/[winpt]/trunk/Src/wptKeyserver.cpp
ViewVC logotype

Contents of /trunk/Src/wptKeyserver.cpp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 214 - (show annotations)
Sun May 14 18:40:36 2006 UTC (18 years, 9 months ago) by twoaday
File size: 35065 byte(s) 
2006-05-14  Timo Schulz  <ts@g10code.de>
                                                                                
        * wptKeyCache.cpp (gpg_keycache_update_attr): Parse
        preferred keyserver URL.
        * wptHTTP.cpp (extractHostInfo): Fix segv.
        * wptGPGUtil.cpp (gpg_find_key_subpacket): Ignore default
        gpg.conf.
        * wptKeyserverSearchDlg.cpp (search_hkp_keys): Do not
        assume an existing user id.
        * wptPassphraseCB.cpp (passphrase_cb): Automatic cancel
        if no passphrase is available.

(for complete list of changes, see Src/ChangeLog)

About to release 0.12.1
1 /* wptKeyserver.cpp - W32 Keyserver Access
2 * Copyright (C) 2000-2006 Timo Schulz
3 * Copyright (C) 2001 Marco Cunha
4 *
5 * This file is part of WinPT.
6 *
7 * WinPT is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 *
12 * WinPT is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with WinPT; if not, write to the Free Software Foundation,
19 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
25
26 #include <windows.h>
27 #include <shlobj.h>
28 #include <stdio.h>
29 #include <sys/stat.h>
30 #include <ctype.h>
31
32 #include "wptKeyserver.h"
33 #include "wptErrors.h"
34 #include "wptTypes.h"
35 #include "wptNLS.h"
36 #include "wptW32API.h"
37 #include "wptGPG.h"
38 #include "wptRegistry.h"
39
40 /* Map net_errno to a winsock error. */
41 #define net_errno ((int)WSAGetLastError ())
42
43
44 keyserver server[MAX_KEYSERVERS] = {0};
45 keyserver_proxy_s proxy = {0};
46 static const char *server_list[] = {
47 "hkp://gnv.us.ks.cryptnet.net",
48 "hkp://keyserver.kjsl.com",
49 "hkp://sks.keyserver.penguin.de",
50 "hkp://subkeys.pgp.net",
51 "ldap://keyserver.pgp.com",
52 NULL
53 };
54
55
56 static char hkp_errmsg[1024]; /* Holds the error message from the server */
57 static int hkp_err = 0; /* != 0 indicates an error occurred. */
58
59 /* Default keyserver and port. */
60 char *default_keyserver = NULL;
61 WORD default_keyserver_port = 0;
62
63 /* Default socket timeout. */
64 static int default_socket_timeout = 6;
65
66
67 /* Wrapper for safe memory allocation. */
68 static char*
69 safe_alloc (DWORD n)
70 {
71 char *p;
72
73 p = new char[n+1];
74 if (!p)
75 BUG (0);
76 memset (p, 0, n);
77 return p;
78 }
79
80 /* Basic64 encode the input @inbuf to @outbuf. */
81 static void
82 base64_encode (const char *inbuf, char *outbuf)
83 {
84 char base64code[] =
85 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
86 int index = 0, temp = 0, res = 0;
87 int i = 0, inputlen = 0, len = 0;
88
89 inputlen = strlen (inbuf);
90 for (i = 0; i < inputlen; i++) {
91 res = temp;
92 res = (res << 8) | (inbuf[i] & 0xFF);
93 switch (index++) {
94 case 0:
95 outbuf[len++] = base64code[res >> 2 & 0x3F];
96 res &= 0x3;
97 break;
98 case 1:
99 outbuf[len++] = base64code[res >> 4 & 0x3F];
100 res &= 0xF;
101 break;
102 case 2:
103 outbuf[len++] = base64code[res >> 6 & 0x3F];
104 outbuf[len++] = base64code[res & 0x3F];
105 res = index = 0;
106 break;
107 }
108 temp = res;
109 }
110
111 if (index == 2) {
112 outbuf[len++] = base64code[temp << 2 & 0x3F];
113 outbuf[len++] = '=';
114 }
115 else if (index == 1) {
116 outbuf[len++] = base64code[temp << 4 & 0x3F];
117 outbuf[len++] = '=';
118 outbuf[len++] = '=';
119 }
120
121 outbuf[len] = '\0';
122 }
123
124
125 /* Skip the URL schema and return only the host part of it. */
126 static const char*
127 skip_type_prefix (const char *hostname)
128 {
129 if (hostname && !strncmp (hostname, "http://", 7))
130 hostname += 7;
131 else if (hostname && !strncmp (hostname, "hkp://", 6))
132 hostname += 6;
133 else if (hostname && !strncmp (hostname, "finger://", 9))
134 hostname += 9;
135 else if (hostname && !strncmp (hostname, "ldap://", 7))
136 hostname += 7;
137 return hostname;
138 }
139
140
141 /* Check that the keyserver response indicates an OK.
142 Return 0 on success. */
143 static int
144 check_hkp_response (const char *resp, int recv)
145 {
146 char *p, *end;
147 int ec, len;
148
149 ec = recv ? WPTERR_WINSOCK_RECVKEY : WPTERR_WINSOCK_SENDKEY;
150 if (!strstr (resp, "HTTP/1.0 200 OK") &&
151 !strstr (resp, "HTTP/1.1 200 OK")) /* http error */
152 return ec;
153 if (strstr (resp, "Public Key Server -- Error")
154 || strstr (resp, "Public Key Server -- Error")
155 || strstr (resp, "No matching keys in database")) {
156 p = strstr (resp, "<p>");
157 if (p && strlen (p) < sizeof (hkp_errmsg)) {
158 end = strstr (p, "</p>");
159 len = end? (end - p + 1) : strlen (p);
160 memset (hkp_errmsg, 0, sizeof (hkp_errmsg));
161 strncpy (hkp_errmsg, p, len);
162 hkp_err = 1;
163 }
164 return ec;
165 }
166 return 0;
167 }
168
169
170 /* Read a single line (\r\n) from a socket.
