* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#include <config.h>
#include "call-dirmngr.h"
#include "tofu.h"
#include "../common/init.h"
+#include "../common/mbox-util.h"
#include "../common/shareddefs.h"
#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
aSym = 'c',
aDecrypt = 'd',
aEncr = 'e',
+ oRecipientFile = 'f',
+ oHiddenRecipientFile = 'F',
oInteractive = 'i',
aListKeys = 'k',
oDryRun = 'n',
aListSecretKeys = 'K',
oBatch = 500,
oMaxOutput,
+ oInputSizeHint,
oSigNotation,
oCertNotation,
oShowNotation,
aQuickSignKey,
aQuickLSignKey,
aQuickAddUid,
+ aQuickAddKey,
+ aQuickRevUid,
aListConfig,
aListGcryptConfig,
aGPGConfList,
aServer,
aTOFUPolicy,
+ oMimemode,
oTextmode,
oNoTextmode,
oExpert,
oNoAskCertLevel,
oFingerprint,
oWithFingerprint,
+ oWithSubkeyFingerprint,
oWithICAOSpelling,
oWithKeygrip,
oWithSecret,
oWithWKDHash,
+ oWithColons,
+ oWithKeyData,
+ oWithTofuInfo,
+ oWithSigList,
+ oWithSigCheck,
oAnswerYes,
oAnswerNo,
oKeyring,
oMarginalsNeeded,
oMaxCertDepth,
oLoadExtension,
+ oCompliance,
oGnuPG,
oRFC2440,
oRFC4880,
+ oRFC4880bis,
oOpenPGP,
oPGP6,
oPGP7,
oPGP8,
+ oDE_VS,
oRFC2440Text,
oNoRFC2440Text,
oCipherAlgo,
oNoMDCWarn,
oNoArmor,
oNoDefKeyring,
+ oNoKeyring,
oNoGreeting,
oNoTTY,
oNoOptions,
oNoBatch,
oHomedir,
- oWithColons,
- oWithKeyData,
- oWithSigList,
- oWithSigCheck,
oSkipVerify,
oSkipHiddenRecipients,
oNoSkipHiddenRecipients,
oKeyServer,
oKeyServerOptions,
oImportOptions,
+ oImportFilter,
oExportOptions,
+ oExportFilter,
oListOptions,
oVerifyOptions,
oTempDir,
oIgnoreMDCError,
oShowSessionKey,
oOverrideSessionKey,
+ oOverrideSessionKeyFD,
oNoRandomSeedFile,
oAutoKeyRetrieve,
oNoAutoKeyRetrieve,
oWeakDigest,
oUnwrap,
oOnlySignTextIDs,
+ oDisableSignerUID,
+ oSender,
oNoop
};
N_("quickly generate a new key pair")),
ARGPARSE_c (aQuickAddUid, "quick-adduid",
N_("quickly add a new user-id")),
+ ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"),
+ ARGPARSE_c (aQuickRevUid, "quick-revuid",
+ N_("quickly revoke a user-id")),
ARGPARSE_c (aFullKeygen, "full-gen-key" ,
N_("full featured key pair generation")),
ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")),
ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
ARGPARSE_c (aExport, "export" , N_("export keys") ),
- ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a key server") ),
- ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a key server") ),
+ ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a keyserver") ),
+ ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a keyserver") ),
ARGPARSE_c (aSearchKeys, "search-keys" ,
- N_("search for keys on a key server") ),
+ N_("search for keys on a keyserver") ),
ARGPARSE_c (aRefreshKeys, "refresh-keys",
N_("update all keys from a keyserver")),
ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
+ ARGPARSE_s_s (oRecipientFile, "recipient-file", "@"),
+ ARGPARSE_s_s (oHiddenRecipientFile, "hidden-recipient-file", "@"),
ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */
ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"),
ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"),
ARGPARSE_s_s (oLocalUser, "local-user",
N_("|USER-ID|use USER-ID to sign or decrypt")),
+ ARGPARSE_s_s (oSender, "sender", "@"),
ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"),
ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
+ ARGPARSE_s_n (oMimemode, "mimemode", "@"),
ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
- ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
+ ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
ARGPARSE_s_n (oExpert, "expert", "@"),
ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
+ ARGPARSE_s_s (oInputSizeHint, "input-size-hint", "@"),
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
ARGPARSE_s_n (oQuiet, "quiet", "@"),
ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
+ ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
+
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
ARGPARSE_s_s (oImportOptions, "import-options", "@"),
+ ARGPARSE_s_s (oImportFilter, "import-filter", "@"),
ARGPARSE_s_s (oExportOptions, "export-options", "@"),
+ ARGPARSE_s_s (oExportFilter, "export-filter", "@"),
ARGPARSE_s_s (oListOptions, "list-options", "@"),
ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
ARGPARSE_s_s (oLoadExtension, "load-extension", "@"), /* Dummy. */
+ ARGPARSE_s_s (oCompliance, "compliance", "@"),
ARGPARSE_s_n (oGnuPG, "gnupg", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
ARGPARSE_s_n (oPGP6, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
+ ARGPARSE_s_n (oNoKeyring, "no-keyring", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_n (oNoOptions, "no-options", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
ARGPARSE_s_n (oWithColons, "with-colons", "@"),
+ ARGPARSE_s_n (oWithTofuInfo,"with-tofu-info", "@"),
ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
#endif
ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
- ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
+ ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprint", "@"),
+ ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"),
ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
+ ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),
ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"),
ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"),
ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
+ ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
/* Dummy options. */
ARGPARSE_s_n (oNoop, "sk-comments", "@"),
static void add_policy_url( const char *string, int which );
static void add_keyserver_url( const char *string, int which );
static void emergency_cleanup (void);
+static void read_sessionkey_from_fd (int fd);
static char *
case 31: p = "\nHome: "; break;
#ifndef __riscos__
- case 32: p = opt.homedir; break;
+ case 32: p = gnupg_homedir (); break;
#else /* __riscos__ */
- case 32: p = make_filename(opt.homedir, NULL); break;
+ case 32: p = make_filename(gnupg_homedir (), NULL); break;
#endif /* __riscos__ */
case 33: p = _("\nSupported algorithms:\n"); break;
case 34:
g10_exit (2);
}
- if (opt.debug & DBG_MEMORY_VALUE )
+ if ((opt.debug & DBG_MEMORY_VALUE))
memory_debug_mode = 1;
- if (opt.debug & DBG_MEMSTAT_VALUE )
+ if ((opt.debug & DBG_MEMSTAT_VALUE))
memory_stat_debug_mode = 1;
- if (opt.debug & DBG_MPI_VALUE)
+ if (DBG_MPI)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
- if (opt.debug & DBG_CRYPTO_VALUE )
+ if (DBG_CRYPTO)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
- if (opt.debug & DBG_IOBUF_VALUE )
+ if ((opt.debug & DBG_IOBUF_VALUE))
iobuf_debug_mode = 1;
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
}
-
-/* We need the home directory also in some other directories, so make
- sure that both variables are always in sync. */
-static void
-set_homedir (const char *dir)
-{
- if (!dir)
- dir = "";
- opt.homedir = dir;
-}
-
-
/* We set the screen dimensions for UI purposes. Do not allow screens
smaller than 80x24 for the sake of simplicity. */
static void
could be rectified if the homedir itself had proper
permissions. */
if(item!=0 && homedir_cache>-1
- && ascii_strncasecmp(opt.homedir,tmppath,strlen(opt.homedir))==0)
+ && !ascii_strncasecmp (gnupg_homedir (), tmppath,
+ strlen (gnupg_homedir ())))
{
ret=homedir_cache;
goto end;
if (!ascii_strcasecmp (policystr, "help"))
{
- log_info (_("available TOFU policies:\n"));
+ log_info (_("valid values for option '%s':\n"), "--tofu-policy");
for (i=0; i < DIM (list); i++)
log_info (" %s\n", list[i].keyword);
g10_exit (1);
g10_exit (1);
}
+
+/* Parse the value of --compliance. */
static int
-parse_tofu_db_format (const char *db_format)
+parse_compliance_option (const char *string)
{
-#ifdef USE_TOFU
- if (ascii_strcasecmp (db_format, "auto") == 0)
- return TOFU_DB_AUTO;
- else if (ascii_strcasecmp (db_format, "split") == 0)
- return TOFU_DB_SPLIT;
- else if (ascii_strcasecmp (db_format, "flat") == 0)
- return TOFU_DB_FLAT;
- else if (ascii_strcasecmp (db_format, "help") == 0)
+ struct { const char *keyword; enum cmd_and_opt_values option; } list[] = {
+ { "gnupg", oGnuPG },
+ { "openpgp", oOpenPGP },
+ { "rfc4880bis", oRFC4880bis },
+ { "rfc4880", oRFC4880 },
+ { "rfc2440", oRFC2440 },
+ { "pgp6", oPGP6 },
+ { "pgp7", oPGP7 },
+ { "pgp8", oPGP8 },
+ { "de-vs", oDE_VS }
+ };
+ int i;
+
+ if (!ascii_strcasecmp (string, "help"))
{
- log_info ("available TOFU DB fomats: auto, split, flat\n");
+ log_info (_("valid values for option '%s':\n"), "--compliance");
+ for (i=0; i < DIM (list); i++)
+ log_info (" %s\n", list[i].keyword);
g10_exit (1);
}
- else
-#endif /*USE_TOFU*/
+
+ for (i=0; i < DIM (list); i++)
+ if (!ascii_strcasecmp (string, list[i].keyword))
+ return list[i].option;
+
+ log_error (_("invalid value for option '%s'\n"), "--compliance");
+ if (!opt.quiet)
+ log_info (_("(use \"help\" to list choices)\n"));
+ g10_exit (1);
+}
+
+
+
+/* Helper to set compliance related options. This is a separte
+ * function so that it can also be used by the --compliance option
+ * parser. */
+static void
+set_compliance_option (enum cmd_and_opt_values option)
+{
+ switch (option)
{
- log_error (_("unknown TOFU DB format '%s'\n"), db_format);
- if (!opt.quiet)
- log_info (_("(use \"help\" to list choices)\n"));
- g10_exit (1);
+ case oRFC4880bis:
+ opt.flags.rfc4880bis = 1;
+ /* fall through. */
+ case oOpenPGP:
+ case oRFC4880:
+ /* This is effectively the same as RFC2440, but with
+ "--enable-dsa2 --no-rfc2440-text --escape-from-lines
+ --require-cross-certification". */
+ opt.compliance = CO_RFC4880;
+ opt.flags.dsa2 = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.rfc2440_text = 0;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 1;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
+ opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
+ break;
+ case oRFC2440:
+ opt.compliance = CO_RFC2440;
+ opt.flags.dsa2 = 0;
+ opt.rfc2440_text = 1;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 0;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
+ opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
+ break;
+ case oPGP6: opt.compliance = CO_PGP6; break;
+ case oPGP7: opt.compliance = CO_PGP7; break;
+ case oPGP8: opt.compliance = CO_PGP8; break;
+ case oGnuPG: opt.compliance = CO_GNUPG; break;
+
+ case oDE_VS:
+ set_compliance_option (oOpenPGP);
+ opt.compliance = CO_DE_VS;
+ /* Fixme: Change other options. */
+ break;
+
+ default:
+ BUG ();
}
}
+
+
+
+
+
/* This function called to initialized a new control object. It is
assumed that this object has been zeroed out before calling this
function. */
static void
gpg_deinit_default_ctrl (ctrl_t ctrl)
{
+#ifdef USE_TOFU
+ tofu_closedbs (ctrl);
+#endif
gpg_dirmngr_deinit_session_data (ctrl);
}
break;
}
- configname = make_filename (opt.homedir, name, NULL);
+ configname = make_filename (gnupg_homedir (), name, NULL);
}
while (access (configname, R_OK));
xfree(name);
if (! configname)
- configname = make_filename (opt.homedir, GPG_NAME EXTSEP_S "conf", NULL);
+ configname = make_filename (gnupg_homedir (),
+ GPG_NAME EXTSEP_S "conf", NULL);
if (! access (configname, R_OK))
{
/* Print a warning when both config files are present. */
- char *p = make_filename (opt.homedir, "options", NULL);
+ char *p = make_filename (gnupg_homedir (), "options", NULL);
if (! access (p, R_OK))
log_info (_("Note: old default options file '%s' ignored\n"), p);
xfree (p);
else
{
/* Use the old default only if it exists. */
- char *p = make_filename (opt.homedir, "options", NULL);
+ char *p = make_filename (gnupg_homedir (), "options", NULL);
if (!access (p, R_OK))
{
xfree (configname);
int eyes_only=0;
int multifile=0;
int pwfd = -1;
+ int ovrseskeyfd = -1;
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0;
- int require_secmem=0,got_secmem=0;
+ int require_secmem = 0;
+ int got_secmem = 0;
struct assuan_malloc_hooks malloc_hooks;
ctrl_t ctrl;
+ static int print_dane_records;
+ static int print_pka_records;
+
+
#ifdef __riscos__
opt.lock_once = 1;
#endif /* __riscos__ */
-
/* Please note that we may running SUID(ROOT), so be very CAREFUL
when adding any stuff between here and the call to
secmem_init() somewhere after the option parsing. */
gnupg_rl_initialize ();
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
- log_set_prefix (GPG_NAME, 1);
+ log_set_prefix (GPG_NAME, GPGRT_LOG_WITH_PREFIX);
/* Make sure that our subsystems are ready. */
i18n_init();
init_common_subsystems (&argc, &argv);
- /* Check that the libraries are suitable. Do it right here because the
- option parsing may need services of the library. */
- if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
- {
- log_fatal ( _("libgcrypt is too old (need %s, have %s)\n"),
- NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
- }
-
/* Use our own logging handler for Libcgrypt. */
setup_libgcrypt_logging ();
opt.trust_model = TM_AUTO;
#endif
opt.tofu_default_policy = TOFU_POLICY_AUTO;
- opt.tofu_db_format = TOFU_DB_AUTO;
opt.mangle_dos_filenames = 0;
opt.min_cert_level = 2;
set_screen_dimensions ();
- opt.keyid_format = KF_SHORT;
+ opt.keyid_format = KF_NONE;
opt.def_sig_expire = "0";
opt.def_cert_expire = "0";
- set_homedir (default_homedir ());
+ gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
- opt.emit_version = 1; /* Limit to the major number. */
+ opt.emit_version = 0;
opt.weak_digests = NULL;
additional_weak_digest("MD5");
opt.no_homedir_creation = 1;
}
else if( pargs.r_opt == oHomedir )
- set_homedir ( pargs.r.ret_str );
+ gnupg_set_homedir (pargs.r.ret_str);
else if( pargs.r_opt == oNoPermissionWarn )
opt.no_perm_warn=1;
else if (pargs.r_opt == oStrict )
}
#ifdef HAVE_DOSISH_SYSTEM
- if ( strchr (opt.homedir,'\\') ) {
- char *d, *buf = xmalloc (strlen (opt.homedir)+1);
- const char *s = opt.homedir;
- for (d=buf,s=opt.homedir; *s; s++)
+ if ( strchr (gnupg_homedir (), '\\') ) {
+ char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1);
+ const char *s;
+ for (d=buf, s = gnupg_homedir (); *s; s++)
{
*d++ = *s == '\\'? '/': *s;
#ifdef HAVE_W32_SYSTEM
#endif
}
*d = 0;
- set_homedir (buf);
+ gnupg_set_homedir (buf);
}
#endif
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
- setup_libassuan_logging (&opt.debug);
+ setup_libassuan_logging (&opt.debug, NULL);
/* Try for a version specific config file first */
default_configname = get_default_configname ();
pargs.flags= ARGPARSE_FLAG_KEEP;
/* By this point we have a homedir, and cannot change it. */
- check_permissions(opt.homedir,0);
+ check_permissions (gnupg_homedir (), 0);
next_pass:
if( configname ) {
{
switch( pargs.r_opt )
{
- case aCheckKeys:
case aListConfig:
case aListGcryptConfig:
case aGPGConfList:
case aGPGConfTest:
+ set_cmd (&cmd, pargs.r_opt);
+ /* Do not register a keyring for these commands. */
+ default_keyring = -1;
+ break;
+
+ case aCheckKeys:
case aListPackets:
case aImport:
case aFastImport:
case aStore:
case aQuickKeygen:
case aQuickAddUid:
+ case aQuickAddKey:
+ case aQuickRevUid:
case aExportOwnerTrust:
case aImportOwnerTrust:
case aRebuildKeydbCaches:
case oArmor: opt.armor = 1; opt.no_armor=0; break;
case oOutput: opt.outfile = pargs.r.ret_str; break;
+
case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
+
+ case oInputSizeHint:
+ opt.input_size_hint = string_to_u64 (pargs.r.ret_str);
+ break;
+
case oQuiet: opt.quiet = 1; break;
case oNoTTY: tty_no_terminal(1); break;
case oDryRun: opt.dry_run = 1; break;
opt.with_fingerprint = 1;
opt.fingerprint++;
break;
+ case oWithSubkeyFingerprint:
+ opt.with_subkey_fingerprint = 1;
+ break;
case oWithICAOSpelling:
opt.with_icao_spelling = 1;
break;
}
break;
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
- case oNoDefKeyring: default_keyring = 0; break;
+
+ case oNoDefKeyring:
+ if (default_keyring > 0)
+ default_keyring = 0;
+ break;
+ case oNoKeyring:
+ default_keyring = -1;
+ break;
+
case oNoGreeting: nogreeting = 1; break;
case oNoVerbose:
opt.verbose = 0;
case oHomedir: break;
case oNoBatch: opt.batch = 0; break;
+ case oWithTofuInfo: opt.with_tofu_info = 1; break;
+
case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
case oWithColons: opt.with_colons=':'; break;
opt.tofu_default_policy = parse_tofu_policy (pargs.r.ret_str);
break;
case oTOFUDBFormat:
- opt.tofu_db_format = parse_tofu_db_format (pargs.r.ret_str);
+ obsolete_option (configname, configlineno, "tofu-db-format");
break;
case oForceOwnertrust:
/* Dummy so that gpg 1.4 conf files can work. Should
eventually be removed. */
break;
- case oOpenPGP:
- case oRFC4880:
- /* This is effectively the same as RFC2440, but with
- "--enable-dsa2 --no-rfc2440-text --escape-from-lines
- --require-cross-certification". */
- opt.compliance = CO_RFC4880;
- opt.flags.dsa2 = 1;
- opt.flags.require_cross_cert = 1;
- opt.rfc2440_text = 0;
- opt.allow_non_selfsigned_uid = 1;
- opt.allow_freeform_uid = 1;
- opt.escape_from = 1;
- opt.not_dash_escaped = 0;
- opt.def_cipher_algo = 0;
- opt.def_digest_algo = 0;
- opt.cert_digest_algo = 0;
- opt.compress_algo = -1;
- opt.s2k_mode = 3; /* iterated+salted */
- opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
- opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
- break;
- case oRFC2440:
- opt.compliance = CO_RFC2440;
- opt.flags.dsa2 = 0;
- opt.rfc2440_text = 1;
- opt.allow_non_selfsigned_uid = 1;
- opt.allow_freeform_uid = 1;
- opt.escape_from = 0;
- opt.not_dash_escaped = 0;
- opt.def_cipher_algo = 0;
- opt.def_digest_algo = 0;
- opt.cert_digest_algo = 0;
- opt.compress_algo = -1;
- opt.s2k_mode = 3; /* iterated+salted */
- opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
- opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
- break;
- case oPGP6: opt.compliance = CO_PGP6; break;
- case oPGP7: opt.compliance = CO_PGP7; break;
- case oPGP8: opt.compliance = CO_PGP8; break;
- case oGnuPG: opt.compliance = CO_GNUPG; break;
- case oRFC2440Text: opt.rfc2440_text=1; break;
- case oNoRFC2440Text: opt.rfc2440_text=0; break;
+
+ case oCompliance:
+ set_compliance_option (parse_compliance_option (pargs.r.ret_str));
+ break;
+ case oOpenPGP:
+ case oRFC2440:
+ case oRFC4880:
+ case oRFC4880bis:
+ case oPGP6:
+ case oPGP7:
+ case oPGP8:
+ case oGnuPG:
+ set_compliance_option (pargs.r_opt);
+ break;
+
+ case oRFC2440Text: opt.rfc2440_text=1; break;
+ case oNoRFC2440Text: opt.rfc2440_text=0; break;
+
case oSetFilename:
if(utf8_strings)
opt.set_filename = pargs.r.ret_str;
case oNoForceMDC: opt.force_mdc = 0; break;
case oDisableMDC: opt.disable_mdc = 1; break;
case oNoDisableMDC: opt.disable_mdc = 0; break;
+
+ case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
+
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
else
opt.s2k_count = 0; /* Auto-calibrate when needed. */
break;
- case oNoEncryptTo: opt.no_encrypt_to = 1; break;
- case oEncryptTo: /* store the recipient in the second list */
+
+ case oRecipient:
+ case oHiddenRecipient:
+ case oRecipientFile:
+ case oHiddenRecipientFile:
+ /* Store the recipient. Note that we also store the
+ * option as private data in the flags. This is achieved
+ * by shifting the option value to the left so to keep
+ * enough space for the flags. */
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
- sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO);
+ sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
if (configfp)
sl->flags |= PK_LIST_CONFIG;
+ if (pargs.r_opt == oHiddenRecipient
+ || pargs.r_opt == oHiddenRecipientFile)
+ sl->flags |= PK_LIST_HIDDEN;
+ if (pargs.r_opt == oRecipientFile
+ || pargs.r_opt == oHiddenRecipientFile)
+ sl->flags |= PK_LIST_FROM_FILE;
+ any_explicit_recipient = 1;
break;
- case oHiddenEncryptTo: /* store the recipient in the second list */
+
+ case oEncryptTo:
+ case oHiddenEncryptTo:
+ /* Store an additional recipient. */
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
- sl->flags = ((pargs.r_opt << PK_LIST_SHIFT)
- | PK_LIST_ENCRYPT_TO|PK_LIST_HIDDEN);
+ sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO);
if (configfp)
sl->flags |= PK_LIST_CONFIG;
+ if (pargs.r_opt == oHiddenEncryptTo)
+ sl->flags |= PK_LIST_HIDDEN;
break;
+
+ case oNoEncryptTo:
+ opt.no_encrypt_to = 1;
+ break;
case oEncryptToDefaultKey:
opt.encrypt_to_default_key = configfp ? 2 : 1;
break;
- case oRecipient: /* store the recipient */
- sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
- sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
- if (configfp)
- sl->flags |= PK_LIST_CONFIG;
- any_explicit_recipient = 1;
- break;
- case oHiddenRecipient: /* store the recipient with a flag */
- sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
- sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_HIDDEN);
- if (configfp)
- sl->flags |= PK_LIST_CONFIG;
- any_explicit_recipient = 1;
- break;
case oTrySecretKey:
add_to_strlist2 (&opt.secret_keys_to_try,
pargs.r.ret_str, utf8_strings);
break;
+ case oMimemode: opt.mimemode = opt.textmode = 1; break;
case oTextmodeShort: opt.textmode = 2; break;
case oTextmode: opt.textmode=1; break;
- case oNoTextmode: opt.textmode=0; break;
+ case oNoTextmode: opt.textmode=opt.mimemode=0; break;
+
case oExpert: opt.expert = 1; break;
case oNoExpert: opt.expert = 0; break;
case oDefSigExpire:
if (configfp)
sl->flags |= PK_LIST_CONFIG;
break;
+ case oSender:
+ {
+ char *mbox = mailbox_from_userid (pargs.r.ret_str);
+ if (!mbox)
+ log_error (_("\"%s\" is not a proper mail address\n"),
+ pargs.r.ret_str);
+ else
+ {
+ add_to_strlist (&opt.sender_list, mbox);
+ xfree (mbox);
+ }
+ }
+ break;
case oCompress:
/* this is the -z command line option */
opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
