diff options
Diffstat (limited to 'keyserver')
| -rw-r--r-- | keyserver/ChangeLog | 291 | ||||
| -rw-r--r-- | keyserver/Makefile.am | 34 | ||||
| -rw-r--r-- | keyserver/gpgkeys_hkp.c | 1062 | ||||
| -rw-r--r-- | keyserver/gpgkeys_ldap.c | 1107 | ||||
| -rwxr-xr-x | keyserver/gpgkeys_mailto.in | 202 | ||||
| -rwxr-xr-x | keyserver/gpgkeys_test.in | 79 |
6 files changed, 0 insertions, 2775 deletions
diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog deleted file mode 100644 index a24a6e7ef..000000000 --- a/keyserver/ChangeLog +++ /dev/null @@ -1,291 +0,0 @@ -2002-10-14 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c (write_quoted): Use %-encoding instead of - \-encoding. - (parse_hkp_index): Use new keyserver key listing format, and add - support for disabled keys via include-disabled. - - * gpgkeys_ldap.c (get_key): Don't print keysize unless it's >0. - (printquoted): Use %-encoding instead of \-encoding. - (search_key): Use new keyserver key listing format. - -2002-10-08 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c (search_key, main): Make sure LDAP values are - freed in case of error. - - * gpgkeys_ldap.c (fail_all): New function to unwind a keylist and - error each item. - (main): Call fail_all from here, as needed. Also add a NO_MEMORY - error in an appropriate place and fix error return code. - (ldap_err_to_gpg_err): Add KEYSERVER_UNREACHABLE. - - * gpgkeys_hkp.c (fail_all): New function to unwind a keylist and - error each item. - (main): Call fail_all from here. Also add a NO_MEMORY error in an - appropriate place. - (get_key): Use new UNREACHABLE error for network errors. - -2002-09-26 Werner Koch <wk@gnupg.org> - - * gpgkeys_ldap.c (send_key): Removed non-constant initializers. - -2002-09-24 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c (ldap_err_to_gpg_err, ldap_to_gpg_err, send_key, - get_key, search_key, main): Some minor error reporting - enhancements for use with GPA (show reasons for KEY FAILED). - - * gpgkeys_hkp.c (send_key, get_key, search_key, main): Some minor - error reporting enhancements for use with GPA (show reasons for - KEY FAILED). - -2002-09-20 Werner Koch <wk@gnupg.org> - - * gpgkeys_hkp.c (handle_old_hkp_index): s/input/inp/ to avoid - shadowing warning. - -2002-09-19 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c (get_key, handle_old_hkp_index, search_key): - Properly handle line truncation. - -2002-09-16 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_mailto.in: Add quasi-RFC-2368 mailto:email@addr?from= - syntax so people can set their own email address to respond to. - - * gpgkeys_hkp.c (get_key): Properly respond with KEY FAILED (to - gpg) and "key not found" (to user) on failure. - -2002-09-13 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c: (search_key, handle_old_hkp_index): Try and - request a machine-readable key index. If the server supports - this, pass it through. If the server does not support it, parse - the "index" page. - -2002-09-12 Stefan Bellon <sbellon@sbellon.de> - - * gpgkeys_hkp.c: Tidied up RISC OS initializations. - -2002-09-12 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c (main): Remove warning - this is no longer - experimental code. - -2002-09-09 Werner Koch <wk@gnupg.org> - - * gpgkeys_hkp.c (send_key, get_key, search_key): Check return - value of malloc. - (dehtmlize): Use ascii_tolower to protect against weird locales. - Cast the argument for isspace for the sake of broken HP/UXes. - (search_key): Check return value of realloc. - -2002-09-09 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c (get_key): Some compilers (RISC OS, HPUX c89) - don't like using variables as array initializers. - - * gpgkeys_hkp.c (send_key): Use CRLF in headers. - -2002-08-28 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c (parse_hkp_index): Use same types on all - platforms. This was probably leftover from earlier code where the - typing mattered. - - * gpgkeys_hkp.c: Overall cleanup from iobuf conversion. Be - consistent in m_alloc and malloc usage. Remove include-disabled - (meaningless on HKP). RISC OS tweak. - -2002-08-27 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c, Makefile.am: Convert over to using iobufs. - - * gpgkeys_hkp.c (http_get, http_post): Use CRLF for line endings. - - * gpgkeys_hkp.c: Include util.h on RISC OS as per Stefan. Include - a replacement for hstrerror() for those platforms (such as RISC - OS) that don't have it. - -2002-08-26 David Shaw <dshaw@jabberwocky.com> - - * Makefile.am: May as well include gpgkeys_hkp.c in the - distribution now. It works well enough without proxies, and isn't - built by default. It would be good to get some test experience - with it. - - * gpgkeys_hkp.c (main): Don't warn about include-subkeys - it - isn't unsupported, it's actually non-meaningful in the context of - HKP (yet). - - * gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Move HTML - functionality into new "dehtmlize" function. Remove HTML before - trying to parse each line from the keyserver. If the keyserver - provides key type information in the listing, use it. (Copy over - from g10/hkp.c). - -2002-08-19 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c (get_key, parse_hkp_index): Bring over latest code - from g10/hkp.c. - - * gpgkeys_ldap.c (get_key): Fix cosmetic URL display problem - (extra ":" at the end). - -2002-08-03 Stefan Bellon <sbellon@sbellon.de> - - * gpgkeys_ldap.c: Tidied up RISC OS initializations. - -2002-07-25 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c: "Warning" -> "WARNING" - -2002-07-24 David Shaw <dshaw@jabberwocky.com> - - * Makefile.am: Install keyserver helpers in @GNUPG_LIBEXECDIR@ - -2002-07-15 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c (send_key, get_key, main): Consult the server - version string to determine whether to use pgpKey or pgpKeyV2. - -2002-07-09 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_mailto.in: Use new OPAQUE tag for non net-path URIs. - Fail more elegantly if there is no email address to send to. Show - the GnuPG version in the message body. - -2002-07-04 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c (get_key), gpgkeys_hkp.c (get_key): Display - keyserver URI as a URI, but only if verbose. - -2002-07-01 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c (parse_hkp_index): Error if the keyserver returns - an unparseable HKP response. - - * gpgkeys_hkp.c (main): Warn on honor-http-proxy, - broken-http-proxy, and include-subkeys (not supported yet). - - * gpgkeys_ldap.c (main), gpgkeys_hkp.c (http_connect, main): Fix - some shadowing warnings. - -2002-06-11 David Shaw <dshaw@jabberwocky.com> - - * Makefile.am: Don't hard-code the LDAP libraries - get them from - LDAPLIBS via configure. Also, gpgkeys_hkp is a program, not a - script. - -2002-06-10 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c (include_subkeys): Default "include-subkeys" to - off, since GnuPG now defaults it to on. - -2002-06-06 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_hkp.c (parse_hkp_index): Type tweaks. - - * gpgkeys_hkp.c (main): Add experimental code warning. - -2002-06-05 David Shaw <dshaw@jabberwocky.com> - - * Makefile.am, gpgkeys_hkp.c (new): Experimental HKP keyserver - interface. - -2002-05-08 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c: Include <lber.h> if we absolutely must. This - helps when compiling against a very old OpenLDAP. - -2002-04-29 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_mailto.in: Properly handle key requests in full - fingerprint form. - -2002-03-29 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c (printquoted): Quote backslashes within keyserver - search responses. - -2002-02-25 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap (get_key): LDAP keyservers do not support v3 - fingerprints, so error out if someone tries. Actually, they don't - support any fingerprints, but at least we can calculate a keyid - from a v4 fingerprint. - -2002-02-23 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap: Clarify the notion of a partial failure. This is - possible if more than one key is being handled in a batch, and one - fails while the other succeeds. Note that a search that comes up - with no results is not a failure - that is a valid response of "no - answer". - - * gpgkeys_ldap.c (get_key): Allow GnuPG to send us full v4 - fingerprints, long key ids, or short key ids while fetching. - Since the LDAP server doesn't actually handle fingerprints, chop - them down to long key ids for actual use. - - * gpgkeys_ldap.c (main, get_key): When searching for a keyid, - search for subkeys as well as primary keys. This is mostly - significant when automatically fetching the key based on the id in - a header (i.e. "signature made by...."). "no-include-subkeys" - disables. - -2002-02-14 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c: Fix compiler warning. - - * gpgkeys_ldap.c: Be much more robust with mangled input files. - -2001-12-28 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_mailto.in: Use the new OUTOFBAND indicator so gpg knows - not to try and import anything. Also turn on perl -w for - warnings. - - * gpgkeys_ldap.c (main): If we're using temp files (rather than - stdin/stdout), make sure the file is closed when we're done. - -2001-12-20 David Shaw <dshaw@jabberwocky.com> - - * Properly free the LDAP response when we're done with it. - - * Now that we handle multiple keys, we must remove duplicates as - the LDAP keyserver returns keys with multiple user IDs multiple - times. - - * Properly handle multiple keys with the same key ID (it's really - rare, so fetch "0xDEADBEEF" to test this). - -2001-12-17 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c, gpgkeys_mailto.in: Fix GNU capitalization - issues. Prefix log messages with "gpgkeys" to clarify which - program is generating them. - -2001-12-14 David Shaw <dshaw@jabberwocky.com> - - * gpgkeys_ldap.c (search_key): Use unsigned int rather than uint - for portability. - -2001-12-04 David Shaw <dshaw@jabberwocky.com> - - * Initial version of gpgkeys_ldap (LDAP keyserver helper) and - gpgkeys_mailto (email keyserver helper) - - - Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -
\ No newline at end of file diff --git a/keyserver/Makefile.am b/keyserver/Makefile.am deleted file mode 100644 index 6ef15d801..000000000 --- a/keyserver/Makefile.am +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright (C) 2001, 2002 Free Software Foundation, Inc. -# -# This file is part of GnuPG. -# -# GnuPG is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# GnuPG is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -## Process this file with automake to produce Makefile.in - -INCLUDES = -I$(top_srcdir)/include -EXTRA_PROGRAMS = gpgkeys_ldap gpgkeys_hkp -EXTRA_SCRIPTS = gpgkeys_mailto -libexecdir = @GNUPG_LIBEXECDIR@ - -# We don't need the libs the regular GPG binaries do -LIBS= - -libexec_PROGRAMS = @GPGKEYS_LDAP@ @GPGKEYS_HKP@ -libexec_SCRIPTS = @GPGKEYS_MAILTO@ -noinst_SCRIPTS = gpgkeys_test - -gpgkeys_ldap_LDADD = @LDAPLIBS@ @NETLIBS@ -gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c deleted file mode 100644 index f5a0ed0ca..000000000 --- a/keyserver/gpgkeys_hkp.c +++ /dev/null @@ -1,1062 +0,0 @@ -/* gpgkeys_hkp.c - talk to an HKP keyserver - * Copyright (C) 2001, 2002 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ - -#include <config.h> -#include <stdio.h> -#include <string.h> -#include <ctype.h> -#include <stdlib.h> -#include <errno.h> -#include <unistd.h> -#define INCLUDED_BY_MAIN_MODULE 1 -#include "util.h" -#include "http.h" -#include "keyserver.h" - -#define GET 0 -#define SEND 1 -#define SEARCH 2 -#define MAX_LINE 80 - -int verbose=0,include_revoked=0,include_disabled=0; -unsigned int http_flags=0; -char host[80]={'\0'},port[10]={'\0'}; -FILE *input=NULL,*output=NULL,*console=NULL; - -struct keylist -{ - char str[MAX_LINE]; - struct keylist *next; -}; - -#ifdef __riscos__ -RISCOS_GLOBAL_STATICS("HKP Keyfetcher Heap") -#endif /* __riscos__ */ - -int -urlencode_filter( void *opaque, int control, - IOBUF a, byte *buf, size_t *ret_len) -{ - size_t size = *ret_len; - int rc=0; - - if( control == IOBUFCTRL_FLUSH ) { - const byte *p; - for(p=buf; size; p++, size-- ) { - if( isalnum(*p) || *p == '-' ) - iobuf_put( a, *p ); - else if( *p == ' ' ) - iobuf_put( a, '+' ); - else { - char numbuf[5]; - sprintf(numbuf, "%%%02X", *p ); - iobuf_writestr(a, numbuf ); - } - } - } - else if( control == IOBUFCTRL_DESC ) - *(char**)buf = "urlencode_filter"; - return rc; -} - -int -send_key(int *eof) -{ - int rc,gotit=0,ret=KEYSERVER_INTERNAL_ERROR; - char keyid[17]; - char *request; - struct http_context hd; - unsigned int status; - IOBUF temp = iobuf_temp(); - char line[MAX_LINE]; - - request=malloc(strlen(host)+100); - if(!request) - { - fprintf(console,"gpgkeys: out of memory\n"); - return KEYSERVER_NO_MEMORY; - } - - iobuf_push_filter(temp,urlencode_filter,NULL); - - /* Read and throw away input until we see the BEGIN */ - - while(fgets(line,MAX_LINE,input)!=NULL) - if(sscanf(line,"KEY %16s BEGIN\n",keyid)==1) - { - gotit=1; - break; - } - - if(!gotit) - { - /* i.e. eof before the KEY BEGIN was found. This isn't an - error. */ - *eof=1; - ret=KEYSERVER_OK; - goto fail; - } - - gotit=0; - - /* Now slurp up everything until we see the END */ - - while(fgets(line,MAX_LINE,input)) - if(sscanf(line,"KEY %16s END\n",keyid)==1) - { - gotit=1; - break; - } - else - if(iobuf_writestr(temp,line)) - { - fprintf(console,"gpgkeys: internal iobuf error\n"); - goto fail; - } - - if(!gotit) - { - fprintf(console,"gpgkeys: no KEY %s END found\n",keyid); - *eof=1; - ret=KEYSERVER_KEY_INCOMPLETE; - goto fail; - } - - iobuf_flush_temp(temp); - - sprintf(request,"x-hkp://%s%s%s/pks/add", - host,port[0]?":":"",port[0]?port:""); - - if(verbose>2) - fprintf(console,"gpgkeys: HTTP URL is \"%s\"\n",request); - - rc=http_open(&hd,HTTP_REQ_POST,request,http_flags); - if(rc) - { - fprintf(console,"gpgkeys: unable to connect to `%s'\n",host); - goto fail; - } - - sprintf(request,"Content-Length: %u\r\n", - (unsigned)iobuf_get_temp_length(temp)+9); - iobuf_writestr(hd.fp_write,request); - - http_start_data(&hd); - - iobuf_writestr(hd.fp_write,"keytext="); - iobuf_write(hd.fp_write, - iobuf_get_temp_buffer(temp),iobuf_get_temp_length(temp)); - iobuf_put(hd.fp_write,'\n'); - - rc=http_wait_response(&hd,&status); - if(rc) - { - fprintf(console,"gpgkeys: error sending to `%s': %s\n", - host,g10_errstr(rc)); - goto fail; - } - - if((status/100)!