47
/* fixme: We need a context for each thread or serialize the access to
47
49
static assuan_context_t dirmngr_ctx = NULL;
50
static assuan_context_t dirmngr2_ctx = NULL;
52
static int dirmngr_ctx_locked;
53
static int dirmngr2_ctx_locked;
48
55
static int force_pipe_server = 0;
50
57
struct inq_certificate_parm_s {
51
59
assuan_context_t ctx;
53
61
ksba_cert_t issuer_cert;
137
/* This fucntion prepares the dirmngr for a new session. The
145
/* This function prepares the dirmngr for a new session. The
138
146
audit-events option is used so that other dirmngr clients won't get
139
147
disturbed by such events. */
141
149
prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
143
if (!ctrl->dirmngr_seen)
145
ctrl->dirmngr_seen = 1;
148
err = assuan_transact (ctx, "OPTION audit-events=1",
149
NULL, NULL, NULL, NULL, NULL, NULL);
150
if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
151
err = 0; /* Allow the use of old dirmngr versions. */
153
audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
151
struct keyserver_spec *server;
155
err = assuan_transact (ctx, "OPTION audit-events=1",
156
NULL, NULL, NULL, NULL, NULL, NULL);
157
if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
158
err = 0; /* Allow the use of old dirmngr versions. */
160
audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
162
server = opt.keyserver;
165
char line[ASSUAN_LINELENGTH];
166
char *user = server->user ? server->user : "";
167
char *pass = server->pass ? server->pass : "";
168
char *base = server->base ? server->base : "";
170
snprintf (line, DIM (line) - 1, "LDAPSERVER %s:%i:%s:%s:%s",
171
server->host, server->port, user, pass, base);
172
line[DIM (line) - 1] = 0;
174
err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
175
if (gpg_err_code (err) == GPG_ERR_ASS_UNKNOWN_CMD)
176
err = 0; /* Allow the use of old dirmngr versions. */
178
server = server->next;
169
194
if (opt.disable_dirmngr)
170
195
return gpg_error (GPG_ERR_NO_DIRMNGR);
174
prepare_dirmngr (ctrl, dirmngr_ctx, 0);
175
return 0; /* fixme: We need a context for each thread or serialize
176
the access to the dirmngr */
178
200
/* Note: if you change this to multiple connections, you also need
179
201
to take care of the implicit option sending caching. */
274
296
#ifndef HAVE_W32_SYSTEM
275
297
if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED)
277
log_error (_("can't connect to the dirmngr - trying fall back\n"));
299
log_info (_("can't connect to the dirmngr - trying fall back\n"));
278
300
force_pipe_server = 1;
279
return start_dirmngr (ctrl);
301
return start_dirmngr_ext (ctrl, ctx_r);
281
303
#endif /*!HAVE_W32_SYSTEM*/
322
start_dirmngr (ctrl_t ctrl)
326
assert (! dirmngr_ctx_locked);
327
dirmngr_ctx_locked = 1;
329
err = start_dirmngr_ext (ctrl, &dirmngr_ctx);
330
/* We do not check ERR but the existance of a context because the
331
error might come from a failed command send to the dirmngr.
332
Fixme: Why don't we close the drimngr context if we encountered
333
an error in prepare_dirmngr? */
335
dirmngr_ctx_locked = 0;
341
release_dirmngr (ctrl_t ctrl)
345
if (!dirmngr_ctx_locked)
346
log_error ("WARNING: trying to release a non-locked dirmngr ctx\n");
347
dirmngr_ctx_locked = 0;
352
start_dirmngr2 (ctrl_t ctrl)
356
assert (! dirmngr2_ctx_locked);
357
dirmngr2_ctx_locked = 1;
359
err = start_dirmngr_ext (ctrl, &dirmngr2_ctx);
361
dirmngr2_ctx_locked = 0;
367
release_dirmngr2 (ctrl_t ctrl)
371
if (!dirmngr2_ctx_locked)
372
log_error ("WARNING: trying to release a non-locked dirmngr2 ctx\n");
373
dirmngr2_ctx_locked = 0;
300
378
/* Handle a SENDCERT inquiry. */
412
else if (!strncmp (line, "ISTRUSTED", 9) && (line[9]==' ' || !line[9]))
414
/* The server is asking us whether the certificate is a trusted
419
struct rootca_flags_s rootca_flags;
425
for (s=line,n=0; hexdigitp (s); s++, n++)
428
return gpg_error (GPG_ERR_ASS_PARAMETER);
429
for (s=line, n=0; n < 40; s++, n++)
430
fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
433
if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
434
rc = assuan_send_data (parm->ctx, "1", 1);
336
441
log_error ("unsupported inquiry `%s'\n", line);
706
/* Run the Directroy Managers lookup command using the pattern
814
/* Run the Directory Manager's lookup command using the pattern
707
815
compiled from the strings given in NAMES. The caller must provide
708
816
the callback CB which will be passed cert by cert. Note that CTRL
709
817
is optional. With CACHE_ONLY the dirmngr will search only its own
717
825
char line[ASSUAN_LINELENGTH];
718
826
struct lookup_parm_s parm;
828
assuan_context_t ctx;
721
rc = start_dirmngr (ctrl);
830
/* The lookup function can be invoked from the callback of a lookup
831
function, for example to walk the chain. */
832
if (!dirmngr_ctx_locked)
834
rc = start_dirmngr (ctrl);
839
else if (!dirmngr2_ctx_locked)
841
rc = start_dirmngr2 (ctrl);
848
log_fatal ("both dirmngr contexts are in use\n");
725
851
pattern = pattern_from_strlist (names);
727
return out_of_core ();
854
if (ctx == dirmngr_ctx)
855
release_dirmngr (ctrl);
857
release_dirmngr2 (ctrl);
859
return out_of_core ();
728
861
snprintf (line, DIM(line)-1, "LOOKUP%s %s",
729
862
cache_only? " --cache-only":"", pattern);
730
863
line[DIM(line)-1] = 0;
733
866
parm.ctrl = ctrl;
734
parm.ctx = dirmngr_ctx;
736
869
parm.cb_value = cb_value;
738
871
init_membuf (&parm.data, 4096);
740
rc = assuan_transact (dirmngr_ctx, line, lookup_cb, &parm,
873
rc = assuan_transact (ctx, line, lookup_cb, &parm,
741
874
NULL, NULL, lookup_status_cb, &parm);
742
875
xfree (get_membuf (&parm.data, &len));
877
if (ctx == dirmngr_ctx)
878
release_dirmngr (ctrl);
880
release_dirmngr2 (ctrl);
745
884
return parm.error;