gnupg/keyserver (6 files)
cvs user dshaw
cvs at cvs.gnupg.org
Thu Mar 17 17:29:13 CET 2005
Date: Thursday, March 17, 2005 @ 17:42:41
Author: dshaw
Path: /cvs/gnupg/gnupg/keyserver
Modified: ChangeLog gpgkeys_curl.c gpgkeys_finger.c gpgkeys_ldap.c
ksutil.c ksutil.h
* gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using
parse_ks_options and remove a lot of common code.
* ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default
debug with no arguments to 1.
------------------+
ChangeLog | 8 +
gpgkeys_curl.c | 198 +++++++---------------------
gpgkeys_finger.c | 114 ++++------------
gpgkeys_ldap.c | 370 +++++++++++++++++++----------------------------------
ksutil.c | 12 +
ksutil.h | 1
6 files changed, 239 insertions(+), 464 deletions(-)
Index: gnupg/keyserver/ChangeLog
diff -u gnupg/keyserver/ChangeLog:1.116 gnupg/keyserver/ChangeLog:1.117
--- gnupg/keyserver/ChangeLog:1.116 Thu Mar 17 05:02:17 2005
+++ gnupg/keyserver/ChangeLog Thu Mar 17 17:42:41 2005
@@ -1,3 +1,11 @@
+2005-03-17 David Shaw <dshaw at jabberwocky.com>
+
+ * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using
+ parse_ks_options and remove a lot of common code.
+
+ * ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default
+ debug with no arguments to 1.
+
2005-03-16 David Shaw <dshaw at jabberwocky.com>
* gpgkeys_ldap.c: Include lber.h if configure determines we need
Index: gnupg/keyserver/gpgkeys_curl.c
diff -u gnupg/keyserver/gpgkeys_curl.c:1.14 gnupg/keyserver/gpgkeys_curl.c:1.15
--- gnupg/keyserver/gpgkeys_curl.c:1.14 Sat Feb 12 04:15:02 2005
+++ gnupg/keyserver/gpgkeys_curl.c Thu Mar 17 17:42:41 2005
@@ -38,16 +38,10 @@
extern char *optarg;
extern int optind;
-static int verbose=0;
-static char scheme[MAX_SCHEME+1];
-static char auth[MAX_AUTH+1];
-static char host[MAX_HOST+1];
-static char port[MAX_PORT+1];
-static char path[URLMAX_PATH+1];
static char proxy[MAX_PROXY+1];
-static FILE *input, *output, *console;
+static FILE *input,*output,*console;
static CURL *curl;
-static char request[MAX_URL];
+static struct ks_options *opt;
static int
curl_err_to_gpg_err(CURLcode error)
@@ -115,14 +109,18 @@
{
CURLcode res;
char errorbuffer[CURL_ERROR_SIZE];
+ char request[MAX_URL];
if(strncmp(getkey,"0x",2)==0)
getkey+=2;
fprintf(output,"KEY 0x%s BEGIN\n",getkey);
- sprintf(request,"%s://%s%s%s%s%s%s%s",scheme,auth[0]?auth:"",auth[0]?"@":"",
- host,port[0]?":":"",port[0]?port:"",path[0]?"":"/",path);
+ sprintf(request,"%s://%s%s%s%s%s%s",opt->scheme,
+ opt->auth?opt->auth:"",
+ opt->auth?"@":"",opt->host,
+ opt->port?":":"",opt->port?opt->port:"",
+ opt->path?opt->path:"/");
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,writer);
@@ -132,7 +130,7 @@
res=curl_easy_perform(curl);
if(res!=0)
{
- fprintf(console,"gpgkeys: %s fetch error %d: %s\n",scheme,
+ fprintf(console,"gpgkeys: %s fetch error %d: %s\n",opt->scheme,
res,errorbuffer);
fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
}
@@ -153,12 +151,10 @@
int
main(int argc,char *argv[])
{
- int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
+ int arg,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE];
char *thekey=NULL;
- unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
- long follow_redirects=5,debug=0,check_cert=1;
- char *ca_cert_file=NULL;
+ long follow_redirects=5;
console=stderr;
@@ -215,71 +211,28 @@
if(output==NULL)
output=stdout;
+ opt=init_ks_options();
+ if(!opt)
+ return KEYSERVER_NO_MEMORY;
+
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
- int version;
- char command[MAX_COMMAND+1];
+ int err;
char option[MAX_OPTION+1];
- char hash;
if(line[0]=='\n')
break;
- if(sscanf(line,"%c",&hash)==1 && hash=='#')
- continue;
-
- if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
- {
- command[MAX_COMMAND]='\0';
-
- if(strcasecmp(command,"get")==0)
- action=GET;
-
- continue;
- }
-
- if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
- {
- scheme[MAX_SCHEME]='\0';
- continue;
- }
-
- if(sscanf(line,"AUTH %" MKSTRING(MAX_AUTH) "s\n",auth)==1)
- {
- auth[MAX_AUTH]='\0';
- continue;
- }
-
- if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
+ err=parse_ks_options(line,opt);
+ if(err>0)
{
- host[MAX_HOST]='\0';
- continue;
- }
-
- if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",port)==1)
- {
- port[MAX_PORT]='\0';
- continue;
- }
-
- if(sscanf(line,"PATH %" MKSTRING(URLMAX_PATH) "s\n",path)==1)
- {
- path[URLMAX_PATH]='\0';
- continue;
- }
-
- if(sscanf(line,"VERSION %d\n",&version)==1)
- {
- if(version!=KEYSERVER_PROTO_VERSION)
- {
- ret=KEYSERVER_VERSION_ERROR;
- goto fail;
- }
-
- continue;
+ ret=err;
+ goto fail;
}
+ else if(err==0)
+ continue;
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
{
@@ -294,14 +247,7 @@
start=&option[3];
}
- if(strcasecmp(start,"verbose")==0)
- {
- if(no)
- verbose--;
- else
- verbose++;
- }
- else if(strncasecmp(start,"http-proxy",10)==0)
+ if(strncasecmp(start,"http-proxy",10)==0)
{
if(no)
proxy[0]='\0';
@@ -311,15 +257,6 @@
proxy[MAX_PROXY]='\0';
}
}
- else if(strncasecmp(start,"timeout",7)==0)
- {
- if(no)
- timeout=0;
- else if(start[7]=='=')
- timeout=atoi(&start[8]);
- else if(start[7]=='\0')
- timeout=DEFAULT_KEYSERVER_TIMEOUT;
- }
else if(strncasecmp(start,"follow-redirects",16)==0)
{
if(no)
@@ -329,75 +266,46 @@
else if(start[16]=='\0')
follow_redirects=-1;
}
- else if(strncasecmp(start,"debug",5)==0)
- {
- if(no)
- debug=0;
- else if(start[5]=='=')
- debug=atoi(&start[6]);
- else if(start[5]=='\0')
- debug=1;
- }
- else if(strcasecmp(start,"check-cert")==0)
- {
- if(no)
- check_cert=0;
- else
- check_cert=1;
- }
- else if(strncasecmp(start,"ca-cert-file",12)==0)
- {
- if(no)
- {
- free(ca_cert_file);
- ca_cert_file=NULL;
- }
- else if(start[12]=='=')
- {
- free(ca_cert_file);
- ca_cert_file=strdup(&start[13]);
- if(!ca_cert_file)
- {
- fprintf(console,"gpgkeys: out of memory while creating "
- "ca_cert_file\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
- }
- }
continue;
}
}
- if(scheme[0]=='\0')
+ if(!opt->scheme)
{
fprintf(console,"gpgkeys: no scheme supplied!\n");
- return KEYSERVER_SCHEME_NOT_FOUND;
+ ret=KEYSERVER_SCHEME_NOT_FOUND;
+ goto fail;
}
#ifdef HTTP_VIA_LIBCURL
- else if(strcasecmp(scheme,"http")==0)
+ else if(strcasecmp(opt->scheme,"http")==0)
;
#endif /* HTTP_VIA_LIBCURL */
#ifdef HTTPS_VIA_LIBCURL
- else if(strcasecmp(scheme,"https")==0)
+ else if(strcasecmp(opt->scheme,"https")==0)
;
#endif /* HTTP_VIA_LIBCURL */
#ifdef FTP_VIA_LIBCURL
- else if(strcasecmp(scheme,"ftp")==0)
+ else if(strcasecmp(opt->scheme,"ftp")==0)
;
#endif /* FTP_VIA_LIBCURL */
#ifdef FTPS_VIA_LIBCURL
- else if(strcasecmp(scheme,"ftps")==0)
+ else if(strcasecmp(opt->scheme,"ftps")==0)
;
#endif /* FTPS_VIA_LIBCURL */
else
{
- fprintf(console,"gpgkeys: scheme `%s' not supported\n",scheme);
+ fprintf(console,"gpgkeys: scheme `%s' not supported\n",opt->scheme);
return KEYSERVER_SCHEME_NOT_FOUND;
}
- if(timeout && register_timeout()==-1)
+ if(!opt->host)
+ {
+ fprintf(console,"gpgkeys: no keyserver host provided\n");
+ goto fail;
+ }
+
+ if(opt->timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
@@ -419,16 +327,14 @@
curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects);
}
- if(debug)
+ if(opt->debug)
{
curl_easy_setopt(curl,CURLOPT_STDERR,console);
curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
}
- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,check_cert);
-
- if(ca_cert_file)
- curl_easy_setopt(curl,CURLOPT_CAINFO,ca_cert_file);
+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
+ curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
if(proxy[0])
curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
@@ -436,7 +342,7 @@
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
- if(action==GET)
+ if(opt->action==KS_GET)
{
/* Eat the rest of the file */
for(;;)
@@ -472,7 +378,7 @@
goto fail;
}
- if(!thekey || !host[0])
+ if(!thekey)
{
fprintf(console,"gpgkeys: invalid keyserver instructions\n");
goto fail;
@@ -483,18 +389,18 @@
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION);
- if(verbose)
+ if(opt->verbose)
{
- fprintf(console,"Scheme:\t\t%s\n",scheme);
- fprintf(console,"Host:\t\t%s\n",host);
- if(port[0])
- fprintf(console,"Port:\t\t%s\n",port);
- if(path[0])
- fprintf(console,"Path:\t\t%s\n",path);
+ fprintf(console,"Scheme:\t\t%s\n",opt->scheme);
+ fprintf(console,"Host:\t\t%s\n",opt->host);
+ if(opt->port)
+ fprintf(console,"Port:\t\t%s\n",opt->port);
+ if(opt->path)
+ fprintf(console,"Path:\t\t%s\n",opt->path);
fprintf(console,"Command:\tGET\n");
}
- set_timeout(timeout);
+ set_timeout(opt->timeout);
ret=get_key(thekey);
@@ -508,6 +414,8 @@
if(output!=stdout)
fclose(output);
+ free_ks_options(opt);
+
if(curl)
curl_easy_cleanup(curl);
Index: gnupg/keyserver/gpgkeys_finger.c
diff -u gnupg/keyserver/gpgkeys_finger.c:1.13 gnupg/keyserver/gpgkeys_finger.c:1.14
--- gnupg/keyserver/gpgkeys_finger.c:1.13 Sat Feb 5 16:04:59 2005
+++ gnupg/keyserver/gpgkeys_finger.c Thu Mar 17 17:42:41 2005
@@ -55,9 +55,8 @@
extern char *optarg;
extern int optind;
-static int verbose=0;
-static char path[MAX_OPAQUE+1];
-static FILE *input, *output, *console;
+static FILE *input,*output,*console;
+static struct ks_options *opt;
#ifdef _WIN32
static void
@@ -300,7 +299,7 @@
indicated the requested key anyway. */
fprintf(output,"KEY 0x%s BEGIN\n",getkey);
- rc = send_request (path, &sock);
+ rc=send_request(opt->opaque,&sock);
if(rc)
{
fprintf(output,"KEY 0x%s FAILED %d\n",getkey, rc);
@@ -362,10 +361,9 @@
int
main(int argc,char *argv[])
{
- int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
+ int arg,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE];
char *thekey=NULL;
- unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
console=stderr;
@@ -422,91 +420,38 @@
if(output==NULL)
output=stdout;
+ opt=init_ks_options();
+ if(!opt)
+ return KEYSERVER_NO_MEMORY;
+
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
- int version;
- char command[MAX_COMMAND+1];
- char option[MAX_OPTION+1];
- char hash;
+ int err;
if(line[0]=='\n')
break;
- if(sscanf(line,"%c",&hash)==1 && hash=='#')
- continue;
-
- if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
+ err=parse_ks_options(line,opt);
+ if(err>0)
{
- command[MAX_COMMAND]='\0';
-
- if(strcasecmp(command,"get")==0)
- action=GET;
-
- continue;
- }
-
- if(strncmp(line,"HOST ",5)==0)
- {
- fprintf(console,"gpgkeys: finger://relay/user syntax is not"
- " supported. Use finger:user instead.\n");
- ret=KEYSERVER_NOT_SUPPORTED;
+ ret=err;
goto fail;
}
+ else if(err==0)
+ continue;
+ }
- if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",path)==1)
- {
- path[MAX_OPAQUE]='\0';
- continue;
- }
-
- if(sscanf(line,"VERSION %d\n",&version)==1)
- {
- if(version!=KEYSERVER_PROTO_VERSION)
- {
- ret=KEYSERVER_VERSION_ERROR;
- goto fail;
- }
-
- continue;
- }
-
- if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
- {
- int no=0;
- char *start=&option[0];
-
- option[MAX_OPTION]='\0';
-
- if(strncasecmp(option,"no-",3)==0)
- {
- no=1;
- start=&option[3];
- }
-
- if(strcasecmp(start,"verbose")==0)
- {
- if(no)
- verbose--;
- else
- verbose++;
- }
- else if(strncasecmp(start,"timeout",7)==0)
- {
- if(no)
- timeout=0;
- else if(start[7]=='=')
- timeout=atoi(&start[8]);
- else if(start[7]=='\0')
- timeout=DEFAULT_KEYSERVER_TIMEOUT;
- }
-
- continue;
- }
+ if(opt->host)
+ {
+ fprintf(console,"gpgkeys: finger://relay/user syntax is not"
+ " supported. Use finger:user instead.\n");
+ ret=KEYSERVER_NOT_SUPPORTED;
+ goto fail;
}
- if(timeout && register_timeout()==-1)
+ if(opt->timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
@@ -515,7 +460,7 @@
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
- if(action==GET)
+ if(opt->action==KS_GET)
{
/* Eat the rest of the file */
for(;;)
@@ -551,7 +496,7 @@
goto fail;
}
- if(!thekey || !*path)
+ if(!thekey || !opt->opaque)
{
fprintf(console,"gpgkeys: invalid keyserver instructions\n");
goto fail;
@@ -562,16 +507,15 @@
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION);
- if (verbose>1)
+ if(opt->verbose>1)
{
- if(path[0])
- fprintf(console,"Path:\t\t%s\n",path);
+ fprintf(console,"User:\t\t%s\n",opt->opaque);
fprintf(console,"Command:\tGET\n");
}
- set_timeout(timeout);
+ set_timeout(opt->timeout);
- ret = get_key(thekey);
+ ret=get_key(thekey);
fail:
@@ -583,5 +527,7 @@
if(output!=stdout)
fclose(output);
+ free_ks_options(opt);
+
return ret;
}
Index: gnupg/keyserver/gpgkeys_ldap.c
diff -u gnupg/keyserver/gpgkeys_ldap.c:1.51 gnupg/keyserver/gpgkeys_ldap.c:1.52
--- gnupg/keyserver/gpgkeys_ldap.c:1.51 Thu Mar 17 05:02:17 2005
+++ gnupg/keyserver/gpgkeys_ldap.c Thu Mar 17 17:42:41 2005
@@ -50,14 +50,12 @@
extern char *optarg;
extern int optind;
-static int verbose=0,include_disabled=0,include_revoked=0,include_subkeys=0;
static int real_ldap=0;
static char *basekeyspacedn=NULL;
-static char host[MAX_HOST+1]={'\0'};
-static char portstr[MAX_PORT+1]={'\0'};
static char *pgpkeystr="pgpKey";
static FILE *input=NULL,*output=NULL,*console=NULL;
static LDAP *ldap=NULL;
+static struct ks_options *opt;
#ifndef HAVE_TIMEGM
time_t timegm(struct tm *tm);
@@ -1007,7 +1005,7 @@
/* fingerprint. Take the last 16 characters and treat it like a
long key id */
- if(include_subkeys)
+ if(opt->flags.include_subkeys)
sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
offset,offset);
else
@@ -1017,7 +1015,7 @@
{
/* long key id */
- if(include_subkeys)
+ if(opt->flags.include_subkeys)
sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
getkey,getkey);
else
@@ -1030,10 +1028,10 @@
sprintf(search,"(pgpkeyid=%.8s)",getkey);
}
- if(verbose>2)
+ if(opt->verbose>2)
fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
- if(!verbose)
+ if(!opt->verbose)
attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
err=ldap_search_s(ldap,basekeyspacedn,
@@ -1163,13 +1161,13 @@
/* Build the search string */
sprintf(search,"%s(pgpuserid=*%s*)%s%s%s",
- (!(include_disabled&&include_revoked))?"(&":"",
+ (!(opt->flags.include_disabled&&opt->flags.include_revoked))?"(&":"",
searchkey,
- include_disabled?"":"(pgpdisabled=0)",
- include_revoked?"":"(pgprevoked=0)",
- !(include_disabled&&include_revoked)?")":"");
+ opt->flags.include_disabled?"":"(pgpdisabled=0)",
+ opt->flags.include_revoked?"":"(pgprevoked=0)",
+ !(opt->flags.include_disabled&&opt->flags.include_revoked)?")":"");
- if(verbose>2)
+ if(opt->verbose>2)
fprintf(console,"gpgkeys: LDAP search for: %s\n",search);
err=ldap_search_s(ldap,basekeyspacedn,
@@ -1374,12 +1372,12 @@
}
static void
-fail_all(struct keylist *keylist,int action,int err)
+fail_all(struct keylist *keylist,int err)
{
if(!keylist)
return;
- if(action==SEARCH)
+ if(opt->action==KS_SEARCH)
{
fprintf(output,"SEARCH ");
while(keylist)
@@ -1452,7 +1450,7 @@
ldap_value_free(vals);
}
- if(verbose>1)
+ if(opt->verbose>1)
{
vals=ldap_get_values(ldap,si_res,"pgpSoftware");
if(vals)
@@ -1503,7 +1501,7 @@
ldap_value_free(vals);
}
- if(verbose>1)
+ if(opt->verbose>1)
{
vals=ldap_get_values(ldap,si_res,"software");
if(vals)
@@ -1516,7 +1514,7 @@
vals=ldap_get_values(ldap,si_res,"version");
if(vals)
{
- if(verbose>1)
+ if(opt->verbose>1)
fprintf(console,"Version:\t%s\n",vals[0]);
/* If the version is high enough, use the new pgpKeyV2
@@ -1547,12 +1545,10 @@
int
main(int argc,char *argv[])
{
- int debug=0,port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
+ int port=0,arg,err,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE];
- int version,failed=0,use_ssl=0,use_tls=0,bound=0,check_cert=1;
+ int failed=0,use_ssl=0,use_tls=0,bound=0;
struct keylist *keylist=NULL,*keyptr=NULL;
- unsigned int timeout=DEFAULT_KEYSERVER_TIMEOUT;
- char *ca_cert_file=NULL;
console=stderr;
@@ -1592,7 +1588,6 @@
break;
}
-
if(argc>optind)
{
input=fopen(argv[optind],"r");
@@ -1610,69 +1605,27 @@
if(output==NULL)
output=stdout;
+ opt=init_ks_options();
+ if(!opt)
+ return KEYSERVER_NO_MEMORY;
+
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
- char command[MAX_COMMAND+1];
char optionstr[MAX_OPTION+1];
- char scheme[MAX_SCHEME+1];
- char hash;
if(line[0]=='\n')
break;
- if(sscanf(line,"%c",&hash)==1 && hash=='#')
- continue;
-
- if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
- {
- command[MAX_COMMAND]='\0';
-
- if(strcasecmp(command,"get")==0)
- action=GET;
- else if(strcasecmp(command,"send")==0)
- action=SEND;
- else if(strcasecmp(command,"search")==0)
- action=SEARCH;
-
- continue;
- }
-
- if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
- {
- host[MAX_HOST]='\0';
- continue;
- }
-
- if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",portstr)==1)
- {
- portstr[MAX_PORT]='\0';
- port=atoi(portstr);
- continue;
- }
-
- if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
+ err=parse_ks_options(line,opt);
+ if(err>0)
{
- scheme[MAX_SCHEME]='\0';
- if(strcasecmp(scheme,"ldaps")==0)
- {
- port=636;
- use_ssl=1;
- }
- continue;
- }
-
- if(sscanf(line,"VERSION %d\n",&version)==1)
- {
- if(version!=KEYSERVER_PROTO_VERSION)
- {
- ret=KEYSERVER_VERSION_ERROR;
- goto fail;
- }
-
- continue;
+ ret=err;
+ goto fail;
}
+ else if(err==0)
+ continue;
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",optionstr)==1)
{
@@ -1687,35 +1640,7 @@
start=&optionstr[3];
}
- if(strcasecmp(start,"verbose")==0)
- {
- if(no)
- verbose--;
- else
- verbose++;
- }
- else if(strcasecmp(start,"include-disabled")==0)
- {
- if(no)
- include_disabled=0;
- else
- include_disabled=1;
- }
- else if(strcasecmp(start,"include-revoked")==0)
- {
- if(no)
- include_revoked=0;
- else
- include_revoked=1;
- }
- else if(strcasecmp(start,"include-subkeys")==0)
- {
- if(no)
- include_subkeys=0;
- else
- include_subkeys=1;
- }
- else if(strncasecmp(start,"tls",3)==0)
+ if(strncasecmp(start,"tls",3)==0)
{
if(no)
use_tls=0;
@@ -1735,20 +1660,6 @@
else if(start[3]=='\0')
use_tls=1;
}
- else if(strcasecmp(start,"check-cert")==0)
- {
- if(no)
- check_cert=0;
- else
- check_cert=1;
- }
- else if(strncasecmp(start,"debug",5)==0)
- {
- if(no)
- debug=0;
- else if(start[5]=='=')
- debug=atoi(&start[6]);
- }
else if(strncasecmp(start,"basedn",6)==0)
{
if(no)
@@ -1771,50 +1682,43 @@
real_ldap=1;
}
}
- else if(strncasecmp(start,"timeout",7)==0)
- {
- if(no)
- timeout=0;
- else if(start[7]=='=')
- timeout=atoi(&start[8]);
- else if(start[7]=='\0')
- timeout=DEFAULT_KEYSERVER_TIMEOUT;
- }
- else if(strncasecmp(start,"ca-cert-file",12)==0)
- {
- if(no)
- {
- free(ca_cert_file);
- ca_cert_file=NULL;
- }
- else if(start[12]=='=')
- {
- free(ca_cert_file);
- ca_cert_file=strdup(&start[13]);
- if(!ca_cert_file)
- {
- fprintf(console,"gpgkeys: out of memory while creating "
- "ca_cert_file\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
- }
- }
continue;
}
}
- if(timeout && register_timeout()==-1)
+ if(!opt->scheme)
+ {
+ fprintf(console,"gpgkeys: no scheme supplied!\n");
+ ret=KEYSERVER_SCHEME_NOT_FOUND;
+ goto fail;
+ }
+
+ if(strcasecmp(opt->scheme,"ldaps")==0)
+ {
+ port=636;
+ use_ssl=1;
+ }
+
+ if(opt->port)
+ port=atoi(opt->port);
+
+ if(!opt->host)
+ {
+ fprintf(console,"gpgkeys: no keyserver host provided\n");
+ goto fail;
+ }
+
+ if(opt->timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
}
#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS_CACERTFILE)
- if(ca_cert_file)
+ if(opt->ca_cert_file)
{
- err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,ca_cert_file);
+ err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,opt->ca_cert_file);
if(err!=LDAP_SUCCESS)
{
fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
@@ -1832,9 +1736,9 @@
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
- if(action==SEND)
+ if(opt->action==KS_SEND)
while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
- else if(action==GET || action==SEARCH)
+ else if(opt->action==KS_GET || opt->action==KS_SEARCH)
{
for(;;)
{
@@ -1885,24 +1789,23 @@
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s\n\n",VERSION);
- if(verbose>1)
+ if(opt->verbose>1)
{
- fprintf(console,"Host:\t\t%s\n",host);
+ fprintf(console,"Host:\t\t%s\n",opt->host);
if(port)
fprintf(console,"Port:\t\t%d\n",port);
- fprintf(console,"Command:\t%s\n",action==GET?"GET":
- action==SEND?"SEND":"SEARCH");
+ fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
}
- if(debug)
+ if(opt->debug)
{
#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION)
- err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&debug);
+ err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&opt->debug);
if(err!=LDAP_SUCCESS)
fprintf(console,"gpgkeys: unable to set debug mode: %s\n",
ldap_err2string(err));
else
- fprintf(console,"gpgkeys: debug level %d\n",debug);
+ fprintf(console,"gpgkeys: debug level %d\n",opt->debug);
#else
fprintf(console,"gpgkeys: not built with debugging support\n");
#endif
@@ -1910,16 +1813,16 @@
/* We have a timeout set for the setup stuff since it could time out
as well. */
- set_timeout(timeout);
+ set_timeout(opt->timeout);
/* Note that this tries all A records on a given host (or at least,
OpenLDAP does). */
- ldap=ldap_init(host,port);
+ ldap=ldap_init(opt->host,port);
if(ldap==NULL)
{
fprintf(console,"gpgkeys: internal LDAP init error: %s\n",
strerror(errno));
- fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
+ fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
goto fail;
}
@@ -1933,11 +1836,11 @@
{
fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
ldap_err2string(err));
- fail_all(keylist,action,ldap_err_to_gpg_err(err));
+ fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail;
}
- if(!check_cert)
+ if(!opt->flags.check_cert)
ssl=LDAP_OPT_X_TLS_NEVER;
err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl);
@@ -1946,7 +1849,7 @@
fprintf(console,
"gpgkeys: unable to set certificate validation: %s\n",
ldap_err2string(err));
- fail_all(keylist,action,ldap_err_to_gpg_err(err));
+ fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail;
}
#else
@@ -1962,7 +1865,7 @@
{
fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
err?ldap_err2string(err):"not found");
- fail_all(keylist,action,ldap_err_to_gpg_err(err));
+ fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail;
}
@@ -1977,7 +1880,7 @@
"not supported by the NAI LDAP keyserver");
if(use_tls==3)
{
- fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
+ fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
goto fail;
}
}
@@ -1989,7 +1892,7 @@
err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
if(err==LDAP_SUCCESS)
{
- if(check_cert)
+ if(opt->flags.check_cert)
ver=LDAP_OPT_X_TLS_HARD;
else
ver=LDAP_OPT_X_TLS_NEVER;
@@ -2001,17 +1904,17 @@
if(err!=LDAP_SUCCESS)
{
- if(use_tls>=2 || verbose>2)
+ if(use_tls>=2 || opt->verbose>2)
fprintf(console,"gpgkeys: unable to start TLS: %s\n",
ldap_err2string(err));
/* Are we forcing it? */
if(use_tls==3)
{
- fail_all(keylist,action,ldap_err_to_gpg_err(err));
+ fail_all(keylist,ldap_err_to_gpg_err(err));
goto fail;
}
}
- else if(err==LDAP_SUCCESS && verbose>1)
+ else if(err==LDAP_SUCCESS && opt->verbose>1)
fprintf(console,"gpgkeys: TLS started successfully.\n");
#else
if(use_tls>=2)
@@ -2045,94 +1948,89 @@
bound=1;
#endif
- switch(action)
+ if(opt->action==KS_GET)
{
- case GET:
keyptr=keylist;
while(keyptr!=NULL)
{
- set_timeout(timeout);
+ set_timeout(opt->timeout);
if(get_key(keyptr->str)!=KEYSERVER_OK)
failed++;
keyptr=keyptr->next;
}
- break;
-
- case SEND:
- {
- int eof=0;
-
- do
- {
- set_timeout(timeout);
-
- if(real_ldap)
- {
- if(send_key(&eof)!=KEYSERVER_OK)
- failed++;
- }
- else
- {
- if(send_key_keyserver(&eof)!=KEYSERVER_OK)
- failed++;
- }
- }
- while(!eof);
- }
- break;
+ }
+ else if(opt->action==KS_SEND)
+ {
+ int eof=0;
- case SEARCH:
- {
- char *searchkey=NULL;
- int len=0;
+ do
+ {
+ set_timeout(opt->timeout);
- set_timeout(timeout);
+ if(real_ldap)
+ {
+ if(send_key(&eof)!=KEYSERVER_OK)
+ failed++;
+ }
+ else
+ {
+ if(send_key_keyserver(&eof)!=KEYSERVER_OK)
+ failed++;
+ }
+ }
+ while(!eof);
+ }
+ else if(opt->action==KS_SEARCH)
+ {
+ char *searchkey=NULL;
+ int len=0;
- /* To search, we stick a * in between each key to search for.
- This means that if the user enters words, they'll get
- "enters*words". If the user "enters words", they'll get
- "enters words" */
+ set_timeout(opt->timeout);
- keyptr=keylist;
- while(keyptr!=NULL)
- {
- len+=strlen(keyptr->str)+1;
- keyptr=keyptr->next;
- }
+ /* To search, we stick a * in between each key to search for.
+ This means that if the user enters words, they'll get
+ "enters*words". If the user "enters words", they'll get
+ "enters words" */
- searchkey=malloc(len+1);
- if(searchkey==NULL)
- {
- ret=KEYSERVER_NO_MEMORY;
- fail_all(keylist,action,KEYSERVER_NO_MEMORY);
- goto fail;
- }
+ keyptr=keylist;
+ while(keyptr!=NULL)
+ {
+ len+=strlen(keyptr->str)+1;
+ keyptr=keyptr->next;
+ }
- searchkey[0]='\0';
+ searchkey=malloc(len+1);
+ if(searchkey==NULL)
+ {
+ ret=KEYSERVER_NO_MEMORY;
+ fail_all(keylist,KEYSERVER_NO_MEMORY);
+ goto fail;
+ }
- keyptr=keylist;
- while(keyptr!=NULL)
- {
- strcat(searchkey,keyptr->str);
- strcat(searchkey,"*");
- keyptr=keyptr->next;
- }
+ searchkey[0]='\0';
- /* Nail that last "*" */
- if(*searchkey)
- searchkey[strlen(searchkey)-1]='\0';
+ keyptr=keylist;
+ while(keyptr!=NULL)
+ {
+ strcat(searchkey,keyptr->str);
+ strcat(searchkey,"*");
+ keyptr=keyptr->next;
+ }
- if(search_key(searchkey)!=KEYSERVER_OK)
- failed++;
+ /* Nail that last "*" */
+ if(*searchkey)
+ searchkey[strlen(searchkey)-1]='\0';
- free(searchkey);
- }
+ if(search_key(searchkey)!=KEYSERVER_OK)
+ failed++;
- break;
+ free(searchkey);
}
+ else
+ BUG();
if(!failed)
ret=KEYSERVER_OK;
@@ -2152,6 +2050,8 @@
if(output!=stdout)
fclose(output);
+ free_ks_options(opt);
+
if(ldap!=NULL && bound)
ldap_unbind_s(ldap);
Index: gnupg/keyserver/ksutil.c
diff -u gnupg/keyserver/ksutil.c:1.3 gnupg/keyserver/ksutil.c:1.4
--- gnupg/keyserver/ksutil.c:1.3 Thu Mar 17 00:46:07 2005
+++ gnupg/keyserver/ksutil.c Thu Mar 17 17:42:41 2005
@@ -110,6 +110,7 @@
char scheme[MAX_SCHEME+1];
char auth[MAX_AUTH+1];
char path[URLMAX_PATH+1];
+ char opaque[MAX_OPAQUE+1];
char option[MAX_OPTION+1];
if(line[0]=='#')
@@ -174,6 +175,15 @@
return 0;
}
+ if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",opaque)==1)
+ {
+ opaque[MAX_OPAQUE]='\0';
+ opt->opaque=strdup(opaque);
+ if(!opt->opaque)
+ return KEYSERVER_NO_MEMORY;
+ return 0;
+ }
+
if(sscanf(line,"VERSION %d\n",&version)==1)
{
if(version!=KEYSERVER_PROTO_VERSION)
@@ -236,6 +246,8 @@
opt->debug=0;
else if(start[5]=='=')
opt->debug=atoi(&start[6]);
+ else if(start[5]=='\0')
+ opt->debug=1;
}
else if(strncasecmp(start,"timeout",7)==0)
{
Index: gnupg/keyserver/ksutil.h
diff -u gnupg/keyserver/ksutil.h:1.6 gnupg/keyserver/ksutil.h:1.7
--- gnupg/keyserver/ksutil.h:1.6 Thu Mar 17 00:46:07 2005
+++ gnupg/keyserver/ksutil.h Thu Mar 17 17:42:41 2005
@@ -69,6 +69,7 @@
char *scheme;
char *auth;
char *path;
+ char *opaque;
struct
{
unsigned int include_disabled:1;
More information about the Gnupg-commits
mailing list