diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 41 | ||||
| -rw-r--r-- | g10/g10.c | 15 | ||||
| -rw-r--r-- | g10/import.c | 84 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/mainproc.c | 13 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/passphrase.c | 8 | ||||
| -rw-r--r-- | g10/pkclist.c | 24 | ||||
| -rw-r--r-- | g10/tdbdump.c | 1 | ||||
| -rw-r--r-- | g10/tdbio.c | 2 | ||||
| -rw-r--r-- | g10/tdbio.h | 3 | ||||
| -rw-r--r-- | g10/trustdb.c | 215 | ||||
| -rw-r--r-- | g10/trustdb.h | 1 |
13 files changed, 314 insertions, 96 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 83620ff73..acfed581d 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,44 @@ +Mon Oct 4 21:23:04 CEST 1999 Werner Koch <[email protected]> + + * import.c (import_keys): Changed calling interface, adjusted caller. + (import): Moved printing of stats out ... + (print_stats): New. ... to here. + (import_keys_stream): Call stats print here. + (import_keys): Print stats as totals for all files. + + * tdbio.h (DIRF_NEWKEYS): New + * tdbio.c (tdbio_dump_record): Print the new flag. + * trustdb.c (check_trust_record): New arg sigs_only. Adapted all + callers. + (do_update_trust_record): Removed recheck arg and add a new sigs_only + do we can later improve on the performance. Changed all callers too. + (check_trustdb): Evalutate the new flag and add a status output. + Do a check when the dir record has not been checked. + (build_cert_tree): Evaluate the new flag. + (check_trust): Ditto. Do a trust_record check, when the dir record + is not marked as checked. + (mark_fresh_keys): New. + (clear_lid_table): New. + (sync_trustdb): New. + * import.c (import_keys): Call sync_trustdb() after processing. + (import_keys_stream): Ditto. + * tdbdump.c (import_ownertrust): Ditto. + + * import.c (import_revoke_cert): Notify the trust DB. + (do_update_trust_record): Use |= to set the REVOKED bit and not &=; + shame on me for this bad copy+paste introduced bug. + (do_we_trust): Add trustmask to allow revoked key override to work. + Chnaged are to allow return of a mofified trustlevel. Adapted the + one caller. + + * g10.c: New options --emulate-3des-s2k-bug + * passphrase.c (hash_passphrase): Implemented above. + + * mainproc.c (proc_tree): Check for standalone signatures. + (do_check_sig): Print a notice for a standalone revocation + (check_sig_and_print): Do not print an error for unchecked standalone + revocations. + Tue Sep 28 20:54:37 CEST 1999 Werner Koch <[email protected]> * encode.c (encode_simple): Use new CTB when we don't have the @@ -179,6 +179,7 @@ enum cmd_and_opt_values { aNull = 0, oNoLiteral, oSetFilesize, oEntropyDLLName, + oEmu3DESS2KBug, /* will be removed in 1.1 */ aTest }; @@ -346,6 +347,7 @@ static ARGPARSE_OPTS opts[] = { { oNoLiteral, "no-literal", 0, "@" }, { oSetFilesize, "set-filesize", 20, "@" }, { oEntropyDLLName, "entropy-dll-name", 2, "@" }, + { oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"}, {0} }; @@ -805,6 +807,7 @@ main( int argc, char **argv ) opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; + case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break; case oCompressSigs: opt.compress_sigs = 1; break; case oRunAsShmCP: #ifndef USE_SHM_COPROCESSING @@ -1215,17 +1218,7 @@ main( int argc, char **argv ) case aFastImport: case aImport: - if( !argc ) { - rc = import_keys( NULL, (cmd == aFastImport) ); - if( rc ) - log_error("import failed: %s\n", g10_errstr(rc) ); - } - for( ; argc; argc--, argv++ ) { - rc = import_keys( *argv, (cmd == aFastImport) ); - if( rc ) - log_error("import from `%s' failed: %s\n", - *argv, g10_errstr(rc) ); - } + import_keys( argc? argv:NULL, argc, (cmd == aFastImport) ); break; case aExport: diff --git a/g10/import.c b/g10/import.c index 92cd93c24..5a6f83f97 100644 --- a/g10/import.c +++ b/g10/import.c @@ -38,6 +38,7 @@ static struct { + ulong count; ulong no_user_id; ulong imported; ulong