core: New context flag "auto-key-retrieve"
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag "auto-key-retrieve". * src/context.h (gpgme_context): New field auto_key_retrieve. * src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve to field 'decrypt'. * src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass option --auto-key-retrieve to gpg. Adjust all callers. (gpg_verify): Ditto. * src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve. * src/engine-uiserver.c (uiserver_decrypt): Ditto. * tests/run-verify.c (main): Add option --auto-key-retrieve. -- This makes the --auto-key-retrieve option available in the GPGME API. Test plan: Run GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE with and without its new option --auto-key-retrieve and check in the trace stored in "out" whether --auto-key-retrieve was passed to gpg. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
6745eb69e2
commit
47f61df070
1
NEWS
1
NEWS
@ -11,6 +11,7 @@ Noteworthy changes in version 1.10.0 (unreleased)
|
|||||||
GPGME_DELETE_ALLOW_SECRET NEW.
|
GPGME_DELETE_ALLOW_SECRET NEW.
|
||||||
GPGME_DELETE_FORCE NEW.
|
GPGME_DELETE_FORCE NEW.
|
||||||
gpgme_op_conf_dir NEW.
|
gpgme_op_conf_dir NEW.
|
||||||
|
gpgme_set_ctx_flag EXTENDED: New flag 'auto-key-retrieve'.
|
||||||
cpp: DecryptionResult::isDeVs NEW.
|
cpp: DecryptionResult::isDeVs NEW.
|
||||||
cpp: Signature::isDeVs NEW.
|
cpp: Signature::isDeVs NEW.
|
||||||
py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
|
py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
|
||||||
|
@ -3055,6 +3055,16 @@ the context flag "export-session-key" is enabled. Please be aware that
|
|||||||
using this feature with GnuPG < 2.1.16 will leak the session key on
|
using this feature with GnuPG < 2.1.16 will leak the session key on
|
||||||
many platforms via ps(1).
|
many platforms via ps(1).
|
||||||
|
|
||||||
|
@item "auto-key-retrieve"
|
||||||
|
Setting the @var{value} to "1" asks the backend to automatically
|
||||||
|
retrieve a key for signature verification if possible. Note that this
|
||||||
|
option makes a "web bug" like behavior possible. Keyserver or Web Key
|
||||||
|
Directory operators can see which keys you request, so by sending you
|
||||||
|
a message signed by a brand new key (which you naturally will not have
|
||||||
|
on your local keyring), the operator can tell both your IP address and
|
||||||
|
the time when you verified the signature.
|
||||||
|
|
||||||
|
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
This function returns @code{0} on success.
|
This function returns @code{0} on success.
|
||||||
|
@ -118,6 +118,9 @@ struct gpgme_context
|
|||||||
* flag is cleared with each operation. */
|
* flag is cleared with each operation. */
|
||||||
unsigned int redraw_suggested : 1;
|
unsigned int redraw_suggested : 1;
|
||||||
|
|
||||||
|
/* True if the option --auto-key-retrieve shall be passed to gpg. */
|
||||||
|
unsigned int auto_key_retrieve : 1;
|
||||||
|
|
||||||
/* Flags for keylist mode. */
|
/* Flags for keylist mode. */
|
||||||
gpgme_keylist_mode_t keylist_mode;
|
gpgme_keylist_mode_t keylist_mode;
|
||||||
|
|
||||||
|
@ -86,7 +86,8 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous,
|
|||||||
flags,
|
flags,
|
||||||
cipher, plain,
|
cipher, plain,
|
||||||
ctx->export_session_keys,
|
ctx->export_session_keys,
|
||||||
ctx->override_session_key);
|
ctx->override_session_key,
|
||||||
|
ctx->auto_key_retrieve);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -452,7 +452,8 @@ _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
|
|||||||
flags,
|
flags,
|
||||||
cipher, plain,
|
cipher, plain,
|
||||||
ctx->export_session_keys,
|
ctx->export_session_keys,
|
||||||
ctx->override_session_key);
|
ctx->override_session_key,
|
||||||
|
ctx->auto_key_retrieve);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -65,7 +65,8 @@ struct engine_ops
|
|||||||
gpgme_decrypt_flags_t flags,
|
gpgme_decrypt_flags_t flags,
|
||||||
gpgme_data_t ciph,
|
gpgme_data_t ciph,
|
||||||
gpgme_data_t plain, int export_session_key,
|
gpgme_data_t plain, int export_session_key,
|
||||||
const char *override_session_key);
|
const char *override_session_key,
|
||||||
|
int auto_key_retrieve);
|
||||||
gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags);
|
gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags);
|
||||||
gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
|
gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
|
||||||
gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);
|
gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);
|
||||||
|
@ -1562,7 +1562,8 @@ static gpgme_error_t
|
|||||||
gpg_decrypt (void *engine,
|
gpg_decrypt (void *engine,
|
||||||
gpgme_decrypt_flags_t flags,
|
gpgme_decrypt_flags_t flags,
|
||||||
gpgme_data_t ciph, gpgme_data_t plain,
|
gpgme_data_t ciph, gpgme_data_t plain,
|
||||||
int export_session_key, const char *override_session_key)
|
int export_session_key, const char *override_session_key,
|
||||||
|
int auto_key_retrieve)
|
||||||
{
|
{
|
||||||
engine_gpg_t gpg = engine;
|
engine_gpg_t gpg = engine;
|
||||||
gpgme_error_t err;
|
gpgme_error_t err;
|
||||||
@ -1580,6 +1581,9 @@ gpg_decrypt (void *engine,
|
|||||||
if (!err && export_session_key)
|
if (!err && export_session_key)
|
||||||
err = add_arg (gpg, "--show-session-key");
|
err = add_arg (gpg, "--show-session-key");
|
||||||
|
|
||||||
|
if (!err && auto_key_retrieve)
|
||||||
|
err = add_arg (gpg, "--auto-key-retrieve");
|
||||||
|
|
||||||
if (!err && override_session_key && *override_session_key)
|
if (!err && override_session_key && *override_session_key)
|
||||||
{
|
{
|
||||||
if (have_gpg_version (gpg, "2.1.16"))
|
if (have_gpg_version (gpg, "2.1.16"))
|
||||||
@ -2997,6 +3001,9 @@ gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
|
|||||||
gpgme_error_t err;
|
gpgme_error_t err;
|
||||||
|
|
||||||
err = append_args_from_sender (gpg, ctx);
|
err = append_args_from_sender (gpg, ctx);
|
||||||
|
if (!err && ctx->auto_key_retrieve)
|
||||||
|
err = add_arg (gpg, "--auto-key-retrieve");
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
;
|
;
|
||||||
else if (plaintext)
|
else if (plaintext)
|
||||||
|
@ -1130,7 +1130,8 @@ static gpgme_error_t
|
|||||||
gpgsm_decrypt (void *engine,
|
gpgsm_decrypt (void *engine,
|
||||||
gpgme_decrypt_flags_t flags,
|
gpgme_decrypt_flags_t flags,
|
||||||
gpgme_data_t ciph, gpgme_data_t plain,
|
gpgme_data_t ciph, gpgme_data_t plain,
|
||||||
int export_session_key, const char *override_session_key)
|
int export_session_key, const char *override_session_key,
|
||||||
|
int auto_key_retrieve)
|
||||||
{
|
{
|
||||||
engine_gpgsm_t gpgsm = engine;
|
engine_gpgsm_t gpgsm = engine;
|
||||||
gpgme_error_t err;
|
gpgme_error_t err;
|
||||||
@ -1142,6 +1143,9 @@ gpgsm_decrypt (void *engine,
|
|||||||
(void)export_session_key;
|
(void)export_session_key;
|
||||||
(void)override_session_key;
|
(void)override_session_key;
|
||||||
|
|
||||||
|
/* --auto-key-retrieve is also not supported. */
|
||||||
|
(void)auto_key_retrieve;
|
||||||
|
|
||||||
if (!gpgsm)
|
if (!gpgsm)
|
||||||
return gpg_error (GPG_ERR_INV_VALUE);
|
return gpg_error (GPG_ERR_INV_VALUE);
|
||||||
|
|
||||||
|
@ -962,7 +962,8 @@ static gpgme_error_t
|
|||||||
uiserver_decrypt (void *engine,
|
uiserver_decrypt (void *engine,
|
||||||
gpgme_decrypt_flags_t flags,
|
gpgme_decrypt_flags_t flags,
|
||||||
gpgme_data_t ciph, gpgme_data_t plain,
|
gpgme_data_t ciph, gpgme_data_t plain,
|
||||||
int export_session_key, const char *override_session_key)
|
int export_session_key, const char *override_session_key,
|
||||||
|
int auto_key_retrieve)
|
||||||
{
|
{
|
||||||
engine_uiserver_t uiserver = engine;
|
engine_uiserver_t uiserver = engine;
|
||||||
gpgme_error_t err;
|
gpgme_error_t err;
|
||||||
@ -972,6 +973,8 @@ uiserver_decrypt (void *engine,
|
|||||||
|
|
||||||
(void)override_session_key; /* Fixme: We need to see now to add this
|
(void)override_session_key; /* Fixme: We need to see now to add this
|
||||||
* to the UI server protocol */
|
* to the UI server protocol */
|
||||||
|
(void)auto_key_retrieve; /* Not yet supported. */
|
||||||
|
|
||||||
|
|
||||||
if (!uiserver)
|
if (!uiserver)
|
||||||
return gpg_error (GPG_ERR_INV_VALUE);
|
return gpg_error (GPG_ERR_INV_VALUE);
|
||||||
|
@ -656,7 +656,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
|
|||||||
gpgme_decrypt_flags_t flags,
|
gpgme_decrypt_flags_t flags,
|
||||||
gpgme_data_t ciph,
|
gpgme_data_t ciph,
|
||||||
gpgme_data_t plain, int export_session_key,
|
gpgme_data_t plain, int export_session_key,
|
||||||
const char *override_session_key)
|
const char *override_session_key,
|
||||||
|
int auto_key_retrieve)
|
||||||
{
|
{
|
||||||
if (!engine)
|
if (!engine)
|
||||||
return gpg_error (GPG_ERR_INV_VALUE);
|
return gpg_error (GPG_ERR_INV_VALUE);
|
||||||
@ -665,7 +666,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
|
|||||||
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
||||||
|
|
||||||
return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain,
|
return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain,
|
||||||
export_session_key, override_session_key);
|
export_session_key, override_session_key,
|
||||||
|
auto_key_retrieve);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -88,7 +88,8 @@ gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine,
|
|||||||
gpgme_data_t ciph,
|
gpgme_data_t ciph,
|
||||||
gpgme_data_t plain,
|
gpgme_data_t plain,
|
||||||
int export_session_key,
|
int export_session_key,
|
||||||
const char *override_session_key);
|
const char *override_session_key,
|
||||||
|
int auto_key_retrieve);
|
||||||
gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
|
gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
|
||||||
unsigned int flags);
|
unsigned int flags);
|
||||||
gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,
|
gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,
|
||||||
|
@ -531,6 +531,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
|
|||||||
if (!ctx->override_session_key)
|
if (!ctx->override_session_key)
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
}
|
}
|
||||||
|
else if (!strcmp (name, "auto-key-retrieve"))
|
||||||
|
{
|
||||||
|
ctx->auto_key_retrieve = abool;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
err = gpg_error (GPG_ERR_UNKNOWN_NAME);
|
err = gpg_error (GPG_ERR_UNKNOWN_NAME);
|
||||||
|
|
||||||
@ -568,6 +572,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
|
|||||||
{
|
{
|
||||||
return ctx->override_session_key? ctx->override_session_key : "";
|
return ctx->override_session_key? ctx->override_session_key : "";
|
||||||
}
|
}
|
||||||
|
else if (!strcmp (name, "auto-key-retrieve"))
|
||||||
|
{
|
||||||
|
return ctx->auto_key_retrieve? "1":"";
|
||||||
|
}
|
||||||
else
|
else
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -222,6 +222,7 @@ show_usage (int ex)
|
|||||||
" --openpgp use the OpenPGP protocol (default)\n"
|
" --openpgp use the OpenPGP protocol (default)\n"
|
||||||
" --cms use the CMS protocol\n"
|
" --cms use the CMS protocol\n"
|
||||||
" --sender MBOX use MBOX as sender address\n"
|
" --sender MBOX use MBOX as sender address\n"
|
||||||
|
" --auto-key-retrieve\n"
|
||||||
, stderr);
|
, stderr);
|
||||||
exit (ex);
|
exit (ex);
|
||||||
}
|
}
|
||||||
@ -231,6 +232,7 @@ int
|
|||||||
main (int argc, char **argv)
|
main (int argc, char **argv)
|
||||||
{
|
{
|
||||||
int last_argc = -1;
|
int last_argc = -1;
|
||||||
|
const char *s;
|
||||||
gpgme_error_t err;
|
gpgme_error_t err;
|
||||||
gpgme_ctx_t ctx;
|
gpgme_ctx_t ctx;
|
||||||
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
|
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
|
||||||
@ -241,6 +243,7 @@ main (int argc, char **argv)
|
|||||||
gpgme_verify_result_t result;
|
gpgme_verify_result_t result;
|
||||||
int print_status = 0;
|
int print_status = 0;
|
||||||
const char *sender = NULL;
|
const char *sender = NULL;
|
||||||
|
int auto_key_retrieve = 0;
|
||||||
|
|
||||||
if (argc)
|
if (argc)
|
||||||
{ argc--; argv++; }
|
{ argc--; argv++; }
|
||||||
@ -283,6 +286,12 @@ main (int argc, char **argv)
|
|||||||
sender = *argv;
|
sender = *argv;
|
||||||
argc--; argv++;
|
argc--; argv++;
|
||||||
}
|
}
|
||||||
|
else if (!strcmp (*argv, "--auto-key-retrieve"))
|
||||||
|
{
|
||||||
|
auto_key_retrieve = 1;
|
||||||
|
argc--; argv++;
|
||||||
|
}
|
||||||
|
|
||||||
else if (!strncmp (*argv, "--", 2))
|
else if (!strncmp (*argv, "--", 2))
|
||||||
show_usage (1);
|
show_usage (1);
|
||||||
|
|
||||||
@ -323,6 +332,18 @@ main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
/* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */
|
/* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */
|
||||||
|
|
||||||
|
if (auto_key_retrieve)
|
||||||
|
{
|
||||||
|
gpgme_set_ctx_flag (ctx, "auto-key-retrieve", "1");
|
||||||
|
s = gpgme_get_ctx_flag (ctx, "auto-key-retrieve");
|
||||||
|
if (!s || strcmp (s, "1"))
|
||||||
|
{
|
||||||
|
fprintf (stderr, PGM ": gpgme_get_ctx_flag failed for '%s'\n",
|
||||||
|
"auto-key-retrieve");
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (sender)
|
if (sender)
|
||||||
{
|
{
|
||||||
err = gpgme_set_sender (ctx, sender);
|
err = gpgme_set_sender (ctx, sender);
|
||||||
|
Loading…
Reference in New Issue
Block a user