1 /* gpg.c - The GnuPG utility (main for gpg)
2 * Copyright (C) 1998-2011 Free Software Foundation, Inc.
3 * Copyright (C) 1997-2014 Werner Koch
4 * Copyright (C) 2015 g10 Code GmbH
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
31 #include <sys/stat.h> /* for stat() */
34 #ifdef HAVE_W32_SYSTEM
35 # ifdef HAVE_WINSOCK2_H
36 # include <winsock2.h>
41 #define INCLUDED_BY_MAIN_MODULE 1
44 #include "../common/iobuf.h"
57 #include "keyserver-internal.h"
59 #include "gc-opt-flags.h"
61 #include "call-dirmngr.h"
62 #include "../common/init.h"
63 #include "../common/shareddefs.h"
65 #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
66 #define MY_O_BINARY O_BINARY
76 enum cmd_and_opt_values
90 oHiddenRecipient = 'R',
97 aListSecretKeys = 'K',
127 aDeleteSecretAndPublicKeys,
225 oBZ2DecompressLowmem,
253 oSkipHiddenRecipients,
254 oNoSkipHiddenRecipients,
267 oUseEmbeddedFilename,
268 oNoUseEmbeddedFilename,
309 oAllowNonSelfsignedUID,
310 oNoAllowNonSelfsignedUID,
313 oAllowSecretKeyImport,
314 oEnableSpecialFilenames,
335 oNoExpensiveTrustChecks,
342 oPreservePermissions,
343 oDefaultPreferenceList,
344 oDefaultKeyserverURL,
345 oPersonalCipherPreferences,
346 oPersonalDigestPreferences,
347 oPersonalCompressPreferences,
362 oNoMangleDosFilenames,
363 oEnableProgressFilter,
366 oExitOnStatusWriteError,
367 oLimitCardInsertTries,
376 oAllowMultisigVerification,
381 oAllowMultipleMessages,
382 oNoAllowMultipleMessages,
383 oAllowWeakDigestAlgos,
392 static ARGPARSE_OPTS opts[] = {
394 ARGPARSE_group (300, N_("@Commands:\n ")),
396 ARGPARSE_c (aSign, "sign", N_("make a signature")),
397 ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature")),
398 ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")),
399 ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")),
400 ARGPARSE_c (aEncrFiles, "encrypt-files", "@"),
401 ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
402 ARGPARSE_c (aStore, "store", "@"),
403 ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
404 ARGPARSE_c (aDecryptFiles, "decrypt-files", "@"),
405 ARGPARSE_c (aVerify, "verify" , N_("verify a signature")),
406 ARGPARSE_c (aVerifyFiles, "verify-files" , "@" ),
407 ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
408 ARGPARSE_c (aListKeys, "list-public-keys", "@" ),
409 ARGPARSE_c (aListSigs, "list-sigs", N_("list keys and signatures")),
410 ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
411 ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
412 ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
413 ARGPARSE_c (aKeygen, "gen-key",
414 N_("generate a new key pair")),
415 ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
416 N_("quickly generate a new key pair")),
417 ARGPARSE_c (aFullKeygen, "full-gen-key" ,
418 N_("full featured key pair generation")),
419 ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
420 ARGPARSE_c (aDeleteKeys,"delete-keys",
421 N_("remove keys from the public keyring")),
422 ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
423 N_("remove keys from the secret keyring")),
424 ARGPARSE_c (aQuickSignKey, "quick-sign-key" ,
425 N_("quickly sign a key")),
426 ARGPARSE_c (aQuickLSignKey, "quick-lsign-key",
427 N_("quickly sign a key locally")),
428 ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")),
429 ARGPARSE_c (aLSignKey, "lsign-key" ,N_("sign a key locally")),
430 ARGPARSE_c (aEditKey, "edit-key" ,N_("sign or edit a key")),
431 ARGPARSE_c (aEditKey, "key-edit" ,"@"),
432 ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")),
433 ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
434 ARGPARSE_c (aExport, "export" , N_("export keys") ),
435 ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a key server") ),
436 ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a key server") ),
437 ARGPARSE_c (aSearchKeys, "search-keys" ,
438 N_("search for keys on a key server") ),
439 ARGPARSE_c (aRefreshKeys, "refresh-keys",
440 N_("update all keys from a keyserver")),
441 ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
442 ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
443 ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
444 ARGPARSE_c (aExportSecretSub, "export-secret-subkeys" , "@" ),
445 ARGPARSE_c (aImport, "import", N_("import/merge keys")),
446 ARGPARSE_c (aFastImport, "fast-import", "@"),
447 #ifdef ENABLE_CARD_SUPPORT
448 ARGPARSE_c (aCardStatus, "card-status", N_("print the card status")),
449 ARGPARSE_c (aCardEdit, "card-edit", N_("change data on a card")),
450 ARGPARSE_c (aChangePIN, "change-pin", N_("change a card's PIN")),
452 ARGPARSE_c (aListConfig, "list-config", "@"),
453 ARGPARSE_c (aListGcryptConfig, "list-gcrypt-config", "@"),
454 ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
455 ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
456 ARGPARSE_c (aListPackets, "list-packets","@"),
458 #ifndef NO_TRUST_MODELS
459 ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
460 ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
461 ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
462 N_("update the trust database")),
463 ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
464 ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
467 ARGPARSE_c (aDeArmor, "dearmor", "@"),
468 ARGPARSE_c (aDeArmor, "dearmour", "@"),
469 ARGPARSE_c (aEnArmor, "enarmor", "@"),
470 ARGPARSE_c (aEnArmor, "enarmour", "@"),
471 ARGPARSE_c (aPrintMD, "print-md", N_("print message digests")),
472 ARGPARSE_c (aPrimegen, "gen-prime", "@" ),
473 ARGPARSE_c (aGenRandom,"gen-random", "@" ),
474 ARGPARSE_c (aServer, "server", N_("run in server mode")),
476 ARGPARSE_group (301, N_("@\nOptions:\n ")),
478 ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
479 ARGPARSE_s_n (oArmor, "armour", "@"),
481 ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
482 ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
483 ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */
484 ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
485 ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"),
486 ARGPARSE_s_n (oNoDefRecipient, "no-default-recipient", "@"),
488 ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
489 ARGPARSE_s_s (oExecPath, "exec-path", "@"),
490 ARGPARSE_s_s (oEncryptTo, "encrypt-to", "@"),
491 ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"),
492 ARGPARSE_s_s (oHiddenEncryptTo, "hidden-encrypt-to", "@"),
493 ARGPARSE_s_s (oLocalUser, "local-user",
494 N_("|USER-ID|use USER-ID to sign or decrypt")),
496 ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"),
498 ARGPARSE_s_i (oCompress, NULL,
499 N_("|N|set compress level to N (0 disables)")),
500 ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
501 ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
502 ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
504 ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
505 ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
506 ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
508 ARGPARSE_s_n (oExpert, "expert", "@"),
509 ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
511 ARGPARSE_s_s (oDefSigExpire, "default-sig-expire", "@"),
512 ARGPARSE_s_n (oAskSigExpire, "ask-sig-expire", "@"),
513 ARGPARSE_s_n (oNoAskSigExpire, "no-ask-sig-expire", "@"),
514 ARGPARSE_s_s (oDefCertExpire, "default-cert-expire", "@"),
515 ARGPARSE_s_n (oAskCertExpire, "ask-cert-expire", "@"),
516 ARGPARSE_s_n (oNoAskCertExpire, "no-ask-cert-expire", "@"),
517 ARGPARSE_s_i (oDefCertLevel, "default-cert-level", "@"),
518 ARGPARSE_s_i (oMinCertLevel, "min-cert-level", "@"),
519 ARGPARSE_s_n (oAskCertLevel, "ask-cert-level", "@"),
520 ARGPARSE_s_n (oNoAskCertLevel, "no-ask-cert-level", "@"),
522 ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
523 ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
525 ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
526 ARGPARSE_s_n (oQuiet, "quiet", "@"),
527 ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
529 ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
530 ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
531 ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
532 ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
534 ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
535 ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
537 ARGPARSE_s_n (oBatch, "batch", "@"),
538 ARGPARSE_s_n (oAnswerYes, "yes", "@"),
539 ARGPARSE_s_n (oAnswerNo, "no", "@"),
540 ARGPARSE_s_s (oKeyring, "keyring", "@"),
541 ARGPARSE_s_s (oPrimaryKeyring, "primary-keyring", "@"),
542 ARGPARSE_s_s (oSecretKeyring, "secret-keyring", "@"),
543 ARGPARSE_s_n (oShowKeyring, "show-keyring", "@"),
544 ARGPARSE_s_s (oDefaultKey, "default-key", "@"),
546 ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
547 ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
548 ARGPARSE_s_s (oImportOptions, "import-options", "@"),
549 ARGPARSE_s_s (oExportOptions, "export-options", "@"),
550 ARGPARSE_s_s (oListOptions, "list-options", "@"),
551 ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
553 ARGPARSE_s_s (oDisplayCharset, "display-charset", "@"),
554 ARGPARSE_s_s (oDisplayCharset, "charset", "@"),
555 ARGPARSE_s_s (oOptions, "options", "@"),
557 ARGPARSE_p_u (oDebug, "debug", "@"),
558 ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
559 ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
560 ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"),
561 ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
562 ARGPARSE_s_s (oStatusFile, "status-file", "@"),
563 ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
564 ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
566 ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
567 ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
568 ARGPARSE_s_i (oMaxCertDepth, "max-cert-depth", "@" ),
569 ARGPARSE_s_s (oTrustedKey, "trusted-key", "@"),
571 ARGPARSE_s_s (oLoadExtension, "load-extension", "@"), /* Dummy. */
573 ARGPARSE_s_n (oGnuPG, "gnupg", "@"),
574 ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
575 ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
576 ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
577 ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
578 ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
579 ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
580 ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
581 ARGPARSE_s_n (oPGP6, "pgp6", "@"),
582 ARGPARSE_s_n (oPGP7, "pgp7", "@"),
583 ARGPARSE_s_n (oPGP8, "pgp8", "@"),
585 ARGPARSE_s_n (oRFC2440Text, "rfc2440-text", "@"),
586 ARGPARSE_s_n (oNoRFC2440Text, "no-rfc2440-text", "@"),
587 ARGPARSE_s_i (oS2KMode, "s2k-mode", "@"),
588 ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"),
589 ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"),
590 ARGPARSE_s_i (oS2KCount, "s2k-count", "@"),
591 ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
592 ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
593 ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
594 ARGPARSE_s_s (oCompressAlgo,"compress-algo", "@"),
