mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
backup
This commit is contained in:
parent
4ec1775f3e
commit
ea4b6f9db7
95
g10/import.c
95
g10/import.c
@ -48,99 +48,8 @@
|
|||||||
int
|
int
|
||||||
import_pubkeys( const char *filename )
|
import_pubkeys( const char *filename )
|
||||||
{
|
{
|
||||||
int rc;
|
log_fatal("Not yet implemented");
|
||||||
PACKET pkt;
|
return 0;
|
||||||
int save_mode;
|
|
||||||
ulong offset;
|
|
||||||
IOBUF iobuf = NULL;
|
|
||||||
|
|
||||||
init_packet(&pkt);
|
|
||||||
save_mode = set_packet_list_mode(0);
|
|
||||||
|
|
||||||
if( !(iobuf = iobuf_open( filename )) ) {
|
|
||||||
rc = G10ERR_KEYRING_OPEN;
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
while( !(rc=search_packet(iobuf, &pkt, PKT_PUBLIC_CERT, &offset)) ) {
|
|
||||||
PKT_public_cert *pkc = pkt.pkt.public_cert;
|
|
||||||
u32 keyid[2];
|
|
||||||
int otrust;
|
|
||||||
|
|
||||||
assert( pkt.pkttype == PKT_PUBLIC_CERT );
|
|
||||||
|
|
||||||
keyid_from_pkc( pkc, keyid );
|
|
||||||
rc = get_ownertrust( pkc, &otrust );
|
|
||||||
if( rc && rc != -1 ) {
|
|
||||||
log_error("error getting otrust of %08lX: %s\n",
|
|
||||||
keyid[1], g10_errstr(rc) );
|
|
||||||
}
|
|
||||||
else if( rc == -1 ) { /* No pubkey in trustDB: Insert */
|
|
||||||
rc = insert_trust_record( pkc );
|
|
||||||
if( rc ) {
|
|
||||||
log_error("failed to insert it into the trustdb: %s\n",
|
|
||||||
g10_errstr(rc) );
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
rc = get_ownertrust( pkc, &otrust );
|
|
||||||
if( rc )
|
|
||||||
log_fatal("failed to reread the pubkey record: %s\n",
|
|
||||||
g10_errstr(rc) );
|
|
||||||
log_info("key %08lX inserted in trustdb (localid=%lu)\n",
|
|
||||||
keyid[1], pkc->local_id );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
log_info("key %08lX already in trustdb (localid=%lu)\n",
|
|
||||||
keyid[1], pkc->local_id );
|
|
||||||
|
|
||||||
free_packet(&pkt);
|
|
||||||
}
|
|
||||||
|
|
||||||
iobuf_close(iobuf);
|
|
||||||
if( !(iobuf = iobuf_open( filename )) ) {
|
|
||||||
rc = G10ERR_KEYRING_OPEN;
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
while( !(rc=search_packet(iobuf, &pkt, PKT_PUBLIC_CERT, &offset)) ) {
|
|
||||||
PKT_public_cert *pkc = pkt.pkt.public_cert;
|
|
||||||
u32 keyid[2];
|
|
||||||
int trustlevel;
|
|
||||||
|
|
||||||
assert( pkt.pkttype == PKT_PUBLIC_CERT );
|
|
||||||
|
|
||||||
keyid_from_pkc( pkc, keyid );
|
|
||||||
rc = check_pkc_trust( pkc, &trustlevel );
|
|
||||||
if( rc ) {
|
|
||||||
log_error("error checking trust of %08lX: %s\n",
|
|
||||||
keyid[1], g10_errstr(rc) );
|
|
||||||
}
|
|
||||||
else if( trustlevel & TRUST_NO_PUBKEY ) {
|
|
||||||
/* No pubkey in trustDB: Insert and check again */
|
|
||||||
rc = insert_trust_record( pkc );
|
|
||||||
if( rc ) {
|
|
||||||
log_error("failed to insert it into the trustdb: %s\n",
|
|
||||||
g10_errstr(rc) );
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
rc = check_pkc_trust( pkc, &trustlevel );
|
|
||||||
if( rc )
|
|
||||||
log_fatal("trust check after insert failed: %s\n",
|
|
||||||
g10_errstr(rc) );
|
|
||||||
if( trustlevel & TRUST_NO_PUBKEY )
|
|
||||||
BUG();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
free_packet(&pkt);
|
|
||||||
}
|
|
||||||
|
|
||||||
leave:
|
|
||||||
iobuf_close(iobuf);
|
|
||||||
free_packet(&pkt);
|
|
||||||
set_packet_list_mode(save_mode);
|
|
||||||
return rc;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -32,6 +32,58 @@
|
|||||||
#include "memory.h"
|
#include "memory.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
#include "trustdb.h"
|
#include "trustdb.h"
|
||||||
|
#include "ttyio.h"
|
||||||
|
|
||||||
|
static int
|
||||||
|
query_ownertrust( PKT_public_cert *pkc )
|
||||||
|
{
|
||||||
|
char *p;
|
||||||
|
size_t n;
|
||||||
|
u32 keyid[2];
|
||||||
|
|
||||||
|
keyid_from_pkc( pkc, keyid );
|
||||||
|
tty_printf("No ownertrust specified for:\n"
|
||||||
|
"%4u%c/%08lX %s \"",
|
||||||
|
nbits_from_pkc( pkc ), pubkey_letter( pkc->pubkey_algo ),
|
||||||
|
(ulong)keyid[1], datestr_from_pkc( pkc ) );
|
||||||
|
p = get_user_id( keyid, &n );
|
||||||
|
tty_print_string( p, n ),
|
||||||
|
m_free(p);
|
||||||
|
tty_printf("\"\n\n"
|
||||||
|
"Please decide in how far do you trust this user to\n"
|
||||||
|
"correctly sign other users keys (looking at his passport,\n"
|
||||||
|
"checking the fingerprints from different sources ...)?\n\n"
|
||||||
|
" 1 = Don't know\n"
|
||||||
|
" 2 = I do NOT trust\n"
|
||||||
|
" 3 = I trust marginally\n"
|
||||||
|
" 4 = I trust fully\n"
|
||||||
|
" s = please show me more informations\n\n" );
|
||||||
|
|
||||||
|
for(;;) {
|
||||||
|
p = tty_get("Your decision? ");
|
||||||
|
trim_spaces(p);
|
||||||
|
tty_kill_prompt();
|
||||||
|
if( *p && p[1] )
|
||||||
|
;
|
||||||
|
else if( *p == '?' ) {
|
||||||
|
tty_printf(
|
||||||
|
"It's up to you to assign a value here; this value will never be exported\n"
|
||||||
|
"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n"
|
||||||
|
"to do with the (implicitly created) web-of-certificates.\n");
|
||||||
|
}
|
||||||
|
else if( !p[1] && (*p >= '1' && *p <= '4') ) {
|
||||||
|
/* okay */
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else if( *p == 's' || *p == 'S' ) {
|
||||||
|
tty_printf("You will see a list of signators etc. here\n");
|
||||||
|
}
|
||||||
|
m_free(p); p = NULL;
|
||||||
|
}
|
||||||
|
m_free(p);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
@ -43,20 +95,52 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
|
|||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if( trustlevel & TRUST_NO_PUBKEY ) {
|
switch( trustlevel ) {
|
||||||
/* No pubkey in trustDB: Insert and check again */
|
case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
|
||||||
rc = insert_trust_record( pkc );
|
rc = insert_trust_record( pkc );
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
log_error("failed to insert it into the trustdb: %s\n",
|
log_error("failed to insert it into the trustdb: %s\n",
|
||||||
g10_errstr(rc) );
|
g10_errstr(rc) );
|
||||||
return 0; /* no */
|
return 0; /* no */
|
||||||
}
|
}
|
||||||
rc = check_pkc_trust( pkc, &trustlevel );
|
rc = check_trust( pkc, &trustlevel );
|
||||||
if( rc )
|
if( rc )
|
||||||
log_fatal("trust check after insert failed: %s\n",
|
log_fatal("trust check after insert failed: %s\n",
|
||||||
g10_errstr(rc) );
|
g10_errstr(rc) );
|
||||||
if( trustlevel & TRUST_NO_PUBKEY )
|
if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED )
|
||||||
BUG();
|
BUG();
|
||||||
|
return do_we_trust( pkc, trustlevel );
|
||||||
|
|
||||||
|
case TRUST_EXPIRED:
|
||||||
|
log_error("trust has expired: NOT yet implemented\n");
|
||||||
|
return 0; /* no */
|
||||||
|
|
||||||
|
case TRUST_UNDEFINED:
|
||||||
|
if( opt.batch || opt.answer_no )
|
||||||
|
log_info("no info to calculate a trust probability\n");
|
||||||
|
else {
|
||||||
|
query_ownertrust( pkc );
|
||||||
|
}
|
||||||
|
return 0; /* no */
|
||||||
|
|
||||||
|
case TRUST_NEVER:
|
||||||
|
log_info("We do NOT trust this key\n");
|
||||||
|
return 0; /* no */
|
||||||
|
|
||||||
|
case TRUST_MARGINAL:
|
||||||
|
log_info("I'm not sure wether this keys really belongs to the owner\n"
|
||||||
|
"but I proceed anyway\n");
|
||||||
|
return 1; /* yes */
|
||||||
|
|
||||||
|
case TRUST_FULLY:
|
||||||
|
log_info("This key probably belongs to the owner\n");
|
||||||
|
return 1; /* yes */
|
||||||
|
|
||||||
|
case TRUST_ULTIMATE:
|
||||||
|
log_info("Our own key is always good.\n");
|
||||||
|
return 1; /* yes */
|
||||||
|
|
||||||
|
default: BUG();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -101,7 +185,7 @@ build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list )
|
|||||||
else if( !(rc=check_pubkey_algo(pkc->pubkey_algo)) ) {
|
else if( !(rc=check_pubkey_algo(pkc->pubkey_algo)) ) {
|
||||||
int trustlevel;
|
int trustlevel;
|
||||||
|
|
||||||
rc = check_pkc_trust( pkc, &trustlevel );
|
rc = check_trust( pkc, &trustlevel );
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
free_public_cert( pkc ); pkc = NULL;
|
free_public_cert( pkc ); pkc = NULL;
|
||||||
log_error("error checking pkc of '%s': %s\n",
|
log_error("error checking pkc of '%s': %s\n",
|
||||||
|
266
g10/trustdb.c
266
g10/trustdb.c
@ -110,6 +110,14 @@ struct local_id_info {
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
typedef struct trust_seg_list *TRUST_SEG_LIST;
|
||||||
|
struct trust_seg_list {
|
||||||
|
TRUST_SEG_LIST next;
|
||||||
|
int nseg; /* number of segmens */
|
||||||
|
int dup;
|
||||||
|
ulong seg[1]; /* segment list */
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
static void create_db( const char *fname );
|
static void create_db( const char *fname );
|
||||||
static void open_db(void);
|
static void open_db(void);
|
||||||
@ -121,18 +129,20 @@ static int walk_sigrecs( SIGREC_CONTEXT *c );
|
|||||||
|
|
||||||
static LOCAL_ID_INFO *new_lid_table(void);
|
static LOCAL_ID_INFO *new_lid_table(void);
|
||||||
static void release_lid_table( LOCAL_ID_INFO *tbl );
|
static void release_lid_table( LOCAL_ID_INFO *tbl );
|
||||||
static int get_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag );
|
static int ins_lid_table_item( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag );
|
||||||
|
static int qry_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag );
|
||||||
|
static void upd_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag );
|
||||||
|
|
||||||
static void print_user_id( const char *text, u32 *keyid );
|
static void print_user_id( const char *text, u32 *keyid );
|
||||||
static int do_list_path( ulong pubkey, int depth, int max_depth,
|
static int do_list_path( ulong *stack, int depth, int max_depth,
|
||||||
LOCAL_ID_INFO *lids, ulong *stack );
|
LOCAL_ID_INFO *lids, TRUST_SEG_LIST *tslist );
|
||||||
|
|
||||||
static int list_sigs( ulong pubkey_id );
|
static int list_sigs( ulong pubkey_id );
|
||||||
|
static int do_check( ulong pubkeyid, int *trustlevel );
|
||||||
|
|
||||||
|
|
||||||
static char *db_name;
|
static char *db_name;
|
||||||
static int db_fd = -1;
|
static int db_fd = -1;
|
||||||
static int no_io_dbg = 0;
|
|
||||||
/* a table used to keep track of ultimately trusted keys
|
/* a table used to keep track of ultimately trusted keys
|
||||||
* which are the ones from our secrings */
|
* which are the ones from our secrings */
|
||||||
static LOCAL_ID_INFO *ultikey_table;
|
static LOCAL_ID_INFO *ultikey_table;
|
||||||
@ -247,16 +257,12 @@ read_record( ulong recnum, TRUSTREC *rec )
|
|||||||
|
|
||||||
if( db_fd == -1 )
|
if( db_fd == -1 )
|
||||||
open_db();
|
open_db();
|
||||||
if( DBG_TRUST && !no_io_dbg )
|
|
||||||
log_debug("trustdb: read_record(%lu)\n", (ulong)recnum);
|
|
||||||
if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
|
if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
|
||||||
log_error("trustdb: lseek failed: %s\n", strerror(errno) );
|
log_error("trustdb: lseek failed: %s\n", strerror(errno) );
|
||||||
return G10ERR_READ_FILE;
|
return G10ERR_READ_FILE;
|
||||||
}
|
}
|
||||||
n = read( db_fd, buf, TRUST_RECORD_LEN);
|
n = read( db_fd, buf, TRUST_RECORD_LEN);
|
||||||
if( !n ) {
|
if( !n ) {
|
||||||
if( DBG_TRUST )
|
|
||||||
log_debug("trustdb: no record at %lu\n", (ulong)recnum );
|
|
||||||
return -1; /* eof */
|
return -1; /* eof */
|
||||||
}
|
}
|
||||||
else if( n != TRUST_RECORD_LEN ) {
|
else if( n != TRUST_RECORD_LEN ) {
|
||||||
@ -341,10 +347,6 @@ read_record( ulong recnum, TRUSTREC *rec )
|
|||||||
rc = G10ERR_TRUSTDB;
|
rc = G10ERR_TRUSTDB;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if( DBG_TRUST && !rc && !no_io_dbg ) {
|
|
||||||
log_debug("trustdb: ");
|
|
||||||
dump_record( recnum, rec, stderr);
|
|
||||||
}
|
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
@ -362,8 +364,6 @@ write_record( ulong recnum, TRUSTREC *rec )
|
|||||||
if( db_fd == -1 )
|
if( db_fd == -1 )
|
||||||
open_db();
|
open_db();
|
||||||
|
|
||||||
if( DBG_TRUST && !no_io_dbg )
|
|
||||||
log_debug("trustdb: write_record(%lu)\n", (ulong)recnum);
|
|
||||||
memset(buf, 0, TRUST_RECORD_LEN);
|
memset(buf, 0, TRUST_RECORD_LEN);
|
||||||
p = buf;
|
p = buf;
|
||||||
*p++ = rec->rectype;
|
*p++ = rec->rectype;
|
||||||
@ -468,13 +468,10 @@ scan_record_by_pkc( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
|
|||||||
|
|
||||||
assert( rectype == 2 || rectype == 3 );
|
assert( rectype == 2 || rectype == 3 );
|
||||||
|
|
||||||
if( DBG_TRUST )
|
|
||||||
log_debug("trustdb: scan_record_by_pkc\n");
|
|
||||||
keyid_from_pkc( pkc, keyid );
|
keyid_from_pkc( pkc, keyid );
|
||||||
fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
|
fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
|
||||||
assert( fingerlen == 20 || fingerlen == 16 );
|
assert( fingerlen == 20 || fingerlen == 16 );
|
||||||
|
|
||||||
no_io_dbg = 1;
|
|
||||||
for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) {
|
for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) {
|
||||||
if( rec->rectype != rectype )
|
if( rec->rectype != rectype )
|
||||||
continue;
|
continue;
|
||||||
@ -490,16 +487,12 @@ scan_record_by_pkc( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
|
|||||||
"not match recnum (%lu,%lu)\n", db_name,
|
"not match recnum (%lu,%lu)\n", db_name,
|
||||||
(ulong)pkc->local_id, (ulong)recnum );
|
(ulong)pkc->local_id, (ulong)recnum );
|
||||||
pkc->local_id = recnum;
|
pkc->local_id = recnum;
|
||||||
no_io_dbg = 0;
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
log_bug("not yet implemented\n");
|
log_bug("not yet implemented\n");
|
||||||
}
|
}
|
||||||
no_io_dbg = 0;
|
|
||||||
if( DBG_TRUST )
|
|
||||||
log_debug("trustdb: scan_record_by_pkc: %s\n", rc==-1?"eof": g10_errstr(rc));
|
|
||||||
if( rc != -1 )
|
if( rc != -1 )
|
||||||
log_error("%s: scan_record_by_pkc failed: %s\n",db_name, g10_errstr(rc) );
|
log_error("%s: scan_record_by_pkc failed: %s\n",db_name, g10_errstr(rc) );
|
||||||
return rc;
|
return rc;
|
||||||
@ -517,33 +510,24 @@ scan_record( ulong local_id, TRUSTREC *rec, int rectype, ulong *r_recnum )
|
|||||||
|
|
||||||
assert( rectype == 3 || rectype == 4 );
|
assert( rectype == 3 || rectype == 4 );
|
||||||
|
|
||||||
if( DBG_TRUST )
|
|
||||||
log_debug("trustdb: scan_record type %d local_id %lu\n",
|
|
||||||
rectype, (ulong)local_id);
|
|
||||||
no_io_dbg = 1;
|
|
||||||
for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) {
|
for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) {
|
||||||
if( rec->rectype != rectype )
|
if( rec->rectype != rectype )
|
||||||
continue;
|
continue;
|
||||||
if( rec->rectype == 34 ) {
|
if( rec->rectype == 34 ) {
|
||||||
if( rec->r.cache.owner == local_id ) { /* found */
|
if( rec->r.cache.owner == local_id ) { /* found */
|
||||||
*r_recnum = recnum;
|
*r_recnum = recnum;
|
||||||
no_io_dbg = 0;
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if( rec->rectype == 4 ) {
|
else if( rec->rectype == 4 ) {
|
||||||
if( rec->r.sigrec.owner == local_id ) { /* found */
|
if( rec->r.sigrec.owner == local_id ) { /* found */
|
||||||
*r_recnum = recnum;
|
*r_recnum = recnum;
|
||||||
no_io_dbg = 0;
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
log_bug("not yet implemented\n");
|
log_bug("not yet implemented\n");
|
||||||
}
|
}
|
||||||
no_io_dbg = 0;
|
|
||||||
if( DBG_TRUST )
|
|
||||||
log_debug("trustdb: scan_record: %s\n", rc==-1?"eof": g10_errstr(rc));
|
|
||||||
if( rc != -1 )
|
if( rc != -1 )
|
||||||
log_error("%s: scan_record failed: %s\n",db_name, g10_errstr(rc) );
|
log_error("%s: scan_record failed: %s\n",db_name, g10_errstr(rc) );
|
||||||
return rc;
|
return rc;
|
||||||
@ -649,10 +633,8 @@ list_trustdb( const char *username )
|
|||||||
for(i=9+strlen(db_name); i > 0; i-- )
|
for(i=9+strlen(db_name); i > 0; i-- )
|
||||||
putchar('-');
|
putchar('-');
|
||||||
putchar('\n');
|
putchar('\n');
|
||||||
no_io_dbg = 1;
|
|
||||||
for(recnum=0; !read_record( recnum, &rec); recnum++ )
|
for(recnum=0; !read_record( recnum, &rec); recnum++ )
|
||||||
dump_record( recnum, &rec, stdout );
|
dump_record( recnum, &rec, stdout );
|
||||||
no_io_dbg = 0;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -660,10 +642,11 @@ void
|
|||||||
list_trust_path( int max_depth, const char *username )
|
list_trust_path( int max_depth, const char *username )
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
int i;
|
||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
|
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
|
||||||
|
|
||||||
if( max_depth < 1 )
|
if( max_depth < 0 )
|
||||||
max_depth = MAX_LIST_SIGS_DEPTH+1;
|
max_depth = MAX_LIST_SIGS_DEPTH+1;
|
||||||
|
|
||||||
|
|
||||||
@ -676,16 +659,38 @@ list_trust_path( int max_depth, const char *username )
|
|||||||
log_error("user '%s' not in trustdb\n", username);
|
log_error("user '%s' not in trustdb\n", username);
|
||||||
else {
|
else {
|
||||||
LOCAL_ID_INFO *lids;
|
LOCAL_ID_INFO *lids;
|
||||||
|
LOCAL_ID_INFO *work;
|
||||||
ulong stack[MAX_LIST_SIGS_DEPTH];
|
ulong stack[MAX_LIST_SIGS_DEPTH];
|
||||||
|
TRUST_SEG_LIST tsl, tslist = NULL;
|
||||||
|
|
||||||
lids = new_lid_table();
|
lids = new_lid_table();
|
||||||
stack[0] = pkc->local_id;
|
stack[0] = pkc->local_id;
|
||||||
rc = do_list_path( pkc->local_id, 1, max_depth, lids, stack );
|
rc = do_list_path( stack, 1, max_depth, lids, &tslist );
|
||||||
putchar('\n');
|
/* wipe out duplicates */
|
||||||
|
work = new_lid_table();
|
||||||
|
for( tsl=tslist; tsl; tsl = tsl->next ) {
|
||||||
|
for(i=1; i < tsl->nseg-1; i++ ) {
|
||||||
|
if( ins_lid_table_item( work, tsl->seg[i], 0 ) ) {
|
||||||
|
tsl->dup = 1; /* mark as duplicate */
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
release_lid_table(work);
|
||||||
|
|
||||||
release_lid_table(lids);
|
release_lid_table(lids);
|
||||||
if( rc )
|
if( rc )
|
||||||
log_error("user '%s' list problem: %s\n", username, g10_errstr(rc));
|
log_error("user '%s' list problem: %s\n", username, g10_errstr(rc));
|
||||||
|
for(tsl = tslist; tsl; tsl = tsl->next ) {
|
||||||
|
int i;
|
||||||
|
|
||||||
|
if( tsl->dup )
|
||||||
|
continue;
|
||||||
|
printf("tslist segs:" );
|
||||||
|
for(i=0; i < tsl->nseg; i++ )
|
||||||
|
printf(" %lu", tsl->seg[i]);
|
||||||
|
putchar('\n');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
free_public_cert( pkc );
|
free_public_cert( pkc );
|
||||||
@ -782,7 +787,7 @@ release_lid_table( LOCAL_ID_INFO *tbl )
|
|||||||
* fixme: maybe its a good idea to tage items from an unused item list.
|
* fixme: maybe its a good idea to tage items from an unused item list.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
add_lid_table_item( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag )
|
ins_lid_table_item( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag )
|
||||||
{
|
{
|
||||||
LOCAL_ID_INFO a;
|
LOCAL_ID_INFO a;
|
||||||
|
|
||||||
@ -798,7 +803,7 @@ add_lid_table_item( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag )
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
get_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag )
|
qry_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag )
|
||||||
{
|
{
|
||||||
LOCAL_ID_INFO a;
|
LOCAL_ID_INFO a;
|
||||||
|
|
||||||
@ -811,6 +816,19 @@ get_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag )
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
upd_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag )
|
||||||
|
{
|
||||||
|
LOCAL_ID_INFO a;
|
||||||
|
|
||||||
|
for( a = tbl[lid & 0x0f]; a; a = a->next )
|
||||||
|
if( a->lid == lid ) {
|
||||||
|
a->flag = flag;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
BUG();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -878,14 +896,13 @@ verify_own_certs()
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
/* look into the trustdb */
|
/* look into the trustdb */
|
||||||
rc = check_pkc_trust( pkc, &trust );
|
rc = check_trust( pkc, &trust );
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
log_info("keyid %08lX: problem in trustdb: %s\n", (ulong)keyid[1],
|
log_info("keyid %08lX: problem in trustdb: %s\n", (ulong)keyid[1],
|
||||||
g10_errstr(rc) );
|
g10_errstr(rc) );
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if( trust & TRUST_NO_PUBKEY ) {
|
if( trust == TRUST_UNKNOWN ) {
|
||||||
log_info("keyid %08lX: not yet in trustdb\n", (ulong)keyid[1] );
|
|
||||||
rc = insert_trust_record( pkc );
|
rc = insert_trust_record( pkc );
|
||||||
if( rc )
|
if( rc )
|
||||||
log_error("keyid %08lX: insert failed: %s\n",
|
log_error("keyid %08lX: insert failed: %s\n",
|
||||||
@ -893,20 +910,16 @@ verify_own_certs()
|
|||||||
else
|
else
|
||||||
log_info("keyid %08lX: inserted\n", (ulong)keyid[1] );
|
log_info("keyid %08lX: inserted\n", (ulong)keyid[1] );
|
||||||
}
|
}
|
||||||
else if( (trust & TRUST_MASK) != TRUST_ULT_TRUST ) {
|
else {
|
||||||
/*log_error("keyid %08lX: not marked as ultimately trusted\n",
|
/* FIXME: we should chek the other values */
|
||||||
(ulong)keyid[1] );
|
|
||||||
FIXME: mark */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if( !(trust & TRUST_NO_PUBKEY) ) {
|
if( DBG_TRUST )
|
||||||
if( DBG_TRUST )
|
log_debug("putting %08lX(%lu) into ultikey_table\n",
|
||||||
log_debug("putting %08lX(%lu) into ultikey_table\n",
|
(ulong)keyid[1], pkc->local_id );
|
||||||
(ulong)keyid[1], pkc->local_id );
|
if( ins_lid_table_item( ultikey_table, pkc->local_id, 0 ) )
|
||||||
if( add_lid_table_item( ultikey_table, pkc->local_id, 0 ) )
|
log_error("keyid %08lX: already in ultikey_table\n",
|
||||||
log_error("keyid %08lX: already in ultikey_table\n",
|
(ulong)keyid[1]);
|
||||||
(ulong)keyid[1]);
|
|
||||||
}
|
|
||||||
|
|
||||||
release_secret_cert_parts( skc );
|
release_secret_cert_parts( skc );
|
||||||
release_public_cert_parts( pkc );
|
release_public_cert_parts( pkc );
|
||||||
@ -965,7 +978,7 @@ do_list_sigs( ulong root, ulong pubkey, int depth,
|
|||||||
printf("%6u: %*s%08lX(%lu:%02x) ", *lineno, depth*4, "",
|
printf("%6u: %*s%08lX(%lu:%02x) ", *lineno, depth*4, "",
|
||||||
(ulong)keyid[1], sx.sig_id, sx.sig_flag );
|
(ulong)keyid[1], sx.sig_id, sx.sig_flag );
|
||||||
/* check wether we already checked this pubkey */
|
/* check wether we already checked this pubkey */
|
||||||
if( !get_lid_table_flag( ultikey_table, sx.sig_id, NULL ) ) {
|
if( !qry_lid_table_flag( ultikey_table, sx.sig_id, NULL ) ) {
|
||||||
print_user_id("[ultimately trusted]", keyid);
|
print_user_id("[ultimately trusted]", keyid);
|
||||||
++*lineno;
|
++*lineno;
|
||||||
}
|
}
|
||||||
@ -977,9 +990,9 @@ do_list_sigs( ulong root, ulong pubkey, int depth,
|
|||||||
printf("[closed]\n");
|
printf("[closed]\n");
|
||||||
++*lineno;
|
++*lineno;
|
||||||
}
|
}
|
||||||
else if( add_lid_table_item( lids, sx.sig_id, *lineno ) ) {
|
else if( ins_lid_table_item( lids, sx.sig_id, *lineno ) ) {
|
||||||
unsigned refline;
|
unsigned refline;
|
||||||
get_lid_table_flag( lids, sx.sig_id, &refline );
|
qry_lid_table_flag( lids, sx.sig_id, &refline );
|
||||||
printf("[see line %u]\n", refline);
|
printf("[see line %u]\n", refline);
|
||||||
++*lineno;
|
++*lineno;
|
||||||
}
|
}
|
||||||
@ -1028,52 +1041,73 @@ list_sigs( ulong pubkey_id )
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_list_path( ulong pubkey, int depth, int max_depth,
|
do_list_path( ulong *stack, int depth, int max_depth,
|
||||||
LOCAL_ID_INFO *lids, ulong *stack )
|
LOCAL_ID_INFO *lids, TRUST_SEG_LIST *tslist )
|
||||||
{
|
{
|
||||||
SIGREC_CONTEXT sx;
|
SIGREC_CONTEXT sx;
|
||||||
|
unsigned last_depth;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if( depth > max_depth || depth >= MAX_LIST_SIGS_DEPTH )
|
assert(depth);
|
||||||
return 0;
|
|
||||||
if( !get_lid_table_flag( ultikey_table, pubkey, NULL ) ) {
|
|
||||||
/* found a path */
|
|
||||||
int i;
|
|
||||||
u32 keyid[2];
|
|
||||||
|
|
||||||
for(i=0; i < depth; i++ ) {
|
/*printf("%2lu/%d: scrutinizig\n", stack[depth-1], depth);*/
|
||||||
if( keyid_from_local_id( stack[i], keyid ) )
|
if( depth >= max_depth || depth >= MAX_LIST_SIGS_DEPTH-1 ) {
|
||||||
printf("%*s????????(%lu) ", i*4,"", stack[i] );
|
/*printf("%2lu/%d: to deeply nested\n", stack[depth-1], depth);*/
|
||||||
else {
|
|
||||||
printf("%*s%08lX(%lu) ", i*4,"", keyid[1], stack[i] );
|
|
||||||
print_user_id("", keyid );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
putchar('\n');
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( add_lid_table_item( lids, pubkey, 0 ) )
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
memset( &sx, 0, sizeof sx );
|
memset( &sx, 0, sizeof sx );
|
||||||
sx.pubkey_id = pubkey;
|
sx.pubkey_id = stack[depth-1];
|
||||||
do {
|
while( !(rc = walk_sigrecs( &sx )) ) {
|
||||||
rc = walk_sigrecs( &sx );
|
TRUST_SEG_LIST tsl, t2, tl;
|
||||||
if( !rc ) {
|
int i;
|
||||||
stack[depth] = sx.sig_id;
|
|
||||||
rc = do_list_path( sx.sig_id, depth+1, max_depth, lids, stack );
|
stack[depth] = sx.sig_id;
|
||||||
|
if( qry_lid_table_flag( lids, sx.sig_id, &last_depth) ) {
|
||||||
|
/*printf("%2lu/%d: marked\n", sx.sig_id, depth );*/
|
||||||
|
ins_lid_table_item( lids, sx.sig_id, depth);
|
||||||
|
last_depth = depth;
|
||||||
}
|
}
|
||||||
} while( !rc );
|
else if( depth < last_depth ) {
|
||||||
|
/*printf("%2lu/%d: last_depth=%u - updated\n", sx.sig_id, depth, last_depth);*/
|
||||||
|
last_depth = depth;
|
||||||
|
upd_lid_table_flag( lids, sx.sig_id, depth);
|
||||||
|
}
|
||||||
|
|
||||||
|
if( last_depth < depth )
|
||||||
|
/*printf("%2lu/%d: already visited\n", sx.sig_id, depth)*/;
|
||||||
|
else if( !qry_lid_table_flag( ultikey_table, sx.sig_id, NULL ) ) {
|
||||||
|
/* found end of path; store it, ordered by path length */
|
||||||
|
tsl = m_alloc( sizeof *tsl + depth*sizeof(ulong) );
|
||||||
|
tsl->nseg = depth+1;
|
||||||
|
tsl->dup = 0;
|
||||||
|
for(i=0; i <= depth; i++ )
|
||||||
|
tsl->seg[i] = stack[i];
|
||||||
|
for(t2=*tslist,tl=NULL; t2; tl=t2, t2 = t2->next )
|
||||||
|
if( depth < t2->nseg )
|
||||||
|
break;
|
||||||
|
if( !tl ) {
|
||||||
|
tsl->next = t2;
|
||||||
|
*tslist = tsl;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
tsl->next = t2;
|
||||||
|
tl->next = tsl;
|
||||||
|
}
|
||||||
|
/*putchar('.'); fflush(stdout);*/
|
||||||
|
/*printf("%2lu/%d: found\n", sx.sig_id, depth);*/
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
rc = do_list_path( stack, depth+1, max_depth, lids, tslist);
|
||||||
|
if( rc && rc != -1 )
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
return rc==-1? 0 : rc;
|
return rc==-1? 0 : rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Check all the sigs of the given keyblock and mark them
|
* Check all the sigs of the given keyblock and mark them
|
||||||
* as checked.
|
* as checked.
|
||||||
@ -1237,38 +1271,12 @@ build_sigrecs( ulong pubkeyid )
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
/****************
|
|
||||||
* Recursive check the signatures.
|
|
||||||
*/
|
|
||||||
#if 0
|
|
||||||
static int
|
|
||||||
walk( KBNODE keyblock, int levels )
|
|
||||||
{
|
|
||||||
KBNODE kbctx, node;
|
|
||||||
|
|
||||||
check_sigs( keyblock );
|
|
||||||
if( levels ) { /* check the next level */
|
|
||||||
for( kbctx=NULL; (node=walk_kbtree( keyblock, &kbctx)) ; ) {
|
|
||||||
if( node->pkt->pkttype == PKT_SIGNATURE && (node->flag & 1) ) {
|
|
||||||
/* read the keyblock for this signator */
|
|
||||||
|
|
||||||
/* and check his signatures */
|
|
||||||
/*walk( his_keyblock, levels-1)*/
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
check_trust( ulong pubkeyid )
|
do_check( ulong pubkeyid, int *trustlevel )
|
||||||
{
|
{
|
||||||
int rc=0;
|
int rc=0;
|
||||||
ulong rnum;
|
ulong rnum;
|
||||||
@ -1367,46 +1375,49 @@ init_trustdb( int level )
|
|||||||
* is not necessary to check this if we use a local pubring. Hmmmm.
|
* is not necessary to check this if we use a local pubring. Hmmmm.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel )
|
check_trust( PKT_public_cert *pkc, int *r_trustlevel )
|
||||||
{
|
{
|
||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
int trustlevel = 0;
|
int trustlevel = TRUST_UNKNOWN;
|
||||||
int rc=0;
|
int rc=0;
|
||||||
|
|
||||||
if( opt.verbose )
|
if( DBG_TRUST )
|
||||||
log_info("check_pkc_trust() called.\n");
|
log_info("check_trust() called.\n");
|
||||||
|
|
||||||
/* get the pubkey record */
|
/* get the pubkey record */
|
||||||
if( pkc->local_id ) {
|
if( pkc->local_id ) {
|
||||||
if( read_record( pkc->local_id, &rec ) ) {
|
if( read_record( pkc->local_id, &rec ) ) {
|
||||||
log_error("check_pkc_trust: read record failed\n");
|
log_error("check_trust: read record failed\n");
|
||||||
return G10ERR_TRUSTDB;
|
return G10ERR_TRUSTDB;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else { /* no local_id: scan the trustdb */
|
else { /* no local_id: scan the trustdb */
|
||||||
if( (rc=scan_record_by_pkc( pkc, &rec, 2 )) && rc != -1 ) {
|
if( (rc=scan_record_by_pkc( pkc, &rec, 2 )) && rc != -1 ) {
|
||||||
log_error("check_pkc_trust: scan_record_by_pkc(2) failed: %s\n",
|
log_error("check_trust: scan_record_by_pkc(2) failed: %s\n",
|
||||||
g10_errstr(rc));
|
g10_errstr(rc));
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
else if( rc == -1 ) {
|
else if( rc == -1 ) {
|
||||||
log_error("check_pkc_trust: pubkey not in TrustDB\n");
|
log_error("check_trust: pubkey not in TrustDB\n");
|
||||||
