diff options
Diffstat (limited to 'qpdf/qpdf.cc')
-rw-r--r-- | qpdf/qpdf.cc | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/qpdf/qpdf.cc b/qpdf/qpdf.cc index 0405a45d..702a6b9e 100644 --- a/qpdf/qpdf.cc +++ b/qpdf/qpdf.cc @@ -113,6 +113,7 @@ struct Options password_is_hex_key(false), suppress_password_recovery(false), password_mode(pm_auto), + allow_insecure(false), keylen(0), r2_print(true), r2_modify(true), @@ -211,6 +212,7 @@ struct Options bool password_is_hex_key; bool suppress_password_recovery; password_mode_e password_mode; + bool allow_insecure; std::string user_password; std::string owner_password; int keylen; @@ -742,6 +744,7 @@ class ArgParser void argEncrypt(); void argDecrypt(); void argPasswordIsHexKey(); + void argAllowInsecure(); void argPasswordMode(char* parameter); void argSuppressPasswordRecovery(); void argCopyEncryption(char* parameter); @@ -1074,13 +1077,17 @@ ArgParser::initOptionTable() t = &this->encrypt40_option_table; (*t)["--"] = oe_bare(&ArgParser::argEndEncrypt); + (*t)["allow-insecure"] = oe_bare(&ArgParser::argAllowInsecure); + // The above 40-bit options are also 128-bit and 256-bit options, + // so copy what we have so far to 128. Then continue separately + // with 128. We later copy 128 to 256. + this->encrypt128_option_table = this->encrypt40_option_table; (*t)["print"] = oe_requiredChoices(&ArgParser::arg40Print, yn); (*t)["modify"] = oe_requiredChoices(&ArgParser::arg40Modify, yn); (*t)["extract"] = oe_requiredChoices(&ArgParser::arg40Extract, yn); (*t)["annotate"] = oe_requiredChoices(&ArgParser::arg40Annotate, yn); t = &this->encrypt128_option_table; - (*t)["--"] = oe_bare(&ArgParser::argEndEncrypt); (*t)["accessibility"] = oe_requiredChoices( &ArgParser::arg128Accessibility, yn); (*t)["extract"] = oe_requiredChoices(&ArgParser::arg128Extract, yn); @@ -1317,6 +1324,10 @@ ArgParser::argHelp() << "\n" << "Additional flags are dependent upon key length.\n" << "\n" + << " For all key lengths:\n" + << " --allow-insecure allow the owner password to be empty or the\n" + << " same as the user password\n" + << "\n" << " If 40:\n" << "\n" << " --print=[yn] allow printing\n" @@ -1850,6 +1861,12 @@ ArgParser::argPasswordMode(char* parameter) } void +ArgParser::argAllowInsecure() +{ + o.allow_insecure = true; +} + +void ArgParser::argCopyEncryption(char* parameter) { o.encryption_file = parameter; @@ -3337,6 +3354,18 @@ ArgParser::doFinalChecks() " together"); } + if (o.encrypt && (! o.allow_insecure) && + (o.owner_password.empty() || + (o.owner_password == o.user_password))) + { + usage("An encrypted PDF with an empty owner password or an" + " owner password that is the same as a user password" + " is insecure and can't be opened by some viewers. If you" + " really want to do this, you must also give the" + " --allow-insecure option before the -- that follows" + " --encrypt."); + } + if (o.require_outfile && o.outfilename && (strcmp(o.outfilename, "-") == 0)) { |