security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

* http.h, http.c (send_request): Pass in srvtag and make its presence

Browse Source 
sufficient to turn the feature on.  (http_open): From here.
(http_document): And here.

* gpgkeys_hkp.c (srv_replace): New function to transform a SRV
hostname to a real hostname.  (main): Call it from here for the
HAVE_LIBCURL case (without libcurl is handled via the curl-shim).

* curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): Add
a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).
This commit is contained in:
David Shaw 2009-05-28 04:25:25 +00:00
parent fb866ea151
commit a7205a080c
7 changed files with 125 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
common/ChangeLog
View File

@ -1,5 +1,12 @@
2009-05-27 David Shaw <dshaw@jabberwocky.com>
From 1.4:
* http.h, http.c (send_request): Pass in srvtag and make its
presence sufficient to turn the feature on.
(http_open): From here.
(http_document): And here.
* srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ
is too small these days.

23
common/http.c
View File

@ -128,8 +128,8 @@ static int remove_escapes (char *string);
static int insert_escapes (char *buffer, const char *string,
const char *special);
static uri_tuple_t parse_tuple (char *string);
static gpg_error_t send_request (http_t hd,
const char *auth, const char *proxy);
static gpg_error_t send_request (http_t hd, const char *auth,
const char *proxy, const char *srvtag);
static char *build_rel_path (parsed_uri_t uri);
static gpg_error_t parse_response (http_t hd);
@ -317,7 +317,7 @@ http_register_tls_callback ( gpg_error_t (*cb) (http_t, void *, int) )
gpg_error_t
http_open (http_t *r_hd, http_req_t reqtype, const char *url,
const char *auth, unsigned int flags, const char *proxy,
void *tls_context)
void *tls_context, const char *srvtag)
{
gpg_error_t err;
http_t hd;
@ -338,7 +338,7 @@ http_open (http_t *r_hd, http_req_t reqtype, const char *url,
err = http_parse_uri (&hd->uri, url);
if (!err)
err = send_request (hd, auth, proxy);
err = send_request (hd, auth, proxy, srvtag);
if (err)
{
@ -457,12 +457,12 @@ http_wait_response (http_t hd)
gpg_error_t
http_open_document (http_t *r_hd, const char *document,
const char *auth, unsigned int flags, const char *proxy,
void *tls_context)
void *tls_context, const char *srvtag)
{
gpg_error_t err;
err = http_open (r_hd, HTTP_REQ_GET, document, auth, flags,
proxy, tls_context);
proxy, tls_context, srvtag);
if (err)
return err;
@ -835,7 +835,7 @@ parse_tuple (char *string)
* Returns 0 if the request was successful
*/
static gpg_error_t
send_request (http_t hd, const char *auth, const char *proxy)
send_request (http_t hd, const char *auth, const char *proxy,const char *srvtag)
{
gnutls_session_t tls_session;
gpg_error_t err;
@ -893,13 +893,13 @@ send_request (http_t hd, const char *auth, const char *proxy)
hd->sock = connect_server (*uri->host ? uri->host : "localhost",
uri->port ? uri->port : 80,
hd->flags, hd->uri->scheme);
hd->flags, srvtag);
save_errno = errno;
http_release_parsed_uri (uri);
}
else
{
hd->sock = connect_server (server, port, hd->flags, hd->uri->scheme);
hd->sock = connect_server (server, port, hd->flags, srvtag);
save_errno = errno;
}
@ -1524,6 +1524,9 @@ connect_server (const char *server, unsigned short port,
int last_errno = 0;
struct srventry *serverlist = NULL;
/* Not currently using the flags */
(void)flags;
#ifdef HAVE_W32_SYSTEM
unsigned long inaddr;
@ -1559,7 +1562,7 @@ connect_server (const char *server, unsigned short port,
#ifdef USE_DNS_SRV
/* Do the SRV thing */
if ((flags & HTTP_FLAG_TRY_SRV) && srvtag)
if (srvtag)
{
/* We're using SRV, so append the tags. */
if (1+strlen (srvtag) + 6 + strlen (server) + 1 <= MAXDNAME)

11
common/http.h
View File

@ -63,9 +63,8 @@ enum
{
HTTP_FLAG_TRY_PROXY = 1,
HTTP_FLAG_NO_SHUTDOWN = 2,
HTTP_FLAG_TRY_SRV = 4,
HTTP_FLAG_LOG_RESP = 8,
HTTP_FLAG_NEED_HEADER = 16
HTTP_FLAG_LOG_RESP = 4,
HTTP_FLAG_NEED_HEADER = 8
};
struct http_context_s;
@ -82,7 +81,8 @@ gpg_error_t http_open (http_t *r_hd, http_req_t reqtype,
const char *auth,
unsigned int flags,
const char *proxy,
void *tls_context);
void *tls_context,
const char *srvtag);
void http_start_data (http_t hd);
@ -95,7 +95,8 @@ gpg_error_t http_open_document (http_t *r_hd,
const char *auth,
unsigned int flags,
const char *proxy,
void *tls_context);
void *tls_context,
const char *srvtag);
#ifdef HTTP_USE_ESTREAM
estream_t http_get_read_ptr (http_t hd);

13
keyserver/ChangeLog
View File

@ -1,3 +1,16 @@
2009-05-27 David Shaw <dshaw@jabberwocky.com>
From 1.4:
* gpgkeys_hkp.c (srv_replace): New function to transform a SRV
hostname to a real hostname.
(main): Call it from here for the HAVE_LIBCURL case (without
libcurl is handled via the curl-shim).
* curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform):
Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http
engine).
2009-05-10 David Shaw <dshaw@jabberwocky.com>
From 1.4:

