Line data Source code
1 : /* keyserver.c - generic keyserver code
2 : * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3 : * 2009, 2011, 2012 Free Software Foundation, Inc.
4 : * Copyright (C) 2014 Werner Koch
5 : *
6 : * This file is part of GnuPG.
7 : *
8 : * GnuPG is free software; you can redistribute it and/or modify
9 : * it under the terms of the GNU General Public License as published by
10 : * the Free Software Foundation; either version 3 of the License, or
11 : * (at your option) any later version.
12 : *
13 : * GnuPG is distributed in the hope that it will be useful,
14 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : * GNU General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU General Public License
19 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include <config.h>
23 : #include <ctype.h>
24 : #include <stdio.h>
25 : #include <string.h>
26 : #include <stdlib.h>
27 : #include <assert.h>
28 : #include <errno.h>
29 :
30 : #include "gpg.h"
31 : #include "iobuf.h"
32 : #include "filter.h"
33 : #include "keydb.h"
34 : #include "status.h"
35 : #include "exec.h"
36 : #include "main.h"
37 : #include "i18n.h"
38 : #include "ttyio.h"
39 : #include "options.h"
40 : #include "packet.h"
41 : #include "trustdb.h"
42 : #include "keyserver-internal.h"
43 : #include "util.h"
44 : #include "membuf.h"
45 : #include "call-dirmngr.h"
46 :
47 : #ifdef HAVE_W32_SYSTEM
48 : /* It seems Vista doesn't grok X_OK and so fails access() tests.
49 : Previous versions interpreted X_OK as F_OK anyway, so we'll just
50 : use F_OK directly. */
51 : #undef X_OK
52 : #define X_OK F_OK
53 : #endif /* HAVE_W32_SYSTEM */
54 :
55 : struct keyrec
56 : {
57 : KEYDB_SEARCH_DESC desc;
58 : u32 createtime,expiretime;
59 : int size,flags;
60 : byte type;
61 : IOBUF uidbuf;
62 : unsigned int lines;
63 : };
64 :
65 : /* Parameters for the search line handler. */
66 : struct search_line_handler_parm_s
67 : {
68 : ctrl_t ctrl; /* The session control structure. */
69 : char *searchstr_disp; /* Native encoded search string or NULL. */
70 : KEYDB_SEARCH_DESC *desc; /* Array with search descriptions. */
71 : int count; /* Number of keys we are currently prepared to
72 : handle. This is the size of the DESC array. If
73 : it is too small, it will grow safely. */
74 : int validcount; /* Enable the "Key x-y of z" messages. */
75 : int nkeys; /* Number of processed records. */
76 : int any_lines; /* At least one line has been processed. */
77 : unsigned int numlines; /* Counter for displayed lines. */
78 : int eof_seen; /* EOF encountered. */
79 : int not_found; /* Set if no keys have been found. */
80 : };
81 :
82 :
83 : enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
84 :
85 : static struct parse_options keyserver_opts[]=
86 : {
87 : /* some of these options are not real - just for the help
88 : message */
89 : {"max-cert-size",0,NULL,NULL}, /* MUST be the first in this array! */
90 : {"http-proxy", KEYSERVER_HTTP_PROXY, NULL, /* MUST be the second! */
91 : N_("override proxy options set for dirmngr")},
92 :
93 : {"include-revoked",0,NULL,N_("include revoked keys in search results")},
94 : {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
95 : {"timeout", KEYSERVER_TIMEOUT, NULL,
96 : N_("override timeout options set for dirmngr")},
97 : {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
98 : NULL},
99 : {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
100 : N_("automatically retrieve keys when verifying signatures")},
101 : {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
102 : N_("honor the preferred keyserver URL set on the key")},
103 : {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
104 : N_("honor the PKA record set on a key when retrieving keys")},
105 : {NULL,0,NULL,NULL}
106 : };
107 :
108 : static gpg_error_t keyserver_get (ctrl_t ctrl,
109 : KEYDB_SEARCH_DESC *desc, int ndesc,
110 : struct keyserver_spec *override_keyserver,
111 : unsigned char **r_fpr, size_t *r_fprlen);
112 : static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
113 : struct keyserver_spec *keyserver);
114 :
115 :
116 : /* Reasonable guess. The commonly used test key simon.josefsson.org
117 : is larger than 32k, thus we need at least this value. */
118 : #define DEFAULT_MAX_CERT_SIZE 65536
119 :
120 : static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
121 :
122 :
123 : static void
124 0 : warn_kshelper_option(char *option, int noisy)
125 : {
126 : char *p;
127 :
128 0 : if ((p=strchr (option, '=')))
129 0 : *p = 0;
130 :
131 0 : if (!strcmp (option, "ca-cert-file"))
132 0 : log_info ("keyserver option '%s' is obsolete; please use "
133 : "'%s' in dirmngr.conf\n",
134 : "ca-cert-file", "hkp-cacert");
135 0 : else if (!strcmp (option, "check-cert")
136 0 : || !strcmp (option, "broken-http-proxy"))
137 0 : log_info ("keyserver option '%s' is obsolete\n", option);
138 0 : else if (noisy || opt.verbose)
139 0 : log_info ("keyserver option '%s' is unknown\n", option);
140 0 : }
141 :
142 :
143 : /* Called from main to parse the args for --keyserver-options. */
144 : int
145 0 : parse_keyserver_options(char *options)
146 : {
147 0 : int ret=1;
148 : char *tok;
149 0 : char *max_cert=NULL;
150 :
151 0 : keyserver_opts[0].value=&max_cert;
152 0 : keyserver_opts[1].value=&opt.keyserver_options.http_proxy;
153 :
154 0 : while((tok=optsep(&options)))
155 : {
156 0 : if(tok[0]=='\0')
157 0 : continue;
158 :
159 : /* We accept quite a few possible options here - some options to
160 : handle specially, the keyserver_options list, and import and
161 : export options that pertain to keyserver operations. */
162 :
163 0 : if (!parse_options (tok,&opt.keyserver_options.options, keyserver_opts,0)
164 0 : && !parse_import_options(tok,&opt.keyserver_options.import_options,0)
165 0 : && !parse_export_options(tok,&opt.keyserver_options.export_options,0))
166 : {
167 : /* All of the standard options have failed, so the option was
168 : destined for a keyserver plugin as used by GnuPG < 2.1 */
169 0 : warn_kshelper_option (tok, 1);
170 : }
171 : }
172 :
173 0 : if(max_cert)
174 : {
175 0 : max_cert_size=strtoul(max_cert,(char **)NULL,10);
176 :
177 0 : if(max_cert_size==0)
178 0 : max_cert_size=DEFAULT_MAX_CERT_SIZE;
179 : }
180 :
181 0 : return ret;
182 : }
183 :
184 :
185 : void
186 0 : free_keyserver_spec(struct keyserver_spec *keyserver)
187 : {
188 0 : xfree(keyserver->uri);
189 0 : xfree(keyserver->scheme);
190 0 : xfree(keyserver->auth);
191 0 : xfree(keyserver->host);
192 0 : xfree(keyserver->port);
193 0 : xfree(keyserver->path);
194 0 : xfree(keyserver->opaque);
195 0 : free_strlist(keyserver->options);
196 0 : xfree(keyserver);
197 0 : }
198 :
199 : /* Return 0 for match */
200 : static int
201 0 : cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
202 : {
203 0 : if(ascii_strcasecmp(one->scheme,two->scheme)==0)
204 : {
205 0 : if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
206 : {
207 0 : if((one->port && two->port
208 0 : && ascii_strcasecmp(one->port,two->port)==0)
209 0 : || (!one->port && !two->port))
210 0 : return 0;
211 : }
212 0 : else if(one->opaque && two->opaque
213 0 : && ascii_strcasecmp(one->opaque,two->opaque)==0)
214 0 : return 0;
215 : }
216 :
217 0 : return 1;
218 : }
219 :
220 : /* Try and match one of our keyservers. If we can, return that. If
221 : we can't, return our input. */
222 : struct keyserver_spec *
223 0 : keyserver_match(struct keyserver_spec *spec)
224 : {
225 : struct keyserver_spec *ks;
226 :
227 0 : for(ks=opt.keyserver;ks;ks=ks->next)
228 0 : if(cmp_keyserver_spec(spec,ks)==0)
229 0 : return ks;
230 :
231 0 : return spec;
232 : }
233 :
234 : /* TODO: once we cut over to an all-curl world, we don't need this
235 : parser any longer so it can be removed, or at least moved to
236 : keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
237 :
238 : keyserver_spec_t
239 0 : parse_keyserver_uri (const char *string,int require_scheme)
240 : {
241 0 : int assume_hkp=0;
242 : struct keyserver_spec *keyserver;
243 : const char *idx;
244 : int count;
245 : char *uri,*options;
246 :
247 0 : assert(string!=NULL);
248 :
249 0 : keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
250 :
251 0 : uri=xstrdup(string);
252 :
253 0 : options=strchr(uri,' ');
254 0 : if(options)
255 : {
256 : char *tok;
257 :
258 0 : *options='\0';
259 0 : options++;
260 :
261 0 : while((tok=optsep(&options)))
262 0 : warn_kshelper_option (tok, 0);
263 : }
264 :
265 : /* Get the scheme */
266 :
267 0 : for(idx=uri,count=0;*idx && *idx!=':';idx++)
268 : {
269 0 : count++;
270 :
271 : /* Do we see the start of an RFC-2732 ipv6 address here? If so,
272 : there clearly isn't a scheme so get out early. */
273 0 : if(*idx=='[')
274 : {
275 : /* Was the '[' the first thing in the string? If not, we
276 : have a mangled scheme with a [ in it so fail. */
277 0 : if(count==1)
278 0 : break;
279 : else
280 0 : goto fail;
281 : }
282 : }
283 :
284 0 : if(count==0)
285 0 : goto fail;
286 :
287 0 : if(*idx=='\0' || *idx=='[')
288 : {
289 0 : if(require_scheme)
290 0 : return NULL;
291 :
292 : /* Assume HKP if there is no scheme */
293 0 : assume_hkp=1;
294 0 : keyserver->scheme=xstrdup("hkp");
295 :
296 0 : keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
297 0 : strcpy(keyserver->uri,keyserver->scheme);
298 0 : strcat(keyserver->uri,"://");
299 0 : strcat(keyserver->uri,uri);
300 : }
301 : else
302 : {
303 : int i;
304 :
305 0 : keyserver->uri=xstrdup(uri);
306 :
307 0 : keyserver->scheme=xmalloc(count+1);
308 :
309 : /* Force to lowercase */
310 0 : for(i=0;i<count;i++)
311 0 : keyserver->scheme[i]=ascii_tolower(uri[i]);
312 :
313 0 : keyserver->scheme[i]='\0';
314 :
315 : /* Skip past the scheme and colon */
316 0 : uri+=count+1;
317 : }
318 :
319 0 : if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
320 : {
321 0 : log_info ("keyserver option '%s' is obsolete\n",
322 : "x-broken-hkp");
323 : }
324 0 : else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
325 : {
326 : /* Canonicalize this to "hkp" so it works with both the internal
327 : and external keyserver interface. */
328 0 : xfree(keyserver->scheme);
329 0 : keyserver->scheme=xstrdup("hkp");
330 : }
331 :
332 0 : if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
333 : {
334 : /* Three slashes means network path with a default host name.