=2) - { - fprintf(console,"gpgkeys: remote server returned error %d\n",status); - fprintf(output,"KEY %s FAILED %d\n",keyid,ret); - goto fail; - } - - fprintf(output,"KEY %s SENT\n",keyid); - - ret=KEYSERVER_OK; - - fail: - free(request); - iobuf_close(temp); - http_close(&hd); - - return ret; -} - -int -get_key(char *getkey) -{ - int rc,gotit=0; - char search[29]; - char *request; - struct http_context hd; - - /* Build the search string. HKP only uses the short key IDs. */ - - if(strncmp(getkey,"0x",2)==0) - getkey+=2; - - if(strlen(getkey)==32) - { - fprintf(console, - "gpgkeys: HKP keyservers do not support v3 fingerprints\n"); - fprintf(output,"KEY 0x%s BEGIN\n",getkey); - fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED); - return KEYSERVER_NOT_SUPPORTED; - } - - if(strlen(getkey)>8) - { - char *offset=&getkey[strlen(getkey)-8]; - - /* fingerprint or long key id. Take the last 8 characters and - treat it like a short key id */ - - sprintf(search,"0x%.8s",offset); - } - else - { - /* short key id */ - - sprintf(search,"0x%.8s",getkey); - } - - fprintf(output,"KEY 0x%s BEGIN\n",getkey); - - if(verbose) - fprintf(console,"gpgkeys: requesting key 0x%s from hkp://%s%s%s\n", - getkey,host,port[0]?":":"",port[0]?port:""); - - request=malloc(strlen(host)+100); - if(!request) - { - fprintf(console,"gpgkeys: out of memory\n"); - return KEYSERVER_NO_MEMORY; - } - - sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=get&search=%s", - host,port[0]?":":"",port[0]?port:"", search); - - if(verbose>2) - fprintf(console,"gpgkeys: HTTP URL is \"%s\"\n",request); - - rc=http_open_document(&hd,request,http_flags); - if(rc!=0) - { - fprintf(console,"gpgkeys: HKP fetch error: %s\n", - rc==G10ERR_NETWORK?strerror(errno):g10_errstr(rc)); - fprintf(output,"KEY 0x%s FAILED %d\n",getkey, - rc==G10ERR_NETWORK?KEYSERVER_UNREACHABLE:KEYSERVER_INTERNAL_ERROR); - } - else - { - unsigned int maxlen=1024,buflen; - byte *line=NULL; - - while(iobuf_read_line(hd.fp_read,&line,&buflen,&maxlen)) - { - maxlen=1024; - - if(gotit) - { - fprintf(output,line); - if(strcmp(line,"-----END PGP PUBLIC KEY BLOCK-----\n")==0) - break; - } - else - if(strcmp(line,"-----BEGIN PGP PUBLIC KEY BLOCK-----\n")==0) - { - fprintf(output,line); - gotit=1; - } - } - - if(gotit) - fprintf(output,"KEY 0x%s END\n",getkey); - else - { - fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey); - fprintf(output,"KEY 0x%s FAILED %d\n", - getkey,KEYSERVER_KEY_NOT_FOUND); - } - - m_free(line); - } - - free(request); - - return KEYSERVER_OK; -} - -/* Remove anything <between brackets> and de-urlencode in place. Note - that this requires all brackets to be closed on the same line. It - also means that the result is never larger than the input. */ -void -dehtmlize(char *line) -{ - int parsedindex=0; - char *parsed=line; - - while(*line!='\0') - { - switch(*line) - { - case '<': - while(*line!='>' && *line!='\0') - line++; - - if(*line!='\0') - line++; - break; - - case '&': - if((*(line+1)!='\0' && ascii_tolower(*(line+1))=='l') && - (*(line+2)!='\0' && ascii_tolower(*(line+2))=='t') && - (*(line+3)!='\0' && *(line+3)==';')) - { - parsed[parsedindex++]='<'; - line+=4; - break; - } - else if((*(line+1)!='\0' && ascii_tolower(*(line+1))=='g') && - (*(line+2)!='\0' && ascii_tolower(*(line+2))=='t') && - (*(line+3)!='\0' && *(line+3)==';')) - { - parsed[parsedindex++]='>'; - line+=4; - break; - } - else if((*(line+1)!='\0' && ascii_tolower(*(line+1))=='a') && - (*(line+2)!='\0' && ascii_tolower(*(line+2))=='m') && - (*(line+3)!='\0' && ascii_tolower(*(line+3))=='p') && - (*(line+4)!='\0' && *(line+4)==';')) - { - parsed[parsedindex++]='&'; - line+=5; - break; - } - - default: - parsed[parsedindex++]=*line; - line++; - break; - } - } - - parsed[parsedindex]='\0'; - - /* Chop off any trailing whitespace. Note that the HKP servers have - \r\n as line endings, and the NAI HKP servers have just \n. */ - - if(parsedindex>0) - { - parsedindex--; - while(isspace(((unsigned char *)parsed)[parsedindex])) - { - parsed[parsedindex]='\0'; - parsedindex--; - } - } -} - -int -write_quoted(IOBUF a, const char *buf, char delim) -{ - char quoted[5]; - - sprintf(quoted,"%%%02X",delim); - - while(*buf) - { - if(*buf==delim) - { - if(iobuf_writestr(a,quoted)) - return -1; - } - else if(*buf=='%') - { - if(iobuf_writestr(a,"%25")) - return -1; - } - else - { - if(iobuf_writebyte(a,*buf)) - return -1; - } - - buf++; - } - - return 0; -} - -/* pub 2048/<a href="/pks/lookup?op=get&search=0x3CB3B415">3CB3B415</a> 1998/04/03 David M. Shaw <<a href="/pks/lookup?op=get&search=0x3CB3B415">dshaw@jabberwocky.com</a>> */ - -/* Luckily enough, both the HKP server and NAI HKP interface to their - LDAP server are close enough in output so the same function can - parse them both. */ - -int -parse_hkp_index(IOBUF buffer,char *line) -{ - int ret=0; - - /* printf("Open %d, LINE: \"%s\"\n",open,line); */ - - dehtmlize(line); - - /* printf("Now open %d, LINE: \"%s\"\n",open,line); */ - - if(line[0]=='\0') - return 0; - else if(ascii_strncasecmp(line,"pub",3)==0) - { - char *tok,*keyid,*uid=NULL,number[15]; - int bits=0,type=0,disabled=0,revoked=0; - u32 createtime=0; - - line+=3; - - if(*line=='-') - { - disabled=1; - if(!include_disabled) - return 0; - } - - line++; - - tok=strsep(&line,"/"); - if(tok==NULL) - return ret; - - if(tok[strlen(tok)-1]=='R') - type=1; - else if(tok[strlen(tok)-1]=='D') - type=17; - - bits=atoi(tok); - - keyid=strsep(&line," "); - - tok=strsep(&line," "); - if(tok!=NULL) - { - char *temp=tok; - - /* The date parser wants '-' instead of '/', so... */ - while(*temp!='\0') - { - if(*temp=='/') - *temp='-'; - - temp++; - } - - createtime=scan_isodatestr(tok); - } - - if(line!=NULL) - { - while(*line==' ' && *line!='\0') - line++; - - if(*line!='\0') - { - if(strncmp(line,"*** KEY REVOKED ***",19)==0) - { - revoked=1; - if(!include_revoked) - return 0; - } - else - uid=line; - } - } - - if(keyid) - { - iobuf_writestr(buffer,"pub:"); - - write_quoted(buffer,keyid,':'); - - iobuf_writestr(buffer,":"); - - if(type) - { - sprintf(number,"%d",type); - write_quoted(buffer,number,':'); - } - - iobuf_writestr(buffer,":"); - - if(bits) - { - sprintf(number,"%d",bits); - write_quoted(buffer,number,':'); - } - - iobuf_writestr(buffer,":"); - - if(createtime) - { - sprintf(number,"%d",createtime); - write_quoted(buffer,number,':'); - } - - iobuf_writestr(buffer,"::"); - - if(revoked) - write_quoted(buffer,"r",':'); - - if(disabled) - write_quoted(buffer,"d",':'); - - if(uid) - { - iobuf_writestr(buffer,"\nuid:"); - write_quoted(buffer,uid,':'); - } - - iobuf_writestr(buffer,"\n"); - - ret=1; - } - } - else if(ascii_strncasecmp(line," ",3)==0) - { - while(*line==' ' && *line!='\0') - line++; - - if(*line!