1 files changed, 70 insertions, 10 deletions

diff --git a/src/gpg.c b/src/gpg.c
index 8e67e63..f4cade4 100644
--- a/src/gpg.c
+++ b/src/gpg.c
@@ -1,4 +1,4 @@
-/* wydawca - FTP release synchronisation daemon
+/* wydawca - FTP release synchronization daemon
    Copyright (C) 2007 Sergey Poznyakoff
 
    This program is free software; you can redistribute it and/or modify it
@@ -147,6 +147,57 @@ wydawca_gpg_homedir ()
   return 0;
 }
 
+static int
+gpg_sig_ok_p (gpgme_ctx_t ctx, gpgme_signature_t sig)
+{
+  if (!sig)
+    return 0;
+
+  for (; sig; sig = sig->next)
+    {
+      const char *uid;
+      gpgme_key_t key;
+
+      if (gpgme_get_key (ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR)
+	uid = key->uids->uid;
+      else
+	uid = sig->fpr;
+      
+      switch (gpg_err_code (sig->status))
+	{
+	case GPG_ERR_NO_ERROR:
+	  if (debug_level)
+	    logmsg (LOG_NOTICE, "Good signature from %s", uid);
+	  break;
+          
+	case GPG_ERR_BAD_SIGNATURE:
+	  logmsg (LOG_ERR, "BAD signature from %s", uid);
+	  return 0;
+          
+	case GPG_ERR_NO_PUBKEY:
+	  logmsg (LOG_ERR, "No public key");
+	  return 0;
+          
+	case GPG_ERR_NO_DATA:
+	  logmsg (LOG_ERR, "No signature");
+	  return 0;
+          
+	case GPG_ERR_SIG_EXPIRED:
+	  logmsg (LOG_ERR, "Expired signature from %s", uid);
+	  return 0;
+          
+	case GPG_ERR_KEY_EXPIRED:
+	  logmsg (LOG_ERR, "Key expired (%s)", uid);
+	  return 0;
+          
+	default:
+	  logmsg (LOG_ERR, "Unknown signature error");
+	  return 0;
+	}
+    }
+  return 1;
+}    
+
 /* Verify the directive file from TRP using public key PUBKEY */
 /* FIXME: dpair currently unused */
 int
@@ -171,14 +222,23 @@ verify_directive_signature (struct file_triplet *trp,
   ec = gpgme_op_verify (ctx, directive_data, NULL, plain);
   if (ec == GPG_ERR_NO_ERROR)
     {
-      size = gpgme_data_seek (plain, 0, SEEK_END);
-      gpgme_data_seek (plain, 0, SEEK_SET);
-      trp->blurb = xmalloc (size + 1);
-      gpgme_data_read (plain, trp->blurb, size);
-      trp->blurb[size] = 0;
-      gpgme_data_release (plain);
-
-      rc = directive_parse (trp);
+      gpgme_verify_result_t result;
+      gpgme_signature_t sig;
+      
+      result = gpgme_op_verify_result (ctx);
+      if (gpg_sig_ok_p (ctx, result->signatures))
+	{
+	  size = gpgme_data_seek (plain, 0, SEEK_END);
+	  gpgme_data_seek (plain, 0, SEEK_SET);
+	  trp->blurb = xmalloc (size + 1);
+	  gpgme_data_read (plain, trp->blurb, size);
+	  trp->blurb[size] = 0;
+	  gpgme_data_release (plain);
+	  
+	  rc = directive_parse (trp);
+	}
+      else
+	rc = 1;
     }
   else
     {
@@ -230,7 +290,7 @@ verify_detached_signature (struct file_triplet *trp,
       return 0;
 
     case exec_fail:
-      logmsg (LOG_ERR, "bad detached signature for %s", trp->name);
+      logmsg (LOG_ERR, "BAD detached signature for %s", trp->name);
       break;
 
     case exec_error: