/* gpg.c - The GnuPG utility (main for gpg)
* Copyright (C) 1998-2011 Free Software Foundation, Inc.
- * Copyright (C) 1997-2014 Werner Koch
- * Copyright (C) 2015 g10 Code GmbH
+ * Copyright (C) 1997-2016 Werner Koch
+ * Copyright (C) 2015-2016 g10 Code GmbH
*
* This file is part of GnuPG.
*
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
-#include <assert.h>
#ifdef HAVE_STAT
#include <sys/stat.h> /* for stat() */
#endif
#include "call-dirmngr.h"
#include "tofu.h"
#include "../common/init.h"
+#include "../common/mbox-util.h"
#include "../common/shareddefs.h"
#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
aSym = 'c',
aDecrypt = 'd',
aEncr = 'e',
+ oRecipientFile = 'f',
+ oHiddenRecipientFile = 'F',
oInteractive = 'i',
aListKeys = 'k',
oDryRun = 'n',
aListSecretKeys = 'K',
oBatch = 500,
oMaxOutput,
+ oInputSizeHint,
oSigNotation,
oCertNotation,
oShowNotation,
aQuickSignKey,
aQuickLSignKey,
aQuickAddUid,
+ aQuickAddKey,
+ aQuickRevUid,
aListConfig,
aListGcryptConfig,
aGPGConfList,
aExport,
aExportSecret,
aExportSecretSub,
+ aExportSshKey,
aCheckKeys,
aGenRevoke,
aDesigRevoke,
aServer,
aTOFUPolicy,
+ oMimemode,
oTextmode,
oNoTextmode,
oExpert,
oNoAskCertLevel,
oFingerprint,
oWithFingerprint,
+ oWithSubkeyFingerprint,
oWithICAOSpelling,
oWithKeygrip,
oWithSecret,
+ oWithWKDHash,
+ oWithColons,
+ oWithKeyData,
+ oWithTofuInfo,
+ oWithSigList,
+ oWithSigCheck,
oAnswerYes,
oAnswerNo,
oKeyring,
oMarginalsNeeded,
oMaxCertDepth,
oLoadExtension,
+ oCompliance,
oGnuPG,
oRFC2440,
oRFC4880,
+ oRFC4880bis,
oOpenPGP,
oPGP6,
oPGP7,
oPGP8,
+ oDE_VS,
oRFC2440Text,
oNoRFC2440Text,
oCipherAlgo,
oNoMDCWarn,
oNoArmor,
oNoDefKeyring,
+ oNoKeyring,
oNoGreeting,
oNoTTY,
oNoOptions,
oNoBatch,
oHomedir,
- oWithColons,
- oWithKeyData,
- oWithSigList,
- oWithSigCheck,
oSkipVerify,
oSkipHiddenRecipients,
oNoSkipHiddenRecipients,
oKeyServer,
oKeyServerOptions,
oImportOptions,
+ oImportFilter,
oExportOptions,
+ oExportFilter,
oListOptions,
oVerifyOptions,
oTempDir,
oIgnoreMDCError,
oShowSessionKey,
oOverrideSessionKey,
+ oOverrideSessionKeyFD,
oNoRandomSeedFile,
oAutoKeyRetrieve,
oNoAutoKeyRetrieve,
oWeakDigest,
oUnwrap,
oOnlySignTextIDs,
+ oDisableSignerUID,
+ oSender,
oNoop
};
N_("quickly generate a new key pair")),
ARGPARSE_c (aQuickAddUid, "quick-adduid",
N_("quickly add a new user-id")),
+ ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"),
+ ARGPARSE_c (aQuickRevUid, "quick-revuid",
+ N_("quickly revoke a user-id")),
ARGPARSE_c (aFullKeygen, "full-gen-key" ,
N_("full featured key pair generation")),
ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")),
ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
ARGPARSE_c (aExport, "export" , N_("export keys") ),
- ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a key server") ),
- ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a key server") ),
+ ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a keyserver") ),
+ ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a keyserver") ),
ARGPARSE_c (aSearchKeys, "search-keys" ,
- N_("search for keys on a key server") ),
+ N_("search for keys on a keyserver") ),
ARGPARSE_c (aRefreshKeys, "refresh-keys",
N_("update all keys from a keyserver")),
ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
ARGPARSE_c (aExportSecretSub, "export-secret-subkeys" , "@" ),
+ ARGPARSE_c (aExportSshKey, "export-ssh-key", "@" ),
ARGPARSE_c (aImport, "import", N_("import/merge keys")),
ARGPARSE_c (aFastImport, "fast-import", "@"),
#ifdef ENABLE_CARD_SUPPORT
ARGPARSE_c (aGenRandom,"gen-random", "@" ),
ARGPARSE_c (aServer, "server", N_("run in server mode")),
ARGPARSE_c (aTOFUPolicy, "tofu-policy",
- N_("|VALUE|set the TOFU policy for a key (good, unknown, bad, ask, auto)")),
+ N_("|VALUE|set the TOFU policy for a key")),
ARGPARSE_group (301, N_("@\nOptions:\n ")),
ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
+ ARGPARSE_s_s (oRecipientFile, "recipient-file", "@"),
+ ARGPARSE_s_s (oHiddenRecipientFile, "hidden-recipient-file", "@"),
ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */
ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"),
ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"),
ARGPARSE_s_s (oLocalUser, "local-user",
N_("|USER-ID|use USER-ID to sign or decrypt")),
+ ARGPARSE_s_s (oSender, "sender", "@"),
ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"),
ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
+ ARGPARSE_s_n (oMimemode, "mimemode", "@"),
ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
- ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
+ ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
ARGPARSE_s_n (oExpert, "expert", "@"),
ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
+ ARGPARSE_s_s (oInputSizeHint, "input-size-hint", "@"),
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
ARGPARSE_s_n (oQuiet, "quiet", "@"),
ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
+ ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
+
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
ARGPARSE_s_s (oImportOptions, "import-options", "@"),
+ ARGPARSE_s_s (oImportFilter, "import-filter", "@"),
ARGPARSE_s_s (oExportOptions, "export-options", "@"),
+ ARGPARSE_s_s (oExportFilter, "export-filter", "@"),
ARGPARSE_s_s (oListOptions, "list-options", "@"),
ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
ARGPARSE_s_s (oLoadExtension, "load-extension", "@"), /* Dummy. */
+ ARGPARSE_s_s (oCompliance, "compliance", "@"),
ARGPARSE_s_n (oGnuPG, "gnupg", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
ARGPARSE_s_n (oPGP6, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
+ ARGPARSE_s_n (oNoKeyring, "no-keyring", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_n (oNoOptions, "no-options", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
ARGPARSE_s_n (oWithColons, "with-colons", "@"),
+ ARGPARSE_s_n (oWithTofuInfo,"with-tofu-info", "@"),
ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
+#ifndef NO_TRUST_MODELS
ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
+#endif
ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
- ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
+ ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprint", "@"),
+ ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"),
ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
+ ARGPARSE_s_n (oWithWKDHash, "with-wkd-hash", "@"),
ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"),
ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
+ ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),
ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"),
ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"),
ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
+ ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
/* Dummy options. */
ARGPARSE_s_n (oNoop, "sk-comments", "@"),
static void add_policy_url( const char *string, int which );
static void add_keyserver_url( const char *string, int which );
static void emergency_cleanup (void);
+static void read_sessionkey_from_fd (int fd);
static char *
case 31: p = "\nHome: "; break;
#ifndef __riscos__
- case 32: p = opt.homedir; break;
+ case 32: p = gnupg_homedir (); break;
#else /* __riscos__ */
- case 32: p = make_filename(opt.homedir, NULL); break;
+ case 32: p = make_filename(gnupg_homedir (), NULL); break;
#endif /* __riscos__ */
case 33: p = _("\nSupported algorithms:\n"); break;
case 34:
if (maybe_setuid)
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
- indent = utf8_charcount (text);
+ indent = utf8_charcount (text, -1);
len = 0;
init_membuf (&mb, 512);
g10_exit (2);
}
- if (opt.debug & DBG_MEMORY_VALUE )
+ if ((opt.debug & DBG_MEMORY_VALUE))
memory_debug_mode = 1;
- if (opt.debug & DBG_MEMSTAT_VALUE )
+ if ((opt.debug & DBG_MEMSTAT_VALUE))
memory_stat_debug_mode = 1;
- if (opt.debug & DBG_MPI_VALUE)
+ if (DBG_MPI)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
- if (opt.debug & DBG_CRYPTO_VALUE )
+ if (DBG_CRYPTO)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
- if (opt.debug & DBG_IOBUF_VALUE )
+ if ((opt.debug & DBG_IOBUF_VALUE))
iobuf_debug_mode = 1;
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
}
-
-/* We need the home directory also in some other directories, so make
- sure that both variables are always in sync. */
-static void
-set_homedir (const char *dir)
-{
- if (!dir)
- dir = "";
- opt.homedir = dir;
-}
-
-
/* We set the screen dimensions for UI purposes. Do not allow screens
smaller than 80x24 for the sake of simplicity. */
static void
if(opt.no_perm_warn)
return 0;
- assert(item==0 || item==1 || item==2);
+ log_assert(item==0 || item==1 || item==2);
/* extensions may attach a path */
if(item==2 && path[0]!=DIRSEP_C)
could be rectified if the homedir itself had proper
permissions. */
if(item!=0 && homedir_cache>-1
- && ascii_strncasecmp(opt.homedir,tmppath,strlen(opt.homedir))==0)
+ && !ascii_strncasecmp (gnupg_homedir (), tmppath,
+ strlen (gnupg_homedir ())))
{
ret=homedir_cache;
goto end;
}
#endif /*NO_TRUST_MODELS*/
+
static int
-parse_tofu_policy (const char *policy)
+parse_tofu_policy (const char *policystr)
{
#ifdef USE_TOFU
- if (ascii_strcasecmp (policy, "auto") == 0)
- return TOFU_POLICY_AUTO;
- else if (ascii_strcasecmp (policy, "good") == 0)
- return TOFU_POLICY_GOOD;
- else if (ascii_strcasecmp (policy, "unknown") == 0)
- return TOFU_POLICY_UNKNOWN;
- else if (ascii_strcasecmp (policy, "bad") == 0)
- return TOFU_POLICY_BAD;
- else if (ascii_strcasecmp (policy, "ask") == 0)
- return TOFU_POLICY_ASK;
- else
-#endif /*USE_TOFU*/
+ struct { const char *keyword; int policy; } list[] = {
+ { "auto", TOFU_POLICY_AUTO },
+ { "good", TOFU_POLICY_GOOD },
+ { "unknown", TOFU_POLICY_UNKNOWN },
+ { "bad", TOFU_POLICY_BAD },
+ { "ask", TOFU_POLICY_ASK }
+ };
+ int i;
+
+ if (!ascii_strcasecmp (policystr, "help"))
{
- log_error (_("unknown TOFU policy '%s'\n"), policy);
+ log_info (_("valid values for option '%s':\n"), "--tofu-policy");
+ for (i=0; i < DIM (list); i++)
+ log_info (" %s\n", list[i].keyword);
g10_exit (1);
}
+
+ for (i=0; i < DIM (list); i++)
+ if (!ascii_strcasecmp (policystr, list[i].keyword))
+ return list[i].policy;
+#endif /*USE_TOFU*/
+
+ log_error (_("unknown TOFU policy '%s'\n"), policystr);
+ if (!opt.quiet)
+ log_info (_("(use \"help\" to list choices)\n"));
+ g10_exit (1);
}
+
+/* Parse the value of --compliance. */
static int
-parse_tofu_db_format (const char *db_format)
+parse_compliance_option (const char *string)
{
-#ifdef USE_TOFU
- if (ascii_strcasecmp (db_format, "auto") == 0)
- return TOFU_DB_AUTO;
- else if (ascii_strcasecmp (db_format, "split") == 0)
- return TOFU_DB_SPLIT;
- else if (ascii_strcasecmp (db_format, "flat") == 0)
- return TOFU_DB_FLAT;
- else
-#endif /*USE_TOFU*/
+ struct { const char *keyword; enum cmd_and_opt_values option; } list[] = {
+ { "gnupg", oGnuPG },
+ { "openpgp", oOpenPGP },
+ { "rfc4880bis", oRFC4880bis },
+ { "rfc4880", oRFC4880 },
+ { "rfc2440", oRFC2440 },
+ { "pgp6", oPGP6 },
+ { "pgp7", oPGP7 },
+ { "pgp8", oPGP8 },
+ { "de-vs", oDE_VS }
+ };
+ int i;
+
+ if (!ascii_strcasecmp (string, "help"))
{
- log_error (_("unknown TOFU DB format '%s'\n"), db_format);
+ log_info (_("valid values for option '%s':\n"), "--compliance");
+ for (i=0; i < DIM (list); i++)
+ log_info (" %s\n", list[i].keyword);
g10_exit (1);
}
+
+ for (i=0; i < DIM (list); i++)
+ if (!ascii_strcasecmp (string, list[i].keyword))
+ return list[i].option;
+
+ log_error (_("invalid value for option '%s'\n"), "--compliance");
+ if (!opt.quiet)
+ log_info (_("(use \"help\" to list choices)\n"));
+ g10_exit (1);
+}
+
+
+
+/* Helper to set compliance related options. This is a separte
+ * function so that it can also be used by the --compliance option
+ * parser. */
+static void
+set_compliance_option (enum cmd_and_opt_values option)
+{
+ switch (option)
+ {
+ case oRFC4880bis:
+ opt.flags.rfc4880bis = 1;
+ /* fall through. */
+ case oOpenPGP:
+ case oRFC4880:
+ /* This is effectively the same as RFC2440, but with
+ "--enable-dsa2 --no-rfc2440-text --escape-from-lines
+ --require-cross-certification". */
+ opt.compliance = CO_RFC4880;
+ opt.flags.dsa2 = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.rfc2440_text = 0;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 1;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
+ opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
+ break;
+ case oRFC2440:
+ opt.compliance = CO_RFC2440;
+ opt.flags.dsa2 = 0;
+ opt.rfc2440_text = 1;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 0;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
+ opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
+ break;
+ case oPGP6: opt.compliance = CO_PGP6; break;
+ case oPGP7: opt.compliance = CO_PGP7; break;
+ case oPGP8: opt.compliance = CO_PGP8; break;
+ case oGnuPG: opt.compliance = CO_GNUPG; break;
+
+ case oDE_VS:
+ set_compliance_option (oOpenPGP);
+ opt.compliance = CO_DE_VS;
+ /* Fixme: Change other options. */
+ break;
+
+ default:
+ BUG ();
+ }
}
-/* This fucntion called to initialized a new control object. It is
+
+
+
+
+
+/* This function called to initialized a new control object. It is
assumed that this object has been zeroed out before calling this
function. */
static void
static void
gpg_deinit_default_ctrl (ctrl_t ctrl)
{
+#ifdef USE_TOFU
+ tofu_closedbs (ctrl);
+#endif
gpg_dirmngr_deinit_session_data (ctrl);
}
break;
}
- configname = make_filename (opt.homedir, name, NULL);
+ configname = make_filename (gnupg_homedir (), name, NULL);
}
while (access (configname, R_OK));
xfree(name);
if (! configname)
- configname = make_filename (opt.homedir, GPG_NAME EXTSEP_S "conf", NULL);
+ configname = make_filename (gnupg_homedir (),
+ GPG_NAME EXTSEP_S "conf", NULL);
if (! access (configname, R_OK))
{
/* Print a warning when both config files are present. */
- char *p = make_filename (opt.homedir, "options", NULL);
+ char *p = make_filename (gnupg_homedir (), "options", NULL);
if (! access (p, R_OK))
log_info (_("Note: old default options file '%s' ignored\n"), p);
xfree (p);
else
{
/* Use the old default only if it exists. */
- char *p = make_filename (opt.homedir, "options", NULL);
+ char *p = make_filename (gnupg_homedir (), "options", NULL);
if (!access (p, R_OK))
{
xfree (configname);
return configname;
}
-gpg_error_t
-check_user_ids (strlist_t *sp,
- int warn_possibly_ambiguous,
- int error_if_not_found)
-{
- strlist_t s = *sp;
- strlist_t s2 = NULL;
- strlist_t t;
-
- gpg_error_t rc = 0;
- gpg_error_t err;
-
- KEYDB_HANDLE hd = NULL;
-
- if (! s)
- return 0;
-
- for (t = s; t; t = t->next)
- {
- const char *option;
-
- KEYDB_SEARCH_DESC desc;
- KBNODE kb;
- PKT_public_key *pk;
- char fingerprint_bin[MAX_FINGERPRINT_LEN];
- size_t fingerprint_bin_len = sizeof (fingerprint_bin);
- char fingerprint[2 * MAX_FINGERPRINT_LEN + 1];
-
-
- switch (t->flags >> 2)
- {
- case oDefaultKey: option = "--default-key"; break;
- case oEncryptTo: option = "--encrypt-to"; break;
- case oHiddenEncryptTo: option = "--hidden-encrypt-to"; break;
- case oEncryptToDefaultKey: option = "--encrypt-to-default-key"; break;
- case oRecipient: option = "--recipient"; break;
- case oHiddenRecipient: option = "--hidden-recipient"; break;
- case oLocalUser: option = "--local-user"; break;
- default: log_bug ("Unsupport option: %d\n", t->flags >> 2);
- }
-
- err = classify_user_id (t->d, &desc, 1);
- if (err)
- {
- if (! rc)
- rc = err;
-
- log_error (_("Invalid value ('%s')."), t->d);
- if (!opt.quiet)
- log_info (_("(check argument of option '%s')\n"), option);
- continue;
- }
-
- if (warn_possibly_ambiguous
- && ! (desc.mode == KEYDB_SEARCH_MODE_LONG_KID
- || desc.mode == KEYDB_SEARCH_MODE_FPR16
- || desc.mode == KEYDB_SEARCH_MODE_FPR20
- || desc.mode == KEYDB_SEARCH_MODE_FPR))
- log_info (_("Warning: value '%s' for %s"
- " should be a long keyid or a fingerprint.\n"),
- t->d, option);
-
- if (! hd)
- hd = keydb_new ();
- else
- keydb_search_reset (hd);
-
- err = keydb_search (hd, &desc, 1, NULL);
- if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
- {
- if (error_if_not_found)
- {
- if (! rc)
- rc = err;
-
- log_error (_("no such key corresponding to '%s'\n"), t->d);
- if (!opt.quiet)
- log_info (_("(check argument of option '%s')\n"), option);
- }
- continue;
- }
- if (err)
- {
- if (! rc)
- rc = err;
-
- log_error (_("error looking up '%s' in keyring: %s.\n"),
- t->d, gpg_strerror (err));
- break;
- }
-
- err = keydb_get_keyblock (hd, &kb);
- if (err)
- {
- if (! rc)
- rc = err;
-
- log_error (_("error reading key block for '%s': %s\n"),
- t->d, gpg_strerror (err));
- continue;
- }
-
- pk = kb->pkt->pkt.public_key;
- fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
- assert (fingerprint_bin_len == sizeof (fingerprint_bin));
- bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
- add_to_strlist (&s2, fingerprint);
- s2->flags = s->flags;
-
- release_kbnode (kb);
-
- /* Continue the search. */
- err = keydb_search (hd, &desc, 1, NULL);
- if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND
- || gpg_err_code (err) == GPG_ERR_EOF))
- {
- char fingerprint_bin2[MAX_FINGERPRINT_LEN];
- size_t fingerprint_bin2_len = sizeof (fingerprint_bin2);
- char fingerprint2[2 * MAX_FINGERPRINT_LEN + 1];
-
- log_error (_("Error: the key specification '%s' is ambiguous.\n"),
- t->d);
- if (!opt.quiet)
- log_info (_("(check argument of option '%s')\n"), option);
-
- err = keydb_get_keyblock (hd, &kb);
- if (err)
- log_error (_("error reading key block for '%s': %s.\n"),
- t->d, gpg_strerror (err));
- else
- {
- pk = kb->pkt->pkt.public_key;
- fingerprint_from_pk (pk, fingerprint_bin2, &fingerprint_bin2_len);
- assert (fingerprint_bin2_len == sizeof (fingerprint_bin2));
- bin2hex (fingerprint_bin2, MAX_FINGERPRINT_LEN, fingerprint2);
-
- log_error ("'%s' matches at least: %s and %s.\n",
- t->d, fingerprint, fingerprint2);
-
- release_kbnode (kb);
- }
- }
- }
-
- strlist_rev (&s2);
-
- if (hd)
- keydb_release (hd);
-
- free_strlist (s);
- *sp = s2;
- return rc;
-}
-
int
main (int argc, char **argv)
{
const char *fname;
char *username;
int may_coredump;
- strlist_t sl, remusr= NULL, locusr=NULL;
+ strlist_t sl;
+ strlist_t remusr = NULL;
+ strlist_t locusr = NULL;
strlist_t nrings = NULL;
armor_filter_context_t *afx = NULL;
int detached_sig = 0;
int eyes_only=0;
int multifile=0;
int pwfd = -1;
+ int ovrseskeyfd = -1;
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0;
- int require_secmem=0,got_secmem=0;
+ int require_secmem = 0;
+ int got_secmem = 0;
struct assuan_malloc_hooks malloc_hooks;
ctrl_t ctrl;
+ static int print_dane_records;
+ static int print_pka_records;
+
+
#ifdef __riscos__
opt.lock_once = 1;
#endif /* __riscos__ */
-
/* Please note that we may running SUID(ROOT), so be very CAREFUL
when adding any stuff between here and the call to
secmem_init() somewhere after the option parsing. */
gnupg_rl_initialize ();
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
- log_set_prefix (GPG_NAME, 1);
+ log_set_prefix (GPG_NAME, GPGRT_LOG_WITH_PREFIX);
/* Make sure that our subsystems are ready. */
i18n_init();
init_common_subsystems (&argc, &argv);
- /* Check that the libraries are suitable. Do it right here because the
- option parsing may need services of the library. */
- if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
- {
- log_fatal ( _("libgcrypt is too old (need %s, have %s)\n"),
- NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
- }
-
/* Use our own logging handler for Libcgrypt. */
setup_libgcrypt_logging ();
| VERIFY_SHOW_POLICY_URLS
| VERIFY_SHOW_STD_NOTATIONS
| VERIFY_SHOW_KEYSERVER_URLS);
- opt.list_options = LIST_SHOW_UID_VALIDITY;
+ opt.list_options = (LIST_SHOW_UID_VALIDITY
+ | LIST_SHOW_USAGE);
#ifdef NO_TRUST_MODELS
opt.trust_model = TM_ALWAYS;
#else
opt.trust_model = TM_AUTO;
#endif
opt.tofu_default_policy = TOFU_POLICY_AUTO;
- opt.tofu_db_format = TOFU_DB_AUTO;
opt.mangle_dos_filenames = 0;
opt.min_cert_level = 2;
set_screen_dimensions ();
- opt.keyid_format = KF_SHORT;
+ opt.keyid_format = KF_NONE;
opt.def_sig_expire = "0";
opt.def_cert_expire = "0";
- set_homedir (default_homedir ());
+ gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
- opt.emit_version = 1; /* Limit to the major number. */
+ opt.emit_version = 0;
opt.weak_digests = NULL;
additional_weak_digest("MD5");
opt.no_homedir_creation = 1;
}
else if( pargs.r_opt == oHomedir )
- set_homedir ( pargs.r.ret_str );
+ gnupg_set_homedir (pargs.r.ret_str);
else if( pargs.r_opt == oNoPermissionWarn )
opt.no_perm_warn=1;
else if (pargs.r_opt == oStrict )
}
#ifdef HAVE_DOSISH_SYSTEM
- if ( strchr (opt.homedir,'\\') ) {
- char *d, *buf = xmalloc (strlen (opt.homedir)+1);
- const char *s = opt.homedir;
- for (d=buf,s=opt.homedir; *s; s++)
+ if ( strchr (gnupg_homedir (), '\\') ) {
+ char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1);
+ const char *s;
+ for (d=buf, s = gnupg_homedir (); *s; s++)
{
*d++ = *s == '\\'? '/': *s;
#ifdef HAVE_W32_SYSTEM
#endif
}
*d = 0;
- set_homedir (buf);
+ gnupg_set_homedir (buf);
}
#endif
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
- setup_libassuan_logging (&opt.debug);
+ setup_libassuan_logging (&opt.debug, NULL);
/* Try for a version specific config file first */
default_configname = get_default_configname ();
pargs.flags= ARGPARSE_FLAG_KEEP;
/* By this point we have a homedir, and cannot change it. */
- check_permissions(opt.homedir,0);
+ check_permissions (gnupg_homedir (), 0);
next_pass:
if( configname ) {
{
switch( pargs.r_opt )
{
- case aCheckKeys:
case aListConfig:
case aListGcryptConfig:
case aGPGConfList:
case aGPGConfTest:
+ set_cmd (&cmd, pargs.r_opt);
+ /* Do not register a keyring for these commands. */
+ default_keyring = -1;
+ break;
+
+ case aCheckKeys:
case aListPackets:
case aImport:
case aFastImport:
case aListSigs:
case aExportSecret:
case aExportSecretSub:
+ case aExportSshKey:
case aSym:
case aClearsign:
case aGenRevoke:
case aStore:
case aQuickKeygen:
case aQuickAddUid:
+ case aQuickAddKey:
+ case aQuickRevUid:
case aExportOwnerTrust:
case aImportOwnerTrust:
case aRebuildKeydbCaches:
case oArmor: opt.armor = 1; opt.no_armor=0; break;
case oOutput: opt.outfile = pargs.r.ret_str; break;
+
case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
+
+ case oInputSizeHint:
+ opt.input_size_hint = string_to_u64 (pargs.r.ret_str);
+ break;
+
case oQuiet: opt.quiet = 1; break;
case oNoTTY: tty_no_terminal(1); break;
case oDryRun: opt.dry_run = 1; break;
opt.with_fingerprint = 1;
opt.fingerprint++;
break;
+ case oWithSubkeyFingerprint:
+ opt.with_subkey_fingerprint = 1;
+ break;
case oWithICAOSpelling:
opt.with_icao_spelling = 1;
break;
opt.with_secret = 1;
break;
+ case oWithWKDHash:
+ opt.with_wkd_hash = 1;
+ break;
+
case oSecretKeyring:
/* Ignore this old option. */
break;
}
break;
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
- case oNoDefKeyring: default_keyring = 0; break;
+
+ case oNoDefKeyring:
+ if (default_keyring > 0)
+ default_keyring = 0;
+ break;
+ case oNoKeyring:
+ default_keyring = -1;
+ break;
+
case oNoGreeting: nogreeting = 1; break;
case oNoVerbose:
opt.verbose = 0;
#endif /*!NO_TRUST_MODELS*/
case oDefaultKey:
sl = add_to_strlist (&opt.def_secret_key, pargs.r.ret_str);
- sl->flags = (pargs.r_opt << 2);
+ sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
+ if (configfp)
+ sl->flags |= PK_LIST_CONFIG;
break;
case oDefRecipient:
if( *pargs.r.ret_str )
case oHomedir: break;
case oNoBatch: opt.batch = 0; break;
+ case oWithTofuInfo: opt.with_tofu_info = 1; break;
+
case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
case oWithColons: opt.with_colons=':'; break;
opt.tofu_default_policy = parse_tofu_policy (pargs.r.ret_str);
break;
case oTOFUDBFormat:
- opt.tofu_db_format = parse_tofu_db_format (pargs.r.ret_str);
+ obsolete_option (configname, configlineno, "tofu-db-format");
break;
case oForceOwnertrust:
/* Dummy so that gpg 1.4 conf files can work. Should
eventually be removed. */
break;
- case oOpenPGP:
- case oRFC4880:
- /* This is effectively the same as RFC2440, but with
- "--enable-dsa2 --no-rfc2440-text --escape-from-lines
- --require-cross-certification". */
- opt.compliance = CO_RFC4880;
- opt.flags.dsa2 = 1;
- opt.flags.require_cross_cert = 1;
- opt.rfc2440_text = 0;
- opt.allow_non_selfsigned_uid = 1;
- opt.allow_freeform_uid = 1;
- opt.escape_from = 1;
- opt.not_dash_escaped = 0;
- opt.def_cipher_algo = 0;
- opt.def_digest_algo = 0;
- opt.cert_digest_algo = 0;
- opt.compress_algo = -1;
- opt.s2k_mode = 3; /* iterated+salted */
- opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
- opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
- break;
- case oRFC2440:
- opt.compliance = CO_RFC2440;
- opt.flags.dsa2 = 0;
- opt.rfc2440_text = 1;
- opt.allow_non_selfsigned_uid = 1;
- opt.allow_freeform_uid = 1;
- opt.escape_from = 0;
- opt.not_dash_escaped = 0;
- opt.def_cipher_algo = 0;
- opt.def_digest_algo = 0;
- opt.cert_digest_algo = 0;
- opt.compress_algo = -1;
- opt.s2k_mode = 3; /* iterated+salted */
- opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
- opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
- break;
- case oPGP6: opt.compliance = CO_PGP6; break;
- case oPGP7: opt.compliance = CO_PGP7; break;
- case oPGP8: opt.compliance = CO_PGP8; break;
- case oGnuPG: opt.compliance = CO_GNUPG; break;
- case oRFC2440Text: opt.rfc2440_text=1; break;
- case oNoRFC2440Text: opt.rfc2440_text=0; break;
+
+ case oCompliance:
+ set_compliance_option (parse_compliance_option (pargs.r.ret_str));
+ break;
+ case oOpenPGP:
+ case oRFC2440:
+ case oRFC4880:
+ case oRFC4880bis:
+ case oPGP6:
+ case oPGP7:
+ case oPGP8:
+ case oGnuPG:
+ set_compliance_option (pargs.r_opt);
+ break;
+
+ case oRFC2440Text: opt.rfc2440_text=1; break;
+ case oNoRFC2440Text: opt.rfc2440_text=0; break;
+
case oSetFilename:
if(utf8_strings)
opt.set_filename = pargs.r.ret_str;
case oNoForceMDC: opt.force_mdc = 0; break;
case oDisableMDC: opt.disable_mdc = 1; break;
case oNoDisableMDC: opt.disable_mdc = 0; break;
+
+ case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
+
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
else
opt.s2k_count = 0; /* Auto-calibrate when needed. */
break;
- case oNoEncryptTo: opt.no_encrypt_to = 1; break;
- case oEncryptTo: /* store the recipient in the second list */
+
+ case oRecipient:
+ case oHiddenRecipient:
+ case oRecipientFile:
+ case oHiddenRecipientFile:
+ /* Store the recipient. Note that we also store the
+ * option as private data in the flags. This is achieved
+ * by shifting the option value to the left so to keep
+ * enough space for the flags. */
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
- sl->flags = (pargs.r_opt << 2) | 1;
+ sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
+ if (configfp)
+ sl->flags |= PK_LIST_CONFIG;
+ if (pargs.r_opt == oHiddenRecipient
+ || pargs.r_opt == oHiddenRecipientFile)
+ sl->flags |= PK_LIST_HIDDEN;
+ if (pargs.r_opt == oRecipientFile
+ || pargs.r_opt == oHiddenRecipientFile)
+ sl->flags |= PK_LIST_FROM_FILE;
+ any_explicit_recipient = 1;
break;
- case oHiddenEncryptTo: /* store the recipient in the second list */
+
+ case oEncryptTo:
+ case oHiddenEncryptTo:
+ /* Store an additional recipient. */
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
- sl->flags = (pargs.r_opt << 2) | 1|2;
+ sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO);
+ if (configfp)
+ sl->flags |= PK_LIST_CONFIG;
+ if (pargs.r_opt == oHiddenEncryptTo)
+ sl->flags |= PK_LIST_HIDDEN;
break;
+
+ case oNoEncryptTo:
+ opt.no_encrypt_to = 1;
+ break;
case oEncryptToDefaultKey:
- opt.encrypt_to_default_key = 1;
+ opt.encrypt_to_default_key = configfp ? 2 : 1;
break;
- case oRecipient: /* store the recipient */
- sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
- sl->flags = (pargs.r_opt << 2);
- any_explicit_recipient = 1;
- break;
- case oHiddenRecipient: /* store the recipient with a flag */
- sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
- sl->flags = (pargs.r_opt << 2) | 2;
- any_explicit_recipient = 1;
- break;
case oTrySecretKey:
add_to_strlist2 (&opt.secret_keys_to_try,
pargs.r.ret_str, utf8_strings);
break;
+ case oMimemode: opt.mimemode = opt.textmode = 1; break;
case oTextmodeShort: opt.textmode = 2; break;
case oTextmode: opt.textmode=1; break;
- case oNoTextmode: opt.textmode=0; break;
+ case oNoTextmode: opt.textmode=opt.mimemode=0; break;
+
case oExpert: opt.expert = 1; break;
case oNoExpert: opt.expert = 0; break;
case oDefSigExpire:
case oNoAskCertLevel: opt.ask_cert_level = 0; break;
case oLocalUser: /* store the local users */
sl = add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
- sl->flags = (pargs.r_opt << 2);
+ sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
+ if (configfp)
+ sl->flags |= PK_LIST_CONFIG;
+ break;
+ case oSender:
+ {
+ char *mbox = mailbox_from_userid (pargs.r.ret_str);
+ if (!mbox)
+ log_error (_("\"%s\" is not a proper mail address\n"),
+ pargs.r.ret_str);
+ else
+ {
+ add_to_strlist (&opt.sender_list, mbox);
+ xfree (mbox);
+ }
+ }
break;
case oCompress:
/* this is the -z command line option */
log_error(_("invalid import options\n"));
}
break;
+ case oImportFilter:
+ rc = parse_and_set_import_filter (pargs.r.ret_str);
+ if (rc)
+ log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
+ break;
case oExportOptions:
if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
{
log_error(_("invalid export options\n"));
}
break;
+ case oExportFilter:
+ rc = parse_and_set_export_filter (pargs.r.ret_str);
+ if (rc)
+ log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
+ break;
case oListOptions:
if(!parse_list_options(pargs.r.ret_str))
{
case oFastListMode: opt.fast_list_mode = 1; break;
