security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

fixed severe exploit

Browse source
This commit is contained in:
Werner Koch 1998-07-09 13:37:17 +00:00
parent 5aed77d1db
commit e143f23c23
29 changed files with 1272 additions and 829 deletions
Download patch file Download diff file Expand all files Collapse all files

17
g10/ChangeLog
View file

@ -1,3 +1,20 @@
Thu Jul 9 14:52:47 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (build_list): Now drops setuid.
(main): Changed the way keyrings and algorithms are registered .
Wed Jul 8 14:17:30 1998 Werner Koch (wk@isil.d.shuttle.de)
* packet.h (PKT_public_key): Add field keyid.
* parse-packet.c (parse_key): Reset the above field.
* keyid.c (keyid_from_pk): Use above field as cache.
* tdbio.c, tdbio.h: New
* trustdb.c: Moved some functions to tdbio.c.
(print_keyid): New.
* pkclist.c (check_signatures_trust): New.
Wed Jul 8 10:45:28 1998 Werner Koch (wk@isil.d.shuttle.de)
* plaintext.c (special_md_putc): New.

2
g10/Makefile.am
View file

@ -32,6 +32,8 @@ common_source = \
keyid.c \
trustdb.c \
trustdb.h \
tdbio.c \
tdbio.h \
pref.h \
pref.c \
packet.h \

45
g10/g10.c
View file

@ -182,6 +182,7 @@ enum cmd_values { aNull = 0,
aDeArmor, aEnArmor, aGenRandom,
aTest };
static int maybe_setuid = 1;
static char *build_list( const char *text,
const char *(*mapf)(int), int (*chkf)(int) );
@ -264,6 +265,9 @@ build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) )
size_t n=strlen(text)+2;
char *list, *p;
if( maybe_setuid )
secmem_init( 0 ); /* drop setuid */
for(i=1; i < 110; i++ )
if( !chkf(i) && (s=mapf(i)) )
n += strlen(s) + 2;
@ -381,7 +385,7 @@ main( int argc, char **argv )
char **orig_argv;
const char *fname;
STRLIST sl, remusr= NULL, locusr=NULL;
int nrings=0, sec_nrings=0;
STRLIST nrings=NULL, sec_nrings=NULL;
armor_filter_context_t afx;
int detached_sig = 0;
FILE *configfp = NULL;
@ -394,10 +398,13 @@ main( int argc, char **argv )
int greeting = 1;
enum cmd_values cmd = 0;
const char *trustdb_name = NULL;
char *def_cipher_string = NULL;
char *def_digest_string = NULL;
trap_unaligned();
#ifdef IS_G10MAINT
secmem_init( 0 ); /* disable use of secmem */
maybe_setuid = 0;
log_set_name("gpgm");
#else
/* Please note that we may running SUID(ROOT), so be very CAREFUL
@ -509,12 +516,8 @@ main( int argc, char **argv )
case 523: set_passphrase_fd( pargs.r.ret_int ); break;
case 524: set_cmd( &cmd, aEditKey); break;
case 525: set_cmd( &cmd, aChangePass); break;
case 527:
opt.def_cipher_algo = string_to_cipher_algo(pargs.r.ret_str);
break;
case 529:
opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str);
break;
case 527: def_cipher_string = m_strdup(pargs.r.ret_str); break;
case 529: def_digest_string = m_strdup(pargs.r.ret_str); break;
case 539: set_cmd( &cmd, aClearsign); break;
case 540: secmem_set_flags( secmem_get_flags() | 1 ); break;
case 542: set_cmd( &cmd, aGenRevoke); break;
@ -548,12 +551,12 @@ main( int argc, char **argv )
case 501: opt.answer_yes = 1; break;
case 502: opt.answer_no = 1; break;
case 508: set_cmd( &cmd, aCheckKeys); break;
case 509: add_keyring(pargs.r.ret_str); nrings++; break;
case 509: append_to_strlist( &nrings, pargs.r.ret_str); break;
case 510: opt.debug |= pargs.r.ret_ulong; break;
case 511: opt.debug = ~0; break;
case 512: set_status_fd( pargs.r.ret_int ); break;
case 515: opt.fingerprint = 1; break;
case 517: add_secret_keyring(pargs.r.ret_str); sec_nrings++; break;
case 517: append_to_strlist( &sec_nrings, pargs.r.ret_str); break;
case 518:
/* config files may not be nested (silently ignore them) */
if( !configfp ) {
@ -603,7 +606,6 @@ main( int argc, char **argv )
goto next_pass;
}
m_free( configname ); configname = NULL;
check_opts();
if( log_get_errorcount(0) )
g10_exit(2);
@ -615,12 +617,28 @@ main( int argc, char **argv )
#ifdef IS_G10
/* initialize the secure memory. */
secmem_init( 16384 );
maybe_setuid = 0;
/* Okay, we are now working under our real uid */
#endif
/*write_status( STATUS_ENTER );*/
set_debug();
/* must do this after dropping setuid, because string_to...
* may try to load an module */
if( def_cipher_string ) {
opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
m_free(def_cipher_string); def_cipher_string = NULL;
}
if( def_digest_string ) {
opt.def_digest_algo = string_to_digest_algo(def_digest_string);
m_free(def_digest_string); def_digest_string = NULL;
}
check_opts();
if( log_get_errorcount(0) )
g10_exit(2);
if( !cmd && opt.fingerprint )
set_cmd( &cmd, aListKeys);
@ -651,11 +669,18 @@ main( int argc, char **argv )
* not in case of "-kvv userid keyring" */
if( cmd != aDeArmor && cmd != aEnArmor
&& !(cmd == aKMode && argc == 2 ) ) {
if( !sec_nrings || default_keyring ) /* add default secret rings */
add_secret_keyring("secring.gpg");
for(sl = sec_nrings; sl; sl = sl->next )
add_secret_keyring( sl->d );
if( !nrings || default_keyring ) /* add default ring */
add_keyring("pubring.gpg");
for(sl = nrings; sl; sl = sl->next )
add_keyring( sl->d );
}
FREE_STRLIST(nrings);
FREE_STRLIST(sec_nrings);
if( argc )
fname = *argv;

9
g10/getkey.c
View file

@ -759,6 +759,15 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
size_t an;
byte *afp = fingerprint_from_pk(
k->pkt->pkt.public_key, &an );
if( DBG_CACHE ) {
u32 aki[2];
keyid_from_pk( k->pkt->pkt.public_key, aki );
log_debug(" aki=%08lx%08lx algo=%d mode=%d an=%u\n",
(ulong)aki[0], (ulong)aki[1],
k->pkt->pkt.public_key->pubkey_algo,
mode, an );
}
if( an == mode && !memcmp( afp, name, an)
&& ( !pk->pubkey_algo
|| pk->pubkey_algo

1
g10/keydb.h
View file

@ -86,6 +86,7 @@ struct pubkey_find_info {
/*-- pkclist.c --*/
int check_signatures_trust( PKT_signature *sig );
void release_pk_list( PK_LIST pk_list );
int build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage );

11
g10/keyid.c
View file

@ -161,9 +161,16 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
if( !keyid )
keyid = dummy_keyid;
if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
if( pk->keyid[0] || pk->keyid[1] ) {
keyid[0] = pk->keyid[0];
keyid[1] = pk->keyid[1];
lowbits = keyid[1];
}
else if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
lowbits = pubkey_get_npkey(pk->pubkey_algo) ?
mpi_get_keyid( pk->pkey[0], keyid ) : 0 ; /* from n */
pk->keyid[0] = keyid[0];
pk->keyid[1] = keyid[1];
}
else {
const byte *dp;
@ -174,6 +181,8 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
lowbits = keyid[1];
md_close(md);
pk->keyid[0] = keyid[0];
pk->keyid[1] = keyid[1];
}
return lowbits;

2
g10/mainproc.c
View file

@ -837,6 +837,8 @@ check_sig_and_print( CTX c, KBNODE node )
print_keyid( stderr, sig->keyid );
putc('\"', stderr);
putc('\n', stderr);
if( !rc )
rc = check_signatures_trust( sig );
if( opt.batch && rc )
g10_exit(1);
}

