mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg,sm: Simplify keyserver spec parsing.
* common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
This commit is contained in:
parent
1c96f4d663
commit
bebc71d229
@ -59,7 +59,6 @@ common_sources = \
|
|||||||
shareddefs.h \
|
shareddefs.h \
|
||||||
openpgpdefs.h \
|
openpgpdefs.h \
|
||||||
gc-opt-flags.h \
|
gc-opt-flags.h \
|
||||||
keyserver.h \
|
|
||||||
sexp-parse.h \
|
sexp-parse.h \
|
||||||
tlv.c tlv.h tlv-builder.c \
|
tlv.c tlv.h tlv-builder.c \
|
||||||
init.c init.h \
|
init.c init.h \
|
||||||
|
@ -1,73 +0,0 @@
|
|||||||
/* keyserver.h - Public definitions for gpg keyserver helpers.
|
|
||||||
* Copyright (C) 2001, 2002, 2011 Free Software Foundation, Inc.
|
|
||||||
*
|
|
||||||
* This file is part of GnuPG.
|
|
||||||
*
|
|
||||||
* This file is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of either
|
|
||||||
*
|
|
||||||
* - the GNU Lesser General Public License as published by the Free
|
|
||||||
* Software Foundation; either version 3 of the License, or (at
|
|
||||||
* your option) any later version.
|
|
||||||
*
|
|
||||||
* or
|
|
||||||
*
|
|
||||||
* - the GNU General Public License as published by the Free
|
|
||||||
* Software Foundation; either version 2 of the License, or (at
|
|
||||||
* your option) any later version.
|
|
||||||
*
|
|
||||||
* or both in parallel, as here.
|
|
||||||
*
|
|
||||||
* This file is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef GNUPG_COMMON_KEYSERVER_H
|
|
||||||
#define GNUPG_COMMON_KEYSERVER_H
|
|
||||||
|
|
||||||
#define KEYSERVER_PROTO_VERSION 1
|
|
||||||
|
|
||||||
/* These are usable for return codes for the gpgkeys_ process, and
|
|
||||||
also KEY FAILED codes. */
|
|
||||||
#define KEYSERVER_OK 0 /* not an error */
|
|
||||||
#define KEYSERVER_INTERNAL_ERROR 1 /* gpgkeys_ internal error */
|
|
||||||
#define KEYSERVER_NOT_SUPPORTED 2 /* operation not supported */
|
|
||||||
#define KEYSERVER_VERSION_ERROR 3 /* VERSION mismatch */
|
|
||||||
#define KEYSERVER_GENERAL_ERROR 4 /* keyserver internal error */
|
|
||||||
#define KEYSERVER_NO_MEMORY 5 /* out of memory */
|
|
||||||
#define KEYSERVER_KEY_NOT_FOUND 6 /* key not found */
|
|
||||||
#define KEYSERVER_KEY_EXISTS 7 /* key already exists */
|
|
||||||
#define KEYSERVER_KEY_INCOMPLETE 8 /* key incomplete (EOF) */
|
|
||||||
#define KEYSERVER_UNREACHABLE 9 /* unable to contact keyserver */
|
|
||||||
|
|
||||||
/* Must be 127 due to shell internal magic. */
|
|
||||||
#define KEYSERVER_SCHEME_NOT_FOUND 127
|
|
||||||
|
|
||||||
/* Object to hold information pertaining to a keyserver; it also
|
|
||||||
allows building a list of keyservers. Note that g10/options.h has
|
|
||||||
a typedef for this. FIXME: We should make use of the
|
|
||||||
parse_uri_t. */
|
|
||||||
struct keyserver_spec
|
|
||||||
{
|
|
||||||
struct keyserver_spec *next;
|
|
||||||
char *uri;
|
|
||||||
char *scheme;
|
|
||||||
char *auth;
|
|
||||||
char *host;
|
|
||||||
char *port;
|
|
||||||
char *path;
|
|
||||||
char *opaque;
|
|
||||||
strlist_t options;
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
unsigned int direct_uri:1;
|
|
||||||
} flags;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
#endif /*GNUPG_COMMON_KEYSERVER_H*/
|
|
@ -1957,10 +1957,7 @@ keys on. The format of the @var{name} is a URI:
|
|||||||
"hkp"/"hkps" for the HTTP (or compatible) keyservers or "ldap"/"ldaps"
|
"hkp"/"hkps" for the HTTP (or compatible) keyservers or "ldap"/"ldaps"
|
||||||
for the LDAP keyservers. Note that your particular installation of
|
for the LDAP keyservers. Note that your particular installation of
|
||||||
GnuPG may have other keyserver types available as well. Keyserver
|
GnuPG may have other keyserver types available as well. Keyserver
|
||||||
schemes are case-insensitive. After the keyserver name, optional
|
schemes are case-insensitive.