trustlevel = TRUST_NO_PUBKEY;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* fixme: do some additional checks on the pubkey record */
|
/* fixme: do some additional checks on the pubkey record */
|
||||||
|
|
||||||
rc = check_trust( pkc->local_id );
|
rc = do_check( pkc->local_id, &trustlevel );
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
log_error("check_pkc_trust: check_trust failed: %s\n", g10_errstr(rc));
|
log_error("check_trust: do_check failed: %s\n", g10_errstr(rc));
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
if( !rec.r.pubkey.ownertrust )
|
||||||
|
trustlevel = TRUST_UNDEFINED;
|
||||||
|
else
|
||||||
|
trustlevel = TRUST_EXPIRED;
|
||||||
|
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
if( opt.verbose )
|
if( DBG_TRUST )
|
||||||
log_info("check_pkc_trust() returns trustlevel %04x.\n", trustlevel);
|
log_info("check_trust() returns trustlevel %04x.\n", trustlevel);
|
||||||
*r_trustlevel = trustlevel;
|
*r_trustlevel = trustlevel;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1453,9 +1464,6 @@ insert_trust_record( PKT_public_cert *pkc )
|
|||||||
size_t fingerlen;
|
size_t fingerlen;
|
||||||
|
|
||||||
|
|
||||||
if( DBG_TRUST )
|
|
||||||
log_debug("trustdb: insert_record\n");
|
|
||||||
|
|
||||||
if( pkc->local_id )
|
if( pkc->local_id )
|
||||||
log_bug("pkc->local_id=%lu\n", (ulong)pkc->local_id );
|
log_bug("pkc->local_id=%lu\n", (ulong)pkc->local_id );
|
||||||
|
|
||||||
@ -1491,8 +1499,6 @@ update_trust_record( PKT_public_cert *pkc, int new_trust )
|
|||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
ulong recnum;
|
ulong recnum;
|
||||||
|
|
||||||
if( DBG_TRUST )
|
|
||||||
log_debug("trustdb: update_record\n");
|
|
||||||
|
|
||||||
assert( pkc->local_id );
|
assert( pkc->local_id );
|
||||||
|
|
||||||
|
@ -23,21 +23,20 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
#define TRUST_MASK 0x07 /* for the trust leveles */
|
#define TRUST_UNKNOWN 0 /* not yet calculated */
|
||||||
#define TRUST_UNKNOWN 1 /* unknown */
|
#define TRUST_EXPIRED 1 /* calculation may be invalid */
|
||||||
#define TRUST_NO_TRUST 2 /* not trusted */
|
#define TRUST_UNDEFINED 2 /* not enough informations for calculation */
|
||||||
#define TRUST_MARG_TRUST 4 /* marginally trusted */
|
#define TRUST_NEVER 3 /* never trusted this pubkey */
|
||||||
#define TRUST_FULL_TRUST 5 /* fully trusted */
|
#define TRUST_MARGINAL 4 /* marginally trusted */
|
||||||
#define TRUST_ULT_TRUST 7 /* ultimately trusted */
|
#define TRUST_FULLY 5 /* fully trusted */
|
||||||
/* other bits used with the trustlevel */
|
#define TRUST_ULTIMATE 6 /* ultimately trusted */
|
||||||
#define TRUST_NO_PUBKEY 0x10 /* we do not have the pubkey in out trustDB */
|
|
||||||
|
|
||||||
|
|
||||||
/*-- trustdb.c --*/
|
/*-- trustdb.c --*/
|
||||||
void list_trustdb(const char *username);
|
void list_trustdb(const char *username);
|
||||||
void list_trust_path( int max_depth, const char *username );
|
void list_trust_path( int max_depth, const char *username );
|
||||||
int init_trustdb( int level );
|
int init_trustdb( int level );
|
||||||
int check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel );
|
int check_trust( PKT_public_cert *pkc, int *r_trustlevel );
|
||||||
int get_ownertrust( PKT_public_cert *pkc, int *r_otrust );
|
int get_ownertrust( PKT_public_cert *pkc, int *r_otrust );
|
||||||
int insert_trust_record( PKT_public_cert *pkc );
|
int insert_trust_record( PKT_public_cert *pkc );
|
||||||
int verify_private_data(void);
|
int verify_private_data(void);
|
||||||
|
@ -50,7 +50,7 @@ g10_errstr( int err )
|
|||||||
X(KEYRING_OPEN ,"Can't open the keyring")
|
X(KEYRING_OPEN ,"Can't open the keyring")
|
||||||
X(INVALID_PACKET ,"Invalid packet")
|
X(INVALID_PACKET ,"Invalid packet")
|
||||||
X(BAD_RING ,"Broken keyring")
|
X(BAD_RING ,"Broken keyring")
|
||||||
X(NO_USER_ID ,"No such user id found")
|
X(NO_USER_ID ,"No such user id")
|
||||||
X(NO_SECKEY ,"Secret key not available")
|
X(NO_SECKEY ,"Secret key not available")
|
||||||
X(WRONG_SECKEY ,"Wrong secret key used")
|
X(WRONG_SECKEY ,"Wrong secret key used")
|
||||||
X(UNSUPPORTED ,"Not supported")
|
X(UNSUPPORTED ,"Not supported")
|
||||||
|
Loading…
x
Reference in New Issue
Block a user