security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

fixed severe exploit

Browse Source
This commit is contained in:
Werner Koch 1998-07-09 13:37:17 +00:00
parent 5aed77d1db
commit e143f23c23
29 changed files with 1272 additions and 829 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
NEWS
View File

@ -1,3 +1,15 @@
Noteworthy changes in version 0.3.2
-----------------------------------
* Fixed some bugs when using --textmode (-seat)
* Now displays the trust status of a positive verified message.
* Keyrings are now scanned in the sequence they are added with
--[secret-]keyring. Note that the default keyring is implictly
added as the very first one unless --no-default-keyring is used.
* Fixed setuid and dlopen bug.
Noteworthy changes in version 0.3.1
-----------------------------------
* Partial headers are now written in the OpenPGP format if

6
TODO
View File

@ -1,4 +1,10 @@
* clearsig of zero length files does not work
* Change the inernal represenation of keyid into a struct which
can also hold the localid
* add option --restore-ownertrust
* always put key signatures before the first subkey.

2
VERSION
View File

@ -1 +1 @@
0.3.1a
0.3.2

9
cipher/ChangeLog
View File

@ -1,3 +1,12 @@
Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de)
* dynload.c (load_extension): Function now nbails out if
the program is run setuid.
Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de)
* rmd160.c (rmd160_hash_buffer): New.
Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de)
* cipher.c (cipher_open): algos >=100 use standard CFB

5
cipher/dynload.c
View File

@ -22,6 +22,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_DL_DLOPEN
#include <dlfcn.h>
#endif
@ -109,7 +110,11 @@ load_extension( EXTLIST el )
int seq = 0;
int class, vers;
/* make sure we are not setuid */
if( getuid() != geteuid() )
log_bug("trying to load an extension while still setuid\n");
/* now that we are not setuid anymore, we can safely load modules */
el->handle = dlopen(el->name, RTLD_NOW);
if( !el->handle ) {
log_error("%s: error loading extension: %s\n", el->name, dlerror() );

20
cipher/rmd160.c
View File

@ -26,7 +26,7 @@
#include "util.h"
#include "memory.h"
#include "rmd.h"
#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
/*********************************
* RIPEMD-160 is not patented, see (as of 25.10.97)
@ -530,6 +530,24 @@ rmd160_read( RMD160_CONTEXT *hd )
return hd->buf;
}
/****************
* Shortcut functions which puts the hash value of the supplied buffer
* into outbuf which must have a size of 20 bytes.
*/
void
rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )
{
RMD160_CONTEXT hd;
rmd160_init( &hd );
rmd160_write( &hd, (byte*)buffer, length );
rmd160_final( &hd );
memcpy( outbuf, hd.buf, 20 );
}
/****************
* Return some information about the algorithm. We need algo here to
* distinguish different flavors of the algorithm.

27
doc/DETAILS
View File

@ -84,18 +84,18 @@ Record type 2: (directory record)
1 byte reserved
8 bytes keyid (We keep it here to speed up searching by keyid)
1 u32 Local-Id. This is simply the record number of this record.
1 u32 pubkey (record number of it)
1 u32 primary public key (record number of it)
1 u32 cache record
1 u32 sigrecord
1 byte No signatures flag (used to avoid duplicate building).
3 byte reserved
1 u32 preference record
1 u32 userid record
6 byte reserved
Record type 3:
--------------
Informations about a public key certificate.
Informations about a primary public key.
These are static values which are never changed without user interaction.
1 byte value 3
@ -107,7 +107,7 @@ Record type 3:
1 byte pubkey algorithm
1 byte length of the fingerprint (in bytes)
20 bytes fingerprint of the public key
1 byte ownertrust:
1 byte ownertrust if there is no trust defined for the userid:
3 byte reserved
@ -207,6 +207,25 @@ Record type 7 (hash list)
For the current record length of 40, n is 6
Record type 8: (userid)
--------------
Informations about a userid
We do not store the userid but the hash value of the userid because that
is sufficient.
1 byte value 8
1 byte reserved
1 u32 owner; points to the directory record.
1 u32 next userid
1 byte subtype: 0 = a real user id
1 = not a real userid, but a "dummy" user of length 0
which is used to represent stuff that is directly
bound to the key.
20 bytes ripemd160 hash of the username.
1 u32 pointer to preference record
1 byte ownertrust
4 byte reserved
Packet Headers

17
g10/ChangeLog
View File

@ -1,3 +1,20 @@
Thu Jul 9 14:52:47 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (build_list): Now drops setuid.
(main): Changed the way keyrings and algorithms are registered .
Wed Jul 8 14:17:30 1998 Werner Koch (wk@isil.d.shuttle.de)
* packet.h (PKT_public_key): Add field keyid.
* parse-packet.c (parse_key): Reset the above field.
* keyid.c (keyid_from_pk): Use above field as cache.
* tdbio.c, tdbio.h: New
* trustdb.c: Moved some functions to tdbio.c.
(print_keyid): New.
* pkclist.c (check_signatures_trust): New.
Wed Jul 8 10:45:28 1998 Werner Koch (wk@isil.d.shuttle.de)
* plaintext.c (special_md_putc): New.

2
g10/Makefile.am
View File

@ -32,6 +32,8 @@ common_source = \
keyid.c \
trustdb.c \
trustdb.h \
tdbio.c \
tdbio.h \
pref.h \
pref.c \
packet.h \

45
g10/g10.c
View File

@ -182,6 +182,7 @@ enum cmd_values { aNull = 0,
aDeArmor, aEnArmor, aGenRandom,
aTest };
static int maybe_setuid = 1;
static char *build_list( const char *text,
const char *(*mapf)(int), int (*chkf)(int) );
@ -264,6 +265,9 @@ build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) )
size_t n=strlen(text)+2;
char *list, *p;
if( maybe_setuid )
secmem_init( 0 ); /* drop setuid */
for(i=1; i < 110; i++ )
if( !chkf(i) && (s=mapf(i)) )
n += strlen(s) + 2;
@ -381,7 +385,7 @@ main( int argc, char **argv )
char **orig_argv;
const char *fname;
STRLIST sl, remusr= NULL, locusr=NULL;
int nrings=0, sec_nrings=0;
STRLIST nrings=NULL, sec_nrings=NULL;
armor_filter_context_t afx;
int detached_sig = 0;
FILE *configfp = NULL;
@ -394,10 +398,13 @@ main( int argc, char **argv )
int greeting = 1;
enum cmd_values cmd = 0;
const char *trustdb_name = NULL;
char *def_cipher_string = NULL;
char *def_digest_string = NULL;
trap_unaligned();
#ifdef IS_G10MAINT
secmem_init( 0 ); /* disable use of secmem */
maybe_setuid = 0;
log_set_name("gpgm");
#else
/* Please note that we may running SUID(ROOT), so be very CAREFUL
@ -509,12 +516,8 @@ main( int argc, char **argv )
case 523: set_passphrase_fd( pargs.r.ret_int ); break;
case 524: set_cmd( &cmd, aEditKey); break;
case 525: set_cmd( &cmd, aChangePass); break;
case 527:
opt.def_cipher_algo = string_to_cipher_algo(pargs.r.ret_str);
break;
case 529:
opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str);
break;
case 527: def_cipher_string = m_strdup(pargs.r.ret_str); break;
case 529: def_digest_string = m_strdup(pargs.r.ret_str); break;
case 539: set_cmd( &cmd, aClearsign); break;
case 540: secmem_set_flags( secmem_get_flags() | 1 ); break;
case 542: set_cmd( &cmd, aGenRevoke); break;
@ -548,12 +551,12 @@ main( int argc, char **argv )
case 501: opt.answer_yes = 1; break;
case 502: opt.answer_no = 1; break;
case 508: set_cmd( &cmd, aCheckKeys); break;
case 509: add_keyring(pargs.r.ret_str); nrings++; break;
case 509: append_to_strlist( &nrings, pargs.r.ret_str); break;
case 510: opt.debug |= pargs.r.ret_ulong; break;
case 511: opt.debug = ~0; break;
case 512: set_status_fd( pargs.r.ret_int ); break;
case 515: opt.fingerprint = 1; break;
case 517: add_secret_keyring(pargs.r.ret_str); sec_nrings++; break;
case 517: append_to_strlist( &sec_nrings, pargs.r.ret_str); break;
case 518:
/* config files may not be nested (silently ignore them) */
if( !configfp ) {
@ -603,7 +606,6 @@ main( int argc, char **argv )
goto next_pass;
}
m_free( configname ); configname = NULL;
check_opts();
if( log_get_errorcount(0) )
g10_exit(2);
@ -615,12 +617,28 @@ main( int argc, char **argv )
#ifdef IS_G10
/* initialize the secure memory. */
secmem_init( 16384 );
maybe_setuid = 0;
/* Okay, we are now working under our real uid */
#endif
/*write_status( STATUS_ENTER );*/
set_debug();
/* must do this after dropping setuid, because string_to...
* may try to load an module */
if( def_cipher_string ) {
opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
m_free(def_cipher_string); def_cipher_string = NULL;
}
if( def_digest_string ) {
opt.def_digest_algo = string_to_digest_algo(def_digest_string);
m_free(def_digest_string); def_digest_string = NULL;
}
check_opts();
if( log_get_errorcount(0) )
g10_exit(2);
if( !cmd && opt.fingerprint )
set_cmd( &cmd, aListKeys);
@ -651,11 +669,18 @@ main( int argc, char **argv )
* not in case of "-kvv userid keyring" */
if( cmd != aDeArmor && cmd != aEnArmor
&& !(cmd == aKMode && argc == 2 ) ) {
if( !sec_nrings || default_keyring ) /* add default secret rings */
add_secret_keyring("secring.gpg");
for(sl = sec_nrings; sl; sl = sl->next )
add_secret_keyring( sl->d );
if( !nrings || default_keyring ) /* add default ring */
add_keyring("pubring.gpg");
for(sl = nrings; sl; sl = sl->next )
add_keyring( sl->d );
}
FREE_STRLIST(nrings);
FREE_STRLIST(sec_nrings);
if( argc )
fname = *argv;

