1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00

Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)

* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level

* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
  pending_check_trustdb is true (set when we detect a trustdb
  parameter has changed).

* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
  listing for min_cert_level not matching.

* g10/tdbio.c (tdbio_update_version_record, create_version_record,
  tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
  tdbio_write_record): Add a byte for min_cert_level in the tdbio
  version record.
This commit is contained in:
David Shaw 2012-01-19 22:33:51 -05:00
parent cb8ebf792e
commit f310735975
6 changed files with 31 additions and 16 deletions

View File

@ -1,6 +1,6 @@
/* gpgv.c - The GnuPG signature verify utility /* gpgv.c - The GnuPG signature verify utility
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2006, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2006,
* 2009 Free Software Foundation, Inc. * 2009, 2012 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -214,7 +214,8 @@ check_signatures_trust( PKT_signature *sig )
void void
read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth) {} byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level) {}
/* Stub: /* Stub:
* We don't have the trustdb , so we have to provide some stub functions * We don't have the trustdb , so we have to provide some stub functions

View File

@ -1,6 +1,6 @@
/* keylist.c /* keylist.c
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2008 Free Software Foundation, Inc. * 2008, 2012 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -60,11 +60,11 @@ public_key_list( STRLIST list )
{ {
if(opt.with_colons) if(opt.with_colons)
{ {
byte trust_model,marginals,completes,cert_depth; byte trust_model,marginals,completes,cert_depth,min_cert_level;
ulong created,nextcheck; ulong created,nextcheck;
read_trust_options(&trust_model,&created,&nextcheck, read_trust_options(&trust_model,&created,&nextcheck,
&marginals,&completes,&cert_depth); &marginals,&completes,&cert_depth,&min_cert_level);
printf("tru:"); printf("tru:");
@ -80,6 +80,8 @@ public_key_list( STRLIST list )
printf("c"); printf("c");
if(cert_depth!=opt.max_cert_depth) if(cert_depth!=opt.max_cert_depth)
printf("d"); printf("d");
if(min_cert_level!=opt.min_cert_level)
printf("l");
} }
printf(":%d:%lu:%lu",trust_model,created,nextcheck); printf(":%d:%lu:%lu",trust_model,created,nextcheck);

View File

@ -1,5 +1,5 @@
/* tdbio.c /* tdbio.c
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2012 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -436,6 +436,7 @@ tdbio_update_version_record (void)
rec.r.ver.completes = opt.completes_needed; rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth; rec.r.ver.cert_depth = opt.max_cert_depth;
rec.r.ver.trust_model = opt.trust_model; rec.r.ver.trust_model = opt.trust_model;
rec.r.ver.min_cert_level = opt.min_cert_level;
rc=tdbio_write_record(&rec); rc=tdbio_write_record(&rec);
} }
@ -458,6 +459,7 @@ create_version_record (void)
rec.r.ver.trust_model = opt.trust_model; rec.r.ver.trust_model = opt.trust_model;
else else
rec.r.ver.trust_model = TM_PGP; rec.r.ver.trust_model = TM_PGP;
rec.r.ver.min_cert_level = opt.min_cert_level;
rec.rectype = RECTYPE_VER; rec.rectype = RECTYPE_VER;
rec.recnum = 0; rec.recnum = 0;
rc = tdbio_write_record( &rec ); rc = tdbio_write_record( &rec );
@ -679,7 +681,8 @@ tdbio_db_matches_options()
yes_no = vr.r.ver.marginals == opt.marginals_needed yes_no = vr.r.ver.marginals == opt.marginals_needed
&& vr.r.ver.completes == opt.completes_needed && vr.r.ver.completes == opt.completes_needed
&& vr.r.ver.cert_depth == opt.max_cert_depth && vr.r.ver.cert_depth == opt.max_cert_depth
&& vr.r.ver.trust_model == opt.trust_model; && vr.r.ver.trust_model == opt.trust_model
&& vr.r.ver.min_cert_level == opt.min_cert_level;
} }
return yes_no; return yes_no;
@ -1109,13 +1112,14 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp )
case 0: fprintf(fp, "blank\n"); case 0: fprintf(fp, "blank\n");
break; break;
case RECTYPE_VER: fprintf(fp, case RECTYPE_VER: fprintf(fp,
"version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d nc=%lu (%s)\n", "version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d mcl=%d nc=%lu (%s)\n",
rec->r.ver.trusthashtbl, rec->r.ver.trusthashtbl,
rec->r.ver.firstfree, rec->r.ver.firstfree,
rec->r.ver.marginals, rec->r.ver.marginals,
rec->r.ver.completes, rec->r.ver.completes,
rec->r.ver.cert_depth, rec->r.ver.cert_depth,
rec->r.ver.trust_model, rec->r.ver.trust_model,
rec->r.ver.min_cert_level,
rec->r.ver.nextcheck, rec->r.ver.nextcheck,
strtimestamp(rec->r.ver.nextcheck) strtimestamp(rec->r.ver.nextcheck)
); );
@ -1209,7 +1213,8 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
rec->r.ver.completes = *p++; rec->r.ver.completes = *p++;
rec->r.ver.cert_depth = *p++; rec->r.ver.cert_depth = *p++;
rec->r.ver.trust_model = *p++; rec->r.ver.trust_model = *p++;
p += 3; rec->r.ver.min_cert_level = *p++;
p += 2;
rec->r.ver.created = buftoulong(p); p += 4; rec->r.ver.created = buftoulong(p); p += 4;
rec->r.ver.nextcheck = buftoulong(p); p += 4; rec->r.ver.nextcheck = buftoulong(p); p += 4;
p += 4; p += 4;
@ -1296,7 +1301,8 @@ tdbio_write_record( TRUSTREC *rec )
*p++ = rec->r.ver.completes; *p++ = rec->r.ver.completes;
*p++ = rec->r.ver.cert_depth; *p++ = rec->r.ver.cert_depth;
*p++ = rec->r.ver.trust_model; *p++ = rec->r.ver.trust_model;
p += 3; *p++ = rec->r.ver.min_cert_level;
p += 2;
ulongtobuf(p, rec->r.ver.created); p += 4; ulongtobuf(p, rec->r.ver.created); p += 4;
ulongtobuf(p, rec->r.ver.nextcheck); p += 4; ulongtobuf(p, rec->r.ver.nextcheck); p += 4;
p += 4; p += 4;

View File

@ -1,5 +1,5 @@
/* tdbio.h - Trust database I/O functions /* tdbio.h - Trust database I/O functions
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2012 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -54,6 +54,7 @@ struct trust_record {
byte completes; byte completes;
byte cert_depth; byte cert_depth;
byte trust_model; byte trust_model;
byte min_cert_level;
ulong created; /* timestamp of trustdb creation */ ulong created; /* timestamp of trustdb creation */
ulong nextcheck; /* timestamp of next scheduled check */ ulong nextcheck; /* timestamp of next scheduled check */
ulong reserved; ulong reserved;

View File

@ -1,6 +1,6 @@
/* trustdb.c /* trustdb.c
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008 Free Software Foundation, Inc. * 2008, 2012 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -660,7 +660,8 @@ trustdb_check_or_update(void)
void void
read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth) byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level)
{ {
TRUSTREC opts; TRUSTREC opts;
@ -680,6 +681,8 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
*completes=opts.r.ver.completes; *completes=opts.r.ver.completes;
if(cert_depth) if(cert_depth)
*cert_depth=opts.r.ver.cert_depth; *cert_depth=opts.r.ver.cert_depth;
if(min_cert_level)
*min_cert_level=opts.r.ver.min_cert_level;
} }
/*********************************************** /***********************************************
@ -1045,7 +1048,8 @@ check_trustdb_stale(void)
did_nextcheck = 1; did_nextcheck = 1;
scheduled = tdbio_read_nextcheck (); scheduled = tdbio_read_nextcheck ();
if (scheduled && scheduled <= make_timestamp ()) if ((scheduled && scheduled <= make_timestamp ())
|| pending_check_trustdb)
{ {
if (opt.no_auto_check_trustdb) if (opt.no_auto_check_trustdb)
{ {

View File

@ -1,6 +1,6 @@
/* trustdb.h - Trust database /* trustdb.h - Trust database
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2005 Free Software Foundation, Inc. * 2005, 2012 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -71,7 +71,8 @@ void enum_cert_paths_print( void **context, FILE *fp,
int refresh, ulong selected_lid ); int refresh, ulong selected_lid );
void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth); byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level);
unsigned int get_ownertrust (PKT_public_key *pk); unsigned int get_ownertrust (PKT_public_key *pk);
unsigned int get_min_ownertrust (PKT_public_key *pk); unsigned int get_min_ownertrust (PKT_public_key *pk);