|
||||||
keyserver configuration options may be provided. These are the same as
|
|
||||||
the global @option{--keyserver-options} from below, but apply only to
|
|
||||||
this particular keyserver.
|
|
||||||
|
|
||||||
Most keyservers synchronize with each other, so there is generally no
|
Most keyservers synchronize with each other, so there is generally no
|
||||||
need to send keys to more than one server. The keyserver
|
need to send keys to more than one server. The keyserver
|
||||||
|
@ -36,7 +36,6 @@
|
|||||||
#include "options.h"
|
#include "options.h"
|
||||||
#include "../common/i18n.h"
|
#include "../common/i18n.h"
|
||||||
#include "../common/asshelp.h"
|
#include "../common/asshelp.h"
|
||||||
#include "../common/keyserver.h"
|
|
||||||
#include "../common/status.h"
|
#include "../common/status.h"
|
||||||
#include "keyserver-internal.h"
|
#include "keyserver-internal.h"
|
||||||
#include "call-dirmngr.h"
|
#include "call-dirmngr.h"
|
||||||
|
@ -21,7 +21,6 @@
|
|||||||
#define _KEYSERVER_INTERNAL_H_
|
#define _KEYSERVER_INTERNAL_H_
|
||||||
|
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include "../common/keyserver.h"
|
|
||||||
#include "../common/iobuf.h"
|
#include "../common/iobuf.h"
|
||||||
#include "../common/types.h"
|
#include "../common/types.h"
|
||||||
|
|
||||||
|
287
g10/keyserver.c
287
g10/keyserver.c
@ -183,37 +183,17 @@ void
|
|||||||
free_keyserver_spec(struct keyserver_spec *keyserver)
|
free_keyserver_spec(struct keyserver_spec *keyserver)
|
||||||
{
|
{
|
||||||
xfree(keyserver->uri);
|
xfree(keyserver->uri);
|
||||||
xfree(keyserver->scheme);
|
|
||||||
xfree(keyserver->auth);
|
|
||||||
xfree(keyserver->host);
|
|
||||||
xfree(keyserver->port);
|
|
||||||
xfree(keyserver->path);
|
|
||||||
xfree(keyserver->opaque);
|
|
||||||
free_strlist(keyserver->options);
|
|
||||||
xfree(keyserver);
|
xfree(keyserver);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Return 0 for match */
|
/* Return 0 for match */
|
||||||
static int
|
static int
|
||||||
cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
|
cmp_keyserver_spec(struct keyserver_spec *one, struct keyserver_spec *two)
|
||||||
{
|
{
|
||||||
if(ascii_strcasecmp(one->scheme,two->scheme)==0)
|
return !!ascii_strcasecmp(one->uri, two->uri);
|
||||||
{
|
|
||||||
if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
|
|
||||||
{
|
|
||||||
if((one->port && two->port
|
|
||||||
&& ascii_strcasecmp(one->port,two->port)==0)
|
|
||||||
|| (!one->port && !two->port))
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
else if(one->opaque && two->opaque
|
|
||||||
&& ascii_strcasecmp(one->opaque,two->opaque)==0)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Try and match one of our keyservers. If we can, return that. If
|
/* Try and match one of our keyservers. If we can, return that. If
|
||||||
we can't, return our input. */
|
we can't, return our input. */
|
||||||
struct keyserver_spec *
|
struct keyserver_spec *
|
||||||
@ -228,40 +208,24 @@ keyserver_match(struct keyserver_spec *spec)
|
|||||||
return spec;
|
return spec;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TODO: once we cut over to an all-curl world, we don't need this
|
|
||||||
parser any longer so it can be removed, or at least moved to
|
|
||||||
keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
|
|
||||||
|
|
||||||
|
/* Create a new keyserver object from STRING. Unless REQUIRE_SCHEME
|
||||||
|
* is set a missing scheme is replaced by "hkp://". The data structure
|
||||||
|
* could be much easier but in the past we parsed the URI here for the
|
||||||
|
* old 2.0 keyserver helpers - which is not anymore needed. */
|
||||||
keyserver_spec_t
|
keyserver_spec_t
|
||||||
parse_keyserver_uri (const char *string,int require_scheme)
|
parse_keyserver_uri (const char *string, int require_scheme)
|
||||||
{
|
{
|
||||||
int assume_hkp=0;
|
|
||||||
struct keyserver_spec *keyserver;
|
struct keyserver_spec *keyserver;
|
||||||
const char *idx;
|
const char *idx;
|
||||||
int count;
|
int count;
|
||||||
char *uri, *duped_uri, *options;
|
|
||||||
|
|
||||||
log_assert (string);
|
log_assert (string);
|
||||||
|
|
||||||
keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
|
keyserver = xcalloc (1, sizeof *keyserver);
|
||||||
|
|
||||||
duped_uri = uri = xstrdup (string);
|
|
||||||
|
|
||||||
options=strchr(uri,' ');
|
|
||||||
if(options)
|
|
||||||
{
|
|
||||||
char *tok;
|
|
||||||
|
|
||||||
*options='\0';
|
|
||||||
options++;
|
|
||||||
|
|
||||||
while((tok=optsep(&options)))
|
|
||||||
warn_kshelper_option (tok, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Get the scheme */
|
/* Get the scheme */
|
||||||
|
for(idx=string, count=0; *idx && *idx!=':';idx++)
|
||||||
for(idx=uri,count=0;*idx && *idx!=':';idx++)
|
|
||||||
{
|
{
|
||||||
count++;
|
count++;
|
||||||
|
|
||||||
@ -287,162 +251,21 @@ parse_keyserver_uri (const char *string,int require_scheme)
|
|||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* Assume HKP if there is no scheme */
|
/* Assume HKP if there is no scheme */
|
||||||
assume_hkp=1;
|
keyserver->uri = xstrconcat ("hkp://", string, NULL);
|
||||||
keyserver->scheme=xstrdup("hkp");
|
|
||||||
|
|
||||||
keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
|
|
||||||
strcpy(keyserver->uri,keyserver->scheme);
|
|
||||||
strcat(keyserver->uri,"://");
|
|
||||||
strcat(keyserver->uri,uri);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
int i;
|
keyserver->uri = xstrdup (string);
|
||||||
|
|
||||||
keyserver->uri=xstrdup(uri);
|
|
||||||
|
|
||||||
keyserver->scheme=xmalloc(count+1);
|
|
||||||
|
|
||||||
/* Force to lowercase */
|
|
||||||
for(i=0;i<count;i++)
|
|
||||||
keyserver->scheme[i]=ascii_tolower(uri[i]);
|
|
||||||
|
|
||||||
keyserver->scheme[i]='\0';
|
|
||||||
|
|
||||||
/* Skip past the scheme and colon */
|
|
||||||
uri+=count+1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
|
|
||||||
{
|
|
||||||
log_info ("keyserver option '%s' is obsolete\n",
|
|
||||||
"x-broken-hkp");
|
|
||||||
}
|
|
||||||
else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
|
|
||||||
{
|
|
||||||
/* Canonicalize this to "hkp" so it works with both the internal
|
|
||||||
and external keyserver interface. */
|
|
||||||
xfree(keyserver->scheme);
|
|
||||||
keyserver->scheme=xstrdup("hkp");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
|
|
||||||
{
|
|
||||||
/* Three slashes means network path with a default host name.
