security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

* gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using

Browse Source 
parse_ks_options and remove a lot of common code.

* ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default
debug with no arguments to 1.
This commit is contained in:
David Shaw 2005-03-17 16:42:41 +00:00
parent 166876a9fd
commit efa0dd21a2
6 changed files with 253 additions and 478 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
keyserver/ChangeLog
View File

@ -1,3 +1,11 @@
2005-03-17 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using
parse_ks_options and remove a lot of common code.
* ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default
debug with no arguments to 1.
2005-03-16 David Shaw <dshaw@jabberwocky.com> 2005-03-16 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c: Include lber.h if configure determines we need * gpgkeys_ldap.c: Include lber.h if configure determines we need

194
keyserver/gpgkeys_curl.c
View File

@ -38,16 +38,10 @@
extern char *optarg; extern char *optarg;
extern int optind; extern int optind;
static int verbose=0;
static char scheme[MAX_SCHEME+1];
static char auth[MAX_AUTH+1];
static char host[MAX_HOST+1];
static char port[MAX_PORT+1];
static char path[URLMAX_PATH+1];
static char proxy[MAX_PROXY+1]; static char proxy[MAX_PROXY+1];
static FILE *input, *output, *console; static FILE *input,*output,*console;
static CURL *curl; static CURL *curl;
static char request[MAX_URL]; static struct ks_options *opt;
static int static int
curl_err_to_gpg_err(CURLcode error) curl_err_to_gpg_err(CURLcode error)
@ -115,14 +109,18 @@ get_key(char *getkey)
{ {
CURLcode res; CURLcode res;
char errorbuffer[CURL_ERROR_SIZE]; char errorbuffer[CURL_ERROR_SIZE];
char request[MAX_URL];
if(strncmp(getkey,"0x",2)==0) if(strncmp(getkey,"0x",2)==0)
getkey+=2; getkey+=2;
fprintf(output,"KEY 0x%s BEGIN\n",getkey); fprintf(output,"KEY 0x%s BEGIN\n",getkey);
sprintf(request,"%s://%s%s%s%s%s%s%s",scheme,auth[0]?auth:"",auth[0]?"@":"", sprintf(request,"%s://%s%s%s%s%s%s",opt->scheme,
host,port[0]?":":"",port[0]?port:"",path[0]?"":"/",path); opt->auth?opt->auth:"",
opt->auth?"@":"",opt->host,
opt->port?":":"",opt->port?opt->port:"",
opt->path?opt->path:"/");
curl_easy_setopt(curl,CURLOPT_URL,request); curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,writer); curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,writer);
@ -132,7 +130,7 @@ get_key(char *getkey)
res=curl_easy_perform(curl); res=curl_easy_perform(curl);
if(res!=0) if(res!=0)
{ {
fprintf(console,"gpgkeys: %s fetch error %d: %s\n",scheme, fprintf(console,"gpgkeys: %s fetch error %d: %s\n",opt->scheme,
res,errorbuffer); res,errorbuffer);
fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res)); fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
} }
@ -153,12 +151,10 @@ show_help (FILE *fp)
int int
main(int argc,char *argv[]) main(int argc,char *argv[])
{ {
int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR; int arg,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE]; char line[MAX_LINE];
char *thekey=NULL; char *thekey=NULL;
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT; long follow_redirects=5;
long follow_redirects=5,debug=0,check_cert=1;
char *ca_cert_file=NULL;
console=stderr; console=stderr;
@ -215,71 +211,28 @@ main(int argc,char *argv[])
if(output==NULL) if(output==NULL)
output=stdout; output=stdout;
opt=init_ks_options();
if(!opt)
return KEYSERVER_NO_MEMORY;
/* Get the command and info block */ /* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL) while(fgets(line,MAX_LINE,input)!=NULL)
{ {
int version; int err;
char command[MAX_COMMAND+1];
char option[MAX_OPTION+1]; char option[MAX_OPTION+1];
char hash;
if(line[0]=='\n') if(line[0]=='\n')
break; break;
if(sscanf(line,"%c",&hash)==1 && hash=='#') err=parse_ks_options(line,opt);
continue; if(err>0)
if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
{ {
