X-Git-Url: http://the.earth.li/gitweb/?a=blobdiff_plain;f=keydb_hkp.c;h=3fa15935196b4222d86075d86573942822435acd;hb=cab77e4ffc25ba4fb2e5289beaa47c7d915de942;hp=3802e4985b60bcb5076ff139a80cc236f695606d;hpb=4c00c60025f3da30824b2df0fb5f25c0207245e3;p=onak.git diff --git a/keydb_hkp.c b/keydb_hkp.c index 3802e49..3fa1593 100644 --- a/keydb_hkp.c +++ b/keydb_hkp.c @@ -35,20 +35,59 @@ static CURL *curl = NULL; -/** - * initdb - Initialize the key database. - * - * We initialize CURL here. - */ -static void hkp_initdb(bool readonly) +static char hkpbase[1024]; + +static int hkp_parse_url(const char *url) { - curl_global_init(CURL_GLOBAL_DEFAULT); - curl = curl_easy_init(); - if (curl == NULL) { - logthing(LOGTHING_CRITICAL, "Could not initialize CURL."); - exit(EXIT_FAILURE); + char proto[6], host[256]; + unsigned int port; + int matched; + int ret = 1; + + proto[0] = host[0] = 0; + port = 0; + + matched = sscanf(url, "%5[a-z]://%256[a-zA-Z0-9.]:%u", proto, host, + &port); + if (matched < 2) { + proto[0] = 0; + matched = sscanf(url, "%256[a-zA-Z0-9.]:%u", host, &port); } - curl_easy_setopt(curl, CURLOPT_USERAGENT, "onak/" ONAK_VERSION); + + if (host[0] == 0) { + logthing(LOGTHING_CRITICAL, "Couldn't parse HKP host: %s", + url); + ret = 0; + goto out; + } + + if (proto[0] == 0 || !strcmp(proto, "hkp")) { + if (port == 0) { + port = 11371; + } + snprintf(hkpbase, sizeof(hkpbase), + "http://%s:%u/pks", host, port); + } else if (!strcmp(proto, "hkps")) { + if (port == 0) { + port = 11372; + } + snprintf(hkpbase, sizeof(hkpbase), + "https://%s:%u/pks", host, port); + } else if (strcmp(proto, "http") && strcmp(proto, "https")) { + logthing(LOGTHING_CRITICAL, "Unknown HKP protocol: %s", + proto); + ret = 0; + goto out; + } else if (port == 0) { + snprintf(hkpbase, sizeof(hkpbase), + "%s://%s/pks", proto, host); + } else { + snprintf(hkpbase, sizeof(hkpbase), + "%s://%s:%u/pks", proto, host, port); + } + +out: + return ret; } /** @@ -65,6 +104,38 @@ static void hkp_cleanupdb(void) curl_global_cleanup(); } +/** + * initdb - Initialize the key database. + * + * We initialize CURL here. + */ +static void hkp_initdb(bool readonly) +{ + curl_version_info_data *curl_info; + + if (!hkp_parse_url(config.db_dir)) { + exit(EXIT_FAILURE); + } + curl_global_init(CURL_GLOBAL_DEFAULT); + curl = curl_easy_init(); + if (curl == NULL) { + logthing(LOGTHING_CRITICAL, "Could not initialize CURL."); + exit(EXIT_FAILURE); + } + curl_easy_setopt(curl, CURLOPT_USERAGENT, "onak/" ONAK_VERSION); + + if (strncmp(hkpbase, "https://", 8) == 0) { + curl_info = curl_version_info(CURLVERSION_NOW); + if (! (curl_info->features & CURL_VERSION_SSL)) { + logthing(LOGTHING_CRITICAL, + "CURL lacks SSL support; cannot use HKP url: %s", + hkpbase); + hkp_cleanupdb(); + exit(EXIT_FAILURE); + } + } +} + /** * Receive data from a CURL request and process it into a buffer context. */ @@ -76,35 +147,20 @@ static size_t hkp_curl_recv_data(void *buffer, size_t size, size_t nmemb, return (nmemb * size); } -/** - * fetch_key - Given a keyid fetch the key from storage. - * @keyid: The keyid to fetch. - * @publickey: A pointer to a structure to return the key in. - * @intrans: If we're already in a transaction. - * - * We use the hex representation of the keyid as the filename to fetch the - * key from. The key is stored in the file as a binary OpenPGP stream of - * packets, so we can just use read_openpgp_stream() to read the packets - * in and then parse_keys() to parse the packets into a publickey - * structure. - */ -static int hkp_fetch_key(uint64_t keyid, struct openpgp_publickey **publickey, +static int hkp_fetch_key_url(char *url, + struct openpgp_publickey **publickey, bool intrans) { struct openpgp_packet_list *packets = NULL; - char keyurl[1024]; CURLcode res; struct buffer_ctx buf; + int count = 0; buf.offset = 0; buf.size = 8192; buf.buffer = malloc(8192); - snprintf(keyurl, sizeof(keyurl), - "http://%s:11371/pks/lookup?op=get&search=0x%08" PRIX64, - config.db_dir, keyid); - - curl_easy_setopt(curl, CURLOPT_URL, keyurl); + curl_easy_setopt(curl, CURLOPT_URL, url); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, hkp_curl_recv_data); curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buf); @@ -113,7 +169,7 @@ static int hkp_fetch_key(uint64_t keyid, struct openpgp_publickey **publickey, if (res == 0) { buf.offset = 0; dearmor_openpgp_stream(buffer_fetchchar, &buf, &packets); - parse_keys(packets, publickey); + count = parse_keys(packets, publickey); free_packet_list(packets); packets = NULL; } else { @@ -125,7 +181,51 @@ static int hkp_fetch_key(uint64_t keyid, struct openpgp_publickey **publickey, buf.offset = buf.size = 0; buf.buffer = NULL; - return (res == 0) ? 1 : 0; + return count; +} + +/** + * hkp_fetch_key_id - Given a keyid fetch the key from HKP server. + */ +static int hkp_fetch_key_id(uint64_t keyid, + struct openpgp_publickey **publickey, + bool intrans) +{ + char keyurl[1024]; + + snprintf(keyurl, sizeof(keyurl), + "%s/lookup?op=get&search=0x%08" PRIX64, + hkpbase, keyid); + + return (hkp_fetch_key_url(keyurl, publickey, intrans)); +} + +/** + * hkp_fetch_key_fp - Given a fingerprint fetch the key from HKP server. + */ +static int hkp_fetch_key_fp(uint8_t *fp, size_t fpsize, + struct openpgp_publickey **publickey, + bool intrans) +{ + char keyurl[1024]; + int i, ofs; + + if (fpsize > MAX_FINGERPRINT_LEN) { + return 0; + } + + ofs = snprintf(keyurl, sizeof(keyurl), + "%s/lookup?op=get&search=0x", hkpbase); + + if ((ofs + fpsize * 2 + 1)> sizeof(keyurl)) { + return 0; + } + + for (i = 0; i < fpsize; i++) { + ofs += sprintf(&keyurl[ofs], "%02X", fp[i]); + } + + return (hkp_fetch_key_url(keyurl, publickey, intrans)); } /** @@ -141,42 +241,13 @@ static int hkp_fetch_key(uint64_t keyid, struct openpgp_publickey **publickey, static int hkp_fetch_key_text(const char *search, struct openpgp_publickey **publickey) { - struct openpgp_packet_list *packets = NULL; char keyurl[1024]; - CURLcode res; - struct buffer_ctx buf; - int count = 0; - - buf.offset = 0; - buf.size = 8192; - buf.buffer = malloc(8192); snprintf(keyurl, sizeof(keyurl), - "http://%s:11371/pks/lookup?op=get&search=%s", - config.db_dir, search); - - curl_easy_setopt(curl, CURLOPT_URL, keyurl); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, - hkp_curl_recv_data); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buf); - res = curl_easy_perform(curl); + "%s/lookup?op=get&search=%s", + hkpbase, search); - if (res == 0) { - buf.offset = 0; - dearmor_openpgp_stream(buffer_fetchchar, &buf, &packets); - count = parse_keys(packets, publickey); - free_packet_list(packets); - packets = NULL; - } else { - logthing(LOGTHING_ERROR, "Couldn't find key: %s (%d)", - curl_easy_strerror(res), res); - } - - free(buf.buffer); - buf.offset = buf.size = 0; - buf.buffer = NULL; - - return count; + return (hkp_fetch_key_url(keyurl, publickey, false)); } /** @@ -206,9 +277,7 @@ static int hkp_store_key(struct openpgp_publickey *publickey, bool intrans, addform = curl_easy_escape(curl, buf.buffer, buf.offset); addform[7] = '='; - snprintf(keyurl, sizeof(keyurl), - "http://%s:11371/pks/add", - config.db_dir); + snprintf(keyurl, sizeof(keyurl), "%s/add", hkpbase); curl_easy_setopt(curl, CURLOPT_URL, keyurl); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, addform); @@ -292,7 +361,8 @@ struct dbfuncs keydb_hkp_funcs = { .cleanupdb = hkp_cleanupdb, .starttrans = hkp_starttrans, .endtrans = hkp_endtrans, - .fetch_key = hkp_fetch_key, + .fetch_key_id = hkp_fetch_key_id, + .fetch_key_fp = hkp_fetch_key_fp, .fetch_key_text = hkp_fetch_key_text, .store_key = hkp_store_key, .update_keys = generic_update_keys,