📄 pgpremoteprefs.c
字号:
(void) PGPFreeTLSSession( *tlsSession );
*tlsSession = kInvalidPGPtlsSessionRef;
return kPGPError_NoErr;
}
/*
* Armor 3 raw bytes into 4
* If armoring n < 3 bytes, make the trailers zero, and
* then overwrite the trailing 3-n bytes with '='
*/
static void
sArmorMorsel(PGPByte const raw[3], char armor[4])
{
armor[0] = armorTable[raw[0] >> 2 & 0x3f];
armor[1] = armorTable[(raw[0] << 4 & 0x30) + (raw[1] >> 4 & 0x0f)];
armor[2] = armorTable[(raw[1] << 2 & 0x3c) + (raw[2] >> 6 & 0x03)];
armor[3] = armorTable[raw[2] & 0x3f];
}
static int
sArmorLine (PGPByte const *in, unsigned inlen, char *out)
{
unsigned len;
int t;
char const *out0 = out;
/* Fill the output buffer from the input buffer */
for (len = 0; len < inlen; len += 3)
{
sArmorMorsel (in, out);
in += 3;
out += 4;
}
/* Now back up and erase any overrun */
t = (int)(inlen - len); /* Zero or negative */
while (t)
out[t++] = '=';
return (out - out0);
}
static PGPError
sHashPassword(
PGPContextRef context,
char * password,
char ** outHashedPassword )
{
PGPError err = kPGPError_NoErr;
PGPHashContextRef hashContext = kInvalidPGPHashContextRef;
/* sizeof(hashOut) % 3 must = 0 */
PGPByte hashOut[
kPGPSHAHashLength + kPGPSHASaltLength + kPGPSHANullLength];
char hashedPassword[(((kPGPSSHAOutputLength / 3) + 1) * 4) + 1];
PGPSize hashLength = 0;
PGPValidatePtr( password );
PGPValidatePtr( outHashedPassword );
err = PGPNewHashContext( context, kPGPHashAlgorithm_SHA, &hashContext ); CKERR;
(void) PGPContinueHash( hashContext, password, strlen( password ) );
(void) PGPContinueHash( hashContext, kPGPSHASaltBytes, kPGPSHASaltLength );
err = PGPFinalizeHash( hashContext, hashOut ); CKERR;
pgpCopyMemory( kPGPSHASaltBytes,
hashOut + kPGPSHAHashLength,
kPGPSHASaltLength + kPGPSHANullLength );
hashLength = sArmorLine( hashOut, kPGPSHAHashLength + kPGPSHASaltLength, hashedPassword );
hashedPassword[hashLength] = '\0';
*outHashedPassword = PGPNewData( PGPPeekContextMemoryMgr( context ),
sizeof( hashedPassword ) + sizeof( kPGPSHAPrefix ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( *outHashedPassword ) )
{
err = kPGPError_OutOfMemory;
goto done;
}
pgpCopyMemory( kPGPSHAPrefix, *outHashedPassword, sizeof( kPGPSHAPrefix ) );
pgpCopyMemory( hashedPassword,
*outHashedPassword + sizeof( kPGPSHAPrefix ) - 1,
strlen( hashedPassword ) );
done:
if( PGPHashContextRefIsValid( hashContext ) )
(void) PGPFreeHashContext( hashContext );
return err;
}
PGPError
PGPSendPrefsToServer(
PGPContextRef context,
PGPPrefRef prefs,
PGPPrefRef pgpnetPrefs,
char * url,
char * username,
char * password,
PGPEventHandlerProcPtr handler,
PGPUserValue userValue )
{
PGPldapContextRef ldap = kInvalidPGPldapContextRef;
PGPldapURLDesc * urlDesc = NULL;
PGPMemoryMgrRef mgr = kInvalidPGPMemoryMgrRef;
char * DN = NULL;
char * hashedPassword = NULL;
PGPtlsContextRef tlsContext = kInvalidPGPtlsContextRef;
PGPtlsSessionRef tlsSession = kInvalidPGPtlsSessionRef;
PGPSocketRef sock = kInvalidPGPSocketRef;
PGPBoolean isKeyserver = FALSE;
PGPError err = kPGPError_NoErr;
PGPValidatePtr( url );
if( IsNull( username ) )
username = "";
if( IsNull( password ) )
password = "";
err = PGPNewLDAPContext( context, &ldap ); CKERR;
err = sParseURL( context,
ldap,
url,
&tlsContext,
&tlsSession,
handler,
userValue,
&isKeyserver,
&urlDesc ); CKERR;
err = sSendEvent( context, handler, userValue, kPGPKeyServerState_Opening ); CKERR;
err = PGPldapGetOption( ldap, kPGPldapOpt_Desc, &sock ); CKERR;
if( !PGPSocketRefIsValid( sock ) )
{
err = PGPldapOpen( ldap, urlDesc->host, (PGPUInt16) urlDesc->port );
CKERR;
}
if( ( strstr( url, "ldaps://" ) != NULL ) && ( !PGPtlsContextRefIsValid( tlsContext ) ) )
{
/* Try to use TLS */
err = sEstablishTLSSession( context, ldap, &tlsContext, &tlsSession );
if( IsPGPError( err ) )
{
(void) sSendTLSEvent( context, handler, userValue,
kPGPKeyServerState_TLSUnableToSecureConnection, tlsSession );
goto done;
}
else
{
err = sSendTLSEvent( context, handler, userValue,
kPGPKeyServerState_TLSConnectionSecured, tlsSession ); CKERR;
}
}
if( isKeyserver )
{
/* Send a hashed password */
err = sHashPassword( context, password, &hashedPassword ); CKERR;
err = PGPldapSimpleBindSync( ldap, username, hashedPassword ); CKERR;
}
else
err = PGPldapSimpleBindSync( ldap, username, password ); CKERR;
mgr = PGPPeekContextMemoryMgr( context );
DN = PGPNewData( mgr, strlen( urlDesc->dn ) +
MAX( strlen( kPGPRemotePGPPrefsDN ),
strlen( kPGPRemotePGPnetPrefsDN ) )
+ 1 /* For the comma */
+ 1, /* For the '\0' */
kPGPMemoryMgrFlags_Clear );
if( IsNull( DN ) )
{
err = kPGPError_OutOfMemory;
goto done;
}
err = sSendEvent( context, handler, userValue, kPGPKeyServerState_Uploading ); CKERR;
if( PGPPrefRefIsValid( prefs ) )
{
sprintf( DN, "%s,%s", kPGPRemotePGPPrefsDN, urlDesc->dn );
err = sSendPrefsToServer( context, ldap, DN, username, prefs ); CKERR;
}
if( PGPPrefRefIsValid( pgpnetPrefs ) )
{
sprintf( DN, "%s,%s", kPGPRemotePGPnetPrefsDN, urlDesc->dn );
err = sSendPrefsToServer( context, ldap, DN, username, pgpnetPrefs ); CKERR;
}
done:
(void) sSendEvent( context, handler, userValue, kPGPKeyServerState_Closing );
if( PGPldapContextRefIsValid( ldap ) )
{
(void) PGPldapUnbind( ldap );
(void) PGPFreeLDAPContext( ldap );
}
if( PGPtlsSessionRefIsValid( tlsSession ) )
(void) sFreeTLSSession( &tlsContext, &tlsSession );
if( IsntNull( DN ) )
(void) PGPFreeData( DN );
if( IsntNull( hashedPassword ) )
(void) PGPFreeData( hashedPassword );
if( IsntNull( urlDesc ) )
(void) PGPFreeLDAPURLDesc( urlDesc );
return err;
}
PGPError
PGPGetPrefsFromServer(
PGPContextRef context,
char * url,
PGPPrefRef * prefs,
PGPPrefRef * pgpnetPrefs,
PGPEventHandlerProcPtr handler,
PGPUserValue userValue )
{
PGPldapContextRef ldap = kInvalidPGPldapContextRef;
PGPldapURLDesc * urlDesc = NULL;
PGPMemoryMgrRef mgr = kInvalidPGPMemoryMgrRef;
char * DN = NULL;
PGPtlsContextRef tlsContext = kInvalidPGPtlsContextRef;
PGPtlsSessionRef tlsSession = kInvalidPGPtlsSessionRef;
PGPSocketRef sock = kInvalidPGPSocketRef;
