1 /* call-dirmngr.c - Communication with the dirmngr
2 * Copyright (C) 2002, 2003, 2005, 2007, 2008,
3 * 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
49 /* fixme: We need a context for each thread or serialize the access to
51 static assuan_context_t dirmngr_ctx = NULL;
52 static assuan_context_t dirmngr2_ctx = NULL;
54 static int dirmngr_ctx_locked;
55 static int dirmngr2_ctx_locked;
57 struct inq_certificate_parm_s {
61 ksba_cert_t issuer_cert;
64 struct isvalid_status_parm_s {
67 unsigned char fpr[20];
71 struct lookup_parm_s {
74 void (*cb)(void *, ksba_cert_t);
80 struct run_command_parm_s {
86 static gpg_error_t get_cached_cert (assuan_context_t ctx,
87 const unsigned char *fpr,
92 /* A simple implementation of a dynamic buffer. Use init_membuf() to
93 create a buffer, put_membuf to append bytes and get_membuf to
94 release and return the buffer. Allocation errors are detected but
95 only returned at the final get_membuf(), this helps not to clutter
96 the code with out of core checks. */
99 init_membuf (struct membuf *mb, int initiallen)
102 mb->size = initiallen;
104 mb->buf = xtrymalloc (initiallen);
110 put_membuf (struct membuf *mb, const void *buf, size_t len)
115 if (mb->len + len >= mb->size)
119 mb->size += len + 1024;
120 p = xtryrealloc (mb->buf, mb->size);
128 memcpy (mb->buf + mb->len, buf, len);
133 get_membuf (struct membuf *mb, size_t *len)
147 mb->out_of_core = 1; /* don't allow a reuse */
152 /* Print a warning if the server's version number is less than our
153 version number. Returns an error code on a connection problem. */
155 warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
156 const char *servername, int mode)
160 const char *myversion = strusage (13);
162 err = get_assuan_server_version (ctx, mode, &serverversion);
164 log_error (_("error getting version from '%s': %s\n"),
165 servername, gpg_strerror (err));
166 else if (!compare_version_strings (serverversion, myversion))
170 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
171 servername, serverversion, myversion);
173 err = gpg_error_from_syserror ();
176 log_info (_("WARNING: %s\n"), warn);
177 gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
182 xfree (serverversion);
187 /* This function prepares the dirmngr for a new session. The
188 audit-events option is used so that other dirmngr clients won't get
189 disturbed by such events. */
191 prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
193 struct keyserver_spec *server;
196 err = warn_version_mismatch (ctrl, ctx, DIRMNGR_NAME, 0);
200 err = assuan_transact (ctx, "OPTION audit-events=1",
201 NULL, NULL, NULL, NULL, NULL, NULL);
202 if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
203 err = 0; /* Allow the use of old dirmngr versions. */
205 audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
210 server = opt.keyserver;
213 char line[ASSUAN_LINELENGTH];
214 char *user = server->user ? server->user : "";
215 char *pass = server->pass ? server->pass : "";
216 char *base = server->base ? server->base : "";
218 snprintf (line, DIM (line) - 1, "LDAPSERVER %s:%i:%s:%s:%s",
219 server->host, server->port, user, pass, base);
220 line[DIM (line) - 1] = 0;
222 assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
223 /* The code below is not required becuase we don't return an error. */
224 /* err = [above call] */
225 /* if (gpg_err_code (err) == GPG_ERR_ASS_UNKNOWN_CMD) */
226 /* err = 0; /\* Allow the use of old dirmngr versions. *\/ */
228 server = server->next;
234 /* Return a new assuan context for a Dirmngr connection. */
236 start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
239 assuan_context_t ctx;
241 if (opt.disable_dirmngr || ctrl->offline)
242 return gpg_error (GPG_ERR_NO_DIRMNGR);
247 /* Note: if you change this to multiple connections, you also need
248 to take care of the implicit option sending caching. */
250 err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT,
251 opt.homedir, opt.dirmngr_program,
252 opt.autostart, opt.verbose, DBG_IPC,
253 gpgsm_status2, ctrl);
254 if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
261 log_info (_("no dirmngr running in this session\n"));
264 prepare_dirmngr (ctrl, ctx, err);
274 start_dirmngr (ctrl_t ctrl)
278 assert (! dirmngr_ctx_locked);
279 dirmngr_ctx_locked = 1;
281 err = start_dirmngr_ext (ctrl, &dirmngr_ctx);
282 /* We do not check ERR but the existence of a context because the
283 error might come from a failed command send to the dirmngr.
