« back to all changes in this revision
Viewing changes to g10/gpg.c
- browse files at revision 6
- compare with another revision
- download diff
- download tarball
- view history from revision 6
- Committer: Bazaar Package Importer
- Author(s): Thomas Viehmann
- Date: 2008-10-04 10:25:53 UTC
- mfrom: (5.1.15 intrepid)
- Revision ID: james.westby@ubuntu.com-20081004102553-fv62pp8dsitxli47
Tags: 2.0.9-3.1
* Non-maintainer upload.
* agent/gpg-agent.c: Deinit the threading library before exec'ing
the command to run in --daemon mode. And because that still doesn't
restore the sigprocmask, do that manually. Closes: #499569
* agent/gpg-agent.c: Deinit the threading library before exec'ing
the command to run in --daemon mode. And because that still doesn't
restore the sigprocmask, do that manually. Closes: #499569
- files added:
- COPYING.LIB
- doc/examples
- tests/openpgp
- files removed:
- BUGS
- artwork
- assuan
- checks
- cipher
- contrib
- doc/fr
- doc/gph
- intl
- mpi
- mpi/alpha
- mpi/generic
- mpi/hppa
- mpi/hppa1.1
- mpi/i386
- mpi/i386-openbsd
- mpi/i586
- mpi/m68k
- mpi/m68k/mc68020
- mpi/mips3
- mpi/pa7100
- mpi/power
- mpi/powerpc32
- mpi/powerpc64
- mpi/sparc32
- mpi/sparc32v8
- mpi/supersparc
- scripts/conf-riscos
- scripts/conf-riscos/cipher
- scripts/conf-riscos/include
- tests/extrasamples
- tests/samplemsgs
- util
- zlib
- files modified:
- ABOUT-NLS
- tests/inittests *
- tests/pkits/runtest *
- tests/runtest *
- tools/addgnupghome *
added
removed
g10/gpg.c
1
1
/* gpg.c - The GnuPG utility (main for gpg)
2
* Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3
* 2006, 2007 Free Software Foundation, Inc.
3
4
*
4
5
* This file is part of GnuPG.
5
6
*
6
7
* GnuPG is free software; you can redistribute it and/or modify
7
8
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* the Free Software Foundation; either version 3 of the License, or
9
10
* (at your option) any later version.
10
11
*
11
12
* GnuPG is distributed in the hope that it will be useful,
14
15
* GNU General Public License for more details.
15
16
*
16
17
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
18
* along with this program; if not, see <http://www.gnu.org/licenses/>.
19
19
*/
20
20
21
21
#include <config.h>
25
25
#include <string.h>
26
26
#include <ctype.h>
27
27
#include <unistd.h>
28
#ifdef HAVE_DOSISH_SYSTEM
29
#include <fcntl.h> /* for setmode() */
30
#endif
31
32
33
#include <gcrypt.h>
28
#include <assert.h>
29
#ifdef HAVE_STAT
30
#include <sys/stat.h> /* for stat() */
31
#endif
32
#include <fcntl.h>
33
#include <assuan.h>
34
#ifdef HAVE_W32_SYSTEM
35
#include <windows.h>
36
#endif
37
38
#define INCLUDED_BY_MAIN_MODULE 1
39
#include "gpg.h"
34
40
#include "packet.h"
35
#include "iobuf.h"
41
#include "../common/iobuf.h"
36
42
#include "util.h"
37
43
#include "main.h"
38
44
#include "options.h"
39
45
#include "keydb.h"
40
46
#include "trustdb.h"
47
#include "cipher.h"
41
48
#include "filter.h"
42
49
#include "ttyio.h"
43
50
#include "i18n.h"
51
#include "sysutils.h"
44
52
#include "status.h"
45
#include "gnupg-defs.h"
46
#include "hkp.h"
47
48
49
enum cmd_and_opt_values { aNull = 0,
53
#include "keyserver-internal.h"
54
#include "exec.h"
55
#include "gc-opt-flags.h"
56
57
#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
58
#define MY_O_BINARY O_BINARY
59
#ifndef S_IRGRP
60
# define S_IRGRP 0
61
# define S_IWGRP 0
62
#endif
63
#else
64
#define MY_O_BINARY 0
65
#endif
66
67
68
enum cmd_and_opt_values
69
{
70
aNull = 0,
50
71
oArmor = 'a',
51
72
aDetachedSign = 'b',
52
73
aSym = 'c',
53
74
aDecrypt = 'd',
54
75
aEncr = 'e',
55
76
oInteractive = 'i',
56
oKOption = 'k',
77
aListKeys = 'k',
57
78
oDryRun = 'n',
58
79
oOutput = 'o',
59
80
oQuiet = 'q',
60
81
oRecipient = 'r',
82
oHiddenRecipient = 'R',
61
83
aSign = 's',
62
84
oTextmodeShort= 't',
63
oUser = 'u',
85
oLocalUser = 'u',
64
86
oVerbose = 'v',
65
87
oCompress = 'z',
66
oNotation = 'N',
88
oSetNotation = 'N',
89
aListSecretKeys = 'K',
67
90
oBatch = 500,
91
oMaxOutput,
92
oSigNotation,
93
oCertNotation,
94
oShowNotation,
95
oNoShowNotation,
96
aEncrFiles,
97
aEncrSym,
98
aDecryptFiles,
68
99
aClearsign,
69
100
aStore,
70
101
aKeygen,
71
102
aSignEncr,
103
aSignEncrSym,
104
aSignSym,
72
105
aSignKey,
73
106
aLSignKey,
107
aListConfig,
108
aGPGConfList,
109
aGPGConfTest,
74
110
aListPackets,
75
111
aEditKey,
76
aDeleteKey,
77
aDeleteSecretKey,
78
aKMode,
79
aKModeC,
112
aDeleteKeys,
113
aDeleteSecretKeys,
114
aDeleteSecretAndPublicKeys,
80
115
aImport,
81
116
aFastImport,
82
117
aVerify,
83
118
aVerifyFiles,
84
aListKeys,
85
119
aListSigs,
86
aListSecretKeys,
87
120
aSendKeys,
88
121
aRecvKeys,
122
aSearchKeys,
123
aRefreshKeys,
124
aFetchKeys,
89
125
aExport,
90
aExportAll,
91
126
aExportSecret,
92
127
aExportSecretSub,
93
128
aCheckKeys,
94
129
aGenRevoke,
130
aDesigRevoke,
95
131
aPrimegen,
96
132
aPrintMD,
97
133
aPrintMDs,
98
aPrintHMAC,
99
134
aCheckTrustDB,
100
135
aUpdateTrustDB,
101
136
aFixTrustDB,
106
141
aDeArmor,
107
142
aEnArmor,
108
143
aGenRandom,
144
aRebuildKeydbCaches,
145
aCardStatus,
146
aCardEdit,
147
aChangePIN,
148
aServer,
109
149
110
150
oTextmode,
151
oNoTextmode,
152
oExpert,
153
oNoExpert,
154
oDefSigExpire,
155
oAskSigExpire,
156
oNoAskSigExpire,
157
oDefCertExpire,
158
oAskCertExpire,
159
oNoAskCertExpire,
160
oDefCertLevel,
161
oMinCertLevel,
162
oAskCertLevel,
163
oNoAskCertLevel,
111
164
oFingerprint,
112
165
oWithFingerprint,
113
166
oAnswerYes,
114
167
oAnswerNo,
115
168
oKeyring,
169
oPrimaryKeyring,
116
170
oSecretKeyring,
171
oShowKeyring,
117
172
oDefaultKey,
118
173
oDefRecipient,
119
174
oDefRecipientSelf,
120
175
oNoDefRecipient,
121
176
oOptions,
122
177
oDebug,
178
oDebugLevel,
123
179
oDebugAll,
180
oDebugCCIDDriver,
124
181
oStatusFD,
125
oNoComment,
126
oNoVersion,
182
oStatusFile,
183
oAttributeFD,
184
oAttributeFile,
127
185
oEmitVersion,
186
oNoEmitVersion,
128
187
oCompletesNeeded,
129
188
oMarginalsNeeded,
130
189
oMaxCertDepth,
131
190
oLoadExtension,
191
oGnuPG,
132
192
oRFC1991,
193
oRFC2440,
194
oRFC4880,
133
195
oOpenPGP,
196
oPGP2,
197
oPGP6,
198
oPGP7,
199
oPGP8,
200
oRFC2440Text,
201
oNoRFC2440Text,
134
202
oCipherAlgo,
135
203
oDigestAlgo,
204
oCertDigestAlgo,
136
205
oCompressAlgo,
206
oCompressLevel,
207
oBZ2CompressLevel,
208
oBZ2DecompressLowmem,
209
oPasswd,
137
210
oPasswdFD,
211
oPasswdFile,
212
oPasswdRepeat,
138
213
oCommandFD,
214
oCommandFile,
215
oQuickRandom,
139
216
oNoVerbose,
140
217
oTrustDBName,
141
218
oNoSecmemWarn,
219
oRequireSecmem,
220
oNoRequireSecmem,
221
oNoPermissionWarn,
222
oNoMDCWarn,
142
223
oNoArmor,
143
224
oNoDefKeyring,
144
225
oNoGreeting,
152
233
oCompressKeys,
153
234
oCompressSigs,
154
235
oAlwaysTrust,
155
oRunAsShmCP,
236
oTrustModel,
237
oForceOwnertrust,
156
238
oSetFilename,
239
oForYourEyesOnly,
240
oNoForYourEyesOnly,
157
241
oSetPolicyURL,
242
oSigPolicyURL,
243
oCertPolicyURL,
244
oShowPolicyURL,
245
oNoShowPolicyURL,
246
oSigKeyserverURL,
158
247
oUseEmbeddedFilename,
248
oNoUseEmbeddedFilename,
159
249
oComment,
160
250
oDefaultComment,
161
oThrowKeyid,
251
oNoComments,
252
oThrowKeyids,
253
oNoThrowKeyids,
254
oShowPhotos,
255
oNoShowPhotos,
256
oPhotoViewer,
162
257
oForceV3Sigs,
258
oNoForceV3Sigs,
259
oForceV4Certs,
260
oNoForceV4Certs,
163
261
oForceMDC,
262
oNoForceMDC,
263
oDisableMDC,
264
oNoDisableMDC,
164
265
oS2KMode,
165
266
oS2KDigest,
166
267
oS2KCipher,
167
oCharset,
268
oS2KCount,
269
oSimpleSKChecksum,
270
oDisplayCharset,
168
271
oNotDashEscaped,
169
272
oEscapeFrom,
273
oNoEscapeFrom,
170
274
oLockOnce,
171
275
oLockMultiple,
172
276
oLockNever,
173
277
oKeyServer,
278
oKeyServerOptions,
279
oImportOptions,
280
oExportOptions,
281
oListOptions,
282
oVerifyOptions,
283
oTempDir,
284
oExecPath,
174
285
oEncryptTo,
286
oHiddenEncryptTo,
175
287
oNoEncryptTo,
176
288
oLoggerFD,
289
oLoggerFile,
177
290
oUtf8Strings,
178
291
oNoUtf8Strings,
179
292
oDisableCipherAlgo,
180
293
oDisablePubkeyAlgo,
181
294
oAllowNonSelfsignedUID,
295
oNoAllowNonSelfsignedUID,
182
296
oAllowFreeformUID,
297
oNoAllowFreeformUID,
298
oAllowSecretKeyImport,
299
oEnableSpecialFilenames,
183
300
oNoLiteral,
184
301
oSetFilesize,
185
302
oHonorHttpProxy,
186
303
oFastListMode,
187
304
oListOnly,
188
305
oIgnoreTimeConflict,
306
oIgnoreValidFrom,
307
oIgnoreCrcError,
308
oIgnoreMDCError,
309
oShowSessionKey,
310
oOverrideSessionKey,
189
311
oNoRandomSeedFile,
312
oAutoKeyRetrieve,
190
313
oNoAutoKeyRetrieve,
191
314
oUseAgent,
315
oNoUseAgent,
316
oGpgAgentInfo,
192
317
oMergeOnly,
193
318
oTryAllSecrets,
194
319
oTrustedKey,
195
oEmuMDEncodeBug,
196
aTest };
320
oNoExpensiveTrustChecks,
321
oFixedListMode,
322
oNoSigCache,
323
oNoSigCreateCheck,
324
oAutoCheckTrustDB,
325
oNoAutoCheckTrustDB,
326
oPreservePermissions,
327
oDefaultPreferenceList,
328
oDefaultKeyserverURL,
329
oPersonalCipherPreferences,
330
oPersonalDigestPreferences,
331
oPersonalCompressPreferences,
332
oAgentProgram,
333
oDisplay,
334
oTTYname,
335
oTTYtype,
336
oLCctype,
337
oLCmessages,
338
oXauthority,
339
oGroup,
340
oUnGroup,
341
oNoGroups,
342
oStrict,
343
oNoStrict,
344
oMangleDosFilenames,
345
oNoMangleDosFilenames,
346
oEnableProgressFilter,
347
oMultifile,
348
oKeyidFormat,
349
oExitOnStatusWriteError,
350
oLimitCardInsertTries,
351
oRequireCrossCert,
352
oNoRequireCrossCert,
353
oAutoKeyLocate,
354
oNoAutoKeyLocate,
355
oAllowMultisigVerification,
356
oEnableDSA2,
357
oDisableDSA2,
358
oAllowMultipleMessages,
359
oNoAllowMultipleMessages,
360
361
oNoop
362
};
197
363
198
364
199
365
static ARGPARSE_OPTS opts[] = {
201
367
{ 300, NULL, 0, N_("@Commands:\n ") },
202
368
203
369
{ aSign, "sign", 256, N_("|[file]|make a signature")},
204
{ aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature") },
370
{ aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature")},
205
371
{ aDetachedSign, "detach-sign", 256, N_("make a detached signature")},
206
372
{ aEncr, "encrypt", 256, N_("encrypt data")},
373
{ aEncrFiles, "encrypt-files", 256, "@"},
207
374
{ aSym, "symmetric", 256, N_("encryption only with symmetric cipher")},
208
{ aStore, "store", 256, N_("store only")},
375
{ aStore, "store", 256, "@"},
209
376
{ aDecrypt, "decrypt", 256, N_("decrypt data (default)")},
377
{ aDecryptFiles, "decrypt-files", 256, "@"},
210
378
{ aVerify, "verify" , 256, N_("verify a signature")},
211
379
{ aVerifyFiles, "verify-files" , 256, "@" },
212
380
{ aListKeys, "list-keys", 256, N_("list keys")},
213
381
{ aListKeys, "list-public-keys", 256, "@" },
214
382
{ aListSigs, "list-sigs", 256, N_("list keys and signatures")},
215
{ aCheckKeys, "check-sigs",256, N_("check key signatures")},
383
{ aCheckKeys, "check-sigs",256, N_("list and check key signatures")},
216
384
{ oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
217
385
{ aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
218
386
{ aKeygen, "gen-key", 256, N_("generate a new key pair")},
219
{ aDeleteKey, "delete-key",256, N_("remove key from the public keyring")},
220
{ aDeleteSecretKey, "delete-secret-key",256,
221
N_("remove key from the secret keyring")},
387
{ aDeleteKeys,"delete-keys",256,N_("remove keys from the public keyring")},
388
{ aDeleteSecretKeys, "delete-secret-keys",256,
389
N_("remove keys from the secret keyring")},
222
390
{ aSignKey, "sign-key" ,256, N_("sign a key")},
223
391
{ aLSignKey, "lsign-key" ,256, N_("sign a key locally")},
224
392
{ aEditKey, "edit-key" ,256, N_("sign or edit a key")},
225
393
{ aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
394
{ aDesigRevoke, "desig-revoke",256, "@" },
226
395
{ aExport, "export" , 256, N_("export keys") },
227
396
{ aSendKeys, "send-keys" , 256, N_("export keys to a key server") },
228
397
{ aRecvKeys, "recv-keys" , 256, N_("import keys from a key server") },
229
{ aExportAll, "export-all" , 256, "@" },
398
{ aSearchKeys, "search-keys" , 256,
399
N_("search for keys on a key server") },
400
{ aRefreshKeys, "refresh-keys", 256,
401
N_("update all keys from a keyserver")},
402
{ aFetchKeys, "fetch-keys" , 256, "@" },
230
403
{ aExportSecret, "export-secret-keys" , 256, "@" },
231
404
{ aExportSecretSub, "export-secret-subkeys" , 256, "@" },
232
405
{ aImport, "import", 256 , N_("import/merge keys")},
233
406
{ aFastImport, "fast-import", 256 , "@"},
234
{ aListPackets, "list-packets",256,N_("list only the sequence of packets")},
235
{ aExportOwnerTrust,
236
"export-ownertrust", 256, N_("export the ownertrust values")},
237
{ aImportOwnerTrust,
238
"import-ownertrust", 256 , N_("import ownertrust values")},
407
#ifdef ENABLE_CARD_SUPPORT
408
{ aCardStatus, "card-status", 256, N_("print the card status")},
409
{ aCardEdit, "card-edit", 256, N_("change data on a card")},
410
{ aChangePIN, "change-pin", 256, N_("change a card's PIN")},
411
#endif
412
{ aListConfig, "list-config", 256, "@"},
413
{ aGPGConfList, "gpgconf-list", 256, "@" },
414
{ aGPGConfTest, "gpgconf-test", 256, "@" },
415
{ aListPackets, "list-packets",256, "@"},
416
{ aExportOwnerTrust, "export-ownertrust", 256, "@"},
417
{ aImportOwnerTrust, "import-ownertrust", 256, "@"},
239
418
{ aUpdateTrustDB,
240
419
"update-trustdb",0 , N_("update the trust database")},
241
{ aCheckTrustDB,
242
"check-trustdb",0 , N_("|[NAMES]|check the trust database")},
243
{ aFixTrustDB, "fix-trustdb",0 , N_("fix a corrupted trust database")},
244
{ aDeArmor, "dearmor", 256, N_("De-Armor a file or stdin") },
245
{ aDeArmor, "dearmour", 256, "@" },
246
{ aEnArmor, "enarmor", 256, N_("En-Armor a file or stdin") },
247
{ aEnArmor, "enarmour", 256, "@" },
420
{ aCheckTrustDB, "check-trustdb", 0, "@"},
421
{ aFixTrustDB, "fix-trustdb", 0, "@"},
422
{ aDeArmor, "dearmor", 256, "@"},
423
{ aDeArmor, "dearmour", 256, "@"},
424
{ aEnArmor, "enarmor", 256, "@"},
425
{ aEnArmor, "enarmour", 256, "@"},
248
426
{ aPrintMD, "print-md" , 256, N_("|algo [files]|print message digests")},
249
{ aPrintHMAC, "print-hmac" , 256, "@"},
250
427
{ aPrimegen, "gen-prime" , 256, "@" },
251
{ aGenRandom, "gen-random" , 256, "@" },
428
{ aGenRandom, "gen-random", 256, "@" },
429
{ aServer, "server", 256, N_("run in server mode")},
252
430
253
431
{ 301, NULL, 0, N_("@\nOptions:\n ") },
254
432
255
433
{ oArmor, "armor", 0, N_("create ascii armored output")},
256
434
{ oArmor, "armour", 0, "@" },
257
435
{ oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
436
{ oHiddenRecipient, "hidden-recipient", 2, "@" },
258
437
{ oRecipient, "remote-user", 2, "@"}, /* old option name */
259
{ oDefRecipient, "default-recipient" ,2,
260
N_("|NAME|use NAME as default recipient")},
261
{ oDefRecipientSelf, "default-recipient-self" ,0,
262
N_("use the default key as default recipient")},
438
{ oDefRecipient, "default-recipient", 2, "@"},
439
{ oDefRecipientSelf, "default-recipient-self", 0, "@"},
263
440
{ oNoDefRecipient, "no-default-recipient", 0, "@" },
441
{ oTempDir, "temp-directory", 2, "@" },
442
{ oExecPath, "exec-path", 2, "@" },
264
443
{ oEncryptTo, "encrypt-to", 2, "@" },
444
{ oHiddenEncryptTo, "hidden-encrypt-to", 2, "@" },
265
445
{ oNoEncryptTo, "no-encrypt-to", 0, "@" },
266
{ oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
267
{ oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
446
{ oLocalUser, "local-user",2, N_("use this user-id to sign or decrypt")},
447
{ oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
448
{ oCompressLevel, "compress-level", 1, "@" },
449
{ oBZ2CompressLevel, "bzip2-compress-level", 1, "@" },
450
{ oBZ2DecompressLowmem, "bzip2-decompress-lowmem", 0, "@" },
268
451
{ oTextmodeShort, NULL, 0, "@"},
269
452
{ oTextmode, "textmode", 0, N_("use canonical text mode")},
270
{ oOutput, "output", 2, N_("use as output file")},
453
{ oNoTextmode, "no-textmode", 0, "@"},
454
{ oExpert, "expert", 0, "@"},
455
{ oNoExpert, "no-expert", 0, "@"},
456
{ oDefSigExpire, "default-sig-expire", 2, "@"},
457
{ oAskSigExpire, "ask-sig-expire", 0, "@"},
458
{ oNoAskSigExpire, "no-ask-sig-expire", 0, "@"},
459
{ oDefCertExpire, "default-cert-expire", 2, "@"},
460
{ oAskCertExpire, "ask-cert-expire", 0, "@"},
461
{ oNoAskCertExpire, "no-ask-cert-expire", 0, "@"},
462
{ oDefCertLevel, "default-cert-level", 1, "@"},
463
{ oMinCertLevel, "min-cert-level", 1, "@"},
464
{ oAskCertLevel, "ask-cert-level", 0, "@"},
465
{ oNoAskCertLevel, "no-ask-cert-level", 0, "@"},
466
{ oOutput, "output", 2, N_("|FILE|write output to FILE")},
467
{ oMaxOutput, "max-output", 16|4, "@" },
271
468
{ oVerbose, "verbose", 0, N_("verbose") },
272
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
273
{ oNoTTY, "no-tty", 0, N_("don't use the terminal at all") },
274
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
275
{ oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
469
{ oQuiet, "quiet", 0, "@"},
470
{ oNoTTY, "no-tty", 0, "@"},
471
{ oForceV3Sigs, "force-v3-sigs", 0, "@"},
472
{ oNoForceV3Sigs, "no-force-v3-sigs", 0, "@"},
473
{ oForceV4Certs, "force-v4-certs", 0, "@"},
474
{ oNoForceV4Certs, "no-force-v4-certs", 0, "@"},
475
{ oForceMDC, "force-mdc", 0, "@"},
476
{ oNoForceMDC, "no-force-mdc", 0, "@" },
477
{ oDisableMDC, "disable-mdc", 0, "@"},
478
{ oNoDisableMDC, "no-disable-mdc", 0, "@" },
276
479
{ oDryRun, "dry-run", 0, N_("do not make any changes") },
277
/*{ oInteractive, "interactive", 0, N_("prompt before overwriting") }, */
278
{ oUseAgent, "use-agent",0, N_("use the gpg-agent")},
279
{ oBatch, "batch", 0, N_("batch mode: never ask")},
280
{ oAnswerYes, "yes", 0, N_("assume yes on most questions")},
281
{ oAnswerNo, "no", 0, N_("assume no on most questions")},
282
{ oKeyring, "keyring" ,2, N_("add this keyring to the list of keyrings")},
283
{ oSecretKeyring, "secret-keyring" ,2, N_("add this secret keyring to the list")},
284
{ oDefaultKey, "default-key" ,2, N_("|NAME|use NAME as default secret key")},
285
{ oKeyServer, "keyserver",2, N_("|HOST|use this keyserver to lookup keys")},
286
{ oCharset, "charset" , 2, N_("|NAME|set terminal charset to NAME") },
287
