[svn] GnuPG - r5026 - in trunk: common keyserver

svn author dshaw cvs at cvs.gnupg.org
Thu May 28 06:25:26 CEST 2009


Author: dshaw
Date: 2009-05-28 06:25:25 +0200 (Thu, 28 May 2009)
New Revision: 5026

Modified:
   trunk/common/ChangeLog
   trunk/common/http.c
   trunk/common/http.h
   trunk/keyserver/ChangeLog
   trunk/keyserver/curl-shim.c
   trunk/keyserver/curl-shim.h
   trunk/keyserver/gpgkeys_hkp.c
Log:
* http.h, http.c (send_request): Pass in srvtag and make its presence
sufficient to turn the feature on.  (http_open): From here.
(http_document): And here.

* gpgkeys_hkp.c (srv_replace): New function to transform a SRV
hostname to a real hostname.  (main): Call it from here for the
HAVE_LIBCURL case (without libcurl is handled via the curl-shim).

* curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): Add
a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).


Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog	2009-05-28 03:24:54 UTC (rev 5025)
+++ trunk/common/ChangeLog	2009-05-28 04:25:25 UTC (rev 5026)
@@ -1,5 +1,12 @@
 2009-05-27  David Shaw  <dshaw at jabberwocky.com>
 
+	From 1.4:
+	
+	* http.h, http.c (send_request): Pass in srvtag and make its
+	presence sufficient to turn the feature on.
+	(http_open): From here.
+	(http_document): And here.
+
 	* srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ
 	is too small these days.
 

Modified: trunk/keyserver/ChangeLog
===================================================================
--- trunk/keyserver/ChangeLog	2009-05-28 03:24:54 UTC (rev 5025)
+++ trunk/keyserver/ChangeLog	2009-05-28 04:25:25 UTC (rev 5026)
@@ -1,3 +1,16 @@
+2009-05-27  David Shaw  <dshaw at jabberwocky.com>
+
+	From 1.4:
+
+	* gpgkeys_hkp.c (srv_replace): New function to transform a SRV
+	hostname to a real hostname.
+	(main): Call it from here for the HAVE_LIBCURL case (without
+	libcurl is handled via the curl-shim).
+
+	* curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform):
+	Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http
+	engine).
+
 2009-05-10  David Shaw  <dshaw at jabberwocky.com>
 
 	From 1.4:

Modified: trunk/common/http.c
===================================================================
--- trunk/common/http.c	2009-05-28 03:24:54 UTC (rev 5025)
+++ trunk/common/http.c	2009-05-28 04:25:25 UTC (rev 5026)
@@ -128,8 +128,8 @@
 static int insert_escapes (char *buffer, const char *string,
                            const char *special);
 static uri_tuple_t parse_tuple (char *string);
-static gpg_error_t send_request (http_t hd,
-                                 const char *auth, const char *proxy);
+static gpg_error_t send_request (http_t hd, const char *auth,
+				 const char *proxy, const char *srvtag);
 static char *build_rel_path (parsed_uri_t uri);
 static gpg_error_t parse_response (http_t hd);
 
@@ -317,7 +317,7 @@
 gpg_error_t
 http_open (http_t *r_hd, http_req_t reqtype, const char *url, 
            const char *auth, unsigned int flags, const char *proxy,
-           void *tls_context)
+           void *tls_context, const char *srvtag)
 {
   gpg_error_t err;
   http_t hd;
@@ -338,7 +338,7 @@
 
   err = http_parse_uri (&hd->uri, url);
   if (!err)
-    err = send_request (hd, auth, proxy);
+    err = send_request (hd, auth, proxy, srvtag);
   
   if (err)
     {
@@ -457,12 +457,12 @@
 gpg_error_t
 http_open_document (http_t *r_hd, const char *document, 
                     const char *auth, unsigned int flags, const char *proxy,
-                    void *tls_context)
+                    void *tls_context, const char *srvtag)
 {
   gpg_error_t err;
 
   err = http_open (r_hd, HTTP_REQ_GET, document, auth, flags,
-                   proxy, tls_context);
+                   proxy, tls_context, srvtag);
   if (err)
     return err;
 
@@ -835,7 +835,7 @@
  * Returns 0 if the request was successful
  */
 static gpg_error_t
-send_request (http_t hd, const char *auth, const char *proxy)
+send_request (http_t hd, const char *auth, const char *proxy,const char *srvtag)
 {
   gnutls_session_t tls_session;
   gpg_error_t err;
@@ -893,13 +893,13 @@
 
       hd->sock = connect_server (*uri->host ? uri->host : "localhost",
 				 uri->port ? uri->port : 80,
-                                 hd->flags, hd->uri->scheme);
+                                 hd->flags, srvtag);
       save_errno = errno;
       http_release_parsed_uri (uri);
     }
   else
     {
-      hd->sock = connect_server (server, port, hd->flags, hd->uri->scheme);
+      hd->sock = connect_server (server, port, hd->flags, srvtag);
       save_errno = errno;
     }
 
@@ -1524,6 +1524,9 @@
   int last_errno = 0;
   struct srventry *serverlist = NULL;
 
+  /* Not currently using the flags */
+  (void)flags;
+
 #ifdef HAVE_W32_SYSTEM
   unsigned long inaddr;
 
@@ -1559,7 +1562,7 @@
 
 #ifdef USE_DNS_SRV
   /* Do the SRV thing */
-  if ((flags & HTTP_FLAG_TRY_SRV) && srvtag)
+  if (srvtag)
     {
       /* We're using SRV, so append the tags. */
       if (1+strlen (srvtag) + 6 + strlen (server) + 1 <= MAXDNAME)

Modified: trunk/common/http.h
===================================================================
--- trunk/common/http.h	2009-05-28 03:24:54 UTC (rev 5025)
+++ trunk/common/http.h	2009-05-28 04:25:25 UTC (rev 5026)
@@ -63,9 +63,8 @@
   { 
     HTTP_FLAG_TRY_PROXY = 1,
     HTTP_FLAG_NO_SHUTDOWN = 2,
-    HTTP_FLAG_TRY_SRV = 4,
-    HTTP_FLAG_LOG_RESP = 8,
-    HTTP_FLAG_NEED_HEADER = 16
+    HTTP_FLAG_LOG_RESP = 4,
+    HTTP_FLAG_NEED_HEADER = 8
   };
 
 struct http_context_s;
@@ -82,7 +81,8 @@
                        const char *auth,
                        unsigned int flags,
                        const char *proxy,
-                       void *tls_context);
+                       void *tls_context,
+		       const char *srvtag);
 
 void http_start_data (http_t hd);
 
@@ -95,7 +95,8 @@
                                 const char *auth,
                                 unsigned int flags,
                                 const char *proxy,
-                                void *tls_context);
+                                void *tls_context,
+				const char *srvtag);
 
 #ifdef HTTP_USE_ESTREAM
 estream_t http_get_read_ptr (http_t hd);

Modified: trunk/keyserver/curl-shim.c
===================================================================
--- trunk/keyserver/curl-shim.c	2009-05-28 03:24:54 UTC (rev 5025)
+++ trunk/keyserver/curl-shim.c	2009-05-28 04:25:25 UTC (rev 5026)
@@ -144,6 +144,9 @@
     case CURLOPT_POSTFIELDS:
       curl->postfields=va_arg(ap,char *);
       break;
+    case CURLOPT_SRVTAG_GPG_HACK:
+      curl->srvtag=va_arg(ap,char *);
+      break;
     case CURLOPT_FAILONERROR:
       curl->flags.failonerror=va_arg(ap,long)?1:0;
       break;
@@ -193,7 +196,7 @@
   if(curl->flags.post)
     {
       rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
-                      0, proxy, NULL);
+                      0, proxy, NULL, curl->srvtag);
       if (!rc)
 	{
 	  unsigned int post_len = strlen(curl->postfields);
@@ -216,7 +219,7 @@
   else
     {
       rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
-                      0, proxy, NULL);
+                      0, proxy, NULL, curl->srvtag);
       if (!rc)
 	{
 	  rc = http_wait_response (curl->hd);

Modified: trunk/keyserver/curl-shim.h
===================================================================
--- trunk/keyserver/curl-shim.h	2009-05-28 03:24:54 UTC (rev 5025)
+++ trunk/keyserver/curl-shim.h	2009-05-28 04:25:25 UTC (rev 5026)
@@ -48,7 +48,8 @@
     CURLOPT_CAINFO,
     CURLOPT_POST,
     CURLOPT_POSTFIELDS,
-    CURLOPT_FAILONERROR
+    CURLOPT_FAILONERROR,
+    CURLOPT_SRVTAG_GPG_HACK
   } CURLoption;
 
 typedef size_t (*write_func)(char *buffer,size_t size,
@@ -63,6 +64,7 @@
   write_func writer;
   void *file;
   char *postfields;
+  char *srvtag;
   unsigned int status;
   FILE *errors;
   struct

Modified: trunk/keyserver/gpgkeys_hkp.c
===================================================================
--- trunk/keyserver/gpgkeys_hkp.c	2009-05-28 03:24:54 UTC (rev 5025)
+++ trunk/keyserver/gpgkeys_hkp.c	2009-05-28 04:25:25 UTC (rev 5026)
@@ -43,6 +43,9 @@
 #else
 #include "curl-shim.h"
 #endif
+#ifdef USE_DNS_SRV
+#include "srv.h"
+#endif
 #include "keyserver.h"
 #include "ksutil.h"
 
@@ -183,6 +186,7 @@
   strcat(key,encoded_key);
 
   strcpy(request,proto);
+  strcat(request,"://");
   strcat(request,opt->host);
   strcat(request,":");
   strcat(request,port);
@@ -247,6 +251,7 @@
     }
 
   strcpy(request,proto);
+  strcat(request,"://");
   strcat(request,opt->host);
   strcat(request,":");
   strcat(request,port);
@@ -325,6 +330,7 @@
   fprintf(output,"NAME %s BEGIN\n",getkey);
 
   strcpy(request,proto);
+  strcat(request,"://");
   strcat(request,opt->host);
   strcat(request,":");
   strcat(request,port);
@@ -408,6 +414,7 @@
   fprintf(output,"SEARCH %s BEGIN\n",searchkey);
 
   strcpy(request,proto);
+  strcat(request,"://");
   strcat(request,opt->host);
   strcat(request,":");
   strcat(request,port);
@@ -478,6 +485,51 @@
       }
 }
 
+#ifdef HAVE_LIBCURL
+/* If there is a SRV record, take the highest ranked possibility.
+   This is a hack, as we don't proceed downwards. */
+static void
+srv_replace(void)
+{
+#ifdef USE_DNS_SRV
+  struct srventry *srvlist=NULL;
+  int srvcount;
+
+  if(1+strlen(opt->scheme)+6+strlen(opt->host)+1<=MAXDNAME)
+    {
+      char srvname[MAXDNAME];
+
+      strcpy(srvname,"_");
+      strcat(srvname,opt->scheme);
+      strcat(srvname,"._tcp.");
+      strcat(srvname,opt->host);
+      srvcount=getsrv(srvname,&srvlist);
+    }
+
+  if(srvlist)
+    {
+      char *newname,*newport;
+
+      newname=strdup(srvlist->target);
+      newport=malloc(MAX_PORT);
+      if(newname && newport)
+	{
+	  free(opt->host);
+	  free(opt->port);
+	  opt->host=newname;
+	  snprintf(newport,MAX_PORT,"%u",srvlist->port);
+	  opt->port=newport;
+	}
+      else
+	{
+	  free(newname);
+	  free(newport);
+	}
+    }
+#endif
+}
+#endif
+
 static void 
 show_help (FILE *fp)
 {
@@ -490,7 +542,7 @@
 int
 main(int argc,char *argv[])
 {
-  int arg,ret=KEYSERVER_INTERNAL_ERROR;
+  int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1;
   char line[MAX_LINE];
   int failed=0;
   struct keylist *keylist=NULL,*keyptr=NULL;
@@ -604,15 +656,14 @@
 		    }
 		}
 	    }
-#if 0
 	  else if(strcasecmp(start,"try-dns-srv")==0)
 	    {
 	      if(no)
-		http_flags&=~HTTP_FLAG_TRY_SRV;
+		try_srv=0;
 	      else
-		http_flags|=HTTP_FLAG_TRY_SRV;
+		try_srv=1;
 	    }
-#endif
+
 	  continue;
 	}
     }
@@ -626,18 +677,15 @@
 
   if(ks_strcasecmp(opt->scheme,"hkps")==0)
     {
-      proto="https://";
+      proto="https";
       port="443";
     }
   else
     {
-      proto="http://";
+      proto="http";
       port="11371";
     }
 
-  if(opt->port)
-    port=opt->port;
-
   if(!opt->host)
     {
       fprintf(console,"gpgkeys: no keyserver host provided\n");
@@ -659,6 +707,26 @@
       goto fail;
     }
 
+  /* If the user gives a :port, then disable SRV.  The semantics of a
+     specified port and SRV do not play well together. */
+  if(opt->port)
+    port=opt->port;
+  else if(try_srv)
+    {
+#ifdef HAVE_LIBCURL
+      /* We're using libcurl, so fake SRV support via our wrapper.
+	 This isn't as good as true SRV support, as we do not try all
+	 possible targets at one particular level and work our way
+	 down the list, but it's better than nothing. */      
+      srv_replace();
+#else
+      /* We're using our internal curl shim, so we can use its (true)
+	 SRV support.  Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real
+	 libcurl option.  It's specific to our shim. */
+      curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,opt->scheme);
+#endif
+    }
+
   curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
 
   if(opt->auth)
@@ -677,13 +745,6 @@
   if(proxy)
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
 
-#if 0
-  /* By suggested convention, if the user gives a :port, then disable
-     SRV. */
-  if(opt->port)
-    http_flags&=~HTTP_FLAG_TRY_SRV;
-#endif
-
   /* If it's a GET or a SEARCH, the next thing to come in is the
      keyids.  If it's a SEND, then there are no keyids. */
 




More information about the Gnupg-commits mailing list