imported_rsa; @@ -53,6 +54,7 @@ static struct { static int import( IOBUF inp, int fast, const char* fname ); +static void print_stats(void); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static int import_one( const char *fname, KBNODE keyblock, int fast ); static int import_secret_one( const char *fname, KBNODE keyblock ); @@ -105,30 +107,48 @@ static int merge_keysigs( KBNODE dst, KBNODE src, int *n_sigs, * Key revocation certificates have special handling. * */ -int -import_keys( const char *fname, int fast ) +void +import_keys( char **fnames, int nnames, int fast ) { - IOBUF inp = NULL; - int rc; - - inp = iobuf_open(fname); - if( !fname ) - fname = "[stdin]"; - if( !inp ) { - log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); - return G10ERR_OPEN_FILE; - } + int i; - rc = import( inp, fast, fname ); + /* fixme: don't use static variables */ + memset( &stats, 0, sizeof( stats ) ); - iobuf_close(inp); - return rc; + for(i=0; i < nnames; i++ ) { + const char *fname = fnames? fnames[i] : NULL; + IOBUF inp = iobuf_open(fname); + if( !fname ) + fname = "[stdin]"; + if( !inp ) + log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); + else { + int rc = import( inp, fast, fname ); + iobuf_close(inp); + if( rc ) + log_error("import from `%s' failed: %s\n", fname, + g10_errstr(rc) ); + } + if( !fname ) + break; + } + print_stats(); + if( !fast ) + sync_trustdb(); } int import_keys_stream( IOBUF inp, int fast ) { - return import( inp, fast, "[stream]" ); + int rc = 0; + + /* fixme: don't use static variables */ + memset( &stats, 0, sizeof( stats ) ); + rc = import( inp, fast, "[stream]" ); + print_stats(); + if( !fast ) + sync_trustdb(); + return rc; } static int @@ -137,10 +157,6 @@ import( IOBUF inp, int fast, const char* fname ) PACKET *pending_pkt = NULL; KBNODE keyblock; int rc = 0; - ulong count=0; - - /* fixme: don't use static variables */ - memset( &stats, 0, sizeof( stats ) ); getkey_disable_caches(); @@ -165,16 +181,23 @@ import( IOBUF inp, int fast, const char* fname ) release_kbnode(keyblock); if( rc ) break; - if( !(++count % 100) && !opt.quiet ) - log_info(_("%lu keys so far processed\n"), count ); + if( !(++stats.count % 100) && !opt.quiet ) + log_info(_("%lu keys so far processed\n"), stats.count ); } if( rc == -1 ) rc = 0; else if( rc && rc != G10ERR_INV_KEYRING ) log_error( _("error reading `%s': %s\n"), fname, g10_errstr(rc)); + return rc; +} + + +static void +print_stats() +{ if( !opt.quiet ) { - log_info(_("Total number processed: %lu\n"), count ); + log_info(_("Total number processed: %lu\n"), stats.count ); if( stats.no_user_id ) log_info(_(" w/o user IDs: %lu\n"), stats.no_user_id ); if( stats.imported || stats.imported_rsa ) { @@ -202,9 +225,9 @@ import( IOBUF inp, int fast, const char* fname ) } if( is_status_enabled() ) { - char buf[12*16]; + char buf[12*20]; sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu", - count, + stats.count, stats.no_user_id, stats.imported, stats.imported_rsa, @@ -218,8 +241,6 @@ import( IOBUF inp, int fast, const char* fname ) stats.secret_dups); write_status_text( STATUS_IMPORT_RES, buf ); } - - return rc; } @@ -678,6 +699,15 @@ import_revoke_cert( const char *fname, KBNODE node ) log_info( _("key %08lX: revocation certificate imported\n"), (ulong)keyid[1]); stats.n_revoc++; + if( clear_trust_checked_flag( pk ) ) { + /* seems that we have to insert the record first */ + rc = insert_trust_record( keyblock ); + if( rc ) + log_error("key %08lX: trustdb insert failed: %s\n", + (ulong)keyid[1], g10_errstr(rc) ); + else + rc = clear_trust_checked_flag( pk ); + } leave: release_kbnode( keyblock ); diff --git a/g10/main.h b/g10/main.h index 3cca94a11..32aa2652c 100644 --- a/g10/main.h +++ b/g10/main.h @@ -116,7 +116,7 @@ KBNODE make_comment_node( const char *s ); KBNODE make_mpi_comment_node( const char *s, MPI a ); /*-- import.c --*/ -int import_keys( const char *filename, int fast ); +void import_keys( char **fnames, int nnames, int fast ); int import_keys_stream( IOBUF inp, int fast ); int collapse_uids( KBNODE *keyblock ); diff --git a/g10/mainproc.c b/g10/mainproc.c index 4c93b4877..59b460c81 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -507,6 +507,11 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig ) || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { return check_key_signature( c->list, node, is_selfsig ); } + else if( sig->sig_class == 0x20 ) { + log_info(_("standalone revocation - " + "use \"gpg --import\" to apply\n"), sig->sig_class); + return G10ERR_NOT_PROCESSED; + } else { log_error("invalid root packet for sigclass %02x\n", sig->sig_class); @@ -1114,7 +1119,8 @@ check_sig_and_print( CTX c, KBNODE node ) buf[16] = 0; write_status_text( STATUS_NO_PUBKEY, buf ); } - log_error(_("Can't check signature: %s\n"), g10_errstr(rc) ); + if( rc != G10ERR_NOT_PROCESSED ) + log_error(_("Can't check signature: %s\n"), g10_errstr(rc) ); } return rc; } @@ -1174,7 +1180,10 @@ proc_tree( CTX c, KBNODE node ) else if( node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; - if( !c->have_data ) { + if( sig->sig_class != 0x00 && sig->sig_class != 0x01 ) + log_info(_("standalone signature of class 0x%02x\n"), + sig->sig_class); + else if( !c->have_data ) { /* detached signature */ free_md_filter_context( &c->mfx ); c->mfx.md = md_open(sig->digest_algo, 0); diff --git a/g10/options.h b/g10/options.h index 02613e3cc..650df8d88 100644 --- a/g10/options.h +++ b/g10/options.h @@ -87,6 +87,7 @@ struct { #define EMUBUG_GPGCHKSUM 1 +#define EMUBUG_3DESS2K 2 #define DBG_PACKET_VALUE 1 /* debug packet reading/writing */ #define DBG_MPI_VALUE 2 /* debug mpi details */ diff --git a/g10/passphrase.c b/g10/passphrase.c index bee78660f..219238321 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -242,7 +242,13 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ) md = md_open( s2k->hash_algo, 1); for(pass=0; used < dek->keylen ; pass++ ) { if( pass ) { - md_reset(md); + if( (opt.emulate_bugs & EMUBUG_3DESS2K)) { + int tmp = md->finalized; + md_reset( md ); + md->finalized = tmp; + } + else + md_reset(md); for(i=0; i < pass; i++ ) /* preset the hash context */ md_putc(md, 0 ); } diff --git a/g10/pkclist.c b/g10/pkclist.c index 4bf1fc4bf..1e382ccff 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -337,16 +337,17 @@ _("Could not find a valid trust path to the key. Let's see whether we\n" /**************** * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL - * Returns: true if we trust. + * Returns: true if we trust. Might change the trustlevel */ static int -do_we_trust( PKT_public_key *pk, int trustlevel ) +do_we_trust( PKT_public_key *pk, int *trustlevel ) { int rc; int did_add = 0; + int trustmask = 0; retry: - if( (trustlevel & TRUST_FLAG_REVOKED) ) { + if( (*trustlevel & TRUST_FLAG_REVOKED) ) { log_info(_("key %08lX: key has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); if( opt.batch ) @@ -355,8 +356,9 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) if( !cpr_get_answer_is_yes("revoked_key.override", _("Use this key anyway? ")) ) return 0; + trustmask |= TRUST_FLAG_REVOKED; } - else if( (trustlevel & TRUST_FLAG_SUB_REVOKED) ) { + else if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) { log_info(_("key %08lX: subkey has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); if( opt.batch ) @@ -365,10 +367,12 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) if( !cpr_get_answer_is_yes("revoked_key.override", _("Use this key anyway? ")) ) return 0; + trustmask |= TRUST_FLAG_SUB_REVOKED; } + *trustlevel &= ~trustmask; - switch( (trustlevel & TRUST_MASK) ) { + switch( (*trustlevel & TRUST_MASK) ) { case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */ rc = insert_trust_record_by_pk( pk ); if( rc ) { @@ -376,11 +380,12 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) g10_errstr(rc) ); return 