diff --git a/configure.ac b/configure.ac
index 913aeb4e4..d03ea3bfe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,2230 +1,2230 @@
# configure.ac - for GnuPG 2.1
# Copyright (C) 1998-2019 Werner Koch
# Copyright (C) 1998-2021 Free Software Foundation, Inc.
# Copyright (C) 2003-2021 g10 Code GmbH
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see .
# Process this file with autoconf to produce a configure script.
AC_PREREQ([2.61])
min_automake_version="1.16.3"
# To build a release you need to create a tag with the version number
# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2])
m4_define([mym4_minor], [3])
m4_define([mym4_micro], [2])
# To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release
# with an annotated tag. For example the 2.1 branch starts off with
# the tag "gnupg-2.1-base". This is used as the base for counting
# beta numbers before the first release of a series.
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
# flag indicating a development version (mym4_isbeta). Note that the
# m4 processing is done by autoconf and not during the configure run.
m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \
mym4_package mym4_major mym4_minor mym4_micro),[:]))
m4_define([mym4_isbeta], m4_argn(2, mym4_verslist))
m4_define([mym4_version], m4_argn(4, mym4_verslist))
m4_define([mym4_revision], m4_argn(7, mym4_verslist))
m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
m4_esyscmd([echo ]mym4_version[>VERSION])
AC_INIT([mym4_package],[mym4_version],[https://bugs.gnupg.org])
# When changing the SWDB tag please also adjust the hard coded tags in
# build-aux/speedo.mk, build-aux/getswdb.sh, and Makefile.am
AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg24", [swdb tag for this branch])
NEED_GPGRT_VERSION=1.41
NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.9.1
NEED_LIBASSUAN_API=2
NEED_LIBASSUAN_VERSION=2.5.0
NEED_KSBA_API=1
NEED_KSBA_VERSION=1.3.4
NEED_NTBTLS_API=1
NEED_NTBTLS_VERSION=0.1.0
NEED_NPTH_API=1
NEED_NPTH_VERSION=1.2
NEED_GNUTLS_VERSION=3.0
NEED_SQLITE_VERSION=3.27
development_version=mym4_isbeta
PACKAGE=$PACKAGE_NAME
PACKAGE_GT=${PACKAGE_NAME}2
VERSION=$PACKAGE_VERSION
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_SRCDIR([sm/gpgsm.c])
AC_CONFIG_HEADER([config.h])
AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip])
AC_CANONICAL_HOST
AB_INIT
AC_USE_SYSTEM_EXTENSIONS
# Some status variables.
have_gpg_error=no
have_libgcrypt=no
have_libassuan=no
have_ksba=no
have_ntbtls=no
have_gnutls=no
have_sqlite=no
have_npth=no
have_libusb=no
have_libtss=no
have_system_resolver=no
gnupg_have_ldap="n/a"
use_zip=yes
use_bzip2=yes
use_exec=yes
use_trust_models=yes
use_tofu=yes
use_libdns=yes
card_support=yes
use_ccid_driver=auto
dirmngr_auto_start=yes
use_tls_library=no
large_secmem=no
show_tor_support=no
# gpg is a required part and can't be disabled anymore.
build_gpg=yes
GNUPG_BUILD_PROGRAM(gpgsm, yes)
# The agent is a required part and can't be disabled anymore.
build_agent=yes
GNUPG_BUILD_PROGRAM(scdaemon, yes)
GNUPG_BUILD_PROGRAM(g13, no)
GNUPG_BUILD_PROGRAM(dirmngr, yes)
GNUPG_BUILD_PROGRAM(keyboxd, yes)
GNUPG_BUILD_PROGRAM(tpm2d, yes)
GNUPG_BUILD_PROGRAM(doc, yes)
# We use gpgtar to unpack test data, hence we always build it. If the
# user opts out, we simply don't install it.
GNUPG_BUILD_PROGRAM(gpgtar, yes)
# We also install the gpg-wks-server tool by default but disable it
# later for platforms where it can't be build.
GNUPG_BUILD_PROGRAM(wks-tools, yes)
AC_SUBST(PACKAGE)
AC_SUBST(PACKAGE_GT)
AC_SUBST(VERSION)
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package])
AC_DEFINE_UNQUOTED(PACKAGE_GT, "$PACKAGE_GT",
[Name of this package for gettext])
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package])
AC_DEFINE_UNQUOTED(PACKAGE_BUGREPORT, "$PACKAGE_BUGREPORT",
[Bug report address])
AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION",
[Required version of Libgcrypt])
AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
[Required version of Libksba])
AC_DEFINE_UNQUOTED(NEED_NTBTLS_VERSION, "$NEED_NTBTLS_VERSION",
[Required version of NTBTLS])
# The default is to use the modules from this package and the few
# other packages in a standard place; i.e where this package gets
# installed. With these options it is possible to override these
# ${prefix} depended values with fixed paths, which can't be replaced
# at make time. See also am/cmacros.am and the defaults in AH_BOTTOM.
AC_ARG_WITH(agent-pgm,
[ --with-agent-pgm=PATH Use PATH as the default for the agent)],
GNUPG_AGENT_PGM="$withval", GNUPG_AGENT_PGM="" )
AC_SUBST(GNUPG_AGENT_PGM)
AM_CONDITIONAL(GNUPG_AGENT_PGM, test -n "$GNUPG_AGENT_PGM")
show_gnupg_agent_pgm="(default)"
test -n "$GNUPG_AGENT_PGM" && show_gnupg_agent_pgm="$GNUPG_AGENT_PGM"
AC_ARG_WITH(pinentry-pgm,
[ --with-pinentry-pgm=PATH Use PATH as the default for the pinentry)],
GNUPG_PINENTRY_PGM="$withval", GNUPG_PINENTRY_PGM="" )
AC_SUBST(GNUPG_PINENTRY_PGM)
AM_CONDITIONAL(GNUPG_PINENTRY_PGM, test -n "$GNUPG_PINENTRY_PGM")
show_gnupg_pinentry_pgm="(default)"
test -n "$GNUPG_PINENTRY_PGM" && show_gnupg_pinentry_pgm="$GNUPG_PINENTRY_PGM"
AC_ARG_WITH(scdaemon-pgm,
[ --with-scdaemon-pgm=PATH Use PATH as the default for the scdaemon)],
GNUPG_SCDAEMON_PGM="$withval", GNUPG_SCDAEMON_PGM="" )
AC_SUBST(GNUPG_SCDAEMON_PGM)
AM_CONDITIONAL(GNUPG_SCDAEMON_PGM, test -n "$GNUPG_SCDAEMON_PGM")
show_gnupg_scdaemon_pgm="(default)"
test -n "$GNUPG_SCDAEMON_PGM" && show_gnupg_scdaemon_pgm="$GNUPG_SCDAEMON_PGM"
AC_ARG_WITH(tpm2daemon-pgm,
[ --with-tpm2daemon-pgm=PATH Use PATH as the default for the tpm2daemon)],
GNUPG_TPM2DAEMON_PGM="$withval", GNUPG_TPM2DAEMON_PGM="" )
AC_SUBST(GNUPG_TPM2DAEMON_PGM)
AM_CONDITIONAL(GNUPG_TPM2DAEMON_PGM, test -n "$GNUPG_TPM2DAEMON_PGM")
show_gnupg_tpm2daemon_pgm="(default)"
test -n "$GNUPG_TPM2DAEMON_PGM" && show_gnupg_tpm2daemon_pgm="$GNUPG_TPM2DAEMON_PGM"
AC_ARG_WITH(dirmngr-pgm,
[ --with-dirmngr-pgm=PATH Use PATH as the default for the dirmngr)],
GNUPG_DIRMNGR_PGM="$withval", GNUPG_DIRMNGR_PGM="" )
AC_SUBST(GNUPG_DIRMNGR_PGM)
AM_CONDITIONAL(GNUPG_DIRMNGR_PGM, test -n "$GNUPG_DIRMNGR_PGM")
show_gnupg_dirmngr_pgm="(default)"
test -n "$GNUPG_DIRMNGR_PGM" && show_gnupg_dirmngr_pgm="$GNUPG_DIRMNGR_PGM"
AC_ARG_WITH(keyboxd-pgm,
[ --with-keyboxd-pgm=PATH Use PATH as the default for the keyboxd)],
GNUPG_KEYBOXD_PGM="$withval", GNUPG_KEYBOXD_PGM="" )
AC_SUBST(GNUPG_KEYBOXD_PGM)
AM_CONDITIONAL(GNUPG_KEYBOXD_PGM, test -n "$GNUPG_KEYBOXD_PGM")
show_gnupg_keyboxd_pgm="(default)"
test -n "$GNUPG_KEYBOXD_PGM" && show_gnupg_keyboxd_pgm="$GNUPG_KEYBOXD_PGM"
AC_ARG_WITH(protect-tool-pgm,
[ --with-protect-tool-pgm=PATH Use PATH as the default for the protect-tool)],
GNUPG_PROTECT_TOOL_PGM="$withval", GNUPG_PROTECT_TOOL_PGM="" )
AC_SUBST(GNUPG_PROTECT_TOOL_PGM)
AM_CONDITIONAL(GNUPG_PROTECT_TOOL_PGM, test -n "$GNUPG_PROTECT_TOOL_PGM")
show_gnupg_protect_tool_pgm="(default)"
test -n "$GNUPG_PROTECT_TOOL_PGM" \
&& show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
AC_ARG_WITH(dirmngr-ldap-pgm,
[ --with-dirmngr-ldap-pgm=PATH Use PATH as the default for the dirmngr ldap wrapper)],
GNUPG_DIRMNGR_LDAP_PGM="$withval", GNUPG_DIRMNGR_LDAP_PGM="" )
AC_SUBST(GNUPG_DIRMNGR_LDAP_PGM)
AM_CONDITIONAL(GNUPG_DIRMNGR_LDAP_PGM, test -n "$GNUPG_DIRMNGR_LDAP_PGM")
show_gnupg_dirmngr_ldap_pgm="(default)"
test -n "$GNUPG_DIRMNGR_LDAP_PGM" \
&& show_gnupg_dirmngr_ldap_pgm="$GNUPG_DIRMNGR_LDAP_PGM"
#
# For a long time gpg 2.x was installed as gpg2. This changed with
# 2.2. This option can be used to install gpg under the name gpg2.
#
AC_ARG_ENABLE(gpg-is-gpg2,
AS_HELP_STRING([--enable-gpg-is-gpg2],[Set installed name of gpg to gpg2]),
gpg_is_gpg2=$enableval)
if test "$gpg_is_gpg2" = "yes"; then
AC_DEFINE(USE_GPG2_HACK, 1, [Define to install gpg as gpg2])
fi
AM_CONDITIONAL(USE_GPG2_HACK, test "$gpg_is_gpg2" = "yes")
# SELinux support includes tracking of sensitive files to avoid
# leaking their contents through processing these files by gpg itself
AC_MSG_CHECKING([whether SELinux support is requested])
AC_ARG_ENABLE(selinux-support,
AS_HELP_STRING([--enable-selinux-support],
[enable SELinux support]),
selinux_support=$enableval, selinux_support=no)
AC_MSG_RESULT($selinux_support)
AC_MSG_CHECKING([whether to allocate extra secure memory])
AC_ARG_ENABLE(large-secmem,
AS_HELP_STRING([--enable-large-secmem],
[allocate extra secure memory]),
large_secmem=$enableval, large_secmem=no)
AC_MSG_RESULT($large_secmem)
if test "$large_secmem" = yes ; then
SECMEM_BUFFER_SIZE=65536
else
SECMEM_BUFFER_SIZE=32768
fi
AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
[Size of secure memory buffer])
AC_MSG_CHECKING([calibrated passphrase-stretching (s2k) duration])
AC_ARG_WITH(agent-s2k-calibration,
AS_HELP_STRING([--with-agent-s2k-calibration=MSEC],
[calibrate passphrase stretching (s2k) to MSEC milliseconds]),
agent_s2k_calibration=$withval, agent_s2k_calibration=100)
AC_MSG_RESULT($agent_s2k_calibration milliseconds)
AC_DEFINE_UNQUOTED(AGENT_S2K_CALIBRATION, $agent_s2k_calibration,
[Agent s2k calibration time (ms)])
AC_MSG_CHECKING([whether to enable trust models])
AC_ARG_ENABLE(trust-models,
AS_HELP_STRING([--disable-trust-models],
[disable all trust models except "always"]),
use_trust_models=$enableval)
AC_MSG_RESULT($use_trust_models)
if test "$use_trust_models" = no ; then
AC_DEFINE(NO_TRUST_MODELS, 1,
[Define to include only trust-model always])
fi
AC_MSG_CHECKING([whether to enable TOFU])
AC_ARG_ENABLE(tofu,
AS_HELP_STRING([--disable-tofu],
[disable the TOFU trust model]),
use_tofu=$enableval, use_tofu=$use_trust_models)
AC_MSG_RESULT($use_tofu)
if test "$use_trust_models" = no && test "$use_tofu" = yes; then
AC_MSG_ERROR([both --disable-trust-models and --enable-tofu given])
fi
AC_MSG_CHECKING([whether to enable libdns])
AC_ARG_ENABLE(libdns,
AS_HELP_STRING([--disable-libdns],
[do not build with libdns support]),
use_libdns=$enableval, use_libdns=yes)
AC_MSG_RESULT($use_libdns)
if test x"$use_libdns" = xyes ; then
AC_DEFINE(USE_LIBDNS, 1, [Build with integrated libdns support])
fi
AM_CONDITIONAL(USE_LIBDNS, test "$use_libdns" = yes)
#
# Options to disable algorithm
#
GNUPG_GPG_DISABLE_ALGO([rsa],[RSA public key])
# Elgamal is a MUST algorithm
# DSA is a MUST algorithm
GNUPG_GPG_DISABLE_ALGO([ecdh],[ECDH public key])
GNUPG_GPG_DISABLE_ALGO([ecdsa],[ECDSA public key])
GNUPG_GPG_DISABLE_ALGO([eddsa],[EdDSA public key])
GNUPG_GPG_DISABLE_ALGO([idea],[IDEA cipher])
# 3DES is a MUST algorithm
GNUPG_GPG_DISABLE_ALGO([cast5],[CAST5 cipher])
GNUPG_GPG_DISABLE_ALGO([blowfish],[BLOWFISH cipher])
GNUPG_GPG_DISABLE_ALGO([aes128],[AES128 cipher])
GNUPG_GPG_DISABLE_ALGO([aes192],[AES192 cipher])
GNUPG_GPG_DISABLE_ALGO([aes256],[AES256 cipher])
GNUPG_GPG_DISABLE_ALGO([twofish],[TWOFISH cipher])
GNUPG_GPG_DISABLE_ALGO([camellia128],[CAMELLIA128 cipher])
GNUPG_GPG_DISABLE_ALGO([camellia192],[CAMELLIA192 cipher])
GNUPG_GPG_DISABLE_ALGO([camellia256],[CAMELLIA256 cipher])
GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash])
# SHA1 is a MUST algorithm
GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash])
GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash])
# SHA256 is a MUST algorithm for GnuPG.
GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash])
GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash])
# Allow disabling of zip support.
# This is in general not a good idea because according to rfc4880 OpenPGP
# implementations SHOULD support ZLIB.
AC_MSG_CHECKING([whether to enable the ZIP and ZLIB compression algorithm])
AC_ARG_ENABLE(zip,
AS_HELP_STRING([--disable-zip],
[disable the ZIP and ZLIB compression algorithm]),
use_zip=$enableval)
AC_MSG_RESULT($use_zip)
# Allow disabling of bzib2 support.
# It is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
AC_ARG_ENABLE(bzip2,
AS_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
use_bzip2=$enableval)
AC_MSG_RESULT($use_bzip2)
# Configure option to allow or disallow execution of external
# programs, like a photo viewer.
AC_MSG_CHECKING([whether to enable external program execution])
AC_ARG_ENABLE(exec,
AS_HELP_STRING([--disable-exec],[disable all external program execution]),
use_exec=$enableval)
AC_MSG_RESULT($use_exec)
if test "$use_exec" = no ; then
AC_DEFINE(NO_EXEC,1,[Define to disable all external program execution])
fi
if test "$use_exec" = yes ; then
AC_MSG_CHECKING([whether to enable photo ID viewing])
AC_ARG_ENABLE(photo-viewers,
[ --disable-photo-viewers disable photo ID viewers],
[if test "$enableval" = no ; then
AC_DEFINE(DISABLE_PHOTO_VIEWER,1,[define to disable photo viewing])
fi],enableval=yes)
gnupg_cv_enable_photo_viewers=$enableval
AC_MSG_RESULT($enableval)
if test "$gnupg_cv_enable_photo_viewers" = yes ; then
AC_MSG_CHECKING([whether to use a fixed photo ID viewer])
AC_ARG_WITH(photo-viewer,
[ --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer],
[if test "$withval" = yes ; then
withval=no
elif test "$withval" != no ; then
AC_DEFINE_UNQUOTED(FIXED_PHOTO_VIEWER,"$withval",
[if set, restrict photo-viewer to this])
fi],withval=no)
AC_MSG_RESULT($withval)
fi
fi
#
# Check for the key/uid cache size. This can't be zero, but can be
# pretty small on embedded systems. This is used for the gpg part.
#
AC_MSG_CHECKING([for the size of the key and uid cache])
AC_ARG_ENABLE(key-cache,
AS_HELP_STRING([--enable-key-cache=SIZE],
[Set key cache to SIZE (default 4096)]),,enableval=4096)
if test "$enableval" = "no"; then
enableval=5
elif test "$enableval" = "yes" || test "$enableval" = ""; then
enableval=4096
fi
changequote(,)dnl
key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
changequote([,])dnl
if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
AC_MSG_ERROR([invalid key-cache size])
fi
AC_MSG_RESULT($key_cache_size)
AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,
[Size of the key and UID caches])
#
# Check whether we want to use Linux capabilities
#
AC_MSG_CHECKING([whether use of capabilities is requested])
AC_ARG_WITH(capabilities,
[ --with-capabilities use linux capabilities [default=no]],
[use_capabilities="$withval"],[use_capabilities=no])
AC_MSG_RESULT($use_capabilities)
#
# Check whether to disable the card support
AC_MSG_CHECKING([whether smartcard support is requested])
AC_ARG_ENABLE(card-support,
AS_HELP_STRING([--disable-card-support],
[disable smartcard support]),
card_support=$enableval)
AC_MSG_RESULT($card_support)
if test "$card_support" = yes ; then
AC_DEFINE(ENABLE_CARD_SUPPORT,1,[Define to include smartcard support])
else
build_scdaemon=no
fi
#
# Allow disabling of internal CCID support.
# It is defined only after we confirm the library is available later
#
AC_MSG_CHECKING([whether to enable the internal CCID driver])
AC_ARG_ENABLE(ccid-driver,
AS_HELP_STRING([--disable-ccid-driver],
[disable the internal CCID driver]),
use_ccid_driver=$enableval)
AC_MSG_RESULT($use_ccid_driver)
AC_MSG_CHECKING([whether to auto start dirmngr])
AC_ARG_ENABLE(dirmngr-auto-start,
AS_HELP_STRING([--disable-dirmngr-auto-start],
[disable auto starting of the dirmngr]),
dirmngr_auto_start=$enableval)
AC_MSG_RESULT($dirmngr_auto_start)
if test "$dirmngr_auto_start" = yes ; then
AC_DEFINE(USE_DIRMNGR_AUTO_START,1,
[Define to enable auto starting of the dirmngr])
fi
#
# To avoid double inclusion of config.h which might happen at some
# places, we add the usual double inclusion protection at the top of
# config.h.
#
AH_TOP([
#ifndef GNUPG_CONFIG_H_INCLUDED
#define GNUPG_CONFIG_H_INCLUDED
])
#
# Stuff which goes at the bottom of config.h.
#
AH_BOTTOM([
/* This is the major version number of GnuPG so that
source included files can test for this. Note, that
we use 2 here even for GnuPG 1.9.x. */
#define GNUPG_MAJOR_VERSION 2
/* Now to separate file name parts.
Please note that the string version must not contain more
than one character because the code assumes strlen()==1 */
#ifdef HAVE_DOSISH_SYSTEM
#define DIRSEP_C '\\'
#define DIRSEP_S "\\"
#define EXTSEP_C '.'
#define EXTSEP_S "."
#define PATHSEP_C ';'
#define PATHSEP_S ";"
#define EXEEXT_S ".exe"
#else
#define DIRSEP_C '/'
#define DIRSEP_S "/"
#define EXTSEP_C '.'
#define EXTSEP_S "."
#define PATHSEP_C ':'
#define PATHSEP_S ":"
#define EXEEXT_S ""
#endif
/* Some global constants.
* Note that the homedir must not end in a slash. */
#ifdef HAVE_DOSISH_SYSTEM
# ifdef HAVE_DRIVE_LETTERS
# define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
# else
# define GNUPG_DEFAULT_HOMEDIR "/gnupg"
# endif
#elif defined(__VMS)
#define GNUPG_DEFAULT_HOMEDIR "/SYS$LOGIN/gnupg"
#else
#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
#endif
#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
#define GNUPG_PUBLIC_KEYS_DIR "public-keys.d"
#define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
#define GNUPG_CACHE_DIR "cache.d"
/* GnuPG has always been a part of the GNU project and thus we have
* shown the FSF as holder of the copyright. We continue to do so for
* the reason that without the FSF the free software used all over the
* world would not have come into existence. However, under Windows
* we print a different copyright string with --version because the
* copyright assignments of g10 Code and Werner Koch were terminated
* many years ago, g10 Code is still the major contributor to the
* code, and Windows is not an FSF endorsed platform. Note that the
* actual list of copyright holders can be found in the AUTHORS file. */
#ifdef HAVE_W32_SYSTEM
#define GNUPG_DEF_COPYRIGHT_LINE "Copyright (C) 2021 g10 Code GmbH"
#else
#define GNUPG_DEF_COPYRIGHT_LINE \
"Copyright (C) 2021 Free Software Foundation, Inc."
#endif
/* For some systems (DOS currently), we hardcode the path here. For
POSIX systems the values are constructed by the Makefiles, so that
the values may be overridden by the make invocations; this is to
comply with the GNU coding standards. Note that these values are
only defaults. */
#ifdef HAVE_DOSISH_SYSTEM
# ifdef HAVE_DRIVE_LETTERS
# define GNUPG_BINDIR "c:\\gnupg"
# define GNUPG_LIBEXECDIR "c:\\gnupg"
# define GNUPG_LIBDIR "c:\\gnupg"
# define GNUPG_DATADIR "c:\\gnupg"
# define GNUPG_SYSCONFDIR "c:\\gnupg"
# else
# define GNUPG_BINDIR "\\gnupg"
# define GNUPG_LIBEXECDIR "\\gnupg"
# define GNUPG_LIBDIR "\\gnupg"
# define GNUPG_DATADIR "\\gnupg"
# define GNUPG_SYSCONFDIR "\\gnupg"
# endif
#endif
/* Derive some other constants. */
#if !(defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID))
#define EXEC_TEMPFILE_ONLY
#endif
/* We didn't define endianness above, so get it from OS macros. This
is intended for making fat binary builds on OS X. */
#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
#if defined(__BIG_ENDIAN__)
#define BIG_ENDIAN_HOST 1
#elif defined(__LITTLE_ENDIAN__)
#define LITTLE_ENDIAN_HOST 1
#else
#error "No endianness found"
#endif
#endif
/* Hack used for W32: ldap.m4 also tests for the ASCII version of
ldap_start_tls_s because that is the actual symbol used in the
library. winldap.h redefines it to our commonly used value,
thus we define our usual macro here. */
#ifdef HAVE_LDAP_START_TLS_SA
# ifndef HAVE_LDAP_START_TLS_S
# define HAVE_LDAP_START_TLS_S 1
# endif
#endif
/* Enable the es_ macros from gpgrt. */
#define GPGRT_ENABLE_ES_MACROS 1
/* Enable the log_ macros from gpgrt. */
#define GPGRT_ENABLE_LOG_MACROS 1
/* We want the argparse macros from gpgrt. */
#define GPGRT_ENABLE_ARGPARSE_MACROS 1
/* Tell libgcrypt not to use its own libgpg-error implementation. */
#define USE_LIBGPG_ERROR 1
/* Tell Libgcrypt not to include deprecated definitions. */
#define GCRYPT_NO_DEPRECATED 1
/* Our HTTP code is used in estream mode. */
#define HTTP_USE_ESTREAM 1
/* Under W32 we do an explicit socket initialization, thus we need to
avoid the on-demand initialization which would also install an atexit
handler. */
#define HTTP_NO_WSASTARTUP
/* Under Windows we use the gettext code from libgpg-error. */
#define GPG_ERR_ENABLE_GETTEXT_MACROS
/* Under WindowsCE we use the strerror replacement from libgpg-error. */
#define GPG_ERR_ENABLE_ERRNO_MACROS
#endif /*GNUPG_CONFIG_H_INCLUDED*/
])
AM_MAINTAINER_MODE
AC_ARG_VAR(SYSROOT,[locate config scripts also below that directory])
# Checks for programs.
AC_MSG_NOTICE([checking for programs])
AC_PROG_MAKE_SET
AM_SANITY_CHECK
missing_dir=`cd $ac_aux_dir && pwd`
AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
AM_SILENT_RULES
AC_PROG_AWK
AC_PROG_CC
AC_PROG_CPP
AM_PROG_CC_C_O
if test "x$ac_cv_prog_cc_c89" = "xno" ; then
AC_MSG_ERROR([[No C-89 compiler found]])
fi
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_RANLIB
AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl")
AC_CHECK_TOOL(WINDRES, windres, :)
AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" )
AC_ARG_VAR(YAT2M, [tool to convert texi to man pages])
AM_CONDITIONAL(HAVE_YAT2M, test -n "$ac_cv_path_YAT2M")
AC_SEARCH_LIBS([strerror],[cposix])
AC_SYS_LARGEFILE
# GNU AWK requires -n option to interpret "0xHH" as a number
if $AWK 'BEGIN { if (PROCINFO@<:@"version"@:>@) exit 1 }'; then
AWK_HEX_NUMBER_OPTION=''
AC_MSG_NOTICE([awk with no option for hexadecimal])
else
AWK_HEX_NUMBER_OPTION='-n'
AC_MSG_NOTICE([awk with an option -n for hexadecimal])
fi
AC_SUBST(AWK_HEX_NUMBER_OPTION)
# We need to compile and run a program on the build machine. A
# comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
# the AC archive is broken for autoconf 2.57. Given that there is no
# newer version of that macro, we assume that it is also broken for
# autoconf 2.61 and thus we use a simple but usually sufficient
# approach.
AC_MSG_CHECKING(for cc for build)
if test "$cross_compiling" = "yes"; then
CC_FOR_BUILD="${CC_FOR_BUILD-cc}"
else
CC_FOR_BUILD="${CC_FOR_BUILD-$CC}"
fi
AC_MSG_RESULT($CC_FOR_BUILD)
AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
# We need to call this macro because other pkg-config macros are
# not always used.
PKG_PROG_PKG_CONFIG
try_gettext=yes
require_iconv=yes
have_dosish_system=no
have_w32_system=no
have_w32ce_system=no
have_android_system=no
use_simple_gettext=no
mmap_needed=yes
require_pipe_to_unblock_pselect=yes
case "${host}" in
*-mingw32*)
# special stuff for Windoze NT
ac_cv_have_dev_random=no
AC_DEFINE(USE_ONLY_8DOT3,1,
[Set this to limit filenames to the 8.3 format])
AC_DEFINE(USE_SIMPLE_GETTEXT,1,
[Because the Unix gettext has too much overhead on
MingW32 systems and these systems lack Posix functions,
we use a simplified version of gettext])
have_dosish_system=yes
have_w32_system=yes
require_iconv=no
require_pipe_to_unblock_pselect=no
case "${host}" in
*-mingw32ce*)
have_w32ce_system=yes
;;
*)
AC_DEFINE(HAVE_DRIVE_LETTERS,1,
[Defined if the OS supports drive letters.])
;;
esac
try_gettext="no"
use_simple_gettext=yes
mmap_needed=no
build_wks_tools=no
;;
i?86-emx-os2 | i?86-*-os2*emx )
# OS/2 with the EMX environment
ac_cv_have_dev_random=no
AC_DEFINE(HAVE_DRIVE_LETTERS)
have_dosish_system=yes
try_gettext="no"
build_wks_tools=no
;;
i?86-*-msdosdjgpp*)
# DOS with the DJGPP environment
ac_cv_have_dev_random=no
AC_DEFINE(HAVE_DRIVE_LETTERS)
have_dosish_system=yes
try_gettext="no"
build_wks_tools=no
;;
*-*-hpux*)
if test -z "$GCC" ; then
CFLAGS="-Ae -D_HPUX_SOURCE $CFLAGS"
fi
;;
*-dec-osf4*)
if test -z "$GCC" ; then
# Suppress all warnings
# to get rid of the unsigned/signed char mismatch warnings.
CFLAGS="-w $CFLAGS"
fi
;;
*-dec-osf5*)
if test -z "$GCC" ; then
# Use the newer compiler `-msg_disable ptrmismatch1' to
# get rid of the unsigned/signed char mismatch warnings.
# Using this may hide other pointer mismatch warnings, but
# it at least lets other warning classes through
CFLAGS="-msg_disable ptrmismatch1 $CFLAGS"
fi
;;
m68k-atari-mint)
;;
*-linux-android*)
have_android_system=yes
# Android is fully utf-8 and we do not want to use iconv to
# keeps things simple
require_iconv=no
build_wks_tools=no
;;
*-apple-darwin*)
AC_DEFINE(_DARWIN_C_SOURCE, 1,
Expose all libc features (__DARWIN_C_FULL).)
;;
*-*-netbsd*)
require_pipe_to_unblock_pselect=yes
;;
*)
;;
esac
if test "$require_pipe_to_unblock_pselect" = yes; then
AC_DEFINE(HAVE_PSELECT_NO_EINTR, 1,
[Defined if we run on systems like NetBSD, where
pselect cannot be unblocked by signal from a thread
within the same process. We use pipe in this case, instead.])
fi
if test "$have_dosish_system" = yes; then
AC_DEFINE(HAVE_DOSISH_SYSTEM,1,
[Defined if we run on some of the PCDOS like systems
(DOS, Windoze. OS/2) with special properties like
no file modes, case insensitive file names and preferred
use of backslashes as directory name separators.])
fi
AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
if test "$have_w32_system" = yes; then
AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
if test "$have_w32ce_system" = yes; then
AC_DEFINE(HAVE_W32CE_SYSTEM,1,[Defined if we run on WindowsCE])
fi
fi
AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes)
if test "$have_android_system" = yes; then
AC_DEFINE(HAVE_ANDROID_SYSTEM,1, [Defined if we build for an Android system])
fi
AM_CONDITIONAL(HAVE_ANDROID_SYSTEM, test "$have_android_system" = yes)
# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
#
# Checks for libraries.
#
AC_MSG_NOTICE([checking for libraries])
#
# gpgrt (aka libgpg-error) is a library with error codes shared
# between GnuPG related projects.
#
AM_PATH_GPG_ERROR("$NEED_GPGRT_VERSION",
have_gpg_error=yes,have_gpg_error=no)
#
# Libgcrypt is our generic crypto library
#
AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION",
have_libgcrypt=yes,have_libgcrypt=no)
# And, then, check if it's newer than 1.9.0 so that we can
# conditionally build some programs.
# Note: This is not anymore needed but keep the code commented in case
# we need it again with some future libgcrypt.
#have_libgcrypt_newer=no
#if test $ok = yes; then
# if test "$major" -gt 1; then
# have_libgcrypt_newer=yes
# else
# if test "$major" -eq 1; then
# if test "$minor" -gt 9; then
# have_libgcrypt_newer=yes
# else
# if test "$minor" -eq 9; then
# if test "$micro" -ge 0; then
# have_libgcrypt_newer=yes
# fi
# fi
# fi
# fi
# fiy
#fi
#AM_CONDITIONAL(HAVE_NEWER_LIBGCRYPT, [test $have_libgcrypt_newer = yes])
#
# libassuan is used for IPC
#
AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
have_libassuan=yes,have_libassuan=no)
if test "$have_libassuan" = "yes"; then
AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version",
[version of the libassuan library])
show_tor_support="only .onion"
fi
#
# libksba is our X.509 support library
#
AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
#
# libusb allows us to use the integrated CCID smartcard reader driver.
#
# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
if test "$use_ccid_driver" = auto || test "$use_ccid_driver" = yes; then
case "${host}" in
*-mingw32*)
LIBUSB_NAME=
LIBUSB_LIBS=
LIBUSB_CPPFLAGS=
;;
*-*-darwin*)
LIBUSB_NAME=usb-1.0
LIBUSB_LIBS="-Wl,-framework,CoreFoundation -Wl,-framework,IOKit"
;;
*-*-freebsd*)
# FreeBSD has a native 1.0 compatible library by -lusb.
LIBUSB_NAME=usb
LIBUSB_LIBS=
;;
*)
LIBUSB_NAME=usb-1.0
LIBUSB_LIBS=
;;
esac
fi
if test x"$LIBUSB_NAME" != x ; then
AC_CHECK_LIB($LIBUSB_NAME, libusb_init,
[ LIBUSB_LIBS="-l$LIBUSB_NAME $LIBUSB_LIBS"
have_libusb=yes ])
AC_MSG_CHECKING([libusb include dir])
usb_incdir_found="no"
for _incdir in "" "/usr/include/libusb-1.0" \
"/usr/local/include/libusb-1.0" "/usr/pkg/include/libusb-1.0"; do
_libusb_save_cppflags=$CPPFLAGS
if test -n "${_incdir}"; then
CPPFLAGS="-I${_incdir} ${CPPFLAGS}"
fi
AC_PREPROC_IFELSE([AC_LANG_SOURCE([[@%:@include ]])],
[usb_incdir=${_incdir}; usb_incdir_found="yes"], [])
CPPFLAGS=${_libusb_save_cppflags}
if test "$usb_incdir_found" = "yes"; then
break
fi
done
if test "$usb_incdir_found" = "yes"; then
AC_MSG_RESULT([${usb_incdir}])
else
AC_MSG_RESULT([not found])
usb_incdir=""
have_libusb=no
if test "$use_ccid_driver" != yes; then
use_ccid_driver=no
fi
LIBUSB_LIBS=""
fi
if test "$have_libusb" = yes; then
AC_DEFINE(HAVE_LIBUSB,1, [defined if libusb is available])
fi
if test x"$usb_incdir" = x; then
LIBUSB_CPPFLAGS=""
else
LIBUSB_CPPFLAGS="-I${usb_incdir}"
fi
fi
AC_SUBST(LIBUSB_LIBS)
AC_SUBST(LIBUSB_CPPFLAGS)
#
# Check whether it is necessary to link against libdl.
# (For example to load libpcsclite)
#
gnupg_dlopen_save_libs="$LIBS"
LIBS=""
AC_SEARCH_LIBS(dlopen, c dl,,,)
DL_LIBS=$LIBS
AC_SUBST(DL_LIBS)
LIBS="$gnupg_dlopen_save_libs"
# Checks for g10
AC_ARG_ENABLE(sqlite,
AS_HELP_STRING([--disable-sqlite],
[disable the use of SQLITE]),
try_sqlite=$enableval, try_sqlite=yes)
if test x"$use_tofu" = xyes ; then
if test x"$try_sqlite" = xyes ; then
PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION],
[have_sqlite=yes],
[have_sqlite=no])
fi
if test "$have_sqlite" = "yes"; then
:
AC_SUBST([SQLITE3_CFLAGS])
AC_SUBST([SQLITE3_LIBS])
else
use_tofu=no
build_keyboxd=no
tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
AC_MSG_WARN([[
***
*** Building without SQLite support - TOFU and Keyboxd disabled
***
*** $tmp]])
fi
fi
AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes")
if test x"$use_tofu" = xyes ; then
AC_DEFINE(USE_TOFU, 1, [Enable to build the TOFU code])
fi
# Checks for g13
AC_PATH_PROG(ENCFS, encfs, /usr/bin/encfs)
AC_DEFINE_UNQUOTED(ENCFS,
"${ENCFS}", [defines the filename of the encfs program])
AC_PATH_PROG(FUSERMOUNT, fusermount, /usr/bin/fusermount)
AC_DEFINE_UNQUOTED(FUSERMOUNT,
"${FUSERMOUNT}", [defines the filename of the fusermount program])
#
# Check whether the nPth library is available
#
AM_PATH_NPTH("$NEED_NPTH_API:$NEED_NPTH_VERSION",have_npth=yes,have_npth=no)
if test "$have_npth" = "yes"; then
AC_DEFINE(HAVE_NPTH, 1,
[Defined if the New Portable Thread Library is available])
AC_DEFINE(USE_NPTH, 1,
[Defined if support for nPth is requested and nPth is available])
else
AC_MSG_WARN([[
***
*** To support concurrent access for example in gpg-agent and the SCdaemon
*** we need the support of the New Portable Threads Library.
***]])
fi
#
# Enable debugging of nPth
#
AC_ARG_ENABLE(npth-debug,
AS_HELP_STRING([--enable-npth-debug],
[build with debug version of npth]),
[if test $enableval = yes ; then
AC_DEFINE(NPTH_ENABLE_DEBUG,1,
[Build with debug version of nPth])
fi])
#
# NTBTLS is our TLS library. If it is not available we fall back to
# GNUTLS.
#
AC_ARG_ENABLE(ntbtls,
AS_HELP_STRING([--disable-ntbtls],
[disable the use of NTBTLS as TLS library]),
try_ntbtls=$enableval, try_ntbtls=yes)
if test x"$try_ntbtls" = xyes ; then
AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
[have_ntbtls=yes],[have_ntbtls=no])
fi
if test "$have_ntbtls" = yes ; then
use_tls_library=ntbtls
AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
else
AC_ARG_ENABLE(gnutls,
AS_HELP_STRING([--disable-gnutls],
[disable GNUTLS as fallback TLS library]),
try_gnutls=$enableval, try_gnutls=yes)
if test x"$try_gnutls" = xyes ; then
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
[have_gnutls=yes],
[have_gnutls=no])
fi
if test "$have_gnutls" = "yes"; then
AC_SUBST([LIBGNUTLS_CFLAGS])
AC_SUBST([LIBGNUTLS_LIBS])
use_tls_library=gnutls
AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
else
tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
build_dirmngr=no
AC_MSG_WARN([[
***
*** Neither NTBTLS nor GNUTLS available - not building dirmngr.
***
*** $tmp]])
fi
fi
#
# Allow to set a fixed trust store file for system provided certificates.
#
AC_ARG_WITH([default-trust-store-file],
[AS_HELP_STRING([--with-default-trust-store-file=FILE],
[Use FILE as system trust store])],
default_trust_store_file="$withval",
default_trust_store_file="")
if test x"$default_trust_store_file" = xno;then
default_trust_store_file=""
fi
if test x"$default_trust_store_file" != x ; then
AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
["$default_trust_store_file"], [Use as default system trust store file])
fi
AC_MSG_NOTICE([checking for networking options])
#
# Must check for network library requirements before doing link tests
# for ldap, for example. If ldap libs are static (or dynamic and without
# ELF runtime link paths), then link will fail and LDAP support won't
# be detected.
#
AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname,
[NETLIBS="-lnsl $NETLIBS"]))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
[NETLIBS="-lsocket $NETLIBS"]))
#
# Check standard resolver functions.
#
if test "$build_dirmngr" = "yes"; then
_dns_save_libs=$LIBS
LIBS=""
# Find the system resolver which can always be enabled with
# the dirmngr option --standard-resolver.
# the double underscore thing is a glibc-ism?
AC_SEARCH_LIBS(res_query,resolv bind,,
AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_expand,resolv bind,,
AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
# macOS renames dn_skipname into res_9_dn_skipname in ,
# and for some reason fools us into believing we don't need
# -lresolv even if we do. Since the test program checking for the
# symbol does not include , we need to check for the
# renamed symbol explicitly.
AC_SEARCH_LIBS(res_9_dn_skipname,resolv bind,,
AC_SEARCH_LIBS(dn_skipname,resolv bind,,
AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no)))
if test x"$have_resolver" != xno ; then
# Make sure that the BIND 4 resolver interface is workable before
# enabling any code that calls it. At some point I'll rewrite the
# code to use the BIND 8 resolver API.
# We might also want to use libdns instead.
AC_MSG_CHECKING([whether the resolver is usable])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include
#include
#include
#include ]],
[[unsigned char answer[PACKETSZ];
res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
dn_skipname(0,0);
dn_expand(0,0,0,0,0);
]])],have_resolver=yes,have_resolver=no)
AC_MSG_RESULT($have_resolver)
# This is Apple-specific and somewhat bizarre as they changed the
# define in bind 8 for some reason.
if test x"$have_resolver" != xyes ; then
AC_MSG_CHECKING(
[whether I can make the resolver usable with BIND_8_COMPAT])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
#include
#include
#include
#include ]],
[[unsigned char answer[PACKETSZ];
res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
dn_skipname(0,0); dn_expand(0,0,0,0,0);
]])],[have_resolver=yes ; need_compat=yes])
AC_MSG_RESULT($have_resolver)
fi
fi
if test x"$have_resolver" = xyes ; then
AC_DEFINE(HAVE_SYSTEM_RESOLVER,1,[The system's resolver is usable.])