595 ARGPARSE_s_s (oCompressAlgo, "compression-algo", "@"), /* Alias */
596 ARGPARSE_s_n (oThrowKeyids, "throw-keyids", "@"),
597 ARGPARSE_s_n (oNoThrowKeyids, "no-throw-keyids", "@"),
598 ARGPARSE_s_n (oShowPhotos, "show-photos", "@"),
599 ARGPARSE_s_n (oNoShowPhotos, "no-show-photos", "@"),
600 ARGPARSE_s_s (oPhotoViewer, "photo-viewer", "@"),
601 ARGPARSE_s_s (oSetNotation, "set-notation", "@"),
602 ARGPARSE_s_s (oSigNotation, "sig-notation", "@"),
603 ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
605 ARGPARSE_group (302, N_(
606 "@\n(See the man page for a complete listing of all commands and options)\n"
609 ARGPARSE_group (303, N_("@\nExamples:\n\n"
610 " -se -r Bob [file] sign and encrypt for user Bob\n"
611 " --clearsign [file] make a clear text signature\n"
612 " --detach-sign [file] make a detached signature\n"
613 " --list-keys [names] show keys\n"
614 " --fingerprint [names] show fingerprints\n")),
616 /* More hidden commands and options. */
617 ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
618 #ifndef NO_TRUST_MODELS
619 ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
623 ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
624 ARGPARSE_c (aDeleteSecretAndPublicKeys,
625 "delete-secret-and-public-keys", "@"),
626 ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
628 ARGPARSE_s_s (oPassphrase, "passphrase", "@"),
629 ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"),
630 ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"),
631 ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
632 ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"),
633 ARGPARSE_s_i (oCommandFD, "command-fd", "@"),
634 ARGPARSE_s_s (oCommandFile, "command-file", "@"),
635 ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
636 ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
638 #ifndef NO_TRUST_MODELS
639 ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
640 ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
641 ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
642 ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
645 ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
646 ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
647 ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
648 ARGPARSE_s_n (oNoPermissionWarn, "no-permission-warning", "@"),
649 ARGPARSE_s_n (oNoMDCWarn, "no-mdc-warning", "@"),
650 ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
651 ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
652 ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
653 ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
654 ARGPARSE_s_n (oNoOptions, "no-options", "@"),
655 ARGPARSE_s_s (oHomedir, "homedir", "@"),
656 ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
657 ARGPARSE_s_n (oWithColons, "with-colons", "@"),
658 ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
659 ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
660 ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
661 ARGPARSE_s_n (aListKeys, "list-key", "@"), /* alias */
662 ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
663 ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
664 ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
665 ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
666 ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
667 ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
668 ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
669 ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
670 ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
671 ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
672 ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
673 ARGPARSE_s_s (oSetPolicyURL, "set-policy-url", "@"),
674 ARGPARSE_s_s (oSigPolicyURL, "sig-policy-url", "@"),
675 ARGPARSE_s_s (oCertPolicyURL, "cert-policy-url", "@"),
676 ARGPARSE_s_n (oShowPolicyURL, "show-policy-url", "@"),
677 ARGPARSE_s_n (oNoShowPolicyURL, "no-show-policy-url", "@"),
678 ARGPARSE_s_s (oSigKeyserverURL, "sig-keyserver-url", "@"),
679 ARGPARSE_s_n (oShowNotation, "show-notation", "@"),
680 ARGPARSE_s_n (oNoShowNotation, "no-show-notation", "@"),
681 ARGPARSE_s_s (oComment, "comment", "@"),
682 ARGPARSE_s_n (oDefaultComment, "default-comment", "@"),
683 ARGPARSE_s_n (oNoComments, "no-comments", "@"),
684 ARGPARSE_s_n (oEmitVersion, "emit-version", "@"),
685 ARGPARSE_s_n (oNoEmitVersion, "no-emit-version", "@"),
686 ARGPARSE_s_n (oNoEmitVersion, "no-version", "@"), /* alias */
687 ARGPARSE_s_n (oNotDashEscaped, "not-dash-escaped", "@"),
688 ARGPARSE_s_n (oEscapeFrom, "escape-from-lines", "@"),
689 ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
690 ARGPARSE_s_n (oLockOnce, "lock-once", "@"),
691 ARGPARSE_s_n (oLockMultiple, "lock-multiple", "@"),
692 ARGPARSE_s_n (oLockNever, "lock-never", "@"),
693 ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
694 ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
695 ARGPARSE_s_s (oLoggerFile, "logger-file", "@"), /* 1.4 compatibility. */
696 ARGPARSE_s_n (oUseEmbeddedFilename, "use-embedded-filename", "@"),
697 ARGPARSE_s_n (oNoUseEmbeddedFilename, "no-use-embedded-filename", "@"),
698 ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
699 ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
700 ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
701 ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
702 ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
703 ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
704 ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
705 ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
706 ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"),
707 ARGPARSE_s_n (oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", "@"),
708 ARGPARSE_s_n (oAllowFreeformUID, "allow-freeform-uid", "@"),
709 ARGPARSE_s_n (oNoAllowFreeformUID, "no-allow-freeform-uid", "@"),
710 ARGPARSE_s_n (oNoLiteral, "no-literal", "@"),
711 ARGPARSE_p_u (oSetFilesize, "set-filesize", "@"),
712 ARGPARSE_s_n (oFastListMode, "fast-list-mode", "@"),
713 ARGPARSE_s_n (oFixedListMode, "fixed-list-mode", "@"),
714 ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
715 ARGPARSE_s_n (oListOnly, "list-only", "@"),
716 ARGPARSE_s_n (oPrintPKARecords, "print-pka-records", "@"),
717 ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
718 ARGPARSE_s_n (oIgnoreValidFrom, "ignore-valid-from", "@"),
719 ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
720 ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
721 ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
722 ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
723 ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
724 ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
725 ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
726 ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
727 ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"),
728 ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
729 ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
730 ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
731 ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
732 ARGPARSE_s_n (oNoExpensiveTrustChecks, "no-expensive-trust-checks", "@"),
733 ARGPARSE_s_n (oPreservePermissions, "preserve-permissions", "@"),
734 ARGPARSE_s_s (oDefaultPreferenceList, "default-preference-list", "@"),
735 ARGPARSE_s_s (oDefaultKeyserverURL, "default-keyserver-url", "@"),
736 ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"),
737 ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
738 ARGPARSE_s_s (oPersonalCompressPreferences,
739 "personal-compress-preferences", "@"),
740 ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
742 /* Aliases. I constantly mistype these, and assume other people do
744 ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"),
745 ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"),
746 ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"),
748 ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
749 ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
750 ARGPARSE_s_s (oDisplay, "display", "@"),
751 ARGPARSE_s_s (oTTYname, "ttyname", "@"),
752 ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
753 ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
754 ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
755 ARGPARSE_s_s (oXauthority, "xauthority", "@"),
756 ARGPARSE_s_s (oGroup, "group", "@"),
757 ARGPARSE_s_s (oUnGroup, "ungroup", "@"),
758 ARGPARSE_s_n (oNoGroups, "no-groups", "@"),
759 ARGPARSE_s_n (oStrict, "strict", "@"),
760 ARGPARSE_s_n (oNoStrict, "no-strict", "@"),
761 ARGPARSE_s_n (oMangleDosFilenames, "mangle-dos-filenames", "@"),
762 ARGPARSE_s_n (oNoMangleDosFilenames, "no-mangle-dos-filenames", "@"),
763 ARGPARSE_s_n (oEnableProgressFilter, "enable-progress-filter", "@"),
764 ARGPARSE_s_n (oMultifile, "multifile", "@"),
765 ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
766 ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
767 ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
769 ARGPARSE_s_n (oAllowMultisigVerification,
770 "allow-multisig-verification", "@"),
771 ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
772 ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
773 ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
774 ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
775 ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
776 ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
777 ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
779 /* These two are aliases to help users of the PGP command line
780 product use gpg with minimal pain. Many commands are common
781 already as they seem to have borrowed commands from us. Now I'm
782 returning the favor. */
783 ARGPARSE_s_s (oLocalUser, "sign-with", "@"),
784 ARGPARSE_s_s (oRecipient, "user", "@"),
786 ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"),
787 ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"),
788 ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"),
789 ARGPARSE_s_n (oNoRequireCrossCert, "no-require-cross-certification", "@"),
791 /* New options. Fixme: Should go more to the top. */
792 ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
793 ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
794 ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
796 /* Dummy options with warnings. */
797 ARGPARSE_s_n (oUseAgent, "use-agent", "@"),
798 ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"),
799 ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"),
800 ARGPARSE_s_s (oReaderPort, "reader-port", "@"),
801 ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"),
802 ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"),
803 ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"),
804 ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
807 ARGPARSE_s_n (oNoop, "sk-comments", "@"),
808 ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
809 ARGPARSE_s_n (oNoop, "compress-keys", "@"),
