1 /* call-dirmngr.c - GPG operations to the Dirmngr.
2 * Copyright (C) 2011 Free Software Foundation, Inc.
3 * Copyright (C) 2015 g10 Code GmbH
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
40 #include "keyserver.h"
41 #include "call-dirmngr.h"
44 /* Parameter structure used to gather status info. */
45 struct ks_status_parm_s
47 const char *keyword; /* Look for this keyword or NULL for "SOURCE". */
52 /* Parameter structure used with the KS_SEARCH command. */
53 struct ks_search_parm_s
55 gpg_error_t lasterr; /* Last error code. */
56 membuf_t saveddata; /* Buffer to build complete lines. */
57 char *helpbuf; /* NULL or malloced buffer. */
58 size_t helpbufsize; /* Allocated size of HELPBUF. */
59 gpg_error_t (*data_cb)(void*, int, char*); /* Callback. */
60 void *data_cb_value; /* First argument for DATA_CB. */
61 struct ks_status_parm_s *stparm; /* Link to the status parameter. */
65 /* Parameter structure used with the KS_GET command. */
72 /* Parameter structure used with the KS_PUT command. */
76 kbnode_t keyblock; /* The optional keyblock. */
77 const void *data; /* The key in OpenPGP binary format. */
78 size_t datalen; /* The length of DATA. */
82 /* Parameter structure used with the DNS_CERT command. */
83 struct dns_cert_parm_s
92 /* Data used to associate an session with dirmngr contexts. We can't
93 use a simple one to one mapping because we sometimes need two
94 connections to the dirmngr; for example while doing a listing and
95 being in a data callback we may want to retrieve a key. The local
96 dirmngr data takes care of this. At the end of the session the
97 function dirmngr_deinit_session_data is called by gpg.c to cleanup
98 these resources. Note that gpg.h defines a typedef dirmngr_local_t
99 for this structure. */
100 struct dirmngr_local_s
102 /* Link to other contexts which are used simultaneously. */
103 struct dirmngr_local_s *next;
105 /* The active Assuan context. */
106 assuan_context_t ctx;
108 /* Flag set when the keyserver names have been send. */
109 int set_keyservers_done;
111 /* Flag set to true while an operation is running on CTX. */
117 /* Deinitialize all session data of dirmngr pertaining to CTRL. */
119 gpg_dirmngr_deinit_session_data (ctrl_t ctrl)
123 while ((dml = ctrl->dirmngr_local))
125 ctrl->dirmngr_local = dml->next;
127 log_error ("oops: trying to cleanup an active dirmngr context\n");
129 assuan_release (dml->ctx);
135 /* Try to connect to the Dirmngr via a socket or spawn it if possible.
136 Handle the server's initial greeting and set global options. */
138 create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
141 assuan_context_t ctx;
144 err = start_new_dirmngr (&ctx,
145 GPG_ERR_SOURCE_DEFAULT,
148 opt.autostart, opt.verbose, DBG_IPC,
149 NULL /*gpg_status2*/, ctrl);
150 if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
157 log_info (_("no dirmngr running in this session\n"));
164 /* Tell the dirmngr that we want to collect audit event. */
165 /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */
166 /* NULL, NULL, NULL, NULL, NULL, NULL); */
167 if (opt.keyserver_options.http_proxy)
169 line = xtryasprintf ("OPTION http-proxy=%s",
170 opt.keyserver_options.http_proxy);
172 err = gpg_error_from_syserror ();
175 err = assuan_transact (ctx, line, NULL, NULL, NULL,
183 else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL))
185 /* Tell the dirmngr that this possibly privacy invading
186 option is in use. If Dirmngr is running in Tor mode, it
187 will return an error. */
188 err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
189 NULL, NULL, NULL, NULL, NULL, NULL);
190 if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
191 log_error (_("keyserver option \"honor-keyserver-url\""
192 " may not be used in Tor mode\n"));
193 else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
194 err = 0; /* Old dirmngr versions do not support this option. */
199 assuan_release (ctx);
202 /* audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); */
210 /* Get a context for accessing dirmngr. If no context is available a
211 new one is created and - if required - dirmngr started. On success
212 an assuan context is stored at R_CTX. This context may only be
213 released by means of close_context. Note that NULL is stored at
216 open_context (ctrl_t ctrl, assuan_context_t *r_ctx)
224 for (dml = ctrl->dirmngr_local; dml && dml->is_active; dml = dml->next)
228 /* Found an inactive local session - return that. */
229 assert (!dml->is_active);
231 /* But first do the per session init if not yet done. */
232 if (!dml->set_keyservers_done)
234 keyserver_spec_t ksi;
236 /* Set all configured keyservers. We clear existing
237 keyservers so that any keyserver configured in GPG
238 overrides keyservers possibly still configured in Dirmngr
239 for the session (Note that the keyserver list of a
240 session in Dirmngr survives a RESET. */
241 for (ksi = opt.keyserver; ksi; ksi = ksi->next)
247 ksi == opt.keyserver? " --clear":"", ksi->uri);
249 err = gpg_error_from_syserror ();
252 err = assuan_transact (dml->ctx, line, NULL, NULL, NULL,
261 dml->set_keyservers_done = 1;
270 dml = xtrycalloc (1, sizeof *dml);
272 return gpg_error_from_syserror ();
273 err = create_context (ctrl, &dml->ctx);
280 /* To be on the nPth thread safe site we need to add it to a
281 list; this is far easier than to have a lock for this
282 function. It should not happen anyway but the code is free
283 because we need it for the is_active check above. */
284 dml->next = ctrl->dirmngr_local;
285 ctrl->dirmngr_local = dml;
290 /* Close the assuan context CTX or return it to a pool of unused
291 contexts. If CTX is NULL, the function does nothing. */
293 close_context (ctrl_t ctrl, assuan_context_t ctx)
300 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
305 log_fatal ("closing inactive dirmngr context %p\n", ctx);
310 log_fatal ("closing unknown dirmngr ctx %p\n", ctx);
314 /* Clear the set_keyservers_done flag on context CTX. */
316 clear_context_flags (ctrl_t ctrl, assuan_context_t ctx)
323 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
328 log_fatal ("clear_context_flags on inactive dirmngr ctx %p\n", ctx);
329 dml->set_keyservers_done = 0;
333 log_fatal ("clear_context_flags on unknown dirmngr ctx %p\n", ctx);
338 /* Status callback for ks_list, ks_get and ks_search. */
340 ks_status_cb (void *opaque, const char *line)
342 struct ks_status_parm_s *parm = opaque;
346 if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
350 parm->source = xtrystrdup (s);
352 err = gpg_error_from_syserror ();
361 /* Run the "KEYSERVER" command to return the name of the used
362 keyserver at R_KEYSERVER. */
364 gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
367 assuan_context_t ctx;
368 struct ks_status_parm_s stparm;
370 memset (&stparm, 0, sizeof stparm);
371 stparm.keyword = "KEYSERVER";
374 err = open_context (ctrl, &ctx);
378 err = assuan_transact (ctx, "KEYSERVER", NULL, NULL,
379 NULL, NULL, ks_status_cb, &stparm);
384 err = gpg_error (GPG_ERR_NO_KEYSERVER);
388 *r_keyserver = stparm.source;
389 stparm.source = NULL;
392 xfree (stparm.source);
393 close_context (ctrl, ctx);
399 /* Data callback for the KS_SEARCH command. */
401 ks_search_data_cb (void *opaque, const void *data, size_t datalen)
404 struct ks_search_parm_s *parm = opaque;
405 const char *line, *s;
406 size_t rawlen, linelen;
412 if (parm->stparm->source)
414 err = parm->data_cb (parm->data_cb_value, 1, parm->stparm->source);
420 /* Clear it so that we won't get back here unless the server
