1 /* server.c - server mode for gpg
2 * Copyright (C) 2006, 2008 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
35 #include "../common/server-help.h"
36 #include "../common/sysutils.h"
40 #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
43 /* Data used to associate an Assuan context with local server data. */
46 /* Our current Assuan context. */
47 assuan_context_t assuan_ctx;
48 /* File descriptor as set by the MESSAGE command. */
49 gnupg_fd_t message_fd;
51 /* List of prepared recipients. */
54 /* Set if pinentry notifications should be passed back to the
56 int allow_pinentry_notify;
61 /* Helper to close the message fd if it is open. */
63 close_message_fd (ctrl_t ctrl)
65 if (ctrl->server_local->message_fd != GNUPG_INVALID_FD)
67 assuan_sock_close (ctrl->server_local->message_fd);
68 ctrl->server_local->message_fd = GNUPG_INVALID_FD;
73 /* Called by libassuan for Assuan options. See the Assuan manual for
76 option_handler (assuan_context_t ctx, const char *key, const char *value)
78 ctrl_t ctrl = assuan_get_pointer (ctx);
82 /* Fixme: Implement the tty and locale args. */
83 if (!strcmp (key, "display"))
86 else if (!strcmp (key, "ttyname"))
89 else if (!strcmp (key, "ttytype"))
92 else if (!strcmp (key, "lc-ctype"))
95 else if (!strcmp (key, "lc-messages"))
98 else if (!strcmp (key, "xauthority"))
101 else if (!strcmp (key, "pinentry_user_data"))
104 else if (!strcmp (key, "list-mode"))
106 /* This is for now a dummy option. */
108 else if (!strcmp (key, "allow-pinentry-notify"))
110 ctrl->server_local->allow_pinentry_notify = 1;
113 return gpg_error (GPG_ERR_UNKNOWN_OPTION);
119 /* Called by libassuan for RESET commands. */
121 reset_notify (assuan_context_t ctx, char *line)
123 ctrl_t ctrl = assuan_get_pointer (ctx);
127 release_pk_list (ctrl->server_local->recplist);
128 ctrl->server_local->recplist = NULL;
130 close_message_fd (ctrl);
131 assuan_close_input_fd (ctx);
132 assuan_close_output_fd (ctx);
137 /* Called by libassuan for INPUT commands. */
139 input_notify (assuan_context_t ctx, char *line)
141 /* ctrl_t ctrl = assuan_get_pointer (ctx); */
145 if (strstr (line, "--armor"))
147 else if (strstr (line, "--base64"))
149 else if (strstr (line, "--binary"))
153 /* FIXME (autodetect encoding) */
159 /* Called by libassuan for OUTPUT commands. */
161 output_notify (assuan_context_t ctx, char *line)
163 /* ctrl_t ctrl = assuan_get_pointer (ctx); */
167 if (strstr (line, "--armor"))
169 else if (strstr (line, "--base64"))
179 /* RECIPIENT [--hidden] <userID>
181 Set the recipient for the encryption. <userID> should be the
182 internal representation of the key; the server may accept any other
183 way of specification. If this is a valid and trusted recipient the
184 server does respond with OK, otherwise the return is an ERR with
185 the reason why the recipient can't be used, the encryption will
186 then not be done for this recipient. If the policy is not to
187 encrypt at all if not all recipients are valid, the client has to
188 take care of this. All RECIPIENT commands are cumulative until a
189 RESET or an successful ENCRYPT command. */
191 cmd_recipient (assuan_context_t ctx, char *line)
193 ctrl_t ctrl = assuan_get_pointer (ctx);
197 hidden = has_option (line,"--hidden");
198 line = skip_options (line);
200 /* FIXME: Expand groups
202 remusr = expand_group (rcpts);
207 err = find_and_check_key (ctrl, line, PUBKEY_USAGE_ENC, hidden,
208 &ctrl->server_local->recplist);
211 log_error ("command '%s' failed: %s\n", "RECIPIENT", gpg_strerror (err));
219 Set the signer's keys for the signature creation. <userID> should
220 be the internal representation of the key; the server may accept
221 any other way of specification. If this is a valid and usable
222 signing key the server does respond with OK, otherwise it returns
223 an ERR with the reason why the key can't be used, the signing will
224 then not be done for this key. If the policy is not to sign at all
225 if not all signer keys are valid, the client has to take care of
226 this. All SIGNER commands are cumulative until a RESET but they
227 are *not* reset by an SIGN command because it can be expected that
228 set of signers are used for more than one sign operation.