171 Return 0 on success. */
172 static int
173 sock_getline (int fd, char *buf, int buflen, int *nbytes)
174 {
175 char ch;
176 int nread = 0;
177
178 if (nbytes)
179 *nbytes = 0;
180 *buf = 0;
181 while (recv (fd, &ch, 1, 0) > 0) {
182 *buf++ = ch;
183 nread++;
184 if (ch == '\r')
185 continue; /* remove this char. */
186 if (ch == '\n' || nread == (buflen - 1)) {
187 *buf = 0;
188 if (nbytes)
189 *nbytes = nread;
190 return 0;
191 }
192 }
193
194 return -1;
195 }
196
197
198 /* Perform a select() on the given fd to find out
199 is there is data for reading. Wait at least @nsecs seconds. */
200 static int
201 sock_select (int fd, int nsecs)
202 {
203 FD_SET rfd;
204 timeval tv = {nsecs, 0};
205
206 FD_ZERO (&rfd);
207 FD_SET (fd, &rfd);
208 if (select (fd + 1, &rfd, NULL, NULL, &tv) == SOCKET_ERROR) {
209 log_debug ("sock_select: select() failed ec=%d.\r\n", net_errno);
210 return SOCKET_ERROR;
211 }
212 if (FD_ISSET (fd, &rfd))
213 return 1;
214 return 0;
215 }
216
217
218 /* Read from a socket @fd to buffer @buf with a fixed timeout
219 of 10 seconds. The amount of bytes which were read are
220 returned in @nbytes.
221 Return value: 0 on success. */
222 static int
223 sock_read (int fd, char *buf, int buflen, int *nbytes)
224 {
225 DWORD nread;
226 int nleft = buflen;
227 int rc, n = 0;
228
229 if (nbytes)
230 *nbytes = 0;
231 while (nleft > 0) {
232 if (n >= default_socket_timeout)
233 return WPTERR_WINSOCK_TIMEOUT;
234 rc = sock_select (fd, 1);
235 if (rc == SOCKET_ERROR)
236 return rc;
237 else if (!rc)
238 n++;
239 else {
240 nread = recv (fd, buf, nleft, 0);
241 if (nread == SOCKET_ERROR) {
242 log_debug ("sock_read: recv() failed ec=%d.\r\n", net_errno);
243 return SOCKET_ERROR;
244 }
245 else if (!nread)
246 break;
247 nleft -= nread;
248 buf += nread;
249 }
250 }
251 if (nbytes)
252 *nbytes = buflen - nleft;
253
254 return 0;
255 }
256
257
258 /* Helper to create a string from the gpgme data and
259 then release the gpgme data object. */
260 char*
261 data_release_and_get_mem (gpgme_data_t in, int *r_bufferlen)
262 {
263 size_t n;
264 char *buffer, *p;
265
266 gpg_data_putc (in, '\0');
267 p = gpgme_data_release_and_get_mem (in, &n);
268 buffer = m_strdup (p);
269 if (r_bufferlen)
270 *r_bufferlen = (int)n;
271 gpgme_free (p);
272 return buffer;
273 }
274
275
276 /* Read much data as possible from the socket @fd and
277 return the data in @buffer. Caller must free data.
278 Return value: 0 on success. */
279 int
280 sock_read_ext (int fd, char **buffer, int *r_bufferlen)
281 {
282 gpgme_data_t dh;
283 char buf[1024];
284 size_t n=0;
285 int nread, rc;
286
287 if (gpgme_data_new (&dh))
288 BUG (0);
289 while (n < 10) {
290 rc = sock_select (fd, 1);
291 if (rc == SOCKET_ERROR) {
292 gpgme_data_release (dh);
293 return rc;
294 }
295 else if (!rc)
296 n++;
297 else {
298 nread = recv (fd, buf, sizeof (buf), 0);
299 if (nread == SOCKET_ERROR)
300 return SOCKET_ERROR;
301 else if (!nread)
302 break;
303 gpgme_data_write (dh, buf, nread);
304 }
305 }
306
307 *buffer = data_release_and_get_mem (dh, r_bufferlen);
308 return 0;
309 }
310
311
312 /* Write the buffer @buf with the length @buflen to a socket @fd. */
313 static int
314 sock_write (int fd, const char *buf, int buflen)
315 {
316 DWORD nwritten;
317 int nleft = buflen;
318
319 while (nleft > 0) {
320 nwritten = send (fd, buf, nleft, 0);
321 if (nwritten == SOCKET_ERROR) {
322 log_debug ("sock_write: send() failed ec=%d\r\n", net_errno);
323 return SOCKET_ERROR;
324 }
325 nleft -= nwritten;
326 buf += nwritten;
327 }
328
329 return 0;
330 }
331
332
333 /* Initialize the Winsock2 interface.*/
334 int
335 wsock_init (void)
336 {
337 WSADATA wsa;
338
339 if (WSAStartup (0x202, &wsa)) {
340 log_debug ("wsock_init: WSAStartup failed ec=%d\r\n", net_errno);
341 return WPTERR_WINSOCK_INIT;
342 }
343 return 0;
344 }
345
346
347 /* Cleanup the Winsock2 interface. */
348 void
349 wsock_end (void)
350 {
351 char *p;
352 int i;
353
354 p = make_special_filename (CSIDL_APPDATA, "winpt\\keyserver.conf", NULL);
355 kserver_save_conf (p);
356 free_if_alloc (p);
357 free_if_alloc (default_keyserver);
358 for (i=0; i < MAX_KEYSERVERS; i++) {
359 if (server[i].used && server[i].name != NULL)
360 free_if_alloc (server[i].name);
361 }
362 kserver_proxy_release (&proxy);
363 WSACleanup ();
364 }
365
366
367 /* Return a string representation of a winsock error. */
368 const char*
369 wsock_strerror (void)
370 {
371 int ec = WSAGetLastError ();
372
373 if (!ec)
374 return "";
375 switch (ec) {
376 case WSAENETDOWN:
377 return _("Network unreachable");
378
379 case WSAEHOSTUNREACH:
380 return _("Host unreachable");
381
382 case WSAHOST_NOT_FOUND:
383 return _("Could not resolve host name");
384
385 case WSAECONNREFUSED:
386 return _("Connection refused");
387
388 case WSAETIMEDOUT:
389 case WSAECONNABORTED:
390 return _("Connection timeout");
391
392 case WSAENETRESET:
393 case WSAECONNRESET:
394 return _("Connection resetted by peer");
395
396 case WSAESHUTDOWN:
397 return _("Socket has been shutdown");
398
399 default:
400 break;
401 }
402
403 return "";
404 }
405
406
407 /* Set default socket timeout for all reading operations. */
408 void
409 kserver_set_socket_timeout (int nsec)
410 {
411 if (nsec < 0)
412 nsec = 0;
413 default_socket_timeout = nsec;
414 }
415
416
417 /* Return the last keyserver error as a string. */
418 const char*
419 kserver_strerror (void)
420 {
421 if (hkp_err)
422 return hkp_errmsg;
423 return NULL;
424 }
425
426
427 /* Read a keyserver from the list at index @idx.
