1 /* dirmngr.c - Common definitions for the dirmngr 2 * Copyright (C) 2002 Klarälvdalens Datakonsult AB 3 * Copyright (C) 2004 g10 Code GmbH 4 * 5 * This file is part of DirMngr. 6 * 7 * DirMngr is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * DirMngr is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #ifndef DIRMNGR_H 22 #define DIRMNGR_H 23 24 #include <sys/time.h> 25 #include <unistd.h> 26 #include <gcrypt.h> /* we need this for the memory function protos */ 27 #include <gpg-error.h> 28 #include <ksba.h> 29 #include <assuan.h> 30 31 /* to pass hash functions to libksba we need to cast it */ 32 #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) 33 34 #include "i18n.h" 35 #include "util.h" 36 37 #define seterr(a) (GNUPG_ ## a) 38 39 40 /* This objects keeps information about a particular LDAP server and 41 is used as item of a single linked list of servers. */ 42 struct ldap_server_s { 43 struct ldap_server_s* next; 44 45 char *host; 46 int port; 47 char *user; 48 char *pass; 49 char *base; 50 }; 51 typedef struct ldap_server_s *ldap_server_t; 52 53 54 /* A list of fingerprints. */ 55 struct fingerprint_list_s; 56 typedef struct fingerprint_list_s *fingerprint_list_t; 57 struct fingerprint_list_s 58 { 59 fingerprint_list_t next; 60 char hexfpr[20+20+1]; 61 }; 62 63 64 /* A large struct name "opt" to keep global flags. */ 65 struct 66 { 67 unsigned int debug; /* debug flags (DBG_foo_VALUE) */ 68 int verbose; /* verbosity level */ 69 int quiet; /* be as quiet as possible */ 70 int dry_run; /* don't change any persistent data */ 71 int batch; /* batch mode */ 72 const char *homedir; /* Configuration directory name */ 73 const char *homedir_data; /* Ditto for data files (/usr/share/dirmngr). */ 74 const char *homedir_cache; /* Ditto for cache files (/var/cache/dirmngr). */ 75 76 char *config_filename; /* Name of a config file, which will be 77 reread on a HUP if it is not NULL. */ 78 79 char *ldap_wrapper_program; /* Override value for the LDAP wrapper 80 program. */ 81 char *http_wrapper_program; /* Override value for the HTTP wrapper 82 program. */ 83 84 int system_service; /* We are running as W32 service (implies daemon). */ 85 int system_daemon; /* We are running in system daemon mode. */ 86 int running_detached; /* We are running in detached mode. */ 87 88 int force; /* Force loading outdated CRLs. */ 89 90 int disable_http; /* Do not use HTTP at all. */ 91 int disable_ldap; /* Do not use LDAP at all. */ 92 int honor_http_proxy; /* Honor the http_proxy env variable. */ 93 const char *http_proxy; /* Use given HTTP proxy. */ 94 const char *ldap_proxy; /* Use given LDAP proxy. */ 95 int only_ldap_proxy; /* Only use the LDAP proxy; no fallback. */ 96 int ignore_http_dp; /* Ignore HTTP CRL distribution points. */ 97 int ignore_ldap_dp; /* Ignore LDAP CRL distribution points. */ 98 int ignore_ocsp_service_url; /* Ignore OCSP service URLs as given in 99 the certificate. */ 100 101 /* A list of certificate extension OIDs which are ignored so that 102 one can claim that a critical extension has been handled. One 103 OID per string. */ 104 strlist_t ignored_cert_extensions; 105 106 int allow_ocsp; /* Allow using OCSP. */ 107 108 int max_replies; 109 unsigned int ldaptimeout; 110 111 ldap_server_t ldapservers; 112 int add_new_ldapservers; 113 114 const char *ocsp_responder; /* Standard OCSP responder's URL. */ 115 fingerprint_list_t ocsp_signer; /* The list of fingerprints with allowed 116 standard OCSP signer certificates. */ 117 118 unsigned int ocsp_max_clock_skew; /* Allowed seconds of clocks skew. */ 119 unsigned int ocsp_max_period; /* Seconds a response is at maximum 120 considered valid after thisUpdate. */ 121 unsigned int ocsp_current_period; /* Seconds a response is considered 122 current after nextUpdate. */ 123 } opt; 124 125 126 #define DBG_X509_VALUE 1 /* debug x.509 parsing */ 127 #define DBG_LOOKUP_VALUE 2 /* debug lookup details */ 128 #define DBG_CRYPTO_VALUE 4 /* debug low level crypto */ 129 #define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */ 130 #define DBG_CACHE_VALUE 64 /* debug the caching */ 131 #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ 132 #define DBG_HASHING_VALUE 512 /* debug hashing operations */ 133 #define DBG_ASSUAN_VALUE 1024 /* debug assuan communication */ 134 135 #define DBG_X509 (opt.debug & DBG_X509_VALUE) 136 #define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) 137 #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) 138 #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) 139 #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) 140 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) 141 #define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) 142 143 /* A simple list of certificate references. */ 144 struct cert_ref_s 145 { 146 struct cert_ref_s *next; 147 unsigned char fpr[20]; 148 }; 149 typedef struct cert_ref_s *cert_ref_t; 150 151 /* Forward references; access only through server.c. */ 152 struct server_local_s; 153 154 /* Connection control structure. */ 155 struct server_control_s 156 { 157 int refcount; /* Count additional references to this object. */ 158 int no_server; /* We are not running under server control. */ 159 int status_fd; /* Only for non-server mode. */ 160 struct server_local_s *server_local; 161 int force_crl_refresh; /* Always load a fresh CRL. */ 162 163 int check_revocations_nest_level; /* Internal to check_revovations. */ 164 cert_ref_t ocsp_certs; /* Certificates from the current OCSP 165 response. */ 166 167 int audit_events; /* Send audit events to client. */ 168 }; 169 170 typedef struct server_control_s *ctrl_t; 171 172 173 /*-- dirmngr.c --*/ 174 void dirmngr_exit( int ); /* Wrapper for exit() */ 175 void dirmngr_init_default_ctrl (ctrl_t ctrl); 176 177 /*-- server.c --*/ 178 ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl); 179 ksba_cert_t get_cert_local (ctrl_t ctrl, const char *issuer); 180 ksba_cert_t get_issuing_cert_local (ctrl_t ctrl, const char *issuer); 181 ksba_cert_t get_cert_local_ski (ctrl_t ctrl, 182 const char *name, ksba_sexp_t keyid); 183 gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr); 184 void start_command_handler (assuan_fd_t fd); 185 gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...); 186 gpg_error_t dirmngr_tick (ctrl_t ctrl); 187 188 189 #endif /*DIRMNGR_H*/ 190 191 192