1
g10/packet.h
View file

@ -111,6 +111,7 @@ typedef struct {
byte pubkey_algo; /* algorithm used for public key scheme */
byte pubkey_usage; /* for now only used to pass it to getkey() */
ulong local_id; /* internal use, valid if > 0 */
u32 keyid[2]; /* calculated by keyid_from_pk() */
MPI pkey[PUBKEY_MAX_NPKEY];
} PKT_public_key;

2
g10/parse-packet.c
View file

@ -946,6 +946,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
pk->version = version;
pk->pubkey_algo = algorithm;
pk->pubkey_usage = 0; /* not yet used */
pk->keyid[0] = 0;
pk->keyid[1] = 0;
}
nskey = pubkey_get_nskey( algorithm );
npkey = pubkey_get_npkey( algorithm );

111
g10/pkclist.c
View file

@ -33,6 +33,7 @@
#include "util.h"
#include "trustdb.h"
#include "ttyio.h"
#include "status.h"
#include "i18n.h"
/****************
@ -57,7 +58,7 @@ query_ownertrust( ulong lid )
pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc ) {
log_error("keyid %08lX: pubkey not found: %s\n",
log_error("key %08lX: public key not found: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
return 0;
}
@ -282,6 +283,114 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel )
}
/****************
* Check whether we can trust this signature.
* Returns: Error if we shall not trust this signatures.
*/
int
check_signatures_trust( PKT_signature *sig )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int trustlevel;
int dont_try = 0;
int rc=0;
rc = get_pubkey( pk, sig->keyid );
if( rc ) { /* this should not happen */
log_error("Ooops; the key vanished - can't check the trust\n");
rc = G10ERR_NO_PUBKEY;
goto leave;
}
retry:
rc = check_trust( pk, &trustlevel );
if( rc ) {
log_error("check trust failed: %s\n", g10_errstr(rc));
goto leave;
}
if( (trustlevel & TRUST_FLAG_REVOKED) ) {
write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This key has been revoked by its owner!\n"));
log_info(_(" This could mean that the signature is forgery.\n"));
}
switch( (trustlevel & TRUST_MASK) ) {
case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
rc = insert_trust_record( pk );
if( rc ) {
log_error("failed to insert it into the trustdb: %s\n",
g10_errstr(rc) );
goto leave;
}
rc = check_trust( pk, &trustlevel );
if( rc )
log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) );
if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED )
BUG();
goto retry;
case TRUST_EXPIRED:
log_info(_("Note: This key has expired!\n"));
break;
case TRUST_UNDEFINED:
if( dont_try || opt.batch || opt.answer_no ) {
write_status( STATUS_TRUST_UNDEFINED );
log_info(_(
"WARNING: This key is not certified with a trusted signature!\n"));
log_info(_(
" There is no indication that the "
"signature belongs to the owner.\n" ));
}
else {
rc = add_ownertrust( pk );
if( rc ) {
dont_try = 1;
rc = 0;
}
goto retry;
}
break;
case TRUST_NEVER:
write_status( STATUS_TRUST_NEVER );
log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n"));
rc = G10ERR_BAD_SIGN;
break;
case TRUST_MARGINAL:
write_status( STATUS_TRUST_MARGINAL );
log_info(_(
"WARNING: This key is not certified with enough trusted signatures!\n"
));
log_info(_(
" It is not certain that the signature belongs to the owner.\n"
));
break;
case TRUST_FULLY:
write_status( STATUS_TRUST_FULLY );
break;
case TRUST_ULTIMATE:
write_status( STATUS_TRUST_ULTIMATE );
break;
default: BUG();
}
leave:
free_public_key( pk );
return rc;
}
void
release_pk_list( PK_LIST pk_list )
{

2
g10/sig-check.c
View file

@ -158,7 +158,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
}
if( pk->timestamp > sig->timestamp )
return G10ERR_TIME_CONFLICT; /* pubkey newer that signature */
return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */
cur_time = make_timestamp();
if( pk->timestamp > cur_time ) {

6
g10/status.c
View file

@ -54,10 +54,16 @@ write_status_text( int no, const char *text)
case STATUS_ABORT : s = "ABORT\n"; break;
case STATUS_GOODSIG: s = "GOODSIG\n"; break;
case STATUS_SIGEXPIRED: s = "SIGEXPIRED\n"; break;
case STATUS_KEYREVOKED: s = "KEYREVOKED\n"; break;
case STATUS_BADSIG : s = "BADSIG\n"; break;
case STATUS_ERRSIG : s = "ERRSIG\n"; break;
case STATUS_BADARMOR : s = "BADARMOR\n"; break;
case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA\n"; break;
case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED\n"; break;
case STATUS_TRUST_NEVER : s = "TRUST_NEVER\n"; break;
case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL\n"; break;
case STATUS_TRUST_FULLY : s = "TRUST_FULLY\n"; break;
case STATUS_TRUST_ULTIMATE : s = "TRUST_ULTIMATE\n"; break;
default: s = "?\n"; break;
}

9
g10/status.h
View file

@ -34,6 +34,15 @@
#define STATUS_RSA_OR_IDEA 8
#define STATUS_SIGEXPIRED 9
#define STATUS_KEYREVOKED 10
#define STATUS_TRUST_UNDEFINED 11
#define STATUS_TRUST_NEVER 12
#define STATUS_TRUST_MARGINAL 13
#define STATUS_TRUST_FULLY 14
#define STATUS_TRUST_ULTIMATE 15
/*-- status.c --*/
void set_status_fd( int fd );

518
g10/tdbio.c Normal file
View file

@ -0,0 +1,518 @@
/* tdbio.c
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include "errors.h"
#include "iobuf.h"
#include "memory.h"
#include "util.h"
#include "options.h"
#include "main.h"
#include "i18n.h"
#include "trustdb.h"
#include "tdbio.h"
static char *db_name;
static int db_fd = -1;
static void create_db( const char *fname );
static void open_db(void);
/**************************************************
************** read and write helpers ************
**************************************************/
static void
fwrite_8(FILE *fp, byte a)
{
if( putc( a & 0xff, fp ) == EOF )
log_fatal("error writing byte to trustdb: %s\n", strerror(errno) );
}
static void
fwrite_32( FILE*fp, ulong a)
{
putc( (a>>24) & 0xff, fp );
putc( (a>>16) & 0xff, fp );
putc( (a>> 8) & 0xff, fp );
if( putc( a & 0xff, fp ) == EOF )
log_fatal("error writing ulong to trustdb: %s\n", strerror(errno) );
}
static void
fwrite_zeros( FILE *fp, size_t n)
{
while( n-- )
if( putc( 0, fp ) == EOF )
log_fatal("error writing zeros to trustdb: %s\n", strerror(errno) );
}
/**************************************************
************** read and write stuff **************
**************************************************/
int
tdbio_set_dbname( const char *new_dbname, int create )
{
char *fname;
fname = new_dbname? m_strdup( new_dbname )
: make_filename(opt.homedir, "trustdb.gpg", NULL );
if( access( fname, R_OK ) ) {
if( errno != ENOENT ) {
log_error_f( fname, _("can't access: %s\n"), strerror(errno) );
m_free(fname);
return G10ERR_TRUSTDB;
}
if( create ) {
char *p = strrchr( fname, '/' );
assert(p);
*p = 0;
if( access( fname, F_OK ) ) {
if( strlen(fname) >= 7
&& !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) {
#if __MINGW32__
if( mkdir( fname ) )
#else
if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) )
#endif
log_fatal_f( fname, _("can't create directory: %s\n"),
strerror(errno) );
}
else
log_fatal_f(fname, _("directory does not exist!\n") );
}
*p = '/';
create_db( fname );
}
}
m_free(db_name);
db_name = fname;
return 0;
}
const char *
tdbio_get_dbname()
{
return db_name;
}
/****************
* Create a new trustdb
*/
static void
create_db( const char *fname )
{
FILE *fp;
fp =fopen( fname, "w" );
if( !fp )
log_fatal_f( fname, _("can't create %s: %s\n"), strerror(errno) );
fwrite_8( fp, 1 );
fwrite_8( fp, 'g' );
fwrite_8( fp, 'p' );
fwrite_8( fp, 'g' );
fwrite_8( fp, 1 ); /* version */
fwrite_zeros( fp, 3 ); /* reserved */
fwrite_32( fp, 0 ); /* not locked */
fwrite_32( fp, make_timestamp() ); /* created */
fwrite_32( fp, 0 ); /* not yet modified */
fwrite_32( fp, 0 ); /* not yet validated*/
fwrite_32( fp, 0 ); /* reserved */
fwrite_8( fp, 3 ); /* marginals needed */
fwrite_8( fp, 1 ); /* completes needed */
fwrite_8( fp, 4 ); /* max_cet_depth */
fwrite_zeros( fp, 9 ); /* filler */
fclose(fp);
}
static void
open_db()
{
TRUSTREC rec;
assert( db_fd == -1 );
db_fd = open( db_name, O_RDWR );
if( db_fd == -1 )
log_fatal_f( db_name, _("can't open: %s\n"), strerror(errno) );
if( tdbio_read_record( 0, &rec, RECTYPE_VER ) )
log_fatal_f( db_name, _("invalid trust-db\n") );
/* fixme: check ->locked and other stuff */
}
void
tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
{
int i, any;
fprintf(fp, "rec %5lu, type=", rnum );
switch( rec->rectype ) {
case 0: fprintf(fp, "free\n");
break;
case RECTYPE_VER: fprintf(fp, "version\n");
break;
case RECTYPE_DIR:
fprintf(fp, "dir keyid=%08lX, key=%lu, ctl=%lu, sig=%lu",
(ulong)rec->r.dir.keyid[1],
rec->r.dir.keyrec, rec->r.dir.ctlrec, rec->r.dir.sigrec );
if( rec->r.dir.no_sigs == 1 )
fputs(", (none)", fp );
else if( rec->r.dir.no_sigs == 2 )
fputs(", (invalid)", fp );
else if( rec->r.dir.no_sigs == 3 )
fputs(", (revoked)", fp );
else if( rec->r.dir.no_sigs )
fputs(", (??)", fp );
putc('\n', fp);
break;