{ oOptions, "options" , 2, N_("read options from file")},
288
480
{ oInteractive, "interactive", 0, N_("prompt before overwriting") },
481
{ oUseAgent, "use-agent",0, "@"},
482
{ oNoUseAgent, "no-use-agent",0, "@"},
483
{ oGpgAgentInfo, "gpg-agent-info",2, "@"},
484
{ oBatch, "batch", 0, "@"},
485
{ oAnswerYes, "yes", 0, "@"},
486
{ oAnswerNo, "no", 0, "@"},
487
{ oKeyring, "keyring", 2, "@"},
488
{ oPrimaryKeyring, "primary-keyring",2, "@" },
489
{ oSecretKeyring, "secret-keyring", 2, "@"},
490
{ oShowKeyring, "show-keyring", 0, "@"},
491
{ oDefaultKey, "default-key", 2, "@"},
492
{ oKeyServer, "keyserver", 2, "@"},
493
{ oKeyServerOptions, "keyserver-options",2,"@"},
494
{ oImportOptions, "import-options",2,"@"},
495
{ oExportOptions, "export-options",2,"@"},
496
{ oListOptions, "list-options",2,"@"},
497
{ oVerifyOptions, "verify-options",2,"@"},
498
{ oDisplayCharset, "display-charset", 2, "@"},
499
{ oDisplayCharset, "charset", 2, "@"},
500
{ oOptions, "options", 2, "@"},
289
501
{ oDebug, "debug" ,4|16, "@"},
502
{ oDebugLevel, "debug-level" ,2, "@"},
290
503
{ oDebugAll, "debug-all" ,0, "@"},
291
{ oStatusFD, "status-fd" ,1, N_("|FD|write status info to this FD") },
292
{ oNoComment, "no-comment", 0, "@"},
504
{ oStatusFD, "status-fd" ,1, "@"},
505
{ oStatusFile, "status-file" ,2, "@"},
506
{ oAttributeFD, "attribute-fd" ,1, "@" },
507
{ oAttributeFile, "attribute-file" ,2, "@" },
508
{ oNoop, "sk-comments", 0, "@"},
509
{ oNoop, "no-sk-comments", 0, "@"},
293
510
{ oCompletesNeeded, "completes-needed", 1, "@"},
294
511
{ oMarginalsNeeded, "marginals-needed", 1, "@"},
295
512
{ oMaxCertDepth, "max-cert-depth", 1, "@" },
296
{ oTrustedKey, "trusted-key", 2, N_("|KEYID|ulimately trust this key")},
297
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
298
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
299
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
300
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
301
{ oS2KDigest, "s2k-digest-algo",2,
302
N_("|NAME|use message digest algorithm NAME for passphrases")},
303
{ oS2KCipher, "s2k-cipher-algo",2,
304
N_("|NAME|use cipher algorithm NAME for passphrases")},
305
{ oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
306
{ oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
307
{ oCompressAlgo, "compress-algo", 1 , N_("|N|use compress algorithm N")},
308
{ oThrowKeyid, "throw-keyid", 0, N_("throw keyid field of encrypted packets")},
309
{ oNotation, "notation-data", 2, N_("|NAME=VALUE|use this notation data")},
513
{ oTrustedKey, "trusted-key", 2, "@"},
514
{ oLoadExtension, "load-extension", 2, "@"},
515
{ oGnuPG, "gnupg", 0, "@"},
516
{ oGnuPG, "no-pgp2", 0, "@"},
517
{ oGnuPG, "no-pgp6", 0, "@"},
518
{ oGnuPG, "no-pgp7", 0, "@"},
519
{ oGnuPG, "no-pgp8", 0, "@"},
520
{ oRFC1991, "rfc1991", 0, "@"},
521
{ oRFC2440, "rfc2440", 0, "@" },
522
{ oRFC4880, "rfc4880", 0, "@" },
523
{ oOpenPGP, "openpgp", 0, N_("use strict OpenPGP behavior")},
524
{ oPGP2, "pgp2", 0, N_("generate PGP 2.x compatible messages")},
525
{ oPGP6, "pgp6", 0, "@"},
526
{ oPGP7, "pgp7", 0, "@"},
527
{ oPGP8, "pgp8", 0, "@"},
528
{ oRFC2440Text, "rfc2440-text", 0, "@"},
529
{ oNoRFC2440Text, "no-rfc2440-text", 0, "@"},
530
{ oS2KMode, "s2k-mode", 1, "@"},
531
{ oS2KDigest, "s2k-digest-algo", 2, "@"},
532
{ oS2KCipher, "s2k-cipher-algo", 2, "@"},
533
{ oS2KCount, "s2k-count", 1, "@"},
534
{ oSimpleSKChecksum, "simple-sk-checksum", 0, "@"},
535
{ oCipherAlgo, "cipher-algo", 2, "@"},
536
{ oDigestAlgo, "digest-algo", 2, "@"},
537
{ oCertDigestAlgo, "cert-digest-algo", 2 , "@" },
538
{ oCompressAlgo,"compress-algo", 2, "@"},
539
{ oCompressAlgo, "compression-algo", 2, "@"}, /* Alias */
540
{ oThrowKeyids, "throw-keyid", 0, "@"},
541
{ oThrowKeyids, "throw-keyids", 0, "@"},
542
{ oNoThrowKeyids, "no-throw-keyid", 0, "@" },
543
{ oNoThrowKeyids, "no-throw-keyids", 0, "@" },
544
{ oShowPhotos, "show-photos", 0, "@" },
545
{ oNoShowPhotos, "no-show-photos", 0, "@" },
546
{ oPhotoViewer, "photo-viewer", 2, "@" },
547
{ oSetNotation, "set-notation", 2, "@" },
548
{ oSetNotation, "notation-data", 2, "@" }, /* Alias */
549
{ oSigNotation, "sig-notation", 2, "@" },
550
{ oCertNotation, "cert-notation", 2, "@" },
310
551
311
552
{ 302, NULL, 0, N_(
312
553
"@\n(See the man page for a complete listing of all commands and options)\n"
320
561
" --fingerprint [names] show fingerprints\n" ) },
321
562
322
563
/* hidden options */
323
{ aExportOwnerTrust, "list-ownertrust",0 , "@"}, /* alias */
324
564
{ aPrintMDs, "print-mds" , 256, "@"}, /* old */
325
565
{ aListTrustDB, "list-trustdb",0 , "@"},
326
{ aListTrustPath, "list-trust-path",0, "@"},
327
{ oKOption, NULL, 0, "@"},
566
/* Not yet used */
567
/* { aListTrustPath, "list-trust-path",0, "@"}, */
568
{ oPasswd, "passphrase",2, "@" },
328
569
{ oPasswdFD, "passphrase-fd",1, "@" },
570
{ oPasswdFile, "passphrase-file",2, "@" },
571
{ oPasswdRepeat, "passphrase-repeat", 1, "@"},
329
572
{ oCommandFD, "command-fd",1, "@" },
573
{ oCommandFile, "command-file",2, "@" },
574
{ oQuickRandom, "debug-quick-random", 0, "@"},
330
575
{ oNoVerbose, "no-verbose", 0, "@"},
331
576
{ oTrustDBName, "trustdb-name", 2, "@" },
332
{ oNoSecmemWarn, "no-secmem-warning", 0, "@" }, /* used only by regression tests */
577
{ oNoSecmemWarn, "no-secmem-warning", 0, "@" },
578
{ oRequireSecmem,"require-secmem", 0, "@" },
579
{ oNoRequireSecmem,"no-require-secmem", 0, "@" },
580
{ oNoPermissionWarn, "no-permission-warning", 0, "@" },
581
{ oNoMDCWarn, "no-mdc-warning", 0, "@" },
333
582
{ oNoArmor, "no-armor", 0, "@"},
334
583
{ oNoArmor, "no-armour", 0, "@"},
335
584
{ oNoDefKeyring, "no-default-keyring", 0, "@" },
345
594
{ oSkipVerify, "skip-verify",0, "@" },
346
595
{ oCompressKeys, "compress-keys",0, "@"},
347
596
{ oCompressSigs, "compress-sigs",0, "@"},
597
{ oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */
348
598
{ oAlwaysTrust, "always-trust", 0, "@"},
349
{ oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
599
{ oTrustModel, "trust-model", 2, "@"},
600
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
350
601
{ oSetFilename, "set-filename", 2, "@" },
602
{ oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
603
{ oNoForYourEyesOnly, "no-for-your-eyes-only", 0, "@" },
351
604
{ oSetPolicyURL, "set-policy-url", 2, "@" },
605
{ oSigPolicyURL, "sig-policy-url", 2, "@" },
606
{ oCertPolicyURL, "cert-policy-url", 2, "@" },
607
{ oShowPolicyURL, "show-policy-url", 0, "@" },
608
{ oNoShowPolicyURL, "no-show-policy-url", 0, "@" },
609
{ oSigKeyserverURL, "sig-keyserver-url", 2, "@" },
610
{ oShowNotation, "show-notation", 0, "@" },
611
{ oNoShowNotation, "no-show-notation", 0, "@" },
352
612
{ oComment, "comment", 2, "@" },
353
613
{ oDefaultComment, "default-comment", 0, "@" },
354
{ oNoVersion, "no-version", 0, "@"},
614
{ oNoComments, "no-comments", 0, "@" },
355
615
{ oEmitVersion, "emit-version", 0, "@"},
616
{ oNoEmitVersion, "no-emit-version", 0, "@"},
617
{ oNoEmitVersion, "no-version", 0, "@"}, /* alias */
356
618
{ oNotDashEscaped, "not-dash-escaped", 0, "@" },
357
619
{ oEscapeFrom, "escape-from-lines", 0, "@" },
620
{ oNoEscapeFrom, "no-escape-from-lines", 0, "@" },
358
621
{ oLockOnce, "lock-once", 0, "@" },
359
622
{ oLockMultiple, "lock-multiple", 0, "@" },
360
623
{ oLockNever, "lock-never", 0, "@" },
361
624
{ oLoggerFD, "logger-fd",1, "@" },
625
{ oLoggerFile, "log-file",2, "@" },
626
{ oLoggerFile, "logger-file",2, "@" }, /* For 1.4 compatibility. */
362
627
{ oUseEmbeddedFilename, "use-embedded-filename", 0, "@" },
628
{ oNoUseEmbeddedFilename, "no-use-embedded-filename", 0, "@" },
363
629
{ oUtf8Strings, "utf8-strings", 0, "@" },
364
630
{ oNoUtf8Strings, "no-utf8-strings", 0, "@" },
365
631
{ oWithFingerprint, "with-fingerprint", 0, "@" },
366
632
{ oDisableCipherAlgo, "disable-cipher-algo", 2, "@" },
367
633
{ oDisablePubkeyAlgo, "disable-pubkey-algo", 2, "@" },
368
634
{ oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", 0, "@" },
635
{ oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", 0, "@" },
369
636
{ oAllowFreeformUID, "allow-freeform-uid", 0, "@" },
637
{ oNoAllowFreeformUID, "no-allow-freeform-uid", 0, "@" },
370
638
{ oNoLiteral, "no-literal", 0, "@" },
371
639
{ oSetFilesize, "set-filesize", 20, "@" },
372
640
{ oHonorHttpProxy,"honor-http-proxy", 0, "@" },
373
641
{ oFastListMode,"fast-list-mode", 0, "@" },
642
{ oFixedListMode,"fixed-list-mode", 0, "@" },
374
643
{ oListOnly, "list-only", 0, "@"},
375
644
{ oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" },
645
{ oIgnoreValidFrom, "ignore-valid-from", 0, "@" },
646
{ oIgnoreCrcError, "ignore-crc-error", 0,"@" },
647
{ oIgnoreMDCError, "ignore-mdc-error", 0,"@" },
648
{ oShowSessionKey, "show-session-key", 0, "@" },
649
{ oOverrideSessionKey, "override-session-key", 2, "@" },
376
650
{ oNoRandomSeedFile, "no-random-seed-file", 0, "@" },
651
{ oAutoKeyRetrieve, "auto-key-retrieve", 0, "@" },
377
652
{ oNoAutoKeyRetrieve, "no-auto-key-retrieve", 0, "@" },
653
{ oNoSigCache, "no-sig-cache", 0, "@" },
654
{ oNoSigCreateCheck, "no-sig-create-check", 0, "@" },
655
{ oAutoCheckTrustDB, "auto-check-trustdb", 0, "@"},
656
{ oNoAutoCheckTrustDB, "no-auto-check-trustdb", 0, "@"},
378
657
{ oMergeOnly, "merge-only", 0, "@" },
658
{ oAllowSecretKeyImport, "allow-secret-key-import", 0, "@" },
379
659
{ oTryAllSecrets, "try-all-secrets", 0, "@" },
380
{ oEmuMDEncodeBug, "emulate-md-encode-bug", 0, "@"},
381
{0} };
382
383
384
385
int gpg_errors_seen = 0;
660
{ oEnableSpecialFilenames, "enable-special-filenames", 0, "@" },
661
{ oNoExpensiveTrustChecks, "no-expensive-trust-checks", 0, "@" },
662
{ aDeleteSecretAndPublicKeys, "delete-secret-and-public-keys",256, "@" },
663
{ aRebuildKeydbCaches, "rebuild-keydb-caches", 256, "@"},
664
{ oPreservePermissions, "preserve-permissions", 0, "@"},
665
{ oDefaultPreferenceList, "default-preference-list", 2, "@"},
666
{ oDefaultKeyserverURL, "default-keyserver-url", 2, "@"},
667
{ oPersonalCipherPreferences, "personal-cipher-preferences", 2, "@"},
668
{ oPersonalDigestPreferences, "personal-digest-preferences", 2, "@"},
669
{ oPersonalCompressPreferences, "personal-compress-preferences", 2, "@"},
670
/* Aliases. I constantly mistype these, and assume other people
671
do as well. */
672
{ oPersonalCipherPreferences, "personal-cipher-prefs", 2, "@"},
673
{ oPersonalDigestPreferences, "personal-digest-prefs", 2, "@"},
674
{ oPersonalCompressPreferences, "personal-compress-prefs", 2, "@"},
675
{ oAgentProgram, "agent-program", 2 , "@" },
676
{ oDisplay, "display", 2, "@" },
677
{ oTTYname, "ttyname", 2, "@" },
678
{ oTTYtype, "ttytype", 2, "@" },
679
{ oLCctype, "lc-ctype", 2, "@" },
680
{ oLCmessages, "lc-messages", 2, "@" },
681
{ oXauthority, "xauthority", 2, "@" },
682
{ oGroup, "group", 2, "@" },
683
{ oUnGroup, "ungroup", 2, "@" },
684
{ oNoGroups, "no-groups", 0, "@" },
685
{ oStrict, "strict", 0, "@" },
686
{ oNoStrict, "no-strict", 0, "@" },
687
{ oMangleDosFilenames, "mangle-dos-filenames", 0, "@" },
688
{ oNoMangleDosFilenames, "no-mangle-dos-filenames", 0, "@" },
689
{ oEnableProgressFilter, "enable-progress-filter", 0, "@" },
690
{ oMultifile, "multifile", 0, "@" },
691
{ oKeyidFormat, "keyid-format", 2, "@" },
692
{ oExitOnStatusWriteError, "exit-on-status-write-error", 0, "@" },
693
{ oLimitCardInsertTries, "limit-card-insert-tries", 1, "@"},
694
695
{ oAllowMultisigVerification, "allow-multisig-verification", 0, "@"},
696
{ oEnableDSA2, "enable-dsa2", 0, "@"},
697
{ oDisableDSA2, "disable-dsa2", 0, "@"},
698
{ oAllowMultipleMessages, "allow-multiple-messages", 0, "@"},
699
{ oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"},
700
701
/* These two are aliases to help users of the PGP command line
702
product use gpg with minimal pain. Many commands are common
703
already as they seem to have borrowed commands from us. Now
704
I'm returning the favor. */
705
{ oLocalUser, "sign-with", 2, "@" },
706
{ oRecipient, "user", 2, "@" },
707
{ oRequireCrossCert, "require-backsigs", 0, "@"},
708
{ oRequireCrossCert, "require-cross-certification", 0, "@"},
709
{ oNoRequireCrossCert, "no-require-backsigs", 0, "@"},
710
{ oNoRequireCrossCert, "no-require-cross-certification", 0, "@"},
711
{ oAutoKeyLocate, "auto-key-locate", 2, "@"},
712
{ oNoAutoKeyLocate, "no-auto-key-locate", 0, "@"},
713
714
{0,NULL,0,NULL}
715
};
716
717
718
#ifdef ENABLE_SELINUX_HACKS
719
#define ALWAYS_ADD_KEYRINGS 1
720
#else
721
#define ALWAYS_ADD_KEYRINGS 0
722
#endif
723
724
725
int g10_errors_seen = 0;
386
726
387
727
static int utf8_strings = 0;
388
728
static int maybe_setuid = 1;
389
729
390
static char *build_list( const char *text,
730
static char *build_list( const char *text, char letter,
391
731
const char *(*mapf)(int), int (*chkf)(int) );
732
static char *build_lib_list (const char *text);
392
733
static void set_cmd( enum cmd_and_opt_values *ret_cmd,
393
734
enum cmd_and_opt_values new_cmd );
394
static void print_hex( byte *p, size_t n );
395
static void print_mds( const char *fname, int algo, const char *key );
396
static void add_notation_data( const char *string );
397
static int check_policy_url( const char *s );
398
399
400
static int
401
our_pk_test_algo( int algo )
402
{
403
return openpgp_pk_test_algo( algo, 0 );
404
}
735
static void print_mds( const char *fname, int algo );
736
static void add_notation_data( const char *string, int which );
737
static void add_policy_url( const char *string, int which );
738
static void add_keyserver_url( const char *string, int which );
739
static void emergency_cleanup (void);
740
405
741
406
742
static const char *
407
743
my_strusage( int level )
408
744
{
409
static char *digests, *pubkeys, *ciphers;
745
static char *digests, *pubkeys, *ciphers, *zips, *libs;
410
746
const char *p;
411
747
switch( level ) {
412
748
case 11: p = "gpg (GnuPG)";
416
752
case 19: p =
417
753
_("Please report bugs to <gnupg-bugs@gnu.org>.\n");
418
754
break;
755
756
#ifdef IS_DEVELOPMENT_VERSION
757
case 20:
758
p="NOTE: THIS IS A DEVELOPMENT VERSION!";
759
break;
760
case 21:
761
p="It is only intended for test purposes and should NOT be";
762
break;
763
case 22:
764
p="used in a production environment or with production keys!";
765
break;
766
#endif
767
419
768
case 1:
420
769
case 40: p =
421
770
_("Usage: gpg [options] [files] (-h for help)");
427
776
break;
428
777
429
778
case 31: p = "\nHome: "; break;
779
#ifndef __riscos__
430
780
case 32: p = opt.homedir; break;
781
#else /* __riscos__ */
782
case 32: p = make_filename(opt.homedir, NULL); break;
783
#endif /* __riscos__ */
431
784
case 33: p = _("\nSupported algorithms:\n"); break;
432
785
case 34:
786
if (!pubkeys)
787
pubkeys = build_list (_("Pubkey: "), 0,
788
gcry_pk_algo_name,
789
openpgp_pk_test_algo );
790
p = pubkeys;
791
break;
792
case 35:
433
793
if( !ciphers )
434
ciphers = build_list("Cipher: ", gcry_cipher_algo_name,
435
openpgp_cipher_test_algo );
794
ciphers = build_list(_("Cipher: "), 'S',
795
openpgp_cipher_algo_name,
796
openpgp_cipher_test_algo );
436
797
p = ciphers;
437
798
break;
438
case 35:
439
if( !pubkeys )
440
pubkeys = build_list("Pubkey: ", gcry_pk_algo_name,
441
our_pk_test_algo );
442
p = pubkeys;
443
break;
444
799
case 36:
445
800
if( !digests )
446
digests = build_list("Hash: ", gcry_md_algo_name,
447
openpgp_md_test_algo );
801
digests = build_list(_("Hash: "), 'H',
802
gcry_md_algo_name,
803
openpgp_md_test_algo );
448
804
p = digests;
449
805
break;
450
806
case 37:
807
if( !zips )
808
zips = build_list(_("Compression: "),'Z',
809
compress_algo_to_string,
810
check_compress_algo);
811
p = zips;
812
break;
813
case 38:
814
if (!libs)
815
libs = build_lib_list(_("Used libraries:"));
816
p = libs;
817
break;
451
818
452
819
default: p = NULL;
453
820
}
456
823
457
824
458
825
static char *
459
build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) )
826
build_list( const char *text, char letter,
827
const char * (*mapf)(int), int (*chkf)(int) )
460
828
{
461
829
int i;
830
const char *s;
462
831
size_t n=strlen(text)+2;
463
char *list, *p;
464
465
if( maybe_setuid ) {
466
gcry_control( GCRYCTL_DROP_PRIVS ); /* drop setuid */
467
}
468
469
for(i=1; i < 110; i++ )
470
if( !chkf(i) )
471
n += strlen(mapf(i)) + 2;
472
list = gcry_xmalloc( 21 + n ); *list = 0;
473
for(p=NULL, i=1; i < 110; i++ ) {
474
if( !chkf(i) ) {
475
if( !p )
832
char *list, *p, *line=NULL;
833
834
if (maybe_setuid)
835
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
836
837
for(i=0; i <= 110; i++ )
838
if( !chkf(i) && (s=mapf(i)) )
839
n += strlen(s) + 7 + 2;
840
list = xmalloc( 21 + n ); *list = 0;
841
for(p=NULL, i=0; i <= 110; i++ ) {
842
if( !chkf(i) && (s=mapf(i)) ) {
843
if( !p ) {
476
844
p = stpcpy( list, text );
845
line=p;
846
}
477
847
else
478
848
p = stpcpy( p, ", ");
479
p = stpcpy(p, mapf(i) );
849
850
if(strlen(line)>60) {
851
int spaces=strlen(text);
852
853
list=xrealloc(list,n+spaces+1);
854
/* realloc could move the block, so find the end again */
855
p=list;
856
while(*p)
857
p++;
858
859
p=stpcpy(p, "\n");
860
line=p;
861
for(;spaces;spaces--)
862
p=stpcpy(p, " ");
863
}
864
865
p = stpcpy(p, s );
866
if(opt.verbose && letter)
867
{
868
char num[8];
869
sprintf(num," (%c%d)",letter,i);
870
p = stpcpy(p,num);
871
}
480
872
}
481
873
}
482
874
if( p )
485
877
}
486
878
487
879
488
static void
489
i18n_init(void)
490
{
491
#ifdef USE_SIMPLE_GETTEXT
492
set_gettext_file( PACKAGE );
493
#else
494
#ifdef ENABLE_NLS
495
#ifdef HAVE_LC_MESSAGES
496
setlocale( LC_TIME, "" );
497
setlocale( LC_MESSAGES, "" );
498
#else
499
setlocale( LC_ALL, "" );
500
#endif
501
bindtextdomain( PACKAGE, GNUPG_LOCALEDIR );
502
textdomain( PACKAGE );
503
#endif
504
#endif
505
}
506
507
508
static void
509
register_extension( const char *mainpgm, const char *fname )
510
{
511
#warning fixme add register cipher extension
512
/* Before we do so, we should design a beter API for this.
