core: New context flag "auto-key-retrieve"

* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag
"auto-key-retrieve".
* src/context.h (gpgme_context): New field auto_key_retrieve.
* src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve
to field 'decrypt'.
* src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass
option --auto-key-retrieve to gpg.  Adjust all callers.
(gpg_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve.
* src/engine-uiserver.c (uiserver_decrypt): Ditto.
* tests/run-verify.c (main): Add option --auto-key-retrieve.
--

This makes the --auto-key-retrieve option available in the GPGME API.

Test plan:
Run

  GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE

with and without its new option --auto-key-retrieve and check in the
trace stored in "out" whether --auto-key-retrieve was passed to gpg.

Signed-off-by: Werner Koch <[email protected]>

13 files changed, 72 insertions, 9 deletions

diff --git a/NEWS b/NEWS
index 25552ad6..71d96001 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ Noteworthy changes in version 1.10.0 (unreleased)
  GPGME_DELETE_ALLOW_SECRET   NEW.
  GPGME_DELETE_FORCE          NEW.
  gpgme_op_conf_dir           NEW.
+ gpgme_set_ctx_flag          EXTENDED: New flag 'auto-key-retrieve'.
  cpp: DecryptionResult::isDeVs NEW.
  cpp: Signature::isDeVs        NEW.
  py: DecryptResult           EXTENDED: New boolean field 'is_de_vs'.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 5df54f58..8dcc86e6 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3055,6 +3055,16 @@ the context flag "export-session-key" is enabled.  Please be aware that
 using this feature with GnuPG < 2.1.16 will leak the session key on
 many platforms via ps(1).
 
+@item "auto-key-retrieve"
+Setting the @var{value} to "1" asks the backend to automatically
+retrieve a key for signature verification if possible.  Note that this
+option makes a "web bug" like behavior possible.  Keyserver or Web Key
+Directory operators can see which keys you request, so by sending you
+a message signed by a brand new key (which you naturally will not have
+on your local keyring), the operator can tell both your IP address and
+the time when you verified the signature.
+
+
 @end table
 
 This function returns @code{0} on success.
diff --git a/src/context.h b/src/context.h
index d0542d9f..1e763d2a 100644
--- a/src/context.h
+++ b/src/context.h
@@ -118,6 +118,9 @@ struct gpgme_context
    * flag is cleared with each operation.  */
   unsigned int redraw_suggested : 1;
 
+  /* True if the option --auto-key-retrieve shall be passed to gpg.  */
+  unsigned int auto_key_retrieve : 1;
+
   /* Flags for keylist mode.  */
   gpgme_keylist_mode_t keylist_mode;
 
diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c
index 66cfe94f..17f79acd 100644
--- a/src/decrypt-verify.c
+++ b/src/decrypt-verify.c
@@ -86,7 +86,8 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous,
                                    flags,
                                    cipher, plain,
                                    ctx->export_session_keys,
-                                   ctx->override_session_key);
+                                   ctx->override_session_key,
+                                   ctx->auto_key_retrieve);
 }
 
 
diff --git a/src/decrypt.c b/src/decrypt.c
index eb7ec4d3..8c2cd4d7 100644
--- a/src/decrypt.c
+++ b/src/decrypt.c
@@ -452,7 +452,8 @@ _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
                                    flags,
                                    cipher, plain,
                                    ctx->export_session_keys,
-                                   ctx->override_session_key);
+                                   ctx->override_session_key,
+                                   ctx->auto_key_retrieve);
 }
 
 
diff --git a/src/engine-backend.h b/src/engine-backend.h
index f41aaeb6..421eb166 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -65,7 +65,8 @@ struct engine_ops
                             gpgme_decrypt_flags_t flags,
                             gpgme_data_t ciph,
 			    gpgme_data_t plain, int export_session_key,
-                            const char *override_session_key);
+                            const char *override_session_key,
+                            int auto_key_retrieve);
   gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags);
   gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
 			 gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 9c0d7f7c..5ce04f0a 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1562,7 +1562,8 @@ static gpgme_error_t
 gpg_decrypt (void *engine,
              gpgme_decrypt_flags_t flags,
              gpgme_data_t ciph, gpgme_data_t plain,
-             int export_session_key, const char *override_session_key)
+             int export_session_key, const char *override_session_key,
+             int auto_key_retrieve)
 {
   engine_gpg_t gpg = engine;
   gpgme_error_t err;
@@ -1580,6 +1581,9 @@ gpg_decrypt (void *engine,
   if (!err && export_session_key)
     err = add_arg (gpg, "--show-session-key");
 
+  if (!err && auto_key_retrieve)
+    err = add_arg (gpg, "--auto-key-retrieve");
+
   if (!err && override_session_key && *override_session_key)
     {
       if (have_gpg_version (gpg, "2.1.16"))
@@ -2997,6 +3001,9 @@ gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
   gpgme_error_t err;
 
   err = append_args_from_sender (gpg, ctx);
+  if (!err && ctx->auto_key_retrieve)
+    err = add_arg (gpg, "--auto-key-retrieve");
+
   if (err)
     ;
   else if (plaintext)
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index f23b0bfd..e337fedd 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1130,7 +1130,8 @@ static gpgme_error_t
 gpgsm_decrypt (void *engine,
                gpgme_decrypt_flags_t flags,
                gpgme_data_t ciph, gpgme_data_t plain,
-               int export_session_key, const char *override_session_key)
+               int export_session_key, const char *override_session_key,
+               int auto_key_retrieve)
 {
   engine_gpgsm_t gpgsm = engine;
   gpgme_error_t err;
@@ -1142,6 +1143,9 @@ gpgsm_decrypt (void *engine,
   (void)export_session_key;
   (void)override_session_key;
 
