diff options
| author | Werner Koch <wk@gnupg.org> | 1998-01-19 19:54:44 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 1998-01-19 19:54:44 +0100 |
| commit | ea4b6f9db7eda4e4ab29285aeda692fc9d60bb45 (patch) | |
| tree | 1a0f1ff337da7dc08973763b32f880045361fb7a /g10 | |
| parent | added some trust model stuff (diff) | |
| download | gnupg2-ea4b6f9db7eda4e4ab29285aeda692fc9d60bb45.tar.xz gnupg2-ea4b6f9db7eda4e4ab29285aeda692fc9d60bb45.zip | |
backup
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/import.c | 95 | ||||
| -rw-r--r-- | g10/pkclist.c | 94 | ||||
| -rw-r--r-- | g10/trustdb.c | 262 | ||||
| -rw-r--r-- | g10/trustdb.h | 17 |
4 files changed, 233 insertions, 235 deletions
diff --git a/g10/import.c b/g10/import.c index 91140d459..2cba74a5b 100644 --- a/g10/import.c +++ b/g10/import.c @@ -48,99 +48,8 @@ int import_pubkeys( const char *filename ) { - int rc; - PACKET pkt; - int save_mode; - ulong offset; - IOBUF iobuf = NULL; - - init_packet(&pkt); - save_mode = set_packet_list_mode(0); - - if( !(iobuf = iobuf_open( filename )) ) { - rc = G10ERR_KEYRING_OPEN; - goto leave; - } - - while( !(rc=search_packet(iobuf, &pkt, PKT_PUBLIC_CERT, &offset)) ) { - PKT_public_cert *pkc = pkt.pkt.public_cert; - u32 keyid[2]; - int otrust; - - assert( pkt.pkttype == PKT_PUBLIC_CERT ); - - keyid_from_pkc( pkc, keyid ); - rc = get_ownertrust( pkc, &otrust ); - if( rc && rc != -1 ) { - log_error("error getting otrust of %08lX: %s\n", - keyid[1], g10_errstr(rc) ); - } - else if( rc == -1 ) { /* No pubkey in trustDB: Insert */ - rc = insert_trust_record( pkc ); - if( rc ) { - log_error("failed to insert it into the trustdb: %s\n", - g10_errstr(rc) ); - } - else { - rc = get_ownertrust( pkc, &otrust ); - if( rc ) - log_fatal("failed to reread the pubkey record: %s\n", - g10_errstr(rc) ); - log_info("key %08lX inserted in trustdb (localid=%lu)\n", - keyid[1], pkc->local_id ); - } - } - else - log_info("key %08lX already in trustdb (localid=%lu)\n", - keyid[1], pkc->local_id ); - - free_packet(&pkt); - } - - iobuf_close(iobuf); - if( !(iobuf = iobuf_open( filename )) ) { - rc = G10ERR_KEYRING_OPEN; - goto leave; - } - - while( !(rc=search_packet(iobuf, &pkt, PKT_PUBLIC_CERT, &offset)) ) { - PKT_public_cert *pkc = pkt.pkt.public_cert; - u32 keyid[2]; - int trustlevel; - - assert( pkt.pkttype == PKT_PUBLIC_CERT ); - - keyid_from_pkc( pkc, keyid ); - rc = check_pkc_trust( pkc, &trustlevel ); - if( rc ) { - log_error("error checking trust of %08lX: %s\n", - keyid[1], g10_errstr(rc) ); - } - else if( trustlevel & TRUST_NO_PUBKEY ) { - /* No pubkey in trustDB: Insert and check again */ - rc = insert_trust_record( pkc ); - if( rc ) { - log_error("failed to insert it into the trustdb: %s\n", - g10_errstr(rc) ); - } - else { - rc = check_pkc_trust( pkc, &trustlevel ); - if( rc ) - log_fatal("trust check after insert failed: %s\n", - g10_errstr(rc) ); - if( trustlevel & TRUST_NO_PUBKEY ) - BUG(); - } - } - - free_packet(&pkt); - } - - leave: - iobuf_close(iobuf); - free_packet(&pkt); - set_packet_list_mode(save_mode); - return rc; + log_fatal("Not yet implemented"); + return 0; } diff --git a/g10/pkclist.c b/g10/pkclist.c index 7feea8a00..bd871a9df 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -32,6 +32,58 @@ #include "memory.h" #include "util.h" #include "trustdb.h" +#include "ttyio.h" + +static int +query_ownertrust( PKT_public_cert *pkc ) +{ + char *p; + size_t n; + u32 keyid[2]; + + keyid_from_pkc( pkc, keyid ); + tty_printf("No ownertrust specified for:\n" + "%4u%c/%08lX %s \"", + nbits_from_pkc( pkc ), pubkey_letter( pkc->pubkey_algo ), + (ulong)keyid[1], datestr_from_pkc( pkc ) ); + p = get_user_id( keyid, &n ); + tty_print_string( p, n ), + m_free(p); + tty_printf("\"\n\n" +"Please decide in how far do you trust this user to\n" +"correctly sign other users keys (looking at his passport,\n" +"checking the fingerprints from different sources ...)?\n\n" +" 1 = Don't know\n" +" 2 = I do NOT trust\n" +" 3 = I trust marginally\n" +" 4 = I trust fully\n" +" s = please show me more informations\n\n" ); + + for(;;) { + p = tty_get("Your decision? "); + trim_spaces(p); + tty_kill_prompt(); + if( *p && p[1] ) + ; + else if( *p == '?' ) { + tty_printf( +"It's up to you to assign a value here; this value will never be exported\n" +"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n" +"to do with the (implicitly created) web-of-certificates.\n"); + } + else if( !p[1] && (*p >= '1' && *p <= '4') ) { + /* okay */ + break; + } + else if( *p == 's' || *p == 'S' ) { + tty_printf("You will see a list of signators etc. here\n"); + } + m_free(p); p = NULL; + } + m_free(p); + return 0; +} + /**************** @@ -43,20 +95,52 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel ) { int rc; - if( trustlevel & TRUST_NO_PUBKEY ) { - /* No pubkey in trustDB: Insert and check again */ + switch( trustlevel ) { + case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */ rc = insert_trust_record( pkc ); if( rc ) { log_error("failed to insert it into the trustdb: %s\n", g10_errstr(rc) ); return 0; /* no */ } - rc = check_pkc_trust( pkc, &trustlevel ); + rc = check_trust( pkc, &trustlevel ); if( rc ) log_fatal("trust check after insert failed: %s\n", g10_errstr(rc) ); - if( trustlevel & TRUST_NO_PUBKEY ) + if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED ) BUG(); + return do_we_trust( pkc, trustlevel ); + + case TRUST_EXPIRED: + log_error("trust has expired: NOT yet implemented\n"); + return 0; /* no */ + + case TRUST_UNDEFINED: + if( opt.batch || opt.answer_no ) + log_info("no info to calculate a trust probability\n"); + else { + query_ownertrust( pkc ); + } + return 0; /* no */ + + case TRUST_NEVER: + log_info("We do NOT trust this key\n"); + return 0; /* no */ + + case TRUST_MARGINAL: + log_info("I'm not sure wether this keys really belongs to the owner\n" + "but I proceed anyway\n"); + return 1; /* yes */ + + case TRUST_FULLY: + log_info("This key probably belongs to the owner\n"); + return 1; /* yes */ + + case TRUST_ULTIMATE: + log_info("Our own key is always good.\n"); + return 1; /* yes */ + + default: BUG(); } @@ -101,7 +185,7 @@ build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list ) else if( !