335 : This is a hack because it does not crok all possible
336 : combiantions. We should better repalce all code bythe parser
337 : from http.c. */
338 0 : keyserver->path = xstrdup (uri+2);
339 : }
340 0 : else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
341 : {
342 : /* Two slashes means network path. */
343 :
344 : /* Skip over the "//", if any */
345 0 : if(!assume_hkp)
346 0 : uri+=2;
347 :
348 : /* Do we have userinfo auth data present? */
349 0 : for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
350 0 : count++;
351 :
352 : /* We found a @ before the slash, so that means everything
353 : before the @ is auth data. */
354 0 : if(*idx=='@')
355 : {
356 0 : if(count==0)
357 0 : goto fail;
358 :
359 0 : keyserver->auth=xmalloc(count+1);
360 0 : strncpy(keyserver->auth,uri,count);
361 0 : keyserver->auth[count]='\0';
362 0 : uri+=count+1;
363 : }
364 :
365 : /* Is it an RFC-2732 ipv6 [literal address] ? */
366 0 : if(*uri=='[')
367 : {
368 0 : for(idx=uri+1,count=1;*idx
369 0 : && ((isascii (*idx) && isxdigit(*idx))
370 0 : || *idx==':' || *idx=='.');idx++)
371 0 : count++;
372 :
373 : /* Is the ipv6 literal address terminated? */
374 0 : if(*idx==']')
375 0 : count++;
376 : else
377 0 : goto fail;
378 : }
379 : else
380 0 : for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
381 0 : count++;
382 :
383 0 : if(count==0)
384 0 : goto fail;
385 :
386 0 : keyserver->host=xmalloc(count+1);
387 0 : strncpy(keyserver->host,uri,count);
388 0 : keyserver->host[count]='\0';
389 :
390 : /* Skip past the host */
391 0 : uri+=count;
392 :
393 0 : if(*uri==':')
394 : {
395 : /* It would seem to be reasonable to limit the range of the
396 : ports to values between 1-65535, but RFC 1738 and 1808
397 : imply there is no limit. Of course, the real world has
398 : limits. */
399 :
400 0 : for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
401 : {
402 0 : count++;
403 :
404 : /* Ports are digits only */
405 0 : if(!digitp(idx))
406 : goto fail;
407 : }
408 :
409 0 : keyserver->port=xmalloc(count+1);
410 0 : strncpy(keyserver->port,uri+1,count);
411 0 : keyserver->port[count]='\0';
412 :
413 : /* Skip past the colon and port number */
414 0 : uri+=1+count;
415 : }
416 :
417 : /* Everything else is the path */
418 0 : if(*uri)
419 0 : keyserver->path=xstrdup(uri);
420 : else
421 0 : keyserver->path=xstrdup("/");
422 :
423 0 : if(keyserver->path[1])
424 0 : keyserver->flags.direct_uri=1;
425 : }
426 0 : else if(uri[0]!='/')
427 : {
428 : /* No slash means opaque. Just record the opaque blob and get
429 : out. */
430 0 : keyserver->opaque=xstrdup(uri);
431 : }
432 : else
433 : {
434 : /* One slash means absolute path. We don't need to support that
435 : yet. */
436 0 : goto fail;
437 : }
438 :
439 0 : return keyserver;
440 :
441 : fail:
442 0 : free_keyserver_spec(keyserver);
443 :
444 0 : return NULL;
445 : }
446 :
447 : struct keyserver_spec *
448 0 : parse_preferred_keyserver(PKT_signature *sig)
449 : {
450 0 : struct keyserver_spec *spec=NULL;
451 : const byte *p;
452 : size_t plen;
453 :
454 0 : p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
455 0 : if(p && plen)
456 : {
457 0 : byte *dupe=xmalloc(plen+1);
458 :
459 0 : memcpy(dupe,p,plen);
460 0 : dupe[plen]='\0';
461 0 : spec = parse_keyserver_uri (dupe, 1);
462 0 : xfree(dupe);
463 : }
464 :
465 0 : return spec;
466 : }
467 :
468 : static void
469 0 : print_keyrec(int number,struct keyrec *keyrec)
470 : {
471 : int i;
472 :
473 0 : iobuf_writebyte(keyrec->uidbuf,0);
474 0 : iobuf_flush_temp(keyrec->uidbuf);
475 0 : es_printf ("(%d)\t%s ", number, iobuf_get_temp_buffer (keyrec->uidbuf));
476 :
477 0 : if (keyrec->size>0)
478 0 : es_printf ("%d bit ", keyrec->size);
479 :
480 0 : if(keyrec->type)
481 : {
482 : const char *str;
483 :
484 0 : str = openpgp_pk_algo_name (keyrec->type);
485 :
486 0 : if (str && strcmp (str, "?"))
487 0 : es_printf ("%s ",str);
488 : else
489 0 : es_printf ("unknown ");
490 : }
491 :
492 0 : switch(keyrec->desc.mode)
493 : {
494 : /* If the keyserver helper gave us a short keyid, we have no
495 : choice but to use it. Do check --keyid-format to add a 0x if
496 : needed. */
497 : case KEYDB_SEARCH_MODE_SHORT_KID:
498 0 : es_printf ("key %s%08lX",
499 0 : (opt.keyid_format==KF_0xSHORT
500 0 : || opt.keyid_format==KF_0xLONG)?"0x":"",
501 0 : (ulong)keyrec->desc.u.kid[1]);
502 0 : break;
503 :
504 : /* However, if it gave us a long keyid, we can honor
505 : --keyid-format via keystr(). */
506 : case KEYDB_SEARCH_MODE_LONG_KID:
507 0 : es_printf ("key %s",keystr(keyrec->desc.u.kid));
508 0 : break;
509 :
510 : /* If it gave us a PGP 2.x fingerprint, not much we can do
511 : beyond displaying it. */
512 : case KEYDB_SEARCH_MODE_FPR16:
513 0 : es_printf ("key ");
514 0 : for(i=0;i<16;i++)
515 0 : es_printf ("%02X",keyrec->desc.u.fpr[i]);
516 0 : break;
517 :
518 : /* If we get a modern fingerprint, we have the most
519 : flexibility. */
520 : case KEYDB_SEARCH_MODE_FPR20:
521 : {
522 : u32 kid[2];
523 0 : keyid_from_fingerprint(keyrec->desc.u.fpr,20,kid);
524 0 : es_printf("key %s",keystr(kid));
525 : }
526 0 : break;
527 :
528 : default:
529 0 : BUG();
530 : break;
531 : }
532 :
533 0 : if(keyrec->createtime>0)
534 : {
535 0 : es_printf (", ");
536 0 : es_printf (_("created: %s"), strtimestamp(keyrec->createtime));
537 : }
538 :
539 0 : if(keyrec->expiretime>0)
540 : {
541 0 : es_printf (", ");
542 0 : es_printf (_("expires: %s"), strtimestamp(keyrec->expiretime));
543 : }
544 :
545 0 : if (keyrec->flags&1)
546 0 : es_printf (" (%s)", _("revoked"));
547 0 : if(keyrec->flags&2)
548 0 : es_printf (" (%s)", _("disabled"));
549 0 : if(keyrec->flags&4)
550 0 : es_printf (" (%s)", _("expired"));
551 :
552 0 : es_printf ("\n");
553 0 : }
554 :
555 : /* Returns a keyrec (which must be freed) once a key is complete, and
556 : NULL otherwise. Call with a NULL keystring once key parsing is
557 : complete to return any unfinished keys. */
558 : static struct keyrec *
559 0 : parse_keyrec(char *keystring)
560 : {
561 : /* FIXME: Remove the static and put the data into the parms we use
562 : for the caller anyway. */
563 : static struct keyrec *work=NULL;
564 0 : struct keyrec *ret=NULL;
565 : char *record;
566 : int i;
567 :
568 0 : if(keystring==NULL)
569 : {
570 0 : if(work==NULL)
571 0 : return NULL;
572 0 : else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
573 : {
574 0 : xfree(work);
575 0 : return NULL;
576 : }
577 : else
578 : {
579 0 : ret=work;
580 0 : work=NULL;
581 0 : return ret;
582 : }
583 : }
584 :
585 0 : if(work==NULL)
586 : {
587 0 : work=xmalloc_clear(sizeof(struct keyrec));
588 0 : work->uidbuf=iobuf_temp();
589 : }
590 :
591 0 : trim_trailing_ws (keystring, strlen (keystring));
592 :
593 0 : if((record=strsep(&keystring,":"))==NULL)
594 0 : return ret;
595 :
596 0 : if(ascii_strcasecmp("pub",record)==0)
597 : {
598 : char *tok;
599 : gpg_error_t err;
600 :
601 0 : if(work->desc.mode)
602 : {
603 0 : ret=work;
604 0 : work=xmalloc_clear(sizeof(struct keyrec));
605 0 : work->uidbuf=iobuf_temp();
606 : }
607 :
608 0 : if((tok=strsep(&keystring,":"))==NULL)
609 0 : return ret;
610 :
611 0 : err = classify_user_id (tok, &work->desc, 1);
612 0 : if (err || (work->desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
613 0 : && work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID
614 0 : && work->desc.mode != KEYDB_SEARCH_MODE_FPR16
615 0 : && work->desc.mode != KEYDB_SEARCH_MODE_FPR20))
616 : {
617 0 : work->desc.mode=KEYDB_SEARCH_MODE_NONE;
618 0 : return ret;
619 : }
620 :
621 : /* Note all items after this are optional. This allows us to
622 : have a pub line as simple as pub:keyid and nothing else. */
623 :
624 0 : work->lines++;
625 :
626 0 : if((tok=strsep(&keystring,":"))==NULL)
627 0 : return ret;
628 :
629 0 : work->type=atoi(tok);
630 :
631 0 : if((tok=strsep(&keystring,":"))==NULL)
632 0 : return ret;
633 :
634 0 : work->size=atoi(tok);
635 :
636 0 : if((tok=strsep(&keystring,":"))==NULL)
637 0 : return ret;
638 :
639 0 : if(atoi(tok)<=0)
640 0 : work->createtime=0;
641 : else
642 0 : work->createtime=atoi(tok);
643 :
644 0 : if((tok=strsep(&keystring,":"))==NULL)
645 0 : return ret;
646 :
647 0 : if(atoi(tok)<=0)
648 0 : work->expiretime=0;
649 : else
650 : {
651 0 : work->expiretime=atoi(tok);
652 : /* Force the 'e' flag on if this key is expired. */
653 0 : if(work->expiretime<=make_timestamp())
654 0 : work->flags|=4;
655 : }
656 :
657 0 : if((tok=strsep(&keystring,":"))==NULL)
658 0 : return ret;
659 :
660 0 : while(*tok)
661 0 : switch(*tok++)
662 : {
663 : case 'r':
664 : case 'R':
665 0 : work->flags|=1;
666 0 : break;
667 :
668 : case 'd':
669 : case 'D':
670 0 : work->flags|=2;
671 0 : break;
672 :
673 : case 'e':
674 : case 'E':
675 0 : work->flags|=4;
676 0 : break;
677 : }
678 : }
679 0 : else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
680 : {
681 : char *userid,*tok,*decoded;
682 :
683 0 : if((tok=strsep(&keystring,":"))==NULL)
684 0 : return ret;
685 :
686 0 : if(strlen(tok)==0)
687 0 : return ret;
688 :
689 0 : userid=tok;
690 :
691 : /* By definition, de-%-encoding is always smaller than the
692 : original string so we can decode in place. */
693 :
694 0 : i=0;
695 :
696 0 : while(*tok)
697 0 : if(tok[0]=='%' && tok[1] && tok[2])
698 0 : {
699 : int c;
700 :
701 0 : userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
702 0 : i++;
703 0 : tok+=3;
704 : }
705 : else
706 0 : userid[i++]=*tok++;
707 :
708 : /* We don't care about the other info provided in the uid: line
709 : since no keyserver supports marking userids with timestamps
710 : or revoked/expired/disabled yet. */
711 :
712 : /* No need to check for control characters, as utf8_to_native
713 : does this for us. */
714 :
715 0 : decoded=utf8_to_native(userid,i,0);
716 0 : if(strlen(decoded)>opt.screen_columns-10)
717 0 : decoded[opt.screen_columns-10]='\0';
718 0 : iobuf_writestr(work->uidbuf,decoded);
719 0 : xfree(decoded);
720 0 : iobuf_writestr(work->uidbuf,"\n\t");
721 0 : work->lines++;
722 : }
723 :
724 : /* Ignore any records other than "pri" and "uid" for easy future
725 : growth. */
726 :
727 0 : return ret;
728 : }
729 :
730 : /* Show a prompt and allow the user to select keys for retrieval. */
731 : static gpg_error_t
732 0 : show_prompt (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int numdesc,
733 : int count, const char *search)
734 : {
735 : gpg_error_t err;
736 0 : char *answer = NULL;
737 :
738 0 : es_fflush (es_stdout);
739 :
740 0 : if (count && opt.command_fd == -1)
741 : {
742 : static int from = 1;
743 0 : tty_printf ("Keys %d-%d of %d for \"%s\". ",
744 : from, numdesc, count, search);
745 0 : from = numdesc + 1;
746 : }
747 :
748 : again:
749 0 : err = 0;
750 0 : xfree (answer);
751 0 : answer = cpr_get_no_help ("keysearch.prompt",
752 0 : _("Enter number(s), N)ext, or Q)uit > "));
753 : /* control-d */
754 0 : if (answer[0]=='\x04')
755 : {
756 0 : tty_printf ("Q\n");
757 0 : answer[0] = 'q';
758 : }
759 :
760 0 : if (answer[0]=='q' || answer[0]=='Q')
761 0 : err = gpg_error (GPG_ERR_CANCELED);
762 0 : else if (atoi (answer) >= 1 && atoi (answer) <= numdesc)
763 : {
764 0 : char *split = answer;
765 : char *num;
766 : int numarray[50];
767 0 : int numidx = 0;
768 : int idx;
769 :
770 0 : while ((num = strsep (&split, " ,")))
771 0 : if (atoi (num) >= 1 && atoi (num) <= numdesc)
772 : {
773 0 : if (numidx >= DIM (numarray))
774 : {
775 0 : tty_printf ("Too many keys selected\n");
776 0 : goto again;
777 : }
778 0 : numarray[numidx++] = atoi (num);
779 : }
780 :
781 0 : if (!numidx)
782 0 : goto again;
783 :
784 : {
785 : KEYDB_SEARCH_DESC *selarray;
786 :
787 0 : selarray = xtrymalloc (numidx * sizeof *selarray);
788 0 : if (!selarray)
789 : {
790 0 : err = gpg_error_from_syserror ();
791 0 : goto leave;
792 : }
793 0 : for (idx = 0; idx < numidx; idx++)
794 0 : selarray[idx] = desc[numarray[idx]-1];
795 0 : err = keyserver_get (ctrl, selarray, numidx, NULL, NULL, NULL);
796 0 : xfree (selarray);
797 : }
798 : }
799 :
800 : leave:
801 0 : xfree (answer);
802 0 : return err;
803 : }
804 :
805 :
806 : /* This is a callback used by call-dirmngr.c to process the result of
807 : KS_SEARCH command. If SPECIAL is 0, LINE is the actual data line
808 : received with all escaping removed and guaranteed to be exactly one
809 : line with stripped LF; an EOF is indicated by LINE passed as NULL.