+  /* --auto-key-retrieve is also not supported.  */
+  (void)auto_key_retrieve;
+
   if (!gpgsm)
     return gpg_error (GPG_ERR_INV_VALUE);
 
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 3db705d8..bc3f3fbd 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -962,7 +962,8 @@ static gpgme_error_t
 uiserver_decrypt (void *engine,
                   gpgme_decrypt_flags_t flags,
                   gpgme_data_t ciph, gpgme_data_t plain,
-                  int export_session_key, const char *override_session_key)
+                  int export_session_key, const char *override_session_key,
+                  int auto_key_retrieve)
 {
   engine_uiserver_t uiserver = engine;
   gpgme_error_t err;
@@ -972,6 +973,8 @@ uiserver_decrypt (void *engine,
 
   (void)override_session_key; /* Fixme: We need to see now to add this
                                * to the UI server protocol  */
+  (void)auto_key_retrieve;    /* Not yet supported.  */
+
 
   if (!uiserver)
     return gpg_error (GPG_ERR_INV_VALUE);
diff --git a/src/engine.c b/src/engine.c
index 2c7e625f..28ba9fdf 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -656,7 +656,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
                           gpgme_decrypt_flags_t flags,
                           gpgme_data_t ciph,
 			  gpgme_data_t plain, int export_session_key,
-                          const char *override_session_key)
+                          const char *override_session_key,
+                          int auto_key_retrieve)
 {
   if (!engine)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -665,7 +666,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
     return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 
   return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain,
-                                  export_session_key, override_session_key);
+                                  export_session_key, override_session_key,
+                                  auto_key_retrieve);
 }
 
 
diff --git a/src/engine.h b/src/engine.h
index b71b7e2d..0bf1bb27 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -88,7 +88,8 @@ gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine,
                                         gpgme_data_t ciph,
 					gpgme_data_t plain,
                                         int export_session_key,
-                                        const char *override_session_key);
+                                        const char *override_session_key,
+                                        int auto_key_retrieve);
 gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
 				       unsigned int flags);
 gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,
diff --git a/src/gpgme.c b/src/gpgme.c
index 2b196a25..d0a5afee 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -531,6 +531,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
       if (!ctx->override_session_key)
         err = gpg_error_from_syserror ();
     }
+  else if (!strcmp (name, "auto-key-retrieve"))
+    {
+      ctx->auto_key_retrieve = abool;
+    }
   else
     err = gpg_error (GPG_ERR_UNKNOWN_NAME);
 
@@ -568,6 +572,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
     {
       return ctx->override_session_key? ctx->override_session_key : "";
     }
+  else if (!strcmp (name, "auto-key-retrieve"))
+    {
+      return ctx->auto_key_retrieve? "1":"";
+    }
   else
     return NULL;
 }
diff --git a/tests/run-verify.c b/tests/run-verify.c
index 3abc5728..b22e6446 100644
--- a/tests/run-verify.c
+++ b/tests/run-verify.c
@@ -222,6 +222,7 @@ show_usage (int ex)
          "  --openpgp        use the OpenPGP protocol (default)\n"
          "  --cms            use the CMS protocol\n"
          "  --sender MBOX    use MBOX as sender address\n"
+         "  --auto-key-retrieve\n"
          , stderr);
   exit (ex);
 }
@@ -231,6 +232,7 @@ int
 main (int argc, char **argv)
 {
   int last_argc = -1;
+  const char *s;
   gpgme_error_t err;
   gpgme_ctx_t ctx;
   gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
@@ -241,6 +243,7 @@ main (int argc, char **argv)
   gpgme_verify_result_t result;
   int print_status = 0;
   const char *sender = NULL;
+  int auto_key_retrieve = 0;
 
   if (argc)
     { argc--; argv++; }
@@ -283,6 +286,12 @@ main (int argc, char **argv)
           sender = *argv;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--auto-key-retrieve"))
+        {
+          auto_key_retrieve = 1;
+          argc--; argv++;
+        }
+
       else if (!strncmp (*argv, "--", 2))
         show_usage (1);
 
@@ -323,6 +332,18 @@ main (int argc, char **argv)
     }
   /* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */
 
+  if (auto_key_retrieve)
+    {
+      gpgme_set_ctx_flag (ctx, "auto-key-retrieve", "1");
+      s = gpgme_get_ctx_flag (ctx, "auto-key-retrieve");
+      if (!s || strcmp (s, "1"))
+        {
+          fprintf (stderr, PGM ": gpgme_get_ctx_flag failed for '%s'\n",
+                   "auto-key-retrieve");
+          exit (1);
+        }
+    }
+
   if (sender)
     {
       err = gpgme_set_sender (ctx, sender);