/[winpt]/trunk/Src/wptKeyserver.cpp
ViewVC logotype

Contents of /trunk/Src/wptKeyserver.cpp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 209 - (show annotations)
Wed May 3 14:34:08 2006 UTC (18 years, 10 months ago) by twoaday
File size: 32291 byte(s) 
2006-05-02  Timo Schulz  <ts@g10code.de>
                                                                                
        * wptFileManagerDlg.cpp (file_encrypt_dlg_proc): Use a
        caption for the radio button group.
        * wptKeyserverDlg.cpp (keyserver_recv_key): Use new code.
        * wptKeyserver.cpp (kserver_recvkey, finger_recvkey,
        ldap_recvkey): Avoid fixed buffers.
        (do_spawn_ldap_helper): New.
        (ldap_recvkey): Factor out code into helper function.
        * wptPassphraseCBDlg.cpp (passphrase_callback_proc):
        Increase width of the list box to make sure even large
        user IDs will be completly displayed.
1 /* wptKeyserver.cpp - W32 Keyserver Access
2 * Copyright (C) 2000-2006 Timo Schulz
3 * Copyright (C) 2001 Marco Cunha
4 *
5 * This file is part of WinPT.
6 *
7 * WinPT is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 *
12 * WinPT is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with WinPT; if not, write to the Free Software Foundation,
19 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
25
26 #include <windows.h>
27 #include <shlobj.h>
28 #include <stdio.h>
29 #include <sys/stat.h>
30 #include <ctype.h>
31
32 #include "wptKeyserver.h"
33 #include "wptErrors.h"
34 #include "wptTypes.h"
35 #include "wptNLS.h"
36 #include "wptW32API.h"
37 #include "wptGPG.h"
38 #include "wptRegistry.h"
39
40 /* Map net_errno to a winsock error. */
41 #define net_errno ((int)WSAGetLastError ())
42
43
44 keyserver server[MAX_KEYSERVERS] = {0};
45 keyserver_proxy_s proxy = {0};
46 static const char *server_list[] = {
47 "hkp://gnv.us.ks.cryptnet.net",
48 "hkp://keyserver.kjsl.com",
49 "hkp://sks.keyserver.penguin.de",
50 "hkp://subkeys.pgp.net",
51 "ldap://keyserver.pgp.com",
52 NULL
53 };
54
55
56 static char hkp_errmsg[1024]; /* Holds the error message from the server */
57 static int hkp_err = 0; /* != 0 indicates an error occurred. */
58
59 /* Default keyserver and port. */
60 char *default_keyserver = NULL;
61 WORD default_keyserver_port = 0;
62
63 /* Default socket timeout. */
64 static int default_socket_timeout = 6;
65
66 /* Basic64 encode the input @inbuf to @outbuf. */
67 static void
68 base64_encode (const char *inbuf, char *outbuf)
69 {
70 char base64code[] =
71 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
72 int index = 0, temp = 0, res = 0;
73 int i = 0, inputlen = 0, len = 0;
74
75 inputlen = strlen (inbuf);
76 for (i = 0; i < inputlen; i++) {
77 res = temp;
78 res = (res << 8) | (inbuf[i] & 0xFF);
79 switch (index++) {
80 case 0:
81 outbuf[len++] = base64code[res >> 2 & 0x3F];
82 res &= 0x3;
83 break;
84 case 1:
85 outbuf[len++] = base64code[res >> 4 & 0x3F];
86 res &= 0xF;
87 break;
88 case 2:
89 outbuf[len++] = base64code[res >> 6 & 0x3F];
90 outbuf[len++] = base64code[res & 0x3F];
91 res = index = 0;
92 break;
93 }
94 temp = res;
95 }
96
97 if (index == 2) {
98 outbuf[len++] = base64code[temp << 2 & 0x3F];
99 outbuf[len++] = '=';
100 }
101 else if (index == 1) {
102 outbuf[len++] = base64code[temp << 4 & 0x3F];
103 outbuf[len++] = '=';
104 outbuf[len++] = '=';
105 }
106
107 outbuf[len] = '\0';
108 }
109
110
111 /* Skip the URL schema and return only the host part of it. */
112 static const char*
113 skip_type_prefix (const char *hostname)
114 {
115 if (hostname && !strncmp (hostname, "http://", 7))
116 hostname += 7;
117 else if (hostname && !strncmp (hostname, "hkp://", 6))
118 hostname += 6;
119 else if (hostname && !strncmp (hostname, "finger://", 9))
120 hostname += 9;
121 else if (hostname && !strncmp (hostname, "ldap://", 7))
122 hostname += 7;
123 return hostname;
124 }
125
126
127 /* Check that the keyserver response indicates an OK.
128 Return 0 on success. */
129 static int
130 check_hkp_response (const char *resp, int recv)
131 {
132 char *p, *end;
133 int ec, len;
134
135 ec = recv ? WPTERR_WINSOCK_RECVKEY : WPTERR_WINSOCK_SENDKEY;
136 if (!strstr (resp, "HTTP/1.0 200 OK") &&
137 !strstr (resp, "HTTP/1.1 200 OK")) /* http error */
138 return ec;
139 if (strstr (resp, "Public Key Server -- Error")
140 || strstr (resp, "Public Key Server -- Error")
141 || strstr (resp, "No matching keys in database")) {
142 p = strstr (resp, "<p>");
143 if (p && strlen (p) < sizeof (hkp_errmsg)) {
144 end = strstr (p, "</p>");
145 len = end? (end - p + 1) : strlen (p);
146 memset (hkp_errmsg, 0, sizeof (hkp_errmsg));
147 strncpy (hkp_errmsg, p, len);
148 hkp_err = 1;
149 }
150 return ec;
151 }
152 return 0;
153 }
154
155
156 /* Read a single line (\r\n) from a socket.
157 Return 0 on success. */
158 static int
159 sock_getline (int fd, char *buf, int buflen, int *nbytes)
160 {
161 char ch;
162 int nread = 0;
163
164 if (nbytes)
165 *nbytes = 0;
166 *buf = 0;
167 while (recv (fd, &ch, 1, 0) > 0) {
168 *buf++ = ch;
169 nread++;
170 if (ch == '\r')
171 continue; /* remove this char. */
172 if (ch == '\n' || nread == (buflen - 1)) {
173 *buf = 0;
174 if (nbytes)
175 *nbytes = nread;
176 return 0;
177 }
178 }
179
180 return -1;
181 }
182
183
184 /* Perform a select() on the given fd to find out
185 is there is data for reading. Wait at least @nsecs seconds. */
186 static int
187 sock_select (int fd, int nsecs)
188 {
189 FD_SET rfd;
190 timeval tv = {nsecs, 0};
191
192 FD_ZERO (&rfd);
193 FD_SET (fd, &rfd);
194 if (select (fd + 1, &rfd, NULL, NULL, &tv) == SOCKET_ERROR) {
195 log_debug ("sock_select: select() failed ec=%d.\r\n", net_errno);
196 return SOCKET_ERROR;
197 }
198 if (FD_ISSET (fd, &rfd))
199 return 1;
200 return 0;
201 }
202
203
204 /* Read from a socket @fd to buffer @buf with a fixed timeout
205 of 10 seconds. The amount of bytes which were read are
206 returned in @nbytes.
207 Return value: 0 on success. */
208 static int
209 sock_read (int fd, char *buf, int buflen, int *nbytes)
210 {
211 DWORD nread;
212 int nleft = buflen;
213 int rc, n = 0;
214
215 if (nbytes)
216 *nbytes = 0;
217 while (nleft > 0) {
218 if (n >= default_socket_timeout)
219 return WPTERR_WINSOCK_TIMEOUT;
220 rc = sock_select (fd, 1);
221 if (rc == SOCKET_ERROR)
222 return rc;
223 else if (!rc)
224 n++;
225 else {
226 nread = recv (fd, buf, nleft, 0);
227 if (nread == SOCKET_ERROR) {
228 log_debug ("sock_read: recv() failed ec=%d.\r\n", net_errno);
229 return SOCKET_ERROR;
230 }
231 else if (!nread)
232 break;
233 nleft -= nread;
234 buf += nread;
235 }
236 }
237 if (nbytes)
238 *nbytes = buflen - nleft;
239
240 return 0;
241 }
242
243
244 /* Helper to create a string from the gpgme data and
245 then release the gpgme data object. */
246 char*
247 data_release_and_get_mem (gpgme_data_t in, int *r_bufferlen)
248 {
249 size_t n;
250 char *buffer, *p;
251
252 gpg_data_putc (in, '\0');
253 p = gpgme_data_release_and_get_mem (in, &n);
254 buffer = m_strdup (p);
255 if (r_bufferlen)
256 *r_bufferlen = (int)n;
257 gpgme_free (p);
258 return buffer;
259 }
260
261
262 /* Read much data as possible from the socket @fd and
263 return the data in @buffer. Caller must free data.
264 Return value: 0 on success. */
265 int
266 sock_read_ext (int fd, char **buffer, int *r_bufferlen)
267 {
268 gpgme_data_t dh;
269 char buf[1024];
270 size_t n=0;
271 int nread, rc;
272
273 if (gpgme_data_new (&dh))
274 BUG (0);
275 while (n < 10) {
276 rc = sock_select (fd, 1);
277 if (rc == SOCKET_ERROR) {
278 gpgme_data_release (dh);
279 return rc;
280 }
281 else if (!rc)
282 n++;
283 else {
284 nread = recv (fd, buf, sizeof (buf), 0);
285 if (nread == SOCKET_ERROR)
286 return SOCKET_ERROR;
287 else if (!nread)
288 break;
289 gpgme_data_write (dh, buf, nread);
290 }
291 }
292
293 *buffer = data_release_and_get_mem (dh, r_bufferlen);
294 return 0;
295 }
296
297
298 /* Write the buffer @buf with the length @buflen to a socket @fd. */
299 static int
300 sock_write (int fd, const char *buf, int buflen)
301 {
302 DWORD nwritten;
303 int nleft = buflen;
304
305 while (nleft > 0) {
306 nwritten = send (fd, buf, nleft, 0);
307 if (nwritten == SOCKET_ERROR) {
308 log_debug ("sock_write: send() failed ec=%d\r\n", net_errno);
309 return SOCKET_ERROR;
310 }
311 nleft -= nwritten;
312 buf += nwritten;
313 }
314
315 return 0;
316 }
317
318
319 /* Initialize the Winsock2 interface.*/
320 int
321 wsock_init (void)
322 {
323 WSADATA wsa;
324
325 if (WSAStartup (0x202, &wsa)) {
326 log_debug ("wsock_init: WSAStartup failed ec=%d\r\n", net_errno);
327 return WPTERR_WINSOCK_INIT;
328 }
329 return 0;
330 }
331
332
333 /* Cleanup the Winsock2 interface. */
334 void
335 wsock_end (void)
336 {
337 char *p;
338 int i;
339
340 p = make_special_filename (CSIDL_APPDATA, "winpt\\keyserver.conf", NULL);
341 kserver_save_conf (p);
342 free_if_alloc (p);
343 free_if_alloc (default_keyserver);
344 for (i=0; i < MAX_KEYSERVERS; i++) {
345 if (server[i].used && server[i].name != NULL)
346 free_if_alloc (server[i].name);
347 }
348 kserver_proxy_release (&proxy);
349 WSACleanup ();
350 }
351
352
353 /* Return a string representation of a winsock error. */
354 const char*
355 wsock_strerror (void)
356 {
357 static char buf[384];
358 int ec = WSAGetLastError ();
359
360 switch (ec) {
361 case WSAENETDOWN:
362 return _("The network subsystem has failed");
363 case WSAHOST_NOT_FOUND:
364 return _("Authoritative Answer Host not found");
365 case WSAETIMEDOUT:
366 return _("The connection has been dropped because of a network failure");
367 default:
368 _snprintf (buf, sizeof (buf) -1, _("Unknown Winsock error ec=%d"),ec);
369 return buf;
370 }
371 return NULL;
372 }
373
374
375 /* Set default socket timeout for all reading operations. */
376 void
377 kserver_set_socket_timeout (int nsec)
378 {
379 if (nsec < 0)
380 nsec = 0;
381 default_socket_timeout = nsec;
382 }
383
384
385 /* Return the last keyserver error as a string. */
386 const char*
387 kserver_strerror (void)
388 {
389 if (hkp_err)
390 return hkp_errmsg;
391 return NULL;
392 }
393
394
395 /* Read a keyserver from the list at index @idx.
396 Return value: keyserver name at the given position. */
397 const char*
398 kserver_get_hostname (int idx, int type, WORD *port)
399 {
400 if (type == -1) {
401 *port = default_keyserver_port;
402 return default_keyserver;
403 }
404 else if (!type && idx < DIM (server_list)) {
405 *port = HKP_PORT;
406 return server_list[idx];
407 }
408 return NULL;
409 }
410
411
412 /* Check if the computer is connected to the internet.
413 Return 0 on success -1 otherwise. */
414 int
415 kserver_check_inet_connection (void)
416 {
417 int fd;
418
419 if (!kserver_connect (default_keyserver, default_keyserver_port, &fd)) {
420 closesocket (fd);
421 return 0;
422 }
423 return -1;
424 }
425
426
427 /* If the request contains the keyid, it have to be
428 always postfix with '0x'+keyid. This code checks
429 if the keyid is a decimal value and if so if it contains
430 the '0x'. If not it is inserted. */
431 const char*
432 kserver_check_keyid (const char *keyid)
433 {
434 static char id[21];
435
436 if (strstr (keyid, "@"))
437 return keyid; /* email address */
438 if (strncmp (keyid, "0x", 2)) {
439 memset (&id, 0, sizeof (id));
440 _snprintf (id, sizeof (id)-1, "0x%s", keyid);
441 return id;
442 }
443 return keyid;
444 }
445
446
447 /* Update the keyserver proxy user. */
448 static void
449 update_proxy_user (const char *proxy_user, const char *proxy_pass)
450 {
451 char t[257]; /* user:pass = 127+1+127+1 = 257 */
452 int n = 0;
453
454 n = 4*strlen (proxy_user) / 3 + 32 + strlen (proxy_pass) + 2;
455 free_if_alloc (proxy.base64_user);
456 proxy.base64_user = new char[n];
457 if (!proxy.base64_user)
458 BUG (0);
459 _snprintf (t, sizeof (t)-1, "%s:%s", proxy_user, proxy_pass);
460 base64_encode (t, proxy.base64_user);
461 free_if_alloc (proxy.user);
462 free_if_alloc (proxy.pass);
463 proxy.user = m_strdup (proxy_user);
464 proxy.pass = m_strdup (proxy_pass);
465 }
466
467
468 /* Check that the given buffer contains a valid keyserver URL. */
469 static int
470 check_URL (const char * buf)
471 {
472 if (strlen (buf) < 7)
473 return -1;
474 if (!strstr (buf, "ldap://")
475 && !strstr (buf, "http://")
476 && !strstr (buf, "finger://")
477 && !strstr (buf, "hkp://"))
478 return -1;
479 return 0;
480 }
481
482
483 /* Get the port number from the given protocol. */
484 static int
485 port_from_proto (int proto)
486 {
487 switch (proto) {
488 case KSPROTO_LDAP: return 0;
489 case KSPROTO_FINGER: return FINGER_PORT;
490 case KSPROTO_HTTP: return HKP_PORT;
491 }
492 return 0;
493 }
494
495
496 /* Get the port number from the given URL. */
497 static int
498 proto_from_URL (const char *buf)
499 {
500 if (strstr( buf, "ldap"))
501 return KSPROTO_LDAP;
502 else if (strstr( buf, "finger"))
503 return KSPROTO_FINGER;
504 return KSPROTO_HKP;
505 }
506
507
508 void
509 keyserver_set_default (const char *hostname, WORD port)
510 {
511 if (hostname != NULL) {
512 free_if_alloc (default_keyserver);
513 default_keyserver = m_strdup (hostname);
514 default_keyserver_port = port;
515 }
516 if (!port)
517 port = HKP_PORT;
518 if (!default_keyserver)
519 default_keyserver = m_strdup (DEF_HKP_KEYSERVER);
520 server[0].name = m_strdup (default_keyserver);
521 server[0].used = 1;
522 server[0].port = port;
523 server[0].proto = proto_from_URL (default_keyserver);
524 }
525
526
527 /* Skip all kind of whitespace chars in @str. */
528 static const char*
529 skip_whitespace (const char *str)
530 {
531 while (str && *str) {
532 if (*str == ' ' ||
533 *str == '\t' ||
534 *str == '\n' ||
