[svn] GnuPG - r4016 - trunk/g10
svn author dshaw
cvs at cvs.gnupg.org
Wed Feb 22 20:06:26 CET 2006
Author: dshaw
Date: 2006-02-22 20:06:23 +0100 (Wed, 22 Feb 2006)
New Revision: 4016
Modified:
trunk/g10/ChangeLog
trunk/g10/getkey.c
trunk/g10/gpg.c
trunk/g10/keydb.h
trunk/g10/options.h
Log:
* options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate):
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2006-02-22 04:19:21 UTC (rev 4015)
+++ trunk/g10/ChangeLog 2006-02-22 19:06:23 UTC (rev 4016)
@@ -1,3 +1,10 @@
+2006-02-22 David Shaw <dshaw at jabberwocky.com>
+
+ * options.h, keydb.h, g10.c (main), getkey.c
+ (parse_auto_key_locate): Parse a list of key access methods.
+ (get_pubkey_byname): Walk the list here to try and retrieve keys
+ we don't have locally.
+
2006-02-21 David Shaw <dshaw at jabberwocky.com>
* getkey.c (get_pubkey_byname): Fix minor security problem with
Modified: trunk/g10/getkey.c
===================================================================
--- trunk/g10/getkey.c 2006-02-22 04:19:21 UTC (rev 4015)
+++ trunk/g10/getkey.c 2006-02-22 19:06:23 UTC (rev 4016)
@@ -905,91 +905,94 @@
KEYDB_HANDLE *ret_kdbhd, int include_unusable )
{
int rc;
- int tried_cert=0, tried_pka=0, tried_ks=0;
STRLIST namelist = NULL;
add_to_strlist( &namelist, name );
- retry:
+
rc = key_byname( NULL, namelist, pk, NULL, 0,
include_unusable, ret_keyblock, ret_kdbhd);
+ /* If the requested name resembles a valid mailbox and automatic
+ retrieval has been enabled, we try to import the key. */
+
if (rc == G10ERR_NO_PUBKEY && is_valid_mailbox(name))
{
int res;
+ struct akl *akl;
- if(!tried_cert
- && (opt.keyserver_options.options&KEYSERVER_AUTO_CERT_RETRIEVE))
+ for(akl=opt.auto_key_locate;akl;akl=akl->next)
{
- tried_cert=1;
-
- glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_cert(name);
- glo_ctrl.in_auto_key_retrieve--;
-
- if(res==0)
+ switch(akl->type)
{
- log_info(_("Automatically retrieved `%s' via %s\n"),
- name,"DNS CERT");
- goto retry;
- }
- }
+ case AKL_CERT:
+ glo_ctrl.in_auto_key_retrieve++;
+ res=keyserver_import_cert(name);
+ glo_ctrl.in_auto_key_retrieve--;
- if(!tried_pka
- && opt.allow_pka_lookup
- && (opt.keyserver_options.options&KEYSERVER_AUTO_PKA_RETRIEVE))
- {
- unsigned char fpr[MAX_FINGERPRINT_LEN];
- /* If the requested name resembles a valid mailbox and
- automatic retrieval via PKA records has been enabled, we
- try to import the key via the URI and try again. */
+ if(res==0)
+ log_info(_("Automatically retrieved `%s' via %s\n"),
+ name,"DNS CERT");
+ break;
- tried_pka=1;
+ case AKL_PKA:
+ {
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
- glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_pka(name,fpr);
- glo_ctrl.in_auto_key_retrieve--;
+ glo_ctrl.in_auto_key_retrieve++;
+ res=keyserver_import_pka(name,fpr);
+ glo_ctrl.in_auto_key_retrieve--;
- if(res==0)
- {
- int i;
- char fpr_string[2+(MAX_FINGERPRINT_LEN*2)+1];
+ if(res==0)
+ {
+ int i;
+ char fpr_string[MAX_FINGERPRINT_LEN*2+1];
- log_info(_("Automatically retrieved `%s' via %s\n"),
- name,"PKA");
+ log_info(_("Automatically retrieved `%s' via %s\n"),
+ name,"PKA");
- free_strlist(namelist);
- namelist=NULL;
+ free_strlist(namelist);
+ namelist=NULL;
- for(i=0;i<MAX_FINGERPRINT_LEN;i++)
- sprintf(fpr_string+2*i,"%02X",fpr[i]);
+ for(i=0;i<MAX_FINGERPRINT_LEN;i++)
+ sprintf(fpr_string+2*i,"%02X",fpr[i]);
- add_to_strlist( &namelist, fpr_string );
+ add_to_strlist( &namelist, fpr_string );
+ }
+ }
+ break;
- goto retry;
- }
- }
+ case AKL_LDAP:
+ glo_ctrl.in_auto_key_retrieve++;
+ res=keyserver_import_ldap(name);
+ glo_ctrl.in_auto_key_retrieve--;
- /* Try keyserver last as it is likely to be the slowest.
- Strictly speaking, we don't need to only use a valid mailbox
- for the getname search, but it helps cut down on a problem
- with searching for something like "john" and getting a lot of
- keys back. */
- if(!tried_ks
- && opt.keyserver
- && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE))
- {
- tried_ks=1;
+ if(res==0)
+ log_info(_("Automatically retrieved `%s' via %s\n"),
+ name,"LDAP");
+ break;
- glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_name(name);
- glo_ctrl.in_auto_key_retrieve--;
+ case AKL_KEYSERVER:
+ /* Strictly speaking, we don't need to only use a valid
+ mailbox for the getname search, but it helps cut down
+ on the problem of searching for something like "john"
+ and getting a whole lot of keys back. */
+ if(opt.keyserver)
+ {
+ glo_ctrl.in_auto_key_retrieve++;
+ res=keyserver_import_name(name);
+ glo_ctrl.in_auto_key_retrieve--;
- if(res==0)
- {
- log_info(_("Automatically retrieved `%s' via %s\n"),
- name,opt.keyserver->uri);
- goto retry;
+ if(res==0)
+ log_info(_("Automatically retrieved `%s' via %s\n"),
+ name,opt.keyserver->uri);
+ }
+ break;
}
+
+ rc = key_byname( NULL, namelist, pk, NULL, 0,
+ include_unusable, ret_keyblock, ret_kdbhd);
+ if(rc!=G10ERR_NO_PUBKEY)
+ break;
}
}
@@ -2875,3 +2878,48 @@
{
return ctx->kr_handle;
}
+
+int
+parse_auto_key_locate(char *options)
+{
+ char *tok;
+
+ while((tok=optsep(&options)))
+ {
+ struct akl *akl,*last;
+
+ if(tok[0]=='\0')
+ continue;
+
+ akl=xmalloc_clear(sizeof(*akl));
+
+ if(ascii_strcasecmp(tok,"cert")==0)
+ akl->type=AKL_CERT;
+ else if(ascii_strcasecmp(tok,"pka")==0)
+ akl->type=AKL_PKA;
+ else if(ascii_strcasecmp(tok,"ldap")==0)
+ akl->type=AKL_LDAP;
+ else if(ascii_strcasecmp(tok,"keyserver")==0)
+ akl->type=AKL_KEYSERVER;
+ else
+ {
+ xfree(akl);
+ return 0;
+ }
+
+ /* We must maintain the order the user gave us */
+ for(last=opt.auto_key_locate;last && last->next;last=last->next)
+ {
+ /* Check for duplicates */
+ if(last && last->type==akl->type)
+ return 0;
+ }
+
+ if(last)
+ last->next=akl;
+ else
+ opt.auto_key_locate=akl;
+ }
+
+ return 1;
+}
Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c 2006-02-22 04:19:21 UTC (rev 4015)
+++ trunk/g10/gpg.c 2006-02-22 19:06:23 UTC (rev 4016)
@@ -354,14 +354,13 @@
oKeyidFormat,
oExitOnStatusWriteError,
oLimitCardInsertTries,
-
oReaderPort,
octapiDriver,
opcscDriver,
oDisableCCID,
-
oRequireBacksigs,
oNoRequireBacksigs,
+ oAutoKeyLocate,
oNoop
};
@@ -707,6 +706,7 @@
{ oRecipient, "user", 2, "@" },
{ oRequireBacksigs, "require-backsigs", 0, "@"},
{ oNoRequireBacksigs, "no-require-backsigs", 0, "@"},
+ { oAutoKeyLocate, "auto-key-locate", 2, "@"},
{0,NULL,0,NULL}
};
@@ -2645,6 +2645,17 @@
case oRequireBacksigs: opt.require_backsigs=1; break;
case oNoRequireBacksigs: opt.require_backsigs=0; break;
+ case oAutoKeyLocate:
+ if(!parse_auto_key_locate(pargs.r.ret_str))
+ {
+ if(configname)
+ log_error(_("%s:%d: invalid auto-key-locate list\n"),
+ configname,configlineno);
+ else
+ log_error(_("invalid auto-key-locate list\n"));
+ }
+ break;
+
case oNoop: break;
default : pargs.err = configfp? 1:2; break;
Modified: trunk/g10/keydb.h
===================================================================
--- trunk/g10/keydb.h 2006-02-22 04:19:21 UTC (rev 4015)
+++ trunk/g10/keydb.h 2006-02-22 19:06:23 UTC (rev 4016)
@@ -258,6 +258,7 @@
char*get_user_id( u32 *keyid, size_t *rn );
char*get_user_id_native( u32 *keyid );
KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
+int parse_auto_key_locate(char *options);
/*-- keyid.c --*/
int pubkey_letter( int algo );
Modified: trunk/g10/options.h
===================================================================
--- trunk/g10/options.h 2006-02-22 04:19:21 UTC (rev 4015)
+++ trunk/g10/options.h 2006-02-22 19:06:23 UTC (rev 4016)
@@ -220,6 +220,14 @@
error (but an invalid backsig still is). */
int require_backsigs;
+ /* Linked list of ways to find a key if the key isn't on the local
+ keyring. */
+ struct akl
+ {
+ enum {AKL_CERT, AKL_PKA, AKL_LDAP, AKL_KEYSERVER} type;
+ struct akl *next;
+ } *auto_key_locate;
+
} opt;
/* CTRL is used to keep some global variables we currently can't
More information about the Gnupg-commits
mailing list