1 /* tdbio.c - trust database I/O operations
2 * Copyright (C) 1998-2002, 2012 Free Software Foundation, Inc.
3 * Copyright (C) 1998-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
26 #include <sys/types.h>
41 #if defined(HAVE_DOSISH_SYSTEM) && !defined(ftruncate)
42 #define ftruncate chsize
45 #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
46 #define MY_O_BINARY O_BINARY
51 /* We use ERRNO despite that the cegcc provided open/read/write
52 functions don't set ERRNO - at least show that ERRNO does not make
54 #ifdef HAVE_W32CE_SYSTEM
56 #define strerror(a) ("[errno not available]")
60 * Yes, this is a very simple implementation. We should really
61 * use a page aligned buffer and read complete pages.
62 * To implement a simple trannsaction system, this is sufficient.
64 typedef struct cache_ctrl_struct *CACHE_CTRL;
65 struct cache_ctrl_struct
73 char data[TRUST_RECORD_LEN];
76 /* Size of the cache. The SOFT value is the general one. While in a
77 transaction this may not be sufficient and thus we may increase it
78 then up to the HARD limit. */
79 #define MAX_CACHE_ENTRIES_SOFT 200
80 #define MAX_CACHE_ENTRIES_HARD 10000
83 /* The cache is controlled by these variables. */
84 static CACHE_CTRL cache_list;
85 static int cache_entries;
86 static int cache_is_dirty;
89 /* An object to pass information to cmp_krec_fpr. */
90 struct cmp_krec_fpr_struct
97 /* An object used to pass information to cmp_[s]dir. */
98 struct cmp_xdir_struct
105 /* The name of the trustdb file. */
106 static char *db_name;
108 /* The handle for locking the trustdb file and a flag to record
109 whether a lock has been taken. */
110 static dotlock_t lockhandle;
111 static int is_locked;
113 /* The file descriptor of the trustdb. */
114 static int db_fd = -1;
116 /* A flag indicating that a transaction is active. */
117 static int in_transaction;
121 static void open_db (void);
122 static void create_hashtable (TRUSTREC *vr, int type);
127 * Take a lock on the trustdb file name. I a lock file can't be
128 * created the function terminates the process. Excvept for a
129 * different return code the function does nothing if the lock has
130 * already been taken.
132 * Returns: True if lock already exists, False if the lock has
133 * actually been taken.
136 take_write_lock (void)
139 lockhandle = dotlock_create (db_name, 0);
141 log_fatal ( _("can't create lock for '%s'\n"), db_name );
145 if (dotlock_take (lockhandle, -1) )
146 log_fatal ( _("can't lock '%s'\n"), db_name );
157 * Release a lock from the trustdb file unless the global option
158 * --lock-once has been used.
161 release_write_lock (void)
164 if (!dotlock_release (lockhandle))
168 /*************************************
169 ************* record cache **********
170 *************************************/
173 * Get the data from the record cache and return a pointer into that
174 * cache. Caller should copy the returned data. NULL is returned on
178 get_record_from_cache (ulong recno)
182 for (r = cache_list; r; r = r->next)
184 if (r->flags.used && r->recno == recno)
192 * Write a cached item back to the trustdb file.
194 * Returns: 0 on success or an error code.
197 write_cache_item (CACHE_CTRL r)
202 if (lseek (db_fd, r->recno * TRUST_RECORD_LEN, SEEK_SET) == -1)
204 err = gpg_error_from_syserror ();
205 log_error (_("trustdb rec %lu: lseek failed: %s\n"),
206 r->recno, strerror (errno));
209 n = write (db_fd, r->data, TRUST_RECORD_LEN);
210 if (n != TRUST_RECORD_LEN)
212 err = gpg_error_from_syserror ();
213 log_error (_("trustdb rec %lu: write failed (n=%d): %s\n"),
214 r->recno, n, strerror (errno) );
223 * Put data into the cache. This function may flush
224 * some cache entries if the cache is filled up.
226 * Returns: 0 on success or an error code.
229 put_record_into_cache (ulong recno, const char *data)
231 CACHE_CTRL r, unused;
235 /* See whether we already cached this one. */
236 for (unused = NULL, r = cache_list; r; r = r->next)
243 else if (r->recno == recno)
247 /* Hmmm: should we use a copy and compare? */
248 if (memcmp (r->data, data, TRUST_RECORD_LEN))
254 memcpy (r->data, data, TRUST_RECORD_LEN);
266 /* Not in the cache: add a new entry. */
269 /* Reuse this entry. */
273 memcpy (r->data, data, TRUST_RECORD_LEN);
280 /* See whether we reached the limit. */
281 if (cache_entries < MAX_CACHE_ENTRIES_SOFT)
283 /* No: Put into cache. */
284 r = xmalloc (sizeof *r);
287 memcpy (r->data, data, TRUST_RECORD_LEN);
289 r->next = cache_list;
296 /* Cache is full: discard some clean entries. */
301 /* We discard a third of the clean entries. */
306 for (unused = NULL, r = cache_list; r; r = r->next)
308 if (r->flags.used && !r->flags.dirty)
319 /* Now put into the cache. */
324 memcpy (r->data, data, TRUST_RECORD_LEN);
331 /* No clean entries: We have to flush some dirty entries. */
334 /* But we can't do this while in a transaction. Thus we
335 * increase the cache size instead. */
336 if (cache_entries < MAX_CACHE_ENTRIES_HARD)
338 if (opt.debug && !(cache_entries % 100))
339 log_debug ("increasing tdbio cache size\n");
340 r = xmalloc (sizeof *r);
343 memcpy (r->data, data, TRUST_RECORD_LEN);
345 r->next = cache_list;
351 /* Hard limit for the cache size reached. */
352 log_info (_("trustdb transaction too large\n"));
353 return GPG_ERR_RESOURCE_LIMIT;
360 /* Discard some dirty entries. */
366 for (unused = NULL, r = cache_list; r; r = r->next)
368 if (r->flags.used && r->flags.dirty)
372 rc = write_cache_item (r);
383 release_write_lock ();
385 /* Now put into the cache. */
390 memcpy (r->data, data, TRUST_RECORD_LEN);
397 /* We should never reach this. */
402 /* Return true if the cache is dirty. */
406 return cache_is_dirty;
411 * Flush the cache. This cannot be used while in a transaction.
422 log_bug("tdbio: syncing while in transaction\n");
424 if( !cache_is_dirty )
427 if (!take_write_lock ())
430 for( r = cache_list; r; r = r->next ) {
431 if( r->flags.used && r->flags.dirty ) {
432 int rc = write_cache_item( r );
439 release_write_lock ();
445 #if 0 /* Not yet used. */
447 * Simple transactions system:
448 * Everything between begin_transaction and end/cancel_transaction
449 * is not immediately written but at the time of end_transaction.
451 * NOTE: The transaction code is disabled in the 1.2 branch, as it is
455 tdbio_begin_transaction () /* Not yet used. */
460 log_bug ("tdbio: nested transactions\n");
461 /* Flush everything out. */
470 tdbio_end_transaction () /* Not yet used. */
475 log_bug ("tdbio: no active transaction\n");
477 gnupg_block_all_signals ();
480 gnupg_unblock_all_signals();
481 release_write_lock ();
486 tdbio_cancel_transaction () /* Not yet used. */
491 log_bug ("tdbio: no active transaction\n");
493 /* Remove all dirty marked entries, so that the original ones are
494 * read back the next time. */
497 for (r = cache_list; r; r = r->next)
499 if (r->flags.used && r->flags.dirty)
511 #endif /* Not yet used. */
515 /********************************************************
516 **************** cached I/O functions ******************
517 ********************************************************/
519 /* The cleanup handler for this module. */
525 if (!dotlock_release (lockhandle))
532 * Update an existing trustdb record. The caller must call
535 * Returns: 0 on success or an error code.
538 tdbio_update_version_record (void)
543 memset (&rec, 0, sizeof rec);
545 rc = tdbio_read_record (0, &rec, RECTYPE_VER);
548 rec.r.ver.created = make_timestamp();
549 rec.r.ver.marginals = opt.marginals_needed;
550 rec.r.ver.completes = opt.completes_needed;
551 rec.r.ver.cert_depth = opt.max_cert_depth;
552 rec.r.ver.trust_model = opt.trust_model;
553 rec.r.ver.min_cert_level = opt.min_cert_level;
554 rc=tdbio_write_record(&rec);
562 * Create and write the trustdb version record.
564 * Returns: 0 on success or an error code.
567 create_version_record (void)
572 memset (&rec, 0, sizeof rec);
573 rec.r.ver.version = 3;
574 rec.r.ver.created = make_timestamp ();
575 rec.r.ver.marginals = opt.marginals_needed;
576 rec.r.ver.completes = opt.completes_needed;
577 rec.r.ver.cert_depth = opt.max_cert_depth;
578 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
579 rec.r.ver.trust_model = opt.trust_model;
581 rec.r.ver.trust_model = TM_PGP;
582 rec.r.ver.min_cert_level = opt.min_cert_level;
583 rec.rectype = RECTYPE_VER;
585 rc = tdbio_write_record (&rec);
591 create_hashtable (&rec, 0);
598 * Set the file name for the trustdb to NEW_DBNAME and if CREATE is
599 * true create that file. If NEW_DBNAME is NULL a default name is
600 * used, if the it does not contain a path component separator ('/')
601 * the global GnuPG home directory is used.
603 * Returns: 0 on success or an error code.
605 * On the first call this function registers an atexit handler.
609 tdbio_set_dbname (const char *new_dbname, int create, int *r_nofile)
613 static int initialized = 0;
626 fname = make_filename (gnupg_homedir (),
627 "trustdb" EXTSEP_S GPGEXT_GPG, NULL);
629 else if (*new_dbname != DIRSEP_C )
631 if (strchr (new_dbname, DIRSEP_C))
632 fname = make_filename (new_dbname, NULL);
634 fname = make_filename (gnupg_homedir (), new_dbname, NULL);
638 fname = xstrdup (new_dbname);
644 /* Quick check for (likely) case where there already is a
645 * trustdb.gpg. This check is not required in theory, but it helps
646 * in practice avoiding costly operations of preparing and taking
648 if (!stat (fname, &statbuf) && statbuf.st_size > 0)
650 /* OK, we have the valid trustdb.gpg already. */
659 /* Here comes: No valid trustdb.gpg AND CREATE==1 */
662 * Make sure the directory exists. This should be done before
663 * acquiring the lock, which assumes the existence of the directory.
665 p = strrchr (fname, DIRSEP_C);
668 /* Windows may either have a slash or a backslash. Take
670 char *pp = strrchr (fname, '/');
674 #endif /*HAVE_W32_SYSTEM*/
678 if (access (fname, F_OK))
680 try_make_homedir (fname);
681 if (access (fname, F_OK))
682 log_fatal (_("%s: directory does not exist!\n"), fname);
688 if (access (fname, R_OK) || stat (fname, &statbuf) || statbuf.st_size == 0)
695 #ifdef HAVE_W32CE_SYSTEM
696 /* We know how the cegcc implementation of access works ;-). */
697 if (GetLastError () == ERROR_FILE_NOT_FOUND)
698 gpg_err_set_errno (ENOENT);
700 gpg_err_set_errno (EIO);
701 #endif /*HAVE_W32CE_SYSTEM*/
702 if (errno && errno != ENOENT)
703 log_fatal ( _("can't access '%s': %s\n"), fname, strerror (errno));
705 oldmask = umask (077);
706 if (is_secured_filename (fname))
709 gpg_err_set_errno (EPERM);
712 fp = fopen (fname, "wb");
715 log_fatal (_("can't create '%s': %s\n"), fname, strerror (errno));
718 db_fd = open (db_name, O_RDWR | MY_O_BINARY);
720 log_fatal (_("can't open '%s': %s\n"), db_name, strerror (errno));
722 rc = create_version_record ();
724 log_fatal (_("%s: failed to create version record: %s"),
725 fname, gpg_strerror (rc));
727 /* Read again to check that we are okay. */
728 if (tdbio_read_record (0, &rec, RECTYPE_VER))
729 log_fatal (_("%s: invalid trustdb created\n"), db_name);
732 log_info (_("%s: trustdb created\n"), db_name);
735 release_write_lock ();
741 * Return the full name of the trustdb.
751 * Open the trustdb. This may only be called if it has not yet been
752 * opened and after a successful call to tdbio_set_dbname. On return
753 * the trustdb handle (DB_FD) is guaranteed to be open.
760 log_assert( db_fd == -1 );
762 #ifdef HAVE_W32CE_SYSTEM
765 wchar_t *wname = utf8_to_wchar (db_name);
768 db_fd = (int)CreateFile (wname, GENERIC_READ|GENERIC_WRITE,
769 FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
770 OPEN_EXISTING, 0, NULL);
774 log_fatal ("can't open '%s': %d, %d\n", db_name,
775 (int)prevrc, (int)GetLastError ());
777 #else /*!HAVE_W32CE_SYSTEM*/
778 db_fd = open (db_name, O_RDWR | MY_O_BINARY );
779 if (db_fd == -1 && (errno == EACCES
785 /* Take care of read-only trustdbs. */
786 db_fd = open (db_name, O_RDONLY | MY_O_BINARY );
787 if (db_fd != -1 && !opt.quiet)
788 log_info (_("Note: trustdb not writable\n"));
791 log_fatal( _("can't open '%s': %s\n"), db_name, strerror(errno) );
792 #endif /*!HAVE_W32CE_SYSTEM*/
793 register_secured_file (db_name);
795 /* Read the version record. */
796 if (tdbio_read_record (0, &rec, RECTYPE_VER ) )
797 log_fatal( _("%s: invalid trustdb\n"), db_name );
802 * Append a new empty hashtable to the trustdb. TYPE gives the type
803 * of the hash table. The only defined type is 0 for a trust hash.
804 * On return the hashtable has been created, written, the version
805 * record update, and the data flushed to the disk. On a fatal error
806 * the function terminates the process.
809 create_hashtable( TRUSTREC *vr, int type )
816 offset = lseek (db_fd, 0, SEEK_END);
818 log_fatal ("trustdb: lseek to end failed: %s\n", strerror(errno));
819 recnum = offset / TRUST_RECORD_LEN;
820 log_assert (recnum); /* This is will never be the first record. */
823 vr->r.ver.trusthashtbl = recnum;
825 /* Now write the records making up the hash table. */
826 n = (256+ITEMS_PER_HTBL_RECORD-1) / ITEMS_PER_HTBL_RECORD;
827 for (i=0; i < n; i++, recnum++)
829 memset (&rec, 0, sizeof rec);
830 rec.rectype = RECTYPE_HTBL;
832 rc = tdbio_write_record (&rec);
834 log_fatal (_("%s: failed to create hashtable: %s\n"),
835 db_name, gpg_strerror (rc));
837 /* Update the version record and flush. */
838 rc = tdbio_write_record (vr);
842 log_fatal (_("%s: error updating version record: %s\n"),
843 db_name, gpg_strerror (rc));
848 * Check whether open trustdb matches the global trust options given
849 * for this process. On a read problem the process is terminated.
851 * Return: 1 for yes, 0 for no.
854 tdbio_db_matches_options()
856 static int yes_no = -1;
863 rc = tdbio_read_record (0, &vr, RECTYPE_VER);
865 log_fatal( _("%s: error reading version record: %s\n"),
866 db_name, gpg_strerror (rc) );
868 yes_no = vr.r.ver.marginals == opt.marginals_needed
869 && vr.r.ver.completes == opt.completes_needed
870 && vr.r.ver.cert_depth == opt.max_cert_depth
871 && vr.r.ver.trust_model == opt.trust_model
872 && vr.r.ver.min_cert_level == opt.min_cert_level;
880 * Read and return the trust model identifier from the trustdb. On a
881 * read problem the process is terminated.
884 tdbio_read_model (void)
889 rc = tdbio_read_record (0, &vr, RECTYPE_VER );
891 log_fatal (_("%s: error reading version record: %s\n"),
892 db_name, gpg_strerror (rc) );
893 return vr.r.ver.trust_model;
898 * Read and return the nextstamp value from the trustdb. On a read
899 * problem the process is terminated.
902 tdbio_read_nextcheck ()
907 rc = tdbio_read_record (0, &vr, RECTYPE_VER);
909 log_fatal (_("%s: error reading version record: %s\n"),
910 db_name, gpg_strerror (rc));
911 return vr.r.ver.nextcheck;
916 * Write the STAMP nextstamp timestamp to the trustdb. On a read or
917 * write problem the process is terminated.
919 * Return: True if the stamp actually changed.
922 tdbio_write_nextcheck (ulong stamp)
927 rc = tdbio_read_record (0, &vr, RECTYPE_VER);
929 log_fatal (_("%s: error reading version record: %s\n"),
930 db_name, gpg_strerror (rc));
932 if (vr.r.ver.nextcheck == stamp)
935 vr.r.ver.nextcheck = stamp;
936 rc = tdbio_write_record( &vr );
938 log_fatal (_("%s: error writing version record: %s\n"),
939 db_name, gpg_strerror (rc));
946 * Return the record number of the trusthash table or create one if it
947 * does not yet exist. On a read or write problem the process is
950 * Return: record number
953 get_trusthashrec(void)
955 static ulong trusthashtbl; /* Record number of the trust hashtable. */
962 rc = tdbio_read_record (0, &vr, RECTYPE_VER );
964 log_fatal (_("%s: error reading version record: %s\n"),
965 db_name, gpg_strerror (rc) );
967 trusthashtbl = vr.r.ver.trusthashtbl;
976 * Update a hashtable in the trustdb. TABLE gives the start of the
977 * table, KEY and KEYLEN are the key, NEWRECNUM is the record number
978 * to insert into the table.
980 * Return: 0 on success or an error code.
983 upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
985 TRUSTREC lastrec, rec;
994 hashrec += msb / ITEMS_PER_HTBL_RECORD;
995 rc = tdbio_read_record (hashrec, &rec, RECTYPE_HTBL);
998 log_error ("upd_hashtable: read failed: %s\n", gpg_strerror (rc));
1002 item = rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
1003 if (!item) /* Insert a new item into the hash table. */
1005 rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = newrecnum;
1006 rc = tdbio_write_record (&rec);
1009 log_error ("upd_hashtable: write htbl failed: %s\n",
1014 else if (item != newrecnum) /* Must do an update. */
1017 rc = tdbio_read_record (item, &rec, 0);
1020 log_error ("upd_hashtable: read item failed: %s\n",
1025 if (rec.rectype == RECTYPE_HTBL)
1029 if (level >= keylen)
1031 log_error ("hashtable has invalid indirections.\n");
1032 return GPG_ERR_TRUSTDB;
1036 else if (rec.rectype == RECTYPE_HLST) /* Extend the list. */
1038 /* Check whether the key is already in this list. */
1041 for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
1043 if (rec.r.hlst.rnum[i] == newrecnum)
1045 return 0; /* Okay, already in the list. */
1048 if (rec.r.hlst.next)
1050 rc = tdbio_read_record (rec.r.hlst.next, &rec, RECTYPE_HLST);
1053 log_error ("upd_hashtable: read hlst failed: %s\n",
1054 gpg_strerror (rc) );
1059 break; /* key is not in the list */
1062 /* Find the next free entry and put it in. */
1065 for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
1067 if (!rec.r.hlst.rnum[i])
1069 /* Empty slot found. */
1070 rec.r.hlst.rnum[i] = newrecnum;
1071 rc = tdbio_write_record (&rec);
1073 log_error ("upd_hashtable: write hlst failed: %s\n",
1075 return rc; /* Done. */
1079 if (rec.r.hlst.next)
1081 /* read the next reord of the list. */
1082 rc = tdbio_read_record (rec.r.hlst.next, &rec, RECTYPE_HLST);
1085 log_error ("upd_hashtable: read hlst failed: %s\n",
1092 /* Append a new record to the list. */
1093 rec.r.hlst.next = item = tdbio_new_recnum ();
1094 rc = tdbio_write_record (&rec);
1097 log_error ("upd_hashtable: write hlst failed: %s\n",
1101 memset (&rec, 0, sizeof rec);
1102 rec.rectype = RECTYPE_HLST;
1104 rec.r.hlst.rnum[0] = newrecnum;
1105 rc = tdbio_write_record (&rec);
1107 log_error ("upd_hashtable: write ext hlst failed: %s\n",
1109 return rc; /* Done. */
1111 } /* end loop over list slots */
1114 else if (rec.rectype == RECTYPE_TRUST) /* Insert a list record. */
1116 if (rec.recnum == newrecnum)
1120 item = rec.recnum; /* Save number of key record. */
1121 memset (&rec, 0, sizeof rec);
1122 rec.rectype = RECTYPE_HLST;
1123 rec.recnum = tdbio_new_recnum ();
1124 rec.r.hlst.rnum[0] = item; /* Old key record */
1125 rec.r.hlst.rnum[1] = newrecnum; /* and new key record */
1126 rc = tdbio_write_record (&rec);
1129 log_error( "upd_hashtable: write new hlst failed: %s\n",
1130 gpg_strerror (rc) );
1133 /* Update the hashtable record. */
1134 lastrec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = rec.recnum;
1135 rc = tdbio_write_record (&lastrec);
1137 log_error ("upd_hashtable: update htbl failed: %s\n",
1139 return rc; /* Ready. */
1143 log_error ("hashtbl %lu: %lu/%d points to an invalid record %lu\n",
1144 table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
1145 if (opt.verbose > 1)
1146 list_trustdb (es_stderr, NULL);
1147 return GPG_ERR_TRUSTDB;
1156 * Drop an entry from a hashtable. TABLE gives the start of the
1157 * table, KEY and KEYLEN are the key.
1159 * Return: 0 on success or an error code.
1162 drop_from_hashtable (ulong table, byte *key, int keylen, ulong recnum)
1165 ulong hashrec, item;
1173 hashrec += msb / ITEMS_PER_HTBL_RECORD;
1174 rc = tdbio_read_record (hashrec, &rec, RECTYPE_HTBL );
1177 log_error ("drop_from_hashtable: read failed: %s\n", gpg_strerror (rc));
1181 item = rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
1183 return 0; /* Not found - forget about it. */
1185 if (item == recnum) /* Table points direct to the record. */
1187 rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = 0;
1188 rc = tdbio_write_record( &rec );
1190 log_error ("drop_from_hashtable: write htbl failed: %s\n",
1195 rc = tdbio_read_record (item, &rec, 0);
1198 log_error ("drop_from_hashtable: read item failed: %s\n",
1203 if (rec.rectype == RECTYPE_HTBL)
1207 if (level >= keylen)
1209 log_error ("hashtable has invalid indirections.\n");
1210 return GPG_ERR_TRUSTDB;
1215 if (rec.rectype == RECTYPE_HLST)
1219 for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
1221 if (rec.r.hlst.rnum[i] == recnum)
1223 rec.r.hlst.rnum[i] = 0; /* Mark as free. */
1224 rc = tdbio_write_record (&rec);
1226 log_error("drop_from_hashtable: write htbl failed: %s\n",
1231 if (rec.r.hlst.next)
1233 rc = tdbio_read_record (rec.r.hlst.next, &rec, RECTYPE_HLST);
1236 log_error ("drop_from_hashtable: read hlst failed: %s\n",
1242 return 0; /* Key not in table. */
1246 log_error ("hashtbl %lu: %lu/%d points to wrong record %lu\n",
1247 table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
1248 return GPG_ERR_TRUSTDB;
1254 * Lookup a record via the hashtable TABLE by (KEY,KEYLEN) and return
1255 * the result in REC. The return value of CMP() should be True if the
1256 * record is the desired one.
1258 * Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code.
1261 lookup_hashtable (ulong table, const byte *key, size_t keylen,
1262 int (*cmpfnc)(const void*, const TRUSTREC *),
1263 const void *cmpdata, TRUSTREC *rec )
1266 ulong hashrec, item;
1273 hashrec += msb / ITEMS_PER_HTBL_RECORD;
1274 rc = tdbio_read_record (hashrec, rec, RECTYPE_HTBL);
1277 log_error("lookup_hashtable failed: %s\n", gpg_strerror (rc) );
1281 item = rec->r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
1283 return gpg_error (GPG_ERR_NOT_FOUND);
1285 rc = tdbio_read_record (item, rec, 0);
1288 log_error( "hashtable read failed: %s\n", gpg_strerror (rc) );
1291 if (rec->rectype == RECTYPE_HTBL)
1295 if (level >= keylen)
1297 log_error ("hashtable has invalid indirections\n");
1298 return GPG_ERR_TRUSTDB;
1302 else if (rec->rectype == RECTYPE_HLST)
1308 for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
1310 if (rec->r.hlst.rnum[i])
1314 rc = tdbio_read_record (rec->r.hlst.rnum[i], &tmp, 0);
1317 log_error ("lookup_hashtable: read item failed: %s\n",
1321 if ((*cmpfnc)(cmpdata, &tmp))
1328 if (rec->r.hlst.next)
1330 rc = tdbio_read_record (rec->r.hlst.next, rec, RECTYPE_HLST);
1333 log_error ("lookup_hashtable: read hlst failed: %s\n",
1334 gpg_strerror (rc) );
1339 return gpg_error (GPG_ERR_NOT_FOUND);
1343 if ((*cmpfnc)(cmpdata, rec))
1344 return 0; /* really found */
1346 return gpg_error (GPG_ERR_NOT_FOUND); /* no: not found */
1351 * Update the trust hash table TR or create the table if it does not
1354 * Return: 0 on success or an error code.
1357 update_trusthashtbl( TRUSTREC *tr )
1359 return upd_hashtable (get_trusthashrec(),
1360 tr->r.trust.fingerprint, 20, tr->recnum);
1365 * Dump the trustdb record REC to stream FP.
1368 tdbio_dump_record (TRUSTREC *rec, estream_t fp)
1371 ulong rnum = rec->recnum;
1373 es_fprintf (fp, "rec %5lu, ", rnum);
1375 switch (rec->rectype)
1378 es_fprintf (fp, "blank\n");
1383 "version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d mcl=%d nc=%lu (%s)\n",
1384 rec->r.ver.trusthashtbl,
1385 rec->r.ver.firstfree,
1386 rec->r.ver.marginals,
1387 rec->r.ver.completes,
1388 rec->r.ver.cert_depth,
1389 rec->r.ver.trust_model,
1390 rec->r.ver.min_cert_level,
1391 rec->r.ver.nextcheck,
1392 strtimestamp(rec->r.ver.nextcheck)
1397 es_fprintf (fp, "free, next=%lu\n", rec->r.free.next);
1401 es_fprintf (fp, "htbl,");
1402 for (i=0; i < ITEMS_PER_HTBL_RECORD; i++)
1403 es_fprintf (fp, " %lu", rec->r.htbl.item[i]);
1408 es_fprintf (fp, "hlst, next=%lu,", rec->r.hlst.next);
1409 for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
1410 es_fprintf (fp, " %lu", rec->r.hlst.rnum[i]);
1415 es_fprintf (fp, "trust ");
1416 for (i=0; i < 20; i++)
1417 es_fprintf (fp, "%02X", rec->r.trust.fingerprint[i]);
1418 es_fprintf (fp, ", ot=%d, d=%d, vl=%lu\n", rec->r.trust.ownertrust,
1419 rec->r.trust.depth, rec->r.trust.validlist);
1423 es_fprintf (fp, "valid ");
1424 for (i=0; i < 20; i++)
1425 es_fprintf(fp, "%02X", rec->r.valid.namehash[i]);
1426 es_fprintf (fp, ", v=%d, next=%lu\n", rec->r.valid.validity,
1431 es_fprintf (fp, "unknown type %d\n", rec->rectype );
1438 * Read the record with number RECNUM into the structure REC. If
1439 * EXPECTED is not 0 reading any other record type will return an
1442 * Return: 0 on success, -1 on EOF, or an error code.
