--- pgp/src/keymaint.c 2018/04/24 16:40:06 1.1.1.4 +++ pgp/src/keymaint.c 2018/04/24 16:42:14 1.1.1.6 @@ -1,21 +1,22 @@ /* keymaint.c - Keyring maintenance pass routines for PGP. PGP: Pretty Good(tm) Privacy - public key cryptography for the masses. - (c) Copyright 1990-1992 by Philip Zimmermann. All rights reserved. + (c) Copyright 1990-1994 by Philip Zimmermann. All rights reserved. The author assumes no liability for damages resulting from the use of this software, even if the damage results from defects in this software. No warranty is expressed or implied. - All the source code Philip Zimmermann wrote for PGP is available for - free under the "Copyleft" General Public License from the Free - Software Foundation. A copy of that license agreement is included in - the source release package of PGP. Code developed by others for PGP - is also freely available. Other code that has been incorporated into - PGP from other sources was either originally published in the public - domain or was used with permission from the various authors. See the - PGP User's Guide for more complete information about licensing, - patent restrictions on certain algorithms, trademarks, copyrights, - and export controls. + Note that while most PGP source modules bear Philip Zimmermann's + copyright notice, many of them have been revised or entirely written + by contributors who frequently failed to put their names in their + code. Code that has been incorporated into PGP from other authors + was either originally published in the public domain or is used with + permission from the various authors. + + PGP is available for free to the public under certain restrictions. + See the PGP User's Guide (included in the release package) for + important information about licensing, patent restrictions on + certain algorithms, trademarks, copyrights, and export controls. keymaint.c implemented by Branko Lankester. */ @@ -40,6 +41,32 @@ #define assert(x) #endif +/* Helper functions to work on newkey lists */ +void +free_newkeys(struct newkey *nkeys) +{ + struct newkey *nkey; + + while (nkeys) { + nkey = nkeys; + nkeys = nkeys->next; + free(nkey); + } +} + +int +ismember_newkeys(byte const keyid[KEYFRAGSIZE], struct newkey const *nkeys) +{ + while (nkeys) { + if (memcmp(keyid, nkeys->keyID, KEYFRAGSIZE) == 0) + return 1; + nkeys = nkeys->next; + } + return 0; +} + +/* The main checking code... */ + struct userid; struct signature; @@ -75,14 +102,14 @@ void init_trust_lst(void); long lookup_by_keyID(FILE *f, byte *srch_keyID); void show_userid(FILE *f, byte *keyID); -static int maintenance(char *ringfile); -static int maint_read_data(char *ringfile); +static int maintenance(char *ringfile, struct newkey const *nkeys); +static int maint_read_data(char *ringfile, struct newkey const *nkeys); static int maint_trace_chain(void); static int trace_sig_chain(struct pubkey *pk, int depth); static int maint_final(char *ringfile); static struct pubkey * getpubkey(byte *keyID); static void setup_trust(void); -static int check_secretkey(FILE *f, long keypos); +static int check_secretkey(FILE *f, long keypos, byte keyctrl); static void maint_init_mem(void); static void maint_release_mem(void); static VOID * allocn(int size); @@ -92,20 +119,20 @@ static void freebufpool(void); static void compute_legit(struct userid *id); -#define ALLOC_UNIT 4000 /* memory will be allocated in chunks of this size */ +#define ALLOC_UNIT 4000 /* memory will be allocated in chunks of this size */ -#define MAX_DEPTH 8 /* max. value of max_cert_depth */ +#define MAX_DEPTH 8 /* max. value of max_cert_depth */ /* returned when trying to do a maintenance pass on a secret keyring or keyfile */ -#define ERR_NOTRUST -7 +#define ERR_NOTRUST -7 -#define TRUST_MASK 7 /* mask for userid/signature trust bytes */ +#define TRUST_MASK 7 /* mask for userid/signature trust bytes */ #define SET_TRUST(b,v) (*(b) = (*(b) & ~TRUST_MASK) | (v)) #define TRUST_LEV(b) ((b) & TRUST_MASK) #define TRUST_FAC(x) (trust_tbl[TRUST_LEV(x)]) -#define ctb_type(c) ((c&CTB_TYPE_MASK)>>2) +#define ctb_type(c) ((c&CTB_TYPE_MASK)>>2) /* * table for tuning user paranoia index. * values represent contribution of one signature indexed by the @@ -116,19 +143,19 @@ static int trust_tbl[8]; static int marginal_min; static int complete_min; /* total count needed for a fully legit key */ -int marg_min = 2; /* number of marginally trusted signatures needed for - a fully legit key (can be set in config.pgp). */ -int compl_min = 1; /* number of fully trusted signatures needed */ +int marg_min = 2; /* number of marginally trusted signatures needed for + a fully legit key (can be set in config.pgp). */ +int compl_min = 1; /* number of fully trusted signatures needed */ char trust_lst[8][16] = { - "undefined", /* PSTR("undefined") */ - "unknown", /* PSTR("unknown") */ - "untrusted", /* PSTR("untrusted") */ - "<3>", /* unused */ - "<4>", /* unused */ - "marginal", /* PSTR("marginal") */ - "complete", /* PSTR("complete") */ - "ultimate", /* PSTR("ultimate") */ + "undefined", /* LANG("undefined") */ + "unknown", /* LANG("unknown") */ + "untrusted", /* LANG("untrusted") */ + "<3>", /* unused */ + "<4>", /* unused */ + "marginal", /* LANG("marginal") */ + "complete", /* LANG("complete") */ + "ultimate", /* LANG("ultimate") */ }; char legit_lst[4][16] = { @@ -154,18 +181,22 @@ static int undefined_trust; /* number of * Update trust parameters in a keyring, should be called after all * key management functions which can affect the trust parameters. * Changes are done "inplace", the file must be writable. + * + * nkeys is a list of new keys. Any key on this list is checked to + * see if it on the secret keyring. If it is, and the BUCKSTOP bit + * is not set, the user is prompted to set it. */ int -maint_update(char *ringfile) +maint_update(char *ringfile, struct newkey const *nkeys) { check_only = mverbose = FALSE; - return maintenance(ringfile); + return maintenance(ringfile, nkeys); } /* * Check trust parameters in ringfile * options can be: - * MAINT_CHECK check only, don't ask if keyring should be updated + * MAINT_CHECK check only, don't ask if keyring should be updated * MAINT_VERBOSE verbose output, shows signature chains */ int @@ -179,10 +210,10 @@ maint_check(char *ringfile, int options) if (moreflag) open_more(); if (*floppyring != '\0' && (floppy_fp = fopen(floppyring, FOPRBIN)) == NULL) - fprintf(pgpout,PSTR("\nCan't open backup key ring file '%s'\n"), + fprintf(pgpout,LANG("\nCan't open backup key ring file '%s'\n"), floppyring); check_only = TRUE; - status = maintenance(ringfile); + status = maintenance(ringfile, NULL); if (floppy_fp) { fclose(floppy_fp); floppy_fp = NULL; @@ -211,7 +242,7 @@ maint_check(char *ringfile, int options) maint_list(ringfile); } - fprintf(pgpout, PSTR("\n%d \"trust parameter(s)\" need to be changed.\n"), + fprintf(pgpout, LANG("\n%d \"trust parameter(s)\" need to be changed.\n"), undefined_trust); if (options & MAINT_CHECK) { @@ -219,7 +250,7 @@ maint_check(char *ringfile, int options) return status; } - fprintf(pgpout, PSTR("Continue with '%s' (Y/n)? "), + fprintf(pgpout, LANG("Continue with '%s' (Y/n)? "), ringfile); if (!getyesno('y')) { close_more(); @@ -234,41 +265,39 @@ maint_check(char *ringfile, int options) return -1; } check_only = mverbose = FALSE; - if ((status = maintenance(fixfile)) >= 0) { + if ((status = maintenance(fixfile, NULL)) >= 0) { maint_list(fixfile); - fprintf(pgpout, PSTR("\n%d \"trust parameter(s)\" changed.\n"), status); + fprintf(pgpout, LANG("\n%d \"trust parameter(s)\" changed.\n"), status); } close_more(); if (status > 0 && !(options & MAINT_CHECK)) { - fprintf(pgpout, PSTR("Update public keyring '%s' (Y/n)? "), ringfile); + fprintf(pgpout, LANG("Update public keyring '%s' (Y/n)? "), ringfile); if (getyesno('y')) return savetempbak(fixfile, ringfile); } rmtemp(fixfile); return status; -} +} /* maint_check */ static int -maintenance(char *ringfile) +maintenance(char *ringfile, struct newkey const *nkeys) { int status; - char secretkeyring[MAX_PATH]; undefined_trust = 0; /* None so far... */ if (max_cert_depth > MAX_DEPTH) max_cert_depth = MAX_DEPTH; - buildfilename(secretkeyring, SECRET_KEYRING_FILENAME); - if ((sec_fp = fopen(secretkeyring, FOPRBIN)) == NULL) - fprintf(pgpout,PSTR("\nCan't open secret key ring file '%s'\n"), - secretkeyring); + if ((sec_fp = fopen(globalSecringName, FOPRBIN)) == NULL) + fprintf(pgpout,LANG("\nCan't open secret key ring file '%s'\n"), + globalSecringName); setkrent(ringfile); setup_trust(); maint_init_mem(); if (mverbose || verbose) - fprintf(pgpout, PSTR("\nPass 1: Looking for the \"ultimately-trusted\" keys...\n")); - status = maint_read_data(ringfile); + fprintf(pgpout, LANG("\nPass 1: Looking for the \"ultimately-trusted\" keys...\n")); + status = maint_read_data(ringfile, nkeys); if (sec_fp) { fclose(sec_fp); sec_fp = NULL; @@ -277,7 +306,7 @@ maintenance(char *ringfile) goto failed; if (mverbose || verbose) - fprintf(pgpout, PSTR("\nPass 2: Tracing signature chains...\n")); + fprintf(pgpout, LANG("\nPass 2: Tracing signature chains...\n")); if ((status = maint_trace_chain()) < 0) goto failed; @@ -289,15 +318,15 @@ maintenance(char *ringfile) endkrent(); maint_release_mem(); - return(status+undefined_trust); + return status+undefined_trust; failed: if (verbose) fprintf(pgpout, "maintenance pass: error exit = %d\n", status); endkrent(); maint_release_mem(); - return(status); -} /* maintenance */ + return status; +} /* maintenance */ static struct pubkey *pklist, **pkhash = NULL; @@ -330,7 +359,7 @@ getpubkey(byte *keyID) * compare them with the floppy ring if this is requested. */ static int -maint_read_data(char *ringfile) +maint_read_data(char *ringfile, struct newkey const *nkeys) { FILE *f; int status; @@ -347,15 +376,15 @@ maint_read_data(char *ringfile) struct userid *id = NULL; struct signature *sig = NULL; - if ((f = fopen(ringfile,FOPRBIN)) == NULL) - { fprintf(pgpout,PSTR("\n\007Can't open key ring file '%s'\n"),ringfile); - return(-1); + if ((f = fopen(ringfile,FOPRBIN)) == NULL) { + fprintf(pgpout,LANG("\n\007Can't open key ring file '%s'\n"),ringfile); + return -1; } while ((status = readkpacket(f, &ctb, userid, keyID, sigkeyID)) != -1) { if (status == -3 || status == -2) { fclose(f); - return(status); + return status; } if (status < 0 || is_ctb_type(ctb, CTB_CERT_SECKEY_TYPE)) { skip = 1; /* version error or bad key */ @@ -380,7 +409,7 @@ maint_read_data(char *ringfile) /* other packets should have trust byte */ if (read_trust(f, &keyctrl) < 0) { fclose(f); - return(ERR_NOTRUST); /* not a public keyring */ + return ERR_NOTRUST; /* not a public keyring */ } switch (ctb_type(ctb)) { @@ -391,14 +420,18 @@ maint_read_data(char *ringfile) pk = pklist = getpubkey(keyID); if (pk->pk_next) { - fprintf(pgpout, PSTR("Keyring contains duplicate key: %s\n"), keyIDstring(keyID)); + fprintf(pgpout, LANG("Keyring contains duplicate key: %s\n"), keyIDstring(keyID)); fclose(f); return -1; } - if ((keyctrl & KC_BUCKSTOP)) { - if (check_secretkey(f, keypos) == 0) { + if (keyctrl & KC_BUCKSTOP || + ismember_newkeys(keyID, nkeys)) + { + if (check_secretkey(f, keypos, keyctrl) == 0) { ++buckstopcount; + keyctrl |= KC_BUCKSTOP; + SET_TRUST(&keyctrl, KC_OWNERTRUST_ULTIMATE); buckstop = TRUE; if (mverbose) fprintf(pgpout, "* %s",keyIDstring(keyID)); @@ -414,7 +447,6 @@ maint_read_data(char *ringfile) buckstop = FALSE; show_user = FALSE; } - keyctrl &= ~KC_VISITED; pk->pk_owntrust = keyctrl; pk->pk_userids = id = NULL; break; @@ -461,10 +493,10 @@ maint_read_data(char *ringfile) keypos = ftell(f); } if (buckstopcount == 0 && mverbose) - fprintf(pgpout, PSTR("No ultimately-trusted keys.\n")); + fprintf(pgpout, LANG("No ultimately-trusted keys.\n")); fclose(f); - return(0); -} + return 0; +} /* maint_read_data */ /* @@ -489,7 +521,7 @@ maint_trace_chain(void) trace_sig_chain(pk, 0); } return 0; -} +} /* maint_trace_chain */ /* @@ -546,13 +578,23 @@ trace_sig_chain(struct pubkey *pk, int d /* all keys signed by pk */ for (sig = pk->pk_signed; sig; sig = sig->sig_nextfrom) { - if (mverbose) - fprintf(pgpout, "%*s > %s\n", 2*depth, "", LOCAL_CHARSET(sig->sig_uid->uid_userid)); - /* copy trust from signator */ - SET_TRUST(&sig->sig_trust, TRUST_LEV(pk->pk_owntrust)); - sig->sig_trust |= KC_CONTIG; /* CONTIG bit currently unused */ + /* If signature is good, copy trust from signator */ + /* CONTIG bit currently unused */ + if (sig->sig_trust & KC_SIG_CHECKED) { + SET_TRUST(&sig->sig_trust, TRUST_LEV(pk->pk_owntrust)); + sig->sig_trust |= KC_CONTIG; /* CONTIG bit currently unused */ + if (mverbose) + fprintf(pgpout, "%*s > %s\n", 2*depth, "", LOCAL_CHARSET(sig->sig_uid->uid_userid)); + } else { + SET_TRUST(&sig->sig_trust, KC_SIGTRUST_UNTRUSTED); + sig->sig_trust &= ~KC_CONTIG; + if (mverbose) + fprintf(pgpout, "%*s X %s\n", 2*depth, "", LOCAL_CHARSET(sig->sig_uid->uid_userid)); + } + if (TRUST_FAC(sig->sig_trust) == 0) + continue; p = sig->sig_uid->uid_key; /* this key signed by pk */ if (p->pk_owntrust & KC_BUCKSTOP) continue; /* will be handled from main loop */ @@ -585,7 +627,7 @@ trace_sig_chain(struct pubkey *pk, int d fprintf(pgpout, "%*s%d-^ %s\n", 2*depth, "", depth, pk->pk_userids->uid_userid); #endif return 0; -} +} /* trace_sig_chain */ /* * compute validity of userid/key pair, the number of signatures and the @@ -614,7 +656,7 @@ compute_legit(struct userid *id) legit = KC_LEGIT_COMPLETE; } id->uid_legit = (id->uid_legit & ~KC_LEGIT_MASK) | legit; -} +} /* compute_legit */ /* * check if the maintenance pass changed anything @@ -642,9 +684,9 @@ maint_final(char *ringfile) f = fopen(ringfile,FOPRBIN); else f = fopen(ringfile,FOPRWBIN); - if (f == NULL) - { fprintf(pgpout,PSTR("\n\007Can't open key ring file '%s'\n"),ringfile); - return(-1); + if (f == NULL) { + fprintf(pgpout,LANG("\n\007Can't open key ring file '%s'\n"),ringfile); + return -1; } pk = pklist; @@ -721,13 +763,13 @@ maint_final(char *ringfile) } fclose(f); if (status < -1) /* -1 is OK, EOF */ - return(status); + return status; if (pk || sig || id) { fprintf(pgpout, "maint_final: internal error\n"); return -1; } - return(changed); -} /* maint_final */ + return changed; +} /* maint_final */ int @@ -744,15 +786,15 @@ maint_list(char *ringfile) int owntrust = 0; int usercount = 0; - if ((f = fopen(ringfile,FOPRBIN)) == NULL) - { fprintf(pgpout,PSTR("\n\007Can't open key ring file '%s'\n"),ringfile); - return(-1); + if ((f = fopen(ringfile,FOPRBIN)) == NULL) { + fprintf(pgpout,LANG("\n\007Can't open key ring file '%s'\n"),ringfile); + return -1; } init_trust_lst(); setkrent(ringfile); init_userhash(); - fprintf(pgpout, PSTR(" KeyID Trust Validity User ID\n")); + fprintf(pgpout, LANG(" KeyID Trust Validity User ID\n")); while ((status = readkpacket(f, &ctb, userid, keyID, sigkeyID)) != -1) { if (status == -3 || status == -2) break; @@ -779,10 +821,10 @@ maint_list(char *ringfile) case CTB_USERID_TYPE: if (!usercount) { /* first userid */ fprintf(pgpout, "%c %s ", tchar, keyIDstring(keyID)); - fprintf(pgpout, " %-*s", trustlst_len, trust_lst[owntrust]); + fprintf(pgpout, "%-*s ", trustlst_len, trust_lst[owntrust]); } else - fprintf(pgpout, " %*s ", trustlst_len, ""); - fprintf(pgpout, " %-*s", legitlst_len, legit_lst[kc&KC_LEGIT_MASK]); + fprintf(pgpout, " %s %*s ", blankkeyID, trustlst_len, ""); + fprintf(pgpout, "%-*s ", legitlst_len, legit_lst[kc&KC_LEGIT_MASK]); if (usercount) putc(' ', pgpout); ++usercount; @@ -793,9 +835,9 @@ maint_list(char *ringfile) tchar = '#'; break; } - fprintf(pgpout, "%c ", (kc & KC_CONTIG) ? 'c' : ' '); - fprintf(pgpout, " %-*s", trustlst_len, trust_lst[TRUST_LEV(kc)]); - fprintf(pgpout, "%*s ", legitlst_len, ""); + fprintf(pgpout, "%c %s ", (kc & KC_CONTIG) ? 'c' : ' ', blankkeyID); + fprintf(pgpout, "%-*s ", trustlst_len, trust_lst[TRUST_LEV(kc)]); + fprintf(pgpout, "%*s ", legitlst_len, ""); if ((signator = user_from_keyID(sigkeyID)) == NULL) fprintf(pgpout, "(KeyID: %s)\n",keyIDstring(sigkeyID)); else @@ -806,9 +848,9 @@ maint_list(char *ringfile) endkrent(); fclose(f); if (status < -1) /* -1 is OK, EOF */ - return(status); - return(0); -} /* maint_list */ + return status; + return 0; +} /* maint_list */ /* @@ -825,9 +867,9 @@ init_trust_lst(void) if (initialized) return; - for (i = 0; i < 8; ++i) - { if (trust_lst[i][0]) - { s = PSTR (trust_lst[i]); + for (i = 0; i < 8; ++i) { + if (trust_lst[i][0]) { + s = LANG (trust_lst[i]); if (s != trust_lst[i]) strncpy(trust_lst[i], s, sizeof(trust_lst[0]) - 1); len = strlen(s); @@ -835,18 +877,16 @@ init_trust_lst(void) trustlst_len = len; } } - for (i = 0; i < 4; ++i) - { s = PSTR (legit_lst[i]); + for (i = 0; i < 4; ++i) { + s = LANG (legit_lst[i]); if (s != legit_lst[i]) strncpy(legit_lst[i], s, sizeof(legit_lst[0]) - 1); len = strlen(s); if (len > legitlst_len) legitlst_len = len; } - ++trustlst_len; - ++legitlst_len; initialized = 1; -} /* init_trust_lst */ +} /* init_trust_lst */ @@ -859,7 +899,7 @@ init_trust_lst(void) * and 0 if the keys compared OK */ static int -check_secretkey(FILE *f, long keypos) +check_secretkey(FILE *f, long keypos, byte keyctrl) { int status = -1; unit n[MAX_UNIT_PRECISION], e[MAX_UNIT_PRECISION]; @@ -870,33 +910,31 @@ check_secretkey(FILE *f, long keypos) byte ctb; if (sec_fp == NULL) - return(-1); + return -1; savepos = ftell(f); fseek(f, keypos, SEEK_SET); if (readkeypacket(f, FALSE, &ctb, NULL, NULL, n, e, - NULL, NULL, NULL, NULL, NULL, NULL) < 0) + NULL, NULL, NULL, NULL, NULL, NULL) < 0) goto ex; extract_keyID(keyID, n); - do /* get userid */ - { status = readkpacket(f, &ctb, userid, NULL, NULL); + do { /* get userid */ + status = readkpacket(f, &ctb, userid, NULL, NULL); if (status == -1 || status == -3) goto ex; } while (ctb != CTB_USERID); - if (lookup_by_keyID(sec_fp, keyID) < 0) - { + if (lookup_by_keyID(sec_fp, keyID) < 0) { #if 0 - if (!check_only) - { - fprintf(pgpout, PSTR ( + if (!check_only) { + fprintf(pgpout, LANG ( "\nAn \"axiomatic\" key is one which does not need certifying by\n\ anyone else. Usually this special status is reserved only for your\n\ own keys, which should also appear on your secret keyring. The owner\n\ of an axiomatic key (who is typically yourself) is \"ultimately trusted\"\n\ by you to certify any or all other keys.\n")); - fprintf(pgpout, PSTR ("\nKey for user ID: \"%s\"\n\ + fprintf(pgpout, LANG ("\nKey for user ID: \"%s\"\n\ is designated as an \"ultimately-trusted\" introducer, but the key\n\ does not appear in the secret keyring.\n\ Use this key as an ultimately-trusted introducer (y/N)? "), @@ -906,47 +944,52 @@ Use this key as an ultimately-trusted in #else status = 1; #endif - } - else - { + } else { long kpos = ftell(sec_fp); if (readkeypacket(sec_fp, FALSE, &ctb, NULL, NULL, nsec, esec, - NULL, NULL, NULL, NULL, NULL, NULL) < 0) + NULL, NULL, NULL, NULL, NULL, NULL) < 0) { - fprintf(pgpout, PSTR("\n\007Cannot read from secret keyring.\n")); + fprintf(pgpout, LANG("\n\007Cannot read from secret keyring.\n")); status = -3; goto ex; } - if (mp_compare(n, nsec) || mp_compare(e, esec)) - { /* Red Alert! */ - fprintf(pgpout, PSTR("\n\007WARNING: Public key for user ID: \"%s\"\n\ + if (mp_compare(n, nsec) || mp_compare(e, esec)) { + /* Red Alert! */ + fprintf(pgpout, LANG("\n\007WARNING: Public key for user ID: \"%s\"\n\ does not match the corresponding key in the secret keyring.\n"), LOCAL_CHARSET(userid)); - fprintf(pgpout, PSTR("This is a serious condition, indicating possible keyring tampering.\n")); + fprintf(pgpout, LANG("This is a serious condition, indicating possible keyring tampering.\n")); status = -2; - } - else + } else { status = 0; + } - if (floppy_fp) - { - if (lookup_by_keyID(floppy_fp, keyID) < 0) - { - fprintf(pgpout, PSTR("Public key for: \"%s\"\n\ + /* Okay, key is in secret key ring, and it matches. */ + if (!(keyctrl & KC_BUCKSTOP)) { + if (batchmode) { + status = -1; + } else { + fprintf(pgpout, LANG("\nKey for user ID \"%s\"\n\ +also appears in the secret key ring."), userid); + fputs(LANG("\nUse this key as an ultimately-trusted introducer (y/N)? "), pgpout); + status = getyesno('n') ? 0 : -1; + } + } + + if (status == 0 && floppy_fp) { + if (lookup_by_keyID(floppy_fp, keyID) < 0) { + fprintf(pgpout, LANG("Public key for: \"%s\"\n\ is not present in the backup keyring '%s'.\n"), LOCAL_CHARSET(userid), floppyring); - } - else - { + } else { pktlen = ftell(sec_fp) - kpos; fseek(sec_fp, kpos, SEEK_SET); while (--pktlen >= 0 && getc(sec_fp) == getc(floppy_fp)) ; - if (pktlen != -1) - { - fprintf(pgpout, PSTR("\n\007WARNING: Secret key for: \"%s\"\n\ + if (pktlen != -1) { + fprintf(pgpout, LANG("\n\007WARNING: Secret key for: \"%s\"\n\ does not match the key in the backup keyring '%s'.\n"), LOCAL_CHARSET(userid), floppyring); - fprintf(pgpout, PSTR("This is a serious condition, indicating possible keyring tampering.\n")); + fprintf(pgpout, LANG("This is a serious condition, indicating possible keyring tampering.\n")); status = -2; } } @@ -954,8 +997,8 @@ does not match the key in the backup key } ex: fseek(f, savepos, SEEK_SET); - return(status); -} /* check_secretkey */ + return status; +} /* check_secretkey */ /* @@ -963,15 +1006,13 @@ ex: */ static void setup_trust(void) -{ /* initialize trust table */ - if (marg_min == 0) /* marginally trusted signatures are ignored */ - { +{ + /* initialize trust table */ + if (marg_min == 0) { /* marginally trusted signatures are ignored */ trust_tbl[5] = 0; trust_tbl[6] = 1; complete_min = compl_min; - } - else - { + } else { if (marg_min < compl_min) marg_min = compl_min; trust_tbl[5] = compl_min; @@ -980,7 +1021,7 @@ setup_trust(void) } trust_tbl[7] = complete_min; /* ultimate trust */ marginal_min = complete_min / 2; -} /* setup_trust */ +} /* setup_trust */ int ask_owntrust(char *userid, byte cur_trust) @@ -989,32 +1030,32 @@ this key's owner to certify other keys. { char buf[8]; - if (check_only || filter_mode || batchmode) - { /* not interactive */ + if (check_only || filter_mode || batchmode) { + /* not interactive */ ++undefined_trust; /* We complete/undefined. Why? */ - return(KC_OWNERTRUST_UNDEFINED); + return KC_OWNERTRUST_UNDEFINED; } fprintf(pgpout, -PSTR("\nMake a determination in your own mind whether this key actually\n\ +LANG("\nMake a determination in your own mind whether this key actually\n\ belongs to the person whom you think it belongs to, based on available\n\ evidence. If you think it does, then based on your estimate of\n\ that person's integrity and competence in key management, answer\n\ the following question:\n")); - fprintf(pgpout, PSTR("\nWould you trust \"%s\"\n\ + fprintf(pgpout, LANG("\nWould you trust \"%s\"\n\ to act as an introducer and certify other people's public keys to you?\n\ (1=I don't know. 2=No. 3=Usually. 4=Yes, always.) ? "), LOCAL_CHARSET(userid)); fflush(pgpout); getstring(buf, sizeof(buf)-1, TRUE); - switch (buf[0]) - { case '1': return KC_OWNERTRUST_UNKNOWN; + switch (buf[0]) { + case '1': return KC_OWNERTRUST_UNKNOWN; case '2': return KC_OWNERTRUST_NEVER; case '3': return KC_OWNERTRUST_USUALLY; case '4': return KC_OWNERTRUST_ALWAYS; - default: return(TRUST_LEV(cur_trust)); + default: return TRUST_LEV(cur_trust); } -} /* ask_owntrust */ +} /* ask_owntrust */ /* @@ -1032,8 +1073,7 @@ lookup_by_keyID(FILE *f, byte *srch_keyI byte ctb; rewind(f); - while ((status = readkpacket(f, &ctb, NULL, keyID, NULL)) != -1) - { + while ((status = readkpacket(f, &ctb, NULL, keyID, NULL)) != -1) { if (status == -3 || status == -2) break; if (status < 0) @@ -1041,12 +1081,12 @@ lookup_by_keyID(FILE *f, byte *srch_keyI if (is_key_ctb(ctb) && memcmp(keyID, srch_keyID, KEYFRAGSIZE) == 0) { fseek(f, keypos, SEEK_SET); - return(keypos); + return keypos; } keypos = ftell(f); } - return(status); -} /* lookup_by_keyID */ + return status; +} /* lookup_by_keyID */ /* * look up the key matching "keyID" and print the first userID @@ -1063,8 +1103,7 @@ show_userid(FILE *f, byte *keyID) filepos = ftell(f); if (lookup_by_keyID(f, keyID) >= 0) while ((status = readkpacket(f, &ctb, userid, NULL, NULL)) != -1 && status != -3) - if (ctb == CTB_USERID) - { + if (ctb == CTB_USERID) { fprintf(pgpout, "%s\n", LOCAL_CHARSET(userid)); fseek(f, filepos, SEEK_SET); return; @@ -1072,7 +1111,7 @@ show_userid(FILE *f, byte *keyID) fprintf(pgpout, "(KeyID: %s)\n",keyIDstring(keyID)); fseek(f, filepos, SEEK_SET); -} /* show_userid */ +} /* show_userid */ /* @@ -1081,28 +1120,28 @@ show_userid(FILE *f, byte *keyID) static char *owntrust_msg[] = { "", /* Just don't say anything in this case */ "", - _PSTR("This user is untrusted to certify other keys.