1 /* call-dirmngr.c - GPG operations to the Dirmngr.
2 * Copyright (C) 2011 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
39 #include "keyserver.h"
40 #include "call-dirmngr.h"
43 /* Parameter structure used to gather status info. */
44 struct ks_status_parm_s
50 /* Parameter structure used with the KS_SEARCH command. */
51 struct ks_search_parm_s
53 gpg_error_t lasterr; /* Last error code. */
54 membuf_t saveddata; /* Buffer to build complete lines. */
55 char *helpbuf; /* NULL or malloced buffer. */
56 size_t helpbufsize; /* Allocated size of HELPBUF. */
57 gpg_error_t (*data_cb)(void*, int, char*); /* Callback. */
58 void *data_cb_value; /* First argument for DATA_CB. */
59 struct ks_status_parm_s *stparm; /* Link to the status parameter. */
63 /* Parameter structure used with the KS_GET command. */
70 /* Parameter structure used with the KS_PUT command. */
74 kbnode_t keyblock; /* The optional keyblock. */
75 const void *data; /* The key in OpenPGP binary format. */
76 size_t datalen; /* The length of DATA. */
80 /* Data used to associate an session with dirmngr contexts. We can't
81 use a simple one to one mapping because we sometimes need two
82 connections to the dirmngr; for example while doing a listing and
83 being in a data callback we may want to retrieve a key. The local
84 dirmngr data takes care of this. At the end of the session the
85 function dirmngr_deinit_session_data is called by gpg.c to cleanup
86 these resources. Note that gpg.h defines a typedef dirmngr_local_t
87 for this structure. */
88 struct dirmngr_local_s
90 /* Link to other contexts which are used simultaneously. */
91 struct dirmngr_local_s *next;
93 /* The active Assuan context. */
96 /* Flag set to true while an operation is running on CTX. */
102 /* Deinitialize all session data of dirmngr pertaining to CTRL. */
104 gpg_dirmngr_deinit_session_data (ctrl_t ctrl)
108 while ((dml = ctrl->dirmngr_local))
110 ctrl->dirmngr_local = dml->next;
112 log_error ("oops: trying to cleanup an active dirmngr context\n");
114 assuan_release (dml->ctx);
120 /* Try to connect to the Dirmngr via a socket or spawn it if possible.
121 Handle the server's initial greeting and set global options. */
123 create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
126 assuan_context_t ctx;
129 err = start_new_dirmngr (&ctx,
130 GPG_ERR_SOURCE_DEFAULT,
133 opt.autostart, opt.verbose, DBG_ASSUAN,
134 NULL /*gpg_status2*/, ctrl);
135 if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
142 log_info (_("no dirmngr running in this session\n"));
147 keyserver_spec_t ksi;
149 /* Tell the dirmngr that we want to collect audit event. */
150 /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */
151 /* NULL, NULL, NULL, NULL, NULL, NULL); */
153 /* Set all configured keyservers. We clear existing keyservers
154 so that any keyserver configured in GPG overrides keyservers
155 possibly still configured in Dirmngr for the session (Note
156 that the keyserver list of a session in Dirmngr survives a
158 for (ksi = opt.keyserver; !err && ksi; ksi = ksi->next)
162 line = xtryasprintf ("KEYSERVER%s %s",
163 ksi == opt.keyserver? " --clear":"", ksi->uri);
165 err = gpg_error_from_syserror ();
168 err = assuan_transact (ctx, line,
169 NULL, NULL, NULL, NULL, NULL, NULL);
176 assuan_release (ctx);
179 /* audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); */
187 /* Get a context for accessing dirmngr. If no context is available a
188 new one is created and - if required - dirmngr started. On success
189 an assuan context is stored at R_CTX. This context may only be
190 released by means of close_context. Note that NULL is stored at
193 open_context (ctrl_t ctrl, assuan_context_t *r_ctx)
201 for (dml = ctrl->dirmngr_local; dml && dml->is_active; dml = dml->next)
205 /* Found an inactive local session - return that. */
206 assert (!dml->is_active);
212 dml = xtrycalloc (1, sizeof *dml);
214 return gpg_error_from_syserror ();
215 err = create_context (ctrl, &dml->ctx);
221 /* To be on the nPth thread safe site we need to add it to a
222 list; this is far easier than to have a lock for this
223 function. It should not happen anyway but the code is free
224 because we need it for the is_active check above. */
225 dml->next = ctrl->dirmngr_local;
226 ctrl->dirmngr_local = dml;
231 /* Close the assuan context CTX or return it to a pool of unused
232 contexts. If CTX is NULL, the function does nothing. */
234 close_context (ctrl_t ctrl, assuan_context_t ctx)
241 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
246 log_fatal ("closing inactive dirmngr context %p\n", ctx);
251 log_fatal ("closing unknown dirmngr ctx %p\n", ctx);
256 /* Status callback for ks_get and ks_search. */
258 ks_status_cb (void *opaque, const char *line)
260 struct ks_status_parm_s *parm = opaque;
264 if ((s = has_leading_keyword (line, "SOURCE")))
268 parm->source = xtrystrdup (s);
270 err = gpg_error_from_syserror ();
279 /* Data callback for the KS_SEARCH command. */
281 ks_search_data_cb (void *opaque, const void *data, size_t datalen)
284 struct ks_search_parm_s *parm = opaque;
285 const char *line, *s;
286 size_t rawlen, linelen;
292 if (parm->stparm->source)
294 err = parm->data_cb (parm->data_cb_value, 1, parm->stparm->source);
300 /* Clear it so that we won't get back here unless the server
301 accidentally sends a second source status line. Note that
302 will not see all accidentally sent source lines because it
303 depends on whether data lines have been send in between. */
304 xfree (parm->stparm->source);
305 parm->stparm->source = NULL;
309 return 0; /* Ignore END commands. */
311 put_membuf (&parm->saveddata, data, datalen);
314 line = peek_membuf (&parm->saveddata, &rawlen);
317 parm->lasterr = gpg_error_from_syserror ();
318 return parm->lasterr; /* Tell the server about our problem. */
320 if ((s = memchr (line, '\n', rawlen)))
322 linelen = s - line; /* That is the length excluding the LF. */
323 if (linelen + 1 < sizeof fixedbuf)
325 /* We can use the static buffer. */
326 memcpy (fixedbuf, line, linelen);
327 fixedbuf[linelen] = 0;
328 if (linelen && fixedbuf[linelen-1] == '\r')
329 fixedbuf[linelen-1] = 0;
330 err = parm->data_cb (parm->data_cb_value, 0, fixedbuf);
334 if (linelen + 1 >= parm->helpbufsize)
336 xfree (parm->helpbuf);
337 parm->helpbufsize = linelen + 1 + 1024;
338 parm->helpbuf = xtrymalloc (parm->helpbufsize);
341 parm->lasterr = gpg_error_from_syserror ();
342 return parm->lasterr;
345 memcpy (parm->helpbuf, line, linelen);
346 parm->helpbuf[linelen] = 0;
347 if (linelen && parm->helpbuf[linelen-1] == '\r')
348 parm->helpbuf[linelen-1] = 0;
349 err = parm->data_cb (parm->data_cb_value, 0, parm->helpbuf);
355 clear_membuf (&parm->saveddata, linelen+1);
356 goto again; /* There might be another complete line. */
364 /* Run the KS_SEARCH command using the search string SEARCHSTR. All
365 data lines are passed to the CB function. That function is called
366 with CB_VALUE as its first argument, a 0 as second argument, and
367 the decoded data line as third argument. The callback function may
368 modify the data line and it is guaranteed that this data line is a
369 complete line with a terminating 0 character but without the
370 linefeed. NULL is passed to the callback to indicate EOF. */
372 gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
373 gpg_error_t (*cb)(void*, int, char *), void *cb_value)
376 assuan_context_t ctx;
377 struct ks_status_parm_s stparm;
378 struct ks_search_parm_s parm;
379 char line[ASSUAN_LINELENGTH];
381 err = open_context (ctrl, &ctx);
386 char *escsearchstr = percent_plus_escape (searchstr);
389 err = gpg_error_from_syserror ();
390 close_context (ctrl, ctx);
393 snprintf (line, sizeof line, "KS_SEARCH -- %s", escsearchstr);
394 xfree (escsearchstr);
397 memset (&stparm, 0, sizeof stparm);
398 memset (&parm, 0, sizeof parm);
399 init_membuf (&parm.saveddata, 1024);
401 parm.data_cb_value = cb_value;
402 parm.stparm = &stparm;
404 err = assuan_transact (ctx, line, ks_search_data_cb, &parm,
405 NULL, NULL, ks_status_cb, &stparm);
407 err = cb (cb_value, 0, NULL); /* Send EOF. */
409 xfree (get_membuf (&parm.saveddata, NULL));
410 xfree (parm.helpbuf);
411 xfree (stparm.source);
413 close_context (ctrl, ctx);
419 /* Data callback for the KS_GET and KS_FETCH commands. */
421 ks_get_data_cb (void *opaque, const void *data, size_t datalen)
424 struct ks_get_parm_s *parm = opaque;
428 return 0; /* Ignore END commands. */
430 if (es_write (parm->memfp, data, datalen, &nwritten))
431 err = gpg_error_from_syserror ();
437 /* Run the KS_GET command using the patterns in the array PATTERN. On
438 success an estream object is returned to retrieve the keys. On
439 error an error code is returned and NULL stored at R_FP.
441 The pattern may only use search specification which a keyserver can
442 use to retrieve keys. Because we know the format of the pattern we
443 don't need to escape the patterns before sending them to the
446 If R_SOURCE is not NULL the source of the data is stored as a
447 malloced string there. If a source is not known NULL is stored.
449 If there are too many patterns the function returns an error. That
450 could be fixed by issuing several search commands or by
451 implementing a different interface. However with long keyids we
452 are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */
454 gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
455 estream_t *r_fp, char **r_source)
458 assuan_context_t ctx;
459 struct ks_status_parm_s stparm;
460 struct ks_get_parm_s parm;
466 memset (&stparm, 0, sizeof stparm);
467 memset (&parm, 0, sizeof parm);
473 err = open_context (ctrl, &ctx);
477 /* Lump all patterns into one string. */
478 init_membuf (&mb, 1024);
479 put_membuf_str (&mb, "KS_GET --");
480 for (idx=0; pattern[idx]; idx++)
482 put_membuf (&mb, " ", 1); /* Append Delimiter. */
483 put_membuf_str (&mb, pattern[idx]);
485 put_membuf (&mb, "", 1); /* Append Nul. */
486 line = get_membuf (&mb, &linelen);
489 err = gpg_error_from_syserror ();
492 if (linelen + 2 >= ASSUAN_LINELENGTH)
494 err = gpg_error (GPG_ERR_TOO_MANY);
498 parm.memfp = es_fopenmem (0, "rwb");
501 err = gpg_error_from_syserror ();
504 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
505 NULL, NULL, ks_status_cb, &stparm);
509 es_rewind (parm.memfp);
515 *r_source = stparm.source;
516 stparm.source = NULL;
520 es_fclose (parm.memfp);
521 xfree (stparm.source);
523 close_context (ctrl, ctx);
528 /* Run the KS_FETCH and pass URL as argument. On success an estream
529 object is returned to retrieve the keys. On error an error code is
530 returned and NULL stored at R_FP.
532 The url is expected to point to a small set of keys; in many cases
533 only to one key. However, schemes like finger may return several
534 keys. Note that the configured keyservers are ignored by the
537 gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
540 assuan_context_t ctx;
541 struct ks_get_parm_s parm;
544 memset (&parm, 0, sizeof parm);
548 err = open_context (ctrl, &ctx);
552 line = strconcat ("KS_FETCH -- ", url, NULL);
555 err = gpg_error_from_syserror ();
558 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
560 err = gpg_error (GPG_ERR_TOO_LARGE);
564 parm.memfp = es_fopenmem (0, "rwb");
567 err = gpg_error_from_syserror ();
570 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
571 NULL, NULL, NULL, NULL);
575 es_rewind (parm.memfp);
580 es_fclose (parm.memfp);
582 close_context (ctrl, ctx);
588 /* Handle the KS_PUT inquiries. */
590 ks_put_inq_cb (void *opaque, const char *line)
592 struct ks_put_parm_s *parm = opaque;
595 if (has_leading_keyword (line, "KEYBLOCK"))
598 err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
600 else if (has_leading_keyword (line, "KEYBLOCK_INFO"))
605 /* Parse the keyblock and send info lines back to the server. */
606 fp = es_fopenmem (0, "rw,samethread");
608 err = gpg_error_from_syserror ();
610 for (node = parm->keyblock; !err && node; node=node->next)
612 switch(node->pkt->pkttype)
615 case PKT_PUBLIC_SUBKEY:
617 PKT_public_key *pk = node->pkt->pkt.public_key;
619 keyid_from_pk (pk, NULL);
621 es_fprintf (fp, "%s:%08lX%08lX:%u:%u:%u:%u:%s%s:\n",
622 node->pkt->pkttype==PKT_PUBLIC_KEY? "pub" : "sub",
623 (ulong)pk->keyid[0], (ulong)pk->keyid[1],
628 pk->flags.revoked? "r":"",
629 pk->has_expired? "e":"");
635 PKT_user_id *uid = node->pkt->pkt.user_id;
638 if (!uid->attrib_data)
640 es_fprintf (fp, "uid:");
642 /* Quote ':', '%', and any 8-bit characters. */
643 for (r=0; r < uid->len; r++)
645 if (uid->name[r] == ':'
646 || uid->name[r]== '%'
647 || (uid->name[r]&0x80))
648 es_fprintf (fp, "%%%02X", (byte)uid->name[r]);
650 es_putc (uid->name[r], fp);
653 es_fprintf (fp, ":%u:%u:%s%s:\n",
654 uid->created,uid->expiredate,
655 uid->is_revoked? "r":"",
656 uid->is_expired? "e":"");
661 /* This bit is really for the benefit of people who
662 store their keys in LDAP servers. It makes it easy
663 to do queries for things like "all keys signed by
667 PKT_signature *sig = node->pkt->pkt.signature;
669 if (IS_UID_SIG (sig))
671 es_fprintf (fp, "sig:%08lX%08lX:%X:%u:%u:\n",
672 (ulong)sig->keyid[0],(ulong)sig->keyid[1],
673 sig->sig_class, sig->timestamp,
682 /* Given that the last operation was an es_fprintf we should
683 get the correct ERRNO if ferror indicates an error. */
685 err = gpg_error_from_syserror ();
688 /* Without an error and if we have an keyblock at all, send the
690 if (!err && parm->keyblock)
697 while (!(rc=es_read (fp, buffer, sizeof buffer, &nread)) && nread)
699 err = assuan_send_data (parm->ctx, buffer, nread);
704 err = gpg_error_from_syserror ();
709 return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
715 /* Send a key to the configured server. {DATA,DATLEN} contains the
716 key in OpenPGP binary transport format. If KEYBLOCK is not NULL it
717 has the internal representaion of that key; this is for example
718 used to convey meta data to LDAP keyservers. */
720 gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
723 assuan_context_t ctx;
724 struct ks_put_parm_s parm;
726 memset (&parm, 0, sizeof parm);
728 /* We are going to parse the keyblock, thus we better make sure the
729 all information is readily available. */
731 merge_keys_and_selfsig (keyblock);
733 err = open_context (ctrl, &ctx);
738 parm.keyblock = keyblock;
740 parm.datalen = datalen;
742 err = assuan_transact (ctx, "KS_PUT", NULL, NULL,
743 ks_put_inq_cb, &parm, NULL, NULL);
745 close_context (ctrl, ctx);