diff options
Diffstat (limited to 'src/gpg.c')
-rw-r--r-- | src/gpg.c | 56 |
1 files changed, 40 insertions, 16 deletions
@@ -149,7 +149,8 @@ wydawca_gpg_homedir () } static int -gpg_sig_ok_p (gpgme_ctx_t ctx, gpgme_signature_t sig) +gpg_verify_signature (gpgme_ctx_t ctx, gpgme_signature_t sig, + struct file_triplet *trp) { if (!sig) return 0; @@ -169,25 +170,39 @@ gpg_sig_ok_p (gpgme_ctx_t ctx, gpgme_signature_t sig) case GPG_ERR_NO_ERROR: if (debug_level) logmsg (LOG_NOTICE, _("Good signature from %s"), uid); + trp->uploader = uploader_find_frp (trp->uploader_list, sig->fpr); + if (!trp->uploader) + { + logmsg (LOG_ERR, + _("good signature from %s, " + "but the uploader info for %s not found"), + uid, sig->fpr); + return 1; + } break; case GPG_ERR_BAD_SIGNATURE: + UPDATE_STATS (STAT_BAD_SIGNATURE); logmsg (LOG_ERR, _("BAD signature from %s"), uid); return 0; case GPG_ERR_NO_PUBKEY: + UPDATE_STATS (STAT_ACCESS_VIOLATIONS); logmsg (LOG_ERR, _("No public key")); return 0; case GPG_ERR_NO_DATA: + UPDATE_STATS (STAT_BAD_TRIPLETS); logmsg (LOG_ERR, _("No signature")); return 0; case GPG_ERR_SIG_EXPIRED: + UPDATE_STATS (STAT_BAD_SIGNATURE); logmsg (LOG_ERR, _("Expired signature from %s"), uid); return 0; case GPG_ERR_KEY_EXPIRED: + UPDATE_STATS (STAT_BAD_SIGNATURE); logmsg (LOG_ERR, _("Key expired (%s)"), uid); return 0; @@ -203,19 +218,35 @@ gpg_sig_ok_p (gpgme_ctx_t ctx, gpgme_signature_t sig) /* FIXME: spool currently unused */ int verify_directive_signature (struct file_triplet *trp, - const struct spool *spool, const char *pubkey) + const struct spool *spool) { gpgme_ctx_t ctx; gpgme_data_t key_data, directive_data, plain; off_t size; gpgme_error_t ec; int rc; - + struct uploader_info *uptr; + wydawca_gpg_homedir (); fail_if_err (gpgme_new (&ctx)); - fail_if_err (gpgme_data_new_from_mem (&key_data, pubkey, strlen (pubkey), - 0)); - fail_if_err (gpgme_op_import (ctx, key_data)); + + for (uptr = trp->uploader_list; uptr; uptr = uptr->next) + { + gpgme_import_result_t res; + gpgme_import_status_t pstat; + + fail_if_err (gpgme_data_new_from_mem (&key_data, + uptr->gpg_key, + strlen (uptr->gpg_key), + 0)); + fail_if_err (gpgme_op_import (ctx, key_data)); + res = gpgme_op_import_result (ctx); + pstat = res->imports; + uptr->fpr = xstrdup (pstat->fpr); + if (debug_level > 2) + logmsg (LOG_DEBUG, _("imported key: user = %s, fingerprint = %s"), + uptr->name, uptr->fpr); + } fail_if_err (gpgme_data_new_from_file (&directive_data, trp->file[file_directive].name, 1)); @@ -225,22 +256,15 @@ verify_directive_signature (struct file_triplet *trp, { gpgme_verify_result_t result; - size = gpgme_data_seek (plain, 0, SEEK_END); - gpgme_data_seek (plain, 0, SEEK_SET); - trp->blurb = xmalloc (size + 1); - gpgme_data_read (plain, trp->blurb, size); - trp->blurb[size] = 0; - gpgme_data_release (plain); - - rc = directive_parse (trp); - result = gpgme_op_verify_result (ctx); - if (!gpg_sig_ok_p (ctx, result->signatures)) + if (!gpg_verify_signature (ctx, result->signatures, trp)) { UPDATE_STATS (STAT_BAD_SIGNATURE); notify (spool->notification, trp, ev_bad_directive_signature); rc = 1; } + else + rc = 0; } else { |