[PATCH] gpg: Allow to set TOFU policy in the key editor
Damien Goutte-Gattat
dgouttegattat at incenp.org
Wed Jan 27 17:40:35 CET 2016
Hi Werner,
> In the other menus we use this format:
>
> tty_printf (_(" (%d) Ask me next time\n"), 5);
>
> Please use that too.
OK, please find modified patch under the scissors below.
> Can you also add something like
>
> tty_printf (_(" (%c) Cancel\n"), '0');
>
> and return TOFU_POLICY_NONE in that case?
Likewise.
Cheers,
-- >8 --
* g10/keyedit.c (keyedit_menu): Add a tofu command.
(tofu_policy_prompt): New.
--
Currently, the only way to explicitly assign a TOFU policy is
through the --tofu-policy option on the command line.
This patch allows to set TOFU policy through the interactive
key editor.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
g10/keyedit.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 30f52a4..8018130 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -448,6 +448,49 @@ sign_mk_attrib (PKT_signature * sig, void *opaque)
}
+#ifdef USE_TOFU
+static enum tofu_policy
+tofu_policy_prompt (void)
+{
+ char *p;
+ enum tofu_policy policy = -1;
+
+ tty_printf (_("Please assign a TOFU policy to this key\n"));
+ tty_printf ("\n");
+ tty_printf (_(" (%d) Use the default policy\n"), 1);
+ tty_printf (_(" (%d) This key belongs to the stated owner\n"), 2);
+ tty_printf (_(" (%d) I do not know\n"), 3);
+ tty_printf (_(" (%d) This key is a forgery\n"), 4);
+ tty_printf (_(" (%d) Ask me next time\n"), 5);
+ tty_printf (_(" (%c) Cancel\n"), '0');
+ tty_printf ("\n");
+
+ while (policy == -1)
+ {
+ p = cpr_get ("tofu_policy_prompt.policy", _("Your selection? "));
+ trim_spaces (p);
+ cpr_kill_prompt ();
+ if (*p && !p[1])
+ {
+ switch (*p)
+ {
+ case '0': policy = TOFU_POLICY_NONE ; break;
+ case '1': policy = TOFU_POLICY_AUTO ; break;
+ case '2': policy = TOFU_POLICY_GOOD ; break;
+ case '3': policy = TOFU_POLICY_UNKNOWN; break;
+ case '4': policy = TOFU_POLICY_BAD ; break;
+ case '5': policy = TOFU_POLICY_ASK ; break;
+ }
+ }
+
+ xfree (p);
+ }
+
+ return policy;
+}
+#endif /*!USE_TOFU*/
+
+
static void
trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp)
{
@@ -1366,6 +1409,9 @@ enum cmdids
#ifndef NO_TRUST_MODELS
cmdENABLEKEY, cmdDISABLEKEY,
#endif /*!NO_TRUST_MODELS*/
+#ifdef USE_TOFU
+ cmdTOFUPOLICY,
+#endif /*!USE_TOFU*/
cmdSHOWPREF,
cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD,
@@ -1447,6 +1493,9 @@ static struct
#ifndef NO_TRUST_MODELS
{ "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")},
#endif /*!NO_TRUST_MODELS*/
+#ifdef USE_TOFU
+ { "tofu", cmdTOFUPOLICY, 0, N_("set TOFU policy")},
+#endif /*!USE_TOFU*/
{ "revsig", cmdREVSIG, KEYEDIT_NOT_SK,
N_("revoke signatures on the selected user IDs")},
{ "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
@@ -2167,6 +2216,30 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break;
#endif /*!NO_TRUST_MODELS*/
+#ifdef USE_TOFU
+ case cmdTOFUPOLICY:
+ if (opt.trust_model != TM_TOFU && opt.trust_model != TM_TOFU_PGP)
+ {
+ tty_printf (_("TOFU policy can only be set while "
+ "using a TOFU-enabled trust model\n"));
+ break;
+ }
+
+ {
+ enum tofu_policy policy = tofu_policy_prompt ();
+ if (policy != TOFU_POLICY_NONE)
+ {
+ err = tofu_set_policy (keyblock, policy);
+ if (err)
+ {
+ tty_printf (_("Error setting TOFU policy: %s\n"),
+ gpg_strerror (err));
+ }
+ }
+ }
+ break;
+#endif /*!USE_TOFU*/
+
case cmdPREF:
{
int count = count_selected_uids (keyblock);
--
1.8.4
More information about the Gnupg-devel
mailing list