summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS12
-rw-r--r--TODO6
-rw-r--r--VERSION2
-rw-r--r--cipher/ChangeLog9
-rw-r--r--cipher/dynload.c5
-rw-r--r--cipher/rmd160.c20
-rw-r--r--doc/DETAILS27
-rw-r--r--g10/ChangeLog17
-rw-r--r--g10/Makefile.am2
-rw-r--r--g10/g10.c45
-rw-r--r--g10/getkey.c9
-rw-r--r--g10/keydb.h1
-rw-r--r--g10/keyid.c11
-rw-r--r--g10/mainproc.c2
-rw-r--r--g10/packet.h1
-rw-r--r--g10/parse-packet.c2
-rw-r--r--g10/pkclist.c111
-rw-r--r--g10/sig-check.c2
-rw-r--r--g10/status.c6
-rw-r--r--g10/status.h9
-rw-r--r--g10/tdbio.c518
-rw-r--r--g10/tdbio.h150
-rw-r--r--g10/trustdb.c744
-rw-r--r--include/cipher.h2
-rw-r--r--po/de.po370
-rwxr-xr-xtools/mk-tdatabin35443 -> 26204 bytes
-rw-r--r--util/ChangeLog4
-rw-r--r--util/secmem.c10
-rw-r--r--zlib/Makefile2
29 files changed, 1271 insertions, 828 deletions
diff --git a/NEWS b/NEWS
index 86835f12e..6695dd549 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,15 @@
+Noteworthy changes in version 0.3.2
+-----------------------------------
+ * Fixed some bugs when using --textmode (-seat)
+
+ * Now displays the trust status of a positive verified message.
+
+ * Keyrings are now scanned in the sequence they are added with
+ --[secret-]keyring. Note that the default keyring is implictly
+ added as the very first one unless --no-default-keyring is used.
+
+ * Fixed setuid and dlopen bug.
+
Noteworthy changes in version 0.3.1
-----------------------------------
* Partial headers are now written in the OpenPGP format if
diff --git a/TODO b/TODO
index 7d77e55c9..53a3c9de8 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,10 @@
+
+ * clearsig of zero length files does not work
+
+ * Change the inernal represenation of keyid into a struct which
+ can also hold the localid
+
* add option --restore-ownertrust
* always put key signatures before the first subkey.
diff --git a/VERSION b/VERSION
index d296451a6..d15723fbe 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.3.1a
+0.3.2
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index 2e47f9a0c..bee034920 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,12 @@
+Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dynload.c (load_extension): Function now nbails out if
+ the program is run setuid.
+
+Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (rmd160_hash_buffer): New.
+
Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de)
* cipher.c (cipher_open): algos >=100 use standard CFB
diff --git a/cipher/dynload.c b/cipher/dynload.c
index e22731702..a8c01f259 100644
--- a/cipher/dynload.c
+++ b/cipher/dynload.c
@@ -22,6 +22,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
#ifdef HAVE_DL_DLOPEN
#include <dlfcn.h>
#endif
@@ -109,7 +110,11 @@ load_extension( EXTLIST el )
int seq = 0;
int class, vers;
+ /* make sure we are not setuid */
+ if( getuid() != geteuid() )
+ log_bug("trying to load an extension while still setuid\n");
+ /* now that we are not setuid anymore, we can safely load modules */
el->handle = dlopen(el->name, RTLD_NOW);
if( !el->handle ) {
log_error("%s: error loading extension: %s\n", el->name, dlerror() );
diff --git a/cipher/rmd160.c b/cipher/rmd160.c
index e38172498..3b1702cb0 100644
--- a/cipher/rmd160.c
+++ b/cipher/rmd160.c
@@ -26,7 +26,7 @@
#include "util.h"
#include "memory.h"
#include "rmd.h"
-
+#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
/*********************************
* RIPEMD-160 is not patented, see (as of 25.10.97)
@@ -530,6 +530,24 @@ rmd160_read( RMD160_CONTEXT *hd )
return hd->buf;
}
+
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )
+{
+ RMD160_CONTEXT hd;
+
+ rmd160_init( &hd );
+ rmd160_write( &hd, (byte*)buffer, length );
+ rmd160_final( &hd );
+ memcpy( outbuf, hd.buf, 20 );
+}
+
+
/****************
* Return some information about the algorithm. We need algo here to
* distinguish different flavors of the algorithm.
diff --git a/doc/DETAILS b/doc/DETAILS
index e315bf550..a2de34306 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -84,18 +84,18 @@ Record type 2: (directory record)
1 byte reserved
8 bytes keyid (We keep it here to speed up searching by keyid)
1 u32 Local-Id. This is simply the record number of this record.
- 1 u32 pubkey (record number of it)
+ 1 u32 primary public key (record number of it)
1 u32 cache record
1 u32 sigrecord
1 byte No signatures flag (used to avoid duplicate building).
3 byte reserved
- 1 u32 preference record
+ 1 u32 userid record
6 byte reserved
Record type 3:
--------------
- Informations about a public key certificate.
+ Informations about a primary public key.
These are static values which are never changed without user interaction.
1 byte value 3
@@ -107,7 +107,7 @@ Record type 3:
1 byte pubkey algorithm
1 byte length of the fingerprint (in bytes)
20 bytes fingerprint of the public key
- 1 byte ownertrust:
+ 1 byte ownertrust if there is no trust defined for the userid:
3 byte reserved
@@ -207,6 +207,25 @@ Record type 7 (hash list)
For the current record length of 40, n is 6
+Record type 8: (userid)
+--------------
+ Informations about a userid
+ We do not store the userid but the hash value of the userid because that
+ is sufficient.
+
+ 1 byte value 8
+ 1 byte reserved
+ 1 u32 owner; points to the directory record.
+ 1 u32 next userid
+ 1 byte subtype: 0 = a real user id
+ 1 = not a real userid, but a "dummy" user of length 0
+ which is used to represent stuff that is directly
+ bound to the key.
+ 20 bytes ripemd160 hash of the username.
+ 1 u32 pointer to preference record
+ 1 byte ownertrust
+ 4 byte reserved
+
Packet Headers
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 7525c1818..a637ac9e9 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,20 @@
+Thu Jul 9 14:52:47 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * g10.c (build_list): Now drops setuid.
+ (main): Changed the way keyrings and algorithms are registered .
+
+Wed Jul 8 14:17:30 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h (PKT_public_key): Add field keyid.
+ * parse-packet.c (parse_key): Reset the above field.
+ * keyid.c (keyid_from_pk): Use above field as cache.
+
+ * tdbio.c, tdbio.h: New
+ * trustdb.c: Moved some functions to tdbio.c.
+ (print_keyid): New.
+
+ * pkclist.c (check_signatures_trust): New.
+
Wed Jul 8 10:45:28 1998 Werner Koch (wk@isil.d.shuttle.de)
* plaintext.c (special_md_putc): New.
diff --git a/g10/Makefile.am b/g10/Makefile.am
index c64055423..be695d895 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -32,6 +32,8 @@ common_source = \
keyid.c \
trustdb.c \
trustdb.h \
+ tdbio.c \
+ tdbio.h \
pref.h \
pref.c \
packet.h \
diff --git a/g10/g10.c b/g10/g10.c
index 77ba9bc4a..8082fe2eb 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -182,6 +182,7 @@ enum cmd_values { aNull = 0,
aDeArmor, aEnArmor, aGenRandom,
aTest };
+static int maybe_setuid = 1;
static char *build_list( const char *text,
const char *(*mapf)(int), int (*chkf)(int) );
@@ -264,6 +265,9 @@ build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) )
size_t n=strlen(text)+2;
char *list, *p;
+ if( maybe_setuid )
+ secmem_init( 0 ); /* drop setuid */
+
for(i=1; i < 110; i++ )
if( !chkf(i) && (s=mapf(i)) )
n += strlen(s) + 2;
@@ -381,7 +385,7 @@ main( int argc, char **argv )
char **orig_argv;
const char *fname;
STRLIST sl, remusr= NULL, locusr=NULL;
- int nrings=0, sec_nrings=0;
+ STRLIST nrings=NULL, sec_nrings=NULL;
armor_filter_context_t afx;
int detached_sig = 0;
FILE *configfp = NULL;
@@ -394,10 +398,13 @@ main( int argc, char **argv )
int greeting = 1;
enum cmd_values cmd = 0;
const char *trustdb_name = NULL;
+ char *def_cipher_string = NULL;
+ char *def_digest_string = NULL;
trap_unaligned();
#ifdef IS_G10MAINT
secmem_init( 0 ); /* disable use of secmem */
+ maybe_setuid = 0;
log_set_name("gpgm");
#else
/* Please note that we may running SUID(ROOT), so be very CAREFUL
@@ -509,12 +516,8 @@ main( int argc, char **argv )
case 523: set_passphrase_fd( pargs.r.ret_int ); break;
case 524: set_cmd( &cmd, aEditKey); break;
case 525: set_cmd( &cmd, aChangePass); break;
- case 527:
- opt.def_cipher_algo = string_to_cipher_algo(pargs.r.ret_str);
- break;
- case 529:
- opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str);
- break;
+ case 527: def_cipher_string = m_strdup(pargs.r.ret_str); break;
+ case 529: def_digest_string = m_strdup(pargs.r.ret_str); break;
case 539: set_cmd( &cmd, aClearsign); break;
case 540: secmem_set_flags( secmem_get_flags() | 1 ); break;
case 542: set_cmd( &cmd, aGenRevoke); break;
@@ -548,12 +551,12 @@ main( int argc, char **argv )
case 501: opt.answer_yes = 1; break;
case 502: opt.answer_no = 1; break;
case 508: set_cmd( &cmd, aCheckKeys); break;
- case 509: add_keyring(pargs.r.ret_str); nrings++; break;
+ case 509: append_to_strlist( &nrings, pargs.r.ret_str); break;
case 510: opt.debug |= pargs.r.ret_ulong; break;
case 511: opt.debug = ~0; break;
case 512: set_status_fd( pargs.r.ret_int ); break;
case 515: opt.fingerprint = 1; break;
- case 517: add_secret_keyring(pargs.r.ret_str); sec_nrings++; break;
+ case 517: append_to_strlist( &sec_nrings, pargs.r.ret_str); break;
case 518:
/* config files may not be nested (silently ignore them) */
if( !configfp ) {
@@ -603,7 +606,6 @@ main( int argc, char **argv )
goto next_pass;
}
m_free( configname ); configname = NULL;
- check_opts();
if( log_get_errorcount(0) )
g10_exit(2);
@@ -615,12 +617,28 @@ main( int argc, char **argv )
#ifdef IS_G10
/* initialize the secure memory. */
secmem_init( 16384 );
+ maybe_setuid = 0;
/* Okay, we are now working under our real uid */
#endif
/*write_status( STATUS_ENTER );*/
set_debug();
+
+ /* must do this after dropping setuid, because string_to...
+ * may try to load an module */
+ if( def_cipher_string ) {
+ opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
+ m_free(def_cipher_string); def_cipher_string = NULL;
+ }
+ if( def_digest_string ) {
+ opt.def_digest_algo = string_to_digest_algo(def_digest_string);
+ m_free(def_digest_string); def_digest_string = NULL;
+ }
+ check_opts();
+ if( log_get_errorcount(0) )
+ g10_exit(2);
+
if( !cmd && opt.fingerprint )
set_cmd( &cmd, aListKeys);
@@ -651,11 +669,18 @@ main( int argc, char **argv )
* not in case of "-kvv userid keyring" */
if( cmd != aDeArmor && cmd != aEnArmor
&& !(cmd == aKMode && argc == 2 ) ) {
+
if( !sec_nrings || default_keyring ) /* add default secret rings */
add_secret_keyring("secring.gpg");
+ for(sl = sec_nrings; sl; sl = sl->next )
+ add_secret_keyring( sl->d );
if( !nrings || default_keyring ) /* add default ring */
add_keyring("pubring.gpg");
+ for(sl = nrings; sl; sl = sl->next )
+ add_keyring( sl->d );
}
+ FREE_STRLIST(nrings);
+ FREE_STRLIST(sec_nrings);
if( argc )
fname = *argv;
diff --git a/g10/getkey.c b/g10/getkey.c
index c51e54bd9..3f8ac63b8 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -759,6 +759,15 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
size_t an;
byte *afp = fingerprint_from_pk(
k->pkt->pkt.public_key, &an );
+
+ if( DBG_CACHE ) {
+ u32 aki[2];
+ keyid_from_pk( k->pkt->pkt.public_key, aki );
+ log_debug(" aki=%08lx%08lx algo=%d mode=%d an=%u\n",
+ (ulong)aki[0], (ulong)aki[1],
+ k->pkt->pkt.public_key->pubkey_algo,
+ mode, an );
+ }
if( an == mode && !memcmp( afp, name, an)
&& ( !pk->pubkey_algo
|| pk->pubkey_algo
diff --git a/g10/keydb.h b/g10/keydb.h
index ddc9e5491..58a170d27 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -86,6 +86,7 @@ struct pubkey_find_info {
/*-- pkclist.c --*/
+int check_signatures_trust( PKT_signature *sig );
void release_pk_list( PK_LIST pk_list );
int build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage );
diff --git a/g10/keyid.c b/g10/keyid.c
index 74bbf8c2c..0809df93a 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -161,9 +161,16 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
if( !keyid )
keyid = dummy_keyid;
- if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
+ if( pk->keyid[0] || pk->keyid[1] ) {
+ keyid[0] = pk->keyid[0];
+ keyid[1] = pk->keyid[1];
+ lowbits = keyid[1];
+ }
+ else if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
lowbits = pubkey_get_npkey(pk->pubkey_algo) ?
mpi_get_keyid( pk->pkey[0], keyid ) : 0 ; /* from n */
+ pk->keyid[0] = keyid[0];
+ pk->keyid[1] = keyid[1];
}
else {
const byte *dp;
@@ -174,6 +181,8 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
lowbits = keyid[1];
md_close(md);
+ pk->keyid[0] = keyid[0];
+ pk->keyid[1] = keyid[1];
}
return lowbits;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index b73d49bd1..9090fd4e1 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -837,6 +837,8 @@ check_sig_and_print( CTX c, KBNODE node )
print_keyid( stderr, sig->keyid );
putc('\"', stderr);
putc('\n', stderr);
+ if( !rc )
+ rc = check_signatures_trust( sig );
if( opt.batch && rc )
g10_exit(1);
}
diff --git a/g10/packet.h b/g10/packet.h
index 9c8a8547d..0cefd8d10 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -111,6 +111,7 @@ typedef struct {
byte pubkey_algo; /* algorithm used for public key scheme */
byte pubkey_usage; /* for now only used to pass it to getkey() */
ulong local_id; /* internal use, valid if > 0 */
+ u32 keyid[2]; /* calculated by keyid_from_pk() */
MPI pkey[PUBKEY_MAX_NPKEY];
} PKT_public_key;
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index ab1e6cdf8..310feae29 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -946,6 +946,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
pk->version = version;
pk->pubkey_algo = algorithm;
pk->pubkey_usage = 0; /* not yet used */
+ pk->keyid[0] = 0;
+ pk->keyid[1] = 0;
}
nskey = pubkey_get_nskey( algorithm );
npkey = pubkey_get_npkey( algorithm );
diff --git a/g10/pkclist.c b/g10/pkclist.c
index e20fe8503..81e23c765 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -33,6 +33,7 @@
#include "util.h"
#include "trustdb.h"
#include "ttyio.h"
+#include "status.h"
#include "i18n.h"
/****************
@@ -57,7 +58,7 @@ query_ownertrust( ulong lid )
pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc ) {
- log_error("keyid %08lX: pubkey not found: %s\n",
+ log_error("key %08lX: public key not found: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
return 0;
}
@@ -282,6 +283,114 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel )
}
+
+/****************
+ * Check whether we can trust this signature.
+ * Returns: Error if we shall not trust this signatures.
+ */
+int
+check_signatures_trust( PKT_signature *sig )
+{
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
+ int trustlevel;
+ int dont_try = 0;
+ int rc=0;
+
+ rc = get_pubkey( pk, sig->keyid );
+ if( rc ) { /* this should not happen */
+ log_error("Ooops; the key vanished - can't check the trust\n");
+ rc = G10ERR_NO_PUBKEY;
+ goto leave;
+ }
+
+ retry:
+ rc = check_trust( pk, &trustlevel );
+ if( rc ) {
+ log_error("check trust failed: %s\n", g10_errstr(rc));
+ goto leave;
+ }
+
+ if( (trustlevel & TRUST_FLAG_REVOKED) ) {
+ write_status( STATUS_KEYREVOKED );
+ log_info(_("WARNING: This key has been revoked by its owner!\n"));
+ log_info(_(" This could mean that the signature is forgery.\n"));
+ }
+
+
+ switch( (trustlevel & TRUST_MASK) ) {
+ case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
+ rc = insert_trust_record( pk );
+ if( rc ) {
+ log_error("failed to insert it into the trustdb: %s\n",
+ g10_errstr(rc) );
+ goto leave;
+ }
+ rc = check_trust( pk, &trustlevel );
+ if( rc )
+ log_fatal("trust check after insert failed: %s\n",
+ g10_errstr(rc) );
+ if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED )
+ BUG();
+ goto retry;
+
+ case TRUST_EXPIRED:
+ log_info(_("Note: This key has expired!\n"));
+ break;
+
+ case TRUST_UNDEFINED:
+ if( dont_try || opt.batch || opt.answer_no ) {
+ write_status( STATUS_TRUST_UNDEFINED );
+ log_info(_(
+ "WARNING: This key is not certified with a trusted signature!\n"));
+ log_info(_(
+ " There is no indication that the "
+ "signature belongs to the owner.\n" ));
+ }
+ else {
+ rc = add_ownertrust( pk );
+ if( rc ) {
+ dont_try = 1;
+ rc = 0;
+ }
+ goto retry;
+ }
+ break;
+
+ case TRUST_NEVER:
+ write_status( STATUS_TRUST_NEVER );
+ log_info(_("WARNING: We do NOT trust this key!\n"));
+ log_info(_(" The signature is probably a FORGERY.\n"));
+ rc = G10ERR_BAD_SIGN;
+ break;
+
+ case TRUST_MARGINAL:
+ write_status( STATUS_TRUST_MARGINAL );
+ log_info(_(
+ "WARNING: This key is not certified with enough trusted signatures!\n"
+ ));
+ log_info(_(
+ " It is not certain that the signature belongs to the owner.\n"
+ ));
+ break;
+
+ case TRUST_FULLY:
+ write_status( STATUS_TRUST_FULLY );
+ break;
+
+ case TRUST_ULTIMATE:
+ write_status( STATUS_TRUST_ULTIMATE );
+ break;
+
+ default: BUG();
+ }
+
+
+ leave:
+ free_public_key( pk );
+ return rc;
+}
+
+
void
release_pk_list( PK_LIST pk_list )
{
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 984671923..f600a4d1e 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -158,7 +158,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
}
if( pk->timestamp > sig->timestamp )
- return G10ERR_TIME_CONFLICT; /* pubkey newer that signature */
+ return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */
cur_time = make_timestamp();
if( pk->timestamp > cur_time ) {
diff --git a/g10/status.c b/g10/status.c
index 35367fbba..5cdd4fd03 100644
--- a/g10/status.c
+++ b/g10/status.c
@@ -54,10 +54,16 @@ write_status_text( int no, const char *text)
case STATUS_ABORT : s = "ABORT\n"; break;
case STATUS_GOODSIG: s = "GOODSIG\n"; break;
case STATUS_SIGEXPIRED: s = "SIGEXPIRED\n"; break;
+ case STATUS_KEYREVOKED: s = "KEYREVOKED\n"; break;
case STATUS_BADSIG : s = "BADSIG\n"; break;
case STATUS_ERRSIG : s = "ERRSIG\n"; break;
case STATUS_BADARMOR : s = "BADARMOR\n"; break;
case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA\n"; break;
+ case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED\n"; break;
+ case STATUS_TRUST_NEVER : s = "TRUST_NEVER\n"; break;
+ case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL\n"; break;
+ case STATUS_TRUST_FULLY : s = "TRUST_FULLY\n"; break;
+ case STATUS_TRUST_ULTIMATE : s = "TRUST_ULTIMATE\n"; break;
default: s = "?\n"; break;
}
diff --git a/g10/status.h b/g10/status.h
index 8b5ffdacd..d6ed773a0 100644
--- a/g10/status.h
+++ b/g10/status.h
@@ -34,6 +34,15 @@
#define STATUS_RSA_OR_IDEA 8
#define STATUS_SIGEXPIRED 9
+#define STATUS_KEYREVOKED 10
+
+#define STATUS_TRUST_UNDEFINED 11
+#define STATUS_TRUST_NEVER 12
+#define STATUS_TRUST_MARGINAL 13
+#define STATUS_TRUST_FULLY 14
+#define STATUS_TRUST_ULTIMATE 15
+
+
/*-- status.c --*/
void set_status_fd( int fd );
diff --git a/g10/tdbio.c b/g10/tdbio.c
new file mode 100644
index 000000000..d3b9a7221
--- /dev/null
+++ b/g10/tdbio.c
@@ -0,0 +1,518 @@
+/* tdbio.c
+ * Copyright (C) 1998 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "errors.h"
+#include "iobuf.h"
+#include "memory.h"
+#include "util.h"
+#include "options.h"
+#include "main.h"
+#include "i18n.h"
+#include "trustdb.h"
+#include "tdbio.h"
+
+
+
+static char *db_name;
+static int db_fd = -1;
+
+
+
+static void create_db( const char *fname );
+static void open_db(void);
+
+/**************************************************
+ ************** read and write helpers ************
+ **************************************************/
+
+static void
+fwrite_8(FILE *fp, byte a)
+{
+ if( putc( a & 0xff, fp ) == EOF )
+ log_fatal("error writing byte to trustdb: %s\n", strerror(errno) );
+}
+
+
+static void
+fwrite_32( FILE*fp, ulong a)
+{
+ putc( (a>>24) & 0xff, fp );
+ putc( (a>>16) & 0xff, fp );
+ putc( (a>> 8) & 0xff, fp );
+ if( putc( a & 0xff, fp ) == EOF )
+ log_fatal("error writing ulong to trustdb: %s\n", strerror(errno) );
+}
+
+static void
+fwrite_zeros( FILE *fp, size_t n)
+{
+ while( n-- )
+ if( putc( 0, fp ) == EOF )
+ log_fatal("error writing zeros to trustdb: %s\n", strerror(errno) );
+}
+
+
+
+
+/**************************************************
+ ************** read and write stuff **************
+ **************************************************/
+
+int
+tdbio_set_dbname( const char *new_dbname, int create )
+{
+ char *fname;
+
+ fname = new_dbname? m_strdup( new_dbname )
+ : make_filename(opt.homedir, "trustdb.gpg", NULL );
+
+ if( access( fname, R_OK ) ) {
+ if( errno != ENOENT ) {
+ log_error_f( fname, _("can't access: %s\n"), strerror(errno) );
+ m_free(fname);
+ return G10ERR_TRUSTDB;
+ }
+ if( create ) {
+ char *p = strrchr( fname, '/' );
+ assert(p);
+ *p = 0;
+ if( access( fname, F_OK ) ) {
+ if( strlen(fname) >= 7
+ && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) {
+ #if __MINGW32__
+ if( mkdir( fname ) )
+ #else
+ if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) )
+ #endif
+ log_fatal_f( fname, _("can't create directory: %s\n"),
+ strerror(errno) );
+ }
+ else
+ log_fatal_f(fname, _("directory does not exist!\n") );
+ }
+ *p = '/';
+ create_db( fname );
+ }
+ }
+ m_free(db_name);
+ db_name = fname;
+ return 0;
+}
+
+
+const char *
+tdbio_get_dbname()
+{
+ return db_name;
+}
+
+
+
+/****************
+ * Create a new trustdb
+ */
+static void
+create_db( const char *fname )
+{
+ FILE *fp;
+
+ fp =fopen( fname, "w" );
+ if( !fp )
+ log_fatal_f( fname, _("can't create %s: %s\n"), strerror(errno) );
+ fwrite_8( fp, 1 );
+ fwrite_8( fp, 'g' );
+ fwrite_8( fp, 'p' );
+ fwrite_8( fp, 'g' );
+ fwrite_8( fp, 1 ); /* version */
+ fwrite_zeros( fp, 3 ); /* reserved */
+ fwrite_32( fp, 0 ); /* not locked */
+ fwrite_32( fp, make_timestamp() ); /* created */
+ fwrite_32( fp, 0 ); /* not yet modified */
+ fwrite_32( fp, 0 ); /* not yet validated*/
+ fwrite_32( fp, 0 ); /* reserved */
+ fwrite_8( fp, 3 ); /* marginals needed */
+ fwrite_8( fp, 1 ); /* completes needed */
+ fwrite_8( fp, 4 ); /* max_cet_depth */
+ fwrite_zeros( fp, 9 ); /* filler */
+ fclose(fp);
+}
+
+
+
+static void
+open_db()
+{
+ TRUSTREC rec;
+ assert( db_fd == -1 );
+
+ db_fd = open( db_name, O_RDWR );
+ if( db_fd == -1 )
+ log_fatal_f( db_name, _("can't open: %s\n"), strerror(errno) );
+ if( tdbio_read_record( 0, &rec, RECTYPE_VER ) )
+ log_fatal_f( db_name, _("invalid trust-db\n") );
+ /* fixme: check ->locked and other stuff */
+}
+
+
+void
+tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
+{
+ int i, any;
+
+ fprintf(fp, "rec %5lu, type=", rnum );
+
+ switch( rec->rectype ) {
+ case 0: fprintf(fp, "free\n");
+ break;
+ case RECTYPE_VER: fprintf(fp, "version\n");
+ break;
+ case RECTYPE_DIR:
+ fprintf(fp, "dir keyid=%08lX, key=%lu, ctl=%lu, sig=%lu",
+ (ulong)rec->r.dir.keyid[1],
+ rec->r.dir.keyrec, rec->r.dir.ctlrec, rec->r.dir.sigrec );
+ if( rec->r.dir.no_sigs == 1 )
+ fputs(", (none)", fp );
+ else if( rec->r.dir.no_sigs == 2 )
+ fputs(", (invalid)", fp );
+ else if( rec->r.dir.no_sigs == 3 )
+ fputs(", (revoked)", fp );
+ else if( rec->r.dir.no_sigs )
+ fputs(", (??)", fp );
+ putc('\n', fp);
+ break;
+ case RECTYPE_KEY: fprintf(fp,
+ "key %08lX, own=%lu, ownertrust=%02x, fl=%d\n",
+ (ulong)rec->r.key.keyid[1],
+ rec->r.key.owner, rec->r.key.ownertrust,
+ rec->r.key.fingerprint_len );
+ break;
+ case RECTYPE_UID:
+ if( !rec->r.uid.subtype )
+ fprintf(fp,
+ "uid %02x%02x, owner=%lu, chain=%lu, pref=%lu, otr=%02x\n",
+ rec->r.uid.namehash[18], rec->r.uid.namehash[19],
+ rec->r.uid.owner, rec->r.uid.chain, (ulong)rec->r.uid.prefrec,
+ rec->r.uid.ownertrust );
+ else
+ fprintf(fp,
+ "uid subtype%d, owner=%lu, chain=%lu\n",
+ rec->r.uid.subtype, rec->r.uid.owner, rec->r.uid.chain);
+ break;
+ case RECTYPE_CTL: fprintf(fp, "ctl\n");
+ break;
+ case RECTYPE_SIG:
+ fprintf(fp, "sigrec, owner=%lu, chain=%lu\n",
+ rec->r.sig.owner, rec->r.sig.chain );
+ for(i=any=0; i < SIGS_PER_RECORD; i++ ) {
+ if( rec->r.sig.sig[i].local_id ) {
+ if( !any ) {
+ putc('\t', fp);
+ any++;
+ }
+ fprintf(fp, " %lu:%02x", rec->r.sig.sig[i].local_id,
+ rec->r.sig.sig[i].flag );
+ }
+ }
+ if( any )
+ putc('\n', fp);
+ break;
+ default:
+ fprintf(fp, "%d (unknown)\n", rec->rectype );
+ break;
+ }
+}
+
+/****************
+ * read the record with number recnum
+ * returns: -1 on error, 0 on success
+ */
+int
+tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
+{
+ byte buf[TRUST_RECORD_LEN], *p;
+ int rc = 0;
+ int n, i;
+
+ if( db_fd == -1 )
+ open_db();
+ if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
+ log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
+ return G10ERR_READ_FILE;
+ }
+ n = read( db_fd, buf, TRUST_RECORD_LEN);
+ if( !n ) {
+ return -1; /* eof */
+ }
+ else if( n != TRUST_RECORD_LEN ) {
+ log_error(_("trustdb: read failed (n=%d): %s\n"), n, strerror(errno) );
+ return G10ERR_READ_FILE;
+ }
+ p = buf;
+ rec->rectype = *p++;
+ if( expected && rec->rectype != expected ) {
+ log_error("%lu: read expected rec type %d, got %d\n",
+ recnum, expected, rec->rectype );
+ return G10ERR_TRUSTDB;
+ }
+ p++;
+ switch( rec->rectype ) {
+ case 0: /* unused record */
+ break;
+ case RECTYPE_VER: /* version record */
+ /* g10 was the original name */
+ if( memcmp(buf+1, "gpg", 3 ) && memcmp(buf+1, "g10", 3 ) ) {
+ log_error_f( db_name, _("not a trustdb file\n") );
+ rc = G10ERR_TRUSTDB;
+ }
+ p += 2; /* skip magic */
+ rec->r.ver.version = *p++;
+ rec->r.ver.locked = buftoulong(p); p += 4;
+ rec->r.ver.created = buftoulong(p); p += 4;
+ rec->r.ver.modified = buftoulong(p); p += 4;
+ rec->r.ver.validated= buftoulong(p); p += 4;
+ rec->r.ver.marginals_needed = *p++;
+ rec->r.ver.completes_needed = *p++;
+ rec->r.ver.max_cert_depth = *p++;
+ if( recnum ) {
+ log_error_f( db_name, "version record with recnum %lu\n",
+ (ulong)recnum );
+ rc = G10ERR_TRUSTDB;
+ }
+ if( rec->r.ver.version != 1 ) {
+ log_error_f( db_name, "invalid file version %d\n",
+ rec->r.ver.version );
+ rc = G10ERR_TRUSTDB;
+ }
+ break;
+ case RECTYPE_DIR: /*directory record */
+ rec->r.dir.local_id = buftoulong(p); p += 4;
+ rec->r.dir.keyid[0] = buftou32(p); p += 4;
+ rec->r.dir.keyid[1] = buftou32(p); p += 4;
+ rec->r.dir.keyrec = buftoulong(p); p += 4;
+ rec->r.dir.ctlrec = buftoulong(p); p += 4;
+ rec->r.dir.sigrec = buftoulong(p); p += 4;
+ rec->r.dir.no_sigs = *p++;
+ if( rec->r.dir.local_id != recnum ) {
+ log_error_f( db_name, "dir local_id != recnum (%lu,%lu)\n",
+ (ulong)rec->r.dir.local_id,
+ (ulong)recnum );
+ rc = G10ERR_TRUSTDB;
+ }
+ break;
+ case RECTYPE_KEY: /* public key record */
+ rec->r.key.owner = buftoulong(p); p += 4;
+ rec->r.dir.keyid[0] = buftou32(p); p += 4;
+ rec->r.dir.keyid[1] = buftou32(p); p += 4;
+ rec->r.key.pubkey_algo = *p++;
+ rec->r.key.fingerprint_len = *p++;
+ if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
+ rec->r.key.fingerprint_len = 20;
+ memcpy( rec->r.key.fingerprint, p, 20); p += 20;
+ rec->r.key.ownertrust = *p++;
+ break;
+ case RECTYPE_CTL: /* control record */
+ rec->r.ctl.owner = buftoulong(p); p += 4;
+ memcpy(rec->r.ctl.blockhash, p, 20); p += 20;
+ rec->r.ctl.trustlevel = *p++;
+ break;
+ case RECTYPE_SIG:
+ rec->r.sig.owner = buftoulong(p); p += 4;
+ rec->r.sig.chain = buftoulong(p); p += 4;
+ for(i=0; i < SIGS_PER_RECORD; i++ ) {
+ rec->r.sig.sig[i].local_id = buftoulong(p); p += 4;
+ rec->r.sig.sig[i].flag = *p++;
+ }
+ break;
+ default:
+ log_error_f( db_name, "invalid record type %d at recnum %lu\n",
+ rec->rectype, (ulong)recnum );
+ rc = G10ERR_TRUSTDB;
+ break;
+ }
+
+ return rc;
+}
+
+/****************
+ * Write the record at RECNUM
+ */
+int
+tdbio_write_record( ulong recnum, TRUSTREC *rec )
+{
+ byte buf[TRUST_RECORD_LEN], *p;
+ int rc = 0;
+ int i, n;
+
+ if( db_fd == -1 )
+ open_db();
+
+ memset(buf, 0, TRUST_RECORD_LEN);
+ p = buf;
+ *p++ = rec->rectype; p++;
+ switch( rec->rectype ) {
+ case 0: /* unused record */
+ break;
+ case 1: /* version record */
+ BUG();
+ break;
+
+ case RECTYPE_DIR: /*directory record */
+ ulongtobuf(p, rec->r.dir.local_id); p += 4;
+ u32tobuf(p, rec->r.key.keyid[0]); p += 4;
+ u32tobuf(p, rec->r.key.keyid[1]); p += 4;
+ ulongtobuf(p, rec->r.dir.keyrec); p += 4;
+ ulongtobuf(p, rec->r.dir.ctlrec); p += 4;
+ ulongtobuf(p, rec->r.dir.sigrec); p += 4;
+ *p++ = rec->r.dir.no_sigs;
+ assert( rec->r.dir.local_id == recnum );
+ break;
+
+ case RECTYPE_KEY:
+ ulongtobuf(p, rec->r.key.owner); p += 4;
+ u32tobuf(p, rec->r.key.keyid[0]); p += 4;
+ u32tobuf(p, rec->r.key.keyid[1]); p += 4;
+ *p++ = rec->r.key.pubkey_algo;
+ *p++ = rec->r.key.fingerprint_len;
+ memcpy( p, rec->r.key.fingerprint, 20); p += 20;
+ *p++ = rec->r.key.ownertrust;
+ break;
+
+ case RECTYPE_CTL: /* control record */
+ ulongtobuf(p, rec->r.ctl.owner); p += 4;
+ memcpy(p, rec->r.ctl.blockhash, 20); p += 20;
+ *p++ = rec->r.ctl.trustlevel;
+ break;
+
+ case RECTYPE_SIG:
+ ulongtobuf(p, rec->r.sig.owner); p += 4;
+ ulongtobuf(p, rec->r.sig.chain); p += 4;
+ for(i=0; i < SIGS_PER_RECORD; i++ ) {
+ ulongtobuf(p, rec->r.sig.sig[i].local_id); p += 4;
+ *p++ = rec->r.sig.sig[i].flag;
+ }
+ break;
+ default:
+ BUG();
+ }
+
+ if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
+ log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
+ return G10ERR_WRITE_FILE;
+ }
+ n = write( db_fd, buf, TRUST_RECORD_LEN);
+ if( n != TRUST_RECORD_LEN ) {
+ log_error(_("trustdb: write failed (n=%d): %s\n"), n, strerror(errno) );
+ return G10ERR_WRITE_FILE;
+ }
+
+ return rc;
+}
+
+
+/****************
+ * create a new record and return its record number
+ */
+ulong
+tdbio_new_recnum()
+{
+ off_t offset;
+ ulong recnum;
+ TRUSTREC rec;
+ int rc;
+
+ /* fixme: look for unused records */
+ offset = lseek( db_fd, 0, SEEK_END );
+ if( offset == -1 )
+ log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) );
+ recnum = offset / TRUST_RECORD_LEN;
+ assert(recnum); /* this is will never be the first record */
+
+ /* we must write a record, so that the next call to this function
+ * returns another recnum */
+ memset( &rec, 0, sizeof rec );
+ rec.rectype = 0; /* free record */
+ rc = tdbio_write_record(recnum, &rec );
+ if( rc )
+ log_fatal_f(db_name,_("failed to append a record: %s\n"),
+ g10_errstr(rc));
+ return recnum ;
+}
+
+
+
+/****************
+ * Search the trustdb for a key which matches PK and return the dir record
+ * The local_id of PK is set to the correct value
+ *
+ * Note: To increase performance, we could use a index search here.
+ */
+int
+tdbio_search_record( PKT_public_key *pk, TRUSTREC *rec )
+{
+ ulong recnum;
+ u32 keyid[2];
+ byte *fingerprint;
+ size_t fingerlen;
+ int rc;
+
+ keyid_from_pk( pk, keyid );
+ fingerprint = fingerprint_from_pk( pk, &fingerlen );
+ assert( fingerlen == 20 || fingerlen == 16 );
+
+ for(recnum=1; !(rc=tdbio_read_record( recnum, rec, 0)); recnum++ ) {
+ if( rec->rectype != RECTYPE_DIR )
+ continue;
+ if( rec->r.dir.keyid[0] == keyid[0]
+ && rec->r.dir.keyid[1] == keyid[1]){
+ TRUSTREC keyrec;
+
+ if( tdbio_read_record( rec->r.dir.keyrec, &keyrec, RECTYPE_KEY ) ) {
+ log_error("%lu: ooops: invalid key record\n", recnum );
+ break;
+ }
+ if( keyrec.r.key.pubkey_algo == pk->pubkey_algo
+ && !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){
+ if( pk->local_id && pk->local_id != recnum )
+ log_error_f(db_name,
+ "found record, but local_id from memory does "
+ "not match recnum (%lu,%lu)\n",
+ (ulong)pk->local_id, (ulong)recnum );
+ pk->local_id = recnum;
+ return 0;
+ }
+ }
+ }
+ if( rc != -1 )
+ log_error_f( db_name, _("search_db failed: %s\n"), g10_errstr(rc) );
+ return rc;
+}
+
+
diff --git a/g10/tdbio.h b/g10/tdbio.h
new file mode 100644
index 000000000..facb5c307
--- /dev/null
+++ b/g10/tdbio.h
@@ -0,0 +1,150 @@
+/* tdbio.h - Trust database I/O functions
+ * Copyright (C) 1998 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef G10_TDBIO_H
+#define G10_TDBIO_H
+
+
+#define TRUST_RECORD_LEN 40
+#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5)
+#define ITEMS_PER_HTBL_RECORD ((TRUST_RECORD_LEN-2)/4)
+#define ITEMS_PER_HLST_RECORD ((TRUST_RECORD_LEN-6)/5)
+#define MAX_LIST_SIGS_DEPTH 20
+
+
+#define RECTYPE_VER 1
+#define RECTYPE_DIR 2
+#define RECTYPE_KEY 3
+#define RECTYPE_CTL 4
+#define RECTYPE_SIG 5
+#define RECTYPE_HTBL 6
+#define RECTYPE_HLST 7
+#define RECTYPE_UID 8
+
+
+struct trust_record {
+ int rectype;
+ union {
+ struct { /* version record: */
+ byte version; /* should be 1 */
+ ulong locked; /* pid of process which holds a lock */
+ ulong created; /* timestamp of trustdb creation */
+ ulong modified; /* timestamp of last modification */
+ ulong validated; /* timestamp of last validation */
+ byte marginals_needed;
+ byte completes_needed;
+ byte max_cert_depth;
+ } ver;
+ struct { /* directory record */
+ ulong local_id;
+ u32 keyid[2];
+ ulong keyrec; /* recno of primary public key record */
+ ulong ctlrec; /* recno of control record */
+ ulong sigrec; /* recno of first signature record (osolete) */
+ ulong uidrec; /* recno of first user-id record */
+ ulong link; /* to next dir record */
+ byte no_sigs; /* does not have sigature and checked */
+ } dir;
+ struct { /* primary public key record */
+ ulong owner;
+ u32 keyid[2];
+ byte pubkey_algo;
+ byte fingerprint_len;
+ byte fingerprint[20];
+ byte ownertrust;
+ } key;
+ struct { /* user id reord */
+ ulong owner; /* point back to the directory record */
+ ulong chain; /* points to next user id record */
+ byte subtype; /* must be 0 */
+ byte namehash[20]; /* ripemd hash of the username */
+ byte ownertrust;
+ u32 prefrec; /* recno of reference record */
+ } uid;
+ struct { /* control record */
+ ulong owner;
+ byte blockhash[20];
+ byte trustlevel; /* calculated trustlevel */
+ } ctl;
+ struct { /* signature record */
+ ulong owner; /* local_id of record owner (pubkey record) */
+ ulong chain; /* offset of next record or NULL for last one */
+ struct {
+ ulong local_id; /* of pubkey record of signator (0=unused) */
+ byte flag; /* reserved */
+ } sig[SIGS_PER_RECORD];
+ } sig;
+ struct {
+ ulong item[ITEMS_PER_HTBL_RECORD];
+ } htbl;
+ struct {
+ ulong chain;
+ struct {
+ byte hash;
+ ulong rnum;
+ } item[ITEMS_PER_HLST_RECORD];
+ } hlst;
+ } r;
+};
+typedef struct trust_record TRUSTREC;
+
+typedef struct {
+ ulong local_id; /* localid of the pubkey */
+ ulong sigrec;
+ ulong sig_id; /* returned signature id */
+ unsigned sig_flag; /* returned signature record flag */
+ struct { /* internal data */
+ int init_done;
+ int eof;
+ TRUSTREC rec;
+ int index;
+ } ctl;
+} SIGREC_CONTEXT;
+
+
+/*-- tdbio.c --*/
+int tdbio_set_dbname( const char *new_dbname, int create );
+const char *tdbio_get_dbname(void);
+void tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
+int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
+int tdbio_write_record( ulong recnum, TRUSTREC *rec );
+ulong tdbio_new_recnum(void);
+int tdbio_search_record( PKT_public_key *pk, TRUSTREC *rec );
+
+
+#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \
+ (*((byte*)(p)+2) << 8) | (*((byte*)(p)+3)))
+#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1)))
+#define ulongtobuf( p, a ) do { \
+ ((byte*)p)[0] = a >> 24; \
+ ((byte*)p)[1] = a >> 16; \
+ ((byte*)p)[2] = a >> 8; \
+ ((byte*)p)[3] = a ; \
+ } while(0)
+#define ushorttobuf( p, a ) do { \
+ ((byte*)p)[0] = a >> 8; \
+ ((byte*)p)[1] = a ; \
+ } while(0)
+#define buftou32( p) buftoulong( (p) )
+#define u32tobuf( p, a) ulongtobuf( (p), (a) )
+
+
+
+#endif /*G10_TDBIO_H*/
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 4ca177c1d..916eeffd1 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -39,94 +39,9 @@
#include "packet.h"
#include "main.h"
#include "i18n.h"
+#include "tdbio.h"
-#define TRUST_RECORD_LEN 40
-#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5)
-#define ITEMS_PER_HTBL_RECORD ((TRUST_RECORD_LEN-2)/4)
-#define ITEMS_PER_HLST_RECORD ((TRUST_RECORD_LEN-6)/5)
-#define MAX_LIST_SIGS_DEPTH 20
-
-
-#define RECTYPE_VER 1
-#define RECTYPE_DIR 2
-#define RECTYPE_KEY 3
-#define RECTYPE_CTL 4
-#define RECTYPE_SIG 5
-#define RECTYPE_HTBL 6
-#define RECTYPE_HLST 7
-
-
-struct trust_record {
- int rectype;
- union {
- struct { /* version record: */
- byte version; /* should be 1 */
- ulong locked; /* pid of process which holds a lock */
- ulong created; /* timestamp of trustdb creation */
- ulong modified; /* timestamp of last modification */
- ulong validated; /* timestamp of last validation */
- byte marginals_needed;
- byte completes_needed;
- byte max_cert_depth;
- } ver;
- struct { /* directory record */
- ulong local_id;
- u32 keyid[2];
- ulong keyrec; /* recno of public key record */
- ulong ctlrec; /* recno of control record */
- ulong sigrec; /* recno of first signature record */
- ulong link; /* to next dir record */
- byte no_sigs; /* does not have sigature and checked */
- } dir;
- struct { /* public key record */
- ulong owner;
- u32 keyid[2];
- byte pubkey_algo;
- byte fingerprint_len;
- byte fingerprint[20];
- byte ownertrust;
- } key;
- struct { /* control record */
- ulong owner;
- byte blockhash[20];
- byte trustlevel; /* calculated trustlevel */
- } ctl;
- struct { /* signature record */
- ulong owner; /* local_id of record owner (pubkey record) */
- ulong chain; /* offset of next record or NULL for last one */
- struct {
- ulong local_id; /* of pubkey record of signator (0=unused) */
- byte flag; /* reserved */
- } sig[SIGS_PER_RECORD];
- } sig;
- struct {
- ulong item[ITEMS_PER_HTBL_RECORD];
- } htbl;
- struct {
- ulong chain;
- struct {
- byte hash;
- ulong rnum;
- } item[ITEMS_PER_HLST_RECORD];
- } hlst;
- } r;
-};
-typedef struct trust_record TRUSTREC;
-
-typedef struct {
- ulong local_id; /* localid of the pubkey */
- ulong sigrec;
- ulong sig_id; /* returned signature id */
- unsigned sig_flag; /* returned signature record flag */
- struct { /* internal data */
- int init_done;
- int eof;
- TRUSTREC rec;
- int index;
- } ctl;
-} SIGREC_CONTEXT;
-
typedef struct local_id_info *LOCAL_ID_INFO;
struct local_id_info {
LOCAL_ID_INFO next;
@@ -157,13 +72,6 @@ typedef struct {
} ENUM_TRUST_WEB_CONTEXT;
-static void create_db( const char *fname );
-static void open_db(void);
-static void dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
-static int read_record( ulong recnum, TRUSTREC *rec, int expected );
-static int write_record( ulong recnum, TRUSTREC *rec );
-static ulong new_recnum(void);
-static int search_record( PKT_public_key *pk, TRUSTREC *rec );
static int walk_sigrecs( SIGREC_CONTEXT *c, int create );
static LOCAL_ID_INFO *new_lid_table(void);
@@ -183,8 +91,6 @@ static int do_check( ulong pubkeyid, TRUSTREC *drec, unsigned *trustlevel );
static int update_no_sigs( ulong lid, int no_sigs );
-static char *db_name;
-static int db_fd = -1;
/* a table used to keep track of ultimately trusted keys
* which are the ones from our secrings */
static LOCAL_ID_INFO *ultikey_table;
@@ -192,53 +98,6 @@ static LOCAL_ID_INFO *ultikey_table;
static ulong last_trust_web_key;
static TRUST_SEG_LIST last_trust_web_tslist;
-#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \
- (*((byte*)(p)+2) << 8) | (*((byte*)(p)+3)))
-#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1)))
-#define ulongtobuf( p, a ) do { \
- ((byte*)p)[0] = a >> 24; \
- ((byte*)p)[1] = a >> 16; \
- ((byte*)p)[2] = a >> 8; \
- ((byte*)p)[3] = a ; \
- } while(0)
-#define ushorttobuf( p, a ) do { \
- ((byte*)p)[0] = a >> 8; \
- ((byte*)p)[1] = a ; \
- } while(0)
-#define buftou32( p) buftoulong( (p) )
-#define u32tobuf( p, a) ulongtobuf( (p), (a) )
-
-
-/**************************************************
- ************** read and write helpers ************
- **************************************************/
-
-static void
-fwrite_8(FILE *fp, byte a)
-{
- if( putc( a & 0xff, fp ) == EOF )
- log_fatal("error writing byte to trustdb: %s\n", strerror(errno) );
-}
-
-
-static void
-fwrite_32( FILE*fp, ulong a)
-{
- putc( (a>>24) & 0xff, fp );
- putc( (a>>16) & 0xff, fp );
- putc( (a>> 8) & 0xff, fp );
- if( putc( a & 0xff, fp ) == EOF )
- log_fatal("error writing ulong to trustdb: %s\n", strerror(errno) );
-}
-
-static void
-fwrite_zeros( FILE *fp, size_t n)
-{
- while( n-- )
- if( putc( 0, fp ) == EOF )
- log_fatal("error writing zeros to trustdb: %s\n", strerror(errno) );
-}
-
/**********************************************
************* list helpers *******************
@@ -312,376 +171,6 @@ upd_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag )
BUG();
}
-
-/**************************************************
- ************** read and write stuff **************
- **************************************************/
-
-
-/****************
- * Create a new trustdb
- */
-static void
-create_db( const char *fname )
-{
- FILE *fp;
-
- fp =fopen( fname, "w" );
- if( !fp )
- log_fatal(_("can't create %s: %s\n"), fname, strerror(errno) );
- fwrite_8( fp, 1 );
- fwrite_8( fp, 'g' );
- fwrite_8( fp, 'p' );
- fwrite_8( fp, 'g' );
- fwrite_8( fp, 1 ); /* version */
- fwrite_zeros( fp, 3 ); /* reserved */
- fwrite_32( fp, 0 ); /* not locked */
- fwrite_32( fp, make_timestamp() ); /* created */
- fwrite_32( fp, 0 ); /* not yet modified */
- fwrite_32( fp, 0 ); /* not yet validated*/
- fwrite_32( fp, 0 ); /* reserved */
- fwrite_8( fp, 3 ); /* marginals needed */
- fwrite_8( fp, 1 ); /* completes needed */
- fwrite_8( fp, 4 ); /* max_cet_depth */
- fwrite_zeros( fp, 9 ); /* filler */
- fclose(fp);
-}
-
-static void
-open_db()
-{
- TRUSTREC rec;
- assert( db_fd == -1 );
-
- db_fd = open( db_name, O_RDWR );
- if( db_fd == -1 )
- log_fatal(_("can't open %s: %s\n"), db_name, strerror(errno) );
- if( read_record( 0, &rec, RECTYPE_VER ) )
- log_fatal(_("TrustDB %s is invalid\n"), db_name );
- /* fixme: check ->locked and other stuff */
-}
-
-
-static void
-dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
-{
- int i, any;
-
- fprintf(fp, "trust record %lu, type=", rnum );
-
- switch( rec->rectype ) {
- case 0: fprintf(fp, "free\n");
- break;
- case RECTYPE_VER: fprintf(fp, "version\n");
- break;
- case RECTYPE_DIR:
- fprintf(fp, "dir keyid=%08lX, key=%lu, ctl=%lu, sig=%lu",
- (ulong)rec->r.dir.keyid[1],
- rec->r.dir.keyrec, rec->r.dir.ctlrec, rec->r.dir.sigrec );
- if( rec->r.dir.no_sigs == 1 )
- fputs(", (none)", fp );
- else if( rec->r.dir.no_sigs == 2 )
- fputs(", (invalid)", fp );
- else if( rec->r.dir.no_sigs == 3 )
- fputs(", (revoked)", fp );
- else if( rec->r.dir.no_sigs )
- fputs(", (??)", fp );
- putc('\n', fp);
- break;
- case RECTYPE_KEY: fprintf(fp,
- "key keyid=%08lX, own=%lu, ownertrust=%02x, fl=%d\n",
- (ulong)rec->r.key.keyid[1],
- rec->r.key.owner, rec->r.key.ownertrust,
- rec->r.key.fingerprint_len );
- break;
- case RECTYPE_CTL: fprintf(fp, "ctl\n");
- break;
- case RECTYPE_SIG:
- fprintf(fp, "sigrec, owner=%lu, chain=%lu\n",
- rec->r.sig.owner, rec->r.sig.chain );
- for(i=any=0; i < SIGS_PER_RECORD; i++ ) {
- if( rec->r.sig.sig[i].local_id ) {
- if( !any ) {
- putc('\t', fp);
- any++;
- }
- fprintf(fp, " %lu:%02x", rec->r.sig.sig[i].local_id,
- rec->r.sig.sig[i].flag );
- }
- }
- if( any )
- putc('\n', fp);
- break;
- default:
- fprintf(fp, "%d (unknown)\n", rec->rectype );
- break;
- }
-}
-
-/****************
- * read the record with number recnum
- * returns: -1 on error, 0 on success
- */
-static int
-read_record( ulong recnum, TRUSTREC *rec, int expected )
-{
- byte buf[TRUST_RECORD_LEN], *p;
- int rc = 0;
- int n, i;
-
- if( db_fd == -1 )
- open_db();
- if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
- log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
- return G10ERR_READ_FILE;
- }
- n = read( db_fd, buf, TRUST_RECORD_LEN);
- if( !n ) {
- return -1; /* eof */
- }
- else if( n != TRUST_RECORD_LEN ) {
- log_error(_("trustdb: read failed (n=%d): %s\n"), n, strerror(errno) );
- return G10ERR_READ_FILE;
- }
- p = buf;
- rec->rectype = *p++;
- if( expected && rec->rectype != expected ) {
- log_error("%lu: read expected rec type %d, got %d\n",
- recnum, expected, rec->rectype );
- return G10ERR_TRUSTDB;
- }
- p++;
- switch( rec->rectype ) {
- case 0: /* unused record */
- break;
- case RECTYPE_VER: /* version record */
- /* g10 was the original name */
- if( memcmp(buf+1, "gpg", 3 ) && memcmp(buf+1, "g10", 3 ) ) {
- log_error(_("%s: not a trustdb file\n"), db_name );
- rc = G10ERR_TRUSTDB;
- }
- p += 2; /* skip magic */
- rec->r.ver.version = *p++;
- rec->r.ver.locked = buftoulong(p); p += 4;
- rec->r.ver.created = buftoulong(p); p += 4;
- rec->r.ver.modified = buftoulong(p); p += 4;
- rec->r.ver.validated= buftoulong(p); p += 4;
- rec->r.ver.marginals_needed = *p++;
- rec->r.ver.completes_needed = *p++;
- rec->r.ver.max_cert_depth = *p++;
- if( recnum ) {
- log_error("%s: version record with recnum %lu\n",
- db_name, (ulong)recnum );
- rc = G10ERR_TRUSTDB;
- }
- if( rec->r.ver.version != 1 ) {
- log_error("%s: invalid file version %d\n",
- db_name, rec->r.ver.version );
- rc = G10ERR_TRUSTDB;
- }
- break;
- case RECTYPE_DIR: /*directory record */
- rec->r.dir.local_id = buftoulong(p); p += 4;
- rec->r.dir.keyid[0] = buftou32(p); p += 4;
- rec->r.dir.keyid[1] = buftou32(p); p += 4;
- rec->r.dir.keyrec = buftoulong(p); p += 4;
- rec->r.dir.ctlrec = buftoulong(p); p += 4;
- rec->r.dir.sigrec = buftoulong(p); p += 4;
- rec->r.dir.no_sigs = *p++;
- if( rec->r.dir.local_id != recnum ) {
- log_error("%s: dir local_id != recnum (%lu,%lu)\n",
- db_name,
- (ulong)rec->r.dir.local_id,
- (ulong)recnum );
- rc = G10ERR_TRUSTDB;
- }
- break;
- case RECTYPE_KEY: /* public key record */
- rec->r.key.owner = buftoulong(p); p += 4;
- rec->r.dir.keyid[0] = buftou32(p); p += 4;
- rec->r.dir.keyid[1] = buftou32(p); p += 4;
- rec->r.key.pubkey_algo = *p++;
- rec->r.key.fingerprint_len = *p++;
- if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
- rec->r.key.fingerprint_len = 20;
- memcpy( rec->r.key.fingerprint, p, 20); p += 20;
- rec->r.key.ownertrust = *p++;
- break;
- case RECTYPE_CTL: /* control record */
- rec->r.ctl.owner = buftoulong(p); p += 4;
- memcpy(rec->r.ctl.blockhash, p, 20); p += 20;
- rec->r.ctl.trustlevel = *p++;
- break;
- case RECTYPE_SIG:
- rec->r.sig.owner = buftoulong(p); p += 4;
- rec->r.sig.chain = buftoulong(p); p += 4;
- for(i=0; i < SIGS_PER_RECORD; i++ ) {
- rec->r.sig.sig[i].local_id = buftoulong(p); p += 4;
- rec->r.sig.sig[i].flag = *p++;
- }
- break;
- default:
- log_error("%s: invalid record type %d at recnum %lu\n",
- db_name, rec->rectype, (ulong)recnum );
- rc = G10ERR_TRUSTDB;
- break;
- }
-
- return rc;
-}
-
-/****************
- * Write the record at RECNUM
- */
-static int
-write_record( ulong recnum, TRUSTREC *rec )
-{
- byte buf[TRUST_RECORD_LEN], *p;
- int rc = 0;
- int i, n;
-
- if( db_fd == -1 )
- open_db();
-
- memset(buf, 0, TRUST_RECORD_LEN);
- p = buf;
- *p++ = rec->rectype; p++;
- switch( rec->rectype ) {
- case 0: /* unused record */
- break;
- case 1: /* version record */
- BUG();
- break;
-
- case RECTYPE_DIR: /*directory record */
- ulongtobuf(p, rec->r.dir.local_id); p += 4;
- u32tobuf(p, rec->r.key.keyid[0]); p += 4;
- u32tobuf(p, rec->r.key.keyid[1]); p += 4;
- ulongtobuf(p, rec->r.dir.keyrec); p += 4;
- ulongtobuf(p, rec->r.dir.ctlrec); p += 4;
- ulongtobuf(p, rec->r.dir.sigrec); p += 4;
- *p++ = rec->r.dir.no_sigs;
- assert( rec->r.dir.local_id == recnum );
- break;
-
- case RECTYPE_KEY:
- ulongtobuf(p, rec->r.key.owner); p += 4;
- u32tobuf(p, rec->r.key.keyid[0]); p += 4;
- u32tobuf(p, rec->r.key.keyid[1]); p += 4;
- *p++ = rec->r.key.pubkey_algo;
- *p++ = rec->r.key.fingerprint_len;
- memcpy( p, rec->r.key.fingerprint, 20); p += 20;
- *p++ = rec->r.key.ownertrust;
- break;
-
- case RECTYPE_CTL: /* control record */
- ulongtobuf(p, rec->r.ctl.owner); p += 4;
- memcpy(p, rec->r.ctl.blockhash, 20); p += 20;
- *p++ = rec->r.ctl.trustlevel;
- break;
-
- case RECTYPE_SIG:
- ulongtobuf(p, rec->r.sig.owner); p += 4;
- ulongtobuf(p, rec->r.sig.chain); p += 4;
- for(i=0; i < SIGS_PER_RECORD; i++ ) {
- ulongtobuf(p, rec->r.sig.sig[i].local_id); p += 4;
- *p++ = rec->r.sig.sig[i].flag;
- }
- break;
- default:
- BUG();
- }
-
- if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
- log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
- return G10ERR_WRITE_FILE;
- }
- n = write( db_fd, buf, TRUST_RECORD_LEN);
- if( n != TRUST_RECORD_LEN ) {
- log_error(_("trustdb: write failed (n=%d): %s\n"), n, strerror(errno) );
- return G10ERR_WRITE_FILE;
- }
-
- return rc;
-}
-
-
-/****************
- * create a new record and return its record number
- */
-static ulong
-new_recnum()
-{
- off_t offset;
- ulong recnum;
- TRUSTREC rec;
- int rc;
-
- /* fixme: look for unused records */
- offset = lseek( db_fd, 0, SEEK_END );
- if( offset == -1 )
- log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) );
- recnum = offset / TRUST_RECORD_LEN;
- assert(recnum); /* this is will never be the first record */
-
- /* we must write a record, so that the next call to this function
- * returns another recnum */
- memset( &rec, 0, sizeof rec );
- rec.rectype = 0; /* free record */
- rc = write_record(recnum, &rec );
- if( rc )
- log_fatal(_("%s: failed to append a record: %s\n"),
- db_name, g10_errstr(rc));
- return recnum ;
-}
-
-/****************
- * Search the trustdb for a key which matches PK and return the dir record
- * The local_id of PK is set to the correct value
- *
- * Note: To increase performance, we could use a index search here.
- */
-static int
-search_record( PKT_public_key *pk, TRUSTREC *rec )
-{
- ulong recnum;
- u32 keyid[2];
- byte *fingerprint;
- size_t fingerlen;
- int rc;
-
- keyid_from_pk( pk, keyid );
- fingerprint = fingerprint_from_pk( pk, &fingerlen );
- assert( fingerlen == 20 || fingerlen == 16 );
-
- for(recnum=1; !(rc=read_record( recnum, rec, 0)); recnum++ ) {
- if( rec->rectype != RECTYPE_DIR )
- continue;
- if( rec->r.dir.keyid[0] == keyid[0]
- && rec->r.dir.keyid[1] == keyid[1]){
- TRUSTREC keyrec;
-
- if( read_record( rec->r.dir.keyrec, &keyrec, RECTYPE_KEY ) ) {
- log_error("%lu: ooops: invalid key record\n", recnum );
- break;
- }
- if( keyrec.r.key.pubkey_algo == pk->pubkey_algo
- && !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){
- if( pk->local_id && pk->local_id != recnum )
- log_error("%s: found record, but local_id from mem does "
- "not match recnum (%lu,%lu)\n", db_name,
- (ulong)pk->local_id, (ulong)recnum );
- pk->local_id = recnum;
- return 0;
- }
- }
- }
- if( rc != -1 )
- log_error(_("%s: search_db failed: %s\n"),db_name, g10_errstr(rc) );
- return rc;
-}
-
-
/****************
* If we do not have a local_id in a signature packet, find the owner of
* the signature packet in our trustdb or insert them into the trustdb
@@ -697,7 +186,7 @@ set_signature_packets_local_id( PKT_signature *sig )
if( rc)
goto leave;
if( !pk->local_id ) {
- rc = search_record( pk, &rec );
+ rc = tdbio_search_record( pk, &rec );
if( rc == -1 )
rc = insert_trust_record( pk );
if( rc )
@@ -719,7 +208,7 @@ keyid_from_local_id( ulong lid, u32 *keyid )
TRUSTREC rec;
int rc;
- rc = read_record( lid, &rec, RECTYPE_DIR );
+ rc = tdbio_read_record( lid, &rec, RECTYPE_DIR );
if( rc ) {
log_error(_("error reading record with local_id %lu: %s\n"),
lid, g10_errstr(rc));
@@ -757,7 +246,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
if( !c->ctl.init_done ) {
c->ctl.init_done = 1;
if( !c->sigrec ) {
- rc = read_record( c->local_id, r, RECTYPE_DIR );
+ rc = tdbio_read_record( c->local_id, r, RECTYPE_DIR );
if( rc ) {
log_error(_("%lu: error reading dir record: %s\n"),
c->local_id, g10_errstr(rc));
@@ -775,7 +264,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
c->ctl.eof = 1;
return rc;
}
- rc = read_record( c->local_id, r, RECTYPE_DIR );
+ rc = tdbio_read_record( c->local_id, r, RECTYPE_DIR );
if( rc ) {
log_error(_("%lu: error re-reading dir record: %s\n"),
c->local_id, g10_errstr(rc));
@@ -802,7 +291,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
c->ctl.eof = 1;
return -1; /* return eof */
}
- rc = read_record( rnum, r, RECTYPE_SIG );
+ rc = tdbio_read_record( rnum, r, RECTYPE_SIG );
if( rc ) {
log_error(_("error reading sigrec: %s\n"), g10_errstr(rc));
c->ctl.eof = 1;
@@ -842,29 +331,28 @@ verify_own_keys()
u32 keyid[2];
while( !(rc=enum_secret_keys( &enum_context, sk) ) ) {
- /* fixed: to be sure that it is a secret key of our own,
- * we should check it, but this needs a passphrase
- * for every key and this is boring for the user.
- * Solution: Sign the secring and the trustring
- * and verify this signature during
- * startup
+ /* To be sure that it is a secret key of our own,
+ * we should check it, but this needs a passphrase
+ * for every key and this is boring for the user.
+ * Anyway, access to the seret keyring should be
+ * granted to the user only as it is poosible to
+ * crack it with dictionary attacks.
*/
-
keyid_from_sk( sk, keyid );
if( DBG_TRUST )
- log_debug("checking secret key %08lX\n", (ulong)keyid[1] );
+ log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] );
/* see whether we can access the public key of this secret key */
memset( pk, 0, sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc ) {
- log_error(_("keyid %08lX: secret key without public key\n"),
+ log_error(_("key %08lX: secret key without public key\n"),
(ulong)keyid[1] );
goto leave;
}
if( cmp_public_secret_key( pk, sk ) ) {
- log_error(_("keyid %08lX: secret and public key don't match\n"),
+ log_error(_("key %08lX: secret and public key don't match\n"),
(ulong)keyid[1] );
rc = G10ERR_GENERAL;
goto leave;
@@ -875,22 +363,22 @@ verify_own_keys()
if( rc == -1 ) { /* put it into the trustdb */
rc = insert_trust_record( pk );
if( rc ) {
- log_error(_("keyid %08lX: can't put it into the trustdb\n"),
+ log_error(_("key %08lX: can't put it into the trustdb\n"),
(ulong)keyid[1] );
goto leave;
}
}
else if( rc ) {
- log_error(_("keyid %08lX: query record failed\n"), (ulong)keyid[1] );
+ log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] );
goto leave;
}
if( DBG_TRUST )
- log_debug("putting %08lX(%lu) into ultikey_table\n",
+ log_debug("key %08lX.%lu: stored into ultikey_table\n",
(ulong)keyid[1], pk->local_id );
if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
- log_error(_("keyid %08lX: already in ultikey_table\n"),
+ log_error(_("key %08lX: already in ultikey_table\n"),
(ulong)keyid[1]);
@@ -927,6 +415,33 @@ print_user_id( const char *text, u32 *keyid )
m_free(p);
}
+static void
+print_keyid( FILE *fp, ulong lid )
+{
+ u32 ki[2];
+ if( keyid_from_trustdb( lid, ki ) )
+ fprintf(fp, "????????.%lu", lid );
+ else
+ fprintf(fp, "%08lX.%lu", (ulong)ki[1], lid );
+}
+
+static void
+print_trust( FILE *fp, unsigned trust )
+{
+ int c;
+ switch( trust ) {
+ case TRUST_UNKNOWN: c = 'o'; break;
+ case TRUST_EXPIRED: c = 'e'; break;
+ case TRUST_UNDEFINED: c = 'q'; break;
+ case TRUST_NEVER: c = 'n'; break;
+ case TRUST_MARGINAL: c = 'm'; break;
+ case TRUST_FULLY: c = 'f'; break;
+ case TRUST_ULTIMATE: c = 'u'; break;
+ default: fprintf(fp, "%02x", trust ); return;
+ }
+ putc(c, fp);
+}
+
/* (a non-recursive algorithm would be easier) */
static int
do_list_sigs( ulong root, ulong pubkey, int depth,
@@ -944,12 +459,12 @@ do_list_sigs( ulong root, ulong pubkey, int depth,
break;
rc = keyid_from_local_id( sx.sig_id, keyid );
if( rc ) {
- printf("%6u: %*s????????(%lu:%02x)\n", *lineno, depth*4, "",
+ printf("%6u: %*s????????.%lu:%02x\n", *lineno, depth*4, "",
sx.sig_id, sx.sig_flag );
++*lineno;
}
else {
- printf("%6u: %*s%08lX(%lu:%02x) ", *lineno, depth*4, "",
+ printf("%6u: %*s%08lX.%lu:%02x ", *lineno, depth*4, "",
(ulong)keyid[1], sx.sig_id, sx.sig_flag );
/* check whether we already checked this pubkey */
if( !qry_lid_table_flag( ultikey_table, sx.sig_id, NULL ) ) {
@@ -1002,7 +517,7 @@ list_sigs( ulong pubkey_id )
log_error("Hmmm, no pubkey record for local_id %lu\n", pubkey_id);
return rc;
}
- printf("Signatures of %08lX(%lu) ", (ulong)keyid[1], pubkey_id );
+ printf("Signatures of %08lX.%lu ", (ulong)keyid[1], pubkey_id );
print_user_id("", keyid);
printf("----------------------\n");
@@ -1134,7 +649,7 @@ check_sigs( KBNODE keyblock, int *selfsig_okay, int *revoked )
}
}
if( DBG_TRUST )
- log_debug("trustdb: sig from %08lX(%lu): %s%s\n",
+ log_debug("trustdb: sig from %08lX.%lu: %s%s\n",
(ulong)node->pkt->pkt.signature->keyid[1],
node->pkt->pkt.signature->local_id,
g10_errstr(rc), (node->flag&4)?" (dup)":"" );
@@ -1165,18 +680,19 @@ build_sigrecs( ulong pubkeyid )
log_debug("trustdb: build_sigrecs for pubkey %lu\n", (ulong)pubkeyid );
/* get the keyblock */
- if( (rc=read_record( pubkeyid, &rec, RECTYPE_DIR )) ) {
+ if( (rc=tdbio_read_record( pubkeyid, &rec, RECTYPE_DIR )) ) {
log_error(_("%lu: build_sigrecs: can't read dir record\n"), pubkeyid );
goto leave;
}
- if( (rc=read_record( rec.r.dir.keyrec, &krec, RECTYPE_KEY )) ) {
+ if( (rc=tdbio_read_record( rec.r.dir.keyrec, &krec, RECTYPE_KEY )) ) {
log_error(_("%lu: build_sigrecs: can't read key record\n"), pubkeyid);
goto leave;
}
rc = get_keyblock_byfprint( &keyblock, krec.r.key.fingerprint,
krec.r.key.fingerprint_len );
if( rc ) {
- log_error(_("build_sigrecs: get_keyblock_byfprint failed\n") );
+ log_error(_("build_sigrecs: get_keyblock_byfprint failed: %s\n"),
+ g10_errstr(rc) );
goto leave;
}
/* check all key signatures */
@@ -1214,7 +730,7 @@ build_sigrecs( ulong pubkeyid )
* it was necessary to have the pubkey. The only reason
* this can fail are I/O errors of the trustdb or a
* remove operation on the pubkey database - which should
- * not disturb us, because we have to chance them anyway. */
+ * not disturb us, because we have to change them anyway. */
rc = set_signature_packets_local_id( node->pkt->pkt.signature );
if( rc )
log_fatal(_("set_signature_packets_local_id failed: %s\n"),
@@ -1222,11 +738,11 @@ build_sigrecs( ulong pubkeyid )
}
if( i == SIGS_PER_RECORD ) {
/* write the record */
- rnum = new_recnum();
+ rnum = tdbio_new_recnum();
if( rnum2 ) { /* write the stored record */
rec2.r.sig.owner = pubkeyid;
rec2.r.sig.chain = rnum; /* the next record number */
- rc = write_record( rnum2, &rec2 );
+ rc = tdbio_write_record( rnum2, &rec2 );
if( rc ) {
log_error(_("build_sigrecs: write_record failed\n") );
goto leave;
@@ -1247,11 +763,11 @@ build_sigrecs( ulong pubkeyid )
}
if( i || rnum2 ) {
/* write the record */
- rnum = new_recnum();
+ rnum = tdbio_new_recnum();
if( rnum2 ) { /* write the stored record */
rec2.r.sig.owner = pubkeyid;
rec2.r.sig.chain = rnum;
- rc = write_record( rnum2, &rec2 );
+ rc = tdbio_write_record( rnum2, &rec2 );
if( rc ) {
log_error(_("build_sigrecs: write_record failed\n") );
goto leave;
@@ -1262,7 +778,7 @@ build_sigrecs( ulong pubkeyid )
if( i ) { /* write the pending record */
rec.r.sig.owner = pubkeyid;
rec.r.sig.chain = 0;
- rc = write_record( rnum, &rec );
+ rc = tdbio_write_record( rnum, &rec );
if( rc ) {
log_error(_("build_sigrecs: write_record failed\n") );
goto leave;
@@ -1273,12 +789,12 @@ build_sigrecs( ulong pubkeyid )
}
if( first_sigrec ) {
/* update the dir record */
- if( (rc =read_record( pubkeyid, &rec, RECTYPE_DIR )) ) {
+ if( (rc =tdbio_read_record( pubkeyid, &rec, RECTYPE_DIR )) ) {
log_error(_("update_dir_record: read failed\n"));
goto leave;
}
rec.r.dir.sigrec = first_sigrec;
- if( (rc=write_record( pubkeyid, &rec )) ) {
+ if( (rc=tdbio_write_record( pubkeyid, &rec )) ) {
log_error(_("update_dir_record: write failed\n"));
goto leave;
}
@@ -1410,7 +926,7 @@ do_check( ulong pubkeyid, TRUSTREC *dr, unsigned *trustlevel )
/* no sigrecs, so build them */
rc = build_sigrecs( pubkeyid );
if( !rc ) /* and read again */
- rc = read_record( pubkeyid, dr, RECTYPE_DIR );
+ rc = tdbio_read_record( pubkeyid, dr, RECTYPE_DIR );
}
if( dr->r.dir.no_sigs == 3 )
@@ -1439,10 +955,13 @@ do_check( ulong pubkeyid, TRUSTREC *dr, unsigned *trustlevel )
continue;
if( opt.verbose ) {
- log_info("tslist segs:" );
- for(i=0; i < tsl->nseg; i++ )
- fprintf(stderr, " %lu/%02x", tsl->seg[i].lid,
- tsl->seg[i].trust );
+ log_info("trust path:" );
+ for(i=0; i < tsl->nseg; i++ ) {
+ putc(' ',stderr);
+ print_keyid( stderr, tsl->seg[i].lid );
+ putc(':',stderr);
+ print_trust( stderr, tsl->seg[i].trust );
+ }
putc('\n',stderr);
}
}
@@ -1504,39 +1023,9 @@ init_trustdb( int level, const char *dbname )
ultikey_table = new_lid_table();
if( !level || level==1 ) {
- char *fname = dbname? m_strdup( dbname )
- : make_filename(opt.homedir, "trustdb.gpg", NULL );
- if( access( fname, R_OK ) ) {
- if( errno != ENOENT ) {
- log_error(_("can't access %s: %s\n"), fname, strerror(errno) );
- m_free(fname);
- return G10ERR_TRUSTDB;
- }
- if( level ) {
- char *p = strrchr( fname, '/' );
- assert(p);
- *p = 0;
- if( access( fname, F_OK ) ) {
- if( strlen(fname) >= 7
- && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) {
- #if __MINGW32__
- if( mkdir( fname ) )
- #else
- if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) )
- #endif
- log_fatal(_("can't create directory '%s': %s\n"),
- fname, strerror(errno) );
- }
- else
- log_fatal(_("directory '%s' does not exist!\n"), fname );
- }
- *p = '/';
- create_db( fname );
- }
- }
- m_free(db_name);
- db_name = fname;
-
+ rc = tdbio_set_dbname( dbname, !!level );
+ if( rc )
+ return rc;
if( !level )
return 0;
@@ -1566,7 +1055,7 @@ list_trustdb( const char *username )
if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
- else if( (rc=search_record( pk, &rec )) && rc != -1 )
+ else if( (rc=tdbio_search_record( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc));
else if( rc == -1 )
@@ -1579,12 +1068,12 @@ list_trustdb( const char *username )
ulong recnum;
int i;
- printf("TrustDB: %s\n", db_name );
- for(i=9+strlen(db_name); i > 0; i-- )
+ printf("TrustDB: %s\n", tdbio_get_dbname() );
+ for(i=9+strlen(tdbio_get_dbname()); i > 0; i-- )
putchar('-');
putchar('\n');
- for(recnum=0; !read_record( recnum, &rec, 0); recnum++ )
- dump_record( recnum, &rec, stdout );
+ for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ )
+ tdbio_dump_record( recnum, &rec, stdout );
}
}
@@ -1599,7 +1088,7 @@ list_ownertrust()
int i;
byte *p;
- for(recnum=0; !read_record( recnum, &rec, 0); recnum++ ) {
+ for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) {
if( rec.rectype == RECTYPE_KEY ) {
p = rec.r.key.fingerprint;
for(i=0; i < rec.r.key.fingerprint_len; i++, p++ )
@@ -1625,7 +1114,7 @@ list_trust_path( int max_depth, const char *username )
if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
- else if( (rc=search_record( pk, &rec )) && rc != -1 )
+ else if( (rc=tdbio_search_record( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc));
else if( rc == -1 ) {
@@ -1684,8 +1173,12 @@ list_trust_path( int max_depth, const char *username )
if( tsl->dup )
continue;
printf("trust path:" );
- for(i=0; i < tsl->nseg; i++ )
- printf(" %lu/%02x", tsl->seg[i].lid, tsl->seg[i].trust );
+ for(i=0; i < tsl->nseg; i++ ) {
+ putc(' ',stdout);
+ print_keyid( stdout, tsl->seg[i].lid );
+ putc(':',stdout);
+ print_trust( stdout, tsl->seg[i].trust );
+ }
putchar('\n');
}
}
@@ -1722,19 +1215,22 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
unsigned trustlevel = TRUST_UNKNOWN;
int rc=0;
u32 cur_time;
+ u32 keyid[2];
+
if( DBG_TRUST )
log_info("check_trust() called.\n");
+ keyid_from_pk( pk, keyid );
/* get the pubkey record */
if( pk->local_id ) {
- if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
- log_error(_("check_trust: read record failed\n"));
+ if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
+ log_error(_("check_trust: read dir record failed\n"));
return G10ERR_TRUSTDB;
}
}
else { /* no local_id: scan the trustdb */
- if( (rc=search_record( pk, &rec )) && rc != -1 ) {
+ if( (rc=tdbio_search_record( pk, &rec )) && rc != -1 ) {
log_error(_("check_trust: search_record failed: %s\n"),
g10_errstr(rc));
return rc;
@@ -1742,31 +1238,35 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
else if( rc == -1 ) {
rc = insert_trust_record( pk );
if( rc ) {
- log_error(_("failed to insert pubkey into trustdb: %s\n"),
- g10_errstr(rc));
+ log_error(_("key %08lX: insert trust record failed: %s\n"),
+ keyid[1], g10_errstr(rc));
goto leave;
}
- log_info(_("pubkey not in trustdb - inserted as %lu\n"),
- pk->local_id );
+ log_info(_("key %08lX.%lu: inserted into trustdb\n"),
+ keyid[1], pk->local_id );
}
}
cur_time = make_timestamp();
if( pk->timestamp > cur_time ) {
- log_info(_("public key created in future (time warp or clock problem)\n"));
+ log_info(_("key %08lX.%lu: created in future "
+ "(time warp or clock problem)\n"),
+ keyid[1], pk->local_id );
return G10ERR_TIME_CONFLICT;
}
if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
pk->valid_days) < cur_time ) {
- log_info(_("key expiration date is %s\n"), strtimestamp(
- add_days_to_timestamp(pk->timestamp,
- pk->valid_days)));
+ log_info(_("key %08lX.%lu: expired at %s\n"),
+ keyid[1], pk->local_id,
+ strtimestamp( add_days_to_timestamp(pk->timestamp,
+ pk->valid_days)));
trustlevel = TRUST_EXPIRED;
}
else {
rc = do_check( pk->local_id, &rec, &trustlevel );
if( rc ) {
- log_error(_("check_trust: do_check failed: %s\n"), g10_errstr(rc));
+ log_error(_("key %08lX.%lu: trust check failed: %s\n"),
+ keyid[1], pk->local_id, g10_errstr(rc));
return rc;
}
}
@@ -1774,7 +1274,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
leave:
if( DBG_TRUST )
- log_info("check_trust() returns trustlevel %04x.\n", trustlevel);
+ log_debug("check_trust() returns trustlevel %04x.\n", trustlevel);
*r_trustlevel = trustlevel;
return 0;
}
@@ -1859,11 +1359,11 @@ get_ownertrust( ulong lid, unsigned *r_otrust )
{
TRUSTREC rec;
- if( read_record( lid, &rec, RECTYPE_DIR ) ) {
+ if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) {
log_error("get_ownertrust: read dir record failed\n");
return G10ERR_TRUSTDB;
}
- if( read_record( rec.r.dir.keyrec, &rec, RECTYPE_KEY ) ) {
+ if( tdbio_read_record( rec.r.dir.keyrec, &rec, RECTYPE_KEY ) ) {
log_error("get_ownertrust: read key record failed\n");
return G10ERR_TRUSTDB;
}
@@ -1877,7 +1377,7 @@ keyid_from_trustdb( ulong lid, u32 *keyid )
{
TRUSTREC rec;
- if( read_record( lid, &rec, RECTYPE_DIR ) ) {
+ if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) {
log_error("keyid_from_trustdb: read record failed\n");
return G10ERR_TRUSTDB;
}
@@ -1903,13 +1403,13 @@ query_trust_record( PKT_public_key *pk )
int rc=0;
if( pk->local_id ) {
- if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
+ if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
log_error("query_trust_record: read record failed\n");
return G10ERR_TRUSTDB;
}
}
else { /* no local_id: scan the trustdb */
- if( (rc=search_record( pk, &rec )) && rc != -1 ) {
+ if( (rc=tdbio_search_record( pk, &rec )) && rc != -1 ) {
log_error("query_trust_record: search_record failed: %s\n",
g10_errstr(rc));
return rc;
@@ -1939,10 +1439,10 @@ insert_trust_record( PKT_public_key *pk )
keyid_from_pk( pk, keyid );
fingerprint = fingerprint_from_pk( pk, &fingerlen );
- /* FIXME: check that we do not have this record. */
+ /* fixme: assert that we do not have this record. */
- dnum = new_recnum();
- knum = new_recnum();
+ dnum = tdbio_new_recnum();
+ knum = tdbio_new_recnum();
/* build dir record */
memset( &rec, 0, sizeof rec );
rec.rectype = RECTYPE_DIR;
@@ -1951,7 +1451,7 @@ insert_trust_record( PKT_public_key *pk )
rec.r.dir.keyid[1] = keyid[1];
rec.r.dir.keyrec = knum;
rec.r.dir.no_sigs = 0;
- if( write_record( dnum, &rec ) ) {
+ if( tdbio_write_record( dnum, &rec ) ) {
log_error("writing dir record failed\n");
return G10ERR_TRUSTDB;
}
@@ -1965,11 +1465,11 @@ insert_trust_record( PKT_public_key *pk )
rec.r.key.fingerprint_len = fingerlen;
memcpy(rec.r.key.fingerprint, fingerprint, fingerlen );
rec.r.key.ownertrust = 0;
- if( write_record( knum, &rec ) ) {
+ if( tdbio_write_record( knum, &rec ) ) {
log_error("wrinting key record failed\n");
return G10ERR_TRUSTDB;
}
-
+ /* and store the LID */
pk->local_id = dnum;
return 0;
@@ -1982,19 +1482,19 @@ update_ownertrust( ulong lid, unsigned new_trust )
TRUSTREC rec;
ulong recnum;
- if( read_record( lid, &rec, RECTYPE_DIR ) ) {
+ if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) {
log_error("update_ownertrust: read dir failed\n");
return G10ERR_TRUSTDB;
}
recnum = rec.r.dir.keyrec;
- if( read_record( recnum, &rec, RECTYPE_KEY ) ) {
+ if( tdbio_read_record( recnum, &rec, RECTYPE_KEY ) ) {
log_error("update_ownertrust: read key failed\n");
return G10ERR_TRUSTDB;
}
/* check keyid, fingerprint etc ? */
rec.r.key.ownertrust = new_trust;
- if( write_record( recnum, &rec ) ) {
+ if( tdbio_write_record( recnum, &rec ) ) {
log_error("update_ownertrust: write failed\n");
return G10ERR_TRUSTDB;
}
@@ -2013,13 +1513,13 @@ update_no_sigs( ulong lid, int no_sigs )
{
TRUSTREC rec;
- if( read_record( lid, &rec, RECTYPE_DIR ) ) {
+ if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) {
log_error("update_no_sigs: read failed\n");
return G10ERR_TRUSTDB;
}
rec.r.dir.no_sigs = no_sigs;
- if( write_record( lid, &rec ) ) {
+ if( tdbio_write_record( lid, &rec ) ) {
log_error("update_no_sigs: write failed\n");
return G10ERR_TRUSTDB;
}
diff --git a/include/cipher.h b/include/cipher.h
index 6df44b772..0e2b95a79 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -121,6 +121,8 @@ void md_stop_debug( MD_HANDLE a );
md_write( (h), NULL, 0 ); \
(h)->buffer[(h)->bufcount++] = (c) & 0xff; \
} while(0)
+/*-- rmd160.c --*/
+void rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length );
/*-- cipher.c --*/
diff --git a/po/de.po b/po/de.po
index 20532ff98..c620d414d 100644
--- a/po/de.po
+++ b/po/de.po
@@ -6,12 +6,12 @@ msgstr ""
"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments --keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
"Files: util/secmem.c util/argparse.c cipher/random.c cipher/rand-dummy.c cipher/rand-unix.c cipher/rand-w32.c g10/g10.c g10/pkclist.c g10/keygen.c g10/decrypt.c g10/encode.c g10/import.c g10/keyedit.c g10/keylist.c g10/mainproc.c g10/passphrase.c g10/plaintext.c g10/pref.c g10/seckey-cert.c g10/sig-check.c g10/sign.c g10/trustdb.c g10/verify.c\n"
-#: util/secmem.c:180
+#: util/secmem.c:188
msgid "Warning: using insecure memory!\n"
msgstr ""
"Achtung: Speicher mit sensibeln Daten kann auf Platte ausgelagert werden.\n"
"(um dies zu vermeiden, kann das Programm suid(root) installiert werden;\n"
-" bitte wenden Sie sich hierzu an den Systemadministraor)\n"
+" bitte wenden Sie sich hierzu an den Systemadministrator)\n"