DNSLIBS="$DNSLIBS $LIBS"
if test x"$need_compat" = xyes ; then
AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
fi
if test "$use_libdns" = yes; then
show_tor_support=yes
fi
elif test "$use_libdns" = yes; then
show_tor_support=yes
else
AC_MSG_WARN([[
***
*** The system's DNS resolver is not usable.
*** Dirmngr functionality is limited.
***]])
show_tor_support="${show_tor_support} (no system resolver)"
fi
if test "$have_w32_system" = yes; then
if test "$use_libdns" = yes; then
DNSLIBS="$DNSLIBS -liphlpapi"
fi
fi
LIBS=$_dns_save_libs
fi
AC_SUBST(DNSLIBS)
#
# Check for LDAP
#
# Note that running the check changes the variable
# gnupg_have_ldap from "n/a" to "no" or "yes".
AC_ARG_ENABLE(ldap,
AS_HELP_STRING([--disable-ldap],
[disable LDAP support]),
[if test "$enableval" = "no"; then gnupg_have_ldap=no; fi])
if test "$gnupg_have_ldap" != "no" ; then
if test "$build_dirmngr" = "yes" ; then
GNUPG_CHECK_LDAP($NETLIBS)
AC_CHECK_LIB(lber, ber_free,
[ LBER_LIBS="$LBER_LIBS -llber"
AC_DEFINE(HAVE_LBER,1,
[defined if liblber is available])
have_lber=yes
])
fi
fi
AC_SUBST(LBER_LIBS)
if test "$gnupg_have_ldap" = "no"; then
AC_MSG_WARN([[
***
*** Building without LDAP support.
*** No CRL access or X.509 certificate search available.
***]])
fi
AM_CONDITIONAL(USE_LDAP, [test "$gnupg_have_ldap" = yes])
if test "$gnupg_have_ldap" = yes ; then
AC_DEFINE(USE_LDAP,1,[Defined if LDAP is support])
fi
#
# Check for sendmail
#
# This isn't necessarily sendmail itself, but anything that gives a
# sendmail-ish interface to the outside world. That includes Exim,
# Postfix, etc. Basically, anything that can handle "sendmail -t".
AC_ARG_WITH(mailprog,
AS_HELP_STRING([--with-mailprog=NAME],
[use "NAME -t" for mail transport]),
,with_mailprog=yes)
if test x"$with_mailprog" = xyes ; then
AC_PATH_PROG(SENDMAIL,sendmail,,"$PATH":/usr/sbin:/usr/libexec:/usr/lib)
elif test x"$with_mailprog" != xno ; then
AC_MSG_CHECKING([for a mail transport program])
AC_SUBST(SENDMAIL,$with_mailprog)
AC_MSG_RESULT($with_mailprog)
fi
AC_DEFINE_UNQUOTED(NAME_OF_SENDMAIL,"$SENDMAIL",
[Tool with sendmail -t interface])
#
# Construct a printable name of the OS
#
case "${host}" in
*-mingw32ce*)
PRINTABLE_OS_NAME="W32CE"
;;
*-mingw32*)
PRINTABLE_OS_NAME="MingW32"
;;
*-*-cygwin*)
PRINTABLE_OS_NAME="Cygwin"
;;
i?86-emx-os2 | i?86-*-os2*emx )
PRINTABLE_OS_NAME="OS/2"
;;
i?86-*-msdosdjgpp*)
PRINTABLE_OS_NAME="MSDOS/DJGPP"
try_dynload=no
;;
*-linux*)
PRINTABLE_OS_NAME="GNU/Linux"
;;
*)
PRINTABLE_OS_NAME=`uname -s || echo "Unknown"`
;;
esac
AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
[A human readable text with the name of the OS])
#
# Checking for iconv
#
if test "$require_iconv" = yes; then
AM_ICONV
else
LIBICONV=
LTLIBICONV=
AC_SUBST(LIBICONV)
AC_SUBST(LTLIBICONV)
fi
#
# Check for gettext
#
# This is "GNU gnupg" - The project-id script from gettext
# needs this string
#
AC_MSG_NOTICE([checking for gettext])
AM_PO_SUBDIRS
AM_GNU_GETTEXT_VERSION([0.17])
if test "$try_gettext" = yes; then
AM_GNU_GETTEXT([external],[need-ngettext])
# gettext requires some extra checks. These really should be part of
# the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific
# function checks to here.
AC_CHECK_FUNCS(strchr)
else
USE_NLS=no
USE_INCLUDED_LIBINTL=no
BUILD_INCLUDED_LIBINTL=no
POSUB=po
AC_SUBST(USE_NLS)
AC_SUBST(USE_INCLUDED_LIBINTL)
AC_SUBST(BUILD_INCLUDED_LIBINTL)
AC_SUBST(POSUB)
fi
# We use HAVE_LANGINFO_CODESET in a couple of places.
AM_LANGINFO_CODESET
# Checks required for our use of locales
gt_LC_MESSAGES
#
# SELinux support
#
if test "$selinux_support" = yes ; then
AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support])
fi
#
# Checks for header files.
#
AC_MSG_NOTICE([checking for header files])
AC_HEADER_STDC
AC_HEADER_TIME
AC_CHECK_HEADERS([unistd.h langinfo.h termio.h locale.h \
pwd.h inttypes.h signal.h sys/select.h \
stdint.h signal.h termios.h \
ucred.h sys/ucred.h sys/sysmacros.h sys/mkdev.h])
#
# Checks for typedefs, structures, and compiler characteristics.
#
AC_MSG_NOTICE([checking for system characteristics])
AC_C_CONST
AC_C_INLINE
AC_C_VOLATILE
AC_TYPE_SIZE_T
AC_TYPE_MODE_T
AC_CHECK_DECLS([sys_siglist],[],[],[#include
/* NetBSD declares sys_siglist in unistd.h. */
#ifdef HAVE_UNISTD_H
# include
#endif
])
gl_HEADER_SYS_SOCKET
gl_TYPE_SOCKLEN_T
AC_SEARCH_LIBS([inet_addr], [nsl])
AC_ARG_ENABLE(endian-check,
AS_HELP_STRING([--disable-endian-check],
[disable the endian check and trust the OS provided macros]),
endiancheck=$enableval,endiancheck=yes)
if test x"$endiancheck" = xyes ; then
GNUPG_CHECK_ENDIAN
fi
# fixme: we should get rid of the byte type
AC_CHECK_TYPES([byte, ushort, ulong, u16, u32])
AC_CHECK_SIZEOF(unsigned short)
AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_SIZEOF(unsigned long long)
AC_CHECK_SIZEOF(size_t)
AC_CHECK_SIZEOF(time_t,,[[
#include
#if TIME_WITH_SYS_TIME
# include
# include
#else
# if HAVE_SYS_TIME_H
# include
# else
# include
# endif
#endif
]])
GNUPG_TIME_T_UNSIGNED
if test "$ac_cv_sizeof_unsigned_short" = "0" \
|| test "$ac_cv_sizeof_unsigned_int" = "0" \
|| test "$ac_cv_sizeof_unsigned_long" = "0"; then
AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
fi
#
# Checks for library functions.
#
AC_MSG_NOTICE([checking for library functions])
AC_CHECK_DECLS(getpagesize)
AC_FUNC_FSEEKO
AC_FUNC_VPRINTF
AC_FUNC_FORK
AC_CHECK_FUNCS([atexit canonicalize_file_name clock_gettime ctermid \
explicit_bzero fcntl flockfile fsync ftello \
ftruncate funlockfile getaddrinfo getenv getpagesize \
getpwnam getpwuid getrlimit getrusage gettimeofday \
gmtime_r inet_ntop inet_pton isascii lstat memicmp \
memmove memrchr mmap nl_langinfo pipe raise rand \
setenv setlocale setrlimit sigaction sigprocmask \
stat stpcpy strcasecmp strerror strftime stricmp \
strlwr strncasecmp strpbrk strsep strtol strtoul \
strtoull tcgetattr timegm times ttyname unsetenv \
wait4 waitpid ])
# On some systems (e.g. Solaris) nanosleep requires linking to librl.
# Given that we use nanosleep only as an optimization over a select
# based wait function we want it only if it is available in libc.
_save_libs="$LIBS"
AC_SEARCH_LIBS([nanosleep], [],
[AC_DEFINE(HAVE_NANOSLEEP,1,
[Define to 1 if you have the `nanosleep' function in libc.])])
LIBS="$_save_libs"
# See whether libc supports the Linux inotify interface
case "${host}" in
*-*-linux*)
AC_CHECK_FUNCS([inotify_init])
;;
esac
if test "$have_android_system" = yes; then
# On Android ttyname is a stub but prints an error message.
AC_DEFINE(HAVE_BROKEN_TTYNAME,1,
[Defined if ttyname does not work properly])
fi
AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include ])
# Dirmngr requires mmap on Unix systems.
if test $ac_cv_func_mmap != yes -a $mmap_needed = yes; then
AC_MSG_ERROR([[Sorry, the current implementation requires mmap.]])
fi
#
# Check for the getsockopt SO_PEERCRED, etc.
#
AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.cr_pid, struct sockpeercred.pid], [], [], [#include
#include ])
# (Open)Solaris
AC_CHECK_FUNCS([getpeerucred])
#
# W32 specific test
#
#
# Do we have zlib? Must do it here because Solaris failed
# when compiling a conftest (due to the "-lz" from LIBS).
# Note that we combine zlib and bzlib2 in ZLIBS.
#
if test "$use_zip" = yes ; then
_cppflags="${CPPFLAGS}"
_ldflags="${LDFLAGS}"
AC_ARG_WITH(zlib,
[ --with-zlib=DIR use libz in DIR],[
if test -d "$withval"; then
CPPFLAGS="${CPPFLAGS} -I$withval/include"
LDFLAGS="${LDFLAGS} -L$withval/lib"
fi
])
AC_CHECK_HEADER(zlib.h,
AC_CHECK_LIB(z, deflateInit2_,
[
ZLIBS="-lz"
AC_DEFINE(HAVE_ZIP,1, [Defined if ZIP and ZLIB are supported])
],
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
fi
#
# Check whether we can support bzip2
#
if test "$use_bzip2" = yes ; then
_cppflags="${CPPFLAGS}"
_ldflags="${LDFLAGS}"
AC_ARG_WITH(bzip2,
AS_HELP_STRING([--with-bzip2=DIR],[look for bzip2 in DIR]),
[
if test -d "$withval" ; then
CPPFLAGS="${CPPFLAGS} -I$withval/include"
LDFLAGS="${LDFLAGS} -L$withval/lib"
fi
],withval="")
# Checking alongside stdio.h as an early version of bzip2 (1.0)
# required stdio.h to be included before bzlib.h, and Solaris 9 is
# woefully out of date.
if test "$withval" != no ; then
AC_CHECK_HEADER(bzlib.h,
AC_CHECK_LIB(bz2,BZ2_bzCompressInit,
[
have_bz2=yes
ZLIBS="$ZLIBS -lbz2"
AC_DEFINE(HAVE_BZIP2,1,
[Defined if the bz2 compression library is available])
],
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags},[#include ])
fi
fi
AM_CONDITIONAL(ENABLE_BZIP2_SUPPORT,test x"$have_bz2" = "xyes")
AC_SUBST(ZLIBS)
# Check for readline support
GNUPG_CHECK_READLINE
if test "$development_version" = yes; then
AC_DEFINE(IS_DEVELOPMENT_VERSION,1,
[Defined if this is not a regular release])
fi
if test "$USE_MAINTAINER_MODE" = "yes"; then
AC_DEFINE(MAINTAINER_MODE,1,
[Defined if this build is in maintainer mode])
fi
AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)
GNUPG_CHECK_GNUMAKE
# Add some extra libs here so that previous tests don't fail for
# mysterious reasons - the final link step should bail out.
# W32SOCKLIBS is also defined so that if can be used for tools not
# requiring any network stuff but linking to code in libcommon which
# tracks in winsock stuff (e.g. init_common_subsystems).
if test "$have_w32_system" = yes; then
if test "$have_w32ce_system" = yes; then
W32SOCKLIBS="-lws2"
else
W32SOCKLIBS="-lws2_32"
fi
NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
fi
AC_SUBST(NETLIBS)
AC_SUBST(W32SOCKLIBS)
#
# TPM libtss library .. don't compile TPM support if we don't have it
#
AC_ARG_WITH([tss],
[AS_HELP_STRING([--with-tss=TSS],
[use the specified TPM Software Stack (ibm, intel, or autodetect)])],
[with_tss=$withval],
[with_tss=autodetect])
LIBTSS_LIBS=
LIBTSS_CFLAGS=
if test "$build_tpm2d" = "yes"; then
_save_libs="$LIBS"
_save_cflags="$CFLAGS"
LIBS=""
if test "$with_tss" = autodetect; then
AC_SEARCH_LIBS([TSS_Create],[tss ibmtss],have_libtss=IBM,
AC_SEARCH_LIBS([Esys_Initialize],[tss2-esys],have_libtss=Intel,have_libtss=no))
elif test "$with_tss" = ibm; then
AC_SEARCH_LIBS([TSS_Create],[tss ibmtss],have_libtss=IBM,
[AC_MSG_ERROR([IBM TPM Software Stack requested but not found])])
elif test "$with_tss" = intel; then
AC_SEARCH_LIBS([Esys_Initialize],[tss2-esys],have_libtss=Intel,
[AC_MSG_ERROR([Intel TPM Software Stack requested but not found])])
else
AC_MSG_ERROR([Invalid TPM Software Stack requested: $with_tss])
fi
if test "$have_libtss" = IBM; then
LIBTSS_CFLAGS="-DTPM_POSIX"
CFLAGS="$CFLAGS ${LIBTSS_CFLAGS}"
AC_CHECK_HEADER([tss2/tss.h],
[AC_DEFINE(TSS_INCLUDE,tss2, [tss2 include location])], [
AC_CHECK_HEADER([ibmtss/tss.h],[AC_DEFINE(TSS_INCLUDE,ibmtss,
[ibmtss include location])], [
AC_MSG_WARN([No TSS2 include directory found, disabling TPM support])
have_libtss=no
])
])
LIBTSS_LIBS=$LIBS
AC_SUBST(TSS_INCLUDE)
elif test "$have_libtss" = Intel; then
##
# Intel TSS has an API issue: Esys_TR_GetTpmHandle wasn't introduced
# until version 2.4.0.
#
# Note: the missing API is fairly serious and is also easily backportable
# so keep the check below as is intead of going by library version number.
##
AC_CHECK_LIB(tss2-esys, Esys_TR_GetTpmHandle, [], [
AC_MSG_WARN([Need Esys_TR_GetTpmHandle API (usually requires Intel TSS 2.4.0 or later, disabling TPM support)])
have_libtss=no
])
LIBTSS_LIBS="$LIBS -ltss2-mu -ltss2-rc -ltss2-tctildr"
AC_DEFINE(HAVE_INTEL_TSS, 1, [Defined if we have the Intel TSS])
fi
LIBS="$_save_libs"
CFLAGS="$_save_cflags"
if test "$have_libtss" != no; then
AC_DEFINE(HAVE_LIBTSS, 1, [Defined if we have TPM2 support library])
# look for a TPM emulator for testing
AC_PATH_PROG(TPMSERVER, tpm_server,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
AC_PATH_PROG(SWTPM, swtpm,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
AC_PATH_PROG(SWTPM_IOCTL, swtpm_ioctl,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
AC_PATH_PROG(TSSSTARTUP, tssstartup,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
fi
fi
if test "$have_libtss" = no; then
build_tpm2d=no
fi
AC_SUBST(LIBTSS_LIBS)
AC_SUBST(LIBTSS_CFLAGS)
AM_CONDITIONAL(HAVE_LIBTSS, test "$have_libtss" != no)
AM_CONDITIONAL(TEST_LIBTSS, test -n "$TPMSERVER" || test -n "$SWTPM" && test -n "$TSSSTARTUP")
AC_SUBST(HAVE_LIBTSS)
#
# Setup gcc specific options
#
USE_C99_CFLAGS=
AC_MSG_NOTICE([checking for cc features])
if test "$GCC" = yes; then
mycflags=
mycflags_save=$CFLAGS
# Check whether gcc does not emit a diagnositc for unknown -Wno-*
# options. This is the case for gcc >= 4.6
AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 6 )
#kickerror
#endif]],[])],[_gcc_silent_wno=yes],[_gcc_silent_wno=no])
AC_MSG_RESULT($_gcc_silent_wno)
# Note that it is okay to use CFLAGS here because these are just
# warning options and the user should have a chance of overriding
# them.
if test "$USE_MAINTAINER_MODE" = "yes"; then
mycflags="$mycflags -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
mycflags="$mycflags -Wformat -Wno-format-y2k -Wformat-security"
if test x"$_gcc_silent_wno" = xyes ; then
_gcc_wopt=yes
else
AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
CFLAGS="-Wno-missing-field-initializers"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
[_gcc_wopt=yes],[_gcc_wopt=no])
AC_MSG_RESULT($_gcc_wopt)
fi
if test x"$_gcc_wopt" = xyes ; then
mycflags="$mycflags -W -Wno-sign-compare -Wno-format-zero-length"
mycflags="$mycflags -Wno-missing-field-initializers"
fi
AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
CFLAGS="-Wdeclaration-after-statement"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
if test x"$_gcc_wopt" = xyes ; then
mycflags="$mycflags -Wdeclaration-after-statement"
fi
AC_MSG_CHECKING([if gcc supports -Wlogical-op])
CFLAGS="-Wlogical-op -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
if test x"$_gcc_wopt" = xyes ; then
mycflags="$mycflags -Wlogical-op"
fi
AC_MSG_CHECKING([if gcc supports -Wvla])
CFLAGS="-Wvla"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
if test x"$_gcc_wopt" = xyes ; then
mycflags="$mycflags -Wvla"
fi
else
mycflags="$mycflags -Wall"
if test x"$_gcc_silent_wno" = xyes ; then
mycflags="$mycflags -Wno-format-zero-length"
fi
fi
if test x"$_gcc_silent_wno" = xyes ; then
_gcc_psign=yes
else
AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
CFLAGS="-Wno-pointer-sign"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
[_gcc_psign=yes],[_gcc_psign=no])
AC_MSG_RESULT($_gcc_psign)
fi
if test x"$_gcc_psign" = xyes ; then
mycflags="$mycflags -Wno-pointer-sign"
fi
AC_MSG_CHECKING([if gcc supports -Wpointer-arith])
CFLAGS="-Wpointer-arith"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no)
AC_MSG_RESULT($_gcc_psign)
if test x"$_gcc_psign" = xyes ; then
mycflags="$mycflags -Wpointer-arith"
fi
CFLAGS="$mycflags $mycflags_save"
if test "$use_libdns" = yes; then
# dirmngr/dns.{c,h} require C99 and GNU extensions. */
USE_C99_CFLAGS="-std=gnu99"
fi
fi
AC_SUBST(USE_C99_CFLAGS)
#
# This is handy for debugging so the compiler doesn't rearrange
# things and eliminate variables.
#
AC_ARG_ENABLE(optimization,
AS_HELP_STRING([--disable-optimization],
[disable compiler optimization]),
[if test $enableval = no ; then
CFLAGS=`echo $CFLAGS | sed s/-O[[1-9]]\ /-O0\ /g`
fi])
#
# log_debug has certain requirements which might hamper portability.
# Thus we use an option to enable it.
#
AC_MSG_CHECKING([whether to enable log_clock])
AC_ARG_ENABLE(log_clock,
AS_HELP_STRING([--enable-log-clock],
[enable log_clock timestamps]),
enable_log_clock=$enableval, enable_log_clock=no)
AC_MSG_RESULT($enable_log_clock)
if test "$enable_log_clock" = yes ; then
AC_DEFINE(ENABLE_LOG_CLOCK,1,[Defined to use log_clock timestamps])
fi
# Add -Werror to CFLAGS. This hack can be used to avoid problems with
# misbehaving autoconf tests in case the user supplied -Werror.
#
AC_ARG_ENABLE(werror,
AS_HELP_STRING([--enable-werror],
[append -Werror to CFLAGS]),
[if test $enableval = yes ; then
CFLAGS="$CFLAGS -Werror"
fi])
#
# Configure option --enable-all-tests
#
AC_MSG_CHECKING([whether "make check" shall run all tests])
AC_ARG_ENABLE(all-tests,
AS_HELP_STRING([--enable-all-tests],
[let "make check" run all tests]),
run_all_tests=$enableval, run_all_tests=no)
AC_MSG_RESULT($run_all_tests)
if test "$run_all_tests" = "yes"; then
AC_DEFINE(RUN_ALL_TESTS,1,
[Defined if "make check" shall run all tests])
fi
#
# Configure option --disable-tests
#
AC_MSG_CHECKING([whether tests should be run])
AC_ARG_ENABLE(tests,
AS_HELP_STRING([--disable-tests],
[do not run any tests]),
run_tests=$enableval, run_tests=yes)
AC_MSG_RESULT($run_tests)
#
# We do not want support for the GNUPG_BUILDDIR environment variable
# in a released version. However, our regression tests suite requires
# this and thus we build with support for it during "make distcheck".
# This configure option implements this along with the top Makefile's
# AM_DISTCHECK_CONFIGURE_FLAGS.
#
gnupg_builddir_envvar=no
AC_ARG_ENABLE(gnupg-builddir-envvar,,
gnupg_builddir_envvar=$enableval)
if test x"$gnupg_builddir_envvar" = x"yes"; then
AC_DEFINE(ENABLE_GNUPG_BUILDDIR_ENVVAR, 1,
[This is only used with "make distcheck"])
fi
#
# To avoid problems with systemd cleaning up the /run/user directory,
# this option will make GnuPG try to use /run/gnupg/user as socket dir
# before /run/user
#
AC_ARG_ENABLE(run-gnupg-user-socket,
AS_HELP_STRING([--enable-run-gnupg-user-socket],
[try /run/gnupg/user for sockets prior to /run/user]),
use_run_gnupg_user_socket=$enableval)
if test x"$use_run_gnupg_user_socket" = x"yes"; then
AC_DEFINE(USE_RUN_GNUPG_USER_SOCKET, 1,
[If defined try /run/gnupg/user before /run/user])
fi
#
# Decide what to build
#
build_scdaemon_extra=""
if test "$build_scdaemon" = "yes"; then
if test $have_libusb = no; then
build_scdaemon_extra="without internal CCID driver"
fi
if test -n "$build_scdaemon_extra"; then
build_scdaemon_extra="(${build_scdaemon_extra})"
fi
fi
#
# Set variables for use by automake makefiles.
#
AM_CONDITIONAL(BUILD_GPG, test "$build_gpg" = "yes")
AM_CONDITIONAL(BUILD_GPGSM, test "$build_gpgsm" = "yes")
AM_CONDITIONAL(BUILD_AGENT, test "$build_agent" = "yes")
AM_CONDITIONAL(BUILD_SCDAEMON, test "$build_scdaemon" = "yes")
AM_CONDITIONAL(BUILD_G13, test "$build_g13" = "yes")
AM_CONDITIONAL(BUILD_DIRMNGR, test "$build_dirmngr" = "yes")
AM_CONDITIONAL(BUILD_KEYBOXD, test "$build_keyboxd" = "yes")
AM_CONDITIONAL(BUILD_TPM2D, test "$build_tpm2d" = "yes")
AM_CONDITIONAL(BUILD_DOC, test "$build_doc" = "yes")
AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes")
AM_CONDITIONAL(BUILD_WKS_TOOLS, test "$build_wks_tools" = "yes")
AM_CONDITIONAL(DISABLE_TESTS, test "$run_tests" != yes)
AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no)
AM_CONDITIONAL(USE_TOFU, test "$use_tofu" = yes)
#
# Set some defines for use gpgconf.
#
if test "$build_gpg" = yes ; then
AC_DEFINE(BUILD_WITH_GPG,1,[Defined if GPG is to be build])
fi
if test "$build_gpgsm" = yes ; then
AC_DEFINE(BUILD_WITH_GPGSM,1,[Defined if GPGSM is to be build])
fi
if test "$build_agent" = yes ; then
AC_DEFINE(BUILD_WITH_AGENT,1,[Defined if GPG-AGENT is to be build])
fi
if test "$build_scdaemon" = yes ; then
AC_DEFINE(BUILD_WITH_SCDAEMON,1,[Defined if SCDAEMON is to be build])
fi
if test "$build_dirmngr" = yes ; then
AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if DIRMNGR is to be build])
fi
if test "$build_keyboxd" = yes ; then
AC_DEFINE(BUILD_WITH_KEYBOXD,1,[Defined if KEYBOXD is to be build])
fi
if test "$build_tpm2d" = yes ; then
AC_DEFINE(BUILD_WITH_TPM2D,1,[Defined if TPM2D to be build])
fi
if test "$build_g13" = yes ; then
AC_DEFINE(BUILD_WITH_G13,1,[Defined if G13 is to be build])
fi
#
# Define Name strings
#
AC_DEFINE_UNQUOTED(GNUPG_NAME, "GnuPG", [The name of the project])
AC_DEFINE_UNQUOTED(GPG_NAME, "gpg", [The name of the OpenPGP tool])
AC_DEFINE_UNQUOTED(GPG_DISP_NAME, "GnuPG", [The displayed name of gpg])
AC_DEFINE_UNQUOTED(GPGSM_NAME, "gpgsm", [The name of the S/MIME tool])
AC_DEFINE_UNQUOTED(GPGSM_DISP_NAME, "GPGSM", [The displayed name of gpgsm])
AC_DEFINE_UNQUOTED(GPG_AGENT_NAME, "gpg-agent", [The name of the agent])
AC_DEFINE_UNQUOTED(GPG_AGENT_DISP_NAME, "GPG Agent",
[The displayed name of gpg-agent])
AC_DEFINE_UNQUOTED(TPM2DAEMON_NAME, "tpm2daemon", [The name of the TPM2 daemon])
AC_DEFINE_UNQUOTED(TPM2DAEMON_DISP_NAME, "TPM2 Daemon",
[The displayed name of TPM2 daemon])
AC_DEFINE_UNQUOTED(SCDAEMON_NAME, "scdaemon", [The name of the scdaemon])
AC_DEFINE_UNQUOTED(SCDAEMON_DISP_NAME, "SCDaemon",
[The displayed name of scdaemon])
AC_DEFINE_UNQUOTED(DIRMNGR_NAME, "dirmngr", [The name of the dirmngr])
AC_DEFINE_UNQUOTED(DIRMNGR_DISP_NAME, "DirMngr",
[The displayed name of dirmngr])
AC_DEFINE_UNQUOTED(KEYBOXD_NAME, "keyboxd", [The name of the keyboxd])
AC_DEFINE_UNQUOTED(KEYBOXD_DISP_NAME, "Keyboxd",
[The displayed name of keyboxd])
AC_DEFINE_UNQUOTED(G13_NAME, "g13", [The name of the g13 tool])
AC_DEFINE_UNQUOTED(G13_DISP_NAME, "G13", [The displayed name of g13])
AC_DEFINE_UNQUOTED(GPGCONF_NAME, "gpgconf", [The name of the gpgconf tool])
AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
[The displayed name of gpgconf])
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
[The name of the agent socket])
AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.extra",
[The name of the agent socket for remote access])
AC_DEFINE_UNQUOTED(GPG_AGENT_BROWSER_SOCK_NAME, "S.gpg-agent.browser",
[The name of the agent socket for browsers])
AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
[The name of the agent socket for ssh])
AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO",
[The name of the dirmngr info envvar])
AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
[The name of the SCdaemon socket])
AC_DEFINE_UNQUOTED(KEYBOXD_SOCK_NAME, "S.keyboxd",
[The name of the keyboxd socket])
AC_DEFINE_UNQUOTED(TPM2DAEMON_SOCK_NAME, "S.tpm2daemon",
[The name of the TPM2 daemon socket])
AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
[The name of the dirmngr socket])
AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
- "hkps://hkps.pool.sks-keyservers.net",
+ "hkps://keyserver.ubuntu.com",
[The default keyserver for dirmngr to use, if none is explicitly given])
AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
if test "$have_w32_system" = yes; then
AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "Software\\\\GNU\\\\GnuPG",
[The directory part of the W32 registry keys])
fi
#
# Provide information about the build.
#
BUILD_REVISION="mym4_revision"
AC_SUBST(BUILD_REVISION)
AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION",
[GIT commit id revision used to build this package])
changequote(,)dnl
BUILD_VERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./'`
changequote([,])dnl
BUILD_VERSION="${BUILD_VERSION}mym4_revision_dec"
BUILD_FILEVERSION=`echo "${BUILD_VERSION}" | tr . ,`
AC_SUBST(BUILD_VERSION)
AC_SUBST(BUILD_FILEVERSION)
AC_ARG_ENABLE([build-timestamp],
AS_HELP_STRING([--enable-build-timestamp],
[set an explicit build timestamp for reproducibility.
(default is the current time in ISO-8601 format)]),
[if test "$enableval" = "yes"; then
BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
else
BUILD_TIMESTAMP="$enableval"
fi
BUILD_HOSTNAME="$ac_hostname"],
[BUILD_TIMESTAMP=""
BUILD_HOSTNAME=""])
AC_SUBST(BUILD_TIMESTAMP)
AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP",
[The time this package was configured for a build])
AC_SUBST(BUILD_HOSTNAME)
#
# Print errors here so that they are visible all
# together and the user can acquire them all together.
#
die=no
if test "$have_gpg_error" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libgpg-error to build this program.
** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/gpgrt
*** (at least version $NEED_GPGRT_VERSION is required.)
***]])
fi
if test "$have_libgcrypt" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libgcrypt to build this program.
** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libgcrypt/
*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) is required.)
***]])
fi
if test "$have_libassuan" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libassuan to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libassuan/
*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
***]])
fi
if test "$have_ksba" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libksba to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libksba/
*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
***]])
fi
if test "$gnupg_have_ldap" = yes; then
if test "$have_w32ce_system" = yes; then
AC_MSG_NOTICE([[
*** Note that CeGCC might be broken, a package fixing this is:
*** http://files.kolab.org/local/windows-ce/
*** source/wldap32_0.1-mingw32ce.orig.tar.gz
*** binary/wldap32-ce-arm-dev_0.1-1_all.deb
***]])
fi
fi
if test "$have_npth" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** It is now required to build with support for the
*** New Portable Threads Library (nPth). Please install this
*** library first. The library is for example available at
*** https://gnupg.org/ftp/gcrypt/npth/
*** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is required).
***]])
fi
if test "$require_iconv" = yes; then
if test "$am_func_iconv" != yes; then
die=yes
AC_MSG_NOTICE([[
***
*** The system does not provide a working iconv function. Please
*** install a suitable library; for example GNU Libiconv which is
*** available at:
*** https://ftp.gnu.org/gnu/libiconv/
***]])
fi
fi
if test "$use_ccid_driver" = yes; then
if test "$have_libusb" != yes; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libusb to build the internal ccid driver. Please
*** install a libusb suitable for your system.
***]])
fi
fi
if test "$die" = "yes"; then
AC_MSG_ERROR([[
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***]])
fi
AC_CONFIG_FILES([ m4/Makefile
Makefile
po/Makefile.in
common/Makefile
common/w32info-rc.h
regexp/Makefile
kbx/Makefile
g10/Makefile
sm/Makefile
agent/Makefile
scd/Makefile
tpm2d/Makefile
g13/Makefile
dirmngr/Makefile
tools/Makefile
doc/Makefile
tests/Makefile
tests/gpgscm/Makefile
tests/openpgp/Makefile
tests/cms/Makefile
tests/migrations/Makefile
tests/tpm2dtests/Makefile
tests/gpgme/Makefile
tests/pkits/Makefile
g10/gpg.w32-manifest
tools/gpg-connect-agent.w32-manifest
tools/gpgconf.w32-manifest
tools/gpgtar.w32-manifest
tools/gpg-check-pattern.w32-manifest
tools/gpg-wks-client.w32-manifest
tools/gpg-card.w32-manifest
])
AC_OUTPUT
show_tss_type=
if test "$build_tpm2d" = "yes"; then
show_tss_type="($have_libtss)"
fi
echo "
GnuPG v${VERSION} has been configured as follows:
Revision: mym4_revision (mym4_revision_dec)
Platform: $PRINTABLE_OS_NAME ($host)
OpenPGP: $build_gpg
S/MIME: $build_gpgsm
Agent: $build_agent
Smartcard: $build_scdaemon $build_scdaemon_extra
TPM: $build_tpm2d $show_tss_type
G13: $build_g13
Dirmngr: $build_dirmngr
Keyboxd: $build_keyboxd
Gpgtar: $build_gpgtar
WKS tools: $build_wks_tools
Protect tool: $show_gnupg_protect_tool_pgm
LDAP wrapper: $show_gnupg_dirmngr_ldap_pgm
Default agent: $show_gnupg_agent_pgm
Default pinentry: $show_gnupg_pinentry_pgm
Default scdaemon: $show_gnupg_scdaemon_pgm
Default keyboxd: $show_gnupg_keyboxd_pgm
Default tpm2daemon: $show_gnupg_tpm2daemon_pgm
Default dirmngr: $show_gnupg_dirmngr_pgm
Dirmngr auto start: $dirmngr_auto_start
Readline support: $gnupg_cv_have_readline
LDAP support: $gnupg_have_ldap
TLS support: $use_tls_library
TOFU support: $use_tofu
Tor support: $show_tor_support
"
if test "$have_libtss" != no -a -z "$TPMSERVER" -a -z "$SWTPM"; then
cat <.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include "dirmngr.h"
#include "misc.h"
#include "../common/ksba-io-support.h"
#include "crlfetch.h"
#include "certcache.h"
#define MAX_NONPERM_CACHED_CERTS 1000
/* Constants used to classify search patterns. */
enum pattern_class
{
PATTERN_UNKNOWN = 0,
PATTERN_EMAIL,
PATTERN_EMAIL_SUBSTR,
PATTERN_FINGERPRINT16,
PATTERN_FINGERPRINT20,
PATTERN_SHORT_KEYID,
PATTERN_LONG_KEYID,
PATTERN_SUBJECT,
PATTERN_SERIALNO,
PATTERN_SERIALNO_ISSUER,
PATTERN_ISSUER,
PATTERN_SUBSTR
};
/* A certificate cache item. This consists of a the KSBA cert object
and some meta data for easier lookup. We use a hash table to keep
track of all items and use the (randomly distributed) first byte of
the fingerprint directly as the hash which makes it pretty easy. */
struct cert_item_s
{
struct cert_item_s *next; /* Next item with the same hash value. */
ksba_cert_t cert; /* The KSBA cert object or NULL is this is
not a valid item. */
unsigned char fpr[20]; /* The fingerprint of this object. */
char *issuer_dn; /* The malloced issuer DN. */
ksba_sexp_t sn; /* The malloced serial number */
char *subject_dn; /* The malloced subject DN - maybe NULL. */
/* If this field is set the certificate has been taken from some
* configuration and shall not be flushed from the cache. */
unsigned int permanent:1;
/* If this field is set the certificate is trusted. The actual
* value is a (possible) combination of CERTTRUST_CLASS values. */
unsigned int trustclasses:4;
};
typedef struct cert_item_s *cert_item_t;
/* The actual cert cache consisting of 256 slots for items indexed by
the first byte of the fingerprint. */
static cert_item_t cert_cache[256];
/* This is the global cache_lock variable. In general locking is not
needed but it would take extra efforts to make sure that no
indirect use of npth functions is done, so we simply lock it
always. Note: We can't use static initialization, as that is not
available through w32-pth. */
static npth_rwlock_t cert_cache_lock;
/* Flag to track whether the cache has been initialized. */
static int initialization_done;
/* Total number of non-permanent certificates. */
static unsigned int total_nonperm_certificates;
/* For each cert class the corresponding bit is set if at least one
* certificate of that class is loaded permanetly. */
static unsigned int any_cert_of_class;
#ifdef HAVE_W32_SYSTEM
/* We load some functions dynamically. Provide typedefs for tehse
* functions. */
typedef HCERTSTORE (WINAPI *CERTOPENSYSTEMSTORE)
(HCRYPTPROV hProv, LPCSTR szSubsystemProtocol);
typedef PCCERT_CONTEXT (WINAPI *CERTENUMCERTIFICATESINSTORE)
(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrevCertContext);
typedef WINBOOL (WINAPI *CERTCLOSESTORE)
(HCERTSTORE hCertStore,DWORD dwFlags);
#endif /*HAVE_W32_SYSTEM*/
/* Helper to do the cache locking. */
static void
init_cache_lock (void)
{
int err;
err = npth_rwlock_init (&cert_cache_lock, NULL);
if (err)
log_fatal (_("can't initialize certificate cache lock: %s\n"),
strerror (err));
}
static void
acquire_cache_read_lock (void)
{
int err;
err = npth_rwlock_rdlock (&cert_cache_lock);
if (err)
log_fatal (_("can't acquire read lock on the certificate cache: %s\n"),
strerror (err));
}
static void
acquire_cache_write_lock (void)
{
int err;
err = npth_rwlock_wrlock (&cert_cache_lock);
if (err)
log_fatal (_("can't acquire write lock on the certificate cache: %s\n"),
strerror (err));
}
static void
release_cache_lock (void)
{
int err;
err = npth_rwlock_unlock (&cert_cache_lock);
if (err)
log_fatal (_("can't release lock on the certificate cache: %s\n"),
strerror (err));
}
/* Return false if both serial numbers match. Can't be used for
sorting. */
static int
compare_serialno (ksba_sexp_t serial1, ksba_sexp_t serial2 )
{
unsigned char *a = serial1;
unsigned char *b = serial2;
return cmp_simple_canon_sexp (a, b);
}
/* Return a malloced canonical S-Expression with the serial number
* converted from the hex string HEXSN. Return NULL on memory
* error. */
ksba_sexp_t
hexsn_to_sexp (const char *hexsn)
{
char *buffer, *p;
size_t len;
char numbuf[40];
len = unhexify (NULL, hexsn);
snprintf (numbuf, sizeof numbuf, "(%u:", (unsigned int)len);
buffer = xtrymalloc (strlen (numbuf) + len + 2 );
if (!buffer)
return NULL;
p = stpcpy (buffer, numbuf);
len = unhexify (p, hexsn);
p[len] = ')';
p[len+1] = 0;
return buffer;
}
/* Compute the fingerprint of the certificate CERT and put it into
the 20 bytes large buffer DIGEST. Return address of this buffer. */
unsigned char *
cert_compute_fpr (ksba_cert_t cert, unsigned char *digest)
{
gpg_error_t err;
gcry_md_hd_t md;
err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
if (err)
log_fatal ("gcry_md_open failed: %s\n", gpg_strerror (err));
err = ksba_cert_hash (cert, 0, HASH_FNC, md);
if (err)
{
log_error ("oops: ksba_cert_hash failed: %s\n", gpg_strerror (err));
memset (digest, 0xff, 20); /* Use a dummy value. */
}
else
{
gcry_md_final (md);
memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20);
}
gcry_md_close (md);
return digest;
}
/* Cleanup one slot. This releases all resourses but keeps the actual
slot in the cache marked for reuse. */
static void
clean_cache_slot (cert_item_t ci)
{
ksba_cert_t cert;
if (!ci->cert)
return; /* Already cleaned. */
ksba_free (ci->sn);
ci->sn = NULL;
ksba_free (ci->issuer_dn);
ci->issuer_dn = NULL;
ksba_free (ci->subject_dn);
ci->subject_dn = NULL;
cert = ci->cert;
ci->cert = NULL;
ci->permanent = 0;
ci->trustclasses = 0;
ksba_cert_release (cert);
}
/* Put the certificate CERT into the cache. It is assumed that the
* cache is locked while this function is called.
*
* FROM_CONFIG indicates that CERT is a permanent certificate and
* should stay in the cache. IS_TRUSTED requests that the trusted
* flag is set for the certificate; a value of 1 indicates the
* cert is trusted due to GnuPG mechanisms, a value of 2 indicates
* that it is trusted because it has been taken from the system's
* store of trusted certificates. If FPR_BUFFER is not NULL the
* fingerprint of the certificate will be stored there. FPR_BUFFER
* needs to point to a buffer of at least 20 bytes. The fingerprint
* will be stored on success or when the function returns
* GPG_ERR_DUP_VALUE. */
static gpg_error_t
put_cert (ksba_cert_t cert, int permanent, unsigned int trustclass,
void *fpr_buffer)
{
unsigned char help_fpr_buffer[20], *fpr;
cert_item_t ci;
fpr = fpr_buffer? fpr_buffer : &help_fpr_buffer;
/* If we already reached the caching limit, drop a couple of certs
* from the cache. Our dropping strategy is simple: We keep a
* static index counter and use this to start looking for
* certificates, then we drop 5 percent of the oldest certificates
* starting at that index. For a large cache this is a fair way of
* removing items. An LRU strategy would be better of course.
* Because we append new entries to the head of the list and we want
* to remove old ones first, we need to do this from the tail. The
* implementation is not very efficient but compared to the long
* time it takes to retrieve a certificate from an external resource
* it seems to be reasonable. */
if (!permanent && total_nonperm_certificates >= MAX_NONPERM_CACHED_CERTS)
{
static int idx;
cert_item_t ci_mark;
int i;
unsigned int drop_count;
drop_count = MAX_NONPERM_CACHED_CERTS / 20;
if (drop_count < 2)
drop_count = 2;
log_info (_("dropping %u certificates from the cache\n"), drop_count);
assert (idx < 256);
for (i=idx; drop_count; i = ((i+1)%256))
{
ci_mark = NULL;
for (ci = cert_cache[i]; ci; ci = ci->next)
if (ci->cert && !ci->permanent)
ci_mark = ci;
if (ci_mark)
{
clean_cache_slot (ci_mark);
drop_count--;
total_nonperm_certificates--;
}
}
if (i==idx)
idx++;
else
idx = i;
idx %= 256;
}
cert_compute_fpr (cert, fpr);
for (ci=cert_cache[*fpr]; ci; ci = ci->next)
if (ci->cert && !memcmp (ci->fpr, fpr, 20))
return gpg_error (GPG_ERR_DUP_VALUE);
/* Try to reuse an existing entry. */
for (ci=cert_cache[*fpr]; ci; ci = ci->next)
if (!ci->cert)
break;
if (!ci)
{ /* No: Create a new entry. */
ci = xtrycalloc (1, sizeof *ci);
if (!ci)
return gpg_error_from_errno (errno);
ci->next = cert_cache[*fpr];
cert_cache[*fpr] = ci;
}
ksba_cert_ref (cert);
ci->cert = cert;
memcpy (ci->fpr, fpr, 20);
ci->sn = ksba_cert_get_serial (cert);
ci->issuer_dn = ksba_cert_get_issuer (cert, 0);
if (!ci->issuer_dn || !ci->sn)
{
clean_cache_slot (ci);
return gpg_error (GPG_ERR_INV_CERT_OBJ);
}
ci->subject_dn = ksba_cert_get_subject (cert, 0);
ci->permanent = !!permanent;
ci->trustclasses = trustclass;
if (permanent)
any_cert_of_class |= trustclass;
else
total_nonperm_certificates++;
return 0;
}
/* Load certificates from the directory DIRNAME. All certificates
matching the pattern "*.crt" or "*.der" are loaded. We assume that
certificates are DER encoded and not PEM encapsulated. The cache
should be in a locked state when calling this function. */
static gpg_error_t
load_certs_from_dir (const char *dirname, unsigned int trustclass)
{
gpg_error_t err;
gnupg_dir_t dir;
gnupg_dirent_t ep;
char *p;
size_t n;
estream_t fp;
ksba_reader_t reader;
ksba_cert_t cert;
char *fname = NULL;
dir = gnupg_opendir (dirname);
if (!dir)
{
return 0; /* We do not consider this a severe error. */
}
while ( (ep = gnupg_readdir (dir)) )
{
p = ep->d_name;
if (*p == '.' || !*p)
continue; /* Skip any hidden files and invalid entries. */
n = strlen (p);
if ( n < 5 || (strcmp (p+n-4,".crt") && strcmp (p+n-4,".der")))
continue; /* Not the desired "*.crt" or "*.der" pattern. */
xfree (fname);
fname = make_filename (dirname, p, NULL);
fp = es_fopen (fname, "rb");
if (!fp)
{
log_error (_("can't open '%s': %s\n"),
fname, strerror (errno));
continue;
}
err = create_estream_ksba_reader (&reader, fp);
if (err)
{
es_fclose (fp);
continue;
}
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_read_der (cert, reader);
ksba_reader_release (reader);
es_fclose (fp);
if (err)
{
log_error (_("can't parse certificate '%s': %s\n"),
fname, gpg_strerror (err));
ksba_cert_release (cert);
continue;
}
err = put_cert (cert, 1, trustclass, NULL);
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
log_info (_("certificate '%s' already cached\n"), fname);
else if (!err)
{
if ((trustclass & CERTTRUST_CLASS_CONFIG))
http_register_cfg_ca (fname);
if (trustclass)
log_info (_("trusted certificate '%s' loaded\n"), fname);
else
log_info (_("certificate '%s' loaded\n"), fname);
if (opt.verbose)
{
p = get_fingerprint_hexstring_colon (cert);
log_info (_(" SHA1 fingerprint = %s\n"), p);
xfree (p);
cert_log_name (_(" issuer ="), cert);
cert_log_subject (_(" subject ="), cert);
}
}
else
log_error (_("error loading certificate '%s': %s\n"),
fname, gpg_strerror (err));
ksba_cert_release (cert);
}
xfree (fname);
gnupg_closedir (dir);
return 0;
}
/* Load certificates from FILE. The certificates are expected to be
* PEM encoded so that it is possible to load several certificates.
* TRUSTCLASSES is used to mark the certificates as trusted. The
* cache should be in a locked state when calling this function.
* NO_ERROR repalces an error message when FNAME was not found by an
* information message. */
static gpg_error_t
load_certs_from_file (const char *fname, unsigned int trustclasses,
int no_error)
{
gpg_error_t err;
estream_t fp = NULL;
gnupg_ksba_io_t ioctx = NULL;
ksba_reader_t reader;
ksba_cert_t cert = NULL;
fp = es_fopen (fname, "rb");
if (!fp)
{
err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_ENONET && no_error)
log_info (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
else
log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
goto leave;
}
err = gnupg_ksba_create_reader (&ioctx,
(GNUPG_KSBA_IO_AUTODETECT
| GNUPG_KSBA_IO_MULTIPEM),
fp, &reader);
if (err)
{
log_error ("can't create reader: %s\n", gpg_strerror (err));
goto leave;
}
/* Loop to read all certificates from the file. */
do
{
ksba_cert_release (cert);
cert = NULL;
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_read_der (cert, reader);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_EOF)
err = 0;
else
log_error (_("can't parse certificate '%s': %s\n"),
fname, gpg_strerror (err));
goto leave;
}
err = put_cert (cert, 1, trustclasses, NULL);
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
log_info (_("certificate '%s' already cached\n"), fname);
else if (err)
log_error (_("error loading certificate '%s': %s\n"),
fname, gpg_strerror (err));
else if (opt.verbose > 1)
{
char *p;
log_info (_("trusted certificate '%s' loaded\n"), fname);
p = get_fingerprint_hexstring_colon (cert);
log_info (_(" SHA1 fingerprint = %s\n"), p);
xfree (p);
cert_log_name (_(" issuer ="), cert);
cert_log_subject (_(" subject ="), cert);
}
ksba_reader_clear (reader, NULL, NULL);
}
while (!gnupg_ksba_reader_eof_seen (ioctx));
leave:
ksba_cert_release (cert);
gnupg_ksba_destroy_reader (ioctx);
es_fclose (fp);
return err;
}
#ifdef HAVE_W32_SYSTEM
/* Load all certificates from the Windows store named STORENAME. All
* certificates are considered to be system provided trusted
* certificates. The cache should be in a locked state when calling
* this function. */
static void
load_certs_from_w32_store (const char *storename)
{
static int init_done;
static CERTOPENSYSTEMSTORE pCertOpenSystemStore;
static CERTENUMCERTIFICATESINSTORE pCertEnumCertificatesInStore;
static CERTCLOSESTORE pCertCloseStore;
gpg_error_t err;
HCERTSTORE w32store;
const CERT_CONTEXT *w32cert;
ksba_cert_t cert = NULL;
unsigned int count = 0;
/* Initialize on the first use. */
if (!init_done)
{
static HANDLE hCrypt32;
init_done = 1;
hCrypt32 = LoadLibrary ("Crypt32.dll");
if (!hCrypt32)
{
log_error ("can't load Crypt32.dll: %s\n", w32_strerror (-1));
return;
}
pCertOpenSystemStore = (CERTOPENSYSTEMSTORE)
(void*)GetProcAddress (hCrypt32, "CertOpenSystemStoreA");
pCertEnumCertificatesInStore = (CERTENUMCERTIFICATESINSTORE)
(void*)GetProcAddress (hCrypt32, "CertEnumCertificatesInStore");
pCertCloseStore = (CERTCLOSESTORE)
(void*)GetProcAddress (hCrypt32, "CertCloseStore");
if ( !pCertOpenSystemStore
|| !pCertEnumCertificatesInStore
|| !pCertCloseStore)
{
log_error ("can't load crypt32.dll: %s\n", "missing function");
pCertOpenSystemStore = NULL;
}
}
if (!pCertOpenSystemStore)
return; /* Not initialized. */
w32store = pCertOpenSystemStore (0, storename);
if (!w32store)
{
log_error ("can't open certificate store '%s': %s\n",
storename, w32_strerror (-1));
return;
}
w32cert = NULL;
while ((w32cert = pCertEnumCertificatesInStore (w32store, w32cert)))
{
if (w32cert->dwCertEncodingType == X509_ASN_ENCODING)
{
ksba_cert_release (cert);
cert = NULL;
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert,
w32cert->pbCertEncoded,
w32cert->cbCertEncoded);
if (err)
{
log_error (_("can't parse certificate '%s': %s\n"),
storename, gpg_strerror (err));
break;
}
err = put_cert (cert, 1, CERTTRUST_CLASS_SYSTEM, NULL);
if (!err)
count++;
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
{
if (DBG_X509)
log_debug (_("certificate '%s' already cached\n"), storename);
}
else if (err)
log_error (_("error loading certificate '%s': %s\n"),
storename, gpg_strerror (err));
else if (opt.verbose > 1)
{
char *p;
log_info (_("trusted certificate '%s' loaded\n"), storename);
p = get_fingerprint_hexstring_colon (cert);
log_info (_(" SHA1 fingerprint = %s\n"), p);
xfree (p);
cert_log_name (_(" issuer ="), cert);
cert_log_subject (_(" subject ="), cert);
}
}
}
ksba_cert_release (cert);
pCertCloseStore (w32store, 0);
if (DBG_X509)
log_debug ("number of certs loaded from store '%s': %u\n",
storename, count);
}
#endif /*HAVE_W32_SYSTEM*/
/* Load the trusted certificates provided by the system. */
static gpg_error_t
load_certs_from_system (void)
{
#ifdef HAVE_W32_SYSTEM
load_certs_from_w32_store ("ROOT");
load_certs_from_w32_store ("CA");
return 0;
#else /*!HAVE_W32_SYSTEM*/
/* A list of certificate bundles to try. */
static struct {
const char *name;
} table[] = {
#ifdef DEFAULT_TRUST_STORE_FILE
{ DEFAULT_TRUST_STORE_FILE }
#else
{ "/etc/ssl/ca-bundle.pem" },
{ "/etc/ssl/certs/ca-certificates.crt" },
{ "/etc/pki/tls/cert.pem" },
{ "/usr/local/share/certs/ca-root-nss.crt" },
{ "/etc/ssl/cert.pem" }
#endif /*!DEFAULT_TRUST_STORE_FILE*/
};
int idx;
gpg_error_t err = 0;
for (idx=0; idx < DIM (table); idx++)
if (!gnupg_access (table[idx].name, F_OK))
{
/* Take the first available bundle. */
err = load_certs_from_file (table[idx].name, CERTTRUST_CLASS_SYSTEM, 0);
break;
}
return err;
#endif /*!HAVE_W32_SYSTEM*/
}
/* Initialize the certificate cache if not yet done. */
void
cert_cache_init (strlist_t hkp_cacerts)
{
char *fname;
strlist_t sl;
if (initialization_done)
return;
init_cache_lock ();
acquire_cache_write_lock ();
load_certs_from_system ();
fname = make_filename_try (gnupg_sysconfdir (), "trusted-certs", NULL);
if (fname)
load_certs_from_dir (fname, CERTTRUST_CLASS_CONFIG);
xfree (fname);
fname = make_filename_try (gnupg_sysconfdir (), "extra-certs", NULL);
if (fname)
load_certs_from_dir (fname, 0);
xfree (fname);
/* Put the special pool certificate into our store. This is
* currently only used with ntbtls. For GnuTLS http_session_new
* unfortunately loads that certificate directly from the file. */
- fname = make_filename_try (gnupg_datadir (),
- "sks-keyservers.netCA.pem", NULL);
- if (fname)
- load_certs_from_file (fname, CERTTRUST_CLASS_HKPSPOOL, 1);
- xfree (fname);
+ /* Disabled for 2.3.2 because the service had to be shutdown. */
+ /* fname = make_filename_try (gnupg_datadir (), */
+ /* "sks-keyservers.netCA.pem", NULL); */
+ /* if (fname) */
+ /* load_certs_from_file (fname, CERTTRUST_CLASS_HKPSPOOL, 1); */
+ /* xfree (fname); */
for (sl = hkp_cacerts; sl; sl = sl->next)
load_certs_from_file (sl->d, CERTTRUST_CLASS_HKP, 0);
initialization_done = 1;
release_cache_lock ();
cert_cache_print_stats ();
}
/* Deinitialize the certificate cache. With FULL set to true even the
unused certificate slots are released. */
void
cert_cache_deinit (int full)
{
cert_item_t ci, ci2;
int i;
if (!initialization_done)
return;
acquire_cache_write_lock ();
for (i=0; i < 256; i++)
for (ci=cert_cache[i]; ci; ci = ci->next)
clean_cache_slot (ci);
if (full)
{
for (i=0; i < 256; i++)
{
for (ci=cert_cache[i]; ci; ci = ci2)
{
ci2 = ci->next;
xfree (ci);
}
cert_cache[i] = NULL;
}
}
http_register_cfg_ca (NULL);
total_nonperm_certificates = 0;
any_cert_of_class = 0;
initialization_done = 0;
release_cache_lock ();
}
/* Print some statistics to the log file. */
void
cert_cache_print_stats (void)
{
cert_item_t ci;
int idx;
unsigned int n_nonperm = 0;
unsigned int n_permanent = 0;
unsigned int n_trusted = 0;
unsigned int n_trustclass_system = 0;
unsigned int n_trustclass_config = 0;
unsigned int n_trustclass_hkp = 0;
unsigned int n_trustclass_hkpspool = 0;
acquire_cache_read_lock ();
for (idx = 0; idx < 256; idx++)
for (ci=cert_cache[idx]; ci; ci = ci->next)
if (ci->cert)
{
if (ci->permanent)
n_permanent++;
else
n_nonperm++;
if (ci->trustclasses)
{
n_trusted++;
if ((ci->trustclasses & CERTTRUST_CLASS_SYSTEM))
n_trustclass_system++;
if ((ci->trustclasses & CERTTRUST_CLASS_CONFIG))
n_trustclass_config++;
if ((ci->trustclasses & CERTTRUST_CLASS_HKP))
n_trustclass_hkp++;
if ((ci->trustclasses & CERTTRUST_CLASS_HKPSPOOL))
n_trustclass_hkpspool++;
}
}
release_cache_lock ();
log_info (_("permanently loaded certificates: %u\n"),
n_permanent);
log_info (_(" runtime cached certificates: %u\n"),
n_nonperm);
log_info (_(" trusted certificates: %u (%u,%u,%u,%u)\n"),
n_trusted,
n_trustclass_system,
n_trustclass_config,
n_trustclass_hkp,
n_trustclass_hkpspool);
}
/* Return true if any cert of a class in MASK is permanently
* loaded. */
int
cert_cache_any_in_class (unsigned int mask)
{
return !!(any_cert_of_class & mask);
}
/* Put CERT into the certificate cache. */
gpg_error_t
cache_cert (ksba_cert_t cert)
{
gpg_error_t err;
acquire_cache_write_lock ();
err = put_cert (cert, 0, 0, NULL);
release_cache_lock ();
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
log_info (_("certificate already cached\n"));
else if (!err)
log_info (_("certificate cached\n"));
else
log_error (_("error caching certificate: %s\n"), gpg_strerror (err));
return err;
}
/* Put CERT into the certificate cache and store the fingerprint of
the certificate into FPR_BUFFER. If the certificate is already in
the cache do not print a warning; just store the
fingerprint. FPR_BUFFER needs to be at least 20 bytes. */
gpg_error_t
cache_cert_silent (ksba_cert_t cert, void *fpr_buffer)
{
gpg_error_t err;
acquire_cache_write_lock ();
err = put_cert (cert, 0, 0, fpr_buffer);
release_cache_lock ();
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
err = 0;
if (err)
log_error (_("error caching certificate: %s\n"), gpg_strerror (err));
return err;
}
/* Return a certificate object for the given fingerprint. FPR is
expected to be a 20 byte binary SHA-1 fingerprint. If no matching
certificate is available in the cache NULL is returned. The caller
must release a returned certificate. Note that although we are
using reference counting the caller should not just compare the
pointers to check for identical certificates. */
ksba_cert_t
get_cert_byfpr (const unsigned char *fpr)
{
cert_item_t ci;
acquire_cache_read_lock ();
for (ci=cert_cache[*fpr]; ci; ci = ci->next)
if (ci->cert && !memcmp (ci->fpr, fpr, 20))
{
ksba_cert_ref (ci->cert);
release_cache_lock ();
return ci->cert;
}
release_cache_lock ();
return NULL;
}
/* Return a certificate object for the given fingerprint. STRING is
expected to be a SHA-1 fingerprint in standard hex notation with or
without colons. If no matching certificate is available in the
cache NULL is returned. The caller must release a returned
certificate. Note that although we are using reference counting
the caller should not just compare the pointers to check for
identical certificates. */
ksba_cert_t
get_cert_byhexfpr (const char *string)
{
unsigned char fpr[20];
const char *s;
int i;
if (strchr (string, ':'))
{
for (s=string,i=0; i < 20 && hexdigitp (s) && hexdigitp(s+1);)
{
if (s[2] && s[2] != ':')
break; /* Invalid string. */
fpr[i++] = xtoi_2 (s);
s += 2;
if (i!= 20 && *s == ':')
s++;
}
}
else
{
for (s=string,i=0; i < 20 && hexdigitp (s) && hexdigitp(s+1); s+=2 )
fpr[i++] = xtoi_2 (s);
}
if (i!=20 || *s)
{
log_error (_("invalid SHA1 fingerprint string '%s'\n"), string);
return NULL;
}
return get_cert_byfpr (fpr);
}
/* Return the certificate matching ISSUER_DN and SERIALNO. */
ksba_cert_t
get_cert_bysn (const char *issuer_dn, ksba_sexp_t serialno)
{
/* Simple and inefficient implementation. fixme! */
cert_item_t ci;
int i;
acquire_cache_read_lock ();
for (i=0; i < 256; i++)
{
for (ci=cert_cache[i]; ci; ci = ci->next)
if (ci->cert && !strcmp (ci->issuer_dn, issuer_dn)
&& !compare_serialno (ci->sn, serialno))
{
ksba_cert_ref (ci->cert);
release_cache_lock ();
return ci->cert;
}
}
release_cache_lock ();
return NULL;
}
/* Return the certificate matching ISSUER_DN. SEQ should initially be
set to 0 and bumped up to get the next issuer with that DN. */
ksba_cert_t
get_cert_byissuer (const char *issuer_dn, unsigned int seq)
{
/* Simple and very inefficient implementation and API. fixme! */
cert_item_t ci;
int i;
acquire_cache_read_lock ();
for (i=0; i < 256; i++)
{
for (ci=cert_cache[i]; ci; ci = ci->next)
if (ci->cert && !strcmp (ci->issuer_dn, issuer_dn))
if (!seq--)
{
ksba_cert_ref (ci->cert);
release_cache_lock ();
return ci->cert;
}
}
release_cache_lock ();
return NULL;
}
/* Return the certificate matching SUBJECT_DN. SEQ should initially be
set to 0 and bumped up to get the next subject with that DN. */
ksba_cert_t
get_cert_bysubject (const char *subject_dn, unsigned int seq)
{
/* Simple and very inefficient implementation and API. fixme! */
cert_item_t ci;
int i;
if (!subject_dn)
return NULL;
acquire_cache_read_lock ();
for (i=0; i < 256; i++)
{
for (ci=cert_cache[i]; ci; ci = ci->next)
if (ci->cert && ci->subject_dn
&& !strcmp (ci->subject_dn, subject_dn))
if (!seq--)
{
ksba_cert_ref (ci->cert);
release_cache_lock ();
return ci->cert;
}
}
release_cache_lock ();
return NULL;
}
/* Return a value describing the class of PATTERN. The offset of
the actual string to be used for the comparison is stored at
R_OFFSET. The offset of the serialnumer is stored at R_SN_OFFSET. */
static enum pattern_class
classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
{
enum pattern_class result;
const char *s;
int hexprefix = 0;
int hexlength;
*r_offset = *r_sn_offset = 0;
/* Skip leading spaces. */
for(s = pattern; *s && spacep (s); s++ )
;
switch (*s)
{
case 0: /* Empty string is an error. */
result = PATTERN_UNKNOWN;
break;
case '.': /* An email address, compare from end. */
result = PATTERN_UNKNOWN; /* Not implemented. */
break;
case '<': /* An email address. */
result = PATTERN_EMAIL;
s++;
break;
case '@': /* Part of an email address. */
result = PATTERN_EMAIL_SUBSTR;
s++;
break;
case '=': /* Exact compare. */
result = PATTERN_UNKNOWN; /* Does not make sense for X.509. */
break;
case '*': /* Case insensitive substring search. */
result = PATTERN_SUBSTR;
s++;
break;
case '+': /* Compare individual words. */
result = PATTERN_UNKNOWN; /* Not implemented. */
break;
case '/': /* Subject's DN. */
s++;
if (!*s || spacep (s))
result = PATTERN_UNKNOWN; /* No DN or prefixed with a space. */
else
result = PATTERN_SUBJECT;
break;
case '#': /* Serial number or issuer DN. */
{
const char *si;
s++;
if ( *s == '/')
{
/* An issuer's DN is indicated by "#/" */
s++;
if (!*s || spacep (s))
result = PATTERN_UNKNOWN; /* No DN or prefixed with a space. */
else
result = PATTERN_ISSUER;
}
else
{ /* Serialnumber + optional issuer ID. */
for (si=s; *si && *si != '/'; si++)
if (!strchr("01234567890abcdefABCDEF", *si))
break;
if (*si && *si != '/')
result = PATTERN_UNKNOWN; /* Invalid digit in serial number. */
else
{
*r_sn_offset = s - pattern;
if (!*si)
result = PATTERN_SERIALNO;
else
{
s = si+1;
if (!*s || spacep (s))
result = PATTERN_UNKNOWN; /* No DN or prefixed
with a space. */
else
result = PATTERN_SERIALNO_ISSUER;
}
}
}
}
break;
case ':': /* Unified fingerprint. */
{
const char *se, *si;
int i;
se = strchr (++s, ':');
if (!se)
result = PATTERN_UNKNOWN;
else
{
for (i=0, si=s; si < se; si++, i++ )
if (!strchr("01234567890abcdefABCDEF", *si))
break;
if ( si < se )
result = PATTERN_UNKNOWN; /* Invalid digit. */
else if (i == 32)
result = PATTERN_FINGERPRINT16;
else if (i == 40)
result = PATTERN_FINGERPRINT20;
else
result = PATTERN_UNKNOWN; /* Invalid length for a fingerprint. */
}
}
break;
case '&': /* Keygrip. */
result = PATTERN_UNKNOWN; /* Not implemented. */
break;
default:
if (s[0] == '0' && s[1] == 'x')
{
hexprefix = 1;
s += 2;
}
hexlength = strspn(s, "0123456789abcdefABCDEF");
/* Check if a hexadecimal number is terminated by EOS or blank. */
if (hexlength && s[hexlength] && !spacep (s+hexlength))
{
/* If the "0x" prefix is used a correct termination is required. */
if (hexprefix)
{
result = PATTERN_UNKNOWN;
break; /* switch */
}
hexlength = 0; /* Not a hex number. */
}
if (hexlength == 8 || (!hexprefix && hexlength == 9 && *s == '0'))
{
if (hexlength == 9)
s++;
result = PATTERN_SHORT_KEYID;
}
else if (hexlength == 16 || (!hexprefix && hexlength == 17 && *s == '0'))
{
if (hexlength == 17)
s++;
result = PATTERN_LONG_KEYID;
}
else if (hexlength == 32 || (!hexprefix && hexlength == 33 && *s == '0'))
{
if (hexlength == 33)
s++;
result = PATTERN_FINGERPRINT16;
}
else if (hexlength == 40 || (!hexprefix && hexlength == 41 && *s == '0'))
{
if (hexlength == 41)
s++;
result = PATTERN_FINGERPRINT20;
}
else if (!hexprefix)
{
/* The fingerprints used with X.509 are often delimited by
colons, so we try to single this case out. */
result = PATTERN_UNKNOWN;
hexlength = strspn (s, ":0123456789abcdefABCDEF");
if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
{
int i, c;
for (i=0; i < 20; i++, s += 3)
{
c = hextobyte(s);
if (c == -1 || (i < 19 && s[2] != ':'))
break;
}
if (i == 20)
result = PATTERN_FINGERPRINT20;
}
if (result == PATTERN_UNKNOWN) /* Default to substring match. */
{
result = PATTERN_SUBSTR;
}
}
else /* A hex number with a prefix but with a wrong length. */
result = PATTERN_UNKNOWN;
}
if (result != PATTERN_UNKNOWN)
*r_offset = s - pattern;
return result;
}
/* Given PATTERN, which is a string as used by GnuPG to specify a
certificate, return all matching certificates by calling the
supplied function RETFNC. */
gpg_error_t
get_certs_bypattern (const char *pattern,
gpg_error_t (*retfnc)(void*,ksba_cert_t),
void *retfnc_data)
{
gpg_error_t err = GPG_ERR_BUG;
enum pattern_class class;
size_t offset, sn_offset;
const char *hexserialno;
ksba_sexp_t serialno = NULL;
ksba_cert_t cert = NULL;
unsigned int seq;
if (!pattern || !retfnc)
return gpg_error (GPG_ERR_INV_ARG);
class = classify_pattern (pattern, &offset, &sn_offset);
hexserialno = pattern + sn_offset;
pattern += offset;
switch (class)
{
case PATTERN_UNKNOWN:
err = gpg_error (GPG_ERR_INV_NAME);
break;
case PATTERN_FINGERPRINT20:
cert = get_cert_byhexfpr (pattern);
err = cert? 0 : gpg_error (GPG_ERR_NOT_FOUND);
break;
case PATTERN_SERIALNO_ISSUER:
serialno = hexsn_to_sexp (hexserialno);
if (!serialno)
err = gpg_error_from_syserror ();
else
{
cert = get_cert_bysn (pattern, serialno);
err = cert? 0 : gpg_error (GPG_ERR_NOT_FOUND);
}
break;
case PATTERN_ISSUER:
for (seq=0,err=0; !err && (cert = get_cert_byissuer (pattern, seq)); seq++)
{
err = retfnc (retfnc_data, cert);
ksba_cert_release (cert);
cert = NULL;
}
if (!err && !seq)
err = gpg_error (GPG_ERR_NOT_FOUND);
break;
case PATTERN_SUBJECT:
for (seq=0,err=0; !err && (cert = get_cert_bysubject (pattern, seq));seq++)
{
err = retfnc (retfnc_data, cert);
ksba_cert_release (cert);
cert = NULL;
}
if (!err && !seq)
err = gpg_error (GPG_ERR_NOT_FOUND);
break;
case PATTERN_EMAIL:
case PATTERN_EMAIL_SUBSTR:
case PATTERN_FINGERPRINT16:
case PATTERN_SHORT_KEYID:
case PATTERN_LONG_KEYID:
case PATTERN_SUBSTR:
case PATTERN_SERIALNO:
/* Not supported. */
err = gpg_error (GPG_ERR_INV_NAME);
}
if (!err && cert)
err = retfnc (retfnc_data, cert);
ksba_cert_release (cert);
xfree (serialno);
return err;
}
/* Return the certificate matching ISSUER_DN and SERIALNO; if it is
* not already in the cache, try to find it from other resources. */
ksba_cert_t
find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
{
gpg_error_t err;
ksba_cert_t cert;
cert_fetch_context_t context = NULL;
char *hexsn, *buf;
/* First check whether it has already been cached. */
cert = get_cert_bysn (issuer_dn, serialno);
if (cert)
return cert;
/* Ask back to the service requester to return the certificate.
* This is because we can assume that he already used the
* certificate while checking for the CRL. */
hexsn = serial_hex (serialno);
if (!hexsn)
{
log_error ("serial_hex() failed\n");
return NULL;
}
buf = strconcat ("#", hexsn, "/", issuer_dn, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexsn);
return NULL;
}
xfree (hexsn);
cert = get_cert_local (ctrl, buf);
xfree (buf);
if (cert)
{
cache_cert (cert);
return cert; /* Done. */
}
if (DBG_LOOKUP)
log_debug ("find_cert_bysn: certificate not returned by caller"
" - doing lookup\n");
/* Retrieve the certificate from external resources. */
while (!cert)
{
ksba_sexp_t sn;
char *issdn;
if (!context)
{
err = ca_cert_fetch (ctrl, &context, issuer_dn);
if (err)
{
log_error (_("error fetching certificate by S/N: %s\n"),
gpg_strerror (err));
break;
}
}
err = fetch_next_ksba_cert (context, &cert);
if (err)
{
log_error (_("error fetching certificate by S/N: %s\n"),
gpg_strerror (err) );
break;
}
issdn = ksba_cert_get_issuer (cert, 0);
if (strcmp (issuer_dn, issdn))
{
log_debug ("find_cert_bysn: Ooops: issuer DN does not match\n");
ksba_cert_release (cert);
cert = NULL;
ksba_free (issdn);
break;
}
sn = ksba_cert_get_serial (cert);
if (DBG_LOOKUP)
{
log_debug (" considering certificate (#");
dump_serial (sn);
log_printf ("/");
dump_string (issdn);
log_printf (")\n");
}
if (!compare_serialno (serialno, sn))
{
ksba_free (sn);
ksba_free (issdn);
cache_cert (cert);
if (DBG_LOOKUP)
log_debug (" found\n");
break; /* Ready. */
}
ksba_free (sn);
ksba_free (issdn);
ksba_cert_release (cert);
cert = NULL;
}
end_cert_fetch (context);
return cert;
}
/* Return the certificate matching SUBJECT_DN and (if not NULL)
* KEYID. If it is not already in the cache, try to find it from other
* resources. Note, that the external search does not work for user
* certificates because the LDAP lookup is on the caCertificate
* attribute. For our purposes this is just fine. */
ksba_cert_t
find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
{
gpg_error_t err;
int seq;
ksba_cert_t cert = NULL;
cert_fetch_context_t context = NULL;
ksba_sexp_t subj;
/* If we have certificates from an OCSP request we first try to use
* them. This is because these certificates will really be the
* required ones and thus even in the case that they can't be
* uniquely located by the following code we can use them. This is
* for example required by Telesec certificates where a keyId is
* used but the issuer certificate comes without a subject keyId! */
if (ctrl->ocsp_certs && subject_dn)
{
cert_item_t ci;
cert_ref_t cr;
int i;
/* For efficiency reasons we won't use get_cert_bysubject here. */
acquire_cache_read_lock ();
for (i=0; i < 256; i++)
for (ci=cert_cache[i]; ci; ci = ci->next)
if (ci->cert && ci->subject_dn
&& !strcmp (ci->subject_dn, subject_dn))
for (cr=ctrl->ocsp_certs; cr; cr = cr->next)
if (!memcmp (ci->fpr, cr->fpr, 20))
{
ksba_cert_ref (ci->cert);
release_cache_lock ();
if (DBG_LOOKUP)
log_debug ("%s: certificate found in the cache"
" via ocsp_certs\n", __func__);
return ci->cert; /* We use this certificate. */
}
release_cache_lock ();
if (DBG_LOOKUP)
log_debug ("find_cert_bysubject: certificate not in ocsp_certs\n");
}
/* Now check whether the certificate is cached. */
for (seq=0; (cert = get_cert_bysubject (subject_dn, seq)); seq++)
{
if (!keyid)
break; /* No keyid requested, so return the first one found. */
if (!ksba_cert_get_subj_key_id (cert, NULL, &subj)
&& !cmp_simple_canon_sexp (keyid, subj))
{
xfree (subj);
if (DBG_LOOKUP)
log_debug ("%s: certificate found in the cache"
" via subject DN\n", __func__);
break; /* Found matching cert. */
}
xfree (subj);
ksba_cert_release (cert);
}
if (cert)
return cert; /* Done. */
/* If we do not have a subject DN but have a keyid, try to locate it
* by keyid. */
if (!subject_dn && keyid)
{
int i;
cert_item_t ci;
ksba_sexp_t ski;
acquire_cache_read_lock ();
for (i=0; i < 256; i++)
for (ci=cert_cache[i]; ci; ci = ci->next)
if (ci->cert && !ksba_cert_get_subj_key_id (ci->cert, NULL, &ski))
{
if (!cmp_simple_canon_sexp (keyid, ski))
{
ksba_free (ski);
ksba_cert_ref (ci->cert);
release_cache_lock ();
if (DBG_LOOKUP)
log_debug ("%s: certificate found in the cache"
" via ski\n", __func__);
return ci->cert;
}
ksba_free (ski);
}
release_cache_lock ();
}
if (DBG_LOOKUP)
log_debug ("find_cert_bysubject: certificate not in cache\n");
/* Ask back to the service requester to return the certificate.
* This is because we can assume that he already used the
* certificate while checking for the CRL. */
if (keyid)
cert = get_cert_local_ski (ctrl, subject_dn, keyid);
else
{
/* In contrast to get_cert_local_ski, get_cert_local uses any
* passed pattern, so we need to make sure that an exact subject
* search is done. */
char *buf;
buf = strconcat ("/", subject_dn, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
return NULL;
}
cert = get_cert_local (ctrl, buf);
xfree (buf);
}
if (cert)
{
cache_cert (cert);
return cert; /* Done. */
}
if (DBG_LOOKUP)
log_debug ("find_cert_bysubject: certificate not returned by caller"
" - doing lookup\n");
/* Locate the certificate using external resources. */
while (!cert)
{
char *subjdn;
if (!context)
{
err = ca_cert_fetch (ctrl, &context, subject_dn);
if (err)
{
log_error (_("error fetching certificate by subject: %s\n"),
gpg_strerror (err));
break;
}
}
err = fetch_next_ksba_cert (context, &cert);
if (err)
{
log_error (_("error fetching certificate by subject: %s\n"),
gpg_strerror (err) );
break;
}
subjdn = ksba_cert_get_subject (cert, 0);
if (strcmp (subject_dn, subjdn))
{
log_info ("find_cert_bysubject: subject DN does not match\n");
ksba_cert_release (cert);
cert = NULL;
ksba_free (subjdn);
continue;
}
if (DBG_LOOKUP)
{
log_debug (" considering certificate (/");
dump_string (subjdn);
log_printf (")\n");
}
ksba_free (subjdn);
/* If no key ID has been provided, we return the first match. */
if (!keyid)
{
cache_cert (cert);
if (DBG_LOOKUP)
log_debug (" found\n");
break; /* Ready. */
}
/* With the key ID given we need to compare it. */
if (!ksba_cert_get_subj_key_id (cert, NULL, &subj))
{
if (!cmp_simple_canon_sexp (keyid, subj))
{
ksba_free (subj);
cache_cert (cert);
if (DBG_LOOKUP)
log_debug (" found\n");
break; /* Ready. */
}
}
ksba_free (subj);
ksba_cert_release (cert);
cert = NULL;
}
end_cert_fetch (context);
return cert;
}
/* Return 0 if the certificate is a trusted certificate. Returns
* GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
* case of systems errors. TRUSTCLASSES are the bitwise ORed
* CERTTRUST_CLASS values to use for the check. */
gpg_error_t
is_trusted_cert (ksba_cert_t cert, unsigned int trustclasses)
{
unsigned char fpr[20];
cert_item_t ci;
cert_compute_fpr (cert, fpr);
acquire_cache_read_lock ();
for (ci=cert_cache[*fpr]; ci; ci = ci->next)
if (ci->cert && !memcmp (ci->fpr, fpr, 20))
{
if ((ci->trustclasses & trustclasses))
{
/* The certificate is trusted in one of the given
* TRUSTCLASSES. */
release_cache_lock ();
return 0; /* Yes, it is trusted. */
}
break;
}
release_cache_lock ();
return gpg_error (GPG_ERR_NOT_TRUSTED);
}
/* Given the certificate CERT locate the issuer for this certificate
* and return it at R_CERT. Returns 0 on success or
* GPG_ERR_NOT_FOUND. */
gpg_error_t
find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
{
gpg_error_t err;
char *issuer_dn;
ksba_cert_t issuer_cert = NULL;
ksba_name_t authid;
ksba_sexp_t authidno;
ksba_sexp_t keyid;
*r_cert = NULL;
issuer_dn = ksba_cert_get_issuer (cert, 0);
if (!issuer_dn)
{
log_error (_("no issuer found in certificate\n"));
err = gpg_error (GPG_ERR_BAD_CERT);
goto leave;
}
/* First we need to check whether we can return that certificate
using the authorithyKeyIdentifier. */
err = ksba_cert_get_auth_key_id (cert, &keyid, &authid, &authidno);
if (err)
{
log_info (_("error getting authorityKeyIdentifier: %s\n"),
gpg_strerror (err));
}
else
{
const char *s = ksba_name_enum (authid, 0);
if (s && *authidno)
{
issuer_cert = find_cert_bysn (ctrl, s, authidno);
}
if (!issuer_cert && keyid)
{
/* Not found by issuer+s/n. Now that we have an AKI
* keyIdentifier look for a certificate with a matching
* SKI. */
issuer_cert = find_cert_bysubject (ctrl, issuer_dn, keyid);
}
/* Print a note so that the user does not feel too helpless when
* an issuer certificate was found and gpgsm prints BAD
* signature because it is not the correct one. */
if (!issuer_cert)
{
log_info ("issuer certificate ");
if (keyid)
{
log_printf ("{");
dump_serial (keyid);
log_printf ("} ");
}
if (authidno)
{
log_printf ("(#");
dump_serial (authidno);
log_printf ("/");
dump_string (s);
log_printf (") ");
}
log_printf ("not found using authorityKeyIdentifier\n");
}
ksba_name_release (authid);
xfree (authidno);
xfree (keyid);
}
/* If this did not work, try just with the issuer's name and assume
* that there is only one such certificate. We only look into our
* cache then. */
if (err || !issuer_cert)
{
issuer_cert = get_cert_bysubject (issuer_dn, 0);
if (issuer_cert)
err = 0;
}
leave:
if (!err && !issuer_cert)
err = gpg_error (GPG_ERR_NOT_FOUND);
xfree (issuer_dn);
if (err)
ksba_cert_release (issuer_cert);
else
*r_cert = issuer_cert;
return err;
}
/* Read a list of certificates in PEM format from stream FP and store
* them on success at R_CERTLIST. On error NULL is stored at R_CERT
* list and an error code returned. Note that even on success an
* empty list of certificates can be returned (i.e. NULL stored at
* R_CERTLIST) iff the input stream has no certificates. */
gpg_error_t
read_certlist_from_stream (certlist_t *r_certlist, estream_t fp)
{
gpg_error_t err;
gnupg_ksba_io_t ioctx = NULL;
ksba_reader_t reader;
ksba_cert_t cert = NULL;
certlist_t certlist = NULL;
certlist_t cl, *cltail;
*r_certlist = NULL;
err = gnupg_ksba_create_reader (&ioctx,
(GNUPG_KSBA_IO_PEM | GNUPG_KSBA_IO_MULTIPEM),
fp, &reader);
if (err)
goto leave;
/* Loop to read all certificates from the stream. */
cltail = &certlist;
do
{
ksba_cert_release (cert);
cert = NULL;
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_read_der (cert, reader);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_EOF)
err = 0;
goto leave;
}
/* Append the certificate to the list. We also store the
* fingerprint and check whether we have a cached certificate;
* in that case the cached certificate is put into the list to
* take advantage of a validation result which might be stored
* in the cached certificate. */
cl = xtrycalloc (1, sizeof *cl);
if (!cl)
{
err = gpg_error_from_syserror ();
goto leave;
}
cert_compute_fpr (cert, cl->fpr);
cl->cert = get_cert_byfpr (cl->fpr);
if (!cl->cert)
{
cl->cert = cert;
cert = NULL;
}
*cltail = cl;
cltail = &cl->next;
ksba_reader_clear (reader, NULL, NULL);
}
while (!gnupg_ksba_reader_eof_seen (ioctx));
leave:
ksba_cert_release (cert);
gnupg_ksba_destroy_reader (ioctx);
if (err)
release_certlist (certlist);
else
*r_certlist = certlist;
return err;
}
/* Release the certificate list CL. */
void
release_certlist (certlist_t cl)
{
while (cl)
{
certlist_t next = cl->next;
ksba_cert_release (cl->cert);
cl = next;
}
}
diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c
index ae5cf5519..2191acb60 100644
--- a/dirmngr/http-ntbtls.c
+++ b/dirmngr/http-ntbtls.c
@@ -1,134 +1,136 @@
/* http-ntbtls.c - Support for using NTBTLS with http.c
* Copyright (C) 2017 Werner Koch
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#include
#include
#include
#include
#include "dirmngr.h"
#include "certcache.h"
#include "validate.h"
#include "http-common.h"
#ifdef HTTP_USE_NTBTLS
# include
/* The callback used to verify the peer's certificate. */
gpg_error_t
gnupg_http_tls_verify_cb (void *opaque,
http_t http,
http_session_t session,
unsigned int http_flags,
void *tls_context)
{
ctrl_t ctrl = opaque;
ntbtls_t tls = tls_context;
gpg_error_t err;
int idx;
ksba_cert_t cert;
ksba_cert_t hostcert = NULL;
unsigned int validate_flags;
- const char *hostname;
+ /* const char *hostname; */
(void)http;
(void)session;
log_assert (ctrl && ctrl->magic == SERVER_CONTROL_MAGIC);
log_assert (!ntbtls_check_context (tls));
/* Get the peer's certs from ntbtls. */
for (idx = 0;
(cert = ntbtls_x509_get_peer_cert (tls, idx)); idx++)
{
if (!idx)
hostcert = cert;
else
{
/* Quick hack to make verification work by inserting the supplied
* certs into the cache. FIXME! */
cache_cert (cert);
ksba_cert_release (cert);
}
}
if (!idx)
{
err = gpg_error (GPG_ERR_MISSING_CERT);
goto leave;
}
validate_flags = VALIDATE_FLAG_TLS;
/* If we are using the standard hkps:// pool use the dedicated root
* certificate. Note that this differes from the GnuTLS
* implementation which uses this special certificate only if no
* other certificates are configured. */
- hostname = ntbtls_get_hostname (tls);
- if (hostname
- && !ascii_strcasecmp (hostname, get_default_keyserver (1)))
- {
- validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL;
- }
- else /* Use the certificates as requested from the HTTP module. */
+ /* Disabled for 2.3.2 to due problems with the standard hkps pool. */
+ /* hostname = ntbtls_get_hostname (tls); */
+ /* if (hostname */
+ /* && !ascii_strcasecmp (hostname, get_default_keyserver (1))) */
+ /* { */
+ /* validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL; */
+ /* } */
+ /* else */
{
+ /* Use the certificates as requested from the HTTP module. */
if ((http_flags & HTTP_FLAG_TRUST_CFG))
validate_flags |= VALIDATE_FLAG_TRUST_CONFIG;
if ((http_flags & HTTP_FLAG_TRUST_DEF))
validate_flags |= VALIDATE_FLAG_TRUST_HKP;
if ((http_flags & HTTP_FLAG_TRUST_SYS))
validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
/* If HKP trust is requested and there are no HKP certificates
* configured, also try the standard system certificates. */
if ((validate_flags & VALIDATE_FLAG_TRUST_HKP)
&& !cert_cache_any_in_class (CERTTRUST_CLASS_HKP))
validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
}
if ((http_flags & HTTP_FLAG_NO_CRL))
validate_flags |= VALIDATE_FLAG_NOCRLCHECK;
err = validate_cert_chain (ctrl, hostcert, NULL, validate_flags, NULL);
leave:
ksba_cert_release (hostcert);
return err;
}
#else /*!HTTP_USE_NTBTLS*/
/* Dummy function used when not build without ntbtls support. */
gpg_error_t
gnupg_http_tls_verify_cb (void *opaque,
http_t http,
http_session_t session,
unsigned int flags,
void *tls_context)
{
(void)opaque;
(void)http;
(void)session;
(void)flags;
(void)tls_context;
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
#endif /*!HTTP_USE_NTBTLS*/
diff --git a/dirmngr/http.c b/dirmngr/http.c
index dc1873448..73606c01c 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -1,3798 +1,3801 @@
/* http.c - HTTP protocol handler
* Copyright (C) 1999, 2001-2004, 2006, 2009, 2010,
* 2011 Free Software Foundation, Inc.
* Copyright (C) 1999, 2001-2004, 2006, 2009, 2010, 2011, 2014 Werner Koch
* Copyright (C) 2015-2017, 2021 g10 Code GmbH
*
* This file is part of GnuPG.
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
/* Simple HTTP client implementation. We try to keep the code as
self-contained as possible. There are some constraints however:
- estream is required. We now require estream because it provides a
very useful and portable asprintf implementation and the fopencookie
function.
- stpcpy is required
- fixme: list other requirements.
- Either HTTP_USE_NTBTLS or HTTP_USE_GNUTLS must be defined to select
which TLS library to use.
- With HTTP_NO_WSASTARTUP the socket initialization is not done
under Windows. This is useful if the socket layer has already
been initialized elsewhere. This also avoids the installation of
an exit handler to cleanup the socket layer.
