/src/gnupg/g10/call-dirmngr.c
Line | Count | Source |
1 | | /* call-dirmngr.c - GPG operations to the Dirmngr. |
2 | | * Copyright (C) 2011 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2015 g10 Code GmbH |
4 | | * |
5 | | * This file is part of GnuPG. |
6 | | * |
7 | | * GnuPG is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation; either version 3 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * GnuPG is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
19 | | */ |
20 | | |
21 | | #include <config.h> |
22 | | #include <stdio.h> |
23 | | #include <stdlib.h> |
24 | | #include <string.h> |
25 | | #include <errno.h> |
26 | | #include <unistd.h> |
27 | | #include <time.h> |
28 | | #ifdef HAVE_LOCALE_H |
29 | | # include <locale.h> |
30 | | #endif |
31 | | |
32 | | #include "gpg.h" |
33 | | #include <assuan.h> |
34 | | #include "../common/util.h" |
35 | | #include "../common/membuf.h" |
36 | | #include "options.h" |
37 | | #include "../common/i18n.h" |
38 | | #include "../common/asshelp.h" |
39 | | #include "../common/status.h" |
40 | | #include "keyserver-internal.h" |
41 | | #include "call-dirmngr.h" |
42 | | |
43 | | |
44 | | /* Keys retrieved from the web key directory should be small. There |
45 | | * is only one UID and we can expect that the number of subkeys is |
46 | | * reasonable. So we set a generous limit of 256 KiB. */ |
47 | 0 | #define MAX_WKD_RESULT_LENGTH (256 * 1024) |
48 | | |
49 | | |
50 | | /* Parameter structure used to gather status info. Note that it is |
51 | | * also used for WKD requests. */ |
52 | | struct ks_status_parm_s |
53 | | { |
54 | | const char *keyword; /* Look for this keyword or NULL for "SOURCE". */ |
55 | | char *source; |
56 | | }; |
57 | | |
58 | | |
59 | | /* Parameter structure used with the KS_SEARCH command. */ |
60 | | struct ks_search_parm_s |
61 | | { |
62 | | gpg_error_t lasterr; /* Last error code. */ |
63 | | membuf_t saveddata; /* Buffer to build complete lines. */ |
64 | | char *helpbuf; /* NULL or malloced buffer. */ |
65 | | size_t helpbufsize; /* Allocated size of HELPBUF. */ |
66 | | gpg_error_t (*data_cb)(void*, int, char*); /* Callback. */ |
67 | | void *data_cb_value; /* First argument for DATA_CB. */ |
68 | | struct ks_status_parm_s *stparm; /* Link to the status parameter. */ |
69 | | }; |
70 | | |
71 | | |
72 | | /* Parameter structure used with the KS_GET command. */ |
73 | | struct ks_get_parm_s |
74 | | { |
75 | | estream_t memfp; |
76 | | }; |
77 | | |
78 | | |
79 | | /* Parameter structure used with the KS_PUT command. */ |
80 | | struct ks_put_parm_s |
81 | | { |
82 | | assuan_context_t ctx; |
83 | | kbnode_t keyblock; /* The optional keyblock. */ |
84 | | const void *data; /* The key in OpenPGP binary format. */ |
85 | | size_t datalen; /* The length of DATA. */ |
86 | | }; |
87 | | |
88 | | |
89 | | /* Parameter structure used with the DNS_CERT command. */ |
90 | | struct dns_cert_parm_s |
91 | | { |
92 | | estream_t memfp; |
93 | | unsigned char *fpr; |
94 | | size_t fprlen; |
95 | | char *url; |
96 | | }; |
97 | | |
98 | | |
99 | | /* Data used to associate an session with dirmngr contexts. We can't |
100 | | use a simple one to one mapping because we sometimes need two |
101 | | connections to the dirmngr; for example while doing a listing and |
102 | | being in a data callback we may want to retrieve a key. The local |
103 | | dirmngr data takes care of this. At the end of the session the |
104 | | function dirmngr_deinit_session_data is called by gpg.c to cleanup |
105 | | these resources. Note that gpg.h defines a typedef dirmngr_local_t |
106 | | for this structure. */ |
107 | | struct dirmngr_local_s |
108 | | { |
109 | | /* Link to other contexts which are used simultaneously. */ |
110 | | struct dirmngr_local_s *next; |
111 | | |
112 | | /* The active Assuan context. */ |
113 | | assuan_context_t ctx; |
114 | | |
115 | | /* Flag set when the keyserver names have been send. */ |
116 | | int set_keyservers_done; |
117 | | |
118 | | /* Flag set to true while an operation is running on CTX. */ |
119 | | int is_active; |
120 | | }; |
121 | | |
122 | | |
123 | | � |
124 | | /* Deinitialize all session data of dirmngr pertaining to CTRL. */ |
125 | | void |
126 | | gpg_dirmngr_deinit_session_data (ctrl_t ctrl) |
127 | 30.3k | { |
128 | 30.3k | dirmngr_local_t dml; |
129 | | |
130 | 30.3k | while ((dml = ctrl->dirmngr_local)) |
131 | 0 | { |
132 | 0 | ctrl->dirmngr_local = dml->next; |
133 | 0 | if (dml->is_active) |
134 | 0 | log_error ("oops: trying to cleanup an active dirmngr context\n"); |
135 | 0 | else |
136 | 0 | assuan_release (dml->ctx); |
137 | 0 | xfree (dml); |
138 | 0 | } |
139 | 30.3k | } |
140 | | |
141 | | |
142 | | /* Print a warning if the server's version number is less than our |
143 | | version number. Returns an error code on a connection problem. */ |
144 | | static gpg_error_t |
145 | | warn_version_mismatch (assuan_context_t ctx, const char *servername) |
146 | 0 | { |
147 | 0 | return warn_server_version_mismatch (ctx, servername, 0, |
148 | 0 | write_status_strings2, NULL, |
149 | 0 | !opt.quiet); |
150 | 0 | } |
151 | | |
152 | | |
153 | | /* Try to connect to the Dirmngr via a socket or spawn it if possible. |
154 | | Handle the server's initial greeting and set global options. */ |
155 | | static gpg_error_t |
156 | | create_context (ctrl_t ctrl, assuan_context_t *r_ctx) |
157 | 0 | { |
158 | 0 | gpg_error_t err; |
159 | 0 | assuan_context_t ctx; |
160 | |
|
161 | 0 | *r_ctx = NULL; |
162 | |
|
163 | 0 | if (opt.disable_dirmngr) |
164 | 0 | return gpg_error (GPG_ERR_NO_DIRMNGR); |
165 | | |
166 | 0 | err = start_new_dirmngr (&ctx, |
167 | 0 | GPG_ERR_SOURCE_DEFAULT, |
168 | 0 | opt.dirmngr_program, |
169 | 0 | opt.autostart?ASSHELP_FLAG_AUTOSTART:0, |
170 | 0 | opt.verbose, DBG_IPC, |
171 | 0 | NULL /*gpg_status2*/, ctrl); |
172 | 0 | if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR) |
173 | 0 | { |
174 | 0 | static int shown; |
175 | |
|
176 | 0 | if (!shown) |
177 | 0 | { |
178 | 0 | shown = 1; |
179 | 0 | log_info (_("no dirmngr running in this session\n")); |
180 | 0 | } |
181 | 0 | } |
182 | 0 | else if (!err && !(err = warn_version_mismatch (ctx, DIRMNGR_NAME))) |
183 | 0 | { |
184 | 0 | char *line; |
185 | | |
186 | | /* Tell the dirmngr that we want to collect audit event. */ |
187 | | /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */ |
188 | | /* NULL, NULL, NULL, NULL, NULL, NULL); */ |
189 | 0 | if (opt.keyserver_options.http_proxy) |
190 | 0 | { |
191 | 0 | line = xtryasprintf ("OPTION http-proxy=%s", |
192 | 0 | opt.keyserver_options.http_proxy); |
193 | 0 | if (!line) |
194 | 0 | err = gpg_error_from_syserror (); |
195 | 0 | else |
196 | 0 | { |
197 | 0 | err = assuan_transact (ctx, line, NULL, NULL, NULL, |
198 | 0 | NULL, NULL, NULL); |
199 | 0 | xfree (line); |
200 | 0 | } |
201 | 0 | } |
202 | |
|
203 | 0 | if (err) |
204 | 0 | ; |
205 | 0 | else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL)) |
206 | 0 | { |
207 | | /* Tell the dirmngr that this possibly privacy invading |
208 | | option is in use. If Dirmngr is running in Tor mode, it |
209 | | will return an error. */ |
210 | 0 | err = assuan_transact (ctx, "OPTION honor-keyserver-url-used", |
211 | 0 | NULL, NULL, NULL, NULL, NULL, NULL); |
212 | 0 | if (gpg_err_code (err) == GPG_ERR_FORBIDDEN) |
213 | 0 | log_error (_("keyserver option \"honor-keyserver-url\"" |
214 | 0 | " may not be used in Tor mode\n")); |
215 | 0 | else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION) |
216 | 0 | err = 0; /* Old dirmngr versions do not support this option. */ |
217 | 0 | } |
218 | 0 | } |
219 | |
|
220 | 0 | if (err) |
221 | 0 | assuan_release (ctx); |
222 | 0 | else |
223 | 0 | { |
224 | | /* audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); */ |
225 | 0 | *r_ctx = ctx; |
226 | 0 | } |
227 | |
|
228 | 0 | return err; |
229 | 0 | } |
230 | | |
231 | | |
232 | | /* Get a context for accessing dirmngr. If no context is available a |
233 | | new one is created and - if required - dirmngr started. On success |
234 | | an assuan context is stored at R_CTX. This context may only be |
235 | | released by means of close_context. Note that NULL is stored at |
236 | | R_CTX on error. */ |
237 | | static gpg_error_t |
238 | | open_context (ctrl_t ctrl, assuan_context_t *r_ctx) |
239 | 0 | { |
240 | 0 | gpg_error_t err; |
241 | 0 | dirmngr_local_t dml; |
242 | |
|
243 | 0 | *r_ctx = NULL; |
244 | 0 | for (;;) |
245 | 0 | { |
246 | 0 | for (dml = ctrl->dirmngr_local; dml && dml->is_active; dml = dml->next) |
247 | 0 | ; |
248 | 0 | if (dml) |
249 | 0 | { |
250 | | /* Found an inactive local session - return that. */ |
251 | 0 | log_assert (!dml->is_active); |
252 | | |
253 | | /* But first do the per session init if not yet done. */ |
254 | 0 | if (!dml->set_keyservers_done) |
255 | 0 | { |
256 | 0 | keyserver_spec_t ksi; |
257 | | |
258 | | /* Set all configured keyservers. We clear existing |
259 | | keyservers so that any keyserver configured in GPG |
260 | | overrides keyservers possibly still configured in Dirmngr |
261 | | for the session (Note that the keyserver list of a |
262 | | session in Dirmngr survives a RESET. */ |
263 | 0 | for (ksi = opt.keyserver; ksi; ksi = ksi->next) |
264 | 0 | { |
265 | 0 | char *line; |
266 | |
|
267 | 0 | line = xtryasprintf |
268 | 0 | ("KEYSERVER%s %s", |
269 | 0 | ksi == opt.keyserver? " --clear":"", ksi->uri); |
270 | 0 | if (!line) |
271 | 0 | err = gpg_error_from_syserror (); |
272 | 0 | else |
273 | 0 | { |
274 | 0 | err = assuan_transact (dml->ctx, line, NULL, NULL, NULL, |
275 | 0 | NULL, NULL, NULL); |
276 | 0 | xfree (line); |
277 | 0 | } |
278 | |
|
279 | 0 | if (err) |
280 | 0 | return err; |
281 | 0 | } |
282 | | |
283 | 0 | dml->set_keyservers_done = 1; |
284 | 0 | } |
285 | | |
286 | 0 | dml->is_active = 1; |
287 | |
|
288 | 0 | *r_ctx = dml->ctx; |
289 | 0 | return 0; |
290 | 0 | } |
291 | | |
292 | 0 | dml = xtrycalloc (1, sizeof *dml); |
293 | 0 | if (!dml) |
294 | 0 | return gpg_error_from_syserror (); |
295 | 0 | err = create_context (ctrl, &dml->ctx); |
296 | 0 | if (err) |
297 | 0 | { |
298 | 0 | xfree (dml); |
299 | 0 | return err; |
300 | 0 | } |
301 | | |
302 | | /* To be on the nPth thread safe site we need to add it to a |
303 | | list; this is far easier than to have a lock for this |
304 | | function. It should not happen anyway but the code is free |
305 | | because we need it for the is_active check above. */ |
306 | 0 | dml->next = ctrl->dirmngr_local; |
307 | 0 | ctrl->dirmngr_local = dml; |
308 | 0 | } |
309 | 0 | } |
310 | | |
311 | | |
312 | | /* Close the assuan context CTX or return it to a pool of unused |
313 | | contexts. If CTX is NULL, the function does nothing. */ |
314 | | static void |
315 | | close_context (ctrl_t ctrl, assuan_context_t ctx) |
316 | 0 | { |
317 | 0 | dirmngr_local_t dml; |
318 | |
|
319 | 0 | if (!ctx) |
320 | 0 | return; |
321 | | |
322 | 0 | for (dml = ctrl->dirmngr_local; dml; dml = dml->next) |
323 | 0 | { |
324 | 0 | if (dml->ctx == ctx) |
325 | 0 | { |
326 | 0 | if (!dml->is_active) |
327 | 0 | log_fatal ("closing inactive dirmngr context %p\n", ctx); |
328 | 0 | dml->is_active = 0; |
329 | 0 | return; |
330 | 0 | } |
331 | 0 | } |
332 | 0 | log_fatal ("closing unknown dirmngr ctx %p\n", ctx); |
333 | 0 | } |
334 | | |
335 | | |
336 | | /* Clear the set_keyservers_done flag on context CTX. */ |
337 | | static void |
338 | | clear_context_flags (ctrl_t ctrl, assuan_context_t ctx) |
339 | 0 | { |
340 | 0 | dirmngr_local_t dml; |
341 | |
|
342 | 0 | if (!ctx) |
343 | 0 | return; |
344 | | |
345 | 0 | for (dml = ctrl->dirmngr_local; dml; dml = dml->next) |
346 | 0 | { |
347 | 0 | if (dml->ctx == ctx) |
348 | 0 | { |
349 | 0 | if (!dml->is_active) |
350 | 0 | log_fatal ("clear_context_flags on inactive dirmngr ctx %p\n", ctx); |
351 | 0 | dml->set_keyservers_done = 0; |
352 | 0 | return; |
353 | 0 | } |
354 | 0 | } |
355 | 0 | log_fatal ("clear_context_flags on unknown dirmngr ctx %p\n", ctx); |
356 | 0 | } |
357 | | |
358 | | |
359 | | � |
360 | | /* Status callback for ks_list, ks_get, ks_search, and wkd_get */ |
361 | | static gpg_error_t |
362 | | ks_status_cb (void *opaque, const char *line) |
363 | 0 | { |
364 | 0 | struct ks_status_parm_s *parm = opaque; |
365 | 0 | gpg_error_t err = 0; |
366 | 0 | const char *s, *s2; |
367 | 0 | const char *warn = NULL; |
368 | 0 | int is_note = 0; |
369 | 0 | char *p; |
370 | |
|
371 | 0 | if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE"))) |
372 | 0 | { |
373 | | /* Note that the arg for "S SOURCE" is the URL of a keyserver. */ |
374 | 0 | if (!parm->source) |
375 | 0 | { |
376 | 0 | parm->source = xtrystrdup (s); |
377 | 0 | if (!parm->source) |
378 | 0 | err = gpg_error_from_syserror (); |
379 | 0 | else |
380 | 0 | { |
381 | 0 | p = strchr (parm->source, ':'); |
382 | 0 | if (p && p[1] == '/' && p[2] == '/') |
383 | 0 | { |
384 | | /* This is a real URL like "ldap://foo:389/bla,bla" |
385 | | * Strip off the local part. */ |
386 | 0 | if ((p = strchr (p+3, '/'))) |
387 | 0 | *p = 0; |
388 | 0 | } |
389 | 0 | else |
390 | 0 | { |
391 | | /* This is an LDAP config entry like |
392 | | * "foo:389:user:pass:base:flags" |
393 | | * we strip off everything beyond the port. */ |
394 | 0 | if ((p = strchr (p+1, ':'))) |
395 | 0 | { |
396 | 0 | if (p[-1] == ':') |
397 | 0 | p[-1] = 0; /* No port given. */ |
398 | 0 | else |
399 | 0 | *p = 0; |
400 | 0 | } |
401 | 0 | } |
402 | 0 | } |
403 | 0 | } |
404 | 0 | } |
405 | 0 | else if ((s = has_leading_keyword (line, "WARNING")) |
406 | 0 | || (is_note = !!(s = has_leading_keyword (line, "NOTE")))) |
407 | 0 | { |
408 | 0 | if ((s2 = has_leading_keyword (s, "wkd_cached_result"))) |
409 | 0 | { |
410 | 0 | if (opt.verbose) |
411 | 0 | warn = _("WKD uses a cached result"); |
412 | 0 | } |
413 | 0 | else if ((s2 = has_leading_keyword (s, "tor_not_running"))) |
414 | 0 | warn = _("Tor is not running"); |
415 | 0 | else if ((s2 = has_leading_keyword (s, "tor_config_problem"))) |
416 | 0 | warn = _("Tor is not properly configured"); |
417 | 0 | else if ((s2 = has_leading_keyword (s, "dns_config_problem"))) |
418 | 0 | warn = _("DNS is not properly configured"); |
419 | 0 | else if ((s2 = has_leading_keyword (s, "http_redirect"))) |
420 | 0 | warn = _("unacceptable HTTP redirect from server"); |
421 | 0 | else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup"))) |
422 | 0 | warn = _("unacceptable HTTP redirect from server was cleaned up"); |
423 | 0 | else if ((s2 = has_leading_keyword (s, "tls_cert_error"))) |
424 | 0 | warn = _("server uses an invalid certificate"); |
425 | 0 | else |
426 | 0 | warn = NULL; |
427 | |
|
428 | 0 | if (warn) |
429 | 0 | { |
430 | 0 | if (is_note) |
431 | 0 | log_info (_("Note: %s\n"), warn); |
432 | 0 | else |
433 | 0 | log_info (_("WARNING: %s\n"), warn); |
434 | 0 | if (s2) |
435 | 0 | { |
436 | 0 | while (*s2 && !spacep (s2)) |
437 | 0 | s2++; |
438 | 0 | while (*s2 && spacep (s2)) |
439 | 0 | s2++; |
440 | 0 | if (*s2) |
441 | 0 | print_further_info ("%s", s2); |
442 | 0 | } |
443 | 0 | } |
444 | 0 | } |
445 | |
|
446 | 0 | return err; |
447 | 0 | } |
448 | | |
449 | | |
450 | | � |
451 | | /* Run the "KEYSERVER" command to return the name of the used |
452 | | * keyserver at R_KEYSERVER. This function returns the first |
453 | | * keyserver; it should be extended to handle multiple keyservers or |
454 | | * we disallow the use of several keyservers. */ |
455 | | gpg_error_t |
456 | | gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver) |
457 | 0 | { |
458 | 0 | gpg_error_t err; |
459 | 0 | assuan_context_t ctx; |
460 | 0 | struct ks_status_parm_s stparm; |
461 | |
|
462 | 0 | memset (&stparm, 0, sizeof stparm); |
463 | 0 | stparm.keyword = "KEYSERVER"; |
464 | 0 | if (r_keyserver) |
465 | 0 | *r_keyserver = NULL; |
466 | |
|
467 | 0 | err = open_context (ctrl, &ctx); |
468 | 0 | if (err) |
469 | 0 | return err; |
470 | | |
471 | 0 | err = assuan_transact (ctx, "KEYSERVER", NULL, NULL, |
472 | 0 | NULL, NULL, ks_status_cb, &stparm); |
473 | 0 | if (err) |
474 | 0 | goto leave; |
475 | 0 | if (!stparm.source) |
476 | 0 | { |
477 | 0 | err = gpg_error (GPG_ERR_NO_KEYSERVER); |
478 | 0 | goto leave; |
479 | 0 | } |
480 | | |
481 | 0 | if (r_keyserver) |
482 | 0 | *r_keyserver = stparm.source; |
483 | 0 | else |
484 | 0 | xfree (stparm.source); |
485 | 0 | stparm.source = NULL; |
486 | |
|
487 | 0 | leave: |
488 | 0 | xfree (stparm.source); |
489 | 0 | close_context (ctrl, ctx); |
490 | 0 | return err; |
491 | 0 | } |
492 | | |
493 | | |
494 | | � |
495 | | /* Data callback for the KS_SEARCH command. */ |
496 | | static gpg_error_t |
497 | | ks_search_data_cb (void *opaque, const void *data, size_t datalen) |
498 | 0 | { |
499 | 0 | gpg_error_t err = 0; |
500 | 0 | struct ks_search_parm_s *parm = opaque; |
501 | 0 | const char *line, *s; |
502 | 0 | size_t rawlen, linelen; |
503 | 0 | char fixedbuf[256]; |
504 | |
|
505 | 0 | if (parm->lasterr) |
506 | 0 | return 0; |
507 | | |
508 | 0 | if (parm->stparm->source) |
509 | 0 | { |
510 | 0 | err = parm->data_cb (parm->data_cb_value, 1, parm->stparm->source); |
511 | 0 | if (err) |
512 | 0 | { |
513 | 0 | parm->lasterr = err; |
514 | 0 | return err; |
515 | 0 | } |
516 | | /* Clear it so that we won't get back here unless the server |
517 | | accidentally sends a second source status line. Note that |
518 | | will not see all accidentally sent source lines because it |
519 | | depends on whether data lines have been send in between. */ |
520 | 0 | xfree (parm->stparm->source); |
521 | 0 | parm->stparm->source = NULL; |
522 | 0 | } |
523 | | |
524 | 0 | if (!data) |
525 | 0 | return 0; /* Ignore END commands. */ |
526 | | |
527 | 0 | put_membuf (&parm->saveddata, data, datalen); |
528 | |
|
529 | 0 | again: |
530 | 0 | line = peek_membuf (&parm->saveddata, &rawlen); |
531 | 0 | if (!line) |
532 | 0 | { |
533 | 0 | parm->lasterr = gpg_error_from_syserror (); |
534 | 0 | return parm->lasterr; /* Tell the server about our problem. */ |
535 | 0 | } |
536 | 0 | if ((s = memchr (line, '\n', rawlen))) |
537 | 0 | { |
538 | 0 | linelen = s - line; /* That is the length excluding the LF. */ |
539 | 0 | if (linelen + 1 < sizeof fixedbuf) |
540 | 0 | { |
541 | | /* We can use the static buffer. */ |
542 | 0 | memcpy (fixedbuf, line, linelen); |
543 | 0 | fixedbuf[linelen] = 0; |
544 | 0 | if (linelen && fixedbuf[linelen-1] == '\r') |
545 | 0 | fixedbuf[linelen-1] = 0; |
546 | 0 | err = parm->data_cb (parm->data_cb_value, 0, fixedbuf); |
547 | 0 | } |
548 | 0 | else |
549 | 0 | { |
550 | 0 | if (linelen + 1 >= parm->helpbufsize) |
551 | 0 | { |
552 | 0 | xfree (parm->helpbuf); |
553 | 0 | parm->helpbufsize = linelen + 1 + 1024; |
554 | 0 | parm->helpbuf = xtrymalloc (parm->helpbufsize); |
555 | 0 | if (!parm->helpbuf) |
556 | 0 | { |
557 | 0 | parm->lasterr = gpg_error_from_syserror (); |
558 | 0 | return parm->lasterr; |
559 | 0 | } |
560 | 0 | } |
561 | 0 | memcpy (parm->helpbuf, line, linelen); |
562 | 0 | parm->helpbuf[linelen] = 0; |
563 | 0 | if (linelen && parm->helpbuf[linelen-1] == '\r') |
564 | 0 | parm->helpbuf[linelen-1] = 0; |
565 | 0 | err = parm->data_cb (parm->data_cb_value, 0, parm->helpbuf); |
566 | 0 | } |
567 | 0 | if (err) |
568 | 0 | parm->lasterr = err; |
569 | 0 | else |
570 | 0 | { |
571 | 0 | clear_membuf (&parm->saveddata, linelen+1); |
572 | 0 | goto again; /* There might be another complete line. */ |
573 | 0 | } |
574 | 0 | } |
575 | | |
576 | 0 | return err; |
577 | 0 | } |
578 | | |
579 | | |
580 | | /* Run the KS_SEARCH command using the search string SEARCHSTR. All |
581 | | data lines are passed to the CB function. That function is called |
582 | | with CB_VALUE as its first argument, a 0 as second argument, and |
583 | | the decoded data line as third argument. The callback function may |
584 | | modify the data line and it is guaranteed that this data line is a |
585 | | complete line with a terminating 0 character but without the |
586 | | linefeed. NULL is passed to the callback to indicate EOF. */ |
587 | | gpg_error_t |
588 | | gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr, |
589 | | gpg_error_t (*cb)(void*, int, char *), void *cb_value) |
590 | 0 | { |
591 | 0 | gpg_error_t err; |
592 | 0 | assuan_context_t ctx; |
593 | 0 | struct ks_status_parm_s stparm; |
594 | 0 | struct ks_search_parm_s parm; |
595 | 0 | char line[ASSUAN_LINELENGTH]; |
596 | |
|
597 | 0 | err = open_context (ctrl, &ctx); |
598 | 0 | if (err) |
599 | 0 | return err; |
600 | | |
601 | 0 | { |
602 | 0 | char *escsearchstr = percent_plus_escape (searchstr); |
603 | 0 | if (!escsearchstr) |
604 | 0 | { |
605 | 0 | err = gpg_error_from_syserror (); |
606 | 0 | close_context (ctrl, ctx); |
607 | 0 | return err; |
608 | 0 | } |
609 | 0 | snprintf (line, sizeof line, "KS_SEARCH -- %s", escsearchstr); |
610 | 0 | xfree (escsearchstr); |
611 | 0 | } |
612 | | |
613 | 0 | memset (&stparm, 0, sizeof stparm); |
614 | 0 | memset (&parm, 0, sizeof parm); |
615 | 0 | init_membuf (&parm.saveddata, 1024); |
616 | 0 | parm.data_cb = cb; |
617 | 0 | parm.data_cb_value = cb_value; |
618 | 0 | parm.stparm = &stparm; |
619 | |
|
620 | 0 | err = assuan_transact (ctx, line, ks_search_data_cb, &parm, |
621 | 0 | NULL, NULL, ks_status_cb, &stparm); |
622 | 0 | if (!err) |
623 | 0 | err = cb (cb_value, 0, NULL); /* Send EOF. */ |
624 | 0 | else if (parm.stparm->source) |
625 | 0 | { |
626 | | /* Error but we received a SOURCE status. Tell via callback but |
627 | | * ignore errors. */ |
628 | 0 | parm.data_cb (parm.data_cb_value, 1, parm.stparm->source); |
629 | 0 | } |
630 | |
|
631 | 0 | xfree (get_membuf (&parm.saveddata, NULL)); |
632 | 0 | xfree (parm.helpbuf); |
633 | 0 | xfree (stparm.source); |
634 | |
|
635 | 0 | close_context (ctrl, ctx); |
636 | 0 | return err; |
637 | 0 | } |
638 | | |
639 | | |
640 | | � |
641 | | /* Data callback for the KS_GET and KS_FETCH commands. */ |
642 | | static gpg_error_t |
643 | | ks_get_data_cb (void *opaque, const void *data, size_t datalen) |
644 | 0 | { |
645 | 0 | gpg_error_t err = 0; |
646 | 0 | struct ks_get_parm_s *parm = opaque; |
647 | 0 | size_t nwritten; |
648 | |
|
649 | 0 | if (!data) |
650 | 0 | return 0; /* Ignore END commands. */ |
651 | | |
652 | 0 | if (es_write (parm->memfp, data, datalen, &nwritten)) |
653 | 0 | err = gpg_error_from_syserror (); |
654 | |
|
655 | 0 | return err; |
656 | 0 | } |
657 | | |
658 | | |
659 | | /* Run the KS_GET command using the patterns in the array PATTERN. On |
660 | | success an estream object is returned to retrieve the keys. On |
661 | | error an error code is returned and NULL stored at R_FP. |
662 | | |
663 | | The pattern may only use search specification which a keyserver can |
664 | | use to retrieve keys. Because we know the format of the pattern we |
665 | | don't need to escape the patterns before sending them to the |
666 | | server. |
667 | | |
668 | | Bit values for FLAGS are: |
669 | | - KEYSERVER_IMPORT_FLAG_QUICK :: dirmngr shall use a shorter timeout. |
670 | | - KEYSERVER_IMPORT_FLAG_LDAP :: dirmngr shall only use LDAP or NTDS. |
671 | | |
672 | | If R_SOURCE is not NULL the source of the data is stored as a |
673 | | malloced string there. If a source is not known NULL is stored. |
674 | | Note that this may even be returned after an error. |
675 | | |
676 | | If there are too many patterns the function returns an error. That |
677 | | could be fixed by issuing several search commands or by |
678 | | implementing a different interface. However with long keyids we |
679 | | are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */ |
680 | | gpg_error_t |
681 | | gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern, |
682 | | keyserver_spec_t override_keyserver, |
683 | | unsigned int flags, |
684 | | estream_t *r_fp, char **r_source) |
685 | 0 | { |
686 | 0 | gpg_error_t err; |
687 | 0 | assuan_context_t ctx; |
688 | 0 | struct ks_status_parm_s stparm; |
689 | 0 | struct ks_get_parm_s parm; |
690 | 0 | char *line = NULL; |
691 | 0 | size_t linelen; |
692 | 0 | membuf_t mb; |
693 | 0 | int idx; |
694 | |
|
695 | 0 | memset (&stparm, 0, sizeof stparm); |
696 | 0 | memset (&parm, 0, sizeof parm); |
697 | |
|
698 | 0 | *r_fp = NULL; |
699 | 0 | if (r_source) |
700 | 0 | *r_source = NULL; |
701 | |
|
702 | 0 | err = open_context (ctrl, &ctx); |
703 | 0 | if (err) |
704 | 0 | return err; |
705 | | |
706 | | /* If we have an override keyserver we first indicate that the next |
707 | | user of the context needs to again setup the global keyservers and |
708 | | then we send the override keyserver. */ |
709 | 0 | if (override_keyserver) |
710 | 0 | { |
711 | 0 | clear_context_flags (ctrl, ctx); |
712 | 0 | line = xtryasprintf ("KEYSERVER --clear %s", override_keyserver->uri); |
713 | 0 | if (!line) |
714 | 0 | { |
715 | 0 | err = gpg_error_from_syserror (); |
716 | 0 | goto leave; |
717 | 0 | } |
718 | 0 | err = assuan_transact (ctx, line, NULL, NULL, NULL, |
719 | 0 | NULL, NULL, NULL); |
720 | 0 | if (err) |
721 | 0 | goto leave; |
722 | | |
723 | 0 | xfree (line); |
724 | 0 | line = NULL; |
725 | 0 | } |
726 | | |
727 | | /* Lump all patterns into one string. */ |
728 | 0 | init_membuf (&mb, 1024); |
729 | 0 | put_membuf_str (&mb, "KS_GET"); |
730 | 0 | if ((flags & KEYSERVER_IMPORT_FLAG_QUICK)) |
731 | 0 | put_membuf_str (&mb, " --quick"); |
732 | 0 | if ((flags & KEYSERVER_IMPORT_FLAG_LDAP)) |
733 | 0 | put_membuf_str (&mb, " --ldap"); |
734 | 0 | put_membuf_str (&mb, " --"); |
735 | 0 | for (idx=0; pattern[idx]; idx++) |
736 | 0 | { |
737 | 0 | put_membuf (&mb, " ", 1); /* Append Delimiter. */ |
738 | 0 | put_membuf_str (&mb, pattern[idx]); |
739 | 0 | } |
740 | 0 | put_membuf (&mb, "", 1); /* Append Nul. */ |
741 | 0 | line = get_membuf (&mb, &linelen); |
742 | 0 | if (!line) |
743 | 0 | { |
744 | 0 | err = gpg_error_from_syserror (); |
745 | 0 | goto leave; |
746 | 0 | } |
747 | 0 | if (linelen + 2 >= ASSUAN_LINELENGTH) |
748 | 0 | { |
749 | 0 | err = gpg_error (GPG_ERR_TOO_MANY); |
750 | 0 | goto leave; |
751 | 0 | } |
752 | | |
753 | 0 | parm.memfp = es_fopenmem (0, "rwb"); |
754 | 0 | if (!parm.memfp) |
755 | 0 | { |
756 | 0 | err = gpg_error_from_syserror (); |
757 | 0 | goto leave; |
758 | 0 | } |
759 | 0 | err = assuan_transact (ctx, line, ks_get_data_cb, &parm, |
760 | 0 | NULL, NULL, ks_status_cb, &stparm); |
761 | 0 | if (err) |
762 | 0 | goto leave; |
763 | | |
764 | 0 | es_rewind (parm.memfp); |
765 | 0 | *r_fp = parm.memfp; |
766 | 0 | parm.memfp = NULL; |
767 | | |
768 | |
|
769 | 0 | leave: |
770 | 0 | if (r_source && stparm.source) |
771 | 0 | { |
772 | 0 | *r_source = stparm.source; |
773 | 0 | stparm.source = NULL; |
774 | 0 | } |
775 | 0 | es_fclose (parm.memfp); |
776 | 0 | xfree (stparm.source); |
777 | 0 | xfree (line); |
778 | 0 | close_context (ctrl, ctx); |
779 | 0 | return err; |
780 | 0 | } |
781 | | |
782 | | |
783 | | /* Run the KS_FETCH and pass URL as argument. On success an estream |
784 | | object is returned to retrieve the keys. On error an error code is |
785 | | returned and NULL stored at R_FP. |
786 | | |
787 | | The url is expected to point to a small set of keys; in many cases |
788 | | only to one key. However, schemes like finger may return several |
789 | | keys. Note that the configured keyservers are ignored by the |
790 | | KS_FETCH command. */ |
791 | | gpg_error_t |
792 | | gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) |
793 | 0 | { |
794 | 0 | gpg_error_t err; |
795 | 0 | assuan_context_t ctx; |
796 | 0 | struct ks_get_parm_s parm; |
797 | 0 | char *line = NULL; |
798 | |
|
799 | 0 | memset (&parm, 0, sizeof parm); |
800 | |
|
801 | 0 | *r_fp = NULL; |
802 | |
|
803 | 0 | err = open_context (ctrl, &ctx); |
804 | 0 | if (err) |
805 | 0 | return err; |
806 | | |
807 | 0 | line = strconcat ("KS_FETCH -- ", url, NULL); |
808 | 0 | if (!line) |
809 | 0 | { |
810 | 0 | err = gpg_error_from_syserror (); |
811 | 0 | goto leave; |
812 | 0 | } |
813 | 0 | if (strlen (line) + 2 >= ASSUAN_LINELENGTH) |
814 | 0 | { |
815 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
816 | 0 | goto leave; |
817 | 0 | } |
818 | | |
819 | 0 | parm.memfp = es_fopenmem (0, "rwb"); |
820 | 0 | if (!parm.memfp) |
821 | 0 | { |
822 | 0 | err = gpg_error_from_syserror (); |
823 | 0 | goto leave; |
824 | 0 | } |
825 | 0 | err = assuan_transact (ctx, line, ks_get_data_cb, &parm, |
826 | 0 | NULL, NULL, NULL, NULL); |
827 | 0 | if (err) |
828 | 0 | goto leave; |
829 | | |
830 | 0 | es_rewind (parm.memfp); |
831 | 0 | *r_fp = parm.memfp; |
832 | 0 | parm.memfp = NULL; |
833 | |
|
834 | 0 | leave: |
835 | 0 | es_fclose (parm.memfp); |
836 | 0 | xfree (line); |
837 | 0 | close_context (ctrl, ctx); |
838 | 0 | return err; |
839 | 0 | } |
840 | | |
841 | | |
842 | | � |
843 | | static void |
844 | | record_output (estream_t output, |
845 | | pkttype_t type, |
846 | | const char *validity, |
847 | | int pub_key_length, /* The public key length or -1. */ |
848 | | int pub_key_algo, /* The public key algo or -1. */ |
849 | | const u32 *keyid, /* 2 ulongs or NULL. */ |
850 | | u32 creation_date, /* The creation date or 0. */ |
851 | | u32 expiration_date, /* The expiration date or 0. */ |
852 | | const char *userid) /* The userid or NULL. */ |
853 | 0 | { |
854 | 0 | const char *type_str = NULL; |
855 | |
|
856 | 0 | switch (type) |
857 | 0 | { |
858 | 0 | case PKT_PUBLIC_KEY: |
859 | 0 | type_str = "pub"; |
860 | 0 | break; |
861 | 0 | case PKT_PUBLIC_SUBKEY: |
862 | 0 | type_str = "sub"; |
863 | 0 | break; |
864 | 0 | case PKT_USER_ID: |
865 | 0 | type_str = "uid"; |
866 | 0 | break; |
867 | 0 | case PKT_SIGNATURE: |
868 | 0 | type_str = "sig"; |
869 | 0 | break; |
870 | 0 | default: |
871 | 0 | log_assert (! "Unhandled type."); |
872 | 0 | } |
873 | 0 | es_fprintf (output, "%s:%s:", |
874 | 0 | type_str, |
875 | 0 | validity ? validity : ""); |
876 | |
|
877 | 0 | if (pub_key_length > 0) |
878 | 0 | es_fprintf (output, "%d", pub_key_length); |
879 | 0 | es_fputc (':', output); |
880 | |
|
881 | 0 | if (pub_key_algo != -1) |
882 | 0 | es_fprintf (output, "%d", pub_key_algo); |
883 | 0 | es_fputc (':', output); |
884 | |
|
885 | 0 | if (keyid) |
886 | 0 | es_fprintf (output, "%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]); |
887 | |
|
888 | 0 | es_fprintf (output, ":%s:", colon_strtime (creation_date)); |
889 | 0 | es_fprintf (output, "%s:::", colon_strtime (expiration_date)); |
890 | |
|
891 | 0 | if (userid) |
892 | 0 | es_write_sanitized (output, userid, strlen (userid), ":", NULL); |
893 | 0 | else |
894 | 0 | es_fputc (':', output); |
895 | 0 | es_fputs (":::::::::\n", output); |
896 | |
|
897 | 0 | } |
898 | | |
899 | | |
900 | | /* Handle the KS_PUT inquiries. */ |
901 | | static gpg_error_t |
902 | | ks_put_inq_cb (void *opaque, const char *line) |
903 | 0 | { |
904 | 0 | struct ks_put_parm_s *parm = opaque; |
905 | 0 | gpg_error_t err = 0; |
906 | |
|
907 | 0 | if (has_leading_keyword (line, "KEYBLOCK")) |
908 | 0 | { |
909 | 0 | if (parm->data) |
910 | 0 | err = assuan_send_data (parm->ctx, parm->data, parm->datalen); |
911 | 0 | } |
912 | 0 | else if (has_leading_keyword (line, "KEYBLOCK_INFO")) |
913 | 0 | { |
914 | 0 | kbnode_t node; |
915 | 0 | estream_t fp; |
916 | 0 | char hexfpr[2*MAX_FINGERPRINT_LEN+1]; |
917 | | |
918 | | /* Parse the keyblock and send info lines back to the server. */ |
919 | 0 | fp = es_fopenmem (0, "rw,samethread"); |
920 | 0 | if (!fp) |
921 | 0 | err = gpg_error_from_syserror (); |
922 | | |
923 | | /* Note: the output format for the INFO block follows the colon |
924 | | format as described in doc/DETAILS. We don't actually reuse |
925 | | the functionality from g10/keylist.c to produce the output, |
926 | | because we don't need all of it and some of it is quite |
927 | | expensive to generate. |
928 | | |
929 | | The fields are (the starred fields are the ones we need): |
930 | | |
931 | | * Field 1 - Type of record |
932 | | * Field 2 - Validity |
933 | | * Field 3 - Key length |
934 | | * Field 4 - Public key algorithm |
935 | | * Field 5 - KeyID |
936 | | * Field 6 - Creation date |
937 | | * Field 7 - Expiration date |
938 | | Field 8 - Certificate S/N, UID hash, trust signature info |
939 | | Field 9 - Ownertrust |
940 | | * Field 10 - User-ID |
941 | | Field 11 - Signature class |
942 | | Field 12 - Key capabilities |
943 | | Field 13 - Issuer certificate fingerprint or other info |
944 | | Field 14 - Flag field |
945 | | Field 15 - S/N of a token |
946 | | Field 16 - Hash algorithm |
947 | | Field 17 - Curve name |
948 | | */ |
949 | 0 | for (node = parm->keyblock; !err && node; node=node->next) |
950 | 0 | { |
951 | 0 | switch (node->pkt->pkttype) |
952 | 0 | { |
953 | 0 | case PKT_PUBLIC_KEY: |
954 | 0 | case PKT_PUBLIC_SUBKEY: |
955 | 0 | { |
956 | 0 | PKT_public_key *pk = node->pkt->pkt.public_key; |
957 | |
|
958 | 0 | char validity[3]; |
959 | 0 | int i; |
960 | |
|
961 | 0 | i = 0; |
962 | 0 | if (pk->flags.revoked) |
963 | 0 | validity[i ++] = 'r'; |
964 | 0 | if (pk->has_expired) |
965 | 0 | validity[i ++] = 'e'; |
966 | 0 | validity[i] = '\0'; |
967 | |
|
968 | 0 | keyid_from_pk (pk, NULL); |
969 | |
|
970 | 0 | record_output (fp, node->pkt->pkttype, validity, |
971 | 0 | nbits_from_pk (pk), pk->pubkey_algo, |
972 | 0 | pk->keyid, pk->timestamp, pk->expiredate, |
973 | 0 | NULL); |
974 | 0 | es_fprintf (fp, "fpr:::::::::%s:\n", |
975 | 0 | hexfingerprint (pk, hexfpr, sizeof hexfpr)); |
976 | 0 | } |
977 | 0 | break; |
978 | | |
979 | 0 | case PKT_USER_ID: |
980 | 0 | { |
981 | 0 | PKT_user_id *uid = node->pkt->pkt.user_id; |
982 | |
|
983 | 0 | if (!uid->attrib_data) |
984 | 0 | { |
985 | 0 | char validity[3]; |
986 | 0 | int i; |
987 | |
|
988 | 0 | i = 0; |
989 | 0 | if (uid->flags.revoked) |
990 | 0 | validity[i ++] = 'r'; |
991 | 0 | if (uid->flags.expired) |
992 | 0 | validity[i ++] = 'e'; |
993 | 0 | validity[i] = '\0'; |
994 | |
|
995 | 0 | record_output (fp, node->pkt->pkttype, validity, |
996 | 0 | -1, -1, NULL, |
997 | 0 | uid->created, uid->expiredate, |
998 | 0 | uid->name); |
999 | 0 | } |
1000 | 0 | } |
1001 | 0 | break; |
1002 | | |
1003 | 0 | default: |
1004 | 0 | continue; |
1005 | 0 | } |
1006 | | /* Given that the last operation was an es_fprintf we should |
1007 | | get the correct ERRNO if ferror indicates an error. */ |
1008 | 0 | if (es_ferror (fp)) |
1009 | 0 | err = gpg_error_from_syserror (); |
1010 | 0 | } |
1011 | | |
1012 | | /* Without an error and if we have an keyblock at all, send the |
1013 | | data back. */ |
1014 | 0 | if (!err && parm->keyblock) |
1015 | 0 | { |
1016 | 0 | int rc; |
1017 | 0 | char buffer[512]; |
1018 | 0 | size_t nread; |
1019 | |
|
1020 | 0 | es_rewind (fp); |
1021 | 0 | while (!(rc=es_read (fp, buffer, sizeof buffer, &nread)) && nread) |
1022 | 0 | { |
1023 | 0 | err = assuan_send_data (parm->ctx, buffer, nread); |
1024 | 0 | if (err) |
1025 | 0 | break; |
1026 | 0 | } |
1027 | 0 | if (!err && rc) |
1028 | 0 | err = gpg_error_from_syserror (); |
1029 | 0 | } |
1030 | 0 | es_fclose (fp); |
1031 | 0 | } |
1032 | 0 | else |
1033 | 0 | return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); |
1034 | | |
1035 | 0 | return err; |
1036 | 0 | } |
1037 | | |
1038 | | |
1039 | | /* Send a key to the configured server. {DATA,DATLEN} contains the |
1040 | | key in OpenPGP binary transport format. If KEYBLOCK is not NULL it |
1041 | | has the internal representation of that key; this is for example |
1042 | | used to convey meta data to LDAP keyservers. */ |
1043 | | gpg_error_t |
1044 | | gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock) |
1045 | 0 | { |
1046 | 0 | gpg_error_t err; |
1047 | 0 | assuan_context_t ctx; |
1048 | 0 | struct ks_put_parm_s parm; |
1049 | |
|
1050 | 0 | memset (&parm, 0, sizeof parm); |
1051 | | |
1052 | | /* We are going to parse the keyblock, thus we better make sure the |
1053 | | all information is readily available. */ |
1054 | 0 | if (keyblock) |
1055 | 0 | merge_keys_and_selfsig (ctrl, keyblock); |
1056 | |
|
1057 | 0 | err = open_context (ctrl, &ctx); |
1058 | 0 | if (err) |
1059 | 0 | return err; |
1060 | | |
1061 | 0 | parm.ctx = ctx; |
1062 | 0 | parm.keyblock = keyblock; |
1063 | 0 | parm.data = data; |
1064 | 0 | parm.datalen = datalen; |
1065 | |
|
1066 | 0 | err = assuan_transact (ctx, "KS_PUT", NULL, NULL, |
1067 | 0 | ks_put_inq_cb, &parm, NULL, NULL); |
1068 | |
|
1069 | 0 | close_context (ctrl, ctx); |
1070 | 0 | return err; |
1071 | 0 | } |
1072 | | |
1073 | | |
1074 | | � |
1075 | | /* Data callback for the DNS_CERT and WKD_GET commands. */ |
1076 | | static gpg_error_t |
1077 | | dns_cert_data_cb (void *opaque, const void *data, size_t datalen) |
1078 | 0 | { |
1079 | 0 | struct dns_cert_parm_s *parm = opaque; |
1080 | 0 | gpg_error_t err = 0; |
1081 | 0 | size_t nwritten; |
1082 | |
|
1083 | 0 | if (!data) |
1084 | 0 | return 0; /* Ignore END commands. */ |
1085 | 0 | if (!parm->memfp) |
1086 | 0 | return 0; /* Data is not required. */ |
1087 | | |
1088 | 0 | if (es_write (parm->memfp, data, datalen, &nwritten)) |
1089 | 0 | err = gpg_error_from_syserror (); |
1090 | |
|
1091 | 0 | return err; |
1092 | 0 | } |
1093 | | |
1094 | | |
1095 | | /* Status callback for the DNS_CERT command. */ |
1096 | | static gpg_error_t |
1097 | | dns_cert_status_cb (void *opaque, const char *line) |
1098 | 0 | { |
1099 | 0 | struct dns_cert_parm_s *parm = opaque; |
1100 | 0 | gpg_error_t err = 0; |
1101 | 0 | const char *s; |
1102 | 0 | size_t nbytes; |
1103 | |
|
1104 | 0 | if ((s = has_leading_keyword (line, "FPR"))) |
1105 | 0 | { |
1106 | 0 | char *buf; |
1107 | |
|
1108 | 0 | if (!(buf = xtrystrdup (s))) |
1109 | 0 | err = gpg_error_from_syserror (); |
1110 | 0 | else if (parm->fpr) |
1111 | 0 | err = gpg_error (GPG_ERR_DUP_KEY); |
1112 | 0 | else if (!hex2str (buf, buf, strlen (buf)+1, &nbytes)) |
1113 | 0 | err = gpg_error_from_syserror (); |
1114 | 0 | else if (nbytes < 20) |
1115 | 0 | err = gpg_error (GPG_ERR_TOO_SHORT); |
1116 | 0 | else |
1117 | 0 | { |
1118 | 0 | parm->fpr = xtrymalloc (nbytes); |
1119 | 0 | if (!parm->fpr) |
1120 | 0 | err = gpg_error_from_syserror (); |
1121 | 0 | else |
1122 | 0 | memcpy (parm->fpr, buf, (parm->fprlen = nbytes)); |
1123 | 0 | } |
1124 | 0 | xfree (buf); |
1125 | 0 | } |
1126 | 0 | else if ((s = has_leading_keyword (line, "URL")) && *s) |
1127 | 0 | { |
1128 | 0 | if (parm->url) |
1129 | 0 | err = gpg_error (GPG_ERR_DUP_KEY); |
1130 | 0 | else if (!(parm->url = xtrystrdup (s))) |
1131 | 0 | err = gpg_error_from_syserror (); |
1132 | 0 | } |
1133 | |
|
1134 | 0 | return err; |
1135 | 0 | } |
1136 | | |
1137 | | /* Ask the dirmngr for a DNS CERT record. Depending on the found |
1138 | | subtypes different return values are set: |
1139 | | |
1140 | | - For a PGP subtype a new estream with that key will be returned at |
1141 | | R_KEY and the other return parameters are set to NULL/0. |
1142 | | |
1143 | | - For an IPGP subtype the fingerprint is stored as a malloced block |
1144 | | at (R_FPR,R_FPRLEN). If an URL is available it is stored as a |
1145 | | malloced string at R_URL; NULL is stored if there is no URL. |
1146 | | |
1147 | | If CERTTYPE is DNS_CERTTYPE_ANY this function returns the first |
1148 | | CERT record found with a supported type; it is expected that only |
1149 | | one CERT record is used. If CERTTYPE is one of the supported |
1150 | | certtypes, only records with this certtype are considered and the |
1151 | | first one found is returned. All R_* args are optional. |
1152 | | |
1153 | | If CERTTYPE is NULL the DANE method is used to fetch the key. |
1154 | | */ |
1155 | | gpg_error_t |
1156 | | gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype, |
1157 | | estream_t *r_key, |
1158 | | unsigned char **r_fpr, size_t *r_fprlen, |
1159 | | char **r_url) |
1160 | 0 | { |
1161 | 0 | gpg_error_t err; |
1162 | 0 | assuan_context_t ctx; |
1163 | 0 | struct dns_cert_parm_s parm; |
1164 | 0 | char *line = NULL; |
1165 | |
|
1166 | 0 | memset (&parm, 0, sizeof parm); |
1167 | 0 | if (r_key) |
1168 | 0 | *r_key = NULL; |
1169 | 0 | if (r_fpr) |
1170 | 0 | *r_fpr = NULL; |
1171 | 0 | if (r_fprlen) |
1172 | 0 | *r_fprlen = 0; |
1173 | 0 | if (r_url) |
1174 | 0 | *r_url = NULL; |
1175 | |
|
1176 | 0 | err = open_context (ctrl, &ctx); |
1177 | 0 | if (err) |
1178 | 0 | return err; |
1179 | | |
1180 | 0 | line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name); |
1181 | 0 | if (!line) |
1182 | 0 | { |
1183 | 0 | err = gpg_error_from_syserror (); |
1184 | 0 | goto leave; |
1185 | 0 | } |
1186 | 0 | if (strlen (line) + 2 >= ASSUAN_LINELENGTH) |
1187 | 0 | { |
1188 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
1189 | 0 | goto leave; |
1190 | 0 | } |
1191 | | |
1192 | 0 | parm.memfp = es_fopenmem (0, "rwb"); |
1193 | 0 | if (!parm.memfp) |
1194 | 0 | { |
1195 | 0 | err = gpg_error_from_syserror (); |
1196 | 0 | goto leave; |
1197 | 0 | } |
1198 | 0 | err = assuan_transact (ctx, line, dns_cert_data_cb, &parm, |
1199 | 0 | NULL, NULL, dns_cert_status_cb, &parm); |
1200 | 0 | if (err) |
1201 | 0 | goto leave; |
1202 | | |
1203 | | /* Data line returned by dirmngr may be nothing. Check if any. */ |
1204 | 0 | if (es_ftell (parm.memfp) != 0 && r_key) |
1205 | 0 | { |
1206 | 0 | es_rewind (parm.memfp); |
1207 | 0 | *r_key = parm.memfp; |
1208 | 0 | parm.memfp = NULL; |
1209 | 0 | } |
1210 | |
|
1211 | 0 | if (r_fpr && parm.fpr) |
1212 | 0 | { |
1213 | 0 | *r_fpr = parm.fpr; |
1214 | 0 | parm.fpr = NULL; |
1215 | 0 | } |
1216 | 0 | if (r_fprlen) |
1217 | 0 | *r_fprlen = parm.fprlen; |
1218 | |
|
1219 | 0 | if (r_url && parm.url) |
1220 | 0 | { |
1221 | 0 | *r_url = parm.url; |
1222 | 0 | parm.url = NULL; |
1223 | 0 | } |
1224 | |
|
1225 | 0 | leave: |
1226 | 0 | xfree (parm.fpr); |
1227 | 0 | xfree (parm.url); |
1228 | 0 | es_fclose (parm.memfp); |
1229 | 0 | xfree (line); |
1230 | 0 | close_context (ctrl, ctx); |
1231 | 0 | return err; |
1232 | 0 | } |
1233 | | |
1234 | | |
1235 | | � |
1236 | | /* Ask the dirmngr to retrieve a key via the Web Key Directory |
1237 | | * protocol. If QUICK is set the dirmngr is advised to use a shorter |
1238 | | * timeout. On success a new estream with the key stored at R_KEY and the |
1239 | | * url of the lookup (if any) stored at R_URL. Note that |
1240 | | */ |
1241 | | gpg_error_t |
1242 | | gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick, |
1243 | | estream_t *r_key, char **r_url) |
1244 | 0 | { |
1245 | 0 | gpg_error_t err; |
1246 | 0 | assuan_context_t ctx; |
1247 | 0 | struct ks_status_parm_s stparm = { NULL }; |
1248 | 0 | struct dns_cert_parm_s parm = { NULL }; |
1249 | 0 | char *line = NULL; |
1250 | |
|
1251 | 0 | if (r_key) |
1252 | 0 | *r_key = NULL; |
1253 | |
|
1254 | 0 | if (r_url) |
1255 | 0 | *r_url = NULL; |
1256 | |
|
1257 | 0 | err = open_context (ctrl, &ctx); |
1258 | 0 | if (err) |
1259 | 0 | return err; |
1260 | | |
1261 | 0 | line = es_bsprintf ("WKD_GET%s -- %s", quick?" --quick":"", name); |
1262 | 0 | if (!line) |
1263 | 0 | { |
1264 | 0 | err = gpg_error_from_syserror (); |
1265 | 0 | goto leave; |
1266 | 0 | } |
1267 | 0 | if (strlen (line) + 2 >= ASSUAN_LINELENGTH) |
1268 | 0 | { |
1269 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
1270 | 0 | goto leave; |
1271 | 0 | } |
1272 | | |
1273 | 0 | parm.memfp = es_fopenmem (MAX_WKD_RESULT_LENGTH, "rwb"); |
1274 | 0 | if (!parm.memfp) |
1275 | 0 | { |
1276 | 0 | err = gpg_error_from_syserror (); |
1277 | 0 | goto leave; |
1278 | 0 | } |
1279 | 0 | err = assuan_transact (ctx, line, dns_cert_data_cb, &parm, |
1280 | 0 | NULL, NULL, ks_status_cb, &stparm); |
1281 | 0 | if (gpg_err_code (err) == GPG_ERR_ENOSPC) |
1282 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
1283 | 0 | if (err) |
1284 | 0 | goto leave; |
1285 | | |
1286 | 0 | if (r_key) |
1287 | 0 | { |
1288 | 0 | es_rewind (parm.memfp); |
1289 | 0 | *r_key = parm.memfp; |
1290 | 0 | parm.memfp = NULL; |
1291 | 0 | } |
1292 | |
|
1293 | 0 | if (r_url) |
1294 | 0 | { |
1295 | 0 | *r_url = stparm.source; |
1296 | 0 | stparm.source = NULL; |
1297 | 0 | } |
1298 | |
|
1299 | 0 | leave: |
1300 | 0 | xfree (stparm.source); |
1301 | 0 | xfree (parm.fpr); |
1302 | 0 | xfree (parm.url); |
1303 | 0 | es_fclose (parm.memfp); |
1304 | 0 | xfree (line); |
1305 | 0 | close_context (ctrl, ctx); |
1306 | 0 | return err; |
1307 | 0 | } |