diff options
Diffstat (limited to 'src/gpg.c')
-rw-r--r-- | src/gpg.c | 107 |
1 files changed, 59 insertions, 48 deletions
@@ -148,4 +148,55 @@ create_gpg_homedir () static int +checksig (gpgme_signature_t sig, const char *uid, struct file_triplet *trp) +{ + switch (gpg_err_code (sig->status)) + { + case GPG_ERR_NO_ERROR: + if (debug_level) + logmsg (LOG_NOTICE, _("Good signature from %s"), uid); + trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr); + if (!trp->uploader) + { + logmsg (LOG_ERR, + _("good signature from %s, " + "but the uploader info for %s not found"), + uid, sig->fpr); + return 1; + } + break; + + case GPG_ERR_BAD_SIGNATURE: + UPDATE_STATS (STAT_BAD_SIGNATURE); + logmsg (LOG_ERR, _("BAD signature from %s"), uid); + return 0; + + case GPG_ERR_NO_PUBKEY: + UPDATE_STATS (STAT_ACCESS_VIOLATIONS); + logmsg (LOG_ERR, _("No public key")); + return 0; + + case GPG_ERR_NO_DATA: + UPDATE_STATS (STAT_BAD_TRIPLETS); + logmsg (LOG_ERR, _("No signature")); + return 0; + + case GPG_ERR_SIG_EXPIRED: + UPDATE_STATS (STAT_BAD_SIGNATURE); + logmsg (LOG_ERR, _("Expired signature from %s"), uid); + return 0; + + case GPG_ERR_KEY_EXPIRED: + UPDATE_STATS (STAT_BAD_SIGNATURE); + logmsg (LOG_ERR, _("Key expired (%s)"), uid); + return 0; + + default: + logmsg (LOG_ERR, _("Unknown signature error")); + return 0; + } + return -1; +} + +static int gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig, struct file_triplet *trp) @@ -158,55 +209,14 @@ gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig, const char *uid; gpgme_key_t key; - + int rc; + if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR) uid = key->uids->uid; else uid = sig->fpr; - - switch (gpg_err_code (sig->status)) - { - case GPG_ERR_NO_ERROR: - if (debug_level) - logmsg (LOG_NOTICE, _("Good signature from %s"), uid); - trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr); - if (!trp->uploader) - { - logmsg (LOG_ERR, - _("good signature from %s, " - "but the uploader info for %s not found"), - uid, sig->fpr); - return 1; - } - break; - - case GPG_ERR_BAD_SIGNATURE: - UPDATE_STATS (STAT_BAD_SIGNATURE); - logmsg (LOG_ERR, _("BAD signature from %s"), uid); - return 0; - - case GPG_ERR_NO_PUBKEY: - UPDATE_STATS (STAT_ACCESS_VIOLATIONS); - logmsg (LOG_ERR, _("No public key")); - return 0; - - case GPG_ERR_NO_DATA: - UPDATE_STATS (STAT_BAD_TRIPLETS); - logmsg (LOG_ERR, _("No signature")); - return 0; - - case GPG_ERR_SIG_EXPIRED: - UPDATE_STATS (STAT_BAD_SIGNATURE); - logmsg (LOG_ERR, _("Expired signature from %s"), uid); - return 0; - - case GPG_ERR_KEY_EXPIRED: - UPDATE_STATS (STAT_BAD_SIGNATURE); - logmsg (LOG_ERR, _("Key expired (%s)"), uid); - return 0; - - default: - logmsg (LOG_ERR, _("Unknown signature error")); - return 0; - } + rc = checksig (sig, uid, trp); + gpgme_key_unref (key); + if (rc != -1) + return rc; } return 1; @@ -218,5 +228,5 @@ verify_directive_signature (struct file_triplet *trp) { gpgme_ctx_t ctx; - gpgme_data_t key_data, directive_data, plain; + gpgme_data_t key_data, directive_data, plain = NULL; gpgme_error_t ec; int rc; @@ -270,4 +280,5 @@ verify_directive_signature (struct file_triplet *trp) } + gpgme_data_release (plain); gpgme_data_release (directive_data); gpgme_data_release (key_data); |