diff options
| -rw-r--r-- | g10/ChangeLog | 12 | ||||
| -rw-r--r-- | g10/g10.c | 4 | ||||
| -rw-r--r-- | g10/options.h | 4 | ||||
| -rw-r--r-- | g10/sign.c | 6 | ||||
| -rw-r--r-- | g10/tdbio.c | 12 | ||||
| -rw-r--r-- | g10/tdbio.h | 1 | ||||
| -rw-r--r-- | g10/trustdb.c | 55 |
7 files changed, 68 insertions, 26 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index f31fd4933..246fa7729 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,15 @@ +2003-04-26 David Shaw <[email protected]> + + * sign.c (do_sign): Show the hash used when making a signature in + verbose mode. + + * tdbio.h, tdbio.c (tdbio_read_model): New function to return the + trust model used in a given trustdb. + + * options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb, + update_trustdb): Use tdbio_read_model to implement an "auto" trust + model which is set via the trustdb. + 2003-04-23 David Shaw <[email protected]> * import.c (import_revoke_cert): Remove ultimate trust when @@ -1172,7 +1172,7 @@ main( int argc, char **argv ) opt.keyserver_options.include_subkeys=1; opt.keyserver_options.include_revoked=1; opt.keyserver_options.try_dns_srv=1; - opt.trust_model=TM_OPENPGP; + opt.trust_model=TM_AUTO; opt.mangle_dos_filenames = 1; #if defined (__MINGW32__) @@ -1493,6 +1493,8 @@ main( int argc, char **argv ) opt.trust_model=TM_CLASSIC; else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0) opt.trust_model=TM_ALWAYS; + else if(ascii_strcasecmp(pargs.r.ret_str,"auto")==0) + opt.trust_model=TM_AUTO; else log_error("unknown trust model \"%s\"\n",pargs.r.ret_str); break; diff --git a/g10/options.h b/g10/options.h index a2868e493..98dba2eeb 100644 --- a/g10/options.h +++ b/g10/options.h @@ -89,7 +89,9 @@ struct { int skip_verify; int compress_keys; int compress_sigs; - enum {TM_CLASSIC=0, TM_OPENPGP=1, TM_ALWAYS} trust_model; + /* TM_CLASSIC must be zero to accomodate trustdbs generated before + we started storing the trust model inside the trustdb. */ + enum {TM_CLASSIC=0, TM_OPENPGP=1, TM_ALWAYS, TM_AUTO} trust_model; unsigned int force_ownertrust; int pgp2; int pgp6; diff --git a/g10/sign.c b/g10/sign.c index 4463f66f5..2b56240e6 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -309,8 +309,10 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, else { if( opt.verbose ) { char *ustr = get_user_id_string_printable (sig->keyid); - log_info(_("%s signature from: \"%s\"\n"), - pubkey_algo_to_string(sk->pubkey_algo), ustr ); + log_info(_("%s/%s signature from: \"%s\"\n"), + pubkey_algo_to_string(sk->pubkey_algo), + digest_algo_to_string(sig->digest_algo), + ustr ); m_free(ustr); } } diff --git a/g10/tdbio.c b/g10/tdbio.c index 47dc51e2d..e331d1ada 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -669,6 +669,18 @@ tdbio_db_matches_options() return yes_no; } +byte +tdbio_read_model(void) +{ + TRUSTREC vr; + int rc; + + rc = tdbio_read_record( 0, &vr, RECTYPE_VER ); + if( rc ) + log_fatal( _("%s: error reading version record: %s\n"), + db_name, g10_errstr(rc) ); + return vr.r.ver.trust_model; +} /**************** * Return the nextstamp value. diff --git a/g10/tdbio.h b/g10/tdbio.h index 26503dc0d..aa2e950ee 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -99,6 +99,7 @@ void tdbio_dump_record( TRUSTREC *rec, FILE *fp ); int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ); int tdbio_write_record( TRUSTREC *rec ); int tdbio_db_matches_options(void); +byte tdbio_read_model(void); ulong tdbio_read_nextcheck (void); int tdbio_write_nextcheck (ulong stamp); int tdbio_is_dirty(void); diff --git a/g10/trustdb.c b/g10/trustdb.c index e8160f702..2a4751e1e 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -375,6 +375,17 @@ do_sync(void) } } +static const char * +trust_model_string(void) +{ + switch(opt.trust_model) + { + case TM_OPENPGP: return "OpenPGP"; + case TM_CLASSIC: return "classic"; + case TM_ALWAYS: return "always"; + default: return "unknown"; + } +} /**************** * Perform some checks over the trustdb @@ -425,8 +436,24 @@ init_trustdb() if( rc ) log_fatal("can't init trustdb: %s\n", g10_errstr(rc) ); - if(!tdbio_db_matches_options() - && (opt.trust_model==TM_CLASSIC || opt.trust_model==TM_OPENPGP)) + if(opt.trust_model==TM_AUTO) + { + /* Try and set the trust model off of whatever the trustdb says + it is. */ + + opt.trust_model=tdbio_read_model(); + if(opt.trust_model!=TM_CLASSIC && opt.trust_model!=TM_OPENPGP) + { + log_info(_("unable to use unknown trust model (%d) - " + "assuming OpenPGP trust model\n"),opt.trust_model); + opt.trust_model=TM_OPENPGP; + } + + if(opt.verbose) + log_info(_("using %s trust model\n"),trust_model_string()); + } + else if(!tdbio_db_matches_options() + && (opt.trust_model==TM_CLASSIC || opt.trust_model==TM_OPENPGP)) pending_check_trustdb=1; } @@ -475,18 +502,6 @@ trust_string (unsigned int value) } } -static const char * -trust_model_string(void) -{ - switch(opt.trust_model) - { - case TM_OPENPGP: return "OpenPGP"; - case TM_CLASSIC: return "classic"; - case TM_ALWAYS: return "always"; - default: return "unknown"; - } -} - /**************** * Recreate the WoT but do not ask for new ownertrusts. Special * feature: In batch mode and without a forced yes, this is only done @@ -495,9 +510,9 @@ trust_model_string(void) void check_trustdb () { + init_trustdb(); if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC) { - init_trustdb(); if (opt.batch && !opt.answer_yes) { ulong scheduled; @@ -531,11 +546,9 @@ check_trustdb () void update_trustdb() { + init_trustdb(); if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC) - { - init_trustdb(); - validate_keys (1); - } + validate_keys (1); else log_info (_("no need for a trustdb update with \"%s\" trust model\n"), trust_model_string()); @@ -1891,9 +1904,7 @@ validate_keys (int interactive) klist = utk_list; log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"), - opt.marginals_needed,opt.completes_needed, - opt.trust_model==TM_CLASSIC?"Classic": - opt.trust_model==TM_OPENPGP?"OpenPGP":"unknown"); + opt.marginals_needed,opt.completes_needed,trust_model_string()); for (depth=0; depth < opt.max_cert_depth; depth++) { |