Page MenuHome GnuPG
Files F22948201

No OneTemporary
Actions

View Options

diff --git a/include/http.h b/include/http.h
index 7959be837..1ecdc6062 100644
--- a/include/http.h
+++ b/include/http.h
@@ -1,86 +1,93 @@
/* http.h - HTTP protocol handler
* Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005,
- * 2009 Free Software Foundation, Inc.
+ * 2009, 2012 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef G10_HTTP_H
#define G10_HTTP_H 1
#include "iobuf.h"
struct uri_tuple {
struct uri_tuple *next;
const char *name; /* a pointer into name */
char *value; /* a pointer to value (a Nul is always appended) */
size_t valuelen; /* and the real length of the value */
/* because the value may contain embedded Nuls */
};
typedef struct uri_tuple *URI_TUPLE;
struct parsed_uri {
/* all these pointers point into buffer; most stuff is not escaped */
char *scheme; /* pointer to the scheme string (lowercase) */
char *auth; /* username/password for basic auth */
char *host; /* host (converted to lowercase) */
ushort port; /* port (always set if the host is set) */
char *path; /* the path */
URI_TUPLE params; /* ";xxxxx" */
URI_TUPLE query; /* "?xxx=yyy" */
char buffer[1]; /* buffer which holds a (modified) copy of the URI */
};
typedef struct parsed_uri *PARSED_URI;
typedef enum {
HTTP_REQ_GET = 1,
HTTP_REQ_HEAD = 2,
HTTP_REQ_POST = 3
} HTTP_REQ_TYPE;
/* put flag values into an enum, so that gdb can display them */
enum
{
HTTP_FLAG_NO_SHUTDOWN = 1
};
struct http_context {
int initialized;
unsigned int status_code;
int sock;
int in_data;
IOBUF fp_read;
IOBUF fp_write;
int is_http_0_9;
PARSED_URI uri;
HTTP_REQ_TYPE req_type;
byte *buffer; /* line buffer */
unsigned buffer_size;
unsigned int flags;
};
typedef struct http_context *HTTP_HD;
+struct http_srv
+{
+ const char *srvtag;
+ char *used_server;
+ unsigned short used_port;
+};
+
int http_open( HTTP_HD hd, HTTP_REQ_TYPE reqtype, const char *url,
char *auth, unsigned int flags, const char *proxy,
- const char *srvtag, STRLIST headers );
+ struct http_srv *srv, STRLIST headers );
void http_start_data( HTTP_HD hd );
int http_wait_response( HTTP_HD hd, unsigned int *ret_status );
void http_close( HTTP_HD hd );
int http_open_document( HTTP_HD hd, const char *document, char *auth,
unsigned int flags, const char *proxy,
- const char *srvtag, STRLIST headers );
+ struct http_srv *srv, STRLIST headers );
#endif /*G10_HTTP_H*/
diff --git a/keyserver/curl-shim.c b/keyserver/curl-shim.c
index 2df782638..857b5c184 100644
--- a/keyserver/curl-shim.c
+++ b/keyserver/curl-shim.c
@@ -1,365 +1,385 @@
/* curl-shim.c - Implement a small subset of the curl API in terms of
* the iobuf HTTP API
*
- * Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2005, 2006, 2007, 2008, 2009, 2012 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include "http.h"
#include "util.h"
#include "ksutil.h"
#include "curl-shim.h"
static CURLcode
handle_error(CURL *curl,CURLcode err,const char *str)
{
if(curl->errorbuffer)
{
/* Make sure you never exceed CURL_ERROR_SIZE, currently set to
256 in curl-shim.h */
switch(err)
{
case CURLE_OK:
strcpy(curl->errorbuffer,"okay");
break;
case CURLE_UNSUPPORTED_PROTOCOL:
strcpy(curl->errorbuffer,"unsupported protocol");
break;
case CURLE_COULDNT_CONNECT:
strcpy(curl->errorbuffer,"couldn't connect");
break;
case CURLE_WRITE_ERROR:
strcpy(curl->errorbuffer,"write error");
break;
case CURLE_HTTP_RETURNED_ERROR:
sprintf(curl->errorbuffer,"url returned error %u",curl->status);
break;
default:
strcpy(curl->errorbuffer,"generic error");
break;
}
if(str && (strlen(curl->errorbuffer)+2+strlen(str)+1)<=CURL_ERROR_SIZE)
{
strcat(curl->errorbuffer,": ");
strcat(curl->errorbuffer,str);
}
}
return err;
}
CURLcode
curl_global_init(long flags)
{
return CURLE_OK;
}
void
curl_global_cleanup(void) {}
CURL *
curl_easy_init(void)
{
CURL *handle;
handle=calloc(1,sizeof(CURL));
if(handle)
handle->errors=stderr;
return handle;
}
void
curl_easy_cleanup(CURL *curl)
{
free(curl);
}
CURLcode
curl_easy_setopt(CURL *curl,CURLoption option,...)
{
va_list ap;
va_start(ap,option);
switch(option)
{
case CURLOPT_URL:
curl->url=va_arg(ap,char *);
break;
case CURLOPT_USERPWD:
curl->auth=va_arg(ap,char *);
break;
case CURLOPT_WRITEFUNCTION:
curl->writer=va_arg(ap,write_func);
break;
case CURLOPT_FILE:
curl->file=va_arg(ap,void *);
break;
case CURLOPT_ERRORBUFFER:
curl->errorbuffer=va_arg(ap,char *);
break;
case CURLOPT_PROXY:
curl->proxy=va_arg(ap,char *);
break;
case CURLOPT_POST:
curl->flags.post=va_arg(ap,long)?1:0;
break;
case CURLOPT_POSTFIELDS:
curl->postfields=va_arg(ap,char *);
break;
case CURLOPT_SRVTAG_GPG_HACK:
curl->srvtag=va_arg(ap,char *);
break;
case CURLOPT_FAILONERROR:
curl->flags.failonerror=va_arg(ap,long)?1:0;
break;
case CURLOPT_VERBOSE:
curl->flags.verbose=va_arg(ap,long)?1:0;
break;
case CURLOPT_STDERR:
curl->errors=va_arg(ap,FILE *);
break;
case CURLOPT_HTTPHEADER:
curl->headers=va_arg(ap,struct curl_slist *);
break;
default:
/* We ignore the huge majority of curl options */
break;
}
return handle_error(curl,CURLE_OK,NULL);
}
CURLcode
curl_easy_perform(CURL *curl)
{
int rc;
CURLcode err=CURLE_OK;
const char *errstr=NULL;
char *proxy=NULL;
+ struct http_srv srv;
+
+ memset(&srv,0,sizeof(srv));
/* Emulate the libcurl proxy behavior. If the calling program set a
proxy, use it. If it didn't set a proxy or set it to NULL, check
for one in the environment. If the calling program explicitly
set a null-string proxy the http code doesn't use a proxy at
all. */
if(curl->proxy)
proxy=curl->proxy;
else
proxy=getenv(HTTP_PROXY_ENV);
+ if(curl->srvtag)
+ srv.srvtag=curl->srvtag;
+
if(curl->flags.verbose)
{
fprintf(curl->errors,"* HTTP proxy is \"%s\"\n",proxy?proxy:"null");
fprintf(curl->errors,"* HTTP URL is \"%s\"\n",curl->url);
+ if(srv.srvtag)
+ fprintf(curl->errors,
+ "* SRV tag is \"%s\": host and port may be overridden\n",
+ srv.srvtag);
fprintf(curl->errors,"* HTTP auth is \"%s\"\n",
curl->auth?curl->auth:"null");
fprintf(curl->errors,"* HTTP method is %s\n",
curl->flags.post?"POST":"GET");
}
if(curl->flags.post)
{
rc=http_open(&curl->hd,HTTP_REQ_POST,curl->url,curl->auth,0,proxy,
- curl->srvtag,curl->headers?curl->headers->list:NULL);
+ &srv,curl->headers?curl->headers->list:NULL);
if(rc==0)
{
char content_len[50];
unsigned int post_len=strlen(curl->postfields);
+ if(curl->flags.verbose && srv.used_server && srv.used_port)
+ fprintf (curl->errors, "* HTTP host:port post-SRV is \"%s:%hu\"\n",
+ srv.used_server, srv.used_port);
+
iobuf_writestr(curl->hd.fp_write,
"Content-Type: application/x-www-form-urlencoded\r\n");
sprintf(content_len,"Content-Length: %u\r\n",post_len);
iobuf_writestr(curl->hd.fp_write,content_len);
http_start_data(&curl->hd);
iobuf_write(curl->hd.fp_write,curl->postfields,post_len);
rc=http_wait_response(&curl->hd,&curl->status);
if(rc==0 && curl->flags.failonerror && curl->status>=300)
err=CURLE_HTTP_RETURNED_ERROR;
}
}
else
{
rc=http_open(&curl->hd,HTTP_REQ_GET,curl->url,curl->auth,0,proxy,
- curl->srvtag,curl->headers?curl->headers->list:NULL);
+ &srv,curl->headers?curl->headers->list:NULL);
if(rc==0)
{
+ if(curl->flags.verbose && srv.used_server && srv.used_port)
+ fprintf (curl->errors, "* HTTP host:port post-SRV is \"%s:%hu\"\n",
+ srv.used_server, srv.used_port);
+
rc=http_wait_response(&curl->hd,&curl->status);
if(rc==0)
{
if(curl->flags.failonerror && curl->status>=300)
err=CURLE_HTTP_RETURNED_ERROR;
else
{
unsigned int maxlen=1024,buflen,len;
byte *line=NULL;
while((len=iobuf_read_line(curl->hd.fp_read,
&line,&buflen,&maxlen)))
{
size_t ret;
maxlen=1024;
ret=(curl->writer)(line,len,1,curl->file);
if(ret!=len)
{
err=CURLE_WRITE_ERROR;
break;
}
}
xfree(line);
http_close(&curl->hd);
}
}
else
http_close(&curl->hd);
}
}
+ free (srv.used_server);
+
switch(rc)
{
case 0:
break;
case G10ERR_INVALID_URI:
err=CURLE_UNSUPPORTED_PROTOCOL;
break;
case G10ERR_NETWORK:
errstr=strerror(errno);
err=CURLE_COULDNT_CONNECT;
break;
default:
errstr=g10_errstr(rc);
err=CURLE_COULDNT_CONNECT;
break;
}
return handle_error(curl,err,errstr);
}
/* This is not the same exact set that is allowed according to
RFC-2396, but it is what the real curl uses. */
#define VALID_URI_CHARS "abcdefghijklmnopqrstuvwxyz" \
"ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
"0123456789"
char *
curl_easy_escape(CURL *curl,char *str,int length)
{
int len,max,idx,enc_idx=0;
char *enc;
if(length)
len=length;
else
len=strlen(str);
enc = xtrymalloc(len+1);
if(!enc)
return enc;
max=len;
for(idx=0;idx<len;idx++)
{
if(enc_idx+3>max)
{
char *tmp;
max+=100;
tmp=realloc(enc,max+1);
if(!tmp)
{
free(enc);
return NULL;
}
enc=tmp;
}
if(strchr(VALID_URI_CHARS,str[idx]))
enc[enc_idx++]=str[idx];
else
{
char numbuf[5];
sprintf(numbuf,"%%%02X",(unsigned char)str[idx]);
strcpy(&enc[enc_idx],numbuf);
enc_idx+=3;
}
}
enc[enc_idx]='\0';
return enc;
}
curl_version_info_data *
curl_version_info(int type)
{
static curl_version_info_data data;
static const char *protocols[]={"http",NULL};
data.protocols=protocols;
return &data;
}
struct curl_slist *
curl_slist_append(struct curl_slist *list,const char *string)
{
if(!list)
{
list=calloc(1,sizeof(*list));
if(!list)
return NULL;
}
add_to_strlist(&list->list,string);
return list;
}
void
curl_slist_free_all(struct curl_slist *list)
{
if(list)
{
free_strlist(list->list);
free(list);
}
}
diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c
index b2e1a1a9a..27d67c6e6 100644
--- a/keyserver/gpgkeys_hkp.c
+++ b/keyserver/gpgkeys_hkp.c
@@ -1,974 +1,978 @@
/* gpgkeys_hkp.c - talk to an HKP keyserver
* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- * 2009 Free Software Foundation, Inc.
+ * 2009, 2012 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*
* In addition, as a special exception, the Free Software Foundation
* gives permission to link the code of the keyserver helper tools:
* gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
* project's "OpenSSL" library (or with modified versions of it that
* use the same license as the "OpenSSL" library), and distribute the
* linked executables. You must obey the GNU General Public License
* in all respects for all of the code used other than "OpenSSL". If
* you modify this file, you may extend this exception to your version
* of the file, but you are not obligated to do so. If you do not
* wish to do so, delete this exception statement from your version.
*/
#include <config.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
#ifdef HAVE_LIBCURL
#include <curl/curl.h>
#else
#include "curl-shim.h"
#endif
#ifdef USE_DNS_SRV
#include "srv.h"
#endif
#include "compat.h"
#include "keyserver.h"
#include "ksutil.h"
extern char *optarg;
extern int optind;
static FILE *input,*output,*console;
static CURL *curl;
static struct ks_options *opt;
static char errorbuffer[CURL_ERROR_SIZE];
static char *proto,*port;
static size_t
curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream)
{
static int checked=0,swallow=0;
if(!checked)
{
/* If the document begins with a '<', assume it's a HTML
response, which we don't support. Discard the whole message
body. GPG can handle it, but this is an optimization to deal
with it on this side of the pipe. */
const char *buf=ptr;
if(buf[0]=='<')
swallow=1;
checked=1;
}
if(swallow || fwrite(ptr,size,nmemb,stream)==nmemb)
return size*nmemb;
else
return 0;
}
/* Append but avoid creating a double slash // in the path. */
static char *
append_path(char *dest,const char *src)
{
size_t n=strlen(dest);
if(src[0]=='/' && n>0 && dest[n-1]=='/')
dest[n-1]='\0';
return strcat(dest,src);
}
int
send_key(int *eof)
{
CURLcode res;
char request[MAX_URL+15];
int begin=0,end=0,ret=KEYSERVER_INTERNAL_ERROR;
char keyid[17],state[6];
char line[MAX_LINE];
char *key=NULL,*encoded_key=NULL;
size_t keysize=1;
key = xtrymalloc(1);
if(!key)
{
fprintf(console,"gpgkeys: unable to allocate memory for key\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
key[0]='\0';
/* Read and throw away input until we see the BEGIN */
while(fgets(line,MAX_LINE,input)!=NULL)
if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
&& strcmp(state,"BEGIN")==0)
{
begin=1;
break;
}
if(!begin)
{
/* i.e. eof before the KEY BEGIN was found. This isn't an
error. */
*eof=1;
ret=KEYSERVER_OK;
goto fail;
}
/* Now slurp up everything until we see the END */
while(fgets(line,MAX_LINE,input))
if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
&& strcmp(state,"END")==0)
{
end=1;
break;
}
else
{
char *tempkey;
keysize+=strlen(line);
tempkey=realloc(key,keysize);
if(tempkey==NULL)
{
fprintf(console,"gpgkeys: unable to reallocate for key\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
else
key=tempkey;
strcat(key,line);
}
if(!end)
{
fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
*eof=1;
