1404
1419
/* first check all signatures */
1405
1420
for (node=uidnode->next; node; node = node->next)
1407
node->flag &= ~(1<<8 | 1<<9 | 1<<10);
1424
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
1408
1425
if (node->pkt->pkttype == PKT_USER_ID
1409
1426
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1410
1427
break; /* ready */
1411
1428
if (node->pkt->pkttype != PKT_SIGNATURE)
1414
1430
sig = node->pkt->pkt.signature;
1415
if (sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
1416
continue; /* ignore self-signatures */
1432
&& sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
1433
continue; /* ignore self-signatures if we pass in a main_kid */
1417
1434
if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
1418
1435
continue; /* we only look at these signature classes */
1419
if (!is_in_klist (klist, sig))
1436
if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
1437
sig->sig_class-0x10<opt.min_cert_level)
1438
continue; /* treat anything under our min_cert_level as an
1439
invalid signature */
1440
if (klist && !is_in_klist (klist, sig))
1420
1441
continue; /* no need to check it then */
1421
if (check_key_signature (keyblock, node, NULL))
1422
continue; /* ignore invalid signatures */
1442
if ((rc=check_key_signature (keyblock, node, NULL)))
1444
/* we ignore anything that won't verify, but tag the
1446
if(rc==G10ERR_NO_PUBKEY)
1447
node->flag |= 1<<12;
1423
1450
node->flag |= 1<<9;
1425
1452
/* reset the remaining flags */
1426
1453
for (; node; node = node->next)
1427
node->flag &= ~(1<<8 | 1<<9 | 1 << 10);
1454
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
1429
1456
/* kbnode flag usage: bit 9 is here set for signatures to consider,
1430
1457
* bit 10 will be set by the loop to keep track of keyIDs already
1431
* processed, bit 8 will be set for the usable signatures */
1458
* processed, bit 8 will be set for the usable signatures, and bit
1459
* 11 will be set for usable revocations. */
1433
1461
/* for each cert figure out the latest valid one */
1434
1462
for (node=uidnode->next; node; node = node->next)
1528
1559
if (expire==0 || expire > curtime )
1530
1561
signode->flag |= (1<<8); /* yeah, found a good cert */
1531
if (expire && expire < *next_expire)
1562
if (next_expire && expire && expire < *next_expire)
1532
1563
*next_expire = expire;
1567
signode->flag |= (1<<11);
1572
clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
1578
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
1580
keyid_from_pk(keyblock->pkt->pkt.public_key,keyid);
1582
/* Passing in a 0 for current time here means that we'll never weed
1583
out an expired sig. This is correct behavior since we want to
1584
keep the most recent expired sig in a series. */
1585
mark_usable_uid_certs(keyblock,uidnode,NULL,NULL,0,NULL);
1587
/* What we want to do here is remove signatures that are not
1588
considered as part of the trust calculations. Thus, all invalid
1589
signatures are out, as are any signatures that aren't the last of
1590
a series of uid sigs or revocations It breaks down like this:
1591
coming out of mark_usable_uid_certs, if a sig is unflagged, it is
1592
not even a candidate. If a sig has flag 9 or 10, that means it
1593
was selected as a candidate and vetted. If a sig has flag 8 it
1594
is a usable signature. If a sig has flag 11 it is a usable
1595
revocation. If a sig has flag 12 it was issued by an unavailable
1596
key. "Usable" here means the most recent valid
1597
signature/revocation in a series from a particular signer.
1599
Delete everything that isn't a usable uid sig (which might be
1600
expired), a usable revocation, or a sig from an unavailable
1603
for(node=uidnode->next;
1604
node && node->pkt->pkttype==PKT_SIGNATURE;
1607
int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0]
1608
&& node->pkt->pkt.signature->keyid[1]==keyid[1]):1;
1610
/* Keep usable uid sigs ... */
1611
if((node->flag & (1<<8)) && keep)
1614
/* ... and usable revocations... */
1615
if((node->flag & (1<<11)) && keep)
1618
/* ... and sigs from unavailable keys. */
1619
/* disabled for now since more people seem to want sigs from
1620
unavailable keys removed altogether. */
1622
if(node->flag & (1<<12))
1626
/* Everything else we delete */
1628
/* At this point, if 12 is set, the signing key was unavailable.
1629
If 9 or 10 is set, it's superceded. Otherwise, it's
1633
log_info("removing signature from key %s on user ID \"%s\": %s\n",
1634
keystr(node->pkt->pkt.signature->keyid),
1635
uidnode->pkt->pkt.user_id->name,
1636
node->flag&(1<<12)?"key unavailable":
1637
node->flag&(1<<9)?"signature superceded":"invalid signature");
1639
delete_kbnode(node);
1646
/* This is substantially easier than clean_sigs_from_uid since we just
1647
have to establish if the uid has a valid self-sig, is not revoked,
1648
and is not expired. Note that this does not take into account
1649
whether the uid has a trust path to it - just whether the keyholder
1650
themselves has certified the uid. Returns true if the uid was
1651
compacted. To "compact" a user ID, we simply remove ALL signatures
1652
except the self-sig that caused the user ID to be remove-worthy.
1653
We don't actually remove the user ID packet itself since it might
1654
be ressurected in a later merge. Note that this function requires
1655
that the caller has already done a merge_keys_and_selfsig().
1657
TODO: change the import code to allow importing a uid with only a
1658
revocation if the uid already exists on the keyring. */
1661
clean_uid_from_key(KBNODE keyblock,KBNODE uidnode,int noisy)
1664
PKT_user_id *uid=uidnode->pkt->pkt.user_id;
1667
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
1668
assert(uidnode->pkt->pkttype==PKT_USER_ID);
1670
/* Skip valid user IDs, compacted user IDs, and non-self-signed user
1671
IDs if --allow-non-selfsigned-uid is set. */
1672
if(uid->created || uid->flags.compacted
1673
|| (!uid->is_expired && !uid->is_revoked
1674
&& opt.allow_non_selfsigned_uid))
1677
for(node=uidnode->next;
1678
node && node->pkt->pkttype==PKT_SIGNATURE;
1680
if(!node->pkt->pkt.signature->flags.chosen_selfsig)
1682
delete_kbnode(node);
1684
uidnode->pkt->pkt.user_id->flags.compacted=1;
1690
char *user=utf8_to_native(uid->name,uid->len,0);
1693
reason=_("revoked");
1694
else if(uid->is_expired)
1695
reason=_("expired");
1697
reason=_("invalid");
1699
log_info("compacting user ID \"%s\" on key %s: %s\n",
1700
user,keystr_from_pk(keyblock->pkt->pkt.public_key),
1709
/* Needs to be called after a merge_keys_and_selfsig() */
1711
clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only,
1712
int *uids_cleaned,int *sigs_cleaned)
1716
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
1717
assert(uidnode->pkt->pkttype==PKT_USER_ID);
1720
uids_cleaned=&dummy;
1723
sigs_cleaned=&dummy;
1725
/* Do clean_uid_from_key first since if it fires off, we don't
1726
have to bother with the other */
1727
*uids_cleaned+=clean_uid_from_key(keyblock,uidnode,noisy);
1728
if(!uidnode->pkt->pkt.user_id->flags.compacted)
1729
*sigs_cleaned+=clean_sigs_from_uid(keyblock,uidnode,noisy,self_only);
1733
clean_key(KBNODE keyblock,int noisy,int self_only,
1734
int *uids_cleaned,int *sigs_cleaned)
1738
merge_keys_and_selfsig(keyblock);
1740
for(uidnode=keyblock->next;
1741
uidnode && uidnode->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
1742
uidnode=uidnode->next)
1743
if(uidnode->pkt->pkttype==PKT_USER_ID)
1744
clean_one_uid(keyblock,uidnode,noisy,self_only,
1745
uids_cleaned,sigs_cleaned);
1748
/* Returns a sanitized copy of the regexp (which might be "", but not
1750
#ifndef DISABLE_REGEX
1752
sanitize_regexp(const char *old)
1754
size_t start=0,len=strlen(old),idx=0;
1755
int escaped=0,standard_bracket=0;
1756
char *new=xmalloc((len*2)+1); /* enough to \-escape everything if we
1759
/* There are basically two commonly-used regexps here. GPG and most
1760
versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
1761
command line uses "example.com" (i.e. whatever the user specfies,
1762
and we can't expect users know to use "\." instead of "."). So
1763
here are the rules: we're allowed to start with "<[^>]+[@.]" and
1764
end with ">$" or start and end with nothing. In between, the
1765
only legal regex character is ".", and everything else gets
1766
escaped. Part of the gotcha here is that some regex packages
1767
allow more than RFC-4880 requires. For example, 4880 has no "{}"
1768
operator, but GNU regex does. Commenting removes these operators
1769
from consideration. A possible future enhancement is to use
1770
commenting to effectively back off a given regex to the Henry
1771
Spencer syntax in 4880. -dshaw */
1773
/* Are we bracketed between "<[^>]+[@.]" and ">$" ? */
1774
if(len>=12 && strncmp(old,"<[^>]+[@.]",10)==0
1775
&& old[len-2]=='>' && old[len-1]=='$')
1777
strcpy(new,"<[^>]+[@.]");
1784
/* Walk the remaining characters and ensure that everything that is
1785
left is not an operational regex character. */
1786
for(;start<len;start++)
1788
if(!escaped && old[start]=='\\')
1790
else if(!escaped && old[start]!='.')
1795
new[idx++]=old[start];
1800
/* Note that the (sub)string we look at might end with a bare "\".
1801
If it does, leave it that way. If the regexp actually ended with
1802
">$", then it was escaping the ">" and is fine. If the regexp
1803
actually ended with the bare "\", then it's an illegal regexp and
1804
regcomp should kick it out. */
1806
if(standard_bracket)
1811
#endif /*!DISABLE_REGEX*/
1538
1813
/* Used by validate_one_keyblock to confirm a regexp within a trust
1539
1814
signature. Returns 1 for match, and 0 for no match or regex
1845
2132
/* Caller must sync */
1847
reset_trust_records (KEYDB_HANDLE hd, KeyHashTable exclude)
2134
reset_trust_records(void)
1850
KBNODE keyblock = NULL;
1851
KEYDB_SEARCH_DESC desc;
1852
2138
int count = 0, nreset = 0;
1854
rc = keydb_search_reset (hd);
1857
log_error ("keydb_search_reset failed: %s\n", gpg_strerror (rc));
1861
memset (&desc, 0, sizeof desc);
1862
desc.mode = KEYDB_SEARCH_MODE_FIRST;
1865
desc.skipfnc = search_skipfnc;
1866
desc.skipfncvalue = exclude;
1868
rc = keydb_search (hd, &desc, 1);
1869
if (rc && rc != -1 )
1870
log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
1873
desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
1876
rc = keydb_get_keyblock (hd, &keyblock);
1879
log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
1884
if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) /* paranoid assertion*/
1886
nreset += clear_validity (keyblock->pkt->pkt.public_key);
1887
release_kbnode (keyblock);
1890
while ( !(rc = keydb_search (hd, &desc, 1)) );
1892
log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
2140
for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
2142
if(rec.rectype==RECTYPE_TRUST)
2145
if(rec.r.trust.min_ownertrust)
2147
rec.r.trust.min_ownertrust=0;
2152
else if(rec.rectype==RECTYPE_VALID
2153
&& ((rec.r.valid.validity&TRUST_MASK)
2154
|| rec.r.valid.marginal_count
2155
|| rec.r.valid.full_count))
2157
rec.r.valid.validity &= ~TRUST_MASK;
2158
rec.r.valid.marginal_count=rec.r.valid.full_count=0;
1894
2165
if (opt.verbose)
1895
2166
log_info (_("%d keys processed (%d validity counts cleared)\n"),
added
removed
g10/trustdb.c