284 Fixme: Why don't we close the drimngr context if we encountered
285 an error in prepare_dirmngr? */
287 dirmngr_ctx_locked = 0;
293 release_dirmngr (ctrl_t ctrl)
297 if (!dirmngr_ctx_locked)
298 log_error ("WARNING: trying to release a non-locked dirmngr ctx\n");
299 dirmngr_ctx_locked = 0;
304 start_dirmngr2 (ctrl_t ctrl)
308 assert (! dirmngr2_ctx_locked);
309 dirmngr2_ctx_locked = 1;
311 err = start_dirmngr_ext (ctrl, &dirmngr2_ctx);
313 dirmngr2_ctx_locked = 0;
319 release_dirmngr2 (ctrl_t ctrl)
323 if (!dirmngr2_ctx_locked)
324 log_error ("WARNING: trying to release a non-locked dirmngr2 ctx\n");
325 dirmngr2_ctx_locked = 0;
330 /* Handle a SENDCERT inquiry. */
332 inq_certificate (void *opaque, const char *line)
334 struct inq_certificate_parm_s *parm = opaque;
338 const unsigned char *der;
341 ksba_sexp_t ski = NULL;
343 if ((s = has_leading_keyword (line, "SENDCERT")))
347 else if ((s = has_leading_keyword (line, "SENDCERT_SKI")))
349 /* Send a certificate where a sourceKeyIdentifier is included. */
351 ski = make_simple_sexp_from_hexstr (line, &n);
356 else if ((s = has_leading_keyword (line, "SENDISSUERCERT")))
361 else if ((s = has_leading_keyword (line, "ISTRUSTED")))
363 /* The server is asking us whether the certificate is a trusted
366 struct rootca_flags_s rootca_flags;
370 for (s=line,n=0; hexdigitp (s); s++, n++)
373 return gpg_error (GPG_ERR_ASS_PARAMETER);
374 for (s=line, n=0; n < 40; s++, n++)
375 fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
378 if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
379 rc = assuan_send_data (parm->ctx, "1", 1);
386 log_error ("unsupported inquiry '%s'\n", line);
387 return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
391 { /* Send the current certificate. */
392 der = ksba_cert_get_image (issuer_mode? parm->issuer_cert : parm->cert,
395 rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
397 rc = assuan_send_data (parm->ctx, der, derlen);
399 else if (issuer_mode)
401 log_error ("sending specific issuer certificate back "
402 "is not yet implemented\n");
403 rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
406 { /* Send the given certificate. */
411 err = gpgsm_find_cert (line, ski, &cert);
414 log_error ("certificate not found: %s\n", gpg_strerror (err));
415 rc = gpg_error (GPG_ERR_NOT_FOUND);
419 der = ksba_cert_get_image (cert, &derlen);
421 rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
423 rc = assuan_send_data (parm->ctx, der, derlen);
424 ksba_cert_release (cert);
433 /* Take a 20 byte hexencoded string and put it into the the provided
434 20 byte buffer FPR in binary format. */
436 unhexify_fpr (const char *hexstr, unsigned char *fpr)
441 for (s=hexstr, n=0; hexdigitp (s); s++, n++)
444 return 0; /* no fingerprint (invalid or wrong length). */
445 for (s=hexstr, n=0; *s; s += 2, n++)
452 isvalid_status_cb (void *opaque, const char *line)
454 struct isvalid_status_parm_s *parm = opaque;
457 if ((s = has_leading_keyword (line, "PROGRESS")))
462 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
463 return gpg_error (GPG_ERR_ASS_CANCELED);
466 else if ((s = has_leading_keyword (line, "ONLY_VALID_IF_CERT_VALID")))
469 if (!*s || !unhexify_fpr (s, parm->fpr))
470 parm->seen++; /* Bumb it to indicate an error. */
478 /* Call the directory manager to check whether the certificate is valid
479 Returns 0 for valid or usually one of the errors:
481 GPG_ERR_CERTIFICATE_REVOKED
487 1 = Do an OCSP check.
488 2 = Do an OCSP check using only the default responder.
491 gpgsm_dirmngr_isvalid (ctrl_t ctrl,
492 ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp)
494 static int did_options;
497 char line[ASSUAN_LINELENGTH];
498 struct inq_certificate_parm_s parm;
499 struct isvalid_status_parm_s stparm;
501 rc = start_dirmngr (ctrl);
507 certid = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
511 certid = gpgsm_get_certid (cert);
514 log_error ("error getting the certificate ID\n");
515 release_dirmngr (ctrl);
516 return gpg_error (GPG_ERR_GENERAL);
522 char *fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1);
523 log_info ("asking dirmngr about %s%s\n", fpr,
524 use_ocsp? " (using OCSP)":"");
528 parm.ctx = dirmngr_ctx;
531 parm.issuer_cert = issuer_cert;
535 memset (stparm.fpr, 0, 20);
537 /* FIXME: If --disable-crl-checks has been set, we should pass an
538 option to dirmngr, so that no fallback CRL check is done after an
539 ocsp check. It is not a problem right now as dirmngr does not
540 fallback to CRL checking. */
542 /* It is sufficient to send the options only once because we have
543 one connection per process only. */
546 if (opt.force_crl_refresh)
547 assuan_transact (dirmngr_ctx, "OPTION force-crl-refresh=1",
548 NULL, NULL, NULL, NULL, NULL, NULL);
551 snprintf (line, DIM(line)-1, "ISVALID%s %s",
552 use_ocsp == 2? " --only-ocsp --force-default-responder":"",
554 line[DIM(line)-1] = 0;
557 rc = assuan_transact (dirmngr_ctx, line, NULL, NULL,
558 inq_certificate, &parm,
559 isvalid_status_cb, &stparm);
561 log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
564 if (!rc && stparm.seen)
566 /* Need to also check the certificate validity. */
567 if (stparm.seen != 1)
569 log_error ("communication problem with dirmngr detected\n");
570 rc = gpg_error (GPG_ERR_INV_CRL);
574 ksba_cert_t rspcert = NULL;
576 if (get_cached_cert (dirmngr_ctx, stparm.fpr, &rspcert))
578 /* Ooops: Something went wrong getting the certificate
579 from the dirmngr. Try our own cert store now. */
584 rc = gpg_error (GPG_ERR_ENOMEM);
586 rc = keydb_search_fpr (kh, stparm.fpr);
588 rc = keydb_get_cert (kh, &rspcert);
591 log_error ("unable to find the certificate used "
592 "by the dirmngr: %s\n", gpg_strerror (rc));
593 rc = gpg_error (GPG_ERR_INV_CRL);
600 rc = gpgsm_cert_use_ocsp_p (rspcert);
602 rc = gpg_error (GPG_ERR_INV_CRL);
605 /* Note the no_dirmngr flag: This avoids checking
606 this certificate over and over again. */
607 rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL,
608 VALIDATE_FLAG_NO_DIRMNGR, NULL);
611 log_error ("invalid certificate used for CRL/OCSP: %s\n",
613 rc = gpg_error (GPG_ERR_INV_CRL);
617 ksba_cert_release (rspcert);
620 release_dirmngr (ctrl);
628 lookup_cb (void *opaque, const void *buffer, size_t length)
630 struct lookup_parm_s *parm = opaque;
641 put_membuf (&parm->data, buffer, length);
644 /* END encountered - process what we have */
645 buf = get_membuf (&parm->data, &len);
648 parm->error = gpg_error (GPG_ERR_ENOMEM);
652 rc = ksba_cert_new (&cert);
658 rc = ksba_cert_init_from_mem (cert, buf, len);
661 log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
665 parm->cb (parm->cb_value, cert);
668 ksba_cert_release (cert);
669 init_membuf (&parm->data, 4096);
673 /* Return a properly escaped pattern from NAMES. The only error
674 return is NULL to indicate a malloc failure. */
676 pattern_from_strlist (strlist_t names)
683 for (n=0, sl=names; sl; sl = sl->next)
685 for (s=sl->d; *s; s++, n++)
687 if (*s == '%' || *s == ' ' || *s == '+')
693 p = pattern = xtrymalloc (n+1);
697 for (sl=names; sl; sl = sl->next)
699 for (s=sl->d; *s; s++)
726 *pattern = 0; /* is empty */
728 p[-1] = '\0'; /* remove trailing blank */
734 lookup_status_cb (void *opaque, const char *line)
736 struct lookup_parm_s *parm = opaque;
739 if ((s = has_leading_keyword (line, "PROGRESS")))
744 if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
745 return gpg_error (GPG_ERR_ASS_CANCELED);
748 else if ((s = has_leading_keyword (line, "TRUNCATED")))
753 gpgsm_status (parm->ctrl, STATUS_TRUNCATED, line);
760 /* Run the Directory Manager's lookup command using the pattern
761 compiled from the strings given in NAMES. The caller must provide
762 the callback CB which will be passed cert by cert. Note that CTRL
763 is optional. With CACHE_ONLY the dirmngr will search only its own
766 gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
767 void (*cb)(void*, ksba_cert_t), void *cb_value)
771 char line[ASSUAN_LINELENGTH];
772 struct lookup_parm_s parm;
774 assuan_context_t ctx;
776 /* The lookup function can be invoked from the callback of a lookup
777 function, for example to walk the chain. */
778 if (!dirmngr_ctx_locked)
780 rc = start_dirmngr (ctrl);
785 else if (!dirmngr2_ctx_locked)
787 rc = start_dirmngr2 (ctrl);
794 log_fatal ("both dirmngr contexts are in use\n");
797 pattern = pattern_from_strlist (names);
800 if (ctx == dirmngr_ctx)
801 release_dirmngr (ctrl);
803 release_dirmngr2 (ctrl);
805 return out_of_core ();
807 snprintf (line, DIM(line)-1, "LOOKUP%s %s",
808 cache_only? " --cache-only":"", pattern);
809 line[DIM(line)-1] = 0;
815 parm.cb_value = cb_value;
817 init_membuf (&parm.data, 4096);
819 rc = assuan_transact (ctx, line, lookup_cb, &parm,
820 NULL, NULL, lookup_status_cb, &parm);
821 xfree (get_membuf (&parm.data, &len));
823 if (ctx == dirmngr_ctx)
824 release_dirmngr (ctrl);
826 release_dirmngr2 (ctrl);
836 get_cached_cert_data_cb (void *opaque, const void *buffer, size_t length)
838 struct membuf *mb = opaque;
841 put_membuf (mb, buffer, length);
845 /* Return a certificate from the Directory Manager's cache. This
846 function only returns one certificate which must be specified using
847 the fingerprint FPR and will be stored at R_CERT. On error NULL is
848 stored at R_CERT and an error code returned. Note that the caller
849 must provide the locked dirmngr context CTX. */
851 get_cached_cert (assuan_context_t ctx,
852 const unsigned char *fpr, ksba_cert_t *r_cert)
855 char line[ASSUAN_LINELENGTH];
864 bin2hex (fpr, 20, hexfpr);
865 snprintf (line, DIM(line)-1, "LOOKUP --single --cache-only 0x%s", hexfpr);
867 init_membuf (&mb, 4096);
868 err = assuan_transact (ctx, line, get_cached_cert_data_cb, &mb,
869 NULL, NULL, NULL, NULL);
870 buf = get_membuf (&mb, &buflen);
877 return gpg_error (GPG_ERR_ENOMEM);
879 err = ksba_cert_new (&cert);
885 err = ksba_cert_init_from_mem (cert, buf, buflen);
889 log_error ("failed to parse a certificate: %s\n", gpg_strerror (err));
890 ksba_cert_release (cert);
900 /* Run Command helpers*/
902 /* Fairly simple callback to write all output of dirmngr to stdout. */
904 run_command_cb (void *opaque, const void *buffer, size_t length)
910 if ( fwrite (buffer, length, 1, stdout) != 1 )
911 log_error ("error writing to stdout: %s\n", strerror (errno));
916 /* Handle inquiries from the dirmngr COMMAND. */
918 run_command_inq_cb (void *opaque, const char *line)
920 struct run_command_parm_s *parm = opaque;
924 if ((s = has_leading_keyword (line, "SENDCERT")))
925 { /* send the given certificate */
928 const unsigned char *der;
933 return gpg_error (GPG_ERR_ASS_PARAMETER);
935 err = gpgsm_find_cert (line, NULL, &cert);
938 log_error ("certificate not found: %s\n", gpg_strerror (err));
939 rc = gpg_error (GPG_ERR_NOT_FOUND);
943 der = ksba_cert_get_image (cert, &derlen);
945 rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
947 rc = assuan_send_data (parm->ctx, der, derlen);
948 ksba_cert_release (cert);
951 else if ((s = has_leading_keyword (line, "PRINTINFO")))
952 { /* Simply show the message given in the argument. */
954 log_info ("dirmngr: %s\n", line);
958 log_error ("unsupported inquiry '%s'\n", line);
959 rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
966 run_command_status_cb (void *opaque, const char *line)
968 ctrl_t ctrl = opaque;
973 log_info ("dirmngr status: %s\n", line);
975 if ((s = has_leading_keyword (line, "PROGRESS")))
980 if (gpgsm_status (ctrl, STATUS_PROGRESS, line))
981 return gpg_error (GPG_ERR_ASS_CANCELED);
989 /* Pass COMMAND to dirmngr and print all output generated by Dirmngr
990 to stdout. A couple of inquiries are defined (see above). ARGC
991 arguments in ARGV are given to the Dirmngr. Spaces, plus and
992 percent characters within the argument strings are percent escaped
993 so that blanks can act as delimiters. */
995 gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
996 int argc, char **argv)
1003 struct run_command_parm_s parm;
1005 rc = start_dirmngr (ctrl);
1009 parm.ctx = dirmngr_ctx;
1011 len = strlen (command) + 1;
1012 for (i=0; i < argc; i++)
1013 len += 1 + 3*strlen (argv[i]); /* enough space for percent escaping */
1014 line = xtrymalloc (len);
1017 release_dirmngr (ctrl);
1018 return out_of_core ();
1021 p = stpcpy (line, command);
1022 for (i=0; i < argc; i++)
1025 for (s=argv[i]; *s; s++)
1031 else if (!isprint (*s) || *s == '+')
1033 sprintf (p, "%%%02X", *(const unsigned char *)s);
1042 rc = assuan_transact (dirmngr_ctx, line,
1043 run_command_cb, NULL,
1044 run_command_inq_cb, &parm,
1045 run_command_status_cb, ctrl);
1047 log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
1048 release_dirmngr (ctrl);