summaryrefslogtreecommitdiffabout
path: root/src/gpg.c
Unidiff
Diffstat (limited to 'src/gpg.c') (more/less context) (ignore whitespace changes)
-rw-r--r--src/gpg.c107
1 files changed, 59 insertions, 48 deletions
diff --git a/src/gpg.c b/src/gpg.c
index 8979e9c..814be6f 100644
--- a/src/gpg.c
+++ b/src/gpg.c
@@ -147,6 +147,57 @@ create_gpg_homedir ()
147} 147}
148 148
149static int 149static int
150checksig (gpgme_signature_t sig, const char *uid, struct file_triplet *trp)
151{
152 switch (gpg_err_code (sig->status))
153 {
154 case GPG_ERR_NO_ERROR:
155 if (debug_level)
156 logmsg (LOG_NOTICE, _("Good signature from %s"), uid);
157 trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr);
158 if (!trp->uploader)
159 {
160 logmsg (LOG_ERR,
161 _("good signature from %s, "
162 "but the uploader info for %s not found"),
163 uid, sig->fpr);
164 return 1;
165 }
166 break;
167
168 case GPG_ERR_BAD_SIGNATURE:
169 UPDATE_STATS (STAT_BAD_SIGNATURE);
170 logmsg (LOG_ERR, _("BAD signature from %s"), uid);
171 return 0;
172
173 case GPG_ERR_NO_PUBKEY:
174 UPDATE_STATS (STAT_ACCESS_VIOLATIONS);
175 logmsg (LOG_ERR, _("No public key"));
176 return 0;
177
178 case GPG_ERR_NO_DATA:
179 UPDATE_STATS (STAT_BAD_TRIPLETS);
180 logmsg (LOG_ERR, _("No signature"));
181 return 0;
182
183 case GPG_ERR_SIG_EXPIRED:
184 UPDATE_STATS (STAT_BAD_SIGNATURE);
185 logmsg (LOG_ERR, _("Expired signature from %s"), uid);
186 return 0;
187
188 case GPG_ERR_KEY_EXPIRED:
189 UPDATE_STATS (STAT_BAD_SIGNATURE);
190 logmsg (LOG_ERR, _("Key expired (%s)"), uid);
191 return 0;
192
193 default:
194 logmsg (LOG_ERR, _("Unknown signature error"));
195 return 0;
196 }
197 return -1;
198}
199
200static int
150gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig, 201gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig,
151 struct file_triplet *trp) 202 struct file_triplet *trp)
152{ 203{
@@ -157,57 +208,16 @@ gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig,
157 { 208 {
158 const char *uid; 209 const char *uid;
159 gpgme_key_t key; 210 gpgme_key_t key;
160 211 int rc;
212
161 if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR) 213 if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR)
162 uid = key->uids->uid; 214 uid = key->uids->uid;
163 else 215 else
164 uid = sig->fpr; 216 uid = sig->fpr;
165 217 rc = checksig (sig, uid, trp);
166 switch (gpg_err_code (sig->status)) 218 gpgme_key_unref (key);
167 { 219 if (rc != -1)
168 case GPG_ERR_NO_ERROR: 220 return rc;
169 if (debug_level)
170 logmsg (LOG_NOTICE, _("Good signature from %s"), uid);
171 trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr);
172 if (!trp->uploader)
173 {
174 logmsg (LOG_ERR,
175 _("good signature from %s, "
176 "but the uploader info for %s not found"),
177 uid, sig->fpr);
178 return 1;
179 }
180 break;
181
182 case GPG_ERR_BAD_SIGNATURE:
183 UPDATE_STATS (STAT_BAD_SIGNATURE);
184 logmsg (LOG_ERR, _("BAD signature from %s"), uid);
185 return 0;
186
187 case GPG_ERR_NO_PUBKEY:
188 UPDATE_STATS (STAT_ACCESS_VIOLATIONS);
189 logmsg (LOG_ERR, _("No public key"));
190 return 0;
191
192 case GPG_ERR_NO_DATA:
193 UPDATE_STATS (STAT_BAD_TRIPLETS);
194 logmsg (LOG_ERR, _("No signature"));
195 return 0;
196
197 case GPG_ERR_SIG_EXPIRED:
198 UPDATE_STATS (STAT_BAD_SIGNATURE);
199 logmsg (LOG_ERR, _("Expired signature from %s"), uid);
200 return 0;
201
202 case GPG_ERR_KEY_EXPIRED:
203 UPDATE_STATS (STAT_BAD_SIGNATURE);
204 logmsg (LOG_ERR, _("Key expired (%s)"), uid);
205 return 0;
206
207 default:
208 logmsg (LOG_ERR, _("Unknown signature error"));
209 return 0;
210 }
211 } 221 }
212 return 1; 222 return 1;
213} 223}
@@ -217,7 +227,7 @@ int
217verify_directive_signature (struct file_triplet *trp) 227verify_directive_signature (struct file_triplet *trp)
218{ 228{
219 gpgme_ctx_t ctx; 229 gpgme_ctx_t ctx;
220 gpgme_data_t key_data, directive_data, plain; 230 gpgme_data_t key_data, directive_data, plain = NULL;
221 gpgme_error_t ec; 231 gpgme_error_t ec;
222 int rc; 232 int rc;
223 struct uploader_info *uptr; 233 struct uploader_info *uptr;
@@ -269,6 +279,7 @@ verify_directive_signature (struct file_triplet *trp)
269 trp->name, gpgme_strerror (ec)); 279 trp->name, gpgme_strerror (ec));
270 } 280 }
271 281
282 gpgme_data_release (plain);
272 gpgme_data_release (directive_data); 283 gpgme_data_release (directive_data);
273 gpgme_data_release (key_data); 284 gpgme_data_release (key_data);
274 gpgme_release (ctx); 285 gpgme_release (ctx);

Return to:

Send suggestions and report system problems to the System administrator.