mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-06 12:33:23 +01:00
Add support to talking to LDAP key servers.
* g10/call-dirmngr.c (record_output): New function. (ks_put_inq_cb): Use it here to generate a --with-colons like output instead of a custom format. * dirmngr/ks-action.c: Include "ldap-parse-uri.h". (ks_action_help): If the provided URI is an LDAP URI, then use ldap_parse_uri to parse. Call ks_ldap_help. (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. (ks_action_get): Likewise. (ks_action_put): Likewise. Also, change data from a 'const void *' to a 'void *' and add info and infolen parameters. Add note that function may modify DATA. * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. * dirmngr/server.c: Include "ldap-parse-uri.h". (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using ldap_parse_uri. (hlp_ks_put): Improve documentation. (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve documentation. * dirmngr/ks-engine.h (ks_ldap_help): New declaration. (ks_ldap_search): Likewise. (ks_ldap_get): Likewise. (ks_ldap_put): Likewise. * dirmngr/ks-engine-ldap.c: New file. * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h. (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
This commit is contained in:
parent
81e8306085
commit
51341badb6
@ -62,7 +62,9 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
|
|||||||
cdb.h cdblib.c misc.c dirmngr-err.h \
|
cdb.h cdblib.c misc.c dirmngr-err.h \
|
||||||
ocsp.c ocsp.h validate.c validate.h \
|
ocsp.c ocsp.h validate.c validate.h \
|
||||||
ks-action.c ks-action.h ks-engine.h \
|
ks-action.c ks-action.h ks-engine.h \
|
||||||
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
|
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c \
|
||||||
|
ks-engine-ldap.c \
|
||||||
|
ldap-parse-uri.c ldap-parse-uri.h
|
||||||
|
|
||||||
if USE_LDAP
|
if USE_LDAP
|
||||||
dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
|
dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
|
||||||
@ -77,6 +79,9 @@ dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
|
|||||||
$(DNSLIBS) $(LIBASSUAN_LIBS) \
|
$(DNSLIBS) $(LIBASSUAN_LIBS) \
|
||||||
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
|
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
|
||||||
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
|
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
|
||||||
|
if USE_LDAP
|
||||||
|
dirmngr_LDADD += $(ldaplibs)
|
||||||
|
endif
|
||||||
if !USE_LDAPWRAPPER
|
if !USE_LDAPWRAPPER
|
||||||
dirmngr_LDADD += $(ldaplibs)
|
dirmngr_LDADD += $(ldaplibs)
|
||||||
endif
|
endif
|
||||||
@ -104,7 +109,8 @@ no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c
|
|||||||
|
|
||||||
t_common_src = t-support.h
|
t_common_src = t-support.h
|
||||||
# We need libcommontls, because we use the http functions.
|
# We need libcommontls, because we use the http functions.
|
||||||
t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o $(GPG_ERROR_LIBS)
|
t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o \
|
||||||
|
$(GPG_ERROR_LIBS) $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
|
||||||
|
|
||||||
module_tests = t-ldap-parse-uri
|
module_tests = t-ldap-parse-uri
|
||||||
t_ldap_parse_uri_SOURCES = \
|
t_ldap_parse_uri_SOURCES = \
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
/* ks-action.c - OpenPGP keyserver actions
|
/* ks-action.c - OpenPGP keyserver actions
|
||||||
* Copyright (C) 2011 Free Software Foundation, Inc.
|
* Copyright (C) 2011 Free Software Foundation, Inc.
|
||||||
* Copyright (C) 2011, 2014 Werner Koch
|
* Copyright (C) 2011, 2014 Werner Koch
|
||||||
|
* Copyright (C) 2015 g10 Code GmbH
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -29,7 +30,7 @@
|
|||||||
#include "misc.h"
|
#include "misc.h"
|
||||||
#include "ks-engine.h"
|
#include "ks-engine.h"
|
||||||
#include "ks-action.h"
|
#include "ks-action.h"
|
||||||
|
#include "ldap-parse-uri.h"
|
||||||
|
|
||||||
/* Called by the engine's help functions to print the actual help. */
|
/* Called by the engine's help functions to print the actual help. */
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
@ -72,7 +73,11 @@ ks_action_help (ctrl_t ctrl, const char *url)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
err = http_parse_uri (&parsed_uri, url, 1);
|
if (ldap_uri_p (url))
|
||||||
|
err = ldap_parse_uri (&parsed_uri, url);
|
||||||
|
else
|
||||||
|
err = http_parse_uri (&parsed_uri, url, 1);
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@ -85,6 +90,8 @@ ks_action_help (ctrl_t ctrl, const char *url)
|
|||||||
err = ks_finger_help (ctrl, parsed_uri);
|
err = ks_finger_help (ctrl, parsed_uri);
|
||||||
if (!err)
|
if (!err)
|
||||||
err = ks_kdns_help (ctrl, parsed_uri);
|
err = ks_kdns_help (ctrl, parsed_uri);
|
||||||
|
if (!err)
|
||||||
|
err = ks_ldap_help (ctrl, parsed_uri);
|
||||||
|
|
||||||
if (!parsed_uri)
|
if (!parsed_uri)
|
||||||
ks_print_help (ctrl,
|
ks_print_help (ctrl,
|
||||||
@ -142,10 +149,18 @@ ks_action_search (ctrl_t ctrl, strlist_t patterns, estream_t outfp)
|
|||||||
stop at the first error. */
|
stop at the first error. */
|
||||||
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
|
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
|
||||||
{
|
{
|
||||||
if (uri->parsed_uri->is_http)
|
int is_http = uri->parsed_uri->is_http;
|
||||||
|
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|
||||||
|
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|
||||||
|
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
|
||||||
|
if (is_http || is_ldap)
|
||||||
{
|
{
|
||||||
any_server = 1;
|
any_server = 1;
|
||||||
err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
|
if (is_http)
|
||||||
|
err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
|
||||||
|
else if (is_ldap)
|
||||||
|
err = ks_ldap_search (ctrl, uri->parsed_uri, patterns->d, &infp);
|
||||||
|
|
||||||
if (!err)
|
if (!err)
|
||||||
{
|
{
|
||||||
err = copy_stream (infp, outfp);
|
err = copy_stream (infp, outfp);
|
||||||
@ -185,12 +200,20 @@ ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp)
|
|||||||
Need to think about a better strategy. */
|
Need to think about a better strategy. */
|
||||||
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
|
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
|
||||||
{
|
{
|
||||||
if (uri->parsed_uri->is_http)
|
int is_http = uri->parsed_uri->is_http;
|
||||||
|
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|
||||||
|
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|
||||||
|
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
|
||||||
|
if (is_http || is_ldap)
|
||||||
{
|
{
|
||||||
any_server = 1;
|
any_server = 1;
|
||||||
for (sl = patterns; !err && sl; sl = sl->next)
|
for (sl = patterns; !err && sl; sl = sl->next)
|
||||||
{
|
{
|
||||||
err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
|
if (is_http)
|
||||||
|
err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
|
||||||
|
else
|
||||||
|
err = ks_ldap_get (ctrl, uri->parsed_uri, sl->d, &infp);
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
/* It is possible that a server does not carry a
|
/* It is possible that a server does not carry a
|
||||||
@ -282,9 +305,14 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
|
|||||||
|
|
||||||
|
|
||||||
/* Send an OpenPGP key to all keyservers. The key in {DATA,DATALEN}
|
/* Send an OpenPGP key to all keyservers. The key in {DATA,DATALEN}
|
||||||
is expected in OpenPGP binary transport format. */
|
is expected to be in OpenPGP binary transport format. The metadata
|
||||||
|
in {INFO,INFOLEN} is in colon-separated format (concretely, it is
|
||||||
|
the output of 'for x in keys sigs; do gpg --list-$x --with-colons
|
||||||
|
KEYID; done'. This function may modify DATA and INFO. If this is
|
||||||
|
a problem, then the caller should create a copy. */
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
ks_action_put (ctrl_t ctrl, const void *data, size_t datalen)
|
ks_action_put (ctrl_t ctrl, void *data, size_t datalen,
|
||||||
|
void *info, size_t infolen)
|
||||||
{
|
{
|
||||||
gpg_error_t err = 0;
|
gpg_error_t err = 0;
|
||||||
gpg_error_t first_err = 0;
|
gpg_error_t first_err = 0;
|
||||||
@ -293,10 +321,20 @@ ks_action_put (ctrl_t ctrl, const void *data, size_t datalen)
|
|||||||
|
|
||||||
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
|
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
|
||||||
{
|
{
|
||||||
if (uri->parsed_uri->is_http)
|
int is_http = uri->parsed_uri->is_http;
|
||||||
|
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|
||||||
|
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|
||||||
|
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
|
||||||
|
|
||||||
|
if (is_http || is_ldap)
|
||||||
{
|
{
|
||||||
any_server = 1;
|
any_server = 1;
|
||||||
err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
|
if (is_http)
|
||||||
|
err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
|
||||||
|
else
|
||||||
|
err = ks_ldap_put (ctrl, uri->parsed_uri, data, datalen,
|
||||||
|
info, infolen);
|
||||||
|
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
first_err = err;
|
first_err = err;
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
/* ks-action.h - OpenPGP keyserver actions definitions
|
/* ks-action.h - OpenPGP keyserver actions definitions
|
||||||
* Copyright (C) 2011 Free Software Foundation, Inc.
