1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-23 15:07:03 +01:00

gpg: Make --auto-key-retrieve work with dirmngr configured server.

* g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
* g10/keyserver.c (keyserver_any_configured): New.
(keyserver_put): Remove arg keyserver because this will always receive
opt.keyserver which is anyway used when connecting dirmngr.  Do not
check opt.keyserver.
(keyserver_import_cert): Replace opt.keyserver by
keyserver_any_configured.
* g10/mainproc.c (check_sig_and_print): Ditto.
* g10/import.c (revocation_present): Ditto.
* g10/getkey.c (get_pubkey_byname): Ditto.
* g10/gpgv.c (keyserver_any_configured): Add stub.
* g10/test-stubs.c (keyserver_any_configured): Add stub.
--

The keyserver should be configured in dirmngr.conf and thus we can't
use opt.keyserver in gpg to decide whether a keyserver has been
configured.

GnuPG-bug-id: 2147
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-01-21 11:49:27 +01:00
parent bdb6135177
commit 09117e769a
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
8 changed files with 56 additions and 29 deletions

View File

@ -404,7 +404,8 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
memset (&stparm, 0, sizeof stparm); memset (&stparm, 0, sizeof stparm);
stparm.keyword = "KEYSERVER"; stparm.keyword = "KEYSERVER";
*r_keyserver = NULL; if (r_keyserver)
*r_keyserver = NULL;
err = open_context (ctrl, &ctx); err = open_context (ctrl, &ctx);
if (err) if (err)
@ -420,7 +421,10 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
goto leave; goto leave;
} }
*r_keyserver = stparm.source; if (r_keyserver)
*r_keyserver = stparm.source;
else
xfree (stparm.source);
stparm.source = NULL; stparm.source = NULL;
leave: leave:

View File

@ -1333,9 +1333,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
mailbox for the getname search, but it helps cut down mailbox for the getname search, but it helps cut down
on the problem of searching for something like "john" on the problem of searching for something like "john"
and getting a whole lot of keys back. */ and getting a whole lot of keys back. */
if (opt.keyserver) if (keyserver_any_configured (ctrl))
{ {
mechanism = opt.keyserver->uri; mechanism = "keyserver";
glo_ctrl.in_auto_key_retrieve++; glo_ctrl.in_auto_key_retrieve++;
rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len, rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
opt.keyserver); opt.keyserver);

View File

@ -344,6 +344,13 @@ keyserver_match (struct keyserver_spec *spec)
return NULL; return NULL;
} }
int
keyserver_any_configured (ctrl_t ctrl)
{
(void)ctrl;
return 0;
}
int int
keyserver_import_keyid (u32 *keyid, void *dummy) keyserver_import_keyid (u32 *keyid, void *dummy)
{ {

View File

@ -2471,9 +2471,9 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
char *tempkeystr=xstrdup(keystr_from_pk(pk)); char *tempkeystr=xstrdup(keystr_from_pk(pk));
/* No, so try and get it */ /* No, so try and get it */
if(opt.keyserver if ((opt.keyserver_options.options
&& (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
& KEYSERVER_AUTO_KEY_RETRIEVE)) && keyserver_any_configured (ctrl))
{ {
log_info(_("WARNING: key %s may be revoked:" log_info(_("WARNING: key %s may be revoked:"
" fetching revocation key %s\n"), " fetching revocation key %s\n"),

View File

@ -31,6 +31,7 @@ struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
struct keyserver_spec *parse_keyserver_uri (const char *string, struct keyserver_spec *parse_keyserver_uri (const char *string,
int require_scheme); int require_scheme);
struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig); struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
int keyserver_any_configured (ctrl_t ctrl);
int keyserver_export (ctrl_t ctrl, strlist_t users); int keyserver_export (ctrl_t ctrl, strlist_t users);
int keyserver_import (ctrl_t ctrl, strlist_t users); int keyserver_import (ctrl_t ctrl, strlist_t users);
int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len, int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,

