mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
df58e024e7
* certpath.c (find_up): Try to retrieve an issuer key from an external source and from the ephemeral key DB. (find_up_store_certs_cb): New. * keydb.c (keydb_set_ephemeral): Does now return the old state. Call the backend only when required. * call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR. (lookup_status_cb): Issue status only when CTRL is not NULL. (gpgsm_dirmngr_lookup): Document that CTRL is optional. * call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
740 lines
17 KiB
C
740 lines
17 KiB
C
/* call-agent.c - divert operations to the agent
|
||
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
|
||
*
|
||
* This file is part of GnuPG.
|
||
*
|
||
* GnuPG is free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 2 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* GnuPG is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program; if not, write to the Free Software
|
||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||
*/
|
||
|
||
#include <config.h>
|
||
#include <stdio.h>
|
||
#include <stdlib.h>
|
||
#include <string.h>
|
||
#include <errno.h>
|
||
#include <unistd.h>
|
||
#include <time.h>
|
||
#include <assert.h>
|
||
#include <gcrypt.h>
|
||
#ifdef HAVE_LOCALE_H
|
||
#include <locale.h>
|
||
#endif
|
||
|
||
#include "gpgsm.h"
|
||
#include "../assuan/assuan.h"
|
||
#include "i18n.h"
|
||
#include "keydb.h" /* fixme: Move this to import.c */
|
||
|
||
static ASSUAN_CONTEXT agent_ctx = NULL;
|
||
static int force_pipe_server = 0;
|
||
|
||
struct cipher_parm_s {
|
||
ASSUAN_CONTEXT ctx;
|
||
const char *ciphertext;
|
||
size_t ciphertextlen;
|
||
};
|
||
|
||
struct genkey_parm_s {
|
||
ASSUAN_CONTEXT ctx;
|
||
const char *sexp;
|
||
size_t sexplen;
|
||
};
|
||
|
||
struct learn_parm_s {
|
||
int error;
|
||
ASSUAN_CONTEXT ctx;
|
||
struct membuf *data;
|
||
};
|
||
|
||
struct membuf {
|
||
size_t len;
|
||
size_t size;
|
||
char *buf;
|
||
int out_of_core;
|
||
};
|
||
|
||
|
||
|
||
/* A simple implemnation of a dynamic buffer. Use init_membuf() to
|
||
create a buffer, put_membuf to append bytes and get_membuf to
|
||
release and return the buffer. Allocation errors are detected but
|
||
only returned at the final get_membuf(), this helps not to clutter
|
||
the code with out of core checks. */
|
||
|
||
static void
|
||
init_membuf (struct membuf *mb, int initiallen)
|
||
{
|
||
mb->len = 0;
|
||
mb->size = initiallen;
|
||
mb->out_of_core = 0;
|
||
mb->buf = xtrymalloc (initiallen);
|
||
if (!mb->buf)
|
||
mb->out_of_core = 1;
|
||
}
|
||
|
||
static void
|
||
put_membuf (struct membuf *mb, const void *buf, size_t len)
|
||
{
|
||
if (mb->out_of_core)
|
||
return;
|
||
|
||
if (mb->len + len >= mb->size)
|
||
{
|
||
char *p;
|
||
|
||
mb->size += len + 1024;
|
||
p = xtryrealloc (mb->buf, mb->size);
|
||
if (!p)
|
||
{
|
||
mb->out_of_core = 1;
|
||
return;
|
||
}
|
||
mb->buf = p;
|
||
}
|
||
memcpy (mb->buf + mb->len, buf, len);
|
||
mb->len += len;
|
||
}
|
||
|
||
static void *
|
||
get_membuf (struct membuf *mb, size_t *len)
|
||
{
|
||
char *p;
|
||
|
||
if (mb->out_of_core)
|
||
{
|
||
xfree (mb->buf);
|
||
mb->buf = NULL;
|
||
return NULL;
|
||
}
|
||
|
||
p = mb->buf;
|
||
*len = mb->len;
|
||
mb->buf = NULL;
|
||
mb->out_of_core = 1; /* don't allow a reuse */
|
||
return p;
|
||
}
|
||
|
||
|
||
|
||
/* Try to connect to the agent via socket or fork it off and work by
|
||
pipes. Handle the server's initial greeting */
|
||
static int
|
||
start_agent (void)
|
||
{
|
||
int rc = 0;
|
||
char *infostr, *p;
|
||
ASSUAN_CONTEXT ctx;
|
||
char *dft_display = NULL;
|
||
char *dft_ttyname = NULL;
|
||
char *dft_ttytype = NULL;
|
||
char *old_lc = NULL;
|
||
char *dft_lc = NULL;
|
||
|
||
if (agent_ctx)
|
||
return 0; /* fixme: We need a context for each thread or serialize
|
||
the access to the agent (which is suitable given that
|
||
the agent is not MT */
|
||
|
||
infostr = force_pipe_server? NULL : getenv ("GPG_AGENT_INFO");
|
||
if (!infostr)
|
||
{
|
||
const char *pgmname;
|
||
const char *argv[3];
|
||
int no_close_list[3];
|
||
int i;
|
||
|
||
if (opt.verbose)
|
||
log_info (_("no running gpg-agent - starting one\n"));
|
||
|
||
if (fflush (NULL))
|
||
{
|
||
log_error ("error flushing pending output: %s\n", strerror (errno));
|
||
return seterr (Write_Error);
|
||
}
|
||
|
||
if (!opt.agent_program || !*opt.agent_program)
|
||
opt.agent_program = GNUPG_DEFAULT_AGENT;
|
||
if ( !(pgmname = strrchr (opt.agent_program, '/')))
|
||
pgmname = opt.agent_program;
|
||
else
|
||
pgmname++;
|
||
|
||
argv[0] = pgmname;
|
||
argv[1] = "--server";
|
||
argv[2] = NULL;
|
||
|
||
i=0;
|
||
if (log_get_fd () != -1)
|
||
no_close_list[i++] = log_get_fd ();
|
||
no_close_list[i++] = fileno (stderr);
|
||
no_close_list[i] = -1;
|
||
|
||
/* connect to the agent and perform initial handshaking */
|
||
rc = assuan_pipe_connect (&ctx, opt.agent_program, (char**)argv,
|
||
no_close_list);
|
||
}
|
||
else
|
||
{
|
||
int prot;
|
||
int pid;
|
||
|
||
infostr = xstrdup (infostr);
|
||
if ( !(p = strchr (infostr, ':')) || p == infostr)
|
||
{
|
||
log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
|
||
xfree (infostr);
|
||
force_pipe_server = 1;
|
||
return start_agent ();
|
||
}
|
||
*p++ = 0;
|
||
pid = atoi (p);
|
||
while (*p && *p != ':')
|
||
p++;
|
||
prot = *p? atoi (p+1) : 0;
|
||
if (prot != 1)
|
||
{
|
||
log_error (_("gpg-agent protocol version %d is not supported\n"),
|
||
prot);
|
||
xfree (infostr);
|
||
force_pipe_server = 1;
|
||
return start_agent ();
|
||
}
|
||
|
||
rc = assuan_socket_connect (&ctx, infostr, pid);
|
||
xfree (infostr);
|
||
if (rc == ASSUAN_Connect_Failed)
|
||
{
|
||
log_error (_("can't connect to the agent - trying fall back\n"));
|
||
force_pipe_server = 1;
|
||
return start_agent ();
|
||
}
|
||
}
|
||
|
||
if (rc)
|
||
{
|
||
log_error ("can't connect to the agent: %s\n", assuan_strerror (rc));
|
||
return seterr (No_Agent);
|
||
}
|
||
agent_ctx = ctx;
|
||
|
||
if (DBG_ASSUAN)
|
||
log_debug ("connection to agent established\n");
|
||
|
||
rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
|
||
dft_display = getenv ("DISPLAY");
|
||
if (opt.display || dft_display)
|
||
{
|
||
char *optstr;
|
||
if (asprintf (&optstr, "OPTION display=%s",
|
||
opt.display ? opt.display : dft_display) < 0)
|
||
return GNUPG_Out_Of_Core;
|
||
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
|
||
NULL);
|
||
free (optstr);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
}
|
||
if (!opt.ttyname && ttyname (1))
|
||
dft_ttyname = ttyname (1);
|
||
if (opt.ttyname || dft_ttyname)
|
||
{
|
||
char *optstr;
|
||
if (asprintf (&optstr, "OPTION ttyname=%s",
|
||
opt.ttyname ? opt.ttyname : dft_ttyname) < 0)
|
||
return GNUPG_Out_Of_Core;
|
||
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
|
||
NULL);
|
||
free (optstr);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
}
|
||
dft_ttytype = getenv ("TERM");
|
||
if (opt.ttytype || (dft_ttyname && dft_ttytype))
|
||
{
|
||
char *optstr;
|
||
if (asprintf (&optstr, "OPTION ttytype=%s",
|
||
opt.ttyname ? opt.ttytype : dft_ttytype) < 0)
|
||
return GNUPG_Out_Of_Core;
|
||
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
|
||
NULL);
|
||
free (optstr);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
}
|
||
#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
|
||
old_lc = setlocale (LC_CTYPE, NULL);
|
||
if (old_lc)
|
||
{
|
||
old_lc = strdup (old_lc);
|
||
if (!old_lc)
|
||
return GNUPG_Out_Of_Core;
|
||
}
|
||
dft_lc = setlocale (LC_CTYPE, "");
|
||
#endif
|
||
if (opt.lc_ctype || (dft_ttyname && dft_lc))
|
||
{
|
||
char *optstr;
|
||
if (asprintf (&optstr, "OPTION lc-ctype=%s",
|
||
opt.lc_ctype ? opt.lc_ctype : dft_lc) < 0)
|
||
rc = GNUPG_Out_Of_Core;
|
||
else
|
||
{
|
||
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
|
||
NULL);
|
||
free (optstr);
|
||
if (rc)
|
||
rc = map_assuan_err (rc);
|
||
}
|
||
}
|
||
#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
|
||
if (old_lc)
|
||
{
|
||
setlocale (LC_CTYPE, old_lc);
|
||
free (old_lc);
|
||
}
|
||
#endif
|
||
if (rc)
|
||
return rc;
|
||
#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
|
||
old_lc = setlocale (LC_MESSAGES, NULL);
|
||
if (old_lc)
|
||
{
|
||
old_lc = strdup (old_lc);
|
||
if (!old_lc)
|
||
return GNUPG_Out_Of_Core;
|
||
}
|
||
dft_lc = setlocale (LC_MESSAGES, "");
|
||
#endif
|
||
if (opt.lc_messages || (dft_ttyname && dft_lc))
|
||
{
|
||
char *optstr;
|
||
if (asprintf (&optstr, "OPTION lc-messages=%s",
|
||
opt.lc_messages ? opt.lc_messages : dft_lc) < 0)
|
||
rc = GNUPG_Out_Of_Core;
|
||
else
|
||
{
|
||
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
|
||
NULL);
|
||
free (optstr);
|
||
if (rc)
|
||
rc = map_assuan_err (rc);
|
||
}
|
||
}
|
||
#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
|
||
if (old_lc)
|
||
{
|
||
setlocale (LC_MESSAGES, old_lc);
|
||
free (old_lc);
|
||
}
|
||
#endif
|
||
|
||
return rc;
|
||
}
|
||
|
||
|
||
static AssuanError
|
||
membuf_data_cb (void *opaque, const void *buffer, size_t length)
|
||
{
|
||
struct membuf *data = opaque;
|
||
|
||
if (buffer)
|
||
put_membuf (data, buffer, length);
|
||
return 0;
|
||
}
|
||
|
||
|
||
|
||
|
||
/* Call the agent to do a sign operation using the key identified by
|
||
the hex string KEYGRIP. */
|
||
int
|
||
gpgsm_agent_pksign (const char *keygrip,
|
||
unsigned char *digest, size_t digestlen, int digestalgo,
|
||
char **r_buf, size_t *r_buflen )
|
||
{
|
||
int rc, i;
|
||
char *p, line[ASSUAN_LINELENGTH];
|
||
struct membuf data;
|
||
size_t len;
|
||
|
||
*r_buf = NULL;
|
||
rc = start_agent ();
|
||
if (rc)
|
||
return rc;
|
||
|
||
if (digestlen*2 + 50 > DIM(line))
|
||
return seterr (General_Error);
|
||
|
||
rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
|
||
snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
|
||
line[DIM(line)-1] = 0;
|
||
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
|
||
sprintf (line, "SETHASH %d ", digestalgo);
|
||
p = line + strlen (line);
|
||
for (i=0; i < digestlen ; i++, p += 2 )
|
||
sprintf (p, "%02X", digest[i]);
|
||
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
|
||
init_membuf (&data, 1024);
|
||
rc = assuan_transact (agent_ctx, "PKSIGN",
|
||
membuf_data_cb, &data, NULL, NULL, NULL, NULL);
|
||
if (rc)
|
||
{
|
||
xfree (get_membuf (&data, &len));
|
||
return map_assuan_err (rc);
|
||
}
|
||
*r_buf = get_membuf (&data, r_buflen);
|
||
|
||
if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
|
||
{
|
||
xfree (*r_buf); *r_buf = NULL;
|
||
return GNUPG_Invalid_Value;
|
||
}
|
||
|
||
return *r_buf? 0 : GNUPG_Out_Of_Core;
|
||
}
|
||
|
||
|
||
|
||
|
||
/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
|
||
assuan_transact talkes care of flushing and writing the end */
|
||
static AssuanError
|
||
inq_ciphertext_cb (void *opaque, const char *keyword)
|
||
{
|
||
struct cipher_parm_s *parm = opaque;
|
||
AssuanError rc;
|
||
|
||
assuan_begin_confidential (parm->ctx);
|
||
rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
|
||
assuan_end_confidential (parm->ctx);
|
||
return rc;
|
||
}
|
||
|
||
|
||
/* Call the agent to do a decrypt operation using the key identified by
|
||
the hex string KEYGRIP. */
|
||
int
|
||
gpgsm_agent_pkdecrypt (const char *keygrip,
|
||
KsbaConstSexp ciphertext,
|
||
char **r_buf, size_t *r_buflen )
|
||
{
|
||
int rc;
|
||
char line[ASSUAN_LINELENGTH];
|
||
struct membuf data;
|
||
struct cipher_parm_s cipher_parm;
|
||
size_t n, len;
|
||
char *buf, *endp;
|
||
size_t ciphertextlen;
|
||
|
||
if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
|
||
return GNUPG_Invalid_Value;
|
||
*r_buf = NULL;
|
||
|
||
ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
|
||
if (!ciphertextlen)
|
||
return GNUPG_Invalid_Value;
|
||
|
||
rc = start_agent ();
|
||
if (rc)
|
||
return rc;
|
||
|
||
rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
|
||
assert ( DIM(line) >= 50 );
|
||
snprintf (line, DIM(line)-1, "SETKEY %s", keygrip);
|
||
line[DIM(line)-1] = 0;
|
||
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
|
||
init_membuf (&data, 1024);
|
||
cipher_parm.ctx = agent_ctx;
|
||
cipher_parm.ciphertext = ciphertext;
|
||
cipher_parm.ciphertextlen = ciphertextlen;
|
||
rc = assuan_transact (agent_ctx, "PKDECRYPT",
|
||
membuf_data_cb, &data,
|
||
inq_ciphertext_cb, &cipher_parm, NULL, NULL);
|
||
if (rc)
|
||
{
|
||
xfree (get_membuf (&data, &len));
|
||
return map_assuan_err (rc);
|
||
}
|
||
|
||
put_membuf (&data, "", 1); /* make sure it is 0 terminated */
|
||
buf = get_membuf (&data, &len);
|
||
if (!buf)
|
||
return seterr (Out_Of_Core);
|
||
/* FIXME: We would better a return a full S-exp and not just a part */
|
||
assert (len);
|
||
len--; /* remove the terminating 0 */
|
||
n = strtoul (buf, &endp, 10);
|
||
if (!n || *endp != ':')
|
||
return seterr (Invalid_Sexp);
|
||
endp++;
|
||
if (endp-buf+n > len)
|
||
return seterr (Invalid_Sexp); /* oops len does not match internal len*/
|
||
memmove (buf, endp, n);
|
||
*r_buflen = n;
|
||
*r_buf = buf;
|
||
return 0;
|
||
}
|
||
|
||
|
||
|
||
|
||
|
||
/* Handle a KEYPARMS inquiry. Note, we only send the data,
|
||
assuan_transact takes care of flushing and writing the end */
|
||
static AssuanError
|
||
inq_genkey_parms (void *opaque, const char *keyword)
|
||
{
|
||
struct genkey_parm_s *parm = opaque;
|
||
AssuanError rc;
|
||
|
||
rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);
|
||
return rc;
|
||
}
|
||
|
||
|
||
|
||
/* Call the agent to generate a newkey */
|
||
int
|
||
gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
|
||
{
|
||
int rc;
|
||
struct genkey_parm_s gk_parm;
|
||
struct membuf data;
|
||
size_t len;
|
||
char *buf;
|
||
|
||
*r_pubkey = NULL;
|
||
rc = start_agent ();
|
||
if (rc)
|
||
return rc;
|
||
|
||
rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
|
||
init_membuf (&data, 1024);
|
||
gk_parm.ctx = agent_ctx;
|
||
gk_parm.sexp = keyparms;
|
||
gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
|
||
if (!gk_parm.sexplen)
|
||
return GNUPG_Invalid_Value;
|
||
rc = assuan_transact (agent_ctx, "GENKEY",
|
||
membuf_data_cb, &data,
|
||
inq_genkey_parms, &gk_parm, NULL, NULL);
|
||
if (rc)
|
||
{
|
||
xfree (get_membuf (&data, &len));
|
||
return map_assuan_err (rc);
|
||
}
|
||
buf = get_membuf (&data, &len);
|
||
if (!buf)
|
||
return GNUPG_Out_Of_Core;
|
||
if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
|
||
{
|
||
xfree (buf);
|
||
return GNUPG_Invalid_Sexp;
|
||
}
|
||
*r_pubkey = buf;
|
||
return 0;
|
||
}
|
||
|
||
|
||
/* Ask the agent whether the certificate is in the list of trusted
|
||
keys */
|
||
int
|
||
gpgsm_agent_istrusted (KsbaCert cert)
|
||
{
|
||
int rc;
|
||
char *fpr;
|
||
char line[ASSUAN_LINELENGTH];
|
||
|
||
rc = start_agent ();
|
||
if (rc)
|
||
return rc;
|
||
|
||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||
if (!fpr)
|
||
{
|
||
log_error ("error getting the fingerprint\n");
|
||
return seterr (General_Error);
|
||
}
|
||
|
||
snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
|
||
line[DIM(line)-1] = 0;
|
||
xfree (fpr);
|
||
|
||
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||
return map_assuan_err (rc);
|
||
}
|
||
|
||
/* Ask the agent to mark CERT as a trusted Root-CA one */
|
||
int
|
||
gpgsm_agent_marktrusted (KsbaCert cert)
|
||
{
|
||
int rc;
|
||
char *fpr, *dn;
|
||
char line[ASSUAN_LINELENGTH];
|
||
|
||
rc = start_agent ();
|
||
if (rc)
|
||
return rc;
|
||
|
||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||
if (!fpr)
|
||
{
|
||
log_error ("error getting the fingerprint\n");
|
||
return seterr (General_Error);
|
||
}
|
||
|
||
dn = ksba_cert_get_issuer (cert, 0);
|
||
if (!dn)
|
||
{
|
||
xfree (fpr);
|
||
return seterr (General_Error);
|
||
}
|
||
snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn);
|
||
line[DIM(line)-1] = 0;
|
||
ksba_free (dn);
|
||
xfree (fpr);
|
||
|
||
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||
return map_assuan_err (rc);
|
||
}
|
||
|
||
|
||
|
||
/* Ask the agent whether the a corresponding secret key is available
|
||
for the given keygrip */
|
||
int
|
||
gpgsm_agent_havekey (const char *hexkeygrip)
|
||
{
|
||
int rc;
|
||
char line[ASSUAN_LINELENGTH];
|
||
|
||
rc = start_agent ();
|
||
if (rc)
|
||
return rc;
|
||
|
||
if (!hexkeygrip || strlen (hexkeygrip) != 40)
|
||
return GNUPG_Invalid_Value;
|
||
|
||
snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
|
||
line[DIM(line)-1] = 0;
|
||
|
||
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
|
||
return map_assuan_err (rc);
|
||
}
|
||
|
||
|
||
static AssuanError
|
||
learn_cb (void *opaque, const void *buffer, size_t length)
|
||
{
|
||
struct learn_parm_s *parm = opaque;
|
||
size_t len;
|
||
char *buf;
|
||
KsbaCert cert;
|
||
int rc;
|
||
|
||
if (parm->error)
|
||
return 0;
|
||
|
||
if (buffer)
|
||
{
|
||
put_membuf (parm->data, buffer, length);
|
||
return 0;
|
||
}
|
||
/* END encountered - process what we have */
|
||
buf = get_membuf (parm->data, &len);
|
||
if (!buf)
|
||
{
|
||
parm->error = GNUPG_Out_Of_Core;
|
||
return 0;
|
||
}
|
||
|
||
|
||
/* FIXME: this should go into import.c */
|
||
cert = ksba_cert_new ();
|
||
if (!cert)
|
||
{
|
||
parm->error = GNUPG_Out_Of_Core;
|
||
return 0;
|
||
}
|
||
rc = ksba_cert_init_from_mem (cert, buf, len);
|
||
if (rc)
|
||
{
|
||
log_error ("failed to parse a certificate: %s\n", ksba_strerror (rc));
|
||
ksba_cert_release (cert);
|
||
parm->error = map_ksba_err (rc);
|
||
return 0;
|
||
}
|
||
|
||
rc = gpgsm_basic_cert_check (cert);
|
||
if (rc)
|
||
log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
|
||
else
|
||
{
|
||
if (!keydb_store_cert (cert, 0))
|
||
log_info ("certificate imported\n");
|
||
}
|
||
|
||
ksba_cert_release (cert);
|
||
init_membuf (parm->data, 4096);
|
||
return 0;
|
||
}
|
||
|
||
/* Call the agent to learn about a smartcard */
|
||
int
|
||
gpgsm_agent_learn ()
|
||
{
|
||
int rc;
|
||
struct learn_parm_s learn_parm;
|
||
struct membuf data;
|
||
size_t len;
|
||
|
||
rc = start_agent ();
|
||
if (rc)
|
||
return rc;
|
||
|
||
init_membuf (&data, 4096);
|
||
learn_parm.error = 0;
|
||
learn_parm.ctx = agent_ctx;
|
||
learn_parm.data = &data;
|
||
rc = assuan_transact (agent_ctx, "LEARN --send",
|
||
learn_cb, &learn_parm,
|
||
NULL, NULL, NULL, NULL);
|
||
xfree (get_membuf (&data, &len));
|
||
if (rc)
|
||
return map_assuan_err (rc);
|
||
return learn_parm.error;
|
||
}
|
||
|