810 ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
811 ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
812 ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
813 ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
814 ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
820 #ifdef ENABLE_SELINUX_HACKS
821 #define ALWAYS_ADD_KEYRINGS 1
823 #define ALWAYS_ADD_KEYRINGS 0
827 int g10_errors_seen = 0;
829 static int utf8_strings = 0;
830 static int maybe_setuid = 1;
832 static char *build_list( const char *text, char letter,
833 const char *(*mapf)(int), int (*chkf)(int) );
834 static void set_cmd( enum cmd_and_opt_values *ret_cmd,
835 enum cmd_and_opt_values new_cmd );
836 static void print_mds( const char *fname, int algo );
837 static void add_notation_data( const char *string, int which );
838 static void add_policy_url( const char *string, int which );
839 static void add_keyserver_url( const char *string, int which );
840 static void emergency_cleanup (void);
844 make_libversion (const char *libname, const char *(*getfnc)(const char*))
851 gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
855 result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
856 strcpy (stpcpy (stpcpy (result, libname), " "), s);
862 build_list_pk_test_algo (int algo)
864 /* Show only one "RSA" string. If RSA_E or RSA_S is available RSA
865 is also available. */
866 if (algo == PUBKEY_ALGO_RSA_E
867 || algo == PUBKEY_ALGO_RSA_S)
868 return GPG_ERR_DIGEST_ALGO;
870 return openpgp_pk_test_algo (algo);
874 build_list_pk_algo_name (int algo)
876 return openpgp_pk_algo_name (algo);
880 build_list_cipher_test_algo (int algo)
882 return openpgp_cipher_test_algo (algo);
886 build_list_cipher_algo_name (int algo)
888 return openpgp_cipher_algo_name (algo);
892 build_list_md_test_algo (int algo)
894 /* By default we do not accept MD5 based signatures. To avoid
895 confusion we do not announce support for it either. */
896 if (algo == DIGEST_ALGO_MD5)
897 return GPG_ERR_DIGEST_ALGO;
899 return openpgp_md_test_algo (algo);
903 build_list_md_algo_name (int algo)
905 return openpgp_md_algo_name (algo);
910 my_strusage( int level )
912 static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry;
916 case 11: p = "@GPG@ (@GNUPG@)";
918 case 13: p = VERSION; break;
919 case 17: p = PRINTABLE_OS_NAME; break;
920 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
924 ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
928 #ifdef IS_DEVELOPMENT_VERSION
930 p="NOTE: THIS IS A DEVELOPMENT VERSION!";
933 p="It is only intended for test purposes and should NOT be";
936 p="used in a production environment or with production keys!";
942 _("Usage: @GPG@ [options] [files] (-h for help)");
945 _("Syntax: @GPG@ [options] [files]\n"
946 "Sign, check, encrypt or decrypt\n"
947 "Default operation depends on the input data\n");
950 case 31: p = "\nHome: "; break;
952 case 32: p = opt.homedir; break;
953 #else /* __riscos__ */
954 case 32: p = make_filename(opt.homedir, NULL); break;
955 #endif /* __riscos__ */
956 case 33: p = _("\nSupported algorithms:\n"); break;
959 pubkeys = build_list (_("Pubkey: "), 1,
960 build_list_pk_algo_name,
961 build_list_pk_test_algo );
966 ciphers = build_list(_("Cipher: "), 'S',
967 build_list_cipher_algo_name,
968 build_list_cipher_test_algo );
973 digests = build_list(_("Hash: "), 'H',
974 build_list_md_algo_name,
975 build_list_md_test_algo );
980 zips = build_list(_("Compression: "),'Z',
981 compress_algo_to_string,
982 check_compress_algo);
993 build_list (const char *text, char letter,
994 const char * (*mapf)(int), int (*chkf)(int))
1003 gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
1005 indent = utf8_charcount (text);
1007 init_membuf (&mb, 512);
1009 for (i=0; i <= 110; i++ )
1011 if (!chkf (i) && (s = mapf (i)))
1013 if (mb.len - len > 60)
1015 put_membuf_str (&mb, ",\n");
1017 for (j=0; j < indent; j++)
1018 put_membuf_str (&mb, " ");
1021 put_membuf_str (&mb, ", ");
1023 put_membuf_str (&mb, text);
1025 put_membuf_str (&mb, s);
1026 if (opt.verbose && letter)
1030 snprintf (num, sizeof num, " (%d)", i);
1032 snprintf (num, sizeof num, " (%c%d)", letter, i);
1033 put_membuf_str (&mb, num);
1038 put_membuf_str (&mb, "\n");
1039 put_membuf (&mb, "", 1);
1041 string = get_membuf (&mb, NULL);
1042 return xrealloc (string, strlen (string)+1);
1047 wrong_args( const char *text)
1049 es_fprintf (es_stderr, _("usage: %s [options] %s\n"), GPG_NAME, text);
1055 make_username( const char *string )
1059 p = xstrdup(string);
1061 p = native_to_utf8( string );
1067 set_opt_session_env (const char *name, const char *value)
1071 err = session_env_setenv (opt.session_env, name, value);
1073 log_fatal ("error setting session environment: %s\n",
1074 gpg_strerror (err));
1077 /* Setup the debugging. With a LEVEL of NULL only the active debug
1078 flags are propagated to the subsystems. With LEVEL set, a specific
1079 set of debug flags is set; thus overriding all flags already
1082 set_debug (const char *level)
1084 int numok = (level && digitp (level));
1085 int numlvl = numok? atoi (level) : 0;
1089 else if (!strcmp (level, "none") || (numok && numlvl < 1))
1091 else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
1092 opt.debug = DBG_MEMSTAT_VALUE;
1093 else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
1094 opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
1095 else if (!strcmp (level, "expert") || (numok && numlvl <= 8))
1096 opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
1097 |DBG_CACHE_VALUE|DBG_LOOKUP|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
1098 else if (!strcmp (level, "guru") || numok)
1101 /* Unless the "guru" string has been used we don't want to allow
1102 hashing debugging. The rationale is that people tend to
1103 select the highest debug value and would then clutter their
1104 disk with debug files which may reveal confidential data. */
1106 opt.debug &= ~(DBG_HASHING_VALUE);
1110 log_error (_("invalid debug-level '%s' given\n"), level);
1114 if (opt.debug & DBG_MEMORY_VALUE )
1115 memory_debug_mode = 1;
1116 if (opt.debug & DBG_MEMSTAT_VALUE )
1117 memory_stat_debug_mode = 1;
1118 if (opt.debug & DBG_MPI_VALUE)
1119 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
1120 if (opt.debug & DBG_CRYPTO_VALUE )
1121 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
1122 if (opt.debug & DBG_IOBUF_VALUE )
1123 iobuf_debug_mode = 1;
1124 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
1127 log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
1128 (opt.debug & DBG_PACKET_VALUE )? " packet":"",
1129 (opt.debug & DBG_MPI_VALUE )? " mpi":"",
1130 (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
1131 (opt.debug & DBG_FILTER_VALUE )? " filter":"",
1132 (opt.debug & DBG_IOBUF_VALUE )? " iobuf":"",
1133 (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
1134 (opt.debug & DBG_CACHE_VALUE )? " cache":"",
1135 (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
1136 (opt.debug & DBG_TRUST_VALUE )? " trust":"",
1137 (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
1138 (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"",
1139 (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"",
1140 (opt.debug & DBG_IPC_VALUE )? " ipc":"",
1141 (opt.debug & DBG_CLOCK_VALUE )? " clock":"",
1142 (opt.debug & DBG_LOOKUP_VALUE )? " lookup":"");
1147 /* We need the home directory also in some other directories, so make
1148 sure that both variables are always in sync. */
1150 set_homedir (const char *dir)
1158 /* We set the screen dimensions for UI purposes. Do not allow screens
1159 smaller than 80x24 for the sake of simplicity. */
1161 set_screen_dimensions(void)
1163 #ifndef HAVE_W32_SYSTEM
1166 str=getenv("COLUMNS");
1168 opt.screen_columns=atoi(str);
1170 str=getenv("LINES");
1172 opt.screen_lines=atoi(str);
1175 if(opt.screen_columns<80 || opt.screen_columns>255)
1176 opt.screen_columns=80;
1178 if(opt.screen_lines<24 || opt.screen_lines>255)
1179 opt.screen_lines=24;
1183 /* Helper to open a file FNAME either for reading or writing to be
1184 used with --status-file etc functions. Not generally useful but it
1185 avoids the riscos specific functions and well some Windows people
1186 might like it too. Prints an error message and returns -1 on
1187 error. On success the file descriptor is returned. */
1189 open_info_file (const char *fname, int for_write, int binary)
1192 return riscos_fdopenfile (fname, for_write);
1193 #elif defined (ENABLE_SELINUX_HACKS)
1194 /* We can't allow these even when testing for a secured filename
1195 because files to be secured might not yet been secured. This is
1196 similar to the option file but in that case it is unlikely that
1197 sensitive information may be retrieved by means of error
1207 binary = MY_O_BINARY;
1209 /* if (is_secured_filename (fname)) */
1212 /* gpg_err_set_errno (EPERM); */
1219 fd = open (fname, O_CREAT | O_TRUNC | O_WRONLY | binary,
1220 S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
1222 fd = open (fname, O_RDONLY | binary);
1224 while (fd == -1 && errno == EINTR);
1227 log_error ( for_write? _("can't create '%s': %s\n")
1228 : _("can't open '%s': %s\n"), fname, strerror(errno));
1235 set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
1237 enum cmd_and_opt_values cmd = *ret_cmd;
1239 if( !cmd || cmd == new_cmd )
1241 else if( cmd == aSign && new_cmd == aEncr )
1243 else if( cmd == aEncr && new_cmd == aSign )
1245 else if( cmd == aSign && new_cmd == aSym )
1247 else if( cmd == aSym && new_cmd == aSign )
1249 else if( cmd == aSym && new_cmd == aEncr )
1251 else if( cmd == aEncr && new_cmd == aSym )
1253 else if (cmd == aSignEncr && new_cmd == aSym)
1255 else if (cmd == aSignSym && new_cmd == aEncr)
1257 else if (cmd == aEncrSym && new_cmd == aSign)
1259 else if( ( cmd == aSign && new_cmd == aClearsign )
1260 || ( cmd == aClearsign && new_cmd == aSign ) )
1263 log_error(_("conflicting commands\n"));
1272 add_group(char *string)
1275 struct groupitem *item;
1277 /* Break off the group name */
1278 name=strsep(&string,"=");
1281 log_error(_("no = sign found in group definition '%s'\n"),name);
1285 trim_trailing_ws(name,strlen(name));
1287 /* Does this group already exist? */
1288 for(item=opt.grouplist;item;item=item->next)
1289 if(strcasecmp(item->name,name)==0)
1294 item=xmalloc(sizeof(struct groupitem));
1296 item->next=opt.grouplist;
1301 /* Break apart the values */
1302 while ((value= strsep(&string," \t")))
1305 add_to_strlist2(&item->values,value,utf8_strings);
1311 rm_group(char *name)
1313 struct groupitem *item,*last=NULL;
1315 trim_trailing_ws(name,strlen(name));
1317 for(item=opt.grouplist;item;last=item,item=item->next)
1319 if(strcasecmp(item->name,name)==0)
1322 last->next=item->next;
1324 opt.grouplist=item->next;
1326 free_strlist(item->values);
1334 /* We need to check three things.
1336 0) The homedir. It must be x00, a directory, and owned by the
1339 1) The options/gpg.conf file. Okay unless it or its containing
1340 directory is group or other writable or not owned by us. Disable
1343 2) Extensions. Same as #1.
1345 Returns true if the item is unsafe. */
1347 check_permissions (const char *path, int item)
1349 #if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
1350 static int homedir_cache=-1;
1352 struct stat statbuf,dirbuf;
1353 int homedir=0,ret=0,checkonly=0;
1354 int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
1356 if(opt.no_perm_warn)
1359 assert(item==0 || item==1 || item==2);
1361 /* extensions may attach a path */
1362 if(item==2 && path[0]!=DIRSEP_C)
1364 if(strchr(path,DIRSEP_C))
1365 tmppath=make_filename(path,NULL);
1367 tmppath=make_filename(gnupg_libdir (),path,NULL);
1370 tmppath=xstrdup(path);
1372 /* If the item is located in the homedir, but isn't the homedir,
1373 don't continue if we already checked the homedir itself. This is
1374 to avoid user confusion with an extra options file warning which
1375 could be rectified if the homedir itself had proper
1377 if(item!=0 && homedir_cache>-1
1378 && ascii_strncasecmp(opt.homedir,tmppath,strlen(opt.homedir))==0)
1384 /* It's okay if the file or directory doesn't exist */
1385 if(stat(tmppath,&statbuf)!=0)
1391 /* Now check the enclosing directory. Theoretically, we could walk
1392 this test up to the root directory /, but for the sake of sanity,
1393 I'm stopping at one level down. */
1394 dir=make_dirname(tmppath);
1396 if(stat(dir,&dirbuf)!=0 || !S_ISDIR(dirbuf.st_mode))
1405 /* Assume failure */
1410 /* The homedir must be x00, a directory, and owned by the user. */
1412 if(S_ISDIR(statbuf.st_mode))
1414 if(statbuf.st_uid==getuid())
1416 if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1427 else if(item==1 || item==2)
1429 /* The options or extension file. Okay unless it or its
1430 containing directory is group or other writable or not owned
1433 if(S_ISREG(statbuf.st_mode))
1435 if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
1437 if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1439 /* it's not writable, so make sure the enclosing
1440 directory is also not writable */
1441 if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1443 if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1453 /* it's writable, so the enclosing directory had
1454 better not let people get to it. */
1455 if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1457 if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1460 perm=enc_dir_perm=1; /* unclear which one to fix! */
1478 log_info(_("WARNING: unsafe ownership on"
1479 " homedir '%s'\n"),tmppath);
1481 log_info(_("WARNING: unsafe ownership on"
1482 " configuration file '%s'\n"),tmppath);
1484 log_info(_("WARNING: unsafe ownership on"
1485 " extension '%s'\n"),tmppath);
1490 log_info(_("WARNING: unsafe permissions on"
1491 " homedir '%s'\n"),tmppath);
1493 log_info(_("WARNING: unsafe permissions on"
1494 " configuration file '%s'\n"),tmppath);
1496 log_info(_("WARNING: unsafe permissions on"
1497 " extension '%s'\n"),tmppath);
1502 log_info(_("WARNING: unsafe enclosing directory ownership on"
1503 " homedir '%s'\n"),tmppath);
1505 log_info(_("WARNING: unsafe enclosing directory ownership on"
1506 " configuration file '%s'\n"),tmppath);
1508 log_info(_("WARNING: unsafe enclosing directory ownership on"
1509 " extension '%s'\n"),tmppath);
1514 log_info(_("WARNING: unsafe enclosing directory permissions on"
1515 " homedir '%s'\n"),tmppath);
1517 log_info(_("WARNING: unsafe enclosing directory permissions on"
1518 " configuration file '%s'\n"),tmppath);
1520 log_info(_("WARNING: unsafe enclosing directory permissions on"
1521 " extension '%s'\n"),tmppath);
1533 #else /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
1537 #endif /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
1541 /* Print the OpenPGP defined algo numbers. */
1543 print_algo_numbers(int (*checker)(int))
1562 print_algo_names(int (*checker)(int),const char *(*mapper)(int))
1574 es_printf ("%s",mapper(i));
1579 /* In the future, we can do all sorts of interesting configuration
1580 output here. For now, just give "group" as the Enigmail folks need
1581 it, and pubkey, cipher, hash, and compress as they may be useful
1584 list_config(char *items)
1586 int show_all = !items;
1589 struct groupitem *giter;
1592 if(!opt.with_colons)
1595 while(show_all || (name=strsep(&items," ")))
1599 if(show_all || ascii_strcasecmp(name,"group")==0)
1601 for (giter = opt.grouplist; giter; giter = giter->next)
1605 es_fprintf (es_stdout, "cfg:group:");
1606 es_write_sanitized (es_stdout, giter->name, strlen(giter->name),
1608 es_putc (':', es_stdout);
1610 for(sl=giter->values; sl; sl=sl->next)
1612 es_write_sanitized (es_stdout, sl->d, strlen (sl->d),
1624 if(show_all || ascii_strcasecmp(name,"version")==0)
1626 es_printf("cfg:version:");
1627 es_write_sanitized (es_stdout, VERSION, strlen(VERSION), ":", NULL);
1632 if(show_all || ascii_strcasecmp(name,"pubkey")==0)
1634 es_printf ("cfg:pubkey:");
1635 print_algo_numbers (build_list_pk_test_algo);
1640 if(show_all || ascii_strcasecmp(name,"pubkeyname")==0)
1642 es_printf ("cfg:pubkeyname:");
1643 print_algo_names (build_list_pk_test_algo,
1644 build_list_pk_algo_name);
1649 if(show_all || ascii_strcasecmp(name,"cipher")==0)
1651 es_printf ("cfg:cipher:");
1652 print_algo_numbers (build_list_cipher_test_algo);
1657 if (show_all || !ascii_strcasecmp (name,"ciphername"))
1659 es_printf ("cfg:ciphername:");
1660 print_algo_names (build_list_cipher_test_algo,
1661 build_list_cipher_algo_name);
1667 || ascii_strcasecmp(name,"digest")==0
1668 || ascii_strcasecmp(name,"hash")==0)
1670 es_printf ("cfg:digest:");
1671 print_algo_numbers (build_list_md_test_algo);
1677 || !ascii_strcasecmp(name,"digestname")
1678 || !ascii_strcasecmp(name,"hashname"))
1680 es_printf ("cfg:digestname:");
1681 print_algo_names (build_list_md_test_algo,
1682 build_list_md_algo_name);
1687 if(show_all || ascii_strcasecmp(name,"compress")==0)
1689 es_printf ("cfg:compress:");
1690 print_algo_numbers(check_compress_algo);
1695 if (show_all || !ascii_strcasecmp(name,"ccid-reader-id"))
1697 /* We ignore this for GnuPG 1.4 backward compatibility. */
1701 if (show_all || !ascii_strcasecmp (name,"curve"))
1703 es_printf ("cfg:curve:");
1704 for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first=0)
1705 es_printf ("%s%s", first?"":";", s);
1710 /* Curve OIDs are rarely useful and thus only printed if requested. */
1711 if (name && !ascii_strcasecmp (name,"curveoid"))
1713 es_printf ("cfg:curveoid:");
1714 for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first = 0)
1716 s = openpgp_curve_to_oid (s, NULL);
1717 es_printf ("%s%s", first?"":";", s? s:"[?]");
1727 log_error(_("unknown configuration item '%s'\n"),name);
1732 /* List options and default values in the GPG Conf format. This is a
1733 new tool distributed with gnupg 1.9.x but we also want some limited
1734 support in older gpg versions. The output is the name of the
1735 configuration file and a list of options available for editing by
1738 gpgconf_list (const char *configfile)
1740 char *configfile_esc = percent_escape (configfile, NULL);
1742 es_printf ("%s-%s.conf:%lu:\"%s\n",
1743 GPGCONF_NAME, GPG_NAME,
1744 GC_OPT_FLAG_DEFAULT,
1745 configfile_esc ? configfile_esc : "/dev/null");
1746 es_printf ("verbose:%lu:\n", GC_OPT_FLAG_NONE);
1747 es_printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
1748 es_printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
1749 es_printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
1750 es_printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE);
1751 es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
1752 es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
1753 es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
1754 es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
1755 es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
1756 es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
1758 /* The next one is an info only item and should match the macros at
1759 the top of keygen.c */
1760 es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
1763 xfree (configfile_esc);
1768 parse_subpacket_list(char *list)
1771 byte subpackets[128],i;
1776 /* No arguments means all subpackets */
1777 memset(subpackets+1,1,sizeof(subpackets)-1);
1782 memset(subpackets,0,sizeof(subpackets));
1784 /* Merge with earlier copy */
1785 if(opt.show_subpackets)
1789 for(in=opt.show_subpackets;*in;in++)
1791 if(*in>127 || *in<1)
1794 if(!subpackets[*in])
1800 while((tok=strsep(&list," ,")))
1815 xfree(opt.show_subpackets);
1816 opt.show_subpackets=xmalloc(count+1);
1817 opt.show_subpackets[count--]=0;
1819 for(i=1;i<128 && count>=0;i++)
1821 opt.show_subpackets[count--]=i;
1828 parse_list_options(char *str)
1830 char *subpackets=""; /* something that isn't NULL */
1831 struct parse_options lopts[]=
1833 {"show-photos",LIST_SHOW_PHOTOS,NULL,
1834 N_("display photo IDs during key listings")},
1835 {"show-usage",LIST_SHOW_USAGE,NULL,
1836 N_("show key usage information during key listings")},
1837 {"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
1838 N_("show policy URLs during signature listings")},
1839 {"show-notations",LIST_SHOW_NOTATIONS,NULL,
1840 N_("show all notations during signature listings")},
1841 {"show-std-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1842 N_("show IETF standard notations during signature listings")},
1843 {"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1845 {"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
1846 N_("show user-supplied notations during signature listings")},
1847 {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
1848 N_("show preferred keyserver URLs during signature listings")},
1849 {"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,
1850 N_("show user ID validity during key listings")},
1851 {"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL,
1852 N_("show revoked and expired user IDs in key listings")},
1853 {"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
1854 N_("show revoked and expired subkeys in key listings")},
1855 {"show-keyring",LIST_SHOW_KEYRING,NULL,
1856 N_("show the keyring name in key listings")},
1857 {"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
1858 N_("show expiration dates during signature listings")},
1859 {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,NULL,
1864 /* C99 allows for non-constant initializers, but we'd like to
1865 compile everywhere, so fill in the show-sig-subpackets argument
1866 here. Note that if the parse_options array changes, we'll have
1867 to change the subscript here. */
1868 lopts[12].value=&subpackets;
1870 if(parse_options(str,&opt.list_options,lopts,1))
1872 if(opt.list_options&LIST_SHOW_SIG_SUBPACKETS)
1874 /* Unset so users can pass multiple lists in. */
