1 /* server.c - LDAP and Keyserver access server
2 * Copyright (C) 2002 Klarälvdalens Datakonsult AB
3 * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2011, 2015 g10 Code GmbH
4 * Copyright (C) 2014, 2015, 2016 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
28 #include <sys/types.h>
39 # include "ldapserver.h"
42 #include "certcache.h"
46 # include "ldap-wrapper.h"
48 #include "ks-action.h"
49 #include "ks-engine.h" /* (ks_hkp_print_hosttable) */
51 # include "ldap-parse-uri.h"
53 #include "dns-stuff.h"
54 #include "mbox-util.h"
56 #include "server-help.h"
58 /* To avoid DoS attacks we limit the size of a certificate to
59 something reasonable. The DoS was actually only an issue back when
60 Dirmngr was a system service and not a user service. */
61 #define MAX_CERT_LENGTH (16*1024)
63 /* The same goes for OpenPGP keyblocks, but here we need to allow for
64 much longer blocks; a 200k keyblock is not too unusual for keys
65 with a lot of signatures (e.g. 0x5b0358a2). 9C31503C6D866396 even
66 has 770 KiB as of 2015-08-23. To avoid adding a runtime option we
67 now use 20MiB which should really be enough. Well, a key with
68 several pictures could be larger (the parser as a 18MiB limit for
69 attribute packets) but it won't be nice to the keyservers to send
70 them such large blobs. */
71 #define MAX_KEYBLOCK_LENGTH (20*1024*1024)
74 #define PARM_ERROR(t) assuan_set_error (ctx, \
75 gpg_error (GPG_ERR_ASS_PARAMETER), (t))
76 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
80 /* Control structure per connection. */
83 /* Data used to associate an Assuan context with local server data */
84 assuan_context_t assuan_ctx;
86 /* Per-session LDAP servers. */
87 ldap_server_t ldapservers;
89 /* Per-session list of keyservers. */
90 uri_item_t keyservers;
92 /* If this flag is set to true this dirmngr process will be
93 terminated after the end of this session. */
96 /* State variable private to is_tor_running. */
99 /* If the first both flags are set the assuan logging of data lines
100 * is suppressed. The count variable is used to show the number of
101 * non-logged bytes. */
102 size_t inhibit_data_logging_count;
103 unsigned int inhibit_data_logging : 1;
104 unsigned int inhibit_data_logging_now : 1;
108 /* Cookie definition for assuan data line output. */
109 static gpgrt_ssize_t data_line_cookie_write (void *cookie,
110 const void *buffer, size_t size);
111 static int data_line_cookie_close (void *cookie);
112 static es_cookie_io_functions_t data_line_cookie_functions =
115 data_line_cookie_write,
117 data_line_cookie_close
124 /* Accessor for the local ldapservers variable. */
126 get_ldapservers_from_ctrl (ctrl_t ctrl)
128 if (ctrl && ctrl->server_local)
129 return ctrl->server_local->ldapservers;
134 /* Release an uri_item_t list. */
136 release_uri_item_list (uri_item_t list)
140 uri_item_t tmp = list->next;
141 http_release_parsed_uri (list->parsed_uri);
147 /* Release all configured keyserver info from CTRL. */
149 release_ctrl_keyservers (ctrl_t ctrl)
151 if (! ctrl->server_local)
154 release_uri_item_list (ctrl->server_local->keyservers);
155 ctrl->server_local->keyservers = NULL;
160 /* Helper to print a message while leaving a command. */
162 leave_cmd (assuan_context_t ctx, gpg_error_t err)
166 const char *name = assuan_get_command_name (ctx);
169 if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
170 log_error ("command '%s' failed: %s\n", name,
173 log_error ("command '%s' failed: %s <%s>\n", name,
174 gpg_strerror (err), gpg_strsource (err));
180 /* This is a wrapper around assuan_send_data which makes debugging the
181 output in verbose mode easier. */
183 data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size)
185 ctrl_t ctrl = assuan_get_pointer (ctx);
186 const char *buffer = buffer_arg;
189 /* If we do not want logging, enable it it here. */
190 if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging)
191 ctrl->server_local->inhibit_data_logging_now = 1;
193 if (opt.verbose && buffer && size)
195 /* Ease reading of output by sending a physical line at each LF. */
202 p = memchr (buffer, '\n', nbytes);
203 n = p ? (p - buffer) + 1 : nbytes;
204 err = assuan_send_data (ctx, buffer, n);
207 gpg_err_set_errno (EIO);
212 if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */
214 gpg_err_set_errno (EIO);
222 err = assuan_send_data (ctx, buffer, size);
225 gpg_err_set_errno (EIO); /* For use by data_line_cookie_write. */
231 if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging)
233 ctrl->server_local->inhibit_data_logging_now = 0;
234 ctrl->server_local->inhibit_data_logging_count += size;
241 /* A write handler used by es_fopencookie to write assuan data
244 data_line_cookie_write (void *cookie, const void *buffer, size_t size)
246 assuan_context_t ctx = cookie;
248 if (data_line_write (ctx, buffer, size))
250 return (gpgrt_ssize_t)size;
255 data_line_cookie_close (void *cookie)
257 assuan_context_t ctx = cookie;
261 ctrl_t ctrl = assuan_get_pointer (ctx);
263 if (ctrl && ctrl->server_local
264 && ctrl->server_local->inhibit_data_logging
265 && ctrl->server_local->inhibit_data_logging_count)
266 log_debug ("(%zu bytes sent via D lines not shown)\n",
267 ctrl->server_local->inhibit_data_logging_count);
269 if (assuan_send_data (ctx, NULL, 0))
271 gpg_err_set_errno (EIO);
279 /* Copy the % and + escaped string S into the buffer D and replace the
280 escape sequences. Note, that it is sufficient to allocate the
281 target string D as long as the source string S, i.e.: strlen(s)+1.
282 Note further that if S contains an escaped binary Nul the resulting
283 string D will contain the 0 as well as all other characters but it
284 will be impossible to know whether this is the original EOS or a
287 strcpy_escaped_plus (char *d, const unsigned char *s)
291 if (*s == '%' && s[1] && s[2])
306 /* This function returns true if a Tor server is running. The sattus
307 is cached for the current connection. */
309 is_tor_running (ctrl_t ctrl)
311 /* Check whether we can connect to the proxy. */
313 if (!ctrl || !ctrl->server_local)
314 return 0; /* Ooops. */
316 if (!ctrl->server_local->tor_state)
320 sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
321 if (sock == ASSUAN_INVALID_FD)
322 ctrl->server_local->tor_state = -1; /* Not running. */
325 assuan_sock_close (sock);
326 ctrl->server_local->tor_state = 1; /* Running. */
329 return (ctrl->server_local->tor_state > 0);
333 /* Return an error if the assuan context does not belong to the owner
334 of the process or to root. On error FAILTEXT is set as Assuan
337 check_owner_permission (assuan_context_t ctx, const char *failtext)
339 #ifdef HAVE_W32_SYSTEM
340 /* Under Windows the dirmngr is always run under the control of the
346 assuan_peercred_t cred;
348 ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
349 if (!ec && cred->uid && cred->uid != getuid ())
352 return set_error (ec, failtext);
359 /* Common code for get_cert_local and get_issuer_cert_local. */
361 do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
363 unsigned char *value;
371 buf = xmalloc ( strlen (command) + 1 + strlen(name) + 1);
372 strcpy (stpcpy (stpcpy (buf, command), " "), name);
375 buf = xstrdup (command);
377 rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
378 &value, &valuelen, MAX_CERT_LENGTH);
382 log_error (_("assuan_inquire(%s) failed: %s\n"),
383 command, gpg_strerror (rc));
393 rc = ksba_cert_new (&cert);
396 rc = ksba_cert_init_from_mem (cert, value, valuelen);
399 ksba_cert_release (cert);
409 /* Ask back to return a certificate for name, given as a regular
410 gpgsm certificate indentificates (e.g. fingerprint or one of the
411 other methods). Alternatively, NULL may be used for NAME to
412 return the current target certificate. Either return the certificate
413 in a KSBA object or NULL if it is not available.
