LCOV - code coverage report
Current view: top level - g10 - keyserver.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 51 828 6.2 %
Date: 2016-09-12 13:01:59 Functions: 2 29 6.9 %

          Line data    Source code
       1             : /* keyserver.c - generic keyserver code
       2             :  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
       3             :  *               2009, 2011, 2012 Free Software Foundation, Inc.
       4             :  * Copyright (C) 2014 Werner Koch
       5             :  *
       6             :  * This file is part of GnuPG.
       7             :  *
       8             :  * GnuPG is free software; you can redistribute it and/or modify
       9             :  * it under the terms of the GNU General Public License as published by
      10             :  * the Free Software Foundation; either version 3 of the License, or
      11             :  * (at your option) any later version.
      12             :  *
      13             :  * GnuPG is distributed in the hope that it will be useful,
      14             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :  * GNU General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU General Public License
      19             :  * along with this program; if not, see <http://www.gnu.org/licenses/>.
      20             :  */
      21             : 
      22             : #include <config.h>
      23             : #include <ctype.h>
      24             : #include <stdio.h>
      25             : #include <string.h>
      26             : #include <stdlib.h>
      27             : #include <errno.h>
      28             : 
      29             : #include "gpg.h"
      30             : #include "iobuf.h"
      31             : #include "filter.h"
      32             : #include "keydb.h"
      33             : #include "status.h"
      34             : #include "exec.h"
      35             : #include "main.h"
      36             : #include "i18n.h"
      37             : #include "ttyio.h"
      38             : #include "options.h"
      39             : #include "packet.h"
      40             : #include "trustdb.h"
      41             : #include "keyserver-internal.h"
      42             : #include "util.h"
      43             : #include "membuf.h"
      44             : #include "call-dirmngr.h"
      45             : 
      46             : #ifdef HAVE_W32_SYSTEM
      47             : /* It seems Vista doesn't grok X_OK and so fails access() tests.
      48             :    Previous versions interpreted X_OK as F_OK anyway, so we'll just
      49             :    use F_OK directly. */
      50             : #undef X_OK
      51             : #define X_OK F_OK
      52             : #endif /* HAVE_W32_SYSTEM */
      53             : 
      54             : struct keyrec
      55             : {
      56             :   KEYDB_SEARCH_DESC desc;
      57             :   u32 createtime,expiretime;
      58             :   int size,flags;
      59             :   byte type;
      60             :   IOBUF uidbuf;
      61             :   unsigned int lines;
      62             : };
      63             : 
      64             : /* Parameters for the search line handler.  */
      65             : struct search_line_handler_parm_s
      66             : {
      67             :   ctrl_t ctrl;     /* The session control structure.  */
      68             :   char *searchstr_disp;  /* Native encoded search string or NULL.  */
      69             :   KEYDB_SEARCH_DESC *desc; /* Array with search descriptions.  */
      70             :   int count;      /* Number of keys we are currently prepared to
      71             :                      handle.  This is the size of the DESC array.  If
      72             :                      it is too small, it will grow safely.  */
      73             :   int validcount; /* Enable the "Key x-y of z" messages. */
      74             :   int nkeys;      /* Number of processed records.  */
      75             :   int any_lines;  /* At least one line has been processed.  */
      76             :   unsigned int numlines;  /* Counter for displayed lines.  */
      77             :   int eof_seen;   /* EOF encountered.  */
      78             :   int not_found;  /* Set if no keys have been found.  */
      79             : };
      80             : 
      81             : 
      82             : enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
      83             : 
      84             : static struct parse_options keyserver_opts[]=
      85             :   {
      86             :     /* some of these options are not real - just for the help
      87             :        message */
      88             :     {"max-cert-size",0,NULL,NULL},  /* MUST be the first in this array! */
      89             :     {"http-proxy", KEYSERVER_HTTP_PROXY, NULL, /* MUST be the second!  */
      90             :      N_("override proxy options set for dirmngr")},
      91             : 
      92             :     {"include-revoked",0,NULL,N_("include revoked keys in search results")},
      93             :     {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
      94             :     {"timeout", KEYSERVER_TIMEOUT, NULL,
      95             :      N_("override timeout options set for dirmngr")},
      96             :     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
      97             :      NULL},
      98             :     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
      99             :      N_("automatically retrieve keys when verifying signatures")},
     100             :     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
     101             :      N_("honor the preferred keyserver URL set on the key")},
     102             :     {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
     103             :      N_("honor the PKA record set on a key when retrieving keys")},
     104             :     {NULL,0,NULL,NULL}
     105             :   };
     106             : 
     107             : static gpg_error_t keyserver_get (ctrl_t ctrl,
     108             :                                   KEYDB_SEARCH_DESC *desc, int ndesc,
     109             :                                   struct keyserver_spec *override_keyserver,
     110             :                                   unsigned char **r_fpr, size_t *r_fprlen);
     111             : static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
     112             : 
     113             : 
     114             : /* Reasonable guess.  The commonly used test key simon.josefsson.org
     115             :    is larger than 32k, thus we need at least this value. */
     116             : #define DEFAULT_MAX_CERT_SIZE 65536
     117             : 
     118             : static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
     119             : 
     120             : 
     121             : static void
     122           0 : warn_kshelper_option(char *option, int noisy)
     123             : {
     124             :   char *p;
     125             : 
     126           0 :   if ((p=strchr (option, '=')))
     127           0 :     *p = 0;
     128             : 
     129           0 :   if (!strcmp (option, "ca-cert-file"))
     130           0 :     log_info ("keyserver option '%s' is obsolete; please use "
     131             :               "'%s' in dirmngr.conf\n",
     132             :               "ca-cert-file", "hkp-cacert");
     133           0 :   else if (!strcmp (option, "check-cert")
     134           0 :            || !strcmp (option, "broken-http-proxy"))
     135           0 :     log_info ("keyserver option '%s' is obsolete\n", option);
     136           0 :   else if (noisy || opt.verbose)
     137           0 :     log_info ("keyserver option '%s' is unknown\n", option);
     138           0 : }
     139             : 
     140             : 
     141             : /* Called from main to parse the args for --keyserver-options.  */
     142             : int
     143         375 : parse_keyserver_options(char *options)
     144             : {
     145         375 :   int ret=1;
     146             :   char *tok;
     147         375 :   char *max_cert=NULL;
     148             : 
     149         375 :   keyserver_opts[0].value=&max_cert;
     150         375 :   keyserver_opts[1].value=&opt.keyserver_options.http_proxy;
     151             : 
     152        1125 :   while((tok=optsep(&options)))
     153             :     {
     154         375 :       if(tok[0]=='\0')
     155           0 :         continue;
     156             : 
     157             :       /* We accept quite a few possible options here - some options to
     158             :          handle specially, the keyserver_options list, and import and
     159             :          export options that pertain to keyserver operations.  */
     160             : 
     161         375 :       if (!parse_options (tok,&opt.keyserver_options.options, keyserver_opts,0)
     162           0 :           && !parse_import_options(tok,&opt.keyserver_options.import_options,0)
     163           0 :           && !parse_export_options(tok,&opt.keyserver_options.export_options,0))
     164             :         {
     165             :           /* All of the standard options have failed, so the option was
     166             :              destined for a keyserver plugin as used by GnuPG < 2.1 */
     167           0 :           warn_kshelper_option (tok, 1);
     168             :         }
     169             :     }
     170             : 
     171         375 :   if(max_cert)
     172             :     {
     173           0 :       max_cert_size=strtoul(max_cert,(char **)NULL,10);
     174             : 
     175           0 :       if(max_cert_size==0)
     176           0 :         max_cert_size=DEFAULT_MAX_CERT_SIZE;
     177             :     }
     178             : 
     179         375 :   return ret;
     180             : }
     181             : 
     182             : 
     183             : void
     184           0 : free_keyserver_spec(struct keyserver_spec *keyserver)
     185             : {
     186           0 :   xfree(keyserver->uri);
     187           0 :   xfree(keyserver->scheme);
     188           0 :   xfree(keyserver->auth);
     189           0 :   xfree(keyserver->host);
     190           0 :   xfree(keyserver->port);
     191           0 :   xfree(keyserver->path);
     192           0 :   xfree(keyserver->opaque);
     193           0 :   free_strlist(keyserver->options);
     194           0 :   xfree(keyserver);
     195           0 : }
     196             : 
     197             : /* Return 0 for match */
     198             : static int
     199           0 : cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
     200             : {
     201           0 :   if(ascii_strcasecmp(one->scheme,two->scheme)==0)
     202             :     {
     203           0 :       if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
     204             :         {
     205           0 :           if((one->port && two->port
     206           0 :               && ascii_strcasecmp(one->port,two->port)==0)
     207           0 :              || (!one->port && !two->port))
     208           0 :             return 0;
     209             :         }
     210           0 :       else if(one->opaque && two->opaque
     211           0 :               && ascii_strcasecmp(one->opaque,two->opaque)==0)
     212           0 :         return 0;
     213             :     }
     214             : 
     215           0 :   return 1;
     216             : }
     217             : 
     218             : /* Try and match one of our keyservers.  If we can, return that.  If
     219             :    we can't, return our input. */
     220             : struct keyserver_spec *
     221           0 : keyserver_match(struct keyserver_spec *spec)
     222             : {
     223             :   struct keyserver_spec *ks;
     224             : 
     225           0 :   for(ks=opt.keyserver;ks;ks=ks->next)
     226           0 :     if(cmp_keyserver_spec(spec,ks)==0)
     227           0 :       return ks;
     228             : 
     229           0 :   return spec;
     230             : }
     231             : 
     232             : /* TODO: once we cut over to an all-curl world, we don't need this
     233             :    parser any longer so it can be removed, or at least moved to
     234             :    keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
     235             : 
     236             : keyserver_spec_t
     237         375 : parse_keyserver_uri (const char *string,int require_scheme)
     238             : {
     239         375 :   int assume_hkp=0;
     240             :   struct keyserver_spec *keyserver;
     241             :   const char *idx;
     242             :   int count;
     243             :   char *uri, *duped_uri, *options;
     244             : 
     245         375 :   log_assert (string);
     246             : 
     247         375 :   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
     248             : 
     249         375 :   duped_uri = uri = xstrdup (string);
     250             : 
     251         375 :   options=strchr(uri,' ');
     252         375 :   if(options)
     253             :     {
     254             :       char *tok;
     255             : 
     256           0 :       *options='\0';
     257           0 :       options++;
     258             : 
     259           0 :       while((tok=optsep(&options)))
     260           0 :         warn_kshelper_option (tok, 0);
     261             :     }
     262             : 
     263             :   /* Get the scheme */
     264             : 
     265        1500 :   for(idx=uri,count=0;*idx && *idx!=':';idx++)
     266             :     {
     267        1125 :       count++;
     268             : 
     269             :       /* Do we see the start of an RFC-2732 ipv6 address here?  If so,
     270             :          there clearly isn't a scheme so get out early. */
     271        1125 :       if(*idx=='[')
     272             :         {
     273             :           /* Was the '[' the first thing in the string?  If not, we
     274             :              have a mangled scheme with a [ in it so fail. */
     275           0 :           if(count==1)
     276           0 :             break;
     277             :           else
     278           0 :             goto fail;
     279             :         }
     280             :     }
     281             : 
     282         375 :   if(count==0)
     283           0 :     goto fail;
     284             : 
     285         375 :   if(*idx=='\0' || *idx=='[')
     286             :     {
     287           0 :       if(require_scheme)
     288           0 :         return NULL;
     289             : 
     290             :       /* Assume HKP if there is no scheme */
     291           0 :       assume_hkp=1;
     292           0 :       keyserver->scheme=xstrdup("hkp");
     293             : 
     294           0 :       keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
     295           0 :       strcpy(keyserver->uri,keyserver->scheme);
     296           0 :       strcat(keyserver->uri,"://");
     297           0 :       strcat(keyserver->uri,uri);
     298             :     }
     299             :   else
     300             :     {
     301             :       int i;
     302             : 
     303         375 :       keyserver->uri=xstrdup(uri);
     304             : 
     305         375 :       keyserver->scheme=xmalloc(count+1);
     306             : 
     307             :       /* Force to lowercase */
     308        1500 :       for(i=0;i<count;i++)
     309        1125 :         keyserver->scheme[i]=ascii_tolower(uri[i]);
     310             : 
     311         375 :       keyserver->scheme[i]='\0';
     312             : 
     313             :       /* Skip past the scheme and colon */
     314         375 :       uri+=count+1;
     315             :     }
     316             : 
     317         375 :   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
     318             :     {
     319           0 :       log_info ("keyserver option '%s' is obsolete\n",
     320             :                 "x-broken-hkp");
     321             :     }
     322         375 :   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
     323             :     {
     324             :       /* Canonicalize this to "hkp" so it works with both the internal
     325             :          and external keyserver interface. */
     326           0 :       xfree(keyserver->scheme);
     327           0 :       keyserver->scheme=xstrdup("hkp");
     328             :     }
     329             : 
     330         375 :   if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
     331             :     {
     332             :       /* Three slashes means network path with a default host name.