535 *str == '\r') {
536 str++;
537 continue;
538 }
539 break;
540 }
541 return str;
542 }
543
544
545 /* Save the keyserver config file in @conf. */
546 int
547 kserver_save_conf (const char *conf)
548 {
549 FILE *fp;
550 int pos;
551
552 fp = fopen (conf, "wb");
553 if (!fp) {
554 msg_box (NULL, _("Could not save keyserver.conf file"),
555 _("Keyserver"), MB_ERR);
556 return -1;
557 }
558
559 fprintf (fp, "# do NOT manually modify this file, it will be "
560 "generated automatically!!\r\n");
561 for (pos = 0; pos < MAX_KEYSERVERS; pos++) {
562 if (!server[pos].used)
563 continue;
564 fprintf (fp, "%s:%d\r\n", server[pos].name, server[pos].port);
565 }
566 fclose (fp);
567 return 0;
568 }
569
570
571 /* Load the keyserver config file @conf. */
572 int
573 kserver_load_conf (const char *conf)
574 {
575 FILE *fp;
576 char buf[1024], *s, *p;
577 char *user = NULL, *pass = NULL;
578 int no_config=0, chk_pos=0;
579 int pos;
580
581 for (pos = 0; pos < MAX_KEYSERVERS; pos++) {
582 server[pos].used = 0;
583 server[pos].port = HKP_PORT;
584 }
585
586 fp = fopen (conf, "rb");
587 if (!fp) {
588 for (pos = 0; server_list[pos]; pos++) {
589 server[pos].used = 1;
590 server[pos].name = m_strdup (server_list[pos]);
591 server[pos].proto = proto_from_URL (server_list[pos]);
592 }
593 no_config=1;
594 }
595 get_reg_proxy_prefs (&proxy);
596 if (user && pass)
597 update_proxy_user (user, pass);
598 else if (user && !pass || !user && pass) {
599 msg_box (NULL, _("Invalid proxy configuration."
600 "You need to set a user and a password"
601 "to use proxy authentication!"),
602 _("Proxy Error"), MB_ERR);
603 }
604 /* check if the host has a http:// prefix and skip it */
605 if (proxy.host && !strncmp (proxy.host, "http://", 7)) {
606 char *host = m_strdup (proxy.host+7);
607 free_if_alloc (proxy.host);
608 proxy.host = host;
609 }
610 free_if_alloc (user);
611 free_if_alloc (pass);
612
613 pos = 0;
614 while (fp && !feof (fp)) {
615 s = fgets (buf, sizeof (buf)-1, fp);
616 if (!s)
617 break;
618 if (strstr (buf, "\r\n"))
619 buf[strlen (buf)-2] = '\0';
620 if (strstr (buf, "\n"))
621 buf[strlen (buf)-1] = '\0';
622 s = (char *)skip_whitespace (buf);
623 if (*s == '#' || strlen (s) < 7)
624 continue;
625 if (check_URL (s)) {
626 msg_box (NULL, _("All entries of this file must have a valid prefix.\n"
627 "Currently HKP/HTTP, LDAP and FINGER are supported.\n"),
628 _("Keyserver Error"), MB_ERR);
629 continue;
630 }
631 chk_pos = 6;
632 if (strstr (s, "finger"))
633 chk_pos = 10;
634 p = strchr (s+chk_pos, ':');
635 server[pos].used = 1;
636 server[pos].proto = proto_from_URL (s);
637 server[pos].port = port_from_proto (server[pos].proto);
638 if (!p)
639 server[pos].name = m_strdup (s);
640 else {
641 server[pos].port = atol (p+1);
642 if (server[pos].port < 0 || server[pos].port > 65536)
643 server[pos].port = HKP_PORT;
644 server[pos].name = new char [(p-s)+2];
645 if (!server[pos].name)
646 BUG (0);
647 memset (server[pos].name, 0, (p-s)+2);
648 memcpy (server[pos].name, s, (p-s));
649 }
650 pos++;
651 if (pos > MAX_KEYSERVERS) {
652 msg_box (NULL, _("The keyserver limit is exceeded"),
653 _("Keyserver Warning"), MB_INFO);
654 break;
655 }
656 }
657 if (fp)
658 fclose (fp);
659 if (!pos) {
660 /* only issue an error if the config file exist but
661 it has no valid entries. */
662 keyserver_set_default (NULL, HKP_PORT);
663 if (!no_config)
664 return WPTERR_CONFIG_FILE;
665 }
666
667 return 0;
668 }
669
670
671 /* Connect to the keyserver @hostname (port @port).
