2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
3
* Free Software Foundation, Inc.
5
* This file is part of GnuPG.
7
* GnuPG is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
10
* (at your option) any later version.
12
* GnuPG is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
29
#include <sys/types.h>
35
#endif /* !DISABLE_REGEX */
52
* A structure to store key identification as well as some stuff needed
56
struct key_item *next;
57
unsigned int ownertrust,min_ownertrust;
65
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
68
* Structure to keep track of keys, this is used as an array wherre
69
* the item right after the last one has a keyblock set to NULL.
70
* Maybe we can drop this thing and replace it by key_item
77
/* control information for the trust DB */
85
static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
86
static struct key_item *utk_list; /* all ultimately trusted keys */
88
static int pending_check_trustdb;
90
static int validate_keys (int interactive);
93
/**********************************************
94
************* some helpers *******************
95
**********************************************/
97
static struct key_item *
102
k = xcalloc (1,sizeof *k);
107
release_key_items (struct key_item *k)
114
xfree (k->trust_regexp);
120
* For fast keylook up we need a hash table. Each byte of a KeyIDs
121
* should be distributed equally over the 256 possible values (except
122
* for v3 keyIDs but we consider them as not important here). So we
123
* can just use 10 bits to index a table of 1024 key items.
124
* Possible optimization: Don not use key_items but other hash_table when the
125
* duplicates lists gets too large.
128
new_key_hash_table (void)
130
struct key_item **tbl;
132
tbl = xcalloc (1,1024 * sizeof *tbl);
137
release_key_hash_table (KeyHashTable tbl)
143
for (i=0; i < 1024; i++)
144
release_key_items (tbl[i]);
149
* Returns: True if the keyID is in the given hash table
152
test_key_hash_table (KeyHashTable tbl, u32 *kid)
156
for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
157
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
163
* Add a new key to the hash table. The key is identified by its key ID.
166
add_key_hash_table (KeyHashTable tbl, u32 *kid)
168
struct key_item *k, *kk;
170
for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
171
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
172
return; /* already in table */
174
kk = new_key_item ();
177
kk->next = tbl[(kid[1] & 0x03ff)];
178
tbl[(kid[1] & 0x03ff)] = kk;
182
* Release a key_array
185
release_key_array ( struct key_array *keys )
190
for (k=keys; k->keyblock; k++)
191
release_kbnode (k->keyblock);
197
/*********************************************
198
********** Initialization *****************
199
*********************************************/
204
* Used to register extra ultimately trusted keys - this has to be done
205
* before initializing the validation module.
206
* FIXME: Should be replaced by a function to add those keys to the trustdb.
209
register_trusted_key( const char *string )
211
KEYDB_SEARCH_DESC desc;
214
if (classify_user_id (string, &desc) != KEYDB_SEARCH_MODE_LONG_KID ) {
215
log_error(_("`%s' is not a valid long keyID\n"), string );
220
k->kid[0] = desc.u.kid[0];
221
k->kid[1] = desc.u.kid[1];
222
k->next = user_utk_list;
227
* Helper to add a key to the global list of ultimately trusted keys.
228
* Retruns: true = inserted, false = already in in list.
235
for (k = utk_list; k; k = k->next)
237
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
246
k->ownertrust = TRUST_ULTIMATE;
249
if( opt.verbose > 1 )
250
log_info(_("key %08lX: accepted as trusted key\n"), (ulong)kid[1]);
256
* Verify that all our secret keys are usable and put them into the utk_list.
259
verify_own_keys(void)
269
/* scan the trustdb to find all ultimately trusted keys */
270
for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
272
if ( rec.rectype == RECTYPE_TRUST
273
&& (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
275
byte *fpr = rec.r.trust.fingerprint;
279
/* Problem: We do only use fingerprints in the trustdb but
280
* we need the keyID here to indetify the key; we can only
281
* use that ugly hack to distinguish between 16 and 20
282
* butes fpr - it does not work always so we better change
283
* the whole validation code to only work with
285
fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
286
keyid_from_fingerprint (fpr, fprlen, kid);
288
log_info(_("key %08lX occurs more than once in the trustdb\n"),
293
/* Put any --trusted-key keys into the trustdb */
294
for (k = user_utk_list; k; k = k->next)
296
if ( add_utk (k->kid) )
297
{ /* not yet in trustDB as ultimately trusted */
300
memset (&pk, 0, sizeof pk);
301
rc = get_pubkey (&pk, k->kid);
303
log_info(_("key %08lX: no public key for trusted key - skipped\n"),
307
update_ownertrust (&pk,
308
((get_ownertrust (&pk) & ~TRUST_MASK)
310
release_public_key_parts (&pk);
312
log_info (_("key %08lX marked as ultimately trusted\n"),
318
/* release the helper table table */
319
release_key_items (user_utk_list);
320
user_utk_list = NULL;
325
/*********************************************
326
*********** TrustDB stuff *******************
327
*********************************************/
330
* Read a record but die if it does not exist
333
read_record (ulong recno, TRUSTREC *rec, int rectype )
335
int rc = tdbio_read_record (recno, rec, rectype);
338
log_error(_("trust record %lu, req type %d: read failed: %s\n"),
339
recno, rec->rectype, gpg_strerror (rc) );
342
if (rectype != rec->rectype)
344
log_error(_("trust record %lu is not of requested type %d\n"),
345
rec->recnum, rectype);
351
* Write a record and die on error
354
write_record (TRUSTREC *rec)
356
int rc = tdbio_write_record (rec);
359
log_error(_("trust record %lu, type %d: write failed: %s\n"),
360
rec->recnum, rec->rectype, gpg_strerror (rc) );
366
* sync the TrustDb and die on error
371
int rc = tdbio_sync ();
374
log_error (_("trustdb: sync failed: %s\n"), gpg_strerror (rc) );
380
trust_model_string(void)
382
switch(opt.trust_model)
384
case TM_PGP: return "PGP";
385
case TM_CLASSIC: return "classic";
386
case TM_ALWAYS: return "always";
387
default: return "unknown";
392
* Perform some checks over the trustdb
393
* level 0: only open the db
394
* 1: used for initial program startup
397
setup_trustdb( int level, const char *dbname )
399
/* just store the args */
400
if( trustdb_args.init )
402
trustdb_args.level = level;
403
trustdb_args.dbname = dbname? xstrdup (dbname): NULL;
411
int level = trustdb_args.level;
412
const char* dbname = trustdb_args.dbname;
414
if( trustdb_args.init )
417
trustdb_args.init = 1;
419
if ( !level || level==1)
421
rc = tdbio_set_dbname( dbname, !!level );
427
/* verify that our own keys are in the trustDB
428
* or move them to the trustdb. */
431
/* should we check whether there is no other ultimately trusted
432
* key in the database? */
438
log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
440
if(opt.trust_model==TM_AUTO)
442
/* Try and set the trust model off of whatever the trustdb says
444
opt.trust_model=tdbio_read_model();
446
/* Sanity check this ;) */
447
if(opt.trust_model!=TM_PGP && opt.trust_model!=TM_CLASSIC)
449
log_info(_("unable to use unknown trust model (%d) - "
450
"assuming %s trust model\n"),opt.trust_model,"PGP");
451
opt.trust_model=TM_PGP;
455
log_info(_("using %s trust model\n"),trust_model_string());
458
if((opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
459
&& !tdbio_db_matches_options())
460
pending_check_trustdb=1;
466
/***********************************************
467
************* Print helpers ****************
468
***********************************************/
471
* This function returns a letter for a trustvalue Trust flags
475
trust_letter (unsigned int value)
477
switch( (value & TRUST_MASK) )
479
case TRUST_UNKNOWN: return '-';
480
case TRUST_EXPIRED: return 'e';
481
case TRUST_UNDEFINED: return 'q';
482
case TRUST_NEVER: return 'n';
483
case TRUST_MARGINAL: return 'm';
484
case TRUST_FULLY: return 'f';
485
case TRUST_ULTIMATE: return 'u';
490
/* The strings here are similar to those in
491
pkclist.c:do_edit_ownertrust() */
493
trust_value_to_string (unsigned int value)
495
switch( (value & TRUST_MASK) )
497
case TRUST_UNKNOWN: return _("unknown");
498
case TRUST_EXPIRED: return _("expired");
499
case TRUST_UNDEFINED: return _("undefined");
500
case TRUST_NEVER: return _("never");
501
case TRUST_MARGINAL: return _("marginal");
502
case TRUST_FULLY: return _("full");
503
case TRUST_ULTIMATE: return _("ultimate");
504
default: return "err";
509
string_to_trust_value (const char *str)
511
if(ascii_strcasecmp(str,"undefined")==0)
512
return TRUST_UNDEFINED;
513
else if(ascii_strcasecmp(str,"never")==0)
515
else if(ascii_strcasecmp(str,"marginal")==0)
516
return TRUST_MARGINAL;
517
else if(ascii_strcasecmp(str,"full")==0)
519
else if(ascii_strcasecmp(str,"ultimate")==0)
520
return TRUST_ULTIMATE;
526
* Recreate the WoT but do not ask for new ownertrusts. Special
527
* feature: In batch mode and without a forced yes, this is only done
528
* when a check is due. This can be used to run the check from a crontab
534
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
536
if (opt.batch && !opt.answer_yes)
540
scheduled = tdbio_read_nextcheck ();
543
log_info (_("no need for a trustdb check\n"));
547
if (scheduled > make_timestamp ())
549
log_info (_("next trustdb check due at %s\n"),
550
strtimestamp (scheduled));
558
log_info (_("no need for a trustdb check with \"%s\" trust model\n"),
559
trust_model_string());
570
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
573
log_info (_("no need for a trustdb update with \"%s\" trust model\n"),
574
trust_model_string());
578
revalidation_mark (void)
581
/* we simply set the time for the next check to 1 (far back in 1970)
582
* so that a --update-trustdb will be scheduled */
583
if (tdbio_write_nextcheck (1))
585
pending_check_trustdb = 1;
589
trustdb_pending_check(void)
591
return pending_check_trustdb;
595
read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
596
byte *marginals,byte *completes,byte *cert_depth)
602
read_record(0,&opts,RECTYPE_VER);
605
*trust_model=opts.r.ver.trust_model;
607
*created=opts.r.ver.created;
609
*nextcheck=opts.r.ver.nextcheck;
611
*marginals=opts.r.ver.marginals;
613
*completes=opts.r.ver.completes;
615
*cert_depth=opts.r.ver.cert_depth;
620
/***********************************************
621
*********** Ownertrust et al. ****************
622
***********************************************/
625
read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
630
rc = tdbio_search_trust_bypk (pk, rec);
632
return -1; /* no record yet */
635
log_error ("trustdb: searching trust record failed: %s\n",
640
if (rec->rectype != RECTYPE_TRUST)
642
log_error ("trustdb: record %lu is not a trust record\n",
644
return GPG_ERR_TRUSTDB;
651
* Return the assigned ownertrust value for the given public key.
652
* The key should be the primary key.
655
get_ownertrust ( PKT_public_key *pk)
660
rc = read_trust_record (pk, &rec);
662
return TRUST_UNKNOWN; /* no record yet */
666
return rc; /* actually never reached */
669
return rec.r.trust.ownertrust;
673
get_min_ownertrust (PKT_public_key *pk)
678
rc = read_trust_record (pk, &rec);
680
return TRUST_UNKNOWN; /* no record yet */
684
return rc; /* actually never reached */
687
return rec.r.trust.min_ownertrust;
691
* Same as get_ownertrust but this takes the minimum ownertrust value
692
* into into account, and will bump up the value as needed.
