gpgsm: Add --always-trust feature.

* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--

GnuPG-bug-id: 6559

sm/gpgsm.h

@@ -102,8 +102,6 @@ struct
   int extra_digest_algo;  /* A digest algorithm also used for
                              verification of signatures.  */
 
-  int always_trust;       /* Trust the given keys even if there is no
-                             valid certification chain */
   int skip_verify;        /* do not check signatures on data */
 
   int lock_once;          /* Keep lock once they are set */
@@ -150,6 +148,10 @@ struct
    * mode.  */
   int require_compliance;
 
+  /* Enable always-trust mode - note that there is also server option
+   * for this.  */
+  int always_trust;
+
   /* Compatibility flags (COMPAT_FLAG_xxxx).  */
   unsigned int compat_flags;
 } opt;
@@ -230,6 +232,9 @@ struct server_control_s
                            2 := STEED model. */
   int offline;        /* If true gpgsm won't do any network access.  */
 
+  int always_trust;   /* True in always-trust mode; see also
+                       * opt.always-trust.  */
+
   /* The current time.  Used as a helper in certchain.c.  */
   ksba_isotime_t current_time;
 };
@@ -340,6 +345,7 @@ int gpgsm_create_cms_signature (ctrl_t ctrl,
 #define VALIDATE_FLAG_NO_DIRMNGR  1
 #define VALIDATE_FLAG_CHAIN_MODEL 2
 #define VALIDATE_FLAG_STEED       4
+#define VALIDATE_FLAG_BYPASS      8  /* No actual validation.  */
 
 int gpgsm_walk_cert_chain (ctrl_t ctrl,
                            ksba_cert_t start, ksba_cert_t *r_next);