diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index f86ccb0ae..7aa07c716 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -1,2386 +1,2387 @@ /* dns-stuff.c - DNS related code including CERT RR (rfc-4398) * Copyright (C) 2003, 2005, 2006, 2009 Free Software Foundation, Inc. * Copyright (C) 2005, 2006, 2009, 2015. 2016 Werner Koch * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify * it under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #ifdef HAVE_W32_SYSTEM # define WIN32_LEAN_AND_MEAN # ifdef HAVE_WINSOCK2_H # include # endif # include # include #else # if HAVE_SYSTEM_RESOLVER # include # include # include # endif # include #endif #ifdef HAVE_STAT # include #endif #include #include /* William Ahern's DNS library, included as a source copy. */ #ifdef USE_LIBDNS # include "dns.h" #endif /* dns.c has a dns_p_free but it is not exported. We use our own * wrapper here so that we do not accidentally use xfree which would * be wrong for dns.c allocated data. */ #define dns_free(a) free ((a)) #ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ # undef USE_NPTH #endif #ifdef USE_NPTH # include #endif #include "./dirmngr-err.h" #include "../common/util.h" #include "../common/host2net.h" #include "dirmngr-status.h" #include "dns-stuff.h" #ifdef USE_NPTH # define my_unprotect() npth_unprotect () # define my_protect() npth_protect () #else # define my_unprotect() do { } while(0) # define my_protect() do { } while(0) #endif /* We allow the use of 0 instead of AF_UNSPEC - check this assumption. */ #if AF_UNSPEC != 0 # error AF_UNSPEC does not have the value 0 #endif /* Windows does not support the AI_ADDRCONFIG flag - use zero instead. */ #ifndef AI_ADDRCONFIG # define AI_ADDRCONFIG 0 #endif /* Not every installation has gotten around to supporting SRVs or CERTs yet... */ #ifndef T_SRV #define T_SRV 33 #endif #undef T_CERT #define T_CERT 37 /* The standard SOCKS and TOR ports. */ #define SOCKS_PORT 1080 #define TOR_PORT 9050 #define TOR_PORT2 9150 /* (Used by the Tor browser) */ /* The default nameserver used in Tor mode. */ #define DEFAULT_NAMESERVER "8.8.8.8" /* The default timeout in seconds for libdns requests. */ #define DEFAULT_TIMEOUT 30 #define RESOLV_CONF_NAME "/etc/resolv.conf" /* Two flags to enable verbose and debug mode. */ static int opt_verbose; static int opt_debug; /* The timeout in seconds for libdns requests. */ static int opt_timeout; /* The flag to disable IPv4 access - right now this only skips * returned A records. */ static int opt_disable_ipv4; /* The flag to disable IPv6 access - right now this only skips * returned AAAA records. */ static int opt_disable_ipv6; /* If set force the use of the standard resolver. */ static int standard_resolver; /* If set use recursive resolver when available. */ static int recursive_resolver; /* If set Tor mode shall be used. */ static int tor_mode; /* A string with the nameserver IP address used with Tor. (40 should be sufficient for v6 but we add some extra for a scope.) */ static char tor_nameserver[40+20]; /* Two strings to hold the credentials presented to Tor. */ static char tor_socks_user[30]; static char tor_socks_password[20]; #ifdef USE_LIBDNS /* Libdns global data. */ struct libdns_s { struct dns_resolv_conf *resolv_conf; struct dns_hosts *hosts; struct dns_hints *hints; struct sockaddr_storage socks_host; } libdns; /* If this flag is set, libdns shall be reinited for the next use. */ static int libdns_reinit_pending; /* The Tor port to be used. */ static int libdns_tor_port; #endif /*USE_LIBDNS*/ /* Calling this function with YES set to True forces the use of the * standard resolver even if dirmngr has been built with support for * an alternative resolver. */ void enable_standard_resolver (int yes) { standard_resolver = yes; } /* Return true if the standard resolver is used. */ int standard_resolver_p (void) { return standard_resolver; } /* Calling this function with YES switches libdns into recursive mode. * It has no effect on the standard resolver. */ void enable_recursive_resolver (int yes) { recursive_resolver = yes; #ifdef USE_LIBDNS libdns_reinit_pending = 1; #endif } /* Return true iff the recursive resolver is used. */ int recursive_resolver_p (void) { #if USE_LIBDNS return !standard_resolver && recursive_resolver; #else return 0; #endif } /* Puts this module eternally into Tor mode. When called agained with * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */ void enable_dns_tormode (int new_circuit) { if (!*tor_socks_user || new_circuit) { static unsigned int counter; gpgrt_snprintf (tor_socks_user, sizeof tor_socks_user, "dirmngr-%lu", (unsigned long)getpid ()); gpgrt_snprintf (tor_socks_password, sizeof tor_socks_password, "p%u", counter); counter++; } tor_mode = 1; } /* Disable tor mode. */ void disable_dns_tormode (void) { tor_mode = 0; } /* Set verbosity and debug mode for this module. */ void set_dns_verbose (int verbose, int debug) { opt_verbose = verbose; opt_debug = debug; } /* Set the Disable-IPv4 flag so that the name resolver does not return * A addresses. */ void set_dns_disable_ipv4 (int yes) { opt_disable_ipv4 = !!yes; } /* Set the Disable-IPv6 flag so that the name resolver does not return * AAAA addresses. */ void set_dns_disable_ipv6 (int yes) { opt_disable_ipv6 = !!yes; } /* Set the timeout for libdns requests to SECONDS. A value of 0 sets * the default timeout and values are capped at 10 minutes. */ void set_dns_timeout (int seconds) { if (!seconds) seconds = DEFAULT_TIMEOUT; else if (seconds < 1) seconds = 1; else if (seconds > 600) seconds = 600; opt_timeout = seconds; } /* Change the default IP address of the nameserver to IPADDR. The address needs to be a numerical IP address and will be used for the next DNS query. Note that this is only used in Tor mode. */ void set_dns_nameserver (const char *ipaddr) { strncpy (tor_nameserver, ipaddr? ipaddr : DEFAULT_NAMESERVER, sizeof tor_nameserver -1); tor_nameserver[sizeof tor_nameserver -1] = 0; #ifdef USE_LIBDNS libdns_reinit_pending = 1; libdns_tor_port = 0; /* Start again with the default port. */ #endif } /* Free an addressinfo linked list as returned by resolve_dns_name. */ void free_dns_addrinfo (dns_addrinfo_t ai) { while (ai) { dns_addrinfo_t next = ai->next; xfree (ai); ai = next; } } #ifndef HAVE_W32_SYSTEM /* Return H_ERRNO mapped to a gpg-error code. Will never return 0. */ static gpg_error_t get_h_errno_as_gpg_error (void) { gpg_err_code_t ec; switch (h_errno) { case HOST_NOT_FOUND: ec = GPG_ERR_NO_NAME; break; case TRY_AGAIN: ec = GPG_ERR_TRY_LATER; break; case NO_RECOVERY: ec = GPG_ERR_SERVER_FAILED; break; case NO_DATA: ec = GPG_ERR_NO_DATA; break; default: ec = GPG_ERR_UNKNOWN_ERRNO; break; } return gpg_error (ec); } #endif /*!HAVE_W32_SYSTEM*/ static gpg_error_t map_eai_to_gpg_error (int ec) { gpg_error_t err; switch (ec) { case EAI_AGAIN: err = gpg_error (GPG_ERR_EAGAIN); break; case EAI_BADFLAGS: err = gpg_error (GPG_ERR_INV_FLAG); break; case EAI_FAIL: err = gpg_error (GPG_ERR_SERVER_FAILED); break; case EAI_MEMORY: err = gpg_error (GPG_ERR_ENOMEM); break; #ifdef EAI_NODATA case EAI_NODATA: err = gpg_error (GPG_ERR_NO_DATA); break; #endif case EAI_NONAME: err = gpg_error (GPG_ERR_NO_NAME); break; case EAI_SERVICE: err = gpg_error (GPG_ERR_NOT_SUPPORTED); break; case EAI_FAMILY: err = gpg_error (GPG_ERR_EAFNOSUPPORT); break; case EAI_SOCKTYPE: err = gpg_error (GPG_ERR_ESOCKTNOSUPPORT); break; #ifndef HAVE_W32_SYSTEM # ifdef EAI_ADDRFAMILY case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break; # endif case EAI_SYSTEM: err = gpg_error_from_syserror (); break; #endif default: err = gpg_error (GPG_ERR_UNKNOWN_ERRNO); break; } return err; } #ifdef USE_LIBDNS static gpg_error_t libdns_error_to_gpg_error (int serr) { gpg_err_code_t ec; switch (serr) { case 0: ec = 0; break; case DNS_ENOBUFS: ec = GPG_ERR_BUFFER_TOO_SHORT; break; case DNS_EILLEGAL: ec = GPG_ERR_INV_OBJ; break; case DNS_EORDER: ec = GPG_ERR_INV_ORDER; break; case DNS_ESECTION: ec = GPG_ERR_DNS_SECTION; break; case DNS_EUNKNOWN: ec = GPG_ERR_DNS_UNKNOWN; break; case DNS_EADDRESS: ec = GPG_ERR_DNS_ADDRESS; break; case DNS_ENOQUERY: ec = GPG_ERR_DNS_NO_QUERY; break; case DNS_ENOANSWER:ec = GPG_ERR_DNS_NO_ANSWER; break; case DNS_EFETCHED: ec = GPG_ERR_ALREADY_FETCHED; break; case DNS_ESERVICE: ec = GPG_ERR_NOT_SUPPORTED; break; case DNS_ENONAME: ec = GPG_ERR_NO_NAME; break; case DNS_EFAIL: ec = GPG_ERR_SERVER_FAILED; break; case DNS_ECONNFIN: ec = GPG_ERR_DNS_CLOSED; break; case DNS_EVERIFY: ec = GPG_ERR_DNS_VERIFY; break; default: if (serr >= 0) ec = gpg_err_code_from_errno (serr); else ec = GPG_ERR_DNS_UNKNOWN; break; } return gpg_error (ec); } #endif /*USE_LIBDNS*/ /* Return true if resolve.conf changed since it was last loaded. */ #ifdef USE_LIBDNS static int resolv_conf_changed_p (void) { #if defined(HAVE_W32_SYSTEM) || !defined(HAVE_STAT) return 0; #else static time_t last_mtime; const char *fname = RESOLV_CONF_NAME; struct stat statbuf; int changed = 0; if (stat (fname, &statbuf)) { log_error ("stat'ing '%s' failed: %s\n", fname, gpg_strerror (gpg_error_from_syserror ())); last_mtime = 1; /* Force a "changed" result the next time stat * works. */ } else if (!last_mtime) last_mtime = statbuf.st_mtime; else if (last_mtime != statbuf.st_mtime) { changed = 1; last_mtime = statbuf.st_mtime; } return changed; #endif } #endif /*USE_LIBDNS*/ #ifdef USE_LIBDNS /* Initialize libdns. Returns 0 on success; prints a diagnostic and * returns an error code on failure. */ static gpg_error_t libdns_init (ctrl_t ctrl) { gpg_error_t err; struct libdns_s ld; int derr; char *cfgstr = NULL; const char *fname = NULL; if (libdns.resolv_conf) return 0; /* Already initialized. */ memset (&ld, 0, sizeof ld); ld.resolv_conf = dns_resconf_open (&derr); if (!ld.resolv_conf) { err = libdns_error_to_gpg_error (derr); log_error ("failed to allocate DNS resconf object: %s\n", gpg_strerror (err)); goto leave; } if (tor_mode) { if (!*tor_nameserver) set_dns_nameserver (NULL); if (!libdns_tor_port) libdns_tor_port = TOR_PORT; cfgstr = xtryasprintf ("[%s]:53", tor_nameserver); if (!cfgstr) err = gpg_error_from_syserror (); else err = libdns_error_to_gpg_error (dns_resconf_pton (&ld.resolv_conf->nameserver[0], cfgstr)); if (err) log_error ("failed to set nameserver '%s': %s\n", cfgstr, gpg_strerror (err)); if (err) goto leave; ld.resolv_conf->options.tcp = DNS_RESCONF_TCP_SOCKS; xfree (cfgstr); cfgstr = xtryasprintf ("[%s]:%d", "127.0.0.1", libdns_tor_port); if (!cfgstr) err = gpg_error_from_syserror (); else err = libdns_error_to_gpg_error (dns_resconf_pton (&ld.socks_host, cfgstr)); if (err) { log_error ("failed to set socks server '%s': %s\n", cfgstr, gpg_strerror (err)); goto leave; } } else { #ifdef HAVE_W32_SYSTEM ULONG ninfo_len; PFIXED_INFO ninfo; PIP_ADDR_STRING pip; int idx; ninfo_len = 2048; ninfo = xtrymalloc (ninfo_len); if (!ninfo) { err = gpg_error_from_syserror (); goto leave; } if (GetNetworkParams (ninfo, &ninfo_len)) { log_error ("GetNetworkParms failed: %s\n", w32_strerror (-1)); err = gpg_error (GPG_ERR_GENERAL); xfree (ninfo); goto leave; } for (idx=0, pip = &(ninfo->DnsServerList); pip && idx < DIM (ld.resolv_conf->nameserver); pip = pip->Next) { if (opt_debug) log_debug ("dns: dnsserver[%d] '%s'\n", idx, pip->IpAddress.String); err = libdns_error_to_gpg_error (dns_resconf_pton (&ld.resolv_conf->nameserver[idx], pip->IpAddress.String)); if (err) log_error ("failed to set nameserver[%d] '%s': %s\n", idx, pip->IpAddress.String, gpg_strerror (err)); else idx++; } xfree (ninfo); #else /* Unix */ fname = RESOLV_CONF_NAME; resolv_conf_changed_p (); /* Reset timestamp. */ err = libdns_error_to_gpg_error (dns_resconf_loadpath (ld.resolv_conf, fname)); if (err) { log_error ("failed to load '%s': %s\n", fname, gpg_strerror (err)); goto leave; } fname = "/etc/nsswitch.conf"; err = libdns_error_to_gpg_error (dns_nssconf_loadpath (ld.resolv_conf, fname)); if (err) { /* This is not a fatal error: nsswitch.conf is not used on * all systems; assume classic behavior instead. */ if (gpg_err_code (err) != GPG_ERR_ENOENT) log_error ("failed to load '%s': %s\n", fname, gpg_strerror (err)); if (opt_debug) log_debug ("dns: fallback resolution order, files then DNS\n"); ld.resolv_conf->lookup[0] = 'f'; ld.resolv_conf->lookup[1] = 'b'; ld.resolv_conf->lookup[2] = '\0'; err = GPG_ERR_NO_ERROR; } else if (!strchr (ld.resolv_conf->lookup, 'b')) { /* No DNS resolution type found in the list. This might be * due to systemd based systems which allow for custom * keywords which are not known to us and thus we do not * know whether DNS is wanted or not. Because DNS is * important for our infrastructure, we forcefully append * DNS to the end of the list. */ if (strlen (ld.resolv_conf->lookup)+2 < sizeof ld.resolv_conf->lookup) { if (opt_debug) log_debug ("dns: appending DNS to resolution order\n"); strcat (ld.resolv_conf->lookup, "b"); } else log_error ("failed to append DNS to resolution order\n"); } #endif /* Unix */ } ld.hosts = dns_hosts_open (&derr); if (!ld.hosts) { err = libdns_error_to_gpg_error (derr); log_error ("failed to initialize hosts file: %s\n", gpg_strerror (err)); goto leave; } { #if HAVE_W32_SYSTEM char *hosts_path = xtryasprintf ("%s\\System32\\drivers\\etc\\hosts", getenv ("SystemRoot")); if (! hosts_path) { err = gpg_error_from_syserror (); goto leave; } derr = dns_hosts_loadpath (ld.hosts, hosts_path); xfree (hosts_path); #else derr = dns_hosts_loadpath (ld.hosts, "/etc/hosts"); #endif if (derr) { err = libdns_error_to_gpg_error (derr); log_error ("failed to load hosts file: %s\n", gpg_strerror (err)); err = 0; /* Do not bail out - having no /etc/hosts is legal. */ } } ld.resolv_conf->options.recurse = recursive_resolver_p (); /* dns_hints_local for stub mode, dns_hints_root for recursive. */ ld.hints = (recursive_resolver ? dns_hints_root (ld.resolv_conf, &derr) : dns_hints_local (ld.resolv_conf, &derr)); if (!ld.hints) { err = libdns_error_to_gpg_error (derr); log_error ("failed to load DNS hints: %s\n", gpg_strerror (err)); fname = "[dns hints]"; goto leave; } /* All fine. Make the data global. */ libdns = ld; if (opt_debug) log_debug ("dns: libdns initialized%s\n", tor_mode?" (tor mode)":""); leave: if (!fname) fname = cfgstr; if (err && fname) dirmngr_status_printf (ctrl, "WARNING", "dns_config_problem %u" " error accessing '%s': %s <%s>", err, fname, gpg_strerror (err), gpg_strsource (err)); xfree (cfgstr); return err; } #endif /*USE_LIBDNS*/ #ifdef USE_LIBDNS /* Deinitialize libdns. */ static void libdns_deinit (void) { struct libdns_s ld; if (!libdns.resolv_conf) return; /* Not initialized. */ ld = libdns; memset (&libdns, 0, sizeof libdns); dns_hints_close (ld.hints); dns_hosts_close (ld.hosts); dns_resconf_close (ld.resolv_conf); } #endif /*USE_LIBDNS*/ /* SIGHUP action handler for this module. With FORCE set objects are * all immediately released. */ void reload_dns_stuff (int force) { #ifdef USE_LIBDNS if (force) { libdns_deinit (); libdns_reinit_pending = 0; } else { libdns_reinit_pending = 1; libdns_tor_port = 0; /* Start again with the default port. */ } #else (void)force; #endif } #ifdef USE_LIBDNS /* * Initialize libdns if needed and open a dns_resolver context. * Returns 0 on success and stores the new context at R_RES. On * failure an error code is returned and NULL stored at R_RES. */ static gpg_error_t libdns_res_open (ctrl_t ctrl, struct dns_resolver **r_res) { gpg_error_t err; struct dns_resolver *res; int derr; *r_res = NULL; /* Force a reload if resolv.conf has changed. */ if (resolv_conf_changed_p ()) { if (opt_debug) log_debug ("dns: resolv.conf changed - forcing reload\n"); libdns_reinit_pending = 1; } if (libdns_reinit_pending) { libdns_reinit_pending = 0; libdns_deinit (); } err = libdns_init (ctrl); if (err) return err; if (!opt_timeout) set_dns_timeout (0); res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL, dns_opts (.socks_host = &libdns.socks_host, .socks_user = tor_socks_user, .socks_password = tor_socks_password ), &derr); if (!res) return libdns_error_to_gpg_error (derr); *r_res = res; return 0; } #endif /*USE_LIBDNS*/ #ifdef USE_LIBDNS /* Helper to test whether we need to try again after having switched * the Tor port. */ static int libdns_switch_port_p (gpg_error_t err) { if (tor_mode && gpg_err_code (err) == GPG_ERR_ECONNREFUSED && libdns_tor_port == TOR_PORT) { /* Switch port and try again. */ if (opt_debug) log_debug ("dns: switching from SOCKS port %d to %d\n", TOR_PORT, TOR_PORT2); libdns_tor_port = TOR_PORT2; libdns_reinit_pending = 1; return 1; } return 0; } #endif /*USE_LIBDNS*/ #ifdef USE_LIBDNS /* Wrapper around dns_res_submit. */ static gpg_error_t libdns_res_submit (struct dns_resolver *res, const char *qname, enum dns_type qtype, enum dns_class qclass) { return libdns_error_to_gpg_error (dns_res_submit (res, qname, qtype, qclass)); } #endif /*USE_LIBDNS*/ #ifdef USE_LIBDNS /* Standard event handling loop. */ gpg_error_t libdns_res_wait (struct dns_resolver *res) { gpg_error_t err; while ((err = libdns_error_to_gpg_error (dns_res_check (res))) && gpg_err_code (err) == GPG_ERR_EAGAIN) { if (dns_res_elapsed (res) > opt_timeout) { err = gpg_error (GPG_ERR_DNS_TIMEOUT); break; } my_unprotect (); dns_res_poll (res, 1); my_protect (); } return err; } #endif /*USE_LIBDNS*/ #ifdef USE_LIBDNS static gpg_error_t resolve_name_libdns (ctrl_t ctrl, const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_dai, char **r_canonname) { gpg_error_t err; dns_addrinfo_t daihead = NULL; dns_addrinfo_t dai; struct dns_resolver *res = NULL; struct dns_addrinfo *ai = NULL; struct addrinfo hints; struct addrinfo *ent; char portstr_[21]; char *portstr = NULL; char *namebuf = NULL; int derr; *r_dai = NULL; if (r_canonname) *r_canonname = NULL; memset (&hints, 0, sizeof hints); hints.ai_family = want_family; hints.ai_socktype = want_socktype; hints.ai_flags = AI_ADDRCONFIG; if (r_canonname) hints.ai_flags |= AI_CANONNAME; if (port) { snprintf (portstr_, sizeof portstr_, "%hu", port); portstr = portstr_; } err = libdns_res_open (ctrl, &res); if (err) goto leave; if (is_ip_address (name)) { hints.ai_flags |= AI_NUMERICHOST; /* libdns does not grok brackets - remove them. */ if (*name == '[' && name[strlen(name)-1] == ']') { namebuf = xtrymalloc (strlen (name)); if (!namebuf) { err = gpg_error_from_syserror (); goto leave; } strcpy (namebuf, name+1); namebuf[strlen (namebuf)-1] = 0; name = namebuf; } } ai = dns_ai_open (name, portstr, 0, &hints, res, &derr); if (!ai) { err = libdns_error_to_gpg_error (derr); goto leave; } /* Loop over all records. */ for (;;) { err = libdns_error_to_gpg_error (dns_ai_nextent (&ent, ai)); if (gpg_err_code (err) == GPG_ERR_ENOENT) { if (daihead) err = 0; /* We got some results, we're good. */ break; /* Ready. */ } if (gpg_err_code (err) == GPG_ERR_EAGAIN) { if (dns_ai_elapsed (ai) > opt_timeout) { err = gpg_error (GPG_ERR_DNS_TIMEOUT); goto leave; } my_unprotect (); dns_ai_poll (ai, 1); my_protect (); continue; } if (err) goto leave; if (r_canonname && ! *r_canonname && ent && ent->ai_canonname) { *r_canonname = xtrystrdup (ent->ai_canonname); if (!*r_canonname) { err = gpg_error_from_syserror (); goto leave; } /* Libdns appends the root zone part which is problematic * for most other functions - strip it. */ if (**r_canonname && (*r_canonname)[strlen (*r_canonname)-1] == '.') (*r_canonname)[strlen (*r_canonname)-1] = 0; } dai = xtrymalloc (sizeof *dai); if (dai == NULL) { err = gpg_error_from_syserror (); goto leave; } dai->family = ent->ai_family; dai->socktype = ent->ai_socktype; dai->protocol = ent->ai_protocol; dai->addrlen = ent->ai_addrlen; memcpy (dai->addr, ent->ai_addr, ent->ai_addrlen); dai->next = daihead; daihead = dai; xfree (ent); } leave: dns_ai_close (ai); dns_res_close (res); if (err) { if (r_canonname) { xfree (*r_canonname); *r_canonname = NULL; } free_dns_addrinfo (daihead); } else *r_dai = daihead; xfree (namebuf); return err; } #endif /*USE_LIBDNS*/ /* Resolve a name using the standard system function. */ static gpg_error_t resolve_name_standard (ctrl_t ctrl, const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_dai, char **r_canonname) { gpg_error_t err = 0; dns_addrinfo_t daihead = NULL; dns_addrinfo_t dai; struct addrinfo *aibuf = NULL; struct addrinfo hints, *ai; char portstr[21]; int ret; *r_dai = NULL; if (r_canonname) *r_canonname = NULL; memset (&hints, 0, sizeof hints); hints.ai_family = want_family; hints.ai_socktype = want_socktype; hints.ai_flags = AI_ADDRCONFIG; if (r_canonname) hints.ai_flags |= AI_CANONNAME; if (is_ip_address (name)) hints.ai_flags |= AI_NUMERICHOST; if (port) snprintf (portstr, sizeof portstr, "%hu", port); else *portstr = 0; /* We can't use the AI_IDN flag because that does the conversion using the current locale. However, GnuPG always used UTF-8. To support IDN we would need to make use of the libidn API. */ ret = getaddrinfo (name, *portstr? portstr : NULL, &hints, &aibuf); if (ret) { aibuf = NULL; err = map_eai_to_gpg_error (ret); if (gpg_err_code (err) == GPG_ERR_NO_NAME) { /* There seems to be a bug in the glibc getaddrinfo function if the CNAME points to a long list of A and AAAA records in which case the function return NO_NAME. Let's do the CNAME redirection again. */ char *cname; if (get_dns_cname (ctrl, name, &cname)) goto leave; /* Still no success. */ ret = getaddrinfo (cname, *portstr? portstr : NULL, &hints, &aibuf); xfree (cname); if (ret) { aibuf = NULL; err = map_eai_to_gpg_error (ret); goto leave; } err = 0; /* Yep, now it worked. */ } else goto leave; } if (r_canonname && aibuf && aibuf->ai_canonname) { *r_canonname = xtrystrdup (aibuf->ai_canonname); if (!*r_canonname) { err = gpg_error_from_syserror (); goto leave; } } for (ai = aibuf; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET6 && ai->ai_family != AF_INET) continue; if (opt_disable_ipv4 && ai->ai_family == AF_INET) continue; if (opt_disable_ipv6 && ai->ai_family == AF_INET6) continue; dai = xtrymalloc (sizeof *dai); dai->family = ai->ai_family; dai->socktype = ai->ai_socktype; dai->protocol = ai->ai_protocol; dai->addrlen = ai->ai_addrlen; memcpy (dai->addr, ai->ai_addr, ai->ai_addrlen); dai->next = daihead; daihead = dai; } leave: if (aibuf) freeaddrinfo (aibuf); if (err) { if (r_canonname) { xfree (*r_canonname); *r_canonname = NULL; } free_dns_addrinfo (daihead); } else *r_dai = daihead; return err; } /* This a wrapper around getaddrinfo with slightly different semantics. - NAME is the name to resolve. - PORT is the requested port or 0. - WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4. - WANT_SOCKETTYPE is either SOCK_STREAM or SOCK_DGRAM. - - On success the result is stored in a linked list with the head - stored at the address R_AI; the caller must call gpg_addrinfo_free - on this. If R_CANONNAME is not NULL the official name of the host - is stored there as a malloced string; if that name is not available - NULL is stored. */ + * NAME is the name to resolve. + * PORT is the requested port or 0. + * WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4. + * WANT_SOCKETTYPE is either 0 for any socket type + * or SOCK_STREAM or SOCK_DGRAM. + * + * On success the result is stored in a linked list with the head + * stored at the address R_AI; the caller must call free_dns_addrinfo + * on this. If R_CANONNAME is not NULL the official name of the host + * is stored there as a malloced string; if that name is not available + * NULL is stored. */ gpg_error_t resolve_dns_name (ctrl_t ctrl, const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_ai, char **r_canonname) { gpg_error_t err; #ifdef USE_LIBDNS if (!standard_resolver) { err = resolve_name_libdns (ctrl, name, port, want_family, want_socktype, r_ai, r_canonname); if (err && libdns_switch_port_p (err)) err = resolve_name_libdns (ctrl, name, port, want_family, want_socktype, r_ai, r_canonname); } else #endif /*USE_LIBDNS*/ err = resolve_name_standard (ctrl, name, port, want_family, want_socktype, r_ai, r_canonname); if (opt_debug) log_debug ("dns: resolve_dns_name(%s): %s\n", name, gpg_strerror (err)); return err; } #ifdef USE_LIBDNS /* Resolve an address using libdns. */ static gpg_error_t resolve_addr_libdns (ctrl_t ctrl, const struct sockaddr_storage *addr, int addrlen, unsigned int flags, char **r_name) { gpg_error_t err; char host[DNS_D_MAXNAME + 1]; struct dns_resolver *res = NULL; struct dns_packet *ans = NULL; struct dns_ptr ptr; int derr; *r_name = NULL; /* First we turn ADDR into a DNS name (with ".arpa" suffix). */ err = 0; if (addr->ss_family == AF_INET6) { const struct sockaddr_in6 *a6 = (const struct sockaddr_in6 *)addr; if (!dns_aaaa_arpa (host, sizeof host, (void*)&a6->sin6_addr)) err = gpg_error (GPG_ERR_INV_OBJ); } else if (addr->ss_family == AF_INET) { const struct sockaddr_in *a4 = (const struct sockaddr_in *)addr; if (!dns_a_arpa (host, sizeof host, (void*)&a4->sin_addr)) err = gpg_error (GPG_ERR_INV_OBJ); } else err = gpg_error (GPG_ERR_EAFNOSUPPORT); if (err) goto leave; err = libdns_res_open (ctrl, &res); if (err) goto leave; err = libdns_res_submit (res, host, DNS_T_PTR, DNS_C_IN); if (err) goto leave; err = libdns_res_wait (res); if (err) goto leave; ans = dns_res_fetch (res, &derr); if (!ans) { err = libdns_error_to_gpg_error (derr); goto leave; } /* Check the rcode. */ switch (dns_p_rcode (ans)) { case DNS_RC_NOERROR: break; case DNS_RC_NXDOMAIN: err = gpg_error (GPG_ERR_NO_NAME); break; default: err = GPG_ERR_SERVER_FAILED; goto leave; } /* Parse the result. */ if (!err) { struct dns_rr rr; struct dns_rr_i rri; memset (&rri, 0, sizeof rri); dns_rr_i_init (&rri, ans); rri.section = DNS_S_ALL & ~DNS_S_QD; rri.name = host; rri.type = DNS_T_PTR; if (!dns_rr_grep (&rr, 1, &rri, ans, &derr)) { err = gpg_error (GPG_ERR_NOT_FOUND); goto leave; } err = libdns_error_to_gpg_error (dns_ptr_parse (&ptr, &rr, ans)); if (err) goto leave; /* Copy result. */ *r_name = xtrystrdup (ptr.host); if (!*r_name) { err = gpg_error_from_syserror (); goto leave; } /* Libdns appends the root zone part which is problematic * for most other functions - strip it. */ if (**r_name && (*r_name)[strlen (*r_name)-1] == '.') (*r_name)[strlen (*r_name)-1] = 0; } else /* GPG_ERR_NO_NAME */ { char *buffer, *p; int buflen; int ec; buffer = ptr.host; buflen = sizeof ptr.host; p = buffer; if (addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET)) { *p++ = '['; buflen -= 2; } ec = getnameinfo ((const struct sockaddr *)addr, addrlen, p, buflen, NULL, 0, NI_NUMERICHOST); if (ec) { err = map_eai_to_gpg_error (ec); goto leave; } if (addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET)) strcat (buffer, "]"); } leave: dns_free (ans); dns_res_close (res); return err; } #endif /*USE_LIBDNS*/ /* Resolve an address using the standard system function. */ static gpg_error_t resolve_addr_standard (const struct sockaddr_storage *addr, int addrlen, unsigned int flags, char **r_name) { gpg_error_t err; int ec; char *buffer, *p; int buflen; *r_name = NULL; buflen = NI_MAXHOST; buffer = xtrymalloc (buflen + 2 + 1); if (!buffer) return gpg_error_from_syserror (); if ((flags & DNS_NUMERICHOST) || tor_mode) ec = EAI_NONAME; else ec = getnameinfo ((const struct sockaddr *)addr, addrlen, buffer, buflen, NULL, 0, NI_NAMEREQD); if (!ec && *buffer == '[') ec = EAI_FAIL; /* A name may never start with a bracket. */ else if (ec == EAI_NONAME) { p = buffer; if (addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET)) { *p++ = '['; buflen -= 2; } ec = getnameinfo ((const struct sockaddr *)addr, addrlen, p, buflen, NULL, 0, NI_NUMERICHOST); if (!ec && addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET)) strcat (buffer, "]"); } if (ec) err = map_eai_to_gpg_error (ec); else { p = xtryrealloc (buffer, strlen (buffer)+1); if (!p) err = gpg_error_from_syserror (); else { buffer = p; err = 0; } } if (err) xfree (buffer); else *r_name = buffer; return err; } /* A wrapper around getnameinfo. */ gpg_error_t resolve_dns_addr (ctrl_t ctrl, const struct sockaddr_storage *addr, int addrlen, unsigned int flags, char **r_name) { gpg_error_t err; #ifdef USE_LIBDNS /* Note that we divert to the standard resolver for NUMERICHOST. */ if (!standard_resolver && !(flags & DNS_NUMERICHOST)) { err = resolve_addr_libdns (ctrl, addr, addrlen, flags, r_name); if (err && libdns_switch_port_p (err)) err = resolve_addr_libdns (ctrl, addr, addrlen, flags, r_name); } else #endif /*USE_LIBDNS*/ err = resolve_addr_standard (addr, addrlen, flags, r_name); if (opt_debug) log_debug ("dns: resolve_dns_addr(): %s\n", gpg_strerror (err)); return err; } /* Check whether NAME is an IP address. Returns a true if it is * either an IPv6 or a IPv4 numerical address. The actual return * values can also be used to identify whether it is v4 or v6: The * true value will surprisingly be 4 for IPv4 and 6 for IPv6. */ int is_ip_address (const char *name) { const char *s; int ndots, dblcol, n; if (*name == '[') return 6; /* yes: A legal DNS name may not contain this character; this must be bracketed v6 address. */ if (*name == '.') return 0; /* No. A leading dot is not a valid IP address. */ /* Check whether this is a v6 address. */ ndots = n = dblcol = 0; for (s=name; *s; s++) { if (*s == ':') { ndots++; if (s[1] == ':') { ndots++; if (dblcol) return 0; /* No: Only one "::" allowed. */ dblcol++; if (s[1]) s++; } n = 0; } else if (*s == '.') goto legacy; else if (!strchr ("0123456789abcdefABCDEF", *s)) return 0; /* No: Not a hex digit. */ else if (++n > 4) return 0; /* To many digits in a group. */ } if (ndots > 7) return 0; /* No: Too many colons. */ else if (ndots > 1) return 6; /* Yes: At least 2 colons indicate an v6 address. */ legacy: /* Check whether it is legacy IP address. */ ndots = n = 0; for (s=name; *s; s++) { if (*s == '.') { if (s[1] == '.') return 0; /* No: Double dot. */ if (atoi (s+1) > 255) return 0; /* No: Ipv4 byte value too large. */ ndots++; n = 0; } else if (!strchr ("0123456789", *s)) return 0; /* No: Not a digit. */ else if (++n > 3) return 0; /* No: More than 3 digits. */ } return (ndots == 3)? 4 : 0; } /* Return true if NAME is an onion address. */ int is_onion_address (const char *name) { size_t len; len = name? strlen (name) : 0; if (len < 8 || strcmp (name + len - 6, ".onion")) return 0; /* Note that we require at least 2 characters before the suffix. */ return 1; /* Yes. */ } /* libdns version of get_dns_cert. */ #ifdef USE_LIBDNS static gpg_error_t get_dns_cert_libdns (ctrl_t ctrl, const char *name, int want_certtype, void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, char **r_url) { gpg_error_t err; struct dns_resolver *res = NULL; struct dns_packet *ans = NULL; struct dns_rr rr; struct dns_rr_i rri; char host[DNS_D_MAXNAME + 1]; int derr; int qtype; /* Get the query type from WANT_CERTTYPE (which in general indicates * the subtype we want). */ qtype = (want_certtype < DNS_CERTTYPE_RRBASE ? T_CERT : (want_certtype - DNS_CERTTYPE_RRBASE)); err = libdns_res_open (ctrl, &res); if (err) goto leave; if (dns_d_anchor (host, sizeof host, name, strlen (name)) >= sizeof host) { err = gpg_error (GPG_ERR_ENAMETOOLONG); goto leave; } err = libdns_res_submit (res, name, qtype, DNS_C_IN); if (err) goto leave; err = libdns_res_wait (res); if (err) goto leave; ans = dns_res_fetch (res, &derr); if (!ans) { err = libdns_error_to_gpg_error (derr); goto leave; } /* Check the rcode. */ switch (dns_p_rcode (ans)) { case DNS_RC_NOERROR: break; case DNS_RC_NXDOMAIN: err = gpg_error (GPG_ERR_NO_NAME); break; default: err = GPG_ERR_SERVER_FAILED; break; } if (err) goto leave; memset (&rri, 0, sizeof rri); dns_rr_i_init (&rri, ans); rri.section = DNS_S_ALL & ~DNS_S_QD; rri.name = host; rri.type = qtype; err = gpg_error (GPG_ERR_NOT_FOUND); while (dns_rr_grep (&rr, 1, &rri, ans, &derr)) { unsigned char *rp = ans->data + rr.rd.p; unsigned short len = rr.rd.len; u16 subtype; if (!len) { /* Definitely too short - skip. */ } else if (want_certtype >= DNS_CERTTYPE_RRBASE && rr.type == (want_certtype - DNS_CERTTYPE_RRBASE) && r_key) { *r_key = xtrymalloc (len); if (!