1445 tdbio_read_record (ulong recnum, TRUSTREC *rec, int expected)
1447 byte readbuf[TRUST_RECORD_LEN];
1448 const byte *buf, *p;
1449 gpg_error_t err = 0;
1455 buf = get_record_from_cache( recnum );
1458 if (lseek (db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET) == -1)
1460 err = gpg_error_from_syserror ();
1461 log_error (_("trustdb: lseek failed: %s\n"), strerror (errno));
1464 n = read (db_fd, readbuf, TRUST_RECORD_LEN);
1467 return -1; /* eof */
1469 else if (n != TRUST_RECORD_LEN)
1471 err = gpg_error_from_syserror ();
1472 log_error (_("trustdb: read failed (n=%d): %s\n"),
1473 n, strerror(errno));
1478 rec->recnum = recnum;
1481 rec->rectype = *p++;
1482 if (expected && rec->rectype != expected)
1484 log_error ("%lu: read expected rec type %d, got %d\n",
1485 recnum, expected, rec->rectype);
1486 return gpg_error (GPG_ERR_TRUSTDB);
1488 p++; /* Skip reserved byte. */
1489 switch (rec->rectype)
1491 case 0: /* unused (free) record */
1494 case RECTYPE_VER: /* version record */
1495 if (memcmp(buf+1, GPGEXT_GPG, 3))
1497 log_error (_("%s: not a trustdb file\n"), db_name );
1498 err = gpg_error (GPG_ERR_TRUSTDB);
1502 p += 2; /* skip "gpg" */
1503 rec->r.ver.version = *p++;
1504 rec->r.ver.marginals = *p++;
1505 rec->r.ver.completes = *p++;
1506 rec->r.ver.cert_depth = *p++;
1507 rec->r.ver.trust_model = *p++;
1508 rec->r.ver.min_cert_level = *p++;
1510 rec->r.ver.created = buf32_to_ulong(p);
1512 rec->r.ver.nextcheck = buf32_to_ulong(p);
1516 rec->r.ver.firstfree = buf32_to_ulong(p);
1519 rec->r.ver.trusthashtbl = buf32_to_ulong(p);
1522 log_error( _("%s: version record with recnum %lu\n"), db_name,
1524 err = gpg_error (GPG_ERR_TRUSTDB);
1526 else if (rec->r.ver.version != 3)
1528 log_error( _("%s: invalid file version %d\n"), db_name,
1529 rec->r.ver.version );
1530 err = gpg_error (GPG_ERR_TRUSTDB);
1536 rec->r.free.next = buf32_to_ulong(p);
1540 for (i=0; i < ITEMS_PER_HTBL_RECORD; i++)
1542 rec->r.htbl.item[i] = buf32_to_ulong(p);
1548 rec->r.hlst.next = buf32_to_ulong(p);
1550 for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
1552 rec->r.hlst.rnum[i] = buf32_to_ulong(p);
1558 memcpy (rec->r.trust.fingerprint, p, 20);
1560 rec->r.trust.ownertrust = *p++;
1561 rec->r.trust.depth = *p++;
1562 rec->r.trust.min_ownertrust = *p++;
1564 rec->r.trust.validlist = buf32_to_ulong(p);
1568 memcpy (rec->r.valid.namehash, p, 20);
1570 rec->r.valid.validity = *p++;
1571 rec->r.valid.next = buf32_to_ulong(p);
1573 rec->r.valid.full_count = *p++;
1574 rec->r.valid.marginal_count = *p++;
1578 log_error ("%s: invalid record type %d at recnum %lu\n",
1579 db_name, rec->rectype, (ulong)recnum);
1580 err = gpg_error (GPG_ERR_TRUSTDB);
1589 * Write the record from the struct REC.
1591 * Return: 0 on success or an error code.
1594 tdbio_write_record( TRUSTREC *rec )
1596 byte buf[TRUST_RECORD_LEN];
1600 ulong recnum = rec->recnum;
1605 memset (buf, 0, TRUST_RECORD_LEN);
1607 *p++ = rec->rectype; p++;
1609 switch (rec->rectype)
1611 case 0: /* unused record */
1614 case RECTYPE_VER: /* version record */
1617 memcpy(p-1, GPGEXT_GPG, 3 ); p += 2;
1618 *p++ = rec->r.ver.version;
1619 *p++ = rec->r.ver.marginals;
1620 *p++ = rec->r.ver.completes;
1621 *p++ = rec->r.ver.cert_depth;
1622 *p++ = rec->r.ver.trust_model;
1623 *p++ = rec->r.ver.min_cert_level;
1625 ulongtobuf(p, rec->r.ver.created); p += 4;
1626 ulongtobuf(p, rec->r.ver.nextcheck); p += 4;
1629 ulongtobuf(p, rec->r.ver.firstfree ); p += 4;
1631 ulongtobuf(p, rec->r.ver.trusthashtbl ); p += 4;
1635 ulongtobuf(p, rec->r.free.next); p += 4;
1639 for (i=0; i < ITEMS_PER_HTBL_RECORD; i++)
1641 ulongtobuf( p, rec->r.htbl.item[i]); p += 4;
1646 ulongtobuf( p, rec->r.hlst.next); p += 4;
1647 for (i=0; i < ITEMS_PER_HLST_RECORD; i++ )
1649 ulongtobuf( p, rec->r.hlst.rnum[i]); p += 4;
1654 memcpy (p, rec->r.trust.fingerprint, 20); p += 20;
1655 *p++ = rec->r.trust.ownertrust;
1656 *p++ = rec->r.trust.depth;
1657 *p++ = rec->r.trust.min_ownertrust;
1659 ulongtobuf( p, rec->r.trust.validlist); p += 4;
1663 memcpy (p, rec->r.valid.namehash, 20); p += 20;
1664 *p++ = rec->r.valid.validity;
1665 ulongtobuf( p, rec->r.valid.next); p += 4;
1666 *p++ = rec->r.valid.full_count;
1667 *p++ = rec->r.valid.marginal_count;
1674 rc = put_record_into_cache (recnum, buf);
1677 else if (rec->rectype == RECTYPE_TRUST)
1678 rc = update_trusthashtbl (rec);
1685 * Delete the record at record number RECNUm from the trustdb.
1687 * Return: 0 on success or an error code.
1690 tdbio_delete_record (ulong recnum)
1695 /* Must read the record fist, so we can drop it from the hash tables */
1696 rc = tdbio_read_record (recnum, &rec, 0);
1699 else if (rec.rectype == RECTYPE_TRUST)
1701 rc = drop_from_hashtable (get_trusthashrec(),
1702 rec.r.trust.fingerprint, 20, rec.recnum);
1708 /* Now we can chnage it to a free record. */
1709 rc = tdbio_read_record (0, &vr, RECTYPE_VER);
1711 log_fatal (_("%s: error reading version record: %s\n"),
1712 db_name, gpg_strerror (rc));
1714 rec.recnum = recnum;
1715 rec.rectype = RECTYPE_FREE;
1716 rec.r.free.next = vr.r.ver.firstfree;
1717 vr.r.ver.firstfree = recnum;
1718 rc = tdbio_write_record (&rec);
1720 rc = tdbio_write_record (&vr);
1727 * Create a new record and return its record number.
1737 /* Look for unused records. */
1738 rc = tdbio_read_record (0, &vr, RECTYPE_VER);
1740 log_fatal( _("%s: error reading version record: %s\n"),
1741 db_name, gpg_strerror (rc));
1742 if (vr.r.ver.firstfree)
1744 recnum = vr.r.ver.firstfree;
1745 rc = tdbio_read_record (recnum, &rec, RECTYPE_FREE);
1748 log_error (_("%s: error reading free record: %s\n"),
1749 db_name, gpg_strerror (rc));
1752 /* Update dir record. */
1753 vr.r.ver.firstfree = rec.r.free.next;
1754 rc = tdbio_write_record (&vr);
1757 log_error (_("%s: error writing dir record: %s\n"),
1758 db_name, gpg_strerror (rc));
1761 /* Zero out the new record. */
1762 memset (&rec, 0, sizeof rec);
1763 rec.rectype = 0; /* Mark as unused record (actually already done
1765 rec.recnum = recnum;
1766 rc = tdbio_write_record (&rec);
1768 log_fatal (_("%s: failed to zero a record: %s\n"),
1769 db_name, gpg_strerror (rc));
1771 else /* Not found - append a new record. */
1773 offset = lseek (db_fd, 0, SEEK_END);
1774 if (offset == (off_t)(-1))
1775 log_fatal ("trustdb: lseek to end failed: %s\n", strerror (errno));
1776 recnum = offset / TRUST_RECORD_LEN;
1777 log_assert (recnum); /* this is will never be the first record */
1778 /* We must write a record, so that the next call to this
1779 * function returns another recnum. */
1780 memset (&rec, 0, sizeof rec);
1781 rec.rectype = 0; /* unused record */
1782 rec.recnum = recnum;
1784 if (lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET) == -1)
1786 rc = gpg_error_from_syserror ();
1787 log_error (_("trustdb rec %lu: lseek failed: %s\n"),
1788 recnum, strerror (errno));
1794 n = write (db_fd, &rec, TRUST_RECORD_LEN);
1795 if (n != TRUST_RECORD_LEN)
1797 rc = gpg_error_from_syserror ();
1798 log_error (_("trustdb rec %lu: write failed (n=%d): %s\n"),
1799 recnum, n, strerror (errno));
1804 log_fatal (_("%s: failed to append a record: %s\n"),
1805 db_name, gpg_strerror (rc));
1813 /* Helper function for tdbio_search_trust_byfpr. */
1815 cmp_trec_fpr ( const void *fpr, const TRUSTREC *rec )
1817 return (rec->rectype == RECTYPE_TRUST
1818 && !memcmp (rec->r.trust.fingerprint, fpr, 20));
1823 * Given a 20 byte FINGERPRINT search its trust record and return
1826 * Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code.
1829 tdbio_search_trust_byfpr (const byte *fingerprint, TRUSTREC *rec)
1833 /* Locate the trust record using the hash table */
1834 rc = lookup_hashtable (get_trusthashrec(), fingerprint, 20,
1835 cmp_trec_fpr, fingerprint, rec );
1841 * Given a primary public key object PK search its trust record and
1842 * return that at REC.
1844 * Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code.
1847 tdbio_search_trust_bypk (PKT_public_key *pk, TRUSTREC *rec)
1849 byte fingerprint[MAX_FINGERPRINT_LEN];
1852 fingerprint_from_pk( pk, fingerprint, &fingerlen );
1853 for (; fingerlen < 20; fingerlen++)
1854 fingerprint[fingerlen] = 0;
1855 return tdbio_search_trust_byfpr (fingerprint, rec);
1860 * Terminate the process with a message about a corrupted trustdb.
1863 tdbio_invalid (void)
1865 log_error (_("Error: The trustdb is corrupted.\n"));
1866 how_to_fix_the_trustdb ();