2011-02-04 12:57:53 +01:00
|
|
|
|
/* call-dirmngr.c - Communication with the dirmngr
|
2010-08-16 11:03:43 +00:00
|
|
|
|
* Copyright (C) 2002, 2003, 2005, 2007, 2008,
|
|
|
|
|
* 2010 Free Software Foundation, Inc.
|
2003-08-05 17:11:04 +00:00
|
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 19:49:40 +00:00
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-08-05 17:11:04 +00:00
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2003-08-05 17:11:04 +00:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <errno.h>
|
2011-02-04 12:57:53 +01:00
|
|
|
|
#include <unistd.h>
|
2003-08-05 17:11:04 +00:00
|
|
|
|
#include <time.h>
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#include <ctype.h>
|
|
|
|
|
|
|
|
|
|
#include "gpgsm.h"
|
|
|
|
|
#include <gcrypt.h>
|
|
|
|
|
#include <assuan.h>
|
|
|
|
|
|
2017-03-07 20:21:23 +09:00
|
|
|
|
#include "../common/i18n.h"
|
2004-04-05 17:25:21 +00:00
|
|
|
|
#include "keydb.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
|
#include "../common/asshelp.h"
|
2004-04-05 17:25:21 +00:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
struct membuf {
|
|
|
|
|
size_t len;
|
|
|
|
|
size_t size;
|
|
|
|
|
char *buf;
|
|
|
|
|
int out_of_core;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
/* fixme: We need a context for each thread or serialize the access to
|
|
|
|
|
the dirmngr. */
|
2006-09-06 16:35:52 +00:00
|
|
|
|
static assuan_context_t dirmngr_ctx = NULL;
|
2008-08-08 01:06:48 +00:00
|
|
|
|
static assuan_context_t dirmngr2_ctx = NULL;
|
|
|
|
|
|
|
|
|
|
static int dirmngr_ctx_locked;
|
|
|
|
|
static int dirmngr2_ctx_locked;
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
struct inq_certificate_parm_s {
|
2008-10-21 15:03:51 +00:00
|
|
|
|
ctrl_t ctrl;
|
2006-09-06 16:35:52 +00:00
|
|
|
|
assuan_context_t ctx;
|
2003-12-17 12:28:24 +00:00
|
|
|
|
ksba_cert_t cert;
|
2004-03-06 20:11:19 +00:00
|
|
|
|
ksba_cert_t issuer_cert;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
};
|
|
|
|
|
|
2004-04-05 17:25:21 +00:00
|
|
|
|
struct isvalid_status_parm_s {
|
2006-09-06 16:35:52 +00:00
|
|
|
|
ctrl_t ctrl;
|
2004-04-05 17:25:21 +00:00
|
|
|
|
int seen;
|
|
|
|
|
unsigned char fpr[20];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
struct lookup_parm_s {
|
2006-09-06 16:35:52 +00:00
|
|
|
|
ctrl_t ctrl;
|
|
|
|
|
assuan_context_t ctx;
|
2003-12-17 12:28:24 +00:00
|
|
|
|
void (*cb)(void *, ksba_cert_t);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
void *cb_value;
|
|
|
|
|
struct membuf data;
|
|
|
|
|
int error;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct run_command_parm_s {
|
2016-11-10 17:01:19 +01:00
|
|
|
|
ctrl_t ctrl;
|
2006-09-06 16:35:52 +00:00
|
|
|
|
assuan_context_t ctx;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2011-07-21 10:24:03 +02:00
|
|
|
|
|
|
|
|
|
static gpg_error_t get_cached_cert (assuan_context_t ctx,
|
|
|
|
|
const unsigned char *fpr,
|
|
|
|
|
ksba_cert_t *r_cert);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
/* A simple implementation of a dynamic buffer. Use init_membuf() to
|
|
|
|
|
create a buffer, put_membuf to append bytes and get_membuf to
|
|
|
|
|
release and return the buffer. Allocation errors are detected but
|
|
|
|
|
only returned at the final get_membuf(), this helps not to clutter
|
|
|
|
|
the code with out of core checks. */
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
init_membuf (struct membuf *mb, int initiallen)
|
|
|
|
|
{
|
|
|
|
|
mb->len = 0;
|
|
|
|
|
mb->size = initiallen;
|
|
|
|
|
mb->out_of_core = 0;
|
|
|
|
|
mb->buf = xtrymalloc (initiallen);
|
|
|
|
|
if (!mb->buf)
|
|
|
|
|
mb->out_of_core = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
put_membuf (struct membuf *mb, const void *buf, size_t len)
|
|
|
|
|
{
|
|
|
|
|
if (mb->out_of_core)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (mb->len + len >= mb->size)
|
|
|
|
|
{
|
|
|
|
|
char *p;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
mb->size += len + 1024;
|
|
|
|
|
p = xtryrealloc (mb->buf, mb->size);
|
|
|
|
|
if (!p)
|
|
|
|
|
{
|
|
|
|
|
mb->out_of_core = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
mb->buf = p;
|
|
|
|
|
}
|
|
|
|
|
memcpy (mb->buf + mb->len, buf, len);
|
|
|
|
|
mb->len += len;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void *
|
|
|
|
|
get_membuf (struct membuf *mb, size_t *len)
|
|
|
|
|
{
|
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
|
|
if (mb->out_of_core)
|
|
|
|
|
{
|
|
|
|
|
xfree (mb->buf);
|
|
|
|
|
mb->buf = NULL;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = mb->buf;
|
|
|
|
|
*len = mb->len;
|
|
|
|
|
mb->buf = NULL;
|
|
|
|
|
mb->out_of_core = 1; /* don't allow a reuse */
|
|
|
|
|
return p;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2016-01-08 10:33:19 +01:00
|
|
|
|
/* Print a warning if the server's version number is less than our
|
|
|
|
|
version number. Returns an error code on a connection problem. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
|
|
|
|
|
const char *servername, int mode)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char *serverversion;
|
|
|
|
|
const char *myversion = strusage (13);
|
|
|
|
|
|
|
|
|
|
err = get_assuan_server_version (ctx, mode, &serverversion);
|
|
|
|
|
if (err)
|
|
|
|
|
log_error (_("error getting version from '%s': %s\n"),
|
|
|
|
|
servername, gpg_strerror (err));
|
2016-11-02 16:24:58 +01:00
|
|
|
|
else if (compare_version_strings (serverversion, myversion) < 0)
|
2016-01-08 10:33:19 +01:00
|
|
|
|
{
|
|
|
|
|
char *warn;
|
|
|
