wkd: Restrict gpg-wks-client --mirror to the given domains.

* tools/gpg-wks-client.c (domain_matches_mbox): New. (mirror_one_key): Skip non-matching domains. (command_mirror): Change args to allow for several domains. -- Although dirmngr returns only the keys matching a certain domain, those keys still may have user ids from other domains. Now we publish only the user-ids as specified on the command line. GnuPG-bug-id: T6224
author: Werner Koch <[email protected]> 2022-10-07 13:59:53 +0000
committer: Werner Koch <[email protected]> 2022-10-07 13:59:53 +0000
commit: 0a151548b623813d48516a4629b7c3884875a384 (patch)
tree: 2c110cdde98c2e2caf2430bbbafdc28379d88e1c /tools/gpg-wks-client.c
parent: wkd: Silence gpg-wks-client diagnostics from gpg. (diff)
download: gnupg-0a151548b623813d48516a4629b7c3884875a384.tar.gz
gnupg-0a151548b623813d48516a4629b7c3884875a384.zip
1 files changed, 62 insertions, 16 deletions
diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index 25b14738d..c9e6e5a50 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -158,7 +158,7 @@ static gpg_error_t read_confirmation_request (estream_t msg);
 static gpg_error_t command_receive_cb (void *opaque,
                                        const char *mediatype, estream_t fp,
                                        unsigned int flags);
-static gpg_error_t command_mirror (const char *domain);
+static gpg_error_t command_mirror (char *domain[]);
 
 
 
@@ -408,10 +408,8 @@ main (int argc, char **argv)
     case aMirror:
       if (!argc)
         err = command_mirror (NULL);
-      else if (argc == 1)
-        err = command_mirror (*argv);
       else
-        wrong_args ("--mirror [DOMAIN]");
+        err = command_mirror (argv);
       break;
 
     case aInstallKey:
@@ -1642,6 +1640,30 @@ struct
 } mirror_one_key_parm;
 
 
+/* Return true if the Given a mail DOMAIN and the full addrspec MBOX
+ * match.  */
+static int
+domain_matches_mbox (const char *domain, const char *mbox)
+{
+  const char *s;
+
+  if (!domain || !mbox)
+    return 0;
+  s = strchr (domain, '@');
+  if (s)
+    domain = s+1;
+  if (!*domain)
+    return 0; /* Not a valid domain.  */
+
+  s = strchr (mbox, '@');
+  if (!s || !s[1])
+    return 0; /* Not a valid mbox.  */
+  mbox = s+1;
+
+  return !ascii_strcasecmp (domain, mbox);
+}
+
+
 /* Core of mirror_one_key with the goal of mirroring just one uid.
  * UIDLIST is used to figure out whether the given MBOX occurs several
  * times in UIDLIST and then to single out the newwest one.  This is
@@ -1725,6 +1747,7 @@ mirror_one_key (estream_t key)
   char *fpr;
   uidinfo_list_t uidlist = NULL;
   uidinfo_list_t uid;
+  const char *domain = mirror_one_key_parm.domain;
 
   /* List the key to get all user ids.  */
   err = wks_list_key (key, &fpr, &uidlist);
@@ -1740,6 +1763,9 @@ mirror_one_key (estream_t key)
     {
       if (!uid->mbox || (uid->flags & 1))
         continue; /* No mail box or already processed.  */
+      if (!domain_matches_mbox (domain, uid->mbox))
+        continue; /* We don't want this one.  */
+
       err = mirror_one_keys_userid (key, uid->mbox, uidlist, fpr);
       if (err)
         {
@@ -1761,23 +1787,45 @@ mirror_one_key (estream_t key)
 
 
 /* Copy the keys from the configured LDAP server into a local WKD.
- * DOMAIN is a domain name to restrict the copy to only this domain;
- * if it is NULL all keys are mirrored.  */
+ * DOMAINLIST is an array of domain names to restrict the copy to only
+ * the given domains; if it is NULL all keys are mirrored.  */
 static gpg_error_t
-command_mirror (const char *domain)
+command_mirror (char *domainlist[])
 {
   gpg_error_t err;
+  const char *domain;
+  char *domainbuf = NULL;
 
-  if (domain)
-    {
-      /* Fixme: Do some sanity checks on the domain.  */
-    }
-  mirror_one_key_parm.domain = domain;
   mirror_one_key_parm.anyerror = 0;
   mirror_one_key_parm.nkeys = 0;
   mirror_one_key_parm.nuids = 0;
 
-  err = wkd_dirmngr_ks_get (domain, mirror_one_key);
+  if (!domainlist)
+    {
+      mirror_one_key_parm.domain = "";
+      err = wkd_dirmngr_ks_get (NULL, mirror_one_key);
+    }
+  else
+    {
+      while ((domain = *domainlist++))
+        {
+          if (*domain != '.' && domain[1] != '@')
+            {
+              /* This does not already specify a mail search by
+               * domain.  Change it.  */
+              xfree (domainbuf);
+              domainbuf = xstrconcat (".@", domain, NULL);
+              domain = domainbuf;
+            }
+          mirror_one_key_parm.domain = domain;
+          if (opt.verbose)
+            log_info ("mirroring keys for domain '%s'\n", domain+2);
+          err = wkd_dirmngr_ks_get (domain, mirror_one_key);
+          if (err)
+            break;
+        }
+    }
+
   if (!opt.quiet)
     log_info ("a total of %u user ids from %d keys published\n",
               mirror_one_key_parm.nuids, mirror_one_key_parm.nkeys);
@@ -1787,8 +1835,6 @@ command_mirror (const char *domain)
   else if (mirror_one_key_parm.anyerror)
     log_info ("warning: errors encountered - not all keys are mirrored\n");
 
-
-
-
+  xfree (domainbuf);
   return err;
 }
author	Werner Koch <[email protected]>	2022-10-07 13:59:53 +0000
committer	Werner Koch <[email protected]>	2022-10-07 13:59:53 +0000
commit	0a151548b623813d48516a4629b7c3884875a384 (patch)
tree	2c110cdde98c2e2caf2430bbbafdc28379d88e1c /tools/gpg-wks-client.c
parent	wkd: Silence gpg-wks-client diagnostics from gpg. (diff)
download	gnupg-0a151548b623813d48516a4629b7c3884875a384.tar.gz gnupg-0a151548b623813d48516a4629b7c3884875a384.zip