From 09117e769a093467cb47154f36d7dda613313e33 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 21 Jan 2016 11:49:27 +0100 Subject: [PATCH] gpg: Make --auto-key-retrieve work with dirmngr configured server. * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional. * g10/keyserver.c (keyserver_any_configured): New. (keyserver_put): Remove arg keyserver because this will always receive opt.keyserver which is anyway used when connecting dirmngr. Do not check opt.keyserver. (keyserver_import_cert): Replace opt.keyserver by keyserver_any_configured. * g10/mainproc.c (check_sig_and_print): Ditto. * g10/import.c (revocation_present): Ditto. * g10/getkey.c (get_pubkey_byname): Ditto. * g10/gpgv.c (keyserver_any_configured): Add stub. * g10/test-stubs.c (keyserver_any_configured): Add stub. -- The keyserver should be configured in dirmngr.conf and thus we can't use opt.keyserver in gpg to decide whether a keyserver has been configured. GnuPG-bug-id: 2147 Signed-off-by: Werner Koch --- g10/call-dirmngr.c | 8 +++++-- g10/getkey.c | 4 ++-- g10/gpgv.c | 7 ++++++ g10/import.c | 6 ++--- g10/keyserver-internal.h | 1 + g10/keyserver.c | 48 +++++++++++++++++++++++----------------- g10/mainproc.c | 4 ++-- g10/test-stubs.c | 7 ++++++ 8 files changed, 56 insertions(+), 29 deletions(-) diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 360e12743..e59653362 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -404,7 +404,8 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver) memset (&stparm, 0, sizeof stparm); stparm.keyword = "KEYSERVER"; - *r_keyserver = NULL; + if (r_keyserver) + *r_keyserver = NULL; err = open_context (ctrl, &ctx); if (err) @@ -420,7 +421,10 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver) goto leave; } - *r_keyserver = stparm.source; + if (r_keyserver) + *r_keyserver = stparm.source; + else + xfree (stparm.source); stparm.source = NULL; leave: diff --git a/g10/getkey.c b/g10/getkey.c index 9a4f81e21..74fa7530a 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1333,9 +1333,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk, mailbox for the getname search, but it helps cut down on the problem of searching for something like "john" and getting a whole lot of keys back. */ - if (opt.keyserver) + if (keyserver_any_configured (ctrl)) { - mechanism = opt.keyserver->uri; + mechanism = "keyserver"; glo_ctrl.in_auto_key_retrieve++; rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len, opt.keyserver); diff --git a/g10/gpgv.c b/g10/gpgv.c index 993275671..19a2ff6c7 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -344,6 +344,13 @@ keyserver_match (struct keyserver_spec *spec) return NULL; } +int +keyserver_any_configured (ctrl_t ctrl) +{ + (void)ctrl; + return 0; +} + int keyserver_import_keyid (u32 *keyid, void *dummy) { diff --git a/g10/import.c b/g10/import.c index 8e75aa160..369be35d9 100644 --- a/g10/import.c +++ b/g10/import.c @@ -2471,9 +2471,9 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) char *tempkeystr=xstrdup(keystr_from_pk(pk)); /* No, so try and get it */ - if(opt.keyserver - && (opt.keyserver_options.options - & KEYSERVER_AUTO_KEY_RETRIEVE)) + if ((opt.keyserver_options.options + & KEYSERVER_AUTO_KEY_RETRIEVE) + && keyserver_any_configured (ctrl)) { log_info(_("WARNING: key %s may be revoked:" " fetching revocation key %s\n"), diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h index 676b4dbbf..6f6f43070 100644 --- a/g10/keyserver-internal.h +++ b/g10/keyserver-internal.h @@ -31,6 +31,7 @@ struct keyserver_spec *keyserver_match(struct keyserver_spec *spec); struct keyserver_spec *parse_keyserver_uri (const char *string, int require_scheme); struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig); +int keyserver_any_configured (ctrl_t ctrl); int keyserver_export (ctrl_t ctrl, strlist_t users); int keyserver_import (ctrl_t ctrl, strlist_t users); int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len, diff --git a/g10/keyserver.c b/g10/keyserver.c index b0af63d25..e9ccb5893 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -109,8 +109,7 @@ static gpg_error_t keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, struct keyserver_spec *override_keyserver, unsigned char **r_fpr, size_t *r_fprlen); -static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs, - struct keyserver_spec *keyserver); +static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs); /* Reasonable guess. The commonly used test key simon.josefsson.org @@ -1005,7 +1004,7 @@ keyserver_export (ctrl_t ctrl, strlist_t users) if(sl) { - rc = keyserver_put (ctrl, sl, opt.keyserver); + rc = keyserver_put (ctrl, sl); free_strlist(sl); } @@ -1132,6 +1131,14 @@ keyserver_import (ctrl_t ctrl, strlist_t users) } +/* Return true if any keyserver has been configured. */ +int +keyserver_any_configured (ctrl_t ctrl) +{ + return !gpg_dirmngr_ks_list (ctrl, NULL); +} + + /* Import all keys that exactly match NAME */ int keyserver_import_name (ctrl_t ctrl, const char *name, @@ -1380,7 +1387,12 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users) opt.keyserver_options.import_options|=IMPORT_FAST; /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO - scheme, then enable fake v3 keyid generation. */ + scheme, then enable fake v3 keyid generation. Note that this + works only with a keyserver configured. gpg.conf + (i.e. opt.keyserver); however that method of configuring a + keyserver is deprecated and in any case it is questionable + whether we should keep on supporting these ancient and broken + keyservers. */ if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 || ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0)) @@ -1775,21 +1787,21 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, } -/* Send all keys specified by KEYSPECS to the KEYSERVERS. */ +/* Send all keys specified by KEYSPECS to the configured keyserver. */ static gpg_error_t -keyserver_put (ctrl_t ctrl, strlist_t keyspecs, - struct keyserver_spec *keyserver) +keyserver_put (ctrl_t ctrl, strlist_t keyspecs) { gpg_error_t err; strlist_t kspec; + char *ksurl; if (!keyspecs) return 0; /* Return success if the list is empty. */ - if (!opt.keyserver) + if (gpg_dirmngr_ks_list (ctrl, &ksurl)) { - log_error (_("no keyserver known (use option --keyserver)\n")); + log_error (_("no keyserver known\n")); return gpg_error (GPG_ERR_NO_KEYSERVER); } @@ -1807,14 +1819,9 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs, log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err)); else { - if (keyserver->host) - log_info (_("sending key %s to %s server %s\n"), - keystr (keyblock->pkt->pkt.public_key->keyid), - keyserver->scheme, keyserver->host); - else - log_info (_("sending key %s to %s\n"), - keystr (keyblock->pkt->pkt.public_key->keyid), - keyserver->uri); + log_info (_("sending key %s to %s\n"), + keystr (keyblock->pkt->pkt.public_key->keyid), + ksurl?ksurl:"[?]"); err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock); release_kbnode (keyblock); @@ -1827,6 +1834,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs, } } + xfree (ksurl); return err; @@ -1940,15 +1948,15 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode, free_keyserver_spec(spec); } } - else if(opt.keyserver) + else if (keyserver_any_configured (ctrl)) { /* If only a fingerprint is provided, try and fetch it from - our --keyserver */ + the configured keyserver. */ err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver); } else - log_info(_("no keyserver known (use option --keyserver)\n")); + log_info(_("no keyserver known\n")); /* Give a better string here? "CERT fingerprint for \"%s\" found, but no keyserver" " known (use option diff --git a/g10/mainproc.c b/g10/mainproc.c index 868832542..5e6b40b3b 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1803,8 +1803,8 @@ check_sig_and_print (CTX c, kbnode_t node) no information from the DNS PKA, this is a third try. */ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY - && opt.keyserver - && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)) + && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) + && keyserver_any_configured (c->ctrl)) { int res; diff --git a/g10/test-stubs.c b/g10/test-stubs.c index a1988f0f8..74b6bf76d 100644 --- a/g10/test-stubs.c +++ b/g10/test-stubs.c @@ -156,6 +156,13 @@ keyserver_match (struct keyserver_spec *spec) return NULL; } +int +keyserver_any_configured (ctrl_t ctrl) +{ + (void)ctrl; + return 0; +} + int keyserver_import_keyid (u32 *keyid, void *dummy) {