|
|
|
|
|
|
|
warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
|
|
|
|
|
servername, serverversion, myversion);
|
|
|
|
|
if (!warn)
|
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
log_info (_("WARNING: %s\n"), warn);
|
2017-07-31 11:20:47 +02:00
|
|
|
|
if (!opt.quiet)
|
|
|
|
|
{
|
|
|
|
|
log_info (_("Note: Outdated servers may lack important"
|
|
|
|
|
" security fixes.\n"));
|
|
|
|
|
log_info (_("Note: Use the command \"%s\" to restart them.\n"),
|
|
|
|
|
"gpgconf --kill all");
|
|
|
|
|
}
|
2016-01-08 10:33:19 +01:00
|
|
|
|
gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
|
|
|
|
|
warn, NULL);
|
|
|
|
|
xfree (warn);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
xfree (serverversion);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-10-17 13:12:11 +00:00
|
|
|
|
/* This function prepares the dirmngr for a new session. The
|
2007-12-12 10:28:30 +00:00
|
|
|
|
audit-events option is used so that other dirmngr clients won't get
|
|
|
|
|
disturbed by such events. */
|
|
|
|
|
static void
|
|
|
|
|
prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
|
|
|
|
|
{
|
2021-05-26 14:28:26 +02:00
|
|
|
|
strlist_t server;
|
2008-06-12 14:24:46 +00:00
|
|
|
|
|
2016-01-08 10:33:19 +01:00
|
|
|
|
if (!err)
|
|
|
|
|
err = warn_version_mismatch (ctrl, ctx, DIRMNGR_NAME, 0);
|
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
if (!err)
|
2007-12-12 10:28:30 +00:00
|
|
|
|
{
|
2008-08-08 01:06:48 +00:00
|
|
|
|
err = assuan_transact (ctx, "OPTION audit-events=1",
|
|
|
|
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
|
|
|
|
|
err = 0; /* Allow the use of old dirmngr versions. */
|
2007-12-12 10:28:30 +00:00
|
|
|
|
}
|
2008-08-08 01:06:48 +00:00
|
|
|
|
audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
|
2008-06-12 14:24:46 +00:00
|
|
|
|
|
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
|
|
|
|
if (!ctx || err)
|
|
|
|
|
return;
|
|
|
|
|
|
2008-06-12 14:24:46 +00:00
|
|
|
|
server = opt.keyserver;
|
|
|
|
|
while (server)
|
|
|
|
|
{
|
|
|
|
|
char line[ASSUAN_LINELENGTH];
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2021-05-26 14:28:26 +02:00
|
|
|
|
/* If the host is "ldap" we prefix the entire line with "ldap:"
|
|
|
|
|
* to avoid an ambiguity on the server due to the introduction
|
|
|
|
|
* of this optional prefix. */
|
|
|
|
|
snprintf (line, DIM (line), "LDAPSERVER %s%s",
|
|
|
|
|
!strncmp (server->d, "ldap:", 5)? "ldap:":"",
|
|
|
|
|
server->d);
|
2008-06-12 14:24:46 +00:00
|
|
|
|
|
2016-01-06 17:51:58 +01:00
|
|
|
|
assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
Fix more spelling
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
tests/openpgp/multisig.test, tests/openpgp/verify.scm,
tests/pkits/README, tools/applygnupgdefaults,
tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
minor spelling cleanup.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-15 14:21:15 -04:00
|
|
|
|
/* The code below is not required because we don't return an error. */
|
2016-01-06 17:51:58 +01:00
|
|
|
|
/* err = [above call] */
|
|
|
|
|
/* if (gpg_err_code (err) == GPG_ERR_ASS_UNKNOWN_CMD) */
|
|
|
|
|
/* err = 0; /\* Allow the use of old dirmngr versions. *\/ */
|
2008-06-12 14:24:46 +00:00
|
|
|
|
|
|
|
|
|
server = server->next;
|
|
|
|
|
}
|
2007-12-12 10:28:30 +00:00
|
|
|
|
}
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2010-08-16 11:03:43 +00:00
|
|
|
|
/* Return a new assuan context for a Dirmngr connection. */
|
|
|
|
|
static gpg_error_t
|
2008-08-08 01:06:48 +00:00
|
|
|
|
start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
2010-08-16 11:03:43 +00:00
|
|
|
|
gpg_error_t err;
|
|
|
|
|
assuan_context_t ctx;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2015-06-29 11:03:58 +02:00
|
|
|
|
if (opt.disable_dirmngr || ctrl->offline)
|
2008-02-19 10:33:35 +00:00
|
|
|
|
return gpg_error (GPG_ERR_NO_DIRMNGR);
|
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
if (*ctx_r)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2004-04-07 17:59:18 +00:00
|
|
|
|
/* Note: if you change this to multiple connections, you also need
|
|
|
|
|
to take care of the implicit option sending caching. */
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2010-08-16 11:03:43 +00:00
|
|
|
|
err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT,
|
2016-06-07 13:09:00 +02:00
|
|
|
|
opt.dirmngr_program,
|
2015-04-06 13:42:17 +02:00
|
|
|
|
opt.autostart, opt.verbose, DBG_IPC,
|
2010-08-16 11:03:43 +00:00
|
|
|
|
gpgsm_status2, ctrl);
|
2014-11-28 09:44:19 +01:00
|
|
|
|
if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
|
|
|
|
|
{
|
|
|
|
|
static int shown;
|
|
|
|
|
|
|
|
|
|
if (!shown)
|
|
|
|
|
{
|
|
|
|
|
shown = 1;
|
|
|
|
|
log_info (_("no dirmngr running in this session\n"));
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-08-16 11:03:43 +00:00
|
|
|
|
prepare_dirmngr (ctrl, ctx, err);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
*ctx_r = ctx;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
static int
|
|
|
|
|
start_dirmngr (ctrl_t ctrl)
|
|
|
|
|
{
|
2008-10-17 13:12:11 +00:00
|
|
|
|
gpg_error_t err;
|
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
assert (! dirmngr_ctx_locked);
|
|
|
|
|
dirmngr_ctx_locked = 1;
|
|
|
|
|
|
2008-10-17 13:12:11 +00:00
|
|
|
|
err = start_dirmngr_ext (ctrl, &dirmngr_ctx);
|
2015-11-16 12:41:46 +01:00
|
|
|
|
/* We do not check ERR but the existence of a context because the
|
2008-10-17 13:12:11 +00:00
|
|
|
|
error might come from a failed command send to the dirmngr.
|
|
|
|
|
Fixme: Why don't we close the drimngr context if we encountered
|
|
|
|
|
an error in prepare_dirmngr? */
|
|
|
|
|
if (!dirmngr_ctx)
|
|
|
|
|
dirmngr_ctx_locked = 0;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return err;
|
2008-08-08 01:06:48 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
release_dirmngr (ctrl_t ctrl)
|
|
|
|
|
{
|
2008-10-20 13:53:23 +00:00
|
|
|
|
(void)ctrl;
|
|
|
|
|
|
2008-10-17 13:12:11 +00:00
|
|
|
|
if (!dirmngr_ctx_locked)
|
|
|
|
|
log_error ("WARNING: trying to release a non-locked dirmngr ctx\n");
|
2008-08-08 01:06:48 +00:00
|
|
|
|
dirmngr_ctx_locked = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
start_dirmngr2 (ctrl_t ctrl)
|
|
|
|
|
{
|
2008-10-17 13:12:11 +00:00
|
|
|
|
gpg_error_t err;
|
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
assert (! dirmngr2_ctx_locked);
|
|
|
|
|
dirmngr2_ctx_locked = 1;
|
|
|
|
|
|
2008-10-17 13:12:11 +00:00
|
|
|
|
err = start_dirmngr_ext (ctrl, &dirmngr2_ctx);
|
|
|
|
|
if (!dirmngr2_ctx)
|
|
|
|
|
dirmngr2_ctx_locked = 0;
|
|
|
|
|
return err;
|
2008-08-08 01:06:48 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
release_dirmngr2 (ctrl_t ctrl)
|
|
|
|
|
{
|
2008-10-20 13:53:23 +00:00
|
|
|
|
(void)ctrl;
|
|
|
|
|
|
2008-10-17 13:12:11 +00:00
|
|
|
|
if (!dirmngr2_ctx_locked)
|
|
|
|
|
log_error ("WARNING: trying to release a non-locked dirmngr2 ctx\n");
|
2008-08-08 01:06:48 +00:00
|
|
|
|
dirmngr2_ctx_locked = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
/* Handle a SENDCERT inquiry. */
|
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
|
|
|
|
static gpg_error_t
|
2003-08-05 17:11:04 +00:00
|
|
|
|
inq_certificate (void *opaque, const char *line)
|
|
|
|
|
{
|
|
|
|
|
struct inq_certificate_parm_s *parm = opaque;
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
const char *s;
|
2006-09-06 16:35:52 +00:00
|
|
|
|
int rc;
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
size_t n;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
const unsigned char *der;
|
|
|
|
|
size_t derlen;
|
2004-03-06 20:11:19 +00:00
|
|
|
|
int issuer_mode = 0;
|
2005-04-18 10:44:46 +00:00
|
|
|
|
ksba_sexp_t ski = NULL;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
if ((s = has_leading_keyword (line, "SENDCERT")))
|
2004-03-06 20:11:19 +00:00
|
|
|
|
{
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2004-03-06 20:11:19 +00:00
|
|
|
|
}
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
else if ((s = has_leading_keyword (line, "SENDCERT_SKI")))
|
2005-04-18 10:44:46 +00:00
|
|
|
|
{
|
2005-11-13 19:07:06 +00:00
|
|
|
|
/* Send a certificate where a sourceKeyIdentifier is included. */
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2005-04-18 10:44:46 +00:00
|
|
|
|
ski = make_simple_sexp_from_hexstr (line, &n);
|
|
|
|
|
line += n;
|
|
|
|
|
while (*line == ' ')
|
|
|
|
|
line++;
|
|
|
|
|
}
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
else if ((s = has_leading_keyword (line, "SENDISSUERCERT")))
|
2004-03-06 20:11:19 +00:00
|
|
|
|
{
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2004-03-06 20:11:19 +00:00
|
|
|
|
issuer_mode = 1;
|
|
|
|
|
}
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
else if ((s = has_leading_keyword (line, "ISTRUSTED")))
|
2008-10-21 15:03:51 +00:00
|
|
|
|
{
|
|
|
|
|
/* The server is asking us whether the certificate is a trusted
|
|
|
|
|
root certificate. */
|
|
|
|
|
char fpr[41];
|
|
|
|
|
struct rootca_flags_s rootca_flags;
|
|
|
|
|
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2008-10-21 15:03:51 +00:00
|
|
|
|
|
|
|
|
|
for (s=line,n=0; hexdigitp (s); s++, n++)
|
|
|
|
|
;
|
|
|
|
|
if (*s || n != 40)
|
|
|
|
|
return gpg_error (GPG_ERR_ASS_PARAMETER);
|
|
|
|
|
for (s=line, n=0; n < 40; s++, n++)
|
|
|
|
|
fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
|
|
|
|
|
fpr[n] = 0;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2008-10-21 15:03:51 +00:00
|
|
|
|
if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
|
|
|
|
|
rc = assuan_send_data (parm->ctx, "1", 1);
|
|
|
|
|
else
|
|
|
|
|
rc = 0;
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2004-03-06 20:11:19 +00:00
|
|
|
|
else
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
2018-10-23 12:46:38 +02:00
|
|
|
|
log_error ("unsupported certificate inquiry '%s'\n", line);
|
2006-09-06 16:35:52 +00:00
|
|
|
|
return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!*line)
|
2004-03-06 20:11:19 +00:00
|
|
|
|
{ /* Send the current certificate. */
|
|
|
|
|
der = ksba_cert_get_image (issuer_mode? parm->issuer_cert : parm->cert,
|
|
|
|
|
&derlen);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (!der)
|
2006-09-06 16:35:52 +00:00
|
|
|
|
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
else
|
|
|
|
|
rc = assuan_send_data (parm->ctx, der, derlen);
|
|
|
|
|
}
|
2004-03-06 20:11:19 +00:00
|
|
|
|
else if (issuer_mode)
|
|
|
|
|
{
|
|
|
|
|
log_error ("sending specific issuer certificate back "
|
|
|
|
|
"is not yet implemented\n");
|
2006-09-06 16:35:52 +00:00
|
|
|
|
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
|
2004-03-06 20:11:19 +00:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2004-03-06 20:11:19 +00:00
|
|
|
|
{ /* Send the given certificate. */
|
2003-08-05 17:11:04 +00:00
|
|
|
|
int err;
|
2003-12-17 12:28:24 +00:00
|
|
|
|
ksba_cert_t cert;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2023-02-26 19:11:27 +01:00
|
|
|
|
