search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move password repetition from gpg to gpg-agent.
[gnupg.git] / sm / import.c
blobcb1922ed56a5326d7f9794facbcc7e150cfb7dcc
1 /* import.c - Import certificates
2 * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <config.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <errno.h>
25 #include <time.h>
26 #include <assert.h>
27 #include <unistd.h>
28
29 #include "gpgsm.h"
30 #include <gcrypt.h>
31 #include <ksba.h>
32
33 #include "keydb.h"
34 #include "exechelp.h"
35 #include "i18n.h"
36 #include "sysutils.h"
37
38 struct stats_s {
39 unsigned long count;
40 unsigned long imported;
41 unsigned long unchanged;
42 unsigned long not_imported;
43 unsigned long secret_read;
44 unsigned long secret_imported;
45 unsigned long secret_dups;
46 };
47
48
49 static gpg_error_t parse_p12 (ctrl_t ctrl, ksba_reader_t reader, FILE **retfp,
50 struct stats_s *stats);
51
52
53
54 static void
55 print_imported_status (ctrl_t ctrl, ksba_cert_t cert, int new_cert)
56 {
57 char *fpr;
58
59 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
60 if (new_cert)
61 gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, "[X.509]", NULL);
62
63 gpgsm_status2 (ctrl, STATUS_IMPORT_OK,
64 new_cert? "1":"0", fpr, NULL);
65
66 xfree (fpr);
67 }
68
69
70 /* Print an IMPORT_PROBLEM status. REASON is one of:
71 0 := "No specific reason given".
72 1 := "Invalid Certificate".
73 2 := "Issuer Certificate missing".
74 3 := "Certificate Chain too long".
75 4 := "Error storing certificate".
76 */
77 static void
78 print_import_problem (ctrl_t ctrl, ksba_cert_t cert, int reason)
79 {
80 char *fpr = NULL;
81 char buf[25];
82 int i;
83
84 sprintf (buf, "%d", reason);
85 if (cert)
86 {
87 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
88 /* detetect an error (all high) value */
89 for (i=0; fpr[i] == 'F'; i++)
90 ;
91 if (!fpr[i])
92 {
93 xfree (fpr);
94 fpr = NULL;
95 }
96 }
97 gpgsm_status2 (ctrl, STATUS_IMPORT_PROBLEM, buf, fpr, NULL);
98 xfree (fpr);
99 }
100
101
102 void
103 print_imported_summary (ctrl_t ctrl, struct stats_s *stats)
104 {
105 char buf[14*25];
106
107 if (!opt.quiet)
108 {
109 log_info (_("total number processed: %lu\n"), stats->count);
110 if (stats->imported)
111 {
112 log_info (_(" imported: %lu"), stats->imported );
113 log_printf ("\n");
114 }
115 if (stats->unchanged)
116 log_info (_(" unchanged: %lu\n"), stats->unchanged);
117 if (stats->secret_read)
118 log_info (_(" secret keys read: %lu\n"), stats->secret_read );
119 if (stats->secret_imported)
120 log_info (_(" secret keys imported: %lu\n"), stats->secret_imported );
121 if (stats->secret_dups)
122 log_info (_(" secret keys unchanged: %lu\n"), stats->secret_dups );
123 if (stats->not_imported)
124 log_info (_(" not imported: %lu\n"), stats->not_imported);
125 }
126
127 sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
128 stats->count,
129 0l /*stats->no_user_id*/,
130 stats->imported,
131 0l /*stats->imported_rsa*/,
132 stats->unchanged,
133 0l /*stats->n_uids*/,
134 0l /*stats->n_subk*/,
135 0l /*stats->n_sigs*/,
136 0l /*stats->n_revoc*/,
137 stats->secret_read,
138 stats->secret_imported,
139 stats->secret_dups,
140 0l /*stats->skipped_new_keys*/,
141 stats->not_imported
142 );
143 gpgsm_status (ctrl, STATUS_IMPORT_RES, buf);
144 }
145
146
147
148 static void
149 check_and_store (ctrl_t ctrl, struct stats_s *stats,
150 ksba_cert_t cert, int depth)
151 {
152 int rc;
153
154 if (stats)
155 stats->count++;
156 if ( depth >= 50 )
157 {
158 log_error (_("certificate chain too long\n"));
159 if (stats)
160 stats->not_imported++;
161 print_import_problem (ctrl, cert, 3);
162 return;
163 }
164
165 /* Some basic checks, but don't care about missing certificates;
166 this is so that we are able to import entire certificate chains
167 w/o requiring a special order (i.e. root-CA first). This used
168 to be different but because gpgsm_verify even imports
169 certificates without any checks, it doesn't matter much and the
170 code gets much cleaner. A housekeeping function to remove
171 certificates w/o an anchor would be nice, though.
172
173 Optionally we do a full validation in addition to the basic test.
174 */
175 rc = gpgsm_basic_cert_check (ctrl, cert);
176 if (!rc && ctrl->with_validation)
177 rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
178 if (!rc || (!ctrl->with_validation
179 && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
180 {
181 int existed;
182
183 if (!keydb_store_cert (cert, 0, &existed))
184 {
185 ksba_cert_t next = NULL;
186
187 if (!existed)
188 {
189 print_imported_status (ctrl, cert, 1);
190 if (stats)
191 stats->imported++;
192 }
193 else
194 {
195 print_imported_status (ctrl, cert, 0);
196 if (stats)
197 stats->unchanged++;
198 }
199
200 if (opt.verbose > 1 && existed)
201 {
202 if (depth)
203 log_info ("issuer certificate already in DB\n");
204 else
205 log_info ("certificate already in DB\n");
206 }
207 else if (opt.verbose && !existed)
208 {
209 if (depth)
210 log_info ("issuer certificate imported\n");
211 else
212 log_info ("certificate imported\n");
213 }
214
215 /* Now lets walk up the chain and import all certificates up
216 the chain. This is required in case we already stored
217 parent certificates in the ephemeral keybox. Do not
218 update the statistics, though. */
219 if (!gpgsm_walk_cert_chain (ctrl, cert, &next))
220 {
221 check_and_store (ctrl, NULL, next, depth+1);
222 ksba_cert_release (next);
223 }
224 }
225 else
226 {
227 log_error (_("error storing certificate\n"));
228 if (stats)
229 stats->not_imported++;
230 print_import_problem (ctrl, cert, 4);
231 }
232 }
233 else
234 {
235 log_error (_("basic certificate checks failed - not imported\n"));
236 if (stats)
237 stats->not_imported++;
238 print_import_problem (ctrl, cert,
239 gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
240 gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0);
241 }
242 }
243
244
245 \f
246
247 static int
248 import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
249 {
250 int rc;
251 Base64Context b64reader = NULL;
252 ksba_reader_t reader;
253 ksba_cert_t cert = NULL;
254 ksba_cms_t cms = NULL;
255 FILE *fp = NULL;
256 ksba_content_type_t ct;
257 int any = 0;
258
259 fp = fdopen ( dup (in_fd), "rb");
260 if (!fp)
261 {
262 rc = gpg_error (gpg_err_code_from_errno (errno));
263 log_error ("fdopen() failed: %s\n", strerror (errno));
264 goto leave;
265 }
266
267 rc = gpgsm_create_reader (&b64reader, ctrl, fp, 1, &reader);
268 if (rc)
269 {
270 log_error ("can't create reader: %s\n", gpg_strerror (rc));
271 goto leave;
272 }
273
274
275 /* We need to loop here to handle multiple PEM objects in one
276 file. */
277 do
278 {
279 ksba_cms_release (cms); cms = NULL;
280 ksba_cert_release (cert); cert = NULL;
281
282 ct = ksba_cms_identify (reader);
283 if (ct == KSBA_CT_SIGNED_DATA)
284 { /* This is probably a signed-only message - import the certs */
285 ksba_stop_reason_t stopreason;
286 int i;
287
288 rc = ksba_cms_new (&cms);
289 if (rc)
290 goto leave;
291
292 rc = ksba_cms_set_reader_writer (cms, reader, NULL);
293 if (rc)
294 {
295 log_error ("ksba_cms_set_reader_writer failed: %s\n",
296 gpg_strerror (rc));
297 goto leave;
298 }
299
300 do
301 {
302 rc = ksba_cms_parse (cms, &stopreason);
303 if (rc)
304 {
305 log_error ("ksba_cms_parse failed: %s\n", gpg_strerror (rc));
306 goto leave;
307 }
308
309 if (stopreason == KSBA_SR_BEGIN_DATA)
310 log_info ("not a certs-only message\n");
311 }
312 while (stopreason != KSBA_SR_READY);
313
314 for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
315 {
316 check_and_store (ctrl, stats, cert, 0);
317 ksba_cert_release (cert);
318 cert = NULL;
319 }
320 if (!i)
321 log_error ("no certificate found\n");
322 else
323 any = 1;
324 }
325 else if (ct == KSBA_CT_PKCS12)
326 { /* This seems to be a pkcs12 message. We use an external
327 tool to parse the message and to store the private keys.
