aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2014-02-10 16:05:54 +0000
committerWerner Koch <[email protected]>2014-02-10 16:46:40 +0000
commit62fb86c6589f7f74dad4741db31b3aefa0848420 (patch)
treed076e3a6f23760a10509f918b384a3d6897b67c2
parenttests: Handle disabled algorithms. (diff)
downloadgnupg-62fb86c6589f7f74dad4741db31b3aefa0848420.tar.gz
gnupg-62fb86c6589f7f74dad4741db31b3aefa0848420.zip
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
Diffstat
-rw-r--r--configure.ac14
-rw-r--r--g10/Makefile.am13
-rw-r--r--g10/gpg.c39
-rw-r--r--g10/import.c2
-rw-r--r--g10/keyedit.c20
-rw-r--r--g10/keylist.c3
-rw-r--r--g10/keyserver.c4
-rw-r--r--g10/pkclist.c7
-rw-r--r--g10/trust.c740
-rw-r--r--g10/trustdb.c630
-rw-r--r--g10/trustdb.h98
-rwxr-xr-xtests/openpgp/armencrypt.test2
-rwxr-xr-xtests/openpgp/armencryptp.test2
-rwxr-xr-xtests/openpgp/armsignencrypt.test2
-rwxr-xr-xtests/openpgp/defs.inc13
-rwxr-xr-xtests/openpgp/ecc.test2
-rwxr-xr-xtests/openpgp/encrypt-dsa.test4
-rwxr-xr-xtests/openpgp/encrypt.test4
-rwxr-xr-xtests/openpgp/encryptp.test2
-rw-r--r--tests/openpgp/gpg.conf.tmpl1
-rwxr-xr-xtests/openpgp/seat.test2
-rwxr-xr-xtests/openpgp/signencrypt-dsa.test4
-rwxr-xr-xtests/openpgp/signencrypt.test2
23 files changed, 960 insertions, 650 deletions
diff --git a/configure.ac b/configure.ac
index 98de67893..4abeeb007 100644
--- a/configure.ac
+++ b/configure.ac
@@ -87,6 +87,7 @@ have_adns=no
use_zip=yes
use_bzip2=yes
use_exec=yes
+use_trust_models=yes
disable_keyserver_path=no
card_support=yes
use_ccid_driver=yes
@@ -215,6 +216,18 @@ AC_ARG_ENABLE(selinux-support,
AC_MSG_RESULT($selinux_support)
+AC_MSG_CHECKING([whether to enable trust models])
+AC_ARG_ENABLE(trust-models,
+ AC_HELP_STRING([--disable-trust-models],
+ [disable all trust models except "always"]),
+ use_trust_models=$enableval)
+AC_MSG_RESULT($use_trust_models)
+if test "$use_trust_models" = no ; then
+ AC_DEFINE(NO_TRUST_MODELS, 1,
+ [Define to include only trust-model always])
+fi
+
+
#
# Options to disable algorithm
#
@@ -1615,6 +1628,7 @@ AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes")
AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
+AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no)
AM_CONDITIONAL(RUN_GPG_TESTS,
test x$cross_compiling = xno -a "$build_gpg" = yes )
diff --git a/g10/Makefile.am b/g10/Makefile.am
index fe442cf4d..ba686481c 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -48,6 +48,13 @@ else
card_source =
endif
+if NO_TRUST_MODELS
+trust_source =
+else
+trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h
+endif
+
+
if HAVE_W32_SYSTEM
resource_objs += gpg-w32info.o
endif
@@ -103,11 +110,6 @@ gpg2_SOURCES = gpg.c \
dearmor.c \
import.c \
export.c \
- trustdb.c \
- trustdb.h \
- tdbdump.c \
- tdbio.c \
- tdbio.h \
delkey.c \
keygen.c \
helptext.c \
@@ -116,6 +118,7 @@ gpg2_SOURCES = gpg.c \
call-dirmngr.c call-dirmngr.h \
photoid.c photoid.h \
call-agent.c call-agent.h \
+ trust.c $(trust_source) \
$(card_source) \
exec.c exec.h
diff --git a/g10/gpg.c b/g10/gpg.c
index 03652268a..15cbe4bcc 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -431,12 +431,16 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
ARGPARSE_c (aListPackets, "list-packets","@"),
+
+#ifndef NO_TRUST_MODELS
ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
N_("update the trust database")),
ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
+#endif
+
ARGPARSE_c (aDeArmor, "dearmor", "@"),
ARGPARSE_c (aDeArmor, "dearmour", "@"),
ARGPARSE_c (aEnArmor, "enarmor", "@"),
@@ -603,7 +607,10 @@ static ARGPARSE_OPTS opts[] = {
/* More hidden commands and options. */
ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
+#ifndef NO_TRUST_MODELS
ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
+#endif
+
/* Not yet used:
ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
ARGPARSE_c (aDeleteSecretAndPublicKeys,
@@ -619,7 +626,14 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oCommandFile, "command-file", "@"),
ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
+
+#ifndef NO_TRUST_MODELS
ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
+ ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
+ ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
+ ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
+#endif
+
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
@@ -647,7 +661,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
- ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
@@ -704,8 +717,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"),
- ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
- ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
@@ -1844,6 +1855,8 @@ collapse_args(int argc,char *argv[])
return str;
}
+
+#ifndef NO_TRUST_MODELS
static void
parse_trust_model(const char *model)
{
@@ -1860,6 +1873,7 @@ parse_trust_model(const char *model)
else
log_error("unknown trust model '%s'\n",model);
}
+#endif /*NO_TRUST_MODELS*/
/* This fucntion called to initialized a new control object. It is
@@ -1967,7 +1981,9 @@ main (int argc, char **argv)
int use_random_seed = 1;
enum cmd_and_opt_values cmd = 0;
const char *debug_level = NULL;
+#ifndef NO_TRUST_MODELS
const char *trustdb_name = NULL;
+#endif /*!NO_TRUST_MODELS*/
char *def_cipher_string = NULL;
char *def_digest_string = NULL;
char *compress_algo_string = NULL;
@@ -2056,7 +2072,11 @@ main (int argc, char **argv)
opt.verify_options = (VERIFY_SHOW_POLICY_URLS
| VERIFY_SHOW_STD_NOTATIONS
| VERIFY_SHOW_KEYSERVER_URLS);
+#ifdef NO_TRUST_MODELS
+ opt.trust_model = TM_ALWAYS;
+#else
opt.trust_model = TM_AUTO;
+#endif
opt.mangle_dos_filenames = 0;
opt.min_cert_level = 2;
set_screen_dimensions ();
@@ -2376,7 +2396,11 @@ main (int argc, char **argv)
case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
+
+#ifndef NO_TRUST_MODELS
case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
+
+#endif /*!NO_TRUST_MODELS*/
case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
case oDefRecipient:
if( *pargs.r.ret_str )
@@ -2407,6 +2431,8 @@ main (int argc, char **argv)
case oCompressKeys: opt.compress_keys = 1; break;
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
+
+#ifndef NO_TRUST_MODELS
/* There are many programs (like mutt) that call gpg with
--always-trust so keep this option around for a long
time. */
@@ -2414,6 +2440,8 @@ main (int argc, char **argv)
case oTrustModel:
parse_trust_model(pargs.r.ret_str);
break;
+#endif /*!NO_TRUST_MODELS*/
+
case oForceOwnertrust:
log_info(_("NOTE: %s is not for normal use!\n"),
"--force-ownertrust");
@@ -3494,6 +3522,7 @@ main (int argc, char **argv)
ctrl = xcalloc (1, sizeof *ctrl);
gpg_init_default_ctrl (ctrl);
+#ifndef NO_TRUST_MODELS
switch (cmd)
{
case aPrimegen:
@@ -3522,7 +3551,7 @@ main (int argc, char **argv)
}
if (rc)
log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
-
+#endif /*!NO_TRUST_MODELS*/
switch (cmd)
{
@@ -4023,6 +4052,7 @@ main (int argc, char **argv)
}
break;
+#ifndef NO_TRUST_MODELS
case aListTrustDB:
if( !argc )
list_trustdb(NULL);
@@ -4068,6 +4098,7 @@ main (int argc, char **argv)
wrong_args("--import-ownertrust [file]");
import_ownertrust( argc? *argv:NULL );
break;
+#endif /*!NO_TRUST_MODELS*/
case aRebuildKeydbCaches:
if (argc)
diff --git a/g10/import.c b/g10/import.c
index 9c14e8b4b..74443ef10 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -222,7 +222,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames,
interactive or by not setting no-auto-check-trustdb */
if(!(options&IMPORT_FAST))
- trustdb_check_or_update();
+ check_or_update_trustdb ();
return rc;
}
diff --git a/g10/keyedit.c b/g10/keyedit.c
index e455e845b..2b8b582f6 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -81,7 +81,9 @@ static int menu_revsig (KBNODE keyblock);
static int menu_revuid (KBNODE keyblock);
static int menu_revkey (KBNODE pub_keyblock);
static int menu_revsubkey (KBNODE pub_keyblock);
+#ifndef NO_TRUST_MODELS
static int enable_disable_key (KBNODE keyblock, int disable);
+#endif /*!NO_TRUST_MODELS*/
static void menu_showphoto (KBNODE keyblock);
static int update_trust = 0;
@@ -1305,7 +1307,11 @@ enum cmdids
cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
- cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF,
+ cmdEXPIRE, cmdBACKSIGN,
+#ifndef NO_TRUST_MODELS
+ cmdENABLEKEY, cmdDISABLEKEY,
+#endif /*!NO_TRUST_MODELS*/
+ cmdSHOWPREF,
cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCHECKBKUPKEY,
cmdCLEAN, cmdMINIMIZE, cmdNOP
@@ -1384,7 +1390,9 @@ static struct
{ "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
N_("change the passphrase")},
{ "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
+#ifndef NO_TRUST_MODELS
{ "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")},
+#endif /*!NO_TRUST_MODELS*/
{ "revsig", cmdREVSIG, KEYEDIT_NOT_SK,
N_("revoke signatures on the selected user IDs")},
{ "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
@@ -1392,8 +1400,10 @@ static struct
{ "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
{ "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
N_("revoke key or selected subkeys")},
+#ifndef NO_TRUST_MODELS
{ "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")},
{ "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")},
+#endif /*!NO_TRUST_MODELS*/
{ "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")},
{ "clean", cmdCLEAN, KEYEDIT_NOT_SK,
N_("compact unusable user IDs and remove unusable signatures from key")},
@@ -2059,6 +2069,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
change_passphrase (ctrl, keyblock);
break;
+#ifndef NO_TRUST_MODELS
case cmdTRUST:
if (opt.trust_model == TM_EXTERNAL)
{
@@ -2080,6 +2091,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
update_trust = 1;
}
break;
+#endif /*!NO_TRUST_MODELS*/
case cmdPREF:
{
@@ -2158,6 +2170,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
}
break;
+#ifndef NO_TRUST_MODELS
case cmdENABLEKEY:
case cmdDISABLEKEY:
if (enable_disable_key (keyblock, cmd == cmdDISABLEKEY))
@@ -2166,6 +2179,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
modified = 1;
}
break;
+#endif /*!NO_TRUST_MODELS*/
case cmdSHOWPHOTO:
menu_showphoto (keyblock);
@@ -4837,12 +4851,14 @@ menu_revuid (KBNODE pub_keyblock)
pkt->pkt.signature = sig;
insert_kbnode (node, new_kbnode (pkt), 0);
+#ifndef NO_TRUST_MODELS
/* If the trustdb has an entry for this key+uid then the
trustdb needs an update. */
if (!update_trust
&& (get_validity (pk, uid) & TRUST_MASK) >=
TRUST_UNDEFINED)
update_trust = 1;
+#endif /*!NO_TRUST_MODELS*/
changed = 1;
node->pkt->pkt.user_id->is_revoked = 1;
@@ -4978,6 +4994,7 @@ menu_revsubkey (KBNODE pub_keyblock)
enabling or disabling a key. This is arguably sub-optimal as
disabled keys are still counted in the web of trust, but perhaps
not worth adding extra complexity to change. -ds */
+#ifndef NO_TRUST_MODELS
static int
enable_disable_key (KBNODE keyblock, int disable)
{
@@ -4994,6 +5011,7 @@ enable_disable_key (KBNODE keyblock, int disable)
update_ownertrust (pk, newtrust);
return 0;
}
+#endif /*!NO_TRUST_MODELS*/
static void
diff --git a/g10/keylist.c b/g10/keylist.c
index 82d60c261..6e5ebdac9 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -64,6 +64,7 @@ static estream_t attrib_fp;
void
public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
{
+#ifndef NO_TRUST_MODELS
if (opt.with_colons)
{
byte trust_model, marginals, completes, cert_depth, min_cert_level;
@@ -98,9 +99,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth);
-
es_fprintf (es_stdout, "\n");
}
+#endif /*!NO_TRUST_MODELS*/
/* We need to do the stale check right here because it might need to
update the keyring while we already have the keyring open. This
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 0f60f7d37..4de56fc46 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1344,7 +1344,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
/* If the original options didn't have fast import, and the trustdb
is dirty, rebuild. */
if(!(opt.keyserver_options.import_options&IMPORT_FAST))
- trustdb_check_or_update();
+ check_or_update_trustdb ();
return rc;
}
@@ -1688,7 +1688,7 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
/* If the original options didn't have fast import, and the trustdb
is dirty, rebuild. */
if (!(opt.keyserver_options.import_options&IMPORT_FAST))
- trustdb_check_or_update ();
+ check_or_update_trustdb ();
return 0;
}
diff --git a/g10/pkclist.c b/g10/pkclist.c
index d94f59e11..a6d687a0f 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -176,6 +176,7 @@ show_revocation_reason( PKT_public_key *pk, int mode )
* 0 = nothing changed
* 1 = new ownertrust now in new_trust
*/
+#ifndef NO_TRUST_MODELS
static int
do_edit_ownertrust (PKT_public_key *pk, int mode,
unsigned *new_trust, int defer_help )
@@ -187,7 +188,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
int show=0;
int min_num;
int did_help=defer_help;
- unsigned int minimum=get_min_ownertrust(pk);
+ unsigned int minimum = tdb_get_min_ownertrust (pk);
char pkstrbuf[PUBKEY_STRING_SIZE];
switch(minimum)
@@ -365,12 +366,15 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
xfree(p);
return show? -2: quit? -1 : changed;
}
+#endif /*!NO_TRUST_MODELS*/
+
/*
* Display a menu to change the ownertrust of the key PK (which should
* be a primary key).
* For mode values see do_edit_ownertrust ()
*/
+#ifndef NO_TRUST_MODELS
int
edit_ownertrust (PKT_public_key *pk, int mode )
{
@@ -396,6 +400,7 @@ edit_ownertrust (PKT_public_key *pk, int mode )
}
}
}
+#endif /*!NO_TRUST_MODELS*/
/****************
diff --git a/g10/trust.c b/g10/trust.c
new file mode 100644
index 000000000..32cd93462
--- /dev/null
+++ b/g10/trust.c
@@ -0,0 +1,740 @@
+/* trust.c - High level trust functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2012 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "keydb.h"
+#include "util.h"
+#include "options.h"
+#include "packet.h"
+#include "main.h"
+#include "i18n.h"
+#include "trustdb.h"
+
+
+/* Return true if key is disabled. Note that this is usually used via
+ the pk_is_disabled macro. */
+int
+cache_disabled_value (PKT_public_key *pk)
+{
+#ifdef NO_TRUST_MODELS
+ (void)pk;
+ return 0;
+#else
+ return tdb_cache_disabled_value (pk);
+#endif
+}
+
+
+void
+register_trusted_keyid (u32 *keyid)
+{
+#ifdef NO_TRUST_MODELS
+ (void)keyid;
+#else
+ register_trusted_keyid (keyid);
+#endif
+}
+
+
+void
+register_trusted_key (const char *string)
+{
+#ifdef NO_TRUST_MODELS
+ (void)string;
+#else
+ register_trusted_key (string);
+#endif
+}
+
+
+
+/*
+ * This function returns a letter for a trust value. Trust flags
+ * are ignored.
+ */
+static int
+trust_letter (unsigned int value)
+{
+ switch( (value & TRUST_MASK) )
+ {
+ case TRUST_UNKNOWN: return '-';
+ case TRUST_EXPIRED: return 'e';
+ case TRUST_UNDEFINED: return 'q';
+ case TRUST_NEVER: return 'n';
+ case TRUST_MARGINAL: return 'm';
+ case TRUST_FULLY: return 'f';
+ case TRUST_ULTIMATE: return 'u';
+ default: return '?';
+ }
+}
+
+
+/* The strings here are similar to those in
+ pkclist.c:do_edit_ownertrust() */
+const char *
+trust_value_to_string (unsigned int value)
+{
+ switch ((value & TRUST_MASK))
+ {
+ case TRUST_UNKNOWN: return _("unknown");
+ case TRUST_EXPIRED: return _("expired");
+ case TRUST_UNDEFINED: return _("undefined");
+ case TRUST_NEVER: return _("never");
+ case TRUST_MARGINAL: return _("marginal");
+ case TRUST_FULLY: return _("full");
+ case TRUST_ULTIMATE: return _("ultimate");
+ default: return "err";
+ }
+}
+
+
+int
+string_to_trust_value (const char *str)
+{
+ if (!ascii_strcasecmp (str, "undefined"))
+ return TRUST_UNDEFINED;
+ else if (!ascii_strcasecmp (str, "never"))
+ return TRUST_NEVER;
+ else if (!ascii_strcasecmp (str, "marginal"))
+ return TRUST_MARGINAL;
+ else if (!ascii_strcasecmp (str, "full"))
+ return TRUST_FULLY;
+ else if (!ascii_strcasecmp(str, "ultimate"))
+ return TRUST_ULTIMATE;
+ else
+ return -1;
+}
+
+
+const char *
+uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
+{
+ if (!key && !uid)
+ {
+ /* TRANSLATORS: these strings are similar to those in
+ trust_value_to_string(), but are a fixed length. This is needed to
+ make attractive information listings where columns line up
+ properly. The value "10" should be the length of the strings you
+ choose to translate to. This is the length in printable columns.
+ It gets passed to atoi() so everything after the number is
+ essentially a comment and need not be translated. Either key and
+ uid are both NULL, or neither are NULL. */
+ return _("10 translator see trust.c:uid_trust_string_fixed");
+ }
+ else if(uid->is_revoked || (key && key->flags.revoked))
+ return _("[ revoked]");
+ else if(uid->is_expired)
+ return _("[ expired]");
+ else if(key)
+ {
+ switch (get_validity(key,uid)&TRUST_MASK)
+ {
+ case TRUST_UNKNOWN: return _("[ unknown]");
+ case TRUST_EXPIRED: return _("[ expired]");
+ case TRUST_UNDEFINED: return _("[ undef ]");
+ case TRUST_MARGINAL: return _("[marginal]");
+ case TRUST_FULLY: return _("[ full ]");
+ case TRUST_ULTIMATE: return _("[ultimate]");
+ }
+ }
+
+ return "err";
+}
+
+
+
+/*
+ * Return the assigned ownertrust value for the given public key.
+ * The key should be the primary key.
+ */
+unsigned int
+get_ownertrust (PKT_public_key *pk)
+{
+#ifdef NO_TRUST_MODELS
+ (void)pk;
+ return TRUST_UNKNOWN;
+#else
+ return tdb_get_ownertrust (pk);
+#endif
+}
+
+
+/*
+ * Same as get_ownertrust but this takes the minimum ownertrust value
+ * into into account, and will bump up the value as needed.
+ */
+static int
+get_ownertrust_with_min (PKT_public_key *pk)
+{
+#ifdef NO_TRUST_MODELS
+ (void)pk;
+ return TRUST_UNKNOWN;
+#else
+ unsigned int otrust, otrust_min;
+
+ otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
+ otrust_min = tdb_get_min_ownertrust (pk);
+ if (otrust < otrust_min)
+ {
+ /* If the trust that the user has set is less than the trust
+ that was calculated from a trust signature chain, use the
+ higher of the two. We do this here and not in
+ get_ownertrust since the underlying ownertrust should not
+ really be set - just the appearance of the ownertrust. */
+
+ otrust = otrust_min;
+ }
+
+ return otrust;
+#endif
+}
+
+
+/*
+ * Same as get_ownertrust but return a trust letter instead of an
+ * value. This takes the minimum ownertrust value into account.
+ */
+int
+get_ownertrust_info (PKT_public_key *pk)
+{
+ return trust_letter (get_ownertrust_with_min (pk));
+}
+
+
+/*
+ * Same as get_ownertrust but return a trust string instead of an
+ * value. This takes the minimum ownertrust value into account.
+ */
+const char *
+get_ownertrust_string (PKT_public_key *pk)
+{
+ return trust_value_to_string (get_ownertrust_with_min (pk));
+}
+
+
+/*
+ * Set the trust value of the given public key to the new value.
+ * The key should be a primary one.
+ */
+void
+update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
+{
+#ifdef NO_TRUST_MODELS
+ (void)pk;
+ (void)new_trust;
+#else
+ update_ownertrust (pk, new_trust);
+#endif
+}
+
+
+int
+clear_ownertrusts (PKT_public_key *pk)
+{
+#ifdef NO_TRUST_MODELS
+ (void)pk;
+ return 0;
+#else
+ return tdb_clear_ownertrusts (pk);
+#endif
+}
+
+
+void
+revalidation_mark (void)
+{
+#ifndef NO_TRUST_MODELS
+ tdb_revalidation_mark ();
+#endif
+}
+
+
+void
+check_trustdb_stale (void)
+{
+#ifndef NO_TRUST_MODELS
+ tdb_check_trustdb_stale ();
+#endif
+}
+
+
+void
+check_or_update_trustdb (void)
+{
+#ifndef NO_TRUST_MODELS
+ tdb_check_or_update ();
+#endif
+}
+
+
+/*
+ * Return the validity information for PK. If the namehash is not
+ * NULL, the validity of the corresponsing user ID is returned,
+ * otherwise, a reasonable value for the entire key is returned.
+ */
+unsigned int
+get_validity (PKT_public_key *pk, PKT_user_id *uid)
+{
+ int rc;
+ unsigned int validity;
+ u32 kid[2];
+ PKT_public_key *main_pk;
+
+ if (uid)
+ namehash_from_uid (uid);
+
+ keyid_from_pk (pk, kid);
+ if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
+ {
+ /* This is a subkey - get the mainkey. */
+ main_pk = xmalloc_clear (sizeof *main_pk);
+ rc = get_pubkey (main_pk, pk->main_keyid);
+ if (rc)
+ {
+ char *tempkeystr = xstrdup (keystr (pk->main_keyid));
+ log_error ("error getting main key %s of subkey %s: %s\n",
+ tempkeystr, keystr (kid), g10_errstr (rc));
+ xfree (tempkeystr);
+ validity = TRUST_UNKNOWN;
+ goto leave;
+ }
+ }
+ else
+ main_pk = pk;
+
+#ifdef NO_TRUST_MODELS
+ validity = TRUST_UNKNOWN;
+#else
+ validity = tdb_get_validity_core (pk, uid, main_pk);
+#endif
+
+ leave:
+ /* Set some flags direct from the key */
+ if (main_pk->flags.revoked)
+ validity |= TRUST_FLAG_REVOKED;
+ if (main_pk != pk && pk->flags.revoked)
+ validity |= TRUST_FLAG_SUB_REVOKED;
+ /* Note: expiration is a trust value and not a flag - don't know why
+ * I initially designed it that way. */
+ if (main_pk->has_expired || pk->has_expired)
+ validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
+ | TRUST_EXPIRED);
+
+ if (main_pk != pk)
+ free_public_key (main_pk);
+ return validity;
+}
+
+
+int
+get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
+{
+ int trustlevel;
+
+ if (!pk)
+ return '?'; /* Just in case a NULL PK is passed. */
+
+ trustlevel = get_validity (pk, uid);
+ if ((trustlevel & TRUST_FLAG_REVOKED))
+ return 'r';
+ return trust_letter (trustlevel);
+}
+
+
+const char *
+get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
+{
+ int trustlevel;
+
+ if (!pk)
+ return "err"; /* Just in case a NULL PK is passed. */
+
+ trustlevel = get_validity (pk, uid);
+ if ((trustlevel & TRUST_FLAG_REVOKED))
+ return _("revoked");
+ return trust_value_to_string (trustlevel);
+}
+
+
+
+/*
+ * Mark the signature of the given UID which are used to certify it.
+ * To do this, we first revmove all signatures which are not valid and
+ * from the remain ones we look for the latest one. If this is not a
+ * certification revocation signature we mark the signature by setting
+ * node flag bit 8. Revocations are marked with flag 11, and sigs
+ * from unavailable keys are marked with flag 12. Note that flag bits
+ * 9 and 10 are used for internal purposes.
+ */
+void
+mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
+ u32 *main_kid, struct key_item *klist,
+ u32 curtime, u32 *next_expire)
+{
+ kbnode_t node;
+ PKT_signature *sig;
+
+ /* First check all signatures. */
+ for (node=uidnode->next; node; node = node->next)
+ {
+ int rc;
+
+ node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
+ if (node->pkt->pkttype == PKT_USER_ID
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ break; /* ready */
+ if (node->pkt->pkttype != PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+ if (main_kid
+ && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
+ continue; /* ignore self-signatures if we pass in a main_kid */
+ if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
+ continue; /* we only look at these signature classes */
+ if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
+ sig->sig_class-0x10<opt.min_cert_level)
+ continue; /* treat anything under our min_cert_level as an
+ invalid signature */
+ if (klist && !is_in_klist (klist, sig))
+ continue; /* no need to check it then */
+ if ((rc=check_key_signature (keyblock, node, NULL)))
+ {
+ /* we ignore anything that won't verify, but tag the
+ no_pubkey case */
+ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
+ node->flag |= 1<<12;
+ continue;
+ }
+ node->flag |= 1<<9;
+ }
+ /* Reset the remaining flags. */
+ for (; node; node = node->next)
+ node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
+
+ /* kbnode flag usage: bit 9 is here set for signatures to consider,
+ * bit 10 will be set by the loop to keep track of keyIDs already
+ * processed, bit 8 will be set for the usable signatures, and bit
+ * 11 will be set for usable revocations. */
+
+ /* For each cert figure out the latest valid one. */
+ for (node=uidnode->next; node; node = node->next)
+ {
+ KBNODE n, signode;
+ u32 kid[2];
+ u32 sigdate;
+
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ break;
+ if ( !(node->flag & (1<<9)) )
+ continue; /* not a node to look at */
+ if ( (node->flag & (1<<10)) )
+ continue; /* signature with a keyID already processed */
+ node->flag |= (1<<10); /* mark this node as processed */
+ sig = node->pkt->pkt.signature;
+ signode = node;
+ sigdate = sig->timestamp;
+ kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
+
+ /* Now find the latest and greatest signature */
+ for (n=uidnode->next; n; n = n->next)
+ {
+ if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ break;
+ if ( !(n->flag & (1<<9)) )
+ continue;
+ if ( (n->flag & (1<<10)) )
+ continue; /* shortcut already processed signatures */
+ sig = n->pkt->pkt.signature;
+ if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
+ continue;
+ n->flag |= (1<<10); /* mark this node as processed */
+
+ /* If signode is nonrevocable and unexpired and n isn't,
+ then take signode (skip). It doesn't matter which is
+ older: if signode was older then we don't want to take n
+ as signode is nonrevocable. If n was older then we're
+ automatically fine. */
+
+ if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
+ !signode->pkt->pkt.signature->flags.revocable &&
+ (signode->pkt->pkt.signature->expiredate==0 ||
+ signode->pkt->pkt.signature->expiredate>curtime))) &&
+ (!(IS_UID_SIG(n->pkt->pkt.signature) &&
+ !n->pkt->pkt.signature->flags.revocable &&
+ (n->pkt->pkt.signature->expiredate==0 ||
+ n->pkt->pkt.signature->expiredate>curtime))))
+ continue;
+
+ /* If n is nonrevocable and unexpired and signode isn't,
+ then take n. Again, it doesn't matter which is older: if
+ n was older then we don't want to take signode as n is
+ nonrevocable. If signode was older then we're
+ automatically fine. */
+
+ if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
+ !signode->pkt->pkt.signature->flags.revocable &&
+ (signode->pkt->pkt.signature->expiredate==0 ||
+ signode->pkt->pkt.signature->expiredate>curtime))) &&
+ ((IS_UID_SIG(n->pkt->pkt.signature) &&
+ !n->pkt->pkt.signature->flags.revocable &&
+ (n->pkt->pkt.signature->expiredate==0 ||
+ n->pkt->pkt.signature->expiredate>curtime))))
+ {
+ signode = n;
+ sigdate = sig->timestamp;
+ continue;
+ }
+
+ /* At this point, if it's newer, it goes in as the only
+ remaining possibilities are signode and n are both either
+ revocable or expired or both nonrevocable and unexpired.
+ If the timestamps are equal take the later ordered
+ packet, presuming that the key packets are hopefully in
+ their original order. */
+
+ if (sig->timestamp >= sigdate)
+ {
+ signode = n;
+ sigdate = sig->timestamp;
+ }
+ }
+
+ sig = signode->pkt->pkt.signature;
+ if (IS_UID_SIG (sig))
+ { /* this seems to be a usable one which is not revoked.
+ * Just need to check whether there is an expiration time,
+ * We do the expired certification after finding a suitable
+ * certification, the assumption is that a signator does not
+ * want that after the expiration of his certificate the
+ * system falls back to an older certification which has a
+ * different expiration time */
+ const byte *p;
+ u32 expire;
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
+ expire = p? sig->timestamp + buffer_to_u32(p) : 0;
+
+ if (expire==0 || expire > curtime )
+ {
+ signode->flag |= (1<<8); /* yeah, found a good cert */
+ if (next_expire && expire && expire < *next_expire)
+ *next_expire = expire;
+ }
+ }
+ else
+ signode->flag |= (1<<11);
+ }
+}
+
+
+static int
+clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
+ int noisy, int self_only)
+{
+ int deleted = 0;
+ kbnode_t node;
+ u32 keyid[2];
+
+ assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+
+ keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
+
+ /* Passing in a 0 for current time here means that we'll never weed
+ out an expired sig. This is correct behavior since we want to
+ keep the most recent expired sig in a series. */
+ mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
+
+ /* What we want to do here is remove signatures that are not
+ considered as part of the trust calculations. Thus, all invalid
+ signatures are out, as are any signatures that aren't the last of
+ a series of uid sigs or revocations It breaks down like this:
+ coming out of mark_usable_uid_certs, if a sig is unflagged, it is
+ not even a candidate. If a sig has flag 9 or 10, that means it
+ was selected as a candidate and vetted. If a sig has flag 8 it
+ is a usable signature. If a sig has flag 11 it is a usable
+ revocation. If a sig has flag 12 it was issued by an unavailable
+ key. "Usable" here means the most recent valid
+ signature/revocation in a series from a particular signer.
+
+ Delete everything that isn't a usable uid sig (which might be
+ expired), a usable revocation, or a sig from an unavailable
+ key. */
+
+ for (node=uidnode->next;
+ node && node->pkt->pkttype==PKT_SIGNATURE;
+ node=node->next)
+ {
+ int keep;
+
+ keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
+ && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
+
+ /* Keep usable uid sigs ... */
+ if ((node->flag & (1<<8)) && keep)
+ continue;
+
+ /* ... and usable revocations... */
+ if ((node->flag & (1<<11)) && keep)
+ continue;
+
+ /* ... and sigs from unavailable keys. */
+ /* disabled for now since more people seem to want sigs from
+ unavailable keys removed altogether. */
+ /*
+ if(node->flag & (1<<12))
+ continue;
+ */
+
+ /* Everything else we delete */
+
+ /* At this point, if 12 is set, the signing key was unavailable.
+ If 9 or 10 is set, it's superseded. Otherwise, it's
+ invalid. */
+
+ if (noisy)
+ log_info ("removing signature from key %s on user ID \"%s\": %s\n",
+ keystr (node->pkt->pkt.signature->keyid),
+ uidnode->pkt->pkt.user_id->name,
+ node->flag&(1<<12)? "key unavailable":
+ node->flag&(1<<9)? "signature superseded"
+ /* */ :"invalid signature" );
+
+ delete_kbnode (node);
+ deleted++;
+ }
+
+ return deleted;
+}
+
+
+/* This is substantially easier than clean_sigs_from_uid since we just
+ have to establish if the uid has a valid self-sig, is not revoked,
+ and is not expired. Note that this does not take into account
+ whether the uid has a trust path to it - just whether the keyholder
+ themselves has certified the uid. Returns true if the uid was
+ compacted. To "compact" a user ID, we simply remove ALL signatures
+ except the self-sig that caused the user ID to be remove-worthy.
+ We don't actually remove the user ID packet itself since it might
+ be ressurected in a later merge. Note that this function requires
+ that the caller has already done a merge_keys_and_selfsig().
+
+ TODO: change the import code to allow importing a uid with only a
+ revocation if the uid already exists on the keyring. */
+
+static int
+clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
+{
+ kbnode_t node;
+ PKT_user_id *uid = uidnode->pkt->pkt.user_id;
+ int deleted = 0;
+
+ assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+ assert (uidnode->pkt->pkttype==PKT_USER_ID);
+
+ /* Skip valid user IDs, compacted user IDs, and non-self-signed user
+ IDs if --allow-non-selfsigned-uid is set. */
+ if (uid->created
+ || uid->flags.compacted
+ || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
+ return 0;
+
+ for (node=uidnode->next;
+ node && node->pkt->pkttype == PKT_SIGNATURE;
+ node=node->next)
+ {
+ if (!node->pkt->pkt.signature->flags.chosen_selfsig)
+ {
+ delete_kbnode (node);
+ deleted = 1;
+ uidnode->pkt->pkt.user_id->flags.compacted = 1;
+ }
+ }
+
+ if (noisy)
+ {
+ const char *reason;
+ char *user = utf8_to_native (uid->name, uid->len, 0);
+
+ if (uid->is_revoked)
+ reason = _("revoked");
+ else if (uid->is_expired)
+ reason = _("expired");
+ else
+ reason = _("invalid");
+
+ log_info ("compacting user ID \"%s\" on key %s: %s\n",
+ user, keystr_from_pk (keyblock->pkt->pkt.public_key),
+ reason);
+
+ xfree (user);
+ }
+
+ return deleted;
+}
+
+
+/* Needs to be called after a merge_keys_and_selfsig() */
+void
+clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
+ int *uids_cleaned, int *sigs_cleaned)
+{
+ int dummy;
+
+ assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+ assert (uidnode->pkt->pkttype==PKT_USER_ID);
+
+ if (!uids_cleaned)
+ uids_cleaned = &dummy;
+
+ if (!sigs_cleaned)
+ sigs_cleaned = &dummy;
+
+ /* Do clean_uid_from_key first since if it fires off, we don't have
+ to bother with the other. */
+ *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
+ if (!uidnode->pkt->pkt.user_id->flags.compacted)
+ *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
+}
+
+
+void
+clean_key (kbnode_t keyblock, int noisy, int self_only,
+ int *uids_cleaned, int *sigs_cleaned)
+{
+ kbnode_t uidnode;
+
+ merge_keys_and_selfsig (keyblock);
+
+ for (uidnode = keyblock->next;
+ uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ uidnode = uidnode->next)
+ {
+ if (uidnode->pkt->pkttype == PKT_USER_ID)
+ clean_one_uid (keyblock, uidnode,noisy, self_only,
+ uids_cleaned, sigs_cleaned);
+ }
+}
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 24ed9dffa..733fa79bb 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -42,20 +42,6 @@
#include "trustdb.h"
-/*
- * A structure to store key identification as well as some stuff needed
- * for validation
- */
-struct key_item {
- struct key_item *next;
- unsigned int ownertrust,min_ownertrust;
- byte trust_depth;
- byte trust_value;
- char *trust_regexp;
- u32 kid[2];
-};
-
-
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
/*
@@ -200,7 +186,7 @@ release_key_array ( struct key_array *keys )
* FIXME: Should be replaced by a function to add those keys to the trustdb.
*/
void
-register_trusted_keyid(u32 *keyid)
+tdb_register_trusted_keyid (u32 *keyid)
{
struct key_item *k;
@@ -212,7 +198,7 @@ register_trusted_keyid(u32 *keyid)
}
void
-register_trusted_key( const char *string )
+tdb_register_trusted_key( const char *string )
{
gpg_error_t err;
KEYDB_SEARCH_DESC desc;
@@ -308,9 +294,9 @@ verify_own_keys(void)
keystr(k->kid));
else
{
- update_ownertrust (&pk,
- ((get_ownertrust (&pk) & ~TRUST_MASK)
- | TRUST_ULTIMATE ));
+ tdb_update_ownertrust (&pk,
+ ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
+ | TRUST_ULTIMATE ));
release_public_key_parts (&pk);
}
@@ -483,96 +469,6 @@ init_trustdb()
}
-/***********************************************
- ************* Print helpers ****************
- ***********************************************/
-
-/****************
- * This function returns a letter for a trustvalue Trust flags
- * are ignore.
- */
-static int
-trust_letter (unsigned int value)
-{
- switch( (value & TRUST_MASK) )
- {
- case TRUST_UNKNOWN: return '-';
- case TRUST_EXPIRED: return 'e';
- case TRUST_UNDEFINED: return 'q';
- case TRUST_NEVER: return 'n';
- case TRUST_MARGINAL: return 'm';
- case TRUST_FULLY: return 'f';
- case TRUST_ULTIMATE: return 'u';
- default: return '?';
- }
-}
-
-const char *
-uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
-{
- if(!key && !uid)
-/* TRANSLATORS: these strings are similar to those in
- trust_value_to_string(), but are a fixed length. This is needed to
- make attractive information listings where columns line up
- properly. The value "10" should be the length of the strings you
- choose to translate to. This is the length in printable columns.
- It gets passed to atoi() so everything after the number is
- essentially a comment and need not be translated. Either key and
- uid are both NULL, or neither are NULL. */
- return _("10 translator see trustdb.c:uid_trust_string_fixed");
- else if(uid->is_revoked || (key && key->flags.revoked))
- return _("[ revoked]");
- else if(uid->is_expired)
- return _("[ expired]");
- else if(key)
- switch(get_validity(key,uid)&TRUST_MASK)
- {
- case TRUST_UNKNOWN: return _("[ unknown]");
- case TRUST_EXPIRED: return _("[ expired]");
- case TRUST_UNDEFINED: return _("[ undef ]");
- case TRUST_MARGINAL: return _("[marginal]");
- case TRUST_FULLY: return _("[ full ]");
- case TRUST_ULTIMATE: return _("[ultimate]");
- }
-
- return "err";
-}
-
-/* The strings here are similar to those in
- pkclist.c:do_edit_ownertrust() */
-const char *
-trust_value_to_string (unsigned int value)
-{
- switch( (value & TRUST_MASK) )
- {
- case TRUST_UNKNOWN: return _("unknown");
- case TRUST_EXPIRED: return _("expired");
- case TRUST_UNDEFINED: return _("undefined");
- case TRUST_NEVER: return _("never");
- case TRUST_MARGINAL: return _("marginal");
- case TRUST_FULLY: return _("full");
- case TRUST_ULTIMATE: return _("ultimate");
- default: return "err";
- }
-}
-
-int
-string_to_trust_value (const char *str)
-{
- if(ascii_strcasecmp(str,"undefined")==0)
- return TRUST_UNDEFINED;
- else if(ascii_strcasecmp(str,"never")==0)
- return TRUST_NEVER;
- else if(ascii_strcasecmp(str,"marginal")==0)
- return TRUST_MARGINAL;
- else if(ascii_strcasecmp(str,"full")==0)
- return TRUST_FULLY;
- else if(ascii_strcasecmp(str,"ultimate")==0)
- return TRUST_ULTIMATE;
- else
- return -1;
-}
-
/****************
* Recreate the WoT but do not ask for new ownertrusts. Special
* feature: In batch mode and without a forced yes, this is only done
@@ -626,7 +522,7 @@ update_trustdb()
}
void
-revalidation_mark (void)
+tdb_revalidation_mark (void)
{
init_trustdb();
/* we simply set the time for the next check to 1 (far back in 1970)
@@ -645,7 +541,7 @@ trustdb_pending_check(void)
/* If the trustdb is dirty, and we're interactive, update it.
Otherwise, check it unless no-auto-check-trustdb is set. */
void
-trustdb_check_or_update(void)
+tdb_check_or_update (void)
{
if(trustdb_pending_check())
{
@@ -718,7 +614,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
* The key should be the primary key.
*/
unsigned int
-get_ownertrust ( PKT_public_key *pk)
+tdb_get_ownertrust ( PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
@@ -735,8 +631,9 @@ get_ownertrust ( PKT_public_key *pk)
return rec.r.trust.ownertrust;
}
+
unsigned int
-get_min_ownertrust (PKT_public_key *pk)
+tdb_get_min_ownertrust (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
@@ -753,57 +650,13 @@ get_min_ownertrust (PKT_public_key *pk)
return rec.r.trust.min_ownertrust;
}
-/*
- * Same as get_ownertrust but this takes the minimum ownertrust value
- * into into account, and will bump up the value as needed.
- */
-static int
-get_ownertrust_with_min (PKT_public_key *pk)
-{
- unsigned int otrust,otrust_min;
-
- otrust = (get_ownertrust (pk) & TRUST_MASK);
- otrust_min = get_min_ownertrust (pk);
- if(otrust<otrust_min)
- {
- /* If the trust that the user has set is less than the trust
- that was calculated from a trust signature chain, use the
- higher of the two. We do this here and not in
- get_ownertrust since the underlying ownertrust should not
- really be set - just the appearance of the ownertrust. */
-
- otrust=otrust_min;
- }
-
- return otrust;
-}
-
-/*
- * Same as get_ownertrust but return a trust letter instead of an
- * value. This takes the minimum ownertrust value into account.
- */
-int
-get_ownertrust_info (PKT_public_key *pk)
-{
- return trust_letter(get_ownertrust_with_min(pk));
-}
-
-/*
- * Same as get_ownertrust but return a trust string instead of an
- * value. This takes the minimum ownertrust value into account.
- */
-const char *
-get_ownertrust_string (PKT_public_key *pk)
-{
- return trust_value_to_string(get_ownertrust_with_min(pk));
-}
/*
* Set the trust value of the given public key to the new value.
* The key should be a primary one.
*/
void
-update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
+tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
{
TRUSTREC rec;
int rc;
@@ -818,7 +671,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
{
rec.r.trust.ownertrust = new_trust;
write_record( &rec );
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
}
}
@@ -835,7 +688,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.ownertrust = new_trust;
write_record (&rec);
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
rc = 0;
}
@@ -872,7 +725,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
{
rec.r.trust.min_ownertrust = new_trust;
write_record( &rec );
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
}
}
@@ -889,7 +742,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.min_ownertrust = new_trust;
write_record (&rec);
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
rc = 0;
}
@@ -899,10 +752,11 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
}
}
+
/* Clear the ownertrust and min_ownertrust values. Return true if a
change actually happened. */
int
-clear_ownertrusts (PKT_public_key *pk)
+tdb_clear_ownertrusts (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
@@ -922,7 +776,7 @@ clear_ownertrusts (PKT_public_key *pk)
rec.r.trust.ownertrust = 0;
rec.r.trust.min_ownertrust = 0;
write_record( &rec );
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
return 1;
}
@@ -1000,7 +854,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
/* Return true if key is disabled. Note that this is usually used via
the pk_is_disabled macro. */
int
-cache_disabled_value (PKT_public_key *pk)
+tdb_cache_disabled_value (PKT_public_key *pk)
{
int rc;
TRUSTREC trec;
@@ -1032,8 +886,9 @@ cache_disabled_value (PKT_public_key *pk)
return disabled;
}
+
void
-check_trustdb_stale(void)
+tdb_check_trustdb_stale (void)
{
static int did_nextcheck=0;
@@ -1063,49 +918,26 @@ check_trustdb_stale(void)
}
/*
- * Return the validity information for PK. If the namehash is not
- * NULL, the validity of the corresponsing user ID is returned,
- * otherwise, a reasonable value for the entire key is returned.
+ * Return the validity information for PK. This is the core of
+ * get_validity.
*/
unsigned int
-get_validity (PKT_public_key *pk, PKT_user_id *uid)
+tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
+ PKT_public_key *main_pk)
{
TRUSTREC trec, vrec;
int rc;
ulong recno;
unsigned int validity;
- u32 kid[2];
- PKT_public_key *main_pk;
-
- if(uid)
- namehash_from_uid(uid);
init_trustdb ();
check_trustdb_stale();
- keyid_from_pk (pk, kid);
- if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
- { /* this is a subkey - get the mainkey */
- main_pk = xmalloc_clear (sizeof *main_pk);
- rc = get_pubkey (main_pk, pk->main_keyid);
- if (rc)
- {
- char *tempkeystr=xstrdup(keystr(pk->main_keyid));
- log_error ("error getting main key %s of subkey %s: %s\n",
- tempkeystr, keystr(kid), g10_errstr(rc));
- xfree(tempkeystr);
- validity = TRUST_UNKNOWN;
- goto leave;
- }
- }
- else
- main_pk = pk;
-
if(opt.trust_model==TM_DIRECT)
{
/* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */
- validity=get_ownertrust(main_pk);
+ validity = tdb_get_ownertrust (main_pk);
goto leave;
}
@@ -1161,51 +993,12 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
pk->flags.disabled_valid = 1;
leave:
- /* set some flags direct from the key */
- if (main_pk->flags.revoked)
- validity |= TRUST_FLAG_REVOKED;
- if (main_pk != pk && pk->flags.revoked)
- validity |= TRUST_FLAG_SUB_REVOKED;
- /* Note: expiration is a trust value and not a flag - don't know why
- * I initially designed it that way */
- if (main_pk->has_expired || pk->has_expired)
- validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
-
if (pending_check_trustdb)
validity |= TRUST_FLAG_PENDING_CHECK;
- if (main_pk != pk)
- free_public_key (main_pk);
return validity;
}
-int
-get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
-{
- int trustlevel;
-
- if (!pk)
- return '?'; /* Just in case a NULL PK is passed. */
-
- trustlevel = get_validity (pk, uid);
- if ( (trustlevel & TRUST_FLAG_REVOKED) )
- return 'r';
- return trust_letter (trustlevel);
-}
-
-const char *
-get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
-{
- int trustlevel;
-
- if (!pk)
- return "err"; /* Just in case a NULL PK is passed. */
-
- trustlevel = get_validity (pk, uid);
- if( trustlevel & TRUST_FLAG_REVOKED )
- return _("revoked");
- return trust_value_to_string(trustlevel);
-}
static void
get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
@@ -1318,14 +1111,14 @@ ask_ownertrust (u32 *kid,int minimum)
{
log_info("force trust for key %s to %s\n",
keystr(kid),trust_value_to_string(opt.force_ownertrust));
- update_ownertrust(pk,opt.force_ownertrust);
+ tdb_update_ownertrust (pk, opt.force_ownertrust);
ot=opt.force_ownertrust;
}
else
{
ot=edit_ownertrust(pk,0);
if(ot>0)
- ot = get_ownertrust (pk);
+ ot = tdb_get_ownertrust (pk);
else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED;
else
@@ -1427,365 +1220,6 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
do_sync ();
}
-/*
- * check whether the signature sig is in the klist k
- */
-static struct key_item *
-is_in_klist (struct key_item *k, PKT_signature *sig)
-{
- for (; k; k = k->next)
- {
- if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
- return k;
- }
- return NULL;
-}
-
-/*
- * Mark the signature of the given UID which are used to certify it.
- * To do this, we first revmove all signatures which are not valid and
- * from the remain ones we look for the latest one. If this is not a
- * certification revocation signature we mark the signature by setting
- * node flag bit 8. Revocations are marked with flag 11, and sigs
- * from unavailable keys are marked with flag 12. Note that flag bits
- * 9 and 10 are used for internal purposes.
- */
-static void
-mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
- u32 *main_kid, struct key_item *klist,
- u32 curtime, u32 *next_expire)
-{
- KBNODE node;
- PKT_signature *sig;
-
- /* first check all signatures */
- for (node=uidnode->next; node; node = node->next)
- {
- int rc;
-
- node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
- if (node->pkt->pkttype == PKT_USER_ID
- || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- break; /* ready */
- if (node->pkt->pkttype != PKT_SIGNATURE)
- continue;
- sig = node->pkt->pkt.signature;
- if (main_kid
- && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
- continue; /* ignore self-signatures if we pass in a main_kid */
- if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
- continue; /* we only look at these signature classes */
- if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
- sig->sig_class-0x10<opt.min_cert_level)
- continue; /* treat anything under our min_cert_level as an
- invalid signature */
- if (klist && !is_in_klist (klist, sig))
- continue; /* no need to check it then */
- if ((rc=check_key_signature (keyblock, node, NULL)))
- {
- /* we ignore anything that won't verify, but tag the
- no_pubkey case */
- if(rc==G10ERR_NO_PUBKEY)
- node->flag |= 1<<12;
- continue;
- }
- node->flag |= 1<<9;
- }
- /* reset the remaining flags */
- for (; node; node = node->next)
- node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
-
- /* kbnode flag usage: bit 9 is here set for signatures to consider,
- * bit 10 will be set by the loop to keep track of keyIDs already
- * processed, bit 8 will be set for the usable signatures, and bit
- * 11 will be set for usable revocations. */
-
- /* for each cert figure out the latest valid one */
- for (node=uidnode->next; node; node = node->next)
- {
- KBNODE n, signode;
- u32 kid[2];
- u32 sigdate;
-
- if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- break;
- if ( !(node->flag & (1<<9)) )
- continue; /* not a node to look at */
- if ( (node->flag & (1<<10)) )
- continue; /* signature with a keyID already processed */
- node->flag |= (1<<10); /* mark this node as processed */
- sig = node->pkt->pkt.signature;
- signode = node;
- sigdate = sig->timestamp;
- kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
-
- /* Now find the latest and greatest signature */
- for (n=uidnode->next; n; n = n->next)
- {
- if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- break;
- if ( !(n->flag & (1<<9)) )
- continue;
- if ( (n->flag & (1<<10)) )
- continue; /* shortcut already processed signatures */
- sig = n->pkt->pkt.signature;
- if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
- continue;
- n->flag |= (1<<10); /* mark this node as processed */
-
- /* If signode is nonrevocable and unexpired and n isn't,
- then take signode (skip). It doesn't matter which is
- older: if signode was older then we don't want to take n
- as signode is nonrevocable. If n was older then we're
- automatically fine. */
-
- if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
- !signode->pkt->pkt.signature->flags.revocable &&
- (signode->pkt->pkt.signature->expiredate==0 ||
- signode->pkt->pkt.signature->expiredate>curtime))) &&
- (!(IS_UID_SIG(n->pkt->pkt.signature) &&
- !n->pkt->pkt.signature->flags.revocable &&
- (n->pkt->pkt.signature->expiredate==0 ||
- n->pkt->pkt.signature->expiredate>curtime))))
- continue;
-
- /* If n is nonrevocable and unexpired and signode isn't,
- then take n. Again, it doesn't matter which is older: if
- n was older then we don't want to take signode as n is
- nonrevocable. If signode was older then we're
- automatically fine. */
-
- if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
- !signode->pkt->pkt.signature->flags.revocable &&
- (signode->pkt->pkt.signature->expiredate==0 ||
- signode->pkt->pkt.signature->expiredate>curtime))) &&
- ((IS_UID_SIG(n->pkt->pkt.signature) &&
- !n->pkt->pkt.signature->flags.revocable &&
- (n->pkt->pkt.signature->expiredate==0 ||
- n->pkt->pkt.signature->expiredate>curtime))))
- {
- signode = n;
- sigdate = sig->timestamp;
- continue;
- }
-
- /* At this point, if it's newer, it goes in as the only
- remaining possibilities are signode and n are both either
- revocable or expired or both nonrevocable and unexpired.
- If the timestamps are equal take the later ordered
- packet, presuming that the key packets are hopefully in
- their original order. */
-
- if (sig->timestamp >= sigdate)
- {
- signode = n;
- sigdate = sig->timestamp;
- }
- }
-
- sig = signode->pkt->pkt.signature;
- if (IS_UID_SIG (sig))
- { /* this seems to be a usable one which is not revoked.
- * Just need to check whether there is an expiration time,
- * We do the expired certification after finding a suitable
- * certification, the assumption is that a signator does not
- * want that after the expiration of his certificate the
- * system falls back to an older certification which has a
- * different expiration time */
- const byte *p;
- u32 expire;
-
- p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
- expire = p? sig->timestamp + buffer_to_u32(p) : 0;
-
- if (expire==0 || expire > curtime )
- {
- signode->flag |= (1<<8); /* yeah, found a good cert */
- if (next_expire && expire && expire < *next_expire)
- *next_expire = expire;
- }
- }
- else
- signode->flag |= (1<<11);
- }
-}
-
-static int
-clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
-{
- int deleted=0;
- KBNODE node;
- u32 keyid[2];
-
- assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
-
- keyid_from_pk(keyblock->pkt->pkt.public_key,keyid);
-
- /* Passing in a 0 for current time here means that we'll never weed
- out an expired sig. This is correct behavior since we want to
- keep the most recent expired sig in a series. */
- mark_usable_uid_certs(keyblock,uidnode,NULL,NULL,0,NULL);
-
- /* What we want to do here is remove signatures that are not
- considered as part of the trust calculations. Thus, all invalid
- signatures are out, as are any signatures that aren't the last of
- a series of uid sigs or revocations It breaks down like this:
- coming out of mark_usable_uid_certs, if a sig is unflagged, it is
- not even a candidate. If a sig has flag 9 or 10, that means it
- was selected as a candidate and vetted. If a sig has flag 8 it
- is a usable signature. If a sig has flag 11 it is a usable
- revocation. If a sig has flag 12 it was issued by an unavailable
- key. "Usable" here means the most recent valid
- signature/revocation in a series from a particular signer.
-
- Delete everything that isn't a usable uid sig (which might be
- expired), a usable revocation, or a sig from an unavailable
- key. */
-
- for(node=uidnode->next;
- node && node->pkt->pkttype==PKT_SIGNATURE;
- node=node->next)
- {
- int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0]
- && node->pkt->pkt.signature->keyid[1]==keyid[1]):1;
-
- /* Keep usable uid sigs ... */
- if((node->flag & (1<<8)) && keep)
- continue;
-
- /* ... and usable revocations... */
- if((node->flag & (1<<11)) && keep)
- continue;
-
- /* ... and sigs from unavailable keys. */
- /* disabled for now since more people seem to want sigs from
- unavailable keys removed altogether. */
- /*
- if(node->flag & (1<<12))
- continue;
- */
-
- /* Everything else we delete */
-
- /* At this point, if 12 is set, the signing key was unavailable.
- If 9 or 10 is set, it's superseded. Otherwise, it's
- invalid. */
-
- if(noisy)
- log_info("removing signature from key %s on user ID \"%s\": %s\n",
- keystr(node->pkt->pkt.signature->keyid),
- uidnode->pkt->pkt.user_id->name,
- node->flag&(1<<12)?"key unavailable":
- node->flag&(1<<9)?"signature superseded":"invalid signature");
-
- delete_kbnode(node);
- deleted++;
- }
-
- return deleted;
-}
-
-/* This is substantially easier than clean_sigs_from_uid since we just
- have to establish if the uid has a valid self-sig, is not revoked,
- and is not expired. Note that this does not take into account
- whether the uid has a trust path to it - just whether the keyholder
- themselves has certified the uid. Returns true if the uid was
- compacted. To "compact" a user ID, we simply remove ALL signatures
- except the self-sig that caused the user ID to be remove-worthy.
- We don't actually remove the user ID packet itself since it might
- be ressurected in a later merge. Note that this function requires
- that the caller has already done a merge_keys_and_selfsig().
-
- TODO: change the import code to allow importing a uid with only a
- revocation if the uid already exists on the keyring. */
-
-static int
-clean_uid_from_key(KBNODE keyblock,KBNODE uidnode,int noisy)
-{
- KBNODE node;
- PKT_user_id *uid=uidnode->pkt->pkt.user_id;
- int deleted=0;
-
- assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
- assert(uidnode->pkt->pkttype==PKT_USER_ID);
-
- /* Skip valid user IDs, compacted user IDs, and non-self-signed user
- IDs if --allow-non-selfsigned-uid is set. */
- if(uid->created || uid->flags.compacted
- || (!uid->is_expired && !uid->is_revoked
- && opt.allow_non_selfsigned_uid))
- return 0;
-
- for(node=uidnode->next;
- node && node->pkt->pkttype==PKT_SIGNATURE;
- node=node->next)
- if(!node->pkt->pkt.signature->flags.chosen_selfsig)
- {
- delete_kbnode(node);
- deleted=1;
- uidnode->pkt->pkt.user_id->flags.compacted=1;
- }
-
- if(noisy)
- {
- const char *reason;
- char *user=utf8_to_native(uid->name,uid->len,0);
-
- if(uid->is_revoked)
- reason=_("revoked");
- else if(uid->is_expired)
- reason=_("expired");
- else
- reason=_("invalid");
-
- log_info("compacting user ID \"%s\" on key %s: %s\n",
- user,keystr_from_pk(keyblock->pkt->pkt.public_key),
- reason);
-
- xfree(user);
- }
-
- return deleted;
-}
-
-/* Needs to be called after a merge_keys_and_selfsig() */
-void
-clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only,
- int *uids_cleaned,int *sigs_cleaned)
-{
- int dummy;
-
- assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
- assert(uidnode->pkt->pkttype==PKT_USER_ID);
-
- if(!uids_cleaned)
- uids_cleaned=&dummy;
-
- if(!sigs_cleaned)
- sigs_cleaned=&dummy;
-
- /* Do clean_uid_from_key first since if it fires off, we don't
- have to bother with the other */
- *uids_cleaned+=clean_uid_from_key(keyblock,uidnode,noisy);
- if(!uidnode->pkt->pkt.user_id->flags.compacted)
- *sigs_cleaned+=clean_sigs_from_uid(keyblock,uidnode,noisy,self_only);
-}
-
-void
-clean_key(KBNODE keyblock,int noisy,int self_only,
- int *uids_cleaned,int *sigs_cleaned)
-{
- KBNODE uidnode;
-
- merge_keys_and_selfsig(keyblock);
-
- for(uidnode=keyblock->next;
- uidnode && uidnode->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
- uidnode=uidnode->next)
- if(uidnode->pkt->pkttype==PKT_USER_ID)
- clean_one_uid(keyblock,uidnode,noisy,self_only,
- uids_cleaned,sigs_cleaned);
-}
/* Returns a sanitized copy of the regexp (which might be "", but not
NULL). */
@@ -2449,10 +1883,10 @@ validate_keys (int interactive)
k->kid[0]=kid[0];
k->kid[1]=kid[1];
k->ownertrust =
- (get_ownertrust (kar->keyblock->pkt->pkt.public_key)
- & TRUST_MASK);
- k->min_ownertrust =
- get_min_ownertrust(kar->keyblock->pkt->pkt.public_key);
+ (tdb_get_ownertrust
+ (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
+ k->min_ownertrust = tdb_get_min_ownertrust
+ (kar->keyblock->pkt->pkt.public_key);
k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value=
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 0a9ce335a..f190f72c1 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -38,30 +38,89 @@
#define NAMEHASH_LEN 20
+
+/*
+ * A structure to store key identification as well as some stuff needed
+ * for validation
+ */
+struct key_item {
+ struct key_item *next;
+ unsigned int ownertrust,min_ownertrust;
+ byte trust_depth;
+ byte trust_value;
+ char *trust_regexp;
+ u32 kid[2];
+};
+
+
+/*
+ * Check whether the signature SIG is in the klist K.
+ */
+static inline struct key_item *
+is_in_klist (struct key_item *k, PKT_signature *sig)
+{
+ for (; k; k = k->next)
+ {
+ if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
+ return k;
+ }
+ return NULL;
+}
+
+
+
+/*-- trust.c --*/
+int cache_disabled_value (PKT_public_key *pk);
+void register_trusted_keyid (u32 *keyid);
+void register_trusted_key (const char *string);
+
+const char *trust_value_to_string (unsigned int value);
+int string_to_trust_value (const char *str);
+const char *uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid);
+
+unsigned int get_ownertrust (PKT_public_key *pk);
+void update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
+int clear_ownertrusts (PKT_public_key *pk);
+
+void revalidation_mark (void);
+void check_trustdb_stale (void);
+void check_or_update_trustdb (void);
+
+unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid);
+int get_validity_info (PKT_public_key *pk, PKT_user_id *uid);
+const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid);
+
+void mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
+ u32 *main_kid, struct key_item *klist,
+ u32 curtime, u32 *next_expire);
+
+void clean_one_uid (kbnode_t keyblock, kbnode_t uidnode,
+ int noisy, int self_only,
+ int *uids_cleaned, int *sigs_cleaned);
+void clean_key (kbnode_t keyblock, int noisy, int self_only,
+ int *uids_cleaned,int *sigs_cleaned);
+
+
+
/*-- trustdb.c --*/
-void register_trusted_keyid(u32 *keyid);
-void register_trusted_key( const char *string );
+void tdb_register_trusted_keyid (u32 *keyid);
+void tdb_register_trusted_key (const char *string);
void check_trustdb (void);
void update_trustdb (void);
int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void);
void init_trustdb( void );
-void check_trustdb_stale(void);
+void tdb_check_trustdb_stale (void);
void sync_trustdb( void );
-const char *uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid);
-const char *trust_value_to_string (unsigned int value);
-int string_to_trust_value (const char *str);
-
-void revalidation_mark (void);
+void tdb_revalidation_mark (void);
int trustdb_pending_check(void);
-void trustdb_check_or_update(void);
+void tdb_check_or_update (void);
-int cache_disabled_value(PKT_public_key *pk);
+int tdb_cache_disabled_value (PKT_public_key *pk);
-unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid);
-int get_validity_info (PKT_public_key *pk, PKT_user_id *uid);
-const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid);
+unsigned int tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
+ PKT_public_key *main_pk);
void list_trust_path( const char *username );
int enum_cert_paths( void **context, ulong *lid,
@@ -73,18 +132,13 @@ void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level);
-unsigned int get_ownertrust (PKT_public_key *pk);
-unsigned int get_min_ownertrust (PKT_public_key *pk);
+unsigned int tdb_get_ownertrust (PKT_public_key *pk);
+unsigned int tdb_get_min_ownertrust (PKT_public_key *pk);
int get_ownertrust_info (PKT_public_key *pk);
const char *get_ownertrust_string (PKT_public_key *pk);
-void update_ownertrust (PKT_public_key *pk, unsigned int new_trust );
-int clear_ownertrusts (PKT_public_key *pk);
-
-void clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only,
- int *uids_cleaned,int *sigs_cleaned);
-void clean_key(KBNODE keyblock,int noisy,int self_only,
- int *uids_cleaned,int *sigs_cleaned);
+void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
+int tdb_clear_ownertrusts (PKT_public_key *pk);
/*-- tdbdump.c --*/
void list_trustdb(const char *username);
diff --git a/tests/openpgp/armencrypt.test b/tests/openpgp/armencrypt.test
index df3729410..ce1067e6b 100755
--- a/tests/openpgp/armencrypt.test
+++ b/tests/openpgp/armencrypt.test
@@ -12,7 +12,7 @@
#info Checking armored encryption
for i in $plain_files $data_files ; do
- $GPG --always-trust -ea -o x --yes -r "$usrname2" $i
+ $GPG ${opt_always} -ea -o x --yes -r "$usrname2" $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/tests/openpgp/armencryptp.test b/tests/openpgp/armencryptp.test
index 9246b6d27..dfebb4827 100755
--- a/tests/openpgp/armencryptp.test
+++ b/tests/openpgp/armencryptp.test
@@ -12,7 +12,7 @@
#info Checking armored encryption with a pipe
for i in $plain_files $data_files ; do
- $GPG --always-trust -ea --yes -r "$usrname2" < $i | tee x | $GPG -o y --yes
+ $GPG ${opt_always} -ea --yes -r "$usrname2" < $i | tee x | $GPG -o y --yes
cmp $i y || error "$i: mismatch"
$GPG --yes < x > y
cmp $i y || error "$i: mismatch"
diff --git a/tests/openpgp/armsignencrypt.test b/tests/openpgp/armsignencrypt.test
index 5b392df27..c50a12dc1 100755
--- a/tests/openpgp/armsignencrypt.test
+++ b/tests/openpgp/armsignencrypt.test
@@ -13,7 +13,7 @@
#info Checking armored signing and encryption
for i in $plain_files $data_files ; do
- echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust \
+ echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} \
-sae -o x --yes -r "$usrname2" $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index 49e085e8a..008d32a43 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -226,6 +226,15 @@ PINENTRY="$(cd $srcdir && /bin/pwd)/pinentry.sh"
# Default to empty passphrase for pinentry.sh
PINENTRY_USER_DATA=
+# If --check-trustdb is not an option, GPG has been build without
+# trust model support. Thus we can't use --always-trust and some
+# other options.
+if $GPG --dump-options | grep '^--check-trustdb$' >/dev/null ; then
+ opt_always="--always-trust"
+else
+ opt_always=
+fi
+
# Make sure we have a valid option files even with VPATH builds.
for f in gpg.conf gpg-agent.conf ; do
if [ -f ./$f ]; then
@@ -234,8 +243,10 @@ for f in gpg.conf gpg-agent.conf ; do
cat $srcdir/$f.tmpl >$f
case "$f" in
gpg.conf)
+ [ -n "${opt_always}" ] && echo "no-auto-check-trustdb" >>"$f"
echo "agent-program $GPG_AGENT" >>"$f"
- ;;
+
+ ;;
gpg-agent.conf)
echo "pinentry-program $PINENTRY" >>"$f"
;;
diff --git a/tests/openpgp/ecc.test b/tests/openpgp/ecc.test
index 01e1e0617..062a1ae0f 100755
--- a/tests/openpgp/ecc.test
+++ b/tests/openpgp/ecc.test
@@ -203,7 +203,7 @@ info "Checking ECC encryption and decryption."
for i in $plain_files $data_files ; do
for k in $mainkeyids ; do
info "file: $i key: $k"
- $GPG --always-trust -e -o x --yes -r $k $i
+ $GPG ${opt_always} -e -o x --yes -r $k $i
$GPG -o y --yes x
cmp $i y || error "$i,$k: mismatch"
done
diff --git a/tests/openpgp/encrypt-dsa.test b/tests/openpgp/encrypt-dsa.test
index 8ae93d817..7ce670ee0 100755
--- a/tests/openpgp/encrypt-dsa.test
+++ b/tests/openpgp/encrypt-dsa.test
@@ -12,7 +12,7 @@
#info Checking encryption
for i in $plain_files $data_files ; do
- $GPG --always-trust -e -o x --yes -r "$dsa_usrname2" $i
+ $GPG ${opt_always} -e -o x --yes -r "$dsa_usrname2" $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
done
@@ -20,7 +20,7 @@ done
for ca in `all_cipher_algos` ; do
progress "$ca"
for i in $plain_files $data_files ; do
- $GPG --always-trust --cipher-algo $ca -e \
+ $GPG ${opt_always} --cipher-algo $ca -e \
-o x --yes -r "$dsa_usrname2" $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
diff --git a/tests/openpgp/encrypt.test b/tests/openpgp/encrypt.test
index 5ef5196d8..295a6c3a9 100755
--- a/tests/openpgp/encrypt.test
+++ b/tests/openpgp/encrypt.test
@@ -12,7 +12,7 @@
#info Checking encryption
for i in $plain_files $data_files ; do
- $GPG --always-trust -e -o x --yes -r "$usrname2" $i
+ $GPG ${opt_always} -e -o x --yes -r "$usrname2" $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
done
@@ -21,7 +21,7 @@ echo_n " > "
for ca in `all_cipher_algos` ; do
echo_n "$ca "
for i in $plain_files $data_files ; do
- $GPG --always-trust -e -o x --yes -r "$usrname2" --cipher-algo $ca $i
+ $GPG ${opt_always} -e -o x --yes -r "$usrname2" --cipher-algo $ca $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/tests/openpgp/encryptp.test b/tests/openpgp/encryptp.test
index 984f56ab8..3ad7119dd 100755
--- a/tests/openpgp/encryptp.test
+++ b/tests/openpgp/encryptp.test
@@ -12,7 +12,7 @@
#info Checking encryption with a pipe
for i in $plain_files $data_files ; do
- $GPG --always-trust -e --yes -r "$usrname2" <$i | $GPG --yes > y
+ $GPG ${opt_always} -e --yes -r "$usrname2" <$i | $GPG --yes > y
cmp $i y || error "$i: mismatch"
done
diff --git a/tests/openpgp/gpg.conf.tmpl b/tests/openpgp/gpg.conf.tmpl
index 7060a6610..19f31808a 100644
--- a/tests/openpgp/gpg.conf.tmpl
+++ b/tests/openpgp/gpg.conf.tmpl
@@ -2,4 +2,3 @@ no-greeting
no-secmem-warning
no-permission-warning
batch
-no-auto-check-trustdb
diff --git a/tests/openpgp/seat.test b/tests/openpgp/seat.test
index 8a5f39904..b400e72dc 100755
--- a/tests/openpgp/seat.test
+++ b/tests/openpgp/seat.test
@@ -11,7 +11,7 @@
. $srcdir/defs.inc || exit 3
for i in $plain_files ; do
- echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust -seat \
+ echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} -seat \
-r [email protected] -o x --yes $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
diff --git a/tests/openpgp/signencrypt-dsa.test b/tests/openpgp/signencrypt-dsa.test
index dd724c97e..2fb2bb1aa 100755
--- a/tests/openpgp/signencrypt-dsa.test
+++ b/tests/openpgp/signencrypt-dsa.test
@@ -12,7 +12,7 @@
#info Checking signing and encryption for DSA
for i in $plain_files $data_files ; do
- $GPG --always-trust -se -o x --yes \
+ $GPG ${opt_always} -se -o x --yes \
-u "$dsa_usrname1" -r "$dsa_usrname2" $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
@@ -27,7 +27,7 @@ fi
for da in $algos; do
for i in $plain_files; do
- $GPG --always-trust -se -o x --yes --digest-algo $da \
+ $GPG ${opt_always} -se -o x --yes --digest-algo $da \
-u "$dsa_usrname1" -r "$dsa_usrname2" $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
diff --git a/tests/openpgp/signencrypt.test b/tests/openpgp/signencrypt.test
index 8ccbaf7ca..5644befa7 100755
--- a/tests/openpgp/signencrypt.test
+++ b/tests/openpgp/signencrypt.test
@@ -13,7 +13,7 @@
info "Checking signing and encryption"
for i in $plain_files $data_files ; do
- echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust \
+ echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} \
-se -o x --yes -r "$usrname2" $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 13:04:48 +0000