diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/trustdb.c | 630 |
1 files changed, 32 insertions, 598 deletions
diff --git a/g10/trustdb.c b/g10/trustdb.c index 24ed9dffa..733fa79bb 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -42,20 +42,6 @@ #include "trustdb.h" -/* - * A structure to store key identification as well as some stuff needed - * for validation - */ -struct key_item { - struct key_item *next; - unsigned int ownertrust,min_ownertrust; - byte trust_depth; - byte trust_value; - char *trust_regexp; - u32 kid[2]; -}; - - typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */ /* @@ -200,7 +186,7 @@ release_key_array ( struct key_array *keys ) * FIXME: Should be replaced by a function to add those keys to the trustdb. */ void -register_trusted_keyid(u32 *keyid) +tdb_register_trusted_keyid (u32 *keyid) { struct key_item *k; @@ -212,7 +198,7 @@ register_trusted_keyid(u32 *keyid) } void -register_trusted_key( const char *string ) +tdb_register_trusted_key( const char *string ) { gpg_error_t err; KEYDB_SEARCH_DESC desc; @@ -308,9 +294,9 @@ verify_own_keys(void) keystr(k->kid)); else { - update_ownertrust (&pk, - ((get_ownertrust (&pk) & ~TRUST_MASK) - | TRUST_ULTIMATE )); + tdb_update_ownertrust (&pk, + ((tdb_get_ownertrust (&pk) & ~TRUST_MASK) + | TRUST_ULTIMATE )); release_public_key_parts (&pk); } @@ -483,96 +469,6 @@ init_trustdb() } -/*********************************************** - ************* Print helpers **************** - ***********************************************/ - -/**************** - * This function returns a letter for a trustvalue Trust flags - * are ignore. - */ -static int -trust_letter (unsigned int value) -{ - switch( (value & TRUST_MASK) ) - { - case TRUST_UNKNOWN: return '-'; - case TRUST_EXPIRED: return 'e'; - case TRUST_UNDEFINED: return 'q'; - case TRUST_NEVER: return 'n'; - case TRUST_MARGINAL: return 'm'; - case TRUST_FULLY: return 'f'; - case TRUST_ULTIMATE: return 'u'; - default: return '?'; - } -} - -const char * -uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid) -{ - if(!key && !uid) -/* TRANSLATORS: these strings are similar to those in - trust_value_to_string(), but are a fixed length. This is needed to - make attractive information listings where columns line up - properly. The value "10" should be the length of the strings you - choose to translate to. This is the length in printable columns. - It gets passed to atoi() so everything after the number is - essentially a comment and need not be translated. Either key and - uid are both NULL, or neither are NULL. */ - return _("10 translator see trustdb.c:uid_trust_string_fixed"); - else if(uid->is_revoked || (key && key->flags.revoked)) - return _("[ revoked]"); - else if(uid->is_expired) - return _("[ expired]"); - else if(key) - switch(get_validity(key,uid)&TRUST_MASK) - { - case TRUST_UNKNOWN: return _("[ unknown]"); - case TRUST_EXPIRED: return _("[ expired]"); - case TRUST_UNDEFINED: return _("[ undef ]"); - case TRUST_MARGINAL: return _("[marginal]"); - case TRUST_FULLY: return _("[ full ]"); - case TRUST_ULTIMATE: return _("[ultimate]"); - } - - return "err"; -} - -/* The strings here are similar to those in - pkclist.c:do_edit_ownertrust() */ -const char * -trust_value_to_string (unsigned int value) -{ - switch( (value & TRUST_MASK) ) - { - case TRUST_UNKNOWN: return _("unknown"); - case TRUST_EXPIRED: return _("expired"); - case TRUST_UNDEFINED: return _("undefined"); - case TRUST_NEVER: return _("never"); - case TRUST_MARGINAL: return _("marginal"); - case TRUST_FULLY: return _("full"); - case TRUST_ULTIMATE: return _("ultimate"); - default: return "err"; - } -} - -int -string_to_trust_value (const char *str) -{ - if(ascii_strcasecmp(str,"undefined")==0) - return TRUST_UNDEFINED; - else if(ascii_strcasecmp(str,"never")==0) - return TRUST_NEVER; - else if(ascii_strcasecmp(str,"marginal")==0) - return TRUST_MARGINAL; - else if(ascii_strcasecmp(str,"full")==0) - return TRUST_FULLY; - else