summaryrefslogtreecommitdiffabout
path: root/src/gpg.c
Side-by-side diff
Diffstat (limited to 'src/gpg.c') (more/less context) (ignore whitespace changes)
-rw-r--r--src/gpg.c107
1 files changed, 59 insertions, 48 deletions
diff --git a/src/gpg.c b/src/gpg.c
index 8979e9c..814be6f 100644
--- a/src/gpg.c
+++ b/src/gpg.c
@@ -144,83 +144,93 @@ create_gpg_homedir ()
logmsg (LOG_DEBUG, _("GNUPG home directory: %s"), temp_homedir);
setenv ("GNUPGHOME", temp_homedir, 1);
return 0;
}
static int
+checksig (gpgme_signature_t sig, const char *uid, struct file_triplet *trp)
+{
+ switch (gpg_err_code (sig->status))
+ {
+ case GPG_ERR_NO_ERROR:
+ if (debug_level)
+ logmsg (LOG_NOTICE, _("Good signature from %s"), uid);
+ trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr);
+ if (!trp->uploader)
+ {
+ logmsg (LOG_ERR,
+ _("good signature from %s, "
+ "but the uploader info for %s not found"),
+ uid, sig->fpr);
+ return 1;
+ }
+ break;
+
+ case GPG_ERR_BAD_SIGNATURE:
+ UPDATE_STATS (STAT_BAD_SIGNATURE);
+ logmsg (LOG_ERR, _("BAD signature from %s"), uid);
+ return 0;
+
+ case GPG_ERR_NO_PUBKEY:
+ UPDATE_STATS (STAT_ACCESS_VIOLATIONS);
+ logmsg (LOG_ERR, _("No public key"));
+ return 0;
+
+ case GPG_ERR_NO_DATA:
+ UPDATE_STATS (STAT_BAD_TRIPLETS);
+ logmsg (LOG_ERR, _("No signature"));
+ return 0;
+
+ case GPG_ERR_SIG_EXPIRED:
+ UPDATE_STATS (STAT_BAD_SIGNATURE);
+ logmsg (LOG_ERR, _("Expired signature from %s"), uid);
+ return 0;
+
+ case GPG_ERR_KEY_EXPIRED:
+ UPDATE_STATS (STAT_BAD_SIGNATURE);
+ logmsg (LOG_ERR, _("Key expired (%s)"), uid);
+ return 0;
+
+ default:
+ logmsg (LOG_ERR, _("Unknown signature error"));
+ return 0;
+ }
+ return -1;
+}
+
+static int
gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig,
struct file_triplet *trp)
{
if (!sig)
return 0;
for (; sig; sig = sig->next)
{
const char *uid;
gpgme_key_t key;
-
+ int rc;
+
if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR)
uid = key->uids->uid;
else
uid = sig->fpr;
-
- switch (gpg_err_code (sig->status))
- {
- case GPG_ERR_NO_ERROR:
- if (debug_level)
- logmsg (LOG_NOTICE, _("Good signature from %s"), uid);
- trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr);
- if (!trp->uploader)
- {
- logmsg (LOG_ERR,
- _("good signature from %s, "
- "but the uploader info for %s not found"),
- uid, sig->fpr);
- return 1;
- }
- break;
-
- case GPG_ERR_BAD_SIGNATURE:
- UPDATE_STATS (STAT_BAD_SIGNATURE);
- logmsg (LOG_ERR, _("BAD signature from %s"), uid);
- return 0;
-
- case GPG_ERR_NO_PUBKEY:
- UPDATE_STATS (STAT_ACCESS_VIOLATIONS);
- logmsg (LOG_ERR, _("No public key"));
- return 0;
-
- case GPG_ERR_NO_DATA:
- UPDATE_STATS (STAT_BAD_TRIPLETS);
- logmsg (LOG_ERR, _("No signature"));
- return 0;
-
- case GPG_ERR_SIG_EXPIRED:
- UPDATE_STATS (STAT_BAD_SIGNATURE);
- logmsg (LOG_ERR, _("Expired signature from %s"), uid);
- return 0;
-
- case GPG_ERR_KEY_EXPIRED:
- UPDATE_STATS (STAT_BAD_SIGNATURE);
- logmsg (LOG_ERR, _("Key expired (%s)"), uid);
- return 0;
-
- default:
- logmsg (LOG_ERR, _("Unknown signature error"));
- return 0;
- }
+ rc = checksig (sig, uid, trp);
+ gpgme_key_unref (key);
+ if (rc != -1)
+ return rc;
}
return 1;
}
/* Verify the directive file from TRP using public key PUBKEY */
int
verify_directive_signature (struct file_triplet *trp)
{
gpgme_ctx_t ctx;
- gpgme_data_t key_data, directive_data, plain;
+ gpgme_data_t key_data, directive_data, plain = NULL;
gpgme_error_t ec;
int rc;
struct uploader_info *uptr;
create_gpg_homedir ();
fail_if_err (gpgme_new (&ctx));
@@ -266,12 +276,13 @@ verify_directive_signature (struct file_triplet *trp)
rc = 1;
UPDATE_STATS (STAT_BAD_SIGNATURE);
logmsg (LOG_ERR, _("%s: directive verification failed: %s"),
trp->name, gpgme_strerror (ec));
}
+ gpgme_data_release (plain);
gpgme_data_release (directive_data);
gpgme_data_release (key_data);
gpgme_release (ctx);
return rc;
}

Return to:

Send suggestions and report system problems to the System administrator.