1 /* server.c - server mode for gpg
2 * Copyright (C) 2006, 2008 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <https://www.gnu.org/licenses/>.
35 #include "../common/server-help.h"
36 #include "../common/sysutils.h"
40 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
43 /* Data used to associate an Assuan context with local server data. */
46 /* Our current Assuan context. */
47 assuan_context_t assuan_ctx;
48 /* File descriptor as set by the MESSAGE command. */
49 gnupg_fd_t message_fd;
51 /* List of prepared recipients. */
54 /* Set if pinentry notifications should be passed back to the
56 int allow_pinentry_notify;
61 /* Helper to close the message fd if it is open. */
63 close_message_fd (ctrl_t ctrl)
65 if (ctrl->server_local->message_fd != GNUPG_INVALID_FD)
67 assuan_sock_close (ctrl->server_local->message_fd);
68 ctrl->server_local->message_fd = GNUPG_INVALID_FD;
73 /* Called by libassuan for Assuan options. See the Assuan manual for
76 option_handler (assuan_context_t ctx, const char *key, const char *value)
78 ctrl_t ctrl = assuan_get_pointer (ctx);
82 /* Fixme: Implement the tty and locale args. */
83 if (!strcmp (key, "display"))
86 else if (!strcmp (key, "ttyname"))
89 else if (!strcmp (key, "ttytype"))
92 else if (!strcmp (key, "lc-ctype"))
95 else if (!strcmp (key, "lc-messages"))
98 else if (!strcmp (key, "xauthority"))
101 else if (!strcmp (key, "pinentry_user_data"))
104 else if (!strcmp (key, "list-mode"))
106 /* This is for now a dummy option. */
108 else if (!strcmp (key, "allow-pinentry-notify"))
110 ctrl->server_local->allow_pinentry_notify = 1;
113 return gpg_error (GPG_ERR_UNKNOWN_OPTION);
119 /* Called by libassuan for RESET commands. */
121 reset_notify (assuan_context_t ctx, char *line)
123 ctrl_t ctrl = assuan_get_pointer (ctx);
127 release_pk_list (ctrl->server_local->recplist);
128 ctrl->server_local->recplist = NULL;
130 close_message_fd (ctrl);
131 assuan_close_input_fd (ctx);
132 assuan_close_output_fd (ctx);
137 /* Called by libassuan for INPUT commands. */
139 input_notify (assuan_context_t ctx, char *line)
141 /* ctrl_t ctrl = assuan_get_pointer (ctx); */
145 if (strstr (line, "--armor"))
147 else if (strstr (line, "--base64"))
149 else if (strstr (line, "--binary"))
153 /* FIXME (autodetect encoding) */
159 /* Called by libassuan for OUTPUT commands. */
161 output_notify (assuan_context_t ctx, char *line)
163 /* ctrl_t ctrl = assuan_get_pointer (ctx); */
167 if (strstr (line, "--armor"))
169 else if (strstr (line, "--base64"))
179 /* RECIPIENT [--hidden] <userID>
180 RECIPIENT [--hidden] --file <filename>
182 Set the recipient for the encryption. <userID> should be the
183 internal representation of the key; the server may accept any other
184 way of specification. If this is a valid and trusted recipient the
185 server does respond with OK, otherwise the return is an ERR with
186 the reason why the recipient can't be used, the encryption will
187 then not be done for this recipient. If the policy is not to
188 encrypt at all if not all recipients are valid, the client has to
189 take care of this. All RECIPIENT commands are cumulative until a
190 RESET or an successful ENCRYPT command. */
192 cmd_recipient (assuan_context_t ctx, char *line)
194 ctrl_t ctrl = assuan_get_pointer (ctx);
198 hidden = has_option (line,"--hidden");
199 file = has_option (line,"--file");
200 line = skip_options (line);
202 /* FIXME: Expand groups
204 remusr = expand_group (rcpts);
209 err = find_and_check_key (ctrl, line, PUBKEY_USAGE_ENC, hidden, file,
210 &ctrl->server_local->recplist);
213 log_error ("command '%s' failed: %s\n", "RECIPIENT", gpg_strerror (err));
221 Set the signer's keys for the signature creation. <userID> should
222 be the internal representation of the key; the server may accept
223 any other way of specification. If this is a valid and usable
224 signing key the server does respond with OK, otherwise it returns
225 an ERR with the reason why the key can't be used, the signing will
226 then not be done for this key. If the policy is not to sign at all
227 if not all signer keys are valid, the client has to take care of
228 this. All SIGNER commands are cumulative until a RESET but they
229 are *not* reset by an SIGN command because it can be expected that
230 set of signers are used for more than one sign operation.
232 Note that this command returns an INV_RECP status which is a bit
233 strange, but they are very similar. */
235 cmd_signer (assuan_context_t ctx, char *line)
239 return gpg_error (GPG_ERR_NOT_SUPPORTED);
246 Do the actual encryption process. Takes the plaintext from the
247 INPUT command, writes the ciphertext to the file descriptor set
248 with the OUTPUT command, take the recipients from all the
249 recipients set so far with RECIPIENTS.
251 If this command fails the clients should try to delete all output
252 currently done or otherwise mark it as invalid. GPG does ensure
253 that there won't be any security problem with leftover data on the
256 In most cases this command won't fail because most necessary checks
257 have been done while setting the recipients. However some checks
258 can only be done right here and thus error may occur anyway (for
259 example, no recipients at all).
261 The input, output and message pipes are closed after this
264 cmd_encrypt (assuan_context_t ctx, char *line)
266 ctrl_t ctrl = assuan_get_pointer (ctx);
270 (void)line; /* LINE is not used. */
272 if ( !ctrl->server_local->recplist )
274 write_status_text (STATUS_NO_RECP, "0");
275 err = gpg_error (GPG_ERR_NO_USER_ID);
279 inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
282 err = set_error (GPG_ERR_ASS_NO_INPUT, NULL);
285 out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
288 err = set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
293 /* FIXME: GPGSM does this here: Add all encrypt-to marked recipients
294 from the default list. */
296 /* fixme: err = ctrl->audit? 0 : start_audit_session (ctrl);*/
298 err = encrypt_crypt (ctrl, inp_fd, NULL, NULL, 0,
299 ctrl->server_local->recplist,
303 /* Release the recipient list on success. */
306 release_pk_list (ctrl->server_local->recplist);
307 ctrl->server_local->recplist = NULL;
310 /* Close and reset the fds. */
311 close_message_fd (ctrl);
312 assuan_close_input_fd (ctx);
313 assuan_close_output_fd (ctx);
316 log_error ("command '%s' failed: %s\n", "ENCRYPT", gpg_strerror (err));
324 This performs the decrypt operation. */
326 cmd_decrypt (assuan_context_t ctx, char *line)
328 ctrl_t ctrl = assuan_get_pointer (ctx);
332 (void)line; /* LINE is not used. */
334 inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
336 return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
337 out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
339 return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
341 glo_ctrl.lasterr = 0;
342 err = decrypt_message_fd (ctrl, inp_fd, out_fd);
344 err = glo_ctrl.lasterr;
346 /* Close and reset the fds. */
347 close_message_fd (ctrl);
348 assuan_close_input_fd (ctx);
349 assuan_close_output_fd (ctx);
352 log_error ("command '%s' failed: %s\n", "DECRYPT", gpg_strerror (err));
360 This does a verify operation on the message send to the input-FD.
361 The result is written out using status lines. If an output FD was
362 given, the signed text will be written to that.
364 If the signature is a detached one, the server will inquire about
365 the signed material and the client must provide it.
368 cmd_verify (assuan_context_t ctx, char *line)
371 #ifdef HAVE_W32_SYSTEM
374 rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
376 ctrl_t ctrl = assuan_get_pointer (ctx);
377 gnupg_fd_t fd = assuan_get_input_fd (ctx);
378 gnupg_fd_t out_fd = assuan_get_output_fd (ctx);
379 estream_t out_fp = NULL;
381 /* FIXME: Revamp this code it is nearly to 3 years old and was only
382 intended as a quick test. */
386 if (fd == GNUPG_INVALID_FD)
387 return gpg_error (GPG_ERR_ASS_NO_INPUT);
389 if (out_fd != GNUPG_INVALID_FD)
393 #ifdef HAVE_W32_SYSTEM
394 syshd.type = ES_SYSHD_HANDLE;
395 syshd.u.handle = out_fd;
397 syshd.type = ES_SYSHD_FD;
400 out_fp = es_sysopen_nc (&syshd, "w");
402 return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
405 log_debug ("WARNING: The server mode is WORK "
406 "IN PROGRESS and not ready for use\n");
408 rc = gpg_verify (ctrl, fd, ctrl->server_local->message_fd, out_fp);
411 close_message_fd (ctrl);
412 assuan_close_input_fd (ctx);
413 assuan_close_output_fd (ctx);
417 log_error ("command '%s' failed: %s\n", "VERIFY", gpg_strerror (rc));
425 Sign the data set with the INPUT command and write it to the sink
426 set by OUTPUT. With "--detached" specified, a detached signature
429 cmd_sign (assuan_context_t ctx, char *line)
433 return gpg_error (GPG_ERR_NOT_SUPPORTED);
440 Import keys as read from the input-fd, return status message for
441 each imported one. The import checks the validity of the key. */
443 cmd_import (assuan_context_t ctx, char *line)
447 return gpg_error (GPG_ERR_NOT_SUPPORTED);
452 /* EXPORT [--data [--armor|--base64]] [--] pattern
454 Similar to the --export command line command, this command exports
455 public keys matching PATTERN. The output is send to the output fd
456 unless the --data option has been used in which case the output
457 gets send inline using regular data lines. The options "--armor"
458 and "--base" ospecify an output format if "--data" has been used.
459 Recall that in general the output format is set with the OUTPUT
463 cmd_export (assuan_context_t ctx, char *line)
467 return gpg_error (GPG_ERR_NOT_SUPPORTED);
477 cmd_delkeys (assuan_context_t ctx, char *line)
481 return gpg_error (GPG_ERR_NOT_SUPPORTED);
488 Set the file descriptor to read a message which is used with
489 detached signatures. */
491 cmd_message (assuan_context_t ctx, char *line)
495 ctrl_t ctrl = assuan_get_pointer (ctx);
497 rc = assuan_command_parse_fd (ctx, line, &fd);
500 if (fd == GNUPG_INVALID_FD)
501 return gpg_error (GPG_ERR_ASS_NO_INPUT);
502 ctrl->server_local->message_fd = fd;
508 /* LISTKEYS [<patterns>]
509 LISTSECRETKEYS [<patterns>]
514 do_listkeys (assuan_context_t ctx, char *line, int mode)
520 return gpg_error (GPG_ERR_NOT_SUPPORTED);
525 cmd_listkeys (assuan_context_t ctx, char *line)
527 return do_listkeys (ctx, line, 3);
532 cmd_listsecretkeys (assuan_context_t ctx, char *line)
534 return do_listkeys (ctx, line, 2);
541 Read the parameters in native format from the input fd and create a
545 cmd_genkey (assuan_context_t ctx, char *line)
549 return gpg_error (GPG_ERR_NOT_SUPPORTED);
555 Multipurpose function to return a variety of information.
556 Supported values for WHAT are:
558 version - Return the version of the program.
559 pid - Return the process id of the server.
563 cmd_getinfo (assuan_context_t ctx, char *line)
567 if (!strcmp (line, "version"))
569 const char *s = VERSION;
570 rc = assuan_send_data (ctx, s, strlen (s));
572 else if (!strcmp (line, "pid"))
576 snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
577 rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
580 rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
584 static const char hlp_passwd[] =
587 "Change the passphrase of the secret key for USERID.";
589 cmd_passwd (assuan_context_t ctx, char *line)
591 /* ctrl_t ctrl = assuan_get_pointer (ctx); */
596 /* line = skip_options (line); */
598 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
606 /* Helper to register our commands with libassuan. */
608 register_commands (assuan_context_t ctx)
613 assuan_handler_t handler;
614 const char * const help;
616 { "RECIPIENT", cmd_recipient },
617 { "SIGNER", cmd_signer },
618 { "ENCRYPT", cmd_encrypt },
619 { "DECRYPT", cmd_decrypt },
620 { "VERIFY", cmd_verify },
621 { "SIGN", cmd_sign },
622 { "IMPORT", cmd_import },
623 { "EXPORT", cmd_export },
626 { "MESSAGE", cmd_message },
627 { "LISTKEYS", cmd_listkeys },
628 { "LISTSECRETKEYS",cmd_listsecretkeys },
629 { "GENKEY", cmd_genkey },
630 { "DELKEYS", cmd_delkeys },
631 { "GETINFO", cmd_getinfo },
632 { "PASSWD", cmd_passwd, hlp_passwd},
637 for (i=0; table[i].name; i++)
639 rc = assuan_register_command (ctx, table[i].name,
640 table[i].handler, table[i].help);
650 /* Startup the server. CTRL must have been allocated by the caller
651 and set to the default values. */
653 gpg_server (ctrl_t ctrl)
656 #ifndef HAVE_W32_SYSTEM
659 assuan_context_t ctx = NULL;
660 static const char hello[] = ("GNU Privacy Guard's OpenPGP server "
663 /* We use a pipe based server so that we can work from scripts.
664 assuan_init_pipe_server will automagically detect when we are
665 called with a socketpair and ignore FILEDES in this case. */
666 #ifndef HAVE_W32_SYSTEM
667 filedes[0] = assuan_fdopen (0);
668 filedes[1] = assuan_fdopen (1);
670 rc = assuan_new (&ctx);
673 log_error ("failed to allocate the assuan context: %s\n",
678 #ifdef HAVE_W32_SYSTEM
679 rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
681 rc = assuan_init_pipe_server (ctx, filedes);
685 log_error ("failed to initialize the server: %s\n", gpg_strerror (rc));
689 rc = register_commands (ctx);
692 log_error ("failed to the register commands with Assuan: %s\n",
697 assuan_set_pointer (ctx, ctrl);
698 if (opt.verbose || opt.debug)
702 tmp = xtryasprintf ("Home: %s\n"
706 "fixme: need config filename",
710 assuan_set_hello_line (ctx, tmp);
715 assuan_set_hello_line (ctx, hello);
716 assuan_register_reset_notify (ctx, reset_notify);
717 assuan_register_input_notify (ctx, input_notify);
718 assuan_register_output_notify (ctx, output_notify);
719 assuan_register_option_handler (ctx, option_handler);
721 ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local);
722 if (!ctrl->server_local)
724 rc = gpg_error_from_syserror ();
727 ctrl->server_local->assuan_ctx = ctx;
728 ctrl->server_local->message_fd = GNUPG_INVALID_FD;
732 rc = assuan_accept (ctx);
740 log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
744 rc = assuan_process (ctx);
747 log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
753 if (ctrl->server_local)
755 release_pk_list (ctrl->server_local->recplist);
757 xfree (ctrl->server_local);
758 ctrl->server_local = NULL;
760 assuan_release (ctx);
765 /* Helper to notify the client about Pinentry events. Because that
766 might disturb some older clients, this is only done when enabled
767 via an option. If it is not enabled we tell Windows to allow
768 setting the foreground window right here. Returns an gpg error
771 gpg_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
775 char *linecopy = xtrystrdup (line);
779 && split_fields (linecopy, fields, DIM (fields)) >= 4
780 && !strcmp (fields[0], "PINENTRY_LAUNCHED"))
781 log_info (_("pinentry launched (pid %s, flavor %s, version %s)\n"),
782 fields[1], fields[2], fields[3]);
787 if (!ctrl || !ctrl->server_local
788 || !ctrl->server_local->allow_pinentry_notify)
790 gnupg_allow_set_foregound_window ((pid_t)strtoul (line+17, NULL, 10));
791 /* Client might be interested in that event - send as status line. */
792 if (!strncmp (line, "PINENTRY_LAUNCHED", 17)
793 && (line[17]==' '||!line[17]))
795 for (line += 17; *line && spacep (line); line++)
797 write_status_text (STATUS_PINENTRY_LAUNCHED, line);
801 return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);