513
* I am currently thinking about using S-Exp to pass everything we
514
* need from the module to gcrypt. I hope we are not going to
515
* implement my-own-lisp-library-no-17000 */
516
#if 0
517
if( *fname != '/' ) { /* do tilde expansion etc */
518
char *tmp;
519
520
if( strchr(fname, '/') )
521
tmp = make_filename(fname, NULL);
522
else
523
tmp = make_filename(GNUPG_LIBDIR, fname, NULL);
524
register_cipher_extension( mainpgm, tmp );
525
gcry_free(tmp);
526
}
527
else
528
register_cipher_extension( mainpgm, fname );
529
#endif
530
}
531
880
static char *
881
build_lib_list (const char *text)
882
{
883
struct { const char *name; const char *version; } array[3];
884
int idx;
885
size_t n;
886
char *list, *p;
887
888
if (maybe_setuid)
889
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
890
891
idx = 0;
892
array[idx].name = "gcrypt";
893
array[idx++].version = gcry_check_version (NULL);
894
array[idx].name = NULL;
895
array[idx++].version = NULL;
896
897
n = strlen (text) + 1;
898
for (idx=0; array[idx].name; idx++)
899
{
900
n += 2 + strlen (array[idx].name);
901
if (array[idx].version)
902
n += 1 + strlen (array[idx].version) + 1;
903
}
904
n++;
905
list = xmalloc (n+1);
906
p = stpcpy (stpcpy (list, text), " ");
907
for (idx=0; array[idx].name; idx++)
908
{
909
if (idx)
910
p = stpcpy (p, ", ");
911
p = stpcpy (p, array[idx].name);
912
if (array[idx].version)
913
p = stpcpy (stpcpy (stpcpy (p, "("), array[idx].version), ")");
914
}
915
strcpy (p, "\n");
916
return list;
917
}
532
918
533
919
534
920
static void
537
923
fputs(_("usage: gpg [options] "),stderr);
538
924
fputs(text,stderr);
539
925
putc('\n',stderr);
540
gpg_exit(2);
926
g10_exit(2);
541
927
}
542
928
543
929
546
932
{
547
933
char *p;
548
934
if( utf8_strings )
549
p = gcry_xstrdup(string);
935
p = xstrdup(string);
550
936
else
551
937
p = native_to_utf8( string );
552
938
return p;
553
939
}
554
940
555
941
556
static void
557
set_debug(void)
558
{
559
#if 0
560
#warning memory debugging not enabled
561
if( opt.debug & DBG_MEMORY_VALUE )
562
memory_debug_mode = 1;
563
if( opt.debug & DBG_MEMSTAT_VALUE )
564
memory_stat_debug_mode = 1;
565
#endif
566
567
if( opt.debug & DBG_MPI_VALUE )
568
gcry_control( GCRYCTL_SET_DEBUG_FLAGS, 2 );
569
if( opt.debug & DBG_CIPHER_VALUE )
570
gcry_control( GCRYCTL_SET_DEBUG_FLAGS, 1 );
571
572
if( opt.debug & DBG_IOBUF_VALUE )
573
iobuf_debug_mode = 1;
574
575
}
576
942
/* Setup the debugging. With a LEVEL of NULL only the active debug
943
flags are propagated to the subsystems. With LEVEL set, a specific
944
set of debug flags is set; thus overriding all flags already
945
set. */
946
static void
947
set_debug (const char *level)
948
{
949
if (!level)
950
;
951
else if (!strcmp (level, "none"))
952
opt.debug = 0;
953
else if (!strcmp (level, "basic"))
954
opt.debug = DBG_MEMSTAT_VALUE;
955
else if (!strcmp (level, "advanced"))
956
opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
957
else if (!strcmp (level, "expert"))
958
opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
959
|DBG_CACHE_VALUE|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
960
else if (!strcmp (level, "guru"))
961
opt.debug = ~0;
962
else
963
{
964
log_error (_("invalid debug-level `%s' given\n"), level);
965
g10_exit (2);
966
}
967
968
if (opt.debug & DBG_MEMORY_VALUE )
969
memory_debug_mode = 1;
970
if (opt.debug & DBG_MEMSTAT_VALUE )
971
memory_stat_debug_mode = 1;
972
if (opt.debug & DBG_MPI_VALUE)
973
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
974
if (opt.debug & DBG_CIPHER_VALUE )
975
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
976
if (opt.debug & DBG_IOBUF_VALUE )
977
iobuf_debug_mode = 1;
978
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
979
}
980
981
982
983
/* We need the home directory also in some other directories, so make
984
sure that both variables are always in sync. */
985
static void
986
set_homedir (const char *dir)
987
{
988
if (!dir)
989
dir = "";
990
opt.homedir = dir;
991
}
992
993
994
/* We set the screen dimensions for UI purposes. Do not allow screens
995
smaller than 80x24 for the sake of simplicity. */
996
static void
997
set_screen_dimensions(void)
998
{
999
#ifndef HAVE_W32_SYSTEM
1000
char *str;
1001
1002
str=getenv("COLUMNS");
1003
if(str)
1004
opt.screen_columns=atoi(str);
1005
1006
str=getenv("LINES");
1007
if(str)
1008
opt.screen_lines=atoi(str);
1009
#endif
1010
1011
if(opt.screen_columns<80 || opt.screen_columns>255)
1012
opt.screen_columns=80;
1013
1014
if(opt.screen_lines<24 || opt.screen_lines>255)
1015
opt.screen_lines=24;
1016
}
1017
1018
1019
/* Helper to open a file FNAME either for reading or writing to be
1020
used with --status-file etc functions. Not generally useful but it
1021
avoids the riscos specific functions and well some Windows people
1022
might like it too. Prints an error message and returns -1 on
1023
error. On success the file descriptor is returned. */
1024
static int
1025
open_info_file (const char *fname, int for_write)
1026
{
1027
#ifdef __riscos__
1028
return riscos_fdopenfile (fname, for_write);
1029
#elif defined (ENABLE_SELINUX_HACKS)
1030
/* We can't allow these even when testing for a secured filename
1031
because files to be secured might not yet been secured. This is
1032
similar to the option file but in that case it is unlikely that
1033
sensitive information may be retrieved by means of error
1034
messages. */
1035
return -1;
1036
#else
1037
int fd;
1038
1039
/* if (is_secured_filename (fname)) */
1040
/* { */
1041
/* fd = -1; */
1042
/* errno = EPERM; */
1043
/* } */
1044
/* else */
1045
/* { */
1046
do
1047
{
1048
if (for_write)
1049
fd = open (fname, O_CREAT | O_TRUNC | O_WRONLY,
1050
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
1051
else
1052
fd = open (fname, O_RDONLY | MY_O_BINARY);
1053
}
1054
while (fd == -1 && errno == EINTR);
1055
/* } */
1056
if ( fd == -1)
1057
log_error ( for_write? _("can't create `%s': %s\n")
1058
: _("can't open `%s': %s\n"), fname, strerror(errno));
1059
1060
return fd;
1061
#endif
1062
}
577
1063
578
1064
static void
579
1065
set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
586
1072
cmd = aSignEncr;
587
1073
else if( cmd == aEncr && new_cmd == aSign )
588
1074
cmd = aSignEncr;
589
else if( cmd == aKMode && new_cmd == aSym )
590
cmd = aKModeC;
1075
else if( cmd == aSign && new_cmd == aSym )
1076
cmd = aSignSym;
1077
else if( cmd == aSym && new_cmd == aSign )
1078
cmd = aSignSym;
1079
else if( cmd == aSym && new_cmd == aEncr )
1080
cmd = aEncrSym;
1081
else if( cmd == aEncr && new_cmd == aSym )
1082
cmd = aEncrSym;
1083
else if (cmd == aSignEncr && new_cmd == aSym)
1084
cmd = aSignEncrSym;
1085
else if (cmd == aSignSym && new_cmd == aEncr)
1086
cmd = aSignEncrSym;
1087
else if (cmd == aEncrSym && new_cmd == aSign)
1088
cmd = aSignEncrSym;
591
1089
else if( ( cmd == aSign && new_cmd == aClearsign )
592
1090
|| ( cmd == aClearsign && new_cmd == aSign ) )
593
1091
cmd = aClearsign;
594
1092
else {
595
1093
log_error(_("conflicting commands\n"));
596
gpg_exit(2);
1094
g10_exit(2);
597
1095
}
598
1096
599
1097
*ret_cmd = cmd;
600
1098
}
601
1099
602
1100
1101
static void
1102
add_group(char *string)
1103
{
1104
char *name,*value;
1105
struct groupitem *item;
1106
1107
/* Break off the group name */
1108
name=strsep(&string,"=");
1109
if(string==NULL)
1110
{
1111
log_error(_("no = sign found in group definition `%s'\n"),name);
1112
return;
1113
}
1114
1115
trim_trailing_ws(name,strlen(name));
1116
1117
/* Does this group already exist? */
1118
for(item=opt.grouplist;item;item=item->next)
1119
if(strcasecmp(item->name,name)==0)
1120
break;
1121
1122
if(!item)
1123
{
1124
item=xmalloc(sizeof(struct groupitem));
1125
item->name=name;
1126
item->next=opt.grouplist;
1127
item->values=NULL;
1128
opt.grouplist=item;
1129
}
1130
1131
/* Break apart the values */
1132
while ((value= strsep(&string," \t")))
1133
{
1134
if (*value)
1135
add_to_strlist2(&item->values,value,utf8_strings);
1136
}
1137
}
1138
1139
1140
static void
1141
rm_group(char *name)
1142
{
1143
struct groupitem *item,*last=NULL;
1144
1145
trim_trailing_ws(name,strlen(name));
1146
1147
for(item=opt.grouplist;item;last=item,item=item->next)
1148
{
1149
if(strcasecmp(item->name,name)==0)
1150
{
1151
if(last)
1152
last->next=item->next;
1153
else
1154
opt.grouplist=item->next;
1155
1156
free_strlist(item->values);
1157
xfree(item);
1158
break;
1159
}
1160
}
1161
}
1162
1163
1164
/* We need to check three things.
1165
1166
0) The homedir. It must be x00, a directory, and owned by the
1167
user.
1168
1169
1) The options/gpg.conf file. Okay unless it or its containing
1170
directory is group or other writable or not owned by us. Disable
1171
exec in this case.
1172
1173
2) Extensions. Same as #1.
1174
1175
Returns true if the item is unsafe. */
1176
static int
1177
check_permissions(const char *path,int item)
1178
{
1179
#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
1180
static int homedir_cache=-1;
1181
char *tmppath,*dir;
1182
struct stat statbuf,dirbuf;
1183
int homedir=0,ret=0,checkonly=0;
1184
int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
1185
1186
if(opt.no_perm_warn)
1187
return 0;
1188
1189
assert(item==0 || item==1 || item==2);
1190
1191
/* extensions may attach a path */
1192
if(item==2 && path[0]!=DIRSEP_C)
1193
{
1194
if(strchr(path,DIRSEP_C))
1195
tmppath=make_filename(path,NULL);
1196
else
1197
tmppath=make_filename(gnupg_libdir (),path,NULL);
1198
}
1199
else
1200
tmppath=xstrdup(path);
1201
1202
/* If the item is located in the homedir, but isn't the homedir,
1203
don't continue if we already checked the homedir itself. This is
1204
to avoid user confusion with an extra options file warning which
1205
could be rectified if the homedir itself had proper
1206
permissions. */
1207
if(item!=0 && homedir_cache>-1
1208
&& ascii_strncasecmp(opt.homedir,tmppath,strlen(opt.homedir))==0)
1209
{
1210
ret=homedir_cache;
1211
goto end;
1212
}
1213
1214
/* It's okay if the file or directory doesn't exist */
1215
if(stat(tmppath,&statbuf)!=0)
1216
{
1217
ret=0;
1218
goto end;
1219
}
1220
1221
/* Now check the enclosing directory. Theoretically, we could walk
1222
this test up to the root directory /, but for the sake of sanity,
1223
I'm stopping at one level down. */
1224
dir=make_dirname(tmppath);
1225
1226
if(stat(dir,&dirbuf)!=0 || !S_ISDIR(dirbuf.st_mode))
1227
{
1228
/* Weird error */
1229
ret=1;
1230
goto end;
1231
}
1232
1233
xfree(dir);
1234
1235
/* Assume failure */
1236
ret=1;
1237
1238
if(item==0)
1239
{
1240
/* The homedir must be x00, a directory, and owned by the user. */
1241
1242
if(S_ISDIR(statbuf.st_mode))
1243
{
1244
if(statbuf.st_uid==getuid())
1245
{
1246
if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1247
ret=0;
1248
else
1249
perm=1;
1250
}
1251
else
1252
own=1;
1253
1254
homedir_cache=ret;
1255
}
1256
}
1257
else if(item==1 || item==2)
1258
{
1259
/* The options or extension file. Okay unless it or its
1260
containing directory is group or other writable or not owned
1261
by us or root. */
1262
1263
if(S_ISREG(statbuf.st_mode))
1264
{
1265
if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
1266
{
1267
if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1268
{
1269
/* it's not writable, so make sure the enclosing
1270
directory is also not writable */
1271
if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1272
{
1273
if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1274
ret=0;
1275
else
1276
enc_dir_perm=1;
1277
}
1278
else
1279
enc_dir_own=1;
1280
}
1281
else
1282
{
1283
/* it's writable, so the enclosing directory had
1284
better not let people get to it. */
1285
if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1286
{
1287
if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1288
ret=0;
1289
else
1290
perm=enc_dir_perm=1; /* unclear which one to fix! */
1291
}
1292
else
1293
enc_dir_own=1;
1294
}
1295
}
1296
else
1297
own=1;
1298
}
1299
}
1300
else
1301
BUG();
1302
1303
if(!checkonly)
1304
{
1305
if(own)
1306
{
1307
if(item==0)
1308
log_info(_("WARNING: unsafe ownership on"
1309
" homedir `%s'\n"),tmppath);
1310
else if(item==1)
1311
log_info(_("WARNING: unsafe ownership on"
1312
" configuration file `%s'\n"),tmppath);
1313
else
1314
log_info(_("WARNING: unsafe ownership on"
1315
" extension `%s'\n"),tmppath);
1316
}
1317
if(perm)
1318
{
1319
if(item==0)
1320
log_info(_("WARNING: unsafe permissions on"
1321
" homedir `%s'\n"),tmppath);
1322
else if(item==1)
1323
log_info(_("WARNING: unsafe permissions on"
1324
" configuration file `%s'\n"),tmppath);
1325
else
1326
log_info(_("WARNING: unsafe permissions on"
1327
" extension `%s'\n"),tmppath);
1328
}
1329
if(enc_dir_own)
1330
{
1331
if(item==0)
1332
log_info(_("WARNING: unsafe enclosing directory ownership on"
1333
" homedir `%s'\n"),tmppath);
1334
else if(item==1)
1335
log_info(_("WARNING: unsafe enclosing directory ownership on"
1336
" configuration file `%s'\n"),tmppath);
1337
else
1338
log_info(_("WARNING: unsafe enclosing directory ownership on"
1339
" extension `%s'\n"),tmppath);
1340
}
1341
if(enc_dir_perm)
1342
{
1343
if(item==0)
1344
log_info(_("WARNING: unsafe enclosing directory permissions on"
1345
" homedir `%s'\n"),tmppath);
1346
else if(item==1)
1347
log_info(_("WARNING: unsafe enclosing directory permissions on"
1348
" configuration file `%s'\n"),tmppath);
1349
else
1350
log_info(_("WARNING: unsafe enclosing directory permissions on"
1351
" extension `%s'\n"),tmppath);
1352
}
1353
}
1354
1355
end:
1356
xfree(tmppath);
1357
1358
if(homedir)
1359
homedir_cache=ret;
1360
1361
return ret;
1362
1363
#endif /* HAVE_STAT && !HAVE_DOSISH_SYSTEM */
1364
1365
return 0;
1366
}
1367
1368
1369
static void
1370
print_algo_numbers(int (*checker)(int))
1371
{
1372
int i,first=1;
1373
1374
for(i=0;i<=110;i++)
1375
{
1376
if(!checker(i))
1377
{
1378
if(first)
1379
first=0;
1380
else
1381
printf(";");
1382
printf("%d",i);
1383
}
1384
}
1385
}
1386
1387
1388
static void
1389
print_algo_names(int (*checker)(int),const char *(*mapper)(int))
1390
{
1391
int i,first=1;
1392
1393
for(i=0;i<=110;i++)
1394
{
1395
if(!checker(i))
1396
{
1397
if(first)
1398
first=0;
1399
else
1400
printf(";");
1401
printf("%s",mapper(i));
1402
}
1403
}
1404
}
1405
1406
/* In the future, we can do all sorts of interesting configuration
1407
output here. For now, just give "group" as the Enigmail folks need
1408
it, and pubkey, cipher, hash, and compress as they may be useful
1409
for frontends. */
1410
static void
1411
list_config(char *items)
1412
{
1413
int show_all=(items==NULL);
1414
char *name=NULL;
1415
1416
if(!opt.with_colons)
1417
return;
1418
1419
while(show_all || (name=strsep(&items," ")))
1420
{
1421
int any=0;
1422
1423
if(show_all || ascii_strcasecmp(name,"group")==0)
1424
{
1425
struct groupitem *iter;
1426
1427
for(iter=opt.grouplist;iter;iter=iter->next)
1428
{
1429
strlist_t sl;
1430
1431
printf("cfg:group:");
1432
print_string(stdout,iter->name,strlen(iter->name),':');
1433
printf(":");
1434
1435
for(sl=iter->values;sl;sl=sl->next)
1436
{
1437
print_sanitized_string2 (stdout, sl->d, ':',';');
1438
if(sl->next)
1439
printf(";");
1440
}
1441
1442
printf("\n");
1443
}
1444
1445
any=1;
1446
}
1447
1448
if(show_all || ascii_strcasecmp(name,"version")==0)
1449
{
1450
printf("cfg:version:");
1451
print_string(stdout,VERSION,strlen(VERSION),':');
1452
printf("\n");
1453
any=1;
1454
}
1455
1456
if(show_all || ascii_strcasecmp(name,"pubkey")==0)
1457
{
1458
printf("cfg:pubkey:");
1459
print_algo_numbers (openpgp_pk_test_algo);
1460
printf("\n");
1461
any=1;
1462
}
1463
1464
if(show_all || ascii_strcasecmp(name,"cipher")==0)
1465
{
1466
printf("cfg:cipher:");
1467
print_algo_numbers(openpgp_cipher_test_algo);
1468
printf("\n");
1469
any=1;
1470
}
1471
1472
if (show_all || !ascii_strcasecmp (name,"ciphername"))
1473
{
1474
printf ("cfg:ciphername:");
1475
print_algo_names (openpgp_cipher_test_algo,openpgp_cipher_algo_name);
1476
printf ("\n");
1477
any = 1;
1478
}
1479
1480
if(show_all
1481
|| ascii_strcasecmp(name,"digest")==0
1482
|| ascii_strcasecmp(name,"hash")==0)
1483
{
1484
printf("cfg:digest:");
1485
print_algo_numbers(openpgp_md_test_algo);
1486
printf("\n");
1487
any=1;
1488
}
1489
1490
if (show_all
1491
|| !ascii_strcasecmp(name,"digestname")
1492
|| !ascii_strcasecmp(name,"hashname"))
1493
{
1494
printf ("cfg:digestname:");
1495
print_algo_names (openpgp_md_test_algo, gcry_md_algo_name);
1496
printf("\n");
1497
any=1;
1498
}
1499
1500
if(show_all || ascii_strcasecmp(name,"compress")==0)
1501
{
1502
printf("cfg:compress:");
1503
print_algo_numbers(check_compress_algo);
1504
printf("\n");
1505
any=1;
1506
}
1507
1508
if(show_all || ascii_strcasecmp(name,"ccid-reader-id")==0)
1509
{
1510
#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) \
1511
&& GNUPG_MAJOR_VERSION == 1
1512
1513
char *p, *p2, *list = ccid_get_reader_list ();
1514
1515
for (p=list; p && (p2 = strchr (p, '\n')); p = p2+1)
1516
{
1517
*p2 = 0;
1518
printf("cfg:ccid-reader-id:%s\n", p);
1519
}
1520
free (list);
1521
#endif
1522
any=1;
1523
}
1524
1525
if(show_all)
1526
break;
1527
1528
if(!any)
1529
log_error(_("unknown configuration item `%s'\n"),name);
1530
}
1531
}
1532
1533
1534
/* List options and default values in the GPG Conf format. This is a
1535
new tool distributed with gnupg 1.9.x but we also want some limited
1536
support in older gpg versions. The output is the name of the
1537
configuration file and a list of options available for editing by
1538
gpgconf. */
1539
static void
1540
gpgconf_list (const char *configfile)
1541
{
1542
char *configfile_esc = percent_escape (configfile, NULL);
1543
1544
printf ("gpgconf-gpg.conf:%lu:\"%s\n",
1545
GC_OPT_FLAG_DEFAULT, configfile_esc ? configfile_esc : "/dev/null");
1546
printf ("verbose:%lu:\n", GC_OPT_FLAG_NONE);
1547
printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
1548
printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
1549
printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
1550
printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE);
1551
printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
1552
1553
xfree (configfile_esc);
1554
}
1555
1556
1557
static int
1558
parse_subpacket_list(char *list)
1559
{
1560
char *tok;
1561
byte subpackets[128],i;
1562
int count=0;
1563
1564
if(!list)
1565
{
1566
/* No arguments means all subpackets */
1567
memset(subpackets+1,1,sizeof(subpackets)-1);
1568
count=127;
1569
}
1570
else
1571
{
1572
memset(subpackets,0,sizeof(subpackets));
1573
1574
/* Merge with earlier copy */
1575
if(opt.show_subpackets)
1576
{
1577
byte *in;
1578
1579
for(in=opt.show_subpackets;*in;in++)
1580
{
1581
if(*in>127 || *in<1)
1582
BUG();
1583
1584
if(!subpackets[*in])
1585
count++;
1586
subpackets[*in]=1;
1587
}
1588
}
1589
1590
while((tok=strsep(&list," ,")))
1591
{
1592
if(!*tok)
1593
continue;
1594
1595
i=atoi(tok);
1596
if(i>127 || i<1)
1597
return 0;
1598
1599
if(!subpackets[i])
1600
count++;
1601
subpackets[i]=1;
1602
}
1603
}
1604
1605
xfree(opt.show_subpackets);
1606
opt.show_subpackets=xmalloc(count+1);
1607
opt.show_subpackets[count--]=0;
1608
1609
for(i=1;i<128 && count>=0;i++)
1610
if(subpackets[i])
1611
opt.show_subpackets[count--]=i;
1612
1613
return 1;
1614
}
1615
1616
1617
static int
1618
parse_list_options(char *str)
1619
{
1620
char *subpackets=""; /* something that isn't NULL */
1621
struct parse_options lopts[]=
1622
{
1623
{"show-photos",LIST_SHOW_PHOTOS,NULL,
1624
N_("display photo IDs during key listings")},
1625
{"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
1626
N_("show policy URLs during signature listings")},
1627
{"show-notations",LIST_SHOW_NOTATIONS,NULL,
1628
N_("show all notations during signature listings")},
1629
{"show-std-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1630
N_("show IETF standard notations during signature listings")},
1631
{"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1632
NULL},
1633
{"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
1634
N_("show user-supplied notations during signature listings")},
1635
{"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
1636
N_("show preferred keyserver URLs during signature listings")},
1637
{"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,
1638
N_("show user ID validity during key listings")},
1639
{"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL,
1640
N_("show revoked and expired user IDs in key listings")},
1641
{"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
1642
N_("show revoked and expired subkeys in key listings")},
1643
{"show-keyring",LIST_SHOW_KEYRING,NULL,
1644
N_("show the keyring name in key listings")},
1645
{"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
1646
N_("show expiration dates during signature listings")},
1647
{"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,NULL,
1648
NULL},
1649
{NULL,0,NULL,NULL}
1650
};
1651
1652
/* C99 allows for non-constant initializers, but we'd like to
1653
compile everywhere, so fill in the show-sig-subpackets argument
1654
here. Note that if the parse_options array changes, we'll have
1655
to change the subscript here. */
1656
lopts[12].value=&subpackets;
1657
1658
if(parse_options(str,&opt.list_options,lopts,1))
1659
{
1660
if(opt.list_options&LIST_SHOW_SIG_SUBPACKETS)
