security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Code Activity
2b19474aab
gnupg/tools/call-dirmngr.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

427 lines
9.9 KiB
C
Raw Normal View History

tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
/* call-dirmngr.c - Interact with the Dirmngr.
wkd: New command --mirror for gpg-wks-client. * tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New. (opts): Add ----mirror, --no-autostart, and --blacklist. (parse_arguments): Parse new options. (main): Parse common.conf. Implement aMirror. (mirror_one_key_parm): New. (mirror_one_keys_userid, mirror_one_key): New. (command_mirror): New. * tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags. * tools/wks-util.c (wks_cmd_install_key): Factor some code out to ... (wks_install_key_core): new. * tools/call-dirmngr.c (wkd_dirmngr_ks_get): New. -- This implements the basic LDAP to WKD mirroring. The blacklist option and domain restrictions are not yet fully implemented. Take care: In OpenLDAP you may need to increase the paged result limit by using a configuration like: dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcLimits olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited GnuPG-bug-id: 6224
2022-10-06 18:38:29 +02:00
* Copyright (C) 2016, 2022 g10 Code GmbH
Change license of some files to LGPLv2.1. * COPYING.LIB: Rename to COPYING.LGPL3. * COPYING.LGPL21: New. * COPYING.GPL2: New. * Makefile.am: Distribute them. * AUTHORS: Update license pointers. Add BSI as copyright holder. * common/compliance.c, common/compliance.h: Add BSI copyright notice. Break overlong lines. * dirmngr/loadswdb.c: Add BSI copyright notices. * dirmngr/server.c: Ditto. * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI copyright notice. * tools/call-dirmngr.h: Ditto. * tools/gpg-wks-client.c: Ditto. * tools/gpg-wks-server.c: Ditto. * tools/gpg-wks.h: Ditto. * tools/mime-maker.c: Ditto. * tools/mime-maker.h: Ditto. * tools/mime-parser.c: Ditto. * tools/mime-parser.h: Ditto. * tools/send-mail.c: Ditto. * tools/send-mail.h: Ditto. * tools/wks-receive.c: Ditto. * tools/wks-util.c: Ditto. * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1. -- For better deployment it seems to be better to make the Web Key Directory code more easily available. Some code was been developed under contract of the BSI. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:37:52 +02:00
* Copyright (C) 2016 Bundesamt für Sicherheit in der Informationstechnik
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
*
* This file is part of GnuPG.
*
Change license of some files to LGPLv2.1. * COPYING.LIB: Rename to COPYING.LGPL3. * COPYING.LGPL21: New. * COPYING.GPL2: New. * Makefile.am: Distribute them. * AUTHORS: Update license pointers. Add BSI as copyright holder. * common/compliance.c, common/compliance.h: Add BSI copyright notice. Break overlong lines. * dirmngr/loadswdb.c: Add BSI copyright notices. * dirmngr/server.c: Ditto. * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI copyright notice. * tools/call-dirmngr.h: Ditto. * tools/gpg-wks-client.c: Ditto. * tools/gpg-wks-server.c: Ditto. * tools/gpg-wks.h: Ditto. * tools/mime-maker.c: Ditto. * tools/mime-maker.h: Ditto. * tools/mime-parser.c: Ditto. * tools/mime-parser.h: Ditto. * tools/send-mail.c: Ditto. * tools/send-mail.h: Ditto. * tools/wks-receive.c: Ditto. * tools/wks-util.c: Ditto. * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1. -- For better deployment it seems to be better to make the Web Key Directory code more easily available. Some code was been developed under contract of the BSI. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:37:52 +02:00
* This file is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
*
Change license of some files to LGPLv2.1. * COPYING.LIB: Rename to COPYING.LGPL3. * COPYING.LGPL21: New. * COPYING.GPL2: New. * Makefile.am: Distribute them. * AUTHORS: Update license pointers. Add BSI as copyright holder. * common/compliance.c, common/compliance.h: Add BSI copyright notice. Break overlong lines. * dirmngr/loadswdb.c: Add BSI copyright notices. * dirmngr/server.c: Ditto. * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI copyright notice. * tools/call-dirmngr.h: Ditto. * tools/gpg-wks-client.c: Ditto. * tools/gpg-wks-server.c: Ditto. * tools/gpg-wks.h: Ditto. * tools/mime-maker.c: Ditto. * tools/mime-maker.h: Ditto. * tools/mime-parser.c: Ditto. * tools/mime-parser.h: Ditto. * tools/send-mail.c: Ditto. * tools/send-mail.h: Ditto. * tools/wks-receive.c: Ditto. * tools/wks-util.c: Ditto. * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1. -- For better deployment it seems to be better to make the Web Key Directory code more easily available. Some code was been developed under contract of the BSI. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:37:52 +02:00
* This file is distributed in the hope that it will be useful,
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Change license of some files to LGPLv2.1. * COPYING.LIB: Rename to COPYING.LGPL3. * COPYING.LGPL21: New. * COPYING.GPL2: New. * Makefile.am: Distribute them. * AUTHORS: Update license pointers. Add BSI as copyright holder. * common/compliance.c, common/compliance.h: Add BSI copyright notice. Break overlong lines. * dirmngr/loadswdb.c: Add BSI copyright notices. * dirmngr/server.c: Ditto. * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI copyright notice. * tools/call-dirmngr.h: Ditto. * tools/gpg-wks-client.c: Ditto. * tools/gpg-wks-server.c: Ditto. * tools/gpg-wks.h: Ditto. * tools/mime-maker.c: Ditto. * tools/mime-maker.h: Ditto. * tools/mime-parser.c: Ditto. * tools/mime-parser.h: Ditto. * tools/send-mail.c: Ditto. * tools/send-mail.h: Ditto. * tools/wks-receive.c: Ditto. * tools/wks-util.c: Ditto. * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1. -- For better deployment it seems to be better to make the Web Key Directory code more easily available. Some code was been developed under contract of the BSI. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:37:52 +02:00
* GNU Lesser General Public License for more details.
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
*
Change license of some files to LGPLv2.1. * COPYING.LIB: Rename to COPYING.LGPL3. * COPYING.LGPL21: New. * COPYING.GPL2: New. * Makefile.am: Distribute them. * AUTHORS: Update license pointers. Add BSI as copyright holder. * common/compliance.c, common/compliance.h: Add BSI copyright notice. Break overlong lines. * dirmngr/loadswdb.c: Add BSI copyright notices. * dirmngr/server.c: Ditto. * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI copyright notice. * tools/call-dirmngr.h: Ditto. * tools/gpg-wks-client.c: Ditto. * tools/gpg-wks-server.c: Ditto. * tools/gpg-wks.h: Ditto. * tools/mime-maker.c: Ditto. * tools/mime-maker.h: Ditto. * tools/mime-parser.c: Ditto. * tools/mime-parser.h: Ditto. * tools/send-mail.c: Ditto. * tools/send-mail.h: Ditto. * tools/wks-receive.c: Ditto. * tools/wks-util.c: Ditto. * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1. -- For better deployment it seems to be better to make the Web Key Directory code more easily available. Some code was been developed under contract of the BSI. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:37:52 +02:00
* You should have received a copy of the GNU Lesser General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <time.h>
#ifdef HAVE_LOCALE_H
# include <locale.h>
#endif
#include <assuan.h>
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/util.h"
#include "../common/i18n.h"
#include "../common/asshelp.h"
#include "../common/mbox-util.h"
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
#include "./call-dirmngr.h"
static struct
{
int verbose;
int debug_ipc;
int autostart;
} opt;
void
set_dirmngr_options (int verbose, int debug_ipc, int autostart)
{
opt.verbose = verbose;
opt.debug_ipc = debug_ipc;
opt.autostart = autostart;
}
/* Connect to the Dirmngr and return an assuan context. */
static gpg_error_t
connect_dirmngr (assuan_context_t *r_ctx)
{
gpg_error_t err;
assuan_context_t ctx;
*r_ctx = NULL;
err = start_new_dirmngr (&ctx,
GPG_ERR_SOURCE_DEFAULT,
NULL,
common: Prepare for more flags in start_new_service. * common/asshelp.h (ASSHELP_FLAG_AUTOSTART): New. * common/asshelp.c (start_new_service): Rename arg autostart to flags and adjust checks. (start_new_gpg_agent): Likewise. Change all callers. (start_new_keyboxd): Likewise. Change all callers. (start_new_dirmngr): Likewise. Change all callers. -- It is easier to have a generic flags arg instead of adding more and more dedicated args. verbose and debug are kept as they are because they are not boolean.
2023-08-29 13:18:13 +02:00
opt.autostart?ASSHELP_FLAG_AUTOSTART:0,
opt.verbose, opt.debug_ipc,
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
NULL, NULL);
if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
{
static int shown;
if (!shown)
{
shown = 1;
log_info (_("no dirmngr running in this session\n"));
}
}
if (err)
assuan_release (ctx);
else
{
*r_ctx = ctx;
}
return err;
}
/* Parameter structure used with the WKD_GET command. */
struct wkd_get_parm_s
{
estream_t memfp;
};
/* Data callback for the WKD_GET command. */
static gpg_error_t
wkd_get_data_cb (void *opaque, const void *data, size_t datalen)
{
struct wkd_get_parm_s *parm = opaque;
gpg_error_t err = 0;
size_t nwritten;
if (!data)
return 0; /* Ignore END commands. */
if (!parm->memfp)
return 0; /* Data is not required. */
if (es_write (parm->memfp, data, datalen, &nwritten))
err = gpg_error_from_syserror ();
return err;
}
/* Status callback for the WKD_GET command. */
static gpg_error_t
wkd_get_status_cb (void *opaque, const char *line)
{
struct wkd_get_parm_s *parm = opaque;
gpg_error_t err = 0;
wkd: Let gpg-wks-client --supported print some diagnostics. * tools/call-dirmngr.c (wkd_get_status_cb): Deetect and output warning and note stati from dirmngr. -- This is in particular helpful to check for non-proper TLS certificates.
2023-01-19 10:52:43 +01:00
const char *s, *s2;
const char *warn = NULL;
int is_note = 0;
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
(void)parm;
wkd: Let gpg-wks-client --supported print some diagnostics. * tools/call-dirmngr.c (wkd_get_status_cb): Deetect and output warning and note stati from dirmngr. -- This is in particular helpful to check for non-proper TLS certificates.
2023-01-19 10:52:43 +01:00
/* Note: The code below is mostly duplicated from g10/call-dirmngr.c */
if ((s = has_leading_keyword (line, "WARNING"))
|| (is_note = !!(s = has_leading_keyword (line, "NOTE"))))
{
if ((s2 = has_leading_keyword (s, "wkd_cached_result")))
{
if (opt.verbose)
warn = _("WKD uses a cached result");
}
else if ((s2 = has_leading_keyword (s, "tor_not_running")))
warn = _("Tor is not running");
else if ((s2 = has_leading_keyword (s, "tor_config_problem")))
warn = _("Tor is not properly configured");
else if ((s2 = has_leading_keyword (s, "dns_config_problem")))
warn = _("DNS is not properly configured");
else if ((s2 = has_leading_keyword (s, "http_redirect")))
warn = _("unacceptable HTTP redirect from server");
else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup")))
warn = _("unacceptable HTTP redirect from server was cleaned up");
else if ((s2 = has_leading_keyword (s, "tls_cert_error")))
warn = _("server uses an invalid certificate");
else
warn = NULL;
if (warn)
{
if (is_note)
log_info (_("Note: %s\n"), warn);
else
log_info (_("WARNING: %s\n"), warn);
if (s2 && opt.verbose)
{
while (*s2 && !spacep (s2))
s2++;
while (*s2 && spacep (s2))
s2++;
if (*s2)
log_info ("(%s)\n", s2);
}
}
}
tools: Add gpg-wks-client and gpg-wks-server. * configure.ac: Add option --enable-wks-tools * tools/gpg-wks-client.c: New. * tools/gpg-wks-server.c: New. * tools/gpg-wks.h: new. * tools/wks-receive.c: New. * tools/call-dirmngr.c, tools/call-dirmngr.h: New. -- Note that this is just a starting point and not a finished implementation. Here is how to test the system using foo@test.gnupg.org as example. Prepare: mkdir /var/lib/gnupg/wks chmod o-rwx /var/lib/gnupg/wks mkdir /var/lib/gnupg/wks/test.gnupg.org Run the protocol: ./gpg-wks-client -v --send FPR USERID >x ./gpg-wks-server -v --receive <x >y ./gpg-wks-client --receive <y >z ./gpg-wks-server -v --receive <z You should also setup a cron job to rsync /var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-29 12:00:22 +02:00
return err;
}
/* Ask the dirmngr for the submission address of a WKD server for the
* mail address ADDRSPEC. On success the submission address is stored
* at R_ADDRSPEC. */
gpg_error_t
wkd_get_submission_address (const char *addrspec, char **r_addrspec)
{
gpg_error_t err;
assuan_context_t ctx;
struct wkd_get_parm_s parm;
char *line = NULL;
void *vp;
char *buffer = NULL;
char *p;
memset (&parm, 0, sizeof parm);
*r_addrspec = NULL;
err = connect_dirmngr (&ctx);
if (err)
return err;
line = es_bsprintf ("WKD_GET --submission-address -- %s", addrspec);
if (!line)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
{
err = gpg_error (GPG_ERR_TOO_LARGE);
goto leave;
}
parm.memfp = es_fopenmem (0, "rwb");
if (!parm.memfp)
{
err = gpg_error_from_syserror ();
goto leave;
}
err = assuan_transact (ctx, line, wkd_get_data_cb, &parm,
NULL, NULL, wkd_get_status_cb, &parm);
if (err)
goto leave;
es_fputc (0, parm.memfp);
if (es_fclose_snatch (parm.memfp, &vp, NULL))
{
err = gpg_error_from_syserror ();
goto leave;
}
buffer = vp;
parm.memfp = NULL;
p = strchr (buffer, '\n');
if (p)
*p = 0;
trim_spaces (buffer);
if (!is_valid_mailbox (buffer))
{
err = gpg_error (GPG_ERR_INV_USER_ID);
goto leave;
}
*r_addrspec = xtrystrdup (buffer);
if (!*r_addrspec)
err = gpg_error_from_syserror ();
leave:
es_free (buffer);
es_fclose (parm.memfp);
xfree (line);
assuan_release (ctx);
return err;
}
wks: Add framework for policy flags. * tools/call-dirmngr.c (wkd_get_policy_flags): New. * tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New. * tools/wks-util.c (wks_parse_policy): New. * tools/gpg-wks-client.c (command_send): Get the policy flags to show a new info line. * tools/gpg-wks-server.c (get_policy_flags): New. (process_new_key): get policy flag and add a stub for "auth-submit". (command_list_domains): Check policy flags. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-02 16:54:42 +02:00
/* Ask the dirmngr for the policy flags and return them as an estream
* memory stream. If no policy flags are set, NULL is stored at
* R_BUFFER. */
gpg_error_t
wkd_get_policy_flags (const char *addrspec, estream_t *r_buffer)
{
gpg_error_t err;
assuan_context_t ctx;
struct wkd_get_parm_s parm;
char *line = NULL;
char *buffer = NULL;
memset (&parm, 0, sizeof parm);
*r_buffer = NULL;
err = connect_dirmngr (&ctx);
if (err)
return err;
line = es_bsprintf ("WKD_GET --policy-flags -- %s", addrspec);
if (!line)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
{
err = gpg_error (GPG_ERR_TOO_LARGE);
goto leave;
}
parm.memfp = es_fopenmem (0, "rwb");
if (!parm.memfp)
{
err = gpg_error_from_syserror ();
goto leave;
}
err = assuan_transact (ctx, line, wkd_get_data_cb, &parm,
NULL, NULL, wkd_get_status_cb, &parm);
if (err)
goto leave;
es_rewind (parm.memfp);
*r_buffer = parm.memfp;
parm.memfp = 0;
leave:
es_free (buffer);
es_fclose (parm.memfp);
xfree (line);
assuan_release (ctx);
return err;
}
wks: New option --check for gpg-wks-client. * tools/call-dirmngr.c (wkd_get_key): New. * tools/gpg-wks-client.c (aCheck): New constant. (opts): New option "--check". (main): Call command_check. (command_check): New. -- GnuPG-bug-id: 2866 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 16:57:21 +01:00
/* Ask the dirmngr for the key for ADDRSPEC. On success a stream with
* the key is stored at R_KEY. */
gpg_error_t
wkd_get_key (const char *addrspec, estream_t *r_key)
{
gpg_error_t err;
assuan_context_t ctx;
struct wkd_get_parm_s parm;
char *line = NULL;
memset (&parm, 0, sizeof parm);
*r_key = NULL;
err = connect_dirmngr (&ctx);
if (err)
return err;
line = es_bsprintf ("WKD_GET -- %s", addrspec);
if (!line)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
{
err = gpg_error (GPG_ERR_TOO_LARGE);
goto leave;
}
parm.memfp = es_fopenmem (0, "rwb");
if (!parm.memfp)
{
err = gpg_error_from_syserror ();
goto leave;
}
err = assuan_transact (ctx, line, wkd_get_data_cb, &parm,
NULL, NULL, wkd_get_status_cb, &parm);
if (err)
goto leave;
es_rewind (parm.memfp);
*r_key = parm.memfp;
parm.memfp = NULL;
leave:
es_fclose (parm.memfp);
xfree (line);
assuan_release (ctx);
return err;
}
wkd: New command --mirror for gpg-wks-client. * tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New. (opts): Add ----mirror, --no-autostart, and --blacklist. (parse_arguments): Parse new options. (main): Parse common.conf. Implement aMirror. (mirror_one_key_parm): New. (mirror_one_keys_userid, mirror_one_key): New. (command_mirror): New. * tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags. * tools/wks-util.c (wks_cmd_install_key): Factor some code out to ... (wks_install_key_core): new. * tools/call-dirmngr.c (wkd_dirmngr_ks_get): New. -- This implements the basic LDAP to WKD mirroring. The blacklist option and domain restrictions are not yet fully implemented. Take care: In OpenLDAP you may need to increase the paged result limit by using a configuration like: dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcLimits olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited GnuPG-bug-id: 6224
2022-10-06 18:38:29 +02:00
/* Send the KS_GET command to the dirmngr. The caller provides CB
indent: Fix spelling -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
2024-05-13 00:09:23 +02:00
* which is called for each key. The callback is called with a stream
wkd: New command --mirror for gpg-wks-client. * tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New. (opts): Add ----mirror, --no-autostart, and --blacklist. (parse_arguments): Parse new options. (main): Parse common.conf. Implement aMirror. (mirror_one_key_parm): New. (mirror_one_keys_userid, mirror_one_key): New. (command_mirror): New. * tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags. * tools/wks-util.c (wks_cmd_install_key): Factor some code out to ... (wks_install_key_core): new. * tools/call-dirmngr.c (wkd_dirmngr_ks_get): New. -- This implements the basic LDAP to WKD mirroring. The blacklist option and domain restrictions are not yet fully implemented. Take care: In OpenLDAP you may need to increase the paged result limit by using a configuration like: dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcLimits olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited GnuPG-bug-id: 6224
2022-10-06 18:38:29 +02:00
* conveying a single key and several other informational parameters.
* DOMAIN restricts the returned keys to this domain. */
gpg_error_t
wkd_dirmngr_ks_get (const char *domain, gpg_error_t cb (estream_t key))
{
gpg_error_t err;
assuan_context_t ctx;
struct wkd_get_parm_s parm;
char *line = NULL;
int any = 0;
memset (&parm, 0, sizeof parm);
err = connect_dirmngr (&ctx);
if (err)
return err;
line = es_bsprintf ("KS_GET --ldap --first %s", domain? domain:"");
if (!line)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
{
err = gpg_error (GPG_ERR_TOO_LARGE);
goto leave;
}
parm.memfp = es_fopenmem (0, "rwb");
if (!parm.memfp)
{
err = gpg_error_from_syserror ();
goto leave;
}
for (;;)
{
err = assuan_transact (ctx, any? "KS_GET --next" : line,
wkd_get_data_cb, &parm,
NULL, NULL, wkd_get_status_cb, &parm);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_NO_DATA
&& gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR)
err = any? 0 : gpg_error (GPG_ERR_NOT_FOUND);
goto leave;
}
any = 1;
es_rewind (parm.memfp);
err = cb (parm.memfp);
if (err)
break;
es_ftruncate (parm.memfp, 0);
}
leave:
es_fclose (parm.memfp);
xfree (line);
assuan_release (ctx);
return err;
}
Copy Permalink