case RECTYPE_KEY: fprintf(fp,
"key %08lX, own=%lu, ownertrust=%02x, fl=%d\n",
(ulong)rec->r.key.keyid[1],
rec->r.key.owner, rec->r.key.ownertrust,
rec->r.key.fingerprint_len );
break;
case RECTYPE_UID:
if( !rec->r.uid.subtype )
fprintf(fp,
"uid %02x%02x, owner=%lu, chain=%lu, pref=%lu, otr=%02x\n",
rec->r.uid.namehash[18], rec->r.uid.namehash[19],
rec->r.uid.owner, rec->r.uid.chain, (ulong)rec->r.uid.prefrec,
rec->r.uid.ownertrust );
else
fprintf(fp,
"uid subtype%d, owner=%lu, chain=%lu\n",
rec->r.uid.subtype, rec->r.uid.owner, rec->r.uid.chain);
break;
case RECTYPE_CTL: fprintf(fp, "ctl\n");
break;
case RECTYPE_SIG:
fprintf(fp, "sigrec, owner=%lu, chain=%lu\n",
rec->r.sig.owner, rec->r.sig.chain );
for(i=any=0; i < SIGS_PER_RECORD; i++ ) {
if( rec->r.sig.sig[i].local_id ) {
if( !any ) {
putc('\t', fp);
any++;
}
fprintf(fp, " %lu:%02x", rec->r.sig.sig[i].local_id,
rec->r.sig.sig[i].flag );
}
}
if( any )
putc('\n', fp);
break;
default:
fprintf(fp, "%d (unknown)\n", rec->rectype );
break;
}
}
/****************
* read the record with number recnum
* returns: -1 on error, 0 on success
*/
int
tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
{
byte buf[TRUST_RECORD_LEN], *p;
int rc = 0;
int n, i;
if( db_fd == -1 )
open_db();
if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
return G10ERR_READ_FILE;
}
n = read( db_fd, buf, TRUST_RECORD_LEN);
if( !n ) {
return -1; /* eof */
}
else if( n != TRUST_RECORD_LEN ) {
log_error(_("trustdb: read failed (n=%d): %s\n"), n, strerror(errno) );
return G10ERR_READ_FILE;
}
p = buf;
rec->rectype = *p++;
if( expected && rec->rectype != expected ) {
log_error("%lu: read expected rec type %d, got %d\n",
recnum, expected, rec->rectype );
return G10ERR_TRUSTDB;
}
p++;
switch( rec->rectype ) {
case 0: /* unused record */
break;
case RECTYPE_VER: /* version record */
/* g10 was the original name */
if( memcmp(buf+1, "gpg", 3 ) && memcmp(buf+1, "g10", 3 ) ) {
log_error_f( db_name, _("not a trustdb file\n") );
rc = G10ERR_TRUSTDB;
}
p += 2; /* skip magic */
rec->r.ver.version = *p++;
rec->r.ver.locked = buftoulong(p); p += 4;
rec->r.ver.created = buftoulong(p); p += 4;
rec->r.ver.modified = buftoulong(p); p += 4;
rec->r.ver.validated= buftoulong(p); p += 4;
rec->r.ver.marginals_needed = *p++;
rec->r.ver.completes_needed = *p++;
rec->r.ver.max_cert_depth = *p++;
if( recnum ) {
log_error_f( db_name, "version record with recnum %lu\n",
(ulong)recnum );
rc = G10ERR_TRUSTDB;
}
if( rec->r.ver.version != 1 ) {
log_error_f( db_name, "invalid file version %d\n",
rec->r.ver.version );
rc = G10ERR_TRUSTDB;
}
break;
case RECTYPE_DIR: /*directory record */
rec->r.dir.local_id = buftoulong(p); p += 4;
rec->r.dir.keyid[0] = buftou32(p); p += 4;
rec->r.dir.keyid[1] = buftou32(p); p += 4;
rec->r.dir.keyrec = buftoulong(p); p += 4;
rec->r.dir.ctlrec = buftoulong(p); p += 4;
rec->r.dir.sigrec = buftoulong(p); p += 4;
rec->r.dir.no_sigs = *p++;
if( rec->r.dir.local_id != recnum ) {
log_error_f( db_name, "dir local_id != recnum (%lu,%lu)\n",
(ulong)rec->r.dir.local_id,
(ulong)recnum );
rc = G10ERR_TRUSTDB;
}
break;
case RECTYPE_KEY: /* public key record */
rec->r.key.owner = buftoulong(p); p += 4;
rec->r.dir.keyid[0] = buftou32(p); p += 4;
rec->r.dir.keyid[1] = buftou32(p); p += 4;
rec->r.key.pubkey_algo = *p++;
rec->r.key.fingerprint_len = *p++;
if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
rec->r.key.fingerprint_len = 20;
memcpy( rec->r.key.fingerprint, p, 20); p += 20;
rec->r.key.ownertrust = *p++;
break;
case RECTYPE_CTL: /* control record */
rec->r.ctl.owner = buftoulong(p); p += 4;
memcpy(rec->r.ctl.blockhash, p, 20); p += 20;
rec->r.ctl.trustlevel = *p++;
break;
case RECTYPE_SIG:
rec->r.sig.owner = buftoulong(p); p += 4;
rec->r.sig.chain = buftoulong(p); p += 4;
for(i=0; i < SIGS_PER_RECORD; i++ ) {
rec->r.sig.sig[i].local_id = buftoulong(p); p += 4;
