gpg: Improve WKD by importing only the requested UID.

* g10/keyserver.c: Include mbox-util.h. (keyserver_import_wkd): Do not use the global import options but employ an import filter. -- We also make sure that an mbox has been passed to keyserver_import_wkd so it may also be called with a complete user id (which is currently not the case). Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2016-09-28 13:35:31 +0000
committer: Werner Koch <[email protected]> 2016-09-28 13:35:31 +0000
commit: cbf2ac66692daa7a324108724698d60d6c7e473f (patch)
tree: c2df2783111b05e04784fe35249a8abcc9acdb28 /g10/keyserver.c
parent: gpg: Reject import if an import filter removed all user ids. (diff)
download: gnupg-cbf2ac66692daa7a324108724698d60d6c7e473f.tar.gz
gnupg-cbf2ac66692daa7a324108724698d60d6c7e473f.zip
1 files changed, 32 insertions, 5 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 2e2d6a4bb..4239469f0 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -41,6 +41,7 @@
 #include "keyserver-internal.h"
 #include "util.h"
 #include "membuf.h"
+#include "mbox-util.h"
 #include "call-dirmngr.h"
 
 #ifdef HAVE_W32_SYSTEM
@@ -2011,29 +2012,55 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name,
                       unsigned char **fpr, size_t *fpr_len)
 {
   gpg_error_t err;
+  char *mbox;
   estream_t key;
 
-  err = gpg_dirmngr_wkd_get (ctrl, name, &key);
+  /* We want to work on the mbox.  That is what dirmngr will do anyway
+   * and we need the mbox for the import filter anyway.  */
+  mbox = mailbox_from_userid (name);
+  if (!mbox)
+    {
+      err = gpg_error_from_syserror ();
+      if (gpg_err_code (err) == GPG_ERR_EINVAL)
+        err = gpg_error (GPG_ERR_INV_USER_ID);
+      return err;
+    }
+
+  err = gpg_dirmngr_wkd_get (ctrl, mbox, &key);
   if (err)
     ;
   else if (key)
     {
       int armor_status = opt.no_armor;
+      import_filter_t save_filt;
 
       /* Keys returned via WKD are in binary format. */
       opt.no_armor = 1;
+      save_filt = save_and_clear_import_filter ();
+      if (!save_filt)
+        err = gpg_error_from_syserror ();
+      else
+        {
+          char *filtstr = es_bsprintf ("keep-uid=mbox = %s", mbox);
+          err = filtstr? 0 : gpg_error_from_syserror ();
+          if (!err)
+            err = parse_and_set_import_filter (filtstr);
+          xfree (filtstr);
+          if (!err)
+            err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+                                         IMPORT_NO_SECKEY,
+                                         NULL, NULL);
 
-      err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
-                                   (opt.keyserver_options.import_options
-                                    | IMPORT_NO_SECKEY),
-                                   NULL, NULL);
+        }
 
+      restore_import_filter (save_filt);
       opt.no_armor = armor_status;
 
       es_fclose (key);
       key = NULL;
     }
 
+  xfree (mbox);
   return err;
 }
author	Werner Koch <[email protected]>	2016-09-28 13:35:31 +0000
committer	Werner Koch <[email protected]>	2016-09-28 13:35:31 +0000
commit	cbf2ac66692daa7a324108724698d60d6c7e473f (patch)
tree	c2df2783111b05e04784fe35249a8abcc9acdb28 /g10/keyserver.c
parent	gpg: Reject import if an import filter removed all user ids. (diff)
download	gnupg-cbf2ac66692daa7a324108724698d60d6c7e473f.tar.gz gnupg-cbf2ac66692daa7a324108724698d60d6c7e473f.zip