchecked = 1;
}
else {
if( !(rec.r.sig.sig[i].flag & SIGF_VALID) )
continue; /* skip invalid signatures */
if( (rec.r.sig.sig[i].flag & SIGF_EXPIRED) )
continue; /* skip expired signatures */
if( (rec.r.sig.sig[i].flag & SIGF_REVOKED) )
continue; /* skip revoked signatures */
}
/* visit every signer only once (a signer may have
* signed more than one user ID)
* if( sigs_seen && ins_lid_table_item( sigs_seen,
* rec.r.sig.sig[i].lid, 0) )
* continue; we already have this one
*/
read_record( rec.r.sig.sig[i].lid, &tmp, 0 );
if( tmp.rectype != RECTYPE_DIR ) {
if( tmp.rectype != RECTYPE_SDIR )
log_info("oops: lid %lu: sig %lu has rectype %d"
" - skipped\n",
drec->r.dir.lid, tmp.recnum, tmp.rectype );
continue;
}
ot = tmp.r.dir.ownertrust & TRUST_MASK;
if( ot >= TRUST_FULLY )
ot = TRUST_FULLY; /* just in case */
nt = collect_paths( depth+1, max_depth, all, &tmp, stack,
trust_seg_head );
nt &= TRUST_MASK;
if( nt < TRUST_MARGINAL || unchecked ) {
continue;
}
if( nt == TRUST_ULTIMATE ) {
/* we have signed this key and only in this special case
* we assume that this one is fully trusted */
if( !all ) {
/*if( sigs_seen ) release_lid_table( sigs_seen );*/
return (stack[depth].trust = TRUST_FULLY);
}
}
if( nt > ot )
nt = ot;
if( nt >= TRUST_FULLY )
fully++;
if( nt >= TRUST_MARGINAL )
marginal++;
if( fully >= opt.completes_needed
|| marginal >= opt.marginals_needed ) {
if( !all ) {
/*if( sigs_seen ) release_lid_table( sigs_seen );*/
return (stack[depth].trust = TRUST_FULLY);
}
}
}
}
if( used_tns ) {
t = used_tns;
used_tns = t->next;
memset( t, 0, sizeof *t );
}
/*if( sigs_seen ) release_lid_table( sigs_seen ); */
if( all && ( fully >= opt.completes_needed
|| marginal >= opt.marginals_needed ) ) {
return (stack[depth].trust = TRUST_FULLY );
}
if( marginal ) {
return (stack[depth].trust = TRUST_MARGINAL);
}
return (stack[depth].trust=TRUST_UNDEFINED);
else
t = m_alloc_clear( sizeof *t );
if( ++alloced_tns > max_alloced_tns )
max_alloced_tns = alloced_tns;
return t;
}
typedef struct {
ulong lid;
ulong uid;
byte uid_flags;
byte uid_validity;
byte dir_flags;
byte ownertrust;
} CERT_ITEM;
/* structure to hold certification chains. Item[nitems-1] is the
* ultimateley trusted key, item[0] is the key which
* is introduced, indices [1,(nitems-2)] are all introducers.
*/
typedef struct cert_chain *CERT_CHAIN;
struct cert_chain {
CERT_CHAIN next;
int dups;
int nitems;
CERT_ITEM items[1];
};
/****************
* Copy all items to the set SET_HEAD in a way that the requirements
* of a CERT_CHAIN are met.
*/
static void
add_cert_items_to_set( CERT_CHAIN *set_head, CERT_ITEM *items, int nitems )
release_tn( TN t )
{
CERT_CHAIN ac;
int i;
if( t ) {
t->next = used_tns;
used_tns = t;
alloced_tns--;
}
}
ac = m_alloc_clear( sizeof *ac + (nitems-1)*sizeof(CERT_ITEM) );
ac->nitems = nitems;
for(i=0; i < nitems; i++ )
ac->items[i] = items[i];
ac->next = *set_head;
*set_head = ac;
static void
release_tn_tree( TN kr )
{
TN kr2;
for( ; kr; kr = kr2 ) {
release_tn_tree( kr->list );
kr2 = kr->next;
release_tn( kr );
}
}
@ -1041,57 +870,51 @@ add_cert_items_to_set( CERT_CHAIN *set_head, CERT_ITEM *items, int nitems )
* should have been allocated with size max_depth, stack[0] should
* be setup to the key we are investigating, so the minimal depth
* we should ever see in this function is 1.