9
g10/getkey.c
View File

@ -759,6 +759,15 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
size_t an;
byte *afp = fingerprint_from_pk(
k->pkt->pkt.public_key, &an );
if( DBG_CACHE ) {
u32 aki[2];
keyid_from_pk( k->pkt->pkt.public_key, aki );
log_debug(" aki=%08lx%08lx algo=%d mode=%d an=%u\n",
(ulong)aki[0], (ulong)aki[1],
k->pkt->pkt.public_key->pubkey_algo,
mode, an );
}
if( an == mode && !memcmp( afp, name, an)
&& ( !pk->pubkey_algo
|| pk->pubkey_algo

1
g10/keydb.h
View File

@ -86,6 +86,7 @@ struct pubkey_find_info {
/*-- pkclist.c --*/
int check_signatures_trust( PKT_signature *sig );
void release_pk_list( PK_LIST pk_list );
int build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage );

11
g10/keyid.c
View File

@ -161,9 +161,16 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
if( !keyid )
keyid = dummy_keyid;
if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
if( pk->keyid[0] || pk->keyid[1] ) {
keyid[0] = pk->keyid[0];
keyid[1] = pk->keyid[1];
lowbits = keyid[1];
}
else if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
lowbits = pubkey_get_npkey(pk->pubkey_algo) ?
mpi_get_keyid( pk->pkey[0], keyid ) : 0 ; /* from n */
pk->keyid[0] = keyid[0];
pk->keyid[1] = keyid[1];
}
else {
const byte *dp;
@ -174,6 +181,8 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
lowbits = keyid[1];
md_close(md);
pk->keyid[0] = keyid[0];
pk->keyid[1] = keyid[1];
}
return lowbits;

2
g10/mainproc.c
View File

@ -837,6 +837,8 @@ check_sig_and_print( CTX c, KBNODE node )
print_keyid( stderr, sig->keyid );
putc('\"', stderr);
putc('\n', stderr);
if( !rc )
rc = check_signatures_trust( sig );
if( opt.batch && rc )
g10_exit(1);
}

1
g10/packet.h
View File

@ -111,6 +111,7 @@ typedef struct {
byte pubkey_algo; /* algorithm used for public key scheme */
byte pubkey_usage; /* for now only used to pass it to getkey() */
ulong local_id; /* internal use, valid if > 0 */
u32 keyid[2]; /* calculated by keyid_from_pk() */
MPI pkey[PUBKEY_MAX_NPKEY];
} PKT_public_key;

2
g10/parse-packet.c
View File

@ -946,6 +946,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
pk->version = version;
pk->pubkey_algo = algorithm;
pk->pubkey_usage = 0; /* not yet used */
pk->keyid[0] = 0;
pk->keyid[1] = 0;
}
nskey = pubkey_get_nskey( algorithm );
npkey = pubkey_get_npkey( algorithm );

111
g10/pkclist.c
View File

@ -33,6 +33,7 @@
#include "util.h"
#include "trustdb.h"
#include "ttyio.h"
#include "status.h"
#include "i18n.h"
/****************
@ -57,7 +58,7 @@ query_ownertrust( ulong lid )
pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc ) {
log_error("keyid %08lX: pubkey not found: %s\n",
log_error("key %08lX: public key not found: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
return 0;
}
@ -282,6 +283,114 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel )
}
/****************
* Check whether we can trust this signature.
* Returns: Error if we shall not trust this signatures.
*/
int
check_signatures_trust( PKT_signature *sig )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int trustlevel;
int dont_try = 0;
int rc=0;
rc = get_pubkey( pk, sig->keyid );
if( rc ) { /* this should not happen */
log_error("Ooops; the key vanished - can't check the trust\n");
rc = G10ERR_NO_PUBKEY;
goto leave;
}
retry:
rc = check_trust( pk, &trustlevel );
if( rc ) {
log_error("check trust failed: %s\n", g10_errstr(rc));
goto leave;
}
if( (trustlevel & TRUST_FLAG_REVOKED) ) {
write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This key has been revoked by its owner!\n"));
log_info(_(" This could mean that the signature is forgery.\n"));
}
switch( (trustlevel & TRUST_MASK) ) {
case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
rc = insert_trust_record( pk );
if( rc ) {
log_error("failed to insert it into the trustdb: %s\n",
g10_errstr(rc) );
goto leave;
}
rc = check_trust( pk, &trustlevel );
if( rc )
log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) );
if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED )
BUG();
goto retry;
case TRUST_EXPIRED:
log_info(_("Note: This key has expired!\n"));
break;
case TRUST_UNDEFINED:
if( dont_try || opt.batch || opt.answer_no ) {
write_status( STATUS_TRUST_UNDEFINED );
log_info(_(
"WARNING: This key is not certified with a trusted signature!\n"));
log_info(_(
" There is no indication that the "
"signature belongs to the owner.\n" ));
}
else {
rc = add_ownertrust( pk );
if( rc ) {
dont_try = 1;
rc = 0;
}
goto retry;
}
break;
case TRUST_NEVER:
write_status( STATUS_TRUST_NEVER );
log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n"));
rc = G10ERR_BAD_SIGN;
break;
case TRUST_MARGINAL:
write_status( STATUS_TRUST_MARGINAL );
log_info(_(
"WARNING: This key is not certified with enough trusted signatures!\n"
));
log_info(_(
" It is not certain that the signature belongs to the owner.\n"
));
break;
case TRUST_FULLY:
write_status( STATUS_TRUST_FULLY );
break;
case TRUST_ULTIMATE:
write_status( STATUS_TRUST_ULTIMATE );
break;
default: BUG();
}
leave:
free_public_key( pk );
return rc;
}
void
release_pk_list( PK_LIST pk_list )
{

2
g10/sig-check.c
View File

@ -158,7 +158,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
}
if( pk->timestamp > sig->timestamp )
return G10ERR_TIME_CONFLICT; /* pubkey newer that signature */
return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */
cur_time = make_timestamp();
if( pk->timestamp > cur_time ) {

6
g10/status.c
View File

@ -54,10 +54,16 @@ write_status_text( int no, const char *text)
case STATUS_ABORT : s = "ABORT\n"; break;
case STATUS_GOODSIG: s = "GOODSIG\n"; break;
case STATUS_SIGEXPIRED: s = "SIGEXPIRED\n"; break;
case STATUS_KEYREVOKED: s = "KEYREVOKED\n"; break;
case STATUS_BADSIG : s = "BADSIG\n"; break;
case STATUS_ERRSIG : s = "ERRSIG\n"; break;
case STATUS_BADARMOR : s = "BADARMOR\n"; break;
case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA\n"; break;
case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED\n"; break;
case STATUS_TRUST_NEVER : s = "TRUST_NEVER\n"; break;
case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL\n"; break;
case STATUS_TRUST_FULLY : s = "TRUST_FULLY\n"; break;
case STATUS_TRUST_ULTIMATE : s = "TRUST_ULTIMATE\n"; break;
default: s = "?\n"; break;
}

