[Pkg-gnupg-commit] [gnupg2] 122/160: wks: Let the server take the encrytion key from the file.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jul 15 09:36:42 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch upstream
in repository gnupg2.
commit e5896da666551da5322b2ae5458d429b9e60241e
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jul 6 15:50:57 2016 +0200
wks: Let the server take the encrytion key from the file.
* tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
'keyfile'.
(store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
(send_confirmation_request): Add arg 'keyfile'.
(process_new_key): Pass on the name of the keyfile.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
tools/gpg-wks-server.c | 42 +++++++++++++++++++++++++++---------------
1 file changed, 27 insertions(+), 15 deletions(-)
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index 305b454..e46eafa 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -500,9 +500,9 @@ encrypt_stream_status_cb (void *opaque, const char *keyword, char *args)
/* Encrypt the INPUT stream to a new stream which is stored at success
- * at R_OUTPUT. Encryption is done for the key with FINGERPRINT. */
+ * at R_OUTPUT. Encryption is done for the key in file KEYFIL. */
static gpg_error_t
-encrypt_stream (estream_t *r_output, estream_t input, const char *fingerprint)
+encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile)
{
gpg_error_t err;
ccparray_t ccp;
@@ -529,9 +529,10 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *fingerprint)
ccparray_put (&ccp, "--batch");
ccparray_put (&ccp, "--status-fd=2");
ccparray_put (&ccp, "--always-trust");
+ ccparray_put (&ccp, "--no-keyring");
ccparray_put (&ccp, "--armor");
- ccparray_put (&ccp, "--recipient");
- ccparray_put (&ccp, fingerprint);
+ ccparray_put (&ccp, "--recipient-file");
+ ccparray_put (&ccp, keyfile);
ccparray_put (&ccp, "--encrypt");
ccparray_put (&ccp, "--");
@@ -631,9 +632,11 @@ get_submission_address (const char *mbox)
/* We store the key under the name of the nonce we will then send to
- * the user. On success the nonce is stored at R_NONCE. */
+ * the user. On success the nonce is stored at R_NONCE and the file
+ * name at R_FNAME. */
static gpg_error_t
-store_key_as_pending (const char *dir, estream_t key, char **r_nonce)
+store_key_as_pending (const char *dir, estream_t key,
+ char **r_nonce, char **r_fname)
{
gpg_error_t err;
char *dname = NULL;
@@ -644,6 +647,7 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce)
size_t nbytes, nwritten;
*r_nonce = NULL;
+ *r_fname = NULL;
dname = make_filename_try (dir, "pending", NULL);
if (!dname)
@@ -728,11 +732,15 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce)
}
if (!err)
- *r_nonce = nonce;
+ {
+ *r_nonce = nonce;
+ *r_fname = fname;
+ }
else
- xfree (nonce);
-
- xfree (fname);
+ {
+ xfree (nonce);
+ xfree (fname);
+ }
xfree (dname);
return err;
}
@@ -740,10 +748,11 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce)
/* Send a confirmation rewqyest. DIR is the directory used for the
* address MBOX. NONCE is the nonce we want to see in the response to
- * this mail. */
+ * this mail. FNAME the name of the file with the key. */
static gpg_error_t
send_confirmation_request (server_ctx_t ctx,
- const char *mbox, const char *nonce)
+ const char *mbox, const char *nonce,
+ const char *keyfile)
{
gpg_error_t err;
estream_t body = NULL;
@@ -791,7 +800,7 @@ send_confirmation_request (server_ctx_t ctx,
nonce);
es_rewind (body);
- err = encrypt_stream (&bodyenc, body, ctx->fpr);
+ err = encrypt_stream (&bodyenc, body, keyfile);
if (err)
goto leave;
es_fclose (body);
@@ -863,6 +872,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
const char *s;
char *dname = NULL;
char *nonce = NULL;
+ char *fname = NULL;
/* First figure out the user id from the key. */
err = list_key (ctx, key);
@@ -902,11 +912,12 @@ process_new_key (server_ctx_t ctx, estream_t key)
log_info ("storing address '%s'\n", sl->d);
xfree (nonce);
- err = store_key_as_pending (dname, key, &nonce);
+ xfree (fname);
+ err = store_key_as_pending (dname, key, &nonce, &fname);
if (err)
goto leave;
- err = send_confirmation_request (ctx, sl->d, nonce);
+ err = send_confirmation_request (ctx, sl->d, nonce, fname);
if (err)
goto leave;
}
@@ -915,6 +926,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
if (nonce)
wipememory (nonce, strlen (nonce));
xfree (nonce);
+ xfree (fname);
xfree (dname);
return err;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list