* Returns: -1 max_depth reached
* 0 no paths found
* 1 ultimately trusted key found
* Returns: a new tree
* certchain_set must be a valid set or point to NULL; this function
* may modifiy it.
*/
static int
find_cert_chain( ulong lid, int depth, int max_depth,
CERT_ITEM *stack, CERT_CHAIN *cert_chain_set )
static TN
build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
{
TRUSTREC dirrec;
TRUSTREC uidrec;
ulong uidrno;
TN keynode;
if( depth >= max_depth )
return -1;
stack[depth].lid = lid;
stack[depth].uid = 0;
return NULL;
keynode = new_tn();
if( !helproot )
helproot = keynode;
keynode->lid = lid;
if( !qry_lid_table_flag( ultikey_table, lid, NULL ) ) {
/* this is an ultimately trusted key;
* which means that we have found the end of the chain:
* copy the chain to the set */
add_cert_items_to_set( cert_chain_set, stack, depth+1 );
return 1;
* We do this here prior to reading the dir record
* because we don't really need the info from that record */
keynode->n.k.ownertrust = TRUST_ULTIMATE;
keynode->n.k.buckstop = 1;
return keynode;
}
read_record( lid, &dirrec, 0 );
if( dirrec.rectype != RECTYPE_DIR ) {
if( dirrec.rectype != RECTYPE_SDIR )
log_debug("lid %lu, has rectype %d"
" - skipped\n", lid, dirrec.rectype );
return 0;
m_free(keynode);
return NULL;
}
/* Performance hint: add stuff to ignore this one when the
* assigned validity of the key is bad */
stack[depth].dir_flags = dirrec.r.dir.dirflags;
stack[depth].ownertrust = dirrec.r.dir.ownertrust;
keynode->n.k.ownertrust = dirrec.r.dir.ownertrust;
/* loop over all user ids */
for( uidrno = dirrec.r.dir.uidlist; uidrno; uidrno = uidrec.r.uid.next ) {
TRUSTREC sigrec;
ulong sigrno;
TN uidnode = NULL;
stack[depth].uid = uidrno;
read_record( uidrno, &uidrec, RECTYPE_UID );
stack[depth].uid_flags = uidrec.r.uid.uidflags;
stack[depth].uid_validity = uidrec.r.uid.validity;
if( !(uidrec.r.uid.uidflags & UIDF_CHECKED) )
continue; /* user id has not been checked */
@ -1102,7 +925,8 @@ find_cert_chain( ulong lid, int depth, int max_depth,
/* loop over all signature records */
for(sigrno=uidrec.r.uid.siglist; sigrno; sigrno = sigrec.r.sig.next ) {
int i, j;
int i;
TN tn;
read_record( sigrno, &sigrec, RECTYPE_SIG );
@ -1117,25 +941,48 @@ find_cert_chain( ulong lid, int depth, int max_depth,
continue; /* skip expired signatures */
if( (sigrec.r.sig.sig[i].flag & SIGF_REVOKED) )
continue; /* skip revoked signatures */
for(j=0; j < depth; j++ ) {
if( stack[j].lid == sigrec.r.sig.sig[i].lid )
break;
}
if( j < depth )
continue; /* avoid cycles as soon as possible */
/* check for cycles */
for( tn=keynode; tn && tn->lid != sigrec.r.sig.sig[i].lid;
tn = tn->back )
;
if( tn )
continue; /* cycle found */
if( find_cert_chain( sigrec.r.sig.sig[i].lid,
depth+1, max_depth,
stack, cert_chain_set ) > 0 ) {
tn = build_cert_tree( sigrec.r.sig.sig[i].lid,
depth+1, max_depth, helproot );
if( !tn )
continue; /* cert chain too deep or error */
if( !uidnode ) {
uidnode = new_tn();
uidnode->back = keynode;
uidnode->lid = uidrno;
uidnode->is_uid = 1;
uidnode->next = keynode->list;
keynode->list = uidnode;
}
tn->back = uidnode;
tn->next = uidnode->list;
uidnode->list = tn;
#if 0 /* optimazation - fixme: reenable this later */
if( tn->n.k.buckstop ) {
/* ultimately trusted key found:
* no need to check more signatures of this uid */
sigrec.r.sig.next = 0;
break;
}
#endif
}
} /* end loop over sig recs */
} /* end loop over user ids */
return 0;
if( !keynode->list ) {
release_tn_tree( keynode );
keynode = NULL;
}
return keynode;
}
@ -1147,14 +994,33 @@ find_cert_chain( ulong lid, int depth, int max_depth,
* checking all key signatures up to a some depth.
