security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

* http.h, http.c (send_request): Pass in srvtag and make its presence

Browse Source 
sufficient to turn the feature on.  (http_open): From here.
(http_document): And here.

* gpgkeys_hkp.c (srv_replace): New function to transform a SRV
hostname to a real hostname.  (main): Call it from here for the
HAVE_LIBCURL case (without libcurl is handled via the curl-shim).

* curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): Add
a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).
This commit is contained in:
David Shaw 2009-05-28 04:25:25 +00:00
parent fb866ea151
commit a7205a080c
7 changed files with 125 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
common/ChangeLog
View File

@ -1,5 +1,12 @@
2009-05-27 David Shaw <dshaw@jabberwocky.com> 2009-05-27 David Shaw <dshaw@jabberwocky.com>
From 1.4:
* http.h, http.c (send_request): Pass in srvtag and make its
presence sufficient to turn the feature on.
(http_open): From here.
(http_document): And here.
* srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ * srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ
is too small these days. is too small these days.

23
common/http.c
View File

@ -128,8 +128,8 @@ static int remove_escapes (char *string);
static int insert_escapes (char *buffer, const char *string, static int insert_escapes (char *buffer, const char *string,
const char *special); const char *special);
static uri_tuple_t parse_tuple (char *string); static uri_tuple_t parse_tuple (char *string);
static gpg_error_t send_request (http_t hd, static gpg_error_t send_request (http_t hd, const char *auth,
const char *auth, const char *proxy); const char *proxy, const char *srvtag);
static char *build_rel_path (parsed_uri_t uri); static char *build_rel_path (parsed_uri_t uri);
static gpg_error_t parse_response (http_t hd); static gpg_error_t parse_response (http_t hd);
@ -317,7 +317,7 @@ http_register_tls_callback ( gpg_error_t (*cb) (http_t, void *, int) )
gpg_error_t gpg_error_t
http_open (http_t *r_hd, http_req_t reqtype, const char *url, http_open (http_t *r_hd, http_req_t reqtype, const char *url,
const char *auth, unsigned int flags, const char *proxy, const char *auth, unsigned int flags, const char *proxy,
void *tls_context) void *tls_context, const char *srvtag)
{ {
gpg_error_t err; gpg_error_t err;
http_t hd; http_t hd;
@ -338,7 +338,7 @@ http_open (http_t *r_hd, http_req_t reqtype, const char *url,
err = http_parse_uri (&hd->uri, url); err = http_parse_uri (&hd->uri, url);
if (!err) if (!err)
err = send_request (hd, auth, proxy); err = send_request (hd, auth, proxy, srvtag);
if (err) if (err)
{ {
@ -457,12 +457,12 @@ http_wait_response (http_t hd)
gpg_error_t gpg_error_t
http_open_document (http_t *r_hd, const char *document, http_open_document (http_t *r_hd, const char *document,
const char *auth, unsigned int flags, const char *proxy, const char *auth, unsigned int flags, const char *proxy,
void *tls_context) void *tls_context, const char *srvtag)
{ {
gpg_error_t err; gpg_error_t err;
err = http_open (r_hd, HTTP_REQ_GET, document, auth, flags, err = http_open (r_hd, HTTP_REQ_GET, document, auth, flags,
proxy, tls_context); proxy, tls_context, srvtag);
if (err) if (err)
return err; return err;
@ -835,7 +835,7 @@ parse_tuple (char *string)
* Returns 0 if the request was successful * Returns 0 if the request was successful
*/ */
static gpg_error_t static gpg_error_t
send_request (http_t hd, const char *auth, const char *proxy) send_request (http_t hd, const char *auth, const char *proxy,const char *srvtag)
{ {
gnutls_session_t tls_session; gnutls_session_t tls_session;
gpg_error_t err; gpg_error_t err;
@ -893,13 +893,13 @@ send_request (http_t hd, const char *auth, const char *proxy)
hd->sock = connect_server (*uri->host ? uri->host : "localhost", hd->sock = connect_server (*uri->host ? uri->host : "localhost",
uri->port ? uri->port : 80, uri->port ? uri->port : 80,
hd->flags, hd->uri->scheme); hd->flags, srvtag);
save_errno = errno; save_errno = errno;
http_release_parsed_uri (uri); http_release_parsed_uri (uri);
} }
else else
{ {
hd->sock = connect_server (server, port, hd->flags, hd->uri->scheme); hd->sock = connect_server (server, port, hd->flags, srvtag);
save_errno = errno; save_errno = errno;
} }
@ -1524,6 +1524,9 @@ connect_server (const char *server, unsigned short port,
int last_errno = 0; int last_errno = 0;
struct srventry *serverlist = NULL; struct srventry *serverlist = NULL;
/* Not currently using the flags */
(void)flags;
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
unsigned long inaddr; unsigned long inaddr;
@ -1559,7 +1562,7 @@ connect_server (const char *server, unsigned short port,
#ifdef USE_DNS_SRV #ifdef USE_DNS_SRV
/* Do the SRV thing */ /* Do the SRV thing */
if ((flags & HTTP_FLAG_TRY_SRV) && srvtag) if (srvtag)
{ {
/* We're using SRV, so append the tags. */ /* We're using SRV, so append the tags. */
if (1+strlen (srvtag) + 6 + strlen (server) + 1 <= MAXDNAME) if (1+strlen (srvtag) + 6 + strlen (server) + 1 <= MAXDNAME)

11
common/http.h
View File

@ -63,9 +63,8 @@ enum
{ {
HTTP_FLAG_TRY_PROXY = 1, HTTP_FLAG_TRY_PROXY = 1,
HTTP_FLAG_NO_SHUTDOWN = 2, HTTP_FLAG_NO_SHUTDOWN = 2,
HTTP_FLAG_TRY_SRV = 4, HTTP_FLAG_LOG_RESP = 4,
HTTP_FLAG_LOG_RESP = 8, HTTP_FLAG_NEED_HEADER = 8
HTTP_FLAG_NEED_HEADER = 16
}; };
struct http_context_s; struct http_context_s;
@ -82,7 +81,8 @@ gpg_error_t http_open (http_t *r_hd, http_req_t reqtype,
const char *auth, const char *auth,
unsigned int flags, unsigned int flags,
const char *proxy, const char *proxy,
void *tls_context); void *tls_context,
const char *srvtag);
void http_start_data (http_t hd); void http_start_data (http_t hd);
@ -95,7 +95,8 @@ gpg_error_t http_open_document (http_t *r_hd,
const char *auth, const char *auth,
unsigned int flags, unsigned int flags,
const char *proxy, const char *proxy,
void *tls_context); void *tls_context,
const char *srvtag);
#ifdef HTTP_USE_ESTREAM #ifdef HTTP_USE_ESTREAM
estream_t http_get_read_ptr (http_t hd); estream_t http_get_read_ptr (http_t hd);

13
keyserver/ChangeLog
View File

@ -1,3 +1,16 @@
2009-05-27 David Shaw <dshaw@jabberwocky.com>
From 1.4:
* gpgkeys_hkp.c (srv_replace): New function to transform a SRV
hostname to a real hostname.
(main): Call it from here for the HAVE_LIBCURL case (without
libcurl is handled via the curl-shim).
* curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform):
Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http
engine).
2009-05-10 David Shaw <dshaw@jabberwocky.com> 2009-05-10 David Shaw <dshaw@jabberwocky.com>
From 1.4: From 1.4:

7
keyserver/curl-shim.c
View File

@ -144,6 +144,9 @@ curl_easy_setopt(CURL *curl,CURLoption option,...)
case CURLOPT_POSTFIELDS: case CURLOPT_POSTFIELDS:
curl->postfields=va_arg(ap,char *); curl->postfields=va_arg(ap,char *);
break; break;
case CURLOPT_SRVTAG_GPG_HACK:
curl->srvtag=va_arg(ap,char *);
break;
case CURLOPT_FAILONERROR: case CURLOPT_FAILONERROR:
curl->flags.failonerror=va_arg(ap,long)?1:0; curl->flags.failonerror=va_arg(ap,long)?1:0;
break; break;
@ -193,7 +196,7 @@ curl_easy_perform(CURL *curl)
if(curl->flags.post) if(curl->flags.post)
{ {
rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth, rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
0, proxy, NULL); 0, proxy, NULL, curl->srvtag);
if (!rc) if (!rc)
{ {
unsigned int post_len = strlen(curl->postfields); unsigned int post_len = strlen(curl->postfields);
@ -216,7 +219,7 @@ curl_easy_perform(CURL *curl)
else else
{ {
rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth, rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
0, proxy, NULL); 0, proxy, NULL, curl->srvtag);
if (!rc) if (!rc)
{ {
rc = http_wait_response (curl->hd); rc = http_wait_response (curl->hd);

4
keyserver/curl-shim.h
View File

@ -48,7 +48,8 @@ typedef enum
CURLOPT_CAINFO, CURLOPT_CAINFO,
CURLOPT_POST, CURLOPT_POST,
CURLOPT_POSTFIELDS, CURLOPT_POSTFIELDS,
CURLOPT_FAILONERROR CURLOPT_FAILONERROR,
CURLOPT_SRVTAG_GPG_HACK
} CURLoption; } CURLoption;
typedef size_t (*write_func)(char *buffer,size_t size, typedef size_t (*write_func)(char *buffer,size_t size,
@ -63,6 +64,7 @@ typedef struct
write_func writer; write_func writer;
void *file; void *file;
char *postfields; char *postfields;
char *srvtag;
unsigned int status; unsigned int status;
FILE *errors; FILE *errors;
struct struct