*/
#ifdef HAVE_CONFIG_H
# include
#endif
#include
#include
#include
#include
#include
#include
#include
#ifdef HAVE_W32_SYSTEM
# ifdef HAVE_WINSOCK2_H
# include
# endif
# include
#else /*!HAVE_W32_SYSTEM*/
# include
# include
# include
# include
# include
# include
# include
# include
#endif /*!HAVE_W32_SYSTEM*/
#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */
# undef USE_NPTH
#endif
#ifdef USE_NPTH
# include
#endif
#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_NTBTLS)
# error Both, HTTP_USE_GNUTLS and HTTP_USE_NTBTLS, are defined.
#endif
#ifdef HTTP_USE_NTBTLS
# include
#elif HTTP_USE_GNUTLS
# include
# include
#endif /*HTTP_USE_GNUTLS*/
#include /* We need the socket wrapper. */
#include "../common/util.h"
#include "../common/i18n.h"
#include "../common/sysutils.h" /* (gnupg_fd_t) */
#include "dns-stuff.h"
#include "dirmngr-status.h" /* (dirmngr_status_printf) */
#include "http.h"
#include "http-common.h"
#ifdef USE_NPTH
# define my_select(a,b,c,d,e) npth_select ((a), (b), (c), (d), (e))
# define my_accept(a,b,c) npth_accept ((a), (b), (c))
#else
# define my_select(a,b,c,d,e) select ((a), (b), (c), (d), (e))
# define my_accept(a,b,c) accept ((a), (b), (c))
#endif
#ifdef HAVE_W32_SYSTEM
#define sock_close(a) closesocket(a)
#else
#define sock_close(a) close(a)
#endif
#ifndef EAGAIN
#define EAGAIN EWOULDBLOCK
#endif
#ifndef INADDR_NONE /* Slowaris is missing that. */
#define INADDR_NONE ((unsigned long)(-1))
#endif /*INADDR_NONE*/
#define HTTP_PROXY_ENV "http_proxy"
#define MAX_LINELEN 20000 /* Max. length of a HTTP header line. */
#define VALID_URI_CHARS "abcdefghijklmnopqrstuvwxyz" \
"ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
"01234567890@" \
"!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~"
#if HTTP_USE_NTBTLS
typedef ntbtls_t tls_session_t;
#elif HTTP_USE_GNUTLS
typedef gnutls_session_t tls_session_t;
#else
# error building without TLS is not supported
#endif
static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
int no_scheme_check, int force_tls);
static gpg_error_t parse_uri (parsed_uri_t *ret_uri, const char *uri,
int no_scheme_check, int force_tls);
static int remove_escapes (char *string);
static int insert_escapes (char *buffer, const char *string,
const char *special);
static uri_tuple_t parse_tuple (char *string);
static gpg_error_t send_request (ctrl_t ctrl, http_t hd, const char *httphost,
const char *auth,const char *proxy,
const char *srvtag, unsigned int timeout,
strlist_t headers);
static char *build_rel_path (parsed_uri_t uri);
static gpg_error_t parse_response (http_t hd);
static gpg_error_t connect_server (ctrl_t ctrl,
const char *server, unsigned short port,
unsigned int flags, const char *srvtag,
unsigned int timeout, assuan_fd_t *r_sock);
static gpgrt_ssize_t read_server (assuan_fd_t sock, void *buffer, size_t size);
static gpg_error_t write_server (assuan_fd_t sock, const char *data, size_t length);
static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size);
static gpgrt_ssize_t cookie_write (void *cookie,
const void *buffer, size_t size);
static int cookie_close (void *cookie);
#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
static gpgrt_ssize_t simple_cookie_read (void *cookie,
void *buffer, size_t size);
static gpgrt_ssize_t simple_cookie_write (void *cookie,
const void *buffer, size_t size);
#endif
/* A socket object used to a allow ref counting of sockets. */
struct my_socket_s
{
assuan_fd_t fd; /* The actual socket - shall never be ASSUAN_INVALID_FD. */
int refcount; /* Number of references to this socket. */
};
typedef struct my_socket_s *my_socket_t;
/* Cookie function structure and cookie object. */
static es_cookie_io_functions_t cookie_functions =
{
cookie_read,
cookie_write,
NULL,
cookie_close
};
struct cookie_s
{
/* Socket object or NULL if already closed. */
my_socket_t sock;
/* The session object or NULL if not used. */
http_session_t session;
/* True if TLS is to be used. */
int use_tls;
/* The remaining content length and a flag telling whether to use
the content length. */
uint64_t content_length;
unsigned int content_length_valid:1;
};
typedef struct cookie_s *cookie_t;
/* Simple cookie functions. Here the cookie is an int with the
* socket. */
#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
static es_cookie_io_functions_t simple_cookie_functions =
{
simple_cookie_read,
simple_cookie_write,
NULL,
NULL
};
#endif
#if SIZEOF_UNSIGNED_LONG == 8
# define HTTP_SESSION_MAGIC 0x0068545470534553 /* "hTTpSES" */
#else
# define HTTP_SESSION_MAGIC 0x68547365 /* "hTse" */
#endif
/* The session object. */
struct http_session_s
{
unsigned long magic;
int refcount; /* Number of references to this object. */
tls_session_t tls_session;
struct {
int done; /* Verifciation has been done. */
int rc; /* TLS verification return code. */
unsigned int status; /* Verification status. */
} verify;
char *servername; /* Malloced server name. */
/* A callback function to log details of TLS certifciates. */
void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
const void **, size_t *);
/* The flags passed to the session object. */
unsigned int flags;
/* A per-session TLS verification callback. */
http_verify_cb_t verify_cb;
void *verify_cb_value;
/* The connect timeout */
unsigned int connect_timeout;
#ifdef HTTP_USE_GNUTLS
gnutls_certificate_credentials_t certcred;
#endif /*HTTP_USE_GNUTLS*/
};
/* An object to save header lines. */
struct header_s
{
struct header_s *next;
char *value; /* The value of the header (malloced). */
char name[1]; /* The name of the header (canonicalized). */
};
typedef struct header_s *header_t;
#if SIZEOF_UNSIGNED_LONG == 8
# define HTTP_CONTEXT_MAGIC 0x0068545470435458 /* "hTTpCTX" */
#else
# define HTTP_CONTEXT_MAGIC 0x68546378 /* "hTcx" */
#endif
/* Our handle context. */
struct http_context_s
{
unsigned long magic;
unsigned int status_code;
my_socket_t sock;
unsigned int in_data:1;
unsigned int is_http_0_9:1;
estream_t fp_read;
estream_t fp_write;
void *write_cookie;
void *read_cookie;
http_session_t session;
parsed_uri_t uri;
http_req_t req_type;
char *buffer; /* Line buffer. */
size_t buffer_size;
unsigned int flags;
header_t headers; /* Received headers. */
};
/* Two flags to enable verbose and debug mode. Although currently not
* set-able a value > 1 for OPT_DEBUG enables debugging of the session
* reference counting. */
static int opt_verbose;
static int opt_debug;
/* The global callback for the verification function. */
static gpg_error_t (*tls_callback) (http_t, http_session_t, int);
/* The list of files with trusted CA certificates. */
static strlist_t tls_ca_certlist;
/* The list of files with extra trusted CA certificates. */
static strlist_t cfg_ca_certlist;
/* The global callback for net activity. */
static void (*netactivity_cb)(void);
#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
#if GNUPG_MAJOR_VERSION == 1
#define REQ_WINSOCK_MAJOR 1
#define REQ_WINSOCK_MINOR 1
#else
#define REQ_WINSOCK_MAJOR 2
#define REQ_WINSOCK_MINOR 2
#endif
static void
deinit_sockets (void)
{
WSACleanup();
}
static void
init_sockets (void)
{
static int initialized;
static WSADATA wsdata;
if (initialized)
return;
if ( WSAStartup( MAKEWORD (REQ_WINSOCK_MINOR, REQ_WINSOCK_MAJOR), &wsdata ) )
{
log_error ("error initializing socket library: ec=%d\n",
(int)WSAGetLastError () );
return;
}
if ( LOBYTE(wsdata.wVersion) != REQ_WINSOCK_MAJOR
|| HIBYTE(wsdata.wVersion) != REQ_WINSOCK_MINOR )
{
log_error ("socket library version is %x.%x - but %d.%d needed\n",
LOBYTE(wsdata.wVersion), HIBYTE(wsdata.wVersion),
REQ_WINSOCK_MAJOR, REQ_WINSOCK_MINOR);
WSACleanup();
return;
}
atexit ( deinit_sockets );
initialized = 1;
}
#endif /*HAVE_W32_SYSTEM && !HTTP_NO_WSASTARTUP*/
/* Create a new socket object. Returns NULL and closes FD if not
enough memory is available. */
static my_socket_t
_my_socket_new (int lnr, assuan_fd_t fd)
{
my_socket_t so;
so = xtrymalloc (sizeof *so);
if (!so)
{
int save_errno = errno;
assuan_sock_close (fd);
gpg_err_set_errno (save_errno);
return NULL;
}
so->fd = fd;
so->refcount = 1;
if (opt_debug)
log_debug ("http.c:%d:socket_new: object %p for fd %d created\n",
lnr, so, (int)so->fd);
return so;
}
#define my_socket_new(a) _my_socket_new (__LINE__, (a))
/* Bump up the reference counter for the socket object SO. */
static my_socket_t
_my_socket_ref (int lnr, my_socket_t so)
{
so->refcount++;
if (opt_debug > 1)
log_debug ("http.c:%d:socket_ref: object %p for fd %d refcount now %d\n",
lnr, so, (int)so->fd, so->refcount);
return so;
}
#define my_socket_ref(a) _my_socket_ref (__LINE__,(a))
/* Bump down the reference counter for the socket object SO. If SO
has no more references, close the socket and release the
object. */
static void
_my_socket_unref (int lnr, my_socket_t so,
void (*preclose)(void*), void *preclosearg)
{
if (so)
{
so->refcount--;
if (opt_debug > 1)
log_debug ("http.c:%d:socket_unref: object %p for fd %d ref now %d\n",
lnr, so, (int)so->fd, so->refcount);
if (!so->refcount)
{
if (preclose)
preclose (preclosearg);
assuan_sock_close (so->fd);
xfree (so);
}
}
}
#define my_socket_unref(a,b,c) _my_socket_unref (__LINE__,(a),(b),(c))
#ifdef HTTP_USE_GNUTLS
static ssize_t
my_gnutls_read (gnutls_transport_ptr_t ptr, void *buffer, size_t size)
{
my_socket_t sock = ptr;
#if USE_NPTH
return npth_read (sock->fd, buffer, size);
#else
return read (sock->fd, buffer, size);
#endif
}
static ssize_t
my_gnutls_write (gnutls_transport_ptr_t ptr, const void *buffer, size_t size)
{
my_socket_t sock = ptr;
#if USE_NPTH
return npth_write (sock->fd, buffer, size);
#else
return write (sock->fd, buffer, size);
#endif
}
#endif /*HTTP_USE_GNUTLS*/
#ifdef HTTP_USE_NTBTLS
/* Connect the ntbls callback to our generic callback. */
static gpg_error_t
my_ntbtls_verify_cb (void *opaque, ntbtls_t tls, unsigned int verify_flags)
{
http_t hd = opaque;
(void)verify_flags;
log_assert (hd && hd->session && hd->session->verify_cb);
log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
log_assert (hd->session->magic == HTTP_SESSION_MAGIC);
return hd->session->verify_cb (hd->session->verify_cb_value,
hd, hd->session,
(hd->flags | hd->session->flags),
tls);
}
#endif /*HTTP_USE_NTBTLS*/
/* This notification function is called by estream whenever stream is
closed. Its purpose is to mark the closing in the handle so
that a http_close won't accidentally close the estream. The function
http_close removes this notification so that it won't be called if
http_close was used before an es_fclose. */
static void
fp_onclose_notification (estream_t stream, void *opaque)
{
http_t hd = opaque;
log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
if (hd->fp_read && hd->fp_read == stream)
hd->fp_read = NULL;
else if (hd->fp_write && hd->fp_write == stream)
hd->fp_write = NULL;
}
/*
* Helper function to create an HTTP header with hex encoded data. A
* new buffer is returned. This buffer is the concatenation of the
* string PREFIX, the hex-encoded DATA of length LEN and the string
* SUFFIX. On error NULL is returned and ERRNO set.
*/
static char *
make_header_line (const char *prefix, const char *suffix,
const void *data, size_t len )
{
static unsigned char bintoasc[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
const unsigned char *s = data;
char *buffer, *p;
buffer = xtrymalloc (strlen (prefix) + (len+2)/3*4 + strlen (suffix) + 1);
if (!buffer)
return NULL;
p = stpcpy (buffer, prefix);
for ( ; len >= 3 ; len -= 3, s += 3 )
{
*p++ = bintoasc[(s[0] >> 2) & 077];
*p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
*p++ = bintoasc[(((s[1]<<2)&074)|((s[2]>>6)&03))&077];
*p++ = bintoasc[s[2]&077];
*p = 0;
}
if ( len == 2 )
{
*p++ = bintoasc[(s[0] >> 2) & 077];
*p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
*p++ = bintoasc[((s[1]<<2)&074)];
*p++ = '=';
}
else if ( len == 1 )
{
*p++ = bintoasc[(s[0] >> 2) & 077];
*p++ = bintoasc[(s[0] <<4)&060];
*p++ = '=';
*p++ = '=';
}
*p = 0;
strcpy (p, suffix);
return buffer;
}
/* Set verbosity and debug mode for this module. */
void
http_set_verbose (int verbose, int debug)
{
opt_verbose = verbose;
opt_debug = debug;
}
/* Register a non-standard global TLS callback function. If no
verification is desired a callback needs to be registered which
always returns NULL. */
void
http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int))
{
tls_callback = cb;
}
/* Register a CA certificate for future use. The certificate is
expected to be in FNAME. PEM format is assume if FNAME has a
suffix of ".pem". If FNAME is NULL the list of CA files is
removed. */
void
http_register_tls_ca (const char *fname)
{
gpg_err_code_t ec;
strlist_t sl;
if (!fname)
{
free_strlist (tls_ca_certlist);
tls_ca_certlist = NULL;
}
else
{
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
if ((ec = gnupg_access (fname, F_OK)))
log_info (_("can't access '%s': %s\n"), fname, gpg_strerror (ec));
sl = add_to_strlist (&tls_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
}
}
/* Register a CA certificate for future use. The certificate is
* expected to be in FNAME. PEM format is assume if FNAME has a
* suffix of ".pem". If FNAME is NULL the list of CA files is
* removed. This is a variant of http_register_tls_ca which puts the
* certificate into a separate list enabled using HTTP_FLAG_TRUST_CFG. */
void
http_register_cfg_ca (const char *fname)
{
gpg_err_code_t ec;
strlist_t sl;
if (!fname)
{
free_strlist (cfg_ca_certlist);
cfg_ca_certlist = NULL;
}
else
{
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
if ((ec = gnupg_access (fname, F_OK)))
log_info (_("can't access '%s': %s\n"), fname, gpg_strerror (ec));
sl = add_to_strlist (&cfg_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
}
}
/* Register a callback which is called every time the HTTP mode has
* made a successful connection to some server. */
void
http_register_netactivity_cb (void (*cb)(void))
{
netactivity_cb = cb;
}
/* Call the netactivity callback if any. */
static void
notify_netactivity (void)
{
if (netactivity_cb)
netactivity_cb ();
}
/* Free the TLS session associated with SESS, if any. */
static void
close_tls_session (http_session_t sess)
{
if (sess->tls_session)
{
#if HTTP_USE_NTBTLS
/* FIXME!!
Possibly, ntbtls_get_transport and close those streams.
Somehow get SOCK to call my_socket_unref.
*/
ntbtls_release (sess->tls_session);
#elif HTTP_USE_GNUTLS
my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session);
my_socket_unref (sock, NULL, NULL);
gnutls_deinit (sess->tls_session);
if (sess->certcred)
gnutls_certificate_free_credentials (sess->certcred);
#endif /*HTTP_USE_GNUTLS*/
xfree (sess->servername);
sess->tls_session = NULL;
}
}
/* Release a session. Take care not to release it while it is being
used by a http context object. */
static void
session_unref (int lnr, http_session_t sess)
{
if (!sess)
return;
log_assert (sess->magic == HTTP_SESSION_MAGIC);
sess->refcount--;
if (opt_debug > 1)
log_debug ("http.c:%d:session_unref: sess %p ref now %d\n",
lnr, sess, sess->refcount);
if (sess->refcount)
return;
close_tls_session (sess);
sess->magic = 0xdeadbeef;
xfree (sess);
}
#define http_session_unref(a) session_unref (__LINE__, (a))
void
http_session_release (http_session_t sess)
{
http_session_unref (sess);
}
/* Create a new session object which is currently used to enable TLS
* support. It may eventually allow reusing existing connections.
* Valid values for FLAGS are:
* HTTP_FLAG_TRUST_DEF - Use the CAs set with http_register_tls_ca
* HTTP_FLAG_TRUST_SYS - Also use the CAs defined by the system
* HTTP_FLAG_TRUST_CFG - Also use CAs set with http_register_cfg_ca
* HTTP_FLAG_NO_CRL - Do not consult CRLs for https.
*/
gpg_error_t
http_session_new (http_session_t *r_session,
const char *intended_hostname, unsigned int flags,
http_verify_cb_t verify_cb, void *verify_cb_value)
{
gpg_error_t err;
http_session_t sess;
*r_session = NULL;
sess = xtrycalloc (1, sizeof *sess);
if (!sess)
return gpg_error_from_syserror ();
sess->magic = HTTP_SESSION_MAGIC;
sess->refcount = 1;
sess->flags = flags;
sess->verify_cb = verify_cb;
sess->verify_cb_value = verify_cb_value;
sess->connect_timeout = 0;
#if HTTP_USE_NTBTLS
{
(void)intended_hostname; /* Not needed because we do not preload
* certificates. */
err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
if (err)
{
log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
goto leave;
}
}
#elif HTTP_USE_GNUTLS
{
const char *errpos;
int rc;
strlist_t sl;
int add_system_cas = !!(flags & HTTP_FLAG_TRUST_SYS);
int is_hkps_pool;
rc = gnutls_certificate_allocate_credentials (&sess->certcred);
if (rc < 0)
{
log_error ("gnutls_certificate_allocate_credentials failed: %s\n",
gnutls_strerror (rc));
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
- is_hkps_pool = (intended_hostname
- && !ascii_strcasecmp (intended_hostname,
- get_default_keyserver (1)));
+ /* Disabled for 2.3.2 to due problems with the standard hkps pool. */
+ /* is_hkps_pool = (intended_hostname */
+ /* && !ascii_strcasecmp (intended_hostname, */
+ /* get_default_keyserver (1))); */
+ is_hkps_pool = 0;
/* If we are looking for the hkps pool from sks-keyservers.net,
* then forcefully use its dedicated certificate authority. */
- if (is_hkps_pool)
- {
- char *pemname = make_filename_try (gnupg_datadir (),
- "sks-keyservers.netCA.pem", NULL);
- if (!pemname)
- {
- err = gpg_error_from_syserror ();
- log_error ("setting CA from file '%s' failed: %s\n",
- pemname, gpg_strerror (err));
- }
- else
- {
- rc = gnutls_certificate_set_x509_trust_file
- (sess->certcred, pemname, GNUTLS_X509_FMT_PEM);
- if (rc < 0)
- log_info ("setting CA from file '%s' failed: %s\n",
- pemname, gnutls_strerror (rc));
- xfree (pemname);
- }
-
- if (is_hkps_pool)
- add_system_cas = 0;
- }
+ /* Disabled for 2.3.2 because the service had to be shutdown. */
+ /* if (is_hkps_pool) */
+ /* { */
+ /* char *pemname = make_filename_try (gnupg_datadir (), */
+ /* "sks-keyservers.netCA.pem", NULL); */
+ /* if (!pemname) */
+ /* { */
+ /* err = gpg_error_from_syserror (); */
+ /* log_error ("setting CA from file '%s' failed: %s\n", */
+ /* pemname, gpg_strerror (err)); */
+ /* } */
+ /* else */
+ /* { */
+ /* rc = gnutls_certificate_set_x509_trust_file */
+ /* (sess->certcred, pemname, GNUTLS_X509_FMT_PEM); */
+ /* if (rc < 0) */
+ /* log_info ("setting CA from file '%s' failed: %s\n", */
+ /* pemname, gnutls_strerror (rc)); */
+ /* xfree (pemname); */
+ /* } */
+ /* */
+ /* if (is_hkps_pool) */
+ /* add_system_cas = 0; */
+ /* } */
/* Add configured certificates to the session. */
if ((flags & HTTP_FLAG_TRUST_DEF) && !is_hkps_pool)
{
for (sl = tls_ca_certlist; sl; sl = sl->next)
{
rc = gnutls_certificate_set_x509_trust_file
(sess->certcred, sl->d,
(sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
if (rc < 0)
log_info ("setting CA from file '%s' failed: %s\n",
sl->d, gnutls_strerror (rc));
}
/* If HKP trust is requested and there are no HKP certificates
* configured, also try the standard system certificates. */
if (!tls_ca_certlist)
add_system_cas = 1;
}
/* Add system certificates to the session. */
if (add_system_cas)
{
#if GNUTLS_VERSION_NUMBER >= 0x030014
static int shown;
rc = gnutls_certificate_set_x509_system_trust (sess->certcred);
if (rc < 0)
log_info ("setting system CAs failed: %s\n", gnutls_strerror (rc));
else if (!shown)
{
shown = 1;
log_info ("number of system provided CAs: %d\n", rc);
}
#endif /* gnutls >= 3.0.20 */
}
/* Add other configured certificates to the session. */
if ((flags & HTTP_FLAG_TRUST_CFG) && !is_hkps_pool)
{
for (sl = cfg_ca_certlist; sl; sl = sl->next)
{
rc = gnutls_certificate_set_x509_trust_file
(sess->certcred, sl->d,
(sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
if (rc < 0)
log_info ("setting extra CA from file '%s' failed: %s\n",
sl->d, gnutls_strerror (rc));
}
}
rc = gnutls_init (&sess->tls_session, GNUTLS_CLIENT);
if (rc < 0)
{
log_error ("gnutls_init failed: %s\n", gnutls_strerror (rc));
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
/* A new session has the transport ptr set to (void*(-1), we need
it to be NULL. */
gnutls_transport_set_ptr (sess->tls_session, NULL);
rc = gnutls_priority_set_direct (sess->tls_session,
"NORMAL",
&errpos);
if (rc < 0)
{
log_error ("gnutls_priority_set_direct failed at '%s': %s\n",
errpos, gnutls_strerror (rc));
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
rc = gnutls_credentials_set (sess->tls_session,
GNUTLS_CRD_CERTIFICATE, sess->certcred);
if (rc < 0)
{
log_error ("gnutls_credentials_set failed: %s\n", gnutls_strerror (rc));
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
}
#else /*!HTTP_USE_GNUTLS && !HTTP_USE_NTBTLS*/
{
(void)intended_hostname;
(void)flags;
}
#endif /*!HTTP_USE_GNUTLS && !HTTP_USE_NTBTLS*/
if (opt_debug > 1)
log_debug ("http.c:session_new: sess %p created\n", sess);
err = 0;
leave:
if (err)
http_session_unref (sess);
else
*r_session = sess;
return err;
}
/* Increment the reference count for session SESS. Passing NULL for
SESS is allowed. */
http_session_t
http_session_ref (http_session_t sess)
{
if (sess)
{
sess->refcount++;
if (opt_debug > 1)
log_debug ("http.c:session_ref: sess %p ref now %d\n",
sess, sess->refcount);
}
return sess;
}
void
http_session_set_log_cb (http_session_t sess,
void (*cb)(http_session_t, gpg_error_t,
const char *hostname,
const void **certs, size_t *certlens))
{
sess->cert_log_cb = cb;
}
/* Set the TIMEOUT in milliseconds for the connection's connect
* calls. Using 0 disables the timeout. */
void
http_session_set_timeout (http_session_t sess, unsigned int timeout)
{
sess->connect_timeout = timeout;
}
/* Start a HTTP retrieval and on success store at R_HD a context
pointer for completing the request and to wait for the response.
If HTTPHOST is not NULL it is used for the Host header instead of a
Host header derived from the URL. */
gpg_error_t
http_open (ctrl_t ctrl, http_t *r_hd, http_req_t reqtype, const char *url,
const char *httphost,
const char *auth, unsigned int flags, const char *proxy,
http_session_t session, const char *srvtag, strlist_t headers)
{
gpg_error_t err;
http_t hd;
*r_hd = NULL;
if (!(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST))
return gpg_err_make (default_errsource, GPG_ERR_INV_ARG);
/* Create the handle. */
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
return gpg_error_from_syserror ();
hd->magic = HTTP_CONTEXT_MAGIC;
hd->req_type = reqtype;
hd->flags = flags;
hd->session = http_session_ref (session);
err = parse_uri (&hd->uri, url, 0, !!(flags & HTTP_FLAG_FORCE_TLS));
if (!err)
err = send_request (ctrl, hd, httphost, auth, proxy, srvtag,
hd->session? hd->session->connect_timeout : 0,
headers);
if (err)
{
my_socket_unref (hd->sock, NULL, NULL);
if (hd->fp_read)
es_fclose (hd->fp_read);
if (hd->fp_write)
es_fclose (hd->fp_write);
http_session_unref (hd->session);
xfree (hd);
}
else
*r_hd = hd;
return err;
}
/* This function is useful to connect to a generic TCP service using
this http abstraction layer. This has the advantage of providing
service tags and an estream interface. TIMEOUT is in milliseconds. */
gpg_error_t
http_raw_connect (ctrl_t ctrl, http_t *r_hd,
const char *server, unsigned short port,
unsigned int flags, const char *srvtag, unsigned int timeout)
{
gpg_error_t err = 0;
http_t hd;
cookie_t cookie;
*r_hd = NULL;
if ((flags & HTTP_FLAG_FORCE_TOR))
{
int mode;
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
{
log_error ("Tor support is not available\n");
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
}
/* Non-blocking connects do not work with our Tor proxy because
* we can't continue the Socks protocol after the EINPROGRESS.
* Disable the timeout to use a blocking connect. */
timeout = 0;
}
/* Create the handle. */
hd = xtrycalloc (1, sizeof *hd);
if (!hd)
return gpg_error_from_syserror ();
hd->magic = HTTP_CONTEXT_MAGIC;
hd->req_type = HTTP_REQ_OPAQUE;
hd->flags = flags;
/* Connect. */
{
assuan_fd_t sock;
err = connect_server (ctrl, server, port,
hd->flags, srvtag, timeout, &sock);
if (err)
{
xfree (hd);
return err;
}
hd->sock = my_socket_new (sock);
if (!hd->sock)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
xfree (hd);
return err;
}
}
/* Setup estreams for reading and writing. */
cookie = xtrycalloc (1, sizeof *cookie);
if (!cookie)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
goto leave;
}
cookie->sock = my_socket_ref (hd->sock);
hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
if (!hd->fp_write)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
my_socket_unref (cookie->sock, NULL, NULL);
xfree (cookie);
goto leave;
}
hd->write_cookie = cookie; /* Cookie now owned by FP_WRITE. */
cookie = xtrycalloc (1, sizeof *cookie);
if (!cookie)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
goto leave;
}
cookie->sock = my_socket_ref (hd->sock);
hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
if (!hd->fp_read)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
my_socket_unref (cookie->sock, NULL, NULL);
xfree (cookie);
goto leave;
}
hd->read_cookie = cookie; /* Cookie now owned by FP_READ. */
/* Register close notification to interlock the use of es_fclose in
http_close and in user code. */
err = es_onclose (hd->fp_write, 1, fp_onclose_notification, hd);
if (!err)
err = es_onclose (hd->fp_read, 1, fp_onclose_notification, hd);
leave:
if (err)
{
if (hd->fp_read)
es_fclose (hd->fp_read);
if (hd->fp_write)
es_fclose (hd->fp_write);
my_socket_unref (hd->sock, NULL, NULL);
xfree (hd);
}
else
*r_hd = hd;
return err;
}
void
http_start_data (http_t hd)
{
if (!hd->in_data)
{
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_string ("\r\n", "http.c:request-header:");
es_fputs ("\r\n", hd->fp_write);
es_fflush (hd->fp_write);
hd->in_data = 1;
}
else
es_fflush (hd->fp_write);
}
gpg_error_t
http_wait_response (http_t hd)
{
gpg_error_t err;
cookie_t cookie;
int use_tls;
/* Make sure that we are in the data. */
http_start_data (hd);
/* Close the write stream. Note that the reference counted socket
object keeps the actual system socket open. */
cookie = hd->write_cookie;
if (!cookie)
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
use_tls = cookie->use_tls;
es_fclose (hd->fp_write);
hd->fp_write = NULL;
/* The close has released the cookie and thus we better set it to NULL. */
hd->write_cookie = NULL;
/* Shutdown one end of the socket is desired. As per HTTP/1.0 this
is not required but some very old servers (e.g. the original pksd
keyserver didn't worked without it. */
if ((hd->flags & HTTP_FLAG_SHUTDOWN))
shutdown (FD2INT (hd->sock->fd), 1);
hd->in_data = 0;
/* Create a new cookie and a stream for reading. */
cookie = xtrycalloc (1, sizeof *cookie);
if (!cookie)
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
cookie->sock = my_socket_ref (hd->sock);
cookie->session = http_session_ref (hd->session);
cookie->use_tls = use_tls;
hd->read_cookie = cookie;
hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
if (!hd->fp_read)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
my_socket_unref (cookie->sock, NULL, NULL);
http_session_unref (cookie->session);
xfree (cookie);
hd->read_cookie = NULL;
return err;
}
err = parse_response (hd);
if (!err)
err = es_onclose (hd->fp_read, 1, fp_onclose_notification, hd);
return err;
}
/* Convenience function to send a request and wait for the response.
Closes the handle on error. If PROXY is not NULL, this value will
be used as an HTTP proxy and any enabled $http_proxy gets
ignored. */
gpg_error_t
http_open_document (ctrl_t ctrl, http_t *r_hd, const char *document,
const char *auth, unsigned int flags, const char *proxy,
http_session_t session,
const char *srvtag, strlist_t headers)
{
gpg_error_t err;
err = http_open (ctrl, r_hd, HTTP_REQ_GET, document, NULL, auth, flags,
proxy, session, srvtag, headers);
if (err)
return err;
err = http_wait_response (*r_hd);
if (err)
http_close (*r_hd, 0);
return err;
}
void
http_close (http_t hd, int keep_read_stream)
{
if (!hd)
return;
log_assert (hd->magic == HTTP_CONTEXT_MAGIC);
/* First remove the close notifications for the streams. */
if (hd->fp_read)
es_onclose (hd->fp_read, 0, fp_onclose_notification, hd);
if (hd->fp_write)
es_onclose (hd->fp_write, 0, fp_onclose_notification, hd);
/* Now we can close the streams. */
my_socket_unref (hd->sock, NULL, NULL);
if (hd->fp_read && !keep_read_stream)
es_fclose (hd->fp_read);
if (hd->fp_write)
es_fclose (hd->fp_write);
http_session_unref (hd->session);
hd->magic = 0xdeadbeef;
http_release_parsed_uri (hd->uri);
while (hd->headers)
{
header_t tmp = hd->headers->next;
xfree (hd->headers->value);
xfree (hd->headers);
hd->headers = tmp;
}
xfree (hd->buffer);
xfree (hd);
}
estream_t
http_get_read_ptr (http_t hd)
{
return hd?hd->fp_read:NULL;
}
estream_t
http_get_write_ptr (http_t hd)
{
return hd?hd->fp_write:NULL;
}
unsigned int
http_get_status_code (http_t hd)
{
return hd?hd->status_code:0;
}
/* Return information pertaining to TLS. If TLS is not in use for HD,
NULL is returned. WHAT is used ask for specific information:
(NULL) := Only check whether TLS is in use. Returns an
unspecified string if TLS is in use. That string may
even be the empty string.
*/
const char *
http_get_tls_info (http_t hd, const char *what)
{
(void)what;
if (!hd)
return NULL;
return hd->uri->use_tls? "":NULL;
}
static gpg_error_t
parse_uri (parsed_uri_t *ret_uri, const char *uri,
int no_scheme_check, int force_tls)
{
gpg_err_code_t ec;
*ret_uri = xtrycalloc (1, sizeof **ret_uri + 2 * strlen (uri) + 1);
if (!*ret_uri)
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
strcpy ((*ret_uri)->buffer, uri);
strcpy ((*ret_uri)->buffer + strlen (uri) + 1, uri);
(*ret_uri)->original = (*ret_uri)->buffer + strlen (uri) + 1;
ec = do_parse_uri (*ret_uri, 0, no_scheme_check, force_tls);
if (ec)
{
http_release_parsed_uri (*ret_uri);
*ret_uri = NULL;
}
return gpg_err_make (default_errsource, ec);
}
/*
* Parse an URI and put the result into the newly allocated RET_URI.
* On success the caller must use http_release_parsed_uri() to
* releases the resources. If the HTTP_PARSE_NO_SCHEME_CHECK flag is
* set, the function tries to parse the URL in the same way it would
* do for an HTTP style URI. */
gpg_error_t
http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
unsigned int flags)
{
return parse_uri (ret_uri, uri, !!(flags & HTTP_PARSE_NO_SCHEME_CHECK), 0);
}
void
http_release_parsed_uri (parsed_uri_t uri)
{
if (uri)
{
uri_tuple_t r, r2;
for (r = uri->params; r; r = r2)
{
r2 = r->next;
xfree (r);
}
for (r = uri->query; r; r = r2)
{
r2 = r->next;
xfree (r);
}
xfree (uri);
}
}
static gpg_err_code_t
do_parse_uri (parsed_uri_t uri, int only_local_part,
int no_scheme_check, int force_tls)
{
uri_tuple_t *tail;
char *p, *p2, *p3, *pp;
int n;
p = uri->buffer;
n = strlen (uri->buffer);
/* Initialize all fields to an empty string or an empty list. */
uri->scheme = uri->host = uri->path = p + n;
uri->port = 0;
uri->params = uri->query = NULL;
uri->use_tls = 0;
uri->is_http = 0;
uri->is_ldap = 0;
uri->opaque = 0;
uri->v6lit = 0;
uri->onion = 0;
uri->explicit_port = 0;
uri->off_host = 0;
uri->off_path = 0;
/* A quick validity check unless we have the opaque scheme. */
if (strspn (p, VALID_URI_CHARS) != n
&& strncmp (p, "opaque:", 7))
return GPG_ERR_BAD_URI; /* Invalid characters found. */
if (!only_local_part)
{
/* Find the scheme. */
if (!(p2 = strchr (p, ':')) || p2 == p)
return GPG_ERR_BAD_URI; /* No scheme. */
*p2++ = 0;
for (pp=p; *pp; pp++)
*pp = tolower (*(unsigned char*)pp);
uri->scheme = p;
if (!strcmp (uri->scheme, "http") && !force_tls)
{
uri->port = 80;
uri->is_http = 1;
}
else if (!strcmp (uri->scheme, "hkp") && !force_tls)
{
uri->port = 11371;
uri->is_http = 1;
}
else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
|| (force_tls && (!strcmp (uri->scheme, "http")
|| !strcmp (uri->scheme,"hkp"))))
{
uri->port = 443;
uri->is_http = 1;
uri->use_tls = 1;
}
else if (!strcmp (uri->scheme, "opaque"))
{
uri->opaque = 1;
uri->path = p2;
return 0;
}
else if (!no_scheme_check)
return GPG_ERR_INV_URI; /* Not an http style scheme. */
else if (!strcmp (uri->scheme, "ldap") && !force_tls)
{
uri->port = 389;
uri->is_ldap = 1;
}
else if (!strcmp (uri->scheme, "ldaps")
|| (force_tls && (!strcmp (uri->scheme, "ldap"))))
{
uri->port = 636;
uri->is_ldap = 1;
uri->use_tls = 1;
}
else if (!strcmp (uri->scheme, "ldapi")) /* LDAP via IPC. */
{
uri->port = 0;
uri->is_ldap = 1;
}
p = p2;
if (*p == '/' && p[1] == '/' ) /* There seems to be a hostname. */
{
p += 2;
if ((p2 = strchr (p, '/')))
{
if (p2 - uri->buffer > 10000)
return GPG_ERR_BAD_URI;
uri->off_path = p2 - uri->buffer;
*p2++ = 0;
}
else
{
n = (p - uri->buffer) + strlen (p);
if (n > 10000)
return GPG_ERR_BAD_URI;
uri->off_path = n;
}
/* Check for username/password encoding */
if ((p3 = strchr (p, '@')))
{
uri->auth = p;
*p3++ = '\0';
p = p3;
}
for (pp=p; *pp; pp++)
*pp = tolower (*(unsigned char*)pp);
/* Handle an IPv6 literal */
if( *p == '[' && (p3=strchr( p, ']' )) )
{
*p3++ = '\0';
/* worst case, uri->host should have length 0, points to \0 */
uri->host = p + 1;
if (p - uri->buffer > 10000)
return GPG_ERR_BAD_URI;
uri->off_host = (p + 1) - uri->buffer;
uri->v6lit = 1;
p = p3;
}
else
{
uri->host = p;
if (p - uri->buffer > 10000)
return GPG_ERR_BAD_URI;
uri->off_host = p - uri->buffer;
}
if ((p3 = strchr (p, ':')))
{
*p3++ = '\0';
uri->port = atoi (p3);
uri->explicit_port = 1;
}
if ((n = remove_escapes (uri->host)) < 0)
return GPG_ERR_BAD_URI;
if (n != strlen (uri->host))
return GPG_ERR_BAD_URI; /* Hostname includes a Nul. */
p = p2 ? p2 : NULL;
}
else if (!no_scheme_check && (uri->is_http || uri->is_ldap))
return GPG_ERR_INV_URI; /* HTTP or LDAP w/o leading double slash. */
else
{
uri->opaque = 1;
uri->path = p;
if (is_onion_address (uri->path))
uri->onion = 1;
return 0;
}
} /* End global URI part. */
/* Parse the pathname part if any. */
if (p && *p)
{
/* TODO: Here we have to check params. */
/* Do we have a query part? */
if ((p2 = strchr (p, '?')))
*p2++ = 0;
uri->path = p;
if ((n = remove_escapes (p)) < 0)
return GPG_ERR_BAD_URI;
if (n != strlen (p))
return GPG_ERR_BAD_URI; /* Path includes a Nul. */
p = p2 ? p2 : NULL;
/* Parse a query string if any. */
if (p && *p)
{
tail = &uri->query;
for (;;)
{
uri_tuple_t elem;
if ((p2 = strchr (p, '&')))
*p2++ = 0;
if (!(elem = parse_tuple (p)))
return GPG_ERR_BAD_URI;
*tail = elem;
tail = &elem->next;
if (!p2)
break; /* Ready. */
p = p2;
}
}
}
if (is_onion_address (uri->host))
uri->onion = 1;
return 0;
}
/*
* Remove all %xx escapes; this is done in-place. Returns: New length
* of the string.
*/
static int
remove_escapes (char *string)
{
int n = 0;
unsigned char *p, *s;
for (p = s = (unsigned char*)string; *s; s++)
{
if (*s == '%')
{
if (s[1] && s[2] && isxdigit (s[1]) && isxdigit (s[2]))
{
s++;
*p = *s >= '0' && *s <= '9' ? *s - '0' :
*s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10;
*p <<= 4;
s++;
*p |= *s >= '0' && *s <= '9' ? *s - '0' :
*s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10;
p++;
n++;
}
else
{
*p++ = *s++;
if (*s)
*p++ = *s++;
if (*s)
*p++ = *s++;
if (*s)
*p = 0;
return -1; /* Bad URI. */
}
}
else
{
*p++ = *s;
n++;
}
}
*p = 0; /* Make sure to keep a string terminator. */
return n;
}
/* If SPECIAL is NULL this function escapes in forms mode. */
static size_t
escape_data (char *buffer, const void *data, size_t datalen,
const char *special)
{
int forms = !special;
const unsigned char *s;
size_t n = 0;
if (forms)
special = "%;?&=";
for (s = data; datalen; s++, datalen--)
{
if (forms && *s == ' ')
{
if (buffer)
*buffer++ = '+';
n++;
}
else if (forms && *s == '\n')
{
if (buffer)
memcpy (buffer, "%0D%0A", 6);
n += 6;
}
else if (forms && *s == '\r' && datalen > 1 && s[1] == '\n')
{
if (buffer)
memcpy (buffer, "%0D%0A", 6);
n += 6;
s++;
datalen--;
}
else if (strchr (VALID_URI_CHARS, *s) && !strchr (special, *s))
{
if (buffer)
*(unsigned char*)buffer++ = *s;
n++;
}
else
{
if (buffer)
{
snprintf (buffer, 4, "%%%02X", *s);
buffer += 3;
}
n += 3;
}
}
return n;
}
static int
insert_escapes (char *buffer, const char *string,
const char *special)
{
return escape_data (buffer, string, strlen (string), special);
}
/* Allocate a new string from STRING using standard HTTP escaping as
well as escaping of characters given in SPECIALS. A common pattern
for SPECIALS is "%;?&=". However it depends on the needs, for
example "+" and "/: often needs to be escaped too. Returns NULL on
failure and sets ERRNO. If SPECIAL is NULL a dedicated forms
encoding mode is used. */
char *
http_escape_string (const char *string, const char *specials)
{
int n;
char *buf;
n = insert_escapes (NULL, string, specials);
buf = xtrymalloc (n+1);
if (buf)
{
insert_escapes (buf, string, specials);
buf[n] = 0;
}
return buf;
}
/* Allocate a new string from {DATA,DATALEN} using standard HTTP
escaping as well as escaping of characters given in SPECIALS. A
common pattern for SPECIALS is "%;?&=". However it depends on the
needs, for example "+" and "/: often needs to be escaped too.
Returns NULL on failure and sets ERRNO. If SPECIAL is NULL a
dedicated forms encoding mode is used. */
char *
http_escape_data (const void *data, size_t datalen, const char *specials)
{
int n;
char *buf;
n = escape_data (NULL, data, datalen, specials);
buf = xtrymalloc (n+1);
if (buf)
{
escape_data (buf, data, datalen, specials);
buf[n] = 0;
}
return buf;
}
static uri_tuple_t
parse_tuple (char *string)
{
char *p = string;
char *p2;
int n;
uri_tuple_t tuple;
if ((p2 = strchr (p, '=')))
*p2++ = 0;
if ((n = remove_escapes (p)) < 0)
return NULL; /* Bad URI. */
if (n != strlen (p))
return NULL; /* Name with a Nul in it. */
tuple = xtrycalloc (1, sizeof *tuple);
if (!tuple)
return NULL; /* Out of core. */
tuple->name = p;
if (!p2) /* We have only the name, so we assume an empty value string. */
{
tuple->value = p + strlen (p);
tuple->valuelen = 0;
tuple->no_value = 1; /* Explicitly mark that we have seen no '='. */
}
else /* Name and value. */
{
if ((n = remove_escapes (p2)) < 0)
{
xfree (tuple);
return NULL; /* Bad URI. */
}
tuple->value = p2;
tuple->valuelen = n;
}
return tuple;
}
/* Return true if STRING is likely "hostname:port" or only "hostname". */
static int
is_hostname_port (const char *string)
{
int colons = 0;
if (!string || !*string)
return 0;
for (; *string; string++)
{
if (*string == ':')
{
if (colons)
return 0;
if (!string[1])
return 0;
colons++;
}
else if (!colons && strchr (" \t\f\n\v_@[]/", *string))
return 0; /* Invalid characters in hostname. */
else if (colons && !digitp (string))
return 0; /* Not a digit in the port. */
}
return 1;
}
/*
* Send a HTTP request to the server
* Returns 0 if the request was successful
*/
static gpg_error_t
send_request (ctrl_t ctrl, http_t hd, const char *httphost, const char *auth,
const char *proxy, const char *srvtag, unsigned int timeout,
strlist_t headers)
{
gpg_error_t err;
const char *server;
char *request, *p;
unsigned short port;
const char *http_proxy = NULL;
char *proxy_authstr = NULL;
char *authstr = NULL;
assuan_fd_t sock;
int have_http_proxy = 0;
if (hd->uri->use_tls && !hd->session)
{
log_error ("TLS requested but no session object provided\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
if (hd->uri->use_tls && !hd->session->tls_session)
{
log_error ("TLS requested but no TLS context available\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
if (opt_debug)
log_debug ("Using TLS library: %s %s\n",
#if HTTP_USE_NTBTLS
"NTBTLS", ntbtls_check_version (NULL)
#elif HTTP_USE_GNUTLS
"GNUTLS", gnutls_check_version (NULL)
#endif /*HTTP_USE_GNUTLS*/
);
if ((hd->flags & HTTP_FLAG_FORCE_TOR))
{
int mode;
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
{
log_error ("Tor support is not available\n");
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
}
/* Non-blocking connects do not work with our Tor proxy because
* we can't continue the Socks protocol after the EINPROGRESS.
* Disable the timeout to use a blocking connect. */
timeout = 0;
}
server = *hd->uri->host ? hd->uri->host : "localhost";
port = hd->uri->port ? hd->uri->port : 80;
/* Try to use SNI. */
if (hd->uri->use_tls)
{
#if HTTP_USE_GNUTLS
int rc;
#endif
xfree (hd->session->servername);
hd->session->servername = xtrystrdup (httphost? httphost : server);
if (!hd->session->servername)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
return err;
}
#if HTTP_USE_NTBTLS
err = ntbtls_set_hostname (hd->session->tls_session,
hd->session->servername);
if (err)
{
log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
return err;
}
#elif HTTP_USE_GNUTLS
rc = gnutls_server_name_set (hd->session->tls_session,
GNUTLS_NAME_DNS,
hd->session->servername,
strlen (hd->session->servername));
if (rc < 0)
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
#endif /*HTTP_USE_GNUTLS*/
}
if ( (proxy && *proxy)
|| ( (hd->flags & HTTP_FLAG_TRY_PROXY)
&& (http_proxy = getenv (HTTP_PROXY_ENV))
&& *http_proxy ))
{
parsed_uri_t uri;
if (proxy)
http_proxy = proxy;
err = parse_uri (&uri, http_proxy, 0, 0);
if (gpg_err_code (err) == GPG_ERR_INV_URI
&& is_hostname_port (http_proxy))
{
/* Retry assuming a "hostname:port" string. */
char *tmpname = strconcat ("http://", http_proxy, NULL);
if (tmpname && !parse_uri (&uri, tmpname, 0, 0))
err = 0;
xfree (tmpname);
}
if (err)
;
else if (!strcmp (uri->scheme, "http"))
have_http_proxy = 1;
else if (!strcmp (uri->scheme, "socks4")
|| !strcmp (uri->scheme, "socks5h"))
err = gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
else
err = gpg_err_make (default_errsource, GPG_ERR_INV_URI);
if (err)
{
log_error ("invalid HTTP proxy (%s): %s\n",
http_proxy, gpg_strerror (err));
return gpg_err_make (default_errsource, GPG_ERR_CONFIGURATION);
}
if (uri->auth)
{
remove_escapes (uri->auth);
proxy_authstr = make_header_line ("Proxy-Authorization: Basic ",
"\r\n",
uri->auth, strlen(uri->auth));
if (!proxy_authstr)
{
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
http_release_parsed_uri (uri);
return err;
}
}
err = connect_server (ctrl,
*uri->host ? uri->host : "localhost",
uri->port ? uri->port : 80,
hd->flags, NULL, timeout, &sock);
http_release_parsed_uri (uri);
}
else
{
err = connect_server (ctrl,
server, port, hd->flags, srvtag, timeout, &sock);
}
if (err)
{
xfree (proxy_authstr);
return err;
}
hd->sock = my_socket_new (sock);
if (!hd->sock)
{
xfree (proxy_authstr);
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
if (have_http_proxy && hd->uri->use_tls)
{
int saved_flags;
cookie_t cookie;
/* Try to use the CONNECT method to proxy our TLS stream. */
request = es_bsprintf
("CONNECT %s:%hu HTTP/1.0\r\nHost: %s:%hu\r\n%s",
httphost ? httphost : server,
port,
httphost ? httphost : server,
port,
proxy_authstr ? proxy_authstr : "");
xfree (proxy_authstr);
proxy_authstr = NULL;
if (! request)
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_string (request, "http.c:request:");
cookie = xtrycalloc (1, sizeof *cookie);
if (! cookie)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
xfree (request);
return err;
}
cookie->sock = my_socket_ref (hd->sock);
hd->write_cookie = cookie;
hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
if (! hd->fp_write)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
my_socket_unref (cookie->sock, NULL, NULL);
xfree (cookie);
xfree (request);
hd->write_cookie = NULL;
return err;
}
else if (es_fputs (request, hd->fp_write) || es_fflush (hd->fp_write))
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
xfree (request);
request = NULL;
/* Make sure http_wait_response doesn't close the stream. */
saved_flags = hd->flags;
hd->flags &= ~HTTP_FLAG_SHUTDOWN;
/* Get the response. */
err = http_wait_response (hd);
/* Restore flags, destroy stream. */
hd->flags = saved_flags;
es_fclose (hd->fp_read);
hd->fp_read = NULL;
hd->read_cookie = NULL;
/* Reset state. */
hd->in_data = 0;
if (err)
return err;
if (hd->status_code != 200)
{
request = es_bsprintf
("CONNECT %s:%hu",
httphost ? httphost : server,
port);
log_error (_("error accessing '%s': http status %u\n"),
request ? request : "out of core",
http_get_status_code (hd));
xfree (request);
return gpg_error (GPG_ERR_NO_DATA);
}
/* We are done with the proxy, the code below will establish a
* TLS session and talk directly to the target server. */
http_proxy = NULL;
}
#if HTTP_USE_NTBTLS
if (hd->uri->use_tls)
{
estream_t in, out;
my_socket_ref (hd->sock);
/* Until we support send/recv in estream under Windows we need
* to use es_fopencookie. */
# ifdef HAVE_W32_SYSTEM
in = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "rb",
simple_cookie_functions);
# else
in = es_fdopen_nc (hd->sock->fd, "rb");
# endif
if (!in)
{
err = gpg_error_from_syserror ();
xfree (proxy_authstr);
return err;
}
# ifdef HAVE_W32_SYSTEM
out = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "wb",
simple_cookie_functions);
# else
out = es_fdopen_nc (hd->sock->fd, "wb");
# endif
if (!out)
{
err = gpg_error_from_syserror ();
es_fclose (in);
xfree (proxy_authstr);
return err;
}
err = ntbtls_set_transport (hd->session->tls_session, in, out);
if (err)
{
log_info ("TLS set_transport failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
if (hd->session->verify_cb)
{
err = ntbtls_set_verify_cb (hd->session->tls_session,
my_ntbtls_verify_cb, hd);
if (err)
{
log_error ("ntbtls_set_verify_cb failed: %s\n",
gpg_strerror (err));
xfree (proxy_authstr);
return err;
}
}
while ((err = ntbtls_handshake (hd->session->tls_session)))
{
#if NTBTLS_VERSION_NUMBER >= 0x000200
unsigned int tlevel, ttype;
const char *s = ntbtls_get_last_alert (hd->session->tls_session,
&tlevel, &ttype);
if (s)
log_info ("TLS alert: %s (%u.%u)\n", s, tlevel, ttype);
#endif
switch (err)
{
default:
log_info ("TLS handshake failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
}
hd->session->verify.done = 0;
/* Try the available verify callbacks until one returns success
* or a real error. Note that NTBTLS does the verification
* during the handshake via */
err = 0; /* Fixme check that the CB has been called. */
if (hd->session->verify_cb
&& gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
&& gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
err = hd->session->verify_cb (hd->session->verify_cb_value,
hd, hd->session,
(hd->flags | hd->session->flags),
hd->session->tls_session);
if (tls_callback
&& gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
&& gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
err = tls_callback (hd, hd->session, 0);
if (gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR
&& gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED)
err = http_verify_server_credentials (hd->session);
if (err)
{
log_info ("TLS connection authentication failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
}
#elif HTTP_USE_GNUTLS
if (hd->uri->use_tls)
{
int rc;
my_socket_ref (hd->sock);
gnutls_transport_set_ptr (hd->session->tls_session, hd->sock);
gnutls_transport_set_pull_function (hd->session->tls_session,
my_gnutls_read);
gnutls_transport_set_push_function (hd->session->tls_session,
my_gnutls_write);
handshake_again:
do
{
rc = gnutls_handshake (hd->session->tls_session);
}
while (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN);
if (rc < 0)
{
if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED
|| rc == GNUTLS_E_FATAL_ALERT_RECEIVED)
{
gnutls_alert_description_t alertno;
const char *alertstr;
alertno = gnutls_alert_get (hd->session->tls_session);
alertstr = gnutls_alert_get_name (alertno);
log_info ("TLS handshake %s: %s (alert %d)\n",
rc == GNUTLS_E_WARNING_ALERT_RECEIVED
? "warning" : "failed",
alertstr, (int)alertno);
if (alertno == GNUTLS_A_UNRECOGNIZED_NAME && server)
log_info (" (sent server name '%s')\n", server);
if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED)
goto handshake_again;
}
else
log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc));
xfree (proxy_authstr);
return gpg_err_make (default_errsource, GPG_ERR_NETWORK);
}
hd->session->verify.done = 0;
if (tls_callback)
err = tls_callback (hd, hd->session, 0);
else
err = http_verify_server_credentials (hd->session);
if (err)
{
log_info ("TLS connection authentication failed: %s\n",
gpg_strerror (err));
xfree (proxy_authstr);
return err;
}
}
#endif /*HTTP_USE_GNUTLS*/
if (auth || hd->uri->auth)
{
char *myauth;
if (auth)
{
myauth = xtrystrdup (auth);
if (!myauth)
{
xfree (proxy_authstr);
return gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
}
remove_escapes (myauth);
}
else
{
remove_escapes (hd->uri->auth);
myauth = hd->uri->auth;
}
authstr = make_header_line ("Authorization: Basic ", "\r\n",
myauth, strlen (myauth));
if (auth)
xfree (myauth);
if (!authstr)
{
xfree (proxy_authstr);
return gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
}
}
p = build_rel_path (hd->uri);
if (!p)
{
xfree (authstr);
xfree (proxy_authstr);
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
if (http_proxy && *http_proxy)
{
request = es_bsprintf
("%s %s://%s:%hu%s%s HTTP/1.0\r\n%s%s",
hd->req_type == HTTP_REQ_GET ? "GET" :
hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
hd->uri->use_tls? "https" : "http",
httphost? httphost : server,
port, *p == '/' ? "" : "/", p,
authstr ? authstr : "",
proxy_authstr ? proxy_authstr : "");
}
else
{
char portstr[35];
if (port == (hd->uri->use_tls? 443 : 80))
*portstr = 0;
else
snprintf (portstr, sizeof portstr, ":%u", port);
request = es_bsprintf
("%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s",
hd->req_type == HTTP_REQ_GET ? "GET" :
hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
*p == '/' ? "" : "/", p,
httphost? httphost : server,
portstr,
authstr? authstr:"");
}
xfree (p);
if (!request)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
xfree (authstr);
xfree (proxy_authstr);
return err;
}
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_string (request, "http.c:request:");
/* First setup estream so that we can write even the first line
using estream. This is also required for the sake of gnutls. */
{
cookie_t cookie;
cookie = xtrycalloc (1, sizeof *cookie);
if (!cookie)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
goto leave;
}
cookie->sock = my_socket_ref (hd->sock);
hd->write_cookie = cookie;
cookie->use_tls = hd->uri->use_tls;
cookie->session = http_session_ref (hd->session);
hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
if (!hd->fp_write)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
my_socket_unref (cookie->sock, NULL, NULL);
xfree (cookie);
hd->write_cookie = NULL;
}
else if (es_fputs (request, hd->fp_write) || es_fflush (hd->fp_write))
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
else
err = 0;
if (!err)
{
for (;headers; headers=headers->next)
{
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_string (headers->d, "http.c:request-header:");
if ((es_fputs (headers->d, hd->fp_write) || es_fflush (hd->fp_write))
|| (es_fputs("\r\n",hd->fp_write) || es_fflush(hd->fp_write)))
{
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
break;
}
}
}
}
leave:
es_free (request);
xfree (authstr);
xfree (proxy_authstr);
return err;
}
/*
* Build the relative path from the parsed URI. Minimal
* implementation. May return NULL in case of memory failure; errno
* is then set accordingly.
*/
static char *
build_rel_path (parsed_uri_t uri)
{
uri_tuple_t r;
char *rel_path, *p;
int n;
/* Count the needed space. */
n = insert_escapes (NULL, uri->path, "%;?&");
/* TODO: build params. */
for (r = uri->query; r; r = r->next)
{
n++; /* '?'/'&' */
n += insert_escapes (NULL, r->name, "%;?&=");
if (!r->no_value)
{
n++; /* '=' */
n += insert_escapes (NULL, r->value, "%;?&=");
}
}
n++;
/* Now allocate and copy. */
p = rel_path = xtrymalloc (n);
if (!p)
return NULL;
n = insert_escapes (p, uri->path, "%;?&");
p += n;
/* TODO: add params. */
for (r = uri->query; r; r = r->next)
{
*p++ = r == uri->query ? '?' : '&';
n = insert_escapes (p, r->name, "%;?&=");
p += n;
if (!r->no_value)
{
*p++ = '=';
/* TODO: Use valuelen. */
n = insert_escapes (p, r->value, "%;?&=");
p += n;
}
}
*p = 0;
return rel_path;
}
/* Transform a header name into a standard capitalized format; e.g.
"Content-Type". Conversion stops at the colon. As usual we don't
use the localized versions of ctype.h. */
static void
capitalize_header_name (char *name)
{
int first = 1;
for (; *name && *name != ':'; name++)
{
if (*name == '-')
first = 1;
else if (first)
{
if (*name >= 'a' && *name <= 'z')
*name = *name - 'a' + 'A';
first = 0;
}
else if (*name >= 'A' && *name <= 'Z')
*name = *name - 'A' + 'a';
}
}
/* Store an HTTP header line in LINE away. Line continuation is
supported as well as merging of headers with the same name. This
function may modify LINE. */
static gpg_err_code_t
store_header (http_t hd, char *line)
{
size_t n;
char *p, *value;
header_t h;
n = strlen (line);
if (n && line[n-1] == '\n')
{
line[--n] = 0;
if (n && line[n-1] == '\r')
line[--n] = 0;
}
if (!n) /* we are never called to hit this. */
return GPG_ERR_BUG;
if (*line == ' ' || *line == '\t')
{
/* Continuation. This won't happen too often as it is not
recommended. We use a straightforward implementation. */
if (!hd->headers)
return GPG_ERR_PROTOCOL_VIOLATION;
n += strlen (hd->headers->value);
p = xtrymalloc (n+1);
if (!p)
return gpg_err_code_from_syserror ();
strcpy (stpcpy (p, hd->headers->value), line);
xfree (hd->headers->value);
hd->headers->value = p;
return 0;
}
capitalize_header_name (line);
p = strchr (line, ':');
if (!p)
return GPG_ERR_PROTOCOL_VIOLATION;
*p++ = 0;
while (*p == ' ' || *p == '\t')
p++;
value = p;
for (h=hd->headers; h; h = h->next)
if ( !strcmp (h->name, line) )
break;
if (h)
{
/* We have already seen a line with that name. Thus we assume
* it is a comma separated list and merge them. */
p = strconcat (h->value, ",", value, NULL);
if (!p)
return gpg_err_code_from_syserror ();
xfree (h->value);
h->value = p;
return 0;
}
/* Append a new header. */
h = xtrymalloc (sizeof *h + strlen (line));
if (!h)
return gpg_err_code_from_syserror ();
strcpy (h->name, line);
h->value = xtrymalloc (strlen (value)+1);
if (!h->value)
{
xfree (h);
return gpg_err_code_from_syserror ();
}
strcpy (h->value, value);
h->next = hd->headers;
hd->headers = h;
return 0;
}
/* Return the header NAME from the last response. The returned value
is valid as along as HD has not been closed and no other request
has been send. If the header was not found, NULL is returned. NAME
must be canonicalized, that is the first letter of each dash
delimited part must be uppercase and all other letters lowercase. */
const char *
http_get_header (http_t hd, const char *name)
{
header_t h;
for (h=hd->headers; h; h = h->next)
if ( !strcmp (h->name, name) )
return h->value;
return NULL;
}
/* Return a newly allocated and NULL terminated array with pointers to
header names. The array must be released with xfree() and its
content is only values as long as no other request has been
send. */
const char **
http_get_header_names (http_t hd)
{
const char **array;
size_t n;
header_t h;
for (n=0, h = hd->headers; h; h = h->next)
n++;
array = xtrycalloc (n+1, sizeof *array);
if (array)
{
for (n=0, h = hd->headers; h; h = h->next)
array[n++] = h->name;
}
return array;
}
/*
* Parse the response from a server.
* Returns: Errorcode and sets some files in the handle
*/
static gpg_err_code_t
parse_response (http_t hd)
{
char *line, *p, *p2;
size_t maxlen, len;
cookie_t cookie = hd->read_cookie;
const char *s;
/* Delete old header lines. */
while (hd->headers)
{
header_t tmp = hd->headers->next;
xfree (hd->headers->value);
xfree (hd->headers);
hd->headers = tmp;
}
/* Wait for the status line. */
do
{
maxlen = MAX_LINELEN;
len = es_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
line = hd->buffer;
if (!line)
return gpg_err_code_from_syserror (); /* Out of core. */
if (!maxlen)
return GPG_ERR_TRUNCATED; /* Line has been truncated. */
if (!len)
return GPG_ERR_EOF;
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_string (line, "http.c:response:\n");
}
while (!*line);
if ((p = strchr (line, '/')))
*p++ = 0;
if (!p || strcmp (line, "HTTP"))
return 0; /* Assume http 0.9. */
if ((p2 = strpbrk (p, " \t")))
{
*p2++ = 0;
p2 += strspn (p2, " \t");
}
if (!p2)
return 0; /* Also assume http 0.9. */
p = p2;
/* TODO: Add HTTP version number check. */
if ((p2 = strpbrk (p, " \t")))
*p2++ = 0;
if (!isdigit ((unsigned int)p[0]) || !isdigit ((unsigned int)p[1])
|| !isdigit ((unsigned int)p[2]) || p[3])
{
/* Malformed HTTP status code - assume http 0.9. */
hd->is_http_0_9 = 1;
hd->status_code = 200;
return 0;
}
hd->status_code = atoi (p);
/* Skip all the header lines and wait for the empty line. */
do
{
maxlen = MAX_LINELEN;
len = es_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
line = hd->buffer;
if (!line)
return gpg_err_code_from_syserror (); /* Out of core. */
/* Note, that we can silently ignore truncated lines. */
if (!len)
return GPG_ERR_EOF;
/* Trim line endings of empty lines. */
if ((*line == '\r' && line[1] == '\n') || *line == '\n')
*line = 0;
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_info ("http.c:RESP: '%.*s'\n",
(int)strlen(line)-(*line&&line[1]?2:0),line);
if (*line)
{
gpg_err_code_t ec = store_header (hd, line);
if (ec)
return ec;
}
}
while (len && *line);
cookie->content_length_valid = 0;
if (!(hd->flags & HTTP_FLAG_IGNORE_CL))
{
s = http_get_header (hd, "Content-Length");
if (s)
{
cookie->content_length_valid = 1;
cookie->content_length = string_to_u64 (s);
}
}
return 0;
}
#if 0
static int
start_server ()
{
struct sockaddr_in mya;
struct sockaddr_in peer;
int fd, client;
fd_set rfds;
int addrlen;
int i;
if ((fd = socket (AF_INET, SOCK_STREAM, 0)) == -1)
{
log_error ("socket() failed: %s\n", strerror (errno));
return -1;
}
i = 1;
if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (byte *) & i, sizeof (i)))
log_info ("setsockopt(SO_REUSEADDR) failed: %s\n", strerror (errno));
mya.sin_family = AF_INET;
memset (&mya.sin_addr, 0, sizeof (mya.sin_addr));
mya.sin_port = htons (11371);
if (bind (fd, (struct sockaddr *) &mya, sizeof (mya)))
{
log_error ("bind to port 11371 failed: %s\n", strerror (errno));
sock_close (fd);
return -1;
}
if (listen (fd, 5))
{
log_error ("listen failed: %s\n", strerror (errno));
sock_close (fd);
return -1;
}
for (;;)
{
FD_ZERO (&rfds);
FD_SET (fd, &rfds);
if (my_select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
continue; /* ignore any errors */
if (!FD_ISSET (fd, &rfds))
continue;
addrlen = sizeof peer;
client = my_accept (fd, (struct sockaddr *) &peer, &addrlen);
if (client == -1)
continue; /* oops */
log_info ("connect from %s\n", inet_ntoa (peer.sin_addr));
fflush (stdout);
fflush (stderr);
if (!fork ())
{
int c;
FILE *fp;
fp = fdopen (client, "r");
while ((c = getc (fp)) != EOF)
putchar (c);
fclose (fp);
exit (0);
}
sock_close (client);
}
return 0;
}
#endif
/* Return true if SOCKS shall be used. This is the case if tor_mode
* is enabled and the desired address is not the loopback address.
* This function is basically a copy of the same internal function in
* Libassuan. */
static int
use_socks (struct sockaddr_storage *addr)
{
int mode;
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
return 0; /* Not in Tor mode. */
else if (addr->ss_family == AF_INET6)
{
struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)addr;
const unsigned char *s;
int i;
s = (unsigned char *)&addr_in6->sin6_addr.s6_addr;
if (s[15] != 1)
return 1; /* Last octet is not 1 - not the loopback address. */
for (i=0; i < 15; i++, s++)
if (*s)
return 1; /* Non-zero octet found - not the loopback address. */
return 0; /* This is the loopback address. */
}
else if (addr->ss_family == AF_INET)
{
struct sockaddr_in *addr_in = (struct sockaddr_in *)addr;
if (*(unsigned char*)&addr_in->sin_addr.s_addr == 127)
return 0; /* Loopback (127.0.0.0/8) */
return 1;
}
else
return 0;
}
/* Wrapper around assuan_sock_new which takes the domain from an
* address parameter. */
static assuan_fd_t
my_sock_new_for_addr (struct sockaddr_storage *addr, int type, int proto)
{
int domain;
if (use_socks (addr))
{
/* Libassaun always uses 127.0.0.1 to connect to the socks
* server (i.e. the Tor daemon). */
domain = AF_INET;
}
else
domain = addr->ss_family;
return assuan_sock_new (domain, type, proto);
}
/* Call WSAGetLastError and map it to a libgpg-error. */
#ifdef HAVE_W32_SYSTEM
static gpg_error_t
my_wsagetlasterror (void)
{
int wsaerr;
gpg_err_code_t ec;
wsaerr = WSAGetLastError ();
switch (wsaerr)
{
case WSAENOTSOCK: ec = GPG_ERR_EINVAL; break;
case WSAEWOULDBLOCK: ec = GPG_ERR_EAGAIN; break;
case ERROR_BROKEN_PIPE: ec = GPG_ERR_EPIPE; break;
case WSANOTINITIALISED: ec = GPG_ERR_ENOSYS; break;
case WSAENOBUFS: ec = GPG_ERR_ENOBUFS; break;
case WSAEMSGSIZE: ec = GPG_ERR_EMSGSIZE; break;
case WSAECONNREFUSED: ec = GPG_ERR_ECONNREFUSED; break;
case WSAEISCONN: ec = GPG_ERR_EISCONN; break;
case WSAEALREADY: ec = GPG_ERR_EALREADY; break;
case WSAETIMEDOUT: ec = GPG_ERR_ETIMEDOUT; break;
default: ec = GPG_ERR_EIO; break;
}
return gpg_err_make (default_errsource, ec);
}
#endif /*HAVE_W32_SYSTEM*/
/* Connect SOCK and return GPG_ERR_ETIMEOUT if a connection could not
* be established within TIMEOUT milliseconds. 0 indicates the
* system's default timeout. The other args are the usual connect
* args. On success 0 is returned, on timeout GPG_ERR_ETIMEDOUT, and
* another error code for other errors. On timeout the caller needs
* to close the socket as soon as possible to stop an ongoing
* handshake.
*
* This implementation is for well-behaving systems; see Stevens,
* Network Programming, 2nd edition, Vol 1, 15.4. */
static gpg_error_t
connect_with_timeout (assuan_fd_t sock,
struct sockaddr *addr, int addrlen,
unsigned int timeout)
{
gpg_error_t err;
int syserr;
socklen_t slen;
fd_set rset, wset;
struct timeval tval;
int n;
#ifndef HAVE_W32_SYSTEM
int oflags;
# define RESTORE_BLOCKING() do { \
fcntl (sock, F_SETFL, oflags); \
} while (0)
#else /*HAVE_W32_SYSTEM*/
# define RESTORE_BLOCKING() do { \
unsigned long along = 0; \
ioctlsocket (FD2INT (sock), FIONBIO, &along); \
} while (0)
#endif /*HAVE_W32_SYSTEM*/
if (!timeout)
{
/* Shortcut. */
if (assuan_sock_connect (sock, addr, addrlen))
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
else
err = 0;
return err;
}
/* Switch the socket into non-blocking mode. */
#ifdef HAVE_W32_SYSTEM
{
unsigned long along = 1;
if (ioctlsocket (FD2INT (sock), FIONBIO, &along))
return my_wsagetlasterror ();
}
#else
oflags = fcntl (sock, F_GETFL, 0);
if (fcntl (sock, F_SETFL, oflags | O_NONBLOCK))
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
#endif
/* Do the connect. */
if (!assuan_sock_connect (sock, addr, addrlen))
{
/* Immediate connect. Restore flags. */
RESTORE_BLOCKING ();
return 0; /* Success. */
}
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
if (gpg_err_code (err) != GPG_ERR_EINPROGRESS
#ifdef HAVE_W32_SYSTEM
&& gpg_err_code (err) != GPG_ERR_EAGAIN
#endif
)
{
RESTORE_BLOCKING ();
return err;
}
FD_ZERO (&rset);
FD_SET (FD2INT (sock), &rset);
wset = rset;
tval.tv_sec = timeout / 1000;
tval.tv_usec = (timeout % 1000) * 1000;
n = my_select (FD2INT(sock)+1, &rset, &wset, NULL, &tval);
if (n < 0)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
RESTORE_BLOCKING ();
return err;
}
if (!n)
{
/* Timeout: We do not restore the socket flags on timeout
* because the caller is expected to close the socket. */
return gpg_err_make (default_errsource, GPG_ERR_ETIMEDOUT);
}
if (!FD_ISSET (sock, &rset) && !FD_ISSET (sock, &wset))
{
/* select misbehaved. */
return gpg_err_make (default_errsource, GPG_ERR_SYSTEM_BUG);
}
slen = sizeof (syserr);
if (getsockopt (FD2INT(sock), SOL_SOCKET, SO_ERROR,
(void*)&syserr, &slen) < 0)
{
/* Assume that this is Solaris which returns the error in ERRNO. */
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
else if (syserr)
err = gpg_err_make (default_errsource, gpg_err_code_from_errno (syserr));
else
err = 0; /* Connected. */
RESTORE_BLOCKING ();
return err;
#undef RESTORE_BLOCKING
}
/* Actually connect to a server. On success 0 is returned and the
* file descriptor for the socket is stored at R_SOCK; on error an
* error code is returned and ASSUAN_INVALID_FD is stored at R_SOCK.
* TIMEOUT is the connect timeout in milliseconds. Note that the
* function tries to connect to all known addresses and the timeout is
* for each one. */
static gpg_error_t
connect_server (ctrl_t ctrl, const char *server, unsigned short port,
unsigned int flags, const char *srvtag, unsigned int timeout,
assuan_fd_t *r_sock)
{
gpg_error_t err;
assuan_fd_t sock = ASSUAN_INVALID_FD;
unsigned int srvcount = 0;
int hostfound = 0;
int anyhostaddr = 0;
int srv, connected, v4_valid, v6_valid;
gpg_error_t last_err = 0;
struct srventry *serverlist = NULL;
*r_sock = ASSUAN_INVALID_FD;
#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
init_sockets ();
#endif /*Windows*/
check_inet_support (&v4_valid, &v6_valid);
/* Onion addresses require special treatment. */
if (is_onion_address (server))
{
#ifdef ASSUAN_SOCK_TOR
if (opt_debug)
log_debug ("http.c:connect_server:onion: name='%s' port=%hu\n",
server, port);
sock = assuan_sock_connect_byname (server, port, 0, NULL,
ASSUAN_SOCK_TOR);
if (sock == ASSUAN_INVALID_FD)
{
err = gpg_err_make (default_errsource,
(errno == EHOSTUNREACH)? GPG_ERR_UNKNOWN_HOST
: gpg_err_code_from_syserror ());
log_error ("can't connect to '%s': %s\n", server, gpg_strerror (err));
return err;
}
notify_netactivity ();
*r_sock = sock;
return 0;
#else /*!ASSUAN_SOCK_TOR*/
err = gpg_err_make (default_errsource, GPG_ERR_ENETUNREACH);
return ASSUAN_INVALID_FD;
#endif /*!HASSUAN_SOCK_TOR*/
}
/* Do the SRV thing */
if (srvtag)
{
err = get_dns_srv (ctrl, server, srvtag, NULL, &serverlist, &srvcount);
if (err)
log_info ("getting '%s' SRV for '%s' failed: %s\n",
srvtag, server, gpg_strerror (err));
/* Note that on error SRVCOUNT is zero. */
err = 0;
}
if (!serverlist)
{
/* Either we're not using SRV, or the SRV lookup failed. Make
up a fake SRV record. */
serverlist = xtrycalloc (1, sizeof *serverlist);
if (!serverlist)
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
serverlist->port = port;
strncpy (serverlist->target, server, DIMof (struct srventry, target));
serverlist->target[DIMof (struct srventry, target)-1] = '\0';
srvcount = 1;
}
connected = 0;
for (srv=0; srv < srvcount && !connected; srv++)
{
dns_addrinfo_t aibuf, ai;
if (opt_debug)
log_debug ("http.c:connect_server: trying name='%s' port=%hu\n",
serverlist[srv].target, port);
err = resolve_dns_name (ctrl,
serverlist[srv].target, port, 0, SOCK_STREAM,
&aibuf, NULL);
if (err)
{
log_info ("resolving '%s' failed: %s\n",
serverlist[srv].target, gpg_strerror (err));
last_err = err;
continue; /* Not found - try next one. */
}
hostfound = 1;
for (ai = aibuf; ai && !connected; ai = ai->next)
{
if (ai->family == AF_INET
&& ((flags & HTTP_FLAG_IGNORE_IPv4) || !v4_valid))
continue;
if (ai->family == AF_INET6
&& ((flags & HTTP_FLAG_IGNORE_IPv6) || !v6_valid))
continue;
if (sock != ASSUAN_INVALID_FD)
assuan_sock_close (sock);
sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
if (sock == ASSUAN_INVALID_FD)
{
if (errno == EAFNOSUPPORT)
{
if (ai->family == AF_INET)
v4_valid = 0;
if (ai->family == AF_INET6)
v6_valid = 0;
continue;
}
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
log_error ("error creating socket: %s\n", gpg_strerror (err));
free_dns_addrinfo (aibuf);
xfree (serverlist);
return err;
}
anyhostaddr = 1;
err = connect_with_timeout (sock, (struct sockaddr *)ai->addr,
ai->addrlen, timeout);
if (err)
{
last_err = err;
}
else
{
connected = 1;
notify_netactivity ();
}
}
free_dns_addrinfo (aibuf);
}
xfree (serverlist);
if (!connected)
{
if (!hostfound)
log_error ("can't connect to '%s': %s\n",
server, "host not found");
else if (!anyhostaddr)
log_error ("can't connect to '%s': %s\n",
server, "no IP address for host");
else
{
#ifdef HAVE_W32_SYSTEM
log_error ("can't connect to '%s': ec=%d\n",
server, (int)WSAGetLastError());
#else
log_error ("can't connect to '%s': %s\n",
server, gpg_strerror (last_err));
#endif
}
err = last_err? last_err : gpg_err_make (default_errsource,
GPG_ERR_UNKNOWN_HOST);
if (sock != ASSUAN_INVALID_FD)
assuan_sock_close (sock);
return err;
}
*r_sock = sock;
return 0;
}
/* Helper to read from a socket. This handles npth things and
* EINTR. */
static gpgrt_ssize_t
read_server (assuan_fd_t sock, void *buffer, size_t size)
{
int nread;
do
{
#ifdef HAVE_W32_SYSTEM
/* Under Windows we need to use recv for a socket. */
# if defined(USE_NPTH)
npth_unprotect ();
# endif
nread = recv (FD2INT (sock), buffer, size, 0);
# if defined(USE_NPTH)
npth_protect ();
# endif
#else /*!HAVE_W32_SYSTEM*/
# ifdef USE_NPTH
nread = npth_read (sock, buffer, size);
# else
nread = read (sock, buffer, size);
# endif
#endif /*!HAVE_W32_SYSTEM*/
}
while (nread == -1 && errno == EINTR);
return nread;
}
static gpg_error_t
write_server (assuan_fd_t sock, const char *data, size_t length)
{
int nleft;
int nwritten;
nleft = length;
while (nleft > 0)
{
#if defined(HAVE_W32_SYSTEM)
# if defined(USE_NPTH)
npth_unprotect ();
# endif
nwritten = send (FD2INT (sock), data, nleft, 0);
# if defined(USE_NPTH)
npth_protect ();
# endif
if ( nwritten == SOCKET_ERROR )
{
log_info ("network write failed: ec=%d\n", (int)WSAGetLastError ());
return gpg_error (GPG_ERR_NETWORK);
}
#else /*!HAVE_W32_SYSTEM*/
# ifdef USE_NPTH
nwritten = npth_write (sock, data, nleft);
# else
nwritten = write (sock, data, nleft);
# endif
if (nwritten == -1)
{
if (errno == EINTR)
continue;
if (errno == EAGAIN)
{
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 50000;
my_select (0, NULL, NULL, NULL, &tv);
continue;
}
log_info ("network write failed: %s\n", strerror (errno));
return gpg_error_from_syserror ();
}
#endif /*!HAVE_W32_SYSTEM*/
nleft -= nwritten;
data += nwritten;
}
return 0;
}
/* Read handler for estream. */
static gpgrt_ssize_t
cookie_read (void *cookie, void *buffer, size_t size)
{
cookie_t c = cookie;
int nread;
if (c->content_length_valid)
{
if (!c->content_length)
return 0; /* EOF */
if (c->content_length < size)
size = c->content_length;
}
#if HTTP_USE_NTBTLS
if (c->use_tls && c->session && c->session->tls_session)
{
estream_t in, out;
ntbtls_get_stream (c->session->tls_session, &in, &out);
nread = es_fread (buffer, 1, size, in);
if (opt_debug)
log_debug ("TLS network read: %d/%zu\n", nread, size);
}
else
#elif HTTP_USE_GNUTLS
if (c->use_tls && c->session && c->session->tls_session)
{
again:
nread = gnutls_record_recv (c->session->tls_session, buffer, size);
if (nread < 0)
{
if (nread == GNUTLS_E_INTERRUPTED)
goto again;
if (nread == GNUTLS_E_AGAIN)
{
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 50000;
my_select (0, NULL, NULL, NULL, &tv);
goto again;
}
if (nread == GNUTLS_E_REHANDSHAKE)
goto again; /* A client is allowed to just ignore this request. */
if (nread == GNUTLS_E_PREMATURE_TERMINATION)
{
/* The server terminated the connection. Close the TLS
session, and indicate EOF using a short read. */
close_tls_session (c->session);
return 0;
}
log_info ("TLS network read failed: %s\n", gnutls_strerror (nread));
gpg_err_set_errno (EIO);
return -1;
}
}
else
#endif /*HTTP_USE_GNUTLS*/
{
nread = read_server (c->sock->fd, buffer, size);
}
if (c->content_length_valid && nread > 0)
{
if (nread < c->content_length)
c->content_length -= nread;
else
c->content_length = 0;
}
return (gpgrt_ssize_t)nread;
}
/* Write handler for estream. */
static gpgrt_ssize_t
cookie_write (void *cookie, const void *buffer_arg, size_t size)
{
const char *buffer = buffer_arg;
cookie_t c = cookie;
int nwritten = 0;
#if HTTP_USE_NTBTLS
if (c->use_tls && c->session && c->session->tls_session)
{
estream_t in, out;
ntbtls_get_stream (c->session->tls_session, &in, &out);
if (size == 0)
es_fflush (out);
else
nwritten = es_fwrite (buffer, 1, size, out);
if (opt_debug)
log_debug ("TLS network write: %d/%zu\n", nwritten, size);
}
else
#elif HTTP_USE_GNUTLS
if (c->use_tls && c->session && c->session->tls_session)
{
int nleft = size;
while (nleft > 0)
{
nwritten = gnutls_record_send (c->session->tls_session,
buffer, nleft);
if (nwritten <= 0)
{
if (nwritten == GNUTLS_E_INTERRUPTED)
continue;
if (nwritten == GNUTLS_E_AGAIN)
{
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 50000;
my_select (0, NULL, NULL, NULL, &tv);
continue;
}
log_info ("TLS network write failed: %s\n",
gnutls_strerror (nwritten));
gpg_err_set_errno (EIO);
return -1;
}
nleft -= nwritten;
buffer += nwritten;
}
}
else
#endif /*HTTP_USE_GNUTLS*/
{
if ( write_server (c->sock->fd, buffer, size) )
{
gpg_err_set_errno (EIO);
nwritten = -1;
}
else
nwritten = size;
}
return (gpgrt_ssize_t)nwritten;
}
#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
static gpgrt_ssize_t
simple_cookie_read (void *cookie, void *buffer, size_t size)
{
assuan_fd_t sock = (assuan_fd_t)cookie;
return read_server (sock, buffer, size);
}
static gpgrt_ssize_t
simple_cookie_write (void *cookie, const void *buffer_arg, size_t size)
{
assuan_fd_t sock = (assuan_fd_t)cookie;
const char *buffer = buffer_arg;
int nwritten;
if (write_server (sock, buffer, size))
{
gpg_err_set_errno (EIO);
nwritten = -1;
}
else
nwritten = size;
return (gpgrt_ssize_t)nwritten;
}
#endif /*HAVE_W32_SYSTEM*/
#ifdef HTTP_USE_GNUTLS
/* Wrapper for gnutls_bye used by my_socket_unref. */
static void
send_gnutls_bye (void *opaque)
{
tls_session_t tls_session = opaque;
int ret;
again:
do
ret = gnutls_bye (tls_session, GNUTLS_SHUT_RDWR);
while (ret == GNUTLS_E_INTERRUPTED);
if (ret == GNUTLS_E_AGAIN)
{
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 50000;
my_select (0, NULL, NULL, NULL, &tv);
goto again;
}
}
#endif /*HTTP_USE_GNUTLS*/
/* Close handler for estream. */
static int
cookie_close (void *cookie)
{
cookie_t c = cookie;
if (!c)
return 0;
#if HTTP_USE_NTBTLS
if (c->use_tls && c->session && c->session->tls_session)
{
/* FIXME!! Possibly call ntbtls_close_notify for close
of write stream. */
my_socket_unref (c->sock, NULL, NULL);
}
else
#elif HTTP_USE_GNUTLS
if (c->use_tls && c->session && c->session->tls_session)
my_socket_unref (c->sock, send_gnutls_bye, c->session->tls_session);
else
#endif /*HTTP_USE_GNUTLS*/
if (c->sock)
my_socket_unref (c->sock, NULL, NULL);
if (c->session)
http_session_unref (c->session);
xfree (c);
return 0;
}
/* Verify the credentials of the server. Returns 0 on success and
store the result in the session object. */
gpg_error_t
http_verify_server_credentials (http_session_t sess)
{
#if HTTP_USE_GNUTLS
static const char errprefix[] = "TLS verification of peer failed";
int rc;
unsigned int status;
const char *hostname;
const gnutls_datum_t *certlist;
unsigned int certlistlen;
gnutls_x509_crt_t cert;
gpg_error_t err = 0;
sess->verify.done = 1;
sess->verify.status = 0;
sess->verify.rc = GNUTLS_E_CERTIFICATE_ERROR;
if (gnutls_certificate_type_get (sess->tls_session) != GNUTLS_CRT_X509)
{
log_error ("%s: %s\n", errprefix, "not an X.509 certificate");
sess->verify.rc = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
return gpg_error (GPG_ERR_GENERAL);
}
rc = gnutls_certificate_verify_peers2 (sess->tls_session, &status);
if (rc)
{
log_error ("%s: %s\n", errprefix, gnutls_strerror (rc));
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
}
else if (status)
{
log_error ("%s: status=0x%04x\n", errprefix, status);
#if GNUTLS_VERSION_NUMBER >= 0x030104
{
gnutls_datum_t statusdat;
if (!gnutls_certificate_verification_status_print
(status, GNUTLS_CRT_X509, &statusdat, 0))
{
log_info ("%s: %s\n", errprefix, statusdat.data);
gnutls_free (statusdat.data);
}
}
#endif /*gnutls >= 3.1.4*/
sess->verify.status = status;
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
}
hostname = sess->servername;
if (!hostname || !strchr (hostname, '.'))
{
log_error ("%s: %s\n", errprefix, "hostname missing");
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
}
certlist = gnutls_certificate_get_peers (sess->tls_session, &certlistlen);
if (!certlistlen)
{
log_error ("%s: %s\n", errprefix, "server did not send a certificate");
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
/* Need to stop here. */
if (err)
return err;
}
rc = gnutls_x509_crt_init (&cert);
if (rc < 0)
{
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
if (err)
return err;
}
rc = gnutls_x509_crt_import (cert, &certlist[0], GNUTLS_X509_FMT_DER);
if (rc < 0)
{
log_error ("%s: %s: %s\n", errprefix, "error importing certificate",
gnutls_strerror (rc));
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
}
if (!gnutls_x509_crt_check_hostname (cert, hostname))
{
log_error ("%s: %s\n", errprefix, "hostname does not match");
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
}
gnutls_x509_crt_deinit (cert);
if (!err)
sess->verify.rc = 0;
if (sess->cert_log_cb)
{
const void *bufarr[10];
size_t buflenarr[10];
size_t n;
for (n = 0; n < certlistlen && n < DIM (bufarr)-1; n++)
{
bufarr[n] = certlist[n].data;
buflenarr[n] = certlist[n].size;
}
bufarr[n] = NULL;
buflenarr[n] = 0;
sess->cert_log_cb (sess, err, hostname, bufarr, buflenarr);
}
return err;
#else /*!HTTP_USE_GNUTLS*/
(void)sess;
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
#endif
}
/* Return the first query variable with the specified key. If there
is no such variable, return NULL. */
struct uri_tuple_s *
uri_query_lookup (parsed_uri_t uri, const char *key)
{
struct uri_tuple_s *t;
for (t = uri->query; t; t = t->next)
if (strcmp (t->name, key) == 0)
return t;
return NULL;
}
const char *
uri_query_value (parsed_uri_t url, const char *key)
{
struct uri_tuple_s *t;
t = uri_query_lookup (url, key);
return t? t->value : NULL;
}
/* Return true if both URI point to the same host for the purpose of
* redirection check. A is the original host and B the host given in
* the Location header. As a temporary workaround a fixed list of
* exceptions is also consulted. */
static int
same_host_p (parsed_uri_t a, parsed_uri_t b)
{
static struct
{
const char *from; /* NULL uses the last entry from the table. */
const char *to;
} allow[] =
{
{ "protonmail.com", "api.protonmail.com" },
{ NULL, "api.protonmail.ch" },
{ "protonmail.ch", "api.protonmail.com" },
{ NULL, "api.protonmail.ch" },
{ "pm.me", "api.protonmail.ch" }
};
static const char *subdomains[] =
{
"openpgpkey."
};
int i;
const char *from;
if (!a->host || !b->host)
return 0;
if (!ascii_strcasecmp (a->host, b->host))
return 1;
from = NULL;
for (i=0; i < DIM (allow); i++)
{
if (allow[i].from)
from = allow[i].from;
if (!from)
continue;
if (!ascii_strcasecmp (from, a->host)
&& !ascii_strcasecmp (allow[i].to, b->host))
return 1;
}
/* Also consider hosts the same if they differ only in a subdomain;
* in both direction. This allows to have redirection between the
* WKD advanced and direct lookup methods. */
for (i=0; i < DIM (subdomains); i++)
{
const char *subdom = subdomains[i];
size_t subdomlen = strlen (subdom);
if (!ascii_strncasecmp (a->host, subdom, subdomlen)
&& !ascii_strcasecmp (a->host + subdomlen, b->host))
return 1;
if (!ascii_strncasecmp (b->host, subdom, subdomlen)
&& !ascii_strcasecmp (b->host + subdomlen, a->host))
return 1;
}
return 0;
}
/* Prepare a new URL for a HTTP redirect. INFO has flags controlling
* the operation, STATUS_CODE is used for diagnostics, LOCATION is the
* value of the "Location" header, and R_URL reveives the new URL on
* success or NULL or error. Note that INFO->ORIG_URL is
* required. */
gpg_error_t
http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
const char *location, char **r_url)
{
gpg_error_t err;
parsed_uri_t locuri;
parsed_uri_t origuri;
char *newurl;
char *p;
*r_url = NULL;
if (!info || !info->orig_url)
return gpg_error (GPG_ERR_INV_ARG);
if (!info->silent)
log_info (_("URL '%s' redirected to '%s' (%u)\n"),
info->orig_url, location? location:"[none]", status_code);
if (!info->redirects_left)
{
if (!info->silent)
log_error (_("too many redirections\n"));
return gpg_error (GPG_ERR_NO_DATA);
}
info->redirects_left--;
if (!location || !*location)
return gpg_error (GPG_ERR_NO_DATA);
err = http_parse_uri (&locuri, location, 0);
if (err)
return err;
/* Make sure that an onion address only redirects to another
* onion address, or that a https address only redirects to a
* https address. */
if (info->orig_onion && !locuri->onion)
{
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect %u"
" redirect from onion to non-onion address"
" rejected",
err);
http_release_parsed_uri (locuri);
return gpg_error (GPG_ERR_FORBIDDEN);
}
if (!info->allow_downgrade && info->orig_https && !locuri->use_tls)
{
err = gpg_error (GPG_ERR_FORBIDDEN);
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect %u"
" redirect '%s' to '%s' rejected",
err, info->orig_url, location);
http_release_parsed_uri (locuri);
return err;
}
if (info->trust_location)
{
/* We trust the Location - return it verbatim. */
http_release_parsed_uri (locuri);
newurl = xtrystrdup (location);
if (!newurl)
{
err = gpg_error_from_syserror ();
return err;
}
}
else if ((err = http_parse_uri (&origuri, info->orig_url, 0)))
{
http_release_parsed_uri (locuri);
return err;
}
else if (same_host_p (origuri, locuri))
{
/* The host is the same or on an exception list and thus we can
* take the location verbatim. */
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
newurl = xtrystrdup (location);
if (!newurl)
{
err = gpg_error_from_syserror ();
return err;
}
}
else
{
/* We take only the host and port from the URL given in the
* Location. This limits the effects of redirection attacks by
* rogue hosts returning an URL to servers in the client's own
* network. We don't even include the userinfo because they
* should be considered similar to the path and query parts.
