1 /* call-dirmngr.c - GPG operations to the Dirmngr.
2 * Copyright (C) 2011 Free Software Foundation, Inc.
3 * Copyright (C) 2015 g10 Code GmbH
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
39 #include "keyserver.h"
41 #include "call-dirmngr.h"
44 /* Parameter structure used to gather status info. */
45 struct ks_status_parm_s
47 const char *keyword; /* Look for this keyword or NULL for "SOURCE". */
52 /* Parameter structure used with the KS_SEARCH command. */
53 struct ks_search_parm_s
55 gpg_error_t lasterr; /* Last error code. */
56 membuf_t saveddata; /* Buffer to build complete lines. */
57 char *helpbuf; /* NULL or malloced buffer. */
58 size_t helpbufsize; /* Allocated size of HELPBUF. */
59 gpg_error_t (*data_cb)(void*, int, char*); /* Callback. */
60 void *data_cb_value; /* First argument for DATA_CB. */
61 struct ks_status_parm_s *stparm; /* Link to the status parameter. */
65 /* Parameter structure used with the KS_GET command. */
72 /* Parameter structure used with the KS_PUT command. */
76 kbnode_t keyblock; /* The optional keyblock. */
77 const void *data; /* The key in OpenPGP binary format. */
78 size_t datalen; /* The length of DATA. */
82 /* Parameter structure used with the DNS_CERT command. */
83 struct dns_cert_parm_s
92 /* Data used to associate an session with dirmngr contexts. We can't
93 use a simple one to one mapping because we sometimes need two
94 connections to the dirmngr; for example while doing a listing and
95 being in a data callback we may want to retrieve a key. The local
96 dirmngr data takes care of this. At the end of the session the
97 function dirmngr_deinit_session_data is called by gpg.c to cleanup
98 these resources. Note that gpg.h defines a typedef dirmngr_local_t
99 for this structure. */
100 struct dirmngr_local_s
102 /* Link to other contexts which are used simultaneously. */
103 struct dirmngr_local_s *next;
105 /* The active Assuan context. */
106 assuan_context_t ctx;
108 /* Flag set when the keyserver names have been send. */
109 int set_keyservers_done;
111 /* Flag set to true while an operation is running on CTX. */
117 /* Deinitialize all session data of dirmngr pertaining to CTRL. */
119 gpg_dirmngr_deinit_session_data (ctrl_t ctrl)
123 while ((dml = ctrl->dirmngr_local))
125 ctrl->dirmngr_local = dml->next;
127 log_error ("oops: trying to cleanup an active dirmngr context\n");
129 assuan_release (dml->ctx);
135 /* Print a warning if the server's version number is less than our
136 version number. Returns an error code on a connection problem. */
138 warn_version_mismatch (assuan_context_t ctx, const char *servername)
142 const char *myversion = strusage (13);
144 err = get_assuan_server_version (ctx, 0, &serverversion);
146 log_error (_("error getting version from '%s': %s\n"),
147 servername, gpg_strerror (err));
148 else if (compare_version_strings (serverversion, myversion) < 0)
152 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
153 servername, serverversion, myversion);
155 err = gpg_error_from_syserror ();
158 log_info (_("WARNING: %s\n"), warn);
159 write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
164 xfree (serverversion);
169 /* Try to connect to the Dirmngr via a socket or spawn it if possible.
170 Handle the server's initial greeting and set global options. */
172 create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
175 assuan_context_t ctx;
178 err = start_new_dirmngr (&ctx,
179 GPG_ERR_SOURCE_DEFAULT,
181 opt.autostart, opt.verbose, DBG_IPC,
182 NULL /*gpg_status2*/, ctrl);
183 if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
190 log_info (_("no dirmngr running in this session\n"));
193 else if (!err && !(err = warn_version_mismatch (ctx, DIRMNGR_NAME)))
197 /* Tell the dirmngr that we want to collect audit event. */
198 /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */
199 /* NULL, NULL, NULL, NULL, NULL, NULL); */
200 if (opt.keyserver_options.http_proxy)
202 line = xtryasprintf ("OPTION http-proxy=%s",
203 opt.keyserver_options.http_proxy);
205 err = gpg_error_from_syserror ();
208 err = assuan_transact (ctx, line, NULL, NULL, NULL,
216 else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL))
218 /* Tell the dirmngr that this possibly privacy invading
219 option is in use. If Dirmngr is running in Tor mode, it
220 will return an error. */
221 err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
222 NULL, NULL, NULL, NULL, NULL, NULL);
223 if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
224 log_error (_("keyserver option \"honor-keyserver-url\""
225 " may not be used in Tor mode\n"));
226 else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
227 err = 0; /* Old dirmngr versions do not support this option. */
232 assuan_release (ctx);
235 /* audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); */
243 /* Get a context for accessing dirmngr. If no context is available a
244 new one is created and - if required - dirmngr started. On success
245 an assuan context is stored at R_CTX. This context may only be
246 released by means of close_context. Note that NULL is stored at
249 open_context (ctrl_t ctrl, assuan_context_t *r_ctx)
257 for (dml = ctrl->dirmngr_local; dml && dml->is_active; dml = dml->next)
261 /* Found an inactive local session - return that. */
262 log_assert (!dml->is_active);
264 /* But first do the per session init if not yet done. */
265 if (!dml->set_keyservers_done)
267 keyserver_spec_t ksi;
269 /* Set all configured keyservers. We clear existing
270 keyservers so that any keyserver configured in GPG
271 overrides keyservers possibly still configured in Dirmngr
272 for the session (Note that the keyserver list of a
273 session in Dirmngr survives a RESET. */
274 for (ksi = opt.keyserver; ksi; ksi = ksi->next)
280 ksi == opt.keyserver? " --clear":"", ksi->uri);
282 err = gpg_error_from_syserror ();
285 err = assuan_transact (dml->ctx, line, NULL, NULL, NULL,
294 dml->set_keyservers_done = 1;
303 dml = xtrycalloc (1, sizeof *dml);
305 return gpg_error_from_syserror ();
306 err = create_context (ctrl, &dml->ctx);
313 /* To be on the nPth thread safe site we need to add it to a
314 list; this is far easier than to have a lock for this
315 function. It should not happen anyway but the code is free
316 because we need it for the is_active check above. */
317 dml->next = ctrl->dirmngr_local;
318 ctrl->dirmngr_local = dml;
323 /* Close the assuan context CTX or return it to a pool of unused
324 contexts. If CTX is NULL, the function does nothing. */
326 close_context (ctrl_t ctrl, assuan_context_t ctx)
333 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
338 log_fatal ("closing inactive dirmngr context %p\n", ctx);
343 log_fatal ("closing unknown dirmngr ctx %p\n", ctx);
347 /* Clear the set_keyservers_done flag on context CTX. */
349 clear_context_flags (ctrl_t ctrl, assuan_context_t ctx)
356 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
361 log_fatal ("clear_context_flags on inactive dirmngr ctx %p\n", ctx);
362 dml->set_keyservers_done = 0;
366 log_fatal ("clear_context_flags on unknown dirmngr ctx %p\n", ctx);
371 /* Status callback for ks_list, ks_get and ks_search. */
373 ks_status_cb (void *opaque, const char *line)
375 struct ks_status_parm_s *parm = opaque;
380 if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
384 parm->source = xtrystrdup (s);
386 err = gpg_error_from_syserror ();
389 else if ((s = has_leading_keyword (line, "WARNING")))
391 if ((s2 = has_leading_keyword (s, "tor_not_running")))
392 warn = _("Tor is not running");
393 else if ((s2 = has_leading_keyword (s, "tor_config_problem")))
394 warn = _("Tor is not properly configured");
400 log_info (_("WARNING: %s\n"), warn);
403 while (*s2 && !spacep (s2))
405 while (*s2 && spacep (s2))
408 print_further_info ("%s", s2);
418 /* Run the "KEYSERVER" command to return the name of the used
419 keyserver at R_KEYSERVER. */
421 gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
424 assuan_context_t ctx;
425 struct ks_status_parm_s stparm;
427 memset (&stparm, 0, sizeof stparm);
428 stparm.keyword = "KEYSERVER";
432 err = open_context (ctrl, &ctx);
436 err = assuan_transact (ctx, "KEYSERVER", NULL, NULL,
437 NULL, NULL, ks_status_cb, &stparm);
442 err = gpg_error (GPG_ERR_NO_KEYSERVER);
447 *r_keyserver = stparm.source;
449 xfree (stparm.source);
450 stparm.source = NULL;
453 xfree (stparm.source);
454 close_context (ctrl, ctx);
460 /* Data callback for the KS_SEARCH command. */
462 ks_search_data_cb (void *opaque, const void *data, size_t datalen)
465 struct ks_search_parm_s *parm = opaque;
466 const char *line, *s;
467 size_t rawlen, linelen;
473 if (parm->stparm->source)
475 err = parm->data_cb (parm->data_cb_value, 1, parm->stparm->source);
481 /* Clear it so that we won't get back here unless the server
482 accidentally sends a second source status line. Note that
483 will not see all accidentally sent source lines because it
484 depends on whether data lines have been send in between. */
485 xfree (parm->stparm->source);
486 parm->stparm->source = NULL;
490 return 0; /* Ignore END commands. */
492 put_membuf (&parm->saveddata, data, datalen);
495 line = peek_membuf (&parm->saveddata, &rawlen);
498 parm->lasterr = gpg_error_from_syserror ();
499 return parm->lasterr; /* Tell the server about our problem. */
501 if ((s = memchr (line, '\n', rawlen)))
503 linelen = s - line; /* That is the length excluding the LF. */
504 if (linelen + 1 < sizeof fixedbuf)
506 /* We can use the static buffer. */
507 memcpy (fixedbuf, line, linelen);
508 fixedbuf[linelen] = 0;
509 if (linelen && fixedbuf[linelen-1] == '\r')
510 fixedbuf[linelen-1] = 0;
511 err = parm->data_cb (parm->data_cb_value, 0, fixedbuf);
515 if (linelen + 1 >= parm->helpbufsize)
517 xfree (parm->helpbuf);
518 parm->helpbufsize = linelen + 1 + 1024;
519 parm->helpbuf = xtrymalloc (parm->helpbufsize);
522 parm->lasterr = gpg_error_from_syserror ();
523 return parm->lasterr;
526 memcpy (parm->helpbuf, line, linelen);
527 parm->helpbuf[linelen] = 0;
528 if (linelen && parm->helpbuf[linelen-1] == '\r')
529 parm->helpbuf[linelen-1] = 0;
530 err = parm->data_cb (parm->data_cb_value, 0, parm->helpbuf);
536 clear_membuf (&parm->saveddata, linelen+1);
537 goto again; /* There might be another complete line. */
545 /* Run the KS_SEARCH command using the search string SEARCHSTR. All
546 data lines are passed to the CB function. That function is called
547 with CB_VALUE as its first argument, a 0 as second argument, and
548 the decoded data line as third argument. The callback function may
549 modify the data line and it is guaranteed that this data line is a
550 complete line with a terminating 0 character but without the
551 linefeed. NULL is passed to the callback to indicate EOF. */
553 gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
554 gpg_error_t (*cb)(void*, int, char *), void *cb_value)
557 assuan_context_t ctx;
558 struct ks_status_parm_s stparm;
559 struct ks_search_parm_s parm;
560 char line[ASSUAN_LINELENGTH];
562 err = open_context (ctrl, &ctx);
567 char *escsearchstr = percent_plus_escape (searchstr);
570 err = gpg_error_from_syserror ();
571 close_context (ctrl, ctx);
574 snprintf (line, sizeof line, "KS_SEARCH -- %s", escsearchstr);
575 xfree (escsearchstr);
578 memset (&stparm, 0, sizeof stparm);
579 memset (&parm, 0, sizeof parm);
580 init_membuf (&parm.saveddata, 1024);
582 parm.data_cb_value = cb_value;
583 parm.stparm = &stparm;
585 err = assuan_transact (ctx, line, ks_search_data_cb, &parm,
586 NULL, NULL, ks_status_cb, &stparm);
588 err = cb (cb_value, 0, NULL); /* Send EOF. */
590 xfree (get_membuf (&parm.saveddata, NULL));
591 xfree (parm.helpbuf);
592 xfree (stparm.source);
594 close_context (ctrl, ctx);
600 /* Data callback for the KS_GET and KS_FETCH commands. */
602 ks_get_data_cb (void *opaque, const void *data, size_t datalen)
605 struct ks_get_parm_s *parm = opaque;
609 return 0; /* Ignore END commands. */
611 if (es_write (parm->memfp, data, datalen, &nwritten))
612 err = gpg_error_from_syserror ();
618 /* Run the KS_GET command using the patterns in the array PATTERN. On
619 success an estream object is returned to retrieve the keys. On
620 error an error code is returned and NULL stored at R_FP.
622 The pattern may only use search specification which a keyserver can
623 use to retrieve keys. Because we know the format of the pattern we
624 don't need to escape the patterns before sending them to the
627 If QUICK is set the dirmngr is advised to use a shorter timeout.
629 If R_SOURCE is not NULL the source of the data is stored as a
630 malloced string there. If a source is not known NULL is stored.
632 If there are too many patterns the function returns an error. That
633 could be fixed by issuing several search commands or by
634 implementing a different interface. However with long keyids we
635 are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */
637 gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
638 keyserver_spec_t override_keyserver, int quick,
639 estream_t *r_fp, char **r_source)
642 assuan_context_t ctx;
643 struct ks_status_parm_s stparm;
644 struct ks_get_parm_s parm;
650 memset (&stparm, 0, sizeof stparm);
651 memset (&parm, 0, sizeof parm);
657 err = open_context (ctrl, &ctx);
661 /* If we have an override keyserver we first indicate that the next
662 user of the context needs to again setup the global keyservers and
663 them we send the override keyserver. */
664 if (override_keyserver)
666 clear_context_flags (ctrl, ctx);
667 line = xtryasprintf ("KEYSERVER --clear %s", override_keyserver->uri);
670 err = gpg_error_from_syserror ();
673 err = assuan_transact (ctx, line, NULL, NULL, NULL,
682 /* Lump all patterns into one string. */
683 init_membuf (&mb, 1024);
684 put_membuf_str (&mb, quick? "KS_GET --quick --" : "KS_GET --");
685 for (idx=0; pattern[idx]; idx++)
687 put_membuf (&mb, " ", 1); /* Append Delimiter. */
688 put_membuf_str (&mb, pattern[idx]);
690 put_membuf (&mb, "", 1); /* Append Nul. */
691 line = get_membuf (&mb, &linelen);
694 err = gpg_error_from_syserror ();
697 if (linelen + 2 >= ASSUAN_LINELENGTH)
699 err = gpg_error (GPG_ERR_TOO_MANY);
703 parm.memfp = es_fopenmem (0, "rwb");
706 err = gpg_error_from_syserror ();
709 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
710 NULL, NULL, ks_status_cb, &stparm);
714 es_rewind (parm.memfp);
720 *r_source = stparm.source;
721 stparm.source = NULL;
725 es_fclose (parm.memfp);
726 xfree (stparm.source);
728 close_context (ctrl, ctx);
733 /* Run the KS_FETCH and pass URL as argument. On success an estream
734 object is returned to retrieve the keys. On error an error code is
735 returned and NULL stored at R_FP.
737 The url is expected to point to a small set of keys; in many cases
738 only to one key. However, schemes like finger may return several
739 keys. Note that the configured keyservers are ignored by the
742 gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
745 assuan_context_t ctx;
746 struct ks_get_parm_s parm;
749 memset (&parm, 0, sizeof parm);
753 err = open_context (ctrl, &ctx);
757 line = strconcat ("KS_FETCH -- ", url, NULL);
760 err = gpg_error_from_syserror ();
763 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
765 err = gpg_error (GPG_ERR_TOO_LARGE);
769 parm.memfp = es_fopenmem (0, "rwb");
772 err = gpg_error_from_syserror ();
775 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
776 NULL, NULL, NULL, NULL);
780 es_rewind (parm.memfp);
785 es_fclose (parm.memfp);
787 close_context (ctrl, ctx);
794 record_output (estream_t output,
796 const char *validity,
797 /* The public key length or -1. */
799 /* The public key algo or -1. */
801 /* 2 ulongs or NULL. */
803 /* The creation / expiration date or 0. */
808 const char *type_str = NULL;
809 char *pub_key_length_str = NULL;
810 char *pub_key_algo_str = NULL;
811 char *keyid_str = NULL;
812 char *creation_date_str = NULL;
813 char *expiration_date_str = NULL;
814 char *userid_escaped = NULL;
821 case PKT_PUBLIC_SUBKEY:
831 log_assert (! "Unhandled type.");
834 if (pub_key_length > 0)
835 pub_key_length_str = xasprintf ("%d", pub_key_length);
837 if (pub_key_algo != -1)
838 pub_key_algo_str = xasprintf ("%d", pub_key_algo);
841 keyid_str = xasprintf ("%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]);
844 creation_date_str = xstrdup (colon_strtime (creation_date));
847 expiration_date_str = xstrdup (colon_strtime (expiration_date));
849 /* Quote ':', '%', and any 8-bit characters. */
855 int len = strlen (userid);
856 /* A 100k character limit on the uid should be way more than
858 if (len > 100 * 1024)
861 /* The minimum amount of space that we need. */
862 userid_escaped = xmalloc (len * 3 + 1);
864 for (r = 0; r < len; r++)
866 if (userid[r] == ':' || userid[r]== '%' || (userid[r] & 0x80))
868 sprintf (&userid_escaped[w], "%%%02X", (byte) userid[r]);
872 userid_escaped[w ++] = userid[r];
874 userid_escaped[w] = '\0';
877 es_fprintf (output, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n",
880 pub_key_length_str ?: "",
881 pub_key_algo_str ?: "",
883 creation_date_str ?: "",
884 expiration_date_str ?: "",
885 "" /* Certificate S/N */,
886 "" /* Ownertrust. */,
887 userid_escaped ?: "",
888 "" /* Signature class. */,
889 "" /* Key capabilities. */,
890 "" /* Issuer certificate fingerprint. */,
891 "" /* Flag field. */,
892 "" /* S/N of a token. */,
894 "" /* Curve name. */);
896 xfree (userid_escaped);
897 xfree (expiration_date_str);
898 xfree (creation_date_str);
900 xfree (pub_key_algo_str);
901 xfree (pub_key_length_str);
904 /* Handle the KS_PUT inquiries. */
906 ks_put_inq_cb (void *opaque, const char *line)
908 struct ks_put_parm_s *parm = opaque;
911 if (has_leading_keyword (line, "KEYBLOCK"))
914 err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
916 else if (has_leading_keyword (line, "KEYBLOCK_INFO"))
921 /* Parse the keyblock and send info lines back to the server. */
922 fp = es_fopenmem (0, "rw,samethread");
924 err = gpg_error_from_syserror ();
926 /* Note: the output format for the INFO block follows the colon
927 format as described in doc/DETAILS. We don't actually reuse
928 the functionality from g10/keylist.c to produce the output,
929 because we don't need all of it and some of it is quite
930 expensive to generate.
932 The fields are (the starred fields are the ones we need):
934 * Field 1 - Type of record
936 * Field 3 - Key length
937 * Field 4 - Public key algorithm
939 * Field 6 - Creation date
940 * Field 7 - Expiration date
941 Field 8 - Certificate S/N, UID hash, trust signature info
944 Field 11 - Signature class
945 Field 12 - Key capabilities
946 Field 13 - Issuer certificate fingerprint or other info
947 Field 14 - Flag field
948 Field 15 - S/N of a token
949 Field 16 - Hash algorithm
950 Field 17 - Curve name
952 for (node = parm->keyblock; !err && node; node=node->next)
954 switch (node->pkt->pkttype)
957 case PKT_PUBLIC_SUBKEY:
959 PKT_public_key *pk = node->pkt->pkt.public_key;
965 if (pk->flags.revoked)
966 validity[i ++] = 'r';
968 validity[i ++] = 'e';
971 keyid_from_pk (pk, NULL);
973 record_output (fp, node->pkt->pkttype, validity,
974 nbits_from_pk (pk), pk->pubkey_algo,
975 pk->keyid, pk->timestamp, pk->expiredate,
982 PKT_user_id *uid = node->pkt->pkt.user_id;
984 if (!uid->attrib_data)
991 validity[i ++] = 'r';
993 validity[i ++] = 'e';
996 record_output (fp, node->pkt->pkttype, validity,
998 uid->created, uid->expiredate,
1004 /* This bit is really for the benefit of people who
1005 store their keys in LDAP servers. It makes it easy
1006 to do queries for things like "all keys signed by
1010 PKT_signature *sig = node->pkt->pkt.signature;
1012 if (IS_UID_SIG (sig))
1013 record_output (fp, node->pkt->pkttype, NULL,
1015 sig->timestamp, sig->expiredate, NULL);
1022 /* Given that the last operation was an es_fprintf we should
1023 get the correct ERRNO if ferror indicates an error. */
1025 err = gpg_error_from_syserror ();
1028 /* Without an error and if we have an keyblock at all, send the
1030 if (!err && parm->keyblock)
1037 while (!(rc=es_read (fp, buffer, sizeof buffer, &nread)) && nread)
1039 err = assuan_send_data (parm->ctx, buffer, nread);
1044 err = gpg_error_from_syserror ();
1049 return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
1055 /* Send a key to the configured server. {DATA,DATLEN} contains the
1056 key in OpenPGP binary transport format. If KEYBLOCK is not NULL it
1057 has the internal representaion of that key; this is for example
1058 used to convey meta data to LDAP keyservers. */
1060 gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
1063 assuan_context_t ctx;
1064 struct ks_put_parm_s parm;
1066 memset (&parm, 0, sizeof parm);
1068 /* We are going to parse the keyblock, thus we better make sure the
1069 all information is readily available. */
1071 merge_keys_and_selfsig (keyblock);
1073 err = open_context (ctrl, &ctx);
1078 parm.keyblock = keyblock;
1080 parm.datalen = datalen;
1082 err = assuan_transact (ctx, "KS_PUT", NULL, NULL,
1083 ks_put_inq_cb, &parm, NULL, NULL);
1085 close_context (ctrl, ctx);
1091 /* Data callback for the DNS_CERT and WKD_GET commands. */
1093 dns_cert_data_cb (void *opaque, const void *data, size_t datalen)
1095 struct dns_cert_parm_s *parm = opaque;
1096 gpg_error_t err = 0;
1100 return 0; /* Ignore END commands. */
1102 return 0; /* Data is not required. */
1104 if (es_write (parm->memfp, data, datalen, &nwritten))
1105 err = gpg_error_from_syserror ();
1111 /* Status callback for the DNS_CERT command. */
1113 dns_cert_status_cb (void *opaque, const char *line)
1115 struct dns_cert_parm_s *parm = opaque;
1116 gpg_error_t err = 0;
1120 if ((s = has_leading_keyword (line, "FPR")))
1124 if (!(buf = xtrystrdup (s)))
1125 err = gpg_error_from_syserror ();
1127 err = gpg_error (GPG_ERR_DUP_KEY);
1128 else if (!hex2str (buf, buf, strlen (buf)+1, &nbytes))
1129 err = gpg_error_from_syserror ();
1130 else if (nbytes < 20)
1131 err = gpg_error (GPG_ERR_TOO_SHORT);
1134 parm->fpr = xtrymalloc (nbytes);
1136 err = gpg_error_from_syserror ();
1138 memcpy (parm->fpr, buf, (parm->fprlen = nbytes));
1142 else if ((s = has_leading_keyword (line, "URL")) && *s)
1145 err = gpg_error (GPG_ERR_DUP_KEY);
1146 else if (!(parm->url = xtrystrdup (s)))
1147 err = gpg_error_from_syserror ();
1153 /* Ask the dirmngr for a DNS CERT record. Depending on the found
1154 subtypes different return values are set:
1156 - For a PGP subtype a new estream with that key will be returned at
1157 R_KEY and the other return parameters are set to NULL/0.
1159 - For an IPGP subtype the fingerprint is stored as a malloced block
1160 at (R_FPR,R_FPRLEN). If an URL is available it is stored as a
1161 malloced string at R_URL; NULL is stored if there is no URL.
1163 If CERTTYPE is DNS_CERTTYPE_ANY this function returns the first
1164 CERT record found with a supported type; it is expected that only
1165 one CERT record is used. If CERTTYPE is one of the supported
1166 certtypes, only records with this certtype are considered and the
1167 first one found is returned. All R_* args are optional.
1169 If CERTTYPE is NULL the DANE method is used to fetch the key.
1172 gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
1174 unsigned char **r_fpr, size_t *r_fprlen,
1178 assuan_context_t ctx;
1179 struct dns_cert_parm_s parm;
1182 memset (&parm, 0, sizeof parm);
1192 err = open_context (ctrl, &ctx);
1196 line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name);
1199 err = gpg_error_from_syserror ();
1202 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1204 err = gpg_error (GPG_ERR_TOO_LARGE);
1208 parm.memfp = es_fopenmem (0, "rwb");
1211 err = gpg_error_from_syserror ();
1214 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1215 NULL, NULL, dns_cert_status_cb, &parm);
1221 es_rewind (parm.memfp);
1222 *r_key = parm.memfp;
1226 if (r_fpr && parm.fpr)
1232 *r_fprlen = parm.fprlen;
1234 if (r_url && parm.url)
1243 es_fclose (parm.memfp);
1245 close_context (ctrl, ctx);
1250 /* Ask the dirmngr for PKA info. On success the retrieved fingerprint
1251 is returned in a malloced buffer at R_FPR and its length is stored
1252 at R_FPRLEN. If an URL is available it is stored as a malloced
1253 string at R_URL. On error all return values are set to NULL/0. */
1255 gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
1256 unsigned char **r_fpr, size_t *r_fprlen,
1260 assuan_context_t ctx;
1261 struct dns_cert_parm_s parm;
1264 memset (&parm, 0, sizeof parm);
1272 err = open_context (ctrl, &ctx);
1276 line = es_bsprintf ("DNS_CERT --pka -- %s", userid);
1279 err = gpg_error_from_syserror ();
1282 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1284 err = gpg_error (GPG_ERR_TOO_LARGE);
1288 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1289 NULL, NULL, dns_cert_status_cb, &parm);
1293 if (r_fpr && parm.fpr)
1299 *r_fprlen = parm.fprlen;
1301 if (r_url && parm.url)
1311 close_context (ctrl, ctx);
1317 /* Ask the dirmngr to retrieve a key via the Web Key Directory
1318 * protocol. If QUICK is set the dirmngr is advised to use a shorter
1319 * timeout. On success a new estream with the key is stored at R_KEY.
1322 gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick, estream_t *r_key)
1325 assuan_context_t ctx;
1326 struct dns_cert_parm_s parm;
1329 memset (&parm, 0, sizeof parm);
1331 err = open_context (ctrl, &ctx);
1335 line = es_bsprintf ("WKD_GET%s -- %s", quick?" --quick":"", name);
1338 err = gpg_error_from_syserror ();
1341 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1343 err = gpg_error (GPG_ERR_TOO_LARGE);
1347 parm.memfp = es_fopenmem (0, "rwb");
1350 err = gpg_error_from_syserror ();
1353 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1354 NULL, NULL, NULL, &parm);
1360 es_rewind (parm.memfp);
1361 *r_key = parm.memfp;
1368 es_fclose (parm.memfp);
1370 close_context (ctrl, ctx);