ret=KEYSERVER_KEY_INCOMPLETE;
goto fail;
}
encoded_key=curl_easy_escape(curl,key,keysize);
if(!encoded_key)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
free(key);
key=xtrymalloc(8+strlen(encoded_key)+1);
if(!key)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
strcpy(key,"keytext=");
strcat(key,encoded_key);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
strcat(request,opt->path);
/* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL,
including any supplied path. The 15 covers /pks/add. */
append_path(request,"/pks/add");
if(opt->verbose>2)
fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_POST,1L);
curl_easy_setopt(curl,CURLOPT_POSTFIELDS,key);
curl_easy_setopt(curl,CURLOPT_FAILONERROR,1L);
res=curl_easy_perform(curl);
if(res!=0)
{
fprintf(console,"gpgkeys: HTTP post error %d: %s\n",res,errorbuffer);
ret=curl_err_to_gpg_err(res);
goto fail;
}
else
fprintf(output,"\nKEY %s SENT\n",keyid);
ret=KEYSERVER_OK;
fail:
free(key);
curl_free(encoded_key);
if(ret!=0 && begin)
fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
return ret;
}
static int
get_key(char *getkey)
{
CURLcode res;
char request[MAX_URL+92];
char *offset;
struct curl_writer_ctx ctx;
size_t keylen;
memset(&ctx,0,sizeof(ctx));
/* Build the search string. HKP only uses the short key IDs. */
if(strncmp(getkey,"0x",2)==0)
getkey+=2;
fprintf(output,"KEY 0x%s BEGIN\n",getkey);
if(strlen(getkey)==32)
{
fprintf(console,
"gpgkeys: HKP keyservers do not support v3 fingerprints\n");
fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED);
return KEYSERVER_NOT_SUPPORTED;
}
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
strcat(request,opt->path);
/* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL,
including any supplied path. The 92 overcovers this /pks/... etc
string plus the 8, 16, or 40 bytes of key id/fingerprint */
append_path(request,"/pks/lookup?op=get&options=mr&search=0x");
/* send only fingerprint, long key id, or short keyid. see:
https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-3.1.1.1 */
keylen = strlen(getkey);
if(keylen >= 40)
offset=&getkey[keylen-40];
else if(keylen >= 16)
offset=&getkey[keylen-16];
else if(keylen >= 8)
offset=&getkey[keylen-8];
else
offset=getkey;
strcat(request,offset);
if(opt->verbose>2)
fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
ctx.stream=output;
curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
res=curl_easy_perform(curl);
if(res!=CURLE_OK)
{
fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer);
fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
}
else
{
curl_writer_finalize(&ctx);
if(!ctx.flags.done)
{
fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
fprintf(output,"\nKEY 0x%s FAILED %d\n",
getkey,KEYSERVER_KEY_NOT_FOUND);
}
else
fprintf(output,"\nKEY 0x%s END\n",getkey);
}
return KEYSERVER_OK;
}
static int
get_name(const char *getkey)
{
CURLcode res;
char *request=NULL;
char *searchkey_encoded;
int ret=KEYSERVER_INTERNAL_ERROR;
struct curl_writer_ctx ctx;
memset(&ctx,0,sizeof(ctx));
searchkey_encoded=curl_easy_escape(curl,(char *)getkey,0);
if(!searchkey_encoded)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
request=xtrymalloc(MAX_URL+60+strlen(searchkey_encoded));
if(!request)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
fprintf(output,"NAME %s BEGIN\n",getkey);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
strcat(request,opt->path);
append_path(request,"/pks/lookup?op=get&options=mr&search=");
strcat(request,searchkey_encoded);
if(opt->action==KS_GETNAME)
strcat(request,"&exact=on");
if(opt->verbose>2)
fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
ctx.stream=output;
curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
res=curl_easy_perform(curl);
if(res!=CURLE_OK)
{
fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer);
ret=curl_err_to_gpg_err(res);
}
else
{
curl_writer_finalize(&ctx);
if(!ctx.flags.done)
{
fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
ret=KEYSERVER_KEY_NOT_FOUND;
}
else
{
fprintf(output,"\nNAME %s END\n",getkey);
ret=KEYSERVER_OK;
}
}
fail:
curl_free(searchkey_encoded);
free(request);
if(ret!=KEYSERVER_OK)
fprintf(output,"\nNAME %s FAILED %d\n",getkey,ret);
return ret;
}
static int
search_key(const char *searchkey)
{
CURLcode res;
char *request=NULL;
char *searchkey_encoded;
int ret=KEYSERVER_INTERNAL_ERROR;
enum ks_search_type search_type;
search_type=classify_ks_search(&searchkey);
if(opt->debug)
fprintf(console,"gpgkeys: search type is %d, and key is \"%s\"\n",
search_type,searchkey);
searchkey_encoded=curl_easy_escape(curl,(char *)searchkey,0);
if(!searchkey_encoded)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
request=xtrymalloc(MAX_URL+60+strlen(searchkey_encoded));
if(!request)
{
fprintf(console,"gpgkeys: out of memory\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
fprintf(output,"SEARCH %s BEGIN\n",searchkey);
strcpy(request,proto);
strcat(request,"://");
strcat(request,opt->host);
strcat(request,":");
strcat(request,port);
strcat(request,opt->path);
append_path(request,"/pks/lookup?op=index&options=mr&search=");
/* HKP keyservers like the 0x to be present when searching by
keyid */
if(search_type==KS_SEARCH_KEYID_SHORT || search_type==KS_SEARCH_KEYID_LONG)
strcat(request,"0x");
strcat(request,searchkey_encoded);
if(search_type!=KS_SEARCH_SUBSTR)
strcat(request,"&exact=on");
if(opt->verbose>2)
fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
curl_easy_setopt(curl,CURLOPT_URL,request);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_mrindex_writer);
curl_easy_setopt(curl,CURLOPT_FILE,output);
res=curl_easy_perform(curl);
if(res!=0)
{
fprintf(console,"gpgkeys: HTTP search error %d: %s\n",res,errorbuffer);
ret=curl_err_to_gpg_err(res);
}
else
{
fprintf(output,"\nSEARCH %s END\n",searchkey);
ret=KEYSERVER_OK;
}
fail:
curl_free(searchkey_encoded);
free(request);
if(ret!=KEYSERVER_OK)
fprintf(output,"\nSEARCH %s FAILED %d\n",searchkey,ret);
return ret;
}
void
fail_all(struct keylist *keylist,int err)
{
if(!keylist)
return;
if(opt->action==KS_SEARCH)
{
fprintf(output,"SEARCH ");
while(keylist)
{
fprintf(output,"%s ",keylist->str);
keylist=keylist->next;
}
fprintf(output,"FAILED %d\n",err);
}
else
while(keylist)
{
fprintf(output,"KEY %s FAILED %d\n",keylist->str,err);
keylist=keylist->next;
}
}
#ifdef HAVE_LIBCURL
/* If there is a SRV record, take the highest ranked possibility.
This is a hack, as we don't proceed downwards. */
static void
srv_replace(const char *srvtag)
{
#ifdef USE_DNS_SRV
struct srventry *srvlist=NULL;
if(!srvtag)
return;
if(1+strlen(srvtag)+6+strlen(opt->host)+1<=MAXDNAME)
{
char srvname[MAXDNAME];
strcpy(srvname,"_");
strcat(srvname,srvtag);
strcat(srvname,"._tcp.");
strcat(srvname,opt->host);
getsrv(srvname,&srvlist);
}
if(srvlist)
{
char *newname,*newport;
newname=strdup(srvlist->target);
newport=xtrymalloc(MAX_PORT);
if(newname && newport)
{
free(opt->host);
free(opt->port);
opt->host=newname;
snprintf(newport,MAX_PORT,"%u",srvlist->port);
opt->port=newport;
}
else
{
free(newname);
free(newport);
}
}
#endif
}
#endif
static void
show_help (FILE *fp)
{
fprintf (fp,"-h, --help\thelp\n");
fprintf (fp,"-V\t\tmachine readable version\n");
fprintf (fp,"--version\thuman readable version\n");
fprintf (fp,"-o\t\toutput to this file\n");
}
int
main(int argc,char *argv[])
{
int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1;
char line[MAX_LINE];
int failed=0;
struct keylist *keylist=NULL,*keyptr=NULL;
char *proxy=NULL;
struct curl_slist *headers=NULL;
console=stderr;
/* Kludge to implement standard GNU options. */
if (argc > 1 && !strcmp (argv[1], "--version"))
{
printf ("gpgkeys_hkp (GnuPG) %s\n", VERSION);
printf ("Uses: %s\n", curl_version());
return 0;
}
else if (argc > 1 && !strcmp (argv[1], "--help"))
{
show_help (stdout);
return 0;
}
while((arg=getopt(argc,argv,"hVo:"))!=-1)
switch(arg)
{
default:
case 'h':
show_help (console);
return KEYSERVER_OK;
case 'V':
fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
return KEYSERVER_OK;
case 'o':
output=fopen(optarg,"w");
if(output==NULL)
{
fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n",
optarg,strerror(errno));
return KEYSERVER_INTERNAL_ERROR;
}
break;
}
if(argc>optind)
{
input=fopen(argv[optind],"r");
if(input==NULL)
{
fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n",
argv[optind],strerror(errno));
return KEYSERVER_INTERNAL_ERROR;
}
}
if(input==NULL)
input=stdin;
if(output==NULL)
output=stdout;
opt=init_ks_options();
if(!opt)
return KEYSERVER_NO_MEMORY;
/* Get the command and info block */
while(fgets(line,MAX_LINE,input)!=NULL)
{
int err;
char option[MAX_OPTION+1];
if(line[0]=='\n')
break;
err=parse_ks_options(line,opt);
if(err>0)
{
ret=err;
goto fail;
}
else if(err==0)
continue;
if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
{
int no=0;
char *start=&option[0];
option[MAX_OPTION]='\0';
if(ascii_strncasecmp(option,"no-",3)==0)
{
no=1;
start=&option[3];
}
if(ascii_strncasecmp(start,"http-proxy",10)==0)
{
if(no)
{
free(proxy);
proxy=strdup("");
}
else if(start[10]=='=')
{
if(strlen(&start[11])<MAX_PROXY)
{
free(proxy);
proxy=strdup(&start[11]);
}
}
}
else if(ascii_strcasecmp(start,"try-dns-srv")==0)
{
if(no)
try_srv=0;
else
try_srv=1;
}
continue;
}
}
if(!opt->scheme)
{
fprintf(console,"gpgkeys: no scheme supplied!\n");
ret=KEYSERVER_SCHEME_NOT_FOUND;
goto fail;
}
+ /* Defaults */
if(ascii_strcasecmp(opt->scheme,"hkps")==0)
{
proto="https";
port="443";
}
else
{
proto="http";
port="11371";
}
if(!opt->host)
{
fprintf(console,"gpgkeys: no keyserver host provided\n");
goto fail;
}
if(opt->timeout && register_timeout()==-1)
{
fprintf(console,"gpgkeys: unable to register timeout handler\n");
return KEYSERVER_INTERNAL_ERROR;
}
curl_global_init(CURL_GLOBAL_DEFAULT);
curl=curl_easy_init();
if(!curl)
{
fprintf(console,"gpgkeys: unable to initialize curl\n");
ret=KEYSERVER_INTERNAL_ERROR;
goto fail;
}
- /* If the user gives a :port, then disable SRV. The semantics of a
- specified port and SRV do not play well together. */
- if(opt->port)
- port=opt->port;
- else if(try_srv)
+ /* Only use SRV if the user does not provide a :port. The semantics
+ of a specified port and SRV do not play well together. */
+ if(!opt->port && try_srv)
{
char *srvtag;
if(ascii_strcasecmp(opt->scheme,"hkp")==0)
srvtag="pgpkey-http";
else if(ascii_strcasecmp(opt->scheme,"hkps")==0)
srvtag="pgpkey-https";
else
srvtag=NULL;
#ifdef HAVE_LIBCURL
/* We're using libcurl, so fake SRV support via our wrapper.
This isn't as good as true SRV support, as we do not try all
possible targets at one particular level and work our way
down the list, but it's better than nothing. */
srv_replace(srvtag);
#else
/* We're using our internal curl shim, so we can use its (true)
SRV support. Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real
libcurl option. It's specific to our shim. */
curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,srvtag);
#endif
}
+ /* If the user provided a port (or it came in via SRV, above),
+ replace the default. */
+ if(opt->port)
+ port=opt->port;
+
curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
if(opt->auth)
curl_easy_setopt(curl,CURLOPT_USERPWD,opt->auth);
if(opt->debug)
{
fprintf(console,"gpgkeys: curl version = %s\n",curl_version());
curl_easy_setopt(curl,CURLOPT_STDERR,console);
curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
}
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
/* Avoid caches to get the most recent copy of the key. This is bug
#1061. In pre-curl versions of the code, we didn't do it. Then
we did do it (as a curl default) until curl changed the default.
Now we're doing it again, but in such a way that changing
defaults in the future won't impact us. We set both the Pragma
and Cache-Control versions of the header, so we're good with both
HTTP 1.0 and 1.1. */
headers=curl_slist_append(headers,"Pragma: no-cache");
if(headers)
headers=curl_slist_append(headers,"Cache-Control: no-cache");
if(!headers)
{
fprintf(console,"gpgkeys: out of memory when building HTTP headers\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
if(proxy)
curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
/* If it's a GET or a SEARCH, the next thing to come in is the
keyids. If it's a SEND, then there are no keyids. */
if(opt->action==KS_SEND)
while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
else if(opt->action==KS_GET
|| opt->action==KS_GETNAME || opt->action==KS_SEARCH)
{
for(;;)
{
struct keylist *work;
if(fgets(line,MAX_LINE,input)==NULL)
break;
else
{
if(line[0]=='\n' || line[0]=='\0')
break;
work=xtrymalloc(sizeof(struct keylist));
if(work==NULL)
{
fprintf(console,"gpgkeys: out of memory while "
"building key list\n");
ret=KEYSERVER_NO_MEMORY;
goto fail;
}
strcpy(work->str,line);
/* Trim the trailing \n */
work->str[strlen(line)-1]='\0';
work->next=NULL;
/* Always attach at the end to keep the list in proper
order for searching */
if(keylist==NULL)
keylist=work;
else
keyptr->next=work;
keyptr=work;
}
}
}
else
{
fprintf(console,"gpgkeys: no keyserver command specified\n");
goto fail;
}
/* Send the response */
fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
fprintf(output,"PROGRAM %s %s\n\n",VERSION,curl_version());
if(opt->verbose>1)
{
fprintf(console,"Host:\t\t%s\n",opt->host);
if(opt->port)
fprintf(console,"Port:\t\t%s\n",opt->port);
if(strcmp(opt->path,"/")!=0)
fprintf(console,"Path:\t\t%s\n",opt->path);
fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
}
if(opt->action==KS_GET)
{
keyptr=keylist;
while(keyptr!=NULL)
{
set_timeout(opt->timeout);
if(get_key(keyptr->str)!=KEYSERVER_OK)
failed++;
keyptr=keyptr->next;
}
}
else if(opt->action==KS_GETNAME)
{
keyptr=keylist;
while(keyptr!=NULL)
{
set_timeout(opt->timeout);
if(get_name(keyptr->str)!=KEYSERVER_OK)
failed++;
keyptr=keyptr->next;
}
}
else if(opt->action==KS_SEND)
{
int eof=0;
do
{
set_timeout(opt->timeout);
if(send_key(&eof)!=KEYSERVER_OK)
failed++;
}
while(!eof);
}
else if(opt->action==KS_SEARCH)
{
char *searchkey=NULL;
int len=0;
set_timeout(opt->timeout);
/* To search, we stick a space in between each key to search
for. */
keyptr=keylist;
while(keyptr!=NULL)
{
len+=strlen(keyptr->str)+1;
keyptr=keyptr->next;
}
searchkey=xtrymalloc(len+1);
if(searchkey==NULL)
{
ret=KEYSERVER_NO_MEMORY;
fail_all(keylist,KEYSERVER_NO_MEMORY);
goto fail;
}
searchkey[0]='\0';
keyptr=keylist;
while(keyptr!=NULL)
{
strcat(searchkey,keyptr->str);
strcat(searchkey," ");
keyptr=keyptr->next;
}
/* Nail that last space */
if(*searchkey)
searchkey[strlen(searchkey)-1]='\0';
if(search_key(searchkey)!=KEYSERVER_OK)
failed++;
free(searchkey);
}
else
abort();
if(!failed)
ret=KEYSERVER_OK;
fail:
while(keylist!=NULL)
{
struct keylist *current=keylist;
keylist=keylist->next;
free(current);
}
if(input!=stdin)
fclose(input);
if(output!=stdout)
fclose(output);
free_ks_options(opt);
curl_slist_free_all(headers);
if(curl)
curl_easy_cleanup(curl);
free(proxy);
return ret;
}
diff --git a/util/http.c b/util/http.c
index 9aaa1d134..bab979613 100644
--- a/util/http.c
+++ b/util/http.c
@@ -1,1107 +1,1115 @@
/* http.c - HTTP protocol handler
* Copyright (C) 1999, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- * 2009 Free Software Foundation, Inc.
+ * 2009, 2012 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#ifdef _WIN32
#include <windows.h>
#else
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <time.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#endif
#include "util.h"
#include "iobuf.h"
#include "i18n.h"
#include "http.h"
#include "srv.h"
#ifdef _WIN32
#define sock_close(a) closesocket(a)
#else
#define sock_close(a) close(a)
#endif
#define MAX_LINELEN 20000 /* max. length of a HTTP line */
#define VALID_URI_CHARS "abcdefghijklmnopqrstuvwxyz" \
"ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
"01234567890@" \
"!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~"
#ifndef EAGAIN
#define EAGAIN EWOULDBLOCK
#endif
static int parse_uri( PARSED_URI *ret_uri, const char *uri );
static void release_parsed_uri( PARSED_URI uri );
static int do_parse_uri( PARSED_URI uri, int only_local_part );
static int remove_escapes( byte *string );
static int insert_escapes( byte *buffer, const byte *string,
const byte *special );
static URI_TUPLE parse_tuple( byte *string );
static int send_request( HTTP_HD hd, const char *auth, const char *proxy,
- const char *srvtag, STRLIST headers);
+ struct http_srv *srv, STRLIST headers);
static byte *build_rel_path( PARSED_URI uri );
static int parse_response( HTTP_HD hd );
static int connect_server( const char *server, ushort port, unsigned int flags,
- const char *srvtag );
+ struct http_srv *srv );
static int write_server( int sock, const char *data, size_t length );
#ifdef _WIN32
static void
deinit_sockets (void)
{
WSACleanup();
}
static void
init_sockets (void)
{
static int initialized;
static WSADATA wsdata;
if (initialized)
return;
if( WSAStartup( 0x0101, &wsdata ) ) {
log_error ("error initializing socket library: ec=%d\n",
(int)WSAGetLastError () );
return;
}
if( wsdata.wVersion < 0x0001 ) {
log_error ("socket library version is %x.%x - but 1.1 needed\n",
LOBYTE(wsdata.wVersion), HIBYTE(wsdata.wVersion));
WSACleanup();
return;
}
atexit ( deinit_sockets );
initialized = 1;
}
#endif /*_WIN32*/
static byte bintoasc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
/****************
* create a radix64 encoded string.
*/
/* TODO: This is a duplicate of code in g10/armor.c modified to do the
"=" padding. Better to use a single copy in strgutil.c ? */
static char *
make_radix64_string( const byte *data, size_t len )
{
char *buffer, *p;
buffer = p = xmalloc( (len+2)/3*4 + 1 );
for( ; len >= 3 ; len -= 3, data += 3 ) {
*p++ = bintoasc[(data[0] >> 2) & 077];
*p++ = bintoasc[(((data[0] <<4)&060)|((data[1] >> 4)&017))&077];
*p++ = bintoasc[(((data[1]<<2)&074)|((data[2]>>6)&03))&077];
*p++ = bintoasc[data[2]&077];
}
if( len == 2 ) {
*p++ = bintoasc[(data[0] >> 2) & 077];
*p++ = bintoasc[(((data[0] <<4)&060)|((data[1] >> 4)&017))&077];
*p++ = bintoasc[((data[1]<<2)&074)];
*p++ = '=';
}
else if( len == 1 ) {
*p++ = bintoasc[(data[0] >> 2) & 077];
*p++ = bintoasc[(data[0] <<4)&060];
*p++ = '=';
*p++ = '=';
}
*p = 0;
return buffer;
}
int
http_open( HTTP_HD hd, HTTP_REQ_TYPE reqtype, const char *url,
char *auth, unsigned int flags, const char *proxy,
- const char *srvtag, STRLIST headers )
+ struct http_srv *srv, STRLIST headers )
{
int rc;
if( !(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST) )
return G10ERR_INV_ARG;
/* initialize the handle */
memset( hd, 0, sizeof *hd );
hd->sock = -1;
hd->initialized = 1;
hd->req_type = reqtype;
hd->flags = flags;
rc = parse_uri( &hd->uri, url );
if( !rc ) {
- rc = send_request( hd, auth, proxy, srvtag, headers );
+ rc = send_request( hd, auth, proxy, srv, headers );
if( !rc ) {
hd->fp_write = iobuf_sockopen( hd->sock , "w" );
if( hd->fp_write )
return 0;
rc = G10ERR_GENERAL;
}
}
if( !hd->fp_read && !hd->fp_write && hd->sock != -1 )
sock_close( hd->sock );
iobuf_close( hd->fp_read );
iobuf_close( hd->fp_write);
release_parsed_uri( hd->uri );
hd->initialized = 0;
return rc;
}
void
http_start_data( HTTP_HD hd )
{
iobuf_flush ( hd->fp_write );
if( !hd->in_data ) {
write_server (hd->sock, "\r\n", 2);
hd->in_data = 1;
}
}
int
http_wait_response( HTTP_HD hd, unsigned int *ret_status )
{
int rc;
http_start_data( hd ); /* make sure that we are in the data */
#if 0
hd->sock = dup( hd->sock );
if( hd->sock == -1 )
return G10ERR_GENERAL;
#endif
iobuf_ioctl (hd->fp_write, 1, 1, NULL); /* keep the socket open */
iobuf_close (hd->fp_write);
hd->fp_write = NULL;
/* We do not want the shutdown code anymore. It used to be there
to support old versions of pksd. These versions are anyway
unusable and the latest releases haven been fixed to properly
handle HTTP 1.0. */
/* if ( !(hd->flags & HTTP_FLAG_NO_SHUTDOWN) ) */
/* shutdown( hd->sock, 1 ); */
hd->in_data = 0;
hd->fp_read = iobuf_sockopen( hd->sock , "r" );
if( !hd->fp_read )
return G10ERR_GENERAL;
rc = parse_response( hd );
if( !rc && ret_status )
*ret_status = hd->status_code;
return rc;
}
int
http_open_document( HTTP_HD hd, const char *document, char *auth,
- unsigned int flags, const char *proxy, const char *srvtag,
+ unsigned int flags, const char *proxy, struct http_srv *srv,
STRLIST headers )
{
int rc;
- rc = http_open(hd, HTTP_REQ_GET, document, auth, flags, proxy, srvtag,
+ rc = http_open(hd, HTTP_REQ_GET, document, auth, flags, proxy, srv,
headers );
if( rc )
return rc;
rc = http_wait_response( hd, NULL );
if( rc )
http_close( hd );
return rc;
}
void
http_close( HTTP_HD hd )
{
if( !hd || !hd->initialized )
return;
if( !hd->fp_read && !hd->fp_write && hd->sock != -1 )
sock_close( hd->sock );
iobuf_close( hd->fp_read );
iobuf_close( hd->fp_write );
release_parsed_uri( hd->uri );
xfree( hd->buffer );
hd->initialized = 0;
}
/****************
* Parse an URI and put the result into the newly allocated ret_uri.
* The caller must always use release_parsed_uri to releases the
* resources (even on an error).
*/
static int
parse_uri( PARSED_URI *ret_uri, const char *uri )
{
*ret_uri = xmalloc_clear( sizeof(**ret_uri) + strlen(uri) );
strcpy( (*ret_uri)->buffer, uri );
return do_parse_uri( *ret_uri, 0 );
}
static void
release_parsed_uri( PARSED_URI uri )
{
if( uri )
{
URI_TUPLE r, r2;
for( r = uri->query; r; r = r2 ) {
r2 = r->next;
xfree( r );
}
xfree( uri );
}
}
static int
do_parse_uri( PARSED_URI uri, int only_local_part )
{
URI_TUPLE *tail;
char *p, *p2, *p3;
int n;
p = uri->buffer;
n = strlen( uri->buffer );
/* initialize all fields to an empty string or an empty list */
uri->scheme = uri->host = uri->path = p + n;
uri->port = 0;
uri->params = uri->query = NULL;
/* a quick validity check */
if( strspn( p, VALID_URI_CHARS) != n )
return G10ERR_BAD_URI; /* invalid characters found */
if( !only_local_part ) {
/* find the scheme */
if( !(p2 = strchr( p, ':' ) ) || p2 == p )
return G10ERR_BAD_URI; /* No scheme */
*p2++ = 0;
strlwr( p );
uri->scheme = p;
if(strcmp(uri->scheme,"http")==0)
uri->port = 80;
else
return G10ERR_INVALID_URI; /* Unsupported scheme */
p = p2;
/* find the hostname */
if( *p != '/' )
return G10ERR_INVALID_URI; /* does not start with a slash */
p++;
if( *p == '/' ) { /* there seems to be a hostname */
p++;
if( (p2 = strchr(p, '/')) )
*p2++ = 0;
/* Check for username/password encoding */
if((p3=strchr(p,'@')))
{
uri->auth=p;
*p3++='\0';
p=p3;
}
strlwr( p );
/* Handle a host of [IP] so that [IP:V6]:port works */
if( *p == '[' && (p3=strchr( p, ']' )) )
{
*p3++ = '\0';
/* worst case, uri->host should have length 0, points to \0 */
uri->host = p + 1;
p = p3;
}
else
uri->host = p;
if( (p3=strchr( p, ':' )) )
{
*p3++ = '\0';
uri->port = atoi( p3 );
}
if( (n = remove_escapes( uri->host )) < 0 )
return G10ERR_BAD_URI;
if( n != strlen( uri->host ) )
return G10ERR_BAD_URI; /* hostname with a Nul in it */
p = p2 ? p2 : NULL;
}
} /* end global URI part */
/* parse the pathname part */
if( !p || !*p ) /* we don't have a path */
return 0; /* and this is okay */
/* todo: here we have to check params */
/* do we have a query part */
if( (p2 = strchr( p, '?' )) )
*p2++ = 0;
uri->path = p;
if( (n = remove_escapes( p )) < 0 )
return G10ERR_BAD_URI;
if( n != strlen( p ) )
return G10ERR_BAD_URI; /* path with a Nul in it */
p = p2 ? p2 : NULL;
if( !p || !*p ) /* we don't have a query string */
return 0; /* okay */
/* now parse the query string */
tail = &uri->query;
for(;;) {
URI_TUPLE elem;
if( (p2 = strchr( p, '&' )) )
*p2++ = 0;
if( !(elem = parse_tuple( p )) )
return G10ERR_BAD_URI;
*tail = elem;
tail = &elem->next;
if( !p2 )
break; /* ready */
p = p2;
}
return 0;
}
/****************
* Remove all %xx escapes; this is done inplace.
* Returns: new length of the string.
*/
static int
remove_escapes( byte *string )
{
int n = 0;
byte *p, *s;
for(p=s=string; *s ; s++ ) {
if( *s == '%' ) {
if( s[1] && s[2] && isxdigit(s[1]) && isxdigit(s[2]) ) {
s++;
*p = *s >= '0' && *s <= '9' ? *s - '0' :
*s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10 ;
*p <<= 4;
s++;
*p |= *s >= '0' && *s <= '9' ? *s - '0' :
*s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10 ;
p++;
n++;
}
else {
*p++ = *s++;
if( *s )
*p++ = *s++;
if( *s )
*p++ = *s++;
if( *s )
*p = 0;
return -1; /* bad URI */
}
}
else
{
*p++ = *s;
n++;
}
}
*p = 0; /* always keep a string terminator */
return n;
}
static int
insert_escapes( byte *buffer, const byte *string, const byte *special )
{
int n = 0;
for( ; *string; string++ ) {
if( strchr( VALID_URI_CHARS, *string )
&& !strchr( special, *string ) ) {
if( buffer )
*buffer++ = *string;
n++;
}
else {
if( buffer ) {
sprintf( buffer, "%%%02X", *string );
buffer += 3;
}
n += 3;
}
}
return n;
}
static URI_TUPLE
parse_tuple( byte *string )
{
byte *p = string;
byte *p2;
int n;
URI_TUPLE tuple;
if( (p2 = strchr( p, '=' )) )
*p2++ = 0;
if( (n = remove_escapes( p )) < 0 )
return NULL; /* bad URI */
if( n != strlen( p ) )
return NULL; /* name with a Nul in it */
tuple = xmalloc_clear( sizeof *tuple );
tuple->name = p;
if( !p2 ) {
/* we have only the name, so we assume an empty value string */
tuple->value = p + strlen(p);
tuple->valuelen = 0;
}
else { /* name and value */
if( (n = remove_escapes( p2 )) < 0 ) {
xfree( tuple );
return NULL; /* bad URI */
}
tuple->value = p2;
tuple->valuelen = n;
}
return tuple;
}
/****************
* Send a HTTP request to the server
* Returns 0 if the request was successful
*/
static int
send_request( HTTP_HD hd, const char *auth, const char *proxy,
- const char *srvtag, STRLIST headers )
+ struct http_srv *srv, STRLIST headers )
{
const byte *server;
byte *request, *p;
ushort port;
int rc;
char *proxy_authstr=NULL,*authstr=NULL;
server = *hd->uri->host? hd->uri->host : "localhost";
port = hd->uri->port? hd->uri->port : 80;
if(proxy && *proxy)
{
PARSED_URI uri;
rc = parse_uri( &uri, proxy );
if (rc)
{
log_error("invalid HTTP proxy (%s): %s\n",proxy,g10_errstr(rc));
release_parsed_uri( uri );
return G10ERR_NETWORK;
}
hd->sock = connect_server( *uri->host? uri->host : "localhost",
- uri->port? uri->port : 80, 0, NULL );
+ uri->port? uri->port : 80, 0, srv );
if(uri->auth)
{
char *x;
remove_escapes(uri->auth);
x=make_radix64_string(uri->auth,strlen(uri->auth));
proxy_authstr=xmalloc(52+strlen(x));
sprintf(proxy_authstr,"Proxy-Authorization: Basic %s\r\n",x);
xfree(x);
}
release_parsed_uri( uri );
}
else
- hd->sock = connect_server( server, port, hd->flags, srvtag );
+ hd->sock = connect_server( server, port, hd->flags, srv );
if(auth || hd->uri->auth)
{
char *x,*tempauth=NULL;
if(auth)
{
tempauth=xstrdup(auth);
remove_escapes(tempauth);
}
else if(hd->uri->auth)
remove_escapes(hd->uri->auth);
x=make_radix64_string(tempauth?tempauth:hd->uri->auth,
strlen(tempauth?tempauth:hd->uri->auth));
authstr=xmalloc(52+strlen(x));
sprintf(authstr,"Authorization: Basic %s\r\n",x);
xfree(x);
xfree(tempauth);
}
if( hd->sock == -1 )
return G10ERR_NETWORK;
p = build_rel_path( hd->uri );
request=xmalloc(strlen(server)*2 + strlen(p)
+ (authstr?strlen(authstr):0)
+ (proxy_authstr?strlen(proxy_authstr):0) + 65);
if( proxy && *proxy )
sprintf( request, "%s http://%s:%hu%s%s HTTP/1.0\r\n%s%s",
hd->req_type == HTTP_REQ_GET ? "GET" :
hd->req_type == HTTP_REQ_HEAD? "HEAD":
hd->req_type == HTTP_REQ_POST? "POST": "OOPS",
server, port, *p == '/'? "":"/", p,
authstr?authstr:"",proxy_authstr?proxy_authstr:"" );
else
{
char portstr[15];
if(port!=80)
sprintf(portstr,":%u",port);
sprintf( request, "%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s",
hd->req_type == HTTP_REQ_GET ? "GET" :
hd->req_type == HTTP_REQ_HEAD? "HEAD":
hd->req_type == HTTP_REQ_POST? "POST": "OOPS",
*p == '/'? "":"/", p, server, (port!=80)?portstr:"",
authstr?authstr:"");
}
xfree(p);
rc = write_server( hd->sock, request, strlen(request) );
if(rc==0)
for(;headers;headers=headers->next)
{
rc = write_server( hd->sock, headers->d, strlen(headers->d) );
if(rc)
break;
rc = write_server( hd->sock, "\r\n", 2 );
if(rc)
break;
}
xfree( request );
xfree(proxy_authstr);
xfree(authstr);
return rc;
}
/****************
* Build the relative path from the parsed URI.
* Minimal implementation.
*/
static byte*
build_rel_path( PARSED_URI uri )
{
URI_TUPLE r;
byte *rel_path, *p;
int n;
/* count the needed space */
n = insert_escapes( NULL, uri->path, "%;?&" );
/* todo: build params */
for( r=uri->query; r; r = r->next ) {
n++; /* '?'/'&' */
n += insert_escapes( NULL, r->name, "%;?&=" );
n++; /* '='*/
n += insert_escapes( NULL, r->value, "%;?&=" );
}
n++;
/* now allocate and copy */
p = rel_path = xmalloc( n );
n = insert_escapes( p, uri->path, "%;?&" );
p += n;
/* todo: add params */
for( r=uri->query; r; r = r->next ) {
*p++ = r == uri->query? '?':'&';
n = insert_escapes( p, r->name, "%;?&=" );
p += n;
*p++ = '=';
/* todo: use valuelen */
n = insert_escapes( p, r->value, "%;?&=" );
p += n;
}
*p = 0;
return rel_path;
}
/***********************
* Parse the response from a server.
* Returns: errorcode and sets some fileds in the handle
*/
static int
parse_response( HTTP_HD hd )
{
byte *line, *p, *p2;
unsigned maxlen, len;
/* Wait for the status line */
do {
maxlen = MAX_LINELEN;
len = iobuf_read_line( hd->fp_read, &hd->buffer,
&hd->buffer_size, &maxlen );
line = hd->buffer;
if( !maxlen )
return -1; /* line has been truncated */
if( !len )
return -1; /* eof */
} while( !*line );
if( (p = strchr( line, '/')) )
*p++ = 0;
if( !p || strcmp( line, "HTTP" ) )
return 0; /* assume http 0.9 */
if( (p2 = strpbrk( p, " \t" ) ) ) {
*p2++ = 0;
p2 += strspn( p2, " \t" );
}
if( !p2 )
return 0; /* assume http 0.9 */
p = p2;
/* todo: add HTTP version number check here */
if( (p2 = strpbrk( p, " \t" ) ) )
*p2++ = 0;
if( !isdigit(p[0]) || !isdigit(p[1]) || !isdigit(p[2]) || p[3] ) {
/* malformed HTTP statuscode - assume HTTP 0.9 */
hd->is_http_0_9 = 1;
hd->status_code = 200;
return 0;
}
hd->status_code = atoi( p );
/* skip all the header lines and wait for the empty line */
do {
maxlen = MAX_LINELEN;
len = iobuf_read_line( hd->fp_read, &hd->buffer,
&hd->buffer_size, &maxlen );
line = hd->buffer;
/* we ignore truncated lines */
if( !len )
return -1; /* eof */
/* time lineendings */
if( (*line == '\r' && line[1] == '\n') || *line == '\n' )
*line = 0;
} while( len && *line );
return 0;
}
#ifdef TEST
static int
start_server(void)
{
struct sockaddr_in mya;
struct sockaddr_in peer;
int fd, client;
fd_set rfds;
int addrlen;
int i;
if( (fd=socket(AF_INET,SOCK_STREAM, 0)) == -1 ) {
log_error("socket() failed: %s\n", strerror(errno));
return -1;
}
i = 1;
if( setsockopt( fd, SOL_SOCKET, SO_REUSEADDR, (byte*)&i, sizeof(i) ) )
log_info("setsockopt(SO_REUSEADDR) failed: %s\n", strerror(errno) );
mya.sin_family=AF_INET;
memset(&mya.sin_addr, 0, sizeof(mya.sin_addr));
mya.sin_port=htons(11371);
if( bind( fd, (struct sockaddr *)&mya, sizeof(mya)) ) {
log_error("bind to port 11371 failed: %s\n", strerror(errno) );
sock_close( fd );
return -1;
}
if( listen( fd, 5 ) ) {
log_error("listen failed: %s\n", strerror(errno) );
sock_close( fd );
return -1;
}
for(;;) {
FD_ZERO(&rfds);
FD_SET( fd, &rfds );
if( select( fd+1, &rfds, NULL, NULL, NULL) <= 0 )
continue; /* ignore any errors */
if( !FD_ISSET( fd, &rfds ) )
continue;
addrlen = sizeof peer;
client = accept( fd, (struct sockaddr *)&peer, &addrlen);
if( client == -1 )
continue; /* oops */
log_info("connect from %s\n", inet_ntoa( peer.sin_addr ) );
fflush(stdout);
fflush(stderr);
if( !fork() ) {
int c;
FILE *fp;
fp = fdopen( client , "r" );
while( (c=getc(fp)) != EOF )
putchar(c);
fclose(fp);
exit(0);
}
sock_close( client );
}
return 0;
}
#endif
static int
connect_server( const char *server, ushort port, unsigned int flags,
- const char *srvtag )
+ struct http_srv *srv )
{
- int sock=-1,srv,srvcount=0,connected=0,hostfound=0;
+ int sock=-1, srvindex, srvcount=0, connected=0, hostfound=0, chosen=-1;
struct srventry *srvlist=NULL;
#ifdef _WIN32
unsigned long inaddr;
init_sockets();
/* Win32 gethostbyname doesn't handle IP addresses internally, so we
try inet_addr first on that platform only. */
if((inaddr=inet_addr(server))!=INADDR_NONE)
{
struct sockaddr_in addr;
memset(&addr,0,sizeof(addr));
if((sock=socket(AF_INET,SOCK_STREAM,0))==INVALID_SOCKET)
{
log_error("error creating socket: ec=%d\n",(int)WSAGetLastError());
return -1;
}
addr.sin_family=AF_INET;
addr.sin_port=htons(port);
memcpy(&addr.sin_addr,&inaddr,sizeof(inaddr));
if(connect(sock,(struct sockaddr *)&addr,sizeof(addr))==0)
return sock;
else
{
sock_close(sock);
return -1;
}
}
#endif
#ifdef USE_DNS_SRV
/* Do the SRV thing */
- if(srvtag)
+ if(srv && srv->srvtag)
{
/* We're using SRV, so append the tags */
- if(1+strlen(srvtag)+6+strlen(server)+1<=MAXDNAME)
+ if(1+strlen(srv->srvtag)+6+strlen(server)+1<=MAXDNAME)
{
char srvname[MAXDNAME];
strcpy(srvname,"_");
- strcat(srvname,srvtag);
+ strcat(srvname,srv->srvtag);
strcat(srvname,"._tcp.");
strcat(srvname,server);
srvcount=getsrv(srvname,&srvlist);
}
}
#endif
if(srvlist==NULL)
{
/* Either we're not using SRV, or the SRV lookup failed. Make
up a fake SRV record. */
srvlist=calloc(1,sizeof(struct srventry));
if(!srvlist)
return -1;
srvlist->port=port;
strncpy(srvlist->target,server,MAXDNAME);
srvlist->target[MAXDNAME-1]='\0';
srvcount=1;
}
#ifdef HAVE_GETADDRINFO
- for(srv=0;srv<srvcount;srv++)
+ for(srvindex=0;srvindex<srvcount;srvindex++)
{
struct addrinfo hints,*res,*ai;
char portstr[6];
- sprintf(portstr,"%u",srvlist[srv].port);
+ sprintf(portstr,"%u",srvlist[srvindex].port);
memset(&hints,0,sizeof(hints));
hints.ai_socktype=SOCK_STREAM;
- if(getaddrinfo(srvlist[srv].target,portstr,&hints,&res)==0)
+ if(getaddrinfo(srvlist[srvindex].target,portstr,&hints,&res)==0)
hostfound=1;
else
continue;
for(ai=res;ai;ai=ai->ai_next)
{
if((sock=socket(ai->ai_family,ai->ai_socktype,ai->ai_protocol))==-1)
{
log_error("error creating socket: %s\n",strerror(errno));
freeaddrinfo(res);
return -1;
}
if(connect(sock,ai->ai_addr,ai->ai_addrlen)==0)
{
connected=1;
+ chosen = srvindex;
break;
}
sock_close(sock);
}
freeaddrinfo(res);
if(ai)
break;
}
#else /* !HAVE_GETADDRINFO */
- for(srv=0;srv<srvcount;srv++)
+ for(srvindex=0; srvindex < srvcount; srv++)
{
int i=0;
struct hostent *host=NULL;
struct sockaddr_in addr;
memset(&addr,0,sizeof(addr));
- if((host=gethostbyname(srvlist[srv].target))==NULL)
+ if((host=gethostbyname(srvlist[srvindex].target))==NULL)
continue;
hostfound=1;
if((sock=socket(host->h_addrtype,SOCK_STREAM,0))==-1)
{
log_error("error creating socket: %s\n",strerror(errno));
return -1;
}
addr.sin_family=host->h_addrtype;
if(addr.sin_family!=AF_INET)
{
- log_error("%s: unknown address family\n",srvlist[srv].target);
+ log_error("%s: unknown address family\n",srvlist[srvindex].target);
return -1;
}
- addr.sin_port=htons(srvlist[srv].port);
+ addr.sin_port=htons(srvlist[srvindex].port);
/* Try all A records until one responds. */
while(host->h_addr_list[i])
{
if(host->h_length!=4)
{
- log_error("%s: illegal address length\n",srvlist[srv].target);
+ log_error("%s: illegal address length\n",srvlist[srvindex].target);
return -1;
}
memcpy(&addr.sin_addr,host->h_addr_list[i],host->h_length);
if(connect(sock,(struct sockaddr *)&addr,sizeof(addr))==0)
{
connected=1;
+ chosen = srvindex;
break;
}
i++;
}
if(host->h_addr_list[i])
break;
sock_close(sock);
}
#endif /* !HAVE_GETADDRINFO */
+ if(chosen>-1 && srv)
+ {
+ srv->used_server = strdup (srvlist[chosen].target);
+ srv->used_port = srvlist[chosen].port;
+ }
+
free(srvlist);
if(!connected)
{
int err=errno;
#ifdef _WIN32
if(hostfound)
log_error("%s: Unable to connect: ec=%d\n",server,(int)WSAGetLastError());
else
log_error("%s: Host not found: ec=%d\n",server,(int)WSAGetLastError());
#else
if(hostfound)
log_error("%s: %s\n",server,strerror(err));
else
log_error("%s: Host not found\n",server);
#endif
if(sock!=-1)
sock_close(sock);
errno=err;
return -1;
}
return sock;
}
static int
write_server( int sock, const char *data, size_t length )
{
int nleft;
nleft = length;
while( nleft > 0 ) {
#ifdef _WIN32
int nwritten;
nwritten = send (sock, data, nleft, 0);
if ( nwritten == SOCKET_ERROR ) {
log_info ("write failed: ec=%d\n", (int)WSAGetLastError ());
return G10ERR_NETWORK;
}
#else
int nwritten = write( sock, data, nleft );
if( nwritten == -1 ) {
if( errno == EINTR )
continue;
if( errno == EAGAIN ) {
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 50000;
select(0, NULL, NULL, NULL, &tv);
continue;
}
log_info("write failed: %s\n", strerror(errno));
return G10ERR_NETWORK;
}
#endif
nleft -=nwritten;
data += nwritten;
}
return 0;
}
/**** Test code ****/
#ifdef TEST
int
main(int argc, char **argv)
{
int rc;
PARSED_URI uri;
URI_TUPLE r;
struct http_context hd;
int c;
log_set_name("http-test");
if( argc == 1 ) {
start_server();
return 0;
}
if( argc != 2 ) {
fprintf(stderr,"usage: http-test uri\n");
return 1;
}
argc--; argv++;
rc = parse_uri( &uri, *argv );
if( rc ) {
log_error("`%s': %s\n", *argv, g10_errstr(rc));
release_parsed_uri( uri );
return 1;
}
printf("Scheme: %s\n", uri->scheme );
printf("Host : %s\n", uri->host );
printf("Port : %u\n", uri->port );
printf("Path : %s\n", uri->path );
for( r=uri->params; r; r = r->next ) {
printf("Params: %s=%s", r->name, r->value );
if( strlen( r->value ) != r->valuelen )
printf(" [real length=%d]", (int)r->valuelen );
putchar('\n');
}
for( r=uri->query; r; r = r->next ) {
printf("Query : %s=%s", r->name, r->value );
if( strlen( r->value ) != r->valuelen )
printf(" [real length=%d]", (int)r->valuelen );
putchar('\n');
}
release_parsed_uri( uri ); uri = NULL;
rc = http_open_document( &hd, *argv, NULL, 0, NULL, NULL, NULL );
if( rc ) {
log_error("can't get `%s': %s\n", *argv, g10_errstr(rc));
return 1;
}
log_info("open_http_document succeeded; status=%u\n", hd.status_code );
while( (c=iobuf_get( hd.fp_read)) != -1 )
putchar(c);
http_close( &hd );
return 0;
}
#endif /*TEST*/

File Metadata

Mime Type
text/x-diff
Expires
Sat, May 10, 8:59 AM (1 d, 5 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
75/72/d0a311a6579e47a8115b33353324

Event Timeline