1 /* call-dirmngr.c - GPG operations to the Dirmngr.
2 * Copyright (C) 2011 Free Software Foundation, Inc.
3 * Copyright (C) 2015 g10 Code GmbH
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
39 #include "keyserver.h"
41 #include "call-dirmngr.h"
44 /* Parameter structure used to gather status info. */
45 struct ks_status_parm_s
47 const char *keyword; /* Look for this keyword or NULL for "SOURCE". */
52 /* Parameter structure used with the KS_SEARCH command. */
53 struct ks_search_parm_s
55 gpg_error_t lasterr; /* Last error code. */
56 membuf_t saveddata; /* Buffer to build complete lines. */
57 char *helpbuf; /* NULL or malloced buffer. */
58 size_t helpbufsize; /* Allocated size of HELPBUF. */
59 gpg_error_t (*data_cb)(void*, int, char*); /* Callback. */
60 void *data_cb_value; /* First argument for DATA_CB. */
61 struct ks_status_parm_s *stparm; /* Link to the status parameter. */
65 /* Parameter structure used with the KS_GET command. */
72 /* Parameter structure used with the KS_PUT command. */
76 kbnode_t keyblock; /* The optional keyblock. */
77 const void *data; /* The key in OpenPGP binary format. */
78 size_t datalen; /* The length of DATA. */
82 /* Parameter structure used with the DNS_CERT command. */
83 struct dns_cert_parm_s
92 /* Data used to associate an session with dirmngr contexts. We can't
93 use a simple one to one mapping because we sometimes need two
94 connections to the dirmngr; for example while doing a listing and
95 being in a data callback we may want to retrieve a key. The local
96 dirmngr data takes care of this. At the end of the session the
97 function dirmngr_deinit_session_data is called by gpg.c to cleanup
98 these resources. Note that gpg.h defines a typedef dirmngr_local_t
99 for this structure. */
100 struct dirmngr_local_s
102 /* Link to other contexts which are used simultaneously. */
103 struct dirmngr_local_s *next;
105 /* The active Assuan context. */
106 assuan_context_t ctx;
108 /* Flag set when the keyserver names have been send. */
109 int set_keyservers_done;
111 /* Flag set to true while an operation is running on CTX. */
117 /* Deinitialize all session data of dirmngr pertaining to CTRL. */
119 gpg_dirmngr_deinit_session_data (ctrl_t ctrl)
123 while ((dml = ctrl->dirmngr_local))
125 ctrl->dirmngr_local = dml->next;
127 log_error ("oops: trying to cleanup an active dirmngr context\n");
129 assuan_release (dml->ctx);
135 /* Print a warning if the server's version number is less than our
136 version number. Returns an error code on a connection problem. */
138 warn_version_mismatch (assuan_context_t ctx, const char *servername)
142 const char *myversion = strusage (13);
144 err = get_assuan_server_version (ctx, 0, &serverversion);
146 log_error (_("error getting version from '%s': %s\n"),
147 servername, gpg_strerror (err));
148 else if (compare_version_strings (serverversion, myversion) < 0)
152 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
153 servername, serverversion, myversion);
155 err = gpg_error_from_syserror ();
158 log_info (_("WARNING: %s\n"), warn);
159 write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
164 xfree (serverversion);
169 /* Try to connect to the Dirmngr via a socket or spawn it if possible.
170 Handle the server's initial greeting and set global options. */
172 create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
175 assuan_context_t ctx;
178 err = start_new_dirmngr (&ctx,
179 GPG_ERR_SOURCE_DEFAULT,
181 opt.autostart, opt.verbose, DBG_IPC,
182 NULL /*gpg_status2*/, ctrl);
183 if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
190 log_info (_("no dirmngr running in this session\n"));
193 else if (!err && !(err = warn_version_mismatch (ctx, DIRMNGR_NAME)))
197 /* Tell the dirmngr that we want to collect audit event. */
198 /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */
199 /* NULL, NULL, NULL, NULL, NULL, NULL); */
200 if (opt.keyserver_options.http_proxy)
202 line = xtryasprintf ("OPTION http-proxy=%s",
203 opt.keyserver_options.http_proxy);
205 err = gpg_error_from_syserror ();
208 err = assuan_transact (ctx, line, NULL, NULL, NULL,
216 else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL))
218 /* Tell the dirmngr that this possibly privacy invading
219 option is in use. If Dirmngr is running in Tor mode, it
220 will return an error. */
221 err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
222 NULL, NULL, NULL, NULL, NULL, NULL);
223 if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
224 log_error (_("keyserver option \"honor-keyserver-url\""
225 " may not be used in Tor mode\n"));
226 else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
227 err = 0; /* Old dirmngr versions do not support this option. */
232 assuan_release (ctx);
235 /* audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); */
243 /* Get a context for accessing dirmngr. If no context is available a
244 new one is created and - if required - dirmngr started. On success
245 an assuan context is stored at R_CTX. This context may only be
246 released by means of close_context. Note that NULL is stored at
249 open_context (ctrl_t ctrl, assuan_context_t *r_ctx)
257 for (dml = ctrl->dirmngr_local; dml && dml->is_active; dml = dml->next)
261 /* Found an inactive local session - return that. */
262 log_assert (!dml->is_active);
264 /* But first do the per session init if not yet done. */
265 if (!dml->set_keyservers_done)
267 keyserver_spec_t ksi;
269 /* Set all configured keyservers. We clear existing
270 keyservers so that any keyserver configured in GPG
271 overrides keyservers possibly still configured in Dirmngr
272 for the session (Note that the keyserver list of a
273 session in Dirmngr survives a RESET. */
274 for (ksi = opt.keyserver; ksi; ksi = ksi->next)
280 ksi == opt.keyserver? " --clear":"", ksi->uri);
282 err = gpg_error_from_syserror ();
285 err = assuan_transact (dml->ctx, line, NULL, NULL, NULL,
294 dml->set_keyservers_done = 1;
303 dml = xtrycalloc (1, sizeof *dml);
305 return gpg_error_from_syserror ();
306 err = create_context (ctrl, &dml->ctx);
313 /* To be on the nPth thread safe site we need to add it to a
314 list; this is far easier than to have a lock for this
315 function. It should not happen anyway but the code is free
316 because we need it for the is_active check above. */
317 dml->next = ctrl->dirmngr_local;
318 ctrl->dirmngr_local = dml;
323 /* Close the assuan context CTX or return it to a pool of unused
324 contexts. If CTX is NULL, the function does nothing. */
326 close_context (ctrl_t ctrl, assuan_context_t ctx)
333 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
338 log_fatal ("closing inactive dirmngr context %p\n", ctx);
343 log_fatal ("closing unknown dirmngr ctx %p\n", ctx);
347 /* Clear the set_keyservers_done flag on context CTX. */
349 clear_context_flags (ctrl_t ctrl, assuan_context_t ctx)
356 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
361 log_fatal ("clear_context_flags on inactive dirmngr ctx %p\n", ctx);
362 dml->set_keyservers_done = 0;
366 log_fatal ("clear_context_flags on unknown dirmngr ctx %p\n", ctx);
371 /* Status callback for ks_list, ks_get and ks_search. */
373 ks_status_cb (void *opaque, const char *line)
375 struct ks_status_parm_s *parm = opaque;
379 if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
383 parm->source = xtrystrdup (s);
385 err = gpg_error_from_syserror ();
394 /* Run the "KEYSERVER" command to return the name of the used
395 keyserver at R_KEYSERVER. */
397 gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
400 assuan_context_t ctx;
401 struct ks_status_parm_s stparm;
403 memset (&stparm, 0, sizeof stparm);
404 stparm.keyword = "KEYSERVER";
408 err = open_context (ctrl, &ctx);
412 err = assuan_transact (ctx, "KEYSERVER", NULL, NULL,
413 NULL, NULL, ks_status_cb, &stparm);
418 err = gpg_error (GPG_ERR_NO_KEYSERVER);
423 *r_keyserver = stparm.source;
425 xfree (stparm.source);
426 stparm.source = NULL;
429 xfree (stparm.source);
430 close_context (ctrl, ctx);
436 /* Data callback for the KS_SEARCH command. */
438 ks_search_data_cb (void *opaque, const void *data, size_t datalen)
441 struct ks_search_parm_s *parm = opaque;
442 const char *line, *s;
443 size_t rawlen, linelen;
449 if (parm->stparm->source)
451 err = parm->data_cb (parm->data_cb_value, 1, parm->stparm->source);
457 /* Clear it so that we won't get back here unless the server
458 accidentally sends a second source status line. Note that
459 will not see all accidentally sent source lines because it
460 depends on whether data lines have been send in between. */
461 xfree (parm->stparm->source);
462 parm->stparm->source = NULL;
466 return 0; /* Ignore END commands. */
468 put_membuf (&parm->saveddata, data, datalen);
471 line = peek_membuf (&parm->saveddata, &rawlen);
474 parm->lasterr = gpg_error_from_syserror ();
475 return parm->lasterr; /* Tell the server about our problem. */
477 if ((s = memchr (line, '\n', rawlen)))
479 linelen = s - line; /* That is the length excluding the LF. */
480 if (linelen + 1 < sizeof fixedbuf)
482 /* We can use the static buffer. */
483 memcpy (fixedbuf, line, linelen);
484 fixedbuf[linelen] = 0;
485 if (linelen && fixedbuf[linelen-1] == '\r')
486 fixedbuf[linelen-1] = 0;
487 err = parm->data_cb (parm->data_cb_value, 0, fixedbuf);
491 if (linelen + 1 >= parm->helpbufsize)
493 xfree (parm->helpbuf);
494 parm->helpbufsize = linelen + 1 + 1024;
495 parm->helpbuf = xtrymalloc (parm->helpbufsize);
498 parm->lasterr = gpg_error_from_syserror ();
499 return parm->lasterr;
502 memcpy (parm->helpbuf, line, linelen);
503 parm->helpbuf[linelen] = 0;
504 if (linelen && parm->helpbuf[linelen-1] == '\r')
505 parm->helpbuf[linelen-1] = 0;
506 err = parm->data_cb (parm->data_cb_value, 0, parm->helpbuf);
512 clear_membuf (&parm->saveddata, linelen+1);
513 goto again; /* There might be another complete line. */
521 /* Run the KS_SEARCH command using the search string SEARCHSTR. All
522 data lines are passed to the CB function. That function is called
523 with CB_VALUE as its first argument, a 0 as second argument, and
524 the decoded data line as third argument. The callback function may
525 modify the data line and it is guaranteed that this data line is a
526 complete line with a terminating 0 character but without the
527 linefeed. NULL is passed to the callback to indicate EOF. */
529 gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
530 gpg_error_t (*cb)(void*, int, char *), void *cb_value)
533 assuan_context_t ctx;
534 struct ks_status_parm_s stparm;
535 struct ks_search_parm_s parm;
536 char line[ASSUAN_LINELENGTH];
538 err = open_context (ctrl, &ctx);
543 char *escsearchstr = percent_plus_escape (searchstr);
546 err = gpg_error_from_syserror ();
547 close_context (ctrl, ctx);
550 snprintf (line, sizeof line, "KS_SEARCH -- %s", escsearchstr);
551 xfree (escsearchstr);
554 memset (&stparm, 0, sizeof stparm);
555 memset (&parm, 0, sizeof parm);
556 init_membuf (&parm.saveddata, 1024);
558 parm.data_cb_value = cb_value;
559 parm.stparm = &stparm;
561 err = assuan_transact (ctx, line, ks_search_data_cb, &parm,
562 NULL, NULL, ks_status_cb, &stparm);
564 err = cb (cb_value, 0, NULL); /* Send EOF. */
566 xfree (get_membuf (&parm.saveddata, NULL));
567 xfree (parm.helpbuf);
568 xfree (stparm.source);
570 close_context (ctrl, ctx);
576 /* Data callback for the KS_GET and KS_FETCH commands. */
578 ks_get_data_cb (void *opaque, const void *data, size_t datalen)
581 struct ks_get_parm_s *parm = opaque;
585 return 0; /* Ignore END commands. */
587 if (es_write (parm->memfp, data, datalen, &nwritten))
588 err = gpg_error_from_syserror ();
594 /* Run the KS_GET command using the patterns in the array PATTERN. On
595 success an estream object is returned to retrieve the keys. On
596 error an error code is returned and NULL stored at R_FP.
598 The pattern may only use search specification which a keyserver can
599 use to retrieve keys. Because we know the format of the pattern we
600 don't need to escape the patterns before sending them to the
603 If QUICK is set the dirmngr is advised to use a shorter timeout.
605 If R_SOURCE is not NULL the source of the data is stored as a
606 malloced string there. If a source is not known NULL is stored.
608 If there are too many patterns the function returns an error. That
609 could be fixed by issuing several search commands or by
610 implementing a different interface. However with long keyids we
611 are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */
613 gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
614 keyserver_spec_t override_keyserver, int quick,
615 estream_t *r_fp, char **r_source)
618 assuan_context_t ctx;
619 struct ks_status_parm_s stparm;
620 struct ks_get_parm_s parm;
626 memset (&stparm, 0, sizeof stparm);
627 memset (&parm, 0, sizeof parm);
633 err = open_context (ctrl, &ctx);
637 /* If we have an override keyserver we first indicate that the next
638 user of the context needs to again setup the global keyservers and
639 them we send the override keyserver. */
640 if (override_keyserver)
642 clear_context_flags (ctrl, ctx);
643 line = xtryasprintf ("KEYSERVER --clear %s", override_keyserver->uri);
646 err = gpg_error_from_syserror ();
649 err = assuan_transact (ctx, line, NULL, NULL, NULL,
658 /* Lump all patterns into one string. */
659 init_membuf (&mb, 1024);
660 put_membuf_str (&mb, quick? "KS_GET --quick --" : "KS_GET --");
661 for (idx=0; pattern[idx]; idx++)
663 put_membuf (&mb, " ", 1); /* Append Delimiter. */
664 put_membuf_str (&mb, pattern[idx]);
666 put_membuf (&mb, "", 1); /* Append Nul. */
667 line = get_membuf (&mb, &linelen);
670 err = gpg_error_from_syserror ();
673 if (linelen + 2 >= ASSUAN_LINELENGTH)
675 err = gpg_error (GPG_ERR_TOO_MANY);
679 parm.memfp = es_fopenmem (0, "rwb");
682 err = gpg_error_from_syserror ();
685 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
686 NULL, NULL, ks_status_cb, &stparm);
690 es_rewind (parm.memfp);
696 *r_source = stparm.source;
697 stparm.source = NULL;
701 es_fclose (parm.memfp);
702 xfree (stparm.source);
704 close_context (ctrl, ctx);
709 /* Run the KS_FETCH and pass URL as argument. On success an estream
710 object is returned to retrieve the keys. On error an error code is
711 returned and NULL stored at R_FP.
713 The url is expected to point to a small set of keys; in many cases
714 only to one key. However, schemes like finger may return several
715 keys. Note that the configured keyservers are ignored by the
718 gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
721 assuan_context_t ctx;
722 struct ks_get_parm_s parm;
725 memset (&parm, 0, sizeof parm);
729 err = open_context (ctrl, &ctx);
733 line = strconcat ("KS_FETCH -- ", url, NULL);
736 err = gpg_error_from_syserror ();
739 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
741 err = gpg_error (GPG_ERR_TOO_LARGE);
745 parm.memfp = es_fopenmem (0, "rwb");
748 err = gpg_error_from_syserror ();
751 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
752 NULL, NULL, NULL, NULL);
756 es_rewind (parm.memfp);
761 es_fclose (parm.memfp);
763 close_context (ctrl, ctx);
770 record_output (estream_t output,
772 const char *validity,
773 /* The public key length or -1. */
775 /* The public key algo or -1. */
777 /* 2 ulongs or NULL. */
779 /* The creation / expiration date or 0. */
784 const char *type_str = NULL;
785 char *pub_key_length_str = NULL;
786 char *pub_key_algo_str = NULL;
787 char *keyid_str = NULL;
788 char *creation_date_str = NULL;
789 char *expiration_date_str = NULL;
790 char *userid_escaped = NULL;
797 case PKT_PUBLIC_SUBKEY:
807 log_assert (! "Unhandled type.");
810 if (pub_key_length > 0)
811 pub_key_length_str = xasprintf ("%d", pub_key_length);
813 if (pub_key_algo != -1)
814 pub_key_algo_str = xasprintf ("%d", pub_key_algo);
817 keyid_str = xasprintf ("%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]);
820 creation_date_str = xstrdup (colon_strtime (creation_date));
823 expiration_date_str = xstrdup (colon_strtime (expiration_date));
825 /* Quote ':', '%', and any 8-bit characters. */
831 int len = strlen (userid);
832 /* A 100k character limit on the uid should be way more than
834 if (len > 100 * 1024)
837 /* The minimum amount of space that we need. */
838 userid_escaped = xmalloc (len * 3 + 1);
840 for (r = 0; r < len; r++)
842 if (userid[r] == ':' || userid[r]== '%' || (userid[r] & 0x80))
844 sprintf (&userid_escaped[w], "%%%02X", (byte) userid[r]);
848 userid_escaped[w ++] = userid[r];
850 userid_escaped[w] = '\0';
853 es_fprintf (output, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n",
856 pub_key_length_str ?: "",
857 pub_key_algo_str ?: "",
859 creation_date_str ?: "",
860 expiration_date_str ?: "",
861 "" /* Certificate S/N */,
862 "" /* Ownertrust. */,
863 userid_escaped ?: "",
864 "" /* Signature class. */,
865 "" /* Key capabilities. */,
866 "" /* Issuer certificate fingerprint. */,
867 "" /* Flag field. */,
868 "" /* S/N of a token. */,
870 "" /* Curve name. */);
872 xfree (userid_escaped);
873 xfree (expiration_date_str);
874 xfree (creation_date_str);
876 xfree (pub_key_algo_str);
877 xfree (pub_key_length_str);
880 /* Handle the KS_PUT inquiries. */
882 ks_put_inq_cb (void *opaque, const char *line)
884 struct ks_put_parm_s *parm = opaque;
887 if (has_leading_keyword (line, "KEYBLOCK"))
890 err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
892 else if (has_leading_keyword (line, "KEYBLOCK_INFO"))
897 /* Parse the keyblock and send info lines back to the server. */
898 fp = es_fopenmem (0, "rw,samethread");
900 err = gpg_error_from_syserror ();
902 /* Note: the output format for the INFO block follows the colon
903 format as described in doc/DETAILS. We don't actually reuse
904 the functionality from g10/keylist.c to produce the output,
905 because we don't need all of it and some of it is quite
906 expensive to generate.
908 The fields are (the starred fields are the ones we need):
910 * Field 1 - Type of record
912 * Field 3 - Key length
913 * Field 4 - Public key algorithm
915 * Field 6 - Creation date
916 * Field 7 - Expiration date
917 Field 8 - Certificate S/N, UID hash, trust signature info
920 Field 11 - Signature class
921 Field 12 - Key capabilities
922 Field 13 - Issuer certificate fingerprint or other info
923 Field 14 - Flag field
924 Field 15 - S/N of a token
925 Field 16 - Hash algorithm
926 Field 17 - Curve name
928 for (node = parm->keyblock; !err && node; node=node->next)
930 switch (node->pkt->pkttype)
933 case PKT_PUBLIC_SUBKEY:
935 PKT_public_key *pk = node->pkt->pkt.public_key;
941 if (pk->flags.revoked)
942 validity[i ++] = 'r';
944 validity[i ++] = 'e';
947 keyid_from_pk (pk, NULL);
949 record_output (fp, node->pkt->pkttype, validity,
950 nbits_from_pk (pk), pk->pubkey_algo,
951 pk->keyid, pk->timestamp, pk->expiredate,
958 PKT_user_id *uid = node->pkt->pkt.user_id;
960 if (!uid->attrib_data)
967 validity[i ++] = 'r';
969 validity[i ++] = 'e';
972 record_output (fp, node->pkt->pkttype, validity,
974 uid->created, uid->expiredate,
980 /* This bit is really for the benefit of people who
981 store their keys in LDAP servers. It makes it easy
982 to do queries for things like "all keys signed by
986 PKT_signature *sig = node->pkt->pkt.signature;
988 if (IS_UID_SIG (sig))
989 record_output (fp, node->pkt->pkttype, NULL,
991 sig->timestamp, sig->expiredate, NULL);
998 /* Given that the last operation was an es_fprintf we should
999 get the correct ERRNO if ferror indicates an error. */
1001 err = gpg_error_from_syserror ();
1004 /* Without an error and if we have an keyblock at all, send the
1006 if (!err && parm->keyblock)
1013 while (!(rc=es_read (fp, buffer, sizeof buffer, &nread)) && nread)
1015 err = assuan_send_data (parm->ctx, buffer, nread);
1020 err = gpg_error_from_syserror ();
1025 return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
1031 /* Send a key to the configured server. {DATA,DATLEN} contains the
1032 key in OpenPGP binary transport format. If KEYBLOCK is not NULL it
1033 has the internal representaion of that key; this is for example
1034 used to convey meta data to LDAP keyservers. */
1036 gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
1039 assuan_context_t ctx;
1040 struct ks_put_parm_s parm;
1042 memset (&parm, 0, sizeof parm);
1044 /* We are going to parse the keyblock, thus we better make sure the
1045 all information is readily available. */
1047 merge_keys_and_selfsig (keyblock);
1049 err = open_context (ctrl, &ctx);
1054 parm.keyblock = keyblock;
1056 parm.datalen = datalen;
1058 err = assuan_transact (ctx, "KS_PUT", NULL, NULL,
1059 ks_put_inq_cb, &parm, NULL, NULL);
1061 close_context (ctrl, ctx);
1067 /* Data callback for the DNS_CERT and WKD_GET commands. */
1069 dns_cert_data_cb (void *opaque, const void *data, size_t datalen)
1071 struct dns_cert_parm_s *parm = opaque;
1072 gpg_error_t err = 0;
1076 return 0; /* Ignore END commands. */
1078 return 0; /* Data is not required. */
1080 if (es_write (parm->memfp, data, datalen, &nwritten))
1081 err = gpg_error_from_syserror ();
1087 /* Status callback for the DNS_CERT command. */
1089 dns_cert_status_cb (void *opaque, const char *line)
1091 struct dns_cert_parm_s *parm = opaque;
1092 gpg_error_t err = 0;
1096 if ((s = has_leading_keyword (line, "FPR")))
1100 if (!(buf = xtrystrdup (s)))
1101 err = gpg_error_from_syserror ();
1103 err = gpg_error (GPG_ERR_DUP_KEY);
1104 else if (!hex2str (buf, buf, strlen (buf)+1, &nbytes))
1105 err = gpg_error_from_syserror ();
1106 else if (nbytes < 20)
1107 err = gpg_error (GPG_ERR_TOO_SHORT);
1110 parm->fpr = xtrymalloc (nbytes);
1112 err = gpg_error_from_syserror ();
1114 memcpy (parm->fpr, buf, (parm->fprlen = nbytes));
1118 else if ((s = has_leading_keyword (line, "URL")) && *s)
1121 err = gpg_error (GPG_ERR_DUP_KEY);
1122 else if (!(parm->url = xtrystrdup (s)))
1123 err = gpg_error_from_syserror ();
1129 /* Ask the dirmngr for a DNS CERT record. Depending on the found
1130 subtypes different return values are set:
1132 - For a PGP subtype a new estream with that key will be returned at
1133 R_KEY and the other return parameters are set to NULL/0.
1135 - For an IPGP subtype the fingerprint is stored as a malloced block
1136 at (R_FPR,R_FPRLEN). If an URL is available it is stored as a
1137 malloced string at R_URL; NULL is stored if there is no URL.
1139 If CERTTYPE is DNS_CERTTYPE_ANY this function returns the first
1140 CERT record found with a supported type; it is expected that only
1141 one CERT record is used. If CERTTYPE is one of the supported
1142 certtypes, only records with this certtype are considered and the
1143 first one found is returned. All R_* args are optional.
1145 If CERTTYPE is NULL the DANE method is used to fetch the key.
1148 gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
1150 unsigned char **r_fpr, size_t *r_fprlen,
1154 assuan_context_t ctx;
1155 struct dns_cert_parm_s parm;
1158 memset (&parm, 0, sizeof parm);
1168 err = open_context (ctrl, &ctx);
1172 line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name);
1175 err = gpg_error_from_syserror ();
1178 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1180 err = gpg_error (GPG_ERR_TOO_LARGE);
1184 parm.memfp = es_fopenmem (0, "rwb");
1187 err = gpg_error_from_syserror ();
1190 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1191 NULL, NULL, dns_cert_status_cb, &parm);
1197 es_rewind (parm.memfp);
1198 *r_key = parm.memfp;
1202 if (r_fpr && parm.fpr)
1208 *r_fprlen = parm.fprlen;
1210 if (r_url && parm.url)
1219 es_fclose (parm.memfp);
1221 close_context (ctrl, ctx);
1226 /* Ask the dirmngr for PKA info. On success the retrieved fingerprint
1227 is returned in a malloced buffer at R_FPR and its length is stored
1228 at R_FPRLEN. If an URL is available it is stored as a malloced
1229 string at R_URL. On error all return values are set to NULL/0. */
1231 gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
1232 unsigned char **r_fpr, size_t *r_fprlen,
1236 assuan_context_t ctx;
1237 struct dns_cert_parm_s parm;
1240 memset (&parm, 0, sizeof parm);
1248 err = open_context (ctrl, &ctx);
1252 line = es_bsprintf ("DNS_CERT --pka -- %s", userid);
1255 err = gpg_error_from_syserror ();
1258 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1260 err = gpg_error (GPG_ERR_TOO_LARGE);
1264 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1265 NULL, NULL, dns_cert_status_cb, &parm);
1269 if (r_fpr && parm.fpr)
1275 *r_fprlen = parm.fprlen;
1277 if (r_url && parm.url)
1287 close_context (ctrl, ctx);
1293 /* Ask the dirmngr to retrieve a key via the Web Key Directory
1294 * protocol. If QUICK is set the dirmngr is advised to use a shorter
1295 * timeout. On success a new estream with the key is stored at R_KEY.
1298 gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, int quick, estream_t *r_key)
1301 assuan_context_t ctx;
1302 struct dns_cert_parm_s parm;
1305 memset (&parm, 0, sizeof parm);
1307 err = open_context (ctrl, &ctx);
1311 line = es_bsprintf ("WKD_GET%s -- %s", quick?" --quick":"", name);
1314 err = gpg_error_from_syserror ();
1317 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1319 err = gpg_error (GPG_ERR_TOO_LARGE);
1323 parm.memfp = es_fopenmem (0, "rwb");
1326 err = gpg_error_from_syserror ();
1329 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1330 NULL, NULL, NULL, &parm);
1336 es_rewind (parm.memfp);
1337 *r_key = parm.memfp;
1344 es_fclose (parm.memfp);
1346 close_context (ctrl, ctx);