421 accidentally sends a second source status line. Note that
422 will not see all accidentally sent source lines because it
423 depends on whether data lines have been send in between. */
424 xfree (parm->stparm->source);
425 parm->stparm->source = NULL;
429 return 0; /* Ignore END commands. */
431 put_membuf (&parm->saveddata, data, datalen);
434 line = peek_membuf (&parm->saveddata, &rawlen);
437 parm->lasterr = gpg_error_from_syserror ();
438 return parm->lasterr; /* Tell the server about our problem. */
440 if ((s = memchr (line, '\n', rawlen)))
442 linelen = s - line; /* That is the length excluding the LF. */
443 if (linelen + 1 < sizeof fixedbuf)
445 /* We can use the static buffer. */
446 memcpy (fixedbuf, line, linelen);
447 fixedbuf[linelen] = 0;
448 if (linelen && fixedbuf[linelen-1] == '\r')
449 fixedbuf[linelen-1] = 0;
450 err = parm->data_cb (parm->data_cb_value, 0, fixedbuf);
454 if (linelen + 1 >= parm->helpbufsize)
456 xfree (parm->helpbuf);
457 parm->helpbufsize = linelen + 1 + 1024;
458 parm->helpbuf = xtrymalloc (parm->helpbufsize);
461 parm->lasterr = gpg_error_from_syserror ();
462 return parm->lasterr;
465 memcpy (parm->helpbuf, line, linelen);
466 parm->helpbuf[linelen] = 0;
467 if (linelen && parm->helpbuf[linelen-1] == '\r')
468 parm->helpbuf[linelen-1] = 0;
469 err = parm->data_cb (parm->data_cb_value, 0, parm->helpbuf);
475 clear_membuf (&parm->saveddata, linelen+1);
476 goto again; /* There might be another complete line. */
484 /* Run the KS_SEARCH command using the search string SEARCHSTR. All
485 data lines are passed to the CB function. That function is called
486 with CB_VALUE as its first argument, a 0 as second argument, and
487 the decoded data line as third argument. The callback function may
488 modify the data line and it is guaranteed that this data line is a
489 complete line with a terminating 0 character but without the
490 linefeed. NULL is passed to the callback to indicate EOF. */
492 gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
493 gpg_error_t (*cb)(void*, int, char *), void *cb_value)
496 assuan_context_t ctx;
497 struct ks_status_parm_s stparm;
498 struct ks_search_parm_s parm;
499 char line[ASSUAN_LINELENGTH];
501 err = open_context (ctrl, &ctx);
506 char *escsearchstr = percent_plus_escape (searchstr);
509 err = gpg_error_from_syserror ();
510 close_context (ctrl, ctx);
513 snprintf (line, sizeof line, "KS_SEARCH -- %s", escsearchstr);
514 xfree (escsearchstr);
517 memset (&stparm, 0, sizeof stparm);
518 memset (&parm, 0, sizeof parm);
519 init_membuf (&parm.saveddata, 1024);
521 parm.data_cb_value = cb_value;
522 parm.stparm = &stparm;
524 err = assuan_transact (ctx, line, ks_search_data_cb, &parm,
525 NULL, NULL, ks_status_cb, &stparm);
527 err = cb (cb_value, 0, NULL); /* Send EOF. */
529 xfree (get_membuf (&parm.saveddata, NULL));
530 xfree (parm.helpbuf);
531 xfree (stparm.source);
533 close_context (ctrl, ctx);
539 /* Data callback for the KS_GET and KS_FETCH commands. */
541 ks_get_data_cb (void *opaque, const void *data, size_t datalen)
544 struct ks_get_parm_s *parm = opaque;
548 return 0; /* Ignore END commands. */
550 if (es_write (parm->memfp, data, datalen, &nwritten))
551 err = gpg_error_from_syserror ();
557 /* Run the KS_GET command using the patterns in the array PATTERN. On
558 success an estream object is returned to retrieve the keys. On
559 error an error code is returned and NULL stored at R_FP.
561 The pattern may only use search specification which a keyserver can
562 use to retrieve keys. Because we know the format of the pattern we
563 don't need to escape the patterns before sending them to the
566 If R_SOURCE is not NULL the source of the data is stored as a
567 malloced string there. If a source is not known NULL is stored.
569 If there are too many patterns the function returns an error. That
570 could be fixed by issuing several search commands or by
571 implementing a different interface. However with long keyids we
572 are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */
574 gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
575 keyserver_spec_t override_keyserver,
576 estream_t *r_fp, char **r_source)
579 assuan_context_t ctx;
580 struct ks_status_parm_s stparm;
581 struct ks_get_parm_s parm;
587 memset (&stparm, 0, sizeof stparm);
588 memset (&parm, 0, sizeof parm);
594 err = open_context (ctrl, &ctx);
598 /* If we have an override keyserver we first indicate that the next
599 user of the context needs to again setup the global keyservers and
600 them we send the override keyserver. */
601 if (override_keyserver)
603 clear_context_flags (ctrl, ctx);
604 line = xtryasprintf ("KEYSERVER --clear %s", override_keyserver->uri);
607 err = gpg_error_from_syserror ();
610 err = assuan_transact (ctx, line, NULL, NULL, NULL,
619 /* Lump all patterns into one string. */
620 init_membuf (&mb, 1024);
621 put_membuf_str (&mb, "KS_GET --");
622 for (idx=0; pattern[idx]; idx++)
624 put_membuf (&mb, " ", 1); /* Append Delimiter. */
625 put_membuf_str (&mb, pattern[idx]);
627 put_membuf (&mb, "", 1); /* Append Nul. */
628 line = get_membuf (&mb, &linelen);
631 err = gpg_error_from_syserror ();
634 if (linelen + 2 >= ASSUAN_LINELENGTH)
636 err = gpg_error (GPG_ERR_TOO_MANY);
640 parm.memfp = es_fopenmem (0, "rwb");
643 err = gpg_error_from_syserror ();
646 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
647 NULL, NULL, ks_status_cb, &stparm);
651 es_rewind (parm.memfp);
657 *r_source = stparm.source;
658 stparm.source = NULL;
662 es_fclose (parm.memfp);
663 xfree (stparm.source);
665 close_context (ctrl, ctx);
670 /* Run the KS_FETCH and pass URL as argument. On success an estream
671 object is returned to retrieve the keys. On error an error code is
672 returned and NULL stored at R_FP.
674 The url is expected to point to a small set of keys; in many cases
675 only to one key. However, schemes like finger may return several
676 keys. Note that the configured keyservers are ignored by the
679 gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
682 assuan_context_t ctx;
683 struct ks_get_parm_s parm;
686 memset (&parm, 0, sizeof parm);
690 err = open_context (ctrl, &ctx);
694 line = strconcat ("KS_FETCH -- ", url, NULL);
697 err = gpg_error_from_syserror ();
700 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
702 err = gpg_error (GPG_ERR_TOO_LARGE);
706 parm.memfp = es_fopenmem (0, "rwb");
709 err = gpg_error_from_syserror ();
712 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
713 NULL, NULL, NULL, NULL);
717 es_rewind (parm.memfp);
722 es_fclose (parm.memfp);
724 close_context (ctrl, ctx);
731 record_output (estream_t output,
733 const char *validity,
734 /* The public key length or -1. */
736 /* The public key algo or -1. */
738 /* 2 ulongs or NULL. */
740 /* The creation / expiration date or 0. */
745 const char *type_str = NULL;
746 char *pub_key_length_str = NULL;
747 char *pub_key_algo_str = NULL;
748 char *keyid_str = NULL;
749 char *creation_date_str = NULL;
750 char *expiration_date_str = NULL;
751 char *userid_escaped = NULL;
758 case PKT_PUBLIC_SUBKEY:
768 assert (! "Unhandled type.");
771 if (pub_key_length > 0)
772 pub_key_length_str = xasprintf ("%d", pub_key_length);
774 if (pub_key_algo != -1)
775 pub_key_algo_str = xasprintf ("%d", pub_key_algo);
778 keyid_str = xasprintf ("%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]);
781 creation_date_str = xstrdup (colon_strtime (creation_date));
784 expiration_date_str = xstrdup (colon_strtime (expiration_date));
786 /* Quote ':', '%', and any 8-bit characters. */
792 int len = strlen (userid);
793 /* A 100k character limit on the uid should be way more than
795 if (len > 100 * 1024)
798 /* The minimum amount of space that we need. */
799 userid_escaped = xmalloc (len * 3 + 1);
801 for (r = 0; r < len; r++)
803 if (userid[r] == ':' || userid[r]== '%' || (userid[r] & 0x80))
805 sprintf (&userid_escaped[w], "%%%02X", (byte) userid[r]);
809 userid_escaped[w ++] = userid[r];
811 userid_escaped[w] = '\0';
814 es_fprintf (output, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n",
817 pub_key_length_str ?: "",
818 pub_key_algo_str ?: "",
820 creation_date_str ?: "",
821 expiration_date_str ?: "",
822 "" /* Certificate S/N */,
823 "" /* Ownertrust. */,
824 userid_escaped ?: "",
825 "" /* Signature class. */,
826 "" /* Key capabilities. */,
827 "" /* Issuer certificate fingerprint. */,
828 "" /* Flag field. */,
829 "" /* S/N of a token. */,
831 "" /* Curve name. */);
833 xfree (userid_escaped);
834 xfree (expiration_date_str);
835 xfree (creation_date_str);
837 xfree (pub_key_algo_str);
838 xfree (pub_key_length_str);
841 /* Handle the KS_PUT inquiries. */
843 ks_put_inq_cb (void *opaque, const char *line)
845 struct ks_put_parm_s *parm = opaque;
848 if (has_leading_keyword (line, "KEYBLOCK"))
851 err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
853 else if (has_leading_keyword (line, "KEYBLOCK_INFO"))
858 /* Parse the keyblock and send info lines back to the server. */
859 fp = es_fopenmem (0, "rw,samethread");
861 err = gpg_error_from_syserror ();
863 /* Note: the output format for the INFO block follows the colon
864 format as described in doc/DETAILS. We don't actually reuse
865 the functionality from g10/keylist.c to produce the output,
866 because we don't need all of it and some of it is quite
867 expensive to generate.
869 The fields are (the starred fields are the ones we need):
871 * Field 1 - Type of record
873 * Field 3 - Key length
874 * Field 4 - Public key algorithm
876 * Field 6 - Creation date
877 * Field 7 - Expiration date
878 Field 8 - Certificate S/N, UID hash, trust signature info
881 Field 11 - Signature class
882 Field 12 - Key capabilities
883 Field 13 - Issuer certificate fingerprint or other info
884 Field 14 - Flag field
885 Field 15 - S/N of a token
886 Field 16 - Hash algorithm
887 Field 17 - Curve name
889 for (node = parm->keyblock; !err && node; node=node->next)
891 switch (node->pkt->pkttype)
894 case PKT_PUBLIC_SUBKEY:
896 PKT_public_key *pk = node->pkt->pkt.public_key;
902 if (pk->flags.revoked)
903 validity[i ++] = 'r';
905 validity[i ++] = 'e';
908 keyid_from_pk (pk, NULL);
910 record_output (fp, node->pkt->pkttype, validity,
911 nbits_from_pk (pk), pk->pubkey_algo,
912 pk->keyid, pk->timestamp, pk->expiredate,
919 PKT_user_id *uid = node->pkt->pkt.user_id;
921 if (!uid->attrib_data)
928 validity[i ++] = 'r';
930 validity[i ++] = 'e';
933 record_output (fp, node->pkt->pkttype, validity,
935 uid->created, uid->expiredate,
941 /* This bit is really for the benefit of people who
942 store their keys in LDAP servers. It makes it easy
943 to do queries for things like "all keys signed by
947 PKT_signature *sig = node->pkt->pkt.signature;
949 if (IS_UID_SIG (sig))
950 record_output (fp, node->pkt->pkttype, NULL,
952 sig->timestamp, sig->expiredate, NULL);
959 /* Given that the last operation was an es_fprintf we should
960 get the correct ERRNO if ferror indicates an error. */
962 err = gpg_error_from_syserror ();
965 /* Without an error and if we have an keyblock at all, send the
967 if (!err && parm->keyblock)
974 while (!(rc=es_read (fp, buffer, sizeof buffer, &nread)) && nread)
976 err = assuan_send_data (parm->ctx, buffer, nread);
981 err = gpg_error_from_syserror ();
986 return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
992 /* Send a key to the configured server. {DATA,DATLEN} contains the
993 key in OpenPGP binary transport format. If KEYBLOCK is not NULL it
994 has the internal representaion of that key; this is for example
995 used to convey meta data to LDAP keyservers. */
997 gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
1000 assuan_context_t ctx;
1001 struct ks_put_parm_s parm;
1003 memset (&parm, 0, sizeof parm);
1005 /* We are going to parse the keyblock, thus we better make sure the
1006 all information is readily available. */
1008 merge_keys_and_selfsig (keyblock);
1010 err = open_context (ctrl, &ctx);
1015 parm.keyblock = keyblock;
1017 parm.datalen = datalen;
1019 err = assuan_transact (ctx, "KS_PUT", NULL, NULL,
1020 ks_put_inq_cb, &parm, NULL, NULL);
1022 close_context (ctrl, ctx);
1028 /* Data callback for the DNS_CERT command. */
1030 dns_cert_data_cb (void *opaque, const void *data, size_t datalen)
1032 struct dns_cert_parm_s *parm = opaque;
1033 gpg_error_t err = 0;
1037 return 0; /* Ignore END commands. */
1039 return 0; /* Data is not required. */
1041 if (es_write (parm->memfp, data, datalen, &nwritten))
1042 err = gpg_error_from_syserror ();
1048 /* Status callback for the DNS_CERT command. */
1050 dns_cert_status_cb (void *opaque, const char *line)
1052 struct dns_cert_parm_s *parm = opaque;
1053 gpg_error_t err = 0;
1057 if ((s = has_leading_keyword (line, "FPR")))
1061 if (!(buf = xtrystrdup (s)))
1062 err = gpg_error_from_syserror ();
1064 err = gpg_error (GPG_ERR_DUP_KEY);
1065 else if (!hex2str (buf, buf, strlen (buf)+1, &nbytes))
1066 err = gpg_error_from_syserror ();
1067 else if (nbytes < 20)
1068 err = gpg_error (GPG_ERR_TOO_SHORT);
1071 parm->fpr = xtrymalloc (nbytes);
1073 err = gpg_error_from_syserror ();
1075 memcpy (parm->fpr, buf, (parm->fprlen = nbytes));
1079 else if ((s = has_leading_keyword (line, "URL")) && *s)
1082 err = gpg_error (GPG_ERR_DUP_KEY);
1083 else if (!(parm->fpr = xtrymalloc (nbytes)))
1084 err = gpg_error_from_syserror ();
1086 memcpy (parm->fpr, line, (parm->fprlen = nbytes));
1092 /* Ask the dirmngr for a DNS CERT record. Depending on the found
1093 subtypes different return values are set:
1095 - For a PGP subtype a new estream with that key will be returned at
1096 R_KEY and the other return parameters are set to NULL/0.
1098 - For an IPGP subtype the fingerprint is stored as a malloced block
1099 at (R_FPR,R_FPRLEN). If an URL is available it is stored as a
1100 malloced string at R_URL; NULL is stored if there is no URL.
1102 If CERTTYPE is DNS_CERTTYPE_ANY this function returns the first
1103 CERT record found with a supported type; it is expected that only
1104 one CERT record is used. If CERTTYPE is one of the supported
1105 certtypes, only records with this certtype are considered and the
1106 first one found is returned. All R_* args are optional.
1108 If CERTTYPE is NULL the DANE method is used to fetch the key.
1111 gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
1113 unsigned char **r_fpr, size_t *r_fprlen,
1117 assuan_context_t ctx;
1118 struct dns_cert_parm_s parm;
1121 memset (&parm, 0, sizeof parm);
1131 err = open_context (ctrl, &ctx);
1135 line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name);
1138 err = gpg_error_from_syserror ();
1141 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1143 err = gpg_error (GPG_ERR_TOO_LARGE);
1147 parm.memfp = es_fopenmem (0, "rwb");
1150 err = gpg_error_from_syserror ();
1153 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1154 NULL, NULL, dns_cert_status_cb, &parm);
1160 es_rewind (parm.memfp);
1161 *r_key = parm.memfp;
1165 if (r_fpr && parm.fpr)
1171 *r_fprlen = parm.fprlen;
1173 if (r_url && parm.url)
1182 es_fclose (parm.memfp);
1184 close_context (ctrl, ctx);
1189 /* Ask the dirmngr for PKA info. On success the retrieved fingerprint
1190 is returned in a malloced buffer at R_FPR and its length is stored
1191 at R_FPRLEN. If an URL is available it is stored as a malloced
1192 string at R_URL. On error all return values are set to NULL/0. */
1194 gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
1195 unsigned char **r_fpr, size_t *r_fprlen,
1199 assuan_context_t ctx;
1200 struct dns_cert_parm_s parm;
1203 memset (&parm, 0, sizeof parm);
1211 err = open_context (ctrl, &ctx);
1215 line = es_bsprintf ("DNS_CERT --pka -- %s", userid);
1218 err = gpg_error_from_syserror ();
1221 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1223 err = gpg_error (GPG_ERR_TOO_LARGE);
1227 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1228 NULL, NULL, dns_cert_status_cb, &parm);
1232 if (r_fpr && parm.fpr)
1238 *r_fprlen = parm.fprlen;
1240 if (r_url && parm.url)
1250 close_context (ctrl, ctx);