search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove hacks which are not anymore needed since we now require Libgcrypt 1.4
[gnupg.git] / sm / import.c
blob3045c89d5c4d0fe35a5f602d6d9bd35fd76e1a70
1 /* import.c - Import certificates
2 * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <config.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <errno.h>
25 #include <time.h>
26 #include <assert.h>
27 #include <unistd.h>
28
29 #include "gpgsm.h"
30 #include <gcrypt.h>
31 #include <ksba.h>
32
33 #include "keydb.h"
34 #include "exechelp.h"
35 #include "i18n.h"
36 #include "sysutils.h"
37
38 struct stats_s {
39 unsigned long count;
40 unsigned long imported;
41 unsigned long unchanged;
42 unsigned long not_imported;
43 unsigned long secret_read;
44 unsigned long secret_imported;
45 unsigned long secret_dups;
46 };
47
48
49 static gpg_error_t parse_p12 (ctrl_t ctrl, ksba_reader_t reader, FILE **retfp,
50 struct stats_s *stats);
51
52
53
54 static void
55 print_imported_status (ctrl_t ctrl, ksba_cert_t cert, int new_cert)
56 {
57 char *fpr;
58
59 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
60 if (new_cert)
61 gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, "[X.509]", NULL);
62
63 gpgsm_status2 (ctrl, STATUS_IMPORT_OK,
64 new_cert? "1":"0", fpr, NULL);
65
66 xfree (fpr);
67 }
68
69
70 /* Print an IMPORT_PROBLEM status. REASON is one of:
71 0 := "No specific reason given".
72 1 := "Invalid Certificate".
73 2 := "Issuer Certificate missing".
74 3 := "Certificate Chain too long".
75 4 := "Error storing certificate".
76 */
77 static void
78 print_import_problem (ctrl_t ctrl, ksba_cert_t cert, int reason)
79 {
80 char *fpr = NULL;
81 char buf[25];
82 int i;
83
84 sprintf (buf, "%d", reason);
85 if (cert)
86 {
87 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
88 /* detetect an error (all high) value */
89 for (i=0; fpr[i] == 'F'; i++)
90 ;
91 if (!fpr[i])
92 {
93 xfree (fpr);
94 fpr = NULL;
95 }
96 }
97 gpgsm_status2 (ctrl, STATUS_IMPORT_PROBLEM, buf, fpr, NULL);
98 xfree (fpr);
99 }
100
101
102 void
103 print_imported_summary (ctrl_t ctrl, struct stats_s *stats)
104 {
105 char buf[14*25];
106
107 if (!opt.quiet)
108 {
109 log_info (_("total number processed: %lu\n"), stats->count);
110 if (stats->imported)
111 {
112 log_info (_(" imported: %lu"), stats->imported );
113 log_printf ("\n");
114 }
115 if (stats->unchanged)
116 log_info (_(" unchanged: %lu\n"), stats->unchanged);
117 if (stats->secret_read)
118 log_info (_(" secret keys read: %lu\n"), stats->secret_read );
119 if (stats->secret_imported)
120 log_info (_(" secret keys imported: %lu\n"), stats->secret_imported );
121 if (stats->secret_dups)
122 log_info (_(" secret keys unchanged: %lu\n"), stats->secret_dups );
123 if (stats->not_imported)
124 log_info (_(" not imported: %lu\n"), stats->not_imported);
125 }
126
127 sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
128 stats->count,
129 0l /*stats->no_user_id*/,
130 stats->imported,
131 0l /*stats->imported_rsa*/,
132 stats->unchanged,
133 0l /*stats->n_uids*/,
134 0l /*stats->n_subk*/,
135 0l /*stats->n_sigs*/,
136 0l /*stats->n_revoc*/,
137 stats->secret_read,
138 stats->secret_imported,
139 stats->secret_dups,
140 0l /*stats->skipped_new_keys*/,
141 stats->not_imported
142 );
143 gpgsm_status (ctrl, STATUS_IMPORT_RES, buf);
144 }
145
146
147
148 static void
149 check_and_store (ctrl_t ctrl, struct stats_s *stats,
150 ksba_cert_t cert, int depth)
151 {
152 int rc;
153
154 if (stats)
155 stats->count++;
156 if ( depth >= 50 )
157 {
158 log_error (_("certificate chain too long\n"));
159 if (stats)
160 stats->not_imported++;
161 print_import_problem (ctrl, cert, 3);
162 return;
163 }
164
165 /* Some basic checks, but don't care about missing certificates;
166 this is so that we are able to import entire certificate chains
167 w/o requiring a special order (i.e. root-CA first). This used
168 to be different but because gpgsm_verify even imports
169 certificates without any checks, it doesn't matter much and the
170 code gets much cleaner. A housekeeping function to remove
171 certificates w/o an anchor would be nice, though.
