2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3
* 2007 Free Software Foundation, Inc.
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3
* 2008 Free Software Foundation, Inc.
5
5
* This file is part of GnuPG.
1927
1935
did not exist. This is safe for non-trust sigs as well
1928
1936
since we don't accept a regexp on the sig unless it's a
1930
if (kr && (kr->trust_regexp==NULL || opt.trust_model!=TM_PGP ||
1931
(uidnode && check_regexp(kr->trust_regexp,
1932
uidnode->pkt->pkt.user_id->name))))
1938
if (kr && (!kr->trust_regexp
1939
|| opt.trust_model != TM_PGP
1941
&& check_regexp(kr->trust_regexp,
1942
uidnode->pkt->pkt.user_id->name))))
1934
if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth)
1935
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
1936
uidnode->pkt->pkt.user_id->name,sig->trust_depth,
1939
1944
/* Are we part of a trust sig chain? We always favor
1940
1945
the latest trust sig, rather than the greater or
1941
1946
lesser trust sig or value. I could make a decent
1942
1947
argument for any of these cases, but this seems to be
1943
1948
what PGP does, and I'd like to be compatible. -dms */
1944
if(opt.trust_model==TM_PGP && sig->trust_depth
1945
&& pk->trust_timestamp<=sig->timestamp
1946
&& (sig->trust_depth<=kr->trust_depth
1947
|| kr->ownertrust==TRUST_ULTIMATE))
1949
if (opt.trust_model == TM_PGP
1951
&& pk->trust_timestamp <= sig->timestamp)
1949
/* If we got here, we know that:
1951
this is a trust sig.
1953
it's a newer trust sig than any previous trust
1954
sig on this key (not uid).
1956
it is legal in that it was either generated by an
1957
ultimate key, or a key that was part of a trust
1958
chain, and the depth does not violate the
1961
if there is a regexp attached, it matched
1966
log_debug("replacing trust value %d with %d and "
1967
"depth %d with %d\n",
1968
pk->trust_value,sig->trust_value,
1969
pk->trust_depth,sig->trust_depth);
1971
pk->trust_value=sig->trust_value;
1972
pk->trust_depth=sig->trust_depth-1;
1974
/* If the trust sig contains a regexp, record it
1975
on the pk for the next round. */
1976
if(sig->trust_regexp)
1977
pk->trust_regexp=sig->trust_regexp;
1953
unsigned char depth;
1955
/* If the depth on the signature is less than the
1956
chain currently has, then use the signature depth
1957
so we don't increase the depth beyond what the
1958
signer wanted. If the depth on the signature is
1959
more than the chain currently has, then use the
1960
chain depth so we use as much of the signature
1961
depth as the chain will permit. An ultimately
1962
trusted signature can restart the depth to
1963
whatever level it likes. */
1965
if (sig->trust_depth < kr->trust_depth
1966
|| kr->ownertrust == TRUST_ULTIMATE)
1967
depth = sig->trust_depth;
1969
depth = kr->trust_depth;
1974
log_debug ("trust sig on %s, sig depth is %d,"
1975
" kr depth is %d\n",
1976
uidnode->pkt->pkt.user_id->name,
1980
/* If we got here, we know that:
1982
this is a trust sig.
1984
it's a newer trust sig than any previous trust
1985
sig on this key (not uid).
1987
it is legal in that it was either generated by an
1988
ultimate key, or a key that was part of a trust
1989
chain, and the depth does not violate the
1992
if there is a regexp attached, it matched
1997
log_debug ("replacing trust value %d with %d and "
1998
"depth %d with %d\n",
1999
pk->trust_value,sig->trust_value,
2000
pk->trust_depth,depth);
2002
pk->trust_value = sig->trust_value;
2003
pk->trust_depth = depth-1;
2005
/* If the trust sig contains a regexp, record it
2006
on the pk for the next round. */
2007
if (sig->trust_regexp)
2008
pk->trust_regexp = sig->trust_regexp;
1980
2012
if (kr->ownertrust == TRUST_ULTIMATE)