View File

@ -109,8 +109,7 @@ static gpg_error_t keyserver_get (ctrl_t ctrl,
KEYDB_SEARCH_DESC *desc, int ndesc, KEYDB_SEARCH_DESC *desc, int ndesc,
struct keyserver_spec *override_keyserver, struct keyserver_spec *override_keyserver,
unsigned char **r_fpr, size_t *r_fprlen); unsigned char **r_fpr, size_t *r_fprlen);
static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs, static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
struct keyserver_spec *keyserver);
/* Reasonable guess. The commonly used test key simon.josefsson.org /* Reasonable guess. The commonly used test key simon.josefsson.org
@ -1005,7 +1004,7 @@ keyserver_export (ctrl_t ctrl, strlist_t users)
if(sl) if(sl)
{ {
rc = keyserver_put (ctrl, sl, opt.keyserver); rc = keyserver_put (ctrl, sl);
free_strlist(sl); free_strlist(sl);
} }
@ -1132,6 +1131,14 @@ keyserver_import (ctrl_t ctrl, strlist_t users)
} }
/* Return true if any keyserver has been configured. */
int
keyserver_any_configured (ctrl_t ctrl)
{
return !gpg_dirmngr_ks_list (ctrl, NULL);
}
/* Import all keys that exactly match NAME */ /* Import all keys that exactly match NAME */
int int
keyserver_import_name (ctrl_t ctrl, const char *name, keyserver_import_name (ctrl_t ctrl, const char *name,
@ -1380,7 +1387,12 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
opt.keyserver_options.import_options|=IMPORT_FAST; opt.keyserver_options.import_options|=IMPORT_FAST;
/* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
scheme, then enable fake v3 keyid generation. */ scheme, then enable fake v3 keyid generation. Note that this
works only with a keyserver configured. gpg.conf
(i.e. opt.keyserver); however that method of configuring a
keyserver is deprecated and in any case it is questionable
whether we should keep on supporting these ancient and broken
keyservers. */
if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
&& (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 || && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0)) ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
@ -1775,21 +1787,21 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
} }
/* Send all keys specified by KEYSPECS to the KEYSERVERS. */ /* Send all keys specified by KEYSPECS to the configured keyserver. */
static gpg_error_t static gpg_error_t
keyserver_put (ctrl_t ctrl, strlist_t keyspecs, keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
struct keyserver_spec *keyserver)
{ {
gpg_error_t err; gpg_error_t err;
strlist_t kspec; strlist_t kspec;
char *ksurl;
if (!keyspecs) if (!keyspecs)
return 0; /* Return success if the list is empty. */ return 0; /* Return success if the list is empty. */
if (!opt.keyserver) if (gpg_dirmngr_ks_list (ctrl, &ksurl))
{ {
log_error (_("no keyserver known (use option --keyserver)\n")); log_error (_("no keyserver known\n"));
return gpg_error (GPG_ERR_NO_KEYSERVER); return gpg_error (GPG_ERR_NO_KEYSERVER);
} }
@ -1807,14 +1819,9 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err)); log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
else else
{ {
if (keyserver->host) log_info (_("sending key %s to %s\n"),
log_info (_("sending key %s to %s server %s\n"), keystr (keyblock->pkt->pkt.public_key->keyid),
keystr (keyblock->pkt->pkt.public_key->keyid), ksurl?ksurl:"[?]");
keyserver->scheme, keyserver->host);
else
log_info (_("sending key %s to %s\n"),
keystr (keyblock->pkt->pkt.public_key->keyid),
keyserver->uri);
err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock); err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
release_kbnode (keyblock); release_kbnode (keyblock);
@ -1827,6 +1834,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
} }
} }
xfree (ksurl);
return err; return err;
@ -1940,15 +1948,15 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
free_keyserver_spec(spec); free_keyserver_spec(spec);
} }
} }
else if(opt.keyserver) else if (keyserver_any_configured (ctrl))
{ {
/* If only a fingerprint is provided, try and fetch it from /* If only a fingerprint is provided, try and fetch it from
our --keyserver */ the configured keyserver. */
err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver); err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
} }
else else
log_info(_("no keyserver known (use option --keyserver)\n")); log_info(_("no keyserver known\n"));
/* Give a better string here? "CERT fingerprint for \"%s\" /* Give a better string here? "CERT fingerprint for \"%s\"
found, but no keyserver" " known (use option found, but no keyserver" " known (use option

View File

@ -1803,8 +1803,8 @@ check_sig_and_print (CTX c, kbnode_t node)
no information from the DNS PKA, this is a third try. */ no information from the DNS PKA, this is a third try. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& opt.keyserver && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)) && keyserver_any_configured (c->ctrl))
{ {
int res; int res;

View File

@ -156,6 +156,13 @@ keyserver_match (struct keyserver_spec *spec)
return NULL; return NULL;
} }
int
keyserver_any_configured (ctrl_t ctrl)
{
(void)ctrl;
return 0;
}
int int
keyserver_import_keyid (u32 *keyid, void *dummy) keyserver_import_keyid (u32 *keyid, void *dummy)
{ {