*/
if (!(locuri->off_path - locuri->off_host))
{
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
return gpg_error (GPG_ERR_BAD_URI);
}
if (!(origuri->off_path - origuri->off_host))
{
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
return gpg_error (GPG_ERR_BAD_URI);
}
newurl = xtrymalloc (strlen (origuri->original)
+ (locuri->off_path - locuri->off_host) + 1);
if (!newurl)
{
err = gpg_error_from_syserror ();
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
return err;
}
/* Build new URL from
* uriguri: scheme userinfo ---- ---- path rest
* locuri: ------ -------- host port ---- ----
*/
p = newurl;
memcpy (p, origuri->original, origuri->off_host);
p += origuri->off_host;
memcpy (p, locuri->original + locuri->off_host,
(locuri->off_path - locuri->off_host));
p += locuri->off_path - locuri->off_host;
strcpy (p, origuri->original + origuri->off_path);
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
if (!info->silent)
log_info (_("redirection changed to '%s'\n"), newurl);
dirmngr_status_printf (info->ctrl, "WARNING",
"http_redirect_cleanup %u"
" changed from '%s' to '%s'",
0, info->orig_url, newurl);
}
*r_url = newurl;
return 0;
}
/* Return string describing the http STATUS. Returns an empty string
* for an unknown status. */
const char *
http_status2string (unsigned int status)
{
switch (status)
{
case 500: return "Internal Server Error";
case 501: return "Not Implemented";
case 502: return "Bad Gateway";
case 503: return "Service Unavailable";
case 504: return "Gateway Timeout";
case 505: return "HTTP version Not Supported";
case 506: return "Variant Also Negation";
case 507: return "Insufficient Storage";
case 508: return "Loop Detected";
case 510: return "Not Extended";
case 511: return "Network Authentication Required";
}
return "";
}
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 2880dcb47..ced92de21 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -1,3213 +1,3213 @@
/* server.c - LDAP and Keyserver access server
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
* Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2011, 2015 g10 Code GmbH
* Copyright (C) 2014, 2015, 2016 Werner Koch
* Copyright (C) 2016 Bundesamt für Sicherheit in der Informationstechnik
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*
* SPDX-License-Identifier: GPL-3.0+
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "dirmngr.h"
#include
#include "crlcache.h"
#include "crlfetch.h"
#if USE_LDAP
# include "ldapserver.h"
#endif
#include "ocsp.h"
#include "certcache.h"
#include "validate.h"
#include "misc.h"
#if USE_LDAP
# include "ldap-wrapper.h"
#endif
#include "ks-action.h"
#include "ks-engine.h" /* (ks_hkp_print_hosttable) */
#if USE_LDAP
# include "ldap-parse-uri.h"
#endif
#include "dns-stuff.h"
#include "../common/mbox-util.h"
#include "../common/zb32.h"
#include "../common/server-help.h"
/* To avoid DoS attacks we limit the size of a certificate to
something reasonable. The DoS was actually only an issue back when
Dirmngr was a system service and not a user service. */
#define MAX_CERT_LENGTH (16*1024)
/* The limit for the CERTLIST inquiry. We allow for up to 20
* certificates but also take PEM encoding into account. */
#define MAX_CERTLIST_LENGTH ((MAX_CERT_LENGTH * 20 * 4)/3)
/* The same goes for OpenPGP keyblocks, but here we need to allow for
much longer blocks; a 200k keyblock is not too unusual for keys
with a lot of signatures (e.g. 0x5b0358a2). 9C31503C6D866396 even
has 770 KiB as of 2015-08-23. To avoid adding a runtime option we
now use 20MiB which should really be enough. Well, a key with
several pictures could be larger (the parser as a 18MiB limit for
attribute packets) but it won't be nice to the keyservers to send
them such large blobs. */
#define MAX_KEYBLOCK_LENGTH (20*1024*1024)
#define PARM_ERROR(t) assuan_set_error (ctx, \
gpg_error (GPG_ERR_ASS_PARAMETER), (t))
#define set_error(e,t) (ctx ? assuan_set_error (ctx, gpg_error (e), (t)) \
/**/: gpg_error (e))
/* Control structure per connection. */
struct server_local_s
{
/* Data used to associate an Assuan context with local server data */
assuan_context_t assuan_ctx;
/* The session id (a counter). */
unsigned int session_id;
/* Per-session LDAP servers. */
ldap_server_t ldapservers;
/* Per-session list of keyservers. */
uri_item_t keyservers;
/* If this flag is set to true this dirmngr process will be
terminated after the end of this session. */
int stopme;
/* State variable private to is_tor_running. */
int tor_state;
/* If the first both flags are set the assuan logging of data lines
* is suppressed. The count variable is used to show the number of
* non-logged bytes. */
size_t inhibit_data_logging_count;
unsigned int inhibit_data_logging : 1;
unsigned int inhibit_data_logging_now : 1;
};
/* Cookie definition for assuan data line output. */
static gpgrt_ssize_t data_line_cookie_write (void *cookie,
const void *buffer, size_t size);
static int data_line_cookie_close (void *cookie);
static es_cookie_io_functions_t data_line_cookie_functions =
{
NULL,
data_line_cookie_write,
NULL,
data_line_cookie_close
};
/* Local prototypes */
static const char *task_check_wkd_support (ctrl_t ctrl, const char *domain);
/* Accessor for the local ldapservers variable. */
ldap_server_t
get_ldapservers_from_ctrl (ctrl_t ctrl)
{
if (ctrl && ctrl->server_local)
return ctrl->server_local->ldapservers;
else
return NULL;
}
/* Release an uri_item_t list. */
static void
release_uri_item_list (uri_item_t list)
{
while (list)
{
uri_item_t tmp = list->next;
http_release_parsed_uri (list->parsed_uri);
xfree (list);
list = tmp;
}
}
/* Release all configured keyserver info from CTRL. */
void
release_ctrl_keyservers (ctrl_t ctrl)
{
if (! ctrl->server_local)
return;
release_uri_item_list (ctrl->server_local->keyservers);
ctrl->server_local->keyservers = NULL;
}
/* Helper to print a message while leaving a command. */
static gpg_error_t
leave_cmd (assuan_context_t ctx, gpg_error_t err)
{
if (err)
{
const char *name = assuan_get_command_name (ctx);
if (!name)
name = "?";
if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
log_error ("command '%s' failed: %s\n", name,
gpg_strerror (err));
else
log_error ("command '%s' failed: %s <%s>\n", name,
gpg_strerror (err), gpg_strsource (err));
}
return err;
}
/* This is a wrapper around assuan_send_data which makes debugging the
output in verbose mode easier. */
static gpg_error_t
data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
const char *buffer = buffer_arg;
gpg_error_t err;
/* If we do not want logging, enable it here. */
if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging)
ctrl->server_local->inhibit_data_logging_now = 1;
if (opt.verbose && buffer && size)
{
/* Ease reading of output by sending a physical line at each LF. */
const char *p;
size_t n, nbytes;
nbytes = size;
do
{
p = memchr (buffer, '\n', nbytes);
n = p ? (p - buffer) + 1 : nbytes;
err = assuan_send_data (ctx, buffer, n);
if (err)
{
gpg_err_set_errno (EIO);
goto leave;
}
buffer += n;
nbytes -= n;
if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */
{
gpg_err_set_errno (EIO);
goto leave;
}
}
while (nbytes);
}
else
{
err = assuan_send_data (ctx, buffer, size);
if (err)
{
gpg_err_set_errno (EIO); /* For use by data_line_cookie_write. */
goto leave;
}
}
leave:
if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging)
{
ctrl->server_local->inhibit_data_logging_now = 0;
ctrl->server_local->inhibit_data_logging_count += size;
}
return err;
}
/* A write handler used by es_fopencookie to write assuan data
lines. */
static gpgrt_ssize_t
data_line_cookie_write (void *cookie, const void *buffer, size_t size)
{
assuan_context_t ctx = cookie;
if (data_line_write (ctx, buffer, size))
return -1;
return (gpgrt_ssize_t)size;
}
static int
data_line_cookie_close (void *cookie)
{
assuan_context_t ctx = cookie;
if (DBG_IPC)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
if (ctrl && ctrl->server_local
&& ctrl->server_local->inhibit_data_logging
&& ctrl->server_local->inhibit_data_logging_count)
log_debug ("(%zu bytes sent via D lines not shown)\n",
ctrl->server_local->inhibit_data_logging_count);
}
if (assuan_send_data (ctx, NULL, 0))
{
gpg_err_set_errno (EIO);
return -1;
}
return 0;
}
/* Copy the % and + escaped string S into the buffer D and replace the
escape sequences. Note, that it is sufficient to allocate the
target string D as long as the source string S, i.e.: strlen(s)+1.
Note further that if S contains an escaped binary Nul the resulting
string D will contain the 0 as well as all other characters but it
will be impossible to know whether this is the original EOS or a
copied Nul. */
static void
strcpy_escaped_plus (char *d, const unsigned char *s)
{
while (*s)
{
if (*s == '%' && s[1] && s[2])
{
s++;
*d++ = xtoi_2 ( s);
s += 2;
}
else if (*s == '+')
*d++ = ' ', s++;
else
*d++ = *s++;
}
*d = 0;
}
/* This function returns true if a Tor server is running. The status
* is cached for the current connection. */
static int
is_tor_running (ctrl_t ctrl)
{
/* Check whether we can connect to the proxy. */
if (!ctrl || !ctrl->server_local)
return 0; /* Ooops. */
if (!ctrl->server_local->tor_state)
{
assuan_fd_t sock;
sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
if (sock == ASSUAN_INVALID_FD)
ctrl->server_local->tor_state = -1; /* Not running. */
else
{
assuan_sock_close (sock);
ctrl->server_local->tor_state = 1; /* Running. */
}
}
return (ctrl->server_local->tor_state > 0);
}
/* Return an error if the assuan context does not belong to the owner
of the process or to root. On error FAILTEXT is set as Assuan
error string. */
static gpg_error_t
check_owner_permission (assuan_context_t ctx, const char *failtext)
{
#ifdef HAVE_W32_SYSTEM
/* Under Windows the dirmngr is always run under the control of the
user. */
(void)ctx;
(void)failtext;
#else
gpg_err_code_t ec;
assuan_peercred_t cred;
ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
if (!ec && cred->uid && cred->uid != getuid ())
ec = GPG_ERR_EPERM;
if (ec)
return set_error (ec, failtext);
#endif
return 0;
}
/* Common code for get_cert_local and get_issuer_cert_local. */
static ksba_cert_t
do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
{
unsigned char *value;
size_t valuelen;
int rc;
char *buf;
ksba_cert_t cert;
buf = name? strconcat (command, " ", name, NULL) : xtrystrdup (command);
if (!buf)
rc = gpg_error_from_syserror ();
else
{
rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
&value, &valuelen, MAX_CERT_LENGTH);
xfree (buf);
}
if (rc)
{
log_error (_("assuan_inquire(%s) failed: %s\n"),
command, gpg_strerror (rc));
return NULL;
}
if (!valuelen)
{
xfree (value);
return NULL;
}
rc = ksba_cert_new (&cert);
if (!rc)
{
rc = ksba_cert_init_from_mem (cert, value, valuelen);
if (rc)
{
ksba_cert_release (cert);
cert = NULL;
}
}
xfree (value);
return cert;
}
/* Ask back to return a certificate for NAME, given as a regular gpgsm
* certificate identifier (e.g. fingerprint or one of the other
* methods). Alternatively, NULL may be used for NAME to return the
* current target certificate. Either return the certificate in a
* KSBA object or NULL if it is not available. */
ksba_cert_t
get_cert_local (ctrl_t ctrl, const char *name)
{
if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
{
if (opt.debug)
log_debug ("get_cert_local called w/o context\n");
return NULL;
}
return do_get_cert_local (ctrl, name, "SENDCERT");
}
/* Ask back to return the issuing certificate for NAME, given as a
* regular gpgsm certificate identifier (e.g. fingerprint or one
* of the other methods). Alternatively, NULL may be used for NAME to
* return the current target certificate. Either return the certificate
* in a KSBA object or NULL if it is not available. */
ksba_cert_t
get_issuing_cert_local (ctrl_t ctrl, const char *name)
{
if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
{
if (opt.debug)
log_debug ("get_issuing_cert_local called w/o context\n");
return NULL;
}
return do_get_cert_local (ctrl, name, "SENDISSUERCERT");
}
/* Ask back to return a certificate with subject NAME and a
* subjectKeyIdentifier of KEYID. */
ksba_cert_t
get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
{
unsigned char *value;
size_t valuelen;
int rc;
char *buf;
ksba_cert_t cert;
char *hexkeyid;
if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
{
if (opt.debug)
log_debug ("get_cert_local_ski called w/o context\n");
return NULL;
}
if (!name || !keyid)
{
log_debug ("get_cert_local_ski called with insufficient arguments\n");
return NULL;
}
hexkeyid = serial_hex (keyid);
if (!hexkeyid)
{
log_debug ("serial_hex() failed\n");
return NULL;
}
buf = strconcat ("SENDCERT_SKI ", hexkeyid, " /", name, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexkeyid);
return NULL;
}
xfree (hexkeyid);
rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
&value, &valuelen, MAX_CERT_LENGTH);
xfree (buf);
if (rc)
{
log_error (_("assuan_inquire(%s) failed: %s\n"), "SENDCERT_SKI",
gpg_strerror (rc));
return NULL;
}
if (!valuelen)
{
xfree (value);
return NULL;
}
rc = ksba_cert_new (&cert);
if (!rc)
{
rc = ksba_cert_init_from_mem (cert, value, valuelen);
if (rc)
{
ksba_cert_release (cert);
cert = NULL;
}
}
xfree (value);
return cert;
}
/* Ask the client via an inquiry to check the istrusted status of the
certificate specified by the hexified fingerprint HEXFPR. Returns
0 if the certificate is trusted by the client or an error code. */
gpg_error_t
get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr)
{
unsigned char *value;
size_t valuelen;
int rc;
char request[100];
if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx
|| !hexfpr)
return gpg_error (GPG_ERR_INV_ARG);
snprintf (request, sizeof request, "ISTRUSTED %s", hexfpr);
rc = assuan_inquire (ctrl->server_local->assuan_ctx, request,
&value, &valuelen, 100);
if (rc)
{
log_error (_("assuan_inquire(%s) failed: %s\n"),
request, gpg_strerror (rc));
return rc;
}
/* The expected data is: "1" or "1 cruft" (not a C-string). */
if (valuelen && *value == '1' && (valuelen == 1 || spacep (value+1)))
rc = 0;
else
rc = gpg_error (GPG_ERR_NOT_TRUSTED);
xfree (value);
return rc;
}
/* Ask the client to return the certificate associated with the
current command. This is sometimes needed because the client usually
sends us just the cert ID, assuming that the request can be
satisfied from the cache, where the cert ID is used as key. */
static int
inquire_cert_and_load_crl (assuan_context_t ctx)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
unsigned char *value = NULL;
size_t valuelen;
ksba_cert_t cert = NULL;
err = assuan_inquire( ctx, "SENDCERT", &value, &valuelen, 0);
if (err)
return err;
/* { */
/* FILE *fp = fopen ("foo.der", "r"); */
/* value = xmalloc (2000); */
/* valuelen = fread (value, 1, 2000, fp); */
/* fclose (fp); */
/* } */
if (!valuelen) /* No data returned; return a comprehensible error. */
return gpg_error (GPG_ERR_MISSING_CERT);
err = ksba_cert_new (&cert);
if (err)
goto leave;
err = ksba_cert_init_from_mem (cert, value, valuelen);
if(err)
goto leave;
xfree (value); value = NULL;
err = crl_cache_reload_crl (ctrl, cert);
leave:
ksba_cert_release (cert);
xfree (value);
return err;
}
/* Handle OPTION commands. */
static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
if (!strcmp (key, "force-crl-refresh"))
{
int i = *value? atoi (value) : 0;
ctrl->force_crl_refresh = i;
}
else if (!strcmp (key, "audit-events"))
{
int i = *value? atoi (value) : 0;
ctrl->audit_events = i;
}
else if (!strcmp (key, "http-proxy"))
{
xfree (ctrl->http_proxy);
if (!*value || !strcmp (value, "none"))
ctrl->http_proxy = NULL;
else if (!(ctrl->http_proxy = xtrystrdup (value)))
err = gpg_error_from_syserror ();
}
else if (!strcmp (key, "honor-keyserver-url-used"))
{
/* Return an error if we are running in Tor mode. */
if (dirmngr_use_tor ())
err = gpg_error (GPG_ERR_FORBIDDEN);
}
else if (!strcmp (key, "http-crl"))
{
int i = *value? atoi (value) : 0;
ctrl->http_no_crl = !i;
}
else
err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
return err;
}
static const char hlp_dns_cert[] =
"DNS_CERT \n"
"DNS_CERT --pka \n"
"DNS_CERT --dane \n"
"\n"
"Return the CERT record for . is one of\n"
" * Return the first record of any supported subtype\n"
" PGP Return the first record of subtype PGP (3)\n"
" IPGP Return the first record of subtype IPGP (6)\n"
"If the content of a certificate is available (PGP) it is returned\n"
"by data lines. Fingerprints and URLs are returned via status lines.\n"
"In --pka mode the fingerprint and if available an URL is returned.\n"
"In --dane mode the key is returned from RR type 61";
static gpg_error_t
cmd_dns_cert (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
int pka_mode, dane_mode;
char *mbox = NULL;
char *namebuf = NULL;
char *encodedhash = NULL;
const char *name;
int certtype;
char *p;
void *key = NULL;
size_t keylen;
unsigned char *fpr = NULL;
size_t fprlen;
char *url = NULL;
pka_mode = has_option (line, "--pka");
dane_mode = has_option (line, "--dane");
line = skip_options (line);
if (pka_mode && dane_mode)
{
err = PARM_ERROR ("either --pka or --dane may be given");
goto leave;
}
if (pka_mode || dane_mode)
; /* No need to parse here - we do this later. */
else
{
p = strchr (line, ' ');
if (!p)
{
err = PARM_ERROR ("missing arguments");
goto leave;
}
*p++ = 0;
if (!strcmp (line, "*"))
certtype = DNS_CERTTYPE_ANY;
else if (!strcmp (line, "IPGP"))
certtype = DNS_CERTTYPE_IPGP;
else if (!strcmp (line, "PGP"))
certtype = DNS_CERTTYPE_PGP;
else
{
err = PARM_ERROR ("unknown subtype");
goto leave;
}
while (spacep (p))
p++;
line = p;
if (!*line)
{
err = PARM_ERROR ("name missing");
goto leave;
}
}
if (pka_mode || dane_mode)
{
char *domain; /* Points to mbox. */
char hashbuf[32]; /* For SHA-1 and SHA-256. */
/* We lowercase ascii characters but the DANE I-D does not allow
this. FIXME: Check after the release of the RFC whether to
change this. */
mbox = mailbox_from_userid (line, 0);
if (!mbox || !(domain = strchr (mbox, '@')))
{
err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
goto leave;
}
*domain++ = 0;
if (pka_mode)
{
gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
encodedhash = zb32_encode (hashbuf, 8*20);
if (!encodedhash)
{
err = gpg_error_from_syserror ();
goto leave;
}
namebuf = strconcat (encodedhash, "._pka.", domain, NULL);
if (!namebuf)
{
err = gpg_error_from_syserror ();
goto leave;
}
name = namebuf;
certtype = DNS_CERTTYPE_IPGP;
}
else
{
/* Note: The hash is truncated to 28 bytes and we lowercase
the result only for aesthetic reasons. */
gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, mbox, strlen (mbox));
encodedhash = bin2hex (hashbuf, 28, NULL);
if (!encodedhash)
{
err = gpg_error_from_syserror ();
goto leave;
}
ascii_strlwr (encodedhash);
namebuf = strconcat (encodedhash, "._openpgpkey.", domain, NULL);
if (!namebuf)
{
err = gpg_error_from_syserror ();
goto leave;
}
name = namebuf;
certtype = DNS_CERTTYPE_RR61;
}
}
else
name = line;
err = get_dns_cert (ctrl, name, certtype, &key, &keylen, &fpr, &fprlen, &url);
if (err)
goto leave;
if (key)
{
err = data_line_write (ctx, key, keylen);
if (err)
goto leave;
}
if (fpr)
{
char *tmpstr;
tmpstr = bin2hex (fpr, fprlen, NULL);
if (!tmpstr)
err = gpg_error_from_syserror ();
else
{
err = assuan_write_status (ctx, "FPR", tmpstr);
xfree (tmpstr);
}
if (err)
goto leave;
}
if (url)
{
err = assuan_write_status (ctx, "URL", url);
if (err)
goto leave;
}
leave:
xfree (key);
xfree (fpr);
xfree (url);
xfree (mbox);
xfree (namebuf);
xfree (encodedhash);
return leave_cmd (ctx, err);
}
/* Core of cmd_wkd_get and task_check_wkd_support. If CTX is NULL
* this function will not write anything to the assuan output. */
static gpg_error_t
proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
{
gpg_error_t err = 0;
char *mbox = NULL;
char *domainbuf = NULL;
char *domain; /* Points to mbox or domainbuf. This is used to
* connect to the host. */
char *domain_orig;/* Points to mbox. This is the used for the
* query; i.e. the domain part of the
* addrspec. */
char sha1buf[20];
char *uri = NULL;
char *encodedhash = NULL;
int opt_submission_addr;
int opt_policy_flags;
int is_wkd_query; /* True if this is a real WKD query. */
int no_log = 0;
char portstr[20] = { 0 };
int subdomain_mode = 0;
opt_submission_addr = has_option (line, "--submission-address");
opt_policy_flags = has_option (line, "--policy-flags");
if (has_option (line, "--quick"))
ctrl->timeout = opt.connect_quick_timeout;
line = skip_options (line);
is_wkd_query = !(opt_policy_flags || opt_submission_addr);
mbox = mailbox_from_userid (line, 0);
if (!mbox || !(domain = strchr (mbox, '@')))
{
err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
goto leave;
}
*domain++ = 0;
domain_orig = domain;
/* Let's check whether we already know that the domain does not
* support WKD. */
if (is_wkd_query)
{
if (domaininfo_is_wkd_not_supported (domain_orig))
{
err = gpg_error (GPG_ERR_NO_DATA);
dirmngr_status_printf (ctrl, "NOTE", "wkd_cached_result %u", err);
goto leave;
}
}
/* First try the new "openpgp" subdomain. We check that the domain
* is valid because it is later used as an unescaped filename part
* of the URI. */
if (is_valid_domain_name (domain_orig))
{
dns_addrinfo_t aibuf;
domainbuf = strconcat ( "openpgpkey.", domain_orig, NULL);
if (!domainbuf)
{
err = gpg_error_from_syserror ();
goto leave;
}
/* FIXME: We should put a cache into dns-stuff because the same
* query (with a different port and socket type, though) will be
* done later by http function. */
err = resolve_dns_name (ctrl, domainbuf, 0, 0, 0, &aibuf, NULL);
if (err)
{
err = 0;
xfree (domainbuf);
domainbuf = NULL;
}
else /* Got a subdomain. */
{
free_dns_addrinfo (aibuf);
subdomain_mode = 1;
domain = domainbuf;
}
}
/* Check for SRV records unless we have a subdomain. */
if (!subdomain_mode)
{
struct srventry *srvs;
unsigned int srvscount;
size_t domainlen, targetlen;
int i;
err = get_dns_srv (ctrl, domain, "openpgpkey", NULL, &srvs, &srvscount);
if (err)
goto leave;
/* Check for rogue DNS names. */
for (i = 0; i < srvscount; i++)
{
if (!is_valid_domain_name (srvs[i].target))
{
err = gpg_error (GPG_ERR_DNS_ADDRESS);
log_error ("rogue openpgpkey SRV record for '%s'\n", domain);
xfree (srvs);
goto leave;
}
}
/* Find the first target which also ends in DOMAIN or is equal
* to DOMAIN. */
domainlen = strlen (domain);
for (i = 0; i < srvscount; i++)
{
if (DBG_DNS)
log_debug ("srv: trying '%s:%hu'\n", srvs[i].target, srvs[i].port);
targetlen = strlen (srvs[i].target);
if ((targetlen > domainlen + 1
&& srvs[i].target[targetlen - domainlen - 1] == '.'
&& !ascii_strcasecmp (srvs[i].target + targetlen - domainlen,
domain))
|| (targetlen == domainlen
&& !ascii_strcasecmp (srvs[i].target, domain)))
{
/* found. */
domainbuf = xtrystrdup (srvs[i].target);
if (!domainbuf)
{
err = gpg_error_from_syserror ();
xfree (srvs);
goto leave;
}
domain = domainbuf;
if (srvs[i].port)
snprintf (portstr, sizeof portstr, ":%hu", srvs[i].port);
break;
}
}
xfree (srvs);
}
/* Prepare the hash of the local part. */
gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, mbox, strlen (mbox));
encodedhash = zb32_encode (sha1buf, 8*20);
if (!encodedhash)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (opt_submission_addr)
{
uri = strconcat ("https://",
domain,
portstr,
"/.well-known/openpgpkey/",
subdomain_mode? domain_orig : "",
subdomain_mode? "/" : "",
"submission-address",
NULL);
}
else if (opt_policy_flags)
{
uri = strconcat ("https://",
domain,
portstr,
"/.well-known/openpgpkey/",
subdomain_mode? domain_orig : "",
subdomain_mode? "/" : "",
"policy",
NULL);
}
else
{
char *escapedmbox;
escapedmbox = http_escape_string (mbox, "%;?&=");
if (escapedmbox)
{
uri = strconcat ("https://",
domain,
portstr,
"/.well-known/openpgpkey/",
subdomain_mode? domain_orig : "",
subdomain_mode? "/" : "",
"hu/",
encodedhash,
"?l=",
escapedmbox,
NULL);
xfree (escapedmbox);
no_log = 1;
if (uri)
{
err = dirmngr_status_printf (ctrl, "SOURCE", "https://%s%s",
domain, portstr);
if (err)
goto leave;
}
}
}
if (!uri)
{
err = gpg_error_from_syserror ();
goto leave;
}
/* Setup an output stream and perform the get. */
{
estream_t outfp;
outfp = ctx? es_fopencookie (ctx, "w", data_line_cookie_functions) : NULL;
if (!outfp && ctx)
err = set_error (GPG_ERR_ASS_GENERAL,
"error setting up a data stream");
else
{
if (ctrl->server_local)
{
if (no_log)
ctrl->server_local->inhibit_data_logging = 1;
ctrl->server_local->inhibit_data_logging_now = 0;
ctrl->server_local->inhibit_data_logging_count = 0;
}
err = ks_action_fetch (ctrl, uri, outfp);
es_fclose (outfp);
if (ctrl->server_local)
ctrl->server_local->inhibit_data_logging = 0;
/* Register the result under the domain name of MBOX. */
switch (gpg_err_code (err))
{
case 0:
domaininfo_set_wkd_supported (domain_orig);
break;
case GPG_ERR_NO_NAME:
/* There is no such domain. */
domaininfo_set_no_name (domain_orig);
break;
case GPG_ERR_NO_DATA:
if (is_wkd_query && ctrl->server_local)
{
/* Mark that and schedule a check. */
domaininfo_set_wkd_not_found (domain_orig);
workqueue_add_task (task_check_wkd_support, domain_orig,
ctrl->server_local->session_id, 1);
}
else if (opt_policy_flags) /* No policy file - no support. */
domaininfo_set_wkd_not_supported (domain_orig);
break;
default:
/* Don't register other errors. */
break;
}
}
}
leave:
xfree (uri);
xfree (encodedhash);
xfree (mbox);
xfree (domainbuf);
return err;
}
static const char hlp_wkd_get[] =
"WKD_GET [--submission-address|--policy-flags] \n"
"\n"
"Return the key or other info for \n"
"from the Web Key Directory.";
static gpg_error_t
cmd_wkd_get (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
err = proc_wkd_get (ctrl, ctx, line);
return leave_cmd (ctx, err);
}
/* A task to check whether DOMAIN supports WKD. This is done by
* checking whether the policy flags file can be read. */
static const char *
task_check_wkd_support (ctrl_t ctrl, const char *domain)
{
char *string;
if (!ctrl || !domain)
return "check_wkd_support";
string = strconcat ("--policy-flags foo@", domain, NULL);
if (!string)
log_error ("%s: %s\n", __func__, gpg_strerror (gpg_error_from_syserror ()));
else
{
proc_wkd_get (ctrl, NULL, string);
xfree (string);
}
return NULL;
}
static const char hlp_ldapserver[] =
"LDAPSERVER [--clear] \n"
"\n"
"Add a new LDAP server to the list of configured LDAP servers.\n"
"DATA is in the same format as expected in the configure file.\n"
"An optional prefix \"ldap:\" is allowed. With no args all\n"
"configured ldapservers are listed. Option --clear removes all\n"
"servers configured in this session.";
static gpg_error_t
cmd_ldapserver (assuan_context_t ctx, char *line)
{
#if USE_LDAP
ctrl_t ctrl = assuan_get_pointer (ctx);
ldap_server_t server;
ldap_server_t *last_next_p;
int clear_flag;
clear_flag = has_option (line, "--clear");
line = skip_options (line);
while (spacep (line))
line++;
if (clear_flag)
{
#if USE_LDAP
ldapserver_list_free (ctrl->server_local->ldapservers);
#endif /*USE_LDAP*/
ctrl->server_local->ldapservers = NULL;
}
if (!*line && clear_flag)
return leave_cmd (ctx, 0);
if (!*line)
{
/* List all ldapservers. */
struct ldapserver_iter ldapserver_iter;
char *tmpstr;
char portstr[20];
for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
!ldapserver_iter_end_p (&ldapserver_iter);
ldapserver_iter_next (&ldapserver_iter))
{
server = ldapserver_iter.server;
if (server->port)
snprintf (portstr, sizeof portstr, "%d", server->port);
else
*portstr = 0;
tmpstr = xtryasprintf ("ldap:%s:%s:%s:%s:%s:%s%s:",
server->host? server->host : "",
portstr,
server->user? server->user : "",
server->pass? "*****": "",
server->base? server->base : "",
server->starttls ? "starttls" :
server->ldap_over_tls ? "ldaptls" : "none",
server->ntds ? ",ntds" : "");
if (!tmpstr)
return leave_cmd (ctx, gpg_error_from_syserror ());
dirmngr_status (ctrl, "LDAPSERVER", tmpstr, NULL);
xfree (tmpstr);
}
return leave_cmd (ctx, 0);
}
/* Skip an "ldap:" prefix unless it is a valid ldap url. */
if (!strncmp (line, "ldap:", 5) && !(line[5] == '/' && line[6] == '/'))
line += 5;
server = ldapserver_parse_one (line, NULL, 0);
if (! server)
return leave_cmd (ctx, gpg_error (GPG_ERR_INV_ARG));
last_next_p = &ctrl->server_local->ldapservers;
while (*last_next_p)
last_next_p = &(*last_next_p)->next;
*last_next_p = server;
return leave_cmd (ctx, 0);
#else
(void)line;
return leave_cmd (ctx, gpg_error (GPG_ERR_NOT_IMPLEMENTED));
#endif
}
static const char hlp_isvalid[] =
"ISVALID [--only-ocsp] [--force-default-responder]"
" []\n"
"\n"
"This command checks whether the certificate identified by the\n"
"certificate_id is valid. This is done by consulting CRLs or\n"
"whatever has been configured. Note, that the returned error codes\n"
"are from gpg-error.h. The command may callback using the inquire\n"
"function. See the manual for details.\n"
"\n"
"The CERTIFICATE_ID is a hex encoded string consisting of two parts,\n"
"delimited by a single dot. The first part is the SHA-1 hash of the\n"
"issuer name and the second part the serial number.\n"
"\n"
"If an OCSP check is desired CERTIFICATE_FPR with the hex encoded\n"
"fingerprint of the certificate is required. In this case an OCSP\n"
"request is done before consulting the CRL.\n"
"\n"
"If the option --only-ocsp is given, no fallback to a CRL check will\n"
"be used.\n"
"\n"
"If the option --force-default-responder is given, only the default\n"
"OCSP responder will be used and any other methods of obtaining an\n"
"OCSP responder URL won't be used.";
static gpg_error_t
cmd_isvalid (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
char *issuerhash, *serialno, *fpr;
gpg_error_t err;
int did_inquire = 0;
int ocsp_mode = 0;
int only_ocsp;
int force_default_responder;
only_ocsp = has_option (line, "--only-ocsp");
force_default_responder = has_option (line, "--force-default-responder");
line = skip_options (line);
/* We need to work on a copy of the line because that same Assuan
* context may be used for an inquiry. That is because Assuan
* reuses its line buffer. */
issuerhash = xstrdup (line);
serialno = strchr (issuerhash, '.');
if (!serialno)
{
xfree (issuerhash);
return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID")));
}
*serialno++ = 0;
if (strlen (issuerhash) != 40)
{
xfree (issuerhash);
return leave_cmd (ctx, PARM_ERROR ("cert ID is too short"));
}
fpr = strchr (serialno, ' ');
while (fpr && spacep (fpr))
fpr++;
if (fpr && *fpr)
{
char *endp = strchr (fpr, ' ');
if (endp)
*endp = 0;
if (strlen (fpr) != 40)
{
xfree (issuerhash);
return leave_cmd (ctx, PARM_ERROR ("fingerprint too short"));
}
ocsp_mode = 1;
}
again:
if (ocsp_mode)
{
/* Note, that we currently ignore the supplied fingerprint FPR;
* instead ocsp_isvalid does an inquire to ask for the cert.
* The fingerprint may eventually be used to lookup the
* certificate in a local cache. */
if (!opt.allow_ocsp)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
else
err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder);
if (gpg_err_code (err) == GPG_ERR_CONFIGURATION
&& gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR)
{
/* No default responder configured - fallback to CRL. */
if (!only_ocsp)
log_info ("falling back to CRL check\n");
ocsp_mode = 0;
goto again;
}
}
else if (only_ocsp)
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
else
{
switch (crl_cache_isvalid (ctrl,
issuerhash, serialno,
ctrl->force_crl_refresh))
{
case CRL_CACHE_VALID:
err = 0;
break;
case CRL_CACHE_INVALID:
err = gpg_error (GPG_ERR_CERT_REVOKED);
break;
case CRL_CACHE_DONTKNOW:
if (did_inquire)
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
else if (!(err = inquire_cert_and_load_crl (ctx)))
{
did_inquire = 1;
goto again;
}
break;
case CRL_CACHE_CANTUSE:
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
break;
default:
log_fatal ("crl_cache_isvalid returned invalid code\n");
}
}
xfree (issuerhash);
return leave_cmd (ctx, err);
}
/* If the line contains a SHA-1 fingerprint as the first argument,
return the FPR vuffer on success. The function checks that the
fingerprint consists of valid characters and prints and error
message if it does not and returns NULL. Fingerprints are
considered optional and thus no explicit error is returned. NULL is
also returned if there is no fingerprint at all available.
FPR must be a caller provided buffer of at least 20 bytes.
Note that colons within the fingerprint are allowed to separate 2
hex digits; this allows for easier cutting and pasting using the
usual fingerprint rendering.
*/
static unsigned char *
get_fingerprint_from_line (const char *line, unsigned char *fpr)
{
const char *s;
int i;
for (s=line, i=0; *s && *s != ' '; s++ )
{
if ( hexdigitp (s) && hexdigitp (s+1) )
{
if ( i >= 20 )
return NULL; /* Fingerprint too long. */
fpr[i++] = xtoi_2 (s);
s++;
}
else if ( *s != ':' )
return NULL; /* Invalid. */
}
if ( i != 20 )
return NULL; /* Fingerprint to short. */
return fpr;
}
static const char hlp_checkcrl[] =
"CHECKCRL []\n"
"\n"
"Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
"entire X.509 certificate blob) is valid or not by consulting the\n"
"CRL responsible for this certificate. If the fingerprint has not\n"
"been given or the certificate is not known, the function \n"
"inquires the certificate using an\n"
"\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
"request (which should match FINGERPRINT) as a binary blob.\n"
"Processing then takes place without further interaction; in\n"
"particular dirmngr tries to locate other required certificate by\n"
"its own mechanism which includes a local certificate store as well\n"
"as a list of trusted root certificates.\n"
"\n"
"The return value is the usual gpg-error code or 0 for ducesss;\n"
"i.e. the certificate validity has been confirmed by a valid CRL.";
static gpg_error_t
cmd_checkcrl (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
unsigned char fprbuffer[20], *fpr;
ksba_cert_t cert;
fpr = get_fingerprint_from_line (line, fprbuffer);
cert = fpr? get_cert_byfpr (fpr) : NULL;
if (!cert)
{
/* We do not have this certificate yet or the fingerprint has
not been given. Inquire it from the client. */
unsigned char *value = NULL;
size_t valuelen;
err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
&value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
else
{
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert, value, valuelen);
}
xfree (value);
if(err)
goto leave;
}
assert (cert);
err = crl_cache_cert_isvalid (ctrl, cert, ctrl->force_crl_refresh);
if (gpg_err_code (err) == GPG_ERR_NO_CRL_KNOWN)
{
err = crl_cache_reload_crl (ctrl, cert);
if (!err)
err = crl_cache_cert_isvalid (ctrl, cert, 0);
}
leave:
ksba_cert_release (cert);
return leave_cmd (ctx, err);
}
static const char hlp_checkocsp[] =
"CHECKOCSP [--force-default-responder] []\n"
"\n"
"Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
"entire X.509 certificate blob) is valid or not by asking an OCSP\n"
"responder responsible for this certificate. The optional\n"
"fingerprint may be used for a quick check in case an OCSP check has\n"
"been done for this certificate recently (we always cache OCSP\n"
"responses for a couple of minutes). If the fingerprint has not been\n"
"given or there is no cached result, the function inquires the\n"
"certificate using an\n"
"\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
"request (which should match FINGERPRINT) as a binary blob.\n"
"Processing then takes place without further interaction; in\n"
"particular dirmngr tries to locate other required certificates by\n"
"its own mechanism which includes a local certificate store as well\n"
"as a list of trusted root certificates.\n"
"\n"
"If the option --force-default-responder is given, only the default\n"
"OCSP responder will be used and any other methods of obtaining an\n"
"OCSP responder URL won't be used.\n"
"\n"
"The return value is the usual gpg-error code or 0 for ducesss;\n"
"i.e. the certificate validity has been confirmed by a valid CRL.";
static gpg_error_t
cmd_checkocsp (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
unsigned char fprbuffer[20], *fpr;
ksba_cert_t cert;
int force_default_responder;
force_default_responder = has_option (line, "--force-default-responder");
line = skip_options (line);
fpr = get_fingerprint_from_line (line, fprbuffer);
cert = fpr? get_cert_byfpr (fpr) : NULL;
if (!cert)
{
/* We do not have this certificate yet or the fingerprint has
not been given. Inquire it from the client. */
unsigned char *value = NULL;
size_t valuelen;
err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
&value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
else
{
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert, value, valuelen);
}
xfree (value);
if(err)
goto leave;
}
assert (cert);
if (!opt.allow_ocsp)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
else
err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder);
leave:
ksba_cert_release (cert);
return leave_cmd (ctx, err);
}
static int
lookup_cert_by_url (assuan_context_t ctx, const char *url)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
unsigned char *value = NULL;
size_t valuelen;
/* Fetch single certificate given it's URL. */
err = fetch_cert_by_url (ctrl, url, &value, &valuelen);
if (err)
{
log_error (_("fetch_cert_by_url failed: %s\n"), gpg_strerror (err));
goto leave;
}
/* Send the data, flush the buffer and then send an END. */
err = assuan_send_data (ctx, value, valuelen);
if (!err)
err = assuan_send_data (ctx, NULL, 0);
if (!err)
err = assuan_write_line (ctx, "END");
if (err)
{
log_error (_("error sending data: %s\n"), gpg_strerror (err));
goto leave;
}
leave:
return err;
}
/* Send the certificate, flush the buffer and then send an END. */
static gpg_error_t
return_one_cert (void *opaque, ksba_cert_t cert)
{
assuan_context_t ctx = opaque;
gpg_error_t err;
const unsigned char *der;
size_t derlen;
der = ksba_cert_get_image (cert, &derlen);
if (!der)
err = gpg_error (GPG_ERR_INV_CERT_OBJ);
else
{
err = assuan_send_data (ctx, der, derlen);
if (!err)
err = assuan_send_data (ctx, NULL, 0);
if (!err)
err = assuan_write_line (ctx, "END");
}
if (err)
log_error (_("error sending data: %s\n"), gpg_strerror (err));
return err;
}
/* Lookup certificates from the internal cache or using the ldap
servers. */
static int
lookup_cert_by_pattern (assuan_context_t ctx, char *line,
int single, int cache_only)
{
gpg_error_t err = 0;
char *p;
strlist_t sl, list = NULL;
int truncated = 0, truncation_forced = 0;
int count = 0;
int local_count = 0;
#if USE_LDAP
ctrl_t ctrl = assuan_get_pointer (ctx);
unsigned char *value = NULL;
size_t valuelen;
struct ldapserver_iter ldapserver_iter;
cert_fetch_context_t fetch_context;
#endif /*USE_LDAP*/
int any_no_data = 0;
/* Break the line down into an STRLIST */
for (p=line; *p; line = p)
{
while (*p && *p != ' ')
p++;
if (*p)
*p++ = 0;
if (*line)
{
sl = xtrymalloc (sizeof *sl + strlen (line));
if (!sl)
{
err = gpg_error_from_errno (errno);
goto leave;
}
memset (sl, 0, sizeof *sl);
strcpy_escaped_plus (sl->d, line);
sl->next = list;
list = sl;
}
}
/* First look through the internal cache. The certificates returned
here are not counted towards the truncation limit. */
if (single && !cache_only)
; /* Do not read from the local cache in this case. */
else
{
for (sl=list; sl; sl = sl->next)
{
err = get_certs_bypattern (sl->d, return_one_cert, ctx);
if (!err)
local_count++;
if (!err && single)
goto ready;
if (gpg_err_code (err) == GPG_ERR_NO_DATA
|| gpg_err_code (err) == GPG_ERR_NOT_FOUND)
{
err = 0;
if (cache_only)
any_no_data = 1;
}
else if (gpg_err_code (err) == GPG_ERR_INV_NAME && !cache_only)
{
/* No real fault because the internal pattern lookup
can't yet cope with all types of pattern. */
err = 0;
}
if (err)
goto ready;
}
}
/* Loop over all configured servers unless we want only the
certificates from the cache. */
#if USE_LDAP
for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
!cache_only && !ldapserver_iter_end_p (&ldapserver_iter)
&& ldapserver_iter.server->host && !truncation_forced;
ldapserver_iter_next (&ldapserver_iter))
{
ldap_server_t ldapserver = ldapserver_iter.server;
if (DBG_LOOKUP)
log_debug ("cmd_lookup: trying %s:%d base=%s\n",
ldapserver->host, ldapserver->port,
ldapserver->base?ldapserver->base : "[default]");
/* Fetch certificates matching pattern */
err = start_cert_fetch (ctrl, &fetch_context, list, ldapserver);
if ( gpg_err_code (err) == GPG_ERR_NO_DATA )
{
if (DBG_LOOKUP)
log_debug ("cmd_lookup: no data\n");
err = 0;
any_no_data = 1;
continue;
}
if (err)
{
log_error (_("start_cert_fetch failed: %s\n"), gpg_strerror (err));
goto leave;
}
/* Fetch the certificates for this query. */
while (!truncation_forced)
{
xfree (value); value = NULL;
err = fetch_next_cert (fetch_context, &value, &valuelen);
if (gpg_err_code (err) == GPG_ERR_NO_DATA )
{
err = 0;
any_no_data = 1;
break; /* Ready. */
}
if (gpg_err_code (err) == GPG_ERR_TRUNCATED)
{
truncated = 1;
err = 0;
break; /* Ready. */
}
if (gpg_err_code (err) == GPG_ERR_EOF)
{
err = 0;
break; /* Ready. */
}
if (!err && !value)
{
err = gpg_error (GPG_ERR_BUG);
goto leave;
}
if (err)
{
log_error (_("fetch_next_cert failed: %s\n"),
gpg_strerror (err));
end_cert_fetch (fetch_context);
goto leave;
}
if (DBG_LOOKUP)
log_debug ("cmd_lookup: returning one cert%s\n",
truncated? " (truncated)":"");
/* Send the data, flush the buffer and then send an END line
as a certificate delimiter. */
err = assuan_send_data (ctx, value, valuelen);
if (!err)
err = assuan_send_data (ctx, NULL, 0);
if (!err)
err = assuan_write_line (ctx, "END");
if (err)
{
log_error (_("error sending data: %s\n"), gpg_strerror (err));
end_cert_fetch (fetch_context);
goto leave;
}
if (++count >= opt.max_replies )
{
truncation_forced = 1;
log_info (_("max_replies %d exceeded\n"), opt.max_replies );
}
if (single)
break;
}
end_cert_fetch (fetch_context);
}
#endif /*USE_LDAP*/
ready:
if (truncated || truncation_forced)
{
char str[50];
sprintf (str, "%d", count);
assuan_write_status (ctx, "TRUNCATED", str);
}
if (!err && !count && !local_count && any_no_data)
err = gpg_error (GPG_ERR_NO_DATA);
leave:
free_strlist (list);
return err;
}
static const char hlp_lookup[] =
"LOOKUP [--url] [--single] [--cache-only] \n"
"\n"
"Lookup certificates matching PATTERN. With --url the pattern is\n"
"expected to be one URL.\n"
"\n"
"If --url is not given: To allow for multiple patterns (which are ORed)\n"
"quoting is required: Spaces are translated to \"+\" or \"%20\";\n"
"obviously this requires that the usual escape quoting rules are applied.\n"
"\n"
"If --url is given no special escaping is required because URLs are\n"
"already escaped this way.\n"
"\n"
"If --single is given the first and only the first match will be\n"
"returned. If --cache-only is _not_ given, no local query will be\n"
"done.\n"
"\n"
"If --cache-only is given no external lookup is done so that only\n"
"certificates from the cache may get returned.";
static gpg_error_t
cmd_lookup (assuan_context_t ctx, char *line)
{
gpg_error_t err;
int lookup_url, single, cache_only;
lookup_url = has_leading_option (line, "--url");
single = has_leading_option (line, "--single");
cache_only = has_leading_option (line, "--cache-only");
line = skip_options (line);
if (lookup_url && cache_only)
err = gpg_error (GPG_ERR_NOT_FOUND);
else if (lookup_url && single)
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
else if (lookup_url)
err = lookup_cert_by_url (ctx, line);
else
err = lookup_cert_by_pattern (ctx, line, single, cache_only);
return leave_cmd (ctx, err);
}
static const char hlp_loadcrl[] =
"LOADCRL [--url] \n"
"\n"
"Load the CRL in the file with name FILENAME into our cache. Note\n"
"that FILENAME should be given with an absolute path because\n"
"Dirmngrs cwd is not known. With --url the CRL is directly loaded\n"
"from the given URL.\n"
"\n"
"This command is usually used by gpgsm using the invocation \"gpgsm\n"
"--call-dirmngr loadcrl \". A direct invocation of Dirmngr\n"
"is not useful because gpgsm might need to callback gpgsm to ask for\n"
"the CA's certificate.";
static gpg_error_t
cmd_loadcrl (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
int use_url = has_leading_option (line, "--url");
line = skip_options (line);
if (use_url)
{
ksba_reader_t reader;
err = crl_fetch (ctrl, line, &reader);
if (err)
log_error (_("fetching CRL from '%s' failed: %s\n"),
line, gpg_strerror (err));
else
{
err = crl_cache_insert (ctrl, line, reader);
if (err)
log_error (_("processing CRL from '%s' failed: %s\n"),
line, gpg_strerror (err));
crl_close_reader (reader);
}
}
else
{
char *buf;
buf = xtrymalloc (strlen (line)+1);
if (!buf)
err = gpg_error_from_syserror ();
else
{
strcpy_escaped_plus (buf, line);
err = crl_cache_load (ctrl, buf);
xfree (buf);
}
}
return leave_cmd (ctx, err);
}
static const char hlp_listcrls[] =
"LISTCRLS\n"
"\n"
"List the content of all CRLs in a readable format. This command is\n"
"usually used by gpgsm using the invocation \"gpgsm --call-dirmngr\n"
"listcrls\". It may also be used directly using \"dirmngr\n"
"--list-crls\".";
static gpg_error_t
cmd_listcrls (assuan_context_t ctx, char *line)
{
gpg_error_t err;
estream_t fp;
(void)line;
fp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!fp)
err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
else
{
err = crl_cache_list (fp);
es_fclose (fp);
}
return leave_cmd (ctx, err);
}
static const char hlp_cachecert[] =
"CACHECERT\n"
"\n"
"Put a certificate into the internal cache. This command might be\n"
"useful if a client knows in advance certificates required for a\n"
"test and wants to make sure they get added to the internal cache.\n"
"It is also helpful for debugging. To get the actual certificate,\n"
"this command immediately inquires it using\n"
"\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
"request as a binary blob.";
static gpg_error_t
cmd_cachecert (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
ksba_cert_t cert = NULL;
unsigned char *value = NULL;
size_t valuelen;
(void)line;
err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
&value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
else
{
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert, value, valuelen);
}
xfree (value);
if(err)
goto leave;
err = cache_cert (cert);
leave:
ksba_cert_release (cert);
return leave_cmd (ctx, err);
}
static const char hlp_validate[] =
"VALIDATE [--systrust] [--tls] [--no-crl]\n"
"\n"
"Validate a certificate using the certificate validation function\n"
"used internally by dirmngr. This command is only useful for\n"
"debugging. To get the actual certificate, this command immediately\n"
"inquires it using\n"
"\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
"request as a binary blob. The option --tls modifies this by asking\n"
"for list of certificates with\n"
"\n"
" INQUIRE CERTLIST\n"
"\n"
"Here the first certificate is the target certificate, the remaining\n"
"certificates are suggested intermediary certificates. All certificates\n"
"need to be PEM encoded.\n"
"\n"
"The option --systrust changes the behaviour to include the system\n"
"provided root certificates as trust anchors. The option --no-crl\n"
"skips CRL checks";
static gpg_error_t
cmd_validate (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
ksba_cert_t cert = NULL;
certlist_t certlist = NULL;
unsigned char *value = NULL;
size_t valuelen;
int systrust_mode, tls_mode, no_crl;
systrust_mode = has_option (line, "--systrust");
tls_mode = has_option (line, "--tls");
no_crl = has_option (line, "--no-crl");
line = skip_options (line);
if (tls_mode)
err = assuan_inquire (ctrl->server_local->assuan_ctx, "CERTLIST",
&value, &valuelen, MAX_CERTLIST_LENGTH);
else
err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
&value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
else if (tls_mode)
{
estream_t fp;
fp = es_fopenmem_init (0, "rb", value, valuelen);
if (!fp)
err = gpg_error_from_syserror ();
else
{
err = read_certlist_from_stream (&certlist, fp);
es_fclose (fp);
if (!err && !certlist)
err = gpg_error (GPG_ERR_MISSING_CERT);
if (!err)
{
/* Extract the first certificate from the list. */
cert = certlist->cert;
ksba_cert_ref (cert);
}
}
}
else
{
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert, value, valuelen);
}
xfree (value);
if(err)
goto leave;
if (!tls_mode)
{
/* If we have this certificate already in our cache, use the
* cached version for validation because this will take care of
* any cached results. We don't need to do this in tls mode
* because this has already been done for certificate in a
* certlist_t. */
unsigned char fpr[20];
ksba_cert_t tmpcert;
cert_compute_fpr (cert, fpr);
tmpcert = get_cert_byfpr (fpr);
if (tmpcert)
{
ksba_cert_release (cert);
cert = tmpcert;
}
}
/* Quick hack to make verification work by inserting the supplied
* certs into the cache. */
if (tls_mode && certlist)
{
certlist_t cl;
for (cl = certlist->next; cl; cl = cl->next)
cache_cert (cl->cert);
}
err = validate_cert_chain (ctrl, cert, NULL,
(VALIDATE_FLAG_TRUST_CONFIG
| (tls_mode ? VALIDATE_FLAG_TLS : 0)
| (systrust_mode ? VALIDATE_FLAG_TRUST_SYSTEM : 0)
| (no_crl ? VALIDATE_FLAG_NOCRLCHECK : 0)),
NULL);
leave:
ksba_cert_release (cert);
release_certlist (certlist);
return leave_cmd (ctx, err);
}
/* Parse an keyserver URI and store it in a new uri item which is
returned at R_ITEM. On error return an error code. */
static gpg_error_t
make_keyserver_item (const char *uri, uri_item_t *r_item)
{
gpg_error_t err;
uri_item_t item;
const char *s;
char *tmpstr = NULL;
*r_item = NULL;
/* We used to have DNS CNAME redirection from the URLs below to
* sks-keyserver. pools. The idea was to allow for a quick way to
* switch to a different set of pools. The problem with that
* approach is that TLS needs to verify the hostname and - because
* DNS is not secured - it can only check the user supplied hostname
* and not a hostname from a CNAME RR. Thus the final server all
* need to have certificates with the actual pool name as well as
* for keys.gnupg.net - that would render the advantage of
* keys.gnupg.net useless and so we better give up on this. Because
* the keys.gnupg.net URL are still in widespread use we do a static
* mapping here.
