1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00
gnupg/keyserver/gpgkeys_curl.c
David Shaw 2833a0eadc * curl-shim.c (curl_easy_perform): Fix compile warning.
* curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add
ca-cert-file option, to pass in the SSL cert.
2005-02-12 03:15:02 +00:00

518 lines
11 KiB
C

/* gpgkeys_curl.c - fetch a key via libcurl
* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
#ifdef FAKE_CURL
#include "curl-shim.h"
#else
#include <curl/curl.h>
#endif
#include "keyserver.h"
#include "ksutil.h"
extern char *optarg;
extern int optind;
static int verbose=0;
static char scheme[MAX_SCHEME+1];
static char auth[MAX_AUTH+1];
static char host[MAX_HOST+1];
static char port[MAX_PORT+1];
static char path[URLMAX_PATH+1];
static char proxy[MAX_PROXY+1];
static FILE *input, *output, *console;
static CURL *curl;
static char request[MAX_URL];
static int
curl_err_to_gpg_err(CURLcode error)
{
switch(error)
{
case CURLE_FTP_COULDNT_RETR_FILE: return KEYSERVER_KEY_NOT_FOUND;
default: return KEYSERVER_INTERNAL_ERROR;
}
}
static size_t
writer(const void *ptr,size_t size,size_t nmemb,void *stream)
{
const char *buf=ptr;
size_t i;
static int markeridx=0,begun=0,done=0;
static const char *marker=BEGIN;
/* scan the incoming data for our marker */
for(i=0;!done && i<(size*nmemb);i++)
{
if(buf[i]==marker[markeridx])
{
markeridx++;
if(marker[markeridx]=='\0')
{
if(begun)
done=1;
else
{
/* We've found the BEGIN marker, so now we're looking
for the END marker. */
begun=1;
marker=END;
markeridx=0;
fprintf(output,BEGIN);
continue;
}
}
}
else
markeridx=0;
if(begun)
{
/* Canonicalize CRLF to just LF by stripping CRs. This
actually makes sense, since on Unix-like machines LF is
correct, and on win32-like machines, our output buffer is
opened in textmode and will re-canonicalize line endings
back to CRLF. Since we only need to handle armored keys,
we don't have to worry about odd cases like CRCRCR and
the like. */
if(buf[i]!='\r')
fputc(buf[i],output);
}
}
return size*nmemb;
}
static int
get_key(char *getkey)
{
CURLcode res;
char errorbuffer[CURL_ERROR_SIZE];
if(strncmp(getkey,"0x",2)==0)
getkey+=2;
fprintf(output,"KEY 0x%s BEGIN\n",getkey);
sprintf(request,"%s://%s%s%s%s%s%s%s",scheme,auth[0]?auth:"",auth[0]?"@":"",
host,port[0]?":":"",port[0]?port:"",path[0]?"":"/",path);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,writer);
curl_easy_setopt(curl,CURLOPT_FILE,output);
curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
res=curl_easy_perform(curl);
if(res!=0)
{
fprintf(console,"gpgkeys: %s fetch error %d: %s\n",scheme,
res,errorbuffer);
fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
}
else
fprintf(output,"\nKEY 0x%s END\n",getkey);
return KEYSERVER_OK;
}
static void
show_help (FILE *fp)
{
fprintf (fp,"-h\thelp\n");
fprintf (fp,"-V\tversion\n");
fprintf (fp,"-o\toutput to this file\n");
}
int
main(int argc,char *argv[])
{
int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE];
char *thekey=NULL;
unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
long follow_redirects=5,debug=0,check_cert=1;
char *ca_cert_file=NULL;
console=stderr;
/* Kludge to implement standard GNU options. */
if (argc > 1 && !strcmp (argv[1], "--version"))
{
fputs ("gpgkeys_curl (GnuPG) " VERSION"\n", stdout);
return 0;
}
else if (argc > 1 && !strcmp (argv[1], "--help"))
{
show_help (stdout);
return 0;
}
while((arg=getopt(argc,argv,"hVo:"))!=-1)
switch(arg)
{
default:
case 'h':
show_help (console);
return KEYSERVER_OK;
case 'V':
fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
return KEYSERVER_OK;
case 'o':
output=fopen(optarg,"wb");
if(output==NULL)
{
fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n",
optarg,strerror(errno));
return KEYSERVER_INTERNAL_ERROR;
}
break;
}
if(argc>optind)
{
input=fopen(argv[optind],"r");
if(input==NULL)
{
fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n",
argv[optind],strerror(errno));
return KEYSERVER_INTERNAL_ERROR;
}
}
if(input==NULL)
input=stdin;
if(output==NULL)
output=stdout;
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
int version;
char command[MAX_COMMAND+1];
char option[MAX_OPTION+1];
char hash;
if(line[0]=='\n')
break;
if(sscanf(line,"%c",&hash)==1 && hash=='#')
continue;
if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
{
command[MAX_COMMAND]='\0';
if(strcasecmp(command,"get")==0)
action=GET;