7
keyserver/curl-shim.c
View File

@ -144,6 +144,9 @@ curl_easy_setopt(CURL *curl,CURLoption option,...)
case CURLOPT_POSTFIELDS:
curl->postfields=va_arg(ap,char *);
break;
case CURLOPT_SRVTAG_GPG_HACK:
curl->srvtag=va_arg(ap,char *);
break;
case CURLOPT_FAILONERROR:
curl->flags.failonerror=va_arg(ap,long)?1:0;
break;
@ -193,7 +196,7 @@ curl_easy_perform(CURL *curl)
if(curl->flags.post)
{
rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
0, proxy, NULL);
0, proxy, NULL, curl->srvtag);
if (!rc)
{
unsigned int post_len = strlen(curl->postfields);
@ -216,7 +219,7 @@ curl_easy_perform(CURL *curl)
else
{
rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
0, proxy, NULL);
0, proxy, NULL, curl->srvtag);
if (!rc)
{
rc = http_wait_response (curl->hd);

4
keyserver/curl-shim.h
View File

@ -48,7 +48,8 @@ typedef enum
CURLOPT_CAINFO,
CURLOPT_POST,
CURLOPT_POSTFIELDS,
CURLOPT_FAILONERROR
CURLOPT_FAILONERROR,
CURLOPT_SRVTAG_GPG_HACK
} CURLoption;
typedef size_t (*write_func)(char *buffer,size_t size,
@ -63,6 +64,7 @@ typedef struct
write_func writer;
void *file;
char *postfields;
char *srvtag;
unsigned int status;
FILE *errors;
struct

95
keyserver/gpgkeys_hkp.c
View File

@ -43,6 +43,9 @@
#else
#include "curl-shim.h"
#endif
#ifdef USE_DNS_SRV
#include "srv.h"
#endif
#include "keyserver.h"
#include "ksutil.h"
@ -183,6 +186,7 @@ send_key(int *r_eof)
strcat(key,encoded_key);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
@ -247,6 +251,7 @@ get_key(char *getkey)
}
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
@ -325,6 +330,7 @@ get_name(const char *getkey)
fprintf(output,"NAME %s BEGIN\n",getkey);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
@ -408,6 +414,7 @@ search_key(const char *searchkey)
fprintf(output,"SEARCH %s BEGIN\n",searchkey);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
@ -478,6 +485,51 @@ fail_all(struct keylist *keylist,int err)
}
}
#ifdef HAVE_LIBCURL
/* If there is a SRV record, take the highest ranked possibility.
This is a hack, as we don't proceed downwards. */
static void
srv_replace(void)
{
#ifdef USE_DNS_SRV
struct srventry *srvlist=NULL;
int srvcount;
if(1+strlen(opt->scheme)+6+strlen(opt->host)+1<=MAXDNAME)
{
char srvname[MAXDNAME];
strcpy(srvname,"_");
strcat(srvname,opt->scheme);
strcat(srvname,"._tcp.");
strcat(srvname,opt->host);
srvcount=getsrv(srvname,&srvlist);
}
if(srvlist)
{
char *newname,*newport;
newname=strdup(srvlist->target);
newport=malloc(MAX_PORT);
if(newname && newport)
{
free(opt->host);
free(opt->port);
opt->host=newname;
snprintf(newport,MAX_PORT,"%u",srvlist->port);
opt->port=newport;
}
else
{
free(newname);
free(newport);
}
}
#endif
}
#endif
static void
show_help (FILE *fp)
{
@ -490,7 +542,7 @@ show_help (FILE *fp)
int
main(int argc,char *argv[])
{
int arg,ret=KEYSERVER_INTERNAL_ERROR;
int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1;
char line[MAX_LINE];
int failed=0;
struct keylist *keylist=NULL,*keyptr=NULL;
@ -604,15 +656,14 @@ main(int argc,char *argv[])
}
}
}
#if 0
else if(strcasecmp(start,"try-dns-srv")==0)
{
if(no)
http_flags&=~HTTP_FLAG_TRY_SRV;
try_srv=0;
else
http_flags|=HTTP_FLAG_TRY_SRV;
try_srv=1;
}
#endif
continue;
}
}
@ -626,18 +677,15 @@ main(int argc,char *argv[])
if(ks_strcasecmp(opt->scheme,"hkps")==0)
{
proto="https://";
proto="https";
port="443";
}
else
{
proto="http://";
proto="http";
port="11371";
}
if(opt->port)
port=opt->port;
if(!opt->host)
{
fprintf(console,"gpgkeys: no keyserver host provided\n");
@ -659,6 +707,26 @@ main(int argc,char *argv[])
goto fail;
}
/* If the user gives a :port, then disable SRV. The semantics of a
specified port and SRV do not play well together. */
if(opt->port)
port=opt->port;
else if(try_srv)
{
#ifdef HAVE_LIBCURL
/* We're using libcurl, so fake SRV support via our wrapper.
This isn't as good as true SRV support, as we do not try all
possible targets at one particular level and work our way
down the list, but it's better than nothing. */
srv_replace();
#else
/* We're using our internal curl shim, so we can use its (true)
SRV support. Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real
libcurl option. It's specific to our shim. */
curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,opt->scheme);
#endif
}
curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
if(opt->auth)
@ -677,13 +745,6 @@ main(int argc,char *argv[])
if(proxy)
curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
#if 0
/* By suggested convention, if the user gives a :port, then disable
SRV. */
if(opt->port)
http_flags&=~HTTP_FLAG_TRY_SRV;
#endif
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */