mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Enhanced --auto-key-locate.
This commit is contained in:
parent
7707a7e5f8
commit
97ec9aac2b
5
NEWS
5
NEWS
@ -1,6 +1,11 @@
|
||||
Noteworthy changes in version 2.0.10 (unreleased)
|
||||
-------------------------------------------------
|
||||
|
||||
* New keyserver helper gpg2keys_kdns as generic DNS CERT lookup. Run
|
||||
with --help for a short description. Requires the ADNS library.
|
||||
|
||||
* New mechanisms "local" and "nodefault" for --auto-key-locate [gpg].
|
||||
Fixed a few problems with this option.
|
||||
|
||||
|
||||
Noteworthy changes in version 2.0.9 (2008-03-26)
|
||||
|
@ -1,3 +1,9 @@
|
||||
2008-04-08 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpg.texi (GPG Configuration Options): Change subkeys.pgp.net to
|
||||
keys.gnupg.net. Describe --auto-key-locate mechanisms local and
|
||||
nodefault.
|
||||
|
||||
2008-04-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* yat2m.c (proc_texi_cmd): Remove extra apostrophe from @samp and
|
||||
|
33
doc/gpg.texi
33
doc/gpg.texi
@ -1306,27 +1306,40 @@ GnuPG can automatically locate and retrieve keys as needed using this
|
||||
option. This happens when encrypting to an email address (in the
|
||||
"user@@example.com" form), and there are no user@@example.com keys on
|
||||
the local keyring. This option takes any number of the following
|
||||
arguments, in the order they are to be tried:
|
||||
mechanisms, in the order they are to be tried:
|
||||
|
||||
@table @asis
|
||||
|
||||
@item cert
|
||||
locate a key using DNS CERT, as specified in rfc4398.
|
||||
Locate a key using DNS CERT, as specified in rfc4398.
|
||||
|
||||
@item pka
|
||||
locate a key using DNS PKA.
|
||||
Locate a key using DNS PKA.
|
||||
|
||||
@item ldap
|
||||
locate a key using the PGP Universal method of checking
|
||||
"ldap://keys.(thedomain)".
|
||||
Locate a key using the PGP Universal method of checking
|
||||
@samp{ldap://keys.(thedomain)}.
|
||||
|
||||
@item keyserver
|
||||
locate a key using whatever keyserver is defined using the
|
||||
Locate a key using whatever keyserver is defined using the
|
||||
@option{--keyserver} option.
|
||||
|
||||
@item (keyserver URL)
|
||||
In addition, a keyserver URL as used in the @option{--keyserver} option may be
|
||||
used here to query that particular keyserver.
|
||||
@item keyserver-URL
|
||||
In addition, a keyserver URL as used in the @option{--keyserver} option
|
||||
may be used here to query that particular keyserver.
|
||||
|
||||
@item local
|
||||
Locate the key using the local keyrings. This mechanism allows to
|
||||
select the order a local key lookup is done. Thus using
|
||||
@samp{--auto-key-locate local} is identical to
|
||||
@option{--no-auto-key-locate}.
|
||||
|
||||
@item nodefault
|
||||
This flag disables the standard local key lookup, done before any of the
|
||||
mechanisms defined by the @option{--auto-key-locate} are tried. The
|
||||
position of this mechanism in the list does not matter. It is not
|
||||
required if @code{local} is also used.
|
||||
|
||||
@end table
|
||||
|
||||
@item --keyid-format @code{short|0xshort|long|0xlong}
|
||||
@ -1351,7 +1364,7 @@ from below, but apply only to this particular keyserver.
|
||||
|
||||
Most keyservers synchronize with each other, so there is generally no
|
||||
need to send keys to more than one server. The keyserver
|
||||
@code{hkp://subkeys.pgp.net} uses round robin DNS to give a different
|
||||
@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
|
||||
keyserver each time you use it.
|
||||
|
||||
@item --keyserver-options @code{name=value1 }
|
||||
|
@ -1,3 +1,20 @@
|
||||
2008-04-08 Werner Koch <wk@g10code.com>
|
||||
|
||||
* options.h (opt): Add AKL_NODEFAULT and AKL_LOCAL.
|
||||
* getkey.c (parse_auto_key_locate): Parse them.
|
||||
(get_pubkey_byname): Implement them. Add arg NO_AKL and use that
|
||||
in all cases where a local key is expected.
|
||||
* import.c (import_one): Fill in the fingerprint in all cases.
|
||||
Use log_get_stream.
|
||||
* keyserver.c (keyserver_import_pka): Set FPR to NULL on error.
|
||||
Return G10ERR_NO_PUBKEY if no PKA info is available or no key URI
|
||||
is given in the PKA record..
|
||||
(keyserver_import_cert): Return G10ERR_NO_PUBKEY if a CERT record
|
||||
was not found.
|
||||
|
||||
* getkey.c (get_pubkey_byname): Release FPR in the error case.
|
||||
Continue with next mechanism on error. Better diagnostics.
|
||||
|
||||
2008-04-07 Werner Koch <wk@g10code.com>
|
||||
|
||||
* keyserver.c (parse_keyserver_uri): Allow a default host name.
|
||||
@ -10121,7 +10138,7 @@ Thu Feb 12 22:24:42 1998 Werner Koch (wk@frodo)
|
||||
|
||||
|
||||
Copyright 1998,1999,2000,2001,2002,2003,2004,2005,
|
||||
2006,2007 Free Software Foundation, Inc.
|
||||
2006,2007,2008 Free Software Foundation, Inc.
|
||||
|
||||
This file is free software; as a special exception the author gives
|
||||
unlimited permission to copy and/or distribute it, with or without
|
||||
|
122
g10/getkey.c
122
g10/getkey.c
@ -1,6 +1,6 @@
|
||||
/* getkey.c - Get a key from the database
|
||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
|
||||
* 2006, 2007 Free Software Foundation, Inc.
|
||||
* 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -912,64 +912,91 @@ key_byname( GETKEY_CTX *retctx, strlist_t namelist,
|
||||
/* Find a public key from NAME and return the keyblock or the key. If
|
||||
ret_kdb is not NULL, the KEYDB handle used to locate this keyblock
|
||||
is returned and the caller is responsible for closing it. If a key
|
||||
was not found and NAME is a valid RFC822 mailbox and --auto-key-locate
|
||||
has been enabled, we try to import the key via the online mechanisms
|
||||
defined by --auto-key-locate. */
|
||||
was not found (or if local search has been disabled) and NAME is a
|
||||
valid RFC822 mailbox and --auto-key-locate has been enabled, we try
|
||||
to import the key via the online mechanisms defined by
|
||||
--auto-key-locate. */
|
||||
int
|
||||
get_pubkey_byname (PKT_public_key *pk,
|
||||
const char *name, KBNODE *ret_keyblock,
|
||||
KEYDB_HANDLE *ret_kdbhd, int include_unusable )
|
||||
KEYDB_HANDLE *ret_kdbhd, int include_unusable,
|
||||
int no_akl)
|
||||
{
|
||||
int rc;
|
||||
strlist_t namelist = NULL;
|
||||
struct akl *akl;
|
||||
int nodefault = 0;
|
||||
|
||||
add_to_strlist( &namelist, name );
|
||||
/* Check whether we the default local search has been disabled.
|
||||
This is the case if either the "nodefault" or the "local" keyword
|
||||
are in the list of auto key locate mechanisms. */
|
||||
if (!no_akl)
|
||||
{
|
||||
for (akl=opt.auto_key_locate; akl; akl=akl->next)
|
||||
if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
|
||||
{
|
||||
nodefault = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
rc = key_byname( NULL, namelist, pk, NULL, 0,
|
||||
if (nodefault)
|
||||
rc = G10ERR_NO_PUBKEY;
|
||||
else
|
||||
{
|
||||
add_to_strlist (&namelist, name);
|
||||
rc = key_byname (NULL, namelist, pk, NULL, 0,
|
||||
include_unusable, ret_keyblock, ret_kdbhd);
|
||||
}
|
||||
|
||||
/* If the requested name resembles a valid mailbox and automatic
|
||||
retrieval has been enabled, we try to import the key. */
|
||||
|
||||
if (rc == G10ERR_NO_PUBKEY && is_valid_mailbox(name))
|
||||
if (rc == G10ERR_NO_PUBKEY && !no_akl && is_valid_mailbox(name))
|
||||
{
|
||||
struct akl *akl;
|
||||
|
||||
for(akl=opt.auto_key_locate;akl;akl=akl->next)
|
||||
for (akl=opt.auto_key_locate; akl; akl=akl->next)
|
||||
{
|
||||
unsigned char *fpr=NULL;
|
||||
unsigned char *fpr = NULL;
|
||||
size_t fpr_len;
|
||||
int did_key_byname = 0;
|
||||
int no_fingerprint = 0;
|
||||
const char *mechanism = "?";
|
||||
|
||||
switch(akl->type)
|
||||
{
|
||||
case AKL_NODEFAULT:
|
||||
/* This is a dummy mechanism. */
|
||||
mechanism = "None";
|
||||
rc = G10ERR_NO_PUBKEY;
|
||||
break;
|
||||
|
||||
case AKL_LOCAL:
|
||||
mechanism = "Local";
|
||||
did_key_byname = 1;
|
||||
add_to_strlist (&namelist, name);
|
||||
rc = key_byname (NULL, namelist, pk, NULL, 0,
|
||||
include_unusable, ret_keyblock, ret_kdbhd);
|
||||
break;
|
||||
|
||||
case AKL_CERT:
|
||||
mechanism = "DNS CERT";
|
||||
glo_ctrl.in_auto_key_retrieve++;
|
||||
rc=keyserver_import_cert(name,&fpr,&fpr_len);
|
||||
glo_ctrl.in_auto_key_retrieve--;
|
||||
|
||||
if(rc==0)
|
||||
log_info(_("automatically retrieved `%s' via %s\n"),
|
||||
name,"DNS CERT");
|
||||
break;
|
||||
|
||||
case AKL_PKA:
|
||||
mechanism = "PKA";
|
||||
glo_ctrl.in_auto_key_retrieve++;
|
||||
rc=keyserver_import_pka(name,&fpr,&fpr_len);
|
||||
glo_ctrl.in_auto_key_retrieve--;
|
||||
|
||||
if(rc==0)
|
||||
log_info(_("automatically retrieved `%s' via %s\n"),
|
||||
name,"PKA");
|
||||
break;
|
||||
|
||||
case AKL_LDAP:
|
||||
mechanism = "LDAP";
|
||||
glo_ctrl.in_auto_key_retrieve++;
|
||||
rc=keyserver_import_ldap(name,&fpr,&fpr_len);
|
||||
glo_ctrl.in_auto_key_retrieve--;
|
||||
|
||||
if(rc==0)
|
||||
log_info(_("automatically retrieved `%s' via %s\n"),
|
||||
name,"LDAP");
|
||||
break;
|
||||
|
||||
case AKL_KEYSERVER:
|
||||
@ -979,13 +1006,15 @@ get_pubkey_byname (PKT_public_key *pk,
|
||||
and getting a whole lot of keys back. */
|
||||
if(opt.keyserver)
|
||||
{
|
||||
mechanism = opt.keyserver->uri;
|
||||
glo_ctrl.in_auto_key_retrieve++;
|
||||
rc=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
|
||||
glo_ctrl.in_auto_key_retrieve--;
|
||||
|
||||
if(rc==0)
|
||||
log_info(_("automatically retrieved `%s' via %s\n"),
|
||||
name,opt.keyserver->uri);
|
||||
}
|
||||
else
|
||||
{
|
||||
mechanism = "Unconfigured keyserver";
|
||||
rc = G10ERR_NO_PUBKEY;
|
||||
}
|
||||
break;
|
||||
|
||||
@ -993,14 +1022,11 @@ get_pubkey_byname (PKT_public_key *pk,
|
||||
{
|
||||
struct keyserver_spec *keyserver;
|
||||
|
||||
mechanism = akl->spec->uri;
|
||||
keyserver=keyserver_match(akl->spec);
|
||||
glo_ctrl.in_auto_key_retrieve++;
|
||||
rc=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
|
||||
glo_ctrl.in_auto_key_retrieve--;
|
||||
|
||||
if(rc==0)
|
||||
log_info(_("automatically retrieved `%s' via %s\n"),
|
||||
name,akl->spec->uri);
|
||||
}
|
||||
break;
|
||||
}
|
||||
@ -1027,15 +1053,30 @@ get_pubkey_byname (PKT_public_key *pk,
|
||||
log_info("auto-key-locate found fingerprint %s\n",fpr_string);
|
||||
|
||||
add_to_strlist( &namelist, fpr_string );
|
||||
|
||||
xfree(fpr);
|
||||
}
|
||||
else if (!rc && !fpr && !did_key_byname)
|
||||
{
|
||||
no_fingerprint = 1;
|
||||
rc = G10ERR_NO_PUBKEY;
|
||||
}
|
||||
xfree (fpr);
|
||||
fpr = NULL;
|
||||
|
||||
rc = key_byname( NULL, namelist, pk, NULL, 0,
|
||||
if (!rc && !did_key_byname)
|
||||
rc = key_byname (NULL, namelist, pk, NULL, 0,
|
||||
include_unusable, ret_keyblock, ret_kdbhd);
|
||||
if(rc!=G10ERR_NO_PUBKEY)
|
||||
if (!rc)
|
||||
{
|
||||
/* Key found. */
|
||||
log_info (_("automatically retrieved `%s' via %s\n"),
|
||||
name, mechanism);
|
||||
break;
|
||||
}
|
||||
if (rc != G10ERR_NO_PUBKEY || opt.verbose || no_fingerprint)
|
||||
log_info (_("error retrieving `%s' via %s: %s\n"),
|
||||
name, mechanism,
|
||||
no_fingerprint? _("No fingerprint"):g10_errstr(rc));
|
||||
}
|
||||
}
|
||||
|
||||
free_strlist( namelist );
|
||||
@ -2638,7 +2679,7 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
|
||||
rc = 0;
|
||||
while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) {
|
||||
/* If we are searching for the first key we have to make sure
|
||||
that the next interation does not no an implicit reset.
|
||||
that the next iteration does not do an implicit reset.
|
||||
This can be triggered by an empty key ring. */
|
||||
if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
|
||||
ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
|
||||
@ -2949,6 +2990,7 @@ release_akl(void)
|
||||
}
|
||||
}
|
||||
|
||||
/* Returns false on error. */
|
||||
int
|
||||
parse_auto_key_locate(char *options)
|
||||
{
|
||||
@ -2964,7 +3006,11 @@ parse_auto_key_locate(char *options)
|
||||
|
||||
akl=xmalloc_clear(sizeof(*akl));
|
||||
|
||||
if(ascii_strcasecmp(tok,"ldap")==0)
|
||||
if(ascii_strcasecmp(tok,"nodefault")==0)
|
||||
akl->type=AKL_NODEFAULT;
|
||||
else if(ascii_strcasecmp(tok,"local")==0)
|
||||
akl->type=AKL_LOCAL;
|
||||
else if(ascii_strcasecmp(tok,"ldap")==0)
|
||||
akl->type=AKL_LDAP;
|
||||
else if(ascii_strcasecmp(tok,"keyserver")==0)
|
||||
akl->type=AKL_KEYSERVER;
|
||||
|
@ -704,6 +704,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
I'm returning the favor. */
|
||||
{ oLocalUser, "sign-with", 2, "@" },
|
||||
{ oRecipient, "user", 2, "@" },
|
||||
|
||||
{ oRequireCrossCert, "require-backsigs", 0, "@"},
|
||||
{ oRequireCrossCert, "require-cross-certification", 0, "@"},
|
||||
{ oNoRequireCrossCert, "no-require-backsigs", 0, "@"},
|
||||
@ -1549,6 +1550,8 @@ gpgconf_list (const char *configfile)
|
||||
printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
printf ("allow-pka-lookup:%lu:\n", GC_OPT_FLAG_NONE);
|
||||
|
||||
xfree (configfile_esc);
|
||||
}
|
||||
|
55
g10/import.c
55
g10/import.c
@ -682,7 +682,7 @@ check_prefs(KBNODE keyblock)
|
||||
* Try to import one keyblock. Return an error only in serious cases, but
|
||||
* never for an invalid keyblock. It uses log_error to increase the
|
||||
* internal errorcount, so that invalid input can be detected by programs
|
||||
* which called g10.
|
||||
* which called gpg.
|
||||
*/
|
||||
static int
|
||||
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
|
||||
@ -697,6 +697,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
|
||||
int rc = 0;
|
||||
int new_key = 0;
|
||||
int mod_key = 0;
|
||||
int same_key = 0;
|
||||
int non_self = 0;
|
||||
|
||||
/* get the key and print some info about it */
|
||||
@ -715,12 +716,14 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
|
||||
nbits_from_pk( pk ),
|
||||
pubkey_letter( pk->pubkey_algo ),
|
||||
keystr_from_pk(pk), datestr_from_pk(pk) );
|
||||
if( uidnode )
|
||||
print_utf8_string( stderr, uidnode->pkt->pkt.user_id->name,
|
||||
if (uidnode)
|
||||
print_utf8_string (log_get_stream (),
|
||||
uidnode->pkt->pkt.user_id->name,
|
||||
uidnode->pkt->pkt.user_id->len );
|
||||
log_printf ("\n");
|
||||
}
|
||||
|
||||
|
||||
if( !uidnode )
|
||||
{
|
||||
log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
|
||||
@ -958,6 +961,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
|
||||
}
|
||||
else
|
||||
{
|
||||
same_key = 1;
|
||||
if (is_status_enabled ())
|
||||
print_import_ok (pk, NULL, 0);
|
||||
|
||||
@ -975,6 +979,33 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
|
||||
}
|
||||
|
||||
leave:
|
||||
if (mod_key || new_key || same_key)
|
||||
{
|
||||
/* A little explanation for this: we fill in the fingerprint
|
||||
when importing keys as it can be useful to know the
|
||||
fingerprint in certain keyserver-related cases (a keyserver
|
||||
asked for a particular name, but the key doesn't have that
|
||||
name). However, in cases where we're importing more than
|
||||
one key at a time, we cannot know which key to fingerprint.
|
||||
In these cases, rather than guessing, we do not
|
||||
fingerprinting at all, and we must hope the user ID on the
|
||||
keys are useful. Note that we need to do this for new
|
||||
keys, merged keys and even for unchanged keys. This is
|
||||
required because for example the --auto-key-locate feature
|
||||
may import an already imported key and needs to know the
|
||||
fingerprint of the key in all cases. */
|
||||
if (fpr)
|
||||
{
|
||||
xfree (*fpr);
|
||||
/* Note that we need to compare against 0 here because
|
||||
COUNT gets only incremented after returning form this
|
||||
function. */
|
||||
if (stats->count == 0)
|
||||
*fpr = fingerprint_from_pk (pk, NULL, fpr_len);
|
||||
else
|
||||
*fpr = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* Now that the key is definitely incorporated into the keydb, we
|
||||
need to check if a designated revocation is present or if the
|
||||
@ -988,24 +1019,6 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
|
||||
}
|
||||
else if(new_key)
|
||||
{
|
||||
/* A little explanation for this: we fill in the fingerprint
|
||||
when importing keys as it can be useful to know the
|
||||
fingerprint in certain keyserver-related cases (a keyserver
|
||||
asked for a particular name, but the key doesn't have that
|
||||
name). However, in cases where we're importing more than
|
||||
one key at a time, we cannot know which key to fingerprint.
|
||||
In these cases, rather than guessing, we do not fingerpring
|
||||
at all, and we must hope the user ID on the keys are
|
||||
useful. */
|
||||
if(fpr)
|
||||
{
|
||||
xfree(*fpr);
|
||||
if(stats->imported==1)
|
||||
*fpr=fingerprint_from_pk(pk,NULL,fpr_len);
|
||||
else
|
||||
*fpr=NULL;
|
||||
}
|
||||
|
||||
revocation_present(keyblock);
|
||||
if(!from_sk && seckey_available(keyid)==0)
|
||||
check_prefs(keyblock);
|
||||
|
@ -223,7 +223,7 @@ int get_pubkey_fast ( PKT_public_key *pk, u32 *keyid );
|
||||
KBNODE get_pubkeyblock( u32 *keyid );
|
||||
int get_pubkey_byname( PKT_public_key *pk, const char *name,
|
||||
KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd,
|
||||
int include_unusable );
|
||||
int include_unusable, int no_akl );
|
||||
int get_pubkey_bynames( GETKEY_CTX *rx, PKT_public_key *pk,
|
||||
strlist_t names, KBNODE *ret_keyblock );
|
||||
int get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock );
|
||||
|
@ -1544,7 +1544,7 @@ keyedit_menu( const char *username, strlist_t locusr,
|
||||
#endif
|
||||
|
||||
/* Get the public key */
|
||||
rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd, 1);
|
||||
rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd, 1, 1);
|
||||
if( rc )
|
||||
goto leave;
|
||||
if( fix_keyblock( keyblock ) )
|
||||
@ -3396,7 +3396,7 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
|
||||
GnuPG both can handle a designated revokation from a
|
||||
subkey. */
|
||||
revoker_pk->req_usage=PUBKEY_USAGE_CERT;
|
||||
rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
|
||||
rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1, 1);
|
||||
if(rc)
|
||||
{
|
||||
log_error (_("key \"%s\" not found: %s\n"),answer,g10_errstr(rc));
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* keyserver.c - generic keyserver code
|
||||
* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006,
|
||||
* 2007 Free Software Foundation, Inc.
|
||||
* 2007, 2008 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -2008,7 +2008,14 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
|
||||
*domain='.';
|
||||
|
||||
type=get_dns_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
|
||||
if(type==1)
|
||||
if (!type || type == -1)
|
||||
{
|
||||
/* There might be an error in res_query which leads to an error
|
||||
return (-1) in the case that nothing was found. Thus we take
|
||||
all errors as key not found. */
|
||||
rc = G10ERR_NO_PUBKEY;
|
||||
}
|
||||
else if (type==1)
|
||||
{
|
||||
int armor_status=opt.no_armor;
|
||||
|
||||
@ -2072,26 +2079,30 @@ int
|
||||
keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
|
||||
{
|
||||
char *uri;
|
||||
int rc=-1;
|
||||
int rc = G10ERR_NO_PUBKEY;
|
||||
|
||||
*fpr=xmalloc(20);
|
||||
*fpr_len=20;
|
||||
*fpr = xmalloc (20);
|
||||
*fpr_len = 20;
|
||||
|
||||
uri = get_pka_info (name, *fpr);
|
||||
if (uri)
|
||||
if (uri && *uri)
|
||||
{
|
||||
/* An URI is available. Lookup the key. */
|
||||
struct keyserver_spec *spec;
|
||||
spec = parse_keyserver_uri (uri, 1, NULL, 0);
|
||||
if (spec)
|
||||
{
|
||||
rc=keyserver_import_fprint (*fpr, 20, spec);
|
||||
rc = keyserver_import_fprint (*fpr, 20, spec);
|
||||
free_keyserver_spec (spec);
|
||||
}
|
||||
xfree (uri);
|
||||
}
|
||||
|
||||
if(rc!=0)
|
||||
if (rc)
|
||||
{
|
||||
xfree(*fpr);
|
||||
*fpr = NULL;
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
@ -235,7 +235,15 @@ struct
|
||||
keyring. */
|
||||
struct akl
|
||||
{
|
||||
enum {AKL_CERT, AKL_PKA, AKL_LDAP, AKL_KEYSERVER, AKL_SPEC} type;
|
||||
enum {
|
||||
AKL_NODEFAULT,
|
||||
AKL_LOCAL,
|
||||
AKL_CERT,
|
||||
AKL_PKA,
|
||||
AKL_LDAP,
|
||||
AKL_KEYSERVER,
|
||||
AKL_SPEC
|
||||
} type;
|
||||
struct keyserver_spec *spec;
|
||||
struct akl *next;
|
||||
} *auto_key_locate;
|
||||
|
@ -824,8 +824,9 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
|
||||
pk->req_usage = use;
|
||||
|
||||
/* We explicitly allow encrypt-to to an disabled key; thus
|
||||
we pass 1 as last argument. */
|
||||
if ( (rc = get_pubkey_byname ( pk, rov->d, NULL, NULL, 1 )) )
|
||||
we pass 1for the second last argument and 1 as the last
|
||||
argument to disable AKL. */
|
||||
if ( (rc = get_pubkey_byname (pk, rov->d, NULL, NULL, 1, 1)) )
|
||||
{
|
||||
free_public_key ( pk ); pk = NULL;
|
||||
log_error (_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
|
||||
@ -964,7 +965,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
|
||||
free_public_key (pk);
|
||||
pk = xmalloc_clear( sizeof *pk );
|
||||
pk->req_usage = use;
|
||||
rc = get_pubkey_byname( pk, answer, NULL, NULL, 0 );
|
||||
rc = get_pubkey_byname( pk, answer, NULL, NULL, 0, 0 );
|
||||
if (rc)
|
||||
tty_printf(_("No such user ID.\n"));
|
||||
else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
|
||||
@ -1037,8 +1038,8 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
|
||||
pk->req_usage = use;
|
||||
|
||||
/* The default recipient is allowed to be disabled; thus pass 1
|
||||
as last argument. */
|
||||
rc = get_pubkey_byname (pk, def_rec, NULL, NULL, 1);
|
||||
as second last argument. We also don't want an AKL. */
|
||||
rc = get_pubkey_byname (pk, def_rec, NULL, NULL, 1, 1);
|
||||
if (rc)
|
||||
log_error(_("unknown default recipient \"%s\"\n"), def_rec );
|
||||
else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, use)) )
|
||||
@ -1078,7 +1079,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
|
||||
|
||||
pk = xmalloc_clear( sizeof *pk );
|
||||
pk->req_usage = use;
|
||||
if ( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL, 0 )) )
|
||||
if ( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL, 0, 0 )) )
|
||||
{
|
||||
/* Key not found or other error. */
|
||||
free_public_key( pk ); pk = NULL;
|
||||
|
@ -1,3 +1,7 @@
|
||||
2008-04-08 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpgconf-comp.c (gc_options_gpg): Add --auto-key-locate.
|
||||
|
||||
2008-03-26 Werner Koch <wk@g10code.com>
|
||||
|
||||
* make-dns-cert.c: Include unistd.h. Use config.h if requested.
|
||||
|
@ -681,6 +681,9 @@ static gc_option_t gc_options_gpg[] =
|
||||
{ "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
|
||||
"gnupg", N_("allow PKA lookups (DNS requests)"),
|
||||
GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
|
||||
{ "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
|
||||
"gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
|
||||
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
|
||||
|
||||
|
||||
GC_OPTION_NULL
|
||||
|
Loading…
x
Reference in New Issue
Block a user