695
get_ownertrust_with_min (PKT_public_key *pk)
697
unsigned int otrust,otrust_min;
699
otrust = (get_ownertrust (pk) & TRUST_MASK);
700
otrust_min = get_min_ownertrust (pk);
701
if(otrust<otrust_min)
703
/* If the trust that the user has set is less than the trust
704
that was calculated from a trust signature chain, use the
705
higher of the two. We do this here and not in
706
get_ownertrust since the underlying ownertrust should not
707
really be set - just the appearance of the ownertrust. */
716
* Same as get_ownertrust but return a trust letter instead of an
717
* value. This takes the minimum ownertrust value into account.
720
get_ownertrust_info (PKT_public_key *pk)
722
return trust_letter(get_ownertrust_with_min(pk));
726
* Same as get_ownertrust but return a trust string instead of an
727
* value. This takes the minimum ownertrust value into account.
730
get_ownertrust_string (PKT_public_key *pk)
732
return trust_value_to_string(get_ownertrust_with_min(pk));
736
* Set the trust value of the given public key to the new value.
737
* The key should be a primary one.
740
update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
745
rc = read_trust_record (pk, &rec);
749
log_debug ("update ownertrust from %u to %u\n",
750
(unsigned int)rec.r.trust.ownertrust, new_trust );
751
if (rec.r.trust.ownertrust != new_trust)
753
rec.r.trust.ownertrust = new_trust;
754
write_record( &rec );
755
revalidation_mark ();
760
{ /* no record yet - create a new one */
764
log_debug ("insert ownertrust %u\n", new_trust );
766
memset (&rec, 0, sizeof rec);
767
rec.recnum = tdbio_new_recnum ();
768
rec.rectype = RECTYPE_TRUST;
769
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
770
rec.r.trust.ownertrust = new_trust;
772
revalidation_mark ();
783
update_min_ownertrust (u32 *kid, unsigned int new_trust )
789
pk = xcalloc (1,sizeof *pk);
790
rc = get_pubkey (pk, kid);
793
log_error (_("public key %08lX not found: %s\n"),
794
(ulong)kid[1], gpg_strerror (rc) );
798
rc = read_trust_record (pk, &rec);
802
log_debug ("key %08lX: update min_ownertrust from %u to %u\n",
803
(ulong)kid[1],(unsigned int)rec.r.trust.min_ownertrust,
805
if (rec.r.trust.min_ownertrust != new_trust)
807
rec.r.trust.min_ownertrust = new_trust;
808
write_record( &rec );
809
revalidation_mark ();
814
{ /* no record yet - create a new one */
818
log_debug ("insert min_ownertrust %u\n", new_trust );
820
memset (&rec, 0, sizeof rec);
821
rec.recnum = tdbio_new_recnum ();
822
rec.rectype = RECTYPE_TRUST;
823
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
824
rec.r.trust.min_ownertrust = new_trust;
826
revalidation_mark ();
836
/* Clear the ownertrust and min_ownertrust values. Return true if a
837
change actually happened. */
839
clear_ownertrusts (PKT_public_key *pk)
844
rc = read_trust_record (pk, &rec);
849
log_debug ("clearing ownertrust (old value %u)\n",
850
(unsigned int)rec.r.trust.ownertrust);
851
log_debug ("clearing min_ownertrust (old value %u)\n",
852
(unsigned int)rec.r.trust.min_ownertrust);
854
if (rec.r.trust.ownertrust || rec.r.trust.min_ownertrust)
856
rec.r.trust.ownertrust = 0;
857
rec.r.trust.min_ownertrust = 0;
858
write_record( &rec );
859
revalidation_mark ();
872
* Note: Caller has to do a sync
875
update_validity (PKT_public_key *pk, PKT_user_id *uid,
876
int depth, int validity)
882
namehash_from_uid(uid);
884
rc = read_trust_record (pk, &trec);
890
if (rc == -1) /* no record yet - create a new one */
895
memset (&trec, 0, sizeof trec);
896
trec.recnum = tdbio_new_recnum ();
897
trec.rectype = RECTYPE_TRUST;
898
fingerprint_from_pk (pk, trec.r.trust.fingerprint, &dummy);
899
trec.r.trust.ownertrust = 0;
902
/* locate an existing one */
903
recno = trec.r.trust.validlist;
906
read_record (recno, &vrec, RECTYPE_VALID);
907
if ( !memcmp (vrec.r.valid.namehash, uid->namehash, 20) )
909
recno = vrec.r.valid.next;
912
if (!recno) /* insert a new validity record */
914
memset (&vrec, 0, sizeof vrec);
915
vrec.recnum = tdbio_new_recnum ();
916
vrec.rectype = RECTYPE_VALID;
917
memcpy (vrec.r.valid.namehash, uid->namehash, 20);
918
vrec.r.valid.next = trec.r.trust.validlist;
919
trec.r.trust.validlist = vrec.recnum;
921
vrec.r.valid.validity = validity;
922
vrec.r.valid.full_count = uid->help_full_count;
923
vrec.r.valid.marginal_count = uid->help_marginal_count;
924
write_record (&vrec);
925
trec.r.trust.depth = depth;
926
write_record (&trec);
930
/* reset validity for all user IDs. Caller must sync. */
932
clear_validity (PKT_public_key *pk)
939
rc = read_trust_record (pk, &trec);
945
if (rc == -1) /* no record yet - no need to clear it then ;-) */
948
/* Clear minimum ownertrust, if any */
949
if(trec.r.trust.min_ownertrust)
951
trec.r.trust.min_ownertrust=0;
955
recno = trec.r.trust.validlist;
958
read_record (recno, &vrec, RECTYPE_VALID);
959
if ((vrec.r.valid.validity & TRUST_MASK)
960
|| vrec.r.valid.marginal_count || vrec.r.valid.full_count)
962
vrec.r.valid.validity &= ~TRUST_MASK;
963
vrec.r.valid.marginal_count = vrec.r.valid.full_count = 0;
964
write_record (&vrec);
967
recno = vrec.r.valid.next;
973
/***********************************************
974
********* Query trustdb values **************
975
***********************************************/
977
/* Return true if key is disabled */
979
cache_disabled_value(PKT_public_key *pk)
986
return (pk->is_disabled==2);
990
rc = read_trust_record (pk, &trec);
996
if (rc == -1) /* no record found, so assume not disabled */
999
if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
1002
/* Cache it for later so we don't need to look at the trustdb every
1014
* Return the validity information for PK. If the namehash is not
1015
* NULL, the validity of the corresponsing user ID is returned,
1016
* otherwise, a reasonable value for the entire key is returned.
1019
get_validity (PKT_public_key *pk, PKT_user_id *uid)
1021
static int did_nextcheck;
1022
TRUSTREC trec, vrec;
1025
unsigned int validity;
1027
PKT_public_key *main_pk;
1030
namehash_from_uid(uid);
1034
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
1039
scheduled = tdbio_read_nextcheck ();
1040
if (scheduled && scheduled <= make_timestamp ())
1042
if (opt.no_auto_check_trustdb)
1044
pending_check_trustdb = 1;
1045
log_info (_("please do a --check-trustdb\n"));
1049
log_info (_("checking the trustdb\n"));
1055
keyid_from_pk (pk, kid);
1056
if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
1057
{ /* this is a subkey - get the mainkey */
1058
main_pk = xcalloc (1,sizeof *main_pk);
1059
rc = get_pubkey (main_pk, pk->main_keyid);
1062
log_error ("error getting main key %08lX of subkey %08lX: %s\n",
1063
(ulong)pk->main_keyid[1], (ulong)kid[1], gpg_strerror (rc));
1064
validity = TRUST_UNKNOWN;
1071
rc = read_trust_record (main_pk, &trec);
1077
if (rc == -1) /* no record found */
1079
validity = TRUST_UNKNOWN;
1083
/* loop over all user IDs */
1084
recno = trec.r.trust.validlist;
1088
read_record (recno, &vrec, RECTYPE_VALID);
1092
/* If a user ID is given we return the validity for that
1093
user ID ONLY. If the namehash is not found, then there
1094
is no validity at all (i.e. the user ID wasn't
1096
if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
1098
validity=(vrec.r.valid.validity & TRUST_MASK);
1104
/* If no namehash is given, we take the maximum validity
1105
over all user IDs */
1106
if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
1107
validity = (vrec.r.valid.validity & TRUST_MASK);
1110
recno = vrec.r.valid.next;
1113
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
1115
validity |= TRUST_FLAG_DISABLED;
1122
/* set some flags direct from the key */
1123
if (main_pk->is_revoked)
1124
validity |= TRUST_FLAG_REVOKED;
1125
if (main_pk != pk && pk->is_revoked)
1126
validity |= TRUST_FLAG_SUB_REVOKED;
1127
/* Note: expiration is a trust value and not a flag - don't know why
1128
* I initially designed it that way */
1129
if (main_pk->has_expired || pk->has_expired)
1130
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
1132
if (pending_check_trustdb)
1133
validity |= TRUST_FLAG_PENDING_CHECK;
1136
free_public_key (main_pk);
1141
get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
1145
trustlevel = get_validity (pk, uid);
1146
if( trustlevel & TRUST_FLAG_REVOKED )
1148
return trust_letter ( trustlevel );
1152
get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
1156
trustlevel = get_validity (pk, uid);
1157
if( trustlevel & TRUST_FLAG_REVOKED )
1158
return _("revoked");
1159
return trust_value_to_string(trustlevel);
1163
get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
1165
TRUSTREC trec, vrec;
1168
if(pk==NULL || uid==NULL)
1171
namehash_from_uid(uid);
1173
uid->help_marginal_count=uid->help_full_count=0;
1177
if(read_trust_record (pk, &trec)!=0)
1180
/* loop over all user IDs */
1181
recno = trec.r.trust.validlist;
1184
read_record (recno, &vrec, RECTYPE_VALID);
1186
if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
1188
uid->help_marginal_count=vrec.r.valid.marginal_count;
1189
uid->help_full_count=vrec.r.valid.full_count;
1190
/* printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
1194
recno = vrec.r.valid.next;
1199
list_trust_path( const char *username )
1204
* Enumerate all keys, which are needed to build all trust paths for
1205
* the given key. This function does not return the key itself or
1206
* the ultimate key (the last point in cerificate chain). Only
1207
* certificate chains which ends up at an ultimately trusted key
1208
* are listed. If ownertrust or validity is not NULL, the corresponding
1209
* value for the returned LID is also returned in these variable(s).
1211
* 1) create a void pointer and initialize it to NULL
1212
* 2) pass this void pointer by reference to this function.
1213
* Set lid to the key you want to enumerate and pass it by reference.
1214
* 3) call this function as long as it does not return -1
1215
* to indicate EOF. LID does contain the next key used to build the web
1216
* 4) Always call this function a last time with LID set to NULL,
1217
* so that it can free its context.