0; /* no */ } - rc = check_trust( pk, &trustlevel, NULL, NULL, NULL ); + rc = check_trust( pk, trustlevel, NULL, NULL, NULL ); + *trustlevel &= ~trustmask; if( rc ) log_fatal("trust check after insert failed: %s\n", g10_errstr(rc) ); - if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED ) { + if( *trustlevel == TRUST_UNKNOWN || *trustlevel == TRUST_EXPIRED ) { log_debug("do_we_trust: oops at %d\n", __LINE__ ); return 0; } @@ -398,7 +403,8 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) else { int quit; - rc = add_ownertrust( pk, &quit, &trustlevel ); + rc = add_ownertrust( pk, &quit, trustlevel ); + *trustlevel &= ~trustmask; if( !rc && !did_add && !quit ) { did_add = 1; goto retry; @@ -444,7 +450,7 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel ) { int rc; - rc = do_we_trust( pk, trustlevel ); + rc = do_we_trust( pk, &trustlevel ); if( (trustlevel & TRUST_FLAG_REVOKED) && !rc ) return 0; diff --git a/g10/tdbdump.c b/g10/tdbdump.c index 799309e05..e384b8be7 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -520,5 +520,6 @@ import_ownertrust( const char *fname ) if( !is_stdin ) fclose(fp); do_sync(); + sync_trustdb(); } diff --git a/g10/tdbio.c b/g10/tdbio.c index b840d723a..70fc530fd 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -1130,6 +1130,8 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp ) fputs(", expired", fp ); if( rec->r.dir.dirflags & DIRF_REVOKED ) fputs(", revoked", fp ); + if( rec->r.dir.dirflags & DIRF_NEWKEYS ) + fputs(", newkeys", fp ); } putc('\n', fp); break; diff --git a/g10/tdbio.h b/g10/tdbio.h index a64f21b5f..1c6630961 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -52,6 +52,7 @@ /* one uid with a selfsignature or an revocation */ #define DIRF_EXPIRED 4 /* the complete key has expired */ #define DIRF_REVOKED 8 /* the complete key has been revoked */ +#define DIRF_NEWKEYS 128 /* new keys are available: we can check the sigs */ #define KEYF_CHECKED 1 /* This key has been checked */ #define KEYF_VALID 2 /* This is a valid (sub)key */ @@ -121,7 +122,7 @@ struct trust_record { } uid; struct { /* preference record */ ulong lid; /* point back to the directory record */ - /* or 0 for a glocal pref record */ + /* or 0 for a global pref record */ ulong next; /* points to next pref record */ byte data[ITEMS_PER_PREF_RECORD]; } pref; diff --git a/g10/trustdb.c b/g10/trustdb.c index 42a45aa64..78ff3de56 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -125,13 +125,22 @@ static int do_check( TRUSTREC *drec, unsigned *trustlevel, unsigned *retflgs); static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec ); static int do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, - int recheck, int *modified ); -static int check_trust_record( TRUSTREC *drec ); + int sigs_only, int *modified ); +static int check_trust_record( TRUSTREC *drec, int sigs_only ); +static void mark_fresh_keys(void); /* a table used to keep track of ultimately trusted keys * which are the ones from our secrings and the trusted keys */ static LOCAL_ID_TABLE ultikey_table; + +/* a table to keep track of newly importted keys. This one is + * create by the insert_trust_record function and from time to time + * used to verify key signature which have been done with these new keys */ +static LOCAL_ID_TABLE fresh_imported_keys; +static int fresh_imported_keys_count; +#define FRESH_KEY_CHECK_THRESHOLD 200 + /* list of unused lid items and tables */ static LOCAL_ID_TABLE unused_lid_tables; static struct local_id_item *unused_lid_items; @@ -245,6 +254,27 @@ release_lid_table( LOCAL_ID_TABLE tbl ) } #endif + +/**************** + * Remove all items from a LID table + */ +static void +clear_lid_table( LOCAL_ID_TABLE tbl ) +{ + struct local_id_item *a, *a2; + int i; + + for(i=0; i < 16; i++ ) { + for(a=tbl->items[i]; a; a = a2 ) { + a2 = a->next; + a->next = unused_lid_items; + unused_lid_items = a; + } + tbl->items[i] = NULL; + } +} + + /**************** * Add a new item to the table or return 1 if we already have this item */ @@ -572,6 +602,18 @@ init_trustdb() +/**************** + * This function should be called in certain cases to sync the internal state + * of the trustdb with the file image. Currently it is needed after + * a sequence of insert_trust_record() calls. + */ +void +sync_trustdb() +{ + if( fresh_imported_keys && fresh_imported_keys_count ) + mark_fresh_keys(); +} + /*********************************************** @@ -1082,7 +1124,7 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid, static unsigned int check_sig_record( KBNODE keyblock, KBNODE signode, ulong siglid, int sigidx, u32 *keyid, ulong lid, - u32 *r_expire ) + u32 *r_expire, int *mod_down, int *mod_up ) { PKT_signature *sig = signode->pkt->pkt.signature; unsigned int sigflag = 0; @@ -1114,16 +1156,16 @@ check_sig_record( KBNODE keyblock, KBNODE signode, sigflag |= SIGF_CHECKED | SIGF_VALID; if( revocation ) { sigflag |= SIGF_REVOKED; - /**mod_down = 1;*/ + *mod_down = 1; } else - /**mod_up = 1*/; + *mod_up = 1; } else if( rc == G10ERR_NO_PUBKEY ) { /* This may happen if the key is still in the trustdb * but not available in the keystorage */ sigflag |= SIGF_NOPUBKEY; - /**mod_down = 1;*/ + *mod_down = 1; if( revocation ) sigflag |= SIGF_REVOKED; } @@ -1137,7 +1179,7 @@ check_sig_record( KBNODE keyblock, KBNODE signode, sigflag |= SIGF_CHECKED; if( revocation ) { sigflag |= SIGF_REVOKED; - /**mod_down = 1;*/ + *mod_down = 1; } } } @@ -1168,7 +1210,8 @@ check_sig_record( KBNODE keyblock, KBNODE signode, */ static ulong make_sig_records( KBNODE keyblock, KBNODE uidnode, - ulong lid, u32 *mainkid, u32 *min_expire ) + ulong lid, u32 *mainkid, u32 *min_expire, + int *mod_down, int *mod_up ) { TRUSTREC *srecs, **s_end, *s=NULL, *s2; KBNODE node; @@ -1218,7 +1261,8 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode, s->r.sig.sig[sigidx].lid = siglid; s->r.sig.sig[sigidx].flag= check_sig_record( keyblock, node, siglid, sigidx, - mainkid, lid, &expire ); + mainkid, lid, &expire, + mod_down, mod_up ); sigidx++; if( sigidx == SIGS_PER_RECORD ) { @@ -1319,7 +1363,8 @@ make_pref_record( PKT_signature *sig, ulong lid ) static ulong -make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire ) +make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire, + int *mod_down, int *mod_up ) { TRUSTREC *urecs, **uend, *u, *u2; KBNODE node; @@ -1351,9 +1396,21 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire ) && (u->r.uid.uidflags & UIDF_VALID) ) { u->r.uid.prefrec = bestsig? make_pref_record( bestsig, lid ) : 0; } + + /* the next test is really bad because we should modify + * out modification timestamps only if we really have a change. + * But becuase we are deleting the uid records first it is somewhat + * difficult to track those changes. fixme */ + if( !( u->r.uid.uidflags & UIDF_VALID ) + || ( u->r.uid.uidflags & UIDF_REVOKED ) ) + *mod_down=1; + else + *mod_up=1; + /* create the list of signatures */ u->r.uid.siglist = make_sig_records( keyblock, node, - lid, keyid, min_expire ); + lid, keyid, min_expire, + mod_down, mod_up ); } uidrecno = urecs? urecs->recnum : 0; @@ -1380,6 +1437,8 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified ) TRUSTREC drec; int rc; + /* NOTE: We don't need recheck anymore, but this might chnage again in + * the future */ if( opt.dry_run ) return 0; if( modified ) @@ -1390,24 +1449,25 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified ) if( rc ) return rc; - rc = do_update_trust_record( keyblock, &drec, recheck, modified ); + rc = do_update_trust_record( keyblock, &drec, 0, modified ); return rc; } /**************** - * Same as update_trust_record, but tghis functions expects the dir record. - * On exit the dirrecord will reflect any changes made. + * Same as update_trust_record, but this functions expects the