security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-12 23:01:14 +01:00
Code Activity

* gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using

Browse Source 
parse_ks_options and remove a lot of common code.

* ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default
debug with no arguments to 1.
This commit is contained in:
David Shaw 2005-03-17 16:42:41 +00:00
parent 166876a9fd
commit efa0dd21a2
6 changed files with 253 additions and 478 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
keyserver/ChangeLog
View File

@ -1,3 +1,11 @@
2005-03-17 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using
parse_ks_options and remove a lot of common code.
* ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default
debug with no arguments to 1.
2005-03-16 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c: Include lber.h if configure determines we need

200
keyserver/gpgkeys_curl.c
View File

@ -38,16 +38,10 @@
extern char *optarg;
extern int optind;
static int verbose=0;
static char scheme[MAX_SCHEME+1];
static char auth[MAX_AUTH+1];
static char host[MAX_HOST+1];
static char port[MAX_PORT+1];
static char path[URLMAX_PATH+1];
static char proxy[MAX_PROXY+1];
static FILE *input, *output, *console;
static FILE *input,*output,*console;
static CURL *curl;
static char request[MAX_URL];
static struct ks_options *opt;
static int
curl_err_to_gpg_err(CURLcode error)
@ -115,14 +109,18 @@ get_key(char *getkey)
{
CURLcode res;
char errorbuffer[CURL_ERROR_SIZE];
char request[MAX_URL];
if(strncmp(getkey,"0x",2)==0)
getkey+=2;
fprintf(output,"KEY 0x%s BEGIN\n",getkey);
sprintf(request,"%s://%s%s%s%s%s%s%s",scheme,auth[0]?auth:"",auth[0]?"@":"",
host,port[0]?":":"",port[0]?port:"",path[0]?"":"/",path);
sprintf(request,"%s://%s%s%s%s%s%s",opt->scheme,
opt->auth?opt->auth:"",
opt->auth?"@":"",opt->host,
opt->port?":":"",opt->port?opt->port:"",
opt->path?opt->path:"/");
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,writer);
@ -132,7 +130,7 @@ get_key(char *getkey)
res=curl_easy_perform(curl);
if(res!=0)
{
fprintf(console,"gpgkeys: %s fetch error %d: %s\n",scheme,
fprintf(console,"gpgkeys: %s fetch error %d: %s\n",opt->scheme,
res,errorbuffer);
fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
}
@ -153,12 +151,10 @@ show_help (FILE *fp)
int
main(int argc,char *argv[])
{
int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
int arg,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE];
char *thekey=NULL;
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
long follow_redirects=5,debug=0,check_cert=1;
char *ca_cert_file=NULL;
long follow_redirects=5;
console=stderr;
@ -215,72 +211,29 @@ main(int argc,char *argv[])
if(output==NULL)
output=stdout;
opt=init_ks_options();
if(!opt)
return KEYSERVER_NO_MEMORY;
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
int version;
char command[MAX_COMMAND+1];
int err;
char option[MAX_OPTION+1];
char hash;
if(line[0]=='\n')
break;
if(sscanf(line,"%c",&hash)==1 && hash=='#')
err=parse_ks_options(line,opt);
if(err>0)
{
ret=err;
goto fail;
}
else if(err==0)
continue;
if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
{
command[MAX_COMMAND]='\0';
if(strcasecmp(command,"get")==0)
action=GET;
continue;
}
if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
{
scheme[MAX_SCHEME]='\0';
continue;
}
if(sscanf(line,"AUTH %" MKSTRING(MAX_AUTH) "s\n",auth)==1)
{
auth[MAX_AUTH]='\0';
continue;
}
if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
{
host[MAX_HOST]='\0';
continue;
}
if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",port)==1)
{
port[MAX_PORT]='\0';
continue;
}
if(sscanf(line,"PATH %" MKSTRING(URLMAX_PATH) "s\n",path)==1)
{
path[URLMAX_PATH]='\0';
continue;
}
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
{
ret=KEYSERVER_VERSION_ERROR;
goto fail;
}
continue;
}
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
{
int no=0;
@ -294,14 +247,7 @@ main(int argc,char *argv[])
start=&option[3];
}
if(strcasecmp(start,"verbose")==0)
{
if(no)
verbose--;
else
verbose++;
}
else if(strncasecmp(start,"http-proxy",10)==0)
if(strncasecmp(start,"http-proxy",10)==0)
{
if(no)
proxy[0]='\0';
@ -311,15 +257,6 @@ main(int argc,char *argv[])
proxy[MAX_PROXY]='\0';
}
}
else if(strncasecmp(start,"timeout",7)==0)
{
if(no)
timeout=0;
else if(start[7]=='=')
timeout=atoi(&start[8]);
else if(start[7]=='\0')
timeout=DEFAULT_KEYSERVER_TIMEOUT;
}
else if(strncasecmp(start,"follow-redirects",16)==0)
{
if(no)
@ -329,75 +266,46 @@ main(int argc,char *argv[])
else if(start[16]=='\0')
follow_redirects=-1;
}
else if(strncasecmp(start,"debug",5)==0)
{
if(no)
debug=0;
else if(start[5]=='=')
debug=atoi(&start[6]);
else if(start[5]=='\0')
debug=1;
}
else if(strcasecmp(start,"check-cert")==0)
{
if(no)
check_cert=0;
else
check_cert=1;
}
else if(strncasecmp(start,"ca-cert-file",12)==0)
{
if(no)
{
free(ca_cert_file);
ca_cert_file=NULL;
}
else if(start[12]=='=')
{
free(ca_cert_file);
ca_cert_file=strdup(&start[13]);
if(!ca_cert_file)
{
fprintf(console,"gpgkeys: out of memory while creating "
"ca_cert_file\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
}
}
continue;
}
}
if(scheme[0]=='\0')
if(!opt->scheme)
{
fprintf(console,"gpgkeys: no scheme supplied!\n");
return KEYSERVER_SCHEME_NOT_FOUND;
ret=KEYSERVER_SCHEME_NOT_FOUND;
goto fail;
}
#ifdef HTTP_VIA_LIBCURL
else if(strcasecmp(scheme,"http")==0)
else if(strcasecmp(opt->scheme,"http")==0)
;
#endif /* HTTP_VIA_LIBCURL */
#ifdef HTTPS_VIA_LIBCURL
else if(strcasecmp(scheme,"https")==0)
else if(strcasecmp(opt->scheme,"https")==0)
;
#endif /* HTTP_VIA_LIBCURL */
#ifdef FTP_VIA_LIBCURL
else if(strcasecmp(scheme,"ftp")==0)
else if(strcasecmp(opt->scheme,"ftp")==0)
;
#endif /* FTP_VIA_LIBCURL */
#ifdef FTPS_VIA_LIBCURL
else if(strcasecmp(scheme,"ftps")==0)
else if(strcasecmp(opt->scheme,"ftps")==0)
;
#endif /* FTPS_VIA_LIBCURL */
else
{
fprintf(console,"gpgkeys: scheme `%s' not supported\n",scheme);
fprintf(console,"gpgkeys: scheme `%s' not supported\n",opt->scheme);
return KEYSERVER_SCHEME_NOT_FOUND;
}
if(timeout && register_timeout()==-1)
if(!opt->host)
{
fprintf(console,"gpgkeys: no keyserver host provided\n");
goto fail;
}
if(opt->timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
@ -419,16 +327,14 @@ main(int argc,char *argv[])
curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects);
}
if(debug)
if(opt->debug)
{
curl_easy_setopt(curl,CURLOPT_STDERR,console);
curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
}
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);
if(ca_cert_file)
curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
if(proxy[0])
curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
@ -436,7 +342,7 @@ main(int argc,char *argv[])
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
if(action==GET)
if(opt->action==KS_GET)
{
/* Eat the rest of the file */
for(;;)
@ -472,7 +378,7 @@ main(int argc,char *argv[])
goto fail;
}
if(!thekey || !host[0])
if(!thekey)
{
fprintf(console,"gpgkeys: invalid keyserver instructions\n");
goto fail;
@ -483,18 +389,18 @@ main(int argc,char *argv[])
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION);
if(verbose)
if(opt->verbose)
{
fprintf(console,"Scheme:\t\t%s\n",scheme);
fprintf(console,"Host:\t\t%s\n",host);
if(port[0])
fprintf(console,"Port:\t\t%s\n",port);
if(path[0])
fprintf(console,"Path:\t\t%s\n",path);
fprintf(console,"Scheme:\t\t%s\n",opt->scheme);
fprintf(console,"Host:\t\t%s\n",opt->host);
if(opt->port)
fprintf(console,"Port:\t\t%s\n",opt->port);
if(opt->path)
fprintf(console,"Path:\t\t%s\n",opt->path);
fprintf(console,"Command:\tGET\n");
}
set_timeout(timeout);
set_timeout(opt->timeout);
ret=get_key(thekey);
@ -508,6 +414,8 @@ main(int argc,char *argv[])
if(output!=stdout)
fclose(output);
free_ks_options(opt);
if(curl)
curl_easy_cleanup(curl);

116
keyserver/gpgkeys_finger.c
View File

@ -55,9 +55,8 @@
extern char *optarg;
extern int optind;
static int verbose=0;
static char path[MAX_OPAQUE+1];
static FILE *input, *output, *console;
static FILE *input,*output,*console;
static struct ks_options *opt;
#ifdef _WIN32
static void
@ -300,7 +299,7 @@ get_key (char *getkey)
indicated the requested key anyway. */
fprintf(output,"KEY 0x%s BEGIN\n",getkey);
rc = send_request (path, &sock);
rc=send_request(opt->opaque,&sock);
if(rc)
{
fprintf(output,"KEY 0x%s FAILED %d\n",getkey, rc);
@ -362,10 +361,9 @@ show_help (FILE *fp)
int
main(int argc,char *argv[])
{
int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
int arg,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE];
char *thekey=NULL;
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
console=stderr;
@ -422,91 +420,38 @@ main(int argc,char *argv[])
if(output==NULL)
output=stdout;
opt=init_ks_options();
if(!opt)
return KEYSERVER_NO_MEMORY;
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
int version;
char command[MAX_COMMAND+1];
char option[MAX_OPTION+1];
char hash;
int err;
if(line[0]=='\n')
break;
if(sscanf(line,"%c",&hash)==1 && hash=='#')
continue;
if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
err=parse_ks_options(line,opt);
if(err>0)
{
command[MAX_COMMAND]='\0';
if(strcasecmp(command,"get")==0)
action=GET;
continue;
}
if(strncmp(line,"HOST ",5)==0)
{
fprintf(console,"gpgkeys: finger://relay/user syntax is not"
" supported. Use finger:user instead.\n");
ret=KEYSERVER_NOT_SUPPORTED;
ret=err;
goto fail;
}
if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",path)==1)
{
path[MAX_OPAQUE]='\0';
continue;
}
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
{
ret=KEYSERVER_VERSION_ERROR;
goto fail;
}
continue;
}
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
{
int no=0;
char *start=&option[0];
option[MAX_OPTION]='\0';
if(strncasecmp(option,"no-",3)==0)
{
no=1;
start=&option[3];
}
if(strcasecmp(start,"verbose")==0)
{
if(no)
verbose--;
else
verbose++;
}
else if(strncasecmp(start,"timeout",7)==0)
{
if(no)
timeout=0;
else if(start[7]=='=')
timeout=atoi(&start[8]);
else if(start[7]=='\0')
timeout=DEFAULT_KEYSERVER_TIMEOUT;
}
continue;
}
else if(err==0)
continue;
}
if(timeout && register_timeout()==-1)
if(opt->host)
{
fprintf(console,"gpgkeys: finger://relay/user syntax is not"
" supported. Use finger:user instead.\n");
ret=KEYSERVER_NOT_SUPPORTED;
goto fail;
}
if(opt->timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
@ -515,7 +460,7 @@ main(int argc,char *argv[])
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
if(action==GET)
if(opt->action==KS_GET)
{
/* Eat the rest of the file */
for(;;)
@ -551,7 +496,7 @@ main(int argc,char *argv[])
goto fail;
}
if(!thekey || !*path)
if(!thekey || !opt->opaque)
{
fprintf(console,"gpgkeys: invalid keyserver instructions\n");
goto fail;
@ -562,16 +507,15 @@ main(int argc,char *argv[])
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION);
if (verbose>1)
if(opt->verbose>1)
{
if(path[0])
fprintf(console,"Path:\t\t%s\n",path);
fprintf(console,"User:\t\t%s\n",opt->opaque);
fprintf(console,"Command:\tGET\n");
}
set_timeout(timeout);
set_timeout(opt->timeout);
ret = get_key(thekey);
ret=get_key(thekey);
fail:
@ -583,5 +527,7 @@ main(int argc,char *argv[])
if(output!=stdout)
fclose(output);
free_ks_options(opt);
return ret;
}

394
keyserver/gpgkeys_ldap.c
View File

@ -50,14 +50,12 @@
extern char *optarg;
extern int optind;
static int verbose=0,include_disabled=0,include_revoked=0,include_subkeys=0;
static int real_ldap=0;
static char *basekeyspacedn=NULL;
static char host[MAX_HOST+1]={'\0'};
static char portstr[MAX_PORT+1]={'\0'};
static char *pgpkeystr="pgpKey";
static FILE *input=NULL,*output=NULL,*console=NULL;
static LDAP *ldap=NULL;
static struct ks_options *opt;
#ifndef HAVE_TIMEGM
time_t timegm(struct tm *tm);
@ -1007,7 +1005,7 @@ get_key(char *getkey)
/* fingerprint. Take the last 16 characters and treat it like a
long key id */
if(include_subkeys)
if(opt->flags.include_subkeys)
sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
offset,offset);
else
@ -1017,7 +1015,7 @@ get_key(char *getkey)
{
/* long key id */
if(include_subkeys)
if(opt->flags.include_subkeys)
sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
getkey,getkey);
else
@ -1030,10 +1028,10 @@ get_key(char *getkey)
sprintf(search,"(pgpkeyid=%.8s)",getkey);
}
if(verbose>2)
if(opt->verbose>2)
fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
if(!verbose)
if(!opt->verbose)
attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
err=ldap_search_s(ldap,basekeyspacedn,
@ -1163,13 +1161,13 @@ search_key(char *searchkey)
/* Build the search string */
sprintf(search,"%s(pgpuserid=*%s*)%s%s%s",
(!(include_disabled&&include_revoked))?"(&":"",
(!(opt->flags.include_disabled&&opt->flags.include_revoked))?"(&":"",
searchkey,
include_disabled?"":"(pgpdisabled=0)",
include_revoked?"":"(pgprevoked=0)",
!(include_disabled&&include_revoked)?")":"");
opt->flags.include_disabled?"":"(pgpdisabled=0)",
opt->flags.include_revoked?"":"(pgprevoked=0)",
!(opt->flags.include_disabled&&opt->flags.include_revoked)?")":"");
if(verbose>2)
if(opt->verbose>2)
fprintf(console,"gpgkeys: LDAP search for: %s\n",search);
err=ldap_search_s(ldap,basekeyspacedn,
@ -1374,12 +1372,12 @@ search_key(char *searchkey)
}
static void
fail_all(struct keylist *keylist,int action,int err)
fail_all(struct keylist *keylist,int err)
{
if(!keylist)
return;
if(action==SEARCH)
if(opt->action==KS_SEARCH)
{
fprintf(output,"SEARCH ");
while(keylist)
@ -1452,7 +1450,7 @@ find_basekeyspacedn(void)
ldap_value_free(vals);
}
if(verbose>1)
if(opt->verbose>1)
{
vals=ldap_get_values(ldap,si_res,"pgpSoftware");
if(vals)
@ -1503,7 +1501,7 @@ find_basekeyspacedn(void)
ldap_value_free(vals);
}
if(verbose>1)
if(opt->verbose>1)
{
vals=ldap_get_values(ldap,si_res,"software");
if(vals)
@ -1516,7 +1514,7 @@ find_basekeyspacedn(void)
vals=ldap_get_values(ldap,si_res,"version");
if(vals)
{
if(verbose>1)
if(opt->verbose>1)
fprintf(console,"Version:\t%s\n",vals[0]);
/* If the version is high enough, use the new pgpKeyV2
@ -1547,12 +1545,10 @@ show_help (FILE *fp)
int
main(int argc,char *argv[])
{
int debug=0,port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
int port=0,arg,err,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE];
int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1;
int failed=0,use_ssl=0,use_tls=0,bound=0;
struct keylist *keylist=NULL,*keyptr=NULL;
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
char *ca_cert_file=NULL;
console=stderr;
@ -1592,7 +1588,6 @@ main(int argc,char *argv[])
break;
}
if(argc>optind)
{
input=fopen(argv[optind],"r");
@ -1610,70 +1605,28 @@ main(int argc,char *argv[])
if(output==NULL)
output=stdout;
opt=init_ks_options();
if(!opt)
return KEYSERVER_NO_MEMORY;
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
char command[MAX_COMMAND+1];
char optionstr[MAX_OPTION+1];
char scheme[MAX_SCHEME+1];
char hash;
if(line[0]=='\n')
break;
if(sscanf(line,"%c",&hash)==1 && hash=='#')
err=parse_ks_options(line,opt);
if(err>0)
{
ret=err;
goto fail;
}
else if(err==0)
continue;
if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
{
command[MAX_COMMAND]='\0';
if(strcasecmp(command,"get")==0)
action=GET;
else if(strcasecmp(command,"send")==0)
action=SEND;
else if(strcasecmp(command,"search")==0)
action=SEARCH;
continue;
}
if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
{
host[MAX_HOST]='\0';
continue;
}
if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",portstr)==1)
{
portstr[MAX_PORT]='\0';
port=atoi(portstr);
continue;
}
if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
{
scheme[MAX_SCHEME]='\0';
if(strcasecmp(scheme,"ldaps")==0)
{
port=636;
use_ssl=1;
}
continue;
}
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
{
ret=KEYSERVER_VERSION_ERROR;
goto fail;
}
continue;
}
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",optionstr)==1)
{
int no=0;
@ -1687,35 +1640,7 @@ main(int argc,char *argv[])
start=&optionstr[3];
}
if(strcasecmp(start,"verbose")==0)
{
if(no)
verbose--;
else
verbose++;
}
else if(strcasecmp(start,"include-disabled")==0)
{
if(no)
include_disabled=0;
else
include_disabled=1;
}
else if(strcasecmp(start,"include-revoked")==0)
{
if(no)
include_revoked=0;
else
include_revoked=1;
}
else if(strcasecmp(start,"include-subkeys")==0)
{
if(no)
include_subkeys=0;
else
include_subkeys=1;
}
else if(strncasecmp(start,"tls",3)==0)
if(strncasecmp(start,"tls",3)==0)
{
if(no)
use_tls=0;
@ -1735,20 +1660,6 @@ main(int argc,char *argv[])
else if(start[3]=='\0')
use_tls=1;
}
else if(strcasecmp(start,"check-cert")==0)
{
if(no)
check_cert=0;
else
check_cert=1;
}
else if(strncasecmp(start,"debug",5)==0)
{
if(no)
debug=0;
else if(start[5]=='=')
debug=atoi(&start[6]);
}
else if(strncasecmp(start,"basedn",6)==0)
{
if(no)
@ -1771,50 +1682,43 @@ main(int argc,char *argv[])
real_ldap=1;
}
}
else if(strncasecmp(start,"timeout",7)==0)
{
if(no)
timeout=0;
else if(start[7]=='=')
timeout=atoi(&start[8]);
else if(start[7]=='\0')
timeout=DEFAULT_KEYSERVER_TIMEOUT;
}
else if(strncasecmp(start,"ca-cert-file",12)==0)
{
if(no)
{
free(ca_cert_file);
ca_cert_file=NULL;
}
else if(start[12]=='=')
{
free(ca_cert_file);
ca_cert_file=strdup(&start[13]);
if(!ca_cert_file)
{
fprintf(console,"gpgkeys: out of memory while creating "
"ca_cert_file\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
}
}
continue;
}
}
if(timeout && register_timeout()==-1)
if(!opt->scheme)
{
fprintf(console,"gpgkeys: no scheme supplied!\n");
ret=KEYSERVER_SCHEME_NOT_FOUND;
goto fail;
}
if(strcasecmp(opt->scheme,"ldaps")==0)
{
port=636;
use_ssl=1;
}
if(opt->port)
port=atoi(opt->port);
if(!opt->host)
{
fprintf(console,"gpgkeys: no keyserver host provided\n");
goto fail;
}
if(opt->timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
}
#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE)
if(ca_cert_file)
if(opt->ca_cert_file)
{
err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file);
err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,opt->ca_cert_file);
if(err!=LDAP_SUCCESS)
{
fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
@ -1832,9 +1736,9 @@ main(int argc,char *argv[])
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
if(action==SEND)
if(opt->action==KS_SEND)
while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
else if(action==GET || action==SEARCH)
else if(opt->action==KS_GET || opt->action==KS_SEARCH)
{
for(;;)
{
@ -1885,24 +1789,23 @@ main(int argc,char *argv[])
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION);
if(verbose>1)
if(opt->verbose>1)
{
fprintf(console,"Host:\t\t%s\n",host);
fprintf(console,"Host:\t\t%s\n",opt->host);
if(port)
fprintf(console,"Port:\t\t%d\n",port);
fprintf(console,"Command:\t%s\n",action==GET?"GET":
action==SEND?"SEND":"SEARCH");
fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
}
if(debug)
if(opt->debug)
{
#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION)
err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&debug);
err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&opt->debug);
if(err!=LDAP_SUCCESS)
fprintf(console,"gpgkeys: unable to set debug mode: %s\n",
ldap_err2string(err));
else
fprintf(console,"gpgkeys: debug level %d\n",debug);
fprintf(console,"gpgkeys: debug level %d\n",opt->debug);
#else
fprintf(console,"gpgkeys: not built with debugging support\n");
#endif
@ -1910,16 +1813,16 @@ main(int argc,char *argv[])
/* We have a timeout set for the setup stuff since it could time out
as well. */
set_timeout(timeout);
set_timeout(opt->timeout);
/* Note that this tries all A records on a given host (or at least,
OpenLDAP does). */
ldap=ldap_init(host,port);
ldap=ldap_init(opt->host,port);
if(ldap==NULL)
{
fprintf(console,"gpgkeys: internal LDAP init error: %s\n",
strerror(errno));
fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
goto fail;
}
@ -1933,11 +1836,11 @@ main(int argc,char *argv[])
{
fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
ldap_err2string(err));
fail_all(keylist,action,ldap_err_to_gpg_err(err));
fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail;
}
if(!check_cert)
if(!opt->flags.check_cert)
ssl=LDAP_OPT_X_TLS_NEVER;
err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl);
@ -1946,7 +1849,7 @@ main(int argc,char *argv[])
fprintf(console,
"gpgkeys: unable to set certificate validation: %s\n",
ldap_err2string(err));
fail_all(keylist,action,ldap_err_to_gpg_err(err));
fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail;
}
#else
@ -1962,7 +1865,7 @@ main(int argc,char *argv[])
{
fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
err?ldap_err2string(err):"not found");
fail_all(keylist,action,ldap_err_to_gpg_err(err));
fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail;
}
@ -1977,7 +1880,7 @@ main(int argc,char *argv[])
"not supported by the NAI LDAP keyserver");
if(use_tls==3)
{
fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
goto fail;
}
}
@ -1989,7 +1892,7 @@ main(int argc,char *argv[])
err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
if(err==LDAP_SUCCESS)
{
if(check_cert)
if(opt->flags.check_cert)
ver=LDAP_OPT_X_TLS_HARD;
else
ver=LDAP_OPT_X_TLS_NEVER;
@ -2001,17 +1904,17 @@ main(int argc,char *argv[])
if(err!=LDAP_SUCCESS)
{
if(use_tls>=2 || verbose>2)
if(use_tls>=2 || opt->verbose>2)
fprintf(console,"gpgkeys: unable to start TLS: %s\n",
ldap_err2string(err));
/* Are we forcing it? */
if(use_tls==3)
{
fail_all(keylist,action,ldap_err_to_gpg_err(err));
fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail;
}
}
else if(err==LDAP_SUCCESS && verbose>1)
else if(err==LDAP_SUCCESS && opt->verbose>1)
fprintf(console,"gpgkeys: TLS started successfully.\n");
#else
if(use_tls>=2)
@ -2045,94 +1948,89 @@ main(int argc,char *argv[])
bound=1;
#endif
switch(action)
if(opt->action==KS_GET)
{
case GET:
keyptr=keylist;
while(keyptr!=NULL)
{
set_timeout(timeout);
set_timeout(opt->timeout);
if(get_key(keyptr->str)!=KEYSERVER_OK)
failed++;
keyptr=keyptr->next;
}
break;
case SEND:
{
int eof=0;
do
{
set_timeout(timeout);
if(real_ldap)
{
if(send_key(&eof)!=KEYSERVER_OK)
failed++;
}
else
{
if(send_key_keyserver(&eof)!=KEYSERVER_OK)
failed++;
}
}
while(!eof);
}
break;
case SEARCH:
{
char *searchkey=NULL;
int len=0;
set_timeout(timeout);
/* To search, we stick a * in between each key to search for.
This means that if the user enters words, they'll get
"enters*words". If the user "enters words", they'll get
"enters words" */
keyptr=keylist;
while(keyptr!=NULL)
{
len+=strlen(keyptr->str)+1;
keyptr=keyptr->next;
}
searchkey=malloc(len+1);
if(searchkey==NULL)
{
ret=KEYSERVER_NO_MEMORY;
fail_all(keylist,action,KEYSERVER_NO_MEMORY);
goto fail;
}
searchkey[0]='\0';
keyptr=keylist;
while(keyptr!=NULL)
{
strcat(searchkey,keyptr->str);
strcat(searchkey,"*");
keyptr=keyptr->next;
}
/* Nail that last "*" */
if(*searchkey)
searchkey[strlen(searchkey)-1]='\0';
if(search_key(searchkey)!=KEYSERVER_OK)
failed++;
free(searchkey);
}
break;
}
else if(opt->action==KS_SEND)
{
int eof=0;
do
{
set_timeout(opt->timeout);
if(real_ldap)
{
if(send_key(&eof)!=KEYSERVER_OK)
failed++;
}
else
{
if(send_key_keyserver(&eof)!=KEYSERVER_OK)
failed++;
}
}
while(!eof);
}
else if(opt->action==KS_SEARCH)
{
char *searchkey=NULL;
int len=0;
set_timeout(opt->timeout);
/* To search, we stick a * in between each key to search for.
This means that if the user enters words, they'll get
"enters*words". If the user "enters words", they'll get
"enters words" */
keyptr=keylist;
while(keyptr!=NULL)
{
len+=strlen(keyptr->str)+1;
keyptr=keyptr->next;
}
searchkey=malloc(len+1);
if(searchkey==NULL)
{
ret=KEYSERVER_NO_MEMORY;
fail_all(keylist,KEYSERVER_NO_MEMORY);
goto fail;
}
searchkey[0]='\0';
keyptr=keylist;
while(keyptr!=NULL)
{
strcat(searchkey,keyptr->str);
strcat(searchkey,"*");
keyptr=keyptr->next;
}
/* Nail that last "*" */
if(*searchkey)
searchkey[strlen(searchkey)-1]='\0';
if(search_key(searchkey)!=KEYSERVER_OK)
failed++;
free(searchkey);
}
else
BUG();
if(!failed)
ret=KEYSERVER_OK;
@ -2152,6 +2050,8 @@ main(int argc,char *argv[])
if(output!=stdout)
fclose(output);
free_ks_options(opt);
if(ldap!=NULL && bound)
ldap_unbind_s(ldap);

12
keyserver/ksutil.c
View File

@ -110,6 +110,7 @@ parse_ks_options(char *line,struct ks_options *opt)
char scheme[MAX_SCHEME+1];
char auth[MAX_AUTH+1];
char path[URLMAX_PATH+1];
char opaque[MAX_OPAQUE+1];
char option[MAX_OPTION+1];
if(line[0]=='#')
@ -174,6 +175,15 @@ parse_ks_options(char *line,struct ks_options *opt)
return 0;
}
if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",opaque)==1)
{
opaque[MAX_OPAQUE]='\0';
opt->opaque=strdup(opaque);
if(!opt->opaque)
return KEYSERVER_NO_MEMORY;
return 0;
}
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
@ -236,6 +246,8 @@ parse_ks_options(char *line,struct ks_options *opt)
opt->debug=0;
else if(start[5]=='=')
opt->debug=atoi(&start[6]);
else if(start[5]=='\0')
opt->debug=1;
}
else if(strncasecmp(start,"timeout",7)==0)
{

1
keyserver/ksutil.h
View File

@ -69,6 +69,7 @@ struct ks_options
char *scheme;
char *auth;
char *path;
char *opaque;
struct
{
unsigned int include_disabled:1;