core: New context flag "auto-key-retrieve"

* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag
"auto-key-retrieve".
* src/context.h (gpgme_context): New field auto_key_retrieve.
* src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve
to field 'decrypt'.
* src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass
option --auto-key-retrieve to gpg.  Adjust all callers.
(gpg_verify): Ditto.
* src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve.
* src/engine-uiserver.c (uiserver_decrypt): Ditto.
* tests/run-verify.c (main): Add option --auto-key-retrieve.
--

This makes the --auto-key-retrieve option available in the GPGME API.

Test plan:
Run

  GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE

with and without its new option --auto-key-retrieve and check in the
trace stored in "out" whether --auto-key-retrieve was passed to gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-08-24 17:17:11 +02:00
parent 6745eb69e2
commit 47f61df070
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
13 changed files with 72 additions and 9 deletions

1
NEWS
View File

@ -11,6 +11,7 @@ Noteworthy changes in version 1.10.0 (unreleased)
GPGME_DELETE_ALLOW_SECRET NEW. GPGME_DELETE_ALLOW_SECRET NEW.
GPGME_DELETE_FORCE NEW. GPGME_DELETE_FORCE NEW.
gpgme_op_conf_dir NEW. gpgme_op_conf_dir NEW.
gpgme_set_ctx_flag EXTENDED: New flag 'auto-key-retrieve'.
cpp: DecryptionResult::isDeVs NEW. cpp: DecryptionResult::isDeVs NEW.
cpp: Signature::isDeVs NEW. cpp: Signature::isDeVs NEW.
py: DecryptResult EXTENDED: New boolean field 'is_de_vs'. py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.

View File

@ -3055,6 +3055,16 @@ the context flag "export-session-key" is enabled. Please be aware that
using this feature with GnuPG < 2.1.16 will leak the session key on using this feature with GnuPG < 2.1.16 will leak the session key on
many platforms via ps(1). many platforms via ps(1).
@item "auto-key-retrieve"
Setting the @var{value} to "1" asks the backend to automatically
retrieve a key for signature verification if possible. Note that this
option makes a "web bug" like behavior possible. Keyserver or Web Key
Directory operators can see which keys you request, so by sending you
a message signed by a brand new key (which you naturally will not have
on your local keyring), the operator can tell both your IP address and
the time when you verified the signature.
@end table @end table
This function returns @code{0} on success. This function returns @code{0} on success.

View File

@ -118,6 +118,9 @@ struct gpgme_context
* flag is cleared with each operation. */ * flag is cleared with each operation. */
unsigned int redraw_suggested : 1; unsigned int redraw_suggested : 1;
/* True if the option --auto-key-retrieve shall be passed to gpg. */
unsigned int auto_key_retrieve : 1;
/* Flags for keylist mode. */ /* Flags for keylist mode. */
gpgme_keylist_mode_t keylist_mode; gpgme_keylist_mode_t keylist_mode;

View File

@ -86,7 +86,8 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous,
flags, flags,
cipher, plain, cipher, plain,
ctx->export_session_keys, ctx->export_session_keys,
ctx->override_session_key); ctx->override_session_key,
ctx->auto_key_retrieve);
} }

View File

@ -452,7 +452,8 @@ _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
flags, flags,
cipher, plain, cipher, plain,
ctx->export_session_keys, ctx->export_session_keys,
ctx->override_session_key); ctx->override_session_key,
ctx->auto_key_retrieve);
} }

View File

@ -65,7 +65,8 @@ struct engine_ops
gpgme_decrypt_flags_t flags, gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t ciph,
gpgme_data_t plain, int export_session_key, gpgme_data_t plain, int export_session_key,
const char *override_session_key); const char *override_session_key,
int auto_key_retrieve);
gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags); gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags);
gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key, gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */); gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);

View File

@ -1562,7 +1562,8 @@ static gpgme_error_t
gpg_decrypt (void *engine, gpg_decrypt (void *engine,
gpgme_decrypt_flags_t flags, gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain, gpgme_data_t ciph, gpgme_data_t plain,
int export_session_key, const char *override_session_key) int export_session_key, const char *override_session_key,
int auto_key_retrieve)
{ {
engine_gpg_t gpg = engine; engine_gpg_t gpg = engine;
gpgme_error_t err; gpgme_error_t err;
@ -1580,6 +1581,9 @@ gpg_decrypt (void *engine,
if (!err && export_session_key) if (!err && export_session_key)
err = add_arg (gpg, "--show-session-key"); err = add_arg (gpg, "--show-session-key");
if (!err && auto_key_retrieve)
err = add_arg (gpg, "--auto-key-retrieve");
if (!err && override_session_key && *override_session_key) if (!err && override_session_key && *override_session_key)
{ {
if (have_gpg_version (gpg, "2.1.16")) if (have_gpg_version (gpg, "2.1.16"))
@ -2997,6 +3001,9 @@ gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
gpgme_error_t err; gpgme_error_t err;
err = append_args_from_sender (gpg, ctx); err = append_args_from_sender (gpg, ctx);
if (!err && ctx->auto_key_retrieve)
err = add_arg (gpg, "--auto-key-retrieve");
if (err) if (err)
; ;
else if (plaintext) else if (plaintext)

View File

@ -1130,7 +1130,8 @@ static gpgme_error_t
gpgsm_decrypt (void *engine, gpgsm_decrypt (void *engine,
gpgme_decrypt_flags_t flags, gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain, gpgme_data_t ciph, gpgme_data_t plain,
int export_session_key, const char *override_session_key) int export_session_key, const char *override_session_key,
int auto_key_retrieve)
{ {
engine_gpgsm_t gpgsm = engine; engine_gpgsm_t gpgsm = engine;
gpgme_error_t err; gpgme_error_t err;
@ -1142,6 +1143,9 @@ gpgsm_decrypt (void *engine,
(void)export_session_key; (void)export_session_key;
(void)override_session_key; (void)override_session_key;
/* --auto-key-retrieve is also not supported. */
(void)auto_key_retrieve;
if (!gpgsm) if (!gpgsm)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);

View File

@ -962,7 +962,8 @@ static gpgme_error_t
uiserver_decrypt (void *engine, uiserver_decrypt (void *engine,
gpgme_decrypt_flags_t flags, gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t plain, gpgme_data_t ciph, gpgme_data_t plain,
int export_session_key, const char *override_session_key) int export_session_key, const char *override_session_key,
int auto_key_retrieve)
{ {
engine_uiserver_t uiserver = engine; engine_uiserver_t uiserver = engine;
gpgme_error_t err; gpgme_error_t err;
@ -972,6 +973,8 @@ uiserver_decrypt (void *engine,
(void)override_session_key; /* Fixme: We need to see now to add this (void)override_session_key; /* Fixme: We need to see now to add this
* to the UI server protocol */ * to the UI server protocol */
(void)auto_key_retrieve; /* Not yet supported. */
if (!uiserver) if (!uiserver)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);

View File

@ -656,7 +656,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
gpgme_decrypt_flags_t flags, gpgme_decrypt_flags_t flags,
gpgme_data_t ciph, gpgme_data_t ciph,
gpgme_data_t plain, int export_session_key, gpgme_data_t plain, int export_session_key,
const char *override_session_key) const char *override_session_key,
int auto_key_retrieve)
{ {
if (!engine) if (!engine)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
@ -665,7 +666,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
return gpg_error (GPG_ERR_NOT_IMPLEMENTED); return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain, return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain,
export_session_key, override_session_key); export_session_key, override_session_key,
auto_key_retrieve);
} }

View File

@ -88,7 +88,8 @@ gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine,
gpgme_data_t ciph, gpgme_data_t ciph,
gpgme_data_t plain, gpgme_data_t plain,
int export_session_key, int export_session_key,
const char *override_session_key); const char *override_session_key,
int auto_key_retrieve);
gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key, gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
unsigned int flags); unsigned int flags);
gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type, gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,

View File

@ -531,6 +531,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
if (!ctx->override_session_key) if (!ctx->override_session_key)
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
} }
else if (!strcmp (name, "auto-key-retrieve"))
{
ctx->auto_key_retrieve = abool;
}
else else
err = gpg_error (GPG_ERR_UNKNOWN_NAME); err = gpg_error (GPG_ERR_UNKNOWN_NAME);
@ -568,6 +572,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
{ {
return ctx->override_session_key? ctx->override_session_key : ""; return ctx->override_session_key? ctx->override_session_key : "";
} }
else if (!strcmp (name, "auto-key-retrieve"))
{
return ctx->auto_key_retrieve? "1":"";
}
else else
return NULL; return NULL;
} }

View File

@ -222,6 +222,7 @@ show_usage (int ex)
" --openpgp use the OpenPGP protocol (default)\n" " --openpgp use the OpenPGP protocol (default)\n"
" --cms use the CMS protocol\n" " --cms use the CMS protocol\n"
" --sender MBOX use MBOX as sender address\n" " --sender MBOX use MBOX as sender address\n"
" --auto-key-retrieve\n"
, stderr); , stderr);
exit (ex); exit (ex);
} }
@ -231,6 +232,7 @@ int
main (int argc, char **argv) main (int argc, char **argv)
{ {
int last_argc = -1; int last_argc = -1;
const char *s;
gpgme_error_t err; gpgme_error_t err;
gpgme_ctx_t ctx; gpgme_ctx_t ctx;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
@ -241,6 +243,7 @@ main (int argc, char **argv)
gpgme_verify_result_t result; gpgme_verify_result_t result;
int print_status = 0; int print_status = 0;
const char *sender = NULL; const char *sender = NULL;
int auto_key_retrieve = 0;
if (argc) if (argc)
{ argc--; argv++; } { argc--; argv++; }
@ -283,6 +286,12 @@ main (int argc, char **argv)
sender = *argv; sender = *argv;
argc--; argv++; argc--; argv++;
} }
else if (!strcmp (*argv, "--auto-key-retrieve"))
{
auto_key_retrieve = 1;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2)) else if (!strncmp (*argv, "--", 2))
show_usage (1); show_usage (1);
@ -323,6 +332,18 @@ main (int argc, char **argv)
} }
/* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */ /* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */
if (auto_key_retrieve)
{
gpgme_set_ctx_flag (ctx, "auto-key-retrieve", "1");
s = gpgme_get_ctx_flag (ctx, "auto-key-retrieve");
if (!s || strcmp (s, "1"))
{
fprintf (stderr, PGM ": gpgme_get_ctx_flag failed for '%s'\n",
"auto-key-retrieve");
exit (1);
}
}
if (sender) if (sender)
{ {
err = gpgme_set_sender (ctx, sender); err = gpgme_set_sender (ctx, sender);