*/
static int
verify_key( int max_depth, TRUSTREC *drec )
verify_key( int max_depth, TRUSTREC *drec, const char *namehash )
{
TRUST_INFO *tmppath = m_alloc_clear( (max_depth+1)* sizeof *tmppath );
int tr;
TN tree;
int trust;
tr = collect_paths( 0, max_depth, 0, drec, tmppath, NULL );
m_free( tmppath );
return tr;
tree = build_cert_tree( drec->r.dir.lid, 0, opt.max_cert_depth, NULL );
if( !tree )
return TRUST_UNDEFINED;
trust = propagate_validity( tree );
if( namehash ) {
/* find the matching user id.
* FIXME: the way we handle this is too inefficient */
TN ur;
TRUSTREC rec;
trust = 0;
for( ur=tree->list; ur; ur = ur->next ) {
read_record( ur->lid, &rec, RECTYPE_UID );
if( !memcmp( namehash, rec.r.uid.namehash, 20 ) ) {
trust = ur->n.u.validity;
break;
}
}
}
release_tn_tree( tree );
return trust;
}
@ -1165,7 +1031,7 @@ verify_key( int max_depth, TRUSTREC *drec )
* but nothing more is known.
*/
static int
do_check( TRUSTREC *dr, unsigned *validity )
do_check( TRUSTREC *dr, unsigned *validity, const char *namehash )
{
if( !dr->r.dir.keylist ) {
log_error(_("Ooops, no keys\n"));
@ -1176,15 +1042,21 @@ do_check( TRUSTREC *dr, unsigned *validity )
return G10ERR_TRUSTDB;
}
if( tdbio_db_matches_options()
if( namehash ) {
/* Fixme: use the cache */
*validity = verify_key( opt.max_cert_depth, dr, namehash );
}
else if( tdbio_db_matches_options()
&& (dr->r.dir.dirflags & DIRF_VALVALID)
&& dr->r.dir.validity )
*validity = dr->r.dir.validity;
else {
*validity = verify_key( opt.max_cert_depth, dr );
*validity = verify_key( opt.max_cert_depth, dr, NULL );
if( (*validity & TRUST_MASK) >= TRUST_UNDEFINED
&& tdbio_db_matches_options() ) {
/* update the cached validity value */
/* FIXME: Move this to another place so that we can
* update the validity of the uids too */
dr->r.dir.validity = (*validity & TRUST_MASK);
dr->r.dir.dirflags |= DIRF_VALVALID;
write_record( dr );
@ -1437,9 +1309,9 @@ import_ownertrust( const char *fname )
#if 0
static void
print_path( int pathlen, TRUST_INFO *path, FILE *fp, ulong highlight )
print_path( int pathlen, TN ME .........., FILE *fp, ulong highlight )
{
int rc, c, i;
u32 keyid[2];
@ -1475,37 +1347,89 @@ print_path( int pathlen, TRUST_INFO *path, FILE *fp, ulong highlight )
putc('\n', fp );
}
}
#endif
static int
cmp_tsl_array( const void *xa, const void *xb )
propagate_validity( TN node )
{
TRUST_SEG_LIST a = *(TRUST_SEG_LIST*)xa;
TRUST_SEG_LIST b = *(TRUST_SEG_LIST*)xb;
return a->pathlen - b->pathlen;
TN kr, ur;
int max_validity = 0;
assert( !node->is_uid );
if( node->n.k.ownertrust == TRUST_ULTIMATE ) {
/* this is one of our keys */
assert( !node->list ); /* This should be a leaf */
return TRUST_ULTIMATE;
}
/* loop over all user ids */
for( ur=node->list; ur; ur = ur->next ) {
assert( ur->is_uid );
/* loop over all signators */
for(kr=ur->list; kr; kr = kr->next ) {
int val = propagate_validity( kr );
if( val == TRUST_ULTIMATE ) {
ur->n.u.fully_count = opt.completes_needed;
}
else if( val == TRUST_FULLY ) {
if( kr->n.k.ownertrust == TRUST_FULLY )
ur->n.u.fully_count++;
else if( kr->n.k.ownertrust == TRUST_MARGINAL )
ur->n.u.marginal_count++;
}
}
/* fixme: We can move this test into the loop to stop as soon as
* we have a level of FULLY and return from this function
* We dont do this now to get better debug output */
if( ur->n.u.fully_count >= opt.completes_needed
|| ur->n.u.marginal_count >= opt.marginals_needed )
ur->n.u.validity = TRUST_FULLY;
else if( ur->n.u.fully_count || ur->n.u.marginal_count )
ur->n.u.validity = TRUST_MARGINAL;
if( ur->n.u.validity >= max_validity )
max_validity = ur->n.u.validity;
}
node->n.k.validity = max_validity;
return max_validity;
}
static void
sort_tsl_list( TRUST_SEG_LIST *trust_seg_list )
print_default_uid( ulong lid )
{
TRUST_SEG_LIST *array, *tail, tsl;
size_t n;
u32 keyid[2];
for(n=0, tsl = *trust_seg_list; tsl; tsl = tsl->next )
n++;
array = m_alloc( (n+1) * sizeof *array );
for(n=0, tsl = *trust_seg_list; tsl; tsl = tsl->next )
array[n++] = tsl;
array[n] = NULL;
qsort( array, n, sizeof *array, cmp_tsl_array );
*trust_seg_list = NULL;
tail = trust_seg_list;
for(n=0; (tsl=array[n]); n++ ) {
*tail = tsl;
tail = &tsl->next;
if( !keyid_from_lid( lid, keyid ) )
print_user_id( "", keyid );
}
static void
dump_tn_tree( int indent, TN tree )
{
TN kr, ur;
for( kr=tree; kr; kr = kr->next ) {
printf("%*s", indent*4, "" );
printf("K%lu(ot=%d,val=%d) ", kr->lid,
kr->n.k.ownertrust,
kr->n.k.validity );
print_default_uid( kr->lid );
for( ur=kr->list; ur; ur = ur->next ) {
printf("%*s ", indent*4, "" );
printf("U%lu(mc=%d,fc=%d,val=%d)\n", ur->lid,
ur->n.u.marginal_count,
ur->n.u.fully_count,
ur->n.u.validity
);
dump_tn_tree( indent+1, ur->list );
}
}
m_free( array );
}
@ -1515,10 +1439,7 @@ list_trust_path( const char *username )
int rc;
ulong lid;
TRUSTREC rec;
#if 0
TRUST_INFO *tmppath;
TRUST_SEG_LIST trust_seg_list, tsl, tsl2;
#endif
TN tree;
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
INIT_TRUSTDB();
@ -1540,49 +1461,12 @@ list_trust_path( const char *username )
lid = pk->local_id;
free_public_key( pk );
#if 0
/* collect the paths */
tmppath = m_alloc_clear( (opt.max_cert_depth+1)* sizeof *tmppath );
trust_seg_list = NULL;
collect_paths( 0, opt.max_cert_depth, 1, &rec, tmppath, &trust_seg_list );
m_free( tmppath );
sort_tsl_list( &trust_seg_list );
/* and now print them */
for(tsl = trust_seg_list; tsl; tsl = tsl->next ) {
print_path( tsl->pathlen, tsl->path, stdout, 0 );
if( tsl->next )
putchar('\n');
}
/* release the list */
for(tsl = trust_seg_list; tsl; tsl = tsl2 ) {
tsl2 = tsl->next;
m_free( tsl );
}
trust_seg_list = NULL;
#else /* test code */
{
CERT_ITEM *stack;
CERT_CHAIN chains, r;
int i;
chains = NULL;
stack = m_alloc_clear( (opt.max_cert_depth+1)* sizeof *stack );
find_cert_chain( lid, 0, opt.max_cert_depth, stack, &chains);
m_free( stack );
/* dump chains */
printf("lid/uid(ownertrust,validity):\n");
for(r=chains; r ; r = r->next ) {
printf("chain:" );
for(i=0; i < r->nitems; i++ )
printf(" %lu/%lu(%d,%d)", r->items[i].lid, r->items[i].uid,
r->items[i].ownertrust,
(r->items[i].uid_flags & UIDF_VALVALID )?
r->items[i].uid_validity : 0 );
putchar('\n');
}
}
#endif
tree = build_cert_tree( lid, 0, opt.max_cert_depth, NULL );
if( tree )
propagate_validity( tree );
dump_tn_tree( 0, tree );
printf("(alloced tns=%d max=%d)\n", alloced_tns, max_alloced_tns );
release_tn_tree( tree );
}
@ -1789,7 +1673,7 @@ update_trustdb( )
* is not necessary to check this if we use a local pubring. Hmmmm.
*/
int
check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
check_trust( PKT_public_key *pk, unsigned *r_trustlevel, const byte *namehash )
{
TRUSTREC rec;
unsigned trustlevel = TRUST_UNKNOWN;
@ -1839,7 +1723,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
trustlevel = TRUST_EXPIRED;
}
else {
rc = do_check( &rec, &trustlevel );
rc = do_check( &rec, &trustlevel, namehash );
if( rc ) {
log_error(_("key %08lX.%lu: trust check failed: %s\n"),
(ulong)keyid[1], pk->local_id, g10_errstr(rc));
@ -1859,13 +1743,13 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
int
query_trust_info( PKT_public_key *pk )
query_trust_info( PKT_public_key *pk, const byte *namehash )
{
unsigned trustlevel;
int c;
INIT_TRUSTDB();
if( check_trust( pk, &trustlevel ) )
if( check_trust( pk, &trustlevel, namehash ) )
return '?';
if( trustlevel & TRUST_FLAG_REVOKED )
return 'r';
@ -1899,13 +1783,15 @@ int
enum_cert_paths( void **context, ulong *lid,
unsigned *ownertrust, unsigned *validity )
{
return -1;
#if 0
struct enum_cert_paths_ctx *ctx;
TRUST_SEG_LIST tsl;
fixme: ..... tsl;
INIT_TRUSTDB();
if( !lid ) { /* release the context */
if( *context ) {
TRUST_SEG_LIST tsl2;
FIXME: ........tsl2;
ctx = *context;
for(tsl = ctx->tsl_head; tsl; tsl = tsl2 ) {
@ -1918,7 +1804,7 @@ enum_cert_paths( void **context, ulong *lid,
}
if( !*context ) {
TRUST_INFO *tmppath;
FIXME .... *tmppath;
TRUSTREC rec;
if( !*lid )
@ -1927,12 +1813,14 @@ enum_cert_paths( void **context, ulong *lid,
ctx = m_alloc_clear( sizeof *ctx );
*context = ctx;
/* collect the paths */
#if 0
read_record( *lid, &rec, RECTYPE_DIR );
tmppath = m_alloc_clear( (opt.max_cert_depth+1)* sizeof *tmppath );
tsl = NULL;
collect_paths( 0, opt.max_cert_depth, 1, &rec, tmppath, &tsl );
m_free( tmppath );
sort_tsl_list( &tsl );
#endif
/* setup the context */
ctx->tsl_head = tsl;
ctx->tsl = ctx->tsl_head;
@ -1956,6 +1844,7 @@ enum_cert_paths( void **context, ulong *lid,
*lid = tsl->path[ctx->idx].lid;
ctx->idx++;
return ctx->idx-1;
#endif
}
@ -1966,8 +1855,10 @@ void
enum_cert_paths_print( void **context, FILE *fp,
int refresh, ulong selected_lid )
{
return;
#if 0
struct enum_cert_paths_ctx *ctx;
TRUST_SEG_LIST tsl;
FIXME......... tsl;
if( !*context )
return;
@ -2001,6 +1892,7 @@ enum_cert_paths_print( void **context, FILE *fp,
}
print_path( tsl->pathlen, tsl->path, fp, selected_lid );
#endif
}
@ -2035,7 +1927,7 @@ get_ownertrust_info( ulong lid )
* Return an allocated buffer with the preference values for
* the key with LID and the userid which is identified by the
* HAMEHASH or the firstone if namehash is NULL. ret_n receives
* the length of the allcoated buffer. Structure of the buffer is
* the length of the allocated buffer. Structure of the buffer is
* a repeated sequences of 2 bytes; where the first byte describes the
* type of the preference and the second one the value. The constants
* PREFTYPE_xxxx should be used to reference a type.
@ -2616,6 +2508,10 @@ upd_uid_record( KBNODE keyblock, KBNODE uidnode, u32 *keyid,
ulong recno, newrecno;
int rc;
if( DBG_TRUST )
log_debug("upd_uid_record for %08lX/%02X%02X\n",
(ulong)keyid[1], uidhash[18], uidhash[19]);
/* see whether we already have an uid record */
rmd160_hash_buffer( uidhash, uid->name, uid->len );
for( recno=drec->r.dir.uidlist; recno; recno = urec.r.uid.next ) {
@ -2785,6 +2681,11 @@ upd_pref_record( TRUSTREC *urec, u32 *keyid, PKT_signature *sig )
byte prefs_rec[200];
int n_prefs_rec = 0;
if( DBG_TRUST )
log_debug("upd_pref_record for %08lX.%lu/%02X%02X\n",
(ulong)keyid[1], lid, uidhash[18], uidhash[19] );
/* check for changed preferences */
for(k=0; ptable[k].subpkttype; k++ ) {
s = parse_sig_subpkt2( sig, ptable[k].subpkttype, &n );
@ -2884,8 +2785,8 @@ upd_cert_record( KBNODE keyblock, KBNODE signode, u32 *keyid,
* later. The problem with this is that we must somewhere store
* the information about this signature (we need a record id).
* We do this by using the record type shadow dir, which will
* be converted to a dir record as soon as a new public key is
* inserted into the trustdb.
* be converted to a dir record as soon as the missing public key
* gets inserted into the trustdb.
*/
ulong lid = drec->recnum;
PKT_signature *sig = signode->pkt->pkt.signature;
@ -2901,6 +2802,12 @@ upd_cert_record( KBNODE keyblock, KBNODE signode, u32 *keyid,
int found_delrec = 0;
int rc;
if( DBG_TRUST )
log_debug("upd_cert_record for %08lX.?/%02X%02X/%08lX\n",
(ulong)keyid[1], uidhash[18],
uidhash[19], (ulong)sig->keyid[1] );
delrec.recnum = 0;
/* get the LID of the pubkey of the signature under verification */
@ -2976,13 +2883,12 @@ upd_cert_record( KBNODE keyblock, KBNODE signode, u32 *keyid,
rec.r.sig.sig[i].flag |= SIGF_REVOKED;
}
else if( rc == G10ERR_NO_PUBKEY ) {
#if 0 /* fixme: For some reason this really happens? */
/* fixme: For some reason this really happens? */
if( (rec.r.sig.sig[i].flag & SIGF_CHECKED) )
log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
(ulong)keyid[1], lid, uidhash[18],
uidhash[19], (ulong)sig->keyid[1],
_("Hmmm, public key lost?") );
#endif
rec.r.sig.sig[i].flag = SIGF_NOPUBKEY;
if( revoked )
rec.r.sig.sig[i].flag |= SIGF_REVOKED;
@ -3061,7 +2967,7 @@ upd_cert_record( KBNODE keyblock, KBNODE signode, u32 *keyid,
newflag |= SIGF_REVOKED;
}
else if( rc == G10ERR_NO_PUBKEY ) {
if( opt.verbose > 1 )
if( opt.verbose > 1 || DBG_TRUST )
log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
(ulong)keyid[1], lid, uidhash[18],
uidhash[19], (ulong)sig->keyid[1], g10_errstr(rc) );
@ -3266,9 +3172,6 @@ insert_trust_record( PKT_public_key *pk )
INIT_TRUSTDB();
if( pk->local_id )
log_bug("pk->local_id=%lu\n", pk->local_id );
fingerprint_from_pk( pk, fingerprint, &fingerlen );
/* fixme: assert that we do not have this record.
@ -3289,6 +3192,13 @@ insert_trust_record( PKT_public_key *pk )
goto leave;
}
if( pk->local_id ) {
log_debug("insert_trust_reord with pk->local_id=%lu\n", pk->local_id );
rc = update_trust_record( keyblock, 1, NULL );
release_kbnode( keyblock );
return rc;
}
/* check that we used the primary key (we are little bit paranoid) */
{ PKT_public_key *a_pk;
u32 akid[2], bkid[2];

4
g10/trustdb.h
View file

@ -49,8 +49,8 @@ void register_trusted_key( const char *string );
void check_trustdb( const char *username );
void update_trustdb( void );
int init_trustdb( int level, const char *dbname );
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
int query_trust_info( PKT_public_key *pk );
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel, const byte* nh );
int query_trust_info( PKT_public_key *pk, const byte *nh );
int enum_cert_paths( void **context, ulong *lid,
unsigned *ownertrust, unsigned *validity );
void enum_cert_paths_print( void **context, FILE *fp,