err = gpgsm_find_cert (parm->ctrl, line, ski, &cert,
|
|
|
|
|
FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("certificate not found: %s\n", gpg_strerror (err));
|
2006-09-06 16:35:52 +00:00
|
|
|
|
rc = gpg_error (GPG_ERR_NOT_FOUND);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
der = ksba_cert_get_image (cert, &derlen);
|
|
|
|
|
if (!der)
|
2006-09-06 16:35:52 +00:00
|
|
|
|
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
else
|
|
|
|
|
rc = assuan_send_data (parm->ctx, der, derlen);
|
|
|
|
|
ksba_cert_release (cert);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-18 10:44:46 +00:00
|
|
|
|
xfree (ski);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return rc;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-02-20 16:19:50 -05:00
|
|
|
|
/* Take a 20 byte hexencoded string and put it into the provided
|
2004-04-05 17:25:21 +00:00
|
|
|
|
20 byte buffer FPR in binary format. */
|
|
|
|
|
static int
|
|
|
|
|
unhexify_fpr (const char *hexstr, unsigned char *fpr)
|
|
|
|
|
{
|
|
|
|
|
const char *s;
|
|
|
|
|
int n;
|
|
|
|
|
|
|
|
|
|
for (s=hexstr, n=0; hexdigitp (s); s++, n++)
|
|
|
|
|
;
|
|
|
|
|
if (*s || (n != 40))
|
|
|
|
|
return 0; /* no fingerprint (invalid or wrong length). */
|
|
|
|
|
for (s=hexstr, n=0; *s; s += 2, n++)
|
|
|
|
|
fpr[n] = xtoi_2 (s);
|
|
|
|
|
return 1; /* okay */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
|
|
|
|
static gpg_error_t
|
2004-04-05 17:25:21 +00:00
|
|
|
|
isvalid_status_cb (void *opaque, const char *line)
|
|
|
|
|
{
|
|
|
|
|
struct isvalid_status_parm_s *parm = opaque;
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
const char *s;
|
2004-04-05 17:25:21 +00:00
|
|
|
|
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
if ((s = has_leading_keyword (line, "PROGRESS")))
|
2004-12-15 14:38:37 +00:00
|
|
|
|
{
|
|
|
|
|
if (parm->ctrl)
|
|
|
|
|
{
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2004-12-17 14:36:16 +00:00
|
|
|
|
if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
|
2006-09-06 16:35:52 +00:00
|
|
|
|
return gpg_error (GPG_ERR_ASS_CANCELED);
|
2004-12-15 14:38:37 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
else if ((s = has_leading_keyword (line, "ONLY_VALID_IF_CERT_VALID")))
|
2004-04-05 17:25:21 +00:00
|
|
|
|
{
|
|
|
|
|
parm->seen++;
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
if (!*s || !unhexify_fpr (s, parm->fpr))
|
2004-04-05 17:25:21 +00:00
|
|
|
|
parm->seen++; /* Bumb it to indicate an error. */
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
/* Call the directory manager to check whether the certificate is valid
|
|
|
|
|
Returns 0 for valid or usually one of the errors:
|
|
|
|
|
|
|
|
|
|
GPG_ERR_CERTIFICATE_REVOKED
|
|
|
|
|
GPG_ERR_NO_CRL_KNOWN
|
|
|
|
|
GPG_ERR_CRL_TOO_OLD
|
2003-12-01 10:54:30 +00:00
|
|
|
|
|
2007-08-10 16:52:05 +00:00
|
|
|
|
Values for USE_OCSP:
|
|
|
|
|
0 = Do CRL check.
|
2018-04-24 11:40:51 +02:00
|
|
|
|
1 = Do an OCSP check but fallback to CRL unless CRLS are disabled.
|
|
|
|
|
2 = Do only an OCSP check using only the default responder.
|
2003-08-05 17:11:04 +00:00
|
|
|
|
*/
|
|
|
|
|
int
|
2004-04-05 17:25:21 +00:00
|
|
|
|
gpgsm_dirmngr_isvalid (ctrl_t ctrl,
|
|
|
|
|
ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
2004-04-07 17:59:18 +00:00
|
|
|
|
static int did_options;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
int rc;
|
2018-04-24 11:40:51 +02:00
|
|
|
|
char *certid, *certfpr;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
char line[ASSUAN_LINELENGTH];
|
|
|
|
|
struct inq_certificate_parm_s parm;
|
2004-04-05 17:25:21 +00:00
|
|
|
|
struct isvalid_status_parm_s stparm;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2021-03-02 19:01:07 +01:00
|
|
|
|
keydb_close_all_files ();
|
|
|
|
|
|
2007-12-12 10:28:30 +00:00
|
|
|
|
rc = start_dirmngr (ctrl);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
|
2018-04-24 11:40:51 +02:00
|
|
|
|
certfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
|
|
|
|
certid = gpgsm_get_certid (cert);
|
|
|
|
|
if (!certid)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
2018-04-24 11:40:51 +02:00
|
|
|
|
log_error ("error getting the certificate ID\n");
|
|
|
|
|
release_dirmngr (ctrl);
|
|
|
|
|
return gpg_error (GPG_ERR_GENERAL);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opt.verbose > 1)
|
|
|
|
|
{
|
|
|
|
|
char *fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1);
|
2003-12-01 10:54:30 +00:00
|
|
|
|
log_info ("asking dirmngr about %s%s\n", fpr,
|
|
|
|
|
use_ocsp? " (using OCSP)":"");
|
2003-08-05 17:11:04 +00:00
|
|
|
|
xfree (fpr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
parm.ctx = dirmngr_ctx;
|
2008-10-21 15:03:51 +00:00
|
|
|
|
parm.ctrl = ctrl;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
parm.cert = cert;
|
2004-03-06 20:11:19 +00:00
|
|
|
|
parm.issuer_cert = issuer_cert;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2004-12-15 14:38:37 +00:00
|
|
|
|
stparm.ctrl = ctrl;
|
2004-04-05 17:25:21 +00:00
|
|
|
|
stparm.seen = 0;
|
|
|
|
|
memset (stparm.fpr, 0, 20);
|
|
|
|
|
|
2004-04-07 17:59:18 +00:00
|
|
|
|
/* It is sufficient to send the options only once because we have
|
2018-04-24 11:40:51 +02:00
|
|
|
|
* one connection per process only. */
|
2004-04-07 17:59:18 +00:00
|
|
|
|
if (!did_options)
|
|
|
|
|
{
|
|
|
|
|
if (opt.force_crl_refresh)
|
|
|
|
|
assuan_transact (dirmngr_ctx, "OPTION force-crl-refresh=1",
|
|
|
|
|