dir record. + * On exit the dir record will reflect any changes made. + * With sigs_only set only foreign key signatures are checked. */ static int do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, - int recheck, int *modified ) + int sigs_only, int *modified ) { PKT_public_key *primary_pk; TRUSTREC krec, urec, prec, helprec; int i, rc = 0; u32 keyid[2]; /* keyid of primary key */ -/* int mod_up = 0; - int mod_down = 0; */ + int mod_up = 0; + int mod_down = 0; ulong recno, r2; u32 expire; @@ -1424,7 +1484,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, if( rc ) return rc; - /* delete the old stuff */ + /* delete the old stuff FIXME: implementend sigs_only */ for( recno=drec->r.dir.keylist; recno; recno = krec.r.key.next ) { read_record( recno, &krec, RECTYPE_KEY ); delete_record( recno ); @@ -1447,22 +1507,13 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, /* insert new stuff */ drec->r.dir.dirflags &= ~DIRF_REVOKED; + drec->r.dir.dirflags &= ~DIRF_NEWKEYS; drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i ); if( i ) /* primary key has been revoked */ - drec->r.dir.dirflags &= DIRF_REVOKED; + drec->r.dir.dirflags |= DIRF_REVOKED; expire = 0; drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid, - &expire ); - #if 0 - if( orig_uidflags != urec.r.uid.uidflags ) { - write_record( &urec ); - if( !( urec.r.uid.uidflags & UIDF_VALID ) - || ( urec.r.uid.uidflags & UIDF_REVOKED ) ) - *mod_down=1; - else - *mod_up=1; /*(maybe a new user id)*/ - #endif - + &expire, &mod_down, &mod_up ); if( rc ) rc = tdbio_cancel_transaction(); else { @@ -1472,7 +1523,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, drec->r.dir.valcheck = 0; drec->r.dir.checkat = expire; write_record( drec ); - /*tdbio_write_modify_stamp( mod_up, mod_down );*/ + tdbio_write_modify_stamp( mod_up, mod_down ); rc = tdbio_end_transaction(); } return rc; @@ -1537,16 +1588,28 @@ insert_trust_record( KBNODE keyblock ) } } + /* mark tdb as modified upwards */ tdbio_write_modify_stamp( 1, 0 ); /* and put all the other stuff into the keydb */ - rc = do_update_trust_record( keyblock, &dirrec, 1, NULL ); + rc = do_update_trust_record( keyblock, &dirrec, 0, NULL ); do_sync(); + + /* keep track of new keys */ + if( !fresh_imported_keys ) + fresh_imported_keys = new_lid_table(); + ins_lid_table_item( fresh_imported_keys, pk->local_id, 0 ); + if( ++fresh_imported_keys_count > FRESH_KEY_CHECK_THRESHOLD ) + mark_fresh_keys(); + return rc; } + + + /**************** * Insert a trust record indentified by a PK into the TrustDB */ @@ -1584,7 +1647,7 @@ insert_trust_record_by_pk( PKT_public_key *pk ) * Currently we only do an update_trust_record. */ static int -check_trust_record( TRUSTREC *drec ) +check_trust_record( TRUSTREC *drec, int sigs_only ) { KBNODE keyblock; int modified, rc; @@ -1596,7 +1659,7 @@ check_trust_record( TRUSTREC *drec ) return rc; } - rc = do_update_trust_record( keyblock, drec, 0, &modified ); + rc = do_update_trust_record( keyblock, drec, sigs_only, &modified ); release_kbnode( keyblock ); return rc; @@ -1673,7 +1736,7 @@ update_trustdb() /**************** - * Do all required check in the trustdb. This function walks over all + * Do all required checks in the trustdb. This function walks over all * records in the trustdb and does scheduled processing. */ void @@ -1681,7 +1744,7 @@ check_trustdb( const char *username ) { TRUSTREC rec; ulong recnum; - ulong count=0, upd_count=0, err_count=0, skip_count=0; + ulong count=0, upd_count=0, err_count=0, skip_count=0, sigonly_count=0; ulong current_time = make_timestamp(); if( username ) @@ -1690,15 +1753,25 @@ check_trustdb( const char *username ) init_trustdb(); for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) { + int sigs_only; + if( rec.rectype != RECTYPE_DIR ) continue; /* we only want the dir records */ if( count && !(count % 100) && !opt.quiet ) log_info(_("%lu keys so far processed\n"), count); count++; - if( !rec.r.dir.checkat || rec.r.dir.checkat > current_time ) { - skip_count++; - continue; /* not scheduled for checking */ + sigs_only = 0; + + if( !(rec.r.dir.dirflags & DIRF_CHECKED) ) + ; + else if( !rec.r.dir.checkat || rec.r.dir.checkat > current_time ) { + if( !(rec.r.dir.dirflags & DIRF_NEWKEYS) ) { + skip_count++; + continue; /* not scheduled for checking */ + } + sigs_only = 1; /* new public keys - check them */ + sigonly_count++; } if( !rec.r.dir.keylist ) { @@ -1707,11 +1780,12 @@ check_trustdb( const char *username ) continue; } - check_trust_record( &rec ); - + check_trust_record( &rec, sigs_only ); } log_info(_("%lu keys processed\n"), count); + if( sigonly_count ) + log_info(_("\t%lu due to new pubkeys\n"), sigonly_count); if( skip_count ) log_info(_("\t%lu keys skipped\n"), skip_count); if( err_count ) @@ -1772,7 +1846,9 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot ) } if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() ) - check_trust_record( &dirrec ); + check_trust_record( &dirrec, 0 ); + else if( (dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) + check_trust_record( &dirrec, 1 ); keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK; @@ -2074,6 +2150,7 @@ do_check( TRUSTREC *dr, unsigned *validity, } else if( !add_fnc && tdbio_db_matches_options() + /* FIXME, TODO: This comparision is WRONG ! */ && dr->r.dir.valcheck > tdbio_read_modify_stamp( (dr->r.dir.validity < TRUST_FULLY) ) && dr->r.dir.validity ) @@ -2241,8 +2318,13 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel, (ulong)keyid[1], pk->local_id ); return G10ERR_TIME_CONFLICT; } - if( rec.r.dir.checkat && rec.r.dir.checkat <= cur_time ) - check_trust_record( &rec ); + + if( !(rec.r.dir.dirflags & DIRF_CHECKED) ) + check_trust_record( &rec, 0 ); + else if( rec.r.dir.checkat && rec.r.dir.checkat <= cur_time ) + check_trust_record( &rec, 0 ); + else if( (rec.r.dir.dirflags & DIRF_NEWKEYS) ) + check_trust_record( &rec, 1 ); if( pk->expiredate && pk->expiredate <= cur_time ) { log_info(_("key %08lX.%lu: expired at %s\n"), @@ -2298,6 +2380,51 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel, } +/**************** + * scan the whole trustdb and mark all signature records whose keys + * are freshly imported. + */ +static void +mark_fresh_keys() +{ + TRUSTREC dirrec, rec; + ulong recnum, lid; + int i; + + memset( &dirrec, 0, sizeof dirrec ); + + for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) { + if( rec.rectype != RECTYPE_SIG ) + continue; + /* if we have already have the dir record, we can check it now */ + if( dirrec.recnum == rec.r.sig.lid + && (dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) + continue; /* flag is already set */ + + for(i=0; i < SIGS_PER_RECORD; i++ ) { + if( !(lid=rec.r.sig.sig[i].lid) ) + continue; /* skip deleted sigs */ + if( !(rec.r.sig.sig[i].flag & SIGF_CHECKED) ) + continue; /* skip checked signatures */ + if( qry_lid_table_flag( fresh_imported_keys, lid, NULL ) ) + continue; /* not in the list of new keys */ + read_record( rec.r.sig.lid, &dirrec, RECTYPE_DIR ); + if( !(dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) { + dirrec.r.dir.dirflags |= DIRF_NEWKEYS; + write_record( &dirrec ); + } + break; + } + } + + do_sync(); + + clear_lid_table( fresh_imported_keys ); + fresh_imported_keys_count = 0; +} + + + int query_trust_info( PKT_public_key *pk, const byte *namehash ) { diff --git a/g10/trustdb.h b/g10/trustdb.h index 6396fde45..dc1e3d0c4 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -49,6 +49,7 @@ void check_trustdb( const char *username ); void update_trustdb( void ); int setup_trustdb( int level, const char *dbname ); void init_trustdb( void ); +void sync_trustdb( void ); int check_trust( PKT_public_key *pk, unsigned *r_trustlevel, const byte* nh, int (*add_fnc)(ulong), unsigned *retflgs ); int query_trust_info( PKT_public_key *pk, const byte *nh ); |