810 : If special is 1, the line contains the source of the information
811 : (usually an URL). LINE may be modified after return. */
812 : static gpg_error_t
813 0 : search_line_handler (void *opaque, int special, char *line)
814 : {
815 0 : struct search_line_handler_parm_s *parm = opaque;
816 0 : gpg_error_t err = 0;
817 : struct keyrec *keyrec;
818 :
819 0 : if (special == 1)
820 : {
821 0 : log_info ("data source: %s\n", line);
822 0 : return 0;
823 : }
824 0 : else if (special)
825 : {
826 0 : log_debug ("unknown value %d for special search callback", special);
827 0 : return 0;
828 : }
829 :
830 0 : if (parm->eof_seen && line)
831 : {
832 0 : log_debug ("ooops: unexpected data after EOF\n");
833 0 : line = NULL;
834 : }
835 :
836 : /* Print the received line. */
837 0 : if (opt.with_colons && line)
838 : {
839 0 : es_printf ("%s\n", line);
840 : }
841 :
842 : /* Look for an info: line. The only current info: values defined
843 : are the version and key count. */
844 0 : if (line && !parm->any_lines && !ascii_strncasecmp ("info:", line, 5))
845 : {
846 0 : char *str = line + 5;
847 : char *tok;
848 :
849 0 : if ((tok = strsep (&str, ":")))
850 : {
851 : int version;
852 :
853 0 : if (sscanf (tok, "%d", &version) !=1 )
854 0 : version = 1;
855 :
856 0 : if (version !=1 )
857 : {
858 0 : log_error (_("invalid keyserver protocol "
859 : "(us %d!=handler %d)\n"), 1, version);
860 0 : return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
861 : }
862 : }
863 :
864 0 : if ((tok = strsep (&str, ":"))
865 0 : && sscanf (tok, "%d", &parm->count) == 1)
866 : {
867 0 : if (!parm->count)
868 0 : parm->not_found = 1;/* Server indicated that no items follow. */
869 0 : else if (parm->count < 0)
870 0 : parm->count = 10; /* Bad value - assume something reasonable. */
871 : else
872 0 : parm->validcount = 1; /* COUNT seems to be okay. */
873 : }
874 :
875 0 : parm->any_lines = 1;
876 0 : return 0; /* Line processing finished. */
877 : }
878 :
879 : again:
880 0 : if (line)
881 0 : keyrec = parse_keyrec (line);
882 : else
883 : {
884 : /* Received EOF - flush data */
885 0 : parm->eof_seen = 1;
886 0 : keyrec = parse_keyrec (NULL);
887 0 : if (!keyrec)
888 : {
889 0 : if (!parm->nkeys)
890 0 : parm->not_found = 1; /* No keys at all. */
891 : else
892 : {
893 0 : if (parm->nkeys != parm->count)
894 0 : parm->validcount = 0;
895 :
896 0 : if (!(opt.with_colons && opt.batch))
897 : {
898 0 : err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
899 0 : parm->validcount? parm->count : 0,
900 0 : parm->searchstr_disp);
901 0 : return err;
902 : }
903 : }
904 : }
905 : }
906 :
907 : /* Save the key in the key array. */
908 0 : if (keyrec)
909 : {
910 : /* Allocate or enlarge the key array if needed. */
911 0 : if (!parm->desc)
912 : {
913 0 : if (parm->count < 1)
914 : {
915 0 : parm->count = 10;
916 0 : parm->validcount = 0;
917 : }
918 0 : parm->desc = xtrymalloc (parm->count * sizeof *parm->desc);
919 0 : if (!parm->desc)
920 : {
921 0 : err = gpg_error_from_syserror ();
922 0 : iobuf_close (keyrec->uidbuf);
923 0 : xfree (keyrec);
924 0 : return err;
925 : }
926 : }
927 0 : else if (parm->nkeys == parm->count)
928 : {
929 : /* Keyserver sent more keys than claimed in the info: line. */
930 : KEYDB_SEARCH_DESC *tmp;
931 0 : int newcount = parm->count + 10;
932 :
933 0 : tmp = xtryrealloc (parm->desc, newcount * sizeof *parm->desc);
934 0 : if (!tmp)
935 : {
936 0 : err = gpg_error_from_syserror ();
937 0 : iobuf_close (keyrec->uidbuf);
938 0 : xfree (keyrec);
939 0 : return err;
940 : }
941 0 : parm->count = newcount;
942 0 : parm->desc = tmp;
943 0 : parm->validcount = 0;
944 : }
945 :
946 0 : parm->desc[parm->nkeys] = keyrec->desc;
947 :
948 0 : if (!opt.with_colons)
949 : {
950 : /* SCREEN_LINES - 1 for the prompt. */
951 0 : if (parm->numlines + keyrec->lines > opt.screen_lines - 1)
952 : {
953 0 : err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
954 0 : parm->validcount ? parm->count:0,
955 0 : parm->searchstr_disp);
956 0 : if (err)
957 0 : return err;
958 0 : parm->numlines = 0;
959 : }
960 :
961 0 : print_keyrec (parm->nkeys+1, keyrec);
962 : }
963 :
964 0 : parm->numlines += keyrec->lines;
965 0 : iobuf_close (keyrec->uidbuf);
966 0 : xfree (keyrec);
967 :
968 0 : parm->any_lines = 1;
969 0 : parm->nkeys++;
970 :
971 : /* If we are here due to a flush after the EOF, run again for
972 : the last prompt. Fixme: Make this code better readable. */
973 0 : if (parm->eof_seen)
974 0 : goto again;
975 : }
976 :
977 0 : return 0;
978 : }
979 :
980 :
981 :
982 : int
983 0 : keyserver_export (ctrl_t ctrl, strlist_t users)
984 : {
985 : gpg_error_t err;
986 0 : strlist_t sl=NULL;
987 : KEYDB_SEARCH_DESC desc;
988 0 : int rc=0;
989 :
990 : /* Weed out descriptors that we don't support sending */
991 0 : for(;users;users=users->next)
992 : {
993 0 : err = classify_user_id (users->d, &desc, 1);
994 0 : if (err || (desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
995 0 : && desc.mode != KEYDB_SEARCH_MODE_LONG_KID
996 0 : && desc.mode != KEYDB_SEARCH_MODE_FPR16
997 0 : && desc.mode != KEYDB_SEARCH_MODE_FPR20))
998 : {
999 0 : log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1000 0 : continue;
1001 : }
1002 : else
1003 0 : append_to_strlist(&sl,users->d);
1004 : }
1005 :
1006 0 : if(sl)
1007 : {
1008 0 : rc = keyserver_put (ctrl, sl, opt.keyserver);
1009 0 : free_strlist(sl);
1010 : }
1011 :
1012 0 : return rc;
1013 : }
1014 :
1015 :
1016 : /* Structure to convey the arg to keyserver_retrieval_screener. */
1017 : struct ks_retrieval_screener_arg_s
1018 : {
1019 : KEYDB_SEARCH_DESC *desc;
1020 : int ndesc;
1021 : };
1022 :
1023 :
1024 : /* Check whether a key matches the search description. The function
1025 : returns 0 if the key shall be imported. */
1026 : static gpg_error_t
1027 0 : keyserver_retrieval_screener (kbnode_t keyblock, void *opaque)
1028 : {
1029 0 : struct ks_retrieval_screener_arg_s *arg = opaque;
1030 0 : KEYDB_SEARCH_DESC *desc = arg->desc;
1031 0 : int ndesc = arg->ndesc;
1032 : kbnode_t node;
1033 : PKT_public_key *pk;
1034 : int n;
1035 : u32 keyid[2];
1036 : byte fpr[MAX_FINGERPRINT_LEN];
1037 0 : size_t fpr_len = 0;
1038 :
1039 : /* Secret keys are not expected from a keyserver. We do not
1040 : care about secret subkeys because the import code takes care
1041 : of skipping them. Not allowing an import of a public key
1042 : with a secret subkey would make it too easy to inhibit the
1043 : downloading of a public key. Recall that keyservers do only
1044 : limited checks. */
1045 0 : node = find_kbnode (keyblock, PKT_SECRET_KEY);
1046 0 : if (node)
1047 0 : return gpg_error (GPG_ERR_GENERAL); /* Do not import. */
1048 :
1049 0 : if (!ndesc)
1050 0 : return 0; /* Okay if no description given. */
1051 :
1052 : /* Loop over all key packets. */
1053 0 : for (node = keyblock; node; node = node->next)
1054 : {
1055 0 : if (node->pkt->pkttype != PKT_PUBLIC_KEY
1056 0 : && node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
1057 0 : continue;
1058 :
1059 0 : pk = node->pkt->pkt.public_key;
1060 0 : fingerprint_from_pk (pk, fpr, &fpr_len);
1061 0 : keyid_from_pk (pk, keyid);
1062 :
1063 : /* Compare requested and returned fingerprints if available. */
1064 0 : for (n = 0; n < ndesc; n++)
1065 : {
1066 0 : if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
1067 : {
1068 0 : if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
1069 0 : return 0;
1070 : }
1071 0 : else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
1072 : {
1073 0 : if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
1074 0 : return 0;
1075 : }
1076 0 : else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
1077 : {
1078 0 : if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
1079 0 : return 0;
1080 : }
1081 0 : else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
1082 : {
1083 0 : if (keyid[1] == desc[n].u.kid[1])
1084 0 : return 0;
1085 : }
1086 : else /* No keyid or fingerprint - can't check. */
1087 0 : return 0; /* allow import. */
1088 : }
1089 : }
1090 :
1091 0 : return gpg_error (GPG_ERR_GENERAL);
1092 : }
1093 :
1094 :
1095 : int
1096 0 : keyserver_import (ctrl_t ctrl, strlist_t users)
1097 : {
1098 : gpg_error_t err;
1099 : KEYDB_SEARCH_DESC *desc;
1100 0 : int num=100,count=0;
1101 0 : int rc=0;
1102 :
1103 : /* Build a list of key ids */
1104 0 : desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1105 :
1106 0 : for(;users;users=users->next)
1107 : {
1108 0 : err = classify_user_id (users->d, &desc[count], 1);
1109 0 : if (err || (desc[count].mode != KEYDB_SEARCH_MODE_SHORT_KID
1110 0 : && desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID
1111 0 : && desc[count].mode != KEYDB_SEARCH_MODE_FPR16
1112 0 : && desc[count].mode != KEYDB_SEARCH_MODE_FPR20))
1113 : {
1114 0 : log_error (_("\"%s\" not a key ID: skipping\n"), users->d);
1115 0 : continue;
1116 : }
1117 :
1118 0 : count++;
1119 0 : if(count==num)
1120 : {
1121 0 : num+=100;
1122 0 : desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1123 : }
1124 : }
1125 :
1126 0 : if(count>0)
1127 0 : rc=keyserver_get (ctrl, desc, count, NULL, NULL, NULL);
1128 :
1129 0 : xfree(desc);
1130 :
1131 0 : return rc;
1132 : }
1133 :
1134 :
1135 : /* Import all keys that exactly match NAME */
1136 : int
1137 0 : keyserver_import_name (ctrl_t ctrl, const char *name,
1138 : unsigned char **fpr, size_t *fprlen,
1139 : struct keyserver_spec *keyserver)
1140 : {
1141 : KEYDB_SEARCH_DESC desc;
1142 :
1143 0 : memset (&desc, 0, sizeof desc);
1144 :
1145 0 : desc.mode = KEYDB_SEARCH_MODE_EXACT;
1146 0 : desc.u.name = name;
1147 :
1148 0 : return keyserver_get (ctrl, &desc, 1, keyserver, fpr, fprlen);
1149 : }
1150 :
1151 :
1152 : int
1153 0 : keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
1154 : struct keyserver_spec *keyserver)
1155 : {
1156 : KEYDB_SEARCH_DESC desc;
1157 :
1158 0 : memset(&desc,0,sizeof(desc));
1159 :
1160 0 : if(fprint_len==16)
1161 0 : desc.mode=KEYDB_SEARCH_MODE_FPR16;
1162 0 : else if(fprint_len==20)
1163 0 : desc.mode=KEYDB_SEARCH_MODE_FPR20;
1164 : else
1165 0 : return -1;
1166 :
1167 0 : memcpy(desc.u.fpr,fprint,fprint_len);
1168 :
1169 : /* TODO: Warn here if the fingerprint we got doesn't match the one
1170 : we asked for? */
1171 0 : return keyserver_get (ctrl, &desc, 1, keyserver, NULL, NULL);
1172 : }
1173 :
1174 : int
1175 0 : keyserver_import_keyid (ctrl_t ctrl,
1176 : u32 *keyid,struct keyserver_spec *keyserver)
1177 : {
1178 : KEYDB_SEARCH_DESC desc;
1179 :
1180 0 : memset(&desc,0,sizeof(desc));
1181 :
1182 0 : desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1183 0 : desc.u.kid[0]=keyid[0];
1184 0 : desc.u.kid[1]=keyid[1];
1185 :
1186 0 : return keyserver_get (ctrl, &desc,1, keyserver, NULL, NULL);
1187 : }
1188 :
1189 : /* code mostly stolen from do_export_stream */
1190 : static int
1191 0 : keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1192 : {
1193 0 : int rc=0,ndesc,num=100;
1194 0 : KBNODE keyblock=NULL,node;
1195 : KEYDB_HANDLE kdbhd;
1196 : KEYDB_SEARCH_DESC *desc;
1197 : strlist_t sl;
1198 :
1199 0 : *count=0;
1200 :
1201 0 : *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1202 :
1203 0 : kdbhd = keydb_new ();
1204 0 : keydb_disable_caching (kdbhd); /* We are looping the search. */
1205 :
1206 0 : if(!users)
1207 : {
1208 0 : ndesc = 1;
1209 0 : desc = xmalloc_clear ( ndesc * sizeof *desc);
1210 0 : desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1211 : }
1212 : else
1213 : {
1214 0 : for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
1215 : ;
1216 0 : desc = xmalloc ( ndesc * sizeof *desc);
1217 :
1218 0 : for (ndesc=0, sl=users; sl; sl = sl->next)
1219 : {
1220 : gpg_error_t err;
1221 0 : if (!(err = classify_user_id (sl->d, desc+ndesc, 1)))
1222 0 : ndesc++;
1223 : else
1224 0 : log_error (_("key \"%s\" not found: %s\n"),
1225 0 : sl->d, gpg_strerror (err));
1226 : }
1227 : }
1228 :
1229 : for (;;)
1230 : {
1231 0 : rc = keydb_search (kdbhd, desc, ndesc, NULL);
1232 0 : if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY)
1233 0 : break; /* ready. */
1234 :
1235 0 : if (!users)
1236 0 : desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1237 :
1238 0 : if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1239 0 : continue;
1240 :
1241 : /* read the keyblock */
1242 0 : rc = keydb_get_keyblock (kdbhd, &keyblock );
1243 0 : if( rc )
1244 : {
1245 0 : if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1246 0 : continue;
1247 0 : log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
1248 0 : goto leave;
1249 : }
1250 :
1251 0 : if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1252 : {
1253 : /* This is to work around a bug in some keyservers (pksd and
1254 : OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1255 : The answer is to refresh both the correct v4 keyid
1256 : (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1257 : This only happens for key refresh using the HKP scheme
1258 : and if the refresh-add-fake-v3-keyids keyserver option is
1259 : set. */
1260 0 : if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1261 0 : node->pkt->pkt.public_key->version>=4)
1262 : {
1263 0 : (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1264 0 : v3_keyid (node->pkt->pkt.public_key->pkey[0],
1265 0 : (*klist)[*count].u.kid);
1266 0 : (*count)++;
1267 :
1268 0 : if(*count==num)
1269 : {
1270 0 : num+=100;
1271 0 : *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1272 : }
1273 : }
1274 :
1275 : /* v4 keys get full fingerprints. v3 keys get long keyids.
1276 : This is because it's easy to calculate any sort of keyid
1277 : from a v4 fingerprint, but not a v3 fingerprint. */
1278 :
1279 0 : if(node->pkt->pkt.public_key->version<4)
1280 : {
1281 0 : (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1282 0 : keyid_from_pk(node->pkt->pkt.public_key,
1283 0 : (*klist)[*count].u.kid);
1284 : }
1285 : else
1286 : {
1287 : size_t dummy;
1288 :
1289 0 : (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1290 0 : fingerprint_from_pk(node->pkt->pkt.public_key,
1291 0 : (*klist)[*count].u.fpr,&dummy);
1292 : }
1293 :
1294 : /* This is a little hackish, using the skipfncvalue as a
1295 : void* pointer to the keyserver spec, but we don't need
1296 : the skipfnc here, and it saves having an additional field
1297 : for this (which would be wasted space most of the
1298 : time). */
1299 :
1300 0 : (*klist)[*count].skipfncvalue=NULL;
1301 :
1302 : /* Are we honoring preferred keyservers? */
1303 0 : if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1304 : {
1305 0 : PKT_user_id *uid=NULL;
1306 0 : PKT_signature *sig=NULL;
1307 :
1308 0 : merge_keys_and_selfsig(keyblock);
1309 :
1310 0 : for(node=node->next;node;node=node->next)
1311 : {
1312 0 : if(node->pkt->pkttype==PKT_USER_ID
1313 0 : && node->pkt->pkt.user_id->is_primary)
1314 0 : uid=node->pkt->pkt.user_id;
1315 0 : else if(node->pkt->pkttype==PKT_SIGNATURE
1316 0 : && node->pkt->pkt.signature->
1317 0 : flags.chosen_selfsig && uid)
1318 : {
1319 0 : sig=node->pkt->pkt.signature;
1320 0 : break;
1321 : }
1322 : }
1323 :
1324 : /* Try and parse the keyserver URL. If it doesn't work,
1325 : then we end up writing NULL which indicates we are
1326 : the same as any other key. */
1327 0 : if(sig)
1328 0 : (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1329 : }
1330 :
1331 0 : (*count)++;
1332 :
1333 0 : if(*count==num)
1334 : {
1335 0 : num+=100;
1336 0 : *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1337 : }
1338 : }
1339 0 : }
1340 :
1341 0 : if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
1342 0 : rc = 0;
1343 :
1344 : leave:
1345 0 : if(rc)
1346 0 : xfree(*klist);
1347 0 : xfree(desc);
1348 0 : keydb_release(kdbhd);
