security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-01 16:33:02 +01:00
Code Activity

gpg: If a key is ultimate trusted, return that in the tofu model.

Browse Source 
* g10/tofu.c (get_trust): If the policy is auto or none, check if the
key is ultimately trusted.  If so, return that.
(tofu_register): If the key is ultimately trusted, don't show any
statistics.
(tofu_get_validity): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Andre Heinecke <aheinecke@intevation.de>
This commit is contained in:
Neal H. Walfield 2015-10-21 13:35:27 +02:00
parent d05ff81732
commit df57390d68
1 changed files with 54 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
g10/tofu.c
View File

@ -1295,6 +1295,58 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
return _tofu_GET_TRUST_ERROR; return _tofu_GET_TRUST_ERROR;
policy = get_policy (dbs, fingerprint, email, &conflict); policy = get_policy (dbs, fingerprint, email, &conflict);
if (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_NONE)
/* See if the key is ultimately trusted. If so, we're done. */
{
int i, j;
char keyid[17];
KEYDB_SEARCH_DESC desc;
/* We need to convert the fingerprint as a string to a long
keyid.
FINGERPRINT has the form:
362D 3527 F53A AD19 71AA FDE6 5885 9975 EE37 CF96
-------------------
The last 16 characters are the long keyid.
*/
assert (strlen (fingerprint) > 4 * 4 + 3);
for (i = strlen (fingerprint) - (4 * 4 + 3), j = 0; j < 16; i ++, j ++)
{
if (fingerprint[i] == ' ')
i ++;
keyid[j] = fingerprint[i];
}
keyid[j] = 0;
rc = classify_user_id (keyid, &desc, 1);
if (rc || desc.mode != KEYDB_SEARCH_MODE_LONG_KID)
{
log_error (_("'%s' is not a valid long keyID\n"), keyid);
return _tofu_GET_TRUST_ERROR;
}
if (tdb_keyid_is_utk (desc.u.kid))
{
if (policy == TOFU_POLICY_NONE)
{
if (record_binding (dbs, fingerprint, email, user_id,
TOFU_POLICY_AUTO, 0) != 0)
{
log_error (_("error setting TOFU binding's trust level to %s\n"),
"auto");
trust_level = _tofu_GET_TRUST_ERROR;
goto out;
}
}
trust_level = TRUST_ULTIMATE;
goto out;
}
}
if (policy == TOFU_POLICY_AUTO) if (policy == TOFU_POLICY_AUTO)
{ {
policy = opt.tofu_default_policy; policy = opt.tofu_default_policy;
@ -2261,7 +2313,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
} }
die: die:
if (may_ask) if (may_ask && trust_level != TRUST_ULTIMATE)
/* It's only appropriate to show the statistics in an interactive /* It's only appropriate to show the statistics in an interactive
context. */ context. */
show_statistics (dbs, fingerprint, email, user_id, show_statistics (dbs, fingerprint, email, user_id,
@ -2367,7 +2419,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
/* An error. */ /* An error. */
trust_level = TRUST_UNDEFINED; trust_level = TRUST_UNDEFINED;
if (may_ask) if (may_ask && trust_level != TRUST_ULTIMATE)
show_statistics (dbs, fingerprint, email, user_id, NULL); show_statistics (dbs, fingerprint, email, user_id, NULL);
die: die: