aboutsummaryrefslogtreecommitdiffstats
path: root/g10/trustdb.c
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2014-02-10 16:05:54 +0000
committerWerner Koch <[email protected]>2014-02-10 16:46:40 +0000
commit62fb86c6589f7f74dad4741db31b3aefa0848420 (patch)
treed076e3a6f23760a10509f918b384a3d6897b67c2 /g10/trustdb.c
parenttests: Handle disabled algorithms. (diff)
downloadgnupg-62fb86c6589f7f74dad4741db31b3aefa0848420.tar.gz
gnupg-62fb86c6589f7f74dad4741db31b3aefa0848420.zip
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
Diffstat (limited to '')
-rw-r--r--g10/trustdb.c630
1 files changed, 32 insertions, 598 deletions
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 24ed9dffa..733fa79bb 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -42,20 +42,6 @@
#include "trustdb.h"
-/*
- * A structure to store key identification as well as some stuff needed
- * for validation
- */
-struct key_item {
- struct key_item *next;
- unsigned int ownertrust,min_ownertrust;
- byte trust_depth;
- byte trust_value;
- char *trust_regexp;
- u32 kid[2];
-};
-
-
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
/*
@@ -200,7 +186,7 @@ release_key_array ( struct key_array *keys )
* FIXME: Should be replaced by a function to add those keys to the trustdb.
*/
void
-register_trusted_keyid(u32 *keyid)
+tdb_register_trusted_keyid (u32 *keyid)
{
struct key_item *k;
@@ -212,7 +198,7 @@ register_trusted_keyid(u32 *keyid)
}
void
-register_trusted_key( const char *string )
+tdb_register_trusted_key( const char *string )
{
gpg_error_t err;
KEYDB_SEARCH_DESC desc;
@@ -308,9 +294,9 @@ verify_own_keys(void)
keystr(k->kid));
else
{
- update_ownertrust (&pk,
- ((get_ownertrust (&pk) & ~TRUST_MASK)
- | TRUST_ULTIMATE ));
+ tdb_update_ownertrust (&pk,
+ ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
+ | TRUST_ULTIMATE ));
release_public_key_parts (&pk);
}
@@ -483,96 +469,6 @@ init_trustdb()
}
-/***********************************************
- ************* Print helpers ****************
- ***********************************************/
-
-/****************
- * This function returns a letter for a trustvalue Trust flags
- * are ignore.
- */
-static int
-trust_letter (unsigned int value)
-{
- switch( (value & TRUST_MASK) )
- {
- case TRUST_UNKNOWN: return '-';
- case TRUST_EXPIRED: return 'e';
- case TRUST_UNDEFINED: return 'q';
- case TRUST_NEVER: return 'n';
- case TRUST_MARGINAL: return 'm';
- case TRUST_FULLY: return 'f';
- case TRUST_ULTIMATE: return 'u';
- default: return '?';
- }
-}
-
-const char *
-uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
-{
- if(!key && !uid)
-/* TRANSLATORS: these strings are similar to those in
- trust_value_to_string(), but are a fixed length. This is needed to
- make attractive information listings where columns line up
- properly. The value "10" should be the length of the strings you
- choose to translate to. This is the length in printable columns.
- It gets passed to atoi() so everything after the number is
- essentially a comment and need not be translated. Either key and
- uid are both NULL, or neither are NULL. */
- return _("10 translator see trustdb.c:uid_trust_string_fixed");
- else if(uid->is_revoked || (key && key->flags.revoked))
- return _("[ revoked]");
- else if(uid->is_expired)
- return _("[ expired]");
- else if(key)
- switch(get_validity(key,uid)&TRUST_MASK)
- {
- case TRUST_UNKNOWN: return _("[ unknown]");
- case TRUST_EXPIRED: return _("[ expired]");
- case TRUST_UNDEFINED: return _("[ undef ]");
- case TRUST_MARGINAL: return _("[marginal]");
- case TRUST_FULLY: return _("[ full ]");
- case TRUST_ULTIMATE: return _("[ultimate]");
- }
-
- return "err";
-}
-
-/* The strings here are similar to those in
- pkclist.c:do_edit_ownertrust() */
-const char *
-trust_value_to_string (unsigned int value)
-{
- switch( (value & TRUST_MASK) )
- {
- case TRUST_UNKNOWN: return _("unknown");
- case TRUST_EXPIRED: return _("expired");
- case TRUST_UNDEFINED: return _("undefined");
- case TRUST_NEVER: return _("never");
- case TRUST_MARGINAL: return _("marginal");
- case TRUST_FULLY: return _("full");
- case TRUST_ULTIMATE: return _("ultimate");
- default: return "err";
- }
-}
-
-int
-string_to_trust_value (const char *str)
-{
- if(ascii_strcasecmp(str,"undefined")==0)
- return TRUST_UNDEFINED;
- else if(ascii_strcasecmp(str,"never")==0)
- return TRUST_NEVER;
- else if(ascii_strcasecmp(str,"marginal")==0)
- return TRUST_MARGINAL;
- else if(ascii_strcasecmp(str,"full")==0)
- return TRUST_FULLY;
- else if(ascii_strcasecmp(str,"ultimate")==0)
- return TRUST_ULTIMATE;
- else
- return -1;
-}
-
/****************
* Recreate the WoT but do not ask for new ownertrusts. Special
* feature: In batch mode and without a forced yes, this is only done
@@ -626,7 +522,7 @@ update_trustdb()
}
void
-revalidation_mark (void)
+tdb_revalidation_mark (void)
{
init_trustdb();
/* we simply set the time for the next check to 1 (far back in 1970)
@@ -645,7 +541,7 @@ trustdb_pending_check(void)
/* If the trustdb is dirty, and we're interactive, update it.
Otherwise, check it unless no-auto-check-trustdb is set. */
void
-trustdb_check_or_update(void)
+tdb_check_or_update (void)
{
if(trustdb_pending_check())
{
@@ -718,7 +614,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
* The key should be the primary key.
*/
unsigned int
-get_ownertrust ( PKT_public_key *pk)
+tdb_get_ownertrust ( PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
@@ -735,8 +631,9 @@ get_ownertrust ( PKT_public_key *pk)
return rec.r.trust.ownertrust;
}
+
unsigned int
-get_min_ownertrust (PKT_public_key *pk)
+tdb_get_min_ownertrust (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
@@ -753,57 +650,13 @@ get_min_ownertrust (PKT_public_key *pk)
return rec.r.trust.min_ownertrust;
}
-/*
- * Same as get_ownertrust but this takes the minimum ownertrust value
- * into into account, and will bump up the value as needed.
- */
-static int
-get_ownertrust_with_min (PKT_public_key *pk)
-{
- unsigned int otrust,otrust_min;
-
- otrust = (get_ownertrust (pk) & TRUST_MASK);
- otrust_min = get_min_ownertrust (pk);
- if(otrust<otrust_min)
- {
- /* If the trust that the user has set is less than the trust
- that was calculated from a trust signature chain, use the
- higher of the two. We do this here and not in
- get_ownertrust since the underlying ownertrust should not
- really be set - just the appearance of the ownertrust. */
-
- otrust=otrust_min;
- }
-
- return otrust;
-}
-
-/*
- * Same as get_ownertrust but return a trust letter instead of an
- * value. This takes the minimum ownertrust value into account.
- */
-int
-get_ownertrust_info (PKT_public_key *pk)
-{
- return trust_letter(get_ownertrust_with_min(pk));
-}
-
-/*
- * Same as get_ownertrust but return a trust string instead of an
- * value. This takes the minimum ownertrust value into account.
- */
-const char *
-get_ownertrust_string (PKT_public_key *pk)
-{
- return trust_value_to_string(get_ownertrust_with_min(pk));
-}
/*
* Set the trust value of the given public key to the new value.
* The key should be a primary one.
*/
void
-update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
+tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
{
TRUSTREC rec;
int rc;
@@ -818,7 +671,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
{
rec.r.trust.ownertrust = new_trust;
write_record( &rec );
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
}
}
@@ -835,7 +688,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.ownertrust = new_trust;
write_record (&rec);
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
rc = 0;
}
@@ -872,7 +725,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
{
rec.r.trust.min_ownertrust = new_trust;
write_record( &rec );
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
}
}
@@ -889,7 +742,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.min_ownertrust = new_trust;
write_record (&rec);
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
rc = 0;
}
@@ -899,10 +752,11 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
}
}
+
/* Clear the ownertrust and min_ownertrust values. Return true if a
change actually happened. */
int
-clear_ownertrusts (PKT_public_key *pk)
+tdb_clear_ownertrusts (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
@@ -922,7 +776,7 @@ clear_ownertrusts (PKT_public_key *pk)
rec.r.trust.ownertrust = 0;
rec.r.trust.min_ownertrust = 0;
write_record( &rec );
- revalidation_mark ();
+ tdb_revalidation_mark ();
do_sync ();
return 1;
}
@@ -1000,7 +854,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
/* Return true if key is disabled. Note that this is usually used via
the pk_is_disabled macro. */
int
-cache_disabled_value (PKT_public_key *pk)
+tdb_cache_disabled_value (PKT_public_key *pk)
{
int rc;
TRUSTREC trec;
@@ -1032,8 +886,9 @@ cache_disabled_value (PKT_public_key *pk)
return disabled;
}
+
void
-check_trustdb_stale(void)
+tdb_check_trustdb_stale (void)
{
static int did_nextcheck=0;
@@ -1063,49 +918,26 @@ check_trustdb_stale(void)
}
/*
- * Return the validity information for PK. If the namehash is not
- * NULL, the validity of the corresponsing user ID is returned,
- * otherwise, a reasonable value for the entire key is returned.
+ * Return the validity information for PK. This is the core of
+ * get_validity.
*/
unsigned int
-get_validity (PKT_public_key *pk, PKT_user_id *uid)
+tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
+ PKT_public_key *main_pk)
{
TRUSTREC trec, vrec;
int rc;
ulong recno;
unsigned int validity;
- u32 kid[2];
- PKT_public_key *main_pk;
-
- if(uid)
- namehash_from_uid(uid);
init_trustdb ();
check_trustdb_stale();
- keyid_from_pk (pk, kid);
- if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
- { /* this is a subkey - get the mainkey */
- main_pk = xmalloc_clear (sizeof *main_pk);
- rc = get_pubkey (main_pk, pk->main_keyid);
- if (rc)
- {
- char *tempkeystr=xstrdup(keystr(pk->main_keyid));
- log_error ("error getting main key %s of subkey %s: %s\n",
- tempkeystr, keystr(kid), g10_errstr(rc));
- xfree(tempkeystr);
- validity = TRUST_UNKNOWN;
- goto leave;
- }
- }
- else
- main_pk = pk;
-
if(opt.trust_model==TM_DIRECT)
{
/* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */
- validity=get_ownertrust(main_pk);
+ validity = tdb_get_ownertrust (main_pk);
goto leave;
}
@@ -1161,51 +993,12 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
pk->flags.disabled_valid = 1;
leave:
- /* set some flags direct from the key */
- if (main_pk->flags.revoked)
- validity |= TRUST_FLAG_REVOKED;
- if (main_pk != pk && pk->flags.revoked)
- validity |= TRUST_FLAG_SUB_REVOKED;
- /* Note: expiration is a trust value and not a flag - don't know why
- * I initially designed it that way */
- if (main_pk->has_expired || pk->has_expired)
- validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
-
if (pending_check_trustdb)
validity |= TRUST_FLAG_PENDING_CHECK;
- if (main_pk != pk)
- free_public_key (main_pk);
return validity;
}
-int
-get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
-{
- int trustlevel;
-
- if (!pk)
- return '?'; /* Just in case a NULL PK is passed. */
-
- trustlevel = get_validity (pk, uid);
- if ( (trustlevel & TRUST_FLAG_REVOKED) )
- return 'r';
- return trust_letter (trustlevel);
-}
-
-const char *
-get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
-{
- int trustlevel;
-
- if (!pk)
- return "err"; /* Just in case a NULL PK is passed. */
-
- trustlevel = get_validity (pk, uid);
- if( trustlevel & TRUST_FLAG_REVOKED )
- return _("revoked");
- return trust_value_to_string(trustlevel);
-}
static void
get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
@@ -1318,14 +1111,14 @@ ask_ownertrust (u32 *kid,int minimum)
{
log_info("force trust for key %s to %s\n",
keystr(kid),trust_value_to_string(opt.force_ownertrust));
- update_ownertrust(pk,opt.force_ownertrust);
+ tdb_update_ownertrust (pk, opt.force_ownertrust);
ot=opt.force_ownertrust;
}
else
{
ot=edit_ownertrust(pk,0);
if(ot>0)
- ot = get_ownertrust (pk);
+ ot = tdb_get_ownertrust (pk);
else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED;
else
@@ -1427,365 +1220,6 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
do_sync ();
}
-/*
- * check whether the signature sig is in the klist k
- */
-static struct key_item *
-is_in_klist (struct key_item *k, PKT_signature *sig)
-{
- for (; k; k = k->next)
- {
- if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
- return k;
- }
- return NULL;
-}
-
-/*
- * Mark the signature of the given UID which are used to certify it.
- * To do this, we first revmove all signatures which are not valid and
- * from the remain ones we look for the latest one. If this is not a
- * certification revocation signature we mark the signature by setting
- * node flag bit 8. Revocations are marked with flag 11, and sigs
- * from unavailable keys are marked with flag 12. Note that flag bits
- * 9 and 10 are used for internal purposes.
- */
-static void
-mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
- u32 *main_kid, struct key_item *klist,
- u32 curtime, u32 *next_expire)
-{
- KBNODE node;
- PKT_signature *sig;
-
- /* first check all signatures */
- for (node=uidnode->next; node; node = node->next)
- {
- int rc;
-
- node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
- if (node->pkt->pkttype == PKT_USER_ID
- || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- break; /* ready */
- if (node->pkt->pkttype != PKT_SIGNATURE)
- continue;
- sig = node->pkt->pkt.signature;
- if (main_kid
- && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
- continue; /* ignore self-signatures if we pass in a main_kid */
- if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
- continue; /* we only look at these signature classes */
- if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
- sig->sig_class-0x10<opt.min_cert_level)
- continue; /* treat anything under our min_cert_level as an
- invalid signature */
- if (klist && !is_in_klist (klist, sig))
- continue; /* no need to check it then */
- if ((rc=check_key_signature (keyblock, node, NULL)))
- {
- /* we ignore anything that won't verify, but tag the
- no_pubkey case */
- if(rc==G10ERR_NO_PUBKEY)
- node->flag |= 1<<12;
- continue;
- }
- node->flag |= 1<<9;
- }
- /* reset the remaining flags */
- for (; node; node = node->next)
- node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
-
- /* kbnode flag usage: bit 9 is here set for signatures to consider,
- * bit 10 will be set by the loop to keep track of keyIDs already
- * processed, bit 8 will be set for the usable signatures, and bit
- * 11 will be set for usable revocations. */
-
- /* for each cert figure out the latest valid one */
- for (node=uidnode->next; node; node = node->next)
- {
- KBNODE n, signode;
- u32 kid[2];
- u32 sigdate;
-
- if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- break;
- if ( !(node->flag & (1<<9)) )
- continue; /* not a node to look at */
- if ( (node->flag & (1<<10)) )
- continue; /* signature with a keyID already processed */
- node->flag |= (1<<10); /* mark this node as processed */
- sig = node->pkt->pkt.signature;
- signode = node;
- sigdate = sig->timestamp;
- kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
-
- /* Now find the latest and greatest signature */
- for (n=uidnode->next; n; n = n->next)
- {
- if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- break;
- if ( !(n->flag & (1<<9)) )
- continue;
- if ( (n->flag & (1<<10)) )
- continue; /* shortcut already processed signatures */
- sig = n->pkt->pkt.signature;
- if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
- continue;
- n->flag |= (1<<10); /* mark this node as processed */
-
- /* If signode is nonrevocable and unexpired and n isn't,
- then take signode (skip). It doesn't matter which is
- older: if signode was older then we don't want to take n
- as signode is nonrevocable. If n was older then we're
- automatically fine. */
-
- if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
- !signode->pkt->pkt.signature->flags.revocable &&
- (signode->pkt->pkt.signature->expiredate==0 ||
- signode->pkt->pkt.signature->expiredate>curtime))) &&
- (!(IS_UID_SIG(n->pkt->pkt.signature) &&
- !n->pkt->pkt.signature->flags.revocable &&
- (n->pkt->pkt.signature->expiredate==0 ||
- n->pkt->pkt.signature->expiredate>curtime))))
- continue;
-
- /* If n is nonrevocable and unexpired and signode isn't,
- then take n. Again, it doesn't matter which is older: if
- n was older then we don't want to take signode as n is
- nonrevocable. If signode was older then we're
- automatically fine. */
-
- if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
- !signode->pkt->pkt.signature->flags.revocable &&
- (signode->pkt->pkt.signature->expiredate==0 ||
- signode->pkt->pkt.signature->expiredate>curtime))) &&
- ((IS_UID_SIG(n->pkt->pkt.signature) &&
- !n->pkt->pkt.signature->flags.revocable &&
- (n->pkt->pkt.signature->expiredate==0 ||
- n->pkt->pkt.signature->expiredate>curtime))))
- {
- signode = n;
- sigdate = sig->timestamp;
- continue;
- }
-
- /* At this point, if it's newer, it goes in as the only
- remaining possibilities are signode and n are both either
- revocable or expired or both nonrevocable and unexpired.
- If the timestamps are equal take the later ordered
- packet, presuming that the key packets are hopefully in
- their original order. */
-
- if (sig->timestamp >= sigdate)
- {
- signode = n;
- sigdate = sig->timestamp;
- }
- }
-
- sig = signode->pkt->pkt.signature;
- if (IS_UID_SIG (sig))
- { /* this seems to be a usable one which is not revoked.
- * Just need to check whether there is an expiration time,
- * We do the expired certification after finding a suitable
- * certification, the assumption is that a signator does not
- * want that after the expiration of his certificate the
- * system falls back to an older certification which has a
- * different expiration time */
- const byte *p;
- u32 expire;
-
- p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
- expire = p? sig->timestamp + buffer_to_u32(p) : 0;
-
- if (expire==0 || expire > curtime )
- {
- signode->flag |= (1<<8); /* yeah, found a good cert */
- if (next_expire && expire && expire < *next_expire)
- *next_expire = expire;
- }
- }
- else
- signode->flag |= (1<<11);
- }
-}
-
-static int
-clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
-{
- int deleted=0;
- KBNODE node;
- u32 keyid[2];
-
- assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
-
- keyid_from_pk(keyblock->pkt->pkt.public_key,keyid);
-
- /* Passing in a 0 for current time here means that we'll never weed
- out an expired sig. This is correct behavior since we want to
- keep the most recent expired sig in a series. */
- mark_usable_uid_certs(keyblock,uidnode,NULL,NULL,0,NULL);
-
- /* What we want to do here is remove signatures that are not
- considered as part of the trust calculations. Thus, all invalid
- signatures are out, as are any signatures that aren't the last of
- a series of uid sigs or revocations It breaks down like this:
- coming out of mark_usable_uid_certs, if a sig is unflagged, it is
- not even a candidate. If a sig has flag 9 or 10, that means it
- was selected as a candidate and vetted. If a sig has flag 8 it
- is a usable signature. If a sig has flag 11 it is a usable
- revocation. If a sig has flag 12 it was issued by an unavailable
- key. "Usable" here means the most recent valid
- signature/revocation in a series from a particular signer.
-
- Delete everything that isn't a usable uid sig (which might be
- expired), a usable revocation, or a sig from an unavailable
- key. */
-
- for(node=uidnode->next;
- node && node->pkt->pkttype==PKT_SIGNATURE;
- node=node->next)
- {
- int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0]
- && node->pkt->pkt.signature->keyid[1]==keyid[1]):1;
-
- /* Keep usable uid sigs ... */
- if((node->flag & (1<<8)) && keep)
- continue;
-
- /* ... and usable revocations... */
- if((node->flag & (1<<11)) && keep)
- continue;
-
- /* ... and sigs from unavailable keys. */
- /* disabled for now since more people seem to want sigs from
- unavailable keys removed altogether. */
- /*
- if(node->flag & (1<<12))
- continue;
- */
-
- /* Everything else we delete */
-
- /* At this point, if 12 is set, the signing key was unavailable.
