Line data Source code
1 : /* ks-engine-http.c - HTTP OpenPGP key access
2 : * Copyright (C) 2011 Free Software Foundation, Inc.
3 : *
4 : * This file is part of GnuPG.
5 : *
6 : * GnuPG is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU General Public License as published by
8 : * the Free Software Foundation; either version 3 of the License, or
9 : * (at your option) any later version.
10 : *
11 : * GnuPG is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU General Public License
17 : * along with this program; if not, see <https://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include <config.h>
21 :
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <assert.h>
26 :
27 : #include "dirmngr.h"
28 : #include "misc.h"
29 : #include "ks-engine.h"
30 :
31 : /* How many redirections do we allow. */
32 : #define MAX_REDIRECTS 2
33 :
34 : /* Print a help output for the schemata supported by this module. */
35 : gpg_error_t
36 0 : ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
37 : {
38 0 : const char const data[] =
39 : "Handler for HTTP URLs:\n"
40 : " http://\n"
41 : #if HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
42 : " https://\n"
43 : #endif
44 : "Supported methods: fetch\n";
45 : gpg_error_t err;
46 :
47 : #if HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
48 0 : const char data2[] = " http\n https";
49 : #else
50 : const char data2[] = " http";
51 : #endif
52 :
53 0 : if (!uri)
54 0 : err = ks_print_help (ctrl, data2);
55 0 : else if (uri->is_http && strcmp (uri->scheme, "hkp"))
56 0 : err = ks_print_help (ctrl, data);
57 : else
58 0 : err = 0;
59 :
60 0 : return err;
61 : }
62 :
63 :
64 : /* Get the key from URL which is expected to specify a http style
65 : scheme. On success R_FP has an open stream to read the data. */
66 : gpg_error_t
67 0 : ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
68 : {
69 : gpg_error_t err;
70 0 : http_session_t session = NULL;
71 0 : http_t http = NULL;
72 0 : int redirects_left = MAX_REDIRECTS;
73 0 : estream_t fp = NULL;
74 0 : char *request_buffer = NULL;
75 :
76 : once_more:
77 : /* Note that we only use the system provided certificates with the
78 : * fetch command. */
79 0 : err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS);
80 0 : if (err)
81 0 : goto leave;
82 0 : http_session_set_log_cb (session, cert_log_cb);
83 :
84 0 : *r_fp = NULL;
85 0 : err = http_open (&http,
86 : HTTP_REQ_GET,
87 : url,
88 : /* httphost */ NULL,
89 : /* fixme: AUTH */ NULL,
90 0 : ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
91 0 : | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
92 0 : ctrl->http_proxy,
93 : session,
94 : NULL,
95 : /*FIXME curl->srvtag*/NULL);
96 0 : if (!err)
97 : {
98 0 : fp = http_get_write_ptr (http);
99 : /* Avoid caches to get the most recent copy of the key. We set
100 : both the Pragma and Cache-Control versions of the header, so
101 : we're good with both HTTP 1.0 and 1.1. */
102 0 : es_fputs ("Pragma: no-cache\r\n"
103 : "Cache-Control: no-cache\r\n", fp);
104 0 : http_start_data (http);
105 0 : if (es_ferror (fp))
106 0 : err = gpg_error_from_syserror ();
107 : }
108 0 : if (err)
109 : {
110 : /* Fixme: After a redirection we show the old host name. */
111 0 : log_error (_("error connecting to '%s': %s\n"),
112 : url, gpg_strerror (err));
113 0 : goto leave;
114 : }
115 :
116 : /* Wait for the response. */
117 0 : dirmngr_tick (ctrl);
118 0 : err = http_wait_response (http);
119 0 : if (err)
120 : {
121 0 : log_error (_("error reading HTTP response for '%s': %s\n"),
122 : url, gpg_strerror (err));
123 0 : goto leave;
124 : }
125 :
126 0 : switch (http_get_status_code (http))
127 : {
128 : case 200:
129 0 : err = 0;
130 0 : break; /* Success. */
131 :
132 : case 301:
133 : case 302:
134 : case 307:
135 : {
136 0 : const char *s = http_get_header (http, "Location");
137 :
138 0 : log_info (_("URL '%s' redirected to '%s' (%u)\n"),
139 : url, s?s:"[none]", http_get_status_code (http));
140 0 : if (s && *s && redirects_left-- )
141 : {
142 0 : xfree (request_buffer);
143 0 : request_buffer = xtrystrdup (s);
144 0 : if (request_buffer)
145 : {
146 0 : url = request_buffer;
147 0 : http_close (http, 0);
148 0 : http = NULL;
149 0 : http_session_release (session);
150 0 : goto once_more;
151 : }
152 0 : err = gpg_error_from_syserror ();
153 : }
154 : else
155 0 : err = gpg_error (GPG_ERR_NO_DATA);
156 0 : log_error (_("too many redirections\n"));
157 : }
158 0 : goto leave;
159 :
160 : default:
161 0 : log_error (_("error accessing '%s': http status %u\n"),
162 : url, http_get_status_code (http));
163 0 : err = gpg_error (GPG_ERR_NO_DATA);
164 0 : goto leave;
165 : }
166 :
167 0 : fp = http_get_read_ptr (http);
168 0 : if (!fp)
169 : {
170 0 : err = gpg_error (GPG_ERR_BUG);
171 0 : goto leave;
172 : }
173 :
174 : /* Return the read stream and close the HTTP context. */
175 0 : *r_fp = fp;
176 0 : http_close (http, 1);
177 0 : http = NULL;
178 :
179 : leave:
180 0 : http_close (http, 0);
181 0 : http_session_release (session);
182 0 : xfree (request_buffer);
183 0 : return err;
184 : }
|