     333             :          This is a hack because it does not crok all possible
     334             :          combiantions.  We should better repalce all code bythe parser
     335             :          from http.c.  */
     336           0 :       keyserver->path = xstrdup (uri+2);
     337             :     }
     338         375 :   else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
     339             :     {
     340             :       /* Two slashes means network path. */
     341             : 
     342             :       /* Skip over the "//", if any */
     343         375 :       if(!assume_hkp)
     344         375 :         uri+=2;
     345             : 
     346             :       /* Do we have userinfo auth data present? */
     347        5625 :       for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
     348        5250 :         count++;
     349             : 
     350             :       /* We found a @ before the slash, so that means everything
     351             :          before the @ is auth data. */
     352         375 :       if(*idx=='@')
     353             :         {
     354           0 :           if(count==0)
     355           0 :             goto fail;
     356             : 
     357           0 :           keyserver->auth=xmalloc(count+1);
     358           0 :           strncpy(keyserver->auth,uri,count);
     359           0 :           keyserver->auth[count]='\0';
     360           0 :           uri+=count+1;
     361             :         }
     362             : 
     363             :       /* Is it an RFC-2732 ipv6 [literal address] ? */
     364         375 :       if(*uri=='[')
     365             :         {
     366           0 :           for(idx=uri+1,count=1;*idx
     367           0 :                 && ((isascii (*idx) && isxdigit(*idx))
     368           0 :                     || *idx==':' || *idx=='.');idx++)
     369           0 :             count++;
     370             : 
     371             :           /* Is the ipv6 literal address terminated? */
     372           0 :           if(*idx==']')
     373           0 :             count++;
     374             :           else
     375           0 :             goto fail;
     376             :         }
     377             :       else
     378        5625 :         for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
     379        5250 :           count++;
     380             : 
     381         375 :       if(count==0)
     382           0 :         goto fail;
     383             : 
     384         375 :       keyserver->host=xmalloc(count+1);
     385         375 :       strncpy(keyserver->host,uri,count);
     386         375 :       keyserver->host[count]='\0';
     387             : 
     388             :       /* Skip past the host */
     389         375 :       uri+=count;
     390             : 
     391         375 :       if(*uri==':')
     392             :         {
     393             :           /* It would seem to be reasonable to limit the range of the
     394             :              ports to values between 1-65535, but RFC 1738 and 1808
     395             :              imply there is no limit.  Of course, the real world has
     396             :              limits. */
     397             : 
     398           0 :           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
     399             :             {
     400           0 :               count++;
     401             : 
     402             :               /* Ports are digits only */
     403           0 :               if(!digitp(idx))
     404             :                 goto fail;
     405             :             }
     406             : 
     407           0 :           keyserver->port=xmalloc(count+1);
     408           0 :           strncpy(keyserver->port,uri+1,count);
     409           0 :           keyserver->port[count]='\0';
     410             : 
     411             :           /* Skip past the colon and port number */
     412           0 :           uri+=1+count;
     413             :         }
     414             : 
     415             :       /* Everything else is the path */
     416         375 :       if(*uri)
     417           0 :         keyserver->path=xstrdup(uri);
     418             :       else
     419         375 :         keyserver->path=xstrdup("/");
     420             : 
     421         750 :       if(keyserver->path[1])
     422           0 :         keyserver->flags.direct_uri=1;
     423             :     }
     424           0 :   else if(uri[0]!='/')
     425             :     {
     426             :       /* No slash means opaque.  Just record the opaque blob and get
     427             :          out. */
     428           0 :       keyserver->opaque=xstrdup(uri);
     429             :     }
     430             :   else
     431             :     {
     432             :       /* One slash means absolute path.  We don't need to support that
     433             :          yet. */
     434           0 :       goto fail;
     435             :     }
     436             : 
     437         375 :   xfree (duped_uri);
     438         375 :   return keyserver;
     439             : 
     440             :  fail:
     441           0 :   free_keyserver_spec(keyserver);
     442             : 
     443           0 :   xfree (duped_uri);
     444           0 :   return NULL;
     445             : }
     446             : 
     447             : struct keyserver_spec *
     448           0 : parse_preferred_keyserver(PKT_signature *sig)
     449             : {
     450           0 :   struct keyserver_spec *spec=NULL;
     451             :   const byte *p;
     452             :   size_t plen;
     453             : 
     454           0 :   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
     455           0 :   if(p && plen)
     456             :     {
     457           0 :       byte *dupe=xmalloc(plen+1);
     458             : 
     459           0 :       memcpy(dupe,p,plen);
     460           0 :       dupe[plen]='\0';
     461           0 :       spec = parse_keyserver_uri (dupe, 1);
     462           0 :       xfree(dupe);
     463             :     }
     464             : 
     465           0 :   return spec;
     466             : }
     467             : 
     468             : static void
     469           0 : print_keyrec(int number,struct keyrec *keyrec)
     470             : {
     471             :   int i;
     472             : 
     473           0 :   iobuf_writebyte(keyrec->uidbuf,0);
     474           0 :   iobuf_flush_temp(keyrec->uidbuf);
     475           0 :   es_printf ("(%d)\t%s  ", number, iobuf_get_temp_buffer (keyrec->uidbuf));
     476             : 
     477           0 :   if (keyrec->size>0)
     478           0 :     es_printf ("%d bit ", keyrec->size);
     479             : 
     480           0 :   if(keyrec->type)
     481             :     {
     482             :       const char *str;
     483             : 
     484           0 :       str = openpgp_pk_algo_name (keyrec->type);
     485             : 
     486           0 :       if (str && strcmp (str, "?"))
     487           0 :         es_printf ("%s ",str);
     488             :       else
     489           0 :         es_printf ("unknown ");
     490             :     }
     491             : 
     492           0 :   switch(keyrec->desc.mode)
     493             :     {
     494             :       /* If the keyserver helper gave us a short keyid, we have no
     495             :          choice but to use it.  Do check --keyid-format to add a 0x if
     496             :          needed. */
     497             :     case KEYDB_SEARCH_MODE_SHORT_KID:
     498           0 :       es_printf ("key %s%08lX",
     499           0 :                  (opt.keyid_format==KF_0xSHORT
     500           0 :                   || opt.keyid_format==KF_0xLONG)?"0x":"",
     501           0 :                  (ulong)keyrec->desc.u.kid[1]);
     502           0 :       break;
     503             : 
     504             :       /* However, if it gave us a long keyid, we can honor
     505             :          --keyid-format via keystr(). */
     506             :     case KEYDB_SEARCH_MODE_LONG_KID:
     507           0 :       es_printf ("key %s",keystr(keyrec->desc.u.kid));
     508           0 :       break;
     509             : 
     510             :       /* If it gave us a PGP 2.x fingerprint, not much we can do
     511             :          beyond displaying it. */
     512             :     case KEYDB_SEARCH_MODE_FPR16:
     513           0 :       es_printf ("key ");
     514           0 :       for(i=0;i<16;i++)
     515           0 :         es_printf ("%02X",keyrec->desc.u.fpr[i]);
     516           0 :       break;
     517             : 
     518             :       /* If we get a modern fingerprint, we have the most
     519             :          flexibility. */
     520             :     case KEYDB_SEARCH_MODE_FPR20:
     521             :       {
     522             :         u32 kid[2];
     523           0 :         keyid_from_fingerprint(keyrec->desc.u.fpr,20,kid);
     524           0 :         es_printf("key %s",keystr(kid));
     525             :       }
     526           0 :       break;
     527             : 
     528             :     default:
     529           0 :       BUG();
     530             :       break;
     531             :     }
     532             : 
     533           0 :   if(keyrec->createtime>0)
     534             :     {
     535           0 :       es_printf (", ");
     536           0 :       es_printf (_("created: %s"), strtimestamp(keyrec->createtime));
     537             :     }
     538             : 
     539           0 :   if(keyrec->expiretime>0)
     540             :     {
     541           0 :       es_printf (", ");
     542           0 :       es_printf (_("expires: %s"), strtimestamp(keyrec->expiretime));
     543             :     }
     544             : 
     545           0 :   if (keyrec->flags&1)
     546           0 :     es_printf (" (%s)", _("revoked"));
     547           0 :   if(keyrec->flags&2)
     548           0 :     es_printf (" (%s)", _("disabled"));
     549           0 :   if(keyrec->flags&4)
     550           0 :     es_printf (" (%s)", _("expired"));
     551             : 
     552           0 :   es_printf ("\n");
     553           0 : }
     554             : 
     555             : /* Returns a keyrec (which must be freed) once a key is complete, and
     556             :    NULL otherwise.  Call with a NULL keystring once key parsing is
     557             :    complete to return any unfinished keys. */
     558             : static struct keyrec *
     559           0 : parse_keyrec(char *keystring)
     560             : {
     561             :   /* FIXME: Remove the static and put the data into the parms we use
     562             :      for the caller anyway.  */
     563             :   static struct keyrec *work=NULL;
     564           0 :   struct keyrec *ret=NULL;
     565             :   char *record;
     566             :   int i;
     567             : 
     568           0 :   if(keystring==NULL)
     569             :     {
     570           0 :       if(work==NULL)
     571           0 :         return NULL;
     572           0 :       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
     573             :         {
     574           0 :           xfree(work);
     575           0 :           return NULL;
     576             :         }
     577             :       else
     578             :         {
     579           0 :           ret=work;
     580           0 :           work=NULL;
     581           0 :           return ret;
     582             :         }
     583             :     }
     584             : 
     585           0 :   if(work==NULL)
     586             :     {
     587           0 :       work=xmalloc_clear(sizeof(struct keyrec));
     588           0 :       work->uidbuf=iobuf_temp();
     589             :     }
     590             : 
     591           0 :   trim_trailing_ws (keystring, strlen (keystring));
     592             : 
     593           0 :   if((record=strsep(&keystring,":"))==NULL)
     594           0 :     return ret;
     595             : 
     596           0 :   if(ascii_strcasecmp("pub",record)==0)
     597             :     {
     598             :       char *tok;
     599             :       gpg_error_t err;
     600             : 
     601           0 :       if(work->desc.mode)
     602             :         {
     603           0 :           ret=work;
     604           0 :           work=xmalloc_clear(sizeof(struct keyrec));
     605           0 :           work->uidbuf=iobuf_temp();
     606             :         }
     607             : 
     608           0 :       if((tok=strsep(&keystring,":"))==NULL)
     609           0 :         return ret;
     610             : 
     611           0 :       err = classify_user_id (tok, &work->desc, 1);
     612           0 :       if (err || (work->desc.mode    != KEYDB_SEARCH_MODE_SHORT_KID
     613           0 :                   && work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID
     614           0 :                   && work->desc.mode != KEYDB_SEARCH_MODE_FPR16
     615           0 :                   && work->desc.mode != KEYDB_SEARCH_MODE_FPR20))
     616             :         {
     617           0 :           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
     618           0 :           return ret;
     619             :         }
     620             : 
     621             :       /* Note all items after this are optional.  This allows us to
     622             :          have a pub line as simple as pub:keyid and nothing else. */
     623             : 
     624           0 :       work->lines++;
     625             : 
     626           0 :       if((tok=strsep(&keystring,":"))==NULL)
     627           0 :         return ret;
     628             : 
     629           0 :       work->type=atoi(tok);
     630             : 
     631           0 :       if((tok=strsep(&keystring,":"))==NULL)
     632           0 :         return ret;
     633             : 
     634           0 :       work->size=atoi(tok);
     635             : 
     636           0 :       if((tok=strsep(&keystring,":"))==NULL)
     637           0 :         return ret;
     638             : 
     639           0 :       if(atoi(tok)<=0)
     640           0 :         work->createtime=0;
     641             :       else
     642           0 :         work->createtime=atoi(tok);
     643             : 
     644           0 :       if((tok=strsep(&keystring,":"))==NULL)
     645           0 :         return ret;
     646             : 
     647           0 :       if(atoi(tok)<=0)
     648           0 :         work->expiretime=0;
     649             :       else
     650             :         {
     651           0 :           work->expiretime=atoi(tok);
     652             :           /* Force the 'e' flag on if this key is expired. */
     653           0 :           if(work->expiretime<=make_timestamp())
     654           0 :             work->flags|=4;
     655             :         }
     656             : 
     657           0 :       if((tok=strsep(&keystring,":"))==NULL)
     658           0 :         return ret;
     659             : 
     660           0 :       while(*tok)
     661           0 :         switch(*tok++)
     662             :           {
     663             :           case 'r':
     664             :           case 'R':
     665           0 :             work->flags|=1;
     666           0 :             break;
     667             : 
     668             :           case 'd':
     669             :           case 'D':
     670           0 :             work->flags|=2;
     671           0 :             break;
     672             : 
     673             :           case 'e':
     674             :           case 'E':
     675           0 :             work->flags|=4;
     676           0 :             break;
     677             :           }
     678             :     }
     679           0 :   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
     680             :     {
     681             :       char *userid,*tok,*decoded;
     682             : 
     683           0 :       if((tok=strsep(&keystring,":"))==NULL)
     684           0 :         return ret;
     685             : 
     686           0 :       if(strlen(tok)==0)
     687           0 :         return ret;
     688             : 
     689           0 :       userid=tok;
     690             : 
     691             :       /* By definition, de-%-encoding is always smaller than the
     692             :          original string so we can decode in place. */
     693             : 
     694           0 :       i=0;
     695             : 
     696           0 :       while(*tok)
     697           0 :         if(tok[0]=='%' && tok[1] && tok[2])
     698           0 :           {
     699             :             int c;
     700             : 
     701           0 :             userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
     702           0 :             i++;
     703           0 :             tok+=3;
     704             :           }
     705             :         else
     706           0 :           userid[i++]=*tok++;
     707             : 
     708             :       /* We don't care about the other info provided in the uid: line
     709             :          since no keyserver supports marking userids with timestamps
     710             :          or revoked/expired/disabled yet. */
     711             : 
     712             :       /* No need to check for control characters, as utf8_to_native
     713             :          does this for us. */
     714             : 
     715           0 :       decoded=utf8_to_native(userid,i,0);
     716           0 :       if(strlen(decoded)>opt.screen_columns-10)
     717           0 :         decoded[opt.screen_columns-10]='\0';
     718           0 :       iobuf_writestr(work->uidbuf,decoded);
     719           0 :       xfree(decoded);
     720           0 :       iobuf_writestr(work->uidbuf,"\n\t");
     721           0 :       work->lines++;
     722             :     }
     723             : 
     724             :   /* Ignore any records other than "pri" and "uid" for easy future
     725             :      growth. */
     726             : 
     727           0 :   return ret;
     728             : }
     729             : 
     730             : /* Show a prompt and allow the user to select keys for retrieval.  */
     731             : static gpg_error_t
     732           0 : show_prompt (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int numdesc,
     733             :              int count, const char *search)
     734             : {
     735             :   gpg_error_t err;
     736           0 :   char *answer = NULL;
     737             : 
     738           0 :   es_fflush (es_stdout);
     739             : 
     740           0 :   if (count && opt.command_fd == -1)
     741             :     {
     742             :       static int from = 1;
     743           0 :       tty_printf ("Keys %d-%d of %d for \"%s\".  ",
     744             :                   from, numdesc, count, search);
     745           0 :       from = numdesc + 1;
     746             :     }
     747             : 
     748             :  again:
     749           0 :   err = 0;
     750           0 :   xfree (answer);
     751           0 :   answer = cpr_get_no_help ("keysearch.prompt",
     752           0 :                             _("Enter number(s), N)ext, or Q)uit > "));
     753             :   /* control-d */
     754           0 :   if (answer[0]=='\x04')
     755             :     {
     756           0 :       tty_printf ("Q\n");
     757           0 :       answer[0] = 'q';
     758             :     }
     759             : 
     760           0 :   if (answer[0]=='q' || answer[0]=='Q')
     761           0 :     err = gpg_error (GPG_ERR_CANCELED);
     762           0 :   else if (atoi (answer) >= 1 && atoi (answer) <= numdesc)
     763             :     {
     764           0 :       char *split = answer;
     765             :       char *num;
     766             :       int numarray[50];
     767           0 :       int numidx = 0;
     768             :       int idx;
     769             : 
     770           0 :       while ((num = strsep (&split, " ,")))
     771           0 :         if (atoi (num) >= 1 && atoi (num) <= numdesc)
     772             :           {
     773           0 :             if (numidx >= DIM (numarray))
     774             :               {
     775           0 :                 tty_printf ("Too many keys selected\n");
     776           0 :                 goto again;
     777             :               }
     778           0 :             numarray[numidx++] = atoi (num);
     779             :           }
     780             : 
     781           0 :       if (!numidx)
     782           0 :         goto again;
     783             : 
     784             :       {
     785             :         KEYDB_SEARCH_DESC *selarray;
     786             : 
     787           0 :         selarray = xtrymalloc (numidx * sizeof *selarray);
     788           0 :         if (!selarray)
     789             :           {
     790           0 :             err = gpg_error_from_syserror ();
     791           0 :             goto leave;
     792             :           }
     793           0 :         for (idx = 0; idx < numidx; idx++)
     794           0 :           selarray[idx] = desc[numarray[idx]-1];
     795           0 :         err = keyserver_get (ctrl, selarray, numidx, NULL, NULL, NULL);
     796           0 :         xfree (selarray);
     797             :       }
     798             :     }
     799             : 
     800             :  leave:
     801           0 :   xfree (answer);
     802           0 :   return err;
     803             : }
     804             : 
     805             : 
     806             : /* This is a callback used by call-dirmngr.c to process the result of
     807             :    KS_SEARCH command.  If SPECIAL is 0, LINE is the actual data line
     808             :    received with all escaping removed and guaranteed to be exactly one
     809             :    line with stripped LF; an EOF is indicated by LINE passed as NULL.
     810             :    If special is 1, the line contains the source of the information
     811             :    (usually an URL).  LINE may be modified after return.  */
     812             : static gpg_error_t
     813           0 : search_line_handler (void *opaque, int special, char *line)
     814             : {
     815           0 :   struct search_line_handler_parm_s *parm = opaque;
     816           0 :   gpg_error_t err = 0;
     817             :   struct keyrec *keyrec;
     818             : 
     819           0 :   if (special == 1)
     820             :     {
     821           0 :       log_info ("data source: %s\n", line);
     822           0 :       return 0;
     823             :     }
     824           0 :   else if (special)
     825             :     {
     826           0 :       log_debug ("unknown value %d for special search callback", special);
     827           0 :       return 0;
     828             :     }
     829             : 
     830           0 :   if (parm->eof_seen && line)
     831             :     {
     832           0 :       log_debug ("ooops: unexpected data after EOF\n");
     833           0 :       line = NULL;
     834             :     }
     835             : 
     836             :   /* Print the received line.  */
     837           0 :   if (opt.with_colons && line)
     838             :     {
     839           0 :       es_printf ("%s\n", line);
     840             :     }
     841             : 
     842             :   /* Look for an info: line.  The only current info: values defined
     843             :      are the version and key count. */
     844           0 :   if (line && !parm->any_lines && !ascii_strncasecmp ("info:", line, 5))
     845             :     {
     846           0 :       char *str = line + 5;
     847             :       char *tok;
     848             : 
     849           0 :       if ((tok = strsep (&str, ":")))
     850             :         {
     851             :           int version;
     852             : 
     853           0 :           if (sscanf (tok, "%d", &version) !=1 )
     854           0 :             version = 1;
     855             : 
     856           0 :           if (version !=1 )
     857             :             {
     858           0 :               log_error (_("invalid keyserver protocol "
     859             :                            "(us %d!=handler %d)\n"), 1, version);
     860           0 :               return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
     861             :             }
     862             :         }
     863             : 
     864           0 :       if ((tok = strsep (&str, ":"))
     865           0 :           && sscanf (tok, "%d", &parm->count) == 1)
     866             :         {
     867           0 :           if (!parm->count)
     868           0 :             parm->not_found = 1;/* Server indicated that no items follow.  */
     869           0 :           else if (parm->count < 0)
     870           0 :             parm->count = 10;   /* Bad value - assume something reasonable.  */
     871             :           else
     872           0 :             parm->validcount = 1; /* COUNT seems to be okay.  */
     873             :         }
     874             : 
     875           0 :       parm->any_lines = 1;
     876           0 :       return 0; /* Line processing finished.  */
     877             :     }
     878             : 
     879             :  again:
     880           0 :   if (line)
     881           0 :     keyrec = parse_keyrec (line);
     882             :   else
     883             :     {
     884             :       /* Received EOF - flush data */
     885           0 :       parm->eof_seen = 1;
     886           0 :       keyrec = parse_keyrec (NULL);
     887           0 :       if (!keyrec)
     888             :         {
     889           0 :           if (!parm->nkeys)
     890           0 :             parm->not_found = 1;  /* No keys at all.  */
     891             :           else
     892             :             {
     893           0 :               if (parm->nkeys != parm->count)
     894           0 :                 parm->validcount = 0;
     895             : 
     896           0 :               if (!(opt.with_colons && opt.batch))
     897             :                 {
     898           0 :                   err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
     899           0 :                                      parm->validcount? parm->count : 0,
     900           0 :                                      parm->searchstr_disp);
     901           0 :                   return err;
     902             :                 }
     903             :             }
     904             :         }
     905             :     }
     906             : 
     907             :   /* Save the key in the key array.  */
     908           0 :   if (keyrec)
     909             :     {
     910             :       /* Allocate or enlarge the key array if needed.  */
     911           0 :       if (!parm->desc)
     912             :         {
     913           0 :           if (parm->count < 1)
     914             :             {
     915           0 :               parm->count = 10;
     916           0 :               parm->validcount = 0;
     917             :             }
     918           0 :           parm->desc = xtrymalloc (parm->count * sizeof *parm->desc);
     919           0 :           if (!parm->desc)
     920             :             {
     921           0 :               err = gpg_error_from_syserror ();
     922           0 :               iobuf_close (keyrec->uidbuf);
     923           0 :               xfree (keyrec);
     924           0 :               return err;
     925             :             }
     926             :         }
     927           0 :       else if (parm->nkeys == parm->count)
     928             :         {
     929             :           /* Keyserver sent more keys than claimed in the info: line. */
     930             :           KEYDB_SEARCH_DESC *tmp;
     931           0 :           int newcount = parm->count + 10;
     932             : 
     933           0 :           tmp = xtryrealloc (parm->desc, newcount * sizeof *parm->desc);
     934           0 :           if (!tmp)
     935             :             {
     936           0 :               err = gpg_error_from_syserror ();
     937           0 :               iobuf_close (keyrec->uidbuf);
     938           0 :               xfree (keyrec);
     939           0 :               return err;
     940             :             }
     941           0 :           parm->count = newcount;
     942           0 :           parm->desc = tmp;
     943           0 :           parm->validcount = 0;
     944             :         }
     945             : 
     946           0 :       parm->desc[parm->nkeys] = keyrec->desc;
     947             : 
     948           0 :       if (!opt.with_colons)
     949             :         {
     950             :           /* SCREEN_LINES - 1 for the prompt. */
     951           0 :           if (parm->numlines + keyrec->lines > opt.screen_lines - 1)
     952             :             {
     953           0 :               err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
     954           0 :                                  parm->validcount ? parm->count:0,
     955           0 :                                  parm->searchstr_disp);
     956           0 :               if (err)
     957           0 :                 return err;
     958           0 :               parm->numlines = 0;
     959             :             }
     960             : 
     961           0 :           print_keyrec (parm->nkeys+1, keyrec);
     962             :         }
     963             : 
     964           0 :       parm->numlines += keyrec->lines;
     965           0 :       iobuf_close (keyrec->uidbuf);
     966           0 :       xfree (keyrec);
     967             : 
     968           0 :       parm->any_lines = 1;
     969           0 :       parm->nkeys++;
     970             : 
     971             :       /* If we are here due to a flush after the EOF, run again for
     972             :          the last prompt.  Fixme: Make this code better readable. */
     973           0 :       if (parm->eof_seen)
     974           0 :         goto again;
     975             :     }
     976             : 
     977           0 :   return 0;
     978             : }
     979             : 
     980             : 
     981             : 
     982             : int
     983           0 : keyserver_export (ctrl_t ctrl, strlist_t users)
     984             : {
     985             :   gpg_error_t err;
     986           0 :   strlist_t sl=NULL;
     987             :   KEYDB_SEARCH_DESC desc;
     988           0 :   int rc=0;
     989             : 
     990             :   /* Weed out descriptors that we don't support sending */
     991           0 :   for(;users;users=users->next)
     992             :     {
     993           0 :       err = classify_user_id (users->d, &desc, 1);
     994           0 :       if (err || (desc.mode    != KEYDB_SEARCH_MODE_SHORT_KID
     995           0 :                   && desc.mode != KEYDB_SEARCH_MODE_LONG_KID
     996           0 :                   && desc.mode != KEYDB_SEARCH_MODE_FPR16
     997           0 :                   && desc.mode != KEYDB_SEARCH_MODE_FPR20))
     998             :         {
     999           0 :           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
    1000           0 :           continue;
    1001             :         }
    1002             :       else
    1003           0 :         append_to_strlist(&sl,users->d);
    1004             :     }
    1005             : 
    1006           0 :   if(sl)
    1007             :     {
    1008           0 :       rc = keyserver_put (ctrl, sl);
    1009           0 :       free_strlist(sl);
    1010             :     }
    1011             : 
    1012           0 :   return rc;
    1013             : }
    1014             : 
    1015             : 
    1016             : /* Structure to convey the arg to keyserver_retrieval_screener.  */
    1017             : struct ks_retrieval_screener_arg_s
    1018             : {
    1019             :   KEYDB_SEARCH_DESC *desc;
    1020             :   int ndesc;
    1021             : };
    1022             : 
    1023             : 
    1024             : /* Check whether a key matches the search description.  The function
    1025             :    returns 0 if the key shall be imported.  */
    1026             : static gpg_error_t
    1027           0 : keyserver_retrieval_screener (kbnode_t keyblock, void *opaque)
    1028             : {
    1029           0 :   struct ks_retrieval_screener_arg_s *arg = opaque;
    1030           0 :   KEYDB_SEARCH_DESC *desc = arg->desc;
    1031           0 :   int ndesc = arg->ndesc;
    1032             :   kbnode_t node;
    1033             :   PKT_public_key *pk;
    1034             :   int n;
    1035             :   u32 keyid[2];
    1036             :   byte fpr[MAX_FINGERPRINT_LEN];
    1037           0 :   size_t fpr_len = 0;
    1038             : 
    1039             :   /* Secret keys are not expected from a keyserver.  We do not
    1040             :      care about secret subkeys because the import code takes care
    1041             :      of skipping them.  Not allowing an import of a public key
    1042             :      with a secret subkey would make it too easy to inhibit the
    1043             :      downloading of a public key.  Recall that keyservers do only
    1044             :      limited checks.  */
    1045           0 :   node = find_kbnode (keyblock, PKT_SECRET_KEY);
    1046           0 :   if (node)
    1047           0 :     return gpg_error (GPG_ERR_GENERAL);   /* Do not import. */
    1048             : 
    1049           0 :   if (!ndesc)
    1050           0 :     return 0; /* Okay if no description given.  */
    1051             : 
    1052             :   /* Loop over all key packets.  */
    1053           0 :   for (node = keyblock; node; node = node->next)
    1054             :     {
    1055           0 :       if (node->pkt->pkttype != PKT_PUBLIC_KEY
    1056           0 :           && node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
    1057           0 :         continue;
    1058             : 
    1059           0 :       pk = node->pkt->pkt.public_key;
    1060           0 :       fingerprint_from_pk (pk, fpr, &fpr_len);
    1061           0 :       keyid_from_pk (pk, keyid);
    1062             : 
    1063             :       /* Compare requested and returned fingerprints if available. */
    1064           0 :       for (n = 0; n < ndesc; n++)
    1065             :         {
    1066           0 :           if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
    1067             :             {
    1068           0 :               if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
    1069           0 :                 return 0;
    1070             :             }
    1071           0 :           else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
    1072             :             {
    1073           0 :               if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
    1074           0 :                 return 0;
    1075             :             }
    1076           0 :           else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
    1077             :             {
    1078           0 :               if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
    1079           0 :                 return 0;
    1080             :             }
    1081           0 :           else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
    1082             :             {
    1083           0 :               if (keyid[1] == desc[n].u.kid[1])
    1084           0 :                 return 0;
    1085             :             }
    1086             :           else /* No keyid or fingerprint - can't check.  */
    1087           0 :             return 0; /* allow import.  */
    1088             :         }
    1089             :     }
    1090             : 
    1091           0 :   return gpg_error (GPG_ERR_GENERAL);
    1092             : }
    1093             : 
    1094             : 
    1095             : int
    1096           0 : keyserver_import (ctrl_t ctrl, strlist_t users)
    1097             : {
    1098             :   gpg_error_t err;
    1099             :   KEYDB_SEARCH_DESC *desc;
    1100           0 :   int num=100,count=0;
    1101           0 :   int rc=0;
    1102             : 
    1103             :   /* Build a list of key ids */
    1104           0 :   desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
    1105             : 
    1106           0 :   for(;users;users=users->next)
    1107             :     {
    1108           0 :       err = classify_user_id (users->d, &desc[count], 1);
    1109           0 :       if (err || (desc[count].mode    != KEYDB_SEARCH_MODE_SHORT_KID
    1110           0 :                   && desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID
    1111           0 :                   && desc[count].mode != KEYDB_SEARCH_MODE_FPR16
    1112           0 :                   && desc[count].mode != KEYDB_SEARCH_MODE_FPR20))
    1113             :         {
    1114           0 :           log_error (_("\"%s\" not a key ID: skipping\n"), users->d);
    1115           0 :           continue;
    1116             :         }
    1117             : 
    1118           0 :       count++;
    1119           0 :       if(count==num)
    1120             :         {
    1121           0 :           num+=100;
    1122           0 :           desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
    1123             :         }
    1124             :     }
    1125             : 
    1126           0 :   if(count>0)
    1127           0 :     rc=keyserver_get (ctrl, desc, count, NULL, NULL, NULL);
    1128             : 
    1129           0 :   xfree(desc);
    1130             : 
    1131           0 :   return rc;
    1132             : }
    1133             : 
    1134             : 
    1135             : /* Return true if any keyserver has been configured. */
    1136             : int
    1137           0 : keyserver_any_configured (ctrl_t ctrl)
    1138             : {
    1139           0 :   return !gpg_dirmngr_ks_list (ctrl, NULL);
    1140             : }
    1141             : 
    1142             : 
    1143             : /* Import all keys that exactly match NAME */
    1144             : int
    1145           0 : keyserver_import_name (ctrl_t ctrl, const char *name,
    1146             :                        unsigned char **fpr, size_t *fprlen,
    1147             :                        struct keyserver_spec *keyserver)
    1148             : {
    1149             :   KEYDB_SEARCH_DESC desc;
    1150             : 
    1151           0 :   memset (&desc, 0, sizeof desc);
    1152             : 
    1153           0 :   desc.mode = KEYDB_SEARCH_MODE_EXACT;
    1154           0 :   desc.u.name = name;
    1155             : 
    1156           0 :   return keyserver_get (ctrl, &desc, 1, keyserver, fpr, fprlen);
    1157             : }
    1158             : 
    1159             : 
    1160             : int
    1161           0 : keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
    1162             :                          struct keyserver_spec *keyserver)
    1163             : {
    1164             :   KEYDB_SEARCH_DESC desc;
    1165             : 
    1166           0 :   memset(&desc,0,sizeof(desc));
    1167             : 
    1168           0 :   if(fprint_len==16)
    1169           0 :     desc.mode=KEYDB_SEARCH_MODE_FPR16;
    1170           0 :   else if(fprint_len==20)
    1171           0 :     desc.mode=KEYDB_SEARCH_MODE_FPR20;
    1172             :   else
    1173           0 :     return -1;
    1174             : 
    1175           0 :   memcpy(desc.u.fpr,fprint,fprint_len);
    1176             : 
    1177             :   /* TODO: Warn here if the fingerprint we got doesn't match the one
    1178             :      we asked for? */
    1179           0 :   return keyserver_get (ctrl, &desc, 1, keyserver, NULL, NULL);
    1180             : }
    1181             : 
    1182             : int
    1183           0 : keyserver_import_keyid (ctrl_t ctrl,
    1184             :                         u32 *keyid,struct keyserver_spec *keyserver)
    1185             : {
    1186             :   KEYDB_SEARCH_DESC desc;
    1187             : 
    1188           0 :   memset(&desc,0,sizeof(desc));
    1189             : 
    1190           0 :   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
    1191           0 :   desc.u.kid[0]=keyid[0];
    1192           0 :   desc.u.kid[1]=keyid[1];
    1193             : 
    1194           0 :   return keyserver_get (ctrl, &desc,1, keyserver, NULL, NULL);
    1195             : }
    1196             : 
    1197             : /* code mostly stolen from do_export_stream */
    1198             : static int
    1199           0 : keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
    1200             : {
    1201           0 :   int rc = 0;
    1202           0 :   int num = 100;
    1203           0 :   kbnode_t keyblock = NULL;
    1204             :   kbnode_t node;
    1205             :   KEYDB_HANDLE kdbhd;
    1206             :   int ndesc;
    1207           0 :   KEYDB_SEARCH_DESC *desc = NULL;
    1208             :   strlist_t sl;
    1209             : 
    1210           0 :   *count=0;
    1211             : 
    1212           0 :   *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
    1213             : 
    1214           0 :   kdbhd = keydb_new ();
    1215           0 :   if (!kdbhd)
    1216             :     {
    1217           0 :       rc = gpg_error_from_syserror ();
    1218           0 :       goto leave;
    1219             :     }
    1220           0 :   keydb_disable_caching (kdbhd);  /* We are looping the search.  */
    1221             : 
    1222           0 :   if(!users)
    1223             :     {
    1224           0 :       ndesc = 1;
    1225           0 :       desc = xmalloc_clear ( ndesc * sizeof *desc);
    1226           0 :       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
    1227             :     }
    1228             :   else
    1229             :     {
    1230           0 :       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
    1231             :         ;
    1232           0 :       desc = xmalloc ( ndesc * sizeof *desc);
    1233             : 
    1234           0 :       for (ndesc=0, sl=users; sl; sl = sl->next)
    1235             :         {
    1236             :           gpg_error_t err;
    1237           0 :           if (!(err = classify_user_id (sl->d, desc+ndesc, 1)))
    1238           0 :             ndesc++;
    1239             :           else
    1240           0 :             log_error (_("key \"%s\" not found: %s\n"),
    1241           0 :                        sl->d, gpg_strerror (err));
    1242             :         }
    1243             :     }
    1244             : 
    1245             :   for (;;)
    1246             :     {
    1247           0 :       rc = keydb_search (kdbhd, desc, ndesc, NULL);
    1248           0 :       if (rc)
    1249           0 :         break;  /* ready.  */
    1250             : 
    1251           0 :       if (!users)
    1252           0 :         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
    1253             : 
    1254             :       /* read the keyblock */
    1255           0 :       rc = keydb_get_keyblock (kdbhd, &keyblock );
    1256           0 :       if( rc )
    1257             :         {
    1258           0 :           log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
    1259           0 :           goto leave;
    1260             :         }
    1261             : 
    1262           0 :       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
    1263             :         {
    1264             :           /* This is to work around a bug in some keyservers (pksd and
    1265             :              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
    1266             :              The answer is to refresh both the correct v4 keyid
    1267             :              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
    1268             :              This only happens for key refresh using the HKP scheme
    1269             :              and if the refresh-add-fake-v3-keyids keyserver option is
    1270             :              set. */
    1271           0 :           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
    1272           0 :              node->pkt->pkt.public_key->version>=4)
    1273             :             {
    1274           0 :               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
    1275           0 :               v3_keyid (node->pkt->pkt.public_key->pkey[0],
    1276           0 :                         (*klist)[*count].u.kid);
    1277           0 :               (*count)++;
    1278             : 
    1279           0 :               if(*count==num)
    1280             :                 {
    1281           0 :                   num+=100;
    1282           0 :                   *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
    1283             :                 }
    1284             :             }
    1285             : 
    1286             :           /* v4 keys get full fingerprints.  v3 keys get long keyids.
    1287             :              This is because it's easy to calculate any sort of keyid
    1288             :              from a v4 fingerprint, but not a v3 fingerprint. */
    1289             : 
    1290           0 :           if(node->pkt->pkt.public_key->version<4)
    1291             :             {
    1292           0 :               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
    1293           0 :               keyid_from_pk(node->pkt->pkt.public_key,
    1294           0 :                             (*klist)[*count].u.kid);
    1295             :             }
    1296             :           else
    1297             :             {
    1298             :               size_t dummy;
    1299             : 
    1300           0 :               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
    1301           0 :               fingerprint_from_pk(node->pkt->pkt.public_key,
    1302           0 :                                   (*klist)[*count].u.fpr,&dummy);
    1303             :             }
    1304             : 
    1305             :           /* This is a little hackish, using the skipfncvalue as a
    1306             :              void* pointer to the keyserver spec, but we don't need
    1307             :              the skipfnc here, and it saves having an additional field
    1308             :              for this (which would be wasted space most of the
    1309             :              time). */
    1310             : 
    1311           0 :           (*klist)[*count].skipfncvalue=NULL;
    1312             : 
    1313             :           /* Are we honoring preferred keyservers? */
    1314           0 :           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
    1315             :             {
    1316           0 :               PKT_user_id *uid=NULL;
    1317           0 :               PKT_signature *sig=NULL;
    1318             : 
    1319           0 :               merge_keys_and_selfsig(keyblock);
    1320             : 
    1321           0 :               for(node=node->next;node;node=node->next)
    1322             :                 {
    1323           0 :                   if(node->pkt->pkttype==PKT_USER_ID
    1324           0 :                      && node->pkt->pkt.user_id->is_primary)
    1325           0 :                     uid=node->pkt->pkt.user_id;
    1326           0 :                   else if(node->pkt->pkttype==PKT_SIGNATURE
    1327           0 :                           && node->pkt->pkt.signature->
    1328           0 :                           flags.chosen_selfsig && uid)
    1329             :                     {
    1330           0 :                       sig=node->pkt->pkt.signature;
    1331           0 :                       break;
    1332             :                     }
    1333             :                 }
    1334             : 
    1335             :               /* Try and parse the keyserver URL.  If it doesn't work,
    1336             :                  then we end up writing NULL which indicates we are
    1337             :                  the same as any other key. */
    1338           0 :               if(sig)
    1339           0 :                 (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
    1340             :             }
    1341             : 
    1342           0 :           (*count)++;
    1343             : 
    1344           0 :           if(*count==num)
    1345             :             {
    1346           0 :               num+=100;
    1347           0 :               *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
    1348             :             }
    1349             :         }
    1350           0 :     }
    1351             : 
    1352           0 :   if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
    1353           0 :     rc = 0;
    1354             : 
    1355             :  leave:
    1356           0 :   if(rc)
    1357             :     {
    1358           0 :       xfree(*klist);
    1359           0 :       *klist = NULL;
    1360             :     }
    1361           0 :   xfree(desc);
    1362           0 :   keydb_release(kdbhd);
    1363           0 :   release_kbnode(keyblock);
    1364             : 
    1365           0 :   return rc;
    1366             : }
    1367             : 
    1368             : /* Note this is different than the original HKP refresh.  It allows
    1369             :    usernames to refresh only part of the keyring. */
    1370             : 
    1371             : gpg_error_t
    1372           0 : keyserver_refresh (ctrl_t ctrl, strlist_t users)
    1373             : {
    1374             :   gpg_error_t err;
    1375             :   int count, numdesc;
    1376           0 :   int fakev3 = 0;
    1377             :   KEYDB_SEARCH_DESC *desc;
    1378           0 :   unsigned int options=opt.keyserver_options.import_options;
    1379             : 
    1380             :   /* We switch merge-only on during a refresh, as 'refresh' should
    1381             :      never import new keys, even if their keyids match. */
    1382           0 :   opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
    1383             : 
    1384             :   /* Similarly, we switch on fast-import, since refresh may make
    1385             :      multiple import sets (due to preferred keyserver URLs).  We don't
    1386             :      want each set to rebuild the trustdb.  Instead we do it once at
    1387             :      the end here. */
    1388           0 :   opt.keyserver_options.import_options|=IMPORT_FAST;
    1389             : 
    1390             :   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
    1391             :      scheme, then enable fake v3 keyid generation.  Note that this
    1392             :      works only with a keyserver configured. gpg.conf
    1393             :      (i.e. opt.keyserver); however that method of configuring a
    1394             :      keyserver is deprecated and in any case it is questionable
    1395             :      whether we should keep on supporting these ancient and broken
    1396             :      keyservers.  */
    1397           0 :   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
    1398           0 :      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
    1399           0 :          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
    1400           0 :     fakev3=1;
    1401             : 
    1402           0 :   err = keyidlist (users, &desc, &numdesc, fakev3);
    1403           0 :   if (err)
    1404           0 :     return err;
    1405             : 
    1406           0 :   count=numdesc;
    1407           0 :   if(count>0)
    1408             :     {
    1409             :       int i;
    1410             : 
    1411             :       /* Try to handle preferred keyserver keys first */
    1412           0 :       for(i=0;i<numdesc;i++)
    1413             :         {
    1414           0 :           if(desc[i].skipfncvalue)
    1415             :             {
    1416           0 :               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
    1417             : 
    1418           0 :               if (!opt.quiet)
    1419           0 :                 log_info (_("refreshing %d key from %s\n"), 1, keyserver->uri);
    1420             : 
    1421             :               /* We use the keyserver structure we parsed out before.
    1422             :                  Note that a preferred keyserver without a scheme://
    1423             :                  will be interpreted as hkp:// */
    1424           0 :               err = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
    1425           0 :               if (err)
    1426           0 :                 log_info(_("WARNING: unable to refresh key %s"
    1427           0 :                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
    1428             :                          keyserver->uri,gpg_strerror (err));
    1429             :               else
    1430             :                 {
    1431             :                   /* We got it, so mark it as NONE so we don't try and
    1432             :                      get it again from the regular keyserver. */
    1433             : 
    1434           0 :                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
    1435           0 :                   count--;
    1436             :                 }
    1437             : 
    1438           0 :               free_keyserver_spec(keyserver);
    1439             :             }
    1440             :         }
    1441             :     }
    1442             : 
    1443           0 :   if(count>0)
    1444             :     {
    1445             :       char *tmpuri;
    1446             : 
    1447           0 :       err = gpg_dirmngr_ks_list (ctrl, &tmpuri);
    1448           0 :       if (!err)
    1449             :         {
    1450           0 :           if (!opt.quiet)
    1451             :             {
    1452           0 :               log_info (ngettext("refreshing %d key from %s\n",
    1453             :                                  "refreshing %d keys from %s\n",
    1454             :                                  count), count, tmpuri);
    1455             :             }
    1456           0 :           xfree (tmpuri);
    1457             : 
    1458           0 :           err = keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
    1459             :         }
    1460             :     }
    1461             : 
    1462           0 :   xfree(desc);
    1463             : 
    1464           0 :   opt.keyserver_options.import_options=options;
    1465             : 
    1466             :   /* If the original options didn't have fast import, and the trustdb
    1467             :      is dirty, rebuild. */
    1468           0 :   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
    1469           0 :     check_or_update_trustdb (ctrl);
    1470             : 
    1471           0 :   return err;
    1472             : }
    1473             : 
    1474             : 
    1475             : /* Search for keys on the keyservers.  The patterns are given in the
    1476             :    string list TOKENS.  */
    1477             : gpg_error_t
    1478           0 : keyserver_search (ctrl_t ctrl, strlist_t tokens)
    1479             : {
    1480             :   gpg_error_t err;
    1481             :   char *searchstr;
    1482             :   struct search_line_handler_parm_s parm;
    1483             : 
    1484           0 :   memset (&parm, 0, sizeof parm);
    1485             : 
    1486           0 :   if (!tokens)
    1487           0 :     return 0;  /* Return success if no patterns are given.  */
    1488             : 
    1489             :   /* Write global options */
    1490             : 
    1491             :   /* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
    1492             :   /*   es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
    1493             : 
    1494             :   /* Write per-keyserver options */
    1495             : 
    1496             :   /* for(temp=keyserver->options;temp;temp=temp->next) */
    1497             :   /*   es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
    1498             : 
    1499             :   {
    1500             :     membuf_t mb;
    1501             :     strlist_t item;
    1502             : 
    1503           0 :     init_membuf (&mb, 1024);
    1504           0 :     for (item = tokens; item; item = item->next)
    1505             :     {
    1506           0 :       if (item != tokens)
    1507           0 :         put_membuf (&mb, " ", 1);
    1508           0 :       put_membuf_str (&mb, item->d);
    1509             :     }
    1510           0 :     put_membuf (&mb, "", 1); /* Append Nul.  */
    1511           0 :     searchstr = get_membuf (&mb, NULL);
    1512           0 :     if (!searchstr)
    1513             :       {
    1514           0 :         err = gpg_error_from_syserror ();
    1515           0 :         goto leave;
    1516             :       }
    1517             :   }
    1518             :   /* FIXME: Enable the next line */
    1519             :   /* log_info (_("searching for \"%s\" from %s\n"), searchstr, keyserver->uri); */
    1520             : 
    1521           0 :   parm.ctrl = ctrl;
    1522           0 :   if (searchstr)
    1523           0 :     parm.searchstr_disp = utf8_to_native (searchstr, strlen (searchstr), 0);
    1524             : 
    1525           0 :   err = gpg_dirmngr_ks_search (ctrl, searchstr, search_line_handler, &parm);
    1526             : 
    1527           0 :   if (parm.not_found)
    1528             :     {
    1529           0 :       if (parm.searchstr_disp)
    1530           0 :         log_info (_("key \"%s\" not found on keyserver\n"),
    1531             :                   parm.searchstr_disp);
    1532             :       else
    1533           0 :         log_info (_("key not found on keyserver\n"));
    1534             :     }
    1535             : 
    1536           0 :   if (gpg_err_code (err) == GPG_ERR_NO_KEYSERVER)
    1537           0 :     log_error (_("no keyserver known (use option --keyserver)\n"));
    1538           0 :   else if (err)
    1539           0 :     log_error ("error searching keyserver: %s\n", gpg_strerror (err));
    1540             : 
    1541             :   /* switch(ret) */
    1542             :   /*   { */
    1543             :   /*   case KEYSERVER_SCHEME_NOT_FOUND: */
    1544             :   /*     log_error(_("no handler for keyserver scheme '%s'\n"), */
    1545             :   /*        opt.keyserver->scheme); */
    1546             :   /*     break; */
    1547             : 
    1548             :   /*   case KEYSERVER_NOT_SUPPORTED: */
    1549             :   /*     log_error(_("action '%s' not supported with keyserver " */
    1550             :   /*          "scheme '%s'\n"), "search", opt.keyserver->scheme); */
    1551             :   /*     break; */
    1552             : 
    1553             :   /*   case KEYSERVER_TIMEOUT: */
    1554             :   /*     log_error(_("keyserver timed out\n")); */
    1555             :   /*     break; */
    1556             : 
    1557             :   /*   case KEYSERVER_INTERNAL_ERROR: */
    1558             :   /*   default: */
    1559             :   /*     log_error(_("keyserver internal error\n")); */
    1560             :   /*     break; */
    1561             :   /*   } */
    1562             : 
    1563             :   /* return gpg_error (GPG_ERR_KEYSERVER); */
    1564             : 
    1565             : 
    1566             :  leave:
    1567           0 :   xfree (parm.desc);
    1568           0 :   xfree (parm.searchstr_disp);
    1569           0 :   xfree(searchstr);
    1570             : 
    1571           0 :   return err;
    1572             : }
    1573             : 
    1574             : /* Helper for keyserver_get.  Here we only receive a chunk of the
    1575             :    description to be processed in one batch.  This is required due to
    1576             :    the limited number of patterns the dirmngr interface (KS_GET) can
    1577             :    grok and to limit the amount of temporary required memory.  */
    1578             : static gpg_error_t
    1579           0 : keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
    1580             :                      int *r_ndesc_used,
    1581             :                      import_stats_t stats_handle,
    1582             :                      struct keyserver_spec *override_keyserver,
    1583             :                      unsigned char **r_fpr, size_t *r_fprlen)
    1584             : 
    1585             : {
    1586           0 :   gpg_error_t err = 0;
    1587             :   char **pattern;
    1588             :   int idx, npat;
    1589             :   estream_t datastream;
    1590           0 :   char *source = NULL;
    1591             :   size_t linelen;  /* Estimated linelen for KS_GET.  */
    1592             :   size_t n;
    1593             : 
    1594             : #define MAX_KS_GET_LINELEN 950  /* Somewhat lower than the real limit.  */
    1595             : 
    1596           0 :   *r_ndesc_used = 0;
    1597             : 
    1598             :   /* Create an array filled with a search pattern for each key.  The
    1599             :      array is delimited by a NULL entry.  */
    1600           0 :   pattern = xtrycalloc (ndesc+1, sizeof *pattern);
    1601           0 :   if (!pattern)
    1602           0 :     return gpg_error_from_syserror ();
    1603             : 
    1604             :   /* Note that we break the loop as soon as our estimation of the to
    1605             :      be used line length reaches the limit.  But we do this only if we
    1606             :      have processed at leas one search requests so that an overlong
    1607             :      single request will be rejected only later by gpg_dirmngr_ks_get
    1608             :      but we are sure that R_NDESC_USED has been updated.  This avoids
    1609             :      a possible indefinite loop.  */
    1610           0 :   linelen = 9; /* "KS_GET --" */
    1611           0 :   for (npat=idx=0; idx < ndesc; idx++)
    1612             :     {
    1613           0 :       int quiet = 0;
    1614             : 
    1615           0 :       if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
    1616           0 :           || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
    1617             :         {
    1618           0 :           n = 1+2+2*20;
    1619           0 :           if (idx && linelen + n > MAX_KS_GET_LINELEN)
    1620           0 :             break; /* Declare end of this chunk.  */
    1621           0 :           linelen += n;
    1622             : 
    1623           0 :           pattern[npat] = xtrymalloc (n);
    1624           0 :           if (!pattern[npat])
    1625           0 :             err = gpg_error_from_syserror ();
    1626             :           else
    1627             :             {
    1628           0 :               strcpy (pattern[npat], "0x");
    1629           0 :               bin2hex (desc[idx].u.fpr,
    1630           0 :                        desc[idx].mode == KEYDB_SEARCH_MODE_FPR20? 20 : 16,
    1631           0 :                        pattern[npat]+2);
    1632           0 :               npat++;
    1633             :             }
    1634             :         }
    1635           0 :       else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
    1636             :         {
    1637           0 :           n = 1+2+16;
    1638           0 :           if (idx && linelen + n > MAX_KS_GET_LINELEN)
    1639           0 :             break; /* Declare end of this chunk.  */
    1640           0 :           linelen += n;
    1641             : 
    1642           0 :           pattern[npat] = xtryasprintf ("0x%08lX%08lX",
    1643           0 :                                         (ulong)desc[idx].u.kid[0],
    1644           0 :                                         (ulong)desc[idx].u.kid[1]);
    1645           0 :           if (!pattern[npat])
    1646           0 :             err = gpg_error_from_syserror ();
    1647             :           else
    1648           0 :             npat++;
    1649             :         }
    1650           0 :       else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
    1651             :         {
    1652           0 :           n = 1+2+8;
    1653           0 :           if (idx && linelen + n > MAX_KS_GET_LINELEN)
    1654           0 :             break; /* Declare end of this chunk.  */
    1655           0 :           linelen += n;
    1656             : 
    1657           0 :           pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
    1658           0 :           if (!pattern[npat])
    1659           0 :             err = gpg_error_from_syserror ();
    1660             :           else
    1661           0 :             npat++;
    1662             :         }
    1663           0 :       else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
    1664             :         {
    1665             :           /* The Dirmngr also uses classify_user_id to detect the type
    1666             :              of the search string.  By adding the '=' prefix we force
    1667             :              Dirmngr's KS_GET to consider this an exact search string.
    1668             :              (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
    1669             :              KS_GETNAME command to indicate this.)  */
    1670             : 
    1671           0 :           n = 1+1+strlen (desc[idx].u.name);
    1672           0 :           if (idx && linelen + n > MAX_KS_GET_LINELEN)
    1673           0 :             break; /* Declare end of this chunk.  */
    1674           0 :           linelen += n;
    1675             : 
    1676           0 :           pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
    1677           0 :           if (!pattern[npat])
    1678           0 :             err = gpg_error_from_syserror ();
    1679             :           else
    1680             :             {
    1681           0 :               npat++;
    1682           0 :               quiet = 1;
    1683             :             }
    1684             :         }
    1685           0 :       else if (desc[idx].mode == KEYDB_SEARCH_MODE_NONE)
    1686           0 :         continue;
    1687             :       else
    1688           0 :         BUG();
    1689             : 
    1690           0 :       if (err)
    1691             :         {
    1692           0 :           for (idx=0; idx < npat; idx++)
    1693           0 :             xfree (pattern[idx]);
    1694           0 :           xfree (pattern);
    1695           0 :           return err;
    1696             :         }
    1697             : 
    1698           0 :       if (!quiet && override_keyserver)
    1699             :         {
    1700           0 :           if (override_keyserver->host)
    1701           0 :             log_info (_("requesting key %s from %s server %s\n"),
    1702           0 :                       keystr_from_desc (&desc[idx]),
    1703             :                       override_keyserver->scheme, override_keyserver->host);
    1704             :           else
    1705           0 :             log_info (_("requesting key %s from %s\n"),
    1706           0 :                       keystr_from_desc (&desc[idx]), override_keyserver->uri);
    1707             :         }
    1708             :     }
    1709             : 
    1710             :   /* Remember now many of search items were considered.  Note that
    1711             :      this is different from NPAT.  */
    1712           0 :   *r_ndesc_used = idx;
    1713             : 
    1714           0 :   err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver,
    1715             :                             &datastream, &source);
    1716           0 :   for (idx=0; idx < npat; idx++)
    1717           0 :     xfree (pattern[idx]);
    1718           0 :   xfree (pattern);
    1719           0 :   if (opt.verbose && source)
    1720           0 :     log_info ("data source: %s\n", source);
    1721             : 
    1722           0 :   if (!err)
    1723             :     {
    1724             :       struct ks_retrieval_screener_arg_s screenerarg;
    1725             : 
    1726             :       /* FIXME: Check whether this comment should be moved to dirmngr.
    1727             : 
    1728             :          Slurp up all the key data.  In the future, it might be nice
    1729             :          to look for KEY foo OUTOFBAND and FAILED indicators.  It's
    1730             :          harmless to ignore them, but ignoring them does make gpg
    1731             :          complain about "no valid OpenPGP data found".  One way to do
    1732             :          this could be to continue parsing this line-by-line and make
    1733             :          a temp iobuf for each key.  Note that we don't allow the
    1734             :          import of secret keys from a keyserver.  Keyservers should
    1735             :          never accept or send them but we better protect against rogue
    1736             :          keyservers. */
    1737             : 
    1738           0 :       screenerarg.desc = desc;
    1739           0 :       screenerarg.ndesc = *r_ndesc_used;
    1740           0 :       import_keys_es_stream (ctrl, datastream, stats_handle,
    1741             :                              r_fpr, r_fprlen,
    1742           0 :                              (opt.keyserver_options.import_options
    1743             :                               | IMPORT_NO_SECKEY),
    1744             :                              keyserver_retrieval_screener, &screenerarg);
    1745             :     }
    1746           0 :   es_fclose (datastream);
    1747           0 :   xfree (source);
    1748             : 
    1749           0 :   return err;
    1750             : }
    1751             : 
    1752             : 
    1753             : /* Retrieve a key from a keyserver.  The search pattern are in
    1754             :    (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
    1755             :    exact searches.  OVERRIDE_KEYSERVER gives an optional override
    1756             :    keyserver. If (R_FPR,R_FPRLEN) are not NULL, they may return the
    1757             :    fingerprint of a single imported key.  */
    1758             : static gpg_error_t
    1759           0 : keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
    1760             :                struct keyserver_spec *override_keyserver,
    1761             :                unsigned char **r_fpr, size_t *r_fprlen)
    1762             : {
    1763             :   gpg_error_t err;
    1764             :   import_stats_t stats_handle;
    1765             :   int ndesc_used;
    1766           0 :   int any_good = 0;
    1767             : 
    1768           0 :   stats_handle = import_new_stats_handle();
    1769             : 
    1770             :   for (;;)
    1771             :     {
    1772           0 :       err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
    1773             :                                  override_keyserver, r_fpr, r_fprlen);
    1774           0 :       if (!err)
    1775           0 :         any_good = 1;
    1776           0 :       if (err || ndesc_used >= ndesc)
    1777             :         break; /* Error or all processed.  */
    1778             :       /* Prepare for the next chunk.  */
    1779           0 :       desc += ndesc_used;
    1780           0 :       ndesc -= ndesc_used;
    1781           0 :     }
    1782             : 
    1783           0 :   if (any_good)
    1784           0 :     import_print_stats (stats_handle);
    1785             : 
    1786           0 :   import_release_stats_handle (stats_handle);
    1787           0 :   return err;
    1788             : }
    1789             : 
    1790             : 
    1791             : /* Send all keys specified by KEYSPECS to the configured keyserver.  */
    1792             : static gpg_error_t
    1793           0 : keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
    1794             : 
    1795             : {
    1796             :   gpg_error_t err;
    1797             :   strlist_t kspec;
    1798             :   char *ksurl;
    1799             : 
    1800           0 :   if (!keyspecs)
    1801           0 :     return 0;  /* Return success if the list is empty.  */
    1802             : 
    1803           0 :   if (gpg_dirmngr_ks_list (ctrl, &ksurl))
    1804             :     {
    1805           0 :       log_error (_("no keyserver known\n"));
    1806           0 :       return gpg_error (GPG_ERR_NO_KEYSERVER);
    1807             :     }
    1808             : 
    1809           0 :   for (kspec = keyspecs; kspec; kspec = kspec->next)
    1810             :     {
    1811             :       void *data;
    1812             :       size_t datalen;
    1813             :       kbnode_t keyblock;
    1814             : 
    1815           0 :       err = export_pubkey_buffer (ctrl, kspec->d,
    1816             :                                   opt.keyserver_options.export_options,
    1817             :                                   NULL,
    1818             :                                   &keyblock, &data, &datalen);
    1819           0 :       if (err)
    1820           0 :         log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
    1821             :       else
    1822             :         {
    1823           0 :           log_info (_("sending key %s to %s\n"),
    1824           0 :                     keystr (keyblock->pkt->pkt.public_key->keyid),
    1825           0 :                     ksurl?ksurl:"[?]");
    1826             : 
    1827           0 :           err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
    1828           0 :           release_kbnode (keyblock);
    1829           0 :           xfree (data);
    1830           0 :           if (err)
    1831             :             {
    1832           0 :               write_status_error ("keyserver_send", err);
    1833           0 :               log_error (_("keyserver send failed: %s\n"), gpg_strerror (err));
    1834             :             }
    1835             :         }
    1836             :     }
    1837             : 
    1838           0 :   xfree (ksurl);
    1839             : 
    1840           0 :   return err;
    1841             : 
    1842             : }
    1843             : 
    1844             : 
    1845             : /* Loop over all URLs in STRLIST and fetch the key at that URL.  Note
    1846             :    that the fetch operation ignores the configured keyservers and
    1847             :    instead directly retrieves the keys.  */
    1848             : int
    1849           0 : keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
    1850             : {
    1851             :   gpg_error_t err;
    1852             :   strlist_t sl;
    1853             :   estream_t datastream;
    1854           0 :   unsigned int save_options = opt.keyserver_options.import_options;
    1855             : 
    1856             :   /* Switch on fast-import, since fetch can handle more than one
    1857             :      import and we don't want each set to rebuild the trustdb.
    1858             :      Instead we do it once at the end. */
    1859           0 :   opt.keyserver_options.import_options |= IMPORT_FAST;
    1860             : 
    1861           0 :   for (sl=urilist; sl; sl=sl->next)
    1862             :     {
    1863           0 :       if (!opt.quiet)
    1864           0 :         log_info (_("requesting key from '%s'\n"), sl->d);
    1865             : 
    1866           0 :       err = gpg_dirmngr_ks_fetch (ctrl, sl->d, &datastream);
    1867           0 :       if (!err)
    1868             :         {
    1869             :           import_stats_t stats_handle;
    1870             : 
    1871           0 :           stats_handle = import_new_stats_handle();
    1872           0 :           import_keys_es_stream (ctrl, datastream, stats_handle, NULL, NULL,
    1873             :                                  opt.keyserver_options.import_options,
    1874             :                                  NULL, NULL);
    1875             : 
    1876           0 :           import_print_stats (stats_handle);
    1877           0 :           import_release_stats_handle (stats_handle);
    1878             :         }
    1879             :       else
    1880           0 :         log_info (_("WARNING: unable to fetch URI %s: %s\n"),
    1881           0 :                   sl->d, gpg_strerror (err));
    1882           0 :       es_fclose (datastream);
    1883             :     }
    1884             : 
    1885           0 :   opt.keyserver_options.import_options = save_options;
    1886             : 
    1887             :   /* If the original options didn't have fast import, and the trustdb
    1888             :      is dirty, rebuild. */
    1889           0 :   if (!(opt.keyserver_options.import_options&IMPORT_FAST))
    1890           0 :     check_or_update_trustdb (ctrl);
    1891             : 
    1892           0 :   return 0;
    1893             : }
    1894             : 
    1895             : 
    1896             : /* Import key in a CERT or pointed to by a CERT.  In DANE_MODE fetch
    1897             :    the certificate using the DANE method.  */
    1898             : int
    1899           0 : keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
    1900             :                        unsigned char **fpr,size_t *fpr_len)
    1901             : {
    1902             :   gpg_error_t err;
    1903             :   char *look,*url;
    1904             :   estream_t key;
    1905             : 
    1906           0 :   look = xstrdup(name);
    1907             : 
    1908           0 :   if (!dane_mode)
    1909             :     {
    1910           0 :       char *domain = strrchr (look,'@');
    1911           0 :       if (domain)
    1912           0 :         *domain='.';
    1913             :     }
    1914             : 
    1915           0 :   err = gpg_dirmngr_dns_cert (ctrl, look, dane_mode? NULL : "*",
    1916             :                               &key, fpr, fpr_len, &url);
    1917           0 :   if (err)
    1918             :     ;
    1919           0 :   else if (key)
    1920             :     {
    1921           0 :       int armor_status=opt.no_armor;
    1922             : 
    1923             :       /* CERTs and DANE records are always in binary format */
    1924           0 :       opt.no_armor=1;
    1925             : 
    1926           0 :       err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
    1927           0 :                                    (opt.keyserver_options.import_options
    1928             :                                     | IMPORT_NO_SECKEY),
    1929             :                                    NULL, NULL);
    1930             : 
    1931           0 :       opt.no_armor=armor_status;
    1932             : 
    1933           0 :       es_fclose (key);
    1934           0 :       key = NULL;
    1935             :     }
    1936           0 :   else if (*fpr)
    1937             :     {
    1938             :       /* We only consider the IPGP type if a fingerprint was provided.
    1939             :          This lets us select the right key regardless of what a URL
    1940             :          points to, or get the key from a keyserver. */
    1941           0 :       if(url)
    1942             :         {
    1943             :           struct keyserver_spec *spec;
    1944             : 
    1945           0 :           spec = parse_keyserver_uri (url, 1);
    1946           0 :           if(spec)
    1947             :             {
    1948           0 :               err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,spec);
    1949           0 :               free_keyserver_spec(spec);
    1950             :             }
    1951             :         }
    1952           0 :       else if (keyserver_any_configured (ctrl))
    1953             :         {
    1954             :           /* If only a fingerprint is provided, try and fetch it from
    1955             :              the configured keyserver. */
    1956             : 
    1957           0 :           err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
    1958             :         }
    1959             :       else
    1960           0 :         log_info(_("no keyserver known\n"));
    1961             : 
    1962             :       /* Give a better string here? "CERT fingerprint for \"%s\"
    1963             :          found, but no keyserver" " known (use option
    1964             :          --keyserver)\n" ? */
    1965             : 
    1966             :     }
    1967             : 
    1968           0 :   xfree(url);
    1969           0 :   xfree(look);
    1970             : 
    1971           0 :   return err;
    1972             : }
    1973             : 
    1974             : /* Import key pointed to by a PKA record. Return the requested
    1975             :    fingerprint in fpr. */
    1976             : gpg_error_t
    1977           0 : keyserver_import_pka (ctrl_t ctrl, const char *name,
    1978             :                       unsigned char **fpr, size_t *fpr_len)
    1979             : {
    1980             :   gpg_error_t err;
    1981             :   char *url;
    1982             : 
    1983           0 :   err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url);
    1984           0 :   if (url && *url && fpr && fpr_len)
    1985             :     {
    1986             :       /* An URL is available.  Lookup the key. */
    1987             :       struct keyserver_spec *spec;
    1988           0 :       spec = parse_keyserver_uri (url, 1);
    1989           0 :       if (spec)
    1990             :         {
    1991           0 :           err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec);
    1992           0 :           free_keyserver_spec (spec);
    1993             :         }
    1994             :     }
    1995           0 :   xfree (url);
    1996             : 
    1997           0 :   if (err)
    1998             :     {
    1999           0 :       xfree(*fpr);
    2000           0 :       *fpr = NULL;
    2001           0 :       *fpr_len = 0;
    2002             :     }
    2003             : 
    2004           0 :   return err;
    2005             : }
    2006             : 
    2007             : 
    2008             : /* Import a key using the Web Key Directory protocol.  */
    2009             : gpg_error_t
    2010           0 : keyserver_import_wkd (ctrl_t ctrl, const char *name,
    2011             :                       unsigned char **fpr, size_t *fpr_len)
    2012             : {
    2013             :   gpg_error_t err;
    2014             :   estream_t key;
    2015             : 
    2016           0 :   err = gpg_dirmngr_wkd_get (ctrl, name, &key);
    2017           0 :   if (err)
    2018             :     ;
    2019           0 :   else if (key)
    2020             :     {
    2021           0 :       int armor_status = opt.no_armor;
    2022             : 
    2023             :       /* Keys returned via WKD are in binary format. */
    2024           0 :       opt.no_armor = 1;
    2025             : 
    2026           0 :       err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
    2027           0 :                                    (opt.keyserver_options.import_options
    2028             :                                     | IMPORT_NO_SECKEY),
    2029             :                                    NULL, NULL);
    2030             : 
    2031           0 :       opt.no_armor = armor_status;
    2032             : 
    2033           0 :       es_fclose (key);
    2034           0 :       key = NULL;
    2035             :     }
    2036             : 
    2037           0 :   return err;
    2038             : }
    2039             : 
    2040             : 
    2041             : /* Import a key by name using LDAP */
    2042             : int
    2043           0 : keyserver_import_ldap (ctrl_t ctrl,
    2044             :                        const char *name, unsigned char **fpr, size_t *fprlen)
    2045             : {
    2046             :   (void)ctrl;
    2047             :   (void)name;
    2048             :   (void)fpr;
    2049             :   (void)fprlen;
    2050           0 :   return gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
    2051             : #if 0
    2052             :   char *domain;
    2053             :   struct keyserver_spec *keyserver;
    2054             :   strlist_t list=NULL;
    2055             :   int rc,hostlen=1;
    2056             : #ifdef USE_DNS_SRV
    2057             :   struct srventry *srvlist=NULL;
    2058             :   int srvcount,i;
    2059             :   char srvname[MAXDNAME];
    2060             : #endif
    2061             : 
    2062             :   /* Parse out the domain */
    2063             :   domain=strrchr(name,'@');
    2064             :   if(!domain)
    2065             :     return GPG_ERR_GENERAL;
    2066             : 
    2067             :   domain++;
    2068             : 
    2069             :   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
    2070             :   keyserver->scheme=xstrdup("ldap");
    2071             :   keyserver->host=xmalloc(1);
    2072             :   keyserver->host[0]='\0';
    2073             : 
    2074             : #ifdef USE_DNS_SRV
    2075             :   snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
    2076             : 
    2077             :   FIXME("network related - move to dirmngr or drop the code");
    2078             :   srvcount=getsrv(srvname,&srvlist);
    2079             : 
    2080             :   for(i=0;i<srvcount;i++)
    2081             :     {
    2082             :       hostlen+=strlen(srvlist[i].target)+1;
    2083             :       keyserver->host=xrealloc(keyserver->host,hostlen);
    2084             : 
    2085             :       strcat(keyserver->host,srvlist[i].target);
    2086             : 
    2087             :       if(srvlist[i].port!=389)
    2088             :         {
    2089             :           char port[7];
    2090             : 
    2091             :           hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
    2092             :           keyserver->host=xrealloc(keyserver->host,hostlen);
    2093             : 
    2094             :           snprintf(port,7,":%u",srvlist[i].port);
    2095             :           strcat(keyserver->host,port);
    2096             :         }
    2097             : 
    2098             :       strcat(keyserver->host," ");
    2099             :     }
    2100             : 
    2101             :   free(srvlist);
    2102             : #endif
    2103             : 
    2104             :   /* If all else fails, do the PGP Universal trick of
    2105             :      ldap://keys.(domain) */
    2106             : 
    2107             :   hostlen+=5+strlen(domain);
    2108             :   keyserver->host=xrealloc(keyserver->host,hostlen);
    2109             :   strcat(keyserver->host,"keys.");
    2110             :   strcat(keyserver->host,domain);
    2111             : 
    2112             :   append_to_strlist(&list,name);
    2113             : 
    2114             :   rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
    2115             :        /* keyserver_work (ctrl, KS_GETNAME, list, NULL, */
    2116             :        /*                 0, fpr, fpr_len, keyserver); */
    2117             : 
    2118             :   free_strlist(list);
    2119             : 
    2120             :   free_keyserver_spec(keyserver);
    2121             : 
    2122             :   return rc;
    2123             : #endif
    2124             : }

Generated by: LCOV version 1.11