9
g10/status.h
View File

@ -34,6 +34,15 @@
#define STATUS_RSA_OR_IDEA 8
#define STATUS_SIGEXPIRED 9
#define STATUS_KEYREVOKED 10
#define STATUS_TRUST_UNDEFINED 11
#define STATUS_TRUST_NEVER 12
#define STATUS_TRUST_MARGINAL 13
#define STATUS_TRUST_FULLY 14
#define STATUS_TRUST_ULTIMATE 15
/*-- status.c --*/
void set_status_fd( int fd );

518
g10/tdbio.c Normal file
View File

@ -0,0 +1,518 @@
/* tdbio.c
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include "errors.h"
#include "iobuf.h"
#include "memory.h"
#include "util.h"
#include "options.h"
#include "main.h"
#include "i18n.h"
#include "trustdb.h"
#include "tdbio.h"
static char *db_name;
static int db_fd = -1;
static void create_db( const char *fname );
static void open_db(void);
/**************************************************
************** read and write helpers ************
**************************************************/
static void
fwrite_8(FILE *fp, byte a)
{
if( putc( a & 0xff, fp ) == EOF )
log_fatal("error writing byte to trustdb: %s\n", strerror(errno) );
}
static void
fwrite_32( FILE*fp, ulong a)
{
putc( (a>>24) & 0xff, fp );
putc( (a>>16) & 0xff, fp );
putc( (a>> 8) & 0xff, fp );
if( putc( a & 0xff, fp ) == EOF )
log_fatal("error writing ulong to trustdb: %s\n", strerror(errno) );
}
static void
fwrite_zeros( FILE *fp, size_t n)
{
while( n-- )
if( putc( 0, fp ) == EOF )
log_fatal("error writing zeros to trustdb: %s\n", strerror(errno) );
}
/**************************************************
************** read and write stuff **************
**************************************************/
int
tdbio_set_dbname( const char *new_dbname, int create )
{
char *fname;
fname = new_dbname? m_strdup( new_dbname )
: make_filename(opt.homedir, "trustdb.gpg", NULL );
if( access( fname, R_OK ) ) {
if( errno != ENOENT ) {
log_error_f( fname, _("can't access: %s\n"), strerror(errno) );
m_free(fname);
return G10ERR_TRUSTDB;
}
if( create ) {
char *p = strrchr( fname, '/' );
assert(p);
*p = 0;
if( access( fname, F_OK ) ) {
if( strlen(fname) >= 7
&& !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) {
#if __MINGW32__
if( mkdir( fname ) )
#else
if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) )
#endif
log_fatal_f( fname, _("can't create directory: %s\n"),
strerror(errno) );
}
else
log_fatal_f(fname, _("directory does not exist!\n") );
}
*p = '/';
create_db( fname );
}
}
m_free(db_name);
db_name = fname;
return 0;
}
const char *
tdbio_get_dbname()
{
return db_name;
}
/****************
* Create a new trustdb
*/
static void
create_db( const char *fname )
{
FILE *fp;
fp =fopen( fname, "w" );
if( !fp )
log_fatal_f( fname, _("can't create %s: %s\n"), strerror(errno) );
fwrite_8( fp, 1 );
fwrite_8( fp, 'g' );
fwrite_8( fp, 'p' );
fwrite_8( fp, 'g' );
fwrite_8( fp, 1 ); /* version */
fwrite_zeros( fp, 3 ); /* reserved */
fwrite_32( fp, 0 ); /* not locked */
fwrite_32( fp, make_timestamp() ); /* created */
fwrite_32( fp, 0 ); /* not yet modified */
fwrite_32( fp, 0 ); /* not yet validated*/
fwrite_32( fp, 0 ); /* reserved */
fwrite_8( fp, 3 ); /* marginals needed */
fwrite_8( fp, 1 ); /* completes needed */
fwrite_8( fp, 4 ); /* max_cet_depth */
fwrite_zeros( fp, 9 ); /* filler */
fclose(fp);
}
static void
open_db()
{
TRUSTREC rec;
assert( db_fd == -1 );
db_fd = open( db_name, O_RDWR );
if( db_fd == -1 )
log_fatal_f( db_name, _("can't open: %s\n"), strerror(errno) );
if( tdbio_read_record( 0, &rec, RECTYPE_VER ) )
log_fatal_f( db_name, _("invalid trust-db\n") );
/* fixme: check ->locked and other stuff */
}
void
tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
{
int i, any;
fprintf(fp, "rec %5lu, type=", rnum );
switch( rec->rectype ) {
case 0: fprintf(fp, "free\n");
break;
case RECTYPE_VER: fprintf(fp, "version\n");
break;
case RECTYPE_DIR:
fprintf(fp, "dir keyid=%08lX, key=%lu, ctl=%lu, sig=%lu",
(ulong)rec->r.dir.keyid[1],
rec->r.dir.keyrec, rec->r.dir.ctlrec, rec->r.dir.sigrec );
if( rec->r.dir.no_sigs == 1 )
fputs(", (none)", fp );
else if( rec->r.dir.no_sigs == 2 )
fputs(", (invalid)", fp );
else if( rec->r.dir.no_sigs == 3 )
fputs(", (revoked)", fp );
else if( rec->r.dir.no_sigs )
fputs(", (??)", fp );
putc('\n', fp);
break;
case RECTYPE_KEY: fprintf(fp,
"key %08lX, own=%lu, ownertrust=%02x, fl=%d\n",
(ulong)rec->r.key.keyid[1],
rec->r.key.owner, rec->r.key.ownertrust,
rec->r.key.fingerprint_len );
break;
case RECTYPE_UID:
if( !rec->r.uid.subtype )
fprintf(fp,
"uid %02x%02x, owner=%lu, chain=%lu, pref=%lu, otr=%02x\n",
rec->r.uid.namehash[18], rec->r.uid.namehash[19],
rec->r.uid.owner, rec->r.uid.chain, (ulong)rec->r.uid.prefrec,
rec->r.uid.ownertrust );
else
fprintf(fp,
"uid subtype%d, owner=%lu, chain=%lu\n",
rec->r.uid.subtype, rec->r.uid.owner, rec->r.uid.chain);
break;
case RECTYPE_CTL: fprintf(fp, "ctl\n");
break;
case RECTYPE_SIG:
fprintf(fp, "sigrec, owner=%lu, chain=%lu\n",
rec->r.sig.owner, rec->r.sig.chain );
for(i=any=0; i < SIGS_PER_RECORD; i++ ) {
if( rec->r.sig.sig[i].local_id ) {
if( !any ) {
putc('\t', fp);
any++;
}
fprintf(fp, " %lu:%02x", rec->r.sig.sig[i].local_id,
rec->r.sig.sig[i].flag );
}
}
if( any )
putc('\n', fp);
break;
default:
fprintf(fp, "%d (unknown)\n", rec->rectype );
break;
}
}
/****************
* read the record with number recnum
* returns: -1 on error, 0 on success
*/
int
tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
{
byte buf[TRUST_RECORD_LEN], *p;
int rc = 0;
int n, i;
if( db_fd == -1 )
open_db();
if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
return G10ERR_READ_FILE;
}
n = read( db_fd, buf, TRUST_RECORD_LEN);
if( !n ) {
return -1; /* eof */
}
else if( n != TRUST_RECORD_LEN ) {
log_error(_("trustdb: read failed (n=%d): %s\n"), n, strerror(errno) );
return G10ERR_READ_FILE;
}
p = buf;
rec->rectype = *p++;
if( expected && rec->rectype != expected ) {
log_error("%lu: read expected rec type %d, got %d\n",
recnum, expected, rec->rectype );
return G10ERR_TRUSTDB;
}
p++;
switch( rec->rectype ) {
case 0: /* unused record */
break;
case RECTYPE_VER: /* version record */
/* g10 was the original name */
if( memcmp(buf+1, "gpg", 3 ) && memcmp(buf+1, "g10", 3 ) ) {
log_error_f( db_name, _("not a trustdb file\n") );
rc = G10ERR_TRUSTDB;
}
p += 2; /* skip magic */
rec->r.ver.version = *p++;
rec->r.ver.locked = buftoulong(p); p += 4;
rec->r.ver.created = buftoulong(p); p += 4;
rec->r.ver.modified = buftoulong(p); p += 4;
rec->r.ver.validated= buftoulong(p); p += 4;
rec->r.ver.marginals_needed = *p++;
rec->r.ver.completes_needed = *p++;
rec->r.ver.max_cert_depth = *p++;
if( recnum ) {
log_error_f( db_name, "version record with recnum %lu\n",
(ulong)recnum );
rc = G10ERR_TRUSTDB;
}
if( rec->r.ver.version != 1 ) {
log_error_f( db_name, "invalid file version %d\n",
rec->r.ver.version );
rc = G10ERR_TRUSTDB;
}
break;
case RECTYPE_DIR: /*directory record */
rec->r.dir.local_id = buftoulong(p); p += 4;
rec->r.dir.keyid[0] = buftou32(p); p += 4;
rec->r.dir.keyid[1] = buftou32(p); p += 4;
rec->r.dir.keyrec = buftoulong(p); p += 4;
rec->r.dir.ctlrec = buftoulong(p); p += 4;
rec->r.dir.sigrec = buftoulong(p); p += 4;
rec->r.dir.no_sigs = *p++;
if( rec->r.dir.local_id != recnum ) {
log_error_f( db_name, "dir local_id != recnum (%lu,%lu)\n",
(ulong)rec->r.dir.local_id,
(ulong)recnum );
rc = G10ERR_TRUSTDB;
}
break;
case RECTYPE_KEY: /* public key record */
rec->r.key.owner = buftoulong(p); p += 4;
rec->r.dir.keyid[0] = buftou32(p); p += 4;
rec->r.dir.keyid[1] = buftou32(p); p += 4;
rec->r.key.pubkey_algo = *p++;
rec->r.key.fingerprint_len = *p++;
if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
rec->r.key.fingerprint_len = 20;
memcpy( rec->r.key.fingerprint, p, 20); p += 20;
rec->r.key.ownertrust = *p++;
break;
case RECTYPE_CTL: /* control record */
rec->r.ctl.owner = buftoulong(p); p += 4;
memcpy(rec->r.ctl.blockhash, p, 20); p += 20;
rec->r.ctl.trustlevel = *p++;
break;
case RECTYPE_SIG:
rec->r.sig.owner = buftoulong(p); p += 4;
rec->r.sig.chain = buftoulong(p); p += 4;
for(i=0; i < SIGS_PER_RECORD; i++ ) {
rec->r.sig.sig[i].local_id = buftoulong(p); p += 4;
rec->r.sig.sig[i].flag = *p++;
}
break;
default:
log_error_f( db_name, "invalid record type %d at recnum %lu\n",
rec->rectype, (ulong)recnum );
rc = G10ERR_TRUSTDB;
break;
}
return rc;
}
/****************
* Write the record at RECNUM
*/
int
tdbio_write_record( ulong recnum, TRUSTREC *rec )
{
byte buf[TRUST_RECORD_LEN], *p;
int rc = 0;
int i, n;
if( db_fd == -1 )
open_db();
memset(buf, 0, TRUST_RECORD_LEN);
p = buf;
*p++ = rec->rectype; p++;
switch( rec->rectype ) {
case 0: /* unused record */
break;
case 1: /* version record */
BUG();
break;
case RECTYPE_DIR: /*directory record */
ulongtobuf(p, rec->r.dir.local_id); p += 4;
u32tobuf(p, rec->r.key.keyid[0]); p += 4;
u32tobuf(p, rec->r.key.keyid[1]); p += 4;
ulongtobuf(p, rec->r.dir.keyrec); p += 4;
ulongtobuf(p, rec->r.dir.ctlrec); p += 4;
ulongtobuf(p, rec->r.dir.sigrec); p += 4;
*p++ = rec->r.dir.no_sigs;
assert( rec->r.dir.local_id == recnum );
break;
case RECTYPE_KEY:
ulongtobuf(p, rec->r.key.owner); p += 4;
u32tobuf(p, rec->r.key.keyid[0]); p += 4;
u32tobuf(p, rec->r.key.keyid[1]); p += 4;
*p++ = rec->r.key.pubkey_algo;
*p++ = rec->r.key.fingerprint_len;
memcpy( p, rec->r.key.fingerprint, 20); p += 20;
*p++ = rec->r.key.ownertrust;
break;
case RECTYPE_CTL: /* control record */
ulongtobuf(p, rec->r.ctl.owner); p += 4;
memcpy(p, rec->r.ctl.blockhash, 20); p += 20;
*p++ = rec->r.ctl.trustlevel;
break;
case RECTYPE_SIG:
ulongtobuf(p, rec->r.sig.owner); p += 4;
ulongtobuf(p, rec->r.sig.chain); p += 4;
for(i=0; i < SIGS_PER_RECORD; i++ ) {
ulongtobuf(p, rec->r.sig.sig[i].local_id); p += 4;
*p++ = rec->r.sig.sig[i].flag;
}
break;
default:
BUG();
}
if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
return G10ERR_WRITE_FILE;
}
n = write( db_fd, buf, TRUST_RECORD_LEN);
if( n != TRUST_RECORD_LEN ) {
log_error(_("trustdb: write failed (n=%d): %s\n"), n, strerror(errno) );
return G10ERR_WRITE_FILE;
}
return rc;
}
/****************
* create a new record and return its record number
*/
ulong
tdbio_new_recnum()
{
off_t offset;
ulong recnum;
TRUSTREC rec;
int rc;
/* fixme: look for unused records */
offset = lseek( db_fd, 0, SEEK_END );
if( offset == -1 )
log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) );
recnum = offset / TRUST_RECORD_LEN;
assert(recnum); /* this is will never be the first record */
/* we must write a record, so that the next call to this function
* returns another recnum */
memset( &rec, 0, sizeof rec );
rec.rectype = 0; /* free record */
rc = tdbio_write_record(recnum, &rec );
if( rc )
log_fatal_f(db_name,_("failed to append a record: %s\n"),
g10_errstr(rc));
return recnum ;
}
/****************
* Search the trustdb for a key which matches PK and return the dir record
* The local_id of PK is set to the correct value
*
* Note: To increase performance, we could use a index search here.
*/
int
tdbio_search_record( PKT_public_key *pk, TRUSTREC *rec )
{
ulong recnum;
u32 keyid[2];
byte *fingerprint;
size_t fingerlen;
int rc;
keyid_from_pk( pk, keyid );
fingerprint = fingerprint_from_pk( pk, &fingerlen );
assert( fingerlen == 20 || fingerlen == 16 );
for(recnum=1; !(rc=tdbio_read_record( recnum, rec, 0)); recnum++ ) {
if( rec->rectype != RECTYPE_DIR )
continue;
if( rec->r.dir.keyid[0] == keyid[0]
&& rec->r.dir.keyid[1] == keyid[1]){
TRUSTREC keyrec;
if( tdbio_read_record( rec->r.dir.keyrec, &keyrec, RECTYPE_KEY ) ) {
log_error("%lu: ooops: invalid key record\n", recnum );
break;
}
if( keyrec.r.key.pubkey_algo == pk->pubkey_algo
&& !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){
if( pk->local_id && pk->local_id != recnum )
log_error_f(db_name,
"found record, but local_id from memory does "
"not match recnum (%lu,%lu)\n",
(ulong)pk->local_id, (ulong)recnum );
pk->local_id = recnum;
return 0;
}
}
}
if( rc != -1 )
log_error_f( db_name, _("search_db failed: %s\n"), g10_errstr(rc) );
return rc;
}

150
g10/tdbio.h Normal file
View File

@ -0,0 +1,150 @@
/* tdbio.h - Trust database I/O functions
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef G10_TDBIO_H
#define G10_TDBIO_H
#define TRUST_RECORD_LEN 40
#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5)
#define ITEMS_PER_HTBL_RECORD ((TRUST_RECORD_LEN-2)/4)
#define ITEMS_PER_HLST_RECORD ((TRUST_RECORD_LEN-6)/5)
#define MAX_LIST_SIGS_DEPTH 20
#define RECTYPE_VER 1
#define RECTYPE_DIR 2
#define RECTYPE_KEY 3
#define RECTYPE_CTL 4
#define RECTYPE_SIG 5
#define RECTYPE_HTBL 6
#define RECTYPE_HLST 7
#define RECTYPE_UID 8
struct trust_record {
int rectype;
union {
struct { /* version record: */
byte version; /* should be 1 */
ulong locked; /* pid of process which holds a lock */
ulong created; /* timestamp of trustdb creation */
ulong modified; /* timestamp of last modification */
ulong validated; /* timestamp of last validation */
byte marginals_needed;
byte completes_needed;
byte max_cert_depth;
} ver;
struct { /* directory record */
ulong local_id;
u32 keyid[2];
ulong keyrec; /* recno of primary public key record */
ulong ctlrec; /* recno of control record */
ulong sigrec; /* recno of first signature record (osolete) */
ulong uidrec; /* recno of first user-id record */
ulong link; /* to next dir record */
byte no_sigs; /* does not have sigature and checked */
} dir;
struct { /* primary public key record */
ulong owner;
u32 keyid[2];
byte pubkey_algo;
byte fingerprint_len;
byte fingerprint[20];
byte ownertrust;
} key;
struct { /* user id reord */
ulong owner; /* point back to the directory record */
ulong chain; /* points to next user id record */
byte subtype; /* must be 0 */
byte namehash[20]; /* ripemd hash of the username */
byte ownertrust;
u32 prefrec; /* recno of reference record */
} uid;
struct { /* control record */
ulong owner;
byte blockhash[20];
byte trustlevel; /* calculated trustlevel */
} ctl;
struct { /* signature record */
ulong owner; /* local_id of record owner (pubkey record) */
ulong chain; /* offset of next record or NULL for last one */
struct {
ulong local_id; /* of pubkey record of signator (0=unused) */
byte flag; /* reserved */
} sig[SIGS_PER_RECORD];
} sig;
struct {
ulong item[ITEMS_PER_HTBL_RECORD];
} htbl;
struct {
ulong chain;
struct {
byte hash;
ulong rnum;
} item[ITEMS_PER_HLST_RECORD];
} hlst;
} r;
};
typedef struct trust_record TRUSTREC;
typedef struct {
ulong local_id; /* localid of the pubkey */
ulong sigrec;
ulong sig_id; /* returned signature id */
unsigned sig_flag; /* returned signature record flag */
struct { /* internal data */
int init_done;
int eof;
TRUSTREC rec;
int index;
} ctl;
} SIGREC_CONTEXT;
/*-- tdbio.c --*/
int tdbio_set_dbname( const char *new_dbname, int create );
const char *tdbio_get_dbname(void);
void tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
int tdbio_write_record( ulong recnum, TRUSTREC *rec );
ulong tdbio_new_recnum(void);
int tdbio_search_record( PKT_public_key *pk, TRUSTREC *rec );
#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \
(*((byte*)(p)+2) << 8) | (*((byte*)(p)+3)))
#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1)))
#define ulongtobuf( p, a ) do { \
((byte*)p)[0] = a >> 24; \
((byte*)p)[1] = a >> 16; \
((byte*)p)[2] = a >> 8; \
((byte*)p)[3] = a ; \
} while(0)
#define ushorttobuf( p, a ) do { \
((byte*)p)[0] = a >> 8; \
((byte*)p)[1] = a ; \
} while(0)
#define buftou32( p) buftoulong( (p) )
#define u32tobuf( p, a) ulongtobuf( (p), (a) )
#endif /*G10_TDBIO_H*/

738
g10/trustdb.c
View File

File diff suppressed because it is too large Load Diff

2
include/cipher.h
View File

@ -121,6 +121,8 @@ void md_stop_debug( MD_HANDLE a );
md_write( (h), NULL, 0 ); \
(h)->buffer[(h)->bufcount++] = (c) & 0xff; \
} while(0)
/*-- rmd160.c --*/
void rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length );
/*-- cipher.c --*/

372
po/de.po
View File

@ -6,12 +6,12 @@ msgstr ""
"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments --keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
"Files: util/secmem.c util/argparse.c cipher/random.c cipher/rand-dummy.c cipher/rand-unix.c cipher/rand-w32.c g10/g10.c g10/pkclist.c g10/keygen.c g10/decrypt.c g10/encode.c g10/import.c g10/keyedit.c g10/keylist.c g10/mainproc.c g10/passphrase.c g10/plaintext.c g10/pref.c g10/seckey-cert.c g10/sig-check.c g10/sign.c g10/trustdb.c g10/verify.c\n"
#: util/secmem.c:180
#: util/secmem.c:188
msgid "Warning: using insecure memory!\n"
msgstr ""
"Achtung: Speicher mit sensibeln Daten kann auf Platte ausgelagert werden.\n"
"(um dies zu vermeiden, kann das Programm suid(root) installiert werden;\n"
" bitte wenden Sie sich hierzu an den Systemadministraor)\n"
" bitte wenden Sie sich hierzu an den Systemadministrator)\n"
#: cipher/rand-dummy.c:106
msgid "warning: using insecure random number generator!!\n"
@ -134,31 +134,31 @@ msgstr "Ein \"Revocation\" Zertifikat erzeugen"
msgid "export keys"
msgstr "Schl\374ssel exportieren"
#: g10/g10.c:79
#: g10/g10.c:80
msgid "import/merge keys"
msgstr "Schl\374ssel importieren/kombinieren"
#: g10/g10.c:80
#: g10/g10.c:81
msgid "list only the sequence of packets"
msgstr "Lediglich die Struktur der Daten Packete anzeigen"
#: g10/g10.c:83
#: g10/g10.c:84
msgid "De-Armor a file or stdin"
msgstr "\"De-Armor\" einer Datei oder stdin"
#: g10/g10.c:84
#: g10/g10.c:85
msgid "En-Armor a file or stdin"
msgstr "\"En-Armor\" einer Datei oder stdin"
#: g10/g10.c:85
#: g10/g10.c:86
msgid "|algo [files]|print message digests"
msgstr "|algo [files]|Hashwerte der Dateien ausgeben"
#: g10/g10.c:86
#: g10/g10.c:87
msgid "print all message digests"
msgstr "Message-Digests f\374r die Eingabedaten ausgeben"
#: g10/g10.c:91
#: g10/g10.c:92
msgid ""
"@\n"
"Options:\n"
@ -168,111 +168,111 @@ msgstr ""
"Optionen:\n"
" "
#: g10/g10.c:93
#: g10/g10.c:94
msgid "create ascii armored output"
msgstr "Ausgabe mit ASCII Armor versehen"
#: g10/g10.c:95
#: g10/g10.c:96
msgid "use this user-id to sign or decrypt"
msgstr "Mit dieser User-ID signieren"
#: g10/g10.c:96
#: g10/g10.c:97
msgid "use this user-id for encryption"
msgstr "Verschl\374sseln f\374r diese User-ID"
#: g10/g10.c:97
#: g10/g10.c:98
msgid "|N|set compress level N (0 disables)"
msgstr "Kompressionsstufe auf N setzen (0 f\374r keine Kompression)"
#: g10/g10.c:98
#: g10/g10.c:99
msgid "use canonical text mode"
msgstr "Text Modus benutzen"
#: g10/g10.c:100
#: g10/g10.c:101
msgid "use as output file"
msgstr "dies als Ausgabedatei benutzen"
#: g10/g10.c:101
#: g10/g10.c:102
msgid "verbose"
msgstr "detailierte Informationen"
#: g10/g10.c:102
#: g10/g10.c:103
msgid "do not make any changes"
msgstr "Keine wirklichen \304nderungen durchf\374hren"
#: g10/g10.c:103
#: g10/g10.c:104
msgid "batch mode: never ask"
msgstr "Stapel Modus: Keine Abfragen"
#: g10/g10.c:104
#: g10/g10.c:105
msgid "assume yes on most questions"
msgstr "\"Ja\" als Standard Antwort annehmen"
#: g10/g10.c:105
#: g10/g10.c:106
msgid "assume no on most questions"
msgstr "\"Nein\" als Standard Antwort annehmen"
#: g10/g10.c:106
#: g10/g10.c:107
msgid "add this keyring to the list of keyrings"
msgstr "Den \366ffentlichen Schl\374sselring mitbenutzen"
#: g10/g10.c:107
#: g10/g10.c:108
msgid "add this secret keyring to the list"
msgstr "Den geheimen Schl\374sselring mitbenutzen"
#: g10/g10.c:108
#: g10/g10.c:109
msgid "|NAME|use NAME as default secret key"
msgstr "|NAME|NAME als voreingestellten Schl\374ssel benutzen"
#: g10/g10.c:109
#: g10/g10.c:110
msgid "read options from file"
msgstr "Optionen aus der Datei lesen"
#: g10/g10.c:111
#: g10/g10.c:112
msgid "set debugging flags"
msgstr "Debug-Flags einschalten"
#: g10/g10.c:112
#: g10/g10.c:113
msgid "enable full debugging"
msgstr "Alle Debug-Flags einschalten"
#: g10/g10.c:113
#: g10/g10.c:114
msgid "|FD|write status info to this FD"
msgstr "|FD|Status Informatiuon auf FD ausgeben"
#: g10/g10.c:114
#: g10/g10.c:115
msgid "do not write comment packets"
msgstr "Keine Kommentarpackete schreiben"
#: g10/g10.c:115
#: g10/g10.c:116
msgid "(default is 1)"
msgstr "(voreingestellt ist 1)"
#: g10/g10.c:116
#: g10/g10.c:117
msgid "(default is 3)"
msgstr "(voreingestellt ist 3)"
#: g10/g10.c:117
#: g10/g10.c:118
msgid "|file|load extension module"
msgstr "|FILE|Erweierungsmodul |FILE| laden"
#: g10/g10.c:118
#: g10/g10.c:119
msgid "emulate the mode described in RFC1991"
msgstr "Den in RFC1991 beschriebenen Modus emulieren"
#: g10/g10.c:120
#: g10/g10.c:121
msgid "|NAME|use cipher algorithm NAME"
msgstr "|NAME|Den Cipher-Algorithmus NAME benutzen"
#: g10/g10.c:121
#: g10/g10.c:122
msgid "|NAME|use message digest algorithm NAME"
msgstr "|NAME|Den Hash-Algorithmus NAME benutzen"
#: g10/g10.c:122
#: g10/g10.c:123
msgid "|N|use compress algorithm N"
msgstr "|N|Den Komressionsalgorithmus N benutzen"
#: g10/g10.c:130
#: g10/g10.c:131
msgid ""
"@\n"
"Examples:\n"
@ -292,19 +292,19 @@ msgstr ""
" -k [userid] Die Schll\374ssel anzeigen\n"
" -kc [userid] Die \"Fingerprints\" anzeigen\n"
#: g10/g10.c:211
#: g10/g10.c:213
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
msgstr "Berichte \374ber Wanzen an <gnupg-bugs|gnu.org>.\n"
msgstr "Berichte \374ber Wanzen an <gnupg-bugs@gnu.org>.\n"
#: g10/g10.c:216
#: g10/g10.c:218
msgid "Usage: gpgm [options] [files] (-h for help)"
msgstr "Aufruf: gpgm [Optionen] [Dateien] (-h f\374r Hilfe)"
#: g10/g10.c:218
#: g10/g10.c:220
msgid "Usage: gpg [options] [files] (-h for help)"
msgstr "Aufruf: gpg [Optionen] [Dateien] (-h f\374r Hilfe)"
#: g10/g10.c:223
#: g10/g10.c:225
msgid ""
"Syntax: gpgm [options] [files]\n"
"GNUPG maintenance utility\n"
@ -312,7 +312,7 @@ msgstr ""
"Syntax: gpgm [options] [files]\n"
"GNUPG Wartungs Hilfsmittel\n"
#: g10/g10.c:226
#: g10/g10.c:228
msgid ""
"Syntax: gpg [options] [files]\n"
"sign, check, encrypt or decrypt\n"
@ -322,138 +322,142 @@ msgstr ""
"Signieren, pr\374fen, verschl\374sseln, entschl\374sseln\n"
"Die voreingestellte Operation ist abh\344ngig von den Eingabedaten\n"
#: g10/g10.c:303
#: g10/g10.c:308
msgid "usage: gpgm [options] "
msgstr "Aufruf: gpgm [Optionen] "
#: g10/g10.c:305
#: g10/g10.c:310
msgid "usage: gpg [options] "
msgstr "Aufruf: gpg [Optionen] "
#: g10/g10.c:346
#: g10/g10.c:351
msgid "conflicting commands\n"
msgstr "Widersprechende Kommandos\n"
#: g10/g10.c:359
#: g10/g10.c:364
msgid "selected cipher algorithm is invalid\n"
msgstr "Der ausgew\344hlte Cipher Algorithmus ist ung\374ltig\n"
#: g10/g10.c:361
#: g10/g10.c:366
msgid "selected digest algorithm is invalid\n"
msgstr "Der ausgew\344hlte Message-Digest Algorithmus ist ung\374ltig\n"
#: g10/g10.c:363
#: g10/g10.c:368
msgid "compress algorithm must be in range %d..%d\n"
msgstr "Der Kompressionsalgorithmus muss %d bis %d sein\n"
#: g10/g10.c:365
#: g10/g10.c:370
msgid "completes-needed must be greater than 0\n"
msgstr "completes-needed m\374\337en gr\366\337er als 0 sein\n"
#: g10/g10.c:367
#: g10/g10.c:372
msgid "marginals-needed must be greater than 1\n"
msgstr "marginals-needed m\374\337en gr\366\337er als 1 sein\n"
#: g10/g10.c:463
#: g10/g10.c:471
msgid "note: no default option file '%s'\n"
msgstr "Notiz: Keine voreingestellte Optionen Datei '%s' vorhanden\n"
#: g10/g10.c:467
#: g10/g10.c:475
msgid "option file '%s': %s\n"
msgstr "Optionen Datei '%s': %s\n"
#: g10/g10.c:474
#: g10/g10.c:482
msgid "reading options from '%s'\n"
msgstr "Optionen werden von '%s' gelesen\n"
#: g10/g10.c:693
#: g10/g10.c:720
msgid "failed to initialize the TrustDB: %s\n"
msgstr "Die Trust-DB kann nicht initialisiert werden: %s\n"
#: g10/g10.c:699
#. only store the file
#: g10/g10.c:726
msgid "--store [filename]"
msgstr "--store [Dateiname]"
#: g10/g10.c:707
#: g10/g10.c:734
msgid "--symmetric [filename]"
msgstr "--symmetric [Dateiname]"
#: g10/g10.c:715
#. encrypt the given file
#: g10/g10.c:742
msgid "--encrypt [filename]"
msgstr "--encrypt [Dateiname]"
#: g10/g10.c:728
#: g10/g10.c:755
msgid "--sign [filename]"
msgstr "--sign [Dateiname]"
#. sign and encrypt the given file
#: g10/g10.c:741
#: g10/g10.c:768
msgid "--sign --encrypt [filename]"
msgstr "--sign --encrypt [Dateiname]"
#: g10/g10.c:755
#: g10/g10.c:782
msgid "--clearsign [filename]"
msgstr "--clearsign [Dateiname]"
#: g10/g10.c:767
#: g10/g10.c:794
msgid "--decrypt [filename]"
msgstr "--decrypt [Dateiname]"
#: g10/g10.c:775
#. sign the key given as argument
#: g10/g10.c:802
msgid "--sign-key username"
msgstr "--sign-key Benutzername"
#. Edit a key signature
#: g10/g10.c:783
#: g10/g10.c:810
msgid "--edit-key username"
msgstr "--deit-key Benutzername"
#: g10/g10.c:791
#: g10/g10.c:818
msgid "--delete-secret-key username"
msgstr "--delete-secret-key Benutzername"
#: g10/g10.c:794
#: g10/g10.c:821
msgid "--delete-key username"
msgstr "--delete-key Benutzername"
#: g10/g10.c:802
#. Change the passphrase
#. no arg: use default, 1 arg use this one
#: g10/g10.c:829
msgid "--change-passphrase [username]"
msgstr "--change-passphrase [Benutzername]"
#. -kv userid keyring
#: g10/encode.c:200 g10/g10.c:826 g10/keylist.c:79 g10/trustdb.c:358
#. prepare iobufs
#: g10/encode.c:200 g10/g10.c:853 g10/keylist.c:79
msgid "can't open %s: %s\n"
msgstr "Datei '%s' kann nicht ge\366ffnet werden: %s\n"
#: g10/g10.c:837
#: g10/g10.c:864
msgid "-k[v][v][v][c] [userid] [keyring]"
msgstr "-h[v][v][v][c] [Benutzername] [Keyring]"
#: g10/g10.c:897
#: g10/g10.c:924
msgid "dearmoring failed: %s\n"
msgstr "De-Armor fehlgeschlagen: %s\n"
#: g10/g10.c:905
#: g10/g10.c:932
msgid "enarmoring failed: %s\n"
msgstr "En-Armor fehlgeschlagen: %s\n"
#: g10/g10.c:961
#: g10/g10.c:988
msgid "invalid hash algorithm '%s'\n"
msgstr "Ung\374ltiger Hash Algorithmus '%s'\n"
#: g10/g10.c:1014
#. fixme: g10maint should do regular maintenace tasks here
#: g10/g10.c:1041
msgid "[filename]"
msgstr "[Dateiname]"
#: g10/decrypt.c:59 g10/g10.c:1016 g10/verify.c:66
#: g10/decrypt.c:59 g10/g10.c:1043 g10/verify.c:66
msgid "can't open '%s'\n"
msgstr "Datei '%s' kann nicht ge\366ffnet werden\n"
#: g10/g10.c:1061
#: g10/g10.c:1088
msgid "RSA keys are depreciated; please consider creating a new key and use this key in the future\n"
msgstr "RSA Schl\374ssel sind nicht erw\374nscht; bitte denken Sie dar\374ber nach einen neuen Schl\374ssel zu erzeugen und diesen in Zukunft zu benutzen\n"
#: g10/pkclist.c:65
#: g10/pkclist.c:66
msgid ""
"No ownertrust defined for %lu:\n"
"%4u%c/%08lX %s \""
@ -461,7 +465,7 @@ msgstr ""
"Es ist kein \"Ownertrust\" f\374r %lu definiert:\n"
"%4u%c/%08lX %s \""
#: g10/pkclist.c:72
#: g10/pkclist.c:73
msgid ""
"\"\n"
"\n"
@ -489,11 +493,11 @@ msgstr ""
" s = Bitte weitere Information anzeigen\n"
"\n"
#: g10/pkclist.c:83
#: g10/pkclist.c:84
msgid "Your decision? "
msgstr "Ihre Auswahl? "
#: g10/pkclist.c:90
#: g10/pkclist.c:91
msgid ""
"It's up to you to assign a value here; this value will never be exported\n"
"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n"
@ -504,11 +508,11 @@ msgstr ""
"um das Netz-des-Vertrauens aufzubauen. Dieses hat nichts mit dem (impliziet\n"
"erzeugten) Netz-der-Zertifikate zu tun.\n"
#: g10/pkclist.c:108
#: g10/pkclist.c:109
msgid "You will see a list of signators etc. here\n"
msgstr "Sie sollten hier eigentlich eine Liste der Signierer sehen.\n"
#: g10/pkclist.c:132
#: g10/pkclist.c:133
msgid ""
"Could not find a valid trust path to the key. Let's see whether we\n"
"can assign some missing owner trust values.\n"
@ -518,13 +522,13 @@ msgstr ""
"Mal sehen ob wir now weitere Ownertrust Werte zuordnen k\366nnen.\n"
"\n"
#: g10/pkclist.c:157
#: g10/pkclist.c:158
msgid ""
"No ownertrust values changed.\n"
"\n"
msgstr "Keine \"Ownertrust\" Werte ge\344ndert.\n"
#: g10/pkclist.c:267
#: g10/pkclist.c:268
msgid ""
"It is NOT certain that the key belongs to its owner.\n"
"If you *really* know what you are doing, you may answer\n"
@ -535,11 +539,47 @@ msgstr ""
"Wenn Sie *wirklich* wissen, was Sie tun, k\366nnen Sie die n\344chste\n"
"Frage mit ja beantworten\n"
#: g10/pkclist.c:278
#: g10/pkclist.c:279
msgid "WARNING: Using untrusted key!\n"
msgstr "WARNUNG: Ein Schl\374ssel ohne gesichertes Vertrauen wird benutzt!\n"
#: g10/pkclist.c:308
#: g10/pkclist.c:315
msgid "WARNING: This key has been revoked by its owner!\n"
msgstr ""
#: g10/pkclist.c:316
msgid " This could mean that the signature is forgery.\n"
msgstr ""
#: g10/pkclist.c:337
msgid "Note: This key has expired!\n"
msgstr ""
#: g10/pkclist.c:344
msgid "WARNING: This key is not certified with a trusted signature!\n"
msgstr ""
#: g10/pkclist.c:346
msgid " There is no indication that the signature belongs to the owner.\n"
msgstr ""
#: g10/pkclist.c:361
msgid "WARNING: We do NOT trust this key!\n"
msgstr ""
#: g10/pkclist.c:362
msgid " The signature is probably a FORGERY.\n"
msgstr ""
#: g10/pkclist.c:369
msgid "WARNING: This key is not certified with enough trusted signatures!\n"
msgstr ""
#: g10/pkclist.c:372
msgid " It is not certain that the signature belongs to the owner.\n"
msgstr ""
#: g10/pkclist.c:417
msgid ""
"You did not specify a user ID. (you may use \"-r\")\n"
"\n"
@ -547,23 +587,23 @@ msgstr ""
"Sie gaben keine User-ID angegeben. (benutzen Sie die Option \"-r\")\n"
"\n"
#: g10/pkclist.c:312
#: g10/pkclist.c:421
msgid "Enter the user ID: "
msgstr "Geben Sie die User-ID ein: "
#: g10/pkclist.c:323
#: g10/pkclist.c:432
msgid "No such user ID.\n"
msgstr "Keine solche User-ID.\n"
#: g10/pkclist.c:357 g10/pkclist.c:384
#: g10/pkclist.c:466 g10/pkclist.c:493
msgid "%s: skipped: %s\n"
msgstr "%s: \374bergangen: %s\n"
#: g10/pkclist.c:365
#: g10/pkclist.c:474
msgid "%s: error checking key: %s\n"
msgstr "%s: Fehler beim pr\374fen des Schl\374ssels: %s\n"
#: g10/pkclist.c:391
#: g10/pkclist.c:500
msgid "no valid addressees\n"
msgstr "Keine g\374ltigen Adressaten"
@ -597,7 +637,7 @@ msgstr " (%d) DSA (nur signieren)\n"
#: g10/keygen.c:388
msgid " (%d) ElGamal in a v3 packet\n"
msgstr " ((%d) ElGamal in einem v4 Packet\n"
msgstr " (%d) ElGamal in einem v3 Packet\n"
#: g10/keygen.c:392
msgid "Your selection? "
@ -1054,7 +1094,7 @@ msgstr "M\366chten Sie die ausgew\344hlten Siganturen wirklich entfernen? "
#: g10/keyedit.c:250 g10/keyedit.c:396 g10/keyedit.c:465
msgid "%s: user not found\n"
msgstr "%s: Benutzer nich gefunden\n"
msgstr "%s: Benutzer nicht gefunden\n"
#: g10/keyedit.c:277 g10/keyedit.c:417
msgid "Checking signatures of this public key certificate:\n"
@ -1141,19 +1181,19 @@ msgstr "Erzeugung des \366ffentlichen Schl\374ssels fehlgeschlagen: %s\n"
msgid "decryption failed: %s\n"
msgstr "Enschl\374sselung fehlgeschlagen: %s\n"
#: g10/mainproc.c:817
#: g10/mainproc.c:829
msgid "Signature made %.*s using %s key ID %08lX\n"
msgstr "Signatur wurde am %.*s mit %s Schl\374ssel %08lX erzeugt\n"
#: g10/mainproc.c:823
#: g10/mainproc.c:835
msgid "BAD signature from \""
msgstr "FALSCHE Signatur von \""
#: g10/mainproc.c:824
#: g10/mainproc.c:836
msgid "Good signature from \""
msgstr "Gute Signatur von \""
#: g10/mainproc.c:833
#: g10/mainproc.c:847
msgid "Can't check signature: %s\n"
msgstr "Signatur kann nicht gepr\374ft werden: %s\n"
@ -1171,7 +1211,7 @@ msgstr ""
msgid "(%u-bit %s key, ID %08lX, created %s)\n"
msgstr "(%u-bit %s Schl\374ssel, ID %08lX, erzeugt %s)\n"
#: g10/plaintext.c:216
#: g10/plaintext.c:268
msgid "can't open signed data '%s'\n"
msgstr ""
@ -1179,7 +1219,7 @@ msgstr ""
msgid "Invalid passphrase; please try again ...\n"
msgstr ""
#: g10/sig-check.c:165 g10/trustdb.c:1755
#: g10/sig-check.c:165
msgid "public key created in future (time warp or clock problem)\n"
msgstr ""
@ -1187,167 +1227,127 @@ msgstr ""
msgid "warning: signature key expired %s\n"
msgstr ""
#: g10/trustdb.c:331
msgid "can't create %s: %s\n"
msgstr ""
#: g10/trustdb.c:360
msgid "TrustDB %s is invalid\n"
msgstr ""
#: g10/trustdb.c:435 g10/trustdb.c:596
msgid "trustdb: lseek failed: %s\n"
msgstr ""
#: g10/trustdb.c:443
msgid "trustdb: read failed (n=%d): %s\n"
msgstr ""
#: g10/trustdb.c:460
msgid "%s: not a trustdb file\n"
msgstr ""
#: g10/trustdb.c:601
msgid "trustdb: write failed (n=%d): %s\n"
msgstr ""
#: g10/trustdb.c:633
msgid "%s: failed to append a record: %s\n"
msgstr ""
#: g10/trustdb.c:680
msgid "%s: search_db failed: %s\n"
msgstr ""
#: g10/trustdb.c:724
#: g10/trustdb.c:213
msgid "error reading record with local_id %lu: %s\n"
msgstr ""
#: g10/trustdb.c:729
#: g10/trustdb.c:218
msgid "record with local_id %lu is not a dir record\n"
msgstr ""
#: g10/trustdb.c:762
#: g10/trustdb.c:251
msgid "%lu: error reading dir record: %s\n"
msgstr ""
#: g10/trustdb.c:773
#: g10/trustdb.c:262
msgid "%lu: error building sigs on the fly: %s\n"
msgstr ""
#: g10/trustdb.c:780
#: g10/trustdb.c:269
msgid "%lu: error re-reading dir record: %s\n"
msgstr ""
#: g10/trustdb.c:807
#: g10/trustdb.c:296
msgid "error reading sigrec: %s\n"
msgstr ""
#: g10/trustdb.c:812
#: g10/trustdb.c:301
msgid "chained sigrec %lu has a wrong owner\n"
msgstr ""
#: g10/trustdb.c:862
msgid "keyid %08lX: secret key without public key\n"
#: g10/trustdb.c:350
msgid "key %08lX: secret key without public key\n"
msgstr ""
#: g10/trustdb.c:867
msgid "keyid %08lX: secret and public key don't match\n"
#: g10/trustdb.c:355
msgid "key %08lX: secret and public key don't match\n"
msgstr ""
#: g10/trustdb.c:878
msgid "keyid %08lX: can't put it into the trustdb\n"
#: g10/trustdb.c:366
msgid "key %08lX: can't put it into the trustdb\n"
msgstr ""
#: g10/trustdb.c:884
msgid "keyid %08lX: query record failed\n"
#: g10/trustdb.c:372
msgid "key %08lX: query record failed\n"
msgstr ""
#: g10/trustdb.c:893
msgid "keyid %08lX: already in ultikey_table\n"
#: g10/trustdb.c:381
msgid "key %08lX: already in ultikey_table\n"
msgstr ""
#: g10/trustdb.c:901
#: g10/trustdb.c:389
msgid "enum_secret_keys failed: %s\n"
msgstr ""
#: g10/trustdb.c:1169
#. get the keyblock
#: g10/trustdb.c:684
msgid "%lu: build_sigrecs: can't read dir record\n"
msgstr ""
#: g10/trustdb.c:1173
#: g10/trustdb.c:688
msgid "%lu: build_sigrecs: can't read key record\n"
msgstr ""
#: g10/trustdb.c:1179
msgid "build_sigrecs: get_keyblock_byfprint failed\n"
#: g10/trustdb.c:694
msgid "build_sigrecs: get_keyblock_byfprint failed: %s\n"
msgstr ""
#: g10/trustdb.c:1185
#: g10/trustdb.c:701
msgid "build_sigrecs: check_sigs failed\n"
msgstr ""
#: g10/trustdb.c:1189
#: g10/trustdb.c:705
msgid "build_sigrecs: self-signature missing\n"
msgstr ""
#: g10/trustdb.c:1195
#: g10/trustdb.c:711
msgid "build_sigrecs: key has been revoked\n"
msgstr ""
#: g10/trustdb.c:1220
#: g10/trustdb.c:736
msgid "set_signature_packets_local_id failed: %s\n"
msgstr ""
#: g10/trustdb.c:1231 g10/trustdb.c:1256 g10/trustdb.c:1267
#: g10/trustdb.c:747 g10/trustdb.c:772 g10/trustdb.c:783
msgid "build_sigrecs: write_record failed\n"
msgstr ""
#: g10/trustdb.c:1277
#: g10/trustdb.c:793
msgid "update_dir_record: read failed\n"
msgstr ""
#: g10/trustdb.c:1282
#: g10/trustdb.c:798
msgid "update_dir_record: write failed\n"
msgstr ""
#: g10/trustdb.c:1292
#: g10/trustdb.c:808
msgid "trustdb: build_sigrecs: %s\n"
msgstr ""
#: g10/trustdb.c:1511
msgid "can't access %s: %s\n"
#: g10/trustdb.c:1228
msgid "check_trust: read dir record failed\n"
msgstr ""
#: g10/trustdb.c:1527
msgid "can't create directory '%s': %s\n"
msgstr ""
#: g10/trustdb.c:1531
msgid "directory '%s' does not exist!\n"
msgstr ""
#: g10/trustdb.c:1732
msgid "check_trust: read record failed\n"
msgstr ""
#. no local_id: scan the trustdb
#: g10/trustdb.c:1738
#: g10/trustdb.c:1234
msgid "check_trust: search_record failed: %s\n"
msgstr ""
#: g10/trustdb.c:1745
msgid "failed to insert pubkey into trustdb: %s\n"
#: g10/trustdb.c:1241
msgid "key %08lX: insert trust record failed: %s\n"
msgstr ""
#: g10/trustdb.c:1749
msgid "pubkey not in trustdb - inserted as %lu\n"
#: g10/trustdb.c:1245
msgid "key %08lX.%lu: inserted into trustdb\n"
msgstr ""
#: g10/trustdb.c:1761
msgid "key expiration date is %s\n"
#: g10/trustdb.c:1251
msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
msgstr ""
#: g10/trustdb.c:1769
msgid "check_trust: do_check failed: %s\n"
#: g10/trustdb.c:1259
msgid "key %08lX.%lu: expired at %s\n"
msgstr ""
#: g10/trustdb.c:1268
msgid "key %08lX.%lu: trust check failed: %s\n"
msgstr ""

BIN
tools/mk-tdata
View File

Binary file not shown.

4
util/ChangeLog
View File

@ -1,3 +1,7 @@
Thu Jul 9 14:47:20 1998 Werner Koch (wk@isil.d.shuttle.de)
* secmem.c (secmem_init): Drops setuid if called with 0.
Tue Jul 7 11:49:25 1998 Werner Koch (wk@isil.d.shuttle.de)
* logger.c (log_set_filename): New.

10
util/secmem.c
View File

@ -153,8 +153,16 @@ secmem_get_flags(void)
void
secmem_init( size_t n )
{
if( !n )
if( !n ) {
uid_t uid;
disable_secmem=1;
uid = getuid();
if( uid != geteuid() ) {
if( setuid( uid ) )
log_fatal("failed to drop setuid\n" );
}
}
else {
if( n < DEFAULT_POOLSIZE )
n = DEFAULT_POOLSIZE;

2
zlib/Makefile
View File

@ -92,7 +92,7 @@ POSUB = po
RANLIB = ranlib
USE_INCLUDED_LIBINTL = yes
USE_NLS = yes
VERSION = 0.3.1a
VERSION = 0.3.2
ZLIBS =
l =