NULL, NULL, NULL, NULL, NULL, NULL);
|
|
|
|
|
did_options = 1;
|
|
|
|
|
}
|
2018-04-24 11:40:51 +02:00
|
|
|
|
snprintf (line, DIM(line), "ISVALID%s%s %s%s%s",
|
|
|
|
|
use_ocsp == 2 || opt.no_crl_check ? " --only-ocsp":"",
|
|
|
|
|
use_ocsp == 2? " --force-default-responder":"",
|
|
|
|
|
certid,
|
|
|
|
|
use_ocsp? " ":"",
|
|
|
|
|
use_ocsp? certfpr:"");
|
2003-08-05 17:11:04 +00:00
|
|
|
|
xfree (certid);
|
2018-04-24 11:40:51 +02:00
|
|
|
|
xfree (certfpr);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
rc = assuan_transact (dirmngr_ctx, line, NULL, NULL,
|
2004-04-05 17:25:21 +00:00
|
|
|
|
inq_certificate, &parm,
|
|
|
|
|
isvalid_status_cb, &stparm);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (opt.verbose > 1)
|
2006-09-06 16:35:52 +00:00
|
|
|
|
log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
|
2004-04-05 17:25:21 +00:00
|
|
|
|
|
|
|
|
|
if (!rc && stparm.seen)
|
|
|
|
|
{
|
|
|
|
|
/* Need to also check the certificate validity. */
|
|
|
|
|
if (stparm.seen != 1)
|
|
|
|
|
{
|
|
|
|
|
log_error ("communication problem with dirmngr detected\n");
|
|
|
|
|
rc = gpg_error (GPG_ERR_INV_CRL);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
ksba_cert_t rspcert = NULL;
|
|
|
|
|
|
2011-07-21 10:24:03 +02:00
|
|
|
|
if (get_cached_cert (dirmngr_ctx, stparm.fpr, &rspcert))
|
2004-04-05 17:25:21 +00:00
|
|
|
|
{
|
2011-07-21 10:24:03 +02:00
|
|
|
|
/* Ooops: Something went wrong getting the certificate
|
|
|
|
|
from the dirmngr. Try our own cert store now. */
|
|
|
|
|
KEYDB_HANDLE kh;
|
|
|
|
|
|
2016-11-10 15:38:14 +01:00
|
|
|
|
kh = keydb_new ();
|
2011-07-21 10:24:03 +02:00
|
|
|
|
if (!kh)
|
|
|
|
|
rc = gpg_error (GPG_ERR_ENOMEM);
|
|
|
|
|
if (!rc)
|
2016-11-10 17:01:19 +01:00
|
|
|
|
rc = keydb_search_fpr (ctrl, kh, stparm.fpr);
|
2011-07-21 10:24:03 +02:00
|
|
|
|
if (!rc)
|
|
|
|
|
rc = keydb_get_cert (kh, &rspcert);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("unable to find the certificate used "
|
|
|
|
|
"by the dirmngr: %s\n", gpg_strerror (rc));
|
|
|
|
|
rc = gpg_error (GPG_ERR_INV_CRL);
|
|
|
|
|
}
|
|
|
|
|
keydb_release (kh);
|
2004-04-05 17:25:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!rc)
|
|
|
|
|
{
|
2004-08-18 14:38:47 +00:00
|
|
|
|
rc = gpgsm_cert_use_ocsp_p (rspcert);
|
2004-04-05 17:25:21 +00:00
|
|
|
|
if (rc)
|
|
|
|
|
rc = gpg_error (GPG_ERR_INV_CRL);
|
|
|
|
|
else
|
|
|
|
|
{
|
2007-08-10 16:52:05 +00:00
|
|
|
|
/* Note the no_dirmngr flag: This avoids checking
|
|
|
|
|
this certificate over and over again. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL,
|
2007-08-10 16:52:05 +00:00
|
|
|
|
VALIDATE_FLAG_NO_DIRMNGR, NULL);
|
2004-04-05 17:25:21 +00:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("invalid certificate used for CRL/OCSP: %s\n",
|
|
|
|
|
gpg_strerror (rc));
|
|
|
|
|
rc = gpg_error (GPG_ERR_INV_CRL);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ksba_cert_release (rspcert);
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-08-08 01:06:48 +00:00
|
|
|
|
release_dirmngr (ctrl);
|
2004-04-05 17:25:21 +00:00
|
|
|
|
return rc;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Lookup helpers*/
|
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
|
|
|
|
static gpg_error_t
|
2003-08-05 17:11:04 +00:00
|
|
|
|
lookup_cb (void *opaque, const void *buffer, size_t length)
|
|
|
|
|
{
|
|
|
|
|
struct lookup_parm_s *parm = opaque;
|
|
|
|
|
size_t len;
|
|
|
|
|
char *buf;
|
2003-12-17 12:28:24 +00:00
|
|
|
|
ksba_cert_t cert;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (parm->error)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (buffer)
|
|
|
|
|
{
|
|
|
|
|
put_membuf (&parm->data, buffer, length);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
/* END encountered - process what we have */
|
|
|
|
|
buf = get_membuf (&parm->data, &len);
|
|
|
|
|
if (!buf)
|
|
|
|
|
{
|
|
|
|
|
parm->error = gpg_error (GPG_ERR_ENOMEM);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2003-11-12 15:17:44 +00:00
|
|
|
|
rc = ksba_cert_new (&cert);
|
|
|
|
|
if (rc)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
2003-11-12 15:17:44 +00:00
|
|
|
|
parm->error = rc;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
rc = ksba_cert_init_from_mem (cert, buf, len);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
2003-11-12 15:17:44 +00:00
|
|
|
|
log_error ("failed to parse a certificate: %s\n", gpg_strerror (rc));
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
parm->cb (parm->cb_value, cert);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ksba_cert_release (cert);
|
|
|
|
|
init_membuf (&parm->data, 4096);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return a properly escaped pattern from NAMES. The only error
|
|
|
|
|
return is NULL to indicate a malloc failure. */
|
|
|
|
|
static char *
|
2006-10-02 11:54:35 +00:00
|
|
|
|
pattern_from_strlist (strlist_t names)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
2006-10-02 11:54:35 +00:00
|
|
|
|
strlist_t sl;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
int n;
|
|
|
|
|
const char *s;
|
|
|
|
|
char *pattern, *p;
|
|
|
|
|
|
|
|
|
|
for (n=0, sl=names; sl; sl = sl->next)
|
|
|
|
|
{
|
|
|
|
|
for (s=sl->d; *s; s++, n++)
|
|
|
|
|
{
|
|
|
|
|
if (*s == '%' || *s == ' ' || *s == '+')
|
|
|
|
|
n += 2;
|
|
|
|
|
}
|
|
|
|
|
n++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = pattern = xtrymalloc (n+1);
|
|
|
|
|
if (!pattern)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2009-06-24 14:03:09 +00:00
|
|
|
|
for (sl=names; sl; sl = sl->next)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
|
|
|
|
for (s=sl->d; *s; s++)
|
|
|
|
|
{
|
|
|
|
|
switch (*s)
|
|
|
|
|
{
|
|
|
|
|
case '%':
|
|
|
|
|
*p++ = '%';
|
|
|
|
|
*p++ = '2';
|
|
|
|
|
*p++ = '5';
|
|
|
|
|
break;
|
|
|
|
|
case ' ':
|
|
|
|
|
*p++ = '%';
|
|
|
|
|
*p++ = '2';
|
|
|
|
|
*p++ = '0';
|
|
|
|
|
break;
|
|
|
|
|
case '+':
|
|
|
|
|
*p++ = '%';
|
|
|
|
|
*p++ = '2';
|
|
|
|
|
*p++ = 'B';
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
*p++ = *s;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*p++ = ' ';
|
|
|
|
|
}
|
|
|
|
|
if (p == pattern)
|
|
|
|
|
*pattern = 0; /* is empty */
|
|
|
|
|
else
|
|
|
|
|
p[-1] = '\0'; /* remove trailing blank */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return pattern;
|
|
|
|
|
}
|
|
|
|
|
|
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
|
|
|
|
static gpg_error_t
|
2003-08-05 17:11:04 +00:00
|
|
|
|
lookup_status_cb (void *opaque, const char *line)
|
|
|
|
|
{
|
|
|
|
|
struct lookup_parm_s *parm = opaque;
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
const char *s;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
if ((s = has_leading_keyword (line, "PROGRESS")))
|
2004-12-15 14:38:37 +00:00
|
|
|
|
{
|
|
|
|
|
if (parm->ctrl)
|
|
|
|
|
{
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2004-12-17 14:36:16 +00:00
|
|
|
|
if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
|
2006-09-06 16:35:52 +00:00
|
|
|
|
return gpg_error (GPG_ERR_ASS_CANCELED);
|
2004-12-15 14:38:37 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
else if ((s = has_leading_keyword (line, "TRUNCATED")))
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
|
|
|
|
if (parm->ctrl)
|
|
|
|
|
{
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
gpgsm_status (parm->ctrl, STATUS_TRUNCATED, line);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-04-01 15:08:57 +00:00
|
|
|
|
/* Run the Directory Manager's lookup command using the pattern
|
2020-04-16 18:01:37 +02:00
|
|
|
|
compiled from the strings given in NAMES or from URI. The caller
|
|
|
|
|
must provide the callback CB which will be passed cert by cert.
|
|
|
|
|
Note that CTRL is optional. With CACHE_ONLY the dirmngr will
|
|
|
|
|
search only its own key cache. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
int
|
2020-04-16 18:01:37 +02:00
|
|
|
|
gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, const char *uri,
|
|
|
|
|
int cache_only,
|
2003-12-17 12:28:24 +00:00
|
|
|
|
void (*cb)(void*, ksba_cert_t), void *cb_value)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
{
|
2003-08-05 17:11:04 +00:00
|
|
|
|
int rc;
|
|
|
|
|
char line[ASSUAN_LINELENGTH];
|
|
|
|
|
struct lookup_parm_s parm;
|
|
|
|
|
size_t len;
|
2008-08-08 01:06:48 +00:00
|
|
|
|
assuan_context_t ctx;
|
2020-04-16 18:01:37 +02:00
|
|
|
|
const char *s;
|
|
|
|
|
|
|
|
|
|
if ((names && uri) || (!names && !uri))
|
|
|
|
|
return gpg_error (GPG_ERR_INV_ARG);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2021-03-02 19:01:07 +01:00
|
|
|
|
keydb_close_all_files ();
|
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
/* The lookup function can be invoked from the callback of a lookup
|
|
|
|
|
function, for example to walk the chain. */
|
2008-10-17 13:12:11 +00:00
|
|
|
|
if (!dirmngr_ctx_locked)
|
2008-08-08 01:06:48 +00:00
|
|
|
|
{
|
|
|
|
|
rc = start_dirmngr (ctrl);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
ctx = dirmngr_ctx;
|
|
|
|
|
}
|
2008-10-17 13:12:11 +00:00
|
|
|
|
else if (!dirmngr2_ctx_locked)
|
2008-08-08 01:06:48 +00:00
|
|
|
|
{
|
|
|
|
|
rc = start_dirmngr2 (ctrl);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
ctx = dirmngr2_ctx;
|
|
|
|
|
}
|
2008-10-17 13:12:11 +00:00
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
log_fatal ("both dirmngr contexts are in use\n");
|
|
|
|
|
}
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2020-04-16 18:01:37 +02:00
|
|
|
|
if (names)
|
2008-08-08 01:06:48 +00:00
|
|
|
|
{
|
2020-04-16 18:01:37 +02:00
|
|
|
|
char *pattern = pattern_from_strlist (names);
|
|
|
|
|
if (!pattern)
|
|
|
|
|
{
|
|
|
|
|
if (ctx == dirmngr_ctx)
|
|
|
|
|
release_dirmngr (ctrl);
|
|
|
|
|
else
|
|
|
|
|
release_dirmngr2 (ctrl);
|
2008-08-08 01:06:48 +00:00
|
|
|
|
|
2020-04-16 18:01:37 +02:00
|
|
|
|
return out_of_core ();
|
|
|
|
|
}
|
|
|
|
|
snprintf (line, DIM(line), "LOOKUP%s %s",
|
|
|
|
|
cache_only? " --cache-only":"", pattern);
|
|
|
|
|
xfree (pattern);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
for (s=uri; *s; s++)
|
|
|
|
|
if (*s <= ' ')
|
|
|
|
|
{
|
|
|
|
|
if (ctx == dirmngr_ctx)
|
|
|
|
|
release_dirmngr (ctrl);
|
|
|
|
|
else
|
|
|
|
|
release_dirmngr2 (ctrl);
|
|
|
|
|
return gpg_error (GPG_ERR_INV_URI);
|
|
|
|
|
}
|
|
|
|
|
snprintf (line, DIM(line), "LOOKUP --url %s", uri);
|
2008-08-08 01:06:48 +00:00
|
|
|
|
}
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
parm.ctrl = ctrl;
|
2008-08-08 01:06:48 +00:00
|
|
|
|
parm.ctx = ctx;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
parm.cb = cb;
|
|
|
|
|
parm.cb_value = cb_value;
|
|
|
|
|
parm.error = 0;
|
|
|
|
|
init_membuf (&parm.data, 4096);
|
|
|
|
|
|
2008-08-08 01:06:48 +00:00
|
|
|
|
rc = assuan_transact (ctx, line, lookup_cb, &parm,
|
2003-08-05 17:11:04 +00:00
|
|
|
|
NULL, NULL, lookup_status_cb, &parm);
|
|
|
|
|
xfree (get_membuf (&parm.data, &len));
|
2008-08-08 01:06:48 +00:00
|
|
|
|
|
|
|
|
|
if (ctx == dirmngr_ctx)
|
|
|
|
|
release_dirmngr (ctrl);
|
|
|
|
|
else
|
|
|
|
|
release_dirmngr2 (ctrl);
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (rc)
|
2008-08-08 01:06:48 +00:00
|
|
|
|
return rc;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return parm.error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2011-07-21 10:24:03 +02:00
|
|
|
|
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
get_cached_cert_data_cb (void *opaque, const void *buffer, size_t length)
|
|
|
|
|
{
|
|
|
|
|
struct membuf *mb = opaque;
|
|
|
|
|
|
|
|
|
|
if (buffer)
|
|
|
|
|
put_membuf (mb, buffer, length);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return a certificate from the Directory Manager's cache. This
|
|
|
|
|
function only returns one certificate which must be specified using
|
|
|
|
|
the fingerprint FPR and will be stored at R_CERT. On error NULL is
|
|
|
|
|
stored at R_CERT and an error code returned. Note that the caller
|
|
|
|
|
must provide the locked dirmngr context CTX. */
|
|
|
|
|
static gpg_error_t
|
|
|
|
|
get_cached_cert (assuan_context_t ctx,
|
|
|
|
|
const unsigned char *fpr, ksba_cert_t *r_cert)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
char line[ASSUAN_LINELENGTH];
|
|
|
|
|
char hexfpr[2*20+1];
|
|
|
|
|
struct membuf mb;
|
|
|
|
|
char *buf;
|
2012-01-03 17:38:24 +01:00
|
|
|
|
size_t buflen = 0;
|
2011-07-21 10:24:03 +02:00
|
|
|
|
ksba_cert_t cert;
|
|
|
|
|
|
|
|
|
|
*r_cert = NULL;
|
|
|
|
|
|
|
|
|
|
bin2hex (fpr, 20, hexfpr);
|
Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
|
|
|
|
snprintf (line, DIM(line), "LOOKUP --single --cache-only 0x%s", hexfpr);
|
2011-07-21 10:24:03 +02:00
|
|
|
|
|
|
|
|
|
init_membuf (&mb, 4096);
|
|
|
|
|
err = assuan_transact (ctx, line, get_cached_cert_data_cb, &mb,
|
|
|
|
|
NULL, NULL, NULL, NULL);
|
|
|
|
|
buf = get_membuf (&mb, &buflen);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
xfree (buf);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
if (!buf)
|
|
|
|
|
return gpg_error (GPG_ERR_ENOMEM);
|
|
|
|
|
|
|
|
|
|
err = ksba_cert_new (&cert);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
xfree (buf);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
err = ksba_cert_init_from_mem (cert, buf, buflen);
|
|
|
|
|
xfree (buf);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("failed to parse a certificate: %s\n", gpg_strerror (err));
|
|
|
|
|
ksba_cert_release (cert);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*r_cert = cert;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
/* Run Command helpers*/
|
|
|
|
|
|
|
|
|
|
/* Fairly simple callback to write all output of dirmngr to stdout. */
|
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
|
|
|
|
static gpg_error_t
|
2003-08-05 17:11:04 +00:00
|
|
|
|
run_command_cb (void *opaque, const void *buffer, size_t length)
|
|
|
|
|
{
|
2008-10-20 13:53:23 +00:00
|
|
|
|
(void)opaque;
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (buffer)
|
|
|
|
|
{
|
|
|
|
|
if ( fwrite (buffer, length, 1, stdout) != 1 )
|
|
|
|
|
log_error ("error writing to stdout: %s\n", strerror (errno));
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Handle inquiries from the dirmngr COMMAND. */
|
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
|
|
|
|
static gpg_error_t
|
2003-08-05 17:11:04 +00:00
|
|
|
|
run_command_inq_cb (void *opaque, const char *line)
|
|
|
|
|
{
|
|
|
|
|
struct run_command_parm_s *parm = opaque;
|
2023-06-19 14:05:22 +02:00
|
|
|
|
gpg_error_t err;
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
const char *s;
|
2006-09-06 16:35:52 +00:00
|
|
|
|
int rc = 0;
|
2023-06-19 14:05:22 +02:00
|
|
|
|
ksba_cert_t cert = NULL;
|
|
|
|
|
ksba_sexp_t ski = NULL;
|
|
|
|
|
const unsigned char *der;
|
|
|
|
|
size_t derlen, n;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
if ((s = has_leading_keyword (line, "SENDCERT")))
|
2023-06-19 14:05:22 +02:00
|
|
|
|
{
|
|
|
|
|
/* Send the given certificate. */
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (!*line)
|
2006-09-06 16:35:52 +00:00
|
|
|
|
return gpg_error (GPG_ERR_ASS_PARAMETER);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2023-02-26 19:11:27 +01:00
|
|
|
|
err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert,
|
|
|
|
|
FIND_CERT_ALLOW_AMBIG);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("certificate not found: %s\n", gpg_strerror (err));
|
2006-09-06 16:35:52 +00:00
|
|
|
|
rc = gpg_error (GPG_ERR_NOT_FOUND);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
der = ksba_cert_get_image (cert, &derlen);
|
|
|
|
|
if (!der)
|
2006-09-06 16:35:52 +00:00
|
|
|
|
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
else
|
|
|
|
|
rc = assuan_send_data (parm->ctx, der, derlen);
|
2023-06-19 14:05:22 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if ((s = has_leading_keyword (line, "SENDCERT_SKI")))
|
|
|
|
|
{
|
|
|
|
|
/* Send a certificate where a sourceKeyIdentifier is included. */
|
|
|
|
|
line = s;
|
|
|
|
|
ski = make_simple_sexp_from_hexstr (line, &n);
|
|
|
|
|
line += n;
|
|
|
|
|
while (*line == ' ')
|
|
|
|
|
line++;
|
|
|
|
|
|
|
|
|
|
err = gpgsm_find_cert (parm->ctrl, line, ski, &cert,
|
|
|
|
|
FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM);
|
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("certificate not found: %s\n", gpg_strerror (err));
