diff options
| author | David Shaw <[email protected]> | 2005-03-17 16:42:41 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2005-03-17 16:42:41 +0000 |
| commit | efa0dd21a2b2c47314485064a20f810cd9a24edb (patch) | |
| tree | 595ca9c2d8a60a3bb0f629a1cc6e4b77f7e4c4b4 | |
| parent | * configure.ac: Move the LDAP detecting code to m4/ldap.m4. (diff) | |
| download | gnupg-efa0dd21a2b2c47314485064a20f810cd9a24edb.tar.gz gnupg-efa0dd21a2b2c47314485064a20f810cd9a24edb.zip | |
* gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using
parse_ks_options and remove a lot of common code.
* ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default
debug with no arguments to 1.
Diffstat (limited to '')
| -rw-r--r-- | keyserver/ChangeLog | 8 | ||||
| -rw-r--r-- | keyserver/gpgkeys_curl.c | 198 | ||||
| -rw-r--r-- | keyserver/gpgkeys_finger.c | 114 | ||||
| -rw-r--r-- | keyserver/gpgkeys_ldap.c | 370 | ||||
| -rw-r--r-- | keyserver/ksutil.c | 12 | ||||
| -rw-r--r-- | keyserver/ksutil.h | 1 |
6 files changed, 239 insertions, 464 deletions
diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index 2b032ac78..e95067c8d 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,3 +1,11 @@ +2005-03-17 David Shaw <[email protected]> + + * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using + parse_ks_options and remove a lot of common code. + + * ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default + debug with no arguments to 1. + 2005-03-16 David Shaw <[email protected]> * gpgkeys_ldap.c: Include lber.h if configure determines we need diff --git a/keyserver/gpgkeys_curl.c b/keyserver/gpgkeys_curl.c index c2d51f2ee..bccfeaf26 100644 --- a/keyserver/gpgkeys_curl.c +++ b/keyserver/gpgkeys_curl.c @@ -38,16 +38,10 @@ extern char *optarg; extern int optind; -static int verbose=0; -static char scheme[MAX_SCHEME+1]; -static char auth[MAX_AUTH+1]; -static char host[MAX_HOST+1]; -static char port[MAX_PORT+1]; -static char path[URLMAX_PATH+1]; static char proxy[MAX_PROXY+1]; -static FILE *input, *output, *console; +static FILE *input,*output,*console; static CURL *curl; -static char request[MAX_URL]; +static struct ks_options *opt; static int curl_err_to_gpg_err(CURLcode error) @@ -115,14 +109,18 @@ get_key(char *getkey) { CURLcode res; char errorbuffer[CURL_ERROR_SIZE]; + char request[MAX_URL]; if(strncmp(getkey,"0x",2)==0) getkey+=2; fprintf(output,"KEY 0x%s BEGIN\n",getkey); - sprintf(request,"%s://%s%s%s%s%s%s%s",scheme,auth[0]?auth:"",auth[0]?"@":"", - host,port[0]?":":"",port[0]?port:"",path[0]?"":"/",path); + sprintf(request,"%s://%s%s%s%s%s%s",opt->scheme, + opt->auth?opt->auth:"", + opt->auth?"@":"",opt->host, + opt->port?":":"",opt->port?opt->port:"", + opt->path?opt->path:"/"); curl_easy_setopt(curl,CURLOPT_URL,request); curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,writer); @@ -132,7 +130,7 @@ get_key(char *getkey) res=curl_easy_perform(curl); if(res!=0) { - fprintf(console,"gpgkeys: %s fetch error %d: %s\n",scheme, + fprintf(console,"gpgkeys: %s fetch error %d: %s\n",opt->scheme, res,errorbuffer); fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res)); } @@ -153,12 +151,10 @@ show_help (FILE *fp) int main(int argc,char *argv[]) { - int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR; + int arg,ret=KEYSERVER_INTERNAL_ERROR; char line[MAX_LINE]; char *thekey=NULL; - unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT; - long follow_redirects=5,debug=0,check_cert=1; - char *ca_cert_file=NULL; + long follow_redirects=5; console=stderr; @@ -215,71 +211,28 @@ main(int argc,char *argv[]) if(output==NULL) output=stdout; + opt=init_ks_options(); + if(!opt) + return KEYSERVER_NO_MEMORY; + /* Get the command and info block */ while(fgets(line,MAX_LINE,input)!=NULL) { - int version; - char command[MAX_COMMAND+1]; + int err; char option[MAX_OPTION+1]; - char hash; if(line[0]=='\n') break; - if(sscanf(line,"%c",&hash)==1 && hash=='#') - continue; - - if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1) - { - command[MAX_COMMAND]='\0'; - - if(strcasecmp(command,"get")==0) - action=GET; - - continue; - } - - if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1) - { - scheme[MAX_SCHEME]='\0'; - continue; - } - - if(sscanf(line,"AUTH %" MKSTRING(MAX_AUTH) "s\n",auth)==1) - { - auth[MAX_AUTH]='\0'; - continue; - } - - if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1) + err=parse_ks_options(line,opt); + if(err>0) { - host[MAX_HOST]='\0'; - continue; - } - - if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",port)==1) - { - port[MAX_PORT]='\0'; - continue; - } - - if(sscanf(line,"PATH %" MKSTRING(URLMAX_PATH) "s\n",path)==1) - { - path[URLMAX_PATH]='\0'; - continue; - } - - if(sscanf(line,"VERSION %d\n",&version)==1) - { - if(version!=KEYSERVER_PROTO_VERSION) - { - ret=KEYSERVER_VERSION_ERROR; - goto fail; - } - - continue; + ret=err; + goto fail; } + else if(err==0) + continue; if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1) { @@ -294,14 +247,7 @@ main(int argc,char *argv[]) start=&option[3]; } - if(strcasecmp(start,"verbose")==0) - { - if(no) - verbose--; - else - verbose++; - } - else if(strncasecmp(start,"http-proxy",10)==0) + if(strncasecmp(start,"http-proxy",10)==0) { if(no) proxy[0]='\0'; @@ -311,15 +257,6 @@ main(int argc,char *argv[]) proxy[MAX_PROXY]='\0'; } } - else if(strncasecmp(start,"timeout",7)==0) - { - if(no) - timeout=0; - else if(start[7]=='=') - timeout=atoi(&start[8]); - else if(start[7]=='\0') - timeout=DEFAULT_KEYSERVER_TIMEOUT; - } else if(strncasecmp(start,"follow-redirects",16)==0) { if(no) @@ -329,75 +266,46 @@ main(int argc,char *argv[]) else if(start[16]=='\0') follow_redirects=-1; } - else if(strncasecmp(start,"debug",5)==0) - { - if(no) - debug=0; - else if(start[5]=='=') - debug=atoi(&start[6]); - else if(start[5]=='\0') - debug=1; - } - else if(strcasecmp(start,"check-cert")==0) - { - if(no) - check_cert=0; - else - check_cert=1; - } - else if(strncasecmp(start,"ca-cert-file",12)==0) - { - if(no) - { - free(ca_cert_file); - ca_cert_file=NULL; - } - else if(start[12]=='=') - { - free(ca_cert_file); - ca_cert_file=strdup(&start[13]); - if(!ca_cert_file) - { - fprintf(console,"gpgkeys: out of memory while creating " - "ca_cert_file\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - } - } continue; } } - if(scheme[0]=='\0') + if(!opt->scheme) { fprintf(console,"gpgkeys: no scheme supplied!\n"); - return KEYSERVER_SCHEME_NOT_FOUND; + ret=KEYSERVER_SCHEME_NOT_FOUND; + goto fail; } #ifdef HTTP_VIA_LIBCURL - else if(strcasecmp(scheme,"http")==0) + else if(strcasecmp(opt->scheme,"http")==0) ; #endif /* HTTP_VIA_LIBCURL */ #ifdef HTTPS_VIA_LIBCURL - else if(strcasecmp(scheme,"https")==0) + else if(strcasecmp(opt->scheme,"https")==0) ; #endif /* HTTP_VIA_LIBCURL */ #ifdef FTP_VIA_LIBCURL - else if(strcasecmp(scheme,"ftp")==0) + else if(strcasecmp(opt->scheme,"ftp")==0) ; #endif /* FTP_VIA_LIBCURL */ #ifdef FTPS_VIA_LIBCURL - else if(strcasecmp(scheme,"ftps")==0) + else if(strcasecmp(opt->scheme,"ftps")==0) ; #endif /* FTPS_VIA_LIBCURL */ else { - fprintf(console,"gpgkeys: scheme `%s' not supported\n",scheme); + fprintf(console,"gpgkeys: scheme `%s' not supported\n",opt->scheme); return KEYSERVER_SCHEME_NOT_FOUND; } - if(timeout && register_timeout()==-1) + if(!opt->host) + { + fprintf(console,"gpgkeys: no keyserver host provided\n"); + goto fail; + } + + if(opt->timeout && register_timeout()==-1) { fprintf(console,"gpgkeys: unable to register timeout handler\n"); return KEYSERVER_INTERNAL_ERROR; @@ -419,16 +327,14 @@ main(int argc,char *argv[]) curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects); } - if(debug) + if(opt->debug) { curl_easy_setopt(curl,CURLOPT_STDERR,console); curl_easy_setopt(curl,CURLOPT_VERBOSE,1); } - curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert); - - if(ca_cert_file) - curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file); + curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert); + curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file); if(proxy[0]) curl_easy_setopt(curl,CURLOPT_PROXY,proxy); @@ -436,7 +342,7 @@ main(int argc,char *argv[]) /* If it's a GET or a SEARCH, the next thing to come in is the keyids. If it's a SEND, then there are no keyids. */ - if(action==GET) + if(opt->action==KS_GET) { /* Eat the rest of the file */ for(;;) @@ -472,7 +378,7 @@ main(int argc,char *argv[]) goto fail; } - if(!thekey || !host[0]) + if(!thekey) { fprintf(console,"gpgkeys: invalid keyserver instructions\n"); goto fail; @@ -483,18 +389,18 @@ main(int argc,char *argv[]) fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); fprintf(output,"PROGRAM %s\n\n",VERSION); - if(verbose) + if(opt->verbose) { - fprintf(console,"Scheme:\t\t%s\n",scheme); - fprintf(console,"Host:\t\t%s\n",host); - if(port[0]) - fprintf(console,"Port:\t\t%s\n",port); - if(path[0]) - fprintf(console,"Path:\t\t%s\n",path); + fprintf(console,"Scheme:\t\t%s\n",opt->scheme); + fprintf(console,"Host:\t\t%s\n",opt->host); + if(opt->port) + fprintf(console,"Port:\t\t%s\n",opt->port); + if(opt->path) + fprintf(console,"Path:\t\t%s\n",opt->path); fprintf(console,"Command:\tGET\n"); } - set_timeout(timeout); + set_timeout(opt->timeout); ret=get_key(thekey); @@ -508,6 +414,8 @@ main(int argc,char *argv[]) if(output!=stdout) fclose(output); + free_ks_options(opt); + if(curl) curl_easy_cleanup(curl); diff --git a/keyserver/gpgkeys_finger.c b/keyserver/gpgkeys_finger.c index 0ced124c1..dab88a727 100644 --- a/keyserver/gpgkeys_finger.c +++ b/keyserver/gpgkeys_finger.c @@ -55,9 +55,8 @@ extern char *optarg; extern int optind; -static int verbose=0; -static char path[MAX_OPAQUE+1]; -static FILE *input, *output, *console; +static FILE *input,*output,*console; +static struct ks_options *opt; #ifdef _WIN32 static void @@ -300,7 +299,7 @@ get_key (char *getkey) indicated the requested key anyway. */ fprintf(output,"KEY 0x%s BEGIN\n",getkey); - rc = send_request (path, &sock); + rc=send_request(opt->opaque,&sock); if(rc) { fprintf(output,"KEY 0x%s FAILED %d\n",getkey, rc); @@ -362,10 +361,9 @@ show_help (FILE *fp) int main(int argc,char *argv[]) { - int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR; + int arg,ret=KEYSERVER_INTERNAL_ERROR; char line[MAX_LINE]; char *thekey=NULL; - unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT; console=stderr; @@ -422,91 +420,38 @@ main(int argc,char *argv[]) if(output==NULL) output=stdout; + opt=init_ks_options(); + if(!opt) + return KEYSERVER_NO_MEMORY; + /* Get the command and info block */ while(fgets(line,MAX_LINE,input)!=NULL) { - int version; - char command[MAX_COMMAND+1]; - char option[MAX_OPTION+1]; - char hash; + int err; if(line[0]=='\n') break; - if(sscanf(line,"%c",&hash)==1 && hash=='#') - continue; - - if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1) + err=parse_ks_options(line,opt); + if(err>0) { - command[MAX_COMMAND]='\0'; - - if(strcasecmp(command,"get")==0) - action=GET; - - continue; - } - - if(strncmp(line,"HOST ",5)==0) - { - fprintf(console,"gpgkeys: finger://relay/user syntax is not" - " supported. Use finger:user instead.\n"); - ret=KEYSERVER_NOT_SUPPORTED; + ret=err; goto fail; } + else if(err==0) + continue; + } - if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",path)==1) - { - path[MAX_OPAQUE]='\0'; - continue; - } - - if(sscanf(line,"VERSION %d\n",&version)==1) - { - if(version!=KEYSERVER_PROTO_VERSION) - { - ret=KEYSERVER_VERSION_ERROR; - goto fail; - } - - continue; - } - - if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1) - { - int no=0; - char *start=&option[0]; - - option[MAX_OPTION]='\0'; - - if(strncasecmp(option,"no-",3)==0) - { - no=1; - start=&option[3]; - } - - if(strcasecmp(start,"verbose")==0) - { - if(no) - verbose--; - else - verbose++; - } - else if(strncasecmp(start,"timeout",7)==0) - { - if(no) - timeout=0; - else if(start[7]=='=') - timeout=atoi(&start[8]); - else if(start[7]=='\0') - timeout=DEFAULT_KEYSERVER_TIMEOUT; - } - - continue; - } + if(opt->host) + { + fprintf(console,"gpgkeys: finger://relay/user syntax is not" + " supported. Use finger:user instead.\n"); + ret=KEYSERVER_NOT_SUPPORTED; + goto fail; } - if(timeout && register_timeout()==-1) + if(opt->timeout && register_timeout()==-1) { fprintf(console,"gpgkeys: unable to register timeout handler\n"); return KEYSERVER_INTERNAL_ERROR; @@ -515,7 +460,7 @@ main(int argc,char *argv[]) /* If it's a GET or a SEARCH, the next thing to come in is the keyids. If it's a SEND, then there are no keyids. */ - if(action==GET) + if(opt->action==KS_GET) { /* Eat the rest of the file */ for(;;) @@ -551,7 +496,7 @@ main(int argc,char *argv[]) goto fail; } - if(!thekey || !*path) + if(!thekey || !opt->opaque) { fprintf(console,"gpgkeys: invalid keyserver instructions\n"); goto fail; @@ -562,16 +507,15 @@ main(int argc,char *argv[]) fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); fprintf(output,"PROGRAM %s\n\n",VERSION); - if (verbose>1) + if(opt->verbose>1) { - if(path[0]) - fprintf(console,"Path:\t\t%s\n",path); + fprintf(console,"User:\t\t%s\n",opt->opaque); fprintf(console,"Command:\tGET\n"); } - set_timeout(timeout); + set_timeout(opt->timeout); - ret = get_key(thekey); + ret=get_key(thekey); fail: @@ -583,5 +527,7 @@ main(int argc,char *argv[]) if(output!=stdout) fclose(output); + free_ks_options(opt); + return ret; } diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c index d0f57b167..df144967a 100644 --- a/keyserver/gpgkeys_ldap.c +++ b/keyserver/gpgkeys_ldap.c @@ -50,14 +50,12 @@ extern char *optarg; extern int optind; -static int verbose=0,include_disabled=0,include_revoked=0,include_subkeys=0; static int real_ldap=0; static char *basekeyspacedn=NULL; -static char host[MAX_HOST+1]={'\0'}; -static char portstr[MAX_PORT+1]={'\0'}; static char *pgpkeystr="pgpKey"; static FILE *input=NULL,*output=NULL,*console=NULL; static LDAP *ldap=NULL; +static struct ks_options *opt; #ifndef HAVE_TIMEGM time_t timegm(struct tm *tm); @@ -1007,7 +1005,7 @@ get_key(char *getkey) /* fingerprint. Take the last 16 characters and treat it like a long key id */ - if(include_subkeys) + if(opt->flags.include_subkeys) sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))", offset,offset); else @@ -1017,7 +1015,7 @@ get_key(char *getkey) { /* long key id */ - if(include_subkeys) + if(opt->flags.include_subkeys) sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))", getkey,getkey); else @@ -1030,10 +1028,10 @@ get_key(char *getkey) sprintf(search,"(pgpkeyid=%.8s)",getkey); } - if(verbose>2) + if(opt->verbose>2) fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search); - if(!verbose) + if(!opt->verbose) attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */ err=ldap_search_s(ldap,basekeyspacedn, @@ -1163,13 +1161,13 @@ search_key(char *searchkey) /* Build the search string */ sprintf(search,"%s(pgpuserid=*%s*)%s%s%s", - (!(include_disabled&&include_revoked))?"(&":"", + (!(opt->flags.include_disabled&&opt->flags.include_revoked))?"(&":"", searchkey, - include_disabled?"":"(pgpdisabled=0)", - include_revoked?"":"(pgprevoked=0)", - !(include_disabled&&include_revoked)?")":""); + opt->flags.include_disabled?"":"(pgpdisabled=0)", + opt->flags.include_revoked?"":"(pgprevoked=0)", + !(opt->flags.include_disabled&&opt->flags.include_revoked)?")":""); - if(verbose>2) + if(opt->verbose>2) fprintf(console,"gpgkeys: LDAP search for: %s\n",search); err=ldap_search_s(ldap,basekeyspacedn, @@ -1374,12 +1372,12 @@ search_key(char *searchkey) } static void -fail_all(struct keylist *keylist,int action,int err) +fail_all(struct keylist *keylist,int err) { if(!keylist) return; - if(action==SEARCH) + if(opt->action==KS_SEARCH) { fprintf(output,"SEARCH "); while(keylist) @@ -1452,7 +1450,7 @@ find_basekeyspacedn(void) ldap_value_free(vals); } - if(verbose>1) + if(opt->verbose>1) { vals=ldap_get_values(ldap,si_res,"pgpSoftware"); if(vals) @@ -1503,7 +1501,7 @@ find_basekeyspacedn(void) ldap_value_free(vals); } - if(verbose>1) + if(opt->verbose>1) { vals=ldap_get_values(ldap,si_res,"software"); if(vals) @@ -1516,7 +1514,7 @@ find_basekeyspacedn(void) vals=ldap_get_values(ldap,si_res,"version"); if(vals) { - if(verbose>1) + if(opt->verbose>1) fprintf(console,"Version:\t%s\n",vals[0]); /* If the version is high enough, use the new pgpKeyV2 @@ -1547,12 +1545,10 @@ show_help (FILE *fp) int main(int argc,char *argv[]) { - int debug=0,port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR; + int port=0,arg,err,ret=KEYSERVER_INTERNAL_ERROR; char line[MAX_LINE]; - int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1; + int failed=0,use_ssl=0,use_tls=0,bound=0; struct keylist *keylist=NULL,*keyptr=NULL; - unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT; - char *ca_cert_file=NULL; console=stderr; @@ -1592,7 +1588,6 @@ main(int argc,char *argv[]) break; } - if(argc>optind) { input=fopen(argv[optind],"r"); @@ -1610,69 +1605,27 @@ main(int argc,char *argv[]) if(output==NULL) output=stdout; + opt=init_ks_options(); + if(!opt) + return KEYSERVER_NO_MEMORY; + /* Get the command and info block */ while(fgets(line,MAX_LINE,input)!=NULL) { - char command[MAX_COMMAND+1]; char optionstr[MAX_OPTION+1]; - char scheme[MAX_SCHEME+1]; - char hash; if(line[0]=='\n') break; - if(sscanf(line,"%c",&hash)==1 && hash=='#') - continue; - - if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1) - { - command[MAX_COMMAND]='\0'; - - if(strcasecmp(command,"get")==0) - action=GET; - else if(strcasecmp(command,"send")==0) - action=SEND; - else if(strcasecmp(command,"search")==0) - action=SEARCH; - - continue; - } - - if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1) - { - host[MAX_HOST]='\0'; - continue; - } - - if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",portstr)==1) - { - portstr[MAX_PORT]='\0'; - port=atoi(portstr); - continue; - } - - if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1) + err=parse_ks_options(line,opt); + if(err>0) { - scheme[MAX_SCHEME]='\0'; - if(strcasecmp(scheme,"ldaps")==0) - { - port=636; - use_ssl=1; - } - continue; - } - - if(sscanf(line,"VERSION %d\n",&version)==1) - { - if(version!=KEYSERVER_PROTO_VERSION) - { - ret=KEYSERVER_VERSION_ERROR; - goto fail; - } - - continue; + ret=err; + goto fail; } + else if(err==0) + continue; if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",optionstr)==1) { @@ -1687,35 +1640,7 @@ main(int argc,char *argv[]) start=&optionstr[3]; } - if(strcasecmp(start,"verbose")==0) - { - if(no) - verbose--; - else - verbose++; - } - else if(strcasecmp(start,"include-disabled")==0) - { - if(no) - include_disabled=0; - else - include_disabled=1; - } - else if(strcasecmp(start,"include-revoked")==0) - { - if(no) - include_revoked=0; - else - include_revoked=1; - } - else if(strcasecmp(start,"include-subkeys")==0) - { - if(no) - include_subkeys=0; - else - include_subkeys=1; - } - else if(strncasecmp(start,"tls",3)==0) + if(strncasecmp(start,"tls",3)==0) { if(no) use_tls=0; @@ -1735,20 +1660,6 @@ main(int argc,char *argv[]) else if(start[3]=='\0') use_tls=1; } - else if(strcasecmp(start,"check-cert")==0) - { - if(no) - check_cert=0; - else - check_cert=1; - } - else if(strncasecmp(start,"debug",5)==0) - { - if(no) - debug=0; - else if(start[5]=='=') - debug=atoi(&start[6]); - } else if(strncasecmp(start,"basedn",6)==0) { if(no) @@ -1771,50 +1682,43 @@ main(int argc,char *argv[]) real_ldap=1; } } - else if(strncasecmp(start,"timeout",7)==0) - { - if(no) - timeout=0; - else if(start[7]=='=') - timeout=atoi(&start[8]); - else if(start[7]=='\0') - timeout=DEFAULT_KEYSERVER_TIMEOUT; - } - else if(strncasecmp(start,"ca-cert-file",12)==0) - { - if(no) - { - free(ca_cert_file); - ca_cert_file=NULL; - } - else if(start[12]=='=') - { - free(ca_cert_file); - ca_cert_file=strdup(&start[13]); - if(!ca_cert_file) - { - fprintf(console,"gpgkeys: out of memory while creating " - "ca_cert_file\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - } - } continue; } } - if(timeout && register_timeout()==-1) + if(!opt->scheme) + { + fprintf(console,"gpgkeys: no scheme supplied!\n"); + ret=KEYSERVER_SCHEME_NOT_FOUND; + goto fail; + } + + if(strcasecmp(opt->scheme,"ldaps")==0) + { + port=636; + use_ssl=1; + } + + if(opt->port) + port=atoi(opt->port); + + if(!opt->host) + { + fprintf(console,"gpgkeys: no keyserver host provided\n"); + goto fail; + } + + if(opt->timeout && register_timeout()==-1) { fprintf(console,"gpgkeys: unable to register timeout handler\n"); return KEYSERVER_INTERNAL_ERROR; } #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE) - if(ca_cert_file) + if(opt->ca_cert_file) { - err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file); + err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,opt->ca_cert_file); if(err!=LDAP_SUCCESS) { fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n", @@ -1832,9 +1736,9 @@ main(int argc,char *argv[]) /* If it's a GET or a SEARCH, the next thing to come in is the keyids. If it's a SEND, then there are no keyids. */ - if(action==SEND) + if(opt->action==KS_SEND) while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n'); - else if(action==GET || action==SEARCH) + else if(opt->action==KS_GET || opt->action==KS_SEARCH) { for(;;) { @@ -1885,24 +1789,23 @@ main(int argc,char *argv[]) fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); fprintf(output,"PROGRAM %s\n\n",VERSION); - if(verbose>1) + if(opt->verbose>1) { - fprintf(console,"Host:\t\t%s\n",host); + fprintf(console,"Host:\t\t%s\n",opt->host); if(port) fprintf(console,"Port:\t\t%d\n",port); - fprintf(console,"Command:\t%s\n",action==GET?"GET": - action==SEND?"SEND":"SEARCH"); + fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action)); } - if(debug) + if(opt->debug) { #if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION) - err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&debug); + err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&opt->debug); if(err!=LDAP_SUCCESS) fprintf(console,"gpgkeys: unable to set debug mode: %s\n", ldap_err2string(err)); else - fprintf(console,"gpgkeys: debug level %d\n",debug); + fprintf(console,"gpgkeys: debug level %d\n",opt->debug); #else fprintf(console,"gpgkeys: not built with debugging support\n"); #endif @@ -1910,16 +1813,16 @@ main(int argc,char *argv[]) /* We have a timeout set for the setup stuff since it could time out as well. */ - set_timeout(timeout); + set_timeout(opt->timeout); /* Note that this tries all A records on a given host (or at least, OpenLDAP does). */ - ldap=ldap_init(host,port); + ldap=ldap_init(opt->host,port); if(ldap==NULL) { fprintf(console,"gpgkeys: internal LDAP init error: %s\n", strerror(errno)); - fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); + fail_all(keylist,KEYSERVER_INTERNAL_ERROR); goto fail; } @@ -1933,11 +1836,11 @@ main(int argc,char *argv[]) { fprintf(console,"gpgkeys: unable to make SSL connection: %s\n", ldap_err2string(err)); - fail_all(keylist,action,ldap_err_to_gpg_err(err)); + fail_all(keylist,ldap_err_to_gpg_err(err)); goto fail; } - if(!check_cert) + if(!opt->flags.check_cert) ssl=LDAP_OPT_X_TLS_NEVER; err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl); @@ -1946,7 +1849,7 @@ main(int argc,char *argv[]) fprintf(console, "gpgkeys: unable to set certificate validation: %s\n", ldap_err2string(err)); - fail_all(keylist,action,ldap_err_to_gpg_err(err)); + fail_all(keylist,ldap_err_to_gpg_err(err)); goto fail; } #else @@ -1962,7 +1865,7 @@ main(int argc,char *argv[]) { fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n", err?ldap_err2string(err):"not found"); - fail_all(keylist,action,ldap_err_to_gpg_err(err)); + fail_all(keylist,ldap_err_to_gpg_err(err)); goto fail; } @@ -1977,7 +1880,7 @@ main(int argc,char *argv[]) "not supported by the NAI LDAP keyserver"); if(use_tls==3) { - fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); + fail_all(keylist,KEYSERVER_INTERNAL_ERROR); goto fail; } } @@ -1989,7 +1892,7 @@ main(int argc,char *argv[]) err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver); if(err==LDAP_SUCCESS) { - if(check_cert) + if(opt->flags.check_cert) ver=LDAP_OPT_X_TLS_HARD; else ver=LDAP_OPT_X_TLS_NEVER; @@ -2001,17 +1904,17 @@ main(int argc,char *argv[]) if(err!=LDAP_SUCCESS) { - if(use_tls>=2 || verbose>2) + if(use_tls>=2 || opt->verbose>2) fprintf(console,"gpgkeys: unable to start TLS: %s\n", ldap_err2string(err)); /* Are we forcing it? */ if(use_tls==3) { - fail_all(keylist,action,ldap_err_to_gpg_err(err)); + fail_all(keylist,ldap_err_to_gpg_err(err)); goto fail; } } - else if(err==LDAP_SUCCESS && verbose>1) + else if(err==LDAP_SUCCESS && opt->verbose>1) fprintf(console,"gpgkeys: TLS started successfully.\n"); #else if(use_tls>=2) @@ -2045,94 +1948,89 @@ main(int argc,char *argv[]) bound=1; #endif - switch(action) + if(opt->action==KS_GET) { - case GET: keyptr=keylist; while(keyptr!=NULL) { - set_timeout(timeout); + set_timeout(opt->timeout); if(get_key(keyptr->str)!=KEYSERVER_OK) failed++; keyptr=keyptr->next; } - break; - - case SEND: - { - int eof=0; - - do - { - set_timeout(timeout); - - if(real_ldap) - { - if(send_key(&eof)!=KEYSERVER_OK) - failed++; - } - else - { - if(send_key_keyserver(&eof)!=KEYSERVER_OK) - failed++; - } - } - while(!eof); - } - break; + } + else if(opt->action==KS_SEND) + { + int eof=0; - case SEARCH: - { - char *searchkey=NULL; - int len=0; + do + { + set_timeout(opt->timeout); - set_timeout(timeout); + if(real_ldap) + { + if(send_key(&eof)!=KEYSERVER_OK) + failed++; + } + else + { + if(send_key_keyserver(&eof)!=KEYSERVER_OK) + failed++; + } + } + while(!eof); + } + else if(opt->action==KS_SEARCH) + { + char *searchkey=NULL; + int len=0; - /* To search, we stick a * in between each key to search for. - This means that if the user enters words, they'll get - "enters*words". If the user "enters words", they'll get - "enters words" */ + set_timeout(opt->timeout); - keyptr=keylist; - while(keyptr!=NULL) - { - len+=strlen(keyptr->str)+1; - keyptr=keyptr->next; - } + /* To search, we stick a * in between each key to search for. + This means that if the user enters words, they'll get + "enters*words". If the user "enters words", they'll get + "enters words" */ - searchkey=malloc(len+1); - if(searchkey==NULL) - { - ret=KEYSERVER_NO_MEMORY; - fail_all(keylist,action,KEYSERVER_NO_MEMORY); - goto fail; - } + keyptr=keylist; + while(keyptr!=NULL) + { + len+=strlen(keyptr->str)+1; + keyptr=keyptr->next; + } - searchkey[0]='\0'; + searchkey=malloc(len+1); + if(searchkey==NULL) + { + ret=KEYSERVER_NO_MEMORY; + fail_all(keylist,KEYSERVER_NO_MEMORY); + goto fail; + } - keyptr=keylist; - while(keyptr!=NULL) - { - strcat(searchkey,keyptr->str); - strcat(searchkey,"*"); - keyptr=keyptr->next; - } + searchkey[0]='\0'; - /* Nail that last "*" */ - if(*searchkey) - searchkey[strlen(searchkey)-1]='\0'; + keyptr=keylist; + while(keyptr!=NULL) + { + strcat(searchkey,keyptr->str); + strcat(searchkey,"*"); + keyptr=keyptr->next; + } - if(search_key(searchkey)!=KEYSERVER_OK) - failed++; + /* Nail that last "*" */ + if(*searchkey) + searchkey[strlen(searchkey)-1]='\0'; - free(searchkey); - } + if(search_key(searchkey)!=KEYSERVER_OK) + failed++; - break; + free(searchkey); } + else + BUG(); if(!failed) ret=KEYSERVER_OK; @@ -2152,6 +2050,8 @@ main(int argc,char *argv[]) if(output!=stdout) fclose(output); + free_ks_options(opt); + if(ldap!=NULL && bound) ldap_unbind_s(ldap); diff --git a/keyserver/ksutil.c b/keyserver/ksutil.c index 223f52e8b..c0dc5f66d 100644 --- a/keyserver/ksutil.c +++ b/keyserver/ksutil.c @@ -110,6 +110,7 @@ parse_ks_options(char *line,struct ks_options *opt) char scheme[MAX_SCHEME+1]; char auth[MAX_AUTH+1]; char path[URLMAX_PATH+1]; + char opaque[MAX_OPAQUE+1]; char option[MAX_OPTION+1]; if(line[0]=='#') @@ -174,6 +175,15 @@ parse_ks_options(char *line,struct ks_options *opt) return 0; } + if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",opaque)==1) + { + opaque[MAX_OPAQUE]='\0'; + opt->opaque=strdup(opaque); + if(!opt->opaque) + return KEYSERVER_NO_MEMORY; + return 0; + } + if(sscanf(line,"VERSION %d\n",&version)==1) { if(version!=KEYSERVER_PROTO_VERSION) @@ -236,6 +246,8 @@ parse_ks_options(char *line,struct ks_options *opt) opt->debug=0; else if(start[5]=='=') opt->debug=atoi(&start[6]); + else if(start[5]=='\0') + opt->debug=1; } else if(strncasecmp(start,"timeout",7)==0) { diff --git a/keyserver/ksutil.h b/keyserver/ksutil.h index 3ed7b9683..400dc1789 100644 --- a/keyserver/ksutil.h +++ b/keyserver/ksutil.h @@ -69,6 +69,7 @@ struct ks_options char *scheme; char *auth; char *path; + char *opaque; struct { unsigned int include_disabled:1; |