1661
{
1662
/* Unset so users can pass multiple lists in. */
1663
opt.list_options&=~LIST_SHOW_SIG_SUBPACKETS;
1664
if(!parse_subpacket_list(subpackets))
1665
return 0;
1666
}
1667
else if(subpackets==NULL && opt.show_subpackets)
1668
{
1669
/* User did 'no-show-subpackets' */
1670
xfree(opt.show_subpackets);
1671
opt.show_subpackets=NULL;
1672
}
1673
1674
return 1;
1675
}
1676
else
1677
return 0;
1678
}
1679
1680
1681
/* Collapses argc/argv into a single string that must be freed */
1682
static char *
1683
collapse_args(int argc,char *argv[])
1684
{
1685
char *str=NULL;
1686
int i,first=1,len=0;
1687
1688
for(i=0;i<argc;i++)
1689
{
1690
len+=strlen(argv[i])+2;
1691
str=xrealloc(str,len);
1692
if(first)
1693
{
1694
str[0]='\0';
1695
first=0;
1696
}
1697
else
1698
strcat(str," ");
1699
1700
strcat(str,argv[i]);
1701
}
1702
1703
return str;
1704
}
1705
1706
static void
1707
parse_trust_model(const char *model)
1708
{
1709
if(ascii_strcasecmp(model,"pgp")==0)
1710
opt.trust_model=TM_PGP;
1711
else if(ascii_strcasecmp(model,"classic")==0)
1712
opt.trust_model=TM_CLASSIC;
1713
else if(ascii_strcasecmp(model,"always")==0)
1714
opt.trust_model=TM_ALWAYS;
1715
else if(ascii_strcasecmp(model,"direct")==0)
1716
opt.trust_model=TM_DIRECT;
1717
else if(ascii_strcasecmp(model,"auto")==0)
1718
opt.trust_model=TM_AUTO;
1719
else
1720
log_error("unknown trust model `%s'\n",model);
1721
}
1722
1723
1724
/* Pack an s2k iteration count into the form specified in 2440. If
1725
we're in between valid values, round up. */
1726
static unsigned char
1727
encode_s2k_iterations(int iterations)
1728
{
1729
unsigned char c=0,result;
1730
unsigned int count;
1731
1732
if(iterations<=1024)
1733
return 0;
1734
1735
if(iterations>=65011712)
1736
return 255;
1737
1738
/* Need count to be in the range 16-31 */
1739
for(count=iterations>>6;count>=32;count>>=1)
1740
c++;
1741
1742
result=(c<<4)|(count-16);
1743
1744
if(S2K_DECODE_COUNT(result)<iterations)
1745
result++;
1746
1747
return result;
1748
}
1749
1750
1751
/* This fucntion called to initialized a new control object. It is
1752
assumed that this object has been zeroed out before calling this
1753
function. */
1754
static void
1755
gpg_init_default_ctrl (ctrl_t ctrl)
1756
{
1757
}
1758
1759
1760
/* This function is called to deinitialize a control object. It is
1761
not deallocated. */
1762
static void
1763
gpg_deinit_default_ctrl (ctrl_t ctrl)
1764
{
1765
}
1766
1767
1768
char *
1769
get_default_configname (void)
1770
{
1771
char *configname = NULL;
1772
char *name = xstrdup ("gpg" EXTSEP_S "conf-" SAFE_VERSION);
1773
char *ver = &name[strlen ("gpg" EXTSEP_S "conf-")];
1774
1775
do
1776
{
1777
if (configname)
1778
{
1779
char *tok;
1780
1781
xfree (configname);
1782
configname = NULL;
1783
1784
if ((tok = strrchr (ver, SAFE_VERSION_DASH)))
1785
*tok='\0';
1786
else if ((tok = strrchr (ver, SAFE_VERSION_DOT)))
1787
*tok='\0';
1788
else
1789
break;
1790
}
1791
1792
configname = make_filename (opt.homedir, name, NULL);
1793
}
1794
while (access (configname, R_OK));
1795
1796
xfree(name);
1797
1798
if (! configname)
1799
configname = make_filename (opt.homedir, "gpg" EXTSEP_S "conf", NULL);
1800
if (! access (configname, R_OK))
1801
{
1802
/* Print a warning when both config files are present. */
1803
char *p = make_filename (opt.homedir, "options", NULL);
1804
if (! access (p, R_OK))
1805
log_info (_("NOTE: old default options file `%s' ignored\n"), p);
1806
xfree (p);
1807
}
1808
else
1809
{
1810
/* Use the old default only if it exists. */
1811
char *p = make_filename (opt.homedir, "options", NULL);
1812
if (!access (p, R_OK))
1813
{
1814
xfree (configname);
1815
configname = p;
1816
}
1817
else
1818
xfree (p);
1819
}
1820
1821
return configname;
1822
}
1823
603
1824
604
1825
int
605
main( int argc, char **argv )
1826
main (int argc, char **argv)
606
1827
{
607
1828
ARGPARSE_ARGS pargs;
608
1829
IOBUF a;
612
1833
const char *fname;
613
1834
char *username;
614
1835
int may_coredump;
615
STRLIST sl, remusr= NULL, locusr=NULL;
616
STRLIST nrings=NULL, sec_nrings=NULL;
617
armor_filter_context_t afx;
1836
strlist_t sl, remusr= NULL, locusr=NULL;
1837
strlist_t nrings=NULL, sec_nrings=NULL;
1838
armor_filter_context_t *afx = NULL;
618
1839
int detached_sig = 0;
619
1840
FILE *configfp = NULL;
620
1841
char *configname = NULL;
1842
char *save_configname = NULL;
1843
char *default_configname = NULL;
621
1844
unsigned configlineno;
622
1845
int parse_debug = 0;
623
int default_config =1;
1846
int default_config = 1;
624
1847
int default_keyring = 1;
625
1848
int greeting = 0;
626
1849
int nogreeting = 0;
1850
char *logfile = NULL;
627
1851
int use_random_seed = 1;
628
1852
enum cmd_and_opt_values cmd = 0;
1853
const char *debug_level = NULL;
629
1854
const char *trustdb_name = NULL;
630
1855
char *def_cipher_string = NULL;
631
1856
char *def_digest_string = NULL;
1857
char *compress_algo_string = NULL;
1858
char *cert_digest_string = NULL;
632
1859
char *s2k_cipher_string = NULL;
633
1860
char *s2k_digest_string = NULL;
1861
char *pers_cipher_list = NULL;
1862
char *pers_digest_list = NULL;
1863
char *pers_compress_list = NULL;
1864
int eyes_only=0;
1865
int multifile=0;
634
1866
int pwfd = -1;
635
1867
int with_fpr = 0; /* make an option out of --fingerprint */
636
#ifdef USE_SHM_COPROCESSING
637
ulong requested_shm_size=0;
638
#endif
639
640
trap_unaligned();
641
set_strusage( my_strusage );
642
gcry_control( GCRYCTL_SUSPEND_SECMEM_WARN );
1868
int any_explicit_recipient = 0;
1869
int require_secmem=0,got_secmem=0;
1870
1871
#ifdef __riscos__
1872
opt.lock_once = 1;
1873
#endif /* __riscos__ */
1874
1875
643
1876
/* Please note that we may running SUID(ROOT), so be very CAREFUL
644
* when adding any stuff between here and the call to
645
* secmem_init() somewhere after the option parsing
646
*/
647
log_set_name("gpg");
648
/* check that the libraries are suitable. Do it here because
649
* the option parse may need services of the library */
650
if ( !gcry_check_version ( "1.1.0a" ) ) {
651
log_fatal(_("libgcrypt is too old (need %s, have %s)\n"),
652
VERSION, gcry_check_version(NULL) );
653
}
654
655
gcry_control( GCRYCTL_USE_SECURE_RNDPOOL );
1877
when adding any stuff between here and the call to
1878
secmem_init() somewhere after the option parsing. */
1879
gnupg_reopen_std ("gpg");
1880
trap_unaligned ();
1881
gnupg_rl_initialize ();
1882
set_strusage (my_strusage);
1883
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
1884
/* We don't need any locking in libgcrypt unless we use any kind of
1885
threading. */
1886
gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING);
1887
log_set_prefix ("gpg", 1);
1888
1889
/* Make sure that our subsystems are ready. */
1890
init_common_subsystems ();
1891
1892
/* Check that the libraries are suitable. Do it right here because the
1893
option parsing may need services of the library. */
1894
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
1895
{
1896
log_fatal ( _("libgcrypt is too old (need %s, have %s)\n"),
1897
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
1898
}
1899
1900
/* Put random number into secure memory */
1901
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
1902
656
1903
may_coredump = disable_core_dumps();
657
init_signals();
658
create_dotlock(NULL); /* register locking cleanup */
1904
1905
gnupg_init_signals (0, emergency_cleanup);
1906
1907
create_dotlock(NULL); /* Register locking cleanup. */
1908
659
1909
i18n_init();
1910
660
1911
opt.command_fd = -1; /* no command fd */
661
opt.compress = -1; /* defaults to standard compress level */
1912
opt.compress_level = -1; /* defaults to standard compress level */
1913
opt.bz2_compress_level = -1; /* defaults to standard compress level */
662
1914
/* note: if you change these lines, look at oOpenPGP */
663
1915
opt.def_cipher_algo = 0;
664
1916
opt.def_digest_algo = 0;
665
opt.def_compress_algo = 2;
1917
opt.cert_digest_algo = 0;
1918
opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
666
1919
opt.s2k_mode = 3; /* iterated+salted */
667
opt.s2k_digest_algo = GCRY_MD_SHA1;
668
opt.s2k_cipher_algo = GCRY_CIPHER_CAST5;
1920
opt.s2k_count = 96; /* 65536 iterations */
1921
#ifdef USE_CAST5
1922
opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
1923
#else
1924
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
1925
#endif
669
1926
opt.completes_needed = 1;
670
1927
opt.marginals_needed = 3;
671
1928
opt.max_cert_depth = 5;
672
1929
opt.pgp2_workarounds = 1;
673
opt.auto_key_retrieve = 1;
674
#ifdef __MINGW32__
675
opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" );
676
#else
677
opt.homedir = getenv("GNUPGHOME");
678
#endif
679
if( !opt.homedir || !*opt.homedir ) {
680
opt.homedir = GNUPG_HOMEDIR;
681
}
1930
opt.escape_from = 1;
1931
opt.flags.require_cross_cert = 1;
1932
opt.import_options=IMPORT_SK2PK;
1933
opt.export_options=EXPORT_ATTRIBUTES;
1934
opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG;
1935
opt.keyserver_options.export_options=EXPORT_ATTRIBUTES;
1936
opt.keyserver_options.options=
1937
KEYSERVER_HONOR_KEYSERVER_URL|KEYSERVER_HONOR_PKA_RECORD;
1938
opt.verify_options=
1939
VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
1940
opt.trust_model=TM_AUTO;
1941
opt.mangle_dos_filenames=0;
1942
opt.min_cert_level=2;
1943
set_screen_dimensions();
1944
opt.keyid_format=KF_SHORT;
1945
opt.def_sig_expire="0";
1946
opt.def_cert_expire="0";
1947
set_homedir ( default_homedir () );
1948
opt.passwd_repeat=1;
682
1949
683
/* check whether we have a config file on the commandline */
1950
/* Check whether we have a config file on the command line. */
684
1951
orig_argc = argc;
685
1952
orig_argv = argv;
686
1953
pargs.argc = &argc;
696
1963
default_config = 0;
697
1964
}
698
1965
else if( pargs.r_opt == oNoOptions )
1966
{
699
1967
default_config = 0; /* --no-options */
700
else if( pargs.r_opt == oHomedir )
701
opt.homedir = pargs.r.ret_str;
702
#ifdef USE_SHM_COPROCESSING
703
else if( pargs.r_opt == oRunAsShmCP ) {
704
/* does not make sense in a options file, we do it here,
705
* so that we are the able to drop setuid as soon as possible */
706
opt.shm_coprocess = 1;
707
requested_shm_size = pargs.r.ret_ulong;
708
}
709
else if ( pargs.r_opt == oStatusFD ) {
710
/* this is needed to ensure that the status-fd filedescriptor is
711
* initialized when init_shm_coprocessing() is called */
712
set_status_fd( pargs.r.ret_int );
713
}
714
#endif
715
}
716
717
718
#ifdef USE_SHM_COPROCESSING
719
if( opt.shm_coprocess ) {
720
init_shm_coprocessing(requested_shm_size, 1 );
721
}
722
#endif
723
/* initialize the secure memory. */
724
gcry_control( GCRYCTL_INIT_SECMEM, 16384, 0 );
1968
opt.no_homedir_creation = 1;
1969
}
1970
else if( pargs.r_opt == oHomedir )
1971
set_homedir ( pargs.r.ret_str );
1972
else if( pargs.r_opt == oNoPermissionWarn )
1973
opt.no_perm_warn=1;
1974
else if (pargs.r_opt == oStrict )
1975
{
1976
/* Not used */
1977
}
1978
else if (pargs.r_opt == oNoStrict )
1979
{
1980
/* Not used */
1981
}
1982
}
1983
1984
#ifdef HAVE_DOSISH_SYSTEM
1985
if ( strchr (opt.homedir,'\\') ) {
1986
char *d, *buf = xmalloc (strlen (opt.homedir)+1);
1987
const char *s = opt.homedir;
1988
for (d=buf,s=opt.homedir; *s; s++)
1989
{
1990
*d++ = *s == '\\'? '/': *s;
1991
#ifdef HAVE_W32_SYSTEM
1992
if (s[1] && IsDBCSLeadByte (*s))
1993
*d++ = *++s;
1994
#endif
1995
}
1996
*d = 0;
1997
set_homedir (buf);
1998
}
1999
#endif
2000
2001
/* Initialize the secure memory. */
2002
if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
2003
got_secmem = 1;
2004
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
2005
/* There should be no way to get to this spot while still carrying
2006
setuid privs. Just in case, bomb out if we are. */
2007
if(getuid()!=geteuid())
2008
BUG();
2009
#endif
725
2010
maybe_setuid = 0;
2011
726
2012
/* Okay, we are now working under our real uid */
727
2013
728
if( default_config )
729
configname = make_filename(opt.homedir, "options", NULL );
2014
/* malloc hooks go here ... */
2015
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
2016
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT);
2017
2018
2019
/* Try for a version specific config file first */
2020
default_configname = get_default_configname ();
2021
if (default_config)
2022
configname = xstrdup (default_configname);
730
2023
731
2024
argc = orig_argc;
732
2025
argv = orig_argv;
733
2026
pargs.argc = &argc;
734
2027
pargs.argv = &argv;
735
2028
pargs.flags= 1; /* do not remove the args */
2029
2030
/* By this point we have a homedir, and cannot change it. */
2031
check_permissions(opt.homedir,0);
2032
736
2033
next_pass:
737
2034
if( configname ) {
2035
if(check_permissions(configname,1))
2036
{
2037
/* If any options file is unsafe, then disable any external
2038
programs for keyserver calls or photo IDs. Since the
2039
external program to call is set in the options file, a
2040
unsafe options file can lead to an arbitrary program
2041
being run. */
2042
2043
opt.exec_disable=1;
2044
}
2045
738
2046
configlineno = 0;
739
2047
configfp = fopen( configname, "r" );
2048
if (configfp && is_secured_file (fileno (configfp)))
2049
{
2050
fclose (configfp);
2051
configfp = NULL;
2052
errno = EPERM;
2053
}
740
2054
if( !configfp ) {
741
2055
if( default_config ) {
742
2056
if( parse_debug )
746
2060
else {
747
2061
log_error(_("option file `%s': %s\n"),
748
2062
configname, strerror(errno) );
749
gpg_exit(2);
2063
g10_exit(2);
750
2064
}
751
gcry_free(configname); configname = NULL;
2065
xfree(configname); configname = NULL;
752
2066
}
753
2067
if( parse_debug && configname )
754
2068
log_info(_("reading options from `%s'\n"), configname );
756
2070
}
757
2071
758
2072
while( optfile_parse( configfp, configname, &configlineno,
759
&pargs, opts) ) {
760
switch( pargs.r_opt ) {
761
case aCheckKeys: set_cmd( &cmd, aCheckKeys); break;
762
case aListPackets: set_cmd( &cmd, aListPackets); break;
763
case aImport: set_cmd( &cmd, aImport); break;
764
case aFastImport: set_cmd( &cmd, aFastImport); break;
765
case aSendKeys: set_cmd( &cmd, aSendKeys); break;
766
case aRecvKeys: set_cmd( &cmd, aRecvKeys); break;
767
case aExport: set_cmd( &cmd, aExport); break;
768
case aExportAll: set_cmd( &cmd, aExportAll); break;
769
case aListKeys: set_cmd( &cmd, aListKeys); break;
770
case aListSigs: set_cmd( &cmd, aListSigs); break;
771
case aExportSecret: set_cmd( &cmd, aExportSecret); break;
772
case aExportSecretSub: set_cmd( &cmd, aExportSecretSub); break;
773
case aDeleteSecretKey: set_cmd( &cmd, aDeleteSecretKey);
774
greeting=1; break;
775
case aDeleteKey: set_cmd( &cmd, aDeleteKey); greeting=1; break;
2073
&pargs, opts) )
2074
{
2075
switch( pargs.r_opt )
2076
{
2077
case aCheckKeys:
2078
case aListConfig:
2079
case aGPGConfList:
2080
case aGPGConfTest:
2081
case aListPackets:
2082
case aImport:
2083
case aFastImport:
2084
case aSendKeys:
2085
case aRecvKeys:
2086
case aSearchKeys:
2087
case aRefreshKeys:
2088
case aFetchKeys:
2089
case aExport:
2090
#ifdef ENABLE_CARD_SUPPORT
2091
case aCardStatus:
2092
case aCardEdit:
2093
case aChangePIN:
2094
#endif /* ENABLE_CARD_SUPPORT*/
2095
case aListKeys:
2096
case aListSigs:
2097
case aExportSecret:
2098
case aExportSecretSub:
2099
case aSym:
2100
case aClearsign:
2101
case aGenRevoke:
2102
case aDesigRevoke:
2103
case aPrimegen:
2104
case aGenRandom:
2105
case aPrintMD:
2106
case aPrintMDs:
2107
case aListTrustDB:
2108
case aCheckTrustDB:
2109
case aUpdateTrustDB:
2110
case aFixTrustDB:
2111
case aListTrustPath:
2112
case aDeArmor:
2113
case aEnArmor:
2114
case aSign:
2115
case aSignKey:
2116
case aLSignKey:
2117
case aStore:
2118
case aExportOwnerTrust:
2119
case aImportOwnerTrust:
2120
case aRebuildKeydbCaches:
2121
set_cmd (&cmd, pargs.r_opt);
2122
break;
2123
2124
case aKeygen:
2125
case aEditKey:
2126
case aDeleteSecretKeys:
2127
case aDeleteSecretAndPublicKeys:
2128
case aDeleteKeys:
2129
set_cmd (&cmd, pargs.r_opt);
2130
greeting=1;
2131
break;
776
2132
777
2133
case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
778
case aSym: set_cmd( &cmd, aSym); break;
779
2134
2135
case aDecryptFiles: multifile=1; /* fall through */
780
2136
case aDecrypt: set_cmd( &cmd, aDecrypt); break;
781
2137
2138
case aEncrFiles: multifile=1; /* fall through */
782
2139
case aEncr: set_cmd( &cmd, aEncr); break;
783
case aSign: set_cmd( &cmd, aSign ); break;
784
case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
785
case aSignKey: set_cmd( &cmd, aSignKey); break;
786
case aLSignKey: set_cmd( &cmd, aLSignKey); break;
787
case aStore: set_cmd( &cmd, aStore); break;
788
case aEditKey: set_cmd( &cmd, aEditKey); greeting=1; break;
789
case aClearsign: set_cmd( &cmd, aClearsign); break;
790
case aGenRevoke: set_cmd( &cmd, aGenRevoke); break;
2140
2141
case aVerifyFiles: multifile=1; /* fall through */
791
2142
case aVerify: set_cmd( &cmd, aVerify); break;
792
case aVerifyFiles: set_cmd( &cmd, aVerifyFiles); break;
793
case aPrimegen: set_cmd( &cmd, aPrimegen); break;
794
case aGenRandom: set_cmd( &cmd, aGenRandom); break;
795
case aPrintMD: set_cmd( &cmd, aPrintMD); break;
796
case aPrintMDs: set_cmd( &cmd, aPrintMDs); break;
797
case aPrintHMAC: set_cmd( &cmd, aPrintHMAC); break;
798
case aListTrustDB: set_cmd( &cmd, aListTrustDB); break;
799
case aCheckTrustDB: set_cmd( &cmd, aCheckTrustDB); break;
800
case aUpdateTrustDB: set_cmd( &cmd, aUpdateTrustDB); break;
801
case aFixTrustDB: set_cmd( &cmd, aFixTrustDB); break;
802
case aListTrustPath: set_cmd( &cmd, aListTrustPath); break;
803
case aDeArmor: set_cmd( &cmd, aDeArmor); break;
804
case aEnArmor: set_cmd( &cmd, aEnArmor); break;
805
case aExportOwnerTrust: set_cmd( &cmd, aExportOwnerTrust); break;
806
case aImportOwnerTrust: set_cmd( &cmd, aImportOwnerTrust); break;
2143
2144
case aServer:
2145
set_cmd (&cmd, pargs.r_opt);
2146
opt.batch = 1;
2147
break;
807
2148
808
2149
case oArmor: opt.armor = 1; opt.no_armor=0; break;
809
2150
case oOutput: opt.outfile = pargs.r.ret_str; break;
2151
case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
810
2152
case oQuiet: opt.quiet = 1; break;
811
2153
case oNoTTY: tty_no_terminal(1); break;
812
2154
case oDryRun: opt.dry_run = 1; break;
813
2155
case oInteractive: opt.interactive = 1; break;
814
2156
case oVerbose:
815
opt.verbose++; opt.list_sigs=1;
816
gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose );
817
break;
818
case oKOption: set_cmd( &cmd, aKMode ); break;
819
820
case oBatch: opt.batch = 1; greeting = 0; break;
821
case oUseAgent: opt.use_agent = 1; break;
2157
opt.verbose++;
2158
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2159
opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
2160
opt.list_options|=LIST_SHOW_UNUSABLE_SUBKEYS;
2161
break;
2162
2163
case oBatch:
2164
opt.batch = 1;
2165
nogreeting = 1;
2166
break;
2167
2168
case oUseAgent: /* Dummy. */
2169
break;
2170
case oNoUseAgent:
2171
obsolete_option (configname, configlineno, "--no-use-agent");
2172
break;
2173
case oGpgAgentInfo:
2174
obsolete_option (configname, configlineno, "--gpg-agent-info");
2175
break;
2176
822
2177
case oAnswerYes: opt.answer_yes = 1; break;
823
2178
case oAnswerNo: opt.answer_no = 1; break;
824
2179
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
2180
case oPrimaryKeyring:
2181
sl=append_to_strlist( &nrings, pargs.r.ret_str);
2182
sl->flags=2;
2183
break;
2184
case oShowKeyring:
2185
deprecated_warning(configname,configlineno,"--show-keyring",
2186
"--list-options ","show-keyring");
2187
opt.list_options|=LIST_SHOW_KEYRING;
2188
break;
2189
825
2190
case oDebug: opt.debug |= pargs.r.ret_ulong; break;
826
2191
case oDebugAll: opt.debug = ~0; break;
827
case oStatusFD: set_status_fd( pargs.r.ret_int ); break;
828
case oLoggerFD: log_set_logfile( NULL, pargs.r.ret_int ); break;
2192
case oDebugLevel: debug_level = pargs.r.ret_str; break;
2193
2194
case oStatusFD:
2195
set_status_fd( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2196
break;
2197
case oStatusFile:
2198
set_status_fd ( open_info_file (pargs.r.ret_str, 1) );
2199
break;
2200
case oAttributeFD:
2201
set_attrib_fd(translate_sys2libc_fd_int (pargs.r.ret_int, 1));
2202
break;
2203
case oAttributeFile:
2204
set_attrib_fd ( open_info_file (pargs.r.ret_str, 1) );
2205
break;
2206
case oLoggerFD:
2207
log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
2208
break;
2209
case oLoggerFile:
2210
logfile = pargs.r.ret_str;
2211
break;
2212
829
2213
case oWithFingerprint:
830
with_fpr=1; /*fall thru*/
2214
opt.with_fingerprint = 1;
2215
with_fpr=1; /*fall thru*/
831
2216
case oFingerprint: opt.fingerprint++; break;
832
case oSecretKeyring: append_to_strlist( &sec_nrings, pargs.r.ret_str); break;
2217
case oSecretKeyring:
2218
append_to_strlist( &sec_nrings, pargs.r.ret_str);
2219
break;
833
2220
case oOptions:
834
2221
/* config files may not be nested (silently ignore them) */
835
2222
if( !configfp ) {
836
gcry_free(configname);
837
configname = gcry_xstrdup(pargs.r.ret_str);
2223
xfree(configname);
2224
configname = xstrdup(pargs.r.ret_str);
838
2225
goto next_pass;
839
2226
}
840
2227
break;
841
2228
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
842
2229
case oNoDefKeyring: default_keyring = 0; break;
843
2230
case oNoGreeting: nogreeting = 1; break;
844
case oNoVerbose:
845
opt.verbose = 0; opt.list_sigs=0;
846
gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose );
847
break;
848
case oNoComment: opt.no_comment=1; break;
849
case oNoVersion: opt.no_version=1; break;
2231
case oNoVerbose:
2232
opt.verbose = 0;
2233
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2234
opt.list_sigs=0;
2235
break;
2236
case oQuickRandom:
2237
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
2238
break;
850
2239
case oEmitVersion: opt.no_version=0; break;
2240
case oNoEmitVersion: opt.no_version=1; break;
851
2241
case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
852
2242
case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
853
2243
case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
854
2244
case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
855
2245
case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
856
2246
case oDefRecipient:
857
if( *pargs.r.ret_str )
858
opt.def_recipient = make_username(pargs.r.ret_str);
859
break;
2247
if( *pargs.r.ret_str )
2248
opt.def_recipient = make_username(pargs.r.ret_str);
2249
break;
860
2250
case oDefRecipientSelf:
861
gcry_free(opt.def_recipient); opt.def_recipient = NULL;
862
opt.def_recipient_self = 1;
863
break;
2251
xfree(opt.def_recipient); opt.def_recipient = NULL;
2252
opt.def_recipient_self = 1;
2253
break;
864
2254
case oNoDefRecipient:
865
gcry_free(opt.def_recipient); opt.def_recipient = NULL;
866
opt.def_recipient_self = 0;
867
break;
868
case oNoOptions: break; /* no-options */
869
case oHomedir: opt.homedir = pargs.r.ret_str; break;
2255
xfree(opt.def_recipient); opt.def_recipient = NULL;
2256
opt.def_recipient_self = 0;
2257
break;
2258
case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
2259
case oHomedir: break;
870
2260
case oNoBatch: opt.batch = 0; break;
871
2261
case oWithKeyData: opt.with_key_data=1; /* fall thru */
872
2262
case oWithColons: opt.with_colons=':'; break;
873
2263
874
2264
case oSkipVerify: opt.skip_verify=1; break;
875
case oCompressAlgo: opt.def_compress_algo = pargs.r.ret_int; break;
876
2265
case oCompressKeys: opt.compress_keys = 1; break;
877
2266
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
878
case oAlwaysTrust: opt.always_trust = 1; break;
2267
/* There are many programs (like mutt) that call gpg with
2268
--always-trust so keep this option around for a long
2269
time. */
2270
case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
2271
case oTrustModel:
2272
parse_trust_model(pargs.r.ret_str);
2273
break;
2274
case oForceOwnertrust:
2275
log_info(_("NOTE: %s is not for normal use!\n"),
2276
"--force-ownertrust");
2277
opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
2278
if(opt.force_ownertrust==-1)
2279
{
2280
log_error("invalid ownertrust `%s'\n",pargs.r.ret_str);
2281
opt.force_ownertrust=0;
2282
}
2283
break;
879
2284
case oLoadExtension:
880
register_extension(orig_argc? *orig_argv:NULL, pargs.r.ret_str);
2285
/* Dummy so that gpg 1.4 conf files can work. Should
2286
eventually be removed. */
881
2287
break;
882
2288
case oRFC1991:
883
opt.rfc1991 = 1;
884
opt.rfc2440 = 0;
885
opt.no_comment = 1;
2289
opt.compliance = CO_RFC1991;
2290
opt.force_v4_certs = 0;
886
2291
opt.escape_from = 1;
887
2292
break;
888
2293
case oOpenPGP:
889
opt.rfc1991 = 0;
890
opt.rfc2440 = 1;
2294
case oRFC4880:
2295
/* This is effectively the same as RFC2440, but with
2296
"--enable-dsa2 --no-rfc2440-text --escape-from-lines
2297
--require-cross-certification". */
2298
opt.compliance = CO_RFC4880;
2299
opt.flags.dsa2 = 1;
2300
opt.flags.require_cross_cert = 1;
2301
opt.rfc2440_text = 0;
2302
opt.allow_non_selfsigned_uid = 1;
2303
opt.allow_freeform_uid = 1;
2304
opt.pgp2_workarounds = 0;
2305
opt.escape_from = 1;
2306
opt.force_v3_sigs = 0;
2307
opt.compress_keys = 0; /* not mandated, but we do it */
2308
opt.compress_sigs = 0; /* ditto. */
2309
opt.not_dash_escaped = 0;
2310
opt.def_cipher_algo = 0;
2311
opt.def_digest_algo = 0;
2312
opt.cert_digest_algo = 0;
2313
opt.compress_algo = -1;
2314
opt.s2k_mode = 3; /* iterated+salted */
2315
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2316
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2317
break;
2318
case oRFC2440:
2319
opt.compliance = CO_RFC2440;
2320
opt.flags.dsa2 = 0;
2321
opt.rfc2440_text = 1;
2322
opt.allow_non_selfsigned_uid = 1;
2323
opt.allow_freeform_uid = 1;
891
2324
opt.pgp2_workarounds = 0;
892
2325
opt.escape_from = 0;
893
2326
opt.force_v3_sigs = 0;
894
opt.compress_keys = 0; /* not mandated but we do it */
2327
opt.compress_keys = 0; /* not mandated, but we do it */
895
2328
opt.compress_sigs = 0; /* ditto. */
896
2329
opt.not_dash_escaped = 0;
897
2330
opt.def_cipher_algo = 0;
898
2331
opt.def_digest_algo = 0;
899
opt.def_compress_algo = 1;
900
opt.s2k_mode = 3; /* iterated+salted */
901
opt.s2k_digest_algo = GCRY_MD_SHA1;
902
opt.s2k_cipher_algo = GCRY_CIPHER_CAST5;
2332
opt.cert_digest_algo = 0;
2333
opt.compress_algo = -1;
2334
opt.s2k_mode = 3; /* iterated+salted */
2335
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2336
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
903
2337
break;
904
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
2338
case oPGP2: opt.compliance = CO_PGP2; break;
2339
case oPGP6: opt.compliance = CO_PGP6; break;
2340
case oPGP7: opt.compliance = CO_PGP7; break;
2341
case oPGP8: opt.compliance = CO_PGP8; break;
2342
case oGnuPG: opt.compliance = CO_GNUPG; break;
905
2343
case oCompressSigs: opt.compress_sigs = 1; break;
906
case oRunAsShmCP:
907
#ifndef USE_SHM_COPROCESSING
908
/* not possible in the option file,
909
* but we print the warning here anyway */
910
log_error("shared memory coprocessing is not available\n");
911
#endif
912
break;
913
case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
914
case oSetPolicyURL: opt.set_policy_url = pargs.r.ret_str; break;
915
case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break;
916
case oComment: opt.comment_string = pargs.r.ret_str; break;
917
case oDefaultComment: opt.comment_string = NULL; break;
918
case oThrowKeyid: opt.throw_keyid = 1; break;
2344
case oRFC2440Text: opt.rfc2440_text=1; break;
2345
case oNoRFC2440Text: opt.rfc2440_text=0; break;
2346
case oSetFilename:
2347
if(utf8_strings)
2348
opt.set_filename = pargs.r.ret_str;
2349
else
2350
opt.set_filename = native_to_utf8(pargs.r.ret_str);
2351
break;
2352
case oForYourEyesOnly: eyes_only = 1; break;
2353
case oNoForYourEyesOnly: eyes_only = 0; break;
2354
case oSetPolicyURL:
2355
add_policy_url(pargs.r.ret_str,0);
2356
add_policy_url(pargs.r.ret_str,1);
2357
break;
2358
case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
2359
case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
2360
case oShowPolicyURL:
2361
deprecated_warning(configname,configlineno,"--show-policy-url",
2362
"--list-options ","show-policy-urls");
2363
deprecated_warning(configname,configlineno,"--show-policy-url",
2364
"--verify-options ","show-policy-urls");
2365
opt.list_options|=LIST_SHOW_POLICY_URLS;
2366
opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
2367
break;
2368
case oNoShowPolicyURL:
2369
deprecated_warning(configname,configlineno,"--no-show-policy-url",
2370
"--list-options ","no-show-policy-urls");
2371
deprecated_warning(configname,configlineno,"--no-show-policy-url",
2372
"--verify-options ","no-show-policy-urls");
2373
opt.list_options&=~LIST_SHOW_POLICY_URLS;
2374
opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
2375
break;
2376
case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
2377
case oUseEmbeddedFilename:
2378
opt.flags.use_embedded_filename=1;
2379
break;
2380
case oNoUseEmbeddedFilename:
2381
opt.flags.use_embedded_filename=0;
2382
break;
2383
case oComment:
2384
if(pargs.r.ret_str[0])
2385
append_to_strlist(&opt.comments,pargs.r.ret_str);
2386
break;
2387
case oDefaultComment:
2388
deprecated_warning(configname,configlineno,
2389
"--default-comment","--no-comments","");
2390
/* fall through */
2391
case oNoComments:
2392
free_strlist(opt.comments);
2393
opt.comments=NULL;
2394
break;
2395
case oThrowKeyids: opt.throw_keyid = 1; break;
2396
case oNoThrowKeyids: opt.throw_keyid = 0; break;
2397
case oShowPhotos:
2398
deprecated_warning(configname,configlineno,"--show-photos",
2399
"--list-options ","show-photos");
2400
deprecated_warning(configname,configlineno,"--show-photos",
2401
"--verify-options ","show-photos");
2402
opt.list_options|=LIST_SHOW_PHOTOS;
2403
opt.verify_options|=VERIFY_SHOW_PHOTOS;
2404
break;
2405
case oNoShowPhotos:
2406
deprecated_warning(configname,configlineno,"--no-show-photos",
2407
"--list-options ","no-show-photos");
2408
deprecated_warning(configname,configlineno,"--no-show-photos",
2409
"--verify-options ","no-show-photos");
2410
opt.list_options&=~LIST_SHOW_PHOTOS;
2411
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
2412
break;
2413
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
919
2414
case oForceV3Sigs: opt.force_v3_sigs = 1; break;
2415
case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
2416
case oForceV4Certs: opt.force_v4_certs = 1; break;
2417
case oNoForceV4Certs: opt.force_v4_certs = 0; break;
920
2418
case oForceMDC: opt.force_mdc = 1; break;
2419
case oNoForceMDC: opt.force_mdc = 0; break;
2420
case oDisableMDC: opt.disable_mdc = 1; break;
2421
case oNoDisableMDC: opt.disable_mdc = 0; break;
921
2422
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
922
case oS2KDigest: s2k_digest_string = gcry_xstrdup(pargs.r.ret_str); break;
923
case oS2KCipher: s2k_cipher_string = gcry_xstrdup(pargs.r.ret_str); break;
924
2423
case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
2424
case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
2425
case oS2KCount:
2426
opt.s2k_count=encode_s2k_iterations(pargs.r.ret_int);
2427
break;
2428
case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break;
925
2429
case oNoEncryptTo: opt.no_encrypt_to = 1; break;
926
2430
case oEncryptTo: /* store the recipient in the second list */
927
2431
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
928
2432
sl->flags = 1;
929
2433
break;
2434
case oHiddenEncryptTo: /* store the recipient in the second list */
2435
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2436
sl->flags = 1|2;
2437
break;
930
2438
case oRecipient: /* store the recipient */
931
2439
add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2440
any_explicit_recipient = 1;
2441
break;
2442
case oHiddenRecipient: /* store the recipient with a flag */
2443
sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2444
sl->flags = 2;
2445
any_explicit_recipient = 1;
932
2446
break;
933
2447
case oTextmodeShort: opt.textmode = 2; break;
934
2448
case oTextmode: opt.textmode=1; break;
935
case oUser: /* store the local users */
2449
case oNoTextmode: opt.textmode=0; break;
2450
case oExpert: opt.expert = 1; break;
2451
case oNoExpert: opt.expert = 0; break;
2452
case oDefSigExpire:
2453
if(*pargs.r.ret_str!='\0')
2454
{
2455
if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2456
log_error(_("`%s' is not a valid signature expiration\n"),
2457
pargs.r.ret_str);
2458
else
2459
opt.def_sig_expire=pargs.r.ret_str;
2460
}
2461
break;
2462
case oAskSigExpire: opt.ask_sig_expire = 1; break;
2463
case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
2464
case oDefCertExpire:
2465
if(*pargs.r.ret_str!='\0')
2466
{
2467
if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2468
log_error(_("`%s' is not a valid signature expiration\n"),
2469
pargs.r.ret_str);
2470
else
2471
opt.def_cert_expire=pargs.r.ret_str;
2472
}
2473
break;
2474
case oAskCertExpire: opt.ask_cert_expire = 1; break;
2475
case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
2476
case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
2477
case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
2478
case oAskCertLevel: opt.ask_cert_level = 1; break;
2479
case oNoAskCertLevel: opt.ask_cert_level = 0; break;
2480
case oLocalUser: /* store the local users */
936
2481
add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
937
2482
break;
938
case oCompress: opt.compress = pargs.r.ret_int; break;
939
case oPasswdFD: pwfd = pargs.r.ret_int; break;
940
case oCommandFD: opt.command_fd = pargs.r.ret_int; break;
941
case oCipherAlgo: def_cipher_string = gcry_xstrdup(pargs.r.ret_str); break;
942
case oDigestAlgo: def_digest_string = gcry_xstrdup(pargs.r.ret_str); break;
943
case oNoSecmemWarn: gcry_control( GCRYCTL_DISABLE_SECMEM_WARN ); break;
944
case oCharset:
2483
case oCompress:
2484
/* this is the -z command line option */
2485
opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
2486
break;
2487
case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
2488
case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
2489
case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
2490
case oPasswd:
2491
set_passphrase_from_string(pargs.r.ret_str);
2492
break;
2493
case oPasswdFD:
2494
pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
2495
break;
2496
case oPasswdFile:
2497
pwfd = open_info_file (pargs.r.ret_str, 0);
2498
break;
2499
case oPasswdRepeat: opt.passwd_repeat=pargs.r.ret_int; break;
2500
case oCommandFD:
2501
opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
2502
break;
2503
case oCommandFile:
2504
opt.command_fd = open_info_file (pargs.r.ret_str, 0);
2505
break;
2506
case oCipherAlgo:
2507
def_cipher_string = xstrdup(pargs.r.ret_str);
2508
break;
2509
case oDigestAlgo:
2510
def_digest_string = xstrdup(pargs.r.ret_str);
2511
break;
2512
case oCompressAlgo:
2513
/* If it is all digits, stick a Z in front of it for
2514
later. This is for backwards compatibility with
2515
versions that took the compress algorithm number. */
2516
{
2517
char *pt=pargs.r.ret_str;
2518
while(*pt)
2519
{
2520
if (!isascii (*pt) || !isdigit (*pt))
2521
break;
2522
2523
pt++;
2524
}
2525
2526
if(*pt=='\0')
2527
{
2528
compress_algo_string=xmalloc(strlen(pargs.r.ret_str)+2);
2529
strcpy(compress_algo_string,"Z");
2530
strcat(compress_algo_string,pargs.r.ret_str);
2531
}
2532
else
2533
compress_algo_string = xstrdup(pargs.r.ret_str);
2534
}
2535
break;
2536
case oCertDigestAlgo:
2537
cert_digest_string = xstrdup(pargs.r.ret_str);
2538
break;
2539
2540
case oNoSecmemWarn:
2541
gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
2542
break;
2543
2544
case oRequireSecmem: require_secmem=1; break;
2545
case oNoRequireSecmem: require_secmem=0; break;
2546
case oNoPermissionWarn: opt.no_perm_warn=1; break;
2547
case oNoMDCWarn: opt.no_mdc_warn=1; break;
2548
case oDisplayCharset:
945
2549
if( set_native_charset( pargs.r.ret_str ) )
946
log_error(_("%s is not a valid character set\n"),
947
pargs.r.ret_str);
2550
log_error(_("`%s' is not a valid character set\n"),
2551
pargs.r.ret_str);
948
2552
break;
949
2553
case oNotDashEscaped: opt.not_dash_escaped = 1; break;
950
2554
case oEscapeFrom: opt.escape_from = 1; break;
2555
case oNoEscapeFrom: opt.escape_from = 0; break;
951
2556
case oLockOnce: opt.lock_once = 1; break;
952
#if 0
953
#warning no disable_dotlock() yet
954
case oLockNever: disable_dotlock(); break;
955
#endif
956
case oLockMultiple: opt.lock_once = 0; break;
957
case oKeyServer: opt.keyserver_name = pargs.r.ret_str; break;
958
case oNotation: add_notation_data( pargs.r.ret_str ); break;
2557
case oLockNever:
2558
disable_dotlock ();
2559
break;
2560
case oLockMultiple:
2561
#ifndef __riscos__
2562
opt.lock_once = 0;
2563
#else /* __riscos__ */
2564
riscos_not_implemented("lock-multiple");
2565
#endif /* __riscos__ */
2566
break;
2567
case oKeyServer:
2568
{
2569
struct keyserver_spec *keyserver;
2570
keyserver=parse_keyserver_uri(pargs.r.ret_str,0,
2571
configname,configlineno);
2572
if(!keyserver)
2573
log_error(_("could not parse keyserver URL\n"));
2574
else
2575
{
2576
keyserver->next=opt.keyserver;
2577
opt.keyserver=keyserver;
2578
}
2579
}
2580
break;
2581
case oKeyServerOptions:
2582
if(!parse_keyserver_options(pargs.r.ret_str))
2583
{
2584
if(configname)
2585
log_error(_("%s:%d: invalid keyserver options\n"),
2586
configname,configlineno);
2587
else
2588
log_error(_("invalid keyserver options\n"));
2589
}
2590
break;
2591
case oImportOptions:
2592
if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
2593
{
2594
if(configname)
2595
log_error(_("%s:%d: invalid import options\n"),
2596
configname,configlineno);
2597
else
2598
log_error(_("invalid import options\n"));
2599
}
2600
break;
2601
case oExportOptions:
2602
if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
2603
{
2604
if(configname)
2605
log_error(_("%s:%d: invalid export options\n"),
2606
configname,configlineno);
2607
else
2608
log_error(_("invalid export options\n"));
2609
}
2610
break;
2611
case oListOptions:
2612
if(!parse_list_options(pargs.r.ret_str))
2613
{
2614
if(configname)
2615
log_error(_("%s:%d: invalid list options\n"),
2616
configname,configlineno);
2617
else
2618
log_error(_("invalid list options\n"));
2619
}
2620
break;
2621
case oVerifyOptions:
2622
{
2623
struct parse_options vopts[]=
2624
{
2625
{"show-photos",VERIFY_SHOW_PHOTOS,NULL,
2626
N_("display photo IDs during signature verification")},
2627
{"show-policy-urls",VERIFY_SHOW_POLICY_URLS,NULL,
2628
N_("show policy URLs during signature verification")},
2629
{"show-notations",VERIFY_SHOW_NOTATIONS,NULL,
2630
N_("show all notations during signature verification")},
2631
{"show-std-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
2632
N_("show IETF standard notations during signature verification")},
2633
{"show-standard-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
2634
NULL},
2635
{"show-user-notations",VERIFY_SHOW_USER_NOTATIONS,NULL,
2636
N_("show user-supplied notations during signature verification")},
2637
{"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS,NULL,
2638
N_("show preferred keyserver URLs during signature verification")},
2639
{"show-uid-validity",VERIFY_SHOW_UID_VALIDITY,NULL,
2640
N_("show user ID validity during signature verification")},
2641
{"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
2642
N_("show revoked and expired user IDs in signature verification")},
2643
{"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
2644
N_("show only the primary user ID in signature verification")},
2645
{"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
2646
N_("validate signatures with PKA data")},
2647
{"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
2648
N_("elevate the trust of signatures with valid PKA data")},
2649
{NULL,0,NULL,NULL}
2650
};
2651
2652
if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
2653
{
2654
if(configname)
2655
log_error(_("%s:%d: invalid verify options\n"),
2656
configname,configlineno);
2657
else
2658
log_error(_("invalid verify options\n"));
2659
}
2660
}
2661
break;
2662
case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
2663
case oExecPath:
2664
if(set_exec_path(pargs.r.ret_str))
2665
log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
2666
else
2667
opt.exec_path_set=1;
2668
break;
2669
case oSetNotation:
2670
add_notation_data( pargs.r.ret_str, 0 );
2671
add_notation_data( pargs.r.ret_str, 1 );
2672
break;
2673
case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
2674
case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
2675
case oShowNotation:
2676
deprecated_warning(configname,configlineno,"--show-notation",
2677
"--list-options ","show-notations");
2678
deprecated_warning(configname,configlineno,"--show-notation",
2679
"--verify-options ","show-notations");
2680
opt.list_options|=LIST_SHOW_NOTATIONS;
2681
opt.verify_options|=VERIFY_SHOW_NOTATIONS;
2682
break;
2683
case oNoShowNotation:
2684
deprecated_warning(configname,configlineno,"--no-show-notation",
2685
"--list-options ","no-show-notations");
2686
deprecated_warning(configname,configlineno,"--no-show-notation",
2687
"--verify-options ","no-show-notations");
2688
opt.list_options&=~LIST_SHOW_NOTATIONS;
2689
opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
2690
break;
959
2691
case oUtf8Strings: utf8_strings = 1; break;
960
2692
case oNoUtf8Strings: utf8_strings = 0; break;
961
case oDisableCipherAlgo: {
962
int algo = gcry_cipher_map_name(pargs.r.ret_str);
963
gcry_cipher_ctl( NULL, GCRYCTL_DISABLE_ALGO,
964
&algo, sizeof algo );
965
}
966
break;
967
case oDisablePubkeyAlgo: {
968
int algo = gcry_pk_map_name(pargs.r.ret_str);
969
gcry_pk_ctl( GCRYCTL_DISABLE_ALGO,
970
&algo, sizeof algo );
971
}
972
break;
2693
case oDisableCipherAlgo:
2694
{
2695
int algo = string_to_cipher_algo (pargs.r.ret_str);
2696
gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
2697
}
2698
break;
2699
case oDisablePubkeyAlgo:
2700
{
2701
int algo = gcry_pk_map_name (pargs.r.ret_str);
2702
gcry_pk_ctl (GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
2703
}
2704
break;
2705
case oNoSigCache: opt.no_sig_cache = 1; break;
2706
case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
973
2707
case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
2708
case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
974
2709
case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
2710
case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
975
2711
case oNoLiteral: opt.no_literal = 1; break;
976
2712
case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
