1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.

* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
keyserver options.  Set the default for --auto-key-locate to
"local,wkd".  Reset that default iff --auto-key-locate has been given
in the option file or in the commandline.
* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
--

GnuPG-bug-id: 3324
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-08-04 21:58:46 +02:00
parent 3d78ae4d3d
commit 7e1fe791d1
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 32 additions and 13 deletions

View File

@ -1726,14 +1726,18 @@ Set what trust model GnuPG should follow. The models are:
exists. exists.
@end table @end table
@item --auto-key-locate @var{parameters} @item --auto-key-locate @var{mechanisms}
@itemx --no-auto-key-locate @itemx --no-auto-key-locate
@opindex auto-key-locate @opindex auto-key-locate
GnuPG can automatically locate and retrieve keys as needed using this GnuPG can automatically locate and retrieve keys as needed using this
option. This happens when encrypting to an email address (in the option. This happens when encrypting to an email address (in the
"user@@example.com" form), and there are no user@@example.com keys on "user@@example.com" form), and there are no "user@@example.com" keys
the local keyring. This option takes any number of the following on the local keyring. This option takes any number of the mechanisms
mechanisms, in the order they are to be tried: listed below, in the order they are to be tried. Instead of listing
the mechanisms as comma delimited arguments, the option may also be
given several times to add more mechanism. The option
@option{--no-auto-key-locate} or the mechanism "clear" resets the
list. The default is "local,wkd".
@table @asis @table @asis
@ -1749,7 +1753,6 @@ mechanisms, in the order they are to be tried:
@item wkd @item wkd
Locate a key using the Web Key Directory protocol. Locate a key using the Web Key Directory protocol.
This is an experimental method and semantics may change.
@item ldap @item ldap
Using DNS Service Discovery, check the domain in question for any LDAP Using DNS Service Discovery, check the domain in question for any LDAP
@ -1782,13 +1785,14 @@ mechanisms, in the order they are to be tried:
@end table @end table
@item --auto-key-retrieve @item --auto-key-retrieve
@itemx --no-auto-key-retrieve @itemx --no-auto-key-retrieve
@opindex auto-key-retrieve @opindex auto-key-retrieve
@opindex no-auto-key-retrieve @opindex no-auto-key-retrieve
This option enables the automatic retrieving of keys from a keyserver These options enable or disable the automatic retrieving of keys from
when verifying signatures made by keys that are not on the local a keyserver when verifying signatures made by keys that are not on the
keyring. local keyring. The default is @option{--auto-key-retrieve}.
If the method "wkd" is included in the list of methods given to If the method "wkd" is included in the list of methods given to
@option{auto-key-locate}, the signer's user ID is part of the @option{auto-key-locate}, the signer's user ID is part of the

View File

@ -4229,9 +4229,10 @@ release_akl (void)
/* Returns false on error. */ /* Returns false on error. */
int int
parse_auto_key_locate (char *options) parse_auto_key_locate (const char *options_arg)
{ {
char *tok; char *tok;
char *options = xstrdup (options_arg);
while ((tok = optsep (&options))) while ((tok = optsep (&options)))
{ {
@ -4271,6 +4272,7 @@ parse_auto_key_locate (char *options)
else else
{ {
free_akl (akl); free_akl (akl);
xfree (options);
return 0; return 0;
} }
@ -4299,6 +4301,7 @@ parse_auto_key_locate (char *options)
} }
} }
xfree (options);
return 1; return 1;
} }

View File

@ -2292,6 +2292,7 @@ main (int argc, char **argv)
int ovrseskeyfd = -1; int ovrseskeyfd = -1;
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */ int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0; int any_explicit_recipient = 0;
int default_akl = 1;
int require_secmem = 0; int require_secmem = 0;
int got_secmem = 0; int got_secmem = 0;
struct assuan_malloc_hooks malloc_hooks; struct assuan_malloc_hooks malloc_hooks;
@ -2362,7 +2363,8 @@ main (int argc, char **argv)
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
| IMPORT_REPAIR_PKS_SUBKEY_BUG); | IMPORT_REPAIR_PKS_SUBKEY_BUG);
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
| KEYSERVER_AUTO_KEY_RETRIEVE);
opt.verify_options = (LIST_SHOW_UID_VALIDITY opt.verify_options = (LIST_SHOW_UID_VALIDITY
| VERIFY_SHOW_POLICY_URLS | VERIFY_SHOW_POLICY_URLS
| VERIFY_SHOW_STD_NOTATIONS | VERIFY_SHOW_STD_NOTATIONS
@ -2385,7 +2387,6 @@ main (int argc, char **argv)
opt.passphrase_repeat = 1; opt.passphrase_repeat = 1;
opt.emit_version = 0; opt.emit_version = 0;
opt.weak_digests = NULL; opt.weak_digests = NULL;
additional_weak_digest("MD5");
/* Check whether we have a config file on the command line. */ /* Check whether we have a config file on the command line. */
orig_argc = argc; orig_argc = argc;
@ -2461,6 +2462,10 @@ main (int argc, char **argv)
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
setup_libassuan_logging (&opt.debug, NULL); setup_libassuan_logging (&opt.debug, NULL);
/* Set default options which require that malloc stuff is ready. */
additional_weak_digest ("MD5");
parse_auto_key_locate ("local,wkd");
/* Try for a version specific config file first */ /* Try for a version specific config file first */
default_configname = get_default_configname (); default_configname = get_default_configname ();
if (default_config) if (default_config)
@ -3457,6 +3462,13 @@ main (int argc, char **argv)
case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break; case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
case oAutoKeyLocate: case oAutoKeyLocate:
if (default_akl)
{
/* This is the first time --aito-key-locate is seen.
* We need to reset the default akl. */
default_akl = 0;
release_akl();
}
if(!parse_auto_key_locate(pargs.r.ret_str)) if(!parse_auto_key_locate(pargs.r.ret_str))
{ {
if(configname) if(configname)

View File

@ -396,7 +396,7 @@ char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr); char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
void release_akl(void); void release_akl(void);
int parse_auto_key_locate(char *options); int parse_auto_key_locate(const char *options);
int parse_key_origin (char *string); int parse_key_origin (char *string);
const char *key_origin_string (int origin); const char *key_origin_string (int origin);