diff options
| -rw-r--r-- | doc/gpg.texi | 9 | ||||
| -rw-r--r-- | g10/gpg.c | 13 | ||||
| -rw-r--r-- | g10/keyedit.c | 83 | ||||
| -rw-r--r-- | g10/keyedit.h | 2 |
4 files changed, 105 insertions, 2 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index f5a6fdd4d..2fe6a8448 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1223,12 +1223,19 @@ all affected self-signatures is set one second ahead. This command updates the preference list of the key to the current default value (either built-in or set via @option{--default-preference-list}). This is the unattended version -of of using "setpref" in the @option{--key-edit} menu without giving a +of using "setpref" in the @option{--key-edit} menu without giving a list. Note that you can show the preferences in a key listing by using @option{--list-options show-pref} or @option{--list-options show-pref-verbose}. You should also re-distribute updated keys to your peers. +@item --quick-set-ownertrust @var{user-id} @var{value} +@opindex quick-set-ownertrust +This command sets the ownertrust of a key and can also be used to set +the disable flag of a key. This is the unattended version of using +"trust", "disable", or "enable" in the @option{--key-edit} menu. + + @item --change-passphrase @var{user-id} @opindex change-passphrase @itemx --passwd @var{user-id} @@ -136,6 +136,7 @@ enum cmd_and_opt_values aQuickSetExpire, aQuickSetPrimaryUid, aQuickUpdatePref, + aQuickSetOwnertrust, aListConfig, aListGcryptConfig, aGPGConfList, @@ -504,6 +505,7 @@ static gpgrt_opt_t opts[] = { N_("quickly set a new expiration date")), ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"), ARGPARSE_c (aQuickUpdatePref, "quick-update-pref", "@"), + ARGPARSE_c (aQuickSetOwnertrust, "quick-set-ownertrust", "@"), ARGPARSE_c (aFullKeygen, "full-generate-key" , N_("full featured key pair generation")), ARGPARSE_c (aFullKeygen, "full-gen-key", "@"), @@ -2722,6 +2724,7 @@ main (int argc, char **argv) case aQuickSetExpire: case aQuickSetPrimaryUid: case aQuickUpdatePref: + case aQuickSetOwnertrust: case aExportOwnerTrust: case aImportOwnerTrust: case aRebuildKeydbCaches: @@ -4405,6 +4408,7 @@ main (int argc, char **argv) case aQuickRevUid: case aQuickSetPrimaryUid: case aQuickUpdatePref: + case aQuickSetOwnertrust: case aFullKeygen: case aKeygen: case aImport: @@ -4926,6 +4930,15 @@ main (int argc, char **argv) } break; + case aQuickSetOwnertrust: + { + if (argc != 2) + wrong_args ("--quick-set-ownertrust USER-ID" + " [enable|disable|full|...]"); + keyedit_quick_set_ownertrust (ctrl, argv[0], argv[1]); + } + break; + case aFastImport: opt.import_options |= IMPORT_FAST; /* fall through */ case aImport: diff --git a/g10/keyedit.c b/g10/keyedit.c index a09797a36..81ea06c24 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2755,6 +2755,87 @@ keyedit_quick_update_pref (ctrl_t ctrl, const char *username) } +/* Unattended updating of the ownertrust or disable/enable state of a key + * USERNAME specifies the key. This is somewhat similar to + * gpg --edit-key <userid> trust save + * gpg --edit-key <userid> disable save + * + * VALUE is the new trust value which is one of: + * "undefined" - Ownertrust is set to undefined + * "never" - Ownertrust is set to never trust + * "marginal" - Ownertrust is set to marginal trust + * "full" - Ownertrust is set to full trust + * "ultimate" - Ownertrust is set to ultimate trust + * "enable" - The key is re-enabled. + * "disable" - The key is disabled. + * Trust settings do not change the ebable/disable state. + */ +void +keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username, + const char *value) +{ + gpg_error_t err; + KEYDB_HANDLE kdbhd = NULL; + kbnode_t keyblock = NULL; + PKT_public_key *pk; + unsigned int trust, newtrust; + int x; + int maybe_update_trust = 0; + +#ifdef HAVE_W32_SYSTEM + /* See keyedit_menu for why we need this. */ + check_trustdb_stale (ctrl); +#endif + + /* Search the key; we don't want the whole getkey stuff here. Note + * that we are looking for the public key here. */ + err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock); + if (err) + goto leave; + log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY + || keyblock->pkt->pkttype == PKT_SECRET_KEY); + pk = keyblock->pkt->pkt.public_key; + + trust = newtrust = get_ownertrust (ctrl, pk); + + if (!ascii_strcasecmp (value, "enable")) + newtrust &= ~TRUST_FLAG_DISABLED; + else if (!ascii_strcasecmp (value, "disable")) + newtrust |= TRUST_FLAG_DISABLED; + else if ((x = string_to_trust_value (value)) >= 0) + { + newtrust = x; + newtrust &= TRUST_MASK; + newtrust |= (trust & ~TRUST_MASK); + maybe_update_trust = 1; + } + else + { + err = gpg_error (GPG_ERR_INV_ARG); + goto leave; + } + + if (trust != newtrust) + { + update_ownertrust (ctrl, pk, newtrust); + if (maybe_update_trust) + revalidation_mark (ctrl); + } + else if (opt.verbose) + log_info (_("Key not changed so no update needed.\n")); + + leave: + if (err) + { + log_error (_("setting the ownertrust to '%s' failed: %s\n"), + value, gpg_strerror (err)); + write_status_error ("keyedit.setownertrust", err); + } + release_kbnode (keyblock); + keydb_release (kdbhd); +} + + /* Find a keyblock by fingerprint because only this uniquely * identifies a key and may thus be used to select a key for * unattended subkey creation os key signing. */ @@ -2999,7 +3080,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev, check_trustdb_stale (ctrl); #endif - /* Search the key; we don't want the whole getkey stuff here. Noet + /* Search the key; we don't want the whole getkey stuff here. Note * that we are looking for the public key here. */ err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock); if (err) diff --git a/g10/keyedit.h b/g10/keyedit.h index abf7314af..7cb01268e 100644 --- a/g10/keyedit.h +++ b/g10/keyedit.h @@ -57,6 +57,8 @@ void keyedit_quick_set_expire (ctrl_t ctrl, void keyedit_quick_set_primary (ctrl_t ctrl, const char *username, const char *primaryuid); void keyedit_quick_update_pref (ctrl_t ctrl, const char *username); +void keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username, + const char *value); void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec); int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp, int rc, kbnode_t keyblock, |