|
* Copyright (C) 2011 Free Software Foundation, Inc.
|
||||||
|
* 2015 g10 Code GmbH
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -25,7 +26,8 @@ gpg_error_t ks_action_resolve (ctrl_t ctrl);
|
|||||||
gpg_error_t ks_action_search (ctrl_t ctrl, strlist_t patterns, estream_t outfp);
|
gpg_error_t ks_action_search (ctrl_t ctrl, strlist_t patterns, estream_t outfp);
|
||||||
gpg_error_t ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp);
|
gpg_error_t ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp);
|
||||||
gpg_error_t ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp);
|
gpg_error_t ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp);
|
||||||
gpg_error_t ks_action_put (ctrl_t ctrl, const void *data, size_t datalen);
|
gpg_error_t ks_action_put (ctrl_t ctrl, void *data, size_t datalen,
|
||||||
|
void *info, size_t infolen);
|
||||||
|
|
||||||
|
|
||||||
#endif /*DIRMNGR_KS_ACTION_H*/
|
#endif /*DIRMNGR_KS_ACTION_H*/
|
||||||
|
2055
dirmngr/ks-engine-ldap.c
Normal file
2055
dirmngr/ks-engine-ldap.c
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,6 @@
|
|||||||
/* ks-engine.h - Keyserver engines definitions
|
/* ks-engine.h - Keyserver engines definitions
|
||||||
* Copyright (C) 2011 Free Software Foundation, Inc.
|
* Copyright (C) 2011 Free Software Foundation, Inc.
|
||||||
|
* Copyright (C) 2015 g10 Code GmbH
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -52,6 +53,15 @@ gpg_error_t ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
|
|||||||
gpg_error_t ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri);
|
gpg_error_t ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri);
|
||||||
gpg_error_t ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
|
gpg_error_t ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
|
||||||
|
|
||||||
|
/*-- ks-engine-ldap.c --*/
|
||||||
|
gpg_error_t ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri);
|
||||||
|
gpg_error_t ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
|
||||||
|
estream_t *r_fp);
|
||||||
|
gpg_error_t ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri,
|
||||||
|
const char *keyspec, estream_t *r_fp);
|
||||||
|
gpg_error_t ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
|
||||||
|
void *data, size_t datalen,
|
||||||
|
void *info, size_t infolen);
|
||||||
|
|
||||||
|
|
||||||
#endif /*DIRMNGR_KS_ENGINE_H*/
|
#endif /*DIRMNGR_KS_ENGINE_H*/
|
||||||
|
@ -127,7 +127,7 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
|
|||||||
|
|
||||||
len = 0;
|
len = 0;
|
||||||
|
|
||||||
#define add(s) ({ if (s) len += strlen (s) + 1; })
|
#define add(s) { if (s) len += strlen (s) + 1; }
|
||||||
|
|
||||||
add (scheme);
|
add (scheme);
|
||||||
add (host);
|
add (host);
|
||||||
@ -144,27 +144,30 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
|
|||||||
|
|
||||||
buffer = puri->buffer;
|
buffer = puri->buffer;
|
||||||
|
|
||||||
#define copy(s) \
|
#define copy(to, s) \
|
||||||
({ \
|
do \
|
||||||
char *copy_result = NULL; \
|
{ \
|
||||||
if (s) \
|
if (s) \
|
||||||
{ \
|
{ \
|
||||||
copy_result = buffer; \
|
to = buffer; \
|
||||||
buffer = stpcpy (buffer, s) + 1; \
|
buffer = stpcpy (buffer, s) + 1; \
|
||||||
} \
|
} \
|
||||||
copy_result; \
|
} \
|
||||||
})
|
while (0)
|
||||||
|
|
||||||
puri->scheme = ascii_strlwr (copy (scheme));
|
copy (puri->scheme, scheme);
|
||||||
puri->host = copy (host);
|
/* Make sure the scheme is lower case. */
|
||||||
puri->path = copy (dn);
|
ascii_strlwr (puri->scheme);
|
||||||
puri->auth = copy (bindname);