|
|
||||||
This is a hack because it does not crok all possible
|
|
||||||
combinations. We should better replace all code by the parser
|
|
||||||
from http.c. */
|
|
||||||
keyserver->path = xstrdup (uri+2);
|
|
||||||
}
|
|
||||||
else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
|
|
||||||
{
|
|
||||||
/* Two slashes means network path. */
|
|
||||||
|
|
||||||
/* Skip over the "//", if any */
|
|
||||||
if(!assume_hkp)
|
|
||||||
uri+=2;
|
|
||||||
|
|
||||||
/* Do we have userinfo auth data present? */
|
|
||||||
for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
|
|
||||||
count++;
|
|
||||||
|
|
||||||
/* We found a @ before the slash, so that means everything
|
|
||||||
before the @ is auth data. */
|
|
||||||
if(*idx=='@')
|
|
||||||
{
|
|
||||||
if(count==0)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
keyserver->auth=xmalloc(count+1);
|
|
||||||
strncpy(keyserver->auth,uri,count);
|
|
||||||
keyserver->auth[count]='\0';
|
|
||||||
uri+=count+1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Is it an RFC-2732 ipv6 [literal address] ? */
|
|
||||||
if(*uri=='[')
|
|
||||||
{
|
|
||||||
for(idx=uri+1,count=1;*idx
|
|
||||||
&& ((isascii (*idx) && isxdigit(*idx))
|
|
||||||
|| *idx==':' || *idx=='.');idx++)
|
|
||||||
count++;
|
|
||||||
|
|
||||||
/* Is the ipv6 literal address terminated? */
|
|
||||||
if(*idx==']')
|
|
||||||
count++;
|
|
||||||
else
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
|
|
||||||
count++;
|
|
||||||
|
|
||||||
if(count==0)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
keyserver->host=xmalloc(count+1);
|
|
||||||
strncpy(keyserver->host,uri,count);
|
|
||||||
keyserver->host[count]='\0';
|
|
||||||
|
|
||||||
/* Skip past the host */
|
|
||||||
uri+=count;
|
|
||||||
|
|
||||||
if(*uri==':')
|
|
||||||
{
|
|
||||||
/* It would seem to be reasonable to limit the range of the
|
|
||||||
ports to values between 1-65535, but RFC 1738 and 1808
|
|
||||||
imply there is no limit. Of course, the real world has
|
|
||||||
limits. */
|
|
||||||
|
|
||||||
for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
|
|
||||||
{
|
|
||||||
count++;
|
|
||||||
|
|
||||||
/* Ports are digits only */
|
|
||||||
if(!digitp(idx))
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
keyserver->port=xmalloc(count+1);
|
|
||||||
strncpy(keyserver->port,uri+1,count);
|
|
||||||
keyserver->port[count]='\0';
|
|
||||||
|
|
||||||
/* Skip past the colon and port number */
|
|
||||||
uri+=1+count;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Everything else is the path */
|
|
||||||
if(*uri)
|
|
||||||
keyserver->path=xstrdup(uri);
|
|
||||||
else
|
|
||||||
keyserver->path=xstrdup("/");
|
|
||||||
|
|
||||||
if(keyserver->path[1])
|
|
||||||
keyserver->flags.direct_uri=1;
|
|
||||||
}
|
|
||||||
else if(uri[0]!='/')
|
|
||||||
{
|
|
||||||
/* No slash means opaque. Just record the opaque blob and get
|
|
||||||
out. */
|
|
||||||
keyserver->opaque=xstrdup(uri);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
/* One slash means absolute path. We don't need to support that
|
|
||||||
yet. */
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
xfree (duped_uri);
|
|
||||||
return keyserver;
|
return keyserver;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
free_keyserver_spec(keyserver);
|
free_keyserver_spec(keyserver);
|
||||||
|
|
||||||
xfree (duped_uri);
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
struct keyserver_spec *
|
struct keyserver_spec *
|
||||||
parse_preferred_keyserver(PKT_signature *sig)
|
parse_preferred_keyserver(PKT_signature *sig)
|
||||||
{
|
{
|
||||||
@ -1204,7 +1027,7 @@ keyserver_import_keyid (ctrl_t ctrl,
|
|||||||
/* code mostly stolen from do_export_stream */
|
/* code mostly stolen from do_export_stream */
|
||||||
static int
|
static int
|
||||||
keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
|
keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
|
||||||
int *count, int fakev3)
|
int *count)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
int num = 100;
|
int num = 100;
|
||||||
@ -1269,28 +1092,6 @@ keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
|
|||||||
|
|
||||||
if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
|
if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
|
||||||
{
|
{
|
||||||
/* This is to work around a bug in some keyservers (pksd and
|
|
||||||
OKS) that calculate v4 RSA keyids as if they were v3 RSA.
|
|
||||||
The answer is to refresh both the correct v4 keyid
|
|
||||||
(e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
|
|
||||||
This only happens for key refresh using the HKP scheme
|
|
||||||
and if the refresh-add-fake-v3-keyids keyserver option is
|
|
||||||
set. */
|
|
||||||
if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
|
|
||||||
node->pkt->pkt.public_key->version>=4)
|
|
||||||
{
|
|
||||||
(*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
|
|
||||||
v3_keyid (node->pkt->pkt.public_key->pkey[0],
|
|
||||||
(*klist)[*count].u.kid);
|
|
||||||
(*count)++;
|
|
||||||
|
|
||||||
if(*count==num)
|
|
||||||
{
|
|
||||||
num+=100;
|
|
||||||
*klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* v4 keys get full fingerprints. v3 keys get long keyids.
|
/* v4 keys get full fingerprints. v3 keys get long keyids.
|
||||||
This is because it's easy to calculate any sort of keyid
|
This is because it's easy to calculate any sort of keyid
|
||||||
from a v4 fingerprint, but not a v3 fingerprint. */
|
from a v4 fingerprint, but not a v3 fingerprint. */
|
||||||
@ -1382,7 +1183,6 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
|||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
int count, numdesc;
|
int count, numdesc;
|
||||||
int fakev3 = 0;
|
|
||||||
KEYDB_SEARCH_DESC *desc;
|
KEYDB_SEARCH_DESC *desc;
|
||||||
unsigned int options=opt.keyserver_options.import_options;
|
unsigned int options=opt.keyserver_options.import_options;
|
||||||
|
|
||||||
@ -1396,19 +1196,8 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
|||||||
the end here. */
|
the end here. */
|
||||||
opt.keyserver_options.import_options|=IMPORT_FAST;
|
opt.keyserver_options.import_options|=IMPORT_FAST;
|
||||||
|
|
||||||
/* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
|
|
||||||
scheme, then enable fake v3 keyid generation. Note that this
|
|
||||||
works only with a keyserver configured. gpg.conf
|
|
||||||
(i.e. opt.keyserver); however that method of configuring a
|
|
||||||
keyserver is deprecated and in any case it is questionable
|
|
||||||
whether we should keep on supporting these ancient and broken
|
|
||||||
keyservers. */
|
|
||||||
if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
|
|
||||||
&& (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
|
|
||||||
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
|
|
||||||
fakev3=1;
|
|
||||||
|
|
||||||
err = keyidlist (ctrl, users, &desc, &numdesc, fakev3);
|
err = keyidlist (ctrl, users, &desc, &numdesc);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
@ -1495,16 +1284,6 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
|
|||||||
if (!tokens)
|
if (!tokens)
|
||||||
return 0; /* Return success if no patterns are given. */
|
return 0; /* Return success if no patterns are given. */
|
||||||
|
|
||||||
/* Write global options */
|
|
||||||
|
|
||||||
/* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
|
|
||||||
/* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
|
|
||||||
|
|
||||||
/* Write per-keyserver options */
|
|
||||||
|
|
||||||
/* for(temp=keyserver->options;temp;temp=temp->next) */
|
|
||||||
/* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
|
|
||||||
|
|
||||||
{
|
{
|
||||||
membuf_t mb;
|
membuf_t mb;
|
||||||
strlist_t item;
|
strlist_t item;
|
||||||
@ -1524,8 +1303,6 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* FIXME: Enable the next line */
|
|
||||||
/* log_info (_("searching for \"%s\" from %s\n"), searchstr, keyserver->uri); */
|
|
||||||
|
|
||||||
parm.ctrl = ctrl;
|
parm.ctrl = ctrl;
|
||||||
if (searchstr)
|
if (searchstr)
|
||||||
@ -1547,31 +1324,6 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
|
|||||||
else if (err)
|
else if (err)
|
||||||
log_error ("error searching keyserver: %s\n", gpg_strerror (err));
|
log_error ("error searching keyserver: %s\n", gpg_strerror (err));
|
||||||
|
|
||||||
/* switch(ret) */
|
|
||||||
/* { */
|
|
||||||
/* case KEYSERVER_SCHEME_NOT_FOUND: */
|
|
||||||
/* log_error(_("no handler for keyserver scheme '%s'\n"), */
|
|
||||||
/* opt.keyserver->scheme); */
|
|
||||||
/* break; */
|
|
||||||
|
|
||||||
/* case KEYSERVER_NOT_SUPPORTED: */
|
|
||||||
/* log_error(_("action '%s' not supported with keyserver " */
|
|
||||||
/* "scheme '%s'\n"), "search", opt.keyserver->scheme); */
|
|
||||||
/* break; */
|
|
||||||
|
|
||||||
/* case KEYSERVER_TIMEOUT: */
|
|
||||||
/* log_error(_("keyserver timed out\n")); */
|
|
||||||
/* break; */
|
|
||||||
|
|
||||||
/* case KEYSERVER_INTERNAL_ERROR: */
|
|
||||||
/* default: */
|
|
||||||
/* log_error(_("keyserver internal error\n")); */
|
|
||||||
/* break; */
|
|
||||||
/* } */
|
|
||||||
|
|
||||||
/* return gpg_error (GPG_ERR_KEYSERVER); */
|
|
||||||
|
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
xfree (parm.desc);
|
xfree (parm.desc);
|
||||||
xfree (parm.searchstr_disp);
|
xfree (parm.searchstr_disp);
|
||||||
@ -1726,13 +1478,8 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
|
|||||||
|
|
||||||
if (!quiet && override_keyserver)
|
if (!quiet && override_keyserver)
|
||||||
{
|
{
|
||||||
if (override_keyserver->host)
|
log_info (_("requesting key %s from %s\n"),
|
||||||
log_info (_("requesting key %s from %s server %s\n"),
|
keystr_from_desc (&desc[idx]), override_keyserver->uri);
|
||||||
keystr_from_desc (&desc[idx]),
|
|
||||||
override_keyserver->scheme, override_keyserver->host);
|
|
||||||
else
|
|
||||||
log_info (_("requesting key %s from %s\n"),
|
|
||||||
keystr_from_desc (&desc[idx]), override_keyserver->uri);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -31,9 +31,14 @@
|
|||||||
#include "../common/compliance.h"
|
#include "../common/compliance.h"
|
||||||
|
|
||||||
|
|
||||||
/* Declaration of a keyserver spec type. The definition is found in
|
/* Object to hold information pertaining to a keyserver; it also
|
||||||
../common/keyserver.h. */
|
allows building a list of keyservers. For historic reasons this is
|
||||||
struct keyserver_spec;
|
not a strlist_t. */
|
||||||
|
struct keyserver_spec
|
||||||
|
{
|
||||||
|
struct keyserver_spec *next;
|
||||||
|
char *uri;
|
||||||
|
};
|
||||||
typedef struct keyserver_spec *keyserver_spec_t;
|
typedef struct keyserver_spec *keyserver_spec_t;
|
||||||
|
|
||||||
|
|
||||||
|
@ -167,7 +167,7 @@ warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
|
|||||||
static void
|
static void
|
||||||
prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
|
prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
|
||||||
{
|
{
|
||||||
struct keyserver_spec *server;
|
strlist_t server;
|
||||||
|
|
||||||
if (!err)
|
if (!err)
|
||||||
err = warn_version_mismatch (ctrl, ctx, DIRMNGR_NAME, 0);
|
err = warn_version_mismatch (ctrl, ctx, DIRMNGR_NAME, 0);
|
||||||
@ -188,13 +188,13 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
|
|||||||
while (server)
|
while (server)
|
||||||
{
|
{
|
||||||
char line[ASSUAN_LINELENGTH];
|
char line[ASSUAN_LINELENGTH];
|
||||||
char *user = server->user ? server->user : "";
|
|
||||||
char *pass = server->pass ? server->pass : "";
|
|
||||||
char *base = server->base ? server->base : "";
|
|
||||||
|
|
||||||
snprintf (line, DIM (line), "LDAPSERVER %s:%i:%s:%s:%s:%s",
|
/* If the host is "ldap" we prefix the entire line with "ldap:"
|
||||||
server->host, server->port, user, pass, base,
|
* to avoid an ambiguity on the server due to the introduction
|
||||||
server->use_ldaps? "ldaps":"");
|
* of this optional prefix. */
|
||||||
|
snprintf (line, DIM (line), "LDAPSERVER %s%s",
|
||||||
|
!strncmp (server->d, "ldap:", 5)? "ldap:":"",
|
||||||
|
server->d);
|
||||||
|
|
||||||
assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||||||
/* The code below is not required because we don't return an error. */
|
/* The code below is not required because we don't return an error. */
|
||||||
|
145
sm/gpgsm.c
145
sm/gpgsm.c
@ -840,133 +840,6 @@ parse_validation_model (const char *model)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Release the list of SERVERS. As usual it is okay to call this
|
|
||||||
function with SERVERS passed as NULL. */
|
|
||||||
void
|
|
||||||
keyserver_list_free (struct keyserver_spec *servers)
|
|
||||||
{
|
|
||||||
while (servers)
|
|
||||||
{
|
|
||||||
struct keyserver_spec *tmp = servers->next;
|
|
||||||
xfree (servers->host);
|
|
||||||
xfree (servers->user);
|
|
||||||
if (servers->pass)
|
|
||||||
memset (servers->pass, 0, strlen (servers->pass));
|
|
||||||
xfree (servers->pass);
|
|
||||||
xfree (servers->base);
|
|
||||||
xfree (servers);
|
|
||||||
servers = tmp;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* See also dirmngr ldapserver_parse_one(). */
|
|
||||||
struct keyserver_spec *
|
|
||||||
parse_keyserver_line (char *line,
|
|
||||||
const char *filename, unsigned int lineno)
|
|
||||||
{
|
|
||||||
char *p;
|
|
||||||
char *endp;
|
|
||||||
const char *s;
|
|
||||||
struct keyserver_spec *server;
|
|
||||||
int fieldno;
|
|
||||||
int fail = 0;
|
|
||||||
int i;
|
|
||||||
|
|
||||||
if (!filename)
|
|
||||||
{
|
|
||||||
filename = "[cmd]";
|
|
||||||
lineno = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Parse the colon separated fields. */
|
|
||||||
server = xcalloc (1, sizeof *server);
|
|
||||||
for (fieldno = 1, p = line; p; p = endp, fieldno++ )
|
|
||||||
{
|
|
||||||
endp = strchr (p, ':');
|
|
||||||
if (endp)
|
|
||||||
*endp++ = '\0';
|
|
||||||
trim_spaces (p);
|
|
||||||
switch (fieldno)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
if (*p)
|
|
||||||
server->host = xstrdup (p);
|
|
||||||
else
|
|
||||||
{
|
|
||||||
log_error (_("%s:%u: no hostname given\n"),
|
|
||||||
filename, lineno);
|
|
||||||
fail = 1;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 2:
|
|
||||||
if (*p)
|
|
||||||
server->port = atoi (p);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 3:
|
|
||||||
if (*p)
|
|
||||||
server->user = xstrdup (p);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 4:
|
|
||||||
if (*p && !server->user)
|
|
||||||
{
|
|
||||||
log_error (_("%s:%u: password given without user\n"),
|
|
||||||
filename, lineno);
|
|
||||||
fail = 1;
|
|
||||||
}
|
|
||||||
else if (*p)
|
|
||||||
server->pass = xstrdup (p);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 5:
|
|
||||||
if (*p)
|
|
||||||
server->base = xstrdup (p);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 6:
|
|
||||||
{
|
|
||||||
char **flags = NULL;
|
|
||||||
|
|
||||||
flags = strtokenize (p, ",");
|
|
||||||
if (!flags)
|
|
||||||
log_fatal ("strtokenize failed: %s\n",
|
|
||||||
gpg_strerror (gpg_error_from_syserror ()));
|
|
||||||
|
|
||||||