1875 opt.list_options&=~LIST_SHOW_SIG_SUBPACKETS;
1876 if(!parse_subpacket_list(subpackets))
1879 else if(subpackets==NULL && opt.show_subpackets)
1881 /* User did 'no-show-subpackets' */
1882 xfree(opt.show_subpackets);
1883 opt.show_subpackets=NULL;
1893 /* Collapses argc/argv into a single string that must be freed */
1895 collapse_args(int argc,char *argv[])
1898 int i,first=1,len=0;
1902 len+=strlen(argv[i])+2;
1903 str=xrealloc(str,len);
1912 strcat(str,argv[i]);
1919 #ifndef NO_TRUST_MODELS
1921 parse_trust_model(const char *model)
1923 if(ascii_strcasecmp(model,"pgp")==0)
1924 opt.trust_model=TM_PGP;
1925 else if(ascii_strcasecmp(model,"classic")==0)
1926 opt.trust_model=TM_CLASSIC;
1927 else if(ascii_strcasecmp(model,"always")==0)
1928 opt.trust_model=TM_ALWAYS;
1929 else if(ascii_strcasecmp(model,"direct")==0)
1930 opt.trust_model=TM_DIRECT;
1931 else if(ascii_strcasecmp(model,"auto")==0)
1932 opt.trust_model=TM_AUTO;
1934 log_error("unknown trust model '%s'\n",model);
1936 #endif /*NO_TRUST_MODELS*/
1939 /* This fucntion called to initialized a new control object. It is
1940 assumed that this object has been zeroed out before calling this
1943 gpg_init_default_ctrl (ctrl_t ctrl)
1949 /* This function is called to deinitialize a control object. It is
1952 gpg_deinit_default_ctrl (ctrl_t ctrl)
1954 gpg_dirmngr_deinit_session_data (ctrl);
1959 get_default_configname (void)
1961 char *configname = NULL;
1962 char *name = xstrdup (GPG_NAME EXTSEP_S "conf-" SAFE_VERSION);
1963 char *ver = &name[strlen (GPG_NAME EXTSEP_S "conf-")];
1974 if ((tok = strrchr (ver, SAFE_VERSION_DASH)))
1976 else if ((tok = strrchr (ver, SAFE_VERSION_DOT)))
1982 configname = make_filename (opt.homedir, name, NULL);
1984 while (access (configname, R_OK));
1989 configname = make_filename (opt.homedir, GPG_NAME EXTSEP_S "conf", NULL);
1990 if (! access (configname, R_OK))
1992 /* Print a warning when both config files are present. */
1993 char *p = make_filename (opt.homedir, "options", NULL);
1994 if (! access (p, R_OK))
1995 log_info (_("Note: old default options file '%s' ignored\n"), p);
2000 /* Use the old default only if it exists. */
2001 char *p = make_filename (opt.homedir, "options", NULL);
2002 if (!access (p, R_OK))
2016 main (int argc, char **argv)
2018 ARGPARSE_ARGS pargs;
2026 strlist_t sl, remusr= NULL, locusr=NULL;
2027 strlist_t nrings = NULL;
2028 armor_filter_context_t *afx = NULL;
2029 int detached_sig = 0;
2030 FILE *configfp = NULL;
2031 char *configname = NULL;
2032 char *save_configname = NULL;
2033 char *default_configname = NULL;
2034 unsigned configlineno;
2035 int parse_debug = 0;
2036 int default_config = 1;
2037 int default_keyring = 1;
2040 char *logfile = NULL;
2041 int use_random_seed = 1;
2042 enum cmd_and_opt_values cmd = 0;
2043 const char *debug_level = NULL;
2044 #ifndef NO_TRUST_MODELS
2045 const char *trustdb_name = NULL;
2046 #endif /*!NO_TRUST_MODELS*/
2047 char *def_cipher_string = NULL;
2048 char *def_digest_string = NULL;
2049 char *compress_algo_string = NULL;
2050 char *cert_digest_string = NULL;
2051 char *s2k_cipher_string = NULL;
2052 char *s2k_digest_string = NULL;
2053 char *pers_cipher_list = NULL;
2054 char *pers_digest_list = NULL;
2055 char *pers_compress_list = NULL;
2059 int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
2060 int any_explicit_recipient = 0;
2061 int require_secmem=0,got_secmem=0;
2062 struct assuan_malloc_hooks malloc_hooks;
2067 #endif /* __riscos__ */
2070 /* Please note that we may running SUID(ROOT), so be very CAREFUL
2071 when adding any stuff between here and the call to
2072 secmem_init() somewhere after the option parsing. */
2073 early_system_init ();
2074 gnupg_reopen_std (GPG_NAME);
2076 gnupg_rl_initialize ();
2077 set_strusage (my_strusage);
2078 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
2079 log_set_prefix (GPG_NAME, 1);
2081 /* Make sure that our subsystems are ready. */
2083 init_common_subsystems (&argc, &argv);
2085 /* Check that the libraries are suitable. Do it right here because the
2086 option parsing may need services of the library. */
2087 if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
2089 log_fatal ( _("libgcrypt is too old (need %s, have %s)\n"),
2090 NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
2093 /* Use our own logging handler for Libcgrypt. */
2094 setup_libgcrypt_logging ();
2096 /* Put random number into secure memory */
2097 gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
2099 may_coredump = disable_core_dumps();
2101 gnupg_init_signals (0, emergency_cleanup);
2103 dotlock_create (NULL, 0); /* Register lock file cleanup. */
2106 opt.session_env = session_env_new ();
2107 if (!opt.session_env)
2108 log_fatal ("error allocating session environment block: %s\n",
2111 opt.command_fd = -1; /* no command fd */
2112 opt.compress_level = -1; /* defaults to standard compress level */
2113 opt.bz2_compress_level = -1; /* defaults to standard compress level */
2114 /* note: if you change these lines, look at oOpenPGP */
2115 opt.def_cipher_algo = 0;
2116 opt.def_digest_algo = 0;
2117 opt.cert_digest_algo = 0;
2118 opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
2119 opt.s2k_mode = 3; /* iterated+salted */
2120 opt.s2k_count = 0; /* Auto-calibrate when needed. */
2121 opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
2122 opt.completes_needed = 1;
2123 opt.marginals_needed = 3;
2124 opt.max_cert_depth = 5;
2125 opt.escape_from = 1;
2126 opt.flags.require_cross_cert = 1;
2127 opt.import_options = 0;
2128 opt.export_options = EXPORT_ATTRIBUTES;
2129 opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG;
2130 opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
2131 opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
2132 opt.verify_options = (LIST_SHOW_UID_VALIDITY
2133 | VERIFY_SHOW_POLICY_URLS
2134 | VERIFY_SHOW_STD_NOTATIONS
2135 | VERIFY_SHOW_KEYSERVER_URLS);
2136 opt.list_options = LIST_SHOW_UID_VALIDITY;
2137 #ifdef NO_TRUST_MODELS
2138 opt.trust_model = TM_ALWAYS;
2140 opt.trust_model = TM_AUTO;
2142 opt.mangle_dos_filenames = 0;
2143 opt.min_cert_level = 2;
2144 set_screen_dimensions ();
2145 opt.keyid_format = KF_SHORT;
2146 opt.def_sig_expire = "0";
2147 opt.def_cert_expire = "0";
2148 set_homedir (default_homedir ());
2149 opt.passphrase_repeat = 1;
2150 opt.emit_version = 1; /* Limit to the major number. */
2152 /* Check whether we have a config file on the command line. */
2157 pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
2158 while( arg_parse( &pargs, opts) ) {
2159 if( pargs.r_opt == oDebug || pargs.r_opt == oDebugAll )
2161 else if (pargs.r_opt == oDebugIOLBF)
2162 es_setvbuf (es_stdout, NULL, _IOLBF, 0);
2163 else if( pargs.r_opt == oOptions ) {
2164 /* yes there is one, so we do not try the default one, but
2165 * read the option file when it is encountered at the commandline
2169 else if( pargs.r_opt == oNoOptions )
2171 default_config = 0; /* --no-options */
2172 opt.no_homedir_creation = 1;
2174 else if( pargs.r_opt == oHomedir )
2175 set_homedir ( pargs.r.ret_str );
2176 else if( pargs.r_opt == oNoPermissionWarn )
2178 else if (pargs.r_opt == oStrict )
2182 else if (pargs.r_opt == oNoStrict )
2188 #ifdef HAVE_DOSISH_SYSTEM
2189 if ( strchr (opt.homedir,'\\') ) {
2190 char *d, *buf = xmalloc (strlen (opt.homedir)+1);
2191 const char *s = opt.homedir;
2192 for (d=buf,s=opt.homedir; *s; s++)
2194 *d++ = *s == '\\'? '/': *s;
2195 #ifdef HAVE_W32_SYSTEM
2196 if (s[1] && IsDBCSLeadByte (*s))
2205 /* Initialize the secure memory. */
2206 if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
2208 #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
2209 /* There should be no way to get to this spot while still carrying
2210 setuid privs. Just in case, bomb out if we are. */
2211 if ( getuid () != geteuid () )
2216 /* Okay, we are now working under our real uid */
2218 /* malloc hooks go here ... */
2219 malloc_hooks.malloc = gcry_malloc;
2220 malloc_hooks.realloc = gcry_realloc;
2221 malloc_hooks.free = gcry_free;
2222 assuan_set_malloc_hooks (&malloc_hooks);
2223 assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
2224 setup_libassuan_logging (&opt.debug);
2226 /* Try for a version specific config file first */
2227 default_configname = get_default_configname ();
2229 configname = xstrdup (default_configname);
2235 pargs.flags= ARGPARSE_FLAG_KEEP;
2237 /* By this point we have a homedir, and cannot change it. */
2238 check_permissions(opt.homedir,0);
2242 if(check_permissions(configname,1))
2244 /* If any options file is unsafe, then disable any external
2245 programs for keyserver calls or photo IDs. Since the
2246 external program to call is set in the options file, a
2247 unsafe options file can lead to an arbitrary program
2254 configfp = fopen( configname, "r" );
2255 if (configfp && is_secured_file (fileno (configfp)))
2259 gpg_err_set_errno (EPERM);
2262 if( default_config ) {
2264 log_info(_("Note: no default option file '%s'\n"),
2268 log_error(_("option file '%s': %s\n"),
2269 configname, strerror(errno) );
2272 xfree(configname); configname = NULL;
2274 if( parse_debug && configname )
2275 log_info(_("reading options from '%s'\n"), configname );
2279 while( optfile_parse( configfp, configname, &configlineno,
2282 switch( pargs.r_opt )
2286 case aListGcryptConfig:
2298 #ifdef ENABLE_CARD_SUPPORT
2302 #endif /* ENABLE_CARD_SUPPORT*/
2307 case aExportSecretSub:
2318 case aUpdateTrustDB:
2320 case aListTrustPath:
2325 case aQuickLSignKey:
2330 case aExportOwnerTrust:
2331 case aImportOwnerTrust:
2332 case aRebuildKeydbCaches:
2333 set_cmd (&cmd, pargs.r_opt);
2339 case aDeleteSecretKeys:
2340 case aDeleteSecretAndPublicKeys:
2343 set_cmd (&cmd, pargs.r_opt);
2347 case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
2349 case aDecryptFiles: multifile=1; /* fall through */
2350 case aDecrypt: set_cmd( &cmd, aDecrypt); break;
2352 case aEncrFiles: multifile=1; /* fall through */
2353 case aEncr: set_cmd( &cmd, aEncr); break;
2355 case aVerifyFiles: multifile=1; /* fall through */
2356 case aVerify: set_cmd( &cmd, aVerify); break;
2359 set_cmd (&cmd, pargs.r_opt);
2363 case oArmor: opt.armor = 1; opt.no_armor=0; break;
2364 case oOutput: opt.outfile = pargs.r.ret_str; break;
2365 case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
2366 case oQuiet: opt.quiet = 1; break;
2367 case oNoTTY: tty_no_terminal(1); break;
2368 case oDryRun: opt.dry_run = 1; break;
2369 case oInteractive: opt.interactive = 1; break;
2372 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2373 opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
2374 opt.list_options|=LIST_SHOW_UNUSABLE_SUBKEYS;
2382 case oUseAgent: /* Dummy. */
2386 obsolete_option (configname, configlineno, "no-use-agent");
2389 obsolete_option (configname, configlineno, "gpg-agent-info");
2392 obsolete_scdaemon_option (configname, configlineno, "reader-port");
2395 obsolete_scdaemon_option (configname, configlineno, "ctapi-driver");
2398 obsolete_scdaemon_option (configname, configlineno, "pcsc-driver");
2401 obsolete_scdaemon_option (configname, configlineno, "disable-ccid");
2403 case oHonorHttpProxy:
2404 obsolete_option (configname, configlineno, "honor-http-proxy");
2407 case oAnswerYes: opt.answer_yes = 1; break;
2408 case oAnswerNo: opt.answer_no = 1; break;
2409 case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
2410 case oPrimaryKeyring:
2411 sl = append_to_strlist (&nrings, pargs.r.ret_str);
2412 sl->flags = KEYDB_RESOURCE_FLAG_PRIMARY;
2415 deprecated_warning(configname,configlineno,"--show-keyring",
2416 "--list-options ","show-keyring");
2417 opt.list_options|=LIST_SHOW_KEYRING;
2420 case oDebug: opt.debug |= pargs.r.ret_ulong; break;
2421 case oDebugAll: opt.debug = ~0; break;
2422 case oDebugLevel: debug_level = pargs.r.ret_str; break;
2424 case oDebugIOLBF: break; /* Already set in pre-parse step. */
2427 set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2430 set_status_fd ( open_info_file (pargs.r.ret_str, 1, 0) );
2433 set_attrib_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2435 case oAttributeFile:
2436 set_attrib_fd ( open_info_file (pargs.r.ret_str, 1, 1) );
2439 log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
2442 logfile = pargs.r.ret_str;
2445 case oWithFingerprint:
2446 opt.with_fingerprint = 1;
2449 case oWithICAOSpelling:
2450 opt.with_icao_spelling = 1;
2458 opt.with_keygrip = 1;
2462 opt.with_secret = 1;
2465 case oSecretKeyring:
2466 /* Ignore this old option. */
2470 /* config files may not be nested (silently ignore them) */
2473 configname = xstrdup(pargs.r.ret_str);
2477 case oNoArmor: opt.no_armor=1; opt.armor=0; break;
2478 case oNoDefKeyring: default_keyring = 0; break;
2479 case oNoGreeting: nogreeting = 1; break;
2482 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2486 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
2488 case oEmitVersion: opt.emit_version++; break;
2489 case oNoEmitVersion: opt.emit_version=0; break;
2490 case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
2491 case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
2492 case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
2494 #ifndef NO_TRUST_MODELS
2495 case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
2497 #endif /*!NO_TRUST_MODELS*/
2498 case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
2500 if( *pargs.r.ret_str )
2501 opt.def_recipient = make_username(pargs.r.ret_str);
2503 case oDefRecipientSelf:
2504 xfree(opt.def_recipient); opt.def_recipient = NULL;
2505 opt.def_recipient_self = 1;
2507 case oNoDefRecipient:
2508 xfree(opt.def_recipient); opt.def_recipient = NULL;
2509 opt.def_recipient_self = 0;
2511 case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
2512 case oHomedir: break;
2513 case oNoBatch: opt.batch = 0; break;
2515 case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
2516 case oWithColons: opt.with_colons=':'; break;
2518 case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/
2519 case oWithSigList: opt.list_sigs = 1; break;
2521 case oSkipVerify: opt.skip_verify=1; break;
2523 case oSkipHiddenRecipients: opt.skip_hidden_recipients = 1; break;
2524 case oNoSkipHiddenRecipients: opt.skip_hidden_recipients = 0; break;
2526 case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
2528 #ifndef NO_TRUST_MODELS
2529 /* There are many programs (like mutt) that call gpg with
2530 --always-trust so keep this option around for a long
2532 case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
2534 parse_trust_model(pargs.r.ret_str);
2536 #endif /*!NO_TRUST_MODELS*/
2538 case oForceOwnertrust:
2539 log_info(_("Note: %s is not for normal use!\n"),
2540 "--force-ownertrust");
2541 opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
2542 if(opt.force_ownertrust==-1)
2544 log_error("invalid ownertrust '%s'\n",pargs.r.ret_str);
2545 opt.force_ownertrust=0;
2548 case oLoadExtension:
2549 /* Dummy so that gpg 1.4 conf files can work. Should
2550 eventually be removed. */
2554 /* This is effectively the same as RFC2440, but with
2555 "--enable-dsa2 --no-rfc2440-text --escape-from-lines
2556 --require-cross-certification". */
2557 opt.compliance = CO_RFC4880;
2559 opt.flags.require_cross_cert = 1;
2560 opt.rfc2440_text = 0;
2561 opt.allow_non_selfsigned_uid = 1;
2562 opt.allow_freeform_uid = 1;
2563 opt.escape_from = 1;
2564 opt.not_dash_escaped = 0;
2565 opt.def_cipher_algo = 0;
2566 opt.def_digest_algo = 0;
2567 opt.cert_digest_algo = 0;
2568 opt.compress_algo = -1;
2569 opt.s2k_mode = 3; /* iterated+salted */
2570 opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2571 opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2574 opt.compliance = CO_RFC2440;
2576 opt.rfc2440_text = 1;
2577 opt.allow_non_selfsigned_uid = 1;
2578 opt.allow_freeform_uid = 1;
2579 opt.escape_from = 0;
2580 opt.not_dash_escaped = 0;
2581 opt.def_cipher_algo = 0;
2582 opt.def_digest_algo = 0;
2583 opt.cert_digest_algo = 0;
2584 opt.compress_algo = -1;
2585 opt.s2k_mode = 3; /* iterated+salted */
2586 opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2587 opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2589 case oPGP6: opt.compliance = CO_PGP6; break;
2590 case oPGP7: opt.compliance = CO_PGP7; break;
2591 case oPGP8: opt.compliance = CO_PGP8; break;
2592 case oGnuPG: opt.compliance = CO_GNUPG; break;
2593 case oRFC2440Text: opt.rfc2440_text=1; break;
2594 case oNoRFC2440Text: opt.rfc2440_text=0; break;
2597 opt.set_filename = pargs.r.ret_str;
2599 opt.set_filename = native_to_utf8(pargs.r.ret_str);
2601 case oForYourEyesOnly: eyes_only = 1; break;
2602 case oNoForYourEyesOnly: eyes_only = 0; break;
2604 add_policy_url(pargs.r.ret_str,0);
2605 add_policy_url(pargs.r.ret_str,1);
2607 case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
2608 case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
2609 case oShowPolicyURL:
2610 deprecated_warning(configname,configlineno,"--show-policy-url",
2611 "--list-options ","show-policy-urls");
2612 deprecated_warning(configname,configlineno,"--show-policy-url",
2613 "--verify-options ","show-policy-urls");
2614 opt.list_options|=LIST_SHOW_POLICY_URLS;
2615 opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
2617 case oNoShowPolicyURL:
2618 deprecated_warning(configname,configlineno,"--no-show-policy-url",
2619 "--list-options ","no-show-policy-urls");
2620 deprecated_warning(configname,configlineno,"--no-show-policy-url",
2621 "--verify-options ","no-show-policy-urls");
2622 opt.list_options&=~LIST_SHOW_POLICY_URLS;
2623 opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
2625 case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
2626 case oUseEmbeddedFilename:
2627 opt.flags.use_embedded_filename=1;
2629 case oNoUseEmbeddedFilename:
2630 opt.flags.use_embedded_filename=0;
2633 if(pargs.r.ret_str[0])
2634 append_to_strlist(&opt.comments,pargs.r.ret_str);
2636 case oDefaultComment:
2637 deprecated_warning(configname,configlineno,
2638 "--default-comment","--no-comments","");
2641 free_strlist(opt.comments);
2644 case oThrowKeyids: opt.throw_keyids = 1; break;
2645 case oNoThrowKeyids: opt.throw_keyids = 0; break;
2647 deprecated_warning(configname,configlineno,"--show-photos",
2648 "--list-options ","show-photos");
2649 deprecated_warning(configname,configlineno,"--show-photos",
2650 "--verify-options ","show-photos");
2651 opt.list_options|=LIST_SHOW_PHOTOS;
2652 opt.verify_options|=VERIFY_SHOW_PHOTOS;
2655 deprecated_warning(configname,configlineno,"--no-show-photos",
2656 "--list-options ","no-show-photos");
2657 deprecated_warning(configname,configlineno,"--no-show-photos",
2658 "--verify-options ","no-show-photos");
2659 opt.list_options&=~LIST_SHOW_PHOTOS;
2660 opt.verify_options&=~VERIFY_SHOW_PHOTOS;
2662 case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
2664 case oForceMDC: opt.force_mdc = 1; break;
2665 case oNoForceMDC: opt.force_mdc = 0; break;
2666 case oDisableMDC: opt.disable_mdc = 1; break;
2667 case oNoDisableMDC: opt.disable_mdc = 0; break;
2668 case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
2669 case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
2670 case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
2672 if (pargs.r.ret_int)
2673 opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
2675 opt.s2k_count = 0; /* Auto-calibrate when needed. */
2677 case oNoEncryptTo: opt.no_encrypt_to = 1; break;
2678 case oEncryptTo: /* store the recipient in the second list */
2679 sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2682 case oHiddenEncryptTo: /* store the recipient in the second list */
2683 sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2686 case oRecipient: /* store the recipient */
2687 add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2688 any_explicit_recipient = 1;
2690 case oHiddenRecipient: /* store the recipient with a flag */
2691 sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2693 any_explicit_recipient = 1;
2697 add_to_strlist2 (&opt.secret_keys_to_try,
2698 pargs.r.ret_str, utf8_strings);
2701 case oTextmodeShort: opt.textmode = 2; break;
2702 case oTextmode: opt.textmode=1; break;
2703 case oNoTextmode: opt.textmode=0; break;
2704 case oExpert: opt.expert = 1; break;
2705 case oNoExpert: opt.expert = 0; break;
2707 if(*pargs.r.ret_str!='\0')
2709 if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2710 log_error(_("'%s' is not a valid signature expiration\n"),
2713 opt.def_sig_expire=pargs.r.ret_str;
2716 case oAskSigExpire: opt.ask_sig_expire = 1; break;
2717 case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
2718 case oDefCertExpire:
2719 if(*pargs.r.ret_str!='\0')
2721 if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2722 log_error(_("'%s' is not a valid signature expiration\n"),
2725 opt.def_cert_expire=pargs.r.ret_str;
2728 case oAskCertExpire: opt.ask_cert_expire = 1; break;
2729 case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
2730 case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
2731 case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
2732 case oAskCertLevel: opt.ask_cert_level = 1; break;
2733 case oNoAskCertLevel: opt.ask_cert_level = 0; break;
2734 case oLocalUser: /* store the local users */
2735 add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
2738 /* this is the -z command line option */
2739 opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
2741 case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
2742 case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
2743 case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
2745 set_passphrase_from_string(pargs.r.ret_str);
2748 pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
2750 case oPassphraseFile:
2751 pwfd = open_info_file (pargs.r.ret_str, 0, 1);
2753 case oPassphraseRepeat:
2754 opt.passphrase_repeat = pargs.r.ret_int;
2758 opt.pinentry_mode = parse_pinentry_mode (pargs.r.ret_str);
2759 if (opt.pinentry_mode == -1)
2760 log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
2764 opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
2767 opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
2770 def_cipher_string = xstrdup(pargs.r.ret_str);
2773 def_digest_string = xstrdup(pargs.r.ret_str);
2776 /* If it is all digits, stick a Z in front of it for
2777 later. This is for backwards compatibility with
2778 versions that took the compress algorithm number. */
2780 char *pt=pargs.r.ret_str;
2783 if (!isascii (*pt) || !isdigit (*pt))
2791 compress_algo_string=xmalloc(strlen(pargs.r.ret_str)+2);
2792 strcpy(compress_algo_string,"Z");
2793 strcat(compress_algo_string,pargs.r.ret_str);
2796 compress_algo_string = xstrdup(pargs.r.ret_str);
2799 case oCertDigestAlgo:
2800 cert_digest_string = xstrdup(pargs.r.ret_str);
2804 gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
2807 case oRequireSecmem: require_secmem=1; break;
2808 case oNoRequireSecmem: require_secmem=0; break;
2809 case oNoPermissionWarn: opt.no_perm_warn=1; break;
2810 case oNoMDCWarn: opt.no_mdc_warn=1; break;
2811 case oDisplayCharset:
2812 if( set_native_charset( pargs.r.ret_str ) )
2813 log_error(_("'%s' is not a valid character set\n"),
2816 case oNotDashEscaped: opt.not_dash_escaped = 1; break;
2817 case oEscapeFrom: opt.escape_from = 1; break;
2818 case oNoEscapeFrom: opt.escape_from = 0; break;
2819 case oLockOnce: opt.lock_once = 1; break;
2826 #else /* __riscos__ */
2827 riscos_not_implemented("lock-multiple");
2828 #endif /* __riscos__ */
2832 keyserver_spec_t keyserver;
2833 keyserver = parse_keyserver_uri (pargs.r.ret_str, 0);
2835 log_error (_("could not parse keyserver URL\n"));
2838 /* We only support a single keyserver. Later ones
2839 override earlier ones. (Since we parse the
2840 config file first and then the command line
2841 arguments, the command line takes
2844 free_keyserver_spec (opt.keyserver);
2845 opt.keyserver = keyserver;
2849 case oKeyServerOptions:
2850 if(!parse_keyserver_options(pargs.r.ret_str))
2853 log_error(_("%s:%d: invalid keyserver options\n"),
2854 configname,configlineno);
2856 log_error(_("invalid keyserver options\n"));
2859 case oImportOptions:
2860 if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
2863 log_error(_("%s:%d: invalid import options\n"),
2864 configname,configlineno);
2866 log_error(_("invalid import options\n"));
2869 case oExportOptions:
2870 if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
2873 log_error(_("%s:%d: invalid export options\n"),
2874 configname,configlineno);
2876 log_error(_("invalid export options\n"));
2880 if(!parse_list_options(pargs.r.ret_str))
2883 log_error(_("%s:%d: invalid list options\n"),
2884 configname,configlineno);
2886 log_error(_("invalid list options\n"));
2889 case oVerifyOptions:
2891 struct parse_options vopts[]=
2893 {"show-photos",VERIFY_SHOW_PHOTOS,NULL,
2894 N_("display photo IDs during signature verification")},
2895 {"show-policy-urls",VERIFY_SHOW_POLICY_URLS,NULL,
2896 N_("show policy URLs during signature verification")},
2897 {"show-notations",VERIFY_SHOW_NOTATIONS,NULL,
2898 N_("show all notations during signature verification")},
2899 {"show-std-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
2900 N_("show IETF standard notations during signature verification")},
2901 {"show-standard-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
2903 {"show-user-notations",VERIFY_SHOW_USER_NOTATIONS,NULL,
2904 N_("show user-supplied notations during signature verification")},
2905 {"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS,NULL,
2906 N_("show preferred keyserver URLs during signature verification")},
2907 {"show-uid-validity",VERIFY_SHOW_UID_VALIDITY,NULL,
2908 N_("show user ID validity during signature verification")},
2909 {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
2910 N_("show revoked and expired user IDs in signature verification")},
2911 {"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
2912 N_("show only the primary user ID in signature verification")},
2913 {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
2914 N_("validate signatures with PKA data")},
2915 {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
2916 N_("elevate the trust of signatures with valid PKA data")},
2920 if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
2923 log_error(_("%s:%d: invalid verify options\n"),
2924 configname,configlineno);
2926 log_error(_("invalid verify options\n"));
2930 case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
2932 if(set_exec_path(pargs.r.ret_str))
2933 log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
2935 opt.exec_path_set=1;
2938 add_notation_data( pargs.r.ret_str, 0 );
2939 add_notation_data( pargs.r.ret_str, 1 );
2941 case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
2942 case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
2944 deprecated_warning(configname,configlineno,"--show-notation",
2945 "--list-options ","show-notations");
2946 deprecated_warning(configname,configlineno,"--show-notation",
2947 "--verify-options ","show-notations");
2948 opt.list_options|=LIST_SHOW_NOTATIONS;
2949 opt.verify_options|=VERIFY_SHOW_NOTATIONS;
2951 case oNoShowNotation:
2952 deprecated_warning(configname,configlineno,"--no-show-notation",
2953 "--list-options ","no-show-notations");
2954 deprecated_warning(configname,configlineno,"--no-show-notation",
2955 "--verify-options ","no-show-notations");
2956 opt.list_options&=~LIST_SHOW_NOTATIONS;
2957 opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
2959 case oUtf8Strings: utf8_strings = 1; break;
2960 case oNoUtf8Strings: utf8_strings = 0; break;
2961 case oDisableCipherAlgo:
2963 int algo = string_to_cipher_algo (pargs.r.ret_str);
2964 gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
2967 case oDisablePubkeyAlgo:
2969 int algo = gcry_pk_map_name (pargs.r.ret_str);
2970 gcry_pk_ctl (GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
2973 case oNoSigCache: opt.no_sig_cache = 1; break;
2974 case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
2975 case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
2976 case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
2977 case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
2978 case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
2979 case oNoLiteral: opt.no_literal = 1; break;
2980 case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
2981 case oFastListMode: opt.fast_list_mode = 1; break;
2982 case oFixedListMode: /* Dummy */ break;
2983 case oLegacyListMode: opt.legacy_list_mode = 1; break;
2984 case oPrintPKARecords: opt.print_pka_records = 1; break;
2985 case oListOnly: opt.list_only=1; break;
2986 case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
2987 case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
2988 case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
2989 case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
2990 case oNoRandomSeedFile: use_random_seed = 0; break;
2991 case oAutoKeyRetrieve:
2992 case oNoAutoKeyRetrieve:
2993 if(pargs.r_opt==oAutoKeyRetrieve)
2994 opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
2996 opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
2998 deprecated_warning(configname,configlineno,
2999 pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve":
3000 "--no-auto-key-retrieve","--keyserver-options ",
3001 pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve":
3002 "no-auto-key-retrieve");
3004 case oShowSessionKey: opt.show_session_key = 1; break;
3005 case oOverrideSessionKey:
3006 opt.override_session_key = pargs.r.ret_str;
3009 deprecated_warning(configname,configlineno,"--merge-only",
3010 "--import-options ","merge-only");
3011 opt.import_options|=IMPORT_MERGE_ONLY;
3013 case oAllowSecretKeyImport: /* obsolete */ break;
3014 case oTryAllSecrets: opt.try_all_secrets = 1; break;
3015 case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
3016 case oEnableSpecialFilenames:
3017 iobuf_enable_special_filenames (1);
3019 case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
3020 case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
3021 case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
3022 case oPreservePermissions: opt.preserve_permissions=1; break;
3023 case oDefaultPreferenceList:
3024 opt.def_preference_list = pargs.r.ret_str;
3026 case oDefaultKeyserverURL:
3028 keyserver_spec_t keyserver;
3029 keyserver = parse_keyserver_uri (pargs.r.ret_str,1 );
3031 log_error (_("could not parse keyserver URL\n"));
3033 free_keyserver_spec (keyserver);
3035 opt.def_keyserver_url = pargs.r.ret_str;
3038 case oPersonalCipherPreferences:
3039 pers_cipher_list=pargs.r.ret_str;
3041 case oPersonalDigestPreferences:
3042 pers_digest_list=pargs.r.ret_str;
3044 case oPersonalCompressPreferences:
3045 pers_compress_list=pargs.r.ret_str;
3047 case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
3048 case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
3051 set_opt_session_env ("DISPLAY", pargs.r.ret_str);
3054 set_opt_session_env ("GPG_TTY", pargs.r.ret_str);
3057 set_opt_session_env ("TERM", pargs.r.ret_str);
3060 set_opt_session_env ("XAUTHORITY", pargs.r.ret_str);
3063 case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
3064 case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
3066 case oGroup: add_group(pargs.r.ret_str); break;
3067 case oUnGroup: rm_group(pargs.r.ret_str); break;
3069 while(opt.grouplist)
3071 struct groupitem *iter=opt.grouplist;
3072 free_strlist(iter->values);
3073 opt.grouplist=opt.grouplist->next;
3083 case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
3084 case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
3085 case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
3086 case oMultifile: multifile=1; break;
3088 if(ascii_strcasecmp(pargs.r.ret_str,"short")==0)
3089 opt.keyid_format=KF_SHORT;
3090 else if(ascii_strcasecmp(pargs.r.ret_str,"long")==0)
3091 opt.keyid_format=KF_LONG;
3092 else if(ascii_strcasecmp(pargs.r.ret_str,"0xshort")==0)
3093 opt.keyid_format=KF_0xSHORT;
3094 else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
3095 opt.keyid_format=KF_0xLONG;
3097 log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
3100 case oExitOnStatusWriteError:
3101 opt.exit_on_status_write_error = 1;
3104 case oLimitCardInsertTries:
3105 opt.limit_card_insert_tries = pargs.r.ret_int;