='\0') - { - iobuf_writestr(buffer,"uid:"); - write_quoted(buffer,line,':'); - iobuf_writestr(buffer,"\n"); - } - } - -#if 0 - else if(open) - { - /* Try and catch some bastardization of HKP. If we don't have - certain unchanging landmarks, we can't reliably parse the - response. This only complains about problems within the key - section itself. Headers and footers should not matter. */ - - fprintf(console,"gpgkeys: this keyserver does not support searching\n"); - ret=-1; - } -#endif - - return ret; -} - -void -handle_old_hkp_index(IOBUF inp) -{ - int ret,rc,count=0; - unsigned int buflen; - byte *line=NULL; - IOBUF buffer=iobuf_temp(); - - do - { - unsigned int maxlen=1024; - - /* This is a judgement call. Is it better to slurp up all the - results before prompting the user? On the one hand, it - probably makes the keyserver happier to not be blocked on - sending for a long time while the user picks a key. On the - other hand, it might be nice for the server to be able to - stop sending before a large search result page is - complete. */ - - rc=iobuf_read_line(inp,&line,&buflen,&maxlen); - - ret=parse_hkp_index(buffer,line); - if(ret==-1) - break; - - if(rc!=0) - count+=ret; - } - while(rc!=0); - - m_free(line); - - if(ret>-1) - fprintf(output,"info:1:%d\n%s",count,iobuf_get_temp_buffer(buffer)); - - iobuf_close(buffer); -} - -int -search_key(char *searchkey) -{ - int max=0,len=0,ret=KEYSERVER_INTERNAL_ERROR,rc; - struct http_context hd; - char *search=NULL,*request=NULL,*skey=searchkey; - - fprintf(output,"SEARCH %s BEGIN\n",searchkey); - - /* Build the search string. It's going to need url-encoding. */ - - while(*skey!='\0') - { - if(max-len<3) - { - max+=100; - search=realloc(search,max+1); /* Note +1 for \0 */ - if (!search) - { - fprintf(console,"gpgkeys: out of memory\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - } - - if(isalnum(*skey) || *skey=='-') - search[len++]=*skey; - else if(*skey==' ') - search[len++]='+'; - else - { - sprintf(&search[len],"%%%02X",*skey); - len+=3; - } - - skey++; - } - - search[len]='\0'; - - fprintf(console,("gpgkeys: searching for \"%s\" from HKP server %s\n"), - searchkey,host); - - request=malloc(strlen(host)+100+strlen(search)); - if(!request) - { - fprintf(console,"gpgkeys: out of memory\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - - sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=index&options=mr&search=%s", - host,port[0]?":":"",port[0]?port:"",search); - - if(verbose>2) - fprintf(console,"gpgkeys: HTTP URL is \"%s\"\n",request); - - rc=http_open_document(&hd,request,http_flags); - if(rc) - { - fprintf(console,"gpgkeys: can't search keyserver `%s': %s\n", - host,rc==G10ERR_NETWORK?strerror(errno):g10_errstr(rc)); - } - else - { - unsigned int maxlen=1024,buflen; - byte *line=NULL; - - /* Is it a pksd that knows how to handle machine-readable - format? */ - - rc=iobuf_read_line(hd.fp_read,&line,&buflen,&maxlen); - if(line[0]=='<') - handle_old_hkp_index(hd.fp_read); - else - do - { - fprintf(output,"%s",line); - maxlen=1024; - rc=iobuf_read_line(hd.fp_read,&line,&buflen,&maxlen); - } - while(rc!=0); - - m_free(line); - - http_close(&hd); - - fprintf(output,"SEARCH %s END\n",searchkey); - - ret=KEYSERVER_OK; - } - - fail: - - free(request); - free(search); - - if(ret!=KEYSERVER_OK) - fprintf(output,"SEARCH %s FAILED %d\n",searchkey,ret); - - return ret; -} - -void -fail_all(struct keylist *keylist,int action,int err) -{ - if(!keylist) - return; - - if(action==SEARCH) - { - fprintf(output,"SEARCH "); - while(keylist) - { - fprintf(output,"%s ",keylist->str); - keylist=keylist->next; - } - fprintf(output,"FAILED %d\n",err); - } - else - while(keylist) - { - fprintf(output,"KEY %s FAILED %d\n",keylist->str,err); - keylist=keylist->next; - } -} - -int -main(int argc,char *argv[]) -{ - int arg,action=-1,ret=KEYSERVER_INTERNAL_ERROR; - char line[MAX_LINE]; - int failed=0; - struct keylist *keylist=NULL,*keyptr=NULL; - -#ifdef __riscos__ - riscos_global_defaults(); -#endif - - console=stderr; - - while((arg=getopt(argc,argv,"ho:"))!=-1) - switch(arg) - { - default: - case 'h': - fprintf(console,"-h\thelp\n"); - fprintf(console,"-o\toutput to this file\n"); - return KEYSERVER_OK; - - case 'o': - output=fopen(optarg,"w"); - if(output==NULL) - { - fprintf(console,"gpgkeys: Cannot open output file \"%s\": %s\n", - optarg,strerror(errno)); - return KEYSERVER_INTERNAL_ERROR; - } - - break; - } - - if(argc>optind) - { - input=fopen(argv[optind],"r"); - if(input==NULL) - { - fprintf(console,"gpgkeys: Cannot open input file \"%s\": %s\n", - argv[optind],strerror(errno)); - return KEYSERVER_INTERNAL_ERROR; - } - } - - if(input==NULL) - input=stdin; - - if(output==NULL) - output=stdout; - - /* Get the command and info block */ - - while(fgets(line,MAX_LINE,input)!=NULL) - { - int version; - char commandstr[7]; - char optionstr[30]; - char hash; - - if(line[0]=='\n') - break; - - if(sscanf(line,"%c",&hash)==1 && hash=='#') - continue; - - if(sscanf(line,"COMMAND %6s\n",commandstr)==1) - { - commandstr[6]='\0'; - - if(strcasecmp(commandstr,"get")==0) - action=GET; - else if(strcasecmp(commandstr,"send")==0) - action=SEND; - else if(strcasecmp(commandstr,"search")==0) - action=SEARCH; - - continue; - } - - if(sscanf(line,"HOST %79s\n",host)==1) - { - host[79]='\0'; - continue; - } - - if(sscanf(line,"PORT %9s\n",port)==1) - { - port[9]='\0'; - continue; - } - - if(sscanf(line,"VERSION %d\n",&version)==1) - { - if(version!=KEYSERVER_PROTO_VERSION) - { - ret=KEYSERVER_VERSION_ERROR; - goto fail; - } - - continue; - } - - if(sscanf(line,"OPTION %29s\n",optionstr)==1) - { - int no=0; - char *start=&optionstr[0]; - - optionstr[29]='\0'; - - if(strncasecmp(optionstr,"no-",3)==0) - { - no=1; - start=&optionstr[3]; - } - - if(strcasecmp(start,"verbose")==0) - { - if(no) - verbose--; - else - verbose++; - } - else if(strcasecmp(start,"include-revoked")==0) - { - if(no) - include_revoked=0; - else - include_revoked=1; - } - else if(strcasecmp(start,"include-disabled")==0) - { - if(no) - include_disabled=0; - else - include_disabled=1; - } - else if(strcasecmp(start,"honor-http-proxy")==0) - { - if(no) - http_flags&=~HTTP_FLAG_TRY_PROXY; - else - http_flags|=HTTP_FLAG_TRY_PROXY; - - } - else if(strcasecmp(start,"broken-http-proxy")==0) - { - if(no) - http_flags&=~HTTP_FLAG_NO_SHUTDOWN; - else - http_flags|=HTTP_FLAG_NO_SHUTDOWN; - } - - continue; - } - } - - /* If it's a GET or a SEARCH, the next thing to come in is the - keyids. If it's a SEND, then there are no keyids. */ - - if(action==SEND) - while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n'); - else if(action==GET || action==SEARCH) - { - for(;;) - { - struct keylist *work; - - if(fgets(line,MAX_LINE,input)==NULL) - break; - else - { - if(line[0]=='\n') - break; - - work=malloc(sizeof(struct keylist)); - if(work==NULL) - { - fprintf(console,"gpgkeys: out of memory while " - "building key list\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - - strcpy(work->str,line); - - /* Trim the trailing \n */ - work->str[strlen(line)-1]='\0'; - - work->next=NULL; - - /* Always attach at the end to keep the list in proper - order for searching */ - if(keylist==NULL) - keylist=work; - else - keyptr->next=work; - - keyptr=work; - } - } - } - else - { - fprintf(console,"gpgkeys: no keyserver command specified\n"); - goto fail; - } - - /* Send the response */ - - fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); - fprintf(output,"PROGRAM %s\n\n",VERSION); - - if(verbose>1) - { - fprintf(console,"Host:\t\t%s\n",host); - if(port[0]) - fprintf(console,"Port:\t\t%s\n",port); - fprintf(console,"Command:\t%s\n",action==GET?"GET": - action==SEND?"SEND":"SEARCH"); - } - -#if 0 - if(verbose>1) - { - vals=ldap_get_values(ldap,res,"software"); - if(vals!=NULL) - { - fprintf(console,"Server: \t%s\n",vals[0]); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,res,"version"); - if(vals!=NULL) - { - fprintf(console,"Version:\t%s\n",vals[0]); - ldap_value_free(vals); - } - } -#endif - - switch(action) - { - case GET: - keyptr=keylist; - - while(keyptr!=NULL) - { - if(get_key(keyptr->str)!=KEYSERVER_OK) - failed++; - - keyptr=keyptr->next; - } - break; - - case SEND: - { - int eof=0; - - do - { - if(send_key(&eof)!=KEYSERVER_OK) - failed++; - } - while(!eof); - } - break; - - case SEARCH: - { - char *searchkey=NULL; - int len=0; - - /* To search, we stick a space in between each key to search - for. */ - - keyptr=keylist; - while(keyptr!=NULL) - { - len+=strlen(keyptr->str)+1; - keyptr=keyptr->next; - } - - searchkey=malloc(len+1); - if(searchkey==NULL) - { - ret=KEYSERVER_NO_MEMORY; - fail_all(keylist,action,KEYSERVER_NO_MEMORY); - goto fail; - } - - searchkey[0]='\0'; - - keyptr=keylist; - while(keyptr!=NULL) - { - strcat(searchkey,keyptr->str); - strcat(searchkey," "); - keyptr=keyptr->next; - } - - /* Nail that last space */ - searchkey[strlen(searchkey)-1]='\0'; - - if(search_key(searchkey)!=KEYSERVER_OK) - failed++; - - free(searchkey); - } - - break; - } - - if(!failed) - ret=KEYSERVER_OK; - - fail: - while(keylist!=NULL) - { - struct keylist *current=keylist; - keylist=keylist->next; - free(current); - } - - if(input!=stdin) - fclose(input); - - if(output!=stdout) - fclose(output); - - return ret; -} diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c deleted file mode 100644 index ad8f0cf13..000000000 --- a/keyserver/gpgkeys_ldap.c +++ /dev/null @@ -1,1107 +0,0 @@ -/* gpgkeys_ldap.c - talk to a LDAP keyserver - * Copyright (C) 2001, 2002 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ - -#include <config.h> -#include <stdio.h> -#include <string.h> -#include <time.h> -#include <unistd.h> -#include <stdlib.h> -#include <errno.h> -#ifdef NEED_LBER_H -#include <lber.h> -#endif -#include <ldap.h> -#include "keyserver.h" - -#ifdef __riscos__ -#include "util.h" -#endif - -#define GET 0 -#define SEND 1 -#define SEARCH 2 -#define MAX_LINE 80 - -int verbose=0,include_disabled=0,include_revoked=0,include_subkeys=0; -char *basekeyspacedn=NULL; -char host[80]={'\0'}; -char portstr[10]={'\0'}; -char *pgpkeystr="pgpKey"; -FILE *input=NULL,*output=NULL,*console=NULL; -LDAP *ldap=NULL; - -struct keylist -{ - char str[MAX_LINE]; - struct keylist *next; -}; - -#ifdef __riscos__ -RISCOS_GLOBAL_STATICS("LDAP Keyfetcher Heap") -#endif /* __riscos__ */ - -int -ldap_err_to_gpg_err(int err) -{ - int ret; - - switch(err) - { - case LDAP_ALREADY_EXISTS: - ret=KEYSERVER_KEY_EXISTS; - break; - - case LDAP_SERVER_DOWN: - ret=KEYSERVER_UNREACHABLE; - break; - - default: - ret=KEYSERVER_GENERAL_ERROR; - break; - } - - return ret; -} - -int -ldap_to_gpg_err(LDAP *ld) -{ -#if defined(HAVE_LDAP_GET_OPTION) - - int err; - - if(ldap_get_option(ld,LDAP_OPT_ERROR_NUMBER,&err)==0) - return ldap_err_to_gpg_err(err); - else - return KEYSERVER_GENERAL_ERROR; - -#elif defined(HAVE_LDAP_LD_ERRNO) - - return ldap_err_to_gpg_err(ld->ld_errno); - -#else - - /* We should never get here since the LDAP library should always - have either ldap_get_option or ld_errno, but just in case... */ - return KEYSERVER_GENERAL_ERROR; - -#endif -} - -int -send_key(int *eof) -{ - int err,gotit=0,keysize=1,ret=KEYSERVER_INTERNAL_ERROR; - char *dn=NULL,line[MAX_LINE],*key[2]={NULL,NULL}; - char keyid[17]; - LDAPMod mod, *attrs[2]; - - memset (&mod, 0, sizeof mod); - mod.mod_op = LDAP_MOD_ADD; - mod.mod_type = pgpkeystr; - mod.mod_values = key; - attrs[0] = &mod; - attrs[1] = NULL; - - dn=malloc(strlen("pgpCertid=virtual,")+strlen(basekeyspacedn)+1); - if(dn==NULL) - { - fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - - strcpy(dn,"pgpCertid=virtual,"); - strcat(dn,basekeyspacedn); - - key[0]=malloc(1); - if(key[0]==NULL) - { - fprintf(console,"gpgkeys: unable to allocate memory for key\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - - key[0][0]='\0'; - - /* Read and throw away stdin until we see the BEGIN */ - - while(fgets(line,MAX_LINE,input)!=NULL) - if(sscanf(line,"KEY %16s BEGIN\n",keyid)==1) - { - gotit=1; - break; - } - - if(!gotit) - { - /* i.e. eof before the KEY BEGIN was found. This isn't an - error. */ - *eof=1; - ret=KEYSERVER_OK; - goto fail; - } - - gotit=0; - - /* Now slurp up everything until we see the END */ - - while(fgets(line,MAX_LINE,input)!=NULL) - if(sscanf(line,"KEY %16s END\n",keyid)==1) - { - gotit=1; - break; - } - else - { - keysize+=strlen(line); - key[0]=realloc(key[0],keysize); - if(key[0]==NULL) - { - fprintf(console,"gpgkeys: unable to reallocate for key\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - - strcat(key[0],line); - } - - if(!gotit) - { - fprintf(console,"gpgkeys: no KEY %s END found\n",keyid); - *eof=1; - ret=KEYSERVER_KEY_INCOMPLETE; - goto fail; - } - - err=ldap_add_s(ldap,dn,attrs); - if(err!=LDAP_SUCCESS) - { - fprintf(console,"gpgkeys: error adding key %s to keyserver: %s\n", - keyid,ldap_err2string(err)); - ret=ldap_err_to_gpg_err(err); - goto fail; - } - - ret=KEYSERVER_OK; - - fail: - - free(key[0]); - free(dn); - - if(ret!=0) - fprintf(output,"KEY %s FAILED %d\n",keyid,ret); - - /* Not a fatal error */ - if(ret==KEYSERVER_KEY_EXISTS) - ret=KEYSERVER_OK; - - return ret; -} - -/* Note that key-not-found is not a fatal error */ -int -get_key(char *getkey) -{ - char **vals; - LDAPMessage *res,*each; - int ret=KEYSERVER_INTERNAL_ERROR,err,count; - struct keylist *dupelist=NULL; - char search[62]; - char *attrs[]={"replaceme","pgpuserid","pgpkeyid","pgpcertid","pgprevoked", - "pgpdisabled","pgpkeycreatetime","modifytimestamp", - "pgpkeysize","pgpkeytype",NULL}; - attrs[0]=pgpkeystr; /* Some compilers don't like using variables as - array initializers. */ - - /* Build the search string */ - - /* GPG can send us a v4 fingerprint, a v3 or v4 long key id, or a v3 - or v4 short key id */ - - if(strncmp(getkey,"0x",2)==0) - getkey+=2; - - if(strlen(getkey)==32) - { - fprintf(console, - "gpgkeys: LDAP keyservers do not support v3 fingerprints\n"); - fprintf(output,"KEY 0x%s BEGIN\n",getkey); - fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED); - return KEYSERVER_NOT_SUPPORTED; - } - - if(strlen(getkey)>16) - { - char *offset=&getkey[strlen(getkey)-16]; - - /* fingerprint. Take the last 16 characters and treat it like a - long key id */ - - if(include_subkeys) - sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))", - offset,offset); - else - sprintf(search,"(pgpcertid=%.16s)",offset); - } - else if(strlen(getkey)>8) - { - /* long key id */ - - if(include_subkeys) - sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))", - getkey,getkey); - else - sprintf(search,"(pgpcertid=%.16s)",getkey); - } - else - { - /* short key id */ - - sprintf(search,"(pgpkeyid=%.8s)",getkey); - } - - fprintf(output,"KEY 0x%s BEGIN\n",getkey); - - if(verbose>2) - fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search); - - if(!verbose) - attrs[1]=NULL; - - if(verbose) - fprintf(console,"gpgkeys: requesting key 0x%s from ldap://%s%s%s\n", - getkey,host,portstr[0]?":":"",portstr[0]?portstr:""); - - err=ldap_search_s(ldap,basekeyspacedn, - LDAP_SCOPE_SUBTREE,search,attrs,0,&res); - if(err!