(rc=check_pubkey_algo(pkc->pubkey_algo)) ) { int trustlevel; - rc = check_pkc_trust( pkc, &trustlevel ); + rc = check_trust( pkc, &trustlevel ); if( rc ) { free_public_cert( pkc ); pkc = NULL; log_error("error checking pkc of '%s': %s\n", diff --git a/g10/trustdb.c b/g10/trustdb.c index 9f5bef7a1..51ee9b885 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -110,6 +110,14 @@ struct local_id_info { }; +typedef struct trust_seg_list *TRUST_SEG_LIST; +struct trust_seg_list { + TRUST_SEG_LIST next; + int nseg; /* number of segmens */ + int dup; + ulong seg[1]; /* segment list */ +}; + static void create_db( const char *fname ); static void open_db(void); @@ -121,18 +129,20 @@ static int walk_sigrecs( SIGREC_CONTEXT *c ); static LOCAL_ID_INFO *new_lid_table(void); static void release_lid_table( LOCAL_ID_INFO *tbl ); -static int get_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag ); +static int ins_lid_table_item( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag ); +static int qry_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag ); +static void upd_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag ); static void print_user_id( const char *text, u32 *keyid ); -static int do_list_path( ulong pubkey, int depth, int max_depth, - LOCAL_ID_INFO *lids, ulong *stack ); +static int do_list_path( ulong *stack, int depth, int max_depth, + LOCAL_ID_INFO *lids, TRUST_SEG_LIST *tslist ); static int list_sigs( ulong pubkey_id ); +static int do_check( ulong pubkeyid, int *trustlevel ); static char *db_name; static int db_fd = -1; -static int no_io_dbg = 0; /* a table used to keep track of ultimately trusted keys * which are the ones from our secrings */ static LOCAL_ID_INFO *ultikey_table; @@ -247,16 +257,12 @@ read_record( ulong recnum, TRUSTREC *rec ) if( db_fd == -1 ) open_db(); - if( DBG_TRUST && !no_io_dbg ) - log_debug("trustdb: read_record(%lu)\n", (ulong)recnum); if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) { log_error("trustdb: lseek failed: %s\n", strerror(errno) ); return G10ERR_READ_FILE; } n = read( db_fd, buf, TRUST_RECORD_LEN); if( !n ) { - if( DBG_TRUST ) - log_debug("trustdb: no record at %lu\n", (ulong)recnum ); return -1; /* eof */ } else if( n != TRUST_RECORD_LEN ) { @@ -341,10 +347,6 @@ read_record( ulong recnum, TRUSTREC *rec ) rc = G10ERR_TRUSTDB; break; } - if( DBG_TRUST && !rc && !no_io_dbg ) { - log_debug("trustdb: "); - dump_record( recnum, rec, stderr); - } return rc; } @@ -362,8 +364,6 @@ write_record( ulong recnum, TRUSTREC *rec ) if( db_fd == -1 ) open_db(); - if( DBG_TRUST && !no_io_dbg ) - log_debug("trustdb: write_record(%lu)\n", (ulong)recnum); memset(buf, 0, TRUST_RECORD_LEN); p = buf; *p++ = rec->rectype; @@ -468,13 +468,10 @@ scan_record_by_pkc( PKT_public_cert *pkc, TRUSTREC *rec, int rectype ) assert( rectype == 2 || rectype == 3 ); - if( DBG_TRUST ) - log_debug("trustdb: scan_record_by_pkc\n"); keyid_from_pkc( pkc, keyid ); fingerprint = fingerprint_from_pkc( pkc, &fingerlen ); assert( fingerlen == 20 || fingerlen == 16 ); - no_io_dbg = 1; for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) { if( rec->rectype != rectype ) continue; @@ -490,16 +487,12 @@ scan_record_by_pkc( PKT_public_cert *pkc, TRUSTREC *rec, int rectype ) "not match recnum (%lu,%lu)\n", db_name, (ulong)pkc->local_id, (ulong)recnum ); pkc->local_id = recnum; - no_io_dbg = 0; return 0; } } else log_bug("not yet implemented\n"); } - no_io_dbg = 0; - if( DBG_TRUST ) - log_debug("trustdb: scan_record_by_pkc: %s\n", rc==-1?"eof": g10_errstr(rc)); if( rc != -1 ) log_error("%s: scan_record_by_pkc failed: %s\n",db_name, g10_errstr(rc) ); return rc; @@ -517,33 +510,24 @@ scan_record( ulong local_id, TRUSTREC *rec, int rectype, ulong *r_recnum ) assert( rectype == 3 || rectype == 4 ); - if( DBG_TRUST ) - log_debug("trustdb: scan_record type %d local_id %lu\n", - rectype, (ulong)local_id); - no_io_dbg = 1; for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) { if( rec->rectype != rectype ) continue; if( rec->rectype == 34 ) { if( rec->r.cache.owner == local_id ) { /* found */ *r_recnum = recnum; - no_io_dbg = 0; return 0; } } else if( rec->rectype == 4 ) { if( rec->r.sigrec.owner == local_id ) { /* found */ *r_recnum = recnum; - no_io_dbg = 0; return 0; } } else log_bug("not yet implemented\n"); } - no_io_dbg = 0; - if( DBG_TRUST ) - log_debug("trustdb: scan_record: %s\n", rc==-1?"eof": g10_errstr(rc)); if( rc != -1 ) log_error("%s: scan_record failed: %s\n",db_name, g10_errstr(rc) ); return rc; @@ -649,10 +633,8 @@ list_trustdb( const char *username ) for(i=9+strlen(db_name); i > 0; i-- ) putchar('-'); putchar('\n'); - no_io_dbg = 1; for(recnum=0; !read_record( recnum, &rec); recnum++ ) dump_record( recnum, &rec, stdout ); - no_io_dbg = 0; } } @@ -660,10 +642,11 @@ void list_trust_path( int max_depth, const char *username ) { int rc; + int i; TRUSTREC rec; PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); - if( max_depth < 1 ) + if( max_depth < 0 ) max_depth = MAX_LIST_SIGS_DEPTH+1; @@ -676,16 +659,38 @@ list_trust_path( int max_depth, const char *username ) log_error("user '%s' not in trustdb\n", username); else { LOCAL_ID_INFO *lids; + LOCAL_ID_INFO *work; ulong stack[MAX_LIST_SIGS_DEPTH]; + TRUST_SEG_LIST tsl, tslist = NULL; lids = new_lid_table(); stack[0] = pkc->local_id; - rc = do_list_path( pkc->local_id, 1, max_depth, lids, stack ); - putchar('\n'); + rc = do_list_path( stack, 1, max_depth, lids, &tslist ); + /* wipe out duplicates */ + work = new_lid_table(); + for( tsl=tslist; tsl; tsl = tsl->next ) { + for(i=1; i < tsl->nseg-1; i++ ) { + if( ins_lid_table_item( work, tsl->seg[i], 0 ) ) { + tsl->dup = 1; /* mark as duplicate */ + break; + } + } + } + release_lid_table(work); release_lid_table(lids); if( rc ) log_error("user '%s' list problem: %s\n", username, g10_errstr(rc)); + for(tsl = tslist; tsl; tsl = tsl->next ) { + int i; + + if( tsl->dup ) + continue; + printf("tslist segs:" ); + for(i=0; i < tsl->nseg; i++ ) + printf(" %lu", tsl->seg[i]); + putchar('\n'); + } } free_public_cert( pkc ); @@ -782,7 +787,7 @@ release_lid_table( LOCAL_ID_INFO *tbl ) * fixme: maybe its a good idea to tage items from an unused item list. */ static int -add_lid_table_item( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag ) +ins_lid_table_item( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag ) { LOCAL_ID_INFO a; @@ -798,7 +803,7 @@ add_lid_table_item( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag ) } static int -get_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag ) +qry_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag ) { LOCAL_ID_INFO a; @@ -811,6 +816,19 @@ get_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned *flag ) return -1; } +static void +upd_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag ) +{ + LOCAL_ID_INFO a; + + for( a = tbl[lid & 0x0f]; a; a = a->next ) + if( a->lid == lid ) { + a->flag = flag; + return; + } + BUG(); +} + @@ -878,14 +896,13 @@ verify_own_certs() goto leave; } /* look into the trustdb */ - rc = check_pkc_trust( pkc, &trust ); + rc = check_trust( pkc, &trust ); if( rc ) { log_info("keyid %08lX: problem in trustdb: %s\n", (ulong)keyid[1], g10_errstr(rc) ); goto leave; } - if( trust & TRUST_NO_PUBKEY ) { - log_info("keyid %08lX: not yet in trustdb\n", (ulong)keyid[1] ); + if( trust == TRUST_UNKNOWN ) { rc = insert_trust_record( pkc ); if( rc ) log_error("keyid %08lX: insert failed: %s\n", @@ -893,20 +910,16 @@ verify_own_certs() else log_info("keyid %08lX: inserted\n", (ulong)keyid[1] ); } - else if( (trust & TRUST_MASK) != TRUST_ULT_TRUST ) { - /*log_error("keyid %08lX: not marked as ultimately trusted\n", - (ulong)keyid[1] ); - FIXME: mark */ + else { + /* FIXME: we should chek the other values */ } - if( !(trust & TRUST_NO_PUBKEY) ) { - if( DBG_TRUST ) - log_debug("putting %08lX(%lu) into ultikey_table\n", - (ulong)keyid[1], pkc->local_id ); - if( add_lid_table_item( ultikey_table, pkc->local_id, 0 ) ) - log_error("keyid %08lX: already in ultikey_table\n", - (ulong)keyid[1]); - } + if( DBG_TRUST ) + log_debug("putting %08lX(%lu) into ultikey_table\n", + (ulong)keyid[1], pkc->local_id ); + if( ins_lid_table_item( ultikey_table, pkc->local_id, 0 ) ) + log_error("keyid %08lX: already in ultikey_table\n", + (ulong)keyid[1]); release_secret_cert_parts( skc ); release_public_cert_parts( pkc ); @@ -965,7 +978,7 @@ do_list_sigs( ulong root, ulong pubkey, int depth, printf("%6u: %*s%08lX(%lu:%02x) ", *lineno, depth*4, "", (ulong)keyid[1], sx.sig_id, sx.sig_flag ); /* check wether we already checked this pubkey */ - if( !get_lid_table_flag( ultikey_table, sx.sig_id, NULL ) ) { + if( !qry_lid_table_flag( ultikey_table, sx.sig_id, NULL ) ) { print_user_id("[ultimately trusted]", keyid); ++*lineno; } @@ -977,9 +990,9 @@ do_list_sigs( ulong root, ulong pubkey, int depth, printf("[closed]\n"); ++*lineno; } - else if( add_lid_table_item( lids, sx.sig_id, *lineno ) ) { + else if( ins_lid_table_item( lids, sx.sig_id, *lineno ) ) { unsigned refline; - get_lid_table_flag( lids, sx.sig_id, &refline ); + qry_lid_table_flag( lids, sx.sig_id, &refline ); printf("[see line %u]\n", refline); ++*lineno; } @@ -1028,52 +1041,73 @@ list_sigs( ulong pubkey_id ) - - static int -do_list_path( ulong pubkey, int depth, int max_depth, - LOCAL_ID_INFO *lids, ulong *stack ) +do_list_path( ulong *stack, int depth, int max_depth, + LOCAL_ID_INFO *lids, TRUST_SEG_LIST *tslist ) { SIGREC_CONTEXT sx; + unsigned last_depth; int rc; - if( depth > max_depth || depth >= MAX_LIST_SIGS_DEPTH ) + assert(depth); + + /*printf("%2lu/%d: scrutinizig\n", stack[depth-1], depth);*/ + if( depth >= max_depth || depth >= MAX_LIST_SIGS_DEPTH-1 ) { + /*printf("%2lu/%d: to deeply nested\n", stack[depth-1], depth);*/ return 0; - if( !get_lid_table_flag( ultikey_table, pubkey, NULL ) ) { - /* found a path */ + } + memset( &sx, 0, sizeof sx ); + sx.pubkey_id = stack[depth-1]; + while( !(rc = walk_sigrecs( &sx )) ) { + TRUST_SEG_LIST tsl, t2, tl; int i; - u32 keyid[2]; - for(i=0; i < depth; i++ ) { - if( keyid_from_local_id( stack[i], keyid ) ) - printf("%*s????????(%lu) ", i*4,"", stack[i] ); + stack[depth] = sx.sig_id; + if( qry_lid_table_flag( lids, sx.sig_id, &last_depth) ) { + /*printf("%2lu/%d: marked\n", sx.sig_id, depth );*/ + ins_lid_table_item( lids, sx.sig_id, depth); + last_depth = depth; + } + else if( depth < last_depth ) { + /*printf("%2lu/%d: last_depth=%u - updated\n", sx.sig_id, depth, last_depth);*/ + last_depth = depth; + upd_lid_table_flag( lids, sx.sig_id, depth); + } + + if( last_depth < depth ) + /*printf("%2lu/%d: already visited\n", sx.sig_id, depth)*/; + else if( !qry_lid_table_flag( ultikey_table, sx.sig_id, NULL ) ) { + /* found end of path; store it, ordered by path length */ + tsl = m_alloc( sizeof *tsl + depth*sizeof(ulong) ); + tsl->nseg = depth+1; + tsl->dup = 0; + for(i=0; i <= depth; i++ ) + tsl->seg[i] = stack[i]; + for(t2=*tslist,tl=NULL; t2; tl=t2, t2 = t2->next ) + if( depth < t2->nseg ) + break; + if( !tl ) { + tsl->next = t2; + *tslist = tsl; + } else { - printf("%*s%08lX(%lu) ", i*4,"", keyid[1], stack[i] ); - print_user_id("", keyid ); + tsl->next = t2; + tl->next = tsl; } + /*putchar('.'); fflush(stdout);*/ + /*printf("%2lu/%d: found\n", sx.sig_id, depth);*/ } - putchar('\n'); - return 0; - } - - if( add_lid_table_item( lids, pubkey, 0 ) ) - return 0; - - memset( &sx, 0, sizeof sx ); - sx.pubkey_id = pubkey; - do { - rc = walk_sigrecs( &sx ); - if( !rc ) { - stack[depth] = sx.sig_id; - rc = do_list_path( sx.sig_id, depth+1, max_depth, lids, stack ); + else { + rc = do_list_path( stack, depth+1, max_depth, lids, tslist); + if( rc && rc != -1 ) + break; } - } while( !rc ); + } return rc==-1? 0 : rc; } - /**************** * Check all the sigs of the given keyblock and mark them * as checked. @@ -1237,38 +1271,12 @@ build_sigrecs( ulong pubkeyid ) -/**************** - * Recursive check the signatures. - */ - #if 0 -static int -walk( KBNODE keyblock, int levels ) -{ - KBNODE kbctx, node; - - check_sigs( keyblock ); - if( levels ) { /* check the next level */ - for( kbctx=NULL; (node=walk_kbtree( keyblock, &kbctx)) ; ) { - if( node->pkt->pkttype == PKT_SIGNATURE && (node->flag & 1) ) { - /* read the keyblock for this signator */ - - /* and check his signatures */ - /*walk( his_keyblock, levels-1)*/ - } - } - } - return -1; -} -#endif - - - /**************** * */ static int -check_trust( ulong pubkeyid ) +do_check( ulong pubkeyid, int *trustlevel ) { int rc=0; ulong rnum; @@ -1367,46 +1375,49 @@ init_trustdb( int level ) * is not necessary to check this if we use a local pubring. Hmmmm. */ int -check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel ) +check_trust( PKT_public_cert *pkc, int *r_trustlevel ) { TRUSTREC rec; - int trustlevel = 0; + int trustlevel = TRUST_UNKNOWN; int rc=0; - if( opt.verbose ) - log_info("check_pkc_trust() called.