[git] GnuPG - branch, justus/fix-1788, created. gnupg-2.1.9-150-g1677c6f
by Justus Winter
cvs at cvs.gnupg.org
Thu Nov 19 15:11:44 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, justus/fix-1788 has been created
at 1677c6f5d51551882e6c59677a5d73870f9b4e2a (commit)
- Log -----------------------------------------------------------------
commit 1677c6f5d51551882e6c59677a5d73870f9b4e2a
Author: Justus Winter <justus at g10code.com>
Date: Thu Nov 19 15:03:30 2015 +0100
dirmngr: Honor ports specified in SRV records.
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
(create_new_hostinfo): Initialize 'port'.
(add_host): Add host parameter and update the hosttable entry.
(map_host): Return port if known, adjust calls to 'add_host'.
(make_host_part): Let 'map_host' specify the port if known.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index f015998..9b21233 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -92,6 +92,7 @@ struct hostinfo_s
char *v6addr; /* A string with the v6 IP address of the host.
NULL if NAME has a numeric IP address or no v6
address is available. */
+ unsigned short port; /* The port used by the host, 0 if unknown. */
char name[1]; /* The hostname. */
};
@@ -131,6 +132,7 @@ create_new_hostinfo (const char *name)
hi->cname = NULL;
hi->v4addr = NULL;
hi->v6addr = NULL;
+ hi->port = 0;
/* Add it to the hosttable. */
for (idx=0; idx < hosttable_size; idx++)
@@ -256,10 +258,13 @@ arecords_is_pool (dns_addrinfo_t aibuf)
}
-/* Add the host AI under the NAME into the HOSTTABLE. Updates the
- given reference table. */
+/* Add the host AI under the NAME into the HOSTTABLE. If PORT is not
+ zero, it specifies which port to use to talk to the host. If NAME
+ specifies a pool (as indicated by IS_POOL), update the given
+ reference table accordingly. */
static void
-add_host (const char *name, const dns_addrinfo_t ai, int is_pool,
+add_host (const char *name, int is_pool,
+ const dns_addrinfo_t ai, unsigned short port,
int *reftbl, size_t reftblsize, int *refidx)
{
gpg_error_t tmperr;
@@ -322,6 +327,9 @@ add_host (const char *name, const dns_addrinfo_t ai, int is_pool,
{
char *ipaddr = NULL;
+ if (port)
+ hosttable[tmpidx]->port = port;
+
if (!is_numeric)
{
xfree (tmphost);
@@ -371,13 +379,16 @@ add_host (const char *name, const dns_addrinfo_t ai, int is_pool,
failed for some time and we stick to one host for a time
independent of DNS retry times. If FORCE_RESELECT is true a new
host is always selected. The selected host is stored as a malloced
- string at R_HOST; on error NULL is stored. If R_HTTPFLAGS is not
+ string at R_HOST; on error NULL is stored. If we know the port
+ used by the selected host, a string representation is written to
+ R_PORTSTR, otherwise it is left untouched. If R_HTTPFLAGS is not
NULL it will receive flags which are to be passed to http_open. If
R_POOLNAME is not NULL a malloced name of the pool is stored or
NULL if it is not a pool. */
static gpg_error_t
map_host (ctrl_t ctrl, const char *name, int force_reselect,
- char **r_host, unsigned int *r_httpflags, char **r_poolname)
+ char **r_host, char *r_portstr,
+ unsigned int *r_httpflags, char **r_poolname)
{
gpg_error_t err = 0;
hostinfo_t hi;
@@ -465,7 +476,8 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
if (err)
continue;
dirmngr_tick (ctrl);
- add_host (name, ai, is_pool, reftbl, reftblsize, &refidx);
+ add_host (name, is_pool, ai, srvs[i].port,
+ reftbl, reftblsize, &refidx);
}
xfree (srvs);
@@ -499,7 +511,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
continue;
dirmngr_tick (ctrl);
- add_host (name, ai, is_pool, reftbl, reftblsize, &refidx);
+ add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
}
}
reftbl[refidx] = -1;
@@ -604,6 +616,9 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
}
return err;
}
+ if (hi->port)
+ snprintf (r_portstr, 6 /* five digits and the sentinel */,
+ "%hu", hi->port);
return 0;
}
@@ -855,16 +870,24 @@ make_host_part (ctrl_t ctrl,
*r_hostport = NULL;
+ portstr[0] = 0;
+ err = map_host (ctrl, host, force_reselect,
+ &hostname, portstr, r_httpflags, r_poolname);
+ if (err)
+ return err;
+
/* Map scheme and port. */
if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https"))
{
scheme = "https";
- strcpy (portstr, "443");
+ if (! *portstr)
+ strcpy (portstr, "443");
}
else /* HKP or HTTP. */
{
scheme = "http";
- strcpy (portstr, "11371");
+ if (! *portstr)
+ strcpy (portstr, "11371");
}
if (port)
snprintf (portstr, sizeof portstr, "%hu", port);
@@ -873,11 +896,6 @@ make_host_part (ctrl_t ctrl,
/*fixme_do_srv_lookup ()*/
}
- err = map_host (ctrl, host, force_reselect,
- &hostname, r_httpflags, r_poolname);
- if (err)
- return err;
-
*r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL);
xfree (hostname);
if (!*r_hostport)
commit ecbcacfc773a7b71cf5b16d95c6e3b2109e54153
Author: Justus Winter <justus at g10code.com>
Date: Thu Nov 19 14:29:36 2015 +0100
dirmngr: Support hkp server pools using SRV records.
* dirmngr/ks-engine-hkp.c (map_host): Handle SRV records.
--
Signed-off-by: Justus Winter <justus at g10code.com>
GnuPG-bug-id: 1788
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index d57b577..f015998 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -415,6 +415,9 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
int refidx;
int is_pool = 0;
char *cname;
+ char *srvrecord;
+ struct srventry *srvs;
+ int srvscount;
reftblsize = 100;
reftbl = xtrymalloc (reftblsize * sizeof *reftbl);
@@ -431,6 +434,43 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
}
hi = hosttable[idx];
+ /* Check for SRV records. */
+ asprintf (&srvrecord, "_hkp._tcp.%s", name);
+ if (srvrecord == NULL)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (reftbl);
+ return err;
+ }
+
+ srvscount = getsrv (srvrecord, &srvs);
+ xfree (srvrecord);
+ if (srvscount < 0)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (reftbl);
+ return err;
+ }
+
+ if (srvscount > 0)
+ {
+ int i;
+ is_pool = srvscount > 1;
+
+ for (i = 0; i < srvscount; i++)
+ {
+ err = resolve_dns_name (srvs[i].target, 0,
+ AF_UNSPEC, SOCK_STREAM,
+ &ai, &cname);
+ if (err)
+ continue;
+ dirmngr_tick (ctrl);
+ add_host (name, ai, is_pool, reftbl, reftblsize, &refidx);
+ }
+
+ xfree (srvs);
+ }
+
/* Find all A records for this entry and put them into the pool
list - if any. */
err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname);
@@ -446,7 +486,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
the canonical name of the pool as the virtual host along
with the IP addresses. If it is not a pool, we use the
specified name. */
- is_pool = arecords_is_pool (aibuf);
+ is_pool |= arecords_is_pool (aibuf);
if (is_pool && cname)
{
hi->cname = cname;
commit 24db34445abe2ed90e38a556e7a41cc9c5907c44
Author: Justus Winter <justus at g10code.com>
Date: Thu Nov 19 13:00:59 2015 +0100
irmngr: Refactor 'map_host'.
* dirmngr/ks-engine-hkp.c (add_host): New function.
(map_host): Use the new function.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index b9eca0e..d57b577 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -256,6 +256,115 @@ arecords_is_pool (dns_addrinfo_t aibuf)
}
+/* Add the host AI under the NAME into the HOSTTABLE. Updates the
+ given reference table. */
+static void
+add_host (const char *name, const dns_addrinfo_t ai, int is_pool,
+ int *reftbl, size_t reftblsize, int *refidx)
+{
+ gpg_error_t tmperr;
+ char *tmphost;
+ int idx, tmpidx;
+ int is_numeric = 0;
+ int i;
+
+ idx = find_hostinfo (name);
+
+ if (!is_pool && !is_ip_address (name))
+ {
+ /* This is a hostname but not a pool. Use the name
+ as given without going through resolve_dns_addr. */
+ tmphost = xtrystrdup (name);
+ if (!tmphost)
+ tmperr = gpg_error_from_syserror ();
+ else
+ tmperr = 0;
+ }
+ else
+ {
+ tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+ DNS_WITHBRACKET, &tmphost);
+ if (tmphost && is_ip_address (tmphost))
+ is_numeric = 1;
+ }
+
+ if (tmperr)
+ {
+ log_info ("resolve_dns_addr failed while checking '%s': %s\n",
+ name, gpg_strerror (tmperr));
+ }
+ else if ((*refidx) + 1 >= reftblsize)
+ {
+ log_error ("resolve_dns_addr for '%s': '%s'"
+ " [index table full - ignored]\n", name, tmphost);
+ }
+ else
+ {
+ if (!is_pool && is_ip_address (name))
+ /* Update the original entry. */
+ tmpidx = idx;
+ else
+ tmpidx = find_hostinfo (tmphost);
+ log_info ("resolve_dns_addr for '%s': '%s'%s\n",
+ name, tmphost,
+ tmpidx == -1? "" : " [already known]");
+
+ if (tmpidx == -1) /* Create a new entry. */
+ tmpidx = create_new_hostinfo (tmphost);
+
+ if (tmpidx == -1)
+ {
+ log_error ("map_host for '%s' problem: %s - '%s'"
+ " [ignored]\n",
+ name, strerror (errno), tmphost);
+ }
+ else /* Set or update the entry. */
+ {
+ char *ipaddr = NULL;
+
+ if (!is_numeric)
+ {
+ xfree (tmphost);
+ tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+ (DNS_NUMERICHOST
+ | DNS_WITHBRACKET),
+ &tmphost);
+ if (tmperr)
+ log_info ("resolve_dns_addr failed: %s\n",
+ gpg_strerror (tmperr));
+ else
+ {
+ ipaddr = tmphost;
+ tmphost = NULL;
+ }
+ }
+
+ if (ai->family == AF_INET6)
+ {
+ hosttable[tmpidx]->v6 = 1;
+ xfree (hosttable[tmpidx]->v6addr);
+ hosttable[tmpidx]->v6addr = ipaddr;
+ }
+ else if (ai->family == AF_INET)
+ {
+ hosttable[tmpidx]->v4 = 1;
+ xfree (hosttable[tmpidx]->v4addr);
+ hosttable[tmpidx]->v4addr = ipaddr;
+ }
+ else
+ BUG ();
+
+ for (i=0; i < *refidx; i++)
+ if (reftbl[i] == tmpidx)
+ break;
+ if (!(i < *refidx) && tmpidx != idx)
+ reftbl[(*refidx)++] = tmpidx;
+ }
+ }
+ xfree (tmphost);
+}
+
+
/* Map the host name NAME to the actual to be used host name. This
allows us to manage round robin DNS names. We use our own strategy
to choose one of the hosts. For example we skip those hosts which
@@ -346,109 +455,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
for (ai = aibuf; ai; ai = ai->next)
{
- gpg_error_t tmperr;
- char *tmphost;
- int tmpidx;
- int is_numeric = 0;
- int i;
-
if (ai->family != AF_INET && ai->family != AF_INET6)
continue;
-
dirmngr_tick (ctrl);
- if (!is_pool && !is_ip_address (name))
- {
- /* This is a hostname but not a pool. Use the name
- as given without going through resolve_dns_addr. */
- tmphost = xtrystrdup (name);
- if (!tmphost)
- tmperr = gpg_error_from_syserror ();
- else
- tmperr = 0;
- }
- else
- {
- tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
- DNS_WITHBRACKET, &tmphost);
- if (tmphost && is_ip_address (tmphost))
- is_numeric = 1;
- }
-
- if (tmperr)
- {
- log_info ("resolve_dns_addr failed while checking '%s': %s\n",
- name, gpg_strerror (tmperr));
- }
- else if (refidx+1 >= reftblsize)
- {
- log_error ("resolve_dns_addr for '%s': '%s'"
- " [index table full - ignored]\n", name, tmphost);
- }
- else
- {
- if (!is_pool && is_ip_address (name))
- /* Update the original entry. */
- tmpidx = idx;
- else
- tmpidx = find_hostinfo (tmphost);
- log_info ("resolve_dns_addr for '%s': '%s'%s\n",
- name, tmphost,
- tmpidx == -1? "" : " [already known]");
-
- if (tmpidx == -1) /* Create a new entry. */
- tmpidx = create_new_hostinfo (tmphost);
-
- if (tmpidx == -1)
- {
- log_error ("map_host for '%s' problem: %s - '%s'"
- " [ignored]\n",
- name, strerror (errno), tmphost);
- }
- else /* Set or update the entry. */
- {
- char *ipaddr = NULL;
-
- if (!is_numeric)
- {
- xfree (tmphost);
- tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
- (DNS_NUMERICHOST
- | DNS_WITHBRACKET),
- &tmphost);
- if (tmperr)
- log_info ("resolve_dns_addr failed: %s\n",
- gpg_strerror (tmperr));
- else
- {
- ipaddr = tmphost;
- tmphost = NULL;
- }
- }
-
- if (ai->family == AF_INET6)
- {
- hosttable[tmpidx]->v6 = 1;
- xfree (hosttable[tmpidx]->v6addr);
- hosttable[tmpidx]->v6addr = ipaddr;
- }
- else if (ai->family == AF_INET)
- {
- hosttable[tmpidx]->v4 = 1;
- xfree (hosttable[tmpidx]->v4addr);
- hosttable[tmpidx]->v4addr = ipaddr;
- }
- else
- BUG ();
-
- for (i=0; i < refidx; i++)
- if (reftbl[i] == tmpidx)
- break;
- if (!(i < refidx) && tmpidx != idx)
- reftbl[refidx++] = tmpidx;
- }
- }
- xfree (tmphost);
+ add_host (name, ai, is_pool, reftbl, reftblsize, &refidx);
}
}
reftbl[refidx] = -1;
commit 8c7490eb17e130181d4809ca36c3f66054c42323
Author: Justus Winter <justus at g10code.com>
Date: Thu Nov 19 12:43:23 2015 +0100
dirmngr: Refactor 'map_host'.
* dirmngr/ks-engine-hkp.c (arecords_is_pool): New function.
(map_host): Use the new function.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 8ab0d55..b9eca0e 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -236,6 +236,26 @@ select_random_host (int *table)
}
+/* Figure out if a set of DNS records looks like a pool. */
+static int
+arecords_is_pool (dns_addrinfo_t aibuf)
+{
+ dns_addrinfo_t ai;
+ int n_v6, n_v4;
+
+ n_v6 = n_v4 = 0;
+ for (ai = aibuf; ai; ai = ai->next)
+ {
+ if (ai->family != AF_INET6)
+ n_v6++;
+ else if (ai->family != AF_INET)
+ n_v4++;
+ }
+
+ return n_v6 > 1 || n_v4 > 1;
+}
+
+
/* Map the host name NAME to the actual to be used host name. This
allows us to manage round robin DNS names. We use our own strategy
to choose one of the hosts. For example we skip those hosts which
@@ -312,23 +332,12 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
}
else
{
- int n_v6, n_v4;
-
/* First figure out whether this is a pool. For a pool we
use a different strategy than for a plain server: We use
the canonical name of the pool as the virtual host along
with the IP addresses. If it is not a pool, we use the
specified name. */
- n_v6 = n_v4 = 0;
- for (ai = aibuf; ai; ai = ai->next)
- {
- if (ai->family != AF_INET6)
- n_v6++;
- else if (ai->family != AF_INET)
- n_v4++;
- }
- if (n_v6 > 1 || n_v4 > 1)
- is_pool = 1;
+ is_pool = arecords_is_pool (aibuf);
if (is_pool && cname)
{
hi->cname = cname;
-----------------------------------------------------------------------
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list