gpgsm: Add --always-trust feature.

* sm/gpgsm.h (opt): Re-purpose unused flag always_trust. (struct server_control_s): Add "always_trust". (VALIDATE_FLAG_BYPASS): New. * sm/gpgsm.c (oAlwaysTrust): New. (opts): Add "--always-trust" (main): Set option. * sm/server.c (option_handler): Add option "always-trust". (reset_notify): Clear that option. (cmd_encrypt): Ditto. (cmd_getinfo): Add sub-command always-trust. * sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS. * sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients in always-trust mode. -- GnuPG-bug-id: 6559
2025-07-02 22:46:30 +02:00 · 2023-08-31 11:13:38 +02:00 · 2023-08-31 11:13:38 +02:00 · 776876ce1c
commit 776876ce1c
parent ee27ac18ea
6 changed files with 79 additions and 7 deletions
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -215,6 +215,7 @@ enum cmd_and_opt_values {
  oRequireCompliance,
  oCompatibilityFlags,
  oKbxBufferSize,
+  oAlwaysTrust,
  oNoAutostart
 };

@ -417,6 +418,7 @@ static gpgrt_opt_t opts[] = {
  ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
  ARGPARSE_s_n (oNoRandomSeedFile,  "no-random-seed-file", "@"),
  ARGPARSE_s_n (oRequireCompliance, "require-compliance", "@"),
+  ARGPARSE_s_n (oAlwaysTrust,       "always-trust", "@"),

  ARGPARSE_header (NULL, N_("Options for unattended use")),

@ -1499,6 +1501,7 @@ main ( int argc, char **argv)
        case oMinRSALength: opt.min_rsa_length = pargs.r.ret_ulong; break;

        case oRequireCompliance: opt.require_compliance = 1;  break;
+        case oAlwaysTrust: opt.always_trust = 1;  break;

        case oKbxBufferSize:
          keybox_set_buffersize (pargs.r.ret_ulong, 0);
@ -1588,10 +1591,20 @@ main ( int argc, char **argv)
  if (may_coredump && !opt.quiet)
    log_info (_("WARNING: program may create a core file!\n"));

+  if (opt.require_compliance && opt.always_trust)
+    {
+      opt.always_trust = 0;
+      if (opt.quiet)
+        log_info (_("WARNING: %s overrides %s\n"),
+                  "--require-compliance","--always-trust");
+    }
+
+
  npth_init ();
  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);

+
 /*   if (opt.qualsig_approval && !opt.quiet) */
 /*     log_info (_("This software has officially been approved to " */
 /*                 "create and verify\n" */