if(ascii_strcasecmp(str,"ultimate")==0) - return TRUST_ULTIMATE; - else - return -1; -} - /**************** * Recreate the WoT but do not ask for new ownertrusts. Special * feature: In batch mode and without a forced yes, this is only done @@ -626,7 +522,7 @@ update_trustdb() } void -revalidation_mark (void) +tdb_revalidation_mark (void) { init_trustdb(); /* we simply set the time for the next check to 1 (far back in 1970) @@ -645,7 +541,7 @@ trustdb_pending_check(void) /* If the trustdb is dirty, and we're interactive, update it. Otherwise, check it unless no-auto-check-trustdb is set. */ void -trustdb_check_or_update(void) +tdb_check_or_update (void) { if(trustdb_pending_check()) { @@ -718,7 +614,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec) * The key should be the primary key. */ unsigned int -get_ownertrust ( PKT_public_key *pk) +tdb_get_ownertrust ( PKT_public_key *pk) { TRUSTREC rec; int rc; @@ -735,8 +631,9 @@ get_ownertrust ( PKT_public_key *pk) return rec.r.trust.ownertrust; } + unsigned int -get_min_ownertrust (PKT_public_key *pk) +tdb_get_min_ownertrust (PKT_public_key *pk) { TRUSTREC rec; int rc; @@ -753,57 +650,13 @@ get_min_ownertrust (PKT_public_key *pk) return rec.r.trust.min_ownertrust; } -/* - * Same as get_ownertrust but this takes the minimum ownertrust value - * into into account, and will bump up the value as needed. - */ -static int -get_ownertrust_with_min (PKT_public_key *pk) -{ - unsigned int otrust,otrust_min; - - otrust = (get_ownertrust (pk) & TRUST_MASK); - otrust_min = get_min_ownertrust (pk); - if(otrust<otrust_min) - { - /* If the trust that the user has set is less than the trust - that was calculated from a trust signature chain, use the - higher of the two. We do this here and not in - get_ownertrust since the underlying ownertrust should not - really be set - just the appearance of the ownertrust. */ - - otrust=otrust_min; - } - - return otrust; -} - -/* - * Same as get_ownertrust but return a trust letter instead of an - * value. This takes the minimum ownertrust value into account. - */ -int -get_ownertrust_info (PKT_public_key *pk) -{ - return trust_letter(get_ownertrust_with_min(pk)); -} - -/* - * Same as get_ownertrust but return a trust string instead of an - * value. This takes the minimum ownertrust value into account. - */ -const char * -get_ownertrust_string (PKT_public_key *pk) -{ - return trust_value_to_string(get_ownertrust_with_min(pk)); -} /* * Set the trust value of the given public key to the new value. * The key should be a primary one. */ void -update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) +tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) { TRUSTREC rec; int rc; @@ -818,7 +671,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) { rec.r.trust.ownertrust = new_trust; write_record( &rec ); - revalidation_mark (); + tdb_revalidation_mark (); do_sync (); } } @@ -835,7 +688,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy); rec.r.trust.ownertrust = new_trust; write_record (&rec); - revalidation_mark (); + tdb_revalidation_mark (); do_sync (); rc = 0; } @@ -872,7 +725,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust ) { rec.r.trust.min_ownertrust = new_trust; write_record( &rec ); - revalidation_mark (); + tdb_revalidation_mark (); do_sync (); } } @@ -889,7 +742,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust ) fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy); rec.r.trust.min_ownertrust = new_trust; write_record (&rec); - revalidation_mark (); + tdb_revalidation_mark (); do_sync (); rc = 0; } @@ -899,10 +752,11 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust ) } } + /* Clear the ownertrust and min_ownertrust values. Return true if a change actually happened. */ int -clear_ownertrusts (PKT_public_key *pk) +tdb_clear_ownertrusts (PKT_public_key *pk) { TRUSTREC rec; int rc; @@ -922,7 +776,7 @@ clear_ownertrusts (PKT_public_key *pk) rec.r.trust.ownertrust = 0; rec.r.trust.min_ownertrust = 0; write_record( &rec ); - revalidation_mark (); + tdb_revalidation_mark (); do_sync (); return 1; } @@ -1000,7 +854,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid, /* Return true if key is disabled. Note that this is usually used via the pk_is_disabled macro. */ int -cache_disabled_value (PKT_public_key *pk) +tdb_cache_disabled_value (PKT_public_key *pk) { int rc; TRUSTREC trec; @@ -1032,8 +886,9 @@ cache_disabled_value (PKT_public_key *pk) return disabled; } + void -check_trustdb_stale(void) +tdb_check_trustdb_stale (void) { static int did_nextcheck=0; @@ -1063,49 +918,26 @@ check_trustdb_stale(void) } /* - * Return the validity information for PK. If the namehash is not - * NULL, the validity of the corresponsing user ID is returned, - * otherwise, a reasonable value for the entire key is returned. + * Return the validity information for PK. This is the core of + * get_validity. */ unsigned int -get_validity (PKT_public_key *pk, PKT_user_id *uid) +tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, + PKT_public_key *main_pk) { TRUSTREC trec, vrec; int rc; ulong recno; unsigned int validity; - u32 kid[2]; - PKT_public_key *main_pk; - - if(uid) - namehash_from_uid(uid); init_trustdb (); check_trustdb_stale(); - keyid_from_pk (pk, kid); - if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1]) - { /* this is a subkey - get the mainkey */ - main_pk = xmalloc_clear (sizeof *main_pk); - rc = get_pubkey (main_pk, pk->main_keyid); - if (rc) - { - char *tempkeystr=xstrdup(keystr(pk->main_keyid)); - log_error ("error getting main key %s of subkey %s: %s\n", - tempkeystr, keystr(kid), g10_errstr(rc)); - xfree(tempkeystr); - validity = TRUST_UNKNOWN; - goto leave; - } - } - else - main_pk = pk; - if(opt.trust_model==TM_DIRECT) { /* Note that this happens BEFORE any user ID stuff is checked. The direct trust model applies to keys as a whole. */ - validity=get_ownertrust(main_pk); + validity = tdb_get_ownertrust (main_pk); goto leave; } @@ -1161,51 +993,12 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid) pk->flags.disabled_valid = 1; leave: - /* set some flags direct from the key */ - if (main_pk->flags.revoked) - validity |= TRUST_FLAG_REVOKED; - if (main_pk != pk && pk->flags.revoked) - validity |= TRUST_FLAG_SUB_REVOKED; - /* Note: expiration is a trust value and not a flag - don't know why - * I initially designed it that way */ - if (main_pk->has_expired || pk->has_expired) - validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED; - if (pending_check_trustdb) validity |= TRUST_FLAG_PENDING_CHECK; - if (main_pk != pk) - free_public_key (main_pk); return validity; } -int -get_validity_info (PKT_public_key *pk, PKT_user_id *uid) -{ - int trustlevel; - - if (!pk) - return '?'; /* Just in case a NULL PK is passed. */ - - trustlevel = get_validity (pk, uid); - if ( (trustlevel & TRUST_FLAG_REVOKED) ) - return 'r'; - return trust_letter (trustlevel); -} - -const char * -get_validity_string (PKT_public_key *pk, PKT_user_id *uid) -{ - int trustlevel; - - if (!pk) - return "err"; /* Just in case a NULL PK is passed. */ - - trustlevel = get_validity (pk, uid); - if( trustlevel & TRUST_FLAG_REVOKED ) - return _("revoked"); - return trust_value_to_string(trustlevel); -} static void get_validity_counts (PKT_public_key *pk, PKT_user_id *uid) @@ -1318,14 +1111,14 @@ ask_ownertrust (u32 *kid,int minimum) { log_info("force trust for key %s to %s\n", keystr(kid),trust_value_to_string(opt.force_ownertrust)); - update_ownertrust(pk,opt.force_ownertrust); + tdb_update_ownertrust (pk, opt.force_ownertrust); ot=opt.force_ownertrust; } else { ot=edit_ownertrust(pk,0); if(ot>0) - ot = get_ownertrust (pk); + ot = tdb_get_ownertrust (pk); else if(ot==0) ot = minimum?minimum:TRUST_UNDEFINED; else @@ -1427,365 +1220,6 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored) do_sync (); } -/* - * check whether the signature sig is in the klist k - */ -static struct key_item * -is_in_klist (struct key_item *k, PKT_signature *sig) -{ - for (; k; k = k->next) - { - if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1]) - return k; - } - return NULL; -} - -/* - * Mark the signature of the given UID which are used to certify it. - * To do this, we first revmove all signatures which are not valid and - * from the remain ones we look for the latest one. If this is not a - * certification revocation signature we mark the signature by setting - * node flag bit 8. Revocations are marked with flag 11, and sigs - * from unavailable keys are marked with flag 12. Note that flag bits - * 9 and 10 are used for internal purposes. - */ -static void -mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode, - u32 *main_kid, struct key_item *klist, - u32 curtime, u32 *next_expire) -{ - KBNODE node; - PKT_signature *sig; - - /* first check all signatures */ - for (node=uidnode->next; node; node = node->next) - { - int rc; - - node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12); - if (node->pkt->pkttype == PKT_USER_ID - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - break; /* ready */ - if (node->pkt->pkttype != PKT_SIGNATURE) - continue; - sig = node->pkt->pkt.signature; - if (main_kid - && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1]) - continue; /* ignore self-signatures if we pass in a main_kid */ - if (!IS_UID_SIG(sig) && !IS_UID_REV(sig)) - continue; /* we only look at these signature classes */ - if(sig->sig_class>=0x11 && sig->sig_class<=0x13 && - sig->sig_class-0x10<opt.min_cert_level) - continue; /* treat anything under our min_cert_level as an - invalid signature */ - if (klist && !is_in_klist (klist, sig)) - continue; /* no need to check it then */ - if ((rc=check_key_signature (keyblock, node, NULL))) - { - /* we ignore anything that won't verify, but tag the - no_pubkey case */ - if(rc==G10ERR_NO_PUBKEY) - node->flag |= 1<<12; - continue; - } - node->flag |= 1<<9; - } - /* reset the remaining flags */ - for (; node; node = node->next) - node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12); - - /* kbnode flag usage: bit 9 is here set for signatures to consider, - * bit 10 will be set by the loop to keep track of keyIDs already - * processed, bit 8 will be set for the usable signatures, and bit - * 11 will be set for usable revocations. */ - - /* for each cert figure out the latest valid one */ - for (node=uidnode->next; node; node = node->next) - { - KBNODE n, signode; - u32 kid[2]; - u32 sigdate; - - if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - break; - if ( !(node->flag & (1<<9)) ) - continue; /* not a node to look at */ - if ( (node->flag & (1<<10)) ) - continue; /* signature with a keyID already processed */ - node->flag |= (1<<10); /* mark this node as processed */ - sig = node->pkt->pkt.signature; - signode = node; - sigdate = sig->timestamp; - kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1]; - - /* Now find the latest and greatest signature */ - for (n=uidnode->next; n; n = n->next) - { - if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY) - break; - if ( !(n->flag & (1<<9)) ) - continue; - if ( (n->flag & (1<<10)) ) - continue; /* shortcut already processed signatures */ - sig = n->pkt->pkt.signature; - if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1]) - continue; - n->flag |= (1<<10); /* mark this node as processed */ - - /* If signode is nonrevocable and unexpired and n isn't, - then take signode (skip). It doesn't matter which is - older: if signode was older then we don't want to take n - as signode is nonrevocable. If n was older then we're - automatically fine. */ - - if(((IS_UID_SIG(signode->pkt->pkt.signature) && - !signode->pkt->pkt.signature->flags.revocable && - (signode->pkt->pkt.signature->expiredate==0 || - signode->pkt->pkt.signature->expiredate>curtime))) && - (!(IS_UID_SIG(n->pkt->pkt.signature) && - !n->pkt->pkt.signature->flags.revocable && - (n->pkt->pkt.signature->expiredate==0 || - n->pkt->pkt.signature->expiredate>curtime)))) - continue; - - /* If n is nonrevocable and unexpired and signode isn't, - then take n. Again, it doesn't matter which is older: if - n was older then we don't want to take signode as n is - nonrevocable. If signode was older then we're - automatically fine. */ - - if((!(IS_UID_SIG(signode->pkt->pkt.signature) && - !signode->pkt->pkt.signature->flags.revocable && - (signode->pkt->pkt.signature->expiredate==0 || - signode->pkt->pkt.signature->expiredate>curtime))) && - ((IS_UID_SIG(n->pkt->pkt.signature) && - !n->pkt->pkt.signature->flags.revocable && - (n->pkt->pkt.signature->expiredate==0 || - n->pkt->pkt.signature->expiredate>curtime)))) - { - signode = n; - sigdate = sig->timestamp; - continue; - } - - /* At this point, if it's newer, it goes in as the only - remaining possibilities are signode and n are both either - revocable or expired or both nonrevocable and unexpired. - If the timestamps are equal take the later ordered - packet, presuming that the key packets are hopefully in - their original order. */ - - if (sig->timestamp >= sigdate) - { - signode = n; - sigdate = sig->timestamp; - } - } - - sig = signode->pkt->pkt.signature; - if (IS_UID_SIG (sig)) - { /* this seems to be a usable one which is not revoked. - * Just need to check whether there is an expiration time, - * We do the expired certification after finding a suitable - * certification, the assumption is that a signator does not - * want that after the expiration of his certificate the - * system falls back to an older certification which has a - * different expiration time */ - const byte *p; - u32 expire; - - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL ); - expire = p? sig->timestamp + buffer_to_u32(p) : 0; - - if (expire==0 || expire > curtime ) - { - signode->flag |= (1<<8); /* yeah, found a good cert */ - if (next_expire && expire && expire < *next_expire) - *next_expire = expire; - } - } - else - signode->flag |= (1<<11); - } -} - -static int -clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only) -{ - int deleted=0; - KBNODE node; - u32 keyid[2]; - - assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY); - - keyid_from_pk(keyblock->pkt->pkt.public_key,keyid); - - /* Passing in a 0 for current time here means that we'll never weed - out an expired sig. This is correct behavior since we want to - keep the most recent expired sig in a series. */ - mark_usable_uid_certs(keyblock,uidnode,NULL,NULL,0,NULL); - - /* What we want to do here is remove signatures that are not - considered as part of the trust calculations. Thus, all invalid - signatures are out, as are any signatures that aren't the last of - a series of uid sigs or revocations It breaks down like this: - coming out of mark_usable_uid_certs, if a sig is unflagged, it is - not even a candidate. If a sig has flag 9 or 10, that means it - was selected as a candidate and vetted. If a sig has flag 8 it - is a usable signature. If a sig has flag 11 it is a usable - revocation. If a sig has flag 12 it was issued by an unavailable - key. "Usable" here means the most recent valid - signature/revocation in a series from a particular signer. - - Delete everything that isn't a usable uid sig (which might be - expired), a usable revocation, or a sig from an unavailable - key. */ - - for(node=uidnode->next; - node && node->pkt->pkttype==PKT_SIGNATURE; - node=node->next) - { - int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0] - && node->pkt->pkt.signature->keyid[1]==keyid[1]):1; - - /* Keep usable uid sigs ... */ - if((node->flag & (1<<8)) && keep) - continue; - - /* ... and usable revocations... */ - if((node->flag & (1<<11)) && keep) - continue; - - /* ... and sigs from unavailable keys. */ - /* disabled for now since more people seem to want sigs from - unavailable keys removed altogether. */ - /* - if(node->flag & (1<<12)) - continue; - */ - - /* Everything else we delete */ - - /* At this point, if 12 is set, the signing key was unavailable. - If 9 or 10 is