diff --git a/dirmngr/http.c b/dirmngr/http.c index c662b1b95..dc1873448 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -1,8 +1,8 @@ /* http.c - HTTP protocol handler - * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010, + * Copyright (C) 1999, 2001-2004, 2006, 2009, 2010, * 2011 Free Software Foundation, Inc. - * Copyright (C) 2014 Werner Koch - * Copyright (C) 2015-2019 g10 Code GmbH + * Copyright (C) 1999, 2001-2004, 2006, 2009, 2010, 2011, 2014 Werner Koch + * Copyright (C) 2015-2017, 2021 g10 Code GmbH * * This file is part of GnuPG. * @@ -1293,15 +1293,14 @@ parse_uri (parsed_uri_t *ret_uri, const char *uri, /* * Parse an URI and put the result into the newly allocated RET_URI. * On success the caller must use http_release_parsed_uri() to - * releases the resources. If NO_SCHEME_CHECK is set, the function - * tries to parse the URL in the same way it would do for an HTTP - * style URI; this can for example be used for hkps or ldap schemes. - */ + * releases the resources. If the HTTP_PARSE_NO_SCHEME_CHECK flag is + * set, the function tries to parse the URL in the same way it would + * do for an HTTP style URI. */ gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri, - int no_scheme_check) + unsigned int flags) { - return parse_uri (ret_uri, uri, no_scheme_check, 0); + return parse_uri (ret_uri, uri, !!(flags & HTTP_PARSE_NO_SCHEME_CHECK), 0); } @@ -1352,8 +1351,9 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, uri->off_host = 0; uri->off_path = 0; - /* A quick validity check. */ - if (strspn (p, VALID_URI_CHARS) != n) + /* A quick validity check unless we have the opaque scheme. */ + if (strspn (p, VALID_URI_CHARS) != n + && strncmp (p, "opaque:", 7)) return GPG_ERR_BAD_URI; /* Invalid characters found. */ if (!only_local_part) @@ -1383,6 +1383,12 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, uri->is_http = 1; uri->use_tls = 1; } + else if (!strcmp (uri->scheme, "opaque")) + { + uri->opaque = 1; + uri->path = p2; + return 0; + } else if (!no_scheme_check) return GPG_ERR_INV_URI; /* Not an http style scheme. */ else if (!strcmp (uri->scheme, "ldap") && !force_tls) @@ -3545,6 +3551,15 @@ uri_query_lookup (parsed_uri_t uri, const char *key) return NULL; } +const char * +uri_query_value (parsed_uri_t url, const char *key) +{ + struct uri_tuple_s *t; + t = uri_query_lookup (url, key); + return t? t->value : NULL; +} + + /* Return true if both URI point to the same host for the purpose of * redirection check. A is the original host and B the host given in diff --git a/dirmngr/http.h b/dirmngr/http.h index 4ad0351e2..18420c925 100644 --- a/dirmngr/http.h +++ b/dirmngr/http.h @@ -71,6 +71,7 @@ struct parsed_uri_s typedef struct parsed_uri_s *parsed_uri_t; struct uri_tuple_s *uri_query_lookup (parsed_uri_t uri, const char *key); +const char *uri_query_value (parsed_uri_t url, const char *key); typedef enum { @@ -151,8 +152,9 @@ void http_session_set_log_cb (http_session_t sess, void http_session_set_timeout (http_session_t sess, unsigned int timeout); +#define HTTP_PARSE_NO_SCHEME_CHECK 1 gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri, - int no_scheme_check); + unsigned int flags); void http_release_parsed_uri (parsed_uri_t uri); diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index c2d8c374d..5c097754e 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -81,7 +81,7 @@ ks_action_help (ctrl_t ctrl, const char *url) else #endif { - err = http_parse_uri (&parsed_uri, url, 1); + err = http_parse_uri (&parsed_uri, url, HTTP_PARSE_NO_SCHEME_CHECK); } if (err) @@ -313,7 +313,7 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp) if (!url) return gpg_error (GPG_ERR_INV_URI); - err = http_parse_uri (&parsed_uri, url, 1); + err = http_parse_uri (&parsed_uri, url, HTTP_PARSE_NO_SCHEME_CHECK); if (err) return err; diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 93c676b6a..e72c2c16d 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -733,7 +733,8 @@ mark_host_dead (const char *name) parsed_uri_t parsed_uri = NULL; int done = 0; - if (name && *name && !http_parse_uri (&parsed_uri, name, 1)) + if (name && *name + && !http_parse_uri (&parsed_uri, name, HTTP_PARSE_NO_SCHEME_CHECK)) { if (parsed_uri->v6lit) { diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index da3d9ee1b..b7ff0633c 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -322,7 +322,7 @@ ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri) "\n" "The ldaps:// and ldapi:// schemes are also supported. If ldaps is used\n" "then the server's certificate will be checked. If it is not valid, any\n" - "operation will be aborted.\n" + "operation will be aborted. Note that ldaps means LDAP with STARTTLS\n" "\n" "Supported methods: search, get, put\n"; gpg_error_t err; diff --git a/dirmngr/server.c b/dirmngr/server.c index 0ccba2987..a35402271 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2113,7 +2113,7 @@ make_keyserver_item (const char *uri, uri_item_t *r_item) else #endif { - err = http_parse_uri (&item->parsed_uri, uri, 1); + err = http_parse_uri (&item->parsed_uri, uri, HTTP_PARSE_NO_SCHEME_CHECK); } if (err) diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c index 8ad5e7a0f..7f3aa005d 100644 --- a/dirmngr/t-http.c +++ b/dirmngr/t-http.c @@ -381,7 +381,7 @@ main (int argc, char **argv) (void)no_crl; #endif /*HTTP_USE_GNUTLS*/ - rc = http_parse_uri (&uri, *argv, 1); + rc = http_parse_uri (&uri, *argv, HTTP_PARSE_NO_SCHEME_CHECK); if (rc) { log_error ("'%s': %s\n", *argv, gpg_strerror (rc));