|
|
||||||
|
copy (puri->host, host);
|
||||||
|
copy (puri->path, dn);
|
||||||
|
copy (puri->auth, bindname);
|
||||||
|
|
||||||
if (password)
|
if (password)
|
||||||
{
|
{
|
||||||
puri->query = calloc (sizeof (*puri->query), 1);
|
puri->query = calloc (sizeof (*puri->query), 1);
|
||||||
puri->query->name = "password";
|
puri->query->name = "password";
|
||||||
puri->query->value = copy (password);
|
copy (puri->query->value, password);
|
||||||
puri->query->valuelen = strlen (password) + 1;
|
puri->query->valuelen = strlen (password) + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
|
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
|
||||||
* Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2011 g10 Code GmbH
|
* Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2011 g10 Code GmbH
|
||||||
* Copyright (C) 2014 Werner Koch
|
* Copyright (C) 2014 Werner Koch
|
||||||
|
* Copyright (C) 2015 g10 Code GmbH
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -48,6 +49,7 @@
|
|||||||
#endif
|
#endif
|
||||||
#include "ks-action.h"
|
#include "ks-action.h"
|
||||||
#include "ks-engine.h" /* (ks_hkp_print_hosttable) */
|
#include "ks-engine.h" /* (ks_hkp_print_hosttable) */
|
||||||
|
#include "ldap-parse-uri.h"
|
||||||
|
|
||||||
/* To avoid DoS attacks we limit the size of a certificate to
|
/* To avoid DoS attacks we limit the size of a certificate to
|
||||||
something reasonable. */
|
something reasonable. */
|
||||||
@ -1524,7 +1526,10 @@ cmd_keyserver (assuan_context_t ctx, char *line)
|
|||||||
item->parsed_uri = NULL;
|
item->parsed_uri = NULL;
|
||||||
strcpy (item->uri, line);
|
strcpy (item->uri, line);
|
||||||
|
|
||||||
err = http_parse_uri (&item->parsed_uri, line, 1);
|
if (ldap_uri_p (item->uri))
|
||||||
|
err = ldap_parse_uri (&item->parsed_uri, line);
|
||||||
|
else
|
||||||
|
err = http_parse_uri (&item->parsed_uri, line, 1);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
xfree (item);
|
xfree (item);
|
||||||
@ -1709,13 +1714,15 @@ static const char hlp_ks_put[] =
|
|||||||
"\n"
|
"\n"
|
||||||
" INQUIRE KEYBLOCK\n"
|
" INQUIRE KEYBLOCK\n"
|
||||||
"\n"
|
"\n"
|
||||||
"The client shall respond with a binary version of the keyblock. For LDAP\n"
|
"The client shall respond with a binary version of the keyblock (e.g.,\n"
|
||||||
|
"the output of `gpg --export KEYID'). For LDAP\n"
|
||||||
"keyservers Dirmngr may ask for meta information of the provided keyblock\n"
|
"keyservers Dirmngr may ask for meta information of the provided keyblock\n"
|
||||||
"using:\n"
|
"using:\n"
|
||||||
"\n"
|
"\n"
|
||||||
" INQUIRE KEYBLOCK_INFO\n"
|
" INQUIRE KEYBLOCK_INFO\n"
|
||||||
"\n"
|
"\n"
|
||||||
"The client shall respond with a colon delimited info lines";
|
"The client shall respond with a colon delimited info lines (the output\n"
|
||||||
|
"of 'for x in keys sigs; do gpg --list-$x --with-colons KEYID; done').\n";
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
cmd_ks_put (assuan_context_t ctx, char *line)
|
cmd_ks_put (assuan_context_t ctx, char *line)
|
||||||
{
|
{
|
||||||
@ -1755,7 +1762,7 @@ cmd_ks_put (assuan_context_t ctx, char *line)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Send the key. */
|
/* Send the key. */
|
||||||
err = ks_action_put (ctrl, value, valuelen);
|
err = ks_action_put (ctrl, value, valuelen, info, infolen);
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
xfree (info);
|
xfree (info);
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
/* call-dirmngr.c - GPG operations to the Dirmngr.