case oFixedListMode: /* Dummy */ break;
case oLegacyListMode: opt.legacy_list_mode = 1; break;
- case oPrintPKARecords: opt.print_pka_records = 1; break;
- case oPrintDANERecords: opt.print_dane_records = 1; break;
+ case oPrintPKARecords: print_pka_records = 1; break;
+ case oPrintDANERecords: print_dane_records = 1; break;
case oListOnly: opt.list_only=1; break;
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
else
opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
-
- deprecated_warning(configname,configlineno,
- pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve":
- "--no-auto-key-retrieve","--keyserver-options ",
- pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve":
- "no-auto-key-retrieve");
break;
case oShowSessionKey: opt.show_session_key = 1; break;
case oOverrideSessionKey:
opt.override_session_key = pargs.r.ret_str;
break;
+ case oOverrideSessionKeyFD:
+ ovrseskeyfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
+ break;
case oMergeOnly:
deprecated_warning(configname,configlineno,"--merge-only",
"--import-options ","merge-only");
opt.keyid_format=KF_0xSHORT;
else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
opt.keyid_format=KF_0xLONG;
+ else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0)
+ opt.keyid_format = KF_NONE;
else
log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
break;
xfree (save_configname);
xfree (default_configname);
+ if (print_dane_records)
+ log_error ("invalid option \"%s\"; use \"%s\" instead\n",
+ "--print-dane-records",
+ "--export-options export-dane");
+ if (print_pka_records)
+ log_error ("invalid option \"%s\"; use \"%s\" instead\n",
+ "--print-pks-records",
+ "--export-options export-pka");
+ if (log_get_errorcount (0))
+ g10_exit(2);
+
+
if( nogreeting )
greeting = 0;
if (logfile && opt.batch)
{
log_set_file (logfile);
- log_set_prefix (NULL, 1|2|4);
+ log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
}
if (opt.verbose > 2)
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
+ if (opt.flags.rfc4880bis)
+ log_info ("WARNING: using experimental features from RFC4880bis!\n");
+ else
+ {
+ opt.mimemode = 0; /* This will use text mode instead. */
+ }
+
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
/* Do these after the switch(), so they can override settings. */
if(PGP6)
{
- /* That does not anymore work becuase we have no more support
+ /* That does not anymore work because we have no more support
for v3 signatures. */
opt.disable_mdc=1;
opt.escape_from=1;
/* Set the random seed file. */
if( use_random_seed ) {
- char *p = make_filename(opt.homedir, "random_seed", NULL );
+ char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
if (!access (p, F_OK))
register_secured_file (p);
if( opt.verbose > 1 )
set_packet_list_mode(1);
- /* Add the keyrings, but not for some special commands.
- We always need to add the keyrings if we are running under
- SELinux, this is so that the rings are added to the list of
- secured files. */
- if( ALWAYS_ADD_KEYRINGS
- || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
+ /* Add the keyrings, but not for some special commands. We always
+ * need to add the keyrings if we are running under SELinux, this
+ * is so that the rings are added to the list of secured files.
+ * We do not add any keyring if --no-keyring has been used. */
+ if (default_keyring >= 0
+ && (ALWAYS_ADD_KEYRINGS
+ || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
{
- if (!nrings || default_keyring) /* Add default ring. */
+ if (!nrings || default_keyring > 0) /* Add default ring. */
keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
KEYDB_RESOURCE_FLAG_DEFAULT);
for (sl = nrings; sl; sl = sl->next )
g10_exit(0);
- if( pwfd != -1 ) /* Read the passphrase now. */
- read_passphrase_from_fd( pwfd );
+ if (pwfd != -1) /* Read the passphrase now. */
+ read_passphrase_from_fd (pwfd);
+
+ if (ovrseskeyfd != -1 ) /* Read the sessionkey now. */
+ read_sessionkey_from_fd (ovrseskeyfd);
fname = argc? *argv : NULL;
case aGenRandom:
case aDeArmor:
case aEnArmor:
+ case aListConfig:
+ case aListGcryptConfig:
break;
case aFixTrustDB:
case aExportOwnerTrust:
case aDeleteSecretAndPublicKeys:
case aQuickKeygen:
case aQuickAddUid:
+ case aQuickAddKey:
+ case aQuickRevUid:
case aFullKeygen:
case aKeygen:
case aImport:
break;
}
- {
- int have_def_secret_key = opt.def_secret_key != NULL;
-
- rc = check_user_ids (&locusr, 1, 1);
- if (rc)
- g10_exit (1);
- rc = check_user_ids (&remusr, 0, 1);
- if (rc)
- g10_exit (1);
- rc = check_user_ids (&opt.def_secret_key, 1, 0);
- if (rc)
- g10_exit (1);
-
- if (opt.encrypt_to_default_key)
- {
- const char *default_key = parse_def_secret_key (ctrl);
- if (default_key)
- {
- sl = add_to_strlist2 (&remusr, default_key, utf8_strings);
- sl->flags = (oEncryptToDefaultKey << 2) | 1;
- }
- else if (have_def_secret_key)
- log_info (_("--encrypt-to-default-key specified, but no valid default keys specified.\n"));
- else
