Line data Source code
1 : /* trustdb.c
2 : * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 : * 2008, 2012 Free Software Foundation, Inc.
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <assert.h>
26 :
27 : #ifndef DISABLE_REGEX
28 : #include <sys/types.h>
29 : #include <regex.h>
30 : #endif /* !DISABLE_REGEX */
31 :
32 : #include "gpg.h"
33 : #include "status.h"
34 : #include "iobuf.h"
35 : #include "keydb.h"
36 : #include "util.h"
37 : #include "options.h"
38 : #include "packet.h"
39 : #include "main.h"
40 : #include "i18n.h"
41 : #include "tdbio.h"
42 : #include "trustdb.h"
43 : #include "tofu.h"
44 :
45 :
46 : typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
47 :
48 : /*
49 : * Structure to keep track of keys, this is used as an array wherre
50 : * the item right after the last one has a keyblock set to NULL.
51 : * Maybe we can drop this thing and replace it by key_item
52 : */
53 : struct key_array
54 : {
55 : KBNODE keyblock;
56 : };
57 :
58 :
59 : /* Control information for the trust DB. */
60 : static struct
61 : {
62 : int init;
63 : int level;
64 : char *dbname;
65 : int no_trustdb;
66 : } trustdb_args;
67 :
68 : /* Some globals. */
69 : static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
70 : static struct key_item *utk_list; /* all ultimately trusted keys */
71 :
72 : static int pending_check_trustdb;
73 :
74 : static int validate_keys (int interactive);
75 :
76 : �
77 : /**********************************************
78 : ************* some helpers *******************
79 : **********************************************/
80 :
81 : static struct key_item *
82 331 : new_key_item (void)
83 : {
84 : struct key_item *k;
85 :
86 331 : k = xmalloc_clear (sizeof *k);
87 331 : return k;
88 : }
89 :
90 : static void
91 301 : release_key_items (struct key_item *k)
92 : {
93 : struct key_item *k2;
94 :
95 303 : for (; k; k = k2)
96 : {
97 2 : k2 = k->next;
98 2 : xfree (k->trust_regexp);
99 2 : xfree (k);
100 : }
101 301 : }
102 :
103 : #define KEY_HASH_TABLE_SIZE 1024
104 :
105 : /*
106 : * For fast keylook up we need a hash table. Each byte of a KeyID
107 : * should be distributed equally over the 256 possible values (except
108 : * for v3 keyIDs but we consider them as not important here). So we
109 : * can just use 10 bits to index a table of KEY_HASH_TABLE_SIZE key items.
110 : * Possible optimization: Do not use key_items but other hash_table when the
111 : * duplicates lists get too large.
112 : */
113 : static KeyHashTable
114 0 : new_key_hash_table (void)
115 : {
116 : struct key_item **tbl;
117 :
118 0 : tbl = xmalloc_clear (KEY_HASH_TABLE_SIZE * sizeof *tbl);
119 0 : return tbl;
120 : }
121 :
122 : static void
123 0 : release_key_hash_table (KeyHashTable tbl)
124 : {
125 : int i;
126 :
127 0 : if (!tbl)
128 0 : return;
129 0 : for (i=0; i < KEY_HASH_TABLE_SIZE; i++)
130 0 : release_key_items (tbl[i]);
131 0 : xfree (tbl);
132 : }
133 :
134 : /*
135 : * Returns: True if the keyID is in the given hash table
136 : */
137 : static int
138 0 : test_key_hash_table (KeyHashTable tbl, u32 *kid)
139 : {
140 : struct key_item *k;
141 :
142 0 : for (k = tbl[(kid[1] % KEY_HASH_TABLE_SIZE)]; k; k = k->next)
143 0 : if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
144 0 : return 1;
145 0 : return 0;
146 : }
147 :
148 : /*
149 : * Add a new key to the hash table. The key is identified by its key ID.
150 : */
151 : static void
152 0 : add_key_hash_table (KeyHashTable tbl, u32 *kid)
153 : {
154 0 : int i = kid[1] % KEY_HASH_TABLE_SIZE;
155 : struct key_item *k, *kk;
156 :
157 0 : for (k = tbl[i]; k; k = k->next)
158 0 : if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
159 0 : return; /* already in table */
160 :
161 0 : kk = new_key_item ();
162 0 : kk->kid[0] = kid[0];
163 0 : kk->kid[1] = kid[1];
164 0 : kk->next = tbl[i];
165 0 : tbl[i] = kk;
166 : }
167 :
168 : /*
169 : * Release a key_array
170 : */
171 : static void
172 0 : release_key_array ( struct key_array *keys )
173 : {
174 : struct key_array *k;
175 :
176 0 : if (keys) {
177 0 : for (k=keys; k->keyblock; k++)
178 0 : release_kbnode (k->keyblock);
179 0 : xfree (keys);
180 : }
181 0 : }
182 :
183 : �
184 : /*********************************************
185 : ********** Initialization *****************
186 : *********************************************/
187 :
188 :
189 :
190 : /*
191 : * Used to register extra ultimately trusted keys - this has to be done
192 : * before initializing the validation module.
193 : * FIXME: Should be replaced by a function to add those keys to the trustdb.
194 : */
195 : void
196 2 : tdb_register_trusted_keyid (u32 *keyid)
197 : {
198 : struct key_item *k;
199 :
200 2 : k = new_key_item ();
201 2 : k->kid[0] = keyid[0];
202 2 : k->kid[1] = keyid[1];
203 2 : k->next = user_utk_list;
204 2 : user_utk_list = k;
205 2 : }
206 :
207 : void
208 0 : tdb_register_trusted_key( const char *string )
209 : {
210 : gpg_error_t err;
211 : KEYDB_SEARCH_DESC desc;
212 :
213 0 : err = classify_user_id (string, &desc, 1);
214 0 : if (err || desc.mode != KEYDB_SEARCH_MODE_LONG_KID )
215 : {
216 0 : log_error(_("'%s' is not a valid long keyID\n"), string );
217 0 : return;
218 : }
219 :
220 0 : register_trusted_keyid(desc.u.kid);
221 : }
222 :
223 : /*
224 : * Helper to add a key to the global list of ultimately trusted keys.
225 : * Retruns: true = inserted, false = already in in list.
226 : */
227 : static int
228 329 : add_utk (u32 *kid)
229 : {
230 : struct key_item *k;
231 :
232 329 : if (tdb_keyid_is_utk (kid))
233 0 : return 0;
234 :
235 329 : k = new_key_item ();
236 329 : k->kid[0] = kid[0];
237 329 : k->kid[1] = kid[1];
238 329 : k->ownertrust = TRUST_ULTIMATE;
239 329 : k->next = utk_list;
240 329 : utk_list = k;
241 329 : if( opt.verbose > 1 )
242 0 : log_info(_("key %s: accepted as trusted key\n"), keystr(kid));
243 329 : return 1;
244 : }
245 :
246 :
247 : /****************
248 : * Verify that all our secret keys are usable and put them into the utk_list.
249 : */
250 : static void
251 301 : verify_own_keys(void)
252 : {
253 : TRUSTREC rec;
254 : ulong recnum;
255 : int rc;
256 : struct key_item *k;
257 :
258 301 : if (utk_list)
259 0 : return;
260 :
261 : /* scan the trustdb to find all ultimately trusted keys */
262 9328 : for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
263 : {
264 9027 : if ( rec.rectype == RECTYPE_TRUST
265 327 : && (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
266 : {
267 327 : byte *fpr = rec.r.trust.fingerprint;
268 : int fprlen;
269 : u32 kid[2];
270 :
271 : /* Problem: We do only use fingerprints in the trustdb but
272 : * we need the keyID here to indetify the key; we can only
273 : * use that ugly hack to distinguish between 16 and 20
274 : * butes fpr - it does not work always so we better change
275 : * the whole validation code to only work with
276 : * fingerprints */
277 327 : fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
278 327 : keyid_from_fingerprint (fpr, fprlen, kid);
279 327 : if (!add_utk (kid))
280 0 : log_info(_("key %s occurs more than once in the trustdb\n"),
281 : keystr(kid));
282 : }
283 : }
284 :
285 : /* Put any --trusted-key keys into the trustdb */
286 303 : for (k = user_utk_list; k; k = k->next)
287 : {
288 2 : if ( add_utk (k->kid) )
289 : { /* not yet in trustDB as ultimately trusted */
290 : PKT_public_key pk;
291 :
292 2 : memset (&pk, 0, sizeof pk);
293 2 : rc = get_pubkey (&pk, k->kid);
294 2 : if (rc)
295 0 : log_info(_("key %s: no public key for trusted key - skipped\n"),
296 0 : keystr(k->kid));
297 : else
298 : {
299 2 : tdb_update_ownertrust (&pk,
300 2 : ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
301 : | TRUST_ULTIMATE ));
302 2 : release_public_key_parts (&pk);
303 : }
304 :
305 2 : log_info (_("key %s marked as ultimately trusted\n"),keystr(k->kid));
306 : }
307 : }
308 :
309 : /* release the helper table table */
310 301 : release_key_items (user_utk_list);
311 301 : user_utk_list = NULL;
312 301 : return;
313 : }
314 :
315 : /* Returns whether KID is on the list of ultimately trusted keys. */
316 : int
317 361 : tdb_keyid_is_utk (u32 *kid)
318 : {
319 : struct key_item *k;
320 :
321 589 : for (k = utk_list; k; k = k->next)
322 228 : if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
323 0 : return 1;
324 :
325 361 : return 0;
326 : }
327 : �
328 : /*********************************************
329 : *********** TrustDB stuff *******************
330 : *********************************************/
331 :
332 : /*
333 : * Read a record but die if it does not exist
334 : */
335 : static void
336 84 : read_record (ulong recno, TRUSTREC *rec, int rectype )
337 : {
338 84 : int rc = tdbio_read_record (recno, rec, rectype);
339 84 : if (rc)
340 : {
341 0 : log_error(_("trust record %lu, req type %d: read failed: %s\n"),
342 : recno, rec->rectype, gpg_strerror (rc) );
343 0 : tdbio_invalid();
344 : }
345 84 : if (rectype != rec->rectype)
346 : {
347 0 : log_error(_("trust record %lu is not of requested type %d\n"),
348 : rec->recnum, rectype);
349 0 : tdbio_invalid();
350 : }
351 84 : }
352 :
353 : /*
354 : * Write a record and die on error
355 : */
356 : static void
357 2 : write_record (TRUSTREC *rec)
358 : {
359 2 : int rc = tdbio_write_record (rec);
360 2 : if (rc)
361 : {
362 0 : log_error(_("trust record %lu, type %d: write failed: %s\n"),
363 : rec->recnum, rec->rectype, gpg_strerror (rc) );
364 0 : tdbio_invalid();
365 : }
366 2 : }
367 :
368 : /*
369 : * sync the TrustDb and die on error
370 : */
371 : static void
372 3 : do_sync(void)
373 : {
374 3 : int rc = tdbio_sync ();
375 3 : if(rc)
376 : {
377 0 : log_error (_("trustdb: sync failed: %s\n"), gpg_strerror (rc) );
378 0 : g10_exit(2);
379 : }
380 3 : }
381 :
382 : static const char *
383 0 : trust_model_string(void)
384 : {
385 0 : switch(opt.trust_model)
386 : {
387 0 : case TM_CLASSIC: return "classic";
388 0 : case TM_PGP: return "PGP";
389 0 : case TM_EXTERNAL: return "external";
390 0 : case TM_TOFU: return "TOFU";
391 0 : case TM_TOFU_PGP: return "TOFU+PGP";
392 0 : case TM_ALWAYS: return "always";
393 0 : case TM_DIRECT: return "direct";
394 0 : default: return "unknown";
395 : }
396 : }
397 :
398 : /****************
399 : * Perform some checks over the trustdb
400 : * level 0: only open the db
401 : * 1: used for initial program startup
402 : */
403 : int
404 1253 : setup_trustdb( int level, const char *dbname )
405 : {
406 : /* just store the args */
407 1253 : if( trustdb_args.init )
408 0 : return 0;
409 1253 : trustdb_args.level = level;
410 1253 : trustdb_args.dbname = dbname? xstrdup(dbname): NULL;
411 1253 : return 0;
412 : }
413 :
414 : void
415 0 : how_to_fix_the_trustdb ()
416 : {
417 0 : const char *name = trustdb_args.dbname;
418 :
419 0 : if (!name)
420 0 : name = "trustdb.gpg";
421 :
422 0 : log_info (_("You may try to re-create the trustdb using the commands:\n"));
423 0 : log_info (" cd %s\n", default_homedir ());
424 0 : log_info (" gpg2 --export-ownertrust > otrust.tmp\n");
425 : #ifdef HAVE_W32_SYSTEM
426 : log_info (" del %s\n", name);
427 : #else
428 0 : log_info (" rm %s\n", name);
429 : #endif
430 0 : log_info (" gpg2 --import-ownertrust < otrust.tmp\n");
431 0 : log_info (_("If that does not work, please consult the manual\n"));
432 0 : }
433 :
434 :
435 : void
436 3211 : init_trustdb ()
437 : {
438 3211 : int level = trustdb_args.level;
439 3211 : const char* dbname = trustdb_args.dbname;
440 :
441 3211 : if( trustdb_args.init )
442 5885 : return;
443 :
444 537 : trustdb_args.init = 1;
445 :
446 537 : if(level==0 || level==1)
447 537 : {
448 537 : int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb);
449 537 : if( rc )
450 0 : log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
451 : }
452 : else
453 0 : BUG();
454 :
455 537 : if(opt.trust_model==TM_AUTO)
456 : {
457 : /* Try and set the trust model off of whatever the trustdb says
458 : it is. */
459 213 : opt.trust_model=tdbio_read_model();
460 :
461 : /* Sanity check this ;) */
462 213 : if(opt.trust_model != TM_CLASSIC
463 213 : && opt.trust_model != TM_PGP
464 0 : && opt.trust_model != TM_TOFU_PGP
465 0 : && opt.trust_model != TM_TOFU
466 0 : && opt.trust_model != TM_EXTERNAL)
467 : {
468 0 : log_info(_("unable to use unknown trust model (%d) - "
469 0 : "assuming %s trust model\n"),opt.trust_model,"tofu+pgp");
470 0 : opt.trust_model = TM_TOFU_PGP;
471 : }
472 :
473 213 : if(opt.verbose)
474 0 : log_info(_("using %s trust model\n"),trust_model_string());
475 : }
476 :
477 537 : if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC
478 324 : || opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
479 : {
480 : /* Verify the list of ultimately trusted keys and move the
481 : --trusted-keys list there as well. */
482 301 : if(level==1)
483 301 : verify_own_keys();
484 :
485 301 : if(!tdbio_db_matches_options())
486 88 : pending_check_trustdb=1;
487 : }
488 : }
489 :
490 :
491 : /****************
492 : * Recreate the WoT but do not ask for new ownertrusts. Special
493 : * feature: In batch mode and without a forced yes, this is only done
494 : * when a check is due. This can be used to run the check from a crontab
495 : */
496 : void
497 0 : check_trustdb ()
498 : {
499 0 : init_trustdb();
500 0 : if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
501 0 : || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
502 : {
503 0 : if (opt.batch && !opt.answer_yes)
504 : {
505 : ulong scheduled;
506 :
507 0 : scheduled = tdbio_read_nextcheck ();
508 0 : if (!scheduled)
509 : {
510 0 : log_info (_("no need for a trustdb check\n"));
511 0 : return;
512 : }
513 :
514 0 : if (scheduled > make_timestamp ())
515 : {
516 0 : log_info (_("next trustdb check due at %s\n"),
517 : strtimestamp (scheduled));
518 0 : return;
519 : }
520 : }
521 :
522 0 : validate_keys (0);
523 : }
524 : else
525 0 : log_info (_("no need for a trustdb check with '%s' trust model\n"),
526 : trust_model_string());
527 : }
528 :
529 :
530 : /*
531 : * Recreate the WoT.
532 : */
533 : void
534 0 : update_trustdb()
535 : {
536 0 : init_trustdb();
537 0 : if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
538 0 : || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
539 0 : validate_keys (1);
540 : else
541 0 : log_info (_("no need for a trustdb update with '%s' trust model\n"),
542 : trust_model_string());
543 0 : }
544 :
545 : void
546 5 : tdb_revalidation_mark (void)
547 : {
548 5 : init_trustdb();
549 5 : if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
550 5 : return;
551 :
552 : /* We simply set the time for the next check to 1 (far back in 1970)
553 : so that a --update-trustdb will be scheduled. */
554 5 : if (tdbio_write_nextcheck (1))
555 1 : do_sync ();
556 5 : pending_check_trustdb = 1;
557 : }
558 :
559 : int
560 19 : trustdb_pending_check(void)
561 : {
562 19 : return pending_check_trustdb;
563 : }
564 :
565 : /* If the trustdb is dirty, and we're interactive, update it.
566 : Otherwise, check it unless no-auto-check-trustdb is set. */
567 : void
568 19 : tdb_check_or_update (void)
569 : {
570 19 : if(trustdb_pending_check())
571 : {
572 2 : if(opt.interactive)
573 0 : update_trustdb();
574 2 : else if(!opt.no_auto_check_trustdb)
575 0 : check_trustdb();
576 : }
577 19 : }
578 :
579 : void
580 84 : read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
581 : byte *marginals,byte *completes,byte *cert_depth,
582 : byte *min_cert_level)
583 : {
584 : TRUSTREC opts;
585 :
586 84 : init_trustdb();
587 84 : if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
588 0 : memset (&opts, 0, sizeof opts);
589 : else
590 84 : read_record (0, &opts, RECTYPE_VER);
591 :
592 84 : if(trust_model)
593 84 : *trust_model=opts.r.ver.trust_model;
594 84 : if(created)
595 84 : *created=opts.r.ver.created;
596 84 : if(nextcheck)
597 84 : *nextcheck=opts.r.ver.nextcheck;
598 84 : if(marginals)
599 84 : *marginals=opts.r.ver.marginals;
600 84 : if(completes)
601 84 : *completes=opts.r.ver.completes;
602 84 : if(cert_depth)
603 84 : *cert_depth=opts.r.ver.cert_depth;
604 84 : if(min_cert_level)
605 84 : *min_cert_level=opts.r.ver.min_cert_level;
606 84 : }
607 :
608 : /***********************************************
609 : *********** Ownertrust et al. ****************
610 : ***********************************************/
611 :
612 : static int
613 967 : read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
614 : {
615 : int rc;
616 :
617 967 : init_trustdb();
618 967 : rc = tdbio_search_trust_bypk (pk, rec);
619 967 : if (rc)
620 : {
621 963 : if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
622 0 : log_error ("trustdb: searching trust record failed: %s\n",
623 : gpg_strerror (rc));
624 963 : return rc;
625 : }
626 :
627 4 : if (rec->rectype != RECTYPE_TRUST)
628 : {
629 0 : log_error ("trustdb: record %lu is not a trust record\n",
630 : rec->recnum);
631 0 : return GPG_ERR_TRUSTDB;
632 : }
633 :
634 4 : return 0;
635 : }
636 :
637 : /****************
638 : * Return the assigned ownertrust value for the given public key.
