security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

dirmngr: Add http proxy support for keyservers.

Browse Source 
* dirmngr/dirmngr.h (server_control_s): Add field http_proxy.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value
from OPT.
(dirmngr_deinit_default_ctrl): New.
(main): Call dirmngr_deinit_default_ctrl.
* dirmngr/server.c (start_command_handler): Ditto.
(option_handler): Add option "http-proxy".
* dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
* dirmngr/ks-engine-hkp.c (send_request): Add proxy support.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-04-21 17:14:53 +02:00
parent 727fe4f8d7
commit a0dead5edc
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
7 changed files with 36 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dirmngr/crlfetch.c
View File

@ -157,10 +157,6 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
char *free_this = NULL; char *free_this = NULL;
int redirects_left = 2; /* We allow for 2 redirect levels. */ int redirects_left = 2; /* We allow for 2 redirect levels. */
#ifndef USE_LDAP
(void)ctrl;
#endif
*reader = NULL; *reader = NULL;
if (!url) if (!url)
@ -202,7 +198,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
err = http_open_document (&hd, url, NULL, err = http_open_document (&hd, url, NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0), |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
opt.http_proxy, NULL, NULL, NULL); ctrl->http_proxy, NULL, NULL, NULL);
switch ( err? 99999 : http_get_status_code (hd) ) switch ( err? 99999 : http_get_status_code (hd) )
{ {

15
dirmngr/dirmngr.c
View File

@ -1277,6 +1277,7 @@ main (int argc, char **argv)
for (; !rc && argc; argc--, argv++) for (; !rc && argc; argc--, argv++)
rc = crl_cache_load (&ctrlbuf, *argv); rc = crl_cache_load (&ctrlbuf, *argv);
} }
dirmngr_deinit_default_ctrl (&ctrlbuf);
} }
else if (cmd == aFetchCRL) else if (cmd == aFetchCRL)
{ {
@ -1306,6 +1307,7 @@ main (int argc, char **argv)
argv[0], gpg_strerror (rc)); argv[0], gpg_strerror (rc));
crl_close_reader (reader); crl_close_reader (reader);
} }
dirmngr_deinit_default_ctrl (&ctrlbuf);
} }
else if (cmd == aFlush) else if (cmd == aFlush)
{ {
@ -1465,9 +1467,18 @@ dirmngr_exit (int rc)
void void
dirmngr_init_default_ctrl (ctrl_t ctrl) dirmngr_init_default_ctrl (ctrl_t ctrl)
{ {
(void)ctrl; if (opt.http_proxy)
ctrl->http_proxy = xstrdup (opt.http_proxy);
}
/* Nothing for now. */
void
dirmngr_deinit_default_ctrl (ctrl_t ctrl)
{
if (!ctrl)
return;
xfree (ctrl->http_proxy);
ctrl->http_proxy = NULL;
} }

4
dirmngr/dirmngr.h
View File

@ -99,7 +99,7 @@ struct
int disable_http; /* Do not use HTTP at all. */ int disable_http; /* Do not use HTTP at all. */
int disable_ldap; /* Do not use LDAP at all. */ int disable_ldap; /* Do not use LDAP at all. */
int honor_http_proxy; /* Honor the http_proxy env variable. */ int honor_http_proxy; /* Honor the http_proxy env variable. */
const char *http_proxy; /* Use given HTTP proxy. */ const char *http_proxy; /* The default HTTP proxy. */
const char *ldap_proxy; /* Use given LDAP proxy. */ const char *ldap_proxy; /* Use given LDAP proxy. */
int only_ldap_proxy; /* Only use the LDAP proxy; no fallback. */ int only_ldap_proxy; /* Only use the LDAP proxy; no fallback. */
int ignore_http_dp; /* Ignore HTTP CRL distribution points. */ int ignore_http_dp; /* Ignore HTTP CRL distribution points. */
@ -174,12 +174,14 @@ struct server_control_s
response. */ response. */
int audit_events; /* Send audit events to client. */ int audit_events; /* Send audit events to client. */
char *http_proxy; /* The used http_proxy or NULL. */
}; };
/*-- dirmngr.c --*/ /*-- dirmngr.c --*/
void dirmngr_exit( int ); /* Wrapper for exit() */ void dirmngr_exit( int ); /* Wrapper for exit() */
void dirmngr_init_default_ctrl (ctrl_t ctrl); void dirmngr_init_default_ctrl (ctrl_t ctrl);
void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
void dirmngr_sighup_action (void); void dirmngr_sighup_action (void);

4
dirmngr/ks-engine-hkp.c
View File

@ -965,8 +965,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
request, request,
httphost, httphost,
/* fixme: AUTH */ NULL, /* fixme: AUTH */ NULL,
httpflags, (httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)),
/* fixme: proxy*/ NULL, ctrl->http_proxy,
session, session,
NULL, NULL,
/*FIXME curl->srvtag*/NULL); /*FIXME curl->srvtag*/NULL);

4
dirmngr/ks-engine-http.c
View File

@ -77,8 +77,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
url, url,
/* httphost */ NULL, /* httphost */ NULL,
/* fixme: AUTH */ NULL, /* fixme: AUTH */ NULL,
0, (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
/* fixme: proxy*/ NULL, ctrl->http_proxy,
session, session,
NULL, NULL,
/*FIXME curl->srvtag*/NULL); /*FIXME curl->srvtag*/NULL);

2
dirmngr/ocsp.c
View File

@ -166,7 +166,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
once_more: once_more:
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL, err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0), (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
opt.http_proxy, NULL, NULL, NULL); ctrl->http_proxy, NULL, NULL, NULL);
if (err) if (err)
{ {
log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err)); log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err));

17
dirmngr/server.c
View File

@ -582,6 +582,7 @@ static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value) option_handler (assuan_context_t ctx, const char *key, const char *value)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
if (!strcmp (key, "force-crl-refresh")) if (!strcmp (key, "force-crl-refresh"))
{ {
@ -593,12 +594,21 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
int i = *value? atoi (value) : 0; int i = *value? atoi (value) : 0;
ctrl->audit_events = i; ctrl->audit_events = i;
} }
else if (!strcmp (key, "http-proxy"))
{
xfree (ctrl->http_proxy);
if (!*value || !strcmp (value, "none"))
ctrl->http_proxy = NULL;
else if (!(ctrl->http_proxy = xtrystrdup (value)))
err = gpg_error_from_syserror ();
}
else else
return gpg_error (GPG_ERR_UNKNOWN_OPTION); err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
return 0; return err;
} }
static const char hlp_ldapserver[] = static const char hlp_ldapserver[] =
"LDAPSERVER <data>\n" "LDAPSERVER <data>\n"
"\n" "\n"
@ -1633,7 +1643,7 @@ static const char hlp_ks_get[] =
"\n" "\n"
"Get the keys matching PATTERN from the configured OpenPGP keyservers\n" "Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
"(see command KEYSERVER). Each pattern should be a keyid, a fingerprint,\n" "(see command KEYSERVER). Each pattern should be a keyid, a fingerprint,\n"
"or an exact name indicastes by the '=' prefix."; "or an exact name indicated by the '=' prefix.";
static gpg_error_t static gpg_error_t
cmd_ks_get (assuan_context_t ctx, char *line) cmd_ks_get (assuan_context_t ctx, char *line)
{ {
@ -2096,6 +2106,7 @@ start_command_handler (assuan_fd_t fd)
{ {
release_ctrl_ocsp_certs (ctrl); release_ctrl_ocsp_certs (ctrl);
xfree (ctrl->server_local); xfree (ctrl->server_local);
dirmngr_deinit_default_ctrl (ctrl);
xfree (ctrl); xfree (ctrl);
} }
} }