mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-23 15:07:03 +01:00
gpg: Make --auto-key-retrieve work with dirmngr configured server.
* g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional. * g10/keyserver.c (keyserver_any_configured): New. (keyserver_put): Remove arg keyserver because this will always receive opt.keyserver which is anyway used when connecting dirmngr. Do not check opt.keyserver. (keyserver_import_cert): Replace opt.keyserver by keyserver_any_configured. * g10/mainproc.c (check_sig_and_print): Ditto. * g10/import.c (revocation_present): Ditto. * g10/getkey.c (get_pubkey_byname): Ditto. * g10/gpgv.c (keyserver_any_configured): Add stub. * g10/test-stubs.c (keyserver_any_configured): Add stub. -- The keyserver should be configured in dirmngr.conf and thus we can't use opt.keyserver in gpg to decide whether a keyserver has been configured. GnuPG-bug-id: 2147 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
bdb6135177
commit
09117e769a
@ -404,7 +404,8 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
|
|||||||
|
|
||||||
memset (&stparm, 0, sizeof stparm);
|
memset (&stparm, 0, sizeof stparm);
|
||||||
stparm.keyword = "KEYSERVER";
|
stparm.keyword = "KEYSERVER";
|
||||||
*r_keyserver = NULL;
|
if (r_keyserver)
|
||||||
|
*r_keyserver = NULL;
|
||||||
|
|
||||||
err = open_context (ctrl, &ctx);
|
err = open_context (ctrl, &ctx);
|
||||||
if (err)
|
if (err)
|
||||||
@ -420,7 +421,10 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
*r_keyserver = stparm.source;
|
if (r_keyserver)
|
||||||
|
*r_keyserver = stparm.source;
|
||||||
|
else
|
||||||
|
xfree (stparm.source);
|
||||||
stparm.source = NULL;
|
stparm.source = NULL;
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
|
@ -1333,9 +1333,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
|
|||||||
mailbox for the getname search, but it helps cut down
|
mailbox for the getname search, but it helps cut down
|
||||||
on the problem of searching for something like "john"
|
on the problem of searching for something like "john"
|
||||||
and getting a whole lot of keys back. */
|
and getting a whole lot of keys back. */
|
||||||
if (opt.keyserver)
|
if (keyserver_any_configured (ctrl))
|
||||||
{
|
{
|
||||||
mechanism = opt.keyserver->uri;
|
mechanism = "keyserver";
|
||||||
glo_ctrl.in_auto_key_retrieve++;
|
glo_ctrl.in_auto_key_retrieve++;
|
||||||
rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
|
rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
|
||||||
opt.keyserver);
|
opt.keyserver);
|
||||||
|
@ -344,6 +344,13 @@ keyserver_match (struct keyserver_spec *spec)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
keyserver_any_configured (ctrl_t ctrl)
|
||||||
|
{
|
||||||
|
(void)ctrl;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
keyserver_import_keyid (u32 *keyid, void *dummy)
|
keyserver_import_keyid (u32 *keyid, void *dummy)
|
||||||
{
|
{
|
||||||
|
@ -2471,9 +2471,9 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
|
|||||||
char *tempkeystr=xstrdup(keystr_from_pk(pk));
|
char *tempkeystr=xstrdup(keystr_from_pk(pk));
|
||||||
|
|
||||||
/* No, so try and get it */
|
/* No, so try and get it */
|
||||||
if(opt.keyserver
|
if ((opt.keyserver_options.options
|
||||||
&& (opt.keyserver_options.options
|
& KEYSERVER_AUTO_KEY_RETRIEVE)
|
||||||
& KEYSERVER_AUTO_KEY_RETRIEVE))
|
&& keyserver_any_configured (ctrl))
|
||||||
{
|
{
|
||||||
log_info(_("WARNING: key %s may be revoked:"
|
log_info(_("WARNING: key %s may be revoked:"
|
||||||
" fetching revocation key %s\n"),
|
" fetching revocation key %s\n"),
|
||||||
|
@ -31,6 +31,7 @@ struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
|
|||||||
struct keyserver_spec *parse_keyserver_uri (const char *string,
|
struct keyserver_spec *parse_keyserver_uri (const char *string,
|
||||||
int require_scheme);
|
int require_scheme);
|
||||||
struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
|
struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
|
||||||
|
int keyserver_any_configured (ctrl_t ctrl);
|
||||||
int keyserver_export (ctrl_t ctrl, strlist_t users);
|
int keyserver_export (ctrl_t ctrl, strlist_t users);
|
||||||
int keyserver_import (ctrl_t ctrl, strlist_t users);
|
int keyserver_import (ctrl_t ctrl, strlist_t users);
|
||||||
int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
|
int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
|
||||||
|
@ -109,8 +109,7 @@ static gpg_error_t keyserver_get (ctrl_t ctrl,
|
|||||||
KEYDB_SEARCH_DESC *desc, int ndesc,
|
KEYDB_SEARCH_DESC *desc, int ndesc,
|
||||||
struct keyserver_spec *override_keyserver,
|
struct keyserver_spec *override_keyserver,
|
||||||
unsigned char **r_fpr, size_t *r_fprlen);
|
unsigned char **r_fpr, size_t *r_fprlen);
|
||||||
static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
|
static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
|
||||||
struct keyserver_spec *keyserver);
|
|
||||||
|
|
||||||
|
|
||||||
/* Reasonable guess. The commonly used test key simon.josefsson.org
|
/* Reasonable guess. The commonly used test key simon.josefsson.org
|
||||||
@ -1005,7 +1004,7 @@ keyserver_export (ctrl_t ctrl, strlist_t users)
|
|||||||
|
|
||||||
if(sl)
|
if(sl)
|
||||||
{
|
{
|
||||||
rc = keyserver_put (ctrl, sl, opt.keyserver);
|
rc = keyserver_put (ctrl, sl);
|
||||||
free_strlist(sl);
|
free_strlist(sl);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1132,6 +1131,14 @@ keyserver_import (ctrl_t ctrl, strlist_t users)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return true if any keyserver has been configured. */
|
||||||
|
int
|
||||||
|
keyserver_any_configured (ctrl_t ctrl)
|
||||||
|
{
|
||||||
|
return !gpg_dirmngr_ks_list (ctrl, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Import all keys that exactly match NAME */
|
/* Import all keys that exactly match NAME */
|
||||||
int
|
int
|
||||||
keyserver_import_name (ctrl_t ctrl, const char *name,
|
keyserver_import_name (ctrl_t ctrl, const char *name,
|
||||||
@ -1380,7 +1387,12 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
|||||||
opt.keyserver_options.import_options|=IMPORT_FAST;
|
opt.keyserver_options.import_options|=IMPORT_FAST;
|
||||||
|
|
||||||
/* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
|
/* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
|
||||||
scheme, then enable fake v3 keyid generation. */
|
scheme, then enable fake v3 keyid generation. Note that this
|
||||||
|
works only with a keyserver configured. gpg.conf
|
||||||
|
(i.e. opt.keyserver); however that method of configuring a
|
||||||
|
keyserver is deprecated and in any case it is questionable
|
||||||
|
whether we should keep on supporting these ancient and broken
|
||||||
|
keyservers. */
|
||||||
if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
|
if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
|
||||||
&& (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
|
&& (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
|
||||||
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
|
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
|
||||||
@ -1775,21 +1787,21 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Send all keys specified by KEYSPECS to the KEYSERVERS. */
|
/* Send all keys specified by KEYSPECS to the configured keyserver. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
|
keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
|
||||||
struct keyserver_spec *keyserver)
|
|
||||||
|
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
strlist_t kspec;
|
strlist_t kspec;
|
||||||
|
char *ksurl;
|
||||||
|
|
||||||
if (!keyspecs)
|
if (!keyspecs)
|
||||||
return 0; /* Return success if the list is empty. */
|
return 0; /* Return success if the list is empty. */
|
||||||
|
|
||||||
if (!opt.keyserver)
|
if (gpg_dirmngr_ks_list (ctrl, &ksurl))
|
||||||
{
|
{
|
||||||
log_error (_("no keyserver known (use option --keyserver)\n"));
|
log_error (_("no keyserver known\n"));
|
||||||
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1807,14 +1819,9 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
|
|||||||
log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
|
log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (keyserver->host)
|
log_info (_("sending key %s to %s\n"),
|
||||||
log_info (_("sending key %s to %s server %s\n"),
|
keystr (keyblock->pkt->pkt.public_key->keyid),
|
||||||
keystr (keyblock->pkt->pkt.public_key->keyid),
|
ksurl?ksurl:"[?]");
|
||||||
keyserver->scheme, keyserver->host);
|
|
||||||
else
|
|
||||||
log_info (_("sending key %s to %s\n"),
|
|
||||||
keystr (keyblock->pkt->pkt.public_key->keyid),
|
|
||||||
keyserver->uri);
|
|
||||||
|
|
||||||
err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
|
err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
|
||||||
release_kbnode (keyblock);
|
release_kbnode (keyblock);
|
||||||
@ -1827,6 +1834,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
xfree (ksurl);
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
@ -1940,15 +1948,15 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
|
|||||||
free_keyserver_spec(spec);
|
free_keyserver_spec(spec);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if(opt.keyserver)
|
else if (keyserver_any_configured (ctrl))
|
||||||
{
|
{
|
||||||
/* If only a fingerprint is provided, try and fetch it from
|
/* If only a fingerprint is provided, try and fetch it from
|
||||||
our --keyserver */
|
the configured keyserver. */
|
||||||
|
|
||||||
err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
|
err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
log_info(_("no keyserver known (use option --keyserver)\n"));
|
log_info(_("no keyserver known\n"));
|
||||||
|
|
||||||
/* Give a better string here? "CERT fingerprint for \"%s\"
|
/* Give a better string here? "CERT fingerprint for \"%s\"
|
||||||
found, but no keyserver" " known (use option
|
found, but no keyserver" " known (use option
|
||||||
|
@ -1803,8 +1803,8 @@ check_sig_and_print (CTX c, kbnode_t node)
|
|||||||
no information from the DNS PKA, this is a third try. */
|
no information from the DNS PKA, this is a third try. */
|
||||||
|
|
||||||
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
||||||
&& opt.keyserver
|
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
|
||||||
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE))
|
&& keyserver_any_configured (c->ctrl))
|
||||||
{
|
{
|
||||||
int res;
|
int res;
|
||||||
|
|
||||||
|
@ -156,6 +156,13 @@ keyserver_match (struct keyserver_spec *spec)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
keyserver_any_configured (ctrl_t ctrl)
|
||||||
|
{
|
||||||
|
(void)ctrl;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
keyserver_import_keyid (u32 *keyid, void *dummy)
|
keyserver_import_keyid (u32 *keyid, void *dummy)
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user