|
/* call-dirmngr.c - GPG operations to the Dirmngr.
|
||||||
* Copyright (C) 2011 Free Software Foundation, Inc.
|
* Copyright (C) 2011 Free Software Foundation, Inc.
|
||||||
|
* Copyright (C) 2015 g10 Code GmbH
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -585,6 +586,117 @@ gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
record_output (estream_t output,
|
||||||
|
pkttype_t type,
|
||||||
|
const char *validity,
|
||||||
|
/* The public key length or -1. */
|
||||||
|
int pub_key_length,
|
||||||
|
/* The public key algo or -1. */
|
||||||
|
int pub_key_algo,
|
||||||
|
/* 2 ulongs or NULL. */
|
||||||
|
const u32 *keyid,
|
||||||
|
/* The creation / expiration date or 0. */
|
||||||
|
u32 creation_date,
|
||||||
|
u32 expiration_date,
|
||||||
|
const char *userid)
|
||||||
|
{
|
||||||
|
const char *type_str = NULL;
|
||||||
|
char *pub_key_length_str = NULL;
|
||||||
|
char *pub_key_algo_str = NULL;
|
||||||
|
char *keyid_str = NULL;
|
||||||
|
char *creation_date_str = NULL;
|
||||||
|
char *expiration_date_str = NULL;
|
||||||
|
char *userid_escaped = NULL;
|
||||||
|
|
||||||
|
switch (type)
|
||||||
|
{
|
||||||
|
case PKT_PUBLIC_KEY:
|
||||||
|
type_str = "pub";
|
||||||
|
break;
|
||||||
|
case PKT_PUBLIC_SUBKEY:
|
||||||
|
type_str = "sub";
|
||||||
|
break;
|
||||||
|
case PKT_USER_ID:
|
||||||
|
type_str = "uid";
|
||||||
|
break;
|
||||||
|
case PKT_SIGNATURE:
|
||||||
|
type_str = "sig";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
assert (! "Unhandled type.");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pub_key_length > 0)
|
||||||
|
pub_key_length_str = xasprintf ("%d", pub_key_length);
|
||||||
|
|
||||||
|
if (pub_key_algo != -1)
|
||||||
|
pub_key_algo_str = xasprintf ("%d", pub_key_algo);
|
||||||
|
|
||||||
|
if (keyid)
|
||||||
|
keyid_str = xasprintf ("%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]);
|
||||||
|
|
||||||
|
if (creation_date)
|
||||||
|
creation_date_str = xstrdup (colon_strtime (creation_date));
|
||||||
|
|
||||||
|
if (expiration_date)
|
||||||
|
expiration_date_str = xstrdup (colon_strtime (expiration_date));
|
||||||
|
|
||||||
|
/* Quote ':', '%', and any 8-bit characters. */
|
||||||
|
if (userid)
|
||||||
|
{
|
||||||
|
int r;
|
||||||
|
int w = 0;
|
||||||
|
|
||||||
|
int len = strlen (userid);
|
||||||
|
/* A 100k character limit on the uid should be way more than
|
||||||
|
enough. */
|
||||||
|
if (len > 100 * 1024)
|
||||||
|
len = 100 * 1024;
|
||||||
|
|
||||||
|
/* The minimum amount of space that we need. */
|
||||||
|
userid_escaped = xmalloc (len * 3 + 1);
|
||||||
|
|
||||||
|
for (r = 0; r < len; r++)
|
||||||
|
{
|
||||||
|
if (userid[r] == ':' || userid[r]== '%' || (userid[r] & 0x80))
|
||||||
|
{
|
||||||
|
sprintf (&userid_escaped[w], "%%%02X", (byte) userid[r]);
|
