security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

agent: New option --no-user-trustlist and --sys-trustlist-name.

Browse source 
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here.  Implement --no-user-trustlist.
--

With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt.  However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.

The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.

GnuPG-bug-id: 5990
This commit is contained in:
Werner Koch 2022-06-14 14:25:21 +02:00
parent 34c649b360
commit 1530d04725
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 71 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

12
agent/gpg-agent.c
View file

@ -128,6 +128,8 @@ enum cmd_and_opt_values
oIgnoreCacheForSigning,
oAllowMarkTrusted,
oNoAllowMarkTrusted,
oNoUserTrustlist,
oSysTrustlistName,
oAllowPresetPassphrase,
oAllowLoopbackPinentry,
oNoAllowLoopbackPinentry,
@ -251,6 +253,8 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted",
/* */ N_("disallow clients to mark keys as \"trusted\"")),
ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"),
ARGPARSE_s_n (oNoUserTrustlist, "no-user-trustlist", "@"),
ARGPARSE_s_s (oSysTrustlistName, "sys-trustlist-name", "@"),
ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
/* */ N_("allow presetting passphrase")),
ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
@ -871,6 +875,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
opt.enable_extended_key_format = 1;
opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 1;
opt.sys_trustlist_name = NULL;
opt.allow_external_cache = 1;
opt.allow_loopback_pinentry = 1;
opt.allow_emacs_pinentry = 0;
@ -968,6 +973,8 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
case oNoUserTrustlist: opt.no_user_trustlist = 1; break;
case oSysTrustlistName: opt.sys_trustlist_name = pargs->r.ret_str; break;
case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
@ -1013,6 +1020,11 @@ finalize_rereadable_options (void)
/* Hack to allow --grab to override --no-grab. */
if ((opt.no_grab & 2))
opt.no_grab = 0;
/* With --no-user-trustlist it does not make sense to allow the mark
* trusted feature. */
if (opt.no_user_trustlist)
opt.allow_mark_trusted = 0;
}