[Pkg-gnupg-commit] [gnupg2] 43/241: gpg: If a key is ultimate trusted, return that in the tofu model.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Dec 9 20:31:51 UTC 2015
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit df57390d68482c5b3fa5ff3a42a29ae1b6cbb23c
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Oct 21 13:35:27 2015 +0200
gpg: If a key is ultimate trusted, return that in the tofu model.
* g10/tofu.c (get_trust): If the policy is auto or none, check if the
key is ultimately trusted. If so, return that.
(tofu_register): If the key is ultimately trusted, don't show any
statistics.
(tofu_get_validity): Likewise.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
Suggested-by: Andre Heinecke <aheinecke at intevation.de>
---
g10/tofu.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 54 insertions(+), 2 deletions(-)
diff --git a/g10/tofu.c b/g10/tofu.c
index 0a23626..b758875 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1295,6 +1295,58 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
return _tofu_GET_TRUST_ERROR;
policy = get_policy (dbs, fingerprint, email, &conflict);
+ if (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_NONE)
+ /* See if the key is ultimately trusted. If so, we're done. */
+ {
+ int i, j;
+ char keyid[17];
+ KEYDB_SEARCH_DESC desc;
+
+ /* We need to convert the fingerprint as a string to a long
+ keyid.
+
+ FINGERPRINT has the form:
+
+ 362D 3527 F53A AD19 71AA FDE6 5885 9975 EE37 CF96
+ -------------------
+
+ The last 16 characters are the long keyid.
+ */
+ assert (strlen (fingerprint) > 4 * 4 + 3);
+ for (i = strlen (fingerprint) - (4 * 4 + 3), j = 0; j < 16; i ++, j ++)
+ {
+ if (fingerprint[i] == ' ')
+ i ++;
+ keyid[j] = fingerprint[i];
+ }
+ keyid[j] = 0;
+
+ rc = classify_user_id (keyid, &desc, 1);
+ if (rc || desc.mode != KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ log_error (_("'%s' is not a valid long keyID\n"), keyid);
+ return _tofu_GET_TRUST_ERROR;
+ }
+
+ if (tdb_keyid_is_utk (desc.u.kid))
+ {
+ if (policy == TOFU_POLICY_NONE)
+ {
+ if (record_binding (dbs, fingerprint, email, user_id,
+ TOFU_POLICY_AUTO, 0) != 0)
+ {
+ log_error (_("error setting TOFU binding's trust level to %s\n"),
+ "auto");
+ trust_level = _tofu_GET_TRUST_ERROR;
+ goto out;
+ }
+ }
+
+ trust_level = TRUST_ULTIMATE;
+ goto out;
+ }
+ }
+
if (policy == TOFU_POLICY_AUTO)
{
policy = opt.tofu_default_policy;
@@ -2261,7 +2313,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
}
die:
- if (may_ask)
+ if (may_ask && trust_level != TRUST_ULTIMATE)
/* It's only appropriate to show the statistics in an interactive
context. */
show_statistics (dbs, fingerprint, email, user_id,
@@ -2367,7 +2419,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
/* An error. */
trust_level = TRUST_UNDEFINED;
- if (may_ask)
+ if (may_ask && trust_level != TRUST_ULTIMATE)
show_statistics (dbs, fingerprint, email, user_id, NULL);
die:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list