[Pkg-gnupg-commit] [gnupg2] 150/166: gpg: Do not require a trustdb for decryption.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 16 22:33:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit e182542e90cbeff4f2ac6c8d71061356d7cdcdea
Author: Werner Koch <wk at gnupg.org>
Date: Tue Feb 28 20:28:56 2017 +0100
gpg: Do not require a trustdb for decryption.
* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
Change to return an error code. Change all callers to to pass False
for NO_CREATE.
(tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test
for a non-existing trustdb. Change all callers to to pass False for
NO_CREATE.
(tdb_get_min_ownertrust): Ditto.
* g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call
init_trustdb for a quick check.
(get_ownertrust_info): Add arg NO_CREATE.
(get_ownertrust_string): Ditto.
* g10/gpgv.c (get_ownertrust_info): Adjust stub.
* g10/test-stubs.c (get_ownertrust_info): Ditto.
* g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
set.
* g10/pubkey-enc.c (get_it): Ditto.
--
Fixes-commit: effa80e0b5fd8cf9e31a984afe391c2406edee8b
For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to
gnupg-devel 'test failure on git master with
decrypt-session-key.scm (and: continuous integration?)'
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/gpgv.c | 3 +-
g10/keyedit.c | 4 +--
g10/keylist.c | 2 +-
g10/mainproc.c | 2 +-
g10/pkclist.c | 2 +-
g10/pubkey-enc.c | 7 ++++-
g10/tdbdump.c | 6 ++--
g10/test-stubs.c | 3 +-
g10/trust.c | 32 +++++++++++++--------
g10/trustdb.c | 85 ++++++++++++++++++++++++++++++++++++++------------------
g10/trustdb.h | 10 +++----
11 files changed, 102 insertions(+), 54 deletions(-)
diff --git a/g10/gpgv.c b/g10/gpgv.c
index ef8d9e0..a6d1add 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -371,9 +371,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
}
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
(void)pk;
+ (void)no_create;
return '?';
}
diff --git a/g10/keyedit.c b/g10/keyedit.c
index ab66d01..892da1a 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -3679,7 +3679,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
(ulong) pk->timestamp, (ulong) pk->expiredate);
if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks))
- es_putc (get_ownertrust_info (pk), fp);
+ es_putc (get_ownertrust_info (pk, 0), fp);
es_putc (':', fp);
es_putc (':', fp);
es_putc (':', fp);
@@ -3896,7 +3896,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
static int did_warn = 0;
trust = get_validity_string (ctrl, pk, NULL);
- otrust = get_ownertrust_string (pk);
+ otrust = get_ownertrust_string (pk, 0);
/* Show a warning once */
if (!did_warn
diff --git a/g10/keylist.c b/g10/keylist.c
index abdcb9f..2684f59 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1232,7 +1232,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
}
if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
- ownertrust_print = get_ownertrust_info (pk);
+ ownertrust_print = get_ownertrust_info (pk, 0);
else
ownertrust_print = 0;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 8e29891..4f8d0be 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1032,7 +1032,7 @@ list_node (CTX c, kbnode_t node)
colon_datestr_from_pk( pk ),
colon_strtime (pk->expiredate) );
if (pk->flags.primary && !opt.fast_list_mode)
- es_putc (get_ownertrust_info (pk), es_stdout);
+ es_putc (get_ownertrust_info (pk, 1), es_stdout);
es_putc (':', es_stdout);
es_putc ('\n', es_stdout);
}
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 4991d20..012f751 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -188,7 +188,7 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
int show=0;
int min_num;
int did_help=defer_help;
- unsigned int minimum = tdb_get_min_ownertrust (pk);
+ unsigned int minimum = tdb_get_min_ownertrust (pk, 0);
switch(minimum)
{
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 1772936..e037c12 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -404,8 +404,13 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
hexfingerprint (pk, pkhex, sizeof pkhex);
hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
+ /* Note that we do not want to create a trustdb just for
+ * getting the ownertrust: If there is no trustdb there can't
+ * be ulitmately trusted key anyway and thus the ownertrust
+ * value is irrelevant. */
write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
- pkhex, mainpkhex, get_ownertrust_info (mainpk));
+ pkhex, mainpkhex,
+ get_ownertrust_info (mainpk, 1));
}
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index be9d1f2..ab2f072 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -70,7 +70,7 @@ list_trustdb (estream_t fp, const char *username)
(void)username;
- init_trustdb();
+ init_trustdb (0);
/* For now we ignore the user ID. */
if (1)
{
@@ -101,7 +101,7 @@ export_ownertrust()
int i;
byte *p;
- init_trustdb();
+ init_trustdb (0);
es_printf (_("# List of assigned trustvalues, created %s\n"
"# (Use \"gpg --import-ownertrust\" to restore them)\n"),
asctimestamp( make_timestamp() ) );
@@ -133,7 +133,7 @@ import_ownertrust( const char *fname )
int any = 0;
int rc;
- init_trustdb();
+ init_trustdb (0);
if( iobuf_is_pipe_filename (fname) ) {
fp = es_stdin;
fname = "[stdin]";
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index 8752f88..a74df20 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -138,9 +138,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
}
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
(void)pk;
+ (void)no_create;
return '?';
}
diff --git a/g10/trust.c b/g10/trust.c
index b1fa3d6..d0ea77e 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -179,17 +179,18 @@ get_ownertrust (PKT_public_key *pk)
(void)pk;
return TRUST_UNKNOWN;
#else
- return tdb_get_ownertrust (pk);
+ return tdb_get_ownertrust (pk, 0);
#endif
}
/*
* Same as get_ownertrust but this takes the minimum ownertrust value
- * into account, and will bump up the value as needed.
+ * into account, and will bump up the value as needed. NO_CREATE
+ * inhibits creation of a trustdb it that does not yet exists.
*/
static int
-get_ownertrust_with_min (PKT_public_key *pk)
+get_ownertrust_with_min (PKT_public_key *pk, int no_create)
{
#ifdef NO_TRUST_MODELS
(void)pk;
@@ -197,8 +198,15 @@ get_ownertrust_with_min (PKT_public_key *pk)
#else
unsigned int otrust, otrust_min;
- otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
- otrust_min = tdb_get_min_ownertrust (pk);
+ /* Shortcut instead of doing the same twice in the two tdb_get
+ * functions: If the caller asked not to create a trustdb we call
+ * init_trustdb directly and allow it to fail with an error code for
+ * a non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
+ otrust = (tdb_get_ownertrust (pk, no_create) & TRUST_MASK);
+ otrust_min = tdb_get_min_ownertrust (pk, no_create);
if (otrust < otrust_min)
{
/* If the trust that the user has set is less than the trust
@@ -217,23 +225,25 @@ get_ownertrust_with_min (PKT_public_key *pk)
/*
* Same as get_ownertrust but return a trust letter instead of an
- * value. This takes the minimum ownertrust value into account.
+ * value. This takes the minimum ownertrust value into account. If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
- return trust_letter (get_ownertrust_with_min (pk));
+ return trust_letter (get_ownertrust_with_min (pk, no_create));
}
/*
* Same as get_ownertrust but return a trust string instead of an
- * value. This takes the minimum ownertrust value into account.
+ * value. This takes the minimum ownertrust value into account. If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/
const char *
-get_ownertrust_string (PKT_public_key *pk)
+get_ownertrust_string (PKT_public_key *pk, int no_create)
{
- return trust_value_to_string (get_ownertrust_with_min (pk));
+ return trust_value_to_string (get_ownertrust_with_min (pk, no_create));
}
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 5f68012..f4df4c8 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -296,9 +296,9 @@ verify_own_keys(void)
keystr(k->kid));
else
{
- tdb_update_ownertrust (&pk,
- ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
- | TRUST_ULTIMATE ));
+ tdb_update_ownertrust
+ (&pk, ((tdb_get_ownertrust (&pk, 0) & ~TRUST_MASK)
+ | TRUST_ULTIMATE ));
release_public_key_parts (&pk);
}
@@ -439,21 +439,34 @@ how_to_fix_the_trustdb ()
}
-void
-init_trustdb ()
+/* Initialize the trustdb. With NO_CREATE set a missing trustdb is
+ * not an error and the function won't terminate the process on error;
+ * in that case 0 is returned if there is a trustdb or an error code
+ * if no trustdb is available. */
+gpg_error_t
+init_trustdb (int no_create)
{
int level = trustdb_args.level;
const char* dbname = trustdb_args.dbname;
if( trustdb_args.init )
- return;
+ return 0;
trustdb_args.init = 1;
if(level==0 || level==1)
{
- int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb);
- if( rc )
+ int rc = tdbio_set_dbname (dbname, (!no_create && level),
+ &trustdb_args.no_trustdb);
+ if (no_create && trustdb_args.no_trustdb)
+ {
+ /* No trustdb found and the caller asked us not to create
+ * it. Return an error and set the initialization state
+ * back so that we always test for an existing trustdb. */
+ trustdb_args.init = 0;
+ return gpg_error (GPG_ERR_ENOENT);
+ }
+ if (rc)
log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
}
else
@@ -493,6 +506,8 @@ init_trustdb ()
if(!tdbio_db_matches_options())
pending_check_trustdb=1;
}
+
+ return 0;
}
@@ -504,7 +519,7 @@ init_trustdb ()
void
check_trustdb (ctrl_t ctrl)
{
- init_trustdb();
+ init_trustdb (0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
{
@@ -541,7 +556,7 @@ check_trustdb (ctrl_t ctrl)
void
update_trustdb (ctrl_t ctrl)
{
- init_trustdb ();
+ init_trustdb (0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (ctrl, 1);
@@ -553,7 +568,7 @@ update_trustdb (ctrl_t ctrl)
void
tdb_revalidation_mark (void)
{
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
@@ -591,7 +606,7 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
{
TRUSTREC opts;
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
memset (&opts, 0, sizeof opts);
else
@@ -622,7 +637,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
{
int rc;
- init_trustdb();
+ init_trustdb (0);
rc = tdbio_search_trust_bypk (pk, rec);
if (rc)
{
@@ -642,12 +657,16 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
return 0;
}
-/****************
- * Return the assigned ownertrust value for the given public key.
- * The key should be the primary key.
+
+/*
+ * Return the assigned ownertrust value for the given public key. The
+ * key should be the primary key. If NO_CREATE is set a missing
+ * trustdb will not be created. This comes for example handy when we
+ * want to print status lines (DECRYPTION_KEY) which carry ownertrust
+ * values but we usually use --always-trust.
*/
unsigned int
-tdb_get_ownertrust ( PKT_public_key *pk)
+tdb_get_ownertrust (PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
@@ -655,6 +674,12 @@ tdb_get_ownertrust ( PKT_public_key *pk)
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
+ /* If the caller asked not to create a trustdb we call init_trustdb
+ * directly and allow it to fail with an error code for a
+ * non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
err = read_trust_record (pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
@@ -669,7 +694,7 @@ tdb_get_ownertrust ( PKT_public_key *pk)
unsigned int
-tdb_get_min_ownertrust (PKT_public_key *pk)
+tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
@@ -677,6 +702,12 @@ tdb_get_min_ownertrust (PKT_public_key *pk)
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
+ /* If the caller asked not to create a trustdb we call init_trustdb
+ * directly and allow it to fail with an error code for a
+ * non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
err = read_trust_record (pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
@@ -808,7 +839,7 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
TRUSTREC rec;
gpg_error_t err;
- init_trustdb ();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0;
@@ -915,7 +946,7 @@ tdb_cache_disabled_value (PKT_public_key *pk)
if (pk->flags.disabled_valid)
return pk->flags.disabled;
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb)
return 0; /* No trustdb => not disabled. */
@@ -950,7 +981,7 @@ tdb_check_trustdb_stale (ctrl_t ctrl)
{
static int did_nextcheck=0;
- init_trustdb ();
+ init_trustdb (0);
if (trustdb_args.no_trustdb)
return; /* No trustdb => can't be stale. */
@@ -1021,7 +1052,7 @@ tdb_get_validity_core (ctrl_t ctrl,
(void)may_ask;
#endif
- init_trustdb ();
+ init_trustdb (0);
/* If we have no trustdb (which also means it has not been created)
and the trust-model is always, we don't know the validity -
@@ -1036,7 +1067,7 @@ tdb_get_validity_core (ctrl_t ctrl,
{
/* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */
- validity = tdb_get_ownertrust (main_pk);
+ validity = tdb_get_ownertrust (main_pk, 0);
goto leave;
}
@@ -1248,7 +1279,7 @@ get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
uid->help_marginal_count=uid->help_full_count=0;
- init_trustdb ();
+ init_trustdb (0);
if(read_trust_record (pk, &trec))
return;
@@ -1353,7 +1384,7 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
{
ot=edit_ownertrust (ctrl, pk, 0);
if(ot>0)
- ot = tdb_get_ownertrust (pk);
+ ot = tdb_get_ownertrust (pk, 0);
else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED;
else
@@ -2142,9 +2173,9 @@ validate_keys (ctrl_t ctrl, int interactive)
k->kid[1]=kid[1];
k->ownertrust =
(tdb_get_ownertrust
- (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
+ (kar->keyblock->pkt->pkt.public_key, 0) & TRUST_MASK);
k->min_ownertrust = tdb_get_min_ownertrust
- (kar->keyblock->pkt->pkt.public_key);
+ (kar->keyblock->pkt->pkt.public_key, 0);
k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value=
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 6081d10..3088063 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -127,7 +127,7 @@ void update_trustdb (ctrl_t ctrl);
int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void);
const char *trust_model_string (int model);
-void init_trustdb( void );
+gpg_error_t init_trustdb (int no_create);
void tdb_check_trustdb_stale (ctrl_t ctrl);
void sync_trustdb( void );
@@ -152,10 +152,10 @@ void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level);
-unsigned int tdb_get_ownertrust (PKT_public_key *pk);
-unsigned int tdb_get_min_ownertrust (PKT_public_key *pk);
-int get_ownertrust_info (PKT_public_key *pk);
-const char *get_ownertrust_string (PKT_public_key *pk);
+unsigned int tdb_get_ownertrust (PKT_public_key *pk, int no_create);
+unsigned int tdb_get_min_ownertrust (PKT_public_key *pk, int no_create);
+int get_ownertrust_info (PKT_public_key *pk, int no_create);
+const char *get_ownertrust_string (PKT_public_key *pk, int no_create);
void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
int tdb_clear_ownertrusts (PKT_public_key *pk);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list