95
keyserver/gpgkeys_hkp.c
View File

@ -43,6 +43,9 @@
#else #else
#include "curl-shim.h" #include "curl-shim.h"
#endif #endif
#ifdef USE_DNS_SRV
#include "srv.h"
#endif
#include "keyserver.h" #include "keyserver.h"
#include "ksutil.h" #include "ksutil.h"
@ -183,6 +186,7 @@ send_key(int *r_eof)
strcat(key,encoded_key); strcat(key,encoded_key);
strcpy(request,proto); strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host); strcat(request,opt->host);
strcat(request,":"); strcat(request,":");
strcat(request,port); strcat(request,port);
@ -247,6 +251,7 @@ get_key(char *getkey)
} }
strcpy(request,proto); strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host); strcat(request,opt->host);
strcat(request,":"); strcat(request,":");
strcat(request,port); strcat(request,port);
@ -325,6 +330,7 @@ get_name(const char *getkey)
fprintf(output,"NAME %s BEGIN\n",getkey); fprintf(output,"NAME %s BEGIN\n",getkey);
strcpy(request,proto); strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host); strcat(request,opt->host);
strcat(request,":"); strcat(request,":");
strcat(request,port); strcat(request,port);
@ -408,6 +414,7 @@ search_key(const char *searchkey)
fprintf(output,"SEARCH %s BEGIN\n",searchkey); fprintf(output,"SEARCH %s BEGIN\n",searchkey);
strcpy(request,proto); strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host); strcat(request,opt->host);
strcat(request,":"); strcat(request,":");
strcat(request,port); strcat(request,port);
@ -478,6 +485,51 @@ fail_all(struct keylist *keylist,int err)
} }
} }
#ifdef HAVE_LIBCURL
/* If there is a SRV record, take the highest ranked possibility.
This is a hack, as we don't proceed downwards. */
static void
srv_replace(void)
{
#ifdef USE_DNS_SRV
struct srventry *srvlist=NULL;
int srvcount;
if(1+strlen(opt->scheme)+6+strlen(opt->host)+1<=MAXDNAME)
{
char srvname[MAXDNAME];
strcpy(srvname,"_");
strcat(srvname,opt->scheme);
strcat(srvname,"._tcp.");
strcat(srvname,opt->host);
srvcount=getsrv(srvname,&srvlist);
}
if(srvlist)
{
char *newname,*newport;
newname=strdup(srvlist->target);
newport=malloc(MAX_PORT);
if(newname && newport)
{
free(opt->host);
free(opt->port);
opt->host=newname;
snprintf(newport,MAX_PORT,"%u",srvlist->port);
opt->port=newport;
}
else
{
free(newname);
free(newport);
}
}
#endif
}
#endif
static void static void
show_help (FILE *fp) show_help (FILE *fp)
{ {
@ -490,7 +542,7 @@ show_help (FILE *fp)
int int
main(int argc,char *argv[]) main(int argc,char *argv[])
{ {
int arg,ret=KEYSERVER_INTERNAL_ERROR; int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1;
char line[MAX_LINE]; char line[MAX_LINE];
int failed=0; int failed=0;
struct keylist *keylist=NULL,*keyptr=NULL; struct keylist *keylist=NULL,*keyptr=NULL;
@ -604,15 +656,14 @@ main(int argc,char *argv[])
} }
} }
} }
#if 0
else if(strcasecmp(start,"try-dns-srv")==0) else if(strcasecmp(start,"try-dns-srv")==0)
{ {
if(no) if(no)
http_flags&=~HTTP_FLAG_TRY_SRV; try_srv=0;
else else
http_flags|=HTTP_FLAG_TRY_SRV; try_srv=1;
} }
#endif
continue; continue;
} }
} }
@ -626,18 +677,15 @@ main(int argc,char *argv[])
if(ks_strcasecmp(opt->scheme,"hkps")==0) if(ks_strcasecmp(opt->scheme,"hkps")==0)
{ {
proto="https://"; proto="https";
port="443"; port="443";
} }
else else
{ {
proto="http://"; proto="http";
port="11371"; port="11371";
} }
if(opt->port)
port=opt->port;
if(!opt->host) if(!opt->host)
{ {
fprintf(console,"gpgkeys: no keyserver host provided\n"); fprintf(console,"gpgkeys: no keyserver host provided\n");
@ -659,6 +707,26 @@ main(int argc,char *argv[])
goto fail; goto fail;
} }
/* If the user gives a :port, then disable SRV. The semantics of a
specified port and SRV do not play well together. */
if(opt->port)
port=opt->port;
else if(try_srv)
{
#ifdef HAVE_LIBCURL
/* We're using libcurl, so fake SRV support via our wrapper.
This isn't as good as true SRV support, as we do not try all
possible targets at one particular level and work our way
down the list, but it's better than nothing. */
srv_replace();
#else
/* We're using our internal curl shim, so we can use its (true)
SRV support. Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real
libcurl option. It's specific to our shim. */
curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,opt->scheme);
#endif
}
curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer); curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
if(opt->auth) if(opt->auth)
@ -677,13 +745,6 @@ main(int argc,char *argv[])
if(proxy) if(proxy)
curl_easy_setopt(curl,CURLOPT_PROXY,proxy); curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
#if 0
/* By suggested convention, if the user gives a :port, then disable
SRV. */
if(opt->port)
http_flags&=~HTTP_FLAG_TRY_SRV;
#endif
/* If it's a GET or a SEARCH, the next thing to come in is the /* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */ keyids. If it's a SEND, then there are no keyids. */