command[MAX_COMMAND]='\0'; ret=err;
if(strcasecmp(command,"get")==0)
action=GET;
continue;
}
if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
{
scheme[MAX_SCHEME]='\0';
continue;
}
if(sscanf(line,"AUTH %" MKSTRING(MAX_AUTH) "s\n",auth)==1)
{
auth[MAX_AUTH]='\0';
continue;
}
if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
{
host[MAX_HOST]='\0';
continue;
}
if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",port)==1)
{
port[MAX_PORT]='\0';
continue;
}
if(sscanf(line,"PATH %" MKSTRING(URLMAX_PATH) "s\n",path)==1)
{
path[URLMAX_PATH]='\0';
continue;
}
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
{
ret=KEYSERVER_VERSION_ERROR;
goto fail; goto fail;
} }
else if(err==0)
continue; continue;
}
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1) if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
{ {
@ -294,14 +247,7 @@ main(int argc,char *argv[])
start=&option[3]; start=&option[3];
} }
if(strcasecmp(start,"verbose")==0) if(strncasecmp(start,"http-proxy",10)==0)
{
if(no)
verbose--;
else
verbose++;
}
else if(strncasecmp(start,"http-proxy",10)==0)
{ {
if(no) if(no)
proxy[0]='\0'; proxy[0]='\0';
@ -311,15 +257,6 @@ main(int argc,char *argv[])
proxy[MAX_PROXY]='\0'; proxy[MAX_PROXY]='\0';
} }
} }
else if(strncasecmp(start,"timeout",7)==0)
{
if(no)
timeout=0;
else if(start[7]=='=')
timeout=atoi(&start[8]);
else if(start[7]=='\0')
timeout=DEFAULT_KEYSERVER_TIMEOUT;
}
else if(strncasecmp(start,"follow-redirects",16)==0) else if(strncasecmp(start,"follow-redirects",16)==0)
{ {
if(no) if(no)
@ -329,75 +266,46 @@ main(int argc,char *argv[])
else if(start[16]=='\0') else if(start[16]=='\0')
follow_redirects=-1; follow_redirects=-1;
} }
else if(strncasecmp(start,"debug",5)==0)
{
if(no)
debug=0;
else if(start[5]=='=')
debug=atoi(&start[6]);
else if(start[5]=='\0')
debug=1;
}
else if(strcasecmp(start,"check-cert")==0)
{
if(no)
check_cert=0;
else
check_cert=1;
}
else if(strncasecmp(start,"ca-cert-file",12)==0)
{
if(no)
{
free(ca_cert_file);
ca_cert_file=NULL;
}
else if(start[12]=='=')
{
free(ca_cert_file);
ca_cert_file=strdup(&start[13]);
if(!ca_cert_file)
{
fprintf(console,"gpgkeys: out of memory while creating "
"ca_cert_file\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
}
}
continue; continue;
} }
} }
if(scheme[0]=='\0') if(!opt->scheme)
{ {
fprintf(console,"gpgkeys: no scheme supplied!\n"); fprintf(console,"gpgkeys: no scheme supplied!\n");
return KEYSERVER_SCHEME_NOT_FOUND; ret=KEYSERVER_SCHEME_NOT_FOUND;
goto fail;
} }
#ifdef HTTP_VIA_LIBCURL #ifdef HTTP_VIA_LIBCURL
else if(strcasecmp(scheme,"http")==0) else if(strcasecmp(opt->scheme,"http")==0)
; ;
#endif /* HTTP_VIA_LIBCURL */ #endif /* HTTP_VIA_LIBCURL */
#ifdef HTTPS_VIA_LIBCURL #ifdef HTTPS_VIA_LIBCURL
else if(strcasecmp(scheme,"https")==0) else if(strcasecmp(opt->scheme,"https")==0)
; ;
#endif /* HTTP_VIA_LIBCURL */ #endif /* HTTP_VIA_LIBCURL */
#ifdef FTP_VIA_LIBCURL #ifdef FTP_VIA_LIBCURL
else if(strcasecmp(scheme,"ftp")==0) else if(strcasecmp(opt->scheme,"ftp")==0)
; ;
#endif /* FTP_VIA_LIBCURL */ #endif /* FTP_VIA_LIBCURL */
#ifdef FTPS_VIA_LIBCURL #ifdef FTPS_VIA_LIBCURL
else if(strcasecmp(scheme,"ftps")==0) else if(strcasecmp(opt->scheme,"ftps")==0)
; ;
#endif /* FTPS_VIA_LIBCURL */ #endif /* FTPS_VIA_LIBCURL */
else else
{ {
fprintf(console,"gpgkeys: scheme `%s' not supported\n",scheme); fprintf(console,"gpgkeys: scheme `%s' not supported\n",opt->scheme);
return KEYSERVER_SCHEME_NOT_FOUND; return KEYSERVER_SCHEME_NOT_FOUND;
} }
if(timeout && register_timeout()==-1) if(!opt->host)
{
fprintf(console,"gpgkeys: no keyserver host provided\n");
goto fail;
}
if(opt->timeout && register_timeout()==-1)
{ {
fprintf(console,"gpgkeys: unable to register timeout handler\n"); fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR; return KEYSERVER_INTERNAL_ERROR;
@ -419,16 +327,14 @@ main(int argc,char *argv[])
curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects); curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects);
} }
if(debug) if(opt->debug)
{ {
curl_easy_setopt(curl,CURLOPT_STDERR,console); curl_easy_setopt(curl,CURLOPT_STDERR,console);
curl_easy_setopt(curl,CURLOPT_VERBOSE,1); curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
} }
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert); curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
if(ca_cert_file)
curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
if(proxy[0]) if(proxy[0])
curl_easy_setopt(curl,CURLOPT_PROXY,proxy); curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
@ -436,7 +342,7 @@ main(int argc,char *argv[])
/* If it's a GET or a SEARCH, the next thing to come in is the /* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */ keyids. If it's a SEND, then there are no keyids. */
if(action==GET) if(opt->action==KS_GET)
{ {
/* Eat the rest of the file */ /* Eat the rest of the file */
for(;;) for(;;)
@ -472,7 +378,7 @@ main(int argc,char *argv[])
goto fail; goto fail;
} }
if(!thekey || !host[0]) if(!thekey)
{ {
fprintf(console,"gpgkeys: invalid keyserver instructions\n"); fprintf(console,"gpgkeys: invalid keyserver instructions\n");
goto fail; goto fail;
@ -483,18 +389,18 @@ main(int argc,char *argv[])
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION); fprintf(output,"PROGRAM %s\n\n",VERSION);
if(verbose) if(opt->verbose)
{ {
fprintf(console,"Scheme:\t\t%s\n",scheme); fprintf(console,"Scheme:\t\t%s\n",opt->scheme);
fprintf(console,"Host:\t\t%s\n",host); fprintf(console,"Host:\t\t%s\n",opt->host);
if(port[0]) if(opt->port)
fprintf(console,"Port:\t\t%s\n",port); fprintf(console,"Port:\t\t%s\n",opt->port);
if(path[0]) if(opt->path)
fprintf(console,"Path:\t\t%s\n",path); fprintf(console,"Path:\t\t%s\n",opt->path);
fprintf(console,"Command:\tGET\n"); fprintf(console,"Command:\tGET\n");
} }
set_timeout(timeout); set_timeout(opt->timeout);
ret=get_key(thekey); ret=get_key(thekey);
@ -508,6 +414,8 @@ main(int argc,char *argv[])
if(output!=stdout) if(output!=stdout)
fclose(output); fclose(output);
free_ks_options(opt);
if(curl) if(curl)
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

104
keyserver/gpgkeys_finger.c
View File

@ -55,9 +55,8 @@
extern char *optarg; extern char *optarg;
extern int optind; extern int optind;
static int verbose=0; static FILE *input,*output,*console;
static char path[MAX_OPAQUE+1]; static struct ks_options *opt;
static FILE *input, *output, *console;
#ifdef _WIN32 #ifdef _WIN32
static void static void
@ -300,7 +299,7 @@ get_key (char *getkey)
indicated the requested key anyway. */ indicated the requested key anyway. */
fprintf(output,"KEY 0x%s BEGIN\n",getkey); fprintf(output,"KEY 0x%s BEGIN\n",getkey);
rc = send_request (path, &sock); rc=send_request(opt->opaque,&sock);
if(rc) if(rc)
{ {
fprintf(output,"KEY 0x%s FAILED %d\n",getkey, rc); fprintf(output,"KEY 0x%s FAILED %d\n",getkey, rc);
@ -362,10 +361,9 @@ show_help (FILE *fp)
int int
main(int argc,char *argv[]) main(int argc,char *argv[])
{ {
int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR; int arg,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE]; char line[MAX_LINE];
char *thekey=NULL; char *thekey=NULL;
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
console=stderr; console=stderr;
@ -422,32 +420,30 @@ main(int argc,char *argv[])
if(output==NULL) if(output==NULL)
output=stdout; output=stdout;
opt=init_ks_options();
if(!opt)
return KEYSERVER_NO_MEMORY;
/* Get the command and info block */ /* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL) while(fgets(line,MAX_LINE,input)!=NULL)
{ {
int version; int err;
char command[MAX_COMMAND+1];
char option[MAX_OPTION+1];
char hash;
if(line[0]=='\n') if(line[0]=='\n')
break; break;
if(sscanf(line,"%c",&hash)==1 && hash=='#') err=parse_ks_options(line,opt);
continue; if(err>0)
if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
{ {
command[MAX_COMMAND]='\0'; ret=err;
goto fail;
if(strcasecmp(command,"get")==0) }
action=GET; else if(err==0)
continue; continue;
} }
if(strncmp(line,"HOST ",5)==0) if(opt->host)
{ {
fprintf(console,"gpgkeys: finger://relay/user syntax is not" fprintf(console,"gpgkeys: finger://relay/user syntax is not"
" supported. Use finger:user instead.\n"); " supported. Use finger:user instead.\n");
@ -455,58 +451,7 @@ main(int argc,char *argv[])
goto fail; goto fail;
} }
if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",path)==1) if(opt->timeout && register_timeout()==-1)
{
path[MAX_OPAQUE]='\0';
continue;
}
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
{
ret=KEYSERVER_VERSION_ERROR;
goto fail;
}
continue;
}
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
{
int no=0;
char *start=&option[0];
option[MAX_OPTION]='\0';
if(strncasecmp(option,"no-",3)==0)
{
no=1;
start=&option[3];
}
if(strcasecmp(start,"verbose")==0)
{
if(no)
verbose--;
else
verbose++;
}
else if(strncasecmp(start,"timeout",7)==0)
{
if(no)
timeout=0;
else if(start[7]=='=')
timeout=atoi(&start[8]);
else if(start[7]=='\0')
timeout=DEFAULT_KEYSERVER_TIMEOUT;
}
continue;
}
}
if(timeout && register_timeout()==-1)
{ {
fprintf(console,"gpgkeys: unable to register timeout handler\n"); fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR; return KEYSERVER_INTERNAL_ERROR;
@ -515,7 +460,7 @@ main(int argc,char *argv[])
/* If it's a GET or a SEARCH, the next thing to come in is the /* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */ keyids. If it's a SEND, then there are no keyids. */
if(action==GET) if(opt->action==KS_GET)
{ {
/* Eat the rest of the file */ /* Eat the rest of the file */
for(;;) for(;;)
@ -551,7 +496,7 @@ main(int argc,char *argv[])
goto fail; goto fail;
} }
if(!thekey || !*path) if(!thekey || !opt->opaque)
{ {
fprintf(console,"gpgkeys: invalid keyserver instructions\n"); fprintf(console,"gpgkeys: invalid keyserver instructions\n");
goto fail; goto fail;
@ -562,16 +507,15 @@ main(int argc,char *argv[])
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION); fprintf(output,"PROGRAM %s\n\n",VERSION);
if (verbose>1) if(opt->verbose>1)
{ {
if(path[0]) fprintf(console,"User:\t\t%s\n",opt->opaque);
fprintf(console,"Path:\t\t%s\n",path);
fprintf(console,"Command:\tGET\n"); fprintf(console,"Command:\tGET\n");
} }
set_timeout(timeout); set_timeout(opt->timeout);
ret = get_key(thekey); ret=get_key(thekey);
fail: fail:
@ -583,5 +527,7 @@ main(int argc,char *argv[])
if(output!=stdout) if(output!=stdout)
fclose(output); fclose(output);
free_ks_options(opt);
return ret; return ret;
} }

266
keyserver/gpgkeys_ldap.c
View File

@ -50,14 +50,12 @@
extern char *optarg; extern char *optarg;
extern int optind; extern int optind;
static int verbose=0,include_disabled=0,include_revoked=0,include_subkeys=0;
static int real_ldap=0; static int real_ldap=0;
static char *basekeyspacedn=NULL; static char *basekeyspacedn=NULL;
static char host[MAX_HOST+1]={'\0'};
static char portstr[MAX_PORT+1]={'\0'};
static char *pgpkeystr="pgpKey"; static char *pgpkeystr="pgpKey";
static FILE *input=NULL,*output=NULL,*console=NULL; static FILE *input=NULL,*output=NULL,*console=NULL;
static LDAP *ldap=NULL; static LDAP *ldap=NULL;
static struct ks_options *opt;
#ifndef HAVE_TIMEGM #ifndef HAVE_TIMEGM
time_t timegm(struct tm *tm); time_t timegm(struct tm *tm);
@ -1007,7 +1005,7 @@ get_key(char *getkey)
/* fingerprint. Take the last 16 characters and treat it like a /* fingerprint. Take the last 16 characters and treat it like a
long key id */ long key id */
if(include_subkeys) if(opt->flags.include_subkeys)
sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))", sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
offset,offset); offset,offset);
else else
@ -1017,7 +1015,7 @@ get_key(char *getkey)
{ {
/* long key id */ /* long key id */
if(include_subkeys) if(opt->flags.include_subkeys)
sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))", sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
getkey,getkey); getkey,getkey);
else else
@ -1030,10 +1028,10 @@ get_key(char *getkey)
sprintf(search,"(pgpkeyid=%.8s)",getkey); sprintf(search,"(pgpkeyid=%.8s)",getkey);
} }
if(verbose>2) if(opt->verbose>2)
fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search); fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
if(!verbose) if(!opt->verbose)
attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */ attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
err=ldap_search_s(ldap,basekeyspacedn, err=ldap_search_s(ldap,basekeyspacedn,
@ -1163,13 +1161,13 @@ search_key(char *searchkey)
/* Build the search string */ /* Build the search string */
sprintf(search,"%s(pgpuserid=*%s*)%s%s%s", sprintf(search,"%s(pgpuserid=*%s*)%s%s%s",
(!(include_disabled&&include_revoked))?"(&":"", (!(opt->flags.include_disabled&&opt->flags.include_revoked))?"(&":"",
searchkey, searchkey,
include_disabled?"":"(pgpdisabled=0)", opt->flags.include_disabled?"":"(pgpdisabled=0)",
include_revoked?"":"(pgprevoked=0)", opt->flags.include_revoked?"":"(pgprevoked=0)",
!(include_disabled&&include_revoked)?")":""); !(opt->flags.include_disabled&&opt->flags.include_revoked)?")":"");
if(verbose>2) if(opt->verbose>2)
fprintf(console,"gpgkeys: LDAP search for: %s\n",search); fprintf(console,"gpgkeys: LDAP search for: %s\n",search);
err=ldap_search_s(ldap,basekeyspacedn, err=ldap_search_s(ldap,basekeyspacedn,
@ -1374,12 +1372,12 @@ search_key(char *searchkey)
} }
static void static void
fail_all(struct keylist *keylist,int action,int err) fail_all(struct keylist *keylist,int err)
{ {
if(!keylist) if(!keylist)
return; return;
if(action==SEARCH) if(opt->action==KS_SEARCH)
{ {
fprintf(output,"SEARCH "); fprintf(output,"SEARCH ");
while(keylist) while(keylist)
@ -1452,7 +1450,7 @@ find_basekeyspacedn(void)
ldap_value_free(vals); ldap_value_free(vals);
} }
if(verbose>1) if(opt->verbose>1)
{ {
vals=ldap_get_values(ldap,si_res,"pgpSoftware"); vals=ldap_get_values(ldap,si_res,"pgpSoftware");
if(vals) if(vals)
@ -1503,7 +1501,7 @@ find_basekeyspacedn(void)
ldap_value_free(vals); ldap_value_free(vals);
} }
if(verbose>1) if(opt->verbose>1)
{ {
vals=ldap_get_values(ldap,si_res,"software"); vals=ldap_get_values(ldap,si_res,"software");
if(vals) if(vals)
@ -1516,7 +1514,7 @@ find_basekeyspacedn(void)
vals=ldap_get_values(ldap,si_res,"version"); vals=ldap_get_values(ldap,si_res,"version");
if(vals) if(vals)
{ {
if(verbose>1) if(opt->verbose>1)
fprintf(console,"Version:\t%s\n",vals[0]); fprintf(console,"Version:\t%s\n",vals[0]);
/* If the version is high enough, use the new pgpKeyV2 /* If the version is high enough, use the new pgpKeyV2
@ -1547,12 +1545,10 @@ show_help (FILE *fp)
int int
main(int argc,char *argv[]) main(int argc,char *argv[])
{ {
int debug=0,port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR; int port=0,arg,err,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE]; char line[MAX_LINE];
int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1; int failed=0,use_ssl=0,use_tls=0,bound=0;
struct keylist *keylist=NULL,*keyptr=NULL; struct keylist *keylist=NULL,*keyptr=NULL;
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
char *ca_cert_file=NULL;
console=stderr; console=stderr;
@ -1592,7 +1588,6 @@ main(int argc,char *argv[])
break; break;
} }
if(argc>optind) if(argc>optind)
{ {
input=fopen(argv[optind],"r"); input=fopen(argv[optind],"r");
@ -1610,69 +1605,27 @@ main(int argc,char *argv[])
if(output==NULL) if(output==NULL)
output=stdout; output=stdout;
opt=init_ks_options();
if(!opt)
return KEYSERVER_NO_MEMORY;
/* Get the command and info block */ /* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL) while(fgets(line,MAX_LINE,input)!=NULL)
{ {
char command[MAX_COMMAND+1];
char optionstr[MAX_OPTION+1]; char optionstr[MAX_OPTION+1];
char scheme[MAX_SCHEME+1];
char hash;
if(line[0]=='\n') if(line[0]=='\n')
break; break;
if(sscanf(line,"%c",&hash)==1 && hash=='#') err=parse_ks_options(line,opt);
continue; if(err>0)
if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
{ {
command[MAX_COMMAND]='\0'; ret=err;
if(strcasecmp(command,"get")==0)
action=GET;
else if(strcasecmp(command,"send")==0)
action=SEND;
else if(strcasecmp(command,"search")==0)
action=SEARCH;
continue;
}
if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
{
host[MAX_HOST]='\0';
continue;
}
if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",portstr)==1)
{
portstr[MAX_PORT]='\0';
port=atoi(portstr);
continue;
}
if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
{
scheme[MAX_SCHEME]='\0';
if(strcasecmp(scheme,"ldaps")==0)
{
port=636;
use_ssl=1;
}
continue;
}
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
{
ret=KEYSERVER_VERSION_ERROR;
goto fail; goto fail;
} }
else if(err==0)
continue; continue;
}
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",optionstr)==1) if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",optionstr)==1)
{ {
@ -1687,35 +1640,7 @@ main(int argc,char *argv[])
start=&optionstr[3]; start=&optionstr[3];
} }
if(strcasecmp(start,"verbose")==0) if(strncasecmp(start,"tls",3)==0)
{
if(no)
verbose--;
else
verbose++;
}
else if(strcasecmp(start,"include-disabled")==0)
{
if(no)
include_disabled=0;
else
include_disabled=1;
}
else if(strcasecmp(start,"include-revoked")==0)
{
if(no)
include_revoked=0;
else
include_revoked=1;
}
else if(strcasecmp(start,"include-subkeys")==0)
{
if(no)
include_subkeys=0;
else
include_subkeys=1;
}
else if(strncasecmp(start,"tls",3)==0)
{ {
if(no) if(no)
use_tls=0; use_tls=0;
@ -1735,20 +1660,6 @@ main(int argc,char *argv[])
else if(start[3]=='\0') else if(start[3]=='\0')
use_tls=1; use_tls=1;
} }
else if(strcasecmp(start,"check-cert")==0)
{
if(no)
check_cert=0;
else
check_cert=1;
}
else if(strncasecmp(start,"debug",5)==0)
{
if(no)
debug=0;
else if(start[5]=='=')
debug=atoi(&start[6]);
}
else if(strncasecmp(start,"basedn",6)==0) else if(strncasecmp(start,"basedn",6)==0)
{ {
if(no) if(no)
@ -1771,50 +1682,43 @@ main(int argc,char *argv[])
real_ldap=1; real_ldap=1;
} }
} }
else if(strncasecmp(start,"timeout",7)==0)
{
if(no)
timeout=0;
else if(start[7]=='=')
timeout=atoi(&start[8]);
else if(start[7]=='\0')
timeout=DEFAULT_KEYSERVER_TIMEOUT;
}
else if(strncasecmp(start,"ca-cert-file",12)==0)
{
if(no)
{
free(ca_cert_file);
ca_cert_file=NULL;
}
else if(start[12]=='=')
{
free(ca_cert_file);
ca_cert_file=strdup(&start[13]);
if(!ca_cert_file)
{
fprintf(console,"gpgkeys: out of memory while creating "
"ca_cert_file\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
}
}
continue; continue;
} }
} }
if(timeout && register_timeout()==-1) if(!opt->scheme)
{
fprintf(console,"gpgkeys: no scheme supplied!\n");
ret=KEYSERVER_SCHEME_NOT_FOUND;
goto fail;
}
if(strcasecmp(opt->scheme,"ldaps")==0)
{
port=636;
use_ssl=1;
}
if(opt->port)
port=atoi(opt->port);
if(!opt->host)
{
fprintf(console,"gpgkeys: no keyserver host provided\n");
goto fail;
}
if(opt->timeout && register_timeout()==-1)
{ {
fprintf(console,"gpgkeys: unable to register timeout handler\n"); fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR; return KEYSERVER_INTERNAL_ERROR;
} }
#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE) #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE)
if(ca_cert_file) if(opt->ca_cert_file)
{ {
err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file); err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,opt->ca_cert_file);
if(err!=LDAP_SUCCESS) if(err!=LDAP_SUCCESS)
{ {
fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n", fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
@ -1832,9 +1736,9 @@ main(int argc,char *argv[])
/* If it's a GET or a SEARCH, the next thing to come in is the /* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */ keyids. If it's a SEND, then there are no keyids. */
if(action==SEND) if(opt->action==KS_SEND)
while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n'); while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
else if(action==GET || action==SEARCH) else if(opt->action==KS_GET || opt->action==KS_SEARCH)
{ {
for(;;) for(;;)
{ {
@ -1885,24 +1789,23 @@ main(int argc,char *argv[])
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION); fprintf(output,"PROGRAM %s\n\n",VERSION);
if(verbose>1) if(opt->verbose>1)
{ {
fprintf(console,"Host:\t\t%s\n",host); fprintf(console,"Host:\t\t%s\n",opt->host);
if(port) if(port)
fprintf(console,"Port:\t\t%d\n",port); fprintf(console,"Port:\t\t%d\n",port);
fprintf(console,"Command:\t%s\n",action==GET?"GET": fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
action==SEND?"SEND":"SEARCH");
} }
if(debug) if(opt->debug)
{ {
#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION) #if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION)
err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&debug); err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&opt->debug);
if(err!=LDAP_SUCCESS) if(err!=LDAP_SUCCESS)
fprintf(console,"gpgkeys: unable to set debug mode: %s\n", fprintf(console,"gpgkeys: unable to set debug mode: %s\n",
ldap_err2string(err)); ldap_err2string(err));
else else
fprintf(console,"gpgkeys: debug level %d\n",debug); fprintf(console,"gpgkeys: debug level %d\n",opt->debug);
#else #else
fprintf(console,"gpgkeys: not built with debugging support\n"); fprintf(console,"gpgkeys: not built with debugging support\n");
#endif #endif
@ -1910,16 +1813,16 @@ main(int argc,char *argv[])
/* We have a timeout set for the setup stuff since it could time out /* We have a timeout set for the setup stuff since it could time out
as well. */ as well. */
set_timeout(timeout); set_timeout(opt->timeout);
/* Note that this tries all A records on a given host (or at least, /* Note that this tries all A records on a given host (or at least,
OpenLDAP does). */ OpenLDAP does). */
ldap=ldap_init(host,port); ldap=ldap_init(opt->host,port);
if(ldap==NULL) if(ldap==NULL)
{ {
fprintf(console,"gpgkeys: internal LDAP init error: %s\n", fprintf(console,"gpgkeys: internal LDAP init error: %s\n",
strerror(errno)); strerror(errno));
fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
goto fail; goto fail;
} }
@ -1933,11 +1836,11 @@ main(int argc,char *argv[])
{ {
fprintf(console,"gpgkeys: unable to make SSL connection: %s\n", fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
ldap_err2string(err)); ldap_err2string(err));
fail_all(keylist,action,ldap_err_to_gpg_err(err)); fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail; goto fail;
} }
if(!check_cert) if(!opt->flags.check_cert)
ssl=LDAP_OPT_X_TLS_NEVER; ssl=LDAP_OPT_X_TLS_NEVER;
err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl); err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl);
@ -1946,7 +1849,7 @@ main(int argc,char *argv[])
fprintf(console, fprintf(console,
"gpgkeys: unable to set certificate validation: %s\n", "gpgkeys: unable to set certificate validation: %s\n",
ldap_err2string(err)); ldap_err2string(err));
fail_all(keylist,action,ldap_err_to_gpg_err(err)); fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail; goto fail;
} }
#else #else
@ -1962,7 +1865,7 @@ main(int argc,char *argv[])
{ {
fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n", fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
err?ldap_err2string(err):"not found"); err?ldap_err2string(err):"not found");
fail_all(keylist,action,ldap_err_to_gpg_err(err)); fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail; goto fail;
} }
@ -1977,7 +1880,7 @@ main(int argc,char *argv[])
"not supported by the NAI LDAP keyserver"); "not supported by the NAI LDAP keyserver");
if(use_tls==3) if(use_tls==3)
{ {
fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
goto fail; goto fail;
} }
} }
@ -1989,7 +1892,7 @@ main(int argc,char *argv[])
err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver); err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
if(err==LDAP_SUCCESS) if(err==LDAP_SUCCESS)
{ {
if(check_cert) if(opt->flags.check_cert)
