security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

wks: Use unencrypted draft-1 mode for posteo.de

Browse Source 
* tools/gpg-wks-client.c (command_send): Allow sending in draft-1
mode.
--

Obviously Posteo did not implement the current draft and thus it was
not possible to send a request to them.  This hack uses the old method
for posteo.de.  Not sending it encrypted is okay here because they use
authenticated sending anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-09-12 14:32:29 +02:00
parent 7d15ee8898
commit c65a7bba73
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 81 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
tools/gpg-wks-client.c
View File

@ -349,10 +349,7 @@ get_key_status_cb (void *opaque, const char *keyword, char *args)
/* Get a key by fingerprint from gpg's keyring and make sure that the /* Get a key by fingerprint from gpg's keyring and make sure that the
* mail address ADDRSPEC is included in the key. The key is returned * mail address ADDRSPEC is included in the key. The key is returned
* as a new memory stream at R_KEY. * as a new memory stream at R_KEY. */
*
* Fixme: After we have implemented import and export filters for gpg
* this function shall only return a key with just this user id. */
static gpg_error_t static gpg_error_t
get_key (estream_t *r_key, const char *fingerprint, const char *addrspec) get_key (estream_t *r_key, const char *fingerprint, const char *addrspec)
{ {
@ -695,6 +692,8 @@ command_send (const char *fingerprint, char *userid)
char *submission_to = NULL; char *submission_to = NULL;
mime_maker_t mime = NULL; mime_maker_t mime = NULL;
struct policy_flags_s policy; struct policy_flags_s policy;
int no_encrypt = 0;
const char *domain;
memset (&policy, 0, sizeof policy); memset (&policy, 0, sizeof policy);
@ -717,6 +716,10 @@ command_send (const char *fingerprint, char *userid)
if (err) if (err)
goto leave; goto leave;
domain = strchr (addrspec, '@');
log_assert (domain);
domain++;
/* Get the submission address. */ /* Get the submission address. */
if (fake_submission_addr) if (fake_submission_addr)
{ {
@ -727,11 +730,8 @@ command_send (const char *fingerprint, char *userid)
err = wkd_get_submission_address (addrspec, &submission_to); err = wkd_get_submission_address (addrspec, &submission_to);
if (err) if (err)
{ {
char *domain = strchr (addrspec, '@'); log_error (_("error looking up submission address for domain '%s': %s\n"),
if (domain) domain, gpg_strerror (err));
domain = domain + 1;
log_error (_("looking up WKS submission address for %s: %s\n"),
domain ? domain : addrspec, gpg_strerror (err));
if (gpg_err_code (err) == GPG_ERR_NO_DATA) if (gpg_err_code (err) == GPG_ERR_NO_DATA)
log_error (_("this domain probably doesn't support WKS.\n")); log_error (_("this domain probably doesn't support WKS.\n"));
goto leave; goto leave;
@ -762,14 +762,23 @@ command_send (const char *fingerprint, char *userid)
if (policy.auth_submit) if (policy.auth_submit)
log_info ("no confirmation required for '%s'\n", addrspec); log_info ("no confirmation required for '%s'\n", addrspec);
/* Hack to support old providers. */
if (policy.auth_submit && !ascii_strcasecmp (domain, "posteo.de"))
{
log_info ("Warning: Using draft-1 method for domain '%s'\n", domain);
no_encrypt = 1;
}
/* Encrypt the key part. */ /* Encrypt the key part. */
if (!no_encrypt)
{
es_rewind (key); es_rewind (key);
err = encrypt_response (&keyenc, key, submission_to, fingerprint); err = encrypt_response (&keyenc, key, submission_to, fingerprint);
if (err) if (err)
goto leave; goto leave;
es_fclose (key); es_fclose (key);
key = NULL; key = NULL;
}
/* Send the key. */ /* Send the key. */
err = mime_maker_new (&mime, NULL); err = mime_maker_new (&mime, NULL);
@ -791,6 +800,38 @@ command_send (const char *fingerprint, char *userid)
if (err) if (err)
goto leave; goto leave;
if (no_encrypt)
{
void *data;
size_t datalen, n;
err = mime_maker_add_header (mime, "Content-type",
"application/pgp-keys");
if (err)
goto leave;
if (es_fclose_snatch (key, &data, &datalen))
{
err = gpg_error_from_syserror ();
goto leave;
}
key = NULL;
/* We need to skip over the first line which has a content-type
* header not needed here. */
for (n=0; n < datalen ; n++)
if (((const char *)data)[n] == '\n')
{
n++;
break;
}
err = mime_maker_add_body_data (mime, (char*)data + n, datalen - n);
xfree (data);
if (err)
goto leave;
}
else
{
err = mime_maker_add_header (mime, "Content-Type", err = mime_maker_add_header (mime, "Content-Type",
"multipart/encrypted; " "multipart/encrypted; "
"protocol=\"application/pgp-encrypted\""); "protocol=\"application/pgp-encrypted\"");
@ -815,6 +856,7 @@ command_send (const char *fingerprint, char *userid)
err = mime_maker_add_stream (mime, &keyenc); err = mime_maker_add_stream (mime, &keyenc);
if (err) if (err)
goto leave; goto leave;
}
err = wks_send_mime (mime); err = wks_send_mime (mime);