1 /* dirmngr.c - Common definitions for the dirmngr
2  *	Copyright (C) 2002 Klarälvdalens Datakonsult AB
3  *	Copyright (C) 2004 g10 Code GmbH
4  *
5  * This file is part of DirMngr.
6  *
7  * DirMngr is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * DirMngr is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #ifndef DIRMNGR_H
22 #define DIRMNGR_H
23 
24 #include <sys/time.h>
25 #include <unistd.h>
26 #include <gcrypt.h> /* we need this for the memory function protos */
27 #include <gpg-error.h>
28 #include <ksba.h>
29 #include <assuan.h>
30 
31 /* to pass hash functions to libksba we need to cast it */
32 #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
33 
34 #include "i18n.h"
35 #include "util.h"
36 
37 #define seterr(a)  (GNUPG_ ## a)
38 
39 
40 /* This objects keeps information about a particular LDAP server and
41    is used as item of a single linked list of servers. */
42 struct ldap_server_s {
43   struct ldap_server_s* next;
44 
45   char *host;
46   int   port;
47   char *user;
48   char *pass;
49   char *base;
50 };
51 typedef struct ldap_server_s *ldap_server_t;
52 
53 
54 /* A list of fingerprints.  */
55 struct fingerprint_list_s;
56 typedef struct fingerprint_list_s *fingerprint_list_t;
57 struct fingerprint_list_s
58 {
59   fingerprint_list_t next;
60   char hexfpr[20+20+1];
61 };
62 
63 
64 /* A large struct name "opt" to keep global flags. */
65 struct
66 {
67   unsigned int debug; /* debug flags (DBG_foo_VALUE) */
68   int verbose;        /* verbosity level */
69   int quiet;          /* be as quiet as possible */
70   int dry_run;        /* don't change any persistent data */
71   int batch;          /* batch mode */
72   const char *homedir;      /* Configuration directory name */
73   const char *homedir_data; /* Ditto for data files (/usr/share/dirmngr).  */
74   const char *homedir_cache; /* Ditto for cache files (/var/cache/dirmngr).  */
75 
76   char *config_filename;     /* Name of a config file, which will be
77                                 reread on a HUP if it is not NULL. */
78 
79   char *ldap_wrapper_program; /* Override value for the LDAP wrapper
80                                  program.  */
81   char *http_wrapper_program; /* Override value for the HTTP wrapper
82                                  program.  */
83 
84   int system_service;   /* We are running as W32 service (implies daemon).  */
85   int system_daemon;    /* We are running in system daemon mode.  */
86   int running_detached; /* We are running in detached mode.  */
87 
88   int force;          /* Force loading outdated CRLs. */
89 
90   int disable_http;       /* Do not use HTTP at all.  */
91   int disable_ldap;       /* Do not use LDAP at all.  */
92   int honor_http_proxy;   /* Honor the http_proxy env variable. */
93   const char *http_proxy; /* Use given HTTP proxy.  */
94   const char *ldap_proxy; /* Use given LDAP proxy.  */
95   int only_ldap_proxy;    /* Only use the LDAP proxy; no fallback.  */
96   int ignore_http_dp;     /* Ignore HTTP CRL distribution points.  */
97   int ignore_ldap_dp;     /* Ignore LDAP CRL distribution points.  */
98   int ignore_ocsp_service_url; /* Ignore OCSP service URLs as given in
99                                   the certificate.  */
100 
101   /* A list of certificate extension OIDs which are ignored so that
102      one can claim that a critical extension has been handled.  One
103      OID per string.  */
104   strlist_t ignored_cert_extensions;
105 
106   int allow_ocsp;     /* Allow using OCSP. */
107 
108   int max_replies;
109   unsigned int ldaptimeout;
110 
111   ldap_server_t ldapservers;
112   int add_new_ldapservers;
113 
114   const char *ocsp_responder;     /* Standard OCSP responder's URL. */
115   fingerprint_list_t ocsp_signer; /* The list of fingerprints with allowed
116                                      standard OCSP signer certificates.  */
117 
118   unsigned int ocsp_max_clock_skew; /* Allowed seconds of clocks skew. */
119   unsigned int ocsp_max_period;     /* Seconds a response is at maximum
120                                        considered valid after thisUpdate. */
121   unsigned int ocsp_current_period; /* Seconds a response is considered
122                                        current after nextUpdate. */
123 } opt;
124 
125 
126 #define DBG_X509_VALUE    1	/* debug x.509 parsing */
127 #define DBG_LOOKUP_VALUE  2	/* debug lookup details */
128 #define DBG_CRYPTO_VALUE  4	/* debug low level crypto */
129 #define DBG_MEMORY_VALUE  32	/* debug memory allocation stuff */
130 #define DBG_CACHE_VALUE   64	/* debug the caching */
131 #define DBG_MEMSTAT_VALUE 128	/* show memory statistics */
132 #define DBG_HASHING_VALUE 512	/* debug hashing operations */
133 #define DBG_ASSUAN_VALUE  1024  /* debug assuan communication */
134 
135 #define DBG_X509    (opt.debug & DBG_X509_VALUE)
136 #define DBG_LOOKUP  (opt.debug & DBG_LOOKUP_VALUE)
137 #define DBG_CRYPTO  (opt.debug & DBG_CRYPTO_VALUE)
138 #define DBG_MEMORY  (opt.debug & DBG_MEMORY_VALUE)
139 #define DBG_CACHE   (opt.debug & DBG_CACHE_VALUE)
140 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
141 #define DBG_ASSUAN   (opt.debug & DBG_ASSUAN_VALUE)
142 
143 /* A simple list of certificate references. */
144 struct cert_ref_s
145 {
146   struct cert_ref_s *next;
147   unsigned char fpr[20];
148 };
149 typedef struct cert_ref_s *cert_ref_t;
150 
151 /* Forward references; access only through server.c.  */
152 struct server_local_s;
153 
154 /* Connection control structure.  */
155 struct server_control_s
156 {
157   int refcount;      /* Count additional references to this object.  */
158   int no_server;     /* We are not running under server control. */
159   int status_fd;     /* Only for non-server mode. */
160   struct server_local_s *server_local;
161   int force_crl_refresh; /* Always load a fresh CRL. */
162 
163   int check_revocations_nest_level; /* Internal to check_revovations.  */
164   cert_ref_t ocsp_certs; /* Certificates from the current OCSP
165                             response. */
166 
167   int audit_events;  /* Send audit events to client.  */
168 };
169 
170 typedef struct server_control_s *ctrl_t;
171 
172 
173 /*-- dirmngr.c --*/
174 void dirmngr_exit( int );  /* Wrapper for exit() */
175 void dirmngr_init_default_ctrl (ctrl_t ctrl);
176 
177 /*-- server.c --*/
178 ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl);
179 ksba_cert_t get_cert_local (ctrl_t ctrl, const char *issuer);
180 ksba_cert_t get_issuing_cert_local (ctrl_t ctrl, const char *issuer);
181 ksba_cert_t get_cert_local_ski (ctrl_t ctrl,
182                                 const char *name, ksba_sexp_t keyid);
183 gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr);
184 void start_command_handler (assuan_fd_t fd);
185 gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...);
186 gpg_error_t dirmngr_tick (ctrl_t ctrl);
187 
188 
189 #endif /*DIRMNGR_H*/
190 
191 
192