core: For OpenPGP let offline mode disable dirmngr.

* src/engine-gpg.c (struct engine_gpg): New flag.offline.
(gpg_set_engine_flags): Set it.  Also fix setting of no_symkey_cache.
(build_argv): Pass --disable-dirmngr in offline mode.
--

GnuPG-bug-id: 3831
Signed-off-by: Werner Koch <wk@gnupg.org>

2 files changed, 38 insertions, 17 deletions

diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 3975a971..c14780a9 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -2606,22 +2606,26 @@ valid pointer.
 @deftypefun void gpgme_set_offline (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{yes}})
 @since{1.6.0}
 
-The function @code{gpgme_set_offline} specifies if offline mode
-should be used.  By default, offline mode is not used.
+The function @code{gpgme_set_offline} specifies if offline mode should
+be used.  Offline mode is disabled if @var{yes} is zero, and enabled
+otherwise.  By default, offline mode is disabled.
 
-The offline mode specifies if dirmngr should be used to do additional
-validation that might require connections to external services.
-(e.g. CRL / OCSP checks).
+The details of the offline mode depend on the used protocol and its
+backend engine.  It may eventually be extended to be more stricter and
+for example completely disable the use of Dirmngr for any engine.
 
-Offline mode only affects the keylist mode @code{GPGME_KEYLIST_MODE_VALIDATE}
-and is only relevant to the CMS crypto engine. Offline mode
-is ignored otherwise.
+For the CMS protocol the offline mode specifies whether Dirmngr shall
+be used to do additional validation that might require connecting
+external services (e.g. CRL / OCSP checks).  Here the offline mode
+only affects the keylist mode @code{GPGME_KEYLIST_MODE_VALIDATE}.
 
-This option may be extended in the future to completely disable
-the use of dirmngr for any engine.
+For the OpenPGP protocol offline mode entirely disables the use of the
+Dirmngr and will thus guarantee that no network connections are done
+as part of an operation on this context.  It has only an effect with
+GnuPG versions 2.1.23 or later.
+
+For all other protocols the offline mode is currently ignored.
 
-Offline mode is disabled if @var{yes} is zero, and enabled
-otherwise.
 @end deftypefun
 
 @deftypefun int gpgme_get_offline (@w{gpgme_ctx_t @var{ctx}})
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 49a1c75e..fdb786a9 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -148,6 +148,7 @@ struct engine_gpg
 
   struct {
     unsigned int no_symkey_cache : 1;
+    unsigned int offline : 1;
   } flags;
 
   /* NULL or the data object fed to --override_session_key-fd.  */
@@ -647,12 +648,14 @@ gpg_set_engine_flags (void *engine, const gpgme_ctx_t ctx)
       else
         strcpy (gpg->request_origin, ctx->request_origin);
     }
-  else if (ctx->no_symkey_cache && have_gpg_version (gpg, "2.2.7"))
-    {
-      gpg->flags.no_symkey_cache = 1;
-    }
   else
     *gpg->request_origin = 0;
+
+  gpg->flags.no_symkey_cache = (ctx->no_symkey_cache
+                                && have_gpg_version (gpg, "2.2.7"));
+
+  gpg->flags.offline = (ctx->offline && have_gpg_version (gpg, "2.1.23"));
+
 }
 
 
@@ -884,7 +887,8 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
     argc++;
   if (!gpg->cmd.used)
     argc++;	/* --batch */
-  argc += 3;	/* --no-sk-comments, --request-origin, --no-symkey-cache */
+  argc += 4;	/* --no-sk-comments, --request-origin, --no-symkey-cache */
+                /* --disable-dirmngr  */
 
   argv = calloc (argc + 1, sizeof *argv);
   if (!argv)
@@ -959,6 +963,19 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
       argc++;
     }
 
+  if (gpg->flags.offline)
+    {
+      argv[argc] = strdup ("--disable-dirmngr");
+      if (!argv[argc])
+	{
+          int saved_err = gpg_error_from_syserror ();
+	  free (fd_data_map);
+	  free_argv (argv);
+	  return saved_err;
+        }
+      argc++;
+    }
+
   if (gpg->pinentry_mode && have_gpg_version (gpg, "2.1.0"))
     {
       const char *s = NULL;