signal cleanup fix
[gnupg.git] / common / dns-cert.c
blobee3b50040388d8e471a53dd29b526b42790154af
1 /* dns-cert.c - DNS CERT code
2 * Copyright (C) 2005, 2006 Free Software Foundation, Inc.
4 * This file is part of GNUPG.
6 * GNUPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GNUPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 #include <config.h>
21 #include <sys/types.h>
22 #ifdef USE_DNS_CERT
23 # ifdef HAVE_W32_SYSTEM
24 # include <windows.h>
25 # else
26 # include <netinet/in.h>
27 # include <arpa/nameser.h>
28 # include <resolv.h>
29 # endif
30 #include <string.h>
31 #endif
33 #include "util.h"
34 #include "iobuf.h"
35 #include "dns-cert.h"
37 /* Not every installation has gotten around to supporting CERTs
38 yet... */
39 #ifndef T_CERT
40 #define T_CERT 37
41 #endif
44 /* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for
45 IPGP provided. */
46 int
47 get_dns_cert (const char *name,size_t max_size,IOBUF *iobuf,
48 unsigned char **fpr,size_t *fpr_len,char **url)
50 #ifdef USE_DNS_CERT
51 unsigned char *answer;
52 int r,ret=-1;
53 u16 count;
55 if(fpr)
56 *fpr=NULL;
58 if(url)
59 *url=NULL;
61 answer=xmalloc(max_size);
63 r=res_query(name,C_IN,T_CERT,answer,max_size);
64 /* Not too big, not too small, no errors and at least 1 answer. */
65 if(r>=sizeof(HEADER) && r<=max_size
66 && (((HEADER *)answer)->rcode)==NOERROR
67 && (count=ntohs(((HEADER *)answer)->ancount)))
69 int rc;
70 unsigned char *pt,*emsg;
72 emsg=&answer[r];
74 pt=&answer[sizeof(HEADER)];
76 /* Skip over the query */
78 rc=dn_skipname(pt,emsg);
79 if(rc==-1)
80 goto fail;
82 pt+=rc+QFIXEDSZ;
84 /* There are several possible response types for a CERT request.
85 We're interested in the PGP (a key) and IPGP (a URI) types.
86 Skip all others. TODO: A key is better than a URI since
87 we've gone through all this bother to fetch it, so favor that
88 if we have both PGP and IPGP? */
90 while(count-->0 && pt<emsg)
92 u16 type,class,dlen,ctype;
94 rc=dn_skipname(pt,emsg); /* the name we just queried for */
95 if(rc==-1)
96 break;
98 pt+=rc;
100 /* Truncated message? 15 bytes takes us to the point where
101 we start looking at the ctype. */
102 if((emsg-pt)<15)
103 break;
105 type=*pt++ << 8;
106 type|=*pt++;
108 class=*pt++ << 8;
109 class|=*pt++;
110 /* We asked for IN and got something else !? */
111 if(class!=C_IN)
112 break;
114 /* ttl */
115 pt+=4;
117 /* data length */
118 dlen=*pt++ << 8;
119 dlen|=*pt++;
121 /* We asked for CERT and got something else - might be a
122 CNAME, so loop around again. */
123 if(type!=T_CERT)
125 pt+=dlen;
126 continue;
129 /* The CERT type */
130 ctype=*pt++ << 8;
131 ctype|=*pt++;
133 /* Skip the CERT key tag and algo which we don't need. */
134 pt+=3;
136 dlen-=5;
138 /* 15 bytes takes us to here */
140 if(ctype==3 && iobuf && dlen)
142 /* PGP type */
143 *iobuf=iobuf_temp_with_content((char *)pt,dlen);
144 ret=1;
145 break;
147 else if(ctype==6 && dlen && dlen<1023 && dlen>=pt[0]+1
148 && fpr && fpr_len && url)
150 /* IPGP type */
151 *fpr_len=pt[0];
153 if(*fpr_len)
155 *fpr=xmalloc(*fpr_len);
156 memcpy(*fpr,&pt[1],*fpr_len);
158 else
159 *fpr=NULL;
161 if(dlen>*fpr_len+1)
163 *url=xmalloc(dlen-(*fpr_len+1)+1);
164 memcpy(*url,&pt[*fpr_len+1],dlen-(*fpr_len+1));
165 (*url)[dlen-(*fpr_len+1)]='\0';
167 else
168 *url=NULL;
170 ret=2;
171 break;
174 /* Neither type matches, so go around to the next answer. */
175 pt+=dlen;
179 fail:
180 xfree(answer);
182 return ret;
183 #else /* !USE_DNS_CERT */
184 return -1;
185 #endif
190 /* Test with simon.josefsson.org */
192 #ifdef TEST
194 main(int argc,char *argv[])
196 unsigned char *fpr;
197 size_t fpr_len;
198 char *url;
199 int rc;
200 IOBUF iobuf;
202 if(argc!=2)
204 printf("cert-test [name]\n");
205 return 1;
208 printf("CERT lookup on %s\n",argv[1]);
210 rc=get_dns_cert (argv[1],16384,&iobuf,&fpr,&fpr_len,&url);
211 if(rc==-1)
212 printf("error\n");
213 else if(rc==0)
214 printf("no answer\n");
215 else if(rc==1)
217 printf("key found: %d bytes\n",(int)iobuf_get_temp_length(iobuf));
218 iobuf_close(iobuf);
220 else if(rc==2)
222 if(fpr)
224 size_t i;
225 printf("Fingerprint found (%d bytes): ",(int)fpr_len);
226 for(i=0;i<fpr_len;i++)
227 printf("%02X",fpr[i]);
228 printf("\n");
230 else
231 printf("No fingerprint found\n");
233 if(url)
234 printf("URL found: %s\n",url);
235 else
236 printf("No URL found\n");
238 xfree(fpr);
239 xfree(url);
242 return 0;
244 #endif /* TEST */