mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-07 12:34:25 +01:00
* tdbio.c (create_version_record): Only create new trustdbs with
TM_CLASSIC or TM_PGP. * trustdb.h, trustdb.c (trust_string, get_ownertrust_string, get_validity_string, ask_ownertrust, validate_keys), pkclist.c (do_edit_ownertrust): Rename trust_string to trust_value_to_string for naming consistency. * trustdb.h, trustdb.c (string_to_trust_value): New function to translate a string to a trust value. * g10.c (main): Use string_to_trust_value here for --force-ownertrust. * options.h, g10.c (main), trustdb.c (trust_model_string, init_trustdb, check_trustdb, update_trustdb, get_validity, validate_one_keyblock): An "OpenPGP" trust model is misleading since there is no official OpenPGP trust model. Use "PGP" instead.
This commit is contained in:
parent
1fc1d26083
commit
f861b6488e
@ -1,3 +1,25 @@
|
|||||||
|
2003-05-01 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* tdbio.c (create_version_record): Only create new trustdbs with
|
||||||
|
TM_CLASSIC or TM_PGP.
|
||||||
|
|
||||||
|
* trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
|
||||||
|
get_validity_string, ask_ownertrust, validate_keys), pkclist.c
|
||||||
|
(do_edit_ownertrust): Rename trust_string to trust_value_to_string
|
||||||
|
for naming consistency.
|
||||||
|
|
||||||
|
* trustdb.h, trustdb.c (string_to_trust_value): New function to
|
||||||
|
translate a string to a trust value.
|
||||||
|
|
||||||
|
* g10.c (main): Use string_to_trust_value here for
|
||||||
|
--force-ownertrust.
|
||||||
|
|
||||||
|
* options.h, g10.c (main), trustdb.c (trust_model_string,
|
||||||
|
init_trustdb, check_trustdb, update_trustdb, get_validity,
|
||||||
|
validate_one_keyblock): An "OpenPGP" trust model is misleading
|
||||||
|
since there is no official OpenPGP trust model. Use "PGP"
|
||||||
|
instead.
|
||||||
|
|
||||||
2003-04-30 David Shaw <dshaw@jabberwocky.com>
|
2003-04-30 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* build-packet.c (build_sig_subpkt): Comments.
|
* build-packet.c (build_sig_subpkt): Comments.
|
||||||
|
17
g10/g10.c
17
g10/g10.c
@ -539,7 +539,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
|
{ oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
|
||||||
{ oAlwaysTrust, "always-trust", 0, "@"},
|
{ oAlwaysTrust, "always-trust", 0, "@"},
|
||||||
{ oTrustModel, "trust-model", 2, "@"},
|
{ oTrustModel, "trust-model", 2, "@"},
|
||||||
{ oForceOwnertrust, "force-ownertrust", 1, "@"},
|
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
|
||||||
{ oEmuChecksumBug, "emulate-checksum-bug", 0, "@"},
|
{ oEmuChecksumBug, "emulate-checksum-bug", 0, "@"},
|
||||||
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
|
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
|
||||||
{ oSetFilename, "set-filename", 2, "@" },
|
{ oSetFilename, "set-filename", 2, "@" },
|
||||||
@ -1489,8 +1489,8 @@ main( int argc, char **argv )
|
|||||||
time. */
|
time. */
|
||||||
case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
|
case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
|
||||||
case oTrustModel:
|
case oTrustModel:
|
||||||
if(ascii_strcasecmp(pargs.r.ret_str,"openpgp")==0)
|
if(ascii_strcasecmp(pargs.r.ret_str,"pgp")==0)
|
||||||
opt.trust_model=TM_OPENPGP;
|
opt.trust_model=TM_PGP;
|
||||||
else if(ascii_strcasecmp(pargs.r.ret_str,"classic")==0)
|
else if(ascii_strcasecmp(pargs.r.ret_str,"classic")==0)
|
||||||
opt.trust_model=TM_CLASSIC;
|
opt.trust_model=TM_CLASSIC;
|
||||||
else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0)
|
else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0)
|
||||||
@ -1503,11 +1503,12 @@ main( int argc, char **argv )
|
|||||||
case oForceOwnertrust:
|
case oForceOwnertrust:
|
||||||
log_info(_("NOTE: %s is not for normal use!\n"),
|
log_info(_("NOTE: %s is not for normal use!\n"),
|
||||||
"--force-ownertrust");
|
"--force-ownertrust");
|
||||||
if(pargs.r.ret_int>=TRUST_UNDEFINED
|
opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
|
||||||
&& pargs.r.ret_int<=TRUST_ULTIMATE)
|
if(opt.force_ownertrust==-1)
|
||||||
opt.force_ownertrust=pargs.r.ret_int;
|
{
|
||||||
else
|
log_error("invalid ownertrust \"%s\"\n",pargs.r.ret_str);
|
||||||
log_error("invalid ownertrust %d\n",pargs.r.ret_int);
|
opt.force_ownertrust=0;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case oLoadExtension:
|
case oLoadExtension:
|
||||||
#ifndef __riscos__
|
#ifndef __riscos__
|
||||||
|
@ -91,7 +91,7 @@ struct {
|
|||||||
int compress_sigs;
|
int compress_sigs;
|
||||||
/* TM_CLASSIC must be zero to accomodate trustdbs generated before
|
/* TM_CLASSIC must be zero to accomodate trustdbs generated before
|
||||||
we started storing the trust model inside the trustdb. */
|
we started storing the trust model inside the trustdb. */
|
||||||
enum {TM_CLASSIC=0, TM_OPENPGP=1, TM_ALWAYS, TM_AUTO} trust_model;
|
enum {TM_CLASSIC=0, TM_PGP=1, TM_ALWAYS, TM_AUTO} trust_model;
|
||||||
unsigned int force_ownertrust;
|
unsigned int force_ownertrust;
|
||||||
int pgp2;
|
int pgp2;
|
||||||
int pgp6;
|
int pgp6;
|
||||||
|
@ -336,7 +336,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
|
|||||||
tty_printf("\n");
|
tty_printf("\n");
|
||||||
if(minimum)
|
if(minimum)
|
||||||
tty_printf(_("The minimum trust level for this key is: %s\n\n"),
|
tty_printf(_("The minimum trust level for this key is: %s\n\n"),
|
||||||
trust_string(minimum));
|
trust_value_to_string(minimum));
|
||||||
did_help = 1;
|
did_help = 1;
|
||||||
}
|
}
|
||||||
if( strlen(ans) != 8 )
|
if( strlen(ans) != 8 )
|
||||||
|
@ -453,7 +453,10 @@ create_version_record (void)
|
|||||||
rec.r.ver.marginals = opt.marginals_needed;
|
rec.r.ver.marginals = opt.marginals_needed;
|
||||||
rec.r.ver.completes = opt.completes_needed;
|
rec.r.ver.completes = opt.completes_needed;
|
||||||
rec.r.ver.cert_depth = opt.max_cert_depth;
|
rec.r.ver.cert_depth = opt.max_cert_depth;
|
||||||
|
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
||||||
rec.r.ver.trust_model = opt.trust_model;
|
rec.r.ver.trust_model = opt.trust_model;
|
||||||
|
else
|
||||||
|
rec.r.ver.trust_model = TM_PGP;
|
||||||
rec.rectype = RECTYPE_VER;
|
rec.rectype = RECTYPE_VER;
|
||||||
rec.recnum = 0;
|
rec.recnum = 0;
|
||||||
rc = tdbio_write_record( &rec );
|
rc = tdbio_write_record( &rec );
|
||||||
|
@ -380,7 +380,7 @@ trust_model_string(void)
|
|||||||
{
|
{
|
||||||
switch(opt.trust_model)
|
switch(opt.trust_model)
|
||||||
{
|
{
|
||||||
case TM_OPENPGP: return "OpenPGP";
|
case TM_PGP: return "PGP";
|
||||||
case TM_CLASSIC: return "classic";
|
case TM_CLASSIC: return "classic";
|
||||||
case TM_ALWAYS: return "always";
|
case TM_ALWAYS: return "always";
|
||||||
default: return "unknown";
|
default: return "unknown";
|
||||||
@ -443,18 +443,18 @@ init_trustdb()
|
|||||||
opt.trust_model=tdbio_read_model();
|
opt.trust_model=tdbio_read_model();
|
||||||
|
|
||||||
/* Sanity check this ;) */
|
/* Sanity check this ;) */
|
||||||
if(opt.trust_model!=TM_CLASSIC && opt.trust_model!=TM_OPENPGP)
|
if(opt.trust_model!=TM_PGP && opt.trust_model!=TM_CLASSIC)
|
||||||
{
|
{
|
||||||
log_info(_("unable to use unknown trust model (%d) - "
|
log_info(_("unable to use unknown trust model (%d) - "
|
||||||
"assuming OpenPGP trust model\n"),opt.trust_model);
|
"assuming %s trust model\n"),opt.trust_model,"PGP");
|
||||||
opt.trust_model=TM_OPENPGP;
|
opt.trust_model=TM_PGP;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(opt.verbose)
|
if(opt.verbose)
|
||||||
log_info(_("using %s trust model\n"),trust_model_string());
|
log_info(_("using %s trust model\n"),trust_model_string());
|
||||||
}
|
}
|
||||||
|
|
||||||
if((opt.trust_model==TM_CLASSIC || opt.trust_model==TM_OPENPGP)
|
if((opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
||||||
&& !tdbio_db_matches_options())
|
&& !tdbio_db_matches_options())
|
||||||
pending_check_trustdb=1;
|
pending_check_trustdb=1;
|
||||||
}
|
}
|
||||||
@ -489,7 +489,7 @@ trust_letter (unsigned int value)
|
|||||||
/* The strings here are similar to those in
|
/* The strings here are similar to those in
|
||||||
pkclist.c:do_edit_ownertrust() */
|
pkclist.c:do_edit_ownertrust() */
|
||||||
const char *
|
const char *
|
||||||
trust_string (unsigned int value)
|
trust_value_to_string (unsigned int value)
|
||||||
{
|
{
|
||||||
switch( (value & TRUST_MASK) )
|
switch( (value & TRUST_MASK) )
|
||||||
{
|
{
|
||||||
@ -504,6 +504,23 @@ trust_string (unsigned int value)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
string_to_trust_value (const char *str)
|
||||||
|
{
|
||||||
|
if(ascii_strcasecmp(str,"undefined")==0)
|
||||||
|
return TRUST_UNDEFINED;
|
||||||
|
else if(ascii_strcasecmp(str,"never")==0)
|
||||||
|
return TRUST_NEVER;
|
||||||
|
else if(ascii_strcasecmp(str,"marginal")==0)
|
||||||
|
return TRUST_MARGINAL;
|
||||||
|
else if(ascii_strcasecmp(str,"full")==0)
|
||||||
|
return TRUST_FULLY;
|
||||||
|
else if(ascii_strcasecmp(str,"ultimate")==0)
|
||||||
|
return TRUST_ULTIMATE;
|
||||||
|
else
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Recreate the WoT but do not ask for new ownertrusts. Special
|
* Recreate the WoT but do not ask for new ownertrusts. Special
|
||||||
* feature: In batch mode and without a forced yes, this is only done
|
* feature: In batch mode and without a forced yes, this is only done
|
||||||
@ -513,7 +530,7 @@ void
|
|||||||
check_trustdb ()
|
check_trustdb ()
|
||||||
{
|
{
|
||||||
init_trustdb();
|
init_trustdb();
|
||||||
if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC)
|
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
||||||
{
|
{
|
||||||
if (opt.batch && !opt.answer_yes)
|
if (opt.batch && !opt.answer_yes)
|
||||||
{
|
{
|
||||||
@ -549,7 +566,7 @@ void
|
|||||||
update_trustdb()
|
update_trustdb()
|
||||||
{
|
{
|
||||||
init_trustdb();
|
init_trustdb();
|
||||||
if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC)
|
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
||||||
validate_keys (1);
|
validate_keys (1);
|
||||||
else
|
else
|
||||||
log_info (_("no need for a trustdb update with \"%s\" trust model\n"),
|
log_info (_("no need for a trustdb update with \"%s\" trust model\n"),
|
||||||
@ -686,7 +703,7 @@ get_ownertrust_info (PKT_public_key *pk)
|
|||||||
const char *
|
const char *
|
||||||
get_ownertrust_string (PKT_public_key *pk)
|
get_ownertrust_string (PKT_public_key *pk)
|
||||||
{
|
{
|
||||||
return trust_string(get_ownertrust_with_min(pk));
|
return trust_value_to_string(get_ownertrust_with_min(pk));
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -988,7 +1005,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
|||||||
|
|
||||||
init_trustdb ();
|
init_trustdb ();
|
||||||
if (!did_nextcheck
|
if (!did_nextcheck
|
||||||
&& (opt.trust_model==TM_CLASSIC || opt.trust_model==TM_OPENPGP))
|
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
|
||||||
{
|
{
|
||||||
ulong scheduled;
|
ulong scheduled;
|
||||||
|
|
||||||
@ -1108,7 +1125,7 @@ get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
|
|||||||
trustlevel = get_validity (pk, uid);
|
trustlevel = get_validity (pk, uid);
|
||||||
if( trustlevel & TRUST_FLAG_REVOKED )
|
if( trustlevel & TRUST_FLAG_REVOKED )
|
||||||
return _("revoked");
|
return _("revoked");
|
||||||
return trust_string(trustlevel);
|
return trust_value_to_string(trustlevel);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@ -1212,8 +1229,9 @@ ask_ownertrust (u32 *kid,int minimum)
|
|||||||
|
|
||||||
if(opt.force_ownertrust)
|
if(opt.force_ownertrust)
|
||||||
{
|
{
|
||||||
log_info("force trust for key %08lX to %s\n",(ulong)kid[1],
|
log_info("force trust for key %08lX%08lX to %s\n",
|
||||||
trust_string(opt.force_ownertrust));
|
(ulong)kid[0],(ulong)kid[1],
|
||||||
|
trust_value_to_string(opt.force_ownertrust));
|
||||||
update_ownertrust(pk,opt.force_ownertrust);
|
update_ownertrust(pk,opt.force_ownertrust);
|
||||||
ot=opt.force_ownertrust;
|
ot=opt.force_ownertrust;
|
||||||
}
|
}
|
||||||
@ -1588,11 +1606,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
|||||||
did not exist. This is safe for non-trust sigs as well
|
did not exist. This is safe for non-trust sigs as well
|
||||||
since we don't accept a regexp on the sig unless it's a
|
since we don't accept a regexp on the sig unless it's a
|
||||||
trust sig. */
|
trust sig. */
|
||||||
if (kr && (kr->trust_regexp==NULL || opt.trust_model!=TM_OPENPGP ||
|
if (kr && (kr->trust_regexp==NULL || opt.trust_model!=TM_PGP ||
|
||||||
(uidnode && check_regexp(kr->trust_regexp,
|
(uidnode && check_regexp(kr->trust_regexp,
|
||||||
uidnode->pkt->pkt.user_id->name))))
|
uidnode->pkt->pkt.user_id->name))))
|
||||||
{
|
{
|
||||||
if(DBG_TRUST && opt.trust_model==TM_OPENPGP && sig->trust_depth)
|
if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth)
|
||||||
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
|
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
|
||||||
uidnode->pkt->pkt.user_id->name,sig->trust_depth,
|
uidnode->pkt->pkt.user_id->name,sig->trust_depth,
|
||||||
kr->trust_depth);
|
kr->trust_depth);
|
||||||
@ -1602,7 +1620,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
|||||||
lesser trust sig or value. I could make a decent
|
lesser trust sig or value. I could make a decent
|
||||||
argument for any of these cases, but this seems to be
|
argument for any of these cases, but this seems to be
|
||||||
what PGP does, and I'd like to be compatible. -dms */
|
what PGP does, and I'd like to be compatible. -dms */
|
||||||
if(opt.trust_model==TM_OPENPGP && sig->trust_depth
|
if(opt.trust_model==TM_PGP && sig->trust_depth
|
||||||
&& pk->trust_timestamp<=sig->timestamp
|
&& pk->trust_timestamp<=sig->timestamp
|
||||||
&& (sig->trust_depth<=kr->trust_depth
|
&& (sig->trust_depth<=kr->trust_depth
|
||||||
|| kr->ownertrust==TRUST_ULTIMATE))
|
|| kr->ownertrust==TRUST_ULTIMATE))
|
||||||
@ -1978,7 +1996,8 @@ validate_keys (int interactive)
|
|||||||
log_debug("key %08lX: "
|
log_debug("key %08lX: "
|
||||||
"overriding ownertrust \"%s\" with \"%s\"\n",
|
"overriding ownertrust \"%s\" with \"%s\"\n",
|
||||||
(ulong)k->kid[1],
|
(ulong)k->kid[1],
|
||||||
trust_string(k->ownertrust),trust_string(min));
|
trust_value_to_string(k->ownertrust),
|
||||||
|
trust_value_to_string(min));
|
||||||
|
|
||||||
k->ownertrust=min;
|
k->ownertrust=min;
|
||||||
}
|
}
|
||||||
|
@ -46,7 +46,8 @@ int setup_trustdb( int level, const char *dbname );
|
|||||||
void init_trustdb( void );
|
void init_trustdb( void );
|
||||||
void sync_trustdb( void );
|
void sync_trustdb( void );
|
||||||
|
|
||||||
const char *trust_string (unsigned int value);
|
const char *trust_value_to_string (unsigned int value);
|
||||||
|
int string_to_trust_value (const char *str);
|
||||||
|
|
||||||
void revalidation_mark (void);
|
void revalidation_mark (void);
|
||||||
int trustdb_pending_check(void);
|
int trustdb_pending_check(void);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user