security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-05-27 21:41:23 +02:00
Code Activity

* tdbio.c (create_version_record): Only create new trustdbs with

Browse Source 
TM_CLASSIC or TM_PGP.

* trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
get_validity_string, ask_ownertrust, validate_keys), pkclist.c
(do_edit_ownertrust): Rename trust_string to trust_value_to_string for
naming consistency.

* trustdb.h, trustdb.c (string_to_trust_value): New function to translate
a string to a trust value.

* g10.c (main): Use string_to_trust_value here for --force-ownertrust.

* options.h, g10.c (main), trustdb.c (trust_model_string, init_trustdb,
check_trustdb, update_trustdb, get_validity, validate_one_keyblock): An
"OpenPGP" trust model is misleading since there is no official OpenPGP
trust model.  Use "PGP" instead.
This commit is contained in:
David Shaw 2003-05-01 21:37:08 +00:00
parent 1fc1d26083
commit f861b6488e
7 changed files with 75 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
g10/ChangeLog
View File

@ -1,3 +1,25 @@
2003-05-01 David Shaw <dshaw@jabberwocky.com>
* tdbio.c (create_version_record): Only create new trustdbs with
TM_CLASSIC or TM_PGP.
* trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
get_validity_string, ask_ownertrust, validate_keys), pkclist.c
(do_edit_ownertrust): Rename trust_string to trust_value_to_string
for naming consistency.
* trustdb.h, trustdb.c (string_to_trust_value): New function to
translate a string to a trust value.
* g10.c (main): Use string_to_trust_value here for
--force-ownertrust.
* options.h, g10.c (main), trustdb.c (trust_model_string,
init_trustdb, check_trustdb, update_trustdb, get_validity,
validate_one_keyblock): An "OpenPGP" trust model is misleading
since there is no official OpenPGP trust model. Use "PGP"
instead.
2003-04-30 David Shaw <dshaw@jabberwocky.com> 2003-04-30 David Shaw <dshaw@jabberwocky.com>
* build-packet.c (build_sig_subpkt): Comments. * build-packet.c (build_sig_subpkt): Comments.

17
g10/g10.c
View File

@ -539,7 +539,7 @@ static ARGPARSE_OPTS opts[] = {
{ oDefCertCheckLevel, "default-cert-check-level", 1, "@"}, { oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
{ oAlwaysTrust, "always-trust", 0, "@"}, { oAlwaysTrust, "always-trust", 0, "@"},
{ oTrustModel, "trust-model", 2, "@"}, { oTrustModel, "trust-model", 2, "@"},
{ oForceOwnertrust, "force-ownertrust", 1, "@"}, { oForceOwnertrust, "force-ownertrust", 2, "@"},
{ oEmuChecksumBug, "emulate-checksum-bug", 0, "@"}, { oEmuChecksumBug, "emulate-checksum-bug", 0, "@"},
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" }, { oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
{ oSetFilename, "set-filename", 2, "@" }, { oSetFilename, "set-filename", 2, "@" },
@ -1489,8 +1489,8 @@ main( int argc, char **argv )
time. */ time. */
case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break; case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
case oTrustModel: case oTrustModel:
if(ascii_strcasecmp(pargs.r.ret_str,"openpgp")==0) if(ascii_strcasecmp(pargs.r.ret_str,"pgp")==0)
opt.trust_model=TM_OPENPGP; opt.trust_model=TM_PGP;
else if(ascii_strcasecmp(pargs.r.ret_str,"classic")==0) else if(ascii_strcasecmp(pargs.r.ret_str,"classic")==0)
opt.trust_model=TM_CLASSIC; opt.trust_model=TM_CLASSIC;
else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0) else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0)
@ -1503,11 +1503,12 @@ main( int argc, char **argv )
case oForceOwnertrust: case oForceOwnertrust:
log_info(_("NOTE: %s is not for normal use!\n"), log_info(_("NOTE: %s is not for normal use!\n"),
"--force-ownertrust"); "--force-ownertrust");
if(pargs.r.ret_int>=TRUST_UNDEFINED opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
&& pargs.r.ret_int<=TRUST_ULTIMATE) if(opt.force_ownertrust==-1)
opt.force_ownertrust=pargs.r.ret_int; {
else log_error("invalid ownertrust \"%s\"\n",pargs.r.ret_str);
log_error("invalid ownertrust %d\n",pargs.r.ret_int); opt.force_ownertrust=0;
}
break; break;
case oLoadExtension: case oLoadExtension:
#ifndef __riscos__ #ifndef __riscos__

2
g10/options.h
View File

@ -91,7 +91,7 @@ struct {
int compress_sigs; int compress_sigs;
/* TM_CLASSIC must be zero to accomodate trustdbs generated before /* TM_CLASSIC must be zero to accomodate trustdbs generated before
we started storing the trust model inside the trustdb. */ we started storing the trust model inside the trustdb. */
enum {TM_CLASSIC=0, TM_OPENPGP=1, TM_ALWAYS, TM_AUTO} trust_model; enum {TM_CLASSIC=0, TM_PGP=1, TM_ALWAYS, TM_AUTO} trust_model;
unsigned int force_ownertrust; unsigned int force_ownertrust;
int pgp2; int pgp2;
int pgp6; int pgp6;

2
g10/pkclist.c
View File

@ -336,7 +336,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
tty_printf("\n"); tty_printf("\n");
if(minimum) if(minimum)
tty_printf(_("The minimum trust level for this key is: %s\n\n"), tty_printf(_("The minimum trust level for this key is: %s\n\n"),
trust_string(minimum)); trust_value_to_string(minimum));
did_help = 1; did_help = 1;
} }
if( strlen(ans) != 8 ) if( strlen(ans) != 8 )

5
g10/tdbio.c
View File

@ -453,7 +453,10 @@ create_version_record (void)
rec.r.ver.marginals = opt.marginals_needed; rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed; rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth; rec.r.ver.cert_depth = opt.max_cert_depth;
rec.r.ver.trust_model = opt.trust_model; if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
rec.r.ver.trust_model = opt.trust_model;
else
rec.r.ver.trust_model = TM_PGP;
rec.rectype = RECTYPE_VER; rec.rectype = RECTYPE_VER;
rec.recnum = 0; rec.recnum = 0;
rc = tdbio_write_record( &rec ); rc = tdbio_write_record( &rec );

53
g10/trustdb.c
View File

@ -380,7 +380,7 @@ trust_model_string(void)
{ {
switch(opt.trust_model) switch(opt.trust_model)
{ {
case TM_OPENPGP: return "OpenPGP"; case TM_PGP: return "PGP";
case TM_CLASSIC: return "classic"; case TM_CLASSIC: return "classic";
case TM_ALWAYS: return "always"; case TM_ALWAYS: return "always";
default: return "unknown"; default: return "unknown";
@ -443,18 +443,18 @@ init_trustdb()
opt.trust_model=tdbio_read_model(); opt.trust_model=tdbio_read_model();
/* Sanity check this ;) */ /* Sanity check this ;) */
if(opt.trust_model!=TM_CLASSIC && opt.trust_model!=TM_OPENPGP) if(opt.trust_model!=TM_PGP && opt.trust_model!=TM_CLASSIC)
{ {
log_info(_("unable to use unknown trust model (%d) - " log_info(_("unable to use unknown trust model (%d) - "
"assuming OpenPGP trust model\n"),opt.trust_model); "assuming %s trust model\n"),opt.trust_model,"PGP");
opt.trust_model=TM_OPENPGP; opt.trust_model=TM_PGP;
} }
if(opt.verbose) if(opt.verbose)
log_info(_("using %s trust model\n"),trust_model_string()); log_info(_("using %s trust model\n"),trust_model_string());
} }
if((opt.trust_model==TM_CLASSIC || opt.trust_model==TM_OPENPGP) if((opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
&& !tdbio_db_matches_options()) && !tdbio_db_matches_options())
pending_check_trustdb=1; pending_check_trustdb=1;
} }
@ -489,7 +489,7 @@ trust_letter (unsigned int value)
/* The strings here are similar to those in /* The strings here are similar to those in
pkclist.c:do_edit_ownertrust() */ pkclist.c:do_edit_ownertrust() */
const char * const char *
trust_string (unsigned int value) trust_value_to_string (unsigned int value)
{ {
switch( (value & TRUST_MASK) ) switch( (value & TRUST_MASK) )
{ {
@ -504,6 +504,23 @@ trust_string (unsigned int value)
} }
} }
int
string_to_trust_value (const char *str)
{
if(ascii_strcasecmp(str,"undefined")==0)
return TRUST_UNDEFINED;
else if(ascii_strcasecmp(str,"never")==0)
return TRUST_NEVER;
else if(ascii_strcasecmp(str,"marginal")==0)
return TRUST_MARGINAL;
else if(ascii_strcasecmp(str,"full")==0)
return TRUST_FULLY;
else if(ascii_strcasecmp(str,"ultimate")==0)
return TRUST_ULTIMATE;
else
return -1;
}
/**************** /****************
* Recreate the WoT but do not ask for new ownertrusts. Special * Recreate the WoT but do not ask for new ownertrusts. Special
* feature: In batch mode and without a forced yes, this is only done * feature: In batch mode and without a forced yes, this is only done
@ -513,7 +530,7 @@ void
check_trustdb () check_trustdb ()
{ {
init_trustdb(); init_trustdb();
if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC) if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
{ {
if (opt.batch && !opt.answer_yes) if (opt.batch && !opt.answer_yes)
{ {
@ -549,7 +566,7 @@ void
update_trustdb() update_trustdb()
{ {
init_trustdb(); init_trustdb();
if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC) if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
validate_keys (1); validate_keys (1);
else else
log_info (_("no need for a trustdb update with \"%s\" trust model\n"), log_info (_("no need for a trustdb update with \"%s\" trust model\n"),
@ -686,7 +703,7 @@ get_ownertrust_info (PKT_public_key *pk)
const char * const char *
get_ownertrust_string (PKT_public_key *pk) get_ownertrust_string (PKT_public_key *pk)
{ {
return trust_string(get_ownertrust_with_min(pk)); return trust_value_to_string(get_ownertrust_with_min(pk));
} }
/* /*
@ -988,7 +1005,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
init_trustdb (); init_trustdb ();
if (!did_nextcheck if (!did_nextcheck
&& (opt.trust_model==TM_CLASSIC || opt.trust_model==TM_OPENPGP)) && (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
{ {
ulong scheduled; ulong scheduled;
@ -1108,7 +1125,7 @@ get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
trustlevel = get_validity (pk, uid); trustlevel = get_validity (pk, uid);
if( trustlevel & TRUST_FLAG_REVOKED ) if( trustlevel & TRUST_FLAG_REVOKED )
return _("revoked"); return _("revoked");
return trust_string(trustlevel); return trust_value_to_string(trustlevel);
} }
static void static void
@ -1212,8 +1229,9 @@ ask_ownertrust (u32 *kid,int minimum)
if(opt.force_ownertrust) if(opt.force_ownertrust)
{ {
log_info("force trust for key %08lX to %s\n",(ulong)kid[1], log_info("force trust for key %08lX%08lX to %s\n",
trust_string(opt.force_ownertrust)); (ulong)kid[0],(ulong)kid[1],
trust_value_to_string(opt.force_ownertrust));
update_ownertrust(pk,opt.force_ownertrust); update_ownertrust(pk,opt.force_ownertrust);
ot=opt.force_ownertrust; ot=opt.force_ownertrust;
} }
@ -1588,11 +1606,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
did not exist. This is safe for non-trust sigs as well did not exist. This is safe for non-trust sigs as well
since we don't accept a regexp on the sig unless it's a since we don't accept a regexp on the sig unless it's a
trust sig. */ trust sig. */
if (kr && (kr->trust_regexp==NULL || opt.trust_model!=TM_OPENPGP || if (kr && (kr->trust_regexp==NULL || opt.trust_model!=TM_PGP ||
(uidnode && check_regexp(kr->trust_regexp, (uidnode && check_regexp(kr->trust_regexp,
uidnode->pkt->pkt.user_id->name)))) uidnode->pkt->pkt.user_id->name))))
{ {
if(DBG_TRUST && opt.trust_model==TM_OPENPGP && sig->trust_depth) if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth)
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n", log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
uidnode->pkt->pkt.user_id->name,sig->trust_depth, uidnode->pkt->pkt.user_id->name,sig->trust_depth,
kr->trust_depth); kr->trust_depth);
@ -1602,7 +1620,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
lesser trust sig or value. I could make a decent lesser trust sig or value. I could make a decent
argument for any of these cases, but this seems to be argument for any of these cases, but this seems to be
what PGP does, and I'd like to be compatible. -dms */ what PGP does, and I'd like to be compatible. -dms */
if(opt.trust_model==TM_OPENPGP && sig->trust_depth if(opt.trust_model==TM_PGP && sig->trust_depth
&& pk->trust_timestamp<=sig->timestamp && pk->trust_timestamp<=sig->timestamp
&& (sig->trust_depth<=kr->trust_depth && (sig->trust_depth<=kr->trust_depth
|| kr->ownertrust==TRUST_ULTIMATE)) || kr->ownertrust==TRUST_ULTIMATE))
@ -1978,7 +1996,8 @@ validate_keys (int interactive)
log_debug("key %08lX: " log_debug("key %08lX: "
"overriding ownertrust \"%s\" with \"%s\"\n", "overriding ownertrust \"%s\" with \"%s\"\n",
(ulong)k->kid[1], (ulong)k->kid[1],
trust_string(k->ownertrust),trust_string(min)); trust_value_to_string(k->ownertrust),
trust_value_to_string(min));
k->ownertrust=min; k->ownertrust=min;
} }

3
g10/trustdb.h
View File

@ -46,7 +46,8 @@ int setup_trustdb( int level, const char *dbname );
void init_trustdb( void ); void init_trustdb( void );
void sync_trustdb( void ); void sync_trustdb( void );
const char *trust_string (unsigned int value); const char *trust_value_to_string (unsigned int value);
int string_to_trust_value (const char *str);
void revalidation_mark (void); void revalidation_mark (void);
int trustdb_pending_check(void); int trustdb_pending_check(void);