[svn] GnuPG - r4042 - trunk/g10

svn author dshaw cvs at cvs.gnupg.org
Tue Mar 7 21:14:23 CET 2006 

Author: dshaw
Date: 2006-03-07 21:14:20 +0100 (Tue, 07 Mar 2006)
New Revision: 4042

Modified:
   trunk/g10/ChangeLog
   trunk/g10/gpg.c
   trunk/g10/mainproc.c
   trunk/g10/options.h
   trunk/g10/pkclist.c
   trunk/g10/trustdb.c
Log:
* options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2006-03-07 16:20:03 UTC (rev 4041)
+++ trunk/g10/ChangeLog	2006-03-07 20:14:20 UTC (rev 4042)
@@ -1,3 +1,10 @@
+2006-03-07  David Shaw  <dshaw at jabberwocky.com>
+
+	* options.h, gpg.c (main, parse_trust_model), pkclist.c
+	(check_signatures_trust), mainproc.c (check_sig_and_print,
+	pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so
+	that it is a verify-option now.
+
 2006-03-07  Werner Koch  <wk at g10code.com>
 
 	* mainproc.c (proc_signature_packets): Return any_sig_seen to caller.

Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c	2006-03-07 16:20:03 UTC (rev 4041)
+++ trunk/g10/gpg.c	2006-03-07 20:14:20 UTC (rev 4042)
@@ -243,7 +243,6 @@
     oAlwaysTrust,
     oTrustModel,
     oForceOwnertrust,
-    oAllowPkaLookup,
     oRunAsShmCP,
     oSetFilename,
     oForYourEyesOnly,
@@ -601,7 +600,6 @@
     { oAlwaysTrust, "always-trust", 0, "@"},
     { oTrustModel, "trust-model", 2, "@"},
     { oForceOwnertrust, "force-ownertrust", 2, "@"},
-    { oAllowPkaLookup,  "allow-pka-lookup", 0, "@" },
     { oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
     { oSetFilename, "set-filename", 2, "@" },
     { oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
@@ -1452,7 +1450,6 @@
   printf ("quiet:%lu:\n",   GC_OPT_FLAG_NONE);
   printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
   printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
-  printf ("allow-pka-lookup:%lu:\n", GC_OPT_FLAG_NONE);
 }
 
 
@@ -1608,47 +1605,20 @@
 static void
 parse_trust_model(const char *model)
 {
-  opt.pka_trust_increase = 0;
   if(ascii_strcasecmp(model,"pgp")==0)
-    {
-      opt.trust_model=TM_PGP;
-    }
-  else if(ascii_strcasecmp(model,"pgp+pka")==0)
-    {
-      opt.trust_model=TM_PGP;
-      opt.pka_trust_increase = 1;
-    }
+    opt.trust_model=TM_PGP;
   else if(ascii_strcasecmp(model,"classic")==0)
-    {
-      opt.trust_model=TM_CLASSIC;
-    }
+    opt.trust_model=TM_CLASSIC;
   else if(ascii_strcasecmp(model,"always")==0)
-    {
-      opt.trust_model=TM_ALWAYS;
-    }
+    opt.trust_model=TM_ALWAYS;
   else if(ascii_strcasecmp(model,"direct")==0)
-    {
-      opt.trust_model=TM_DIRECT;
-    }
-  else if(ascii_strcasecmp(model,"direct+pka")==0)
-    {
-      opt.trust_model=TM_DIRECT;
-      opt.pka_trust_increase = 1;
-    }
+    opt.trust_model=TM_DIRECT;
   else if(ascii_strcasecmp(model,"auto")==0)
-    {
-      opt.trust_model=TM_AUTO;
-    }
-  else if(ascii_strcasecmp(model,"auto+pka")==0)
-    {
-      opt.trust_model=TM_AUTO;
-      opt.pka_trust_increase = 1;
-    }
+    opt.trust_model=TM_AUTO;
   else
     log_error("unknown trust model `%s'\n",model);
 }
 
