[Pkg-gnupg-commit] [gnupg2] 135/159: gpg: Make --auto-key-retrieve work with dirmngr configured server.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 27 13:24:03 UTC 2016


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 09117e769a093467cb47154f36d7dda613313e33
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jan 21 11:49:27 2016 +0100

    gpg: Make --auto-key-retrieve work with dirmngr configured server.
    
    * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
    * g10/keyserver.c (keyserver_any_configured): New.
    (keyserver_put): Remove arg keyserver because this will always receive
    opt.keyserver which is anyway used when connecting dirmngr.  Do not
    check opt.keyserver.
    (keyserver_import_cert): Replace opt.keyserver by
    keyserver_any_configured.
    * g10/mainproc.c (check_sig_and_print): Ditto.
    * g10/import.c (revocation_present): Ditto.
    * g10/getkey.c (get_pubkey_byname): Ditto.
    * g10/gpgv.c (keyserver_any_configured): Add stub.
    * g10/test-stubs.c (keyserver_any_configured): Add stub.
    --
    
    The keyserver should be configured in dirmngr.conf and thus we can't
    use opt.keyserver in gpg to decide whether a keyserver has been
    configured.
    
    GnuPG-bug-id: 2147
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/call-dirmngr.c       |  8 ++++++--
 g10/getkey.c             |  4 ++--
 g10/gpgv.c               |  7 +++++++
 g10/import.c             |  6 +++---
 g10/keyserver-internal.h |  1 +
 g10/keyserver.c          | 48 ++++++++++++++++++++++++++++--------------------
 g10/mainproc.c           |  4 ++--
 g10/test-stubs.c         |  7 +++++++
 8 files changed, 56 insertions(+), 29 deletions(-)

diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 360e127..e596533 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -404,7 +404,8 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
 
   memset (&stparm, 0, sizeof stparm);
   stparm.keyword = "KEYSERVER";
-  *r_keyserver = NULL;
+  if (r_keyserver)
+    *r_keyserver = NULL;
 
   err = open_context (ctrl, &ctx);
   if (err)
@@ -420,7 +421,10 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
       goto leave;
     }
 
-  *r_keyserver = stparm.source;
+  if (r_keyserver)
+    *r_keyserver = stparm.source;
+  else
+    xfree (stparm.source);
   stparm.source = NULL;
 
  leave:
diff --git a/g10/getkey.c b/g10/getkey.c
index 9a4f81e..74fa753 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1333,9 +1333,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	         mailbox for the getname search, but it helps cut down
 	         on the problem of searching for something like "john"
 	         and getting a whole lot of keys back. */
-	      if (opt.keyserver)
+	      if (keyserver_any_configured (ctrl))
 		{
-		  mechanism = opt.keyserver->uri;
+		  mechanism = "keyserver";
 		  glo_ctrl.in_auto_key_retrieve++;
 		  rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
                                               opt.keyserver);
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 9932756..19a2ff6 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -345,6 +345,13 @@ keyserver_match (struct keyserver_spec *spec)
 }
 
 int
+keyserver_any_configured (ctrl_t ctrl)
+{
+  (void)ctrl;
+  return 0;
+}
+
+int
 keyserver_import_keyid (u32 *keyid, void *dummy)
 {
   (void)keyid;
diff --git a/g10/import.c b/g10/import.c
index 8e75aa1..369be35 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2471,9 +2471,9 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
 			  char *tempkeystr=xstrdup(keystr_from_pk(pk));
 
 			  /* No, so try and get it */
-			  if(opt.keyserver
-			     && (opt.keyserver_options.options
-				 & KEYSERVER_AUTO_KEY_RETRIEVE))
+			  if ((opt.keyserver_options.options
+                               & KEYSERVER_AUTO_KEY_RETRIEVE)
+                              && keyserver_any_configured (ctrl))
 			    {
 			      log_info(_("WARNING: key %s may be revoked:"
 					 " fetching revocation key %s\n"),
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index 676b4db..6f6f430 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -31,6 +31,7 @@ struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
 struct keyserver_spec *parse_keyserver_uri (const char *string,
                                             int require_scheme);
 struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
+int keyserver_any_configured (ctrl_t ctrl);
 int keyserver_export (ctrl_t ctrl, strlist_t users);
 int keyserver_import (ctrl_t ctrl, strlist_t users);
 int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
diff --git a/g10/keyserver.c b/g10/keyserver.c
index b0af63d..e9ccb58 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -109,8 +109,7 @@ static gpg_error_t keyserver_get (ctrl_t ctrl,
                                   KEYDB_SEARCH_DESC *desc, int ndesc,
                                   struct keyserver_spec *override_keyserver,
                                   unsigned char **r_fpr, size_t *r_fprlen);
-static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
-                                  struct keyserver_spec *keyserver);
+static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
 
