1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

624 Commits

Author SHA1 Message Date
Werner Koch
1303b0ed84
gpg: Do not use self-sigs-only for LDAP keyserver imports.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--

I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are.  Thus we
can allow the import of key signature from LDAP keyservers by default.

GnuPG-bug-id: 5387
2021-04-13 14:50:05 +02:00
Werner Koch
55f46b33df
dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
extension.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
hostname - which is NULL and thus the same if not given.  Fix minor
error in error code handling.
--

Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet
been officially regisetered.  Thus for correctness the OID can be
used:

  1.3.6.1.4.1.11591.2.5          LDAP URL extensions
  1.3.6.1.4.1.11591.2.5.1          gpgNtds=1 (auth. with current user)

Note that the value must be 1; all other values won't enable AD
authentication and are resevered for future use.
2021-02-17 17:31:36 +01:00
Werner Koch
cdc828f690
dirmngr: Rewrite a weird function by straighter code.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): Use ascii-memcasecmp.
--

Note that the first test on ldaps or ldaps in the original code did
not worked at all so that the Mixed Case part took over there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-02-17 16:15:59 +01:00
Werner Koch
15bfd189c0
dirmngr: Do not block threads in LDAP keyserver calls.
* dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
--

The former gpgkeys_ldap module has once been ported to dirmngr but
unfortunately the dirmngr_ldap wrapper has not been used so that we
have internal LDAP calls with these problems:

- No usable timeouts.
- On non-Windows platforms a lot of extra libs and possibly even a
  second copy of Libgcrypt is pulled in.
- Only one threads runs at a time.

This patch mitigates the last point.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-18 11:57:44 +01:00
Werner Koch
9e8d299e18
Merge branch 'wk/stable-2.2-global-options' into STABLE-BRANCH-2-2
--
2020-12-18 11:23:01 +01:00
Werner Koch
9b886adba4
dirmngr: Fix backport of the new option parser from 2.3
* dirmngr/dirmngr.c (main) <aGPGConfList>: Re-introduce
gpgconf-dirmngr.conf.
--

Fixes-commit: a028f24136a062f55408a5fec84c6d31201b2143
2020-12-18 11:21:18 +01:00
Werner Koch
559efd23e9
gpg: New AKL method "ntds"
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
* g10/options.h (AKL_NTDS): New.
* g10/keyserver.c (keyserver_import_ntds): New.
(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
* g10/getkey.c (parse_auto_key_locate): Support "ntds".
(get_pubkey_byname): Ditto.
2020-12-17 18:19:01 +01:00
Werner Koch
776bef74c7
dirmngr: Support "ldap:///" for the current AD user.
* dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
2020-12-17 16:09:31 +01:00
Werner Koch
c75fd75532
dirmngr: Allow LDAP searches via fingerprint.
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
serverinfo and allow searching by fingerprint.
(ks_ldap_get, ks_ldap_search): First connect then create teh filter.
--

With the new schema we can finally search by fingerprint.
2020-12-17 11:19:22 +01:00
Werner Koch
c28cb5282b
dirmngr: Store all version 2 schema attributes.
* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
extract-state and schemav2.  Add data for the new schema version.
remove the legacy code to handle UIDs in the "pub" line.
(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from 2.3
2020-12-17 11:08:31 +01:00
Werner Koch
ac8ece9266
dirmngr: Support the new Active Directory schema
* dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
(my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
serverinfo arg.  Set the new info flags.
(ks_ldap_get): Adjust for change.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.  Replace xmalloc by xtrymalloc.  Change the DN
for use with NTDS (aka Active Directory).
--

This is a first take on better Active Directory support.  The main
change for NTDS in the code is that the an top-RDN of CN is used
instead of the old pgpCertID.  More changes to come; for example using
and storing the fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from 2.3 without the new schema samples - they can
be found in the repo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 11:05:46 +01:00
Werner Koch
0e88c73bc9
dirmngr: Do not store the useless pgpSignerID in the LDAP.
* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
--

The pgpSignerID has no use in the LDAP and thus don't store it.
David's idea back in 2004 was
              /* This bit is really for the benefit of people who
                 store their keys in LDAP servers.  It makes it easy
                 to do queries for things like "all keys signed by
                 Isabella".  */
See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5

I consider this dangerous because such a query is not able to validate
the signature, does not get revocation signatures, and also has no
information about the validity of the signatures.  Further many keys
are spammed tehse days with faked signatures and it does not make
sense to blow up the LDAP with such garbage.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 11:02:49 +01:00
Werner Koch
e47de85382
dirmngr: Fix adding keys to an LDAP server.
* dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
addlist.
--

The code used the wrong list which resulting in adding attributes
marked for deletion.  In particular Active Directory does not accept
such an data and rejects them.  The bug was introduced into 2.1 while
porting the code from the old keyserver helpers to dirmngr.

Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 10:23:46 +01:00
Werner Koch
a028f24136
Backport of the new option parser from 2.3
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* common/argparse.c, common/argparse.h: Rewrite.
* tests/gpgscm/main.c: Switch to the new option parser.

* g10/gpg.c: Switch to the new option parser and enable a global conf
file.
* g10/gpgv.c: Ditto.
* agent/gpg-agent.c: Ditto.
* agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c: Ditto.
* scd/scdaemon.c: Ditto.
* dirmngr/dirmngr.c: Ditto.
* dirmngr/dirmngr_ldap.c: Ditto
* dirmngr/dirmngr-client.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto.  Do not force verbose mode.
* sm/gpgsm.c: Ditto. Add option --no-options.
--

This is backport from master

commit cdbe10b762f38449b86da69076209324b0c99982
commit ba463128ce65a0f347643f7246a8e097c5be19f1
commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59

but without changing all functions names to gpgrt.  Instead we use
wrapper functions which, when building against old Libgpg-error
versions, are implemented in argparse.c using code from the current
libgpg-error.  This allows to keep the dependency requirement at
libgpg-error 1.27 to support older distributions.  Tested builds
against 1.27 and 1.40-beta.

Note that g13-syshelp does not anymore default to --verbose because
that can now be enabled in /etc/gnupg/g13-syshelp.conf.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-04 12:12:20 +01:00
Werner Koch
6594dc31f5
gpgconf: Also print revision of libksba.
* dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
string.
(gpgconf_versions): Print ksba revision.
--

The latest Libksba version support retrieving of the revision (commit)
id.  We now use that or print a question mark.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4070f302e4decc8d54d1305cbd30f6dab052ef7e)
2020-11-19 09:12:04 +01:00
Werner Koch
163e4ff195
w32: Support Unicode also for config files etc.
* common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed.   Use
new function in most places where fopen is used.
--

The config files in 2.2 are still read using fopen - we need to change
this to allow Unicode directory names.  There is also one case where
files are written using the old fopen.  The new option parser in 2.3
does not have this problem but at some places fopen is also still used.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-10 12:09:11 +01:00
Werner Koch
5f8123df78
common: New functions gnupg_opendir et al.
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New.  Change all
callers of opendir, readdir, and closedir to use these functions.
--

GnuPG-bug-id: 5098
Backported-from-master: 7e22e08e2ab09cd3c2317f5e80e8ee47d46eff4b
2020-10-23 11:24:09 +02:00
Werner Koch
157030271f
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 18e5dd7b03ced51611c9ba1345cf498a0aaf14a6)
2020-10-23 11:15:59 +02:00
Werner Koch
86e52e3c33
Replace most calls to open by a new wrapper.
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New.  Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--

This is yet another step for full Unicode support on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit 4dcef0e17836e8725c31a3b76f2bf7144345c808)
2020-10-23 10:02:25 +02:00
Werner Koch
dd5fd4a760
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5)
2020-10-21 20:49:18 +02:00
Werner Koch
ffbef54d36
dirmngr: Minor cleanup for better readability.
* dirmngr/ldap.c (start_default_fetch_ldap): Rename to
start_cacert_fetch_ldap and remove arg attr.  Instead use
"cACertificate" directly.
* dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
(start_cert_fetch_ldap): Rename arg for clarity.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-05 17:21:55 +02:00
Werner Koch
c81f02c959
w32: Add manifest files to most binaries
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-02 17:04:12 +02:00
Werner Koch
a298ba02ee
gpgconf: New option --show-versions.
* tools/gpgconf.c: Include exechelp.h.  New option --show-versions.
(get_revision_from_blurb): New.
(show_version_gnupg): New.
(show_version_libgcrypt): New.
(show_version_gpgrt): New.
(show_versions_via_dirmngr): New.
(show_versions): New.
* dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
(get_revision_from_blurb): New.
(gpgconf_versions): New.
--

This option should be helpful to gather information for debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported-from-master: 357ad9ae29677c1676b56d2b81282e2f78ec8040
2020-10-02 12:45:52 +02:00
Werner Koch
a084924d07
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
--

And we also print nicer diagnostics.  The reason we need this is that
for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a
command to dirmngr.  This may results in a SIGPIPE which in turn leads
to an annoying error message from gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 11:05:37 +02:00
Werner Koch
72e04b03b1
dirmngr: Fix the pool keyserver case for a single host in the pool.
* dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
localhost and if there is no pool.
2020-09-10 11:04:46 +02:00
Werner Koch
e4f3b74c91
dirmngr: Align the gnutls use of CAs with the ntbtls code.
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--

The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate.  This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 11:04:15 +02:00
Werner Koch
45499b2ca3
dirmngr: Print the last alert message returned by NTBTLS.
* dirmngr/http.c (send_request): Print the last TLS alert.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-27 09:03:27 +02:00
Werner Koch
829bc3bc60
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:58:52 +02:00
NIIBE Yutaka
f95d923090 w32: Add link to $(NETLIB) for -lws2_32.
* dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
* sm/Makefile.am (gpgsm_LDADD): Ditto.
* tools/Makefile.am (gpg_wks_client_LDADD): Ditto.

--

Cherry-picked master commit of:
	d69f5570ee5e1b099e39fdf64e18add23ff5c815

GnuPG-bug-id: 4994
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 15:10:15 +09:00
NIIBE Yutaka
ce793fc2f8 dirmngr: Handle EAFNOSUPPORT at connect_server.
* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.

--

Cherry-pick from master commit of:
	109d16e8f644da97ed9c00e6f9010a53097f587a

GnuPG-bug-id: 4977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-13 10:04:12 +09:00
Werner Koch
daca1a011b
dirmngr: Silence annoying warning for missing default ldap server file.
* dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
(main): Use that arg for the default file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-02 16:22:29 +02:00
Werner Koch
0795ab1c8f
dirmngr: Fix case handling of "ldapi" scheme.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): s/'i'/'I'.
--

GnuPG-bug-id: 4758
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-02 16:05:40 +02:00
NIIBE Yutaka
ab724d3206 dirmngr: dns: Fix allocation of string buffer in stack.
* dirmngr/dns.h (dns_strsection, dns_strclass)
(dns_strtype): Change APIs.
* dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
(dns_rr_print): Use __dst for dns_strclass and dns_strtype.
(dns_trace_dump): Likewise.
(dns_ai_print): Use __dst for dns_strtype.
(dns_strsection): Add an argument __dst for storage.
(dns_strclass, dns_strtype): Likewise.
(parse_packet): Use __dst for dns_strsection.
(send_query): Use __dst for dns_strtype.
(isection): Use __dst for dns_strsection.
(iclass): Use __dst for dns_strclass.
(itype): Use __dst for dns_strtype.

--

Backport master commit of:
	30eef28bc0f5deaa1b4b7f04293a6527524280a9

GnuPG-bug-id: 4934
Reported-by: Tomas Mraz
Fixes-commit: ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-21 14:37:03 +09:00
Werner Koch
c6324ee07a
common: Change argument order of log_printhex.
* common/logging.c (log_printhex): Chnage order of args.  Make it
printf alike.  Change all callers.
* configure.ac: Add -Wno-format-zero-length
--

This makes it consistent with modern libgpgrt logging and thus eases
back porting from newer GnuPG versions which use libgpgrt logging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-12 18:51:47 +02:00
Werner Koch
3b27c26241
dirmngr: Allow http URLs with "LOOKUP --url"
* dirmngr/crlfetch.c (read_cert_via_http): New.
(fetch_cert_by_url): Implement http scheme.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 18:05:41 +02:00
Werner Koch
ddc74f50d4
sm,dirmngr: Restrict allowed parameters used with rsaPSS.
* sm/certcheck.c (extract_pss_params): Check the used PSS params.
* dirmngr/crlcache.c (finish_sig_check): Ditto.
* dirmngr/validate.c (check_cert_sig): Ditto.
--

GnuPG-bug-id: 4538

# ------------------------ >8 ------------------------
See
https://www.metzdowd.com/pipermail/cryptography/2019-November/035449.html

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:45:58 +02:00
Werner Koch
24d563749f
sm: Support rsaPSS verification also for CMS signatures.
* sm/certcheck.c (gpgsm_check_cert_sig): Factor PSS parsing out to ...
(extract_pss_params): new.
(gpgsm_check_cms_signature): Implement PSS.
--

GnuPG-bug-id: 4538
2020-04-15 15:45:34 +02:00
Werner Koch
8bf17eb94d
dirmngr: Support rsaPSS also in the general validate module.
* dirmngr/validate.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(check_cert_sig): Support rsaPSS.
* sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on
error.
--

Yes, I know that there is a lot of code duplication.  In fact some of
the code is ugly and it would be better if we enhance Libgcrypt to
guarantee that returned memory buffers via gcry_sexp_extract_param are
allways Nul terminated and we should also enhance that function to
directly extract into an unsigned int or char *.

GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:44:37 +02:00
Werner Koch
0626cc8fed
sm,dirmngr: Support rsaPSS signature verification.
* sm/certcheck.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(gpgsm_check_cert_sig): Handle PSS.
* dirmngr/crlcache.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(start_sig_check): Detect PSS and extract hash algo.  New arg to
return a PSS flag.
(finish_sig_check): New arg use_pss.  Extract PSS args and use them.
(crl_parse_insert): Pass use_pss flag along.
--

GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:43:06 +02:00
Werner Koch
25dc0e5b1e
dirmngr: Improve finding OCSP cert.
* dirmngr/certcache.c (find_cert_bysubject): Add better debug output
and try to locate by keyid.
--

This change was suggested in T4536
but we do not have any test cases for this.

GnuPG-bug-id: 4536
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4699e294cc9e59f35262adca26ca291927acca9e)

The bug report meanwhile has a test description but I have not done
the testing yet.  I port this back to 2.2 anyway given that no
regression have been reported for master in nearly a year.
2020-03-18 14:14:00 +01:00
Werner Koch
21d9bd8b87
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:37:34 +01:00
Werner Koch
438a1ec297
dirmngr: Tell gpg about WKD lookups resulting from a cache.
* dirmngr/server.c (proc_wkd_get): Print new NOTE status
"wkd_cached_result".
* g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
verbose mode.
--

This little patch is helpful to see why a WKD change still does not
work after it has been updated on the server.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-07 11:41:51 +01:00
Werner Koch
3efc94f1eb
dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--

For example a

  gpg -v --locate-external-keys dd9jn@posteo.net

now yields

  gpg: Note: server uses an invalid certificate
  gpg: (further info: bad cert for 'posteo.net': \
                      Hostname does not match the certificate)
  gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
  gpg: error reading key: Wrong name

(without -v the "further info" line is not shown).  Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses.  Anyway, this help to show the feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:44:36 +01:00
Werner Koch
4dd5099125
dirmngr: Forward http redirect warnings to gpg.
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--

This should make it easier to diagnose problems with bad WKD servers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:44:33 +01:00
Werner Koch
466bdf7c07
dirmngr: Factor some prototypes out to dirmngr-status.h.
* dirmngr/dirmngr-status.h: New.
* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
to that file.
* dirmngr/t-support.c: New.
* dirmngr/Makefile.am (t_common_src): Add new file.
--

This helps to backport changes from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:44:30 +01:00
Werner Koch
0f37727fca
dirmngr: Fixed typo in recently added diagnostic.
--
2019-11-18 18:44:28 +01:00
Werner Koch
392e068e9f
dirmngr: Use IPv4 or IPv6 interface only if available.
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
--

This currently works only for Windows but that is where users really
ran into problems.  The old workaround was to configure disable-ipv4
or disable-ipv6.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:31:34 +01:00
NIIBE Yutaka
58e234fbeb dirmngr: Don't add system CAs for SKS HKPS pool.
* dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear
add_system_cas.

--

Cherry-picking the master commit of:
	75e0ec65170b7053743406e3f3b605febcf7312a

GnuPG-bug-id: 4594
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-16 10:13:47 +09:00
Daniel Kahn Gillmor
efb6e08ea2
dirmngr: fix handling of HTTPS redirections during HKP
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.

--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>

GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-07-04 16:31:56 +02:00
Werner Koch
d2e8d71251
dirmngr: Avoid endless loop in case of HTTP error 503.
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
(handle_send_request_error): Use it for 503 and 504.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
extra_tries.
--

This is a pretty stupid fix but one which works without much risk of
regressions.  We could have used the existing TRIES but in that case
the fallback to other host would have been too limited.  With the used
value we can have several fallbacks to other hosts.  Note that the
TRIES is still cumulative and not per host.

GnuPG-bug-id: 4600
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 8b113bb148f273524682252233b3c65954e1419e)
2019-07-03 17:40:49 +02:00
Werner Koch
c9b133a54e
dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
same.
--

GnuPG-bug-id: 4603
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 37f0c55c7be3fc4912237f2bc72466aef6f8aa36)
2019-07-03 16:21:45 +02:00
Werner Koch
2c6d94702a
dirmngr: Fix previous commit
--
Ooops, forgot to commit the actual backport part.

GnuPG-bug-id: 4590
Fixes-commit: 458973f502b9a43ecf29e804a2c0c86e78f5927a
2019-07-03 15:43:47 +02:00
Werner Koch
458973f502
dirmngr: Support the new WKD draft with the openpgpkey subdomain.
* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
method.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 914fa3be22bf8848a97a7dd405a040d6ef31e2fd)
2019-07-03 15:33:13 +02:00
Werner Koch
5281ecbe3a
dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
r_produced_at, and r_md.  Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo.  Print a diagnostic if the
signature does not verify.
--

GnuPG-bug-id: 3966
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:31:41 +02:00
Werner Koch
7c4029110a
dirmngr: Add a CSRF expection for pm.me
--

Also comment typo fix.
2019-05-09 14:51:49 +02:00
Werner Koch
48e7977709
dirmngr: Improve domaininfo cache update algorithm.
* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
(insert_or_update): Implement new update algorithm.

--

The old algorithm limited the length of a bucket chain by purging the
last 50% or the entries.  Thus the first domains entered into the
cache were never purged.  The new algorithm is a bit better: It also
limits the chain length on overflow to 50% but tries to keep the
entries indicating that a WKD is available in the cache.  If there is
still space to keep more, those which clearly do not support WKD are
also kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 13:25:48 +02:00
Werner Koch
0a30ce036a
dirmngr: Better error code for http status 413.
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 13:25:31 +02:00
NIIBE Yutaka
a975fd127a
libdns: Don't use _[A-Z] which are reserved names.
* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
reserved "_[A-Z]".

--

GnuPG-bug-id: 4420
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-25 14:42:01 +01:00
NIIBE Yutaka
ee08a15e31
libdns: Avoid using compound literals (8).
* dirmngr/dns.h (dns_quietinit): Remove.
(dns_hints_i_new): Remove.

--

Even before our change, dns_quietinit was questionable macro;  There
was no place in dns.c which requires overrides in initializer list.
Only redundant zero were.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 371ae25f8f6f2d1ac030bf984bca479393a5ed43)
2019-03-07 13:03:26 +01:00
NIIBE Yutaka
4ab0fef5dc
libdns: Avoid using compound literals (7).
* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
automatic variable for opts.
* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
Likewise.

--

In fact, DNS_OPTS_INIT was only needed when args are none.  With
partially specified initialization, C99 guarantees zero-ed other
members just like static object.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d661acd483236d34720a4959fc816d05f89c2cb7)
2019-03-07 13:03:15 +01:00
NIIBE Yutaka
f3af170769
libdns: Avoid using compound literals (6).
* dirmngr/dns.h (dns_rr_i_new): Remove.
(dns_rr_i_init): Remove unused second argument.
* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
(parse_packet): Use automatic variable for struct dns_rr_i.
(dns_d_cname): No need to call dns_rr_i_init after memset 0.
(dns_rr_i_init): Remove unused second argument.  Return nothing.
* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
(getsrv_libdns): Follow the change of dns_rr_i_init.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)
2019-03-07 13:02:59 +01:00
NIIBE Yutaka
500151e6da
libdns: Avoid using compound literals (5).
* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
Call dns_rr_grep with NULL.
* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.

--

Here we still use C99 feature of struct member initialization in
dns_rr_foreach, for struct dns_rr_i.  Note that in C99, it guarantees
non-specified member fields are initialized by zero.  So, there's no
need to use dns_rr_i_new at all.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit a1ccfe2b37847cce0db2fb94a7365c9fa501eda4)
2019-03-07 13:02:48 +01:00
NIIBE Yutaka
229302aecf
libdns: Avoid using compound literals (4).
* dirmngr/dns.h (dns_d_new*): Remove.
* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
variable.
(parse_domain): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)
2019-03-07 13:02:29 +01:00
NIIBE Yutaka
f0de4fc990
libdns: Avoid using compound literals (3).
* dirmngr/dns.h (dns_p_new): Remove.
* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
variable.
(dns_hints_query, dns_res_glue, parse_packet, query_hosts)
(send_query, show_hints, echo_port): Likewise.

--

Implicit automatic allocation by compound literals is confusing
for C90 code.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 72efb7840258808cd892b90d871ea1cc1c31d7f5)
2019-03-07 13:02:05 +01:00
NIIBE Yutaka
ff7d01fc6d
libdns: Avoid using compound literals (2).
* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
(dns_strclass1, dns_strclass3): Remove.
(dns_strtype1, dns_strtype3): Remove.
(dns_strsection, dns_strclass, dns_strtype): Directly use the
function.
* dirmngr/dns.c (dns_strsection): Use automatic variable.
(dns_strclass, dns_strtype): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)
2019-03-07 13:01:47 +01:00
NIIBE Yutaka
1318d1e2d5
libdns: Avoid using compound literals.
* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
variables.
(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.

--

Compound literals is a feature of C99.  Because we only use C90 plus
some limited features, in the project, it's better to avoid it.

Besides, we make sure when it's read-only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 1c405499388fd5bed0968ab5c6c5d1b3373537b9)
2019-03-07 13:01:34 +01:00
Werner Koch
557c721e78
dirmngr: Add CSRF protection exception for protonmail.
* dirmngr/http.c (same_host_p): Add exception table.
--

Please: Adding entries to this table shall be an exception and not the
rule.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 134c3c16523b1a267ebdd2df6339240fd9e1e3b3)
2019-03-07 11:34:59 +01:00
NIIBE Yutaka
7f4c3eb0a0 dirmngr: Fix initialization of assuan's nPth hook.
* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
(thread_init): ... here.

--

Cherry picked master commit of:
	1f8817475f59ede3f28f57edc10ba56bbdd08b49

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-06 16:51:29 +09:00
Werner Koch
21fc089148
Silence compiler warnings new with gcc 8.
* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
* tests/gpgscm/scheme.c: Include gpgrt.h.
(Eval_Cycle): Ignore -Wimplicit-fallthrough.
--

The funny use of case and labels in the CASE macro seems confuse the
fallthrough detection.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-18 09:11:53 +01:00
Werner Koch
e5abdb6da7
dirmngr: Retry another server from the pool on 502, 503, 504.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
http_status and handle it.
(ks_hkp_search): Get http_status froms end_request and pass on to
handle_send_request_error.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--

GnuPG-bug-id: 4175
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 05ef6282784495a77f4faf76c0de5bc85dfecf06)
2018-12-11 13:40:38 +01:00
Werner Koch
b9d71ea64a
dirmngr: New function http_status2string.
* dirmngr/http.c (http_status2string): New.
--

Right now only the standard 5xx codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit dc61f4ecea5c9815cb00aeb25439978337c1fd64)
2018-12-11 13:40:26 +01:00
Werner Koch
4a4bb874f6
dirmngr: Avoid possible CSRF attacks via http redirects.
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--

With this change a http query will not follow a redirect unless the
Location header gives the same host.  If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144)
2018-11-23 09:23:26 +01:00
Andre Heinecke
00321a025f
dirmngr: Add FLUSHCRLs command
Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.

--
This allows it to flush the CRL cache of a running dirmngr
server. This can be useful to debug / analyze CRL issues.

GnuPG-Bug-Id: T3967

Differential Revision: https://dev.gnupg.org/D469

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-11-12 12:42:03 +01:00
Werner Koch
50756927ce
dirmngr: In verbose mode print the OCSP responder id.
* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)
2018-11-05 09:19:39 +01:00
Werner Koch
ab7a907a18
dirmngr: Emit SOURCE status also on NO_DATA.
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--

If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit bee65edfbc8cc2c369e5941cc9d1a01a0519b388)
2018-11-05 09:13:39 +01:00
Werner Koch
5ab58d3001
dirmngr: Fix LDAP port parsing.
* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
--

Reportted-by: Tomas Mraz
GnuPG-bug-id: 4230
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit a3a5a2451924640588e5ecc03a1d4ba6a6ba94a5)
2018-11-05 09:04:32 +01:00
Werner Koch
26ebb15bec
dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--

GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 2b57a8159cdc3b212a4efc68787b40cafcd91ebe)
2018-10-25 17:37:53 +02:00
Andre Heinecke
01baee2b0e
dirmngr: Only print info for no ldapserver file
* dirmngr/dirmngr.c (parse_ldapserver_file): Only print info
for ENOENT.

--
It is very common that there is no ldapserver file. In that
case users are confused by an error printed at dirmngr startup.
2018-10-24 09:17:39 +02:00
Werner Koch
a2bd4a64e5
dirmngr: Prepare for updated WKD specs with ?l= param
* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
request.
--

We append the raw non-canonicalized local address part to the hash.
Servers who serve the requests from static files will ignore the
parameters and a test with posteo shows that also services using a
database ignore the parameter.  The general idea is that service
providers may use their own canonicalization rules.  The problem is
that we currently filter the returned key for the full mail address
and thus we will never see a key if the service did a different
canonicalization than we.  So consider this to be an experiment.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 256a280c51f9ea862e4bfb0bb530c2a96f9088f9)
2018-10-22 20:13:58 +02:00
Werner Koch
38eb7c360b
assuan: Fix exponential decay for first second.
* common/asshelp.c (wait_for_sock): Round SECSLEFT.
* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
mode.
* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
--

Without the rounding we saw in verbose mose

 [...]to come up ... (5s)
 [...]to come up ... (4s)

immediately without the expected one second delay.  Waiting for the
next seconds did not work if nanosleep was used due to improper passed
parameters in gnupg_usleep.

Adding --debug-wait for dirmngr in daemon mode is required to test
this change.

GnuPG-bug-id: 3490
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0cfdd3b57d592fb6baa7dafe8fde124e8a6c7798)
Fixes-commit: 1189df2cd7d4b6896ba22aa204c159ff2a425ead
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28 16:47:38 +02:00
Werner Koch
8a98aa25bb
dirmngr: Validate SRV records in WKD queries.
* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
to mitigate rogue DNS servers.
--

I am not sure wether this really is very useful because the security
relies on a trustworthy DNS system anyway.  However, that check is
easy enough to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ebe727ef596eefebb5eff7d03a98649ffc7ae3ee)
2018-07-29 18:39:49 +02:00
NIIBE Yutaka
cca92ca534 libdns: For SOCKS connection, just fails.
* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
iterate to other server, but return the error immediately.

--

Cherry picked from master commit:
    1aacd12471935a354cfd85ee1805edc7eb16e6c5

In the function libdns_switch_port_p in dns-stuff.c, this patch
allows to fallback using TOR_PORT2 correctly.

Fixes-commit: bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-07-02 10:47:38 +09:00
NIIBE Yutaka
72a35ffee0 libdns: Let kernel to decide the local port.
* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
(dns_socket): Don't select ephemeral port in user space.

--

Cherry picked from master commit:
    861f1da0731bf29dcb9221c4f22c76b40ec15a78

There is no good reason to bind local port aggressively.  It might be
some reason to do so, then, a user can specify it in /etc/resolv.conf
by the second argument of "interface" directive.

At least, it causes a problem on Windows.  Binding a specified port in
user space can trigger the Firewall dialog on Windows.  Since it can
be considered valid question, it is better not to bind with an
ephemeral port which is selected in user space, by default.

GnuPG-bug-id: 3610
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-20 09:14:02 +09:00
NIIBE Yutaka
87d0ecf8a1 libdns: Fix for non-FQDN hostname.
* dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
hostname.

--

Cherry pick from master commit:
    a4a054bf14fa855715faee01a152755c4e2a74f7

GnuPG-bug-id: T3803
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-18 17:27:07 +09:00
NIIBE Yutaka
699fe4b36f libdns: Fix connect and try next nameserver when ECONNREFUSED.
* dirmngr/dns.c (dns_so_check): When EINVAL, release the association
by connect with AF_UNSPEC and try again.  Also try again for
ECONNREFUSED.
(dns_res_exec): Try next nameserver when ECONNREFUSED.

--

Cherry pick from master commit:
    bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93

GnuPG-bug-id: T3374
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-18 17:26:20 +09:00
NIIBE Yutaka
0c05b08e8b libdns: Clear struct sockaddr_storage by zero.
* dirmngr/dns.c (dns_resconf_pton): Clear SS.
(dns_resconf_setiface): Clear ->IFACE.
(dns_hints_root, send_query): Clear SS.

--

Cherry pick from master commit:
    1c0b6681e4f322b88ac35d1f21c03d3cfc35fc23

POSIX requires clear the structure of struct sockaddr_in6.  On macOS,
in some case like bind, it is better to clear even for struct
sockaddr_in.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-18 17:25:49 +09:00
NIIBE Yutaka
20c289606f libdns: Sync to upstream.
* dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.

--

Cherry pick from master commit:
    3e6ad302eaf3a4a9f3e60379133b3dfdbe0e1b2d

Reverting local change, merge upstream's debug-tracing branch.
(commit 21281fc1b63bb74d51762b8e363c49b1a258783d)

Fixes-commit: d4c0187dd93163f12e9f953366adef81ecf526a6
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-18 17:24:57 +09:00
NIIBE Yutaka
13320db678 dirmngr: Fix recursive resolver mode.
* dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.

--

Cherry pick from master commit:
    5b40338f12762cd74238c2d2b3101c33dd2d0ed3

To reproduce an error, run:

    ./t-dns-stuff --debug --recursive-resolver www.gnupg.org

Then, it returns "No name" error.  That's because there was only setup
for root servers, and no setup for recursive query in fact.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-18 17:23:31 +09:00
Werner Koch
007dde93cc
dirmngr: Implement timeout for dirmngr_ldap under Windows.
* dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New.
(set_timeout): Implement for W32.
--

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-02 18:40:01 +02:00
Werner Koch
a598bbeeaf
dirmngr: Sleep in the ldap wrapper thread.
* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
(ldap_reaper_thread): Protect all list modification with a mutex.  Use
a condition var to wake up the reaper thread.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-30 08:46:03 +02:00
Werner Koch
f9fbfc64e4
dirmngr: Use the LDAP wrapper process also for Windows.
* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--

Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows.  Our long term use of the old Window CE wrapper
thing didn't fixed this either.  The new code uses the portable
es_poll function and thus code which is tested at several other
places.  It Should(tm) fix the Windows issues.

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-27 12:05:31 +02:00
Werner Koch
d22506a343
dirmngr: Silence log output from dirmngr_ldap.
* dirmngr/dirmngr_ldap.c: Remove assert.h.
(main): Replace assert by log_assert.
* dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
verbose options to dirmngr_ldap.
(start_cert_fetch_ldap): Ditto.
--

verbose is a pretty common option in dirmngr.conf and it would clutter
the logs with output from dirmngr_ldap.  Now we require DBG_EXTPROG
or DBG_LOOKUP to make dirmngr_ldap more verbose.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-27 11:57:08 +02:00
Werner Koch
5789afc840
dirmngr: Lower the dead host resurrection time to 1.5h
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
(INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
for development.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-26 12:42:55 +02:00
Werner Koch
cc66108253
dirmngr: Fix handling of CNAMEed keyserver pools.
* dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
* dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
--

For a description of the problem see the comment in
make_keyserver_item.

GnuPG-bug-id: 3755
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-26 12:28:53 +02:00
Werner Koch
bb8894760f
dirmngr: Add the used TLS library to the debug output.
* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--

We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:26 +02:00
Werner Koch
1de4462974
dirmngr: Allow redirection from https to http for CRLs
* dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
(KS_HTTP_FETCH_TRUST_CFG): Ditto.
(KS_HTTP_FETCH_NO_CRL): Ditto.
(KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
and extra_http_trust_flags by a new flags arg.  Allow redirectiong
from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
* dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
* dirmngr/ks-action.c (ks_action_get): Ditto.
(ks_action_fetch): Ditto.
* dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 12:38:04 +02:00
Werner Koch
705d8e9cf0
dirmngr: Implement CRL fetching via https.
* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
* dirmngr/http.c (http_register_cfg_ca): New.
(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
* dirmngr/certcache.c (load_certs_from_dir): Call new function.
(cert_cache_deinit): Ditto.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
'send_no_cache' and 'extra_http_trust_flags'.  Change all callers to
provide the default value.
* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
ks_http_fetch.
--

The old code simply did not use https for downloading of CRLS.
Instead it rewrote https to http under the assumption that the CRL
service was also available without encryption.  Note that a CRL is
self-standing and thus it does not need to have extra authenticity as
provided by TLS.  These days we should not use any unencrypted content
and thus this patch.

Be aware that cacert.org give a https CRL DP but that currently
redirects to to http!  This is a downgrade attack which we detect and
don't allow.  The outcome is that it is right now not possible to use
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 12:38:04 +02:00
Werner Koch
460e3812be
dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
OCSP checkibng.  Fallback to CRL if no default OCSP responder has been
configured.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-24 11:40:51 +02:00
Andre Heinecke
64c1fddb25
dirmngr: More binary I/O on Windows for CRLs
* dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
file in binary mode.

--
CRLs on Windows would have line ending entries converted. This
did not cause problems in a surprising amount of cases but
can lead to unexpected and random parse / read errors. Especially
with large CRLs like cacert.

This bug has been around since 2004.

GnuPG-Bug-Id: T3923
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-04-20 15:58:42 +02:00
Werner Koch
bbb5bfacc0
agent,dirmngr: Add "getenv" to the getinfo command.
* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--

It is sometimes helpful to be able to inspect certain envvars in a
running agent.  For example "http_proxy".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 11:25:58 +02:00