328 We need to use a another reader here to parse the
329 certificate we included in the p12 file; then we continue
330 to look for other pkcs12 files (works only if they are in
331 PEM format. */
332 FILE *certfp;
333 Base64Context b64p12rdr;
334 ksba_reader_t p12rdr;
335
336 rc = parse_p12 (ctrl, reader, &certfp, stats);
337 if (!rc)
338 {
339 any = 1;
340
341 rewind (certfp);
342 rc = gpgsm_create_reader (&b64p12rdr, ctrl, certfp, 1, &p12rdr);
343 if (rc)
344 {
345 log_error ("can't create reader: %s\n", gpg_strerror (rc));
346 fclose (certfp);
347 goto leave;
348 }
349
350 do
351 {
352 ksba_cert_release (cert); cert = NULL;
353 rc = ksba_cert_new (&cert);
354 if (!rc)
355 {
356 rc = ksba_cert_read_der (cert, p12rdr);
357 if (!rc)
358 check_and_store (ctrl, stats, cert, 0);
359 }
360 ksba_reader_clear (p12rdr, NULL, NULL);
361 }
362 while (!rc && !gpgsm_reader_eof_seen (b64p12rdr));
363
364 if (gpg_err_code (rc) == GPG_ERR_EOF)
365 rc = 0;
366 gpgsm_destroy_reader (b64p12rdr);
367 fclose (certfp);
368 if (rc)
369 goto leave;
370 }
371 }
372 else if (ct == KSBA_CT_NONE)
373 { /* Failed to identify this message - assume a certificate */
374
375 rc = ksba_cert_new (&cert);
376 if (rc)
377 goto leave;
378
379 rc = ksba_cert_read_der (cert, reader);
380 if (rc)
381 goto leave;
382
383 check_and_store (ctrl, stats, cert, 0);
384 any = 1;
385 }
386 else
387 {
388 log_error ("can't extract certificates from input\n");
389 rc = gpg_error (GPG_ERR_NO_DATA);
390 }
391
392 ksba_reader_clear (reader, NULL, NULL);
393 }
394 while (!gpgsm_reader_eof_seen (b64reader));
395
396 leave:
397 if (any && gpg_err_code (rc) == GPG_ERR_EOF)
398 rc = 0;
399 ksba_cms_release (cms);
400 ksba_cert_release (cert);
401 gpgsm_destroy_reader (b64reader);
402 if (fp)
403 fclose (fp);
404 return rc;
405 }
406
407
408 int
409 gpgsm_import (ctrl_t ctrl, int in_fd)
410 {
411 int rc;
412 struct stats_s stats;
413
414 memset (&stats, 0, sizeof stats);
415 rc = import_one (ctrl, &stats, in_fd);
416 print_imported_summary (ctrl, &stats);
417 /* If we never printed an error message do it now so that a command
418 line invocation will return with an error (log_error keeps a
419 global errorcount) */
420 if (rc && !log_get_errorcount (0))
421 log_error (_("error importing certificate: %s\n"), gpg_strerror (rc));
422 return rc;
423 }
424
425
426 int
427 gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
428 int (*of)(const char *fname))
429 {
430 int rc = 0;
431 struct stats_s stats;
432
433 memset (&stats, 0, sizeof stats);
434
435 if (!nfiles)
436 rc = import_one (ctrl, &stats, 0);
437 else
438 {
439 for (; nfiles && !rc ; nfiles--, files++)
440 {
441 int fd = of (*files);
442 rc = import_one (ctrl, &stats, fd);
443 close (fd);
444 if (rc == -1)
445 rc = 0;
446 }
447 }
448 print_imported_summary (ctrl, &stats);
449 /* If we never printed an error message do it now so that a command
450 line invocation will return with an error (log_error keeps a
451 global errorcount) */
452 if (rc && !log_get_errorcount (0))
453 log_error (_("error importing certificate: %s\n"), gpg_strerror (rc));
454 return rc;
455 }
456
457
458 /* Fork and exec the protecttool, connect the file descriptor of
459 INFILE to stdin, return a new stream in STATUSFILE, write the
460 output to OUTFILE and the pid of the process in PID. Returns 0 on
461 success or an error code. */
462 static gpg_error_t
463 popen_protect_tool (ctrl_t ctrl, const char *pgmname,
464 FILE *infile, FILE *outfile, FILE **statusfile, pid_t *pid)
465 {
466 const char *argv[20];
467 int i=0;
468
469 /* Make sure that the agent is running so that the protect tool is
470 able to ask for a passphrase. This has only an effect under W32
471 where the agent is started on demand; sending a NOP does not harm
472 on other platforms. */
473 gpgsm_agent_send_nop (ctrl);
474
475 argv[i++] = "--homedir";
476 argv[i++] = opt.homedir;
477 argv[i++] = "--p12-import";
478 argv[i++] = "--store";
479 argv[i++] = "--no-fail-on-exist";
480 argv[i++] = "--enable-status-msg";
481 if (opt.fixed_passphrase)
482 {
483 argv[i++] = "--passphrase";
484 argv[i++] = opt.fixed_passphrase;
485 }
486 argv[i++] = "--",
487 argv[i] = NULL;
488 assert (i < sizeof argv);
489
490 return gnupg_spawn_process (pgmname, argv, infile, outfile,
491 setup_pinentry_env, 128,
492 statusfile, pid);
493 }
494
495
496 /* Assume that the reader is at a pkcs#12 message and try to import
497 certificates from that stupid format. We will also store secret
498 keys. All of the pkcs#12 parsing and key storing is handled by the
499 gpg-protect-tool, we merely have to take care of receiving the
500 certificates. On success RETFP returns a temporary file with
501 certificates. */
502 static gpg_error_t
503 parse_p12 (ctrl_t ctrl, ksba_reader_t reader,
504 FILE **retfp, struct stats_s *stats)
505 {
506 const char *pgmname;
507 gpg_error_t err = 0, child_err = 0;
508 int c, cont_line;
509 unsigned int pos;
510 FILE *tmpfp, *certfp = NULL, *fp = NULL;
511 char buffer[1024];
512 size_t nread;
513 pid_t pid = -1;
514 int bad_pass = 0;
515
516 if (!opt.protect_tool_program || !*opt.protect_tool_program)
517 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_PROTECT_TOOL);
518 else
519 pgmname = opt.protect_tool_program;
520
521 *retfp = NULL;
522
523 /* To avoid an extra feeder process or doing selects and because
524 gpg-protect-tool will anyway parse the entire pkcs#12 message in
525 memory, we simply use tempfiles here and pass them to
526 the gpg-protect-tool. */
527 tmpfp = gnupg_tmpfile ();
528 if (!tmpfp)
529 {
530 err = gpg_error_from_syserror ();
531 log_error (_("error creating temporary file: %s\n"), strerror (errno));
532 goto cleanup;
533 }
534 while (!(err = ksba_reader_read (reader, buffer, sizeof buffer, &nread)))
535 {
536 if (nread && fwrite (buffer, nread, 1, tmpfp) != 1)
537 {
538 err = gpg_error_from_syserror ();
539 log_error (_("error writing to temporary file: %s\n"),
540 strerror (errno));
541 goto cleanup;
542 }
543 }
544 if (gpg_err_code (err) == GPG_ERR_EOF)
545 err = 0;
546 if (err)
547 {
548 log_error (_("error reading input: %s\n"), gpg_strerror (err));
549 goto cleanup;
550 }
551
552 certfp = gnupg_tmpfile ();
553 if (!certfp)
554 {
555 err = gpg_error_from_syserror ();
556 log_error (_("error creating temporary file: %s\n"), strerror (errno));
557 goto cleanup;
558 }
559
560 err = popen_protect_tool (ctrl, pgmname, tmpfp, certfp, &fp, &pid);
561 if (err)
562 {
563 pid = -1;
564 goto cleanup;
565 }
566 fclose (tmpfp);
567 tmpfp = NULL;
568
569 /* Read stderr of the protect tool. */
570 pos = 0;
571 cont_line = 0;
572 while ((c=getc (fp)) != EOF)
573 {
574 /* fixme: We could here grep for status information of the
575 protect tool to figure out better error codes for
576 CHILD_ERR. */
577 buffer[pos++] = c;
578 if (pos >= sizeof buffer - 5 || c == '\n')
579 {
580 buffer[pos - (c == '\n')] = 0;
581 if (cont_line)
582 log_printf ("%s", buffer);
583 else
584 {
585 if (!strncmp (buffer, "gpg-protect-tool: [PROTECT-TOOL:] ",34))
586 {
587 char *p, *pend;
588
589 p = buffer + 34;
590 pend = strchr (p, ' ');
591 if (pend)
592 *pend = 0;
593 if ( !strcmp (p, "secretkey-stored"))
594 {
595 stats->count++;
596 stats->secret_read++;
597 stats->secret_imported++;
598 }
599 else if ( !strcmp (p, "secretkey-exists"))
600 {
601 stats->count++;
602 stats->secret_read++;
603 stats->secret_dups++;
604 }
605 else if ( !strcmp (p, "bad-passphrase"))
606 {
607
608 }
609 }
610 else
611 {
612 log_info ("%s", buffer);
613 if (!strncmp (buffer, "gpg-protect-tool: "
614 "possibly bad passphrase given",46))
615 bad_pass++;
616 }
617 }
618 pos = 0;
619 cont_line = (c != '\n');
620 }
621 }
622
623 if (pos)
624 {
625 buffer[pos] = 0;
626 if (cont_line)
627 log_printf ("%s\n", buffer);
628 else
629 log_info ("%s\n", buffer);
630 }
631
632
633 /* If we found no error in the output of the child, setup a suitable
634 error code, which will later be reset if the exit status of the
635 child is 0. */
636 if (!child_err)
637 child_err = gpg_error (GPG_ERR_DECRYPT_FAILED);
638
639 cleanup:
640 if (tmpfp)
641 fclose (tmpfp);
642 if (fp)
643 fclose (fp);
644 if (pid != -1)
645 {
646 if (!gnupg_wait_process (pgmname, pid, NULL))
647 child_err = 0;
648 }
649 if (!err)
650 err = child_err;
651 if (err)
652 {
653 if (certfp)
654 fclose (certfp);
655 }
656 else
657 *retfp = certfp;
658
659 if (bad_pass)
660 {
661 /* We only write a plain error code and not direct
662 BAD_PASSPHRASE because the pkcs12 parser might issue this
663 message multiple times, BAD_PASSPHRASE in general requires a
664 keyID and parts of the import might actually succeed so that
665 IMPORT_PROBLEM is also not appropriate. */
666 gpgsm_status_with_err_code (ctrl, STATUS_ERROR,
667 "import.parsep12", GPG_ERR_BAD_PASSPHRASE);
668 }
669
670 return err;
671 }
gnupg svn clone