Line data Source code
1 : /* gpg.c - The GnuPG utility (main for gpg)
2 : * Copyright (C) 1998-2011 Free Software Foundation, Inc.
3 : * Copyright (C) 1997-2014 Werner Koch
4 : * Copyright (C) 2015 g10 Code GmbH
5 : *
6 : * This file is part of GnuPG.
7 : *
8 : * GnuPG is free software; you can redistribute it and/or modify
9 : * it under the terms of the GNU General Public License as published by
10 : * the Free Software Foundation; either version 3 of the License, or
11 : * (at your option) any later version.
12 : *
13 : * GnuPG is distributed in the hope that it will be useful,
14 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : * GNU General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU General Public License
19 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include <config.h>
23 : #include <errno.h>
24 : #include <stdio.h>
25 : #include <stdlib.h>
26 : #include <string.h>
27 : #include <ctype.h>
28 : #include <unistd.h>
29 : #include <assert.h>
30 : #ifdef HAVE_STAT
31 : #include <sys/stat.h> /* for stat() */
32 : #endif
33 : #include <fcntl.h>
34 : #ifdef HAVE_W32_SYSTEM
35 : # ifdef HAVE_WINSOCK2_H
36 : # include <winsock2.h>
37 : # endif
38 : # include <windows.h>
39 : #endif
40 :
41 : #define INCLUDED_BY_MAIN_MODULE 1
42 : #include "gpg.h"
43 : #include <assuan.h>
44 : #include "../common/iobuf.h"
45 : #include "util.h"
46 : #include "packet.h"
47 : #include "membuf.h"
48 : #include "main.h"
49 : #include "options.h"
50 : #include "keydb.h"
51 : #include "trustdb.h"
52 : #include "filter.h"
53 : #include "ttyio.h"
54 : #include "i18n.h"
55 : #include "sysutils.h"
56 : #include "status.h"
57 : #include "keyserver-internal.h"
58 : #include "exec.h"
59 : #include "gc-opt-flags.h"
60 : #include "asshelp.h"
61 : #include "call-dirmngr.h"
62 : #include "tofu.h"
63 : #include "../common/init.h"
64 : #include "../common/shareddefs.h"
65 :
66 : #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
67 : #define MY_O_BINARY O_BINARY
68 : #ifndef S_IRGRP
69 : # define S_IRGRP 0
70 : # define S_IWGRP 0
71 : #endif
72 : #else
73 : #define MY_O_BINARY 0
74 : #endif
75 :
76 :
77 : enum cmd_and_opt_values
78 : {
79 : aNull = 0,
80 : oArmor = 'a',
81 : aDetachedSign = 'b',
82 : aSym = 'c',
83 : aDecrypt = 'd',
84 : aEncr = 'e',
85 : oInteractive = 'i',
86 : aListKeys = 'k',
87 : oDryRun = 'n',
88 : oOutput = 'o',
89 : oQuiet = 'q',
90 : oRecipient = 'r',
91 : oHiddenRecipient = 'R',
92 : aSign = 's',
93 : oTextmodeShort= 't',
94 : oLocalUser = 'u',
95 : oVerbose = 'v',
96 : oCompress = 'z',
97 : oSetNotation = 'N',
98 : aListSecretKeys = 'K',
99 : oBatch = 500,
100 : oMaxOutput,
101 : oSigNotation,
102 : oCertNotation,
103 : oShowNotation,
104 : oNoShowNotation,
105 : aEncrFiles,
106 : aEncrSym,
107 : aDecryptFiles,
108 : aClearsign,
109 : aStore,
110 : aQuickKeygen,
111 : aFullKeygen,
112 : aKeygen,
113 : aSignEncr,
114 : aSignEncrSym,
115 : aSignSym,
116 : aSignKey,
117 : aLSignKey,
118 : aQuickSignKey,
119 : aQuickLSignKey,
120 : aQuickAddUid,
121 : aListConfig,
122 : aListGcryptConfig,
123 : aGPGConfList,
124 : aGPGConfTest,
125 : aListPackets,
126 : aEditKey,
127 : aDeleteKeys,
128 : aDeleteSecretKeys,
129 : aDeleteSecretAndPublicKeys,
130 : aImport,
131 : aFastImport,
132 : aVerify,
133 : aVerifyFiles,
134 : aListSigs,
135 : aSendKeys,
136 : aRecvKeys,
137 : aLocateKeys,
138 : aSearchKeys,
139 : aRefreshKeys,
140 : aFetchKeys,
141 : aExport,
142 : aExportSecret,
143 : aExportSecretSub,
144 : aCheckKeys,
145 : aGenRevoke,
146 : aDesigRevoke,
147 : aPrimegen,
148 : aPrintMD,
149 : aPrintMDs,
150 : aCheckTrustDB,
151 : aUpdateTrustDB,
152 : aFixTrustDB,
153 : aListTrustDB,
154 : aListTrustPath,
155 : aExportOwnerTrust,
156 : aImportOwnerTrust,
157 : aDeArmor,
158 : aEnArmor,
159 : aGenRandom,
160 : aRebuildKeydbCaches,
161 : aCardStatus,
162 : aCardEdit,
163 : aChangePIN,
164 : aPasswd,
165 : aServer,
166 : aTOFUPolicy,
167 :
168 : oTextmode,
169 : oNoTextmode,
170 : oExpert,
171 : oNoExpert,
172 : oDefSigExpire,
173 : oAskSigExpire,
174 : oNoAskSigExpire,
175 : oDefCertExpire,
176 : oAskCertExpire,
177 : oNoAskCertExpire,
178 : oDefCertLevel,
179 : oMinCertLevel,
180 : oAskCertLevel,
181 : oNoAskCertLevel,
182 : oFingerprint,
183 : oWithFingerprint,
184 : oWithICAOSpelling,
185 : oWithKeygrip,
186 : oWithSecret,
187 : oAnswerYes,
188 : oAnswerNo,
189 : oKeyring,
190 : oPrimaryKeyring,
191 : oSecretKeyring,
192 : oShowKeyring,
193 : oDefaultKey,
194 : oDefRecipient,
195 : oDefRecipientSelf,
196 : oNoDefRecipient,
197 : oTrySecretKey,
198 : oOptions,
199 : oDebug,
200 : oDebugLevel,
201 : oDebugAll,
202 : oDebugIOLBF,
203 : oStatusFD,
204 : oStatusFile,
205 : oAttributeFD,
206 : oAttributeFile,
207 : oEmitVersion,
208 : oNoEmitVersion,
209 : oCompletesNeeded,
210 : oMarginalsNeeded,
211 : oMaxCertDepth,
212 : oLoadExtension,
213 : oGnuPG,
214 : oRFC2440,
215 : oRFC4880,
216 : oOpenPGP,
217 : oPGP6,
218 : oPGP7,
219 : oPGP8,
220 : oRFC2440Text,
221 : oNoRFC2440Text,
222 : oCipherAlgo,
223 : oDigestAlgo,
224 : oCertDigestAlgo,
225 : oCompressAlgo,
226 : oCompressLevel,
227 : oBZ2CompressLevel,
228 : oBZ2DecompressLowmem,
229 : oPassphrase,
230 : oPassphraseFD,
231 : oPassphraseFile,
232 : oPassphraseRepeat,
233 : oPinentryMode,
234 : oCommandFD,
235 : oCommandFile,
236 : oQuickRandom,
237 : oNoVerbose,
238 : oTrustDBName,
239 : oNoSecmemWarn,
240 : oRequireSecmem,
241 : oNoRequireSecmem,
242 : oNoPermissionWarn,
243 : oNoMDCWarn,
244 : oNoArmor,
245 : oNoDefKeyring,
246 : oNoGreeting,
247 : oNoTTY,
248 : oNoOptions,
249 : oNoBatch,
250 : oHomedir,
251 : oWithColons,
252 : oWithKeyData,
253 : oWithSigList,
254 : oWithSigCheck,
255 : oSkipVerify,
256 : oSkipHiddenRecipients,
257 : oNoSkipHiddenRecipients,
258 : oAlwaysTrust,
259 : oTrustModel,
260 : oForceOwnertrust,
261 : oSetFilename,
262 : oForYourEyesOnly,
263 : oNoForYourEyesOnly,
264 : oSetPolicyURL,
265 : oSigPolicyURL,
266 : oCertPolicyURL,
267 : oShowPolicyURL,
268 : oNoShowPolicyURL,
269 : oSigKeyserverURL,
270 : oUseEmbeddedFilename,
271 : oNoUseEmbeddedFilename,
272 : oComment,
273 : oDefaultComment,
274 : oNoComments,
275 : oThrowKeyids,
276 : oNoThrowKeyids,
277 : oShowPhotos,
278 : oNoShowPhotos,
279 : oPhotoViewer,
280 : oForceMDC,
281 : oNoForceMDC,
282 : oDisableMDC,
283 : oNoDisableMDC,
284 : oS2KMode,
285 : oS2KDigest,
286 : oS2KCipher,
287 : oS2KCount,
288 : oDisplayCharset,
289 : oNotDashEscaped,
290 : oEscapeFrom,
291 : oNoEscapeFrom,
292 : oLockOnce,
293 : oLockMultiple,
294 : oLockNever,
295 : oKeyServer,
296 : oKeyServerOptions,
297 : oImportOptions,
298 : oExportOptions,
299 : oListOptions,
300 : oVerifyOptions,
301 : oTempDir,
302 : oExecPath,
303 : oEncryptTo,
304 : oHiddenEncryptTo,
305 : oNoEncryptTo,
306 : oEncryptToDefaultKey,
307 : oLoggerFD,
308 : oLoggerFile,
309 : oUtf8Strings,
310 : oNoUtf8Strings,
311 : oDisableCipherAlgo,
312 : oDisablePubkeyAlgo,
313 : oAllowNonSelfsignedUID,
314 : oNoAllowNonSelfsignedUID,
315 : oAllowFreeformUID,
316 : oNoAllowFreeformUID,
317 : oAllowSecretKeyImport,
318 : oEnableSpecialFilenames,
319 : oNoLiteral,
320 : oSetFilesize,
321 : oHonorHttpProxy,
322 : oFastListMode,
323 : oListOnly,
324 : oIgnoreTimeConflict,
325 : oIgnoreValidFrom,
326 : oIgnoreCrcError,
327 : oIgnoreMDCError,
328 : oShowSessionKey,
329 : oOverrideSessionKey,
330 : oNoRandomSeedFile,
331 : oAutoKeyRetrieve,
332 : oNoAutoKeyRetrieve,
333 : oUseAgent,
334 : oNoUseAgent,
335 : oGpgAgentInfo,
336 : oMergeOnly,
337 : oTryAllSecrets,
338 : oTrustedKey,
339 : oNoExpensiveTrustChecks,
340 : oFixedListMode,
341 : oLegacyListMode,
342 : oNoSigCache,
343 : oAutoCheckTrustDB,
344 : oNoAutoCheckTrustDB,
345 : oPreservePermissions,
346 : oDefaultPreferenceList,
347 : oDefaultKeyserverURL,
348 : oPersonalCipherPreferences,
349 : oPersonalDigestPreferences,
350 : oPersonalCompressPreferences,
351 : oAgentProgram,
352 : oDirmngrProgram,
353 : oDisplay,
354 : oTTYname,
355 : oTTYtype,
356 : oLCctype,
357 : oLCmessages,
358 : oXauthority,
359 : oGroup,
360 : oUnGroup,
361 : oNoGroups,
362 : oStrict,
363 : oNoStrict,
364 : oMangleDosFilenames,
365 : oNoMangleDosFilenames,
366 : oEnableProgressFilter,
367 : oMultifile,
368 : oKeyidFormat,
369 : oExitOnStatusWriteError,
370 : oLimitCardInsertTries,
371 : oReaderPort,
372 : octapiDriver,
373 : opcscDriver,
374 : oDisableCCID,
375 : oRequireCrossCert,
376 : oNoRequireCrossCert,
377 : oAutoKeyLocate,
378 : oNoAutoKeyLocate,
379 : oAllowMultisigVerification,
380 : oEnableLargeRSA,
381 : oDisableLargeRSA,
382 : oEnableDSA2,
383 : oDisableDSA2,
384 : oAllowMultipleMessages,
385 : oNoAllowMultipleMessages,
386 : oAllowWeakDigestAlgos,
387 : oFakedSystemTime,
388 : oNoAutostart,
389 : oPrintPKARecords,
390 : oPrintDANERecords,
391 : oTOFUDefaultPolicy,
392 : oTOFUDBFormat,
393 : oWeakDigest,
394 : oUnwrap,
395 :
396 : oNoop
397 : };
398 :
399 :
400 : static ARGPARSE_OPTS opts[] = {
401 :
402 : ARGPARSE_group (300, N_("@Commands:\n ")),
403 :
404 : ARGPARSE_c (aSign, "sign", N_("make a signature")),
405 : ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature")),
406 : ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")),
407 : ARGPARSE_c (aEncr, "encrypt", N_("encrypt data")),
408 : ARGPARSE_c (aEncrFiles, "encrypt-files", "@"),
409 : ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
410 : ARGPARSE_c (aStore, "store", "@"),
411 : ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
412 : ARGPARSE_c (aDecryptFiles, "decrypt-files", "@"),
413 : ARGPARSE_c (aVerify, "verify" , N_("verify a signature")),
414 : ARGPARSE_c (aVerifyFiles, "verify-files" , "@" ),
415 : ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
416 : ARGPARSE_c (aListKeys, "list-public-keys", "@" ),
417 : ARGPARSE_c (aListSigs, "list-sigs", N_("list keys and signatures")),
418 : ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
419 : ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
420 : ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
421 : ARGPARSE_c (aKeygen, "gen-key",
422 : N_("generate a new key pair")),
423 : ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
424 : N_("quickly generate a new key pair")),
425 : ARGPARSE_c (aQuickAddUid, "quick-adduid",
426 : N_("quickly add a new user-id")),
427 : ARGPARSE_c (aFullKeygen, "full-gen-key" ,
428 : N_("full featured key pair generation")),
429 : ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
430 : ARGPARSE_c (aDeleteKeys,"delete-keys",
431 : N_("remove keys from the public keyring")),
432 : ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
433 : N_("remove keys from the secret keyring")),
434 : ARGPARSE_c (aQuickSignKey, "quick-sign-key" ,
435 : N_("quickly sign a key")),
436 : ARGPARSE_c (aQuickLSignKey, "quick-lsign-key",
437 : N_("quickly sign a key locally")),
438 : ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")),
439 : ARGPARSE_c (aLSignKey, "lsign-key" ,N_("sign a key locally")),
440 : ARGPARSE_c (aEditKey, "edit-key" ,N_("sign or edit a key")),
441 : ARGPARSE_c (aEditKey, "key-edit" ,"@"),
442 : ARGPARSE_c (aPasswd, "passwd", N_("change a passphrase")),
443 : ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
444 : ARGPARSE_c (aExport, "export" , N_("export keys") ),
445 : ARGPARSE_c (aSendKeys, "send-keys" , N_("export keys to a key server") ),
446 : ARGPARSE_c (aRecvKeys, "recv-keys" , N_("import keys from a key server") ),
447 : ARGPARSE_c (aSearchKeys, "search-keys" ,
448 : N_("search for keys on a key server") ),
449 : ARGPARSE_c (aRefreshKeys, "refresh-keys",
450 : N_("update all keys from a keyserver")),
451 : ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
452 : ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
453 : ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
454 : ARGPARSE_c (aExportSecretSub, "export-secret-subkeys" , "@" ),
455 : ARGPARSE_c (aImport, "import", N_("import/merge keys")),
456 : ARGPARSE_c (aFastImport, "fast-import", "@"),
457 : #ifdef ENABLE_CARD_SUPPORT
458 : ARGPARSE_c (aCardStatus, "card-status", N_("print the card status")),
459 : ARGPARSE_c (aCardEdit, "card-edit", N_("change data on a card")),
460 : ARGPARSE_c (aChangePIN, "change-pin", N_("change a card's PIN")),
461 : #endif
462 : ARGPARSE_c (aListConfig, "list-config", "@"),
463 : ARGPARSE_c (aListGcryptConfig, "list-gcrypt-config", "@"),
464 : ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
465 : ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
466 : ARGPARSE_c (aListPackets, "list-packets","@"),
467 :
468 : #ifndef NO_TRUST_MODELS
469 : ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
470 : ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
471 : ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
472 : N_("update the trust database")),
473 : ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
474 : ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
475 : #endif
476 :
477 : ARGPARSE_c (aDeArmor, "dearmor", "@"),
478 : ARGPARSE_c (aDeArmor, "dearmour", "@"),
479 : ARGPARSE_c (aEnArmor, "enarmor", "@"),
480 : ARGPARSE_c (aEnArmor, "enarmour", "@"),
481 : ARGPARSE_c (aPrintMD, "print-md", N_("print message digests")),
482 : ARGPARSE_c (aPrimegen, "gen-prime", "@" ),
483 : ARGPARSE_c (aGenRandom,"gen-random", "@" ),
484 : ARGPARSE_c (aServer, "server", N_("run in server mode")),
485 : ARGPARSE_c (aTOFUPolicy, "tofu-policy",
486 : N_("|VALUE|set the TOFU policy for a key (good, unknown, bad, ask, auto)")),
487 :
488 : ARGPARSE_group (301, N_("@\nOptions:\n ")),
489 :
490 : ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
491 : ARGPARSE_s_n (oArmor, "armour", "@"),
492 :
493 : ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
494 : ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
495 : ARGPARSE_s_s (oRecipient, "remote-user", "@"), /* (old option name) */
496 : ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
497 : ARGPARSE_s_n (oDefRecipientSelf, "default-recipient-self", "@"),
498 : ARGPARSE_s_n (oNoDefRecipient, "no-default-recipient", "@"),
499 :
500 : ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
501 : ARGPARSE_s_s (oExecPath, "exec-path", "@"),
502 : ARGPARSE_s_s (oEncryptTo, "encrypt-to", "@"),
503 : ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"),
504 : ARGPARSE_s_s (oHiddenEncryptTo, "hidden-encrypt-to", "@"),
505 : ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"),
506 : ARGPARSE_s_s (oLocalUser, "local-user",
507 : N_("|USER-ID|use USER-ID to sign or decrypt")),
508 :
509 : ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"),
510 :
511 : ARGPARSE_s_i (oCompress, NULL,
512 : N_("|N|set compress level to N (0 disables)")),
513 : ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
514 : ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
515 : ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
516 :
517 : ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
518 : ARGPARSE_s_n (oTextmode, "textmode", N_("use canonical text mode")),
519 : ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
520 :
521 : ARGPARSE_s_n (oExpert, "expert", "@"),
522 : ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
523 :
524 : ARGPARSE_s_s (oDefSigExpire, "default-sig-expire", "@"),
525 : ARGPARSE_s_n (oAskSigExpire, "ask-sig-expire", "@"),
526 : ARGPARSE_s_n (oNoAskSigExpire, "no-ask-sig-expire", "@"),
527 : ARGPARSE_s_s (oDefCertExpire, "default-cert-expire", "@"),
528 : ARGPARSE_s_n (oAskCertExpire, "ask-cert-expire", "@"),
529 : ARGPARSE_s_n (oNoAskCertExpire, "no-ask-cert-expire", "@"),
530 : ARGPARSE_s_i (oDefCertLevel, "default-cert-level", "@"),
531 : ARGPARSE_s_i (oMinCertLevel, "min-cert-level", "@"),
532 : ARGPARSE_s_n (oAskCertLevel, "ask-cert-level", "@"),
533 : ARGPARSE_s_n (oNoAskCertLevel, "no-ask-cert-level", "@"),
534 :
535 : ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
536 : ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
537 :
538 : ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
539 : ARGPARSE_s_n (oQuiet, "quiet", "@"),
540 : ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
541 :
542 : ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
543 : ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
544 : ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
545 : ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
546 :
547 : ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
548 : ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
549 :
550 : ARGPARSE_s_n (oBatch, "batch", "@"),
551 : ARGPARSE_s_n (oAnswerYes, "yes", "@"),
552 : ARGPARSE_s_n (oAnswerNo, "no", "@"),
553 : ARGPARSE_s_s (oKeyring, "keyring", "@"),
554 : ARGPARSE_s_s (oPrimaryKeyring, "primary-keyring", "@"),
555 : ARGPARSE_s_s (oSecretKeyring, "secret-keyring", "@"),
556 : ARGPARSE_s_n (oShowKeyring, "show-keyring", "@"),
557 : ARGPARSE_s_s (oDefaultKey, "default-key", "@"),
558 :
559 : ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
560 : ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
561 : ARGPARSE_s_s (oImportOptions, "import-options", "@"),
562 : ARGPARSE_s_s (oExportOptions, "export-options", "@"),
563 : ARGPARSE_s_s (oListOptions, "list-options", "@"),
564 : ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
565 :
566 : ARGPARSE_s_s (oDisplayCharset, "display-charset", "@"),
567 : ARGPARSE_s_s (oDisplayCharset, "charset", "@"),
568 : ARGPARSE_s_s (oOptions, "options", "@"),
569 :
570 : ARGPARSE_s_s (oDebug, "debug", "@"),
571 : ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
572 : ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
573 : ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"),
574 : ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
575 : ARGPARSE_s_s (oStatusFile, "status-file", "@"),
576 : ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
577 : ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
578 :
579 : ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
580 : ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
581 : ARGPARSE_s_i (oMaxCertDepth, "max-cert-depth", "@" ),
582 : ARGPARSE_s_s (oTrustedKey, "trusted-key", "@"),
583 :
584 : ARGPARSE_s_s (oLoadExtension, "load-extension", "@"), /* Dummy. */
585 :
586 : ARGPARSE_s_n (oGnuPG, "gnupg", "@"),
587 : ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
588 : ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
589 : ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
590 : ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
591 : ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
592 : ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
593 : ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
594 : ARGPARSE_s_n (oPGP6, "pgp6", "@"),
595 : ARGPARSE_s_n (oPGP7, "pgp7", "@"),
596 : ARGPARSE_s_n (oPGP8, "pgp8", "@"),
597 :
598 : ARGPARSE_s_n (oRFC2440Text, "rfc2440-text", "@"),
599 : ARGPARSE_s_n (oNoRFC2440Text, "no-rfc2440-text", "@"),
600 : ARGPARSE_s_i (oS2KMode, "s2k-mode", "@"),
601 : ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"),
602 : ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"),
603 : ARGPARSE_s_i (oS2KCount, "s2k-count", "@"),
604 : ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
605 : ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
606 : ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
607 : ARGPARSE_s_s (oCompressAlgo,"compress-algo", "@"),
608 : ARGPARSE_s_s (oCompressAlgo, "compression-algo", "@"), /* Alias */
609 : ARGPARSE_s_n (oThrowKeyids, "throw-keyids", "@"),
610 : ARGPARSE_s_n (oNoThrowKeyids, "no-throw-keyids", "@"),
611 : ARGPARSE_s_n (oShowPhotos, "show-photos", "@"),
612 : ARGPARSE_s_n (oNoShowPhotos, "no-show-photos", "@"),
613 : ARGPARSE_s_s (oPhotoViewer, "photo-viewer", "@"),
614 : ARGPARSE_s_s (oSetNotation, "set-notation", "@"),
615 : ARGPARSE_s_s (oSigNotation, "sig-notation", "@"),
616 : ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
617 :
618 : ARGPARSE_group (302, N_(
619 : "@\n(See the man page for a complete listing of all commands and options)\n"
620 : )),
621 :
622 : ARGPARSE_group (303, N_("@\nExamples:\n\n"
623 : " -se -r Bob [file] sign and encrypt for user Bob\n"
624 : " --clearsign [file] make a clear text signature\n"
625 : " --detach-sign [file] make a detached signature\n"
626 : " --list-keys [names] show keys\n"
627 : " --fingerprint [names] show fingerprints\n")),
628 :
629 : /* More hidden commands and options. */
630 : ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
631 : #ifndef NO_TRUST_MODELS
632 : ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
633 : #endif
634 :
635 : /* Not yet used:
636 : ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
637 : ARGPARSE_c (aDeleteSecretAndPublicKeys,
638 : "delete-secret-and-public-keys", "@"),
639 : ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
640 :
641 : ARGPARSE_s_s (oPassphrase, "passphrase", "@"),
642 : ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"),
643 : ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"),
644 : ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
645 : ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"),
646 : ARGPARSE_s_i (oCommandFD, "command-fd", "@"),
647 : ARGPARSE_s_s (oCommandFile, "command-file", "@"),
648 : ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
649 : ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
650 :
651 : #ifndef NO_TRUST_MODELS
652 : ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
653 : ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
654 : ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
655 : ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
656 : #endif
657 :
658 : ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
659 : ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
660 : ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
661 : ARGPARSE_s_n (oNoPermissionWarn, "no-permission-warning", "@"),
662 : ARGPARSE_s_n (oNoMDCWarn, "no-mdc-warning", "@"),
663 : ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
664 : ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
665 : ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
666 : ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
667 : ARGPARSE_s_n (oNoOptions, "no-options", "@"),
668 : ARGPARSE_s_s (oHomedir, "homedir", "@"),
669 : ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
670 : ARGPARSE_s_n (oWithColons, "with-colons", "@"),
671 : ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
672 : ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
673 : ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
674 : ARGPARSE_s_n (aListKeys, "list-key", "@"), /* alias */
675 : ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
676 : ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
677 : ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
678 : ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
679 : ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
680 : ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
681 : ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
682 : ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
683 : ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
684 : ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
685 : ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
686 : ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
687 : ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
688 : ARGPARSE_s_s (oSetPolicyURL, "set-policy-url", "@"),
689 : ARGPARSE_s_s (oSigPolicyURL, "sig-policy-url", "@"),
690 : ARGPARSE_s_s (oCertPolicyURL, "cert-policy-url", "@"),
691 : ARGPARSE_s_n (oShowPolicyURL, "show-policy-url", "@"),
692 : ARGPARSE_s_n (oNoShowPolicyURL, "no-show-policy-url", "@"),
693 : ARGPARSE_s_s (oSigKeyserverURL, "sig-keyserver-url", "@"),
694 : ARGPARSE_s_n (oShowNotation, "show-notation", "@"),
695 : ARGPARSE_s_n (oNoShowNotation, "no-show-notation", "@"),
696 : ARGPARSE_s_s (oComment, "comment", "@"),
697 : ARGPARSE_s_n (oDefaultComment, "default-comment", "@"),
698 : ARGPARSE_s_n (oNoComments, "no-comments", "@"),
699 : ARGPARSE_s_n (oEmitVersion, "emit-version", "@"),
700 : ARGPARSE_s_n (oNoEmitVersion, "no-emit-version", "@"),
701 : ARGPARSE_s_n (oNoEmitVersion, "no-version", "@"), /* alias */
702 : ARGPARSE_s_n (oNotDashEscaped, "not-dash-escaped", "@"),
703 : ARGPARSE_s_n (oEscapeFrom, "escape-from-lines", "@"),
704 : ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
705 : ARGPARSE_s_n (oLockOnce, "lock-once", "@"),
706 : ARGPARSE_s_n (oLockMultiple, "lock-multiple", "@"),
707 : ARGPARSE_s_n (oLockNever, "lock-never", "@"),
708 : ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
709 : ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
710 : ARGPARSE_s_s (oLoggerFile, "logger-file", "@"), /* 1.4 compatibility. */
711 : ARGPARSE_s_n (oUseEmbeddedFilename, "use-embedded-filename", "@"),
712 : ARGPARSE_s_n (oNoUseEmbeddedFilename, "no-use-embedded-filename", "@"),
713 : ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
714 : ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
715 : ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
716 : ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
717 : ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
718 : ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
719 : ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
720 : ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
721 : ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"),
722 : ARGPARSE_s_n (oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", "@"),
723 : ARGPARSE_s_n (oAllowFreeformUID, "allow-freeform-uid", "@"),
724 : ARGPARSE_s_n (oNoAllowFreeformUID, "no-allow-freeform-uid", "@"),
725 : ARGPARSE_s_n (oNoLiteral, "no-literal", "@"),
726 : ARGPARSE_p_u (oSetFilesize, "set-filesize", "@"),
727 : ARGPARSE_s_n (oFastListMode, "fast-list-mode", "@"),
728 : ARGPARSE_s_n (oFixedListMode, "fixed-list-mode", "@"),
729 : ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
730 : ARGPARSE_s_n (oListOnly, "list-only", "@"),
731 : ARGPARSE_s_n (oPrintPKARecords, "print-pka-records", "@"),
732 : ARGPARSE_s_n (oPrintDANERecords, "print-dane-records", "@"),
733 : ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
734 : ARGPARSE_s_n (oIgnoreValidFrom, "ignore-valid-from", "@"),
735 : ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
736 : ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
737 : ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
738 : ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
739 : ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"),
740 : ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
741 : ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
742 : ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
743 : ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
744 : ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
745 : ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
746 : ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
747 : ARGPARSE_s_n (oNoExpensiveTrustChecks, "no-expensive-trust-checks", "@"),
748 : ARGPARSE_s_n (oPreservePermissions, "preserve-permissions", "@"),
749 : ARGPARSE_s_s (oDefaultPreferenceList, "default-preference-list", "@"),
750 : ARGPARSE_s_s (oDefaultKeyserverURL, "default-keyserver-url", "@"),
751 : ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"),
752 : ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
753 : ARGPARSE_s_s (oPersonalCompressPreferences,
754 : "personal-compress-preferences", "@"),
755 : ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
756 : ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
757 : ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
758 :
759 : /* Aliases. I constantly mistype these, and assume other people do
760 : as well. */
761 : ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"),
762 : ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"),
763 : ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"),
764 :
765 : ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
766 : ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
767 : ARGPARSE_s_s (oDisplay, "display", "@"),
768 : ARGPARSE_s_s (oTTYname, "ttyname", "@"),
769 : ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
770 : ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
771 : ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
772 : ARGPARSE_s_s (oXauthority, "xauthority", "@"),
773 : ARGPARSE_s_s (oGroup, "group", "@"),
774 : ARGPARSE_s_s (oUnGroup, "ungroup", "@"),
775 : ARGPARSE_s_n (oNoGroups, "no-groups", "@"),
776 : ARGPARSE_s_n (oStrict, "strict", "@"),
777 : ARGPARSE_s_n (oNoStrict, "no-strict", "@"),
778 : ARGPARSE_s_n (oMangleDosFilenames, "mangle-dos-filenames", "@"),
779 : ARGPARSE_s_n (oNoMangleDosFilenames, "no-mangle-dos-filenames", "@"),
780 : ARGPARSE_s_n (oEnableProgressFilter, "enable-progress-filter", "@"),
781 : ARGPARSE_s_n (oMultifile, "multifile", "@"),
782 : ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
783 : ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
784 : ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
785 :
786 : ARGPARSE_s_n (oAllowMultisigVerification,
787 : "allow-multisig-verification", "@"),
788 : ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
789 : ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
790 : ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
791 : ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
792 : ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
793 : ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
794 : ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
795 :
796 : /* These two are aliases to help users of the PGP command line
797 : product use gpg with minimal pain. Many commands are common
798 : already as they seem to have borrowed commands from us. Now I'm
799 : returning the favor. */
800 : ARGPARSE_s_s (oLocalUser, "sign-with", "@"),
801 : ARGPARSE_s_s (oRecipient, "user", "@"),
802 :
803 : ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"),
804 : ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"),
805 : ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"),
806 : ARGPARSE_s_n (oNoRequireCrossCert, "no-require-cross-certification", "@"),
807 :
808 : /* New options. Fixme: Should go more to the top. */
809 : ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
810 : ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
811 : ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
812 :
813 : /* Dummy options with warnings. */
814 : ARGPARSE_s_n (oUseAgent, "use-agent", "@"),
815 : ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"),
816 : ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"),
817 : ARGPARSE_s_s (oReaderPort, "reader-port", "@"),
818 : ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"),
819 : ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"),
820 : ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"),
821 : ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
822 :
823 : /* Dummy options. */
824 : ARGPARSE_s_n (oNoop, "sk-comments", "@"),
825 : ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
826 : ARGPARSE_s_n (oNoop, "compress-keys", "@"),
827 : ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
828 : ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
829 : ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
830 : ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
831 : ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
832 :
833 : ARGPARSE_end ()
834 : };
835 :
836 :
837 : /* The list of supported debug flags. */
838 : static struct debug_flags_s debug_flags [] =
839 : {
840 : { DBG_PACKET_VALUE , "packet" },
841 : { DBG_MPI_VALUE , "mpi" },
842 : { DBG_CRYPTO_VALUE , "crypto" },
843 : { DBG_FILTER_VALUE , "filter" },
844 : { DBG_IOBUF_VALUE , "iobuf" },
845 : { DBG_MEMORY_VALUE , "memory" },
846 : { DBG_CACHE_VALUE , "cache" },
847 : { DBG_MEMSTAT_VALUE, "memstat" },
848 : { DBG_TRUST_VALUE , "trust" },
849 : { DBG_HASHING_VALUE, "hashing" },
850 : { DBG_CARD_IO_VALUE, "cardio" },
851 : { DBG_IPC_VALUE , "ipc" },
852 : { DBG_CLOCK_VALUE , "clock" },
853 : { DBG_LOOKUP_VALUE , "lookup" },
854 : { DBG_EXTPROG_VALUE, "extprog" },
855 : { 0, NULL }
856 : };
857 :
858 :
859 : #ifdef ENABLE_SELINUX_HACKS
860 : #define ALWAYS_ADD_KEYRINGS 1
861 : #else
862 : #define ALWAYS_ADD_KEYRINGS 0
863 : #endif
864 :
865 :
866 : int g10_errors_seen = 0;
867 :
868 : static int utf8_strings = 0;
869 : static int maybe_setuid = 1;
870 :
871 : static char *build_list( const char *text, char letter,
872 : const char *(*mapf)(int), int (*chkf)(int) );
873 : static void set_cmd( enum cmd_and_opt_values *ret_cmd,
874 : enum cmd_and_opt_values new_cmd );
875 : static void print_mds( const char *fname, int algo );
876 : static void add_notation_data( const char *string, int which );
877 : static void add_policy_url( const char *string, int which );
878 : static void add_keyserver_url( const char *string, int which );
879 : static void emergency_cleanup (void);
880 :
881 :
882 : static char *
883 23 : make_libversion (const char *libname, const char *(*getfnc)(const char*))
884 : {
885 : const char *s;
886 : char *result;
887 :
888 23 : if (maybe_setuid)
889 : {
890 0 : gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
891 0 : maybe_setuid = 0;
892 : }
893 23 : s = getfnc (NULL);
894 23 : result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
895 23 : strcpy (stpcpy (stpcpy (result, libname), " "), s);
896 23 : return result;
897 : }
898 :
899 :
900 : static int
901 2553 : build_list_pk_test_algo (int algo)
902 : {
903 : /* Show only one "RSA" string. If RSA_E or RSA_S is available RSA
904 : is also available. */
905 2553 : if (algo == PUBKEY_ALGO_RSA_E
906 2530 : || algo == PUBKEY_ALGO_RSA_S)
907 46 : return GPG_ERR_DIGEST_ALGO;
908 :
909 2507 : return openpgp_pk_test_algo (algo);
910 : }
911 :
912 : static const char *
913 138 : build_list_pk_algo_name (int algo)
914 : {
915 138 : return openpgp_pk_algo_name (algo);
916 : }
917 :
918 : static int
919 2997 : build_list_cipher_test_algo (int algo)
920 : {
921 2997 : return openpgp_cipher_test_algo (algo);
922 : }
923 :
924 : static const char *
925 297 : build_list_cipher_algo_name (int algo)
926 : {
927 297 : return openpgp_cipher_algo_name (algo);
928 : }
929 :
930 : static int
931 2664 : build_list_md_test_algo (int algo)
932 : {
933 : /* By default we do not accept MD5 based signatures. To avoid
934 : confusion we do not announce support for it either. */
935 2664 : if (algo == DIGEST_ALGO_MD5)
936 24 : return GPG_ERR_DIGEST_ALGO;
937 :
938 2640 : return openpgp_md_test_algo (algo);
939 : }
940 :
941 : static const char *
942 144 : build_list_md_algo_name (int algo)
943 : {
944 144 : return openpgp_md_algo_name (algo);
945 : }
946 :
947 :
948 : static const char *
949 621 : my_strusage( int level )
950 : {
951 : static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry;
952 : const char *p;
953 :
954 621 : switch( level ) {
955 23 : case 11: p = "@GPG@ (@GNUPG@)";
956 23 : break;
957 23 : case 13: p = VERSION; break;
958 0 : case 17: p = PRINTABLE_OS_NAME; break;
959 0 : case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
960 :
961 : case 20:
962 23 : if (!ver_gcry)
963 23 : ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
964 23 : p = ver_gcry;
965 23 : break;
966 :
967 : #ifdef IS_DEVELOPMENT_VERSION
968 : case 25:
969 : p="NOTE: THIS IS A DEVELOPMENT VERSION!";
970 : break;
971 : case 26:
972 : p="It is only intended for test purposes and should NOT be";
973 : break;
974 : case 27:
975 : p="used in a production environment or with production keys!";
976 : break;
977 : #endif
978 :
979 : case 1:
980 0 : case 40: p =
981 : _("Usage: @GPG@ [options] [files] (-h for help)");
982 0 : break;
983 0 : case 41: p =
984 : _("Syntax: @GPG@ [options] [files]\n"
985 : "Sign, check, encrypt or decrypt\n"
986 : "Default operation depends on the input data\n");
987 0 : break;
988 :
989 23 : case 31: p = "\nHome: "; break;
990 : #ifndef __riscos__
991 23 : case 32: p = opt.homedir; break;
992 : #else /* __riscos__ */
993 : case 32: p = make_filename(opt.homedir, NULL); break;
994 : #endif /* __riscos__ */
995 23 : case 33: p = _("\nSupported algorithms:\n"); break;
996 : case 34:
997 23 : if (!pubkeys)
998 23 : pubkeys = build_list (_("Pubkey: "), 1,
999 : build_list_pk_algo_name,
1000 : build_list_pk_test_algo );
1001 23 : p = pubkeys;
1002 23 : break;
1003 : case 35:
1004 23 : if( !ciphers )
1005 23 : ciphers = build_list(_("Cipher: "), 'S',
1006 : build_list_cipher_algo_name,
1007 : build_list_cipher_test_algo );
1008 23 : p = ciphers;
1009 23 : break;
1010 : case 36:
1011 23 : if( !digests )
1012 23 : digests = build_list(_("Hash: "), 'H',
1013 : build_list_md_algo_name,
1014 : build_list_md_test_algo );
1015 23 : p = digests;
1016 23 : break;
1017 : case 37:
1018 23 : if( !zips )
1019 23 : zips = build_list(_("Compression: "),'Z',
1020 : compress_algo_to_string,
1021 : check_compress_algo);
1022 23 : p = zips;
1023 23 : break;
1024 :
1025 391 : default: p = NULL;
1026 : }
1027 621 : return p;
1028 : }
1029 :
1030 :
1031 : static char *
1032 92 : build_list (const char *text, char letter,
1033 : const char * (*mapf)(int), int (*chkf)(int))
1034 : {
1035 : membuf_t mb;
1036 : int indent;
1037 : int i, j, len;
1038 : const char *s;
1039 : char *string;
1040 :
1041 92 : if (maybe_setuid)
1042 0 : gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
1043 :
1044 92 : indent = utf8_charcount (text);
1045 92 : len = 0;
1046 92 : init_membuf (&mb, 512);
1047 :
1048 10304 : for (i=0; i <= 110; i++ )
1049 : {
1050 10212 : if (!chkf (i) && (s = mapf (i)))
1051 : {
1052 621 : if (mb.len - len > 60)
1053 : {
1054 23 : put_membuf_str (&mb, ",\n");
1055 23 : len = mb.len;
1056 207 : for (j=0; j < indent; j++)
1057 184 : put_membuf_str (&mb, " ");
1058 : }
1059 598 : else if (mb.len)
1060 506 : put_membuf_str (&mb, ", ");
1061 : else
1062 92 : put_membuf_str (&mb, text);
1063 :
1064 621 : put_membuf_str (&mb, s);
1065 621 : if (opt.verbose && letter)
1066 : {
1067 : char num[20];
1068 0 : if (letter == 1)
1069 0 : snprintf (num, sizeof num, " (%d)", i);
1070 : else
1071 0 : snprintf (num, sizeof num, " (%c%d)", letter, i);
1072 0 : put_membuf_str (&mb, num);
1073 : }
1074 : }
1075 : }
1076 92 : if (mb.len)
1077 92 : put_membuf_str (&mb, "\n");
1078 92 : put_membuf (&mb, "", 1);
1079 :
1080 92 : string = get_membuf (&mb, NULL);
1081 92 : return xrealloc (string, strlen (string)+1);
1082 : }
1083 :
1084 :
1085 : static void
1086 0 : wrong_args( const char *text)
1087 : {
1088 0 : es_fprintf (es_stderr, _("usage: %s [options] %s\n"), GPG_NAME, text);
1089 0 : g10_exit(2);
1090 : }
1091 :
1092 :
1093 : static char *
1094 0 : make_username( const char *string )
1095 : {
1096 : char *p;
1097 0 : if( utf8_strings )
1098 0 : p = xstrdup(string);
1099 : else
1100 0 : p = native_to_utf8( string );
1101 0 : return p;
1102 : }
1103 :
1104 :
1105 : static void
1106 0 : set_opt_session_env (const char *name, const char *value)
1107 : {
1108 : gpg_error_t err;
1109 :
1110 0 : err = session_env_setenv (opt.session_env, name, value);
1111 0 : if (err)
1112 0 : log_fatal ("error setting session environment: %s\n",
1113 : gpg_strerror (err));
1114 0 : }
1115 :
1116 :
1117 : /* Setup the debugging. With a LEVEL of NULL only the active debug
1118 : flags are propagated to the subsystems. With LEVEL set, a specific
1119 : set of debug flags is set; thus overriding all flags already
1120 : set. */
1121 : static void
1122 1276 : set_debug (const char *level)
1123 : {
1124 1276 : int numok = (level && digitp (level));
1125 1276 : int numlvl = numok? atoi (level) : 0;
1126 :
1127 1276 : if (!level)
1128 : ;
1129 0 : else if (!strcmp (level, "none") || (numok && numlvl < 1))
1130 0 : opt.debug = 0;
1131 0 : else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
1132 0 : opt.debug = DBG_MEMSTAT_VALUE;
1133 0 : else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
1134 0 : opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
1135 0 : else if (!strcmp (level, "expert") || (numok && numlvl <= 8))
1136 0 : opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
1137 0 : |DBG_CACHE_VALUE|DBG_LOOKUP|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
1138 0 : else if (!strcmp (level, "guru") || numok)
1139 : {
1140 0 : opt.debug = ~0;
1141 : /* Unless the "guru" string has been used we don't want to allow
1142 : hashing debugging. The rationale is that people tend to
1143 : select the highest debug value and would then clutter their
1144 : disk with debug files which may reveal confidential data. */
1145 0 : if (numok)
1146 0 : opt.debug &= ~(DBG_HASHING_VALUE);
1147 : }
1148 : else
1149 : {
1150 0 : log_error (_("invalid debug-level '%s' given\n"), level);
1151 0 : g10_exit (2);
1152 : }
1153 :
1154 1276 : if (opt.debug & DBG_MEMORY_VALUE )
1155 0 : memory_debug_mode = 1;
1156 1276 : if (opt.debug & DBG_MEMSTAT_VALUE )
1157 0 : memory_stat_debug_mode = 1;
1158 1276 : if (opt.debug & DBG_MPI_VALUE)
1159 0 : gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
1160 1276 : if (opt.debug & DBG_CRYPTO_VALUE )
1161 0 : gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
1162 1276 : if (opt.debug & DBG_IOBUF_VALUE )
1163 0 : iobuf_debug_mode = 1;
1164 1276 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
1165 :
1166 1276 : if (opt.debug)
1167 0 : parse_debug_flag (NULL, &opt.debug, debug_flags);
1168 1276 : }
1169 :
1170 :
1171 :
1172 : /* We need the home directory also in some other directories, so make
1173 : sure that both variables are always in sync. */
1174 : static void
1175 1331 : set_homedir (const char *dir)
1176 : {
1177 1331 : if (!dir)
1178 0 : dir = "";
1179 1331 : opt.homedir = dir;
1180 1331 : }
1181 :
1182 :
1183 : /* We set the screen dimensions for UI purposes. Do not allow screens
1184 : smaller than 80x24 for the sake of simplicity. */
1185 : static void
1186 1331 : set_screen_dimensions(void)
1187 : {
1188 : #ifndef HAVE_W32_SYSTEM
1189 : char *str;
1190 :
1191 1331 : str=getenv("COLUMNS");
1192 1331 : if(str)
1193 0 : opt.screen_columns=atoi(str);
1194 :
1195 1331 : str=getenv("LINES");
1196 1331 : if(str)
1197 0 : opt.screen_lines=atoi(str);
1198 : #endif
1199 :
1200 1331 : if(opt.screen_columns<80 || opt.screen_columns>255)
1201 1331 : opt.screen_columns=80;
1202 :
1203 1331 : if(opt.screen_lines<24 || opt.screen_lines>255)
1204 1331 : opt.screen_lines=24;
1205 1331 : }
1206 :
1207 :
1208 : /* Helper to open a file FNAME either for reading or writing to be
1209 : used with --status-file etc functions. Not generally useful but it
1210 : avoids the riscos specific functions and well some Windows people
1211 : might like it too. Prints an error message and returns -1 on
1212 : error. On success the file descriptor is returned. */
1213 : static int
1214 0 : open_info_file (const char *fname, int for_write, int binary)
1215 : {
1216 : #ifdef __riscos__
1217 : return riscos_fdopenfile (fname, for_write);
1218 : #elif defined (ENABLE_SELINUX_HACKS)
1219 : /* We can't allow these even when testing for a secured filename
1220 : because files to be secured might not yet been secured. This is
1221 : similar to the option file but in that case it is unlikely that
1222 : sensitive information may be retrieved by means of error
1223 : messages. */
1224 : (void)fname;
1225 : (void)for_write;
1226 : (void)binary;
1227 : return -1;
1228 : #else
1229 : int fd;
1230 :
1231 0 : if (binary)
1232 0 : binary = MY_O_BINARY;
1233 :
1234 : /* if (is_secured_filename (fname)) */
1235 : /* { */
1236 : /* fd = -1; */
1237 : /* gpg_err_set_errno (EPERM); */
1238 : /* } */
1239 : /* else */
1240 : /* { */
1241 : do
1242 : {
1243 0 : if (for_write)
1244 0 : fd = open (fname, O_CREAT | O_TRUNC | O_WRONLY | binary,
1245 : S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
1246 : else
1247 0 : fd = open (fname, O_RDONLY | binary);
1248 : }
1249 0 : while (fd == -1 && errno == EINTR);
1250 : /* } */
1251 0 : if ( fd == -1)
1252 0 : log_error ( for_write? _("can't create '%s': %s\n")
1253 0 : : _("can't open '%s': %s\n"), fname, strerror(errno));
1254 :
1255 0 : return fd;
1256 : #endif
1257 : }
1258 :
1259 : static void
1260 780 : set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
1261 : {
1262 780 : enum cmd_and_opt_values cmd = *ret_cmd;
1263 :
1264 780 : if( !cmd || cmd == new_cmd )
1265 747 : cmd = new_cmd;
1266 33 : else if( cmd == aSign && new_cmd == aEncr )
1267 26 : cmd = aSignEncr;
1268 7 : else if( cmd == aEncr && new_cmd == aSign )
1269 0 : cmd = aSignEncr;
1270 7 : else if( cmd == aSign && new_cmd == aSym )
1271 0 : cmd = aSignSym;
1272 7 : else if( cmd == aSym && new_cmd == aSign )
1273 7 : cmd = aSignSym;
1274 0 : else if( cmd == aSym && new_cmd == aEncr )
1275 0 : cmd = aEncrSym;
1276 0 : else if( cmd == aEncr && new_cmd == aSym )
1277 0 : cmd = aEncrSym;
1278 0 : else if (cmd == aSignEncr && new_cmd == aSym)
1279 0 : cmd = aSignEncrSym;
1280 0 : else if (cmd == aSignSym && new_cmd == aEncr)
1281 0 : cmd = aSignEncrSym;
1282 0 : else if (cmd == aEncrSym && new_cmd == aSign)
1283 0 : cmd = aSignEncrSym;
1284 0 : else if( ( cmd == aSign && new_cmd == aClearsign )
1285 0 : || ( cmd == aClearsign && new_cmd == aSign ) )
1286 0 : cmd = aClearsign;
1287 : else {
1288 0 : log_error(_("conflicting commands\n"));
1289 0 : g10_exit(2);
1290 : }
1291 :
1292 780 : *ret_cmd = cmd;
1293 780 : }
1294 :
1295 :
1296 : static void
1297 0 : add_group(char *string)
1298 : {
1299 : char *name,*value;
1300 : struct groupitem *item;
1301 :
1302 : /* Break off the group name */
1303 0 : name=strsep(&string,"=");
1304 0 : if(string==NULL)
1305 : {
1306 0 : log_error(_("no = sign found in group definition '%s'\n"),name);
1307 0 : return;
1308 : }
1309 :
1310 0 : trim_trailing_ws(name,strlen(name));
1311 :
1312 : /* Does this group already exist? */
1313 0 : for(item=opt.grouplist;item;item=item->next)
1314 0 : if(strcasecmp(item->name,name)==0)
1315 0 : break;
1316 :
1317 0 : if(!item)
1318 : {
1319 0 : item=xmalloc(sizeof(struct groupitem));
1320 0 : item->name=name;
1321 0 : item->next=opt.grouplist;
1322 0 : item->values=NULL;
1323 0 : opt.grouplist=item;
1324 : }
1325 :
1326 : /* Break apart the values */
1327 0 : while ((value= strsep(&string," \t")))
1328 : {
1329 0 : if (*value)
1330 0 : add_to_strlist2(&item->values,value,utf8_strings);
1331 : }
1332 : }
1333 :
1334 :
1335 : static void
1336 0 : rm_group(char *name)
1337 : {
1338 0 : struct groupitem *item,*last=NULL;
1339 :
1340 0 : trim_trailing_ws(name,strlen(name));
1341 :
1342 0 : for(item=opt.grouplist;item;last=item,item=item->next)
1343 : {
1344 0 : if(strcasecmp(item->name,name)==0)
1345 : {
1346 0 : if(last)
1347 0 : last->next=item->next;
1348 : else
1349 0 : opt.grouplist=item->next;
1350 :
1351 0 : free_strlist(item->values);
1352 0 : xfree(item);
1353 0 : break;
1354 : }
1355 : }
1356 0 : }
1357 :
1358 :
1359 : /* We need to check three things.
1360 :
1361 : 0) The homedir. It must be x00, a directory, and owned by the
1362 : user.
1363 :
1364 : 1) The options/gpg.conf file. Okay unless it or its containing
1365 : directory is group or other writable or not owned by us. Disable
1366 : exec in this case.
1367 :
1368 : 2) Extensions. Same as #1.
1369 :
1370 : Returns true if the item is unsafe. */
1371 : static int
1372 2598 : check_permissions (const char *path, int item)
1373 : {
1374 : #if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
1375 : static int homedir_cache=-1;
1376 : char *tmppath,*dir;
1377 : struct stat statbuf,dirbuf;
1378 2598 : int homedir=0,ret=0,checkonly=0;
1379 2598 : int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
1380 :
1381 2598 : if(opt.no_perm_warn)
1382 2598 : return 0;
1383 :
1384 0 : assert(item==0 || item==1 || item==2);
1385 :
1386 : /* extensions may attach a path */
1387 0 : if(item==2 && path[0]!=DIRSEP_C)
1388 : {
1389 0 : if(strchr(path,DIRSEP_C))
1390 0 : tmppath=make_filename(path,NULL);
1391 : else
1392 0 : tmppath=make_filename(gnupg_libdir (),path,NULL);
1393 : }
1394 : else
1395 0 : tmppath=xstrdup(path);
1396 :
1397 : /* If the item is located in the homedir, but isn't the homedir,
1398 : don't continue if we already checked the homedir itself. This is
1399 : to avoid user confusion with an extra options file warning which
1400 : could be rectified if the homedir itself had proper
1401 : permissions. */
1402 0 : if(item!=0 && homedir_cache>-1
1403 0 : && ascii_strncasecmp(opt.homedir,tmppath,strlen(opt.homedir))==0)
1404 : {
1405 0 : ret=homedir_cache;
1406 0 : goto end;
1407 : }
1408 :
1409 : /* It's okay if the file or directory doesn't exist */
1410 0 : if(stat(tmppath,&statbuf)!=0)
1411 : {
1412 0 : ret=0;
1413 0 : goto end;
1414 : }
1415 :
1416 : /* Now check the enclosing directory. Theoretically, we could walk
1417 : this test up to the root directory /, but for the sake of sanity,
1418 : I'm stopping at one level down. */
1419 0 : dir=make_dirname(tmppath);
1420 :
1421 0 : if(stat(dir,&dirbuf)!=0 || !S_ISDIR(dirbuf.st_mode))
1422 : {
1423 : /* Weird error */
1424 0 : ret=1;
1425 0 : goto end;
1426 : }
1427 :
1428 0 : xfree(dir);
1429 :
1430 : /* Assume failure */
1431 0 : ret=1;
1432 :
1433 0 : if(item==0)
1434 : {
1435 : /* The homedir must be x00, a directory, and owned by the user. */
1436 :
1437 0 : if(S_ISDIR(statbuf.st_mode))
1438 : {
1439 0 : if(statbuf.st_uid==getuid())
1440 : {
1441 0 : if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1442 0 : ret=0;
1443 : else
1444 0 : perm=1;
1445 : }
1446 : else
1447 0 : own=1;
1448 :
1449 0 : homedir_cache=ret;
1450 : }
1451 : }
1452 0 : else if(item==1 || item==2)
1453 : {
1454 : /* The options or extension file. Okay unless it or its
1455 : containing directory is group or other writable or not owned
1456 : by us or root. */
1457 :
1458 0 : if(S_ISREG(statbuf.st_mode))
1459 : {
1460 0 : if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
1461 : {
1462 0 : if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1463 : {
1464 : /* it's not writable, so make sure the enclosing
1465 : directory is also not writable */
1466 0 : if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1467 : {
1468 0 : if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
1469 0 : ret=0;
1470 : else
1471 0 : enc_dir_perm=1;
1472 : }
1473 : else
1474 0 : enc_dir_own=1;
1475 : }
1476 : else
1477 : {
1478 : /* it's writable, so the enclosing directory had
1479 : better not let people get to it. */
1480 0 : if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
1481 : {
1482 0 : if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
1483 0 : ret=0;
1484 : else
1485 0 : perm=enc_dir_perm=1; /* unclear which one to fix! */
1486 : }
1487 : else
1488 0 : enc_dir_own=1;
1489 : }
1490 : }
1491 : else
1492 0 : own=1;
1493 : }
1494 : }
1495 : else
1496 0 : BUG();
1497 :
1498 0 : if(!checkonly)
1499 : {
1500 0 : if(own)
1501 : {
1502 0 : if(item==0)
1503 0 : log_info(_("WARNING: unsafe ownership on"
1504 : " homedir '%s'\n"),tmppath);
1505 0 : else if(item==1)
1506 0 : log_info(_("WARNING: unsafe ownership on"
1507 : " configuration file '%s'\n"),tmppath);
1508 : else
1509 0 : log_info(_("WARNING: unsafe ownership on"
1510 : " extension '%s'\n"),tmppath);
1511 : }
1512 0 : if(perm)
1513 : {
1514 0 : if(item==0)
1515 0 : log_info(_("WARNING: unsafe permissions on"
1516 : " homedir '%s'\n"),tmppath);
1517 0 : else if(item==1)
1518 0 : log_info(_("WARNING: unsafe permissions on"
1519 : " configuration file '%s'\n"),tmppath);
1520 : else
1521 0 : log_info(_("WARNING: unsafe permissions on"
1522 : " extension '%s'\n"),tmppath);
1523 : }
1524 0 : if(enc_dir_own)
1525 : {
1526 0 : if(item==0)
1527 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1528 : " homedir '%s'\n"),tmppath);
1529 0 : else if(item==1)
1530 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1531 : " configuration file '%s'\n"),tmppath);
1532 : else
1533 0 : log_info(_("WARNING: unsafe enclosing directory ownership on"
1534 : " extension '%s'\n"),tmppath);
1535 : }
1536 0 : if(enc_dir_perm)
1537 : {
1538 0 : if(item==0)
1539 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1540 : " homedir '%s'\n"),tmppath);
1541 0 : else if(item==1)
1542 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1543 : " configuration file '%s'\n"),tmppath);
1544 : else
1545 0 : log_info(_("WARNING: unsafe enclosing directory permissions on"
1546 : " extension '%s'\n"),tmppath);
1547 : }
1548 : }
1549 :
1550 : end:
1551 0 : xfree(tmppath);
1552 :
1553 0 : if(homedir)
1554 0 : homedir_cache=ret;
1555 :
1556 0 : return ret;
1557 :
1558 : #else /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
1559 : (void)path;
1560 : (void)item;
1561 : return 0;
1562 : #endif /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
1563 : }
1564 :
1565 :
1566 : /* Print the OpenPGP defined algo numbers. */
1567 : static void
1568 0 : print_algo_numbers(int (*checker)(int))
1569 : {
1570 0 : int i,first=1;
1571 :
1572 0 : for(i=0;i<=110;i++)
1573 : {
1574 0 : if(!checker(i))
1575 : {
1576 0 : if(first)
1577 0 : first=0;
1578 : else
1579 0 : es_printf (";");
1580 0 : es_printf ("%d",i);
1581 : }
1582 : }
1583 0 : }
1584 :
1585 :
1586 : static void
1587 5 : print_algo_names(int (*checker)(int),const char *(*mapper)(int))
1588 : {
1589 5 : int i,first=1;
1590 :
1591 560 : for(i=0;i<=110;i++)
1592 : {
1593 555 : if(!checker(i))
1594 : {
1595 50 : if(first)
1596 5 : first=0;
1597 : else
1598 45 : es_printf (";");
1599 50 : es_printf ("%s",mapper(i));
1600 : }
1601 : }
1602 5 : }
1603 :
1604 : /* In the future, we can do all sorts of interesting configuration
1605 : output here. For now, just give "group" as the Enigmail folks need
1606 : it, and pubkey, cipher, hash, and compress as they may be useful
1607 : for frontends. */
1608 : static void
1609 5 : list_config(char *items)
1610 : {
1611 5 : int show_all = !items;
1612 5 : char *name = NULL;
1613 : const char *s;
1614 : struct groupitem *giter;
1615 : int first, iter;
1616 :
1617 5 : if(!opt.with_colons)
1618 5 : return;
1619 :
1620 15 : while(show_all || (name=strsep(&items," ")))
1621 : {
1622 5 : int any=0;
1623 :
1624 5 : if(show_all || ascii_strcasecmp(name,"group")==0)
1625 : {
1626 0 : for (giter = opt.grouplist; giter; giter = giter->next)
1627 : {
1628 : strlist_t sl;
1629 :
1630 0 : es_fprintf (es_stdout, "cfg:group:");
1631 0 : es_write_sanitized (es_stdout, giter->name, strlen(giter->name),
1632 : ":", NULL);
1633 0 : es_putc (':', es_stdout);
1634 :
1635 0 : for(sl=giter->values; sl; sl=sl->next)
1636 : {
1637 0 : es_write_sanitized (es_stdout, sl->d, strlen (sl->d),
1638 : ":;", NULL);
1639 0 : if(sl->next)
1640 0 : es_printf(";");
1641 : }
1642 :
1643 0 : es_printf("\n");
1644 : }
1645 :
1646 0 : any=1;
1647 : }
1648 :
1649 5 : if(show_all || ascii_strcasecmp(name,"version")==0)
1650 : {
1651 0 : es_printf("cfg:version:");
1652 0 : es_write_sanitized (es_stdout, VERSION, strlen(VERSION), ":", NULL);
1653 0 : es_printf ("\n");
1654 0 : any=1;
1655 : }
1656 :
1657 5 : if(show_all || ascii_strcasecmp(name,"pubkey")==0)
1658 : {
1659 0 : es_printf ("cfg:pubkey:");
1660 0 : print_algo_numbers (build_list_pk_test_algo);
1661 0 : es_printf ("\n");
1662 0 : any=1;
1663 : }
1664 :
1665 5 : if(show_all || ascii_strcasecmp(name,"pubkeyname")==0)
1666 : {
1667 0 : es_printf ("cfg:pubkeyname:");
1668 0 : print_algo_names (build_list_pk_test_algo,
1669 : build_list_pk_algo_name);
1670 0 : es_printf ("\n");
1671 0 : any=1;
1672 : }
1673 :
1674 5 : if(show_all || ascii_strcasecmp(name,"cipher")==0)
1675 : {
1676 0 : es_printf ("cfg:cipher:");
1677 0 : print_algo_numbers (build_list_cipher_test_algo);
1678 0 : es_printf ("\n");
1679 0 : any=1;
1680 : }
1681 :
1682 5 : if (show_all || !ascii_strcasecmp (name,"ciphername"))
1683 : {
1684 4 : es_printf ("cfg:ciphername:");
1685 4 : print_algo_names (build_list_cipher_test_algo,
1686 : build_list_cipher_algo_name);
1687 4 : es_printf ("\n");
1688 4 : any = 1;
1689 : }
1690 :
1691 5 : if(show_all
1692 5 : || ascii_strcasecmp(name,"digest")==0
1693 5 : || ascii_strcasecmp(name,"hash")==0)
1694 : {
1695 0 : es_printf ("cfg:digest:");
1696 0 : print_algo_numbers (build_list_md_test_algo);
1697 0 : es_printf ("\n");
1698 0 : any=1;
1699 : }
1700 :
1701 5 : if (show_all
1702 5 : || !ascii_strcasecmp(name,"digestname")
1703 4 : || !ascii_strcasecmp(name,"hashname"))
1704 : {
1705 1 : es_printf ("cfg:digestname:");
1706 1 : print_algo_names (build_list_md_test_algo,
1707 : build_list_md_algo_name);
1708 1 : es_printf ("\n");
1709 1 : any=1;
1710 : }
1711 :
1712 5 : if(show_all || ascii_strcasecmp(name,"compress")==0)
1713 : {
1714 0 : es_printf ("cfg:compress:");
1715 0 : print_algo_numbers(check_compress_algo);
1716 0 : es_printf ("\n");
1717 0 : any=1;
1718 : }
1719 :
1720 5 : if (show_all || !ascii_strcasecmp(name,"ccid-reader-id"))
1721 : {
1722 : /* We ignore this for GnuPG 1.4 backward compatibility. */
1723 0 : any=1;
1724 : }
1725 :
1726 5 : if (show_all || !ascii_strcasecmp (name,"curve"))
1727 : {
1728 0 : es_printf ("cfg:curve:");
1729 0 : for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first=0)
1730 0 : es_printf ("%s%s", first?"":";", s);
1731 0 : es_printf ("\n");
1732 0 : any=1;
1733 : }
1734 :
1735 : /* Curve OIDs are rarely useful and thus only printed if requested. */
1736 5 : if (name && !ascii_strcasecmp (name,"curveoid"))
1737 : {
1738 0 : es_printf ("cfg:curveoid:");
1739 0 : for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first = 0)
1740 : {
1741 0 : s = openpgp_curve_to_oid (s, NULL);
1742 0 : es_printf ("%s%s", first?"":";", s? s:"[?]");
1743 : }
1744 0 : es_printf ("\n");
1745 0 : any=1;
1746 : }
1747 :
1748 5 : if(show_all)
1749 0 : break;
1750 :
1751 5 : if(!any)
1752 0 : log_error(_("unknown configuration item '%s'\n"),name);
1753 : }
1754 : }
1755 :
1756 :
1757 : /* List options and default values in the GPG Conf format. This is a
1758 : new tool distributed with gnupg 1.9.x but we also want some limited
1759 : support in older gpg versions. The output is the name of the
1760 : configuration file and a list of options available for editing by
1761 : gpgconf. */
1762 : static void
1763 0 : gpgconf_list (const char *configfile)
1764 : {
1765 0 : char *configfile_esc = percent_escape (configfile, NULL);
1766 :
1767 0 : es_printf ("%s-%s.conf:%lu:\"%s\n",
1768 : GPGCONF_NAME, GPG_NAME,
1769 : GC_OPT_FLAG_DEFAULT,
1770 : configfile_esc ? configfile_esc : "/dev/null");
1771 0 : es_printf ("verbose:%lu:\n", GC_OPT_FLAG_NONE);
1772 0 : es_printf ("quiet:%lu:\n", GC_OPT_FLAG_NONE);
1773 0 : es_printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
1774 0 : es_printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
1775 0 : es_printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE);
1776 0 : es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
1777 0 : es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
1778 0 : es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
1779 0 : es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
1780 0 : es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
1781 0 : es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
1782 :
1783 : /* The next one is an info only item and should match the macros at
1784 : the top of keygen.c */
1785 0 : es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
1786 : "RSA-2048");
1787 :
1788 0 : xfree (configfile_esc);
1789 0 : }
1790 :
1791 :
1792 : static int
1793 0 : parse_subpacket_list(char *list)
1794 : {
1795 : char *tok;
1796 : byte subpackets[128],i;
1797 0 : int count=0;
1798 :
1799 0 : if(!list)
1800 : {
1801 : /* No arguments means all subpackets */
1802 0 : memset(subpackets+1,1,sizeof(subpackets)-1);
1803 0 : count=127;
1804 : }
1805 : else
1806 : {
1807 0 : memset(subpackets,0,sizeof(subpackets));
1808 :
1809 : /* Merge with earlier copy */
1810 0 : if(opt.show_subpackets)
1811 : {
1812 : byte *in;
1813 :
1814 0 : for(in=opt.show_subpackets;*in;in++)
1815 : {
1816 0 : if(*in>127 || *in<1)
1817 0 : BUG();
1818 :
1819 0 : if(!subpackets[*in])
1820 0 : count++;
1821 0 : subpackets[*in]=1;
1822 : }
1823 : }
1824 :
1825 0 : while((tok=strsep(&list," ,")))
1826 : {
1827 0 : if(!*tok)
1828 0 : continue;
1829 :
1830 0 : i=atoi(tok);
1831 0 : if(i>127 || i<1)
1832 0 : return 0;
1833 :
1834 0 : if(!subpackets[i])
1835 0 : count++;
1836 0 : subpackets[i]=1;
1837 : }
1838 : }
1839 :
1840 0 : xfree(opt.show_subpackets);
1841 0 : opt.show_subpackets=xmalloc(count+1);
1842 0 : opt.show_subpackets[count--]=0;
1843 :
1844 0 : for(i=1;i<128 && count>=0;i++)
1845 0 : if(subpackets[i])
1846 0 : opt.show_subpackets[count--]=i;
1847 :
1848 0 : return 1;
1849 : }
1850 :
1851 :
1852 : static int
1853 0 : parse_list_options(char *str)
1854 : {
1855 0 : char *subpackets=""; /* something that isn't NULL */
1856 0 : struct parse_options lopts[]=
1857 : {
1858 : {"show-photos",LIST_SHOW_PHOTOS,NULL,
1859 : N_("display photo IDs during key listings")},
1860 : {"show-usage",LIST_SHOW_USAGE,NULL,
1861 : N_("show key usage information during key listings")},
1862 : {"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
1863 : N_("show policy URLs during signature listings")},
1864 : {"show-notations",LIST_SHOW_NOTATIONS,NULL,
1865 : N_("show all notations during signature listings")},
1866 : {"show-std-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1867 : N_("show IETF standard notations during signature listings")},
1868 : {"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL,
1869 : NULL},
1870 : {"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
1871 : N_("show user-supplied notations during signature listings")},
1872 : {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
1873 : N_("show preferred keyserver URLs during signature listings")},
1874 : {"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,
1875 : N_("show user ID validity during key listings")},
1876 : {"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL,
1877 : N_("show revoked and expired user IDs in key listings")},
1878 : {"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
1879 : N_("show revoked and expired subkeys in key listings")},
1880 : {"show-keyring",LIST_SHOW_KEYRING,NULL,
1881 : N_("show the keyring name in key listings")},
1882 : {"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
1883 : N_("show expiration dates during signature listings")},
1884 : {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,NULL,
1885 : NULL},
1886 : {NULL,0,NULL,NULL}
1887 : };
1888 :
1889 : /* C99 allows for non-constant initializers, but we'd like to
1890 : compile everywhere, so fill in the show-sig-subpackets argument
1891 : here. Note that if the parse_options array changes, we'll have
1892 : to change the subscript here. */
1893 0 : lopts[13].value=&subpackets;
1894 :
1895 0 : if(parse_options(str,&opt.list_options,lopts,1))
1896 : {
1897 0 : if(opt.list_options&LIST_SHOW_SIG_SUBPACKETS)
1898 : {
1899 : /* Unset so users can pass multiple lists in. */
1900 0 : opt.list_options&=~LIST_SHOW_SIG_SUBPACKETS;
1901 0 : if(!parse_subpacket_list(subpackets))
1902 0 : return 0;
1903 : }
1904 0 : else if(subpackets==NULL && opt.show_subpackets)
1905 : {
1906 : /* User did 'no-show-subpackets' */
1907 0 : xfree(opt.show_subpackets);
1908 0 : opt.show_subpackets=NULL;
1909 : }
1910 :
1911 0 : return 1;
1912 : }
1913 : else
1914 0 : return 0;
1915 : }
1916 :
1917 :
1918 : /* Collapses argc/argv into a single string that must be freed */
1919 : static char *
1920 5 : collapse_args(int argc,char *argv[])
1921 : {
1922 5 : char *str=NULL;
1923 5 : int i,first=1,len=0;
1924 :
1925 10 : for(i=0;i<argc;i++)
1926 : {
1927 5 : len+=strlen(argv[i])+2;
1928 5 : str=xrealloc(str,len);
1929 5 : if(first)
1930 : {
1931 5 : str[0]='\0';
1932 5 : first=0;
1933 : }
1934 : else
1935 0 : strcat(str," ");
1936 :
1937 5 : strcat(str,argv[i]);
1938 : }
1939 :
1940 5 : return str;
1941 : }
1942 :
1943 :
1944 : #ifndef NO_TRUST_MODELS
1945 : static void
1946 96 : parse_trust_model(const char *model)
1947 : {
1948 96 : if(ascii_strcasecmp(model,"pgp")==0)
1949 0 : opt.trust_model=TM_PGP;
1950 96 : else if(ascii_strcasecmp(model,"classic")==0)
1951 0 : opt.trust_model=TM_CLASSIC;
1952 96 : else if(ascii_strcasecmp(model,"always")==0)
1953 0 : opt.trust_model=TM_ALWAYS;
1954 96 : else if(ascii_strcasecmp(model,"direct")==0)
1955 0 : opt.trust_model=TM_DIRECT;
1956 : #ifdef USE_TOFU
1957 96 : else if(ascii_strcasecmp(model,"tofu")==0)
1958 96 : opt.trust_model=TM_TOFU;
1959 0 : else if(ascii_strcasecmp(model,"tofu+pgp")==0)
1960 0 : opt.trust_model=TM_TOFU_PGP;
1961 : #endif /*USE_TOFU*/
1962 0 : else if(ascii_strcasecmp(model,"auto")==0)
1963 0 : opt.trust_model=TM_AUTO;
1964 : else
1965 0 : log_error("unknown trust model '%s'\n",model);
1966 96 : }
1967 : #endif /*NO_TRUST_MODELS*/
1968 :
1969 : static int
1970 74 : parse_tofu_policy (const char *policy)
1971 : {
1972 : #ifdef USE_TOFU
1973 74 : if (ascii_strcasecmp (policy, "auto") == 0)
1974 14 : return TOFU_POLICY_AUTO;
1975 60 : else if (ascii_strcasecmp (policy, "good") == 0)
1976 16 : return TOFU_POLICY_GOOD;
1977 44 : else if (ascii_strcasecmp (policy, "unknown") == 0)
1978 16 : return TOFU_POLICY_UNKNOWN;
1979 28 : else if (ascii_strcasecmp (policy, "bad") == 0)
1980 16 : return TOFU_POLICY_BAD;
1981 12 : else if (ascii_strcasecmp (policy, "ask") == 0)
1982 12 : return TOFU_POLICY_ASK;
1983 : else
1984 : #endif /*USE_TOFU*/
1985 : {
1986 0 : log_error (_("unknown TOFU policy '%s'\n"), policy);
1987 0 : g10_exit (1);
1988 : }
1989 : }
1990 :
1991 : static int
1992 96 : parse_tofu_db_format (const char *db_format)
1993 : {
1994 : #ifdef USE_TOFU
1995 96 : if (ascii_strcasecmp (db_format, "auto") == 0)
1996 0 : return TOFU_DB_AUTO;
1997 96 : else if (ascii_strcasecmp (db_format, "split") == 0)
1998 48 : return TOFU_DB_SPLIT;
1999 48 : else if (ascii_strcasecmp (db_format, "flat") == 0)
2000 48 : return TOFU_DB_FLAT;
2001 : else
2002 : #endif /*USE_TOFU*/
2003 : {
2004 0 : log_error (_("unknown TOFU DB format '%s'\n"), db_format);
2005 0 : g10_exit (1);
2006 : }
2007 : }
2008 :
2009 : /* This fucntion called to initialized a new control object. It is
2010 : assumed that this object has been zeroed out before calling this
2011 : function. */
2012 : static void
2013 1276 : gpg_init_default_ctrl (ctrl_t ctrl)
2014 : {
2015 : (void)ctrl;
2016 1276 : }
2017 :
2018 :
2019 : /* This function is called to deinitialize a control object. It is
2020 : not deallocated. */
2021 : static void
2022 1272 : gpg_deinit_default_ctrl (ctrl_t ctrl)
2023 : {
2024 1272 : gpg_dirmngr_deinit_session_data (ctrl);
2025 1272 : }
2026 :
2027 :
2028 : char *
2029 1299 : get_default_configname (void)
2030 : {
2031 1299 : char *configname = NULL;
2032 1299 : char *name = xstrdup (GPG_NAME EXTSEP_S "conf-" SAFE_VERSION);
2033 1299 : char *ver = &name[strlen (GPG_NAME EXTSEP_S "conf-")];
2034 :
2035 : do
2036 : {
2037 5196 : if (configname)
2038 : {
2039 : char *tok;
2040 :
2041 3897 : xfree (configname);
2042 3897 : configname = NULL;
2043 :
2044 3897 : if ((tok = strrchr (ver, SAFE_VERSION_DASH)))
2045 0 : *tok='\0';
2046 3897 : else if ((tok = strrchr (ver, SAFE_VERSION_DOT)))
2047 2598 : *tok='\0';
2048 : else
2049 1299 : break;
2050 : }
2051 :
2052 3897 : configname = make_filename (opt.homedir, name, NULL);
2053 : }
2054 3897 : while (access (configname, R_OK));
2055 :
2056 1299 : xfree(name);
2057 :
2058 1299 : if (! configname)
2059 1299 : configname = make_filename (opt.homedir, GPG_NAME EXTSEP_S "conf", NULL);
2060 1299 : if (! access (configname, R_OK))
2061 : {
2062 : /* Print a warning when both config files are present. */
2063 1299 : char *p = make_filename (opt.homedir, "options", NULL);
2064 1299 : if (! access (p, R_OK))
2065 0 : log_info (_("Note: old default options file '%s' ignored\n"), p);
2066 1299 : xfree (p);
2067 : }
2068 : else
2069 : {
2070 : /* Use the old default only if it exists. */
2071 0 : char *p = make_filename (opt.homedir, "options", NULL);
2072 0 : if (!access (p, R_OK))
2073 : {
2074 0 : xfree (configname);
2075 0 : configname = p;
2076 : }
2077 : else
2078 0 : xfree (p);
2079 : }
2080 :
2081 1299 : return configname;
2082 : }
2083 :
2084 :
2085 : int
2086 1331 : main (int argc, char **argv)
2087 : {
2088 : ARGPARSE_ARGS pargs;
2089 : IOBUF a;
2090 1331 : int rc=0;
2091 : int orig_argc;
2092 : char **orig_argv;
2093 : const char *fname;
2094 : char *username;
2095 : int may_coredump;
2096 1331 : strlist_t sl, remusr= NULL, locusr=NULL;
2097 1331 : strlist_t nrings = NULL;
2098 1331 : armor_filter_context_t *afx = NULL;
2099 1331 : int detached_sig = 0;
2100 1331 : FILE *configfp = NULL;
2101 1331 : char *configname = NULL;
2102 1331 : char *save_configname = NULL;
2103 1331 : char *default_configname = NULL;
2104 : unsigned configlineno;
2105 1331 : int parse_debug = 0;
2106 1331 : int default_config = 1;
2107 1331 : int default_keyring = 1;
2108 1331 : int greeting = 0;
2109 1331 : int nogreeting = 0;
2110 1331 : char *logfile = NULL;
2111 1331 : int use_random_seed = 1;
2112 1331 : enum cmd_and_opt_values cmd = 0;
2113 1331 : const char *debug_level = NULL;
2114 : #ifndef NO_TRUST_MODELS
2115 1331 : const char *trustdb_name = NULL;
2116 : #endif /*!NO_TRUST_MODELS*/
2117 1331 : char *def_cipher_string = NULL;
2118 1331 : char *def_digest_string = NULL;
2119 1331 : char *compress_algo_string = NULL;
2120 1331 : char *cert_digest_string = NULL;
2121 1331 : char *s2k_cipher_string = NULL;
2122 1331 : char *s2k_digest_string = NULL;
2123 1331 : char *pers_cipher_list = NULL;
2124 1331 : char *pers_digest_list = NULL;
2125 1331 : char *pers_compress_list = NULL;
2126 1331 : int eyes_only=0;
2127 1331 : int multifile=0;
2128 1331 : int pwfd = -1;
2129 1331 : int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
2130 1331 : int any_explicit_recipient = 0;
2131 1331 : int require_secmem=0,got_secmem=0;
2132 : struct assuan_malloc_hooks malloc_hooks;
2133 : ctrl_t ctrl;
2134 :
2135 : #ifdef __riscos__
2136 : opt.lock_once = 1;
2137 : #endif /* __riscos__ */
2138 :
2139 :
2140 : /* Please note that we may running SUID(ROOT), so be very CAREFUL
2141 : when adding any stuff between here and the call to
2142 : secmem_init() somewhere after the option parsing. */
2143 1331 : early_system_init ();
2144 1331 : gnupg_reopen_std (GPG_NAME);
2145 1331 : trap_unaligned ();
2146 1331 : gnupg_rl_initialize ();
2147 1331 : set_strusage (my_strusage);
2148 1331 : gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
2149 1331 : log_set_prefix (GPG_NAME, 1);
2150 :
2151 : /* Make sure that our subsystems are ready. */
2152 1331 : i18n_init();
2153 1331 : init_common_subsystems (&argc, &argv);
2154 :
2155 : /* Check that the libraries are suitable. Do it right here because the
2156 : option parsing may need services of the library. */
2157 1331 : if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
2158 : {
2159 0 : log_fatal ( _("libgcrypt is too old (need %s, have %s)\n"),
2160 : NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
2161 : }
2162 :
2163 : /* Use our own logging handler for Libcgrypt. */
2164 1331 : setup_libgcrypt_logging ();
2165 :
2166 : /* Put random number into secure memory */
2167 1331 : gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
2168 :
2169 1331 : may_coredump = disable_core_dumps();
2170 :
2171 1331 : gnupg_init_signals (0, emergency_cleanup);
2172 :
2173 1331 : dotlock_create (NULL, 0); /* Register lock file cleanup. */
2174 :
2175 1331 : opt.autostart = 1;
2176 1331 : opt.session_env = session_env_new ();
2177 1331 : if (!opt.session_env)
2178 0 : log_fatal ("error allocating session environment block: %s\n",
2179 0 : strerror (errno));
2180 :
2181 1331 : opt.command_fd = -1; /* no command fd */
2182 1331 : opt.compress_level = -1; /* defaults to standard compress level */
2183 1331 : opt.bz2_compress_level = -1; /* defaults to standard compress level */
2184 : /* note: if you change these lines, look at oOpenPGP */
2185 1331 : opt.def_cipher_algo = 0;
2186 1331 : opt.def_digest_algo = 0;
2187 1331 : opt.cert_digest_algo = 0;
2188 1331 : opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
2189 1331 : opt.s2k_mode = 3; /* iterated+salted */
2190 1331 : opt.s2k_count = 0; /* Auto-calibrate when needed. */
2191 1331 : opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
2192 1331 : opt.completes_needed = 1;
2193 1331 : opt.marginals_needed = 3;
2194 1331 : opt.max_cert_depth = 5;
2195 1331 : opt.escape_from = 1;
2196 1331 : opt.flags.require_cross_cert = 1;
2197 1331 : opt.import_options = 0;
2198 1331 : opt.export_options = EXPORT_ATTRIBUTES;
2199 1331 : opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG;
2200 1331 : opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
2201 1331 : opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
2202 1331 : opt.verify_options = (LIST_SHOW_UID_VALIDITY
2203 : | VERIFY_SHOW_POLICY_URLS
2204 : | VERIFY_SHOW_STD_NOTATIONS
2205 : | VERIFY_SHOW_KEYSERVER_URLS);
2206 1331 : opt.list_options = LIST_SHOW_UID_VALIDITY;
2207 : #ifdef NO_TRUST_MODELS
2208 : opt.trust_model = TM_ALWAYS;
2209 : #else
2210 1331 : opt.trust_model = TM_AUTO;
2211 : #endif
2212 1331 : opt.tofu_default_policy = TOFU_POLICY_AUTO;
2213 1331 : opt.tofu_db_format = TOFU_DB_AUTO;
2214 1331 : opt.mangle_dos_filenames = 0;
2215 1331 : opt.min_cert_level = 2;
2216 1331 : set_screen_dimensions ();
2217 1331 : opt.keyid_format = KF_SHORT;
2218 1331 : opt.def_sig_expire = "0";
2219 1331 : opt.def_cert_expire = "0";
2220 1331 : set_homedir (default_homedir ());
2221 1331 : opt.passphrase_repeat = 1;
2222 1331 : opt.emit_version = 1; /* Limit to the major number. */
2223 1331 : opt.weak_digests = NULL;
2224 1331 : additional_weak_digest("MD5");
2225 :
2226 : /* Check whether we have a config file on the command line. */
2227 1331 : orig_argc = argc;
2228 1331 : orig_argv = argv;
2229 1331 : pargs.argc = &argc;
2230 1331 : pargs.argv = &argv;
2231 1331 : pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
2232 9362 : while( arg_parse( &pargs, opts) ) {
2233 6700 : if( pargs.r_opt == oDebug || pargs.r_opt == oDebugAll )
2234 0 : parse_debug++;
2235 6700 : else if (pargs.r_opt == oDebugIOLBF)
2236 0 : es_setvbuf (es_stdout, NULL, _IOLBF, 0);
2237 6700 : else if( pargs.r_opt == oOptions ) {
2238 : /* yes there is one, so we do not try the default one, but
2239 : * read the option file when it is encountered at the commandline
2240 : */
2241 0 : default_config = 0;
2242 : }
2243 6700 : else if( pargs.r_opt == oNoOptions )
2244 : {
2245 0 : default_config = 0; /* --no-options */
2246 0 : opt.no_homedir_creation = 1;
2247 : }
2248 6700 : else if( pargs.r_opt == oHomedir )
2249 0 : set_homedir ( pargs.r.ret_str );
2250 6700 : else if( pargs.r_opt == oNoPermissionWarn )
2251 1331 : opt.no_perm_warn=1;
2252 5369 : else if (pargs.r_opt == oStrict )
2253 : {
2254 : /* Not used */
2255 : }
2256 5369 : else if (pargs.r_opt == oNoStrict )
2257 : {
2258 : /* Not used */
2259 : }
2260 : }
2261 :
2262 : #ifdef HAVE_DOSISH_SYSTEM
2263 : if ( strchr (opt.homedir,'\\') ) {
2264 : char *d, *buf = xmalloc (strlen (opt.homedir)+1);
2265 : const char *s = opt.homedir;
2266 : for (d=buf,s=opt.homedir; *s; s++)
2267 : {
2268 : *d++ = *s == '\\'? '/': *s;
2269 : #ifdef HAVE_W32_SYSTEM
2270 : if (s[1] && IsDBCSLeadByte (*s))
2271 : *d++ = *++s;
2272 : #endif
2273 : }
2274 : *d = 0;
2275 : set_homedir (buf);
2276 : }
2277 : #endif
2278 :
2279 : /* Initialize the secure memory. */
2280 1299 : if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
2281 1299 : got_secmem = 1;
2282 : #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
2283 : /* There should be no way to get to this spot while still carrying
2284 : setuid privs. Just in case, bomb out if we are. */
2285 : if ( getuid () != geteuid () )
2286 : BUG ();
2287 : #endif
2288 1299 : maybe_setuid = 0;
2289 :
2290 : /* Okay, we are now working under our real uid */
2291 :
2292 : /* malloc hooks go here ... */
2293 1299 : malloc_hooks.malloc = gcry_malloc;
2294 1299 : malloc_hooks.realloc = gcry_realloc;
2295 1299 : malloc_hooks.free = gcry_free;
2296 1299 : assuan_set_malloc_hooks (&malloc_hooks);
2297 1299 : assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
2298 1299 : setup_libassuan_logging (&opt.debug);
2299 :
2300 : /* Try for a version specific config file first */
2301 1299 : default_configname = get_default_configname ();
2302 1299 : if (default_config)
2303 1299 : configname = xstrdup (default_configname);
2304 :
2305 1299 : argc = orig_argc;
2306 1299 : argv = orig_argv;
2307 1299 : pargs.argc = &argc;
2308 1299 : pargs.argv = &argv;
2309 1299 : pargs.flags= ARGPARSE_FLAG_KEEP;
2310 :
2311 : /* By this point we have a homedir, and cannot change it. */
2312 1299 : check_permissions(opt.homedir,0);
2313 :
2314 : next_pass:
2315 2598 : if( configname ) {
2316 1299 : if(check_permissions(configname,1))
2317 : {
2318 : /* If any options file is unsafe, then disable any external
2319 : programs for keyserver calls or photo IDs. Since the
2320 : external program to call is set in the options file, a
2321 : unsafe options file can lead to an arbitrary program
2322 : being run. */
2323 :
2324 0 : opt.exec_disable=1;
2325 : }
2326 :
2327 1299 : configlineno = 0;
2328 1299 : configfp = fopen( configname, "r" );
2329 1299 : if (configfp && is_secured_file (fileno (configfp)))
2330 : {
2331 0 : fclose (configfp);
2332 0 : configfp = NULL;
2333 0 : gpg_err_set_errno (EPERM);
2334 : }
2335 1299 : if( !configfp ) {
2336 0 : if( default_config ) {
2337 0 : if( parse_debug )
2338 0 : log_info(_("Note: no default option file '%s'\n"),
2339 : configname );
2340 : }
2341 : else {
2342 0 : log_error(_("option file '%s': %s\n"),
2343 0 : configname, strerror(errno) );
2344 0 : g10_exit(2);
2345 : }
2346 0 : xfree(configname); configname = NULL;
2347 : }
2348 1299 : if( parse_debug && configname )
2349 0 : log_info(_("reading options from '%s'\n"), configname );
2350 1299 : default_config = 0;
2351 : }
2352 :
2353 20934 : while( optfile_parse( configfp, configname, &configlineno,
2354 : &pargs, opts) )
2355 : {
2356 15738 : switch( pargs.r_opt )
2357 : {
2358 : case aCheckKeys:
2359 : case aListConfig:
2360 : case aListGcryptConfig:
2361 : case aGPGConfList:
2362 : case aGPGConfTest:
2363 : case aListPackets:
2364 : case aImport:
2365 : case aFastImport:
2366 : case aSendKeys:
2367 : case aRecvKeys:
2368 : case aSearchKeys:
2369 : case aRefreshKeys:
2370 : case aFetchKeys:
2371 : case aExport:
2372 : #ifdef ENABLE_CARD_SUPPORT
2373 : case aCardStatus:
2374 : case aCardEdit:
2375 : case aChangePIN:
2376 : #endif /* ENABLE_CARD_SUPPORT*/
2377 : case aListKeys:
2378 : case aLocateKeys:
2379 : case aListSigs:
2380 : case aExportSecret:
2381 : case aExportSecretSub:
2382 : case aSym:
2383 : case aClearsign:
2384 : case aGenRevoke:
2385 : case aDesigRevoke:
2386 : case aPrimegen:
2387 : case aGenRandom:
2388 : case aPrintMD:
2389 : case aPrintMDs:
2390 : case aListTrustDB:
2391 : case aCheckTrustDB:
2392 : case aUpdateTrustDB:
2393 : case aFixTrustDB:
2394 : case aListTrustPath:
2395 : case aDeArmor:
2396 : case aEnArmor:
2397 : case aSign:
2398 : case aQuickSignKey:
2399 : case aQuickLSignKey:
2400 : case aSignKey:
2401 : case aLSignKey:
2402 : case aStore:
2403 : case aQuickKeygen:
2404 : case aQuickAddUid:
2405 : case aExportOwnerTrust:
2406 : case aImportOwnerTrust:
2407 : case aRebuildKeydbCaches:
2408 468 : set_cmd (&cmd, pargs.r_opt);
2409 468 : break;
2410 :
2411 : case aKeygen:
2412 : case aFullKeygen:
2413 : case aEditKey:
2414 : case aDeleteSecretKeys:
2415 : case aDeleteSecretAndPublicKeys:
2416 : case aDeleteKeys:
2417 : case aPasswd:
2418 10 : set_cmd (&cmd, pargs.r_opt);
2419 10 : greeting=1;
2420 10 : break;
2421 :
2422 16 : case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
2423 :
2424 0 : case aDecryptFiles: multifile=1; /* fall through */
2425 0 : case aDecrypt: set_cmd( &cmd, aDecrypt); break;
2426 :
2427 0 : case aEncrFiles: multifile=1; /* fall through */
2428 236 : case aEncr: set_cmd( &cmd, aEncr); break;
2429 :
2430 0 : case aVerifyFiles: multifile=1; /* fall through */
2431 42 : case aVerify: set_cmd( &cmd, aVerify); break;
2432 :
2433 : case aServer:
2434 0 : set_cmd (&cmd, pargs.r_opt);
2435 0 : opt.batch = 1;
2436 0 : break;
2437 :
2438 : case aTOFUPolicy:
2439 8 : set_cmd (&cmd, pargs.r_opt);
2440 8 : break;
2441 :
2442 39 : case oArmor: opt.armor = 1; opt.no_armor=0; break;
2443 1053 : case oOutput: opt.outfile = pargs.r.ret_str; break;
2444 0 : case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
2445 2 : case oQuiet: opt.quiet = 1; break;
2446 0 : case oNoTTY: tty_no_terminal(1); break;
2447 0 : case oDryRun: opt.dry_run = 1; break;
2448 0 : case oInteractive: opt.interactive = 1; break;
2449 : case oVerbose:
2450 0 : opt.verbose++;
2451 0 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2452 0 : opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
2453 0 : opt.list_options|=LIST_SHOW_UNUSABLE_SUBKEYS;
2454 0 : break;
2455 :
2456 : case oBatch:
2457 1309 : opt.batch = 1;
2458 1309 : nogreeting = 1;
2459 1309 : break;
2460 :
2461 : case oUseAgent: /* Dummy. */
2462 0 : break;
2463 :
2464 : case oNoUseAgent:
2465 0 : obsolete_option (configname, configlineno, "no-use-agent");
2466 0 : break;
2467 : case oGpgAgentInfo:
2468 0 : obsolete_option (configname, configlineno, "gpg-agent-info");
2469 0 : break;
2470 : case oReaderPort:
2471 0 : obsolete_scdaemon_option (configname, configlineno, "reader-port");
2472 0 : break;
2473 : case octapiDriver:
2474 0 : obsolete_scdaemon_option (configname, configlineno, "ctapi-driver");
2475 0 : break;
2476 : case opcscDriver:
2477 0 : obsolete_scdaemon_option (configname, configlineno, "pcsc-driver");
2478 0 : break;
2479 : case oDisableCCID:
2480 0 : obsolete_scdaemon_option (configname, configlineno, "disable-ccid");
2481 0 : break;
2482 : case oHonorHttpProxy:
2483 0 : obsolete_option (configname, configlineno, "honor-http-proxy");
2484 0 : break;
2485 :
2486 1090 : case oAnswerYes: opt.answer_yes = 1; break;
2487 0 : case oAnswerNo: opt.answer_no = 1; break;
2488 0 : case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
2489 : case oPrimaryKeyring:
2490 0 : sl = append_to_strlist (&nrings, pargs.r.ret_str);
2491 0 : sl->flags = KEYDB_RESOURCE_FLAG_PRIMARY;
2492 0 : break;
2493 : case oShowKeyring:
2494 0 : deprecated_warning(configname,configlineno,"--show-keyring",
2495 : "--list-options ","show-keyring");
2496 0 : opt.list_options|=LIST_SHOW_KEYRING;
2497 0 : break;
2498 :
2499 : case oDebug:
2500 0 : if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
2501 : {
2502 0 : pargs.r_opt = ARGPARSE_INVALID_ARG;
2503 0 : pargs.err = ARGPARSE_PRINT_ERROR;
2504 : }
2505 0 : break;
2506 :
2507 0 : case oDebugAll: opt.debug = ~0; break;
2508 0 : case oDebugLevel: debug_level = pargs.r.ret_str; break;
2509 :
2510 0 : case oDebugIOLBF: break; /* Already set in pre-parse step. */
2511 :
2512 : case oStatusFD:
2513 0 : set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2514 0 : break;
2515 : case oStatusFile:
2516 0 : set_status_fd ( open_info_file (pargs.r.ret_str, 1, 0) );
2517 0 : break;
2518 : case oAttributeFD:
2519 0 : set_attrib_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
2520 0 : break;
2521 : case oAttributeFile:
2522 0 : set_attrib_fd ( open_info_file (pargs.r.ret_str, 1, 1) );
2523 0 : break;
2524 : case oLoggerFD:
2525 0 : log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
2526 0 : break;
2527 : case oLoggerFile:
2528 0 : logfile = pargs.r.ret_str;
2529 0 : break;
2530 :
2531 : case oWithFingerprint:
2532 0 : opt.with_fingerprint = 1;
2533 0 : opt.fingerprint++;
2534 0 : break;
2535 : case oWithICAOSpelling:
2536 0 : opt.with_icao_spelling = 1;
2537 0 : break;
2538 : case oFingerprint:
2539 0 : opt.fingerprint++;
2540 0 : fpr_maybe_cmd = 1;
2541 0 : break;
2542 :
2543 : case oWithKeygrip:
2544 0 : opt.with_keygrip = 1;
2545 0 : break;
2546 :
2547 : case oWithSecret:
2548 0 : opt.with_secret = 1;
2549 0 : break;
2550 :
2551 : case oSecretKeyring:
2552 : /* Ignore this old option. */
2553 0 : break;
2554 :
2555 : case oOptions:
2556 : /* config files may not be nested (silently ignore them) */
2557 0 : if( !configfp ) {
2558 0 : xfree(configname);
2559 0 : configname = xstrdup(pargs.r.ret_str);
2560 0 : goto next_pass;
2561 : }
2562 0 : break;
2563 0 : case oNoArmor: opt.no_armor=1; opt.armor=0; break;
2564 0 : case oNoDefKeyring: default_keyring = 0; break;
2565 1299 : case oNoGreeting: nogreeting = 1; break;
2566 : case oNoVerbose:
2567 0 : opt.verbose = 0;
2568 0 : gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
2569 0 : opt.list_sigs=0;
2570 0 : break;
2571 : case oQuickRandom:
2572 0 : gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
2573 0 : break;
2574 0 : case oEmitVersion: opt.emit_version++; break;
2575 0 : case oNoEmitVersion: opt.emit_version=0; break;
2576 0 : case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
2577 0 : case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
2578 0 : case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
2579 :
2580 : #ifndef NO_TRUST_MODELS
2581 0 : case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
2582 :
2583 : #endif /*!NO_TRUST_MODELS*/
2584 : case oDefaultKey:
2585 0 : add_to_strlist (&opt.def_secret_key, pargs.r.ret_str);
2586 0 : break;
2587 : case oDefRecipient:
2588 0 : if( *pargs.r.ret_str )
2589 : {
2590 0 : xfree (opt.def_recipient);
2591 0 : opt.def_recipient = make_username(pargs.r.ret_str);
2592 : }
2593 0 : break;
2594 : case oDefRecipientSelf:
2595 0 : xfree(opt.def_recipient); opt.def_recipient = NULL;
2596 0 : opt.def_recipient_self = 1;
2597 0 : break;
2598 : case oNoDefRecipient:
2599 0 : xfree(opt.def_recipient); opt.def_recipient = NULL;
2600 0 : opt.def_recipient_self = 0;
2601 0 : break;
2602 0 : case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
2603 0 : case oHomedir: break;
2604 0 : case oNoBatch: opt.batch = 0; break;
2605 :
2606 0 : case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
2607 92 : case oWithColons: opt.with_colons=':'; break;
2608 :
2609 0 : case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/
2610 0 : case oWithSigList: opt.list_sigs = 1; break;
2611 :
2612 0 : case oSkipVerify: opt.skip_verify=1; break;
2613 :
2614 0 : case oSkipHiddenRecipients: opt.skip_hidden_recipients = 1; break;
2615 0 : case oNoSkipHiddenRecipients: opt.skip_hidden_recipients = 0; break;
2616 :
2617 0 : case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
2618 :
2619 : #ifndef NO_TRUST_MODELS
2620 : /* There are many programs (like mutt) that call gpg with
2621 : --always-trust so keep this option around for a long
2622 : time. */
2623 236 : case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
2624 : case oTrustModel:
2625 96 : parse_trust_model(pargs.r.ret_str);
2626 96 : break;
2627 : #endif /*!NO_TRUST_MODELS*/
2628 : case oTOFUDefaultPolicy:
2629 66 : opt.tofu_default_policy = parse_tofu_policy (pargs.r.ret_str);
2630 66 : break;
2631 : case oTOFUDBFormat:
2632 96 : opt.tofu_db_format = parse_tofu_db_format (pargs.r.ret_str);
2633 96 : break;
2634 :
2635 : case oForceOwnertrust:
2636 0 : log_info(_("Note: %s is not for normal use!\n"),
2637 : "--force-ownertrust");
2638 0 : opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
2639 0 : if(opt.force_ownertrust==-1)
2640 : {
2641 0 : log_error("invalid ownertrust '%s'\n",pargs.r.ret_str);
2642 0 : opt.force_ownertrust=0;
2643 : }
2644 0 : break;
2645 : case oLoadExtension:
2646 : /* Dummy so that gpg 1.4 conf files can work. Should
2647 : eventually be removed. */
2648 0 : break;
2649 : case oOpenPGP:
2650 : case oRFC4880:
2651 : /* This is effectively the same as RFC2440, but with
2652 : "--enable-dsa2 --no-rfc2440-text --escape-from-lines
2653 : --require-cross-certification". */
2654 0 : opt.compliance = CO_RFC4880;
2655 0 : opt.flags.dsa2 = 1;
2656 0 : opt.flags.require_cross_cert = 1;
2657 0 : opt.rfc2440_text = 0;
2658 0 : opt.allow_non_selfsigned_uid = 1;
2659 0 : opt.allow_freeform_uid = 1;
2660 0 : opt.escape_from = 1;
2661 0 : opt.not_dash_escaped = 0;
2662 0 : opt.def_cipher_algo = 0;
2663 0 : opt.def_digest_algo = 0;
2664 0 : opt.cert_digest_algo = 0;
2665 0 : opt.compress_algo = -1;
2666 0 : opt.s2k_mode = 3; /* iterated+salted */
2667 0 : opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2668 0 : opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2669 0 : break;
2670 : case oRFC2440:
2671 0 : opt.compliance = CO_RFC2440;
2672 0 : opt.flags.dsa2 = 0;
2673 0 : opt.rfc2440_text = 1;
2674 0 : opt.allow_non_selfsigned_uid = 1;
2675 0 : opt.allow_freeform_uid = 1;
2676 0 : opt.escape_from = 0;
2677 0 : opt.not_dash_escaped = 0;
2678 0 : opt.def_cipher_algo = 0;
2679 0 : opt.def_digest_algo = 0;
2680 0 : opt.cert_digest_algo = 0;
2681 0 : opt.compress_algo = -1;
2682 0 : opt.s2k_mode = 3; /* iterated+salted */
2683 0 : opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
2684 0 : opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
2685 0 : break;
2686 0 : case oPGP6: opt.compliance = CO_PGP6; break;
2687 0 : case oPGP7: opt.compliance = CO_PGP7; break;
2688 0 : case oPGP8: opt.compliance = CO_PGP8; break;
2689 0 : case oGnuPG: opt.compliance = CO_GNUPG; break;
2690 0 : case oRFC2440Text: opt.rfc2440_text=1; break;
2691 0 : case oNoRFC2440Text: opt.rfc2440_text=0; break;
2692 : case oSetFilename:
2693 0 : if(utf8_strings)
2694 0 : opt.set_filename = pargs.r.ret_str;
2695 : else
2696 0 : opt.set_filename = native_to_utf8(pargs.r.ret_str);
2697 0 : break;
2698 0 : case oForYourEyesOnly: eyes_only = 1; break;
2699 0 : case oNoForYourEyesOnly: eyes_only = 0; break;
2700 : case oSetPolicyURL:
2701 0 : add_policy_url(pargs.r.ret_str,0);
2702 0 : add_policy_url(pargs.r.ret_str,1);
2703 0 : break;
2704 0 : case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
2705 0 : case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
2706 : case oShowPolicyURL:
2707 0 : deprecated_warning(configname,configlineno,"--show-policy-url",
2708 : "--list-options ","show-policy-urls");
2709 0 : deprecated_warning(configname,configlineno,"--show-policy-url",
2710 : "--verify-options ","show-policy-urls");
2711 0 : opt.list_options|=LIST_SHOW_POLICY_URLS;
2712 0 : opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
2713 0 : break;
2714 : case oNoShowPolicyURL:
2715 0 : deprecated_warning(configname,configlineno,"--no-show-policy-url",
2716 : "--list-options ","no-show-policy-urls");
2717 0 : deprecated_warning(configname,configlineno,"--no-show-policy-url",
2718 : "--verify-options ","no-show-policy-urls");
2719 0 : opt.list_options&=~LIST_SHOW_POLICY_URLS;
2720 0 : opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
2721 0 : break;
2722 0 : case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
2723 : case oUseEmbeddedFilename:
2724 0 : opt.flags.use_embedded_filename=1;
2725 0 : break;
2726 : case oNoUseEmbeddedFilename:
2727 0 : opt.flags.use_embedded_filename=0;
2728 0 : break;
2729 : case oComment:
2730 0 : if(pargs.r.ret_str[0])
2731 0 : append_to_strlist(&opt.comments,pargs.r.ret_str);
2732 0 : break;
2733 : case oDefaultComment:
2734 0 : deprecated_warning(configname,configlineno,
2735 : "--default-comment","--no-comments","");
2736 : /* fall through */
2737 : case oNoComments:
2738 0 : free_strlist(opt.comments);
2739 0 : opt.comments=NULL;
2740 0 : break;
2741 0 : case oThrowKeyids: opt.throw_keyids = 1; break;
2742 0 : case oNoThrowKeyids: opt.throw_keyids = 0; break;
2743 : case oShowPhotos:
2744 0 : deprecated_warning(configname,configlineno,"--show-photos",
2745 : "--list-options ","show-photos");
2746 0 : deprecated_warning(configname,configlineno,"--show-photos",
2747 : "--verify-options ","show-photos");
2748 0 : opt.list_options|=LIST_SHOW_PHOTOS;
2749 0 : opt.verify_options|=VERIFY_SHOW_PHOTOS;
2750 0 : break;
2751 : case oNoShowPhotos:
2752 0 : deprecated_warning(configname,configlineno,"--no-show-photos",
2753 : "--list-options ","no-show-photos");
2754 0 : deprecated_warning(configname,configlineno,"--no-show-photos",
2755 : "--verify-options ","no-show-photos");
2756 0 : opt.list_options&=~LIST_SHOW_PHOTOS;
2757 0 : opt.verify_options&=~VERIFY_SHOW_PHOTOS;
2758 0 : break;
2759 0 : case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
2760 :
2761 187 : case oForceMDC: opt.force_mdc = 1; break;
2762 0 : case oNoForceMDC: opt.force_mdc = 0; break;
2763 0 : case oDisableMDC: opt.disable_mdc = 1; break;
2764 0 : case oNoDisableMDC: opt.disable_mdc = 0; break;
2765 0 : case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
2766 0 : case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
2767 0 : case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
2768 : case oS2KCount:
2769 436 : if (pargs.r.ret_int)
2770 436 : opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
2771 : else
2772 0 : opt.s2k_count = 0; /* Auto-calibrate when needed. */
2773 436 : break;
2774 0 : case oNoEncryptTo: opt.no_encrypt_to = 1; break;
2775 : case oEncryptTo: /* store the recipient in the second list */
2776 0 : sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2777 0 : sl->flags = 1;
2778 0 : break;
2779 : case oHiddenEncryptTo: /* store the recipient in the second list */
2780 0 : sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2781 0 : sl->flags = 1|2;
2782 0 : break;
2783 : case oEncryptToDefaultKey:
2784 0 : opt.encrypt_to_default_key = 1;
2785 0 : break;
2786 : case oRecipient: /* store the recipient */
2787 236 : add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2788 236 : any_explicit_recipient = 1;
2789 236 : break;
2790 : case oHiddenRecipient: /* store the recipient with a flag */
2791 0 : sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
2792 0 : sl->flags = 2;
2793 0 : any_explicit_recipient = 1;
2794 0 : break;
2795 :
2796 : case oTrySecretKey:
2797 0 : add_to_strlist2 (&opt.secret_keys_to_try,
2798 0 : pargs.r.ret_str, utf8_strings);
2799 0 : break;
2800 :
2801 3 : case oTextmodeShort: opt.textmode = 2; break;
2802 0 : case oTextmode: opt.textmode=1; break;
2803 0 : case oNoTextmode: opt.textmode=0; break;
2804 0 : case oExpert: opt.expert = 1; break;
2805 0 : case oNoExpert: opt.expert = 0; break;
2806 : case oDefSigExpire:
2807 0 : if(*pargs.r.ret_str!='\0')
2808 : {
2809 0 : if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2810 0 : log_error(_("'%s' is not a valid signature expiration\n"),
2811 : pargs.r.ret_str);
2812 : else
2813 0 : opt.def_sig_expire=pargs.r.ret_str;
2814 : }
2815 0 : break;
2816 0 : case oAskSigExpire: opt.ask_sig_expire = 1; break;
2817 0 : case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
2818 : case oDefCertExpire:
2819 0 : if(*pargs.r.ret_str!='\0')
2820 : {
2821 0 : if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
2822 0 : log_error(_("'%s' is not a valid signature expiration\n"),
2823 : pargs.r.ret_str);
2824 : else
2825 0 : opt.def_cert_expire=pargs.r.ret_str;
2826 : }
2827 0 : break;
2828 0 : case oAskCertExpire: opt.ask_cert_expire = 1; break;
2829 0 : case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
2830 0 : case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
2831 0 : case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
2832 0 : case oAskCertLevel: opt.ask_cert_level = 1; break;
2833 0 : case oNoAskCertLevel: opt.ask_cert_level = 0; break;
2834 : case oLocalUser: /* store the local users */
2835 45 : add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
2836 45 : break;
2837 : case oCompress:
2838 : /* this is the -z command line option */
2839 0 : opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
2840 0 : break;
2841 0 : case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
2842 0 : case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
2843 0 : case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
2844 : case oPassphrase:
2845 0 : set_passphrase_from_string(pargs.r.ret_str);
2846 0 : break;
2847 : case oPassphraseFD:
2848 493 : pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
2849 493 : break;
2850 : case oPassphraseFile:
2851 0 : pwfd = open_info_file (pargs.r.ret_str, 0, 1);
2852 0 : break;
2853 : case oPassphraseRepeat:
2854 0 : opt.passphrase_repeat = pargs.r.ret_int;
2855 0 : break;
2856 :
2857 : case oPinentryMode:
2858 0 : opt.pinentry_mode = parse_pinentry_mode (pargs.r.ret_str);
2859 0 : if (opt.pinentry_mode == -1)
2860 0 : log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
2861 0 : break;
2862 :
2863 : case oCommandFD:
2864 0 : opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
2865 0 : break;
2866 : case oCommandFile:
2867 0 : opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
2868 0 : break;
2869 : case oCipherAlgo:
2870 363 : def_cipher_string = xstrdup(pargs.r.ret_str);
2871 363 : break;
2872 : case oDigestAlgo:
2873 16 : def_digest_string = xstrdup(pargs.r.ret_str);
2874 16 : break;
2875 : case oCompressAlgo:
2876 : /* If it is all digits, stick a Z in front of it for
2877 : later. This is for backwards compatibility with
2878 : versions that took the compress algorithm number. */
2879 : {
2880 0 : char *pt=pargs.r.ret_str;
2881 0 : while(*pt)
2882 : {
2883 0 : if (!isascii (*pt) || !isdigit (*pt))
2884 : break;
2885 :
2886 0 : pt++;
2887 : }
2888 :
2889 0 : if(*pt=='\0')
2890 : {
2891 0 : compress_algo_string=xmalloc(strlen(pargs.r.ret_str)+2);
2892 0 : strcpy(compress_algo_string,"Z");
2893 0 : strcat(compress_algo_string,pargs.r.ret_str);
2894 : }
2895 : else
2896 0 : compress_algo_string = xstrdup(pargs.r.ret_str);
2897 : }
2898 0 : break;
2899 : case oCertDigestAlgo:
2900 0 : cert_digest_string = xstrdup(pargs.r.ret_str);
2901 0 : break;
2902 :
2903 : case oNoSecmemWarn:
2904 1299 : gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
2905 1299 : break;
2906 :
2907 0 : case oRequireSecmem: require_secmem=1; break;
2908 0 : case oNoRequireSecmem: require_secmem=0; break;
2909 2598 : case oNoPermissionWarn: opt.no_perm_warn=1; break;
2910 0 : case oNoMDCWarn: opt.no_mdc_warn=1; break;
2911 : case oDisplayCharset:
2912 0 : if( set_native_charset( pargs.r.ret_str ) )
2913 0 : log_error(_("'%s' is not a valid character set\n"),
2914 : pargs.r.ret_str);
2915 0 : break;
2916 1 : case oNotDashEscaped: opt.not_dash_escaped = 1; break;
2917 0 : case oEscapeFrom: opt.escape_from = 1; break;
2918 0 : case oNoEscapeFrom: opt.escape_from = 0; break;
2919 0 : case oLockOnce: opt.lock_once = 1; break;
2920 : case oLockNever:
2921 0 : dotlock_disable ();
2922 0 : break;
2923 : case oLockMultiple:
2924 : #ifndef __riscos__
2925 0 : opt.lock_once = 0;
2926 : #else /* __riscos__ */
2927 : riscos_not_implemented("lock-multiple");
2928 : #endif /* __riscos__ */
2929 0 : break;
2930 : case oKeyServer:
2931 : {
2932 : keyserver_spec_t keyserver;
2933 0 : keyserver = parse_keyserver_uri (pargs.r.ret_str, 0);
2934 0 : if (!keyserver)
2935 0 : log_error (_("could not parse keyserver URL\n"));
2936 : else
2937 : {
2938 : /* We only support a single keyserver. Later ones
2939 : override earlier ones. (Since we parse the
2940 : config file first and then the command line
2941 : arguments, the command line takes
2942 : precedence.) */
2943 0 : if (opt.keyserver)
2944 0 : free_keyserver_spec (opt.keyserver);
2945 0 : opt.keyserver = keyserver;
2946 : }
2947 : }
2948 0 : break;
2949 : case oKeyServerOptions:
2950 0 : if(!parse_keyserver_options(pargs.r.ret_str))
2951 : {
2952 0 : if(configname)
2953 0 : log_error(_("%s:%d: invalid keyserver options\n"),
2954 : configname,configlineno);
2955 : else
2956 0 : log_error(_("invalid keyserver options\n"));
2957 : }
2958 0 : break;
2959 : case oImportOptions:
2960 0 : if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
2961 : {
2962 0 : if(configname)
2963 0 : log_error(_("%s:%d: invalid import options\n"),
2964 : configname,configlineno);
2965 : else
2966 0 : log_error(_("invalid import options\n"));
2967 : }
2968 0 : break;
2969 : case oExportOptions:
2970 0 : if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
2971 : {
2972 0 : if(configname)
2973 0 : log_error(_("%s:%d: invalid export options\n"),
2974 : configname,configlineno);
2975 : else
2976 0 : log_error(_("invalid export options\n"));
2977 : }
2978 0 : break;
2979 : case oListOptions:
2980 0 : if(!parse_list_options(pargs.r.ret_str))
2981 : {
2982 0 : if(configname)
2983 0 : log_error(_("%s:%d: invalid list options\n"),
2984 : configname,configlineno);
2985 : else
2986 0 : log_error(_("invalid list options\n"));
2987 : }
2988 0 : break;
2989 : case oVerifyOptions:
2990 : {
2991 0 : struct parse_options vopts[]=
2992 : {
2993 : {"show-photos",VERIFY_SHOW_PHOTOS,NULL,
2994 : N_("display photo IDs during signature verification")},
2995 : {"show-policy-urls",VERIFY_SHOW_POLICY_URLS,NULL,
2996 : N_("show policy URLs during signature verification")},
2997 : {"show-notations",VERIFY_SHOW_NOTATIONS,NULL,
2998 : N_("show all notations during signature verification")},
2999 : {"show-std-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
3000 : N_("show IETF standard notations during signature verification")},
3001 : {"show-standard-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
3002 : NULL},
3003 : {"show-user-notations",VERIFY_SHOW_USER_NOTATIONS,NULL,
3004 : N_("show user-supplied notations during signature verification")},
3005 : {"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS,NULL,
3006 : N_("show preferred keyserver URLs during signature verification")},
3007 : {"show-uid-validity",VERIFY_SHOW_UID_VALIDITY,NULL,
3008 : N_("show user ID validity during signature verification")},
3009 : {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
3010 : N_("show revoked and expired user IDs in signature verification")},
3011 : {"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
3012 : N_("show only the primary user ID in signature verification")},
3013 : {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
3014 : N_("validate signatures with PKA data")},
3015 : {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
3016 : N_("elevate the trust of signatures with valid PKA data")},
3017 : {NULL,0,NULL,NULL}
3018 : };
3019 :
3020 0 : if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
3021 : {
3022 0 : if(configname)
3023 0 : log_error(_("%s:%d: invalid verify options\n"),
3024 : configname,configlineno);
3025 : else
3026 0 : log_error(_("invalid verify options\n"));
3027 : }
3028 : }
3029 0 : break;
3030 0 : case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
3031 : case oExecPath:
3032 0 : if(set_exec_path(pargs.r.ret_str))
3033 0 : log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
3034 : else
3035 0 : opt.exec_path_set=1;
3036 0 : break;
3037 : case oSetNotation:
3038 0 : add_notation_data( pargs.r.ret_str, 0 );
3039 0 : add_notation_data( pargs.r.ret_str, 1 );
3040 0 : break;
3041 0 : case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
3042 0 : case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
3043 : case oShowNotation:
3044 0 : deprecated_warning(configname,configlineno,"--show-notation",
3045 : "--list-options ","show-notations");
3046 0 : deprecated_warning(configname,configlineno,"--show-notation",
3047 : "--verify-options ","show-notations");
3048 0 : opt.list_options|=LIST_SHOW_NOTATIONS;
3049 0 : opt.verify_options|=VERIFY_SHOW_NOTATIONS;
3050 0 : break;
3051 : case oNoShowNotation:
3052 0 : deprecated_warning(configname,configlineno,"--no-show-notation",
3053 : "--list-options ","no-show-notations");
3054 0 : deprecated_warning(configname,configlineno,"--no-show-notation",
3055 : "--verify-options ","no-show-notations");
3056 0 : opt.list_options&=~LIST_SHOW_NOTATIONS;
3057 0 : opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
3058 0 : break;
3059 0 : case oUtf8Strings: utf8_strings = 1; break;
3060 0 : case oNoUtf8Strings: utf8_strings = 0; break;
3061 : case oDisableCipherAlgo:
3062 : {
3063 0 : int algo = string_to_cipher_algo (pargs.r.ret_str);
3064 0 : gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
3065 : }
3066 0 : break;
3067 : case oDisablePubkeyAlgo:
3068 : {
3069 0 : int algo = gcry_pk_map_name (pargs.r.ret_str);
3070 0 : gcry_pk_ctl (GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
3071 : }
3072 0 : break;
3073 0 : case oNoSigCache: opt.no_sig_cache = 1; break;
3074 4 : case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
3075 0 : case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
3076 0 : case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
3077 0 : case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
3078 0 : case oNoLiteral: opt.no_literal = 1; break;
3079 0 : case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
3080 0 : case oFastListMode: opt.fast_list_mode = 1; break;
3081 0 : case oFixedListMode: /* Dummy */ break;
3082 0 : case oLegacyListMode: opt.legacy_list_mode = 1; break;
3083 0 : case oPrintPKARecords: opt.print_pka_records = 1; break;
3084 0 : case oPrintDANERecords: opt.print_dane_records = 1; break;
3085 0 : case oListOnly: opt.list_only=1; break;
3086 0 : case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
3087 0 : case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
3088 0 : case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
3089 0 : case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
3090 0 : case oNoRandomSeedFile: use_random_seed = 0; break;
3091 : case oAutoKeyRetrieve:
3092 : case oNoAutoKeyRetrieve:
3093 0 : if(pargs.r_opt==oAutoKeyRetrieve)
3094 0 : opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
3095 : else
3096 0 : opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
3097 :
3098 0 : deprecated_warning(configname,configlineno,
3099 0 : pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve":
3100 : "--no-auto-key-retrieve","--keyserver-options ",
3101 0 : pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve":
3102 : "no-auto-key-retrieve");
3103 0 : break;
3104 0 : case oShowSessionKey: opt.show_session_key = 1; break;
3105 : case oOverrideSessionKey:
3106 0 : opt.override_session_key = pargs.r.ret_str;
3107 0 : break;
3108 : case oMergeOnly:
3109 0 : deprecated_warning(configname,configlineno,"--merge-only",
3110 : "--import-options ","merge-only");
3111 0 : opt.import_options|=IMPORT_MERGE_ONLY;
3112 0 : break;
3113 0 : case oAllowSecretKeyImport: /* obsolete */ break;
3114 0 : case oTryAllSecrets: opt.try_all_secrets = 1; break;
3115 0 : case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
3116 : case oEnableSpecialFilenames:
3117 0 : iobuf_enable_special_filenames (1);
3118 0 : break;
3119 0 : case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
3120 0 : case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
3121 1299 : case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
3122 0 : case oPreservePermissions: opt.preserve_permissions=1; break;
3123 : case oDefaultPreferenceList:
3124 0 : opt.def_preference_list = pargs.r.ret_str;
3125 0 : break;
3126 : case oDefaultKeyserverURL:
3127 : {
3128 : keyserver_spec_t keyserver;
3129 0 : keyserver = parse_keyserver_uri (pargs.r.ret_str,1 );
3130 0 : if (!keyserver)
3131 0 : log_error (_("could not parse keyserver URL\n"));
3132 : else
3133 0 : free_keyserver_spec (keyserver);
3134 :
3135 0 : opt.def_keyserver_url = pargs.r.ret_str;
3136 : }
3137 0 : break;
3138 : case oPersonalCipherPreferences:
3139 0 : pers_cipher_list=pargs.r.ret_str;
3140 0 : break;
3141 : case oPersonalDigestPreferences:
3142 0 : pers_digest_list=pargs.r.ret_str;
3143 0 : break;
3144 : case oPersonalCompressPreferences:
3145 0 : pers_compress_list=pargs.r.ret_str;
3146 0 : break;
3147 1299 : case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
3148 0 : case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
3149 : case oWeakDigest:
3150 0 : additional_weak_digest(pargs.r.ret_str);
3151 0 : break;
3152 : case oUnwrap:
3153 0 : opt.unwrap_encryption = 1;
3154 0 : break;
3155 :
3156 : case oDisplay:
3157 0 : set_opt_session_env ("DISPLAY", pargs.r.ret_str);
3158 0 : break;
3159 : case oTTYname:
3160 0 : set_opt_session_env ("GPG_TTY", pargs.r.ret_str);
3161 0 : break;
3162 : case oTTYtype:
3163 0 : set_opt_session_env ("TERM", pargs.r.ret_str);
3164 0 : break;
3165 : case oXauthority:
3166 0 : set_opt_session_env ("XAUTHORITY", pargs.r.ret_str);
3167 0 : break;
3168 :
3169 0 : case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
3170 0 : case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
3171 :
3172 0 : case oGroup: add_group(pargs.r.ret_str); break;
3173 0 : case oUnGroup: rm_group(pargs.r.ret_str); break;
3174 : case oNoGroups:
3175 0 : while(opt.grouplist)
3176 : {
3177 0 : struct groupitem *iter=opt.grouplist;
3178 0 : free_strlist(iter->values);
3179 0 : opt.grouplist=opt.grouplist->next;
3180 0 : xfree(iter);
3181 : }
3182 0 : break;
3183 :
3184 : case oStrict:
3185 : case oNoStrict:
3186 : /* Not used */
3187 0 : break;
3188 :
3189 0 : case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
3190 0 : case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
3191 0 : case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
3192 0 : case oMultifile: multifile=1; break;
3193 : case oKeyidFormat:
3194 0 : if(ascii_strcasecmp(pargs.r.ret_str,"short")==0)
3195 0 : opt.keyid_format=KF_SHORT;
3196 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"long")==0)
3197 0 : opt.keyid_format=KF_LONG;
3198 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"0xshort")==0)
3199 0 : opt.keyid_format=KF_0xSHORT;
3200 0 : else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
3201 0 : opt.keyid_format=KF_0xLONG;
3202 : else
3203 0 : log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
3204 0 : break;
3205 :
3206 : case oExitOnStatusWriteError:
3207 0 : opt.exit_on_status_write_error = 1;
3208 0 : break;
3209 :
3210 : case oLimitCardInsertTries:
3211 0 : opt.limit_card_insert_tries = pargs.r.ret_int;
3212 0 : break;
3213 :
3214 0 : case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
3215 0 : case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
3216 :
3217 : case oAutoKeyLocate:
3218 0 : if(!parse_auto_key_locate(pargs.r.ret_str))
3219 : {
3220 0 : if(configname)
3221 0 : log_error(_("%s:%d: invalid auto-key-locate list\n"),
3222 : configname,configlineno);
3223 : else
3224 0 : log_error(_("invalid auto-key-locate list\n"));
3225 : }
3226 0 : break;
3227 : case oNoAutoKeyLocate:
3228 0 : release_akl();
3229 0 : break;
3230 :
3231 : case oEnableLargeRSA:
3232 : #if SECMEM_BUFFER_SIZE >= 65536
3233 : opt.flags.large_rsa=1;
3234 : #else
3235 0 : if (configname)
3236 0 : log_info("%s:%d: WARNING: gpg not built with large secure "
3237 : "memory buffer. Ignoring enable-large-rsa\n",
3238 : configname,configlineno);
3239 : else
3240 0 : log_info("WARNING: gpg not built with large secure "
3241 : "memory buffer. Ignoring --enable-large-rsa\n");
3242 : #endif /* SECMEM_BUFFER_SIZE >= 65536 */
3243 0 : break;
3244 0 : case oDisableLargeRSA: opt.flags.large_rsa=0;
3245 0 : break;
3246 :
3247 0 : case oEnableDSA2: opt.flags.dsa2=1; break;
3248 0 : case oDisableDSA2: opt.flags.dsa2=0; break;
3249 :
3250 : case oAllowMultisigVerification:
3251 : case oAllowMultipleMessages:
3252 2 : opt.flags.allow_multiple_messages=1;
3253 2 : break;
3254 :
3255 : case oNoAllowMultipleMessages:
3256 0 : opt.flags.allow_multiple_messages=0;
3257 0 : break;
3258 :
3259 : case oAllowWeakDigestAlgos:
3260 1299 : opt.flags.allow_weak_digest_algos = 1;
3261 1299 : break;
3262 :
3263 : case oFakedSystemTime:
3264 : {
3265 0 : time_t faked_time = isotime2epoch (pargs.r.ret_str);
3266 0 : if (faked_time == (time_t)(-1))
3267 0 : faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
3268 0 : gnupg_set_time (faked_time, 0);
3269 : }
3270 0 : break;
3271 :
3272 0 : case oNoAutostart: opt.autostart = 0; break;
3273 :
3274 0 : case oNoop: break;
3275 :
3276 : default:
3277 0 : pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
3278 0 : break;
3279 : }
3280 : }
3281 :
3282 2575 : if (configfp)
3283 : {
3284 1299 : fclose( configfp );
3285 1299 : configfp = NULL;
3286 : /* Remember the first config file name. */
3287 1299 : if (!save_configname)
3288 1299 : save_configname = configname;
3289 : else
3290 0 : xfree(configname);
3291 1299 : configname = NULL;
3292 1299 : goto next_pass;
3293 : }
3294 1276 : xfree(configname); configname = NULL;
3295 1276 : if (log_get_errorcount (0))
3296 0 : g10_exit(2);
3297 :
3298 : /* The command --gpgconf-list is pretty simple and may be called
3299 : directly after the option parsing. */
3300 1276 : if (cmd == aGPGConfList)
3301 : {
3302 0 : gpgconf_list (save_configname ? save_configname : default_configname);
3303 0 : g10_exit (0);
3304 : }
3305 1276 : xfree (save_configname);
3306 1276 : xfree (default_configname);
3307 :
3308 1276 : if( nogreeting )
3309 1276 : greeting = 0;
3310 :
3311 1276 : if( greeting )
3312 : {
3313 0 : es_fprintf (es_stderr, "%s %s; %s\n",
3314 : strusage(11), strusage(13), strusage(14) );
3315 0 : es_fprintf (es_stderr, "%s\n", strusage(15) );
3316 : }
3317 : #ifdef IS_DEVELOPMENT_VERSION
3318 : if (!opt.batch)
3319 : {
3320 : const char *s;
3321 :
3322 : if((s=strusage(25)))
3323 : log_info("%s\n",s);
3324 : if((s=strusage(26)))
3325 : log_info("%s\n",s);
3326 : if((s=strusage(27)))
3327 : log_info("%s\n",s);
3328 : }
3329 : #endif
3330 :
3331 : /* FIXME: We should use logging to a file only in server mode;
3332 : however we have not yet implemetyed that. Thus we try to get
3333 : away with --batch as indication for logging to file
3334 : required. */
3335 1276 : if (logfile && opt.batch)
3336 : {
3337 0 : log_set_file (logfile);
3338 0 : log_set_prefix (NULL, 1|2|4);
3339 : }
3340 :
3341 1276 : if (opt.verbose > 2)
3342 0 : log_info ("using character set '%s'\n", get_native_charset ());
3343 :
3344 1276 : if( may_coredump && !opt.quiet )
3345 0 : log_info(_("WARNING: program may create a core file!\n"));
3346 :
3347 1276 : if (eyes_only) {
3348 0 : if (opt.set_filename)
3349 0 : log_info(_("WARNING: %s overrides %s\n"),
3350 : "--for-your-eyes-only","--set-filename");
3351 :
3352 0 : opt.set_filename="_CONSOLE";
3353 : }
3354 :
3355 1276 : if (opt.no_literal) {
3356 0 : log_info(_("Note: %s is not for normal use!\n"), "--no-literal");
3357 0 : if (opt.textmode)
3358 0 : log_error(_("%s not allowed with %s!\n"),
3359 : "--textmode", "--no-literal" );
3360 0 : if (opt.set_filename)
3361 0 : log_error(_("%s makes no sense with %s!\n"),
3362 : eyes_only?"--for-your-eyes-only":"--set-filename",
3363 : "--no-literal" );
3364 : }
3365 :
3366 :
3367 1276 : if (opt.set_filesize)
3368 0 : log_info(_("Note: %s is not for normal use!\n"), "--set-filesize");
3369 1276 : if( opt.batch )
3370 1276 : tty_batchmode( 1 );
3371 :
3372 1276 : if (gnupg_faked_time_p ())
3373 : {
3374 : gnupg_isotime_t tbuf;
3375 :
3376 0 : log_info (_("WARNING: running with faked system time: "));
3377 0 : gnupg_get_isotime (tbuf);
3378 0 : dump_isotime (tbuf);
3379 0 : log_printf ("\n");
3380 : }
3381 :
3382 : /* Print a warning if an argument looks like an option. */
3383 1276 : if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
3384 : {
3385 : int i;
3386 :
3387 2509 : for (i=0; i < argc; i++)
3388 1235 : if (argv[i][0] == '-' && argv[i][1] == '-')
3389 0 : log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
3390 : }
3391 :
3392 :
3393 1276 : gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
3394 :
3395 1276 : if(require_secmem && !got_secmem)
3396 : {
3397 0 : log_info(_("will not run with insecure memory due to %s\n"),
3398 : "--require-secmem");
3399 0 : g10_exit(2);
3400 : }
3401 :
3402 1276 : set_debug (debug_level);
3403 1276 : if (DBG_CLOCK)
3404 0 : log_clock ("start");
3405 :
3406 : /* Do these after the switch(), so they can override settings. */
3407 1276 : if(PGP6)
3408 : {
3409 : /* That does not anymore work becuase we have no more support
3410 : for v3 signatures. */
3411 0 : opt.disable_mdc=1;
3412 0 : opt.escape_from=1;
3413 0 : opt.ask_sig_expire=0;
3414 : }
3415 1276 : else if(PGP7)
3416 : {
3417 : /* That does not anymore work because we have no more support
3418 : for v3 signatures. */
3419 0 : opt.escape_from=1;
3420 0 : opt.ask_sig_expire=0;
3421 : }
3422 1276 : else if(PGP8)
3423 : {
3424 0 : opt.escape_from=1;
3425 : }
3426 :
3427 :
3428 1276 : if( def_cipher_string ) {
3429 363 : opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
3430 363 : xfree(def_cipher_string); def_cipher_string = NULL;
3431 363 : if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
3432 0 : log_error(_("selected cipher algorithm is invalid\n"));
3433 : }
3434 1276 : if( def_digest_string ) {
3435 16 : opt.def_digest_algo = string_to_digest_algo (def_digest_string);
3436 16 : xfree(def_digest_string); def_digest_string = NULL;
3437 16 : if ( openpgp_md_test_algo (opt.def_digest_algo) )
3438 0 : log_error(_("selected digest algorithm is invalid\n"));
3439 : }
3440 1276 : if( compress_algo_string ) {
3441 0 : opt.compress_algo = string_to_compress_algo(compress_algo_string);
3442 0 : xfree(compress_algo_string); compress_algo_string = NULL;
3443 0 : if( check_compress_algo(opt.compress_algo) )
3444 0 : log_error(_("selected compression algorithm is invalid\n"));
3445 : }
3446 1276 : if( cert_digest_string ) {
3447 0 : opt.cert_digest_algo = string_to_digest_algo (cert_digest_string);
3448 0 : xfree(cert_digest_string); cert_digest_string = NULL;
3449 0 : if (openpgp_md_test_algo(opt.cert_digest_algo))
3450 0 : log_error(_("selected certification digest algorithm is invalid\n"));
3451 : }
3452 1276 : if( s2k_cipher_string ) {
3453 0 : opt.s2k_cipher_algo = string_to_cipher_algo (s2k_cipher_string);
3454 0 : xfree(s2k_cipher_string); s2k_cipher_string = NULL;
3455 0 : if (openpgp_cipher_test_algo (opt.s2k_cipher_algo))
3456 0 : log_error(_("selected cipher algorithm is invalid\n"));
3457 : }
3458 1276 : if( s2k_digest_string ) {
3459 0 : opt.s2k_digest_algo = string_to_digest_algo (s2k_digest_string);
3460 0 : xfree(s2k_digest_string); s2k_digest_string = NULL;
3461 0 : if (openpgp_md_test_algo(opt.s2k_digest_algo))
3462 0 : log_error(_("selected digest algorithm is invalid\n"));
3463 : }
3464 1276 : if( opt.completes_needed < 1 )
3465 0 : log_error(_("completes-needed must be greater than 0\n"));
3466 1276 : if( opt.marginals_needed < 2 )
3467 0 : log_error(_("marginals-needed must be greater than 1\n"));
3468 1276 : if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
3469 0 : log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
3470 1276 : if(opt.def_cert_level<0 || opt.def_cert_level>3)
3471 0 : log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
3472 1276 : if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
3473 0 : log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
3474 1276 : switch( opt.s2k_mode ) {
3475 : case 0:
3476 0 : log_info(_("Note: simple S2K mode (0) is strongly discouraged\n"));
3477 0 : break;
3478 1276 : case 1: case 3: break;
3479 : default:
3480 0 : log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
3481 : }
3482 :
3483 : /* This isn't actually needed, but does serve to error out if the
3484 : string is invalid. */
3485 1276 : if(opt.def_preference_list &&
3486 0 : keygen_set_std_prefs(opt.def_preference_list,0))
3487 0 : log_error(_("invalid default preferences\n"));
3488 :
3489 1276 : if(pers_cipher_list &&
3490 0 : keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
3491 0 : log_error(_("invalid personal cipher preferences\n"));
3492 :
3493 1276 : if(pers_digest_list &&
3494 0 : keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
3495 0 : log_error(_("invalid personal digest preferences\n"));
3496 :
3497 1276 : if(pers_compress_list &&
3498 0 : keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
3499 0 : log_error(_("invalid personal compress preferences\n"));
3500 :
3501 : /* We don't support all possible commands with multifile yet */
3502 1276 : if(multifile)
3503 : {
3504 : char *cmdname;
3505 :
3506 0 : switch(cmd)
3507 : {
3508 : case aSign:
3509 0 : cmdname="--sign";
3510 0 : break;
3511 : case aSignEncr:
3512 0 : cmdname="--sign --encrypt";
3513 0 : break;
3514 : case aClearsign:
3515 0 : cmdname="--clearsign";
3516 0 : break;
3517 : case aDetachedSign:
3518 0 : cmdname="--detach-sign";
3519 0 : break;
3520 : case aSym:
3521 0 : cmdname="--symmetric";
3522 0 : break;
3523 : case aEncrSym:
3524 0 : cmdname="--symmetric --encrypt";
3525 0 : break;
3526 : case aStore:
3527 0 : cmdname="--store";
3528 0 : break;
3529 : default:
3530 0 : cmdname=NULL;
3531 0 : break;
3532 : }
3533 :
3534 0 : if(cmdname)
3535 0 : log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
3536 : }
3537 :
3538 1276 : if( log_get_errorcount(0) )
3539 0 : g10_exit(2);
3540 :
3541 1276 : if(opt.compress_level==0)
3542 0 : opt.compress_algo=COMPRESS_ALGO_NONE;
3543 :
3544 : /* Check our chosen algorithms against the list of legal
3545 : algorithms. */
3546 :
3547 1276 : if(!GNUPG)
3548 : {
3549 0 : const char *badalg=NULL;
3550 0 : preftype_t badtype=PREFTYPE_NONE;
3551 :
3552 0 : if(opt.def_cipher_algo
3553 0 : && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
3554 : {
3555 0 : badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
3556 0 : badtype = PREFTYPE_SYM;
3557 : }
3558 0 : else if(opt.def_digest_algo
3559 0 : && !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
3560 : {
3561 0 : badalg = gcry_md_algo_name (opt.def_digest_algo);
3562 0 : badtype = PREFTYPE_HASH;
3563 : }
3564 0 : else if(opt.cert_digest_algo
3565 0 : && !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
3566 : {
3567 0 : badalg = gcry_md_algo_name (opt.cert_digest_algo);
3568 0 : badtype = PREFTYPE_HASH;
3569 : }
3570 0 : else if(opt.compress_algo!=-1
3571 0 : && !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
3572 : {
3573 0 : badalg = compress_algo_to_string(opt.compress_algo);
3574 0 : badtype = PREFTYPE_ZIP;
3575 : }
3576 :
3577 0 : if(badalg)
3578 : {
3579 0 : switch(badtype)
3580 : {
3581 : case PREFTYPE_SYM:
3582 0 : log_info(_("you may not use cipher algorithm '%s'"
3583 : " while in %s mode\n"),
3584 : badalg,compliance_option_string());
3585 0 : break;
3586 : case PREFTYPE_HASH:
3587 0 : log_info(_("you may not use digest algorithm '%s'"
3588 : " while in %s mode\n"),
3589 : badalg,compliance_option_string());
3590 0 : break;
3591 : case PREFTYPE_ZIP:
3592 0 : log_info(_("you may not use compression algorithm '%s'"
3593 : " while in %s mode\n"),
3594 : badalg,compliance_option_string());
3595 0 : break;
3596 : default:
3597 0 : BUG();
3598 : }
3599 :
3600 0 : compliance_failure();
3601 : }
3602 : }
3603 :
3604 : /* Set the random seed file. */
3605 1276 : if( use_random_seed ) {
3606 1276 : char *p = make_filename(opt.homedir, "random_seed", NULL );
3607 1276 : gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
3608 1276 : if (!access (p, F_OK))
3609 1276 : register_secured_file (p);
3610 1276 : xfree(p);
3611 : }
3612 :
3613 : /* If there is no command but the --fingerprint is given, default
3614 : to the --list-keys command. */
3615 1276 : if (!cmd && fpr_maybe_cmd)
3616 : {
3617 0 : set_cmd (&cmd, aListKeys);
3618 : }
3619 :
3620 :
3621 1276 : if( opt.verbose > 1 )
3622 0 : set_packet_list_mode(1);
3623 :
3624 : /* Add the keyrings, but not for some special commands.
3625 : We always need to add the keyrings if we are running under
3626 : SELinux, this is so that the rings are added to the list of
3627 : secured files. */
3628 1276 : if( ALWAYS_ADD_KEYRINGS
3629 2532 : || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
3630 : {
3631 1256 : if (!nrings || default_keyring) /* Add default ring. */
3632 1256 : keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
3633 : KEYDB_RESOURCE_FLAG_DEFAULT);
3634 1256 : for (sl = nrings; sl; sl = sl->next )
3635 0 : keydb_add_resource (sl->d, sl->flags);
3636 : }
3637 1276 : FREE_STRLIST(nrings);
3638 :
3639 1276 : if (opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
3640 : /* In loopback mode, never ask for the password multiple
3641 : times. */
3642 : {
3643 0 : opt.passphrase_repeat = 0;
3644 : }
3645 :
3646 1276 : if (cmd == aGPGConfTest)
3647 0 : g10_exit(0);
3648 :
3649 :
3650 1276 : if( pwfd != -1 ) /* Read the passphrase now. */
3651 493 : read_passphrase_from_fd( pwfd );
3652 :
3653 1276 : fname = argc? *argv : NULL;
3654 :
3655 1276 : if(fname && utf8_strings)
3656 0 : opt.flags.utf8_filename=1;
3657 :
3658 1276 : ctrl = xcalloc (1, sizeof *ctrl);
3659 1276 : gpg_init_default_ctrl (ctrl);
3660 :
3661 : #ifndef NO_TRUST_MODELS
3662 1276 : switch (cmd)
3663 : {
3664 : case aPrimegen:
3665 : case aPrintMD:
3666 : case aPrintMDs:
3667 : case aGenRandom:
3668 : case aDeArmor:
3669 : case aEnArmor:
3670 23 : break;
3671 : case aFixTrustDB:
3672 : case aExportOwnerTrust:
3673 0 : rc = setup_trustdb (0, trustdb_name);
3674 0 : break;
3675 : case aListTrustDB:
3676 0 : rc = setup_trustdb (argc? 1:0, trustdb_name);
3677 0 : break;
3678 : default:
3679 : /* If we are using TM_ALWAYS, we do not need to create the
3680 : trustdb. */
3681 1253 : rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
3682 1253 : break;
3683 : }
3684 1276 : if (rc)
3685 0 : log_error (_("failed to initialize the TrustDB: %s\n"),
3686 : gpg_strerror (rc));
3687 : #endif /*!NO_TRUST_MODELS*/
3688 :
3689 1276 : switch (cmd)
3690 : {
3691 : case aStore:
3692 : case aSym:
3693 : case aSign:
3694 : case aSignSym:
3695 : case aClearsign:
3696 300 : if (!opt.quiet && any_explicit_recipient)
3697 0 : log_info (_("WARNING: recipients (-r) given "
3698 : "without using public key encryption\n"));
3699 300 : break;
3700 : default:
3701 976 : break;
3702 : }
3703 :
3704 :
3705 : /* Check for certain command whether we need to migrate a
3706 : secring.gpg to the gpg-agent. */
3707 1276 : switch (cmd)
3708 : {
3709 : case aListSecretKeys:
3710 : case aSign:
3711 : case aSignEncr:
3712 : case aSignEncrSym:
3713 : case aSignSym:
3714 : case aClearsign:
3715 : case aDecrypt:
3716 : case aSignKey:
3717 : case aLSignKey:
3718 : case aEditKey:
3719 : case aPasswd:
3720 : case aDeleteSecretKeys:
3721 : case aDeleteSecretAndPublicKeys:
3722 : case aQuickKeygen:
3723 : case aQuickAddUid:
3724 : case aFullKeygen:
3725 : case aKeygen:
3726 : case aImport:
3727 : case aExportSecret:
3728 : case aExportSecretSub:
3729 : case aGenRevoke:
3730 : case aDesigRevoke:
3731 : case aCardEdit:
3732 : case aChangePIN:
3733 136 : migrate_secring (ctrl);
3734 136 : break;
3735 : case aListKeys:
3736 87 : if (opt.with_secret)
3737 0 : migrate_secring (ctrl);
3738 87 : break;
3739 : default:
3740 1053 : break;
3741 : }
3742 :
3743 1276 : if (opt.encrypt_to_default_key)
3744 : {
3745 0 : const char *default_key = parse_def_secret_key (ctrl);
3746 0 : if (default_key)
3747 : {
3748 0 : sl = add_to_strlist2 (&remusr, default_key, utf8_strings);
3749 0 : sl->flags = 1;
3750 : }
3751 0 : else if (opt.def_secret_key)
3752 0 : log_info (_("--encrypt-to-default-key specified, but no valid default keys specified.\n"));
3753 : else
3754 0 : log_info (_("--encrypt-to-default-key specified, but --default-key not specified.\n"));
3755 : }
3756 :
3757 : /* The command dispatcher. */
3758 1276 : switch( cmd )
3759 : {
3760 : case aServer:
3761 0 : gpg_server (ctrl);
3762 0 : break;
3763 :
3764 : case aStore: /* only store the file */
3765 0 : if( argc > 1 )
3766 0 : wrong_args(_("--store [filename]"));
3767 0 : if( (rc = encrypt_store(fname)) )
3768 : {
3769 0 : write_status_failure ("store", rc);
3770 0 : log_error ("storing '%s' failed: %s\n",
3771 : print_fname_stdin(fname),gpg_strerror (rc) );
3772 : }
3773 0 : break;
3774 : case aSym: /* encrypt the given file only with the symmetric cipher */
3775 211 : if( argc > 1 )
3776 0 : wrong_args(_("--symmetric [filename]"));
3777 211 : if( (rc = encrypt_symmetric(fname)) )
3778 : {
3779 0 : write_status_failure ("symencrypt", rc);
3780 0 : log_error (_("symmetric encryption of '%s' failed: %s\n"),
3781 : print_fname_stdin(fname),gpg_strerror (rc) );
3782 : }
3783 211 : break;
3784 :
3785 : case aEncr: /* encrypt the given file */
3786 210 : if(multifile)
3787 0 : encrypt_crypt_files (ctrl, argc, argv, remusr);
3788 : else
3789 : {
3790 210 : if( argc > 1 )
3791 0 : wrong_args(_("--encrypt [filename]"));
3792 210 : if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 0, NULL, -1)) )
3793 : {
3794 0 : write_status_failure ("encrypt", rc);
3795 0 : log_error("%s: encryption failed: %s\n",
3796 : print_fname_stdin(fname), gpg_strerror (rc) );
3797 : }
3798 : }
3799 210 : break;
3800 :
3801 : case aEncrSym:
3802 : /* This works with PGP 8 in the sense that it acts just like a
3803 : symmetric message. It doesn't work at all with 2 or 6. It
3804 : might work with 7, but alas, I don't have a copy to test
3805 : with right now. */
3806 0 : if( argc > 1 )
3807 0 : wrong_args(_("--symmetric --encrypt [filename]"));
3808 0 : else if(opt.s2k_mode==0)
3809 0 : log_error(_("you cannot use --symmetric --encrypt"
3810 : " with --s2k-mode 0\n"));
3811 0 : else if(PGP6 || PGP7)
3812 0 : log_error(_("you cannot use --symmetric --encrypt"
3813 : " while in %s mode\n"),compliance_option_string());
3814 : else
3815 : {
3816 0 : if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 1, NULL, -1)) )
3817 : {
3818 0 : write_status_failure ("encrypt", rc);
3819 0 : log_error ("%s: encryption failed: %s\n",
3820 : print_fname_stdin(fname), gpg_strerror (rc) );
3821 : }
3822 : }
3823 0 : break;
3824 :
3825 : case aSign: /* sign the given file */
3826 72 : sl = NULL;
3827 72 : if( detached_sig ) { /* sign all files */
3828 44 : for( ; argc; argc--, argv++ )
3829 28 : add_to_strlist( &sl, *argv );
3830 : }
3831 : else {
3832 56 : if( argc > 1 )
3833 0 : wrong_args(_("--sign [filename]"));
3834 56 : if( argc ) {
3835 56 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
3836 56 : strcpy(sl->d, fname);
3837 : }
3838 : }
3839 72 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 0, NULL, NULL)))
3840 : {
3841 0 : write_status_failure ("sign", rc);
3842 0 : log_error ("signing failed: %s\n", gpg_strerror (rc) );
3843 : }
3844 72 : free_strlist(sl);
3845 72 : break;
3846 :
3847 : case aSignEncr: /* sign and encrypt the given file */
3848 26 : if( argc > 1 )
3849 0 : wrong_args(_("--sign --encrypt [filename]"));
3850 26 : if( argc ) {
3851 26 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
3852 26 : strcpy(sl->d, fname);
3853 : }
3854 : else
3855 0 : sl = NULL;
3856 26 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 1, remusr, NULL)))
3857 : {
3858 0 : write_status_failure ("sign-encrypt", rc);
3859 0 : log_error("%s: sign+encrypt failed: %s\n",
3860 : print_fname_stdin(fname), gpg_strerror (rc) );
3861 : }
3862 26 : free_strlist(sl);
3863 26 : break;
3864 :
3865 : case aSignEncrSym: /* sign and encrypt the given file */
3866 0 : if( argc > 1 )
3867 0 : wrong_args(_("--symmetric --sign --encrypt [filename]"));
3868 0 : else if(opt.s2k_mode==0)
3869 0 : log_error(_("you cannot use --symmetric --sign --encrypt"
3870 : " with --s2k-mode 0\n"));
3871 0 : else if(PGP6 || PGP7)
3872 0 : log_error(_("you cannot use --symmetric --sign --encrypt"
3873 : " while in %s mode\n"),compliance_option_string());
3874 : else
3875 : {
3876 0 : if( argc )
3877 : {
3878 0 : sl = xmalloc_clear( sizeof *sl + strlen(fname));
3879 0 : strcpy(sl->d, fname);
3880 : }
3881 : else
3882 0 : sl = NULL;
3883 0 : if ((rc = sign_file (ctrl, sl, detached_sig, locusr,
3884 : 2, remusr, NULL)))
3885 : {
3886 0 : write_status_failure ("sign-encrypt", rc);
3887 0 : log_error("%s: symmetric+sign+encrypt failed: %s\n",
3888 : print_fname_stdin(fname), gpg_strerror (rc) );
3889 : }
3890 0 : free_strlist(sl);
3891 : }
3892 0 : break;
3893 :
3894 : case aSignSym: /* sign and conventionally encrypt the given file */
3895 7 : if (argc > 1)
3896 0 : wrong_args(_("--sign --symmetric [filename]"));
3897 7 : rc = sign_symencrypt_file (ctrl, fname, locusr);
3898 7 : if (rc)
3899 : {
3900 0 : write_status_failure ("sign-symencrypt", rc);
3901 0 : log_error("%s: sign+symmetric failed: %s\n",
3902 : print_fname_stdin(fname), gpg_strerror (rc) );
3903 : }
3904 7 : break;
3905 :
3906 : case aClearsign: /* make a clearsig */
3907 10 : if( argc > 1 )
3908 0 : wrong_args(_("--clearsign [filename]"));
3909 10 : if( (rc = clearsign_file (ctrl, fname, locusr, NULL)) )
3910 : {
3911 0 : write_status_failure ("sign", rc);
3912 0 : log_error("%s: clearsign failed: %s\n",
3913 : print_fname_stdin(fname), gpg_strerror (rc) );
3914 : }
3915 10 : break;
3916 :
3917 : case aVerify:
3918 42 : rc = 0;
3919 42 : if (multifile)
3920 : {
3921 0 : if ((rc = verify_files (ctrl, argc, argv)))
3922 0 : log_error("verify files failed: %s\n", gpg_strerror (rc) );
3923 : }
3924 : else
3925 : {
3926 42 : if ((rc = verify_signatures (ctrl, argc, argv)))
3927 0 : log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
3928 : }
3929 38 : if (rc)
3930 0 : write_status_failure ("verify", rc);
3931 38 : break;
3932 :
3933 : case aDecrypt:
3934 0 : if (multifile)
3935 0 : decrypt_messages (ctrl, argc, argv);
3936 : else
3937 : {
3938 0 : if( argc > 1 )
3939 0 : wrong_args(_("--decrypt [filename]"));
3940 0 : if( (rc = decrypt_message (ctrl, fname) ))
3941 : {
3942 0 : write_status_failure ("decrypt", rc);
3943 0 : log_error("decrypt_message failed: %s\n", gpg_strerror (rc) );
3944 : }
3945 : }
3946 0 : break;
3947 :
3948 : case aQuickSignKey:
3949 : case aQuickLSignKey:
3950 : {
3951 : const char *fpr;
3952 :
3953 0 : if (argc < 1)
3954 0 : wrong_args ("--quick-[l]sign-key fingerprint [userids]");
3955 0 : fpr = *argv++; argc--;
3956 0 : sl = NULL;
3957 0 : for( ; argc; argc--, argv++)
3958 0 : append_to_strlist2 (&sl, *argv, utf8_strings);
3959 0 : keyedit_quick_sign (ctrl, fpr, sl, locusr, (cmd == aQuickLSignKey));
3960 0 : free_strlist (sl);
3961 : }
3962 0 : break;
3963 :
3964 : case aSignKey:
3965 0 : if( argc != 1 )
3966 0 : wrong_args(_("--sign-key user-id"));
3967 : /* fall through */
3968 : case aLSignKey:
3969 0 : if( argc != 1 )
3970 0 : wrong_args(_("--lsign-key user-id"));
3971 : /* fall through */
3972 :
3973 0 : sl=NULL;
3974 :
3975 0 : if(cmd==aSignKey)
3976 0 : append_to_strlist(&sl,"sign");
3977 0 : else if(cmd==aLSignKey)
3978 0 : append_to_strlist(&sl,"lsign");
3979 : else
3980 0 : BUG();
3981 :
3982 0 : append_to_strlist( &sl, "save" );
3983 0 : username = make_username( fname );
3984 0 : keyedit_menu (ctrl, username, locusr, sl, 0, 0 );
3985 0 : xfree(username);
3986 0 : free_strlist(sl);
3987 0 : break;
3988 :
3989 : case aEditKey: /* Edit a key signature */
3990 0 : if( !argc )
3991 0 : wrong_args(_("--edit-key user-id [commands]"));
3992 0 : username = make_username( fname );
3993 0 : if( argc > 1 ) {
3994 0 : sl = NULL;
3995 0 : for( argc--, argv++ ; argc; argc--, argv++ )
3996 0 : append_to_strlist( &sl, *argv );
3997 0 : keyedit_menu (ctrl, username, locusr, sl, 0, 1 );
3998 0 : free_strlist(sl);
3999 : }
4000 : else
4001 0 : keyedit_menu (ctrl, username, locusr, NULL, 0, 1 );
4002 0 : xfree(username);
4003 0 : break;
4004 :
4005 : case aPasswd:
4006 0 : if (argc != 1)
4007 0 : wrong_args (_("--passwd <user-id>"));
4008 : else
4009 : {
4010 0 : username = make_username (fname);
4011 0 : keyedit_passwd (ctrl, username);
4012 0 : xfree (username);
4013 : }
4014 0 : break;
4015 :
4016 : case aDeleteKeys:
4017 : case aDeleteSecretKeys:
4018 : case aDeleteSecretAndPublicKeys:
4019 8 : sl = NULL;
4020 : /* I'm adding these in reverse order as add_to_strlist2
4021 : reverses them again, and it's easier to understand in the
4022 : proper order :) */
4023 17 : for( ; argc; argc-- )
4024 9 : add_to_strlist2( &sl, argv[argc-1], utf8_strings );
4025 8 : delete_keys(sl,cmd==aDeleteSecretKeys,cmd==aDeleteSecretAndPublicKeys);
4026 8 : free_strlist(sl);
4027 8 : break;
4028 :
4029 : case aCheckKeys:
4030 0 : opt.check_sigs = 1;
4031 : case aListSigs:
4032 0 : opt.list_sigs = 1;
4033 : case aListKeys:
4034 87 : sl = NULL;
4035 175 : for( ; argc; argc--, argv++ )
4036 88 : add_to_strlist2( &sl, *argv, utf8_strings );
4037 87 : public_key_list (ctrl, sl, 0);
4038 87 : free_strlist(sl);
4039 87 : break;
4040 : case aListSecretKeys:
4041 0 : sl = NULL;
4042 0 : for( ; argc; argc--, argv++ )
4043 0 : add_to_strlist2( &sl, *argv, utf8_strings );
4044 0 : secret_key_list (ctrl, sl);
4045 0 : free_strlist(sl);
4046 0 : break;
4047 : case aLocateKeys:
4048 0 : sl = NULL;
4049 0 : for (; argc; argc--, argv++)
4050 0 : add_to_strlist2( &sl, *argv, utf8_strings );
4051 0 : public_key_list (ctrl, sl, 1);
4052 0 : free_strlist (sl);
4053 0 : break;
4054 :
4055 : case aQuickKeygen:
4056 0 : if (argc != 1 )
4057 0 : wrong_args("--gen-key user-id");
4058 0 : username = make_username (fname);
4059 0 : quick_generate_keypair (ctrl, username);
4060 0 : xfree (username);
4061 0 : break;
4062 :
4063 : case aKeygen: /* generate a key */
4064 2 : if( opt.batch ) {
4065 2 : if( argc > 1 )
4066 0 : wrong_args("--gen-key [parameterfile]");
4067 2 : generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
4068 : }
4069 : else {
4070 0 : if (opt.command_fd != -1 && argc)
4071 : {
4072 0 : if( argc > 1 )
4073 0 : wrong_args("--gen-key [parameterfile]");
4074 :
4075 0 : opt.batch = 1;
4076 0 : generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
4077 : }
4078 0 : else if (argc)
4079 0 : wrong_args ("--gen-key");
4080 : else
4081 0 : generate_keypair (ctrl, 0, NULL, NULL, 0);
4082 : }
4083 2 : break;
4084 :
4085 : case aFullKeygen: /* Generate a key with all options. */
4086 0 : if (opt.batch)
4087 : {
4088 0 : if (argc > 1)
4089 0 : wrong_args ("--full-gen-key [parameterfile]");
4090 0 : generate_keypair (ctrl, 1, argc? *argv : NULL, NULL, 0);
4091 : }
4092 : else
4093 : {
4094 0 : if (argc)
4095 0 : wrong_args("--full-gen-key");
4096 0 : generate_keypair (ctrl, 1, NULL, NULL, 0);
4097 : }
4098 0 : break;
4099 :
4100 : case aQuickAddUid:
4101 : {
4102 : const char *uid, *newuid;
4103 :
4104 0 : if (argc != 2)
4105 0 : wrong_args ("--quick-adduid USER-ID NEW-USER-ID");
4106 0 : uid = *argv++; argc--;
4107 0 : newuid = *argv++; argc--;
4108 0 : keyedit_quick_adduid (ctrl, uid, newuid);
4109 : }
4110 0 : break;
4111 :
4112 : case aFastImport:
4113 0 : opt.import_options |= IMPORT_FAST;
4114 : case aImport:
4115 19 : import_keys (ctrl, argc? argv:NULL, argc, NULL, opt.import_options);
4116 19 : break;
4117 :
4118 : /* TODO: There are a number of command that use this same
4119 : "make strlist, call function, report error, free strlist"
4120 : pattern. Join them together here and avoid all that
4121 : duplicated code. */
4122 :
4123 : case aExport:
4124 : case aSendKeys:
4125 : case aRecvKeys:
4126 0 : sl = NULL;
4127 0 : for( ; argc; argc--, argv++ )
4128 0 : append_to_strlist2( &sl, *argv, utf8_strings );
4129 0 : if( cmd == aSendKeys )
4130 0 : rc = keyserver_export (ctrl, sl );
4131 0 : else if( cmd == aRecvKeys )
4132 0 : rc = keyserver_import (ctrl, sl );
4133 : else
4134 0 : rc = export_pubkeys (ctrl, sl, opt.export_options);
4135 0 : if(rc)
4136 : {
4137 0 : if(cmd==aSendKeys)
4138 : {
4139 0 : write_status_failure ("send-keys", rc);
4140 0 : log_error(_("keyserver send failed: %s\n"),gpg_strerror (rc));
4141 : }
4142 0 : else if(cmd==aRecvKeys)
4143 : {
4144 0 : write_status_failure ("recv-keys", rc);
4145 0 : log_error (_("keyserver receive failed: %s\n"),
4146 : gpg_strerror (rc));
4147 : }
4148 : else
4149 : {
4150 0 : write_status_failure ("export", rc);
4151 0 : log_error (_("key export failed: %s\n"), gpg_strerror (rc));
4152 : }
4153 : }
4154 0 : free_strlist(sl);
4155 0 : break;
4156 :
4157 : case aSearchKeys:
4158 0 : sl = NULL;
4159 0 : for (; argc; argc--, argv++)
4160 0 : append_to_strlist2 (&sl, *argv, utf8_strings);
4161 0 : rc = keyserver_search (ctrl, sl);
4162 0 : if (rc)
4163 : {
4164 0 : write_status_failure ("search-keys", rc);
4165 0 : log_error (_("keyserver search failed: %s\n"), gpg_strerror (rc));
4166 : }
4167 0 : free_strlist (sl);
4168 0 : break;
4169 :
4170 : case aRefreshKeys:
4171 0 : sl = NULL;
4172 0 : for( ; argc; argc--, argv++ )
4173 0 : append_to_strlist2( &sl, *argv, utf8_strings );
4174 0 : rc = keyserver_refresh (ctrl, sl);
4175 0 : if(rc)
4176 : {
4177 0 : write_status_failure ("refresh-keys", rc);
4178 0 : log_error (_("keyserver refresh failed: %s\n"),gpg_strerror (rc));
4179 : }
4180 0 : free_strlist(sl);
4181 0 : break;
4182 :
4183 : case aFetchKeys:
4184 0 : sl = NULL;
4185 0 : for( ; argc; argc--, argv++ )
4186 0 : append_to_strlist2( &sl, *argv, utf8_strings );
4187 0 : rc = keyserver_fetch (ctrl, sl);
4188 0 : if(rc)
4189 : {
4190 0 : write_status_failure ("fetch-keys", rc);
4191 0 : log_error ("key fetch failed: %s\n",gpg_strerror (rc));
4192 : }
4193 0 : free_strlist(sl);
4194 0 : break;
4195 :
4196 : case aExportSecret:
4197 0 : sl = NULL;
4198 0 : for( ; argc; argc--, argv++ )
4199 0 : add_to_strlist2( &sl, *argv, utf8_strings );
4200 0 : export_seckeys (ctrl, sl);
4201 0 : free_strlist(sl);
4202 0 : break;
4203 :
4204 : case aExportSecretSub:
4205 0 : sl = NULL;
4206 0 : for( ; argc; argc--, argv++ )
4207 0 : add_to_strlist2( &sl, *argv, utf8_strings );
4208 0 : export_secsubkeys (ctrl, sl);
4209 0 : free_strlist(sl);
4210 0 : break;
4211 :
4212 : case aGenRevoke:
4213 0 : if( argc != 1 )
4214 0 : wrong_args("--gen-revoke user-id");
4215 0 : username = make_username(*argv);
4216 0 : gen_revoke( username );
4217 0 : xfree( username );
4218 0 : break;
4219 :
4220 : case aDesigRevoke:
4221 0 : if (argc != 1)
4222 0 : wrong_args ("--desig-revoke user-id");
4223 0 : username = make_username (*argv);
4224 0 : gen_desig_revoke (ctrl, username, locusr);
4225 0 : xfree (username);
4226 0 : break;
4227 :
4228 : case aDeArmor:
4229 20 : if( argc > 1 )
4230 0 : wrong_args("--dearmor [file]");
4231 20 : rc = dearmor_file( argc? *argv: NULL );
4232 20 : if( rc )
4233 : {
4234 0 : write_status_failure ("dearmor", rc);
4235 0 : log_error (_("dearmoring failed: %s\n"), gpg_strerror (rc));
4236 : }
4237 20 : break;
4238 :
4239 : case aEnArmor:
4240 0 : if( argc > 1 )
4241 0 : wrong_args("--enarmor [file]");
4242 0 : rc = enarmor_file( argc? *argv: NULL );
4243 0 : if( rc )
4244 : {
4245 0 : write_status_failure ("enarmor", rc);
4246 0 : log_error (_("enarmoring failed: %s\n"), gpg_strerror (rc));
4247 : }
4248 0 : break;
4249 :
4250 :
4251 : case aPrimegen:
4252 : #if 0 /*FIXME*/
4253 : { int mode = argc < 2 ? 0 : atoi(*argv);
4254 :
4255 : if( mode == 1 && argc == 2 ) {
4256 : mpi_print (es_stdout,
4257 : generate_public_prime( atoi(argv[1]) ), 1);
4258 : }
4259 : else if( mode == 2 && argc == 3 ) {
4260 : mpi_print (es_stdout, generate_elg_prime(
4261 : 0, atoi(argv[1]),
4262 : atoi(argv[2]), NULL,NULL ), 1);
4263 : }
4264 : else if( mode == 3 && argc == 3 ) {
4265 : MPI *factors;
4266 : mpi_print (es_stdout, generate_elg_prime(
4267 : 1, atoi(argv[1]),
4268 : atoi(argv[2]), NULL,&factors ), 1);
4269 : es_putc ('\n', es_stdout);
4270 : mpi_print (es_stdout, factors[0], 1 ); /* print q */
4271 : }
4272 : else if( mode == 4 && argc == 3 ) {
4273 : MPI g = mpi_alloc(1);
4274 : mpi_print (es_stdout, generate_elg_prime(
4275 : 0, atoi(argv[1]),
4276 : atoi(argv[2]), g, NULL ), 1);
4277 : es_putc ('\n', es_stdout);
4278 : mpi_print (es_stdout, g, 1 );
4279 : mpi_free (g);
4280 : }
4281 : else
4282 : wrong_args("--gen-prime mode bits [qbits] ");
4283 : es_putc ('\n', es_stdout);
4284 : }
4285 : #endif
4286 0 : wrong_args("--gen-prime not yet supported ");
4287 0 : break;
4288 :
4289 : case aGenRandom:
4290 : {
4291 0 : int level = argc ? atoi(*argv):0;
4292 0 : int count = argc > 1 ? atoi(argv[1]): 0;
4293 0 : int endless = !count;
4294 :
4295 0 : if( argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0 )
4296 0 : wrong_args("--gen-random 0|1|2 [count]");
4297 :
4298 0 : while( endless || count ) {
4299 : byte *p;
4300 : /* Wee need a multiple of 3, so that in case of
4301 : armored output we get a correct string. No
4302 : linefolding is done, as it is best to levae this to
4303 : other tools */
4304 0 : size_t n = !endless && count < 99? count : 99;
4305 :
4306 0 : p = gcry_random_bytes (n, level);
4307 : #ifdef HAVE_DOSISH_SYSTEM
4308 : setmode ( fileno(stdout), O_BINARY );
4309 : #endif
4310 0 : if (opt.armor) {
4311 0 : char *tmp = make_radix64_string (p, n);
4312 0 : es_fputs (tmp, es_stdout);
4313 0 : xfree (tmp);
4314 0 : if (n%3 == 1)
4315 0 : es_putc ('=', es_stdout);
4316 0 : if (n%3)
4317 0 : es_putc ('=', es_stdout);
4318 : } else {
4319 0 : es_fwrite( p, n, 1, es_stdout );
4320 : }
4321 0 : xfree(p);
4322 0 : if( !endless )
4323 0 : count -= n;
4324 : }
4325 0 : if (opt.armor)
4326 0 : es_putc ('\n', es_stdout);
4327 : }
4328 0 : break;
4329 :
4330 : case aPrintMD:
4331 1 : if( argc < 1)
4332 0 : wrong_args("--print-md algo [files]");
4333 : {
4334 1 : int all_algos = (**argv=='*' && !(*argv)[1]);
4335 1 : int algo = all_algos? 0 : gcry_md_map_name (*argv);
4336 :
4337 1 : if( !algo && !all_algos )
4338 0 : log_error(_("invalid hash algorithm '%s'\n"), *argv );
4339 : else {
4340 1 : argc--; argv++;
4341 1 : if( !argc )
4342 1 : print_mds(NULL, algo);
4343 : else {
4344 0 : for(; argc; argc--, argv++ )
4345 0 : print_mds(*argv, algo);
4346 : }
4347 : }
4348 : }
4349 1 : break;
4350 :
4351 : case aPrintMDs: /* old option */
4352 2 : if( !argc )
4353 2 : print_mds(NULL,0);
4354 : else {
4355 0 : for(; argc; argc--, argv++ )
4356 0 : print_mds(*argv,0);
4357 : }
4358 2 : break;
4359 :
4360 : #ifndef NO_TRUST_MODELS
4361 : case aListTrustDB:
4362 0 : if( !argc )
4363 0 : list_trustdb (es_stdout, NULL);
4364 : else {
4365 0 : for( ; argc; argc--, argv++ )
4366 0 : list_trustdb (es_stdout, *argv );
4367 : }
4368 0 : break;
4369 :
4370 : case aUpdateTrustDB:
4371 0 : if( argc )
4372 0 : wrong_args("--update-trustdb");
4373 0 : update_trustdb();
4374 0 : break;
4375 :
4376 : case aCheckTrustDB:
4377 : /* Old versions allowed for arguments - ignore them */
4378 0 : check_trustdb();
4379 0 : break;
4380 :
4381 : case aFixTrustDB:
4382 0 : how_to_fix_the_trustdb ();
4383 0 : break;
4384 :
4385 : case aListTrustPath:
4386 0 : if( !argc )
4387 0 : wrong_args("--list-trust-path <user-ids>");
4388 0 : for( ; argc; argc--, argv++ ) {
4389 0 : username = make_username( *argv );
4390 0 : list_trust_path( username );
4391 0 : xfree(username);
4392 : }
4393 0 : break;
4394 :
4395 : case aExportOwnerTrust:
4396 0 : if( argc )
4397 0 : wrong_args("--export-ownertrust");
4398 0 : export_ownertrust();
4399 0 : break;
4400 :
4401 : case aImportOwnerTrust:
4402 0 : if( argc > 1 )
4403 0 : wrong_args("--import-ownertrust [file]");
4404 0 : import_ownertrust( argc? *argv:NULL );
4405 0 : break;
4406 : #endif /*!NO_TRUST_MODELS*/
4407 :
4408 : case aRebuildKeydbCaches:
4409 0 : if (argc)
4410 0 : wrong_args ("--rebuild-keydb-caches");
4411 0 : keydb_rebuild_caches (1);
4412 0 : break;
4413 :
4414 : #ifdef ENABLE_CARD_SUPPORT
4415 : case aCardStatus:
4416 0 : if (argc)
4417 0 : wrong_args ("--card-status");
4418 0 : card_status (es_stdout, NULL, 0);
4419 0 : break;
4420 :
4421 : case aCardEdit:
4422 0 : if (argc) {
4423 0 : sl = NULL;
4424 0 : for (argc--, argv++ ; argc; argc--, argv++)
4425 0 : append_to_strlist (&sl, *argv);
4426 0 : card_edit (ctrl, sl);
4427 0 : free_strlist (sl);
4428 : }
4429 : else
4430 0 : card_edit (ctrl, NULL);
4431 0 : break;
4432 :
4433 : case aChangePIN:
4434 0 : if (!argc)
4435 0 : change_pin (0,1);
4436 0 : else if (argc == 1)
4437 0 : change_pin (atoi (*argv),1);
4438 : else
4439 0 : wrong_args ("--change-pin [no]");
4440 0 : break;
4441 : #endif /* ENABLE_CARD_SUPPORT*/
4442 :
4443 : case aListConfig:
4444 : {
4445 5 : char *str=collapse_args(argc,argv);
4446 5 : list_config(str);
4447 5 : xfree(str);
4448 : }
4449 5 : break;
4450 :
4451 : case aListGcryptConfig:
4452 : /* Fixme: It would be nice to integrate that with
4453 : --list-config but unfortunately there is no way yet to have
4454 : libgcrypt print it to an estream for further parsing. */
4455 0 : gcry_control (GCRYCTL_PRINT_CONFIG, stdout);
4456 0 : break;
4457 :
4458 : case aTOFUPolicy:
4459 : #ifdef USE_TOFU
4460 : {
4461 : int policy;
4462 : int i;
4463 : KEYDB_HANDLE hd;
4464 :
4465 8 : if (argc < 2)
4466 0 : wrong_args("--tofu-policy POLICY KEYID [KEYID...]");
4467 :
4468 8 : policy = parse_tofu_policy (argv[0]);
4469 :
4470 8 : hd = keydb_new ();
4471 8 : if (! hd)
4472 : {
4473 0 : log_error (_("Failed to open the keyring DB.\n"));
4474 0 : g10_exit (1);
4475 : }
4476 :
4477 16 : for (i = 1; i < argc; i ++)
4478 : {
4479 : KEYDB_SEARCH_DESC desc;
4480 : kbnode_t kb;
4481 :
4482 8 : rc = classify_user_id (argv[i], &desc, 0);
4483 8 : if (rc)
4484 : {
4485 0 : log_error (_("Failed to parse '%s'.\n"), argv[i]);
4486 0 : g10_exit (1);
4487 : }
4488 :
4489 8 : if (! (desc.mode == KEYDB_SEARCH_MODE_SHORT_KID
4490 0 : || desc.mode == KEYDB_SEARCH_MODE_LONG_KID
4491 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR16
4492 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR20
4493 0 : || desc.mode == KEYDB_SEARCH_MODE_FPR
4494 0 : || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP))
4495 : {
4496 0 : log_error (_("'%s' does not appear to be a valid"
4497 : " key id, fingerprint or key grip.\n"),
4498 0 : argv[i]);
4499 0 : g10_exit (1);
4500 : }
4501 :
4502 8 : rc = keydb_search_reset (hd);
4503 8 : if (rc)
4504 : {
4505 0 : log_error (_("Failed to reset keyring handle.\n"));
4506 0 : g10_exit (1);
4507 : }
4508 :
4509 8 : rc = keydb_search (hd, &desc, 1, NULL);
4510 8 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
4511 : {
4512 0 : log_error (_("Key '%s' is not available\n"), argv[i]);
4513 0 : g10_exit (1);
4514 : }
4515 8 : else if (rc)
4516 : {
4517 0 : log_error (_("Failed to find key '%s'\n"), argv[i]);
4518 0 : g10_exit (1);
4519 : }
4520 :
4521 8 : rc = keydb_get_keyblock (hd, &kb);
4522 8 : if (rc)
4523 : {
4524 0 : log_error (_("Failed to read key '%s' from the keyring\n"),
4525 0 : argv[i]);
4526 0 : g10_exit (1);
4527 : }
4528 :
4529 8 : merge_keys_and_selfsig (kb);
4530 8 : if (tofu_set_policy (kb, policy))
4531 0 : g10_exit (1);
4532 : }
4533 :
4534 8 : keydb_release (hd);
4535 :
4536 : }
4537 : #endif /*USE_TOFU*/
4538 8 : break;
4539 :
4540 : case aListPackets:
4541 1 : opt.list_packets=2;
4542 : default:
4543 546 : if( argc > 1 )
4544 0 : wrong_args(_("[filename]"));
4545 : /* Issue some output for the unix newbie */
4546 546 : if (!fname && !opt.outfile
4547 14 : && gnupg_isatty (fileno (stdin))
4548 0 : && gnupg_isatty (fileno (stdout))
4549 0 : && gnupg_isatty (fileno (stderr)))
4550 0 : log_info(_("Go ahead and type your message ...\n"));
4551 :
4552 546 : a = iobuf_open(fname);
4553 546 : if (a && is_secured_file (iobuf_get_fd (a)))
4554 : {
4555 0 : iobuf_close (a);
4556 0 : a = NULL;
4557 0 : gpg_err_set_errno (EPERM);
4558 : }
4559 546 : if( !a )
4560 0 : log_error(_("can't open '%s'\n"), print_fname_stdin(fname));
4561 : else {
4562 :
4563 546 : if( !opt.no_armor ) {
4564 546 : if( use_armor_filter( a ) ) {
4565 58 : afx = new_armor_context ();
4566 58 : push_armor_filter (afx, a);
4567 : }
4568 : }
4569 546 : if( cmd == aListPackets ) {
4570 1 : set_packet_list_mode(1);
4571 1 : opt.list_packets=1;
4572 : }
4573 546 : rc = proc_packets (ctrl, NULL, a );
4574 546 : if( rc )
4575 : {
4576 0 : write_status_failure ("-", rc);
4577 0 : log_error ("processing message failed: %s\n",
4578 : gpg_strerror (rc));
4579 : }
4580 546 : iobuf_close(a);
4581 : }
4582 546 : break;
4583 : }
4584 :
4585 : /* cleanup */
4586 1272 : gpg_deinit_default_ctrl (ctrl);
4587 1272 : xfree (ctrl);
4588 1272 : release_armor_context (afx);
4589 1272 : FREE_STRLIST(remusr);
4590 1272 : FREE_STRLIST(locusr);
4591 1272 : g10_exit(0);
4592 : return 8; /*NEVER REACHED*/
4593 : }
4594 :
4595 :
4596 : /* Note: This function is used by signal handlers!. */
4597 : static void
4598 1276 : emergency_cleanup (void)
4599 : {
4600 1276 : gcry_control (GCRYCTL_TERM_SECMEM );
4601 1276 : }
4602 :
4603 :
4604 : void
4605 1276 : g10_exit( int rc )
4606 : {
4607 1276 : gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
4608 1276 : if (DBG_CLOCK)
4609 0 : log_clock ("stop");
4610 :
4611 1276 : if ( (opt.debug & DBG_MEMSTAT_VALUE) )
4612 : {
4613 0 : keydb_dump_stats ();
4614 0 : gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
4615 0 : gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
4616 : }
4617 1276 : if (opt.debug)
4618 0 : gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
4619 :
4620 1276 : emergency_cleanup ();
4621 :
4622 1276 : rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
4623 1276 : exit (rc);
4624 : }
4625 :
4626 :
4627 : /* Pretty-print hex hashes. This assumes at least an 80-character
4628 : display, but there are a few other similar assumptions in the
4629 : display code. */
4630 : static void
4631 0 : print_hex (gcry_md_hd_t md, int algo, const char *fname)
4632 : {
4633 0 : int i,n,count,indent=0;
4634 : const byte *p;
4635 :
4636 0 : if (fname)
4637 0 : indent = es_printf("%s: ",fname);
4638 :
4639 0 : if (indent>40)
4640 : {
4641 0 : es_printf ("\n");
4642 0 : indent=0;
4643 : }
4644 :
4645 0 : if (algo==DIGEST_ALGO_RMD160)
4646 0 : indent += es_printf("RMD160 = ");
4647 0 : else if (algo>0)
4648 0 : indent += es_printf("%6s = ", gcry_md_algo_name (algo));
4649 : else
4650 0 : algo = abs(algo);
4651 :
4652 0 : count = indent;
4653 :
4654 0 : p = gcry_md_read (md, algo);
4655 0 : n = gcry_md_get_algo_dlen (algo);
4656 :
4657 0 : count += es_printf ("%02X",*p++);
4658 :
4659 0 : for(i=1;i<n;i++,p++)
4660 : {
4661 0 : if(n==16)
4662 : {
4663 0 : if(count+2>79)
4664 : {
4665 0 : es_printf ("\n%*s",indent," ");
4666 0 : count = indent;
4667 : }
4668 : else
4669 0 : count += es_printf(" ");
4670 :
4671 0 : if (!(i%8))
4672 0 : count += es_printf(" ");
4673 : }
4674 0 : else if (n==20)
4675 : {
4676 0 : if(!(i%2))
4677 : {
4678 0 : if(count+4>79)
4679 : {
4680 0 : es_printf ("\n%*s",indent," ");
4681 0 : count=indent;
4682 : }
4683 : else
4684 0 : count += es_printf(" ");
4685 : }
4686 :
4687 0 : if (!(i%10))
4688 0 : count += es_printf(" ");
4689 : }
4690 : else
4691 : {
4692 0 : if(!(i%4))
4693 : {
4694 0 : if (count+8>79)
4695 : {
4696 0 : es_printf ("\n%*s",indent," ");
4697 0 : count=indent;
4698 : }
4699 : else
4700 0 : count += es_printf(" ");
4701 : }
4702 : }
4703 :
4704 0 : count += es_printf("%02X",*p);
4705 : }
4706 :
4707 0 : es_printf ("\n");
4708 0 : }
4709 :
4710 : static void
4711 15 : print_hashline( gcry_md_hd_t md, int algo, const char *fname )
4712 : {
4713 : int i, n;
4714 : const byte *p;
4715 :
4716 15 : if ( fname )
4717 : {
4718 0 : for (p = fname; *p; p++ )
4719 : {
4720 0 : if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
4721 0 : es_printf ("%%%02X", *p );
4722 : else
4723 0 : es_putc (*p, es_stdout);
4724 : }
4725 : }
4726 15 : es_putc (':', es_stdout);
4727 15 : es_printf ("%d:", algo);
4728 15 : p = gcry_md_read (md, algo);
4729 15 : n = gcry_md_get_algo_dlen (algo);
4730 491 : for(i=0; i < n ; i++, p++ )
4731 476 : es_printf ("%02X", *p);
4732 15 : es_fputs (":\n", es_stdout);
4733 15 : }
4734 :
4735 :
4736 : static void
4737 3 : print_mds( const char *fname, int algo )
4738 : {
4739 : estream_t fp;
4740 : char buf[1024];
4741 : size_t n;
4742 : gcry_md_hd_t md;
4743 :
4744 3 : if (!fname)
4745 : {
4746 3 : fp = es_stdin;
4747 3 : es_set_binary (fp);
4748 : }
4749 : else
4750 : {
4751 0 : fp = es_fopen (fname, "rb" );
4752 0 : if (fp && is_secured_file (es_fileno (fp)))
4753 : {
4754 0 : es_fclose (fp);
4755 0 : fp = NULL;
4756 0 : gpg_err_set_errno (EPERM);
4757 : }
4758 : }
4759 3 : if (!fp)
4760 : {
4761 0 : log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
4762 3 : return;
4763 : }
4764 :
4765 3 : gcry_md_open (&md, 0, 0);
4766 3 : if (algo)
4767 1 : gcry_md_enable (md, algo);
4768 : else
4769 : {
4770 2 : if (!gcry_md_test_algo (GCRY_MD_MD5))
4771 2 : gcry_md_enable (md, GCRY_MD_MD5);
4772 2 : gcry_md_enable (md, GCRY_MD_SHA1);
4773 2 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
4774 2 : gcry_md_enable (md, GCRY_MD_RMD160);
4775 2 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
4776 2 : gcry_md_enable (md, GCRY_MD_SHA224);
4777 2 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
4778 2 : gcry_md_enable (md, GCRY_MD_SHA256);
4779 2 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
4780 2 : gcry_md_enable (md, GCRY_MD_SHA384);
4781 2 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
4782 2 : gcry_md_enable (md, GCRY_MD_SHA512);
4783 : }
4784 :
4785 51 : while ((n=es_fread (buf, 1, DIM(buf), fp)))
4786 45 : gcry_md_write (md, buf, n);
4787 :
4788 3 : if (es_ferror(fp))
4789 0 : log_error ("%s: %s\n", fname?fname:"[stdin]", strerror(errno));
4790 : else
4791 : {
4792 3 : gcry_md_final (md);
4793 3 : if (opt.with_colons)
4794 : {
4795 3 : if ( algo )
4796 1 : print_hashline (md, algo, fname);
4797 : else
4798 : {
4799 2 : if (!gcry_md_test_algo (GCRY_MD_MD5))
4800 2 : print_hashline( md, GCRY_MD_MD5, fname );
4801 2 : print_hashline( md, GCRY_MD_SHA1, fname );
4802 2 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
4803 2 : print_hashline( md, GCRY_MD_RMD160, fname );
4804 2 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
4805 2 : print_hashline (md, GCRY_MD_SHA224, fname);
4806 2 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
4807 2 : print_hashline( md, GCRY_MD_SHA256, fname );
4808 2 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
4809 2 : print_hashline ( md, GCRY_MD_SHA384, fname );
4810 2 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
4811 2 : print_hashline ( md, GCRY_MD_SHA512, fname );
4812 : }
4813 : }
4814 : else
4815 : {
4816 0 : if (algo)
4817 0 : print_hex (md, -algo, fname);
4818 : else
4819 : {
4820 0 : if (!gcry_md_test_algo (GCRY_MD_MD5))
4821 0 : print_hex (md, GCRY_MD_MD5, fname);
4822 0 : print_hex (md, GCRY_MD_SHA1, fname );
4823 0 : if (!gcry_md_test_algo (GCRY_MD_RMD160))
4824 0 : print_hex (md, GCRY_MD_RMD160, fname );
4825 0 : if (!gcry_md_test_algo (GCRY_MD_SHA224))
4826 0 : print_hex (md, GCRY_MD_SHA224, fname);
4827 0 : if (!gcry_md_test_algo (GCRY_MD_SHA256))
4828 0 : print_hex (md, GCRY_MD_SHA256, fname );
4829 0 : if (!gcry_md_test_algo (GCRY_MD_SHA384))
4830 0 : print_hex (md, GCRY_MD_SHA384, fname );
4831 0 : if (!gcry_md_test_algo (GCRY_MD_SHA512))
4832 0 : print_hex (md, GCRY_MD_SHA512, fname );
4833 : }
4834 : }
4835 : }
4836 3 : gcry_md_close (md);
4837 :
4838 3 : if (fp != es_stdin)
4839 0 : es_fclose (fp);
4840 : }
4841 :
4842 :
4843 : /****************
4844 : * Check the supplied name,value string and add it to the notation
4845 : * data to be used for signatures. which==0 for sig notations, and 1
4846 : * for cert notations.
4847 : */
4848 : static void
4849 0 : add_notation_data( const char *string, int which )
4850 : {
4851 : struct notation *notation;
4852 :
4853 0 : notation=string_to_notation(string,utf8_strings);
4854 0 : if(notation)
4855 : {
4856 0 : if(which)
4857 : {
4858 0 : notation->next=opt.cert_notations;
4859 0 : opt.cert_notations=notation;
4860 : }
4861 : else
4862 : {
4863 0 : notation->next=opt.sig_notations;
4864 0 : opt.sig_notations=notation;
4865 : }
4866 : }
4867 0 : }
4868 :
4869 : static void
4870 0 : add_policy_url( const char *string, int which )
4871 : {
4872 0 : unsigned int i,critical=0;
4873 : strlist_t sl;
4874 :
4875 0 : if(*string=='!')
4876 : {
4877 0 : string++;
4878 0 : critical=1;
4879 : }
4880 :
4881 0 : for(i=0;i<strlen(string);i++)
4882 0 : if( !isascii (string[i]) || iscntrl(string[i]))
4883 : break;
4884 :
4885 0 : if(i==0 || i<strlen(string))
4886 : {
4887 0 : if(which)
4888 0 : log_error(_("the given certification policy URL is invalid\n"));
4889 : else
4890 0 : log_error(_("the given signature policy URL is invalid\n"));
4891 : }
4892 :
4893 0 : if(which)
4894 0 : sl=add_to_strlist( &opt.cert_policy_url, string );
4895 : else
4896 0 : sl=add_to_strlist( &opt.sig_policy_url, string );
4897 :
4898 0 : if(critical)
4899 0 : sl->flags |= 1;
4900 0 : }
4901 :
4902 : static void
4903 0 : add_keyserver_url( const char *string, int which )
4904 : {
4905 0 : unsigned int i,critical=0;
4906 : strlist_t sl;
4907 :
4908 0 : if(*string=='!')
4909 : {
4910 0 : string++;
4911 0 : critical=1;
4912 : }
4913 :
4914 0 : for(i=0;i<strlen(string);i++)
4915 0 : if( !isascii (string[i]) || iscntrl(string[i]))
4916 : break;
4917 :
4918 0 : if(i==0 || i<strlen(string))
4919 : {
4920 0 : if(which)
4921 0 : BUG();
4922 : else
4923 0 : log_error(_("the given preferred keyserver URL is invalid\n"));
4924 : }
4925 :
4926 0 : if(which)
4927 0 : BUG();
4928 : else
4929 0 : sl=add_to_strlist( &opt.sig_keyserver_url, string );
4930 :
4931 0 : if(critical)
4932 0 : sl->flags |= 1;
4933 0 : }
|