=0) - { - int errtag=ldap_err_to_gpg_err(err); - - fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err)); - fprintf(output,"KEY 0x%s FAILED %d\n",getkey,errtag); - return errtag; - } - - count=ldap_count_entries(ldap,res); - if(count<1) - { - fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey); - fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND); - } - else - { - /* There may be more than one unique result for a given keyID, - so we should fetch them all (test this by fetching short key - id 0xDEADBEEF). */ - - each=ldap_first_entry(ldap,res); - while(each!=NULL) - { - struct keylist *keyptr=dupelist; - - /* Use the long keyid to remove duplicates. The LDAP server - returns the same keyid more than once if there are - multiple user IDs on the key. Note that this does NOT - mean that a keyid that exists multiple times on the - keyserver will not be fetched. It means that each KEY, - no matter how many user IDs share it's keyid, will be - fetched only once. If a keyid that belongs to more than - one key is fetched, the server quite properly responds - with all matching keys. -ds */ - - vals=ldap_get_values(ldap,each,"pgpcertid"); - if(vals!=NULL) - { - while(keyptr!=NULL) - { - if(strcasecmp(keyptr->str,vals[0])==0) - break; - - keyptr=keyptr->next; - } - - if(!keyptr) - { - /* it's not a duplicate, so add it */ - - keyptr=malloc(sizeof(struct keylist)); - if(keyptr==NULL) - { - fprintf(console,"gpgkeys: out of memory when deduping " - "key list\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - - strncpy(keyptr->str,vals[0],MAX_LINE); - keyptr->str[MAX_LINE-1]='\0'; - - keyptr->next=dupelist; - dupelist=keyptr; - keyptr=NULL; - } - - ldap_value_free(vals); - } - - if(!keyptr) /* it's not a duplicate */ - { - if(verbose) - { - vals=ldap_get_values(ldap,each,"pgpuserid"); - if(vals!=NULL) - { - /* This is wrong, as the user ID is UTF8. A - better way to handle this would be to send it - over to gpg and display it on that side of - the pipe. */ - fprintf(console,"\nUser ID:\t%s\n",vals[0]); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,each,"pgprevoked"); - if(vals!=NULL) - { - if(atoi(vals[0])==1) - fprintf(console,"\t\t** KEY REVOKED **\n"); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,each,"pgpdisabled"); - if(vals!=NULL) - { - if(atoi(vals[0])==1) - fprintf(console,"\t\t** KEY DISABLED **\n"); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,each,"pgpkeyid"); - if(vals!=NULL) - { - fprintf(console,"Short key ID:\t%s\n",vals[0]); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,each,"pgpcertid"); - if(vals!=NULL) - { - fprintf(console,"Long key ID:\t%s\n",vals[0]); - ldap_value_free(vals); - } - - /* YYYYMMDDHHmmssZ */ - - vals=ldap_get_values(ldap,each,"pgpkeycreatetime"); - if(vals!=NULL) - { - if(strlen(vals[0])==15) - fprintf(console,"Key created:\t%.2s/%.2s/%.4s\n", - &vals[0][4],&vals[0][6],vals[0]); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,each,"modifytimestamp"); - if(vals!=NULL) - { - if(strlen(vals[0])==15) - fprintf(console,"Key modified:\t%.2s/%.2s/%.4s\n", - &vals[0][4],&vals[0][6],vals[0]); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,each,"pgpkeysize"); - if(vals!=NULL) - { - if(atoi(vals[0])>0) - fprintf(console,"Key size:\t%d\n",atoi(vals[0])); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,each,"pgpkeytype"); - if(vals!=NULL) - { - fprintf(console,"Key type:\t%s\n",vals[0]); - ldap_value_free(vals); - } - } - - vals=ldap_get_values(ldap,each,pgpkeystr); - if(vals==NULL) - { - int errtag=ldap_to_gpg_err(ldap); - - fprintf(console,"gpgkeys: unable to retrieve key %s " - "from keyserver\n",getkey); - fprintf(output,"KEY 0x%s FAILED %d\n",getkey,errtag); - } - else - { - fprintf(output,"%sKEY 0x%s END\n",vals[0],getkey); - - ldap_value_free(vals); - } - } - - each=ldap_next_entry(ldap,each); - } - } - - ret=KEYSERVER_OK; - - fail: - ldap_msgfree(res); - - /* free up the dupe checker */ - while(dupelist!=NULL) - { - struct keylist *keyptr=dupelist; - - dupelist=keyptr->next; - free(keyptr); - } - - return ret; -} - -time_t -ldap2epochtime(const char *timestr) -{ - struct tm pgptime; - - memset(&pgptime,0,sizeof(pgptime)); - - /* YYYYMMDDHHmmssZ */ - - sscanf(timestr,"%4d%2d%2d%2d%2d%2d", - &pgptime.tm_year, - &pgptime.tm_mon, - &pgptime.tm_mday, - &pgptime.tm_hour, - &pgptime.tm_min, - &pgptime.tm_sec); - - pgptime.tm_year-=1900; - pgptime.tm_isdst=-1; - pgptime.tm_mon--; - - return mktime(&pgptime); -} - -void -printquoted(FILE *stream,char *string,char delim) -{ - while(*string) - { - if(*string==delim || *string=='%') - fprintf(stream,"%%%02x",*string); - else - fputc(*string,stream); - - string++; - } -} - -/* Returns 0 on success and -1 on error. Note that key-not-found is - not an error! */ -int -search_key(char *searchkey) -{ - char **vals; - LDAPMessage *res,*each; - int err,count; - /* The maxium size of the search, including the optional stuff and - the trailing \0 */ - char search[2+12+MAX_LINE+2+15+14+1+1]; - char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled", - "pgpkeycreatetime","pgpkeyexpiretime","modifytimestamp", - "pgpkeysize","pgpkeytype",NULL}; - - fprintf(output,"SEARCH %s BEGIN\n",searchkey); - - /* Build the search string */ - - sprintf(search,"%s(pgpuserid=*%s*)%s%s%s", - (!(include_disabled&&include_revoked))?"(&":"", - searchkey, - include_disabled?"":"(pgpdisabled=0)", - include_revoked?"":"(pgprevoked=0)", - !(include_disabled&&include_revoked)?")":""); - - if(verbose>2) - fprintf(console,"gpgkeys: LDAP search for: %s\n",search); - - fprintf(console,("gpgkeys: searching for \"%s\" from LDAP server %s\n"), - searchkey,host); - - err=ldap_search_s(ldap,basekeyspacedn, - LDAP_SCOPE_SUBTREE,search,attrs,0,&res); - if(err!=0) - { - int errtag=ldap_err_to_gpg_err(err); - - fprintf(output,"SEARCH %s FAILED %d\n",searchkey,errtag); - fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err)); - return errtag; - } - - count=ldap_count_entries(ldap,res); - - if(count<1) - fprintf(output,"info:1:0\n"); - else - { - fprintf(output,"info:1:%d\n",count); - - each=ldap_first_entry(ldap,res); - while(each!=NULL) - { - fprintf(output,"pub:"); - - vals=ldap_get_values(ldap,each,"pgpcertid"); - if(vals!=NULL) - { - fprintf(output,"%s",vals[0]); - ldap_value_free(vals); - } - - fputc(':',output); - - vals=ldap_get_values(ldap,each,"pgpkeytype"); - if(vals!=NULL) - { - /* The LDAP server doesn't exactly handle this well. */ - if(strcasecmp(vals[0],"RSA")==0) - fprintf(output,"1"); - else if(strcasecmp(vals[0],"DSS/DH")==0) - fprintf(output,"17"); - ldap_value_free(vals); - } - - fputc(':',output); - - vals=ldap_get_values(ldap,each,"pgpkeysize"); - if(vals!=NULL) - { - /* Not sure why, but some keys are listed with a key size of - 0. Treat that like an unknown. */ - if(atoi(vals[0])>0) - fprintf(output,"%d",atoi(vals[0])); - ldap_value_free(vals); - } - - fputc(':',output); - - /* YYYYMMDDHHmmssZ */ - - vals=ldap_get_values(ldap,each,"pgpkeycreatetime"); - if(vals!=NULL && strlen(vals[0])==15) - { - fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0])); - ldap_value_free(vals); - } - - fputc(':',output); - - vals=ldap_get_values(ldap,each,"pgpkeyexpiretime"); - if(vals!=NULL && strlen(vals[0])==15) - { - fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0])); - ldap_value_free(vals); - } - - fputc(':',output); - - vals=ldap_get_values(ldap,each,"pgprevoked"); - if(vals!=NULL) - { - if(atoi(vals[0])==1) - fprintf(output,"r"); - ldap_value_free(vals); - } - - vals=ldap_get_values(ldap,each,"pgpdisabled"); - if(vals!=NULL) - { - if(atoi(vals[0])==1) - fprintf(output,"d"); - ldap_value_free(vals); - } - - fputc(':',output); - - vals=ldap_get_values(ldap,each,"modifytimestamp"); - if(vals!=NULL && strlen(vals[0])==15) - { - fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0])); - ldap_value_free(vals); - } - - fprintf(output,"\nuid:"); - - vals=ldap_get_values(ldap,each,"pgpuserid"); - if(vals!=NULL) - { - /* Need to escape any colons */ - printquoted(output,vals[0],':'); - ldap_value_free(vals); - } - - fprintf(output,"\n"); - - each=ldap_next_entry(ldap,each); - } - } - - ldap_msgfree(res); - - fprintf(output,"SEARCH %s END\n",searchkey); - - return KEYSERVER_OK; -} - -void -fail_all(struct keylist *keylist,int action,int err) -{ - if(!keylist) - return; - - if(action==SEARCH) - { - fprintf(output,"SEARCH "); - while(keylist) - { - fprintf(output,"%s ",keylist->str); - keylist=keylist->next; - } - fprintf(output,"FAILED %d\n",err); - } - else - while(keylist) - { - fprintf(output,"KEY %s FAILED %d\n",keylist->str,err); - keylist=keylist->next; - } -} - -int -main(int argc,char *argv[]) -{ - int port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR; - char line[MAX_LINE],**vals; - int version,failed=0; - char *attrs[]={"basekeyspacedn","version","software",NULL}; - LDAPMessage *res; - struct keylist *keylist=NULL,*keyptr=NULL; - -#ifdef __riscos__ - riscos_global_defaults(); -#endif - - console=stderr; - - while((arg=getopt(argc,argv,"ho:"))!=-1) - switch(arg) - { - default: - case 'h': - fprintf(console,"-h\thelp\n"); - fprintf(console,"-o\toutput to this file\n"); - return KEYSERVER_OK; - - case 'o': - output=fopen(optarg,"w"); - if(output==NULL) - { - fprintf(console,"gpgkeys: Cannot open output file \"%s\": %s\n", - optarg,strerror(errno)); - return KEYSERVER_INTERNAL_ERROR; - } - - break; - } - - if(argc>optind) - { - input=fopen(argv[optind],"r"); - if(input==NULL) - { - fprintf(console,"gpgkeys: Cannot open input file \"%s\": %s\n", - argv[optind],strerror(errno)); - return KEYSERVER_INTERNAL_ERROR; - } - } - - if(input==NULL) - input=stdin; - - if(output==NULL) - output=stdout; - - /* Get the command and info block */ - - while(fgets(line,MAX_LINE,input)!=NULL) - { - char commandstr[7]; - char optionstr[30]; - char hash; - - if(line[0]=='\n') - break; - - if(sscanf(line,"%c",&hash)==1 && hash=='#') - continue; - - if(sscanf(line,"COMMAND %6s\n",commandstr)==1) - { - commandstr[6]='\0'; - - if(strcasecmp(commandstr,"get")==0) - action=GET; - else if(strcasecmp(commandstr,"send")==0) - action=SEND; - else if(strcasecmp(commandstr,"search")==0) - action=SEARCH; - - continue; - } - - if(sscanf(line,"HOST %79s\n",host)==1) - { - host[79]='\0'; - continue; - } - - if(sscanf(line,"PORT %9s\n",portstr)==1) - { - portstr[9]='\0'; - port=atoi(portstr); - continue; - } - - if(sscanf(line,"VERSION %d\n",&version)==1) - { - if(version!=KEYSERVER_PROTO_VERSION) - { - ret=KEYSERVER_VERSION_ERROR; - goto fail; - } - - continue; - } - - if(sscanf(line,"OPTION %29s\n",optionstr)==1) - { - int no=0; - char *start=&optionstr[0]; - - optionstr[29]='\0'; - - if(strncasecmp(optionstr,"no-",3)==0) - { - no=1; - start=&optionstr[3]; - } - - if(strcasecmp(start,"verbose")==0) - { - if(no) - verbose--; - else - verbose++; - } - else if(strcasecmp(start,"include-disabled")==0) - { - if(no) - include_disabled=0; - else - include_disabled=1; - } - else if(strcasecmp(start,"include-revoked")==0) - { - if(no) - include_revoked=0; - else - include_revoked=1; - } - else if(strcasecmp(start,"include-subkeys")==0) - { - if(no) - include_subkeys=0; - else - include_subkeys=1; - } - - continue; - } - } - - /* If it's a GET or a SEARCH, the next thing to come in is the - keyids. If it's a SEND, then there are no keyids. */ - - if(action==SEND) - while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n'); - else if(action==GET || action==SEARCH) - { - for(;;) - { - struct keylist *work; - - if(fgets(line,MAX_LINE,input)==NULL) - break; - else - { - if(line[0]=='\n') - break; - - work=malloc(sizeof(struct keylist)); - if(work==NULL) - { - fprintf(console,"gpgkeys: out of memory while " - "building key list\n"); - ret=KEYSERVER_NO_MEMORY; - goto fail; - } - - strcpy(work->str,line); - - /* Trim the trailing \n */ - work->str[strlen(line)-1]='\0'; - - work->next=NULL; - - /* Always attach at the end to keep the list in proper - order for searching */ - if(keylist==NULL) - keylist=work; - else - keyptr->next=work; - - keyptr=work; - } - } - } - else - { - fprintf(console,"gpgkeys: no keyserver command specified\n"); - goto fail; - } - - /* Send the response */ - - fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); - fprintf(output,"PROGRAM %s\n\n",VERSION); - - if(verbose>1) - { - fprintf(console,"Host:\t\t%s\n",host); - if(port) - fprintf(console,"Port:\t\t%d\n",port); - fprintf(console,"Command:\t%s\n",action==GET?"GET": - action==SEND?"SEND":"SEARCH"); - } - - /* Note that this tries all A records on a given host (or at least, - OpenLDAP does). */ - ldap=ldap_init(host,port); - if(ldap==NULL) - { - fprintf(console,"gpgkeys: internal LDAP init error: %s\n", - strerror(errno)); - fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); - goto fail; - } - - err=ldap_simple_bind_s(ldap,NULL,NULL); - if(err!=0) - { - fprintf(console,"gpgkeys: internal LDAP bind error: %s\n", - ldap_err2string(err)); - fail_all(keylist,action,ldap_err_to_gpg_err(err)); - goto fail; - } - - /* Get the magic info record */ - - err=ldap_search_s(ldap,"cn=PGPServerInfo",LDAP_SCOPE_BASE, - "(objectclass=*)",attrs,0,&res); - if(err!=0) - { - fprintf(console,"gpgkeys: error retrieving LDAP server info: %s\n", - ldap_err2string(err)); - fail_all(keylist,action,ldap_err_to_gpg_err(err)); - goto fail; - } - - if(ldap_count_entries(ldap,res)!