wks: Publish as binary file.

* tools/gpg-wks-server.c (copy_key_as_binary): New. (check_and_publish): Use new function instead of rename. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2024-12-22 10:19:57 +01:00 · 2016-07-15 17:20:43 +02:00 · 2016-07-15 17:20:43 +02:00 · b7b37716b9
commit b7b37716b9
parent c49c43d7e4
2 changed files with 76 additions and 3 deletions
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@ -698,7 +698,10 @@ process_confirmation_request (estream_t msg)
    }
  address = value;
  /* FIXME: Check that the "address" matches the User ID we want to
-   * publish.  */
+   * publish.  Also get the "fingerprint" and compare that to our to
+   * be published key.  Further we should make sure that we actually
+   * decrypted using that fingerprint (which is a bit problematic if
+   * --read is used). */

  /* Get the sender.  */
  if (!((item = nvc_lookup (nvc, "sender:")) && (value = nve_value (item))
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@ -506,6 +506,75 @@ list_key (server_ctx_t ctx, estream_t key)
 }


+/* Take the key in KEYFILE and write it to OUTFILE in binary encoding.
+ * If ADDRSPEC is given only matching user IDs are included in the
+ * output.  */
+static gpg_error_t
+copy_key_as_binary (const char *keyfile, const char *outfile,
+                    const char *addrspec)
+{
+  gpg_error_t err;
+  ccparray_t ccp;
+  const char **argv;
+  char *filterexp = NULL;
+
+  if (addrspec)
+    {
+      filterexp = es_bsprintf ("keep-uid=mbox = %s", addrspec);
+      if (!filterexp)
+        {
+          err = gpg_error_from_syserror ();
+          log_error ("error allocating memory buffer: %s\n",
+                     gpg_strerror (err));
+          goto leave;
+        }
+    }
+
+  ccparray_init (&ccp, 0);
+
+  ccparray_put (&ccp, "--no-options");
+  if (!opt.verbose)
+    ccparray_put (&ccp, "--quiet");
+  else if (opt.verbose > 1)
+    ccparray_put (&ccp, "--verbose");
+  ccparray_put (&ccp, "--batch");
+  ccparray_put (&ccp, "--yes");
+  ccparray_put (&ccp, "--always-trust");
+  ccparray_put (&ccp, "--no-keyring");
+  ccparray_put (&ccp, "--output");
+  ccparray_put (&ccp, outfile);
+  ccparray_put (&ccp, "--import-options=import-export");
+  if (filterexp)
+    {
+      ccparray_put (&ccp, "--import-filter");
+      ccparray_put (&ccp, filterexp);
+    }
+  ccparray_put (&ccp, "--import");
+  ccparray_put (&ccp, "--");
+  ccparray_put (&ccp, keyfile);
+
+  ccparray_put (&ccp, NULL);
+  argv = ccparray_get (&ccp, NULL);
+  if (!argv)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  err = gnupg_exec_tool_stream (opt.gpg_program, argv, NULL,
+                                NULL, NULL, NULL, NULL);
+  if (err)
+    {
+      log_error ("%s failed: %s\n", __func__, gpg_strerror (err));
+      goto leave;
+    }
+
+ leave:
+  xfree (filterexp);
+  xfree (argv);
+  return err;
+}
+
+
 /* Take the key in KEYFILE and write it to DANEFILE using the DANE
 * output format. */
 static gpg_error_t
@ -1091,10 +1160,11 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
    }

  /* Publish.  */
-  if (rename (fname, fnewname))
+  err = copy_key_as_binary (fname, fnewname, address);
+  if (err)
    {
      err = gpg_error_from_syserror ();
-      log_error ("renaming '%s' to '%s' failed: %s\n",
+      log_error ("copying '%s' to '%s' failed: %s\n",
                 fname, fnewname, gpg_strerror (err));
      goto leave;
    }