Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp/dist Various minor changes to net...
details: https://anonhg.NetBSD.org/src/rev/e616983964d3
branches: trunk
changeset: 757508:e616983964d3
user: agc <agc%NetBSD.org@localhost>
date: Wed Sep 01 17:25:57 2010 +0000
description:
Various minor changes to netpgp:
+ be smarter when checking for a null id
+ add test for rubbish being returned when listing specific keys in netpgpkeys(1)
+ take the public key from the pubring, not the secring when exporting
keys
+ allow hkpd to serve ssh keys in pgp format
+ test on whether a seckey is needed, not on a userid needed, for ssh keys
diffstat:
crypto/external/bsd/netpgp/dist/src/hkpd/Makefile | 10 ++-
crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c | 49 +++++++++-----
crypto/external/bsd/netpgp/dist/src/hkpd/main.c | 6 +-
crypto/external/bsd/netpgp/dist/src/lib/create.c | 11 +--
crypto/external/bsd/netpgp/dist/src/lib/keyring.c | 7 +-
crypto/external/bsd/netpgp/dist/src/lib/netpgp.c | 4 +-
crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c | 21 +++++-
crypto/external/bsd/netpgp/dist/src/netpgpverify/verify.c | 3 +-
crypto/external/bsd/netpgp/dist/tst | 5 +-
9 files changed, 78 insertions(+), 38 deletions(-)
diffs (truncated from 389 to 300 lines):
diff -r bd743e426883 -r e616983964d3 crypto/external/bsd/netpgp/dist/src/hkpd/Makefile
--- a/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile Wed Sep 01 17:06:00 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile Wed Sep 01 17:25:57 2010 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2010/03/16 00:22:52 agc Exp $
+# $NetBSD: Makefile,v 1.3 2010/09/01 17:25:57 agc Exp $
PROG=hkpd
SRCS=hkpd.c main.c
@@ -9,3 +9,11 @@
WARNS=0 # anything over 0 will fail at the link stage with IDEA errors
.include <bsd.prog.mk>
+
+t: ${PROG}
+ ./${PROG} -D &
+ sleep 1
+ ftp -o- 'http://localhost:11371/pks/lookup?op=index&search=agc&options=json'
+ ftp -o- 'http://localhost:11371/pks/lookup?op=get&search=agc&options=json'
+ ftp -o- 'http://localhost:11371/pks/lookup?op=get&search=agc&options=mr'
+ pkill hkpd
diff -r bd743e426883 -r e616983964d3 crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c
--- a/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c Wed Sep 01 17:06:00 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c Wed Sep 01 17:25:57 2010 +0000
@@ -31,7 +31,6 @@
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/stat.h>
-#include <sys/param.h>
#include <sys/select.h>
#include <netinet/in.h>
@@ -78,7 +77,7 @@
/* make into html */
static int
-htmlify(char *buf, size_t size, const int code, const int get, const char *title, const int mr, const char *body)
+htmlify(char *buf, size_t size, const int code, const int get, const char *title, const char *out, const char *body)
{
return snprintf(buf, size,
"%s %d %s\r\n"
@@ -90,13 +89,13 @@
HKP_HTTP_LEVEL, code, (code == HKP_SUCCESS) ? "OK" : "not found",
HKP_NAME, HKPD_VERSION,
(get) ? HKP_MIME_GET : HKP_MIME_INDEX,
- (get || !mr) ? "" : HKP_MACHREAD,
+ (get || strcmp(out, "mr") != 0) ? "" : HKP_MACHREAD,
body);
}
/* send the response now */
static int
-response(int sock, const int code, const char *search, const int get, char *buf, int cc, int mr)
+response(int sock, const int code, const char *search, const int get, char *buf, int cc, const char *out)
{
char outbuf[1024 * 512];
char item[BUFSIZ];
@@ -109,13 +108,13 @@
"Error handling request: No keys found for '%s'\r\n", search);
n = htmlify(outbuf, sizeof(outbuf), code, get,
"Error handling request\r\n",
- mr,
+ out,
item);
} else {
(void) snprintf(item, sizeof(item), "Search results for '%s'", search);
n = htmlify(outbuf, sizeof(outbuf), code, get,
item,
- mr,
+ out,
buf);
}
for (tot = 0 ; (wc = write(sock, &outbuf[tot], n - tot)) > 0 && tot < n ; tot += wc) {
@@ -203,20 +202,20 @@
struct sockaddr_in from;
regmatch_t searchmatches[10];
regmatch_t opmatches[10];
- regmatch_t mrmatch[3];
+ regmatch_t fmtmatch[3];
socklen_t fromlen;
- regex_t machreadterm;
regex_t searchterm;
+ regex_t fmtterm;
regex_t opterm;
regex_t get;
fd_set sockets;
char search[BUFSIZ];
char buf[BUFSIZ];
char *cp;
+ char fmt[10];
int newsock;
int sock;
int code;
- int mr;
int ok;
int cc;
int n;
@@ -225,12 +224,12 @@
#define HTTPGET "GET /pks/lookup\\?"
#define OPTERM "op=([a-zA-Z]+)"
#define SEARCHTERM "search=([^ \t&]+)"
-#define MACHREAD "options=mr"
+#define FMT "options=(mr|json)"
(void) regcomp(&get, HTTPGET, REG_EXTENDED);
(void) regcomp(&opterm, OPTERM, REG_EXTENDED);
(void) regcomp(&searchterm, SEARCHTERM, REG_EXTENDED);
- (void) regcomp(&machreadterm, MACHREAD, REG_EXTENDED);
+ (void) regcomp(&fmtterm, FMT, REG_EXTENDED);
if (sock4 >= 0) {
listen(sock4, 32);
}
@@ -265,8 +264,12 @@
(void) fprintf(stderr, "no operation in request\n");
ok = 0;
}
- if (ok) {
- mr = (regexec(&machreadterm, buf, 3, mrmatch, 0) == 0);
+ if (ok && regexec(&fmtterm, buf, 3, fmtmatch, 0) == 0) {
+ (void) snprintf(fmt, sizeof(fmt), "%.*s",
+ (int)(fmtmatch[1].rm_eo - fmtmatch[1].rm_so),
+ &buf[(int)fmtmatch[1].rm_so]);
+ } else {
+ fmt[0] = 0x0;
}
if (ok && regexec(&searchterm, buf, 10, searchmatches, 0) != 0) {
(void) fprintf(stderr, "no search term in request\n");
@@ -286,26 +289,36 @@
if (strncmp(&buf[opmatches[1].rm_so], "vindex", 6) == 0) {
cc = 0;
netpgp_setvar(netpgp, "subkey sigs", "yes");
- if ((cp = netpgp_get_key(netpgp, search, (mr) ? "mr" : "")) != NULL) {
+ if (strcmp(fmt, "json") == 0) {
+ if (netpgp_match_keys_json(netpgp, &cp, search, "human", 1)) {
+ cc = strlen(cp);
+ code = HKP_SUCCESS;
+ }
+ } else if ((cp = netpgp_get_key(netpgp, search, fmt)) != NULL) {
cc = strlen(cp);
code = HKP_SUCCESS;
}
- response(newsock, code, search, 0, cp, cc, mr);
+ response(newsock, code, search, 0, cp, cc, fmt);
netpgp_unsetvar(netpgp, "subkey sigs");
} else if (strncmp(&buf[opmatches[1].rm_so], "index", 5) == 0) {
cc = 0;
netpgp_unsetvar(netpgp, "subkey sigs");
- if ((cp = netpgp_get_key(netpgp, search, (mr) ? "mr" : "")) != NULL) {
+ if (strcmp(fmt, "json") == 0) {
+ if (netpgp_match_keys_json(netpgp, &cp, search, "human", 0)) {
+ cc = strlen(cp);
+ code = HKP_SUCCESS;
+ }
+ } else if ((cp = netpgp_get_key(netpgp, search, fmt)) != NULL) {
cc = strlen(cp);
code = HKP_SUCCESS;
}
- response(newsock, code, search, 0, cp, cc, mr);
+ response(newsock, code, search, 0, cp, cc, fmt);
} else if (strncmp(&buf[opmatches[1].rm_so], "get", 3) == 0) {
if ((cp = netpgp_export_key(netpgp, search)) != NULL) {
cc = strlen(cp);
code = HKP_SUCCESS;
}
- response(newsock, code, search, 1, cp, cc, mr);
+ response(newsock, code, search, 1, cp, cc, fmt);
}
free(cp);
(void) close(newsock);
diff -r bd743e426883 -r e616983964d3 crypto/external/bsd/netpgp/dist/src/hkpd/main.c
--- a/crypto/external/bsd/netpgp/dist/src/hkpd/main.c Wed Sep 01 17:06:00 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/hkpd/main.c Wed Sep 01 17:25:57 2010 +0000
@@ -92,7 +92,7 @@
host = strdup("localhost");
daemonise = 1;
family = strdup("46");
- while ((i = getopt(argc, argv, "DH:Vf:h:p:v:")) != -1) {
+ while ((i = getopt(argc, argv, "DH:S:Vf:h:p:v:")) != -1) {
switch(i) {
case 'D':
daemonise = 0;
@@ -100,6 +100,10 @@
case 'H':
set_homedir(&netpgp, optarg, NULL, 0);
break;
+ case 'S':
+ netpgp_setvar(&netpgp, "ssh keys", "1");
+ netpgp_setvar(&netpgp, "sshkeyfile", optarg);
+ break;
case 'V':
printf("%s: Version %d\n", *argv, HKPD_VERSION);
exit(EXIT_SUCCESS);
diff -r bd743e426883 -r e616983964d3 crypto/external/bsd/netpgp/dist/src/lib/create.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/create.c Wed Sep 01 17:06:00 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/create.c Wed Sep 01 17:25:57 2010 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.33 2010/08/15 07:52:26 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.34 2010/09/01 17:25:57 agc Exp $");
#endif
#include <sys/types.h>
@@ -271,7 +271,7 @@
/*
* Note that we support v3 keys here because they're needed for
- * verification - the writer doesn't allow them, though
+ * verification.
*/
static unsigned
write_seckey_body(const __ops_seckey_t *key,
@@ -480,11 +480,6 @@
static unsigned
write_struct_pubkey(__ops_output_t *output, const __ops_pubkey_t *key)
{
- if (key->version != 4) {
- (void) fprintf(stderr,
- "write_struct_pubkey: wrong key version\n");
- return 0;
- }
return __ops_write_ptag(output, OPS_PTAG_CT_PUBLIC_KEY) &&
__ops_write_length(output, 1 + 4 + 1 + pubkey_length(key)) &&
write_pubkey_body(key, output);
@@ -513,7 +508,7 @@
__ops_writer_push_armoured(output, OPS_PGP_PUBLIC_KEY_BLOCK);
}
/* public key */
- if (!write_struct_pubkey(output, &key->key.seckey.pubkey)) {
+ if (!write_struct_pubkey(output, &key->key.pubkey)) {
return 0;
}
diff -r bd743e426883 -r e616983964d3 crypto/external/bsd/netpgp/dist/src/lib/keyring.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Wed Sep 01 17:06:00 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/keyring.c Wed Sep 01 17:25:57 2010 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: keyring.c,v 1.45 2010/09/01 06:20:23 agc Exp $");
+__RCSID("$NetBSD: keyring.c,v 1.46 2010/09/01 17:25:57 agc Exp $");
#endif
#ifdef HAVE_FCNTL_H
@@ -821,6 +821,9 @@
__ops_getkeybyid(__ops_io_t *io, const __ops_keyring_t *keyring,
const uint8_t *keyid, unsigned *from, __ops_pubkey_t **pubkey)
{
+ uint8_t nullid[OPS_KEY_ID_SIZE];
+
+ (void) memset(nullid, 0x0, sizeof(nullid));
for ( ; keyring && *from < keyring->keyc; *from += 1) {
if (__ops_get_debug_level(__FILE__)) {
hexdump(io->errs, "keyring keyid", keyring->keys[*from].sigid, OPS_KEY_ID_SIZE);
@@ -834,7 +837,7 @@
}
return &keyring->keys[*from];
}
- if (memcmp(&keyring->keys[*from].encid, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", OPS_KEY_ID_SIZE) == 0) {
+ if (memcmp(&keyring->keys[*from].encid, nullid, sizeof(nullid)) == 0) {
continue;
}
if (memcmp(&keyring->keys[*from].encid, keyid, OPS_KEY_ID_SIZE) == 0 ||
diff -r bd743e426883 -r e616983964d3 crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Wed Sep 01 17:06:00 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Wed Sep 01 17:25:57 2010 +0000
@@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.70 2010/09/01 06:20:23 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.71 2010/09/01 17:25:57 agc Exp $");
#endif
#include <sys/types.h>
@@ -575,7 +575,7 @@
}
} else {
last = (netpgp->pubring != NULL);
- if (!readsshkeys(netpgp, homedir, netpgp_getvar(netpgp, "need userid"))) {
+ if (!readsshkeys(netpgp, homedir, netpgp_getvar(netpgp, "need seckey"))) {
(void) fprintf(io->errs, "Can't read ssh keys\n");
return 0;
}
diff -r bd743e426883 -r e616983964d3 crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c
--- a/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c Wed Sep 01 17:06:00 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c Wed Sep 01 17:25:57 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: netpgp.c,v 1.13 2010/08/13 18:29:41 agc Exp $ */
+/* $NetBSD: netpgp.c,v 1.14 2010/09/01 17:25:57 agc Exp $ */
/*-
* Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -343,13 +343,22 @@
netpgp_setvar(netpgp, "coredumps", "allowed");
break;
case ENCRYPT:
+ /* for encryption, we need a userid */
Home |
Main Index |
Thread Index |
Old Index