aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr/server.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* common: Add separate header for zb32.c.Werner Koch2015-10-301-0/+1
| | | | | | | * common/util.h (zb32_encode): Move prototype to ... * common/zb32.h: new. Include this for all callers of zb32_encode. Signed-off-by: Werner Koch <[email protected]>
* Change capitalization of TOR to Tor.Werner Koch2015-10-211-4/+4
| | | | --
* dirmngr: Rename file dns-cert.c.Werner Koch2015-10-211-1/+1
| | | | | | | | | | * dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c. * dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change includers. * dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c. * dirmngr/Makefile.am: Adjust. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Prefer ADNS over system resolver.Werner Koch2015-10-201-1/+2
| | | | | | | | | * configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define. (USE_DNS_CERT): Prefer ADNS over the system resolver. * dirmngr/dns-cert.c (tor_mode): New global var. (enable_dns_tormode): New func. (get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode. * dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.
* dirmngr: Addlow fetching keys using OpenPGP DANEWerner Koch2015-10-061-17/+54
| | | | | | | | | | | | | | * dirmngr/server.c (cmd_dns_cert): Add option --dane. -- This implements draft-ietf-dane-openpgpkey-05.txt To test this use $ gpg-connect-agent --dirmngr > /hex > dns_cert --dane [email protected] Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.Werner Koch2015-10-061-8/+7
| | | | | | | * dirmngr/server.c (cmd_killdirmngr): Set assuan close flag. (cmd_reloaddirmngr): Use check_owner_permission. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add option --keyserver.Werner Koch2015-10-051-24/+91
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (oKeyServer): New. (opts): Add "keyserver". (parse_rereadable_options): Parse that options (main): Add option to the gpgconf list. * dirmngr/dirmngr.h (opt): Add field "keyserver". * dirmngr/server.c (ensure_keyserver): New. (make_keyserver_item): New. Factored out from (cmd_keyserver): here. Call ensure_keyserver. (cmd_ks_search): Call ensure_keyserver. (cmd_ks_get): Ditto. (cmd_ks_fetch): Ditto. (cmd_ks_put): Ditto. -- This option specifies the keyserver to be used if the client does not set another keyserver. We want to fade out the use of --keyserver in gpg.conf in favor of specifying it here. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add option --use-tor as a stub.Werner Koch2015-09-181-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (opt): Add field "use_tor". * dirmngr/dirmngr.c (oUseTor): New. (opts): Add --use-tor. (parse_rereadable_options): Set option. (main): Tell gpgconf about that option. * dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and return an error if LDAP is used in TOR mode. (ca_cert_fetch): Return an error in TOR mode. (start_cert_fetch): Ditto. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the http module. * dirmngr/ks-engine-hkp.c (send_request): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the http module. * dirmngr/server.c (option_handler): Add "honor-keyserver-url-used". (cmd_dns_cert): Return an error in TOR mode. (cmd_getinfo): Add subcommand "tor" * tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group. -- More work is required to actually make --use-tor useful. For now it returns an error for almost all network access but as soon as we have added the TOR feature to the http module some parts will start to work. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Allow sending much larger keyblocks.Werner Koch2015-09-091-4/+9
| | | | | | | * dirmngr/server.c (MAX_CERT_LENGTH): Increase to 16k. (MAX_KEYBLOCK_LENGTH): Increase to 20M. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Allow sending of Zack's key.Werner Koch2015-08-231-2/+3
| | | | | | * dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB. Signed-off-by: Werner Koch <[email protected]>
* common: Remove two JNLIB_ macros (jnlib merge).Werner Koch2015-04-241-1/+0
| | | | | | | | | | * configure.ac: Merge seperate jnlib checks. (HAVE_JNLIB_LOGGING): Remove. * common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL): Rename to GNUPG_COMMON_NEED_AFLOCAL. Change all tests. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Move all DNS access to Dirmngr.Werner Koch2015-04-231-13/+176
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/dns-cert.h: Move to ../dirmngr/. * common/dns-cert.c: Move to ../dirmngr/. Change args to return the key as a buffer. * common/t-dns-cert.c: Move to ../dirmngr/. * common/pka.c, common/pka.h, common/t-pka.c: Remove. * dirmngr/server.c (data_line_cookie_write): Factor code out to data_line_write and make it a wrapper for that. (data_line_write): New. (cmd_dns_cert): New. (register_commands): Register new command. * g10/Makefile.am (LDADD): Remove DNSLIBS. * g10/call-dirmngr.c (dns_cert_parm_s): New. (dns_cert_data_cb, dns_cert_status_cb): New. (gpg_dirmngr_dns_cert): New. (gpg_dirmngr_get_pka): New. * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function. * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by gpg_dirmngr_dns_cert. (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka. * g10/mainproc.c: Include call-dirmngr.h. (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by gpg_dirmngr_get_pka. -- With this patch gpg does not do any network access itself but uses dirmngr for that. Note that we need to keep linking to NETLIBS due to the logging code and because we need TCP for our socket emulation under Windows. Probably also required for Solaris etc. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add http proxy support for keyservers.Werner Koch2015-04-211-3/+14
| | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (server_control_s): Add field http_proxy. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value from OPT. (dirmngr_deinit_default_ctrl): New. (main): Call dirmngr_deinit_default_ctrl. * dirmngr/server.c (start_command_handler): Ditto. (option_handler): Add option "http-proxy". * dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL. * dirmngr/ocsp.c (do_ocsp_request): Ditto. * dirmngr/ks-engine-hkp.c (send_request): Add proxy support. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: If LDAP is not enable, don't build the LDAP bits.Neal H. Walfield2015-04-131-2/+8
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/Makefile.am (dirmngr_SOURCES): Only include ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP is TRUE. (module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE. * dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is TRUE. (ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not TRUE. (ks_action_search): Likewise. (ks_action_get): Likewise. (ks_action_put): Likewise. * dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is TRUE. (cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not TRUE. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 1949
* dirmngr: Better encapsulate the keyservers variable.Neal H. Walfield2015-03-311-15/+21
| | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct server_control_s): Move field keyservers from here... * dirmngr/server.c (struct server_local_s): ... to here. Update users. * dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers. (ks_action_search): Likewise. (ks_action_get): Likewise. (ks_action_put): Likewise. * dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers. Use it instead of ctrl->keyservers. (ks_action_search): Likewise. (ks_action_get): Likewise. (ks_action_put): Likewise. -- Signed-off-by: Neal H. Walfield <[email protected]>
* Improve spelling and grammar of some comments.Neal H. Walfield2015-03-231-4/+4
| | | | | -- Signed-off-by: Neal H. Walfield <[email protected]>
* Add support to talking to LDAP key servers.Neal H. Walfield2015-03-231-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/call-dirmngr.c (record_output): New function. (ks_put_inq_cb): Use it here to generate a --with-colons like output instead of a custom format. * dirmngr/ks-action.c: Include "ldap-parse-uri.h". (ks_action_help): If the provided URI is an LDAP URI, then use ldap_parse_uri to parse. Call ks_ldap_help. (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. (ks_action_get): Likewise. (ks_action_put): Likewise. Also, change data from a 'const void *' to a 'void *' and add info and infolen parameters. Add note that function may modify DATA. * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. * dirmngr/server.c: Include "ldap-parse-uri.h". (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using ldap_parse_uri. (hlp_ks_put): Improve documentation. (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve documentation. * dirmngr/ks-engine.h (ks_ldap_help): New declaration. (ks_ldap_search): Likewise. (ks_ldap_get): Likewise. (ks_ldap_put): Likewise. * dirmngr/ks-engine-ldap.c: New file. * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h. (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). -- Signed-off-by: Neal H. Walfield <[email protected]>
* dirmngr: Fix memory leak.Werner Koch2014-12-221-2/+2
| | | | | | | | | | * dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak. * dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check. -- Reported-by: Joshua Rogers <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Allow building without LDAP support.Werner Koch2014-10-171-3/+20
| | | | | | | | | | | | * configure.ac: Add option --disable-ldap. (USE_LDAP): New ac_define and am_conditional. * dirmngr/Makefile.am: Take care of USE_LDAP. * dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options and do not call any ldap function. * dirmngr/server.c (!USE_LDAP): Do not call any ldap function. * dirmngr/crlfetch.c (!USE_LDAP): Ditto. Signed-off-by: Werner Koch <[email protected]>
* http: Allow overriding of the Host header.Werner Koch2014-05-161-1/+1
| | | | | | | | | | | | | * common/http.c (http_open): Add arg httphost. (http_open_document): Pass NULL for httphost. (send_request): Add arg httphost. If given, use HTTPHOST instead of SERVER. Use https with a proxy if requested. (http_verify_server_credentials): Do not stop at the first error message. * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. * keyserver/curl-shim.c (curl_easy_perform): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
* gpg: Make --auto-key-locate work again with keyservers.Werner Koch2014-03-171-1/+2
| | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode. * g10/keyserver.c (keyserver_import_name): Implement. (keyserver_get): Use exact mode for name based import. (keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers.
* dirmngr: Default to a user socket name and enable autostart.Werner Koch2014-03-141-1/+4
| | | | | | | | | | | | | | | * common/homedir.c (dirmngr_socket_name): Rename to dirmngr_sys_socket_name. (dirmngr_user_socket_name): New. * common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr socket. * dirmngr/dirmngr.c (main): Ditto. * dirmngr/server.c (cmd_getinfo): Ditto. * sm/server.c (gpgsm_server): Ditto. * dirmngr/dirmngr-client.c (start_dirmngr): Likewise. * tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs. * configure.ac (USE_DIRMNGR_AUTO_START): Set by default.
* Comment typo fixesWerner Koch2014-03-121-1/+1
| | | | --
* dirmngr: Add command option to mark hosts as dead or alive.Werner Koch2014-03-111-19/+76
| | | | | | | | | | | | * dirmngr/server.c (cmd_killdirmngr): Factor some code out to ... (check_owner_permission): here. (cmd_keyserver): Add options --dead and --alive. * dirmngr/ks-engine-hkp.c (host_in_pool_p): New. (ks_hkp_mark_host): New. -- Also removed the warning that the widnows part has not yet been done. AFAICS, the current mingw supports the all used socket functions.
* dirmngr: Make Assuan output of keyblocks easier readableWerner Koch2014-03-111-4/+34
| | | | | * dirmngr/server.c (data_line_cookie_write): Print shorter data lines in verbose mode.
* dirmngr: Fix HKP host selection code.Werner Koch2014-03-111-13/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_keyserver): Add option --resolve and change --print-hosttable to --hosttable. * dirmngr/ks-action.c (ks_printf_help): New. (ks_action_resolve): New. * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection. (ks_hkp_print_hosttable): Print to assuan stream. (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric IP addr if it can't be resolved. (make_host_part): Add arg FORCE_SELECT; change callers to pass false. (ks_hkp_resolve): New. -- The new options for the keyserver command are useful for debugging. For example: $ tools/gpg-connect-agent -S /usr/local/var/run/gnupg/S.dirmngr \ 'keyserver hkp://keys.gnupg.net' \ 'keyserver http://http-keys.gnupg.net' \ 'keyserver --resolve --hosttable' /bye yields: OK OK S # http://astrath.net:80 S # http://2001:41d0:1:e673::1:11371 S # hosttable (idx, ipv4, ipv6, dead, name): S # 0 http-keys.gnupg.net S # . --> 10 11 12 1 5 8 7 4* 2 9 6 3 S # 1 4 37.250.168.245.bredband.tre.se S # 2 4 6 keys.exosphere.de S # 3 4 6 poseidon.muc.drweb-av.de S # 4 4 astrath.net S # 5 4 79.143.214.216 S # 6 4 openpgp.andrew.kvalhe.im S # 7 4 app.aaiedu.hr S # 8 4 6 alita.karotte.org S # 9 4 6 keyserver.bau5net.com S # 10 4 194.94.127.122 S # 11 6 2001:4d88:1ffc:477::7 S # 12 6 2a00:1280:8000:2:1:8:0:1 S # 13 keys.gnupg.net S # . --> 23 28* 30 17 22 8 7 27 25 14 21 20 19 29 [...] S # 14 4 hufu.ki.iif.hu S # 15 4 pks.ms.mff.cuni.cz S # 16 4 pgpkeys.co.uk S # 17 4 80-239-156-219.customer.teliacarrier.com S # 18 4 srv01.secure-u.de S # 19 4 mallos.xs4all.nl S # 20 4 kronecker.scientia.net S # 21 4 keyserver.ut.mephi.ru S # 22 4 89-68-150-88.dynamic.chello.pl S # 23 6 2001:1608:21:6:84:200:66:125 S # 24 6 sks.es.net S # 25 6 gstueve-1-pt.tunnel.tserv13.ash1.ipv6.he.net S # 26 6 sks.mrball.net S # 27 6 gozer.rediris.es S # 28 6 2001:41d0:1:e673::1 S # 29 6 oteiza.siccegge.de S # 30 6 2403:4200:401:10::13 S # 31 6 statler.serviz.fr OK
* Change all quotes in strings and comments to the new GNU standard.Werner Koch2012-06-051-2/+2
| | | | | | | | | | | | | | | | | | | The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
* Add code for explicit selection of pooled A records.Werner Koch2011-04-121-1/+10
| | | | | | | | | | | To better cope with round robin pooled A records like keys.gnupg.net we need to keep some information on unresponsive hosts etc. What we do now is to resolve the hostnames, remember them and select a random one. If a host is dead it will be marked and a different one selected. This is intended to solve the problem of long timeouts due to unresponsive hosts. The code is not yet finished but selection works.
* Add framework to print keyserver engine informationWerner Koch2011-02-091-4/+41
|
* Add finger support to dirmngr.Werner Koch2011-02-081-0/+29
| | | | | | | | | | | | | The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:[email protected] (I might be the last user of finger ;-)
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-73/+73
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* All standard keyserver commands are now using dirmngr.Werner Koch2011-01-201-0/+71
|
* Keyserver search and get basically works again.Werner Koch2011-01-181-0/+61
|
* Initial code checking for backup - not yet working.Werner Koch2011-01-101-5/+148
|
* Fix last changeWerner Koch2010-08-121-2/+2
|
* Fix dirmngr problems on CE.Werner Koch2010-08-121-1/+79
| | | | | | Add new dirmngr commands. Minor other fixes.
* More work on the dirmngr. It now builds for W32 and W32CE and quickWerner Koch2010-08-061-35/+131
| | | | | tests show that it works on W32.
* Some work on porting dirmngr (unfinished)Werner Koch2010-07-161-1/+1
| | | | | Ported gpgtar to W32.
* Merged Dirmngr with GnuPG.Werner Koch2010-06-091-0/+1539
A few code changes to support dirmngr.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 01:40:38 +0000