977
case oHonorHttpProxy: opt.honor_http_proxy = 1; break;
2713
case oHonorHttpProxy:
2714
add_to_strlist(&opt.keyserver_options.other,"http-proxy");
2715
deprecated_warning(configname,configlineno,
2716
"--honor-http-proxy",
2717
"--keyserver-options ","http-proxy");
2718
break;
978
2719
case oFastListMode: opt.fast_list_mode = 1; break;
2720
case oFixedListMode: opt.fixed_list_mode = 1; break;
979
2721
case oListOnly: opt.list_only=1; break;
980
2722
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
2723
case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
2724
case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
2725
case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
981
2726
case oNoRandomSeedFile: use_random_seed = 0; break;
982
case oNoAutoKeyRetrieve: opt.auto_key_retrieve = 0; break;
983
case oMergeOnly: opt.merge_only = 1; break;
2727
case oAutoKeyRetrieve:
2728
case oNoAutoKeyRetrieve:
2729
if(pargs.r_opt==oAutoKeyRetrieve)
2730
opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
2731
else
2732
opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
2733
2734
deprecated_warning(configname,configlineno,
2735
pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve":
2736
"--no-auto-key-retrieve","--keyserver-options ",
2737
pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve":
2738
"no-auto-key-retrieve");
2739
break;
2740
case oShowSessionKey: opt.show_session_key = 1; break;
2741
case oOverrideSessionKey:
2742
opt.override_session_key = pargs.r.ret_str;
2743
break;
2744
case oMergeOnly:
2745
deprecated_warning(configname,configlineno,"--merge-only",
2746
"--import-options ","merge-only");
2747
opt.import_options|=IMPORT_MERGE_ONLY;
2748
break;
2749
case oAllowSecretKeyImport: /* obsolete */ break;
984
2750
case oTryAllSecrets: opt.try_all_secrets = 1; break;
985
2751
case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
2752
case oEnableSpecialFilenames:
2753
iobuf_enable_special_filenames (1);
2754
break;
2755
case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
2756
case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
2757
case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
2758
case oPreservePermissions: opt.preserve_permissions=1; break;
2759
case oDefaultPreferenceList:
2760
opt.def_preference_list = pargs.r.ret_str;
2761
break;
2762
case oDefaultKeyserverURL:
2763
{
2764
struct keyserver_spec *keyserver;
2765
keyserver=parse_keyserver_uri(pargs.r.ret_str,1,
2766
configname,configlineno);
2767
if(!keyserver)
2768
log_error(_("could not parse keyserver URL\n"));
2769
else
2770
free_keyserver_spec(keyserver);
2771
2772
opt.def_keyserver_url = pargs.r.ret_str;
2773
}
2774
break;
2775
case oPersonalCipherPreferences:
2776
pers_cipher_list=pargs.r.ret_str;
2777
break;
2778
case oPersonalDigestPreferences:
2779
pers_digest_list=pargs.r.ret_str;
2780
break;
2781
case oPersonalCompressPreferences:
2782
pers_compress_list=pargs.r.ret_str;
2783
break;
2784
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
2785
case oDisplay: opt.display = pargs.r.ret_str; break;
2786
case oTTYname: opt.ttyname = pargs.r.ret_str; break;
2787
case oTTYtype: opt.ttytype = pargs.r.ret_str; break;
2788
case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
2789
case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
2790
case oXauthority: opt.xauthority = pargs.r.ret_str; break;
2791
case oGroup: add_group(pargs.r.ret_str); break;
2792
case oUnGroup: rm_group(pargs.r.ret_str); break;
2793
case oNoGroups:
2794
while(opt.grouplist)
2795
{
2796
struct groupitem *iter=opt.grouplist;
2797
free_strlist(iter->values);
2798
opt.grouplist=opt.grouplist->next;
2799
xfree(iter);
2800
}
2801
break;
2802
2803
case oStrict:
2804
case oNoStrict:
2805
/* Not used */
2806
break;
2807
2808
case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
2809
case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
2810
case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
2811
case oMultifile: multifile=1; break;
2812
case oKeyidFormat:
2813
if(ascii_strcasecmp(pargs.r.ret_str,"short")==0)
2814
opt.keyid_format=KF_SHORT;
2815
else if(ascii_strcasecmp(pargs.r.ret_str,"long")==0)
2816
opt.keyid_format=KF_LONG;
2817
else if(ascii_strcasecmp(pargs.r.ret_str,"0xshort")==0)
2818
opt.keyid_format=KF_0xSHORT;
2819
else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
2820
opt.keyid_format=KF_0xLONG;
2821
else
2822
log_error("unknown keyid-format `%s'\n",pargs.r.ret_str);
2823
break;
2824
2825
case oExitOnStatusWriteError:
2826
opt.exit_on_status_write_error = 1;
2827
break;
2828
2829
case oLimitCardInsertTries:
2830
opt.limit_card_insert_tries = pargs.r.ret_int;
2831
break;
2832
2833
case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
2834
case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
2835
2836
case oAutoKeyLocate:
2837
if(!parse_auto_key_locate(pargs.r.ret_str))
2838
{
2839
if(configname)
2840
log_error(_("%s:%d: invalid auto-key-locate list\n"),
2841
configname,configlineno);
2842
else
2843
log_error(_("invalid auto-key-locate list\n"));
2844
}
2845
break;
2846
case oNoAutoKeyLocate:
2847
release_akl();
2848
break;
2849
2850
case oEnableDSA2: opt.flags.dsa2=1; break;
2851
case oDisableDSA2: opt.flags.dsa2=0; break;
2852
2853
case oAllowMultisigVerification:
2854
case oAllowMultipleMessages:
2855
opt.flags.allow_multiple_messages=1;
2856
break;
2857
2858
case oNoAllowMultipleMessages:
2859
opt.flags.allow_multiple_messages=0;
2860
break;
2861
2862
case oNoop: break;
986
2863
987
2864
default : pargs.err = configfp? 1:2; break;
988
}
989
}
2865
}
2866
}
2867
2868
990
2869
if( configfp ) {
991
2870
fclose( configfp );
992
2871
configfp = NULL;
993
gcry_free(configname); configname = NULL;
2872
/* Remember the first config file name. */
2873
if (!save_configname)
2874
save_configname = configname;
2875
else
2876
xfree(configname);
2877
configname = NULL;
994
2878
goto next_pass;
995
2879
}
996
gcry_free( configname ); configname = NULL;
2880
xfree( configname ); configname = NULL;
997
2881
if( log_get_errorcount(0) )
998
gpg_exit(2);
2882
g10_exit(2);
2883
2884
/* The command --gpgconf-list is pretty simple and may be called
2885
directly after the option parsing. */
2886
if (cmd == aGPGConfList)
2887
{
2888
gpgconf_list (save_configname ? save_configname : default_configname);
2889
g10_exit (0);
2890
}
2891
xfree (save_configname);
2892
xfree (default_configname);
2893
999
2894
if( nogreeting )
1000
2895
greeting = 0;
1001
2896
1004
2899
strusage(11), strusage(13), strusage(14) );
1005
2900
fprintf(stderr, "%s\n", strusage(15) );
1006
2901
}
1007
#ifdef IS_DEVELOPMENT_VERSION
1008
if( !opt.batch ) {
1009
log_info("NOTE: THIS IS A DEVELOPMENT VERSION!\n");
1010
log_info("It is only intended for test purposes and should NOT be\n");
1011
log_info("used in a production environment or with production keys!\n");
1012
}
1013
#endif
2902
#ifdef IS_DEVELOPMENT_VERSION
2903
if( !opt.batch )
2904
{
2905
const char *s;
2906
2907
if((s=strusage(20)))
2908
log_info("%s\n",s);
2909
if((s=strusage(21)))
2910
log_info("%s\n",s);
2911
if((s=strusage(22)))
2912
log_info("%s\n",s);
2913
}
2914
#endif
2915
2916
/* FIXME: We should use logging to a file only in server mode;
2917
however we have not yet implemetyed that. Thus we try to get
2918
away with --batch as indication for logging to file
2919
required. */
2920
if (logfile && opt.batch)
2921
{
2922
log_set_file (logfile);
2923
log_set_prefix (NULL, 1|2|4);
2924
}
2925
2926
#ifdef USE_CAMELLIA
2927
/* We better also print a runtime warning if people build it with
2928
support for Camellia (which is not yet defined by OpenPGP). */
2929
log_info ("WARNING: This version has been built with support for the "
2930
"Camellia cipher.\n");
2931
log_info (" It is for testing only and is NOT for production "
2932
"use!\n");
2933
#endif
2934
2935
if (opt.verbose > 2)
2936
log_info ("using character set `%s'\n", get_native_charset ());
1014
2937
1015
2938
if( may_coredump && !opt.quiet )
1016
2939
log_info(_("WARNING: program may create a core file!\n"));
1017
2940
2941
if (eyes_only) {
2942
if (opt.set_filename)
2943
log_info(_("WARNING: %s overrides %s\n"),
2944
"--for-your-eyes-only","--set-filename");
2945
2946
opt.set_filename="_CONSOLE";
2947
}
2948
1018
2949
if (opt.no_literal) {
1019
2950
log_info(_("NOTE: %s is not for normal use!\n"), "--no-literal");
1020
2951
if (opt.textmode)
1022
2953
"--textmode", "--no-literal" );
1023
2954
if (opt.set_filename)
1024
2955
log_error(_("%s makes no sense with %s!\n"),
1025
"--set-filename", "--no-literal" );
2956
eyes_only?"--for-your-eyes-only":"--set-filename",
2957
"--no-literal" );
1026
2958
}
2959
2960
1027
2961
if (opt.set_filesize)
1028
2962
log_info(_("NOTE: %s is not for normal use!\n"), "--set-filesize");
1029
2963
if( opt.batch )
1030
2964
tty_batchmode( 1 );
1031
2965
1032
gcry_control( GCRYCTL_RESUME_SECMEM_WARN );
1033
1034
set_debug();
1035
/* FIXME: should set filenames of libgcrypt explicitly
1036
* gpg_opt_homedir = opt.homedir; */
1037
1038
/* must do this after dropping setuid, because string_to...
1039
* may try to load an module */
2966
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
2967
2968
if(require_secmem && !got_secmem)
2969
{
2970
log_info(_("will not run with insecure memory due to %s\n"),
2971
"--require-secmem");
2972
g10_exit(2);
2973
}
2974
2975
set_debug (debug_level);
2976
2977
/* Do these after the switch(), so they can override settings. */
2978
if(PGP2)
2979
{
2980
int unusable=0;
2981
2982
if(cmd==aSign && !detached_sig)
2983
{
2984
log_info(_("you can only make detached or clear signatures "
2985
"while in --pgp2 mode\n"));
2986
unusable=1;
2987
}
2988
else if(cmd==aSignEncr || cmd==aSignSym)
2989
{
2990
log_info(_("you can't sign and encrypt at the "
2991
"same time while in --pgp2 mode\n"));
2992
unusable=1;
2993
}
2994
else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
2995
{
2996
log_info(_("you must use files (and not a pipe) when "
2997
"working with --pgp2 enabled.\n"));
2998
unusable=1;
2999
}
3000
else if(cmd==aEncr || cmd==aSym)
3001
{
3002
/* Everything else should work without IDEA (except using
3003
a secret key encrypted with IDEA and setting an IDEA
3004
preference, but those have their own error
3005
messages). */
3006
3007
if (openpgp_cipher_test_algo(CIPHER_ALGO_IDEA))
3008
{
3009
log_info(_("encrypting a message in --pgp2 mode requires "
3010
"the IDEA cipher\n"));
3011
idea_cipher_warn(1);
3012
unusable=1;
3013
}
3014
else if(cmd==aSym)
3015
{
3016
/* This only sets IDEA for symmetric encryption
3017
since it is set via select_algo_from_prefs for
3018
pk encryption. */
3019
xfree(def_cipher_string);
3020
def_cipher_string = xstrdup("idea");
3021
}
3022
3023
/* PGP2 can't handle the output from the textmode
3024
filter, so we disable it for anything that could
3025
create a literal packet (only encryption and
3026
symmetric encryption, since we disable signing
3027
above). */
3028
if(!unusable)
3029
opt.textmode=0;
3030
}
3031
3032
if(unusable)
3033
compliance_failure();
3034
else
3035
{
3036
opt.force_v4_certs = 0;
3037
opt.escape_from = 1;
3038
opt.force_v3_sigs = 1;
3039
opt.pgp2_workarounds = 1;
3040
opt.ask_sig_expire = 0;
3041
opt.ask_cert_expire = 0;
3042
xfree(def_digest_string);
3043
def_digest_string = xstrdup("md5");
3044
xfree(s2k_digest_string);
3045
s2k_digest_string = xstrdup("md5");
3046
opt.compress_algo = COMPRESS_ALGO_ZIP;
3047
}
3048
}
3049
else if(PGP6)
3050
{
3051
opt.escape_from=1;
3052
opt.force_v3_sigs=1;
3053
opt.ask_sig_expire=0;
3054
}
3055
else if(PGP7)
3056
{
3057
opt.escape_from=1;
3058
opt.force_v3_sigs=1;
3059
opt.ask_sig_expire=0;
3060
}
3061
else if(PGP8)
3062
{
3063
opt.escape_from=1;
3064
}
3065
3066
1040
3067
if( def_cipher_string ) {
1041
opt.def_cipher_algo = gcry_cipher_map_name(def_cipher_string);
1042
gcry_free(def_cipher_string); def_cipher_string = NULL;
1043
if( openpgp_cipher_test_algo(opt.def_cipher_algo) )
3068
opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
3069
if(opt.def_cipher_algo==0 &&
3070
(ascii_strcasecmp(def_cipher_string,"idea")==0
3071
|| ascii_strcasecmp(def_cipher_string,"s1")==0))
3072
idea_cipher_warn(1);
3073
xfree(def_cipher_string); def_cipher_string = NULL;
3074
if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
1044
3075
log_error(_("selected cipher algorithm is invalid\n"));
1045
3076
}
1046
3077
if( def_digest_string ) {
1047
opt.def_digest_algo = gcry_md_map_name(def_digest_string);
1048
gcry_free(def_digest_string); def_digest_string = NULL;
1049
if( openpgp_md_test_algo(opt.def_digest_algo) )
3078
opt.def_digest_algo = string_to_digest_algo (def_digest_string);
3079
xfree(def_digest_string); def_digest_string = NULL;
3080
if ( openpgp_md_test_algo (opt.def_digest_algo) )
1050
3081
log_error(_("selected digest algorithm is invalid\n"));
1051
3082
}
3083
if( compress_algo_string ) {
3084
opt.compress_algo = string_to_compress_algo(compress_algo_string);
3085
xfree(compress_algo_string); compress_algo_string = NULL;
3086
if( check_compress_algo(opt.compress_algo) )
3087
log_error(_("selected compression algorithm is invalid\n"));
3088
}
3089
if( cert_digest_string ) {
3090
opt.cert_digest_algo = string_to_digest_algo (cert_digest_string);
3091
xfree(cert_digest_string); cert_digest_string = NULL;
3092
if (openpgp_md_test_algo(opt.cert_digest_algo))
3093
log_error(_("selected certification digest algorithm is invalid\n"));
3094
}
1052
3095
if( s2k_cipher_string ) {
1053
opt.s2k_cipher_algo = gcry_cipher_map_name(s2k_cipher_string);
1054
gcry_free(s2k_cipher_string); s2k_cipher_string = NULL;
1055
if( openpgp_cipher_test_algo(opt.s2k_cipher_algo) )
1056
log_error(_("selected cipher algorithm is invalid\n"));
3096
opt.s2k_cipher_algo = string_to_cipher_algo (s2k_cipher_string);
3097
xfree(s2k_cipher_string); s2k_cipher_string = NULL;
3098
if (openpgp_cipher_test_algo (opt.s2k_cipher_algo))
3099
log_error(_("selected cipher algorithm is invalid\n"));
1057
3100
}
1058
3101
if( s2k_digest_string ) {
1059
opt.s2k_digest_algo = gcry_md_map_name(s2k_digest_string);
1060
gcry_free(s2k_digest_string); s2k_digest_string = NULL;
1061
if( openpgp_md_test_algo(opt.s2k_digest_algo) )
1062
log_error(_("selected digest algorithm is invalid\n"));
1063
}
1064
if( opt.set_policy_url ) {
1065
if( check_policy_url( opt.set_policy_url ) )
1066
log_error(_("the given policy URL is invalid\n"));
1067
}
1068
if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 )
1069
log_error(_("compress algorithm must be in range %d..%d\n"), 1, 2);
3102
opt.s2k_digest_algo = string_to_digest_algo (s2k_digest_string);
3103
xfree(s2k_digest_string); s2k_digest_string = NULL;
3104
if (openpgp_md_test_algo(opt.s2k_digest_algo))
3105
log_error(_("selected digest algorithm is invalid\n"));
3106
}
1070
3107
if( opt.completes_needed < 1 )
1071
log_error(_("completes-needed must be greater than 0\n"));
3108
log_error(_("completes-needed must be greater than 0\n"));
1072
3109
if( opt.marginals_needed < 2 )
1073
log_error(_("marginals-needed must be greater than 1\n"));
3110
log_error(_("marginals-needed must be greater than 1\n"));
1074
3111
if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
1075
log_error(_("max-cert-depth must be in range 1 to 255\n"));
3112
log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
3113
if(opt.def_cert_level<0 || opt.def_cert_level>3)
3114
log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
3115
if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
3116
log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
1076
3117
switch( opt.s2k_mode ) {
1077
3118
case 0:
1078
3119
log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
1082
3123
log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
1083
3124
}
1084
3125
3126
/* This isn't actually needed, but does serve to error out if the
3127
string is invalid. */
3128
if(opt.def_preference_list &&
3129
keygen_set_std_prefs(opt.def_preference_list,0))
3130
log_error(_("invalid default preferences\n"));
3131
3132
/* We provide defaults for the personal digest list. This is
3133
SHA-1. */
3134
if(!pers_digest_list)
3135
pers_digest_list="h2";
3136
3137
if(pers_cipher_list &&
3138
keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
3139
log_error(_("invalid personal cipher preferences\n"));
3140
3141
if(pers_digest_list &&
3142
keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
3143
log_error(_("invalid personal digest preferences\n"));
3144
3145
if(pers_compress_list &&
3146
keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
3147
log_error(_("invalid personal compress preferences\n"));
3148
3149
/* We don't support all possible commands with multifile yet */
3150
if(multifile)
3151
{
3152
char *cmdname;
3153
3154
switch(cmd)
3155
{
3156
case aSign:
3157
cmdname="--sign";
3158
break;
3159
case aClearsign:
3160
cmdname="--clearsign";
3161
break;
3162
case aDetachedSign:
3163
cmdname="--detach-sign";
3164
break;
3165
case aSym:
3166
cmdname="--symmetric";
3167
break;
3168
case aEncrSym:
3169
cmdname="--symmetric --encrypt";
3170
break;
3171
case aStore:
3172
cmdname="--store";
3173
break;
3174
default:
3175
cmdname=NULL;
3176
break;
3177
}
3178
3179
if(cmdname)
3180
log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
3181
}
1085
3182
1086
3183
if( log_get_errorcount(0) )
1087
gpg_exit(2);
1088
1089
/* set the random seed file */
3184
g10_exit(2);
3185
3186
if(opt.compress_level==0)
3187
opt.compress_algo=COMPRESS_ALGO_NONE;
3188
3189
/* Check our chosen algorithms against the list of legal
3190
algorithms. */
3191
3192
if(!GNUPG)
3193
{
3194
const char *badalg=NULL;
3195
preftype_t badtype=PREFTYPE_NONE;
3196
3197
if(opt.def_cipher_algo
3198
&& !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
3199
{
3200
badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
3201
badtype = PREFTYPE_SYM;
3202
}
3203
else if(opt.def_digest_algo
3204
&& !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
3205
{
3206
badalg = gcry_md_algo_name (opt.def_digest_algo);
3207
badtype = PREFTYPE_HASH;
3208
}
3209
else if(opt.cert_digest_algo
3210
&& !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
3211
{
3212
badalg = gcry_md_algo_name (opt.cert_digest_algo);
3213
badtype = PREFTYPE_HASH;
3214
}
3215
else if(opt.compress_algo!=-1
3216
&& !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
3217
{
3218
badalg = compress_algo_to_string(opt.compress_algo);
3219
badtype = PREFTYPE_ZIP;
3220
}
3221
3222
if(badalg)
3223
{
3224
switch(badtype)
3225
{
3226
case PREFTYPE_SYM:
3227
log_info(_("you may not use cipher algorithm `%s'"
3228
" while in %s mode\n"),
3229
badalg,compliance_option_string());
3230
break;
3231
case PREFTYPE_HASH:
3232
log_info(_("you may not use digest algorithm `%s'"
3233
" while in %s mode\n"),
3234
badalg,compliance_option_string());
3235
break;
3236
case PREFTYPE_ZIP:
3237
log_info(_("you may not use compression algorithm `%s'"
3238
" while in %s mode\n"),
3239
badalg,compliance_option_string());
3240
break;
3241
default:
3242
BUG();
3243
}
3244
3245
compliance_failure();
3246
}
3247
}
3248
3249
/* Set the random seed file. */
1090
3250
if( use_random_seed ) {
1091
3251
char *p = make_filename(opt.homedir, "random_seed", NULL );
1092
#if 0
1093
#warning set_random_seed_file missing
1094
set_random_seed_file(p);
1095
#endif
1096
gcry_free(p);
3252
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
3253
if (!access (p, F_OK))
3254
register_secured_file (p);
3255
xfree(p);
1097
3256
}
1098
3257
1099
3258
if( !cmd && opt.fingerprint && !with_fpr ) {
1100
3259
set_cmd( &cmd, aListKeys);
1101
3260
}
1102
3261
1103
if( cmd == aKMode || cmd == aKModeC ) { /* kludge to be compatible to pgp */
1104
if( cmd == aKModeC ) {
1105
opt.fingerprint = 1;
1106
cmd = aKMode;
1107
}
1108
opt.list_sigs = 0;
1109
if( opt.verbose > 2 )
1110
opt.check_sigs++;
1111
if( opt.verbose > 1 )
1112
opt.list_sigs++;
1113
1114
opt.verbose = opt.verbose > 1;
1115
gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose );
1116
}
1117
1118
1119
3262
/* kludge to let -sat generate a clear text signature */
1120
3263
if( opt.textmode == 2 && !detached_sig && opt.armor && cmd == aSign )
3264
{
3265
log_info ("compatibility note:\n");
3266
log_info ("\"-sat\" won't generate clear signed messages in "
3267
"future versions\n");
3268
log_info ("Use \"--clearsign\" instead of \"-sat\"\n");
1121
3269
cmd = aClearsign;
3270
}
1122
3271
1123
3272
if( opt.verbose > 1 )
1124
3273
set_packet_list_mode(1);
1125
3274
1126
/* add the keyrings, but not for some special commands and
1127
* not in case of "-kvv userid keyring" */
1128
if( cmd != aDeArmor && cmd != aEnArmor
1129
&& !(cmd == aKMode && argc == 2 ) ) {
1130
1131
if( !sec_nrings && default_keyring ) /* add default secret rings */
1132
add_keyblock_resource("secring.gpg", 0, 1);
1133
for(sl = sec_nrings; sl; sl = sl->next )
1134
add_keyblock_resource( sl->d, 0, 1 );
1135
if( !nrings && default_keyring ) /* add default ring */
1136
add_keyblock_resource("pubring.gpg", 0, 0);
3275
/* Add the keyrings, but not for some special commands. Also
3276
avoid adding the secret keyring for a couple of commands to
3277
avoid unneeded access in case the secrings are stored on a
3278
floppy.
3279
3280
We always need to add the keyrings if we are running under
3281
SELinux, this is so that the rings are added to the list of
3282
secured files. */
3283
if( ALWAYS_ADD_KEYRINGS
3284
|| (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
3285
{
3286
if (ALWAYS_ADD_KEYRINGS
3287
|| (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
3288
&& cmd != aVerify && cmd != aSym))
3289
{
3290
if (!sec_nrings || default_keyring) /* add default secret rings */
3291
keydb_add_resource ("secring" EXTSEP_S "gpg", 4, 1);
3292
for (sl = sec_nrings; sl; sl = sl->next)
3293
keydb_add_resource ( sl->d, 0, 1 );
3294
}
3295
if( !nrings || default_keyring ) /* add default ring */
3296
keydb_add_resource ("pubring" EXTSEP_S "gpg", 4, 0);
1137
3297
for(sl = nrings; sl; sl = sl->next )
1138
add_keyblock_resource( sl->d, 0, 0 );
1139
}
3298
keydb_add_resource ( sl->d, sl->flags, 0 );
3299
}
1140
3300
FREE_STRLIST(nrings);
1141
3301
FREE_STRLIST(sec_nrings);
1142
3302
1143
1144
if( pwfd != -1 ) /* read the passphrase now. */
3303
if (cmd == aGPGConfTest)
3304
g10_exit(0);
3305
3306
3307
if( pwfd != -1 ) /* Read the passphrase now. */
1145
3308
read_passphrase_from_fd( pwfd );
1146
3309
1147
3310
fname = argc? *argv : NULL;
1148
3311
3312
if(fname && utf8_strings)
3313
opt.flags.utf8_filename=1;
3314
1149
3315
switch( cmd ) {
1150
3316
case aPrimegen:
1151
3317
case aPrintMD:
1152
3318
case aPrintMDs:
1153
case aPrintHMAC:
1154
3319
case aGenRandom:
1155
3320
case aDeArmor:
1156
3321
case aEnArmor:
1157
3322
case aFixTrustDB:
1158
3323
break;
1159
case aKMode:
1160
case aListKeys:
1161
case aListSecretKeys:
1162
case aCheckKeys:
1163
if( opt.with_colons ) /* need this to list the trust */
1164
rc = setup_trustdb(1, trustdb_name );
1165
break;
1166
3324
case aExportOwnerTrust: rc = setup_trustdb( 0, trustdb_name ); break;
1167
3325
case aListTrustDB: rc = setup_trustdb( argc? 1:0, trustdb_name ); break;
1168
3326
default: rc = setup_trustdb(1, trustdb_name ); break;
1169
3327
}
1170
3328
if( rc )
1171
log_error(_("failed to initialize the TrustDB: %s\n"), gpg_errstr(rc));
1172
1173
1174
switch( cmd ) {
3329
log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
3330
3331
3332
switch (cmd)
3333
{
3334
case aStore:
3335
case aSym:
3336
case aSign:
3337
case aSignSym:
3338
case aClearsign:
3339
if (!opt.quiet && any_explicit_recipient)
3340
log_info (_("WARNING: recipients (-r) given "
3341
"without using public key encryption\n"));
3342
break;
3343
default:
3344
break;
3345
}
3346
3347
switch( cmd )
3348
{
3349
case aServer:
3350
{
3351
ctrl_t ctrl = xtrycalloc (1, sizeof *ctrl);
3352
gpg_init_default_ctrl (ctrl);
3353
gpg_server (ctrl);
3354
gpg_deinit_default_ctrl (ctrl);
3355
xfree (ctrl);
3356
}
3357
break;
3358
1175
3359
case aStore: /* only store the file */
1176
3360
if( argc > 1 )
1177
3361
wrong_args(_("--store [filename]"));
1178
3362
if( (rc = encode_store(fname)) )
1179
log_error_f( print_fname_stdin(fname),
1180
"store failed: %s\n", gpg_errstr(rc) );
3363
log_error ("storing `%s' failed: %s\n",
3364
print_fname_stdin(fname),g10_errstr(rc) );
1181
3365
break;
1182
3366
case aSym: /* encrypt the given file only with the symmetric cipher */
1183
3367
if( argc > 1 )
1184
3368
wrong_args(_("--symmetric [filename]"));
1185
3369
if( (rc = encode_symmetric(fname)) )
1186
log_error_f(print_fname_stdin(fname),
1187
"symmetric encryption failed: %s\n",gpg_errstr(rc) );
3370
log_error (_("symmetric encryption of `%s' failed: %s\n"),
3371
print_fname_stdin(fname),g10_errstr(rc) );
1188
3372
break;
1189
3373
1190
3374
case aEncr: /* encrypt the given file */
3375
if(multifile)
3376
encode_crypt_files(argc, argv, remusr);
3377
else
3378
{
3379
if( argc > 1 )
3380
wrong_args(_("--encrypt [filename]"));
3381
if( (rc = encode_crypt(fname,remusr,0)) )
3382
log_error("%s: encryption failed: %s\n",
3383
print_fname_stdin(fname), g10_errstr(rc) );
3384
}
3385
break;
3386
3387
case aEncrSym:
3388
/* This works with PGP 8 in the sense that it acts just like a
3389
symmetric message. It doesn't work at all with 2 or 6. It
3390
might work with 7, but alas, I don't have a copy to test
3391
with right now. */
1191
3392
if( argc > 1 )
1192
wrong_args(_("--encrypt [filename]"));
1193
if( (rc = encode_crypt(fname,remusr)) )
1194
log_error("%s: encryption failed: %s\n", print_fname_stdin(fname), gpg_errstr(rc) );
3393
wrong_args(_("--symmetric --encrypt [filename]"));
3394
else if(opt.s2k_mode==0)
3395
log_error(_("you cannot use --symmetric --encrypt"
3396
" with --s2k-mode 0\n"));
3397
else if(PGP2 || PGP6 || PGP7 || RFC1991)
3398
log_error(_("you cannot use --symmetric --encrypt"
3399
" while in %s mode\n"),compliance_option_string());
3400
else
3401
{
3402
if( (rc = encode_crypt(fname,remusr,1)) )
3403
log_error("%s: encryption failed: %s\n",
3404
print_fname_stdin(fname), g10_errstr(rc) );
3405
}
1195
3406
break;
1196
3407
1197
3408
case aSign: /* sign the given file */
1204
3415
if( argc > 1 )
1205
3416
wrong_args(_("--sign [filename]"));
1206
3417
if( argc ) {
1207
sl = gcry_xcalloc( 1, sizeof *sl + strlen(fname));
3418
sl = xmalloc_clear( sizeof *sl + strlen(fname));
1208
3419
strcpy(sl->d, fname);
1209
3420
}
1210
3421
}
1211
3422
if( (rc = sign_file( sl, detached_sig, locusr, 0, NULL, NULL)) )
1212
log_error("signing failed: %s\n", gpg_errstr(rc) );
3423
log_error("signing failed: %s\n", g10_errstr(rc) );
1213
3424
free_strlist(sl);
1214
3425
break;
1215
3426
1217
3428
if( argc > 1 )
1218
3429
wrong_args(_("--sign --encrypt [filename]"));
1219
3430
if( argc ) {
1220
sl = gcry_xcalloc( 1, sizeof *sl + strlen(fname));
3431
sl = xmalloc_clear( sizeof *sl + strlen(fname));
1221
3432
strcpy(sl->d, fname);
1222
3433
}
1223
3434
else
1224
3435
sl = NULL;
1225
3436
if( (rc = sign_file(sl, detached_sig, locusr, 1, remusr, NULL)) )
1226
log_error("%s: sign+encrypt failed: %s\n", print_fname_stdin(fname), gpg_errstr(rc) );
3437
log_error("%s: sign+encrypt failed: %s\n",
3438
print_fname_stdin(fname), g10_errstr(rc) );
1227
3439
free_strlist(sl);
1228
3440
break;
1229
3441
3442
case aSignEncrSym: /* sign and encrypt the given file */
3443
if( argc > 1 )
3444
wrong_args(_("--symmetric --sign --encrypt [filename]"));
3445
else if(opt.s2k_mode==0)
3446
log_error(_("you cannot use --symmetric --sign --encrypt"
3447
" with --s2k-mode 0\n"));
3448
else if(PGP2 || PGP6 || PGP7 || RFC1991)
3449
log_error(_("you cannot use --symmetric --sign --encrypt"
3450
" while in %s mode\n"),compliance_option_string());
3451
else
3452
{
3453
if( argc )
3454
{
3455
sl = xmalloc_clear( sizeof *sl + strlen(fname));
3456
strcpy(sl->d, fname);
3457
}
3458
else
3459
sl = NULL;
3460
if( (rc = sign_file(sl, detached_sig, locusr, 2, remusr, NULL)) )
3461
log_error("%s: symmetric+sign+encrypt failed: %s\n",
3462
print_fname_stdin(fname), g10_errstr(rc) );
3463
free_strlist(sl);
3464
}
3465
break;
3466
3467
case aSignSym: /* sign and conventionally encrypt the given file */
3468
if (argc > 1)
3469
wrong_args(_("--sign --symmetric [filename]"));
3470
rc = sign_symencrypt_file (fname, locusr);
3471
if (rc)
3472
log_error("%s: sign+symmetric failed: %s\n",
3473
print_fname_stdin(fname), g10_errstr(rc) );
3474
break;
3475
1230
3476
case aClearsign: /* make a clearsig */
1231
3477
if( argc > 1 )
1232
3478
wrong_args(_("--clearsign [filename]"));
1233
3479
if( (rc = clearsign_file(fname, locusr, NULL)) )
1234
log_error("%s: clearsign failed: %s\n", print_fname_stdin(fname), gpg_errstr(rc) );
3480
log_error("%s: clearsign failed: %s\n",
3481
print_fname_stdin(fname), g10_errstr(rc) );
1235
3482
break;
1236
3483
1237
3484
case aVerify:
1238
if( (rc = verify_signatures( argc, argv ) ))
1239
log_error("verify signatures failed: %s\n", gpg_errstr(rc) );
1240
break;
1241
1242
case aVerifyFiles:
1243
if( (rc = verify_files( argc, argv ) ))
1244
log_error("verify files failed: %s\n", gpg_errstr(rc) );
3485
if(multifile)
3486
{
3487
if( (rc = verify_files( argc, argv ) ))
3488
log_error("verify files failed: %s\n", g10_errstr(rc) );
3489
}
3490
else
3491
{
3492
if( (rc = verify_signatures( argc, argv ) ))
3493
log_error("verify signatures failed: %s\n", g10_errstr(rc) );
3494
}
1245
3495
break;
1246
3496
1247
3497
case aDecrypt:
1248
if( argc > 1 )
1249
wrong_args(_("--decrypt [filename]"));
1250
if( (rc = decrypt_message( fname ) ))
1251
log_error("decrypt_message failed: %s\n", gpg_errstr(rc) );
3498
if(multifile)
3499
decrypt_messages(argc, argv);
3500
else
3501
{
3502
if( argc > 1 )
3503
wrong_args(_("--decrypt [filename]"));
3504
if( (rc = decrypt_message( fname ) ))
3505
log_error("decrypt_message failed: %s\n", g10_errstr(rc) );
3506
}
1252
3507
break;
1253
1254
1255
case aSignKey: /* sign the key given as argument */
3508
3509
case aSignKey:
1256
3510
if( argc != 1 )
1257
wrong_args(_("--sign-key user-id"));
1258
username = make_username( fname );
1259
keyedit_menu(fname, locusr, NULL, 1 );
1260
gcry_free(username);
1261
break;
1262
3511
wrong_args(_("--sign-key user-id"));
3512
/* fall through */
1263
3513
case aLSignKey:
1264
3514
if( argc != 1 )
1265
wrong_args(_("--lsign-key user-id"));
3515
wrong_args(_("--lsign-key user-id"));
3516
/* fall through */
3517
3518
sl=NULL;
3519
3520
if(cmd==aSignKey)
3521
append_to_strlist(&sl,"sign");
3522
else if(cmd==aLSignKey)
3523
append_to_strlist(&sl,"lsign");
3524
else
3525
BUG();
3526
3527
append_to_strlist( &sl, "save" );
1266
3528
username = make_username( fname );
1267
keyedit_menu(fname, locusr, NULL, 2 );
1268
gcry_free(username);
3529
keyedit_menu(fname, locusr, sl, 0, 0 );
3530
xfree(username);
3531
free_strlist(sl);
1269
3532
break;
1270
3533
1271
3534
case aEditKey: /* Edit a key signature */
1276
3539
sl = NULL;
1277
3540
for( argc--, argv++ ; argc; argc--, argv++ )
1278
3541
append_to_strlist( &sl, *argv );
1279
keyedit_menu( username, locusr, sl, 0 );
3542
keyedit_menu( username, locusr, sl, 0, 1 );
1280
3543
free_strlist(sl);
1281
3544
}
1282
3545
else
1283
keyedit_menu(username, locusr, NULL, 0 );
1284
gcry_free(username);
1285
break;
1286
1287
case aDeleteSecretKey:
1288
if( argc != 1 )
1289
wrong_args(_("--delete-secret-key user-id"));
1290
case aDeleteKey:
1291
if( argc != 1 )
1292
wrong_args(_("--delete-key user-id"));
1293
username = make_username( fname );
1294
if( (rc = delete_key(username, cmd==aDeleteSecretKey)) )
1295
log_error("%s: delete key failed: %s\n", username, gpg_errstr(rc) );
1296
gcry_free(username);
1297
break;
1298
3546
keyedit_menu(username, locusr, NULL, 0, 1 );
3547
xfree(username);
3548
break;
3549
3550
case aDeleteKeys:
3551
case aDeleteSecretKeys:
3552
case aDeleteSecretAndPublicKeys:
3553
sl = NULL;
3554
/* I'm adding these in reverse order as add_to_strlist2
3555
reverses them again, and it's easier to understand in the
3556
proper order :) */
3557
for( ; argc; argc-- )
3558
add_to_strlist2( &sl, argv[argc-1], utf8_strings );
3559
delete_keys(sl,cmd==aDeleteSecretKeys,cmd==aDeleteSecretAndPublicKeys);
3560
free_strlist(sl);
3561
break;
1299
3562
1300
3563
case aCheckKeys:
1301
3564
opt.check_sigs = 1;
1316
3579
free_strlist(sl);
1317
3580
break;
1318
3581
1319
case aKMode: /* list keyring -- NOTE: This will be removed soon */
1320
if( argc < 2 ) { /* -kv [userid] */
1321
sl = NULL;
1322
if (argc && **argv)
1323
add_to_strlist2( &sl, *argv, utf8_strings );
1324
public_key_list( sl );
1325
free_strlist(sl);
1326
}
1327
else if( argc == 2 ) { /* -kv userid keyring */
1328
if( access( argv[1], R_OK ) ) {
1329
log_error(_("can't open %s: %s\n"),
1330
print_fname_stdin(argv[1]), strerror(errno));
1331
}
1332
else {
1333
/* add keyring (default keyrings are not registered in this
1334
* special case */
1335
add_keyblock_resource( argv[1], 0, 0 );
1336
sl = NULL;
1337
if (**argv)
1338
add_to_strlist2( &sl, *argv, utf8_strings );
1339
public_key_list( sl );
1340
free_strlist(sl);
1341
}
1342
}
1343
else
1344
wrong_args(_("-k[v][v][v][c] [user-id] [keyring]") );
1345
break;
1346
1347
3582
case aKeygen: /* generate a key */
1348
3583
if( opt.batch ) {
1349
3584
if( argc > 1 )
1350
3585
wrong_args("--gen-key [parameterfile]");
1351
generate_keypair( argc? *argv : NULL );
3586
generate_keypair( argc? *argv : NULL, NULL, NULL );
1352
3587
}
1353
3588
else {
1354
3589
if( argc )
1355
3590
wrong_args("--gen-key");
1356
generate_keypair(NULL);
3591
generate_keypair(NULL, NULL, NULL);
1357
3592
}
1358
3593
break;
1359
3594
1360
3595
case aFastImport:
3596
opt.import_options |= IMPORT_FAST;
1361
3597
case aImport:
1362
import_keys( argc? argv:NULL, argc, (cmd == aFastImport) );
3598
import_keys( argc? argv:NULL, argc, NULL, opt.import_options );
1363
3599
break;
1364
3600
3601
/* TODO: There are a number of command that use this same
3602
"make strlist, call function, report error, free strlist"
3603
pattern. Join them together here and avoid all that
3604
duplicated code. */
3605
1365
3606
case aExport:
1366
case aExportAll:
1367
3607
case aSendKeys:
1368
3608
case aRecvKeys:
1369
3609
sl = NULL;
1370
3610
for( ; argc; argc--, argv++ )
1371
add_to_strlist2( &sl, *argv, utf8_strings );
3611
append_to_strlist2( &sl, *argv, utf8_strings );
1372
3612
if( cmd == aSendKeys )
1373
hkp_export( sl );
3613
rc=keyserver_export( sl );
1374
3614
else if( cmd == aRecvKeys )
1375
hkp_import( sl );
3615
rc=keyserver_import( sl );
1376
3616
else
1377
export_pubkeys( sl, (cmd == aExport) );
3617
rc=export_pubkeys( sl, opt.export_options );
3618
if(rc)
3619
{
3620
if(cmd==aSendKeys)
3621
log_error(_("keyserver send failed: %s\n"),g10_errstr(rc));
3622
else if(cmd==aRecvKeys)
3623
log_error(_("keyserver receive failed: %s\n"),g10_errstr(rc));
3624
else
3625
log_error(_("key export failed: %s\n"),g10_errstr(rc));
3626
}
3627
free_strlist(sl);
3628
break;
3629
3630
case aSearchKeys:
3631
sl = NULL;
3632
for( ; argc; argc--, argv++ )
3633
append_to_strlist2( &sl, *argv, utf8_strings );
3634
rc=keyserver_search( sl );
3635
if(rc)
3636
log_error(_("keyserver search failed: %s\n"),g10_errstr(rc));
3637
free_strlist(sl);
3638
break;
3639
3640
case aRefreshKeys:
3641
sl = NULL;
3642
for( ; argc; argc--, argv++ )
3643
append_to_strlist2( &sl, *argv, utf8_strings );
3644
rc=keyserver_refresh(sl);
3645
if(rc)
3646
log_error(_("keyserver refresh failed: %s\n"),g10_errstr(rc));
3647
free_strlist(sl);
3648
break;
3649
3650
case aFetchKeys:
3651
sl = NULL;
3652
for( ; argc; argc--, argv++ )
3653
append_to_strlist2( &sl, *argv, utf8_strings );
3654
rc=keyserver_fetch(sl);
3655
if(rc)
3656
log_error("key fetch failed: %s\n",g10_errstr(rc));
1378
3657
free_strlist(sl);
1379
3658
break;
1380
3659
1399
3678
wrong_args("--gen-revoke user-id");
1400
3679
username = make_username(*argv);
1401
3680
gen_revoke( username );
1402
gcry_free( username );
3681
xfree( username );
3682
break;
3683
3684
case aDesigRevoke:
3685
if( argc != 1 )
3686
wrong_args("--desig-revoke user-id");
3687
username = make_username(*argv);
3688
gen_desig_revoke( username, locusr );
3689
xfree( username );
1403
3690
break;
1404
3691
1405
3692
case aDeArmor:
1407
3694
wrong_args("--dearmor [file]");
1408
3695
rc = dearmor_file( argc? *argv: NULL );
1409
3696
if( rc )
1410
log_error(_("dearmoring failed: %s\n"), gpg_errstr(rc));
3697
log_error(_("dearmoring failed: %s\n"), g10_errstr(rc));
1411
3698
break;
1412
3699
1413
3700
case aEnArmor:
1415
3702
wrong_args("--enarmor [file]");
1416
3703
rc = enarmor_file( argc? *argv: NULL );
1417
3704
if( rc )
1418
log_error(_("enarmoring failed: %s\n"), gpg_errstr(rc));
3705
log_error(_("enarmoring failed: %s\n"), g10_errstr(rc));
1419
3706
break;
1420
3707
1421
3708
1422
3709
case aPrimegen:
1423
{
1424
#if 1
1425
log_error( "command is currently not implemented\n");
1426
#else
1427
/* FIXME: disabled until we have an API to create primes */
1428
int mode = argc < 2 ? 0 : atoi(*argv);
3710
#if 0 /*FIXME*/
3711
{ int mode = argc < 2 ? 0 : atoi(*argv);
1429
3712
1430
3713
if( mode == 1 && argc == 2 ) {
1431
3714
mpi_print( stdout, generate_public_prime( atoi(argv[1]) ), 1);
1450
3733
atoi(argv[2]), g, NULL ), 1);
1451
3734
putchar('\n');
1452
3735
mpi_print( stdout, g, 1 );
1453
mpi_release(g);
3736
mpi_free(g);
1454
3737
}
1455
3738
else
1456
3739
wrong_args("--gen-prime mode bits [qbits] ");
1457
3740
putchar('\n');
1458
#endif
1459
3741
}
3742
#endif
3743
wrong_args("--gen-prime not yet supported ");
1460
3744
break;
1461
3745
1462
3746
case aGenRandom:
1470
3754
1471
3755
while( endless || count ) {
1472
3756
byte *p;
1473
size_t n = !endless && count < 100? count : 100;
3757
/* Wee need a multiple of 3, so that in case of
3758
armored output we get a correct string. No
3759
linefolding is done, as it is best to levae this to
3760
other tools */
3761
size_t n = !endless && count < 99? count : 99;
1474
3762
1475
p = gcry_random_bytes( n, level );
1476
#ifdef HAVE_DOSISH_SYSTEM
3763
p = gcry_random_bytes (n, level);
3764
#ifdef HAVE_DOSISH_SYSTEM
1477
3765
setmode ( fileno(stdout), O_BINARY );
1478
#endif
1479
fwrite( p, n, 1, stdout );
1480
gcry_free(p);
3766
#endif
3767
if (opt.armor) {
