Line data Source code
1 : /* gpg.c - The GnuPG utility (main for gpg)
2 : * Copyright (C) 1998-2011 Free Software Foundation, Inc.
3 : * Copyright (C) 1997-2016 Werner Koch
4 : * Copyright (C) 2015-2016 g10 Code GmbH
5 : *
6 : * This file is part of GnuPG.
7 : *
8 : * GnuPG is free software; you can redistribute it and/or modify
9 : * it under the terms of the GNU General Public License as published by
10 : * the Free Software Foundation; either version 3 of the License, or
11 : * (at your option) any later version.
12 : *
13 : * GnuPG is distributed in the hope that it will be useful,
14 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : * GNU General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU General Public License
19 : * along with this program; if not, see <https://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include <config.h>
23 : #include <errno.h>
24 : #include <stdio.h>
25 : #include <stdlib.h>
26 : #include <string.h>
27 : #include <ctype.h>
28 : #include <unistd.h>
29 : #ifdef HAVE_STAT
30 : #include <sys/stat.h> /* for stat() */
31 : #endif
32 : #include <fcntl.h>
33 : #ifdef HAVE_W32_SYSTEM
34 : # ifdef HAVE_WINSOCK2_H
35 : # include <winsock2.h>
36 : # endif
37 : # include <windows.h>
38 : #endif
39 :
40 : #define INCLUDED_BY_MAIN_MODULE 1
41 : #include "gpg.h"
42 : #include <assuan.h>
43 : #include "../common/iobuf.h"
44 : #include "util.h"
45 : #include "packet.h"
46 : #include "membuf.h"
47 : #include "main.h"
48 : #include "options.h"
49 : #include "keydb.h"
50 : #include "trustdb.h"
51 : #include "filter.h"
52 : #include "ttyio.h"
53 : #include "i18n.h"
54 : #include "sysutils.h"
55 : #include "status.h"
56 : #include "keyserver-internal.h"
57 : #include "exec.h"
58 : #include "gc-opt-flags.h"
59 : #include "asshelp.h"
60 : #include "call-dirmngr.h"
61 : #include "tofu.h"
62 : #include "../common/init.h"
63 : #include "../common/mbox-util.h"
64 : #include "../common/shareddefs.h"
65 :
66 : #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
67 : #define MY_O_BINARY O_BINARY
68 : #ifndef S_IRGRP
69 : # define S_IRGRP 0
70 : # define S_IWGRP 0
71 : #endif
72 : #else
73 : #define MY_O_BINARY 0
74 : #endif
75 :
76 :
77 : enum cmd_and_opt_values
78 : {
79 : aNull = 0,
80 : oArmor = 'a',
81 : aDetachedSign = 'b',
82 : aSym = 'c',
83 : aDecrypt = 'd',
84 : aEncr = 'e',
85 : oRecipientFile = 'f',
86 : oHiddenRecipientFile = 'F',
87 : oInteractive = 'i',
88 : aListKeys = 'k',
89 : oDryRun = 'n',
90 : oOutput = 'o',
91 : oQuiet = 'q',
92 : oRecipient = 'r',
93 : oHiddenRecipient = 'R',
94 : aSign = 's',
95 : oTextmodeShort= 't',
96 : oLocalUser = 'u',
97 : oVerbose = 'v',
98 : oCompress = 'z',
99 : oSetNotation = 'N',
100 : aListSecretKeys = 'K',
101 : oBatch = 500,
102 : oMaxOutput,
103 : oInputSizeHint,
104 : oSigNotation,
105 : oCertNotation,
106 : oShowNotation,
107 : oNoShowNotation,
108 : aEncrFiles,
109 : aEncrSym,
110 : aDecryptFiles,
111 : aClearsign,
112 : aStore,
113 : aQuickKeygen,
114 : aFullKeygen,
115 : aKeygen,
116 : aSignEncr,
117 : aSignEncrSym,
118 : aSignSym,
119 : aSignKey,
120 : aLSignKey,
121 : aQuickSignKey,
122 : aQuickLSignKey,
123 : aQuickAddUid,
124 : aQuickAddKey,
125 : aQuickRevUid,
126 : aListConfig,
127 : aListGcryptConfig,
128 : aGPGConfList,
129 : aGPGConfTest,
130 : aListPackets,
131 : aEditKey,
132 : aDeleteKeys,
133 : aDeleteSecretKeys,
134 : aDeleteSecretAndPublicKeys,
135 : aImport,
136 : aFastImport,
137 : aVerify,
138 : aVerifyFiles,
139 : aListSigs,
140 : aSendKeys,
141 : aRecvKeys,
142 : aLocateKeys,
143 : aSearchKeys,
144 : aRefreshKeys,
145 : aFetchKeys,
146 : aExport,
147 : aExportSecret,
148 : aExportSecretSub,
149 : aExportSshKey,
150 : aCheckKeys,
151 : aGenRevoke,
152 : aDesigRevoke,
153 : aPrimegen,
154 : aPrintMD,
155 : aPrintMDs,
156 : aCheckTrustDB,
157 : aUpdateTrustDB,
158 : aFixTrustDB,
159 : aListTrustDB,
160 : aListTrustPath,
161 : aExportOwnerTrust,
162 : aImportOwnerTrust,
163 : aDeArmor,
164 : aEnArmor,
165 : aGenRandom,
166 : aRebuildKeydbCaches,
167 : aCardStatus,
168 : aCardEdit,
169 : aChangePIN,
170 : aPasswd,
171 : aServer,
172 : aTOFUPolicy,
173 :
174 : oMimemode,
175 : oTextmode,
176 : oNoTextmode,
177 : oExpert,
178 : oNoExpert,
179 : oDefSigExpire,
180 : oAskSigExpire,
181 : oNoAskSigExpire,
182 : oDefCertExpire,
183 : oAskCertExpire,
184 : oNoAskCertExpire,
185 : oDefCertLevel,
186 : oMinCertLevel,
187 : oAskCertLevel,
188 : oNoAskCertLevel,
189 : oFingerprint,
190 : oWithFingerprint,
191 : oWithSubkeyFingerprint,
192 : oWithICAOSpelling,
193 : oWithKeygrip,
194 : oWithSecret,
195 : oWithWKDHash,
196 : oWithColons,
197 : oWithKeyData,
198 : oWithTofuInfo,
199 : oWithSigList,
200 : oWithSigCheck,
201 : oAnswerYes,
202 : oAnswerNo,
203 : oKeyring,
204 : oPrimaryKeyring,
205 : oSecretKeyring,
206 : oShowKeyring,
207 : oDefaultKey,
208 : oDefRecipient,
209 : oDefRecipientSelf,
210 : oNoDefRecipient,
211 : oTrySecretKey,
212 : oOptions,
213 : oDebug,
214 : oDebugLevel,
215 : oDebugAll,
216 : oDebugIOLBF,
217 : oStatusFD,
218 : oStatusFile,
219 : oAttributeFD,
220 : oAttributeFile,
221 : oEmitVersion,
222 : oNoEmitVersion,
223 : oCompletesNeeded,
224 : oMarginalsNeeded,
225 : oMaxCertDepth,
226 : oLoadExtension,
227 : oCompliance,
228 : oGnuPG,
229 : oRFC2440,
230 : oRFC4880,
231 : oRFC4880bis,
232 : oOpenPGP,
233 : oPGP6,
234 : oPGP7,
235 : oPGP8,
236 : oDE_VS,
237 : oRFC2440Text,
238 : oNoRFC2440Text,
239 : oCipherAlgo,
240 : oDigestAlgo,
241 : oCertDigestAlgo,
242 : oCompressAlgo,
243 : oCompressLevel,
244 : oBZ2CompressLevel,
245 : oBZ2DecompressLowmem,
246 : oPassphrase,
247 : oPassphraseFD,
248 : oPassphraseFile,
249 : oPassphraseRepeat,
250 : oPinentryMode,
251 : oCommandFD,
252 : oCommandFile,
253 : oQuickRandom,
254 : oNoVerbose,
255 : oTrustDBName,
256 : oNoSecmemWarn,
257 : oRequireSecmem,
258 : oNoRequireSecmem,
259 : oNoPermissionWarn,
260 : oNoMDCWarn,
261 : oNoArmor,
262 : oNoDefKeyring,
263 : oNoKeyring,
264 : oNoGreeting,
265 : oNoTTY,
266 : oNoOptions,
267 : oNoBatch,
268 : oHomedir,
269 : oSkipVerify,
270 : oSkipHiddenRecipients,
271 : oNoSkipHiddenRecipients,
272 : oAlwaysTrust,
273 : oTrustModel,
274 : oForceOwnertrust,
275 : oSetFilename,
276 : oForYourEyesOnly,
277 : oNoForYourEyesOnly,
278 : oSetPolicyURL,
279 : oSigPolicyURL,
280 : oCertPolicyURL,
281 : oShowPolicyURL,
282 : oNoShowPolicyURL,
283 : oSigKeyserverURL,
284 : oUseEmbeddedFilename,
285 : oNoUseEmbeddedFilename,
286 : oComment,
287 : oDefaultComment,
288 : oNoComments,
289 : oThrowKeyids,
290 : oNoThrowKeyids,
291 : oShowPhotos,
292 : oNoShowPhotos,
293 : oPhotoViewer,
294 : oForceMDC,
295 : oNoForceMDC,
296 : oDisableMDC,
297 : oNoDisableMDC,
298 : oS2KMode,
299 : oS2KDigest,
300 : oS2KCipher,
301 : oS2KCount,
302 : oDisplayCharset,
303 : oNotDashEscaped,
304 : oEscapeFrom,
305 : oNoEscapeFrom,
306 : oLockOnce,
307 : oLockMultiple,
308 : oLockNever,
309 : oKeyServer,
310 : oKeyServerOptions,
311 : oImportOptions,
312 : oImportFilter,
313 : oExportOptions,
314 : oExportFilter,
315 : oListOptions,
316 : oVerifyOptions,
317 : oTempDir,
318 : oExecPath,
319 : oEncryptTo,
320 : oHiddenEncryptTo,
321 : oNoEncryptTo,
322 : oEncryptToDefaultKey,
323 : oLoggerFD,
324 : oLoggerFile,
325 : oUtf8Strings,
326 : oNoUtf8Strings,
327 : oDisableCipherAlgo,
328 : oDisablePubkeyAlgo,
329 : oAllowNonSelfsignedUID,
330 : oNoAllowNonSelfsignedUID,
331 : oAllowFreeformUID,
332 : oNoAllowFreeformUID,
333 : oAllowSecretKeyImport,
334 : oEnableSpecialFilenames,
335 : oNoLiteral,
336 : oSetFilesize,
337 : oHonorHttpProxy,
338 : oFastListMode,
339 : oListOnly,
340 : oIgnoreTimeConflict,
341 : oIgnoreValidFrom,
342 : oIgnoreCrcError,
343 : oIgnoreMDCError,
344 : oShowSessionKey,
345 : oOverrideSessionKey,
346 : oOverrideSessionKeyFD,
347 : oNoRandomSeedFile,
348 : oAutoKeyRetrieve,
349 : oNoAutoKeyRetrieve,
350 : oUseAgent,
351 : oNoUseAgent,
352 : oGpgAgentInfo,
353 : oMergeOnly,
354 : oTryAllSecrets,
355 : oTrustedKey,
356 : oNoExpensiveTrustChecks,
357 : oFixedListMode,
358 : oLegacyListMode,
359 : oNoSigCache,
360 : oAutoCheckTrustDB,
361 : oNoAutoCheckTrustDB,
362 : oPreservePermissions,
363 : oDefaultPreferenceList,
364 : oDefaultKeyserverURL,
365 : oPersonalCipherPreferences,
366 : oPersonalDigestPreferences,
367 : oPersonalCompressPreferences,
368 : oAgentProgram,
369 : oDirmngrProgram,
370 : oDisplay,
371 : oTTYname,
372 : oTTYtype,
373 : oLCctype,
374 : oLCmessages,
375 : oXauthority,
376 : oGroup,
377 : oUnGroup,
378 : oNoGroups,
379 : oStrict,
380 : oNoStrict,
381 : oMangleDosFilenames,
382 : oNoMangleDosFilenames,
383 : oEnableProgressFilter,
384 : oMultifile,
385 : oKeyidFormat,
386 : oExitOnStatusWriteError,
387 : oLimitCardInsertTries,
388 : oReaderPort,
389 : octapiDriver,
390 : opcscDriver,
391 : oDisableCCID,
392 : oRequireCrossCert,
393 : oNoRequireCrossCert,
394 : oAutoKeyLocate,
395 : oNoAutoKeyLocate,
396 : oAllowMultisigVerification,
397 : oEnableLargeRSA,
398 : oDisableLargeRSA,
399 : oEnableDSA2,
400 : oDisableDSA2,
401 : oAllowMultipleMessages,
402 : oNoAllowMultipleMessages,
403 : oAllowWeakDigestAlgos,
404 : oFakedSystemTime,
405 : oNoAutostart,
406 : oPrintPKARecords,
407 : oPrintDANERecords,
408 : oTOFUDefaultPolicy,
409 : oTOFUDBFormat,
410 : oWeakDigest,
411 : oUnwrap,
412 : oOnlySignTextIDs,
413 : oDisableSignerUID,
414 : oSender,
415 :
416 : oNoop
417 : };
418 :
419 :
420 : static ARGPARSE_OPTS opts[] = {
421 :
422 : ARGPARSE_group (300, N_("@Commands:\n ")),
423 :
424 : ARGPARSE_c (aSign, "sign", N_("make a signature")),
425 : ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature")),
426 : ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")),
427 : ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")),
428 : ARGPARSE_c (aEncrFiles, "encrypt-files", "@"),
429 : ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
430 : ARGPARSE_c (aStore, "store", "@"),
431 : ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
432 : ARGPARSE_c (aDecryptFiles, "decrypt-files", "@"),
433 : ARGPARSE_c (aVerify, "verify" , N_("verify a signature")),
434 : ARGPARSE_c (aVerifyFiles, "verify-files" , "@" ),
435 : ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
436 : ARGPARSE_c (aListKeys, "list-public-keys", "@" ),
437 : ARGPARSE_c (aListSigs, "list-sigs", N_("list keys and signatures")),
438 : ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
439 : ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
440 : ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
441 : ARGPARSE_c (aKeygen, "gen-key",
442 : N_("generate a new key pair")),
443 : ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
444 : N_("quickly generate a new key pair")),
445 : ARGPARSE_c (aQuickAddUid, "quick-adduid",
446 : N_("quickly add a new user-id")),
447 : ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"),
448 : ARGPARSE_c (aQuickRevUid, "quick-revuid",
449 : N_("quickly revoke a user-id")),
450 : ARGPARSE_c (aFullKeygen, "full-gen-key" ,
451 : N_("full featured key pair generation")),
452 : ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
453 : ARGPARSE_c (aDeleteKeys,"delete-keys",
454 : N_("remove keys from the public keyring")),
455 : ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
456 : N_("remove keys from the secret keyring")),
457 : ARGPARSE_c (aQuickSignKey, "quick-sign-key" ,
458 : N_("quickly sign a key")),
459 : ARGPARSE_c (aQuickLSignKey, "quick-lsign-key",
460 : N_("quickly sign a key locally")),
461 : ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")),
462 : ARGPARSE_c (aLSignKey, "lsign-key" ,N_("sign a key locally")),
463 : ARGPARSE_c (aEditKey, "edit-key" ,N_("sign or edit a key")),
464 : ARGPARSE_c (aEditKey, "key-edit" ,"@"),
465 : ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")),
466 : ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
467 : ARGPARSE_c (aExport, "export" , N_("export keys") ),
468 : ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a keyserver") ),
469 : ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a keyserver") ),
470 : ARGPARSE_c (aSearchKeys, "search-keys" ,
471 : N_("search for keys on a keyserver") ),
472 : ARGPARSE_c (aRefreshKeys, "refresh-keys",
473 : N_("update all keys from a keyserver")),
474 : ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
475 : ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
476 : ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
477 : ARGPARSE_c (aExportSecretSub, "export-secret-subkeys" , "@" ),
478 : ARGPARSE_c (aExportSshKey, "export-ssh-key", "@" ),
479 : ARGPARSE_c (aImport, "import", N_("import/merge keys")),
480 : ARGPARSE_c (aFastImport, "fast-import", "@"),
481 : #ifdef ENABLE_CARD_SUPPORT
482 : ARGPARSE_c (aCardStatus, "card-status", N_("print the card status")),
483 : ARGPARSE_c (aCardEdit, "card-edit", N_("change data on a card")),
484 : ARGPARSE_c (aChangePIN, "change-pin", N_("change a card's PIN")),
485 : #endif
486 : ARGPARSE_c (aListConfig, "list-config", "@"),
487 : ARGPARSE_c (aListGcryptConfig, "list-gcrypt-config", "@"),
488 : ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
489 : ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
490 : ARGPARSE_c (aListPackets, "list-packets","@"),
491 :
492 : #ifndef NO_TRUST_MODELS
493 : ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
494 : ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
495 : ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
496 : N_("update the trust database")),
497 : ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
498 : ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
499 : #endif
500 :
501 : ARGPARSE_c (aDeArmor, "dearmor", "@"),
502 : ARGPARSE_c (aDeArmor, "dearmour", "@"),
503 : ARGPARSE_c (aEnArmor, "enarmor", "@"),
504 : ARGPARSE_c (aEnArmor, "enarmour", "@"),
505 : ARGPARSE_c (aPrintMD, "print-md", N_("print message digests")),
506 : ARGPARSE_c (aPrimegen, "gen-prime", "@" ),
507 : ARGPARSE_c (aGenRandom,"gen-random", "@" ),
508 : ARGPARSE_c (aServer, "server", N_("run in server mode")),
509 : ARGPARSE_c (aTOFUPolicy, "tofu-policy",
510 : N_("|VALUE|set the TOFU policy for a key")),
511 :
512 : ARGPARSE_group (301, N_("@\nOptions:\n ")),
513 :
514 : ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
515 : ARGPARSE_s_n (oArmor, "armour", "@"),
516 :
517 : ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
518 : ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
519 : ARGPARSE_s_s (oRecipientFile, "recipient-file", "@"),
520 : ARGPARSE_s_s (oHiddenRecipientFile, "hidden-recipient-file", "@"),
521 : ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */
522 : ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
523 : ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"),
524 : ARGPARSE_s_n (oNoDefRecipient, "no-default-recipient", "@"),
525 :
526 : ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
527 : ARGPARSE_s_s (oExecPath, "exec-path", "@"),
528 : ARGPARSE_s_s (oEncryptTo, "encrypt-to", "@"),
529 : ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"),
530 : ARGPARSE_s_s (oHiddenEncryptTo, "hidden-encrypt-to", "@"),
531 : ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"),
532 : ARGPARSE_s_s (oLocalUser, "local-user",
533 : N_("|USER-ID|use USER-ID to sign or decrypt")),
534 : ARGPARSE_s_s (oSender, "sender", "@"),
535 :
536 : ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"),
537 :
538 : ARGPARSE_s_i (oCompress, NULL,
539 : N_("|N|set compress level to N (0 disables)")),
540 : ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
541 : ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
542 : ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
543 :
544 : ARGPARSE_s_n (oMimemode, "mimemode", "@"),
545 : ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
546 : ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
547 : ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
548 :
549 : ARGPARSE_s_n (oExpert, "expert", "@"),
550 : ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
551 :
552 : ARGPARSE_s_s (oDefSigExpire, "default-sig-expire", "@"),
553 : ARGPARSE_s_n (oAskSigExpire, "ask-sig-expire", "@"),
554 : ARGPARSE_s_n (oNoAskSigExpire, "no-ask-sig-expire", "@"),
555 : ARGPARSE_s_s (oDefCertExpire, "default-cert-expire", "@"),
556 : ARGPARSE_s_n (oAskCertExpire, "ask-cert-expire", "@"),
557 : ARGPARSE_s_n (oNoAskCertExpire, "no-ask-cert-expire", "@"),
558 : ARGPARSE_s_i (oDefCertLevel, "default-cert-level", "@"),
559 : ARGPARSE_s_i (oMinCertLevel, "min-cert-level", "@"),
560 : ARGPARSE_s_n (oAskCertLevel, "ask-cert-level", "@"),
561 : ARGPARSE_s_n (oNoAskCertLevel, "no-ask-cert-level", "@"),
562 :
563 : ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
564 : ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
565 : ARGPARSE_s_s (oInputSizeHint, "input-size-hint", "@"),
566 :
567 : ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
568 : ARGPARSE_s_n (oQuiet, "quiet", "@"),
569 : ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
570 :
571 : ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
572 : ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
573 : ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
574 : ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
575 :
576 : ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
577 :
578 : ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
579 : ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
580 :
581 : ARGPARSE_s_n (oBatch, "batch", "@"),
582 : ARGPARSE_s_n (oAnswerYes, "yes", "@"),
583 : ARGPARSE_s_n (oAnswerNo, "no", "@"),
584 : ARGPARSE_s_s (oKeyring, "keyring", "@"),
585 : ARGPARSE_s_s (oPrimaryKeyring, "primary-keyring", "@"),
586 : ARGPARSE_s_s (oSecretKeyring, "secret-keyring", "@"),
587 : ARGPARSE_s_n (oShowKeyring, "show-keyring", "@"),
588 : ARGPARSE_s_s (oDefaultKey, "default-key", "@"),
589 :
590 : ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
591 : ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
592 : ARGPARSE_s_s (oImportOptions, "import-options", "@"),
593 : ARGPARSE_s_s (oImportFilter, "import-filter", "@"),
594 : ARGPARSE_s_s (oExportOptions, "export-options", "@"),
595 : ARGPARSE_s_s (oExportFilter, "export-filter", "@"),
596 : ARGPARSE_s_s (oListOptions, "list-options", "@"),
597 : ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
598 :
599 : ARGPARSE_s_s (oDisplayCharset, "display-charset", "@"),
600 : ARGPARSE_s_s (oDisplayCharset, "charset", "@"),
601 : ARGPARSE_s_s (oOptions, "options", "@"),
602 :
603 : ARGPARSE_s_s (oDebug, "debug", "@"),
604 : ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
605 : ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
606 : ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"),
607 : ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
608 : ARGPARSE_s_s (oStatusFile, "status-file", "@"),
609 : ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
610 : ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
611 :
612 : ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
613 : ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
614 : ARGPARSE_s_i (oMaxCertDepth, "max-cert-depth", "@" ),
615 : ARGPARSE_s_s (oTrustedKey, "trusted-key", "@"),
616 :
617 : ARGPARSE_s_s (oLoadExtension, "load-extension", "@"), /* Dummy. */
618 :
619 : ARGPARSE_s_s (oCompliance, "compliance", "@"),
620 : ARGPARSE_s_n (oGnuPG, "gnupg", "@"),
621 : ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
622 : ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
623 : ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
624 : ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
625 : ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
626 : ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
627 : ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
628 : ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
629 : ARGPARSE_s_n (oPGP6, "pgp6", "@"),
630 : ARGPARSE_s_n (oPGP7, "pgp7", "@"),
631 : ARGPARSE_s_n (oPGP8, "pgp8", "@"),
632 :
633 : ARGPARSE_s_n (oRFC2440Text, "rfc2440-text", "@"),
634 : ARGPARSE_s_n (oNoRFC2440Text, "no-rfc2440-text", "@"),
635 : ARGPARSE_s_i (oS2KMode, "s2k-mode", "@"),
636 : ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"),
637 : ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"),
638 : ARGPARSE_s_i (oS2KCount, "s2k-count", "@"),
639 : ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
640 : ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
641 : ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
642 : ARGPARSE_s_s (oCompressAlgo,"compress-algo", "@"),
643 : ARGPARSE_s_s (oCompressAlgo, "compression-algo", "@"), /* Alias */
644 : ARGPARSE_s_n (oThrowKeyids, "throw-keyids", "@"),
645 : ARGPARSE_s_n (oNoThrowKeyids, "no-throw-keyids", "@"),
646 : ARGPARSE_s_n (oShowPhotos, "show-photos", "@"),
647 : ARGPARSE_s_n (oNoShowPhotos, "no-show-photos", "@"),
648 : ARGPARSE_s_s (oPhotoViewer, "photo-viewer", "@"),
649 : ARGPARSE_s_s (oSetNotation, "set-notation", "@"),
650 : ARGPARSE_s_s (oSigNotation, "sig-notation", "@"),
651 : ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
652 :
653 : ARGPARSE_group (302, N_(
654 : "@\n(See the man page for a complete listing of all commands and options)\n"
655 : )),
656 :
657 : ARGPARSE_group (303, N_("@\nExamples:\n\n"
658 : " -se -r Bob [file] sign and encrypt for user Bob\n"
659 : " --clearsign [file] make a clear text signature\n"
660 : " --detach-sign [file] make a detached signature\n"
661 : " --list-keys [names] show keys\n"
662 : " --fingerprint [names] show fingerprints\n")),
663 :
664 : /* More hidden commands and options. */
665 : ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
666 : #ifndef NO_TRUST_MODELS
667 : ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
668 : #endif
669 :
670 : /* Not yet used:
671 : ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
672 : ARGPARSE_c (aDeleteSecretAndPublicKeys,
673 : "delete-secret-and-public-keys", "@"),
674 : ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
675 :
676 : ARGPARSE_s_s (oPassphrase, "passphrase", "@"),
677 : ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"),
678 : ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"),
679 : ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
680 : ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"),
681 : ARGPARSE_s_i (oCommandFD, "command-fd", "@"),
682 : ARGPARSE_s_s (oCommandFile, "command-file", "@"),
683 : ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
684 : ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
685 :
686 : #ifndef NO_TRUST_MODELS
687 : ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
688 : ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
689 : ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
690 : ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
691 : #endif
692 :
693 : ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
694 : ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
695 : ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
696 : ARGPARSE_s_n (oNoPermissionWarn, "no-permission-warning", "@"),
697 : ARGPARSE_s_n (oNoMDCWarn, "no-mdc-warning", "@"),
698 : ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
699 : ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
700 : ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
701 : ARGPARSE_s_n (oNoKeyring, "no-keyring", "@"),
702 : ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
703 : ARGPARSE_s_n (oNoOptions, "no-options", "@"),
704 : ARGPARSE_s_s (oHomedir, "homedir", "@"),
705 : ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
706 : ARGPARSE_s_n (oWithColons, "with-colons", "@"),
707 : ARGPARSE_s_n (oWithTofuInfo,"with-tofu-info", "@"),
708 : ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
709 : ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
710 : ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
711 : ARGPARSE_s_n (aListKeys, "list-key", "@"), /* alias */
712 : ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
713 : ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
714 : ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
715 : ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
716 : ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
717 : ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
718 : #ifndef NO_TRUST_MODELS
719 : ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
720 : #endif
721 : ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
722 : ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
723 : ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
724 : ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
725 : ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
726 : ARGPARSE_s_s (oSetPolicyURL, "set-policy-url", "@"),
727 : ARGPARSE_s_s (oSigPolicyURL, "sig-policy-url", "@"),
728 : ARGPARSE_s_s (oCertPolicyURL, "cert-policy-url", "@"),
729 : ARGPARSE_s_n (oShowPolicyURL, "show-policy-url", "@"),
730 : ARGPARSE_s_n (oNoShowPolicyURL, "no-show-policy-url", "@"),
731 : ARGPARSE_s_s (oSigKeyserverURL, "sig-keyserver-url", "@"),
732 : ARGPARSE_s_n (oShowNotation, "show-notation", "@"),
733 : ARGPARSE_s_n (oNoShowNotation, "no-show-notation", "@"),
734 : ARGPARSE_s_s (oComment, "comment", "@"),
735 : ARGPARSE_s_n (oDefaultComment, "default-comment", "@"),
736 : ARGPARSE_s_n (oNoComments, "no-comments", "@"),
737 : ARGPARSE_s_n (oEmitVersion, "emit-version", "@"),
738 : ARGPARSE_s_n (oNoEmitVersion, "no-emit-version", "@"),
739 : ARGPARSE_s_n (oNoEmitVersion, "no-version", "@"), /* alias */
740 : ARGPARSE_s_n (oNotDashEscaped, "not-dash-escaped", "@"),
741 : ARGPARSE_s_n (oEscapeFrom, "escape-from-lines", "@"),
742 : ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
743 : ARGPARSE_s_n (oLockOnce, "lock-once", "@"),
744 : ARGPARSE_s_n (oLockMultiple, "lock-multiple", "@"),
745 : ARGPARSE_s_n (oLockNever, "lock-never", "@"),
746 : ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
747 : ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
748 : ARGPARSE_s_s (oLoggerFile, "logger-file", "@"), /* 1.4 compatibility. */
749 : ARGPARSE_s_n (oUseEmbeddedFilename, "use-embedded-filename", "@"),
750 : ARGPARSE_s_n (oNoUseEmbeddedFilename, "no-use-embedded-filename", "@"),
751 : ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
752 : ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
753 : ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
754 : ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprint", "@"),
755 : ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"),
756 : ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
757 : ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
758 : ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
759 : ARGPARSE_s_n (oWithWKDHash, "with-wkd-hash", "@"),
760 : ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
761 : ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
762 : ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"),
763 : ARGPARSE_s_n (oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", "@"),
764 : ARGPARSE_s_n (oAllowFreeformUID, "allow-freeform-uid", "@"),
765 : ARGPARSE_s_n (oNoAllowFreeformUID, "no-allow-freeform-uid", "@"),
766 : ARGPARSE_s_n (oNoLiteral, "no-literal", "@"),
767 : ARGPARSE_p_u (oSetFilesize, "set-filesize", "@"),
768 : ARGPARSE_s_n (oFastListMode, "fast-list-mode", "@"),
769 : ARGPARSE_s_n (oFixedListMode, "fixed-list-mode", "@"),
770 : ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
771 : ARGPARSE_s_n (oListOnly, "list-only", "@"),
772 : ARGPARSE_s_n (oPrintPKARecords, "print-pka-records", "@"),
773 : ARGPARSE_s_n (oPrintDANERecords, "print-dane-records", "@"),
774 : ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
775 : ARGPARSE_s_n (oIgnoreValidFrom, "ignore-valid-from", "@"),
776 : ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
777 : ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
778 : ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
779 : ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
780 : ARGPARSE_s_i (oOverrideSessionKeyFD, "override-session-key-fd", "@"),
781 : ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
782 : ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
783 : ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
784 : ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
785 : ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
786 : ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
787 : ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
788 : ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
789 : ARGPARSE_s_n (oNoExpensiveTrustChecks, "no-expensive-trust-checks", "@"),
790 : ARGPARSE_s_n (oPreservePermissions, "preserve-permissions", "@"),
791 : ARGPARSE_s_s (oDefaultPreferenceList, "default-preference-list", "@"),
792 : ARGPARSE_s_s (oDefaultKeyserverURL, "default-keyserver-url", "@"),
793 : ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"),
794 : ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
795 : ARGPARSE_s_s (oPersonalCompressPreferences,
796 : "personal-compress-preferences", "@"),
797 : ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
798 : ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
799 : ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
800 : ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
801 :
802 : /* Aliases. I constantly mistype these, and assume other people do
803 : as well. */
804 : ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"),
805 : ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"),
806 : ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"),
807 :
808 : ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
809 : ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
810 : ARGPARSE_s_s (oDisplay, "display", "@"),
811 : ARGPARSE_s_s (oTTYname, "ttyname", "@"),
812 : ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
813 : ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
814 : ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
815 : ARGPARSE_s_s (oXauthority, "xauthority", "@"),
816 : ARGPARSE_s_s (oGroup, "group", "@"),
817 : ARGPARSE_s_s (oUnGroup, "ungroup", "@"),
818 : ARGPARSE_s_n (oNoGroups, "no-groups", "@"),
819 : ARGPARSE_s_n (oStrict, "strict", "@"),
820 : ARGPARSE_s_n (oNoStrict, "no-strict", "@"),
821 : ARGPARSE_s_n (oMangleDosFilenames, "mangle-dos-filenames", "@"),
822 : ARGPARSE_s_n (oNoMangleDosFilenames, "no-mangle-dos-filenames", "@"),
823 : ARGPARSE_s_n (oEnableProgressFilter, "enable-progress-filter", "@"),
824 : ARGPARSE_s_n (oMultifile, "multifile", "@"),
825 : ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
826 : ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
827 : ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
828 :
829 : ARGPARSE_s_n (oAllowMultisigVerification,
830 : "allow-multisig-verification", "@"),
831 : ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
832 : ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
833 : ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
834 : ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
835 : ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
836 : ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
837 : ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
838 :
839 : /* These two are aliases to help users of the PGP command line
840 : product use gpg with minimal pain. Many commands are common
841 : already as they seem to have borrowed commands from us. Now I'm
842 : returning the favor. */
843 : ARGPARSE_s_s (oLocalUser, "sign-with", "@"),
844 : ARGPARSE_s_s (oRecipient, "user", "@"),
845 :
846 : ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"),
847 : ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"),
848 : ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"),
849 : ARGPARSE_s_n (oNoRequireCrossCert, "no-require-cross-certification", "@"),
850 :
851 : /* New options. Fixme: Should go more to the top. */
852 : ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
853 : ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
854 : ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
855 :
856 : /* Dummy options with warnings. */
857 : ARGPARSE_s_n (oUseAgent, "use-agent", "@"),
858 : ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"),
859 : ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"),
860 : ARGPARSE_s_s (oReaderPort, "reader-port", "@"),
861 : ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"),
862 : ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"),
863 : ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"),
864 : ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
865 : ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
866 :
867 : /* Dummy options. */
868 : ARGPARSE_s_n (oNoop, "sk-comments", "@"),
869 : ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
870 : ARGPARSE_s_n (oNoop, "compress-keys", "@"),
871 : ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
872 : ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
873 : ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
874 : ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
875 : ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
876 :
877 : ARGPARSE_end ()
878 : };
879 :
880 :
881 : /* The list of supported debug flags. */
882 : static struct debug_flags_s debug_flags [] =
883 : {
884 : { DBG_PACKET_VALUE , "packet" },
885 : { DBG_MPI_VALUE , "mpi" },
886 : { DBG_CRYPTO_VALUE , "crypto" },
887 : { DBG_FILTER_VALUE , "filter" },
888 : { DBG_IOBUF_VALUE , "iobuf" },
889 : { DBG_MEMORY_VALUE , "memory" },
890 : { DBG_CACHE_VALUE , "cache" },
891 : { DBG_MEMSTAT_VALUE, "memstat" },
892 : { DBG_TRUST_VALUE , "trust" },
893 : { DBG_HASHING_VALUE, "hashing" },
894 : { DBG_CARD_IO_VALUE, "cardio" },
895 : { DBG_IPC_VALUE , "ipc" },
896 : { DBG_CLOCK_VALUE , "clock" },
897 : { DBG_LOOKUP_VALUE , "lookup" },
898 : { DBG_EXTPROG_VALUE, "extprog" },
899 : { 0, NULL }
900 : };
901 :
902 :
903 : #ifdef ENABLE_SELINUX_HACKS
904 : #define ALWAYS_ADD_KEYRINGS 1
905 : #else
906 : #define ALWAYS_ADD_KEYRINGS 0
907 : #endif
908 :
909 :
910 : int g10_errors_seen = 0;
911 :
912 : static int utf8_strings = 0;
913 : static int maybe_setuid = 1;
914 :
915 : static char *build_list( const char *text, char letter,
916 : const char *(*mapf)(int), int (*chkf)(int) );
917 : static void set_cmd( enum cmd_and_opt_values *ret_cmd,
918 : enum cmd_and_opt_values new_cmd );
919 : static void print_mds( const char *fname, int algo );
920 : static void add_notation_data( const char *string, int which );
921 : static void add_policy_url( const char *string, int which );
922 : static void add_keyserver_url( const char *string, int which );
923 : static void emergency_cleanup (void);
924 : static void read_sessionkey_from_fd (int fd);
925 :
926 :
927 : static char *
928 1 : make_libversion (const char *libname, const char *(*getfnc)(const char*))
929 : {
930 : const char *s;
931 : char *result;
932 :
933 1 : if (maybe_setuid)
934 : {
935 0 : gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
936 0 : maybe_setuid = 0;
937 : }
938 1 : s = getfnc (NULL);
939 1 : result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
940 1 : strcpy (stpcpy (stpcpy (result, libname), " "), s);
941 1 : return result;
942 : }
943 :
944 :
945 : static int
946 444 : build_list_pk_test_algo (int algo)
947 : {
948 : /* Show only one "RSA" string. If RSA_E or RSA_S is available RSA
949 : is also available. */
950 444 : if (algo == PUBKEY_ALGO_RSA_E
951 440 : || algo == PUBKEY_ALGO_RSA_S)
952 8 : return GPG_ERR_DIGEST_ALGO;
953 :
954 436 : return openpgp_pk_test_algo (algo);
955 : }
956 :
957 : static const char *
958 24 : build_list_pk_algo_name (int algo)
959 : {
960 24 : return openpgp_pk_algo_name (algo);
961 : }
962 :
963 : static int
964 666 : build_list_cipher_test_algo (int algo)
965 : {
966 666 : return openpgp_cipher_test_algo (algo);
967 : }
968 :
969 : static const char *
970 66 : build_list_cipher_algo_name (int algo)
971 : {
972 66 : return openpgp_cipher_algo_name (algo);
973 : }
974 :
975 : static int
976 444 : build_list_md_test_algo (int algo)
977 : {
978 : /* By default we do not accept MD5 based signatures. To avoid
979 : confusion we do not announce support for it either. */
980 444 : if (algo == DIGEST_ALGO_MD5)
981 4 : return GPG_ERR_DIGEST_ALGO;
982 :
983 440 : return openpgp_md_test_algo (algo);
984 : }
985 :
986 : static const char *
987 24 : build_list_md_algo_name (int algo)
988 : {
989 24 : return openpgp_md_algo_name (algo);
990 : }
991 :
992 :
993 : static const char *
994 559 : my_strusage( int level )
995 : {
996 : static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry;
997 : const char *p;
998 :
999 559 : switch( level ) {
1000 1 : case 11: p = "@GPG@ (@GNUPG@)";
1001 1 : break;
1002 533 : case 13: p = VERSION; break;
1003 0 : case 17: p = PRINTABLE_OS_NAME; break;
1004 0 : case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
1005 :
1006 : case 20:
1007 1 : if (!ver_gcry)
1008 1 : ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
1009 1 : p = ver_gcry;
1010 1 : break;
1011 :
1012 : #ifdef IS_DEVELOPMENT_VERSION
1013 : case 25:
1014 : p="NOTE: THIS IS A DEVELOPMENT VERSION!";
1015 : break;
1016 : case 26:
1017 : p="It is only intended for test purposes and should NOT be";
1018 : break;
1019 : case 27:
1020 : p="used in a production environment or with production keys!";
1021 : break;
1022 : #endif
1023 :
1024 : case 1:
1025 0 : case 40: p =
1026 : _("Usage: @GPG@ [options] [files] (-h for help)");
1027 0 : break;
1028 0 : case 41: p =
1029 : _("Syntax: @GPG@ [options] [files]\n"
1030 : "Sign, check, encrypt or decrypt\n"
1031 : "Default operation depends on the input data\n");
1032 0 : break;
1033 :
1034 1 : case 31: p = "\nHome: "; break;
1035 : #ifndef __riscos__
1036 1 : case 32: p = gnupg_homedir (); break;
1037 : #else /* __riscos__ */
1038 : case 32: p = make_filename(gnupg_homedir (), NULL); break;
1039 : #endif /* __riscos__ */
1040 1 : case 33: p = _("\nSupported algorithms:\n"); break;
1041 : case 34:
1042 1 : if (!pubkeys)
1043 1 : pubkeys = build_list (_("Pubkey: "), 1,
1044 : build_list_pk_algo_name,
1045 : build_list_pk_test_algo );
1046 1 : p = pubkeys;
1047 1 : break;
1048 : case 35:
1049 1 : if( !ciphers )
1050 1 : ciphers = build_list(_("Cipher: "), 'S',
1051 : build_list_cipher_algo_name,
1052 : build_list_cipher_test_algo );
1053 1 : p = ciphers;
1054 1 : break;
1055 : case 36:
1056 1 : if( !digests )
1057 1 : digests = build_list(_("Hash: "), 'H',
1058 : build_list_md_algo_name,
1059 : build_list_md_test_algo );
1060 1 : p = digests;
1061 1 : break;
1062 : case 37:
1063 1 : if( !zips )
1064 1 : zips = build_list(_("Compression: "),'Z',
1065 : compress_algo_to_string,
1066 : check_compress_algo);
1067 1 : p = zips;
1068 1 : break;
1069 :
1070 17 : default: p = NULL;
1071 : }
1072 559 : return p;
1073 : }
1074 :
1075 :
1076 : static char *
1077 4 : build_list (const char *text, char letter,
1078 : const char * (*mapf)(int), int (*chkf)(int))
1079 : {
1080 : membuf_t mb;
1081 : int indent;
1082 : int i, j, len;
1083 : const char *s;
1084 : char *string;
1085 :
1086 4 : if (maybe_setuid)
1087 0 : gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
1088 :
1089 4 : indent = utf8_charcount (text, -1);
1090 4 : len = 0;
1091 4 : init_membuf (&mb, 512);
1092 :
1093 448 : for (i=0; i <= 110; i++ )
1094 : {
1095 444 : if (!chkf (i) && (s = mapf (i)))
1096 : {
1097 27 : if (mb.len - len > 60)
1098 : {
1099 1 : put_membuf_str (&mb, ",\n");
1100 1 : len = mb.len;
1101 9 : for (j=0; j < indent; j++)
1102 8 : put_membuf_str (&mb, " ");
1103 : }
1104 26 : else if (mb.len)
1105 22 : put_membuf_str (&mb, ", ");
1106 : else
1107 4 : put_membuf_str (&mb, text);
1108 :
1109 27 : put_membuf_str (&mb, s);
1110 27 : if (opt.verbose && letter)
1111 : {
1112 : char num[20];
1113 0 : if (letter == 1)
1114 0 : snprintf (num, sizeof num, " (%d)", i);
1115 : else
1116 0 : snprintf (num, sizeof num, " (%c%d)", letter, i);
1117 0 : put_membuf_str (&mb, num);
1118 : }
1119 : }
1120 : }
1121 4 : if (mb.len)
1122 4 : put_membuf_str (&mb, "\n");
1123 4 : put_membuf (&mb, "", 1);
1124 :
1125 4 : string = get_membuf (&mb, NULL);
1126 4 : return xrealloc (string, strlen (string)+1);
1127 : }
1128 :
1129 :
1130 : static void
1131 0 : wrong_args( const char *text)
1132 : {
1133 0 : es_fprintf (es_stderr, _("usage: %s [options] %s\n"), GPG_NAME, text);
1134 0 : g10_exit(2);
1135 : }
1136 :
1137 :
1138 : static char *
1139 1 : make_username( const char *string )
1140 : {
1141 : char *p;
1142 1 : if( utf8_strings )
1143 0 : p = xstrdup(string);
1144 : else
1145 1 : p = native_to_utf8( string );
1146 1 : return p;
1147 : }
1148 :
1149 :
1150 : static void
1151 0 : set_opt_session_env (const char *name, const char *value)
1152 : {
1153 : gpg_error_t err;
1154 :
1155 0 : err = session_env_setenv (opt.session_env, name, value);
1156 0 : if (err)
1157 0 : log_fatal ("error setting session environment: %s\n",
1158 : gpg_strerror (err));
1159 0 : }
1160 :
1161 :
1162 : /* Setup the debugging. With a LEVEL of NULL only the active debug
1163 : flags are propagated to the subsystems. With LEVEL set, a specific
1164 : set of debug flags is set; thus overriding all flags already
1165 : set. */
1166 : static void
1167 1180 : set_debug (const char *level)
1168 : {
1169 1180 : int numok = (level && digitp (level));
1170 1180 : int numlvl = numok? atoi (level) : 0;
1171 :
1172 1180 : if (!level)
1173 : ;
1174 0 : else if (!strcmp (level, "none") || (numok && numlvl < 1))
1175 0 : opt.debug = 0;
1176 0 : else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
1177 0 : opt.debug = DBG_MEMSTAT_VALUE;
1178 0 : else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
1179 0 : opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
1180 0 : else if (!strcmp (level, "expert") || (numok && numlvl <= 8))
1181 0 : opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
1182 0 : |DBG_CACHE_VALUE|DBG_LOOKUP|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
1183 0 : else if (!strcmp (level, "guru") || numok)
1184 : {
1185 0 : opt.debug = ~0;
1186 : /* Unless the "guru" string has been used we don't want to allow
1187 : hashing debugging. The rationale is that people tend to
1188 : select the highest debug value and would then clutter their
1189 : disk with debug files which may reveal confidential data. */
1190 0 : if (numok)
1191 0 : opt.debug &= ~(DBG_HASHING_VALUE);
1192 : }
1193 : else
1194 : {
1195 0 : log_error (_("invalid debug-level '%s' given\n"), level);
1196 0 : g10_exit (2);
1197 : }
1198 :
1199 1180 : if ((opt.debug & DBG_MEMORY_VALUE))
1200 0 : memory_debug_mode = 1;
1201 1180 : if ((opt.debug & DBG_MEMSTAT_VALUE))
1202 0 : memory_stat_debug_mode = 1;
1203 1180 : if (DBG_MPI)
1204 0 : gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
1205 1180 : if (DBG_CRYPTO)
1206 0 : gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
1207 1180 : if ((opt.debug & DBG_IOBUF_VALUE))
1208 0 : iobuf_debug_mode = 1;
1209 1180 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
1210 :
1211 1180 : if (opt.debug)
1212 0 : parse_debug_flag (NULL, &opt.debug, debug_flags);
1213 1180 : }
1214 :
1215 :
1216 : /* We set the screen dimensions for UI purposes. Do not allow screens
1217 : smaller than 80x24 for the sake of simplicity. */
1218 : static void
1219 1227 : set_screen_dimensions(void)
1220 : {
1221 : #ifndef HAVE_W32_SYSTEM
1222 : char *str;
1223 :
1224 1227 : str=getenv("COLUMNS");
1225 1227 : if(str)
1226 0 : opt.screen_columns=atoi(str);
1227 :
1228 1227 : str=getenv("LINES");
1229 1227 : if(str)
1230 0 : opt.screen_lines=atoi(str);
1231 : #endif
1232 :
1233 1227 : if(opt.screen_columns<80 || opt.screen_columns>255)
1234 1227 : opt.screen_columns=80;
1235 :
1236 1227 : if(opt.screen_lines<24 || opt.screen_lines>255)
1237 1227 : opt.screen_lines=24;
1238 1227 : }
1239 :
1240 :
1241 : /* Helper to open a file FNAME either for reading or writing to be
1242 : used with --status-file etc functions. Not generally useful but it
1243 : avoids the riscos specific functions and well some Windows people
1244 : might like it too. Prints an error message and returns -1 on
1245 : error. On success the file descriptor is returned. */
1246 : static int
1247 9 : open_info_file (const char *fname, int for_write, int binary)
1248 : {
1249 : #ifdef __riscos__
1250 : return riscos_fdopenfile (fname, for_write);
1251 : #elif defined (ENABLE_SELINUX_HACKS)
1252 : /* We can't allow these even when testing for a secured filename
1253 : because files to be secured might not yet been secured. This is
1254 : similar to the option file but in that case it is unlikely that
1255 : sensitive information may be retrieved by means of error
1256 : messages. */
1257 : (void)fname;
1258 : (void)for_write;
1259 : (void)binary;
1260 : return -1;
1261 : #else
1262 : int fd;
1263 :
1264 9 : if (binary)
1265 9 : binary = MY_O_BINARY;
1266 :
1267 : /* if (is_secured_filename (fname)) */
1268 : /* { */
1269 : /* fd = -1; */
1270 : /* gpg_err_set_errno (EPERM); */
1271 : /* } */
1272 : /* else */
1273 : /* { */
1274 : do
1275 : {
1276 9 : if (for_write)
1277 0 : fd = open (fname, O_CREAT | O_TRUNC | O_WRONLY | binary,
1278 : S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
1279 : else
1280 9 : fd = open (fname, O_RDONLY | binary);
1281 : }
1282 9 : while (fd == -1 && errno == EINTR);
1283 : /* } */
1284 9 : if ( fd == -1)
1285 0 : log_error ( for_write? _("can't create '%s': %s\n")
1286 0 : : _("can't open '%s': %s\n"), fname, strerror(errno));
1287 :
1288 9 : return fd;
1289 : #endif
1290 : }
1291 :
1292 : static void
1293 846 : set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
1294 : {
1295 846 : enum cmd_and_opt_values cmd = *ret_cmd;
1296 :
1297 846 : if( !cmd || cmd == new_cmd )
1298 810 : cmd = new_cmd;
1299 36 : else if( cmd == aSign && new_cmd == aEncr )
1300 26 : cmd = aSignEncr;
1301 10 : else if( cmd == aEncr && new_cmd == aSign )
1302 2 : cmd = aSignEncr;
1303 8 : else if( cmd == aSign && new_cmd == aSym )
1304 0 : cmd = aSignSym;
1305 8 : else if( cmd == aSym && new_cmd == aSign )
1306 7 : cmd = aSignSym;
1307 1 : else if( cmd == aSym && new_cmd == aEncr )
1308 0 : cmd = aEncrSym;
1309 1 : else if( cmd == aEncr && new_cmd == aSym )
1310 0 : cmd = aEncrSym;
1311 1 : else if (cmd == aSignEncr && new_cmd == aSym)
1312 1 : cmd = aSignEncrSym;
1313 0 : else if (cmd == aSignSym && new_cmd == aEncr)
1314 0 : cmd = aSignEncrSym;
1315 0 : else if (cmd == aEncrSym && new_cmd == aSign)
1316 0 : cmd = aSignEncrSym;
1317 0 : else if( ( cmd == aSign && new_cmd == aClearsign )
1318 0 : || ( cmd == aClearsign && new_cmd == aSign ) )
1319 0 : cmd = aClearsign;
1320 : else {
1321 0 : log_error(_("conflicting commands\n"));
1322 0 : g10_exit(2);
1323 : }
1324 :
1325 846 : *ret_cmd = cmd;
1326 846 : }
1327 :
1328 :
1329 : static void
1330 9 : add_group(char *string)
1331 : {
1332 : char *name,*value;
1333 : struct groupitem *item;
1334 :
1335 : /* Break off the group name */
1336 9 : name=strsep(&string,"=");
1337 9 : if(string==NULL)
1338 : {
1339 0 : log_error(_("no = sign found in group definition '%s'\n"),name);
1340 9 : return;
1341 : }
1342 :
1343 9 : trim_trailing_ws(name,strlen(name));
1344 :
1345 : /* Does this group already exist? */
1346 9 : for(item=opt.grouplist;item;item=item->next)
1347 6 : if(strcasecmp(item->name,name)==0)
1348 6 : break;
1349 :
1350 9 : if(!item)
1351 : {
1352 3 : item=xmalloc(sizeof(struct groupitem));
1353 3 : item->name=name;
1354 3 : item->next=opt.grouplist;
1355 3 : item->values=NULL;
1356 3 : opt.grouplist=item;
1357 : }
1358 :
1359 : /* Break apart the values */
1360 27 : while ((value= strsep(&string," \t")))
1361 : {
1362 9 : if (*value)
1363 9 : add_to_strlist2(&item->values,value,utf8_strings);
1364 : }
1365 : }
1366 :
1367 :
1368 : static void
1369 0 : rm_group(char *name)
1370 : {
1371 0 : struct groupitem *item,*last=NULL;
1372 :
1373 0 : trim_trailing_ws(name,strlen(name));
1374 :
1375 0 : for(item=opt.grouplist;item;last=item,item=item->next)
1376 : {
1377 0 : if(strcasecmp(item->name,name)==0)
1378 : {
1379 0 : if(last)
1380 0 : last->next=item->next;
1381 : else
1382 0 : opt.grouplist=item->next;
1383 :
1384 0 : free_strlist(item->values);
1385 0 : xfree(item);
1386 0 : break;
1387 : }
1388 : }
1389 0 : }
1390 :
1391 :
1392 : /* We need to check three things.
1393 :
1394 : 0) The homedir. It must be x00, a directory, and owned by the
1395 : user.
1396 :
1397 : 1) The options/gpg.conf file. Okay unless it or its containing
1398 : directory is group or other writable or not owned by us. Disable
1399 : exec in this case.
1400 :
1401 : 2) Extensions. Same as #1.
1402 :
1403 : Returns true if the item is unsafe. */
1404 : static int
1405 2362 : check_permissions (const char *path, int item)
1406 : {
1407 : #if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
1408 : static int homedir_cache=-1;
1409 : char *tmppath,*dir;
1410 : struct stat statbuf,dirbuf;
1411 2362 : int homedir=0,ret=0,checkonly=0;
1412 2362 : int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
1413 :
1414 2362 : if(opt.no_perm_warn)
1415 2296 : return 0;
1416 :
1417 66 : log_assert(item==0 || item==1 || item==2);
1418 :
1419 : /* extensions may attach a path */
1420 66 : if(item==2 && path[0]!=DIRSEP_C)
1421 : {
1422 0 : if(strchr(path,DIRSEP_C))
1423 0 : tmppath=make_filename(path,NULL);
1424 : else
1425 0 : tmppath=make_filename(gnupg_libdir (),path,NULL);
1426 : }
1427 : else
1428 66 : tmppath=xstrdup(path);
1429 :
1430 : /* If the item is located in the homedir, but isn't the homedir,
1431 : don't continue if we already checked the homedir itself. This is
1432 : to avoid user confusion with an extra options file warning which
1433 : could be rectified if the homedir itself had proper
1434 : permissions. */
1435 66 : if(item!=0 && homedir_cache>-1
1436 33 : && !ascii_strncasecmp (gnupg_homedir (), tmppath,
1437 : strlen (gnupg_homedir ())))
1438 : {
1439 33 : ret=homedir_cache;
1440 33 : goto end;
1441 : }
1442 :
1443 : /* It's okay if the file or directory doesn't exist */
1444 33 : if(stat(tmppath,&statbuf)!=0)
1445 : {
1446 0 : ret=0;
1447 0 : goto end;
1448 : }
1449 :
1450 : /* Now check the enclosing directory. Theoretically, we could walk
1451 : this test up to the root directory /, but for the sake of sanity,
1452 : I'm stopping at one level down. */
1453 33 : dir=make_dirname(tmppath);
1454 :
1455 33 : if(stat(dir,&dirbuf)!=0 || !S_ISDIR(dirbuf.st_mode))
1456 : {
1457 : /* Weird error */
1458 0 : ret=1;
1459 0 : goto end;
1460 : }
1461 :
1462 33 : xfree(dir);
1463 :
1464 : /* Assume failure */
1465 33 : ret=1;
1466 :
1467 33 : if(item==0)
1468 : {
1469 : /* The homedir must be x00, a directory, and owned by the user. */
1470 :
1471 33 : if(S_ISDIR(statbuf.st_mode))
1472 : {
1473 33 : if(statbuf.st_uid==getuid())
1474 : {
1475 33 : if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1476 33 : ret=0;
1477 : else
1478 0 : perm=1;
1479 : }
1480 : else
1481 0 : own=1;
1482 :
1483 33 : homedir_cache=ret;
1484 : }
1485 : }
1486 0 : else if(item==1 || item==2)
1487 : {
1488 : /* The options or extension file. Okay unless it or its
1489 : containing directory is group or other writable or not owned
1490 : by us or root. */
1491 :
1492 0 : if(S_ISREG(statbuf.st_mode))
1493 : {
1494 0 : if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
1495 : {
1496 0 : if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1497 : {
1498 : /* it's not writable, so make sure the enclosing
1499 : directory is also not writable */
1500 0 : if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1501 : {
1502 0 : if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1503 0 : ret=0;
1504 : else
1505 0 : enc_dir_perm=1;
1506 : }
1507 : else
1508 0 : enc_dir_own=1;
1509 : }
1510 : else
1511 : {
1512 : /* it's writable, so the enclosing directory had
1513 : better not let people get to it. */
1514 0 : if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1515 : {
1516 0 : if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1517 0 : ret=0;
1518 : else
1519 0 : perm=enc_dir_perm=1; /* unclear which one to fix! */
1520 : }
1521 : else
1522 0 : enc_dir_own=1;
1523 : }
1524 : }
1525 : else
1526 0 : own=1;
1527 : }
1528 : }
1529 : else
1530 0 : BUG();
1531 :
1532 33 : if(!checkonly)
1533 : {
1534 33 : if(own)
1535 : {
1536 0 : if(item==0)
1537 0 : log_info(_("WARNING: unsafe ownership on"
1538 : " homedir '%s'\n"),tmppath);
1539 0 : else if(item==1)
1540 0 : log_info(_("WARNING: unsafe ownership on"
1541 : " configuration file '%s'\n"),tmppath);
1542 : else
1543 0 : log_info(_("WARNING: unsafe ownership on"
1544 : " extension '%s'\n"),tmppath);
1545 : }
1546 33 : if(perm)
1547 : {
1548 0 : if(item==0)
1549 0 : log_info(_("WARNING: unsafe permissions on"
1550 : " homedir '%s'\n"),tmppath);
1551 0 : else if(item==1)
1552 0 : log_info(_("WARNING: unsafe permissions on"
1553 : " configuration file '%s'\n"),tmppath);
1554 : else
1555 0 : log_info(_("WARNING: unsafe permissions on"
1556 : " extension '%s'\n"),tmppath);
1557 : }
1558 33 : if(enc_dir_own)
1559 : {
1560 0 : if(item==0)
1561 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1562 : " homedir '%s'\n"),tmppath);
1563 0 : else if(item==1)
1564 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1565 : " configuration file '%s'\n"),tmppath);
1566 : else
1567 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1568 : " extension '%s'\n"),tmppath);
1569 : }
1570 33 : if(enc_dir_perm)
1571 : {
1572 0 : if(item==0)
1573 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1574 : " homedir '%s'\n"),tmppath);
1575 0 : else if(item==1)
1576 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1577 : " configuration file '%s'\n"),tmppath);
1578 : else
1579 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1580 : " extension '%s'\n"),tmppath);
1581 : }
1582 : }
1583 :
1584 : end:
1585 66 : xfree(tmppath);
1586 :
1587 66 : if(homedir)
1588 0 : homedir_cache=ret;
1589 :
1590 66 : return ret;
1591 :
1592 : #else /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
1593 : (void)path;
1594 : (void)item;
1595 : return 0;
1596 : #endif /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
1597 : }
1598 :
1599 :
1600 : /* Print the OpenPGP defined algo numbers. */
1601 : static void
1602 0 : print_algo_numbers(int (*checker)(int))
1603 : {
1604 0 : int i,first=1;
1605 :
1606 0 : for(i=0;i<=110;i++)
1607 : {
1608 0 : if(!checker(i))
1609 : {
1610 0 : if(first)
1611 0 : first=0;
1612 : else
1613 0 : es_printf (";");
1614 0 : es_printf ("%d",i);
1615 : }
1616 : }
1617 0 : }
1618 :
1619 :
1620 : static void
1621 11 : print_algo_names(int (*checker)(int),const char *(*mapper)(int))
1622 : {
1623 11 : int i,first=1;
1624 :
1625 1232 : for(i=0;i<=110;i++)
1626 : {
1627 1221 : if(!checker(i))
1628 : {
1629 91 : if(first)
1630 11 : first=0;
1631 : else
1632 80 : es_printf (";");
1633 91 : es_printf ("%s",mapper(i));
1634 : }
1635 : }
1636 11 : }
1637 :
1638 : /* In the future, we can do all sorts of interesting configuration
1639 : output here. For now, just give "group" as the Enigmail folks need
1640 : it, and pubkey, cipher, hash, and compress as they may be useful
1641 : for frontends. */
1642 : static void
1643 12 : list_config(char *items)
1644 : {
1645 12 : int show_all = !items;
1646 12 : char *name = NULL;
1647 : const char *s;
1648 : struct groupitem *giter;
1649 : int first, iter;
1650 :
1651 12 : if(!opt.with_colons)
1652 13 : return;
1653 :
1654 33 : while(show_all || (name=strsep(&items," ")))
1655 : {
1656 11 : int any=0;
1657 :
1658 11 : if(show_all || ascii_strcasecmp(name,"group")==0)
1659 : {
1660 0 : for (giter = opt.grouplist; giter; giter = giter->next)
1661 : {
1662 : strlist_t sl;
1663 :
1664 0 : es_fprintf (es_stdout, "cfg:group:");
1665 0 : es_write_sanitized (es_stdout, giter->name, strlen(giter->name),
1666 : ":", NULL);
1667 0 : es_putc (':', es_stdout);
1668 :
1669 0 : for(sl=giter->values; sl; sl=sl->next)
1670 : {
1671 0 : es_write_sanitized (es_stdout, sl->d, strlen (sl->d),
1672 : ":;", NULL);
1673 0 : if(sl->next)
1674 0 : es_printf(";");
1675 : }
1676 :
1677 0 : es_printf("\n");
1678 : }
1679 :
1680 0 : any=1;
1681 : }
1682 :
1683 11 : if(show_all || ascii_strcasecmp(name,"version")==0)
1684 : {
1685 0 : es_printf("cfg:version:");
1686 0 : es_write_sanitized (es_stdout, VERSION, strlen(VERSION), ":", NULL);
1687 0 : es_printf ("\n");
1688 0 : any=1;
1689 : }
1690 :
1691 11 : if(show_all || ascii_strcasecmp(name,"pubkey")==0)
1692 : {
1693 0 : es_printf ("cfg:pubkey:");
1694 0 : print_algo_numbers (build_list_pk_test_algo);
1695 0 : es_printf ("\n");
1696 0 : any=1;
1697 : }
1698 :
1699 11 : if(show_all || ascii_strcasecmp(name,"pubkeyname")==0)
1700 : {
1701 3 : es_printf ("cfg:pubkeyname:");
1702 3 : print_algo_names (build_list_pk_test_algo,
1703 : build_list_pk_algo_name);
1704 3 : es_printf ("\n");
1705 3 : any=1;
1706 : }
1707 :
1708 11 : if(show_all || ascii_strcasecmp(name,"cipher")==0)
1709 : {
1710 0 : es_printf ("cfg:cipher:");
1711 0 : print_algo_numbers (build_list_cipher_test_algo);
1712 0 : es_printf ("\n");
1713 0 : any=1;
1714 : }
1715 :
1716 11 : if (show_all || !ascii_strcasecmp (name,"ciphername"))
1717 : {
1718 5 : es_printf ("cfg:ciphername:");
1719 5 : print_algo_names (build_list_cipher_test_algo,
1720 : build_list_cipher_algo_name);
1721 5 : es_printf ("\n");
1722 5 : any = 1;
1723 : }
1724 :
1725 11 : if(show_all
1726 11 : || ascii_strcasecmp(name,"digest")==0
1727 11 : || ascii_strcasecmp(name,"hash")==0)
1728 : {
1729 0 : es_printf ("cfg:digest:");
1730 0 : print_algo_numbers (build_list_md_test_algo);
1731 0 : es_printf ("\n");
1732 0 : any=1;
1733 : }
1734 :
1735 11 : if (show_all
1736 11 : || !ascii_strcasecmp(name,"digestname")
1737 8 : || !ascii_strcasecmp(name,"hashname"))
1738 : {
1739 3 : es_printf ("cfg:digestname:");
1740 3 : print_algo_names (build_list_md_test_algo,
1741 : build_list_md_algo_name);
1742 3 : es_printf ("\n");
1743 3 : any=1;
1744 : }
1745 :
1746 11 : if(show_all || ascii_strcasecmp(name,"compress")==0)
1747 : {
1748 0 : es_printf ("cfg:compress:");
1749 0 : print_algo_numbers(check_compress_algo);
1750 0 : es_printf ("\n");
1751 0 : any=1;
1752 : }
1753 :
1754 11 : if (show_all || !ascii_strcasecmp(name,"ccid-reader-id"))
1755 : {
1756 : /* We ignore this for GnuPG 1.4 backward compatibility. */
1757 0 : any=1;
1758 : }
1759 :
1760 11 : if (show_all || !ascii_strcasecmp (name,"curve"))
1761 : {
1762 0 : es_printf ("cfg:curve:");
1763 0 : for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first=0)
1764 0 : es_printf ("%s%s", first?"":";", s);
1765 0 : es_printf ("\n");
1766 0 : any=1;
1767 : }
1768 :
1769 : /* Curve OIDs are rarely useful and thus only printed if requested. */
1770 11 : if (name && !ascii_strcasecmp (name,"curveoid"))
1771 : {
1772 0 : es_printf ("cfg:curveoid:");
1773 0 : for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first = 0)
1774 : {
1775 0 : s = openpgp_curve_to_oid (s, NULL);
1776 0 : es_printf ("%s%s", first?"":";", s? s:"[?]");
1777 : }
1778 0 : es_printf ("\n");
1779 0 : any=1;
1780 : }
1781 :
1782 11 : if(show_all)
1783 0 : break;
1784 :
1785 11 : if(!any)
1786 0 : log_error(_("unknown configuration item '%s'\n"),name);
1787 : }
1788 : }
1789 :
1790 :
1791 : /* List options and default values in the GPG Conf format. This is a
1792 : new tool distributed with gnupg 1.9.x but we also want some limited
1793 : support in older gpg versions. The output is the name of the
1794 : configuration file and a list of options available for editing by
1795 : gpgconf. */
1796 : static void
1797 0 : gpgconf_list (const char *configfile)
1798 : {
1799 0 : char *configfile_esc = percent_escape (configfile, NULL);
1800 :
1801 0 : es_printf ("%s-%s.conf:%lu:\"%s\n",
1802 : GPGCONF_NAME, GPG_NAME,
1803 : GC_OPT_FLAG_DEFAULT,
1804 : configfile_esc ? configfile_esc : "/dev/null");
1805 0 : es_printf ("verbose:%lu:\n", GC_OPT_FLAG_NONE);
1806 0 : es_printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
1807 0 : es_printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
1808 0 : es_printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
1809 0 : es_printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE);
1810 0 : es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
1811 0 : es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
1812 0 : es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
1813 0 : es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
1814 0 : es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
1815 0 : es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
1816 :
1817 : /* The next one is an info only item and should match the macros at
1818 : the top of keygen.c */
1819 0 : es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
1820 : "RSA-2048");
1821 :
1822 0 : xfree (configfile_esc);
1823 0 : }
1824 :
1825 :
1826 : static int
1827 0 : parse_subpacket_list(char *list)
1828 : {
1829 : char *tok;
1830 : byte subpackets[128],i;
1831 0 : int count=0;
1832 :
1833 0 : if(!list)
1834 : {
1835 : /* No arguments means all subpackets */
1836 0 : memset(subpackets+1,1,sizeof(subpackets)-1);
1837 0 : count=127;
1838 : }
1839 : else
1840 : {
1841 0 : memset(subpackets,0,sizeof(subpackets));
1842 :
1843 : /* Merge with earlier copy */
1844 0 : if(opt.show_subpackets)
1845 : {
1846 : byte *in;
1847 :
1848 0 : for(in=opt.show_subpackets;*in;in++)
1849 : {
1850 0 : if(*in>127 || *in<1)
1851 0 : BUG();
1852 :
1853 0 : if(!subpackets[*in])
1854 0 : count++;
1855 0 : subpackets[*in]=1;
1856 : }
1857 : }
1858 :
1859 0 : while((tok=strsep(&list," ,")))
1860 : {
1861 0 : if(!*tok)
1862 0 : continue;
1863 :
1864 0 : i=atoi(tok);
1865 0 : if(i>127 || i<1)
1866 0 : return 0;
1867 :
1868 0 : if(!subpackets[i])
1869 0 : count++;
1870 0 : subpackets[i]=1;
1871 : }
1872 : }
1873 :
1874 0 : xfree(opt.show_subpackets);
1875 0 : opt.show_subpackets=xmalloc(count+1);
1876 0 : opt.show_subpackets[count--]=0;
1877 :
1878 0 : for(i=1;i<128 && count>=0;i++)
1879 0 : if(subpackets[i])
1880 0 : opt.show_subpackets[count--]=i;
1881 :
1882 0 : return 1;
1883 : }
1884 :
1885 :
1886 : static int
1887 0 : parse_list_options(char *str)
1888 : {
1889 0 : char *subpackets=""; /* something that isn't NULL */
1890 0 : struct parse_options lopts[]=
1891 : {
1892 : {"show-photos",LIST_SHOW_PHOTOS,NULL,
1893 : N_("display photo IDs during key listings")},
1894 : {"show-usage",LIST_SHOW_USAGE,NULL,
1895 : N_("show key usage information during key listings")},
1896 : {"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
1897 : N_("show policy URLs during signature listings")},
1898 : {"show-notations",LIST_SHOW_NOTATIONS,NULL,
1899 : N_("show all notations during signature listings")},
1900 : {"show-std-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1901 : N_("show IETF standard notations during signature listings")},
1902 : {"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1903 : NULL},
1904 : {"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
1905 : N_("show user-supplied notations during signature listings")},
1906 : {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
1907 : N_("show preferred keyserver URLs during signature listings")},
1908 : {"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,
1909 : N_("show user ID validity during key listings")},
1910 : {"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL,
1911 : N_("show revoked and expired user IDs in key listings")},
1912 : {"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
1913 : N_("show revoked and expired subkeys in key listings")},
1914 : {"show-keyring",LIST_SHOW_KEYRING,NULL,
1915 : N_("show the keyring name in key listings")},
1916 : {"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
1917 : N_("show expiration dates during signature listings")},
1918 : {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,NULL,
1919 : NULL},
1920 : {NULL,0,NULL,NULL}
1921 : };
1922 :
1923 : /* C99 allows for non-constant initializers, but we'd like to
1924 : compile everywhere, so fill in the show-sig-subpackets argument
1925 : here. Note that if the parse_options array changes, we'll have
1926 : to change the subscript here. */
1927 0 : lopts[13].value=&subpackets;
1928 :
1929 0 : if(parse_options(str,&opt.list_options,lopts,1))
1930 : {
1931 0 : if(opt.list_options&LIST_SHOW_SIG_SUBPACKETS)
1932 : {
1933 : /* Unset so users can pass multiple lists in. */
1934 0 : opt.list_options&=~LIST_SHOW_SIG_SUBPACKETS;
1935 0 : if(!parse_subpacket_list(subpackets))
1936 0 : return 0;
1937 : }
1938 0 : else if(subpackets==NULL && opt.show_subpackets)
1939 : {
1940 : /* User did 'no-show-subpackets' */
1941 0 : xfree(opt.show_subpackets);
1942 0 : opt.show_subpackets=NULL;
1943 : }
1944 :
1945 0 : return 1;
1946 : }
1947 : else
1948 0 : return 0;
1949 : }
1950 :
1951 :
1952 : /* Collapses argc/argv into a single string that must be freed */
1953 : static char *
1954 12 : collapse_args(int argc,char *argv[])
1955 : {
1956 12 : char *str=NULL;
1957 12 : int i,first=1,len=0;
1958 :
1959 23 : for(i=0;i<argc;i++)
1960 : {
1961 11 : len+=strlen(argv[i])+2;
1962 11 : str=xrealloc(str,len);
1963 11 : if(first)
1964 : {
1965 11 : str[0]='\0';
1966 11 : first=0;
1967 : }
1968 : else
1969 0 : strcat(str," ");
1970 :
1971 11 : strcat(str,argv[i]);
1972 : }
1973 :
1974 12 : return str;
1975 : }
1976 :
1977 :
1978 : #ifndef NO_TRUST_MODELS
1979 : static void
1980 92 : parse_trust_model(const char *model)
1981 : {
1982 92 : if(ascii_strcasecmp(model,"pgp")==0)
1983 0 : opt.trust_model=TM_PGP;
1984 92 : else if(ascii_strcasecmp(model,"classic")==0)
1985 0 : opt.trust_model=TM_CLASSIC;
1986 92 : else if(ascii_strcasecmp(model,"always")==0)
1987 0 : opt.trust_model=TM_ALWAYS;
1988 92 : else if(ascii_strcasecmp(model,"direct")==0)
1989 0 : opt.trust_model=TM_DIRECT;
1990 : #ifdef USE_TOFU
1991 92 : else if(ascii_strcasecmp(model,"tofu")==0)
1992 92 : opt.trust_model=TM_TOFU;
1993 0 : else if(ascii_strcasecmp(model,"tofu+pgp")==0)
1994 0 : opt.trust_model=TM_TOFU_PGP;
1995 : #endif /*USE_TOFU*/
1996 0 : else if(ascii_strcasecmp(model,"auto")==0)
1997 0 : opt.trust_model=TM_AUTO;
1998 : else
1999 0 : log_error("unknown trust model '%s'\n",model);
2000 92 : }
2001 : #endif /*NO_TRUST_MODELS*/
2002 :
2003 :
2004 : static int
2005 38 : parse_tofu_policy (const char *policystr)
2006 : {
2007 : #ifdef USE_TOFU
2008 38 : struct { const char *keyword; int policy; } list[] = {
2009 : { "auto", TOFU_POLICY_AUTO },
2010 : { "good", TOFU_POLICY_GOOD },
2011 : { "unknown", TOFU_POLICY_UNKNOWN },
2012 : { "bad", TOFU_POLICY_BAD },
2013 : { "ask", TOFU_POLICY_ASK }
2014 : };
2015 : int i;
2016 :
2017 38 : if (!ascii_strcasecmp (policystr, "help"))
2018 : {
2019 0 : log_info (_("valid values for option '%s':\n"), "--tofu-policy");
2020 0 : for (i=0; i < DIM (list); i++)
2021 0 : log_info (" %s\n", list[i].keyword);
2022 0 : g10_exit (1);
2023 : }
2024 :
2025 110 : for (i=0; i < DIM (list); i++)
2026 110 : if (!ascii_strcasecmp (policystr, list[i].keyword))
2027 76 : return list[i].policy;
2028 : #endif /*USE_TOFU*/
2029 :
2030 0 : log_error (_("unknown TOFU policy '%s'\n"), policystr);
2031 0 : if (!opt.quiet)
2032 0 : log_info (_("(use \"help\" to list choices)\n"));
2033 0 : g10_exit (1);
2034 : }
2035 :
2036 :
2037 : /* Parse the value of --compliance. */
2038 : static int
2039 0 : parse_compliance_option (const char *string)
2040 : {
2041 0 : struct { const char *keyword; enum cmd_and_opt_values option; } list[] = {
2042 : { "gnupg", oGnuPG },
2043 : { "openpgp", oOpenPGP },
2044 : { "rfc4880bis", oRFC4880bis },
2045 : { "rfc4880", oRFC4880 },
2046 : { "rfc2440", oRFC2440 },
2047 : { "pgp6", oPGP6 },
2048 : { "pgp7", oPGP7 },
2049 : { "pgp8", oPGP8 },
2050 : { "de-vs", oDE_VS }
2051 : };
2052 : int i;
2053 :
2054 0 : if (!ascii_strcasecmp (string, "help"))
2055 : {
2056 0 : log_info (_("valid values for option '%s':\n"), "--compliance");
2057 0 : for (i=0; i < DIM (list); i++)
2058 0 : log_info (" %s\n", list[i].keyword);
2059 0 : g10_exit (1);
2060 : }
2061 :
2062 0 : for (i=0; i < DIM (list); i++)
2063 0 : if (!ascii_strcasecmp (string, list[i].keyword))
2064 0 : return list[i].option;
2065 :
2066 0 : log_error (_("invalid value for option '%s'\n"), "--compliance");
2067 0 : if (!opt.quiet)
2068 0 : log_info (_("(use \"help\" to list choices)\n"));
2069 0 : g10_exit (1);
2070 : }
2071 :
2072 :
2073 :
2074 : /* Helper to set compliance related options. This is a separte
2075 : * function so that it can also be used by the --compliance option
2076 : * parser. */
2077 : static void
2078 0 : set_compliance_option (enum cmd_and_opt_values option)
2079 : {
2080 0 : switch (option)
2081 : {
2082 : case oRFC4880bis:
2083 0 : opt.flags.rfc4880bis = 1;
2084 : /* fall through. */
2085 : case oOpenPGP:
2086 : case oRFC4880:
2087 : /* This is effectively the same as RFC2440, but with
2088 : "--enable-dsa2 --no-rfc2440-text --escape-from-lines
2089 : --require-cross-certification". */
2090 0 : opt.compliance = CO_RFC4880;
2091 0 : opt.flags.dsa2 = 1;
2092 0 : opt.flags.require_cross_cert = 1;
2093 0 : opt.rfc2440_text = 0;
2094 0 : opt.allow_non_selfsigned_uid = 1;
2095 0 : opt.allow_freeform_uid = 1;
2096 0 : opt.escape_from = 1;
2097 0 : opt.not_dash_escaped = 0;
2098 0 : opt.def_cipher_algo = 0;
2099 0 : opt.def_digest_algo = 0;
2100 0 : opt.cert_digest_algo = 0;
2101 0 : opt.compress_algo = -1;
2102 0 : opt.s2k_mode = 3; /* iterated+salted */
2103 0 : opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2104 0 : opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2105 0 : break;
2106 : case oRFC2440:
2107 0 : opt.compliance = CO_RFC2440;
2108 0 : opt.flags.dsa2 = 0;
2109 0 : opt.rfc2440_text = 1;
2110 0 : opt.allow_non_selfsigned_uid = 1;
2111 0 : opt.allow_freeform_uid = 1;
2112 0 : opt.escape_from = 0;
2113 0 : opt.not_dash_escaped = 0;
2114 0 : opt.def_cipher_algo = 0;
2115 0 : opt.def_digest_algo = 0;
2116 0 : opt.cert_digest_algo = 0;
2117 0 : opt.compress_algo = -1;
2118 0 : opt.s2k_mode = 3; /* iterated+salted */
2119 0 : opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2120 0 : opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2121 0 : break;
2122 0 : case oPGP6: opt.compliance = CO_PGP6; break;
2123 0 : case oPGP7: opt.compliance = CO_PGP7; break;
2124 0 : case oPGP8: opt.compliance = CO_PGP8; break;
2125 0 : case oGnuPG: opt.compliance = CO_GNUPG; break;
2126 :
2127 : case oDE_VS:
2128 0 : set_compliance_option (oOpenPGP);
2129 0 : opt.compliance = CO_DE_VS;
2130 : /* Fixme: Change other options. */
2131 0 : break;
2132 :
2133 : default:
2134 0 : BUG ();
2135 : }
2136 0 : }
2137 :
2138 :
2139 :
2140 :
2141 :
2142 :
2143 : /* This function called to initialized a new control object. It is
2144 : assumed that this object has been zeroed out before calling this
2145 : function. */
2146 : static void
2147 1180 : gpg_init_default_ctrl (ctrl_t ctrl)
2148 : {
2149 : (void)ctrl;
2150 1180 : }
2151 :
2152 :
2153 : /* This function is called to deinitialize a control object. It is
2154 : not deallocated. */
2155 : static void
2156 1177 : gpg_deinit_default_ctrl (ctrl_t ctrl)
2157 : {
2158 : #ifdef USE_TOFU
2159 1177 : tofu_closedbs (ctrl);
2160 : #endif
2161 1177 : gpg_dirmngr_deinit_session_data (ctrl);
2162 1177 : }
2163 :
2164 :
2165 : char *
2166 1181 : get_default_configname (void)
2167 : {
2168 1181 : char *configname = NULL;
2169 1181 : char *name = xstrdup (GPG_NAME EXTSEP_S "conf-" SAFE_VERSION);
2170 1181 : char *ver = &name[strlen (GPG_NAME EXTSEP_S "conf-")];
2171 :
2172 : do
2173 : {
2174 4721 : if (configname)
2175 : {
2176 : char *tok;
2177 :
2178 3540 : xfree (configname);
2179 3540 : configname = NULL;
2180 :
2181 3540 : if ((tok = strrchr (ver, SAFE_VERSION_DASH)))
2182 0 : *tok='\0';
2183 3540 : else if ((tok = strrchr (ver, SAFE_VERSION_DOT)))
2184 2362 : *tok='\0';
2185 : else
2186 1178 : break;
2187 : }
2188 :
2189 3543 : configname = make_filename (gnupg_homedir (), name, NULL);
2190 : }
2191 3543 : while (access (configname, R_OK));
2192 :
2193 1181 : xfree(name);
2194 :
2195 1181 : if (! configname)
2196 1178 : configname = make_filename (gnupg_homedir (),
2197 : GPG_NAME EXTSEP_S "conf", NULL);
2198 1181 : if (! access (configname, R_OK))
2199 : {
2200 : /* Print a warning when both config files are present. */
2201 1163 : char *p = make_filename (gnupg_homedir (), "options", NULL);
2202 1163 : if (! access (p, R_OK))
2203 0 : log_info (_("Note: old default options file '%s' ignored\n"), p);
2204 1163 : xfree (p);
2205 : }
2206 : else
2207 : {
2208 : /* Use the old default only if it exists. */
2209 18 : char *p = make_filename (gnupg_homedir (), "options", NULL);
2210 18 : if (!access (p, R_OK))
2211 : {
2212 0 : xfree (configname);
2213 0 : configname = p;
2214 : }
2215 : else
2216 18 : xfree (p);
2217 : }
2218 :
2219 1181 : return configname;
2220 : }
2221 :
2222 : int
2223 1227 : main (int argc, char **argv)
2224 : {
2225 : ARGPARSE_ARGS pargs;
2226 : IOBUF a;
2227 1227 : int rc=0;
2228 : int orig_argc;
2229 : char **orig_argv;
2230 : const char *fname;
2231 : char *username;
2232 : int may_coredump;
2233 : strlist_t sl;
2234 1227 : strlist_t remusr = NULL;
2235 1227 : strlist_t locusr = NULL;
2236 1227 : strlist_t nrings = NULL;
2237 1227 : armor_filter_context_t *afx = NULL;
2238 1227 : int detached_sig = 0;
2239 1227 : FILE *configfp = NULL;
2240 1227 : char *configname = NULL;
2241 1227 : char *save_configname = NULL;
2242 1227 : char *default_configname = NULL;
2243 : unsigned configlineno;
2244 1227 : int parse_debug = 0;
2245 1227 : int default_config = 1;
2246 1227 : int default_keyring = 1;
2247 1227 : int greeting = 0;
2248 1227 : int nogreeting = 0;
2249 1227 : char *logfile = NULL;
2250 1227 : int use_random_seed = 1;
2251 1227 : enum cmd_and_opt_values cmd = 0;
2252 1227 : const char *debug_level = NULL;
2253 : #ifndef NO_TRUST_MODELS
2254 1227 : const char *trustdb_name = NULL;
2255 : #endif /*!NO_TRUST_MODELS*/
2256 1227 : char *def_cipher_string = NULL;
2257 1227 : char *def_digest_string = NULL;
2258 1227 : char *compress_algo_string = NULL;
2259 1227 : char *cert_digest_string = NULL;
2260 1227 : char *s2k_cipher_string = NULL;
2261 1227 : char *s2k_digest_string = NULL;
2262 1227 : char *pers_cipher_list = NULL;
2263 1227 : char *pers_digest_list = NULL;
2264 1227 : char *pers_compress_list = NULL;
2265 1227 : int eyes_only=0;
2266 1227 : int multifile=0;
2267 1227 : int pwfd = -1;
2268 1227 : int ovrseskeyfd = -1;
2269 1227 : int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
2270 1227 : int any_explicit_recipient = 0;
2271 1227 : int require_secmem = 0;
2272 1227 : int got_secmem = 0;
2273 : struct assuan_malloc_hooks malloc_hooks;
2274 : ctrl_t ctrl;
2275 :
2276 : static int print_dane_records;
2277 : static int print_pka_records;
2278 :
2279 :
2280 : #ifdef __riscos__
2281 : opt.lock_once = 1;
2282 : #endif /* __riscos__ */
2283 :
2284 : /* Please note that we may running SUID(ROOT), so be very CAREFUL
2285 : when adding any stuff between here and the call to
2286 : secmem_init() somewhere after the option parsing. */
2287 1227 : early_system_init ();
2288 1227 : gnupg_reopen_std (GPG_NAME);
2289 1227 : trap_unaligned ();
2290 1227 : gnupg_rl_initialize ();
2291 1227 : set_strusage (my_strusage);
2292 1227 : gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
2293 1227 : log_set_prefix (GPG_NAME, GPGRT_LOG_WITH_PREFIX);
2294 :
2295 : /* Make sure that our subsystems are ready. */
2296 1227 : i18n_init();
2297 1227 : init_common_subsystems (&argc, &argv);
2298 :
2299 : /* Use our own logging handler for Libcgrypt. */
2300 1227 : setup_libgcrypt_logging ();
2301 :
2302 : /* Put random number into secure memory */
2303 1227 : gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
2304 :
2305 1227 : may_coredump = disable_core_dumps();
2306 :
2307 1227 : gnupg_init_signals (0, emergency_cleanup);
2308 :
2309 1227 : dotlock_create (NULL, 0); /* Register lock file cleanup. */
2310 :
2311 1227 : opt.autostart = 1;
2312 1227 : opt.session_env = session_env_new ();
2313 1227 : if (!opt.session_env)
2314 0 : log_fatal ("error allocating session environment block: %s\n",
2315 0 : strerror (errno));
2316 :
2317 1227 : opt.command_fd = -1; /* no command fd */
2318 1227 : opt.compress_level = -1; /* defaults to standard compress level */
2319 1227 : opt.bz2_compress_level = -1; /* defaults to standard compress level */
2320 : /* note: if you change these lines, look at oOpenPGP */
2321 1227 : opt.def_cipher_algo = 0;
2322 1227 : opt.def_digest_algo = 0;
2323 1227 : opt.cert_digest_algo = 0;
2324 1227 : opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
2325 1227 : opt.s2k_mode = 3; /* iterated+salted */
2326 1227 : opt.s2k_count = 0; /* Auto-calibrate when needed. */
2327 1227 : opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
2328 1227 : opt.completes_needed = 1;
2329 1227 : opt.marginals_needed = 3;
2330 1227 : opt.max_cert_depth = 5;
2331 1227 : opt.escape_from = 1;
2332 1227 : opt.flags.require_cross_cert = 1;
2333 1227 : opt.import_options = 0;
2334 1227 : opt.export_options = EXPORT_ATTRIBUTES;
2335 1227 : opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG;
2336 1227 : opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
2337 1227 : opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
2338 1227 : opt.verify_options = (LIST_SHOW_UID_VALIDITY
2339 : | VERIFY_SHOW_POLICY_URLS
2340 : | VERIFY_SHOW_STD_NOTATIONS
2341 : | VERIFY_SHOW_KEYSERVER_URLS);
2342 1227 : opt.list_options = (LIST_SHOW_UID_VALIDITY
2343 : | LIST_SHOW_USAGE);
2344 : #ifdef NO_TRUST_MODELS
2345 : opt.trust_model = TM_ALWAYS;
2346 : #else
2347 1227 : opt.trust_model = TM_AUTO;
2348 : #endif
2349 1227 : opt.tofu_default_policy = TOFU_POLICY_AUTO;
2350 1227 : opt.mangle_dos_filenames = 0;
2351 1227 : opt.min_cert_level = 2;
2352 1227 : set_screen_dimensions ();
2353 1227 : opt.keyid_format = KF_NONE;
2354 1227 : opt.def_sig_expire = "0";
2355 1227 : opt.def_cert_expire = "0";
2356 1227 : gnupg_set_homedir (NULL);
2357 1227 : opt.passphrase_repeat = 1;
2358 1227 : opt.emit_version = 0;
2359 1227 : opt.weak_digests = NULL;
2360 1227 : additional_weak_digest("MD5");
2361 :
2362 : /* Check whether we have a config file on the command line. */
2363 1227 : orig_argc = argc;
2364 1227 : orig_argv = argv;
2365 1227 : pargs.argc = &argc;
2366 1227 : pargs.argv = &argv;
2367 1227 : pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
2368 8532 : while( arg_parse( &pargs, opts) ) {
2369 6078 : if( pargs.r_opt == oDebug || pargs.r_opt == oDebugAll )
2370 0 : parse_debug++;
2371 6078 : else if (pargs.r_opt == oDebugIOLBF)
2372 0 : es_setvbuf (es_stdout, NULL, _IOLBF, 0);
2373 6078 : else if( pargs.r_opt == oOptions ) {
2374 : /* yes there is one, so we do not try the default one, but
2375 : * read the option file when it is encountered at the commandline
2376 : */
2377 0 : default_config = 0;
2378 : }
2379 6078 : else if( pargs.r_opt == oNoOptions )
2380 : {
2381 0 : default_config = 0; /* --no-options */
2382 0 : opt.no_homedir_creation = 1;
2383 : }
2384 6078 : else if( pargs.r_opt == oHomedir )
2385 0 : gnupg_set_homedir (pargs.r.ret_str);
2386 6078 : else if( pargs.r_opt == oNoPermissionWarn )
2387 1148 : opt.no_perm_warn=1;
2388 4930 : else if (pargs.r_opt == oStrict )
2389 : {
2390 : /* Not used */
2391 : }
2392 4930 : else if (pargs.r_opt == oNoStrict )
2393 : {
2394 : /* Not used */
2395 : }
2396 : }
2397 :
2398 : #ifdef HAVE_DOSISH_SYSTEM
2399 : if ( strchr (gnupg_homedir (), '\\') ) {
2400 : char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1);
2401 : const char *s;
2402 : for (d=buf, s = gnupg_homedir (); *s; s++)
2403 : {
2404 : *d++ = *s == '\\'? '/': *s;
2405 : #ifdef HAVE_W32_SYSTEM
2406 : if (s[1] && IsDBCSLeadByte (*s))
2407 : *d++ = *++s;
2408 : #endif
2409 : }
2410 : *d = 0;
2411 : gnupg_set_homedir (buf);
2412 : }
2413 : #endif
2414 :
2415 : /* Initialize the secure memory. */
2416 1181 : if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
2417 1181 : got_secmem = 1;
2418 : #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
2419 : /* There should be no way to get to this spot while still carrying
2420 : setuid privs. Just in case, bomb out if we are. */
2421 : if ( getuid () != geteuid () )
2422 : BUG ();
2423 : #endif
2424 1181 : maybe_setuid = 0;
2425 :
2426 : /* Okay, we are now working under our real uid */
2427 :
2428 : /* malloc hooks go here ... */
2429 1181 : malloc_hooks.malloc = gcry_malloc;
2430 1181 : malloc_hooks.realloc = gcry_realloc;
2431 1181 : malloc_hooks.free = gcry_free;
2432 1181 : assuan_set_malloc_hooks (&malloc_hooks);
2433 1181 : assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
2434 1181 : setup_libassuan_logging (&opt.debug, NULL);
2435 :
2436 : /* Try for a version specific config file first */
2437 1181 : default_configname = get_default_configname ();
2438 1181 : if (default_config)
2439 1181 : configname = xstrdup (default_configname);
2440 :
2441 1181 : argc = orig_argc;
2442 1181 : argv = orig_argv;
2443 1181 : pargs.argc = &argc;
2444 1181 : pargs.argv = &argv;
2445 1181 : pargs.flags= ARGPARSE_FLAG_KEEP;
2446 :
2447 : /* By this point we have a homedir, and cannot change it. */
2448 1181 : check_permissions (gnupg_homedir (), 0);
2449 :
2450 : next_pass:
2451 2344 : if( configname ) {
2452 1181 : if(check_permissions(configname,1))
2453 : {
2454 : /* If any options file is unsafe, then disable any external
2455 : programs for keyserver calls or photo IDs. Since the
2456 : external program to call is set in the options file, a
2457 : unsafe options file can lead to an arbitrary program
2458 : being run. */
2459 :
2460 0 : opt.exec_disable=1;
2461 : }
2462 :
2463 1181 : configlineno = 0;
2464 1181 : configfp = fopen( configname, "r" );
2465 1181 : if (configfp && is_secured_file (fileno (configfp)))
2466 : {
2467 0 : fclose (configfp);
2468 0 : configfp = NULL;
2469 0 : gpg_err_set_errno (EPERM);
2470 : }
2471 1181 : if( !configfp ) {
2472 18 : if( default_config ) {
2473 18 : if( parse_debug )
2474 0 : log_info(_("Note: no default option file '%s'\n"),
2475 : configname );
2476 : }
2477 : else {
2478 0 : log_error(_("option file '%s': %s\n"),
2479 0 : configname, strerror(errno) );
2480 0 : g10_exit(2);
2481 : }
2482 18 : xfree(configname); configname = NULL;
2483 : }
2484 1181 : if( parse_debug && configname )
2485 0 : log_info(_("reading options from '%s'\n"), configname );
2486 1181 : default_config = 0;
2487 : }
2488 :
2489 18909 : while( optfile_parse( configfp, configname, &configlineno,
2490 : &pargs, opts) )
2491 : {
2492 14221 : switch( pargs.r_opt )
2493 : {
2494 : case aListConfig:
2495 : case aListGcryptConfig:
2496 : case aGPGConfList:
2497 : case aGPGConfTest:
2498 12 : set_cmd (&cmd, pargs.r_opt);
2499 : /* Do not register a keyring for these commands. */
2500 12 : default_keyring = -1;
2501 12 : break;
2502 :
2503 : case aCheckKeys:
2504 : case aListPackets:
2505 : case aImport:
2506 : case aFastImport:
2507 : case aSendKeys:
2508 : case aRecvKeys:
2509 : case aSearchKeys:
2510 : case aRefreshKeys:
2511 : case aFetchKeys:
2512 : case aExport:
2513 : #ifdef ENABLE_CARD_SUPPORT
2514 : case aCardStatus:
2515 : case aCardEdit:
2516 : case aChangePIN:
2517 : #endif /* ENABLE_CARD_SUPPORT*/
2518 : case aListKeys:
2519 : case aLocateKeys:
2520 : case aListSigs:
2521 : case aExportSecret:
2522 : case aExportSecretSub:
2523 : case aExportSshKey:
2524 : case aSym:
2525 : case aClearsign:
2526 : case aGenRevoke:
2527 : case aDesigRevoke:
2528 : case aPrimegen:
2529 : case aGenRandom:
2530 : case aPrintMD:
2531 : case aPrintMDs:
2532 : case aListTrustDB:
2533 : case aCheckTrustDB:
2534 : case aUpdateTrustDB:
2535 : case aFixTrustDB:
2536 : case aListTrustPath:
2537 : case aDeArmor:
2538 : case aEnArmor:
2539 : case aSign:
2540 : case aQuickSignKey:
2541 : case aQuickLSignKey:
2542 : case aSignKey:
2543 : case aLSignKey:
2544 : case aStore:
2545 : case aQuickKeygen:
2546 : case aQuickAddUid:
2547 : case aQuickAddKey:
2548 : case aQuickRevUid:
2549 : case aExportOwnerTrust:
2550 : case aImportOwnerTrust:
2551 : case aRebuildKeydbCaches:
2552 423 : set_cmd (&cmd, pargs.r_opt);
2553 423 : break;
2554 :
2555 : case aKeygen:
2556 : case aFullKeygen:
2557 : case aEditKey:
2558 : case aDeleteSecretKeys:
2559 : case aDeleteSecretAndPublicKeys:
2560 : case aDeleteKeys:
2561 : case aPasswd:
2562 45 : set_cmd (&cmd, pargs.r_opt);
2563 45 : greeting=1;
2564 45 : break;
2565 :
2566 16 : case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
2567 :
2568 0 : case aDecryptFiles: multifile=1; /* fall through */
2569 13 : case aDecrypt: set_cmd( &cmd, aDecrypt); break;
2570 :
2571 0 : case aEncrFiles: multifile=1; /* fall through */
2572 247 : case aEncr: set_cmd( &cmd, aEncr); break;
2573 :
2574 0 : case aVerifyFiles: multifile=1; /* fall through */
2575 67 : case aVerify: set_cmd( &cmd, aVerify); break;
2576 :
2577 : case aServer:
2578 0 : set_cmd (&cmd, pargs.r_opt);
2579 0 : opt.batch = 1;
2580 0 : break;
2581 :
2582 : case aTOFUPolicy:
2583 5 : set_cmd (&cmd, pargs.r_opt);
2584 5 : break;
2585 :
2586 39 : case oArmor: opt.armor = 1; opt.no_armor=0; break;
2587 797 : case oOutput: opt.outfile = pargs.r.ret_str; break;
2588 :
2589 0 : case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
2590 :
2591 : case oInputSizeHint:
2592 0 : opt.input_size_hint = string_to_u64 (pargs.r.ret_str);
2593 0 : break;
2594 :
2595 3 : case oQuiet: opt.quiet = 1; break;
2596 0 : case oNoTTY: tty_no_terminal(1); break;
2597 0 : case oDryRun: opt.dry_run = 1; break;
2598 0 : case oInteractive: opt.interactive = 1; break;
2599 : case oVerbose:
2600 3 : opt.verbose++;
2601 3 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2602 3 : opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
2603 3 : opt.list_options|=LIST_SHOW_UNUSABLE_SUBKEYS;
2604 3 : break;
2605 :
2606 : case oBatch:
2607 1190 : opt.batch = 1;
2608 1190 : nogreeting = 1;
2609 1190 : break;
2610 :
2611 : case oUseAgent: /* Dummy. */
2612 0 : break;
2613 :
2614 : case oNoUseAgent:
2615 0 : obsolete_option (configname, configlineno, "no-use-agent");
2616 0 : break;
2617 : case oGpgAgentInfo:
2618 0 : obsolete_option (configname, configlineno, "gpg-agent-info");
2619 0 : break;
2620 : case oReaderPort:
2621 0 : obsolete_scdaemon_option (configname, configlineno, "reader-port");
2622 0 : break;
2623 : case octapiDriver:
2624 0 : obsolete_scdaemon_option (configname, configlineno, "ctapi-driver");
2625 0 : break;
2626 : case opcscDriver:
2627 0 : obsolete_scdaemon_option (configname, configlineno, "pcsc-driver");
2628 0 : break;
2629 : case oDisableCCID:
2630 0 : obsolete_scdaemon_option (configname, configlineno, "disable-ccid");
2631 0 : break;
2632 : case oHonorHttpProxy:
2633 0 : obsolete_option (configname, configlineno, "honor-http-proxy");
2634 0 : break;
2635 :
2636 770 : case oAnswerYes: opt.answer_yes = 1; break;
2637 0 : case oAnswerNo: opt.answer_no = 1; break;
2638 0 : case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
2639 : case oPrimaryKeyring:
2640 0 : sl = append_to_strlist (&nrings, pargs.r.ret_str);
2641 0 : sl->flags = KEYDB_RESOURCE_FLAG_PRIMARY;
2642 0 : break;
2643 : case oShowKeyring:
2644 0 : deprecated_warning(configname,configlineno,"--show-keyring",
2645 : "--list-options ","show-keyring");
2646 0 : opt.list_options|=LIST_SHOW_KEYRING;
2647 0 : break;
2648 :
2649 : case oDebug:
2650 0 : if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
2651 : {
2652 0 : pargs.r_opt = ARGPARSE_INVALID_ARG;
2653 0 : pargs.err = ARGPARSE_PRINT_ERROR;
2654 : }
2655 0 : break;
2656 :
2657 0 : case oDebugAll: opt.debug = ~0; break;
2658 0 : case oDebugLevel: debug_level = pargs.r.ret_str; break;
2659 :
2660 0 : case oDebugIOLBF: break; /* Already set in pre-parse step. */
2661 :
2662 : case oStatusFD:
2663 14 : set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2664 14 : break;
2665 : case oStatusFile:
2666 0 : set_status_fd ( open_info_file (pargs.r.ret_str, 1, 0) );
2667 0 : break;
2668 : case oAttributeFD:
2669 0 : set_attrib_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2670 0 : break;
2671 : case oAttributeFile:
2672 0 : set_attrib_fd ( open_info_file (pargs.r.ret_str, 1, 1) );
2673 0 : break;
2674 : case oLoggerFD:
2675 0 : log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
2676 0 : break;
2677 : case oLoggerFile:
2678 0 : logfile = pargs.r.ret_str;
2679 0 : break;
2680 :
2681 : case oWithFingerprint:
2682 4 : opt.with_fingerprint = 1;
2683 4 : opt.fingerprint++;
2684 4 : break;
2685 : case oWithSubkeyFingerprint:
2686 0 : opt.with_subkey_fingerprint = 1;
2687 0 : break;
2688 : case oWithICAOSpelling:
2689 0 : opt.with_icao_spelling = 1;
2690 0 : break;
2691 : case oFingerprint:
2692 0 : opt.fingerprint++;
2693 0 : fpr_maybe_cmd = 1;
2694 0 : break;
2695 :
2696 : case oWithKeygrip:
2697 0 : opt.with_keygrip = 1;
2698 0 : break;
2699 :
2700 : case oWithSecret:
2701 0 : opt.with_secret = 1;
2702 0 : break;
2703 :
2704 : case oWithWKDHash:
2705 0 : opt.with_wkd_hash = 1;
2706 0 : break;
2707 :
2708 : case oSecretKeyring:
2709 : /* Ignore this old option. */
2710 0 : break;
2711 :
2712 : case oOptions:
2713 : /* config files may not be nested (silently ignore them) */
2714 0 : if( !configfp ) {
2715 0 : xfree(configname);
2716 0 : configname = xstrdup(pargs.r.ret_str);
2717 0 : goto next_pass;
2718 : }
2719 0 : break;
2720 0 : case oNoArmor: opt.no_armor=1; opt.armor=0; break;
2721 :
2722 : case oNoDefKeyring:
2723 0 : if (default_keyring > 0)
2724 0 : default_keyring = 0;
2725 0 : break;
2726 : case oNoKeyring:
2727 3 : default_keyring = -1;
2728 3 : break;
2729 :
2730 1181 : case oNoGreeting: nogreeting = 1; break;
2731 : case oNoVerbose:
2732 0 : opt.verbose = 0;
2733 0 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2734 0 : opt.list_sigs=0;
2735 0 : break;
2736 : case oQuickRandom:
2737 0 : gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
2738 0 : break;
2739 0 : case oEmitVersion: opt.emit_version++; break;
2740 0 : case oNoEmitVersion: opt.emit_version=0; break;
2741 0 : case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
2742 0 : case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
2743 0 : case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
2744 :
2745 : #ifndef NO_TRUST_MODELS
2746 0 : case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
2747 :
2748 : #endif /*!NO_TRUST_MODELS*/
2749 : case oDefaultKey:
2750 13 : sl = add_to_strlist (&opt.def_secret_key, pargs.r.ret_str);
2751 13 : sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
2752 13 : if (configfp)
2753 3 : sl->flags |= PK_LIST_CONFIG;
2754 13 : break;
2755 : case oDefRecipient:
2756 0 : if( *pargs.r.ret_str )
2757 : {
2758 0 : xfree (opt.def_recipient);
2759 0 : opt.def_recipient = make_username(pargs.r.ret_str);
2760 : }
2761 0 : break;
2762 : case oDefRecipientSelf:
2763 0 : xfree(opt.def_recipient); opt.def_recipient = NULL;
2764 0 : opt.def_recipient_self = 1;
2765 0 : break;
2766 : case oNoDefRecipient:
2767 0 : xfree(opt.def_recipient); opt.def_recipient = NULL;
2768 0 : opt.def_recipient_self = 0;
2769 0 : break;
2770 0 : case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
2771 0 : case oHomedir: break;
2772 0 : case oNoBatch: opt.batch = 0; break;
2773 :
2774 41 : case oWithTofuInfo: opt.with_tofu_info = 1; break;
2775 :
2776 0 : case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
2777 113 : case oWithColons: opt.with_colons=':'; break;
2778 :
2779 0 : case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/
2780 0 : case oWithSigList: opt.list_sigs = 1; break;
2781 :
2782 0 : case oSkipVerify: opt.skip_verify=1; break;
2783 :
2784 0 : case oSkipHiddenRecipients: opt.skip_hidden_recipients = 1; break;
2785 0 : case oNoSkipHiddenRecipients: opt.skip_hidden_recipients = 0; break;
2786 :
2787 18 : case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
2788 :
2789 : #ifndef NO_TRUST_MODELS
2790 : /* There are many programs (like mutt) that call gpg with
2791 : --always-trust so keep this option around for a long
2792 : time. */
2793 1002 : case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
2794 : case oTrustModel:
2795 92 : parse_trust_model(pargs.r.ret_str);
2796 92 : break;
2797 : #endif /*!NO_TRUST_MODELS*/
2798 : case oTOFUDefaultPolicy:
2799 33 : opt.tofu_default_policy = parse_tofu_policy (pargs.r.ret_str);
2800 33 : break;
2801 : case oTOFUDBFormat:
2802 0 : obsolete_option (configname, configlineno, "tofu-db-format");
2803 0 : break;
2804 :
2805 : case oForceOwnertrust:
2806 0 : log_info(_("Note: %s is not for normal use!\n"),
2807 : "--force-ownertrust");
2808 0 : opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
2809 0 : if(opt.force_ownertrust==-1)
2810 : {
2811 0 : log_error("invalid ownertrust '%s'\n",pargs.r.ret_str);
2812 0 : opt.force_ownertrust=0;
2813 : }
2814 0 : break;
2815 : case oLoadExtension:
2816 : /* Dummy so that gpg 1.4 conf files can work. Should
2817 : eventually be removed. */
2818 0 : break;
2819 :
2820 : case oCompliance:
2821 0 : set_compliance_option (parse_compliance_option (pargs.r.ret_str));
2822 0 : break;
2823 : case oOpenPGP:
2824 : case oRFC2440:
2825 : case oRFC4880:
2826 : case oRFC4880bis:
2827 : case oPGP6:
2828 : case oPGP7:
2829 : case oPGP8:
2830 : case oGnuPG:
2831 0 : set_compliance_option (pargs.r_opt);
2832 0 : break;
2833 :
2834 0 : case oRFC2440Text: opt.rfc2440_text=1; break;
2835 0 : case oNoRFC2440Text: opt.rfc2440_text=0; break;
2836 :
2837 : case oSetFilename:
2838 0 : if(utf8_strings)
2839 0 : opt.set_filename = pargs.r.ret_str;
2840 : else
2841 0 : opt.set_filename = native_to_utf8(pargs.r.ret_str);
2842 0 : break;
2843 0 : case oForYourEyesOnly: eyes_only = 1; break;
2844 0 : case oNoForYourEyesOnly: eyes_only = 0; break;
2845 : case oSetPolicyURL:
2846 0 : add_policy_url(pargs.r.ret_str,0);
2847 0 : add_policy_url(pargs.r.ret_str,1);
2848 0 : break;
2849 0 : case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
2850 0 : case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
2851 : case oShowPolicyURL:
2852 0 : deprecated_warning(configname,configlineno,"--show-policy-url",
2853 : "--list-options ","show-policy-urls");
2854 0 : deprecated_warning(configname,configlineno,"--show-policy-url",
2855 : "--verify-options ","show-policy-urls");
2856 0 : opt.list_options|=LIST_SHOW_POLICY_URLS;
2857 0 : opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
2858 0 : break;
2859 : case oNoShowPolicyURL:
2860 0 : deprecated_warning(configname,configlineno,"--no-show-policy-url",
2861 : "--list-options ","no-show-policy-urls");
2862 0 : deprecated_warning(configname,configlineno,"--no-show-policy-url",
2863 : "--verify-options ","no-show-policy-urls");
2864 0 : opt.list_options&=~LIST_SHOW_POLICY_URLS;
2865 0 : opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
2866 0 : break;
2867 0 : case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
2868 : case oUseEmbeddedFilename:
2869 0 : opt.flags.use_embedded_filename=1;
2870 0 : break;
2871 : case oNoUseEmbeddedFilename:
2872 0 : opt.flags.use_embedded_filename=0;
2873 0 : break;
2874 : case oComment:
2875 0 : if(pargs.r.ret_str[0])
2876 0 : append_to_strlist(&opt.comments,pargs.r.ret_str);
2877 0 : break;
2878 : case oDefaultComment:
2879 0 : deprecated_warning(configname,configlineno,
2880 : "--default-comment","--no-comments","");
2881 : /* fall through */
2882 : case oNoComments:
2883 0 : free_strlist(opt.comments);
2884 0 : opt.comments=NULL;
2885 0 : break;
2886 0 : case oThrowKeyids: opt.throw_keyids = 1; break;
2887 0 : case oNoThrowKeyids: opt.throw_keyids = 0; break;
2888 : case oShowPhotos:
2889 0 : deprecated_warning(configname,configlineno,"--show-photos",
2890 : "--list-options ","show-photos");
2891 0 : deprecated_warning(configname,configlineno,"--show-photos",
2892 : "--verify-options ","show-photos");
2893 0 : opt.list_options|=LIST_SHOW_PHOTOS;
2894 0 : opt.verify_options|=VERIFY_SHOW_PHOTOS;
2895 0 : break;
2896 : case oNoShowPhotos:
2897 0 : deprecated_warning(configname,configlineno,"--no-show-photos",
2898 : "--list-options ","no-show-photos");
2899 0 : deprecated_warning(configname,configlineno,"--no-show-photos",
2900 : "--verify-options ","no-show-photos");
2901 0 : opt.list_options&=~LIST_SHOW_PHOTOS;
2902 0 : opt.verify_options&=~VERIFY_SHOW_PHOTOS;
2903 0 : break;
2904 0 : case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
2905 :
2906 22 : case oForceMDC: opt.force_mdc = 1; break;
2907 0 : case oNoForceMDC: opt.force_mdc = 0; break;
2908 0 : case oDisableMDC: opt.disable_mdc = 1; break;
2909 0 : case oNoDisableMDC: opt.disable_mdc = 0; break;
2910 :
2911 0 : case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
2912 :
2913 0 : case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
2914 0 : case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
2915 0 : case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
2916 : case oS2KCount:
2917 106 : if (pargs.r.ret_int)
2918 106 : opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
2919 : else
2920 0 : opt.s2k_count = 0; /* Auto-calibrate when needed. */
2921 106 : break;
2922 :
2923 : case oRecipient:
2924 : case oHiddenRecipient:
2925 : case oRecipientFile:
2926 : case oHiddenRecipientFile:
2927 : /* Store the recipient. Note that we also store the
2928 : * option as private data in the flags. This is achieved
2929 : * by shifting the option value to the left so to keep
2930 : * enough space for the flags. */
2931 272 : sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2932 272 : sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
2933 272 : if (configfp)
2934 0 : sl->flags |= PK_LIST_CONFIG;
2935 272 : if (pargs.r_opt == oHiddenRecipient
2936 272 : || pargs.r_opt == oHiddenRecipientFile)
2937 3 : sl->flags |= PK_LIST_HIDDEN;
2938 272 : if (pargs.r_opt == oRecipientFile
2939 269 : || pargs.r_opt == oHiddenRecipientFile)
2940 6 : sl->flags |= PK_LIST_FROM_FILE;
2941 272 : any_explicit_recipient = 1;
2942 272 : break;
2943 :
2944 : case oEncryptTo:
2945 : case oHiddenEncryptTo:
2946 : /* Store an additional recipient. */
2947 3 : sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2948 3 : sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO);
2949 3 : if (configfp)
2950 3 : sl->flags |= PK_LIST_CONFIG;
2951 3 : if (pargs.r_opt == oHiddenEncryptTo)
2952 0 : sl->flags |= PK_LIST_HIDDEN;
2953 3 : break;
2954 :
2955 : case oNoEncryptTo:
2956 0 : opt.no_encrypt_to = 1;
2957 0 : break;
2958 : case oEncryptToDefaultKey:
2959 5 : opt.encrypt_to_default_key = configfp ? 2 : 1;
2960 5 : break;
2961 :
2962 : case oTrySecretKey:
2963 0 : add_to_strlist2 (&opt.secret_keys_to_try,
2964 0 : pargs.r.ret_str, utf8_strings);
2965 0 : break;
2966 :
2967 0 : case oMimemode: opt.mimemode = opt.textmode = 1; break;
2968 3 : case oTextmodeShort: opt.textmode = 2; break;
2969 0 : case oTextmode: opt.textmode=1; break;
2970 0 : case oNoTextmode: opt.textmode=opt.mimemode=0; break;
2971 :
2972 0 : case oExpert: opt.expert = 1; break;
2973 0 : case oNoExpert: opt.expert = 0; break;
2974 : case oDefSigExpire:
2975 0 : if(*pargs.r.ret_str!='\0')
2976 : {
2977 0 : if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2978 0 : log_error(_("'%s' is not a valid signature expiration\n"),
2979 : pargs.r.ret_str);
2980 : else
2981 0 : opt.def_sig_expire=pargs.r.ret_str;
2982 : }
2983 0 : break;
2984 0 : case oAskSigExpire: opt.ask_sig_expire = 1; break;
2985 0 : case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
2986 : case oDefCertExpire:
2987 0 : if(*pargs.r.ret_str!='\0')
2988 : {
2989 0 : if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2990 0 : log_error(_("'%s' is not a valid signature expiration\n"),
2991 : pargs.r.ret_str);
2992 : else
2993 0 : opt.def_cert_expire=pargs.r.ret_str;
2994 : }
2995 0 : break;
2996 0 : case oAskCertExpire: opt.ask_cert_expire = 1; break;
2997 0 : case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
2998 0 : case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
2999 0 : case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
3000 0 : case oAskCertLevel: opt.ask_cert_level = 1; break;
3001 0 : case oNoAskCertLevel: opt.ask_cert_level = 0; break;
3002 : case oLocalUser: /* store the local users */
3003 41 : sl = add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
3004 41 : sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
3005 41 : if (configfp)
3006 0 : sl->flags |= PK_LIST_CONFIG;
3007 41 : break;
3008 : case oSender:
3009 : {
3010 0 : char *mbox = mailbox_from_userid (pargs.r.ret_str);
3011 0 : if (!mbox)
3012 0 : log_error (_("\"%s\" is not a proper mail address\n"),
3013 : pargs.r.ret_str);
3014 : else
3015 : {
3016 0 : add_to_strlist (&opt.sender_list, mbox);
3017 0 : xfree (mbox);
3018 : }
3019 : }
3020 0 : break;
3021 : case oCompress:
3022 : /* this is the -z command line option */
3023 0 : opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
3024 0 : break;
3025 0 : case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
3026 0 : case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
3027 0 : case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
3028 : case oPassphrase:
3029 0 : set_passphrase_from_string(pargs.r.ret_str);
3030 0 : break;
3031 : case oPassphraseFD:
3032 179 : pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
3033 179 : break;
3034 : case oPassphraseFile:
3035 9 : pwfd = open_info_file (pargs.r.ret_str, 0, 1);
3036 9 : break;
3037 : case oPassphraseRepeat:
3038 0 : opt.passphrase_repeat = pargs.r.ret_int;
3039 0 : break;
3040 :
3041 : case oPinentryMode:
3042 0 : opt.pinentry_mode = parse_pinentry_mode (pargs.r.ret_str);
3043 0 : if (opt.pinentry_mode == -1)
3044 0 : log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
3045 0 : break;
3046 :
3047 : case oCommandFD:
3048 0 : opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
3049 0 : break;
3050 : case oCommandFile:
3051 0 : opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
3052 0 : break;
3053 : case oCipherAlgo:
3054 199 : def_cipher_string = xstrdup(pargs.r.ret_str);
3055 199 : break;
3056 : case oDigestAlgo:
3057 16 : def_digest_string = xstrdup(pargs.r.ret_str);
3058 16 : break;
3059 : case oCompressAlgo:
3060 : /* If it is all digits, stick a Z in front of it for
3061 : later. This is for backwards compatibility with
3062 : versions that took the compress algorithm number. */
3063 : {
3064 0 : char *pt=pargs.r.ret_str;
3065 0 : while(*pt)
3066 : {
3067 0 : if (!isascii (*pt) || !isdigit (*pt))
3068 : break;
3069 :
3070 0 : pt++;
3071 : }
3072 :
3073 0 : if(*pt=='\0')
3074 : {
3075 0 : compress_algo_string=xmalloc(strlen(pargs.r.ret_str)+2);
3076 0 : strcpy(compress_algo_string,"Z");
3077 0 : strcat(compress_algo_string,pargs.r.ret_str);
3078 : }
3079 : else
3080 0 : compress_algo_string = xstrdup(pargs.r.ret_str);
3081 : }
3082 0 : break;
3083 : case oCertDigestAlgo:
3084 0 : cert_digest_string = xstrdup(pargs.r.ret_str);
3085 0 : break;
3086 :
3087 : case oNoSecmemWarn:
3088 1181 : gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
3089 1181 : break;
3090 :
3091 0 : case oRequireSecmem: require_secmem=1; break;
3092 0 : case oNoRequireSecmem: require_secmem=0; break;
3093 2308 : case oNoPermissionWarn: opt.no_perm_warn=1; break;
3094 0 : case oNoMDCWarn: opt.no_mdc_warn=1; break;
3095 : case oDisplayCharset:
3096 0 : if( set_native_charset( pargs.r.ret_str ) )
3097 0 : log_error(_("'%s' is not a valid character set\n"),
3098 : pargs.r.ret_str);
3099 0 : break;
3100 1 : case oNotDashEscaped: opt.not_dash_escaped = 1; break;
3101 0 : case oEscapeFrom: opt.escape_from = 1; break;
3102 0 : case oNoEscapeFrom: opt.escape_from = 0; break;
3103 0 : case oLockOnce: opt.lock_once = 1; break;
3104 : case oLockNever:
3105 0 : dotlock_disable ();
3106 0 : break;
3107 : case oLockMultiple:
3108 : #ifndef __riscos__
3109 0 : opt.lock_once = 0;
3110 : #else /* __riscos__ */
3111 : riscos_not_implemented("lock-multiple");
3112 : #endif /* __riscos__ */
3113 0 : break;
3114 : case oKeyServer:
3115 : {
3116 : keyserver_spec_t keyserver;
3117 3 : keyserver = parse_keyserver_uri (pargs.r.ret_str, 0);
3118 3 : if (!keyserver)
3119 0 : log_error (_("could not parse keyserver URL\n"));
3120 : else
3121 : {
3122 : /* We only support a single keyserver. Later ones
3123 : override earlier ones. (Since we parse the
3124 : config file first and then the command line
3125 : arguments, the command line takes
3126 : precedence.) */
3127 3 : if (opt.keyserver)
3128 0 : free_keyserver_spec (opt.keyserver);
3129 3 : opt.keyserver = keyserver;
3130 : }
3131 : }
3132 3 : break;
3133 : case oKeyServerOptions:
3134 3 : if(!parse_keyserver_options(pargs.r.ret_str))
3135 : {
3136 0 : if(configname)
3137 0 : log_error(_("%s:%d: invalid keyserver options\n"),
3138 : configname,configlineno);
3139 : else
3140 0 : log_error(_("invalid keyserver options\n"));
3141 : }
3142 3 : break;
3143 : case oImportOptions:
3144 0 : if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
3145 : {
3146 0 : if(configname)
3147 0 : log_error(_("%s:%d: invalid import options\n"),
3148 : configname,configlineno);
3149 : else
3150 0 : log_error(_("invalid import options\n"));
3151 : }
3152 0 : break;
3153 : case oImportFilter:
3154 0 : rc = parse_and_set_import_filter (pargs.r.ret_str);
3155 0 : if (rc)
3156 0 : log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
3157 0 : break;
3158 : case oExportOptions:
3159 0 : if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
3160 : {
3161 0 : if(configname)
3162 0 : log_error(_("%s:%d: invalid export options\n"),
3163 : configname,configlineno);
3164 : else
3165 0 : log_error(_("invalid export options\n"));
3166 : }
3167 0 : break;
3168 : case oExportFilter:
3169 0 : rc = parse_and_set_export_filter (pargs.r.ret_str);
3170 0 : if (rc)
3171 0 : log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
3172 0 : break;
3173 : case oListOptions:
3174 0 : if(!parse_list_options(pargs.r.ret_str))
3175 : {
3176 0 : if(configname)
3177 0 : log_error(_("%s:%d: invalid list options\n"),
3178 : configname,configlineno);
3179 : else
3180 0 : log_error(_("invalid list options\n"));
3181 : }
3182 0 : break;
3183 : case oVerifyOptions:
3184 : {
3185 0 : struct parse_options vopts[]=
3186 : {
3187 : {"show-photos",VERIFY_SHOW_PHOTOS,NULL,
3188 : N_("display photo IDs during signature verification")},
3189 : {"show-policy-urls",VERIFY_SHOW_POLICY_URLS,NULL,
3190 : N_("show policy URLs during signature verification")},
3191 : {"show-notations",VERIFY_SHOW_NOTATIONS,NULL,
3192 : N_("show all notations during signature verification")},
3193 : {"show-std-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
3194 : N_("show IETF standard notations during signature verification")},
3195 : {"show-standard-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
3196 : NULL},
3197 : {"show-user-notations",VERIFY_SHOW_USER_NOTATIONS,NULL,
3198 : N_("show user-supplied notations during signature verification")},
3199 : {"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS,NULL,
3200 : N_("show preferred keyserver URLs during signature verification")},
3201 : {"show-uid-validity",VERIFY_SHOW_UID_VALIDITY,NULL,
3202 : N_("show user ID validity during signature verification")},
3203 : {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
3204 : N_("show revoked and expired user IDs in signature verification")},
3205 : {"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
3206 : N_("show only the primary user ID in signature verification")},
3207 : {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
3208 : N_("validate signatures with PKA data")},
3209 : {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
3210 : N_("elevate the trust of signatures with valid PKA data")},
3211 : {NULL,0,NULL,NULL}
3212 : };
3213 :
3214 0 : if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
3215 : {
3216 0 : if(configname)
3217 0 : log_error(_("%s:%d: invalid verify options\n"),
3218 : configname,configlineno);
3219 : else
3220 0 : log_error(_("invalid verify options\n"));
3221 : }
3222 : }
3223 0 : break;
3224 0 : case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
3225 : case oExecPath:
3226 0 : if(set_exec_path(pargs.r.ret_str))
3227 0 : log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
3228 : else
3229 0 : opt.exec_path_set=1;
3230 0 : break;
3231 : case oSetNotation:
3232 0 : add_notation_data( pargs.r.ret_str, 0 );
3233 0 : add_notation_data( pargs.r.ret_str, 1 );
3234 0 : break;
3235 0 : case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
3236 0 : case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
3237 : case oShowNotation:
3238 0 : deprecated_warning(configname,configlineno,"--show-notation",
3239 : "--list-options ","show-notations");
3240 0 : deprecated_warning(configname,configlineno,"--show-notation",
3241 : "--verify-options ","show-notations");
3242 0 : opt.list_options|=LIST_SHOW_NOTATIONS;
3243 0 : opt.verify_options|=VERIFY_SHOW_NOTATIONS;
3244 0 : break;
3245 : case oNoShowNotation:
3246 0 : deprecated_warning(configname,configlineno,"--no-show-notation",
3247 : "--list-options ","no-show-notations");
3248 0 : deprecated_warning(configname,configlineno,"--no-show-notation",
3249 : "--verify-options ","no-show-notations");
3250 0 : opt.list_options&=~LIST_SHOW_NOTATIONS;
3251 0 : opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
3252 0 : break;
