cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
bug-1537
add-quality-check-script
bug-1562
bug-1561
bug-1560
bug-1559
main
fix/bug-1550
v2023.09.16
v2024.05.20
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cbaa0f9978'
${ noResults }
cacert-webdb/www/gpg.php

292 lines
7.9 KiB
PHP
Raw Blame History

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
require_once("../includes/loggedin.php");
$id = intval($_REQUEST['id']);
$oldid = $_REQUEST['oldid'] = intval($_REQUEST['oldid']);
if($_SESSION['profile']['points'] < 50)
{
header("location: /account.php");
exit;
}
loadem("account");
if($oldid == "0")
{
if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "")
{
$_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key.");
$id = $oldid;
unset($oldid);
}
}
$keyid="";
if($oldid == "0" && $_REQUEST['CSR'] != "")
{
$debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
$debugpg = $gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
$lines = "";
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
{
if(substr($line, 0, 3) == "pub" || substr($line, 0, 3) == "uid")
{
if($lines != "")
$lines .= "\n";
$lines .= $line;
}
}
$gpg = $lines;
$expires = 0;
foreach(explode("\n", $gpg) as $line)
{
$name = $comment = "";
$bits = explode(":", $line);
if($bits[0] == "pub" && (!$keyid || !$when))
{
$keyid = $bits[4];
$when = $bits[5];
if($bits[6] != "")
$expires = 1;
}
if(!strstr($line, "@")) continue;
$pos = strpos($bits[9], "(") - 1;
$nocomment = 0;
if($pos < 0)
{
$nocomment = 1;
$pos = strpos($bits[9], "<") - 1;
}
$name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
if($name != "")
$names[] = $name;
if($nocomment == 0)
{
$pos += 2;
$pos2 = strpos($bits[9], ")");
$comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($comm != "")
$comment[] = $comm;
$pos = $pos2 + 3;
} else {
$pos = strpos($bits[9], "<") + 1;
}
$pos2 = strpos($bits[9], ">", $pos);
$mail = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($mail != "")
$emailaddies[] = $mail;
}
$multiple = 0;
if(count($emailaddies) > 1)
$multiple = 1;
if(is_array($names))
{
foreach($names as $name)
{
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])
continue;
$_SESSION['_config']['errmsg'] = _("No suitable name combination could be matched from your PGP/GPG keys to what we have in the database ('$name')");
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
}
}
if(is_array($emailaddies) && count($emailaddies) >= 1)
{
foreach($emailaddies as $email)
{
if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and
`email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0)
continue;
$_SESSION['_config']['errmsg'] = _("No suitable emails could be matched from your PGP/GPG keys to what we have in the database. ('$email')");
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
}
} else {
$_SESSION['_config']['errmsg'] = _("No emails found on your key");
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
}
}
if($oldid == "0" && $_REQUEST['CSR'] != "")
{
$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
`email`='".mysql_real_escape_string($emailaddies['0'])."',
`level`='1',
`expires`='".mysql_real_escape_string($expires)."',
`multiple`='".mysql_real_escape_string($multiple)."'";
mysql_query($query);
$id = mysql_insert_id();
$cwd = '/tmp/gpgspace'.$id;
mkdir($cwd,0755);
$fp = fopen("$cwd/gpg.csr", "w");
fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
fclose($fp);
system("gpg --homedir $cwd --import $cwd/gpg.csr");
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a file to write to
);
$stderr = fopen('php://stderr', 'w');
//echo "Keyid: $keyid\n";
$process = proc_open("/usr/bin/gpg --homedir $cwd --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes);
//echo "Process: $process\n";
//fputs($stderr,"Process: $process\n");
$ToBeDeleted=array(2);
if (is_resource($process)) {
//fputs($stderr,"it is a resource\n");
// $pipes now looks like this:
// 0 => writeable handle connected to child stdin
// 1 => readable handle connected to child stdout
// Any error output will be appended to /tmp/error-output.txt
while (!feof($pipes[1]))
{
$buffer = fgets($pipes[1], 4096);
echo $buffer;
if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n")
{
fprintf($pipes[0],"yes\n");
}
elseif($buffer == "[GNUPG:] GOT_IT\n")
{
}
elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer))
{
fprintf($pipes[0],"yes\n");
}
elseif($buffer == "[GNUPG:] GET_LINE keyedit.prompt")
{
if(count($ToBeDeleted)>0)
{
fprintf($pipes[0],pop($ToBeDeleted)."\n");
}
else
{
fprintf($pipes[0],$state?"save\n":"deluid\n");
$state++;
}
}
elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n")
{
}
elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer))
{
echo "Key expired!\n";
exit;
}
elseif($buffer == "")
{
}
else
{
echo "ERROR: UNKNOWN $buffer\n";
}
}
//echo "Fertig\n";
fclose($pipes[0]);
//echo stream_get_contents($pipes[1]);
fclose($pipes[1]);
// It is important that you close any pipes before calling
// proc_close in order to avoid a deadlock
$return_value = proc_close($process);
//echo "command returned $return_value\n";
}
else
{
echo "Keine ressource!\n";
}
$do=`gpg --homedir $cwd --batch --export-options export-minimal --export $keyid >../csr/gpg-$id.csr`;
//echo "Export: $do\n";
//$fp = fopen("../csr/gpg-$id.csr", "w");
//fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
//fclose($fp);
mysql_query("update `gpg` set `csr`='../csr/gpg-$id.csr' where `id`='$id'");
waitForResult('gpg', $id);
showheader(_("Welcome to CAcert.org"));
$query = "select * from `gpg` where `id`='$id' and `crt`!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."<br>\n";
echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you.");
} else {
echo "<pre>";
readfile("../crt/gpg-$id.crt");
echo "</pre>";
}
showfooter();
exit;
}
$id = intval($id);
$_SESSION['_config']['cert'] = intval($cert);
showheader(_("Welcome to CAcert.org"));
includeit($id, "gpg");
showfooter();
?>
View Git Blame Copy Permalink