1
1
/* call-dirmngr.c - communication with the dromngr
2
* Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc.
2
* Copyright (C) 2002, 2003, 2005, 2007, 2008 Free Software Foundation, Inc.
4
4
* This file is part of GnuPG.
6
6
* GnuPG is free software; you can redistribute it and/or modify
7
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
8
* the Free Software Foundation; either version 3 of the License, or
9
9
* (at your option) any later version.
11
11
* GnuPG is distributed in the hope that it will be useful,
14
14
* GNU General Public License for more details.
16
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
17
* along with this program; if not, see <http://www.gnu.org/licenses/>.
21
20
#include <config.h>
50
static ASSUAN_CONTEXT dirmngr_ctx = NULL;
47
static assuan_context_t dirmngr_ctx = NULL;
51
48
static int force_pipe_server = 0;
53
50
struct inq_certificate_parm_s {
56
53
ksba_cert_t issuer_cert;
59
56
struct isvalid_status_parm_s {
62
59
unsigned char fpr[20];
66
63
struct lookup_parm_s {
69
66
void (*cb)(void *, ksba_cert_t);
71
68
struct membuf data;
137
/* This fucntion prepares the dirmngr for a new session. The
138
audit-events option is used so that other dirmngr clients won't get
139
disturbed by such events. */
141
prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
143
if (!ctrl->dirmngr_seen)
145
ctrl->dirmngr_seen = 1;
148
err = assuan_transact (ctx, "OPTION audit-events=1",
149
NULL, NULL, NULL, NULL, NULL, NULL);
150
if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
151
err = 0; /* Allow the use of old dirmngr versions. */
153
audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
143
159
/* Try to connect to the agent via socket or fork it off and work by
144
160
pipes. Handle the server's initial greeting */
162
start_dirmngr (ctrl_t ctrl)
149
165
char *infostr, *p;
166
assuan_context_t ctx;
151
167
int try_default = 0;
169
if (opt.disable_dirmngr)
170
return gpg_error (GPG_ERR_NO_DIRMNGR);
154
return 0; /* fixme: We need a context for each thread or serialize
155
the access to the dirmngr */
174
prepare_dirmngr (ctrl, dirmngr_ctx, 0);
175
return 0; /* fixme: We need a context for each thread or serialize
176
the access to the dirmngr */
156
178
/* Note: if you change this to multiple connections, you also need
157
179
to take care of the implicit option sending caching. */
181
#ifdef HAVE_W32_SYSTEM
183
opt.prefer_system_dirmngr = 1;
159
185
infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO");
160
if (opt.prefer_system_dirmngr && !force_pipe_server
161
&&(!infostr || !*infostr))
186
#endif /*HAVE_W32_SYSTEM*/
187
if (infostr && !*infostr)
190
infostr = xstrdup (infostr);
192
if (opt.prefer_system_dirmngr && !force_pipe_server && !infostr)
163
infostr = DEFAULT_SOCKET_NAME;
194
infostr = xstrdup (dirmngr_socket_name ());
166
if (!infostr || !*infostr)
168
199
const char *pgmname;
169
200
const char *argv[3];
170
201
int no_close_list[3];
204
if (!opt.dirmngr_program || !*opt.dirmngr_program)
205
opt.dirmngr_program = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR);
206
if ( !(pgmname = strrchr (opt.dirmngr_program, '/')))
207
pgmname = opt.dirmngr_program;
174
log_info (_("no running dirmngr - starting one\n"));
212
log_info (_("no running dirmngr - starting `%s'\n"),
213
opt.dirmngr_program);
176
215
if (fflush (NULL))
198
230
no_close_list[i] = -1;
200
232
/* connect to the agent and perform initial handshaking */
201
rc = assuan_pipe_connect (&ctx, opt.dirmngr_program, (char**)argv,
233
rc = assuan_pipe_connect (&ctx, opt.dirmngr_program, argv,
229
260
force_pipe_server = 1;
230
return start_dirmngr ();
261
return start_dirmngr (ctrl);
236
267
rc = assuan_socket_connect (&ctx, infostr, pid);
268
#ifdef HAVE_W32_SYSTEM
270
log_debug ("connecting dirmngr at `%s' failed\n", infostr);
238
if (rc == ASSUAN_Connect_Failed)
274
#ifndef HAVE_W32_SYSTEM
275
if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED)
240
277
log_error (_("can't connect to the dirmngr - trying fall back\n"));
241
278
force_pipe_server = 1;
242
return start_dirmngr ();
279
return start_dirmngr (ctrl);
281
#endif /*!HAVE_W32_SYSTEM*/
284
prepare_dirmngr (ctrl, ctx, rc);
248
log_error ("can't connect to the dirmngr: %s\n", assuan_strerror (rc));
288
log_error ("can't connect to the dirmngr: %s\n", gpg_strerror (rc));
249
289
return gpg_error (GPG_ERR_NO_DIRMNGR);
251
291
dirmngr_ctx = ctx;
324
364
log_error ("certificate not found: %s\n", gpg_strerror (err));
325
rc = ASSUAN_Inquire_Error;
365
rc = gpg_error (GPG_ERR_NOT_FOUND);
329
369
der = ksba_cert_get_image (cert, &derlen);
331
rc = ASSUAN_Inquire_Error;
371
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
333
373
rc = assuan_send_data (parm->ctx, der, derlen);
334
374
ksba_cert_release (cert);
371
411
for (line += 8; *line == ' '; line++)
373
413
if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
374
return ASSUAN_Canceled;
414
return gpg_error (GPG_ERR_ASS_CANCELED);
377
417
else if (!strncmp (line, "ONLY_VALID_IF_CERT_VALID", 24)
446
487
/* FIXME: If --disable-crl-checks has been set, we should pass an
447
488
option to dirmngr, so that no fallback CRL check is done after an
489
ocsp check. It is not a problem right now as dirmngr does not
490
fallback to CRL checking. */
450
492
/* It is sufficient to send the options only once because we have
451
493
one connection per process only. */
456
498
NULL, NULL, NULL, NULL, NULL, NULL);
459
snprintf (line, DIM(line)-1, "ISVALID %s", certid);
501
snprintf (line, DIM(line)-1, "ISVALID%s %s",
502
use_ocsp == 2? " --only-ocsp --force-default-responder":"",
460
504
line[DIM(line)-1] = 0;
504
548
rc = gpg_error (GPG_ERR_INV_CRL);
507
/* Note, the flag = 1: This avoids checking this
508
certificate over and over again. */
509
rc = gpgsm_validate_chain (ctrl, rspcert, NULL, 0, NULL, 1);
551
/* Note the no_dirmngr flag: This avoids checking
552
this certificate over and over again. */
553
rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL,
554
VALIDATE_FLAG_NO_DIRMNGR, NULL);
512
557
log_error ("invalid certificate used for CRL/OCSP: %s\n",
642
687
for (line += 8; *line == ' '; line++)
644
689
if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
645
return ASSUAN_Canceled;
690
return gpg_error (GPG_ERR_ASS_CANCELED);
648
693
else if (!strncmp (line, "TRUNCATED", 9) && (line[9]==' ' || !line[9]))
661
706
/* Run the Directroy Managers lookup command using the pattern
662
707
compiled from the strings given in NAMES. The caller must provide
663
708
the callback CB which will be passed cert by cert. Note that CTRL
709
is optional. With CACHE_ONLY the dirmngr will search only its own
666
gpgsm_dirmngr_lookup (CTRL ctrl, STRLIST names,
712
gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
667
713
void (*cb)(void*, ksba_cert_t), void *cb_value)
672
718
struct lookup_parm_s parm;
675
rc = start_dirmngr ();
721
rc = start_dirmngr (ctrl);
679
725
pattern = pattern_from_strlist (names);
681
return OUT_OF_CORE (errno);
682
snprintf (line, DIM(line)-1, "LOOKUP %s", pattern);
727
return out_of_core ();
728
snprintf (line, DIM(line)-1, "LOOKUP%s %s",
729
cache_only? " --cache-only":"", pattern);
683
730
line[DIM(line)-1] = 0;
717
764
/* Handle inquiries from the dirmngr COMMAND. */
719
766
run_command_inq_cb (void *opaque, const char *line)
721
768
struct run_command_parm_s *parm = opaque;
724
771
if ( !strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]) )
725
772
{ /* send the given certificate */
733
return ASSUAN_Inquire_Error;
780
return gpg_error (GPG_ERR_ASS_PARAMETER);
735
782
err = gpgsm_find_cert (line, NULL, &cert);
738
785
log_error ("certificate not found: %s\n", gpg_strerror (err));
739
rc = ASSUAN_Inquire_Error;
786
rc = gpg_error (GPG_ERR_NOT_FOUND);
743
790
der = ksba_cert_get_image (cert, &derlen);
745
rc = ASSUAN_Inquire_Error;
792
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
747
794
rc = assuan_send_data (parm->ctx, der, derlen);
748
795
ksba_cert_release (cert);
792
839
percent characters within the argument strings are percent escaped
793
840
so that blanks can act as delimiters. */
795
gpgsm_dirmngr_run_command (CTRL ctrl, const char *command,
842
gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
796
843
int argc, char **argv)
841
888
run_command_inq_cb, &parm,
842
889
run_command_status_cb, ctrl);
844
log_info ("response of dirmngr: %s\n", rc? assuan_strerror (rc): "okay");
845
return map_assuan_err (rc);
891
log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");