rec->r.sig.sig[i].flag = *p++;
}
break;
default:
log_error_f( db_name, "invalid record type %d at recnum %lu\n",
rec->rectype, (ulong)recnum );
rc = G10ERR_TRUSTDB;
break;
}
return rc;
}
/****************
* Write the record at RECNUM
*/
int
tdbio_write_record( ulong recnum, TRUSTREC *rec )
{
byte buf[TRUST_RECORD_LEN], *p;
int rc = 0;
int i, n;
if( db_fd == -1 )
open_db();
memset(buf, 0, TRUST_RECORD_LEN);
p = buf;
*p++ = rec->rectype; p++;
switch( rec->rectype ) {
case 0: /* unused record */
break;
case 1: /* version record */
BUG();
break;
case RECTYPE_DIR: /*directory record */
ulongtobuf(p, rec->r.dir.local_id); p += 4;
u32tobuf(p, rec->r.key.keyid[0]); p += 4;
u32tobuf(p, rec->r.key.keyid[1]); p += 4;
ulongtobuf(p, rec->r.dir.keyrec); p += 4;
ulongtobuf(p, rec->r.dir.ctlrec); p += 4;
ulongtobuf(p, rec->r.dir.sigrec); p += 4;
*p++ = rec->r.dir.no_sigs;
assert( rec->r.dir.local_id == recnum );
break;
case RECTYPE_KEY:
ulongtobuf(p, rec->r.key.owner); p += 4;
u32tobuf(p, rec->r.key.keyid[0]); p += 4;
u32tobuf(p, rec->r.key.keyid[1]); p += 4;
*p++ = rec->r.key.pubkey_algo;
*p++ = rec->r.key.fingerprint_len;
memcpy( p, rec->r.key.fingerprint, 20); p += 20;
*p++ = rec->r.key.ownertrust;
break;
case RECTYPE_CTL: /* control record */
ulongtobuf(p, rec->r.ctl.owner); p += 4;
memcpy(p, rec->r.ctl.blockhash, 20); p += 20;
*p++ = rec->r.ctl.trustlevel;
break;
case RECTYPE_SIG:
ulongtobuf(p, rec->r.sig.owner); p += 4;
ulongtobuf(p, rec->r.sig.chain); p += 4;
for(i=0; i < SIGS_PER_RECORD; i++ ) {
ulongtobuf(p, rec->r.sig.sig[i].local_id); p += 4;
*p++ = rec->r.sig.sig[i].flag;
}
break;
default:
BUG();
}
if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
return G10ERR_WRITE_FILE;
}
n = write( db_fd, buf, TRUST_RECORD_LEN);
if( n != TRUST_RECORD_LEN ) {
log_error(_("trustdb: write failed (n=%d): %s\n"), n, strerror(errno) );
return G10ERR_WRITE_FILE;
}
return rc;
}
/****************
* create a new record and return its record number
*/
ulong
tdbio_new_recnum()
{
off_t offset;
ulong recnum;
TRUSTREC rec;
int rc;
/* fixme: look for unused records */
offset = lseek( db_fd, 0, SEEK_END );
if( offset == -1 )
log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) );
recnum = offset / TRUST_RECORD_LEN;
assert(recnum); /* this is will never be the first record */
/* we must write a record, so that the next call to this function
* returns another recnum */
memset( &rec, 0, sizeof rec );
rec.rectype = 0; /* free record */
rc = tdbio_write_record(recnum, &rec );
if( rc )
log_fatal_f(db_name,_("failed to append a record: %s\n"),
g10_errstr(rc));
return recnum ;
}
/****************
* Search the trustdb for a key which matches PK and return the dir record
* The local_id of PK is set to the correct value
*
* Note: To increase performance, we could use a index search here.
*/
int
tdbio_search_record( PKT_public_key *pk, TRUSTREC *rec )
{
ulong recnum;
u32 keyid[2];
byte *fingerprint;
size_t fingerlen;
int rc;
keyid_from_pk( pk, keyid );
fingerprint = fingerprint_from_pk( pk, &fingerlen );
assert( fingerlen == 20 || fingerlen == 16 );
for(recnum=1; !(rc=tdbio_read_record( recnum, rec, 0)); recnum++ ) {
if( rec->rectype != RECTYPE_DIR )
continue;
if( rec->r.dir.keyid[0] == keyid[0]
&& rec->r.dir.keyid[1] == keyid[1]){
TRUSTREC keyrec;
if( tdbio_read_record( rec->r.dir.keyrec, &keyrec, RECTYPE_KEY ) ) {
log_error("%lu: ooops: invalid key record\n", recnum );
break;
}
if( keyrec.r.key.pubkey_algo == pk->pubkey_algo
&& !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){
if( pk->local_id && pk->local_id != recnum )
log_error_f(db_name,
"found record, but local_id from memory does "
"not match recnum (%lu,%lu)\n",
(ulong)pk->local_id, (ulong)recnum );
pk->local_id = recnum;
return 0;
}
}
}
if( rc != -1 )
log_error_f( db_name, _("search_db failed: %s\n"), g10_errstr(rc) );
return rc;
}

