diff options
| -rw-r--r-- | doc/gpg.texi | 6 | ||||
| -rw-r--r-- | g10/gpg.c | 49 |
2 files changed, 46 insertions, 9 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 7723b7c53..537b8900f 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3635,6 +3635,12 @@ This option modifies the behaviour of the commands sub-commands of @option{--edit-key} by forcing the creation of a key signature, even if one already exists. +@item --forbid-gen-key +@opindex forbid-gen-key +This option is intended for use in the global config file to disallow +the use of generate key commands. Those commands will then fail with +the error code for Not Enabled. + @item --allow-secret-key-import @opindex allow-secret-key-import This is an obsolete option and is not used anywhere. @@ -440,6 +440,7 @@ enum cmd_and_opt_values oNoIncludeKeyBlock, oChUid, oForceSignKey, + oForbidGenKey, oNoop }; @@ -907,6 +908,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oChUid, "chuid", "@"), ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"), ARGPARSE_s_n (oUseKeyboxd, "use-keyboxd", "@"), + ARGPARSE_s_n (oForbidGenKey, "forbid-gen-key", "@"), /* Options which can be used in special circumstances. They are not * published and we hope they are never required. */ ARGPARSE_s_n (oUseOnlyOpenPGPCard, "use-only-openpgp-card", "@"), @@ -1025,6 +1027,12 @@ static int maybe_setuid = 1; static unsigned int opt_set_iobuf_size; static unsigned int opt_set_iobuf_size_used; +/* Collection of options used only in this module. */ +static struct { + unsigned int forbid_gen_key; +} mopt; + + static char *build_list( const char *text, char letter, const char *(*mapf)(int), int (*chkf)(int) ); static void set_cmd( enum cmd_and_opt_values *ret_cmd, @@ -1036,6 +1044,8 @@ static void add_keyserver_url( const char *string, int which ); static void emergency_cleanup (void); static void read_sessionkey_from_fd (int fd); + + /* NPth wrapper function definitions. */ ASSUAN_SYSTEM_NPTH_IMPL; @@ -2292,8 +2302,13 @@ set_compliance_option (enum cmd_and_opt_values option) } - - +static void +gen_key_forbidden (void) +{ + write_status_failure ("gen-key", gpg_error (GPG_ERR_NOT_ENABLED)); + log_error (_("This command is not allowed while in %s mode.\n"), + "forbid-gen-key"); +} /* This function called to initialized a new control object. It is @@ -3703,6 +3718,10 @@ main (int argc, char **argv) opt.flags.full_timestrings = 1; break; + case oForbidGenKey: + mopt.forbid_gen_key = 1; + break; + case oNoop: break; default: @@ -4683,18 +4702,25 @@ main (int argc, char **argv) } } } - quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire); + if (mopt.forbid_gen_key) + gen_key_forbidden (); + else + quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire); xfree (username); } break; case aKeygen: /* generate a key */ - if( opt.batch ) { + if (mopt.forbid_gen_key) + gen_key_forbidden (); + else if( opt.batch ) + { if( argc > 1 ) wrong_args("--generate-key [parameterfile]"); generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0); - } - else { + } + else + { if (opt.command_fd != -1 && argc) { if( argc > 1 ) @@ -4707,11 +4733,13 @@ main (int argc, char **argv) wrong_args ("--generate-key"); else generate_keypair (ctrl, 0, NULL, NULL, 0); - } + } break; case aFullKeygen: /* Generate a key with all options. */ - if (opt.batch) + if (mopt.forbid_gen_key) + gen_key_forbidden (); + else if (opt.batch) { if (argc > 1) wrong_args ("--full-generate-key [parameterfile]"); @@ -4759,7 +4787,10 @@ main (int argc, char **argv) } } } - keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire); + if (mopt.forbid_gen_key) + gen_key_forbidden (); + else + keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire); } break; |