gpg: Do not require a trustdb for decryption.

* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE. Change to return an error code. Change all callers to to pass False for NO_CREATE. (tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test for a non-existing trustdb. Change all callers to to pass False for NO_CREATE. (tdb_get_min_ownertrust): Ditto. * g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call init_trustdb for a quick check. (get_ownertrust_info): Add arg NO_CREATE. (get_ownertrust_string): Ditto. * g10/gpgv.c (get_ownertrust_info): Adjust stub. * g10/test-stubs.c (get_ownertrust_info): Ditto. * g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE set. * g10/pubkey-enc.c (get_it): Ditto. -- Fixes-commit: effa80e0b5fd8cf9e31a984afe391c2406edee8b For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to gnupg-devel 'test failure on git master with decrypt-session-key.scm (and: continuous integration?)' Signed-off-by: Werner Koch <wk@gnupg.org>
2024-12-22 10:19:57 +01:00 · 2017-02-28 20:28:56 +01:00 · 2017-02-28 20:28:56 +01:00 · e182542e90
commit e182542e90
parent e4583ae14e
11 changed files with 102 additions and 54 deletions
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@ -371,9 +371,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
 }

 int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
 {
  (void)pk;
+  (void)no_create;
  return '?';
 }

--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -3679,7 +3679,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
                      (ulong) pk->timestamp, (ulong) pk->expiredate);
 	  if (node->pkt->pkttype == PKT_PUBLIC_KEY
 	      && !(opt.fast_list_mode || opt.no_expensive_trust_checks))
-	    es_putc (get_ownertrust_info (pk), fp);
+	    es_putc (get_ownertrust_info (pk, 0), fp);
 	  es_putc (':', fp);
 	  es_putc (':', fp);
 	  es_putc (':', fp);
@ -3896,7 +3896,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
 	      static int did_warn = 0;

 	      trust = get_validity_string (ctrl, pk, NULL);
-	      otrust = get_ownertrust_string (pk);
+	      otrust = get_ownertrust_string (pk, 0);

 	      /* Show a warning once */
 	      if (!did_warn
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -1232,7 +1232,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
    }

  if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
-    ownertrust_print = get_ownertrust_info (pk);
+    ownertrust_print = get_ownertrust_info (pk, 0);
  else
    ownertrust_print = 0;

--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -1032,7 +1032,7 @@ list_node (CTX c, kbnode_t node)
                     colon_datestr_from_pk( pk ),
                     colon_strtime (pk->expiredate) );
          if (pk->flags.primary && !opt.fast_list_mode)
-            es_putc (get_ownertrust_info (pk), es_stdout);
+            es_putc (get_ownertrust_info (pk, 1), es_stdout);
          es_putc (':', es_stdout);
          es_putc ('\n', es_stdout);
        }
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -188,7 +188,7 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
  int show=0;
  int min_num;
  int did_help=defer_help;
-  unsigned int minimum = tdb_get_min_ownertrust (pk);
+  unsigned int minimum = tdb_get_min_ownertrust (pk, 0);

  switch(minimum)
    {
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -404,8 +404,13 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
        hexfingerprint (pk, pkhex, sizeof pkhex);
        hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);

+        /* Note that we do not want to create a trustdb just for
+         * getting the ownertrust: If there is no trustdb there can't
+         * be ulitmately trusted key anyway and thus the ownertrust
+         * value is irrelevant.  */
        write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
-                             pkhex, mainpkhex, get_ownertrust_info (mainpk));
+                             pkhex, mainpkhex,
+                             get_ownertrust_info (mainpk, 1));

      }

--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@ -70,7 +70,7 @@ list_trustdb (estream_t fp, const char *username)

  (void)username;

-  init_trustdb();
+  init_trustdb (0);
  /* For now we ignore the user ID. */
  if (1)
    {
@ -101,7 +101,7 @@ export_ownertrust()
  int i;
  byte *p;

-  init_trustdb();
+  init_trustdb (0);
  es_printf (_("# List of assigned trustvalues, created %s\n"
               "# (Use \"gpg --import-ownertrust\" to restore them)\n"),
             asctimestamp( make_timestamp() ) );
@ -133,7 +133,7 @@ import_ownertrust( const char *fname )
    int any = 0;
    int rc;

-    init_trustdb();
+    init_trustdb (0);
    if( iobuf_is_pipe_filename (fname) ) {
 	fp = es_stdin;
 	fname = "[stdin]";
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@ -138,9 +138,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
 }

 int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
 {
  (void)pk;
+  (void)no_create;
  return '?';
 }

--- a/g10/trust.c
+++ b/g10/trust.c
@ -179,17 +179,18 @@ get_ownertrust (PKT_public_key *pk)
  (void)pk;
  return TRUST_UNKNOWN;
 #else
-  return tdb_get_ownertrust (pk);
+  return tdb_get_ownertrust (pk, 0);
 #endif
 }


 /*
 * Same as get_ownertrust but this takes the minimum ownertrust value
- * into account, and will bump up the value as needed.
+ * into account, and will bump up the value as needed.  NO_CREATE
+ * inhibits creation of a trustdb it that does not yet exists.
 */
 static int
-get_ownertrust_with_min (PKT_public_key *pk)
+get_ownertrust_with_min (PKT_public_key *pk, int no_create)
 {
 #ifdef NO_TRUST_MODELS
  (void)pk;
@ -197,8 +198,15 @@ get_ownertrust_with_min (PKT_public_key *pk)
 #else
  unsigned int otrust, otrust_min;

-  otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
-  otrust_min = tdb_get_min_ownertrust (pk);
+  /* Shortcut instead of doing the same twice in the two tdb_get
+   * functions: If the caller asked not to create a trustdb we call
+   * init_trustdb directly and allow it to fail with an error code for
+   * a non-existing trustdb.  */
+  if (no_create && init_trustdb (1))
+    return TRUST_UNKNOWN;
+
+  otrust = (tdb_get_ownertrust (pk, no_create) & TRUST_MASK);
+  otrust_min = tdb_get_min_ownertrust (pk, no_create);
  if (otrust < otrust_min)
    {
      /* If the trust that the user has set is less than the trust
@ -217,23 +225,25 @@ get_ownertrust_with_min (PKT_public_key *pk)

 /*
 * Same as get_ownertrust but return a trust letter instead of an
- * value.  This takes the minimum ownertrust value into account.
+ * value.  This takes the minimum ownertrust value into account.  If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
 */
 int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
 {
-  return trust_letter (get_ownertrust_with_min (pk));
+  return trust_letter (get_ownertrust_with_min (pk, no_create));
 }


 /*
 * Same as get_ownertrust but return a trust string instead of an
- * value.  This takes the minimum ownertrust value into account.
+ * value.  This takes the minimum ownertrust value into account.  If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
 */
 const char *
-get_ownertrust_string (PKT_public_key *pk)
+get_ownertrust_string (PKT_public_key *pk, int no_create)
 {
-  return trust_value_to_string (get_ownertrust_with_min (pk));
+  return trust_value_to_string (get_ownertrust_with_min (pk, no_create));
 }


--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -296,9 +296,9 @@ verify_own_keys(void)
 		     keystr(k->kid));
          else
 	    {
-	      tdb_update_ownertrust (&pk,
-                                     ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
-                                      | TRUST_ULTIMATE ));
+	      tdb_update_ownertrust
+                (&pk, ((tdb_get_ownertrust (&pk, 0) & ~TRUST_MASK)
+                       | TRUST_ULTIMATE ));
 	      release_public_key_parts (&pk);
 	    }