=1) - { - fprintf(console,"gpgkeys: more than one serverinfo record\n"); - fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR); - goto fail; - } - - if(verbose>1) - { - vals=ldap_get_values(ldap,res,"software"); - if(vals!=NULL) - { - fprintf(console,"Server: \t%s\n",vals[0]); - ldap_value_free(vals); - } - } - - vals=ldap_get_values(ldap,res,"version"); - if(vals!=NULL) - { - if(verbose>1) - fprintf(console,"Version:\t%s\n",vals[0]); - - /* If the version is high enough, use the new pgpKeyV2 - attribute. This design if iffy at best, but it matches how - PGP does it. I figure the NAI folks assumed that there would - never be a LDAP keyserver vendor with a different numbering - scheme. */ - if(atoi(vals[0])>1) - pgpkeystr="pgpKeyV2"; - - ldap_value_free(vals); - } - - /* This is always "OU=ACTIVE,O=PGP KEYSPACE,C=US", but it might not - be in the future. */ - - vals=ldap_get_values(ldap,res,"basekeyspacedn"); - if(vals!=NULL) - { - basekeyspacedn=strdup(vals[0]); - ldap_value_free(vals); - if(basekeyspacedn==NULL) - { - fprintf(console,"gpgkeys: can't allocate string space " - "for LDAP base\n"); - fail_all(keylist,action,KEYSERVER_NO_MEMORY); - goto fail; - } - } - - ldap_msgfree(res); - - switch(action) - { - case GET: - keyptr=keylist; - - while(keyptr!=NULL) - { - if(get_key(keyptr->str)!=KEYSERVER_OK) - failed++; - - keyptr=keyptr->next; - } - break; - - case SEND: - { - int eof=0; - - do - { - if(send_key(&eof)!=KEYSERVER_OK) - failed++; - } - while(!eof); - } - break; - - case SEARCH: - { - char *searchkey=NULL; - int len=0; - - /* To search, we stick a * in between each key to search for. - This means that if the user enters words, they'll get - "enters*words". If the user "enters words", they'll get - "enters words" */ - - keyptr=keylist; - while(keyptr!=NULL) - { - len+=strlen(keyptr->str)+1; - keyptr=keyptr->next; - } - - searchkey=malloc(len+1); - if(searchkey==NULL) - { - ret=KEYSERVER_NO_MEMORY; - fail_all(keylist,action,KEYSERVER_NO_MEMORY); - goto fail; - } - - searchkey[0]='\0'; - - keyptr=keylist; - while(keyptr!=NULL) - { - strcat(searchkey,keyptr->str); - strcat(searchkey,"*"); - keyptr=keyptr->next; - } - - /* Nail that last "*" */ - searchkey[strlen(searchkey)-1]='\0'; - - if(search_key(searchkey)!=KEYSERVER_OK) - failed++; - - free(searchkey); - } - - break; - } - - if(!failed) - ret=KEYSERVER_OK; - - fail: - - while(keylist!=NULL) - { - struct keylist *current=keylist; - keylist=keylist->next; - free(current); - } - - if(input!=stdin) - fclose(input); - - if(output!=stdout) - fclose(output); - - if(ldap!=NULL) - ldap_unbind_s(ldap); - - free(basekeyspacedn); - - return ret; -} diff --git a/keyserver/gpgkeys_mailto.in b/keyserver/gpgkeys_mailto.in deleted file mode 100755 index 9086de419..000000000 --- a/keyserver/gpgkeys_mailto.in +++ /dev/null @@ -1,202 +0,0 @@ -#!@PERL@ -w - -# gpgkeys_mailto - talk to a email keyserver -# Copyright (C) 2001, 2002 Free Software Foundation, Inc. -# -# This file is part of GnuPG. -# -# GnuPG is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# GnuPG is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -use Getopt::Std; -$sendmail="@SENDMAIL@ -t"; - -### - -getopts('o:'); - -if(defined($opt_o)) -{ - open(STDOUT,">$opt_o") || die "Can't open output file $opt_o\n"; -} - -if(@ARGV) -{ - open(STDIN,$ARGV[0]) || die "Can't open input file $ARGV[0]\n"; -} - -($login,$name)=(getpwuid($<))[0,6]; - -$from="$name <$login>"; - -while(<STDIN>) -{ - last if($_ eq "\n"); - - if(/^COMMAND (\w+)/) - { - $command=$1; - } - - if(/^OPAQUE (\S+)/) - { - $address=$1; - } - - if(/^PROGRAM (\S+)/) - { - $program=$1; - } - - if(/^OPTION (\w+)/) - { - if($1=~/^verbose$/i) - { - $verbose++; - } - elsif($1=~/^no-verbose$/i) - { - $verbose--; - } - } -} - -$program="(unknown)" if(!defined($program)); - -if(!defined($address)) -{ - print STDERR "gpgkeys: no address provided\n"; - exit(1); -} - -# decode $address - -($address,$args)=split(/\?/,$address); - -if(defined($args)) -{ - @pairs = split(/&/, $args); - foreach $pair (@pairs) - { - ($hdr, $val) = split(/=/, $pair); - $hdr =~ tr/+/ /; - $hdr =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; - $val =~ tr/+/ /; - $val =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; -# we only handle "from" right now - if($hdr=~/^from$/i) - { - $from=$val; - last; - } - } -} - -while(<STDIN>) -{ - last if($_ eq "\n"); - - chomp; - - push(@keys,$_); -} - -# Send response - -print "VERSION 0\n"; -print "OPTION OUTOFBAND\n\n"; - -# Email keyservers get and search the same way - -if($command=~/get/i || $command=~/search/i) -{ - if($command=~/search/i) - { - print "COUNT 0\n"; - } - - foreach $key (@keys) - { - open(MAIL,"|$sendmail") || die "ERROR: Can't open $sendmail\n"; - print MAIL "From: $from\n"; - print MAIL "To: $address\n"; - if($command=~/get/i) - { - # mail keyservers don't like long-form keyids - - if(substr($key,0,2) eq "0x") - { - $key=substr($key,2); - } - - if(length($key)>8) - { - $key=substr($key,-8); - } - - print MAIL "Subject: GET 0x$key\n\n"; - } - else - { - print MAIL "Subject: GET $key\n\n"; - } - print MAIL "GnuPG $program email keyserver request\n"; - close(MAIL); - - # Tell GnuPG not to expect a key - print "KEY $key OUTOFBAND\n"; - - if($verbose) - { - print STDERR "gpgkeys: key $key requested from $address\n"; - } - } -} - -if($command=~/send/i) -{ - while(!eof(STDIN)) - { - open(MAIL,"|$sendmail") || die "ERROR: Can't open $sendmail\n"; - print MAIL "From: $name <$login>\n"; - print MAIL "To: $address\n"; - print MAIL "Subject: ADD\n\n"; - - while(<STDIN>) - { - if(/^KEY (\w+) BEGIN$/) - { - $key=$1; - last; - } - } - - while(<STDIN>) - { - if(/^KEY \w+ END$/) - { - last; - } - - print MAIL; - } - - close(MAIL); - - if($verbose) - { - print STDERR "gpgkeys: key $key sent to $address\n"; - } - } -} diff --git a/keyserver/gpgkeys_test.in b/keyserver/gpgkeys_test.in deleted file mode 100755 index 09c14bfd4..000000000 --- a/keyserver/gpgkeys_test.in +++ /dev/null @@ -1,79 +0,0 @@ -#!@PERL@ - -# gpgkeys_test - keyserver code tester -# Copyright (C) 2001 Free Software Foundation, Inc. -# -# This file is part of GnuPG. -# -# GnuPG is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# GnuPG is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -use Getopt::Std; - -$|=1; - -print STDERR "gpgkeys_test starting\n"; - -getopts('o:'); - -if(defined($opt_o)) -{ - print STDERR "Using output file $opt_o\n"; - open(STDOUT,">$opt_o") || die "Can't open output file $opt_o\n"; -} - -if(@ARGV) -{ - print STDERR "Using input file $ARGV[0]\n"; - open(STDIN,$ARGV[0]) || die "Can't open input file $ARGV[0]\n"; -} - -# Get the command block - -print STDERR "Command block:\n"; - -while(<STDIN>) -{ - last if($_ eq "\n"); - print STDERR "--command-> $_"; - - if(/^COMMAND (\w+)/) - { - $command=$1; - } -} - -# Get the keylist block - -print STDERR "Keylist block:\n"; - -while(<STDIN>) -{ - last if($_ eq "\n"); - print STDERR "--keylist-> $_"; -} - -# If it's a SEND, then get the key material - -if($command eq "SEND") -{ - print STDERR "Key material to send:\n"; - - while(<STDIN>) - { - print STDERR "$_"; - } -} - -printf STDERR "gpgkeys_test finished\n"; |