[git] GnuPG - branch, master, updated. gnupg-2.1.13-121-ge5896da

by Werner Koch cvs at cvs.gnupg.org
Wed Jul 6 15:53:08 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e5896da666551da5322b2ae5458d429b9e60241e (commit)
      from  a479804c86bc24bfab101f39464db3ecfbaedf6d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e5896da666551da5322b2ae5458d429b9e60241e
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 6 15:50:57 2016 +0200

    wks: Let the server take the encrytion key from the file.
    
    * tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
    'keyfile'.
    (store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
    (send_confirmation_request): Add arg 'keyfile'.
    (process_new_key): Pass on the name of the keyfile.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index 305b454..e46eafa 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -500,9 +500,9 @@ encrypt_stream_status_cb (void *opaque, const char *keyword, char *args)
 
 
 /* Encrypt the INPUT stream to a new stream which is stored at success
- * at R_OUTPUT.  Encryption is done for the key with FINGERPRINT.  */
+ * at R_OUTPUT.  Encryption is done for the key in file KEYFIL.  */
 static gpg_error_t
-encrypt_stream (estream_t *r_output, estream_t input, const char *fingerprint)
+encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile)
 {
   gpg_error_t err;
   ccparray_t ccp;
@@ -529,9 +529,10 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *fingerprint)
   ccparray_put (&ccp, "--batch");
   ccparray_put (&ccp, "--status-fd=2");
   ccparray_put (&ccp, "--always-trust");
+  ccparray_put (&ccp, "--no-keyring");
   ccparray_put (&ccp, "--armor");
-  ccparray_put (&ccp, "--recipient");
-  ccparray_put (&ccp, fingerprint);
+  ccparray_put (&ccp, "--recipient-file");
+  ccparray_put (&ccp, keyfile);
   ccparray_put (&ccp, "--encrypt");
   ccparray_put (&ccp, "--");
 
@@ -631,9 +632,11 @@ get_submission_address (const char *mbox)
 
 
 /* We store the key under the name of the nonce we will then send to
- * the user.  On success the nonce is stored at R_NONCE.  */
+ * the user.  On success the nonce is stored at R_NONCE and the file
+ * name at R_FNAME.  */
 static gpg_error_t
-store_key_as_pending (const char *dir, estream_t key, char **r_nonce)
+store_key_as_pending (const char *dir, estream_t key,
+                      char **r_nonce, char **r_fname)
 {
   gpg_error_t err;
   char *dname = NULL;
@@ -644,6 +647,7 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce)
   size_t nbytes, nwritten;
 
   *r_nonce = NULL;
+  *r_fname = NULL;
 
   dname = make_filename_try (dir, "pending", NULL);
   if (!dname)
@@ -728,11 +732,15 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce)
     }
 
   if (!err)
-    *r_nonce = nonce;
+    {
+      *r_nonce = nonce;
+      *r_fname = fname;
+    }
   else
-    xfree (nonce);
-
-  xfree (fname);
+    {
+      xfree (nonce);
+      xfree (fname);
+    }
   xfree (dname);
   return err;
 }
@@ -740,10 +748,11 @@ store_key_as_pending (const char *dir, estream_t key, char **r_nonce)
 
 /* Send a confirmation rewqyest.  DIR is the directory used for the
  * address MBOX.  NONCE is the nonce we want to see in the response to
- * this mail.  */
+ * this mail.  FNAME the name of the file with the key.  */
 static gpg_error_t
 send_confirmation_request (server_ctx_t ctx,
-                           const char *mbox, const char *nonce)
+                           const char *mbox, const char *nonce,
+                           const char *keyfile)
 {
   gpg_error_t err;
   estream_t body = NULL;
@@ -791,7 +800,7 @@ send_confirmation_request (server_ctx_t ctx,
               nonce);
 
   es_rewind (body);
-  err = encrypt_stream (&bodyenc, body, ctx->fpr);
+  err = encrypt_stream (&bodyenc, body, keyfile);
   if (err)
     goto leave;
   es_fclose (body);
@@ -863,6 +872,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
   const char *s;
   char *dname = NULL;
   char *nonce = NULL;
+  char *fname = NULL;
 
   /* First figure out the user id from the key.  */
   err = list_key (ctx, key);
@@ -902,11 +912,12 @@ process_new_key (server_ctx_t ctx, estream_t key)
       log_info ("storing address '%s'\n", sl->d);
 
       xfree (nonce);
-      err = store_key_as_pending (dname, key, &nonce);
+      xfree (fname);
+      err = store_key_as_pending (dname, key, &nonce, &fname);
       if (err)
         goto leave;
 
-      err = send_confirmation_request (ctx, sl->d, nonce);
+      err = send_confirmation_request (ctx, sl->d, nonce, fname);
       if (err)
         goto leave;
     }
@@ -915,6 +926,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
   if (nonce)
     wipememory (nonce, strlen (nonce));
   xfree (nonce);
+  xfree (fname);
   xfree (dname);
   return err;
 }

-----------------------------------------------------------------------

Summary of changes:
 tools/gpg-wks-server.c | 42 +++++++++++++++++++++++++++---------------
 1 file changed, 27 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list