1 From: "Neal H. Walfield" <neal@g10code.com>
2 Date: Thu, 2 Feb 2017 13:24:57 +0100
3 Subject: gpg: Only print out TOFU statistics for conflicts in interactive mode
5 * g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP. If
6 they are not NULL, return the policy and conflict set (if there is
7 one), respectively. Update callers. If MAY_ASK is FALSE, don't print
9 (tofu_register_encryption): If there is a conflict and we haven't yet
10 printed the statistics about the conflicting bindings, do so now.
11 (tofu_get_validity): Likewise.
13 Signed-off-by: Neal H. Walfield <neal@g10code.com>
15 (cherry picked from commit 027b81b35fe36692005b8dba22d9eb2db05e8c80)
17 g10/tofu.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++-----------
18 1 file changed, 69 insertions(+), 14 deletions(-)
20 diff --git a/g10/tofu.c b/g10/tofu.c
21 index 9f5f40694..fc03c5a7d 100644
24 @@ -2644,7 +2644,9 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
25 static enum tofu_policy
26 get_trust (ctrl_t ctrl, PKT_public_key *pk,
27 const char *fingerprint, const char *email,
28 - const char *user_id, int may_ask, time_t now)
29 + const char *user_id, int may_ask,
30 + enum tofu_policy *policyp, strlist_t *conflict_setp,
33 tofu_dbs_t dbs = ctrl->tofu.dbs;
34 int in_transaction = 0;
35 @@ -2683,6 +2685,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
36 if (tdb_keyid_is_utk (kid))
38 trust_level = TRUST_ULTIMATE;
39 + policy = TOFU_POLICY_GOOD;
43 @@ -2690,7 +2693,8 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
44 begin_transaction (ctrl, 0);
47 - policy = get_policy (dbs, pk, fingerprint, user_id, email, &conflict_set, now);
48 + policy = get_policy (dbs, pk, fingerprint, user_id, email,
49 + &conflict_set, now);
50 if (policy == TOFU_POLICY_AUTO)
52 policy = opt.tofu_default_policy;
53 @@ -2758,10 +2762,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
57 - for (iter = conflict_set; iter; iter = iter->next)
58 - show_statistics (dbs, iter->d, email,
59 - TOFU_POLICY_ASK, NULL, 1, now);
61 trust_level = TRUST_UNDEFINED;
64 @@ -2807,7 +2807,13 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
66 end_transaction (ctrl, 0);
68 - free_strlist (conflict_set);
73 + *conflict_setp = conflict_set;
75 + free_strlist (conflict_set);
79 @@ -3326,7 +3332,8 @@ tofu_register_signature (ctrl_t ctrl,
81 /* Make sure the binding exists and record any TOFU
83 - if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, now)
84 + if (get_trust (ctrl, pk, fingerprint, email, user_id->d,
86 == _tofu_GET_TRUST_ERROR)
88 rc = gpg_error (GPG_ERR_GENERAL);
89 @@ -3492,11 +3499,13 @@ tofu_register_encryption (ctrl_t ctrl,
90 for (user_id = user_id_list; user_id; user_id = user_id->next)
92 char *email = email_from_user_id (user_id->d);
93 + strlist_t conflict_set = NULL;
94 + enum tofu_policy policy;
96 /* Make sure the binding exists and that we recognize any
98 int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
100 + may_ask, &policy, &conflict_set, now);
101 if (tl == _tofu_GET_TRUST_ERROR)
104 @@ -3505,6 +3514,28 @@ tofu_register_encryption (ctrl_t ctrl,
109 + /* If there is a conflict and MAY_ASK is true, we need to show
110 + * the TOFU statistics for the current binding and the
111 + * conflicting bindings. But, if we are not in batch mode, then
112 + * they have already been printed (this is required to make sure
113 + * the information is available to the caller before cpr_get is
115 + if (policy == TOFU_POLICY_ASK && may_ask && opt.batch)
119 + /* The conflict set should contain at least the current
121 + log_assert (conflict_set);
123 + for (iter = conflict_set; iter; iter = iter->next)
124 + show_statistics (dbs, iter->d, email,
125 + TOFU_POLICY_ASK, NULL, 1, now);
128 + free_strlist (conflict_set);
131 (dbs->db, &dbs->s.register_encryption, NULL, NULL, &err,
132 "insert into encryptions\n"
133 @@ -3681,11 +3712,13 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
134 for (user_id = user_id_list; user_id; user_id = user_id->next, bindings ++)
136 char *email = email_from_user_id (user_id->d);
137 + strlist_t conflict_set = NULL;
138 + enum tofu_policy policy;
140 /* Always call get_trust to make sure the binding is
142 int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
144 + may_ask, &policy, &conflict_set, now);
145 if (tl == _tofu_GET_TRUST_ERROR)
148 @@ -3708,13 +3741,35 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
150 if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
152 - enum tofu_policy policy =
153 - get_policy (dbs, pk, fingerprint, user_id->d, email, NULL, now);
154 + /* If policy is ask, then we already printed out the
155 + * conflict information in ask_about_binding or will do so
157 + if (policy != TOFU_POLICY_ASK)
159 + show_statistics (dbs, fingerprint, email, policy, NULL, 0, now);
161 + /* If there is a conflict and MAY_ASK is true, we need to
162 + * show the TOFU statistics for the current binding and the
163 + * conflicting bindings. But, if we are not in batch mode,
164 + * then they have already been printed (this is required to
165 + * make sure the information is available to the caller
166 + * before cpr_get is called). */
167 + if (policy == TOFU_POLICY_ASK && opt.batch)
172 - show_statistics (dbs, fingerprint, email, policy, NULL, 0, now);
173 + /* The conflict set should contain at least the current
175 + log_assert (conflict_set);
177 + for (iter = conflict_set; iter; iter = iter->next)
178 + show_statistics (dbs, iter->d, email,
179 + TOFU_POLICY_ASK, NULL, 1, now);
183 + free_strlist (conflict_set);
185 if (tl == TRUST_NEVER)
186 trust_level = TRUST_NEVER;
187 else if (tl == TRUST_EXPIRED)