- If 9 or 10 is set, it's superseded. Otherwise, it's
- invalid. */
-
- if(noisy)
- log_info("removing signature from key %s on user ID \"%s\": %s\n",
- keystr(node->pkt->pkt.signature->keyid),
- uidnode->pkt->pkt.user_id->name,
- node->flag&(1<<12)?"key unavailable":
- node->flag&(1<<9)?"signature superseded":"invalid signature");
-
- delete_kbnode(node);
- deleted++;
- }
-
- return deleted;
-}
-
-/* This is substantially easier than clean_sigs_from_uid since we just
- have to establish if the uid has a valid self-sig, is not revoked,
- and is not expired. Note that this does not take into account
- whether the uid has a trust path to it - just whether the keyholder
- themselves has certified the uid. Returns true if the uid was
- compacted. To "compact" a user ID, we simply remove ALL signatures
- except the self-sig that caused the user ID to be remove-worthy.
- We don't actually remove the user ID packet itself since it might
- be ressurected in a later merge. Note that this function requires
- that the caller has already done a merge_keys_and_selfsig().
-
- TODO: change the import code to allow importing a uid with only a
- revocation if the uid already exists on the keyring. */
-
-static int
-clean_uid_from_key(KBNODE keyblock,KBNODE uidnode,int noisy)
-{
- KBNODE node;
- PKT_user_id *uid=uidnode->pkt->pkt.user_id;
- int deleted=0;
-
- assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
- assert(uidnode->pkt->pkttype==PKT_USER_ID);
-
- /* Skip valid user IDs, compacted user IDs, and non-self-signed user
- IDs if --allow-non-selfsigned-uid is set. */
- if(uid->created || uid->flags.compacted
- || (!uid->is_expired && !uid->is_revoked
- && opt.allow_non_selfsigned_uid))
- return 0;
-
- for(node=uidnode->next;
- node && node->pkt->pkttype==PKT_SIGNATURE;
- node=node->next)
- if(!node->pkt->pkt.signature->flags.chosen_selfsig)
- {
- delete_kbnode(node);
- deleted=1;
- uidnode->pkt->pkt.user_id->flags.compacted=1;
- }
-
- if(noisy)
- {
- const char *reason;
- char *user=utf8_to_native(uid->name,uid->len,0);
-
- if(uid->is_revoked)
- reason=_("revoked");
- else if(uid->is_expired)
- reason=_("expired");
- else
- reason=_("invalid");
-
- log_info("compacting user ID \"%s\" on key %s: %s\n",
- user,keystr_from_pk(keyblock->pkt->pkt.public_key),
- reason);
-
- xfree(user);
- }
-
- return deleted;
-}
-
-/* Needs to be called after a merge_keys_and_selfsig() */
-void
-clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only,
- int *uids_cleaned,int *sigs_cleaned)
-{
- int dummy;
-
- assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
- assert(uidnode->pkt->pkttype==PKT_USER_ID);
-
- if(!uids_cleaned)
- uids_cleaned=&dummy;
-
- if(!sigs_cleaned)
- sigs_cleaned=&dummy;
-
- /* Do clean_uid_from_key first since if it fires off, we don't
- have to bother with the other */
- *uids_cleaned+=clean_uid_from_key(keyblock,uidnode,noisy);
- if(!uidnode->pkt->pkt.user_id->flags.compacted)
- *sigs_cleaned+=clean_sigs_from_uid(keyblock,uidnode,noisy,self_only);
-}
-
-void
-clean_key(KBNODE keyblock,int noisy,int self_only,
- int *uids_cleaned,int *sigs_cleaned)
-{
- KBNODE uidnode;
-
- merge_keys_and_selfsig(keyblock);
-
- for(uidnode=keyblock->next;
- uidnode && uidnode->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
- uidnode=uidnode->next)
- if(uidnode->pkt->pkttype==PKT_USER_ID)
- clean_one_uid(keyblock,uidnode,noisy,self_only,
- uids_cleaned,sigs_cleaned);
-}
/* Returns a sanitized copy of the regexp (which might be "", but not
NULL). */
@@ -2449,10 +1883,10 @@ validate_keys (int interactive)
k->kid[0]=kid[0];
k->kid[1]=kid[1];
k->ownertrust =
- (get_ownertrust (kar->keyblock->pkt->pkt.public_key)
- & TRUST_MASK);
- k->min_ownertrust =
- get_min_ownertrust(kar->keyblock->pkt->pkt.public_key);
+ (tdb_get_ownertrust
+ (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
+ k->min_ownertrust = tdb_get_min_ownertrust
+ (kar->keyblock->pkt->pkt.public_key);
k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value=
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 15:19:39 +0000