PGPBoolean isKeyserver = FALSE;
PGPError err = kPGPError_NoErr;
PGPValidatePtr( url );
if( IsntNull( prefs ) )
*prefs = kInvalidPGPPrefRef;
if( IsntNull( pgpnetPrefs ) )
*pgpnetPrefs = kInvalidPGPPrefRef;
err = PGPNewLDAPContext( context, &ldap ); CKERR;
err = sParseURL( context,
ldap,
url,
&tlsContext,
&tlsSession,
handler,
userValue,
&isKeyserver,
&urlDesc ); CKERR;
err = sSendEvent( context, handler, userValue, kPGPKeyServerState_Opening ); CKERR;
err = PGPldapGetOption( ldap, kPGPldapOpt_Desc, &sock ); CKERR;
if( !PGPSocketRefIsValid( sock ) )
{
err = PGPldapOpen( ldap, urlDesc->host, (PGPUInt16) urlDesc->port );
CKERR;
}
if( ( strstr( url, "ldaps://" ) != NULL ) && ( !PGPtlsContextRefIsValid( tlsContext ) ) )
{
/* Try to use TLS */
err = sEstablishTLSSession( context, ldap, &tlsContext, &tlsSession );
if( IsPGPError( err ) )
{
(void) sSendTLSEvent( context, handler, userValue,
kPGPKeyServerState_TLSUnableToSecureConnection, tlsSession );
goto done;
}
else
{
err = sSendTLSEvent( context, handler, userValue,
kPGPKeyServerState_TLSConnectionSecured, tlsSession ); CKERR;
}
}
err = PGPldapSimpleBindSync( ldap, NULL, NULL ); CKERR;
mgr = PGPPeekContextMemoryMgr( context );
DN = PGPNewData( mgr, strlen( urlDesc->dn ) +
MAX( strlen( kPGPRemotePGPPrefsDN ),
strlen( kPGPRemotePGPnetPrefsDN ) )
+ 1 /* for the comma */
+ 1, /* for the '\0' */
kPGPMemoryMgrFlags_Clear );
if( IsNull( DN ) )
{
err = kPGPError_OutOfMemory;
goto done;
}
if( IsntNull( prefs ) )
{
sprintf( DN, "%s,%s", kPGPRemotePGPPrefsDN, urlDesc->dn );
err = sGetPrefsFromServer( context, ldap, DN, handler, userValue,
clientDefaults, clientDefaultsSize, prefs );
if( err == kPGPError_LDAPNoSuchObject )
err = kPGPError_ItemNotFound;
if( IsPGPError( err ) )
goto done;
}
if( IsntNull( pgpnetPrefs ) )
{
sprintf( DN, "%s,%s", kPGPRemotePGPnetPrefsDN, urlDesc->dn );
err = sGetPrefsFromServer( context, ldap, DN, handler, userValue,
netDefaults, netDefaultsSize, pgpnetPrefs );
if( err == kPGPError_LDAPNoSuchObject )
err = kPGPError_ItemNotFound;
if( IsPGPError( err ) )
goto done;
}
done:
if( IsPGPError( err ) )
{
if( err == kPGPError_LDAPNoSuchObject )
err = kPGPError_ItemNotFound;
if( IsntNull( prefs ) )
{
if( PGPPrefRefIsValid( *prefs ) )
{
(void) PGPFreePrefs( *prefs );
*prefs = kInvalidPGPPrefRef;
}
}
if( IsntNull( pgpnetPrefs ) )
{
if( PGPPrefRefIsValid( *pgpnetPrefs ) )
{
(void) PGPFreePrefs( *pgpnetPrefs );
*pgpnetPrefs = kInvalidPGPPrefRef;
}
}
}
(void) sSendEvent( context, handler, userValue, kPGPKeyServerState_Closing );
if( PGPldapContextRefIsValid( ldap ) )
{
(void) PGPldapUnbind( ldap );
(void) PGPFreeLDAPContext( ldap );
}
if( PGPtlsSessionRefIsValid( tlsSession ) )
(void) sFreeTLSSession( &tlsContext, &tlsSession );
if( IsntNull( DN ) )
(void) PGPFreeData( DN );
if( IsntNull( urlDesc ) )
(void) PGPFreeLDAPURLDesc( urlDesc );
return err;
}
/*__Editor_settings____
Local Variables:
tab-width: 4
End:
vi: ts=4 sw=4
vim: si
_____________________*/
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -