gpg: New command --quick-set-ownertrust.

* g10/gpg.c (aQuickSetOwnertrust): New. (opts): Add new command. (main): Implement it. * g10/keyedit.c (keyedit_quick_set_ownertrust): New.
2024-04-17 11:42:20 +02:00 · 2024-04-17 11:42:20 +02:00 · 21f7ad563d
parent 2a71c3cf97
commit 21f7ad563d
4 changed files with 105 additions and 2 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1223,12 +1223,19 @@ all affected self-signatures is set one second ahead.
 This command updates the preference list of the key to the current
 default value (either built-in or set via
@option{--default-preference-list}).  This is the unattended version
-of of using "setpref" in the @option{--key-edit} menu without giving a
+of using "setpref" in the @option{--key-edit} menu without giving a
 list.  Note that you can show the preferences in a key listing by
 using @option{--list-options show-pref} or @option{--list-options
 show-pref-verbose}.  You should also re-distribute updated keys to
 your peers.

+@item --quick-set-ownertrust  @var{user-id} @var{value}
+@opindex quick-set-ownertrust
+This command sets the ownertrust of a key and can also be used to set
+the disable flag of a key.  This is the unattended version of using
+"trust", "disable", or "enable" in the @option{--key-edit} menu.
+
+
@item --change-passphrase @var{user-id}
@opindex change-passphrase
@itemx --passwd @var{user-id}
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -136,6 +136,7 @@ enum cmd_and_opt_values
    aQuickSetExpire,
    aQuickSetPrimaryUid,
    aQuickUpdatePref,
+    aQuickSetOwnertrust,
    aListConfig,
    aListGcryptConfig,
    aGPGConfList,
@ -504,6 +505,7 @@ static gpgrt_opt_t opts[] = {
              N_("quickly set a new expiration date")),
  ARGPARSE_c (aQuickSetPrimaryUid,  "quick-set-primary-uid", "@"),
  ARGPARSE_c (aQuickUpdatePref,  "quick-update-pref", "@"),
+  ARGPARSE_c (aQuickSetOwnertrust,  "quick-set-ownertrust", "@"),
  ARGPARSE_c (aFullKeygen,  "full-generate-key" ,
              N_("full featured key pair generation")),
  ARGPARSE_c (aFullKeygen,  "full-gen-key", "@"),
@ -2722,6 +2724,7 @@ main (int argc, char **argv)
 	  case aQuickSetExpire:
 	  case aQuickSetPrimaryUid:
 	  case aQuickUpdatePref:
+	  case aQuickSetOwnertrust:
 	  case aExportOwnerTrust:
 	  case aImportOwnerTrust:
          case aRebuildKeydbCaches:
@ -4405,6 +4408,7 @@ main (int argc, char **argv)
      case aQuickRevUid:
      case aQuickSetPrimaryUid:
      case aQuickUpdatePref:
+      case aQuickSetOwnertrust:
      case aFullKeygen:
      case aKeygen:
      case aImport:
@ -4926,6 +4930,15 @@ main (int argc, char **argv)
        }
 	break;

+      case aQuickSetOwnertrust:
+        {
+          if (argc != 2)
+            wrong_args ("--quick-set-ownertrust USER-ID"
+                        " [enable|disable|full|...]");
+          keyedit_quick_set_ownertrust (ctrl, argv[0], argv[1]);
+        }
+	break;
+
      case aFastImport:
        opt.import_options |= IMPORT_FAST; /* fall through */
      case aImport:
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -2755,6 +2755,87 @@ keyedit_quick_update_pref (ctrl_t ctrl, const char *username)
 }


+/* Unattended updating of the ownertrust or disable/enable state of a key
+ * USERNAME specifies the key.  This is somewhat similar to
+ *      gpg --edit-key <userid> trust save
+ *      gpg --edit-key <userid> disable save
+ *
+ * VALUE is the new trust value which is one of:
+ *    "undefined"  - Ownertrust is set to undefined
+ *    "never"      - Ownertrust is set to never trust
+ *    "marginal"   - Ownertrust is set to marginal trust
+ *    "full"       - Ownertrust is set to full trust
+ *    "ultimate"   - Ownertrust is set to ultimate trust
+ *    "enable"     - The key is re-enabled.
+ *    "disable"    - The key is disabled.
+ * Trust settings do not change the ebable/disable state.
+ */
+void
+keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
+                              const char *value)
+{
+  gpg_error_t err;
+  KEYDB_HANDLE kdbhd = NULL;
+  kbnode_t keyblock = NULL;
+  PKT_public_key *pk;
+  unsigned int trust, newtrust;
+  int x;
+  int maybe_update_trust = 0;
+
+#ifdef HAVE_W32_SYSTEM
+  /* See keyedit_menu for why we need this.  */
+  check_trustdb_stale (ctrl);
+#endif
+
+  /* Search the key; we don't want the whole getkey stuff here.  Note
+   * that we are looking for the public key here.  */
+  err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
+  if (err)
+    goto leave;
+  log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+              || keyblock->pkt->pkttype == PKT_SECRET_KEY);
+  pk = keyblock->pkt->pkt.public_key;
+
+  trust = newtrust = get_ownertrust (ctrl, pk);
+
+  if (!ascii_strcasecmp (value, "enable"))
+    newtrust &= ~TRUST_FLAG_DISABLED;
+  else if (!ascii_strcasecmp (value, "disable"))
+    newtrust |= TRUST_FLAG_DISABLED;
+  else if ((x = string_to_trust_value (value)) >= 0)
+    {
+      newtrust = x;
+      newtrust &= TRUST_MASK;
+      newtrust |= (trust & ~TRUST_MASK);
+      maybe_update_trust = 1;
+    }
+  else
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  if (trust != newtrust)
+    {
+      update_ownertrust (ctrl, pk, newtrust);
+      if (maybe_update_trust)
+        revalidation_mark (ctrl);
+    }
+  else if (opt.verbose)
+    log_info (_("Key not changed so no update needed.\n"));
+
+ leave:
+  if (err)
+    {
+      log_error (_("setting the ownertrust to '%s' failed: %s\n"),
+                 value, gpg_strerror (err));
+      write_status_error ("keyedit.setownertrust", err);
+    }
+  release_kbnode (keyblock);
+  keydb_release (kdbhd);
+}
+
+
 /* Find a keyblock by fingerprint because only this uniquely
 * identifies a key and may thus be used to select a key for
 * unattended subkey creation os key signing.  */
@ -2999,7 +3080,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev,
  check_trustdb_stale (ctrl);
 #endif

-  /* Search the key; we don't want the whole getkey stuff here.  Noet
+  /* Search the key; we don't want the whole getkey stuff here.  Note
   * that we are looking for the public key here.  */
  err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
  if (err)
--- a/g10/keyedit.h
+++ b/g10/keyedit.h
@ -57,6 +57,8 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
 void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
                                const char *primaryuid);
 void keyedit_quick_update_pref (ctrl_t ctrl, const char *username);
+void keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
+                                   const char *value);
 void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec);
 int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
                           int rc, kbnode_t keyblock,