security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/dirmngr/ks-engine.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

92 lines
3.7 KiB
C
Raw Permalink Normal View History

Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
/* ks-engine.h - Keyserver engines definitions
* Copyright (C) 2011 Free Software Foundation, Inc.
Add support to talking to LDAP key servers. * g10/call-dirmngr.c (record_output): New function. (ks_put_inq_cb): Use it here to generate a --with-colons like output instead of a custom format. * dirmngr/ks-action.c: Include "ldap-parse-uri.h". (ks_action_help): If the provided URI is an LDAP URI, then use ldap_parse_uri to parse. Call ks_ldap_help. (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. (ks_action_get): Likewise. (ks_action_put): Likewise. Also, change data from a 'const void *' to a 'void *' and add info and infolen parameters. Add note that function may modify DATA. * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. * dirmngr/server.c: Include "ldap-parse-uri.h". (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using ldap_parse_uri. (hlp_ks_put): Improve documentation. (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve documentation. * dirmngr/ks-engine.h (ks_ldap_help): New declaration. (ks_ldap_search): Likewise. (ks_ldap_get): Likewise. (ks_ldap_put): Likewise. * dirmngr/ks-engine-ldap.c: New file. * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h. (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-19 11:02:46 +01:00
* Copyright (C) 2015 g10 Code GmbH
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
*/
#ifndef DIRMNGR_KS_ENGINE_H
#define DIRMNGR_KS_ENGINE_H 1
Move http module from common/ to dirmngr/. * common/http.c: Move to ../dirmngr/. * common/http.h: Move to ../dirmngr/. * common/t-http.c: Move to ../dirmngr/. * common/tls-ca.pem: Move to ../dirmngr/. * common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a. Remove http.c related stuff. * po/POTFILES.in: Move http.c to dirmngr/. * dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem. (module_maint_tests): New. (noinst_PROGRAMS): Add module_maint_tests. (dirmngr_SOURCES): Add http.c and http.h. (dirmngr_LDADD): Remove libcommontlsnpth. (t_common_ldadd): Ditto. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. (t_ldap_parse_uri_SOURCES): Add http.c. (t_ldap_parse_uri_CFLAGS): Build without npth. ($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a. * dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h. -- All network access is done via dirmngr and thus http.c should be there. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-18 20:07:44 +02:00
#include "http.h"
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
dirmngr: New options --first and --next for KS_GET. * dirmngr/server.c (cmd_ks_get): Add option --first and --next. (start_command_handler): Free that new ldap state. * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New. (ks_ldap_new_state, ks_ldap_clear_state): New. (ks_ldap_free_state): New. (return_one_keyblock): New. Mostly factored out from .... (ks_ldap_get): here. Implement --first/--next feature. * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to ks_get_flags. * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New. (KS_GET_FLAG_FIRST): New. (KS_GET_FLAG_NEXT): New. * dirmngr/dirmngr.h (struct server_control_s): Add member ks_get_state. (struct ks_engine_ldap_local_s): New forward reference. -- This feature allows to fetch keyblock by keyblock from an LDAP server. This way tools can process and maybe filter each keyblock in a more flexible way. Here is an example where two keyblocks for one mail address are returned: $ gpg-connect-agent --dirmngr > ks_get --ldap --first <foo@example.org> [... First keyblock is returned ] OK > ks_get --next [ ... Next keyblock is returned ] OK > ks_get --next ERR 167772218 No data <Dirmngr> GnuPG_bug_id: 6224
2022-10-04 12:44:29 +02:00
/* Flags for engine functions. */
#define KS_GET_FLAG_ONLY_LDAP 1
#define KS_GET_FLAG_FIRST 2
#define KS_GET_FLAG_NEXT 4
dirmngr: New command AD_QUERY. * dirmngr/dirmngr.h: Include name-value.h (struct server_control_s): Add rootdse and rootdse_tried. * dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them. * dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags. * dirmngr/ks-engine-ldap.c: Include ks-action.h (SERVERINFO_GENERIC): New. (struct ks_engine_ldap_local_s): Add scope. (ks_ldap_new_state): Set a default scope. (ks_ldap_clear_state): Ditto. (my_ldap_connect): Add flag generic. (return_all_attributes): New. (fetch_rootdse): New. (basedn_from_rootdse): New. (ks_ldap_get): Move some code out to ... (ks_ldap_prepare_my_state): New. (ks_ldap_query): New. * dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c (ks_action_query): New. * dirmngr/server.c (make_keyserver_item): Factored most code out to ks_action_parse_uri. (cmd_ad_query): New. -- This command allows to query the Windows Active directory.
2023-03-20 19:24:49 +01:00
#define KS_GET_FLAG_ONLY_AD 8 /* Do this only if we have an AD. */
#define KS_GET_FLAG_ROOTDSE 16 /* Get the rootDSE. */
dirmngr: Extend the AD_QUERY command. * dirmngr/server.c (cmd_ad_query): Add options --help and --subst. (cmd_getinfo): Add sub-command "sid". * dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New. * dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New. (getval_for_filter): New. (map_rid_to_dn): New. (ks_ldap_query): Support variables. -- The new variables features makes it easier to write AD queries without requiring domain specific expressions.
2023-06-07 10:03:48 +02:00
#define KS_GET_FLAG_SUBST 32 /* Substiture variables. */
dirmngr: New options --first and --next for KS_GET. * dirmngr/server.c (cmd_ks_get): Add option --first and --next. (start_command_handler): Free that new ldap state. * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New. (ks_ldap_new_state, ks_ldap_clear_state): New. (ks_ldap_free_state): New. (return_one_keyblock): New. Mostly factored out from .... (ks_ldap_get): here. Implement --first/--next feature. * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to ks_get_flags. * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New. (KS_GET_FLAG_FIRST): New. (KS_GET_FLAG_NEXT): New. * dirmngr/dirmngr.h (struct server_control_s): Add member ks_get_state. (struct ks_engine_ldap_local_s): New forward reference. -- This feature allows to fetch keyblock by keyblock from an LDAP server. This way tools can process and maybe filter each keyblock in a more flexible way. Here is an example where two keyblocks for one mail address are returned: $ gpg-connect-agent --dirmngr > ks_get --ldap --first <foo@example.org> [... First keyblock is returned ] OK > ks_get --next [ ... Next keyblock is returned ] OK > ks_get --next ERR 167772218 No data <Dirmngr> GnuPG_bug_id: 6224
2022-10-04 12:44:29 +02:00
Add framework to print keyserver engine information
2011-02-09 17:48:00 +01:00
/*-- ks-action.c --*/
gpg_error_t ks_print_help (ctrl_t ctrl, const char *text);
dirmngr: Fix HKP host selection code. * dirmngr/server.c (cmd_keyserver): Add option --resolve and change --print-hosttable to --hosttable. * dirmngr/ks-action.c (ks_printf_help): New. (ks_action_resolve): New. * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection. (ks_hkp_print_hosttable): Print to assuan stream. (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric IP addr if it can't be resolved. (make_host_part): Add arg FORCE_SELECT; change callers to pass false. (ks_hkp_resolve): New. -- The new options for the keyserver command are useful for debugging. For example: $ tools/gpg-connect-agent -S /usr/local/var/run/gnupg/S.dirmngr \ 'keyserver hkp://keys.gnupg.net' \ 'keyserver http://http-keys.gnupg.net' \ 'keyserver --resolve --hosttable' /bye yields: OK OK S # http://astrath.net:80 S # http://2001:41d0:1:e673::1:11371 S # hosttable (idx, ipv4, ipv6, dead, name): S # 0 http-keys.gnupg.net S # . --> 10 11 12 1 5 8 7 4* 2 9 6 3 S # 1 4 37.250.168.245.bredband.tre.se S # 2 4 6 keys.exosphere.de S # 3 4 6 poseidon.muc.drweb-av.de S # 4 4 astrath.net S # 5 4 79.143.214.216 S # 6 4 openpgp.andrew.kvalhe.im S # 7 4 app.aaiedu.hr S # 8 4 6 alita.karotte.org S # 9 4 6 keyserver.bau5net.com S # 10 4 194.94.127.122 S # 11 6 2001:4d88:1ffc:477::7 S # 12 6 2a00:1280:8000:2:1:8:0:1 S # 13 keys.gnupg.net S # . --> 23 28* 30 17 22 8 7 27 25 14 21 20 19 29 [...] S # 14 4 hufu.ki.iif.hu S # 15 4 pks.ms.mff.cuni.cz S # 16 4 pgpkeys.co.uk S # 17 4 80-239-156-219.customer.teliacarrier.com S # 18 4 srv01.secure-u.de S # 19 4 mallos.xs4all.nl S # 20 4 kronecker.scientia.net S # 21 4 keyserver.ut.mephi.ru S # 22 4 89-68-150-88.dynamic.chello.pl S # 23 6 2001:1608:21:6:84:200:66:125 S # 24 6 sks.es.net S # 25 6 gstueve-1-pt.tunnel.tserv13.ash1.ipv6.he.net S # 26 6 sks.mrball.net S # 27 6 gozer.rediris.es S # 28 6 2001:41d0:1:e673::1 S # 29 6 oteiza.siccegge.de S # 30 6 2403:4200:401:10::13 S # 31 6 statler.serviz.fr OK
2014-03-11 14:26:39 +01:00
gpg_error_t ks_printf_help (ctrl_t ctrl, const char *format,
Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros. * common/util.h: Provide replacement for GPGRT_ATTR_ macros when using libgpg-error < 1.20. * common/mischelp.h: Ditto. * common/types.h: Ditto. -- Given that libgpg-error is a dependency of all GnuPG related libraries it is better to define such macros at only one place instead of having similar macros at a lot of places. For now we need repalcement macros, though.
2015-07-26 12:50:16 +02:00
...) GPGRT_ATTR_PRINTF(2,3);
Add framework to print keyserver engine information
2011-02-09 17:48:00 +01:00
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
/*-- ks-engine-hkp.c --*/
dirmngr: Fix HKP host selection code. * dirmngr/server.c (cmd_keyserver): Add option --resolve and change --print-hosttable to --hosttable. * dirmngr/ks-action.c (ks_printf_help): New. (ks_action_resolve): New. * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection. (ks_hkp_print_hosttable): Print to assuan stream. (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric IP addr if it can't be resolved. (make_host_part): Add arg FORCE_SELECT; change callers to pass false. (ks_hkp_resolve): New. -- The new options for the keyserver command are useful for debugging. For example: $ tools/gpg-connect-agent -S /usr/local/var/run/gnupg/S.dirmngr \ 'keyserver hkp://keys.gnupg.net' \ 'keyserver http://http-keys.gnupg.net' \ 'keyserver --resolve --hosttable' /bye yields: OK OK S # http://astrath.net:80 S # http://2001:41d0:1:e673::1:11371 S # hosttable (idx, ipv4, ipv6, dead, name): S # 0 http-keys.gnupg.net S # . --> 10 11 12 1 5 8 7 4* 2 9 6 3 S # 1 4 37.250.168.245.bredband.tre.se S # 2 4 6 keys.exosphere.de S # 3 4 6 poseidon.muc.drweb-av.de S # 4 4 astrath.net S # 5 4 79.143.214.216 S # 6 4 openpgp.andrew.kvalhe.im S # 7 4 app.aaiedu.hr S # 8 4 6 alita.karotte.org S # 9 4 6 keyserver.bau5net.com S # 10 4 194.94.127.122 S # 11 6 2001:4d88:1ffc:477::7 S # 12 6 2a00:1280:8000:2:1:8:0:1 S # 13 keys.gnupg.net S # . --> 23 28* 30 17 22 8 7 27 25 14 21 20 19 29 [...] S # 14 4 hufu.ki.iif.hu S # 15 4 pks.ms.mff.cuni.cz S # 16 4 pgpkeys.co.uk S # 17 4 80-239-156-219.customer.teliacarrier.com S # 18 4 srv01.secure-u.de S # 19 4 mallos.xs4all.nl S # 20 4 kronecker.scientia.net S # 21 4 keyserver.ut.mephi.ru S # 22 4 89-68-150-88.dynamic.chello.pl S # 23 6 2001:1608:21:6:84:200:66:125 S # 24 6 sks.es.net S # 25 6 gstueve-1-pt.tunnel.tserv13.ash1.ipv6.he.net S # 26 6 sks.mrball.net S # 27 6 gozer.rediris.es S # 28 6 2001:41d0:1:e673::1 S # 29 6 oteiza.siccegge.de S # 30 6 2403:4200:401:10::13 S # 31 6 statler.serviz.fr OK
2014-03-11 14:26:39 +01:00
gpg_error_t ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri);
dirmngr: Add command option to mark hosts as dead or alive. * dirmngr/server.c (cmd_killdirmngr): Factor some code out to ... (check_owner_permission): here. (cmd_keyserver): Add options --dead and --alive. * dirmngr/ks-engine-hkp.c (host_in_pool_p): New. (ks_hkp_mark_host): New. -- Also removed the warning that the widnows part has not yet been done. AFAICS, the current mingw supports the all used socket functions.
2014-03-11 16:19:41 +01:00
gpg_error_t ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive);
dirmngr: Fix HKP host selection code. * dirmngr/server.c (cmd_keyserver): Add option --resolve and change --print-hosttable to --hosttable. * dirmngr/ks-action.c (ks_printf_help): New. (ks_action_resolve): New. * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection. (ks_hkp_print_hosttable): Print to assuan stream. (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric IP addr if it can't be resolved. (make_host_part): Add arg FORCE_SELECT; change callers to pass false. (ks_hkp_resolve): New. -- The new options for the keyserver command are useful for debugging. For example: $ tools/gpg-connect-agent -S /usr/local/var/run/gnupg/S.dirmngr \ 'keyserver hkp://keys.gnupg.net' \ 'keyserver http://http-keys.gnupg.net' \ 'keyserver --resolve --hosttable' /bye yields: OK OK S # http://astrath.net:80 S # http://2001:41d0:1:e673::1:11371 S # hosttable (idx, ipv4, ipv6, dead, name): S # 0 http-keys.gnupg.net S # . --> 10 11 12 1 5 8 7 4* 2 9 6 3 S # 1 4 37.250.168.245.bredband.tre.se S # 2 4 6 keys.exosphere.de S # 3 4 6 poseidon.muc.drweb-av.de S # 4 4 astrath.net S # 5 4 79.143.214.216 S # 6 4 openpgp.andrew.kvalhe.im S # 7 4 app.aaiedu.hr S # 8 4 6 alita.karotte.org S # 9 4 6 keyserver.bau5net.com S # 10 4 194.94.127.122 S # 11 6 2001:4d88:1ffc:477::7 S # 12 6 2a00:1280:8000:2:1:8:0:1 S # 13 keys.gnupg.net S # . --> 23 28* 30 17 22 8 7 27 25 14 21 20 19 29 [...] S # 14 4 hufu.ki.iif.hu S # 15 4 pks.ms.mff.cuni.cz S # 16 4 pgpkeys.co.uk S # 17 4 80-239-156-219.customer.teliacarrier.com S # 18 4 srv01.secure-u.de S # 19 4 mallos.xs4all.nl S # 20 4 kronecker.scientia.net S # 21 4 keyserver.ut.mephi.ru S # 22 4 89-68-150-88.dynamic.chello.pl S # 23 6 2001:1608:21:6:84:200:66:125 S # 24 6 sks.es.net S # 25 6 gstueve-1-pt.tunnel.tserv13.ash1.ipv6.he.net S # 26 6 sks.mrball.net S # 27 6 gozer.rediris.es S # 28 6 2001:41d0:1:e673::1 S # 29 6 oteiza.siccegge.de S # 30 6 2403:4200:401:10::13 S # 31 6 statler.serviz.fr OK
2014-03-11 14:26:39 +01:00
gpg_error_t ks_hkp_print_hosttable (ctrl_t ctrl);
Add framework to print keyserver engine information
2011-02-09 17:48:00 +01:00
gpg_error_t ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri);
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
gpg_error_t ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
dirmngr: Stricter handling of http error codes. * dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver responded with a '404 Not Found'. * dirmngr/ks-engine-hkp.c (send_request): Return http status code. (ks_hkp_search): Likewise. (ks_hkp_{get,put}): Adapt call to 'send_request'. * dirmngr/ks-engine.h (ks_hkp_search): Update prototype. Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:32:20 +01:00
estream_t *r_fp, unsigned int *r_http_status);
Keyserver search and get basically works again.
2011-01-18 12:51:16 +01:00
gpg_error_t ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri,
const char *keyspec, estream_t *r_fp);
All standard keyserver commands are now using dirmngr.
2011-01-20 14:12:53 +01:00
gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri,
const void *data, size_t datalen);
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
Support key fetching using HTTP. A simple test case is: gpg2 --fetch-key http://werner.eifelkommune.de/mykey.asc
2011-02-09 15:42:29 +01:00
/*-- ks-engine-http.c --*/
dirmngr: Allow redirection from https to http for CRLs * dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag. (KS_HTTP_FETCH_TRUST_CFG): Ditto. (KS_HTTP_FETCH_NO_CRL): Ditto. (KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache and extra_http_trust_flags by a new flags arg. Allow redirectiong from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set. * dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE. * dirmngr/ks-action.c (ks_action_get): Ditto. (ks_action_fetch): Ditto. * dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 12:37:34 +02:00
/* Flags for the ks_http_fetch. */
#define KS_HTTP_FETCH_NOCACHE 1 /* Request no caching. */
#define KS_HTTP_FETCH_TRUST_CFG 2 /* Requests HTTP_FLAG_TRUST_CFG. */
#define KS_HTTP_FETCH_NO_CRL 4 /* Requests HTTP_FLAG_NO_CRL. */
#define KS_HTTP_FETCH_ALLOW_DOWNGRADE 8 /* Allow redirect https -> http. */
Add framework to print keyserver engine information
2011-02-09 17:48:00 +01:00
gpg_error_t ks_http_help (ctrl_t ctrl, parsed_uri_t uri);
dirmngr: Allow redirection from https to http for CRLs * dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag. (KS_HTTP_FETCH_TRUST_CFG): Ditto. (KS_HTTP_FETCH_NO_CRL): Ditto. (KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache and extra_http_trust_flags by a new flags arg. Allow redirectiong from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set. * dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE. * dirmngr/ks-action.c (ks_action_get): Ditto. (ks_action_fetch): Ditto. * dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 12:37:34 +02:00
gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
dirmngr: Implement CRL fetching via https. * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag. * dirmngr/http.c (http_register_cfg_ca): New. (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag. * dirmngr/certcache.c (load_certs_from_dir): Call new function. (cert_cache_deinit): Ditto. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to provide the default value. * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of ks_http_fetch. -- The old code simply did not use https for downloading of CRLS. Instead it rewrote https to http under the assumption that the CRL service was also available without encryption. Note that a CRL is self-standing and thus it does not need to have extra authenticity as provided by TLS. These days we should not use any unencrypted content and thus this patch. Be aware that cacert.org give a https CRL DP but that currently redirects to to http! This is a downgrade attack which we detect and don't allow. The outcome is that it is right now not possible to use CAcert certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 09:43:18 +02:00
estream_t *r_fp);
Support key fetching using HTTP. A simple test case is: gpg2 --fetch-key http://werner.eifelkommune.de/mykey.asc
2011-02-09 15:42:29 +01:00
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
/*-- ks-engine-finger.c --*/
Add framework to print keyserver engine information
2011-02-09 17:48:00 +01:00
gpg_error_t ks_finger_help (ctrl_t ctrl, parsed_uri_t uri);
Support key fetching using HTTP. A simple test case is: gpg2 --fetch-key http://werner.eifelkommune.de/mykey.asc
2011-02-09 15:42:29 +01:00
gpg_error_t ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk@g10code.com (I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
Add framework to print keyserver engine information
2011-02-09 17:48:00 +01:00
/*-- ks-engine-kdns.c --*/
gpg_error_t ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri);
gpg_error_t ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
Add support to talking to LDAP key servers. * g10/call-dirmngr.c (record_output): New function. (ks_put_inq_cb): Use it here to generate a --with-colons like output instead of a custom format. * dirmngr/ks-action.c: Include "ldap-parse-uri.h". (ks_action_help): If the provided URI is an LDAP URI, then use ldap_parse_uri to parse. Call ks_ldap_help. (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. (ks_action_get): Likewise. (ks_action_put): Likewise. Also, change data from a 'const void *' to a 'void *' and add info and infolen parameters. Add note that function may modify DATA. * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. * dirmngr/server.c: Include "ldap-parse-uri.h". (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using ldap_parse_uri. (hlp_ks_put): Improve documentation. (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve documentation. * dirmngr/ks-engine.h (ks_ldap_help): New declaration. (ks_ldap_search): Likewise. (ks_ldap_get): Likewise. (ks_ldap_put): Likewise. * dirmngr/ks-engine-ldap.c: New file. * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h. (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-19 11:02:46 +01:00
/*-- ks-engine-ldap.c --*/
dirmngr: Extend the AD_QUERY command. * dirmngr/server.c (cmd_ad_query): Add options --help and --subst. (cmd_getinfo): Add sub-command "sid". * dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New. * dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New. (getval_for_filter): New. (map_rid_to_dn): New. (ks_ldap_query): Support variables. -- The new variables features makes it easier to write AD queries without requiring domain specific expressions.
2023-06-07 10:03:48 +02:00
void ks_ldap_help_variables (ctrl_t ctrl);
Add support to talking to LDAP key servers. * g10/call-dirmngr.c (record_output): New function. (ks_put_inq_cb): Use it here to generate a --with-colons like output instead of a custom format. * dirmngr/ks-action.c: Include "ldap-parse-uri.h". (ks_action_help): If the provided URI is an LDAP URI, then use ldap_parse_uri to parse. Call ks_ldap_help. (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. (ks_action_get): Likewise. (ks_action_put): Likewise. Also, change data from a 'const void *' to a 'void *' and add info and infolen parameters. Add note that function may modify DATA. * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. * dirmngr/server.c: Include "ldap-parse-uri.h". (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using ldap_parse_uri. (hlp_ks_put): Improve documentation. (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve documentation. * dirmngr/ks-engine.h (ks_ldap_help): New declaration. (ks_ldap_search): Likewise. (ks_ldap_get): Likewise. (ks_ldap_put): Likewise. * dirmngr/ks-engine-ldap.c: New file. * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h. (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-19 11:02:46 +01:00
gpg_error_t ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri);
dirmngr: New options --first and --next for KS_GET. * dirmngr/server.c (cmd_ks_get): Add option --first and --next. (start_command_handler): Free that new ldap state. * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New. (ks_ldap_new_state, ks_ldap_clear_state): New. (ks_ldap_free_state): New. (return_one_keyblock): New. Mostly factored out from .... (ks_ldap_get): here. Implement --first/--next feature. * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to ks_get_flags. * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New. (KS_GET_FLAG_FIRST): New. (KS_GET_FLAG_NEXT): New. * dirmngr/dirmngr.h (struct server_control_s): Add member ks_get_state. (struct ks_engine_ldap_local_s): New forward reference. -- This feature allows to fetch keyblock by keyblock from an LDAP server. This way tools can process and maybe filter each keyblock in a more flexible way. Here is an example where two keyblocks for one mail address are returned: $ gpg-connect-agent --dirmngr > ks_get --ldap --first <foo@example.org> [... First keyblock is returned ] OK > ks_get --next [ ... Next keyblock is returned ] OK > ks_get --next ERR 167772218 No data <Dirmngr> GnuPG_bug_id: 6224
2022-10-04 12:44:29 +02:00
void ks_ldap_free_state (struct ks_engine_ldap_local_s *state);
Add support to talking to LDAP key servers. * g10/call-dirmngr.c (record_output): New function. (ks_put_inq_cb): Use it here to generate a --with-colons like output instead of a custom format. * dirmngr/ks-action.c: Include "ldap-parse-uri.h". (ks_action_help): If the provided URI is an LDAP URI, then use ldap_parse_uri to parse. Call ks_ldap_help. (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. (ks_action_get): Likewise. (ks_action_put): Likewise. Also, change data from a 'const void *' to a 'void *' and add info and infolen parameters. Add note that function may modify DATA. * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. * dirmngr/server.c: Include "ldap-parse-uri.h". (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using ldap_parse_uri. (hlp_ks_put): Improve documentation. (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve documentation. * dirmngr/ks-engine.h (ks_ldap_help): New declaration. (ks_ldap_search): Likewise. (ks_ldap_get): Likewise. (ks_ldap_put): Likewise. * dirmngr/ks-engine-ldap.c: New file. * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h. (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-19 11:02:46 +01:00
gpg_error_t ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
estream_t *r_fp);
gpg_error_t ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri,
dirmngr: New options --first and --next for KS_GET. * dirmngr/server.c (cmd_ks_get): Add option --first and --next. (start_command_handler): Free that new ldap state. * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New. (ks_ldap_new_state, ks_ldap_clear_state): New. (ks_ldap_free_state): New. (return_one_keyblock): New. Mostly factored out from .... (ks_ldap_get): here. Implement --first/--next feature. * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to ks_get_flags. * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New. (KS_GET_FLAG_FIRST): New. (KS_GET_FLAG_NEXT): New. * dirmngr/dirmngr.h (struct server_control_s): Add member ks_get_state. (struct ks_engine_ldap_local_s): New forward reference. -- This feature allows to fetch keyblock by keyblock from an LDAP server. This way tools can process and maybe filter each keyblock in a more flexible way. Here is an example where two keyblocks for one mail address are returned: $ gpg-connect-agent --dirmngr > ks_get --ldap --first <foo@example.org> [... First keyblock is returned ] OK > ks_get --next [ ... Next keyblock is returned ] OK > ks_get --next ERR 167772218 No data <Dirmngr> GnuPG_bug_id: 6224
2022-10-04 12:44:29 +02:00
const char *keyspec, unsigned int ks_get_flags,
dirmngr: Return modifyTimestamp and add server option --newer. * dirmngr/server.c (cmd_ks_get): Add option --newer. (cmd_ad_query): Ditto. * dirmngr/ldap-misc.c (isotime2rfc4517): New. (rfc4517toisotime): New. * dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on. (ks_action_query): Ditto. * dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record. (ks_ldap_get): Add arg newer. Modify filter with newer arg. (ks_ldap_search): Print the modifyTimestamp. (ks_ldap_query): Add arg newer. Modify filter with newer arg. -- Note that the modifyTimestamp is also available on Windows, where its value is more commonly known as whenChanged. Both are constructed attributes. Note that the --newer option is a bit of a misnomer because LDAP has only a greater-or-equal and no greater-than operator.
2023-04-04 08:49:55 +02:00
gnupg_isotime_t newer, estream_t *r_fp);
Add support to talking to LDAP key servers. * g10/call-dirmngr.c (record_output): New function. (ks_put_inq_cb): Use it here to generate a --with-colons like output instead of a custom format. * dirmngr/ks-action.c: Include "ldap-parse-uri.h". (ks_action_help): If the provided URI is an LDAP URI, then use ldap_parse_uri to parse. Call ks_ldap_help. (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. (ks_action_get): Likewise. (ks_action_put): Likewise. Also, change data from a 'const void *' to a 'void *' and add info and infolen parameters. Add note that function may modify DATA. * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. * dirmngr/server.c: Include "ldap-parse-uri.h". (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using ldap_parse_uri. (hlp_ks_put): Improve documentation. (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve documentation. * dirmngr/ks-engine.h (ks_ldap_help): New declaration. (ks_ldap_search): Likewise. (ks_ldap_get): Likewise. (ks_ldap_put): Likewise. * dirmngr/ks-engine-ldap.c: New file. * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h. (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). -- Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-19 11:02:46 +01:00
gpg_error_t ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
void *data, size_t datalen,
void *info, size_t infolen);
dirmngr: New command AD_QUERY. * dirmngr/dirmngr.h: Include name-value.h (struct server_control_s): Add rootdse and rootdse_tried. * dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them. * dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags. * dirmngr/ks-engine-ldap.c: Include ks-action.h (SERVERINFO_GENERIC): New. (struct ks_engine_ldap_local_s): Add scope. (ks_ldap_new_state): Set a default scope. (ks_ldap_clear_state): Ditto. (my_ldap_connect): Add flag generic. (return_all_attributes): New. (fetch_rootdse): New. (basedn_from_rootdse): New. (ks_ldap_get): Move some code out to ... (ks_ldap_prepare_my_state): New. (ks_ldap_query): New. * dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c (ks_action_query): New. * dirmngr/server.c (make_keyserver_item): Factored most code out to ks_action_parse_uri. (cmd_ad_query): New. -- This command allows to query the Windows Active directory.
2023-03-20 19:24:49 +01:00
gpg_error_t ks_ldap_query (ctrl_t ctrl, parsed_uri_t uri,
unsigned int ks_get_flags,
dirmngr: Return modifyTimestamp and add server option --newer. * dirmngr/server.c (cmd_ks_get): Add option --newer. (cmd_ad_query): Ditto. * dirmngr/ldap-misc.c (isotime2rfc4517): New. (rfc4517toisotime): New. * dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on. (ks_action_query): Ditto. * dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record. (ks_ldap_get): Add arg newer. Modify filter with newer arg. (ks_ldap_search): Print the modifyTimestamp. (ks_ldap_query): Add arg newer. Modify filter with newer arg. -- Note that the modifyTimestamp is also available on Windows, where its value is more commonly known as whenChanged. Both are constructed attributes. Note that the --newer option is a bit of a misnomer because LDAP has only a greater-or-equal and no greater-than operator.
2023-04-04 08:49:55 +02:00
const char *filter, char **attrs,
gnupg_isotime_t newer, estream_t *r_fp);
Initial code checking for backup - not yet working.
2011-01-10 14:30:17 +01:00
#endif /*DIRMNGR_KS_ENGINE_H*/