1219
* Returns: -1 on EOF or the level of the returned LID
1222
enum_cert_paths( void **context, ulong *lid,
1223
unsigned *ownertrust, unsigned *validity )
1230
* Print the current path
1233
enum_cert_paths_print( void **context, FILE *fp,
1234
int refresh, ulong selected_lid )
1241
/****************************************
1242
*********** NEW NEW NEW ****************
1243
****************************************/
1246
ask_ownertrust (u32 *kid,int minimum)
1252
pk = xcalloc (1,sizeof *pk);
1253
rc = get_pubkey (pk, kid);
1256
log_error (_("public key %08lX not found: %s\n"),
1257
(ulong)kid[1], gpg_strerror (rc) );
1258
return TRUST_UNKNOWN;
1261
if(opt.force_ownertrust)
1263
log_info("force trust for key %08lX%08lX to %s\n",
1264
(ulong)kid[0],(ulong)kid[1],
1265
trust_value_to_string(opt.force_ownertrust));
1266
update_ownertrust(pk,opt.force_ownertrust);
1267
ot=opt.force_ownertrust;
1271
ot=edit_ownertrust(pk,0);
1273
ot = get_ownertrust (pk);
1275
ot = minimum?minimum:TRUST_UNDEFINED;
1280
free_public_key( pk );
1287
mark_keyblock_seen (KeyHashTable tbl, KBNODE node)
1289
for ( ;node; node = node->next )
1290
if (node->pkt->pkttype == PKT_PUBLIC_KEY
1291
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1295
keyid_from_pk (node->pkt->pkt.public_key, aki);
1296
add_key_hash_table (tbl, aki);
1302
dump_key_array (int depth, struct key_array *keys)
1304
struct key_array *kar;
1306
for (kar=keys; kar->keyblock; kar++)
1308
KBNODE node = kar->keyblock;
1311
keyid_from_pk(node->pkt->pkt.public_key, kid);
1312
printf ("%d:%08lX%08lX:K::%c::::\n",
1313
depth, (ulong)kid[0], (ulong)kid[1], '?');
1315
for (; node; node = node->next)
1317
if (node->pkt->pkttype == PKT_USER_ID)
1319
int len = node->pkt->pkt.user_id->len;
1323
printf ("%d:%08lX%08lX:U:::%c:::",
1324
depth, (ulong)kid[0], (ulong)kid[1],
1325
(node->flag & 4)? 'f':
1326
(node->flag & 2)? 'm':
1327
(node->flag & 1)? 'q':'-');
1328
print_string (stdout, node->pkt->pkt.user_id->name, len, ':');
1338
store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
1344
for (node=keyblock; node; node = node->next)
1346
if (node->pkt->pkttype == PKT_USER_ID)
1348
PKT_user_id *uid = node->pkt->pkt.user_id;
1350
status = TRUST_FULLY;
1351
else if (node->flag & 2)
1352
status = TRUST_MARGINAL;
1353
else if (node->flag & 1)
1354
status = TRUST_UNDEFINED;
1360
update_validity (keyblock->pkt->pkt.public_key,
1361
uid, depth, status);
1363
mark_keyblock_seen(stored,keyblock);
1375
* check whether the signature sig is in the klist k
1377
static struct key_item *
1378
is_in_klist (struct key_item *k, PKT_signature *sig)
1380
for (; k; k = k->next)
1382
if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
1389
* Mark the signature of the given UID which are used to certify it.
1390
* To do this, we first revmove all signatures which are not valid and
1391
* from the remain ones we look for the latest one. If this is not a
1392
* certification revocation signature we mark the signature by setting
1393
* node flag bit 8. Note that flag bits 9 and 10 are used for internal
1397
mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
1398
u32 *main_kid, struct key_item *klist,
1399
u32 curtime, u32 *next_expire)
1404
/* first check all signatures */
1405
for (node=uidnode->next; node; node = node->next)
1407
node->flag &= ~(1<<8 | 1<<9 | 1<<10);
1408
if (node->pkt->pkttype == PKT_USER_ID
1409
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1411
if (node->pkt->pkttype != PKT_SIGNATURE)
1414
sig = node->pkt->pkt.signature;
1415
if (sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
1416
continue; /* ignore self-signatures */
1417
if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
1418
continue; /* we only look at these signature classes */
1419
if (!is_in_klist (klist, sig))
1420
continue; /* no need to check it then */
1421
if (check_key_signature (keyblock, node, NULL))
1422
continue; /* ignore invalid signatures */
1425
/* reset the remaining flags */
1426
for (; node; node = node->next)
1427
node->flag &= ~(1<<8 | 1<<9 | 1 << 10);
1429
/* kbnode flag usage: bit 9 is here set for signatures to consider,
1430
* bit 10 will be set by the loop to keep track of keyIDs already
1431
* processed, bit 8 will be set for the usable signatures */
1433
/* for each cert figure out the latest valid one */
1434
for (node=uidnode->next; node; node = node->next)
1440
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1442
if ( !(node->flag & (1<<9)) )
1443
continue; /* not a node to look at */
1444
if ( (node->flag & (1<<10)) )
1445
continue; /* signature with a keyID already processed */
1446
node->flag |= (1<<10); /* mark this node as processed */
1447
sig = node->pkt->pkt.signature;
1449
sigdate = sig->timestamp;
1450
kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
1451
for (n=uidnode->next; n; n = n->next)
1453
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1455
if ( !(n->flag & (1<<9)) )
1457
if ( (n->flag & (1<<10)) )
1458
continue; /* shortcut already processed signatures */
1459
sig = n->pkt->pkt.signature;
1460
if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
1462
n->flag |= (1<<10); /* mark this node as processed */
1464
/* If signode is nonrevocable and unexpired and n isn't,
1465
then take signode (skip). It doesn't matter which is
1466
older: if signode was older then we don't want to take n
1467
as signode is nonrevocable. If n was older then we're
1468
automatically fine. */
1470
if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
1471
!signode->pkt->pkt.signature->flags.revocable &&
1472
(signode->pkt->pkt.signature->expiredate==0 ||
1473
signode->pkt->pkt.signature->expiredate>curtime))) &&
1474
(!(IS_UID_SIG(n->pkt->pkt.signature) &&
1475
!n->pkt->pkt.signature->flags.revocable &&
1476
(n->pkt->pkt.signature->expiredate==0 ||
1477
n->pkt->pkt.signature->expiredate>curtime))))
1480
/* If n is nonrevocable and unexpired and signode isn't,
1481
then take n. Again, it doesn't matter which is older: if
1482
n was older then we don't want to take signode as n is
1483
nonrevocable. If signode was older then we're
1484
automatically fine. */
1486
if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
1487
!signode->pkt->pkt.signature->flags.revocable &&
1488
(signode->pkt->pkt.signature->expiredate==0 ||
1489
signode->pkt->pkt.signature->expiredate>curtime))) &&
1490
((IS_UID_SIG(n->pkt->pkt.signature) &&
1491
!n->pkt->pkt.signature->flags.revocable &&
1492
(n->pkt->pkt.signature->expiredate==0 ||
1493
n->pkt->pkt.signature->expiredate>curtime))))
1496
sigdate = sig->timestamp;
1500
/* At this point, if it's newer, it goes in as the only
1501
remaining possibilities are signode and n are both either
1502
revocable or expired or both nonrevocable and unexpired.
1503
If the timestamps are equal take the later ordered
1504
packet, presuming that the key packets are hopefully in
1505
their original order. */
1507
if (sig->timestamp >= sigdate)
1510
sigdate = sig->timestamp;
1513
sig = signode->pkt->pkt.signature;
1514
if (IS_UID_SIG (sig))
1515
{ /* this seems to be a usable one which is not revoked.
1516
* Just need to check whether there is an expiration time,
1517
* We do the expired certification after finding a suitable
1518
* certification, the assumption is that a signator does not
1519
* want that after the expiration of his certificate the
1520
* system falls back to an older certification which has a
1521
* different expiration time */
1525
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
1526
expire = p? sig->timestamp + buffer_to_u32(p) : 0;
1528
if (expire==0 || expire > curtime )
1530
signode->flag |= (1<<8); /* yeah, found a good cert */
1531
if (expire && expire < *next_expire)
1532
*next_expire = expire;
1538
/* Used by validate_one_keyblock to confirm a regexp within a trust
1539
signature. Returns 1 for match, and 0 for no match or regex
1542
check_regexp(const char *expr,const char *string)
1544
#ifdef DISABLE_REGEX
1545
/* When DISABLE_REGEX is defined, assume all regexps do not
1548
#elif defined(__riscos__)
1549
return riscos_check_regexp(expr, string, DBG_TRUST);
1554
if(regcomp(&pat,expr,REG_ICASE|REG_NOSUB|REG_EXTENDED)!=0)
1557
ret=regexec(&pat,string,0,NULL,0);
1562
log_debug("regexp \"%s\" on \"%s\": %s\n",expr,string,ret==0?"YES":"NO");
1569
* Return true if the key is signed by one of the keys in the given
1570
* key ID list. User IDs with a valid signature are marked by node
1572
* flag bit 0: There is at least one signature
1573
* 1: There is marginal confidence that this is a legitimate uid
1574
* 2: There is full confidence that this is a legitimate uid.
1575
* 8: Used for internal purposes.
1576
* 9: Ditto (in mark_usable_uid_certs())
1578
* This function assumes that all kbnode flags are cleared on entry.
1581
validate_one_keyblock (KBNODE kb, struct key_item *klist,
1582
u32 curtime, u32 *next_expire)
1584
struct key_item *kr;
1585
KBNODE node, uidnode=NULL;
1586
PKT_user_id *uid=NULL;
1587
PKT_public_key *pk = kb->pkt->pkt.public_key;
1589
int issigned=0, any_signed = 0;
1591
keyid_from_pk(pk, main_kid);
1592
for (node=kb; node; node = node->next)
1594
/* A bit of discussion here: is it better for the web of trust
1595
to be built among only self-signed uids? On the one hand, a
1596
self-signed uid is a statement that the key owner definitely
1597
intended that uid to be there, but on the other hand, a
1598
signed (but not self-signed) uid does carry trust, of a sort,
1599
even if it is a statement being made by people other than the
1600
key owner "through" the uids on the key owner's key. I'm
1601
going with the latter. However, if the user ID was
1602
explicitly revoked, or passively allowed to expire, that
1603
should stop validity through the user ID until it is
1606
if (node->pkt->pkttype == PKT_USER_ID
1607
&& !node->pkt->pkt.user_id->is_revoked
1608
&& !node->pkt->pkt.user_id->is_expired)
1610
if (uidnode && issigned)
1612
if (uid->help_full_count >= opt.completes_needed
1613
|| uid->help_marginal_count >= opt.marginals_needed )
1615
else if (uid->help_full_count || uid->help_marginal_count)
1621
uid=uidnode->pkt->pkt.user_id;
1623
/* If the selfsig is going to expire... */
1624
if(uid->expiredate && uid->expiredate<*next_expire)
1625
*next_expire = uid->expiredate;
1628
get_validity_counts(pk,uid);
1629
mark_usable_uid_certs (kb, uidnode, main_kid, klist,
1630
curtime, next_expire);
1632
else if (node->pkt->pkttype == PKT_SIGNATURE
1633
&& (node->flag & (1<<8)) && uid)
1635
/* Note that we are only seeing unrevoked sigs here */
1636
PKT_signature *sig = node->pkt->pkt.signature;
1638
kr = is_in_klist (klist, sig);
1639
/* If the trust_regexp does not match, it's as if the sig
1640
did not exist. This is safe for non-trust sigs as well
1641
since we don't accept a regexp on the sig unless it's a
1643
if (kr && (kr->trust_regexp==NULL || opt.trust_model!=TM_PGP ||
1644
(uidnode && check_regexp(kr->trust_regexp,
1645
uidnode->pkt->pkt.user_id->name))))
1647
if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth)
1648
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
1649
uidnode->pkt->pkt.user_id->name,sig->trust_depth,
1652
/* Are we part of a trust sig chain? We always favor
1653
the latest trust sig, rather than the greater or
1654
lesser trust sig or value. I could make a decent
1655
argument for any of these cases, but this seems to be
1656
what PGP does, and I'd like to be compatible. -dms */
1657
if(opt.trust_model==TM_PGP && sig->trust_depth
1658
&& pk->trust_timestamp<=sig->timestamp
1659
&& (sig->trust_depth<=kr->trust_depth
1660
|| kr->ownertrust==TRUST_ULTIMATE))
1662
/* If we got here, we know that:
1664
this is a trust sig.
1666
it's a newer trust sig than any previous trust
1667
sig on this key (not uid).
1669
it is legal in that it was either generated by an
1670
ultimate key, or a key that was part of a trust
1671
chain, and the depth does not violate the
1674
if there is a regexp attached, it matched
1679
log_debug("replacing trust value %d with %d and "
1680
"depth %d with %d\n",
1681
pk->trust_value,sig->trust_value,
1682
pk->trust_depth,sig->trust_depth);
1684
pk->trust_value=sig->trust_value;
1685
pk->trust_depth=sig->trust_depth-1;
1687
/* If the trust sig contains a regexp, record it
1688
on the pk for the next round. */
1689
if(sig->trust_regexp)
1690
pk->trust_regexp=sig->trust_regexp;
1693
if (kr->ownertrust == TRUST_ULTIMATE)
1694
uid->help_full_count = opt.completes_needed;
1695
else if (kr->ownertrust == TRUST_FULLY)
1696
uid->help_full_count++;
1697
else if (kr->ownertrust == TRUST_MARGINAL)
1698
uid->help_marginal_count++;
1704
if (uidnode && issigned)
1706
if (uid->help_full_count >= opt.completes_needed
1707
|| uid->help_marginal_count >= opt.marginals_needed )
1709
else if (uid->help_full_count || uid->help_marginal_count)
1720
search_skipfnc (void *opaque, u32 *kid)
1722
return test_key_hash_table ((KeyHashTable)opaque, kid);
1727
* Scan all keys and return a key_array of all suitable keys from
1728
* kllist. The caller has to pass keydb handle so that we don't use
1729
* to create our own. Returns either a key_array or NULL in case of
1730
* an error. No results found are indicated by an empty array.
1731
* Caller hast to release the returned array.
1733
static struct key_array *
1734
validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
1735
struct key_item *klist, u32 curtime, u32 *next_expire)
1737
KBNODE keyblock = NULL;
1738
struct key_array *keys = NULL;
1739
size_t nkeys, maxkeys;
1741
KEYDB_SEARCH_DESC desc;
1744
keys = xmalloc ((maxkeys+1) * sizeof *keys);
1747
rc = keydb_search_reset (hd);
1750
log_error ("keydb_search_reset failed: %s\n", gpg_strerror (rc));
1755
memset (&desc, 0, sizeof desc);
1756
desc.mode = KEYDB_SEARCH_MODE_FIRST;
1757
desc.skipfnc = search_skipfnc;
1758
desc.skipfncvalue = full_trust;
1759
rc = keydb_search (hd, &desc, 1);
1762
keys[nkeys].keyblock = NULL;
1767
log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
1772
desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
1777
rc = keydb_get_keyblock (hd, &keyblock);
1780
log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
1785
if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
1787
log_debug ("ooops: invalid pkttype %d encountered\n",
1788
keyblock->pkt->pkttype);
1789
dump_kbnode (keyblock);
1790
release_kbnode(keyblock);
1794
/* prepare the keyblock for further processing */
1795
merge_keys_and_selfsig (keyblock);
1796
clear_kbnode_flags (keyblock);
1797
pk = keyblock->pkt->pkt.public_key;
1798
if (pk->has_expired || pk->is_revoked)
1800
/* it does not make sense to look further at those keys */
1801
mark_keyblock_seen (full_trust, keyblock);
1803
else if (validate_one_keyblock (keyblock, klist, curtime, next_expire))
1807
if (pk->expiredate && pk->expiredate >= curtime
1808
&& pk->expiredate < *next_expire)
1809
*next_expire = pk->expiredate;
1811
if (nkeys == maxkeys) {
1813
keys = xrealloc (keys, (maxkeys+1) * sizeof *keys);
1815
keys[nkeys++].keyblock = keyblock;
1817
/* Optimization - if all uids are fully trusted, then we
1818
never need to consider this key as a candidate again. */
1820
for (node=keyblock; node; node = node->next)
1821
if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & 4))
1825
mark_keyblock_seen (full_trust, keyblock);
1830
release_kbnode (keyblock);
1833
while ( !(rc = keydb_search (hd, &desc, 1)) );
1836
log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
1841
keys[nkeys].keyblock = NULL;
1845
/* Caller must sync */
1847
reset_trust_records (KEYDB_HANDLE hd, KeyHashTable exclude)
1850
KBNODE keyblock = NULL;
1851
KEYDB_SEARCH_DESC desc;
1852
int count = 0, nreset = 0;
1854
rc = keydb_search_reset (hd);
1857
log_error ("keydb_search_reset failed: %s\n", gpg_strerror (rc));
1861
memset (&desc, 0, sizeof desc);
1862
desc.mode = KEYDB_SEARCH_MODE_FIRST;
1865
desc.skipfnc = search_skipfnc;
1866
desc.skipfncvalue = exclude;
1868
rc = keydb_search (hd, &desc, 1);
1869
if (rc && rc != -1 )
1870
log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
1873
desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
1876
rc = keydb_get_keyblock (hd, &keyblock);
1879
log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
1884
if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) /* paranoid assertion*/
1886
nreset += clear_validity (keyblock->pkt->pkt.public_key);
1887
release_kbnode (keyblock);
1890
while ( !(rc = keydb_search (hd, &desc, 1)) );
1892
log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
1895
log_info (_("%d keys processed (%d validity counts cleared)\n"),
1900
* Run the key validation procedure.
1902
* This works this way:
1903
* Step 1: Find all ultimately trusted keys (UTK).
1904
* mark them all as seen and put them into klist.
1905
* Step 2: loop max_cert_times
1906
* Step 3: if OWNERTRUST of any key in klist is undefined
1907
* ask user to assign ownertrust
1908
* Step 4: Loop over all keys in the keyDB which are not marked seen
1909
* Step 5: if key is revoked or expired
1911
* continue loop at Step 4
1912
* Step 6: For each user ID of that key signed by a key in klist
1913
* Calculate validity by counting trusted signatures.