3768
char *tmp = make_radix64_string (p, n);
3769
fputs (tmp, stdout);
3770
xfree (tmp);
3771
if (n%3 == 1)
3772
putchar ('=');
3773
if (n%3)
3774
putchar ('=');
3775
} else {
3776
fwrite( p, n, 1, stdout );
3777
}
3778
xfree(p);
1481
3779
if( !endless )
1482
3780
count -= n;
1483
3781
}
3782
if (opt.armor)
3783
putchar ('\n');
1484
3784
}
1485
3785
break;
1486
3786
1489
3789
wrong_args("--print-md algo [files]");
1490
3790
{
1491
3791
int all_algos = (**argv=='*' && !(*argv)[1]);
1492
int algo = all_algos? 0 : gcry_md_map_name(*argv);
1493
1494
if( !algo && !all_algos )
1495
log_error(_("invalid hash algorithm `%s'\n"), *argv );
1496
else {
1497
argc--; argv++;
1498
if( !argc )
1499
print_mds(NULL, algo, NULL);
1500
else {
1501
for(; argc; argc--, argv++ )
1502
print_mds(*argv, algo, NULL);
1503
}
1504
}
1505
}
1506
break;
1507
1508
case aPrintHMAC:
1509
if( argc < 2 )
1510
wrong_args("--print-hmac hash-algo key [files]");
1511
{
1512
int all_algos = (**argv=='*' && !(*argv)[1]);
1513
int algo = all_algos? 0 : gcry_md_map_name(*argv);
1514
1515
if( !algo && !all_algos )
1516
log_error(_("invalid hash algorithm `%s'\n"), *argv );
1517
else {
1518
const char *key;
1519
argc--; argv++;
1520
key = *argv;
1521
argc--; argv++;
1522
if( !argc )
1523
print_mds(NULL, algo, key );
1524
else {
1525
for(; argc; argc--, argv++ )
1526
print_mds(*argv, algo, key );
1527
}
1528
}
1529
}
1530
break;
1531
3792
int algo = all_algos? 0 : gcry_md_map_name (*argv);
3793
3794
if( !algo && !all_algos )
3795
log_error(_("invalid hash algorithm `%s'\n"), *argv );
3796
else {
3797
argc--; argv++;
3798
if( !argc )
3799
print_mds(NULL, algo);
3800
else {
3801
for(; argc; argc--, argv++ )
3802
print_mds(*argv, algo);
3803
}
3804
}
3805
}
3806
break;
1532
3807
1533
3808
case aPrintMDs: /* old option */
1534
3809
if( !argc )
1535
print_mds(NULL,0,NULL);
3810
print_mds(NULL,0);
1536
3811
else {
1537
3812
for(; argc; argc--, argv++ )
1538
print_mds(*argv,0,NULL);
3813
print_mds(*argv,0);
1539
3814
}
1540
3815
break;
1541
3816
1555
3830
break;
1556
3831
1557
3832
case aCheckTrustDB:
1558
if( !argc )
1559
check_trustdb(NULL);
1560
else {
1561
for( ; argc; argc--, argv++ ) {
1562
username = make_username( *argv );
1563
check_trustdb( username );
1564
gcry_free(username);
1565
}
1566
}
3833
/* Old versions allowed for arguments - ignore them */
3834
check_trustdb();
1567
3835
break;
1568
3836
1569
3837
case aFixTrustDB:
1578
3846
for( ; argc; argc--, argv++ ) {
1579
3847
username = make_username( *argv );
1580
3848
list_trust_path( username );
1581
gcry_free(username);
3849
xfree(username);
1582
3850
}
1583
3851
break;
1584
3852
1593
3861
wrong_args("--import-ownertrust [file]");
1594
3862
import_ownertrust( argc? *argv:NULL );
1595
3863
break;
3864
3865
case aRebuildKeydbCaches:
3866
if (argc)
3867
wrong_args ("--rebuild-keydb-caches");
3868
keydb_rebuild_caches (1);
3869
break;
3870
3871
#ifdef ENABLE_CARD_SUPPORT
3872
case aCardStatus:
3873
if (argc)
3874
wrong_args ("--card-status");
3875
card_status (stdout, NULL, 0);
3876
break;
3877
3878
case aCardEdit:
3879
if (argc) {
3880
sl = NULL;
3881
for (argc--, argv++ ; argc; argc--, argv++)
3882
append_to_strlist (&sl, *argv);
3883
card_edit (sl);
3884
free_strlist (sl);
3885
}
3886
else
3887
card_edit (NULL);
3888
break;
3889
3890
case aChangePIN:
3891
if (!argc)
3892
change_pin (0,1);
3893
else if (argc == 1)
3894
change_pin (atoi (*argv),1);
3895
else
3896
wrong_args ("--change-pin [no]");
3897
break;
3898
#endif /* ENABLE_CARD_SUPPORT*/
3899
3900
case aListConfig:
3901
{
3902
char *str=collapse_args(argc,argv);
3903
list_config(str);
3904
xfree(str);
3905
}
3906
break;
1596
3907
1597
3908
case aListPackets:
1598
opt.list_packets=1;
3909
opt.list_packets=2;
1599
3910
default:
1600
3911
if( argc > 1 )
1601
3912
wrong_args(_("[filename]"));
1604
3915
&& isatty( fileno(stdout) ) && isatty( fileno(stderr) ) )
1605
3916
log_info(_("Go ahead and type your message ...\n"));
1606
3917
1607
if( !(a = iobuf_open(fname)) )
3918
a = iobuf_open(fname);
3919
if (a && is_secured_file (iobuf_get_fd (a)))
3920
{
3921
iobuf_close (a);
3922
a = NULL;
3923
errno = EPERM;
3924
}
3925
if( !a )
1608
3926
log_error(_("can't open `%s'\n"), print_fname_stdin(fname));
1609
3927
else {
1610
3928
1611
3929
if( !opt.no_armor ) {
1612
3930
if( use_armor_filter( a ) ) {
1613
memset( &afx, 0, sizeof afx);
1614
iobuf_push_filter( a, armor_filter, &afx );
3931
afx = new_armor_context ();
3932
push_armor_filter (afx, a);
1615
3933
}
1616
3934
}
1617
3935
if( cmd == aListPackets ) {
1620
3938
}
1621
3939
rc = proc_packets(NULL, a );
1622
3940
if( rc )
1623
log_error("processing message failed: %s\n", gpg_errstr(rc) );
3941
log_error("processing message failed: %s\n", g10_errstr(rc) );
1624
3942
iobuf_close(a);
1625
3943
}
1626
3944
break;
1627
}
3945
}
1628
3946
1629
3947
/* cleanup */
3948
release_armor_context (afx);
1630
3949
FREE_STRLIST(remusr);
1631
3950
FREE_STRLIST(locusr);
1632
gpg_exit(0);
3951
g10_exit(0);
1633
3952
return 8; /*NEVER REACHED*/
1634
3953
}
1635
3954
1636
3955
3956
/* Note: This function is used by signal handlers!. */
3957
static void
3958
emergency_cleanup (void)
3959
{
3960
gcry_control (GCRYCTL_TERM_SECMEM );
3961
}
3962
3963
1637
3964
void
1638
gpg_exit( int rc )
1639
{
1640
#if 0
1641
#warning no update_random_seed_file
1642
update_random_seed_file();
1643
#endif
1644
if( opt.debug & DBG_MEMSTAT_VALUE ) {
1645
gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
1646
gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
1647
}
1648
if( opt.debug )
1649
gcry_control( GCRYCTL_DUMP_SECMEM_STATS );
1650
gcry_control( GCRYCTL_TERM_SECMEM );
1651
rc = rc? rc : log_get_errorcount(0)? 2 :
1652
gpg_errors_seen? 1 : 0;
1653
/*write_status( STATUS_LEAVE );*/
1654
exit(rc );
1655
}
1656
1657
1658
1659
1660
static void
1661
print_hex( byte *p, size_t n )
1662
{
1663
int i;
1664
1665
if( n == 20 ) {
1666
for(i=0; i < n ; i++, i++, p += 2 ) {
1667
if( i )
1668
putchar(' ');
1669
if( i == 10 )
1670
putchar(' ');
1671
printf("%02X%02X", *p, p[1] );
1672
}
1673
}
1674
else if( n == 24 ) {
1675
for(i=0; i < n ; i += 4, p += 4 ) {
1676
if( i )
1677
putchar(' ');
1678
if( i == 12 )
1679
putchar(' ');
1680
printf("%02X%02X%02X%02X", *p, p[1], p[2], p[3] );
1681
}
1682
}
1683
else {
1684
for(i=0; i < n ; i++, p++ ) {
1685
if( i )
1686
putchar(' ');
1687
if( i && !(i%8) )
1688
putchar(' ');
1689
printf("%02X", *p );
1690
}
1691
}
1692
}
1693
1694
static void
1695
print_mds( const char *fname, int algo, const char *key )
3965
g10_exit( int rc )
3966
{
3967
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
3968
if ( (opt.debug & DBG_MEMSTAT_VALUE) )
3969
{
3970
gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
3971
gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
3972
}
3973
if (opt.debug)
3974
gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
3975
3976
emergency_cleanup ();
3977
3978
rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
3979
exit (rc);
3980
}
3981
3982
3983
/* Pretty-print hex hashes. This assumes at least an 80-character
3984
display, but there are a few other similar assumptions in the
3985
display code. */
3986
static void
3987
print_hex( gcry_md_hd_t md, int algo, const char *fname )
3988
{
3989
int i,n,count,indent=0;
3990
const byte *p;
3991
3992
if(fname)
3993
indent=printf("%s: ",fname);
3994
3995
if(indent>40)
3996
{
3997
printf("\n");
3998
indent=0;
3999
}
4000
4001
if(algo==DIGEST_ALGO_RMD160)
4002
indent+=printf("RMD160 = ");
4003
else if(algo>0)
4004
indent+=printf("%6s = ", gcry_md_algo_name (algo));
4005
else
4006
algo=abs(algo);
4007
4008
count=indent;
4009
4010
p = gcry_md_read (md, algo);
4011
n = gcry_md_get_algo_dlen (algo);
4012
4013
count += printf ("%02X",*p++);
4014
4015
for(i=1;i<n;i++,p++)
4016
{
4017
if(n==16)
4018
{
4019
if(count+2>79)
4020
{
4021
printf("\n%*s",indent," ");
4022
count=indent;
4023
}
4024
else
4025
count+=printf(" ");
4026
4027
if(!(i%8))
4028
count+=printf(" ");
4029
}
4030
else if (n==20)
4031
{
4032
if(!(i%2))
4033
{
4034
if(count+4>79)
4035
{
4036
printf("\n%*s",indent," ");
4037
count=indent;
4038
}
4039
else
4040
count+=printf(" ");
4041
}
4042
4043
if(!(i%10))
4044
count+=printf(" ");
4045
}
4046
else
4047
{
4048
if(!(i%4))
4049
{
4050
if(count+8>79)
4051
{
4052
printf("\n%*s",indent," ");
4053
count=indent;
4054
}
4055
else
4056
count+=printf(" ");
4057
}
4058
}
4059
4060
count+=printf("%02X",*p);
4061
}
4062
4063
printf("\n");
4064
}
4065
4066
static void
4067
print_hashline( gcry_md_hd_t md, int algo, const char *fname )
4068
{
4069
int i, n;
4070
const byte *p;
4071
4072
if ( fname ) {
4073
for (p = fname; *p; p++ ) {
4074
if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
4075
printf("%%%02X", *p );
4076
else
4077
putchar( *p );
4078
}
4079
}
4080
putchar(':');
4081
printf("%d:", algo );
4082
p = gcry_md_read (md, algo);
4083
n = gcry_md_get_algo_dlen (algo);
4084
for(i=0; i < n ; i++, p++ )
4085
printf("%02X", *p );
4086
putchar(':');
4087
putchar('\n');
4088
}
4089
4090
static void
4091
print_mds( const char *fname, int algo )
1696
4092
{
1697
4093
FILE *fp;
1698
4094
char buf[1024];
1699
4095
size_t n;
1700
GCRY_MD_HD md;
1701
char *pname;
1702
int have_tiger = 0;
4096
gcry_md_hd_t md;
1703
4097
1704
4098
if( !fname ) {
1705
4099
fp = stdin;
1706
#ifdef HAVE_DOSISH_SYSTEM
4100
#ifdef HAVE_DOSISH_SYSTEM
1707
4101
setmode ( fileno(fp) , O_BINARY );
1708
#endif
1709
pname = gcry_xstrdup("[stdin]: ");
4102
#endif
1710
4103
}
1711
4104
else {
1712
pname = gcry_xmalloc(strlen(fname)+3);
1713
strcpy(stpcpy(pname,fname),": ");
1714
4105
fp = fopen( fname, "rb" );
4106
if (fp && is_secured_file (fileno (fp)))
4107
{
4108
fclose (fp);
4109
fp = NULL;
4110
errno = EPERM;
4111
}
1715
4112
}
1716
4113
if( !fp ) {
1717
log_error("%s%s\n", pname, strerror(errno) );
1718
gcry_free(pname);
4114
log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
1719
4115
return;
1720
4116
}
1721
4117
1722
md = gcry_md_open( 0, key? GCRY_MD_FLAG_HMAC : 0 );
4118
gcry_md_open (&md, 0, 0);
1723
4119
if( algo )
1724
gcry_md_enable( md, algo );
4120
gcry_md_enable (md, algo);
1725
4121
else {
1726
/* Fixme: this does not work with hmac */
1727
gcry_md_enable( md, GCRY_MD_MD5 );
1728
gcry_md_enable( md, GCRY_MD_SHA1 );
1729
gcry_md_enable( md, GCRY_MD_RMD160 );
1730
have_tiger = !gcry_md_enable( md, GCRY_MD_TIGER );
4122
gcry_md_enable (md, GCRY_MD_MD5);
4123
gcry_md_enable (md, GCRY_MD_SHA1);
4124
gcry_md_enable (md, GCRY_MD_RMD160);
4125
if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
4126
gcry_md_enable (md, DIGEST_ALGO_SHA224);
4127
if (!openpgp_md_test_algo (GCRY_MD_SHA256))
4128
gcry_md_enable (md, GCRY_MD_SHA256);
4129
if (!openpgp_md_test_algo (GCRY_MD_SHA384))
4130
gcry_md_enable (md, GCRY_MD_SHA384);
4131
if (!openpgp_md_test_algo (GCRY_MD_SHA512))
4132
gcry_md_enable (md, GCRY_MD_SHA512);
1731
4133
}
1732
if( key )
1733
gcry_md_setkey( md, key, strlen(key) );
1734
4134
1735
4135
while( (n=fread( buf, 1, DIM(buf), fp )) )
1736
gcry_md_write( md, buf, n );
4136
gcry_md_write (md, buf, n);
1737
4137
if( ferror(fp) )
1738
log_error("%s%s\n", pname, strerror(errno) );
4138
log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
1739
4139
else {
1740
if( algo ) {
1741
if( fname )
1742
fputs( pname, stdout );
1743
print_hex(gcry_md_read(md, algo), gcry_md_get_algo_dlen(algo) );
1744
}
1745
else {
1746
printf( "%s MD5 = ", fname?pname:"" );
1747
print_hex(gcry_md_read(md, GCRY_MD_MD5), 16 );
1748
printf("\n%s SHA1 = ", fname?pname:"" );
1749
print_hex(gcry_md_read(md, GCRY_MD_SHA1), 20 );
1750
printf("\n%sRMD160 = ", fname?pname:"" );
1751
print_hex(gcry_md_read(md, GCRY_MD_RMD160), 20 );
1752
if( have_tiger ) {
1753
printf("\n%s TIGER = ", fname?pname:"" );
1754
print_hex(gcry_md_read(md, GCRY_MD_TIGER), 24 );
1755
}
1756
}
1757
putchar('\n');
4140
gcry_md_final (md);
4141
if ( opt.with_colons ) {
4142
if ( algo )
4143
print_hashline( md, algo, fname );
4144
else {
4145
print_hashline( md, GCRY_MD_MD5, fname );
4146
print_hashline( md, GCRY_MD_SHA1, fname );
4147
print_hashline( md, GCRY_MD_RMD160, fname );
4148
if (!gcry_md_test_algo (DIGEST_ALGO_SHA224))
4149
print_hashline (md, DIGEST_ALGO_SHA224, fname);
4150
if (!gcry_md_test_algo (GCRY_MD_SHA256))
4151
print_hashline( md, GCRY_MD_SHA256, fname );
4152
if (!gcry_md_test_algo (GCRY_MD_SHA384))
4153
print_hashline ( md, GCRY_MD_SHA384, fname );
4154
if (!gcry_md_test_algo (GCRY_MD_SHA512))
4155
print_hashline ( md, GCRY_MD_SHA512, fname );
4156
}
4157
}
4158
else {
4159
if( algo )
4160
print_hex(md,-algo,fname);
4161
else {
4162
print_hex( md, GCRY_MD_MD5, fname );
4163
print_hex( md, GCRY_MD_SHA1, fname );
4164
print_hex( md, GCRY_MD_RMD160, fname );
4165
if (!gcry_md_test_algo (DIGEST_ALGO_SHA224))
4166
print_hex (md, DIGEST_ALGO_SHA224, fname);
4167
if (!gcry_md_test_algo (GCRY_MD_SHA256))
4168
print_hex( md, GCRY_MD_SHA256, fname );
4169
if (!gcry_md_test_algo (GCRY_MD_SHA384))
4170
print_hex( md, GCRY_MD_SHA384, fname );
4171
if (!gcry_md_test_algo (GCRY_MD_SHA512))
4172
print_hex( md, GCRY_MD_SHA512, fname );
4173
}
4174
}
1758
4175
}
1759
4176
gcry_md_close(md);
1760
4177
1765
4182
1766
4183
/****************
1767
4184
* Check the supplied name,value string and add it to the notation
1768
* data to be used for signatures.
1769
*/
1770
static void
1771
add_notation_data( const char *string )
1772
{
1773
const char *s;
1774
const char *s2;
1775
STRLIST sl;
1776
int critical=0;
1777
int highbit=0;
1778
1779
if( *string == '!' ) {
1780
critical = 1;
1781
string++;
1782
}
1783
s = string;
1784
1785
if( !*s || (*s & 0x80) || (!isalpha(*s) && *s != '_') ) {
1786
log_error(_("the first character of a notation name "
1787
"must be a letter or an underscore\n") );
1788
return;
1789
}
1790
for(s++; *s != '='; s++ ) {
1791
if( !*s || (*s & 0x80) || (!isalnum(*s) && *s != '_' && *s != '.' ) ) {
1792
log_error(_("a notation name must have only letters, "
1793
"digits, dots or underscores and end with an '='\n") );
1794
return;
1795
}
1796
}
1797
if( s[-1] == '.' || ((s2=strstr(string, "..")) && s2 < s ) ) {
1798
log_error(_("dots in a notation name must be surrounded "
1799
"by other characters\n") );
1800
return;
1801
}
1802
/* we do only support printabe text - therefore we enforce the use
1803
* of only printable characters (an empty value is valid) */
1804
for( s++; *s ; s++ ) {
1805
if( iscntrl(*s) ) {
1806
log_error(_("a notation value must not use "
1807
"any control characters\n") );
1808
return;
1809
}
1810
else if( *s & 0x80 )
1811
highbit = 1;
1812
}
1813
1814
if( highbit ) /* must use UTF8 encoding */
1815
sl = add_to_strlist2( &opt.notation_data, string, utf8_strings );
1816
else
1817
sl = add_to_strlist( &opt.notation_data, string );
1818
1819
if( critical )
1820
sl->flags |= 1;
1821
}
1822
1823
1824
static int
1825
check_policy_url( const char *s )
1826
{
1827
if( *s == '!' )
1828
s++;
1829
if( !*s )
1830
return -1;
1831
for(; *s ; s++ ) {
1832
if( (*s & 0x80) || iscntrl(*s) )
1833
return -1;
1834
}
1835
return 0;
4185
* data to be used for signatures. which==0 for sig notations, and 1
4186
* for cert notations.
4187
*/
4188
static void
4189
add_notation_data( const char *string, int which )
4190
{
4191
struct notation *notation;
4192
4193
notation=string_to_notation(string,utf8_strings);
4194
if(notation)
4195
{
4196
if(which)
4197
{
4198
notation->next=opt.cert_notations;
4199
opt.cert_notations=notation;
4200
}
4201
else
4202
{
4203
notation->next=opt.sig_notations;
4204
opt.sig_notations=notation;
4205
}
4206
}
4207
}
4208
4209
static void
4210
add_policy_url( const char *string, int which )
4211
{
4212
unsigned int i,critical=0;
4213
strlist_t sl;
4214
4215
if(*string=='!')
4216
{
4217
string++;
4218
critical=1;
4219
}
4220
4221
for(i=0;i<strlen(string);i++)
4222
if( !isascii (string[i]) || iscntrl(string[i]))
4223
break;
4224
4225
if(i==0 || i<strlen(string))
4226
{
4227
if(which)
4228
log_error(_("the given certification policy URL is invalid\n"));
4229
else
4230
log_error(_("the given signature policy URL is invalid\n"));
4231
}
4232
4233
if(which)
4234
sl=add_to_strlist( &opt.cert_policy_url, string );
4235
else
4236
sl=add_to_strlist( &opt.sig_policy_url, string );
4237
4238
if(critical)
4239
sl->flags |= 1;
4240
}
4241
4242
static void
4243
add_keyserver_url( const char *string, int which )
4244
{
4245
unsigned int i,critical=0;
4246
strlist_t sl;
4247
4248
if(*string=='!')
4249
{
4250
string++;
4251
critical=1;
4252
}
4253
4254
for(i=0;i<strlen(string);i++)
4255
if( !isascii (string[i]) || iscntrl(string[i]))
4256
break;
4257
4258
if(i==0 || i<strlen(string))
4259
{
4260
if(which)
4261
BUG();
4262
else
4263
log_error(_("the given preferred keyserver URL is invalid\n"));
4264
}
4265
4266
if(which)
4267
BUG();
4268
else
4269
sl=add_to_strlist( &opt.sig_keyserver_url, string );
4270
4271
if(critical)
4272
sl->flags |= 1;
1836
4273
}
1837
4274
Loggerhead is a web-based interface for Breezy
Version: 2.0.1