1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.

* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
keyserver options.  Set the default for --auto-key-locate to
"local,wkd".  Reset that default iff --auto-key-locate has been given
in the option file or in the commandline.
* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
--

GnuPG-bug-id: 3324
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-08-04 21:58:46 +02:00
parent 3d78ae4d3d
commit 7e1fe791d1
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 32 additions and 13 deletions

View File

@ -1726,14 +1726,18 @@ Set what trust model GnuPG should follow. The models are:
exists.
@end table
@item --auto-key-locate @var{parameters}
@item --auto-key-locate @var{mechanisms}
@itemx --no-auto-key-locate
@opindex auto-key-locate
GnuPG can automatically locate and retrieve keys as needed using this
option. This happens when encrypting to an email address (in the
"user@@example.com" form), and there are no user@@example.com keys on
the local keyring. This option takes any number of the following
mechanisms, in the order they are to be tried:
"user@@example.com" form), and there are no "user@@example.com" keys
on the local keyring. This option takes any number of the mechanisms
listed below, in the order they are to be tried. Instead of listing
the mechanisms as comma delimited arguments, the option may also be
given several times to add more mechanism. The option
@option{--no-auto-key-locate} or the mechanism "clear" resets the
list. The default is "local,wkd".
@table @asis
@ -1749,7 +1753,6 @@ mechanisms, in the order they are to be tried:
@item wkd
Locate a key using the Web Key Directory protocol.
This is an experimental method and semantics may change.
@item ldap
Using DNS Service Discovery, check the domain in question for any LDAP
@ -1782,13 +1785,14 @@ mechanisms, in the order they are to be tried:
@end table
@item --auto-key-retrieve
@itemx --no-auto-key-retrieve
@opindex auto-key-retrieve
@opindex no-auto-key-retrieve
This option enables the automatic retrieving of keys from a keyserver
when verifying signatures made by keys that are not on the local
keyring.
These options enable or disable the automatic retrieving of keys from
a keyserver when verifying signatures made by keys that are not on the
local keyring. The default is @option{--auto-key-retrieve}.
If the method "wkd" is included in the list of methods given to
@option{auto-key-locate}, the signer's user ID is part of the

View File

@ -4229,9 +4229,10 @@ release_akl (void)
/* Returns false on error. */
int
parse_auto_key_locate (char *options)
parse_auto_key_locate (const char *options_arg)
{
char *tok;
char *options = xstrdup (options_arg);
while ((tok = optsep (&options)))
{
@ -4271,6 +4272,7 @@ parse_auto_key_locate (char *options)
else
{
free_akl (akl);
xfree (options);
return 0;
}
@ -4299,6 +4301,7 @@ parse_auto_key_locate (char *options)
}
}
xfree (options);
return 1;
}

View File

@ -2292,6 +2292,7 @@ main (int argc, char **argv)
int ovrseskeyfd = -1;
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0;
int default_akl = 1;
int require_secmem = 0;
int got_secmem = 0;
struct assuan_malloc_hooks malloc_hooks;
@ -2362,7 +2363,8 @@ main (int argc, char **argv)
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
| IMPORT_REPAIR_PKS_SUBKEY_BUG);
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
| KEYSERVER_AUTO_KEY_RETRIEVE);
opt.verify_options = (LIST_SHOW_UID_VALIDITY
| VERIFY_SHOW_POLICY_URLS
| VERIFY_SHOW_STD_NOTATIONS
@ -2385,7 +2387,6 @@ main (int argc, char **argv)
opt.passphrase_repeat = 1;
opt.emit_version = 0;
opt.weak_digests = NULL;
additional_weak_digest("MD5");
/* Check whether we have a config file on the command line. */
orig_argc = argc;
@ -2461,6 +2462,10 @@ main (int argc, char **argv)
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
setup_libassuan_logging (&opt.debug, NULL);
/* Set default options which require that malloc stuff is ready. */
additional_weak_digest ("MD5");
parse_auto_key_locate ("local,wkd");
/* Try for a version specific config file first */
default_configname = get_default_configname ();
if (default_config)
@ -3457,6 +3462,13 @@ main (int argc, char **argv)
case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
case oAutoKeyLocate:
if (default_akl)
{
/* This is the first time --aito-key-locate is seen.
* We need to reset the default akl. */
default_akl = 0;
release_akl();
}
if(!parse_auto_key_locate(pargs.r.ret_str))
{
if(configname)

View File

@ -396,7 +396,7 @@ char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
void release_akl(void);
int parse_auto_key_locate(char *options);
int parse_auto_key_locate(const char *options);
int parse_key_origin (char *string);
const char *key_origin_string (int origin);