428 Return value: keyserver name at the given position. */
429 const char*
430 kserver_get_hostname (int idx, int type, WORD *port)
431 {
432 if (type == -1) {
433 *port = default_keyserver_port;
434 return default_keyserver;
435 }
436 else if (!type && idx < DIM (server_list)) {
437 *port = HKP_PORT;
438 return server_list[idx];
439 }
440 return NULL;
441 }
442
443
444 /* Check if the computer is connected to the internet.
445 Return 0 on success -1 otherwise. */
446 int
447 kserver_check_inet_connection (void)
448 {
449 int fd;
450
451 if (!kserver_connect (default_keyserver, default_keyserver_port, &fd)) {
452 closesocket (fd);
453 return 0;
454 }
455 return -1;
456 }
457
458
459 /* If the request contains the keyid, it have to be
460 always postfix with '0x'+keyid. This code checks
461 if the keyid is a decimal value and if so if it contains
462 the '0x'. If not it is inserted. */
463 const char*
464 kserver_check_keyid (const char *keyid)
465 {
466 static char id[21];
467
468 if (strstr (keyid, "@"))
469 return keyid; /* email address */
470 if (strncmp (keyid, "0x", 2)) {
471 memset (&id, 0, sizeof (id));
472 _snprintf (id, sizeof (id)-1, "0x%s", keyid);
473 return id;
474 }
475 return keyid;
476 }
477
478
479 /* Update the keyserver proxy user. */
480 static void
481 update_proxy_user (const char *proxy_user, const char *proxy_pass)
482 {
483 char t[257]; /* user:pass = 127+1+127+1 = 257 */
484 int n = 0;
485
486 n = 4*strlen (proxy_user) / 3 + 32 + strlen (proxy_pass) + 2;
487 free_if_alloc (proxy.base64_user);
488 proxy.base64_user = safe_alloc (n+1);
489 _snprintf (t, sizeof (t)-1, "%s:%s", proxy_user, proxy_pass);
490 base64_encode (t, proxy.base64_user);
491 free_if_alloc (proxy.user);
492 free_if_alloc (proxy.pass);
493 proxy.user = m_strdup (proxy_user);
494 proxy.pass = m_strdup (proxy_pass);
495 }
496
497
498 /* Check that the given buffer contains a valid keyserver URL. */
499 static int
500 check_URL (const char * buf)
501 {
502 if (strlen (buf) < 7)
503 return -1;
504 if (!strstr (buf, "ldap://")
505 && !strstr (buf, "http://")
506 && !strstr (buf, "finger://")
507 && !strstr (buf, "hkp://"))
508 return -1;
509 return 0;
510 }
511
512
513 /* Get the port number from the given protocol. */
514 static int
515 port_from_proto (int proto)
516 {
517 switch (proto) {
518 case KSPROTO_LDAP: return 0;
519 case KSPROTO_FINGER: return FINGER_PORT;
520 case KSPROTO_HTTP: return HKP_PORT;
521 }
522 return 0;
523 }
524
525
526 /* Get the port number from the given URL. */
527 static int
528 proto_from_URL (const char *buf)
529 {
530 if (strstr (buf, "ldap"))
531 return KSPROTO_LDAP;
532 else if (strstr( buf, "finger"))
533 return KSPROTO_FINGER;
534 return KSPROTO_HKP;
535 }
536
537
538 void
539 keyserver_set_default (const char *hostname, WORD port)
540 {
541 if (hostname != NULL) {
542 free_if_alloc (default_keyserver);
543 default_keyserver = m_strdup (hostname);
544 default_keyserver_port = port;
545 }
546 if (!port)
547 port = HKP_PORT;
548 if (!default_keyserver)
549 default_keyserver = m_strdup (DEF_HKP_KEYSERVER);
550 server[0].name = m_strdup (default_keyserver);
551 server[0].used = 1;
552 server[0].port = port;
553 server[0].proto = proto_from_URL (default_keyserver);
554 }
555
556
557 /* Skip all kind of whitespace chars in @str. */
558 static const char*
559 skip_whitespace (const char *str)
560 {
561 while (str && *str) {
562 if (*str == ' ' ||
563 *str == '\t' ||
564 *str == '\n' ||
565 *str == '\r') {
566 str++;
567 continue;
568 }
569 break;
570 }
571 return str;
572 }
573
574
575 /* Save the keyserver config file in @conf. */
576 int
577 kserver_save_conf (const char *conf)
578 {
579 FILE *fp;
580 int pos;
581
582 fp = fopen (conf, "wb");
583 if (!fp) {
584 msg_box (NULL, _("Could not save keyserver.conf file"),
585 _("Keyserver"), MB_ERR);
586 return -1;
587 }
588
589 fprintf (fp, "# do NOT manually modify this file, it will be "
590 "generated automatically!!\r\n");
591 for (pos = 0; pos < MAX_KEYSERVERS; pos++) {
592 if (!server[pos].used)
593 continue;
594 fprintf (fp, "%s:%d\r\n", server[pos].name, server[pos].port);
595 }
596 fclose (fp);
597 return 0;
598 }
599
600
601 /* Load the keyserver config file @conf. */
602 int
603 kserver_load_conf (const char *conf)
604 {
605 FILE *fp;
606 char buf[1024], *s, *p;
607 char *user = NULL, *pass = NULL;
608 int no_config=0, chk_pos=0;
609 int pos;
610
611 for (pos = 0; pos < MAX_KEYSERVERS; pos++) {
612 server[pos].used = 0;
613 server[pos].port = HKP_PORT;
614 }
615
616 fp = fopen (conf, "rb");
617 if (!fp) {
618 for (pos = 0; server_list[pos]; pos++) {
619 server[pos].used = 1;
620 server[pos].name = m_strdup (server_list[pos]);
621 server[pos].proto = proto_from_URL (server_list[pos]);
622 }
623 no_config=1;
624 }
625 get_reg_proxy_prefs (&proxy);
626 if (user && pass)
627 update_proxy_user (user, pass);
628 else if (user && !pass || !user && pass) {
629 msg_box (NULL, _("Invalid proxy configuration."
630 "You need to set a user and a password"
631 "to use proxy authentication!"),
632 _("Proxy Error"), MB_ERR);
633 }
634 /* check if the host has a http:// prefix and skip it */
635 if (proxy.host && !strncmp (proxy.host, "http://", 7)) {
636 char *host = m_strdup (proxy.host+7);
637 free_if_alloc (proxy.host);
638 proxy.host = host;
639 }
640 free_if_alloc (user);
641 free_if_alloc (pass);
642
643 pos = 0;
644 while (fp && !feof (fp)) {
645 s = fgets (buf, sizeof (buf)-1, fp);
646 if (!s)
647 break;
648 if (strstr (buf, "\r\n"))
649 buf[strlen (buf)-2] = '\0';
650 if (strstr (buf, "\n"))
651 buf[strlen (buf)-1] = '\0';
652 s = (char *)skip_whitespace (buf);
653 if (*s == '#' || strlen (s) < 7)
654 continue;
655 if (check_URL (s)) {
656 msg_box (NULL, _("All entries of this file must have a valid prefix.\n"
657 "Currently HKP/HTTP, LDAP and FINGER are supported.\n"),
658 _("Keyserver Error"), MB_ERR);
659 continue;
660 }
661 chk_pos = 6;
662 if (strstr (s, "finger"))
663 chk_pos = 10;
664 p = strchr (s+chk_pos, ':');
665 server[pos].used = 1;
666 server[pos].proto = proto_from_URL (s);
667 server[pos].port = port_from_proto (server[pos].proto);
668 if (!p)
669 server[pos].name = m_strdup (s);
670 else {
671 server[pos].port = atol (p+1);
672 if (server[pos].port < 0 || server[pos].port > 65536)
673 server[pos].port = HKP_PORT;
674 server[pos].name = safe_alloc ((p-s)+2);
675 memset (server[pos].name, 0, (p-s)+2);
676 memcpy (server[pos].name, s, (p-s));
677 }
678 pos++;
679 if (pos > MAX_KEYSERVERS) {
680 msg_box (NULL, _("The keyserver limit is exceeded"),
681 _("Keyserver Warning"), MB_INFO);
682 break;
683 }
684 }
685 if (fp)
686 fclose (fp);
687 if (!pos) {
688 /* only issue an error if the config file exist but
689 it has no valid entries. */
690 keyserver_set_default (NULL, HKP_PORT);
691 if (!no_config)
692 return WPTERR_CONFIG_FILE;
693 }
694
695 return 0;
696 }
697
698
699 /* Connect to the keyserver @hostname (port @port).
700 Return value: 0 on success */
701 int
702 kserver_connect (const char *hostname, WORD port, int *conn_fd)
703 {
704 struct hostent *hp;
705 struct sockaddr_in sock;
706 char host[128] = {0};
707 DWORD iaddr;
708 int rc, fd;
709
710 log_debug ("kserver_connect: %s:%d\r\n", hostname, port);
711
712 if (!port)
713 port = HKP_PORT;
714 if (conn_fd)
715 *conn_fd = 0;
716 hostname = skip_type_prefix (hostname);
717
718 if (proxy.host && proxy.proto == PROXY_PROTO_HTTP)
719 port = proxy.port;
720 memset (&sock, 0, sizeof (sock));
721 sock.sin_family = AF_INET;
722 sock.sin_port = htons (port);
723 if (proxy.host)
724 strncpy (host, proxy.host, 127);
725 else
726 strncpy (host, hostname, 127);
727
728 if ((iaddr = inet_addr (host)) != INADDR_NONE)
729 memcpy (&sock.sin_addr, &iaddr, sizeof (iaddr));
730 else if ((hp = gethostbyname (host))) {
731 if (hp->h_addrtype != AF_INET || hp->h_length != 4) {
732 log_debug ("gethostbyname: unknown address type.\r\n");
733 return WPTERR_WINSOCK_RESOLVE;
734 }
735 memcpy (&sock.sin_addr, hp->h_addr, hp->h_length);
736 }
737 else {
738 log_debug ("gethostbyname: failed ec=%d.\r\n", net_errno);
739 return WPTERR_WINSOCK_RESOLVE;
740 }
741 fd = socket (AF_INET, SOCK_STREAM, 0);
742 if (fd == INVALID_SOCKET)
743 return WPTERR_WINSOCK_SOCKET;
744 rc = connect (fd, (struct sockaddr *) &sock, sizeof (sock));
745 if (rc == SOCKET_ERROR) {
746 log_debug ("connect: failed ec=%d.\r\n", net_errno);
747 closesocket (fd);
748 return WPTERR_WINSOCK_CONNECT;
749 }
750
751 if (proxy.proto == PROXY_PROTO_SOCKS5) {
752 rc = socks_handshake (&proxy, fd, hostname, port);
753 if (rc) {
754 closesocket (fd);
755 return WPTERR_GENERAL; /* XXX: use better code. */
756 }
757 }
758
759 if (conn_fd)
760 *conn_fd = fd;
761 WSASetLastError (0);
762 return 0;
763 }
764
765
766 static bool
767 URL_must_encoded (const char *url)
768 {
769 if (strchr (url, '.') || strchr (url, '@') || strchr (url, ' '))
770 return true;
771 return false;
772 }
773
774
775 /* Perform URL encoding of the given data. */
776 static char*
777 URL_encode (const char *url, DWORD ulen, DWORD *ret_nlen)
778 {
779 gpgme_data_t hd;
780 char numbuf[5], *p;
781 size_t i;
782 int nlen;
783
784 if (gpgme_data_new (&hd))
785 BUG (0);
786 for (i=0; i < ulen; i++) {
787 if (isalnum (url[i]) || url[i] == '-')
788 gpg_data_putc (hd, url[i]);
789 else if (url[i] == ' ')
790 gpg_data_putc (hd, '+');
791 else {
792 sprintf (numbuf, "%%%02X", url[i]);
793 gpgme_data_write (hd, numbuf, strlen (numbuf));
794 }
795 }
796
797 p = data_release_and_get_mem (hd, &nlen);
798 if (ret_nlen)
799 *ret_nlen = nlen;
800 return p;
801 }
802
803
804 /* Format a request for the given keyid (send). */
805 static char*
806 kserver_send_request (const char *hostname, WORD port,
807 const char *pubkey, DWORD octets)
808 {