set, it's superseded. Otherwise, it's - invalid. */ - - if(noisy) - log_info("removing signature from key %s on user ID \"%s\": %s\n", - keystr(node->pkt->pkt.signature->keyid), - uidnode->pkt->pkt.user_id->name, - node->flag&(1<<12)?"key unavailable": - node->flag&(1<<9)?"signature superseded":"invalid signature"); - - delete_kbnode(node); - deleted++; - } - - return deleted; -} - -/* This is substantially easier than clean_sigs_from_uid since we just - have to establish if the uid has a valid self-sig, is not revoked, - and is not expired. Note that this does not take into account - whether the uid has a trust path to it - just whether the keyholder - themselves has certified the uid. Returns true if the uid was - compacted. To "compact" a user ID, we simply remove ALL signatures - except the self-sig that caused the user ID to be remove-worthy. - We don't actually remove the user ID packet itself since it might - be ressurected in a later merge. Note that this function requires - that the caller has already done a merge_keys_and_selfsig(). - - TODO: change the import code to allow importing a uid with only a - revocation if the uid already exists on the keyring. */ - -static int -clean_uid_from_key(KBNODE keyblock,KBNODE uidnode,int noisy) -{ - KBNODE node; - PKT_user_id *uid=uidnode->pkt->pkt.user_id; - int deleted=0; - - assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY); - assert(uidnode->pkt->pkttype==PKT_USER_ID); - - /* Skip valid user IDs, compacted user IDs, and non-self-signed user - IDs if --allow-non-selfsigned-uid is set. */ - if(uid->created || uid->flags.compacted - || (!uid->is_expired && !uid->is_revoked - && opt.allow_non_selfsigned_uid)) - return 0; - - for(node=uidnode->next; - node && node->pkt->pkttype==PKT_SIGNATURE; - node=node->next) - if(!node->pkt->pkt.signature->flags.chosen_selfsig) - { - delete_kbnode(node); - deleted=1; - uidnode->pkt->pkt.user_id->flags.compacted=1; - } - - if(noisy) - { - const char *reason; - char *user=utf8_to_native(uid->name,uid->len,0); - - if(uid->is_revoked) - reason=_("revoked"); - else if(uid->is_expired) - reason=_("expired"); - else - reason=_("invalid"); - - log_info("compacting user ID \"%s\" on key %s: %s\n", - user,keystr_from_pk(keyblock->pkt->pkt.public_key), - reason); - - xfree(user); - } - - return deleted; -} - -/* Needs to be called after a merge_keys_and_selfsig() */ -void -clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only, - int *uids_cleaned,int *sigs_cleaned) -{ - int dummy; - - assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY); - assert(uidnode->pkt->pkttype==PKT_USER_ID); - - if(!uids_cleaned) - uids_cleaned=&dummy; - - if(!sigs_cleaned) - sigs_cleaned=&dummy; - - /* Do clean_uid_from_key first since if it fires off, we don't - have to bother with the other */ - *uids_cleaned+=clean_uid_from_key(keyblock,uidnode,noisy); - if(!uidnode->pkt->pkt.user_id->flags.compacted) - *sigs_cleaned+=clean_sigs_from_uid(keyblock,uidnode,noisy,self_only); -} - -void -clean_key(KBNODE keyblock,int noisy,int self_only, - int *uids_cleaned,int *sigs_cleaned) -{ - KBNODE uidnode; - - merge_keys_and_selfsig(keyblock); - - for(uidnode=keyblock->next; - uidnode && uidnode->pkt->pkttype!=PKT_PUBLIC_SUBKEY; - uidnode=uidnode->next) - if(uidnode->pkt->pkttype==PKT_USER_ID) - clean_one_uid(keyblock,uidnode,noisy,self_only, - uids_cleaned,sigs_cleaned); -} /* Returns a sanitized copy of the regexp (which might be "", but not NULL). */ @@ -2449,10 +1883,10 @@ validate_keys (int interactive) k->kid[0]=kid[0]; k->kid[1]=kid[1]; k->ownertrust = - (get_ownertrust (kar->keyblock->pkt->pkt.public_key) - & TRUST_MASK); - k->min_ownertrust = - get_min_ownertrust(kar->keyblock->pkt->pkt.public_key); + (tdb_get_ownertrust + (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK); + k->min_ownertrust = tdb_get_min_ownertrust + (kar->keyblock->pkt->pkt.public_key); k->trust_depth= kar->keyblock->pkt->pkt.public_key->trust_depth; k->trust_value= |