 
 /* Reasonable guess.  The commonly used test key simon.josefsson.org
@@ -1005,7 +1004,7 @@ keyserver_export (ctrl_t ctrl, strlist_t users)
 
   if(sl)
     {
-      rc = keyserver_put (ctrl, sl, opt.keyserver);
+      rc = keyserver_put (ctrl, sl);
       free_strlist(sl);
     }
 
@@ -1132,6 +1131,14 @@ keyserver_import (ctrl_t ctrl, strlist_t users)
 }
 
 
+/* Return true if any keyserver has been configured. */
+int
+keyserver_any_configured (ctrl_t ctrl)
+{
+  return !gpg_dirmngr_ks_list (ctrl, NULL);
+}
+
+
 /* Import all keys that exactly match NAME */
 int
 keyserver_import_name (ctrl_t ctrl, const char *name,
@@ -1380,7 +1387,12 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
   opt.keyserver_options.import_options|=IMPORT_FAST;
 
   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
-     scheme, then enable fake v3 keyid generation. */
+     scheme, then enable fake v3 keyid generation.  Note that this
+     works only with a keyserver configured. gpg.conf
+     (i.e. opt.keyserver); however that method of configuring a
+     keyserver is deprecated and in any case it is questionable
+     whether we should keep on supporting these ancient and broken
+     keyservers.  */
   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
 	 ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
@@ -1775,21 +1787,21 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
 }
 
 
-/* Send all keys specified by KEYSPECS to the KEYSERVERS.  */
+/* Send all keys specified by KEYSPECS to the configured keyserver.  */
 static gpg_error_t
-keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
-               struct keyserver_spec *keyserver)
+keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
 
 {
   gpg_error_t err;
   strlist_t kspec;
+  char *ksurl;
 
   if (!keyspecs)
     return 0;  /* Return success if the list is empty.  */
 
-  if (!opt.keyserver)
+  if (gpg_dirmngr_ks_list (ctrl, &ksurl))
     {
-      log_error (_("no keyserver known (use option --keyserver)\n"));
+      log_error (_("no keyserver known\n"));
       return gpg_error (GPG_ERR_NO_KEYSERVER);
     }
 
@@ -1807,14 +1819,9 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
         log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
       else
         {
-          if (keyserver->host)
-            log_info (_("sending key %s to %s server %s\n"),
-                      keystr (keyblock->pkt->pkt.public_key->keyid),
-                      keyserver->scheme, keyserver->host);
-          else
-            log_info (_("sending key %s to %s\n"),
-                      keystr (keyblock->pkt->pkt.public_key->keyid),
-                      keyserver->uri);
+          log_info (_("sending key %s to %s\n"),
+                    keystr (keyblock->pkt->pkt.public_key->keyid),
+                    ksurl?ksurl:"[?]");
 
           err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
           release_kbnode (keyblock);
@@ -1827,6 +1834,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
         }
     }
 
+  xfree (ksurl);
 
   return err;
 
@@ -1940,15 +1948,15 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
 	      free_keyserver_spec(spec);
 	    }
 	}
-      else if(opt.keyserver)
+      else if (keyserver_any_configured (ctrl))
 	{
 	  /* If only a fingerprint is provided, try and fetch it from
-	     our --keyserver */
+	     the configured keyserver. */
 
 	  err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
 	}
       else
-	log_info(_("no keyserver known (use option --keyserver)\n"));
+	log_info(_("no keyserver known\n"));
 
       /* Give a better string here? "CERT fingerprint for \"%s\"
 	 found, but no keyserver" " known (use option
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 8688325..5e6b40b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1803,8 +1803,8 @@ check_sig_and_print (CTX c, kbnode_t node)
        no information from the DNS PKA, this is a third try. */
 
   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
-      && opt.keyserver
-      && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE))
+      && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
+      && keyserver_any_configured (c->ctrl))
     {
       int res;
 
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index a1988f0..74b6bf7 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -157,6 +157,13 @@ keyserver_match (struct keyserver_spec *spec)
 }
 
 int
+keyserver_any_configured (ctrl_t ctrl)
+{
+  (void)ctrl;
+  return 0;
+}
+
+int
 keyserver_import_keyid (u32 *keyid, void *dummy)
 {
   (void)keyid;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git



More information about the Pkg-gnupg-commit mailing list