diff options
Diffstat (limited to 'src/gpg.c')
-rw-r--r-- | src/gpg.c | 80 |
1 files changed, 70 insertions, 10 deletions
@@ -1,4 +1,4 @@ -/* wydawca - FTP release synchronisation daemon +/* wydawca - FTP release synchronization daemon Copyright (C) 2007 Sergey Poznyakoff This program is free software; you can redistribute it and/or modify it @@ -147,6 +147,57 @@ wydawca_gpg_homedir () return 0; } +static int +gpg_sig_ok_p (gpgme_ctx_t ctx, gpgme_signature_t sig) +{ + if (!sig) + return 0; + + for (; sig; sig = sig->next) + { + const char *uid; + gpgme_key_t key; + + if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR) + uid = key->uids->uid; + else + uid = sig->fpr; + + switch (gpg_err_code (sig->status)) + { + case GPG_ERR_NO_ERROR: + if (debug_level) + logmsg (LOG_NOTICE, "Good signature from %s", uid); + break; + + case GPG_ERR_BAD_SIGNATURE: + logmsg (LOG_ERR, "BAD signature from %s", uid); + return 0; + + case GPG_ERR_NO_PUBKEY: + logmsg (LOG_ERR, "No public key"); + return 0; + + case GPG_ERR_NO_DATA: + logmsg (LOG_ERR, "No signature"); + return 0; + + case GPG_ERR_SIG_EXPIRED: + logmsg (LOG_ERR, "Expired signature from %s", uid); + return 0; + + case GPG_ERR_KEY_EXPIRED: + logmsg (LOG_ERR, "Key expired (%s)", uid); + return 0; + + default: + logmsg (LOG_ERR, "Unknown signature error"); + return 0; + } + } + return 1; +} + /* Verify the directive file from TRP using public key PUBKEY */ /* FIXME: dpair currently unused */ int @@ -171,14 +222,23 @@ verify_directive_signature (struct file_triplet *trp, ec = gpgme_op_verify (ctx, directive_data, NULL, plain); if (ec == GPG_ERR_NO_ERROR) { - size = gpgme_data_seek (plain, 0, SEEK_END); - gpgme_data_seek (plain, 0, SEEK_SET); - trp->blurb = xmalloc (size + 1); - gpgme_data_read (plain, trp->blurb, size); - trp->blurb[size] = 0; - gpgme_data_release (plain); - - rc = directive_parse (trp); + gpgme_verify_result_t result; + gpgme_signature_t sig; + + result = gpgme_op_verify_result (ctx); + if (gpg_sig_ok_p (ctx, result->signatures)) + { + size = gpgme_data_seek (plain, 0, SEEK_END); + gpgme_data_seek (plain, 0, SEEK_SET); + trp->blurb = xmalloc (size + 1); + gpgme_data_read (plain, trp->blurb, size); + trp->blurb[size] = 0; + gpgme_data_release (plain); + + rc = directive_parse (trp); + } + else + rc = 1; } else { @@ -230,7 +290,7 @@ verify_detached_signature (struct file_triplet *trp, return 0; case exec_fail: - logmsg (LOG_ERR, "bad detached signature for %s", trp->name); + logmsg (LOG_ERR, "BAD detached signature for %s", trp->name); break; case exec_error: |