[git] GnuPG - branch, master, updated. gnupg-2.1.9-164-g73c1a86
by Justus Winter
cvs at cvs.gnupg.org
Mon Nov 23 14:06:53 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 73c1a86ad937d7be027eece991c69aaeb6a1f092 (commit)
via c9f5aa15793b3c05c1b92af401b23ab34d3e6196 (commit)
via 3f52f6bcacfe3877d30a21464e93e9240bc75085 (commit)
via 23ea641ba2a063cc99c82869061703d48bc674b2 (commit)
via 2b43a0515868b8720009e48d7a1f32d571767f14 (commit)
from a9e0b1dd6c106e243e3fbbaa1838b56a1f1c8584 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 73c1a86ad937d7be027eece991c69aaeb6a1f092
Author: Justus Winter <justus at g10code.com>
Date: Thu Nov 19 15:03:30 2015 +0100
dirmngr: Honor ports specified in SRV records.
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
(create_new_hostinfo): Initialize 'port'.
(add_host): Add host parameter and update the hosttable entry.
(map_host): Return port if known, adjust calls to 'add_host'.
(make_host_part): Let 'map_host' specify the port if known.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 3ea3245..e458899 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -92,6 +92,7 @@ struct hostinfo_s
char *v6addr; /* A string with the v6 IP address of the host.
NULL if NAME has a numeric IP address or no v6
address is available. */
+ unsigned short port; /* The port used by the host, 0 if unknown. */
char name[1]; /* The hostname. */
};
@@ -131,6 +132,7 @@ create_new_hostinfo (const char *name)
hi->cname = NULL;
hi->v4addr = NULL;
hi->v6addr = NULL;
+ hi->port = 0;
/* Add it to the hosttable. */
for (idx=0; idx < hosttable_size; idx++)
@@ -256,10 +258,13 @@ arecords_is_pool (dns_addrinfo_t aibuf)
}
-/* Add the host AI under the NAME into the HOSTTABLE. Updates the
- given reference table. */
+/* Add the host AI under the NAME into the HOSTTABLE. If PORT is not
+ zero, it specifies which port to use to talk to the host. If NAME
+ specifies a pool (as indicated by IS_POOL), update the given
+ reference table accordingly. */
static void
-add_host (const char *name, const dns_addrinfo_t ai, int is_pool,
+add_host (const char *name, int is_pool,
+ const dns_addrinfo_t ai, unsigned short port,
int *reftbl, size_t reftblsize, int *refidx)
{
gpg_error_t tmperr;
@@ -322,6 +327,9 @@ add_host (const char *name, const dns_addrinfo_t ai, int is_pool,
{
char *ipaddr = NULL;
+ if (port)
+ hosttable[tmpidx]->port = port;
+
if (!is_numeric)
{
xfree (tmphost);
@@ -371,13 +379,16 @@ add_host (const char *name, const dns_addrinfo_t ai, int is_pool,
failed for some time and we stick to one host for a time
independent of DNS retry times. If FORCE_RESELECT is true a new
host is always selected. The selected host is stored as a malloced
- string at R_HOST; on error NULL is stored. If R_HTTPFLAGS is not
+ string at R_HOST; on error NULL is stored. If we know the port
+ used by the selected host, a string representation is written to
+ R_PORTSTR, otherwise it is left untouched. If R_HTTPFLAGS is not
NULL it will receive flags which are to be passed to http_open. If
R_POOLNAME is not NULL a malloced name of the pool is stored or
NULL if it is not a pool. */
static gpg_error_t
map_host (ctrl_t ctrl, const char *name, int force_reselect,
- char **r_host, unsigned int *r_httpflags, char **r_poolname)
+ char **r_host, char *r_portstr,
+ unsigned int *r_httpflags, char **r_poolname)
{
gpg_error_t err = 0;
hostinfo_t hi;
@@ -468,7 +479,8 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
if (err)
continue;
dirmngr_tick (ctrl);
- add_host (name, ai, is_pool, reftbl, reftblsize, &refidx);
+ add_host (name, is_pool, ai, srvs[i].port,
+ reftbl, reftblsize, &refidx);
}
xfree (srvs);
@@ -504,7 +516,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
continue;
dirmngr_tick (ctrl);
- add_host (name, ai, is_pool, reftbl, reftblsize, &refidx);
+ add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
}
}
reftbl[refidx] = -1;
@@ -609,6 +621,9 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
}
return err;
}
+ if (hi->port)
+ snprintf (r_portstr, 6 /* five digits and the sentinel */,
+ "%hu", hi->port);
return 0;
}
@@ -860,16 +875,24 @@ make_host_part (ctrl_t ctrl,
*r_hostport = NULL;
+ portstr[0] = 0;
+ err = map_host (ctrl, host, force_reselect,
+ &hostname, portstr, r_httpflags, r_poolname);
+ if (err)
+ return err;
+
/* Map scheme and port. */
if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https"))
{
scheme = "https";
- strcpy (portstr, "443");
+ if (! *portstr)
+ strcpy (portstr, "443");
}
else /* HKP or HTTP. */
{
scheme = "http";
- strcpy (portstr, "11371");
+ if (! *portstr)
+ strcpy (portstr, "11371");
}
if (port)
snprintf (portstr, sizeof portstr, "%hu", port);
@@ -878,11 +901,6 @@ make_host_part (ctrl_t ctrl,
/*fixme_do_srv_lookup ()*/
}
- err = map_host (ctrl, host, force_reselect,
- &hostname, r_httpflags, r_poolname);
- if (err)
- return err;
-
*r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL);
xfree (hostname);
if (!*r_hostport)
commit c9f5aa15793b3c05c1b92af401b23ab34d3e6196
Author: Justus Winter <justus at g10code.com>
Date: Thu Nov 19 14:29:36 2015 +0100
dirmngr: Support hkp server pools using SRV records.
* dirmngr/ks-engine-hkp.c (map_host): Handle SRV records.
--
Signed-off-by: Justus Winter <justus at g10code.com>
GnuPG-bug-id: 1788
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index be0280b..3ea3245 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -415,6 +415,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
int refidx;
int is_pool = 0;
char *cname;
+#ifdef USE_DNS_SRV
+ char *srvrecord;
+ struct srventry *srvs;
+ int srvscount;
+#endif /* USE_DNS_SRV */
reftblsize = 100;
reftbl = xtrymalloc (reftblsize * sizeof *reftbl);
@@ -431,6 +436,45 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
}
hi = hosttable[idx];
+#ifdef USE_DNS_SRV
+ /* Check for SRV records. */
+ srvrecord = xtryasprintf ("_hkp._tcp.%s", name);
+ if (srvrecord == NULL)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (reftbl);
+ return err;
+ }
+
+ srvscount = getsrv (srvrecord, &srvs);
+ xfree (srvrecord);
+ if (srvscount < 0)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (reftbl);
+ return err;
+ }
+
+ if (srvscount > 0)
+ {
+ int i;
+ is_pool = srvscount > 1;
+
+ for (i = 0; i < srvscount; i++)
+ {
+ err = resolve_dns_name (srvs[i].target, 0,
+ AF_UNSPEC, SOCK_STREAM,
+ &ai, &cname);
+ if (err)
+ continue;
+ dirmngr_tick (ctrl);
+ add_host (name, ai, is_pool, reftbl, reftblsize, &refidx);
+ }
+
+ xfree (srvs);
+ }
+#endif /* USE_DNS_SRV */
+
/* Find all A records for this entry and put them into the pool
list - if any. */
err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname);
@@ -446,7 +490,8 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
the canonical name of the pool as the virtual host along
with the IP addresses. If it is not a pool, we use the
specified name. */
- is_pool = arecords_is_pool (aibuf);
+ if (! is_pool)
+ is_pool = arecords_is_pool (aibuf);
if (is_pool && cname)
{
hi->cname = cname;
commit 3f52f6bcacfe3877d30a21464e93e9240bc75085
Author: Justus Winter <justus at g10code.com>
Date: Thu Nov 19 13:00:59 2015 +0100
dirmngr: Refactor 'map_host'.
* dirmngr/ks-engine-hkp.c (add_host): New function.
(map_host): Use the new function.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index a08043f..be0280b 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -256,6 +256,115 @@ arecords_is_pool (dns_addrinfo_t aibuf)
}
+/* Add the host AI under the NAME into the HOSTTABLE. Updates the
+ given reference table. */
+static void
+add_host (const char *name, const dns_addrinfo_t ai, int is_pool,
+ int *reftbl, size_t reftblsize, int *refidx)
+{
+ gpg_error_t tmperr;
+ char *tmphost;
+ int idx, tmpidx;
+ int is_numeric = 0;
+ int i;
+
+ idx = find_hostinfo (name);
+
+ if (!is_pool && !is_ip_address (name))
+ {
+ /* This is a hostname but not a pool. Use the name
+ as given without going through resolve_dns_addr. */
+ tmphost = xtrystrdup (name);
+ if (!tmphost)
+ tmperr = gpg_error_from_syserror ();
+ else
+ tmperr = 0;
+ }
+ else
+ {
+ tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+ DNS_WITHBRACKET, &tmphost);
+ if (tmphost && is_ip_address (tmphost))
+ is_numeric = 1;
+ }
+
+ if (tmperr)
+ {
+ log_info ("resolve_dns_addr failed while checking '%s': %s\n",
+ name, gpg_strerror (tmperr));
+ }
+ else if ((*refidx) + 1 >= reftblsize)
+ {
+ log_error ("resolve_dns_addr for '%s': '%s'"
+ " [index table full - ignored]\n", name, tmphost);
+ }
+ else
+ {
+ if (!is_pool && is_ip_address (name))
+ /* Update the original entry. */
+ tmpidx = idx;
+ else
+ tmpidx = find_hostinfo (tmphost);
+ log_info ("resolve_dns_addr for '%s': '%s'%s\n",
+ name, tmphost,
+ tmpidx == -1? "" : " [already known]");
+
+ if (tmpidx == -1) /* Create a new entry. */
+ tmpidx = create_new_hostinfo (tmphost);
+
+ if (tmpidx == -1)
+ {
+ log_error ("map_host for '%s' problem: %s - '%s'"
+ " [ignored]\n",
+ name, strerror (errno), tmphost);
+ }
+ else /* Set or update the entry. */
+ {
+ char *ipaddr = NULL;
+
+ if (!is_numeric)
+ {
+ xfree (tmphost);
+ tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+ (DNS_NUMERICHOST
+ | DNS_WITHBRACKET),
+ &tmphost);
+ if (tmperr)
+ log_info ("resolve_dns_addr failed: %s\n",
+ gpg_strerror (tmperr));
+ else
+ {
+ ipaddr = tmphost;
+ tmphost = NULL;
+ }
+ }
+
+ if (ai->family == AF_INET6)
+ {
+ hosttable[tmpidx]->v6 = 1;
+ xfree (hosttable[tmpidx]->v6addr);
+ hosttable[tmpidx]->v6addr = ipaddr;
+ }
+ else if (ai->family == AF_INET)
+ {
+ hosttable[tmpidx]->v4 = 1;
+ xfree (hosttable[tmpidx]->v4addr);
+ hosttable[tmpidx]->v4addr = ipaddr;
+ }
+ else
+ BUG ();
+
+ for (i=0; i < *refidx; i++)
+ if (reftbl[i] == tmpidx)
+ break;
+ if (!(i < *refidx) && tmpidx != idx)
+ reftbl[(*refidx)++] = tmpidx;
+ }
+ }
+ xfree (tmphost);
+}
+
+
/* Map the host name NAME to the actual to be used host name. This
allows us to manage round robin DNS names. We use our own strategy
to choose one of the hosts. For example we skip those hosts which
@@ -346,109 +455,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
for (ai = aibuf; ai; ai = ai->next)
{
- gpg_error_t tmperr;
- char *tmphost;
- int tmpidx;
- int is_numeric = 0;
- int i;
-
if (ai->family != AF_INET && ai->family != AF_INET6)
continue;
-
dirmngr_tick (ctrl);
- if (!is_pool && !is_ip_address (name))
- {
- /* This is a hostname but not a pool. Use the name
- as given without going through resolve_dns_addr. */
- tmphost = xtrystrdup (name);
- if (!tmphost)
- tmperr = gpg_error_from_syserror ();
- else
- tmperr = 0;
- }
- else
- {
- tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
- DNS_WITHBRACKET, &tmphost);
- if (tmphost && is_ip_address (tmphost))
- is_numeric = 1;
- }
-
- if (tmperr)
- {
- log_info ("resolve_dns_addr failed while checking '%s': %s\n",
- name, gpg_strerror (tmperr));
- }
- else if (refidx+1 >= reftblsize)
- {
- log_error ("resolve_dns_addr for '%s': '%s'"
- " [index table full - ignored]\n", name, tmphost);
- }
- else
- {
- if (!is_pool && is_ip_address (name))
- /* Update the original entry. */
- tmpidx = idx;
- else
- tmpidx = find_hostinfo (tmphost);
- log_info ("resolve_dns_addr for '%s': '%s'%s\n",
- name, tmphost,
- tmpidx == -1? "" : " [already known]");
-
- if (tmpidx == -1) /* Create a new entry. */
- tmpidx = create_new_hostinfo (tmphost);
-
- if (tmpidx == -1)
- {
- log_error ("map_host for '%s' problem: %s - '%s'"
- " [ignored]\n",
- name, strerror (errno), tmphost);
- }
- else /* Set or update the entry. */
- {
- char *ipaddr = NULL;
-
- if (!is_numeric)
- {
- xfree (tmphost);
- tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
- (DNS_NUMERICHOST
- | DNS_WITHBRACKET),
- &tmphost);
- if (tmperr)
- log_info ("resolve_dns_addr failed: %s\n",
- gpg_strerror (tmperr));
- else
- {
- ipaddr = tmphost;
- tmphost = NULL;
- }
- }
-
- if (ai->family == AF_INET6)
- {
- hosttable[tmpidx]->v6 = 1;
- xfree (hosttable[tmpidx]->v6addr);
- hosttable[tmpidx]->v6addr = ipaddr;
- }
- else if (ai->family == AF_INET)
- {
- hosttable[tmpidx]->v4 = 1;
- xfree (hosttable[tmpidx]->v4addr);
- hosttable[tmpidx]->v4addr = ipaddr;
- }
- else
- BUG ();
-
- for (i=0; i < refidx; i++)
- if (reftbl[i] == tmpidx)
- break;
- if (!(i < refidx) && tmpidx != idx)
- reftbl[refidx++] = tmpidx;
- }
- }
- xfree (tmphost);
+ add_host (name, ai, is_pool, reftbl, reftblsize, &refidx);
}
}
reftbl[refidx] = -1;
commit 23ea641ba2a063cc99c82869061703d48bc674b2
Author: Justus Winter <justus at g10code.com>
Date: Mon Nov 23 13:59:01 2015 +0100
dirmngr: Fix pool detection.
* dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index b9eca0e..a08043f 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -246,9 +246,9 @@ arecords_is_pool (dns_addrinfo_t aibuf)
n_v6 = n_v4 = 0;
for (ai = aibuf; ai; ai = ai->next)
{
- if (ai->family != AF_INET6)
+ if (ai->family == AF_INET6)
n_v6++;
- else if (ai->family != AF_INET)
+ else if (ai->family == AF_INET)
n_v4++;
}
commit 2b43a0515868b8720009e48d7a1f32d571767f14
Author: Justus Winter <justus at g10code.com>
Date: Thu Nov 19 12:43:23 2015 +0100
dirmngr: Refactor 'map_host'.
* dirmngr/ks-engine-hkp.c (arecords_is_pool): New function.
(map_host): Use the new function.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 8ab0d55..b9eca0e 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -236,6 +236,26 @@ select_random_host (int *table)
}
+/* Figure out if a set of DNS records looks like a pool. */
+static int
+arecords_is_pool (dns_addrinfo_t aibuf)
+{
+ dns_addrinfo_t ai;
+ int n_v6, n_v4;
+
+ n_v6 = n_v4 = 0;
+ for (ai = aibuf; ai; ai = ai->next)
+ {
+ if (ai->family != AF_INET6)
+ n_v6++;
+ else if (ai->family != AF_INET)
+ n_v4++;
+ }
+
+ return n_v6 > 1 || n_v4 > 1;
+}
+
+
/* Map the host name NAME to the actual to be used host name. This
allows us to manage round robin DNS names. We use our own strategy
to choose one of the hosts. For example we skip those hosts which
@@ -312,23 +332,12 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
}
else
{
- int n_v6, n_v4;
-
/* First figure out whether this is a pool. For a pool we
use a different strategy than for a plain server: We use
the canonical name of the pool as the virtual host along
with the IP addresses. If it is not a pool, we use the
specified name. */
- n_v6 = n_v4 = 0;
- for (ai = aibuf; ai; ai = ai->next)
- {
- if (ai->family != AF_INET6)
- n_v6++;
- else if (ai->family != AF_INET)
- n_v4++;
- }
- if (n_v6 > 1 || n_v4 > 1)
- is_pool = 1;
+ is_pool = arecords_is_pool (aibuf);
if (is_pool && cname)
{
hi->cname = cname;
-----------------------------------------------------------------------
Summary of changes:
dirmngr/ks-engine-hkp.c | 323 ++++++++++++++++++++++++++++++------------------
1 file changed, 203 insertions(+), 120 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list