dirmngr: Allow testing for a running Tor via "getinfo tor".
[gnupg.git] / g10 / tdbio.c
index b69d6c3..63ccfae 100644 (file)
@@ -1,11 +1,12 @@
-/* tdbio.c
- *     Copyright (C) 1998 Free Software Foundation, Inc.
+/* tdbio.c - trust database I/O operations
+ * Copyright (C) 1998-2002, 2012 Free Software Foundation, Inc.
+ * Copyright (C) 1998-2015 Werner Koch
  *
  * This file is part of GnuPG.
  *
  * GnuPG is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
  * (at your option) any later version.
  *
  * GnuPG is distributed in the hope that it will be useful,
@@ -14,8 +15,7 @@
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
 #include <config.h>
@@ -29,9 +29,9 @@
 #include <fcntl.h>
 #include <unistd.h>
 
-#include "errors.h"
+#include "gpg.h"
+#include "status.h"
 #include "iobuf.h"
-#include "memory.h"
 #include "util.h"
 #include "options.h"
 #include "main.h"
 #include "trustdb.h"
 #include "tdbio.h"
 
-
-/****************
+#if defined(HAVE_DOSISH_SYSTEM) && !defined(ftruncate)
+#define ftruncate chsize
+#endif
+
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
+#define MY_O_BINARY  O_BINARY
+#else
+#define MY_O_BINARY  0
+#endif
+
+/* We use ERRNO despite that the cegcc provided open/read/write
+   functions don't set ERRNO - at least show that ERRNO does not make
+   sense.  */
+#ifdef HAVE_W32CE_SYSTEM
+#undef strerror
+#define strerror(a) ("[errno not available]")
+#endif
+
+/*
  * Yes, this is a very simple implementation. We should really
  * use a page aligned buffer and read complete pages.
  * To implement a simple trannsaction system, this is sufficient.
  */
 typedef struct cache_ctrl_struct *CACHE_CTRL;
-struct cache_ctrl_struct {
-    CACHE_CTRL next;
-    struct {
-       unsigned used:1;
-       unsigned dirty:1;
-    } flags;
-    ulong recno;
-    char data[TRUST_RECORD_LEN];
+struct cache_ctrl_struct
+{
+  CACHE_CTRL next;
+  struct {
+    unsigned used:1;
+    unsigned dirty:1;
+  } flags;
+  ulong recno;
+  char data[TRUST_RECORD_LEN];
 };
 
-#define MAX_CACHE_ENTRIES_SOFT 200   /* may be increased while in a */
-#define MAX_CACHE_ENTRIES_HARD 1000  /* transaction to this one */
+/* Size of the cache.  The SOFT value is the general one.  While in a
+   transaction this may not be sufficient and thus we may increase it
+   then up to the HARD limit.  */
+#define MAX_CACHE_ENTRIES_SOFT 200
+#define MAX_CACHE_ENTRIES_HARD 10000
+
+
+/* The cache is controlled by these variables.  */
 static CACHE_CTRL cache_list;
 static int cache_entries;
 static int cache_is_dirty;
 
-/* a type used to pass infomation to cmp_krec_fpr */
-struct cmp_krec_fpr_struct {
-    int pubkey_algo;
-    const char *fpr;
-    int fprlen;
+
+/* An object to pass information to cmp_krec_fpr. */
+struct cmp_krec_fpr_struct
+{
+  int pubkey_algo;
+  const char *fpr;
+  int fprlen;
 };
 
-/* a type used to pass infomation to cmp_sdir */
-struct cmp_sdir_struct {
-    int pubkey_algo;
-    u32 keyid[2];
+/* An object used to pass information to cmp_[s]dir. */
+struct cmp_xdir_struct
+{
+  int pubkey_algo;
+  u32 keyid[2];
 };
 
 
+/* The name of the trustdb file.  */
 static char *db_name;
-static const char *lockname;
+
+/* The handle for locking the trustdb file and a flag to record
+   whether a lock has been taken.  */
+static dotlock_t lockhandle;
+static int is_locked;
+
+/* The file descriptor of the trustdb.  */
 static int  db_fd = -1;
+
+/* A flag indicating that a transaction is active.  */
 static int in_transaction;
 
 
-static void open_db(void);
+\f
+static void open_db (void);
+
+
+\f
+/*
+ * Take a lock on the trustdb file name.  I a lock file can't be
+ * created the function terminates the process.  Excvept for a
+ * different return code the function does nothing if the lock has
+ * already been taken.
+ *
+ * Returns: True if lock already exists, False if the lock has
+ *          actually been taken.
+ */
+static int
+take_write_lock (void)
+{
+  if (!lockhandle)
+    lockhandle = dotlock_create (db_name, 0);
+  if (!lockhandle)
+    log_fatal ( _("can't create lock for '%s'\n"), db_name );
+
+  if (!is_locked)
+    {
+      if (dotlock_take (lockhandle, -1) )
+        log_fatal ( _("can't lock '%s'\n"), db_name );
+      else
+        is_locked = 1;
+      return 0;
+    }
+  else
+    return 1;
+}
+
 
+/*
+ * Release a lock from the trustdb file unless the global option
+ * --lock-once has been used.
+ */
+static void
+release_write_lock (void)
+{
+  if (!opt.lock_once)
+    if (!dotlock_release (lockhandle))
+      is_locked = 0;
+}
 \f
 /*************************************
  ************* record cache **********
  *************************************/
 
-/****************
- * Get the data from therecord cache and return a
- * pointer into that cache.  Caller should copy
- * the return data.  NULL is returned on a cache miss.
+/*
+ * Get the data from the record cache and return a pointer into that
+ * cache.  Caller should copy the returned data.  NULL is returned on
+ * a cache miss.
  */
 static const char *
-get_record_from_cache( ulong recno )
+get_record_from_cache (ulong recno)
 {
-    CACHE_CTRL r;
+  CACHE_CTRL r;
 
-    for( r = cache_list; r; r = r->next ) {
-       if( r->flags.used && r->recno == recno )
-           return r->data;
+  for (r = cache_list; r; r = r->next)
+    {
+      if (r->flags.used && r->recno == recno)
+        return r->data;
     }
-    return NULL;
+  return NULL;
 }
 
 
+/*
+ * Write a cached item back to the trustdb file.
+ *
+ * Returns: 0 on success or an error code.
+ */
 static int
-write_cache_item( CACHE_CTRL r )
+write_cache_item (CACHE_CTRL r)
 {
-    int n;
-
-    if( lseek( db_fd, r->recno * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
-       log_error(_("trustdb rec %lu: lseek failed: %s\n"),
-                                           r->recno, strerror(errno) );
-       return G10ERR_WRITE_FILE;
+  gpg_error_t err;
+  int n;
+
+  if (lseek (db_fd, r->recno * TRUST_RECORD_LEN, SEEK_SET) == -1)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("trustdb rec %lu: lseek failed: %s\n"),
+                 r->recno, strerror (errno));
+      return err;
     }
-    n = write( db_fd, r->data, TRUST_RECORD_LEN);
-    if( n != TRUST_RECORD_LEN ) {
-       log_error(_("trustdb rec %lu: write failed (n=%d): %s\n"),
-                                           r->recno, n, strerror(errno) );
-       return G10ERR_WRITE_FILE;
+  n = write (db_fd, r->data, TRUST_RECORD_LEN);
+  if (n != TRUST_RECORD_LEN)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("trustdb rec %lu: write failed (n=%d): %s\n"),
+                 r->recno, n, strerror (errno) );
+      return err;
     }
-    r->flags.dirty = 0;
-    return 0;
+  r->flags.dirty = 0;
+  return 0;
 }
 
-/****************
- * Put data into the cache.  This function may flush the
- * some cache entries if there is not enough space available.
+
+/*
+ * Put data into the cache.  This function may flush
+ * some cache entries if the cache is filled up.
+ *
+ * Returns: 0 on success or an error code.
  */
-int
-put_record_into_cache( ulong recno, const char *data )
+static int
+put_record_into_cache (ulong recno, const char *data)
 {
-    CACHE_CTRL r, unused;
-    int dirty_count = 0;
-    int clean_count = 0;
-
-    /* see whether we already cached this one */
-    for( unused = NULL, r = cache_list; r; r = r->next ) {
-       if( !r->flags.used ) {
-           if( !unused )
-               unused = r;
+  CACHE_CTRL r, unused;
+  int dirty_count = 0;
+  int clean_count = 0;
+
+  /* See whether we already cached this one.  */
+  for (unused = NULL, r = cache_list; r; r = r->next)
+    {
+      if (!r->flags.used)
+        {
+          if (!unused)
+            unused = r;
        }
-       else if( r->recno == recno ) {
-           if( !r->flags.dirty ) {
-               /* Hmmm: should we use a a copy and compare? */
-               if( memcmp(r->data, data, TRUST_RECORD_LEN ) ) {
-                   r->flags.dirty = 1;
-                   cache_is_dirty = 1;
+      else if (r->recno == recno)
+        {
+          if (!r->flags.dirty)
+            {
+              /* Hmmm: should we use a copy and compare? */
+              if (memcmp (r->data, data, TRUST_RECORD_LEN))
+                {
+                  r->flags.dirty = 1;
+                  cache_is_dirty = 1;
                }
            }
-           memcpy( r->data, data, TRUST_RECORD_LEN );
-           return 0;
+          memcpy (r->data, data, TRUST_RECORD_LEN);
+          return 0;
        }
-       if( r->flags.used ) {
-           if( r->flags.dirty )
-               dirty_count++;
-           else
-               clean_count++;
+      if (r->flags.used)
+        {
+          if (r->flags.dirty)
+            dirty_count++;
+          else
+            clean_count++;
        }
     }
-    /* not in the cache: add a new entry */
-    if( unused ) { /* reuse this entry */
-       r = unused;
-       r->flags.used = 1;
-       r->recno = recno;
-       memcpy( r->data, data, TRUST_RECORD_LEN );
-       r->flags.dirty = 1;
-       cache_is_dirty = 1;
-       cache_entries++;
-       return 0;
+
+  /* Not in the cache: add a new entry. */
+  if (unused)
+    {
+      /* Reuse this entry. */
+      r = unused;
+      r->flags.used = 1;
+      r->recno = recno;
+      memcpy (r->data, data, TRUST_RECORD_LEN);
+      r->flags.dirty = 1;
+      cache_is_dirty = 1;
+      cache_entries++;
+      return 0;
     }
-    /* see whether we reached the limit */
-    if( cache_entries < MAX_CACHE_ENTRIES_SOFT ) { /* no */
-       r = m_alloc( sizeof *r );
-       r->flags.used = 1;
-       r->recno = recno;
-       memcpy( r->data, data, TRUST_RECORD_LEN );
-       r->flags.dirty = 1;
-       r->next = cache_list;
-       cache_list = r;
-       cache_is_dirty = 1;
-       cache_entries++;
-       return 0;
+
+  /* See whether we reached the limit. */
+  if (cache_entries < MAX_CACHE_ENTRIES_SOFT)
+    {
+      /* No: Put into cache.  */
+      r = xmalloc (sizeof *r);
+      r->flags.used = 1;
+      r->recno = recno;
+      memcpy (r->data, data, TRUST_RECORD_LEN);
+      r->flags.dirty = 1;
+      r->next = cache_list;
+      cache_list = r;
+      cache_is_dirty = 1;
+      cache_entries++;
+      return 0;
     }
-    /* cache is full: discard some clean entries */
-    if( clean_count ) {
-       int n = clean_count / 3; /* discard a third of the clean entries */
-       if( !n )
-           n = 1;
-       for( unused = NULL, r = cache_list; r; r = r->next ) {
-           if( r->flags.used && !r->flags.dirty ) {
-               if( !unused )
-                   unused = r;
-               r->flags.used = 0;
-               cache_entries--;
-               if( !--n )
-                   break;
+
+  /* Cache is full: discard some clean entries.  */
+  if (clean_count)
+    {
+      int n;
+
+      /* We discard a third of the clean entries.  */
+      n = clean_count / 3;
+      if (!n)
+        n = 1;
+
+      for (unused = NULL, r = cache_list; r; r = r->next)
+        {
+          if (r->flags.used && !r->flags.dirty)
+            {
+              if (!unused)
+                unused = r;
+              r->flags.used = 0;
+              cache_entries--;
+              if (!--n)
+                break;
            }
        }
-       assert( unused );
-       r = unused;
-       r->flags.used = 1;
-       r->recno = recno;
-       memcpy( r->data, data, TRUST_RECORD_LEN );
-       r->flags.dirty = 1;
-       cache_is_dirty = 1;
-       cache_entries++;
-       return 0;
+
+      /* Now put into the cache.  */
+      assert (unused);
+      r = unused;
+      r->flags.used = 1;
+      r->recno = recno;
+      memcpy (r->data, data, TRUST_RECORD_LEN);
+      r->flags.dirty = 1;
+      cache_is_dirty = 1;
+      cache_entries++;
+      return 0;
     }
-    /* no clean entries: have to flush some dirty entries */
-    if( in_transaction ) {
-       /* but we can't do this while in a transaction
-        * we increase the cache size instead */
-       if( cache_entries < MAX_CACHE_ENTRIES_HARD ) { /* no */
-           if( opt.debug && !(cache_entries % 100) )
-               log_debug("increasing tdbio cache size\n");
-           r = m_alloc( sizeof *r );
-           r->flags.used = 1;
-           r->recno = recno;
-           memcpy( r->data, data, TRUST_RECORD_LEN );
-           r->flags.dirty = 1;
-           r->next = cache_list;
-           cache_list = r;
-           cache_is_dirty = 1;
-           cache_entries++;
-           return 0;
+
+  /* No clean entries: We have to flush some dirty entries.  */
+  if (in_transaction)
+    {
+      /* But we can't do this while in a transaction.  Thus we
+       * increase the cache size instead.  */
+      if (cache_entries < MAX_CACHE_ENTRIES_HARD)
+        {
+          if (opt.debug && !(cache_entries % 100))
+            log_debug ("increasing tdbio cache size\n");
+          r = xmalloc (sizeof *r);
+          r->flags.used = 1;
+          r->recno = recno;
+          memcpy (r->data, data, TRUST_RECORD_LEN);
+          r->flags.dirty = 1;
+          r->next = cache_list;
+          cache_list = r;
+          cache_is_dirty = 1;
+          cache_entries++;
+          return 0;
        }
-       log_info(_("trustdb transaction too large\n"));
-       return G10ERR_RESOURCE_LIMIT;
+      /* Hard limit for the cache size reached.  */
+      log_info (_("trustdb transaction too large\n"));
+      return GPG_ERR_RESOURCE_LIMIT;
     }
-    if( dirty_count ) {
-       int n = dirty_count / 5; /* discard some dirty entries */
-       if( !n )
-           n = 1;
-       if( !lockname )
-           lockname = make_dotlock( db_name, -1 );
-       if( !lockname )
-           log_fatal("can't get a lock - giving up\n");
-       for( unused = NULL, r = cache_list; r; r = r->next ) {
-           if( r->flags.used && r->flags.dirty ) {
-               int rc = write_cache_item( r );
-               if( rc )
-                   return rc;
-               if( !unused )
-                   unused = r;
-               r->flags.used = 0;
-               cache_entries--;
-               if( !--n )
-                   break;
+
+  if (dirty_count)
+    {
+      int n;
+
+      /* Discard some dirty entries. */
+      n = dirty_count / 5;
+      if (!n)
+        n = 1;
+
+      take_write_lock ();
+      for (unused = NULL, r = cache_list; r; r = r->next)
+        {
+          if (r->flags.used && r->flags.dirty)
+            {
+              int rc;
+
+              rc = write_cache_item (r);
+              if (rc)
+                return rc;
+              if (!unused)
+                unused = r;
+              r->flags.used = 0;
+              cache_entries--;
+              if (!--n)
+                break;
            }
        }
-       if( !opt.lock_once ) {
-           release_dotlock( lockname );
-           lockname=NULL;
-       }
-       assert( unused );
-       r = unused;
-       r->flags.used = 1;
-       r->recno = recno;
-       memcpy( r->data, data, TRUST_RECORD_LEN );
-       r->flags.dirty = 1;
-       cache_is_dirty = 1;
-       cache_entries++;
-       return 0;
+      release_write_lock ();
+
+      /* Now put into the cache.  */
+      assert (unused);
+      r = unused;
+      r->flags.used = 1;
+      r->recno = recno;
+      memcpy (r->data, data, TRUST_RECORD_LEN);
+      r->flags.dirty = 1;
+      cache_is_dirty = 1;
+      cache_entries++;
+      return 0;
     }
-    BUG();
+
+  /* We should never reach this.  */
+  BUG();
 }
 
 
+/* Return true if the cache is dirty.  */
 int
 tdbio_is_dirty()
 {
-    return cache_is_dirty;
+  return cache_is_dirty;
 }
 
 
-/****************
+/*
  * Flush the cache.  This cannot be used while in a transaction.
  */
 int
@@ -287,18 +416,17 @@ tdbio_sync()
     CACHE_CTRL r;
     int did_lock = 0;
 
+    if( db_fd == -1 )
+       open_db();
     if( in_transaction )
        log_bug("tdbio: syncing while in transaction\n");
 
     if( !cache_is_dirty )
        return 0;
 
-    if( !lockname ) {
-       lockname = make_dotlock( db_name, -1 );
-       did_lock = 1;
-       if( !lockname )
-           log_fatal("can't get a lock - giving up\n");
-    }
+    if (!take_write_lock ())
+        did_lock = 1;
+
     for( r = cache_list; r; r = r->next ) {
        if( r->flags.used && r->flags.dirty ) {
            int rc = write_cache_item( r );
@@ -307,81 +435,80 @@ tdbio_sync()
        }
     }
     cache_is_dirty = 0;
-    if( did_lock && !opt.lock_once ) {
-       release_dotlock( lockname );
-       lockname=NULL;
-    }
+    if (did_lock)
+        release_write_lock ();
+
     return 0;
 }
 
 
-
-/****************
+#if 0  /* Not yet used.  */
+/*
  * Simple transactions system:
  * Everything between begin_transaction and end/cancel_transaction
- * is not immediatly written but at the time of end_transaction.
+ * is not immediately written but at the time of end_transaction.
  *
+ * NOTE: The transaction code is disabled in the 1.2 branch, as it is
+ * not yet used.
  */
 int
-tdbio_begin_transaction()
+tdbio_begin_transaction ()  /* Not yet used.  */
 {
-    int rc;
+  int rc;
 
-    if( in_transaction )
-       log_bug("tdbio: nested transactions\n");
-    /* flush everything out */
-    rc = tdbio_sync();
-    if( rc )
-       return rc;
-    in_transaction = 1;
-    return 0;
+  if (in_transaction)
+    log_bug ("tdbio: nested transactions\n");
+  /* Flush everything out. */
+  rc = tdbio_sync();
+  if (rc)
+    return rc;
+  in_transaction = 1;
+  return 0;
 }
 
 int
-tdbio_end_transaction()
+tdbio_end_transaction ()  /* Not yet used.  */
 {
-    int rc;
-
-    if( !in_transaction )
-       log_bug("tdbio: no active transaction\n");
-    if( !lockname )
-       lockname = make_dotlock( db_name, -1 );
-    if( !lockname )
-       log_fatal("can't get a lock - giving up\n");
-    block_all_signals();
-    in_transaction = 0;
-    rc = tdbio_sync();
-    unblock_all_signals();
-    if( !opt.lock_once ) {
-       release_dotlock( lockname );
-       lockname=NULL;
-    }
-    return rc;
+  int rc;
+
+  if (!in_transaction)
+    log_bug ("tdbio: no active transaction\n");
+  take_write_lock ();
+  gnupg_block_all_signals ();
+  in_transaction = 0;
+  rc = tdbio_sync();
+  gnupg_unblock_all_signals();
+  release_write_lock ();
+  return rc;
 }
 
 int
-tdbio_cancel_transaction()
+tdbio_cancel_transaction () /* Not yet used.  */
 {
-    CACHE_CTRL r;
-
-    if( !in_transaction )
-       log_bug("tdbio: no active transaction\n");
-
-    /* remove all dirty marked entries, so that the original ones
-     * are read back the next time */
-    if( cache_is_dirty ) {
-       for( r = cache_list; r; r = r->next ) {
-           if( r->flags.used && r->flags.dirty ) {
-               r->flags.used = 0;
-               cache_entries--;
+  CACHE_CTRL r;
+
+  if (!in_transaction)
+    log_bug ("tdbio: no active transaction\n");
+
+  /* Remove all dirty marked entries, so that the original ones are
+   * read back the next time.  */
+  if (cache_is_dirty)
+    {
+      for (r = cache_list; r; r = r->next)
+        {
+          if (r->flags.used && r->flags.dirty)
+            {
+              r->flags.used = 0;
+              cache_entries--;
            }
        }
-       cache_is_dirty = 0;
+      cache_is_dirty = 0;
     }
 
-    in_transaction = 0;
-    return 0;
+  in_transaction = 0;
+  return 0;
 }
+#endif  /* Not yet used.  */
 
 
 \f
@@ -389,1150 +516,1334 @@ tdbio_cancel_transaction()
  **************** cached I/O functions ******************
  ********************************************************/
 
+/* The cleanup handler for this module.  */
 static void
-cleanup(void)
+cleanup (void)
 {
-    if( lockname ) {
-       release_dotlock(lockname);
-       lockname = NULL;
+  if (is_locked)
+    {
+      if (!dotlock_release (lockhandle))
+        is_locked = 0;
     }
 }
 
+
+/*
+ * Update an existing trustdb record.  The caller must call
+ * tdbio_sync.
+ *
+ * Returns: 0 on success or an error code.
+ */
 int
-tdbio_set_dbname( const char *new_dbname, int create )
+tdbio_update_version_record (void)
+{
+  TRUSTREC rec;
+  int rc;
+
+  memset (&rec, 0, sizeof rec);
+
+  rc = tdbio_read_record (0, &rec, RECTYPE_VER);
+  if (!rc)
+    {
+      rec.r.ver.created     = make_timestamp();
+      rec.r.ver.marginals   = opt.marginals_needed;
+      rec.r.ver.completes   = opt.completes_needed;
+      rec.r.ver.cert_depth  = opt.max_cert_depth;
+      rec.r.ver.trust_model = opt.trust_model;
+      rec.r.ver.min_cert_level = opt.min_cert_level;
+      rc=tdbio_write_record(&rec);
+    }
+
+  return rc;
+}
+
+
+/*
+ * Create and write the trustdb version record.
+ *
+ * Returns: 0 on success or an error code.
+ */
+static int
+create_version_record (void)
 {
-    char *fname;
-    static int initialized = 0;
+  TRUSTREC rec;
+  int rc;
+
+  memset (&rec, 0, sizeof rec);
+  rec.r.ver.version     = 3;
+  rec.r.ver.created     = make_timestamp ();
+  rec.r.ver.marginals   = opt.marginals_needed;
+  rec.r.ver.completes   = opt.completes_needed;
+  rec.r.ver.cert_depth  = opt.max_cert_depth;
+  if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
+    rec.r.ver.trust_model = opt.trust_model;
+  else
+    rec.r.ver.trust_model = TM_PGP;
+  rec.r.ver.min_cert_level = opt.min_cert_level;
+  rec.rectype = RECTYPE_VER;
+  rec.recnum = 0;
+  rc = tdbio_write_record (&rec);
+  if (!rc)
+    tdbio_sync ();
+  return rc;
+}
+
 
-    if( !initialized ) {
-       atexit( cleanup );
-       initialized = 1;
+/*
+ * Set the file name for the trustdb to NEW_DBNAME and if CREATE is
+ * true create that file.  If NEW_DBNAME is NULL a default name is
+ * used, if the it does not contain a path component separator ('/')
+ * the global GnuPG home directory is used.
+ *
+ * Returns: 0 on success or an error code.
+ *
+ * On the first call this function registers an atexit handler.
+ *
+ */
+int
+tdbio_set_dbname (const char *new_dbname, int create, int *r_nofile)
+{
+  char *fname;
+  struct stat statbuf;
+  static int initialized = 0;
+
+  if (!initialized)
+    {
+      atexit (cleanup);
+      initialized = 1;
     }
-    fname = new_dbname? m_strdup( new_dbname )
-                     : make_filename(opt.homedir, "trustdb.gpg", NULL );
-
-    if( access( fname, R_OK ) ) {
-       if( errno != ENOENT ) {
-           log_error( _("%s: can't access: %s\n"), fname, strerror(errno) );
-           m_free(fname);
-           return G10ERR_TRUSTDB;
-       }
-       if( create ) {
-           FILE *fp;
-           TRUSTREC rec;
-           int rc;
-           char *p = strrchr( fname, '/' );
-
-           assert(p);
-           *p = 0;
-           if( access( fname, F_OK ) ) {
-               if( strlen(fname) >= 7
-                   && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) {
-                 #if __MINGW32__
-                   if( mkdir( fname ) )
-                 #else
-                   if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) )
-                 #endif
-                       log_fatal( _("%s: can't create directory: %s\n"),
-                                                   fname,  strerror(errno) );
-                   else
-                       log_info( _("%s: directory created\n"), fname );
-                   copy_options_file( fname );
-               }
-               else
-                   log_fatal( _("%s: directory does not exist!\n"), fname );
-           }
-           *p = '/';
-
-           fp =fopen( fname, "wb" );
-           if( !fp )
-               log_fatal( _("%s: can't create: %s\n"), fname, strerror(errno) );
-           fclose(fp);
-           m_free(db_name);
-           db_name = fname;
-         #ifdef __MINGW32__
-           db_fd = open( db_name, O_RDWR | O_BINARY );
-         #else
-           db_fd = open( db_name, O_RDWR );
-         #endif
-           if( db_fd == -1 )
-               log_fatal( _("%s: can't open: %s\n"), db_name, strerror(errno) );
-
-           memset( &rec, 0, sizeof rec );
-           rec.r.ver.version = 2;
-           rec.r.ver.created = make_timestamp();
-           rec.r.ver.marginals =  opt.marginals_needed;
-           rec.r.ver.completes =  opt.completes_needed;
-           rec.r.ver.cert_depth = opt.max_cert_depth;
-           rec.rectype = RECTYPE_VER;
-           rec.recnum = 0;
-           rc = tdbio_write_record( &rec );
-           if( !rc )
-               tdbio_sync();
-           if( rc )
-               log_fatal( _("%s: failed to create version record: %s"),
-                                                  fname, g10_errstr(rc));
-           /* and read again to check that we are okay */
-           if( tdbio_read_record( 0, &rec, RECTYPE_VER ) )
-               log_fatal( _("%s: invalid trustdb created\n"), db_name );
 
-           log_info(_("%s: trustdb created\n"), db_name);
+  *r_nofile = 0;
 
-           return 0;
+  if (!new_dbname)
+    {
+      fname = make_filename (opt.homedir, "trustdb" EXTSEP_S GPGEXT_GPG, NULL);
+    }
+  else if (*new_dbname != DIRSEP_C )
+    {
+      if (strchr (new_dbname, DIRSEP_C))
+        fname = make_filename (new_dbname, NULL);
+      else
+        fname = make_filename (opt.homedir, new_dbname, NULL);
+    }
+  else
+    {
+      fname = xstrdup (new_dbname);
+    }
+
+  xfree (db_name);
+  db_name = fname;
+
+  /* Quick check for (likely) case where there already is a
+   * trustdb.gpg.  This check is not required in theory, but it helps
+   * in practice avoiding costly operations of preparing and taking
+   * the lock.  */
+  if (!stat (fname, &statbuf) && statbuf.st_size > 0)
+    {
+      /* OK, we have the valid trustdb.gpg already.  */
+      return 0;
+    }
+
+  take_write_lock ();
+
+  if (access (fname, R_OK))
+    {
+#ifdef HAVE_W32CE_SYSTEM
+      /* We know how the cegcc implementation of access works ;-). */
+      if (GetLastError () == ERROR_FILE_NOT_FOUND)
+        gpg_err_set_errno (ENOENT);
+      else
+        gpg_err_set_errno (EIO);
+#endif /*HAVE_W32CE_SYSTEM*/
+      if (errno != ENOENT)
+        log_fatal ( _("can't access '%s': %s\n"), fname, strerror (errno));
+
+      if (!create)
+        *r_nofile = 1;
+      else
+        {
+          FILE *fp;
+          TRUSTREC rec;
+          int rc;
+          char *p = strrchr (fname, DIRSEP_C);
+          mode_t oldmask;
+          int save_slash;
+
+#if HAVE_W32_SYSTEM
+          {
+            /* Windows may either have a slash or a backslash.  Take
+               care of it.  */
+            char *pp = strrchr (fname, '/');
+            if (!p || pp > p)
+              p = pp;
+          }
+#endif /*HAVE_W32_SYSTEM*/
+          assert (p);
+          save_slash = *p;
+          *p = 0;
+          if (access (fname, F_OK))
+            {
+              try_make_homedir (fname);
+              if (access (fname, F_OK))
+                log_fatal (_("%s: directory does not exist!\n"), fname);
+           }
+          *p = save_slash;
+
+          oldmask = umask (077);
+          if (is_secured_filename (fname))
+            {
+              fp = NULL;
+              gpg_err_set_errno (EPERM);
+            }
+          else
+            fp = fopen (fname, "wb");
+          umask(oldmask);
+          if (!fp)
+            log_fatal (_("can't create '%s': %s\n"), fname, strerror (errno));
+          fclose (fp);
+
+          db_fd = open (db_name, O_RDWR | MY_O_BINARY);
+          if (db_fd == -1)
+            log_fatal (_("can't open '%s': %s\n"), db_name, strerror (errno));
+
+          rc = create_version_record ();
+          if (rc)
+            log_fatal (_("%s: failed to create version record: %s"),
+                       fname, gpg_strerror (rc));
+
+          /* Read again to check that we are okay. */
+          if (tdbio_read_record (0, &rec, RECTYPE_VER))
+            log_fatal (_("%s: invalid trustdb created\n"), db_name);
+
+          if (!opt.quiet)
+            log_info (_("%s: trustdb created\n"), db_name);
        }
     }
-    m_free(db_name);
-    db_name = fname;
-    return 0;
+
+  release_write_lock ();
+  return 0;
 }
 
 
+/*
+ * Return the full name of the trustdb.
+ */
 const char *
-tdbio_get_dbname()
+tdbio_get_dbname ()
 {
-    return db_name;
+  return db_name;
 }
 
 
-
+/*
+ * Open the trustdb.  This may only be called if it has not yet been
+ * opened and after a successful call to tdbio_set_dbname.  On return
+ * the trustdb handle (DB_FD) is guaranteed to be open.
+ */
 static void
-open_db()
+open_db ()
 {
-    TRUSTREC rec;
-    assert( db_fd == -1 );
-
-  #ifdef __MINGW32__
-    db_fd = open( db_name, O_RDWR | O_BINARY );
-  #else
-    db_fd = open( db_name, O_RDWR );
-  #endif
-    if( db_fd == -1 )
-       log_fatal( _("%s: can't open: %s\n"), db_name, strerror(errno) );
-    if( tdbio_read_record( 0, &rec, RECTYPE_VER ) )
-       log_fatal( _("%s: invalid trustdb\n"), db_name );
+  TRUSTREC rec;
+
+  assert( db_fd == -1 );
+
+#ifdef HAVE_W32CE_SYSTEM
+  {
+    DWORD prevrc = 0;
+    wchar_t *wname = utf8_to_wchar (db_name);
+    if (wname)
+      {
+        db_fd = (int)CreateFile (wname, GENERIC_READ|GENERIC_WRITE,
+                                 FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
+                                 OPEN_EXISTING, 0, NULL);
+        xfree (wname);
+      }
+    if (db_fd == -1)
+      log_fatal ("can't open '%s': %d, %d\n", db_name,
+                 (int)prevrc, (int)GetLastError ());
+  }
+#else /*!HAVE_W32CE_SYSTEM*/
+  db_fd = open (db_name, O_RDWR | MY_O_BINARY );
+  if (db_fd == -1 && (errno == EACCES
+#ifdef EROFS
+                      || errno == EROFS
+#endif
+                      )
+      ) {
+      /* Take care of read-only trustdbs.  */
+      db_fd = open (db_name, O_RDONLY | MY_O_BINARY );
+      if (db_fd != -1 && !opt.quiet)
+          log_info (_("Note: trustdb not writable\n"));
+  }
+  if ( db_fd == -1 )
+    log_fatal( _("can't open '%s': %s\n"), db_name, strerror(errno) );
+#endif /*!HAVE_W32CE_SYSTEM*/
+  register_secured_file (db_name);
+
+  /* Read the version record. */
+  if (tdbio_read_record (0, &rec, RECTYPE_VER ) )
+    log_fatal( _("%s: invalid trustdb\n"), db_name );
 }
 
 
-/****************
- * Make a hashtable: type 0 = key hash, 1 = sdir hash
+/*
+ * Append a new empty hashtable to the trustdb.  TYPE gives the type
+ * of the hash table.  The only defined type is 0 for a trust hash.
+ * On return the hashtable has been created, written, the version
+ * record update, and the data flushed to the disk.  On a fatal error
+ * the function terminates the process.
  */
 static void
 create_hashtable( TRUSTREC *vr, int type )
 {
-    TRUSTREC rec;
-    off_t offset;
-    ulong recnum;
-    int i, n, rc;
-
-    offset = lseek( db_fd, 0, SEEK_END );
-    if( offset == -1 )
-       log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) );
-    recnum = offset / TRUST_RECORD_LEN;
-    assert(recnum); /* this is will never be the first record */
-
-    if( !type )
-       vr->r.ver.keyhashtbl = recnum;
-    else
-       vr->r.ver.sdirhashtbl = recnum;
-    /* Now write the records */
-    n = (256+ITEMS_PER_HTBL_RECORD-1) / ITEMS_PER_HTBL_RECORD;
-    for(i=0; i < n; i++, recnum++ ) {
-        memset( &rec, 0, sizeof rec );
-        rec.rectype = RECTYPE_HTBL;
-        rec.recnum = recnum;
-        rc = tdbio_write_record( &rec );
-        if( rc )
-            log_fatal( _("%s: failed to create hashtable: %s\n"),
-                                       db_name, g10_errstr(rc));
+  TRUSTREC rec;
+  off_t offset;
+  ulong recnum;
+  int i, n, rc;
+
+  offset = lseek (db_fd, 0, SEEK_END);
+  if (offset == -1)
+    log_fatal ("trustdb: lseek to end failed: %s\n", strerror(errno));
+  recnum = offset / TRUST_RECORD_LEN;
+  assert (recnum); /* This is will never be the first record. */
+
+  if (!type)
+    vr->r.ver.trusthashtbl = recnum;
+
+  /* Now write the records making up the hash table. */
+  n = (256+ITEMS_PER_HTBL_RECORD-1) / ITEMS_PER_HTBL_RECORD;
+  for (i=0; i < n; i++, recnum++)
+    {
+      memset (&rec, 0, sizeof rec);
+      rec.rectype = RECTYPE_HTBL;
+      rec.recnum = recnum;
+      rc = tdbio_write_record (&rec);
+      if (rc)
+        log_fatal (_("%s: failed to create hashtable: %s\n"),
+                   db_name, gpg_strerror (rc));
     }
-    /* update the version record */
-    rc = tdbio_write_record( vr );
-    if( !rc )
-       rc = tdbio_sync();
-    if( rc )
-       log_fatal( _("%s: error updating version record: %s\n"),
-                                                 db_name, g10_errstr(rc));
+  /* Update the version record and flush. */
+  rc = tdbio_write_record (vr);
+  if (!rc)
+    rc = tdbio_sync ();
+  if (rc)
+    log_fatal (_("%s: error updating version record: %s\n"),
+               db_name, gpg_strerror (rc));
 }
 
 
+/*
+ * Check whether open trustdb matches the global trust options given
+ * for this process.  On a read problem the process is terminated.
+ *
+ * Return: 1 for yes, 0 for no.
+ */
 int
 tdbio_db_matches_options()
 {
-    static int yes_no = -1;
-
-    if( yes_no == -1 ) {
-       TRUSTREC vr;
-       int rc;
-
-       rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
-       if( rc )
-           log_fatal( _("%s: error reading version record: %s\n"),
-                                                   db_name, g10_errstr(rc) );
-
-       if( !vr.r.ver.marginals && !vr.r.ver.completes
-                               && !vr.r.ver.cert_depth )
-       {   /* special hack for trustdbs created by old versions of GnuPG */
-           vr.r.ver.marginals =  opt.marginals_needed;
-           vr.r.ver.completes =  opt.completes_needed;
-           vr.r.ver.cert_depth = opt.max_cert_depth;
-           rc = tdbio_write_record( &vr );
-           if( !rc && !in_transaction )
-               rc = tdbio_sync();
-           if( rc )
-               log_error( _("%s: error writing version record: %s\n"),
-                                               db_name, g10_errstr(rc) );
-       }
+  static int yes_no = -1;
+
+  if (yes_no == -1)
+    {
+      TRUSTREC vr;
+      int rc;
 
-       yes_no = vr.r.ver.marginals == opt.marginals_needed
-                && vr.r.ver.completes == opt.completes_needed
-                && vr.r.ver.cert_depth == opt.max_cert_depth;
+      rc = tdbio_read_record (0, &vr, RECTYPE_VER);
+      if( rc )
+       log_fatal( _("%s: error reading version record: %s\n"),
+                  db_name, gpg_strerror (rc) );
+
+      yes_no = vr.r.ver.marginals == opt.marginals_needed
+       && vr.r.ver.completes == opt.completes_needed
+       && vr.r.ver.cert_depth == opt.max_cert_depth
+       && vr.r.ver.trust_model == opt.trust_model
+       && vr.r.ver.min_cert_level == opt.min_cert_level;
     }
-    return yes_no;
+
+  return yes_no;
 }
 
 
-/****************
- * Return the record number of the keyhash tbl or create a new one.
+/*
+ * Read and return the trust model identifier from the trustdb.  On a
+ * read problem the process is terminated.
  */
-static ulong
-get_keyhashrec()
+byte
+tdbio_read_model (void)
 {
-    static ulong keyhashtbl; /* record number of the key hashtable */
+  TRUSTREC vr;
+  int rc;
+
+  rc = tdbio_read_record (0, &vr, RECTYPE_VER );
+  if (rc)
+    log_fatal (_("%s: error reading version record: %s\n"),
+              db_name, gpg_strerror (rc) );
+  return vr.r.ver.trust_model;
+}
+
 
-    if( !keyhashtbl ) {
-       TRUSTREC vr;
-       int rc;
+/*
+ * Read and return the nextstamp value from the trustdb.  On a read
+ * problem the process is terminated.
+ */
+ulong
+tdbio_read_nextcheck ()
+{
+  TRUSTREC vr;
+  int rc;
+
+  rc = tdbio_read_record (0, &vr, RECTYPE_VER);
+  if (rc)
+    log_fatal (_("%s: error reading version record: %s\n"),
+               db_name, gpg_strerror (rc));
+  return vr.r.ver.nextcheck;
+}
 
-       rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
-       if( rc )
-           log_fatal( _("%s: error reading version record: %s\n"),
-                                           db_name, g10_errstr(rc) );
-       if( !vr.r.ver.keyhashtbl )
-           create_hashtable( &vr, 0 );
 
-       keyhashtbl = vr.r.ver.keyhashtbl;
-    }
-    return keyhashtbl;
+/*
+ * Write the STAMP nextstamp timestamp to the trustdb.  On a read or
+ * write problem the process is terminated.
+ *
+ * Return: True if the stamp actually changed.
+ */
+int
+tdbio_write_nextcheck (ulong stamp)
+{
+  TRUSTREC vr;
+  int rc;
+
+  rc = tdbio_read_record (0, &vr, RECTYPE_VER);
+  if (rc)
+    log_fatal (_("%s: error reading version record: %s\n"),
+               db_name, gpg_strerror (rc));
+
+  if (vr.r.ver.nextcheck == stamp)
+    return 0;
+
+  vr.r.ver.nextcheck = stamp;
+  rc = tdbio_write_record( &vr );
+  if (rc)
+    log_fatal (_("%s: error writing version record: %s\n"),
+               db_name, gpg_strerror (rc));
+  return 1;
 }
 
-/****************
- * Return the record number of the shadow direcory hash table
- * or create a new one.
+
+
+/*
+ * Return the record number of the trusthash table or create one if it
+ * does not yet exist.  On a read or write problem the process is
+ * terminated.
+ *
+ * Return: record number
  */
 static ulong
-get_sdirhashrec()
+get_trusthashrec(void)
 {
-    static ulong sdirhashtbl; /* record number of the hashtable */
+  static ulong trusthashtbl; /* Record number of the trust hashtable.  */
 
-    if( !sdirhashtbl ) {
-       TRUSTREC vr;
-       int rc;
+  if (!trusthashtbl)
+    {
+      TRUSTREC vr;
+      int rc;
 
-       rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
-       if( rc )
-           log_fatal( _("%s: error reading version record: %s\n"),
-                                                   db_name, g10_errstr(rc) );
-       if( !vr.r.ver.sdirhashtbl )
-           create_hashtable( &vr, 1 );
+      rc = tdbio_read_record (0, &vr, RECTYPE_VER );
+      if (rc)
+        log_fatal (_("%s: error reading version record: %s\n"),
+                   db_name, gpg_strerror (rc) );
+      if (!vr.r.ver.trusthashtbl)
+        create_hashtable (&vr, 0);
 
-       sdirhashtbl = vr.r.ver.sdirhashtbl;
+      trusthashtbl = vr.r.ver.trusthashtbl;
     }
-    return sdirhashtbl;
+
+  return trusthashtbl;
 }
 
 
-/****************
- * Update a hashtable.
- * table gives the start of the table, key and keylen is the key,
- * newrecnum is the record number to insert.
+
+/*
+ * Update a hashtable in the trustdb.  TABLE gives the start of the
+ * table, KEY and KEYLEN are the key, NEWRECNUM is the record number
+ * to insert into the table.
+ *
+ * Return: 0 on success or an error code.
  */
 static int
-upd_hashtable( ulong table, byte *key, int keylen, ulong newrecnum )
+upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
 {
-    TRUSTREC lastrec, rec;
-    ulong hashrec, item;
-    int msb;
-    int level=0;
-    int rc, i;
-
-    hashrec = table;
 next_level:
-    msb = key[level];
-    hashrec += msb / ITEMS_PER_HTBL_RECORD;
-    rc = tdbio_read_record( hashrec, &rec, RECTYPE_HTBL );
-    if( rc ) {
-       log_error( db_name, "upd_hashtable: read failed: %s\n",
-                                                       g10_errstr(rc) );
-       return rc;
+  TRUSTREC lastrec, rec;
+  ulong hashrec, item;
+  int msb;
+  int level = 0;
+  int rc, i;
+
+  hashrec = table;
+ next_level:
+  msb = key[level];
+  hashrec += msb / ITEMS_PER_HTBL_RECORD;
+  rc = tdbio_read_record (hashrec, &rec, RECTYPE_HTBL);
+  if (rc)
+    {
+      log_error ("upd_hashtable: read failed: %s\n", gpg_strerror (rc));
+      return rc;
     }
 
-    item = rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
-    if( !item ) { /* insert a new item into the hash table */
-       rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = newrecnum;
-       rc = tdbio_write_record( &rec );
-       if( rc ) {
-           log_error( db_name, "upd_hashtable: write htbl failed: %s\n",
-                                                           g10_errstr(rc) );
-           return rc;
+  item = rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
+  if (!item)  /* Insert a new item into the hash table.  */
+    {
+      rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = newrecnum;
+      rc = tdbio_write_record (&rec);
+      if (rc)
+        {
+          log_error ("upd_hashtable: write htbl failed: %s\n",
+                     gpg_strerror (rc));
+          return rc;
        }
     }
-    else if( item != newrecnum ) {  /* must do an update */
-       lastrec = rec;
-       rc = tdbio_read_record( item, &rec, 0 );
-       if( rc ) {
-           log_error( "upd_hashtable: read item failed: %s\n",
-                                                           g10_errstr(rc) );
-           return rc;
+  else if (item != newrecnum) /* Must do an update.  */
+    {
+      lastrec = rec;
+      rc = tdbio_read_record (item, &rec, 0);
+      if (rc)
+        {
+          log_error ("upd_hashtable: read item failed: %s\n",
+                     gpg_strerror (rc));
+          return rc;
        }
 
-       if( rec.rectype == RECTYPE_HTBL ) {
-           hashrec = item;
-           level++;
-           if( level >= keylen ) {
-               log_error( "hashtable has invalid indirections.\n");
-               return G10ERR_TRUSTDB;
+      if (rec.rectype == RECTYPE_HTBL)
+        {
+          hashrec = item;
+          level++;
+          if (level >= keylen)
+            {
+              log_error ("hashtable has invalid indirections.\n");
+              return GPG_ERR_TRUSTDB;
            }
-           goto next_level;
+          goto next_level;
        }
-       else if( rec.rectype == RECTYPE_HLST ) { /* extend list */
-           /* see whether the key is already in this list */
-           for(;;) {
-               for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
-                   if( rec.r.hlst.rnum[i] == newrecnum ) {
-                       return 0; /* okay, already in the list */
+      else if (rec.rectype == RECTYPE_HLST) /* Extend the list.  */
+        {
+          /* Check whether the key is already in this list. */
+          for (;;)
+            {
+              for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
+                {
+                  if (rec.r.hlst.rnum[i] == newrecnum)
+                    {
+                      return 0; /* Okay, already in the list.  */
                    }
                }
-               if( rec.r.hlst.next ) {
-                   rc = tdbio_read_record( rec.r.hlst.next,
-                                                      &rec, RECTYPE_HLST);
-                   if( rc ) {
-                       log_error( "scan keyhashtbl read hlst failed: %s\n",
-                                                            g10_errstr(rc) );
-                       return rc;
+              if (rec.r.hlst.next)
+                {
+                  rc = tdbio_read_record (rec.r.hlst.next, &rec, RECTYPE_HLST);
+                  if (rc)
+                    {
+                      log_error ("upd_hashtable: read hlst failed: %s\n",
+                                 gpg_strerror (rc) );
+                      return rc;
                    }
                }
-               else
-                   break; /* not there */
+              else
+                break; /* key is not in the list */
            }
-           /* find the next free entry and put it in */
-           for(;;) {
-               for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
-                   if( !rec.r.hlst.rnum[i] ) {
-                       rec.r.hlst.rnum[i] = newrecnum;
-                       rc = tdbio_write_record( &rec );
-                       if( rc )
-                           log_error( "upd_hashtable: write hlst failed: %s\n",
-                                                             g10_errstr(rc) );
-                       return rc; /* done */
+
+          /* Find the next free entry and put it in.  */
+          for (;;)
+            {
+              for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
+                {
+                  if (!rec.r.hlst.rnum[i])
+                    {
+                      /* Empty slot found.  */
+                      rec.r.hlst.rnum[i] = newrecnum;
+                      rc = tdbio_write_record (&rec);
+                      if (rc)
+                        log_error ("upd_hashtable: write hlst failed: %s\n",
+                                   gpg_strerror (rc));
+                      return rc; /* Done.  */
                    }
                }
-               if( rec.r.hlst.next ) {
-                   rc = tdbio_read_record( rec.r.hlst.next,
-                                                     &rec, RECTYPE_HLST );
-                   if( rc ) {
-                       log_error( "upd_hashtable: read hlst failed: %s\n",
-                                                            g10_errstr(rc) );
-                       return rc;
+
+              if (rec.r.hlst.next)
+                {
+                  /* read the next reord of the list.  */
+                  rc = tdbio_read_record (rec.r.hlst.next, &rec, RECTYPE_HLST);
+                  if (rc)
+                    {
+                      log_error ("upd_hashtable: read hlst failed: %s\n",
+                                 gpg_strerror (rc));
+                      return rc;
                    }
                }
-               else { /* add a new list record */
-                   rec.r.hlst.next = item = tdbio_new_recnum();
-                   rc = tdbio_write_record( &rec );
-                   if( rc ) {
-                       log_error( "upd_hashtable: write hlst failed: %s\n",
-                                                         g10_errstr(rc) );
-                       return rc;
+              else
+                {
+                  /* Append a new record to the list.  */
+                  rec.r.hlst.next = item = tdbio_new_recnum ();
+                  rc = tdbio_write_record (&rec);
+                  if (rc)
+                    {
+                      log_error ("upd_hashtable: write hlst failed: %s\n",
+                                 gpg_strerror (rc));
+                      return rc;
                    }
-                   memset( &rec, 0, sizeof rec );
-                   rec.rectype = RECTYPE_HLST;
-                   rec.recnum = item;
-                   rec.r.hlst.rnum[0] = newrecnum;
-                   rc = tdbio_write_record( &rec );
-                   if( rc )
-                       log_error( "upd_hashtable: write ext hlst failed: %s\n",
-                                                         g10_errstr(rc) );
-                   return rc; /* done */
+                  memset (&rec, 0, sizeof rec);
+                  rec.rectype = RECTYPE_HLST;
+                  rec.recnum = item;
+                  rec.r.hlst.rnum[0] = newrecnum;
+                  rc = tdbio_write_record (&rec);
+                  if (rc)
+                    log_error ("upd_hashtable: write ext hlst failed: %s\n",
+                               gpg_strerror (rc));
+                  return rc; /* Done.  */
                }
-           } /* end loop over hlst slots */
-       }
-       else if( rec.rectype == RECTYPE_KEY
-                || rec.rectype == RECTYPE_DIR
-                || rec.rectype == RECTYPE_SDIR ) { /* insert a list record */
-           if( rec.recnum == newrecnum ) {
-               return 0;
-           }
-           item = rec.recnum; /* save number of key record */
-           memset( &rec, 0, sizeof rec );
-           rec.rectype = RECTYPE_HLST;
-           rec.recnum = tdbio_new_recnum();
-           rec.r.hlst.rnum[0] = item;       /* old keyrecord */
-           rec.r.hlst.rnum[1] = newrecnum; /* and new one */
-           rc = tdbio_write_record( &rec );
-           if( rc ) {
-               log_error( "upd_hashtable: write new hlst failed: %s\n",
-                                                 g10_errstr(rc) );
-               return rc;
-           }
-           /* update the hashtable record */
-           lastrec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = rec.recnum;
-           rc = tdbio_write_record( &lastrec );
-           if( rc )
-               log_error( "upd_hashtable: update htbl failed: %s\n",
-                                                            g10_errstr(rc) );
-           return rc; /* ready */
+           } /* end loop over list slots */
+
        }
-       else {
-           log_error( "hashtbl %lu points to an invalid record\n",
-                                                                   item);
-           return G10ERR_TRUSTDB;
+      else if (rec.rectype == RECTYPE_TRUST) /* Insert a list record.  */
+        {
+          if (rec.recnum == newrecnum)
+            {
+              return 0;
+            }
+          item = rec.recnum; /* Save number of key record.  */
+          memset (&rec, 0, sizeof rec);
+          rec.rectype = RECTYPE_HLST;
+          rec.recnum = tdbio_new_recnum ();
+          rec.r.hlst.rnum[0] = item;       /* Old key record */
+          rec.r.hlst.rnum[1] = newrecnum; /* and new key record */
+          rc = tdbio_write_record (&rec);
+          if (rc)
+            {
+              log_error( "upd_hashtable: write new hlst failed: %s\n",
+                           gpg_strerror (rc) );
+              return rc;
+            }
+          /* Update the hashtable record.  */
+          lastrec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = rec.recnum;
+          rc = tdbio_write_record (&lastrec);
+          if (rc)
+            log_error ("upd_hashtable: update htbl failed: %s\n",
+                       gpg_strerror (rc));
+          return rc; /* Ready.  */
+        }
+      else
+        {
+          log_error ("hashtbl %lu: %lu/%d points to an invalid record %lu\n",
+                     table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
+          if (opt.verbose > 1)
+            list_trustdb (es_stderr, NULL);
+          return GPG_ERR_TRUSTDB;
        }
     }
 