ver=LDAP_OPT_X_TLS_HARD; ver=LDAP_OPT_X_TLS_HARD;
else else
ver=LDAP_OPT_X_TLS_NEVER; ver=LDAP_OPT_X_TLS_NEVER;
@ -2001,17 +1904,17 @@ main(int argc,char *argv[])
if(err!=LDAP_SUCCESS) if(err!=LDAP_SUCCESS)
{ {
if(use_tls>=2 || verbose>2) if(use_tls>=2 || opt->verbose>2)
fprintf(console,"gpgkeys: unable to start TLS: %s\n", fprintf(console,"gpgkeys: unable to start TLS: %s\n",
ldap_err2string(err)); ldap_err2string(err));
/* Are we forcing it? */ /* Are we forcing it? */
if(use_tls==3) if(use_tls==3)
{ {
fail_all(keylist,action,ldap_err_to_gpg_err(err)); fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail; goto fail;
} }
} }
else if(err==LDAP_SUCCESS && verbose>1) else if(err==LDAP_SUCCESS && opt->verbose>1)
fprintf(console,"gpgkeys: TLS started successfully.\n"); fprintf(console,"gpgkeys: TLS started successfully.\n");
#else #else
if(use_tls>=2) if(use_tls>=2)
@ -2045,29 +1948,27 @@ main(int argc,char *argv[])
bound=1; bound=1;
#endif #endif
switch(action) if(opt->action==KS_GET)
{ {
case GET:
keyptr=keylist; keyptr=keylist;
while(keyptr!=NULL) while(keyptr!=NULL)
{ {
set_timeout(timeout); set_timeout(opt->timeout);
if(get_key(keyptr->str)!=KEYSERVER_OK) if(get_key(keyptr->str)!=KEYSERVER_OK)
failed++; failed++;
keyptr=keyptr->next; keyptr=keyptr->next;
} }
break; }
else if(opt->action==KS_SEND)
case SEND:
{ {
int eof=0; int eof=0;
do do
{ {
set_timeout(timeout); set_timeout(opt->timeout);
if(real_ldap) if(real_ldap)
{ {
@ -2082,14 +1983,12 @@ main(int argc,char *argv[])
} }
while(!eof); while(!eof);
} }
break; else if(opt->action==KS_SEARCH)
case SEARCH:
{ {
char *searchkey=NULL; char *searchkey=NULL;
int len=0; int len=0;
set_timeout(timeout); set_timeout(opt->timeout);
/* To search, we stick a * in between each key to search for. /* To search, we stick a * in between each key to search for.
This means that if the user enters words, they'll get This means that if the user enters words, they'll get
@ -2107,7 +2006,7 @@ main(int argc,char *argv[])
if(searchkey==NULL) if(searchkey==NULL)
{ {
ret=KEYSERVER_NO_MEMORY; ret=KEYSERVER_NO_MEMORY;
fail_all(keylist,action,KEYSERVER_NO_MEMORY); fail_all(keylist,KEYSERVER_NO_MEMORY);
goto fail; goto fail;
} }
@ -2130,9 +2029,8 @@ main(int argc,char *argv[])
free(searchkey); free(searchkey);
} }
else
break; BUG();
}
if(!failed) if(!failed)
ret=KEYSERVER_OK; ret=KEYSERVER_OK;
@ -2152,6 +2050,8 @@ main(int argc,char *argv[])
if(output!=stdout) if(output!=stdout)
fclose(output); fclose(output);
free_ks_options(opt);
if(ldap!=NULL && bound) if(ldap!=NULL && bound)
ldap_unbind_s(ldap); ldap_unbind_s(ldap);

12
keyserver/ksutil.c
View File

@ -110,6 +110,7 @@ parse_ks_options(char *line,struct ks_options *opt)
char scheme[MAX_SCHEME+1]; char scheme[MAX_SCHEME+1];
char auth[MAX_AUTH+1]; char auth[MAX_AUTH+1];
char path[URLMAX_PATH+1]; char path[URLMAX_PATH+1];
char opaque[MAX_OPAQUE+1];
char option[MAX_OPTION+1]; char option[MAX_OPTION+1];
if(line[0]=='#') if(line[0]=='#')
@ -174,6 +175,15 @@ parse_ks_options(char *line,struct ks_options *opt)
return 0; return 0;
} }
if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",opaque)==1)
{
opaque[MAX_OPAQUE]='\0';
opt->opaque=strdup(opaque);
if(!opt->opaque)
return KEYSERVER_NO_MEMORY;
return 0;
}
if(sscanf(line,"VERSION %d\n",&version)==1) if(sscanf(line,"VERSION %d\n",&version)==1)
{ {
if(version!=KEYSERVER_PROTO_VERSION) if(version!=KEYSERVER_PROTO_VERSION)
@ -236,6 +246,8 @@ parse_ks_options(char *line,struct ks_options *opt)
opt->debug=0; opt->debug=0;
else if(start[5]=='=') else if(start[5]=='=')
opt->debug=atoi(&start[6]); opt->debug=atoi(&start[6]);
else if(start[5]=='\0')
opt->debug=1;
} }
else if(strncasecmp(start,"timeout",7)==0) else if(strncasecmp(start,"timeout",7)==0)
{ {

1
keyserver/ksutil.h
View File

@ -69,6 +69,7 @@ struct ks_options
char *scheme; char *scheme;
char *auth; char *auth;
char *path; char *path;
char *opaque;
struct struct
{ {
unsigned int include_disabled:1; unsigned int include_disabled:1;