From e182542e90cbeff4f2ac6c8d71061356d7cdcdea Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 28 Feb 2017 20:28:56 +0100 Subject: [PATCH] gpg: Do not require a trustdb for decryption. * g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE. Change to return an error code. Change all callers to to pass False for NO_CREATE. (tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test for a non-existing trustdb. Change all callers to to pass False for NO_CREATE. (tdb_get_min_ownertrust): Ditto. * g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call init_trustdb for a quick check. (get_ownertrust_info): Add arg NO_CREATE. (get_ownertrust_string): Ditto. * g10/gpgv.c (get_ownertrust_info): Adjust stub. * g10/test-stubs.c (get_ownertrust_info): Ditto. * g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE set. * g10/pubkey-enc.c (get_it): Ditto. -- Fixes-commit: effa80e0b5fd8cf9e31a984afe391c2406edee8b For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to gnupg-devel 'test failure on git master with decrypt-session-key.scm (and: continuous integration?)' Signed-off-by: Werner Koch --- g10/gpgv.c | 3 +- g10/keyedit.c | 4 +-- g10/keylist.c | 2 +- g10/mainproc.c | 2 +- g10/pkclist.c | 2 +- g10/pubkey-enc.c | 7 +++- g10/tdbdump.c | 6 ++-- g10/test-stubs.c | 3 +- g10/trust.c | 32 +++++++++++------- g10/trustdb.c | 85 +++++++++++++++++++++++++++++++++--------------- g10/trustdb.h | 10 +++--- 11 files changed, 102 insertions(+), 54 deletions(-) diff --git a/g10/gpgv.c b/g10/gpgv.c index ef8d9e0e4..a6d1addd0 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -371,9 +371,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid) } int -get_ownertrust_info (PKT_public_key *pk) +get_ownertrust_info (PKT_public_key *pk, int no_create) { (void)pk; + (void)no_create; return '?'; } diff --git a/g10/keyedit.c b/g10/keyedit.c index ab66d0163..892da1ad5 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -3679,7 +3679,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock) (ulong) pk->timestamp, (ulong) pk->expiredate); if (node->pkt->pkttype == PKT_PUBLIC_KEY && !(opt.fast_list_mode || opt.no_expensive_trust_checks)) - es_putc (get_ownertrust_info (pk), fp); + es_putc (get_ownertrust_info (pk, 0), fp); es_putc (':', fp); es_putc (':', fp); es_putc (':', fp); @@ -3896,7 +3896,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp, static int did_warn = 0; trust = get_validity_string (ctrl, pk, NULL); - otrust = get_ownertrust_string (pk); + otrust = get_ownertrust_string (pk, 0); /* Show a warning once */ if (!did_warn diff --git a/g10/keylist.c b/g10/keylist.c index abdcb9f0a..2684f59db 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1232,7 +1232,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, } if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) - ownertrust_print = get_ownertrust_info (pk); + ownertrust_print = get_ownertrust_info (pk, 0); else ownertrust_print = 0; diff --git a/g10/mainproc.c b/g10/mainproc.c index 8e2989187..4f8d0be3f 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1032,7 +1032,7 @@ list_node (CTX c, kbnode_t node) colon_datestr_from_pk( pk ), colon_strtime (pk->expiredate) ); if (pk->flags.primary && !opt.fast_list_mode) - es_putc (get_ownertrust_info (pk), es_stdout); + es_putc (get_ownertrust_info (pk, 1), es_stdout); es_putc (':', es_stdout); es_putc ('\n', es_stdout); } diff --git a/g10/pkclist.c b/g10/pkclist.c index 4991d20ba..012f751cf 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -188,7 +188,7 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode, int show=0; int min_num; int did_help=defer_help; - unsigned int minimum = tdb_get_min_ownertrust (pk); + unsigned int minimum = tdb_get_min_ownertrust (pk, 0); switch(minimum) { diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 177293619..e037c120d 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -404,8 +404,13 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) hexfingerprint (pk, pkhex, sizeof pkhex); hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex); + /* Note that we do not want to create a trustdb just for + * getting the ownertrust: If there is no trustdb there can't + * be ulitmately trusted key anyway and thus the ownertrust + * value is irrelevant. */ write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c", - pkhex, mainpkhex, get_ownertrust_info (mainpk)); + pkhex, mainpkhex, + get_ownertrust_info (mainpk, 1)); } diff --git a/g10/tdbdump.c b/g10/tdbdump.c index be9d1f2e6..ab2f0724d 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -70,7 +70,7 @@ list_trustdb (estream_t fp, const char *username) (void)username; - init_trustdb(); + init_trustdb (0); /* For now we ignore the user ID. */ if (1) { @@ -101,7 +101,7 @@ export_ownertrust() int i; byte *p; - init_trustdb(); + init_trustdb (0); es_printf (_("# List of assigned trustvalues, created %s\n" "# (Use \"gpg --import-ownertrust\" to restore them)\n"), asctimestamp( make_timestamp() ) ); @@ -133,7 +133,7 @@ import_ownertrust( const char *fname ) int any = 0; int rc; - init_trustdb(); + init_trustdb (0); if( iobuf_is_pipe_filename (fname) ) { fp = es_stdin; fname = "[stdin]"; diff --git a/g10/test-stubs.c b/g10/test-stubs.c index 8752f8894..a74df209c 100644 --- a/g10/test-stubs.c +++ b/g10/test-stubs.c @@ -138,9 +138,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid) } int -get_ownertrust_info (PKT_public_key *pk) +get_ownertrust_info (PKT_public_key *pk, int no_create) { (void)pk; + (void)no_create; return '?'; } diff --git a/g10/trust.c b/g10/trust.c index b1fa3d652..d0ea77efd 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -179,17 +179,18 @@ get_ownertrust (PKT_public_key *pk) (void)pk; return TRUST_UNKNOWN; #else - return tdb_get_ownertrust (pk); + return tdb_get_ownertrust (pk, 0); #endif } /* * Same as get_ownertrust but this takes the minimum ownertrust value - * into account, and will bump up the value as needed. + * into account, and will bump up the value as needed. NO_CREATE + * inhibits creation of a trustdb it that does not yet exists. */ static int -get_ownertrust_with_min (PKT_public_key *pk) +get_ownertrust_with_min (PKT_public_key *pk, int no_create) { #ifdef NO_TRUST_MODELS (void)pk; @@ -197,8 +198,15 @@ get_ownertrust_with_min (PKT_public_key *pk) #else unsigned int otrust, otrust_min; - otrust = (tdb_get_ownertrust (pk) & TRUST_MASK); - otrust_min = tdb_get_min_ownertrust (pk); + /* Shortcut instead of doing the same twice in the two tdb_get + * functions: If the caller asked not to create a trustdb we call + * init_trustdb directly and allow it to fail with an error code for + * a non-existing trustdb. */ + if (no_create && init_trustdb (1)) + return TRUST_UNKNOWN; + + otrust = (tdb_get_ownertrust (pk, no_create) & TRUST_MASK); + otrust_min = tdb_get_min_ownertrust (pk, no_create); if (otrust < otrust_min) { /* If the trust that the user has set is less than the trust @@ -217,23 +225,25 @@ get_ownertrust_with_min (PKT_public_key *pk) /* * Same as get_ownertrust but return a trust letter instead of an - * value. This takes the minimum ownertrust value into account. + * value. This takes the minimum ownertrust value into account. If + * NO_CREATE is set, no efforts for creating a trustdb will be taken. */ int -get_ownertrust_info (PKT_public_key *pk) +get_ownertrust_info (PKT_public_key *pk, int no_create) { - return trust_letter (get_ownertrust_with_min (pk)); + return trust_letter (get_ownertrust_with_min (pk, no_create)); } /* * Same as get_ownertrust but return a trust string instead of an - * value. This takes the minimum ownertrust value into account. + * value. This takes the minimum ownertrust value into account. If + * NO_CREATE is set, no efforts for creating a trustdb will be taken. */ const char * -get_ownertrust_string (PKT_public_key *pk) +get_ownertrust_string (PKT_public_key *pk, int no_create) { - return trust_value_to_string (get_ownertrust_with_min (pk)); + return trust_value_to_string (get_ownertrust_with_min (pk, no_create)); } diff --git a/g10/trustdb.c b/g10/trustdb.c index 5f68012f9..f4df4c818 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -296,9 +296,9 @@ verify_own_keys(void) keystr(k->kid)); else { - tdb_update_ownertrust (&pk, - ((tdb_get_ownertrust (&pk) & ~TRUST_MASK) - | TRUST_ULTIMATE )); + tdb_update_ownertrust + (&pk, ((tdb_get_ownertrust (&pk, 0) & ~TRUST_MASK) + | TRUST_ULTIMATE )); release_public_key_parts (&pk); } @@ -439,21 +439,34 @@ how_to_fix_the_trustdb () } -void -init_trustdb () +/* Initialize the trustdb. With NO_CREATE set a missing trustdb is + * not an error and the function won't terminate the process on error; + * in that case 0 is returned if there is a trustdb or an error code + * if no trustdb is available. */ +gpg_error_t +init_trustdb (int no_create) { int level = trustdb_args.level; const char* dbname = trustdb_args.dbname; if( trustdb_args.init ) - return; + return 0; trustdb_args.init = 1; if(level==0 || level==1) { - int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb); - if( rc ) + int rc = tdbio_set_dbname (dbname, (!no_create && level), + &trustdb_args.no_trustdb); + if (no_create && trustdb_args.no_trustdb) + { + /* No trustdb found and the caller asked us not to create + * it. Return an error and set the initialization state + * back so that we always test for an existing trustdb. */ + trustdb_args.init = 0; + return gpg_error (GPG_ERR_ENOENT); + } + if (rc) log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) ); } else @@ -493,6 +506,8 @@ init_trustdb () if(!tdbio_db_matches_options()) pending_check_trustdb=1; } + + return 0; } @@ -504,7 +519,7 @@ init_trustdb () void check_trustdb (ctrl_t ctrl) { - init_trustdb(); + init_trustdb (0); if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU) { @@ -541,7 +556,7 @@ check_trustdb (ctrl_t ctrl) void update_trustdb (ctrl_t ctrl) { - init_trustdb (); + init_trustdb (0); if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU) validate_keys (ctrl, 1); @@ -553,7 +568,7 @@ update_trustdb (ctrl_t ctrl) void tdb_revalidation_mark (void) { - init_trustdb(); + init_trustdb (0); if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) return; @@ -591,7 +606,7 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, { TRUSTREC opts; - init_trustdb(); + init_trustdb (0); if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) memset (&opts, 0, sizeof opts); else @@ -622,7 +637,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec) { int rc; - init_trustdb(); + init_trustdb (0); rc = tdbio_search_trust_bypk (pk, rec); if (rc) { @@ -642,12 +657,16 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec) return 0; } -/**************** - * Return the assigned ownertrust value for the given public key. - * The key should be the primary key. + +/* + * Return the assigned ownertrust value for the given public key. The + * key should be the primary key. If NO_CREATE is set a missing + * trustdb will not be created. This comes for example handy when we + * want to print status lines (DECRYPTION_KEY) which carry ownertrust + * values but we usually use --always-trust. */ unsigned int -tdb_get_ownertrust ( PKT_public_key *pk) +tdb_get_ownertrust (PKT_public_key *pk, int no_create) { TRUSTREC rec; gpg_error_t err; @@ -655,6 +674,12 @@ tdb_get_ownertrust ( PKT_public_key *pk) if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) return TRUST_UNKNOWN; + /* If the caller asked not to create a trustdb we call init_trustdb + * directly and allow it to fail with an error code for a + * non-existing trustdb. */ + if (no_create && init_trustdb (1)) + return TRUST_UNKNOWN; + err = read_trust_record (pk, &rec); if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) return TRUST_UNKNOWN; /* no record yet */ @@ -669,7 +694,7 @@ tdb_get_ownertrust ( PKT_public_key *pk) unsigned int -tdb_get_min_ownertrust (PKT_public_key *pk) +tdb_get_min_ownertrust (PKT_public_key *pk, int no_create) { TRUSTREC rec; gpg_error_t err; @@ -677,6 +702,12 @@ tdb_get_min_ownertrust (PKT_public_key *pk) if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) return TRUST_UNKNOWN; + /* If the caller asked not to create a trustdb we call init_trustdb + * directly and allow it to fail with an error code for a + * non-existing trustdb. */ + if (no_create && init_trustdb (1)) + return TRUST_UNKNOWN; + err = read_trust_record (pk, &rec); if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) return TRUST_UNKNOWN; /* no record yet */ @@ -808,7 +839,7 @@ tdb_clear_ownertrusts (PKT_public_key *pk) TRUSTREC rec; gpg_error_t err; - init_trustdb (); + init_trustdb (0); if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) return 0; @@ -915,7 +946,7 @@ tdb_cache_disabled_value (PKT_public_key *pk) if (pk->flags.disabled_valid) return pk->flags.disabled; - init_trustdb(); + init_trustdb (0); if (trustdb_args.no_trustdb) return 0; /* No trustdb => not disabled. */ @@ -950,7 +981,7 @@ tdb_check_trustdb_stale (ctrl_t ctrl) { static int did_nextcheck=0; - init_trustdb (); + init_trustdb (0); if (trustdb_args.no_trustdb) return; /* No trustdb => can't be stale. */ @@ -1021,7 +1052,7 @@ tdb_get_validity_core (ctrl_t ctrl, (void)may_ask; #endif - init_trustdb (); + init_trustdb (0); /* If we have no trustdb (which also means it has not been created) and the trust-model is always, we don't know the validity - @@ -1036,7 +1067,7 @@ tdb_get_validity_core (ctrl_t ctrl, { /* Note that this happens BEFORE any user ID stuff is checked. The direct trust model applies to keys as a whole. */ - validity = tdb_get_ownertrust (main_pk); + validity = tdb_get_ownertrust (main_pk, 0); goto leave; } @@ -1248,7 +1279,7 @@ get_validity_counts (PKT_public_key *pk, PKT_user_id *uid) uid->help_marginal_count=uid->help_full_count=0; - init_trustdb (); + init_trustdb (0); if(read_trust_record (pk, &trec)) return; @@ -1353,7 +1384,7 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum) { ot=edit_ownertrust (ctrl, pk, 0); if(ot>0) - ot = tdb_get_ownertrust (pk); + ot = tdb_get_ownertrust (pk, 0); else if(ot==0) ot = minimum?minimum:TRUST_UNDEFINED; else @@ -2142,9 +2173,9 @@ validate_keys (ctrl_t ctrl, int interactive) k->kid[1]=kid[1]; k->ownertrust = (tdb_get_ownertrust - (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK); + (kar->keyblock->pkt->pkt.public_key, 0) & TRUST_MASK); k->min_ownertrust = tdb_get_min_ownertrust - (kar->keyblock->pkt->pkt.public_key); + (kar->keyblock->pkt->pkt.public_key, 0); k->trust_depth= kar->keyblock->pkt->pkt.public_key->trust_depth; k->trust_value= diff --git a/g10/trustdb.h b/g10/trustdb.h index 6081d1088..3088063aa 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -127,7 +127,7 @@ void update_trustdb (ctrl_t ctrl); int setup_trustdb( int level, const char *dbname ); void how_to_fix_the_trustdb (void); const char *trust_model_string (int model); -void init_trustdb( void ); +gpg_error_t init_trustdb (int no_create); void tdb_check_trustdb_stale (ctrl_t ctrl); void sync_trustdb( void ); @@ -152,10 +152,10 @@ void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, byte *marginals,byte *completes,byte *cert_depth, byte *min_cert_level); -unsigned int tdb_get_ownertrust (PKT_public_key *pk); -unsigned int tdb_get_min_ownertrust (PKT_public_key *pk); -int get_ownertrust_info (PKT_public_key *pk); -const char *get_ownertrust_string (PKT_public_key *pk); +unsigned int tdb_get_ownertrust (PKT_public_key *pk, int no_create); +unsigned int tdb_get_min_ownertrust (PKT_public_key *pk, int no_create); +int get_ownertrust_info (PKT_public_key *pk, int no_create); +const char *get_ownertrust_string (PKT_public_key *pk, int no_create); void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust); int tdb_clear_ownertrusts (PKT_public_key *pk);