672 Return value: 0 on success */
673 int
674 kserver_connect (const char *hostname, WORD port, int *conn_fd)
675 {
676 struct hostent *hp;
677 struct sockaddr_in sock;
678 char host[128] = {0};
679 DWORD iaddr;
680 int rc, fd;
681
682 log_debug ("kserver_connect: %s:%d\r\n", hostname, port);
683
684 if (!port)
685 port = HKP_PORT;
686 if (conn_fd)
687 *conn_fd = 0;
688 hostname = skip_type_prefix (hostname);
689
690 if (proxy.host && proxy.proto == PROXY_PROTO_HTTP)
691 port = proxy.port;
692 memset (&sock, 0, sizeof (sock));
693 sock.sin_family = AF_INET;
694 sock.sin_port = htons (port);
695 if (proxy.host)
696 strncpy (host, proxy.host, 127);
697 else
698 strncpy (host, hostname, 127);
699
700 if ((iaddr = inet_addr (host)) != INADDR_NONE)
701 memcpy (&sock.sin_addr, &iaddr, sizeof (iaddr));
702 else if ((hp = gethostbyname (host))) {
703 if (hp->h_addrtype != AF_INET || hp->h_length != 4) {
704 log_debug ("gethostbyname: unknown address type.\r\n");
705 return WPTERR_WINSOCK_RESOLVE;
706 }
707 memcpy (&sock.sin_addr, hp->h_addr, hp->h_length);
708 }
709 else {
710 log_debug ("gethostbyname: failed ec=%d.\r\n", net_errno);
711 return WPTERR_WINSOCK_RESOLVE;
712 }
713 fd = socket (AF_INET, SOCK_STREAM, 0);
714 if (fd == INVALID_SOCKET)
715 return WPTERR_WINSOCK_SOCKET;
716 rc = connect (fd, (struct sockaddr *) &sock, sizeof (sock));
717 if (rc == SOCKET_ERROR) {
718 log_debug ("connect: failed ec=%d.\r\n", net_errno);
719 closesocket (fd);
720 return WPTERR_WINSOCK_CONNECT;
721 }
722
723 if (proxy.proto == PROXY_PROTO_SOCKS5) {
724 rc = socks_handshake (&proxy, fd, hostname, port);
725 if (rc) {
726 closesocket (fd);
727 return WPTERR_GENERAL; /* XXX: use better code. */
728 }
729 }
730
731 if (conn_fd)
732 *conn_fd = fd;
733 WSASetLastError (0);
734 return 0;
735 }
736
737
738 static bool
739 URL_must_encoded (const char *url)
740 {
741 if (strchr (url, '.') || strchr (url, '@') || strchr (url, ' '))
742 return true;
743 return false;
744 }
745
746
747 /* Perform URL encoding of the given data. */
748 static char*
749 URL_encode (const char *url, size_t ulen, size_t *ret_nlen)
750 {
751 gpgme_data_t hd;
752 char numbuf[5], *p;
753 size_t i;
754 int nlen;
755
756 if (gpgme_data_new (&hd))
757 BUG (0);
758 for (i=0; i < ulen; i++) {
759 if (isalnum (url[i]) || url[i] == '-')
760 gpg_data_putc (hd, url[i]);
761 else if (url[i] == ' ')
762 gpg_data_putc (hd, '+');
763 else {
764 sprintf (numbuf, "%%%02X", url[i]);
765 gpgme_data_write (hd, numbuf, strlen (numbuf));
766 }
767 }
768
769 p = data_release_and_get_mem (hd, &nlen);
770 if (ret_nlen)
771 *ret_nlen = nlen;
772 return p;
773 }
774
775
776 /* Format a request for the given keyid (send). */
777 static char*
778 kserver_send_request (const char *hostname, WORD port,
779 const char *pubkey, int octets)
780 {
781 char *request = NULL;
782 char *enc_pubkey = NULL;
783 size_t enc_octets;
784 int reqlen;
785
786 log_debug ("kserver_send_request: %s:%d\r\n", hostname, port);
787
788 if (!port)
789 port = HKP_PORT;
790 reqlen = 512 + strlen (hostname) + 2*strlen (pubkey);
791 if (proxy.proto == PROXY_PROTO_HTTP && proxy.base64_user)
792 reqlen += strlen (proxy.base64_user) + 1;
793 request = new char[reqlen];
794 if (!request)
795 BUG (0);
796 enc_pubkey = URL_encode (pubkey, octets, &enc_octets);
797 if (!enc_pubkey || !enc_octets) {
798 free_if_alloc (request);
799 return NULL;
800 }
801
802 if (proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
803 _snprintf (request, reqlen-1,
804 "POST http://%s:%d/pks/add HTTP/1.0\r\n"
805 "Referer: \r\n"
806 "User-Agent: WinPT/W32\r\n"
807 "Host: %s:%d\r\n"
808 "Proxy-Authorization: Basic %s\r\n"
809 "Content-type: application/x-www-form-urlencoded\r\n"
810 "Content-length: %d\r\n"
811 "\r\n"
812 "keytext=%s"
813 "\r\n",
814 skip_type_prefix (hostname), port, hostname, port,
815 proxy.base64_user, enc_octets+9, enc_pubkey);
816 }
817 else {
818 _snprintf (request, reqlen-1,
819 "POST /pks/add HTTP/1.0\r\n"
820 "Referer: \r\n"
821 "User-Agent: WinPT/W32\r\n"
822 "Host: %s:%d\r\n"
823 "Content-type: application/x-www-form-urlencoded\r\n"
824 "Content-length: %d\r\n"
825 "\r\n"
826 "keytext=%s"
827 "\r\n",
828 skip_type_prefix (hostname), port,
829 enc_octets+9, enc_pubkey);
830 }
831 free_if_alloc (enc_pubkey);
832
833 log_debug ("%s\r\n", request);
834 return request;
835 }
836
837
838 /* Interface for receiving a public key. */
839 int
840 kserver_recvkey (const char *hostname, WORD port, const char *keyid,
841 char **r_key, int *r_keylen)
842 {
843 char *request = NULL;
844 int conn_fd;
845 int rc;
846
847 if (!port)
848 port = HKP_PORT;
849 hkp_err = 0; /* reset */
850 rc = kserver_connect (hostname, port, &conn_fd);
851 if (rc)
852 goto leave;
853
854 request = new char[300+1];
855 if (!request)
856 BUG (0);
857
858 if (proxy.host && proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
859 _snprintf (request, 300,
860 "GET http://%s:%d/pks/lookup?op=get&search=%s HTTP/1.0\r\n"
861 "Proxy-Authorization: Basic %s\r\n\r\n",
862 skip_type_prefix (hostname), port, keyid, proxy.base64_user);
863 }
864 else if (proxy.host && proxy.proto == PROXY_PROTO_HTTP) {
865 _snprintf (request, 300,
866 "GET http://%s:%d/pks/lookup?op=get&search=%s HTTP/1.0\r\n\r\n",
867 skip_type_prefix (hostname), port, keyid);
868 }
869 else {
870 _snprintf (request, 300,
871 "GET /pks/lookup?op=get&search=%s HTTP/1.0\r\n\r\n", keyid);
872 }
873
874 log_debug ("%s\r\n", request);
875
876 rc = sock_write (conn_fd, request, strlen (request));
877 if (rc == SOCKET_ERROR) {
878 rc = WPTERR_WINSOCK_RECVKEY;
879 goto leave;
880 }
881
882 rc = sock_read_ext (conn_fd, r_key, r_keylen);
883 if (rc == SOCKET_ERROR) {
884 rc = WPTERR_WINSOCK_RECVKEY;
885 goto leave;
886 }
887
888 log_debug ("%s\r\n", *r_key);
889 rc = check_hkp_response (*r_key, 1);
890 if (rc)
891 goto leave;
892
893 WSASetLastError (0);
894
895 leave:
896 closesocket (conn_fd);
897 free_if_alloc (request);
898 return rc;
899 }
900
901
902 /* Interface to send a public key. */
903 int
904 kserver_sendkey (const char *hostname, WORD port, const char *pubkey, int len )
905 {
906 char *request = NULL;
907 char log[2048] = {0};
908 int conn_fd, n;
909 int rc;
910
911 hkp_err = 0; /* reset */
912 rc = kserver_connect (hostname, port, &conn_fd);
913 if (rc)
914 goto leave;
915
916 request = kserver_send_request (hostname, port, pubkey, len);
917 if (request == NULL) {
918 rc = WPTERR_GENERAL;
919 goto leave;
920 }
921
922 rc = sock_write (conn_fd, request, strlen (request));
923 if (rc == SOCKET_ERROR) {
924 rc = WPTERR_WINSOCK_SENDKEY;
925 goto leave;
926 }
927
928 rc = sock_read (conn_fd, log, sizeof (log)-1, &n);
929 if (rc == SOCKET_ERROR) {
930 rc = WPTERR_WINSOCK_SENDKEY;
931 goto leave;
932 }
933
934 log_debug ("kserver_sendkey: read %d bytes\r\n%s\r\n", n, log);
935 rc = check_hkp_response (log, 0);
936 if (rc)
937 goto leave;
938
939 WSASetLastError (0);
940
941 leave:
942 closesocket (conn_fd);
943 free_if_alloc (request);
944 return rc;
945 }
946
947
948 /* Check keyserver response. */
949 static int
950 kserver_search_chkresp (int fd)
951 {
952 char buf[128];
953 int n=0;
954
955 /* parse response 'HTTP/1.0 500 OK' */
956 if (sock_getline (fd, buf, 127, &n))
957 return WPTERR_KEYSERVER_NOTFOUND;
958
959 log_debug ("kserver_search_chkpresp: %s\r\n", buf);
960 if (strncmp (buf, "HTTP/1.", 7))
961 return WPTERR_KEYSERVER_NOTFOUND;
962 if (strncmp (buf+(8+1), "200", 3))
963 return WPTERR_KEYSERVER_NOTFOUND;
964 return 0;
965 }
966
967
968 /* End the keyserver search procedure. */
969 void
970 kserver_search_end (int conn_fd)
971 {
972 log_debug ("kserver_search_end: fd=%d\r\n", conn_fd);
973 closesocket (conn_fd);
974 }
975
976
977 /* Begin keyserver search procedure. */
978 int
979 kserver_search_begin (const char *hostname, WORD port,
980 const char *pattern, int *conn_fd)
981 {
982 char *request = NULL;
983 char *enc_patt = NULL;
984 int n;
985 int rc, sock_fd;
986
987 rc = kserver_connect (hostname, port, &sock_fd);
988 if (rc) {
989 *conn_fd = 0;
990 goto leave;
991 }
992
993 enc_patt = URL_encode (pattern, strlen (pattern), NULL);
994 n = 140 + strlen (enc_patt) + strlen (hostname) + 32 + 2;
995 if (proxy.base64_user)
996 n += strlen (proxy.base64_user) + 1;
997 request = new char[n+1];
998 if (!request)
999 BUG (0);
1000
1001 if (proxy.host && proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
1002 _snprintf (request, n,
1003 "GET http://%s:%d/pks/lookup?op=index&search=%s HTTP/1.0\r\n"
1004 "Proxy-Authorization: Basic %s\r\n\r\n",
1005 skip_type_prefix (hostname), port, enc_patt, proxy.base64_user);
1006 }
1007 else if (proxy.host && proxy.proto == PROXY_PROTO_HTTP) {
1008 _snprintf (request, n,
1009 "GET http://%s:%d/pks/lookup?op=index&search=%s HTTP/1.0\r\n\r\n",
1010 skip_type_prefix (hostname), port, enc_patt);
1011 }
1012 else {
1013 _snprintf (request, n,
1014 "GET /pks/lookup?op=index&search=%s HTTP/1.0\r\n\r\n",
1015 enc_patt);
1016 }
1017
1018 log_debug ("kserver_search_begin:\r\n%s\r\n", request);
1019
1020 if (sock_write (sock_fd, request, strlen (request)) == SOCKET_ERROR) {
1021 rc = WPTERR_GENERAL;
1022 goto leave;
1023 }
1024
1025 rc = kserver_search_chkresp (sock_fd);
1026 if (rc) {
1027 closesocket (sock_fd);
1028 sock_fd = 0;
1029 }
1030
1031 *conn_fd = sock_fd;
1032
1033 leave:
1034 free_if_alloc (request);
1035 free_if_alloc (enc_patt);
1036 return rc;
1037 }
1038
1039
1040
1041
1042 /* Convert an iso date @iso_date (YYYY-MM-DD) into the locale
1043 representation and store it into @loc_date.
1044 Return value: 0 on success. */
1045 static int
1046 parse_iso_date (const char *iso_date, char *loc_date, size_t loclen)
1047 {
1048 SYSTEMTIME st;
1049 char buf[16] = {0}, *p;
1050 int pos=0;
1051
1052 strncpy (buf, iso_date, sizeof (buf)-1);
1053 p = strtok (buf, "-");
1054 while (p != NULL) {
1055 switch (pos) {
1056 case 0: st.wYear = (WORD)atoi (p); pos++; break;
1057 case 1: st.wMonth = (WORD)atoi (p); pos++; break;
1058 case 2: st.wDay = (WORD)atoi (p); pos++; break;
1059 default: break;
1060 }
1061 p = strtok (NULL, "-");
1062 }
1063 if (pos != 3)
1064 return -1;
1065
1066 if (!GetDateFormat (LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st,
1067 NULL, loc_date, loclen))
1068 return -1;
1069 return 0;
1070 }
1071
1072
1073 int
1074 kserver_search_next (int fd, keyserver_key *key)
1075 {
1076 char buf[1024], *p;
1077 int uidlen, nbytes, pos = 0;
1078
1079 log_debug ("keyserver_search_next:\r\n");
1080
1081 if (sock_getline (fd, buf, sizeof (buf) - 1, &nbytes))
1082 return WPTERR_GENERAL;
1083
1084 /* XXX: use maschine readable option. */
1085 log_debug ("%s\r\n", buf);
1086
1087 if (!strncmp (buf, "pub", 3)) {
1088 int revoked = strstr (buf, "KEY REVOKED") != NULL? 1 : 0;
1089 key->bits = atol (buf+3);
1090 p = strchr (buf, '>');
1091 if (!p)
1092 goto fail;
1093 pos = p - buf + 1;
1094 memcpy (key->keyid, buf + pos, 8);
1095 key->keyid[8] = '\0';
1096 p = strstr (buf, "</a>");
1097 if (!p)
1098 goto fail;
1099 pos = p - buf + 5;
1100 memcpy (key->date, buf + pos, 10);
1101 key->date[10] = '\0';
1102 parse_iso_date (key->date, key->date, sizeof (key->date)-1);
1103 if (revoked) {
1104 strcpy (key->uid, "KEY REVOKED: not checked");
1105 return 0;
1106 }
1107 pos += 10;
1108 p = buf + pos + 1;
1109 while (p && *p != '>')
1110 p++;
1111 p++;
1112 uidlen = strlen (p) - 10;
1113 if (!strstr (p, "&lt;") && !strstr (p, "&gt;")) {
1114 pos=0;
1115 while (p && *p && pos < sizeof (key->uid)-1) {
1116 if (*p == '<')
1117 break;
1118 key->uid[pos++] = *p++;
1119 }
1120 key->uid[pos] ='\0';
1121 return 0;
1122 }
1123
1124 if (uidlen > sizeof (key->uid)-1)
1125 uidlen = sizeof (key->uid)-1;
1126 memcpy (key->uid, p, uidlen);
1127 key->uid[uidlen] = '\0';
1128 strcat (key->uid, ">");
1129 p = strchr (key->uid, '&');
1130 if (p) {
1131 key->uid[(p-key->uid)] = '<';
1132 memmove (key->uid+(p-key->uid)+1, key->uid+(p-key->uid)+4,
1133 strlen (key->uid)-3);
1134 }
1135 return 0;
1136 }
1137
1138 fail:
1139 key->bits = 0;
1140 memset (key, 0, sizeof *key);
1141 return 0;
1142 }
1143
1144
1145 /* Release mbmers in the proxy context @ctx. */
1146 void
1147 kserver_proxy_release (keyserver_proxy_t ctx)
1148 {
1149 free_if_alloc (ctx->host);
1150 free_if_alloc (ctx->pass);
1151 free_if_alloc (ctx->user);
1152 ctx->port = ctx->proto = 0;
1153 }
1154
1155
1156 /* Spawn a process given by @cmdl. */
1157 static int
1158 spawn_application (char *cmdl)
1159 {
1160 STARTUPINFO si;
1161 PROCESS_INFORMATION pi;
1162 int rc = 0;
1163
1164 memset (&si, 0, sizeof (si));
1165 si.cb = sizeof (si);
1166 si.dwFlags = STARTF_USESHOWWINDOW;
1167 si.wShowWindow = SW_HIDE;
1168 memset (&pi, 0, sizeof (pi));
1169
1170 if (!CreateProcess (NULL, cmdl, NULL, NULL, FALSE, 0,
1171 NULL, NULL, &si, &pi)) {
1172 log_box ("Keyserver Plugin", MB_ERR, "Could not spawn helper process");
1173 rc = -1;
1174 }
1175
1176 CloseHandle (pi.hThread);
1177 WaitForSingleObject (pi.hProcess, INFINITE);
1178 CloseHandle (pi.hProcess);
1179 return rc;
1180 }
1181
1182
1183 static FILE*
1184 do_spawn_ldap_helper (const char *host, const char *keyid)
1185 {
1186 FILE *fp = NULL;
1187 char *p, *sep;
1188 char *ksprg;
1189 char outf[256], inf[256];
1190 size_t n;
1191
1192 p = get_gnupg_prog ();
1193 n = strlen (p) + 1 + 128;
1194 ksprg = new char[n+1];
1195 if (!ksprg)
1196 BUG (0);
1197 sep = strrchr (p, '\\');
1198 if (sep != NULL)
1199 p[(sep-p)] = 0;
1200
1201 _snprintf (ksprg, n, "%s\\gpgkeys_ldap.exe", p);
1202 free_if_alloc (p);
1203 if (file_exist_check (ksprg)) {
1204 log_box ("LDAP Keyserver Plugin", MB_ERR,
1205 "%s: could not find LDAP keyserver module!", ksprg);
1206 fp = NULL;
1207 goto leave;
1208 }
1209 get_temp_name (outf, sizeof (outf)-1, keyid);
1210 get_temp_name (inf, sizeof (inf)-1, NULL);
1211 fp = fopen (inf, "w+b");
1212 if (!fp) {
1213 log_box ("LDAP Keyserver Plugin", MB_ERR, "%s: %s", inf,
1214 winpt_strerror (WPTERR_FILE_OPEN));
1215 goto leave;
1216 }
1217 fprintf (fp,
1218 "VERSION 1\n"
1219 "PROGRAM 1.4.3-cvs\n"
1220 "SCHEME ldap\n"
1221 "HOST %s\n"
1222 "COMMAND GET\n"
1223 "\n"
1224 "%s\n",
1225 host? skip_type_prefix (host): "64.94.85.200", keyid);
1226 fclose (fp);
1227
1228 p = new char[strlen (ksprg) + strlen (inf) + strlen (outf) + 32];
1229 if (!p)
1230 BUG (NULL);
1231 sprintf (p, "%s -o %s %s", ksprg, outf, inf);
1232 if (spawn_application (p)) {
1233 fp = NULL;
1234 goto leave;
1235 }
1236 fp = fopen (outf, "rb");
1237 if (!fp)
1238 log_box ("LDAP Keyserver Plugin", MB_ERR, "%s: %s", outf,
1239 winpt_strerror (WPTERR_FILE_OPEN));
1240
1241 leave:
1242 DeleteFile (inf);
1243 DeleteFile (outf);
1244 free_if_alloc (p);
1245 free_if_alloc (ksprg);
1246 return fp;
1247 }
1248
1249 /* Receive an key via LDAP from host @host with the keyid @keyid.
1250 @key contains the key on success. */
1251 int
1252 ldap_recvkey (const char *host, const char *keyid,
1253 char **r_key, int *r_keylen)
1254 {
1255 gpgme_data_t raw;
1256 FILE *fp;
1257 const char *s;
1258 char buf[512];
1259 int start_key = 0, failed = 0;
1260 int rc = 0;
1261
1262 fp = do_spawn_ldap_helper (host, keyid);
1263 if (!fp)
1264 return WPTERR_GENERAL;
1265
1266 if (gpgme_data_new (&raw))
1267 BUG (0);
1268 while (!feof (fp)) {
1269 s = fgets (buf, sizeof (buf)-1, fp);
1270 if (!s)
1271 break;
1272 if (strstr (s, "KEY") && strstr (s, "FAILED")) {
1273 failed = 1;
1274 break;
1275 }
1276 if (!start_key && strstr (s, "KEY") && strstr (s, "BEGIN")) {
1277 start_key = 1;
1278 continue;
1279 }
1280 if (!start_key)
1281 continue;
1282 gpgme_data_write (raw, buf, strlen (buf));
1283 if (strstr (s, "KEY") && strstr (s, "END"))
1284 break;
1285 }
1286 fclose (fp);
1287
1288 if (failed)
1289 rc = WPTERR_WINSOCK_RECVKEY;
1290 *r_key = data_release_and_get_mem (raw, r_keylen);
1291 return rc;
1292 }
1293
1294
1295 /* Receive an key via FINGER from host @host with the user @user.
1296 On success @key contains the key. */
1297 int
1298 finger_recvkey (const char *host, const char *user,
1299 char **r_key, int *r_keylen)
1300 {
1301 gpgme_data_t raw;
1302 char buf[256];
1303 int fd, nread;
1304 int start_key = 0;
1305 int rc=0;
1306
1307 rc = kserver_connect (host, FINGER_PORT, &fd);
1308 if (rc)
1309 return rc;
1310
1311 sock_write (fd, user, strlen (user));
1312 sock_write (fd, "\r\n", 2);
1313
1314 if (gpgme_data_new (&raw))
1315 BUG (0);
1316
1317 for (;;) {
1318 if (sock_getline (fd, buf, sizeof (buf), &nread))
1319 break;
1320 strcat (buf, "\n");
1321 if (strstr (buf, "BEGIN PGP PUBLIC KEY BLOCK")) {
1322 gpgme_data_write (raw, buf, nread);
1323 start_key = 1;
1324 }
1325 else if (strstr (buf, "END PGP PUBLIC KEY BLOCK" ) && start_key) {
1326 gpgme_data_write (raw, buf, nread);
1327 start_key--;
1328 break;
1329 }
1330 else if (start_key)
1331 gpgme_data_write (raw, buf, nread);
1332 }
1333
1334 closesocket (fd);
1335 if (start_key != 0)
1336 rc = WPTERR_WINSOCK_RECVKEY;
1337 *r_key = data_release_and_get_mem (raw, r_keylen);
1338 return rc;
1339 }
1340
1341
1342 /* Check if the given name @name is a valid hostname. */
1343 int
1344 check_IP_or_hostname (const char *name)
1345 {
1346 const char *not_allowed = "=!ยง$%&@#*~\\/}][{<>|,;:'";
1347 size_t i, j;
1348
1349 for (i=0; i < strlen (name); i++) {
1350 for (j =0; j < strlen (not_allowed); j++) {
1351 if (name[i] == not_allowed[j])
1352 return -1;
1353 }
1354 }
1355 return 0;
1356 }

Properties

Name Value
svn:eol-style native
[email protected]
 ViewVC Help
Powered by ViewVC 1.1.26