@ -439,21 +439,34 @@ how_to_fix_the_trustdb ()
 }


-void
-init_trustdb ()
+/* Initialize the trustdb.  With NO_CREATE set a missing trustdb is
+ * not an error and the function won't terminate the process on error;
+ * in that case 0 is returned if there is a trustdb or an error code
+ * if no trustdb is available.  */
+gpg_error_t
+init_trustdb (int no_create)
 {
  int level = trustdb_args.level;
  const char* dbname = trustdb_args.dbname;

  if( trustdb_args.init )
-    return;
+    return 0;

  trustdb_args.init = 1;

  if(level==0 || level==1)
    {
-      int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb);
-      if( rc )
+      int rc = tdbio_set_dbname (dbname, (!no_create && level),
+                                 &trustdb_args.no_trustdb);
+      if (no_create && trustdb_args.no_trustdb)
+        {
+          /* No trustdb found and the caller asked us not to create
+           * it.  Return an error and set the initialization state
+           * back so that we always test for an existing trustdb.  */
+          trustdb_args.init = 0;
+          return gpg_error (GPG_ERR_ENOENT);
+        }
+      if (rc)
 	log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
    }
  else
@ -493,6 +506,8 @@ init_trustdb ()
      if(!tdbio_db_matches_options())
 	pending_check_trustdb=1;
    }
+
+  return 0;
 }


@ -504,7 +519,7 @@ init_trustdb ()
 void
 check_trustdb (ctrl_t ctrl)
 {
-  init_trustdb();
+  init_trustdb (0);
  if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
      || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
    {
@ -541,7 +556,7 @@ check_trustdb (ctrl_t ctrl)
 void
 update_trustdb (ctrl_t ctrl)
 {
-  init_trustdb ();
+  init_trustdb (0);
  if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
      || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
    validate_keys (ctrl, 1);
@ -553,7 +568,7 @@ update_trustdb (ctrl_t ctrl)
 void
 tdb_revalidation_mark (void)
 {
-  init_trustdb();
+  init_trustdb (0);
  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
    return;

@ -591,7 +606,7 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
 {
  TRUSTREC opts;

-  init_trustdb();
+  init_trustdb (0);
  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
    memset (&opts, 0, sizeof opts);
  else
@ -622,7 +637,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
 {
  int rc;

-  init_trustdb();
+  init_trustdb (0);
  rc = tdbio_search_trust_bypk (pk, rec);
  if (rc)
    {
@ -642,12 +657,16 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
  return 0;
 }

-/****************
- * Return the assigned ownertrust value for the given public key.
- * The key should be the primary key.
+
+/*
+ * Return the assigned ownertrust value for the given public key.  The
+ * key should be the primary key.  If NO_CREATE is set a missing
+ * trustdb will not be created.  This comes for example handy when we
+ * want to print status lines (DECRYPTION_KEY) which carry ownertrust
+ * values but we usually use --always-trust.
 */
 unsigned int
-tdb_get_ownertrust ( PKT_public_key *pk)
+tdb_get_ownertrust (PKT_public_key *pk, int no_create)
 {
  TRUSTREC rec;
  gpg_error_t err;
@ -655,6 +674,12 @@ tdb_get_ownertrust ( PKT_public_key *pk)
  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
    return TRUST_UNKNOWN;

+  /* If the caller asked not to create a trustdb we call init_trustdb
+   * directly and allow it to fail with an error code for a
+   * non-existing trustdb.  */
+  if (no_create && init_trustdb (1))
+    return TRUST_UNKNOWN;
+
  err = read_trust_record (pk, &rec);
  if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
    return TRUST_UNKNOWN; /* no record yet */
@ -669,7 +694,7 @@ tdb_get_ownertrust ( PKT_public_key *pk)


 unsigned int
-tdb_get_min_ownertrust (PKT_public_key *pk)
+tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
 {
  TRUSTREC rec;
  gpg_error_t err;
@ -677,6 +702,12 @@ tdb_get_min_ownertrust (PKT_public_key *pk)
  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
    return TRUST_UNKNOWN;

+  /* If the caller asked not to create a trustdb we call init_trustdb
+   * directly and allow it to fail with an error code for a
+   * non-existing trustdb.  */
+  if (no_create && init_trustdb (1))
+    return TRUST_UNKNOWN;
+
  err = read_trust_record (pk, &rec);
  if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
    return TRUST_UNKNOWN; /* no record yet */
@ -808,7 +839,7 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
  TRUSTREC rec;
  gpg_error_t err;