*r_key) err = gpg_error_from_syserror (); else { memcpy (*r_key, rp, len); *r_keylen = len; err = 0; } goto leave; } else if (want_certtype >= DNS_CERTTYPE_RRBASE) { /* We did not found the requested RR - skip. */ } else if (rr.type == T_CERT && len > 5) { /* We got a CERT type. */ subtype = buf16_to_u16 (rp); rp += 2; len -= 2; /* Skip the CERT key tag and algo which we don't need. */ rp += 3; len -= 3; if (want_certtype && want_certtype != subtype) ; /* Not the requested subtype - skip. */ else if (subtype == DNS_CERTTYPE_PGP && len && r_key && r_keylen) { /* PGP subtype */ *r_key = xtrymalloc (len); if (!*r_key) err = gpg_error_from_syserror (); else { memcpy (*r_key, rp, len); *r_keylen = len; err = 0; } goto leave; } else if (subtype == DNS_CERTTYPE_IPGP && len && len < 1023 && len >= rp[0] + 1) { /* IPGP type */ *r_fprlen = rp[0]; if (*r_fprlen) { *r_fpr = xtrymalloc (*r_fprlen); if (!*r_fpr) { err = gpg_error_from_syserror (); goto leave; } memcpy (*r_fpr, rp+1, *r_fprlen); } else *r_fpr = NULL; if (len > *r_fprlen + 1) { *r_url = xtrymalloc (len - (*r_fprlen + 1) + 1); if (!*r_url) { err = gpg_error_from_syserror (); xfree (*r_fpr); *r_fpr = NULL; goto leave; } memcpy (*r_url, rp + *r_fprlen + 1, len - (*r_fprlen + 1)); (*r_url)[len - (*r_fprlen + 1)] = 0; } else *r_url = NULL; err = 0; goto leave; } else { /* Unknown subtype or record too short - skip. */ } } else { /* Not a requested type - skip. */ } } leave: dns_free (ans); dns_res_close (res); return err; } #endif /*USE_LIBDNS*/ /* Standard resolver version of get_dns_cert. */ static gpg_error_t get_dns_cert_standard (const char *name, int want_certtype, void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, char **r_url) { #ifdef HAVE_SYSTEM_RESOLVER gpg_error_t err; unsigned char *answer; int r; u16 count; /* Allocate a 64k buffer which is the limit for an DNS response. */ answer = xtrymalloc (65536); if (!answer) return gpg_error_from_syserror (); err = gpg_error (GPG_ERR_NOT_FOUND); r = res_query (name, C_IN, (want_certtype < DNS_CERTTYPE_RRBASE ? T_CERT : (want_certtype - DNS_CERTTYPE_RRBASE)), answer, 65536); /* Not too big, not too small, no errors and at least 1 answer. */ if (r >= sizeof (HEADER) && r <= 65536 && (((HEADER *)(void *) answer)->rcode) == NOERROR && (count = ntohs (((HEADER *)(void *) answer)->ancount))) { int rc; unsigned char *pt, *emsg; emsg = &answer[r]; pt = &answer[sizeof (HEADER)]; /* Skip over the query */ rc = dn_skipname (pt, emsg); if (rc == -1) { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } pt += rc + QFIXEDSZ; /* There are several possible response types for a CERT request. We're interested in the PGP (a key) and IPGP (a URI) types. Skip all others. TODO: A key is better than a URI since we've gone through all this bother to fetch it, so favor that if we have both PGP and IPGP? */ while (count-- > 0 && pt < emsg) { u16 type, class, dlen, ctype; rc = dn_skipname (pt, emsg); /* the name we just queried for */ if (rc == -1) { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } pt += rc; /* Truncated message? 15 bytes takes us to the point where we start looking at the ctype. */ if ((emsg - pt) < 15) break; type = buf16_to_u16 (pt); pt += 2; class = buf16_to_u16 (pt); pt += 2; if (class != C_IN) break; /* ttl */ pt += 4; /* data length */ dlen = buf16_to_u16 (pt); pt += 2; /* Check the type and parse. */ if (want_certtype >= DNS_CERTTYPE_RRBASE && type == (want_certtype - DNS_CERTTYPE_RRBASE) && r_key) { *r_key = xtrymalloc (dlen); if (!*r_key) err = gpg_error_from_syserror (); else { memcpy (*r_key, pt, dlen); *r_keylen = dlen; err = 0; } goto leave; } else if (want_certtype >= DNS_CERTTYPE_RRBASE) { /* We did not found the requested RR. */ pt += dlen; } else if (type == T_CERT) { /* We got a CERT type. */ ctype = buf16_to_u16 (pt); pt += 2; /* Skip the CERT key tag and algo which we don't need. */ pt += 3; dlen -= 5; /* 15 bytes takes us to here */ if (want_certtype && want_certtype != ctype) ; /* Not of the requested certtype. */ else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen) { /* PGP type */ *r_key = xtrymalloc (dlen); if (!*r_key) err = gpg_error_from_syserror (); else { memcpy (*r_key, pt, dlen); *r_keylen = dlen; err = 0; } goto leave; } else if (ctype == DNS_CERTTYPE_IPGP && dlen && dlen < 1023 && dlen >= pt[0] + 1) { /* IPGP type */ *r_fprlen = pt[0]; if (*r_fprlen) { *r_fpr = xtrymalloc (*r_fprlen); if (!*r_fpr) { err = gpg_error_from_syserror (); goto leave; } memcpy (*r_fpr, &pt[1], *r_fprlen); } else *r_fpr = NULL; if (dlen > *r_fprlen + 1) { *r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1); if (!*r_url) { err = gpg_error_from_syserror (); xfree (*r_fpr); *r_fpr = NULL; goto leave; } memcpy (*r_url, &pt[*r_fprlen + 1], dlen - (*r_fprlen + 1)); (*r_url)[dlen - (*r_fprlen + 1)] = '\0'; } else *r_url = NULL; err = 0; goto leave; } /* No subtype matches, so continue with the next answer. */ pt += dlen; } else { /* Not a requested type - might be a CNAME. Try next item. */ pt += dlen; } } } leave: xfree (answer); return err; #else /*!HAVE_SYSTEM_RESOLVER*/ (void)name; (void)want_certtype; (void)r_key; (void)r_keylen; (void)r_fpr; (void)r_fprlen; (void)r_url; return gpg_error (GPG_ERR_NOT_SUPPORTED); #endif /*!HAVE_SYSTEM_RESOLVER*/ } /* Returns 0 on success or an error code. If a PGP CERT record was found, the malloced data is returned at (R_KEY, R_KEYLEN) and the other return parameters are set to NULL/0. If an IPGP CERT record was found the fingerprint is stored as an allocated block at R_FPR and its length at R_FPRLEN; an URL is allocated as a string and returned at R_URL. If WANT_CERTTYPE is 0 this function returns the first CERT found with a supported type; it is expected that only one CERT record is used. If WANT_CERTTYPE is one of the supported certtypes only records with this certtype are considered and the first found is returned. (R_KEY,R_KEYLEN) are optional. */ gpg_error_t get_dns_cert (ctrl_t ctrl, const char *name, int want_certtype, void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, char **r_url) { gpg_error_t err; if (r_key) *r_key = NULL; if (r_keylen) *r_keylen = 0; *r_fpr = NULL; *r_fprlen = 0; *r_url = NULL; #ifdef USE_LIBDNS if (!standard_resolver) { err = get_dns_cert_libdns (ctrl, name, want_certtype, r_key, r_keylen, r_fpr, r_fprlen, r_url); if (err && libdns_switch_port_p (err)) err = get_dns_cert_libdns (ctrl, name, want_certtype, r_key, r_keylen, r_fpr, r_fprlen, r_url); } else #endif /*USE_LIBDNS*/ err = get_dns_cert_standard (name, want_certtype, r_key, r_keylen, r_fpr, r_fprlen, r_url); if (opt_debug) log_debug ("dns: get_dns_cert(%s): %s\n", name, gpg_strerror (err)); return err; } static int priosort(const void *a,const void *b) { const struct srventry *sa=a,*sb=b; if(sa->priority>sb->priority) return 1; else if(sa->prioritypriority) return -1; else return 0; } /* Libdns based helper for getsrv. Note that it is expected that NULL * is stored at the address of LIST and 0 is stored at the address of * R_COUNT. */ #ifdef USE_LIBDNS static gpg_error_t getsrv_libdns (ctrl_t ctrl, const char *name, struct srventry **list, unsigned int *r_count) { gpg_error_t err; struct dns_resolver *res = NULL; struct dns_packet *ans = NULL; struct dns_rr rr; struct dns_rr_i rri; char host[DNS_D_MAXNAME + 1]; int derr; unsigned int srvcount = 0; err = libdns_res_open (ctrl, &res); if (err) goto leave; if (dns_d_anchor (host, sizeof host, name, strlen (name)) >= sizeof host) { err = gpg_error (GPG_ERR_ENAMETOOLONG); goto leave; } err = libdns_res_submit (res, name, DNS_T_SRV, DNS_C_IN); if (err) goto leave; err = libdns_res_wait (res); if (err) goto leave; ans = dns_res_fetch (res, &derr); if (!ans) { err = libdns_error_to_gpg_error (derr); goto leave; } /* Check the rcode. */ switch (dns_p_rcode (ans)) { case DNS_RC_NOERROR: break; case DNS_RC_NXDOMAIN: err = gpg_error (GPG_ERR_NO_NAME); break; default: err = GPG_ERR_SERVER_FAILED; break; } if (err) goto leave; memset (&rri, 0, sizeof rri); dns_rr_i_init (&rri, ans); rri.section = DNS_S_ALL & ~DNS_S_QD; rri.name = host; rri.type = DNS_T_SRV; while (dns_rr_grep (&rr, 1, &rri, ans, &derr)) { struct dns_srv dsrv; struct srventry *srv; struct srventry *newlist; err = libdns_error_to_gpg_error (dns_srv_parse(&dsrv, &rr, ans)); if (err) goto leave; newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry)); if (!newlist) { err = gpg_error_from_syserror (); goto leave; } *list = newlist; memset (&(*list)[srvcount], 0, sizeof(struct srventry)); srv = &(*list)[srvcount]; srvcount++; srv->priority = dsrv.priority; srv->weight = dsrv.weight; srv->port = dsrv.port; mem2str (srv->target, dsrv.target, sizeof srv->target); /* Libdns appends the root zone part which is problematic for * most other functions - strip it. */ if (*srv->target && (srv->target)[strlen (srv->target)-1] == '.') (srv->target)[strlen (srv->target)-1] = 0; } *r_count = srvcount; leave: if (err) { xfree (*list); *list = NULL; } dns_free (ans); dns_res_close (res); return err; } #endif /*USE_LIBDNS*/ /* Standard resolver based helper for getsrv. Note that it is * expected that NULL is stored at the address of LIST and 0 is stored * at the address of R_COUNT. */ static gpg_error_t getsrv_standard (const char *name, struct srventry **list, unsigned int *r_count) { #ifdef HAVE_SYSTEM_RESOLVER union { unsigned char ans[2048]; HEADER header[1]; } res; unsigned char *answer = res.ans; HEADER *header = res.header; unsigned char *pt, *emsg; int r, rc; u16 dlen; unsigned int srvcount = 0; u16 count; /* Do not allow a query using the standard resolver in Tor mode. */ if (tor_mode) return gpg_error (GPG_ERR_NOT_ENABLED); my_unprotect (); r = res_query (name, C_IN, T_SRV, answer, sizeof res.ans); my_protect (); if (r < 0) return get_h_errno_as_gpg_error (); if (r < sizeof (HEADER)) return gpg_error (GPG_ERR_SERVER_FAILED); if (r > sizeof res.ans) return gpg_error (GPG_ERR_SYSTEM_BUG); if (header->rcode != NOERROR || !(count=ntohs (header->ancount))) return gpg_error (GPG_ERR_NO_NAME); /* Error or no record found. */ emsg = &answer[r]; pt = &answer[sizeof(HEADER)]; /* Skip over the query */ rc = dn_skipname (pt, emsg); if (rc == -1) goto fail; pt += rc + QFIXEDSZ; while (count-- > 0 && pt < emsg) { struct srventry *srv; u16 type, class; struct srventry *newlist; newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry)); if (!newlist) goto fail; *list = newlist; memset (&(*list)[srvcount], 0, sizeof(struct srventry)); srv = &(*list)[srvcount]; srvcount++; rc = dn_skipname (pt, emsg); /* The name we just queried for. */ if (rc == -1) goto fail; pt += rc; /* Truncated message? */ if ((emsg-pt) < 16) goto fail; type = buf16_to_u16 (pt); pt += 2; /* We asked for SRV and got something else !? */ if (type != T_SRV) goto fail; class = buf16_to_u16 (pt); pt += 2; /* We asked for IN and got something else !? */ if (class != C_IN) goto fail; pt += 4; /* ttl */ dlen = buf16_to_u16 (pt); pt += 2; srv->priority = buf16_to_ushort (pt); pt += 2; srv->weight = buf16_to_ushort (pt); pt += 2; srv->port = buf16_to_ushort (pt); pt += 2; /* Get the name. 2782 doesn't allow name compression, but * dn_expand still works to pull the name out of the packet. */ rc = dn_expand (answer, emsg, pt, srv->target, sizeof srv->target); if (rc == 1 && srv->target[0] == 0) /* "." */ { xfree(*list); *list = NULL; return 0; } if (rc == -1) goto fail; pt += rc; /* Corrupt packet? */ if (dlen != rc+6) goto fail; } *r_count = srvcount; return 0; fail: xfree (*list); *list = NULL; return gpg_error (GPG_ERR_GENERAL); #else /*!HAVE_SYSTEM_RESOLVER*/ (void)name; (void)list; (void)r_count; return gpg_error (GPG_ERR_NOT_SUPPORTED); #endif /*!HAVE_SYSTEM_RESOLVER*/ } /* Query a SRV record for SERVICE and PROTO for NAME. If SERVICE is * NULL, NAME is expected to contain the full query name. Note that * we do not return NONAME but simply store 0 at R_COUNT. On error an * error code is returned and 0 stored at R_COUNT. */ gpg_error_t get_dns_srv (ctrl_t ctrl, const char *name, const char *service, const char *proto, struct srventry **list, unsigned int *r_count) { gpg_error_t err; char *namebuffer = NULL; unsigned int srvcount; int i; *list = NULL; *r_count = 0; srvcount = 0; /* If SERVICE is given construct the query from it and PROTO. */ if (service) { namebuffer = xtryasprintf ("_%s._%s.%s", service, proto? proto:"tcp", name); if (!namebuffer) { err = gpg_error_from_syserror (); goto leave; } name = namebuffer; } #ifdef USE_LIBDNS if (!standard_resolver) { err = getsrv_libdns (ctrl, name, list, &srvcount); if (err && libdns_switch_port_p (err)) err = getsrv_libdns (ctrl, name, list, &srvcount); } else #endif /*USE_LIBDNS*/ err = getsrv_standard (name, list, &srvcount); if (err) { if (gpg_err_code (err) == GPG_ERR_NO_NAME) err = 0; goto leave; } /* Now we have an array of all the srv records. */ /* Order by priority */ qsort(*list,srvcount,sizeof(struct srventry),priosort); /* For each priority, move the zero-weighted items first. */ for (i=0; i < srvcount; i++) { int j; for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++) { if((*list)[j].weight==0) { /* Swap j with i */ if(j!=i) { struct srventry temp; memcpy (&temp,&(*list)[j],sizeof(struct srventry)); memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry)); memcpy (&(*list)[i],&temp,sizeof(struct srventry)); } break; } } } /* Run the RFC-2782 weighting algorithm. We don't need very high quality randomness for this, so regular libc srand/rand is sufficient. */ { static int done; if (!done) { done = 1; srand (time (NULL)*getpid()); } } for (i=0; i < srvcount; i++) { int j; float prio_count=0,chose; for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++) { prio_count+=(*list)[j].weight; (*list)[j].run_count=prio_count; } chose=prio_count*rand()/RAND_MAX; for (j=i;j %u records\n", name, srvcount); } if (!err) *r_count = srvcount; xfree (namebuffer); return err; } #ifdef USE_LIBDNS /* libdns version of get_dns_cname. */ gpg_error_t get_dns_cname_libdns (ctrl_t ctrl, const char *name, char **r_cname) { gpg_error_t err; struct dns_resolver *res; struct dns_packet *ans = NULL; struct dns_cname cname; int derr; err = libdns_res_open (ctrl, &res); if (err) goto leave; err = libdns_res_submit (res, name, DNS_T_CNAME, DNS_C_IN); if (err) goto leave; err = libdns_res_wait (res); if (err) goto leave; ans = dns_res_fetch (res, &derr); if (!ans) { err = libdns_error_to_gpg_error (derr); goto leave; } /* Check the rcode. */ switch (dns_p_rcode (ans)) { case DNS_RC_NOERROR: break; case DNS_RC_NXDOMAIN: err = gpg_error (GPG_ERR_NO_NAME); break; default: err = GPG_ERR_SERVER_FAILED; break; } if (err) goto leave; /* Parse the result into CNAME. */ err = libdns_error_to_gpg_error (dns_p_study (ans)); if (err) goto leave; if (!dns_d_cname (&cname, sizeof cname, name, strlen (name), ans, &derr)) { err = libdns_error_to_gpg_error (derr); goto leave; } /* Copy result. */ *r_cname = xtrystrdup (cname.host); if (!*r_cname) err = gpg_error_from_syserror (); else { /* Libdns appends the root zone part which is problematic * for most other functions - strip it. */ if (**r_cname && (*r_cname)[strlen (*r_cname)-1] == '.') (*r_cname)[strlen (*r_cname)-1] = 0; } leave: dns_free (ans); dns_res_close (res); return err; } #endif /*USE_LIBDNS*/ /* Standard resolver version of get_dns_cname. */ gpg_error_t get_dns_cname_standard (const char *name, char **r_cname) { #ifdef HAVE_SYSTEM_RESOLVER gpg_error_t err; int rc; union { unsigned char ans[2048]; HEADER header[1]; } res; unsigned char *answer = res.ans; HEADER *header = res.header; unsigned char *pt, *emsg; int r; char *cname; int cnamesize = 1025; u16 count; /* Do not allow a query using the standard resolver in Tor mode. */ if (tor_mode) return -1; my_unprotect (); r = res_query (name, C_IN, T_CERT, answer, sizeof res.ans); my_protect (); if (r < 0) return get_h_errno_as_gpg_error (); if (r < sizeof (HEADER)) return gpg_error (GPG_ERR_SERVER_FAILED); if (r > sizeof res.ans) return gpg_error (GPG_ERR_SYSTEM_BUG); if (header->rcode != NOERROR || !(count=ntohs (header->ancount))) return gpg_error (GPG_ERR_NO_NAME); /* Error or no record found. */ if (count != 1) return gpg_error (GPG_ERR_SERVER_FAILED); emsg = &answer[r]; pt = &answer[sizeof(HEADER)]; rc = dn_skipname (pt, emsg); if (rc == -1) return gpg_error (GPG_ERR_SERVER_FAILED); pt += rc + QFIXEDSZ; if (pt >= emsg) return gpg_error (GPG_ERR_SERVER_FAILED); rc = dn_skipname (pt, emsg); if (rc == -1) return gpg_error (GPG_ERR_SERVER_FAILED); pt += rc + 2 + 2 + 4; if (pt+2 >= emsg) return gpg_error (GPG_ERR_SERVER_FAILED); pt += 2; /* Skip rdlen */ cname = xtrymalloc (cnamesize); if (!cname) return gpg_error_from_syserror (); rc = dn_expand (answer, emsg, pt, cname, cnamesize -1); if (rc == -1) { xfree (cname); return gpg_error (GPG_ERR_SERVER_FAILED); } *r_cname = xtryrealloc (cname, strlen (cname)+1); if (!*r_cname) { err = gpg_error_from_syserror (); xfree (cname); return err; } return 0; #else /*!HAVE_SYSTEM_RESOLVER*/ (void)name; (void)r_cname; return gpg_error (GPG_ERR_NOT_IMPLEMENTED); #endif /*!HAVE_SYSTEM_RESOLVER*/ } gpg_error_t get_dns_cname (ctrl_t ctrl, const char *name, char **r_cname) { gpg_error_t err; *r_cname = NULL; #ifdef USE_LIBDNS if (!standard_resolver) { err = get_dns_cname_libdns (ctrl, name, r_cname); if (err && libdns_switch_port_p (err)) err = get_dns_cname_libdns (ctrl, name, r_cname); return err; } #endif /*USE_LIBDNS*/ err = get_dns_cname_standard (name, r_cname); if (opt_debug) log_debug ("get_dns_cname(%s)%s%s\n", name, err ? ": " : " -> ", err ? gpg_strerror (err) : *r_cname); return err; } diff --git a/dirmngr/domaininfo.c b/dirmngr/domaininfo.c index a2effffef..f6263b06d 100644 --- a/dirmngr/domaininfo.c +++ b/dirmngr/domaininfo.c @@ -1,291 +1,291 @@ /* domaininfo.c - Gather statistics about accessed domains * Copyright (C) 2017 Werner Koch * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * * SPDX-License-Identifier: GPL-3.0+ */ #include #include #include #include "dirmngr.h" /* Number of bucket for the hash array and limit for the length of a * bucket chain. For debugging values of 13 and 10 are more suitable * and a command like * for j in a b c d e f g h i j k l m n o p q r s t u v w z y z; do \ * for i in a b c d e f g h i j k l m n o p q r s t u v w z y z; do \ * gpg-connect-agent --dirmngr "wkd_get foo@$i.$j.gnupg.net" /bye \ * >/dev/null ; done; done * will quickly add a couple of domains. */ #define NO_OF_DOMAINBUCKETS 103 #define MAX_DOMAINBUCKET_LEN 20 /* Object to keep track of a domain name. */ struct domaininfo_s { struct domaininfo_s *next; unsigned int no_name:1; /* Domain name not found. */ unsigned int wkd_not_found:1; /* A WKD query failed. */ unsigned int wkd_supported:1; /* One WKD entry was found. */ unsigned int wkd_not_supported:1; /* Definitely does not support WKD. */ char name[1]; }; typedef struct domaininfo_s *domaininfo_t; /* And the hashed array. */ static domaininfo_t domainbuckets[NO_OF_DOMAINBUCKETS]; /* The hash function we use. Must not call a system function. */ static inline u32 hash_domain (const char *domain) { const unsigned char *s = (const unsigned char*)domain; u32 hashval = 0; u32 carry; for (; *s; s++) { if (*s == '.') continue; hashval = (hashval << 4) + *s; if ((carry = (hashval & 0xf0000000))) { hashval ^= (carry >> 24); hashval ^= carry; } } return hashval % NO_OF_DOMAINBUCKETS; } void domaininfo_print_stats (void) { int bidx; domaininfo_t di; int count, no_name, wkd_not_found, wkd_supported, wkd_not_supported; int len, minlen, maxlen; count = no_name = wkd_not_found = wkd_supported = wkd_not_supported = 0; maxlen = 0; minlen = -1; for (bidx = 0; bidx < NO_OF_DOMAINBUCKETS; bidx++) { len = 0; for (di = domainbuckets[bidx]; di; di = di->next) { count++; len++; if (di->no_name) no_name++; if (di->wkd_not_found) wkd_not_found++; if (di->wkd_supported) wkd_supported++; if (di->wkd_not_supported) wkd_not_supported++; } if (len > maxlen) maxlen = len; if (minlen == -1 || len < minlen) minlen = len; } log_info ("domaininfo: items=%d chainlen=%d..%d nn=%d nf=%d ns=%d s=%d\n", count, minlen > 0? minlen : 0, maxlen, no_name, wkd_not_found, wkd_not_supported, wkd_supported); } -/* Return true if DOMAIN definitely does not support WKD. Noet that +/* Return true if DOMAIN definitely does not support WKD. Note that * DOMAIN is expected to be lowercase. */ int domaininfo_is_wkd_not_supported (const char *domain) { domaininfo_t di; for (di = domainbuckets[hash_domain (domain)]; di; di = di->next) if (!strcmp (di->name, domain)) return !!di->wkd_not_supported; return 0; /* We don't know. */ } /* Core update function. DOMAIN is expected to be lowercase. * CALLBACK is called to update the existing or the newly inserted * item. */ static void insert_or_update (const char *domain, void (*callback)(domaininfo_t di, int insert_mode)) { domaininfo_t di; domaininfo_t di_new; domaininfo_t di_cut; u32 hash; int count; hash = hash_domain (domain); for (di = domainbuckets[hash]; di; di = di->next) if (!strcmp (di->name, domain)) { callback (di, 0); /* Update */ return; } di_new = xtrycalloc (1, sizeof *di + strlen (domain)); if (!di_new) return; /* Out of core - we ignore this. */ strcpy (di_new->name, domain); /* Need to do another lookup because the malloc is a system call and * thus the hash array may have been changed by another thread. */ di_cut = NULL; for (count=0, di = domainbuckets[hash]; di; di = di->next, count++) if (!strcmp (di->name, domain)) { callback (di, 0); /* Update */ xfree (di_new); return; } /* Before we insert we need to check whether the chain gets too long. */ di_cut = NULL; if (count >= MAX_DOMAINBUCKET_LEN) { for (count=0, di = domainbuckets[hash]; di; di = di->next, count++) if (count >= MAX_DOMAINBUCKET_LEN/2) { di_cut = di->next; di->next = NULL; break; } } /* Insert */ callback (di_new, 1); di = di_new; di->next = domainbuckets[hash]; domainbuckets[hash] = di; /* Remove the rest of the cutted chain. */ while (di_cut) { di = di_cut->next; xfree (di_cut); di_cut = di; } } /* Helper for domaininfo_set_no_name. */ static void set_no_name_cb (domaininfo_t di, int insert_mode) { (void)insert_mode; di->no_name = 1; /* Obviously the domain is in this case also not supported. */ di->wkd_not_supported = 1; /* The next should already be 0 but we clear it anyway in the case * of a temporary DNS failure. */ di->wkd_supported = 0; } /* Mark DOMAIN as not existent. */ void domaininfo_set_no_name (const char *domain) { insert_or_update (domain, set_no_name_cb); } /* Helper for domaininfo_set_wkd_supported. */ static void set_wkd_supported_cb (domaininfo_t di, int insert_mode) { (void)insert_mode; di->wkd_supported = 1; /* The next will already be set unless the domain enabled WKD in the * meantime. Thus we need to clear it. */ di->wkd_not_supported = 0; } /* Mark DOMAIN as supporting WKD. */ void domaininfo_set_wkd_supported (const char *domain) { insert_or_update (domain, set_wkd_supported_cb); } /* Helper for domaininfo_set_wkd_not_supported. */ static void set_wkd_not_supported_cb (domaininfo_t di, int insert_mode) { (void)insert_mode; di->wkd_not_supported = 1; di->wkd_supported = 0; } /* Mark DOMAIN as not supporting WKD queries (e.g. no policy file). */ void domaininfo_set_wkd_not_supported (const char *domain) { insert_or_update (domain, set_wkd_not_supported_cb); } /* Helper for domaininfo_set_wkd_not_found. */ static void set_wkd_not_found_cb (domaininfo_t di, int insert_mode) { /* Set the not found flag but there is no need to do this if we * already know that the domain either does not support WKD or we * know that it supports WKD. */ if (insert_mode) di->wkd_not_found = 1; else if (!di->wkd_not_supported && !di->wkd_supported) di->wkd_not_found = 1; /* Better clear this flag in case we had a DNS failure in the * past. */ di->no_name = 0; } /* Update a counter for DOMAIN to keep track of failed WKD queries. */ void domaininfo_set_wkd_not_found (const char *domain) { insert_or_update (domain, set_wkd_not_found_cb); } diff --git a/dirmngr/server.c b/dirmngr/server.c index ac2562031..4a242539b 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -1,3055 +1,3103 @@ /* server.c - LDAP and Keyserver access server * Copyright (C) 2002 Klarälvdalens Datakonsult AB * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2011, 2015 g10 Code GmbH * Copyright (C) 2014, 2015, 2016 Werner Koch * Copyright (C) 2016 Bundesamt für Sicherheit in der Informationstechnik * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * * SPDX-License-Identifier: GPL-3.0+ */ #include #include #include #include #include #include #include #include #include #include #include "dirmngr.h" #include #include "crlcache.h" #include "crlfetch.h" #if USE_LDAP # include "ldapserver.h" #endif #include "ocsp.h" #include "certcache.h" #include "validate.h" #include "misc.h" #if USE_LDAP # include "ldap-wrapper.h" #endif #include "ks-action.h" #include "ks-engine.h" /* (ks_hkp_print_hosttable) */ #if USE_LDAP # include "ldap-parse-uri.h" #endif #include "dns-stuff.h" #include "../common/mbox-util.h" #include "../common/zb32.h" #include "../common/server-help.h" /* To avoid DoS attacks we limit the size of a certificate to something reasonable. The DoS was actually only an issue back when Dirmngr was a system service and not a user service. */ #define MAX_CERT_LENGTH (16*1024) /* The limit for the CERTLIST inquiry. We allow for up to 20 * certificates but also take PEM encoding into account. */ #define MAX_CERTLIST_LENGTH ((MAX_CERT_LENGTH * 20 * 4)/3) /* The same goes for OpenPGP keyblocks, but here we need to allow for much longer blocks; a 200k keyblock is not too unusual for keys with a lot of signatures (e.g. 0x5b0358a2). 9C31503C6D866396 even has 770 KiB as of 2015-08-23. To avoid adding a runtime option we now use 20MiB which should really be enough. Well, a key with several pictures could be larger (the parser as a 18MiB limit for attribute packets) but it won't be nice to the keyservers to send them such large blobs. */ #define MAX_KEYBLOCK_LENGTH (20*1024*1024) #define PARM_ERROR(t) assuan_set_error (ctx, \ gpg_error (GPG_ERR_ASS_PARAMETER), (t)) #define set_error(e,t) (ctx ? assuan_set_error (ctx, gpg_error (e), (t)) \ /**/: gpg_error (e)) /* Control structure per connection. */ struct server_local_s { /* Data used to associate an Assuan context with local server data */ assuan_context_t assuan_ctx; /* The session id (a counter). */ unsigned int session_id; /* Per-session LDAP servers. */ ldap_server_t ldapservers; /* Per-session list of keyservers. */ uri_item_t keyservers; /* If this flag is set to true this dirmngr process will be terminated after the end of this session. */ int stopme; /* State variable private to is_tor_running. */ int tor_state; /* If the first both flags are set the assuan logging of data lines * is suppressed. The count variable is used to show the number of * non-logged bytes. */ size_t inhibit_data_logging_count; unsigned int inhibit_data_logging : 1; unsigned int inhibit_data_logging_now : 1; }; /* Cookie definition for assuan data line output. */ static gpgrt_ssize_t data_line_cookie_write (void *cookie, const void *buffer, size_t size); static int data_line_cookie_close (void *cookie); static es_cookie_io_functions_t data_line_cookie_functions = { NULL, data_line_cookie_write, NULL, data_line_cookie_close }; /* Local prototypes */ static const char *task_check_wkd_support (ctrl_t ctrl, const char *domain); /* Accessor for the local ldapservers variable. */ ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl) { if (ctrl && ctrl->server_local) return ctrl->server_local->ldapservers; else return NULL; } /* Release an uri_item_t list. */ static void release_uri_item_list (uri_item_t list) { while (list) { uri_item_t tmp = list->next; http_release_parsed_uri (list->parsed_uri); xfree (list); list = tmp; } } /* Release all configured keyserver info from CTRL. */ void release_ctrl_keyservers (ctrl_t ctrl) { if (! ctrl->server_local) return; release_uri_item_list (ctrl->server_local->keyservers); ctrl->server_local->keyservers = NULL; } /* Helper to print a message while leaving a command. */ static gpg_error_t leave_cmd (assuan_context_t ctx, gpg_error_t err) { if (err) { const char *name = assuan_get_command_name (ctx); if (!name) name = "?"; if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT) log_error ("command '%s' failed: %s\n", name, gpg_strerror (err)); else log_error ("command '%s' failed: %s <%s>\n", name, gpg_strerror (err), gpg_strsource (err)); } return err; } /* This is a wrapper around assuan_send_data which makes debugging the output in verbose mode easier. */ static gpg_error_t data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size) { ctrl_t ctrl = assuan_get_pointer (ctx); const char *buffer = buffer_arg; gpg_error_t err; /* If we do not want logging, enable it here. */ if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging) ctrl->server_local->inhibit_data_logging_now = 1; if (opt.verbose && buffer && size) { /* Ease reading of output by sending a physical line at each LF. */ const char *p; size_t n, nbytes; nbytes = size; do { p = memchr (buffer, '\n', nbytes); n = p ? (p - buffer) + 1 : nbytes; err = assuan_send_data (ctx, buffer, n); if (err) { gpg_err_set_errno (EIO); goto leave; } buffer += n; nbytes -= n; if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */ { gpg_err_set_errno (EIO); goto leave; } } while (nbytes); } else { err = assuan_send_data (ctx, buffer, size); if (err) { gpg_err_set_errno (EIO); /* For use by data_line_cookie_write. */ goto leave; } } leave: if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging) { ctrl->server_local->inhibit_data_logging_now = 0; ctrl->server_local->inhibit_data_logging_count += size; } return err; } /* A write handler used by es_fopencookie to write assuan data lines. */ static gpgrt_ssize_t data_line_cookie_write (void *cookie, const void *buffer, size_t size) { assuan_context_t ctx = cookie; if (data_line_write (ctx, buffer, size)) return -1; return (gpgrt_ssize_t)size; } static int data_line_cookie_close (void *cookie) { assuan_context_t ctx = cookie; if (DBG_IPC) { ctrl_t ctrl = assuan_get_pointer (ctx); if (ctrl && ctrl->server_local && ctrl->server_local->inhibit_data_logging && ctrl->server_local->inhibit_data_logging_count) log_debug ("(%zu bytes sent via D lines not shown)\n", ctrl->server_local->inhibit_data_logging_count); } if (assuan_send_data (ctx, NULL, 0)) { gpg_err_set_errno (EIO); return -1; } return 0; } /* Copy the % and + escaped string S into the buffer D and replace the escape sequences. Note, that it is sufficient to allocate the target string D as long as the source string S, i.e.: strlen(s)+1. Note further that if S contains an escaped binary Nul the resulting string D will contain the 0 as well as all other characters but it will be impossible to know whether this is the original EOS or a copied Nul. */ static void strcpy_escaped_plus (char *d, const unsigned char *s) { while (*s) { if (*s == '%' && s[1] && s[2]) { s++; *d++ = xtoi_2 ( s); s += 2; } else if (*s == '+') *d++ = ' ', s++; else *d++ = *s++; } *d = 0; } /* This function returns true if a Tor server is running. The status * is cached for the current connection. */ static int is_tor_running (ctrl_t ctrl) { /* Check whether we can connect to the proxy. */ if (!ctrl || !ctrl->server_local) return 0; /* Ooops. */ if (!ctrl->server_local->tor_state) { assuan_fd_t sock; sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR); if (sock == ASSUAN_INVALID_FD) ctrl->server_local->tor_state = -1; /* Not running. */ else { assuan_sock_close (sock); ctrl->server_local->tor_state = 1; /* Running. */ } } return (ctrl->server_local->tor_state > 0); } /* Return an error if the assuan context does not belong to the owner of the process or to root. On error FAILTEXT is set as Assuan error string. */ static gpg_error_t check_owner_permission (assuan_context_t ctx, const char *failtext) { #ifdef HAVE_W32_SYSTEM /* Under Windows the dirmngr is always run under the control of the user. */ (void)ctx; (void)failtext; #else gpg_err_code_t ec; assuan_peercred_t cred; ec = gpg_err_code (assuan_get_peercred (ctx, &cred)); if (!ec && cred->uid && cred->uid != getuid ()) ec = GPG_ERR_EPERM; if (ec) return set_error (ec, failtext); #endif return 0; } /* Common code for get_cert_local and get_issuer_cert_local. */ static ksba_cert_t do_get_cert_local (ctrl_t ctrl, const char *name, const char *command) { unsigned char *value; size_t valuelen; int rc; char *buf; ksba_cert_t cert; buf = name? strconcat (command, " ", name, NULL) : xtrystrdup (command); if (!buf) rc = gpg_error_from_syserror (); else { rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf, &value, &valuelen, MAX_CERT_LENGTH); xfree (buf); } if (rc) { log_error (_("assuan_inquire(%s) failed: %s\n"), command, gpg_strerror (rc)); return NULL; } if (!valuelen) { xfree (value); return NULL; } rc = ksba_cert_new (&cert); if (!rc) { rc = ksba_cert_init_from_mem (cert, value, valuelen); if (rc) { ksba_cert_release (cert); cert = NULL; } } xfree (value); return cert; } /* Ask back to return a certificate for NAME, given as a regular gpgsm * certificate identifier (e.g. fingerprint or one of the other * methods). Alternatively, NULL may be used for NAME to return the * current target certificate. Either return the certificate in a * KSBA object or NULL if it is not available. */ ksba_cert_t get_cert_local (ctrl_t ctrl, const char *name) { if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx) { if (opt.debug) log_debug ("get_cert_local called w/o context\n"); return NULL; } return do_get_cert_local (ctrl, name, "SENDCERT"); } /* Ask back to return the issuing certificate for NAME, given as a * regular gpgsm certificate identifier (e.g. fingerprint or one * of the other methods). Alternatively, NULL may be used for NAME to * return the current target certificate. Either return the certificate * in a KSBA object or NULL if it is not available. */ ksba_cert_t get_issuing_cert_local (ctrl_t ctrl, const char *name) { if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx) { if (opt.debug) log_debug ("get_issuing_cert_local called w/o context\n"); return NULL; } return do_get_cert_local (ctrl, name, "SENDISSUERCERT"); } /* Ask back to return a certificate with subject NAME and a * subjectKeyIdentifier of KEYID. */ ksba_cert_t get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid) { unsigned char *value; size_t valuelen; int rc; char *buf; ksba_cert_t cert; char *hexkeyid; if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx) { if (opt.debug) log_debug ("get_cert_local_ski called w/o context\n"); return NULL; } if (!name || !keyid) { log_debug ("get_cert_local_ski called with insufficient arguments\n"); return NULL; } hexkeyid = serial_hex (keyid); if (!hexkeyid) { log_debug ("serial_hex() failed\n"); return NULL; } buf = strconcat ("SENDCERT_SKI ", hexkeyid, " /", name, NULL); if (!buf) { log_error ("can't allocate enough memory: %s\n", strerror (errno)); xfree (hexkeyid); return NULL; } xfree (hexkeyid); rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf, &value, &valuelen, MAX_CERT_LENGTH); xfree (buf); if (rc) { log_error (_("assuan_inquire(%s) failed: %s\n"), "SENDCERT_SKI", gpg_strerror (rc)); return NULL; } if (!valuelen) { xfree (value); return NULL; } rc = ksba_cert_new (&cert); if (!rc) { rc = ksba_cert_init_from_mem (cert, value, valuelen); if (rc) { ksba_cert_release (cert); cert = NULL; } } xfree (value); return cert; } /* Ask the client via an inquiry to check the istrusted status of the certificate specified by the hexified fingerprint HEXFPR. Returns 0 if the certificate is trusted by the client or an error code. */ gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr) { unsigned char *value; size_t valuelen; int rc; char request[100]; if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx || !hexfpr) return gpg_error (GPG_ERR_INV_ARG); snprintf (request, sizeof request, "ISTRUSTED %s", hexfpr); rc = assuan_inquire (ctrl->server_local->assuan_ctx, request, &value, &valuelen, 100); if (rc) { log_error (_("assuan_inquire(%s) failed: %s\n"), request, gpg_strerror (rc)); return rc; } /* The expected data is: "1" or "1 cruft" (not a C-string). */ if (valuelen && *value == '1' && (valuelen == 1 || spacep (value+1))) rc = 0; else rc = gpg_error (GPG_ERR_NOT_TRUSTED); xfree (value); return rc; } /* Ask the client to return the certificate associated with the current command. This is sometimes needed because the client usually sends us just the cert ID, assuming that the request can be satisfied from the cache, where the cert ID is used as key. */ static int inquire_cert_and_load_crl (assuan_context_t ctx) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; unsigned char *value = NULL; size_t valuelen; ksba_cert_t cert = NULL; err = assuan_inquire( ctx, "SENDCERT", &value, &valuelen, 0); if (err) return err; /* { */ /* FILE *fp = fopen ("foo.der", "r"); */ /* value = xmalloc (2000); */ /* valuelen = fread (value, 1, 2000, fp); */ /* fclose (fp); */ /* } */ if (!valuelen) /* No data returned; return a comprehensible error. */ return gpg_error (GPG_ERR_MISSING_CERT); err = ksba_cert_new (&cert); if (err) goto leave; err = ksba_cert_init_from_mem (cert, value, valuelen); if(err) goto leave; xfree (value); value = NULL; err = crl_cache_reload_crl (ctrl, cert); leave: ksba_cert_release (cert); xfree (value); return err; } /* Handle OPTION commands. */ static gpg_error_t option_handler (assuan_context_t ctx, const char *key, const char *value) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; if (!strcmp (key, "force-crl-refresh")) { int i = *value? atoi (value) : 0; ctrl->force_crl_refresh = i; } else if (!strcmp (key, "audit-events")) { int i = *value? atoi (value) : 0; ctrl->audit_events = i; } else if (!strcmp (key, "http-proxy")) { xfree (ctrl->http_proxy); if (!*value || !strcmp (value, "none")) ctrl->http_proxy = NULL; else if (!(ctrl->http_proxy = xtrystrdup (value))) err = gpg_error_from_syserror (); } else if (!strcmp (key, "honor-keyserver-url-used")) { /* Return an error if we are running in Tor mode. */ if (dirmngr_use_tor ()) err = gpg_error (GPG_ERR_FORBIDDEN); } else if (!strcmp (key, "http-crl")) { int i = *value? atoi (value) : 0; ctrl->http_no_crl = !i; } else err = gpg_error (GPG_ERR_UNKNOWN_OPTION); return err; } static const char hlp_dns_cert[] = "DNS_CERT \n" "DNS_CERT --pka \n" "DNS_CERT --dane \n" "\n" "Return the CERT record for . is one of\n" " * Return the first record of any supported subtype\n" " PGP Return the first record of subtype PGP (3)\n" " IPGP Return the first record of subtype IPGP (6)\n" "If the content of a certificate is available (PGP) it is returned\n" "by data lines. Fingerprints and URLs are returned via status lines.\n" "In --pka mode the fingerprint and if available an URL is returned.\n" "In --dane mode the key is returned from RR type 61"; static gpg_error_t cmd_dns_cert (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; int pka_mode, dane_mode; char *mbox = NULL; char *namebuf = NULL; char *encodedhash = NULL; const char *name; int certtype; char *p; void *key = NULL; size_t keylen; unsigned char *fpr = NULL; size_t fprlen; char *url = NULL; pka_mode = has_option (line, "--pka"); dane_mode = has_option (line, "--dane"); line = skip_options (line); if (pka_mode && dane_mode) { err = PARM_ERROR ("either --pka or --dane may be given"); goto leave; } if (pka_mode || dane_mode) ; /* No need to parse here - we do this later. */ else { p = strchr (line, ' '); if (!p) { err = PARM_ERROR ("missing arguments"); goto leave; } *p++ = 0; if (!strcmp (line, "*")) certtype = DNS_CERTTYPE_ANY; else if (!strcmp (line, "IPGP")) certtype = DNS_CERTTYPE_IPGP; else if (!strcmp (line, "PGP")) certtype = DNS_CERTTYPE_PGP; else { err = PARM_ERROR ("unknown subtype"); goto leave; } while (spacep (p)) p++; line = p; if (!*line) { err = PARM_ERROR ("name missing"); goto leave; } } if (pka_mode || dane_mode) { char *domain; /* Points to mbox. */ char hashbuf[32]; /* For SHA-1 and SHA-256. */ /* We lowercase ascii characters but the DANE I-D does not allow this. FIXME: Check after the release of the RFC whether to change this. */ mbox = mailbox_from_userid (line, 0); if (!mbox || !(domain = strchr (mbox, '@'))) { err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id"); goto leave; } *domain++ = 0; if (pka_mode) { gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox)); encodedhash = zb32_encode (hashbuf, 8*20); if (!encodedhash) { err = gpg_error_from_syserror (); goto leave; } namebuf = strconcat (encodedhash, "._pka.", domain, NULL); if (!namebuf) { err = gpg_error_from_syserror (); goto leave; } name = namebuf; certtype = DNS_CERTTYPE_IPGP; } else { /* Note: The hash is truncated to 28 bytes and we lowercase the result only for aesthetic reasons. */ gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, mbox, strlen (mbox)); encodedhash = bin2hex (hashbuf, 28, NULL); if (!encodedhash) { err = gpg_error_from_syserror (); goto leave; } ascii_strlwr (encodedhash); namebuf = strconcat (encodedhash, "._openpgpkey.", domain, NULL); if (!namebuf) { err = gpg_error_from_syserror (); goto leave; } name = namebuf; certtype = DNS_CERTTYPE_RR61; } } else name = line; err = get_dns_cert (ctrl, name, certtype, &key, &keylen, &fpr, &fprlen, &url); if (err) goto leave; if (key) { err = data_line_write (ctx, key, keylen); if (err) goto leave; } if (fpr) { char *tmpstr; tmpstr = bin2hex (fpr, fprlen, NULL); if (!tmpstr) err = gpg_error_from_syserror (); else { err = assuan_write_status (ctx, "FPR", tmpstr); xfree (tmpstr); } if (err) goto leave; } if (url) { err = assuan_write_status (ctx, "URL", url); if (err) goto leave; } leave: xfree (key); xfree (fpr); xfree (url); xfree (mbox); xfree (namebuf); xfree (encodedhash); return leave_cmd (ctx, err); } /* Core of cmd_wkd_get and task_check_wkd_support. If CTX is NULL * this function will not write anything to the assuan output. */ static gpg_error_t proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) { gpg_error_t err = 0; char *mbox = NULL; char *domainbuf = NULL; - char *domain; /* Points to mbox or domainbuf. */ - char *domain_orig;/* Points to mbox. */ + char *domain; /* Points to mbox or domainbuf. This is used to + * connect to the host. */ + char *domain_orig;/* Points to mbox. This is the used for the + * query; i.e. the domain part of the + * addrspec. */ char sha1buf[20]; char *uri = NULL; char *encodedhash = NULL; int opt_submission_addr; int opt_policy_flags; int is_wkd_query; /* True if this is a real WKD query. */ int no_log = 0; char portstr[20] = { 0 }; + int subdomain_mode = 0; opt_submission_addr = has_option (line, "--submission-address"); opt_policy_flags = has_option (line, "--policy-flags"); if (has_option (line, "--quick")) ctrl->timeout = opt.connect_quick_timeout; line = skip_options (line); is_wkd_query = !(opt_policy_flags || opt_submission_addr); mbox = mailbox_from_userid (line, 0); if (!mbox || !(domain = strchr (mbox, '@'))) { err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id"); goto leave; } *domain++ = 0; domain_orig = domain; - /* First check whether we already know that the domain does not + + /* Let's check whether we already know that the domain does not * support WKD. */ if (is_wkd_query) { if (domaininfo_is_wkd_not_supported (domain_orig)) { err = gpg_error (GPG_ERR_NO_DATA); goto leave; } } - /* Check for SRV records. */ - if (1) + + /* First try the new "openpgp" subdomain. We check that the domain + * is valid because it is later used as an unescaped filename part + * of the URI. */ + if (is_valid_domain_name (domain_orig)) + { + dns_addrinfo_t aibuf; + + domainbuf = strconcat ( "openpgpkey.", domain_orig, NULL); + if (!domainbuf) + { + err = gpg_error_from_syserror (); + goto leave; + } + + /* FIXME: We should put a cache into dns-stuff because the same + * query (with a different port and socket type, though) will be + * done later by http function. */ + err = resolve_dns_name (ctrl, domainbuf, 0, 0, 0, &aibuf, NULL); + if (err) + { + err = 0; + xfree (domainbuf); + domainbuf = NULL; + } + else /* Got a subdomain. */ + { + free_dns_addrinfo (aibuf); + subdomain_mode = 1; + domain = domainbuf; + } + } + + /* Check for SRV records unless we have a subdomain. */ + if (!subdomain_mode) { struct srventry *srvs; unsigned int srvscount; size_t domainlen, targetlen; int i; err = get_dns_srv (ctrl, domain, "openpgpkey", NULL, &srvs, &srvscount); if (err) goto leave; /* Check for rogue DNS names. */ for (i = 0; i < srvscount; i++) { if (!is_valid_domain_name (srvs[i].target)) { err = gpg_error (GPG_ERR_DNS_ADDRESS); log_error ("rogue openpgpkey SRV record for '%s'\n", domain); xfree (srvs); goto leave; } } /* Find the first target which also ends in DOMAIN or is equal * to DOMAIN. */ domainlen = strlen (domain); for (i = 0; i < srvscount; i++) { if (DBG_DNS) log_debug ("srv: trying '%s:%hu'\n", srvs[i].target, srvs[i].port); targetlen = strlen (srvs[i].target); if ((targetlen > domainlen + 1 && srvs[i].target[targetlen - domainlen - 1] == '.' && !ascii_strcasecmp (srvs[i].target + targetlen - domainlen, domain)) || (targetlen == domainlen && !ascii_strcasecmp (srvs[i].target, domain))) { /* found. */ domainbuf = xtrystrdup (srvs[i].target); if (!domainbuf) { err = gpg_error_from_syserror (); xfree (srvs); goto leave; } domain = domainbuf; if (srvs[i].port) snprintf (portstr, sizeof portstr, ":%hu", srvs[i].port); break; } } xfree (srvs); } + /* Prepare the hash of the local part. */ gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, mbox, strlen (mbox)); encodedhash = zb32_encode (sha1buf, 8*20); if (!encodedhash) { err = gpg_error_from_syserror (); goto leave; } if (opt_submission_addr) { uri = strconcat ("https://", domain, portstr, - "/.well-known/openpgpkey/submission-address", + "/.well-known/openpgpkey/", + subdomain_mode? domain_orig : "", + subdomain_mode? "/" : "", + "submission-address", NULL); } else if (opt_policy_flags) { uri = strconcat ("https://", domain, portstr, - "/.well-known/openpgpkey/policy", + "/.well-known/openpgpkey/", + subdomain_mode? domain_orig : "", + subdomain_mode? "/" : "", + "policy", NULL); } else { char *escapedmbox; escapedmbox = http_escape_string (mbox, "%;?&="); if (escapedmbox) { uri = strconcat ("https://", domain, portstr, - "/.well-known/openpgpkey/hu/", + "/.well-known/openpgpkey/", + subdomain_mode? domain_orig : "", + subdomain_mode? "/" : "", + "hu/", encodedhash, "?l=", escapedmbox, NULL); xfree (escapedmbox); no_log = 1; if (uri) { err = dirmngr_status_printf (ctrl, "SOURCE", "https://%s%s", domain, portstr); if (err) goto leave; } } } if (!uri) { err = gpg_error_from_syserror (); goto leave; } /* Setup an output stream and perform the get. */ { estream_t outfp; outfp = ctx? es_fopencookie (ctx, "w", data_line_cookie_functions) : NULL; if (!outfp && ctx) err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); else { if (ctrl->server_local) { if (no_log) ctrl->server_local->inhibit_data_logging = 1; ctrl->server_local->inhibit_data_logging_now = 0; ctrl->server_local->inhibit_data_logging_count = 0; } err = ks_action_fetch (ctrl, uri, outfp); es_fclose (outfp); if (ctrl->server_local) ctrl->server_local->inhibit_data_logging = 0; /* Register the result under the domain name of MBOX. */ switch (gpg_err_code (err)) { case 0: domaininfo_set_wkd_supported (domain_orig); break; case GPG_ERR_NO_NAME: /* There is no such domain. */ domaininfo_set_no_name (domain_orig); break; case GPG_ERR_NO_DATA: if (is_wkd_query && ctrl->server_local) { /* Mark that and schedule a check. */ domaininfo_set_wkd_not_found (domain_orig); workqueue_add_task (task_check_wkd_support, domain_orig, ctrl->server_local->session_id, 1); } else if (opt_policy_flags) /* No policy file - no support. */ domaininfo_set_wkd_not_supported (domain_orig); break; default: /* Don't register other errors. */ break; } } } leave: xfree (uri); xfree (encodedhash); xfree (mbox); xfree (domainbuf); return err; } static const char hlp_wkd_get[] = "WKD_GET [--submission-address|--policy-flags] \n" "\n" "Return the key or other info for \n" "from the Web Key Directory."; static gpg_error_t cmd_wkd_get (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; err = proc_wkd_get (ctrl, ctx, line); return leave_cmd (ctx, err); } /* A task to check whether DOMAIN supports WKD. This is done by * checking whether the policy flags file can be read. */ static const char * task_check_wkd_support (ctrl_t ctrl, const char *domain) { char *string; if (!ctrl || !domain) return "check_wkd_support"; string = strconcat ("--policy-flags foo@", domain, NULL); if (!string) log_error ("%s: %s\n", __func__, gpg_strerror (gpg_error_from_syserror ())); else { proc_wkd_get (ctrl, NULL, string); xfree (string); } return NULL; } static const char hlp_ldapserver[] = "LDAPSERVER \n" "\n" "Add a new LDAP server to the list of configured LDAP servers.\n" "DATA is in the same format as expected in the configure file."; static gpg_error_t cmd_ldapserver (assuan_context_t ctx, char *line) { #if USE_LDAP ctrl_t ctrl = assuan_get_pointer (ctx); ldap_server_t server; ldap_server_t *last_next_p; while (spacep (line)) line++; if (*line == '\0') return leave_cmd (ctx, PARM_ERROR (_("ldapserver missing"))); server = ldapserver_parse_one (line, "", 0); if (! server) return leave_cmd (ctx, gpg_error (GPG_ERR_INV_ARG)); last_next_p = &ctrl->server_local->ldapservers; while (*last_next_p) last_next_p = &(*last_next_p)->next; *last_next_p = server; return leave_cmd (ctx, 0); #else (void)line; return leave_cmd (ctx, gpg_error (GPG_ERR_NOT_IMPLEMENTED)); #endif } static const char hlp_isvalid[] = "ISVALID [--only-ocsp] [--force-default-responder]" " []\n" "\n" "This command checks whether the certificate identified by the\n" "certificate_id is valid. This is done by consulting CRLs or\n" "whatever has been configured. Note, that the returned error codes\n" "are from gpg-error.h. The command may callback using the inquire\n" "function. See the manual for details.\n" "\n" "The CERTIFICATE_ID is a hex encoded string consisting of two parts,\n" "delimited by a single dot. The first part is the SHA-1 hash of the\n" "issuer name and the second part the serial number.\n" "\n" "If an OCSP check is desired CERTIFICATE_FPR with the hex encoded\n" "fingerprint of the certificate is required. In this case an OCSP\n" "request is done before consulting the CRL.\n" "\n" "If the option --only-ocsp is given, no fallback to a CRL check will\n" "be used.\n" "\n" "If the option --force-default-responder is given, only the default\n" "OCSP responder will be used and any other methods of obtaining an\n" "OCSP responder URL won't be used."; static gpg_error_t cmd_isvalid (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); char *issuerhash, *serialno, *fpr; gpg_error_t err; int did_inquire = 0; int ocsp_mode = 0; int only_ocsp; int force_default_responder; only_ocsp = has_option (line, "--only-ocsp"); force_default_responder = has_option (line, "--force-default-responder"); line = skip_options (line); /* We need to work on a copy of the line because that same Assuan * context may be used for an inquiry. That is because Assuan * reuses its line buffer. */ issuerhash = xstrdup (line); serialno = strchr (issuerhash, '.'); if (!serialno) { xfree (issuerhash); return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID"))); } *serialno++ = 0; if (strlen (issuerhash) != 40) { xfree (issuerhash); return leave_cmd (ctx, PARM_ERROR ("cert ID is too short")); } fpr = strchr (serialno, ' '); while (fpr && spacep (fpr)) fpr++; if (fpr && *fpr) { char *endp = strchr (fpr, ' '); if (endp) *endp = 0; if (strlen (fpr) != 40) { xfree (issuerhash); return leave_cmd (ctx, PARM_ERROR ("fingerprint too short")); } ocsp_mode = 1; } again: if (ocsp_mode) { /* Note, that we currently ignore the supplied fingerprint FPR; * instead ocsp_isvalid does an inquire to ask for the cert. * The fingerprint may eventually be used to lookup the * certificate in a local cache. */ if (!opt.allow_ocsp) err = gpg_error (GPG_ERR_NOT_SUPPORTED); else err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder); if (gpg_err_code (err) == GPG_ERR_CONFIGURATION && gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR) { /* No default responder configured - fallback to CRL. */ if (!only_ocsp) log_info ("falling back to CRL check\n"); ocsp_mode = 0; goto again; } } else if (only_ocsp) err = gpg_error (GPG_ERR_NO_CRL_KNOWN); else { switch (crl_cache_isvalid (ctrl, issuerhash, serialno, ctrl->force_crl_refresh)) { case CRL_CACHE_VALID: err = 0; break; case CRL_CACHE_INVALID: err = gpg_error (GPG_ERR_CERT_REVOKED); break; case CRL_CACHE_DONTKNOW: if (did_inquire) err = gpg_error (GPG_ERR_NO_CRL_KNOWN); else if (!(err = inquire_cert_and_load_crl (ctx))) { did_inquire = 1; goto again; } break; case CRL_CACHE_CANTUSE: err = gpg_error (GPG_ERR_NO_CRL_KNOWN); break; default: log_fatal ("crl_cache_isvalid returned invalid code\n"); } } xfree (issuerhash); return leave_cmd (ctx, err); } /* If the line contains a SHA-1 fingerprint as the first argument, return the FPR vuffer on success. The function checks that the fingerprint consists of valid characters and prints and error message if it does not and returns NULL. Fingerprints are considered optional and thus no explicit error is returned. NULL is also returned if there is no fingerprint at all available. FPR must be a caller provided buffer of at least 20 bytes. Note that colons within the fingerprint are allowed to separate 2 hex digits; this allows for easier cutting and pasting using the usual fingerprint rendering. */ static unsigned char * get_fingerprint_from_line (const char *line, unsigned char *fpr) { const char *s; int i; for (s=line, i=0; *s && *s != ' '; s++ ) { if ( hexdigitp (s) && hexdigitp (s+1) ) { if ( i >= 20 ) return NULL; /* Fingerprint too long. */ fpr[i++] = xtoi_2 (s); s++; } else if ( *s != ':' ) return NULL; /* Invalid. */ } if ( i != 20 ) return NULL; /* Fingerprint to short. */ return fpr; } static const char hlp_checkcrl[] = "CHECKCRL []\n" "\n" "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n" "entire X.509 certificate blob) is valid or not by consulting the\n" "CRL responsible for this certificate. If the fingerprint has not\n" "been given or the certificate is not known, the function \n" "inquires the certificate using an\n" "\n" " INQUIRE TARGETCERT\n" "\n" "and the caller is expected to return the certificate for the\n" "request (which should match FINGERPRINT) as a binary blob.\n" "Processing then takes place without further interaction; in\n" "particular dirmngr tries to locate other required certificate by\n" "its own mechanism which includes a local certificate store as well\n" "as a list of trusted root certificates.\n" "\n" "The return value is the usual gpg-error code or 0 for ducesss;\n" "i.e. the certificate validity has been confirmed by a valid CRL."; static gpg_error_t cmd_checkcrl (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; unsigned char fprbuffer[20], *fpr; ksba_cert_t cert; fpr = get_fingerprint_from_line (line, fprbuffer); cert = fpr? get_cert_byfpr (fpr) : NULL; if (!cert) { /* We do not have this certificate yet or the fingerprint has not been given. Inquire it from the client. */ unsigned char *value = NULL; size_t valuelen; err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT", &value, &valuelen, MAX_CERT_LENGTH); if (err) { log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } if (!valuelen) /* No data returned; return a comprehensible error. */ err = gpg_error (GPG_ERR_MISSING_CERT); else { err = ksba_cert_new (&cert); if (!err) err = ksba_cert_init_from_mem (cert, value, valuelen); } xfree (value); if(err) goto leave; } assert (cert); err = crl_cache_cert_isvalid (ctrl, cert, ctrl->force_crl_refresh); if (gpg_err_code (err) == GPG_ERR_NO_CRL_KNOWN) { err = crl_cache_reload_crl (ctrl, cert); if (!err) err = crl_cache_cert_isvalid (ctrl, cert, 0); } leave: ksba_cert_release (cert); return leave_cmd (ctx, err); } static const char hlp_checkocsp[] = "CHECKOCSP [--force-default-responder] []\n" "\n" "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n" "entire X.509 certificate blob) is valid or not by asking an OCSP\n" "responder responsible for this certificate. The optional\n" "fingerprint may be used for a quick check in case an OCSP check has\n" "been done for this certificate recently (we always cache OCSP\n" "responses for a couple of minutes). If the fingerprint has not been\n" "given or there is no cached result, the function inquires the\n" "certificate using an\n" "\n" " INQUIRE TARGETCERT\n" "\n" "and the caller is expected to return the certificate for the\n" "request (which should match FINGERPRINT) as a binary blob.\n" "Processing then takes place without further interaction; in\n" "particular dirmngr tries to locate other required certificates by\n" "its own mechanism which includes a local certificate store as well\n" "as a list of trusted root certificates.\n" "\n" "If the option --force-default-responder is given, only the default\n" "OCSP responder will be used and any other methods of obtaining an\n" "OCSP responder URL won't be used.\n" "\n" "The return value is the usual gpg-error code or 0 for ducesss;\n" "i.e. the certificate validity has been confirmed by a valid CRL."; static gpg_error_t cmd_checkocsp (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; unsigned char fprbuffer[20], *fpr; ksba_cert_t cert; int force_default_responder; force_default_responder = has_option (line, "--force-default-responder"); line = skip_options (line); fpr = get_fingerprint_from_line (line, fprbuffer); cert = fpr? get_cert_byfpr (fpr) : NULL; if (!cert) { /* We do not have this certificate yet or the fingerprint has not been given. Inquire it from the client. */ unsigned char *value = NULL; size_t valuelen; err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT", &value, &valuelen, MAX_CERT_LENGTH); if (err) { log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } if (!valuelen) /* No data returned; return a comprehensible error. */ err = gpg_error (GPG_ERR_MISSING_CERT); else { err = ksba_cert_new (&cert); if (!err) err = ksba_cert_init_from_mem (cert, value, valuelen); } xfree (value); if(err) goto leave; } assert (cert); if (!opt.allow_ocsp) err = gpg_error (GPG_ERR_NOT_SUPPORTED); else err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder); leave: ksba_cert_release (cert); return leave_cmd (ctx, err); } static int lookup_cert_by_url (assuan_context_t ctx, const char *url) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; unsigned char *value = NULL; size_t valuelen; /* Fetch single certificate given it's URL. */ err = fetch_cert_by_url (ctrl, url, &value, &valuelen); if (err) { log_error (_("fetch_cert_by_url failed: %s\n"), gpg_strerror (err)); goto leave; } /* Send the data, flush the buffer and then send an END. */ err = assuan_send_data (ctx, value, valuelen); if (!err) err = assuan_send_data (ctx, NULL, 0); if (!err) err = assuan_write_line (ctx, "END"); if (err) { log_error (_("error sending data: %s\n"), gpg_strerror (err)); goto leave; } leave: return err; } /* Send the certificate, flush the buffer and then send an END. */ static gpg_error_t return_one_cert (void *opaque, ksba_cert_t cert) { assuan_context_t ctx = opaque; gpg_error_t err; const unsigned char *der; size_t derlen; der = ksba_cert_get_image (cert, &derlen); if (!der) err = gpg_error (GPG_ERR_INV_CERT_OBJ); else { err = assuan_send_data (ctx, der, derlen); if (!err) err = assuan_send_data (ctx, NULL, 0); if (!err) err = assuan_write_line (ctx, "END"); } if (err) log_error (_("error sending data: %s\n"), gpg_strerror (err)); return err; } /* Lookup certificates from the internal cache or using the ldap servers. */ static int lookup_cert_by_pattern (assuan_context_t ctx, char *line, int single, int cache_only) { gpg_error_t err = 0; char *p; strlist_t sl, list = NULL; int truncated = 0, truncation_forced = 0; int count = 0; int local_count = 0; #if USE_LDAP ctrl_t ctrl = assuan_get_pointer (ctx); unsigned char *value = NULL; size_t valuelen; struct ldapserver_iter ldapserver_iter; cert_fetch_context_t fetch_context; #endif /*USE_LDAP*/ int any_no_data = 0; /* Break the line down into an STRLIST */ for (p=line; *p; line = p) { while (*p && *p != ' ') p++; if (*p) *p++ = 0; if (*line) { sl = xtrymalloc (sizeof *sl + strlen (line)); if (!sl) { err = gpg_error_from_errno (errno); goto leave; } memset (sl, 0, sizeof *sl); strcpy_escaped_plus (sl->d, line); sl->next = list; list = sl; } } /* First look through the internal cache. The certificates returned here are not counted towards the truncation limit. */ if (single && !cache_only) ; /* Do not read from the local cache in this case. */ else { for (sl=list; sl; sl = sl->next) { err = get_certs_bypattern (sl->d, return_one_cert, ctx); if (!err) local_count++; if (!err && single) goto ready; if (gpg_err_code (err) == GPG_ERR_NO_DATA) { err = 0; if (cache_only) any_no_data = 1; } else if (gpg_err_code (err) == GPG_ERR_INV_NAME && !cache_only) { /* No real fault because the internal pattern lookup can't yet cope with all types of pattern. */ err = 0; } if (err) goto ready; } } /* Loop over all configured servers unless we want only the certificates from the cache. */ #if USE_LDAP for (ldapserver_iter_begin (&ldapserver_iter, ctrl); !cache_only && !ldapserver_iter_end_p (&ldapserver_iter) && ldapserver_iter.server->host && !truncation_forced; ldapserver_iter_next (&ldapserver_iter)) { ldap_server_t ldapserver = ldapserver_iter.server; if (DBG_LOOKUP) log_debug ("cmd_lookup: trying %s:%d base=%s\n", ldapserver->host, ldapserver->port, ldapserver->base?ldapserver->base : "[default]"); /* Fetch certificates matching pattern */ err = start_cert_fetch (ctrl, &fetch_context, list, ldapserver); if ( gpg_err_code (err) == GPG_ERR_NO_DATA ) { if (DBG_LOOKUP) log_debug ("cmd_lookup: no data\n"); err = 0; any_no_data = 1; continue; } if (err) { log_error (_("start_cert_fetch failed: %s\n"), gpg_strerror (err)); goto leave; } /* Fetch the certificates for this query. */ while (!truncation_forced) { xfree (value); value = NULL; err = fetch_next_cert (fetch_context, &value, &valuelen); if (gpg_err_code (err) == GPG_ERR_NO_DATA ) { err = 0; any_no_data = 1; break; /* Ready. */ } if (gpg_err_code (err) == GPG_ERR_TRUNCATED) { truncated = 1; err = 0; break; /* Ready. */ } if (gpg_err_code (err) == GPG_ERR_EOF) { err = 0; break; /* Ready. */ } if (!err && !value) { err = gpg_error (GPG_ERR_BUG); goto leave; } if (err) { log_error (_("fetch_next_cert failed: %s\n"), gpg_strerror (err)); end_cert_fetch (fetch_context); goto leave; } if (DBG_LOOKUP) log_debug ("cmd_lookup: returning one cert%s\n", truncated? " (truncated)":""); /* Send the data, flush the buffer and then send an END line as a certificate delimiter. */ err = assuan_send_data (ctx, value, valuelen); if (!err) err = assuan_send_data (ctx, NULL, 0); if (!err) err = assuan_write_line (ctx, "END"); if (err) { log_error (_("error sending data: %s\n"), gpg_strerror (err)); end_cert_fetch (fetch_context); goto leave; } if (++count >= opt.max_replies ) { truncation_forced = 1; log_info (_("max_replies %d exceeded\n"), opt.max_replies ); } if (single) break; } end_cert_fetch (fetch_context); } #endif /*USE_LDAP*/ ready: if (truncated || truncation_forced) { char str[50]; sprintf (str, "%d", count); assuan_write_status (ctx, "TRUNCATED", str); } if (!err && !count && !local_count && any_no_data) err = gpg_error (GPG_ERR_NO_DATA); leave: free_strlist (list); return err; } static const char hlp_lookup[] = "LOOKUP [--url] [--single] [--cache-only] \n" "\n" "Lookup certificates matching PATTERN. With --url the pattern is\n" "expected to be one URL.\n" "\n" "If --url is not given: To allow for multiple patterns (which are ORed)\n" "quoting is required: Spaces are translated to \"+\" or \"%20\";\n" "obviously this requires that the usual escape quoting rules are applied.\n" "\n" "If --url is given no special escaping is required because URLs are\n" "already escaped this way.\n" "\n" "If --single is given the first and only the first match will be\n" "returned. If --cache-only is _not_ given, no local query will be\n" "done.\n" "\n" "If --cache-only is given no external lookup is done so that only\n" "certificates from the cache may get returned."; static gpg_error_t cmd_lookup (assuan_context_t ctx, char *line) { gpg_error_t err; int lookup_url, single, cache_only; lookup_url = has_leading_option (line, "--url"); single = has_leading_option (line, "--single"); cache_only = has_leading_option (line, "--cache-only"); line = skip_options (line); if (lookup_url && cache_only) err = gpg_error (GPG_ERR_NOT_FOUND); else if (lookup_url && single) err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); else if (lookup_url) err = lookup_cert_by_url (ctx, line); else err = lookup_cert_by_pattern (ctx, line, single, cache_only); return leave_cmd (ctx, err); } static const char hlp_loadcrl[] = "LOADCRL [--url] \n" "\n" "Load the CRL in the file with name FILENAME into our cache. Note\n" "that FILENAME should be given with an absolute path because\n" "Dirmngrs cwd is not known. With --url the CRL is directly loaded\n" "from the given URL.\n" "\n" "This command is usually used by gpgsm using the invocation \"gpgsm\n" "--call-dirmngr loadcrl \". A direct invocation of Dirmngr\n" "is not useful because gpgsm might need to callback gpgsm to ask for\n" "the CA's certificate."; static gpg_error_t cmd_loadcrl (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; int use_url = has_leading_option (line, "--url"); line = skip_options (line); if (use_url) { ksba_reader_t reader; err = crl_fetch (ctrl, line, &reader); if (err) log_error (_("fetching CRL from '%s' failed: %s\n"), line, gpg_strerror (err)); else { err = crl_cache_insert (ctrl, line, reader); if (err) log_error (_("processing CRL from '%s' failed: %s\n"), line, gpg_strerror (err)); crl_close_reader (reader); } } else { char *buf; buf = xtrymalloc (strlen (line)+1); if (!buf) err = gpg_error_from_syserror (); else { strcpy_escaped_plus (buf, line); err = crl_cache_load (ctrl, buf); xfree (buf); } } return leave_cmd (ctx, err); } static const char hlp_listcrls[] = "LISTCRLS\n" "\n" "List the content of all CRLs in a readable format. This command is\n" "usually used by gpgsm using the invocation \"gpgsm --call-dirmngr\n" "listcrls\". It may also be used directly using \"dirmngr\n" "--list-crls\"."; static gpg_error_t cmd_listcrls (assuan_context_t ctx, char *line) { gpg_error_t err; estream_t fp; (void)line; fp = es_fopencookie (ctx, "w", data_line_cookie_functions); if (!fp) err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); else { err = crl_cache_list (fp); es_fclose (fp); } return leave_cmd (ctx, err); } static const char hlp_cachecert[] = "CACHECERT\n" "\n" "Put a certificate into the internal cache. This command might be\n" "useful if a client knows in advance certificates required for a\n" "test and wants to make sure they get added to the internal cache.\n" "It is also helpful for debugging. To get the actual certificate,\n" "this command immediately inquires it using\n" "\n" " INQUIRE TARGETCERT\n" "\n" "and the caller is expected to return the certificate for the\n" "request as a binary blob."; static gpg_error_t cmd_cachecert (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; ksba_cert_t cert = NULL; unsigned char *value = NULL; size_t valuelen; (void)line; err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT", &value, &valuelen, MAX_CERT_LENGTH); if (err) { log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } if (!valuelen) /* No data returned; return a comprehensible error. */ err = gpg_error (GPG_ERR_MISSING_CERT); else { err = ksba_cert_new (&cert); if (!err) err = ksba_cert_init_from_mem (cert, value, valuelen); } xfree (value); if(err) goto leave; err = cache_cert (cert); leave: ksba_cert_release (cert); return leave_cmd (ctx, err); } static const char hlp_validate[] = "VALIDATE [--systrust] [--tls] [--no-crl]\n" "\n" "Validate a certificate using the certificate validation function\n" "used internally by dirmngr. This command is only useful for\n" "debugging. To get the actual certificate, this command immediately\n" "inquires it using\n" "\n" " INQUIRE TARGETCERT\n" "\n" "and the caller is expected to return the certificate for the\n" "request as a binary blob. The option --tls modifies this by asking\n" "for list of certificates with\n" "\n" " INQUIRE CERTLIST\n" "\n" "Here the first certificate is the target certificate, the remaining\n" "certificates are suggested intermediary certificates. All certificates\n" "need to be PEM encoded.\n" "\n" "The option --systrust changes the behaviour to include the system\n" "provided root certificates as trust anchors. The option --no-crl\n" "skips CRL checks"; static gpg_error_t cmd_validate (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; ksba_cert_t cert = NULL; certlist_t certlist = NULL; unsigned char *value = NULL; size_t valuelen; int systrust_mode, tls_mode, no_crl; systrust_mode = has_option (line, "--systrust"); tls_mode = has_option (line, "--tls"); no_crl = has_option (line, "--no-crl"); line = skip_options (line); if (tls_mode) err = assuan_inquire (ctrl->server_local->assuan_ctx, "CERTLIST", &value, &valuelen, MAX_CERTLIST_LENGTH); else err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT", &value, &valuelen, MAX_CERT_LENGTH); if (err) { log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } if (!valuelen) /* No data returned; return a comprehensible error. */ err = gpg_error (GPG_ERR_MISSING_CERT); else if (tls_mode) { estream_t fp; fp = es_fopenmem_init (0, "rb", value, valuelen); if (!fp) err = gpg_error_from_syserror (); else { err = read_certlist_from_stream (&certlist, fp); es_fclose (fp); if (!err && !certlist) err = gpg_error (GPG_ERR_MISSING_CERT); if (!err) { /* Extract the first certificate from the list. */ cert = certlist->cert; ksba_cert_ref (cert); } } } else { err = ksba_cert_new (&cert); if (!err) err = ksba_cert_init_from_mem (cert, value, valuelen); } xfree (value); if(err) goto leave; if (!tls_mode) { /* If we have this certificate already in our cache, use the * cached version for validation because this will take care of * any cached results. We don't need to do this in tls mode * because this has already been done for certificate in a * certlist_t. */ unsigned char fpr[20]; ksba_cert_t tmpcert; cert_compute_fpr (cert, fpr); tmpcert = get_cert_byfpr (fpr); if (tmpcert) { ksba_cert_release (cert); cert = tmpcert; } } /* Quick hack to make verification work by inserting the supplied * certs into the cache. */ if (tls_mode && certlist) { certlist_t cl; for (cl = certlist->next; cl; cl = cl->next) cache_cert (cl->cert); } err = validate_cert_chain (ctrl, cert, NULL, (VALIDATE_FLAG_TRUST_CONFIG | (tls_mode ? VALIDATE_FLAG_TLS : 0) | (systrust_mode ? VALIDATE_FLAG_TRUST_SYSTEM : 0) | (no_crl ? VALIDATE_FLAG_NOCRLCHECK : 0)), NULL); leave: ksba_cert_release (cert); release_certlist (certlist); return leave_cmd (ctx, err); } /* Parse an keyserver URI and store it in a new uri item which is returned at R_ITEM. On error return an error code. */ static gpg_error_t make_keyserver_item (const char *uri, uri_item_t *r_item) { gpg_error_t err; uri_item_t item; *r_item = NULL; /* We used to have DNS CNAME redirection from the URLs below to * sks-keyserver. pools. The idea was to allow for a quick way to * switch to a different set of pools. The problem with that * approach is that TLS needs to verify the hostname and - because * DNS is not secured - it can only check the user supplied hostname * and not a hostname from a CNAME RR. Thus the final server all * need to have certificates with the actual pool name as well as * for keys.gnupg.net - that would render the advantage of * keys.gnupg.net useless and so we better give up on this. Because * the keys.gnupg.net URL are still in widespread use we do a static * mapping here. */ if (!strcmp (uri, "hkps://keys.gnupg.net") || !strcmp (uri, "keys.gnupg.net")) uri = "hkps://hkps.pool.sks-keyservers.net"; else if (!strcmp (uri, "https://keys.gnupg.net")) uri = "https://hkps.pool.sks-keyservers.net"; else if (!strcmp (uri, "hkp://keys.gnupg.net")) uri = "hkp://hkps.pool.sks-keyservers.net"; else if (!strcmp (uri, "http://keys.gnupg.net")) uri = "http://hkps.pool.sks-keyservers.net"; else if (!strcmp (uri, "hkps://http-keys.gnupg.net") || !strcmp (uri, "http-keys.gnupg.net")) uri = "hkps://ha.pool.sks-keyservers.net"; else if (!strcmp (uri, "https://http-keys.gnupg.net")) uri = "https://ha.pool.sks-keyservers.net"; else if (!strcmp (uri, "hkp://http-keys.gnupg.net")) uri = "hkp://ha.pool.sks-keyservers.net"; else if (!strcmp (uri, "http://http-keys.gnupg.net")) uri = "http://ha.pool.sks-keyservers.net"; item = xtrymalloc (sizeof *item + strlen (uri)); if (!item) return gpg_error_from_syserror (); item->next = NULL; item->parsed_uri = NULL; strcpy (item->uri, uri); #if USE_LDAP if (ldap_uri_p (item->uri)) err = ldap_parse_uri (&item->parsed_uri, uri); else #endif { err = http_parse_uri (&item->parsed_uri, uri, 1); } if (err) xfree (item); else *r_item = item; return err; } /* If no keyserver is stored in CTRL but a global keyserver has been set, put that global keyserver into CTRL. We need use this function to help migrate from the old gpg based keyserver configuration to the new dirmngr based configuration. */ static gpg_error_t ensure_keyserver (ctrl_t ctrl) { gpg_error_t err; uri_item_t item; uri_item_t onion_items = NULL; uri_item_t plain_items = NULL; uri_item_t ui; strlist_t sl; if (ctrl->server_local->keyservers) return 0; /* Already set for this session. */ if (!opt.keyserver) { /* No global option set. Fall back to default: */ return make_keyserver_item (DIRMNGR_DEFAULT_KEYSERVER, &ctrl->server_local->keyservers); } for (sl = opt.keyserver; sl; sl = sl->next) { err = make_keyserver_item (sl->d, &item); if (err) goto leave; if (item->parsed_uri->onion) { item->next = onion_items; onion_items = item; } else { item->next = plain_items; plain_items = item; } } /* Decide which to use. Note that the session has no keyservers yet set. */ if (onion_items && !onion_items->next && plain_items && !plain_items->next) { /* If there is just one onion and one plain keyserver given, we take only one depending on whether Tor is running or not. */ if (is_tor_running (ctrl)) { ctrl->server_local->keyservers = onion_items; onion_items = NULL; } else { ctrl->server_local->keyservers = plain_items; plain_items = NULL; } } else if (!is_tor_running (ctrl)) { /* Tor is not running. It does not make sense to add Onion addresses. */ ctrl->server_local->keyservers = plain_items; plain_items = NULL; } else { /* In all other cases add all keyservers. */ ctrl->server_local->keyservers = onion_items; onion_items = NULL; for (ui = ctrl->server_local->keyservers; ui && ui->next; ui = ui->next) ; if (ui) ui->next = plain_items; else ctrl->server_local->keyservers = plain_items; plain_items = NULL; } leave: release_uri_item_list (onion_items); release_uri_item_list (plain_items); return err; } static const char hlp_keyserver[] = "KEYSERVER [] [|]\n" "Options are:\n" " --help\n" " --clear Remove all configured keyservers\n" " --resolve Resolve HKP host names and rotate\n" " --hosttable Print table of known hosts and pools\n" " --dead Mark as dead\n" " --alive Mark as alive\n" "\n" "If called without arguments list all configured keyserver URLs.\n" "If called with an URI add this as keyserver. Note that keyservers\n" "are configured on a per-session base. A default keyserver may already be\n" "present, thus the \"--clear\" option must be used to get full control.\n" "If \"--clear\" and an URI are used together the clear command is\n" "obviously executed first. A RESET command does not change the list\n" "of configured keyservers."; static gpg_error_t cmd_keyserver (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; int clear_flag, add_flag, help_flag, host_flag, resolve_flag; int dead_flag, alive_flag; uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it is always initialized. */ clear_flag = has_option (line, "--clear"); help_flag = has_option (line, "--help"); resolve_flag = has_option (line, "--resolve"); host_flag = has_option (line, "--hosttable"); dead_flag = has_option (line, "--dead"); alive_flag = has_option (line, "--alive"); line = skip_options (line); add_flag = !!*line; if (help_flag) { err = ks_action_help (ctrl, line); goto leave; } if (resolve_flag) { err = ensure_keyserver (ctrl); if (err) { assuan_set_error (ctx, err, "Bad keyserver configuration in dirmngr.conf"); goto leave; } err = ks_action_resolve (ctrl, ctrl->server_local->keyservers); if (err) goto leave; } if (alive_flag && dead_flag) { err = set_error (GPG_ERR_ASS_PARAMETER, "no support for zombies"); goto leave; } if (dead_flag) { err = check_owner_permission (ctx, "no permission to use --dead"); if (err) goto leave; } if (alive_flag || dead_flag) { if (!*line) { err = set_error (GPG_ERR_ASS_PARAMETER, "name of host missing"); goto leave; } err = ks_hkp_mark_host (ctrl, line, alive_flag); if (err) goto leave; } if (host_flag) { err = ks_hkp_print_hosttable (ctrl); if (err) goto leave; } if (resolve_flag || host_flag || alive_flag || dead_flag) goto leave; if (add_flag) { err = make_keyserver_item (line, &item); if (err) goto leave; } if (clear_flag) release_ctrl_keyservers (ctrl); if (add_flag) { item->next = ctrl->server_local->keyservers; ctrl->server_local->keyservers = item; } if (!add_flag && !clear_flag && !help_flag) { /* List configured keyservers. However, we first add a global keyserver. */ uri_item_t u; err = ensure_keyserver (ctrl); if (err) { assuan_set_error (ctx, err, "Bad keyserver configuration in dirmngr.conf"); goto leave; } for (u=ctrl->server_local->keyservers; u; u = u->next) dirmngr_status (ctrl, "KEYSERVER", u->uri, NULL); } err = 0; leave: return leave_cmd (ctx, err); } static const char hlp_ks_search[] = "KS_SEARCH {}\n" "\n" "Search the configured OpenPGP keyservers (see command KEYSERVER)\n" "for keys matching PATTERN"; static gpg_error_t cmd_ks_search (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; strlist_t list, sl; char *p; estream_t outfp; if (has_option (line, "--quick")) ctrl->timeout = opt.connect_quick_timeout; line = skip_options (line); /* Break the line down into an strlist. Each pattern is percent-plus escaped. */ list = NULL; for (p=line; *p; line = p) { while (*p && *p != ' ') p++; if (*p) *p++ = 0; if (*line) { sl = xtrymalloc (sizeof *sl + strlen (line)); if (!sl) { err = gpg_error_from_syserror (); goto leave; } sl->flags = 0; strcpy_escaped_plus (sl->d, line); sl->next = list; list = sl; } } err = ensure_keyserver (ctrl); if (err) goto leave; /* Setup an output stream and perform the search. */ outfp = es_fopencookie (ctx, "w", data_line_cookie_functions); if (!outfp) err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); else { err = ks_action_search (ctrl, ctrl->server_local->keyservers, list, outfp); es_fclose (outfp); } leave: free_strlist (list); return leave_cmd (ctx, err); } static const char hlp_ks_get[] = "KS_GET {}\n" "\n" "Get the keys matching PATTERN from the configured OpenPGP keyservers\n" "(see command KEYSERVER). Each pattern should be a keyid, a fingerprint,\n" "or an exact name indicated by the '=' prefix."; static gpg_error_t cmd_ks_get (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; strlist_t list, sl; char *p; estream_t outfp; if (has_option (line, "--quick")) ctrl->timeout = opt.connect_quick_timeout; line = skip_options (line); /* Break the line into a strlist. Each pattern is by definition percent-plus escaped. However we only support keyids and fingerprints and thus the client has no need to apply the escaping. */ list = NULL; for (p=line; *p; line = p) { while (*p && *p != ' ') p++; if (*p) *p++ = 0; if (*line) { sl = xtrymalloc (sizeof *sl + strlen (line)); if (!sl) { err = gpg_error_from_syserror (); goto leave; } sl->flags = 0; strcpy_escaped_plus (sl->d, line); sl->next = list; list = sl; } } err = ensure_keyserver (ctrl); if (err) goto leave; /* Setup an output stream and perform the get. */ outfp = es_fopencookie (ctx, "w", data_line_cookie_functions); if (!outfp) err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); else { ctrl->server_local->inhibit_data_logging = 1; ctrl->server_local->inhibit_data_logging_now = 0; ctrl->server_local->inhibit_data_logging_count = 0; err = ks_action_get (ctrl, ctrl->server_local->keyservers, list, outfp); es_fclose (outfp); ctrl->server_local->inhibit_data_logging = 0; } leave: free_strlist (list); return leave_cmd (ctx, err); } static const char hlp_ks_fetch[] = "KS_FETCH \n" "\n" "Get the key(s) from URL."; static gpg_error_t cmd_ks_fetch (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; estream_t outfp; if (has_option (line, "--quick")) ctrl->timeout = opt.connect_quick_timeout; line = skip_options (line); err = ensure_keyserver (ctrl); /* FIXME: Why do we needs this here? */ if (err) goto leave; /* Setup an output stream and perform the get. */ outfp = es_fopencookie (ctx, "w", data_line_cookie_functions); if (!outfp) err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); else { ctrl->server_local->inhibit_data_logging = 1; ctrl->server_local->inhibit_data_logging_now = 0; ctrl->server_local->inhibit_data_logging_count = 0; err = ks_action_fetch (ctrl, line, outfp); es_fclose (outfp); ctrl->server_local->inhibit_data_logging = 0; } leave: return leave_cmd (ctx, err); } static const char hlp_ks_put[] = "KS_PUT\n" "\n" "Send a key to the configured OpenPGP keyservers. The actual key material\n" "is then requested by Dirmngr using\n" "\n" " INQUIRE KEYBLOCK\n" "\n" "The client shall respond with a binary version of the keyblock (e.g.,\n" "the output of `gpg --export KEYID'). For LDAP\n" "keyservers Dirmngr may ask for meta information of the provided keyblock\n" "using:\n" "\n" " INQUIRE KEYBLOCK_INFO\n" "\n" "The client shall respond with a colon delimited info lines (the output\n" "of 'for x in keys sigs; do gpg --list-$x --with-colons KEYID; done').\n"; static gpg_error_t cmd_ks_put (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; unsigned char *value = NULL; size_t valuelen; unsigned char *info = NULL; size_t infolen; /* No options for now. */ line = skip_options (line); err = ensure_keyserver (ctrl); if (err) goto leave; /* Ask for the key material. */ err = assuan_inquire (ctx, "KEYBLOCK", &value, &valuelen, MAX_KEYBLOCK_LENGTH); if (err) { log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } if (!valuelen) /* No data returned; return a comprehensible error. */ { err = gpg_error (GPG_ERR_MISSING_CERT); goto leave; } /* Ask for the key meta data. Not actually needed for HKP servers but we do it anyway to test the client implementation. */ err = assuan_inquire (ctx, "KEYBLOCK_INFO", &info, &infolen, MAX_KEYBLOCK_LENGTH); if (err) { log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } /* Send the key. */ err = ks_action_put (ctrl, ctrl->server_local->keyservers, value, valuelen, info, infolen); leave: xfree (info); xfree (value); return leave_cmd (ctx, err); } static const char hlp_loadswdb[] = "LOADSWDB [--force]\n" "\n" "Load and verify the swdb.lst from the Net."; static gpg_error_t cmd_loadswdb (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; err = dirmngr_load_swdb (ctrl, has_option (line, "--force")); return leave_cmd (ctx, err); } static const char hlp_getinfo[] = "GETINFO \n" "\n" "Multi purpose command to return certain information. \n" "Supported values of WHAT are:\n" "\n" "version - Return the version of the program.\n" "pid - Return the process id of the server.\n" "tor - Return OK if running in Tor mode\n" "dnsinfo - Return info about the DNS resolver\n" "socket_name - Return the name of the socket.\n" "session_id - Return the current session_id.\n" "workqueue - Inspect the work queue\n" "getenv NAME - Return value of envvar NAME\n"; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; char numbuf[50]; if (!strcmp (line, "version")) { const char *s = VERSION; err = assuan_send_data (ctx, s, strlen (s)); } else if (!strcmp (line, "pid")) { snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ()); err = assuan_send_data (ctx, numbuf, strlen (numbuf)); } else if (!strcmp (line, "socket_name")) { const char *s = dirmngr_get_current_socket_name (); err = assuan_send_data (ctx, s, strlen (s)); } else if (!strcmp (line, "session_id")) { snprintf (numbuf, sizeof numbuf, "%u", ctrl->server_local->session_id); err = assuan_send_data (ctx, numbuf, strlen (numbuf)); } else if (!strcmp (line, "tor")) { int use_tor; use_tor = dirmngr_use_tor (); if (use_tor) { if (!is_tor_running (ctrl)) err = assuan_write_status (ctx, "NO_TOR", "Tor not running"); else err = 0; if (!err) assuan_set_okay_line (ctx, use_tor == 1 ? "- Tor mode is enabled" /**/ : "- Tor mode is enforced"); } else err = set_error (GPG_ERR_FALSE, "Tor mode is NOT enabled"); } else if (!strcmp (line, "dnsinfo")) { if (standard_resolver_p ()) assuan_set_okay_line (ctx, "- Forced use of System resolver (w/o Tor support)"); else { #ifdef USE_LIBDNS assuan_set_okay_line (ctx, (recursive_resolver_p () ? "- Libdns recursive resolver" : "- Libdns stub resolver")); #else assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)"); #endif } err = 0; } else if (!strcmp (line, "workqueue")) { workqueue_dump_queue (ctrl); err = 0; } else if (!strncmp (line, "getenv", 6) && (line[6] == ' ' || line[6] == '\t' || !line[6])) { line += 6; while (*line == ' ' || *line == '\t') line++; if (!*line) err = gpg_error (GPG_ERR_MISSING_VALUE); else { const char *s = getenv (line); if (!s) err = set_error (GPG_ERR_NOT_FOUND, "No such envvar"); else err = assuan_send_data (ctx, s, strlen (s)); } } else err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); return leave_cmd (ctx, err); } static const char hlp_killdirmngr[] = "KILLDIRMNGR\n" "\n" "This command allows a user - given sufficient permissions -\n" "to kill this dirmngr process.\n"; static gpg_error_t cmd_killdirmngr (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); (void)line; ctrl->server_local->stopme = 1; assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1); return gpg_error (GPG_ERR_EOF); } static const char hlp_reloaddirmngr[] = "RELOADDIRMNGR\n" "\n" "This command is an alternative to SIGHUP\n" "to reload the configuration."; static gpg_error_t cmd_reloaddirmngr (assuan_context_t ctx, char *line) { (void)ctx; (void)line; dirmngr_sighup_action (); return 0; } static const char hlp_flushcrls[] = "FLUSHCRLS\n" "\n" "Remove all cached CRLs from memory and\n" "the file system."; static gpg_error_t cmd_flushcrls (assuan_context_t ctx, char *line) { (void)line; return leave_cmd (ctx, crl_cache_flush () ? GPG_ERR_GENERAL : 0); } /* Tell the assuan library about our commands. */ static int register_commands (assuan_context_t ctx) { static struct { const char *name; assuan_handler_t handler; const char * const help; } table[] = { { "DNS_CERT", cmd_dns_cert, hlp_dns_cert }, { "WKD_GET", cmd_wkd_get, hlp_wkd_get }, { "LDAPSERVER", cmd_ldapserver, hlp_ldapserver }, { "ISVALID", cmd_isvalid, hlp_isvalid }, { "CHECKCRL", cmd_checkcrl, hlp_checkcrl }, { "CHECKOCSP", cmd_checkocsp, hlp_checkocsp }, { "LOOKUP", cmd_lookup, hlp_lookup }, { "LOADCRL", cmd_loadcrl, hlp_loadcrl }, { "LISTCRLS", cmd_listcrls, hlp_listcrls }, { "CACHECERT", cmd_cachecert, hlp_cachecert }, { "VALIDATE", cmd_validate, hlp_validate }, { "KEYSERVER", cmd_keyserver, hlp_keyserver }, { "KS_SEARCH", cmd_ks_search, hlp_ks_search }, { "KS_GET", cmd_ks_get, hlp_ks_get }, { "KS_FETCH", cmd_ks_fetch, hlp_ks_fetch }, { "KS_PUT", cmd_ks_put, hlp_ks_put }, { "GETINFO", cmd_getinfo, hlp_getinfo }, { "LOADSWDB", cmd_loadswdb, hlp_loadswdb }, { "KILLDIRMNGR",cmd_killdirmngr,hlp_killdirmngr }, { "RELOADDIRMNGR",cmd_reloaddirmngr,hlp_reloaddirmngr }, { "FLUSHCRLS", cmd_flushcrls, hlp_flushcrls }, { NULL, NULL } }; int i, j, rc; for (i=j=0; table[i].name; i++) { rc = assuan_register_command (ctx, table[i].name, table[i].handler, table[i].help); if (rc) return rc; } return 0; } /* Note that we do not reset the list of configured keyservers. */ static gpg_error_t reset_notify (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); (void)line; #if USE_LDAP ldapserver_list_free (ctrl->server_local->ldapservers); #endif /*USE_LDAP*/ ctrl->server_local->ldapservers = NULL; return 0; } /* This function is called by our assuan log handler to test whether a * log message shall really be printed. The function must return * false to inhibit the logging of MSG. CAT gives the requested log * category. MSG might be NULL. */ int dirmngr_assuan_log_monitor (assuan_context_t ctx, unsigned int cat, const char *msg) { ctrl_t ctrl = assuan_get_pointer (ctx); (void)cat; (void)msg; if (!ctrl || !ctrl->server_local) return 1; /* Can't decide - allow logging. */ if (!ctrl->server_local->inhibit_data_logging) return 1; /* Not requested - allow logging. */ /* Disallow logging if *_now is true. */ return !ctrl->server_local->inhibit_data_logging_now; } /* Startup the server and run the main command loop. With FD = -1, * use stdin/stdout. SESSION_ID is either 0 or a unique number * identifying a session. */ void start_command_handler (assuan_fd_t fd, unsigned int session_id) { static const char hello[] = "Dirmngr " VERSION " at your service"; static char *hello_line; int rc; assuan_context_t ctx; ctrl_t ctrl; ctrl = xtrycalloc (1, sizeof *ctrl); if (ctrl) ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local); if (!ctrl || !ctrl->server_local) { log_error (_("can't allocate control structure: %s\n"), strerror (errno)); xfree (ctrl); return; } dirmngr_init_default_ctrl (ctrl); rc = assuan_new (&ctx); if (rc) { log_error (_("failed to allocate assuan context: %s\n"), gpg_strerror (rc)); dirmngr_exit (2); } if (fd == ASSUAN_INVALID_FD) { assuan_fd_t filedes[2]; filedes[0] = assuan_fdopen (0); filedes[1] = assuan_fdopen (1); rc = assuan_init_pipe_server (ctx, filedes); } else { rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED); } if (rc) { assuan_release (ctx); log_error (_("failed to initialize the server: %s\n"), gpg_strerror(rc)); dirmngr_exit (2); } rc = register_commands (ctx); if (rc) { log_error (_("failed to the register commands with Assuan: %s\n"), gpg_strerror(rc)); dirmngr_exit (2); } if (!hello_line) { hello_line = xtryasprintf ("Home: %s\n" "Config: %s\n" "%s", gnupg_homedir (), opt.config_filename? opt.config_filename : "[none]", hello); } ctrl->server_local->assuan_ctx = ctx; assuan_set_pointer (ctx, ctrl); assuan_set_hello_line (ctx, hello_line); assuan_register_option_handler (ctx, option_handler); assuan_register_reset_notify (ctx, reset_notify); ctrl->server_local->session_id = session_id; for (;;) { rc = assuan_accept (ctx); if (rc == -1) break; if (rc) { log_info (_("Assuan accept problem: %s\n"), gpg_strerror (rc)); break; } #ifndef HAVE_W32_SYSTEM if (opt.verbose) { assuan_peercred_t peercred; if (!assuan_get_peercred (ctx, &peercred)) log_info ("connection from process %ld (%ld:%ld)\n", (long)peercred->pid, (long)peercred->uid, (long)peercred->gid); } #endif rc = assuan_process (ctx); if (rc) { log_info (_("Assuan processing failed: %s\n"), gpg_strerror (rc)); continue; } } #if USE_LDAP ldap_wrapper_connection_cleanup (ctrl); ldapserver_list_free (ctrl->server_local->ldapservers); #endif /*USE_LDAP*/ ctrl->server_local->ldapservers = NULL; release_ctrl_keyservers (ctrl); ctrl->server_local->assuan_ctx = NULL; assuan_release (ctx); if (ctrl->server_local->stopme) dirmngr_exit (0); if (ctrl->refcount) log_error ("oops: connection control structure still referenced (%d)\n", ctrl->refcount); else { release_ctrl_ocsp_certs (ctrl); xfree (ctrl->server_local); dirmngr_deinit_default_ctrl (ctrl); xfree (ctrl); } } /* Send a status line back to the client. KEYWORD is the status keyword, the optional string arguments are blank separated added to the line, the last argument must be a NULL. */ gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...) { gpg_error_t err = 0; va_list arg_ptr; assuan_context_t ctx; va_start (arg_ptr, keyword); if (ctrl->server_local && (ctx = ctrl->server_local->assuan_ctx)) { err = vprint_assuan_status_strings (ctx, keyword, arg_ptr); } va_end (arg_ptr); return err; } /* Print a help status line. The function splits text at LFs. */ gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text) { gpg_error_t err = 0; assuan_context_t ctx; if (ctrl->server_local && (ctx = ctrl->server_local->assuan_ctx)) { char buf[950], *p; size_t n; do { p = buf; n = 0; for ( ; *text && *text != '\n' && n < DIM (buf)-2; n++) *p++ = *text++; if (*text == '\n') text++; *p = 0; err = assuan_write_status (ctx, "#", buf); } while (!err && *text); } return err; } /* Print a help status line using a printf like format. The function * splits text at LFs. */ gpg_error_t dirmngr_status_helpf (ctrl_t ctrl, const char *format, ...) { va_list arg_ptr; gpg_error_t err; char *buf; va_start (arg_ptr, format); buf = es_vbsprintf (format, arg_ptr); err = buf? 0 : gpg_error_from_syserror (); va_end (arg_ptr); if (!err) err = dirmngr_status_help (ctrl, buf); es_free (buf); return err; } /* This function is similar to print_assuan_status but takes a CTRL * arg instead of an assuan context as first argument. */ gpg_error_t dirmngr_status_printf (ctrl_t ctrl, const char *keyword, const char *format, ...) { gpg_error_t err; va_list arg_ptr; assuan_context_t ctx; if (!ctrl || !ctrl->server_local || !(ctx = ctrl->server_local->assuan_ctx)) return 0; va_start (arg_ptr, format); err = vprint_assuan_status (ctx, keyword, format, arg_ptr); va_end (arg_ptr); return err; } /* Send a tick progress indicator back. Fixme: This is only done for the currently active channel. */ gpg_error_t dirmngr_tick (ctrl_t ctrl) { static time_t next_tick = 0; gpg_error_t err = 0; time_t now = time (NULL); if (!next_tick) { next_tick = now + 1; } else if ( now > next_tick ) { if (ctrl) { err = dirmngr_status (ctrl, "PROGRESS", "tick", "? 0 0", NULL); if (err) { /* Take this as in indication for a cancel request. */ err = gpg_error (GPG_ERR_CANCELED); } now = time (NULL); } next_tick = now + 1; } return err; }