639 : * The key should be the primary key.
640 : */
641 : unsigned int
642 89 : tdb_get_ownertrust ( PKT_public_key *pk)
643 : {
644 : TRUSTREC rec;
645 : gpg_error_t err;
646 :
647 89 : if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
648 0 : return TRUST_UNKNOWN;
649 :
650 89 : err = read_trust_record (pk, &rec);
651 89 : if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
652 87 : return TRUST_UNKNOWN; /* no record yet */
653 2 : if (err)
654 : {
655 0 : tdbio_invalid ();
656 0 : return TRUST_UNKNOWN; /* actually never reached */
657 : }
658 :
659 2 : return rec.r.trust.ownertrust;
660 : }
661 :
662 :
663 : unsigned int
664 85 : tdb_get_min_ownertrust (PKT_public_key *pk)
665 : {
666 : TRUSTREC rec;
667 : gpg_error_t err;
668 :
669 85 : if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
670 0 : return TRUST_UNKNOWN;
671 :
672 85 : err = read_trust_record (pk, &rec);
673 85 : if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
674 85 : return TRUST_UNKNOWN; /* no record yet */
675 0 : if (err)
676 : {
677 0 : tdbio_invalid ();
678 0 : return TRUST_UNKNOWN; /* actually never reached */
679 : }
680 :
681 0 : return rec.r.trust.min_ownertrust;
682 : }
683 :
684 :
685 : /*
686 : * Set the trust value of the given public key to the new value.
687 : * The key should be a primary one.
688 : */
689 : void
690 4 : tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
691 : {
692 : TRUSTREC rec;
693 : gpg_error_t err;
694 :
695 4 : if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
696 4 : return;
697 :
698 4 : err = read_trust_record (pk, &rec);
699 4 : if (!err)
700 : {
701 2 : if (DBG_TRUST)
702 0 : log_debug ("update ownertrust from %u to %u\n",
703 0 : (unsigned int)rec.r.trust.ownertrust, new_trust );
704 2 : if (rec.r.trust.ownertrust != new_trust)
705 : {
706 0 : rec.r.trust.ownertrust = new_trust;
707 0 : write_record( &rec );
708 0 : tdb_revalidation_mark ();
709 0 : do_sync ();
710 : }
711 : }
712 2 : else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
713 : { /* no record yet - create a new one */
714 : size_t dummy;
715 :
716 2 : if (DBG_TRUST)
717 0 : log_debug ("insert ownertrust %u\n", new_trust );
718 :
719 2 : memset (&rec, 0, sizeof rec);
720 2 : rec.recnum = tdbio_new_recnum ();
721 2 : rec.rectype = RECTYPE_TRUST;
722 2 : fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
723 2 : rec.r.trust.ownertrust = new_trust;
724 2 : write_record (&rec);
725 2 : tdb_revalidation_mark ();
726 2 : do_sync ();
727 2 : err = 0;
728 : }
729 : else
730 : {
731 0 : tdbio_invalid ();
732 : }
733 : }
734 :
735 : static void
736 0 : update_min_ownertrust (u32 *kid, unsigned int new_trust )
737 : {
738 : PKT_public_key *pk;
739 : TRUSTREC rec;
740 : gpg_error_t err;
741 :
742 0 : if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
743 0 : return;
744 :
745 0 : pk = xmalloc_clear (sizeof *pk);
746 0 : err = get_pubkey (pk, kid);
747 0 : if (err)
748 : {
749 0 : log_error (_("public key %s not found: %s\n"),
750 : keystr (kid), gpg_strerror (err));
751 0 : return;
752 : }
753 :
754 0 : err = read_trust_record (pk, &rec);
755 0 : if (!err)
756 : {
757 0 : if (DBG_TRUST)
758 0 : log_debug ("key %08lX%08lX: update min_ownertrust from %u to %u\n",
759 0 : (ulong)kid[0],(ulong)kid[1],
760 0 : (unsigned int)rec.r.trust.min_ownertrust,
761 : new_trust );
762 0 : if (rec.r.trust.min_ownertrust != new_trust)
763 : {
764 0 : rec.r.trust.min_ownertrust = new_trust;
765 0 : write_record( &rec );
766 0 : tdb_revalidation_mark ();
767 0 : do_sync ();
768 : }
769 : }
770 0 : else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
771 : { /* no record yet - create a new one */
772 : size_t dummy;
773 :
774 0 : if (DBG_TRUST)
775 0 : log_debug ("insert min_ownertrust %u\n", new_trust );
776 :
777 0 : memset (&rec, 0, sizeof rec);
778 0 : rec.recnum = tdbio_new_recnum ();
779 0 : rec.rectype = RECTYPE_TRUST;
780 0 : fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
781 0 : rec.r.trust.min_ownertrust = new_trust;
782 0 : write_record (&rec);
783 0 : tdb_revalidation_mark ();
784 0 : do_sync ();
785 0 : err = 0;
786 : }
787 : else
788 : {
789 0 : tdbio_invalid ();
790 : }
791 : }
792 :
793 :
794 : /*
795 : * Clear the ownertrust and min_ownertrust values.
796 : *
797 : * Return: True if a change actually happened.
798 : */
799 : int
800 60 : tdb_clear_ownertrusts (PKT_public_key *pk)
801 : {
802 : TRUSTREC rec;
803 : gpg_error_t err;
804 :
805 60 : init_trustdb ();
806 :
807 60 : if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
808 0 : return 0;
809 :
810 60 : err = read_trust_record (pk, &rec);
811 60 : if (!err)
812 : {
813 0 : if (DBG_TRUST)
814 : {
815 0 : log_debug ("clearing ownertrust (old value %u)\n",
816 0 : (unsigned int)rec.r.trust.ownertrust);
817 0 : log_debug ("clearing min_ownertrust (old value %u)\n",
818 0 : (unsigned int)rec.r.trust.min_ownertrust);
819 : }
820 0 : if (rec.r.trust.ownertrust || rec.r.trust.min_ownertrust)
821 : {
822 0 : rec.r.trust.ownertrust = 0;
823 0 : rec.r.trust.min_ownertrust = 0;
824 0 : write_record( &rec );
825 0 : tdb_revalidation_mark ();
826 0 : do_sync ();
827 0 : return 1;
828 : }
829 : }
830 60 : else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
831 : {
832 0 : tdbio_invalid ();
833 : }
834 60 : return 0;
835 : }
836 :
837 : /*
838 : * Note: Caller has to do a sync
839 : */
840 : static void
841 0 : update_validity (PKT_public_key *pk, PKT_user_id *uid,
842 : int depth, int validity)
843 : {
844 : TRUSTREC trec, vrec;
845 : gpg_error_t err;
846 : ulong recno;
847 :
848 0 : namehash_from_uid(uid);
849 :
850 0 : err = read_trust_record (pk, &trec);
851 0 : if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
852 : {
853 0 : tdbio_invalid ();
854 0 : return;
855 : }
856 0 : if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
857 : {
858 : /* No record yet - create a new one. */
859 : size_t dummy;
860 :
861 0 : err = 0;
862 0 : memset (&trec, 0, sizeof trec);
863 0 : trec.recnum = tdbio_new_recnum ();
864 0 : trec.rectype = RECTYPE_TRUST;
865 0 : fingerprint_from_pk (pk, trec.r.trust.fingerprint, &dummy);
866 0 : trec.r.trust.ownertrust = 0;
867 : }
868 :
869 : /* locate an existing one */
870 0 : recno = trec.r.trust.validlist;
871 0 : while (recno)
872 : {
873 0 : read_record (recno, &vrec, RECTYPE_VALID);
874 0 : if ( !memcmp (vrec.r.valid.namehash, uid->namehash, 20) )
875 0 : break;
876 0 : recno = vrec.r.valid.next;
877 : }
878 :
879 0 : if (!recno) /* insert a new validity record */
880 : {
881 0 : memset (&vrec, 0, sizeof vrec);
882 0 : vrec.recnum = tdbio_new_recnum ();
883 0 : vrec.rectype = RECTYPE_VALID;
884 0 : memcpy (vrec.r.valid.namehash, uid->namehash, 20);
885 0 : vrec.r.valid.next = trec.r.trust.validlist;
886 0 : trec.r.trust.validlist = vrec.recnum;
887 : }
888 0 : vrec.r.valid.validity = validity;
889 0 : vrec.r.valid.full_count = uid->help_full_count;
890 0 : vrec.r.valid.marginal_count = uid->help_marginal_count;
891 0 : write_record (&vrec);
892 0 : trec.r.trust.depth = depth;
893 0 : write_record (&trec);
894 : }
895 :
896 :
897 : /***********************************************
898 : ********* Query trustdb values **************
899 : ***********************************************/
900 :
901 : /* Return true if key is disabled. Note that this is usually used via
902 : the pk_is_disabled macro. */
903 : int
904 277 : tdb_cache_disabled_value (PKT_public_key *pk)
905 : {
906 : gpg_error_t err;
907 : TRUSTREC trec;
908 277 : int disabled = 0;
909 :
910 277 : if (pk->flags.disabled_valid)
911 0 : return pk->flags.disabled;
912 :
913 277 : init_trustdb();
914 :
915 277 : if (trustdb_args.no_trustdb)
916 0 : return 0; /* No trustdb => not disabled. */
917 :
918 277 : err = read_trust_record (pk, &trec);
919 277 : if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
920 : {
921 0 : tdbio_invalid ();
922 0 : goto leave;
923 : }
924 277 : if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
925 : {
926 : /* No record found, so assume not disabled. */
927 277 : goto leave;
928 : }
929 :
930 0 : if ((trec.r.trust.ownertrust & TRUST_FLAG_DISABLED))
931 0 : disabled = 1;
932 :
933 : /* Cache it for later so we don't need to look at the trustdb every
934 : time */
935 0 : pk->flags.disabled = disabled;
936 0 : pk->flags.disabled_valid = 1;
937 :
938 : leave:
939 277 : return disabled;
940 : }
941 :
942 :
943 : void
944 954 : tdb_check_trustdb_stale (void)
945 : {
946 : static int did_nextcheck=0;
947 :
948 954 : init_trustdb ();
949 :
950 954 : if (trustdb_args.no_trustdb)
951 954 : return; /* No trustdb => can't be stale. */
952 :
953 954 : if (!did_nextcheck
954 465 : && (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
955 324 : || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU))
956 : {
957 : ulong scheduled;
958 :
959 229 : did_nextcheck = 1;
960 229 : scheduled = tdbio_read_nextcheck ();
961 229 : if ((scheduled && scheduled <= make_timestamp ())
962 88 : || pending_check_trustdb)
963 : {
964 141 : if (opt.no_auto_check_trustdb)
965 : {
966 141 : pending_check_trustdb = 1;
967 141 : if (!opt.quiet)
968 141 : log_info (_("please do a --check-trustdb\n"));
969 : }
970 : else
971 : {
972 0 : if (!opt.quiet)
973 0 : log_info (_("checking the trustdb\n"));
974 0 : validate_keys (0);
975 : }
976 : }
977 : }
978 : }
979 :
980 : /*
981 : * Return the validity information for PK. This is the core of
982 : * get_validity. If SIG is not NULL, then the trust is being
983 : * evaluated in the context of the provided signature. This is used
984 : * by the TOFU code to record statistics.