for (i=0; (s = flags[i]); i++)
|
|
||||||
{
|
|
||||||
if (!*s)
|
|
||||||
;
|
|
||||||
else if (!ascii_strcasecmp (s, "ldaps"))
|
|
||||||
server->use_ldaps = 1;
|
|
||||||
else if (!ascii_strcasecmp (s, "ldap"))
|
|
||||||
server->use_ldaps = 0;
|
|
||||||
else
|
|
||||||
log_info (_("%s:%u: ignoring unknown flag '%s'\n"),
|
|
||||||
filename, lineno, s);
|
|
||||||
}
|
|
||||||
|
|
||||||
xfree (flags);
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
/* (We silently ignore extra fields.) */
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (fail)
|
|
||||||
{
|
|
||||||
log_info (_("%s:%u: skipping this line\n"), filename, lineno);
|
|
||||||
keyserver_list_free (server);
|
|
||||||
server = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return server;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
main ( int argc, char **argv)
|
main ( int argc, char **argv)
|
||||||
@ -1541,21 +1414,7 @@ main ( int argc, char **argv)
|
|||||||
case oValidationModel: parse_validation_model (pargs.r.ret_str); break;
|
case oValidationModel: parse_validation_model (pargs.r.ret_str); break;
|
||||||
|
|
||||||
case oKeyServer:
|
case oKeyServer:
|
||||||
{
|
append_to_strlist (&opt.keyserver, pargs.r.ret_str);
|
||||||
struct keyserver_spec *keyserver;
|
|
||||||
keyserver = parse_keyserver_line (pargs.r.ret_str,
|
|
||||||
configname, pargs.lineno);
|
|
||||||
if (! keyserver)
|
|
||||||
log_error (_("could not parse keyserver\n"));
|
|
||||||
else
|
|
||||||
{
|
|
||||||
/* FIXME: Keep last next pointer. */
|
|
||||||
struct keyserver_spec **next_p = &opt.keyserver;
|
|
||||||
while (*next_p)
|
|
||||||
next_p = &(*next_p)->next;
|
|
||||||
*next_p = keyserver;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case oIgnoreCertExtension:
|
case oIgnoreCertExtension:
|
||||||
@ -2285,7 +2144,7 @@ main ( int argc, char **argv)
|
|||||||
|
|
||||||
/* cleanup */
|
/* cleanup */
|
||||||
gpgsm_deinit_default_ctrl (&ctrl);
|
gpgsm_deinit_default_ctrl (&ctrl);
|
||||||
keyserver_list_free (opt.keyserver);
|
free_strlist (opt.keyserver);
|
||||||
opt.keyserver = NULL;
|
opt.keyserver = NULL;
|
||||||
gpgsm_release_certlist (recplist);
|
gpgsm_release_certlist (recplist);
|
||||||
gpgsm_release_certlist (signerlist);
|
gpgsm_release_certlist (signerlist);
|
||||||
|
15
sm/gpgsm.h
15
sm/gpgsm.h
@ -45,19 +45,6 @@
|
|||||||
#define MAX_DIGEST_LEN 64 /* Fits for SHA-512 */
|
#define MAX_DIGEST_LEN 64 /* Fits for SHA-512 */
|
||||||
|
|
||||||
|
|
||||||
struct keyserver_spec
|
|
||||||
{
|
|
||||||
struct keyserver_spec *next;
|
|
||||||
|
|
||||||
char *host;
|
|
||||||
int port;
|
|
||||||
char *user;
|
|
||||||
char *pass;
|
|
||||||
char *base;
|
|
||||||
unsigned int use_ldaps:1;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
/* A large struct named "opt" to keep global flags. */
|
/* A large struct named "opt" to keep global flags. */
|
||||||
EXTERN_UNLESS_MAIN_MODULE
|
EXTERN_UNLESS_MAIN_MODULE
|
||||||
struct
|
struct
|
||||||
@ -155,7 +142,7 @@ struct
|
|||||||
the integrity of the software at
|
the integrity of the software at
|
||||||
runtime. */
|
runtime. */
|
||||||
|
|
||||||
struct keyserver_spec *keyserver;
|
strlist_t keyserver;
|
||||||
|
|
||||||
/* A list of certificate extension OIDs which are ignored so that
|
/* A list of certificate extension OIDs which are ignored so that
|
||||||
one can claim that a critical extension has been handled. One
|
one can claim that a critical extension has been handled. One
|
||||||
|
Loading…
x
Reference in New Issue
Block a user