1914
* Set validity of user ID
1915
* Step 7: If any signed user ID was found
1918
* Step 8: Build a new klist from all fully trusted keys from step 6
1924
validate_keys (int interactive)
1928
struct key_item *klist = NULL;
1930
struct key_array *keys = NULL;
1931
struct key_array *kar;
1932
KEYDB_HANDLE kdb = NULL;
1936
int ot_unknown, ot_undefined, ot_never, ot_marginal, ot_full, ot_ultimate;
1937
KeyHashTable stored,used,full_trust;
1938
u32 start_time, next_expire;
1940
start_time = make_timestamp ();
1941
next_expire = 0xffffffff; /* set next expire to the year 2106 */
1942
stored = new_key_hash_table ();
1943
used = new_key_hash_table ();
1944
full_trust = new_key_hash_table ();
1945
/* Fixme: Instead of always building a UTK list, we could just build it
1946
* here when needed */
1949
log_info (_("no ultimately trusted keys found\n"));
1953
kdb = keydb_new (0);
1955
reset_trust_records (kdb,NULL);
1957
/* mark all UTKs as used and fully_trusted and set validity to
1959
for (k=utk_list; k; k = k->next)
1964
keyblock = get_pubkeyblock (k->kid);
1967
log_error (_("public key of ultimately"
1968
" trusted key %08lX not found\n"), (ulong)k->kid[1]);
1971
mark_keyblock_seen (used, keyblock);
1972
mark_keyblock_seen (stored, keyblock);
1973
mark_keyblock_seen (full_trust, keyblock);
1974
pk = keyblock->pkt->pkt.public_key;
1975
for (node=keyblock; node; node = node->next)
1977
if (node->pkt->pkttype == PKT_USER_ID)
1978
update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE);
1980
if ( pk->expiredate && pk->expiredate >= start_time
1981
&& pk->expiredate < next_expire)
1982
next_expire = pk->expiredate;
1984
release_kbnode (keyblock);
1990
log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"),
1991
opt.marginals_needed,opt.completes_needed,trust_model_string());
1993
for (depth=0; depth < opt.max_cert_depth; depth++)
1995
/* See whether we should assign ownertrust values to the keys in
1997
ot_unknown = ot_undefined = ot_never = 0;
1998
ot_marginal = ot_full = ot_ultimate = 0;
1999
for (k=klist; k; k = k->next)
2003
/* 120 and 60 are as per RFC2440 */
2004
if(k->trust_value>=120)
2006
else if(k->trust_value>=60)
2009
if(min!=k->min_ownertrust)
2010
update_min_ownertrust(k->kid,min);
2012
if (interactive && k->ownertrust == TRUST_UNKNOWN)
2014
k->ownertrust = ask_ownertrust (k->kid,min);
2016
if (k->ownertrust == -1)
2023
/* This can happen during transition from an old trustdb
2024
before trust sigs. It can also happen if a user uses two
2025
different versions of GnuPG or changes the --trust-model
2027
if(k->ownertrust<min)
2030
log_debug("key %08lX: "
2031
"overriding ownertrust \"%s\" with \"%s\"\n",
2033
trust_value_to_string(k->ownertrust),
2034
trust_value_to_string(min));
2039
if (k->ownertrust == TRUST_UNKNOWN)
2041
else if (k->ownertrust == TRUST_UNDEFINED)
2043
else if (k->ownertrust == TRUST_NEVER)
2045
else if (k->ownertrust == TRUST_MARGINAL)
2047
else if (k->ownertrust == TRUST_FULLY)
2049
else if (k->ownertrust == TRUST_ULTIMATE)
2053
/* Find all keys which are signed by a key in kdlist */
2054
keys = validate_key_list (kdb, full_trust, klist,
2055
start_time, &next_expire);
2058
log_error ("validate_key_list failed\n");
2059
rc = GPG_ERR_GENERAL;
2063
for (key_count=0, kar=keys; kar->keyblock; kar++, key_count++)
2066
/* Store the calculated valididation status somewhere */
2067
if (opt.verbose > 1)
2068
dump_key_array (depth, keys);
2070
for (kar=keys; kar->keyblock; kar++)
2071
store_validation_status (depth, kar->keyblock, stored);
2073
log_info (_("checking at depth %d valid=%d"
2074
" ot(-/q/n/m/f/u)=%d/%d/%d/%d/%d/%d\n"),
2075
depth, key_count, ot_unknown, ot_undefined,
2076
ot_never, ot_marginal, ot_full, ot_ultimate );
2078
/* Build a new kdlist from all fully valid keys in KEYS */
2079
if (klist != utk_list)
2080
release_key_items (klist);
2082
for (kar=keys; kar->keyblock; kar++)
2084
for (node=kar->keyblock; node; node = node->next)
2086
if (node->pkt->pkttype == PKT_USER_ID && (node->flag & 4))
2090
/* have we used this key already? */
2091
keyid_from_pk (kar->keyblock->pkt->pkt.public_key, kid);
2092
if(test_key_hash_table(used,kid)==0)
2094
/* Normally we add both the primary and subkey
2095
ids to the hash via mark_keyblock_seen, but
2096
since we aren't using this hash as a skipfnc,
2097
that doesn't matter here. */
2098
add_key_hash_table (used,kid);
2099
k = new_key_item ();
2103
(get_ownertrust (kar->keyblock->pkt->pkt.public_key)
2106
get_min_ownertrust(kar->keyblock->pkt->pkt.public_key);
2108
kar->keyblock->pkt->pkt.public_key->trust_depth;
2110
kar->keyblock->pkt->pkt.public_key->trust_value;
2111
if(kar->keyblock->pkt->pkt.public_key->trust_regexp)
2113
xstrdup (kar->keyblock->pkt->
2114
pkt.public_key->trust_regexp);
2122
release_key_array (keys);
2125
break; /* no need to dive in deeper */
2129
keydb_release (kdb);
2130
release_key_array (keys);
2131
release_key_items (klist);
2132
release_key_hash_table (full_trust);
2133
release_key_hash_table (used);
2134
release_key_hash_table (stored);
2135
if (!rc && !quit) /* mark trustDB as checked */
2137
if (next_expire == 0xffffffff || next_expire < start_time )
2138
tdbio_write_nextcheck (0);
2141
tdbio_write_nextcheck (next_expire);
2142
log_info (_("next trustdb check due at %s\n"),
2143
strtimestamp (next_expire));
2146
if(tdbio_update_version_record()!=0)
2148
log_error(_("unable to update trustdb version record: "
2149
"write failed: %s\n"), gpg_strerror (rc));
2154
pending_check_trustdb = 0;