*/
if (!strcmp (uri, "hkps://keys.gnupg.net")
|| !strcmp (uri, "keys.gnupg.net"))
- uri = "hkps://hkps.pool.sks-keyservers.net";
+ uri = "hkps://keyserver.ubuntu.com";
else if (!strcmp (uri, "https://keys.gnupg.net"))
- uri = "https://hkps.pool.sks-keyservers.net";
+ uri = "hkps://keyserver.ubuntu.com";
else if (!strcmp (uri, "hkp://keys.gnupg.net"))
- uri = "hkp://hkps.pool.sks-keyservers.net";
+ uri = "hkp://pgp.surf.nl";
else if (!strcmp (uri, "http://keys.gnupg.net"))
- uri = "http://hkps.pool.sks-keyservers.net";
+ uri = "hkp://pgp.surf.nl:80";
else if (!strcmp (uri, "hkps://http-keys.gnupg.net")
|| !strcmp (uri, "http-keys.gnupg.net"))
- uri = "hkps://ha.pool.sks-keyservers.net";
+ uri = "hkps://keyserver.ubuntu.com";
else if (!strcmp (uri, "https://http-keys.gnupg.net"))
- uri = "https://ha.pool.sks-keyservers.net";
+ uri = "hkps://keyserver.ubuntu.com";
else if (!strcmp (uri, "hkp://http-keys.gnupg.net"))
- uri = "hkp://ha.pool.sks-keyservers.net";
+ uri = "hkp://pgp.surf.nl";
else if (!strcmp (uri, "http://http-keys.gnupg.net"))
- uri = "http://ha.pool.sks-keyservers.net";
+ uri = "hkp://pgp.surf.nl:80";
item = xtrymalloc (sizeof *item + strlen (uri));
if (!item)
return gpg_error_from_syserror ();
item->next = NULL;
item->parsed_uri = NULL;
strcpy (item->uri, uri);
#if USE_LDAP
if (!strncmp (uri, "ldap:", 5) && !(uri[5] == '/' && uri[6] == '/'))
{
/* Special ldap scheme given. This differs from a valid ldap
* scheme in that no double slash follows.. Use http_parse_uri
* to put it as opaque value into parsed_uri. */
tmpstr = strconcat ("opaque:", uri+5, NULL);
if (!tmpstr)
err = gpg_error_from_syserror ();
else
err = http_parse_uri (&item->parsed_uri, tmpstr, 0);
}
else if ((s=strchr (uri, ':')) && !(s[1] == '/' && s[2] == '/'))
{
/* No valid scheme given. Use http_parse_uri to put the string
* as opaque value into parsed_uri. */
tmpstr = strconcat ("opaque:", uri, NULL);
if (!tmpstr)
err = gpg_error_from_syserror ();
else
err = http_parse_uri (&item->parsed_uri, tmpstr, 0);
}
else if (ldap_uri_p (uri))
{
int fixup = 0;
/* Fixme: We should get rid of that parser and replace it with
* our generic (http) URI parser. */
/* If no port has been specified and the scheme ist ldaps we use
* our idea of the default port because the standard LDAP URL
* parser would use 636 here. This is because we redefined
* ldaps to mean starttls. */
#ifdef HAVE_W32_SYSTEM
if (!strcmp (uri, "ldap:///"))
fixup = 1;
else
#endif
if (!http_parse_uri (&item->parsed_uri,uri,HTTP_PARSE_NO_SCHEME_CHECK))
{
if (!item->parsed_uri->port
&& !strcmp (item->parsed_uri->scheme, "ldaps"))
fixup = 2;
http_release_parsed_uri (item->parsed_uri);
item->parsed_uri = NULL;
}
err = ldap_parse_uri (&item->parsed_uri, uri);
if (!err && fixup == 1)
item->parsed_uri->ad_current = 1;
else if (!err && fixup == 2)
item->parsed_uri->port = 389;
}
else
#endif /* USE_LDAP */
{
err = http_parse_uri (&item->parsed_uri, uri, HTTP_PARSE_NO_SCHEME_CHECK);
}
xfree (tmpstr);
if (err)
xfree (item);
else
*r_item = item;
return err;
}
/* If no keyserver is stored in CTRL but a global keyserver has been
set, put that global keyserver into CTRL. We need use this
function to help migrate from the old gpg based keyserver
configuration to the new dirmngr based configuration. */
static gpg_error_t
ensure_keyserver (ctrl_t ctrl)
{
gpg_error_t err;
uri_item_t item;
uri_item_t onion_items = NULL;
uri_item_t plain_items = NULL;
uri_item_t ui;
strlist_t sl;
if (ctrl->server_local->keyservers)
return 0; /* Already set for this session. */
if (!opt.keyserver)
{
/* No global option set. Fall back to default: */
return make_keyserver_item (DIRMNGR_DEFAULT_KEYSERVER,
&ctrl->server_local->keyservers);
}
for (sl = opt.keyserver; sl; sl = sl->next)
{
err = make_keyserver_item (sl->d, &item);
if (err)
goto leave;
if (item->parsed_uri->onion)
{
item->next = onion_items;
onion_items = item;
}
else
{
item->next = plain_items;
plain_items = item;
}
}
/* Decide which to use. Note that the session has no keyservers
yet set. */
if (onion_items && !onion_items->next && plain_items && !plain_items->next)
{
/* If there is just one onion and one plain keyserver given, we take
only one depending on whether Tor is running or not. */
if (is_tor_running (ctrl))
{
ctrl->server_local->keyservers = onion_items;
onion_items = NULL;
}
else
{
ctrl->server_local->keyservers = plain_items;
plain_items = NULL;
}
}
else if (!is_tor_running (ctrl))
{
/* Tor is not running. It does not make sense to add Onion
addresses. */
ctrl->server_local->keyservers = plain_items;
plain_items = NULL;
}
else
{
/* In all other cases add all keyservers. */
ctrl->server_local->keyservers = onion_items;
onion_items = NULL;
for (ui = ctrl->server_local->keyservers; ui && ui->next; ui = ui->next)
;
if (ui)
ui->next = plain_items;
else
ctrl->server_local->keyservers = plain_items;
plain_items = NULL;
}
leave:
release_uri_item_list (onion_items);
release_uri_item_list (plain_items);
return err;
}
static const char hlp_keyserver[] =
"KEYSERVER [] [|]\n"
"Options are:\n"
" --help\n"
" --clear Remove all configured keyservers\n"
" --resolve Resolve HKP host names and rotate\n"
" --hosttable Print table of known hosts and pools\n"
" --dead Mark as dead\n"
" --alive Mark as alive\n"
"\n"
"If called without arguments list all configured keyserver URLs.\n"
"If called with an URI add this as keyserver. Note that keyservers\n"
"are configured on a per-session base. A default keyserver may already be\n"
"present, thus the \"--clear\" option must be used to get full control.\n"
"If \"--clear\" and an URI are used together the clear command is\n"
"obviously executed first. A RESET command does not change the list\n"
"of configured keyservers.";
static gpg_error_t
cmd_keyserver (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
int clear_flag, add_flag, help_flag, host_flag, resolve_flag;
int dead_flag, alive_flag;
uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it
is always initialized. */
clear_flag = has_option (line, "--clear");
help_flag = has_option (line, "--help");
resolve_flag = has_option (line, "--resolve");
host_flag = has_option (line, "--hosttable");
dead_flag = has_option (line, "--dead");
alive_flag = has_option (line, "--alive");
line = skip_options (line);
add_flag = !!*line;
if (help_flag)
{
err = ks_action_help (ctrl, line);
goto leave;
}
if (resolve_flag)
{
err = ensure_keyserver (ctrl);
if (err)
{
assuan_set_error (ctx, err,
"Bad keyserver configuration in dirmngr.conf");
goto leave;
}
err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
if (err)
goto leave;
}
if (alive_flag && dead_flag)
{
err = set_error (GPG_ERR_ASS_PARAMETER, "no support for zombies");
goto leave;
}
if (dead_flag)
{
err = check_owner_permission (ctx, "no permission to use --dead");
if (err)
goto leave;
}
if (alive_flag || dead_flag)
{
if (!*line)
{
err = set_error (GPG_ERR_ASS_PARAMETER, "name of host missing");
goto leave;
}
err = ks_hkp_mark_host (ctrl, line, alive_flag);
if (err)
goto leave;
}
if (host_flag)
{
err = ks_hkp_print_hosttable (ctrl);
if (err)
goto leave;
}
if (resolve_flag || host_flag || alive_flag || dead_flag)
goto leave;
if (add_flag)
{
err = make_keyserver_item (line, &item);
if (err)
goto leave;
}
if (clear_flag)
release_ctrl_keyservers (ctrl);
if (add_flag)
{
item->next = ctrl->server_local->keyservers;
ctrl->server_local->keyservers = item;
}
if (!add_flag && !clear_flag && !help_flag)
{
/* List configured keyservers. However, we first add a global
keyserver. */
uri_item_t u;
err = ensure_keyserver (ctrl);
if (err)
{
assuan_set_error (ctx, err,
"Bad keyserver configuration in dirmngr.conf");
goto leave;
}
for (u=ctrl->server_local->keyservers; u; u = u->next)
dirmngr_status (ctrl, "KEYSERVER", u->uri, NULL);
}
err = 0;
leave:
return leave_cmd (ctx, err);
}
static const char hlp_ks_search[] =
"KS_SEARCH {}\n"
"\n"
"Search the configured OpenPGP keyservers (see command KEYSERVER)\n"
"for keys matching PATTERN";
static gpg_error_t
cmd_ks_search (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
strlist_t list, sl;
char *p;
estream_t outfp;
if (has_option (line, "--quick"))
ctrl->timeout = opt.connect_quick_timeout;
line = skip_options (line);
/* Break the line down into an strlist. Each pattern is
percent-plus escaped. */
list = NULL;
for (p=line; *p; line = p)
{
while (*p && *p != ' ')
p++;
if (*p)
*p++ = 0;
if (*line)
{
sl = xtrymalloc (sizeof *sl + strlen (line));
if (!sl)
{
err = gpg_error_from_syserror ();
goto leave;
}
sl->flags = 0;
strcpy_escaped_plus (sl->d, line);
sl->next = list;
list = sl;
}
}
err = ensure_keyserver (ctrl);
if (err)
goto leave;
/* Setup an output stream and perform the search. */
outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!outfp)
err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
else
{
err = ks_action_search (ctrl, ctrl->server_local->keyservers,
list, outfp);
es_fclose (outfp);
}
leave:
free_strlist (list);
return leave_cmd (ctx, err);
}
static const char hlp_ks_get[] =
"KS_GET [--quick] [--ldap] {}\n"
"\n"
"Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
"(see command KEYSERVER). Each pattern should be a keyid, a fingerprint,\n"
"or an exact name indicated by the '=' prefix. Option --quick uses a\n"
"shorter timeout; --ldap will use only ldap servers";
static gpg_error_t
cmd_ks_get (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
strlist_t list, sl;
char *p;
estream_t outfp;
int ldap_only;
if (has_option (line, "--quick"))
ctrl->timeout = opt.connect_quick_timeout;
ldap_only = has_option (line, "--ldap");
line = skip_options (line);
/* Break the line into a strlist. Each pattern is by
definition percent-plus escaped. However we only support keyids
and fingerprints and thus the client has no need to apply the
escaping. */
list = NULL;
for (p=line; *p; line = p)
{
while (*p && *p != ' ')
p++;
if (*p)
*p++ = 0;
if (*line)
{
sl = xtrymalloc (sizeof *sl + strlen (line));
if (!sl)
{
err = gpg_error_from_syserror ();
goto leave;
}
sl->flags = 0;
strcpy_escaped_plus (sl->d, line);
sl->next = list;
list = sl;
}
}
err = ensure_keyserver (ctrl);
if (err)
goto leave;
/* Setup an output stream and perform the get. */
outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!outfp)
err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
else
{
ctrl->server_local->inhibit_data_logging = 1;
ctrl->server_local->inhibit_data_logging_now = 0;
ctrl->server_local->inhibit_data_logging_count = 0;
err = ks_action_get (ctrl, ctrl->server_local->keyservers,
list, ldap_only, outfp);
es_fclose (outfp);
ctrl->server_local->inhibit_data_logging = 0;
}
leave:
free_strlist (list);
return leave_cmd (ctx, err);
}
static const char hlp_ks_fetch[] =
"KS_FETCH \n"
"\n"
"Get the key(s) from URL.";
static gpg_error_t
cmd_ks_fetch (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
estream_t outfp;
if (has_option (line, "--quick"))
ctrl->timeout = opt.connect_quick_timeout;
line = skip_options (line);
err = ensure_keyserver (ctrl); /* FIXME: Why do we needs this here? */
if (err)
goto leave;
/* Setup an output stream and perform the get. */
outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!outfp)
err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
else
{
ctrl->server_local->inhibit_data_logging = 1;
ctrl->server_local->inhibit_data_logging_now = 0;
ctrl->server_local->inhibit_data_logging_count = 0;
err = ks_action_fetch (ctrl, line, outfp);
es_fclose (outfp);
ctrl->server_local->inhibit_data_logging = 0;
}
leave:
return leave_cmd (ctx, err);
}
static const char hlp_ks_put[] =
"KS_PUT\n"
"\n"
"Send a key to the configured OpenPGP keyservers. The actual key material\n"
"is then requested by Dirmngr using\n"
"\n"
" INQUIRE KEYBLOCK\n"
"\n"
"The client shall respond with a binary version of the keyblock (e.g.,\n"
"the output of `gpg --export KEYID'). For LDAP\n"
"keyservers Dirmngr may ask for meta information of the provided keyblock\n"
"using:\n"
"\n"
" INQUIRE KEYBLOCK_INFO\n"
"\n"
"The client shall respond with a colon delimited info lines (the output\n"
"of 'gpg --list-keys --with-colons KEYID').\n";
static gpg_error_t
cmd_ks_put (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
unsigned char *value = NULL;
size_t valuelen;
unsigned char *info = NULL;
size_t infolen;
/* No options for now. */
line = skip_options (line);
err = ensure_keyserver (ctrl);
if (err)
goto leave;
/* Ask for the key material. */
err = assuan_inquire (ctx, "KEYBLOCK",
&value, &valuelen, MAX_KEYBLOCK_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
{
err = gpg_error (GPG_ERR_MISSING_CERT);
goto leave;
}
/* Ask for the key meta data. */
err = assuan_inquire (ctx, "KEYBLOCK_INFO",
&info, &infolen, MAX_KEYBLOCK_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
/* Send the key. */
err = ks_action_put (ctrl, ctrl->server_local->keyservers,
value, valuelen, info, infolen);
leave:
xfree (info);
xfree (value);
return leave_cmd (ctx, err);
}
static const char hlp_loadswdb[] =
"LOADSWDB [--force]\n"
"\n"
"Load and verify the swdb.lst from the Net.";
static gpg_error_t
cmd_loadswdb (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
err = dirmngr_load_swdb (ctrl, has_option (line, "--force"));
return leave_cmd (ctx, err);
}
static const char hlp_getinfo[] =
"GETINFO \n"
"\n"
"Multi purpose command to return certain information. \n"
"Supported values of WHAT are:\n"
"\n"
"version - Return the version of the program.\n"
"pid - Return the process id of the server.\n"
"tor - Return OK if running in Tor mode\n"
"dnsinfo - Return info about the DNS resolver\n"
"socket_name - Return the name of the socket.\n"
"session_id - Return the current session_id.\n"
"workqueue - Inspect the work queue\n"
"getenv NAME - Return value of envvar NAME\n";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
char numbuf[50];
if (!strcmp (line, "version"))
{
const char *s = VERSION;
err = assuan_send_data (ctx, s, strlen (s));
}
else if (!strcmp (line, "pid"))
{
snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
err = assuan_send_data (ctx, numbuf, strlen (numbuf));
}
else if (!strcmp (line, "socket_name"))
{
const char *s = dirmngr_get_current_socket_name ();
err = assuan_send_data (ctx, s, strlen (s));
}
else if (!strcmp (line, "session_id"))
{
snprintf (numbuf, sizeof numbuf, "%u", ctrl->server_local->session_id);
err = assuan_send_data (ctx, numbuf, strlen (numbuf));
}
else if (!strcmp (line, "tor"))
{
int use_tor;
use_tor = dirmngr_use_tor ();
if (use_tor)
{
if (!is_tor_running (ctrl))
err = assuan_write_status (ctx, "NO_TOR", "Tor not running");
else
err = 0;
if (!err)
assuan_set_okay_line (ctx, use_tor == 1 ? "- Tor mode is enabled"
/**/ : "- Tor mode is enforced");
}
else
err = set_error (GPG_ERR_FALSE, "Tor mode is NOT enabled");
}
else if (!strcmp (line, "dnsinfo"))
{
if (standard_resolver_p ())
assuan_set_okay_line
(ctx, "- Forced use of System resolver (w/o Tor support)");
else
{
#ifdef USE_LIBDNS
assuan_set_okay_line (ctx, (recursive_resolver_p ()
? "- Libdns recursive resolver"
: "- Libdns stub resolver"));
#else
assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)");
#endif
}
err = 0;
}
else if (!strcmp (line, "workqueue"))
{
workqueue_dump_queue (ctrl);
err = 0;
}
else if (!strncmp (line, "getenv", 6)
&& (line[6] == ' ' || line[6] == '\t' || !line[6]))
{
line += 6;
while (*line == ' ' || *line == '\t')
line++;
if (!*line)
err = gpg_error (GPG_ERR_MISSING_VALUE);
else
{
const char *s = getenv (line);
if (!s)
err = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
else
err = assuan_send_data (ctx, s, strlen (s));
}
}
else
err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
return leave_cmd (ctx, err);
}
static const char hlp_killdirmngr[] =
"KILLDIRMNGR\n"
"\n"
"This command allows a user - given sufficient permissions -\n"
"to kill this dirmngr process.\n";
static gpg_error_t
cmd_killdirmngr (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void)line;
ctrl->server_local->stopme = 1;
assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
return 0;
}
static const char hlp_reloaddirmngr[] =
"RELOADDIRMNGR\n"
"\n"
"This command is an alternative to SIGHUP\n"
"to reload the configuration.";
static gpg_error_t
cmd_reloaddirmngr (assuan_context_t ctx, char *line)
{
(void)ctx;
(void)line;
dirmngr_sighup_action ();
return 0;
}
static const char hlp_flushcrls[] =
"FLUSHCRLS\n"
"\n"
"Remove all cached CRLs from memory and\n"
"the file system.";
static gpg_error_t
cmd_flushcrls (assuan_context_t ctx, char *line)
{
(void)line;
return leave_cmd (ctx, crl_cache_flush () ? GPG_ERR_GENERAL : 0);
}
/* Tell the assuan library about our commands. */
static int
register_commands (assuan_context_t ctx)
{
static struct {
const char *name;
assuan_handler_t handler;
const char * const help;
} table[] = {
{ "DNS_CERT", cmd_dns_cert, hlp_dns_cert },
{ "WKD_GET", cmd_wkd_get, hlp_wkd_get },
{ "LDAPSERVER", cmd_ldapserver, hlp_ldapserver },
{ "ISVALID", cmd_isvalid, hlp_isvalid },
{ "CHECKCRL", cmd_checkcrl, hlp_checkcrl },
{ "CHECKOCSP", cmd_checkocsp, hlp_checkocsp },
{ "LOOKUP", cmd_lookup, hlp_lookup },
{ "LOADCRL", cmd_loadcrl, hlp_loadcrl },
{ "LISTCRLS", cmd_listcrls, hlp_listcrls },
{ "CACHECERT", cmd_cachecert, hlp_cachecert },
{ "VALIDATE", cmd_validate, hlp_validate },
{ "KEYSERVER", cmd_keyserver, hlp_keyserver },
{ "KS_SEARCH", cmd_ks_search, hlp_ks_search },
{ "KS_GET", cmd_ks_get, hlp_ks_get },
{ "KS_FETCH", cmd_ks_fetch, hlp_ks_fetch },
{ "KS_PUT", cmd_ks_put, hlp_ks_put },
{ "GETINFO", cmd_getinfo, hlp_getinfo },
{ "LOADSWDB", cmd_loadswdb, hlp_loadswdb },
{ "KILLDIRMNGR",cmd_killdirmngr,hlp_killdirmngr },
{ "RELOADDIRMNGR",cmd_reloaddirmngr,hlp_reloaddirmngr },
{ "FLUSHCRLS", cmd_flushcrls, hlp_flushcrls },
{ NULL, NULL }
};
int i, j, rc;
for (i=j=0; table[i].name; i++)
{
rc = assuan_register_command (ctx, table[i].name, table[i].handler,
table[i].help);
if (rc)
return rc;
}
return 0;
}
/* Note that we do not reset the list of configured keyservers. */
static gpg_error_t
reset_notify (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void)line;
#if USE_LDAP
ldapserver_list_free (ctrl->server_local->ldapservers);
#endif /*USE_LDAP*/
ctrl->server_local->ldapservers = NULL;
return 0;
}
/* This function is called by our assuan log handler to test whether a
* log message shall really be printed. The function must return
* false to inhibit the logging of MSG. CAT gives the requested log
* category. MSG might be NULL. */
int
dirmngr_assuan_log_monitor (assuan_context_t ctx, unsigned int cat,
const char *msg)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void)cat;
(void)msg;
if (!ctrl || !ctrl->server_local)
return 1; /* Can't decide - allow logging. */
if (!ctrl->server_local->inhibit_data_logging)
return 1; /* Not requested - allow logging. */
/* Disallow logging if *_now is true. */
return !ctrl->server_local->inhibit_data_logging_now;
}
/* Startup the server and run the main command loop. With FD = -1,
* use stdin/stdout. SESSION_ID is either 0 or a unique number
* identifying a session. */
void
start_command_handler (assuan_fd_t fd, unsigned int session_id)
{
static const char hello[] = "Dirmngr " VERSION " at your service";
static char *hello_line;
int rc;
assuan_context_t ctx;
ctrl_t ctrl;
ctrl = xtrycalloc (1, sizeof *ctrl);
if (ctrl)
ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local);
if (!ctrl || !ctrl->server_local)
{
log_error (_("can't allocate control structure: %s\n"),
strerror (errno));
xfree (ctrl);
return;
}
dirmngr_init_default_ctrl (ctrl);
rc = assuan_new (&ctx);
if (rc)
{
log_error (_("failed to allocate assuan context: %s\n"),
gpg_strerror (rc));
dirmngr_exit (2);
}
if (fd == ASSUAN_INVALID_FD)
{
assuan_fd_t filedes[2];
filedes[0] = assuan_fdopen (0);
filedes[1] = assuan_fdopen (1);
rc = assuan_init_pipe_server (ctx, filedes);
}
else
{
rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED);
}
if (rc)
{
assuan_release (ctx);
log_error (_("failed to initialize the server: %s\n"),
gpg_strerror(rc));
dirmngr_exit (2);
}
rc = register_commands (ctx);
if (rc)
{
log_error (_("failed to the register commands with Assuan: %s\n"),
gpg_strerror(rc));
dirmngr_exit (2);
}
if (!hello_line)
{
hello_line = xtryasprintf
("Home: %s\n"
"Config: %s\n"
"%s",
gnupg_homedir (),
opt.config_filename? opt.config_filename : "[none]",
hello);
}
ctrl->server_local->assuan_ctx = ctx;
assuan_set_pointer (ctx, ctrl);
assuan_set_hello_line (ctx, hello_line);
assuan_register_option_handler (ctx, option_handler);
assuan_register_reset_notify (ctx, reset_notify);
ctrl->server_local->session_id = session_id;
for (;;)
{
rc = assuan_accept (ctx);
if (rc == -1)
break;
if (rc)
{
log_info (_("Assuan accept problem: %s\n"), gpg_strerror (rc));
break;
}
#ifndef HAVE_W32_SYSTEM
if (opt.verbose)
{
assuan_peercred_t peercred;
if (!assuan_get_peercred (ctx, &peercred))
log_info ("connection from process %ld (%ld:%ld)\n",
(long)peercred->pid, (long)peercred->uid,
(long)peercred->gid);
}
#endif
rc = assuan_process (ctx);
if (rc)
{
log_info (_("Assuan processing failed: %s\n"), gpg_strerror (rc));
continue;
}
}
#if USE_LDAP
ldap_wrapper_connection_cleanup (ctrl);
ldapserver_list_free (ctrl->server_local->ldapservers);
#endif /*USE_LDAP*/
ctrl->server_local->ldapservers = NULL;
release_ctrl_keyservers (ctrl);
ctrl->server_local->assuan_ctx = NULL;
assuan_release (ctx);
if (ctrl->server_local->stopme)
dirmngr_exit (0);
if (ctrl->refcount)
log_error ("oops: connection control structure still referenced (%d)\n",
ctrl->refcount);
else
{
release_ctrl_ocsp_certs (ctrl);
xfree (ctrl->server_local);
dirmngr_deinit_default_ctrl (ctrl);
xfree (ctrl);
}
}
/* Send a status line back to the client. KEYWORD is the status
keyword, the optional string arguments are blank separated added to
the line, the last argument must be a NULL. */
gpg_error_t
dirmngr_status (ctrl_t ctrl, const char *keyword, ...)
{
gpg_error_t err = 0;
va_list arg_ptr;
assuan_context_t ctx;
va_start (arg_ptr, keyword);
if (ctrl->server_local && (ctx = ctrl->server_local->assuan_ctx))
{
err = vprint_assuan_status_strings (ctx, keyword, arg_ptr);
}
va_end (arg_ptr);
return err;
}
/* Print a help status line. The function splits text at LFs. */
gpg_error_t
dirmngr_status_help (ctrl_t ctrl, const char *text)
{
gpg_error_t err = 0;
assuan_context_t ctx;
if (ctrl->server_local && (ctx = ctrl->server_local->assuan_ctx))
{
char buf[950], *p;
size_t n;
do
{
p = buf;
n = 0;
for ( ; *text && *text != '\n' && n < DIM (buf)-2; n++)
*p++ = *text++;
if (*text == '\n')
text++;
*p = 0;
err = assuan_write_status (ctx, "#", buf);
}
while (!err && *text);
}
return err;
}
/* Print a help status line using a printf like format. The function
* splits text at LFs. */
gpg_error_t
dirmngr_status_helpf (ctrl_t ctrl, const char *format, ...)
{
va_list arg_ptr;
gpg_error_t err;
char *buf;
va_start (arg_ptr, format);
buf = es_vbsprintf (format, arg_ptr);
err = buf? 0 : gpg_error_from_syserror ();
va_end (arg_ptr);
if (!err)
err = dirmngr_status_help (ctrl, buf);
es_free (buf);
return err;
}
/* This function is similar to print_assuan_status but takes a CTRL
* arg instead of an assuan context as first argument. */
gpg_error_t
dirmngr_status_printf (ctrl_t ctrl, const char *keyword,
const char *format, ...)
{
gpg_error_t err;
va_list arg_ptr;
assuan_context_t ctx;
if (!ctrl || !ctrl->server_local || !(ctx = ctrl->server_local->assuan_ctx))
return 0;
va_start (arg_ptr, format);
err = vprint_assuan_status (ctx, keyword, format, arg_ptr);
va_end (arg_ptr);
return err;
}
/* Send a tick progress indicator back. Fixme: This is only done for
the currently active channel. */
gpg_error_t
dirmngr_tick (ctrl_t ctrl)
{
static time_t next_tick = 0;
gpg_error_t err = 0;
time_t now = time (NULL);
if (!next_tick)
{
next_tick = now + 1;
}
else if ( now > next_tick )
{
if (ctrl)
{
err = dirmngr_status (ctrl, "PROGRESS", "tick", "? 0 0", NULL);
if (err)
{
/* Take this as in indication for a cancel request. */
err = gpg_error (GPG_ERR_CANCELED);
}
now = time (NULL);
}
next_tick = now + 1;
}
return err;
}
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index a9237edee..1638d7d84 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -1,1320 +1,1317 @@
@c Copyright (C) 2002 Klar"alvdalens Datakonsult AB
@c Copyright (C) 2004, 2005, 2006, 2007 g10 Code GmbH
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@include defs.inc
@node Invoking DIRMNGR
@chapter Invoking DIRMNGR
@cindex DIRMNGR command options
@cindex command options
@cindex options, DIRMNGR command
@manpage dirmngr.8
@ifset manverb
.B dirmngr
\- GnuPG's network access daemon
@end ifset
@mansect synopsis
@ifset manverb
.B dirmngr
.RI [ options ]
.I command
.RI [ args ]
@end ifset
@mansect description
Since version 2.1 of GnuPG, @command{dirmngr} takes care of accessing
the OpenPGP keyservers. As with previous versions it is also used as
a server for managing and downloading certificate revocation lists
(CRLs) for X.509 certificates, downloading X.509 certificates, and
providing access to OCSP providers. Dirmngr is invoked internally by
@command{gpg}, @command{gpgsm}, or via the @command{gpg-connect-agent}
tool.
@manpause
@noindent
@xref{Option Index},for an index to @command{DIRMNGR}'s commands and
options.
@mancont
@menu
* Dirmngr Commands:: List of all commands.
* Dirmngr Options:: List of all options.
* Dirmngr Configuration:: Configuration files.
* Dirmngr Signals:: Use of signals.
* Dirmngr Examples:: Some usage examples.
* Dirmngr Protocol:: The protocol dirmngr uses.
@end menu
@node Dirmngr Commands
@section Commands
@mansect commands
Commands are not distinguished from options except for the fact that
only one command is allowed.
@table @gnupgtabopt
@item --version
@opindex version
Print the program version and licensing information. Note that you cannot
abbreviate this command.
@item --help, -h
@opindex help
Print a usage message summarizing the most useful command-line options.
Note that you cannot abbreviate this command.
@item --dump-options
@opindex dump-options
Print a list of all available options and commands. Note that you cannot
abbreviate this command.
@item --server
@opindex server
Run in server mode and wait for commands on the @code{stdin}. The
default mode is to create a socket and listen for commands there.
This is only used for testing.
@item --daemon
@opindex daemon
Run in background daemon mode and listen for commands on a socket.
This is the way @command{dirmngr} is started on demand by the other
GnuPG components. To force starting @command{dirmngr} it is in
general best to use @code{gpgconf --launch dirmngr}.
@item --supervised
@opindex supervised
Run in the foreground, sending logs to stderr, and listening on file
descriptor 3, which must already be bound to a listening socket. This
is useful when running under systemd or other similar process
supervision schemes. This option is not supported on Windows.
@item --list-crls
@opindex list-crls
List the contents of the CRL cache on @code{stdout}. This is probably
only useful for debugging purposes.
@item --load-crl @var{file}
@opindex load-crl
This command requires a filename as additional argument, and it will
make Dirmngr try to import the CRL in @var{file} into it's cache.
Note, that this is only possible if Dirmngr is able to retrieve the
CA's certificate directly by its own means. In general it is better
to use @code{gpgsm}'s @code{--call-dirmngr loadcrl filename} command
so that @code{gpgsm} can help dirmngr.
@item --fetch-crl @var{url}
@opindex fetch-crl
This command requires an URL as additional argument, and it will make
dirmngr try to retrieve and import the CRL from that @var{url} into
it's cache. This is mainly useful for debugging purposes. The
@command{dirmngr-client} provides the same feature for a running dirmngr.
@item --shutdown
@opindex shutdown
This commands shuts down an running instance of Dirmngr. This command
has currently no effect.
@item --flush
@opindex flush
This command removes all CRLs from Dirmngr's cache. Client requests
will thus trigger reading of fresh CRLs.
@end table
@mansect options
@node Dirmngr Options
@section Option Summary
Note that all long options with the exception of @option{--options}
and @option{--homedir} may also be given in the configuration file
after stripping off the two leading dashes.
@table @gnupgtabopt
@item --options @var{file}
@opindex options
Reads configuration from @var{file} instead of from the default
per-user configuration file. The default configuration file is named
@file{dirmngr.conf} and expected in the home directory.
@item --homedir @var{dir}
@opindex options
Set the name of the home directory to @var{dir}. This option is only
effective when used on the command line. The default is
the directory named @file{.gnupg} directly below the home directory
of the user unless the environment variable @code{GNUPGHOME} has been set
in which case its value will be used. Many kinds of data are stored within
this directory.
@item -v
@item --verbose
@opindex v
@opindex verbose
Outputs additional information while running.
You can increase the verbosity by giving several
verbose commands to @sc{dirmngr}, such as @option{-vv}.
@item --log-file @var{file}
@opindex log-file
Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does. Use @file{socket://} to log to
socket.
@item --debug-level @var{level}
@opindex debug-level
Select the debug level for investigating problems. @var{level} may be a
numeric value or by a keyword:
@table @code
@item none
No debugging at all. A value of less than 1 may be used instead of
the keyword.
@item basic
Some basic debug messages. A value between 1 and 2 may be used
instead of the keyword.
@item advanced
More verbose debug messages. A value between 3 and 5 may be used
instead of the keyword.
@item expert
Even more detailed messages. A value between 6 and 8 may be used
instead of the keyword.
@item guru
All of the debug messages you can get. A value greater than 8 may be
used instead of the keyword. The creation of hash tracing files is
only enabled if the keyword is used.
@end table
How these messages are mapped to the actual debugging flags is not
specified and may change with newer releases of this program. They are
however carefully selected to best aid in debugging.
@item --debug @var{flags}
@opindex debug
Set debug flags. All flags are or-ed and @var{flags} may be given in
C syntax (e.g. 0x0042) or as a comma separated list of flag names. To
get a list of all supported flags the single word "help" can be used.
This option is only useful for debugging and the behavior may change
at any time without notice.
@item --debug-all
@opindex debug-all
Same as @code{--debug=0xffffffff}
@item --tls-debug @var{level}
@opindex tls-debug
Enable debugging of the TLS layer at @var{level}. The details of the
debug level depend on the used TLS library and are not set in stone.
@item --debug-wait @var{n}
@opindex debug-wait
When running in server mode, wait @var{n} seconds before entering the
actual processing loop and print the pid. This gives time to attach a
debugger.
@item --disable-check-own-socket
@opindex disable-check-own-socket
On some platforms @command{dirmngr} is able to detect the removal of
its socket file and shutdown itself. This option disable this
self-test for debugging purposes.
@item -s
@itemx --sh
@itemx -c
@itemx --csh
@opindex s
@opindex sh
@opindex c
@opindex csh
Format the info output in daemon mode for use with the standard Bourne
shell respective the C-shell. The default is to guess it based on the
environment variable @code{SHELL} which is in almost all cases
sufficient.
@item --force
@opindex force
Enabling this option forces loading of expired CRLs; this is only
useful for debugging.
@item --use-tor
@itemx --no-use-tor
@opindex use-tor
@opindex no-use-tor
The option @option{--use-tor} switches Dirmngr and thus GnuPG into
``Tor mode'' to route all network access via Tor (an anonymity
network). Certain other features are disabled in this mode. The
effect of @option{--use-tor} cannot be overridden by any other command
or even by reloading dirmngr. The use of @option{--no-use-tor}
disables the use of Tor. The default is to use Tor if it is available
on startup or after reloading dirmngr. The test on the availability of
Tor is done by trying to connect to a SOCKS proxy at either port 9050
or 9150; if another type of proxy is listening on one of these ports,
you should use @option{--no-use-tor}.
@item --standard-resolver
@opindex standard-resolver
This option forces the use of the system's standard DNS resolver code.
This is mainly used for debugging. Note that on Windows a standard
resolver is not used and all DNS access will return the error ``Not
Implemented'' if this option is used. Using this together with enabled
Tor mode returns the error ``Not Enabled''.
@item --recursive-resolver
@opindex recursive-resolver
When possible use a recursive resolver instead of a stub resolver.
@item --resolver-timeout @var{n}
@opindex resolver-timeout
Set the timeout for the DNS resolver to N seconds. The default are 30
seconds.
@item --connect-timeout @var{n}
@item --connect-quick-timeout @var{n}
@opindex connect-timeout
@opindex connect-quick-timeout
Set the timeout for HTTP and generic TCP connection attempts to N
seconds. The value set with the quick variant is used when the
--quick option has been given to certain Assuan commands. The quick
value is capped at the value of the regular connect timeout. The
default values are 15 and 2 seconds. Note that the timeout values are
for each connection attempt; the connection code will attempt to
connect all addresses listed for a server.
@item --listen-backlog @var{n}
@opindex listen-backlog
Set the size of the queue for pending connections. The default is 64.
@item --allow-version-check
@opindex allow-version-check
Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get
the list of current software versions. If this option is enabled
the list is retrieved in case the local
copy does not exist or is older than 5 to 7 days. See the option
@option{--query-swdb} of the command @command{gpgconf} for more
details. Note, that regardless of this option a version check can
always be triggered using this command:
@example
gpg-connect-agent --dirmngr 'loadswdb --force' /bye
@end example
@item --keyserver @var{name}
@opindex keyserver
Use @var{name} as your keyserver. This is the server that @command{gpg}
communicates with to receive keys, send keys, and search for
keys. The format of the @var{name} is a URI:
`scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
keyservers, or "mailto" for the Graff email keyserver. Note that your
particular installation of GnuPG may have other keyserver types
available as well. Keyserver schemes are case-insensitive. After the
keyserver name, optional keyserver configuration options may be
provided. These are the same as the @option{--keyserver-options} of
@command{gpg}, but apply only to this particular keyserver.
Most keyservers synchronize with each other, so there is generally no
-need to send keys to more than one server. The keyserver
-@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
-keyserver each time you use it.
+need to send keys to more than one server. Somes keyservers use round
+robin DNS to give a different keyserver each time you use it.
If exactly two keyservers are configured and only one is a Tor hidden
service (.onion), Dirmngr selects the keyserver to use depending on
whether Tor is locally running or not. The check for a running Tor is
done for each new connection.
If no keyserver is explicitly configured, dirmngr will use the
-built-in default of @code{hkps://hkps.pool.sks-keyservers.net}.
+built-in default of @code{https://keyserver.ubuntu.com}.
Windows users with a keyserver running on their Active Directory
may use the short form @code{ldap:///} for @var{name} to access this directory.
For accessing anonymous LDAP keyservers @var{name} is in general just
a @code{ldaps://ldap.example.com}. A BaseDN parameter should never be
specified. If authentication is required things are more complicated
and two methods are available:
The modern method (since version 2.2.28) is to use the very same syntax
as used with the option @option{--ldapserver}. Please see over
there for details; here is an example:
@example
keyserver ldap:ldap.example.com::uid=USERNAME,ou=GnuPG Users,
dc=example,dc=com:PASSWORD::starttls
@end example
The other method is to use a full URL for @var{name}; for example:
@example
keyserver ldaps://ldap.example.com/????bindname=uid=USERNAME
%2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=PASSWORD
@end example
Put this all on one line without any spaces and keep the '%2C'
as given. Replace USERNAME, PASSWORD, and the 'dc' parts
according to the instructions received from your LDAP
administrator. Note that only simple authentication
(i.e. cleartext passwords) is supported and thus using ldaps is
strongly suggested (since 2.2.28 "ldaps" defaults to port 389
and uses STARTTLS). On Windows authentication via AD can be
requested by adding @code{gpgNtds=1} after the fourth question
mark instead of the bindname and password parameter.
@item --nameserver @var{ipaddr}
@opindex nameserver
In ``Tor mode'' Dirmngr uses a public resolver via Tor to resolve DNS
names. If the default public resolver, which is @code{8.8.8.8}, shall
not be used a different one can be given using this option. Note that
a numerical IP address must be given (IPv6 or IPv4) and that no error
checking is done for @var{ipaddr}.
@item --disable-ipv4
@item --disable-ipv6
@opindex disable-ipv4
@opindex disable-ipv6
Disable the use of all IPv4 or IPv6 addresses.
@item --disable-ldap
@opindex disable-ldap
Entirely disables the use of LDAP.
@item --disable-http
@opindex disable-http
Entirely disables the use of HTTP.
@item --ignore-http-dp
@opindex ignore-http-dp
When looking for the location of a CRL, the to be tested certificate
usually contains so called @dfn{CRL Distribution Point} (DP) entries
which are URLs describing the way to access the CRL. The first found DP
entry is used. With this option all entries using the @acronym{HTTP}
scheme are ignored when looking for a suitable DP.
@item --ignore-ldap-dp
@opindex ignore-ldap-dp
This is similar to @option{--ignore-http-dp} but ignores entries using
the @acronym{LDAP} scheme. Both options may be combined resulting in
ignoring DPs entirely.
@item --ignore-ocsp-service-url
@opindex ignore-ocsp-service-url
Ignore all OCSP URLs contained in the certificate. The effect is to
force the use of the default responder.
@item --honor-http-proxy
@opindex honor-http-proxy
If the environment variable @env{http_proxy} has been set, use its
value to access HTTP servers.
@item --http-proxy @var{host}[:@var{port}]
@opindex http-proxy
@efindex http_proxy
Use @var{host} and @var{port} to access HTTP servers. The use of this
option overrides the environment variable @env{http_proxy} regardless
whether @option{--honor-http-proxy} has been set.
@item --ldap-proxy @var{host}[:@var{port}]
@opindex ldap-proxy
Use @var{host} and @var{port} to connect to LDAP servers. If @var{port}
is omitted, port 389 (standard LDAP port) is used. This overrides any
specified host and port part in a LDAP URL and will also be used if host
and port have been omitted from the URL.
@item --only-ldap-proxy
@opindex only-ldap-proxy
Never use anything else but the LDAP "proxy" as configured with
@option{--ldap-proxy}. Usually @command{dirmngr} tries to use other
configured LDAP server if the connection using the "proxy" failed.
@item --ldapserverlist-file @var{file}
@opindex ldapserverlist-file
Read the list of LDAP servers to consult for CRLs and X.509 certificates from
file instead of the default per-user ldap server list file. The default
value for @var{file} is @file{dirmngr_ldapservers.conf}.
This server list file contains one LDAP server per line in the format
@sc{hostname:port:username:password:base_dn:flags}
Lines starting with a @samp{#} are comments.
Note that as usual all strings entered are expected to be UTF-8 encoded.
Obviously this will lead to problems if the password has originally been
encoded as Latin-1. There is no other solution here than to put such a
password in the binary encoding into the file (i.e. non-ascii characters
won't show up readable).@footnote{The @command{gpgconf} tool might be
helpful for frontends as it enables editing this configuration file using
percent-escaped strings.}
@item --ldapserver @var{spec}
@opindex ldapserver
This is an alternative way to specify LDAP servers for CRL and X.509
certificate retrieval. If this option is used the servers configured
in @file{dirmngr_ldapservers.conf} (or the file given by
@option{--ldapserverlist-file}) are cleared. Note that
@file{dirmngr_ldapservers.conf} is not read again by a reload
signal. However, @option{--ldapserver} options are read again.
@var{spec} is either a proper LDAP URL or a colon delimited list of
the form
@sc{hostname:port:username:password:base_dn:flags:}
with an optional prefix of @code{ldap:} (but without the two slashes
which would turn this into a proper LDAP URL). @sc{flags} is a list
of one or more comma delimited keywords:
@table @code
@item plain
The default: Do not use a TLS secured connection at all; the default
port is 389.
@item starttls
Use STARTTLS to secure the connection; the default port is 389.
@item ldaptls
Tunnel LDAP through a TLS connection; the default port is 636.
@item ntds
On Windows authenticate the LDAP connection using the Active Directory
with the current user.
@end table
Note that in an URL style specification the scheme @code{ldaps://}
refers to STARTTLS and _not_ to LDAP-over-TLS.
@item --ldaptimeout @var{secs}
@opindex ldaptimeout
Specify the number of seconds to wait for an LDAP query before timing
out. The default are 15 seconds. 0 will never timeout.
@item --add-servers
@opindex add-servers
This option makes dirmngr add any servers it discovers when validating
certificates against CRLs to the internal list of servers to consult for
certificates and CRLs. This option should in general not be used.
This option might be useful when trying to validate a certificate that
has a CRL distribution point that points to a server that is not
already listed in the ldapserverlist. Dirmngr will always go to this
server and try to download the CRL, but chances are high that the
certificate used to sign the CRL is located on the same server. So if
dirmngr doesn't add that new server to list, it will often not be able
to verify the signature of the CRL unless the @code{--add-servers}
option is used.
Caveat emptor: Using this option may enable denial-of-service attacks
and leak search requests to unknown third parties. This is because
arbitrary servers are added to the internal list of LDAP servers which
in turn is used for all unspecific LDAP queries as well as a fallback
for queries which did not return a result.
@item --allow-ocsp
@opindex allow-ocsp
This option enables OCSP support if requested by the client.
OCSP requests are rejected by default because they may violate the
privacy of the user; for example it is possible to track the time when
a user is reading a mail.
@item --ocsp-responder @var{url}
@opindex ocsp-responder
Use @var{url} as the default OCSP Responder if the certificate does
not contain information about an assigned responder. Note, that
@code{--ocsp-signer} must also be set to a valid certificate.
@item --ocsp-signer @var{fpr}|@var{file}
@opindex ocsp-signer
Use the certificate with the fingerprint @var{fpr} to check the
responses of the default OCSP Responder. Alternatively a filename can be
given in which case the response is expected to be signed by one of the
certificates described in that file. Any argument which contains a
slash, dot or tilde is considered a filename. Usual filename expansion
takes place: A tilde at the start followed by a slash is replaced by the
content of @env{HOME}, no slash at start describes a relative filename
which will be searched at the home directory. To make sure that the
@var{file} is searched in the home directory, either prepend the name
with "./" or use a name which contains a dot.
If a response has been signed by a certificate described by these
fingerprints no further check upon the validity of this certificate is
done.
The format of the @var{FILE} is a list of SHA-1 fingerprint, one per
line with optional colons between the bytes. Empty lines and lines
prefix with a hash mark are ignored.
@item --ocsp-max-clock-skew @var{n}
@opindex ocsp-max-clock-skew
The number of seconds a skew between the OCSP responder and them local
clock is accepted. Default is 600 (10 minutes).
@item --ocsp-max-period @var{n}
@opindex ocsp-max-period
Seconds a response is at maximum considered valid after the time given
in the thisUpdate field. Default is 7776000 (90 days).
@item --ocsp-current-period @var{n}
@opindex ocsp-current-period
The number of seconds an OCSP response is considered valid after the
time given in the NEXT_UPDATE datum. Default is 10800 (3 hours).
@item --max-replies @var{n}
@opindex max-replies
Do not return more that @var{n} items in one query. The default is
10.
@item --ignore-cert-extension @var{oid}
@opindex ignore-cert-extension
Add @var{oid} to the list of ignored certificate extensions. The
@var{oid} is expected to be in dotted decimal form, like
@code{2.5.29.3}. This option may be used more than once. Critical
flagged certificate extensions matching one of the OIDs in the list
are treated as if they are actually handled and thus the certificate
won't be rejected due to an unknown critical extension. Use this
option with care because extensions are usually flagged as critical
for a reason.
@item --hkp-cacert @var{file}
Use the root certificates in @var{file} for verification of the TLS
certificates used with @code{hkps} (keyserver access over TLS). If
the file is in PEM format a suffix of @code{.pem} is expected for
@var{file}. This option may be given multiple times to add more
root certificates. Tilde expansion is supported.
-If no @code{hkp-cacert} directive is present, dirmngr will make a
-reasonable choice: if the keyserver in question is the special pool
-@code{hkps.pool.sks-keyservers.net}, it will use the bundled root
-certificate for that pool. Otherwise, it will use the system CAs.
+If no @code{hkp-cacert} directive is present, dirmngr will use the
+system CAs.
@end table
@c
@c Dirmngr Configuration
@c
@mansect files
@node Dirmngr Configuration
@section Configuration
Dirmngr makes use of several directories when running in daemon mode:
There are a few configuration files to control the operation of
dirmngr. By default they may all be found in the current home
directory (@pxref{option --homedir}).
@table @file
@item dirmngr.conf
@efindex dirmngr.conf
This is the standard configuration file read by @command{dirmngr} on
startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This file
is also read after a @code{SIGHUP} however not all options will
actually have an effect. This default name may be changed on the
command line (@pxref{option --options}). You should backup this file.
@item /etc/gnupg/trusted-certs
This directory should be filled with certificates of Root CAs you
are trusting in checking the CRLs and signing OCSP Responses.
Usually these are the same certificates you use with the applications
making use of dirmngr. It is expected that each of these certificate
files contain exactly one @acronym{DER} encoded certificate in a file
with the suffix @file{.crt} or @file{.der}. @command{dirmngr} reads
those certificates on startup and when given a SIGHUP. Certificates
which are not readable or do not make up a proper X.509 certificate
are ignored; see the log file for details.
Applications using dirmngr (e.g. gpgsm) can request these
certificates to complete a trust chain in the same way as with the
extra-certs directory (see below).
Note that for OCSP responses the certificate specified using the option
@option{--ocsp-signer} is always considered valid to sign OCSP requests.
@item /etc/gnupg/extra-certs
This directory may contain extra certificates which are preloaded
into the internal cache on startup. Applications using dirmngr (e.g. gpgsm)
can request cached certificates to complete a trust chain.
This is convenient in cases you have a couple intermediate CA certificates
or certificates usually used to sign OCSP responses.
These certificates are first tried before going
out to the net to look for them. These certificates must also be
@acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}.
@item ~/.gnupg/crls.d
This directory is used to store cached CRLs. The @file{crls.d}
part will be created by dirmngr if it does not exists but you need to
make sure that the upper directory exists.
@end table
Several options control the use of trusted certificates for TLS and
CRLs. Here is an Overview on the use and origin of those Root CA
certificates:
@table @asis
@item System
These System root certificates are used by: FIXME
The origin of the system provided certificates depends on the
platform. On Windows all certificates from the Windows System Stores
@code{ROOT} and @code{CA} are used.
On other platforms the certificates are read from the first file found
form this list: @file{/etc/ssl/ca-bundle.pem},
@file{/etc/ssl/certs/ca-certificates.crt},
@file{/etc/pki/tls/cert.pem},
@file{/usr/local/share/certs/ca-root-nss.crt},
@file{/etc/ssl/cert.pem}.
@item GnuPG
The GnuPG specific certificates stored in the directory
@file{/etc/gnupg/trusted-certs} are only used to validate CRLs.
@c Note that dirmngr's VALIDATE command also uses them but that
@c command is anyway only intended for debugging.
@item OpenPGP keyserver
For accessing the OpenPGP keyservers the only certificates used are
those set with the configuration option @option{hkp-cacert}.
@item OpenPGP keyserver pool
This is usually only one certificate read from the file
@file{@value{DATADIR}/gnupg/sks-keyservers.netCA.pem}. If this
certificate exists it is used to access the special keyservers
@code{hkps.pool.sks-keyservers.net} (or @file{hkps://keys.gnupg.net}).
@end table
Please note that @command{gpgsm} accepts Root CA certificates for its
own purposes only if they are listed in its file @file{trustlist.txt}.
@command{dirmngr} does not make use of this list - except FIXME.
@mansect notes
To be able to see diagnostics it is often useful to put at least the
following lines into the configuration file
@file{~/gnupg/dirmngr.conf}:
@example
log-file ~/dirmngr.log
verbose
@end example
You may want to check the log file to see whether all desired root CA
certificates are correctly loaded.
To be able to perform OCSP requests you probably want to add the line:
@example
allow-ocsp
@end example
To make sure that new options are read or that after the installation
of a new GnuPG versions the right dirmngr version is running, you
should kill an existing dirmngr so that a new instance is started as
needed by the otehr components:
@example
gpgconf --kill dirmngr
@end example
Direct interfaction with the dirmngr is possible by using the command
@example
gpg-connect-agent --dirmngr
@end example
Enter @code{HELP} at the prompt to see a list of commands and enter
@code{HELP} followed by a command name to get help on that command.
@c
@c Dirmngr Signals
@c
@mansect signals
@node Dirmngr Signals
@section Use of signals
A running @command{dirmngr} may be controlled by signals, i.e. using
the @command{kill} command to send a signal to the process.
Here is a list of supported signals:
@table @gnupgtabopt
@item SIGHUP
@cpindex SIGHUP
This signal flushes all internally cached CRLs as well as any cached
certificates. Then the certificate cache is reinitialized as on
startup. Options are re-read from the configuration file. Instead of
sending this signal it is better to use
@example
gpgconf --reload dirmngr
@end example
@item SIGTERM
@cpindex SIGTERM
Shuts down the process but waits until all current requests are
fulfilled. If the process has received 3 of these signals and requests
are still pending, a shutdown is forced. You may also use
@example
gpgconf --kill dirmngr
@end example
instead of this signal
@item SIGINT
@cpindex SIGINT
Shuts down the process immediately.
@item SIGUSR1
@cpindex SIGUSR1
This prints some caching statistics to the log file.
@end table
@c
@c Examples
@c
@mansect examples
@node Dirmngr Examples
@section Examples
Here is an example on how to show dirmngr's internal table of OpenPGP
keyserver addresses. The output is intended for debugging purposes
and not part of a defined API.
@example
gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
@end example
To inhibit the use of a particular host you have noticed in one of the
keyserver pools, you may use
@example
gpg-connect-agent --dirmngr 'keyserver --dead pgpkeys.bnd.de' /bye
@end example
The description of the @code{keyserver} command can be printed using
@example
gpg-connect-agent --dirmngr 'help keyserver' /bye
@end example
@c
@c Assuan Protocol
@c
@manpause
@node Dirmngr Protocol
@section Dirmngr's Assuan Protocol
Assuan is the IPC protocol used to access dirmngr. This is a
description of the commands implemented by dirmngr.
@menu
* Dirmngr LOOKUP:: Look up a certificate via LDAP
* Dirmngr ISVALID:: Validate a certificate using a CRL or OCSP.
* Dirmngr CHECKCRL:: Validate a certificate using a CRL.
* Dirmngr CHECKOCSP:: Validate a certificate using OCSP.
* Dirmngr CACHECERT:: Put a certificate into the internal cache.
* Dirmngr VALIDATE:: Validate a certificate for debugging.
@end menu
@node Dirmngr LOOKUP
@subsection Return the certificate(s) found
Lookup certificate. To allow multiple patterns (which are ORed)
quoting is required: Spaces are to be translated into "+" or into
"%20"; obviously this requires that the usual escape quoting rules
are applied. The server responds with:
@example
S: D
S: END
S: D
S: END
S: OK
@end example
In this example 2 certificates are returned. The server may return
any number of certificates; OK will also be returned when no
certificates were found. The dirmngr might return a status line
@example
S: S TRUNCATED
@end example
To indicate that the output was truncated to N items due to a
limitation of the server or by an arbitrary set limit.
The option @option{--url} may be used if instead of a search pattern a
complete URL to the certificate is known:
@example
C: LOOKUP --url CN%3DWerner%20Koch,o%3DIntevation%20GmbH,c%3DDE?userCertificate
@end example
If the option @option{--cache-only} is given, no external lookup is done
so that only certificates from the cache are returned.
With the option @option{--single}, the first and only the first match
will be returned. Unless option @option{--cache-only} is also used, no
local lookup will be done in this case.
@node Dirmngr ISVALID
@subsection Validate a certificate using a CRL or OCSP
@example
ISVALID [--only-ocsp] [--force-default-responder] @var{certid}|@var{certfpr}
@end example
Check whether the certificate described by the @var{certid} has been
revoked. Due to caching, the Dirmngr is able to answer immediately in
most cases.
The @var{certid} is a hex encoded string consisting of two parts,
delimited by a single dot. The first part is the SHA-1 hash of the
issuer name and the second part the serial number.
Alternatively the certificate's SHA-1 fingerprint @var{certfpr} may be
given in which case an OCSP request is done before consulting the CRL.
If the option @option{--only-ocsp} is given, no fallback to a CRL check
will be used. If the option @option{--force-default-responder} is
given, only the default OCSP responder will be used and any other
methods of obtaining an OCSP responder URL won't be used.
@noindent
Common return values are:
@table @code
@item GPG_ERR_NO_ERROR (0)
This is the positive answer: The certificate is not revoked and we have
an up-to-date revocation list for that certificate. If OCSP was used
the responder confirmed that the certificate has not been revoked.
@item GPG_ERR_CERT_REVOKED
This is the negative answer: The certificate has been revoked. Either
it is in a CRL and that list is up to date or an OCSP responder informed
us that it has been revoked.
@item GPG_ERR_NO_CRL_KNOWN
No CRL is known for this certificate or the CRL is not valid or out of
date.
@item GPG_ERR_NO_DATA
The OCSP responder returned an ``unknown'' status. This means that it
is not aware of the certificate's status.
@item GPG_ERR_NOT_SUPPORTED
This is commonly seen if OCSP support has not been enabled in the
configuration.
@end table
If DirMngr has not enough information about the given certificate (which
is the case for not yet cached certificates), it will inquire the
missing data:
@example
S: INQUIRE SENDCERT
C: D
C: END
@end example
A client should be aware that DirMngr may ask for more than one
certificate.
If Dirmngr has a certificate but the signature of the certificate
could not been validated because the root certificate is not known to
dirmngr as trusted, it may ask back to see whether the client trusts
this the root certificate:
@example
S: INQUIRE ISTRUSTED
C: D 1
C: END
@end example
Only this answer will let Dirmngr consider the certificate as valid.
@node Dirmngr CHECKCRL
@subsection Validate a certificate using a CRL
Check whether the certificate with FINGERPRINT (SHA-1 hash of the
entire X.509 certificate blob) is valid or not by consulting the CRL
responsible for this certificate. If the fingerprint has not been
given or the certificate is not known, the function inquires the
certificate using:
@example
S: INQUIRE TARGETCERT
C: D
C: END
@end example
Thus the caller is expected to return the certificate for the request
(which should match FINGERPRINT) as a binary blob. Processing then
takes place without further interaction; in particular dirmngr tries
to locate other required certificate by its own mechanism which
includes a local certificate store as well as a list of trusted root
certificates.
@noindent
The return code is 0 for success; i.e. the certificate has not been
revoked or one of the usual error codes from libgpg-error.
@node Dirmngr CHECKOCSP
@subsection Validate a certificate using OCSP
@example
CHECKOCSP [--force-default-responder] [@var{fingerprint}]
@end example
Check whether the certificate with @var{fingerprint} (the SHA-1 hash of
the entire X.509 certificate blob) is valid by consulting the appropriate
OCSP responder. If the fingerprint has not been given or the
certificate is not known by Dirmngr, the function inquires the
certificate using:
@example
S: INQUIRE TARGETCERT
C: D
C: END
@end example
Thus the caller is expected to return the certificate for the request
(which should match @var{fingerprint}) as a binary blob. Processing
then takes place without further interaction; in particular dirmngr
tries to locate other required certificates by its own mechanism which
includes a local certificate store as well as a list of trusted root
certificates.
If the option @option{--force-default-responder} is given, only the
default OCSP responder is used. This option is the per-command variant
of the global option @option{--ignore-ocsp-service-url}.
@noindent
The return code is 0 for success; i.e. the certificate has not been
revoked or one of the usual error codes from libgpg-error.
@node Dirmngr CACHECERT
@subsection Put a certificate into the internal cache
Put a certificate into the internal cache. This command might be
useful if a client knows in advance certificates required for a test and
wants to make sure they get added to the internal cache. It is also
helpful for debugging. To get the actual certificate, this command
immediately inquires it using
@example
S: INQUIRE TARGETCERT
C: D
C: END
@end example
Thus the caller is expected to return the certificate for the request
as a binary blob.
@noindent
The return code is 0 for success; i.e. the certificate has not been
successfully cached or one of the usual error codes from libgpg-error.
@node Dirmngr VALIDATE
@subsection Validate a certificate for debugging
Validate a certificate using the certificate validation function used
internally by dirmngr. This command is only useful for debugging. To
get the actual certificate, this command immediately inquires it using
@example
S: INQUIRE TARGETCERT
C: D
C: END
@end example
Thus the caller is expected to return the certificate for the request
as a binary blob.
@mansect see also
@ifset isman
@command{gpgsm}(1),
@command{dirmngr-client}(1)
@end ifset
@include see-also-note.texi
@c
@c !!! UNDER CONSTRUCTION !!!
@c
@c
@c @section Verifying a Certificate
@c
@c There are several ways to request services from Dirmngr. Almost all of
@c them are done using the Assuan protocol. What we describe here is the
@c Assuan command CHECKCRL as used for example by the dirmnr-client tool if
@c invoked as
@c
@c @example
@c dirmngr-client foo.crt
@c @end example
@c
@c This command will send an Assuan request to an already running Dirmngr
@c instance. foo.crt is expected to be a standard X.509 certificate and
@c dirmngr will receive the Assuan command
@c
@c @example
@c CHECKCRL @var [{fingerprint}]
@c @end example
@c
@c @var{fingerprint} is optional and expected to be the SHA-1 has of the
@c DER encoding of the certificate under question. It is to be HEX
@c encoded. The rationale for sending the fingerprint is that it allows
@c dirmngr to reply immediately if it has already cached such a request. If
@c this is not the case and no certificate has been found in dirmngr's
@c internal certificate storage, dirmngr will request the certificate using
@c the Assuan inquiry
@c
@c @example
@c INQUIRE TARGETCERT
@c @end example
@c
@c The caller (in our example dirmngr-client) is then expected to return
@c the certificate for the request (which should match @var{fingerprint})
@c as a binary blob.
@c
@c Dirmngr now passes control to @code{crl_cache_cert_isvalid}. This
@c function checks whether a CRL item exists for target certificate. These
@c CRL items are kept in a database of already loaded and verified CRLs.
@c This mechanism is called the CRL cache. Obviously timestamps are kept
@c there with each item to cope with the expiration date of the CRL. The
@c possible return values are: @code{0} to indicate that a valid CRL is
@c available for the certificate and the certificate itself is not listed
@c in this CRL, @code{GPG_ERR_CERT_REVOKED} to indicate that the certificate is
@c listed in the CRL or @code{GPG_ERR_NO_CRL_KNOWN} in cases where no CRL or no
@c information is available. The first two codes are immediately returned to
@c the caller and the processing of this request has been done.
@c
@c Only the @code{GPG_ERR_NO_CRL_KNOWN} needs more attention: Dirmngr now
@c calls @code{clr_cache_reload_crl} and if this succeeds calls
@c @code{crl_cache_cert_isvald) once more. All further errors are
@c immediately returned to the caller.
@c
@c @code{crl_cache_reload_crl} is the actual heart of the CRL management.
@c It locates the corresponding CRL for the target certificate, reads and
@c verifies this CRL and stores it in the CRL cache. It works like this:
@c
@c * Loop over all crlDPs in the target certificate.
@c * If the crlDP is invalid immediately terminate the loop.
@c * Loop over all names in the current crlDP.
@c * If the URL scheme is unknown or not enabled
@c (--ignore-http-dp, --ignore-ldap-dp) continues with
@c the next name.
@c * @code{crl_fetch} is called to actually retrieve the CRL.
@c In case of problems this name is ignore and we continue with
@c the next name. Note that @code{crl_fetch} does only return
@c a descriptor for the CRL for further reading so does the CRL
@c does not yet end up in memory.
@c * @code{crl_cache_insert} is called with that descriptor to
@c actually read the CRL into the cache. See below for a
@c description of this function. If there is any error (e.g. read
@c problem, CRL not correctly signed or verification of signature
@c not possible), this descriptor is rejected and we continue
@c with the next name. If the CRL has been successfully loaded,
@c the loop is terminated.
@c * If no crlDP has been found in the previous loop use a default CRL.
@c Note, that if any crlDP has been found but loading of the CRL failed,
@c this condition is not true.
@c * Try to load a CRL from all configured servers (ldapservers.conf)
@c in turn. The first server returning a CRL is used.
@c * @code(crl_cache_insert) is then used to actually insert the CRL
@c into the cache. If this failed we give up immediately without
@c checking the rest of the servers from the first step.
@c * Ready.
@c
@c
@c The @code{crl_cache_insert} function takes care of reading the bulk of
@c the CRL, parsing it and checking the signature. It works like this: A
@c new database file is created using a temporary file name. The CRL
@c parsing machinery is started and all items of the CRL are put into
@c this database file. At the end the issuer certificate of the CRL
@c needs to be retrieved. Three cases are to be distinguished:
@c
@c a) An authorityKeyIdentifier with an issuer and serialno exits: The
@c certificate is retrieved using @code{find_cert_bysn}. If
@c the certificate is in the certificate cache, it is directly
@c returned. Then the requester (i.e. the client who requested the
@c CRL check) is asked via the Assuan inquiry ``SENDCERT'' whether
@c he can provide this certificate. If this succeed the returned
@c certificate gets cached and returned. Note, that dirmngr does not
@c verify in any way whether the expected certificate is returned.
@c It is in the interest of the client to return a useful certificate
@c as otherwise the service request will fail due to a bad signature.
@c The last way to get the certificate is by looking it up at
@c external resources. This is done using the @code{ca_cert_fetch}
@c and @code{fetch_next_ksba_cert} and comparing the returned
@c certificate to match the requested issuer and seriano (This is
@c needed because the LDAP layer may return several certificates as
@c LDAP as no standard way to retrieve by serial number).
@c
@c b) An authorityKeyIdentifier with a key ID exists: The certificate is
@c retrieved using @code{find_cert_bysubject}. If the certificate is
@c in the certificate cache, it is directly returned. Then the
@c requester is asked via the Assuan inquiry ``SENDCERT_SKI'' whether
@c he can provide this certificate. If this succeed the returned
@c certificate gets cached and returned. Note, that dirmngr does not
@c verify in any way whether the expected certificate is returned.
@c It is in the interest of the client to return a useful certificate
@c as otherwise the service request will fail due to a bad signature.
@c The last way to get the certificate is by looking it up at
@c external resources. This is done using the @code{ca_cert_fetch}
@c and @code{fetch_next_ksba_cert} and comparing the returned
@c certificate to match the requested subject and key ID.
@c
@c c) No authorityKeyIdentifier exits: The certificate is retrieved
@c using @code{find_cert_bysubject} without the key ID argument. If
@c the certificate is in the certificate cache the first one with a
@c matching subject is directly returned. Then the requester is
@c asked via the Assuan inquiry ``SENDCERT'' and an exact
@c specification of the subject whether he can
@c provide this certificate. If this succeed the returned
@c certificate gets cached and returned. Note, that dirmngr does not
@c verify in any way whether the expected certificate is returned.
@c It is in the interest of the client to return a useful certificate
@c as otherwise the service request will fail due to a bad signature.
@c The last way to get the certificate is by looking it up at
@c external resources. This is done using the @code{ca_cert_fetch}
@c and @code{fetch_next_ksba_cert} and comparing the returned
@c certificate to match the requested subject; the first certificate
@c with a matching subject is then returned.
@c
@c If no certificate was found, the function returns with the error
@c GPG_ERR_MISSING_CERT. Now the signature is verified. If this fails,
@c the error is returned. On success the @code{validate_cert_chain} is
@c used to verify that the certificate is actually valid.
@c
@c Here we may encounter a recursive situation:
@c @code{validate_cert_chain} needs to look at other certificates and
@c also at CRLs to check whether these other certificates and well, the
@c CRL issuer certificate itself are not revoked. FIXME: We need to make
@c sure that @code{validate_cert_chain} does not try to lookup the CRL we
@c are currently processing. This would be a catch-22 and may indicate a
@c broken PKI. However, due to overlapping expiring times and imprecise
@c clocks this may actually happen.
@c
@c For historical reasons the Assuan command ISVALID is a bit different
@c to CHECKCRL but this is mainly due to different calling conventions.
@c In the end the same fucntionality is used, albeit hidden by a couple
@c of indirection and argument and result code mangling. It furthere
@c ingetrages OCSP checking depending on options are the way it is
@c called. GPGSM still uses this command but might eventually switch over
@c to CHECKCRL and CHECKOCSP so that ISVALID can be retired.
@c
@c
@c @section Validating a certificate
@c
@c We describe here how the internal function @code{validate_cert_chain}
@c works. Note that mainly testing purposes this functionality may be
@c called directly using @cmd{dirmngr-client --validate @file{foo.crt}}.
@c
@c The function takes the target certificate and a mode argument as
@c parameters and returns an error code and optionally the closes
@c expiration time of all certificates in the chain.
@c
@c We first check that the certificate may be used for the requested
@c purpose (i.e. OCSP or CRL signing). If this is not the case
@c GPG_ERR_WRONG_KEY_USAGE is returned.
@c
@c The next step is to find the trust anchor (root certificate) and to
@c assemble the chain in memory: Starting with the target certificate,
@c the expiration time is checked against the current date, unknown
@c critical extensions are detected and certificate policies are matched
@c (We only allow 2.289.9.9 but I have no clue about that OID and from
@c where I got it - it does not even seem to be assigned - debug cruft?).
@c
@c Now if this certificate is a self-signed one, we have reached the
@c trust anchor. In this case we check that the signature is good, the
@c certificate is allowed to act as a CA, that it is a trusted one (by
@c checking whether it is has been put into the trusted-certs
@c configuration directory) and finally prepend into to our list
@c representing the certificate chain. This steps ends then.
@c
@c If it is not a self-signed certificate, we check that the chain won't
@c get too long (current limit is 100), if this is the case we terminate
@c with the error GPG_ERR_BAD_CERT_CHAIN.
@c
@c Now the issuer's certificate is looked up: If an
@c authorityKeyIdentifier is available, this one is used to locate the
@c certificate either using issuer and serialnumber or subject DN
@c (i.e. the issuer's DN) and the keyID. The functions
@c @code{find_cert_bysn) and @code{find_cert_bysubject} are used
@c respectively. The have already been described above under the
@c description of @code{crl_cache_insert}. If no certificate was found
@c or with no authorityKeyIdentifier, only the cache is consulted using
@c @code{get_cert_bysubject}. The latter is done under the assumption
@c that a matching certificate has explicitly been put into the
@c certificate cache. If the issuer's certificate could not be found,
@c the validation terminates with the error code @code{GPG_ERR_MISSING_CERT}.
@c
@c If the issuer's certificate has been found, the signature of the
@c actual certificate is checked and in case this fails the error
@c #code{GPG_ERR_BAD_CERT_CHAIN} is returned. If the signature checks out, the
@c maximum chain length of the issuing certificate is checked as well as
@c the capability of the certificate (i.e. whether he may be used for
@c certificate signing). Then the certificate is prepended to our list
@c representing the certificate chain. Finally the loop is continued now
@c with the issuer's certificate as the current certificate.
@c
@c After the end of the loop and if no error as been encountered
@c (i.e. the certificate chain has been assempled correctly), a check is
@c done whether any certificate expired or a critical policy has not been
@c met. In any of these cases the validation terminates with an
@c appropriate error.
@c
@c Finally the function @code{check_revocations} is called to verify no
@c certificate in the assempled chain has been revoked: This is an
@c recursive process because a CRL has to be checked for each certificate
@c in the chain except for the root certificate, of which we already know
@c that it is trusted and we avoid checking a CRL here due to common
@c setup problems and the assumption that a revoked root certificate has
@c been removed from the list of trusted certificates.
@c
@c
@c
@c
@c @section Looking up certificates through LDAP.
@c
@c This describes the LDAP layer to retrieve certificates.
@c the functions @code{ca_cert_fetch} and @code{fetch_next_ksba_cert} are
@c used for this. The first one starts a search and the second one is
@c used to retrieve certificate after certificate.
@c
diff --git a/doc/wks.texi b/doc/wks.texi
index ad239f132..48e534b7d 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -1,438 +1,438 @@
@c wks.texi - man pages for the Web Key Service tools.
@c Copyright (C) 2017 g10 Code GmbH
@c Copyright (C) 2017 Bundesamt für Sicherheit in der Informationstechnik
@c This is part of the GnuPG manual.
@c For copying conditions, see the file GnuPG.texi.
@include defs.inc
@node Web Key Service
@chapter Web Key Service
GnuPG comes with tools used to maintain and access a Web Key
Directory.
@menu
* gpg-wks-client:: Send requests via WKS
* gpg-wks-server:: Server to provide the WKS.
@end menu
@c
@c GPG-WKS-CLIENT
@c
@manpage gpg-wks-client.1
@node gpg-wks-client
@section Send requests via WKS
@ifset manverb
.B gpg-wks-client
\- Client for the Web Key Service
@end ifset
@mansect synopsis
@ifset manverb
.B gpg-wks-client
.RI [ options ]
.B \-\-supported
.I user-id
.br
.B gpg-wks-client
.RI [ options ]
.B \-\-check
.I user-id
.br
.B gpg-wks-client
.RI [ options ]
.B \-\-create
.I fingerprint
.I user-id
.br
.B gpg-wks-client
.RI [ options ]
.B \-\-receive
.br
.B gpg-wks-client
.RI [ options ]
.B \-\-read
@end ifset
@mansect description
The @command{gpg-wks-client} is used to send requests to a Web Key
-Service provider. This is usuallay done to upload a key into a Web
+Service provider. This is usually done to upload a key into a Web
Key Directory.
With the @option{--supported} command the caller can test whether a
site supports the Web Key Service. The argument is an arbitrary
address in the to be tested domain. For example
@file{foo@@example.net}. The command returns success if the Web Key
Service is supported. The operation is silent; to get diagnostic
output use the option @option{--verbose}. See option
@option{--with-colons} for a variant of this command.
With the @option{--check} command the caller can test whether a key
exists for a supplied mail address. The command returns success if a
key is available.
The @option{--create} command is used to send a request for
publication in the Web Key Directory. The arguments are the
fingerprint of the key and the user id to publish. The output from
the command is a properly formatted mail with all standard headers.
This mail can be fed to @command{sendmail(8)} or any other tool to
actually send that mail. If @command{sendmail(8)} is installed the
option @option{--send} can be used to directly send the created
request. If the provider request a 'mailbox-only' user id and no such
user id is found, @command{gpg-wks-client} will try an additional user
id.
The @option{--receive} and @option{--read} commands are used to
process confirmation mails as send from the service provider. The
former expects an encrypted MIME messages, the latter an already
decrypted MIME message. The result of these commands are another mail
which can be send in the same way as the mail created with
@option{--create}.
The command @option{--install-key} manually installs a key into a
local directory (see option @option{-C}) reflecting the structure of a
WKD. The arguments are a file with the keyblock and the user-id to
install. If the first argument resembles a fingerprint the key is
taken from the current keyring; to force the use of a file, prefix the
first argument with "./". If no arguments are given the parameters
are read from stdin; the expected format are lines with the
fingerprint and the mailbox separated by a space. The command
@option{--remove-key} removes a key from that directory, its only
argument is a user-id.
The command @option{--print-wkd-hash} prints the WKD user-id identifiers
and the corresponding mailboxes from the user-ids given on the command
line or via stdin (one user-id per line).
The command @option{--print-wkd-url} prints the URLs used to fetch the
key for the given user-ids from WKD. The meanwhile preferred format
with sub-domains is used here.
@mansect options
@noindent
@command{gpg-wks-client} understands these options:
@table @gnupgtabopt
@item --send
@opindex send
Directly send created mails using the @command{sendmail} command.
Requires installation of that command.
@item --with-colons
@opindex with-colons
This option has currently only an effect on the @option{--supported}
command. If it is used all arguments on the command line are taken
as domain names and tested for WKD support. The output format is one
line per domain with colon delimited fields. The currently specified
fields are (future versions may specify additional fields):
@table @asis
@item 1 - domain
This is the domain name. Although quoting is not required for valid
domain names this field is specified to be quoted in standard C
manner.
@item 2 - WKD
If the value is true the domain supports the Web Key Directory.
@item 3 - WKS
If the value is true the domain supports the Web Key Service
protocol to upload keys to the directory.
@item 4 - error-code
This may contain an gpg-error code to describe certain
failures. Use @samp{gpg-error CODE} to explain the code.
@item 5 - protocol-version
The minimum protocol version supported by the server.
@item 6 - auth-submit
The auth-submit flag from the policy file of the server.
@item 7 - mailbox-only
The mailbox-only flag from the policy file of the server.
@end table
@item --output @var{file}
@itemx -o
@opindex output
Write the created mail to @var{file} instead of stdout. Note that the
value @code{-} for @var{file} is the same as writing to stdout.
@item --status-fd @var{n}
@opindex status-fd
Write special status strings to the file descriptor @var{n}.
This program returns only the status messages SUCCESS or FAILURE which
are helpful when the caller uses a double fork approach and can't
easily get the return code of the process.
@item -C @var{dir}
@itemx --directory @var{dir}
@opindex directory
Use @var{dir} as top level directory for the commands
@option{--install-key} and @option{--remove-key}. The default is
@file{openpgpkey}.
@item --verbose
@opindex verbose
Enable extra informational output.
@item --quiet
@opindex quiet
Disable almost all informational output.
@item --version
@opindex version
Print version of the program and exit.
@item --help
@opindex help
Display a brief help page and exit.
@end table
@mansect see also
@ifset isman
@command{gpg-wks-server}(1)
@end ifset
@c
@c GPG-WKS-SERVER
@c
@manpage gpg-wks-server.1
@node gpg-wks-server
@section Provide the Web Key Service
@ifset manverb
.B gpg-wks-server
\- Server providing the Web Key Service
@end ifset
@mansect synopsis
@ifset manverb
.B gpg-wks-server
.RI [ options ]
.B \-\-receive
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-cron
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-list-domains
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-check-key
.I user-id
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-install-key
.I file
.I user-id
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-remove-key
.I user-id
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-revoke-key
.I user-id
@end ifset
@mansect description
The @command{gpg-wks-server} is a server side implementation of the
Web Key Service. It receives requests for publication, sends
confirmation requests, receives confirmations, and published the key.
It also has features to ease the setup and maintenance of a Web Key
Directory.
When used with the command @option{--receive} a single Web Key Service
mail is processed. Commonly this command is used with the option
@option{--send} to directly send the created mails back. See below
for an installation example.
The command @option{--cron} is used for regular cleanup tasks. For
example non-confirmed requested should be removed after their expire
time. It is best to run this command once a day from a cronjob.
The command @option{--list-domains} prints all configured domains.
Further it creates missing directories for the configuration and
prints warnings pertaining to problems in the configuration.
The command @option{--check-key} (or just @option{--check}) checks
whether a key with the given user-id is installed. The process returns
success in this case; to also print a diagnostic use the option
@option{-v}. If the key is not installed a diagnostic is printed and
the process returns failure; to suppress the diagnostic, use option
@option{-q}. More than one user-id can be given; see also option
@option{with-file}.
The command @option{--install-key} manually installs a key into the
WKD. The arguments are a file with the keyblock and the user-id to
install. If the first argument resembles a fingerprint the key is
taken from the current keyring; to force the use of a file, prefix the
first argument with "./". If no arguments are given the parameters
are read from stdin; the expected format are lines with the
fingerprint and the mailbox separated by a space.
The command @option{--remove-key} uninstalls a key from the WKD. The
process returns success in this case; to also print a diagnostic, use
option @option{-v}. If the key is not installed a diagnostic is
printed and the process returns failure; to suppress the diagnostic,
use option @option{-q}.
The command @option{--revoke-key} is not yet functional.
@mansect options
@noindent
@command{gpg-wks-server} understands these options:
@table @gnupgtabopt
@item -C @var{dir}
@itemx --directory @var{dir}
@opindex directory
Use @var{dir} as top level directory for domains. The default is
@file{/var/lib/gnupg/wks}.
@item --from @var{mailaddr}
@opindex from
Use @var{mailaddr} as the default sender address.
@item --header @var{name}=@var{value}
@opindex header
Add the mail header "@var{name}: @var{value}" to all outgoing mails.
@item --send
@opindex send
Directly send created mails using the @command{sendmail} command.
Requires installation of that command.
@item -o @var{file}
@itemx --output @var{file}
@opindex output
Write the created mail also to @var{file}. Note that the value
@code{-} for @var{file} would write it to stdout.
@item --with-dir
@opindex with-dir
When used with the command @option{--list-domains} print for each
installed domain the domain name and its directory name.
@item --with-file
@opindex with-file
When used with the command @option{--check-key} print for each user-id,
the address, 'i' for installed key or 'n' for not installed key, and
the filename.
@item --verbose
@opindex verbose
Enable extra informational output.
@item --quiet
@opindex quiet
Disable almost all informational output.
@item --version
@opindex version
Print version of the program and exit.
@item --help
@opindex help
Display a brief help page and exit.
@end table
@noindent
@mansect examples
@chapheading Examples
The Web Key Service requires a working directory to store keys
pending for publication. As root create a working directory:
@example
# mkdir /var/lib/gnupg/wks
# chown webkey:webkey /var/lib/gnupg/wks
# chmod 2750 /var/lib/gnupg/wks
@end example
Then under your webkey account create directories for all your
domains. Here we do it for "example.net":
@example
$ mkdir /var/lib/gnupg/wks/example.net
@end example
Finally run
@example
$ gpg-wks-server --list-domains
@end example
to create the required sub-directories with the permissions set
correctly. For each domain a submission address needs to be
configured. All service mails are directed to that address. It can
be the same address for all configured domains, for example:
@example
$ cd /var/lib/gnupg/wks/example.net
$ echo key-submission@@example.net >submission-address
@end example
The protocol requires that the key to be published is sent with an
encrypted mail to the service. Thus you need to create a key for
the submission address:
@example
$ gpg --batch --passphrase '' --quick-gen-key key-submission@@example.net
$ gpg -K key-submission@@example.net
@end example
The output of the last command looks similar to this:
@example
sec rsa3072 2016-08-30 [SC]
C0FCF8642D830C53246211400346653590B3795B
uid [ultimate] key-submission@@example.net
bxzcxpxk8h87z1k7bzk86xn5aj47intu@@example.net
ssb rsa3072 2016-08-30 [E]
@end example
Take the fingerprint from that output and manually publish the key:
@example
$ gpg-wks-server --install-key C0FCF8642D830C53246211400346653590B3795B \
> key-submission@@example.net
@end example
Finally that submission address needs to be redirected to a script
running @command{gpg-wks-server}. The @command{procmail} command can
be used for this: Redirect the submission address to the user "webkey"
and put this into webkey's @file{.procmailrc}:
@example
:0
* !^From: webkey@@example.net
* !^X-WKS-Loop: webkey.example.net
|gpg-wks-server -v --receive \
--header X-WKS-Loop=webkey.example.net \
--from webkey@@example.net --send
@end example
@mansect see also
@ifset isman
@command{gpg-wks-client}(1)
@end ifset