3253 3 : case oUtf8Strings: utf8_strings = 1; break;
3254 0 : case oNoUtf8Strings: utf8_strings = 0; break;
3255 : case oDisableCipherAlgo:
3256 : {
3257 0 : int algo = string_to_cipher_algo (pargs.r.ret_str);
3258 0 : gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
3259 : }
3260 0 : break;
3261 : case oDisablePubkeyAlgo:
3262 : {
3263 0 : int algo = gcry_pk_map_name (pargs.r.ret_str);
3264 0 : gcry_pk_ctl (GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
3265 : }
3266 0 : break;
3267 0 : case oNoSigCache: opt.no_sig_cache = 1; break;
3268 4 : case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
3269 0 : case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
3270 0 : case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
3271 0 : case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
3272 0 : case oNoLiteral: opt.no_literal = 1; break;
3273 0 : case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
3274 0 : case oFastListMode: opt.fast_list_mode = 1; break;
3275 0 : case oFixedListMode: /* Dummy */ break;
3276 0 : case oLegacyListMode: opt.legacy_list_mode = 1; break;
3277 0 : case oPrintPKARecords: print_pka_records = 1; break;
3278 0 : case oPrintDANERecords: print_dane_records = 1; break;
3279 0 : case oListOnly: opt.list_only=1; break;
3280 0 : case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
3281 0 : case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
3282 0 : case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
3283 0 : case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
3284 0 : case oNoRandomSeedFile: use_random_seed = 0; break;
3285 : case oAutoKeyRetrieve:
3286 : case oNoAutoKeyRetrieve:
3287 0 : if(pargs.r_opt==oAutoKeyRetrieve)
3288 0 : opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
3289 : else
3290 0 : opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
3291 0 : break;
3292 0 : case oShowSessionKey: opt.show_session_key = 1; break;
3293 : case oOverrideSessionKey:
3294 0 : opt.override_session_key = pargs.r.ret_str;
3295 0 : break;
3296 : case oOverrideSessionKeyFD:
3297 0 : ovrseskeyfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
3298 0 : break;
3299 : case oMergeOnly:
3300 0 : deprecated_warning(configname,configlineno,"--merge-only",
3301 : "--import-options ","merge-only");
3302 0 : opt.import_options|=IMPORT_MERGE_ONLY;
3303 0 : break;
3304 0 : case oAllowSecretKeyImport: /* obsolete */ break;
3305 0 : case oTryAllSecrets: opt.try_all_secrets = 1; break;
3306 0 : case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
3307 : case oEnableSpecialFilenames:
3308 0 : iobuf_enable_special_filenames (1);
3309 0 : break;
3310 0 : case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
3311 0 : case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
3312 1160 : case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
3313 0 : case oPreservePermissions: opt.preserve_permissions=1; break;
3314 : case oDefaultPreferenceList:
3315 0 : opt.def_preference_list = pargs.r.ret_str;
3316 0 : break;
3317 : case oDefaultKeyserverURL:
3318 : {
3319 : keyserver_spec_t keyserver;
3320 0 : keyserver = parse_keyserver_uri (pargs.r.ret_str,1 );
3321 0 : if (!keyserver)
3322 0 : log_error (_("could not parse keyserver URL\n"));
3323 : else
3324 0 : free_keyserver_spec (keyserver);
3325 :
3326 0 : opt.def_keyserver_url = pargs.r.ret_str;
3327 : }
3328 0 : break;
3329 : case oPersonalCipherPreferences:
3330 0 : pers_cipher_list=pargs.r.ret_str;
3331 0 : break;
3332 : case oPersonalDigestPreferences:
3333 0 : pers_digest_list=pargs.r.ret_str;
3334 0 : break;
3335 : case oPersonalCompressPreferences:
3336 0 : pers_compress_list=pargs.r.ret_str;
3337 0 : break;
3338 1181 : case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
3339 0 : case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
3340 : case oWeakDigest:
3341 0 : additional_weak_digest(pargs.r.ret_str);
3342 0 : break;
3343 : case oUnwrap:
3344 0 : opt.unwrap_encryption = 1;
3345 0 : break;
3346 : case oOnlySignTextIDs:
3347 0 : opt.only_sign_text_ids = 1;
3348 0 : break;
3349 :
3350 : case oDisplay:
3351 0 : set_opt_session_env ("DISPLAY", pargs.r.ret_str);
3352 0 : break;
3353 : case oTTYname:
3354 0 : set_opt_session_env ("GPG_TTY", pargs.r.ret_str);
3355 0 : break;
3356 : case oTTYtype:
3357 0 : set_opt_session_env ("TERM", pargs.r.ret_str);
3358 0 : break;
3359 : case oXauthority:
3360 0 : set_opt_session_env ("XAUTHORITY", pargs.r.ret_str);
3361 0 : break;
3362 :
3363 0 : case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
3364 0 : case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
3365 :
3366 9 : case oGroup: add_group(pargs.r.ret_str); break;
3367 0 : case oUnGroup: rm_group(pargs.r.ret_str); break;
3368 : case oNoGroups:
3369 0 : while(opt.grouplist)
3370 : {
3371 0 : struct groupitem *iter=opt.grouplist;
3372 0 : free_strlist(iter->values);
3373 0 : opt.grouplist=opt.grouplist->next;
3374 0 : xfree(iter);
3375 : }
3376 0 : break;
3377 :
3378 : case oStrict:
3379 : case oNoStrict:
3380 : /* Not used */
3381 0 : break;
3382 :
3383 0 : case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
3384 0 : case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
3385 0 : case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
3386 1 : case oMultifile: multifile=1; break;
3387 : case oKeyidFormat:
3388 0 : if(ascii_strcasecmp(pargs.r.ret_str,"short")==0)
3389 0 : opt.keyid_format=KF_SHORT;
3390 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"long")==0)
3391 0 : opt.keyid_format=KF_LONG;
3392 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"0xshort")==0)
3393 0 : opt.keyid_format=KF_0xSHORT;
3394 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
3395 0 : opt.keyid_format=KF_0xLONG;
3396 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0)
3397 0 : opt.keyid_format = KF_NONE;
3398 : else
3399 0 : log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
3400 0 : break;
3401 :
3402 : case oExitOnStatusWriteError:
3403 0 : opt.exit_on_status_write_error = 1;
3404 0 : break;
3405 :
3406 : case oLimitCardInsertTries:
3407 0 : opt.limit_card_insert_tries = pargs.r.ret_int;
3408 0 : break;
3409 :
3410 0 : case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
3411 0 : case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
3412 :
3413 : case oAutoKeyLocate:
3414 0 : if(!parse_auto_key_locate(pargs.r.ret_str))
3415 : {
3416 0 : if(configname)
3417 0 : log_error(_("%s:%d: invalid auto-key-locate list\n"),
3418 : configname,configlineno);
3419 : else
3420 0 : log_error(_("invalid auto-key-locate list\n"));
3421 : }
3422 0 : break;
3423 : case oNoAutoKeyLocate:
3424 0 : release_akl();
3425 0 : break;
3426 :
3427 : case oEnableLargeRSA:
3428 : #if SECMEM_BUFFER_SIZE >= 65536
3429 : opt.flags.large_rsa=1;
3430 : #else
3431 0 : if (configname)
3432 0 : log_info("%s:%d: WARNING: gpg not built with large secure "
3433 : "memory buffer. Ignoring enable-large-rsa\n",
3434 : configname,configlineno);
3435 : else
3436 0 : log_info("WARNING: gpg not built with large secure "
3437 : "memory buffer. Ignoring --enable-large-rsa\n");
3438 : #endif /* SECMEM_BUFFER_SIZE >= 65536 */
3439 0 : break;
3440 0 : case oDisableLargeRSA: opt.flags.large_rsa=0;
3441 0 : break;
3442 :
3443 0 : case oEnableDSA2: opt.flags.dsa2=1; break;
3444 0 : case oDisableDSA2: opt.flags.dsa2=0; break;
3445 :
3446 : case oAllowMultisigVerification:
3447 : case oAllowMultipleMessages:
3448 2 : opt.flags.allow_multiple_messages=1;
3449 2 : break;
3450 :
3451 : case oNoAllowMultipleMessages:
3452 0 : opt.flags.allow_multiple_messages=0;
3453 0 : break;
3454 :
3455 : case oAllowWeakDigestAlgos:
3456 1160 : opt.flags.allow_weak_digest_algos = 1;
3457 1160 : break;
3458 :
3459 : case oFakedSystemTime:
3460 : {
3461 206 : time_t faked_time = isotime2epoch (pargs.r.ret_str);
3462 206 : if (faked_time == (time_t)(-1))
3463 206 : faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
3464 206 : gnupg_set_time (faked_time, 0);
3465 : }
3466 206 : break;
3467 :
3468 0 : case oNoAutostart: opt.autostart = 0; break;
3469 :
3470 0 : case oNoop: break;
3471 :
3472 : default:
3473 0 : pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
3474 0 : break;
3475 : }
3476 : }
3477 :
3478 2343 : if (configfp)
3479 : {
3480 1163 : fclose( configfp );
3481 1163 : configfp = NULL;
3482 : /* Remember the first config file name. */
3483 1163 : if (!save_configname)
3484 1163 : save_configname = configname;
3485 : else
3486 0 : xfree(configname);
3487 1163 : configname = NULL;
3488 1163 : goto next_pass;
3489 : }
3490 1180 : xfree(configname); configname = NULL;
3491 1180 : if (log_get_errorcount (0))
3492 0 : g10_exit(2);
3493 :
3494 : /* The command --gpgconf-list is pretty simple and may be called
3495 : directly after the option parsing. */
3496 1180 : if (cmd == aGPGConfList)
3497 : {
3498 0 : gpgconf_list (save_configname ? save_configname : default_configname);
3499 0 : g10_exit (0);
3500 : }
3501 1180 : xfree (save_configname);
3502 1180 : xfree (default_configname);
3503 :
3504 1180 : if (print_dane_records)
3505 0 : log_error ("invalid option \"%s\"; use \"%s\" instead\n",
3506 : "--print-dane-records",
3507 : "--export-options export-dane");
3508 1180 : if (print_pka_records)
3509 0 : log_error ("invalid option \"%s\"; use \"%s\" instead\n",
3510 : "--print-pks-records",
3511 : "--export-options export-pka");
3512 1180 : if (log_get_errorcount (0))
3513 0 : g10_exit(2);
3514 :
3515 :
3516 1180 : if( nogreeting )
3517 1180 : greeting = 0;
3518 :
3519 1180 : if( greeting )
3520 : {
3521 0 : es_fprintf (es_stderr, "%s %s; %s\n",
3522 : strusage(11), strusage(13), strusage(14) );
3523 0 : es_fprintf (es_stderr, "%s\n", strusage(15) );
3524 : }
3525 : #ifdef IS_DEVELOPMENT_VERSION
3526 : if (!opt.batch)
3527 : {
3528 : const char *s;
3529 :
3530 : if((s=strusage(25)))
3531 : log_info("%s\n",s);
3532 : if((s=strusage(26)))
3533 : log_info("%s\n",s);
3534 : if((s=strusage(27)))
3535 : log_info("%s\n",s);
3536 : }
3537 : #endif
3538 :
3539 : /* FIXME: We should use logging to a file only in server mode;
3540 : however we have not yet implemetyed that. Thus we try to get
3541 : away with --batch as indication for logging to file
3542 : required. */
3543 1180 : if (logfile && opt.batch)
3544 : {
3545 0 : log_set_file (logfile);
3546 0 : log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
3547 : }
3548 :
3549 1180 : if (opt.verbose > 2)
3550 0 : log_info ("using character set '%s'\n", get_native_charset ());
3551 :
3552 1180 : if( may_coredump && !opt.quiet )
3553 0 : log_info(_("WARNING: program may create a core file!\n"));
3554 :
3555 1180 : if (opt.flags.rfc4880bis)
3556 0 : log_info ("WARNING: using experimental features from RFC4880bis!\n");
3557 : else
3558 : {
3559 1180 : opt.mimemode = 0; /* This will use text mode instead. */
3560 : }
3561 :
3562 1180 : if (eyes_only) {
3563 0 : if (opt.set_filename)
3564 0 : log_info(_("WARNING: %s overrides %s\n"),
3565 : "--for-your-eyes-only","--set-filename");
3566 :
3567 0 : opt.set_filename="_CONSOLE";
3568 : }
3569 :
3570 1180 : if (opt.no_literal) {
3571 0 : log_info(_("Note: %s is not for normal use!\n"), "--no-literal");
3572 0 : if (opt.textmode)
3573 0 : log_error(_("%s not allowed with %s!\n"),
3574 : "--textmode", "--no-literal" );
3575 0 : if (opt.set_filename)
3576 0 : log_error(_("%s makes no sense with %s!\n"),
3577 : eyes_only?"--for-your-eyes-only":"--set-filename",
3578 : "--no-literal" );
3579 : }
3580 :
3581 :
3582 1180 : if (opt.set_filesize)
3583 0 : log_info(_("Note: %s is not for normal use!\n"), "--set-filesize");
3584 1180 : if( opt.batch )
3585 1179 : tty_batchmode( 1 );
3586 :
3587 1180 : if (gnupg_faked_time_p ())
3588 : {
3589 : gnupg_isotime_t tbuf;
3590 :
3591 206 : log_info (_("WARNING: running with faked system time: "));
3592 206 : gnupg_get_isotime (tbuf);
3593 206 : dump_isotime (tbuf);
3594 206 : log_printf ("\n");
3595 : }
3596 :
3597 : /* Print a warning if an argument looks like an option. */
3598 1180 : if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
3599 : {
3600 : int i;
3601 :
3602 2405 : for (i=0; i < argc; i++)
3603 1228 : if (argv[i][0] == '-' && argv[i][1] == '-')
3604 0 : log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
3605 : }
3606 :
3607 :
3608 1180 : gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
3609 :
3610 1180 : if(require_secmem && !got_secmem)
3611 : {
3612 0 : log_info(_("will not run with insecure memory due to %s\n"),
3613 : "--require-secmem");
3614 0 : g10_exit(2);
3615 : }
3616 :
3617 1180 : set_debug (debug_level);
3618 1180 : if (DBG_CLOCK)
3619 0 : log_clock ("start");
3620 :
3621 : /* Do these after the switch(), so they can override settings. */
3622 1180 : if(PGP6)
3623 : {
3624 : /* That does not anymore work because we have no more support
3625 : for v3 signatures. */
3626 0 : opt.disable_mdc=1;
3627 0 : opt.escape_from=1;
3628 0 : opt.ask_sig_expire=0;
3629 : }
3630 1180 : else if(PGP7)
3631 : {
3632 : /* That does not anymore work because we have no more support
3633 : for v3 signatures. */
3634 0 : opt.escape_from=1;
3635 0 : opt.ask_sig_expire=0;
3636 : }
3637 1180 : else if(PGP8)
3638 : {
3639 0 : opt.escape_from=1;
3640 : }
3641 :
3642 :
3643 1180 : if( def_cipher_string ) {
3644 199 : opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
3645 199 : xfree(def_cipher_string); def_cipher_string = NULL;
3646 199 : if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
3647 0 : log_error(_("selected cipher algorithm is invalid\n"));
3648 : }
3649 1180 : if( def_digest_string ) {
3650 16 : opt.def_digest_algo = string_to_digest_algo (def_digest_string);
3651 16 : xfree(def_digest_string); def_digest_string = NULL;
3652 16 : if ( openpgp_md_test_algo (opt.def_digest_algo) )
3653 0 : log_error(_("selected digest algorithm is invalid\n"));
3654 : }
3655 1180 : if( compress_algo_string ) {
3656 0 : opt.compress_algo = string_to_compress_algo(compress_algo_string);
3657 0 : xfree(compress_algo_string); compress_algo_string = NULL;
3658 0 : if( check_compress_algo(opt.compress_algo) )
3659 0 : log_error(_("selected compression algorithm is invalid\n"));
3660 : }
3661 1180 : if( cert_digest_string ) {
3662 0 : opt.cert_digest_algo = string_to_digest_algo (cert_digest_string);
3663 0 : xfree(cert_digest_string); cert_digest_string = NULL;
3664 0 : if (openpgp_md_test_algo(opt.cert_digest_algo))
3665 0 : log_error(_("selected certification digest algorithm is invalid\n"));
3666 : }
3667 1180 : if( s2k_cipher_string ) {
3668 0 : opt.s2k_cipher_algo = string_to_cipher_algo (s2k_cipher_string);
3669 0 : xfree(s2k_cipher_string); s2k_cipher_string = NULL;
3670 0 : if (openpgp_cipher_test_algo (opt.s2k_cipher_algo))
3671 0 : log_error(_("selected cipher algorithm is invalid\n"));
3672 : }
3673 1180 : if( s2k_digest_string ) {
3674 0 : opt.s2k_digest_algo = string_to_digest_algo (s2k_digest_string);
3675 0 : xfree(s2k_digest_string); s2k_digest_string = NULL;
3676 0 : if (openpgp_md_test_algo(opt.s2k_digest_algo))
3677 0 : log_error(_("selected digest algorithm is invalid\n"));
3678 : }
3679 1180 : if( opt.completes_needed < 1 )
3680 0 : log_error(_("completes-needed must be greater than 0\n"));
3681 1180 : if( opt.marginals_needed < 2 )
3682 0 : log_error(_("marginals-needed must be greater than 1\n"));
3683 1180 : if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
3684 0 : log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
3685 1180 : if(opt.def_cert_level<0 || opt.def_cert_level>3)
3686 0 : log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
3687 1180 : if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
3688 0 : log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
3689 1180 : switch( opt.s2k_mode ) {
3690 : case 0:
3691 0 : log_info(_("Note: simple S2K mode (0) is strongly discouraged\n"));
3692 0 : break;
3693 1180 : case 1: case 3: break;
3694 : default:
3695 0 : log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
3696 : }
3697 :
3698 : /* This isn't actually needed, but does serve to error out if the
3699 : string is invalid. */
3700 1180 : if(opt.def_preference_list &&
3701 0 : keygen_set_std_prefs(opt.def_preference_list,0))
3702 0 : log_error(_("invalid default preferences\n"));
3703 :
3704 1180 : if(pers_cipher_list &&
3705 0 : keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
3706 0 : log_error(_("invalid personal cipher preferences\n"));
3707 :
3708 1180 : if(pers_digest_list &&
3709 0 : keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
3710 0 : log_error(_("invalid personal digest preferences\n"));
3711 :
3712 1180 : if(pers_compress_list &&
3713 0 : keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
3714 0 : log_error(_("invalid personal compress preferences\n"));
3715 :
3716 : /* We don't support all possible commands with multifile yet */
3717 1180 : if(multifile)
3718 : {
3719 : char *cmdname;
3720 :
3721 1 : switch(cmd)
3722 : {
3723 : case aSign:
3724 0 : cmdname="--sign";
3725 0 : break;
3726 : case aSignEncr:
3727 0 : cmdname="--sign --encrypt";
3728 0 : break;
3729 : case aClearsign:
3730 0 : cmdname="--clearsign";
3731 0 : break;
3732 : case aDetachedSign:
3733 0 : cmdname="--detach-sign";
3734 0 : break;
3735 : case aSym:
3736 0 : cmdname="--symmetric";
3737 0 : break;
3738 : case aEncrSym:
3739 0 : cmdname="--symmetric --encrypt";
3740 0 : break;
3741 : case aStore:
3742 0 : cmdname="--store";
3743 0 : break;
3744 : default:
3745 1 : cmdname=NULL;
3746 1 : break;
3747 : }
3748 :
3749 1 : if(cmdname)
3750 0 : log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
3751 : }
3752 :
3753 1180 : if( log_get_errorcount(0) )
3754 0 : g10_exit(2);
3755 :
3756 1180 : if(opt.compress_level==0)
3757 0 : opt.compress_algo=COMPRESS_ALGO_NONE;
3758 :
3759 : /* Check our chosen algorithms against the list of legal
3760 : algorithms. */
3761 :
3762 1180 : if(!GNUPG)
3763 : {
3764 0 : const char *badalg=NULL;
3765 0 : preftype_t badtype=PREFTYPE_NONE;
3766 :
3767 0 : if(opt.def_cipher_algo
3768 0 : && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
3769 : {
3770 0 : badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
3771 0 : badtype = PREFTYPE_SYM;
3772 : }
3773 0 : else if(opt.def_digest_algo
3774 0 : && !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
3775 : {
3776 0 : badalg = gcry_md_algo_name (opt.def_digest_algo);
3777 0 : badtype = PREFTYPE_HASH;
3778 : }
3779 0 : else if(opt.cert_digest_algo
3780 0 : && !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
3781 : {
3782 0 : badalg = gcry_md_algo_name (opt.cert_digest_algo);
3783 0 : badtype = PREFTYPE_HASH;
3784 : }
3785 0 : else if(opt.compress_algo!=-1
3786 0 : && !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
3787 : {
3788 0 : badalg = compress_algo_to_string(opt.compress_algo);
3789 0 : badtype = PREFTYPE_ZIP;
3790 : }
3791 :
3792 0 : if(badalg)
3793 : {
3794 0 : switch(badtype)
3795 : {
3796 : case PREFTYPE_SYM:
3797 0 : log_info(_("you may not use cipher algorithm '%s'"
3798 : " while in %s mode\n"),
3799 : badalg,compliance_option_string());
3800 0 : break;
3801 : case PREFTYPE_HASH:
3802 0 : log_info(_("you may not use digest algorithm '%s'"
3803 : " while in %s mode\n"),
3804 : badalg,compliance_option_string());
3805 0 : break;
3806 : case PREFTYPE_ZIP:
3807 0 : log_info(_("you may not use compression algorithm '%s'"
3808 : " while in %s mode\n"),
3809 : badalg,compliance_option_string());
3810 0 : break;
3811 : default:
3812 0 : BUG();
3813 : }
3814 :
3815 0 : compliance_failure();
3816 : }
3817 : }
3818 :
3819 : /* Set the random seed file. */
3820 1180 : if( use_random_seed ) {
3821 1180 : char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
3822 1180 : gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
3823 1180 : if (!access (p, F_OK))
3824 1162 : register_secured_file (p);
3825 1180 : xfree(p);
3826 : }
3827 :
3828 : /* If there is no command but the --fingerprint is given, default
3829 : to the --list-keys command. */
3830 1180 : if (!cmd && fpr_maybe_cmd)
3831 : {
3832 0 : set_cmd (&cmd, aListKeys);
3833 : }
3834 :
3835 :
3836 1180 : if( opt.verbose > 1 )
3837 0 : set_packet_list_mode(1);
3838 :
3839 : /* Add the keyrings, but not for some special commands. We always
3840 : * need to add the keyrings if we are running under SELinux, this
3841 : * is so that the rings are added to the list of secured files.
3842 : * We do not add any keyring if --no-keyring has been used. */
3843 1180 : if (default_keyring >= 0
3844 1165 : && (ALWAYS_ADD_KEYRINGS
3845 2294 : || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
3846 : {
3847 1129 : if (!nrings || default_keyring > 0) /* Add default ring. */
3848 1129 : keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
3849 : KEYDB_RESOURCE_FLAG_DEFAULT);
3850 1129 : for (sl = nrings; sl; sl = sl->next )
3851 0 : keydb_add_resource (sl->d, sl->flags);
3852 : }
3853 1180 : FREE_STRLIST(nrings);
3854 :
3855 1180 : if (opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
3856 : /* In loopback mode, never ask for the password multiple
3857 : times. */
3858 : {
3859 0 : opt.passphrase_repeat = 0;
3860 : }
3861 :
3862 1180 : if (cmd == aGPGConfTest)
3863 0 : g10_exit(0);
3864 :
3865 :
3866 1180 : if (pwfd != -1) /* Read the passphrase now. */
3867 188 : read_passphrase_from_fd (pwfd);
3868 :
3869 1180 : if (ovrseskeyfd != -1 ) /* Read the sessionkey now. */
3870 0 : read_sessionkey_from_fd (ovrseskeyfd);
3871 :
3872 1180 : fname = argc? *argv : NULL;
3873 :
3874 1180 : if(fname && utf8_strings)
3875 0 : opt.flags.utf8_filename=1;
3876 :
3877 1180 : ctrl = xcalloc (1, sizeof *ctrl);
3878 1180 : gpg_init_default_ctrl (ctrl);
3879 :
3880 : #ifndef NO_TRUST_MODELS
3881 1180 : switch (cmd)
3882 : {
3883 : case aPrimegen:
3884 : case aPrintMD:
3885 : case aPrintMDs:
3886 : case aGenRandom:
3887 : case aDeArmor:
3888 : case aEnArmor:
3889 : case aListConfig:
3890 : case aListGcryptConfig:
3891 51 : break;
3892 : case aFixTrustDB:
3893 : case aExportOwnerTrust:
3894 0 : rc = setup_trustdb (0, trustdb_name);
3895 0 : break;
3896 : case aListTrustDB:
3897 0 : rc = setup_trustdb (argc? 1:0, trustdb_name);
3898 0 : break;
3899 : default:
3900 : /* If we are using TM_ALWAYS, we do not need to create the
3901 : trustdb. */
3902 1129 : rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
3903 1129 : break;
3904 : }
3905 1180 : if (rc)
3906 0 : log_error (_("failed to initialize the TrustDB: %s\n"),
3907 : gpg_strerror (rc));
3908 : #endif /*!NO_TRUST_MODELS*/
3909 :
3910 1180 : switch (cmd)
3911 : {
3912 : case aStore:
3913 : case aSym:
3914 : case aSign:
3915 : case aSignSym:
3916 : case aClearsign:
3917 151 : if (!opt.quiet && any_explicit_recipient)
3918 22 : log_info (_("WARNING: recipients (-r) given "
3919 : "without using public key encryption\n"));
3920 151 : break;
3921 : default:
3922 1029 : break;
3923 : }
3924 :
3925 :
3926 : /* Check for certain command whether we need to migrate a
3927 : secring.gpg to the gpg-agent. */
3928 1180 : switch (cmd)
3929 : {
3930 : case aListSecretKeys:
3931 : case aSign:
3932 : case aSignEncr:
3933 : case aSignEncrSym:
3934 : case aSignSym:
3935 : case aClearsign:
3936 : case aDecrypt:
3937 : case aSignKey:
3938 : case aLSignKey:
3939 : case aEditKey:
3940 : case aPasswd:
3941 : case aDeleteSecretKeys:
3942 : case aDeleteSecretAndPublicKeys:
3943 : case aQuickKeygen:
3944 : case aQuickAddUid:
3945 : case aQuickAddKey:
3946 : case aQuickRevUid:
3947 : case aFullKeygen:
3948 : case aKeygen:
3949 : case aImport:
3950 : case aExportSecret:
3951 : case aExportSecretSub:
3952 : case aGenRevoke:
3953 : case aDesigRevoke:
3954 : case aCardEdit:
3955 : case aChangePIN:
3956 240 : migrate_secring (ctrl);
3957 240 : break;
3958 : case aListKeys:
3959 68 : if (opt.with_secret)
3960 0 : migrate_secring (ctrl);
3961 68 : break;
3962 : default:
3963 872 : break;
3964 : }
3965 :
3966 : /* The command dispatcher. */
3967 1180 : switch( cmd )
3968 : {
3969 : case aServer:
3970 0 : gpg_server (ctrl);
3971 0 : break;
3972 :
3973 : case aStore: /* only store the file */
3974 0 : if( argc > 1 )
3975 0 : wrong_args(_("--store [filename]"));
3976 0 : if( (rc = encrypt_store(fname)) )
3977 : {
3978 0 : write_status_failure ("store", rc);
3979 0 : log_error ("storing '%s' failed: %s\n",
3980 : print_fname_stdin(fname),gpg_strerror (rc) );
3981 : }
3982 0 : break;
3983 : case aSym: /* encrypt the given file only with the symmetric cipher */
3984 48 : if( argc > 1 )
3985 0 : wrong_args(_("--symmetric [filename]"));
3986 48 : if( (rc = encrypt_symmetric(fname)) )
3987 : {
3988 0 : write_status_failure ("symencrypt", rc);
3989 0 : log_error (_("symmetric encryption of '%s' failed: %s\n"),
3990 : print_fname_stdin(fname),gpg_strerror (rc) );
3991 : }
3992 48 : break;
3993 :
3994 : case aEncr: /* encrypt the given file */
3995 219 : if(multifile)
3996 0 : encrypt_crypt_files (ctrl, argc, argv, remusr);
3997 : else
3998 : {
3999 219 : if( argc > 1 )
4000 0 : wrong_args(_("--encrypt [filename]"));
4001 219 : if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 0, NULL, -1)) )
4002 : {
4003 0 : write_status_failure ("encrypt", rc);
4004 0 : log_error("%s: encryption failed: %s\n",
4005 : print_fname_stdin(fname), gpg_strerror (rc) );
4006 : }
4007 : }
4008 219 : break;
4009 :
4010 : case aEncrSym:
4011 : /* This works with PGP 8 in the sense that it acts just like a
4012 : symmetric message. It doesn't work at all with 2 or 6. It
4013 : might work with 7, but alas, I don't have a copy to test
4014 : with right now. */
4015 0 : if( argc > 1 )
4016 0 : wrong_args(_("--symmetric --encrypt [filename]"));
4017 0 : else if(opt.s2k_mode==0)
4018 0 : log_error(_("you cannot use --symmetric --encrypt"
4019 : " with --s2k-mode 0\n"));
4020 0 : else if(PGP6 || PGP7)
4021 0 : log_error(_("you cannot use --symmetric --encrypt"
4022 : " while in %s mode\n"),compliance_option_string());
4023 : else
4024 : {
4025 0 : if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 1, NULL, -1)) )
4026 : {
4027 0 : write_status_failure ("encrypt", rc);
4028 0 : log_error ("%s: encryption failed: %s\n",
4029 : print_fname_stdin(fname), gpg_strerror (rc) );
4030 : }
4031 : }
4032 0 : break;
4033 :
4034 : case aSign: /* sign the given file */
4035 86 : sl = NULL;
4036 86 : if( detached_sig ) { /* sign all files */
4037 44 : for( ; argc; argc--, argv++ )
4038 28 : add_to_strlist( &sl, *argv );
4039 : }
4040 : else {
4041 70 : if( argc > 1 )
4042 0 : wrong_args(_("--sign [filename]"));
4043 70 : if( argc ) {
4044 69 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
4045 69 : strcpy(sl->d, fname);
4046 : }
4047 : }
4048 86 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 0, NULL, NULL)))
4049 : {
4050 0 : write_status_failure ("sign", rc);
4051 0 : log_error ("signing failed: %s\n", gpg_strerror (rc) );
4052 : }
4053 86 : free_strlist(sl);
4054 86 : break;
4055 :
4056 : case aSignEncr: /* sign and encrypt the given file */
4057 27 : if( argc > 1 )
4058 0 : wrong_args(_("--sign --encrypt [filename]"));
4059 27 : if( argc ) {
4060 26 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
4061 26 : strcpy(sl->d, fname);
4062 : }
4063 : else
4064 1 : sl = NULL;
4065 27 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 1, remusr, NULL)))
4066 : {
4067 0 : write_status_failure ("sign-encrypt", rc);
4068 0 : log_error("%s: sign+encrypt failed: %s\n",
4069 : print_fname_stdin(fname), gpg_strerror (rc) );
4070 : }
4071 27 : free_strlist(sl);
4072 27 : break;
4073 :
4074 : case aSignEncrSym: /* sign and encrypt the given file */
4075 1 : if( argc > 1 )
4076 0 : wrong_args(_("--symmetric --sign --encrypt [filename]"));
4077 1 : else if(opt.s2k_mode==0)
4078 0 : log_error(_("you cannot use --symmetric --sign --encrypt"
4079 : " with --s2k-mode 0\n"));
4080 1 : else if(PGP6 || PGP7)
4081 0 : log_error(_("you cannot use --symmetric --sign --encrypt"
4082 : " while in %s mode\n"),compliance_option_string());
4083 : else
4084 : {
4085 1 : if( argc )
4086 : {
4087 0 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
4088 0 : strcpy(sl->d, fname);
4089 : }
4090 : else
4091 1 : sl = NULL;
4092 1 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr,
4093 : 2, remusr, NULL)))
4094 : {
4095 0 : write_status_failure ("sign-encrypt", rc);
4096 0 : log_error("%s: symmetric+sign+encrypt failed: %s\n",
4097 : print_fname_stdin(fname), gpg_strerror (rc) );
4098 : }
4099 1 : free_strlist(sl);
4100 : }
4101 1 : break;
4102 :
4103 : case aSignSym: /* sign and conventionally encrypt the given file */
4104 7 : if (argc > 1)
4105 0 : wrong_args(_("--sign --symmetric [filename]"));
4106 7 : rc = sign_symencrypt_file (ctrl, fname, locusr);
4107 7 : if (rc)
4108 : {
4109 0 : write_status_failure ("sign-symencrypt", rc);
4110 0 : log_error("%s: sign+symmetric failed: %s\n",
4111 : print_fname_stdin(fname), gpg_strerror (rc) );
4112 : }
4113 7 : break;
4114 :
4115 : case aClearsign: /* make a clearsig */
4116 10 : if( argc > 1 )
4117 0 : wrong_args(_("--clearsign [filename]"));
4118 10 : if( (rc = clearsign_file (ctrl, fname, locusr, NULL)) )
4119 : {
4120 0 : write_status_failure ("sign", rc);
4121 0 : log_error("%s: clearsign failed: %s\n",
4122 : print_fname_stdin(fname), gpg_strerror (rc) );
4123 : }
4124 10 : break;
4125 :
4126 : case aVerify:
4127 67 : if (multifile)
4128 : {
4129 0 : if ((rc = verify_files (ctrl, argc, argv)))
4130 0 : log_error("verify files failed: %s\n", gpg_strerror (rc) );
4131 : }
4132 : else
4133 : {
4134 67 : if ((rc = verify_signatures (ctrl, argc, argv)))
4135 0 : log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
4136 : }
4137 64 : if (rc)
4138 0 : write_status_failure ("verify", rc);
4139 64 : break;
4140 :
4141 : case aDecrypt:
4142 13 : if (multifile)
4143 1 : decrypt_messages (ctrl, argc, argv);
4144 : else
4145 : {
4146 12 : if( argc > 1 )
4147 0 : wrong_args(_("--decrypt [filename]"));
4148 12 : if( (rc = decrypt_message (ctrl, fname) ))
4149 : {
4150 0 : write_status_failure ("decrypt", rc);
4151 0 : log_error("decrypt_message failed: %s\n", gpg_strerror (rc) );
4152 : }
4153 : }
4154 13 : break;
4155 :
4156 : case aQuickSignKey:
4157 : case aQuickLSignKey:
4158 : {
4159 : const char *fpr;
4160 :
4161 0 : if (argc < 1)
4162 0 : wrong_args ("--quick-[l]sign-key fingerprint [userids]");
4163 0 : fpr = *argv++; argc--;
4164 0 : sl = NULL;
4165 0 : for( ; argc; argc--, argv++)
4166 0 : append_to_strlist2 (&sl, *argv, utf8_strings);
4167 0 : keyedit_quick_sign (ctrl, fpr, sl, locusr, (cmd == aQuickLSignKey));
4168 0 : free_strlist (sl);
4169 : }
4170 0 : break;
4171 :
4172 : case aSignKey:
4173 0 : if( argc != 1 )
4174 0 : wrong_args(_("--sign-key user-id"));
4175 : /* fall through */
4176 : case aLSignKey:
4177 0 : if( argc != 1 )
4178 0 : wrong_args(_("--lsign-key user-id"));
4179 : /* fall through */
4180 :
4181 0 : sl=NULL;
4182 :
4183 0 : if(cmd==aSignKey)
4184 0 : append_to_strlist(&sl,"sign");
4185 0 : else if(cmd==aLSignKey)
4186 0 : append_to_strlist(&sl,"lsign");
4187 : else
4188 0 : BUG();
4189 :
4190 0 : append_to_strlist( &sl, "save" );
4191 0 : username = make_username( fname );
4192 0 : keyedit_menu (ctrl, username, locusr, sl, 0, 0 );
4193 0 : xfree(username);
4194 0 : free_strlist(sl);
4195 0 : break;
4196 :
4197 : case aEditKey: /* Edit a key signature */
4198 0 : if( !argc )
4199 0 : wrong_args(_("--edit-key user-id [commands]"));
4200 0 : username = make_username( fname );
4201 0 : if( argc > 1 ) {
4202 0 : sl = NULL;
4203 0 : for( argc--, argv++ ; argc; argc--, argv++ )
4204 0 : append_to_strlist( &sl, *argv );
4205 0 : keyedit_menu (ctrl, username, locusr, sl, 0, 1 );
4206 0 : free_strlist(sl);
4207 : }
4208 : else
4209 0 : keyedit_menu (ctrl, username, locusr, NULL, 0, 1 );
4210 0 : xfree(username);
4211 0 : break;
4212 :
4213 : case aPasswd:
4214 0 : if (argc != 1)
4215 0 : wrong_args (_("--passwd <user-id>"));
4216 : else
4217 : {
4218 0 : username = make_username (fname);
4219 0 : keyedit_passwd (ctrl, username);
4220 0 : xfree (username);
4221 : }
4222 0 : break;
4223 :
4224 : case aDeleteKeys:
4225 : case aDeleteSecretKeys:
4226 : case aDeleteSecretAndPublicKeys:
4227 43 : sl = NULL;
4228 : /* I'm adding these in reverse order as add_to_strlist2
4229 : reverses them again, and it's easier to understand in the
4230 : proper order :) */
4231 136 : for( ; argc; argc-- )
4232 93 : add_to_strlist2( &sl, argv[argc-1], utf8_strings );
4233 43 : delete_keys(sl,cmd==aDeleteSecretKeys,cmd==aDeleteSecretAndPublicKeys);
4234 43 : free_strlist(sl);
4235 43 : break;
4236 :
4237 : case aCheckKeys:
4238 0 : opt.check_sigs = 1;
4239 : case aListSigs:
4240 0 : opt.list_sigs = 1;
4241 : case aListKeys:
4242 68 : sl = NULL;
4243 139 : for( ; argc; argc--, argv++ )
4244 71 : add_to_strlist2( &sl, *argv, utf8_strings );
4245 68 : public_key_list (ctrl, sl, 0);
4246 68 : free_strlist(sl);
4247 68 : break;
4248 : case aListSecretKeys:
4249 18 : sl = NULL;
4250 33 : for( ; argc; argc--, argv++ )
4251 15 : add_to_strlist2( &sl, *argv, utf8_strings );
4252 18 : secret_key_list (ctrl, sl);
4253 18 : free_strlist(sl);
4254 18 : break;
4255 : case aLocateKeys:
4256 31 : sl = NULL;
4257 62 : for (; argc; argc--, argv++)
4258 31 : add_to_strlist2( &sl, *argv, utf8_strings );
4259 31 : public_key_list (ctrl, sl, 1);
4260 31 : free_strlist (sl);
4261 31 : break;
4262 :
4263 : case aQuickKeygen:
4264 : {
4265 : const char *x_algo, *x_usage, *x_expire;
4266 :
4267 1 : if (argc < 1 || argc > 4)
4268 0 : wrong_args("--quick-gen-key USER-ID [ALGO [USAGE [EXPIRE]]]");
4269 1 : username = make_username (fname);
4270 1 : argv++, argc--;
4271 1 : x_algo = "";
4272 1 : x_usage = "";
4273 1 : x_expire = "";
4274 1 : if (argc)
4275 : {
4276 0 : x_algo = *argv++; argc--;
4277 0 : if (argc)
4278 : {
4279 0 : x_usage = *argv++; argc--;
4280 0 : if (argc)
4281 : {
4282 0 : x_expire = *argv++; argc--;
4283 : }
4284 : }
4285 : }
4286 1 : quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
4287 1 : xfree (username);
4288 : }
4289 1 : break;
4290 :
4291 : case aKeygen: /* generate a key */
4292 2 : if( opt.batch ) {
4293 2 : if( argc > 1 )
4294 0 : wrong_args("--gen-key [parameterfile]");
4295 2 : generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
4296 : }
4297 : else {
4298 0 : if (opt.command_fd != -1 && argc)
4299 : {
4300 0 : if( argc > 1 )
4301 0 : wrong_args("--gen-key [parameterfile]");
4302 :
4303 0 : opt.batch = 1;
4304 0 : generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
4305 : }
4306 0 : else if (argc)
4307 0 : wrong_args ("--gen-key");
4308 : else
4309 0 : generate_keypair (ctrl, 0, NULL, NULL, 0);
4310 : }
4311 2 : break;
4312 :
4313 : case aFullKeygen: /* Generate a key with all options. */
4314 0 : if (opt.batch)
4315 : {
4316 0 : if (argc > 1)
4317 0 : wrong_args ("--full-gen-key [parameterfile]");
4318 0 : generate_keypair (ctrl, 1, argc? *argv : NULL, NULL, 0);
4319 : }
4320 : else
4321 : {
4322 0 : if (argc)
4323 0 : wrong_args("--full-gen-key");
4324 0 : generate_keypair (ctrl, 1, NULL, NULL, 0);
4325 : }
4326 0 : break;
4327 :
4328 : case aQuickAddUid:
4329 : {
4330 : const char *uid, *newuid;
4331 :
4332 1 : if (argc != 2)
4333 0 : wrong_args ("--quick-adduid USER-ID NEW-USER-ID");
4334 1 : uid = *argv++; argc--;
4335 1 : newuid = *argv++; argc--;
4336 1 : keyedit_quick_adduid (ctrl, uid, newuid);
4337 : }
4338 1 : break;
4339 :
4340 : case aQuickAddKey:
4341 : {
4342 : const char *x_fpr, *x_algo, *x_usage, *x_expire;
4343 :
4344 0 : if (argc < 1 || argc > 4)
4345 0 : wrong_args ("--quick-addkey FINGERPRINT [ALGO [USAGE [EXPIRE]]]");
4346 0 : x_fpr = *argv++; argc--;
4347 0 : x_algo = "";
4348 0 : x_usage = "";
4349 0 : x_expire = "";
4350 0 : if (argc)
4351 : {
4352 0 : x_algo = *argv++; argc--;
4353 0 : if (argc)
4354 : {
4355 0 : x_usage = *argv++; argc--;
4356 0 : if (argc)
4357 : {
4358 0 : x_expire = *argv++; argc--;
4359 : }
4360 : }
4361 : }
4362 0 : keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire);
4363 : }
4364 0 : break;
4365 :
4366 : case aQuickRevUid:
4367 : {
4368 : const char *uid, *uidtorev;
4369 :
4370 1 : if (argc != 2)
4371 0 : wrong_args ("--quick-revuid USER-ID USER-ID-TO-REVOKE");
4372 1 : uid = *argv++; argc--;
4373 1 : uidtorev = *argv++; argc--;
4374 1 : keyedit_quick_revuid (ctrl, uid, uidtorev);
4375 : }
4376 1 : break;
4377 :
4378 : case aFastImport:
4379 0 : opt.import_options |= IMPORT_FAST;
4380 : case aImport:
4381 70 : import_keys (ctrl, argc? argv:NULL, argc, NULL, opt.import_options);
4382 70 : break;
4383 :
4384 : /* TODO: There are a number of command that use this same
4385 : "make strlist, call function, report error, free strlist"
4386 : pattern. Join them together here and avoid all that
4387 : duplicated code. */
4388 :
4389 : case aExport:
4390 : case aSendKeys:
4391 : case aRecvKeys:
4392 3 : sl = NULL;
4393 9 : for( ; argc; argc--, argv++ )
4394 6 : append_to_strlist2( &sl, *argv, utf8_strings );
4395 3 : if( cmd == aSendKeys )
4396 0 : rc = keyserver_export (ctrl, sl );
4397 3 : else if( cmd == aRecvKeys )
4398 0 : rc = keyserver_import (ctrl, sl );
4399 : else
4400 : {
4401 3 : export_stats_t stats = export_new_stats ();
4402 3 : rc = export_pubkeys (ctrl, sl, opt.export_options, stats);
4403 3 : export_print_stats (stats);
4404 3 : export_release_stats (stats);
4405 : }
4406 3 : if(rc)
4407 : {
4408 0 : if(cmd==aSendKeys)
4409 : {
4410 0 : write_status_failure ("send-keys", rc);
4411 0 : log_error(_("keyserver send failed: %s\n"),gpg_strerror (rc));
4412 : }
4413 0 : else if(cmd==aRecvKeys)
4414 : {
4415 0 : write_status_failure ("recv-keys", rc);
4416 0 : log_error (_("keyserver receive failed: %s\n"),
4417 : gpg_strerror (rc));
4418 : }
4419 : else
4420 : {
4421 0 : write_status_failure ("export", rc);
4422 0 : log_error (_("key export failed: %s\n"), gpg_strerror (rc));
4423 : }
4424 : }
4425 3 : free_strlist(sl);
4426 3 : break;
4427 :
4428 : case aExportSshKey:
4429 1 : if (argc != 1)
4430 0 : wrong_args ("--export-ssh-key <user-id>");
4431 1 : rc = export_ssh_key (ctrl, argv[0]);
4432 1 : if (rc)
4433 : {
4434 0 : write_status_failure ("export-ssh-key", rc);
4435 0 : log_error (_("export as ssh key failed: %s\n"), gpg_strerror (rc));
4436 : }
4437 1 : break;
4438 :
4439 : case aSearchKeys:
4440 0 : sl = NULL;
4441 0 : for (; argc; argc--, argv++)
4442 0 : append_to_strlist2 (&sl, *argv, utf8_strings);
4443 0 : rc = keyserver_search (ctrl, sl);
4444 0 : if (rc)
4445 : {
4446 0 : write_status_failure ("search-keys", rc);
4447 0 : log_error (_("keyserver search failed: %s\n"), gpg_strerror (rc));
4448 : }
4449 0 : free_strlist (sl);
4450 0 : break;
4451 :
4452 : case aRefreshKeys:
4453 0 : sl = NULL;
4454 0 : for( ; argc; argc--, argv++ )
4455 0 : append_to_strlist2( &sl, *argv, utf8_strings );
4456 0 : rc = keyserver_refresh (ctrl, sl);
4457 0 : if(rc)
4458 : {
4459 0 : write_status_failure ("refresh-keys", rc);
4460 0 : log_error (_("keyserver refresh failed: %s\n"),gpg_strerror (rc));
4461 : }
4462 0 : free_strlist(sl);
4463 0 : break;
4464 :
4465 : case aFetchKeys:
4466 0 : sl = NULL;
4467 0 : for( ; argc; argc--, argv++ )
4468 0 : append_to_strlist2( &sl, *argv, utf8_strings );
4469 0 : rc = keyserver_fetch (ctrl, sl);
4470 0 : if(rc)
4471 : {
4472 0 : write_status_failure ("fetch-keys", rc);
4473 0 : log_error ("key fetch failed: %s\n",gpg_strerror (rc));
4474 : }
4475 0 : free_strlist(sl);
4476 0 : break;
4477 :
4478 : case aExportSecret:
4479 3 : sl = NULL;
4480 9 : for( ; argc; argc--, argv++ )
4481 6 : add_to_strlist2( &sl, *argv, utf8_strings );
4482 : {
4483 3 : export_stats_t stats = export_new_stats ();
4484 3 : export_seckeys (ctrl, sl, stats);
4485 3 : export_print_stats (stats);
4486 3 : export_release_stats (stats);
4487 : }
4488 3 : free_strlist(sl);
4489 3 : break;
4490 :
4491 : case aExportSecretSub:
4492 0 : sl = NULL;
4493 0 : for( ; argc; argc--, argv++ )
4494 0 : add_to_strlist2( &sl, *argv, utf8_strings );
4495 : {
4496 0 : export_stats_t stats = export_new_stats ();
4497 0 : export_secsubkeys (ctrl, sl, stats);
4498 0 : export_print_stats (stats);
4499 0 : export_release_stats (stats);
4500 : }
4501 0 : free_strlist(sl);
4502 0 : break;
4503 :
4504 : case aGenRevoke:
4505 0 : if( argc != 1 )
4506 0 : wrong_args("--gen-revoke user-id");
4507 0 : username = make_username(*argv);
4508 0 : gen_revoke( username );
4509 0 : xfree( username );
4510 0 : break;
4511 :
4512 : case aDesigRevoke:
4513 0 : if (argc != 1)
4514 0 : wrong_args ("--desig-revoke user-id");
4515 0 : username = make_username (*argv);
4516 0 : gen_desig_revoke (ctrl, username, locusr);
4517 0 : xfree (username);
4518 0 : break;
4519 :
4520 : case aDeArmor:
4521 36 : if( argc > 1 )
4522 0 : wrong_args("--dearmor [file]");
4523 36 : rc = dearmor_file( argc? *argv: NULL );
4524 36 : if( rc )
4525 : {
4526 0 : write_status_failure ("dearmor", rc);
4527 0 : log_error (_("dearmoring failed: %s\n"), gpg_strerror (rc));
4528 : }
4529 36 : break;
4530 :
4531 : case aEnArmor:
4532 0 : if( argc > 1 )
4533 0 : wrong_args("--enarmor [file]");
4534 0 : rc = enarmor_file( argc? *argv: NULL );
4535 0 : if( rc )
4536 : {
4537 0 : write_status_failure ("enarmor", rc);
4538 0 : log_error (_("enarmoring failed: %s\n"), gpg_strerror (rc));
4539 : }
4540 0 : break;
4541 :
4542 :
4543 : case aPrimegen:
4544 : #if 0 /*FIXME*/
4545 : { int mode = argc < 2 ? 0 : atoi(*argv);
4546 :
4547 : if( mode == 1 && argc == 2 ) {
4548 : mpi_print (es_stdout,
4549 : generate_public_prime( atoi(argv[1]) ), 1);
4550 : }
4551 : else if( mode == 2 && argc == 3 ) {
4552 : mpi_print (es_stdout, generate_elg_prime(
4553 : 0, atoi(argv[1]),
4554 : atoi(argv[2]), NULL,NULL ), 1);
4555 : }
4556 : else if( mode == 3 && argc == 3 ) {
4557 : MPI *factors;
4558 : mpi_print (es_stdout, generate_elg_prime(
4559 : 1, atoi(argv[1]),
4560 : atoi(argv[2]), NULL,&factors ), 1);
4561 : es_putc ('\n', es_stdout);
4562 : mpi_print (es_stdout, factors[0], 1 ); /* print q */
4563 : }
4564 : else if( mode == 4 && argc == 3 ) {
4565 : MPI g = mpi_alloc(1);
4566 : mpi_print (es_stdout, generate_elg_prime(
4567 : 0, atoi(argv[1]),
4568 : atoi(argv[2]), g, NULL ), 1);
4569 : es_putc ('\n', es_stdout);
4570 : mpi_print (es_stdout, g, 1 );
4571 : mpi_free (g);
4572 : }
4573 : else
4574 : wrong_args("--gen-prime mode bits [qbits] ");
4575 : es_putc ('\n', es_stdout);
4576 : }
4577 : #endif
4578 0 : wrong_args("--gen-prime not yet supported ");
4579 0 : break;
4580 :
4581 : case aGenRandom:
4582 : {
4583 0 : int level = argc ? atoi(*argv):0;
4584 0 : int count = argc > 1 ? atoi(argv[1]): 0;
4585 0 : int endless = !count;
4586 :
4587 0 : if( argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0 )
4588 0 : wrong_args("--gen-random 0|1|2 [count]");
4589 :
4590 0 : while( endless || count ) {
4591 : byte *p;
4592 : /* Wee need a multiple of 3, so that in case of
4593 : armored output we get a correct string. No
4594 : linefolding is done, as it is best to levae this to
4595 : other tools */
4596 0 : size_t n = !endless && count < 99? count : 99;
4597 :
4598 0 : p = gcry_random_bytes (n, level);
4599 : #ifdef HAVE_DOSISH_SYSTEM
4600 : setmode ( fileno(stdout), O_BINARY );
4601 : #endif
4602 0 : if (opt.armor) {
4603 0 : char *tmp = make_radix64_string (p, n);
4604 0 : es_fputs (tmp, es_stdout);
4605 0 : xfree (tmp);
4606 0 : if (n%3 == 1)
4607 0 : es_putc ('=', es_stdout);
4608 0 : if (n%3)
4609 0 : es_putc ('=', es_stdout);
4610 : } else {
4611 0 : es_fwrite( p, n, 1, es_stdout );
4612 : }
4613 0 : xfree(p);
4614 0 : if( !endless )
4615 0 : count -= n;
4616 : }
4617 0 : if (opt.armor)
4618 0 : es_putc ('\n', es_stdout);
4619 : }
4620 0 : break;
4621 :
4622 : case aPrintMD:
4623 1 : if( argc < 1)
4624 0 : wrong_args("--print-md algo [files]");
4625 : {
4626 1 : int all_algos = (**argv=='*' && !(*argv)[1]);
4627 1 : int algo = all_algos? 0 : gcry_md_map_name (*argv);
4628 :
4629 1 : if( !algo && !all_algos )
4630 0 : log_error(_("invalid hash algorithm '%s'\n"), *argv );
4631 : else {
4632 1 : argc--; argv++;
4633 1 : if( !argc )
4634 0 : print_mds(NULL, algo);
4635 : else {
4636 2 : for(; argc; argc--, argv++ )
4637 1 : print_mds(*argv, algo);
4638 : }
4639 : }
4640 : }
4641 1 : break;
4642 :
4643 : case aPrintMDs: /* old option */
4644 2 : if( !argc )
4645 2 : print_mds(NULL,0);
4646 : else {
4647 0 : for(; argc; argc--, argv++ )
4648 0 : print_mds(*argv,0);
4649 : }
4650 2 : break;
4651 :
4652 : #ifndef NO_TRUST_MODELS
4653 : case aListTrustDB:
4654 0 : if( !argc )
4655 0 : list_trustdb (es_stdout, NULL);
4656 : else {
4657 0 : for( ; argc; argc--, argv++ )
4658 0 : list_trustdb (es_stdout, *argv );
4659 : }
4660 0 : break;
4661 :
4662 : case aUpdateTrustDB:
4663 0 : if( argc )
4664 0 : wrong_args("--update-trustdb");
4665 0 : update_trustdb (ctrl);
4666 0 : break;
4667 :
4668 : case aCheckTrustDB:
4669 : /* Old versions allowed for arguments - ignore them */
4670 4 : check_trustdb (ctrl);
4671 4 : break;
4672 :
4673 : case aFixTrustDB:
4674 0 : how_to_fix_the_trustdb ();
4675 0 : break;
4676 :
4677 : case aListTrustPath:
4678 0 : if( !argc )
4679 0 : wrong_args("--list-trust-path <user-ids>");
4680 0 : for( ; argc; argc--, argv++ ) {
4681 0 : username = make_username( *argv );
4682 0 : list_trust_path( username );
4683 0 : xfree(username);
4684 : }
4685 0 : break;
4686 :
4687 : case aExportOwnerTrust:
4688 0 : if( argc )
4689 0 : wrong_args("--export-ownertrust");
4690 0 : export_ownertrust();
4691 0 : break;
4692 :
4693 : case aImportOwnerTrust:
4694 1 : if( argc > 1 )
4695 0 : wrong_args("--import-ownertrust [file]");
4696 1 : import_ownertrust( argc? *argv:NULL );
4697 1 : break;
4698 : #endif /*!NO_TRUST_MODELS*/
4699 :
4700 : case aRebuildKeydbCaches:
4701 0 : if (argc)
4702 0 : wrong_args ("--rebuild-keydb-caches");
4703 0 : keydb_rebuild_caches (1);
4704 0 : break;
4705 :
4706 : #ifdef ENABLE_CARD_SUPPORT
4707 : case aCardStatus:
4708 0 : if (argc)
4709 0 : wrong_args ("--card-status");
4710 0 : card_status (es_stdout, NULL, 0);
4711 0 : break;
4712 :
4713 : case aCardEdit:
4714 0 : if (argc) {
4715 0 : sl = NULL;
4716 0 : for (argc--, argv++ ; argc; argc--, argv++)
4717 0 : append_to_strlist (&sl, *argv);
4718 0 : card_edit (ctrl, sl);
4719 0 : free_strlist (sl);
4720 : }
4721 : else
4722 0 : card_edit (ctrl, NULL);
4723 0 : break;
4724 :
4725 : case aChangePIN:
4726 0 : if (!argc)
4727 0 : change_pin (0,1);
4728 0 : else if (argc == 1)
4729 0 : change_pin (atoi (*argv),1);
4730 : else
4731 0 : wrong_args ("--change-pin [no]");
4732 0 : break;
4733 : #endif /* ENABLE_CARD_SUPPORT*/
4734 :
4735 : case aListConfig:
4736 : {
4737 12 : char *str=collapse_args(argc,argv);
4738 12 : list_config(str);
4739 12 : xfree(str);
4740 : }
4741 12 : break;
4742 :
4743 : case aListGcryptConfig:
4744 : /* Fixme: It would be nice to integrate that with
4745 : --list-config but unfortunately there is no way yet to have
4746 : libgcrypt print it to an estream for further parsing. */
4747 0 : gcry_control (GCRYCTL_PRINT_CONFIG, stdout);
4748 0 : break;
4749 :
4750 : case aTOFUPolicy:
4751 : #ifdef USE_TOFU
4752 : {
4753 : int policy;
4754 : int i;
4755 : KEYDB_HANDLE hd;
4756 :
4757 5 : if (argc < 2)
4758 0 : wrong_args ("--tofu-policy POLICY KEYID [KEYID...]");
4759 :
4760 5 : policy = parse_tofu_policy (argv[0]);
4761 :
4762 5 : hd = keydb_new ();
4763 5 : if (! hd)
4764 0 : g10_exit (1);
4765 :
4766 5 : tofu_begin_batch_update (ctrl);
4767 :
4768 10 : for (i = 1; i < argc; i ++)
4769 : {
4770 : KEYDB_SEARCH_DESC desc;
4771 : kbnode_t kb;
4772 :
4773 5 : rc = classify_user_id (argv[i], &desc, 0);
4774 5 : if (rc)
4775 : {
4776 0 : log_error (_("error parsing key specification '%s': %s\n"),
4777 0 : argv[i], gpg_strerror (rc));
4778 0 : g10_exit (1);
4779 : }
4780 :
4781 5 : if (! (desc.mode == KEYDB_SEARCH_MODE_SHORT_KID
4782 0 : || desc.mode == KEYDB_SEARCH_MODE_LONG_KID
4783 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR16
4784 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR20
4785 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR
4786 0 : || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP))
4787 : {
4788 0 : log_error (_("'%s' does not appear to be a valid"
4789 : " key ID, fingerprint or keygrip\n"),
4790 0 : argv[i]);
4791 0 : g10_exit (1);
4792 : }
4793 :
4794 5 : rc = keydb_search_reset (hd);
4795 5 : if (rc)
4796 : {
4797 : /* This should not happen, thus no need to tranalate
4798 : the string. */
4799 0 : log_error ("keydb_search_reset failed: %s\n",
4800 : gpg_strerror (rc));
4801 0 : g10_exit (1);
4802 : }
4803 :
4804 5 : rc = keydb_search (hd, &desc, 1, NULL);
4805 5 : if (rc)
4806 : {
4807 0 : log_error (_("key \"%s\" not found: %s\n"), argv[i],
4808 : gpg_strerror (rc));
4809 0 : g10_exit (1);
4810 : }
4811 :
4812 5 : rc = keydb_get_keyblock (hd, &kb);
4813 5 : if (rc)
4814 : {
4815 0 : log_error (_("error reading keyblock: %s\n"),
4816 : gpg_strerror (rc));
4817 0 : g10_exit (1);
4818 : }
4819 :
4820 5 : merge_keys_and_selfsig (kb);
4821 5 : if (tofu_set_policy (ctrl, kb, policy))
4822 0 : g10_exit (1);
4823 : }
4824 :
4825 5 : tofu_end_batch_update (ctrl);
4826 :
4827 5 : keydb_release (hd);
4828 : }
4829 : #endif /*USE_TOFU*/
4830 5 : break;
4831 :
4832 : case aListPackets:
4833 : default:
4834 399 : if( argc > 1 )
4835 0 : wrong_args(_("[filename]"));
4836 : /* Issue some output for the unix newbie */
4837 399 : if (!fname && !opt.outfile
4838 0 : && gnupg_isatty (fileno (stdin))
4839 0 : && gnupg_isatty (fileno (stdout))
4840 0 : && gnupg_isatty (fileno (stderr)))
4841 0 : log_info(_("Go ahead and type your message ...\n"));
4842 :
4843 399 : a = iobuf_open(fname);
4844 399 : if (a && is_secured_file (iobuf_get_fd (a)))
4845 : {
4846 0 : iobuf_close (a);
4847 0 : a = NULL;
4848 0 : gpg_err_set_errno (EPERM);
4849 : }
4850 399 : if( !a )
4851 0 : log_error(_("can't open '%s'\n"), print_fname_stdin(fname));
4852 : else {
4853 :
4854 399 : if( !opt.no_armor ) {
4855 399 : if( use_armor_filter( a ) ) {
4856 61 : afx = new_armor_context ();
4857 61 : push_armor_filter (afx, a);
4858 : }
4859 : }
4860 399 : if( cmd == aListPackets ) {
4861 13 : opt.list_packets=1;
4862 13 : set_packet_list_mode(1);
4863 : }
4864 399 : rc = proc_packets (ctrl, NULL, a );
4865 399 : if( rc )
4866 : {
4867 0 : write_status_failure ("-", rc);
4868 0 : log_error ("processing message failed: %s\n",
4869 : gpg_strerror (rc));
4870 : }
4871 399 : iobuf_close(a);
4872 : }
4873 399 : break;
4874 : }
4875 :
4876 : /* cleanup */
4877 1177 : gpg_deinit_default_ctrl (ctrl);
4878 1177 : xfree (ctrl);
4879 1177 : release_armor_context (afx);
4880 1177 : FREE_STRLIST(remusr);
4881 1177 : FREE_STRLIST(locusr);
4882 1177 : g10_exit(0);
4883 : return 8; /*NEVER REACHED*/
4884 : }
4885 :
4886 :
4887 : /* Note: This function is used by signal handlers!. */
4888 : static void
4889 1180 : emergency_cleanup (void)
4890 : {
4891 1180 : gcry_control (GCRYCTL_TERM_SECMEM );
4892 1180 : }
4893 :
4894 :
4895 : void
4896 1180 : g10_exit( int rc )
4897 : {
4898 1180 : gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
4899 1180 : if (DBG_CLOCK)
4900 0 : log_clock ("stop");
4901 :
4902 1180 : if ( (opt.debug & DBG_MEMSTAT_VALUE) )
4903 : {
4904 0 : keydb_dump_stats ();
4905 0 : gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
4906 0 : gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
4907 : }
4908 1180 : if (opt.debug)
4909 0 : gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
4910 :
4911 1180 : emergency_cleanup ();
4912 :
4913 1180 : rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
4914 1180 : exit (rc);
4915 : }
4916 :
4917 :
4918 : /* Pretty-print hex hashes. This assumes at least an 80-character
4919 : display, but there are a few other similar assumptions in the
4920 : display code. */
4921 : static void
4922 0 : print_hex (gcry_md_hd_t md, int algo, const char *fname)
4923 : {
4924 0 : int i,n,count,indent=0;
4925 : const byte *p;
4926 :
4927 0 : if (fname)
4928 0 : indent = es_printf("%s: ",fname);
4929 :
4930 0 : if (indent>40)
4931 : {
4932 0 : es_printf ("\n");
4933 0 : indent=0;
4934 : }
4935 :
4936 0 : if (algo==DIGEST_ALGO_RMD160)
4937 0 : indent += es_printf("RMD160 = ");
4938 0 : else if (algo>0)
4939 0 : indent += es_printf("%6s = ", gcry_md_algo_name (algo));
4940 : else
4941 0 : algo = abs(algo);
4942 :
4943 0 : count = indent;
4944 :
4945 0 : p = gcry_md_read (md, algo);
4946 0 : n = gcry_md_get_algo_dlen (algo);
4947 :
4948 0 : count += es_printf ("%02X",*p++);
4949 :
4950 0 : for(i=1;i<n;i++,p++)
4951 : {
4952 0 : if(n==16)
4953 : {
4954 0 : if(count+2>79)
4955 : {
4956 0 : es_printf ("\n%*s",indent," ");
4957 0 : count = indent;
4958 : }
4959 : else
4960 0 : count += es_printf(" ");
4961 :
4962 0 : if (!(i%8))
4963 0 : count += es_printf(" ");
4964 : }
4965 0 : else if (n==20)
4966 : {
4967 0 : if(!(i%2))
4968 : {
4969 0 : if(count+4>79)
4970 : {
4971 0 : es_printf ("\n%*s",indent," ");
4972 0 : count=indent;
4973 : }
4974 : else
4975 0 : count += es_printf(" ");
4976 : }
4977 :
4978 0 : if (!(i%10))
4979 0 : count += es_printf(" ");
4980 : }
4981 : else
4982 : {
4983 0 : if(!(i%4))
4984 : {
4985 0 : if (count+8>79)
4986 : {
4987 0 : es_printf ("\n%*s",indent," ");
4988 0 : count=indent;
4989 : }
4990 : else
4991 0 : count += es_printf(" ");
4992 : }
4993 : }
4994 :
4995 0 : count += es_printf("%02X",*p);
4996 : }
4997 :
4998 0 : es_printf ("\n");
4999 0 : }
5000 :
5001 : static void
5002 15 : print_hashline( gcry_md_hd_t md, int algo, const char *fname )
5003 : {
5004 : int i, n;
5005 : const byte *p;
5006 :
5007 15 : if ( fname )
5008 : {
5009 51 : for (p = fname; *p; p++ )
5010 : {
5011 50 : if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
5012 0 : es_printf ("%%%02X", *p );
5013 : else
5014 50 : es_putc (*p, es_stdout);
5015 : }
5016 : }
5017 15 : es_putc (':', es_stdout);
5018 15 : es_printf ("%d:", algo);
5019 15 : p = gcry_md_read (md, algo);
5020 15 : n = gcry_md_get_algo_dlen (algo);
5021 491 : for(i=0; i < n ; i++, p++ )
5022 476 : es_printf ("%02X", *p);
5023 15 : es_fputs (":\n", es_stdout);
5024 15 : }
5025 :
5026 :
5027 : static void
5028 3 : print_mds( const char *fname, int algo )
5029 : {
5030 : estream_t fp;
5031 : char buf[1024];
5032 : size_t n;
5033 : gcry_md_hd_t md;
5034 :
5035 3 : if (!fname)
5036 : {
5037 2 : fp = es_stdin;
5038 2 : es_set_binary (fp);
5039 : }
5040 : else
5041 : {
5042 1 : fp = es_fopen (fname, "rb" );
5043 1 : if (fp && is_secured_file (es_fileno (fp)))
5044 : {
5045 0 : es_fclose (fp);
5046 0 : fp = NULL;
5047 0 : gpg_err_set_errno (EPERM);
5048 : }
5049 : }
5050 3 : if (!fp)
5051 : {
5052 0 : log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
5053 3 : return;
5054 : }
5055 :
5056 3 : gcry_md_open (&md, 0, 0);
5057 3 : if (algo)
5058 1 : gcry_md_enable (md, algo);
5059 : else
5060 : {
5061 2 : if (!gcry_md_test_algo (GCRY_MD_MD5))
5062 2 : gcry_md_enable (md, GCRY_MD_MD5);
5063 2 : gcry_md_enable (md, GCRY_MD_SHA1);
5064 2 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
5065 2 : gcry_md_enable (md, GCRY_MD_RMD160);
5066 2 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
5067 2 : gcry_md_enable (md, GCRY_MD_SHA224);
5068 2 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
5069 2 : gcry_md_enable (md, GCRY_MD_SHA256);
5070 2 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
5071 2 : gcry_md_enable (md, GCRY_MD_SHA384);
5072 2 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
5073 2 : gcry_md_enable (md, GCRY_MD_SHA512);
5074 : }
5075 :
5076 51 : while ((n=es_fread (buf, 1, DIM(buf), fp)))
5077 45 : gcry_md_write (md, buf, n);
5078 :
5079 3 : if (es_ferror(fp))
5080 0 : log_error ("%s: %s\n", fname?fname:"[stdin]", strerror(errno));
5081 : else
5082 : {
5083 3 : gcry_md_final (md);
5084 3 : if (opt.with_colons)
5085 : {
5086 3 : if ( algo )
5087 1 : print_hashline (md, algo, fname);
5088 : else
5089 : {
5090 2 : if (!gcry_md_test_algo (GCRY_MD_MD5))
5091 2 : print_hashline( md, GCRY_MD_MD5, fname );
5092 2 : print_hashline( md, GCRY_MD_SHA1, fname );
5093 2 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
5094 2 : print_hashline( md, GCRY_MD_RMD160, fname );
5095 2 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
5096 2 : print_hashline (md, GCRY_MD_SHA224, fname);
5097 2 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
5098 2 : print_hashline( md, GCRY_MD_SHA256, fname );
5099 2 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
5100 2 : print_hashline ( md, GCRY_MD_SHA384, fname );
5101 2 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
5102 2 : print_hashline ( md, GCRY_MD_SHA512, fname );
5103 : }
5104 : }
5105 : else
5106 : {
5107 0 : if (algo)
5108 0 : print_hex (md, -algo, fname);
5109 : else
5110 : {
5111 0 : if (!gcry_md_test_algo (GCRY_MD_MD5))
5112 0 : print_hex (md, GCRY_MD_MD5, fname);
5113 0 : print_hex (md, GCRY_MD_SHA1, fname );
5114 0 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
5115 0 : print_hex (md, GCRY_MD_RMD160, fname );
5116 0 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
5117 0 : print_hex (md, GCRY_MD_SHA224, fname);
5118 0 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
5119 0 : print_hex (md, GCRY_MD_SHA256, fname );
5120 0 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
5121 0 : print_hex (md, GCRY_MD_SHA384, fname );
5122 0 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
5123 0 : print_hex (md, GCRY_MD_SHA512, fname );
5124 : }
5125 : }
5126 : }
5127 3 : gcry_md_close (md);
5128 :
5129 3 : if (fp != es_stdin)
5130 1 : es_fclose (fp);
5131 : }
5132 :
5133 :
5134 : /****************
5135 : * Check the supplied name,value string and add it to the notation
5136 : * data to be used for signatures. which==0 for sig notations, and 1
5137 : * for cert notations.
5138 : */
5139 : static void
5140 0 : add_notation_data( const char *string, int which )
5141 : {
5142 : struct notation *notation;
5143 :
5144 0 : notation=string_to_notation(string,utf8_strings);
5145 0 : if(notation)
5146 : {
5147 0 : if(which)
5148 : {
5149 0 : notation->next=opt.cert_notations;
5150 0 : opt.cert_notations=notation;
5151 : }
5152 : else
5153 : {
5154 0 : notation->next=opt.sig_notations;
5155 0 : opt.sig_notations=notation;
5156 : }
5157 : }
5158 0 : }
5159 :
5160 : static void
5161 0 : add_policy_url( const char *string, int which )
5162 : {
5163 0 : unsigned int i,critical=0;
5164 : strlist_t sl;
5165 :
5166 0 : if(*string=='!')
5167 : {
5168 0 : string++;
5169 0 : critical=1;
5170 : }
5171 :
5172 0 : for(i=0;i<strlen(string);i++)
5173 0 : if( !isascii (string[i]) || iscntrl(string[i]))
5174 : break;
5175 :
5176 0 : if(i==0 || i<strlen(string))
5177 : {
5178 0 : if(which)
5179 0 : log_error(_("the given certification policy URL is invalid\n"));
5180 : else
5181 0 : log_error(_("the given signature policy URL is invalid\n"));
5182 : }
5183 :
5184 0 : if(which)
5185 0 : sl=add_to_strlist( &opt.cert_policy_url, string );
5186 : else
5187 0 : sl=add_to_strlist( &opt.sig_policy_url, string );
5188 :
5189 0 : if(critical)
5190 0 : sl->flags |= 1;
5191 0 : }
5192 :
5193 : static void
5194 0 : add_keyserver_url( const char *string, int which )
5195 : {
5196 0 : unsigned int i,critical=0;
5197 : strlist_t sl;
5198 :
5199 0 : if(*string=='!')
5200 : {
5201 0 : string++;
5202 0 : critical=1;
5203 : }
5204 :
5205 0 : for(i=0;i<strlen(string);i++)
5206 0 : if( !isascii (string[i]) || iscntrl(string[i]))
5207 : break;
5208 :
5209 0 : if(i==0 || i<strlen(string))
5210 : {
5211 0 : if(which)
5212 0 : BUG();
5213 : else
5214 0 : log_error(_("the given preferred keyserver URL is invalid\n"));
5215 : }
5216 :
5217 0 : if(which)
5218 0 : BUG();
5219 : else
5220 0 : sl=add_to_strlist( &opt.sig_keyserver_url, string );
5221 :
5222 0 : if(critical)
5223 0 : sl->flags |= 1;
5224 0 : }
5225 :
5226 :
5227 : static void
5228 0 : read_sessionkey_from_fd (int fd)
5229 : {
5230 : int i, len;
5231 : char *line;
5232 :
5233 0 : for (line = NULL, i = len = 100; ; i++ )
5234 : {
5235 0 : if (i >= len-1 )
5236 : {
5237 0 : char *tmp = line;
5238 0 : len += 100;
5239 0 : line = xmalloc_secure (len);
5240 0 : if (tmp)
5241 : {
5242 0 : memcpy (line, tmp, i);
5243 0 : xfree (tmp);
5244 : }
5245 : else
5246 0 : i=0;
5247 : }
5248 0 : if (read (fd, line + i, 1) != 1 || line[i] == '\n')
5249 : break;
5250 0 : }
5251 0 : line[i] = 0;
5252 0 : log_debug ("seskey: %s\n", line);
5253 0 : gpgrt_annotate_leaked_object (line);
5254 0 : opt.override_session_key = line;
5255 0 : }
|