172
173 Optionally we do a full validation in addition to the basic test.
174 */
175 rc = gpgsm_basic_cert_check (ctrl, cert);
176 if (!rc && ctrl->with_validation)
177 rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
178 if (!rc || (!ctrl->with_validation
179 && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
180 {
181 int existed;
182
183 if (!keydb_store_cert (cert, 0, &existed))
184 {
185 ksba_cert_t next = NULL;
186
187 if (!existed)
188 {
189 print_imported_status (ctrl, cert, 1);
190 if (stats)
191 stats->imported++;
192 }
193 else
194 {
195 print_imported_status (ctrl, cert, 0);
196 if (stats)
197 stats->unchanged++;
198 }
199
200 if (opt.verbose > 1 && existed)
201 {
202 if (depth)
203 log_info ("issuer certificate already in DB\n");
204 else
205 log_info ("certificate already in DB\n");
206 }
207 else if (opt.verbose && !existed)
208 {
209 if (depth)
210 log_info ("issuer certificate imported\n");
211 else
212 log_info ("certificate imported\n");
213 }
214
215 /* Now lets walk up the chain and import all certificates up
216 the chain. This is required in case we already stored
217 parent certificates in the ephemeral keybox. Do not
218 update the statistics, though. */
219 if (!gpgsm_walk_cert_chain (ctrl, cert, &next))
220 {
221 check_and_store (ctrl, NULL, next, depth+1);
222 ksba_cert_release (next);
223 }
224 }
225 else
226 {
227 log_error (_("error storing certificate\n"));
228 if (stats)
229 stats->not_imported++;
230 print_import_problem (ctrl, cert, 4);
231 }
232 }
233 else
234 {
235 log_error (_("basic certificate checks failed - not imported\n"));
236 if (stats)
237 stats->not_imported++;
238 print_import_problem (ctrl, cert,
239 gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
240 gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0);
241 }
242 }
243
244
245 \f
246
247 static int
248 import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
249 {
250 int rc;
251 Base64Context b64reader = NULL;
252 ksba_reader_t reader;
253 ksba_cert_t cert = NULL;
254 ksba_cms_t cms = NULL;
255 FILE *fp = NULL;
256 ksba_content_type_t ct;
257 int any = 0;
258
259 fp = fdopen ( dup (in_fd), "rb");
260 if (!fp)
261 {
262 rc = gpg_error (gpg_err_code_from_errno (errno));
263 log_error ("fdopen() failed: %s\n", strerror (errno));
264 goto leave;
265 }
266
267 rc = gpgsm_create_reader (&b64reader, ctrl, fp, 1, &reader);
268 if (rc)
269 {
270 log_error ("can't create reader: %s\n", gpg_strerror (rc));
271 goto leave;
272 }
273
274
275 /* We need to loop here to handle multiple PEM objects in one
276 file. */
277 do
278 {
279 ksba_cms_release (cms); cms = NULL;
280 ksba_cert_release (cert); cert = NULL;
281
282 ct = ksba_cms_identify (reader);
283 if (ct == KSBA_CT_SIGNED_DATA)
284 { /* This is probably a signed-only message - import the certs */
285 ksba_stop_reason_t stopreason;
286 int i;
287
288 rc = ksba_cms_new (&cms);
289 if (rc)
290 goto leave;
291
292 rc = ksba_cms_set_reader_writer (cms, reader, NULL);
293 if (rc)
294 {
295 log_error ("ksba_cms_set_reader_writer failed: %s\n",
296 gpg_strerror (rc));
297 goto leave;
298 }
299
300 do
301 {
302 rc = ksba_cms_parse (cms, &stopreason);
303 if (rc)
304 {
305 log_error ("ksba_cms_parse failed: %s\n", gpg_strerror (rc));
306 goto leave;
307 }
308
309 if (stopreason == KSBA_SR_BEGIN_DATA)
310 log_info ("not a certs-only message\n");
311 }
312 while (stopreason != KSBA_SR_READY);
313
314 for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
315 {
316 check_and_store (ctrl, stats, cert, 0);
317 ksba_cert_release (cert);
318 cert = NULL;
319 }
320 if (!i)
321 log_error ("no certificate found\n");
322 else
323 any = 1;
324 }
325 else if (ct == KSBA_CT_PKCS12)
326 { /* This seems to be a pkcs12 message. We use an external
327 tool to parse the message and to store the private keys.
328 We need to use a another reader here to parse the
329 certificate we included in the p12 file; then we continue
330 to look for other pkcs12 files (works only if they are in
331 PEM format. */
332 FILE *certfp;
333 Base64Context b64p12rdr;
334 ksba_reader_t p12rdr;
335
336 rc = parse_p12 (ctrl, reader, &certfp, stats);
337 if (!rc)
338 {
339 any = 1;
340
341 rewind (certfp);
342 rc = gpgsm_create_reader (&b64p12rdr, ctrl, certfp, 1, &p12rdr);
343 if (rc)
344 {
345 log_error ("can't create reader: %s\n", gpg_strerror (rc));
346 fclose (certfp);
347 goto leave;
348 }
349
350 do
351 {
352 ksba_cert_release (cert); cert = NULL;
353 rc = ksba_cert_new (&cert);
354 if (!rc)
355 {
356 rc = ksba_cert_read_der (cert, p12rdr);
357 if (!rc)
358 check_and_store (ctrl, stats, cert, 0);
359 }
360 ksba_reader_clear (p12rdr, NULL, NULL);
361 }
362 while (!rc && !gpgsm_reader_eof_seen (b64p12rdr));
363
364 if (gpg_err_code (rc) == GPG_ERR_EOF)
365 rc = 0;
366 gpgsm_destroy_reader (b64p12rdr);
367 fclose (certfp);
368 if (rc)
369 goto leave;
370 }
371 }
372 else if (ct == KSBA_CT_NONE)
373 { /* Failed to identify this message - assume a certificate */
374
375 rc = ksba_cert_new (&cert);
376 if (rc)
377 goto leave;
378
379 rc = ksba_cert_read_der (cert, reader);
380 if (rc)
381 goto leave;
382
383 check_and_store (ctrl, stats, cert, 0);
384 any = 1;
385 }
386 else
387 {
388 log_error ("can't extract certificates from input\n");
389 rc = gpg_error (GPG_ERR_NO_DATA);
390 }
391
392 ksba_reader_clear (reader, NULL, NULL);
393 }
394 while (!gpgsm_reader_eof_seen (b64reader));
395
396 leave:
397 if (any && gpg_err_code (rc) == GPG_ERR_EOF)
398 rc = 0;
399 ksba_cms_release (cms);
400 ksba_cert_release (cert);
401 gpgsm_destroy_reader (b64reader);
402 if (fp)
403 fclose (fp);
404 return rc;
405 }
406
407
408 int
409 gpgsm_import (ctrl_t ctrl, int in_fd)
410 {
411 int rc;
412 struct stats_s stats;
413
414 memset (&stats, 0, sizeof stats);
415 rc = import_one (ctrl, &stats, in_fd);
416 print_imported_summary (ctrl, &stats);
417 /* If we never printed an error message do it now so that a command
418 line invocation will return with an error (log_error keeps a
419 global errorcount) */
420 if (rc && !log_get_errorcount (0))
421 log_error (_("error importing certificate: %s\n"), gpg_strerror (rc));
422 return rc;
423 }
424
425
426 int
427 gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
428 int (*of)(const char *fname))
429 {
430 int rc = 0;
431 struct stats_s stats;
432
433 memset (&stats, 0, sizeof stats);
434
435 if (!nfiles)
436 rc = import_one (ctrl, &stats, 0);
437 else
438 {
439 for (; nfiles && !rc ; nfiles--, files++)
440 {
441 int fd = of (*files);
442 rc = import_one (ctrl, &stats, fd);
443 close (fd);
444 if (rc == -1)
445 rc = 0;
446 }
447 }
448 print_imported_summary (ctrl, &stats);
449 /* If we never printed an error message do it now so that a command
450 line invocation will return with an error (log_error keeps a
451 global errorcount) */
452 if (rc && !log_get_errorcount (0))
453 log_error (_("error importing certificate: %s\n"), gpg_strerror (rc));
454 return rc;
455 }
456
457
458 /* Fork and exec the protecttool, connect the file descriptor of
459 INFILE to stdin, return a new stream in STATUSFILE, write the
460 output to OUTFILE and the pid of the process in PID. Returns 0 on
461 success or an error code. */
462 static gpg_error_t
463 popen_protect_tool (const char *pgmname,
464 FILE *infile, FILE *outfile, FILE **statusfile, pid_t *pid)
465 {
466 const char *argv[20];
467 int i=0;
468
469 argv[i++] = "--homedir";
470 argv[i++] = opt.homedir;
471 argv[i++] = "--p12-import";
472 argv[i++] = "--store";
473 argv[i++] = "--no-fail-on-exist";
474 argv[i++] = "--enable-status-msg";
475 if (opt.fixed_passphrase)
476 {
477 argv[i++] = "--passphrase";
478 argv[i++] = opt.fixed_passphrase;
479 }
480 argv[i++] = "--",
481 argv[i] = NULL;
482 assert (i < sizeof argv);
483
484 return gnupg_spawn_process (pgmname, argv, infile, outfile,
485 setup_pinentry_env, 128,
486 statusfile, pid);
487 }
488
489
490 /* Assume that the reader is at a pkcs#12 message and try to import
491 certificates from that stupid format. We will also store secret
492 keys. All of the pkcs#12 parsing and key storing is handled by the
493 gpg-protect-tool, we merely have to take care of receiving the
494 certificates. On success RETFP returns a temporary file with
495 certificates. */
496 static gpg_error_t
497 parse_p12 (ctrl_t ctrl, ksba_reader_t reader,
498 FILE **retfp, struct stats_s *stats)
499 {
500 const char *pgmname;
501 gpg_error_t err = 0, child_err = 0;
502 int c, cont_line;
503 unsigned int pos;
504 FILE *tmpfp, *certfp = NULL, *fp = NULL;
505 char buffer[1024];
506 size_t nread;
507 pid_t pid = -1;
508 int bad_pass = 0;
509
510 if (!opt.protect_tool_program || !*opt.protect_tool_program)
511 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_PROTECT_TOOL);
512 else
513 pgmname = opt.protect_tool_program;
514
515 *retfp = NULL;
516
517 /* To avoid an extra feeder process or doing selects and because
518 gpg-protect-tool will anyway parse the entire pkcs#12 message in
519 memory, we simply use tempfiles here and pass them to
520 the gpg-protect-tool. */
521 tmpfp = gnupg_tmpfile ();
522 if (!tmpfp)
523 {
524 err = gpg_error_from_syserror ();
525 log_error (_("error creating temporary file: %s\n"), strerror (errno));
526 goto cleanup;
527 }
528 while (!(err = ksba_reader_read (reader, buffer, sizeof buffer, &nread)))
529 {
530 if (nread && fwrite (buffer, nread, 1, tmpfp) != 1)
531 {
532 err = gpg_error_from_syserror ();
533 log_error (_("error writing to temporary file: %s\n"),
534 strerror (errno));
535 goto cleanup;
536 }
537 }
538 if (gpg_err_code (err) == GPG_ERR_EOF)
539 err = 0;
540 if (err)
541 {
542 log_error (_("error reading input: %s\n"), gpg_strerror (err));
543 goto cleanup;
544 }
545
546 certfp = gnupg_tmpfile ();
547 if (!certfp)
548 {
549 err = gpg_error_from_syserror ();
550 log_error (_("error creating temporary file: %s\n"), strerror (errno));
551 goto cleanup;
552 }
553
554 err = popen_protect_tool (pgmname, tmpfp, certfp, &fp, &pid);
555 if (err)
556 {
557 pid = -1;
558 goto cleanup;
559 }
560 fclose (tmpfp);
561 tmpfp = NULL;
562
563 /* Read stderr of the protect tool. */
564 pos = 0;
565 cont_line = 0;
566 while ((c=getc (fp)) != EOF)
567 {
568 /* fixme: We could here grep for status information of the
569 protect tool to figure out better error codes for
570 CHILD_ERR. */
571 buffer[pos++] = c;
572 if (pos >= sizeof buffer - 5 || c == '\n')
573 {
574 buffer[pos - (c == '\n')] = 0;
575 if (cont_line)
576 log_printf ("%s", buffer);
577 else
578 {
579 if (!strncmp (buffer, "gpg-protect-tool: [PROTECT-TOOL:] ",34))
580 {
581 char *p, *pend;
582
583 p = buffer + 34;
584 pend = strchr (p, ' ');
585 if (pend)
586 *pend = 0;
587 if ( !strcmp (p, "secretkey-stored"))
588 {
589 stats->count++;
590 stats->secret_read++;
591 stats->secret_imported++;
592 }
593 else if ( !strcmp (p, "secretkey-exists"))
594 {
595 stats->count++;
596 stats->secret_read++;
597 stats->secret_dups++;
598 }
599 else if ( !strcmp (p, "bad-passphrase"))
600 ;
601 }
602 else
603 {
604 log_info ("%s", buffer);
605 if (!strncmp (buffer, "gpg-protect-tool: "
606 "possibly bad passphrase given",46))
607 bad_pass++;
608 }
609 }
610 pos = 0;
611 cont_line = (c != '\n');
612 }
613 }
614
615 if (pos)
616 {
617 buffer[pos] = 0;
618 if (cont_line)
619 log_printf ("%s\n", buffer);
620 else
621 log_info ("%s\n", buffer);
622 }
623
624
625 /* If we found no error in the output of the child, setup a suitable
626 error code, which will later be reset if the exit status of the
627 child is 0. */
628 if (!child_err)
629 child_err = gpg_error (GPG_ERR_DECRYPT_FAILED);
630
631 cleanup:
632 if (tmpfp)
633 fclose (tmpfp);
634 if (fp)
635 fclose (fp);
636 if (pid != -1)
637 {
638 if (!gnupg_wait_process (pgmname, pid, NULL))
639 child_err = 0;
640 }
641 if (!err)
642 err = child_err;
643 if (err)
644 {
645 if (certfp)
646 fclose (certfp);
647 }
648 else
649 *retfp = certfp;
650
651 if (bad_pass)
652 {
653 /* We only write a plain error code and not direct
654 BAD_PASSPHRASE because the pkcs12 parser might issue this
655 message multiple times, BAD_PASSPHRASE in general requires a
656 keyID and parts of the import might actually succeed so that
657 IMPORT_PROBLEM is also not appropriate. */
658 gpgsm_status_with_err_code (ctrl, STATUS_ERROR,
659 "import.parsep12", GPG_ERR_BAD_PASSPHRASE);
660 }
661
662 return err;
663 }
gnupg svn clone