\n"); + if( DBG_TRUST ) + log_info("check_trust() called.\n"); /* get the pubkey record */ if( pkc->local_id ) { if( read_record( pkc->local_id, &rec ) ) { - log_error("check_pkc_trust: read record failed\n"); + log_error("check_trust: read record failed\n"); return G10ERR_TRUSTDB; } } else { /* no local_id: scan the trustdb */ if( (rc=scan_record_by_pkc( pkc, &rec, 2 )) && rc != -1 ) { - log_error("check_pkc_trust: scan_record_by_pkc(2) failed: %s\n", + log_error("check_trust: scan_record_by_pkc(2) failed: %s\n", g10_errstr(rc)); return rc; } else if( rc == -1 ) { - log_error("check_pkc_trust: pubkey not in TrustDB\n"); - trustlevel = TRUST_NO_PUBKEY; + log_error("check_trust: pubkey not in TrustDB\n"); goto leave; } } /* fixme: do some additional checks on the pubkey record */ - rc = check_trust( pkc->local_id ); + rc = do_check( pkc->local_id, &trustlevel ); if( rc ) { - log_error("check_pkc_trust: check_trust failed: %s\n", g10_errstr(rc)); + log_error("check_trust: do_check failed: %s\n", g10_errstr(rc)); return rc; } + if( !rec.r.pubkey.ownertrust ) + trustlevel = TRUST_UNDEFINED; + else + trustlevel = TRUST_EXPIRED; leave: - if( opt.verbose ) - log_info("check_pkc_trust() returns trustlevel %04x.\n", trustlevel); + if( DBG_TRUST ) + log_info("check_trust() returns trustlevel %04x.\n", trustlevel); *r_trustlevel = trustlevel; return 0; } @@ -1453,9 +1464,6 @@ insert_trust_record( PKT_public_cert *pkc ) size_t fingerlen; - if( DBG_TRUST ) - log_debug("trustdb: insert_record\n"); - if( pkc->local_id ) log_bug("pkc->local_id=%lu\n", (ulong)pkc->local_id ); @@ -1491,8 +1499,6 @@ update_trust_record( PKT_public_cert *pkc, int new_trust ) TRUSTREC rec; ulong recnum; - if( DBG_TRUST ) - log_debug("trustdb: update_record\n"); assert( pkc->local_id ); diff --git a/g10/trustdb.h b/g10/trustdb.h index bd15d25b0..75ead66bd 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -23,21 +23,20 @@ -#define TRUST_MASK 0x07 /* for the trust leveles */ -#define TRUST_UNKNOWN 1 /* unknown */ -#define TRUST_NO_TRUST 2 /* not trusted */ -#define TRUST_MARG_TRUST 4 /* marginally trusted */ -#define TRUST_FULL_TRUST 5 /* fully trusted */ -#define TRUST_ULT_TRUST 7 /* ultimately trusted */ - /* other bits used with the trustlevel */ -#define TRUST_NO_PUBKEY 0x10 /* we do not have the pubkey in out trustDB */ +#define TRUST_UNKNOWN 0 /* not yet calculated */ +#define TRUST_EXPIRED 1 /* calculation may be invalid */ +#define TRUST_UNDEFINED 2 /* not enough informations for calculation */ +#define TRUST_NEVER 3 /* never trusted this pubkey */ +#define TRUST_MARGINAL 4 /* marginally trusted */ +#define TRUST_FULLY 5 /* fully trusted */ +#define TRUST_ULTIMATE 6 /* ultimately trusted */ /*-- trustdb.c --*/ void list_trustdb(const char *username); void list_trust_path( int max_depth, const char *username ); int init_trustdb( int level ); -int check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel ); +int check_trust( PKT_public_cert *pkc, int *r_trustlevel ); int get_ownertrust( PKT_public_cert *pkc, int *r_otrust ); int insert_trust_record( PKT_public_cert *pkc ); int verify_private_data(void); |