security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-26 22:29:58 +01:00
Code Activity

* keyserver.c (keyserver_import_ldap): Try a DNS-SD lookup to find a

Browse Source 
domain-specific LDAP server before resorting to keys.{domain}.
This commit is contained in:
David Shaw 2009-07-23 19:50:25 +00:00
parent 63fb9d249a
commit 91df5cb2e3
2 changed files with 55 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
g10/ChangeLog
View File

@ -1,3 +1,8 @@
2009-07-23 David Shaw <dshaw@jabberwocky.com>
* keyserver.c (keyserver_import_ldap): Try a DNS-SD lookup to find
a domain-specific LDAP server before resorting to keys.{domain}.
2009-07-23 Werner Koch <wk@g10code.com> 2009-07-23 Werner Koch <wk@g10code.com>
* trustdb.c (how_to_fix_the_trustdb): New. * trustdb.c (how_to_fix_the_trustdb): New.

63
g10/keyserver.c
View File

@ -38,6 +38,9 @@
#include "trustdb.h" #include "trustdb.h"
#include "keyserver-internal.h" #include "keyserver-internal.h"
#include "util.h" #include "util.h"
#ifdef USE_DNS_SRV
#include "srv.h"
#endif
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
/* It seems Vista doesn't grok X_OK and so fails access() tests. /* It seems Vista doesn't grok X_OK and so fails access() tests.
@ -2093,17 +2096,19 @@ keyserver_import_name(const char *name,unsigned char **fpr,size_t *fpr_len,
return rc; return rc;
} }
/* Use the PGP Universal trick of asking ldap://keys.(maildomain) for /* Import a key by name using LDAP */
the key. */
int int
keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len) keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
{ {
char *domain; char *domain;
struct keyserver_spec *keyserver; struct keyserver_spec *keyserver;
STRLIST list=NULL; STRLIST list=NULL;
int rc; int rc,hostlen=1;
#ifdef USE_DNS_SRV
append_to_strlist(&list,name); struct srventry *srvlist=NULL;
int srvcount,i;
char srvname[MAXDNAME];
#endif
/* Parse out the domain */ /* Parse out the domain */
domain=strrchr(name,'@'); domain=strrchr(name,'@');
@ -2113,16 +2118,48 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
domain++; domain++;
keyserver=xmalloc_clear(sizeof(struct keyserver_spec)); keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
keyserver->scheme=xstrdup("ldap"); keyserver->scheme=xstrdup("ldap");
keyserver->host=xmalloc(5+strlen(domain)+1); keyserver->host=xmalloc(1);
strcpy(keyserver->host,"keys."); keyserver->host[0]='\0';
#ifdef USE_DNS_SRV
snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
srvcount=getsrv(srvname,&srvlist);
for(i=0;i<srvcount;i++)
{
hostlen+=strlen(srvlist[i].target)+1;
keyserver->host=xrealloc(keyserver->host,hostlen);
strcat(keyserver->host,srvlist[i].target);
if(srvlist[i].port!=389)
{
char port[7];
hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
keyserver->host=xrealloc(keyserver->host,hostlen);
snprintf(port,7,":%u",srvlist[i].port);
strcat(keyserver->host,port);
}
strcat(keyserver->host," ");
}
free(srvlist);
#endif
/* If all else fails, do the PGP Universal trick of
ldap://keys.(domain) */
hostlen+=5+strlen(domain);
keyserver->host=xrealloc(keyserver->host,hostlen);
strcat(keyserver->host,"keys.");
strcat(keyserver->host,domain); strcat(keyserver->host,domain);
keyserver->uri=xmalloc(strlen(keyserver->scheme)+
3+strlen(keyserver->host)+1); append_to_strlist(&list,name);
strcpy(keyserver->uri,keyserver->scheme);
strcat(keyserver->uri,"://");
strcat(keyserver->uri,keyserver->host);
rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver); rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);