230 Note that this command returns an INV_RECP status which is a bit
231 strange, but they are very similar. */
233 cmd_signer (assuan_context_t ctx, char *line)
237 return gpg_error (GPG_ERR_NOT_SUPPORTED);
244 Do the actual encryption process. Takes the plaintext from the
245 INPUT command, writes the ciphertext to the file descriptor set
246 with the OUTPUT command, take the recipients from all the
247 recipients set so far with RECIPIENTS.
249 If this command fails the clients should try to delete all output
250 currently done or otherwise mark it as invalid. GPG does ensure
251 that there won't be any security problem with leftover data on the
254 In most cases this command won't fail because most necessary checks
255 have been done while setting the recipients. However some checks
256 can only be done right here and thus error may occur anyway (for
257 example, no recipients at all).
259 The input, output and message pipes are closed after this
262 cmd_encrypt (assuan_context_t ctx, char *line)
264 ctrl_t ctrl = assuan_get_pointer (ctx);
268 (void)line; /* LINE is not used. */
270 if ( !ctrl->server_local->recplist )
272 write_status_text (STATUS_NO_RECP, "0");
273 err = gpg_error (GPG_ERR_NO_USER_ID);
277 inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
280 err = set_error (GPG_ERR_ASS_NO_INPUT, NULL);
283 out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
286 err = set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
291 /* FIXME: GPGSM does this here: Add all encrypt-to marked recipients
292 from the default list. */
294 /* fixme: err = ctrl->audit? 0 : start_audit_session (ctrl);*/
296 err = encrypt_crypt (ctrl, inp_fd, NULL, NULL, 0,
297 ctrl->server_local->recplist,
301 /* Release the recipient list on success. */
304 release_pk_list (ctrl->server_local->recplist);
305 ctrl->server_local->recplist = NULL;
308 /* Close and reset the fds. */
309 close_message_fd (ctrl);
310 assuan_close_input_fd (ctx);
311 assuan_close_output_fd (ctx);
314 log_error ("command '%s' failed: %s\n", "ENCRYPT", gpg_strerror (err));
322 This performs the decrypt operation. */
324 cmd_decrypt (assuan_context_t ctx, char *line)
326 ctrl_t ctrl = assuan_get_pointer (ctx);
330 (void)line; /* LINE is not used. */
332 inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
334 return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
335 out_fd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1);
337 return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
339 glo_ctrl.lasterr = 0;
340 err = decrypt_message_fd (ctrl, inp_fd, out_fd);
342 err = glo_ctrl.lasterr;
344 /* Close and reset the fds. */
345 close_message_fd (ctrl);
346 assuan_close_input_fd (ctx);
347 assuan_close_output_fd (ctx);
350 log_error ("command '%s' failed: %s\n", "DECRYPT", gpg_strerror (err));
358 This does a verify operation on the message send to the input-FD.
359 The result is written out using status lines. If an output FD was
360 given, the signed text will be written to that.
362 If the signature is a detached one, the server will inquire about
363 the signed material and the client must provide it.
366 cmd_verify (assuan_context_t ctx, char *line)
369 #ifdef HAVE_W32_SYSTEM
372 rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
374 ctrl_t ctrl = assuan_get_pointer (ctx);
375 gnupg_fd_t fd = assuan_get_input_fd (ctx);
376 gnupg_fd_t out_fd = assuan_get_output_fd (ctx);
377 estream_t out_fp = NULL;
379 /* FIXME: Revamp this code it is nearly to 3 years old and was only
380 intended as a quick test. */
384 if (fd == GNUPG_INVALID_FD)
385 return gpg_error (GPG_ERR_ASS_NO_INPUT);
387 if (out_fd != GNUPG_INVALID_FD)
391 #ifdef HAVE_W32_SYSTEM
392 syshd.type = ES_SYSHD_HANDLE;
393 syshd.u.handle = out_fd;
395 syshd.type = ES_SYSHD_FD;
398 out_fp = es_sysopen_nc (&syshd, "w");
400 return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
403 log_debug ("WARNING: The server mode is WORK "
404 "IN PROGRESS and not ready for use\n");
406 rc = gpg_verify (ctrl, fd, ctrl->server_local->message_fd, out_fp);
409 close_message_fd (ctrl);
410 assuan_close_input_fd (ctx);
411 assuan_close_output_fd (ctx);
415 log_error ("command '%s' failed: %s\n", "VERIFY", gpg_strerror (rc));
423 Sign the data set with the INPUT command and write it to the sink
424 set by OUTPUT. With "--detached" specified, a detached signature
427 cmd_sign (assuan_context_t ctx, char *line)
431 return gpg_error (GPG_ERR_NOT_SUPPORTED);
438 Import keys as read from the input-fd, return status message for
439 each imported one. The import checks the validity of the key. */
441 cmd_import (assuan_context_t ctx, char *line)
445 return gpg_error (GPG_ERR_NOT_SUPPORTED);
450 /* EXPORT [--data [--armor|--base64]] [--] pattern
452 Similar to the --export command line command, this command exports
453 public keys matching PATTERN. The output is send to the output fd
454 unless the --data option has been used in which case the output
455 gets send inline using regular data lines. The options "--armor"
456 and "--base" ospecify an output format if "--data" has been used.
457 Recall that in general the output format is set with the OUTPUT
461 cmd_export (assuan_context_t ctx, char *line)
465 return gpg_error (GPG_ERR_NOT_SUPPORTED);
475 cmd_delkeys (assuan_context_t ctx, char *line)
479 return gpg_error (GPG_ERR_NOT_SUPPORTED);
486 Set the file descriptor to read a message which is used with
487 detached signatures. */
489 cmd_message (assuan_context_t ctx, char *line)
493 ctrl_t ctrl = assuan_get_pointer (ctx);
495 rc = assuan_command_parse_fd (ctx, line, &fd);
498 if (fd == GNUPG_INVALID_FD)
499 return gpg_error (GPG_ERR_ASS_NO_INPUT);
500 ctrl->server_local->message_fd = fd;
506 /* LISTKEYS [<patterns>]
507 LISTSECRETKEYS [<patterns>]
512 do_listkeys (assuan_context_t ctx, char *line, int mode)
518 return gpg_error (GPG_ERR_NOT_SUPPORTED);
523 cmd_listkeys (assuan_context_t ctx, char *line)
525 return do_listkeys (ctx, line, 3);
530 cmd_listsecretkeys (assuan_context_t ctx, char *line)
532 return do_listkeys (ctx, line, 2);
539 Read the parameters in native format from the input fd and create a
543 cmd_genkey (assuan_context_t ctx, char *line)
547 return gpg_error (GPG_ERR_NOT_SUPPORTED);
553 Multipurpose function to return a variety of information.
554 Supported values for WHAT are:
556 version - Return the version of the program.
557 pid - Return the process id of the server.
561 cmd_getinfo (assuan_context_t ctx, char *line)
565 if (!strcmp (line, "version"))
567 const char *s = VERSION;
568 rc = assuan_send_data (ctx, s, strlen (s));
570 else if (!strcmp (line, "pid"))
574 snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
575 rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
578 rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
582 static const char hlp_passwd[] =
585 "Change the passphrase of the secret key for USERID.";
587 cmd_passwd (assuan_context_t ctx, char *line)
589 /* ctrl_t ctrl = assuan_get_pointer (ctx); */
594 /* line = skip_options (line); */
596 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
604 /* Helper to register our commands with libassuan. */
606 register_commands (assuan_context_t ctx)
611 assuan_handler_t handler;
612 const char * const help;
614 { "RECIPIENT", cmd_recipient },
615 { "SIGNER", cmd_signer },
616 { "ENCRYPT", cmd_encrypt },
617 { "DECRYPT", cmd_decrypt },
618 { "VERIFY", cmd_verify },
619 { "SIGN", cmd_sign },
620 { "IMPORT", cmd_import },
621 { "EXPORT", cmd_export },
624 { "MESSAGE", cmd_message },
625 { "LISTKEYS", cmd_listkeys },
626 { "LISTSECRETKEYS",cmd_listsecretkeys },
627 { "GENKEY", cmd_genkey },
628 { "DELKEYS", cmd_delkeys },
629 { "GETINFO", cmd_getinfo },
630 { "PASSWD", cmd_passwd, hlp_passwd},
635 for (i=0; table[i].name; i++)
637 rc = assuan_register_command (ctx, table[i].name,
638 table[i].handler, table[i].help);
648 /* Startup the server. CTRL must have been allocated by the caller
649 and set to the default values. */
651 gpg_server (ctrl_t ctrl)
654 #ifndef HAVE_W32_SYSTEM
657 assuan_context_t ctx = NULL;
658 static const char hello[] = ("GNU Privacy Guard's OpenPGP server "
661 /* We use a pipe based server so that we can work from scripts.
662 assuan_init_pipe_server will automagically detect when we are
663 called with a socketpair and ignore FILEDES in this case. */
664 #ifndef HAVE_W32_SYSTEM
665 filedes[0] = assuan_fdopen (0);
666 filedes[1] = assuan_fdopen (1);
668 rc = assuan_new (&ctx);
671 log_error ("failed to allocate the assuan context: %s\n",
676 #ifdef HAVE_W32_SYSTEM
677 rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
679 rc = assuan_init_pipe_server (ctx, filedes);
683 log_error ("failed to initialize the server: %s\n", gpg_strerror (rc));
687 rc = register_commands (ctx);
690 log_error ("failed to the register commands with Assuan: %s\n",
695 assuan_set_pointer (ctx, ctrl);
696 if (opt.verbose || opt.debug)
700 tmp = xtryasprintf ("Home: %s\n"
704 "fixme: need config filename",
708 assuan_set_hello_line (ctx, tmp);
713 assuan_set_hello_line (ctx, hello);
714 assuan_register_reset_notify (ctx, reset_notify);
715 assuan_register_input_notify (ctx, input_notify);
716 assuan_register_output_notify (ctx, output_notify);
717 assuan_register_option_handler (ctx, option_handler);
719 ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local);
720 if (!ctrl->server_local)
722 rc = gpg_error_from_syserror ();
725 ctrl->server_local->assuan_ctx = ctx;
726 ctrl->server_local->message_fd = GNUPG_INVALID_FD;
730 rc = assuan_accept (ctx);
738 log_info ("Assuan accept problem: %s\n", gpg_strerror (rc));
742 rc = assuan_process (ctx);
745 log_info ("Assuan processing failed: %s\n", gpg_strerror (rc));
751 if (ctrl->server_local)
753 release_pk_list (ctrl->server_local->recplist);
755 xfree (ctrl->server_local);
756 ctrl->server_local = NULL;
758 assuan_release (ctx);
763 /* Helper to notify the client about Pinentry events. Because that
764 might disturb some older clients, this is only done when enabled
765 via an option. If it is not enabled we tell Windows to allow
766 setting the foreground window right here. Returns an gpg error
769 gpg_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
771 if (!ctrl || !ctrl->server_local
772 || !ctrl->server_local->allow_pinentry_notify)
774 gnupg_allow_set_foregound_window ((pid_t)strtoul (line+17, NULL, 10));
775 /* Client might be interested in that event - send as status line. */
776 if (!strncmp (line, "PINENTRY_LAUNCHED", 17)
777 && (line[17]==' '||!line[17]))
779 for (line += 17; *line && spacep (line); line++)
781 write_status_text (STATUS_PINENTRY_LAUNCHED, line);
785 return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);