* http.h, http.c (send_request): Pass in srvtag and make its presence

sufficient to turn the feature on. (http_open): From here. (http_document): And here. * gpgkeys_hkp.c (srv_replace): New function to transform a SRV hostname to a real hostname. (main): Call it from here for the HAVE_LIBCURL case (without libcurl is handled via the curl-shim). * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http engine).
author: David Shaw <dshaw@jabberwocky.com> 2009-05-28 06:25:25 +0200
committer: David Shaw <dshaw@jabberwocky.com> 2009-05-28 06:25:25 +0200
commit: a7205a080cf1b17d385453c8ec244d3bf67bf537 (patch)
tree: 4fe96d047f829ab9b026fe9a8aa8d0c9bb0523d5 /keyserver/gpgkeys_hkp.c
parent: * srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ is (diff)
download: gnupg2-a7205a080cf1b17d385453c8ec244d3bf67bf537.tar.xz
gnupg2-a7205a080cf1b17d385453c8ec244d3bf67bf537.zip
1 files changed, 78 insertions, 17 deletions
diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c
index ef6fd7cb4..0764fe2ac 100644
--- a/keyserver/gpgkeys_hkp.c
+++ b/keyserver/gpgkeys_hkp.c
@@ -43,6 +43,9 @@
 #else
 #include "curl-shim.h"
 #endif
+#ifdef USE_DNS_SRV
+#include "srv.h"
+#endif
 #include "keyserver.h"
 #include "ksutil.h"
 
@@ -183,6 +186,7 @@ send_key(int *r_eof)
   strcat(key,encoded_key);
 
   strcpy(request,proto);
+  strcat(request,"://");
   strcat(request,opt->host);
   strcat(request,":");
   strcat(request,port);
@@ -247,6 +251,7 @@ get_key(char *getkey)
     }
 
   strcpy(request,proto);
+  strcat(request,"://");
   strcat(request,opt->host);
   strcat(request,":");
   strcat(request,port);
@@ -325,6 +330,7 @@ get_name(const char *getkey)
   fprintf(output,"NAME %s BEGIN\n",getkey);
 
   strcpy(request,proto);
+  strcat(request,"://");
   strcat(request,opt->host);
   strcat(request,":");
   strcat(request,port);
@@ -408,6 +414,7 @@ search_key(const char *searchkey)
   fprintf(output,"SEARCH %s BEGIN\n",searchkey);
 
   strcpy(request,proto);
+  strcat(request,"://");
   strcat(request,opt->host);
   strcat(request,":");
   strcat(request,port);
@@ -478,6 +485,51 @@ fail_all(struct keylist *keylist,int err)
       }
 }
 
+#ifdef HAVE_LIBCURL
+/* If there is a SRV record, take the highest ranked possibility.
+   This is a hack, as we don't proceed downwards. */
+static void
+srv_replace(void)
+{
+#ifdef USE_DNS_SRV
+  struct srventry *srvlist=NULL;
+  int srvcount;
+
+  if(1+strlen(opt->scheme)+6+strlen(opt->host)+1<=MAXDNAME)
+    {
+      char srvname[MAXDNAME];
+
+      strcpy(srvname,"_");
+      strcat(srvname,opt->scheme);
+      strcat(srvname,"._tcp.");
+      strcat(srvname,opt->host);
+      srvcount=getsrv(srvname,&srvlist);
+    }
+
+  if(srvlist)
+    {
+      char *newname,*newport;
+
+      newname=strdup(srvlist->target);
+      newport=malloc(MAX_PORT);
+      if(newname && newport)
+	{
+	  free(opt->host);
+	  free(opt->port);
+	  opt->host=newname;
+	  snprintf(newport,MAX_PORT,"%u",srvlist->port);
+	  opt->port=newport;
+	}
+      else
+	{
+	  free(newname);
+	  free(newport);
+	}
+    }
+#endif
+}
+#endif
+
 static void 
 show_help (FILE *fp)
 {
@@ -490,7 +542,7 @@ show_help (FILE *fp)
 int
 main(int argc,char *argv[])
 {
-  int arg,ret=KEYSERVER_INTERNAL_ERROR;
+  int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1;
   char line[MAX_LINE];
   int failed=0;
   struct keylist *keylist=NULL,*keyptr=NULL;
@@ -604,15 +656,14 @@ main(int argc,char *argv[])
 		    }
 		}
 	    }
-#if 0
 	  else if(strcasecmp(start,"try-dns-srv")==0)
 	    {
 	      if(no)
-		http_flags&=~HTTP_FLAG_TRY_SRV;
+		try_srv=0;
 	      else
-		http_flags|=HTTP_FLAG_TRY_SRV;
+		try_srv=1;
 	    }
-#endif
+
 	  continue;
 	}
     }
@@ -626,18 +677,15 @@ main(int argc,char *argv[])
 
   if(ks_strcasecmp(opt->scheme,"hkps")==0)
     {
-      proto="https://";
+      proto="https";
       port="443";
     }
   else
     {
-      proto="http://";
+      proto="http";
       port="11371";
     }
 
-  if(opt->port)
-    port=opt->port;
-
   if(!opt->host)
     {
       fprintf(console,"gpgkeys: no keyserver host provided\n");
@@ -659,6 +707,26 @@ main(int argc,char *argv[])
       goto fail;
     }
 
+  /* If the user gives a :port, then disable SRV.  The semantics of a
+     specified port and SRV do not play well together. */
+  if(opt->port)
+    port=opt->port;
+  else if(try_srv)
+    {
+#ifdef HAVE_LIBCURL
+      /* We're using libcurl, so fake SRV support via our wrapper.
+	 This isn't as good as true SRV support, as we do not try all
+	 possible targets at one particular level and work our way
+	 down the list, but it's better than nothing. */      
+      srv_replace();
+#else
+      /* We're using our internal curl shim, so we can use its (true)
+	 SRV support.  Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real
+	 libcurl option.  It's specific to our shim. */
+      curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,opt->scheme);
+#endif
+    }
+
   curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
 
   if(opt->auth)
@@ -677,13 +745,6 @@ main(int argc,char *argv[])
   if(proxy)
     curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
 
-#if 0
-  /* By suggested convention, if the user gives a :port, then disable
-     SRV. */
-  if(opt->port)
-    http_flags&=~HTTP_FLAG_TRY_SRV;
-#endif
-
   /* If it's a GET or a SEARCH, the next thing to come in is the
      keyids.  If it's a SEND, then there are no keyids. */
author	David Shaw <dshaw@jabberwocky.com>	2009-05-28 06:25:25 +0200
committer	David Shaw <dshaw@jabberwocky.com>	2009-05-28 06:25:25 +0200
commit	a7205a080cf1b17d385453c8ec244d3bf67bf537 (patch)
tree	4fe96d047f829ab9b026fe9a8aa8d0c9bb0523d5 /keyserver/gpgkeys_hkp.c
parent	* srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ is (diff)
download	gnupg2-a7205a080cf1b17d385453c8ec244d3bf67bf537.tar.xz gnupg2-a7205a080cf1b17d385453c8ec244d3bf67bf537.zip