security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: New command --quick-set-ownertrust. 

* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
This commit is contained in:
Werner Koch 2024-04-17 11:42:20 +02:00
parent 2a71c3cf97
commit 21f7ad563d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 105 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/gpg.texi
View File

@ -1223,12 +1223,19 @@ all affected self-signatures is set one second ahead.
This command updates the preference list of the key to the current This command updates the preference list of the key to the current
default value (either built-in or set via default value (either built-in or set via
@option{--default-preference-list}). This is the unattended version @option{--default-preference-list}). This is the unattended version
of of using "setpref" in the @option{--key-edit} menu without giving a of using "setpref" in the @option{--key-edit} menu without giving a
list. Note that you can show the preferences in a key listing by list. Note that you can show the preferences in a key listing by
using @option{--list-options show-pref} or @option{--list-options using @option{--list-options show-pref} or @option{--list-options
show-pref-verbose}. You should also re-distribute updated keys to show-pref-verbose}. You should also re-distribute updated keys to
your peers. your peers.
@item --quick-set-ownertrust @var{user-id} @var{value}
@opindex quick-set-ownertrust
This command sets the ownertrust of a key and can also be used to set
the disable flag of a key. This is the unattended version of using
"trust", "disable", or "enable" in the @option{--key-edit} menu.
@item --change-passphrase @var{user-id} @item --change-passphrase @var{user-id}
@opindex change-passphrase @opindex change-passphrase
@itemx --passwd @var{user-id} @itemx --passwd @var{user-id}

13
g10/gpg.c
View File

@ -136,6 +136,7 @@ enum cmd_and_opt_values
aQuickSetExpire, aQuickSetExpire,
aQuickSetPrimaryUid, aQuickSetPrimaryUid,
aQuickUpdatePref, aQuickUpdatePref,
aQuickSetOwnertrust,
aListConfig, aListConfig,
aListGcryptConfig, aListGcryptConfig,
aGPGConfList, aGPGConfList,
@ -504,6 +505,7 @@ static gpgrt_opt_t opts[] = {
N_("quickly set a new expiration date")), N_("quickly set a new expiration date")),
ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"), ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"),
ARGPARSE_c (aQuickUpdatePref, "quick-update-pref", "@"), ARGPARSE_c (aQuickUpdatePref, "quick-update-pref", "@"),
ARGPARSE_c (aQuickSetOwnertrust, "quick-set-ownertrust", "@"),
ARGPARSE_c (aFullKeygen, "full-generate-key" , ARGPARSE_c (aFullKeygen, "full-generate-key" ,
N_("full featured key pair generation")), N_("full featured key pair generation")),
ARGPARSE_c (aFullKeygen, "full-gen-key", "@"), ARGPARSE_c (aFullKeygen, "full-gen-key", "@"),
@ -2722,6 +2724,7 @@ main (int argc, char **argv)
case aQuickSetExpire: case aQuickSetExpire:
case aQuickSetPrimaryUid: case aQuickSetPrimaryUid:
case aQuickUpdatePref: case aQuickUpdatePref:
case aQuickSetOwnertrust:
case aExportOwnerTrust: case aExportOwnerTrust:
case aImportOwnerTrust: case aImportOwnerTrust:
case aRebuildKeydbCaches: case aRebuildKeydbCaches:
@ -4405,6 +4408,7 @@ main (int argc, char **argv)
case aQuickRevUid: case aQuickRevUid:
case aQuickSetPrimaryUid: case aQuickSetPrimaryUid:
case aQuickUpdatePref: case aQuickUpdatePref:
case aQuickSetOwnertrust:
case aFullKeygen: case aFullKeygen:
case aKeygen: case aKeygen:
case aImport: case aImport:
@ -4926,6 +4930,15 @@ main (int argc, char **argv)
} }
break; break;
case aQuickSetOwnertrust:
{
if (argc != 2)
wrong_args ("--quick-set-ownertrust USER-ID"
" [enable|disable|full|...]");
keyedit_quick_set_ownertrust (ctrl, argv[0], argv[1]);
}
break;
case aFastImport: case aFastImport:
opt.import_options |= IMPORT_FAST; /* fall through */ opt.import_options |= IMPORT_FAST; /* fall through */
case aImport: case aImport:

83
g10/keyedit.c
View File

@ -2755,6 +2755,87 @@ keyedit_quick_update_pref (ctrl_t ctrl, const char *username)
} }
/* Unattended updating of the ownertrust or disable/enable state of a key
* USERNAME specifies the key. This is somewhat similar to
* gpg --edit-key <userid> trust save
* gpg --edit-key <userid> disable save
*
* VALUE is the new trust value which is one of:
* "undefined" - Ownertrust is set to undefined
* "never" - Ownertrust is set to never trust
* "marginal" - Ownertrust is set to marginal trust
* "full" - Ownertrust is set to full trust
* "ultimate" - Ownertrust is set to ultimate trust
* "enable" - The key is re-enabled.
* "disable" - The key is disabled.
* Trust settings do not change the ebable/disable state.
*/
void
keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
const char *value)
{
gpg_error_t err;
KEYDB_HANDLE kdbhd = NULL;
kbnode_t keyblock = NULL;
PKT_public_key *pk;
unsigned int trust, newtrust;
int x;
int maybe_update_trust = 0;
#ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */
check_trustdb_stale (ctrl);
#endif
/* Search the key; we don't want the whole getkey stuff here. Note
* that we are looking for the public key here. */
err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
if (err)
goto leave;
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
|| keyblock->pkt->pkttype == PKT_SECRET_KEY);
pk = keyblock->pkt->pkt.public_key;
trust = newtrust = get_ownertrust (ctrl, pk);
if (!ascii_strcasecmp (value, "enable"))
newtrust &= ~TRUST_FLAG_DISABLED;
else if (!ascii_strcasecmp (value, "disable"))
newtrust |= TRUST_FLAG_DISABLED;
else if ((x = string_to_trust_value (value)) >= 0)
{
newtrust = x;
newtrust &= TRUST_MASK;
newtrust |= (trust & ~TRUST_MASK);
maybe_update_trust = 1;
}
else
{
err = gpg_error (GPG_ERR_INV_ARG);
goto leave;
}
if (trust != newtrust)
{
update_ownertrust (ctrl, pk, newtrust);
if (maybe_update_trust)
revalidation_mark (ctrl);
}
else if (opt.verbose)
log_info (_("Key not changed so no update needed.\n"));
leave:
if (err)
{
log_error (_("setting the ownertrust to '%s' failed: %s\n"),
value, gpg_strerror (err));
write_status_error ("keyedit.setownertrust", err);
}
release_kbnode (keyblock);
keydb_release (kdbhd);
}
/* Find a keyblock by fingerprint because only this uniquely /* Find a keyblock by fingerprint because only this uniquely
* identifies a key and may thus be used to select a key for * identifies a key and may thus be used to select a key for
* unattended subkey creation os key signing. */ * unattended subkey creation os key signing. */
@ -2999,7 +3080,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev,
check_trustdb_stale (ctrl); check_trustdb_stale (ctrl);
#endif #endif
/* Search the key; we don't want the whole getkey stuff here. Noet /* Search the key; we don't want the whole getkey stuff here. Note
* that we are looking for the public key here. */ * that we are looking for the public key here. */
err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock); err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
if (err) if (err)

2
g10/keyedit.h
View File

@ -57,6 +57,8 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
void keyedit_quick_set_primary (ctrl_t ctrl, const char *username, void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
const char *primaryuid); const char *primaryuid);
void keyedit_quick_update_pref (ctrl_t ctrl, const char *username); void keyedit_quick_update_pref (ctrl_t ctrl, const char *username);
void keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
const char *value);
void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec); void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec);
int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp, int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
int rc, kbnode_t keyblock, int rc, kbnode_t keyblock,