||||||
|
w += 3;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
userid_escaped[w ++] = userid[r];
|
||||||
|
}
|
||||||
|
userid_escaped[w] = '\0';
|
||||||
|
}
|
||||||
|
|
||||||
|
es_fprintf (output, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n",
|
||||||
|
type_str,
|
||||||
|
validity ?: "",
|
||||||
|
pub_key_length_str ?: "",
|
||||||
|
pub_key_algo_str ?: "",
|
||||||
|
keyid_str ?: "",
|
||||||
|
creation_date_str ?: "",
|
||||||
|
expiration_date_str ?: "",
|
||||||
|
"" /* Certificate S/N */,
|
||||||
|
"" /* Ownertrust. */,
|
||||||
|
userid_escaped ?: "",
|
||||||
|
"" /* Signature class. */,
|
||||||
|
"" /* Key capabilities. */,
|
||||||
|
"" /* Issuer certificate fingerprint. */,
|
||||||
|
"" /* Flag field. */,
|
||||||
|
"" /* S/N of a token. */,
|
||||||
|
"" /* Hash algo. */,
|
||||||
|
"" /* Curve name. */);
|
||||||
|
|
||||||
|
xfree (userid_escaped);
|
||||||
|
xfree (expiration_date_str);
|
||||||
|
xfree (creation_date_str);
|
||||||
|
xfree (keyid_str);
|
||||||
|
xfree (pub_key_algo_str);
|
||||||
|
xfree (pub_key_length_str);
|
||||||
|
}
|
||||||
|
|
||||||
/* Handle the KS_PUT inquiries. */
|
/* Handle the KS_PUT inquiries. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ks_put_inq_cb (void *opaque, const char *line)
|
ks_put_inq_cb (void *opaque, const char *line)
|
||||||
@ -607,53 +719,80 @@ ks_put_inq_cb (void *opaque, const char *line)
|
|||||||
if (!fp)
|
if (!fp)
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
|
|
||||||
|
/* Note: the output format for the INFO block follows the colon
|
||||||
|
format as described in doc/DETAILS. We don't actually reuse
|
||||||
|
the functionality from g10/keylist.c to produce the output,
|
||||||
|
because we don't need all of it and some of it is quite
|
||||||
|
expensive to generate.
|
||||||
|
|
||||||
|
The fields are (the starred fields are the ones we need):
|
||||||
|
|
||||||
|
* Field 1 - Type of record
|
||||||
|
* Field 2 - Validity
|
||||||
|
* Field 3 - Key length
|
||||||
|
* Field 4 - Public key algorithm
|
||||||
|
* Field 5 - KeyID
|
||||||
|
* Field 6 - Creation date
|
||||||
|
* Field 7 - Expiration date
|
||||||
|
Field 8 - Certificate S/N, UID hash, trust signature info
|
||||||
|
Field 9 - Ownertrust
|
||||||
|
* Field 10 - User-ID
|
||||||
|
Field 11 - Signature class
|
||||||
|
Field 12 - Key capabilities
|
||||||
|
Field 13 - Issuer certificate fingerprint or other info
|
||||||
|
Field 14 - Flag field
|
||||||
|
Field 15 - S/N of a token
|
||||||
|
Field 16 - Hash algorithm
|
||||||
|
Field 17 - Curve name
|
||||||
|
*/
|
||||||
for (node = parm->keyblock; !err && node; node=node->next)
|
for (node = parm->keyblock; !err && node; node=node->next)
|
||||||
{
|
{
|
||||||
switch(node->pkt->pkttype)
|
switch (node->pkt->pkttype)
|
||||||
{
|
{
|
||||||
case PKT_PUBLIC_KEY:
|
case PKT_PUBLIC_KEY:
|
||||||
case PKT_PUBLIC_SUBKEY:
|
case PKT_PUBLIC_SUBKEY:
|
||||||
{
|
{
|
||||||
PKT_public_key *pk = node->pkt->pkt.public_key;
|
PKT_public_key *pk = node->pkt->pkt.public_key;
|
||||||
|
|
||||||
|
char validity[3];
|
||||||
|
int i;
|
||||||
|
|
||||||
|
i = 0;
|
||||||
|
if (pk->flags.revoked)
|
||||||
|
validity[i ++] = 'r';
|
||||||
|
if (pk->has_expired)
|
||||||
|
validity[i ++] = 'e';
|
||||||
|
validity[i] = '\0';
|
||||||
|
|
||||||
keyid_from_pk (pk, NULL);
|
keyid_from_pk (pk, NULL);
|
||||||
|
|
||||||
es_fprintf (fp, "%s:%08lX%08lX:%u:%u:%u:%u:%s%s:\n",
|
record_output (fp, node->pkt->pkttype, validity,
|
||||||
node->pkt->pkttype==PKT_PUBLIC_KEY? "pub" : "sub",
|
nbits_from_pk (pk), pk->pubkey_algo,
|
||||||
(ulong)pk->keyid[0], (ulong)pk->keyid[1],
|
pk->keyid, pk->timestamp, pk->expiredate,
|
||||||
pk->pubkey_algo,
|
NULL);
|
||||||
nbits_from_pk (pk),
|
|
||||||
pk->timestamp,
|
|
||||||
pk->expiredate,
|
|
||||||
pk->flags.revoked? "r":"",
|
|
||||||
pk->has_expired? "e":"");
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case PKT_USER_ID:
|
case PKT_USER_ID:
|
||||||
{
|
{
|
||||||
PKT_user_id *uid = node->pkt->pkt.user_id;
|
PKT_user_id *uid = node->pkt->pkt.user_id;
|
||||||
int r;
|
|
||||||
|
|
||||||
if (!uid->attrib_data)
|
if (!uid->attrib_data)
|
||||||
{
|
{
|
||||||
es_fprintf (fp, "uid:");
|
char validity[3];
|
||||||
|
int i;
|
||||||
|
|
||||||
/* Quote ':', '%', and any 8-bit characters. */
|
i = 0;
|
||||||
for (r=0; r < uid->len; r++)
|
if (uid->is_revoked)
|
||||||
{
|
validity[i ++] = 'r';
|
||||||
if (uid->name[r] == ':'
|
if (uid->is_expired)
|
||||||
|| uid->name[r]== '%'
|
validity[i ++] = 'e';
|
||||||
|| (uid->name[r]&0x80))
|
validity[i] = '\0';
|
||||||
es_fprintf (fp, "%%%02X", (byte)uid->name[r]);
|
|
||||||
else
|
|
||||||
es_putc (uid->name[r], fp);
|
|
||||||
}
|
|
||||||
|
|
||||||
es_fprintf (fp, ":%u:%u:%s%s:\n",
|
record_output (fp, node->pkt->pkttype, validity,
|
||||||
uid->created,uid->expiredate,
|
-1, -1, NULL,
|
||||||
uid->is_revoked? "r":"",
|
uid->created, uid->expiredate,
|
||||||
uid->is_expired? "e":"");
|
uid->name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -667,12 +806,9 @@ ks_put_inq_cb (void *opaque, const char *line)
|
|||||||
PKT_signature *sig = node->pkt->pkt.signature;
|
PKT_signature *sig = node->pkt->pkt.signature;
|
||||||
|
|
||||||
if (IS_UID_SIG (sig))
|
if (IS_UID_SIG (sig))
|
||||||
{
|
record_output (fp, node->pkt->pkttype, NULL,
|
||||||
es_fprintf (fp, "sig:%08lX%08lX:%X:%u:%u:\n",
|
-1, -1, sig->keyid,
|
||||||
(ulong)sig->keyid[0],(ulong)sig->keyid[1],
|
sig->timestamp, sig->expiredate, NULL);
|
||||||
sig->sig_class, sig->timestamp,
|
|
||||||
sig->expiredate);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user