-
 int
 main (int argc, char **argv )
 {
@@ -1740,7 +1710,6 @@
     opt.verify_options=
       VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
     opt.trust_model=TM_AUTO;
-    opt.pka_trust_increase=0;
     opt.mangle_dos_filenames=0;
     opt.min_cert_level=2;
     set_screen_dimensions();
@@ -2153,9 +2122,6 @@
 		opt.force_ownertrust=0;
 	      }
 	    break;
-          case oAllowPkaLookup:
-            opt.allow_pka_lookup = 1;
-            break;
 	  case oLoadExtension:
 #ifndef __riscos__
 #if defined(USE_DYNAMIC_LINKING) || defined(_WIN32)
@@ -2496,6 +2462,10 @@
 		   N_("show user ID validity during signature verification")},
 		  {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
 		   N_("show revoked and expired user IDs in signature verification")},
+		  {"pka-lookup",VERIFY_PKA_LOOKUP,NULL,
+		   N_("validate signatures with PKA data")},
+		  {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
+		   N_("elevate the trust of signatures with valid PKA data")},
 		  {NULL,0,NULL,NULL}
 		};
 

Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c	2006-03-07 16:20:03 UTC (rev 4041)
+++ trunk/g10/mainproc.c	2006-03-07 20:14:20 UTC (rev 4042)
@@ -1390,7 +1390,7 @@
       assert (!sig->pka_info);
       sig->flags.pka_tried = 1;
       sig->pka_info = get_pka_address (sig);
-      if (sig->pka_info && opt.allow_pka_lookup)
+      if (sig->pka_info)
         {
           char *uri;
 
@@ -1866,7 +1866,8 @@
 
 	if (!rc)
           {
-            pka_uri_from_sig (sig); /* Make sure PKA info is available. */
+	    if(opt.verify_options&VERIFY_PKA_LOOKUP)
+	      pka_uri_from_sig (sig); /* Make sure PKA info is available. */
 	    rc = check_signatures_trust( sig );
           }
 

Modified: trunk/g10/options.h
===================================================================
--- trunk/g10/options.h	2006-03-07 16:20:03 UTC (rev 4041)
+++ trunk/g10/options.h	2006-03-07 20:14:20 UTC (rev 4042)
@@ -103,8 +103,6 @@
       TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_DIRECT, TM_AUTO
     } trust_model;
   int force_ownertrust;
-  int pka_trust_increase;  /* Valid PKA information increases the trust. */
-  int allow_pka_lookup;    /* PKA lookups are only done if this is set. */
   enum
     {
       CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8
@@ -316,6 +314,8 @@
 #define VERIFY_SHOW_KEYSERVER_URLS       (1<<4)
 #define VERIFY_SHOW_UID_VALIDITY         (1<<5)
 #define VERIFY_SHOW_UNUSABLE_UIDS        (1<<6)
+#define VERIFY_PKA_LOOKUP                (1<<7)
+#define VERIFY_PKA_TRUST_INCREASE        (1<<8)
 
 #define KEYSERVER_USE_TEMP_FILES         (1<<0)
 #define KEYSERVER_KEEP_TEMP_FILES        (1<<1)

Modified: trunk/g10/pkclist.c
===================================================================
--- trunk/g10/pkclist.c	2006-03-07 16:20:03 UTC (rev 4041)
+++ trunk/g10/pkclist.c	2006-03-07 20:14:20 UTC (rev 4042)
@@ -566,7 +566,7 @@
         case TRUST_UNKNOWN: 
         case TRUST_UNDEFINED:
         case TRUST_MARGINAL:
-          if (okay && opt.pka_trust_increase)
+          if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
             {
               trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
               log_info (_("trustlevel adjusted to FULL"

Modified: trunk/g10/trustdb.c
===================================================================
--- trunk/g10/trustdb.c	2006-03-07 16:20:03 UTC (rev 4041)
+++ trunk/g10/trustdb.c	2006-03-07 20:14:20 UTC (rev 4042)
@@ -450,12 +450,7 @@
 	}
 
       if(opt.verbose)
-        {
-          log_info(_("using %s trust model\n"),trust_model_string());
-          if (opt.pka_trust_increase)
-            log_info(_("PKA verification is allowed to"
-                       " leverage trust to full\n"));
-        }
+	log_info(_("using %s trust model\n"),trust_model_string());
     }
 
   if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)

More information about the Gnupg-commits mailing list