809 const char *fmt;
810 char *request;
811 char *enc_pubkey;
812 DWORD enc_octets;
813 int reqlen;
814
815 log_debug ("kserver_send_request: %s:%d\r\n", hostname, port);
816
817 if (!port)
818 port = HKP_PORT;
819 enc_pubkey = URL_encode (pubkey, octets, &enc_octets);
820 reqlen = 2*strlen (hostname) + 2*32/*port*/ + enc_octets + 32 /*len*/ + 1;
821
822 if (proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
823 fmt = "POST http://%s:%d/pks/add HTTP/1.0\r\n"
824 "Referer: \r\n"
825 "User-Agent: WinPT/W32\r\n"
826 "Host: %s:%d\r\n"
827 "Proxy-Authorization: Basic %s\r\n"
828 "Content-type: application/x-www-form-urlencoded\r\n"
829 "Content-length: %d\r\n"
830 "\r\n"
831 "keytext=%s"
832 "\r\n";
833 reqlen += strlen (fmt) + strlen (proxy.base64_user) + 1;
834 request = safe_alloc (reqlen+1);
835 _snprintf (request, reqlen, fmt,
836 skip_type_prefix (hostname), port, hostname, port,
837 proxy.base64_user, enc_octets+9, enc_pubkey);
838 }
839 else {
840 fmt = "POST /pks/add HTTP/1.0\r\n"
841 "Referer: \r\n"
842 "User-Agent: WinPT/W32\r\n"
843 "Host: %s:%d\r\n"
844 "Content-type: application/x-www-form-urlencoded\r\n"
845 "Content-length: %d\r\n"
846 "\r\n"
847 "keytext=%s"
848 "\r\n";
849 reqlen += strlen (fmt)+1;
850 request = safe_alloc (reqlen+1);
851 _snprintf (request, reqlen, fmt,
852 skip_type_prefix (hostname), port,
853 enc_octets+9, enc_pubkey);
854 }
855
856 free_if_alloc (enc_pubkey);
857 log_debug ("%s\r\n", request);
858 return request;
859 }
860
861
862 /* Interface for receiving a public key. */
863 int
864 kserver_recvkey (const char *hostname, WORD port, const char *keyid,
865 char **r_key, int *r_keylen)
866 {
867 const char *fmt;
868 char *request = NULL;
869 int conn_fd;
870 int rc, reqlen;
871
872 if (!port)
873 port = HKP_PORT;
874 hkp_err = 0; /* reset */
875 rc = kserver_connect (hostname, port, &conn_fd);
876 if (rc)
877 goto leave;
878
879 reqlen = strlen (hostname)+32+strlen (keyid)+1;
880 if (proxy.host && proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
881 fmt = "GET http://%s:%d/pks/lookup?op=get&search=%s HTTP/1.0\r\n"
882 "Proxy-Authorization: Basic %s\r\n\r\n";
883 reqlen =+ strlen (fmt) + strlen (proxy.base64_user)+1;
884 request = safe_alloc (reqlen+1);
885 _snprintf (request, reqlen, fmt, skip_type_prefix (hostname), port,
886 keyid, proxy.base64_user);
887 }
888 else if (proxy.host && proxy.proto == PROXY_PROTO_HTTP) {
889 fmt = "GET http://%s:%d/pks/lookup?op=get&search=%s HTTP/1.0\r\n\r\n";
890 reqlen += strlen (fmt)+1;
891 request = safe_alloc (reqlen+1);
892 _snprintf (request, reqlen, fmt, skip_type_prefix (hostname),
893 port, keyid);
894 }
895 else {
896 fmt = "GET /pks/lookup?op=get&search=%s HTTP/1.0\r\n\r\n";
897 reqlen += strlen (fmt)+1;
898 request = safe_alloc (reqlen+1);
899 _snprintf (request, reqlen, fmt, keyid);
900 }
901
902 log_debug ("%s\r\n", request);
903
904 rc = sock_write (conn_fd, request, strlen (request));
905 if (rc == SOCKET_ERROR) {
906 rc = WPTERR_WINSOCK_RECVKEY;
907 goto leave;
908 }
909
910 rc = sock_read_ext (conn_fd, r_key, r_keylen);
911 if (rc == SOCKET_ERROR) {
912 rc = WPTERR_WINSOCK_RECVKEY;
913 goto leave;
914 }
915
916 log_debug ("%s\r\n", *r_key);
917 rc = check_hkp_response (*r_key, 1);
918 if (rc)
919 goto leave;
920
921 WSASetLastError (0);
922
923 leave:
924 closesocket (conn_fd);
925 free_if_alloc (request);
926 return rc;
927 }
928
929
930 /* Interface to send a public key. */
931 int
932 kserver_sendkey (const char *hostname, WORD port, const char *pubkey, int len )
933 {
934 char *request = NULL;
935 char log[2048] = {0};
936 int conn_fd, n;
937 int rc;
938
939 hkp_err = 0; /* reset */
940 rc = kserver_connect (hostname, port, &conn_fd);
941 if (rc)
942 goto leave;
943
944 request = kserver_send_request (hostname, port, pubkey, len);
945 if (request == NULL) {
946 rc = WPTERR_GENERAL;
947 goto leave;
948 }
949
950 rc = sock_write (conn_fd, request, strlen (request));
951 if (rc == SOCKET_ERROR) {
952 rc = WPTERR_WINSOCK_SENDKEY;
953 goto leave;
954 }
955
956 rc = sock_read (conn_fd, log, sizeof (log)-1, &n);
957 if (rc == SOCKET_ERROR) {
958 rc = WPTERR_WINSOCK_SENDKEY;
959 goto leave;
960 }
961
962 log_debug ("kserver_sendkey: read %d bytes\r\n%s\r\n", n, log);
963 rc = check_hkp_response (log, 0);
964 if (rc)
965 goto leave;
966
967 WSASetLastError (0);
968
969 leave:
970 closesocket (conn_fd);
971 free_if_alloc (request);
972 return rc;
973 }
974
975
976 /* Check keyserver response. */
977 static int
978 kserver_search_chkresp (int fd)
979 {
980 char buf[128];
981 int n=0;
982
983 /* parse response 'HTTP/1.0 500 OK' */
984 if (sock_getline (fd, buf, sizeof (buf)-1, &n))
985 return WPTERR_KEYSERVER_NOTFOUND;
986
987 log_debug ("kserver_search_chkpresp: %s\r\n", buf);
988 if (strncmp (buf, "HTTP/1.", 7))
989 return WPTERR_KEYSERVER_NOTFOUND;
990 if (strncmp (buf+(8+1), "200", 3))
991 return WPTERR_KEYSERVER_NOTFOUND;
992 return 0;
993 }
994
995
996 /* End the keyserver search procedure. */
997 void
998 kserver_search_end (int conn_fd)
999 {
1000 log_debug ("kserver_search_end: fd=%d\r\n", conn_fd);
1001 closesocket (conn_fd);
1002 }
1003
1004
1005 /* Extract the amount of keys from the info record. */
1006 static int
1007 count_keys_in_response (char *buf)
1008 {
1009 char *p;
1010 int recno = 0;
1011 int n = 0;
1012
1013 /* info:1:4 */
1014 if (strncmp (buf, "info", 4))
1015 return 0;
1016 p = strtok (buf, ":");
1017 while (p != NULL) {
1018 recno++;
1019 if (recno == 3)
1020 n = atoi (p);
1021 p = strtok (NULL, ":");
1022 }
1023 return n;
1024 }
1025
1026
1027 /* Start the keyserver search.
1028 Connect to host @hostname and port @port.
1029 The pattern are given in @pattern.
1030 The socket is returned in @conn_fd and @nkeys contains
1031 the amount of keys which were found. */
1032 int
1033 kserver_search_begin (const char *hostname, WORD port,
1034 const char *pattern, int *conn_fd, int *nkeys)
1035 {
1036 const char *fmt;
1037 char *request = NULL;
1038 char *enc_patt = NULL;
1039 char status[128];
1040 int rc, sock_fd;
1041 int reqlen;
1042
1043 *conn_fd = 0;
1044
1045 rc = kserver_connect (hostname, port, &sock_fd);
1046 if (rc)
1047 goto leave;
1048
1049 enc_patt = URL_encode (pattern, strlen (pattern), NULL);
1050 reqlen = strlen (enc_patt) + strlen (hostname) + 32 + 1;
1051
1052 if (proxy.host && proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
1053 fmt = "GET http://%s:%d/pks/lookup?options=mr&op=index&search=%s HTTP/1.0\r\n"
1054 "Proxy-Authorization: Basic %s\r\n\r\n";
1055 reqlen += strlen (proxy.base64_user) + strlen (fmt) + 1;
1056 request = safe_alloc (reqlen+1);
1057 _snprintf (request, reqlen, fmt, skip_type_prefix (hostname), port,
1058 enc_patt, proxy.base64_user);
1059 }
1060 else if (proxy.host && proxy.proto == PROXY_PROTO_HTTP) {
1061 fmt = "GET http://%s:%d/pks/lookup?options=mr&op=index&search=%s HTTP/1.0\r\n\r\n";
1062 reqlen += strlen (fmt)+1;
1063 request = safe_alloc (reqlen+1);
1064 _snprintf (request, reqlen, skip_type_prefix (hostname), port,
1065 enc_patt);
1066 }
1067 else {
1068 fmt = "GET /pks/lookup?options=mr&op=index&search=%s HTTP/1.0\r\n\r\n";
1069 reqlen += strlen (fmt)+1;
1070 request = safe_alloc (reqlen+1);
1071 _snprintf (request, reqlen, fmt, enc_patt);
1072 }
1073
1074 log_debug ("kserver_search_begin:\r\n%s\r\n", request);
1075 if (sock_write (sock_fd, request, strlen (request)) == SOCKET_ERROR) {
1076 rc = WPTERR_GENERAL;
1077 goto leave;
1078 }
1079
1080 rc = kserver_search_chkresp (sock_fd);
1081 if (rc) {
1082 closesocket (sock_fd);
1083 sock_fd = 0;
1084 goto leave;
1085 }
1086
1087 /* Skip all lines until we reach the "info:" record. */
1088 for (;;) {
1089 if (sock_getline (sock_fd, status, sizeof (status)-1, &reqlen)) {
1090 log_debug ("kserver_search_begin: retrieving status line failed.\r\n");
1091 closesocket (sock_fd);
1092 sock_fd = 0;
1093 rc = WPTERR_GENERAL;
1094 break;
1095 }
1096 if (!strncmp (status, "info:", 5))
1097 break;
1098 }
1099
1100 if (!rc)
1101 *nkeys = count_keys_in_response (status);
1102 *conn_fd = sock_fd;
1103
1104 leave:
1105 free_if_alloc (request);
1106 free_if_alloc (enc_patt);
1107 return rc;
1108 }
1109
1110
1111 /* Parse a single pub record returned by the keyserver. */
1112 static void
1113 parse_pub_record (keyserver_key_s *key, char *buf)
1114 {
1115 enum pub_rec_t {ID=1, KEYID, ALGO, SIZE, CREATE, EXPIRE};
1116 char *p;
1117 int recno = 0;
1118
1119 /* pub:BF3DF9B4:17:1024:925411133:: */
1120 p = strtok (buf, ":");
1121 while (p != NULL) {
1122 recno++;
1123 switch (recno) {
1124 case ID:
1125 break;
1126
1127 case KEYID:
1128 free_if_alloc (key->keyid);
1129 key->keyid = m_strdup (p);
1130 break;
1131
1132 case ALGO:
1133 key->algo = atoi (p);
1134 break;
1135
1136 case SIZE:
1137 key->bits = atoi (p);
1138 break;
1139
1140 case CREATE:
1141 key->creation = strtoul (p, NULL, 10);
1142 break;
1143
1144 case EXPIRE:
1145 key->expires = strtoul (p, NULL, 10);
1146 break;
1147 }
1148 p = strtok (NULL, ":");
1149 }
1150
1151 }
1152
1153
1154 /* Parse a single user id returned by the keyserver. */
1155 static void
1156 parse_uid_record (keyserver_key_s *key, char *buf)
1157 {
1158 enum uid_rec_t {ID=1, UID, CREATE, EXPIRE};
1159 keyserver_uid_s *u, *n;
1160 char *p;
1161 int recno = 0;
1162
1163 /* uid:Timo Schulz <[email protected]>:1138440360:: */
1164 u = new keyserver_uid_s;
1165 memset (u, 0, sizeof *u);
1166
1167 p = strtok (buf, ":");
1168 while (p != NULL) {
1169 recno++;
1170
1171 switch (recno) {
1172 case ID:
1173 break;
1174
1175 case UID:
1176 /* XXX: search for %3A and decode it back to ':' */
1177 u->uid = m_strdup (p);
1178 break;
1179
1180 case CREATE:
1181 u->creation = strtoul (p, NULL, 10);
1182 break;
1183
1184 case EXPIRE:
1185 u->expires = strtoul (p, NULL, 10);
1186 break;
1187 }
1188
1189 p = strtok (NULL, ":");
1190 }
1191 if (!key->uids)
1192 key->uids = u;
1193 else {
1194 for (n = key->uids; n->next; n=n->next)
1195 ;
1196 n->next = u;
1197 }
1198 }
1199
1200
1201 /* Peek the next 3 bytes to check if the next line
1202 would be a new "pub" record. In this case, return
1203 -1 as an EOF indication, 0 otherwise. */
1204 static int
1205 is_key_eof (int fd)
1206 {
1207 char buf[64];
1208 int n;
1209
1210 n = recv (fd, buf, 3, MSG_PEEK);
1211 if (n < 3 || strncmp (buf, "pub", 3))
1212 return 0;
1213 return -1;
1214 }
1215
1216
1217 /* Return the next key from the search response. */
1218 int
1219 kserver_search_next (int fd, keyserver_key_s **r_key)
1220 {
1221 keyserver_uid_s *uid, *u = NULL;
1222 keyserver_key_s *key;
1223 char buf[512];
1224 int n = 0;
1225 long max = 0;
1226
1227 log_debug ("keyserver_search_next:\r\n");
1228 *r_key = NULL;
1229
1230 key = new keyserver_key_s;
1231 memset (key, 0, sizeof *key);
1232 for (;;) {
1233 if (sock_getline (fd, buf, sizeof (buf)-1, &n))
1234 break;
1235 if (!strncmp (buf, "pub", 3))
1236 parse_pub_record (key, buf);
1237 else
1238 parse_uid_record (key, buf);
1239 if (is_key_eof (fd))
1240 break;
1241 }
1242
1243 /* the uid with the newest self sig is used as the
1244 primary user id. */
1245 for (uid = key->uids; uid; uid = uid->next) {
1246 if (uid->creation > max) {
1247 max = uid->creation;
1248 u = uid;
1249 }
1250 }
1251
1252 key->main_uid = u? u : key->uids;
1253 *r_key = key;
1254 return 0;
1255 }
1256
1257
1258 /* Release the keyserver key @key and all its elements. */
1259 void
1260 kserver_release_key (keyserver_key_s *key)
1261 {
1262 keyserver_uid_s *u;
1263
1264 while (key->uids) {
1265 u = key->uids->next;
1266 free_if_alloc (key->uids->uid);
1267 free_if_alloc (key->uids);
1268 key->uids = u;
1269 }
1270 free_if_alloc (key->keyid);
1271 free_if_alloc (key);
1272 }
1273
1274
1275 /* Release mbmers in the proxy context @ctx. */
1276 void
1277 kserver_proxy_release (keyserver_proxy_t ctx)
1278 {
1279 free_if_alloc (ctx->host);
1280 free_if_alloc (ctx->pass);
1281 free_if_alloc (ctx->user);
1282 ctx->port = ctx->proto = 0;
1283 }
1284
1285
1286 /* Spawn a process given by @cmdl. */
1287 static int
1288 spawn_application (char *cmdl)
1289 {
1290 STARTUPINFO si;
1291 PROCESS_INFORMATION pi;
1292 int rc = 0;
1293
1294 memset (&si, 0, sizeof (si));
1295 si.cb = sizeof (si);
1296 si.dwFlags = STARTF_USESHOWWINDOW;
1297 si.wShowWindow = SW_HIDE;
1298 memset (&pi, 0, sizeof (pi));
1299
1300 if (!CreateProcess (NULL, cmdl, NULL, NULL, FALSE, 0,
1301 NULL, NULL, &si, &pi)) {
1302 log_box ("Keyserver Plugin", MB_ERR, "Could not spawn helper process");
1303 rc = -1;
1304 }
1305
1306 CloseHandle (pi.hThread);
1307 WaitForSingleObject (pi.hProcess, INFINITE);
1308 CloseHandle (pi.hProcess);
1309 return rc;
1310 }
1311
1312
1313 static FILE*
1314 do_spawn_ldap_helper (const char *host, const char *keyid)
1315 {
1316 FILE *fp = NULL;
1317 char *p, *sep;
1318 char *ksprg;
1319 char outf[256], inf[256];
1320 size_t n;
1321
1322 p = get_gnupg_prog ();
1323 n = strlen (p) + 1 + 128;
1324 ksprg = safe_alloc (n+1);
1325 if (!ksprg)
1326 BUG (0);
1327 sep = strrchr (p, '\\');
1328 if (sep != NULL)
1329 p[(sep-p)] = 0;
1330
1331 _snprintf (ksprg, n, "%s\\gpgkeys_ldap.exe", p);
1332 free_if_alloc (p);
1333 if (file_exist_check (ksprg)) {
1334 log_box ("LDAP Keyserver Plugin", MB_ERR,
1335 "%s: could not find LDAP keyserver module!", ksprg);
1336 fp = NULL;
1337 goto leave;
1338 }
1339 get_temp_name (outf, sizeof (outf)-1, keyid);
1340 get_temp_name (inf, sizeof (inf)-1, NULL);
1341 fp = fopen (inf, "w+b");
1342 if (!fp) {
1343 log_box ("LDAP Keyserver Plugin", MB_ERR, "%s: %s", inf,
1344 winpt_strerror (WPTERR_FILE_OPEN));
1345 goto leave;
1346 }
1347 fprintf (fp,
1348 "VERSION 1\n"
1349 "PROGRAM 1.4.3-cvs\n"
1350 "SCHEME ldap\n"
1351 "HOST %s\n"
1352 "COMMAND GET\n"
1353 "\n"
1354 "%s\n",
1355 host? skip_type_prefix (host): "64.94.85.200", keyid);
1356 fclose (fp);
1357
1358 p = safe_alloc (strlen (ksprg) + strlen (inf) + strlen (outf) + 32);
1359 sprintf (p, "%s -o %s %s", ksprg, outf, inf);
1360 if (spawn_application (p)) {
1361 fp = NULL;
1362 goto leave;
1363 }
1364 fp = fopen (outf, "rb");
1365 if (!fp)
1366 log_box ("LDAP Keyserver Plugin", MB_ERR, "%s: %s", outf,
1367 winpt_strerror (WPTERR_FILE_OPEN));
1368
1369 leave:
1370 DeleteFile (inf);
1371 DeleteFile (outf);
1372 free_if_alloc (p);
1373 free_if_alloc (ksprg);
1374 return fp;
1375 }
1376
1377 /* Receive an key via LDAP from host @host with the keyid @keyid.
1378 @key contains the key on success. */
1379 int
1380 ldap_recvkey (const char *host, const char *keyid,
1381 char **r_key, int *r_keylen)
1382 {
1383 gpgme_data_t raw;
1384 FILE *fp;
1385 const char *s;
1386 char buf[512];
1387 int start_key = 0, failed = 0;
1388 int rc = 0;
1389
1390 fp = do_spawn_ldap_helper (host, keyid);
1391 if (!fp)
1392 return WPTERR_GENERAL;
1393
1394 if (gpgme_data_new (&raw))
1395 BUG (0);
1396 while (!feof (fp)) {
1397 s = fgets (buf, sizeof (buf)-1, fp);
1398 if (!s)
1399 break;
1400 if (strstr (s, "KEY") && strstr (s, "FAILED")) {
1401 failed = 1;
1402 break;
1403 }
1404 if (!start_key && strstr (s, "KEY") && strstr (s, "BEGIN")) {
1405 start_key = 1;
1406 continue;
1407 }
1408 if (!start_key)
1409 continue;
1410 gpgme_data_write (raw, buf, strlen (buf));
1411 if (strstr (s, "KEY") && strstr (s, "END"))
1412 break;
1413 }
1414 fclose (fp);
1415
1416 if (failed)
1417 rc = WPTERR_WINSOCK_RECVKEY;
1418 *r_key = data_release_and_get_mem (raw, r_keylen);
1419 return rc;
1420 }
1421
1422
1423 /* Receive an key via FINGER from host @host with the user @user.
1424 On success @key contains the key. */
1425 int
1426 finger_recvkey (const char *host, const char *user,
1427 char **r_key, int *r_keylen)
1428 {
1429 gpgme_data_t raw;
1430 char buf[256];
1431 int fd, nread;
1432 int start_key = 0;
1433 int rc=0;
1434
1435 rc = kserver_connect (host, FINGER_PORT, &fd);
1436 if (rc)
1437 return rc;
1438
1439 sock_write (fd, user, strlen (user));
1440 sock_write (fd, "\r\n", 2);
1441
1442 if (gpgme_data_new (&raw))
1443 BUG (0);
1444
1445 for (;;) {
1446 if (sock_getline (fd, buf, sizeof (buf), &nread))
1447 break;
1448 strcat (buf, "\n");
1449 if (strstr (buf, "BEGIN PGP PUBLIC KEY BLOCK")) {
1450 gpgme_data_write (raw, buf, nread);
1451 start_key = 1;
1452 }
1453 else if (strstr (buf, "END PGP PUBLIC KEY BLOCK" ) && start_key) {
1454 gpgme_data_write (raw, buf, nread);
1455 start_key--;
1456 break;
1457 }
1458 else if (start_key)
1459 gpgme_data_write (raw, buf, nread);
1460 }
1461
1462 closesocket (fd);
1463 if (start_key != 0)
1464 rc = WPTERR_WINSOCK_RECVKEY;
1465 *r_key = data_release_and_get_mem (raw, r_keylen);
1466 return rc;
1467 }
1468
1469
1470 /* Check if the given name @name is a valid hostname. */
1471 int
1472 check_IP_or_hostname (const char *name)
1473 {
1474 const char *not_allowed = "=!ยง$%&@#*~\\/}][{<>|,;:'";
1475 size_t i, j;
1476
1477 for (i=0; i < strlen (name); i++) {
1478 for (j =0; j < strlen (not_allowed); j++) {
1479 if (name[i] == not_allowed[j])
1480 return -1;
1481 }
1482 }
1483 return 0;
1484 }
1485
1486
1487 /* Split the URL @r_keyserver into the host and the port
1488 part if possible. */
1489 gpgme_error_t
1490 parse_keyserver_url (char **r_keyserver, unsigned short *r_port)
1491 {
1492 char *p;
1493 char *url = *r_keyserver;
1494
1495 /* no port is given so use the default port. */
1496 p = strrchr (url, ':');
1497 if (p == strchr (url, ':')) {
1498 int port = port_from_proto (proto_from_URL (url));
1499 if (!port)
1500 port = HKP_PORT;
1501 *r_port = port;
1502 return 0;
1503 }
1504 /* XXX: remove / in .de/:11371 */
1505 *r_keyserver = substr (url, 0, (p-url));
1506 *r_port = atoi (url+(p-url)+1);
1507 safe_free (url);
1508 return 0;
1509 }

Properties

Name Value
svn:eol-style native
[email protected]
 ViewVC Help
Powered by ViewVC 1.1.26