aboutsummaryrefslogtreecommitdiff
path: root/src/gpg.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gpg.c')
-rw-r--r--src/gpg.c56
1 files changed, 40 insertions, 16 deletions
diff --git a/src/gpg.c b/src/gpg.c
index 6f7dfb6..71be53c 100644
--- a/src/gpg.c
+++ b/src/gpg.c
@@ -149,7 +149,8 @@ wydawca_gpg_homedir ()
}
static int
-gpg_sig_ok_p (gpgme_ctx_t ctx, gpgme_signature_t sig)
+gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig,
+ struct file_triplet *trp)
{
if (!sig)
return 0;
@@ -169,25 +170,39 @@ gpg_sig_ok_p (gpgme_ctx_t ctx, gpgme_signature_t sig)
case GPG_ERR_NO_ERROR:
if (debug_level)
logmsg (LOG_NOTICE, _("Good signature from %s"), uid);
+ trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr);
+ if (!trp->uploader)
+ {
+ logmsg (LOG_ERR,
+ _("good signature from %s, "
+ "but the uploader info for %s not found"),
+ uid, sig->fpr);
+ return 1;
+ }
break;
case GPG_ERR_BAD_SIGNATURE:
+ UPDATE_STATS (STAT_BAD_SIGNATURE);
logmsg (LOG_ERR, _("BAD signature from %s"), uid);
return 0;
case GPG_ERR_NO_PUBKEY:
+ UPDATE_STATS (STAT_ACCESS_VIOLATIONS);
logmsg (LOG_ERR, _("No public key"));
return 0;
case GPG_ERR_NO_DATA:
+ UPDATE_STATS (STAT_BAD_TRIPLETS);
logmsg (LOG_ERR, _("No signature"));
return 0;
case GPG_ERR_SIG_EXPIRED:
+ UPDATE_STATS (STAT_BAD_SIGNATURE);
logmsg (LOG_ERR, _("Expired signature from %s"), uid);
return 0;
case GPG_ERR_KEY_EXPIRED:
+ UPDATE_STATS (STAT_BAD_SIGNATURE);
logmsg (LOG_ERR, _("Key expired (%s)"), uid);
return 0;
@@ -203,19 +218,35 @@ gpg_sig_ok_p (gpgme_ctx_t ctx, gpgme_signature_t sig)
/* FIXME: spool currently unused */
int
verify_directive_signature (struct file_triplet *trp,
- const struct spool *spool, const char *pubkey)
+ const struct spool *spool)
{
gpgme_ctx_t ctx;
gpgme_data_t key_data, directive_data, plain;
off_t size;
gpgme_error_t ec;
int rc;
-
+ struct uploader_info *uptr;
+
wydawca_gpg_homedir ();
fail_if_err (gpgme_new (&ctx));
- fail_if_err (gpgme_data_new_from_mem (&key_data, pubkey, strlen (pubkey),
- 0));
- fail_if_err (gpgme_op_import (ctx, key_data));
+
+ for (uptr = trp->uploader_list; uptr; uptr = uptr->next)
+ {
+ gpgme_import_result_t res;
+ gpgme_import_status_t pstat;
+
+ fail_if_err (gpgme_data_new_from_mem (&key_data,
+ uptr->gpg_key,
+ strlen (uptr->gpg_key),
+ 0));
+ fail_if_err (gpgme_op_import (ctx, key_data));
+ res = gpgme_op_import_result (ctx);
+ pstat = res->imports;
+ uptr->fpr = xstrdup (pstat->fpr);
+ if (debug_level > 2)
+ logmsg (LOG_DEBUG, _("imported key: user = %s, fingerprint = %s"),
+ uptr->name, uptr->fpr);
+ }
fail_if_err (gpgme_data_new_from_file (&directive_data,
trp->file[file_directive].name, 1));
@@ -225,22 +256,15 @@ verify_directive_signature (struct file_triplet *trp,
{
gpgme_verify_result_t result;
- size = gpgme_data_seek (plain, 0, SEEK_END);
- gpgme_data_seek (plain, 0, SEEK_SET);
- trp->blurb = xmalloc (size + 1);
- gpgme_data_read (plain, trp->blurb, size);
- trp->blurb[size] = 0;
- gpgme_data_release (plain);
-
- rc = directive_parse (trp);
-
result = gpgme_op_verify_result (ctx);
- if (!gpg_sig_ok_p (ctx, result->signatures))
+ if (!gpg_verify_signature (ctx, result->signatures, trp))
{
UPDATE_STATS (STAT_BAD_SIGNATURE);
notify (spool->notification, trp, ev_bad_directive_signature);
rc = 1;
}
+ else
+ rc = 0;
}
else
{

Return to:

Send suggestions and report system problems to the System administrator.