3108 case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
3109 case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
3111 case oAutoKeyLocate:
3112 if(!parse_auto_key_locate(pargs.r.ret_str))
3115 log_error(_("%s:%d: invalid auto-key-locate list\n"),
3116 configname,configlineno);
3118 log_error(_("invalid auto-key-locate list\n"));
3121 case oNoAutoKeyLocate:
3125 case oEnableLargeRSA:
3126 #if SECMEM_BUFFER_SIZE >= 65536
3127 opt.flags.large_rsa=1;
3130 log_info("%s:%d: WARNING: gpg not built with large secure "
3131 "memory buffer. Ignoring enable-large-rsa\n",
3132 configname,configlineno);
3134 log_info("WARNING: gpg not built with large secure "
3135 "memory buffer. Ignoring --enable-large-rsa\n");
3136 #endif /* SECMEM_BUFFER_SIZE >= 65536 */
3138 case oDisableLargeRSA: opt.flags.large_rsa=0;
3141 case oEnableDSA2: opt.flags.dsa2=1; break;
3142 case oDisableDSA2: opt.flags.dsa2=0; break;
3144 case oAllowMultisigVerification:
3145 case oAllowMultipleMessages:
3146 opt.flags.allow_multiple_messages=1;
3149 case oNoAllowMultipleMessages:
3150 opt.flags.allow_multiple_messages=0;
3153 case oAllowWeakDigestAlgos:
3154 opt.flags.allow_weak_digest_algos = 1;
3157 case oFakedSystemTime:
3159 time_t faked_time = isotime2epoch (pargs.r.ret_str);
3160 if (faked_time == (time_t)(-1))
3161 faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
3162 gnupg_set_time (faked_time, 0);
3166 case oNoAutostart: opt.autostart = 0; break;
3171 pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
3180 /* Remember the first config file name. */
3181 if (!save_configname)
3182 save_configname = configname;
3188 xfree(configname); configname = NULL;
3189 if (log_get_errorcount (0))
3192 /* The command --gpgconf-list is pretty simple and may be called
3193 directly after the option parsing. */
3194 if (cmd == aGPGConfList)
3196 gpgconf_list (save_configname ? save_configname : default_configname);
3199 xfree (save_configname);
3200 xfree (default_configname);
3207 es_fprintf (es_stderr, "%s %s; %s\n",
3208 strusage(11), strusage(13), strusage(14) );
3209 es_fprintf (es_stderr, "%s\n", strusage(15) );
3211 #ifdef IS_DEVELOPMENT_VERSION
3216 if((s=strusage(25)))
3218 if((s=strusage(26)))
3220 if((s=strusage(27)))
3225 /* FIXME: We should use logging to a file only in server mode;
3226 however we have not yet implemetyed that. Thus we try to get
3227 away with --batch as indication for logging to file
3229 if (logfile && opt.batch)
3231 log_set_file (logfile);
3232 log_set_prefix (NULL, 1|2|4);
3235 if (opt.verbose > 2)
3236 log_info ("using character set '%s'\n", get_native_charset ());
3238 if( may_coredump && !opt.quiet )
3239 log_info(_("WARNING: program may create a core file!\n"));
3242 if (opt.set_filename)
3243 log_info(_("WARNING: %s overrides %s\n"),
3244 "--for-your-eyes-only","--set-filename");
3246 opt.set_filename="_CONSOLE";
3249 if (opt.no_literal) {
3250 log_info(_("Note: %s is not for normal use!\n"), "--no-literal");
3252 log_error(_("%s not allowed with %s!\n"),
3253 "--textmode", "--no-literal" );
3254 if (opt.set_filename)
3255 log_error(_("%s makes no sense with %s!\n"),
3256 eyes_only?"--for-your-eyes-only":"--set-filename",
3261 if (opt.set_filesize)
3262 log_info(_("Note: %s is not for normal use!\n"), "--set-filesize");
3266 if (gnupg_faked_time_p ())
3268 gnupg_isotime_t tbuf;
3270 log_info (_("WARNING: running with faked system time: "));
3271 gnupg_get_isotime (tbuf);
3272 dump_isotime (tbuf);
3276 /* Print a warning if an argument looks like an option. */
3277 if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
3281 for (i=0; i < argc; i++)
3282 if (argv[i][0] == '-' && argv[i][1] == '-')
3283 log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
3287 gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
3289 if(require_secmem && !got_secmem)
3291 log_info(_("will not run with insecure memory due to %s\n"),
3292 "--require-secmem");
3296 set_debug (debug_level);
3298 log_clock ("start");
3300 /* Do these after the switch(), so they can override settings. */
3303 /* That does not anymore work becuase we have no more support
3304 for v3 signatures. */
3307 opt.ask_sig_expire=0;
3311 /* That does not anymore work because we have no more support
3312 for v3 signatures. */
3314 opt.ask_sig_expire=0;
3322 if( def_cipher_string ) {
3323 opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
3324 xfree(def_cipher_string); def_cipher_string = NULL;
3325 if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
3326 log_error(_("selected cipher algorithm is invalid\n"));
3328 if( def_digest_string ) {
3329 opt.def_digest_algo = string_to_digest_algo (def_digest_string);
3330 xfree(def_digest_string); def_digest_string = NULL;
3331 if ( openpgp_md_test_algo (opt.def_digest_algo) )
3332 log_error(_("selected digest algorithm is invalid\n"));
3334 if( compress_algo_string ) {
3335 opt.compress_algo = string_to_compress_algo(compress_algo_string);
3336 xfree(compress_algo_string); compress_algo_string = NULL;
3337 if( check_compress_algo(opt.compress_algo) )
3338 log_error(_("selected compression algorithm is invalid\n"));
3340 if( cert_digest_string ) {
3341 opt.cert_digest_algo = string_to_digest_algo (cert_digest_string);
3342 xfree(cert_digest_string); cert_digest_string = NULL;
3343 if (openpgp_md_test_algo(opt.cert_digest_algo))
3344 log_error(_("selected certification digest algorithm is invalid\n"));
3346 if( s2k_cipher_string ) {
3347 opt.s2k_cipher_algo = string_to_cipher_algo (s2k_cipher_string);
3348 xfree(s2k_cipher_string); s2k_cipher_string = NULL;
3349 if (openpgp_cipher_test_algo (opt.s2k_cipher_algo))
3350 log_error(_("selected cipher algorithm is invalid\n"));
3352 if( s2k_digest_string ) {
3353 opt.s2k_digest_algo = string_to_digest_algo (s2k_digest_string);
3354 xfree(s2k_digest_string); s2k_digest_string = NULL;
3355 if (openpgp_md_test_algo(opt.s2k_digest_algo))
3356 log_error(_("selected digest algorithm is invalid\n"));
3358 if( opt.completes_needed < 1 )
3359 log_error(_("completes-needed must be greater than 0\n"));
3360 if( opt.marginals_needed < 2 )
3361 log_error(_("marginals-needed must be greater than 1\n"));
3362 if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
3363 log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
3364 if(opt.def_cert_level<0 || opt.def_cert_level>3)
3365 log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
3366 if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
3367 log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
3368 switch( opt.s2k_mode ) {
3370 log_info(_("Note: simple S2K mode (0) is strongly discouraged\n"));
3372 case 1: case 3: break;
3374 log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
3377 /* This isn't actually needed, but does serve to error out if the
3378 string is invalid. */
3379 if(opt.def_preference_list &&
3380 keygen_set_std_prefs(opt.def_preference_list,0))
3381 log_error(_("invalid default preferences\n"));
3383 if(pers_cipher_list &&
3384 keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
3385 log_error(_("invalid personal cipher preferences\n"));
3387 if(pers_digest_list &&
3388 keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
3389 log_error(_("invalid personal digest preferences\n"));
3391 if(pers_compress_list &&
3392 keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
3393 log_error(_("invalid personal compress preferences\n"));
3395 /* We don't support all possible commands with multifile yet */
3406 cmdname="--clearsign";
3409 cmdname="--detach-sign";
3412 cmdname="--symmetric";
3415 cmdname="--symmetric --encrypt";
3426 log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
3429 if( log_get_errorcount(0) )
3432 if(opt.compress_level==0)
3433 opt.compress_algo=COMPRESS_ALGO_NONE;
3435 /* Check our chosen algorithms against the list of legal
3440 const char *badalg=NULL;
3441 preftype_t badtype=PREFTYPE_NONE;
3443 if(opt.def_cipher_algo
3444 && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
3446 badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
3447 badtype = PREFTYPE_SYM;
3449 else if(opt.def_digest_algo
3450 && !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
3452 badalg = gcry_md_algo_name (opt.def_digest_algo);
3453 badtype = PREFTYPE_HASH;
3455 else if(opt.cert_digest_algo
3456 && !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
3458 badalg = gcry_md_algo_name (opt.cert_digest_algo);
3459 badtype = PREFTYPE_HASH;
3461 else if(opt.compress_algo!=-1
3462 && !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
3464 badalg = compress_algo_to_string(opt.compress_algo);
3465 badtype = PREFTYPE_ZIP;
3473 log_info(_("you may not use cipher algorithm '%s'"
3474 " while in %s mode\n"),
3475 badalg,compliance_option_string());
3478 log_info(_("you may not use digest algorithm '%s'"
3479 " while in %s mode\n"),
3480 badalg,compliance_option_string());
3483 log_info(_("you may not use compression algorithm '%s'"
3484 " while in %s mode\n"),
3485 badalg,compliance_option_string());
3491 compliance_failure();
3495 /* Set the random seed file. */
3496 if( use_random_seed ) {
3497 char *p = make_filename(opt.homedir, "random_seed", NULL );
3498 gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
3499 if (!access (p, F_OK))
3500 register_secured_file (p);
3504 /* If there is no command but the --fingerprint is given, default
3505 to the --list-keys command. */
3506 if (!cmd && fpr_maybe_cmd)
3508 set_cmd (&cmd, aListKeys);
3512 if( opt.verbose > 1 )
3513 set_packet_list_mode(1);
3515 /* Add the keyrings, but not for some special commands.
3516 We always need to add the keyrings if we are running under
3517 SELinux, this is so that the rings are added to the list of
3519 if( ALWAYS_ADD_KEYRINGS
3520 || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
3522 if (!nrings || default_keyring) /* Add default ring. */
3523 keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
3524 KEYDB_RESOURCE_FLAG_DEFAULT);
3525 for (sl = nrings; sl; sl = sl->next )
3526 keydb_add_resource (sl->d, sl->flags);
3528 FREE_STRLIST(nrings);
3530 if (cmd == aGPGConfTest)
3534 if( pwfd != -1 ) /* Read the passphrase now. */
3535 read_passphrase_from_fd( pwfd );
3537 fname = argc? *argv : NULL;
3539 if(fname && utf8_strings)
3540 opt.flags.utf8_filename=1;
3542 ctrl = xcalloc (1, sizeof *ctrl);
3543 gpg_init_default_ctrl (ctrl);
3545 #ifndef NO_TRUST_MODELS
3556 case aExportOwnerTrust:
3557 rc = setup_trustdb (0, trustdb_name);
3560 rc = setup_trustdb (argc? 1:0, trustdb_name);
3563 /* If we are using TM_ALWAYS, we do not need to create the
3565 rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
3569 log_error (_("failed to initialize the TrustDB: %s\n"),
3571 #endif /*!NO_TRUST_MODELS*/
projects / gnupg.git / blob