diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:14:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:14:06 +0000 |
commit | eee068778cb28ecf3c14e1bf843a95547d72c42d (patch) | |
tree | 0e07b30ddc5ea579d682d5dbe57998200d1c9ab7 /g10/options.h | |
parent | Initial commit. (diff) | |
download | gnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.tar.xz gnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.zip |
Adding upstream version 2.2.40.upstream/2.2.40
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'g10/options.h')
-rw-r--r-- | g10/options.h | 423 |
1 files changed, 423 insertions, 0 deletions
diff --git a/g10/options.h b/g10/options.h new file mode 100644 index 0000000..b11e91c --- /dev/null +++ b/g10/options.h @@ -0,0 +1,423 @@ +/* options.h + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007, 2010, 2011 Free Software Foundation, Inc. + * Copyright (C) 2015 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <https://www.gnu.org/licenses/>. + */ +#ifndef G10_OPTIONS_H +#define G10_OPTIONS_H + +#include <sys/types.h> +#include "../common/types.h" +#include <stdint.h> +#include "main.h" +#include "packet.h" +#include "tofu.h" +#include "../common/session-env.h" +#include "../common/compliance.h" + + +/* Object to hold information pertaining to a keyserver; it also + allows building a list of keyservers. For historic reasons this is + not a strlist_t. */ +struct keyserver_spec +{ + struct keyserver_spec *next; + char *uri; +}; +typedef struct keyserver_spec *keyserver_spec_t; + + +/* Global options for GPG. */ +EXTERN_UNLESS_MAIN_MODULE +struct +{ + int verbose; + int quiet; + unsigned debug; + int armor; + char *outfile; + estream_t outfp; /* Hack, sometimes used in place of outfile. */ + off_t max_output; + + /* If > 0 a hint with the expected number of input data bytes. This + * is not necessary an exact number but intended to be used for + * progress info and to decide on how to allocate buffers. */ + uint64_t input_size_hint; + + int dry_run; + int autostart; + int list_only; + int mimemode; + int textmode; + int expert; + const char *def_sig_expire; + int ask_sig_expire; + const char *def_cert_expire; + int ask_cert_expire; + int batch; /* run in batch mode */ + int answer_yes; /* answer yes on most questions */ + int answer_no; /* answer no on most questions */ + int check_sigs; /* check key signatures */ + int with_colons; + int with_key_data; + int with_icao_spelling; /* Print ICAO spelling with fingerprints. */ + int with_fingerprint; /* Option --with-fingerprint active. */ + int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active. */ + int with_keygrip; /* Option --with-keygrip active. */ + int with_tofu_info; /* Option --with-tofu_info active. */ + int with_secret; /* Option --with-secret active. */ + int with_wkd_hash; /* Option --with-wkd-hash. */ + int with_key_origin; /* Option --with-key-origin. */ + int fingerprint; /* list fingerprints */ + int list_sigs; /* list signatures */ + int no_armor; + int list_packets; /* Option --list-packets active. */ + int def_cipher_algo; + int def_digest_algo; + int cert_digest_algo; + int compress_algo; + int compress_level; + int bz2_compress_level; + int bz2_decompress_lowmem; + strlist_t def_secret_key; + char *def_recipient; + int def_recipient_self; + strlist_t secret_keys_to_try; + + /* A list of mail addresses (addr-spec) provided by the user with + * the option --sender. */ + strlist_t sender_list; + + int def_cert_level; + int min_cert_level; + int ask_cert_level; + int emit_version; /* 0 = none, + 1 = major only, + 2 = major and minor, + 3 = full version, + 4 = full version plus OS string. */ + int marginals_needed; + int completes_needed; + int max_cert_depth; + const char *agent_program; + const char *dirmngr_program; + int disable_dirmngr; + + const char *def_new_key_algo; + + /* Options to be passed to the gpg-agent */ + session_env_t session_env; + char *lc_ctype; + char *lc_messages; + + int skip_verify; + int skip_hidden_recipients; + + /* TM_CLASSIC must be zero to accommodate trustdbsg generated before + we started storing the trust model inside the trustdb. */ + enum + { + TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, + TM_ALWAYS, TM_DIRECT, TM_AUTO, TM_TOFU, TM_TOFU_PGP + } trust_model; + enum tofu_policy tofu_default_policy; + int force_ownertrust; + enum gnupg_compliance_mode compliance; + enum + { + KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG + } keyid_format; + const char *set_filename; + strlist_t comments; + int throw_keyids; + const char *photo_viewer; + int s2k_mode; + int s2k_digest_algo; + int s2k_cipher_algo; + unsigned char s2k_count; /* This is the encoded form, not the raw + count */ + int not_dash_escaped; + int escape_from; + int lock_once; + keyserver_spec_t keyserver; /* The list of configured keyservers. */ + struct + { + unsigned int options; + unsigned int import_options; + unsigned int export_options; + char *http_proxy; + } keyserver_options; + int exec_disable; + int exec_path_set; + unsigned int import_options; + unsigned int export_options; + unsigned int list_options; + unsigned int verify_options; + const char *def_preference_list; + const char *def_keyserver_url; + prefitem_t *personal_cipher_prefs; + prefitem_t *personal_digest_prefs; + prefitem_t *personal_compress_prefs; + struct weakhash *weak_digests; + int no_perm_warn; + char *temp_dir; + int no_encrypt_to; + int encrypt_to_default_key; + int interactive; + struct notation *sig_notations; + struct notation *cert_notations; + strlist_t sig_policy_url; + strlist_t cert_policy_url; + strlist_t sig_keyserver_url; + strlist_t cert_subpackets; + strlist_t sig_subpackets; + int allow_non_selfsigned_uid; + int allow_freeform_uid; + int no_literal; + ulong set_filesize; + int fast_list_mode; + int legacy_list_mode; + int ignore_time_conflict; + int ignore_valid_from; + int ignore_crc_error; + int ignore_mdc_error; + int command_fd; + const char *override_session_key; + int show_session_key; + + const char *gpg_agent_info; + int try_all_secrets; + int no_expensive_trust_checks; + int no_sig_cache; + int no_auto_check_trustdb; + int preserve_permissions; + int no_homedir_creation; + struct groupitem *grouplist; + int mangle_dos_filenames; + int enable_progress_filter; + unsigned int screen_columns; + unsigned int screen_lines; + byte *show_subpackets; + int rfc2440_text; + unsigned int min_rsa_length; /* Used for compliance checks. */ + + /* If true, let write failures on the status-fd exit the process. */ + int exit_on_status_write_error; + + /* If > 0, limit the number of card insertion prompts to this + value. */ + int limit_card_insert_tries; + + struct + { + /* If set, require an 0x19 backsig to be present on signatures + made by signing subkeys. If not set, a missing backsig is not + an error (but an invalid backsig still is). */ + unsigned int require_cross_cert:1; + + unsigned int use_embedded_filename:1; + unsigned int utf8_filename:1; + unsigned int dsa2:1; + unsigned int allow_multiple_messages:1; + unsigned int allow_weak_digest_algos:1; + unsigned int allow_weak_key_signatures:1; + unsigned int override_compliance_check:1; + unsigned int large_rsa:1; + unsigned int disable_signer_uid:1; + unsigned int include_key_block:1; + unsigned int auto_key_import:1; + /* Flag to enable experimental features from RFC4880bis. */ + unsigned int rfc4880bis:1; + /* Hack: --output is not given but OUTFILE was temporary set to "-". */ + unsigned int dummy_outfile:1; + /* Force the use of the OpenPGP card and do not allow the use of + * another card. */ + unsigned int use_only_openpgp_card:1; + /* Force signing keys even if a key signature already exists. */ + unsigned int force_sign_key:1; + /* The next flag is set internally iff IMPORT_SELF_SIGS_ONLY has + * been set by the user and is not the default value. */ + unsigned int expl_import_self_sigs_only:1; + /* Fail if an operation can't be done in the requested compliance + * mode. */ + unsigned int require_compliance:1; + } flags; + + /* Linked list of ways to find a key if the key isn't on the local + keyring. */ + struct akl + { + enum { + AKL_NODEFAULT, + AKL_LOCAL, + AKL_CERT, + AKL_PKA, + AKL_DANE, + AKL_WKD, + AKL_LDAP, + AKL_NTDS, + AKL_KEYSERVER, + AKL_SPEC + } type; + keyserver_spec_t spec; + struct akl *next; + } *auto_key_locate; + + /* The value of --key-origin. See parse_key_origin(). */ + int key_origin; + char *key_origin_url; + + int passphrase_repeat; + int pinentry_mode; + int request_origin; + + int unwrap_encryption; + int only_sign_text_ids; + + int no_symkey_cache; /* Disable the cache used for --symmetric. */ +} opt; + +/* CTRL is used to keep some global variables we currently can't + avoid. Future concurrent versions of gpg will put it into a per + request structure CTRL. */ +EXTERN_UNLESS_MAIN_MODULE +struct { + int in_auto_key_retrieve; /* True if we are doing an + auto_key_retrieve. */ + /* Hack to store the last error. We currently need it because the + proc_packet machinery is not able to reliabale return error + codes. Thus for the --server purposes we store some of the error + codes here. FIXME! */ + gpg_error_t lasterr; + + /* Kludge to silence some warnings using --secret-key-list. */ + int silence_parse_warnings; +} glo_ctrl; + +#define DBG_PACKET_VALUE 1 /* debug packet reading/writing */ +#define DBG_MPI_VALUE 2 /* debug mpi details */ +#define DBG_CRYPTO_VALUE 4 /* debug crypto handling */ + /* (may reveal sensitive data) */ +#define DBG_FILTER_VALUE 8 /* debug internal filter handling */ +#define DBG_IOBUF_VALUE 16 /* debug iobuf stuff */ +#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */ +#define DBG_CACHE_VALUE 64 /* debug the caching */ +#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ +#define DBG_TRUST_VALUE 256 /* debug the trustdb */ +#define DBG_HASHING_VALUE 512 /* debug hashing operations */ +#define DBG_IPC_VALUE 1024 /* debug assuan communication */ +#define DBG_CLOCK_VALUE 4096 +#define DBG_LOOKUP_VALUE 8192 /* debug the key lookup */ +#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */ + +/* Tests for the debugging flags. */ +#define DBG_PACKET (opt.debug & DBG_PACKET_VALUE) +#define DBG_MPI (opt.debug & DBG_MPI_VALUE) +#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) +#define DBG_FILTER (opt.debug & DBG_FILTER_VALUE) +#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) +#define DBG_TRUST (opt.debug & DBG_TRUST_VALUE) +#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) +#define DBG_CLOCK (opt.debug & DBG_CLOCK_VALUE) +#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) +#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE) + +/* FIXME: We need to check why we did not put this into opt. */ +#define DBG_MEMORY memory_debug_mode +#define DBG_MEMSTAT memory_stat_debug_mode + +EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode; +EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; + + +/* Compatibility flags. */ +#define GNUPG (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS) +#define RFC2440 (opt.compliance==CO_RFC2440) +#define RFC4880 (opt.compliance==CO_RFC4880) +#define PGP6 (opt.compliance==CO_PGP6) +#define PGP7 (opt.compliance==CO_PGP7) +#define PGP8 (opt.compliance==CO_PGP8) +#define PGPX (PGP6 || PGP7 || PGP8) + +/* Various option flags. Note that there should be no common string + names between the IMPORT_ and EXPORT_ flags as they can be mixed in + the keyserver-options option. */ + +#define IMPORT_LOCAL_SIGS (1<<0) +#define IMPORT_REPAIR_PKS_SUBKEY_BUG (1<<1) +#define IMPORT_FAST (1<<2) +#define IMPORT_SHOW (1<<3) +#define IMPORT_MERGE_ONLY (1<<4) +#define IMPORT_MINIMAL (1<<5) +#define IMPORT_CLEAN (1<<6) +#define IMPORT_NO_SECKEY (1<<7) +#define IMPORT_KEEP_OWNERTTRUST (1<<8) +#define IMPORT_EXPORT (1<<9) +#define IMPORT_RESTORE (1<<10) +#define IMPORT_REPAIR_KEYS (1<<11) +#define IMPORT_DRY_RUN (1<<12) +#define IMPORT_SELF_SIGS_ONLY (1<<14) + +#define EXPORT_LOCAL_SIGS (1<<0) +#define EXPORT_ATTRIBUTES (1<<1) +#define EXPORT_SENSITIVE_REVKEYS (1<<2) +#define EXPORT_RESET_SUBKEY_PASSWD (1<<3) +#define EXPORT_MINIMAL (1<<4) +#define EXPORT_CLEAN (1<<5) +#define EXPORT_PKA_FORMAT (1<<6) +#define EXPORT_DANE_FORMAT (1<<7) +#define EXPORT_BACKUP (1<<10) + +#define LIST_SHOW_PHOTOS (1<<0) +#define LIST_SHOW_POLICY_URLS (1<<1) +#define LIST_SHOW_STD_NOTATIONS (1<<2) +#define LIST_SHOW_USER_NOTATIONS (1<<3) +#define LIST_SHOW_NOTATIONS (LIST_SHOW_STD_NOTATIONS|LIST_SHOW_USER_NOTATIONS) +#define LIST_SHOW_KEYSERVER_URLS (1<<4) +#define LIST_SHOW_UID_VALIDITY (1<<5) +#define LIST_SHOW_UNUSABLE_UIDS (1<<6) +#define LIST_SHOW_UNUSABLE_SUBKEYS (1<<7) +#define LIST_SHOW_KEYRING (1<<8) +#define LIST_SHOW_SIG_EXPIRE (1<<9) +#define LIST_SHOW_SIG_SUBPACKETS (1<<10) +#define LIST_SHOW_USAGE (1<<11) +#define LIST_SHOW_ONLY_FPR_MBOX (1<<12) + +#define VERIFY_SHOW_PHOTOS (1<<0) +#define VERIFY_SHOW_POLICY_URLS (1<<1) +#define VERIFY_SHOW_STD_NOTATIONS (1<<2) +#define VERIFY_SHOW_USER_NOTATIONS (1<<3) +#define VERIFY_SHOW_NOTATIONS (VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_USER_NOTATIONS) +#define VERIFY_SHOW_KEYSERVER_URLS (1<<4) +#define VERIFY_SHOW_UID_VALIDITY (1<<5) +#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6) +#define VERIFY_PKA_LOOKUPS (1<<7) +#define VERIFY_PKA_TRUST_INCREASE (1<<8) +#define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9) + +#define KEYSERVER_HTTP_PROXY (1<<0) +#define KEYSERVER_TIMEOUT (1<<1) +#define KEYSERVER_ADD_FAKE_V3 (1<<2) +#define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3) +#define KEYSERVER_HONOR_KEYSERVER_URL (1<<4) +#define KEYSERVER_HONOR_PKA_RECORD (1<<5) + + +#endif /*G10_OPTIONS_H*/ |