dirmngr: Forward http redirect warnings to gpg.
authorWerner Koch <wk@gnupg.org>
Mon, 18 Nov 2019 16:22:45 +0000 (17:22 +0100)
committerWerner Koch <wk@gnupg.org>
Mon, 18 Nov 2019 17:24:02 +0000 (18:24 +0100)
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--

This should make it easier to diagnose problems with bad WKD servers.

Signed-off-by: Werner Koch <wk@gnupg.org>
dirmngr/http.c
dirmngr/http.h
dirmngr/ks-engine-hkp.c
dirmngr/ks-engine-http.c
g10/call-dirmngr.c

index c6dc077..56399a2 100644 (file)
 #include "../common/i18n.h"
 #include "../common/sysutils.h" /* (gnupg_fd_t) */
 #include "dns-stuff.h"
+#include "dirmngr-status.h"    /* (dirmngr_status_printf)  */
 #include "http.h"
 #include "http-common.h"
 
@@ -3634,13 +3635,23 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
    * https address. */
   if (info->orig_onion && !locuri->onion)
     {
+      dirmngr_status_printf (info->ctrl, "WARNING",
+                             "http_redirect %u"
+                             " redirect from onion to non-onion address"
+                             " rejected",
+                             err);
       http_release_parsed_uri (locuri);
       return gpg_error (GPG_ERR_FORBIDDEN);
     }
   if (!info->allow_downgrade && info->orig_https && !locuri->use_tls)
     {
+      err = gpg_error (GPG_ERR_FORBIDDEN);
+      dirmngr_status_printf (info->ctrl, "WARNING",
+                             "http_redirect %u"
+                             " redirect '%s' to '%s' rejected",
+                             err, info->orig_url, location);
       http_release_parsed_uri (locuri);
-      return gpg_error (GPG_ERR_FORBIDDEN);
+      return err;
     }
 
   if (info->trust_location)
@@ -3720,6 +3731,10 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
       http_release_parsed_uri (locuri);
       if (!info->silent)
         log_info (_("redirection changed to '%s'\n"), newurl);
+      dirmngr_status_printf (info->ctrl, "WARNING",
+                             "http_redirect_cleanup %u"
+                             " changed from '%s' to '%s'",
+                             0, info->orig_url, newurl);
     }
 
   *r_url = newurl;
index 492e867..0154637 100644 (file)
@@ -32,6 +32,7 @@
 #define GNUPG_COMMON_HTTP_H
 
 #include <gpg-error.h>
+#include "../common/fwddecl.h"
 
 struct uri_tuple_s
 {
@@ -106,6 +107,7 @@ typedef struct http_context_s *http_t;
 struct http_redir_info_s
 {
   unsigned int redirects_left;   /* Number of still possible redirects.    */
+  ctrl_t ctrl;                   /* The usual connection info or NULL.     */
   const char *orig_url;          /* The original requested URL.            */
   unsigned int orig_onion:1;     /* Original request was an onion address. */
   unsigned int orig_https:1;     /* Original request was a http address.   */
index f8814ec..653e164 100644 (file)
@@ -1215,6 +1215,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
   err = http_parse_uri (&uri, request, 0);
   if (err)
     goto leave;
+  redirinfo.ctrl       = ctrl;
   redirinfo.orig_url   = request;
   redirinfo.orig_onion = uri->onion;
   redirinfo.allow_downgrade = 1;
index a84a3a1..007bbc9 100644 (file)
@@ -82,6 +82,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
   err = http_parse_uri (&uri, url, 0);
   if (err)
     goto leave;
+  redirinfo.ctrl       = ctrl;
   redirinfo.orig_url   = url;
   redirinfo.orig_onion = uri->onion;
   redirinfo.orig_https = uri->use_tls;
index 8f83c08..58829c7 100644 (file)
@@ -414,6 +414,10 @@ ks_status_cb (void *opaque, const char *line)
         warn = _("Tor is not properly configured");
       else if ((s2 = has_leading_keyword (s, "dns_config_problem")))
         warn = _("DNS is not properly configured");
+      else if ((s2 = has_leading_keyword (s, "http_redirect")))
+        warn = _("unacceptable HTTP redirect from server");
+      else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup")))
+        warn = _("unacceptable HTTP redirect from server was cleaned up");
       else
         warn = NULL;