[Pkg-gnupg-commit] [gnupg2] 135/159: gpg: Make --auto-key-retrieve work with dirmngr configured server.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 27 13:24:03 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 09117e769a093467cb47154f36d7dda613313e33
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 21 11:49:27 2016 +0100
gpg: Make --auto-key-retrieve work with dirmngr configured server.
* g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
* g10/keyserver.c (keyserver_any_configured): New.
(keyserver_put): Remove arg keyserver because this will always receive
opt.keyserver which is anyway used when connecting dirmngr. Do not
check opt.keyserver.
(keyserver_import_cert): Replace opt.keyserver by
keyserver_any_configured.
* g10/mainproc.c (check_sig_and_print): Ditto.
* g10/import.c (revocation_present): Ditto.
* g10/getkey.c (get_pubkey_byname): Ditto.
* g10/gpgv.c (keyserver_any_configured): Add stub.
* g10/test-stubs.c (keyserver_any_configured): Add stub.
--
The keyserver should be configured in dirmngr.conf and thus we can't
use opt.keyserver in gpg to decide whether a keyserver has been
configured.
GnuPG-bug-id: 2147
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/call-dirmngr.c | 8 ++++++--
g10/getkey.c | 4 ++--
g10/gpgv.c | 7 +++++++
g10/import.c | 6 +++---
g10/keyserver-internal.h | 1 +
g10/keyserver.c | 48 ++++++++++++++++++++++++++++--------------------
g10/mainproc.c | 4 ++--
g10/test-stubs.c | 7 +++++++
8 files changed, 56 insertions(+), 29 deletions(-)
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 360e127..e596533 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -404,7 +404,8 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
memset (&stparm, 0, sizeof stparm);
stparm.keyword = "KEYSERVER";
- *r_keyserver = NULL;
+ if (r_keyserver)
+ *r_keyserver = NULL;
err = open_context (ctrl, &ctx);
if (err)
@@ -420,7 +421,10 @@ gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
goto leave;
}
- *r_keyserver = stparm.source;
+ if (r_keyserver)
+ *r_keyserver = stparm.source;
+ else
+ xfree (stparm.source);
stparm.source = NULL;
leave:
diff --git a/g10/getkey.c b/g10/getkey.c
index 9a4f81e..74fa753 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1333,9 +1333,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
mailbox for the getname search, but it helps cut down
on the problem of searching for something like "john"
and getting a whole lot of keys back. */
- if (opt.keyserver)
+ if (keyserver_any_configured (ctrl))
{
- mechanism = opt.keyserver->uri;
+ mechanism = "keyserver";
glo_ctrl.in_auto_key_retrieve++;
rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
opt.keyserver);
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 9932756..19a2ff6 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -345,6 +345,13 @@ keyserver_match (struct keyserver_spec *spec)
}
int
+keyserver_any_configured (ctrl_t ctrl)
+{
+ (void)ctrl;
+ return 0;
+}
+
+int
keyserver_import_keyid (u32 *keyid, void *dummy)
{
(void)keyid;
diff --git a/g10/import.c b/g10/import.c
index 8e75aa1..369be35 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2471,9 +2471,9 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
char *tempkeystr=xstrdup(keystr_from_pk(pk));
/* No, so try and get it */
- if(opt.keyserver
- && (opt.keyserver_options.options
- & KEYSERVER_AUTO_KEY_RETRIEVE))
+ if ((opt.keyserver_options.options
+ & KEYSERVER_AUTO_KEY_RETRIEVE)
+ && keyserver_any_configured (ctrl))
{
log_info(_("WARNING: key %s may be revoked:"
" fetching revocation key %s\n"),
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index 676b4db..6f6f430 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -31,6 +31,7 @@ struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
struct keyserver_spec *parse_keyserver_uri (const char *string,
int require_scheme);
struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
+int keyserver_any_configured (ctrl_t ctrl);
int keyserver_export (ctrl_t ctrl, strlist_t users);
int keyserver_import (ctrl_t ctrl, strlist_t users);
int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
diff --git a/g10/keyserver.c b/g10/keyserver.c
index b0af63d..e9ccb58 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -109,8 +109,7 @@ static gpg_error_t keyserver_get (ctrl_t ctrl,
KEYDB_SEARCH_DESC *desc, int ndesc,
