1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-31 11:41:32 +01:00

dirmngr: Forward http redirect warnings to gpg.

* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--

This should make it easier to diagnose problems with bad WKD servers.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-11-18 17:22:45 +01:00
parent 466bdf7c07
commit 4dd5099125
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 26 additions and 1 deletions

View File

@ -101,6 +101,7 @@
#include "../common/i18n.h" #include "../common/i18n.h"
#include "../common/sysutils.h" /* (gnupg_fd_t) */ #include "../common/sysutils.h" /* (gnupg_fd_t) */
#include "dns-stuff.h" #include "dns-stuff.h"
#include "dirmngr-status.h" /* (dirmngr_status_printf) */
#include "http.h" #include "http.h"
#include "http-common.h" #include "http-common.h"
@ -3628,13 +3629,23 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
* https address. */ * https address. */
if (info->orig_onion && !locuri->onion) if (info->orig_onion && !locuri->onion)
{ {
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect %u"
" redirect from onion to non-onion address"
" rejected",
err);
http_release_parsed_uri (locuri); http_release_parsed_uri (locuri);
return gpg_error (GPG_ERR_FORBIDDEN); return gpg_error (GPG_ERR_FORBIDDEN);
} }
if (!info->allow_downgrade && info->orig_https && !locuri->use_tls) if (!info->allow_downgrade && info->orig_https && !locuri->use_tls)
{ {
err = gpg_error (GPG_ERR_FORBIDDEN);
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect %u"
" redirect '%s' to '%s' rejected",
err, info->orig_url, location);
http_release_parsed_uri (locuri); http_release_parsed_uri (locuri);
return gpg_error (GPG_ERR_FORBIDDEN); return err;
} }
if (info->trust_location) if (info->trust_location)
@ -3714,6 +3725,10 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
http_release_parsed_uri (locuri); http_release_parsed_uri (locuri);
if (!info->silent) if (!info->silent)
log_info (_("redirection changed to '%s'\n"), newurl); log_info (_("redirection changed to '%s'\n"), newurl);
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect_cleanup %u"
" changed from '%s' to '%s'",
0, info->orig_url, newurl);
} }
*r_url = newurl; *r_url = newurl;

View File

@ -32,6 +32,7 @@
#define GNUPG_COMMON_HTTP_H #define GNUPG_COMMON_HTTP_H
#include <gpg-error.h> #include <gpg-error.h>
#include "../common/fwddecl.h"
struct uri_tuple_s struct uri_tuple_s
{ {
@ -106,6 +107,7 @@ typedef struct http_context_s *http_t;
struct http_redir_info_s struct http_redir_info_s
{ {
unsigned int redirects_left; /* Number of still possible redirects. */ unsigned int redirects_left; /* Number of still possible redirects. */
ctrl_t ctrl; /* The usual connection info or NULL. */
const char *orig_url; /* The original requested URL. */ const char *orig_url; /* The original requested URL. */
unsigned int orig_onion:1; /* Original request was an onion address. */ unsigned int orig_onion:1; /* Original request was an onion address. */
unsigned int orig_https:1; /* Original request was a http address. */ unsigned int orig_https:1; /* Original request was a http address. */

View File

@ -1173,6 +1173,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
err = http_parse_uri (&uri, request, 0); err = http_parse_uri (&uri, request, 0);
if (err) if (err)
goto leave; goto leave;
redirinfo.ctrl = ctrl;
redirinfo.orig_url = request; redirinfo.orig_url = request;
redirinfo.orig_onion = uri->onion; redirinfo.orig_onion = uri->onion;
redirinfo.allow_downgrade = 1; redirinfo.allow_downgrade = 1;

View File

@ -82,6 +82,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
err = http_parse_uri (&uri, url, 0); err = http_parse_uri (&uri, url, 0);
if (err) if (err)
goto leave; goto leave;
redirinfo.ctrl = ctrl;
redirinfo.orig_url = url; redirinfo.orig_url = url;
redirinfo.orig_onion = uri->onion; redirinfo.orig_onion = uri->onion;
redirinfo.orig_https = uri->use_tls; redirinfo.orig_https = uri->use_tls;

View File

@ -412,6 +412,12 @@ ks_status_cb (void *opaque, const char *line)
warn = _("Tor is not running"); warn = _("Tor is not running");
else if ((s2 = has_leading_keyword (s, "tor_config_problem"))) else if ((s2 = has_leading_keyword (s, "tor_config_problem")))
warn = _("Tor is not properly configured"); warn = _("Tor is not properly configured");
else if ((s2 = has_leading_keyword (s, "dns_config_problem")))
warn = _("DNS is not properly configured");
else if ((s2 = has_leading_keyword (s, "http_redirect")))
warn = _("unacceptable HTTP redirect from server");
else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup")))
warn = _("unacceptable HTTP redirect from server was cleaned up");
else else
warn = NULL; warn = NULL;