mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
a9979e26a5
storing it. * certpath.c (gpgsm_basic_cert_check): New. * keydb.c (keydb_store_cert): New. * import.c (store_cert): Removed and change all caller to use the new function. * verify.c (store_cert): Ditto. * certlist.c (gpgsm_add_to_certlist): Validate the path * certpath.c (gpgsm_validate_path): Check the trust list. * call-agent.c (gpgsm_agent_istrusted): New.
212 lines
5.1 KiB
C
212 lines
5.1 KiB
C
/* call-dirmngr.c - communication with the dromngr
|
||
* Copyright (C) 2002 Free Software Foundation, Inc.
|
||
*
|
||
* This file is part of GnuPG.
|
||
*
|
||
* GnuPG is free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 2 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* GnuPG is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program; if not, write to the Free Software
|
||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||
*/
|
||
|
||
#include <config.h>
|
||
#include <stdio.h>
|
||
#include <stdlib.h>
|
||
#include <string.h>
|
||
#include <errno.h>
|
||
#include <unistd.h>
|
||
#include <time.h>
|
||
#include <assert.h>
|
||
|
||
#include <gcrypt.h>
|
||
|
||
#include "gpgsm.h"
|
||
#include "../assuan/assuan.h"
|
||
#include "i18n.h"
|
||
|
||
static ASSUAN_CONTEXT dirmngr_ctx = NULL;
|
||
|
||
struct inq_certificate_parm_s {
|
||
ASSUAN_CONTEXT ctx;
|
||
KsbaCert cert;
|
||
};
|
||
|
||
|
||
struct membuf {
|
||
size_t len;
|
||
size_t size;
|
||
char *buf;
|
||
int out_of_core;
|
||
};
|
||
|
||
|
||
|
||
/* Try to connect to the agent via socket or fork it off and work by
|
||
pipes. Handle the server's initial greeting */
|
||
static int
|
||
start_dirmngr (void)
|
||
{
|
||
int rc;
|
||
char *infostr, *p;
|
||
|
||
if (dirmngr_ctx)
|
||
return 0; /* fixme: We need a context for each thread or serialize
|
||
the access to the agent (which is suitable given that
|
||
the agent is not MT */
|
||
|
||
infostr = getenv ("DIRMNGR_INFO");
|
||
if (!infostr)
|
||
{
|
||
const char *pgmname;
|
||
ASSUAN_CONTEXT ctx;
|
||
const char *argv[3];
|
||
|
||
log_info (_("no running dirmngr - starting one\n"));
|
||
|
||
if (fflush (NULL))
|
||
{
|
||
log_error ("error flushing pending output: %s\n", strerror (errno));
|
||
return seterr (Write_Error);
|
||
}
|
||
|
||
if (!opt.dirmngr_program || !*opt.dirmngr_program)
|
||
opt.dirmngr_program = "/usr/sbin/dirmngr";
|
||
if ( !(pgmname = strrchr (opt.dirmngr_program, '/')))
|
||
pgmname = opt.dirmngr_program;
|
||
else
|
||
pgmname++;
|
||
|
||
argv[0] = pgmname;
|
||
argv[1] = "--server";
|
||
argv[2] = NULL;
|
||
|
||
/* connect to the agent and perform initial handshaking */
|
||
rc = assuan_pipe_connect (&ctx, opt.dirmngr_program, (char**)argv, 0);
|
||
if (rc)
|
||
{
|
||
log_error ("can't connect to the dirmngr: %s\n", assuan_strerror (rc));
|
||
return seterr (No_Dirmngr);
|
||
}
|
||
dirmngr_ctx = ctx;
|
||
}
|
||
else
|
||
{
|
||
infostr = xstrdup (infostr);
|
||
if ( !(p = strchr (infostr, ':')) || p == infostr
|
||
/* || (p-infostr)+1 >= sizeof client_addr.sun_path */)
|
||
{
|
||
log_error (_("malformed DIRMNGR_INFO environment variable\n"));
|
||
xfree (infostr);
|
||
return seterr (General_Error);
|
||
}
|
||
*p = 0;
|
||
log_error (_("socket based dirmngr communication not yet implemented\n"));
|
||
return seterr (Not_Implemented);
|
||
}
|
||
|
||
if (DBG_AGENT)
|
||
log_debug ("connection to dirmngr established\n");
|
||
return 0;
|
||
}
|
||
|
||
|
||
|
||
/* Handle a SENDCERT inquiry. */
|
||
static AssuanError
|
||
inq_certificate (void *opaque, const char *line)
|
||
{
|
||
struct inq_certificate_parm_s *parm = opaque;
|
||
AssuanError rc;
|
||
const unsigned char *der;
|
||
size_t derlen;
|
||
|
||
if (!(!strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8])))
|
||
{
|
||
log_error ("unsupported inquiry `%s'\n", line);
|
||
return ASSUAN_Inquire_Unknown;
|
||
}
|
||
line += 8;
|
||
|
||
if (!*line)
|
||
{ /* send the current certificate */
|
||
der = ksba_cert_get_image (parm->cert, &derlen);
|
||
if (!der)
|
||
rc = ASSUAN_Inquire_Error;
|
||
else
|
||
rc = assuan_send_data (parm->ctx, der, derlen);
|
||
}
|
||
else
|
||
{ /* send the given certificate */
|
||
int err;
|
||
KsbaCert cert;
|
||
|
||
err = gpgsm_find_cert (line, &cert);
|
||
if (err)
|
||
{
|
||
log_error ("certificate not found: %s\n", gnupg_strerror (err));
|
||
rc = ASSUAN_Inquire_Error;
|
||
}
|
||
else
|
||
{
|
||
der = ksba_cert_get_image (cert, &derlen);
|
||
if (!der)
|
||
rc = ASSUAN_Inquire_Error;
|
||
else
|
||
rc = assuan_send_data (parm->ctx, der, derlen);
|
||
ksba_cert_release (cert);
|
||
}
|
||
}
|
||
|
||
return rc;
|
||
}
|
||
|
||
|
||
|
||
/* Call the directory manager to check whether the certificate is valid
|
||
Returns 0 for valid or usually one of the errors:
|
||
|
||
GNUPG_Certificate_Revoked
|
||
GNUPG_No_CRL_Known
|
||
GNUPG_CRL_Too_Old
|
||
*/
|
||
int
|
||
gpgsm_dirmngr_isvalid (KsbaCert cert)
|
||
{
|
||
int rc;
|
||
char *certid;
|
||
char line[ASSUAN_LINELENGTH];
|
||
struct inq_certificate_parm_s parm;
|
||
|
||
rc = start_dirmngr ();
|
||
if (rc)
|
||
return rc;
|
||
|
||
certid = gpgsm_get_certid (cert);
|
||
if (!certid)
|
||
{
|
||
log_error ("error getting the certificate ID\n");
|
||
return seterr (General_Error);
|
||
}
|
||
|
||
parm.ctx = dirmngr_ctx;
|
||
parm.cert = cert;
|
||
|
||
snprintf (line, DIM(line)-1, "ISVALID %s", certid);
|
||
line[DIM(line)-1] = 0;
|
||
xfree (certid);
|
||
|
||
rc = assuan_transact (dirmngr_ctx, line, NULL, NULL, inq_certificate, &parm);
|
||
return map_assuan_err (rc);
|
||
}
|
||
|
||
|