1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Do not require a trustdb with --always-trust.

* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(tdb_get_ownertrust): Ditto.
(tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts): Ditto.
(tdb_cache_disabled_value): Ditto.
(tdb_check_trustdb_stale): Ditto.
(tdb_get_validity_core): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e)

Resolved conflicts:
	NEWS
	g10/trustdb.c: Manually apply changes due to changed
                       function names.

Note that this also includes the fix for clear_ownertrust, see
GnuPG-bug-id: 1622.
This commit is contained in:
Werner Koch 2013-10-11 09:25:58 +02:00
parent dfb25d47a9
commit d8f0b83e4f
5 changed files with 66 additions and 22 deletions

4
NEWS
View File

@ -38,6 +38,10 @@ Noteworthy changes in version 2.1.0-betaN (unreleased)
* Only the major version number is by default included in the armored * Only the major version number is by default included in the armored
output. output.
* Do not create a trustdb file if --trust-model=always is used.
* Protect against rogue keyservers sending secret keys.
Noteworthy changes in version 2.1.0beta3 (2011-12-20) Noteworthy changes in version 2.1.0beta3 (2011-12-20)
----------------------------------------------------- -----------------------------------------------------

View File

@ -3539,15 +3539,11 @@ main (int argc, char **argv)
case aListTrustDB: case aListTrustDB:
rc = setup_trustdb (argc? 1:0, trustdb_name); rc = setup_trustdb (argc? 1:0, trustdb_name);
break; break;
case aEncr: default:
case aEncrFiles:
/* If we are using TM_ALWAYS, we do not need to create the /* If we are using TM_ALWAYS, we do not need to create the
trustdb. */ trustdb. */
rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name); rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
break; break;
default:
rc = setup_trustdb (1, trustdb_name );
break;
} }
if (rc) if (rc)
log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc)); log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));

View File

@ -480,7 +480,7 @@ create_version_record (void)
int int
tdbio_set_dbname( const char *new_dbname, int create ) tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile)
{ {
char *fname; char *fname;
static int initialized = 0; static int initialized = 0;
@ -490,6 +490,8 @@ tdbio_set_dbname( const char *new_dbname, int create )
initialized = 1; initialized = 1;
} }
*r_nofile = 0;
if(new_dbname==NULL) if(new_dbname==NULL)
fname=make_filename(opt.homedir,"trustdb" EXTSEP_S GPGEXT_GPG, NULL); fname=make_filename(opt.homedir,"trustdb" EXTSEP_S GPGEXT_GPG, NULL);
else if (*new_dbname != DIRSEP_C ) else if (*new_dbname != DIRSEP_C )
@ -515,7 +517,9 @@ tdbio_set_dbname( const char *new_dbname, int create )
xfree(fname); xfree(fname);
return G10ERR_TRUSTDB; return G10ERR_TRUSTDB;
} }
if( create ) { if (!create)
*r_nofile = 1;
else {
FILE *fp; FILE *fp;
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;

View File

@ -93,7 +93,7 @@ typedef struct trust_record TRUSTREC;
/*-- tdbio.c --*/ /*-- tdbio.c --*/
int tdbio_update_version_record(void); int tdbio_update_version_record(void);
int tdbio_set_dbname( const char *new_dbname, int create ); int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile);
const char *tdbio_get_dbname(void); const char *tdbio_get_dbname(void);
void tdbio_dump_record( TRUSTREC *rec, FILE *fp ); void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ); int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );

View File

@ -49,19 +49,22 @@ typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
* the item right after the last one has a keyblock set to NULL. * the item right after the last one has a keyblock set to NULL.
* Maybe we can drop this thing and replace it by key_item * Maybe we can drop this thing and replace it by key_item
*/ */
struct key_array { struct key_array
{
KBNODE keyblock; KBNODE keyblock;
}; };
/* control information for the trust DB */ /* Control information for the trust DB. */
static struct { static struct
int init; {
int level; int init;
char *dbname; int level;
char *dbname;
int no_trustdb;
} trustdb_args; } trustdb_args;
/* some globals */ /* Some globals. */
static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */ static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
static struct key_item *utk_list; /* all ultimately trusted keys */ static struct key_item *utk_list; /* all ultimately trusted keys */
@ -417,7 +420,7 @@ how_to_fix_the_trustdb ()
void void
init_trustdb() init_trustdb ()
{ {
int level = trustdb_args.level; int level = trustdb_args.level;
const char* dbname = trustdb_args.dbname; const char* dbname = trustdb_args.dbname;
@ -429,7 +432,7 @@ init_trustdb()
if(level==0 || level==1) if(level==0 || level==1)
{ {
int rc = tdbio_set_dbname( dbname, !!level ); int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb);
if( rc ) if( rc )
log_fatal("can't init trustdb: %s\n", g10_errstr(rc) ); log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
} }
@ -525,10 +528,13 @@ void
tdb_revalidation_mark (void) tdb_revalidation_mark (void)
{ {
init_trustdb(); init_trustdb();
/* we simply set the time for the next check to 1 (far back in 1970) if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
* so that a --update-trustdb will be scheduled */ return;
/* We simply set the time for the next check to 1 (far back in 1970)
so that a --update-trustdb will be scheduled. */
if (tdbio_write_nextcheck (1)) if (tdbio_write_nextcheck (1))
do_sync (); do_sync ();
pending_check_trustdb = 1; pending_check_trustdb = 1;
} }
@ -560,8 +566,10 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
TRUSTREC opts; TRUSTREC opts;
init_trustdb(); init_trustdb();
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
read_record(0,&opts,RECTYPE_VER); memset (&opts, 0, sizeof opts);
else
read_record (0, &opts, RECTYPE_VER);
if(trust_model) if(trust_model)
*trust_model=opts.r.ver.trust_model; *trust_model=opts.r.ver.trust_model;
@ -619,6 +627,9 @@ tdb_get_ownertrust ( PKT_public_key *pk)
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
rc = read_trust_record (pk, &rec); rc = read_trust_record (pk, &rec);
if (rc == -1) if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */ return TRUST_UNKNOWN; /* no record yet */
@ -638,6 +649,9 @@ tdb_get_min_ownertrust (PKT_public_key *pk)
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
rc = read_trust_record (pk, &rec); rc = read_trust_record (pk, &rec);
if (rc == -1) if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */ return TRUST_UNKNOWN; /* no record yet */
@ -661,6 +675,9 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
rc = read_trust_record (pk, &rec); rc = read_trust_record (pk, &rec);
if (!rc) if (!rc)
{ {
@ -705,6 +722,9 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
pk = xmalloc_clear (sizeof *pk); pk = xmalloc_clear (sizeof *pk);
rc = get_pubkey (pk, kid); rc = get_pubkey (pk, kid);
if (rc) if (rc)
@ -761,6 +781,11 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
init_trustdb ();
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0;
rc = read_trust_record (pk, &rec); rc = read_trust_record (pk, &rec);
if (!rc) if (!rc)
{ {
@ -865,6 +890,9 @@ tdb_cache_disabled_value (PKT_public_key *pk)
init_trustdb(); init_trustdb();
if (trustdb_args.no_trustdb)
return 0; /* No trustdb => not disabled. */
rc = read_trust_record (pk, &trec); rc = read_trust_record (pk, &trec);
if (rc && rc != -1) if (rc && rc != -1)
{ {
@ -893,6 +921,10 @@ tdb_check_trustdb_stale (void)
static int did_nextcheck=0; static int did_nextcheck=0;
init_trustdb (); init_trustdb ();
if (trustdb_args.no_trustdb)
return; /* No trustdb => can't be stale. */
if (!did_nextcheck if (!did_nextcheck
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)) && (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
{ {
@ -931,6 +963,14 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
unsigned int validity; unsigned int validity;
init_trustdb (); init_trustdb ();
/* If we have no trustdb (which also means it has not been created)
and the trust-model is always, we don't know the validity -
return immediately. If we won't do that the tdbio code would try
to open the trustdb and run into a fatal error. */
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
check_trustdb_stale(); check_trustdb_stale();
if(opt.trust_model==TM_DIRECT) if(opt.trust_model==TM_DIRECT)