You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
cacert-webdb/www/gpg.php

449 lines
11 KiB
PHTML

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
require_once("../includes/loggedin.php");
19 years ago
$id = intval($_REQUEST['id']);
$oldid = $_REQUEST['oldid'] = intval($_REQUEST['oldid']);
if($_SESSION['profile']['points'] < 50)
{
header("location: /account.php");
exit;
}
loadem("account");
20 years ago
if($oldid == "0")
{
18 years ago
if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "")
{
20 years ago
$_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key.");
$id = $oldid;
unset($oldid);
}
}
$keyid="";
//if($_SESSION["profile"]["id"] != 5897)
//{
// showheader(_("Welcome to CAcert.org"));
// echo "The OpenPGP signing system is currently shutdown due to a security problem. We hope to get it fixed within the next few weeks. We are very sorry for the inconvenience. If you want to help us to fix the problem, please contact our software developers.";
//
// exit(0);
//}
function verifyName($name)
{
if($name == "") return 1;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']) return 1;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']) return 1;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix']) return 1;
return 0;
}
function verifyEmail($email)
{
if($email == "") return 1;
if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and `email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0) return 1;
return 0;
}
$ToBeDeleted=array();
18 years ago
if($oldid == "0" && $_REQUEST['CSR'] != "")
{
18 years ago
$debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
$debugpg = $gpg = trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`);
$lines = "";
18 years ago
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
{
#echo "Line[]: $line <br/>\n";
if(substr($line, 0, 3) == "pub" || substr($line, 0, 3) == "uid")
{
if($lines != "")
$lines .= "\n";
$lines .= $line;
}
}
$gpg = $lines;
20 years ago
$expires = 0;
$nerr=0; $nok=0;
$multiple = 0;
$resulttable=_("The following UIDs were found your key:")."<br/><table border='1'><tr><td>#</td><td>"._("Name")."</td><td>"._("Email")."</td><td>Result</td>";
$i=0;
foreach(explode("\n", $gpg) as $line)
{
$resulttable.="<tr><td>".++$i."</td>";
$name = $comment = "";
$bits = explode(":", $line);
if($bits[0] == "pub" && (!$keyid || !$when))
{
$keyid = $bits[4];
$when = $bits[5];
20 years ago
if($bits[6] != "")
$expires = 1;
}
if(!strstr($line, "@")) continue;
$pos = strpos($bits[9], "(") - 1;
$nocomment = 0;
if($pos < 0)
{
$nocomment = 1;
$pos = strpos($bits[9], "<") - 1;
}
$name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
$nameok=verifyName($name);
$resulttable.="<td bgcolor='#".($nameok?"c0ffc0":"ffc0c0")."'>$name</td>";
if($nocomment == 0)
{
$pos += 2;
$pos2 = strpos($bits[9], ")");
$comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($comm != "")
$comment[] = $comm;
$pos = $pos2 + 3;
} else {
$pos = strpos($bits[9], "<") + 1;
}
$pos2 = strpos($bits[9], ">", $pos);
$mail = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
$emailok=verifyEmail($mail);
$resulttable.="<td bgcolor='#".($emailok?"c0ffc0":"ffc0c0")."'>$mail</td>";
$uidok=0;
if($mail=="" and $name=="")
{
$rmessage=_("Error: Both Name and Email address are empty");
}
elseif($emailok and $nameok)
{
$uidok=1;
$rmessage=_("Name and Email OK.");
}
elseif(!$emailok and !$nameok)
{
$rmessage=_("Name and Email both cannot be matched with your account.");
}
elseif($emailok and $name=="")
{
$uidok=1;
$rmessage=_("Email OK. Name empty.");
}
elseif($nameok and $mail="")
{
$uidok=1;
$rmessage=_("Email OK. Name empty.");
}
elseif(!$emailok)
{
$rmessage=_("The email address has not been registered and verified in your account. Please add the email address to your account first.");
}
elseif(!$nameok)
{
$rmessage=_("The name in the UID does not match the name in your account. Please verify the name.");
}
20 years ago
else
{
$rmessage=_("Error");
}
if($uidok)
{
$nok++;
$resulttable.="<td>$rmessage</td>";
}
else
20 years ago
{
$nerr++;
//$ToBeDeleted[]=$i;
//echo "Adding UID $i\n";
$resulttable.="<td bgcolor='#ffc0c0'>$rmessage</td>";
20 years ago
}
$resulttable.="</tr>\n";
if($emailok) $multiple++;
}
$resulttable.="</table>";
if($nok==0)
{
$_SESSION['_config']['errmsg'] = _("No valid UIDs found on your key");
18 years ago
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
18 years ago
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
}
elseif($nerr)
{
$resulttable.=_("The unverified UIDs have been removed, the verified UIDs have been signed.");
}
}
18 years ago
if($oldid == "0" && $_REQUEST['CSR'] != "")
{
20 years ago
$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
18 years ago
`email`='".mysql_real_escape_string($emailaddies['0'])."',
`level`='1',
18 years ago
`expires`='".mysql_real_escape_string($expires)."',
`multiple`='".mysql_real_escape_string($multiple)."'";
mysql_query($query);
$id = mysql_insert_id();
$cwd = '/tmp/gpgspace'.$id;
mkdir($cwd,0755);
$fp = fopen("$cwd/gpg.csr", "w");
18 years ago
fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
fclose($fp);
system("gpg --homedir $cwd --import $cwd/gpg.csr");
$debugpg = $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1`);
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
{
//echo "Line[]: $line <br/>\n";
if(substr($line, 0, 4) == "uid:")
{
$name = $comment = "";
$bits = explode(":", $line);
$pos = strpos($bits[9], "(") - 1;
$nocomment = 0;
if($pos < 0)
{
$nocomment = 1;
$pos = strpos($bits[9], "<") - 1;
}
$name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
$nameok=verifyName($name);
if($nocomment == 0)
{
$pos += 2;
$pos2 = strpos($bits[9], ")");
$comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($comm != "")
$comment[] = $comm;
$pos = $pos2 + 3;
} else {
$pos = strpos($bits[9], "<") + 1;
}
$pos2 = strpos($bits[9], ">", $pos);
$mail = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
$emailok=verifyEmail($mail);
$uidid=$bits[7];
if($mail=="" and $name=="")
{
//echo "$uidid will be deleted\n";
$ToBeDeleted[]=$uidid;
}
elseif($emailok and $nameok)
{
}
elseif(!$emailok and !$nameok)
{
//echo "$uidid will be deleted\n";
$ToBeDeleted[]=$uidid;
}
elseif($emailok and $name=="")
{
}
elseif($nameok and $mail="")
{
}
elseif(!$emailok)
{
//echo "$uidid will be deleted\n";
$ToBeDeleted[]=$uidid;
}
elseif(!$nameok)
{
//echo "$uidid will be deleted\n";
$ToBeDeleted[]=$uidid;
}
}
}
if(count($ToBeDeleted)>0)
{
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a file to write to
);
$stderr = fopen('php://stderr', 'w');
//echo "Keyid: $keyid\n";
$process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
//echo "Process: $process\n";
//fputs($stderr,"Process: $process\n");
if (is_resource($process)) {
//echo("it is a resource\n");
// $pipes now looks like this:
// 0 => writeable handle connected to child stdin
// 1 => readable handle connected to child stdout
// Any error output will be appended to /tmp/error-output.txt
while (!feof($pipes[1]))
{
$buffer = fgets($pipes[1], 4096);
//echo $buffer;
if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
{
fputs($pipes[0],"yes\n");
}
elseif($buffer == "[GNUPG:] GOT_IT\n")
{
}
elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
{
fputs($pipes[0],"yes\n");
}
elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer))
{
if(count($ToBeDeleted)>0)
{
$delthisuid=array_pop($ToBeDeleted);
//echo "Deleting an UID $delthisuid\n";
fputs($pipes[0],"uid ".$delthisuid."\n");
}
else
{
//echo "Saving\n";
fputs($pipes[0],$state?"save\n":"deluid\n");
$state++;
}
}
elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
{
}
elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
{
echo "Key expired!\n";
exit;
}
elseif($buffer == "")
{
//echo "Empty!\n";
}
else
{
echo "ERROR: UNKNOWN $buffer\n";
}
}
//echo "Fertig\n";
fclose($pipes[0]);
//echo stream_get_contents($pipes[1]);
fclose($pipes[1]);
// It is important that you close any pipes before calling
// proc_close in order to avoid a deadlock
$return_value = proc_close($process);
//echo "command returned $return_value\n";
}
else
{
echo "Keine ressource!\n";
}
}
$do=`gpg --homedir $cwd --batch --export-options export-minimal --export $keyid >../csr/gpg-$id.csr`;
//echo "Export: $do\n";
//$fp = fopen("../csr/gpg-$id.csr", "w");
//fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
//fclose($fp);
if(1)
{
mysql_query("update `gpg` set `csr`='../csr/gpg-$id.csr' where `id`='$id'");
waitForResult('gpg', $id);
}
showheader(_("Welcome to CAcert.org"));
echo $resulttable;
$query = "select * from `gpg` where `id`='$id' and `crt`!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
18 years ago
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."<br>\n";
echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you.");
} else {
echo "<pre>";
readfile("../crt/gpg-$id.crt");
echo "</pre>";
}
showfooter();
exit;
}
20 years ago
$id = intval($id);
$_SESSION['_config']['cert'] = intval($cert);
showheader(_("Welcome to CAcert.org"));
includeit($id, "gpg");
showfooter();
?>