|
|
|
|
|
rc = gpg_error (GPG_ERR_NOT_FOUND);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
der = ksba_cert_get_image (cert, &derlen);
|
|
|
|
|
if (!der)
|
|
|
|
|
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
|
|
|
|
|
else
|
|
|
|
|
rc = assuan_send_data (parm->ctx, der, derlen);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
else if ((s = has_leading_keyword (line, "PRINTINFO")))
|
2023-06-19 14:05:22 +02:00
|
|
|
|
{
|
|
|
|
|
/* Simply show the message given in the argument. */
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
log_info ("dirmngr: %s\n", line);
|
|
|
|
|
}
|
2018-10-23 12:46:38 +02:00
|
|
|
|
else if ((s = has_leading_keyword (line, "ISTRUSTED")))
|
|
|
|
|
{
|
|
|
|
|
/* The server is asking us whether the certificate is a trusted
|
|
|
|
|
root certificate. */
|
|
|
|
|
char fpr[41];
|
|
|
|
|
struct rootca_flags_s rootca_flags;
|
|
|
|
|
|
|
|
|
|
line = s;
|
|
|
|
|
|
|
|
|
|
for (s=line,n=0; hexdigitp (s); s++, n++)
|
|
|
|
|
;
|
|
|
|
|
if (*s || n != 40)
|
|
|
|
|
return gpg_error (GPG_ERR_ASS_PARAMETER);
|
|
|
|
|
for (s=line, n=0; n < 40; s++, n++)
|
|
|
|
|
fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
|
|
|
|
|
fpr[n] = 0;
|
|
|
|
|
|
|
|
|
|
if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
|
|
|
|
|
rc = assuan_send_data (parm->ctx, "1", 1);
|
|
|
|
|
else
|
|
|
|
|
rc = 0;
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2003-08-05 17:11:04 +00:00
|
|
|
|
else
|
|
|
|
|
{
|
2018-10-23 12:46:38 +02:00
|
|
|
|
log_error ("unsupported command inquiry '%s'\n", line);
|
2006-09-06 16:35:52 +00:00
|
|
|
|
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
|
2023-06-19 14:05:22 +02:00
|
|
|
|
ksba_cert_release (cert);
|
|
|
|
|
xfree (ski);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return rc;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
|
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-09-23 00:01:25 +00:00
|
|
|
|
static gpg_error_t
|
2003-08-05 17:11:04 +00:00
|
|
|
|
run_command_status_cb (void *opaque, const char *line)
|
|
|
|
|
{
|
2004-12-15 14:38:37 +00:00
|
|
|
|
ctrl_t ctrl = opaque;
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
const char *s;
|
2004-12-15 14:38:37 +00:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (opt.verbose)
|
|
|
|
|
{
|
|
|
|
|
log_info ("dirmngr status: %s\n", line);
|
|
|
|
|
}
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
if ((s = has_leading_keyword (line, "PROGRESS")))
|
2004-12-15 14:38:37 +00:00
|
|
|
|
{
|
|
|
|
|
if (ctrl)
|
|
|
|
|
{
|
Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
|
|
|
|
line = s;
|
2004-12-17 14:36:16 +00:00
|
|
|
|
if (gpgsm_status (ctrl, STATUS_PROGRESS, line))
|
2006-09-06 16:35:52 +00:00
|
|
|
|
return gpg_error (GPG_ERR_ASS_CANCELED);
|
2004-12-15 14:38:37 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Pass COMMAND to dirmngr and print all output generated by Dirmngr
|
|
|
|
|
to stdout. A couple of inquiries are defined (see above). ARGC
|
|
|
|
|
arguments in ARGV are given to the Dirmngr. Spaces, plus and
|
|
|
|
|
percent characters within the argument strings are percent escaped
|
|
|
|
|
so that blanks can act as delimiters. */
|
|
|
|
|
int
|
2006-09-06 16:35:52 +00:00
|
|
|
|
gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
|
2003-08-05 17:11:04 +00:00
|
|
|
|
int argc, char **argv)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
{
|
2003-08-05 17:11:04 +00:00
|
|
|
|
int rc;
|
|
|
|
|
int i;
|
|
|
|
|
const char *s;
|
|
|
|
|
char *line, *p;
|
|
|
|
|
size_t len;
|
|
|
|
|
struct run_command_parm_s parm;
|
|
|
|
|
|
2021-03-02 19:01:07 +01:00
|
|
|
|
keydb_close_all_files ();
|
|
|
|
|
|
2007-12-12 10:28:30 +00:00
|
|
|
|
rc = start_dirmngr (ctrl);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
|
|
|
|
|
2016-11-10 17:01:19 +01:00
|
|
|
|
parm.ctrl = ctrl;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
parm.ctx = dirmngr_ctx;
|
|
|
|
|
|
|
|
|
|
len = strlen (command) + 1;
|
|
|
|
|
for (i=0; i < argc; i++)
|
|
|
|
|
len += 1 + 3*strlen (argv[i]); /* enough space for percent escaping */
|
|
|
|
|
line = xtrymalloc (len);
|
|
|
|
|
if (!line)
|
2008-08-08 01:06:48 +00:00
|
|
|
|
{
|
|
|
|
|
release_dirmngr (ctrl);
|
|
|
|
|
return out_of_core ();
|
|
|
|
|
}
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
p = stpcpy (line, command);
|
|
|
|
|
for (i=0; i < argc; i++)
|
|
|
|
|
{
|
|
|
|
|
*p++ = ' ';
|
|
|
|
|
for (s=argv[i]; *s; s++)
|
|
|
|
|
{
|
|
|
|
|
if (!isascii (*s))
|
|
|
|
|
*p++ = *s;
|
|
|
|
|
else if (*s == ' ')
|
|
|
|
|
*p++ = '+';
|
|
|
|
|
else if (!isprint (*s) || *s == '+')
|
|
|
|
|
{
|
2005-07-20 15:05:05 +00:00
|
|
|
|
sprintf (p, "%%%02X", *(const unsigned char *)s);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
p += 3;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
*p++ = *s;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*p = 0;
|
|
|
|
|
|
|
|
|
|
rc = assuan_transact (dirmngr_ctx, line,
|
|
|
|
|
run_command_cb, NULL,
|
|
|
|
|
run_command_inq_cb, &parm,
|
2004-12-15 14:38:37 +00:00
|
|
|
|
run_command_status_cb, ctrl);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
xfree (line);
|
2006-09-06 16:35:52 +00:00
|
|
|
|
log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
|
2008-08-08 01:06:48 +00:00
|
|
|
|
release_dirmngr (ctrl);
|
2006-09-06 16:35:52 +00:00
|
|
|
|
return rc;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|