From 7e1fe791d188b078398bf83c9af992cb1bd2a4b3 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 4 Aug 2017 21:58:46 +0200 Subject: [PATCH] gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve. * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch --- doc/gpg.texi | 22 +++++++++++++--------- g10/getkey.c | 5 ++++- g10/gpg.c | 16 ++++++++++++++-- g10/keydb.h | 2 +- 4 files changed, 32 insertions(+), 13 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 01dfeb770..19398e63b 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1726,14 +1726,18 @@ Set what trust model GnuPG should follow. The models are: exists. @end table -@item --auto-key-locate @var{parameters} +@item --auto-key-locate @var{mechanisms} @itemx --no-auto-key-locate @opindex auto-key-locate GnuPG can automatically locate and retrieve keys as needed using this -option. This happens when encrypting to an email address (in the -"user@@example.com" form), and there are no user@@example.com keys on -the local keyring. This option takes any number of the following -mechanisms, in the order they are to be tried: +option. This happens when encrypting to an email address (in the +"user@@example.com" form), and there are no "user@@example.com" keys +on the local keyring. This option takes any number of the mechanisms +listed below, in the order they are to be tried. Instead of listing +the mechanisms as comma delimited arguments, the option may also be +given several times to add more mechanism. The option +@option{--no-auto-key-locate} or the mechanism "clear" resets the +list. The default is "local,wkd". @table @asis @@ -1749,7 +1753,6 @@ mechanisms, in the order they are to be tried: @item wkd Locate a key using the Web Key Directory protocol. - This is an experimental method and semantics may change. @item ldap Using DNS Service Discovery, check the domain in question for any LDAP @@ -1782,13 +1785,14 @@ mechanisms, in the order they are to be tried: @end table + @item --auto-key-retrieve @itemx --no-auto-key-retrieve @opindex auto-key-retrieve @opindex no-auto-key-retrieve -This option enables the automatic retrieving of keys from a keyserver -when verifying signatures made by keys that are not on the local -keyring. +These options enable or disable the automatic retrieving of keys from +a keyserver when verifying signatures made by keys that are not on the +local keyring. The default is @option{--auto-key-retrieve}. If the method "wkd" is included in the list of methods given to @option{auto-key-locate}, the signer's user ID is part of the diff --git a/g10/getkey.c b/g10/getkey.c index 79bce61c5..5b7aff941 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -4229,9 +4229,10 @@ release_akl (void) /* Returns false on error. */ int -parse_auto_key_locate (char *options) +parse_auto_key_locate (const char *options_arg) { char *tok; + char *options = xstrdup (options_arg); while ((tok = optsep (&options))) { @@ -4271,6 +4272,7 @@ parse_auto_key_locate (char *options) else { free_akl (akl); + xfree (options); return 0; } @@ -4299,6 +4301,7 @@ parse_auto_key_locate (char *options) } } + xfree (options); return 1; } diff --git a/g10/gpg.c b/g10/gpg.c index d2227b395..39f52eb50 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2292,6 +2292,7 @@ main (int argc, char **argv) int ovrseskeyfd = -1; int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */ int any_explicit_recipient = 0; + int default_akl = 1; int require_secmem = 0; int got_secmem = 0; struct assuan_malloc_hooks malloc_hooks; @@ -2362,7 +2363,8 @@ main (int argc, char **argv) opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS | IMPORT_REPAIR_PKS_SUBKEY_BUG); opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; - opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD + | KEYSERVER_AUTO_KEY_RETRIEVE); opt.verify_options = (LIST_SHOW_UID_VALIDITY | VERIFY_SHOW_POLICY_URLS | VERIFY_SHOW_STD_NOTATIONS @@ -2385,7 +2387,6 @@ main (int argc, char **argv) opt.passphrase_repeat = 1; opt.emit_version = 0; opt.weak_digests = NULL; - additional_weak_digest("MD5"); /* Check whether we have a config file on the command line. */ orig_argc = argc; @@ -2461,6 +2462,10 @@ main (int argc, char **argv) assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); setup_libassuan_logging (&opt.debug, NULL); + /* Set default options which require that malloc stuff is ready. */ + additional_weak_digest ("MD5"); + parse_auto_key_locate ("local,wkd"); + /* Try for a version specific config file first */ default_configname = get_default_configname (); if (default_config) @@ -3457,6 +3462,13 @@ main (int argc, char **argv) case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break; case oAutoKeyLocate: + if (default_akl) + { + /* This is the first time --aito-key-locate is seen. + * We need to reset the default akl. */ + default_akl = 0; + release_akl(); + } if(!parse_auto_key_locate(pargs.r.ret_str)) { if(configname) diff --git a/g10/keydb.h b/g10/keydb.h index f793ada77..f503c9990 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -396,7 +396,7 @@ char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn); char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr); void release_akl(void); -int parse_auto_key_locate(char *options); +int parse_auto_key_locate(const char *options); int parse_key_origin (char *string); const char *key_origin_string (int origin);