struct keyserver_spec *override_keyserver,
unsigned char **r_fpr, size_t *r_fprlen);
-static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
- struct keyserver_spec *keyserver);
+static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
/* Reasonable guess. The commonly used test key simon.josefsson.org
@@ -1005,7 +1004,7 @@ keyserver_export (ctrl_t ctrl, strlist_t users)
if(sl)
{
- rc = keyserver_put (ctrl, sl, opt.keyserver);
+ rc = keyserver_put (ctrl, sl);
free_strlist(sl);
}
@@ -1132,6 +1131,14 @@ keyserver_import (ctrl_t ctrl, strlist_t users)
}
+/* Return true if any keyserver has been configured. */
+int
+keyserver_any_configured (ctrl_t ctrl)
+{
+ return !gpg_dirmngr_ks_list (ctrl, NULL);
+}
+
+
/* Import all keys that exactly match NAME */
int
keyserver_import_name (ctrl_t ctrl, const char *name,
@@ -1380,7 +1387,12 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
opt.keyserver_options.import_options|=IMPORT_FAST;
/* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
- scheme, then enable fake v3 keyid generation. */
+ scheme, then enable fake v3 keyid generation. Note that this
+ works only with a keyserver configured. gpg.conf
+ (i.e. opt.keyserver); however that method of configuring a
+ keyserver is deprecated and in any case it is questionable
+ whether we should keep on supporting these ancient and broken
+ keyservers. */
if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
&& (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
@@ -1775,21 +1787,21 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
}
-/* Send all keys specified by KEYSPECS to the KEYSERVERS. */
+/* Send all keys specified by KEYSPECS to the configured keyserver. */
static gpg_error_t
-keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
- struct keyserver_spec *keyserver)
+keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
{
gpg_error_t err;
strlist_t kspec;
+ char *ksurl;
if (!keyspecs)
return 0; /* Return success if the list is empty. */
- if (!opt.keyserver)
+ if (gpg_dirmngr_ks_list (ctrl, &ksurl))
{
- log_error (_("no keyserver known (use option --keyserver)\n"));
+ log_error (_("no keyserver known\n"));
return gpg_error (GPG_ERR_NO_KEYSERVER);
}
@@ -1807,14 +1819,9 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
else
{
- if (keyserver->host)
- log_info (_("sending key %s to %s server %s\n"),
- keystr (keyblock->pkt->pkt.public_key->keyid),
- keyserver->scheme, keyserver->host);
- else
- log_info (_("sending key %s to %s\n"),
- keystr (keyblock->pkt->pkt.public_key->keyid),
- keyserver->uri);
+ log_info (_("sending key %s to %s\n"),
+ keystr (keyblock->pkt->pkt.public_key->keyid),
+ ksurl?ksurl:"[?]");
err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
release_kbnode (keyblock);
@@ -1827,6 +1834,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
}
}
+ xfree (ksurl);
return err;
@@ -1940,15 +1948,15 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
free_keyserver_spec(spec);
}
}
- else if(opt.keyserver)
+ else if (keyserver_any_configured (ctrl))
{
/* If only a fingerprint is provided, try and fetch it from
- our --keyserver */
+ the configured keyserver. */
err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
}
else
- log_info(_("no keyserver known (use option --keyserver)\n"));
+ log_info(_("no keyserver known\n"));
/* Give a better string here? "CERT fingerprint for \"%s\"
found, but no keyserver" " known (use option
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 8688325..5e6b40b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1803,8 +1803,8 @@ check_sig_and_print (CTX c, kbnode_t node)
no information from the DNS PKA, this is a third try. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
- && opt.keyserver
- && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE))
+ && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
+ && keyserver_any_configured (c->ctrl))
{
int res;
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index a1988f0..74b6bf7 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -157,6 +157,13 @@ keyserver_match (struct keyserver_spec *spec)
}
int
+keyserver_any_configured (ctrl_t ctrl)
+{
+ (void)ctrl;
+ return 0;
+}
+
+int
keyserver_import_keyid (u32 *keyid, void *dummy)
{
(void)keyid;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list