-  init_trustdb ();
+  init_trustdb (0);

  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
    return 0;
@ -915,7 +946,7 @@ tdb_cache_disabled_value (PKT_public_key *pk)
  if (pk->flags.disabled_valid)
    return pk->flags.disabled;

-  init_trustdb();
+  init_trustdb (0);

  if (trustdb_args.no_trustdb)
    return 0;  /* No trustdb => not disabled.  */
@ -950,7 +981,7 @@ tdb_check_trustdb_stale (ctrl_t ctrl)
 {
  static int did_nextcheck=0;

-  init_trustdb ();
+  init_trustdb (0);

  if (trustdb_args.no_trustdb)
    return;  /* No trustdb => can't be stale.  */
@ -1021,7 +1052,7 @@ tdb_get_validity_core (ctrl_t ctrl,
  (void)may_ask;
 #endif

-  init_trustdb ();
+  init_trustdb (0);

  /* If we have no trustdb (which also means it has not been created)
     and the trust-model is always, we don't know the validity -
@ -1036,7 +1067,7 @@ tdb_get_validity_core (ctrl_t ctrl,
    {
      /* Note that this happens BEFORE any user ID stuff is checked.
 	 The direct trust model applies to keys as a whole. */
-      validity = tdb_get_ownertrust (main_pk);
+      validity = tdb_get_ownertrust (main_pk, 0);
      goto leave;
    }

@ -1248,7 +1279,7 @@ get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)

  uid->help_marginal_count=uid->help_full_count=0;

-  init_trustdb ();
+  init_trustdb (0);

  if(read_trust_record (pk, &trec))
    return;
@ -1353,7 +1384,7 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
    {
      ot=edit_ownertrust (ctrl, pk, 0);
      if(ot>0)
-	ot = tdb_get_ownertrust (pk);
+	ot = tdb_get_ownertrust (pk, 0);
      else if(ot==0)
 	ot = minimum?minimum:TRUST_UNDEFINED;
      else
@ -2142,9 +2173,9 @@ validate_keys (ctrl_t ctrl, int interactive)
 		      k->kid[1]=kid[1];
 		      k->ownertrust =
 			(tdb_get_ownertrust
-                         (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
+                         (kar->keyblock->pkt->pkt.public_key, 0) & TRUST_MASK);
 		      k->min_ownertrust = tdb_get_min_ownertrust
-                        (kar->keyblock->pkt->pkt.public_key);
+                        (kar->keyblock->pkt->pkt.public_key, 0);
 		      k->trust_depth=
 			kar->keyblock->pkt->pkt.public_key->trust_depth;
 		      k->trust_value=
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@ -127,7 +127,7 @@ void update_trustdb (ctrl_t ctrl);
 int setup_trustdb( int level, const char *dbname );
 void how_to_fix_the_trustdb (void);
 const char *trust_model_string (int model);
-void init_trustdb( void );
+gpg_error_t init_trustdb (int no_create);
 void tdb_check_trustdb_stale (ctrl_t ctrl);
 void sync_trustdb( void );

@ -152,10 +152,10 @@ void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
 			byte *marginals,byte *completes,byte *cert_depth,
 			byte *min_cert_level);

-unsigned int tdb_get_ownertrust (PKT_public_key *pk);
-unsigned int tdb_get_min_ownertrust (PKT_public_key *pk);
-int get_ownertrust_info (PKT_public_key *pk);
-const char *get_ownertrust_string (PKT_public_key *pk);
+unsigned int tdb_get_ownertrust (PKT_public_key *pk, int no_create);
+unsigned int tdb_get_min_ownertrust (PKT_public_key *pk, int no_create);
+int get_ownertrust_info (PKT_public_key *pk, int no_create);
+const char *get_ownertrust_string (PKT_public_key *pk, int no_create);

 void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
 int tdb_clear_ownertrusts (PKT_public_key *pk);