#: cipher/rand-dummy.c:106
msgid "warning: using insecure random number generator!!\n"
@@ -134,31 +134,31 @@ msgstr "Ein \"Revocation\" Zertifikat erzeugen"
msgid "export keys"
msgstr "Schl\374ssel exportieren"
-#: g10/g10.c:79
+#: g10/g10.c:80
msgid "import/merge keys"
msgstr "Schl\374ssel importieren/kombinieren"
-#: g10/g10.c:80
+#: g10/g10.c:81
msgid "list only the sequence of packets"
msgstr "Lediglich die Struktur der Daten Packete anzeigen"
-#: g10/g10.c:83
+#: g10/g10.c:84
msgid "De-Armor a file or stdin"
msgstr "\"De-Armor\" einer Datei oder stdin"
-#: g10/g10.c:84
+#: g10/g10.c:85
msgid "En-Armor a file or stdin"
msgstr "\"En-Armor\" einer Datei oder stdin"
-#: g10/g10.c:85
+#: g10/g10.c:86
msgid "|algo [files]|print message digests"
msgstr "|algo [files]|Hashwerte der Dateien ausgeben"
-#: g10/g10.c:86
+#: g10/g10.c:87
msgid "print all message digests"
msgstr "Message-Digests f\374r die Eingabedaten ausgeben"
-#: g10/g10.c:91
+#: g10/g10.c:92
msgid ""
"@\n"
"Options:\n"
@@ -168,111 +168,111 @@ msgstr ""
"Optionen:\n"
" "
-#: g10/g10.c:93
+#: g10/g10.c:94
msgid "create ascii armored output"
msgstr "Ausgabe mit ASCII Armor versehen"
-#: g10/g10.c:95
+#: g10/g10.c:96
msgid "use this user-id to sign or decrypt"
msgstr "Mit dieser User-ID signieren"
-#: g10/g10.c:96
+#: g10/g10.c:97
msgid "use this user-id for encryption"
msgstr "Verschl\374sseln f\374r diese User-ID"
-#: g10/g10.c:97
+#: g10/g10.c:98
msgid "|N|set compress level N (0 disables)"
msgstr "Kompressionsstufe auf N setzen (0 f\374r keine Kompression)"
-#: g10/g10.c:98
+#: g10/g10.c:99
msgid "use canonical text mode"
msgstr "Text Modus benutzen"
-#: g10/g10.c:100
+#: g10/g10.c:101
msgid "use as output file"
msgstr "dies als Ausgabedatei benutzen"
-#: g10/g10.c:101
+#: g10/g10.c:102
msgid "verbose"
msgstr "detailierte Informationen"
-#: g10/g10.c:102
+#: g10/g10.c:103
msgid "do not make any changes"
msgstr "Keine wirklichen \304nderungen durchf\374hren"
-#: g10/g10.c:103
+#: g10/g10.c:104
msgid "batch mode: never ask"
msgstr "Stapel Modus: Keine Abfragen"
-#: g10/g10.c:104
+#: g10/g10.c:105
msgid "assume yes on most questions"
msgstr "\"Ja\" als Standard Antwort annehmen"
-#: g10/g10.c:105
+#: g10/g10.c:106
msgid "assume no on most questions"
msgstr "\"Nein\" als Standard Antwort annehmen"
-#: g10/g10.c:106
+#: g10/g10.c:107
msgid "add this keyring to the list of keyrings"
msgstr "Den \366ffentlichen Schl\374sselring mitbenutzen"
-#: g10/g10.c:107
+#: g10/g10.c:108
msgid "add this secret keyring to the list"
msgstr "Den geheimen Schl\374sselring mitbenutzen"
-#: g10/g10.c:108
+#: g10/g10.c:109
msgid "|NAME|use NAME as default secret key"
msgstr "|NAME|NAME als voreingestellten Schl\374ssel benutzen"
-#: g10/g10.c:109
+#: g10/g10.c:110
msgid "read options from file"
msgstr "Optionen aus der Datei lesen"
-#: g10/g10.c:111
+#: g10/g10.c:112
msgid "set debugging flags"
msgstr "Debug-Flags einschalten"
-#: g10/g10.c:112
+#: g10/g10.c:113
msgid "enable full debugging"
msgstr "Alle Debug-Flags einschalten"
-#: g10/g10.c:113
+#: g10/g10.c:114
msgid "|FD|write status info to this FD"
msgstr "|FD|Status Informatiuon auf FD ausgeben"
-#: g10/g10.c:114
+#: g10/g10.c:115
msgid "do not write comment packets"
msgstr "Keine Kommentarpackete schreiben"
-#: g10/g10.c:115
+#: g10/g10.c:116
msgid "(default is 1)"
msgstr "(voreingestellt ist 1)"
-#: g10/g10.c:116
+#: g10/g10.c:117
msgid "(default is 3)"
msgstr "(voreingestellt ist 3)"
-#: g10/g10.c:117
+#: g10/g10.c:118
msgid "|file|load extension module"
msgstr "|FILE|Erweierungsmodul |FILE| laden"
-#: g10/g10.c:118
+#: g10/g10.c:119
msgid "emulate the mode described in RFC1991"
msgstr "Den in RFC1991 beschriebenen Modus emulieren"
-#: g10/g10.c:120
+#: g10/g10.c:121
msgid "|NAME|use cipher algorithm NAME"
msgstr "|NAME|Den Cipher-Algorithmus NAME benutzen"
-#: g10/g10.c:121
+#: g10/g10.c:122
msgid "|NAME|use message digest algorithm NAME"
msgstr "|NAME|Den Hash-Algorithmus NAME benutzen"
-#: g10/g10.c:122
+#: g10/g10.c:123
msgid "|N|use compress algorithm N"
msgstr "|N|Den Komressionsalgorithmus N benutzen"
-#: g10/g10.c:130
+#: g10/g10.c:131
msgid ""
"@\n"
"Examples:\n"
@@ -292,19 +292,19 @@ msgstr ""
" -k [userid] Die Schll\374ssel anzeigen\n"
" -kc [userid] Die \"Fingerprints\" anzeigen\n"
-#: g10/g10.c:211
+#: g10/g10.c:213
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
-msgstr "Berichte \374ber Wanzen an <gnupg-bugs|gnu.org>.\n"
+msgstr "Berichte \374ber Wanzen an <gnupg-bugs@gnu.org>.\n"
-#: g10/g10.c:216
+#: g10/g10.c:218
msgid "Usage: gpgm [options] [files] (-h for help)"
msgstr "Aufruf: gpgm [Optionen] [Dateien] (-h f\374r Hilfe)"
-#: g10/g10.c:218
+#: g10/g10.c:220
msgid "Usage: gpg [options] [files] (-h for help)"
msgstr "Aufruf: gpg [Optionen] [Dateien] (-h f\374r Hilfe)"
-#: g10/g10.c:223
+#: g10/g10.c:225
msgid ""
"Syntax: gpgm [options] [files]\n"
"GNUPG maintenance utility\n"
@@ -312,7 +312,7 @@ msgstr ""
"Syntax: gpgm [options] [files]\n"
"GNUPG Wartungs Hilfsmittel\n"
-#: g10/g10.c:226
+#: g10/g10.c:228
msgid ""
"Syntax: gpg [options] [files]\n"
"sign, check, encrypt or decrypt\n"
@@ -322,138 +322,142 @@ msgstr ""
"Signieren, pr\374fen, verschl\374sseln, entschl\374sseln\n"
"Die voreingestellte Operation ist abh\344ngig von den Eingabedaten\n"
-#: g10/g10.c:303
+#: g10/g10.c:308
msgid "usage: gpgm [options] "
msgstr "Aufruf: gpgm [Optionen] "
-#: g10/g10.c:305
+#: g10/g10.c:310
msgid "usage: gpg [options] "
msgstr "Aufruf: gpg [Optionen] "
-#: g10/g10.c:346
+#: g10/g10.c:351
msgid "conflicting commands\n"
msgstr "Widersprechende Kommandos\n"
-#: g10/g10.c:359
+#: g10/g10.c:364
msgid "selected cipher algorithm is invalid\n"
msgstr "Der ausgew\344hlte Cipher Algorithmus ist ung\374ltig\n"
-#: g10/g10.c:361
+#: g10/g10.c:366
msgid "selected digest algorithm is invalid\n"
msgstr "Der ausgew\344hlte Message-Digest Algorithmus ist ung\374ltig\n"
-#: g10/g10.c:363
+#: g10/g10.c:368
msgid "compress algorithm must be in range %d..%d\n"
msgstr "Der Kompressionsalgorithmus muss %d bis %d sein\n"
-#: g10/g10.c:365
+#: g10/g10.c:370
msgid "completes-needed must be greater than 0\n"
msgstr "completes-needed m\374\337en gr\366\337er als 0 sein\n"
-#: g10/g10.c:367
+#: g10/g10.c:372
msgid "marginals-needed must be greater than 1\n"
msgstr "marginals-needed m\374\337en gr\366\337er als 1 sein\n"
-#: g10/g10.c:463
+#: g10/g10.c:471
msgid "note: no default option file '%s'\n"
msgstr "Notiz: Keine voreingestellte Optionen Datei '%s' vorhanden\n"
-#: g10/g10.c:467
+#: g10/g10.c:475
msgid "option file '%s': %s\n"
msgstr "Optionen Datei '%s': %s\n"
-#: g10/g10.c:474
+#: g10/g10.c:482
msgid "reading options from '%s'\n"
msgstr "Optionen werden von '%s' gelesen\n"
-#: g10/g10.c:693
+#: g10/g10.c:720
msgid "failed to initialize the TrustDB: %s\n"
msgstr "Die Trust-DB kann nicht initialisiert werden: %s\n"
-#: g10/g10.c:699
+#. only store the file
+#: g10/g10.c:726
msgid "--store [filename]"
msgstr "--store [Dateiname]"
-#: g10/g10.c:707
+#: g10/g10.c:734
msgid "--symmetric [filename]"
msgstr "--symmetric [Dateiname]"
-#: g10/g10.c:715
+#. encrypt the given file
+#: g10/g10.c:742
msgid "--encrypt [filename]"
msgstr "--encrypt [Dateiname]"
-#: g10/g10.c:728
+#: g10/g10.c:755
msgid "--sign [filename]"
msgstr "--sign [Dateiname]"
-#. sign and encrypt the given file
-#: g10/g10.c:741
+#: g10/g10.c:768
msgid "--sign --encrypt [filename]"
msgstr "--sign --encrypt [Dateiname]"
-#: g10/g10.c:755
+#: g10/g10.c:782
msgid "--clearsign [filename]"
msgstr "--clearsign [Dateiname]"
-#: g10/g10.c:767
+#: g10/g10.c:794
msgid "--decrypt [filename]"
msgstr "--decrypt [Dateiname]"
-#: g10/g10.c:775
+#. sign the key given as argument
+#: g10/g10.c:802
msgid "--sign-key username"
msgstr "--sign-key Benutzername"
-#. Edit a key signature
-#: g10/g10.c:783
+#: g10/g10.c:810
msgid "--edit-key username"
msgstr "--deit-key Benutzername"
-#: g10/g10.c:791
+#: g10/g10.c:818
msgid "--delete-secret-key username"
msgstr "--delete-secret-key Benutzername"
-#: g10/g10.c:794
+#: g10/g10.c:821
msgid "--delete-key username"
msgstr "--delete-key Benutzername"
-#: g10/g10.c:802
+#. Change the passphrase
+#. no arg: use default, 1 arg use this one
+#: g10/g10.c:829
msgid "--change-passphrase [username]"
msgstr "--change-passphrase [Benutzername]"
-#. -kv userid keyring
-#: g10/encode.c:200 g10/g10.c:826 g10/keylist.c:79 g10/trustdb.c:358
+#. prepare iobufs
+#: g10/encode.c:200 g10/g10.c:853 g10/keylist.c:79
msgid "can't open %s: %s\n"
msgstr "Datei '%s' kann nicht ge\366ffnet werden: %s\n"
-#: g10/g10.c:837
+#: g10/g10.c:864
msgid "-k[v][v][v][c] [userid] [keyring]"
msgstr "-h[v][v][v][c] [Benutzername] [Keyring]"
-#: g10/g10.c:897
+#: g10/g10.c:924
msgid "dearmoring failed: %s\n"
msgstr "De-Armor fehlgeschlagen: %s\n"
-#: g10/g10.c:905
+#: g10/g10.c:932
msgid "enarmoring failed: %s\n"
msgstr "En-Armor fehlgeschlagen: %s\n"
-#: g10/g10.c:961
+#: g10/g10.c:988
msgid "invalid hash algorithm '%s'\n"
msgstr "Ung\374ltiger Hash Algorithmus '%s'\n"
-#: g10/g10.c:1014
+#. fixme: g10maint should do regular maintenace tasks here
+#: g10/g10.c:1041
msgid "[filename]"
msgstr "[Dateiname]"
-#: g10/decrypt.c:59 g10/g10.c:1016 g10/verify.c:66
+#: g10/decrypt.c:59 g10/g10.c:1043 g10/verify.c:66
msgid "can't open '%s'\n"
msgstr "Datei '%s' kann nicht ge\366ffnet werden\n"
-#: g10/g10.c:1061
+#: g10/g10.c:1088
msgid "RSA keys are depreciated; please consider creating a new key and use this key in the future\n"
msgstr "RSA Schl\374ssel sind nicht erw\374nscht; bitte denken Sie dar\374ber nach einen neuen Schl\374ssel zu erzeugen und diesen in Zukunft zu benutzen\n"
-#: g10/pkclist.c:65
+#: g10/pkclist.c:66
msgid ""
"No ownertrust defined for %lu:\n"
"%4u%c/%08lX %s \""
@@ -461,7 +465,7 @@ msgstr ""
"Es ist kein \"Ownertrust\" f\374r %lu definiert:\n"
"%4u%c/%08lX %s \""
-#: g10/pkclist.c:72
+#: g10/pkclist.c:73
msgid ""
"\"\n"
"\n"
@@ -489,11 +493,11 @@ msgstr ""
" s = Bitte weitere Information anzeigen\n"
"\n"
-#: g10/pkclist.c:83
+#: g10/pkclist.c:84
msgid "Your decision? "
msgstr "Ihre Auswahl? "
-#: g10/pkclist.c:90
+#: g10/pkclist.c:91
msgid ""
"It's up to you to assign a value here; this value will never be exported\n"
"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n"
@@ -504,11 +508,11 @@ msgstr ""
"um das Netz-des-Vertrauens aufzubauen. Dieses hat nichts mit dem (impliziet\n"
"erzeugten) Netz-der-Zertifikate zu tun.\n"
-#: g10/pkclist.c:108
+#: g10/pkclist.c:109
msgid "You will see a list of signators etc. here\n"