\n"), + _LANG("This user is untrusted to certify other keys.\n"), "", /* reserved */ "", /* reserved */ - _PSTR("This user is generally trusted to certify other keys.\n"), - _PSTR("This user is completely trusted to certify other keys.\n"), - _PSTR("This axiomatic key is ultimately trusted to certify other keys.\n"), + _LANG("This user is generally trusted to certify other keys.\n"), + _LANG("This user is completely trusted to certify other keys.\n"), + _LANG("This axiomatic key is ultimately trusted to certify other keys.\n"), }; static char *keylegit_msg[] = { - _PSTR("This key/userID association is not certified.\n"), - _PSTR("This key/userID association is not certified.\n"), - _PSTR("This key/userID association is marginally certified.\n"), - _PSTR("This key/userID association is fully certified.\n"), + _LANG("This key/userID association is not certified.\n"), + _LANG("This key/userID association is not certified.\n"), + _LANG("This key/userID association is marginally certified.\n"), + _LANG("This key/userID association is fully certified.\n"), }; static char *sigtrust_msg[] = { - _PSTR(" Questionable certification from:\n "), - _PSTR(" Questionable certification from:\n "), - _PSTR(" Untrusted certification from:\n "), + _LANG(" Questionable certification from:\n "), + _LANG(" Questionable certification from:\n "), + _LANG(" Untrusted certification from:\n "), "", /* reserved */ "", /* reserved */ - _PSTR(" Generally trusted certification from:\n "), - _PSTR(" Completely trusted certification from:\n "), - _PSTR(" Axiomatically trusted certification from:\n "), + _LANG(" Generally trusted certification from:\n "), + _LANG(" Completely trusted certification from:\n "), + _LANG(" Axiomatically trusted certification from:\n "), }; /* @@ -1143,25 +1182,28 @@ show_key(FILE *f, long keypos, int what) { if (status == -2 || status == -3) break; - if (is_key_ctb(ctb)) - { if (userids) + if (is_key_ctb(ctb)) { + + if (userids) break; if (what & SHOW_HASH) getKeyHash(hash, n, e); keyctb = ctb; keystatus = status; /* remember status, could be version error */ - } - else if (ctb == CTB_KEYCTRL) /* trust bytes only in public keyrings */ - { + + } else if (ctb == CTB_KEYCTRL) { + + /* trust bytes only in public keyrings */ if (keystatus >= 0 && !userids) /* key packet trust byte */ if (keyctrl & KC_DISABLED) disabled = 1; if (what & SHOW_TRUST) print_trust = TRUE; - } - else if (ctb == CTB_USERID) - { if (userids == 0) - { PascalToC(userid); /* for display */ + + } else if (ctb == CTB_USERID) { + + if (userids == 0) { + PascalToC(userid); /* for display */ ++userids; if (what & SHOW_CHANGE) { show_update(key2IDstring(n)); @@ -1187,37 +1229,36 @@ show_key(FILE *f, long keypos, int what) fprintf(pgpout,"%s\n",LOCAL_CHARSET(userid)); break; /* only print default userid */ } - fprintf(pgpout,PSTR("\nKey for user ID: %s\n"), + fprintf(pgpout,LANG("\nKey for user ID: %s\n"), LOCAL_CHARSET(userid)); - fprintf(pgpout,PSTR("%d-bit key, Key ID %s, created %s\n"), + fprintf(pgpout,LANG("%d-bit key, Key ID %s, created %s\n"), countbits(n), key2IDstring(n), cdate(×tamp) ); if (keystatus == -4) - fprintf(pgpout,PSTR("Bad key format.\n")); + fprintf(pgpout,LANG("Bad key format.\n")); else if (keystatus == -6) - fprintf(pgpout,PSTR("Unrecognized version.\n")); + fprintf(pgpout,LANG("Unrecognized version.\n")); else if (what & SHOW_HASH) printKeyHash(hash, FALSE); if (compromised) - fprintf(pgpout, PSTR("Key has been revoked.\n")); + fprintf(pgpout, LANG("Key has been revoked.\n")); if (disabled) - fprintf(pgpout, PSTR("Key is disabled.\n")); + fprintf(pgpout, LANG("Key is disabled.\n")); if (print_trust && *owntrust_msg[TRUST_LEV(keyctrl)] != '\0') - fprintf(pgpout, PSTR (owntrust_msg[TRUST_LEV(keyctrl)])); - } - else - { PascalToC(userid); + fprintf(pgpout, LANG (owntrust_msg[TRUST_LEV(keyctrl)])); + } else { + PascalToC(userid); if (what != 0) fprintf(pgpout, "\n"); - fprintf(pgpout,PSTR("Also known as: %s\n"), + fprintf(pgpout,LANG("Also known as: %s\n"), LOCAL_CHARSET(userid)); } if (print_trust) { read_trust(f, &keyctrl); - fprintf(pgpout, PSTR (keylegit_msg[keyctrl&KC_LEGIT_MASK])); + fprintf(pgpout, LANG (keylegit_msg[keyctrl&KC_LEGIT_MASK])); } /* print_trust */ - } - else if (is_ctb_type(ctb, CTB_SKE_TYPE)) - { + + } else if (is_ctb_type(ctb, CTB_SKE_TYPE)) { + if (userids == 0) compromised = 1; if (what & SHOW_CHANGE) { @@ -1227,10 +1268,10 @@ show_key(FILE *f, long keypos, int what) if (what & SHOW_SIGS) { if (print_trust) { read_trust(f, &keyctrl); - fprintf(pgpout, PSTR (sigtrust_msg[TRUST_LEV(keyctrl)])); + fprintf(pgpout, LANG (sigtrust_msg[TRUST_LEV(keyctrl)])); + } else { + fprintf(pgpout, LANG(" Certified by: ")); } - else - fprintf(pgpout, PSTR(" Certified by: ")); show_userid(f, sigkeyID); } } @@ -1239,8 +1280,8 @@ show_key(FILE *f, long keypos, int what) status = 0; set_precision(precision); fseek(f, filepos, SEEK_SET); - return(status); -} /* show_key */ + return status; +} /* show_key */ /* show_update -- this function just prints an update message to * pgpout to inform the user that an update happened. @@ -1263,15 +1304,14 @@ readkpacket(FILE *f, byte *ctb, char *us unit n[MAX_UNIT_PRECISION], e[MAX_UNIT_PRECISION]; status = readkeypacket(f, FALSE, ctb, NULL, userid, n, e, - NULL, NULL, NULL, NULL, sigkeyID, NULL); + NULL, NULL, NULL, NULL, sigkeyID, NULL); - if (status < 0) - { + if (status < 0) { #ifdef DEBUG if (status < -1) fprintf(stderr, "readkeypacket returned %d\n", status); #endif - return(status); + return status; } if (keyID && is_key_ctb(*ctb)) @@ -1280,8 +1320,8 @@ readkpacket(FILE *f, byte *ctb, char *us if (userid && *ctb == CTB_USERID) PascalToC(userid); - return(0); -} /* readkpacket */ + return 0; +} /* readkpacket */ /* @@ -1296,7 +1336,7 @@ write_trust_pos(FILE *f, byte keyctrl, l fseek(f, pos, SEEK_SET); write_trust(f, keyctrl); fseek(f, fpos, SEEK_SET); -} /* write_trust_pos */ +} /* write_trust_pos */ /* @@ -1317,16 +1357,16 @@ read_trust(FILE *f, byte *keyctrl) if (buf[0] != CTB_KEYCTRL) { if (is_ctb(buf[0])) { fseek(f, -3L, SEEK_CUR); - return(ERR_NOTRUST); + return ERR_NOTRUST; } else - return(-3); /* bad data */ + return -3; /* bad data */ } if (buf[1] != 1) /* length must be 1 */ - return(-3); + return -3; if (keyctrl) *keyctrl = buf[2]; - return(0); -} /* read_trust */ + return 0; +} /* read_trust */ @@ -1378,8 +1418,8 @@ _user_from_keyID(byte *srch_keyID) } fclose(f); } - return(found ? userid : NULL); -} + return found ? userid : NULL; +} /* _user_from_keyID */ /* * Lookup userid by keyID, use hash table if initialized. @@ -1395,7 +1435,7 @@ user_from_keyID(byte *keyID) if (memcmp(keyID, p->keyID, KEYFRAGSIZE) == 0) return p->userid; return NULL; -} +} /* user_from_keyID */ /* * add keyfile to userid hash table, userids are added, endkrent() clears @@ -1405,19 +1445,16 @@ int setkrent(char *keyring) { int i; - char pubring[MAX_PATH]; assert(nkr < MAXKR); - if (keyring == NULL) { - buildfilename(pubring, PUBLIC_KEYRING_FILENAME); - keyring = pubring; - } + if (keyring == NULL) + keyring = globalPubringName; for (i = 0; i < nkr; ++i) if (strcmp(keyring, krnames[i]) == 0) return 0; /* duplicate name */ krnames[nkr++] = store_str(keyring); return 0; -} +} /* setkrent */ void endkrent(void) @@ -1426,7 +1463,7 @@ endkrent(void) hashtbl = NULL; nkr = 0; freebufpool(); -} +} /* endkrent */ /* * create userid hash table, read all files set with setkrent() @@ -1469,7 +1506,7 @@ init_userhash(void) fclose(f); } return 0; -} +} /* init_userhash */ /* * memory management routines @@ -1510,7 +1547,7 @@ allocn(int size) nleft -= size; ptr += size; return ptr - size; -} +} /* allocn */ /* * store_str does the same as strdup(), but allocates memory with allocbuf() @@ -1531,7 +1568,7 @@ store_str(char *str) strptr += size; strleft -= size; return strptr - size; -} +} /* store_str */ static struct bufpool { @@ -1555,7 +1592,7 @@ allocbuf(int size) p->next = bufpool; bufpool = p; return p->buf; -} +} /* allocbuf */ /* * free all memory obtained with allocbuf() @@ -1573,4 +1610,4 @@ freebufpool(void) bufpool = bufpool->next; free(p); } -} +} /* freebufpool */