diff options
Diffstat (limited to 'src/gpg.c')
-rw-r--r-- | src/gpg.c | 107 |
1 files changed, 59 insertions, 48 deletions
@@ -138,95 +138,105 @@ create_gpg_homedir () logmsg (LOG_CRIT, _("cannot create GPG home directory (%s): %s"), temp_homedir, strerror (errno)); return 1; } atexit (remove_homedir); if (debug_level > 1) logmsg (LOG_DEBUG, _("GNUPG home directory: %s"), temp_homedir); setenv ("GNUPGHOME", temp_homedir, 1); return 0; } static int +checksig (gpgme_signature_t sig, const char *uid, struct file_triplet *trp) +{ + switch (gpg_err_code (sig->status)) + { + case GPG_ERR_NO_ERROR: + if (debug_level) + logmsg (LOG_NOTICE, _("Good signature from %s"), uid); + trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr); + if (!trp->uploader) + { + logmsg (LOG_ERR, + _("good signature from %s, " + "but the uploader info for %s not found"), + uid, sig->fpr); + return 1; + } + break; + + case GPG_ERR_BAD_SIGNATURE: + UPDATE_STATS (STAT_BAD_SIGNATURE); + logmsg (LOG_ERR, _("BAD signature from %s"), uid); + return 0; + + case GPG_ERR_NO_PUBKEY: + UPDATE_STATS (STAT_ACCESS_VIOLATIONS); + logmsg (LOG_ERR, _("No public key")); + return 0; + + case GPG_ERR_NO_DATA: + UPDATE_STATS (STAT_BAD_TRIPLETS); + logmsg (LOG_ERR, _("No signature")); + return 0; + + case GPG_ERR_SIG_EXPIRED: + UPDATE_STATS (STAT_BAD_SIGNATURE); + logmsg (LOG_ERR, _("Expired signature from %s"), uid); + return 0; + + case GPG_ERR_KEY_EXPIRED: + UPDATE_STATS (STAT_BAD_SIGNATURE); + logmsg (LOG_ERR, _("Key expired (%s)"), uid); + return 0; + + default: + logmsg (LOG_ERR, _("Unknown signature error")); + return 0; + } + return -1; +} + +static int gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig, struct file_triplet *trp) { if (!sig) return 0; for (; sig; sig = sig->next) { const char *uid; gpgme_key_t key; - + int rc; + if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR) uid = key->uids->uid; else uid = sig->fpr; - - switch (gpg_err_code (sig->status)) - { - case GPG_ERR_NO_ERROR: - if (debug_level) - logmsg (LOG_NOTICE, _("Good signature from %s"), uid); - trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr); - if (!trp->uploader) - { - logmsg (LOG_ERR, - _("good signature from %s, " - "but the uploader info for %s not found"), - uid, sig->fpr); - return 1; - } - break; - - case GPG_ERR_BAD_SIGNATURE: - UPDATE_STATS (STAT_BAD_SIGNATURE); - logmsg (LOG_ERR, _("BAD signature from %s"), uid); - return 0; - - case GPG_ERR_NO_PUBKEY: - UPDATE_STATS (STAT_ACCESS_VIOLATIONS); - logmsg (LOG_ERR, _("No public key")); - return 0; - - case GPG_ERR_NO_DATA: - UPDATE_STATS (STAT_BAD_TRIPLETS); - logmsg (LOG_ERR, _("No signature")); - return 0; - - case GPG_ERR_SIG_EXPIRED: - UPDATE_STATS (STAT_BAD_SIGNATURE); - logmsg (LOG_ERR, _("Expired signature from %s"), uid); - return 0; - - case GPG_ERR_KEY_EXPIRED: - UPDATE_STATS (STAT_BAD_SIGNATURE); - logmsg (LOG_ERR, _("Key expired (%s)"), uid); - return 0; - - default: - logmsg (LOG_ERR, _("Unknown signature error")); - return 0; - } + rc = checksig (sig, uid, trp); + gpgme_key_unref (key); + if (rc != -1) + return rc; } return 1; } /* Verify the directive file from TRP using public key PUBKEY */ int verify_directive_signature (struct file_triplet *trp) { gpgme_ctx_t ctx; - gpgme_data_t key_data, directive_data, plain; + gpgme_data_t key_data, directive_data, plain = NULL; gpgme_error_t ec; int rc; struct uploader_info *uptr; create_gpg_homedir (); fail_if_err (gpgme_new (&ctx)); for (uptr = trp->uploader_list; uptr; uptr = uptr->next) { gpgme_import_result_t res; gpgme_import_status_t pstat; @@ -260,24 +270,25 @@ verify_directive_signature (struct file_triplet *trp) } else rc = 0; } else { rc = 1; UPDATE_STATS (STAT_BAD_SIGNATURE); logmsg (LOG_ERR, _("%s: directive verification failed: %s"), trp->name, gpgme_strerror (ec)); } + gpgme_data_release (plain); gpgme_data_release (directive_data); gpgme_data_release (key_data); gpgme_release (ctx); return rc; } /* Verify the detached signature of TRP. NOTE: It is assumed that the public key is already registered (by a previous call to verify_directive_signature). */ int verify_detached_signature (struct file_triplet *trp) |