msgstr "Sie sollten hier eigentlich eine Liste der Signierer sehen.\n"
-#: g10/pkclist.c:132
+#: g10/pkclist.c:133
msgid ""
"Could not find a valid trust path to the key. Let's see whether we\n"
"can assign some missing owner trust values.\n"
@@ -518,13 +522,13 @@ msgstr ""
"Mal sehen ob wir now weitere Ownertrust Werte zuordnen k\366nnen.\n"
"\n"
-#: g10/pkclist.c:157
+#: g10/pkclist.c:158
msgid ""
"No ownertrust values changed.\n"
"\n"
msgstr "Keine \"Ownertrust\" Werte ge\344ndert.\n"
-#: g10/pkclist.c:267
+#: g10/pkclist.c:268
msgid ""
"It is NOT certain that the key belongs to its owner.\n"
"If you *really* know what you are doing, you may answer\n"
@@ -535,11 +539,47 @@ msgstr ""
"Wenn Sie *wirklich* wissen, was Sie tun, k\366nnen Sie die n\344chste\n"
"Frage mit ja beantworten\n"
-#: g10/pkclist.c:278
+#: g10/pkclist.c:279
msgid "WARNING: Using untrusted key!\n"
msgstr "WARNUNG: Ein Schl\374ssel ohne gesichertes Vertrauen wird benutzt!\n"
-#: g10/pkclist.c:308
+#: g10/pkclist.c:315
+msgid "WARNING: This key has been revoked by its owner!\n"
+msgstr ""
+
+#: g10/pkclist.c:316
+msgid " This could mean that the signature is forgery.\n"
+msgstr ""
+
+#: g10/pkclist.c:337
+msgid "Note: This key has expired!\n"
+msgstr ""
+
+#: g10/pkclist.c:344
+msgid "WARNING: This key is not certified with a trusted signature!\n"
+msgstr ""
+
+#: g10/pkclist.c:346
+msgid " There is no indication that the signature belongs to the owner.\n"
+msgstr ""
+
+#: g10/pkclist.c:361
+msgid "WARNING: We do NOT trust this key!\n"
+msgstr ""
+
+#: g10/pkclist.c:362
+msgid " The signature is probably a FORGERY.\n"
+msgstr ""
+
+#: g10/pkclist.c:369
+msgid "WARNING: This key is not certified with enough trusted signatures!\n"
+msgstr ""
+
+#: g10/pkclist.c:372
+msgid " It is not certain that the signature belongs to the owner.\n"
+msgstr ""
+
+#: g10/pkclist.c:417
msgid ""
"You did not specify a user ID. (you may use \"-r\")\n"
"\n"
@@ -547,23 +587,23 @@ msgstr ""
"Sie gaben keine User-ID angegeben. (benutzen Sie die Option \"-r\")\n"
"\n"
-#: g10/pkclist.c:312
+#: g10/pkclist.c:421
msgid "Enter the user ID: "
msgstr "Geben Sie die User-ID ein: "
-#: g10/pkclist.c:323
+#: g10/pkclist.c:432
msgid "No such user ID.\n"
msgstr "Keine solche User-ID.\n"
-#: g10/pkclist.c:357 g10/pkclist.c:384
+#: g10/pkclist.c:466 g10/pkclist.c:493
msgid "%s: skipped: %s\n"
msgstr "%s: \374bergangen: %s\n"
-#: g10/pkclist.c:365
+#: g10/pkclist.c:474
msgid "%s: error checking key: %s\n"
msgstr "%s: Fehler beim pr\374fen des Schl\374ssels: %s\n"
-#: g10/pkclist.c:391
+#: g10/pkclist.c:500
msgid "no valid addressees\n"
msgstr "Keine g\374ltigen Adressaten"
@@ -597,7 +637,7 @@ msgstr " (%d) DSA (nur signieren)\n"
#: g10/keygen.c:388
msgid " (%d) ElGamal in a v3 packet\n"
-msgstr " ((%d) ElGamal in einem v4 Packet\n"
+msgstr " (%d) ElGamal in einem v3 Packet\n"
#: g10/keygen.c:392
msgid "Your selection? "
@@ -1054,7 +1094,7 @@ msgstr "M\366chten Sie die ausgew\344hlten Siganturen wirklich entfernen? "
#: g10/keyedit.c:250 g10/keyedit.c:396 g10/keyedit.c:465
msgid "%s: user not found\n"
-msgstr "%s: Benutzer nich gefunden\n"
+msgstr "%s: Benutzer nicht gefunden\n"
#: g10/keyedit.c:277 g10/keyedit.c:417
msgid "Checking signatures of this public key certificate:\n"
@@ -1141,19 +1181,19 @@ msgstr "Erzeugung des \366ffentlichen Schl\374ssels fehlgeschlagen: %s\n"
msgid "decryption failed: %s\n"
msgstr "Enschl\374sselung fehlgeschlagen: %s\n"
-#: g10/mainproc.c:817
+#: g10/mainproc.c:829
msgid "Signature made %.*s using %s key ID %08lX\n"
msgstr "Signatur wurde am %.*s mit %s Schl\374ssel %08lX erzeugt\n"
-#: g10/mainproc.c:823
+#: g10/mainproc.c:835
msgid "BAD signature from \""
msgstr "FALSCHE Signatur von \""
-#: g10/mainproc.c:824
+#: g10/mainproc.c:836
msgid "Good signature from \""
msgstr "Gute Signatur von \""
-#: g10/mainproc.c:833
+#: g10/mainproc.c:847
msgid "Can't check signature: %s\n"
msgstr "Signatur kann nicht gepr\374ft werden: %s\n"
@@ -1171,7 +1211,7 @@ msgstr ""
msgid "(%u-bit %s key, ID %08lX, created %s)\n"
msgstr "(%u-bit %s Schl\374ssel, ID %08lX, erzeugt %s)\n"
-#: g10/plaintext.c:216
+#: g10/plaintext.c:268
msgid "can't open signed data '%s'\n"
msgstr ""
@@ -1179,7 +1219,7 @@ msgstr ""
msgid "Invalid passphrase; please try again ...\n"
msgstr ""
-#: g10/sig-check.c:165 g10/trustdb.c:1755
+#: g10/sig-check.c:165
msgid "public key created in future (time warp or clock problem)\n"
msgstr ""
@@ -1187,167 +1227,127 @@ msgstr ""
msgid "warning: signature key expired %s\n"
msgstr ""
-#: g10/trustdb.c:331
-msgid "can't create %s: %s\n"
-msgstr ""
-
-#: g10/trustdb.c:360
-msgid "TrustDB %s is invalid\n"
-msgstr ""
-
-#: g10/trustdb.c:435 g10/trustdb.c:596
-msgid "trustdb: lseek failed: %s\n"
-msgstr ""
-
-#: g10/trustdb.c:443
-msgid "trustdb: read failed (n=%d): %s\n"
-msgstr ""
-
-#: g10/trustdb.c:460
-msgid "%s: not a trustdb file\n"
-msgstr ""
-
-#: g10/trustdb.c:601
-msgid "trustdb: write failed (n=%d): %s\n"
-msgstr ""
-
-#: g10/trustdb.c:633
-msgid "%s: failed to append a record: %s\n"
-msgstr ""
-
-#: g10/trustdb.c:680
-msgid "%s: search_db failed: %s\n"
-msgstr ""
-
-#: g10/trustdb.c:724
+#: g10/trustdb.c:213
msgid "error reading record with local_id %lu: %s\n"
msgstr ""
-#: g10/trustdb.c:729
+#: g10/trustdb.c:218
msgid "record with local_id %lu is not a dir record\n"
msgstr ""
-#: g10/trustdb.c:762
+#: g10/trustdb.c:251
msgid "%lu: error reading dir record: %s\n"
msgstr ""
-#: g10/trustdb.c:773
+#: g10/trustdb.c:262
msgid "%lu: error building sigs on the fly: %s\n"
msgstr ""
-#: g10/trustdb.c:780
+#: g10/trustdb.c:269
msgid "%lu: error re-reading dir record: %s\n"
msgstr ""
-#: g10/trustdb.c:807
+#: g10/trustdb.c:296
msgid "error reading sigrec: %s\n"
msgstr ""
-#: g10/trustdb.c:812
+#: g10/trustdb.c:301
msgid "chained sigrec %lu has a wrong owner\n"
msgstr ""
-#: g10/trustdb.c:862
-msgid "keyid %08lX: secret key without public key\n"
+#: g10/trustdb.c:350
+msgid "key %08lX: secret key without public key\n"
msgstr ""
-#: g10/trustdb.c:867
-msgid "keyid %08lX: secret and public key don't match\n"
+#: g10/trustdb.c:355
+msgid "key %08lX: secret and public key don't match\n"
msgstr ""
-#: g10/trustdb.c:878
-msgid "keyid %08lX: can't put it into the trustdb\n"
+#: g10/trustdb.c:366
+msgid "key %08lX: can't put it into the trustdb\n"
msgstr ""
-#: g10/trustdb.c:884
-msgid "keyid %08lX: query record failed\n"
+#: g10/trustdb.c:372
+msgid "key %08lX: query record failed\n"
msgstr ""
-#: g10/trustdb.c:893
-msgid "keyid %08lX: already in ultikey_table\n"
+#: g10/trustdb.c:381
+msgid "key %08lX: already in ultikey_table\n"
msgstr ""
-#: g10/trustdb.c:901
+#: g10/trustdb.c:389
msgid "enum_secret_keys failed: %s\n"
msgstr ""
-#: g10/trustdb.c:1169
+#. get the keyblock
+#: g10/trustdb.c:684
msgid "%lu: build_sigrecs: can't read dir record\n"
msgstr ""
-#: g10/trustdb.c:1173
+#: g10/trustdb.c:688
msgid "%lu: build_sigrecs: can't read key record\n"
msgstr ""
-#: g10/trustdb.c:1179
-msgid "build_sigrecs: get_keyblock_byfprint failed\n"
+#: g10/trustdb.c:694
+msgid "build_sigrecs: get_keyblock_byfprint failed: %s\n"
msgstr ""
-#: g10/trustdb.c:1185
+#: g10/trustdb.c:701
msgid "build_sigrecs: check_sigs failed\n"
msgstr ""
-#: g10/trustdb.c:1189
+#: g10/trustdb.c:705
msgid "build_sigrecs: self-signature missing\n"
msgstr ""
-#: g10/trustdb.c:1195
+#: g10/trustdb.c:711
msgid "build_sigrecs: key has been revoked\n"
msgstr ""
-#: g10/trustdb.c:1220
+#: g10/trustdb.c:736
msgid "set_signature_packets_local_id failed: %s\n"
msgstr ""
-#: g10/trustdb.c:1231 g10/trustdb.c:1256 g10/trustdb.c:1267
+#: g10/trustdb.c:747 g10/trustdb.c:772 g10/trustdb.c:783
msgid "build_sigrecs: write_record failed\n"
msgstr ""
-#: g10/trustdb.c:1277
+#: g10/trustdb.c:793
msgid "update_dir_record: read failed\n"
msgstr ""
-#: g10/trustdb.c:1282
+#: g10/trustdb.c:798
msgid "update_dir_record: write failed\n"
msgstr ""
-#: g10/trustdb.c:1292
+#: g10/trustdb.c:808
msgid "trustdb: build_sigrecs: %s\n"
msgstr ""
-#: g10/trustdb.c:1511
-msgid "can't access %s: %s\n"
+#: g10/trustdb.c:1228
+msgid "check_trust: read dir record failed\n"
msgstr ""
-#: g10/trustdb.c:1527
-msgid "can't create directory '%s': %s\n"
-msgstr ""
-
-#: g10/trustdb.c:1531
-msgid "directory '%s' does not exist!\n"
-msgstr ""
-
-#: g10/trustdb.c:1732
-msgid "check_trust: read record failed\n"
+#: g10/trustdb.c:1234
+msgid "check_trust: search_record failed: %s\n"
msgstr ""
-#. no local_id: scan the trustdb
-#: g10/trustdb.c:1738
-msgid "check_trust: search_record failed: %s\n"
+#: g10/trustdb.c:1241
+msgid "key %08lX: insert trust record failed: %s\n"
msgstr ""
-#: g10/trustdb.c:1745
-msgid "failed to insert pubkey into trustdb: %s\n"
+#: g10/trustdb.c:1245
+msgid "key %08lX.%lu: inserted into trustdb\n"
msgstr ""
-#: g10/trustdb.c:1749
-msgid "pubkey not in trustdb - inserted as %lu\n"
+#: g10/trustdb.c:1251
+msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
msgstr ""
-#: g10/trustdb.c:1761
-msgid "key expiration date is %s\n"
+#: g10/trustdb.c:1259
+msgid "key %08lX.%lu: expired at %s\n"
msgstr ""
-#: g10/trustdb.c:1769
-msgid "check_trust: do_check failed: %s\n"
+#: g10/trustdb.c:1268
+msgid "key %08lX.%lu: trust check failed: %s\n"
msgstr ""
diff --git a/tools/mk-tdata b/tools/mk-tdata
index 3b9e1c016..1664b3278 100755
--- a/tools/mk-tdata
+++ b/tools/mk-tdata
Binary files differ
diff --git a/util/ChangeLog b/util/ChangeLog
index 661914645..6b4a76fd8 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,7 @@
+Thu Jul 9 14:47:20 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * secmem.c (secmem_init): Drops setuid if called with 0.
+
Tue Jul 7 11:49:25 1998 Werner Koch (wk@isil.d.shuttle.de)
* logger.c (log_set_filename): New.
diff --git a/util/secmem.c b/util/secmem.c
index b1d86ebf1..4721bcd91 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -153,8 +153,16 @@ secmem_get_flags(void)
void
secmem_init( size_t n )
{
- if( !n )
+ if( !n ) {
+ uid_t uid;
+
disable_secmem=1;
+ uid = getuid();
+ if( uid != geteuid() ) {
+ if( setuid( uid ) )
+ log_fatal("failed to drop setuid\n" );
+ }
+ }
else {
if( n < DEFAULT_POOLSIZE )
n = DEFAULT_POOLSIZE;
diff --git a/zlib/Makefile b/zlib/Makefile
index 8b8f71fd9..51a26a471 100644
--- a/zlib/Makefile
+++ b/zlib/Makefile
@@ -92,7 +92,7 @@ POSUB = po
RANLIB = ranlib
USE_INCLUDED_LIBINTL = yes
USE_NLS = yes
-VERSION = 0.3.1a
+VERSION = 0.3.2
ZLIBS =
l =
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 14:24:50 +0100