mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: New command --quick-set-ownertrust.
* g10/gpg.c (aQuickSetOwnertrust): New. (opts): Add new command. (main): Implement it. * g10/keyedit.c (keyedit_quick_set_ownertrust): New.
This commit is contained in:
parent
b261478c06
commit
967678d972
@ -1223,12 +1223,19 @@ all affected self-signatures is set one second ahead.
|
||||
This command updates the preference list of the key to the current
|
||||
default value (either built-in or set via
|
||||
@option{--default-preference-list}). This is the unattended version
|
||||
of of using "setpref" in the @option{--key-edit} menu without giving a
|
||||
of using "setpref" in the @option{--key-edit} menu without giving a
|
||||
list. Note that you can show the preferences in a key listing by
|
||||
using @option{--list-options show-pref} or @option{--list-options
|
||||
show-pref-verbose}. You should also re-distribute updated keys to
|
||||
your peers.
|
||||
|
||||
@item --quick-set-ownertrust @var{user-id} @var{value}
|
||||
@opindex quick-set-ownertrust
|
||||
This command sets the ownertrust of a key and can also be used to set
|
||||
the disable flag of a key. This is the unattended version of using
|
||||
"trust", "disable", or "enable" in the @option{--key-edit} menu.
|
||||
|
||||
|
||||
@item --change-passphrase @var{user-id}
|
||||
@opindex change-passphrase
|
||||
@itemx --passwd @var{user-id}
|
||||
|
13
g10/gpg.c
13
g10/gpg.c
@ -136,6 +136,7 @@ enum cmd_and_opt_values
|
||||
aQuickSetExpire,
|
||||
aQuickSetPrimaryUid,
|
||||
aQuickUpdatePref,
|
||||
aQuickSetOwnertrust,
|
||||
aListConfig,
|
||||
aListGcryptConfig,
|
||||
aGPGConfList,
|
||||
@ -502,6 +503,7 @@ static gpgrt_opt_t opts[] = {
|
||||
N_("quickly set a new expiration date")),
|
||||
ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"),
|
||||
ARGPARSE_c (aQuickUpdatePref, "quick-update-pref", "@"),
|
||||
ARGPARSE_c (aQuickSetOwnertrust, "quick-set-ownertrust", "@"),
|
||||
ARGPARSE_c (aFullKeygen, "full-generate-key" ,
|
||||
N_("full featured key pair generation")),
|
||||
ARGPARSE_c (aFullKeygen, "full-gen-key", "@"),
|
||||
@ -2717,6 +2719,7 @@ main (int argc, char **argv)
|
||||
case aQuickSetExpire:
|
||||
case aQuickSetPrimaryUid:
|
||||
case aQuickUpdatePref:
|
||||
case aQuickSetOwnertrust:
|
||||
case aExportOwnerTrust:
|
||||
case aImportOwnerTrust:
|
||||
case aRebuildKeydbCaches:
|
||||
@ -4393,6 +4396,7 @@ main (int argc, char **argv)
|
||||
case aQuickRevUid:
|
||||
case aQuickSetPrimaryUid:
|
||||
case aQuickUpdatePref:
|
||||
case aQuickSetOwnertrust:
|
||||
case aFullKeygen:
|
||||
case aKeygen:
|
||||
case aImport:
|
||||
@ -4912,6 +4916,15 @@ main (int argc, char **argv)
|
||||
}
|
||||
break;
|
||||
|
||||
case aQuickSetOwnertrust:
|
||||
{
|
||||
if (argc != 2)
|
||||
wrong_args ("--quick-set-ownertrust USER-ID"
|
||||
" [enable|disable|full|...]");
|
||||
keyedit_quick_set_ownertrust (ctrl, argv[0], argv[1]);
|
||||
}
|
||||
break;
|
||||
|
||||
case aFastImport:
|
||||
opt.import_options |= IMPORT_FAST; /* fall through */
|
||||
case aImport:
|
||||
|
@ -2754,6 +2754,87 @@ keyedit_quick_update_pref (ctrl_t ctrl, const char *username)
|
||||
}
|
||||
|
||||
|
||||
/* Unattended updating of the ownertrust or disable/enable state of a key
|
||||
* USERNAME specifies the key. This is somewhat similar to
|
||||
* gpg --edit-key <userid> trust save
|
||||
* gpg --edit-key <userid> disable save
|
||||
*
|
||||
* VALUE is the new trust value which is one of:
|
||||
* "undefined" - Ownertrust is set to undefined
|
||||
* "never" - Ownertrust is set to never trust
|
||||
* "marginal" - Ownertrust is set to marginal trust
|
||||
* "full" - Ownertrust is set to full trust
|
||||
* "ultimate" - Ownertrust is set to ultimate trust
|
||||
* "enable" - The key is re-enabled.
|
||||
* "disable" - The key is disabled.
|
||||
* Trust settings do not change the ebable/disable state.
|
||||
*/
|
||||
void
|
||||
keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
|
||||
const char *value)
|
||||
{
|
||||
gpg_error_t err;
|
||||
KEYDB_HANDLE kdbhd = NULL;
|
||||
kbnode_t keyblock = NULL;
|
||||
PKT_public_key *pk;
|
||||
unsigned int trust, newtrust;
|
||||
int x;
|
||||
int maybe_update_trust = 0;
|
||||
|
||||
#ifdef HAVE_W32_SYSTEM
|
||||
/* See keyedit_menu for why we need this. */
|
||||
check_trustdb_stale (ctrl);
|
||||
#endif
|
||||
|
||||
/* Search the key; we don't want the whole getkey stuff here. Note
|
||||
* that we are looking for the public key here. */
|
||||
err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
|
||||
if (err)
|
||||
goto leave;
|
||||
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
|
||||
|| keyblock->pkt->pkttype == PKT_SECRET_KEY);
|
||||
pk = keyblock->pkt->pkt.public_key;
|
||||
|
||||
trust = newtrust = get_ownertrust (ctrl, pk);
|
||||
|
||||
if (!ascii_strcasecmp (value, "enable"))
|
||||
newtrust &= ~TRUST_FLAG_DISABLED;
|
||||
else if (!ascii_strcasecmp (value, "disable"))
|
||||
newtrust |= TRUST_FLAG_DISABLED;
|
||||
else if ((x = string_to_trust_value (value)) >= 0)
|
||||
{
|
||||
newtrust = x;
|
||||
newtrust &= TRUST_MASK;
|
||||
newtrust |= (trust & ~TRUST_MASK);
|
||||
maybe_update_trust = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
err = gpg_error (GPG_ERR_INV_ARG);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (trust != newtrust)
|
||||
{
|
||||
update_ownertrust (ctrl, pk, newtrust);
|
||||
if (maybe_update_trust)
|
||||
revalidation_mark (ctrl);
|
||||
}
|
||||
else if (opt.verbose)
|
||||
log_info (_("Key not changed so no update needed.\n"));
|
||||
|
||||
leave:
|
||||
if (err)
|
||||
{
|
||||
log_error (_("setting the ownertrust to '%s' failed: %s\n"),
|
||||
value, gpg_strerror (err));
|
||||
write_status_error ("keyedit.setownertrust", err);
|
||||
}
|
||||
release_kbnode (keyblock);
|
||||
keydb_release (kdbhd);
|
||||
}
|
||||
|
||||
|
||||
/* Find a keyblock by fingerprint because only this uniquely
|
||||
* identifies a key and may thus be used to select a key for
|
||||
* unattended subkey creation os key signing. */
|
||||
@ -2998,7 +3079,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev,
|
||||
check_trustdb_stale (ctrl);
|
||||
#endif
|
||||
|
||||
/* Search the key; we don't want the whole getkey stuff here. Noet
|
||||
/* Search the key; we don't want the whole getkey stuff here. Note
|
||||
* that we are looking for the public key here. */
|
||||
err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
|
||||
if (err)
|
||||
|
@ -57,6 +57,8 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
|
||||
void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
|
||||
const char *primaryuid);
|
||||
void keyedit_quick_update_pref (ctrl_t ctrl, const char *username);
|
||||
void keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
|
||||
const char *value);
|
||||
void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec);
|
||||
int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
|
||||
int rc, kbnode_t keyblock,
|
||||
|
Loading…
x
Reference in New Issue
Block a user