From 21f7ad563d9bcb6d295e8f313f29b14238e7481f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 17 Apr 2024 11:42:20 +0200
Subject: [PATCH] gpg: New command --quick-set-ownertrust.

* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
---
 doc/gpg.texi  |  9 +++++-
 g10/gpg.c     | 13 ++++++++
 g10/keyedit.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 g10/keyedit.h |  2 ++
 4 files changed, 105 insertions(+), 2 deletions(-)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index f5a6fdd4d..2fe6a8448 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1223,12 +1223,19 @@ all affected self-signatures is set one second ahead.
 This command updates the preference list of the key to the current
 default value (either built-in or set via
 @option{--default-preference-list}).  This is the unattended version
-of of using "setpref" in the @option{--key-edit} menu without giving a
+of using "setpref" in the @option{--key-edit} menu without giving a
 list.  Note that you can show the preferences in a key listing by
 using @option{--list-options show-pref} or @option{--list-options
 show-pref-verbose}.  You should also re-distribute updated keys to
 your peers.
 
+@item --quick-set-ownertrust  @var{user-id} @var{value}
+@opindex quick-set-ownertrust
+This command sets the ownertrust of a key and can also be used to set
+the disable flag of a key.  This is the unattended version of using
+"trust", "disable", or "enable" in the @option{--key-edit} menu.
+
+
 @item --change-passphrase @var{user-id}
 @opindex change-passphrase
 @itemx --passwd @var{user-id}
diff --git a/g10/gpg.c b/g10/gpg.c
index e8894ab4a..7cb83c443 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -136,6 +136,7 @@ enum cmd_and_opt_values
     aQuickSetExpire,
     aQuickSetPrimaryUid,
     aQuickUpdatePref,
+    aQuickSetOwnertrust,
     aListConfig,
     aListGcryptConfig,
     aGPGConfList,
@@ -504,6 +505,7 @@ static gpgrt_opt_t opts[] = {
               N_("quickly set a new expiration date")),
   ARGPARSE_c (aQuickSetPrimaryUid,  "quick-set-primary-uid", "@"),
   ARGPARSE_c (aQuickUpdatePref,  "quick-update-pref", "@"),
+  ARGPARSE_c (aQuickSetOwnertrust,  "quick-set-ownertrust", "@"),
   ARGPARSE_c (aFullKeygen,  "full-generate-key" ,
               N_("full featured key pair generation")),
   ARGPARSE_c (aFullKeygen,  "full-gen-key", "@"),
@@ -2722,6 +2724,7 @@ main (int argc, char **argv)
 	  case aQuickSetExpire:
 	  case aQuickSetPrimaryUid:
 	  case aQuickUpdatePref:
+	  case aQuickSetOwnertrust:
 	  case aExportOwnerTrust:
 	  case aImportOwnerTrust:
           case aRebuildKeydbCaches:
@@ -4405,6 +4408,7 @@ main (int argc, char **argv)
       case aQuickRevUid:
       case aQuickSetPrimaryUid:
       case aQuickUpdatePref:
+      case aQuickSetOwnertrust:
       case aFullKeygen:
       case aKeygen:
       case aImport:
@@ -4926,6 +4930,15 @@ main (int argc, char **argv)
         }
 	break;
 
+      case aQuickSetOwnertrust:
+        {
+          if (argc != 2)
+            wrong_args ("--quick-set-ownertrust USER-ID"
+                        " [enable|disable|full|...]");
+          keyedit_quick_set_ownertrust (ctrl, argv[0], argv[1]);
+        }
+	break;
+
       case aFastImport:
         opt.import_options |= IMPORT_FAST; /* fall through */
       case aImport:
diff --git a/g10/keyedit.c b/g10/keyedit.c
index a09797a36..81ea06c24 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2755,6 +2755,87 @@ keyedit_quick_update_pref (ctrl_t ctrl, const char *username)
 }
 
 
+/* Unattended updating of the ownertrust or disable/enable state of a key
+ * USERNAME specifies the key.  This is somewhat similar to
+ *      gpg --edit-key <userid> trust save
+ *      gpg --edit-key <userid> disable save
+ *
+ * VALUE is the new trust value which is one of:
+ *    "undefined"  - Ownertrust is set to undefined
+ *    "never"      - Ownertrust is set to never trust
+ *    "marginal"   - Ownertrust is set to marginal trust
+ *    "full"       - Ownertrust is set to full trust
+ *    "ultimate"   - Ownertrust is set to ultimate trust
+ *    "enable"     - The key is re-enabled.
+ *    "disable"    - The key is disabled.
+ * Trust settings do not change the ebable/disable state.
+ */
+void
+keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
+                              const char *value)
+{
+  gpg_error_t err;
+  KEYDB_HANDLE kdbhd = NULL;
+  kbnode_t keyblock = NULL;
+  PKT_public_key *pk;
+  unsigned int trust, newtrust;
+  int x;
+  int maybe_update_trust = 0;
+
+#ifdef HAVE_W32_SYSTEM
+  /* See keyedit_menu for why we need this.  */
+  check_trustdb_stale (ctrl);
+#endif
+
+  /* Search the key; we don't want the whole getkey stuff here.  Note
+   * that we are looking for the public key here.  */
+  err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
+  if (err)
+    goto leave;
+  log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+              || keyblock->pkt->pkttype == PKT_SECRET_KEY);
+  pk = keyblock->pkt->pkt.public_key;
+
+  trust = newtrust = get_ownertrust (ctrl, pk);
+
+  if (!ascii_strcasecmp (value, "enable"))
+    newtrust &= ~TRUST_FLAG_DISABLED;
+  else if (!ascii_strcasecmp (value, "disable"))
+    newtrust |= TRUST_FLAG_DISABLED;
+  else if ((x = string_to_trust_value (value)) >= 0)
+    {
+      newtrust = x;
+      newtrust &= TRUST_MASK;
+      newtrust |= (trust & ~TRUST_MASK);
+      maybe_update_trust = 1;
+    }
+  else
+    {
+      err = gpg_error (GPG_ERR_INV_ARG);
+      goto leave;
+    }
+
+  if (trust != newtrust)
+    {
+      update_ownertrust (ctrl, pk, newtrust);
+      if (maybe_update_trust)
+        revalidation_mark (ctrl);
+    }
+  else if (opt.verbose)
+    log_info (_("Key not changed so no update needed.\n"));
+
+ leave:
+  if (err)
+    {
+      log_error (_("setting the ownertrust to '%s' failed: %s\n"),
+                 value, gpg_strerror (err));
+      write_status_error ("keyedit.setownertrust", err);
+    }
+  release_kbnode (keyblock);
+  keydb_release (kdbhd);
+}
+
+
 /* Find a keyblock by fingerprint because only this uniquely
  * identifies a key and may thus be used to select a key for
  * unattended subkey creation os key signing.  */
@@ -2999,7 +3080,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev,
   check_trustdb_stale (ctrl);
 #endif
 
-  /* Search the key; we don't want the whole getkey stuff here.  Noet
+  /* Search the key; we don't want the whole getkey stuff here.  Note
    * that we are looking for the public key here.  */
   err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
   if (err)
diff --git a/g10/keyedit.h b/g10/keyedit.h
index abf7314af..7cb01268e 100644
--- a/g10/keyedit.h
+++ b/g10/keyedit.h
@@ -57,6 +57,8 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
 void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
                                 const char *primaryuid);
 void keyedit_quick_update_pref (ctrl_t ctrl, const char *username);
+void keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
+                                   const char *value);
 void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec);
 int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
                            int rc, kbnode_t keyblock,