From 776876ce1c4c5da3a0fe1dc538fc7a67cf18c054 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 31 Aug 2023 11:13:38 +0200
Subject: gpgsm: Add --always-trust feature.

* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--

GnuPG-bug-id: 6559
---
 sm/server.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'sm/server.c')

diff --git a/sm/server.c b/sm/server.c
index b545c1bfb..184ec9379 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -287,6 +287,17 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
           ctrl->offline = i;
         }
     }
+  else if (!strcmp (key, "always-trust"))
+    {
+      /* We ignore this option if gpgsm has been started with
+         --always-trust (which also sets offline) and if
+         --require-compliance is active */
+      if (!opt.always_trust && !opt.require_compliance)
+        {
+          int i = *value? !!atoi (value) : 1;
+          ctrl->always_trust = i;
+        }
+    }
   else if (!strcmp (key, "request-origin"))
     {
       if (!opt.request_origin)
@@ -320,6 +331,7 @@ reset_notify (assuan_context_t ctx, char *line)
   gpgsm_release_certlist (ctrl->server_local->signerlist);
   ctrl->server_local->recplist = NULL;
   ctrl->server_local->signerlist = NULL;
+  ctrl->always_trust = 0;
   close_message_fd (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
@@ -488,6 +500,7 @@ cmd_encrypt (assuan_context_t ctx, char *line)
 
   gpgsm_release_certlist (ctrl->server_local->recplist);
   ctrl->server_local->recplist = NULL;
+  ctrl->always_trust = 0;
   /* Close and reset the fd */
   close_message_fd (ctrl);
   assuan_close_input_fd (ctx);
@@ -1189,7 +1202,8 @@ static const char hlp_getinfo[] =
   "  agent-check - Return success if the agent is running.\n"
   "  cmd_has_option CMD OPT\n"
   "              - Returns OK if the command CMD implements the option OPT.\n"
-  "  offline     - Returns OK if the connection is in offline mode.";
+  "  offline     - Returns OK if the connection is in offline mode."
+  "  always-trust- Returns OK if the connection is in always-trust mode.";
 static gpg_error_t
 cmd_getinfo (assuan_context_t ctx, char *line)
 {
@@ -1248,6 +1262,11 @@ cmd_getinfo (assuan_context_t ctx, char *line)
     {
       rc = ctrl->offline? 0 : gpg_error (GPG_ERR_FALSE);
     }
+  else if (!strcmp (line, "always-trust"))
+    {
+      rc = (ctrl->always_trust || opt.always_trust)? 0
+           /**/                                    : gpg_error (GPG_ERR_FALSE);
+    }
   else
     rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
 
-- 
cgit v1.2.3