continue;
}
if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
{
scheme[MAX_SCHEME]='\0';
continue;
}
if(sscanf(line,"AUTH %" MKSTRING(MAX_AUTH) "s\n",auth)==1)
{
auth[MAX_AUTH]='\0';
continue;
}
if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
{
host[MAX_HOST]='\0';
continue;
}
if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",port)==1)
{
port[MAX_PORT]='\0';
continue;
}
if(sscanf(line,"PATH %" MKSTRING(URLMAX_PATH) "s\n",path)==1)
{
path[URLMAX_PATH]='\0';
continue;
}
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
{
ret=KEYSERVER_VERSION_ERROR;
goto fail;
}
continue;
}
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
{
int no=0;
char *start=&option[0];
option[MAX_OPTION]='\0';
if(strncasecmp(option,"no-",3)==0)
{
no=1;
start=&option[3];
}
if(strcasecmp(start,"verbose")==0)
{
if(no)
verbose--;
else
verbose++;
}
else if(strncasecmp(start,"http-proxy",10)==0)
{
if(no)
proxy[0]='\0';
else if(start[10]=='=')
{
strncpy(proxy,&start[11],MAX_PROXY);
proxy[MAX_PROXY]='\0';
}
}
else if(strncasecmp(start,"timeout",7)==0)
{
if(no)
timeout=0;
else if(start[7]=='=')
timeout=atoi(&start[8]);
else if(start[7]=='\0')
timeout=DEFAULT_KEYSERVER_TIMEOUT;
}
else if(strncasecmp(start,"follow-redirects",16)==0)
{
if(no)
follow_redirects=0;
else if(start[16]=='=')
follow_redirects=atoi(&start[17]);
else if(start[16]=='\0')
follow_redirects=-1;
}
else if(strncasecmp(start,"debug",5)==0)
{
if(no)
debug=0;
else if(start[5]=='=')
debug=atoi(&start[6]);
else if(start[5]=='\0')
debug=1;
}
else if(strcasecmp(start,"check-cert")==0)
{
if(no)
check_cert=0;
else
check_cert=1;
}
else if(strncasecmp(start,"ca-cert-file",12)==0)
{
if(no)
{
free(ca_cert_file);
ca_cert_file=NULL;
}
else if(start[12]=='=')
{
free(ca_cert_file);
ca_cert_file=strdup(&start[13]);
if(!ca_cert_file)
{
fprintf(console,"gpgkeys: out of memory while creating "
"ca_cert_file\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
}
}
continue;
}
}
if(scheme[0]=='\0')
{
fprintf(console,"gpgkeys: no scheme supplied!\n");
return KEYSERVER_SCHEME_NOT_FOUND;
}
#ifdef HTTP_VIA_LIBCURL
else if(strcasecmp(scheme,"http")==0)
;
#endif /* HTTP_VIA_LIBCURL */
#ifdef HTTPS_VIA_LIBCURL
else if(strcasecmp(scheme,"https")==0)
;
#endif /* HTTP_VIA_LIBCURL */
#ifdef FTP_VIA_LIBCURL
else if(strcasecmp(scheme,"ftp")==0)
;
#endif /* FTP_VIA_LIBCURL */
#ifdef FTPS_VIA_LIBCURL
else if(strcasecmp(scheme,"ftps")==0)
;
#endif /* FTPS_VIA_LIBCURL */
else
{
fprintf(console,"gpgkeys: scheme `%s' not supported\n",scheme);
return KEYSERVER_SCHEME_NOT_FOUND;
}
if(timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
}
curl_global_init(CURL_GLOBAL_DEFAULT);
curl=curl_easy_init();
if(!curl)
{
fprintf(console,"gpgkeys: unable to initialize curl\n");
ret=KEYSERVER_INTERNAL_ERROR;
goto fail;
}
if(follow_redirects)
{
curl_easy_setopt(curl,CURLOPT_FOLLOWLOCATION,1);
if(follow_redirects>0)
curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects);
}
if(debug)
{
curl_easy_setopt(curl,CURLOPT_STDERR,console);
curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
}
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);
if(ca_cert_file)
curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
if(proxy[0])
curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
if(action==GET)
{
/* Eat the rest of the file */
for(;;)
{
if(fgets(line,MAX_LINE,input)==NULL)
break;
else
{
if(line[0]=='\n' || line[0]=='\0')
break;
if(!thekey)
{
thekey=strdup(line);
if(!thekey)
{
fprintf(console,"gpgkeys: out of memory while "
"building key list\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
/* Trim the trailing \n */
thekey[strlen(line)-1]='\0';
}
}
}
}
else
{
fprintf(console,
"gpgkeys: this keyserver type only supports key retrieval\n");
goto fail;
}
if(!thekey || !host[0])
{
fprintf(console,"gpgkeys: invalid keyserver instructions\n");
goto fail;
}
/* Send the response */
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION);
if(verbose)
{
fprintf(console,"Scheme:\t\t%s\n",scheme);
fprintf(console,"Host:\t\t%s\n",host);
if(port[0])
fprintf(console,"Port:\t\t%s\n",port);
if(path[0])
fprintf(console,"Path:\t\t%s\n",path);
fprintf(console,"Command:\tGET\n");
}
set_timeout(timeout);
ret=get_key(thekey);
fail:
free(thekey);
if(input!=stdin)
fclose(input);
if(output!=stdout)
fclose(output);
if(curl)
curl_easy_cleanup(curl);
curl_global_cleanup();
return ret;
}