416 get_cert_local (ctrl_t ctrl, const char *name)
418 if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
421 log_debug ("get_cert_local called w/o context\n");
424 return do_get_cert_local (ctrl, name, "SENDCERT");
428 /* Ask back to return the issuing certificate for name, given as a
429 regular gpgsm certificate indentificates (e.g. fingerprint or one
430 of the other methods). Alternatively, NULL may be used for NAME to
431 return thecurrent target certificate. Either return the certificate
432 in a KSBA object or NULL if it is not available.
436 get_issuing_cert_local (ctrl_t ctrl, const char *name)
438 if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
441 log_debug ("get_issuing_cert_local called w/o context\n");
444 return do_get_cert_local (ctrl, name, "SENDISSUERCERT");
447 /* Ask back to return a certificate with subject NAME and a
448 subjectKeyIdentifier of KEYID. */
450 get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
452 unsigned char *value;
459 if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
462 log_debug ("get_cert_local_ski called w/o context\n");
467 log_debug ("get_cert_local_ski called with insufficient arguments\n");
471 hexkeyid = serial_hex (keyid);
474 log_debug ("serial_hex() failed\n");
478 buf = xtrymalloc (15 + strlen (hexkeyid) + 2 + strlen(name) + 1);
482 log_error ("can't allocate enough memory: %s\n", strerror (errno));
486 strcpy (stpcpy (stpcpy (stpcpy (buf, "SENDCERT_SKI "), hexkeyid)," /"),name);
489 rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
490 &value, &valuelen, MAX_CERT_LENGTH);
494 log_error (_("assuan_inquire(%s) failed: %s\n"), "SENDCERT_SKI",
505 rc = ksba_cert_new (&cert);
508 rc = ksba_cert_init_from_mem (cert, value, valuelen);
511 ksba_cert_release (cert);
520 /* Ask the client via an inquiry to check the istrusted status of the
521 certificate specified by the hexified fingerprint HEXFPR. Returns
522 0 if the certificate is trusted by the client or an error code. */
524 get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr)
526 unsigned char *value;
531 if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx
533 return gpg_error (GPG_ERR_INV_ARG);
535 snprintf (request, sizeof request, "ISTRUSTED %s", hexfpr);
536 rc = assuan_inquire (ctrl->server_local->assuan_ctx, request,
537 &value, &valuelen, 100);
540 log_error (_("assuan_inquire(%s) failed: %s\n"),
541 request, gpg_strerror (rc));
544 /* The expected data is: "1" or "1 cruft" (not a C-string). */
545 if (valuelen && *value == '1' && (valuelen == 1 || spacep (value+1)))
548 rc = gpg_error (GPG_ERR_NOT_TRUSTED);
556 /* Ask the client to return the certificate associated with the
557 current command. This is sometimes needed because the client usually
558 sends us just the cert ID, assuming that the request can be
559 satisfied from the cache, where the cert ID is used as key. */
561 inquire_cert_and_load_crl (assuan_context_t ctx)
563 ctrl_t ctrl = assuan_get_pointer (ctx);
565 unsigned char *value = NULL;
567 ksba_cert_t cert = NULL;
569 err = assuan_inquire( ctx, "SENDCERT", &value, &valuelen, 0);
574 /* FILE *fp = fopen ("foo.der", "r"); */
575 /* value = xmalloc (2000); */
576 /* valuelen = fread (value, 1, 2000, fp); */
580 if (!valuelen) /* No data returned; return a comprehensible error. */
581 return gpg_error (GPG_ERR_MISSING_CERT);
583 err = ksba_cert_new (&cert);
586 err = ksba_cert_init_from_mem (cert, value, valuelen);
589 xfree (value); value = NULL;
591 err = crl_cache_reload_crl (ctrl, cert);
594 ksba_cert_release (cert);
600 /* Handle OPTION commands. */
602 option_handler (assuan_context_t ctx, const char *key, const char *value)
604 ctrl_t ctrl = assuan_get_pointer (ctx);
607 if (!strcmp (key, "force-crl-refresh"))
609 int i = *value? atoi (value) : 0;
610 ctrl->force_crl_refresh = i;
612 else if (!strcmp (key, "audit-events"))
614 int i = *value? atoi (value) : 0;
615 ctrl->audit_events = i;
617 else if (!strcmp (key, "http-proxy"))
619 xfree (ctrl->http_proxy);
620 if (!*value || !strcmp (value, "none"))
621 ctrl->http_proxy = NULL;
622 else if (!(ctrl->http_proxy = xtrystrdup (value)))
623 err = gpg_error_from_syserror ();
625 else if (!strcmp (key, "honor-keyserver-url-used"))
627 /* Return an error if we are running in Tor mode. */
628 if (dirmngr_use_tor ())
629 err = gpg_error (GPG_ERR_FORBIDDEN);
632 err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
639 static const char hlp_dns_cert[] =
640 "DNS_CERT <subtype> <name>\n"
641 "DNS_CERT --pka <user_id>\n"
642 "DNS_CERT --dane <user_id>\n"
644 "Return the CERT record for <name>. <subtype> is one of\n"
645 " * Return the first record of any supported subtype\n"
646 " PGP Return the first record of subtype PGP (3)\n"
647 " IPGP Return the first record of subtype IPGP (6)\n"
648 "If the content of a certificate is available (PGP) it is returned\n"
649 "by data lines. Fingerprints and URLs are returned via status lines.\n"
650 "In --pka mode the fingerprint and if available an URL is returned.\n"
651 "In --dane mode the key is returned from RR type 61";
653 cmd_dns_cert (assuan_context_t ctx, char *line)
655 /* ctrl_t ctrl = assuan_get_pointer (ctx); */
657 int pka_mode, dane_mode;
659 char *namebuf = NULL;
660 char *encodedhash = NULL;
666 unsigned char *fpr = NULL;
670 pka_mode = has_option (line, "--pka");
671 dane_mode = has_option (line, "--dane");
672 line = skip_options (line);
674 if (pka_mode && dane_mode)
676 err = PARM_ERROR ("either --pka or --dane may be given");
680 if (pka_mode || dane_mode)
681 ; /* No need to parse here - we do this later. */
684 p = strchr (line, ' ');
687 err = PARM_ERROR ("missing arguments");
691 if (!strcmp (line, "*"))
692 certtype = DNS_CERTTYPE_ANY;
693 else if (!strcmp (line, "IPGP"))
694 certtype = DNS_CERTTYPE_IPGP;
695 else if (!strcmp (line, "PGP"))
696 certtype = DNS_CERTTYPE_PGP;
699 err = PARM_ERROR ("unknown subtype");
707 err = PARM_ERROR ("name missing");
712 if (pka_mode || dane_mode)
714 char *domain; /* Points to mbox. */
715 char hashbuf[32]; /* For SHA-1 and SHA-256. */
717 /* We lowercase ascii characters but the DANE I-D does not allow
718 this. FIXME: Check after the release of the RFC whether to
720 mbox = mailbox_from_userid (line);
721 if (!mbox || !(domain = strchr (mbox, '@')))
723 err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
730 gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
731 encodedhash = zb32_encode (hashbuf, 8*20);
734 err = gpg_error_from_syserror ();
737 namebuf = strconcat (encodedhash, "._pka.", domain, NULL);
740 err = gpg_error_from_syserror ();
744 certtype = DNS_CERTTYPE_IPGP;
748 /* Note: The hash is truncated to 28 bytes and we lowercase
749 the result only for aesthetic reasons. */
750 gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, mbox, strlen (mbox));
751 encodedhash = bin2hex (hashbuf, 28, NULL);
754 err = gpg_error_from_syserror ();
757 ascii_strlwr (encodedhash);
758 namebuf = strconcat (encodedhash, "._openpgpkey.", domain, NULL);
761 err = gpg_error_from_syserror ();
765 certtype = DNS_CERTTYPE_RR61;
771 err = get_dns_cert (name, certtype, &key, &keylen, &fpr, &fprlen, &url);
777 err = data_line_write (ctx, key, keylen);
786 tmpstr = bin2hex (fpr, fprlen, NULL);
788 err = gpg_error_from_syserror ();
791 err = assuan_write_status (ctx, "FPR", tmpstr);
800 err = assuan_write_status (ctx, "URL", url);
813 return leave_cmd (ctx, err);
818 static const char hlp_wkd_get[] =
819 "WKD_GET [--submission-address|--policy-flags] <user_id>\n"
821 "Return the key or other info for <user_id>\n"
822 "from the Web Key Directory.";
824 cmd_wkd_get (assuan_context_t ctx, char *line)
826 ctrl_t ctrl = assuan_get_pointer (ctx);
829 char *domainbuf = NULL;
830 char *domain; /* Points to mbox or domainbuf. */
833 char *encodedhash = NULL;
834 int opt_submission_addr;
835 int opt_policy_flags;
837 char portstr[20] = { 0 };
839 opt_submission_addr = has_option (line, "--submission-address");
840 opt_policy_flags = has_option (line, "--policy-flags");
841 line = skip_options (line);
843 mbox = mailbox_from_userid (line);
844 if (!mbox || !(domain = strchr (mbox, '@')))
846 err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
851 /* Check for SRV records. */
854 struct srventry *srvs;
855 unsigned int srvscount;
856 size_t domainlen, targetlen;
859 err = get_dns_srv (domain, "openpgpkey", NULL, &srvs, &srvscount);
863 /* Find the first target which also ends in DOMAIN or is equal
865 domainlen = strlen (domain);
866 for (i = 0; i < srvscount; i++)
868 log_debug ("srv: trying '%s:%hu'\n", srvs[i].target, srvs[i].port);
869 targetlen = strlen (srvs[i].target);
870 if ((targetlen > domainlen + 1
871 && srvs[i].target[targetlen - domainlen - 1] == '.'
872 && !ascii_strcasecmp (srvs[i].target + targetlen - domainlen,
874 || (targetlen == domainlen
875 && !ascii_strcasecmp (srvs[i].target, domain)))
878 domainbuf = xtrystrdup (srvs[i].target);
881 err = gpg_error_from_syserror ();
887 snprintf (portstr, sizeof portstr, ":%hu", srvs[i].port);
892 log_debug ("srv: got '%s%s'\n", domain, portstr);
895 gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, mbox, strlen (mbox));
896 encodedhash = zb32_encode (sha1buf, 8*20);
899 err = gpg_error_from_syserror ();
903 if (opt_submission_addr)
905 uri = strconcat ("https://",
908 "/.well-known/openpgpkey/submission-address",
911 else if (opt_policy_flags)
913 uri = strconcat ("https://",
916 "/.well-known/openpgpkey/policy",
921 uri = strconcat ("https://",
924 "/.well-known/openpgpkey/hu/",
931 err = gpg_error_from_syserror ();
935 /* Setup an output stream and perform the get. */
939 outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
941 err = set_error (GPG_ERR_ASS_GENERAL,
942 "error setting up a data stream");
946 ctrl->server_local->inhibit_data_logging = 1;
947 ctrl->server_local->inhibit_data_logging_now = 0;
948 ctrl->server_local->inhibit_data_logging_count = 0;
949 err = ks_action_fetch (ctrl, uri, outfp);
951 ctrl->server_local->inhibit_data_logging = 0;
960 return leave_cmd (ctx, err);
965 static const char hlp_ldapserver[] =
966 "LDAPSERVER <data>\n"
968 "Add a new LDAP server to the list of configured LDAP servers.\n"
969 "DATA is in the same format as expected in the configure file.";
971 cmd_ldapserver (assuan_context_t ctx, char *line)
974 ctrl_t ctrl = assuan_get_pointer (ctx);
975 ldap_server_t server;
976 ldap_server_t *last_next_p;
978 while (spacep (line))
981 return leave_cmd (ctx, PARM_ERROR (_("ldapserver missing")));
983 server = ldapserver_parse_one (line, "", 0);
985 return leave_cmd (ctx, gpg_error (GPG_ERR_INV_ARG));
987 last_next_p = &ctrl->server_local->ldapservers;
989 last_next_p = &(*last_next_p)->next;
990 *last_next_p = server;
991 return leave_cmd (ctx, 0);
994 return leave_cmd (ctx, gpg_error (GPG_ERR_NOT_IMPLEMENTED));
999 static const char hlp_isvalid[] =
1000 "ISVALID [--only-ocsp] [--force-default-responder]"
1001 " <certificate_id>|<certificate_fpr>\n"
1003 "This command checks whether the certificate identified by the\n"
1004 "certificate_id is valid. This is done by consulting CRLs or\n"
1005 "whatever has been configured. Note, that the returned error codes\n"
1006 "are from gpg-error.h. The command may callback using the inquire\n"
1007 "function. See the manual for details.\n"
1009 "The CERTIFICATE_ID is a hex encoded string consisting of two parts,\n"
1010 "delimited by a single dot. The first part is the SHA-1 hash of the\n"
1011 "issuer name and the second part the serial number.\n"
1013 "Alternatively the certificate's fingerprint may be given in which\n"
1014 "case an OCSP request is done before consulting the CRL.\n"
1016 "If the option --only-ocsp is given, no fallback to a CRL check will\n"
1019 "If the option --force-default-responder is given, only the default\n"
1020 "OCSP responder will be used and any other methods of obtaining an\n"
1021 "OCSP responder URL won't be used.";
1023 cmd_isvalid (assuan_context_t ctx, char *line)
1025 ctrl_t ctrl = assuan_get_pointer (ctx);
1026 char *issuerhash, *serialno;
1028 int did_inquire = 0;
1031 int force_default_responder;
1033 only_ocsp = has_option (line, "--only-ocsp");
1034 force_default_responder = has_option (line, "--force-default-responder");
1035 line = skip_options (line);
1037 issuerhash = xstrdup (line); /* We need to work on a copy of the
1038 line because that same Assuan
1039 context may be used for an inquiry.
1040 That is because Assuan reuses its
1044 serialno = strchr (issuerhash, '.');
1049 char *endp = strchr (issuerhash, ' ');
1052 if (strlen (issuerhash) != 40)
1055 return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID")));
1064 /* Note, that we ignore the given issuer hash and instead rely
1065 on the current certificate semantics used with this
1067 if (!opt.allow_ocsp)
1068 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
1070 err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder);
1071 /* Fixme: If we got no ocsp response and --only-ocsp is not used
1072 we should fall back to CRL mode. Thus we need to clear
1073 OCSP_MODE, get the issuerhash and the serialno from the
1074 current certificate and jump to again. */
1077 err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
1080 switch (crl_cache_isvalid (ctrl,
1081 issuerhash, serialno,
1082 ctrl->force_crl_refresh))
1084 case CRL_CACHE_VALID:
1087 case CRL_CACHE_INVALID:
1088 err = gpg_error (GPG_ERR_CERT_REVOKED);
1090 case CRL_CACHE_DONTKNOW:
1092 err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
1093 else if (!(err = inquire_cert_and_load_crl (ctx)))
1099 case CRL_CACHE_CANTUSE:
1100 err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
1103 log_fatal ("crl_cache_isvalid returned invalid code\n");
1108 return leave_cmd (ctx, err);
1112 /* If the line contains a SHA-1 fingerprint as the first argument,
1113 return the FPR vuffer on success. The function checks that the
1114 fingerprint consists of valid characters and prints and error
1115 message if it does not and returns NULL. Fingerprints are
1116 considered optional and thus no explicit error is returned. NULL is
1117 also returned if there is no fingerprint at all available.
1118 FPR must be a caller provided buffer of at least 20 bytes.
1120 Note that colons within the fingerprint are allowed to separate 2
1121 hex digits; this allows for easier cutting and pasting using the
1122 usual fingerprint rendering.
1124 static unsigned char *
1125 get_fingerprint_from_line (const char *line, unsigned char *fpr)
1130 for (s=line, i=0; *s && *s != ' '; s++ )
1132 if ( hexdigitp (s) && hexdigitp (s+1) )
1135 return NULL; /* Fingerprint too long. */
1136 fpr[i++] = xtoi_2 (s);
1139 else if ( *s != ':' )
1140 return NULL; /* Invalid. */
1143 return NULL; /* Fingerprint to short. */
1149 static const char hlp_checkcrl[] =
1150 "CHECKCRL [<fingerprint>]\n"
1152 "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
1153 "entire X.509 certificate blob) is valid or not by consulting the\n"
1154 "CRL responsible for this certificate. If the fingerprint has not\n"
1155 "been given or the certificate is not known, the function \n"
1156 "inquires the certificate using an\n"
1158 " INQUIRE TARGETCERT\n"
1160 "and the caller is expected to return the certificate for the\n"
1161 "request (which should match FINGERPRINT) as a binary blob.\n"
1162 "Processing then takes place without further interaction; in\n"
1163 "particular dirmngr tries to locate other required certificate by\n"
1164 "its own mechanism which includes a local certificate store as well\n"
1165 "as a list of trusted root certificates.\n"
1167 "The return value is the usual gpg-error code or 0 for ducesss;\n"
1168 "i.e. the certificate validity has been confirmed by a valid CRL.";
1170 cmd_checkcrl (assuan_context_t ctx, char *line)
1172 ctrl_t ctrl = assuan_get_pointer (ctx);
1174 unsigned char fprbuffer[20], *fpr;
1177 fpr = get_fingerprint_from_line (line, fprbuffer);
1178 cert = fpr? get_cert_byfpr (fpr) : NULL;
1182 /* We do not have this certificate yet or the fingerprint has
1183 not been given. Inquire it from the client. */
1184 unsigned char *value = NULL;
1187 err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
1188 &value, &valuelen, MAX_CERT_LENGTH);
1191 log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
1195 if (!valuelen) /* No data returned; return a comprehensible error. */
1196 err = gpg_error (GPG_ERR_MISSING_CERT);
1199 err = ksba_cert_new (&cert);
1201 err = ksba_cert_init_from_mem (cert, value, valuelen);
1210 err = crl_cache_cert_isvalid (ctrl, cert, ctrl->force_crl_refresh);
1211 if (gpg_err_code (err) == GPG_ERR_NO_CRL_KNOWN)
1213 err = crl_cache_reload_crl (ctrl, cert);
1215 err = crl_cache_cert_isvalid (ctrl, cert, 0);
1219 ksba_cert_release (cert);
1220 return leave_cmd (ctx, err);
1224 static const char hlp_checkocsp[] =
1225 "CHECKOCSP [--force-default-responder] [<fingerprint>]\n"
1227 "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
1228 "entire X.509 certificate blob) is valid or not by asking an OCSP\n"
1229 "responder responsible for this certificate. The optional\n"
1230 "fingerprint may be used for a quick check in case an OCSP check has\n"
1231 "been done for this certificate recently (we always cache OCSP\n"
1232 "responses for a couple of minutes). If the fingerprint has not been\n"
1233 "given or there is no cached result, the function inquires the\n"
1234 "certificate using an\n"
1236 " INQUIRE TARGETCERT\n"
1238 "and the caller is expected to return the certificate for the\n"
1239 "request (which should match FINGERPRINT) as a binary blob.\n"
1240 "Processing then takes place without further interaction; in\n"
1241 "particular dirmngr tries to locate other required certificates by\n"
1242 "its own mechanism which includes a local certificate store as well\n"
1243 "as a list of trusted root certificates.\n"
1245 "If the option --force-default-responder is given, only the default\n"
1246 "OCSP responder will be used and any other methods of obtaining an\n"
1247 "OCSP responder URL won't be used.\n"
1249 "The return value is the usual gpg-error code or 0 for ducesss;\n"
1250 "i.e. the certificate validity has been confirmed by a valid CRL.";
1252 cmd_checkocsp (assuan_context_t ctx, char *line)
1254 ctrl_t ctrl = assuan_get_pointer (ctx);
1256 unsigned char fprbuffer[20], *fpr;
1258 int force_default_responder;
1260 force_default_responder = has_option (line, "--force-default-responder");
1261 line = skip_options (line);
1263 fpr = get_fingerprint_from_line (line, fprbuffer);
1264 cert = fpr? get_cert_byfpr (fpr) : NULL;
1268 /* We do not have this certificate yet or the fingerprint has
1269 not been given. Inquire it from the client. */
1270 unsigned char *value = NULL;
1273 err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
1274 &value, &valuelen, MAX_CERT_LENGTH);
1277 log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
1281 if (!valuelen) /* No data returned; return a comprehensible error. */
1282 err = gpg_error (GPG_ERR_MISSING_CERT);
1285 err = ksba_cert_new (&cert);
1287 err = ksba_cert_init_from_mem (cert, value, valuelen);
1296 if (!opt.allow_ocsp)
1297 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
1299 err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder);
1302 ksba_cert_release (cert);
1303 return leave_cmd (ctx, err);
1309 lookup_cert_by_url (assuan_context_t ctx, const char *url)
1311 ctrl_t ctrl = assuan_get_pointer (ctx);
1312 gpg_error_t err = 0;
1313 unsigned char *value = NULL;
1316 /* Fetch single certificate given it's URL. */
1317 err = fetch_cert_by_url (ctrl, url, &value, &valuelen);
1320 log_error (_("fetch_cert_by_url failed: %s\n"), gpg_strerror (err));
1324 /* Send the data, flush the buffer and then send an END. */
1325 err = assuan_send_data (ctx, value, valuelen);
1327 err = assuan_send_data (ctx, NULL, 0);
1329 err = assuan_write_line (ctx, "END");
1332 log_error (_("error sending data: %s\n"), gpg_strerror (err));
1342 /* Send the certificate, flush the buffer and then send an END. */
1344 return_one_cert (void *opaque, ksba_cert_t cert)
1346 assuan_context_t ctx = opaque;
1348 const unsigned char *der;
1351 der = ksba_cert_get_image (cert, &derlen);
1353 err = gpg_error (GPG_ERR_INV_CERT_OBJ);
1356 err = assuan_send_data (ctx, der, derlen);
1358 err = assuan_send_data (ctx, NULL, 0);
1360 err = assuan_write_line (ctx, "END");
1363 log_error (_("error sending data: %s\n"), gpg_strerror (err));
1368 /* Lookup certificates from the internal cache or using the ldap
1371 lookup_cert_by_pattern (assuan_context_t ctx, char *line,
1372 int single, int cache_only)
1374 gpg_error_t err = 0;
1376 strlist_t sl, list = NULL;
1377 int truncated = 0, truncation_forced = 0;
1379 int local_count = 0;
1381 ctrl_t ctrl = assuan_get_pointer (ctx);
1382 unsigned char *value = NULL;
1384 struct ldapserver_iter ldapserver_iter;
1385 cert_fetch_context_t fetch_context;
1387 int any_no_data = 0;
1389 /* Break the line down into an STRLIST */
1390 for (p=line; *p; line = p)
1392 while (*p && *p != ' ')
1399 sl = xtrymalloc (sizeof *sl + strlen (line));
1402 err = gpg_error_from_errno (errno);
1405 memset (sl, 0, sizeof *sl);
1406 strcpy_escaped_plus (sl->d, line);
1412 /* First look through the internal cache. The certifcates returned
1413 here are not counted towards the truncation limit. */
1414 if (single && !cache_only)
1415 ; /* Do not read from the local cache in this case. */
1418 for (sl=list; sl; sl = sl->next)
1420 err = get_certs_bypattern (sl->d, return_one_cert, ctx);
1426 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
1432 else if (gpg_err_code (err) == GPG_ERR_INV_NAME && !cache_only)
1434 /* No real fault because the internal pattern lookup
1435 can't yet cope with all types of pattern. */
1443 /* Loop over all configured servers unless we want only the
1444 certificates from the cache. */
1446 for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
1447 !cache_only && !ldapserver_iter_end_p (&ldapserver_iter)
1448 && ldapserver_iter.server->host && !truncation_forced;
1449 ldapserver_iter_next (&ldapserver_iter))
1451 ldap_server_t ldapserver = ldapserver_iter.server;
1454 log_debug ("cmd_lookup: trying %s:%d base=%s\n",
1455 ldapserver->host, ldapserver->port,
1456 ldapserver->base?ldapserver->base : "[default]");
1458 /* Fetch certificates matching pattern */
1459 err = start_cert_fetch (ctrl, &fetch_context, list, ldapserver);
1460 if ( gpg_err_code (err) == GPG_ERR_NO_DATA )
1463 log_debug ("cmd_lookup: no data\n");
1470 log_error (_("start_cert_fetch failed: %s\n"), gpg_strerror (err));
1474 /* Fetch the certificates for this query. */
1475 while (!truncation_forced)
1477 xfree (value); value = NULL;
1478 err = fetch_next_cert (fetch_context, &value, &valuelen);
1479 if (gpg_err_code (err) == GPG_ERR_NO_DATA )
1485 if (gpg_err_code (err) == GPG_ERR_TRUNCATED)
1491 if (gpg_err_code (err) == GPG_ERR_EOF)
1498 err = gpg_error (GPG_ERR_BUG);
1503 log_error (_("fetch_next_cert failed: %s\n"),
1504 gpg_strerror (err));
1505 end_cert_fetch (fetch_context);
1510 log_debug ("cmd_lookup: returning one cert%s\n",
1511 truncated? " (truncated)":"");
1513 /* Send the data, flush the buffer and then send an END line
1514 as a certificate delimiter. */
1515 err = assuan_send_data (ctx, value, valuelen);
1517 err = assuan_send_data (ctx, NULL, 0);
1519 err = assuan_write_line (ctx, "END");
1522 log_error (_("error sending data: %s\n"), gpg_strerror (err));
1523 end_cert_fetch (fetch_context);
1527 if (++count >= opt.max_replies )
1529 truncation_forced = 1;
1530 log_info (_("max_replies %d exceeded\n"), opt.max_replies );
1536 end_cert_fetch (fetch_context);
1541 if (truncated || truncation_forced)
1545 sprintf (str, "%d", count);
1546 assuan_write_status (ctx, "TRUNCATED", str);
1549 if (!err && !count && !local_count && any_no_data)
1550 err = gpg_error (GPG_ERR_NO_DATA);
1553 free_strlist (list);
1558 static const char hlp_lookup[] =
1559 "LOOKUP [--url] [--single] [--cache-only] <pattern>\n"
1561 "Lookup certificates matching PATTERN. With --url the pattern is\n"
1562 "expected to be one URL.\n"
1564 "If --url is not given: To allow for multiple patterns (which are ORed)\n"
1565 "quoting is required: Spaces are translated to \"+\" or \"%20\";\n"
1566 "obviously this requires that the usual escape quoting rules are applied.\n"
1568 "If --url is given no special escaping is required because URLs are\n"
1569 "already escaped this way.\n"
1571 "If --single is given the first and only the first match will be\n"
1572 "returned. If --cache-only is _not_ given, no local query will be\n"
1575 "If --cache-only is given no external lookup is done so that only\n"
1576 "certificates from the cache may get returned.";
1578 cmd_lookup (assuan_context_t ctx, char *line)
1581 int lookup_url, single, cache_only;
1583 lookup_url = has_leading_option (line, "--url");
1584 single = has_leading_option (line, "--single");
1585 cache_only = has_leading_option (line, "--cache-only");
1586 line = skip_options (line);
1588 if (lookup_url && cache_only)
1589 err = gpg_error (GPG_ERR_NOT_FOUND);
1590 else if (lookup_url && single)
1591 err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
1592 else if (lookup_url)
1593 err = lookup_cert_by_url (ctx, line);
1595 err = lookup_cert_by_pattern (ctx, line, single, cache_only);
1597 return leave_cmd (ctx, err);
1601 static const char hlp_loadcrl[] =
1602 "LOADCRL [--url] <filename|url>\n"
1604 "Load the CRL in the file with name FILENAME into our cache. Note\n"
1605 "that FILENAME should be given with an absolute path because\n"
1606 "Dirmngrs cwd is not known. With --url the CRL is directly loaded\n"
1607 "from the given URL.\n"
1609 "This command is usually used by gpgsm using the invocation \"gpgsm\n"
1610 "--call-dirmngr loadcrl <filename>\". A direct invocation of Dirmngr\n"
1611 "is not useful because gpgsm might need to callback gpgsm to ask for\n"
1612 "the CA's certificate.";
1614 cmd_loadcrl (assuan_context_t ctx, char *line)
1616 ctrl_t ctrl = assuan_get_pointer (ctx);
1617 gpg_error_t err = 0;
1618 int use_url = has_leading_option (line, "--url");
1620 line = skip_options (line);
1624 ksba_reader_t reader;
1626 err = crl_fetch (ctrl, line, &reader);
1628 log_error (_("fetching CRL from '%s' failed: %s\n"),
1629 line, gpg_strerror (err));
1632 err = crl_cache_insert (ctrl, line, reader);
1634 log_error (_("processing CRL from '%s' failed: %s\n"),
1635 line, gpg_strerror (err));
1636 crl_close_reader (reader);
1643 buf = xtrymalloc (strlen (line)+1);
1645 err = gpg_error_from_syserror ();
1648 strcpy_escaped_plus (buf, line);
1649 err = crl_cache_load (ctrl, buf);
1654 return leave_cmd (ctx, err);
1658 static const char hlp_listcrls[] =
1661 "List the content of all CRLs in a readable format. This command is\n"
1662 "usually used by gpgsm using the invocation \"gpgsm --call-dirmngr\n"
1663 "listcrls\". It may also be used directly using \"dirmngr\n"
1666 cmd_listcrls (assuan_context_t ctx, char *line)
1673 fp = es_fopencookie (ctx, "w", data_line_cookie_functions);
1675 err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
1678 err = crl_cache_list (fp);
1681 return leave_cmd (ctx, err);
1685 static const char hlp_cachecert[] =
1688 "Put a certificate into the internal cache. This command might be\n"
1689 "useful if a client knows in advance certificates required for a\n"
1690 "test and wants to make sure they get added to the internal cache.\n"
1691 "It is also helpful for debugging. To get the actual certificate,\n"
1692 "this command immediately inquires it using\n"
1694 " INQUIRE TARGETCERT\n"
1696 "and the caller is expected to return the certificate for the\n"
1697 "request as a binary blob.";
1699 cmd_cachecert (assuan_context_t ctx, char *line)
1701 ctrl_t ctrl = assuan_get_pointer (ctx);
1703 ksba_cert_t cert = NULL;
1704 unsigned char *value = NULL;
1709 err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
1710 &value, &valuelen, MAX_CERT_LENGTH);
1713 log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
1717 if (!valuelen) /* No data returned; return a comprehensible error. */
1718 err = gpg_error (GPG_ERR_MISSING_CERT);
1721 err = ksba_cert_new (&cert);
1723 err = ksba_cert_init_from_mem (cert, value, valuelen);
1729 err = cache_cert (cert);
1732 ksba_cert_release (cert);
1733 return leave_cmd (ctx, err);
1737 static const char hlp_validate[] =
1740 "Validate a certificate using the certificate validation function\n"
1741 "used internally by dirmngr. This command is only useful for\n"
1742 "debugging. To get the actual certificate, this command immediately\n"
1743 "inquires it using\n"
1745 " INQUIRE TARGETCERT\n"
1747 "and the caller is expected to return the certificate for the\n"
1748 "request as a binary blob.";
1750 cmd_validate (assuan_context_t ctx, char *line)
1752 ctrl_t ctrl = assuan_get_pointer (ctx);
1754 ksba_cert_t cert = NULL;
1755 unsigned char *value = NULL;
1760 err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
1761 &value, &valuelen, MAX_CERT_LENGTH);
1764 log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
1768 if (!valuelen) /* No data returned; return a comprehensible error. */
1769 err = gpg_error (GPG_ERR_MISSING_CERT);
1772 err = ksba_cert_new (&cert);
1774 err = ksba_cert_init_from_mem (cert, value, valuelen);
1780 /* If we have this certificate already in our cache, use the cached
1781 version for validation because this will take care of any cached
1784 unsigned char fpr[20];
1785 ksba_cert_t tmpcert;
1787 cert_compute_fpr (cert, fpr);
1788 tmpcert = get_cert_byfpr (fpr);
1791 ksba_cert_release (cert);
1796 err = validate_cert_chain (ctrl, cert, NULL, VALIDATE_MODE_CERT, NULL);
1799 ksba_cert_release (cert);
1800 return leave_cmd (ctx, err);
1805 /* Parse an keyserver URI and store it in a new uri item which is
1806 returned at R_ITEM. On error return an error code. */
1808 make_keyserver_item (const char *uri, uri_item_t *r_item)
1814 item = xtrymalloc (sizeof *item + strlen (uri));
1816 return gpg_error_from_syserror ();
1819 item->parsed_uri = NULL;
1820 strcpy (item->uri, uri);
1823 if (ldap_uri_p (item->uri))
1824 err = ldap_parse_uri (&item->parsed_uri, uri);
1828 err = http_parse_uri (&item->parsed_uri, uri, 1);
1839 /* If no keyserver is stored in CTRL but a global keyserver has been
1840 set, put that global keyserver into CTRL. We need use this
1841 function to help migrate from the old gpg based keyserver
1842 configuration to the new dirmngr based configuration. */
1844 ensure_keyserver (ctrl_t ctrl)
1848 uri_item_t onion_items = NULL;
1849 uri_item_t plain_items = NULL;
1853 if (ctrl->server_local->keyservers)
1854 return 0; /* Already set for this session. */
1857 /* No global option set. Fall back to default: */
1858 return make_keyserver_item (DIRMNGR_DEFAULT_KEYSERVER,
1859 &ctrl->server_local->keyservers);
1862 for (sl = opt.keyserver; sl; sl = sl->next)
1864 err = make_keyserver_item (sl->d, &item);
1867 if (item->parsed_uri->onion)
1869 item->next = onion_items;
1874 item->next = plain_items;
1879 /* Decide which to use. Note that the sesssion has no keyservers
1881 if (onion_items && !onion_items->next && plain_items && !plain_items->next)
1883 /* If there is just one onion and one plain keyserver given, we take
1884 only one depending on whether Tor is running or not. */
1885 if (is_tor_running (ctrl))
1887 ctrl->server_local->keyservers = onion_items;
1892 ctrl->server_local->keyservers = plain_items;
1896 else if (!is_tor_running (ctrl))
1898 /* Tor is not running. It does not make sense to add Onion
1900 ctrl->server_local->keyservers = plain_items;
1905 /* In all other cases add all keyservers. */
1906 ctrl->server_local->keyservers = onion_items;
1908 for (ui = ctrl->server_local->keyservers; ui && ui->next; ui = ui->next)
1911 ui->next = plain_items;
1913 ctrl->server_local->keyservers = plain_items;
1918 release_uri_item_list (onion_items);
1919 release_uri_item_list (plain_items);
1925 static const char hlp_keyserver[] =
1926 "KEYSERVER [<options>] [<uri>|<host>]\n"
1929 " --clear Remove all configured keyservers\n"
1930 " --resolve Resolve HKP host names and rotate\n"
1931 " --hosttable Print table of known hosts and pools\n"
1932 " --dead Mark <host> as dead\n"
1933 " --alive Mark <host> as alive\n"
1935 "If called without arguments list all configured keyserver URLs.\n"
1936 "If called with an URI add this as keyserver. Note that keyservers\n"
1937 "are configured on a per-session base. A default keyserver may already be\n"
1938 "present, thus the \"--clear\" option must be used to get full control.\n"
1939 "If \"--clear\" and an URI are used together the clear command is\n"
1940 "obviously executed first. A RESET command does not change the list\n"
1941 "of configured keyservers.";
1943 cmd_keyserver (assuan_context_t ctx, char *line)
1945 ctrl_t ctrl = assuan_get_pointer (ctx);
1946 gpg_error_t err = 0;
1947 int clear_flag, add_flag, help_flag, host_flag, resolve_flag;
1948 int dead_flag, alive_flag;
1949 uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it
1950 is always initialized. */
1952 clear_flag = has_option (line, "--clear");
1953 help_flag = has_option (line, "--help");
1954 resolve_flag = has_option (line, "--resolve");
1955 host_flag = has_option (line, "--hosttable");
1956 dead_flag = has_option (line, "--dead");
1957 alive_flag = has_option (line, "--alive");
1958 line = skip_options (line);
1963 err = ks_action_help (ctrl, line);
1969 err = ensure_keyserver (ctrl);
1971 err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
1976 if (alive_flag && dead_flag)
1978 err = set_error (GPG_ERR_ASS_PARAMETER, "no support for zombies");
1983 err = check_owner_permission (ctx, "no permission to use --dead");
1987 if (alive_flag || dead_flag)
1991 err = set_error (GPG_ERR_ASS_PARAMETER, "name of host missing");
1995 err = ks_hkp_mark_host (ctrl, line, alive_flag);
2002 err = ks_hkp_print_hosttable (ctrl);
2006 if (resolve_flag || host_flag || alive_flag || dead_flag)
2011 err = make_keyserver_item (line, &item);
2016 release_ctrl_keyservers (ctrl);
2019 item->next = ctrl->server_local->keyservers;
2020 ctrl->server_local->keyservers = item;
2023 if (!add_flag && !clear_flag && !help_flag)
2025 /* List configured keyservers. However, we first add a global
2029 err = ensure_keyserver (ctrl);
2032 assuan_set_error (ctx, err,
2033 "Bad keyserver configuration in dirmngr.conf");
2037 for (u=ctrl->server_local->keyservers; u; u = u->next)
2038 dirmngr_status (ctrl, "KEYSERVER", u->uri, NULL);
2043 return leave_cmd (ctx, err);
2048 static const char hlp_ks_search[] =
2049 "KS_SEARCH {<pattern>}\n"
2051 "Search the configured OpenPGP keyservers (see command KEYSERVER)\n"
2052 "for keys matching PATTERN";
2054 cmd_ks_search (assuan_context_t ctx, char *line)
2056 ctrl_t ctrl = assuan_get_pointer (ctx);
2062 /* No options for now. */
2063 line = skip_options (line);
2065 /* Break the line down into an strlist. Each pattern is
2066 percent-plus escaped. */
2068 for (p=line; *p; line = p)
2070 while (*p && *p != ' ')
2076 sl = xtrymalloc (sizeof *sl + strlen (line));
2079 err = gpg_error_from_syserror ();
2083 strcpy_escaped_plus (sl->d, line);
2089 err = ensure_keyserver (ctrl);
2093 /* Setup an output stream and perform the search. */
2094 outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
2096 err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
2099 err = ks_action_search (ctrl, ctrl->server_local->keyservers,
2105 free_strlist (list);
2106 return leave_cmd (ctx, err);
2111 static const char hlp_ks_get[] =
2112 "KS_GET {<pattern>}\n"
2114 "Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
2115 "(see command KEYSERVER). Each pattern should be a keyid, a fingerprint,\n"
2116 "or an exact name indicated by the '=' prefix.";
2118 cmd_ks_get (assuan_context_t ctx, char *line)
2120 ctrl_t ctrl = assuan_get_pointer (ctx);
2126 /* No options for now. */
2127 line = skip_options (line);
2129 /* Break the line into a strlist. Each pattern is by
2130 definition percent-plus escaped. However we only support keyids
2131 and fingerprints and thus the client has no need to apply the
2134 for (p=line; *p; line = p)
2136 while (*p && *p != ' ')
2142 sl = xtrymalloc (sizeof *sl + strlen (line));
2145 err = gpg_error_from_syserror ();
2149 strcpy_escaped_plus (sl->d, line);
2155 err = ensure_keyserver (ctrl);
2159 /* Setup an output stream and perform the get. */
2160 outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
2162 err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
2165 ctrl->server_local->inhibit_data_logging = 1;
2166 ctrl->server_local->inhibit_data_logging_now = 0;
2167 ctrl->server_local->inhibit_data_logging_count = 0;
2168 err = ks_action_get (ctrl, ctrl->server_local->keyservers, list, outfp);
2170 ctrl->server_local->inhibit_data_logging = 0;
2174 free_strlist (list);
2175 return leave_cmd (ctx, err);
2179 static const char hlp_ks_fetch[] =
2182 "Get the key(s) from URL.";
2184 cmd_ks_fetch (assuan_context_t ctx, char *line)
2186 ctrl_t ctrl = assuan_get_pointer (ctx);
2190 /* No options for now. */
2191 line = skip_options (line);
2193 err = ensure_keyserver (ctrl); /* FIXME: Why do we needs this here? */
2197 /* Setup an output stream and perform the get. */
2198 outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
2200 err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
2203 ctrl->server_local->inhibit_data_logging = 1;
2204 ctrl->server_local->inhibit_data_logging_now = 0;
2205 ctrl->server_local->inhibit_data_logging_count = 0;
2206 err = ks_action_fetch (ctrl, line, outfp);
2208 ctrl->server_local->inhibit_data_logging = 0;
2212 return leave_cmd (ctx, err);
2217 static const char hlp_ks_put[] =
2220 "Send a key to the configured OpenPGP keyservers. The actual key material\n"
2221 "is then requested by Dirmngr using\n"
2223 " INQUIRE KEYBLOCK\n"
2225 "The client shall respond with a binary version of the keyblock (e.g.,\n"
2226 "the output of `gpg --export KEYID'). For LDAP\n"
2227 "keyservers Dirmngr may ask for meta information of the provided keyblock\n"
2230 " INQUIRE KEYBLOCK_INFO\n"
2232 "The client shall respond with a colon delimited info lines (the output\n"
2233 "of 'for x in keys sigs; do gpg --list-$x --with-colons KEYID; done').\n";
2235 cmd_ks_put (assuan_context_t ctx, char *line)
2237 ctrl_t ctrl = assuan_get_pointer (ctx);
2239 unsigned char *value = NULL;
2241 unsigned char *info = NULL;
2244 /* No options for now. */
2245 line = skip_options (line);
2247 err = ensure_keyserver (ctrl);
2251 /* Ask for the key material. */
2252 err = assuan_inquire (ctx, "KEYBLOCK",
2253 &value, &valuelen, MAX_KEYBLOCK_LENGTH);
2256 log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
2260 if (!valuelen) /* No data returned; return a comprehensible error. */
2262 err = gpg_error (GPG_ERR_MISSING_CERT);
2266 /* Ask for the key meta data. Not actually needed for HKP servers
2267 but we do it anyway to test the client implementaion. */
2268 err = assuan_inquire (ctx, "KEYBLOCK_INFO",
2269 &info, &infolen, MAX_KEYBLOCK_LENGTH);
2272 log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
2277 err = ks_action_put (ctrl, ctrl->server_local->keyservers,
2278 value, valuelen, info, infolen);
2283 return leave_cmd (ctx, err);
2288 static const char hlp_loadswdb[] =
2289 "LOADSWDB [--force]\n"
2291 "Load and verify the swdb.lst from the Net.";
2293 cmd_loadswdb (assuan_context_t ctx, char *line)
2295 ctrl_t ctrl = assuan_get_pointer (ctx);
2298 err = dirmngr_load_swdb (ctrl, has_option (line, "--force"));
2300 return leave_cmd (ctx, err);
2305 static const char hlp_getinfo[] =
2308 "Multi purpose command to return certain information. \n"
2309 "Supported values of WHAT are:\n"
2311 "version - Return the version of the program.\n"
2312 "pid - Return the process id of the server.\n"
2313 "tor - Return OK if running in Tor mode\n"
2314 "dnsinfo - Return info about the DNS resolver\n"
2315 "socket_name - Return the name of the socket.\n";
2317 cmd_getinfo (assuan_context_t ctx, char *line)
2319 ctrl_t ctrl = assuan_get_pointer (ctx);
2322 if (!strcmp (line, "version"))
2324 const char *s = VERSION;
2325 err = assuan_send_data (ctx, s, strlen (s));
2327 else if (!strcmp (line, "pid"))
2331 snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
2332 err = assuan_send_data (ctx, numbuf, strlen (numbuf));
2334 else if (!strcmp (line, "socket_name"))
2336 const char *s = dirmngr_get_current_socket_name ();
2337 err = assuan_send_data (ctx, s, strlen (s));
2339 else if (!strcmp (line, "tor"))
2343 use_tor = dirmngr_use_tor ();
2346 if (!is_tor_running (ctrl))
2347 err = assuan_write_status (ctx, "NO_TOR", "Tor not running");
2351 assuan_set_okay_line (ctx, use_tor == 1 ? "- Tor mode is enabled"
2352 /**/ : "- Tor mode is enforced");
2355 err = set_error (GPG_ERR_FALSE, "Tor mode is NOT enabled");
2357 else if (!strcmp (line, "dnsinfo"))
2359 if (standard_resolver_p ())
2360 assuan_set_okay_line
2361 (ctx, "- Forced use of System resolver (w/o Tor support)");
2365 assuan_set_okay_line (ctx, (recursive_resolver_p ()
2366 ? "- Libdns recursive resolver"
2367 : "- Libdns stub resolver"));
2369 assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)");
2375 err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
2377 return leave_cmd (ctx, err);
2382 static const char hlp_killdirmngr[] =
2385 "This command allows a user - given sufficient permissions -\n"
2386 "to kill this dirmngr process.\n";
2388 cmd_killdirmngr (assuan_context_t ctx, char *line)
2390 ctrl_t ctrl = assuan_get_pointer (ctx);
2394 ctrl->server_local->stopme = 1;
2395 assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
2396 return gpg_error (GPG_ERR_EOF);
2400 static const char hlp_reloaddirmngr[] =
2403 "This command is an alternative to SIGHUP\n"
2404 "to reload the configuration.";
2406 cmd_reloaddirmngr (assuan_context_t ctx, char *line)
2411 dirmngr_sighup_action ();
2417 /* Tell the assuan library about our commands. */
2419 register_commands (assuan_context_t ctx)
2423 assuan_handler_t handler;
2424 const char * const help;
2426 { "DNS_CERT", cmd_dns_cert, hlp_dns_cert },
2427 { "WKD_GET", cmd_wkd_get, hlp_wkd_get },
2428 { "LDAPSERVER", cmd_ldapserver, hlp_ldapserver },
2429 { "ISVALID", cmd_isvalid, hlp_isvalid },
2430 { "CHECKCRL", cmd_checkcrl, hlp_checkcrl },
2431 { "CHECKOCSP", cmd_checkocsp, hlp_checkocsp },
2432 { "LOOKUP", cmd_lookup, hlp_lookup },
2433 { "LOADCRL", cmd_loadcrl, hlp_loadcrl },
2434 { "LISTCRLS", cmd_listcrls, hlp_listcrls },
2435 { "CACHECERT", cmd_cachecert, hlp_cachecert },
2436 { "VALIDATE", cmd_validate, hlp_validate },
2437 { "KEYSERVER", cmd_keyserver, hlp_keyserver },
2438 { "KS_SEARCH", cmd_ks_search, hlp_ks_search },
2439 { "KS_GET", cmd_ks_get, hlp_ks_get },
2440 { "KS_FETCH", cmd_ks_fetch, hlp_ks_fetch },
2441 { "KS_PUT", cmd_ks_put, hlp_ks_put },
2442 { "GETINFO", cmd_getinfo, hlp_getinfo },
2443 { "LOADSWDB", cmd_loadswdb, hlp_loadswdb },
2444 { "KILLDIRMNGR",cmd_killdirmngr,hlp_killdirmngr },
2445 { "RELOADDIRMNGR",cmd_reloaddirmngr,hlp_reloaddirmngr },
2450 for (i=j=0; table[i].name; i++)
2452 rc = assuan_register_command (ctx, table[i].name, table[i].handler,
2461 /* Note that we do not reset the list of configured keyservers. */
2463 reset_notify (assuan_context_t ctx, char *line)
2465 ctrl_t ctrl = assuan_get_pointer (ctx);
2469 ldapserver_list_free (ctrl->server_local->ldapservers);
2471 ctrl->server_local->ldapservers = NULL;
2476 /* This function is called by our assuan log handler to test whether a
2477 * log message shall really be printed. The function must return
2478 * false to inhibit the logging of MSG. CAT gives the requested log
2479 * category. MSG might be NULL. */
2481 dirmngr_assuan_log_monitor (assuan_context_t ctx, unsigned int cat,
2484 ctrl_t ctrl = assuan_get_pointer (ctx);
2489 if (!ctrl || !ctrl->server_local)
2490 return 1; /* Can't decide - allow logging. */
2492 if (!ctrl->server_local->inhibit_data_logging)
2493 return 1; /* Not requested - allow logging. */
2495 /* Disallow logging if *_now is true. */
2496 return !ctrl->server_local->inhibit_data_logging_now;
2500 /* Startup the server and run the main command loop. With FD = -1,
2501 use stdin/stdout. */
2503 start_command_handler (assuan_fd_t fd)
2505 static const char hello[] = "Dirmngr " VERSION " at your service";
2506 static char *hello_line;
2508 assuan_context_t ctx;
2511 ctrl = xtrycalloc (1, sizeof *ctrl);
2513 ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local);
2514 if (!ctrl || !ctrl->server_local)
2516 log_error (_("can't allocate control structure: %s\n"),
2522 dirmngr_init_default_ctrl (ctrl);
2524 rc = assuan_new (&ctx);
2527 log_error (_("failed to allocate assuan context: %s\n"),
2532 if (fd == ASSUAN_INVALID_FD)
2534 assuan_fd_t filedes[2];
2536 filedes[0] = assuan_fdopen (0);
2537 filedes[1] = assuan_fdopen (1);
2538 rc = assuan_init_pipe_server (ctx, filedes);
2542 rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED);
2547 assuan_release (ctx);
2548 log_error (_("failed to initialize the server: %s\n"),
2553 rc = register_commands (ctx);
2556 log_error (_("failed to the register commands with Assuan: %s\n"),
2564 hello_line = xtryasprintf
2569 opt.config_filename? opt.config_filename : "[none]",
2573 ctrl->server_local->assuan_ctx = ctx;
2574 assuan_set_pointer (ctx, ctrl);
2576 assuan_set_hello_line (ctx, hello_line);
2577 assuan_register_option_handler (ctx, option_handler);
2578 assuan_register_reset_notify (ctx, reset_notify);
2582 rc = assuan_accept (ctx);
2587 log_info (_("Assuan accept problem: %s\n"), gpg_strerror (rc));
2591 #ifndef HAVE_W32_SYSTEM
2594 assuan_peercred_t peercred;
2596 if (!assuan_get_peercred (ctx, &peercred))
2597 log_info ("connection from process %ld (%ld:%ld)\n",
2598 (long)peercred->pid, (long)peercred->uid,
2599 (long)peercred->gid);
2603 rc = assuan_process (ctx);
2606 log_info (_("Assuan processing failed: %s\n"), gpg_strerror (rc));
2613 ldap_wrapper_connection_cleanup (ctrl);
2615 ldapserver_list_free (ctrl->server_local->ldapservers);
2617 ctrl->server_local->ldapservers = NULL;
2619 release_ctrl_keyservers (ctrl);
2621 ctrl->server_local->assuan_ctx = NULL;
2622 assuan_release (ctx);
2624 if (ctrl->server_local->stopme)
2628 log_error ("oops: connection control structure still referenced (%d)\n",
2632 release_ctrl_ocsp_certs (ctrl);
2633 xfree (ctrl->server_local);
2634 dirmngr_deinit_default_ctrl (ctrl);
2640 /* Send a status line back to the client. KEYWORD is the status
2641 keyword, the optional string arguments are blank separated added to
2642 the line, the last argument must be a NULL. */
2644 dirmngr_status (ctrl_t ctrl, const char *keyword, ...)
2646 gpg_error_t err = 0;
2650 va_start (arg_ptr, keyword);
2652 if (ctrl->server_local)
2654 assuan_context_t ctx = ctrl->server_local->assuan_ctx;
2660 while ( (text = va_arg (arg_ptr, const char *)) )
2667 for ( ; *text && n < DIM (buf)-2; n++)
2671 err = assuan_write_status (ctx, keyword, buf);
2679 /* Print a help status line. TEXTLEN gives the length of the text
2680 from TEXT to be printed. The function splits text at LFs. */
2682 dirmngr_status_help (ctrl_t ctrl, const char *text)
2684 gpg_error_t err = 0;
2686 if (ctrl->server_local)
2688 assuan_context_t ctx = ctrl->server_local->assuan_ctx;
2696 for ( ; *text && *text != '\n' && n < DIM (buf)-2; n++)
2701 err = assuan_write_status (ctx, "#", buf);
2703 while (!err && *text);
2709 /* Send a tick progress indicator back. Fixme: This is only done for
2710 the currently active channel. */
2712 dirmngr_tick (ctrl_t ctrl)
2714 static time_t next_tick = 0;
2715 gpg_error_t err = 0;
2716 time_t now = time (NULL);
2720 next_tick = now + 1;
2722 else if ( now > next_tick )
2726 err = dirmngr_status (ctrl, "PROGRESS", "tick", "? 0 0", NULL);
2729 /* Take this as in indication for a cancel request. */
2730 err = gpg_error (GPG_ERR_CANCELED);
2735 next_tick = now + 1;