security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Move SRV RR code from common/ to dirmngr/. 

* common/srv.c: Merge into dirmngr/dns-stuff.c.  Delete file.
* common/srv.h: Merge into dirmngr/dns-stuff.h.  Delete file.
* common/Makefile.am (common_sources): Remove srv.c and srv.h.
* g10/keyserver.c: Do not include srv.h.  The code using it is anyway
disabled.
* dirmngr/http.c: Remove header srv.h and stubs.
* dirmngr/t-dns-stuff.c: Add option --srv.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-10-22 09:22:41 +02:00
parent 1e34007c97
commit 41bb01ae79
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
8 changed files with 300 additions and 429 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
common/Makefile.am
View File

@ -78,7 +78,6 @@ common_sources = \
exechelp.h \
signal.c \
audit.c audit.h \
srv.h \
localename.c \
session-env.c session-env.h \
userids.c userids.h \
@ -110,15 +109,9 @@ without_npth_sources = \
libcommon_a_SOURCES = $(common_sources) $(without_npth_sources)
if USE_DNS_SRV
libcommon_a_SOURCES += srv.c
endif
libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_NPTH=1
libcommonpth_a_SOURCES = $(common_sources)
if USE_DNS_SRV
libcommonpth_a_SOURCES += srv.c
endif
libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
if !HAVE_W32CE_SYSTEM

333
common/srv.c
View File

@ -1,333 +0,0 @@
/* srv.c - DNS SRV code
* Copyright (C) 2003, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <sys/types.h>
#ifdef _WIN32
# ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
# endif
# include <windows.h>
#else
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#endif
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#ifdef USE_ADNS
# include <adns.h>
#endif
#include "util.h"
#include "host2net.h"
#include "srv.h"
/* Not every installation has gotten around to supporting SRVs
yet... */
#ifndef T_SRV
#define T_SRV 33
#endif
static int
priosort(const void *a,const void *b)
{
const struct srventry *sa=a,*sb=b;
if(sa->priority>sb->priority)
return 1;
else if(sa->priority<sb->priority)
return -1;
else
return 0;
}
int
getsrv (const char *name,struct srventry **list)
{
int srvcount=0;
u16 count;
int i, rc;
*list = NULL;
#ifdef USE_ADNS
{
adns_state state;
adns_answer *answer = NULL;
rc = adns_init (&state, adns_if_noerrprint, NULL);
if (rc)
{
log_error ("error initializing adns: %s\n", strerror (errno));
return -1;
}
rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
&answer);
if (rc)
{
log_error ("DNS query failed: %s\n", strerror (errno));
adns_finish (state);
return -1;
}
if (answer->status != adns_s_ok
|| answer->type != adns_r_srv || !answer->nrrs)
{
log_error ("DNS query returned an error or no records: %s (%s)\n",
adns_strerror (answer->status),
adns_errabbrev (answer->status));
adns_free (answer);
adns_finish (state);
return 0;
}
for (count = 0; count < answer->nrrs; count++)
{
struct srventry *srv = NULL;
struct srventry *newlist;
if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME)
{
log_info ("hostname in SRV record too long - skipped\n");
continue;
}
newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
if (!newlist)
goto fail;
*list = newlist;
memset (&(*list)[srvcount], 0, sizeof(struct srventry));
srv = &(*list)[srvcount];
srvcount++;
srv->priority = answer->rrs.srvha[count].priority;
srv->weight = answer->rrs.srvha[count].weight;
srv->port = answer->rrs.srvha[count].port;
strcpy (srv->target, answer->rrs.srvha[count].ha.host);
}
adns_free (answer);
adns_finish (state);
}
#else /*!USE_ADNS*/
{
unsigned char answer[2048];
HEADER *header = (HEADER *)answer;
unsigned char *pt, *emsg;
int r;
u16 dlen;
r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
if (r < sizeof (HEADER) || r > sizeof answer)
return -1;
if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
return 0; /* Error or no record found. */
emsg = &answer[r];
pt = &answer[sizeof(HEADER)];
/* Skip over the query */
rc = dn_skipname (pt, emsg);
if (rc == -1)
goto fail;
pt += rc + QFIXEDSZ;
while (count-- > 0 && pt < emsg)
{
struct srventry *srv=NULL;
u16 type,class;
struct srventry *newlist;
newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
if (!newlist)
goto fail;
*list = newlist;
memset(&(*list)[srvcount],0,sizeof(struct srventry));
srv=&(*list)[srvcount];
srvcount++;
rc = dn_skipname(pt,emsg); /* the name we just queried for */
if (rc == -1)
goto fail;
pt+=rc;
/* Truncated message? */
if((emsg-pt)<16)
goto fail;
type = buf16_to_u16 (pt);
pt += 2;
/* We asked for SRV and got something else !? */
if(type!=T_SRV)
goto fail;
class = buf16_to_u16 (pt);
pt += 2;
/* We asked for IN and got something else !? */
if(class!=C_IN)
goto fail;
pt += 4; /* ttl */
dlen = buf16_to_u16 (pt);
pt += 2;
srv->priority = buf16_to_ushort (pt);
pt += 2;
srv->weight = buf16_to_ushort (pt);
pt += 2;
srv->port = buf16_to_ushort (pt);
pt += 2;
/* Get the name. 2782 doesn't allow name compression, but
dn_expand still works to pull the name out of the
packet. */
rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
if (rc == 1 && srv->target[0] == 0) /* "." */
{
xfree(*list);
*list = NULL;
return 0;
}
if (rc == -1)
goto fail;
pt += rc;
/* Corrupt packet? */
if (dlen != rc+6)
goto fail;
}
}
#endif /*!USE_ADNS*/
/* Now we have an array of all the srv records. */
/* Order by priority */
qsort(*list,srvcount,sizeof(struct srventry),priosort);
/* For each priority, move the zero-weighted items first. */
for (i=0; i < srvcount; i++)
{
int j;
for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
{
if((*list)[j].weight==0)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy (&temp,&(*list)[j],sizeof(struct srventry));
memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy (&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
/* Run the RFC-2782 weighting algorithm. We don't need very high
quality randomness for this, so regular libc srand/rand is
sufficient. Fixme: It is a bit questionaly to reinitalize srand
- better use a gnupg fucntion for this. */
srand(time(NULL)*getpid());
for (i=0; i < srvcount; i++)
{
int j;
float prio_count=0,chose;
for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
{
prio_count+=(*list)[j].weight;
(*list)[j].run_count=prio_count;
}
chose=prio_count*rand()/RAND_MAX;
for (j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
if (chose<=(*list)[j].run_count)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy(&temp,&(*list)[j],sizeof(struct srventry));
memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy(&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
return srvcount;
fail:
xfree(*list);
*list=NULL;
return -1;
}
#ifdef TEST
int
main(int argc,char *argv[])
{
struct srventry *srv;
int rc,i;
rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
printf("Count=%d\n\n",rc);
for(i=0;i<rc;i++)
{
printf("priority=%hu\n",srv[i].priority);
printf("weight=%hu\n",srv[i].weight);
printf("port=%hu\n",srv[i].port);
printf("target=%s\n",srv[i].target);
printf("\n");
}
xfree(srv);
return 0;
}
#endif /* TEST */
/*
Local Variables:
compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv ../tools/no-libgcrypt.o ../common/libcommon.a"
End:
*/

62
common/srv.h
View File

@ -1,62 +0,0 @@
/* srv.h
* Copyright (C) 2003, 2004 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GNUPG_COMMON_SRV_H
#define GNUPG_COMMON_SRV_H
#ifdef USE_DNS_SRV
# ifdef _WIN32
# ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
# endif
# include <windows.h>
# else
# include <netinet/in.h>
# include <arpa/nameser.h>
# include <resolv.h>
# endif /* !_WIN32 */
#endif /* USE_DNS_SRV */
#ifndef MAXDNAME
#define MAXDNAME 1025
#endif
struct srventry
{
unsigned short priority;
unsigned short weight;
unsigned short port;
int run_count;
char target[MAXDNAME];
};
int getsrv(const char *name,struct srventry **list);
#endif /*GNUPG_COMMON_SRV_H*/

256
dirmngr/dns-stuff.c
View File

@ -1,5 +1,5 @@
/* dns-stuff.c - DNS related code including CERT RR (rfc-4398)
* Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc.
* Copyright (C) 2003, 2005, 2006, 2009 Free Software Foundation, Inc.
* Copyright (C) 2005, 2006, 2009, 2015 Werner Koch
*
* This file is part of GnuPG.
@ -54,8 +54,11 @@
#include "host2net.h"
#include "dns-stuff.h"
/* Not every installation has gotten around to supporting CERTs
yet... */
/* Not every installation has gotten around to supporting SRVs or
CERTs yet... */
#ifndef T_SRV
#define T_SRV 33
#endif
#ifndef T_CERT
# define T_CERT 37
#endif
@ -588,3 +591,250 @@ get_dns_cert (const char *name, int want_certtype,
return gpg_err_make (default_errsource, GPG_ERR_NOT_SUPPORTED);
#endif
}
#ifdef USE_DNS_SRV
static int
priosort(const void *a,const void *b)
{
const struct srventry *sa=a,*sb=b;
if(sa->priority>sb->priority)
return 1;
else if(sa->priority<sb->priority)
return -1;
else
return 0;
}
int
getsrv (const char *name,struct srventry **list)
{
int srvcount=0;
u16 count;
int i, rc;
*list = NULL;
#ifdef USE_ADNS
{
adns_state state;
adns_answer *answer = NULL;
rc = adns_init (&state, adns_if_noerrprint, NULL);
if (rc)
{
log_error ("error initializing adns: %s\n", strerror (errno));
return -1;
}
rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
&answer);
if (rc)
{
log_error ("DNS query failed: %s\n", strerror (errno));
adns_finish (state);
return -1;
}
if (answer->status != adns_s_ok
|| answer->type != adns_r_srv || !answer->nrrs)
{
log_error ("DNS query returned an error or no records: %s (%s)\n",
adns_strerror (answer->status),
adns_errabbrev (answer->status));
adns_free (answer);
adns_finish (state);
return 0;
}
for (count = 0; count < answer->nrrs; count++)
{
struct srventry *srv = NULL;
struct srventry *newlist;
if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME)
{
log_info ("hostname in SRV record too long - skipped\n");
continue;
}
newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
if (!newlist)
goto fail;
*list = newlist;
memset (&(*list)[srvcount], 0, sizeof(struct srventry));
srv = &(*list)[srvcount];
srvcount++;
srv->priority = answer->rrs.srvha[count].priority;
srv->weight = answer->rrs.srvha[count].weight;
srv->port = answer->rrs.srvha[count].port;
strcpy (srv->target, answer->rrs.srvha[count].ha.host);
}
adns_free (answer);
adns_finish (state);
}
#else /*!USE_ADNS*/
{
unsigned char answer[2048];
HEADER *header = (HEADER *)answer;
unsigned char *pt, *emsg;
int r;
u16 dlen;
r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
if (r < sizeof (HEADER) || r > sizeof answer)
return -1;
if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
return 0; /* Error or no record found. */
emsg = &answer[r];
pt = &answer[sizeof(HEADER)];
/* Skip over the query */
rc = dn_skipname (pt, emsg);
if (rc == -1)
goto fail;
pt += rc + QFIXEDSZ;
while (count-- > 0 && pt < emsg)
{
struct srventry *srv=NULL;
u16 type,class;
struct srventry *newlist;
newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
if (!newlist)
goto fail;
*list = newlist;
memset(&(*list)[srvcount],0,sizeof(struct srventry));
srv=&(*list)[srvcount];
srvcount++;
rc = dn_skipname(pt,emsg); /* the name we just queried for */
if (rc == -1)
goto fail;
pt+=rc;
/* Truncated message? */
if((emsg-pt)<16)
goto fail;
type = buf16_to_u16 (pt);
pt += 2;
/* We asked for SRV and got something else !? */
if(type!=T_SRV)
goto fail;
class = buf16_to_u16 (pt);
pt += 2;
/* We asked for IN and got something else !? */
if(class!=C_IN)
goto fail;
pt += 4; /* ttl */
dlen = buf16_to_u16 (pt);
pt += 2;
srv->priority = buf16_to_ushort (pt);
pt += 2;
srv->weight = buf16_to_ushort (pt);
pt += 2;
srv->port = buf16_to_ushort (pt);
pt += 2;
/* Get the name. 2782 doesn't allow name compression, but
dn_expand still works to pull the name out of the
packet. */
rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
if (rc == 1 && srv->target[0] == 0) /* "." */
{
xfree(*list);
*list = NULL;
return 0;
}
if (rc == -1)
goto fail;
pt += rc;
/* Corrupt packet? */
if (dlen != rc+6)
goto fail;
}
}
#endif /*!USE_ADNS*/
/* Now we have an array of all the srv records. */
/* Order by priority */
qsort(*list,srvcount,sizeof(struct srventry),priosort);
/* For each priority, move the zero-weighted items first. */
for (i=0; i < srvcount; i++)
{
int j;
for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
{
if((*list)[j].weight==0)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy (&temp,&(*list)[j],sizeof(struct srventry));
memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy (&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
/* Run the RFC-2782 weighting algorithm. We don't need very high
quality randomness for this, so regular libc srand/rand is
sufficient. Fixme: It is a bit questionaly to reinitalize srand
- better use a gnupg fucntion for this. */
srand(time(NULL)*getpid());
for (i=0; i < srvcount; i++)
{
int j;
float prio_count=0,chose;
for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
{
prio_count+=(*list)[j].weight;
(*list)[j].run_count=prio_count;
}
chose=prio_count*rand()/RAND_MAX;
for (j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
if (chose<=(*list)[j].run_count)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy(&temp,&(*list)[j],sizeof(struct srventry));
memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy(&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
return srvcount;
fail:
xfree(*list);
*list=NULL;
return -1;
}
#endif /*USE_DNS_SRV*/

15
dirmngr/dns-stuff.h
View File

@ -72,6 +72,20 @@ struct dns_addrinfo_s
#ifndef MAXDNAME
#define MAXDNAME 1025
#endif
struct srventry
{
unsigned short priority;
unsigned short weight;
unsigned short port;
int run_count;
char target[MAXDNAME];
};
/* Calling this function switches the DNS code into Tor mode if
possibe. Return 0 on success. */
gpg_error_t enable_dns_tormode (void);
@ -89,6 +103,7 @@ gpg_error_t get_dns_cert (const char *name, int want_certtype,
unsigned char **r_fpr, size_t *r_fprlen,
char **r_url);
int getsrv (const char *name,struct srventry **list);
#endif /*GNUPG_DIRMNGR_DNS_STUFF_H*/

17
dirmngr/http.c
View File

@ -100,23 +100,6 @@
#include "i18n.h"
#include "dns-stuff.h"
#include "http.h"
#ifdef USE_DNS_SRV
# include "srv.h"
#else /*!USE_DNS_SRV*/
/* If we are not compiling with SRV record support we provide stub
data structures. */
# ifndef MAXDNAME
# define MAXDNAME 1025
# endif
struct srventry
{
unsigned short priority;
unsigned short weight;
unsigned short port;
int run_count;
char target[MAXDNAME];
};
#endif/*!USE_DNS_SRV*/
#ifdef USE_NPTH

35
dirmngr/t-dns-stuff.c
View File

@ -41,10 +41,13 @@ main (int argc, char **argv)
{
int last_argc = -1;
gpg_error_t err;
int any_options = 0;
int opt_cert = 0;
char const *name;
int opt_srv = 0;
char const *name = NULL;
gpgrt_init ();
log_set_prefix (PGM, GPGRT_LOG_WITH_PREFIX);
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
@ -62,6 +65,7 @@ main (int argc, char **argv)
" --verbose print timings etc.\n"
" --debug flyswatter\n"
" --cert lookup a CERT RR\n"
" --srv lookup a SRV RR\n"
, stdout);
exit (0);
}
@ -78,7 +82,12 @@ main (int argc, char **argv)
}
else if (!strcmp (*argv, "--cert"))
{
opt_cert = 1;
any_options = opt_cert = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--srv"))
{
any_options = opt_srv = 1;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
@ -88,7 +97,7 @@ main (int argc, char **argv)
}
}
if (!argc)
if (!argc && !any_options)
{
opt_cert = 1;
name = "simon.josefsson.org";
@ -97,7 +106,7 @@ main (int argc, char **argv)
name = *argv;
else
{
fprintf (stderr, PGM ": too many host names given\n");
fprintf (stderr, PGM ": none or too many host names given\n");
exit (1);
}
@ -145,6 +154,24 @@ main (int argc, char **argv)
xfree (fpr);
xfree (url);
}
else if (opt_srv)
{
struct srventry *srv;
int rc,i;
rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
printf("Count=%d\n\n",rc);
for(i=0;i<rc;i++)
{
printf("priority=%hu\n",srv[i].priority);
printf("weight=%hu\n",srv[i].weight);
printf("port=%hu\n",srv[i].port);
printf("target=%s\n",srv[i].target);
printf("\n");
}
xfree(srv);
}
else /* Standard lookup. */
{
char *cname;

4
g10/keyserver.c
View File

@ -41,9 +41,6 @@
#include "trustdb.h"
#include "keyserver-internal.h"
#include "util.h"
#ifdef USE_DNS_SRV
#include "srv.h"
#endif
#include "membuf.h"
#include "call-dirmngr.h"
@ -2029,6 +2026,7 @@ keyserver_import_ldap (ctrl_t ctrl,
#ifdef USE_DNS_SRV
snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
FIXME("network related - move to dirmngr or drop the code");
srvcount=getsrv(srvname,&srvlist);
for(i=0;i<srvcount;i++)