- log_info (_("--encrypt-to-default-key specified, but --default-key not specified.\n"));
- }
- }
-
/* The command dispatcher. */
switch( cmd )
{
break;
case aVerify:
- rc = 0;
if (multifile)
{
if ((rc = verify_files (ctrl, argc, argv)))
break;
case aQuickKeygen:
- if (argc != 1 )
- wrong_args("--gen-key user-id");
- username = make_username (fname);
- quick_generate_keypair (ctrl, username);
- xfree (username);
+ {
+ const char *x_algo, *x_usage, *x_expire;
+
+ if (argc < 1 || argc > 4)
+ wrong_args("--quick-gen-key USER-ID [ALGO [USAGE [EXPIRE]]]");
+ username = make_username (fname);
+ argv++, argc--;
+ x_algo = "";
+ x_usage = "";
+ x_expire = "";
+ if (argc)
+ {
+ x_algo = *argv++; argc--;
+ if (argc)
+ {
+ x_usage = *argv++; argc--;
+ if (argc)
+ {
+ x_expire = *argv++; argc--;
+ }
+ }
+ }
+ quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
+ xfree (username);
+ }
break;
case aKeygen: /* generate a key */
}
break;
+ case aQuickAddKey:
+ {
+ const char *x_fpr, *x_algo, *x_usage, *x_expire;
+
+ if (argc < 1 || argc > 4)
+ wrong_args ("--quick-addkey FINGERPRINT [ALGO [USAGE [EXPIRE]]]");
+ x_fpr = *argv++; argc--;
+ x_algo = "";
+ x_usage = "";
+ x_expire = "";
+ if (argc)
+ {
+ x_algo = *argv++; argc--;
+ if (argc)
+ {
+ x_usage = *argv++; argc--;
+ if (argc)
+ {
+ x_expire = *argv++; argc--;
+ }
+ }
+ }
+ keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire);
+ }
+ break;
+
+ case aQuickRevUid:
+ {
+ const char *uid, *uidtorev;
+
+ if (argc != 2)
+ wrong_args ("--quick-revuid USER-ID USER-ID-TO-REVOKE");
+ uid = *argv++; argc--;
+ uidtorev = *argv++; argc--;
+ keyedit_quick_revuid (ctrl, uid, uidtorev);
+ }
+ break;
+
case aFastImport:
opt.import_options |= IMPORT_FAST;
case aImport:
free_strlist(sl);
break;
+ case aExportSshKey:
+ if (argc != 1)
+ wrong_args ("--export-ssh-key <user-id>");
+ rc = export_ssh_key (ctrl, argv[0]);
+ if (rc)
+ {
+ write_status_failure ("export-ssh-key", rc);
+ log_error (_("export as ssh key failed: %s\n"), gpg_strerror (rc));
+ }
+ break;
+
case aSearchKeys:
sl = NULL;
for (; argc; argc--, argv++)
case aUpdateTrustDB:
if( argc )
wrong_args("--update-trustdb");
- update_trustdb();
+ update_trustdb (ctrl);
break;
case aCheckTrustDB:
/* Old versions allowed for arguments - ignore them */
- check_trustdb();
+ check_trustdb (ctrl);
break;
case aFixTrustDB:
KEYDB_HANDLE hd;
if (argc < 2)
- wrong_args("--tofu-policy POLICY KEYID [KEYID...]");
+ wrong_args ("--tofu-policy POLICY KEYID [KEYID...]");
policy = parse_tofu_policy (argv[0]);
hd = keydb_new ();
if (! hd)
- {
- log_error (_("Failed to open the keyring DB.\n"));
- g10_exit (1);
- }
+ g10_exit (1);
+
+ tofu_begin_batch_update (ctrl);
for (i = 1; i < argc; i ++)
{
rc = classify_user_id (argv[i], &desc, 0);
if (rc)
{
- log_error (_("Failed to parse '%s'.\n"), argv[i]);
+ log_error (_("error parsing key specification '%s': %s\n"),
+ argv[i], gpg_strerror (rc));
g10_exit (1);
}
|| desc.mode == KEYDB_SEARCH_MODE_KEYGRIP))
{
log_error (_("'%s' does not appear to be a valid"
- " key id, fingerprint or key grip.\n"),
+ " key ID, fingerprint or keygrip\n"),
argv[i]);
g10_exit (1);
}
rc = keydb_search_reset (hd);
if (rc)
{
- log_error (_("Failed to reset keyring handle.\n"));
+ /* This should not happen, thus no need to tranalate
+ the string. */
+ log_error ("keydb_search_reset failed: %s\n",
+ gpg_strerror (rc));
g10_exit (1);
}
rc = keydb_search (hd, &desc, 1, NULL);
- if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
- {
- log_error (_("Key '%s' is not available\n"), argv[i]);
- g10_exit (1);
- }
- else if (rc)
+ if (rc)
{
- log_error (_("Failed to find key '%s'\n"), argv[i]);
+ log_error (_("key \"%s\" not found: %s\n"), argv[i],
+ gpg_strerror (rc));
g10_exit (1);
}
rc = keydb_get_keyblock (hd, &kb);
if (rc)
{
- log_error (_("Failed to read key '%s' from the keyring\n"),
- argv[i]);
+ log_error (_("error reading keyblock: %s\n"),
+ gpg_strerror (rc));
g10_exit (1);
}
merge_keys_and_selfsig (kb);
- if (tofu_set_policy (kb, policy))
+ if (tofu_set_policy (ctrl, kb, policy))
g10_exit (1);
}
- keydb_release (hd);
+ tofu_end_batch_update (ctrl);
+ keydb_release (hd);
}
#endif /*USE_TOFU*/
break;
case aListPackets:
- opt.list_packets=2;
default:
if( argc > 1 )
wrong_args(_("[filename]"));
}
}
if( cmd == aListPackets ) {
- set_packet_list_mode(1);
opt.list_packets=1;
+ set_packet_list_mode(1);
}
rc = proc_packets (ctrl, NULL, a );
if( rc )
if(critical)
sl->flags |= 1;
}
+
+
+static void
+read_sessionkey_from_fd (int fd)
+{
+ int i, len;
+ char *line;
+
+ for (line = NULL, i = len = 100; ; i++ )
+ {
+ if (i >= len-1 )
+ {
+ char *tmp = line;
+ len += 100;
+ line = xmalloc_secure (len);
+ if (tmp)
+ {
+ memcpy (line, tmp, i);
+ xfree (tmp);
+ }
+ else
+ i=0;
+ }
+ if (read (fd, line + i, 1) != 1 || line[i] == '\n')
+ break;
+ }
+ line[i] = 0;
+ log_debug ("seskey: %s\n", line);
+ gpgrt_annotate_leaked_object (line);
+ opt.override_session_key = line;
+}
projects / gnupg.git / blobdiff