diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 17 | ||||
| -rw-r--r-- | g10/Makefile.am | 2 | ||||
| -rw-r--r-- | g10/g10.c | 45 | ||||
| -rw-r--r-- | g10/getkey.c | 9 | ||||
| -rw-r--r-- | g10/keydb.h | 1 | ||||
| -rw-r--r-- | g10/keyid.c | 11 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/packet.h | 1 | ||||
| -rw-r--r-- | g10/parse-packet.c | 2 | ||||
| -rw-r--r-- | g10/pkclist.c | 111 | ||||
| -rw-r--r-- | g10/sig-check.c | 2 | ||||
| -rw-r--r-- | g10/status.c | 6 | ||||
| -rw-r--r-- | g10/status.h | 9 | ||||
| -rw-r--r-- | g10/tdbio.c | 518 | ||||
| -rw-r--r-- | g10/tdbio.h | 150 | ||||
| -rw-r--r-- | g10/trustdb.c | 744 |
16 files changed, 995 insertions, 635 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 7525c1818..a637ac9e9 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,20 @@ +Thu Jul 9 14:52:47 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (build_list): Now drops setuid. + (main): Changed the way keyrings and algorithms are registered . + +Wed Jul 8 14:17:30 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h (PKT_public_key): Add field keyid. + * parse-packet.c (parse_key): Reset the above field. + * keyid.c (keyid_from_pk): Use above field as cache. + + * tdbio.c, tdbio.h: New + * trustdb.c: Moved some functions to tdbio.c. + (print_keyid): New. + + * pkclist.c (check_signatures_trust): New. + Wed Jul 8 10:45:28 1998 Werner Koch (wk@isil.d.shuttle.de) * plaintext.c (special_md_putc): New. diff --git a/g10/Makefile.am b/g10/Makefile.am index c64055423..be695d895 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -32,6 +32,8 @@ common_source = \ keyid.c \ trustdb.c \ trustdb.h \ + tdbio.c \ + tdbio.h \ pref.h \ pref.c \ packet.h \ @@ -182,6 +182,7 @@ enum cmd_values { aNull = 0, aDeArmor, aEnArmor, aGenRandom, aTest }; +static int maybe_setuid = 1; static char *build_list( const char *text, const char *(*mapf)(int), int (*chkf)(int) ); @@ -264,6 +265,9 @@ build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) ) size_t n=strlen(text)+2; char *list, *p; + if( maybe_setuid ) + secmem_init( 0 ); /* drop setuid */ + for(i=1; i < 110; i++ ) if( !chkf(i) && (s=mapf(i)) ) n += strlen(s) + 2; @@ -381,7 +385,7 @@ main( int argc, char **argv ) char **orig_argv; const char *fname; STRLIST sl, remusr= NULL, locusr=NULL; - int nrings=0, sec_nrings=0; + STRLIST nrings=NULL, sec_nrings=NULL; armor_filter_context_t afx; int detached_sig = 0; FILE *configfp = NULL; @@ -394,10 +398,13 @@ main( int argc, char **argv ) int greeting = 1; enum cmd_values cmd = 0; const char *trustdb_name = NULL; + char *def_cipher_string = NULL; + char *def_digest_string = NULL; trap_unaligned(); #ifdef IS_G10MAINT secmem_init( 0 ); /* disable use of secmem */ + maybe_setuid = 0; log_set_name("gpgm"); #else /* Please note that we may running SUID(ROOT), so be very CAREFUL @@ -509,12 +516,8 @@ main( int argc, char **argv ) case 523: set_passphrase_fd( pargs.r.ret_int ); break; case 524: set_cmd( &cmd, aEditKey); break; case 525: set_cmd( &cmd, aChangePass); break; - case 527: - opt.def_cipher_algo = string_to_cipher_algo(pargs.r.ret_str); - break; - case 529: - opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str); - break; + case 527: def_cipher_string = m_strdup(pargs.r.ret_str); break; + case 529: def_digest_string = m_strdup(pargs.r.ret_str); break; case 539: set_cmd( &cmd, aClearsign); break; case 540: secmem_set_flags( secmem_get_flags() | 1 ); break; case 542: set_cmd( &cmd, aGenRevoke); break; @@ -548,12 +551,12 @@ main( int argc, char **argv ) case 501: opt.answer_yes = 1; break; case 502: opt.answer_no = 1; break; case 508: set_cmd( &cmd, aCheckKeys); break; - case 509: add_keyring(pargs.r.ret_str); nrings++; break; + case 509: append_to_strlist( &nrings, pargs.r.ret_str); break; case 510: opt.debug |= pargs.r.ret_ulong; break; case 511: opt.debug = ~0; break; case 512: set_status_fd( pargs.r.ret_int ); break; case 515: opt.fingerprint = 1; break; - case 517: add_secret_keyring(pargs.r.ret_str); sec_nrings++; break; + case 517: append_to_strlist( &sec_nrings, pargs.r.ret_str); break; case 518: /* config files may not be nested (silently ignore them) */ if( !configfp ) { @@ -603,7 +606,6 @@ main( int argc, char **argv ) goto next_pass; } m_free( configname ); configname = NULL; - check_opts(); if( log_get_errorcount(0) ) g10_exit(2); @@ -615,12 +617,28 @@ main( int argc, char **argv ) #ifdef IS_G10 /* initialize the secure memory. */ secmem_init( 16384 ); + maybe_setuid = 0; /* Okay, we are now working under our real uid */ #endif /*write_status( STATUS_ENTER );*/ set_debug(); + + /* must do this after dropping setuid, because string_to... + * may try to load an module */ + if( def_cipher_string ) { + opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string); + m_free(def_cipher_string); def_cipher_string = NULL; + } + if( def_digest_string ) { + opt.def_digest_algo = string_to_digest_algo(def_digest_string); + m_free(def_digest_string); def_digest_string = NULL; + } + check_opts(); + if( log_get_errorcount(0) ) + g10_exit(2); + if( !cmd && opt.fingerprint ) set_cmd( &cmd, aListKeys); @@ -651,11 +669,18 @@ main( int argc, char **argv ) * not in case of "-kvv userid keyring" */ if( cmd != aDeArmor && cmd != aEnArmor && !(cmd == aKMode && argc == 2 ) ) { + if( !sec_nrings || default_keyring ) /* add default secret rings */ add_secret_keyring("secring.gpg"); + for(sl = sec_nrings; sl; sl = sl->next ) + add_secret_keyring( sl->d ); if( !nrings || default_keyring ) /* add default ring */ add_keyring("pubring.gpg"); + for(sl = nrings; sl; sl = sl->next ) + add_keyring( sl->d ); } + FREE_STRLIST(nrings); + FREE_STRLIST(sec_nrings); if( argc ) fname = *argv; diff --git a/g10/getkey.c b/g10/getkey.c index c51e54bd9..3f8ac63b8 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -759,6 +759,15 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid, size_t an; byte *afp = fingerprint_from_pk( k->pkt->pkt.public_key, &an ); + + if( DBG_CACHE ) { + u32 aki[2]; + keyid_from_pk( k->pkt->pkt.public_key, aki ); + log_debug(" aki=%08lx%08lx algo=%d mode=%d an=%u\n", + (ulong)aki[0], (ulong)aki[1], + k->pkt->pkt.public_key->pubkey_algo, + mode, an ); + } if( an == mode && !memcmp( afp, name, an) && ( !pk->pubkey_algo || pk->pubkey_algo diff --git a/g10/keydb.h b/g10/keydb.h index ddc9e5491..58a170d27 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -86,6 +86,7 @@ struct pubkey_find_info { /*-- pkclist.c --*/ +int check_signatures_trust( PKT_signature *sig ); void release_pk_list( PK_LIST pk_list ); int build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage ); diff --git a/g10/keyid.c b/g10/keyid.c index 74bbf8c2c..0809df93a 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -161,9 +161,16 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid ) if( !keyid ) keyid = dummy_keyid; - if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) { + if( pk->keyid[0] || pk->keyid[1] ) { + keyid[0] = pk->keyid[0]; + keyid[1] = pk->keyid[1]; + lowbits = keyid[1]; + } + else if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) { lowbits = pubkey_get_npkey(pk->pubkey_algo) ? mpi_get_keyid( pk->pkey[0], keyid ) : 0 ; /* from n */ + pk->keyid[0] = keyid[0]; + pk->keyid[1] = keyid[1]; } else { const byte *dp; @@ -174,6 +181,8 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid ) keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; lowbits = keyid[1]; md_close(md); + pk->keyid[0] = keyid[0]; + pk->keyid[1] = keyid[1]; } return lowbits; diff --git a/g10/mainproc.c b/g10/mainproc.c index b73d49bd1..9090fd4e1 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -837,6 +837,8 @@ check_sig_and_print( CTX c, KBNODE node ) print_keyid( stderr, sig->keyid ); putc('\"', stderr); putc('\n', stderr); + if( !rc ) + rc = check_signatures_trust( sig ); if( opt.batch && rc ) g10_exit(1); } diff --git a/g10/packet.h b/g10/packet.h index 9c8a8547d..0cefd8d10 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -111,6 +111,7 @@ typedef struct { byte pubkey_algo; /* algorithm used for public key scheme */ byte pubkey_usage; /* for now only used to pass it to getkey() */ ulong local_id; /* internal use, valid if > 0 */ + u32 keyid[2]; /* calculated by keyid_from_pk() */ MPI pkey[PUBKEY_MAX_NPKEY]; } PKT_public_key; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index ab1e6cdf8..310feae29 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -946,6 +946,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, pk->version = version; pk->pubkey_algo = algorithm; pk->pubkey_usage = 0; /* not yet used */ + pk->keyid[0] = 0; + pk->keyid[1] = 0; } nskey = pubkey_get_nskey( algorithm ); npkey = pubkey_get_npkey( algorithm ); diff --git a/g10/pkclist.c b/g10/pkclist.c index e20fe8503..81e23c765 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -33,6 +33,7 @@ #include "util.h" #include "trustdb.h" #include "ttyio.h" +#include "status.h" #include "i18n.h" /**************** @@ -57,7 +58,7 @@ query_ownertrust( ulong lid ) pk = m_alloc_clear( sizeof *pk ); rc = get_pubkey( pk, keyid ); if( rc ) { - log_error("keyid %08lX: pubkey not found: %s\n", + log_error("key %08lX: public key not found: %s\n", (ulong)keyid[1], g10_errstr(rc) ); return 0; } @@ -282,6 +283,114 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel ) } + +/**************** + * Check whether we can trust this signature. + * Returns: Error if we shall not trust this signatures. + */ +int +check_signatures_trust( PKT_signature *sig ) +{ + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); + int trustlevel; + int dont_try = 0; + int rc=0; + + rc = get_pubkey( pk, sig->keyid ); + if( rc ) { /* this should not happen */ + log_error("Ooops; the key vanished - can't check the trust\n"); + rc = G10ERR_NO_PUBKEY; + goto leave; + } + + retry: + rc = check_trust( pk, &trustlevel ); + if( rc ) { + log_error("check trust failed: %s\n", g10_errstr(rc)); + goto leave; + } + + if( (trustlevel & TRUST_FLAG_REVOKED) ) { + write_status( STATUS_KEYREVOKED ); + log_info(_("WARNING: This key has been revoked by its owner!\n")); + log_info(_(" This could mean that the signature is forgery.\n")); + } + + + switch( (trustlevel & TRUST_MASK) ) { + case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */ + rc = insert_trust_record( pk ); + if( rc ) { + log_error("failed to insert it into the trustdb: %s\n", + g10_errstr(rc) ); + goto leave; + } + rc = check_trust( pk, &trustlevel ); + if( rc ) + log_fatal("trust check after insert failed: %s\n", + g10_errstr(rc) ); + if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED ) + BUG(); + goto retry; + + case TRUST_EXPIRED: + log_info(_("Note: This key has expired!\n")); + break; + + case TRUST_UNDEFINED: + if( dont_try || opt.batch || opt.answer_no ) { + write_status( STATUS_TRUST_UNDEFINED ); + log_info(_( + "WARNING: This key is not certified with a trusted signature!\n")); + log_info(_( + " There is no indication that the " + "signature belongs to the owner.\n" )); + } + else { + rc = add_ownertrust( pk ); + if( rc ) { + dont_try = 1; + rc = 0; + } + goto retry; + } + break; + + case TRUST_NEVER: + write_status( STATUS_TRUST_NEVER ); + log_info(_("WARNING: We do NOT trust this key!\n")); + log_info(_(" The signature is probably a FORGERY.\n")); + rc = G10ERR_BAD_SIGN; + break; + + case TRUST_MARGINAL: + write_status( STATUS_TRUST_MARGINAL ); + log_info(_( + "WARNING: This key is not certified with enough trusted signatures!\n" + )); + log_info(_( + " It is not certain that the signature belongs to the owner.\n" + )); + break; + + case TRUST_FULLY: + write_status( STATUS_TRUST_FULLY ); + break; + + case TRUST_ULTIMATE: + write_status( STATUS_TRUST_ULTIMATE ); + break; + + default: BUG(); + } + + + leave: + free_public_key( pk ); + return rc; +} + + void release_pk_list( PK_LIST pk_list ) { diff --git a/g10/sig-check.c b/g10/sig-check.c index 984671923..f600a4d1e 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -158,7 +158,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) } if( pk->timestamp > sig->timestamp ) - return G10ERR_TIME_CONFLICT; /* pubkey newer that signature */ + return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */ cur_time = make_timestamp(); if( pk->timestamp > cur_time ) { diff --git a/g10/status.c b/g10/status.c index 35367fbba..5cdd4fd03 100644 --- a/g10/status.c +++ b/g10/status.c @@ -54,10 +54,16 @@ write_status_text( int no, const char *text) case STATUS_ABORT : s = "ABORT\n"; break; case STATUS_GOODSIG: s = "GOODSIG\n"; break; case STATUS_SIGEXPIRED: s = "SIGEXPIRED\n"; break; + case STATUS_KEYREVOKED: s = "KEYREVOKED\n"; break; case STATUS_BADSIG : s = "BADSIG\n"; break; case STATUS_ERRSIG : s = "ERRSIG\n"; break; case STATUS_BADARMOR : s = "BADARMOR\n"; break; case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA\n"; break; + case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED\n"; break; + case STATUS_TRUST_NEVER : s = "TRUST_NEVER\n"; break; + case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL\n"; break; + case STATUS_TRUST_FULLY : s = "TRUST_FULLY\n"; break; + case STATUS_TRUST_ULTIMATE : s = "TRUST_ULTIMATE\n"; break; default: s = "?\n"; break; } diff --git a/g10/status.h b/g10/status.h index 8b5ffdacd..d6ed773a0 100644 --- a/g10/status.h +++ b/g10/status.h @@ -34,6 +34,15 @@ #define STATUS_RSA_OR_IDEA 8 #define STATUS_SIGEXPIRED 9 +#define STATUS_KEYREVOKED 10 + +#define STATUS_TRUST_UNDEFINED 11 +#define STATUS_TRUST_NEVER 12 +#define STATUS_TRUST_MARGINAL 13 +#define STATUS_TRUST_FULLY 14 +#define STATUS_TRUST_ULTIMATE 15 + + /*-- status.c --*/ void set_status_fd( int fd ); diff --git a/g10/tdbio.c b/g10/tdbio.c new file mode 100644 index 000000000..d3b9a7221 --- /dev/null +++ b/g10/tdbio.c @@ -0,0 +1,518 @@ +/* tdbio.c + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <assert.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> + +#include "errors.h" +#include "iobuf.h" +#include "memory.h" +#include "util.h" +#include "options.h" +#include "main.h" +#include "i18n.h" +#include "trustdb.h" +#include "tdbio.h" + + + +static char *db_name; +static int db_fd = -1; + + + +static void create_db( const char *fname ); +static void open_db(void); + +/************************************************** + ************** read and write helpers ************ + **************************************************/ + +static void +fwrite_8(FILE *fp, byte a) +{ + if( putc( a & 0xff, fp ) == EOF ) + log_fatal("error writing byte to trustdb: %s\n", strerror(errno) ); +} + + +static void +fwrite_32( FILE*fp, ulong a) +{ + putc( (a>>24) & 0xff, fp ); + putc( (a>>16) & 0xff, fp ); + putc( (a>> 8) & 0xff, fp ); + if( putc( a & 0xff, fp ) == EOF ) + log_fatal("error writing ulong to trustdb: %s\n", strerror(errno) ); +} + +static void +fwrite_zeros( FILE *fp, size_t n) +{ + while( n-- ) + if( putc( 0, fp ) == EOF ) + log_fatal("error writing zeros to trustdb: %s\n", strerror(errno) ); +} + + + + +/************************************************** + ************** read and write stuff ************** + **************************************************/ + +int +tdbio_set_dbname( const char *new_dbname, int create ) +{ + char *fname; + + fname = new_dbname? m_strdup( new_dbname ) + : make_filename(opt.homedir, "trustdb.gpg", NULL ); + + if( access( fname, R_OK ) ) { + if( errno != ENOENT ) { + log_error_f( fname, _("can't access: %s\n"), strerror(errno) ); + m_free(fname); + return G10ERR_TRUSTDB; + } + if( create ) { + char *p = strrchr( fname, '/' ); + assert(p); + *p = 0; + if( access( fname, F_OK ) ) { + if( strlen(fname) >= 7 + && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) { + #if __MINGW32__ + if( mkdir( fname ) ) + #else + if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) ) + #endif + log_fatal_f( fname, _("can't create directory: %s\n"), + strerror(errno) ); + } + else + log_fatal_f(fname, _("directory does not exist!\n") ); + } + *p = '/'; + create_db( fname ); + } + } + m_free(db_name); + db_name = fname; + return 0; +} + + +const char * +tdbio_get_dbname() +{ + return db_name; +} + + + +/**************** + * Create a new trustdb + */ +static void +create_db( const char *fname ) +{ + FILE *fp; + + fp =fopen( fname, "w" ); + if( !fp ) + log_fatal_f( fname, _("can't create %s: %s\n"), strerror(errno) ); + fwrite_8( fp, 1 ); + fwrite_8( fp, 'g' ); + fwrite_8( fp, 'p' ); + fwrite_8( fp, 'g' ); + fwrite_8( fp, 1 ); /* version */ + fwrite_zeros( fp, 3 ); /* reserved */ + fwrite_32( fp, 0 ); /* not locked */ + fwrite_32( fp, make_timestamp() ); /* created */ + fwrite_32( fp, 0 ); /* not yet modified */ + fwrite_32( fp, 0 ); /* not yet validated*/ + fwrite_32( fp, 0 ); /* reserved */ + fwrite_8( fp, 3 ); /* marginals needed */ + fwrite_8( fp, 1 ); /* completes needed */ + fwrite_8( fp, 4 ); /* max_cet_depth */ + fwrite_zeros( fp, 9 ); /* filler */ + fclose(fp); +} + + + +static void +open_db() +{ + TRUSTREC rec; + assert( db_fd == -1 ); + + db_fd = open( db_name, O_RDWR ); + if( db_fd == -1 ) + log_fatal_f( db_name, _("can't open: %s\n"), strerror(errno) ); + if( tdbio_read_record( 0, &rec, RECTYPE_VER ) ) + log_fatal_f( db_name, _("invalid trust-db\n") ); + /* fixme: check ->locked and other stuff */ +} + + +void +tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp ) +{ + int i, any; + + fprintf(fp, "rec %5lu, type=", rnum ); + + switch( rec->rectype ) { + case 0: fprintf(fp, "free\n"); + break; + case RECTYPE_VER: fprintf(fp, "version\n"); + break; + case RECTYPE_DIR: + fprintf(fp, "dir keyid=%08lX, key=%lu, ctl=%lu, sig=%lu", + (ulong)rec->r.dir.keyid[1], + rec->r.dir.keyrec, rec->r.dir.ctlrec, rec->r.dir.sigrec ); + if( rec->r.dir.no_sigs == 1 ) + fputs(", (none)", fp ); + else if( rec->r.dir.no_sigs == 2 ) + fputs(", (invalid)", fp ); + else if( rec->r.dir.no_sigs == 3 ) + fputs(", (revoked)", fp ); + else if( rec->r.dir.no_sigs ) + fputs(", (??)", fp ); + putc('\n', fp); + break; + case RECTYPE_KEY: fprintf(fp, + "key %08lX, own=%lu, ownertrust=%02x, fl=%d\n", + (ulong)rec->r.key.keyid[1], + rec->r.key.owner, rec->r.key.ownertrust, + rec->r.key.fingerprint_len ); + break; + case RECTYPE_UID: + if( !rec->r.uid.subtype ) + fprintf(fp, + "uid %02x%02x, owner=%lu, chain=%lu, pref=%lu, otr=%02x\n", + rec->r.uid.namehash[18], rec->r.uid.namehash[19], + rec->r.uid.owner, rec->r.uid.chain, (ulong)rec->r.uid.prefrec, + rec->r.uid.ownertrust ); + else + fprintf(fp, + "uid subtype%d, owner=%lu, chain=%lu\n", + rec->r.uid.subtype, rec->r.uid.owner, rec->r.uid.chain); + break; + case RECTYPE_CTL: fprintf(fp, "ctl\n"); + break; + case RECTYPE_SIG: + fprintf(fp, "sigrec, owner=%lu, chain=%lu\n", + rec->r.sig.owner, rec->r.sig.chain ); + for(i=any=0; i < SIGS_PER_RECORD; i++ ) { + if( rec->r.sig.sig[i].local_id ) { + if( !any ) { + putc('\t', fp); + any++; + } + fprintf(fp, " %lu:%02x", rec->r.sig.sig[i].local_id, + rec->r.sig.sig[i].flag ); + } + } + if( any ) + putc('\n', fp); + break; + default: + fprintf(fp, "%d (unknown)\n", rec->rectype ); + break; + } +} + +/**************** + * read the record with number recnum + * returns: -1 on error, 0 on success + */ +int +tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) +{ + byte buf[TRUST_RECORD_LEN], *p; + int rc = 0; + int n, i; + + if( db_fd == -1 ) + open_db(); + if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) { + log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) ); + return G10ERR_READ_FILE; + } + n = read( db_fd, buf, TRUST_RECORD_LEN); + if( !n ) { + return -1; /* eof */ + } + else if( n != TRUST_RECORD_LEN ) { + log_error(_("trustdb: read failed (n=%d): %s\n"), n, strerror(errno) ); + return G10ERR_READ_FILE; + } + p = buf; + rec->rectype = *p++; + if( expected && rec->rectype != expected ) { + log_error("%lu: read expected rec type %d, got %d\n", + recnum, expected, rec->rectype ); + return G10ERR_TRUSTDB; + } + p++; + switch( rec->rectype ) { + case 0: /* unused record */ + break; + case RECTYPE_VER: /* version record */ + /* g10 was the original name */ + if( memcmp(buf+1, "gpg", 3 ) && memcmp(buf+1, "g10", 3 ) ) { + log_error_f( db_name, _("not a trustdb file\n") ); + rc = G10ERR_TRUSTDB; + } + p += 2; /* skip magic */ + rec->r.ver.version = *p++; + rec->r.ver.locked = buftoulong(p); p += 4; + rec->r.ver.created = buftoulong(p); p += 4; + rec->r.ver.modified = buftoulong(p); p += 4; + rec->r.ver.validated= buftoulong(p); p += 4; + rec->r.ver.marginals_needed = *p++; + rec->r.ver.completes_needed = *p++; + rec->r.ver.max_cert_depth = *p++; + if( recnum ) { + log_error_f( db_name, "version record with recnum %lu\n", + (ulong)recnum ); + rc = G10ERR_TRUSTDB; + } + if( rec->r.ver.version != 1 ) { + log_error_f( db_name, "invalid file version %d\n", + rec->r.ver.version ); + rc = G10ERR_TRUSTDB; + } + break; + case RECTYPE_DIR: /*directory record */ + rec->r.dir.local_id = buftoulong(p); p += 4; + rec->r.dir.keyid[0] = buftou32(p); p += 4; + rec->r.dir.keyid[1] = buftou32(p); p += 4; + rec->r.dir.keyrec = buftoulong(p); p += 4; + rec->r.dir.ctlrec = buftoulong(p); p += 4; + rec->r.dir.sigrec = buftoulong(p); p += 4; + rec->r.dir.no_sigs = *p++; + if( rec->r.dir.local_id != recnum ) { + log_error_f( db_name, "dir local_id != recnum (%lu,%lu)\n", + (ulong)rec->r.dir.local_id, + (ulong)recnum ); + rc = G10ERR_TRUSTDB; + } + break; + case RECTYPE_KEY: /* public key record */ + rec->r.key.owner = buftoulong(p); p += 4; + rec->r.dir.keyid[0] = buftou32(p); p += 4; + rec->r.dir.keyid[1] = buftou32(p); p += 4; + rec->r.key.pubkey_algo = *p++; + rec->r.key.fingerprint_len = *p++; + if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 ) + rec->r.key.fingerprint_len = 20; + memcpy( rec->r.key.fingerprint, p, 20); p += 20; + rec->r.key.ownertrust = *p++; + break; + case RECTYPE_CTL: /* control record */ + rec->r.ctl.owner = buftoulong(p); p += 4; + memcpy(rec->r.ctl.blockhash, p, 20); p += 20; + rec->r.ctl.trustlevel = *p++; + break; + case RECTYPE_SIG: + rec->r.sig.owner = buftoulong(p); p += 4; + rec->r.sig.chain = buftoulong(p); p += 4; + for(i=0; i < SIGS_PER_RECORD; i++ ) { + rec->r.sig.sig[i].local_id = buftoulong(p); p += 4; + rec->r.sig.sig[i].flag = *p++; + } + break; + default: + log_error_f( db_name, "invalid record type %d at recnum %lu\n", + rec->rectype, (ulong)recnum ); + rc = G10ERR_TRUSTDB; + break; + } + + return rc; +} + +/**************** + * Write the record at RECNUM + */ +int +tdbio_write_record( ulong recnum, TRUSTREC *rec ) +{ + byte buf[TRUST_RECORD_LEN], *p; + int rc = 0; + int i, n; + + if( db_fd == -1 ) + open_db(); + + memset(buf, 0, TRUST_RECORD_LEN); + p = buf; + *p++ = rec->rectype; p++; + switch( rec->rectype ) { + case 0: /* unused record */ + break; + case 1: /* version record */ + BUG(); + break; + + case RECTYPE_DIR: /*directory record */ + ulongtobuf(p, rec->r.dir.local_id); p += 4; + u32tobuf(p, rec->r.key.keyid[0]); p += 4; + u32tobuf(p, rec->r.key.keyid[1]); p += 4; + ulongtobuf(p, rec->r.dir.keyrec); p += 4; + ulongtobuf(p, rec->r.dir.ctlrec); p += 4; + ulongtobuf(p, rec->r.dir.sigrec); p += 4; + *p++ = rec->r.dir.no_sigs; + assert( rec->r.dir.local_id == recnum ); + break; + + case RECTYPE_KEY: + ulongtobuf(p, rec->r.key.owner); p += 4; + u32tobuf(p, rec->r.key.keyid[0]); p += 4; + u32tobuf(p, rec->r.key.keyid[1]); p += 4; + *p++ = rec->r.key.pubkey_algo; + *p++ = rec->r.key.fingerprint_len; + memcpy( p, rec->r.key.fingerprint, 20); p += 20; + *p++ = rec->r.key.ownertrust; + break; + + case RECTYPE_CTL: /* control record */ + ulongtobuf(p, rec->r.ctl.owner); p += 4; + memcpy(p, rec->r.ctl.blockhash, 20); p += 20; + *p++ = rec->r.ctl.trustlevel; + break; + + case RECTYPE_SIG: + ulongtobuf(p, rec->r.sig.owner); p += 4; + ulongtobuf(p, rec->r.sig.chain); p += 4; + for(i=0; i < SIGS_PER_RECORD; i++ ) { + ulongtobuf(p, rec->r.sig.sig[i].local_id); p += 4; + *p++ = rec->r.sig.sig[i].flag; + } + break; + default: + BUG(); + } + + if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) { + log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) ); + return G10ERR_WRITE_FILE; + } + n = write( db_fd, buf, TRUST_RECORD_LEN); + if( n != TRUST_RECORD_LEN ) { + log_error(_("trustdb: write failed (n=%d): %s\n"), n, strerror(errno) ); + return G10ERR_WRITE_FILE; + } + + return rc; +} + + +/**************** + * create a new record and return its record number + */ +ulong +tdbio_new_recnum() +{ + off_t offset; + ulong recnum; + TRUSTREC rec; + int rc; + + /* fixme: look for unused records */ + offset = lseek( db_fd, 0, SEEK_END ); + if( offset == -1 ) + log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) ); + recnum = offset / TRUST_RECORD_LEN; + assert(recnum); /* this is will never be the first record */ + + /* we must write a record, so that the next call to this function + * returns another recnum */ + memset( &rec, 0, sizeof rec ); + rec.rectype = 0; /* free record */ + rc = tdbio_write_record(recnum, &rec ); + if( rc ) + log_fatal_f(db_name,_("failed to append a record: %s\n"), + g10_errstr(rc)); + return recnum ; +} + + + +/**************** + * Search the trustdb for a key which matches PK and return the dir record + * The local_id of PK is set to the correct value + * + * Note: To increase performance, we could use a index search here. + */ +int +tdbio_search_record( PKT_public_key *pk, TRUSTREC *rec ) +{ + ulong recnum; + u32 keyid[2]; + byte *fingerprint; + size_t fingerlen; + int rc; + + keyid_from_pk( pk, keyid ); + fingerprint = fingerprint_from_pk( pk, &fingerlen ); + assert( fingerlen == 20 || fingerlen == 16 ); + + for(recnum=1; !(rc=tdbio_read_record( recnum, rec, 0)); recnum++ ) { + if( rec->rectype != RECTYPE_DIR ) + continue; + if( rec->r.dir.keyid[0] == keyid[0] + && rec->r.dir.keyid[1] == keyid[1]){ + TRUSTREC keyrec; + + if( tdbio_read_record( rec->r.dir.keyrec, &keyrec, RECTYPE_KEY ) ) { + log_error("%lu: ooops: invalid key record\n", recnum ); + break; + } + if( keyrec.r.key.pubkey_algo == pk->pubkey_algo + && !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){ + if( pk->local_id && pk->local_id != recnum ) + log_error_f(db_name, + "found record, but local_id from memory does " + "not match recnum (%lu,%lu)\n", + (ulong)pk->local_id, (ulong)recnum ); + pk->local_id = recnum; + return 0; + } + } + } + if( rc != -1 ) + log_error_f( db_name, _("search_db failed: %s\n"), g10_errstr(rc) ); + return rc; +} + + diff --git a/g10/tdbio.h b/g10/tdbio.h new file mode 100644 index 000000000..facb5c307 --- /dev/null +++ b/g10/tdbio.h @@ -0,0 +1,150 @@ +/* tdbio.h - Trust database I/O functions + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifndef G10_TDBIO_H +#define G10_TDBIO_H + + +#define TRUST_RECORD_LEN 40 +#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5) +#define ITEMS_PER_HTBL_RECORD ((TRUST_RECORD_LEN-2)/4) +#define ITEMS_PER_HLST_RECORD ((TRUST_RECORD_LEN-6)/5) +#define MAX_LIST_SIGS_DEPTH 20 + + +#define RECTYPE_VER 1 +#define RECTYPE_DIR 2 +#define RECTYPE_KEY 3 +#define RECTYPE_CTL 4 +#define RECTYPE_SIG 5 +#define RECTYPE_HTBL 6 +#define RECTYPE_HLST 7 +#define RECTYPE_UID 8 + + +struct trust_record { + int rectype; + union { + struct { /* version record: */ + byte version; /* should be 1 */ + ulong locked; /* pid of process which holds a lock */ + ulong created; /* timestamp of trustdb creation */ + ulong modified; /* timestamp of last modification */ + ulong validated; /* timestamp of last validation */ + byte marginals_needed; + byte completes_needed; + byte max_cert_depth; + } ver; + struct { /* directory record */ + ulong local_id; + u32 keyid[2]; + ulong keyrec; /* recno of primary public key record */ + ulong ctlrec; /* recno of control record */ + ulong sigrec; /* recno of first signature record (osolete) */ + ulong uidrec; /* recno of first user-id record */ + ulong link; /* to next dir record */ + byte no_sigs; /* does not have sigature and checked */ + } dir; + struct { /* primary public key record */ + ulong owner; + u32 keyid[2]; + byte pubkey_algo; + byte fingerprint_len; + byte fingerprint[20]; + byte ownertrust; + } key; + struct { /* user id reord */ + ulong owner; /* point back to the directory record */ + ulong chain; /* points to next user id record */ + byte subtype; /* must be 0 */ + byte namehash[20]; /* ripemd hash of the username */ + byte ownertrust; + u32 prefrec; /* recno of reference record */ + } uid; + struct { /* control record */ + ulong owner; + byte blockhash[20]; + byte trustlevel; /* calculated trustlevel */ + } ctl; + struct { /* signature record */ + ulong owner; /* local_id of record owner (pubkey record) */ + ulong chain; /* offset of next record or NULL for last one */ + struct { + ulong local_id; /* of pubkey record of signator (0=unused) */ + byte flag; /* reserved */ + } sig[SIGS_PER_RECORD]; + } sig; + struct { + ulong item[ITEMS_PER_HTBL_RECORD]; + } htbl; + struct { + ulong chain; + struct { + byte hash; + ulong rnum; + } item[ITEMS_PER_HLST_RECORD]; + } hlst; + } r; +}; +typedef struct trust_record TRUSTREC; + +typedef struct { + ulong local_id; /* localid of the pubkey */ + ulong sigrec; + ulong sig_id; /* returned signature id */ + unsigned sig_flag; /* returned signature record flag */ + struct { /* internal data */ + int init_done; + int eof; + TRUSTREC rec; + int index; + } ctl; +} SIGREC_CONTEXT; + + +/*-- tdbio.c --*/ +int tdbio_set_dbname( const char *new_dbname, int create ); +const char *tdbio_get_dbname(void); +void tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp ); +int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ); +int tdbio_write_record( ulong recnum, TRUSTREC *rec ); +ulong tdbio_new_recnum(void); +int tdbio_search_record( PKT_public_key *pk, TRUSTREC *rec ); + + +#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \ + (*((byte*)(p)+2) << 8) | (*((byte*)(p)+3))) +#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1))) +#define ulongtobuf( p, a ) do { \ + ((byte*)p)[0] = a >> 24; \ + ((byte*)p)[1] = a >> 16; \ + ((byte*)p)[2] = a >> 8; \ + ((byte*)p)[3] = a ; \ + } while(0) +#define ushorttobuf( p, a ) do { \ + ((byte*)p)[0] = a >> 8; \ + ((byte*)p)[1] = a ; \ + } while(0) +#define buftou32( p) buftoulong( (p) ) +#define u32tobuf( p, a) ulongtobuf( (p), (a) ) + + + +#endif /*G10_TDBIO_H*/ diff --git a/g10/trustdb.c b/g10/trustdb.c index 4ca177c1d..916eeffd1 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -39,94 +39,9 @@ #include "packet.h" #include "main.h" #include "i18n.h" +#include "tdbio.h" -#define TRUST_RECORD_LEN 40 -#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5) -#define ITEMS_PER_HTBL_RECORD ((TRUST_RECORD_LEN-2)/4) -#define ITEMS_PER_HLST_RECORD ((TRUST_RECORD_LEN-6)/5) -#define MAX_LIST_SIGS_DEPTH 20 - - -#define RECTYPE_VER 1 -#define RECTYPE_DIR 2 -#define RECTYPE_KEY 3 -#define RECTYPE_CTL 4 -#define RECTYPE_SIG 5 -#define RECTYPE_HTBL 6 -#define RECTYPE_HLST 7 - - -struct trust_record { - int rectype; - union { - struct { /* version record: */ - byte version; /* should be 1 */ - ulong locked; /* pid of process which holds a lock */ - ulong created; /* timestamp of trustdb creation */ - ulong modified; /* timestamp of last modification */ - ulong validated; /* timestamp of last validation */ - byte marginals_needed; - byte completes_needed; - byte max_cert_depth; - } ver; - struct { /* directory record */ - ulong local_id; - u32 keyid[2]; - ulong keyrec; /* recno of public key record */ - ulong ctlrec; /* recno of control record */ - ulong sigrec; /* recno of first signature record */ - ulong link; /* to next dir record */ - byte no_sigs; /* does not have sigature and checked */ - } dir; - struct { /* public key record */ - ulong owner; - u32 keyid[2]; - byte pubkey_algo; - byte fingerprint_len; - byte fingerprint[20]; - byte ownertrust; - } key; - struct { /* control record */ - ulong owner; - byte blockhash[20]; - byte trustlevel; /* calculated trustlevel */ - } ctl; - struct { /* signature record */ - ulong owner; /* local_id of record owner (pubkey record) */ - ulong chain; /* offset of next record or NULL for last one */ - struct { - ulong local_id; /* of pubkey record of signator (0=unused) */ - byte flag; /* reserved */ - } sig[SIGS_PER_RECORD]; - } sig; - struct { - ulong item[ITEMS_PER_HTBL_RECORD]; - } htbl; - struct { - ulong chain; - struct { - byte hash; - ulong rnum; - } item[ITEMS_PER_HLST_RECORD]; - } hlst; - } r; -}; -typedef struct trust_record TRUSTREC; - -typedef struct { - ulong local_id; /* localid of the pubkey */ - ulong sigrec; - ulong sig_id; /* returned signature id */ - unsigned sig_flag; /* returned signature record flag */ - struct { /* internal data */ - int init_done; - int eof; - TRUSTREC rec; - int index; - } ctl; -} SIGREC_CONTEXT; - typedef struct local_id_info *LOCAL_ID_INFO; struct local_id_info { LOCAL_ID_INFO next; @@ -157,13 +72,6 @@ typedef struct { } ENUM_TRUST_WEB_CONTEXT; -static void create_db( const char *fname ); -static void open_db(void); -static void dump_record( ulong rnum, TRUSTREC *rec, FILE *fp ); -static int read_record( ulong recnum, TRUSTREC *rec, int expected ); -static int write_record( ulong recnum, TRUSTREC *rec ); -static ulong new_recnum(void); -static int search_record( PKT_public_key *pk, TRUSTREC *rec ); static int walk_sigrecs( SIGREC_CONTEXT *c, int create ); static LOCAL_ID_INFO *new_lid_table(void); @@ -183,8 +91,6 @@ static int do_check( ulong pubkeyid, TRUSTREC *drec, unsigned *trustlevel ); static int update_no_sigs( ulong lid, int no_sigs ); -static char *db_name; -static int db_fd = -1; /* a table used to keep track of ultimately trusted keys * which are the ones from our secrings */ static LOCAL_ID_INFO *ultikey_table; @@ -192,53 +98,6 @@ static LOCAL_ID_INFO *ultikey_table; static ulong last_trust_web_key; static TRUST_SEG_LIST last_trust_web_tslist; -#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \ - (*((byte*)(p)+2) << 8) | (*((byte*)(p)+3))) -#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1))) -#define ulongtobuf( p, a ) do { \ - ((byte*)p)[0] = a >> 24; \ - ((byte*)p)[1] = a >> 16; \ - ((byte*)p)[2] = a >> 8; \ - ((byte*)p)[3] = a ; \ - } while(0) -#define ushorttobuf( p, a ) do { \ - ((byte*)p)[0] = a >> 8; \ - ((byte*)p)[1] = a ; \ - } while(0) -#define buftou32( p) buftoulong( (p) ) -#define u32tobuf( p, a) ulongtobuf( (p), (a) ) - - -/************************************************** - ************** read and write helpers ************ - **************************************************/ - -static void -fwrite_8(FILE *fp, byte a) -{ - if( putc( a & 0xff, fp ) == EOF ) - log_fatal("error writing byte to trustdb: %s\n", strerror(errno) ); -} - - -static void -fwrite_32( FILE*fp, ulong a) -{ - putc( (a>>24) & 0xff, fp ); - putc( (a>>16) & 0xff, fp ); - putc( (a>> 8) & 0xff, fp ); - if( putc( a & 0xff, fp ) == EOF ) - log_fatal("error writing ulong to trustdb: %s\n", strerror(errno) ); -} - -static void -fwrite_zeros( FILE *fp, size_t n) -{ - while( n-- ) - if( putc( 0, fp ) == EOF ) - log_fatal("error writing zeros to trustdb: %s\n", strerror(errno) ); -} - /********************************************** ************* list helpers ******************* @@ -312,376 +171,6 @@ upd_lid_table_flag( LOCAL_ID_INFO *tbl, ulong lid, unsigned flag ) BUG(); } - -/************************************************** - ************** read and write stuff ************** - **************************************************/ - - -/**************** - * Create a new trustdb - */ -static void -create_db( const char *fname ) -{ - FILE *fp; - - fp =fopen( fname, "w" ); - if( !fp ) - log_fatal(_("can't create %s: %s\n"), fname, strerror(errno) ); - fwrite_8( fp, 1 ); - fwrite_8( fp, 'g' ); - fwrite_8( fp, 'p' ); - fwrite_8( fp, 'g' ); - fwrite_8( fp, 1 ); /* version */ - fwrite_zeros( fp, 3 ); /* reserved */ - fwrite_32( fp, 0 ); /* not locked */ - fwrite_32( fp, make_timestamp() ); /* created */ - fwrite_32( fp, 0 ); /* not yet modified */ - fwrite_32( fp, 0 ); /* not yet validated*/ - fwrite_32( fp, 0 ); /* reserved */ - fwrite_8( fp, 3 ); /* marginals needed */ - fwrite_8( fp, 1 ); /* completes needed */ - fwrite_8( fp, 4 ); /* max_cet_depth */ - fwrite_zeros( fp, 9 ); /* filler */ - fclose(fp); -} - -static void -open_db() -{ - TRUSTREC rec; - assert( db_fd == -1 ); - - db_fd = open( db_name, O_RDWR ); - if( db_fd == -1 ) - log_fatal(_("can't open %s: %s\n"), db_name, strerror(errno) ); - if( read_record( 0, &rec, RECTYPE_VER ) ) - log_fatal(_("TrustDB %s is invalid\n"), db_name ); - /* fixme: check ->locked and other stuff */ -} - - -static void -dump_record( ulong rnum, TRUSTREC *rec, FILE *fp ) -{ - int i, any; - - fprintf(fp, "trust record %lu, type=", rnum ); - - switch( rec->rectype ) { - case 0: fprintf(fp, "free\n"); - break; - case RECTYPE_VER: fprintf(fp, "version\n"); - break; - case RECTYPE_DIR: - fprintf(fp, "dir keyid=%08lX, key=%lu, ctl=%lu, sig=%lu", - (ulong)rec->r.dir.keyid[1], - rec->r.dir.keyrec, rec->r.dir.ctlrec, rec->r.dir.sigrec ); - if( rec->r.dir.no_sigs == 1 ) - fputs(", (none)", fp ); - else if( rec->r.dir.no_sigs == 2 ) - fputs(", (invalid)", fp ); - else if( rec->r.dir.no_sigs == 3 ) - fputs(", (revoked)", fp ); - else if( rec->r.dir.no_sigs ) - fputs(", (??)", fp ); - putc('\n', fp); - break; - case RECTYPE_KEY: fprintf(fp, - "key keyid=%08lX, own=%lu, ownertrust=%02x, fl=%d\n", - (ulong)rec->r.key.keyid[1], - rec->r.key.owner, rec->r.key.ownertrust, - rec->r.key.fingerprint_len ); - break; - case RECTYPE_CTL: fprintf(fp, "ctl\n"); - break; - case RECTYPE_SIG: - fprintf(fp, "sigrec, owner=%lu, chain=%lu\n", - rec->r.sig.owner, rec->r.sig.chain ); - for(i=any=0; i < SIGS_PER_RECORD; i++ ) { - if( rec->r.sig.sig[i].local_id ) { - if( !any ) { - putc('\t', fp); - any++; - } - fprintf(fp, " %lu:%02x", rec->r.sig.sig[i].local_id, - rec->r.sig.sig[i].flag ); - } - } - if( any ) - putc('\n', fp); - break; - default: - fprintf(fp, "%d (unknown)\n", rec->rectype ); - break; - } -} - -/**************** - * read the record with number recnum - * returns: -1 on error, 0 on success - */ -static int -read_record( ulong recnum, TRUSTREC *rec, int expected ) -{ - byte buf[TRUST_RECORD_LEN], *p; - int rc = 0; - int n, i; - - if( db_fd == -1 ) - open_db(); - if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) { - log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) ); - return G10ERR_READ_FILE; - } - n = read( db_fd, buf, TRUST_RECORD_LEN); - if( !n ) { - return -1; /* eof */ - } - else if( n != TRUST_RECORD_LEN ) { - log_error(_("trustdb: read failed (n=%d): %s\n"), n, strerror(errno) ); - return G10ERR_READ_FILE; - } - p = buf; - rec->rectype = *p++; - if( expected && rec->rectype != expected ) { - log_error("%lu: read expected rec type %d, got %d\n", - recnum, expected, rec->rectype ); - return G10ERR_TRUSTDB; - } - p++; - switch( rec->rectype ) { - case 0: /* unused record */ - break; - case RECTYPE_VER: /* version record */ - /* g10 was the original name */ - if( memcmp(buf+1, "gpg", 3 ) && memcmp(buf+1, "g10", 3 ) ) { - log_error(_("%s: not a trustdb file\n"), db_name ); - rc = G10ERR_TRUSTDB; - } - p += 2; /* skip magic */ - rec->r.ver.version = *p++; - rec->r.ver.locked = buftoulong(p); p += 4; - rec->r.ver.created = buftoulong(p); p += 4; - rec->r.ver.modified = buftoulong(p); p += 4; - rec->r.ver.validated= buftoulong(p); p += 4; - rec->r.ver.marginals_needed = *p++; - rec->r.ver.completes_needed = *p++; - rec->r.ver.max_cert_depth = *p++; - if( recnum ) { - log_error("%s: version record with recnum %lu\n", - db_name, (ulong)recnum ); - rc = G10ERR_TRUSTDB; - } - if( rec->r.ver.version != 1 ) { - log_error("%s: invalid file version %d\n", - db_name, rec->r.ver.version ); - rc = G10ERR_TRUSTDB; - } - break; - case RECTYPE_DIR: /*directory record */ - rec->r.dir.local_id = buftoulong(p); p += 4; - rec->r.dir.keyid[0] = buftou32(p); p += 4; - rec->r.dir.keyid[1] = buftou32(p); p += 4; - rec->r.dir.keyrec = buftoulong(p); p += 4; - rec->r.dir.ctlrec = buftoulong(p); p += 4; - rec->r.dir.sigrec = buftoulong(p); p += 4; - rec->r.dir.no_sigs = *p++; - if( rec->r.dir.local_id != recnum ) { - log_error("%s: dir local_id != recnum (%lu,%lu)\n", - db_name, - (ulong)rec->r.dir.local_id, - (ulong)recnum ); - rc = G10ERR_TRUSTDB; - } - break; - case RECTYPE_KEY: /* public key record */ - rec->r.key.owner = buftoulong(p); p += 4; - rec->r.dir.keyid[0] = buftou32(p); p += 4; - rec->r.dir.keyid[1] = buftou32(p); p += 4; - rec->r.key.pubkey_algo = *p++; - rec->r.key.fingerprint_len = *p++; - if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 ) - rec->r.key.fingerprint_len = 20; - memcpy( rec->r.key.fingerprint, p, 20); p += 20; - rec->r.key.ownertrust = *p++; - break; - case RECTYPE_CTL: /* control record */ - rec->r.ctl.owner = buftoulong(p); p += 4; - memcpy(rec->r.ctl.blockhash, p, 20); p += 20; - rec->r.ctl.trustlevel = *p++; - break; - case RECTYPE_SIG: - rec->r.sig.owner = buftoulong(p); p += 4; - rec->r.sig.chain = buftoulong(p); p += 4; - for(i=0; i < SIGS_PER_RECORD; i++ ) { - rec->r.sig.sig[i].local_id = buftoulong(p); p += 4; - rec->r.sig.sig[i].flag = *p++; - } - break; - default: - log_error("%s: invalid record type %d at recnum %lu\n", - db_name, rec->rectype, (ulong)recnum ); - rc = G10ERR_TRUSTDB; - break; - } - - return rc; -} - -/**************** - * Write the record at RECNUM - */ -static int -write_record( ulong recnum, TRUSTREC *rec ) -{ - byte buf[TRUST_RECORD_LEN], *p; - int rc = 0; - int i, n; - - if( db_fd == -1 ) - open_db(); - - memset(buf, 0, TRUST_RECORD_LEN); - p = buf; - *p++ = rec->rectype; p++; - switch( rec->rectype ) { - case 0: /* unused record */ - break; - case 1: /* version record */ - BUG(); - break; - - case RECTYPE_DIR: /*directory record */ - ulongtobuf(p, rec->r.dir.local_id); p += 4; - u32tobuf(p, rec->r.key.keyid[0]); p += 4; - u32tobuf(p, rec->r.key.keyid[1]); p += 4; - ulongtobuf(p, rec->r.dir.keyrec); p += 4; - ulongtobuf(p, rec->r.dir.ctlrec); p += 4; - ulongtobuf(p, rec->r.dir.sigrec); p += 4; - *p++ = rec->r.dir.no_sigs; - assert( rec->r.dir.local_id == recnum ); - break; - - case RECTYPE_KEY: - ulongtobuf(p, rec->r.key.owner); p += 4; - u32tobuf(p, rec->r.key.keyid[0]); p += 4; - u32tobuf(p, rec->r.key.keyid[1]); p += 4; - *p++ = rec->r.key.pubkey_algo; - *p++ = rec->r.key.fingerprint_len; - memcpy( p, rec->r.key.fingerprint, 20); p += 20; - *p++ = rec->r.key.ownertrust; - break; - - case RECTYPE_CTL: /* control record */ - ulongtobuf(p, rec->r.ctl.owner); p += 4; - memcpy(p, rec->r.ctl.blockhash, 20); p += 20; - *p++ = rec->r.ctl.trustlevel; - break; - - case RECTYPE_SIG: - ulongtobuf(p, rec->r.sig.owner); p += 4; - ulongtobuf(p, rec->r.sig.chain); p += 4; - for(i=0; i < SIGS_PER_RECORD; i++ ) { - ulongtobuf(p, rec->r.sig.sig[i].local_id); p += 4; - *p++ = rec->r.sig.sig[i].flag; - } - break; - default: - BUG(); - } - - if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) { - log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) ); - return G10ERR_WRITE_FILE; - } - n = write( db_fd, buf, TRUST_RECORD_LEN); - if( n != TRUST_RECORD_LEN ) { - log_error(_("trustdb: write failed (n=%d): %s\n"), n, strerror(errno) ); - return G10ERR_WRITE_FILE; - } - - return rc; -} - - -/**************** - * create a new record and return its record number - */ -static ulong -new_recnum() -{ - off_t offset; - ulong recnum; - TRUSTREC rec; - int rc; - - /* fixme: look for unused records */ - offset = lseek( db_fd, 0, SEEK_END ); - if( offset == -1 ) - log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) ); - recnum = offset / TRUST_RECORD_LEN; - assert(recnum); /* this is will never be the first record */ - - /* we must write a record, so that the next call to this function - * returns another recnum */ - memset( &rec, 0, sizeof rec ); - rec.rectype = 0; /* free record */ - rc = write_record(recnum, &rec ); - if( rc ) - log_fatal(_("%s: failed to append a record: %s\n"), - db_name, g10_errstr(rc)); - return recnum ; -} - -/**************** - * Search the trustdb for a key which matches PK and return the dir record - * The local_id of PK is set to the correct value - * - * Note: To increase performance, we could use a index search here. - */ -static int -search_record( PKT_public_key *pk, TRUSTREC *rec ) -{ - ulong recnum; - u32 keyid[2]; - byte *fingerprint; - size_t fingerlen; - int rc; - - keyid_from_pk( pk, keyid ); - fingerprint = fingerprint_from_pk( pk, &fingerlen ); - assert( fingerlen == 20 || fingerlen == 16 ); - - for(recnum=1; !(rc=read_record( recnum, rec, 0)); recnum++ ) { - if( rec->rectype != RECTYPE_DIR ) - continue; - if( rec->r.dir.keyid[0] == keyid[0] - && rec->r.dir.keyid[1] == keyid[1]){ - TRUSTREC keyrec; - - if( read_record( rec->r.dir.keyrec, &keyrec, RECTYPE_KEY ) ) { - log_error("%lu: ooops: invalid key record\n", recnum ); - break; - } - if( keyrec.r.key.pubkey_algo == pk->pubkey_algo - && !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){ - if( pk->local_id && pk->local_id != recnum ) - log_error("%s: found record, but local_id from mem does " - "not match recnum (%lu,%lu)\n", db_name, - (ulong)pk->local_id, (ulong)recnum ); - pk->local_id = recnum; - return 0; - } - } - } - if( rc != -1 ) - log_error(_("%s: search_db failed: %s\n"),db_name, g10_errstr(rc) ); - return rc; -} - - /**************** * If we do not have a local_id in a signature packet, find the owner of * the signature packet in our trustdb or insert them into the trustdb @@ -697,7 +186,7 @@ set_signature_packets_local_id( PKT_signature *sig ) if( rc) goto leave; if( !pk->local_id ) { - rc = search_record( pk, &rec ); + rc = tdbio_search_record( pk, &rec ); if( rc == -1 ) rc = insert_trust_record( pk ); if( rc ) @@ -719,7 +208,7 @@ keyid_from_local_id( ulong lid, u32 *keyid ) TRUSTREC rec; int rc; - rc = read_record( lid, &rec, RECTYPE_DIR ); + rc = tdbio_read_record( lid, &rec, RECTYPE_DIR ); if( rc ) { log_error(_("error reading record with local_id %lu: %s\n"), lid, g10_errstr(rc)); @@ -757,7 +246,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create ) if( !c->ctl.init_done ) { c->ctl.init_done = 1; if( !c->sigrec ) { - rc = read_record( c->local_id, r, RECTYPE_DIR ); + rc = tdbio_read_record( c->local_id, r, RECTYPE_DIR ); if( rc ) { log_error(_("%lu: error reading dir record: %s\n"), c->local_id, g10_errstr(rc)); @@ -775,7 +264,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create ) c->ctl.eof = 1; return rc; } - rc = read_record( c->local_id, r, RECTYPE_DIR ); + rc = tdbio_read_record( c->local_id, r, RECTYPE_DIR ); if( rc ) { log_error(_("%lu: error re-reading dir record: %s\n"), c->local_id, g10_errstr(rc)); @@ -802,7 +291,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create ) c->ctl.eof = 1; return -1; /* return eof */ } - rc = read_record( rnum, r, RECTYPE_SIG ); + rc = tdbio_read_record( rnum, r, RECTYPE_SIG ); if( rc ) { log_error(_("error reading sigrec: %s\n"), g10_errstr(rc)); c->ctl.eof = 1; @@ -842,29 +331,28 @@ verify_own_keys() u32 keyid[2]; while( !(rc=enum_secret_keys( &enum_context, sk) ) ) { - /* fixed: to be sure that it is a secret key of our own, - * we should check it, but this needs a passphrase - * for every key and this is boring for the user. - * Solution: Sign the secring and the trustring - * and verify this signature during - * startup + /* To be sure that it is a secret key of our own, + * we should check it, but this needs a passphrase + * for every key and this is boring for the user. + * Anyway, access to the seret keyring should be + * granted to the user only as it is poosible to + * crack it with dictionary attacks. */ - keyid_from_sk( sk, keyid ); if( DBG_TRUST ) - log_debug("checking secret key %08lX\n", (ulong)keyid[1] ); + log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] ); /* see whether we can access the public key of this secret key */ memset( pk, 0, sizeof *pk ); rc = get_pubkey( pk, keyid ); if( rc ) { - log_error(_("keyid %08lX: secret key without public key\n"), + log_error(_("key %08lX: secret key without public key\n"), (ulong)keyid[1] ); goto leave; } if( cmp_public_secret_key( pk, sk ) ) { - log_error(_("keyid %08lX: secret and public key don't match\n"), + log_error(_("key %08lX: secret and public key don't match\n"), (ulong)keyid[1] ); rc = G10ERR_GENERAL; goto leave; @@ -875,22 +363,22 @@ verify_own_keys() if( rc == -1 ) { /* put it into the trustdb */ rc = insert_trust_record( pk ); if( rc ) { - log_error(_("keyid %08lX: can't put it into the trustdb\n"), + log_error(_("key %08lX: can't put it into the trustdb\n"), (ulong)keyid[1] ); goto leave; } } else if( rc ) { - log_error(_("keyid %08lX: query record failed\n"), (ulong)keyid[1] ); + log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] ); goto leave; } if( DBG_TRUST ) - log_debug("putting %08lX(%lu) into ultikey_table\n", + log_debug("key %08lX.%lu: stored into ultikey_table\n", (ulong)keyid[1], pk->local_id ); if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) ) - log_error(_("keyid %08lX: already in ultikey_table\n"), + log_error(_("key %08lX: already in ultikey_table\n"), (ulong)keyid[1]); @@ -927,6 +415,33 @@ print_user_id( const char *text, u32 *keyid ) m_free(p); } +static void +print_keyid( FILE *fp, ulong lid ) +{ + u32 ki[2]; + if( keyid_from_trustdb( lid, ki ) ) + fprintf(fp, "????????.%lu", lid ); + else + fprintf(fp, "%08lX.%lu", (ulong)ki[1], lid ); +} + +static void +print_trust( FILE *fp, unsigned trust ) +{ + int c; + switch( trust ) { + case TRUST_UNKNOWN: c = 'o'; break; + case TRUST_EXPIRED: c = 'e'; break; + case TRUST_UNDEFINED: c = 'q'; break; + case TRUST_NEVER: c = 'n'; break; + case TRUST_MARGINAL: c = 'm'; break; + case TRUST_FULLY: c = 'f'; break; + case TRUST_ULTIMATE: c = 'u'; break; + default: fprintf(fp, "%02x", trust ); return; + } + putc(c, fp); +} + /* (a non-recursive algorithm would be easier) */ static int do_list_sigs( ulong root, ulong pubkey, int depth, @@ -944,12 +459,12 @@ do_list_sigs( ulong root, ulong pubkey, int depth, break; rc = keyid_from_local_id( sx.sig_id, keyid ); if( rc ) { - printf("%6u: %*s????????(%lu:%02x)\n", *lineno, depth*4, "", + printf("%6u: %*s????????.%lu:%02x\n", *lineno, depth*4, "", sx.sig_id, sx.sig_flag ); ++*lineno; } else { - printf("%6u: %*s%08lX(%lu:%02x) ", *lineno, depth*4, "", + printf("%6u: %*s%08lX.%lu:%02x ", *lineno, depth*4, "", (ulong)keyid[1], sx.sig_id, sx.sig_flag ); /* check whether we already checked this pubkey */ if( !qry_lid_table_flag( ultikey_table, sx.sig_id, NULL ) ) { @@ -1002,7 +517,7 @@ list_sigs( ulong pubkey_id ) log_error("Hmmm, no pubkey record for local_id %lu\n", pubkey_id); return rc; } - printf("Signatures of %08lX(%lu) ", (ulong)keyid[1], pubkey_id ); + printf("Signatures of %08lX.%lu ", (ulong)keyid[1], pubkey_id ); print_user_id("", keyid); printf("----------------------\n"); @@ -1134,7 +649,7 @@ check_sigs( KBNODE keyblock, int *selfsig_okay, int *revoked ) } } if( DBG_TRUST ) - log_debug("trustdb: sig from %08lX(%lu): %s%s\n", + log_debug("trustdb: sig from %08lX.%lu: %s%s\n", (ulong)node->pkt->pkt.signature->keyid[1], node->pkt->pkt.signature->local_id, g10_errstr(rc), (node->flag&4)?" (dup)":"" ); @@ -1165,18 +680,19 @@ build_sigrecs( ulong pubkeyid ) log_debug("trustdb: build_sigrecs for pubkey %lu\n", (ulong)pubkeyid ); /* get the keyblock */ - if( (rc=read_record( pubkeyid, &rec, RECTYPE_DIR )) ) { + if( (rc=tdbio_read_record( pubkeyid, &rec, RECTYPE_DIR )) ) { log_error(_("%lu: build_sigrecs: can't read dir record\n"), pubkeyid ); goto leave; } - if( (rc=read_record( rec.r.dir.keyrec, &krec, RECTYPE_KEY )) ) { + if( (rc=tdbio_read_record( rec.r.dir.keyrec, &krec, RECTYPE_KEY )) ) { log_error(_("%lu: build_sigrecs: can't read key record\n"), pubkeyid); goto leave; } rc = get_keyblock_byfprint( &keyblock, krec.r.key.fingerprint, krec.r.key.fingerprint_len ); if( rc ) { - log_error(_("build_sigrecs: get_keyblock_byfprint failed\n") ); + log_error(_("build_sigrecs: get_keyblock_byfprint failed: %s\n"), + g10_errstr(rc) ); goto leave; } /* check all key signatures */ @@ -1214,7 +730,7 @@ build_sigrecs( ulong pubkeyid ) * it was necessary to have the pubkey. The only reason * this can fail are I/O errors of the trustdb or a * remove operation on the pubkey database - which should - * not disturb us, because we have to chance them anyway. */ + * not disturb us, because we have to change them anyway. */ rc = set_signature_packets_local_id( node->pkt->pkt.signature ); if( rc ) log_fatal(_("set_signature_packets_local_id failed: %s\n"), @@ -1222,11 +738,11 @@ build_sigrecs( ulong pubkeyid ) } if( i == SIGS_PER_RECORD ) { /* write the record */ - rnum = new_recnum(); + rnum = tdbio_new_recnum(); if( rnum2 ) { /* write the stored record */ rec2.r.sig.owner = pubkeyid; rec2.r.sig.chain = rnum; /* the next record number */ - rc = write_record( rnum2, &rec2 ); + rc = tdbio_write_record( rnum2, &rec2 ); if( rc ) { log_error(_("build_sigrecs: write_record failed\n") ); goto leave; @@ -1247,11 +763,11 @@ build_sigrecs( ulong pubkeyid ) } if( i || rnum2 ) { /* write the record */ - rnum = new_recnum(); + rnum = tdbio_new_recnum(); if( rnum2 ) { /* write the stored record */ rec2.r.sig.owner = pubkeyid; rec2.r.sig.chain = rnum; - rc = write_record( rnum2, &rec2 ); + rc = tdbio_write_record( rnum2, &rec2 ); if( rc ) { log_error(_("build_sigrecs: write_record failed\n") ); goto leave; @@ -1262,7 +778,7 @@ build_sigrecs( ulong pubkeyid ) if( i ) { /* write the pending record */ rec.r.sig.owner = pubkeyid; rec.r.sig.chain = 0; - rc = write_record( rnum, &rec ); + rc = tdbio_write_record( rnum, &rec ); if( rc ) { log_error(_("build_sigrecs: write_record failed\n") ); goto leave; @@ -1273,12 +789,12 @@ build_sigrecs( ulong pubkeyid ) } if( first_sigrec ) { /* update the dir record */ - if( (rc =read_record( pubkeyid, &rec, RECTYPE_DIR )) ) { + if( (rc =tdbio_read_record( pubkeyid, &rec, RECTYPE_DIR )) ) { log_error(_("update_dir_record: read failed\n")); goto leave; } rec.r.dir.sigrec = first_sigrec; - if( (rc=write_record( pubkeyid, &rec )) ) { + if( (rc=tdbio_write_record( pubkeyid, &rec )) ) { log_error(_("update_dir_record: write failed\n")); goto leave; } @@ -1410,7 +926,7 @@ do_check( ulong pubkeyid, TRUSTREC *dr, unsigned *trustlevel ) /* no sigrecs, so build them */ rc = build_sigrecs( pubkeyid ); if( !rc ) /* and read again */ - rc = read_record( pubkeyid, dr, RECTYPE_DIR ); + rc = tdbio_read_record( pubkeyid, dr, RECTYPE_DIR ); } if( dr->r.dir.no_sigs == 3 ) @@ -1439,10 +955,13 @@ do_check( ulong pubkeyid, TRUSTREC *dr, unsigned *trustlevel ) continue; if( opt.verbose ) { - log_info("tslist segs:" ); - for(i=0; i < tsl->nseg; i++ ) - fprintf(stderr, " %lu/%02x", tsl->seg[i].lid, - tsl->seg[i].trust ); + log_info("trust path:" ); + for(i=0; i < tsl->nseg; i++ ) { + putc(' ',stderr); + print_keyid( stderr, tsl->seg[i].lid ); + putc(':',stderr); + print_trust( stderr, tsl->seg[i].trust ); + } putc('\n',stderr); } } @@ -1504,39 +1023,9 @@ init_trustdb( int level, const char *dbname ) ultikey_table = new_lid_table(); if( !level || level==1 ) { - char *fname = dbname? m_strdup( dbname ) - : make_filename(opt.homedir, "trustdb.gpg", NULL ); - if( access( fname, R_OK ) ) { - if( errno != ENOENT ) { - log_error(_("can't access %s: %s\n"), fname, strerror(errno) ); - m_free(fname); - return G10ERR_TRUSTDB; - } - if( level ) { - char *p = strrchr( fname, '/' ); - assert(p); - *p = 0; - if( access( fname, F_OK ) ) { - if( strlen(fname) >= 7 - && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) { - #if __MINGW32__ - if( mkdir( fname ) ) - #else - if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) ) - #endif - log_fatal(_("can't create directory '%s': %s\n"), - fname, strerror(errno) ); - } - else - log_fatal(_("directory '%s' does not exist!\n"), fname ); - } - *p = '/'; - create_db( fname ); - } - } - m_free(db_name); - db_name = fname; - + rc = tdbio_set_dbname( dbname, !!level ); + if( rc ) + return rc; if( !level ) return 0; @@ -1566,7 +1055,7 @@ list_trustdb( const char *username ) if( (rc = get_pubkey_byname( pk, username )) ) log_error("user '%s' not found: %s\n", username, g10_errstr(rc) ); - else if( (rc=search_record( pk, &rec )) && rc != -1 ) + else if( (rc=tdbio_search_record( pk, &rec )) && rc != -1 ) log_error("problem finding '%s' in trustdb: %s\n", username, g10_errstr(rc)); else if( rc == -1 ) @@ -1579,12 +1068,12 @@ list_trustdb( const char *username ) ulong recnum; int i; - printf("TrustDB: %s\n", db_name ); - for(i=9+strlen(db_name); i > 0; i-- ) + printf("TrustDB: %s\n", tdbio_get_dbname() ); + for(i=9+strlen(tdbio_get_dbname()); i > 0; i-- ) putchar('-'); putchar('\n'); - for(recnum=0; !read_record( recnum, &rec, 0); recnum++ ) - dump_record( recnum, &rec, stdout ); + for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) + tdbio_dump_record( recnum, &rec, stdout ); } } @@ -1599,7 +1088,7 @@ list_ownertrust() int i; byte *p; - for(recnum=0; !read_record( recnum, &rec, 0); recnum++ ) { + for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) { if( rec.rectype == RECTYPE_KEY ) { p = rec.r.key.fingerprint; for(i=0; i < rec.r.key.fingerprint_len; i++, p++ ) @@ -1625,7 +1114,7 @@ list_trust_path( int max_depth, const char *username ) if( (rc = get_pubkey_byname( pk, username )) ) log_error("user '%s' not found: %s\n", username, g10_errstr(rc) ); - else if( (rc=search_record( pk, &rec )) && rc != -1 ) + else if( (rc=tdbio_search_record( pk, &rec )) && rc != -1 ) log_error("problem finding '%s' in trustdb: %s\n", username, g10_errstr(rc)); else if( rc == -1 ) { @@ -1684,8 +1173,12 @@ list_trust_path( int max_depth, const char *username ) if( tsl->dup ) continue; printf("trust path:" ); - for(i=0; i < tsl->nseg; i++ ) - printf(" %lu/%02x", tsl->seg[i].lid, tsl->seg[i].trust ); + for(i=0; i < tsl->nseg; i++ ) { + putc(' ',stdout); + print_keyid( stdout, tsl->seg[i].lid ); + putc(':',stdout); + print_trust( stdout, tsl->seg[i].trust ); + } putchar('\n'); } } @@ -1722,19 +1215,22 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel ) unsigned trustlevel = TRUST_UNKNOWN; int rc=0; u32 cur_time; + u32 keyid[2]; + if( DBG_TRUST ) log_info("check_trust() called.\n"); + keyid_from_pk( pk, keyid ); /* get the pubkey record */ if( pk->local_id ) { - if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) { - log_error(_("check_trust: read record failed\n")); + if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) { + log_error(_("check_trust: read dir record failed\n")); return G10ERR_TRUSTDB; } } else { /* no local_id: scan the trustdb */ - if( (rc=search_record( pk, &rec )) && rc != -1 ) { + if( (rc=tdbio_search_record( pk, &rec )) && rc != -1 ) { log_error(_("check_trust: search_record failed: %s\n"), g10_errstr(rc)); return rc; @@ -1742,31 +1238,35 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel ) else if( rc == -1 ) { rc = insert_trust_record( pk ); if( rc ) { - log_error(_("failed to insert pubkey into trustdb: %s\n"), - g10_errstr(rc)); + log_error(_("key %08lX: insert trust record failed: %s\n"), + keyid[1], g10_errstr(rc)); goto leave; } - log_info(_("pubkey not in trustdb - inserted as %lu\n"), - pk->local_id ); + log_info(_("key %08lX.%lu: inserted into trustdb\n"), + keyid[1], pk->local_id ); } } cur_time = make_timestamp(); if( pk->timestamp > cur_time ) { - log_info(_("public key created in future (time warp or clock problem)\n")); + log_info(_("key %08lX.%lu: created in future " + "(time warp or clock problem)\n"), + keyid[1], pk->local_id ); return G10ERR_TIME_CONFLICT; } if( pk->valid_days && add_days_to_timestamp(pk->timestamp, pk->valid_days) < cur_time ) { - log_info(_("key expiration date is %s\n"), strtimestamp( - add_days_to_timestamp(pk->timestamp, - pk->valid_days))); + log_info(_("key %08lX.%lu: expired at %s\n"), + keyid[1], pk->local_id, + strtimestamp( add_days_to_timestamp(pk->timestamp, + pk->valid_days))); trustlevel = TRUST_EXPIRED; } else { rc = do_check( pk->local_id, &rec, &trustlevel ); if( rc ) { - log_error(_("check_trust: do_check failed: %s\n"), g10_errstr(rc)); + log_error(_("key %08lX.%lu: trust check failed: %s\n"), + keyid[1], pk->local_id, g10_errstr(rc)); return rc; } } @@ -1774,7 +1274,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel ) leave: if( DBG_TRUST ) - log_info("check_trust() returns trustlevel %04x.\n", trustlevel); + log_debug("check_trust() returns trustlevel %04x.\n", trustlevel); *r_trustlevel = trustlevel; return 0; } @@ -1859,11 +1359,11 @@ get_ownertrust( ulong lid, unsigned *r_otrust ) { TRUSTREC rec; - if( read_record( lid, &rec, RECTYPE_DIR ) ) { + if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) { log_error("get_ownertrust: read dir record failed\n"); return G10ERR_TRUSTDB; } - if( read_record( rec.r.dir.keyrec, &rec, RECTYPE_KEY ) ) { + if( tdbio_read_record( rec.r.dir.keyrec, &rec, RECTYPE_KEY ) ) { log_error("get_ownertrust: read key record failed\n"); return G10ERR_TRUSTDB; } @@ -1877,7 +1377,7 @@ keyid_from_trustdb( ulong lid, u32 *keyid ) { TRUSTREC rec; - if( read_record( lid, &rec, RECTYPE_DIR ) ) { + if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) { log_error("keyid_from_trustdb: read record failed\n"); return G10ERR_TRUSTDB; } @@ -1903,13 +1403,13 @@ query_trust_record( PKT_public_key *pk ) int rc=0; if( pk->local_id ) { - if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) { + if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) { log_error("query_trust_record: read record failed\n"); return G10ERR_TRUSTDB; } } else { /* no local_id: scan the trustdb */ - if( (rc=search_record( pk, &rec )) && rc != -1 ) { + if( (rc=tdbio_search_record( pk, &rec )) && rc != -1 ) { log_error("query_trust_record: search_record failed: %s\n", g10_errstr(rc)); return rc; @@ -1939,10 +1439,10 @@ insert_trust_record( PKT_public_key *pk ) keyid_from_pk( pk, keyid ); fingerprint = fingerprint_from_pk( pk, &fingerlen ); - /* FIXME: check that we do not have this record. */ + /* fixme: assert that we do not have this record. */ - dnum = new_recnum(); - knum = new_recnum(); + dnum = tdbio_new_recnum(); + knum = tdbio_new_recnum(); /* build dir record */ memset( &rec, 0, sizeof rec ); rec.rectype = RECTYPE_DIR; @@ -1951,7 +1451,7 @@ insert_trust_record( PKT_public_key *pk ) rec.r.dir.keyid[1] = keyid[1]; rec.r.dir.keyrec = knum; rec.r.dir.no_sigs = 0; - if( write_record( dnum, &rec ) ) { + if( tdbio_write_record( dnum, &rec ) ) { log_error("writing dir record failed\n"); return G10ERR_TRUSTDB; } @@ -1965,11 +1465,11 @@ insert_trust_record( PKT_public_key *pk ) rec.r.key.fingerprint_len = fingerlen; memcpy(rec.r.key.fingerprint, fingerprint, fingerlen ); rec.r.key.ownertrust = 0; - if( write_record( knum, &rec ) ) { + if( tdbio_write_record( knum, &rec ) ) { log_error("wrinting key record failed\n"); return G10ERR_TRUSTDB; } - + /* and store the LID */ pk->local_id = dnum; return 0; @@ -1982,19 +1482,19 @@ update_ownertrust( ulong lid, unsigned new_trust ) TRUSTREC rec; ulong recnum; - if( read_record( lid, &rec, RECTYPE_DIR ) ) { + if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) { log_error("update_ownertrust: read dir failed\n"); return G10ERR_TRUSTDB; } recnum = rec.r.dir.keyrec; - if( read_record( recnum, &rec, RECTYPE_KEY ) ) { + if( tdbio_read_record( recnum, &rec, RECTYPE_KEY ) ) { log_error("update_ownertrust: read key failed\n"); return G10ERR_TRUSTDB; } /* check keyid, fingerprint etc ? */ rec.r.key.ownertrust = new_trust; - if( write_record( recnum, &rec ) ) { + if( tdbio_write_record( recnum, &rec ) ) { log_error("update_ownertrust: write failed\n"); return G10ERR_TRUSTDB; } @@ -2013,13 +1513,13 @@ update_no_sigs( ulong lid, int no_sigs ) { TRUSTREC rec; - if( read_record( lid, &rec, RECTYPE_DIR ) ) { + if( tdbio_read_record( lid, &rec, RECTYPE_DIR ) ) { log_error("update_no_sigs: read failed\n"); return G10ERR_TRUSTDB; } rec.r.dir.no_sigs = no_sigs; - if( write_record( lid, &rec ) ) { + if( tdbio_write_record( lid, &rec ) ) { log_error("update_no_sigs: write failed\n"); return G10ERR_TRUSTDB; } |