985 : */
986 : unsigned int
987 864 : tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
988 : PKT_public_key *main_pk,
989 : PKT_signature *sig,
990 : int may_ask)
991 : {
992 : TRUSTREC trec, vrec;
993 : gpg_error_t err;
994 : ulong recno;
995 864 : unsigned int tofu_validity = TRUST_UNKNOWN;
996 864 : unsigned int validity = TRUST_UNKNOWN;
997 :
998 864 : init_trustdb ();
999 :
1000 : /* If we have no trustdb (which also means it has not been created)
1001 : and the trust-model is always, we don't know the validity -
1002 : return immediately. If we won't do that the tdbio code would try
1003 : to open the trustdb and run into a fatal error. */
1004 864 : if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
1005 0 : return TRUST_UNKNOWN;
1006 :
1007 864 : check_trustdb_stale();
1008 :
1009 864 : if(opt.trust_model==TM_DIRECT)
1010 : {
1011 : /* Note that this happens BEFORE any user ID stuff is checked.
1012 : The direct trust model applies to keys as a whole. */
1013 0 : validity = tdb_get_ownertrust (main_pk);
1014 0 : goto leave;
1015 : }
1016 :
1017 : #ifdef USE_TOFU
1018 864 : if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
1019 : {
1020 176 : kbnode_t user_id_node = NULL; /* Silence -Wmaybe-uninitialized. */
1021 176 : int user_ids = 0;
1022 176 : int user_ids_expired = 0;
1023 :
1024 : char fingerprint[MAX_FINGERPRINT_LEN];
1025 176 : size_t fingerprint_len = sizeof (fingerprint);
1026 :
1027 176 : fingerprint_from_pk (main_pk, fingerprint, &fingerprint_len);
1028 176 : assert (fingerprint_len == sizeof (fingerprint));
1029 :
1030 : /* If the caller didn't supply a user id then iterate over all
1031 : uids. */
1032 176 : if (! uid)
1033 88 : user_id_node = get_pubkeyblock (main_pk->keyid);
1034 :
1035 440 : while (uid
1036 176 : || (user_id_node = find_next_kbnode (user_id_node, PKT_USER_ID)))
1037 : {
1038 : unsigned int tl;
1039 : PKT_user_id *user_id;
1040 :
1041 176 : if (uid)
1042 88 : user_id = uid;
1043 : else
1044 88 : user_id = user_id_node->pkt->pkt.user_id;
1045 :
1046 176 : if (user_id->is_revoked || user_id->is_expired)
1047 : /* If the user id is revoked or expired, then skip it. */
1048 : {
1049 : char *s;
1050 0 : if (user_id->is_revoked && user_id->is_expired)
1051 0 : s = "revoked and expired";
1052 0 : else if (user_id->is_revoked)
1053 0 : s = "revoked";
1054 : else
1055 0 : s = "expire";
1056 :
1057 0 : log_info ("TOFU: Ignoring %s user id (%s)\n", s, user_id->name);
1058 :
1059 0 : continue;
1060 : }
1061 :
1062 176 : user_ids ++;
1063 :
1064 176 : if (sig)
1065 12 : tl = tofu_register (fingerprint, user_id->name,
1066 6 : sig->digest, sig->digest_len,
1067 6 : sig->timestamp, "unknown",
1068 : may_ask);
1069 : else
1070 170 : tl = tofu_get_validity (fingerprint, user_id->name, may_ask);
1071 :
1072 176 : if (tl == TRUST_EXPIRED)
1073 0 : user_ids_expired ++;
1074 176 : else if (tl == TRUST_UNDEFINED || tl == TRUST_UNKNOWN)
1075 : ;
1076 112 : else if (tl == TRUST_NEVER)
1077 52 : tofu_validity = TRUST_NEVER;
1078 : else
1079 : {
1080 60 : assert (tl == TRUST_MARGINAL
1081 : || tl == TRUST_FULLY
1082 : || tl == TRUST_ULTIMATE);
1083 :
1084 60 : if (tl > tofu_validity)
1085 : /* XXX: We we really want the max? */
1086 60 : tofu_validity = tl;
1087 : }
1088 :
1089 176 : if (uid)
1090 : /* If the caller specified a user id, then we stop
1091 : now. */
1092 88 : break;
1093 : }
1094 : }
1095 : #endif /*USE_TOFU*/
1096 :
1097 864 : if (opt.trust_model == TM_TOFU_PGP
1098 864 : || opt.trust_model == TM_CLASSIC
1099 864 : || opt.trust_model == TM_PGP)
1100 : {
1101 452 : err = read_trust_record (main_pk, &trec);
1102 452 : if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
1103 : {
1104 0 : tdbio_invalid ();
1105 0 : return 0;
1106 : }
1107 452 : if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1108 : {
1109 : /* No record found. */
1110 452 : validity = TRUST_UNKNOWN;
1111 452 : goto leave;
1112 : }
1113 :
1114 : /* Loop over all user IDs */
1115 0 : recno = trec.r.trust.validlist;
1116 0 : validity = 0;
1117 0 : while (recno)
1118 : {
1119 0 : read_record (recno, &vrec, RECTYPE_VALID);
1120 :
1121 0 : if(uid)
1122 : {
1123 : /* If a user ID is given we return the validity for that
1124 : user ID ONLY. If the namehash is not found, then
1125 : there is no validity at all (i.e. the user ID wasn't
1126 : signed). */
1127 0 : if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
1128 : {
1129 0 : validity=(vrec.r.valid.validity & TRUST_MASK);
1130 0 : break;
1131 : }
1132 : }
1133 : else
1134 : {
1135 : /* If no user ID is given, we take the maximum validity
1136 : over all user IDs */
1137 0 : if (validity < (vrec.r.valid.validity & TRUST_MASK))
1138 0 : validity = (vrec.r.valid.validity & TRUST_MASK);
1139 : }
1140 :
1141 0 : recno = vrec.r.valid.next;
1142 : }
1143 :
1144 0 : if ((trec.r.trust.ownertrust & TRUST_FLAG_DISABLED))
1145 : {
1146 0 : validity |= TRUST_FLAG_DISABLED;
1147 0 : pk->flags.disabled = 1;
1148 : }
1149 : else
1150 0 : pk->flags.disabled = 0;
1151 0 : pk->flags.disabled_valid = 1;
1152 : }
1153 :
1154 : leave:
1155 : #ifdef USE_TOFU
1156 864 : validity = tofu_wot_trust_combine (tofu_validity, validity);
1157 : #else /*!USE_TOFU*/
1158 : validity &= TRUST_MASK;
1159 :
1160 : if (validity == TRUST_NEVER)
1161 : /* TRUST_NEVER trumps everything else. */
1162 : validity |= TRUST_NEVER;
1163 : if (validity == TRUST_EXPIRED)
1164 : /* TRUST_EXPIRED trumps everything but TRUST_NEVER. */
1165 : validity |= TRUST_EXPIRED;
1166 : #endif /*!USE_TOFU*/
1167 :
1168 864 : if (opt.trust_model != TM_TOFU
1169 688 : && pending_check_trustdb)
1170 150 : validity |= TRUST_FLAG_PENDING_CHECK;
1171 :
1172 864 : return validity;
1173 : }
1174 :
1175 :
1176 : static void
1177 0 : get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
1178 : {
1179 : TRUSTREC trec, vrec;
1180 : ulong recno;
1181 :
1182 0 : if(pk==NULL || uid==NULL)
1183 0 : BUG();
1184 :
1185 0 : namehash_from_uid(uid);
1186 :
1187 0 : uid->help_marginal_count=uid->help_full_count=0;
1188 :
1189 0 : init_trustdb ();
1190 :
1191 0 : if(read_trust_record (pk, &trec))
1192 0 : return;
1193 :
1194 : /* loop over all user IDs */
1195 0 : recno = trec.r.trust.validlist;
1196 0 : while (recno)
1197 : {
1198 0 : read_record (recno, &vrec, RECTYPE_VALID);
1199 :
1200 0 : if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
1201 : {
1202 0 : uid->help_marginal_count=vrec.r.valid.marginal_count;
1203 0 : uid->help_full_count=vrec.r.valid.full_count;
1204 : /* es_printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
1205 0 : break;
1206 : }
1207 :
1208 0 : recno = vrec.r.valid.next;
1209 : }
1210 : }
1211 :
1212 : void
1213 0 : list_trust_path( const char *username )
1214 : {
1215 : (void)username;
1216 0 : }
1217 :
1218 : /****************
1219 : * Enumerate all keys, which are needed to build all trust paths for
1220 : * the given key. This function does not return the key itself or
1221 : * the ultimate key (the last point in cerificate chain). Only
1222 : * certificate chains which ends up at an ultimately trusted key
1223 : * are listed. If ownertrust or validity is not NULL, the corresponding
1224 : * value for the returned LID is also returned in these variable(s).
1225 : *
1226 : * 1) create a void pointer and initialize it to NULL
1227 : * 2) pass this void pointer by reference to this function.
1228 : * Set lid to the key you want to enumerate and pass it by reference.
1229 : * 3) call this function as long as it does not return -1
1230 : * to indicate EOF. LID does contain the next key used to build the web
1231 : * 4) Always call this function a last time with LID set to NULL,
1232 : * so that it can free its context.
1233 : *
1234 : * Returns: -1 on EOF or the level of the returned LID
1235 : */
1236 : int
1237 0 : enum_cert_paths( void **context, ulong *lid,
1238 : unsigned *ownertrust, unsigned *validity )
1239 : {
1240 : (void)context;
1241 : (void)lid;
1242 : (void)ownertrust;
1243 : (void)validity;
1244 0 : return -1;
1245 : }
1246 :
1247 :
1248 : /****************
1249 : * Print the current path
1250 : */
1251 : void
1252 0 : enum_cert_paths_print (void **context, FILE *fp,
1253 : int refresh, ulong selected_lid)
1254 : {
1255 : (void)context;
1256 : (void)fp;
1257 : (void)refresh;
1258 : (void)selected_lid;
1259 0 : }
1260 :
1261 :
1262 : �
1263 : /****************************************
1264 : *********** NEW NEW NEW ****************
1265 : ****************************************/
1266 :
1267 : static int
1268 0 : ask_ownertrust (u32 *kid,int minimum)
1269 : {
1270 : PKT_public_key *pk;
1271 : int rc;
1272 : int ot;
1273 :
1274 0 : pk = xmalloc_clear (sizeof *pk);
1275 0 : rc = get_pubkey (pk, kid);
1276 0 : if (rc)
1277 : {
1278 0 : log_error (_("public key %s not found: %s\n"),
1279 : keystr(kid), gpg_strerror (rc) );
1280 0 : return TRUST_UNKNOWN;
1281 : }
1282 :
1283 0 : if(opt.force_ownertrust)
1284 : {
1285 0 : log_info("force trust for key %s to %s\n",
1286 0 : keystr(kid),trust_value_to_string(opt.force_ownertrust));
1287 0 : tdb_update_ownertrust (pk, opt.force_ownertrust);
1288 0 : ot=opt.force_ownertrust;
1289 : }
1290 : else
1291 : {
1292 0 : ot=edit_ownertrust(pk,0);
1293 0 : if(ot>0)
1294 0 : ot = tdb_get_ownertrust (pk);
1295 0 : else if(ot==0)
1296 0 : ot = minimum?minimum:TRUST_UNDEFINED;
1297 : else
1298 0 : ot = -1; /* quit */
1299 : }
1300 :
1301 0 : free_public_key( pk );
1302 :
1303 0 : return ot;
1304 : }
1305 :
1306 :
1307 : static void
1308 0 : mark_keyblock_seen (KeyHashTable tbl, KBNODE node)
1309 : {
1310 0 : for ( ;node; node = node->next )
1311 0 : if (node->pkt->pkttype == PKT_PUBLIC_KEY
1312 0 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1313 : {
1314 : u32 aki[2];
1315 :
1316 0 : keyid_from_pk (node->pkt->pkt.public_key, aki);
1317 0 : add_key_hash_table (tbl, aki);
1318 : }
1319 0 : }
1320 :
1321 :
1322 : static void
1323 0 : dump_key_array (int depth, struct key_array *keys)
1324 : {
1325 : struct key_array *kar;
1326 :
1327 0 : for (kar=keys; kar->keyblock; kar++)
1328 : {
1329 0 : KBNODE node = kar->keyblock;
1330 : u32 kid[2];
1331 :
1332 0 : keyid_from_pk(node->pkt->pkt.public_key, kid);
1333 0 : es_printf ("%d:%08lX%08lX:K::%c::::\n",
1334 0 : depth, (ulong)kid[0], (ulong)kid[1], '?');
1335 :
1336 0 : for (; node; node = node->next)
1337 : {
1338 0 : if (node->pkt->pkttype == PKT_USER_ID)
1339 : {
1340 0 : int len = node->pkt->pkt.user_id->len;
1341 :
1342 0 : if (len > 30)
1343 0 : len = 30;
1344 0 : es_printf ("%d:%08lX%08lX:U:::%c:::",
1345 0 : depth, (ulong)kid[0], (ulong)kid[1],
1346 0 : (node->flag & 4)? 'f':
1347 0 : (node->flag & 2)? 'm':
1348 0 : (node->flag & 1)? 'q':'-');
1349 0 : es_write_sanitized (es_stdout, node->pkt->pkt.user_id->name,
1350 : len, ":", NULL);
1351 0 : es_putc (':', es_stdout);
1352 0 : es_putc ('\n', es_stdout);
1353 : }
1354 : }
1355 : }
1356 0 : }
1357 :
1358 :
1359 : static void
1360 0 : store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
1361 : {
1362 : KBNODE node;
1363 : int status;
1364 0 : int any = 0;
1365 :
1366 0 : for (node=keyblock; node; node = node->next)
1367 : {
1368 0 : if (node->pkt->pkttype == PKT_USER_ID)
1369 : {
1370 0 : PKT_user_id *uid = node->pkt->pkt.user_id;
1371 0 : if (node->flag & 4)
1372 0 : status = TRUST_FULLY;
1373 0 : else if (node->flag & 2)
1374 0 : status = TRUST_MARGINAL;
1375 0 : else if (node->flag & 1)
1376 0 : status = TRUST_UNDEFINED;
1377 : else
1378 0 : status = 0;
1379 :
1380 0 : if (status)
1381 : {
1382 0 : update_validity (keyblock->pkt->pkt.public_key,
1383 : uid, depth, status);
1384 :
1385 0 : mark_keyblock_seen(stored,keyblock);
1386 :
1387 0 : any = 1;
1388 : }
1389 : }
1390 : }
1391 :
1392 0 : if (any)
1393 0 : do_sync ();
1394 0 : }
1395 :
1396 :
1397 : /* Returns a sanitized copy of the regexp (which might be "", but not
1398 : NULL). */
1399 : #ifndef DISABLE_REGEX
1400 : static char *
1401 0 : sanitize_regexp(const char *old)
1402 : {
1403 0 : size_t start=0,len=strlen(old),idx=0;
1404 0 : int escaped=0,standard_bracket=0;
1405 0 : char *new=xmalloc((len*2)+1); /* enough to \-escape everything if we
1406 : have to */
1407 :
1408 : /* There are basically two commonly-used regexps here. GPG and most
1409 : versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
1410 : command line uses "example.com" (i.e. whatever the user specfies,
1411 : and we can't expect users know to use "\." instead of "."). So
1412 : here are the rules: we're allowed to start with "<[^>]+[@.]" and
1413 : end with ">$" or start and end with nothing. In between, the
1414 : only legal regex character is ".", and everything else gets
1415 : escaped. Part of the gotcha here is that some regex packages
1416 : allow more than RFC-4880 requires. For example, 4880 has no "{}"
1417 : operator, but GNU regex does. Commenting removes these operators
1418 : from consideration. A possible future enhancement is to use
1419 : commenting to effectively back off a given regex to the Henry
1420 : Spencer syntax in 4880. -dshaw */
1421 :
1422 : /* Are we bracketed between "<[^>]+[@.]" and ">$" ? */
1423 0 : if(len>=12 && strncmp(old,"<[^>]+[@.]",10)==0
1424 0 : && old[len-2]=='>' && old[len-1]=='$')
1425 : {
1426 0 : strcpy(new,"<[^>]+[@.]");
1427 0 : idx=strlen(new);
1428 0 : standard_bracket=1;
1429 0 : start+=10;
1430 0 : len-=2;
1431 : }
1432 :
1433 : /* Walk the remaining characters and ensure that everything that is
1434 : left is not an operational regex character. */
1435 0 : for(;start<len;start++)
1436 : {
1437 0 : if(!escaped && old[start]=='\\')
1438 0 : escaped=1;
1439 0 : else if(!escaped && old[start]!='.')
1440 0 : new[idx++]='\\';
1441 : else
1442 0 : escaped=0;
1443 :
1444 0 : new[idx++]=old[start];
1445 : }
1446 :
1447 0 : new[idx]='\0';
1448 :
1449 : /* Note that the (sub)string we look at might end with a bare "\".
1450 : If it does, leave it that way. If the regexp actually ended with
1451 : ">$", then it was escaping the ">" and is fine. If the regexp
1452 : actually ended with the bare "\", then it's an illegal regexp and
1453 : regcomp should kick it out. */
1454 :
1455 0 : if(standard_bracket)
1456 0 : strcat(new,">$");
1457 :
1458 0 : return new;
1459 : }
1460 : #endif /*!DISABLE_REGEX*/
1461 :
1462 : /* Used by validate_one_keyblock to confirm a regexp within a trust
1463 : signature. Returns 1 for match, and 0 for no match or regex
1464 : error. */
1465 : static int
1466 0 : check_regexp(const char *expr,const char *string)
1467 : {
1468 : #ifdef DISABLE_REGEX
1469 : (void)expr;
1470 : (void)string;
1471 : /* When DISABLE_REGEX is defined, assume all regexps do not
1472 : match. */
1473 : return 0;
1474 : #else
1475 : int ret;
1476 : char *regexp;
1477 :
1478 0 : regexp=sanitize_regexp(expr);
1479 :
1480 : #ifdef __riscos__
1481 : ret=riscos_check_regexp(expr, string, DBG_TRUST);
1482 : #else
1483 : {
1484 : regex_t pat;
1485 :
1486 0 : ret=regcomp(&pat,regexp,REG_ICASE|REG_NOSUB|REG_EXTENDED);
1487 0 : if(ret==0)
1488 : {
1489 0 : ret=regexec(&pat,string,0,NULL,0);
1490 0 : regfree(&pat);
1491 0 : ret=(ret==0);
1492 : }
1493 : }
1494 : #endif
1495 :
1496 0 : if(DBG_TRUST)
1497 0 : log_debug("regexp '%s' ('%s') on '%s': %s\n",
1498 : regexp,expr,string,ret==0?"YES":"NO");
1499 :
1500 0 : xfree(regexp);
1501 :
1502 0 : return ret;
1503 : #endif
1504 : }
1505 :
1506 : /*
1507 : * Return true if the key is signed by one of the keys in the given
1508 : * key ID list. User IDs with a valid signature are marked by node
1509 : * flags as follows:
1510 : * flag bit 0: There is at least one signature
1511 : * 1: There is marginal confidence that this is a legitimate uid
1512 : * 2: There is full confidence that this is a legitimate uid.
1513 : * 8: Used for internal purposes.
1514 : * 9: Ditto (in mark_usable_uid_certs())
1515 : * 10: Ditto (ditto)
1516 : * This function assumes that all kbnode flags are cleared on entry.
1517 : */
1518 : static int
1519 0 : validate_one_keyblock (KBNODE kb, struct key_item *klist,
1520 : u32 curtime, u32 *next_expire)
1521 : {
1522 : struct key_item *kr;
1523 0 : KBNODE node, uidnode=NULL;
1524 0 : PKT_user_id *uid=NULL;
1525 0 : PKT_public_key *pk = kb->pkt->pkt.public_key;
1526 : u32 main_kid[2];
1527 0 : int issigned=0, any_signed = 0;
1528 :
1529 0 : keyid_from_pk(pk, main_kid);
1530 0 : for (node=kb; node; node = node->next)
1531 : {
1532 : /* A bit of discussion here: is it better for the web of trust
1533 : to be built among only self-signed uids? On the one hand, a
1534 : self-signed uid is a statement that the key owner definitely
1535 : intended that uid to be there, but on the other hand, a
1536 : signed (but not self-signed) uid does carry trust, of a sort,
1537 : even if it is a statement being made by people other than the
1538 : key owner "through" the uids on the key owner's key. I'm
1539 : going with the latter. However, if the user ID was
1540 : explicitly revoked, or passively allowed to expire, that
1541 : should stop validity through the user ID until it is
1542 : resigned. -dshaw */
1543 :
1544 0 : if (node->pkt->pkttype == PKT_USER_ID
1545 0 : && !node->pkt->pkt.user_id->is_revoked
1546 0 : && !node->pkt->pkt.user_id->is_expired)
1547 : {
1548 0 : if (uidnode && issigned)
1549 : {
1550 0 : if (uid->help_full_count >= opt.completes_needed
1551 0 : || uid->help_marginal_count >= opt.marginals_needed )
1552 0 : uidnode->flag |= 4;
1553 0 : else if (uid->help_full_count || uid->help_marginal_count)
1554 0 : uidnode->flag |= 2;
1555 0 : uidnode->flag |= 1;
1556 0 : any_signed = 1;
1557 : }
1558 0 : uidnode = node;
1559 0 : uid=uidnode->pkt->pkt.user_id;
1560 :
1561 : /* If the selfsig is going to expire... */
1562 0 : if(uid->expiredate && uid->expiredate<*next_expire)
1563 0 : *next_expire = uid->expiredate;
1564 :
1565 0 : issigned = 0;
1566 0 : get_validity_counts(pk,uid);
1567 0 : mark_usable_uid_certs (kb, uidnode, main_kid, klist,
1568 : curtime, next_expire);
1569 : }
1570 0 : else if (node->pkt->pkttype == PKT_SIGNATURE
1571 0 : && (node->flag & (1<<8)) && uid)
1572 : {
1573 : /* Note that we are only seeing unrevoked sigs here */
1574 0 : PKT_signature *sig = node->pkt->pkt.signature;
1575 :
1576 0 : kr = is_in_klist (klist, sig);
1577 : /* If the trust_regexp does not match, it's as if the sig
1578 : did not exist. This is safe for non-trust sigs as well
1579 : since we don't accept a regexp on the sig unless it's a
1580 : trust sig. */
1581 0 : if (kr && (!kr->trust_regexp
1582 0 : || !(opt.trust_model == TM_PGP
1583 0 : || opt.trust_model == TM_TOFU_PGP)
1584 0 : || (uidnode
1585 0 : && check_regexp(kr->trust_regexp,
1586 0 : uidnode->pkt->pkt.user_id->name))))
1587 : {
1588 : /* Are we part of a trust sig chain? We always favor
1589 : the latest trust sig, rather than the greater or
1590 : lesser trust sig or value. I could make a decent
1591 : argument for any of these cases, but this seems to be
1592 : what PGP does, and I'd like to be compatible. -dms */
1593 0 : if ((opt.trust_model == TM_PGP
1594 0 : || opt.trust_model == TM_TOFU_PGP)
1595 0 : && sig->trust_depth
1596 0 : && pk->trust_timestamp <= sig->timestamp)
1597 : {
1598 : unsigned char depth;
1599 :
1600 : /* If the depth on the signature is less than the
1601 : chain currently has, then use the signature depth
1602 : so we don't increase the depth beyond what the
1603 : signer wanted. If the depth on the signature is
1604 : more than the chain currently has, then use the
1605 : chain depth so we use as much of the signature
1606 : depth as the chain will permit. An ultimately
1607 : trusted signature can restart the depth to
1608 : whatever level it likes. */
1609 :
1610 0 : if (sig->trust_depth < kr->trust_depth
1611 0 : || kr->ownertrust == TRUST_ULTIMATE)
1612 0 : depth = sig->trust_depth;
1613 : else
1614 0 : depth = kr->trust_depth;
1615 :
1616 0 : if (depth)
1617 : {
1618 0 : if(DBG_TRUST)
1619 0 : log_debug ("trust sig on %s, sig depth is %d,"
1620 : " kr depth is %d\n",
1621 0 : uidnode->pkt->pkt.user_id->name,
1622 0 : sig->trust_depth,
1623 0 : kr->trust_depth);
1624 :
1625 : /* If we got here, we know that:
1626 :
1627 : this is a trust sig.
1628 :
1629 : it's a newer trust sig than any previous trust
1630 : sig on this key (not uid).
1631 :
1632 : it is legal in that it was either generated by an
1633 : ultimate key, or a key that was part of a trust
1634 : chain, and the depth does not violate the
1635 : original trust sig.
1636 :
1637 : if there is a regexp attached, it matched
1638 : successfully.
1639 : */
1640 :
1641 0 : if (DBG_TRUST)
1642 0 : log_debug ("replacing trust value %d with %d and "
1643 : "depth %d with %d\n",
1644 0 : pk->trust_value,sig->trust_value,
1645 0 : pk->trust_depth,depth);
1646 :
1647 0 : pk->trust_value = sig->trust_value;
1648 0 : pk->trust_depth = depth-1;
1649 :
1650 : /* If the trust sig contains a regexp, record it
1651 : on the pk for the next round. */
1652 0 : if (sig->trust_regexp)
1653 0 : pk->trust_regexp = sig->trust_regexp;
1654 : }
1655 : }
1656 :
1657 0 : if (kr->ownertrust == TRUST_ULTIMATE)
1658 0 : uid->help_full_count = opt.completes_needed;
1659 0 : else if (kr->ownertrust == TRUST_FULLY)
1660 0 : uid->help_full_count++;
1661 0 : else if (kr->ownertrust == TRUST_MARGINAL)
1662 0 : uid->help_marginal_count++;
1663 0 : issigned = 1;
1664 : }
1665 : }
1666 : }
1667 :
1668 0 : if (uidnode && issigned)
1669 : {
1670 0 : if (uid->help_full_count >= opt.completes_needed
1671 0 : || uid->help_marginal_count >= opt.marginals_needed )
1672 0 : uidnode->flag |= 4;
1673 0 : else if (uid->help_full_count || uid->help_marginal_count)
1674 0 : uidnode->flag |= 2;
1675 0 : uidnode->flag |= 1;
1676 0 : any_signed = 1;
1677 : }
1678 :
1679 0 : return any_signed;
1680 : }
1681 :
1682 :
1683 : static int
1684 0 : search_skipfnc (void *opaque, u32 *kid, int dummy_uid_no)
1685 : {
1686 : (void)dummy_uid_no;
1687 0 : return test_key_hash_table ((KeyHashTable)opaque, kid);
1688 : }
1689 :
1690 :
1691 : /*
1692 : * Scan all keys and return a key_array of all suitable keys from
1693 : * kllist. The caller has to pass keydb handle so that we don't use
1694 : * to create our own. Returns either a key_array or NULL in case of
1695 : * an error. No results found are indicated by an empty array.
1696 : * Caller hast to release the returned array.
1697 : */
1698 : static struct key_array *
1699 0 : validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
1700 : struct key_item *klist, u32 curtime, u32 *next_expire)
1701 : {
1702 0 : KBNODE keyblock = NULL;
1703 0 : struct key_array *keys = NULL;
1704 : size_t nkeys, maxkeys;
1705 : int rc;
1706 : KEYDB_SEARCH_DESC desc;
1707 :
1708 0 : maxkeys = 1000;
1709 0 : keys = xmalloc ((maxkeys+1) * sizeof *keys);
1710 0 : nkeys = 0;
1711 :
1712 0 : rc = keydb_search_reset (hd);
1713 0 : if (rc)
1714 : {
1715 0 : log_error ("keydb_search_reset failed: %s\n", gpg_strerror (rc));
1716 0 : xfree (keys);
1717 0 : return NULL;
1718 : }
1719 :
1720 0 : memset (&desc, 0, sizeof desc);
1721 0 : desc.mode = KEYDB_SEARCH_MODE_FIRST;
1722 0 : desc.skipfnc = search_skipfnc;
1723 0 : desc.skipfncvalue = full_trust;
1724 0 : rc = keydb_search (hd, &desc, 1, NULL);
1725 0 : if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
1726 : {
1727 0 : keys[nkeys].keyblock = NULL;
1728 0 : return keys;
1729 : }
1730 0 : if (rc)
1731 : {
1732 0 : log_error ("keydb_search(first) failed: %s\n", gpg_strerror (rc));
1733 0 : goto die;
1734 : }
1735 :
1736 0 : desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
1737 : do
1738 : {
1739 : PKT_public_key *pk;
1740 :
1741 0 : if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1742 0 : continue;
1743 :
1744 0 : rc = keydb_get_keyblock (hd, &keyblock);
1745 0 : if (rc)
1746 : {
1747 0 : log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
1748 0 : goto die;
1749 : }
1750 :
1751 0 : if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
1752 : {
1753 0 : log_debug ("ooops: invalid pkttype %d encountered\n",
1754 0 : keyblock->pkt->pkttype);
1755 0 : dump_kbnode (keyblock);
1756 0 : release_kbnode(keyblock);
1757 0 : continue;
1758 : }
1759 :
1760 : /* prepare the keyblock for further processing */
1761 0 : merge_keys_and_selfsig (keyblock);
1762 0 : clear_kbnode_flags (keyblock);
1763 0 : pk = keyblock->pkt->pkt.public_key;
1764 0 : if (pk->has_expired || pk->flags.revoked)
1765 : {
1766 : /* it does not make sense to look further at those keys */
1767 0 : mark_keyblock_seen (full_trust, keyblock);
1768 : }
1769 0 : else if (validate_one_keyblock (keyblock, klist, curtime, next_expire))
1770 : {
1771 : KBNODE node;
1772 :
1773 0 : if (pk->expiredate && pk->expiredate >= curtime
1774 0 : && pk->expiredate < *next_expire)
1775 0 : *next_expire = pk->expiredate;
1776 :
1777 0 : if (nkeys == maxkeys) {
1778 0 : maxkeys += 1000;
1779 0 : keys = xrealloc (keys, (maxkeys+1) * sizeof *keys);
1780 : }
1781 0 : keys[nkeys++].keyblock = keyblock;
1782 :
1783 : /* Optimization - if all uids are fully trusted, then we
1784 : never need to consider this key as a candidate again. */
1785 :
1786 0 : for (node=keyblock; node; node = node->next)
1787 0 : if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & 4))
1788 0 : break;
1789 :
1790 0 : if(node==NULL)
1791 0 : mark_keyblock_seen (full_trust, keyblock);
1792 :
1793 0 : keyblock = NULL;
1794 : }
1795 :
1796 0 : release_kbnode (keyblock);
1797 0 : keyblock = NULL;
1798 : }
1799 0 : while (!(rc = keydb_search (hd, &desc, 1, NULL))
1800 0 : || gpg_err_code (rc) == GPG_ERR_LEGACY_KEY);
1801 :
1802 0 : if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
1803 : {
1804 0 : log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
1805 0 : goto die;
1806 : }
1807 :
1808 0 : keys[nkeys].keyblock = NULL;
1809 0 : return keys;
1810 :
1811 : die:
1812 0 : keys[nkeys].keyblock = NULL;
1813 0 : release_key_array (keys);
1814 0 : return NULL;
1815 : }
1816 :
1817 : /* Caller must sync */
1818 : static void
1819 0 : reset_trust_records(void)
1820 : {
1821 : TRUSTREC rec;
1822 : ulong recnum;
1823 0 : int count = 0, nreset = 0;
1824 :
1825 0 : for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
1826 : {
1827 0 : if(rec.rectype==RECTYPE_TRUST)
1828 : {
1829 0 : count++;
1830 0 : if(rec.r.trust.min_ownertrust)
1831 : {
1832 0 : rec.r.trust.min_ownertrust=0;
1833 0 : write_record(&rec);
1834 : }
1835 :
1836 : }
1837 0 : else if(rec.rectype==RECTYPE_VALID
1838 0 : && ((rec.r.valid.validity&TRUST_MASK)
1839 0 : || rec.r.valid.marginal_count
1840 0 : || rec.r.valid.full_count))
1841 : {
1842 0 : rec.r.valid.validity &= ~TRUST_MASK;
1843 0 : rec.r.valid.marginal_count=rec.r.valid.full_count=0;
1844 0 : nreset++;
1845 0 : write_record(&rec);
1846 : }
1847 :
1848 : }
1849 :
1850 0 : if (opt.verbose)
1851 0 : log_info (_("%d keys processed (%d validity counts cleared)\n"),
1852 : count, nreset);
1853 0 : }
1854 :
1855 : /*
1856 : * Run the key validation procedure.
1857 : *
1858 : * This works this way:
1859 : * Step 1: Find all ultimately trusted keys (UTK).
1860 : * mark them all as seen and put them into klist.
1861 : * Step 2: loop max_cert_times
1862 : * Step 3: if OWNERTRUST of any key in klist is undefined
1863 : * ask user to assign ownertrust
1864 : * Step 4: Loop over all keys in the keyDB which are not marked seen
1865 : * Step 5: if key is revoked or expired
1866 : * mark key as seen
1867 : * continue loop at Step 4
1868 : * Step 6: For each user ID of that key signed by a key in klist
1869 : * Calculate validity by counting trusted signatures.
1870 : * Set validity of user ID
1871 : * Step 7: If any signed user ID was found
1872 : * mark key as seen
1873 : * End Loop
1874 : * Step 8: Build a new klist from all fully trusted keys from step 6
1875 : * End Loop
1876 : * Ready
1877 : *
1878 : */
1879 : static int
1880 0 : validate_keys (int interactive)
1881 : {
1882 0 : int rc = 0;
1883 0 : int quit=0;
1884 0 : struct key_item *klist = NULL;
1885 : struct key_item *k;
1886 0 : struct key_array *keys = NULL;
1887 : struct key_array *kar;
1888 0 : KEYDB_HANDLE kdb = NULL;
1889 : KBNODE node;
1890 : int depth;
1891 : int ot_unknown, ot_undefined, ot_never, ot_marginal, ot_full, ot_ultimate;
1892 : KeyHashTable stored,used,full_trust;
1893 : u32 start_time, next_expire;
1894 :
1895 : /* Make sure we have all sigs cached. TODO: This is going to
1896 : require some architectual re-thinking, as it is agonizingly slow.
1897 : Perhaps combine this with reset_trust_records(), or only check
1898 : the caches on keys that are actually involved in the web of
1899 : trust. */
1900 0 : keydb_rebuild_caches(0);
1901 :
1902 0 : start_time = make_timestamp ();
1903 0 : next_expire = 0xffffffff; /* set next expire to the year 2106 */
1904 0 : stored = new_key_hash_table ();
1905 0 : used = new_key_hash_table ();
1906 0 : full_trust = new_key_hash_table ();
1907 :
1908 0 : kdb = keydb_new ();
1909 0 : reset_trust_records();
1910 :
1911 : /* Fixme: Instead of always building a UTK list, we could just build it
1912 : * here when needed */
1913 0 : if (!utk_list)
1914 : {
1915 0 : if (!opt.quiet)
1916 0 : log_info (_("no ultimately trusted keys found\n"));
1917 0 : goto leave;
1918 : }
1919 :
1920 : /* mark all UTKs as used and fully_trusted and set validity to
1921 : ultimate */
1922 0 : for (k=utk_list; k; k = k->next)
1923 : {
1924 : KBNODE keyblock;
1925 : PKT_public_key *pk;
1926 :
1927 0 : keyblock = get_pubkeyblock (k->kid);
1928 0 : if (!keyblock)
1929 : {
1930 0 : log_error (_("public key of ultimately"
1931 0 : " trusted key %s not found\n"), keystr(k->kid));
1932 0 : continue;
1933 : }
1934 0 : mark_keyblock_seen (used, keyblock);
1935 0 : mark_keyblock_seen (stored, keyblock);
1936 0 : mark_keyblock_seen (full_trust, keyblock);
1937 0 : pk = keyblock->pkt->pkt.public_key;
1938 0 : for (node=keyblock; node; node = node->next)
1939 : {
1940 0 : if (node->pkt->pkttype == PKT_USER_ID)
1941 0 : update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE);
1942 : }
1943 0 : if ( pk->expiredate && pk->expiredate >= start_time
1944 0 : && pk->expiredate < next_expire)
1945 0 : next_expire = pk->expiredate;
1946 :
1947 0 : release_kbnode (keyblock);
1948 0 : do_sync ();
1949 : }
1950 :
1951 0 : if (opt.trust_model == TM_TOFU)
1952 : /* In the TOFU trust model, we only need to save the ultimately
1953 : trusted keys. */
1954 0 : goto leave;
1955 :
1956 0 : klist = utk_list;
1957 :
1958 0 : log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"),
1959 : opt.marginals_needed,opt.completes_needed,trust_model_string());
1960 :
1961 0 : for (depth=0; depth < opt.max_cert_depth; depth++)
1962 : {
1963 0 : int valids=0,key_count;
1964 : /* See whether we should assign ownertrust values to the keys in
1965 : klist. */
1966 0 : ot_unknown = ot_undefined = ot_never = 0;
1967 0 : ot_marginal = ot_full = ot_ultimate = 0;
1968 0 : for (k=klist; k; k = k->next)
1969 : {
1970 0 : int min=0;
1971 :
1972 : /* 120 and 60 are as per RFC2440 */
1973 0 : if(k->trust_value>=120)
1974 0 : min=TRUST_FULLY;
1975 0 : else if(k->trust_value>=60)
1976 0 : min=TRUST_MARGINAL;
1977 :
1978 0 : if(min!=k->min_ownertrust)
1979 0 : update_min_ownertrust(k->kid,min);
1980 :
1981 0 : if (interactive && k->ownertrust == TRUST_UNKNOWN)
1982 : {
1983 0 : k->ownertrust = ask_ownertrust (k->kid,min);
1984 :
1985 0 : if (k->ownertrust == (unsigned int)(-1))
1986 : {
1987 0 : quit=1;
1988 0 : goto leave;
1989 : }
1990 : }
1991 :
1992 : /* This can happen during transition from an old trustdb
1993 : before trust sigs. It can also happen if a user uses two
1994 : different versions of GnuPG or changes the --trust-model
1995 : setting. */
1996 0 : if(k->ownertrust<min)
1997 : {
1998 0 : if(DBG_TRUST)
1999 0 : log_debug("key %08lX%08lX:"
2000 : " overriding ownertrust '%s' with '%s'\n",
2001 0 : (ulong)k->kid[0],(ulong)k->kid[1],
2002 : trust_value_to_string(k->ownertrust),
2003 : trust_value_to_string(min));
2004 :
2005 0 : k->ownertrust=min;
2006 : }
2007 :
2008 0 : if (k->ownertrust == TRUST_UNKNOWN)
2009 0 : ot_unknown++;
2010 0 : else if (k->ownertrust == TRUST_UNDEFINED)
2011 0 : ot_undefined++;
2012 0 : else if (k->ownertrust == TRUST_NEVER)
2013 0 : ot_never++;
2014 0 : else if (k->ownertrust == TRUST_MARGINAL)
2015 0 : ot_marginal++;
2016 0 : else if (k->ownertrust == TRUST_FULLY)
2017 0 : ot_full++;
2018 0 : else if (k->ownertrust == TRUST_ULTIMATE)
2019 0 : ot_ultimate++;
2020 :
2021 0 : valids++;
2022 : }
2023 :
2024 : /* Find all keys which are signed by a key in kdlist */
2025 0 : keys = validate_key_list (kdb, full_trust, klist,
2026 : start_time, &next_expire);
2027 0 : if (!keys)
2028 : {
2029 0 : log_error ("validate_key_list failed\n");
2030 0 : rc = GPG_ERR_GENERAL;
2031 0 : goto leave;
2032 : }
2033 :
2034 0 : for (key_count=0, kar=keys; kar->keyblock; kar++, key_count++)
2035 : ;
2036 :
2037 : /* Store the calculated valididation status somewhere */
2038 0 : if (opt.verbose > 1 && DBG_TRUST)
2039 0 : dump_key_array (depth, keys);
2040 :
2041 0 : for (kar=keys; kar->keyblock; kar++)
2042 0 : store_validation_status (depth, kar->keyblock, stored);
2043 :
2044 0 : log_info (_("depth: %d valid: %3d signed: %3d"
2045 : " trust: %d-, %dq, %dn, %dm, %df, %du\n"),
2046 : depth, valids, key_count, ot_unknown, ot_undefined,
2047 : ot_never, ot_marginal, ot_full, ot_ultimate );
2048 :
2049 : /* Build a new kdlist from all fully valid keys in KEYS */
2050 0 : if (klist != utk_list)
2051 0 : release_key_items (klist);
2052 0 : klist = NULL;
2053 0 : for (kar=keys; kar->keyblock; kar++)
2054 : {
2055 0 : for (node=kar->keyblock; node; node = node->next)
2056 : {
2057 0 : if (node->pkt->pkttype == PKT_USER_ID && (node->flag & 4))
2058 : {
2059 : u32 kid[2];
2060 :
2061 : /* have we used this key already? */
2062 0 : keyid_from_pk (kar->keyblock->pkt->pkt.public_key, kid);
2063 0 : if(test_key_hash_table(used,kid)==0)
2064 : {
2065 : /* Normally we add both the primary and subkey
2066 : ids to the hash via mark_keyblock_seen, but
2067 : since we aren't using this hash as a skipfnc,
2068 : that doesn't matter here. */
2069 0 : add_key_hash_table (used,kid);
2070 0 : k = new_key_item ();
2071 0 : k->kid[0]=kid[0];
2072 0 : k->kid[1]=kid[1];
2073 0 : k->ownertrust =
2074 0 : (tdb_get_ownertrust
2075 0 : (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
2076 0 : k->min_ownertrust = tdb_get_min_ownertrust
2077 0 : (kar->keyblock->pkt->pkt.public_key);
2078 0 : k->trust_depth=
2079 0 : kar->keyblock->pkt->pkt.public_key->trust_depth;
2080 0 : k->trust_value=
2081 0 : kar->keyblock->pkt->pkt.public_key->trust_value;
2082 0 : if(kar->keyblock->pkt->pkt.public_key->trust_regexp)
2083 0 : k->trust_regexp=
2084 0 : xstrdup(kar->keyblock->pkt->
2085 : pkt.public_key->trust_regexp);
2086 0 : k->next = klist;
2087 0 : klist = k;
2088 0 : break;
2089 : }
2090 : }
2091 : }
2092 : }
2093 0 : release_key_array (keys);
2094 0 : keys = NULL;
2095 0 : if (!klist)
2096 0 : break; /* no need to dive in deeper */
2097 : }
2098 :
2099 : leave:
2100 0 : keydb_release (kdb);
2101 0 : release_key_array (keys);
2102 0 : if (klist != utk_list)
2103 0 : release_key_items (klist);
2104 0 : release_key_hash_table (full_trust);
2105 0 : release_key_hash_table (used);
2106 0 : release_key_hash_table (stored);
2107 0 : if (!rc && !quit) /* mark trustDB as checked */
2108 : {
2109 : int rc2;
2110 :
2111 0 : if (next_expire == 0xffffffff || next_expire < start_time )
2112 0 : tdbio_write_nextcheck (0);
2113 : else
2114 : {
2115 0 : tdbio_write_nextcheck (next_expire);
2116 0 : log_info (_("next trustdb check due at %s\n"),
2117 : strtimestamp (next_expire));
2118 : }
2119 :
2120 0 : rc2 = tdbio_update_version_record ();
2121 0 : if (rc2)
2122 : {
2123 0 : log_error (_("unable to update trustdb version record: "
2124 : "write failed: %s\n"), gpg_strerror (rc2));
2125 0 : tdbio_invalid ();
2126 : }
2127 :
2128 0 : do_sync ();
2129 0 : pending_check_trustdb = 0;
2130 : }
2131 :
2132 0 : return rc;
2133 : }
|