-    return 0;
+  return 0;
 }
 
 
-
-/****************
- * Lookup a record via the hashtable tablewith key/keylen and return the
- * result in rec.  cmp() should return if the record is the desired one.
- * Returns -1 if not found, 0 if found or another errocode
+/*
+ * Drop an entry from a hashtable.  TABLE gives the start of the
+ * table, KEY and KEYLEN are the key.
+ *
+ * Return: 0 on success or an error code.
  */
 static int
-lookup_hashtable( ulong table, const byte *key, size_t keylen,
-                 int (*cmpfnc)(void*, const TRUSTREC *), void *cmpdata,
-                                               TRUSTREC *rec )
+drop_from_hashtable (ulong table, byte *key, int keylen, ulong recnum)
 {
-    int rc;
-    ulong hashrec, item;
-    int msb;
-    int level=0;
-
-    hashrec = table;
-  next_level:
-    msb = key[level];
-    hashrec += msb / ITEMS_PER_HTBL_RECORD;
-    rc = tdbio_read_record( hashrec, rec, RECTYPE_HTBL );
-    if( rc ) {
-       log_error( db_name, "lookup_hashtable failed: %s\n", g10_errstr(rc) );
-       return rc;
+  TRUSTREC rec;
+  ulong hashrec, item;
+  int msb;
+  int level = 0;
+  int rc, i;
+
+  hashrec = table;
+ next_level:
+  msb = key[level];
+  hashrec += msb / ITEMS_PER_HTBL_RECORD;
+  rc = tdbio_read_record (hashrec, &rec, RECTYPE_HTBL );
+  if (rc)
+    {
+      log_error ("drop_from_hashtable: read failed: %s\n", gpg_strerror (rc));
+      return rc;
     }
 
-    item = rec->r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
-    if( !item )
-       return -1; /* not found */
+  item = rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
+  if (!item)
+    return 0;   /* Not found - forget about it.  */
+
+  if (item == recnum) /* Table points direct to the record.  */
+    {
+      rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = 0;
+      rc = tdbio_write_record( &rec );
+      if (rc)
+        log_error ("drop_from_hashtable: write htbl failed: %s\n",
+                   gpg_strerror (rc));
+      return rc;
+    }
 
-    rc = tdbio_read_record( item, rec, 0 );
-    if( rc ) {
-       log_error( db_name, "hashtable read failed: %s\n", g10_errstr(rc) );
-       return rc;
+  rc = tdbio_read_record (item, &rec, 0);
+  if (rc)
+    {
+      log_error ("drop_from_hashtable: read item failed: %s\n",
+                 gpg_strerror (rc));
+      return rc;
     }
-    if( rec->rectype == RECTYPE_HTBL ) {
-       hashrec = item;
-       level++;
-       if( level >= keylen ) {
-           log_error( db_name, "hashtable has invalid indirections\n");
-           return G10ERR_TRUSTDB;
+
+  if (rec.rectype == RECTYPE_HTBL)
+    {
+      hashrec = item;
+      level++;
+      if (level >= keylen)
+        {
+          log_error ("hashtable has invalid indirections.\n");
+          return GPG_ERR_TRUSTDB;
        }
-       goto next_level;
+      goto next_level;
     }
-    else if( rec->rectype == RECTYPE_HLST ) {
-       for(;;) {
-           int i;
-
-           for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
-               if( rec->r.hlst.rnum[i] ) {
-                   TRUSTREC tmp;
-
-                   rc = tdbio_read_record( rec->r.hlst.rnum[i], &tmp, 0 );
-                   if( rc ) {
-                       log_error( "lookup_hashtable: read item failed: %s\n",
-                                                             g10_errstr(rc) );
-                       return rc;
-                   }
-                   if( (*cmpfnc)( cmpdata, &tmp ) ) {
-                       *rec = tmp;
-                       return 0;
-                   }
+
+  if (rec.rectype == RECTYPE_HLST)
+    {
+      for (;;)
+        {
+          for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
+            {
+              if (rec.r.hlst.rnum[i] == recnum)
+                {
+                  rec.r.hlst.rnum[i] = 0; /* Mark as free.  */
+                  rc = tdbio_write_record (&rec);
+                  if (rc)
+                    log_error("drop_from_hashtable: write htbl failed: %s\n",
+                              gpg_strerror (rc));
+                  return rc;
                }
            }
-           if( rec->r.hlst.next ) {
-               rc = tdbio_read_record( rec->r.hlst.next, rec, RECTYPE_HLST );
-               if( rc ) {
-                   log_error( "lookup_hashtable: read hlst failed: %s\n",
-                                                        g10_errstr(rc) );
-                   return rc;
+          if (rec.r.hlst.next)
+            {
+              rc = tdbio_read_record (rec.r.hlst.next, &rec, RECTYPE_HLST);
+              if (rc)
+                {
+                  log_error ("drop_from_hashtable: read hlst failed: %s\n",
+                             gpg_strerror (rc));
+                  return rc;
                }
            }
-           else
-               return -1; /* not found */
+          else
+            return 0; /* Key not in table.  */
        }
     }
 
-
-    if( (*cmpfnc)( cmpdata, rec ) )
-       return 0; /* really found */
-
-    return -1; /* no: not found */
+  log_error ("hashtbl %lu: %lu/%d points to wrong record %lu\n",
+             table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
+  return GPG_ERR_TRUSTDB;
 }
 
 
 
-
-/****************
- * Update the key hashtbl or create the table if it does not exist
+/*
+ * Lookup a record via the hashtable TABLE by (KEY,KEYLEN) and return
+ * the result in REC.  The return value of CMP() should be True if the
+ * record is the desired one.
+ *
+ * Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code.
  */
-static int
-update_keyhashtbl( TRUSTREC *kr )
+static gpg_error_t
+lookup_hashtable (ulong table, const byte *key, size_t keylen,
+                 int (*cmpfnc)(const void*, const TRUSTREC *),
+                  const void *cmpdata, TRUSTREC *rec )
 {
-    return upd_hashtable( get_keyhashrec(),
-                         kr->r.key.fingerprint,
-                         kr->r.key.fingerprint_len, kr->recnum );
+  int rc;
+  ulong hashrec, item;
+  int msb;
+  int level = 0;
+
+  hashrec = table;
+ next_level:
+  msb = key[level];
+  hashrec += msb / ITEMS_PER_HTBL_RECORD;
+  rc = tdbio_read_record (hashrec, rec, RECTYPE_HTBL);
+  if (rc)
+    {
+      log_error("lookup_hashtable failed: %s\n", gpg_strerror (rc) );
+      return rc;
+    }
+
+  item = rec->r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
+  if (!item)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+
+  rc = tdbio_read_record (item, rec, 0);
+  if (rc)
+    {
+      log_error( "hashtable read failed: %s\n", gpg_strerror (rc) );
+      return rc;
+    }
+  if (rec->rectype == RECTYPE_HTBL)
+    {
+      hashrec = item;
+      level++;
+      if (level >= keylen)
+        {
+          log_error ("hashtable has invalid indirections\n");
+          return GPG_ERR_TRUSTDB;
+       }
+      goto next_level;
+    }
+  else if (rec->rectype == RECTYPE_HLST)
+    {
+      for (;;)
+        {
+          int i;
+
+          for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
+            {
+              if (rec->r.hlst.rnum[i])
+                {
+                  TRUSTREC tmp;
+
+                  rc = tdbio_read_record (rec->r.hlst.rnum[i], &tmp, 0);
+                  if (rc)
+                    {
+                      log_error ("lookup_hashtable: read item failed: %s\n",
+                                 gpg_strerror (rc));
+                      return rc;
+                   }
+                  if ((*cmpfnc)(cmpdata, &tmp))
+                    {
+                      *rec = tmp;
+                      return 0;
+                   }
+               }
+           }
+          if (rec->r.hlst.next)
+            {
+              rc = tdbio_read_record (rec->r.hlst.next, rec, RECTYPE_HLST);
+              if (rc)
+                {
+                  log_error ("lookup_hashtable: read hlst failed: %s\n",
+                             gpg_strerror (rc) );
+                  return rc;
+               }
+           }
+          else
+            return gpg_error (GPG_ERR_NOT_FOUND);
+       }
+    }
+
+  if ((*cmpfnc)(cmpdata, rec))
+    return 0; /* really found */
+
+  return gpg_error (GPG_ERR_NOT_FOUND); /* no: not found */
 }
 
-/****************
- * Update the shadow dir hashtbl or create the table if it does not exist
+
+/*
+ * Update the trust hash table TR or create the table if it does not
+ * exist.
+ *
+ * Return: 0 on success or an error code.
  */
 static int
-update_sdirhashtbl( TRUSTREC *sr )
+update_trusthashtbl( TRUSTREC *tr )
 {
-    byte key[8];
-
-    u32tobuf( key   , sr->r.sdir.keyid[0] );
-    u32tobuf( key+4 , sr->r.sdir.keyid[1] );
-    return upd_hashtable( get_sdirhashrec(), key, 8, sr->recnum );
+  return upd_hashtable (get_trusthashrec(),
+                        tr->r.trust.fingerprint, 20, tr->recnum);
 }
 
 
-
-
+/*
+ * Dump the trustdb record REC to stream FP.
+ */
 void
-tdbio_dump_record( TRUSTREC *rec, FILE *fp  )
+tdbio_dump_record (TRUSTREC *rec, estream_t fp)
 {
-    int i;
-    ulong rnum = rec->recnum;
-    byte *p;
-
-    fprintf(fp, "rec %5lu, ", rnum );
-
-    switch( rec->rectype ) {
-      case 0: fprintf(fp, "blank\n");
-       break;
-      case RECTYPE_VER: fprintf(fp,
-           "version, kd=%lu, sd=%lu, free=%lu, m/c/d=%d/%d/%d\n",
-           rec->r.ver.keyhashtbl, rec->r.ver.sdirhashtbl,
-                                  rec->r.ver.firstfree,
-                                  rec->r.ver.marginals,
-                                  rec->r.ver.completes,
-                                  rec->r.ver.cert_depth );
-       break;
-      case RECTYPE_FREE: fprintf(fp, "free, next=%lu\n", rec->r.free.next );
-       break;
-      case RECTYPE_DIR:
-       fprintf(fp, "dir %lu, keys=%lu, uids=%lu, t=%02x",
-                   rec->r.dir.lid,
-                   rec->r.dir.keylist,
-                   rec->r.dir.uidlist,
-                   rec->r.dir.ownertrust );
-       if( rec->r.dir.dirflags & DIRF_VALVALID )
-           fprintf( fp, ", v=%02x", rec->r.dir.validity );
-       if( rec->r.dir.dirflags & DIRF_CHECKED ) {
-           if( rec->r.dir.dirflags & DIRF_VALID )
-               fputs(", valid", fp );
-           if( rec->r.dir.dirflags & DIRF_EXPIRED )
-               fputs(", expired", fp );
-           if( rec->r.dir.dirflags & DIRF_REVOKED )
-               fputs(", revoked", fp );
-       }
-       putc('\n', fp);
-       break;
-      case RECTYPE_KEY:
-       fprintf(fp, "key %lu, n=%lu a=%d ",
-                  rec->r.key.lid,
-                  rec->r.key.next,
-                  rec->r.key.pubkey_algo );
-       for(i=0; i < rec->r.key.fingerprint_len; i++ )
-           fprintf(fp, "%02X", rec->r.key.fingerprint[i] );
-       if( rec->r.key.keyflags & KEYF_CHECKED ) {
-           if( rec->r.key.keyflags & KEYF_VALID )
-               fputs(", valid", fp );
-           if( rec->r.key.keyflags & KEYF_EXPIRED )
-               fputs(", expired", fp );
-           if( rec->r.key.keyflags & KEYF_REVOKED )
-               fputs(", revoked", fp );
-       }
-       putc('\n', fp);
-       break;
-      case RECTYPE_UID:
-       fprintf(fp, "uid %lu, next=%lu, pref=%lu, sig=%lu, hash=%02X%02X",
-                   rec->r.uid.lid,
-                   rec->r.uid.next,
-                   rec->r.uid.prefrec,
-                   rec->r.uid.siglist,
-                   rec->r.uid.namehash[18], rec->r.uid.namehash[19]);
-       if( rec->r.uid.uidflags & UIDF_CHECKED ) {
-           if( rec->r.uid.uidflags & UIDF_VALID )
-               fputs(", valid", fp );
-           if( rec->r.uid.uidflags & UIDF_REVOKED )
-               fputs(", revoked", fp );
-       }
-       putc('\n', fp);
-       break;
-      case RECTYPE_PREF:
-       fprintf(fp, "pref %lu, next=%lu,",
-                   rec->r.pref.lid, rec->r.pref.next);
-       for(i=0,p=rec->r.pref.data; i < ITEMS_PER_PREF_RECORD; i+=2,p+=2 ) {
-           if( *p )
-               fprintf(fp, " %c%d", *p == PREFTYPE_SYM    ? 'S' :
-                                    *p == PREFTYPE_HASH   ? 'H' :
-                                    *p == PREFTYPE_COMPR  ? 'Z' : '?', p[1]);
-       }
-       putc('\n', fp);
-       break;
-      case RECTYPE_SIG:
-       fprintf(fp, "sig %lu, next=%lu,",
-                        rec->r.sig.lid, rec->r.sig.next );
-       for(i=0; i < SIGS_PER_RECORD; i++ ) {
-           if( rec->r.sig.sig[i].lid ) {
-               fprintf(fp, " %lu:", rec->r.sig.sig[i].lid );
-               if( rec->r.sig.sig[i].flag & SIGF_CHECKED ) {
-                   fprintf(fp,"%c%c%c",
-                      (rec->r.sig.sig[i].flag & SIGF_VALID)   ? 'V':'-',
-                      (rec->r.sig.sig[i].flag & SIGF_EXPIRED) ? 'E':'-',
-                      (rec->r.sig.sig[i].flag & SIGF_REVOKED) ? 'R':'-');
-               }
-               else if( rec->r.sig.sig[i].flag & SIGF_NOPUBKEY)
-                   fputs("?--", fp);
-               else
-                   fputs("---", fp);
-           }
-       }
-       putc('\n', fp);
-       break;
-      case RECTYPE_SDIR:
-       fprintf(fp, "sdir %lu, keyid=%08lX%08lX, algo=%d, hint=%lu\n",
-                   rec->r.sdir.lid,
-                   (ulong)rec->r.sdir.keyid[0],
-                   (ulong)rec->r.sdir.keyid[1],
-                   rec->r.sdir.pubkey_algo,
-                   (ulong)rec->r.sdir.hintlist );
-       break;
-      case RECTYPE_CACH:
-       fprintf(fp, "cach\n");
-       break;
-      case RECTYPE_HTBL:
-       fprintf(fp, "htbl,");
-       for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ )
-           fprintf(fp, " %lu", rec->r.htbl.item[i] );
-       putc('\n', fp);
-       break;
-      case RECTYPE_HLST:
-       fprintf(fp, "hlst, next=%lu,", rec->r.hlst.next );
-       for(i=0; i < ITEMS_PER_HLST_RECORD; i++ )
-           fprintf(fp, " %lu", rec->r.hlst.rnum[i] );
-       putc('\n', fp);
-       break;
-      default:
-       fprintf(fp, "unknown type %d\n", rec->rectype );
-       break;
+  int i;
+  ulong rnum = rec->recnum;
+
+  es_fprintf (fp, "rec %5lu, ", rnum);
+
+  switch (rec->rectype)
+    {
+    case 0:
+      es_fprintf (fp, "blank\n");
+      break;
+
+    case RECTYPE_VER:
+      es_fprintf (fp,
+         "version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d mcl=%d nc=%lu (%s)\n",
+                  rec->r.ver.trusthashtbl,
+                  rec->r.ver.firstfree,
+                  rec->r.ver.marginals,
+                  rec->r.ver.completes,
+                  rec->r.ver.cert_depth,
+                  rec->r.ver.trust_model,
+                  rec->r.ver.min_cert_level,
+                  rec->r.ver.nextcheck,
+                  strtimestamp(rec->r.ver.nextcheck)
+                  );
+      break;
+
+    case RECTYPE_FREE:
+      es_fprintf (fp, "free, next=%lu\n", rec->r.free.next);
+      break;
+
+    case RECTYPE_HTBL:
+      es_fprintf (fp, "htbl,");
+      for (i=0; i < ITEMS_PER_HTBL_RECORD; i++)
+        es_fprintf (fp, " %lu", rec->r.htbl.item[i]);
+      es_putc ('\n', fp);
+      break;
+
+    case RECTYPE_HLST:
+      es_fprintf (fp, "hlst, next=%lu,", rec->r.hlst.next);
+      for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
+        es_fprintf (fp, " %lu", rec->r.hlst.rnum[i]);
+      es_putc ('\n', fp);
+      break;
+
+    case RECTYPE_TRUST:
+      es_fprintf (fp, "trust ");
+      for (i=0; i < 20; i++)
+        es_fprintf (fp, "%02X", rec->r.trust.fingerprint[i]);
+      es_fprintf (fp, ", ot=%d, d=%d, vl=%lu\n", rec->r.trust.ownertrust,
+                  rec->r.trust.depth, rec->r.trust.validlist);
+      break;
+
+    case RECTYPE_VALID:
+      es_fprintf (fp, "valid ");
+      for (i=0; i < 20; i++)
+        es_fprintf(fp, "%02X", rec->r.valid.namehash[i]);
+      es_fprintf (fp, ", v=%d, next=%lu\n", rec->r.valid.validity,
+                  rec->r.valid.next);
+      break;
+
+    default:
+      es_fprintf (fp, "unknown type %d\n", rec->rectype );
+      break;
     }
 }
 
-/****************
- * read the record with number recnum
- * returns: -1 on error, 0 on success
+
+/*
+ * Read the record with number RECNUM into the structure REC.  If
+ * EXPECTED is not 0 reading any other record type will return an
+ * error.
+ *
+ * Return: 0 on success, -1 on EOF, or an error code.
  */
 int
-tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
+tdbio_read_record (ulong recnum, TRUSTREC *rec, int expected)
 {
-    byte readbuf[TRUST_RECORD_LEN];
-    const byte *buf, *p;
-    int rc = 0;
-    int n, i;
-
-    if( db_fd == -1 )
-       open_db();
-    buf = get_record_from_cache( recnum );
-    if( !buf ) {
-       if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
-           log_error(_("trustdb: lseek failed: %s\n"), strerror(errno) );
-           return G10ERR_READ_FILE;
+  byte readbuf[TRUST_RECORD_LEN];
+  const byte *buf, *p;
+  gpg_error_t err = 0;
+  int n, i;
+
+  if (db_fd == -1)
+    open_db ();
+
+  buf = get_record_from_cache( recnum );
+  if (!buf)
+    {
+      if (lseek (db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET) == -1)
+        {
+          err = gpg_error_from_syserror ();
+          log_error (_("trustdb: lseek failed: %s\n"), strerror (errno));
+          return err;
        }
-       n = read( db_fd, readbuf, TRUST_RECORD_LEN);
-       if( !n ) {
-           return -1; /* eof */
+      n = read (db_fd, readbuf, TRUST_RECORD_LEN);
+      if (!n)
+        {
+          return -1; /* eof */
        }
-       else if( n != TRUST_RECORD_LEN ) {
-           log_error(_("trustdb: read failed (n=%d): %s\n"), n,
-                                                       strerror(errno) );
-           return G10ERR_READ_FILE;
+      else if (n != TRUST_RECORD_LEN)
+        {
+          err = gpg_error_from_syserror ();
+          log_error (_("trustdb: read failed (n=%d): %s\n"),
+                     n, strerror(errno));
+          return err;
        }
-       buf = readbuf;
+      buf = readbuf;
     }
-    rec->recnum = recnum;
-    rec->dirty = 0;
-    p = buf;
-    rec->rectype = *p++;
-    if( expected && rec->rectype != expected ) {
-       log_error("%lu: read expected rec type %d, got %d\n",
-                   recnum, expected, rec->rectype );
-       return G10ERR_TRUSTDB;
+  rec->recnum = recnum;
+  rec->dirty = 0;
+  p = buf;
+  rec->rectype = *p++;
+  if (expected && rec->rectype != expected)
+    {
+      log_error ("%lu: read expected rec type %d, got %d\n",
+                 recnum, expected, rec->rectype);
+      return gpg_error (GPG_ERR_TRUSTDB);
     }
-    p++;    /* skip reserved byte */
-    switch( rec->rectype ) {
-      case 0:  /* unused (free) record */
-       break;
-      case RECTYPE_VER: /* version record */
-       if( memcmp(buf+1, "gpg", 3 ) ) {
-           log_error( _("%s: not a trustdb file\n"), db_name );
-           rc = G10ERR_TRUSTDB;
-       }
-       p += 2; /* skip "pgp" */
-       rec->r.ver.version  = *p++;
-       rec->r.ver.marginals = *p++;
-       rec->r.ver.completes = *p++;
-       rec->r.ver.cert_depth = *p++;
-       p += 4; /* lock flags */
-       rec->r.ver.created  = buftoulong(p); p += 4;
-       rec->r.ver.modified = buftoulong(p); p += 4;
-       rec->r.ver.validated= buftoulong(p); p += 4;
-       rec->r.ver.keyhashtbl=buftoulong(p); p += 4;
-       rec->r.ver.firstfree =buftoulong(p); p += 4;
-       rec->r.ver.sdirhashtbl =buftoulong(p); p += 4;
-       if( recnum ) {
-           log_error( _("%s: version record with recnum %lu\n"), db_name,
-                                                            (ulong)recnum );
-           rc = G10ERR_TRUSTDB;
-       }
-       else if( rec->r.ver.version != 2 ) {
-           log_error( _("%s: invalid file version %d\n"), db_name,
-                                                       rec->r.ver.version );
-           rc = G10ERR_TRUSTDB;
+  p++;    /* Skip reserved byte.  */
+  switch (rec->rectype)
+    {
+    case 0:  /* unused (free) record */
+      break;
+
+    case RECTYPE_VER: /* version record */
+      if (memcmp(buf+1, GPGEXT_GPG, 3))
+        {
+          log_error (_("%s: not a trustdb file\n"), db_name );
+          err = gpg_error (GPG_ERR_TRUSTDB);
+        }
+      else
+        {
+          p += 2; /* skip "gpg" */
+          rec->r.ver.version  = *p++;
+          rec->r.ver.marginals = *p++;
+          rec->r.ver.completes = *p++;
+          rec->r.ver.cert_depth = *p++;
+          rec->r.ver.trust_model = *p++;
+          rec->r.ver.min_cert_level = *p++;
+          p += 2;
+          rec->r.ver.created  = buf32_to_ulong(p); p += 4;
+          rec->r.ver.nextcheck = buf32_to_ulong(p); p += 4;
+          p += 4;
+          p += 4;
+          rec->r.ver.firstfree =buf32_to_ulong(p); p += 4;
+          p += 4;
+          rec->r.ver.trusthashtbl =buf32_to_ulong(p); p += 4;
+          if (recnum)
+            {
+              log_error( _("%s: version record with recnum %lu\n"), db_name,
+                         (ulong)recnum );
+              err = gpg_error (GPG_ERR_TRUSTDB);
+            }
+          else if (rec->r.ver.version != 3)
+            {
+              log_error( _("%s: invalid file version %d\n"), db_name,
+                         rec->r.ver.version );
+              err = gpg_error (GPG_ERR_TRUSTDB);
+            }
+        }
+      break;
+
+    case RECTYPE_FREE:
+      rec->r.free.next  = buf32_to_ulong(p); p += 4;
+      break;
+
+    case RECTYPE_HTBL:
+      for (i=0; i < ITEMS_PER_HTBL_RECORD; i++)
+        {
+          rec->r.htbl.item[i] = buf32_to_ulong(p); p += 4;
        }
-       break;
-      case RECTYPE_FREE:
-       rec->r.free.next  = buftoulong(p); p += 4;
-       break;
-      case RECTYPE_DIR:   /*directory record */
-       rec->r.dir.lid      = buftoulong(p); p += 4;
-       rec->r.dir.keylist  = buftoulong(p); p += 4;
-       rec->r.dir.uidlist  = buftoulong(p); p += 4;
-       rec->r.dir.cacherec = buftoulong(p); p += 4;
-       rec->r.dir.ownertrust = *p++;
-       rec->r.dir.dirflags   = *p++;
-       rec->r.dir.validity   = *p++;
-       switch( rec->r.dir.validity ) {
-         case 0:
-         case TRUST_UNDEFINED:
-         case TRUST_NEVER:
-         case TRUST_MARGINAL:
-         case TRUST_FULLY:
-         case TRUST_ULTIMATE:
-           break;
-         default:
-           log_info("lid %lu: invalid validity value - cleared\n", recnum);
-       }
-       if( rec->r.dir.lid != recnum ) {
-           log_error( "%s: dir LID != recnum (%lu,%lu)\n",
-                             db_name, rec->r.dir.lid, (ulong)recnum );
-           rc = G10ERR_TRUSTDB;
-       }
-       break;
-      case RECTYPE_KEY:   /* public key record */
-       rec->r.key.lid      = buftoulong(p); p += 4;
-       rec->r.key.next     = buftoulong(p); p += 4;
-       p += 7;
-       rec->r.key.keyflags = *p++;
-       rec->r.key.pubkey_algo = *p++;
-       rec->r.key.fingerprint_len = *p++;
-       if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
-           rec->r.key.fingerprint_len = 20;
-       memcpy( rec->r.key.fingerprint, p, 20);
-       break;
-      case RECTYPE_UID:   /* user id record */
-       rec->r.uid.lid      = buftoulong(p); p += 4;
-       rec->r.uid.next     = buftoulong(p); p += 4;
-       rec->r.uid.prefrec  = buftoulong(p); p += 4;
-       rec->r.uid.siglist  = buftoulong(p); p += 4;
-       rec->r.uid.uidflags = *p++;
-       p ++;
-       memcpy( rec->r.uid.namehash, p, 20);
-       break;
-      case RECTYPE_PREF:  /* preference record */
-       rec->r.pref.lid     = buftoulong(p); p += 4;
-       rec->r.pref.next    = buftoulong(p); p += 4;
-       memcpy( rec->r.pref.data, p, 30 );
-       break;
-      case RECTYPE_SIG:
-       rec->r.sig.lid     = buftoulong(p); p += 4;
-       rec->r.sig.next    = buftoulong(p); p += 4;
-       for(i=0; i < SIGS_PER_RECORD; i++ ) {
-           rec->r.sig.sig[i].lid  = buftoulong(p); p += 4;
-           rec->r.sig.sig[i].flag = *p++;
-       }
-       break;
-      case RECTYPE_SDIR:   /* shadow directory record */
-       rec->r.sdir.lid     = buftoulong(p); p += 4;
-       rec->r.sdir.keyid[0]= buftou32(p); p += 4;
-       rec->r.sdir.keyid[1]= buftou32(p); p += 4;
-       rec->r.sdir.pubkey_algo = *p++;
-       p += 3;
-       rec->r.sdir.hintlist = buftoulong(p);
-       if( rec->r.sdir.lid != recnum ) {
-           log_error( "%s: sdir LID != recnum (%lu,%lu)\n",
-                              db_name, rec->r.sdir.lid, (ulong)recnum );
-           rc = G10ERR_TRUSTDB;
-       }
-       break;
-      case RECTYPE_CACH:   /* cache record */
-       rec->r.cache.lid    = buftoulong(p); p += 4;
-       memcpy(rec->r.cache.blockhash, p, 20); p += 20;
-       rec->r.cache.trustlevel = *p++;
-       break;
-      case RECTYPE_HTBL:
-       for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) {
-           rec->r.htbl.item[i] = buftoulong(p); p += 4;
-       }
-       break;
-      case RECTYPE_HLST:
-       rec->r.hlst.next = buftoulong(p); p += 4;
-       for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
-           rec->r.hlst.rnum[i] = buftoulong(p); p += 4;
+      break;
+
+    case RECTYPE_HLST:
+      rec->r.hlst.next = buf32_to_ulong(p); p += 4;
+      for (i=0; i < ITEMS_PER_HLST_RECORD; i++)
+        {
+          rec->r.hlst.rnum[i] = buf32_to_ulong(p); p += 4;
        }
-       break;
-      default:
-       log_error( "%s: invalid record type %d at recnum %lu\n",
-                                  db_name, rec->rectype, (ulong)recnum );
-       rc = G10ERR_TRUSTDB;
-       break;
+      break;
+
+    case RECTYPE_TRUST:
+      memcpy (rec->r.trust.fingerprint, p, 20); p+=20;
+      rec->r.trust.ownertrust = *p++;
+      rec->r.trust.depth = *p++;
+      rec->r.trust.min_ownertrust = *p++;
+      p++;
+      rec->r.trust.validlist = buf32_to_ulong(p); p += 4;
+      break;
+
+    case RECTYPE_VALID:
+      memcpy (rec->r.valid.namehash, p, 20); p+=20;
+      rec->r.valid.validity = *p++;
+      rec->r.valid.next = buf32_to_ulong(p); p += 4;
+      rec->r.valid.full_count = *p++;
+      rec->r.valid.marginal_count = *p++;
+      break;
+
+    default:
+      log_error ("%s: invalid record type %d at recnum %lu\n",
+                 db_name, rec->rectype, (ulong)recnum);
+      err = gpg_error (GPG_ERR_TRUSTDB);
+      break;
     }
 
-    return rc;
+  return err;
 }
 
-/****************
- * Write the record at RECNUM
+
+/*
+ * Write the record from the struct REC.
+ *
+ * Return: 0 on success or an error code.
  */
 int
 tdbio_write_record( TRUSTREC *rec )
 {
-    byte buf[TRUST_RECORD_LEN], *p;
-    int rc = 0;
-    int i;
-    ulong recnum = rec->recnum;
-
-    if( db_fd == -1 )
-       open_db();
-
-    memset(buf, 0, TRUST_RECORD_LEN);
-    p = buf;
-    *p++ = rec->rectype; p++;
-    switch( rec->rectype ) {
-      case 0:  /* unused record */
-       break;
-      case RECTYPE_VER: /* version record */
-       if( recnum )
-           BUG();
-       memcpy(p-1, "gpg", 3 ); p += 2;
-       *p++ = rec->r.ver.version;
-       *p++ = rec->r.ver.marginals;
-       *p++ = rec->r.ver.completes;
-       *p++ = rec->r.ver.cert_depth;
-       p += 4; /* skip lock flags */
-       ulongtobuf(p, rec->r.ver.created); p += 4;
-       ulongtobuf(p, rec->r.ver.modified); p += 4;
-       ulongtobuf(p, rec->r.ver.validated); p += 4;
-       ulongtobuf(p, rec->r.ver.keyhashtbl); p += 4;
-       ulongtobuf(p, rec->r.ver.firstfree ); p += 4;
-       ulongtobuf(p, rec->r.ver.sdirhashtbl ); p += 4;
-       break;
-
-      case RECTYPE_FREE:
-       ulongtobuf(p, rec->r.free.next); p += 4;
-       break;
-
-      case RECTYPE_DIR:   /*directory record */
-       ulongtobuf(p, rec->r.dir.lid); p += 4;
-       ulongtobuf(p, rec->r.dir.keylist); p += 4;
-       ulongtobuf(p, rec->r.dir.uidlist); p += 4;
-       ulongtobuf(p, rec->r.dir.cacherec); p += 4;
-       *p++ = rec->r.dir.ownertrust;
-       *p++ = rec->r.dir.dirflags;
-       *p++ = rec->r.dir.validity;
-       assert( rec->r.dir.lid == recnum );
-       break;
-
-      case RECTYPE_KEY:
-       ulongtobuf(p, rec->r.key.lid); p += 4;
-       ulongtobuf(p, rec->r.key.next); p += 4;
-       p += 7;
-       *p++ = rec->r.key.keyflags;
-       *p++ = rec->r.key.pubkey_algo;
-       *p++ = rec->r.key.fingerprint_len;
-       memcpy( p, rec->r.key.fingerprint, 20); p += 20;
-       break;
-
-      case RECTYPE_UID:   /* user id record */
-       ulongtobuf(p, rec->r.uid.lid); p += 4;
-       ulongtobuf(p, rec->r.uid.next); p += 4;
-       ulongtobuf(p, rec->r.uid.prefrec); p += 4;
-       ulongtobuf(p, rec->r.uid.siglist); p += 4;
-       *p++ = rec->r.uid.uidflags;
-       p++;
-       memcpy( p, rec->r.uid.namehash, 20 ); p += 20;
-       break;
-
-      case RECTYPE_PREF:
-       ulongtobuf(p, rec->r.pref.lid); p += 4;
-       ulongtobuf(p, rec->r.pref.next); p += 4;
-       memcpy( p, rec->r.pref.data, 30 );
-       break;
-
-      case RECTYPE_SIG:
-       ulongtobuf(p, rec->r.sig.lid); p += 4;
-       ulongtobuf(p, rec->r.sig.next); p += 4;
-       for(i=0; i < SIGS_PER_RECORD; i++ ) {
-           ulongtobuf(p, rec->r.sig.sig[i].lid); p += 4;
-           *p++ = rec->r.sig.sig[i].flag;
+  byte buf[TRUST_RECORD_LEN];
+  byte *p;
+  int rc = 0;
+  int i;
+  ulong recnum = rec->recnum;
+
+  if (db_fd == -1)
+    open_db ();
+
+  memset (buf, 0, TRUST_RECORD_LEN);
+  p = buf;
+  *p++ = rec->rectype; p++;
+
+  switch (rec->rectype)
+    {
+    case 0:  /* unused record */
+      break;
+
+    case RECTYPE_VER: /* version record */
+      if (recnum)
+        BUG ();
+      memcpy(p-1, GPGEXT_GPG, 3 ); p += 2;
+      *p++ = rec->r.ver.version;
+      *p++ = rec->r.ver.marginals;
+      *p++ = rec->r.ver.completes;
+      *p++ = rec->r.ver.cert_depth;
+      *p++ = rec->r.ver.trust_model;
+      *p++ = rec->r.ver.min_cert_level;
+      p += 2;
+      ulongtobuf(p, rec->r.ver.created); p += 4;
+      ulongtobuf(p, rec->r.ver.nextcheck); p += 4;
+      p += 4;
+      p += 4;
+      ulongtobuf(p, rec->r.ver.firstfree ); p += 4;
+      p += 4;
+      ulongtobuf(p, rec->r.ver.trusthashtbl ); p += 4;
+      break;
+
+    case RECTYPE_FREE:
+      ulongtobuf(p, rec->r.free.next); p += 4;
+      break;
+
+    case RECTYPE_HTBL:
+      for (i=0; i < ITEMS_PER_HTBL_RECORD; i++)
+        {
+          ulongtobuf( p, rec->r.htbl.item[i]); p += 4;
+        }
+      break;
+
+    case RECTYPE_HLST:
+      ulongtobuf( p, rec->r.hlst.next); p += 4;
+      for (i=0; i < ITEMS_PER_HLST_RECORD; i++ )
+        {
+          ulongtobuf( p, rec->r.hlst.rnum[i]); p += 4;
        }
-       break;
-
-      case RECTYPE_SDIR:
-       ulongtobuf( p, rec->r.sdir.lid); p += 4;
-       u32tobuf( p, rec->r.sdir.keyid[0] ); p += 4;
-       u32tobuf( p, rec->r.sdir.keyid[1] ); p += 4;
-       *p++ = rec->r.sdir.pubkey_algo;
-       p += 3;
-       ulongtobuf( p, rec->r.sdir.hintlist );
-       break;
-
-      case RECTYPE_CACH:
-       ulongtobuf(p, rec->r.cache.lid); p += 4;
-       memcpy(p, rec->r.cache.blockhash, 20); p += 20;
-       *p++ = rec->r.cache.trustlevel;
-       break;
-
-      case RECTYPE_HTBL:
-       for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) {
-           ulongtobuf( p, rec->r.htbl.item[i]); p += 4;
-       }
-       break;
-
-      case RECTYPE_HLST:
-       ulongtobuf( p, rec->r.hlst.next); p += 4;
-       for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
-           ulongtobuf( p, rec->r.hlst.rnum[i]); p += 4;
-       }
-       break;
-
-      default:
-       BUG();
+      break;
+
+    case RECTYPE_TRUST:
+      memcpy (p, rec->r.trust.fingerprint, 20); p += 20;
+      *p++ = rec->r.trust.ownertrust;
+      *p++ = rec->r.trust.depth;
+      *p++ = rec->r.trust.min_ownertrust;
+      p++;
+      ulongtobuf( p, rec->r.trust.validlist); p += 4;
+      break;
+
+    case RECTYPE_VALID:
+      memcpy (p, rec->r.valid.namehash, 20); p += 20;
+      *p++ = rec->r.valid.validity;
+      ulongtobuf( p, rec->r.valid.next); p += 4;
+      *p++ = rec->r.valid.full_count;
+      *p++ = rec->r.valid.marginal_count;
+      break;
+
+    default:
+      BUG();
     }
 
-    rc = put_record_into_cache( recnum, buf );
-    if( rc )
-       ;
-    if( rec->rectype == RECTYPE_KEY )
-       rc = update_keyhashtbl( rec );
-    else if( rec->rectype == RECTYPE_SDIR )
-       rc = update_sdirhashtbl( rec );
+  rc = put_record_into_cache (recnum, buf);
+  if (rc)
+    ;
+  else if (rec->rectype == RECTYPE_TRUST)
+    rc = update_trusthashtbl (rec);
 
