mirror of git://git.gnupg.org/gnupg.git
dirmngr: Change DNS code to make additions easier.
* dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow adding more resource types.
This commit is contained in:
Werner Koch
parent
7faf45effc
commit
6cf80dc77e
|
|
@ -53,7 +53,7 @@
|
||||||
/* Not every installation has gotten around to supporting CERTs
|
/* Not every installation has gotten around to supporting CERTs
|
||||||
yet... */
|
yet... */
|
||||||
#ifndef T_CERT
|
#ifndef T_CERT
|
||||||
#define T_CERT 37
|
# define T_CERT 37
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* ADNS has no support for CERT yet. */
|
/* ADNS has no support for CERT yet. */
|
||||||
|
|
@ -69,7 +69,7 @@
|
||||||
string and returned at R_URL. If WANT_CERTTYPE is 0 this function
|
string and returned at R_URL. If WANT_CERTTYPE is 0 this function
|
||||||
returns the first CERT found with a supported type; it is expected
|
returns the first CERT found with a supported type; it is expected
|
||||||
that only one CERT record is used. If WANT_CERTTYPE is one of the
|
that only one CERT record is used. If WANT_CERTTYPE is one of the
|
||||||
supported certtypes only records wih this certtype are considered
|
supported certtypes only records with this certtype are considered
|
||||||
and the first found is returned. (R_KEY,R_KEYLEN) are optional. */
|
and the first found is returned. (R_KEY,R_KEYLEN) are optional. */
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
get_dns_cert (const char *name, int want_certtype,
|
get_dns_cert (const char *name, int want_certtype,
|
||||||
|
|
@ -282,83 +282,85 @@ get_dns_cert (const char *name, int want_certtype,
|
||||||
dlen = buf16_to_u16 (pt);
|
dlen = buf16_to_u16 (pt);
|
||||||
pt += 2;
|
pt += 2;
|
||||||
|
|
||||||
/* We asked for CERT and got something else - might be a
|
/* Check the type and parse. */
|
||||||
CNAME, so loop around again. */
|
if (type == T_CERT)
|
||||||
if (type != T_CERT)
|
|
||||||
{
|
{
|
||||||
pt += dlen;
|
/* We got a CERT type. */
|
||||||
continue;
|
ctype = buf16_to_u16 (pt);
|
||||||
}
|
pt += 2;
|
||||||
|
|
||||||
/* The CERT type */
|
/* Skip the CERT key tag and algo which we don't need. */
|
||||||
ctype = buf16_to_u16 (pt);
|
pt += 3;
|
||||||
pt += 2;
|
|
||||||
|
|
||||||
/* Skip the CERT key tag and algo which we don't need. */
|
dlen -= 5;
|
||||||
pt += 3;
|
|
||||||
|
|
||||||
dlen -= 5;
|
/* 15 bytes takes us to here */
|
||||||
|
if (want_certtype && want_certtype != ctype)
|
||||||
/* 15 bytes takes us to here */
|
; /* Not of the requested certtype. */
|
||||||
if (want_certtype && want_certtype != ctype)
|
else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
|
||||||
; /* Not of the requested certtype. */
|
|
||||||
else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
|
|
||||||
{
|
|
||||||
/* PGP type */
|
|
||||||
*r_key = xtrymalloc (dlen);
|
|
||||||
if (!*r_key)
|
|
||||||
err = gpg_err_make (default_errsource,
|
|
||||||
gpg_err_code_from_syserror ());
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
memcpy (*r_key, pt, dlen);
|
/* PGP type */
|
||||||
*r_keylen = dlen;
|
*r_key = xtrymalloc (dlen);
|
||||||
|
if (!*r_key)
|
||||||
|
err = gpg_err_make (default_errsource,
|
||||||
|
gpg_err_code_from_syserror ());
|
||||||
|
else
|
||||||
|
{
|
||||||
|
memcpy (*r_key, pt, dlen);
|
||||||
|
*r_keylen = dlen;
|
||||||
|
err = 0;
|
||||||
|
}
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
else if (ctype == DNS_CERTTYPE_IPGP
|
||||||
|
&& dlen && dlen < 1023 && dlen >= pt[0] + 1)
|
||||||
|
{
|
||||||
|
/* IPGP type */
|
||||||
|
*r_fprlen = pt[0];
|
||||||
|
if (*r_fprlen)
|
||||||
|
{
|
||||||
|
*r_fpr = xtrymalloc (*r_fprlen);
|
||||||
|
if (!*r_fpr)
|
||||||
|
{
|
||||||
|
err = gpg_err_make (default_errsource,
|
||||||
|
gpg_err_code_from_syserror ());
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
memcpy (*r_fpr, &pt[1], *r_fprlen);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
*r_fpr = NULL;
|
||||||
|
|
||||||
|
if (dlen > *r_fprlen + 1)
|
||||||
|
{
|
||||||
|
*r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
|
||||||
|
if (!*r_fpr)
|
||||||
|
{
|
||||||
|
err = gpg_err_make (default_errsource,
|
||||||
|
gpg_err_code_from_syserror ());
|
||||||
|
xfree (*r_fpr);
|
||||||
|
*r_fpr = NULL;
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
memcpy (*r_url, &pt[*r_fprlen + 1],
|
||||||
|
dlen - (*r_fprlen + 1));
|
||||||
|
(*r_url)[dlen - (*r_fprlen + 1)] = '\0';
|
||||||
|
}
|
||||||
|
else
|
||||||
|
*r_url = NULL;
|
||||||
|
|
||||||
err = 0;
|
err = 0;
|
||||||
|
goto leave;
|
||||||
}
|
}
|
||||||
goto leave;
|
|
||||||
|
/* No subtype matches, so continue with the next answer. */
|
||||||
|
pt += dlen;
|
||||||
}
|
}
|
||||||
else if (ctype == DNS_CERTTYPE_IPGP
|
else
|
||||||
&& dlen && dlen < 1023 && dlen >= pt[0] + 1)
|
|
||||||
{
|
{
|
||||||
/* IPGP type */
|
/* Not a requested type - might be a CNAME. Try next item. */
|
||||||
*r_fprlen = pt[0];
|
pt += dlen;
|
||||||
if (*r_fprlen)
|
|
||||||
{
|
|
||||||
*r_fpr = xtrymalloc (*r_fprlen);
|
|
||||||
if (!*r_fpr)
|
|
||||||
{
|
|
||||||
err = gpg_err_make (default_errsource,
|
|
||||||
gpg_err_code_from_syserror ());
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
memcpy (*r_fpr, &pt[1], *r_fprlen);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
*r_fpr = NULL;
|
|
||||||
|
|
||||||
if (dlen > *r_fprlen + 1)
|
|
||||||
{
|
|
||||||
*r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
|
|
||||||
if (!*r_fpr)
|
|
||||||
{
|
|
||||||
err = gpg_err_make (default_errsource,
|
|
||||||
gpg_err_code_from_syserror ());
|
|
||||||
xfree (*r_fpr);
|
|
||||||
*r_fpr = NULL;
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
memcpy (*r_url, &pt[*r_fprlen + 1], dlen - (*r_fprlen + 1));
|
|
||||||
(*r_url)[dlen - (*r_fprlen + 1)] = '\0';
|
|
||||||
}
|
|
||||||
else
|
|
||||||
*r_url = NULL;
|
|
||||||
|
|
||||||
err = 0;
|
|
||||||
goto leave;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Neither type matches, so go around to the next answer. */
|
|
||||||
pt += dlen;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue