From d30e17ac62dea8913b7f353971d546b6b1a09bd5 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 23 Feb 2017 20:10:59 +0100
Subject: wks: Make sure that the draft 2 request is correctly detected.

* tools/gpg-wks.h (WKS_DRAFT_VERSION): New.
* tools/wks-receive.c (new_part): Move test wks draft version to ...
(t2body): new callback.
(wks_receive): Register this callback.
* tools/gpg-wks-server.c (send_confirmation_request): Emit draft
version header.
(send_congratulation_message): Ditto.
* tools/gpg-wks-client.c (decrypt_stream_parm_s): New.
(decrypt_stream_status_cb): Check DECRYTPION_KEY status.
(decrypt_stream): Get infor from new callback.
(process_confirmation_request): New arg 'mainfpr'.  Check that it
matches the decryption key.
(read_confirmation_request): Check that the decryption key has been
generated by us.
(command_send): Use macro from draft version header.
(send_confirmation_response): Emit draft version header.
--

This patch also adds a check to only send a confirmation when the
decryption has been done by an ultimately trusted (self-generated)
key.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 tools/wks-receive.c | 49 +++++++++++++++++++++++++++++++++----------------
 1 file changed, 33 insertions(+), 16 deletions(-)

(limited to 'tools/wks-receive.c')

diff --git a/tools/wks-receive.c b/tools/wks-receive.c
index 12ec08935..94f8bc6a9 100644
--- a/tools/wks-receive.c
+++ b/tools/wks-receive.c
@@ -255,6 +255,38 @@ collect_signature (void *cookie, const char *data)
 }
 
 
+/* The callback for the transition from header to body.  We use it to
+ * look at some header values.  */
+static gpg_error_t
+t2body (void *cookie, int level)
+{
+  receive_ctx_t ctx = cookie;
+  rfc822parse_t msg;
+  char *value;
+  size_t valueoff;
+
+  log_info ("t2body for level %d\n", level);
+  if (!level)
+    {
+      /* This is the outermost header.  */
+      msg = mime_parser_rfc822parser (ctx->parser);
+      if (msg)
+        {
+          value = rfc822parse_get_field (msg, "Wks-Draft-Version",
+                                         -1, &valueoff);
+          if (value)
+            {
+              if (atoi(value+valueoff) >= 2 )
+                ctx->draft_version_2 = 1;
+              free (value);
+            }
+        }
+    }
+
+  return 0;
+}
+
+
 static gpg_error_t
 new_part (void *cookie, const char *mediatype, const char *mediasubtype)
 {
@@ -275,22 +307,6 @@ new_part (void *cookie, const char *mediatype, const char *mediasubtype)
         }
       else
         {
-          rfc822parse_t msg = mime_parser_rfc822parser (ctx->parser);
-          if (msg)
-            {
-              char *value;
-              size_t valueoff;
-
-              value = rfc822parse_get_field (msg, "Wks-Draft-Version",
-                                             -1, &valueoff);
-              if (value)
-                {
-                  if (atoi(value+valueoff) >= 2 )
-                    ctx->draft_version_2 = 1;
-                  free (value);
-                }
-            }
-
           ctx->key_data = es_fopenmem (0, "w+b");
           if (!ctx->key_data)
             {
@@ -413,6 +429,7 @@ wks_receive (estream_t fp,
     goto leave;
   if (DBG_PARSER)
     mime_parser_set_verbose (parser, 1);
+  mime_parser_set_t2body (parser, t2body);
   mime_parser_set_new_part (parser, new_part);
   mime_parser_set_part_data (parser, part_data);
   mime_parser_set_collect_encrypted (parser, collect_encrypted);
-- 
cgit v1.2.3