diff options
| author | David Shaw <[email protected]> | 2002-11-03 20:18:56 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-11-03 20:18:56 +0000 |
| commit | 91a8e4a6fb15994eea58ff2bab9403c5456af6a1 (patch) | |
| tree | e761564473a03432673c05f4fa8824384ebcadc8 | |
| parent | * gpg.sgml: Document "tsign", clarify "setpref", clarify --recipient, (diff) | |
| download | gnupg-91a8e4a6fb15994eea58ff2bab9403c5456af6a1.tar.gz gnupg-91a8e4a6fb15994eea58ff2bab9403c5456af6a1.zip | |
* options.h, g10.c (main): Add --trust-model option. Current models are
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works). Default is "openpgp".
* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.
* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 12 | ||||
| -rw-r--r-- | g10/g10.c | 18 | ||||
| -rw-r--r-- | g10/gpgv.c | 2 | ||||
| -rw-r--r-- | g10/mainproc.c | 4 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/pkclist.c | 8 | ||||
| -rw-r--r-- | g10/trustdb.c | 15 |
7 files changed, 45 insertions, 16 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 0f8471164..ec101665f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,17 @@ 2002-11-03 David Shaw <[email protected]> + * options.h, g10.c (main): Add --trust-model option. Current + models are "openpgp" which is classic+trustsigs, "classic" which + is classic only, and "always" which is the same as the current + option --always-trust (which still works). Default is "openpgp". + + * trustdb.c (validate_one_keyblock): Use "openpgp" trust model to + enable trust sigs. + + * gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c + (do_we_trust, do_we_trust_pre, check_signatures_trust): Use new + --trust-model option in place of --always-trust. + * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, keyedit_menu): Prompt for and create a trust signature with "tsign". This is functional, but needs better UI text. @@ -205,6 +205,7 @@ enum cmd_and_opt_values { aNull = 0, oCompressKeys, oCompressSigs, oAlwaysTrust, + oTrustModel, oEmuChecksumBug, oRunAsShmCP, oSetFilename, @@ -522,6 +523,7 @@ static ARGPARSE_OPTS opts[] = { { oCompressSigs, "compress-sigs",0, "@"}, { oDefCertCheckLevel, "default-cert-check-level", 1, "@"}, { oAlwaysTrust, "always-trust", 0, "@"}, + { oTrustModel, "trust-model", 2, "@"}, { oEmuChecksumBug, "emulate-checksum-bug", 0, "@"}, { oRunAsShmCP, "run-as-shm-coprocess", 4, "@" }, { oSetFilename, "set-filename", 2, "@" }, @@ -1142,6 +1144,7 @@ main( int argc, char **argv ) EXPORT_INCLUDE_NON_RFC|EXPORT_INCLUDE_ATTRIBUTES; opt.keyserver_options.include_subkeys=1; opt.keyserver_options.include_revoked=1; + opt.trust_model=TM_OPENPGP; #if defined (__MINGW32__) || defined (__CYGWIN32__) set_homedir ( read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" )); @@ -1443,7 +1446,20 @@ main( int argc, char **argv ) case oCompressAlgo: opt.def_compress_algo = pargs.r.ret_int; break; case oCompressKeys: opt.compress_keys = 1; break; case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break; - case oAlwaysTrust: opt.always_trust = 1; break; + /* There are many programs (like mutt) that call gpg with + --always-trust so keep this option around for a long + time. */ + case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break; + case oTrustModel: + if(ascii_strcasecmp(pargs.r.ret_str,"openpgp")==0) + opt.trust_model=TM_OPENPGP; + else if(ascii_strcasecmp(pargs.r.ret_str,"classic")==0) + opt.trust_model=TM_CLASSIC; + else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0) + opt.trust_model=TM_ALWAYS; + else + log_error("unknown trust model \"%s\"\n",pargs.r.ret_str); + break; case oLoadExtension: #ifndef __riscos__ #if defined(USE_DYNAMIC_LINKING) || defined(__MINGW32__) diff --git a/g10/gpgv.c b/g10/gpgv.c index dcb2a9d94..e0dfe92d2 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -150,7 +150,7 @@ main( int argc, char **argv ) opt.command_fd = -1; /* no command fd */ opt.pgp2_workarounds = 1; opt.keyserver_options.auto_key_retrieve = 1; - opt.always_trust = 1; + opt.trust_model = TM_ALWAYS; opt.batch = 1; #if defined (__MINGW32__) || defined (__CYGWIN32__) diff --git a/g10/mainproc.c b/g10/mainproc.c index 0fc3a8546..c07a377eb 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1382,7 +1382,7 @@ check_sig_and_print( CTX c, KBNODE node ) } } - if (opt.always_trust || !un) + if (opt.trust_model==TM_ALWAYS || !un) keyid_str[17] = 0; /* cut off the "[uncertain]" part */ write_status_text_and_buffer (statno, keyid_str, @@ -1393,7 +1393,7 @@ check_sig_and_print( CTX c, KBNODE node ) log_info(rc? _("BAD signature from \"") : sig->flags.expired ? _("Expired signature from \"") : _("Good signature from \"")); - if (!opt.always_trust && un) { + if (opt.trust_model!=TM_ALWAYS && un) { fputs(_("[uncertain]"), log_stream() ); putc(' ', log_stream() ); } diff --git a/g10/options.h b/g10/options.h index 6be587ab8..1edec5817 100644 --- a/g10/options.h +++ b/g10/options.h @@ -88,7 +88,7 @@ struct { int skip_verify; int compress_keys; int compress_sigs; - int always_trust; + enum {TM_OPENPGP, TM_CLASSIC, TM_ALWAYS} trust_model; int pgp2; int pgp6; int pgp7; /* if we get any more of these, it's time to look at a diff --git a/g10/pkclist.c b/g10/pkclist.c index 1f71d2af5..a175049a1 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -475,9 +475,9 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel ) } *trustlevel &= ~trustmask; - if( opt.always_trust) { + if( opt.trust_model==TM_ALWAYS ) { if( opt.verbose ) - log_info("No trust check due to --always-trust option\n"); + log_info("No trust check due to --trust-model always option\n"); return 1; } @@ -570,7 +570,7 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel ) * his decision the next time he encrypts for this recipient? */ } - else if( opt.always_trust && !rc ) { + else if( opt.trust_model==TM_ALWAYS && !rc ) { if( !opt.quiet ) log_info(_("WARNING: Using untrusted key!\n")); rc = 1; @@ -591,7 +591,7 @@ check_signatures_trust( PKT_signature *sig ) unsigned int trustlevel; int rc=0; - if ( opt.always_trust) + if ( opt.trust_model==TM_ALWAYS ) { if( !opt.quiet ) log_info(_("WARNING: Using untrusted key!\n")); diff --git a/g10/trustdb.c b/g10/trustdb.c index f2014012c..01e2d8cd5 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1405,11 +1405,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, did not exist. This is safe for non-trust sigs as well since we don't accept a regexp on the sig unless it's a trust sig. */ - if (kr && (kr->trust_regexp==NULL || + if (kr && (kr->trust_regexp==NULL || opt.trust_model==TM_CLASSIC || (uidnode && check_regexp(kr->trust_regexp, uidnode->pkt->pkt.user_id->name)))) { - if(DBG_TRUST && sig->trust_depth) + if(DBG_TRUST && opt.trust_model!=TM_CLASSIC && sig->trust_depth) log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n", uidnode->pkt->pkt.user_id->name,sig->trust_depth, kr->trust_depth); @@ -1419,10 +1419,10 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, lesser trust sig or value. I could make a decent argument for any of these cases, but this seems to be what PGP does, and I'd like to be compatible. -dms */ - if(sig->trust_depth && - pk->trust_timestamp<=sig->timestamp && - (sig->trust_depth<=kr->trust_depth || - kr->ownertrust==TRUST_ULTIMATE)) + if(opt.trust_model!=TM_CLASSIC && sig->trust_depth + && pk->trust_timestamp<=sig->timestamp + && (sig->trust_depth<=kr->trust_depth + || kr->ownertrust==TRUST_ULTIMATE)) { /* If we got here, we know that: @@ -1773,7 +1773,8 @@ validate_keys (int interactive) /* This can happen during transition from an old trustdb before trust sigs. It can also happen if a user uses two - different versions of GnuPG. */ + different versions of GnuPG or changes the --trust-model + setting. */ if(k->ownertrust<min) { if(DBG_TRUST) |