* options.h, g10.c (main): Add new --default-sig-expire and

--default-cert-expire options. Suggested by Florian Weimer. * main.h, keygen.c (parse_expire_string, ask_expire_interval): Use defaults passed in, or "0" to control what default expiration is. * keyedit.c (sign_uids), sign.c (sign_file, clearsign_file, sign_symencrypt_file): Call them here, so that default expiration is used when --ask-xxxxx-expire is off.
2024-09-25 15:41:41 +02:00 · 2005-05-05 19:21:40 +00:00 · 2005-05-05 19:21:40 +00:00 · c71639cfff
commit c71639cfff
parent cf7c0feca4
7 changed files with 128 additions and 47 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,15 @@
 2005-05-05  David Shaw  <dshaw@jabberwocky.com>
 	* options.h, g10.c (main): Add new --default-sig-expire and
 	--default-cert-expire options.  Suggested by Florian Weimer.
 	* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
 	defaults passed in, or "0" to control what default expiration is.
 	* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
 	sign_symencrypt_file): Call them here, so that default expiration
 	is used when --ask-xxxxx-expire is off.
 2005-05-03  Werner Koch  <wk@g10code.com>
 	* passphrase.c (agent_get_passphrase): Add new arg CACHEID.
--- a/g10/g10.c
+++ b/g10/g10.c
@ -1,6 +1,6 @@
 /* g10.c - The GnuPG utility (main for gpg)
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- *               2004, 2005 Free Software Foundation, Inc.
+ *               2005 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -157,18 +157,20 @@ enum cmd_and_opt_values
    oNoTextmode,
    oExpert,
    oNoExpert,
    oDefSigExpire,
    oAskSigExpire,
    oNoAskSigExpire,
    oDefCertExpire,
    oAskCertExpire,
    oNoAskCertExpire,
    oDefCertLevel,
    oMinCertLevel,
    oAskCertLevel,
    oNoAskCertLevel,
    oFingerprint,
    oWithFingerprint,
    oAnswerYes,
    oAnswerNo,
    oDefCertLevel,
    oMinCertLevel,
    oKeyring,
    oPrimaryKeyring,
    oSecretKeyring,
@ -443,10 +445,14 @@ static ARGPARSE_OPTS opts[] = {
    { oNoTextmode, "no-textmode",  0, "@"},
    { oExpert, "expert",   0, "@"},
    { oNoExpert, "no-expert",   0, "@"},
    { oDefSigExpire, "default-sig-expire", 2, "@"},
    { oAskSigExpire, "ask-sig-expire",   0, "@"},
    { oNoAskSigExpire, "no-ask-sig-expire",   0, "@"},
    { oDefCertExpire, "default-cert-expire", 2, "@"},
    { oAskCertExpire, "ask-cert-expire",   0, "@"},
    { oNoAskCertExpire, "no-ask-cert-expire",   0, "@"},
    { oDefCertLevel, "default-cert-level", 1, "@"},
    { oMinCertLevel, "min-cert-level", 1, "@"},
    { oAskCertLevel, "ask-cert-level",   0, "@"},
    { oNoAskCertLevel, "no-ask-cert-level",   0, "@"},
    { oOutput, "output",    2, N_("use as output file")},
@ -579,8 +585,6 @@ static ARGPARSE_OPTS opts[] = {
    { oCompressKeys, "compress-keys",0, "@"},
    { oCompressSigs, "compress-sigs",0, "@"},
    { oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */
    { oDefCertLevel, "default-cert-level", 1, "@"},
    { oMinCertLevel, "min-cert-level", 1, "@"},
    { oAlwaysTrust, "always-trust", 0, "@"},
    { oTrustModel, "trust-model", 2, "@"},
    { oForceOwnertrust, "force-ownertrust", 2, "@"},
@ -1673,6 +1677,8 @@ main( int argc, char **argv )
    set_screen_dimensions();
    opt.keyid_format=KF_SHORT;
    opt.rfc2440_text=1;
    opt.def_sig_expire="0";
    opt.def_cert_expire="0";
    set_homedir ( default_homedir () );
 #ifdef ENABLE_CARD_SUPPORT
@ -2020,8 +2026,6 @@ main( int argc, char **argv )
 	    break;
 	  case oNoArmor: opt.no_armor=1; opt.armor=0; break;
 	  case oNoDefKeyring: default_keyring = 0; break;
          case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
          case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
 	  case oNoGreeting: nogreeting = 1; break;
 	  case oNoVerbose: g10_opt_verbose = 0;
 			   opt.verbose = 0; opt.list_sigs=0; break;
@ -2227,10 +2231,32 @@ main( int argc, char **argv )
 	  case oNoTextmode: opt.textmode=0;  break;
 	  case oExpert: opt.expert = 1; break;
 	  case oNoExpert: opt.expert = 0; break;
 	  case oDefSigExpire:
 	    if(*pargs.r.ret_str!='\0')
 	      {
 		if(parse_expire_string(pargs.r.ret_str)==-1)
 		  log_error(_("`%s' is not a valid signature expiration\n"),
 			    pargs.r.ret_str);
 		else
 		  opt.def_sig_expire=pargs.r.ret_str;
 	      }
 	    break;
 	  case oAskSigExpire: opt.ask_sig_expire = 1; break;
 	  case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
 	  case oDefCertExpire:
 	    if(*pargs.r.ret_str!='\0')
 	      {
 		if(parse_expire_string(pargs.r.ret_str)==-1)
 		  log_error(_("`%s' is not a valid signature expiration\n"),
 			    pargs.r.ret_str);
 		else
 		  opt.def_cert_expire=pargs.r.ret_str;
 	      }
 	    break;
 	  case oAskCertExpire: opt.ask_cert_expire = 1; break;
 	  case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
          case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
          case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
 	  case oAskCertLevel: opt.ask_cert_level = 1; break;
 	  case oNoAskCertLevel: opt.ask_cert_level = 0; break;
 	  case oUser: /* store the local users */
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -860,8 +860,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 	/* Only ask for duration if we haven't already set it to match
           the expiration of the pk */
-	if(opt.ask_cert_expire && !duration && !selfsig)
+	if(!duration && !selfsig)
-	  duration=ask_expire_interval(1);
+	  {
 	    if(opt.ask_cert_expire)
 	      duration=ask_expire_interval(1,opt.def_cert_expire);
 	    else
 	      duration=parse_expire_string(opt.def_cert_expire)*86400L;
 	  }
 	if(duration)
 	  force_v4=1;
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -1,6 +1,6 @@
 /* keygen.c - generate a key pair
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- *               2004, 2005 Free Software Foundation, Inc.
+ *               2005 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -1498,7 +1498,7 @@ ask_keysize( int algo )
 * Parse an expire string and return it's value in days.
 * Returns -1 on error.
 */
-static int
+int
 parse_expire_string( const char *string )
 {
    int mult;
@ -1530,7 +1530,7 @@ parse_expire_string( const char *string )
 /* object == 0 for a key, and 1 for a sig */
 u32
-ask_expire_interval(int object)
+ask_expire_interval(int object,const char *def_expire)
 {
    char *answer;
    int valid_days=0;
@ -1539,6 +1539,8 @@ ask_expire_interval(int object)
    switch(object)
      {
      case 0:
 	if(def_expire)
 	  BUG();
 	tty_printf(_("Please specify how long the key should be valid.\n"
 		     "         0 = key does not expire\n"
 		     "      <n>  = key expires in n days\n"
@ -1548,6 +1550,8 @@ ask_expire_interval(int object)
 	break;
      case 1:
 	if(!def_expire)
 	  BUG();
 	tty_printf(_("Please specify how long the signature should be valid.\n"
 		     "         0 = signature does not expire\n"
 		     "      <n>  = signature expires in n days\n"
@ -1565,20 +1569,36 @@ ask_expire_interval(int object)
     * date */
    answer = NULL;
-    for(;;) {
+    for(;;)
      {
 	u32 curtime=make_timestamp();
 	m_free(answer);
 	if(object==0)
 	  answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
 	else
-	  answer = cpr_get("siggen.valid",_("Signature is valid for? (0) "));
+	  {
 	    char *prompt;
 #define PROMPTSTRING _("Signature is valid for? (%s) ")
 	    /* This will actually end up larger than necessary because
 	       of the 2 bytes for '%s' */
 	    prompt=m_alloc(strlen(PROMPTSTRING)+strlen(def_expire)+1);
 	    sprintf(prompt,PROMPTSTRING,def_expire);
 #undef PROMPTSTRING
 	    answer = cpr_get("siggen.valid",prompt);
 	    m_free(prompt);
 	    if(*answer=='\0')
 	      answer=m_strdup(def_expire);
 	  }
 	cpr_kill_prompt();
 	trim_spaces(answer);
 	valid_days = parse_expire_string( answer );
 	if( valid_days < 0 ) {
-	    tty_printf(_("invalid value\n"));
+	  tty_printf(_("invalid value\n"));
-	    continue;
+	  continue;
 	}
 	if( !valid_days )
@ -1589,24 +1609,24 @@ ask_expire_interval(int object)
 	    interval = 0;
 	  }
 	else {
-	    interval = valid_days * 86400L;
+	  interval = valid_days * 86400L;
-	    tty_printf(object==0
+	  tty_printf(object==0
-                       ? _("Key expires at %s\n")
+		     ? _("Key expires at %s\n")
-		       : _("Signature expires at %s\n"),
+		     : _("Signature expires at %s\n"),
-			asctimestamp((ulong)(curtime + interval) ) );
+		     asctimestamp((ulong)(curtime + interval) ) );
-            /* FIXME: This check yields warning on alhas: Write a
+	  /* FIXME: This check yields warning on alhas: Write a
-               configure check and to this check here only for 32 bit
+	     configure check and to this check here only for 32 bit
-               machines */
+	     machines */
-	    if( (time_t)((ulong)(curtime+interval)) < 0 )
+	  if( (time_t)((ulong)(curtime+interval)) < 0 )
-		tty_printf(_("Your system can't display dates beyond 2038.\n"
+	    tty_printf(_("Your system can't display dates beyond 2038.\n"
-		    "However, it will be correctly handled up to 2106.\n"));
+			 "However, it will be correctly handled up to 2106.\n"));
 	}
 	if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",
-					    _("Is this correct? (y/N) ")) )
+						   _("Is this correct? (y/N) ")) )
-	    break;
+	  break;
-    }
+      }
    m_free(answer);
    return interval;
 }
@ -1614,7 +1634,7 @@ ask_expire_interval(int object)
 u32
 ask_expiredate()
 {
-    u32 x = ask_expire_interval(0);
+    u32 x = ask_expire_interval(0,NULL);
    return x? make_timestamp() + x : 0;
 }
@ -2572,7 +2592,7 @@ generate_keypair (const char *fname, const char *card_serialno,
      para = r;
    }
-  expire = ask_expire_interval(0);
+  expire = ask_expire_interval(0,NULL);
  r = m_alloc_clear( sizeof *r + 20 );
  r->key = pKEYEXPIRE;
  r->u.expire = expire;
@ -3085,7 +3105,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
    algo = ask_algo( 1, &use );
    assert(algo);
    nbits = ask_keysize( algo );
-    expire = ask_expire_interval(0);
+    expire = ask_expire_interval(0,NULL);
    if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
 						  _("Really create? (y/N) ")))
 	goto leave;
@ -3203,7 +3223,7 @@ generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
    goto leave;
  algo = PUBKEY_ALGO_RSA;
-  expire = ask_expire_interval (0);
+  expire = ask_expire_interval (0,NULL);
  if (keyno == 1)
    use = PUBKEY_USAGE_SIG;
  else if (keyno == 2)
--- a/g10/main.h
+++ b/g10/main.h
@ -1,6 +1,6 @@
 /* main.h
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- *               2004 Free Software Foundation, Inc.
+ *               2005 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -165,7 +165,8 @@ void keyedit_menu( const char *username, STRLIST locusr,
 void show_basic_key_info (KBNODE keyblock);
 /*-- keygen.c --*/
-u32 ask_expire_interval(int object);
+int parse_expire_string(const char *string);
 u32 ask_expire_interval(int object,const char *def_expire);
 u32 ask_expiredate(void);
 void generate_keypair( const char *fname, const char *card_serialno,
                       const char *backup_encryption_dir );
--- a/g10/options.h
+++ b/g10/options.h
@ -50,7 +50,9 @@ struct
  int list_only;
  int textmode;
  int expert;
  const char *def_sig_expire;
  int ask_sig_expire;
  const char *def_cert_expire;
  int ask_cert_expire;
  int batch;	    /* run in batch mode */
  int answer_yes; /* answer yes on most questions */
--- a/g10/sign.c
+++ b/g10/sign.c
@ -1,6 +1,6 @@
 /* sign.c - sign data
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- *               2004 Free Software Foundation, Inc.
+ *               2005 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -744,8 +744,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
       && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
      goto leave;
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
+    if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
-      duration=ask_expire_interval(1);
+      {
 	if(opt.ask_sig_expire)
 	  duration=ask_expire_interval(1,opt.def_sig_expire);
 	else
 	  duration=parse_expire_string(opt.def_sig_expire)*86400L;
      }
    if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
 	goto leave;
@ -1009,8 +1014,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
    memset( &afx, 0, sizeof afx);
    init_packet( &pkt );
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
+    if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
-      duration=ask_expire_interval(1);
+      {
 	if(opt.ask_sig_expire)
 	  duration=ask_expire_interval(1,opt.def_sig_expire);
 	else
 	  duration=parse_expire_string(opt.def_sig_expire)*86400L;
      }
    if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
 	goto leave;
@ -1163,8 +1173,13 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
    memset( &cfx, 0, sizeof cfx);
    init_packet( &pkt );
-    if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
+    if(!opt.force_v3_sigs && !opt.batch && !RFC1991)
-      duration=ask_expire_interval(1);
+      {
 	if(opt.ask_sig_expire)
 	  duration=ask_expire_interval(1,opt.def_sig_expire);
 	else
 	  duration=parse_expire_string(opt.def_sig_expire)*86400L;
      }
    rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
    if (rc)