security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

* keyserver.c (keyserver_import_pka): New. Moved from

Browse Source 
getkey.c:get_pubkey_byname which was getting crowded.

* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records.  Can handle both the PGP (actual key) and IPGP (URL) CERT types.

* getkey.c (get_pubkey_byname): Call them both here.

* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
This commit is contained in:
David Shaw 2005-12-23 22:17:11 +00:00
parent 8b9c16ed0a
commit 846eefaa71
6 changed files with 161 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
g10/ChangeLog
View File

@ -1,6 +1,18 @@
2005-12-23 David Shaw <dshaw@jabberwocky.com>
* gpgv.c: Stub.
* keyserver.c (keyserver_import_pka): New. Moved from
getkey.c:get_pubkey_byname which was getting crowded.
* keyserver.c (keyserver_import_cert): Import a key found in DNS
via CERT records. Can handle both the PGP (actual key) and IPGP
(URL) CERT types.
* getkey.c (get_pubkey_byname): Call them both here.
* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
* gpgv.c: Stubs.
* keyserver-internal.h, keyserver.c (keyserver_spawn,
keyserver_work, keygerver_getname): New keyserver_getname function

55
g10/getkey.c
View File

@ -905,7 +905,7 @@ get_pubkey_byname (PKT_public_key *pk,
KEYDB_HANDLE *ret_kdbhd, int include_unusable )
{
int rc;
int tried_ks=0, tried_pka=0;
int tried_cert=0, tried_pka=0, tried_ks=0;
STRLIST namelist = NULL;
add_to_strlist( &namelist, name );
@ -915,6 +915,25 @@ get_pubkey_byname (PKT_public_key *pk,
if (rc == G10ERR_NO_PUBKEY && is_valid_mailbox(name))
{
int res;
if(!tried_cert
&& (opt.keyserver_options.options&KEYSERVER_AUTO_CERT_RETRIEVE))
{
tried_cert=1;
glo_ctrl.in_auto_key_retrieve++;
res=keyserver_import_cert(name);
glo_ctrl.in_auto_key_retrieve--;
if(res==0)
{
log_info(_("Automatically retrieved `%s' via %s\n"),
name,"DNS CERT");
goto retry;
}
}
if(!tried_pka
&& opt.allow_pka_lookup
&& (opt.keyserver_options.options&KEYSERVER_AUTO_PKA_RETRIEVE))
@ -922,29 +941,20 @@ get_pubkey_byname (PKT_public_key *pk,
/* If the requested name resembles a valid mailbox and
automatic retrieval via PKA records has been enabled, we
try to import the key via the URI and try again. */
unsigned char fpr[MAX_FINGERPRINT_LEN];
char *uri;
struct keyserver_spec *spec;
int try=1;
tried_pka=1;
uri = get_pka_info (name, fpr);
if (uri)
{
spec = parse_keyserver_uri (uri, 0, NULL, 0);
if (spec)
{
glo_ctrl.in_auto_key_retrieve++;
try=keyserver_import_fprint (fpr, 20, spec);
res=keyserver_import_pka(name);
glo_ctrl.in_auto_key_retrieve--;
free_keyserver_spec (spec);
}
xfree (uri);
}
if (try==0)
if(res==0)
{
log_info(_("Automatically retrieved `%s' via %s\n"),
name,"PKA");
goto retry;
}
}
/* Try keyserver last as it is likely to be the slowest.
Strictly speaking, we don't need to only use a valid mailbox
@ -952,14 +962,23 @@ get_pubkey_byname (PKT_public_key *pk,
with searching for something like "john" and getting a lot of
keys back. */
if(!tried_ks
&& opt.keyserver
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE))
{
tried_ks=1;
if(keyserver_getname(name)==0)
glo_ctrl.in_auto_key_retrieve++;
res=keyserver_import_name(name);
glo_ctrl.in_auto_key_retrieve--;
if(res==0)
{
log_info(_("Automatically retrieved `%s' via %s\n"),
name,opt.keyserver->uri);
goto retry;
}
}
}
free_strlist( namelist );
return rc;

17
g10/gpgv.c
View File

@ -270,7 +270,7 @@ get_ownertrust (PKT_public_key *pk)
}
/* Stub:
/* Stubs:
* Because we only work with trusted keys, it does not make sense to
* get them from a keyserver
*/
@ -280,19 +280,14 @@ keyserver_import_keyid( u32 *keyid, void *dummy )
return -1;
}
/* Stub:
* Because we only work with trusted keys, it does not make sense to
* get them from a keyserver
*/
int
keyserver_import_fprint (const byte *fprint, size_t fprint_len,
struct keyserver_spec *keyserver)
{
return -1;
}
keyserver_import_cert(const char *name) { return -1; }
int
keyserver_getname(const char *name) { return -1; }
keyserver_import_pka(const char *name) { return -1; }
int
keyserver_import_name(const char *name) { return -1; }
/* Stub:
* No encryption here but mainproc links to these functions.

4
g10/keyserver-internal.h
View File

@ -41,6 +41,8 @@ int keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver);
int keyserver_refresh(STRLIST users);
int keyserver_search(STRLIST tokens);
int keyserver_fetch(STRLIST urilist);
int keyserver_getname(const char *name);
int keyserver_import_cert(const char *name);
int keyserver_import_pka(const char *name);
int keyserver_import_name(const char *name);
#endif /* !_KEYSERVER_INTERNAL_H_ */

99
g10/keyserver.c
View File

@ -86,6 +86,8 @@ static struct parse_options keyserver_opts[]=
{"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
N_("automatically retrieve keys when verifying signatures")},
{"auto-pka-retrieve",KEYSERVER_AUTO_PKA_RETRIEVE,NULL,
N_("automatically retrieve keys from PKA records")},
{"auto-cert-retrieve",KEYSERVER_AUTO_CERT_RETRIEVE,NULL,
N_("automatically retrieve keys from DNS")},
{"try-dns-srv",KEYSERVER_TRY_DNS_SRV,NULL,
NULL},
@ -98,11 +100,19 @@ static int keyserver_work(enum ks_action action,STRLIST list,
KEYDB_SEARCH_DESC *desc,int count,
struct keyserver_spec *keyserver);
/* Reasonable guess */
#define DEFAULT_MAX_CERT_SIZE 16384
static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
int
parse_keyserver_options(char *options)
{
int ret=1;
char *tok;
char *max_cert;
keyserver_opts[7].value=&max_cert;
while((tok=optsep(&options)))
{
@ -163,6 +173,15 @@ parse_keyserver_options(char *options)
}
}
if(opt.keyserver_options.options&KEYSERVER_AUTO_CERT_RETRIEVE)
{
if(max_cert)
max_cert_size=strtoul(max_cert,(char **)NULL,10);
if(max_cert_size==0)
max_cert_size=DEFAULT_MAX_CERT_SIZE;
}
return ret;
}
@ -1895,8 +1914,86 @@ keyserver_fetch(STRLIST urilist)
return 0;
}
/* Import key in a CERT or pointed to by a CERT */
int
keyserver_getname(const char *name)
keyserver_import_cert(const char *name)
{
char *domain,*look,*url;
IOBUF key;
int type,rc=-1;
look=xstrdup(name);
domain=strrchr(look,'@');
if(domain)
*domain='.';
type=get_cert(look,max_cert_size,&key,&url);
if(type==1)
{
int armor_status=opt.no_armor;
/* CERTs are always in binary format */
opt.no_armor=1;
rc=import_keys_stream(key,NULL,opt.keyserver_options.import_options);
opt.no_armor=armor_status;
iobuf_close(key);
}
else if(type==2)
{
struct keyserver_spec *spec;
spec=parse_keyserver_uri(url,1,NULL,0);
if(spec)
{
STRLIST list=NULL;
add_to_strlist(&list,url);
rc=keyserver_fetch(list);
free_strlist(list);
free_keyserver_spec(spec);
}
xfree(url);
}
xfree(look);
return rc;
}
/* Import key pointed to by a PKA record */
int
keyserver_import_pka(const char *name)
{
unsigned char fpr[MAX_FINGERPRINT_LEN];
char *uri;
int rc=-1;
uri = get_pka_info (name, fpr);
if (uri)
{
struct keyserver_spec *spec;
spec = parse_keyserver_uri (uri, 0, NULL, 0);
if (spec)
{
rc=keyserver_import_fprint (fpr, 20, spec);
free_keyserver_spec (spec);
}
xfree (uri);
}
return rc;
}
/* Import all keys that match name */
int
keyserver_import_name(const char *name)
{
STRLIST list=NULL;
int rc;

1
g10/options.h
View File

@ -312,5 +312,6 @@ struct {
#define KEYSERVER_TRY_DNS_SRV (1<<6)
#define KEYSERVER_HONOR_KEYSERVER_URL (1<<7)
#define KEYSERVER_AUTO_PKA_RETRIEVE (1<<8)
#define KEYSERVER_AUTO_CERT_RETRIEVE (1<<9)
#endif /*G10_OPTIONS_H*/