Line data Source code
1 : /* gpg.c - The GnuPG utility (main for gpg)
2 : * Copyright (C) 1998-2011 Free Software Foundation, Inc.
3 : * Copyright (C) 1997-2016 Werner Koch
4 : * Copyright (C) 2015-2016 g10 Code GmbH
5 : *
6 : * This file is part of GnuPG.
7 : *
8 : * GnuPG is free software; you can redistribute it and/or modify
9 : * it under the terms of the GNU General Public License as published by
10 : * the Free Software Foundation; either version 3 of the License, or
11 : * (at your option) any later version.
12 : *
13 : * GnuPG is distributed in the hope that it will be useful,
14 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : * GNU General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU General Public License
19 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include <config.h>
23 : #include <errno.h>
24 : #include <stdio.h>
25 : #include <stdlib.h>
26 : #include <string.h>
27 : #include <ctype.h>
28 : #include <unistd.h>
29 : #ifdef HAVE_STAT
30 : #include <sys/stat.h> /* for stat() */
31 : #endif
32 : #include <fcntl.h>
33 : #ifdef HAVE_W32_SYSTEM
34 : # ifdef HAVE_WINSOCK2_H
35 : # include <winsock2.h>
36 : # endif
37 : # include <windows.h>
38 : #endif
39 :
40 : #define INCLUDED_BY_MAIN_MODULE 1
41 : #include "gpg.h"
42 : #include <assuan.h>
43 : #include "../common/iobuf.h"
44 : #include "util.h"
45 : #include "packet.h"
46 : #include "membuf.h"
47 : #include "main.h"
48 : #include "options.h"
49 : #include "keydb.h"
50 : #include "trustdb.h"
51 : #include "filter.h"
52 : #include "ttyio.h"
53 : #include "i18n.h"
54 : #include "sysutils.h"
55 : #include "status.h"
56 : #include "keyserver-internal.h"
57 : #include "exec.h"
58 : #include "gc-opt-flags.h"
59 : #include "asshelp.h"
60 : #include "call-dirmngr.h"
61 : #include "tofu.h"
62 : #include "../common/init.h"
63 : #include "../common/mbox-util.h"
64 : #include "../common/shareddefs.h"
65 :
66 : #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
67 : #define MY_O_BINARY O_BINARY
68 : #ifndef S_IRGRP
69 : # define S_IRGRP 0
70 : # define S_IWGRP 0
71 : #endif
72 : #else
73 : #define MY_O_BINARY 0
74 : #endif
75 :
76 :
77 : enum cmd_and_opt_values
78 : {
79 : aNull = 0,
80 : oArmor = 'a',
81 : aDetachedSign = 'b',
82 : aSym = 'c',
83 : aDecrypt = 'd',
84 : aEncr = 'e',
85 : oRecipientFile = 'f',
86 : oHiddenRecipientFile = 'F',
87 : oInteractive = 'i',
88 : aListKeys = 'k',
89 : oDryRun = 'n',
90 : oOutput = 'o',
91 : oQuiet = 'q',
92 : oRecipient = 'r',
93 : oHiddenRecipient = 'R',
94 : aSign = 's',
95 : oTextmodeShort= 't',
96 : oLocalUser = 'u',
97 : oVerbose = 'v',
98 : oCompress = 'z',
99 : oSetNotation = 'N',
100 : aListSecretKeys = 'K',
101 : oBatch = 500,
102 : oMaxOutput,
103 : oInputSizeHint,
104 : oSigNotation,
105 : oCertNotation,
106 : oShowNotation,
107 : oNoShowNotation,
108 : aEncrFiles,
109 : aEncrSym,
110 : aDecryptFiles,
111 : aClearsign,
112 : aStore,
113 : aQuickKeygen,
114 : aFullKeygen,
115 : aKeygen,
116 : aSignEncr,
117 : aSignEncrSym,
118 : aSignSym,
119 : aSignKey,
120 : aLSignKey,
121 : aQuickSignKey,
122 : aQuickLSignKey,
123 : aQuickAddUid,
124 : aQuickAddKey,
125 : aQuickRevUid,
126 : aListConfig,
127 : aListGcryptConfig,
128 : aGPGConfList,
129 : aGPGConfTest,
130 : aListPackets,
131 : aEditKey,
132 : aDeleteKeys,
133 : aDeleteSecretKeys,
134 : aDeleteSecretAndPublicKeys,
135 : aImport,
136 : aFastImport,
137 : aVerify,
138 : aVerifyFiles,
139 : aListSigs,
140 : aSendKeys,
141 : aRecvKeys,
142 : aLocateKeys,
143 : aSearchKeys,
144 : aRefreshKeys,
145 : aFetchKeys,
146 : aExport,
147 : aExportSecret,
148 : aExportSecretSub,
149 : aExportSshKey,
150 : aCheckKeys,
151 : aGenRevoke,
152 : aDesigRevoke,
153 : aPrimegen,
154 : aPrintMD,
155 : aPrintMDs,
156 : aCheckTrustDB,
157 : aUpdateTrustDB,
158 : aFixTrustDB,
159 : aListTrustDB,
160 : aListTrustPath,
161 : aExportOwnerTrust,
162 : aImportOwnerTrust,
163 : aDeArmor,
164 : aEnArmor,
165 : aGenRandom,
166 : aRebuildKeydbCaches,
167 : aCardStatus,
168 : aCardEdit,
169 : aChangePIN,
170 : aPasswd,
171 : aServer,
172 : aTOFUPolicy,
173 :
174 : oMimemode,
175 : oTextmode,
176 : oNoTextmode,
177 : oExpert,
178 : oNoExpert,
179 : oDefSigExpire,
180 : oAskSigExpire,
181 : oNoAskSigExpire,
182 : oDefCertExpire,
183 : oAskCertExpire,
184 : oNoAskCertExpire,
185 : oDefCertLevel,
186 : oMinCertLevel,
187 : oAskCertLevel,
188 : oNoAskCertLevel,
189 : oFingerprint,
190 : oWithFingerprint,
191 : oWithSubkeyFingerprint,
192 : oWithICAOSpelling,
193 : oWithKeygrip,
194 : oWithSecret,
195 : oWithWKDHash,
196 : oWithColons,
197 : oWithKeyData,
198 : oWithTofuInfo,
199 : oWithSigList,
200 : oWithSigCheck,
201 : oAnswerYes,
202 : oAnswerNo,
203 : oKeyring,
204 : oPrimaryKeyring,
205 : oSecretKeyring,
206 : oShowKeyring,
207 : oDefaultKey,
208 : oDefRecipient,
209 : oDefRecipientSelf,
210 : oNoDefRecipient,
211 : oTrySecretKey,
212 : oOptions,
213 : oDebug,
214 : oDebugLevel,
215 : oDebugAll,
216 : oDebugIOLBF,
217 : oStatusFD,
218 : oStatusFile,
219 : oAttributeFD,
220 : oAttributeFile,
221 : oEmitVersion,
222 : oNoEmitVersion,
223 : oCompletesNeeded,
224 : oMarginalsNeeded,
225 : oMaxCertDepth,
226 : oLoadExtension,
227 : oGnuPG,
228 : oRFC2440,
229 : oRFC4880,
230 : oRFC4880bis,
231 : oOpenPGP,
232 : oPGP6,
233 : oPGP7,
234 : oPGP8,
235 : oRFC2440Text,
236 : oNoRFC2440Text,
237 : oCipherAlgo,
238 : oDigestAlgo,
239 : oCertDigestAlgo,
240 : oCompressAlgo,
241 : oCompressLevel,
242 : oBZ2CompressLevel,
243 : oBZ2DecompressLowmem,
244 : oPassphrase,
245 : oPassphraseFD,
246 : oPassphraseFile,
247 : oPassphraseRepeat,
248 : oPinentryMode,
249 : oCommandFD,
250 : oCommandFile,
251 : oQuickRandom,
252 : oNoVerbose,
253 : oTrustDBName,
254 : oNoSecmemWarn,
255 : oRequireSecmem,
256 : oNoRequireSecmem,
257 : oNoPermissionWarn,
258 : oNoMDCWarn,
259 : oNoArmor,
260 : oNoDefKeyring,
261 : oNoKeyring,
262 : oNoGreeting,
263 : oNoTTY,
264 : oNoOptions,
265 : oNoBatch,
266 : oHomedir,
267 : oSkipVerify,
268 : oSkipHiddenRecipients,
269 : oNoSkipHiddenRecipients,
270 : oAlwaysTrust,
271 : oTrustModel,
272 : oForceOwnertrust,
273 : oSetFilename,
274 : oForYourEyesOnly,
275 : oNoForYourEyesOnly,
276 : oSetPolicyURL,
277 : oSigPolicyURL,
278 : oCertPolicyURL,
279 : oShowPolicyURL,
280 : oNoShowPolicyURL,
281 : oSigKeyserverURL,
282 : oUseEmbeddedFilename,
283 : oNoUseEmbeddedFilename,
284 : oComment,
285 : oDefaultComment,
286 : oNoComments,
287 : oThrowKeyids,
288 : oNoThrowKeyids,
289 : oShowPhotos,
290 : oNoShowPhotos,
291 : oPhotoViewer,
292 : oForceMDC,
293 : oNoForceMDC,
294 : oDisableMDC,
295 : oNoDisableMDC,
296 : oS2KMode,
297 : oS2KDigest,
298 : oS2KCipher,
299 : oS2KCount,
300 : oDisplayCharset,
301 : oNotDashEscaped,
302 : oEscapeFrom,
303 : oNoEscapeFrom,
304 : oLockOnce,
305 : oLockMultiple,
306 : oLockNever,
307 : oKeyServer,
308 : oKeyServerOptions,
309 : oImportOptions,
310 : oImportFilter,
311 : oExportOptions,
312 : oExportFilter,
313 : oListOptions,
314 : oVerifyOptions,
315 : oTempDir,
316 : oExecPath,
317 : oEncryptTo,
318 : oHiddenEncryptTo,
319 : oNoEncryptTo,
320 : oEncryptToDefaultKey,
321 : oLoggerFD,
322 : oLoggerFile,
323 : oUtf8Strings,
324 : oNoUtf8Strings,
325 : oDisableCipherAlgo,
326 : oDisablePubkeyAlgo,
327 : oAllowNonSelfsignedUID,
328 : oNoAllowNonSelfsignedUID,
329 : oAllowFreeformUID,
330 : oNoAllowFreeformUID,
331 : oAllowSecretKeyImport,
332 : oEnableSpecialFilenames,
333 : oNoLiteral,
334 : oSetFilesize,
335 : oHonorHttpProxy,
336 : oFastListMode,
337 : oListOnly,
338 : oIgnoreTimeConflict,
339 : oIgnoreValidFrom,
340 : oIgnoreCrcError,
341 : oIgnoreMDCError,
342 : oShowSessionKey,
343 : oOverrideSessionKey,
344 : oNoRandomSeedFile,
345 : oAutoKeyRetrieve,
346 : oNoAutoKeyRetrieve,
347 : oUseAgent,
348 : oNoUseAgent,
349 : oGpgAgentInfo,
350 : oMergeOnly,
351 : oTryAllSecrets,
352 : oTrustedKey,
353 : oNoExpensiveTrustChecks,
354 : oFixedListMode,
355 : oLegacyListMode,
356 : oNoSigCache,
357 : oAutoCheckTrustDB,
358 : oNoAutoCheckTrustDB,
359 : oPreservePermissions,
360 : oDefaultPreferenceList,
361 : oDefaultKeyserverURL,
362 : oPersonalCipherPreferences,
363 : oPersonalDigestPreferences,
364 : oPersonalCompressPreferences,
365 : oAgentProgram,
366 : oDirmngrProgram,
367 : oDisplay,
368 : oTTYname,
369 : oTTYtype,
370 : oLCctype,
371 : oLCmessages,
372 : oXauthority,
373 : oGroup,
374 : oUnGroup,
375 : oNoGroups,
376 : oStrict,
377 : oNoStrict,
378 : oMangleDosFilenames,
379 : oNoMangleDosFilenames,
380 : oEnableProgressFilter,
381 : oMultifile,
382 : oKeyidFormat,
383 : oExitOnStatusWriteError,
384 : oLimitCardInsertTries,
385 : oReaderPort,
386 : octapiDriver,
387 : opcscDriver,
388 : oDisableCCID,
389 : oRequireCrossCert,
390 : oNoRequireCrossCert,
391 : oAutoKeyLocate,
392 : oNoAutoKeyLocate,
393 : oAllowMultisigVerification,
394 : oEnableLargeRSA,
395 : oDisableLargeRSA,
396 : oEnableDSA2,
397 : oDisableDSA2,
398 : oAllowMultipleMessages,
399 : oNoAllowMultipleMessages,
400 : oAllowWeakDigestAlgos,
401 : oFakedSystemTime,
402 : oNoAutostart,
403 : oPrintPKARecords,
404 : oPrintDANERecords,
405 : oTOFUDefaultPolicy,
406 : oTOFUDBFormat,
407 : oWeakDigest,
408 : oUnwrap,
409 : oOnlySignTextIDs,
410 : oDisableSignerUID,
411 : oSender,
412 :
413 : oNoop
414 : };
415 :
416 :
417 : static ARGPARSE_OPTS opts[] = {
418 :
419 : ARGPARSE_group (300, N_("@Commands:\n ")),
420 :
421 : ARGPARSE_c (aSign, "sign", N_("make a signature")),
422 : ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature")),
423 : ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")),
424 : ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")),
425 : ARGPARSE_c (aEncrFiles, "encrypt-files", "@"),
426 : ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
427 : ARGPARSE_c (aStore, "store", "@"),
428 : ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
429 : ARGPARSE_c (aDecryptFiles, "decrypt-files", "@"),
430 : ARGPARSE_c (aVerify, "verify" , N_("verify a signature")),
431 : ARGPARSE_c (aVerifyFiles, "verify-files" , "@" ),
432 : ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
433 : ARGPARSE_c (aListKeys, "list-public-keys", "@" ),
434 : ARGPARSE_c (aListSigs, "list-sigs", N_("list keys and signatures")),
435 : ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
436 : ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
437 : ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
438 : ARGPARSE_c (aKeygen, "gen-key",
439 : N_("generate a new key pair")),
440 : ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
441 : N_("quickly generate a new key pair")),
442 : ARGPARSE_c (aQuickAddUid, "quick-adduid",
443 : N_("quickly add a new user-id")),
444 : ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"),
445 : ARGPARSE_c (aQuickRevUid, "quick-revuid",
446 : N_("quickly revoke a user-id")),
447 : ARGPARSE_c (aFullKeygen, "full-gen-key" ,
448 : N_("full featured key pair generation")),
449 : ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
450 : ARGPARSE_c (aDeleteKeys,"delete-keys",
451 : N_("remove keys from the public keyring")),
452 : ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
453 : N_("remove keys from the secret keyring")),
454 : ARGPARSE_c (aQuickSignKey, "quick-sign-key" ,
455 : N_("quickly sign a key")),
456 : ARGPARSE_c (aQuickLSignKey, "quick-lsign-key",
457 : N_("quickly sign a key locally")),
458 : ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")),
459 : ARGPARSE_c (aLSignKey, "lsign-key" ,N_("sign a key locally")),
460 : ARGPARSE_c (aEditKey, "edit-key" ,N_("sign or edit a key")),
461 : ARGPARSE_c (aEditKey, "key-edit" ,"@"),
462 : ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")),
463 : ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
464 : ARGPARSE_c (aExport, "export" , N_("export keys") ),
465 : ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a keyserver") ),
466 : ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a keyserver") ),
467 : ARGPARSE_c (aSearchKeys, "search-keys" ,
468 : N_("search for keys on a keyserver") ),
469 : ARGPARSE_c (aRefreshKeys, "refresh-keys",
470 : N_("update all keys from a keyserver")),
471 : ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
472 : ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
473 : ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
474 : ARGPARSE_c (aExportSecretSub, "export-secret-subkeys" , "@" ),
475 : ARGPARSE_c (aExportSshKey, "export-ssh-key", "@" ),
476 : ARGPARSE_c (aImport, "import", N_("import/merge keys")),
477 : ARGPARSE_c (aFastImport, "fast-import", "@"),
478 : #ifdef ENABLE_CARD_SUPPORT
479 : ARGPARSE_c (aCardStatus, "card-status", N_("print the card status")),
480 : ARGPARSE_c (aCardEdit, "card-edit", N_("change data on a card")),
481 : ARGPARSE_c (aChangePIN, "change-pin", N_("change a card's PIN")),
482 : #endif
483 : ARGPARSE_c (aListConfig, "list-config", "@"),
484 : ARGPARSE_c (aListGcryptConfig, "list-gcrypt-config", "@"),
485 : ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
486 : ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
487 : ARGPARSE_c (aListPackets, "list-packets","@"),
488 :
489 : #ifndef NO_TRUST_MODELS
490 : ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
491 : ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
492 : ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
493 : N_("update the trust database")),
494 : ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
495 : ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
496 : #endif
497 :
498 : ARGPARSE_c (aDeArmor, "dearmor", "@"),
499 : ARGPARSE_c (aDeArmor, "dearmour", "@"),
500 : ARGPARSE_c (aEnArmor, "enarmor", "@"),
501 : ARGPARSE_c (aEnArmor, "enarmour", "@"),
502 : ARGPARSE_c (aPrintMD, "print-md", N_("print message digests")),
503 : ARGPARSE_c (aPrimegen, "gen-prime", "@" ),
504 : ARGPARSE_c (aGenRandom,"gen-random", "@" ),
505 : ARGPARSE_c (aServer, "server", N_("run in server mode")),
506 : ARGPARSE_c (aTOFUPolicy, "tofu-policy",
507 : N_("|VALUE|set the TOFU policy for a key")),
508 :
509 : ARGPARSE_group (301, N_("@\nOptions:\n ")),
510 :
511 : ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
512 : ARGPARSE_s_n (oArmor, "armour", "@"),
513 :
514 : ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
515 : ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
516 : ARGPARSE_s_s (oRecipientFile, "recipient-file", "@"),
517 : ARGPARSE_s_s (oHiddenRecipientFile, "hidden-recipient-file", "@"),
518 : ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */
519 : ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
520 : ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"),
521 : ARGPARSE_s_n (oNoDefRecipient, "no-default-recipient", "@"),
522 :
523 : ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
524 : ARGPARSE_s_s (oExecPath, "exec-path", "@"),
525 : ARGPARSE_s_s (oEncryptTo, "encrypt-to", "@"),
526 : ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"),
527 : ARGPARSE_s_s (oHiddenEncryptTo, "hidden-encrypt-to", "@"),
528 : ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"),
529 : ARGPARSE_s_s (oLocalUser, "local-user",
530 : N_("|USER-ID|use USER-ID to sign or decrypt")),
531 : ARGPARSE_s_s (oSender, "sender", "@"),
532 :
533 : ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"),
534 :
535 : ARGPARSE_s_i (oCompress, NULL,
536 : N_("|N|set compress level to N (0 disables)")),
537 : ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
538 : ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
539 : ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
540 :
541 : ARGPARSE_s_n (oMimemode, "mimemode", "@"),
542 : ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
543 : ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
544 : ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
545 :
546 : ARGPARSE_s_n (oExpert, "expert", "@"),
547 : ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
548 :
549 : ARGPARSE_s_s (oDefSigExpire, "default-sig-expire", "@"),
550 : ARGPARSE_s_n (oAskSigExpire, "ask-sig-expire", "@"),
551 : ARGPARSE_s_n (oNoAskSigExpire, "no-ask-sig-expire", "@"),
552 : ARGPARSE_s_s (oDefCertExpire, "default-cert-expire", "@"),
553 : ARGPARSE_s_n (oAskCertExpire, "ask-cert-expire", "@"),
554 : ARGPARSE_s_n (oNoAskCertExpire, "no-ask-cert-expire", "@"),
555 : ARGPARSE_s_i (oDefCertLevel, "default-cert-level", "@"),
556 : ARGPARSE_s_i (oMinCertLevel, "min-cert-level", "@"),
557 : ARGPARSE_s_n (oAskCertLevel, "ask-cert-level", "@"),
558 : ARGPARSE_s_n (oNoAskCertLevel, "no-ask-cert-level", "@"),
559 :
560 : ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
561 : ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
562 : ARGPARSE_s_s (oInputSizeHint, "input-size-hint", "@"),
563 :
564 : ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
565 : ARGPARSE_s_n (oQuiet, "quiet", "@"),
566 : ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
567 :
568 : ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
569 : ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
570 : ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
571 : ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
572 :
573 : ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
574 :
575 : ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
576 : ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
577 :
578 : ARGPARSE_s_n (oBatch, "batch", "@"),
579 : ARGPARSE_s_n (oAnswerYes, "yes", "@"),
580 : ARGPARSE_s_n (oAnswerNo, "no", "@"),
581 : ARGPARSE_s_s (oKeyring, "keyring", "@"),
582 : ARGPARSE_s_s (oPrimaryKeyring, "primary-keyring", "@"),
583 : ARGPARSE_s_s (oSecretKeyring, "secret-keyring", "@"),
584 : ARGPARSE_s_n (oShowKeyring, "show-keyring", "@"),
585 : ARGPARSE_s_s (oDefaultKey, "default-key", "@"),
586 :
587 : ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
588 : ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
589 : ARGPARSE_s_s (oImportOptions, "import-options", "@"),
590 : ARGPARSE_s_s (oImportFilter, "import-filter", "@"),
591 : ARGPARSE_s_s (oExportOptions, "export-options", "@"),
592 : ARGPARSE_s_s (oExportFilter, "export-filter", "@"),
593 : ARGPARSE_s_s (oListOptions, "list-options", "@"),
594 : ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
595 :
596 : ARGPARSE_s_s (oDisplayCharset, "display-charset", "@"),
597 : ARGPARSE_s_s (oDisplayCharset, "charset", "@"),
598 : ARGPARSE_s_s (oOptions, "options", "@"),
599 :
600 : ARGPARSE_s_s (oDebug, "debug", "@"),
601 : ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
602 : ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
603 : ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"),
604 : ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
605 : ARGPARSE_s_s (oStatusFile, "status-file", "@"),
606 : ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
607 : ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
608 :
609 : ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
610 : ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
611 : ARGPARSE_s_i (oMaxCertDepth, "max-cert-depth", "@" ),
612 : ARGPARSE_s_s (oTrustedKey, "trusted-key", "@"),
613 :
614 : ARGPARSE_s_s (oLoadExtension, "load-extension", "@"), /* Dummy. */
615 :
616 : ARGPARSE_s_n (oGnuPG, "gnupg", "@"),
617 : ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
618 : ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
619 : ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
620 : ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
621 : ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
622 : ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
623 : ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
624 : ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
625 : ARGPARSE_s_n (oPGP6, "pgp6", "@"),
626 : ARGPARSE_s_n (oPGP7, "pgp7", "@"),
627 : ARGPARSE_s_n (oPGP8, "pgp8", "@"),
628 :
629 : ARGPARSE_s_n (oRFC2440Text, "rfc2440-text", "@"),
630 : ARGPARSE_s_n (oNoRFC2440Text, "no-rfc2440-text", "@"),
631 : ARGPARSE_s_i (oS2KMode, "s2k-mode", "@"),
632 : ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"),
633 : ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"),
634 : ARGPARSE_s_i (oS2KCount, "s2k-count", "@"),
635 : ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
636 : ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
637 : ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
638 : ARGPARSE_s_s (oCompressAlgo,"compress-algo", "@"),
639 : ARGPARSE_s_s (oCompressAlgo, "compression-algo", "@"), /* Alias */
640 : ARGPARSE_s_n (oThrowKeyids, "throw-keyids", "@"),
641 : ARGPARSE_s_n (oNoThrowKeyids, "no-throw-keyids", "@"),
642 : ARGPARSE_s_n (oShowPhotos, "show-photos", "@"),
643 : ARGPARSE_s_n (oNoShowPhotos, "no-show-photos", "@"),
644 : ARGPARSE_s_s (oPhotoViewer, "photo-viewer", "@"),
645 : ARGPARSE_s_s (oSetNotation, "set-notation", "@"),
646 : ARGPARSE_s_s (oSigNotation, "sig-notation", "@"),
647 : ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
648 :
649 : ARGPARSE_group (302, N_(
650 : "@\n(See the man page for a complete listing of all commands and options)\n"
651 : )),
652 :
653 : ARGPARSE_group (303, N_("@\nExamples:\n\n"
654 : " -se -r Bob [file] sign and encrypt for user Bob\n"
655 : " --clearsign [file] make a clear text signature\n"
656 : " --detach-sign [file] make a detached signature\n"
657 : " --list-keys [names] show keys\n"
658 : " --fingerprint [names] show fingerprints\n")),
659 :
660 : /* More hidden commands and options. */
661 : ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
662 : #ifndef NO_TRUST_MODELS
663 : ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
664 : #endif
665 :
666 : /* Not yet used:
667 : ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
668 : ARGPARSE_c (aDeleteSecretAndPublicKeys,
669 : "delete-secret-and-public-keys", "@"),
670 : ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
671 :
672 : ARGPARSE_s_s (oPassphrase, "passphrase", "@"),
673 : ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"),
674 : ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"),
675 : ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
676 : ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"),
677 : ARGPARSE_s_i (oCommandFD, "command-fd", "@"),
678 : ARGPARSE_s_s (oCommandFile, "command-file", "@"),
679 : ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
680 : ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
681 :
682 : #ifndef NO_TRUST_MODELS
683 : ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
684 : ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
685 : ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
686 : ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
687 : #endif
688 :
689 : ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
690 : ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
691 : ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
692 : ARGPARSE_s_n (oNoPermissionWarn, "no-permission-warning", "@"),
693 : ARGPARSE_s_n (oNoMDCWarn, "no-mdc-warning", "@"),
694 : ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
695 : ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
696 : ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
697 : ARGPARSE_s_n (oNoKeyring, "no-keyring", "@"),
698 : ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
699 : ARGPARSE_s_n (oNoOptions, "no-options", "@"),
700 : ARGPARSE_s_s (oHomedir, "homedir", "@"),
701 : ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
702 : ARGPARSE_s_n (oWithColons, "with-colons", "@"),
703 : ARGPARSE_s_n (oWithTofuInfo,"with-tofu-info", "@"),
704 : ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
705 : ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
706 : ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
707 : ARGPARSE_s_n (aListKeys, "list-key", "@"), /* alias */
708 : ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
709 : ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
710 : ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
711 : ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
712 : ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
713 : ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
714 : #ifndef NO_TRUST_MODELS
715 : ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
716 : #endif
717 : ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
718 : ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
719 : ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
720 : ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
721 : ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
722 : ARGPARSE_s_s (oSetPolicyURL, "set-policy-url", "@"),
723 : ARGPARSE_s_s (oSigPolicyURL, "sig-policy-url", "@"),
724 : ARGPARSE_s_s (oCertPolicyURL, "cert-policy-url", "@"),
725 : ARGPARSE_s_n (oShowPolicyURL, "show-policy-url", "@"),
726 : ARGPARSE_s_n (oNoShowPolicyURL, "no-show-policy-url", "@"),
727 : ARGPARSE_s_s (oSigKeyserverURL, "sig-keyserver-url", "@"),
728 : ARGPARSE_s_n (oShowNotation, "show-notation", "@"),
729 : ARGPARSE_s_n (oNoShowNotation, "no-show-notation", "@"),
730 : ARGPARSE_s_s (oComment, "comment", "@"),
731 : ARGPARSE_s_n (oDefaultComment, "default-comment", "@"),
732 : ARGPARSE_s_n (oNoComments, "no-comments", "@"),
733 : ARGPARSE_s_n (oEmitVersion, "emit-version", "@"),
734 : ARGPARSE_s_n (oNoEmitVersion, "no-emit-version", "@"),
735 : ARGPARSE_s_n (oNoEmitVersion, "no-version", "@"), /* alias */
736 : ARGPARSE_s_n (oNotDashEscaped, "not-dash-escaped", "@"),
737 : ARGPARSE_s_n (oEscapeFrom, "escape-from-lines", "@"),
738 : ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
739 : ARGPARSE_s_n (oLockOnce, "lock-once", "@"),
740 : ARGPARSE_s_n (oLockMultiple, "lock-multiple", "@"),
741 : ARGPARSE_s_n (oLockNever, "lock-never", "@"),
742 : ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
743 : ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
744 : ARGPARSE_s_s (oLoggerFile, "logger-file", "@"), /* 1.4 compatibility. */
745 : ARGPARSE_s_n (oUseEmbeddedFilename, "use-embedded-filename", "@"),
746 : ARGPARSE_s_n (oNoUseEmbeddedFilename, "no-use-embedded-filename", "@"),
747 : ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
748 : ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
749 : ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
750 : ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprint", "@"),
751 : ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"),
752 : ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
753 : ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
754 : ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
755 : ARGPARSE_s_n (oWithWKDHash, "with-wkd-hash", "@"),
756 : ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
757 : ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
758 : ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"),
759 : ARGPARSE_s_n (oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", "@"),
760 : ARGPARSE_s_n (oAllowFreeformUID, "allow-freeform-uid", "@"),
761 : ARGPARSE_s_n (oNoAllowFreeformUID, "no-allow-freeform-uid", "@"),
762 : ARGPARSE_s_n (oNoLiteral, "no-literal", "@"),
763 : ARGPARSE_p_u (oSetFilesize, "set-filesize", "@"),
764 : ARGPARSE_s_n (oFastListMode, "fast-list-mode", "@"),
765 : ARGPARSE_s_n (oFixedListMode, "fixed-list-mode", "@"),
766 : ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
767 : ARGPARSE_s_n (oListOnly, "list-only", "@"),
768 : ARGPARSE_s_n (oPrintPKARecords, "print-pka-records", "@"),
769 : ARGPARSE_s_n (oPrintDANERecords, "print-dane-records", "@"),
770 : ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
771 : ARGPARSE_s_n (oIgnoreValidFrom, "ignore-valid-from", "@"),
772 : ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
773 : ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
774 : ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
775 : ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
776 : ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
777 : ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
778 : ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
779 : ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
780 : ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
781 : ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
782 : ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
783 : ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
784 : ARGPARSE_s_n (oNoExpensiveTrustChecks, "no-expensive-trust-checks", "@"),
785 : ARGPARSE_s_n (oPreservePermissions, "preserve-permissions", "@"),
786 : ARGPARSE_s_s (oDefaultPreferenceList, "default-preference-list", "@"),
787 : ARGPARSE_s_s (oDefaultKeyserverURL, "default-keyserver-url", "@"),
788 : ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"),
789 : ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
790 : ARGPARSE_s_s (oPersonalCompressPreferences,
791 : "personal-compress-preferences", "@"),
792 : ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
793 : ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
794 : ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
795 : ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
796 :
797 : /* Aliases. I constantly mistype these, and assume other people do
798 : as well. */
799 : ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"),
800 : ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"),
801 : ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"),
802 :
803 : ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
804 : ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
805 : ARGPARSE_s_s (oDisplay, "display", "@"),
806 : ARGPARSE_s_s (oTTYname, "ttyname", "@"),
807 : ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
808 : ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
809 : ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
810 : ARGPARSE_s_s (oXauthority, "xauthority", "@"),
811 : ARGPARSE_s_s (oGroup, "group", "@"),
812 : ARGPARSE_s_s (oUnGroup, "ungroup", "@"),
813 : ARGPARSE_s_n (oNoGroups, "no-groups", "@"),
814 : ARGPARSE_s_n (oStrict, "strict", "@"),
815 : ARGPARSE_s_n (oNoStrict, "no-strict", "@"),
816 : ARGPARSE_s_n (oMangleDosFilenames, "mangle-dos-filenames", "@"),
817 : ARGPARSE_s_n (oNoMangleDosFilenames, "no-mangle-dos-filenames", "@"),
818 : ARGPARSE_s_n (oEnableProgressFilter, "enable-progress-filter", "@"),
819 : ARGPARSE_s_n (oMultifile, "multifile", "@"),
820 : ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
821 : ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
822 : ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
823 :
824 : ARGPARSE_s_n (oAllowMultisigVerification,
825 : "allow-multisig-verification", "@"),
826 : ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
827 : ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
828 : ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
829 : ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
830 : ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
831 : ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
832 : ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
833 :
834 : /* These two are aliases to help users of the PGP command line
835 : product use gpg with minimal pain. Many commands are common
836 : already as they seem to have borrowed commands from us. Now I'm
837 : returning the favor. */
838 : ARGPARSE_s_s (oLocalUser, "sign-with", "@"),
839 : ARGPARSE_s_s (oRecipient, "user", "@"),
840 :
841 : ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"),
842 : ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"),
843 : ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"),
844 : ARGPARSE_s_n (oNoRequireCrossCert, "no-require-cross-certification", "@"),
845 :
846 : /* New options. Fixme: Should go more to the top. */
847 : ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
848 : ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
849 : ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
850 :
851 : /* Dummy options with warnings. */
852 : ARGPARSE_s_n (oUseAgent, "use-agent", "@"),
853 : ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"),
854 : ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"),
855 : ARGPARSE_s_s (oReaderPort, "reader-port", "@"),
856 : ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"),
857 : ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"),
858 : ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"),
859 : ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
860 : ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
861 :
862 : /* Dummy options. */
863 : ARGPARSE_s_n (oNoop, "sk-comments", "@"),
864 : ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
865 : ARGPARSE_s_n (oNoop, "compress-keys", "@"),
866 : ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
867 : ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
868 : ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
869 : ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
870 : ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
871 :
872 : ARGPARSE_end ()
873 : };
874 :
875 :
876 : /* The list of supported debug flags. */
877 : static struct debug_flags_s debug_flags [] =
878 : {
879 : { DBG_PACKET_VALUE , "packet" },
880 : { DBG_MPI_VALUE , "mpi" },
881 : { DBG_CRYPTO_VALUE , "crypto" },
882 : { DBG_FILTER_VALUE , "filter" },
883 : { DBG_IOBUF_VALUE , "iobuf" },
884 : { DBG_MEMORY_VALUE , "memory" },
885 : { DBG_CACHE_VALUE , "cache" },
886 : { DBG_MEMSTAT_VALUE, "memstat" },
887 : { DBG_TRUST_VALUE , "trust" },
888 : { DBG_HASHING_VALUE, "hashing" },
889 : { DBG_CARD_IO_VALUE, "cardio" },
890 : { DBG_IPC_VALUE , "ipc" },
891 : { DBG_CLOCK_VALUE , "clock" },
892 : { DBG_LOOKUP_VALUE , "lookup" },
893 : { DBG_EXTPROG_VALUE, "extprog" },
894 : { 0, NULL }
895 : };
896 :
897 :
898 : #ifdef ENABLE_SELINUX_HACKS
899 : #define ALWAYS_ADD_KEYRINGS 1
900 : #else
901 : #define ALWAYS_ADD_KEYRINGS 0
902 : #endif
903 :
904 :
905 : int g10_errors_seen = 0;
906 :
907 : static int utf8_strings = 0;
908 : static int maybe_setuid = 1;
909 :
910 : static char *build_list( const char *text, char letter,
911 : const char *(*mapf)(int), int (*chkf)(int) );
912 : static void set_cmd( enum cmd_and_opt_values *ret_cmd,
913 : enum cmd_and_opt_values new_cmd );
914 : static void print_mds( const char *fname, int algo );
915 : static void add_notation_data( const char *string, int which );
916 : static void add_policy_url( const char *string, int which );
917 : static void add_keyserver_url( const char *string, int which );
918 : static void emergency_cleanup (void);
919 :
920 :
921 : static char *
922 1 : make_libversion (const char *libname, const char *(*getfnc)(const char*))
923 : {
924 : const char *s;
925 : char *result;
926 :
927 1 : if (maybe_setuid)
928 : {
929 0 : gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
930 0 : maybe_setuid = 0;
931 : }
932 1 : s = getfnc (NULL);
933 1 : result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
934 1 : strcpy (stpcpy (stpcpy (result, libname), " "), s);
935 1 : return result;
936 : }
937 :
938 :
939 : static int
940 13875 : build_list_pk_test_algo (int algo)
941 : {
942 : /* Show only one "RSA" string. If RSA_E or RSA_S is available RSA
943 : is also available. */
944 13875 : if (algo == PUBKEY_ALGO_RSA_E
945 13750 : || algo == PUBKEY_ALGO_RSA_S)
946 250 : return GPG_ERR_DIGEST_ALGO;
947 :
948 13625 : return openpgp_pk_test_algo (algo);
949 : }
950 :
951 : static const char *
952 750 : build_list_pk_algo_name (int algo)
953 : {
954 750 : return openpgp_pk_algo_name (algo);
955 : }
956 :
957 : static int
958 13875 : build_list_cipher_test_algo (int algo)
959 : {
960 13875 : return openpgp_cipher_test_algo (algo);
961 : }
962 :
963 : static const char *
964 1375 : build_list_cipher_algo_name (int algo)
965 : {
966 1375 : return openpgp_cipher_algo_name (algo);
967 : }
968 :
969 : static int
970 13875 : build_list_md_test_algo (int algo)
971 : {
972 : /* By default we do not accept MD5 based signatures. To avoid
973 : confusion we do not announce support for it either. */
974 13875 : if (algo == DIGEST_ALGO_MD5)
975 125 : return GPG_ERR_DIGEST_ALGO;
976 :
977 13750 : return openpgp_md_test_algo (algo);
978 : }
979 :
980 : static const char *
981 750 : build_list_md_algo_name (int algo)
982 : {
983 750 : return openpgp_md_algo_name (algo);
984 : }
985 :
986 :
987 : static const char *
988 470 : my_strusage( int level )
989 : {
990 : static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry;
991 : const char *p;
992 :
993 470 : switch( level ) {
994 1 : case 11: p = "@GPG@ (@GNUPG@)";
995 1 : break;
996 444 : case 13: p = VERSION; break;
997 0 : case 17: p = PRINTABLE_OS_NAME; break;
998 0 : case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
999 :
1000 : case 20:
1001 1 : if (!ver_gcry)
1002 1 : ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
1003 1 : p = ver_gcry;
1004 1 : break;
1005 :
1006 : #ifdef IS_DEVELOPMENT_VERSION
1007 : case 25:
1008 : p="NOTE: THIS IS A DEVELOPMENT VERSION!";
1009 : break;
1010 : case 26:
1011 : p="It is only intended for test purposes and should NOT be";
1012 : break;
1013 : case 27:
1014 : p="used in a production environment or with production keys!";
1015 : break;
1016 : #endif
1017 :
1018 : case 1:
1019 0 : case 40: p =
1020 : _("Usage: @GPG@ [options] [files] (-h for help)");
1021 0 : break;
1022 0 : case 41: p =
1023 : _("Syntax: @GPG@ [options] [files]\n"
1024 : "Sign, check, encrypt or decrypt\n"
1025 : "Default operation depends on the input data\n");
1026 0 : break;
1027 :
1028 1 : case 31: p = "\nHome: "; break;
1029 : #ifndef __riscos__
1030 1 : case 32: p = gnupg_homedir (); break;
1031 : #else /* __riscos__ */
1032 : case 32: p = make_filename(gnupg_homedir (), NULL); break;
1033 : #endif /* __riscos__ */
1034 1 : case 33: p = _("\nSupported algorithms:\n"); break;
1035 : case 34:
1036 1 : if (!pubkeys)
1037 1 : pubkeys = build_list (_("Pubkey: "), 1,
1038 : build_list_pk_algo_name,
1039 : build_list_pk_test_algo );
1040 1 : p = pubkeys;
1041 1 : break;
1042 : case 35:
1043 1 : if( !ciphers )
1044 1 : ciphers = build_list(_("Cipher: "), 'S',
1045 : build_list_cipher_algo_name,
1046 : build_list_cipher_test_algo );
1047 1 : p = ciphers;
1048 1 : break;
1049 : case 36:
1050 1 : if( !digests )
1051 1 : digests = build_list(_("Hash: "), 'H',
1052 : build_list_md_algo_name,
1053 : build_list_md_test_algo );
1054 1 : p = digests;
1055 1 : break;
1056 : case 37:
1057 1 : if( !zips )
1058 1 : zips = build_list(_("Compression: "),'Z',
1059 : compress_algo_to_string,
1060 : check_compress_algo);
1061 1 : p = zips;
1062 1 : break;
1063 :
1064 17 : default: p = NULL;
1065 : }
1066 470 : return p;
1067 : }
1068 :
1069 :
1070 : static char *
1071 4 : build_list (const char *text, char letter,
1072 : const char * (*mapf)(int), int (*chkf)(int))
1073 : {
1074 : membuf_t mb;
1075 : int indent;
1076 : int i, j, len;
1077 : const char *s;
1078 : char *string;
1079 :
1080 4 : if (maybe_setuid)
1081 0 : gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
1082 :
1083 4 : indent = utf8_charcount (text, -1);
1084 4 : len = 0;
1085 4 : init_membuf (&mb, 512);
1086 :
1087 448 : for (i=0; i <= 110; i++ )
1088 : {
1089 444 : if (!chkf (i) && (s = mapf (i)))
1090 : {
1091 27 : if (mb.len - len > 60)
1092 : {
1093 1 : put_membuf_str (&mb, ",\n");
1094 1 : len = mb.len;
1095 9 : for (j=0; j < indent; j++)
1096 8 : put_membuf_str (&mb, " ");
1097 : }
1098 26 : else if (mb.len)
1099 22 : put_membuf_str (&mb, ", ");
1100 : else
1101 4 : put_membuf_str (&mb, text);
1102 :
1103 27 : put_membuf_str (&mb, s);
1104 27 : if (opt.verbose && letter)
1105 : {
1106 : char num[20];
1107 0 : if (letter == 1)
1108 0 : snprintf (num, sizeof num, " (%d)", i);
1109 : else
1110 0 : snprintf (num, sizeof num, " (%c%d)", letter, i);
1111 0 : put_membuf_str (&mb, num);
1112 : }
1113 : }
1114 : }
1115 4 : if (mb.len)
1116 4 : put_membuf_str (&mb, "\n");
1117 4 : put_membuf (&mb, "", 1);
1118 :
1119 4 : string = get_membuf (&mb, NULL);
1120 4 : return xrealloc (string, strlen (string)+1);
1121 : }
1122 :
1123 :
1124 : static void
1125 0 : wrong_args( const char *text)
1126 : {
1127 0 : es_fprintf (es_stderr, _("usage: %s [options] %s\n"), GPG_NAME, text);
1128 0 : g10_exit(2);
1129 : }
1130 :
1131 :
1132 : static char *
1133 0 : make_username( const char *string )
1134 : {
1135 : char *p;
1136 0 : if( utf8_strings )
1137 0 : p = xstrdup(string);
1138 : else
1139 0 : p = native_to_utf8( string );
1140 0 : return p;
1141 : }
1142 :
1143 :
1144 : static void
1145 0 : set_opt_session_env (const char *name, const char *value)
1146 : {
1147 : gpg_error_t err;
1148 :
1149 0 : err = session_env_setenv (opt.session_env, name, value);
1150 0 : if (err)
1151 0 : log_fatal ("error setting session environment: %s\n",
1152 : gpg_strerror (err));
1153 0 : }
1154 :
1155 :
1156 : /* Setup the debugging. With a LEVEL of NULL only the active debug
1157 : flags are propagated to the subsystems. With LEVEL set, a specific
1158 : set of debug flags is set; thus overriding all flags already
1159 : set. */
1160 : static void
1161 1702 : set_debug (const char *level)
1162 : {
1163 1702 : int numok = (level && digitp (level));
1164 1702 : int numlvl = numok? atoi (level) : 0;
1165 :
1166 1702 : if (!level)
1167 : ;
1168 0 : else if (!strcmp (level, "none") || (numok && numlvl < 1))
1169 0 : opt.debug = 0;
1170 0 : else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
1171 0 : opt.debug = DBG_MEMSTAT_VALUE;
1172 0 : else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
1173 0 : opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
1174 0 : else if (!strcmp (level, "expert") || (numok && numlvl <= 8))
1175 0 : opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
1176 0 : |DBG_CACHE_VALUE|DBG_LOOKUP|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
1177 0 : else if (!strcmp (level, "guru") || numok)
1178 : {
1179 0 : opt.debug = ~0;
1180 : /* Unless the "guru" string has been used we don't want to allow
1181 : hashing debugging. The rationale is that people tend to
1182 : select the highest debug value and would then clutter their
1183 : disk with debug files which may reveal confidential data. */
1184 0 : if (numok)
1185 0 : opt.debug &= ~(DBG_HASHING_VALUE);
1186 : }
1187 : else
1188 : {
1189 0 : log_error (_("invalid debug-level '%s' given\n"), level);
1190 0 : g10_exit (2);
1191 : }
1192 :
1193 1702 : if (opt.debug & DBG_MEMORY_VALUE )
1194 0 : memory_debug_mode = 1;
1195 1702 : if (opt.debug & DBG_MEMSTAT_VALUE )
1196 0 : memory_stat_debug_mode = 1;
1197 1702 : if (opt.debug & DBG_MPI_VALUE)
1198 0 : gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
1199 1702 : if (opt.debug & DBG_CRYPTO_VALUE )
1200 0 : gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
1201 1702 : if (opt.debug & DBG_IOBUF_VALUE )
1202 0 : iobuf_debug_mode = 1;
1203 1702 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
1204 :
1205 1702 : if (opt.debug)
1206 0 : parse_debug_flag (NULL, &opt.debug, debug_flags);
1207 1702 : }
1208 :
1209 :
1210 : /* We set the screen dimensions for UI purposes. Do not allow screens
1211 : smaller than 80x24 for the sake of simplicity. */
1212 : static void
1213 1827 : set_screen_dimensions(void)
1214 : {
1215 : #ifndef HAVE_W32_SYSTEM
1216 : char *str;
1217 :
1218 1827 : str=getenv("COLUMNS");
1219 1827 : if(str)
1220 0 : opt.screen_columns=atoi(str);
1221 :
1222 1827 : str=getenv("LINES");
1223 1827 : if(str)
1224 0 : opt.screen_lines=atoi(str);
1225 : #endif
1226 :
1227 1827 : if(opt.screen_columns<80 || opt.screen_columns>255)
1228 1827 : opt.screen_columns=80;
1229 :
1230 1827 : if(opt.screen_lines<24 || opt.screen_lines>255)
1231 1827 : opt.screen_lines=24;
1232 1827 : }
1233 :
1234 :
1235 : /* Helper to open a file FNAME either for reading or writing to be
1236 : used with --status-file etc functions. Not generally useful but it
1237 : avoids the riscos specific functions and well some Windows people
1238 : might like it too. Prints an error message and returns -1 on
1239 : error. On success the file descriptor is returned. */
1240 : static int
1241 9 : open_info_file (const char *fname, int for_write, int binary)
1242 : {
1243 : #ifdef __riscos__
1244 : return riscos_fdopenfile (fname, for_write);
1245 : #elif defined (ENABLE_SELINUX_HACKS)
1246 : /* We can't allow these even when testing for a secured filename
1247 : because files to be secured might not yet been secured. This is
1248 : similar to the option file but in that case it is unlikely that
1249 : sensitive information may be retrieved by means of error
1250 : messages. */
1251 : (void)fname;
1252 : (void)for_write;
1253 : (void)binary;
1254 : return -1;
1255 : #else
1256 : int fd;
1257 :
1258 9 : if (binary)
1259 9 : binary = MY_O_BINARY;
1260 :
1261 : /* if (is_secured_filename (fname)) */
1262 : /* { */
1263 : /* fd = -1; */
1264 : /* gpg_err_set_errno (EPERM); */
1265 : /* } */
1266 : /* else */
1267 : /* { */
1268 : do
1269 : {
1270 9 : if (for_write)
1271 0 : fd = open (fname, O_CREAT | O_TRUNC | O_WRONLY | binary,
1272 : S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
1273 : else
1274 9 : fd = open (fname, O_RDONLY | binary);
1275 : }
1276 9 : while (fd == -1 && errno == EINTR);
1277 : /* } */
1278 9 : if ( fd == -1)
1279 0 : log_error ( for_write? _("can't create '%s': %s\n")
1280 0 : : _("can't open '%s': %s\n"), fname, strerror(errno));
1281 :
1282 9 : return fd;
1283 : #endif
1284 : }
1285 :
1286 : static void
1287 1203 : set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
1288 : {
1289 1203 : enum cmd_and_opt_values cmd = *ret_cmd;
1290 :
1291 1203 : if( !cmd || cmd == new_cmd )
1292 1167 : cmd = new_cmd;
1293 36 : else if( cmd == aSign && new_cmd == aEncr )
1294 26 : cmd = aSignEncr;
1295 10 : else if( cmd == aEncr && new_cmd == aSign )
1296 2 : cmd = aSignEncr;
1297 8 : else if( cmd == aSign && new_cmd == aSym )
1298 0 : cmd = aSignSym;
1299 8 : else if( cmd == aSym && new_cmd == aSign )
1300 7 : cmd = aSignSym;
1301 1 : else if( cmd == aSym && new_cmd == aEncr )
1302 0 : cmd = aEncrSym;
1303 1 : else if( cmd == aEncr && new_cmd == aSym )
1304 0 : cmd = aEncrSym;
1305 1 : else if (cmd == aSignEncr && new_cmd == aSym)
1306 1 : cmd = aSignEncrSym;
1307 0 : else if (cmd == aSignSym && new_cmd == aEncr)
1308 0 : cmd = aSignEncrSym;
1309 0 : else if (cmd == aEncrSym && new_cmd == aSign)
1310 0 : cmd = aSignEncrSym;
1311 0 : else if( ( cmd == aSign && new_cmd == aClearsign )
1312 0 : || ( cmd == aClearsign && new_cmd == aSign ) )
1313 0 : cmd = aClearsign;
1314 : else {
1315 0 : log_error(_("conflicting commands\n"));
1316 0 : g10_exit(2);
1317 : }
1318 :
1319 1203 : *ret_cmd = cmd;
1320 1203 : }
1321 :
1322 :
1323 : static void
1324 1125 : add_group(char *string)
1325 : {
1326 : char *name,*value;
1327 : struct groupitem *item;
1328 :
1329 : /* Break off the group name */
1330 1125 : name=strsep(&string,"=");
1331 1125 : if(string==NULL)
1332 : {
1333 0 : log_error(_("no = sign found in group definition '%s'\n"),name);
1334 1125 : return;
1335 : }
1336 :
1337 1125 : trim_trailing_ws(name,strlen(name));
1338 :
1339 : /* Does this group already exist? */
1340 1125 : for(item=opt.grouplist;item;item=item->next)
1341 750 : if(strcasecmp(item->name,name)==0)
1342 750 : break;
1343 :
1344 1125 : if(!item)
1345 : {
1346 375 : item=xmalloc(sizeof(struct groupitem));
1347 375 : item->name=name;
1348 375 : item->next=opt.grouplist;
1349 375 : item->values=NULL;
1350 375 : opt.grouplist=item;
1351 : }
1352 :
1353 : /* Break apart the values */
1354 3375 : while ((value= strsep(&string," \t")))
1355 : {
1356 1125 : if (*value)
1357 1125 : add_to_strlist2(&item->values,value,utf8_strings);
1358 : }
1359 : }
1360 :
1361 :
1362 : static void
1363 0 : rm_group(char *name)
1364 : {
1365 0 : struct groupitem *item,*last=NULL;
1366 :
1367 0 : trim_trailing_ws(name,strlen(name));
1368 :
1369 0 : for(item=opt.grouplist;item;last=item,item=item->next)
1370 : {
1371 0 : if(strcasecmp(item->name,name)==0)
1372 : {
1373 0 : if(last)
1374 0 : last->next=item->next;
1375 : else
1376 0 : opt.grouplist=item->next;
1377 :
1378 0 : free_strlist(item->values);
1379 0 : xfree(item);
1380 0 : break;
1381 : }
1382 : }
1383 0 : }
1384 :
1385 :
1386 : /* We need to check three things.
1387 :
1388 : 0) The homedir. It must be x00, a directory, and owned by the
1389 : user.
1390 :
1391 : 1) The options/gpg.conf file. Okay unless it or its containing
1392 : directory is group or other writable or not owned by us. Disable
1393 : exec in this case.
1394 :
1395 : 2) Extensions. Same as #1.
1396 :
1397 : Returns true if the item is unsafe. */
1398 : static int
1399 3406 : check_permissions (const char *path, int item)
1400 : {
1401 : #if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
1402 : static int homedir_cache=-1;
1403 : char *tmppath,*dir;
1404 : struct stat statbuf,dirbuf;
1405 3406 : int homedir=0,ret=0,checkonly=0;
1406 3406 : int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
1407 :
1408 3406 : if(opt.no_perm_warn)
1409 3340 : return 0;
1410 :
1411 66 : log_assert(item==0 || item==1 || item==2);
1412 :
1413 : /* extensions may attach a path */
1414 66 : if(item==2 && path[0]!=DIRSEP_C)
1415 : {
1416 0 : if(strchr(path,DIRSEP_C))
1417 0 : tmppath=make_filename(path,NULL);
1418 : else
1419 0 : tmppath=make_filename(gnupg_libdir (),path,NULL);
1420 : }
1421 : else
1422 66 : tmppath=xstrdup(path);
1423 :
1424 : /* If the item is located in the homedir, but isn't the homedir,
1425 : don't continue if we already checked the homedir itself. This is
1426 : to avoid user confusion with an extra options file warning which
1427 : could be rectified if the homedir itself had proper
1428 : permissions. */
1429 66 : if(item!=0 && homedir_cache>-1
1430 33 : && !ascii_strncasecmp (gnupg_homedir (), tmppath,
1431 : strlen (gnupg_homedir ())))
1432 : {
1433 33 : ret=homedir_cache;
1434 33 : goto end;
1435 : }
1436 :
1437 : /* It's okay if the file or directory doesn't exist */
1438 33 : if(stat(tmppath,&statbuf)!=0)
1439 : {
1440 0 : ret=0;
1441 0 : goto end;
1442 : }
1443 :
1444 : /* Now check the enclosing directory. Theoretically, we could walk
1445 : this test up to the root directory /, but for the sake of sanity,
1446 : I'm stopping at one level down. */
1447 33 : dir=make_dirname(tmppath);
1448 :
1449 33 : if(stat(dir,&dirbuf)!=0 || !S_ISDIR(dirbuf.st_mode))
1450 : {
1451 : /* Weird error */
1452 0 : ret=1;
1453 0 : goto end;
1454 : }
1455 :
1456 33 : xfree(dir);
1457 :
1458 : /* Assume failure */
1459 33 : ret=1;
1460 :
1461 33 : if(item==0)
1462 : {
1463 : /* The homedir must be x00, a directory, and owned by the user. */
1464 :
1465 33 : if(S_ISDIR(statbuf.st_mode))
1466 : {
1467 33 : if(statbuf.st_uid==getuid())
1468 : {
1469 33 : if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1470 33 : ret=0;
1471 : else
1472 0 : perm=1;
1473 : }
1474 : else
1475 0 : own=1;
1476 :
1477 33 : homedir_cache=ret;
1478 : }
1479 : }
1480 0 : else if(item==1 || item==2)
1481 : {
1482 : /* The options or extension file. Okay unless it or its
1483 : containing directory is group or other writable or not owned
1484 : by us or root. */
1485 :
1486 0 : if(S_ISREG(statbuf.st_mode))
1487 : {
1488 0 : if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
1489 : {
1490 0 : if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1491 : {
1492 : /* it's not writable, so make sure the enclosing
1493 : directory is also not writable */
1494 0 : if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1495 : {
1496 0 : if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1497 0 : ret=0;
1498 : else
1499 0 : enc_dir_perm=1;
1500 : }
1501 : else
1502 0 : enc_dir_own=1;
1503 : }
1504 : else
1505 : {
1506 : /* it's writable, so the enclosing directory had
1507 : better not let people get to it. */
1508 0 : if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1509 : {
1510 0 : if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1511 0 : ret=0;
1512 : else
1513 0 : perm=enc_dir_perm=1; /* unclear which one to fix! */
1514 : }
1515 : else
1516 0 : enc_dir_own=1;
1517 : }
1518 : }
1519 : else
1520 0 : own=1;
1521 : }
1522 : }
1523 : else
1524 0 : BUG();
1525 :
1526 33 : if(!checkonly)
1527 : {
1528 33 : if(own)
1529 : {
1530 0 : if(item==0)
1531 0 : log_info(_("WARNING: unsafe ownership on"
1532 : " homedir '%s'\n"),tmppath);
1533 0 : else if(item==1)
1534 0 : log_info(_("WARNING: unsafe ownership on"
1535 : " configuration file '%s'\n"),tmppath);
1536 : else
1537 0 : log_info(_("WARNING: unsafe ownership on"
1538 : " extension '%s'\n"),tmppath);
1539 : }
1540 33 : if(perm)
1541 : {
1542 0 : if(item==0)
1543 0 : log_info(_("WARNING: unsafe permissions on"
1544 : " homedir '%s'\n"),tmppath);
1545 0 : else if(item==1)
1546 0 : log_info(_("WARNING: unsafe permissions on"
1547 : " configuration file '%s'\n"),tmppath);
1548 : else
1549 0 : log_info(_("WARNING: unsafe permissions on"
1550 : " extension '%s'\n"),tmppath);
1551 : }
1552 33 : if(enc_dir_own)
1553 : {
1554 0 : if(item==0)
1555 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1556 : " homedir '%s'\n"),tmppath);
1557 0 : else if(item==1)
1558 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1559 : " configuration file '%s'\n"),tmppath);
1560 : else
1561 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1562 : " extension '%s'\n"),tmppath);
1563 : }
1564 33 : if(enc_dir_perm)
1565 : {
1566 0 : if(item==0)
1567 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1568 : " homedir '%s'\n"),tmppath);
1569 0 : else if(item==1)
1570 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1571 : " configuration file '%s'\n"),tmppath);
1572 : else
1573 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1574 : " extension '%s'\n"),tmppath);
1575 : }
1576 : }
1577 :
1578 : end:
1579 66 : xfree(tmppath);
1580 :
1581 66 : if(homedir)
1582 0 : homedir_cache=ret;
1583 :
1584 66 : return ret;
1585 :
1586 : #else /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
1587 : (void)path;
1588 : (void)item;
1589 : return 0;
1590 : #endif /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
1591 : }
1592 :
1593 :
1594 : /* Print the OpenPGP defined algo numbers. */
1595 : static void
1596 0 : print_algo_numbers(int (*checker)(int))
1597 : {
1598 0 : int i,first=1;
1599 :
1600 0 : for(i=0;i<=110;i++)
1601 : {
1602 0 : if(!checker(i))
1603 : {
1604 0 : if(first)
1605 0 : first=0;
1606 : else
1607 0 : es_printf (";");
1608 0 : es_printf ("%d",i);
1609 : }
1610 : }
1611 0 : }
1612 :
1613 :
1614 : static void
1615 372 : print_algo_names(int (*checker)(int),const char *(*mapper)(int))
1616 : {
1617 372 : int i,first=1;
1618 :
1619 41664 : for(i=0;i<=110;i++)
1620 : {
1621 41292 : if(!checker(i))
1622 : {
1623 2852 : if(first)
1624 372 : first=0;
1625 : else
1626 2480 : es_printf (";");
1627 2852 : es_printf ("%s",mapper(i));
1628 : }
1629 : }
1630 372 : }
1631 :
1632 : /* In the future, we can do all sorts of interesting configuration
1633 : output here. For now, just give "group" as the Enigmail folks need
1634 : it, and pubkey, cipher, hash, and compress as they may be useful
1635 : for frontends. */
1636 : static void
1637 373 : list_config(char *items)
1638 : {
1639 373 : int show_all = !items;
1640 373 : char *name = NULL;
1641 : const char *s;
1642 : struct groupitem *giter;
1643 : int first, iter;
1644 :
1645 373 : if(!opt.with_colons)
1646 374 : return;
1647 :
1648 1116 : while(show_all || (name=strsep(&items," ")))
1649 : {
1650 372 : int any=0;
1651 :
1652 372 : if(show_all || ascii_strcasecmp(name,"group")==0)
1653 : {
1654 0 : for (giter = opt.grouplist; giter; giter = giter->next)
1655 : {
1656 : strlist_t sl;
1657 :
1658 0 : es_fprintf (es_stdout, "cfg:group:");
1659 0 : es_write_sanitized (es_stdout, giter->name, strlen(giter->name),
1660 : ":", NULL);
1661 0 : es_putc (':', es_stdout);
1662 :
1663 0 : for(sl=giter->values; sl; sl=sl->next)
1664 : {
1665 0 : es_write_sanitized (es_stdout, sl->d, strlen (sl->d),
1666 : ":;", NULL);
1667 0 : if(sl->next)
1668 0 : es_printf(";");
1669 : }
1670 :
1671 0 : es_printf("\n");
1672 : }
1673 :
1674 0 : any=1;
1675 : }
1676 :
1677 372 : if(show_all || ascii_strcasecmp(name,"version")==0)
1678 : {
1679 0 : es_printf("cfg:version:");
1680 0 : es_write_sanitized (es_stdout, VERSION, strlen(VERSION), ":", NULL);
1681 0 : es_printf ("\n");
1682 0 : any=1;
1683 : }
1684 :
1685 372 : if(show_all || ascii_strcasecmp(name,"pubkey")==0)
1686 : {
1687 0 : es_printf ("cfg:pubkey:");
1688 0 : print_algo_numbers (build_list_pk_test_algo);
1689 0 : es_printf ("\n");
1690 0 : any=1;
1691 : }
1692 :
1693 372 : if(show_all || ascii_strcasecmp(name,"pubkeyname")==0)
1694 : {
1695 124 : es_printf ("cfg:pubkeyname:");
1696 124 : print_algo_names (build_list_pk_test_algo,
1697 : build_list_pk_algo_name);
1698 124 : es_printf ("\n");
1699 124 : any=1;
1700 : }
1701 :
1702 372 : if(show_all || ascii_strcasecmp(name,"cipher")==0)
1703 : {
1704 0 : es_printf ("cfg:cipher:");
1705 0 : print_algo_numbers (build_list_cipher_test_algo);
1706 0 : es_printf ("\n");
1707 0 : any=1;
1708 : }
1709 :
1710 372 : if (show_all || !ascii_strcasecmp (name,"ciphername"))
1711 : {
1712 124 : es_printf ("cfg:ciphername:");
1713 124 : print_algo_names (build_list_cipher_test_algo,
1714 : build_list_cipher_algo_name);
1715 124 : es_printf ("\n");
1716 124 : any = 1;
1717 : }
1718 :
1719 372 : if(show_all
1720 372 : || ascii_strcasecmp(name,"digest")==0
1721 372 : || ascii_strcasecmp(name,"hash")==0)
1722 : {
1723 0 : es_printf ("cfg:digest:");
1724 0 : print_algo_numbers (build_list_md_test_algo);
1725 0 : es_printf ("\n");
1726 0 : any=1;
1727 : }
1728 :
1729 372 : if (show_all
1730 372 : || !ascii_strcasecmp(name,"digestname")
1731 248 : || !ascii_strcasecmp(name,"hashname"))
1732 : {
1733 124 : es_printf ("cfg:digestname:");
1734 124 : print_algo_names (build_list_md_test_algo,
1735 : build_list_md_algo_name);
1736 124 : es_printf ("\n");
1737 124 : any=1;
1738 : }
1739 :
1740 372 : if(show_all || ascii_strcasecmp(name,"compress")==0)
1741 : {
1742 0 : es_printf ("cfg:compress:");
1743 0 : print_algo_numbers(check_compress_algo);
1744 0 : es_printf ("\n");
1745 0 : any=1;
1746 : }
1747 :
1748 372 : if (show_all || !ascii_strcasecmp(name,"ccid-reader-id"))
1749 : {
1750 : /* We ignore this for GnuPG 1.4 backward compatibility. */
1751 0 : any=1;
1752 : }
1753 :
1754 372 : if (show_all || !ascii_strcasecmp (name,"curve"))
1755 : {
1756 0 : es_printf ("cfg:curve:");
1757 0 : for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first=0)
1758 0 : es_printf ("%s%s", first?"":";", s);
1759 0 : es_printf ("\n");
1760 0 : any=1;
1761 : }
1762 :
1763 : /* Curve OIDs are rarely useful and thus only printed if requested. */
1764 372 : if (name && !ascii_strcasecmp (name,"curveoid"))
1765 : {
1766 0 : es_printf ("cfg:curveoid:");
1767 0 : for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first = 0)
1768 : {
1769 0 : s = openpgp_curve_to_oid (s, NULL);
1770 0 : es_printf ("%s%s", first?"":";", s? s:"[?]");
1771 : }
1772 0 : es_printf ("\n");
1773 0 : any=1;
1774 : }
1775 :
1776 372 : if(show_all)
1777 0 : break;
1778 :
1779 372 : if(!any)
1780 0 : log_error(_("unknown configuration item '%s'\n"),name);
1781 : }
1782 : }
1783 :
1784 :
1785 : /* List options and default values in the GPG Conf format. This is a
1786 : new tool distributed with gnupg 1.9.x but we also want some limited
1787 : support in older gpg versions. The output is the name of the
1788 : configuration file and a list of options available for editing by
1789 : gpgconf. */
1790 : static void
1791 0 : gpgconf_list (const char *configfile)
1792 : {
1793 0 : char *configfile_esc = percent_escape (configfile, NULL);
1794 :
1795 0 : es_printf ("%s-%s.conf:%lu:\"%s\n",
1796 : GPGCONF_NAME, GPG_NAME,
1797 : GC_OPT_FLAG_DEFAULT,
1798 : configfile_esc ? configfile_esc : "/dev/null");
1799 0 : es_printf ("verbose:%lu:\n", GC_OPT_FLAG_NONE);
1800 0 : es_printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
1801 0 : es_printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
1802 0 : es_printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
1803 0 : es_printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE);
1804 0 : es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
1805 0 : es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
1806 0 : es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
1807 0 : es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
1808 0 : es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
1809 0 : es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
1810 :
1811 : /* The next one is an info only item and should match the macros at
1812 : the top of keygen.c */
1813 0 : es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
1814 : "RSA-2048");
1815 :
1816 0 : xfree (configfile_esc);
1817 0 : }
1818 :
1819 :
1820 : static int
1821 0 : parse_subpacket_list(char *list)
1822 : {
1823 : char *tok;
1824 : byte subpackets[128],i;
1825 0 : int count=0;
1826 :
1827 0 : if(!list)
1828 : {
1829 : /* No arguments means all subpackets */
1830 0 : memset(subpackets+1,1,sizeof(subpackets)-1);
1831 0 : count=127;
1832 : }
1833 : else
1834 : {
1835 0 : memset(subpackets,0,sizeof(subpackets));
1836 :
1837 : /* Merge with earlier copy */
1838 0 : if(opt.show_subpackets)
1839 : {
1840 : byte *in;
1841 :
1842 0 : for(in=opt.show_subpackets;*in;in++)
1843 : {
1844 0 : if(*in>127 || *in<1)
1845 0 : BUG();
1846 :
1847 0 : if(!subpackets[*in])
1848 0 : count++;
1849 0 : subpackets[*in]=1;
1850 : }
1851 : }
1852 :
1853 0 : while((tok=strsep(&list," ,")))
1854 : {
1855 0 : if(!*tok)
1856 0 : continue;
1857 :
1858 0 : i=atoi(tok);
1859 0 : if(i>127 || i<1)
1860 0 : return 0;
1861 :
1862 0 : if(!subpackets[i])
1863 0 : count++;
1864 0 : subpackets[i]=1;
1865 : }
1866 : }
1867 :
1868 0 : xfree(opt.show_subpackets);
1869 0 : opt.show_subpackets=xmalloc(count+1);
1870 0 : opt.show_subpackets[count--]=0;
1871 :
1872 0 : for(i=1;i<128 && count>=0;i++)
1873 0 : if(subpackets[i])
1874 0 : opt.show_subpackets[count--]=i;
1875 :
1876 0 : return 1;
1877 : }
1878 :
1879 :
1880 : static int
1881 0 : parse_list_options(char *str)
1882 : {
1883 0 : char *subpackets=""; /* something that isn't NULL */
1884 0 : struct parse_options lopts[]=
1885 : {
1886 : {"show-photos",LIST_SHOW_PHOTOS,NULL,
1887 : N_("display photo IDs during key listings")},
1888 : {"show-usage",LIST_SHOW_USAGE,NULL,
1889 : N_("show key usage information during key listings")},
1890 : {"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
1891 : N_("show policy URLs during signature listings")},
1892 : {"show-notations",LIST_SHOW_NOTATIONS,NULL,
1893 : N_("show all notations during signature listings")},
1894 : {"show-std-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1895 : N_("show IETF standard notations during signature listings")},
1896 : {"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1897 : NULL},
1898 : {"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
1899 : N_("show user-supplied notations during signature listings")},
1900 : {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
1901 : N_("show preferred keyserver URLs during signature listings")},
1902 : {"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,
1903 : N_("show user ID validity during key listings")},
1904 : {"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL,
1905 : N_("show revoked and expired user IDs in key listings")},
1906 : {"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
1907 : N_("show revoked and expired subkeys in key listings")},
1908 : {"show-keyring",LIST_SHOW_KEYRING,NULL,
1909 : N_("show the keyring name in key listings")},
1910 : {"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
1911 : N_("show expiration dates during signature listings")},
1912 : {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,NULL,
1913 : NULL},
1914 : {NULL,0,NULL,NULL}
1915 : };
1916 :
1917 : /* C99 allows for non-constant initializers, but we'd like to
1918 : compile everywhere, so fill in the show-sig-subpackets argument
1919 : here. Note that if the parse_options array changes, we'll have
1920 : to change the subscript here. */
1921 0 : lopts[13].value=&subpackets;
1922 :
1923 0 : if(parse_options(str,&opt.list_options,lopts,1))
1924 : {
1925 0 : if(opt.list_options&LIST_SHOW_SIG_SUBPACKETS)
1926 : {
1927 : /* Unset so users can pass multiple lists in. */
1928 0 : opt.list_options&=~LIST_SHOW_SIG_SUBPACKETS;
1929 0 : if(!parse_subpacket_list(subpackets))
1930 0 : return 0;
1931 : }
1932 0 : else if(subpackets==NULL && opt.show_subpackets)
1933 : {
1934 : /* User did 'no-show-subpackets' */
1935 0 : xfree(opt.show_subpackets);
1936 0 : opt.show_subpackets=NULL;
1937 : }
1938 :
1939 0 : return 1;
1940 : }
1941 : else
1942 0 : return 0;
1943 : }
1944 :
1945 :
1946 : /* Collapses argc/argv into a single string that must be freed */
1947 : static char *
1948 373 : collapse_args(int argc,char *argv[])
1949 : {
1950 373 : char *str=NULL;
1951 373 : int i,first=1,len=0;
1952 :
1953 745 : for(i=0;i<argc;i++)
1954 : {
1955 372 : len+=strlen(argv[i])+2;
1956 372 : str=xrealloc(str,len);
1957 372 : if(first)
1958 : {
1959 372 : str[0]='\0';
1960 372 : first=0;
1961 : }
1962 : else
1963 0 : strcat(str," ");
1964 :
1965 372 : strcat(str,argv[i]);
1966 : }
1967 :
1968 373 : return str;
1969 : }
1970 :
1971 :
1972 : #ifndef NO_TRUST_MODELS
1973 : static void
1974 49 : parse_trust_model(const char *model)
1975 : {
1976 49 : if(ascii_strcasecmp(model,"pgp")==0)
1977 0 : opt.trust_model=TM_PGP;
1978 49 : else if(ascii_strcasecmp(model,"classic")==0)
1979 0 : opt.trust_model=TM_CLASSIC;
1980 49 : else if(ascii_strcasecmp(model,"always")==0)
1981 0 : opt.trust_model=TM_ALWAYS;
1982 49 : else if(ascii_strcasecmp(model,"direct")==0)
1983 0 : opt.trust_model=TM_DIRECT;
1984 : #ifdef USE_TOFU
1985 49 : else if(ascii_strcasecmp(model,"tofu")==0)
1986 49 : opt.trust_model=TM_TOFU;
1987 0 : else if(ascii_strcasecmp(model,"tofu+pgp")==0)
1988 0 : opt.trust_model=TM_TOFU_PGP;
1989 : #endif /*USE_TOFU*/
1990 0 : else if(ascii_strcasecmp(model,"auto")==0)
1991 0 : opt.trust_model=TM_AUTO;
1992 : else
1993 0 : log_error("unknown trust model '%s'\n",model);
1994 49 : }
1995 : #endif /*NO_TRUST_MODELS*/
1996 :
1997 :
1998 : static int
1999 37 : parse_tofu_policy (const char *policystr)
2000 : {
2001 : #ifdef USE_TOFU
2002 37 : struct { const char *keyword; int policy; } list[] = {
2003 : { "auto", TOFU_POLICY_AUTO },
2004 : { "good", TOFU_POLICY_GOOD },
2005 : { "unknown", TOFU_POLICY_UNKNOWN },
2006 : { "bad", TOFU_POLICY_BAD },
2007 : { "ask", TOFU_POLICY_ASK }
2008 : };
2009 : int i;
2010 :
2011 37 : if (!ascii_strcasecmp (policystr, "help"))
2012 : {
2013 0 : log_info (_("available TOFU policies:\n"));
2014 0 : for (i=0; i < DIM (list); i++)
2015 0 : log_info (" %s\n", list[i].keyword);
2016 0 : g10_exit (1);
2017 : }
2018 :
2019 109 : for (i=0; i < DIM (list); i++)
2020 109 : if (!ascii_strcasecmp (policystr, list[i].keyword))
2021 74 : return list[i].policy;
2022 : #endif /*USE_TOFU*/
2023 :
2024 0 : log_error (_("unknown TOFU policy '%s'\n"), policystr);
2025 0 : if (!opt.quiet)
2026 0 : log_info (_("(use \"help\" to list choices)\n"));
2027 0 : g10_exit (1);
2028 : }
2029 :
2030 : /* This function called to initialized a new control object. It is
2031 : assumed that this object has been zeroed out before calling this
2032 : function. */
2033 : static void
2034 1702 : gpg_init_default_ctrl (ctrl_t ctrl)
2035 : {
2036 : (void)ctrl;
2037 1702 : }
2038 :
2039 :
2040 : /* This function is called to deinitialize a control object. It is
2041 : not deallocated. */
2042 : static void
2043 1699 : gpg_deinit_default_ctrl (ctrl_t ctrl)
2044 : {
2045 : #ifdef USE_TOFU
2046 1699 : tofu_closedbs (ctrl);
2047 : #endif
2048 1699 : gpg_dirmngr_deinit_session_data (ctrl);
2049 1699 : }
2050 :
2051 :
2052 : char *
2053 1703 : get_default_configname (void)
2054 : {
2055 1703 : char *configname = NULL;
2056 1703 : char *name = xstrdup (GPG_NAME EXTSEP_S "conf-" SAFE_VERSION);
2057 1703 : char *ver = &name[strlen (GPG_NAME EXTSEP_S "conf-")];
2058 :
2059 : do
2060 : {
2061 6437 : if (configname)
2062 : {
2063 : char *tok;
2064 :
2065 4734 : xfree (configname);
2066 4734 : configname = NULL;
2067 :
2068 4734 : if ((tok = strrchr (ver, SAFE_VERSION_DASH)))
2069 0 : *tok='\0';
2070 4734 : else if ((tok = strrchr (ver, SAFE_VERSION_DOT)))
2071 3406 : *tok='\0';
2072 : else
2073 1328 : break;
2074 : }
2075 :
2076 5109 : configname = make_filename (gnupg_homedir (), name, NULL);
2077 : }
2078 5109 : while (access (configname, R_OK));
2079 :
2080 1703 : xfree(name);
2081 :
2082 1703 : if (! configname)
2083 1328 : configname = make_filename (gnupg_homedir (),
2084 : GPG_NAME EXTSEP_S "conf", NULL);
2085 1703 : if (! access (configname, R_OK))
2086 : {
2087 : /* Print a warning when both config files are present. */
2088 1685 : char *p = make_filename (gnupg_homedir (), "options", NULL);
2089 1685 : if (! access (p, R_OK))
2090 0 : log_info (_("Note: old default options file '%s' ignored\n"), p);
2091 1685 : xfree (p);
2092 : }
2093 : else
2094 : {
2095 : /* Use the old default only if it exists. */
2096 18 : char *p = make_filename (gnupg_homedir (), "options", NULL);
2097 18 : if (!access (p, R_OK))
2098 : {
2099 0 : xfree (configname);
2100 0 : configname = p;
2101 : }
2102 : else
2103 18 : xfree (p);
2104 : }
2105 :
2106 1703 : return configname;
2107 : }
2108 :
2109 : int
2110 1827 : main (int argc, char **argv)
2111 : {
2112 : ARGPARSE_ARGS pargs;
2113 : IOBUF a;
2114 1827 : int rc=0;
2115 : int orig_argc;
2116 : char **orig_argv;
2117 : const char *fname;
2118 : char *username;
2119 : int may_coredump;
2120 : strlist_t sl;
2121 1827 : strlist_t remusr = NULL;
2122 1827 : strlist_t locusr = NULL;
2123 1827 : strlist_t nrings = NULL;
2124 1827 : armor_filter_context_t *afx = NULL;
2125 1827 : int detached_sig = 0;
2126 1827 : FILE *configfp = NULL;
2127 1827 : char *configname = NULL;
2128 1827 : char *save_configname = NULL;
2129 1827 : char *default_configname = NULL;
2130 : unsigned configlineno;
2131 1827 : int parse_debug = 0;
2132 1827 : int default_config = 1;
2133 1827 : int default_keyring = 1;
2134 1827 : int greeting = 0;
2135 1827 : int nogreeting = 0;
2136 1827 : char *logfile = NULL;
2137 1827 : int use_random_seed = 1;
2138 1827 : enum cmd_and_opt_values cmd = 0;
2139 1827 : const char *debug_level = NULL;
2140 : #ifndef NO_TRUST_MODELS
2141 1827 : const char *trustdb_name = NULL;
2142 : #endif /*!NO_TRUST_MODELS*/
2143 1827 : char *def_cipher_string = NULL;
2144 1827 : char *def_digest_string = NULL;
2145 1827 : char *compress_algo_string = NULL;
2146 1827 : char *cert_digest_string = NULL;
2147 1827 : char *s2k_cipher_string = NULL;
2148 1827 : char *s2k_digest_string = NULL;
2149 1827 : char *pers_cipher_list = NULL;
2150 1827 : char *pers_digest_list = NULL;
2151 1827 : char *pers_compress_list = NULL;
2152 1827 : int eyes_only=0;
2153 1827 : int multifile=0;
2154 1827 : int pwfd = -1;
2155 1827 : int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
2156 1827 : int any_explicit_recipient = 0;
2157 1827 : int require_secmem = 0;
2158 1827 : int got_secmem = 0;
2159 : struct assuan_malloc_hooks malloc_hooks;
2160 : ctrl_t ctrl;
2161 :
2162 : static int print_dane_records;
2163 : static int print_pka_records;
2164 :
2165 :
2166 : #ifdef __riscos__
2167 : opt.lock_once = 1;
2168 : #endif /* __riscos__ */
2169 :
2170 : /* Please note that we may running SUID(ROOT), so be very CAREFUL
2171 : when adding any stuff between here and the call to
2172 : secmem_init() somewhere after the option parsing. */
2173 1827 : early_system_init ();
2174 1827 : gnupg_reopen_std (GPG_NAME);
2175 1827 : trap_unaligned ();
2176 1827 : gnupg_rl_initialize ();
2177 1827 : set_strusage (my_strusage);
2178 1827 : gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
2179 1827 : log_set_prefix (GPG_NAME, GPGRT_LOG_WITH_PREFIX);
2180 :
2181 : /* Make sure that our subsystems are ready. */
2182 1827 : i18n_init();
2183 1827 : init_common_subsystems (&argc, &argv);
2184 :
2185 : /* Use our own logging handler for Libcgrypt. */
2186 1827 : setup_libgcrypt_logging ();
2187 :
2188 : /* Put random number into secure memory */
2189 1827 : gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
2190 :
2191 1827 : may_coredump = disable_core_dumps();
2192 :
2193 1827 : gnupg_init_signals (0, emergency_cleanup);
2194 :
2195 1827 : dotlock_create (NULL, 0); /* Register lock file cleanup. */
2196 :
2197 1827 : opt.autostart = 1;
2198 1827 : opt.session_env = session_env_new ();
2199 1827 : if (!opt.session_env)
2200 0 : log_fatal ("error allocating session environment block: %s\n",
2201 0 : strerror (errno));
2202 :
2203 1827 : opt.command_fd = -1; /* no command fd */
2204 1827 : opt.compress_level = -1; /* defaults to standard compress level */
2205 1827 : opt.bz2_compress_level = -1; /* defaults to standard compress level */
2206 : /* note: if you change these lines, look at oOpenPGP */
2207 1827 : opt.def_cipher_algo = 0;
2208 1827 : opt.def_digest_algo = 0;
2209 1827 : opt.cert_digest_algo = 0;
2210 1827 : opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
2211 1827 : opt.s2k_mode = 3; /* iterated+salted */
2212 1827 : opt.s2k_count = 0; /* Auto-calibrate when needed. */
2213 1827 : opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
2214 1827 : opt.completes_needed = 1;
2215 1827 : opt.marginals_needed = 3;
2216 1827 : opt.max_cert_depth = 5;
2217 1827 : opt.escape_from = 1;
2218 1827 : opt.flags.require_cross_cert = 1;
2219 1827 : opt.import_options = 0;
2220 1827 : opt.export_options = EXPORT_ATTRIBUTES;
2221 1827 : opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG;
2222 1827 : opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
2223 1827 : opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
2224 1827 : opt.verify_options = (LIST_SHOW_UID_VALIDITY
2225 : | VERIFY_SHOW_POLICY_URLS
2226 : | VERIFY_SHOW_STD_NOTATIONS
2227 : | VERIFY_SHOW_KEYSERVER_URLS);
2228 1827 : opt.list_options = (LIST_SHOW_UID_VALIDITY
2229 : | LIST_SHOW_USAGE);
2230 : #ifdef NO_TRUST_MODELS
2231 : opt.trust_model = TM_ALWAYS;
2232 : #else
2233 1827 : opt.trust_model = TM_AUTO;
2234 : #endif
2235 1827 : opt.tofu_default_policy = TOFU_POLICY_AUTO;
2236 1827 : opt.mangle_dos_filenames = 0;
2237 1827 : opt.min_cert_level = 2;
2238 1827 : set_screen_dimensions ();
2239 1827 : opt.keyid_format = KF_NONE;
2240 1827 : opt.def_sig_expire = "0";
2241 1827 : opt.def_cert_expire = "0";
2242 1827 : gnupg_set_homedir (NULL);
2243 1827 : opt.passphrase_repeat = 1;
2244 1827 : opt.emit_version = 0;
2245 1827 : opt.weak_digests = NULL;
2246 1827 : additional_weak_digest("MD5");
2247 :
2248 : /* Check whether we have a config file on the command line. */
2249 1827 : orig_argc = argc;
2250 1827 : orig_argv = argv;
2251 1827 : pargs.argc = &argc;
2252 1827 : pargs.argv = &argv;
2253 1827 : pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
2254 12937 : while( arg_parse( &pargs, opts) ) {
2255 9283 : if( pargs.r_opt == oDebug || pargs.r_opt == oDebugAll )
2256 0 : parse_debug++;
2257 9283 : else if (pargs.r_opt == oDebugIOLBF)
2258 0 : es_setvbuf (es_stdout, NULL, _IOLBF, 0);
2259 9283 : else if( pargs.r_opt == oOptions ) {
2260 : /* yes there is one, so we do not try the default one, but
2261 : * read the option file when it is encountered at the commandline
2262 : */
2263 0 : default_config = 0;
2264 : }
2265 9283 : else if( pargs.r_opt == oNoOptions )
2266 : {
2267 0 : default_config = 0; /* --no-options */
2268 0 : opt.no_homedir_creation = 1;
2269 : }
2270 9283 : else if( pargs.r_opt == oHomedir )
2271 0 : gnupg_set_homedir (pargs.r.ret_str);
2272 9283 : else if( pargs.r_opt == oNoPermissionWarn )
2273 1670 : opt.no_perm_warn=1;
2274 7613 : else if (pargs.r_opt == oStrict )
2275 : {
2276 : /* Not used */
2277 : }
2278 7613 : else if (pargs.r_opt == oNoStrict )
2279 : {
2280 : /* Not used */
2281 : }
2282 : }
2283 :
2284 : #ifdef HAVE_DOSISH_SYSTEM
2285 : if ( strchr (gnupg_homedir (), '\\') ) {
2286 : char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1);
2287 : const char *s;
2288 : for (d=buf, s = gnupg_homedir (); *s; s++)
2289 : {
2290 : *d++ = *s == '\\'? '/': *s;
2291 : #ifdef HAVE_W32_SYSTEM
2292 : if (s[1] && IsDBCSLeadByte (*s))
2293 : *d++ = *++s;
2294 : #endif
2295 : }
2296 : *d = 0;
2297 : gnupg_set_homedir (buf);
2298 : }
2299 : #endif
2300 :
2301 : /* Initialize the secure memory. */
2302 1703 : if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
2303 1703 : got_secmem = 1;
2304 : #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
2305 : /* There should be no way to get to this spot while still carrying
2306 : setuid privs. Just in case, bomb out if we are. */
2307 : if ( getuid () != geteuid () )
2308 : BUG ();
2309 : #endif
2310 1703 : maybe_setuid = 0;
2311 :
2312 : /* Okay, we are now working under our real uid */
2313 :
2314 : /* malloc hooks go here ... */
2315 1703 : malloc_hooks.malloc = gcry_malloc;
2316 1703 : malloc_hooks.realloc = gcry_realloc;
2317 1703 : malloc_hooks.free = gcry_free;
2318 1703 : assuan_set_malloc_hooks (&malloc_hooks);
2319 1703 : assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
2320 1703 : setup_libassuan_logging (&opt.debug, NULL);
2321 :
2322 : /* Try for a version specific config file first */
2323 1703 : default_configname = get_default_configname ();
2324 1703 : if (default_config)
2325 1703 : configname = xstrdup (default_configname);
2326 :
2327 1703 : argc = orig_argc;
2328 1703 : argv = orig_argv;
2329 1703 : pargs.argc = &argc;
2330 1703 : pargs.argv = &argv;
2331 1703 : pargs.flags= ARGPARSE_FLAG_KEEP;
2332 :
2333 : /* By this point we have a homedir, and cannot change it. */
2334 1703 : check_permissions (gnupg_homedir (), 0);
2335 :
2336 : next_pass:
2337 3388 : if( configname ) {
2338 1703 : if(check_permissions(configname,1))
2339 : {
2340 : /* If any options file is unsafe, then disable any external
2341 : programs for keyserver calls or photo IDs. Since the
2342 : external program to call is set in the options file, a
2343 : unsafe options file can lead to an arbitrary program
2344 : being run. */
2345 :
2346 0 : opt.exec_disable=1;
2347 : }
2348 :
2349 1703 : configlineno = 0;
2350 1703 : configfp = fopen( configname, "r" );
2351 1703 : if (configfp && is_secured_file (fileno (configfp)))
2352 : {
2353 0 : fclose (configfp);
2354 0 : configfp = NULL;
2355 0 : gpg_err_set_errno (EPERM);
2356 : }
2357 1703 : if( !configfp ) {
2358 18 : if( default_config ) {
2359 18 : if( parse_debug )
2360 0 : log_info(_("Note: no default option file '%s'\n"),
2361 : configname );
2362 : }
2363 : else {
2364 0 : log_error(_("option file '%s': %s\n"),
2365 0 : configname, strerror(errno) );
2366 0 : g10_exit(2);
2367 : }
2368 18 : xfree(configname); configname = NULL;
2369 : }
2370 1703 : if( parse_debug && configname )
2371 0 : log_info(_("reading options from '%s'\n"), configname );
2372 1703 : default_config = 0;
2373 : }
2374 :
2375 28228 : while( optfile_parse( configfp, configname, &configlineno,
2376 : &pargs, opts) )
2377 : {
2378 21452 : switch( pargs.r_opt )
2379 : {
2380 : case aListConfig:
2381 : case aListGcryptConfig:
2382 : case aGPGConfList:
2383 : case aGPGConfTest:
2384 373 : set_cmd (&cmd, pargs.r_opt);
2385 : /* Do not register a keyring for these commands. */
2386 373 : default_keyring = -1;
2387 373 : break;
2388 :
2389 : case aCheckKeys:
2390 : case aListPackets:
2391 : case aImport:
2392 : case aFastImport:
2393 : case aSendKeys:
2394 : case aRecvKeys:
2395 : case aSearchKeys:
2396 : case aRefreshKeys:
2397 : case aFetchKeys:
2398 : case aExport:
2399 : #ifdef ENABLE_CARD_SUPPORT
2400 : case aCardStatus:
2401 : case aCardEdit:
2402 : case aChangePIN:
2403 : #endif /* ENABLE_CARD_SUPPORT*/
2404 : case aListKeys:
2405 : case aLocateKeys:
2406 : case aListSigs:
2407 : case aExportSecret:
2408 : case aExportSecretSub:
2409 : case aExportSshKey:
2410 : case aSym:
2411 : case aClearsign:
2412 : case aGenRevoke:
2413 : case aDesigRevoke:
2414 : case aPrimegen:
2415 : case aGenRandom:
2416 : case aPrintMD:
2417 : case aPrintMDs:
2418 : case aListTrustDB:
2419 : case aCheckTrustDB:
2420 : case aUpdateTrustDB:
2421 : case aFixTrustDB:
2422 : case aListTrustPath:
2423 : case aDeArmor:
2424 : case aEnArmor:
2425 : case aSign:
2426 : case aQuickSignKey:
2427 : case aQuickLSignKey:
2428 : case aSignKey:
2429 : case aLSignKey:
2430 : case aStore:
2431 : case aQuickKeygen:
2432 : case aQuickAddUid:
2433 : case aQuickAddKey:
2434 : case aQuickRevUid:
2435 : case aExportOwnerTrust:
2436 : case aImportOwnerTrust:
2437 : case aRebuildKeydbCaches:
2438 483 : set_cmd (&cmd, pargs.r_opt);
2439 483 : break;
2440 :
2441 : case aKeygen:
2442 : case aFullKeygen:
2443 : case aEditKey:
2444 : case aDeleteSecretKeys:
2445 : case aDeleteSecretAndPublicKeys:
2446 : case aDeleteKeys:
2447 : case aPasswd:
2448 10 : set_cmd (&cmd, pargs.r_opt);
2449 10 : greeting=1;
2450 10 : break;
2451 :
2452 16 : case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
2453 :
2454 0 : case aDecryptFiles: multifile=1; /* fall through */
2455 12 : case aDecrypt: set_cmd( &cmd, aDecrypt); break;
2456 :
2457 0 : case aEncrFiles: multifile=1; /* fall through */
2458 247 : case aEncr: set_cmd( &cmd, aEncr); break;
2459 :
2460 0 : case aVerifyFiles: multifile=1; /* fall through */
2461 44 : case aVerify: set_cmd( &cmd, aVerify); break;
2462 :
2463 : case aServer:
2464 0 : set_cmd (&cmd, pargs.r_opt);
2465 0 : opt.batch = 1;
2466 0 : break;
2467 :
2468 : case aTOFUPolicy:
2469 4 : set_cmd (&cmd, pargs.r_opt);
2470 4 : break;
2471 :
2472 39 : case oArmor: opt.armor = 1; opt.no_armor=0; break;
2473 1127 : case oOutput: opt.outfile = pargs.r.ret_str; break;
2474 :
2475 0 : case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
2476 :
2477 : case oInputSizeHint:
2478 0 : opt.input_size_hint = string_to_u64 (pargs.r.ret_str);
2479 0 : break;
2480 :
2481 3 : case oQuiet: opt.quiet = 1; break;
2482 0 : case oNoTTY: tty_no_terminal(1); break;
2483 0 : case oDryRun: opt.dry_run = 1; break;
2484 0 : case oInteractive: opt.interactive = 1; break;
2485 : case oVerbose:
2486 3 : opt.verbose++;
2487 3 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2488 3 : opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
2489 3 : opt.list_options|=LIST_SHOW_UNUSABLE_SUBKEYS;
2490 3 : break;
2491 :
2492 : case oBatch:
2493 1340 : opt.batch = 1;
2494 1340 : nogreeting = 1;
2495 1340 : break;
2496 :
2497 : case oUseAgent: /* Dummy. */
2498 0 : break;
2499 :
2500 : case oNoUseAgent:
2501 0 : obsolete_option (configname, configlineno, "no-use-agent");
2502 0 : break;
2503 : case oGpgAgentInfo:
2504 0 : obsolete_option (configname, configlineno, "gpg-agent-info");
2505 0 : break;
2506 : case oReaderPort:
2507 0 : obsolete_scdaemon_option (configname, configlineno, "reader-port");
2508 0 : break;
2509 : case octapiDriver:
2510 0 : obsolete_scdaemon_option (configname, configlineno, "ctapi-driver");
2511 0 : break;
2512 : case opcscDriver:
2513 0 : obsolete_scdaemon_option (configname, configlineno, "pcsc-driver");
2514 0 : break;
2515 : case oDisableCCID:
2516 0 : obsolete_scdaemon_option (configname, configlineno, "disable-ccid");
2517 0 : break;
2518 : case oHonorHttpProxy:
2519 0 : obsolete_option (configname, configlineno, "honor-http-proxy");
2520 0 : break;
2521 :
2522 1097 : case oAnswerYes: opt.answer_yes = 1; break;
2523 0 : case oAnswerNo: opt.answer_no = 1; break;
2524 0 : case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
2525 : case oPrimaryKeyring:
2526 0 : sl = append_to_strlist (&nrings, pargs.r.ret_str);
2527 0 : sl->flags = KEYDB_RESOURCE_FLAG_PRIMARY;
2528 0 : break;
2529 : case oShowKeyring:
2530 0 : deprecated_warning(configname,configlineno,"--show-keyring",
2531 : "--list-options ","show-keyring");
2532 0 : opt.list_options|=LIST_SHOW_KEYRING;
2533 0 : break;
2534 :
2535 : case oDebug:
2536 0 : if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
2537 : {
2538 0 : pargs.r_opt = ARGPARSE_INVALID_ARG;
2539 0 : pargs.err = ARGPARSE_PRINT_ERROR;
2540 : }
2541 0 : break;
2542 :
2543 0 : case oDebugAll: opt.debug = ~0; break;
2544 0 : case oDebugLevel: debug_level = pargs.r.ret_str; break;
2545 :
2546 0 : case oDebugIOLBF: break; /* Already set in pre-parse step. */
2547 :
2548 : case oStatusFD:
2549 14 : set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2550 14 : break;
2551 : case oStatusFile:
2552 0 : set_status_fd ( open_info_file (pargs.r.ret_str, 1, 0) );
2553 0 : break;
2554 : case oAttributeFD:
2555 0 : set_attrib_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2556 0 : break;
2557 : case oAttributeFile:
2558 0 : set_attrib_fd ( open_info_file (pargs.r.ret_str, 1, 1) );
2559 0 : break;
2560 : case oLoggerFD:
2561 0 : log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
2562 0 : break;
2563 : case oLoggerFile:
2564 0 : logfile = pargs.r.ret_str;
2565 0 : break;
2566 :
2567 : case oWithFingerprint:
2568 0 : opt.with_fingerprint = 1;
2569 0 : opt.fingerprint++;
2570 0 : break;
2571 : case oWithSubkeyFingerprint:
2572 0 : opt.with_subkey_fingerprint = 1;
2573 0 : break;
2574 : case oWithICAOSpelling:
2575 0 : opt.with_icao_spelling = 1;
2576 0 : break;
2577 : case oFingerprint:
2578 0 : opt.fingerprint++;
2579 0 : fpr_maybe_cmd = 1;
2580 0 : break;
2581 :
2582 : case oWithKeygrip:
2583 0 : opt.with_keygrip = 1;
2584 0 : break;
2585 :
2586 : case oWithSecret:
2587 0 : opt.with_secret = 1;
2588 0 : break;
2589 :
2590 : case oWithWKDHash:
2591 0 : opt.with_wkd_hash = 1;
2592 0 : break;
2593 :
2594 : case oSecretKeyring:
2595 : /* Ignore this old option. */
2596 0 : break;
2597 :
2598 : case oOptions:
2599 : /* config files may not be nested (silently ignore them) */
2600 0 : if( !configfp ) {
2601 0 : xfree(configname);
2602 0 : configname = xstrdup(pargs.r.ret_str);
2603 0 : goto next_pass;
2604 : }
2605 0 : break;
2606 0 : case oNoArmor: opt.no_armor=1; opt.armor=0; break;
2607 :
2608 : case oNoDefKeyring:
2609 0 : if (default_keyring > 0)
2610 0 : default_keyring = 0;
2611 0 : break;
2612 : case oNoKeyring:
2613 3 : default_keyring = -1;
2614 3 : break;
2615 :
2616 1331 : case oNoGreeting: nogreeting = 1; break;
2617 : case oNoVerbose:
2618 0 : opt.verbose = 0;
2619 0 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2620 0 : opt.list_sigs=0;
2621 0 : break;
2622 : case oQuickRandom:
2623 0 : gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
2624 0 : break;
2625 0 : case oEmitVersion: opt.emit_version++; break;
2626 0 : case oNoEmitVersion: opt.emit_version=0; break;
2627 0 : case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
2628 0 : case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
2629 0 : case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
2630 :
2631 : #ifndef NO_TRUST_MODELS
2632 0 : case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
2633 :
2634 : #endif /*!NO_TRUST_MODELS*/
2635 : case oDefaultKey:
2636 385 : sl = add_to_strlist (&opt.def_secret_key, pargs.r.ret_str);
2637 385 : sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
2638 385 : if (configfp)
2639 375 : sl->flags |= PK_LIST_CONFIG;
2640 385 : break;
2641 : case oDefRecipient:
2642 0 : if( *pargs.r.ret_str )
2643 : {
2644 0 : xfree (opt.def_recipient);
2645 0 : opt.def_recipient = make_username(pargs.r.ret_str);
2646 : }
2647 0 : break;
2648 : case oDefRecipientSelf:
2649 0 : xfree(opt.def_recipient); opt.def_recipient = NULL;
2650 0 : opt.def_recipient_self = 1;
2651 0 : break;
2652 : case oNoDefRecipient:
2653 0 : xfree(opt.def_recipient); opt.def_recipient = NULL;
2654 0 : opt.def_recipient_self = 0;
2655 0 : break;
2656 0 : case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
2657 0 : case oHomedir: break;
2658 0 : case oNoBatch: opt.batch = 0; break;
2659 :
2660 22 : case oWithTofuInfo: opt.with_tofu_info = 1; break;
2661 :
2662 0 : case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
2663 418 : case oWithColons: opt.with_colons=':'; break;
2664 :
2665 0 : case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/
2666 0 : case oWithSigList: opt.list_sigs = 1; break;
2667 :
2668 0 : case oSkipVerify: opt.skip_verify=1; break;
2669 :
2670 0 : case oSkipHiddenRecipients: opt.skip_hidden_recipients = 1; break;
2671 0 : case oNoSkipHiddenRecipients: opt.skip_hidden_recipients = 0; break;
2672 :
2673 14 : case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
2674 :
2675 : #ifndef NO_TRUST_MODELS
2676 : /* There are many programs (like mutt) that call gpg with
2677 : --always-trust so keep this option around for a long
2678 : time. */
2679 1596 : case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
2680 : case oTrustModel:
2681 49 : parse_trust_model(pargs.r.ret_str);
2682 49 : break;
2683 : #endif /*!NO_TRUST_MODELS*/
2684 : case oTOFUDefaultPolicy:
2685 33 : opt.tofu_default_policy = parse_tofu_policy (pargs.r.ret_str);
2686 33 : break;
2687 : case oTOFUDBFormat:
2688 0 : obsolete_option (configname, configlineno, "tofu-db-format");
2689 0 : break;
2690 :
2691 : case oForceOwnertrust:
2692 0 : log_info(_("Note: %s is not for normal use!\n"),
2693 : "--force-ownertrust");
2694 0 : opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
2695 0 : if(opt.force_ownertrust==-1)
2696 : {
2697 0 : log_error("invalid ownertrust '%s'\n",pargs.r.ret_str);
2698 0 : opt.force_ownertrust=0;
2699 : }
2700 0 : break;
2701 : case oLoadExtension:
2702 : /* Dummy so that gpg 1.4 conf files can work. Should
2703 : eventually be removed. */
2704 0 : break;
2705 : case oRFC4880bis:
2706 0 : opt.flags.rfc4880bis = 1;
2707 : /* fall thru. */
2708 : case oOpenPGP:
2709 : case oRFC4880:
2710 : /* This is effectively the same as RFC2440, but with
2711 : "--enable-dsa2 --no-rfc2440-text --escape-from-lines
2712 : --require-cross-certification". */
2713 0 : opt.compliance = CO_RFC4880;
2714 0 : opt.flags.dsa2 = 1;
2715 0 : opt.flags.require_cross_cert = 1;
2716 0 : opt.rfc2440_text = 0;
2717 0 : opt.allow_non_selfsigned_uid = 1;
2718 0 : opt.allow_freeform_uid = 1;
2719 0 : opt.escape_from = 1;
2720 0 : opt.not_dash_escaped = 0;
2721 0 : opt.def_cipher_algo = 0;
2722 0 : opt.def_digest_algo = 0;
2723 0 : opt.cert_digest_algo = 0;
2724 0 : opt.compress_algo = -1;
2725 0 : opt.s2k_mode = 3; /* iterated+salted */
2726 0 : opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2727 0 : opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2728 0 : break;
2729 : case oRFC2440:
2730 0 : opt.compliance = CO_RFC2440;
2731 0 : opt.flags.dsa2 = 0;
2732 0 : opt.rfc2440_text = 1;
2733 0 : opt.allow_non_selfsigned_uid = 1;
2734 0 : opt.allow_freeform_uid = 1;
2735 0 : opt.escape_from = 0;
2736 0 : opt.not_dash_escaped = 0;
2737 0 : opt.def_cipher_algo = 0;
2738 0 : opt.def_digest_algo = 0;
2739 0 : opt.cert_digest_algo = 0;
2740 0 : opt.compress_algo = -1;
2741 0 : opt.s2k_mode = 3; /* iterated+salted */
2742 0 : opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2743 0 : opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2744 0 : break;
2745 0 : case oPGP6: opt.compliance = CO_PGP6; break;
2746 0 : case oPGP7: opt.compliance = CO_PGP7; break;
2747 0 : case oPGP8: opt.compliance = CO_PGP8; break;
2748 0 : case oGnuPG: opt.compliance = CO_GNUPG; break;
2749 0 : case oRFC2440Text: opt.rfc2440_text=1; break;
2750 0 : case oNoRFC2440Text: opt.rfc2440_text=0; break;
2751 : case oSetFilename:
2752 0 : if(utf8_strings)
2753 0 : opt.set_filename = pargs.r.ret_str;
2754 : else
2755 0 : opt.set_filename = native_to_utf8(pargs.r.ret_str);
2756 0 : break;
2757 0 : case oForYourEyesOnly: eyes_only = 1; break;
2758 0 : case oNoForYourEyesOnly: eyes_only = 0; break;
2759 : case oSetPolicyURL:
2760 0 : add_policy_url(pargs.r.ret_str,0);
2761 0 : add_policy_url(pargs.r.ret_str,1);
2762 0 : break;
2763 0 : case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
2764 0 : case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
2765 : case oShowPolicyURL:
2766 0 : deprecated_warning(configname,configlineno,"--show-policy-url",
2767 : "--list-options ","show-policy-urls");
2768 0 : deprecated_warning(configname,configlineno,"--show-policy-url",
2769 : "--verify-options ","show-policy-urls");
2770 0 : opt.list_options|=LIST_SHOW_POLICY_URLS;
2771 0 : opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
2772 0 : break;
2773 : case oNoShowPolicyURL:
2774 0 : deprecated_warning(configname,configlineno,"--no-show-policy-url",
2775 : "--list-options ","no-show-policy-urls");
2776 0 : deprecated_warning(configname,configlineno,"--no-show-policy-url",
2777 : "--verify-options ","no-show-policy-urls");
2778 0 : opt.list_options&=~LIST_SHOW_POLICY_URLS;
2779 0 : opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
2780 0 : break;
2781 0 : case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
2782 : case oUseEmbeddedFilename:
2783 0 : opt.flags.use_embedded_filename=1;
2784 0 : break;
2785 : case oNoUseEmbeddedFilename:
2786 0 : opt.flags.use_embedded_filename=0;
2787 0 : break;
2788 : case oComment:
2789 0 : if(pargs.r.ret_str[0])
2790 0 : append_to_strlist(&opt.comments,pargs.r.ret_str);
2791 0 : break;
2792 : case oDefaultComment:
2793 0 : deprecated_warning(configname,configlineno,
2794 : "--default-comment","--no-comments","");
2795 : /* fall through */
2796 : case oNoComments:
2797 0 : free_strlist(opt.comments);
2798 0 : opt.comments=NULL;
2799 0 : break;
2800 0 : case oThrowKeyids: opt.throw_keyids = 1; break;
2801 0 : case oNoThrowKeyids: opt.throw_keyids = 0; break;
2802 : case oShowPhotos:
2803 0 : deprecated_warning(configname,configlineno,"--show-photos",
2804 : "--list-options ","show-photos");
2805 0 : deprecated_warning(configname,configlineno,"--show-photos",
2806 : "--verify-options ","show-photos");
2807 0 : opt.list_options|=LIST_SHOW_PHOTOS;
2808 0 : opt.verify_options|=VERIFY_SHOW_PHOTOS;
2809 0 : break;
2810 : case oNoShowPhotos:
2811 0 : deprecated_warning(configname,configlineno,"--no-show-photos",
2812 : "--list-options ","no-show-photos");
2813 0 : deprecated_warning(configname,configlineno,"--no-show-photos",
2814 : "--verify-options ","no-show-photos");
2815 0 : opt.list_options&=~LIST_SHOW_PHOTOS;
2816 0 : opt.verify_options&=~VERIFY_SHOW_PHOTOS;
2817 0 : break;
2818 0 : case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
2819 :
2820 187 : case oForceMDC: opt.force_mdc = 1; break;
2821 0 : case oNoForceMDC: opt.force_mdc = 0; break;
2822 0 : case oDisableMDC: opt.disable_mdc = 1; break;
2823 0 : case oNoDisableMDC: opt.disable_mdc = 0; break;
2824 :
2825 0 : case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
2826 :
2827 0 : case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
2828 0 : case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
2829 0 : case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
2830 : case oS2KCount:
2831 436 : if (pargs.r.ret_int)
2832 436 : opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
2833 : else
2834 0 : opt.s2k_count = 0; /* Auto-calibrate when needed. */
2835 436 : break;
2836 :
2837 : case oRecipient:
2838 : case oHiddenRecipient:
2839 : case oRecipientFile:
2840 : case oHiddenRecipientFile:
2841 : /* Store the recipient. Note that we also store the
2842 : * option as private data in the flags. This is achieved
2843 : * by shifting the option value to the left so to keep
2844 : * enough space for the flags. */
2845 272 : sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2846 272 : sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
2847 272 : if (configfp)
2848 0 : sl->flags |= PK_LIST_CONFIG;
2849 272 : if (pargs.r_opt == oHiddenRecipient
2850 272 : || pargs.r_opt == oHiddenRecipientFile)
2851 3 : sl->flags |= PK_LIST_HIDDEN;
2852 272 : if (pargs.r_opt == oRecipientFile
2853 269 : || pargs.r_opt == oHiddenRecipientFile)
2854 6 : sl->flags |= PK_LIST_FROM_FILE;
2855 272 : any_explicit_recipient = 1;
2856 272 : break;
2857 :
2858 : case oEncryptTo:
2859 : case oHiddenEncryptTo:
2860 : /* Store an additional recipient. */
2861 375 : sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2862 375 : sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO);
2863 375 : if (configfp)
2864 375 : sl->flags |= PK_LIST_CONFIG;
2865 375 : if (pargs.r_opt == oHiddenEncryptTo)
2866 0 : sl->flags |= PK_LIST_HIDDEN;
2867 375 : break;
2868 :
2869 : case oNoEncryptTo:
2870 0 : opt.no_encrypt_to = 1;
2871 0 : break;
2872 : case oEncryptToDefaultKey:
2873 5 : opt.encrypt_to_default_key = configfp ? 2 : 1;
2874 5 : break;
2875 :
2876 : case oTrySecretKey:
2877 0 : add_to_strlist2 (&opt.secret_keys_to_try,
2878 0 : pargs.r.ret_str, utf8_strings);
2879 0 : break;
2880 :
2881 0 : case oMimemode: opt.mimemode = opt.textmode = 1; break;
2882 3 : case oTextmodeShort: opt.textmode = 2; break;
2883 0 : case oTextmode: opt.textmode=1; break;
2884 0 : case oNoTextmode: opt.textmode=opt.mimemode=0; break;
2885 :
2886 0 : case oExpert: opt.expert = 1; break;
2887 0 : case oNoExpert: opt.expert = 0; break;
2888 : case oDefSigExpire:
2889 0 : if(*pargs.r.ret_str!='\0')
2890 : {
2891 0 : if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2892 0 : log_error(_("'%s' is not a valid signature expiration\n"),
2893 : pargs.r.ret_str);
2894 : else
2895 0 : opt.def_sig_expire=pargs.r.ret_str;
2896 : }
2897 0 : break;
2898 0 : case oAskSigExpire: opt.ask_sig_expire = 1; break;
2899 0 : case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
2900 : case oDefCertExpire:
2901 0 : if(*pargs.r.ret_str!='\0')
2902 : {
2903 0 : if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2904 0 : log_error(_("'%s' is not a valid signature expiration\n"),
2905 : pargs.r.ret_str);
2906 : else
2907 0 : opt.def_cert_expire=pargs.r.ret_str;
2908 : }
2909 0 : break;
2910 0 : case oAskCertExpire: opt.ask_cert_expire = 1; break;
2911 0 : case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
2912 0 : case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
2913 0 : case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
2914 0 : case oAskCertLevel: opt.ask_cert_level = 1; break;
2915 0 : case oNoAskCertLevel: opt.ask_cert_level = 0; break;
2916 : case oLocalUser: /* store the local users */
2917 41 : sl = add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
2918 41 : sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
2919 41 : if (configfp)
2920 0 : sl->flags |= PK_LIST_CONFIG;
2921 41 : break;
2922 : case oSender:
2923 : {
2924 0 : char *mbox = mailbox_from_userid (pargs.r.ret_str);
2925 0 : if (!mbox)
2926 0 : log_error (_("\"%s\" is not a proper mail address\n"),
2927 : pargs.r.ret_str);
2928 : else
2929 : {
2930 0 : add_to_strlist (&opt.sender_list, mbox);
2931 0 : xfree (mbox);
2932 : }
2933 : }
2934 0 : break;
2935 : case oCompress:
2936 : /* this is the -z command line option */
2937 0 : opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
2938 0 : break;
2939 0 : case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
2940 0 : case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
2941 0 : case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
2942 : case oPassphrase:
2943 0 : set_passphrase_from_string(pargs.r.ret_str);
2944 0 : break;
2945 : case oPassphraseFD:
2946 509 : pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
2947 509 : break;
2948 : case oPassphraseFile:
2949 9 : pwfd = open_info_file (pargs.r.ret_str, 0, 1);
2950 9 : break;
2951 : case oPassphraseRepeat:
2952 0 : opt.passphrase_repeat = pargs.r.ret_int;
2953 0 : break;
2954 :
2955 : case oPinentryMode:
2956 0 : opt.pinentry_mode = parse_pinentry_mode (pargs.r.ret_str);
2957 0 : if (opt.pinentry_mode == -1)
2958 0 : log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
2959 0 : break;
2960 :
2961 : case oCommandFD:
2962 0 : opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
2963 0 : break;
2964 : case oCommandFile:
2965 0 : opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
2966 0 : break;
2967 : case oCipherAlgo:
2968 364 : def_cipher_string = xstrdup(pargs.r.ret_str);
2969 364 : break;
2970 : case oDigestAlgo:
2971 16 : def_digest_string = xstrdup(pargs.r.ret_str);
2972 16 : break;
2973 : case oCompressAlgo:
2974 : /* If it is all digits, stick a Z in front of it for
2975 : later. This is for backwards compatibility with
2976 : versions that took the compress algorithm number. */
2977 : {
2978 0 : char *pt=pargs.r.ret_str;
2979 0 : while(*pt)
2980 : {
2981 0 : if (!isascii (*pt) || !isdigit (*pt))
2982 : break;
2983 :
2984 0 : pt++;
2985 : }
2986 :
2987 0 : if(*pt=='\0')
2988 : {
2989 0 : compress_algo_string=xmalloc(strlen(pargs.r.ret_str)+2);
2990 0 : strcpy(compress_algo_string,"Z");
2991 0 : strcat(compress_algo_string,pargs.r.ret_str);
2992 : }
2993 : else
2994 0 : compress_algo_string = xstrdup(pargs.r.ret_str);
2995 : }
2996 0 : break;
2997 : case oCertDigestAlgo:
2998 0 : cert_digest_string = xstrdup(pargs.r.ret_str);
2999 0 : break;
3000 :
3001 : case oNoSecmemWarn:
3002 1331 : gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
3003 1331 : break;
3004 :
3005 0 : case oRequireSecmem: require_secmem=1; break;
3006 0 : case oNoRequireSecmem: require_secmem=0; break;
3007 2980 : case oNoPermissionWarn: opt.no_perm_warn=1; break;
3008 0 : case oNoMDCWarn: opt.no_mdc_warn=1; break;
3009 : case oDisplayCharset:
3010 0 : if( set_native_charset( pargs.r.ret_str ) )
3011 0 : log_error(_("'%s' is not a valid character set\n"),
3012 : pargs.r.ret_str);
3013 0 : break;
3014 1 : case oNotDashEscaped: opt.not_dash_escaped = 1; break;
3015 0 : case oEscapeFrom: opt.escape_from = 1; break;
3016 0 : case oNoEscapeFrom: opt.escape_from = 0; break;
3017 0 : case oLockOnce: opt.lock_once = 1; break;
3018 : case oLockNever:
3019 0 : dotlock_disable ();
3020 0 : break;
3021 : case oLockMultiple:
3022 : #ifndef __riscos__
3023 0 : opt.lock_once = 0;
3024 : #else /* __riscos__ */
3025 : riscos_not_implemented("lock-multiple");
3026 : #endif /* __riscos__ */
3027 0 : break;
3028 : case oKeyServer:
3029 : {
3030 : keyserver_spec_t keyserver;
3031 375 : keyserver = parse_keyserver_uri (pargs.r.ret_str, 0);
3032 375 : if (!keyserver)
3033 0 : log_error (_("could not parse keyserver URL\n"));
3034 : else
3035 : {
3036 : /* We only support a single keyserver. Later ones
3037 : override earlier ones. (Since we parse the
3038 : config file first and then the command line
3039 : arguments, the command line takes
3040 : precedence.) */
3041 375 : if (opt.keyserver)
3042 0 : free_keyserver_spec (opt.keyserver);
3043 375 : opt.keyserver = keyserver;
3044 : }
3045 : }
3046 375 : break;
3047 : case oKeyServerOptions:
3048 375 : if(!parse_keyserver_options(pargs.r.ret_str))
3049 : {
3050 0 : if(configname)
3051 0 : log_error(_("%s:%d: invalid keyserver options\n"),
3052 : configname,configlineno);
3053 : else
3054 0 : log_error(_("invalid keyserver options\n"));
3055 : }
3056 375 : break;
3057 : case oImportOptions:
3058 0 : if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
3059 : {
3060 0 : if(configname)
3061 0 : log_error(_("%s:%d: invalid import options\n"),
3062 : configname,configlineno);
3063 : else
3064 0 : log_error(_("invalid import options\n"));
3065 : }
3066 0 : break;
3067 : case oImportFilter:
3068 0 : rc = parse_and_set_import_filter (pargs.r.ret_str);
3069 0 : if (rc)
3070 0 : log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
3071 0 : break;
3072 : case oExportOptions:
3073 0 : if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
3074 : {
3075 0 : if(configname)
3076 0 : log_error(_("%s:%d: invalid export options\n"),
3077 : configname,configlineno);
3078 : else
3079 0 : log_error(_("invalid export options\n"));
3080 : }
3081 0 : break;
3082 : case oExportFilter:
3083 0 : rc = parse_and_set_export_filter (pargs.r.ret_str);
3084 0 : if (rc)
3085 0 : log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
3086 0 : break;
3087 : case oListOptions:
3088 0 : if(!parse_list_options(pargs.r.ret_str))
3089 : {
3090 0 : if(configname)
3091 0 : log_error(_("%s:%d: invalid list options\n"),
3092 : configname,configlineno);
3093 : else
3094 0 : log_error(_("invalid list options\n"));
3095 : }
3096 0 : break;
3097 : case oVerifyOptions:
3098 : {
3099 0 : struct parse_options vopts[]=
3100 : {
3101 : {"show-photos",VERIFY_SHOW_PHOTOS,NULL,
3102 : N_("display photo IDs during signature verification")},
3103 : {"show-policy-urls",VERIFY_SHOW_POLICY_URLS,NULL,
3104 : N_("show policy URLs during signature verification")},
3105 : {"show-notations",VERIFY_SHOW_NOTATIONS,NULL,
3106 : N_("show all notations during signature verification")},
3107 : {"show-std-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
3108 : N_("show IETF standard notations during signature verification")},
3109 : {"show-standard-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
3110 : NULL},
3111 : {"show-user-notations",VERIFY_SHOW_USER_NOTATIONS,NULL,
3112 : N_("show user-supplied notations during signature verification")},
3113 : {"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS,NULL,
3114 : N_("show preferred keyserver URLs during signature verification")},
3115 : {"show-uid-validity",VERIFY_SHOW_UID_VALIDITY,NULL,
3116 : N_("show user ID validity during signature verification")},
3117 : {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
3118 : N_("show revoked and expired user IDs in signature verification")},
3119 : {"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
3120 : N_("show only the primary user ID in signature verification")},
3121 : {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
3122 : N_("validate signatures with PKA data")},
3123 : {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
3124 : N_("elevate the trust of signatures with valid PKA data")},
3125 : {NULL,0,NULL,NULL}
3126 : };
3127 :
3128 0 : if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
3129 : {
3130 0 : if(configname)
3131 0 : log_error(_("%s:%d: invalid verify options\n"),
3132 : configname,configlineno);
3133 : else
3134 0 : log_error(_("invalid verify options\n"));
3135 : }
3136 : }
3137 0 : break;
3138 0 : case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
3139 : case oExecPath:
3140 0 : if(set_exec_path(pargs.r.ret_str))
3141 0 : log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
3142 : else
3143 0 : opt.exec_path_set=1;
3144 0 : break;
3145 : case oSetNotation:
3146 0 : add_notation_data( pargs.r.ret_str, 0 );
3147 0 : add_notation_data( pargs.r.ret_str, 1 );
3148 0 : break;
3149 0 : case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
3150 0 : case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
3151 : case oShowNotation:
3152 0 : deprecated_warning(configname,configlineno,"--show-notation",
3153 : "--list-options ","show-notations");
3154 0 : deprecated_warning(configname,configlineno,"--show-notation",
3155 : "--verify-options ","show-notations");
3156 0 : opt.list_options|=LIST_SHOW_NOTATIONS;
3157 0 : opt.verify_options|=VERIFY_SHOW_NOTATIONS;
3158 0 : break;
3159 : case oNoShowNotation:
3160 0 : deprecated_warning(configname,configlineno,"--no-show-notation",
3161 : "--list-options ","no-show-notations");
3162 0 : deprecated_warning(configname,configlineno,"--no-show-notation",
3163 : "--verify-options ","no-show-notations");
3164 0 : opt.list_options&=~LIST_SHOW_NOTATIONS;
3165 0 : opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
3166 0 : break;
3167 375 : case oUtf8Strings: utf8_strings = 1; break;
3168 0 : case oNoUtf8Strings: utf8_strings = 0; break;
3169 : case oDisableCipherAlgo:
3170 : {
3171 0 : int algo = string_to_cipher_algo (pargs.r.ret_str);
3172 0 : gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
3173 : }
3174 0 : break;
3175 : case oDisablePubkeyAlgo:
3176 : {
3177 0 : int algo = gcry_pk_map_name (pargs.r.ret_str);
3178 0 : gcry_pk_ctl (GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
3179 : }
3180 0 : break;
3181 0 : case oNoSigCache: opt.no_sig_cache = 1; break;
3182 4 : case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
3183 0 : case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
3184 0 : case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
3185 0 : case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
3186 0 : case oNoLiteral: opt.no_literal = 1; break;
3187 0 : case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
3188 0 : case oFastListMode: opt.fast_list_mode = 1; break;
3189 0 : case oFixedListMode: /* Dummy */ break;
3190 0 : case oLegacyListMode: opt.legacy_list_mode = 1; break;
3191 0 : case oPrintPKARecords: print_pka_records = 1; break;
3192 0 : case oPrintDANERecords: print_dane_records = 1; break;
3193 0 : case oListOnly: opt.list_only=1; break;
3194 0 : case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
3195 0 : case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
3196 0 : case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
3197 0 : case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
3198 0 : case oNoRandomSeedFile: use_random_seed = 0; break;
3199 : case oAutoKeyRetrieve:
3200 : case oNoAutoKeyRetrieve:
3201 0 : if(pargs.r_opt==oAutoKeyRetrieve)
3202 0 : opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
3203 : else
3204 0 : opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
3205 0 : break;
3206 0 : case oShowSessionKey: opt.show_session_key = 1; break;
3207 : case oOverrideSessionKey:
3208 0 : opt.override_session_key = pargs.r.ret_str;
3209 0 : break;
3210 : case oMergeOnly:
3211 0 : deprecated_warning(configname,configlineno,"--merge-only",
3212 : "--import-options ","merge-only");
3213 0 : opt.import_options|=IMPORT_MERGE_ONLY;
3214 0 : break;
3215 0 : case oAllowSecretKeyImport: /* obsolete */ break;
3216 0 : case oTryAllSecrets: opt.try_all_secrets = 1; break;
3217 0 : case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
3218 : case oEnableSpecialFilenames:
3219 0 : iobuf_enable_special_filenames (1);
3220 0 : break;
3221 0 : case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
3222 0 : case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
3223 1310 : case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
3224 0 : case oPreservePermissions: opt.preserve_permissions=1; break;
3225 : case oDefaultPreferenceList:
3226 0 : opt.def_preference_list = pargs.r.ret_str;
3227 0 : break;
3228 : case oDefaultKeyserverURL:
3229 : {
3230 : keyserver_spec_t keyserver;
3231 0 : keyserver = parse_keyserver_uri (pargs.r.ret_str,1 );
3232 0 : if (!keyserver)
3233 0 : log_error (_("could not parse keyserver URL\n"));
3234 : else
3235 0 : free_keyserver_spec (keyserver);
3236 :
3237 0 : opt.def_keyserver_url = pargs.r.ret_str;
3238 : }
3239 0 : break;
3240 : case oPersonalCipherPreferences:
3241 0 : pers_cipher_list=pargs.r.ret_str;
3242 0 : break;
3243 : case oPersonalDigestPreferences:
3244 0 : pers_digest_list=pargs.r.ret_str;
3245 0 : break;
3246 : case oPersonalCompressPreferences:
3247 0 : pers_compress_list=pargs.r.ret_str;
3248 0 : break;
3249 1331 : case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
3250 0 : case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
3251 : case oWeakDigest:
3252 0 : additional_weak_digest(pargs.r.ret_str);
3253 0 : break;
3254 : case oUnwrap:
3255 0 : opt.unwrap_encryption = 1;
3256 0 : break;
3257 : case oOnlySignTextIDs:
3258 0 : opt.only_sign_text_ids = 1;
3259 0 : break;
3260 :
3261 : case oDisplay:
3262 0 : set_opt_session_env ("DISPLAY", pargs.r.ret_str);
3263 0 : break;
3264 : case oTTYname:
3265 0 : set_opt_session_env ("GPG_TTY", pargs.r.ret_str);
3266 0 : break;
3267 : case oTTYtype:
3268 0 : set_opt_session_env ("TERM", pargs.r.ret_str);
3269 0 : break;
3270 : case oXauthority:
3271 0 : set_opt_session_env ("XAUTHORITY", pargs.r.ret_str);
3272 0 : break;
3273 :
3274 0 : case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
3275 0 : case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
3276 :
3277 1125 : case oGroup: add_group(pargs.r.ret_str); break;
3278 0 : case oUnGroup: rm_group(pargs.r.ret_str); break;
3279 : case oNoGroups:
3280 0 : while(opt.grouplist)
3281 : {
3282 0 : struct groupitem *iter=opt.grouplist;
3283 0 : free_strlist(iter->values);
3284 0 : opt.grouplist=opt.grouplist->next;
3285 0 : xfree(iter);
3286 : }
3287 0 : break;
3288 :
3289 : case oStrict:
3290 : case oNoStrict:
3291 : /* Not used */
3292 0 : break;
3293 :
3294 0 : case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
3295 0 : case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
3296 0 : case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
3297 0 : case oMultifile: multifile=1; break;
3298 : case oKeyidFormat:
3299 0 : if(ascii_strcasecmp(pargs.r.ret_str,"short")==0)
3300 0 : opt.keyid_format=KF_SHORT;
3301 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"long")==0)
3302 0 : opt.keyid_format=KF_LONG;
3303 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"0xshort")==0)
3304 0 : opt.keyid_format=KF_0xSHORT;
3305 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
3306 0 : opt.keyid_format=KF_0xLONG;
3307 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0)
3308 0 : opt.keyid_format = KF_NONE;
3309 : else
3310 0 : log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
3311 0 : break;
3312 :
3313 : case oExitOnStatusWriteError:
3314 0 : opt.exit_on_status_write_error = 1;
3315 0 : break;
3316 :
3317 : case oLimitCardInsertTries:
3318 0 : opt.limit_card_insert_tries = pargs.r.ret_int;
3319 0 : break;
3320 :
3321 0 : case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
3322 0 : case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
3323 :
3324 : case oAutoKeyLocate:
3325 0 : if(!parse_auto_key_locate(pargs.r.ret_str))
3326 : {
3327 0 : if(configname)
3328 0 : log_error(_("%s:%d: invalid auto-key-locate list\n"),
3329 : configname,configlineno);
3330 : else
3331 0 : log_error(_("invalid auto-key-locate list\n"));
3332 : }
3333 0 : break;
3334 : case oNoAutoKeyLocate:
3335 0 : release_akl();
3336 0 : break;
3337 :
3338 : case oEnableLargeRSA:
3339 : #if SECMEM_BUFFER_SIZE >= 65536
3340 : opt.flags.large_rsa=1;
3341 : #else
3342 0 : if (configname)
3343 0 : log_info("%s:%d: WARNING: gpg not built with large secure "
3344 : "memory buffer. Ignoring enable-large-rsa\n",
3345 : configname,configlineno);
3346 : else
3347 0 : log_info("WARNING: gpg not built with large secure "
3348 : "memory buffer. Ignoring --enable-large-rsa\n");
3349 : #endif /* SECMEM_BUFFER_SIZE >= 65536 */
3350 0 : break;
3351 0 : case oDisableLargeRSA: opt.flags.large_rsa=0;
3352 0 : break;
3353 :
3354 0 : case oEnableDSA2: opt.flags.dsa2=1; break;
3355 0 : case oDisableDSA2: opt.flags.dsa2=0; break;
3356 :
3357 : case oAllowMultisigVerification:
3358 : case oAllowMultipleMessages:
3359 2 : opt.flags.allow_multiple_messages=1;
3360 2 : break;
3361 :
3362 : case oNoAllowMultipleMessages:
3363 0 : opt.flags.allow_multiple_messages=0;
3364 0 : break;
3365 :
3366 : case oAllowWeakDigestAlgos:
3367 1310 : opt.flags.allow_weak_digest_algos = 1;
3368 1310 : break;
3369 :
3370 : case oFakedSystemTime:
3371 : {
3372 53 : time_t faked_time = isotime2epoch (pargs.r.ret_str);
3373 53 : if (faked_time == (time_t)(-1))
3374 53 : faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
3375 53 : gnupg_set_time (faked_time, 0);
3376 : }
3377 53 : break;
3378 :
3379 0 : case oNoAutostart: opt.autostart = 0; break;
3380 :
3381 0 : case oNoop: break;
3382 :
3383 : default:
3384 0 : pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
3385 0 : break;
3386 : }
3387 : }
3388 :
3389 3387 : if (configfp)
3390 : {
3391 1685 : fclose( configfp );
3392 1685 : configfp = NULL;
3393 : /* Remember the first config file name. */
3394 1685 : if (!save_configname)
3395 1685 : save_configname = configname;
3396 : else
3397 0 : xfree(configname);
3398 1685 : configname = NULL;
3399 1685 : goto next_pass;
3400 : }
3401 1702 : xfree(configname); configname = NULL;
3402 1702 : if (log_get_errorcount (0))
3403 0 : g10_exit(2);
3404 :
3405 : /* The command --gpgconf-list is pretty simple and may be called
3406 : directly after the option parsing. */
3407 1702 : if (cmd == aGPGConfList)
3408 : {
3409 0 : gpgconf_list (save_configname ? save_configname : default_configname);
3410 0 : g10_exit (0);
3411 : }
3412 1702 : xfree (save_configname);
3413 1702 : xfree (default_configname);
3414 :
3415 1702 : if (print_dane_records)
3416 0 : log_error ("invalid option \"%s\"; use \"%s\" instead\n",
3417 : "--print-dane-records",
3418 : "--export-options export-dane");
3419 1702 : if (print_pka_records)
3420 0 : log_error ("invalid option \"%s\"; use \"%s\" instead\n",
3421 : "--print-pks-records",
3422 : "--export-options export-pka");
3423 1702 : if (log_get_errorcount (0))
3424 0 : g10_exit(2);
3425 :
3426 :
3427 1702 : if( nogreeting )
3428 1330 : greeting = 0;
3429 :
3430 1702 : if( greeting )
3431 : {
3432 0 : es_fprintf (es_stderr, "%s %s; %s\n",
3433 : strusage(11), strusage(13), strusage(14) );
3434 0 : es_fprintf (es_stderr, "%s\n", strusage(15) );
3435 : }
3436 : #ifdef IS_DEVELOPMENT_VERSION
3437 : if (!opt.batch)
3438 : {
3439 : const char *s;
3440 :
3441 : if((s=strusage(25)))
3442 : log_info("%s\n",s);
3443 : if((s=strusage(26)))
3444 : log_info("%s\n",s);
3445 : if((s=strusage(27)))
3446 : log_info("%s\n",s);
3447 : }
3448 : #endif
3449 :
3450 : /* FIXME: We should use logging to a file only in server mode;
3451 : however we have not yet implemetyed that. Thus we try to get
3452 : away with --batch as indication for logging to file
3453 : required. */
3454 1702 : if (logfile && opt.batch)
3455 : {
3456 0 : log_set_file (logfile);
3457 0 : log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
3458 : }
3459 :
3460 1702 : if (opt.verbose > 2)
3461 0 : log_info ("using character set '%s'\n", get_native_charset ());
3462 :
3463 1702 : if( may_coredump && !opt.quiet )
3464 0 : log_info(_("WARNING: program may create a core file!\n"));
3465 :
3466 1702 : if (opt.flags.rfc4880bis)
3467 0 : log_info ("WARNING: using experimental features from RFC4880bis!\n");
3468 : else
3469 : {
3470 1702 : opt.mimemode = 0; /* This will use text mode instead. */
3471 : }
3472 :
3473 1702 : if (eyes_only) {
3474 0 : if (opt.set_filename)
3475 0 : log_info(_("WARNING: %s overrides %s\n"),
3476 : "--for-your-eyes-only","--set-filename");
3477 :
3478 0 : opt.set_filename="_CONSOLE";
3479 : }
3480 :
3481 1702 : if (opt.no_literal) {
3482 0 : log_info(_("Note: %s is not for normal use!\n"), "--no-literal");
3483 0 : if (opt.textmode)
3484 0 : log_error(_("%s not allowed with %s!\n"),
3485 : "--textmode", "--no-literal" );
3486 0 : if (opt.set_filename)
3487 0 : log_error(_("%s makes no sense with %s!\n"),
3488 : eyes_only?"--for-your-eyes-only":"--set-filename",
3489 : "--no-literal" );
3490 : }
3491 :
3492 :
3493 1702 : if (opt.set_filesize)
3494 0 : log_info(_("Note: %s is not for normal use!\n"), "--set-filesize");
3495 1702 : if( opt.batch )
3496 1329 : tty_batchmode( 1 );
3497 :
3498 1702 : if (gnupg_faked_time_p ())
3499 : {
3500 : gnupg_isotime_t tbuf;
3501 :
3502 53 : log_info (_("WARNING: running with faked system time: "));
3503 53 : gnupg_get_isotime (tbuf);
3504 53 : dump_isotime (tbuf);
3505 53 : log_printf ("\n");
3506 : }
3507 :
3508 : /* Print a warning if an argument looks like an option. */
3509 1702 : if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
3510 : {
3511 : int i;
3512 :
3513 3352 : for (i=0; i < argc; i++)
3514 1653 : if (argv[i][0] == '-' && argv[i][1] == '-')
3515 0 : log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
3516 : }
3517 :
3518 :
3519 1702 : gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
3520 :
3521 1702 : if(require_secmem && !got_secmem)
3522 : {
3523 0 : log_info(_("will not run with insecure memory due to %s\n"),
3524 : "--require-secmem");
3525 0 : g10_exit(2);
3526 : }
3527 :
3528 1702 : set_debug (debug_level);
3529 1702 : if (DBG_CLOCK)
3530 0 : log_clock ("start");
3531 :
3532 : /* Do these after the switch(), so they can override settings. */
3533 1702 : if(PGP6)
3534 : {
3535 : /* That does not anymore work because we have no more support
3536 : for v3 signatures. */
3537 0 : opt.disable_mdc=1;
3538 0 : opt.escape_from=1;
3539 0 : opt.ask_sig_expire=0;
3540 : }
3541 1702 : else if(PGP7)
3542 : {
3543 : /* That does not anymore work because we have no more support
3544 : for v3 signatures. */
3545 0 : opt.escape_from=1;
3546 0 : opt.ask_sig_expire=0;
3547 : }
3548 1702 : else if(PGP8)
3549 : {
3550 0 : opt.escape_from=1;
3551 : }
3552 :
3553 :
3554 1702 : if( def_cipher_string ) {
3555 364 : opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
3556 364 : xfree(def_cipher_string); def_cipher_string = NULL;
3557 364 : if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
3558 0 : log_error(_("selected cipher algorithm is invalid\n"));
3559 : }
3560 1702 : if( def_digest_string ) {
3561 16 : opt.def_digest_algo = string_to_digest_algo (def_digest_string);
3562 16 : xfree(def_digest_string); def_digest_string = NULL;
3563 16 : if ( openpgp_md_test_algo (opt.def_digest_algo) )
3564 0 : log_error(_("selected digest algorithm is invalid\n"));
3565 : }
3566 1702 : if( compress_algo_string ) {
3567 0 : opt.compress_algo = string_to_compress_algo(compress_algo_string);
3568 0 : xfree(compress_algo_string); compress_algo_string = NULL;
3569 0 : if( check_compress_algo(opt.compress_algo) )
3570 0 : log_error(_("selected compression algorithm is invalid\n"));
3571 : }
3572 1702 : if( cert_digest_string ) {
3573 0 : opt.cert_digest_algo = string_to_digest_algo (cert_digest_string);
3574 0 : xfree(cert_digest_string); cert_digest_string = NULL;
3575 0 : if (openpgp_md_test_algo(opt.cert_digest_algo))
3576 0 : log_error(_("selected certification digest algorithm is invalid\n"));
3577 : }
3578 1702 : if( s2k_cipher_string ) {
3579 0 : opt.s2k_cipher_algo = string_to_cipher_algo (s2k_cipher_string);
3580 0 : xfree(s2k_cipher_string); s2k_cipher_string = NULL;
3581 0 : if (openpgp_cipher_test_algo (opt.s2k_cipher_algo))
3582 0 : log_error(_("selected cipher algorithm is invalid\n"));
3583 : }
3584 1702 : if( s2k_digest_string ) {
3585 0 : opt.s2k_digest_algo = string_to_digest_algo (s2k_digest_string);
3586 0 : xfree(s2k_digest_string); s2k_digest_string = NULL;
3587 0 : if (openpgp_md_test_algo(opt.s2k_digest_algo))
3588 0 : log_error(_("selected digest algorithm is invalid\n"));
3589 : }
3590 1702 : if( opt.completes_needed < 1 )
3591 0 : log_error(_("completes-needed must be greater than 0\n"));
3592 1702 : if( opt.marginals_needed < 2 )
3593 0 : log_error(_("marginals-needed must be greater than 1\n"));
3594 1702 : if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
3595 0 : log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
3596 1702 : if(opt.def_cert_level<0 || opt.def_cert_level>3)
3597 0 : log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
3598 1702 : if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
3599 0 : log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
3600 1702 : switch( opt.s2k_mode ) {
3601 : case 0:
3602 0 : log_info(_("Note: simple S2K mode (0) is strongly discouraged\n"));
3603 0 : break;
3604 1702 : case 1: case 3: break;
3605 : default:
3606 0 : log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
3607 : }
3608 :
3609 : /* This isn't actually needed, but does serve to error out if the
3610 : string is invalid. */
3611 1702 : if(opt.def_preference_list &&
3612 0 : keygen_set_std_prefs(opt.def_preference_list,0))
3613 0 : log_error(_("invalid default preferences\n"));
3614 :
3615 1702 : if(pers_cipher_list &&
3616 0 : keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
3617 0 : log_error(_("invalid personal cipher preferences\n"));
3618 :
3619 1702 : if(pers_digest_list &&
3620 0 : keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
3621 0 : log_error(_("invalid personal digest preferences\n"));
3622 :
3623 1702 : if(pers_compress_list &&
3624 0 : keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
3625 0 : log_error(_("invalid personal compress preferences\n"));
3626 :
3627 : /* We don't support all possible commands with multifile yet */
3628 1702 : if(multifile)
3629 : {
3630 : char *cmdname;
3631 :
3632 0 : switch(cmd)
3633 : {
3634 : case aSign:
3635 0 : cmdname="--sign";
3636 0 : break;
3637 : case aSignEncr:
3638 0 : cmdname="--sign --encrypt";
3639 0 : break;
3640 : case aClearsign:
3641 0 : cmdname="--clearsign";
3642 0 : break;
3643 : case aDetachedSign:
3644 0 : cmdname="--detach-sign";
3645 0 : break;
3646 : case aSym:
3647 0 : cmdname="--symmetric";
3648 0 : break;
3649 : case aEncrSym:
3650 0 : cmdname="--symmetric --encrypt";
3651 0 : break;
3652 : case aStore:
3653 0 : cmdname="--store";
3654 0 : break;
3655 : default:
3656 0 : cmdname=NULL;
3657 0 : break;
3658 : }
3659 :
3660 0 : if(cmdname)
3661 0 : log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
3662 : }
3663 :
3664 1702 : if( log_get_errorcount(0) )
3665 0 : g10_exit(2);
3666 :
3667 1702 : if(opt.compress_level==0)
3668 0 : opt.compress_algo=COMPRESS_ALGO_NONE;
3669 :
3670 : /* Check our chosen algorithms against the list of legal
3671 : algorithms. */
3672 :
3673 1702 : if(!GNUPG)
3674 : {
3675 0 : const char *badalg=NULL;
3676 0 : preftype_t badtype=PREFTYPE_NONE;
3677 :
3678 0 : if(opt.def_cipher_algo
3679 0 : && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
3680 : {
3681 0 : badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
3682 0 : badtype = PREFTYPE_SYM;
3683 : }
3684 0 : else if(opt.def_digest_algo
3685 0 : && !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
3686 : {
3687 0 : badalg = gcry_md_algo_name (opt.def_digest_algo);
3688 0 : badtype = PREFTYPE_HASH;
3689 : }
3690 0 : else if(opt.cert_digest_algo
3691 0 : && !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
3692 : {
3693 0 : badalg = gcry_md_algo_name (opt.cert_digest_algo);
3694 0 : badtype = PREFTYPE_HASH;
3695 : }
3696 0 : else if(opt.compress_algo!=-1
3697 0 : && !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
3698 : {
3699 0 : badalg = compress_algo_to_string(opt.compress_algo);
3700 0 : badtype = PREFTYPE_ZIP;
3701 : }
3702 :
3703 0 : if(badalg)
3704 : {
3705 0 : switch(badtype)
3706 : {
3707 : case PREFTYPE_SYM:
3708 0 : log_info(_("you may not use cipher algorithm '%s'"
3709 : " while in %s mode\n"),
3710 : badalg,compliance_option_string());
3711 0 : break;
3712 : case PREFTYPE_HASH:
3713 0 : log_info(_("you may not use digest algorithm '%s'"
3714 : " while in %s mode\n"),
3715 : badalg,compliance_option_string());
3716 0 : break;
3717 : case PREFTYPE_ZIP:
3718 0 : log_info(_("you may not use compression algorithm '%s'"
3719 : " while in %s mode\n"),
3720 : badalg,compliance_option_string());
3721 0 : break;
3722 : default:
3723 0 : BUG();
3724 : }
3725 :
3726 0 : compliance_failure();
3727 : }
3728 : }
3729 :
3730 : /* Set the random seed file. */
3731 1702 : if( use_random_seed ) {
3732 1702 : char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
3733 1702 : gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
3734 1702 : if (!access (p, F_OK))
3735 1682 : register_secured_file (p);
3736 1702 : xfree(p);
3737 : }
3738 :
3739 : /* If there is no command but the --fingerprint is given, default
3740 : to the --list-keys command. */
3741 1702 : if (!cmd && fpr_maybe_cmd)
3742 : {
3743 0 : set_cmd (&cmd, aListKeys);
3744 : }
3745 :
3746 :
3747 1702 : if( opt.verbose > 1 )
3748 0 : set_packet_list_mode(1);
3749 :
3750 : /* Add the keyrings, but not for some special commands. We always
3751 : * need to add the keyrings if we are running under SELinux, this
3752 : * is so that the rings are added to the list of secured files.
3753 : * We do not add any keyring if --no-keyring has been used. */
3754 1702 : if (default_keyring >= 0
3755 1326 : && (ALWAYS_ADD_KEYRINGS
3756 2616 : || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
3757 : {
3758 1290 : if (!nrings || default_keyring > 0) /* Add default ring. */
3759 1290 : keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
3760 : KEYDB_RESOURCE_FLAG_DEFAULT);
3761 1290 : for (sl = nrings; sl; sl = sl->next )
3762 0 : keydb_add_resource (sl->d, sl->flags);
3763 : }
3764 1702 : FREE_STRLIST(nrings);
3765 :
3766 1702 : if (opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
3767 : /* In loopback mode, never ask for the password multiple
3768 : times. */
3769 : {
3770 0 : opt.passphrase_repeat = 0;
3771 : }
3772 :
3773 1702 : if (cmd == aGPGConfTest)
3774 0 : g10_exit(0);
3775 :
3776 :
3777 1702 : if( pwfd != -1 ) /* Read the passphrase now. */
3778 518 : read_passphrase_from_fd( pwfd );
3779 :
3780 1702 : fname = argc? *argv : NULL;
3781 :
3782 1702 : if(fname && utf8_strings)
3783 372 : opt.flags.utf8_filename=1;
3784 :
3785 1702 : ctrl = xcalloc (1, sizeof *ctrl);
3786 1702 : gpg_init_default_ctrl (ctrl);
3787 :
3788 : #ifndef NO_TRUST_MODELS
3789 1702 : switch (cmd)
3790 : {
3791 : case aPrimegen:
3792 : case aPrintMD:
3793 : case aPrintMDs:
3794 : case aGenRandom:
3795 : case aDeArmor:
3796 : case aEnArmor:
3797 : case aListConfig:
3798 : case aListGcryptConfig:
3799 412 : break;
3800 : case aFixTrustDB:
3801 : case aExportOwnerTrust:
3802 0 : rc = setup_trustdb (0, trustdb_name);
3803 0 : break;
3804 : case aListTrustDB:
3805 0 : rc = setup_trustdb (argc? 1:0, trustdb_name);
3806 0 : break;
3807 : default:
3808 : /* If we are using TM_ALWAYS, we do not need to create the
3809 : trustdb. */
3810 1290 : rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
3811 1290 : break;
3812 : }
3813 1702 : if (rc)
3814 0 : log_error (_("failed to initialize the TrustDB: %s\n"),
3815 : gpg_strerror (rc));
3816 : #endif /*!NO_TRUST_MODELS*/
3817 :
3818 1702 : switch (cmd)
3819 : {
3820 : case aStore:
3821 : case aSym:
3822 : case aSign:
3823 : case aSignSym:
3824 : case aClearsign:
3825 316 : if (!opt.quiet && any_explicit_recipient)
3826 22 : log_info (_("WARNING: recipients (-r) given "
3827 : "without using public key encryption\n"));
3828 316 : break;
3829 : default:
3830 1386 : break;
3831 : }
3832 :
3833 :
3834 : /* Check for certain command whether we need to migrate a
3835 : secring.gpg to the gpg-agent. */
3836 1702 : switch (cmd)
3837 : {
3838 : case aListSecretKeys:
3839 : case aSign:
3840 : case aSignEncr:
3841 : case aSignEncrSym:
3842 : case aSignSym:
3843 : case aClearsign:
3844 : case aDecrypt:
3845 : case aSignKey:
3846 : case aLSignKey:
3847 : case aEditKey:
3848 : case aPasswd:
3849 : case aDeleteSecretKeys:
3850 : case aDeleteSecretAndPublicKeys:
3851 : case aQuickKeygen:
3852 : case aQuickAddUid:
3853 : case aQuickAddKey:
3854 : case aQuickRevUid:
3855 : case aFullKeygen:
3856 : case aKeygen:
3857 : case aImport:
3858 : case aExportSecret:
3859 : case aExportSecretSub:
3860 : case aGenRevoke:
3861 : case aDesigRevoke:
3862 : case aCardEdit:
3863 : case aChangePIN:
3864 186 : migrate_secring (ctrl);
3865 186 : break;
3866 : case aListKeys:
3867 47 : if (opt.with_secret)
3868 0 : migrate_secring (ctrl);
3869 47 : break;
3870 : default:
3871 1469 : break;
3872 : }
3873 :
3874 : /* The command dispatcher. */
3875 1702 : switch( cmd )
3876 : {
3877 : case aServer:
3878 0 : gpg_server (ctrl);
3879 0 : break;
3880 :
3881 : case aStore: /* only store the file */
3882 0 : if( argc > 1 )
3883 0 : wrong_args(_("--store [filename]"));
3884 0 : if( (rc = encrypt_store(fname)) )
3885 : {
3886 0 : write_status_failure ("store", rc);
3887 0 : log_error ("storing '%s' failed: %s\n",
3888 : print_fname_stdin(fname),gpg_strerror (rc) );
3889 : }
3890 0 : break;
3891 : case aSym: /* encrypt the given file only with the symmetric cipher */
3892 213 : if( argc > 1 )
3893 0 : wrong_args(_("--symmetric [filename]"));
3894 213 : if( (rc = encrypt_symmetric(fname)) )
3895 : {
3896 0 : write_status_failure ("symencrypt", rc);
3897 0 : log_error (_("symmetric encryption of '%s' failed: %s\n"),
3898 : print_fname_stdin(fname),gpg_strerror (rc) );
3899 : }
3900 213 : break;
3901 :
3902 : case aEncr: /* encrypt the given file */
3903 219 : if(multifile)
3904 0 : encrypt_crypt_files (ctrl, argc, argv, remusr);
3905 : else
3906 : {
3907 219 : if( argc > 1 )
3908 0 : wrong_args(_("--encrypt [filename]"));
3909 219 : if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 0, NULL, -1)) )
3910 : {
3911 0 : write_status_failure ("encrypt", rc);
3912 0 : log_error("%s: encryption failed: %s\n",
3913 : print_fname_stdin(fname), gpg_strerror (rc) );
3914 : }
3915 : }
3916 219 : break;
3917 :
3918 : case aEncrSym:
3919 : /* This works with PGP 8 in the sense that it acts just like a
3920 : symmetric message. It doesn't work at all with 2 or 6. It
3921 : might work with 7, but alas, I don't have a copy to test
3922 : with right now. */
3923 0 : if( argc > 1 )
3924 0 : wrong_args(_("--symmetric --encrypt [filename]"));
3925 0 : else if(opt.s2k_mode==0)
3926 0 : log_error(_("you cannot use --symmetric --encrypt"
3927 : " with --s2k-mode 0\n"));
3928 0 : else if(PGP6 || PGP7)
3929 0 : log_error(_("you cannot use --symmetric --encrypt"
3930 : " while in %s mode\n"),compliance_option_string());
3931 : else
3932 : {
3933 0 : if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 1, NULL, -1)) )
3934 : {
3935 0 : write_status_failure ("encrypt", rc);
3936 0 : log_error ("%s: encryption failed: %s\n",
3937 : print_fname_stdin(fname), gpg_strerror (rc) );
3938 : }
3939 : }
3940 0 : break;
3941 :
3942 : case aSign: /* sign the given file */
3943 86 : sl = NULL;
3944 86 : if( detached_sig ) { /* sign all files */
3945 44 : for( ; argc; argc--, argv++ )
3946 28 : add_to_strlist( &sl, *argv );
3947 : }
3948 : else {
3949 70 : if( argc > 1 )
3950 0 : wrong_args(_("--sign [filename]"));
3951 70 : if( argc ) {
3952 69 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
3953 69 : strcpy(sl->d, fname);
3954 : }
3955 : }
3956 86 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 0, NULL, NULL)))
3957 : {
3958 0 : write_status_failure ("sign", rc);
3959 0 : log_error ("signing failed: %s\n", gpg_strerror (rc) );
3960 : }
3961 86 : free_strlist(sl);
3962 86 : break;
3963 :
3964 : case aSignEncr: /* sign and encrypt the given file */
3965 27 : if( argc > 1 )
3966 0 : wrong_args(_("--sign --encrypt [filename]"));
3967 27 : if( argc ) {
3968 26 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
3969 26 : strcpy(sl->d, fname);
3970 : }
3971 : else
3972 1 : sl = NULL;
3973 27 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 1, remusr, NULL)))
3974 : {
3975 0 : write_status_failure ("sign-encrypt", rc);
3976 0 : log_error("%s: sign+encrypt failed: %s\n",
3977 : print_fname_stdin(fname), gpg_strerror (rc) );
3978 : }
3979 27 : free_strlist(sl);
3980 27 : break;
3981 :
3982 : case aSignEncrSym: /* sign and encrypt the given file */
3983 1 : if( argc > 1 )
3984 0 : wrong_args(_("--symmetric --sign --encrypt [filename]"));
3985 1 : else if(opt.s2k_mode==0)
3986 0 : log_error(_("you cannot use --symmetric --sign --encrypt"
3987 : " with --s2k-mode 0\n"));
3988 1 : else if(PGP6 || PGP7)
3989 0 : log_error(_("you cannot use --symmetric --sign --encrypt"
3990 : " while in %s mode\n"),compliance_option_string());
3991 : else
3992 : {
3993 1 : if( argc )
3994 : {
3995 0 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
3996 0 : strcpy(sl->d, fname);
3997 : }
3998 : else
3999 1 : sl = NULL;
4000 1 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr,
4001 : 2, remusr, NULL)))
4002 : {
4003 0 : write_status_failure ("sign-encrypt", rc);
4004 0 : log_error("%s: symmetric+sign+encrypt failed: %s\n",
4005 : print_fname_stdin(fname), gpg_strerror (rc) );
4006 : }
4007 1 : free_strlist(sl);
4008 : }
4009 1 : break;
4010 :
4011 : case aSignSym: /* sign and conventionally encrypt the given file */
4012 7 : if (argc > 1)
4013 0 : wrong_args(_("--sign --symmetric [filename]"));
4014 7 : rc = sign_symencrypt_file (ctrl, fname, locusr);
4015 7 : if (rc)
4016 : {
4017 0 : write_status_failure ("sign-symencrypt", rc);
4018 0 : log_error("%s: sign+symmetric failed: %s\n",
4019 : print_fname_stdin(fname), gpg_strerror (rc) );
4020 : }
4021 7 : break;
4022 :
4023 : case aClearsign: /* make a clearsig */
4024 10 : if( argc > 1 )
4025 0 : wrong_args(_("--clearsign [filename]"));
4026 10 : if( (rc = clearsign_file (ctrl, fname, locusr, NULL)) )
4027 : {
4028 0 : write_status_failure ("sign", rc);
4029 0 : log_error("%s: clearsign failed: %s\n",
4030 : print_fname_stdin(fname), gpg_strerror (rc) );
4031 : }
4032 10 : break;
4033 :
4034 : case aVerify:
4035 44 : if (multifile)
4036 : {
4037 0 : if ((rc = verify_files (ctrl, argc, argv)))
4038 0 : log_error("verify files failed: %s\n", gpg_strerror (rc) );
4039 : }
4040 : else
4041 : {
4042 44 : if ((rc = verify_signatures (ctrl, argc, argv)))
4043 0 : log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
4044 : }
4045 41 : if (rc)
4046 0 : write_status_failure ("verify", rc);
4047 41 : break;
4048 :
4049 : case aDecrypt:
4050 12 : if (multifile)
4051 0 : decrypt_messages (ctrl, argc, argv);
4052 : else
4053 : {
4054 12 : if( argc > 1 )
4055 0 : wrong_args(_("--decrypt [filename]"));
4056 12 : if( (rc = decrypt_message (ctrl, fname) ))
4057 : {
4058 0 : write_status_failure ("decrypt", rc);
4059 0 : log_error("decrypt_message failed: %s\n", gpg_strerror (rc) );
4060 : }
4061 : }
4062 12 : break;
4063 :
4064 : case aQuickSignKey:
4065 : case aQuickLSignKey:
4066 : {
4067 : const char *fpr;
4068 :
4069 0 : if (argc < 1)
4070 0 : wrong_args ("--quick-[l]sign-key fingerprint [userids]");
4071 0 : fpr = *argv++; argc--;
4072 0 : sl = NULL;
4073 0 : for( ; argc; argc--, argv++)
4074 0 : append_to_strlist2 (&sl, *argv, utf8_strings);
4075 0 : keyedit_quick_sign (ctrl, fpr, sl, locusr, (cmd == aQuickLSignKey));
4076 0 : free_strlist (sl);
4077 : }
4078 0 : break;
4079 :
4080 : case aSignKey:
4081 0 : if( argc != 1 )
4082 0 : wrong_args(_("--sign-key user-id"));
4083 : /* fall through */
4084 : case aLSignKey:
4085 0 : if( argc != 1 )
4086 0 : wrong_args(_("--lsign-key user-id"));
4087 : /* fall through */
4088 :
4089 0 : sl=NULL;
4090 :
4091 0 : if(cmd==aSignKey)
4092 0 : append_to_strlist(&sl,"sign");
4093 0 : else if(cmd==aLSignKey)
4094 0 : append_to_strlist(&sl,"lsign");
4095 : else
4096 0 : BUG();
4097 :
4098 0 : append_to_strlist( &sl, "save" );
4099 0 : username = make_username( fname );
4100 0 : keyedit_menu (ctrl, username, locusr, sl, 0, 0 );
4101 0 : xfree(username);
4102 0 : free_strlist(sl);
4103 0 : break;
4104 :
4105 : case aEditKey: /* Edit a key signature */
4106 0 : if( !argc )
4107 0 : wrong_args(_("--edit-key user-id [commands]"));
4108 0 : username = make_username( fname );
4109 0 : if( argc > 1 ) {
4110 0 : sl = NULL;
4111 0 : for( argc--, argv++ ; argc; argc--, argv++ )
4112 0 : append_to_strlist( &sl, *argv );
4113 0 : keyedit_menu (ctrl, username, locusr, sl, 0, 1 );
4114 0 : free_strlist(sl);
4115 : }
4116 : else
4117 0 : keyedit_menu (ctrl, username, locusr, NULL, 0, 1 );
4118 0 : xfree(username);
4119 0 : break;
4120 :
4121 : case aPasswd:
4122 0 : if (argc != 1)
4123 0 : wrong_args (_("--passwd <user-id>"));
4124 : else
4125 : {
4126 0 : username = make_username (fname);
4127 0 : keyedit_passwd (ctrl, username);
4128 0 : xfree (username);
4129 : }
4130 0 : break;
4131 :
4132 : case aDeleteKeys:
4133 : case aDeleteSecretKeys:
4134 : case aDeleteSecretAndPublicKeys:
4135 8 : sl = NULL;
4136 : /* I'm adding these in reverse order as add_to_strlist2
4137 : reverses them again, and it's easier to understand in the
4138 : proper order :) */
4139 17 : for( ; argc; argc-- )
4140 9 : add_to_strlist2( &sl, argv[argc-1], utf8_strings );
4141 8 : delete_keys(sl,cmd==aDeleteSecretKeys,cmd==aDeleteSecretAndPublicKeys);
4142 8 : free_strlist(sl);
4143 8 : break;
4144 :
4145 : case aCheckKeys:
4146 0 : opt.check_sigs = 1;
4147 : case aListSigs:
4148 0 : opt.list_sigs = 1;
4149 : case aListKeys:
4150 47 : sl = NULL;
4151 97 : for( ; argc; argc--, argv++ )
4152 50 : add_to_strlist2( &sl, *argv, utf8_strings );
4153 47 : public_key_list (ctrl, sl, 0);
4154 47 : free_strlist(sl);
4155 47 : break;
4156 : case aListSecretKeys:
4157 14 : sl = NULL;
4158 25 : for( ; argc; argc--, argv++ )
4159 11 : add_to_strlist2( &sl, *argv, utf8_strings );
4160 14 : secret_key_list (ctrl, sl);
4161 14 : free_strlist(sl);
4162 14 : break;
4163 : case aLocateKeys:
4164 0 : sl = NULL;
4165 0 : for (; argc; argc--, argv++)
4166 0 : add_to_strlist2( &sl, *argv, utf8_strings );
4167 0 : public_key_list (ctrl, sl, 1);
4168 0 : free_strlist (sl);
4169 0 : break;
4170 :
4171 : case aQuickKeygen:
4172 : {
4173 : const char *x_algo, *x_usage, *x_expire;
4174 :
4175 0 : if (argc < 1 || argc > 4)
4176 0 : wrong_args("--quick-gen-key USER-ID [ALGO [USAGE [EXPIRE]]]");
4177 0 : username = make_username (fname);
4178 0 : argv++, argc--;
4179 0 : x_algo = "";
4180 0 : x_usage = "";
4181 0 : x_expire = "";
4182 0 : if (argc)
4183 : {
4184 0 : x_algo = *argv++; argc--;
4185 0 : if (argc)
4186 : {
4187 0 : x_usage = *argv++; argc--;
4188 0 : if (argc)
4189 : {
4190 0 : x_expire = *argv++; argc--;
4191 : }
4192 : }
4193 : }
4194 0 : quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
4195 0 : xfree (username);
4196 : }
4197 0 : break;
4198 :
4199 : case aKeygen: /* generate a key */
4200 2 : if( opt.batch ) {
4201 2 : if( argc > 1 )
4202 0 : wrong_args("--gen-key [parameterfile]");
4203 2 : generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
4204 : }
4205 : else {
4206 0 : if (opt.command_fd != -1 && argc)
4207 : {
4208 0 : if( argc > 1 )
4209 0 : wrong_args("--gen-key [parameterfile]");
4210 :
4211 0 : opt.batch = 1;
4212 0 : generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
4213 : }
4214 0 : else if (argc)
4215 0 : wrong_args ("--gen-key");
4216 : else
4217 0 : generate_keypair (ctrl, 0, NULL, NULL, 0);
4218 : }
4219 2 : break;
4220 :
4221 : case aFullKeygen: /* Generate a key with all options. */
4222 0 : if (opt.batch)
4223 : {
4224 0 : if (argc > 1)
4225 0 : wrong_args ("--full-gen-key [parameterfile]");
4226 0 : generate_keypair (ctrl, 1, argc? *argv : NULL, NULL, 0);
4227 : }
4228 : else
4229 : {
4230 0 : if (argc)
4231 0 : wrong_args("--full-gen-key");
4232 0 : generate_keypair (ctrl, 1, NULL, NULL, 0);
4233 : }
4234 0 : break;
4235 :
4236 : case aQuickAddUid:
4237 : {
4238 : const char *uid, *newuid;
4239 :
4240 0 : if (argc != 2)
4241 0 : wrong_args ("--quick-adduid USER-ID NEW-USER-ID");
4242 0 : uid = *argv++; argc--;
4243 0 : newuid = *argv++; argc--;
4244 0 : keyedit_quick_adduid (ctrl, uid, newuid);
4245 : }
4246 0 : break;
4247 :
4248 : case aQuickAddKey:
4249 : {
4250 : const char *x_fpr, *x_algo, *x_usage, *x_expire;
4251 :
4252 0 : if (argc < 1 || argc > 4)
4253 0 : wrong_args ("--quick-addkey FINGERPRINT [ALGO [USAGE [EXPIRE]]]");
4254 0 : x_fpr = *argv++; argc--;
4255 0 : x_algo = "";
4256 0 : x_usage = "";
4257 0 : x_expire = "";
4258 0 : if (argc)
4259 : {
4260 0 : x_algo = *argv++; argc--;
4261 0 : if (argc)
4262 : {
4263 0 : x_usage = *argv++; argc--;
4264 0 : if (argc)
4265 : {
4266 0 : x_expire = *argv++; argc--;
4267 : }
4268 : }
4269 : }
4270 0 : keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire);
4271 : }
4272 0 : break;
4273 :
4274 : case aQuickRevUid:
4275 : {
4276 : const char *uid, *uidtorev;
4277 :
4278 0 : if (argc != 2)
4279 0 : wrong_args ("--quick-revuid USER-ID USER-ID-TO-REVOKE");
4280 0 : uid = *argv++; argc--;
4281 0 : uidtorev = *argv++; argc--;
4282 0 : keyedit_quick_revuid (ctrl, uid, uidtorev);
4283 : }
4284 0 : break;
4285 :
4286 : case aFastImport:
4287 0 : opt.import_options |= IMPORT_FAST;
4288 : case aImport:
4289 24 : import_keys (ctrl, argc? argv:NULL, argc, NULL, opt.import_options);
4290 24 : break;
4291 :
4292 : /* TODO: There are a number of command that use this same
4293 : "make strlist, call function, report error, free strlist"
4294 : pattern. Join them together here and avoid all that
4295 : duplicated code. */
4296 :
4297 : case aExport:
4298 : case aSendKeys:
4299 : case aRecvKeys:
4300 4 : sl = NULL;
4301 12 : for( ; argc; argc--, argv++ )
4302 8 : append_to_strlist2( &sl, *argv, utf8_strings );
4303 4 : if( cmd == aSendKeys )
4304 0 : rc = keyserver_export (ctrl, sl );
4305 4 : else if( cmd == aRecvKeys )
4306 0 : rc = keyserver_import (ctrl, sl );
4307 : else
4308 : {
4309 4 : export_stats_t stats = export_new_stats ();
4310 4 : rc = export_pubkeys (ctrl, sl, opt.export_options, stats);
4311 4 : export_print_stats (stats);
4312 4 : export_release_stats (stats);
4313 : }
4314 4 : if(rc)
4315 : {
4316 0 : if(cmd==aSendKeys)
4317 : {
4318 0 : write_status_failure ("send-keys", rc);
4319 0 : log_error(_("keyserver send failed: %s\n"),gpg_strerror (rc));
4320 : }
4321 0 : else if(cmd==aRecvKeys)
4322 : {
4323 0 : write_status_failure ("recv-keys", rc);
4324 0 : log_error (_("keyserver receive failed: %s\n"),
4325 : gpg_strerror (rc));
4326 : }
4327 : else
4328 : {
4329 0 : write_status_failure ("export", rc);
4330 0 : log_error (_("key export failed: %s\n"), gpg_strerror (rc));
4331 : }
4332 : }
4333 4 : free_strlist(sl);
4334 4 : break;
4335 :
4336 : case aExportSshKey:
4337 0 : if (argc != 1)
4338 0 : wrong_args ("--export-ssh-key <user-id>");
4339 0 : rc = export_ssh_key (ctrl, argv[0]);
4340 0 : if (rc)
4341 : {
4342 0 : write_status_failure ("export-ssh-key", rc);
4343 0 : log_error (_("export as ssh key failed: %s\n"), gpg_strerror (rc));
4344 : }
4345 0 : break;
4346 :
4347 : case aSearchKeys:
4348 0 : sl = NULL;
4349 0 : for (; argc; argc--, argv++)
4350 0 : append_to_strlist2 (&sl, *argv, utf8_strings);
4351 0 : rc = keyserver_search (ctrl, sl);
4352 0 : if (rc)
4353 : {
4354 0 : write_status_failure ("search-keys", rc);
4355 0 : log_error (_("keyserver search failed: %s\n"), gpg_strerror (rc));
4356 : }
4357 0 : free_strlist (sl);
4358 0 : break;
4359 :
4360 : case aRefreshKeys:
4361 0 : sl = NULL;
4362 0 : for( ; argc; argc--, argv++ )
4363 0 : append_to_strlist2( &sl, *argv, utf8_strings );
4364 0 : rc = keyserver_refresh (ctrl, sl);
4365 0 : if(rc)
4366 : {
4367 0 : write_status_failure ("refresh-keys", rc);
4368 0 : log_error (_("keyserver refresh failed: %s\n"),gpg_strerror (rc));
4369 : }
4370 0 : free_strlist(sl);
4371 0 : break;
4372 :
4373 : case aFetchKeys:
4374 0 : sl = NULL;
4375 0 : for( ; argc; argc--, argv++ )
4376 0 : append_to_strlist2( &sl, *argv, utf8_strings );
4377 0 : rc = keyserver_fetch (ctrl, sl);
4378 0 : if(rc)
4379 : {
4380 0 : write_status_failure ("fetch-keys", rc);
4381 0 : log_error ("key fetch failed: %s\n",gpg_strerror (rc));
4382 : }
4383 0 : free_strlist(sl);
4384 0 : break;
4385 :
4386 : case aExportSecret:
4387 3 : sl = NULL;
4388 9 : for( ; argc; argc--, argv++ )
4389 6 : add_to_strlist2( &sl, *argv, utf8_strings );
4390 : {
4391 3 : export_stats_t stats = export_new_stats ();
4392 3 : export_seckeys (ctrl, sl, stats);
4393 3 : export_print_stats (stats);
4394 3 : export_release_stats (stats);
4395 : }
4396 3 : free_strlist(sl);
4397 3 : break;
4398 :
4399 : case aExportSecretSub:
4400 0 : sl = NULL;
4401 0 : for( ; argc; argc--, argv++ )
4402 0 : add_to_strlist2( &sl, *argv, utf8_strings );
4403 : {
4404 0 : export_stats_t stats = export_new_stats ();
4405 0 : export_secsubkeys (ctrl, sl, stats);
4406 0 : export_print_stats (stats);
4407 0 : export_release_stats (stats);
4408 : }
4409 0 : free_strlist(sl);
4410 0 : break;
4411 :
4412 : case aGenRevoke:
4413 0 : if( argc != 1 )
4414 0 : wrong_args("--gen-revoke user-id");
4415 0 : username = make_username(*argv);
4416 0 : gen_revoke( username );
4417 0 : xfree( username );
4418 0 : break;
4419 :
4420 : case aDesigRevoke:
4421 0 : if (argc != 1)
4422 0 : wrong_args ("--desig-revoke user-id");
4423 0 : username = make_username (*argv);
4424 0 : gen_desig_revoke (ctrl, username, locusr);
4425 0 : xfree (username);
4426 0 : break;
4427 :
4428 : case aDeArmor:
4429 36 : if( argc > 1 )
4430 0 : wrong_args("--dearmor [file]");
4431 36 : rc = dearmor_file( argc? *argv: NULL );
4432 36 : if( rc )
4433 : {
4434 0 : write_status_failure ("dearmor", rc);
4435 0 : log_error (_("dearmoring failed: %s\n"), gpg_strerror (rc));
4436 : }
4437 36 : break;
4438 :
4439 : case aEnArmor:
4440 0 : if( argc > 1 )
4441 0 : wrong_args("--enarmor [file]");
4442 0 : rc = enarmor_file( argc? *argv: NULL );
4443 0 : if( rc )
4444 : {
4445 0 : write_status_failure ("enarmor", rc);
4446 0 : log_error (_("enarmoring failed: %s\n"), gpg_strerror (rc));
4447 : }
4448 0 : break;
4449 :
4450 :
4451 : case aPrimegen:
4452 : #if 0 /*FIXME*/
4453 : { int mode = argc < 2 ? 0 : atoi(*argv);
4454 :
4455 : if( mode == 1 && argc == 2 ) {
4456 : mpi_print (es_stdout,
4457 : generate_public_prime( atoi(argv[1]) ), 1);
4458 : }
4459 : else if( mode == 2 && argc == 3 ) {
4460 : mpi_print (es_stdout, generate_elg_prime(
4461 : 0, atoi(argv[1]),
4462 : atoi(argv[2]), NULL,NULL ), 1);
4463 : }
4464 : else if( mode == 3 && argc == 3 ) {
4465 : MPI *factors;
4466 : mpi_print (es_stdout, generate_elg_prime(
4467 : 1, atoi(argv[1]),
4468 : atoi(argv[2]), NULL,&factors ), 1);
4469 : es_putc ('\n', es_stdout);
4470 : mpi_print (es_stdout, factors[0], 1 ); /* print q */
4471 : }
4472 : else if( mode == 4 && argc == 3 ) {
4473 : MPI g = mpi_alloc(1);
4474 : mpi_print (es_stdout, generate_elg_prime(
4475 : 0, atoi(argv[1]),
4476 : atoi(argv[2]), g, NULL ), 1);
4477 : es_putc ('\n', es_stdout);
4478 : mpi_print (es_stdout, g, 1 );
4479 : mpi_free (g);
4480 : }
4481 : else
4482 : wrong_args("--gen-prime mode bits [qbits] ");
4483 : es_putc ('\n', es_stdout);
4484 : }
4485 : #endif
4486 0 : wrong_args("--gen-prime not yet supported ");
4487 0 : break;
4488 :
4489 : case aGenRandom:
4490 : {
4491 0 : int level = argc ? atoi(*argv):0;
4492 0 : int count = argc > 1 ? atoi(argv[1]): 0;
4493 0 : int endless = !count;
4494 :
4495 0 : if( argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0 )
4496 0 : wrong_args("--gen-random 0|1|2 [count]");
4497 :
4498 0 : while( endless || count ) {
4499 : byte *p;
4500 : /* Wee need a multiple of 3, so that in case of
4501 : armored output we get a correct string. No
4502 : linefolding is done, as it is best to levae this to
4503 : other tools */
4504 0 : size_t n = !endless && count < 99? count : 99;
4505 :
4506 0 : p = gcry_random_bytes (n, level);
4507 : #ifdef HAVE_DOSISH_SYSTEM
4508 : setmode ( fileno(stdout), O_BINARY );
4509 : #endif
4510 0 : if (opt.armor) {
4511 0 : char *tmp = make_radix64_string (p, n);
4512 0 : es_fputs (tmp, es_stdout);
4513 0 : xfree (tmp);
4514 0 : if (n%3 == 1)
4515 0 : es_putc ('=', es_stdout);
4516 0 : if (n%3)
4517 0 : es_putc ('=', es_stdout);
4518 : } else {
4519 0 : es_fwrite( p, n, 1, es_stdout );
4520 : }
4521 0 : xfree(p);
4522 0 : if( !endless )
4523 0 : count -= n;
4524 : }
4525 0 : if (opt.armor)
4526 0 : es_putc ('\n', es_stdout);
4527 : }
4528 0 : break;
4529 :
4530 : case aPrintMD:
4531 1 : if( argc < 1)
4532 0 : wrong_args("--print-md algo [files]");
4533 : {
4534 1 : int all_algos = (**argv=='*' && !(*argv)[1]);
4535 1 : int algo = all_algos? 0 : gcry_md_map_name (*argv);
4536 :
4537 1 : if( !algo && !all_algos )
4538 0 : log_error(_("invalid hash algorithm '%s'\n"), *argv );
4539 : else {
4540 1 : argc--; argv++;
4541 1 : if( !argc )
4542 0 : print_mds(NULL, algo);
4543 : else {
4544 2 : for(; argc; argc--, argv++ )
4545 1 : print_mds(*argv, algo);
4546 : }
4547 : }
4548 : }
4549 1 : break;
4550 :
4551 : case aPrintMDs: /* old option */
4552 2 : if( !argc )
4553 2 : print_mds(NULL,0);
4554 : else {
4555 0 : for(; argc; argc--, argv++ )
4556 0 : print_mds(*argv,0);
4557 : }
4558 2 : break;
4559 :
4560 : #ifndef NO_TRUST_MODELS
4561 : case aListTrustDB:
4562 0 : if( !argc )
4563 0 : list_trustdb (es_stdout, NULL);
4564 : else {
4565 0 : for( ; argc; argc--, argv++ )
4566 0 : list_trustdb (es_stdout, *argv );
4567 : }
4568 0 : break;
4569 :
4570 : case aUpdateTrustDB:
4571 0 : if( argc )
4572 0 : wrong_args("--update-trustdb");
4573 0 : update_trustdb (ctrl);
4574 0 : break;
4575 :
4576 : case aCheckTrustDB:
4577 : /* Old versions allowed for arguments - ignore them */
4578 1 : check_trustdb (ctrl);
4579 1 : break;
4580 :
4581 : case aFixTrustDB:
4582 0 : how_to_fix_the_trustdb ();
4583 0 : break;
4584 :
4585 : case aListTrustPath:
4586 0 : if( !argc )
4587 0 : wrong_args("--list-trust-path <user-ids>");
4588 0 : for( ; argc; argc--, argv++ ) {
4589 0 : username = make_username( *argv );
4590 0 : list_trust_path( username );
4591 0 : xfree(username);
4592 : }
4593 0 : break;
4594 :
4595 : case aExportOwnerTrust:
4596 0 : if( argc )
4597 0 : wrong_args("--export-ownertrust");
4598 0 : export_ownertrust();
4599 0 : break;
4600 :
4601 : case aImportOwnerTrust:
4602 0 : if( argc > 1 )
4603 0 : wrong_args("--import-ownertrust [file]");
4604 0 : import_ownertrust( argc? *argv:NULL );
4605 0 : break;
4606 : #endif /*!NO_TRUST_MODELS*/
4607 :
4608 : case aRebuildKeydbCaches:
4609 0 : if (argc)
4610 0 : wrong_args ("--rebuild-keydb-caches");
4611 0 : keydb_rebuild_caches (1);
4612 0 : break;
4613 :
4614 : #ifdef ENABLE_CARD_SUPPORT
4615 : case aCardStatus:
4616 0 : if (argc)
4617 0 : wrong_args ("--card-status");
4618 0 : card_status (es_stdout, NULL, 0);
4619 0 : break;
4620 :
4621 : case aCardEdit:
4622 0 : if (argc) {
4623 0 : sl = NULL;
4624 0 : for (argc--, argv++ ; argc; argc--, argv++)
4625 0 : append_to_strlist (&sl, *argv);
4626 0 : card_edit (ctrl, sl);
4627 0 : free_strlist (sl);
4628 : }
4629 : else
4630 0 : card_edit (ctrl, NULL);
4631 0 : break;
4632 :
4633 : case aChangePIN:
4634 0 : if (!argc)
4635 0 : change_pin (0,1);
4636 0 : else if (argc == 1)
4637 0 : change_pin (atoi (*argv),1);
4638 : else
4639 0 : wrong_args ("--change-pin [no]");
4640 0 : break;
4641 : #endif /* ENABLE_CARD_SUPPORT*/
4642 :
4643 : case aListConfig:
4644 : {
4645 373 : char *str=collapse_args(argc,argv);
4646 373 : list_config(str);
4647 373 : xfree(str);
4648 : }
4649 373 : break;
4650 :
4651 : case aListGcryptConfig:
4652 : /* Fixme: It would be nice to integrate that with
4653 : --list-config but unfortunately there is no way yet to have
4654 : libgcrypt print it to an estream for further parsing. */
4655 0 : gcry_control (GCRYCTL_PRINT_CONFIG, stdout);
4656 0 : break;
4657 :
4658 : case aTOFUPolicy:
4659 : #ifdef USE_TOFU
4660 : {
4661 : int policy;
4662 : int i;
4663 : KEYDB_HANDLE hd;
4664 :
4665 4 : if (argc < 2)
4666 0 : wrong_args ("--tofu-policy POLICY KEYID [KEYID...]");
4667 :
4668 4 : policy = parse_tofu_policy (argv[0]);
4669 :
4670 4 : hd = keydb_new ();
4671 4 : if (! hd)
4672 0 : g10_exit (1);
4673 :
4674 4 : tofu_begin_batch_update (ctrl);
4675 :
4676 8 : for (i = 1; i < argc; i ++)
4677 : {
4678 : KEYDB_SEARCH_DESC desc;
4679 : kbnode_t kb;
4680 :
4681 4 : rc = classify_user_id (argv[i], &desc, 0);
4682 4 : if (rc)
4683 : {
4684 0 : log_error (_("error parsing key specification '%s': %s\n"),
4685 0 : argv[i], gpg_strerror (rc));
4686 0 : g10_exit (1);
4687 : }
4688 :
4689 4 : if (! (desc.mode == KEYDB_SEARCH_MODE_SHORT_KID
4690 0 : || desc.mode == KEYDB_SEARCH_MODE_LONG_KID
4691 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR16
4692 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR20
4693 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR
4694 0 : || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP))
4695 : {
4696 0 : log_error (_("'%s' does not appear to be a valid"
4697 : " key ID, fingerprint or keygrip\n"),
4698 0 : argv[i]);
4699 0 : g10_exit (1);
4700 : }
4701 :
4702 4 : rc = keydb_search_reset (hd);
4703 4 : if (rc)
4704 : {
4705 : /* This should not happen, thus no need to tranalate
4706 : the string. */
4707 0 : log_error ("keydb_search_reset failed: %s\n",
4708 : gpg_strerror (rc));
4709 0 : g10_exit (1);
4710 : }
4711 :
4712 4 : rc = keydb_search (hd, &desc, 1, NULL);
4713 4 : if (rc)
4714 : {
4715 0 : log_error (_("key \"%s\" not found: %s\n"), argv[i],
4716 : gpg_strerror (rc));
4717 0 : g10_exit (1);
4718 : }
4719 :
4720 4 : rc = keydb_get_keyblock (hd, &kb);
4721 4 : if (rc)
4722 : {
4723 0 : log_error (_("error reading keyblock: %s\n"),
4724 : gpg_strerror (rc));
4725 0 : g10_exit (1);
4726 : }
4727 :
4728 4 : merge_keys_and_selfsig (kb);
4729 4 : if (tofu_set_policy (ctrl, kb, policy))
4730 0 : g10_exit (1);
4731 : }
4732 :
4733 4 : tofu_end_batch_update (ctrl);
4734 :
4735 4 : keydb_release (hd);
4736 : }
4737 : #endif /*USE_TOFU*/
4738 4 : break;
4739 :
4740 : case aListPackets:
4741 : default:
4742 564 : if( argc > 1 )
4743 0 : wrong_args(_("[filename]"));
4744 : /* Issue some output for the unix newbie */
4745 564 : if (!fname && !opt.outfile
4746 0 : && gnupg_isatty (fileno (stdin))
4747 0 : && gnupg_isatty (fileno (stdout))
4748 0 : && gnupg_isatty (fileno (stderr)))
4749 0 : log_info(_("Go ahead and type your message ...\n"));
4750 :
4751 564 : a = iobuf_open(fname);
4752 564 : if (a && is_secured_file (iobuf_get_fd (a)))
4753 : {
4754 0 : iobuf_close (a);
4755 0 : a = NULL;
4756 0 : gpg_err_set_errno (EPERM);
4757 : }
4758 564 : if( !a )
4759 0 : log_error(_("can't open '%s'\n"), print_fname_stdin(fname));
4760 : else {
4761 :
4762 564 : if( !opt.no_armor ) {
4763 564 : if( use_armor_filter( a ) ) {
4764 61 : afx = new_armor_context ();
4765 61 : push_armor_filter (afx, a);
4766 : }
4767 : }
4768 564 : if( cmd == aListPackets ) {
4769 13 : opt.list_packets=1;
4770 13 : set_packet_list_mode(1);
4771 : }
4772 564 : rc = proc_packets (ctrl, NULL, a );
4773 564 : if( rc )
4774 : {
4775 0 : write_status_failure ("-", rc);
4776 0 : log_error ("processing message failed: %s\n",
4777 : gpg_strerror (rc));
4778 : }
4779 564 : iobuf_close(a);
4780 : }
4781 564 : break;
4782 : }
4783 :
4784 : /* cleanup */
4785 1699 : gpg_deinit_default_ctrl (ctrl);
4786 1699 : xfree (ctrl);
4787 1699 : release_armor_context (afx);
4788 1699 : FREE_STRLIST(remusr);
4789 1699 : FREE_STRLIST(locusr);
4790 1699 : g10_exit(0);
4791 : return 8; /*NEVER REACHED*/
4792 : }
4793 :
4794 :
4795 : /* Note: This function is used by signal handlers!. */
4796 : static void
4797 1702 : emergency_cleanup (void)
4798 : {
4799 1702 : gcry_control (GCRYCTL_TERM_SECMEM );
4800 1702 : }
4801 :
4802 :
4803 : void
4804 1702 : g10_exit( int rc )
4805 : {
4806 1702 : gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
4807 1702 : if (DBG_CLOCK)
4808 0 : log_clock ("stop");
4809 :
4810 1702 : if ( (opt.debug & DBG_MEMSTAT_VALUE) )
4811 : {
4812 0 : keydb_dump_stats ();
4813 0 : gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
4814 0 : gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
4815 : }
4816 1702 : if (opt.debug)
4817 0 : gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
4818 :
4819 1702 : emergency_cleanup ();
4820 :
4821 1702 : rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
4822 1702 : exit (rc);
4823 : }
4824 :
4825 :
4826 : /* Pretty-print hex hashes. This assumes at least an 80-character
4827 : display, but there are a few other similar assumptions in the
4828 : display code. */
4829 : static void
4830 0 : print_hex (gcry_md_hd_t md, int algo, const char *fname)
4831 : {
4832 0 : int i,n,count,indent=0;
4833 : const byte *p;
4834 :
4835 0 : if (fname)
4836 0 : indent = es_printf("%s: ",fname);
4837 :
4838 0 : if (indent>40)
4839 : {
4840 0 : es_printf ("\n");
4841 0 : indent=0;
4842 : }
4843 :
4844 0 : if (algo==DIGEST_ALGO_RMD160)
4845 0 : indent += es_printf("RMD160 = ");
4846 0 : else if (algo>0)
4847 0 : indent += es_printf("%6s = ", gcry_md_algo_name (algo));
4848 : else
4849 0 : algo = abs(algo);
4850 :
4851 0 : count = indent;
4852 :
4853 0 : p = gcry_md_read (md, algo);
4854 0 : n = gcry_md_get_algo_dlen (algo);
4855 :
4856 0 : count += es_printf ("%02X",*p++);
4857 :
4858 0 : for(i=1;i<n;i++,p++)
4859 : {
4860 0 : if(n==16)
4861 : {
4862 0 : if(count+2>79)
4863 : {
4864 0 : es_printf ("\n%*s",indent," ");
4865 0 : count = indent;
4866 : }
4867 : else
4868 0 : count += es_printf(" ");
4869 :
4870 0 : if (!(i%8))
4871 0 : count += es_printf(" ");
4872 : }
4873 0 : else if (n==20)
4874 : {
4875 0 : if(!(i%2))
4876 : {
4877 0 : if(count+4>79)
4878 : {
4879 0 : es_printf ("\n%*s",indent," ");
4880 0 : count=indent;
4881 : }
4882 : else
4883 0 : count += es_printf(" ");
4884 : }
4885 :
4886 0 : if (!(i%10))
4887 0 : count += es_printf(" ");
4888 : }
4889 : else
4890 : {
4891 0 : if(!(i%4))
4892 : {
4893 0 : if (count+8>79)
4894 : {
4895 0 : es_printf ("\n%*s",indent," ");
4896 0 : count=indent;
4897 : }
4898 : else
4899 0 : count += es_printf(" ");
4900 : }
4901 : }
4902 :
4903 0 : count += es_printf("%02X",*p);
4904 : }
4905 :
4906 0 : es_printf ("\n");
4907 0 : }
4908 :
4909 : static void
4910 15 : print_hashline( gcry_md_hd_t md, int algo, const char *fname )
4911 : {
4912 : int i, n;
4913 : const byte *p;
4914 :
4915 15 : if ( fname )
4916 : {
4917 23 : for (p = fname; *p; p++ )
4918 : {
4919 22 : if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
4920 0 : es_printf ("%%%02X", *p );
4921 : else
4922 22 : es_putc (*p, es_stdout);
4923 : }
4924 : }
4925 15 : es_putc (':', es_stdout);
4926 15 : es_printf ("%d:", algo);
4927 15 : p = gcry_md_read (md, algo);
4928 15 : n = gcry_md_get_algo_dlen (algo);
4929 491 : for(i=0; i < n ; i++, p++ )
4930 476 : es_printf ("%02X", *p);
4931 15 : es_fputs (":\n", es_stdout);
4932 15 : }
4933 :
4934 :
4935 : static void
4936 3 : print_mds( const char *fname, int algo )
4937 : {
4938 : estream_t fp;
4939 : char buf[1024];
4940 : size_t n;
4941 : gcry_md_hd_t md;
4942 :
4943 3 : if (!fname)
4944 : {
4945 2 : fp = es_stdin;
4946 2 : es_set_binary (fp);
4947 : }
4948 : else
4949 : {
4950 1 : fp = es_fopen (fname, "rb" );
4951 1 : if (fp && is_secured_file (es_fileno (fp)))
4952 : {
4953 0 : es_fclose (fp);
4954 0 : fp = NULL;
4955 0 : gpg_err_set_errno (EPERM);
4956 : }
4957 : }
4958 3 : if (!fp)
4959 : {
4960 0 : log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
4961 3 : return;
4962 : }
4963 :
4964 3 : gcry_md_open (&md, 0, 0);
4965 3 : if (algo)
4966 1 : gcry_md_enable (md, algo);
4967 : else
4968 : {
4969 2 : if (!gcry_md_test_algo (GCRY_MD_MD5))
4970 2 : gcry_md_enable (md, GCRY_MD_MD5);
4971 2 : gcry_md_enable (md, GCRY_MD_SHA1);
4972 2 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
4973 2 : gcry_md_enable (md, GCRY_MD_RMD160);
4974 2 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
4975 2 : gcry_md_enable (md, GCRY_MD_SHA224);
4976 2 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
4977 2 : gcry_md_enable (md, GCRY_MD_SHA256);
4978 2 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
4979 2 : gcry_md_enable (md, GCRY_MD_SHA384);
4980 2 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
4981 2 : gcry_md_enable (md, GCRY_MD_SHA512);
4982 : }
4983 :
4984 51 : while ((n=es_fread (buf, 1, DIM(buf), fp)))
4985 45 : gcry_md_write (md, buf, n);
4986 :
4987 3 : if (es_ferror(fp))
4988 0 : log_error ("%s: %s\n", fname?fname:"[stdin]", strerror(errno));
4989 : else
4990 : {
4991 3 : gcry_md_final (md);
4992 3 : if (opt.with_colons)
4993 : {
4994 3 : if ( algo )
4995 1 : print_hashline (md, algo, fname);
4996 : else
4997 : {
4998 2 : if (!gcry_md_test_algo (GCRY_MD_MD5))
4999 2 : print_hashline( md, GCRY_MD_MD5, fname );
5000 2 : print_hashline( md, GCRY_MD_SHA1, fname );
5001 2 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
5002 2 : print_hashline( md, GCRY_MD_RMD160, fname );
5003 2 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
5004 2 : print_hashline (md, GCRY_MD_SHA224, fname);
5005 2 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
5006 2 : print_hashline( md, GCRY_MD_SHA256, fname );
5007 2 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
5008 2 : print_hashline ( md, GCRY_MD_SHA384, fname );
5009 2 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
5010 2 : print_hashline ( md, GCRY_MD_SHA512, fname );
5011 : }
5012 : }
5013 : else
5014 : {
5015 0 : if (algo)
5016 0 : print_hex (md, -algo, fname);
5017 : else
5018 : {
5019 0 : if (!gcry_md_test_algo (GCRY_MD_MD5))
5020 0 : print_hex (md, GCRY_MD_MD5, fname);
5021 0 : print_hex (md, GCRY_MD_SHA1, fname );
5022 0 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
5023 0 : print_hex (md, GCRY_MD_RMD160, fname );
5024 0 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
5025 0 : print_hex (md, GCRY_MD_SHA224, fname);
5026 0 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
5027 0 : print_hex (md, GCRY_MD_SHA256, fname );
5028 0 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
5029 0 : print_hex (md, GCRY_MD_SHA384, fname );
5030 0 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
5031 0 : print_hex (md, GCRY_MD_SHA512, fname );
5032 : }
5033 : }
5034 : }
5035 3 : gcry_md_close (md);
5036 :
5037 3 : if (fp != es_stdin)
5038 1 : es_fclose (fp);
5039 : }
5040 :
5041 :
5042 : /****************
5043 : * Check the supplied name,value string and add it to the notation
5044 : * data to be used for signatures. which==0 for sig notations, and 1
5045 : * for cert notations.
5046 : */
5047 : static void
5048 0 : add_notation_data( const char *string, int which )
5049 : {
5050 : struct notation *notation;
5051 :
5052 0 : notation=string_to_notation(string,utf8_strings);
5053 0 : if(notation)
5054 : {
5055 0 : if(which)
5056 : {
5057 0 : notation->next=opt.cert_notations;
5058 0 : opt.cert_notations=notation;
5059 : }
5060 : else
5061 : {
5062 0 : notation->next=opt.sig_notations;
5063 0 : opt.sig_notations=notation;
5064 : }
5065 : }
5066 0 : }
5067 :
5068 : static void
5069 0 : add_policy_url( const char *string, int which )
5070 : {
5071 0 : unsigned int i,critical=0;
5072 : strlist_t sl;
5073 :
5074 0 : if(*string=='!')
5075 : {
5076 0 : string++;
5077 0 : critical=1;
5078 : }
5079 :
5080 0 : for(i=0;i<strlen(string);i++)
5081 0 : if( !isascii (string[i]) || iscntrl(string[i]))
5082 : break;
5083 :
5084 0 : if(i==0 || i<strlen(string))
5085 : {
5086 0 : if(which)
5087 0 : log_error(_("the given certification policy URL is invalid\n"));
5088 : else
5089 0 : log_error(_("the given signature policy URL is invalid\n"));
5090 : }
5091 :
5092 0 : if(which)
5093 0 : sl=add_to_strlist( &opt.cert_policy_url, string );
5094 : else
5095 0 : sl=add_to_strlist( &opt.sig_policy_url, string );
5096 :
5097 0 : if(critical)
5098 0 : sl->flags |= 1;
5099 0 : }
5100 :
5101 : static void
5102 0 : add_keyserver_url( const char *string, int which )
5103 : {
5104 0 : unsigned int i,critical=0;
5105 : strlist_t sl;
5106 :
5107 0 : if(*string=='!')
5108 : {
5109 0 : string++;
5110 0 : critical=1;
5111 : }
5112 :
5113 0 : for(i=0;i<strlen(string);i++)
5114 0 : if( !isascii (string[i]) || iscntrl(string[i]))
5115 : break;
5116 :
5117 0 : if(i==0 || i<strlen(string))
5118 : {
5119 0 : if(which)
5120 0 : BUG();
5121 : else
5122 0 : log_error(_("the given preferred keyserver URL is invalid\n"));
5123 : }
5124 :
5125 0 : if(which)
5126 0 : BUG();
5127 : else
5128 0 : sl=add_to_strlist( &opt.sig_keyserver_url, string );
5129 :
5130 0 : if(critical)
5131 0 : sl->flags |= 1;
5132 0 : }
|
