/src/gnupg/g10/call-dirmngr.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* call-dirmngr.c - GPG operations to the Dirmngr. |
2 | | * Copyright (C) 2011 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2015 g10 Code GmbH |
4 | | * |
5 | | * This file is part of GnuPG. |
6 | | * |
7 | | * GnuPG is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation; either version 3 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * GnuPG is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
19 | | */ |
20 | | |
21 | | #include <config.h> |
22 | | #include <stdio.h> |
23 | | #include <stdlib.h> |
24 | | #include <string.h> |
25 | | #include <errno.h> |
26 | | #include <unistd.h> |
27 | | #include <time.h> |
28 | | #ifdef HAVE_LOCALE_H |
29 | | # include <locale.h> |
30 | | #endif |
31 | | |
32 | | #include "gpg.h" |
33 | | #include <assuan.h> |
34 | | #include "../common/util.h" |
35 | | #include "../common/membuf.h" |
36 | | #include "options.h" |
37 | | #include "../common/i18n.h" |
38 | | #include "../common/asshelp.h" |
39 | | #include "../common/status.h" |
40 | | #include "keyserver-internal.h" |
41 | | #include "call-dirmngr.h" |
42 | | |
43 | | |
44 | | /* Keys retrieved from the web key directory should be small. There |
45 | | * is only one UID and we can expect that the number of subkeys is |
46 | | * reasonable. So we set a generous limit of 256 KiB. */ |
47 | 0 | #define MAX_WKD_RESULT_LENGTH (256 * 1024) |
48 | | |
49 | | |
50 | | /* Parameter structure used to gather status info. Note that it is |
51 | | * also used for WKD requests. */ |
52 | | struct ks_status_parm_s |
53 | | { |
54 | | const char *keyword; /* Look for this keyword or NULL for "SOURCE". */ |
55 | | char *source; |
56 | | }; |
57 | | |
58 | | |
59 | | /* Parameter structure used with the KS_SEARCH command. */ |
60 | | struct ks_search_parm_s |
61 | | { |
62 | | gpg_error_t lasterr; /* Last error code. */ |
63 | | membuf_t saveddata; /* Buffer to build complete lines. */ |
64 | | char *helpbuf; /* NULL or malloced buffer. */ |
65 | | size_t helpbufsize; /* Allocated size of HELPBUF. */ |
66 | | gpg_error_t (*data_cb)(void*, int, char*); /* Callback. */ |
67 | | void *data_cb_value; /* First argument for DATA_CB. */ |
68 | | struct ks_status_parm_s *stparm; /* Link to the status parameter. */ |
69 | | }; |
70 | | |
71 | | |
72 | | /* Parameter structure used with the KS_GET command. */ |
73 | | struct ks_get_parm_s |
74 | | { |
75 | | estream_t memfp; |
76 | | }; |
77 | | |
78 | | |
79 | | /* Parameter structure used with the KS_PUT command. */ |
80 | | struct ks_put_parm_s |
81 | | { |
82 | | assuan_context_t ctx; |
83 | | kbnode_t keyblock; /* The optional keyblock. */ |
84 | | const void *data; /* The key in OpenPGP binary format. */ |
85 | | size_t datalen; /* The length of DATA. */ |
86 | | }; |
87 | | |
88 | | |
89 | | /* Parameter structure used with the DNS_CERT command. */ |
90 | | struct dns_cert_parm_s |
91 | | { |
92 | | estream_t memfp; |
93 | | unsigned char *fpr; |
94 | | size_t fprlen; |
95 | | char *url; |
96 | | }; |
97 | | |
98 | | |
99 | | /* Data used to associate an session with dirmngr contexts. We can't |
100 | | use a simple one to one mapping because we sometimes need two |
101 | | connections to the dirmngr; for example while doing a listing and |
102 | | being in a data callback we may want to retrieve a key. The local |
103 | | dirmngr data takes care of this. At the end of the session the |
104 | | function dirmngr_deinit_session_data is called by gpg.c to cleanup |
105 | | these resources. Note that gpg.h defines a typedef dirmngr_local_t |
106 | | for this structure. */ |
107 | | struct dirmngr_local_s |
108 | | { |
109 | | /* Link to other contexts which are used simultaneously. */ |
110 | | struct dirmngr_local_s *next; |
111 | | |
112 | | /* The active Assuan context. */ |
113 | | assuan_context_t ctx; |
114 | | |
115 | | /* Flag set when the keyserver names have been send. */ |
116 | | int set_keyservers_done; |
117 | | |
118 | | /* Flag set to true while an operation is running on CTX. */ |
119 | | int is_active; |
120 | | }; |
121 | | |
122 | | |
123 | | � |
124 | | /* Deinitialize all session data of dirmngr pertaining to CTRL. */ |
125 | | void |
126 | | gpg_dirmngr_deinit_session_data (ctrl_t ctrl) |
127 | 17.0k | { |
128 | 17.0k | dirmngr_local_t dml; |
129 | | |
130 | 17.0k | while ((dml = ctrl->dirmngr_local)) |
131 | 0 | { |
132 | 0 | ctrl->dirmngr_local = dml->next; |
133 | 0 | if (dml->is_active) |
134 | 0 | log_error ("oops: trying to cleanup an active dirmngr context\n"); |
135 | 0 | else |
136 | 0 | assuan_release (dml->ctx); |
137 | 0 | xfree (dml); |
138 | 0 | } |
139 | 17.0k | } |
140 | | |
141 | | |
142 | | /* Print a warning if the server's version number is less than our |
143 | | version number. Returns an error code on a connection problem. */ |
144 | | static gpg_error_t |
145 | | warn_version_mismatch (assuan_context_t ctx, const char *servername) |
146 | 0 | { |
147 | 0 | return warn_server_version_mismatch (ctx, servername, 0, |
148 | 0 | write_status_strings2, NULL, |
149 | 0 | !opt.quiet); |
150 | 0 | } |
151 | | |
152 | | |
153 | | /* Try to connect to the Dirmngr via a socket or spawn it if possible. |
154 | | Handle the server's initial greeting and set global options. */ |
155 | | static gpg_error_t |
156 | | create_context (ctrl_t ctrl, assuan_context_t *r_ctx) |
157 | 0 | { |
158 | 0 | gpg_error_t err; |
159 | 0 | assuan_context_t ctx; |
160 | |
|
161 | 0 | *r_ctx = NULL; |
162 | |
|
163 | 0 | if (opt.disable_dirmngr) |
164 | 0 | return gpg_error (GPG_ERR_NO_DIRMNGR); |
165 | | |
166 | 0 | err = start_new_dirmngr (&ctx, |
167 | 0 | GPG_ERR_SOURCE_DEFAULT, |
168 | 0 | opt.dirmngr_program, |
169 | 0 | opt.autostart, opt.verbose, DBG_IPC, |
170 | 0 | NULL /*gpg_status2*/, ctrl); |
171 | 0 | if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR) |
172 | 0 | { |
173 | 0 | static int shown; |
174 | |
|
175 | 0 | if (!shown) |
176 | 0 | { |
177 | 0 | shown = 1; |
178 | 0 | log_info (_("no dirmngr running in this session\n")); |
179 | 0 | } |
180 | 0 | } |
181 | 0 | else if (!err && !(err = warn_version_mismatch (ctx, DIRMNGR_NAME))) |
182 | 0 | { |
183 | 0 | char *line; |
184 | | |
185 | | /* Tell the dirmngr that we want to collect audit event. */ |
186 | | /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */ |
187 | | /* NULL, NULL, NULL, NULL, NULL, NULL); */ |
188 | 0 | if (opt.keyserver_options.http_proxy) |
189 | 0 | { |
190 | 0 | line = xtryasprintf ("OPTION http-proxy=%s", |
191 | 0 | opt.keyserver_options.http_proxy); |
192 | 0 | if (!line) |
193 | 0 | err = gpg_error_from_syserror (); |
194 | 0 | else |
195 | 0 | { |
196 | 0 | err = assuan_transact (ctx, line, NULL, NULL, NULL, |
197 | 0 | NULL, NULL, NULL); |
198 | 0 | xfree (line); |
199 | 0 | } |
200 | 0 | } |
201 | |
|
202 | 0 | if (err) |
203 | 0 | ; |
204 | 0 | else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL)) |
205 | 0 | { |
206 | | /* Tell the dirmngr that this possibly privacy invading |
207 | | option is in use. If Dirmngr is running in Tor mode, it |
208 | | will return an error. */ |
209 | 0 | err = assuan_transact (ctx, "OPTION honor-keyserver-url-used", |
210 | 0 | NULL, NULL, NULL, NULL, NULL, NULL); |
211 | 0 | if (gpg_err_code (err) == GPG_ERR_FORBIDDEN) |
212 | 0 | log_error (_("keyserver option \"honor-keyserver-url\"" |
213 | 0 | " may not be used in Tor mode\n")); |
214 | 0 | else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION) |
215 | 0 | err = 0; /* Old dirmngr versions do not support this option. */ |
216 | 0 | } |
217 | 0 | } |
218 | |
|
219 | 0 | if (err) |
220 | 0 | assuan_release (ctx); |
221 | 0 | else |
222 | 0 | { |
223 | | /* audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); */ |
224 | 0 | *r_ctx = ctx; |
225 | 0 | } |
226 | |
|
227 | 0 | return err; |
228 | 0 | } |
229 | | |
230 | | |
231 | | /* Get a context for accessing dirmngr. If no context is available a |
232 | | new one is created and - if required - dirmngr started. On success |
233 | | an assuan context is stored at R_CTX. This context may only be |
234 | | released by means of close_context. Note that NULL is stored at |
235 | | R_CTX on error. */ |
236 | | static gpg_error_t |
237 | | open_context (ctrl_t ctrl, assuan_context_t *r_ctx) |
238 | 0 | { |
239 | 0 | gpg_error_t err; |
240 | 0 | dirmngr_local_t dml; |
241 | |
|
242 | 0 | *r_ctx = NULL; |
243 | 0 | for (;;) |
244 | 0 | { |
245 | 0 | for (dml = ctrl->dirmngr_local; dml && dml->is_active; dml = dml->next) |
246 | 0 | ; |
247 | 0 | if (dml) |
248 | 0 | { |
249 | | /* Found an inactive local session - return that. */ |
250 | 0 | log_assert (!dml->is_active); |
251 | | |
252 | | /* But first do the per session init if not yet done. */ |
253 | 0 | if (!dml->set_keyservers_done) |
254 | 0 | { |
255 | 0 | keyserver_spec_t ksi; |
256 | | |
257 | | /* Set all configured keyservers. We clear existing |
258 | | keyservers so that any keyserver configured in GPG |
259 | | overrides keyservers possibly still configured in Dirmngr |
260 | | for the session (Note that the keyserver list of a |
261 | | session in Dirmngr survives a RESET. */ |
262 | 0 | for (ksi = opt.keyserver; ksi; ksi = ksi->next) |
263 | 0 | { |
264 | 0 | char *line; |
265 | |
|
266 | 0 | line = xtryasprintf |
267 | 0 | ("KEYSERVER%s %s", |
268 | 0 | ksi == opt.keyserver? " --clear":"", ksi->uri); |
269 | 0 | if (!line) |
270 | 0 | err = gpg_error_from_syserror (); |
271 | 0 | else |
272 | 0 | { |
273 | 0 | err = assuan_transact (dml->ctx, line, NULL, NULL, NULL, |
274 | 0 | NULL, NULL, NULL); |
275 | 0 | xfree (line); |
276 | 0 | } |
277 | |
|
278 | 0 | if (err) |
279 | 0 | return err; |
280 | 0 | } |
281 | | |
282 | 0 | dml->set_keyservers_done = 1; |
283 | 0 | } |
284 | | |
285 | 0 | dml->is_active = 1; |
286 | |
|
287 | 0 | *r_ctx = dml->ctx; |
288 | 0 | return 0; |
289 | 0 | } |
290 | | |
291 | 0 | dml = xtrycalloc (1, sizeof *dml); |
292 | 0 | if (!dml) |
293 | 0 | return gpg_error_from_syserror (); |
294 | 0 | err = create_context (ctrl, &dml->ctx); |
295 | 0 | if (err) |
296 | 0 | { |
297 | 0 | xfree (dml); |
298 | 0 | return err; |
299 | 0 | } |
300 | | |
301 | | /* To be on the nPth thread safe site we need to add it to a |
302 | | list; this is far easier than to have a lock for this |
303 | | function. It should not happen anyway but the code is free |
304 | | because we need it for the is_active check above. */ |
305 | 0 | dml->next = ctrl->dirmngr_local; |
306 | 0 | ctrl->dirmngr_local = dml; |
307 | 0 | } |
308 | 0 | } |
309 | | |
310 | | |
311 | | /* Close the assuan context CTX or return it to a pool of unused |
312 | | contexts. If CTX is NULL, the function does nothing. */ |
313 | | static void |
314 | | close_context (ctrl_t ctrl, assuan_context_t ctx) |
315 | 0 | { |
316 | 0 | dirmngr_local_t dml; |
317 | |
|
318 | 0 | if (!ctx) |
319 | 0 | return; |
320 | | |
321 | 0 | for (dml = ctrl->dirmngr_local; dml; dml = dml->next) |
322 | 0 | { |
323 | 0 | if (dml->ctx == ctx) |
324 | 0 | { |
325 | 0 | if (!dml->is_active) |
326 | 0 | log_fatal ("closing inactive dirmngr context %p\n", ctx); |
327 | 0 | dml->is_active = 0; |
328 | 0 | return; |
329 | 0 | } |
330 | 0 | } |
331 | 0 | log_fatal ("closing unknown dirmngr ctx %p\n", ctx); |
332 | 0 | } |
333 | | |
334 | | |
335 | | /* Clear the set_keyservers_done flag on context CTX. */ |
336 | | static void |
337 | | clear_context_flags (ctrl_t ctrl, assuan_context_t ctx) |
338 | 0 | { |
339 | 0 | dirmngr_local_t dml; |
340 | |
|
341 | 0 | if (!ctx) |
342 | 0 | return; |
343 | | |
344 | 0 | for (dml = ctrl->dirmngr_local; dml; dml = dml->next) |
345 | 0 | { |
346 | 0 | if (dml->ctx == ctx) |
347 | 0 | { |
348 | 0 | if (!dml->is_active) |
349 | 0 | log_fatal ("clear_context_flags on inactive dirmngr ctx %p\n", ctx); |
350 | 0 | dml->set_keyservers_done = 0; |
351 | 0 | return; |
352 | 0 | } |
353 | 0 | } |
354 | 0 | log_fatal ("clear_context_flags on unknown dirmngr ctx %p\n", ctx); |
355 | 0 | } |
356 | | |
357 | | |
358 | | � |
359 | | /* Status callback for ks_list, ks_get, ks_search, and wkd_get */ |
360 | | static gpg_error_t |
361 | | ks_status_cb (void *opaque, const char *line) |
362 | 0 | { |
363 | 0 | struct ks_status_parm_s *parm = opaque; |
364 | 0 | gpg_error_t err = 0; |
365 | 0 | const char *s, *s2; |
366 | 0 | const char *warn = NULL; |
367 | 0 | int is_note = 0; |
368 | 0 | char *p; |
369 | |
|
370 | 0 | if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE"))) |
371 | 0 | { |
372 | | /* Note that the arg for "S SOURCE" is the URL of a keyserver. */ |
373 | 0 | if (!parm->source) |
374 | 0 | { |
375 | 0 | parm->source = xtrystrdup (s); |
376 | 0 | if (!parm->source) |
377 | 0 | err = gpg_error_from_syserror (); |
378 | 0 | else |
379 | 0 | { |
380 | 0 | p = strchr (parm->source, ':'); |
381 | 0 | if (p && p[1] == '/' && p[2] == '/') |
382 | 0 | { |
383 | | /* This is a real URL like "ldap://foo:389/bla,bla" |
384 | | * Strip off the local part. */ |
385 | 0 | if ((p = strchr (p+3, '/'))) |
386 | 0 | *p = 0; |
387 | 0 | } |
388 | 0 | else |
389 | 0 | { |
390 | | /* This is an LDAP config entry like |
391 | | * "foo:389:user:pass:base:flags" |
392 | | * we strip off everything beyound the port. */ |
393 | 0 | if ((p = strchr (p+1, ':'))) |
394 | 0 | { |
395 | 0 | if (p[-1] == ':') |
396 | 0 | p[-1] = 0; /* No port given. */ |
397 | 0 | else |
398 | 0 | *p = 0; |
399 | 0 | } |
400 | 0 | } |
401 | 0 | } |
402 | 0 | } |
403 | 0 | } |
404 | 0 | else if ((s = has_leading_keyword (line, "WARNING")) |
405 | 0 | || (is_note = !!(s = has_leading_keyword (line, "NOTE")))) |
406 | 0 | { |
407 | 0 | if ((s2 = has_leading_keyword (s, "wkd_cached_result"))) |
408 | 0 | { |
409 | 0 | if (opt.verbose) |
410 | 0 | warn = _("WKD uses a cached result"); |
411 | 0 | } |
412 | 0 | else if ((s2 = has_leading_keyword (s, "tor_not_running"))) |
413 | 0 | warn = _("Tor is not running"); |
414 | 0 | else if ((s2 = has_leading_keyword (s, "tor_config_problem"))) |
415 | 0 | warn = _("Tor is not properly configured"); |
416 | 0 | else if ((s2 = has_leading_keyword (s, "dns_config_problem"))) |
417 | 0 | warn = _("DNS is not properly configured"); |
418 | 0 | else if ((s2 = has_leading_keyword (s, "http_redirect"))) |
419 | 0 | warn = _("unacceptable HTTP redirect from server"); |
420 | 0 | else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup"))) |
421 | 0 | warn = _("unacceptable HTTP redirect from server was cleaned up"); |
422 | 0 | else if ((s2 = has_leading_keyword (s, "tls_cert_error"))) |
423 | 0 | warn = _("server uses an invalid certificate"); |
424 | 0 | else |
425 | 0 | warn = NULL; |
426 | |
|
427 | 0 | if (warn) |
428 | 0 | { |
429 | 0 | if (is_note) |
430 | 0 | log_info (_("Note: %s\n"), warn); |
431 | 0 | else |
432 | 0 | log_info (_("WARNING: %s\n"), warn); |
433 | 0 | if (s2) |
434 | 0 | { |
435 | 0 | while (*s2 && !spacep (s2)) |
436 | 0 | s2++; |
437 | 0 | while (*s2 && spacep (s2)) |
438 | 0 | s2++; |
439 | 0 | if (*s2) |
440 | 0 | print_further_info ("%s", s2); |
441 | 0 | } |
442 | 0 | } |
443 | 0 | } |
444 | |
|
445 | 0 | return err; |
446 | 0 | } |
447 | | |
448 | | |
449 | | � |
450 | | /* Run the "KEYSERVER" command to return the name of the used |
451 | | keyserver at R_KEYSERVER. */ |
452 | | gpg_error_t |
453 | | gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver) |
454 | 0 | { |
455 | 0 | gpg_error_t err; |
456 | 0 | assuan_context_t ctx; |
457 | 0 | struct ks_status_parm_s stparm; |
458 | |
|
459 | 0 | memset (&stparm, 0, sizeof stparm); |
460 | 0 | stparm.keyword = "KEYSERVER"; |
461 | 0 | if (r_keyserver) |
462 | 0 | *r_keyserver = NULL; |
463 | |
|
464 | 0 | err = open_context (ctrl, &ctx); |
465 | 0 | if (err) |
466 | 0 | return err; |
467 | | |
468 | 0 | err = assuan_transact (ctx, "KEYSERVER", NULL, NULL, |
469 | 0 | NULL, NULL, ks_status_cb, &stparm); |
470 | 0 | if (err) |
471 | 0 | goto leave; |
472 | 0 | if (!stparm.source) |
473 | 0 | { |
474 | 0 | err = gpg_error (GPG_ERR_NO_KEYSERVER); |
475 | 0 | goto leave; |
476 | 0 | } |
477 | | |
478 | 0 | if (r_keyserver) |
479 | 0 | *r_keyserver = stparm.source; |
480 | 0 | else |
481 | 0 | xfree (stparm.source); |
482 | 0 | stparm.source = NULL; |
483 | |
|
484 | 0 | leave: |
485 | 0 | xfree (stparm.source); |
486 | 0 | close_context (ctrl, ctx); |
487 | 0 | return err; |
488 | 0 | } |
489 | | |
490 | | |
491 | | � |
492 | | /* Data callback for the KS_SEARCH command. */ |
493 | | static gpg_error_t |
494 | | ks_search_data_cb (void *opaque, const void *data, size_t datalen) |
495 | 0 | { |
496 | 0 | gpg_error_t err = 0; |
497 | 0 | struct ks_search_parm_s *parm = opaque; |
498 | 0 | const char *line, *s; |
499 | 0 | size_t rawlen, linelen; |
500 | 0 | char fixedbuf[256]; |
501 | |
|
502 | 0 | if (parm->lasterr) |
503 | 0 | return 0; |
504 | | |
505 | 0 | if (parm->stparm->source) |
506 | 0 | { |
507 | 0 | err = parm->data_cb (parm->data_cb_value, 1, parm->stparm->source); |
508 | 0 | if (err) |
509 | 0 | { |
510 | 0 | parm->lasterr = err; |
511 | 0 | return err; |
512 | 0 | } |
513 | | /* Clear it so that we won't get back here unless the server |
514 | | accidentally sends a second source status line. Note that |
515 | | will not see all accidentally sent source lines because it |
516 | | depends on whether data lines have been send in between. */ |
517 | 0 | xfree (parm->stparm->source); |
518 | 0 | parm->stparm->source = NULL; |
519 | 0 | } |
520 | | |
521 | 0 | if (!data) |
522 | 0 | return 0; /* Ignore END commands. */ |
523 | | |
524 | 0 | put_membuf (&parm->saveddata, data, datalen); |
525 | |
|
526 | 0 | again: |
527 | 0 | line = peek_membuf (&parm->saveddata, &rawlen); |
528 | 0 | if (!line) |
529 | 0 | { |
530 | 0 | parm->lasterr = gpg_error_from_syserror (); |
531 | 0 | return parm->lasterr; /* Tell the server about our problem. */ |
532 | 0 | } |
533 | 0 | if ((s = memchr (line, '\n', rawlen))) |
534 | 0 | { |
535 | 0 | linelen = s - line; /* That is the length excluding the LF. */ |
536 | 0 | if (linelen + 1 < sizeof fixedbuf) |
537 | 0 | { |
538 | | /* We can use the static buffer. */ |
539 | 0 | memcpy (fixedbuf, line, linelen); |
540 | 0 | fixedbuf[linelen] = 0; |
541 | 0 | if (linelen && fixedbuf[linelen-1] == '\r') |
542 | 0 | fixedbuf[linelen-1] = 0; |
543 | 0 | err = parm->data_cb (parm->data_cb_value, 0, fixedbuf); |
544 | 0 | } |
545 | 0 | else |
546 | 0 | { |
547 | 0 | if (linelen + 1 >= parm->helpbufsize) |
548 | 0 | { |
549 | 0 | xfree (parm->helpbuf); |
550 | 0 | parm->helpbufsize = linelen + 1 + 1024; |
551 | 0 | parm->helpbuf = xtrymalloc (parm->helpbufsize); |
552 | 0 | if (!parm->helpbuf) |
553 | 0 | { |
554 | 0 | parm->lasterr = gpg_error_from_syserror (); |
555 | 0 | return parm->lasterr; |
556 | 0 | } |
557 | 0 | } |
558 | 0 | memcpy (parm->helpbuf, line, linelen); |
559 | 0 | parm->helpbuf[linelen] = 0; |
560 | 0 | if (linelen && parm->helpbuf[linelen-1] == '\r') |
561 | 0 | parm->helpbuf[linelen-1] = 0; |
562 | 0 | err = parm->data_cb (parm->data_cb_value, 0, parm->helpbuf); |
563 | 0 | } |
564 | 0 | if (err) |
565 | 0 | parm->lasterr = err; |
566 | 0 | else |
567 | 0 | { |
568 | 0 | clear_membuf (&parm->saveddata, linelen+1); |
569 | 0 | goto again; /* There might be another complete line. */ |
570 | 0 | } |
571 | 0 | } |
572 | | |
573 | 0 | return err; |
574 | 0 | } |
575 | | |
576 | | |
577 | | /* Run the KS_SEARCH command using the search string SEARCHSTR. All |
578 | | data lines are passed to the CB function. That function is called |
579 | | with CB_VALUE as its first argument, a 0 as second argument, and |
580 | | the decoded data line as third argument. The callback function may |
581 | | modify the data line and it is guaranteed that this data line is a |
582 | | complete line with a terminating 0 character but without the |
583 | | linefeed. NULL is passed to the callback to indicate EOF. */ |
584 | | gpg_error_t |
585 | | gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr, |
586 | | gpg_error_t (*cb)(void*, int, char *), void *cb_value) |
587 | 0 | { |
588 | 0 | gpg_error_t err; |
589 | 0 | assuan_context_t ctx; |
590 | 0 | struct ks_status_parm_s stparm; |
591 | 0 | struct ks_search_parm_s parm; |
592 | 0 | char line[ASSUAN_LINELENGTH]; |
593 | |
|
594 | 0 | err = open_context (ctrl, &ctx); |
595 | 0 | if (err) |
596 | 0 | return err; |
597 | | |
598 | 0 | { |
599 | 0 | char *escsearchstr = percent_plus_escape (searchstr); |
600 | 0 | if (!escsearchstr) |
601 | 0 | { |
602 | 0 | err = gpg_error_from_syserror (); |
603 | 0 | close_context (ctrl, ctx); |
604 | 0 | return err; |
605 | 0 | } |
606 | 0 | snprintf (line, sizeof line, "KS_SEARCH -- %s", escsearchstr); |
607 | 0 | xfree (escsearchstr); |
608 | 0 | } |
609 | | |
610 | 0 | memset (&stparm, 0, sizeof stparm); |
611 | 0 | memset (&parm, 0, sizeof parm); |
612 | 0 | init_membuf (&parm.saveddata, 1024); |
613 | 0 | parm.data_cb = cb; |
614 | 0 | parm.data_cb_value = cb_value; |
615 | 0 | parm.stparm = &stparm; |
616 | |
|
617 | 0 | err = assuan_transact (ctx, line, ks_search_data_cb, &parm, |
618 | 0 | NULL, NULL, ks_status_cb, &stparm); |
619 | 0 | if (!err) |
620 | 0 | err = cb (cb_value, 0, NULL); /* Send EOF. */ |
621 | 0 | else if (parm.stparm->source) |
622 | 0 | { |
623 | | /* Error but we received a SOURCE status. Tell via callback but |
624 | | * ignore errors. */ |
625 | 0 | parm.data_cb (parm.data_cb_value, 1, parm.stparm->source); |
626 | 0 | } |
627 | |
|
628 | 0 | xfree (get_membuf (&parm.saveddata, NULL)); |
629 | 0 | xfree (parm.helpbuf); |
630 | 0 | xfree (stparm.source); |
631 | |
|
632 | 0 | close_context (ctrl, ctx); |
633 | 0 | return err; |
634 | 0 | } |
635 | | |
636 | | |
637 | | � |
638 | | /* Data callback for the KS_GET and KS_FETCH commands. */ |
639 | | static gpg_error_t |
640 | | ks_get_data_cb (void *opaque, const void *data, size_t datalen) |
641 | 0 | { |
642 | 0 | gpg_error_t err = 0; |
643 | 0 | struct ks_get_parm_s *parm = opaque; |
644 | 0 | size_t nwritten; |
645 | |
|
646 | 0 | if (!data) |
647 | 0 | return 0; /* Ignore END commands. */ |
648 | | |
649 | 0 | if (es_write (parm->memfp, data, datalen, &nwritten)) |
650 | 0 | err = gpg_error_from_syserror (); |
651 | |
|
652 | 0 | return err; |
653 | 0 | } |
654 | | |
655 | | |
656 | | /* Run the KS_GET command using the patterns in the array PATTERN. On |
657 | | success an estream object is returned to retrieve the keys. On |
658 | | error an error code is returned and NULL stored at R_FP. |
659 | | |
660 | | The pattern may only use search specification which a keyserver can |
661 | | use to retrieve keys. Because we know the format of the pattern we |
662 | | don't need to escape the patterns before sending them to the |
663 | | server. |
664 | | |
665 | | Bit values for FLAGS are: |
666 | | - KEYSERVER_IMPORT_FLAG_QUICK :: dirmngr shall use a shorter timeout. |
667 | | - KEYSERVER_IMPORT_FLAG_LDAP :: dirmngr shall only use LDAP or NTDS. |
668 | | |
669 | | If R_SOURCE is not NULL the source of the data is stored as a |
670 | | malloced string there. If a source is not known NULL is stored. |
671 | | Note that this may even be returned after an error. |
672 | | |
673 | | If there are too many patterns the function returns an error. That |
674 | | could be fixed by issuing several search commands or by |
675 | | implementing a different interface. However with long keyids we |
676 | | are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */ |
677 | | gpg_error_t |
678 | | gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern, |
679 | | keyserver_spec_t override_keyserver, |
680 | | unsigned int flags, |
681 | | estream_t *r_fp, char **r_source) |
682 | 0 | { |
683 | 0 | gpg_error_t err; |
684 | 0 | assuan_context_t ctx; |
685 | 0 | struct ks_status_parm_s stparm; |
686 | 0 | struct ks_get_parm_s parm; |
687 | 0 | char *line = NULL; |
688 | 0 | size_t linelen; |
689 | 0 | membuf_t mb; |
690 | 0 | int idx; |
691 | |
|
692 | 0 | memset (&stparm, 0, sizeof stparm); |
693 | 0 | memset (&parm, 0, sizeof parm); |
694 | |
|
695 | 0 | *r_fp = NULL; |
696 | 0 | if (r_source) |
697 | 0 | *r_source = NULL; |
698 | |
|
699 | 0 | err = open_context (ctrl, &ctx); |
700 | 0 | if (err) |
701 | 0 | return err; |
702 | | |
703 | | /* If we have an override keyserver we first indicate that the next |
704 | | user of the context needs to again setup the global keyservers and |
705 | | then we send the override keyserver. */ |
706 | 0 | if (override_keyserver) |
707 | 0 | { |
708 | 0 | clear_context_flags (ctrl, ctx); |
709 | 0 | line = xtryasprintf ("KEYSERVER --clear %s", override_keyserver->uri); |
710 | 0 | if (!line) |
711 | 0 | { |
712 | 0 | err = gpg_error_from_syserror (); |
713 | 0 | goto leave; |
714 | 0 | } |
715 | 0 | err = assuan_transact (ctx, line, NULL, NULL, NULL, |
716 | 0 | NULL, NULL, NULL); |
717 | 0 | if (err) |
718 | 0 | goto leave; |
719 | | |
720 | 0 | xfree (line); |
721 | 0 | line = NULL; |
722 | 0 | } |
723 | | |
724 | | /* Lump all patterns into one string. */ |
725 | 0 | init_membuf (&mb, 1024); |
726 | 0 | put_membuf_str (&mb, "KS_GET"); |
727 | 0 | if ((flags & KEYSERVER_IMPORT_FLAG_QUICK)) |
728 | 0 | put_membuf_str (&mb, " --quick"); |
729 | 0 | if ((flags & KEYSERVER_IMPORT_FLAG_LDAP)) |
730 | 0 | put_membuf_str (&mb, " --ldap"); |
731 | 0 | put_membuf_str (&mb, " --"); |
732 | 0 | for (idx=0; pattern[idx]; idx++) |
733 | 0 | { |
734 | 0 | put_membuf (&mb, " ", 1); /* Append Delimiter. */ |
735 | 0 | put_membuf_str (&mb, pattern[idx]); |
736 | 0 | } |
737 | 0 | put_membuf (&mb, "", 1); /* Append Nul. */ |
738 | 0 | line = get_membuf (&mb, &linelen); |
739 | 0 | if (!line) |
740 | 0 | { |
741 | 0 | err = gpg_error_from_syserror (); |
742 | 0 | goto leave; |
743 | 0 | } |
744 | 0 | if (linelen + 2 >= ASSUAN_LINELENGTH) |
745 | 0 | { |
746 | 0 | err = gpg_error (GPG_ERR_TOO_MANY); |
747 | 0 | goto leave; |
748 | 0 | } |
749 | | |
750 | 0 | parm.memfp = es_fopenmem (0, "rwb"); |
751 | 0 | if (!parm.memfp) |
752 | 0 | { |
753 | 0 | err = gpg_error_from_syserror (); |
754 | 0 | goto leave; |
755 | 0 | } |
756 | 0 | err = assuan_transact (ctx, line, ks_get_data_cb, &parm, |
757 | 0 | NULL, NULL, ks_status_cb, &stparm); |
758 | 0 | if (err) |
759 | 0 | goto leave; |
760 | | |
761 | 0 | es_rewind (parm.memfp); |
762 | 0 | *r_fp = parm.memfp; |
763 | 0 | parm.memfp = NULL; |
764 | | |
765 | |
|
766 | 0 | leave: |
767 | 0 | if (r_source && stparm.source) |
768 | 0 | { |
769 | 0 | *r_source = stparm.source; |
770 | 0 | stparm.source = NULL; |
771 | 0 | } |
772 | 0 | es_fclose (parm.memfp); |
773 | 0 | xfree (stparm.source); |
774 | 0 | xfree (line); |
775 | 0 | close_context (ctrl, ctx); |
776 | 0 | return err; |
777 | 0 | } |
778 | | |
779 | | |
780 | | /* Run the KS_FETCH and pass URL as argument. On success an estream |
781 | | object is returned to retrieve the keys. On error an error code is |
782 | | returned and NULL stored at R_FP. |
783 | | |
784 | | The url is expected to point to a small set of keys; in many cases |
785 | | only to one key. However, schemes like finger may return several |
786 | | keys. Note that the configured keyservers are ignored by the |
787 | | KS_FETCH command. */ |
788 | | gpg_error_t |
789 | | gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) |
790 | 0 | { |
791 | 0 | gpg_error_t err; |
792 | 0 | assuan_context_t ctx; |
793 | 0 | struct ks_get_parm_s parm; |
794 | 0 | char *line = NULL; |
795 | |
|
796 | 0 | memset (&parm, 0, sizeof parm); |
797 | |
|
798 | 0 | *r_fp = NULL; |
799 | |
|
800 | 0 | err = open_context (ctrl, &ctx); |
801 | 0 | if (err) |
802 | 0 | return err; |
803 | | |
804 | 0 | line = strconcat ("KS_FETCH -- ", url, NULL); |
805 | 0 | if (!line) |
806 | 0 | { |
807 | 0 | err = gpg_error_from_syserror (); |
808 | 0 | goto leave; |
809 | 0 | } |
810 | 0 | if (strlen (line) + 2 >= ASSUAN_LINELENGTH) |
811 | 0 | { |
812 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
813 | 0 | goto leave; |
814 | 0 | } |
815 | | |
816 | 0 | parm.memfp = es_fopenmem (0, "rwb"); |
817 | 0 | if (!parm.memfp) |
818 | 0 | { |
819 | 0 | err = gpg_error_from_syserror (); |
820 | 0 | goto leave; |
821 | 0 | } |
822 | 0 | err = assuan_transact (ctx, line, ks_get_data_cb, &parm, |
823 | 0 | NULL, NULL, NULL, NULL); |
824 | 0 | if (err) |
825 | 0 | goto leave; |
826 | | |
827 | 0 | es_rewind (parm.memfp); |
828 | 0 | *r_fp = parm.memfp; |
829 | 0 | parm.memfp = NULL; |
830 | |
|
831 | 0 | leave: |
832 | 0 | es_fclose (parm.memfp); |
833 | 0 | xfree (line); |
834 | 0 | close_context (ctrl, ctx); |
835 | 0 | return err; |
836 | 0 | } |
837 | | |
838 | | |
839 | | � |
840 | | static void |
841 | | record_output (estream_t output, |
842 | | pkttype_t type, |
843 | | const char *validity, |
844 | | int pub_key_length, /* The public key length or -1. */ |
845 | | int pub_key_algo, /* The public key algo or -1. */ |
846 | | const u32 *keyid, /* 2 ulongs or NULL. */ |
847 | | u32 creation_date, /* The creation date or 0. */ |
848 | | u32 expiration_date, /* The expiration date or 0. */ |
849 | | const char *userid) /* The userid or NULL. */ |
850 | 0 | { |
851 | 0 | const char *type_str = NULL; |
852 | |
|
853 | 0 | switch (type) |
854 | 0 | { |
855 | 0 | case PKT_PUBLIC_KEY: |
856 | 0 | type_str = "pub"; |
857 | 0 | break; |
858 | 0 | case PKT_PUBLIC_SUBKEY: |
859 | 0 | type_str = "sub"; |
860 | 0 | break; |
861 | 0 | case PKT_USER_ID: |
862 | 0 | type_str = "uid"; |
863 | 0 | break; |
864 | 0 | case PKT_SIGNATURE: |
865 | 0 | type_str = "sig"; |
866 | 0 | break; |
867 | 0 | default: |
868 | 0 | log_assert (! "Unhandled type."); |
869 | 0 | } |
870 | 0 | es_fprintf (output, "%s:%s:", |
871 | 0 | type_str, |
872 | 0 | validity ? validity : ""); |
873 | |
|
874 | 0 | if (pub_key_length > 0) |
875 | 0 | es_fprintf (output, "%d", pub_key_length); |
876 | 0 | es_fputc (':', output); |
877 | |
|
878 | 0 | if (pub_key_algo != -1) |
879 | 0 | es_fprintf (output, "%d", pub_key_algo); |
880 | 0 | es_fputc (':', output); |
881 | |
|
882 | 0 | if (keyid) |
883 | 0 | es_fprintf (output, "%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]); |
884 | |
|
885 | 0 | es_fprintf (output, ":%s:", colon_strtime (creation_date)); |
886 | 0 | es_fprintf (output, "%s:::", colon_strtime (expiration_date)); |
887 | |
|
888 | 0 | if (userid) |
889 | 0 | es_write_sanitized (output, userid, strlen (userid), ":", NULL); |
890 | 0 | else |
891 | 0 | es_fputc (':', output); |
892 | 0 | es_fputs (":::::::::\n", output); |
893 | |
|
894 | 0 | } |
895 | | |
896 | | |
897 | | /* Handle the KS_PUT inquiries. */ |
898 | | static gpg_error_t |
899 | | ks_put_inq_cb (void *opaque, const char *line) |
900 | 0 | { |
901 | 0 | struct ks_put_parm_s *parm = opaque; |
902 | 0 | gpg_error_t err = 0; |
903 | |
|
904 | 0 | if (has_leading_keyword (line, "KEYBLOCK")) |
905 | 0 | { |
906 | 0 | if (parm->data) |
907 | 0 | err = assuan_send_data (parm->ctx, parm->data, parm->datalen); |
908 | 0 | } |
909 | 0 | else if (has_leading_keyword (line, "KEYBLOCK_INFO")) |
910 | 0 | { |
911 | 0 | kbnode_t node; |
912 | 0 | estream_t fp; |
913 | 0 | char hexfpr[2*MAX_FINGERPRINT_LEN+1]; |
914 | | |
915 | | /* Parse the keyblock and send info lines back to the server. */ |
916 | 0 | fp = es_fopenmem (0, "rw,samethread"); |
917 | 0 | if (!fp) |
918 | 0 | err = gpg_error_from_syserror (); |
919 | | |
920 | | /* Note: the output format for the INFO block follows the colon |
921 | | format as described in doc/DETAILS. We don't actually reuse |
922 | | the functionality from g10/keylist.c to produce the output, |
923 | | because we don't need all of it and some of it is quite |
924 | | expensive to generate. |
925 | | |
926 | | The fields are (the starred fields are the ones we need): |
927 | | |
928 | | * Field 1 - Type of record |
929 | | * Field 2 - Validity |
930 | | * Field 3 - Key length |
931 | | * Field 4 - Public key algorithm |
932 | | * Field 5 - KeyID |
933 | | * Field 6 - Creation date |
934 | | * Field 7 - Expiration date |
935 | | Field 8 - Certificate S/N, UID hash, trust signature info |
936 | | Field 9 - Ownertrust |
937 | | * Field 10 - User-ID |
938 | | Field 11 - Signature class |
939 | | Field 12 - Key capabilities |
940 | | Field 13 - Issuer certificate fingerprint or other info |
941 | | Field 14 - Flag field |
942 | | Field 15 - S/N of a token |
943 | | Field 16 - Hash algorithm |
944 | | Field 17 - Curve name |
945 | | */ |
946 | 0 | for (node = parm->keyblock; !err && node; node=node->next) |
947 | 0 | { |
948 | 0 | switch (node->pkt->pkttype) |
949 | 0 | { |
950 | 0 | case PKT_PUBLIC_KEY: |
951 | 0 | case PKT_PUBLIC_SUBKEY: |
952 | 0 | { |
953 | 0 | PKT_public_key *pk = node->pkt->pkt.public_key; |
954 | |
|
955 | 0 | char validity[3]; |
956 | 0 | int i; |
957 | |
|
958 | 0 | i = 0; |
959 | 0 | if (pk->flags.revoked) |
960 | 0 | validity[i ++] = 'r'; |
961 | 0 | if (pk->has_expired) |
962 | 0 | validity[i ++] = 'e'; |
963 | 0 | validity[i] = '\0'; |
964 | |
|
965 | 0 | keyid_from_pk (pk, NULL); |
966 | |
|
967 | 0 | record_output (fp, node->pkt->pkttype, validity, |
968 | 0 | nbits_from_pk (pk), pk->pubkey_algo, |
969 | 0 | pk->keyid, pk->timestamp, pk->expiredate, |
970 | 0 | NULL); |
971 | 0 | es_fprintf (fp, "fpr:::::::::%s:\n", |
972 | 0 | hexfingerprint (pk, hexfpr, sizeof hexfpr)); |
973 | 0 | } |
974 | 0 | break; |
975 | | |
976 | 0 | case PKT_USER_ID: |
977 | 0 | { |
978 | 0 | PKT_user_id *uid = node->pkt->pkt.user_id; |
979 | |
|
980 | 0 | if (!uid->attrib_data) |
981 | 0 | { |
982 | 0 | char validity[3]; |
983 | 0 | int i; |
984 | |
|
985 | 0 | i = 0; |
986 | 0 | if (uid->flags.revoked) |
987 | 0 | validity[i ++] = 'r'; |
988 | 0 | if (uid->flags.expired) |
989 | 0 | validity[i ++] = 'e'; |
990 | 0 | validity[i] = '\0'; |
991 | |
|
992 | 0 | record_output (fp, node->pkt->pkttype, validity, |
993 | 0 | -1, -1, NULL, |
994 | 0 | uid->created, uid->expiredate, |
995 | 0 | uid->name); |
996 | 0 | } |
997 | 0 | } |
998 | 0 | break; |
999 | | |
1000 | 0 | default: |
1001 | 0 | continue; |
1002 | 0 | } |
1003 | | /* Given that the last operation was an es_fprintf we should |
1004 | | get the correct ERRNO if ferror indicates an error. */ |
1005 | 0 | if (es_ferror (fp)) |
1006 | 0 | err = gpg_error_from_syserror (); |
1007 | 0 | } |
1008 | | |
1009 | | /* Without an error and if we have an keyblock at all, send the |
1010 | | data back. */ |
1011 | 0 | if (!err && parm->keyblock) |
1012 | 0 | { |
1013 | 0 | int rc; |
1014 | 0 | char buffer[512]; |
1015 | 0 | size_t nread; |
1016 | |
|
1017 | 0 | es_rewind (fp); |
1018 | 0 | while (!(rc=es_read (fp, buffer, sizeof buffer, &nread)) && nread) |
1019 | 0 | { |
1020 | 0 | err = assuan_send_data (parm->ctx, buffer, nread); |
1021 | 0 | if (err) |
1022 | 0 | break; |
1023 | 0 | } |
1024 | 0 | if (!err && rc) |
1025 | 0 | err = gpg_error_from_syserror (); |
1026 | 0 | } |
1027 | 0 | es_fclose (fp); |
1028 | 0 | } |
1029 | 0 | else |
1030 | 0 | return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); |
1031 | | |
1032 | 0 | return err; |
1033 | 0 | } |
1034 | | |
1035 | | |
1036 | | /* Send a key to the configured server. {DATA,DATLEN} contains the |
1037 | | key in OpenPGP binary transport format. If KEYBLOCK is not NULL it |
1038 | | has the internal representation of that key; this is for example |
1039 | | used to convey meta data to LDAP keyservers. */ |
1040 | | gpg_error_t |
1041 | | gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock) |
1042 | 0 | { |
1043 | 0 | gpg_error_t err; |
1044 | 0 | assuan_context_t ctx; |
1045 | 0 | struct ks_put_parm_s parm; |
1046 | |
|
1047 | 0 | memset (&parm, 0, sizeof parm); |
1048 | | |
1049 | | /* We are going to parse the keyblock, thus we better make sure the |
1050 | | all information is readily available. */ |
1051 | 0 | if (keyblock) |
1052 | 0 | merge_keys_and_selfsig (ctrl, keyblock); |
1053 | |
|
1054 | 0 | err = open_context (ctrl, &ctx); |
1055 | 0 | if (err) |
1056 | 0 | return err; |
1057 | | |
1058 | 0 | parm.ctx = ctx; |
1059 | 0 | parm.keyblock = keyblock; |
1060 | 0 | parm.data = data; |
1061 | 0 | parm.datalen = datalen; |
1062 | |
|
1063 | 0 | err = assuan_transact (ctx, "KS_PUT", NULL, NULL, |
1064 | 0 | ks_put_inq_cb, &parm, NULL, NULL); |
1065 | |
|
1066 | 0 | close_context (ctrl, ctx); |
1067 | 0 | return err; |
1068 | 0 | } |
1069 | | |
1070 | | |
1071 | | � |
1072 | | /* Data callback for the DNS_CERT and WKD_GET commands. */ |
1073 | | static gpg_error_t |
1074 | | dns_cert_data_cb (void *opaque, const void *data, size_t datalen) |
1075 | 0 | { |
1076 | 0 | struct dns_cert_parm_s *parm = opaque; |
1077 | 0 | gpg_error_t err = 0; |
1078 | 0 | size_t nwritten; |
1079 | |
|
1080 | 0 | if (!data) |
1081 | 0 | return 0; /* Ignore END commands. */ |
1082 | 0 | if (!parm->memfp) |
1083 | 0 | return 0; /* Data is not required. */ |
1084 | | |
1085 | 0 | if (es_write (parm->memfp, data, datalen, &nwritten)) |
1086 | 0 | err = gpg_error_from_syserror (); |
1087 | |
|
1088 | 0 | return err; |
1089 | 0 | } |
1090 | | |
1091 | | |
1092 | | /* Status callback for the DNS_CERT command. */ |
1093 | | static gpg_error_t |
1094 | | dns_cert_status_cb (void *opaque, const char *line) |
1095 | 0 | { |
1096 | 0 | struct dns_cert_parm_s *parm = opaque; |
1097 | 0 | gpg_error_t err = 0; |
1098 | 0 | const char *s; |
1099 | 0 | size_t nbytes; |
1100 | |
|
1101 | 0 | if ((s = has_leading_keyword (line, "FPR"))) |
1102 | 0 | { |
1103 | 0 | char *buf; |
1104 | |
|
1105 | 0 | if (!(buf = xtrystrdup (s))) |
1106 | 0 | err = gpg_error_from_syserror (); |
1107 | 0 | else if (parm->fpr) |
1108 | 0 | err = gpg_error (GPG_ERR_DUP_KEY); |
1109 | 0 | else if (!hex2str (buf, buf, strlen (buf)+1, &nbytes)) |
1110 | 0 | err = gpg_error_from_syserror (); |
1111 | 0 | else if (nbytes < 20) |
1112 | 0 | err = gpg_error (GPG_ERR_TOO_SHORT); |
1113 | 0 | else |
1114 | 0 | { |
1115 | 0 | parm->fpr = xtrymalloc (nbytes); |
1116 | 0 | if (!parm->fpr) |
1117 | 0 | err = gpg_error_from_syserror (); |
1118 | 0 | else |
1119 | 0 | memcpy (parm->fpr, buf, (parm->fprlen = nbytes)); |
1120 | 0 | } |
1121 | 0 | xfree (buf); |
1122 | 0 | } |
1123 | 0 | else if ((s = has_leading_keyword (line, "URL")) && *s) |
1124 | 0 | { |
1125 | 0 | if (parm->url) |
1126 | 0 | err = gpg_error (GPG_ERR_DUP_KEY); |
1127 | 0 | else if (!(parm->url = xtrystrdup (s))) |
1128 | 0 | err = gpg_error_from_syserror (); |
1129 | 0 | } |
1130 | |
|
1131 | 0 | return err; |
1132 | 0 | } |
1133 | | |
1134 | | /* Ask the dirmngr for a DNS CERT record. Depending on the found |
1135 | | subtypes different return values are set: |
1136 | | |
1137 | | - For a PGP subtype a new estream with that key will be returned at |
1138 | | R_KEY and the other return parameters are set to NULL/0. |
1139 | | |
1140 | | - For an IPGP subtype the fingerprint is stored as a malloced block |
1141 | | at (R_FPR,R_FPRLEN). If an URL is available it is stored as a |
1142 | | malloced string at R_URL; NULL is stored if there is no URL. |
1143 | | |
1144 | | If CERTTYPE is DNS_CERTTYPE_ANY this function returns the first |
1145 | | CERT record found with a supported type; it is expected that only |
1146 | | one CERT record is used. If CERTTYPE is one of the supported |
1147 | | certtypes, only records with this certtype are considered and the |
1148 | | first one found is returned. All R_* args are optional. |
1149 | | |
1150 | | If CERTTYPE is NULL the DANE method is used to fetch the key. |
1151 | | */ |
1152 | | gpg_error_t |
1153 | | gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype, |
1154 | | estream_t *r_key, |
1155 | | unsigned char **r_fpr, size_t *r_fprlen, |
1156 | | char **r_url) |
1157 | 0 | { |
1158 | 0 | gpg_error_t err; |
1159 | 0 | assuan_context_t ctx; |
1160 | 0 | struct dns_cert_parm_s parm; |
1161 | 0 | char *line = NULL; |
1162 | |
|
1163 | 0 | memset (&parm, 0, sizeof parm); |
1164 | 0 | if (r_key) |
1165 | 0 | *r_key = NULL; |
1166 | 0 | if (r_fpr) |
1167 | 0 | *r_fpr = NULL; |
1168 | 0 | if (r_fprlen) |
1169 | 0 | *r_fprlen = 0; |
1170 | 0 | if (r_url) |
1171 | 0 | *r_url = NULL; |
1172 | |
|
1173 | 0 | err = open_context (ctrl, &ctx); |
1174 | 0 | if (err) |
1175 | 0 | return err; |
1176 | | |
1177 | 0 | line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name); |
1178 | 0 | if (!line) |
1179 | 0 | { |
1180 | 0 | err = gpg_error_from_syserror (); |
1181 | 0 | goto leave; |
1182 | 0 | } |
1183 | 0 | if (strlen (line) + 2 >= ASSUAN_LINELENGTH) |
1184 | 0 | { |
1185 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
1186 | 0 | goto leave; |
1187 | 0 | } |
1188 | | |
1189 | 0 | parm.memfp = es_fopenmem (0, "rwb"); |
1190 | 0 | if (!parm.memfp) |
1191 | 0 | { |
1192 | 0 | err = gpg_error_from_syserror (); |
1193 | 0 | goto leave; |
1194 | 0 | } |
1195 | 0 | err = assuan_transact (ctx, line, dns_cert_data_cb, &parm, |
1196 | 0 | NULL, NULL, dns_cert_status_cb, &parm); |
1197 | 0 | if (err) |
1198 | 0 | goto leave; |
1199 | | |
1200 | 0 | if (r_key) |
1201 | 0 | { |
1202 | 0 | es_rewind (parm.memfp); |
1203 | 0 | *r_key = parm.memfp; |
1204 | 0 | parm.memfp = NULL; |
1205 | 0 | } |
1206 | |
|
1207 | 0 | if (r_fpr && parm.fpr) |
1208 | 0 | { |
1209 | 0 | *r_fpr = parm.fpr; |
1210 | 0 | parm.fpr = NULL; |
1211 | 0 | } |
1212 | 0 | if (r_fprlen) |
1213 | 0 | *r_fprlen = parm.fprlen; |
1214 | |
|
1215 | 0 | if (r_url && parm.url) |
1216 | 0 | { |
1217 | 0 | *r_url = parm.url; |
1218 | 0 | parm.url = NULL; |
1219 | 0 | } |
1220 | |
|
1221 | 0 | leave: |
1222 | 0 | xfree (parm.fpr); |
1223 | 0 | xfree (parm.url); |
1224 | 0 | es_fclose (parm.memfp); |
1225 | 0 | xfree (line); |
1226 | 0 | close_context (ctrl, ctx); |
1227 | 0 | return err; |
1228 | 0 | } |
1229 | | |
1230 | | |
1231 | | � |
1232 | | /* Ask the dirmngr to retrieve a key via the Web Key Directory |
1233 | | * protocol. If QUICK is set the dirmngr is advised to use a shorter |
1234 | | * timeout. On success a new estream with the key stored at R_KEY and the |
1235 | | * url of the lookup (if any) stored at R_URL. Note that |
1236 | | */ |
1237 | | gpg_error_t |
1238 | | gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick, |
1239 | | estream_t *r_key, char **r_url) |
1240 | 0 | { |
1241 | 0 | gpg_error_t err; |
1242 | 0 | assuan_context_t ctx; |
1243 | 0 | struct ks_status_parm_s stparm = { NULL }; |
1244 | 0 | struct dns_cert_parm_s parm = { NULL }; |
1245 | 0 | char *line = NULL; |
1246 | |
|
1247 | 0 | if (r_key) |
1248 | 0 | *r_key = NULL; |
1249 | |
|
1250 | 0 | if (r_url) |
1251 | 0 | *r_url = NULL; |
1252 | |
|
1253 | 0 | err = open_context (ctrl, &ctx); |
1254 | 0 | if (err) |
1255 | 0 | return err; |
1256 | | |
1257 | 0 | line = es_bsprintf ("WKD_GET%s -- %s", quick?" --quick":"", name); |
1258 | 0 | if (!line) |
1259 | 0 | { |
1260 | 0 | err = gpg_error_from_syserror (); |
1261 | 0 | goto leave; |
1262 | 0 | } |
1263 | 0 | if (strlen (line) + 2 >= ASSUAN_LINELENGTH) |
1264 | 0 | { |
1265 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
1266 | 0 | goto leave; |
1267 | 0 | } |
1268 | | |
1269 | 0 | parm.memfp = es_fopenmem (MAX_WKD_RESULT_LENGTH, "rwb"); |
1270 | 0 | if (!parm.memfp) |
1271 | 0 | { |
1272 | 0 | err = gpg_error_from_syserror (); |
1273 | 0 | goto leave; |
1274 | 0 | } |
1275 | 0 | err = assuan_transact (ctx, line, dns_cert_data_cb, &parm, |
1276 | 0 | NULL, NULL, ks_status_cb, &stparm); |
1277 | 0 | if (gpg_err_code (err) == GPG_ERR_ENOSPC) |
1278 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
1279 | 0 | if (err) |
1280 | 0 | goto leave; |
1281 | | |
1282 | 0 | if (r_key) |
1283 | 0 | { |
1284 | 0 | es_rewind (parm.memfp); |
1285 | 0 | *r_key = parm.memfp; |
1286 | 0 | parm.memfp = NULL; |
1287 | 0 | } |
1288 | |
|
1289 | 0 | if (r_url) |
1290 | 0 | { |
1291 | 0 | *r_url = stparm.source; |
1292 | 0 | stparm.source = NULL; |
1293 | 0 | } |
1294 | |
|
1295 | 0 | leave: |
1296 | 0 | xfree (stparm.source); |
1297 | 0 | xfree (parm.fpr); |
1298 | 0 | xfree (parm.url); |
1299 | 0 | es_fclose (parm.memfp); |
1300 | 0 | xfree (line); |
1301 | 0 | close_context (ctrl, ctx); |
1302 | 0 | return err; |
1303 | 0 | } |