log_error(_("invalid import options\n"));
}
break;
+ case oImportFilter:
+ rc = parse_and_set_import_filter (pargs.r.ret_str);
+ if (rc)
+ log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
+ break;
case oExportOptions:
if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
{
log_error(_("invalid export options\n"));
}
break;
+ case oExportFilter:
+ rc = parse_and_set_export_filter (pargs.r.ret_str);
+ if (rc)
+ log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
+ break;
case oListOptions:
if(!parse_list_options(pargs.r.ret_str))
{
case oFastListMode: opt.fast_list_mode = 1; break;
case oFixedListMode: /* Dummy */ break;
case oLegacyListMode: opt.legacy_list_mode = 1; break;
- case oPrintPKARecords: opt.print_pka_records = 1; break;
- case oPrintDANERecords: opt.print_dane_records = 1; break;
+ case oPrintPKARecords: print_pka_records = 1; break;
+ case oPrintDANERecords: print_dane_records = 1; break;
case oListOnly: opt.list_only=1; break;
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
else
opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
-
- deprecated_warning(configname,configlineno,
- pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve":
- "--no-auto-key-retrieve","--keyserver-options ",
- pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve":
- "no-auto-key-retrieve");
break;
case oShowSessionKey: opt.show_session_key = 1; break;
case oOverrideSessionKey:
opt.override_session_key = pargs.r.ret_str;
break;
+ case oOverrideSessionKeyFD:
+ ovrseskeyfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
+ break;
case oMergeOnly:
deprecated_warning(configname,configlineno,"--merge-only",
"--import-options ","merge-only");
opt.keyid_format=KF_0xSHORT;
else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
opt.keyid_format=KF_0xLONG;
+ else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0)
+ opt.keyid_format = KF_NONE;
else
log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
break;
xfree (save_configname);
xfree (default_configname);
+ if (print_dane_records)
+ log_error ("invalid option \"%s\"; use \"%s\" instead\n",
+ "--print-dane-records",
+ "--export-options export-dane");
+ if (print_pka_records)
+ log_error ("invalid option \"%s\"; use \"%s\" instead\n",
+ "--print-pks-records",
+ "--export-options export-pka");
+ if (log_get_errorcount (0))
+ g10_exit(2);
+
+
if( nogreeting )
greeting = 0;
if (logfile && opt.batch)
{
log_set_file (logfile);
- log_set_prefix (NULL, 1|2|4);
+ log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
}
if (opt.verbose > 2)
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
+ if (opt.flags.rfc4880bis)
+ log_info ("WARNING: using experimental features from RFC4880bis!\n");
+ else
+ {
+ opt.mimemode = 0; /* This will use text mode instead. */
+ }
+
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
/* Set the random seed file. */
if( use_random_seed ) {
- char *p = make_filename(opt.homedir, "random_seed", NULL );
+ char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
if (!access (p, F_OK))
register_secured_file (p);
if( opt.verbose > 1 )
set_packet_list_mode(1);
- /* Add the keyrings, but not for some special commands.
- We always need to add the keyrings if we are running under
- SELinux, this is so that the rings are added to the list of
- secured files. */
- if( ALWAYS_ADD_KEYRINGS
- || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
+ /* Add the keyrings, but not for some special commands. We always
+ * need to add the keyrings if we are running under SELinux, this
+ * is so that the rings are added to the list of secured files.
+ * We do not add any keyring if --no-keyring has been used. */
+ if (default_keyring >= 0
+ && (ALWAYS_ADD_KEYRINGS
+ || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
{
- if (!nrings || default_keyring) /* Add default ring. */
+ if (!nrings || default_keyring > 0) /* Add default ring. */
keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
KEYDB_RESOURCE_FLAG_DEFAULT);
for (sl = nrings; sl; sl = sl->next )
g10_exit(0);
- if( pwfd != -1 ) /* Read the passphrase now. */
- read_passphrase_from_fd( pwfd );
+ if (pwfd != -1) /* Read the passphrase now. */
+ read_passphrase_from_fd (pwfd);
+
+ if (ovrseskeyfd != -1 ) /* Read the sessionkey now. */
+ read_sessionkey_from_fd (ovrseskeyfd);
fname = argc? *argv : NULL;
case aGenRandom:
case aDeArmor:
case aEnArmor:
+ case aListConfig:
+ case aListGcryptConfig:
break;
case aFixTrustDB:
case aExportOwnerTrust:
case aDeleteSecretAndPublicKeys:
case aQuickKeygen:
case aQuickAddUid:
+ case aQuickAddKey:
+ case aQuickRevUid:
case aFullKeygen:
case aKeygen:
case aImport:
break;
case aQuickKeygen:
- if (argc != 1 )
- wrong_args("--gen-key user-id");
- username = make_username (fname);
- quick_generate_keypair (ctrl, username);
- xfree (username);
+ {
+ const char *x_algo, *x_usage, *x_expire;
+
+ if (argc < 1 || argc > 4)
+ wrong_args("--quick-gen-key USER-ID [ALGO [USAGE [EXPIRE]]]");
+ username = make_username (fname);
+ argv++, argc--;
+ x_algo = "";
+ x_usage = "";
+ x_expire = "";
+ if (argc)
+ {
+ x_algo = *argv++; argc--;
+ if (argc)
+ {
+ x_usage = *argv++; argc--;
+ if (argc)
+ {
+ x_expire = *argv++; argc--;
+ }
+ }
+ }
+ quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
+ xfree (username);
+ }
break;
case aKeygen: /* generate a key */
}
break;
+ case aQuickAddKey:
+ {
+ const char *x_fpr, *x_algo, *x_usage, *x_expire;
+
+ if (argc < 1 || argc > 4)
+ wrong_args ("--quick-addkey FINGERPRINT [ALGO [USAGE [EXPIRE]]]");
+ x_fpr = *argv++; argc--;
+ x_algo = "";
+ x_usage = "";
+ x_expire = "";
+ if (argc)
+ {
+ x_algo = *argv++; argc--;
+ if (argc)
+ {
+ x_usage = *argv++; argc--;
+ if (argc)
+ {
+ x_expire = *argv++; argc--;
+ }
+ }
+ }
+ keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire);
+ }
+ break;
+
+ case aQuickRevUid:
+ {
+ const char *uid, *uidtorev;
+
+ if (argc != 2)
+ wrong_args ("--quick-revuid USER-ID USER-ID-TO-REVOKE");
+ uid = *argv++; argc--;
+ uidtorev = *argv++; argc--;
+ keyedit_quick_revuid (ctrl, uid, uidtorev);
+ }
+ break;
+
case aFastImport:
opt.import_options |= IMPORT_FAST;
case aImport:
if (! hd)
g10_exit (1);
+ tofu_begin_batch_update (ctrl);
+
for (i = 1; i < argc; i ++)
{
KEYDB_SEARCH_DESC desc;
}
merge_keys_and_selfsig (kb);
- if (tofu_set_policy (kb, policy))
+ if (tofu_set_policy (ctrl, kb, policy))
g10_exit (1);
}
- keydb_release (hd);
+ tofu_end_batch_update (ctrl);
+ keydb_release (hd);
}
#endif /*USE_TOFU*/
break;
case aListPackets:
- opt.list_packets=2;
default:
if( argc > 1 )
wrong_args(_("[filename]"));
}
}
if( cmd == aListPackets ) {
- set_packet_list_mode(1);
opt.list_packets=1;
+ set_packet_list_mode(1);
}
rc = proc_packets (ctrl, NULL, a );
if( rc )
if(critical)
sl->flags |= 1;
}
+
+
+static void
+read_sessionkey_from_fd (int fd)
+{
+ int i, len;
+ char *line;
+
+ for (line = NULL, i = len = 100; ; i++ )
+ {
+ if (i >= len-1 )
+ {
+ char *tmp = line;
+ len += 100;
+ line = xmalloc_secure (len);
+ if (tmp)
+ {
+ memcpy (line, tmp, i);
+ xfree (tmp);
+ }
+ else
+ i=0;
+ }
+ if (read (fd, line + i, 1) != 1 || line[i] == '\n')
+ break;
+ }
+ line[i] = 0;
+ log_debug ("seskey: %s\n", line);
+ gpgrt_annotate_leaked_object (line);
+ opt.override_session_key = line;
+}
projects / gnupg.git / blobdiff