-    return rc;
+  return rc;
 }
 
+
+/*
+ * Delete the record at record number RECNUm from the trustdb.
+ *
+ * Return: 0 on success or an error code.
+ */
 int
-tdbio_delete_record( ulong recnum )
+tdbio_delete_record (ulong recnum)
 {
-    TRUSTREC vr, rec;
-    int rc;
+  TRUSTREC vr, rec;
+  int rc;
+
+  /* Must read the record fist, so we can drop it from the hash tables */
+  rc = tdbio_read_record (recnum, &rec, 0);
+  if (rc)
+    ;
+  else if (rec.rectype == RECTYPE_TRUST)
+    {
+      rc = drop_from_hashtable (get_trusthashrec(),
+                                rec.r.trust.fingerprint, 20, rec.recnum);
+    }
 
-    rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
-    if( rc )
-       log_fatal( _("%s: error reading version record: %s\n"),
-                                      db_name, g10_errstr(rc) );
-
-    rec.recnum = recnum;
-    rec.rectype = RECTYPE_FREE;
-    rec.r.free.next = vr.r.ver.firstfree;
-    vr.r.ver.firstfree = recnum;
-    rc = tdbio_write_record( &rec );
-    if( !rc )
-       rc = tdbio_write_record( &vr );
+  if (rc)
     return rc;
+
+  /* Now we can chnage it to a free record.  */
+  rc = tdbio_read_record (0, &vr, RECTYPE_VER);
+  if (rc)
+    log_fatal (_("%s: error reading version record: %s\n"),
+               db_name, gpg_strerror (rc));
+
+  rec.recnum = recnum;
+  rec.rectype = RECTYPE_FREE;
+  rec.r.free.next = vr.r.ver.firstfree;
+  vr.r.ver.firstfree = recnum;
+  rc = tdbio_write_record (&rec);
+  if (!rc)
+    rc = tdbio_write_record (&vr);
+
+  return rc;
 }
 
-/****************
- * create a new record and return its record number
+
+/*
+ * Create a new record and return its record number.
  */
 ulong
-tdbio_new_recnum()
+tdbio_new_recnum ()
 {
-    off_t offset;
-    ulong recnum;
-    TRUSTREC vr, rec;
-    int rc;
-
-    /* look for unused records */
-    rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
-    if( rc )
-       log_fatal( _("%s: error reading version record: %s\n"),
-                                            db_name, g10_errstr(rc) );
-    if( vr.r.ver.firstfree ) {
-       recnum = vr.r.ver.firstfree;
-       rc = tdbio_read_record( recnum, &rec, RECTYPE_FREE );
-       if( rc ) {
-           log_error( _("%s: error reading free record: %s\n"),
-                                                 db_name,  g10_errstr(rc) );
-           return rc;
+  off_t offset;
+  ulong recnum;
+  TRUSTREC vr, rec;
+  int rc;
+
+  /* Look for unused records.  */
+  rc = tdbio_read_record (0, &vr, RECTYPE_VER);
+  if (rc)
+    log_fatal( _("%s: error reading version record: %s\n"),
+               db_name, gpg_strerror (rc));
+  if (vr.r.ver.firstfree)
+    {
+      recnum = vr.r.ver.firstfree;
+      rc = tdbio_read_record (recnum, &rec, RECTYPE_FREE);
+      if (rc)
+        {
+          log_error (_("%s: error reading free record: %s\n"),
+                     db_name,  gpg_strerror (rc));
+          return rc;
        }
-       /* update dir record */
-       vr.r.ver.firstfree = rec.r.free.next;
-       rc = tdbio_write_record( &vr );
-       if( rc ) {
-           log_error( _("%s: error writing dir record: %s\n"),
-                                                    db_name, g10_errstr(rc) );
-           return rc;
+      /* Update dir record.  */
+      vr.r.ver.firstfree = rec.r.free.next;
+      rc = tdbio_write_record (&vr);
+      if (rc)
+        {
+          log_error (_("%s: error writing dir record: %s\n"),
+                     db_name, gpg_strerror (rc));
+          return rc;
        }
-       /*zero out the new record */
-       memset( &rec, 0, sizeof rec );
-       rec.rectype = 0; /* unused record */
-       rec.recnum = recnum;
-       rc = tdbio_write_record( &rec );
-       if( rc )
-           log_fatal(_("%s: failed to zero a record: %s\n"),
-                                      db_name, g10_errstr(rc));
+      /* Zero out the new record.  */
+      memset (&rec, 0, sizeof rec);
+      rec.rectype = 0; /* Mark as unused record (actually already done
+                          my the memset).  */
+      rec.recnum = recnum;
+      rc = tdbio_write_record (&rec);
+      if (rc)
+        log_fatal (_("%s: failed to zero a record: %s\n"),
+                   db_name, gpg_strerror (rc));
     }
-    else { /* not found, append a new record */
-       offset = lseek( db_fd, 0, SEEK_END );
-       if( offset == -1 )
-           log_fatal("trustdb: lseek to end failed: %s\n", strerror(errno) );
-       recnum = offset / TRUST_RECORD_LEN;
-       assert(recnum); /* this is will never be the first record */
-       /* we must write a record, so that the next call to this function
-        * returns another recnum */
-       memset( &rec, 0, sizeof rec );
-       rec.rectype = 0; /* unused record */
-       rec.recnum = recnum;
-       rc = 0;
-       if( lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET ) == -1 ) {
-           log_error(_("trustdb rec %lu: lseek failed: %s\n"),
-                                               recnum, strerror(errno) );
-           rc = G10ERR_WRITE_FILE;
+  else /* Not found - append a new record.  */
+    {
+      offset = lseek (db_fd, 0, SEEK_END);
+      if (offset == (off_t)(-1))
+        log_fatal ("trustdb: lseek to end failed: %s\n", strerror (errno));
+      recnum = offset / TRUST_RECORD_LEN;
+      assert (recnum); /* this is will never be the first record */
+      /* We must write a record, so that the next call to this
+       * function returns another recnum.  */
+      memset (&rec, 0, sizeof rec);
+      rec.rectype = 0; /* unused record */
+      rec.recnum = recnum;
+      rc = 0;
+      if (lseek( db_fd, recnum * TRUST_RECORD_LEN, SEEK_SET) == -1)
+        {
+          rc = gpg_error_from_syserror ();
+          log_error (_("trustdb rec %lu: lseek failed: %s\n"),
+                     recnum, strerror (errno));
        }
-       else {
-           int n = write( db_fd, &rec, TRUST_RECORD_LEN);
-           if( n != TRUST_RECORD_LEN ) {
-               log_error(_("trustdb rec %lu: write failed (n=%d): %s\n"),
-                                                recnum, n, strerror(errno) );
-               rc = G10ERR_WRITE_FILE;
+      else
+        {
+          int n;
+
+          n = write (db_fd, &rec, TRUST_RECORD_LEN);
+          if (n != TRUST_RECORD_LEN)
+            {
+              rc = gpg_error_from_syserror ();
+              log_error (_("trustdb rec %lu: write failed (n=%d): %s\n"),
+                         recnum, n, strerror (errno));
            }
        }
 
-       if( rc )
-           log_fatal(_("%s: failed to append a record: %s\n"),
-                                   db_name,    g10_errstr(rc));
+      if (rc)
+        log_fatal (_("%s: failed to append a record: %s\n"),
+                   db_name,    gpg_strerror (rc));
     }
-    return recnum ;
+
+  return recnum ;
 }
 
 
 
-/****************
- * Search the trustdb for a key which matches PK and return the dir record
- * The local_id of PK is set to the correct value
- */
-int
-tdbio_search_dir_bypk( PKT_public_key *pk, TRUSTREC *rec )
+/* Helper function for tdbio_search_trust_byfpr.  */
+static int
+cmp_trec_fpr ( const void *fpr, const TRUSTREC *rec )
 {
-    byte fingerprint[MAX_FINGERPRINT_LEN];
-    size_t fingerlen;
-    u32 keyid[2];
-    int rc;
-
-    keyid_from_pk( pk, keyid );
-    fingerprint_from_pk( pk, fingerprint, &fingerlen );
-    rc = tdbio_search_dir_byfpr( fingerprint, fingerlen,
-                                pk->pubkey_algo, rec );
-
-    if( !rc ) {
-       if( pk->local_id && pk->local_id != rec->recnum )
-           log_error("%s: found record, but LID from memory does "
-                      "not match recnum (%lu,%lu)\n",
-                           db_name,  pk->local_id, rec->recnum );
-       pk->local_id = rec->recnum;
-    }
-    return rc;
+  return (rec->rectype == RECTYPE_TRUST
+          && !memcmp (rec->r.trust.fingerprint, fpr, 20));
 }
 
 
-static int
-cmp_krec_fpr( void *dataptr, const TRUSTREC *rec )
+/*
+ * Given a 20 byte FINGERPRINT search its trust record and return
+ * that at REC.
+ *
+ * Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code.
+ */
+gpg_error_t
+tdbio_search_trust_byfpr (const byte *fingerprint, TRUSTREC *rec)
 {
-    const struct cmp_krec_fpr_struct *d = dataptr;
+  int rc;
 
-    return rec->rectype == RECTYPE_KEY
-          && ( !d->pubkey_algo || rec->r.key.pubkey_algo == d->pubkey_algo )
-          && rec->r.key.fingerprint_len == d->fprlen
-          && !memcmp( rec->r.key.fingerprint, d->fpr, d->fprlen );
-}
-
-int
-tdbio_search_dir_byfpr( const byte *fingerprint, size_t fingerlen,
-                       int pubkey_algo, TRUSTREC *rec )
-{
-    struct cmp_krec_fpr_struct cmpdata;
-    ulong recnum;
-    int rc;
-
-    assert( fingerlen == 20 || fingerlen == 16 );
-
-    /* locate the key using the hash table */
-    cmpdata.pubkey_algo = pubkey_algo;
-    cmpdata.fpr = fingerprint;
-    cmpdata.fprlen = fingerlen;
-    rc = lookup_hashtable( get_keyhashrec(), fingerprint, fingerlen,
-                          cmp_krec_fpr, &cmpdata, rec );
-    if( !rc ) {
-       recnum = rec->r.key.lid;
-       /* Now read the dir record */
-       rc = tdbio_read_record( recnum, rec, RECTYPE_DIR);
-       if( rc )
-           log_error("%s: can't read dirrec %lu: %s\n",
-                                    db_name, recnum, g10_errstr(rc) );
-    }
-    return rc;
+  /* Locate the trust record using the hash table */
+  rc = lookup_hashtable (get_trusthashrec(), fingerprint, 20,
+                         cmp_trec_fpr, fingerprint, rec );
+  return rc;
 }
 
 
-
-static int
-cmp_sdir( void *dataptr, const TRUSTREC *rec )
+/*
+ * Given a primary public key object PK search its trust record and
+ * return that at REC.
+ *
+ * Return: 0 if found, GPG_ERR_NOT_FOUND, or another error code.
+ */
+gpg_error_t
+tdbio_search_trust_bypk (PKT_public_key *pk, TRUSTREC *rec)
 {
-    const struct cmp_sdir_struct *d = dataptr;
+  byte fingerprint[MAX_FINGERPRINT_LEN];
+  size_t fingerlen;
 
-    return rec->rectype == RECTYPE_SDIR
-          && ( !d->pubkey_algo || rec->r.sdir.pubkey_algo == d->pubkey_algo )
-          && rec->r.sdir.keyid[0] == d->keyid[0]
-          && rec->r.sdir.keyid[1] == d->keyid[1];
+  fingerprint_from_pk( pk, fingerprint, &fingerlen );
+  for (; fingerlen < 20; fingerlen++)
+    fingerprint[fingerlen] = 0;
+  return tdbio_search_trust_byfpr (fingerprint, rec);
 }
 
 
-int
-tdbio_search_sdir( u32 *keyid, int pubkey_algo, TRUSTREC *rec )
+/*
+ * Terminate the process with a message about a corrupted trustdb.
+ */
+void
+tdbio_invalid (void)
 {
-    struct cmp_sdir_struct cmpdata;
-    int rc;
-    byte key[8];
-
-    /* locate the shadow dir record using the hash table */
-    u32tobuf( key   , keyid[0] );
-    u32tobuf( key+4 , keyid[1] );
-    cmpdata.pubkey_algo = pubkey_algo;
-    cmpdata.keyid[0] = keyid[0];
-    cmpdata.keyid[1] = keyid[1];
-    rc = lookup_hashtable( get_sdirhashrec(), key, 8,
-                          cmp_sdir, &cmpdata, rec );
-    return rc;
+  log_error (_("Error: The trustdb is corrupted.\n"));
+  how_to_fix_the_trustdb ();
+  g10_exit (2);
 }
-
-