150
g10/tdbio.h Normal file
View file

@ -0,0 +1,150 @@
/* tdbio.h - Trust database I/O functions
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef G10_TDBIO_H
#define G10_TDBIO_H
#define TRUST_RECORD_LEN 40
#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5)
#define ITEMS_PER_HTBL_RECORD ((TRUST_RECORD_LEN-2)/4)
#define ITEMS_PER_HLST_RECORD ((TRUST_RECORD_LEN-6)/5)
#define MAX_LIST_SIGS_DEPTH 20
#define RECTYPE_VER 1
#define RECTYPE_DIR 2
#define RECTYPE_KEY 3
#define RECTYPE_CTL 4
#define RECTYPE_SIG 5
#define RECTYPE_HTBL 6
#define RECTYPE_HLST 7
#define RECTYPE_UID 8
struct trust_record {
int rectype;
union {
struct { /* version record: */
byte version; /* should be 1 */
ulong locked; /* pid of process which holds a lock */
ulong created; /* timestamp of trustdb creation */
ulong modified; /* timestamp of last modification */
ulong validated; /* timestamp of last validation */
byte marginals_needed;
byte completes_needed;
byte max_cert_depth;
} ver;
struct { /* directory record */
ulong local_id;
u32 keyid[2];
ulong keyrec; /* recno of primary public key record */
ulong ctlrec; /* recno of control record */
ulong sigrec; /* recno of first signature record (osolete) */
ulong uidrec; /* recno of first user-id record */
ulong link; /* to next dir record */
byte no_sigs; /* does not have sigature and checked */
} dir;
struct { /* primary public key record */
ulong owner;
u32 keyid[2];
byte pubkey_algo;
byte fingerprint_len;
byte fingerprint[20];
byte ownertrust;
} key;
struct { /* user id reord */
ulong owner; /* point back to the directory record */
ulong chain; /* points to next user id record */
byte subtype; /* must be 0 */
byte namehash[20]; /* ripemd hash of the username */
byte ownertrust;
u32 prefrec; /* recno of reference record */
} uid;
struct { /* control record */
ulong owner;
byte blockhash[20];
byte trustlevel; /* calculated trustlevel */
} ctl;
struct { /* signature record */
ulong owner; /* local_id of record owner (pubkey record) */
ulong chain; /* offset of next record or NULL for last one */
struct {
ulong local_id; /* of pubkey record of signator (0=unused) */
byte flag; /* reserved */
} sig[SIGS_PER_RECORD];
} sig;
struct {
ulong item[ITEMS_PER_HTBL_RECORD];
} htbl;
struct {
ulong chain;
struct {
byte hash;
ulong rnum;
} item[ITEMS_PER_HLST_RECORD];
} hlst;
} r;
};
typedef struct trust_record TRUSTREC;
typedef struct {
ulong local_id; /* localid of the pubkey */
ulong sigrec;
ulong sig_id; /* returned signature id */
unsigned sig_flag; /* returned signature record flag */
struct { /* internal data */
int init_done;
int eof;
TRUSTREC rec;
int index;
} ctl;
} SIGREC_CONTEXT;
/*-- tdbio.c --*/
int tdbio_set_dbname( const char *new_dbname, int create );
const char *tdbio_get_dbname(void);
void tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
int tdbio_write_record( ulong recnum, TRUSTREC *rec );
ulong tdbio_new_recnum(void);
int tdbio_search_record( PKT_public_key *pk, TRUSTREC *rec );
#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \
(*((byte*)(p)+2) << 8) | (*((byte*)(p)+3)))
#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1)))
#define ulongtobuf( p, a ) do { \
((byte*)p)[0] = a >> 24; \
((byte*)p)[1] = a >> 16; \
((byte*)p)[2] = a >> 8; \
((byte*)p)[3] = a ; \
} while(0)
#define ushorttobuf( p, a ) do { \
((byte*)p)[0] = a >> 8; \
((byte*)p)[1] = a ; \
} while(0)
#define buftou32( p) buftoulong( (p) )
#define u32tobuf( p, a) ulongtobuf( (p), (a) )
#endif /*G10_TDBIO_H*/

744
g10/trustdb.c
View file

File diff suppressed because it is too large Load diff