1349 0 : release_kbnode(keyblock);
1350 :
1351 0 : return rc;
1352 : }
1353 :
1354 : /* Note this is different than the original HKP refresh. It allows
1355 : usernames to refresh only part of the keyring. */
1356 :
1357 : gpg_error_t
1358 0 : keyserver_refresh (ctrl_t ctrl, strlist_t users)
1359 : {
1360 : gpg_error_t err;
1361 : int count, numdesc;
1362 0 : int fakev3 = 0;
1363 : KEYDB_SEARCH_DESC *desc;
1364 0 : unsigned int options=opt.keyserver_options.import_options;
1365 :
1366 : /* We switch merge-only on during a refresh, as 'refresh' should
1367 : never import new keys, even if their keyids match. */
1368 0 : opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
1369 :
1370 : /* Similarly, we switch on fast-import, since refresh may make
1371 : multiple import sets (due to preferred keyserver URLs). We don't
1372 : want each set to rebuild the trustdb. Instead we do it once at
1373 : the end here. */
1374 0 : opt.keyserver_options.import_options|=IMPORT_FAST;
1375 :
1376 : /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1377 : scheme, then enable fake v3 keyid generation. */
1378 0 : if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1379 0 : && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1380 0 : ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1381 0 : fakev3=1;
1382 :
1383 0 : err = keyidlist (users, &desc, &numdesc, fakev3);
1384 0 : if (err)
1385 0 : return err;
1386 :
1387 0 : count=numdesc;
1388 0 : if(count>0)
1389 : {
1390 : int i;
1391 :
1392 : /* Try to handle preferred keyserver keys first */
1393 0 : for(i=0;i<numdesc;i++)
1394 : {
1395 0 : if(desc[i].skipfncvalue)
1396 : {
1397 0 : struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1398 :
1399 0 : if (!opt.quiet)
1400 0 : log_info (_("refreshing 1 key from %s\n"), keyserver->uri);
1401 :
1402 : /* We use the keyserver structure we parsed out before.
1403 : Note that a preferred keyserver without a scheme://
1404 : will be interpreted as hkp:// */
1405 0 : err = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
1406 0 : if (err)
1407 0 : log_info(_("WARNING: unable to refresh key %s"
1408 0 : " via %s: %s\n"),keystr_from_desc(&desc[i]),
1409 : keyserver->uri,gpg_strerror (err));
1410 : else
1411 : {
1412 : /* We got it, so mark it as NONE so we don't try and
1413 : get it again from the regular keyserver. */
1414 :
1415 0 : desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1416 0 : count--;
1417 : }
1418 :
1419 0 : free_keyserver_spec(keyserver);
1420 : }
1421 : }
1422 : }
1423 :
1424 0 : if(count>0)
1425 : {
1426 : char *tmpuri;
1427 :
1428 0 : err = gpg_dirmngr_ks_list (ctrl, &tmpuri);
1429 0 : if (!err)
1430 : {
1431 0 : if (!opt.quiet)
1432 : {
1433 0 : if(count==1)
1434 0 : log_info(_("refreshing 1 key from %s\n"), tmpuri);
1435 : else
1436 0 : log_info(_("refreshing %d keys from %s\n"), count, tmpuri);
1437 : }
1438 0 : xfree (tmpuri);
1439 :
1440 0 : err = keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
1441 : }
1442 : }
1443 :
1444 0 : xfree(desc);
1445 :
1446 0 : opt.keyserver_options.import_options=options;
1447 :
1448 : /* If the original options didn't have fast import, and the trustdb
1449 : is dirty, rebuild. */
1450 0 : if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1451 0 : check_or_update_trustdb ();
1452 :
1453 0 : return err;
1454 : }
1455 :
1456 :
1457 : /* Search for keys on the keyservers. The patterns are given in the
1458 : string list TOKENS. */
1459 : gpg_error_t
1460 0 : keyserver_search (ctrl_t ctrl, strlist_t tokens)
1461 : {
1462 : gpg_error_t err;
1463 : char *searchstr;
1464 : struct search_line_handler_parm_s parm;
1465 :
1466 0 : memset (&parm, 0, sizeof parm);
1467 :
1468 0 : if (!tokens)
1469 0 : return 0; /* Return success if no patterns are given. */
1470 :
1471 : /* Write global options */
1472 :
1473 : /* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
1474 : /* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
1475 :
1476 : /* Write per-keyserver options */
1477 :
1478 : /* for(temp=keyserver->options;temp;temp=temp->next) */
1479 : /* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
1480 :
1481 : {
1482 : membuf_t mb;
1483 : strlist_t item;
1484 :
1485 0 : init_membuf (&mb, 1024);
1486 0 : for (item = tokens; item; item = item->next)
1487 : {
1488 0 : if (item != tokens)
1489 0 : put_membuf (&mb, " ", 1);
1490 0 : put_membuf_str (&mb, item->d);
1491 : }
1492 0 : put_membuf (&mb, "", 1); /* Append Nul. */
1493 0 : searchstr = get_membuf (&mb, NULL);
1494 0 : if (!searchstr)
1495 : {
1496 0 : err = gpg_error_from_syserror ();
1497 0 : goto leave;
1498 : }
1499 : }
1500 : /* FIXME: Enable the next line */
1501 : /* log_info (_("searching for \"%s\" from %s\n"), searchstr, keyserver->uri); */
1502 :
1503 0 : parm.ctrl = ctrl;
1504 0 : if (searchstr)
1505 0 : parm.searchstr_disp = utf8_to_native (searchstr, strlen (searchstr), 0);
1506 :
1507 0 : err = gpg_dirmngr_ks_search (ctrl, searchstr, search_line_handler, &parm);
1508 :
1509 0 : if (parm.not_found)
1510 : {
1511 0 : if (parm.searchstr_disp)
1512 0 : log_info (_("key \"%s\" not found on keyserver\n"),
1513 : parm.searchstr_disp);
1514 : else
1515 0 : log_info (_("key not found on keyserver\n"));
1516 : }
1517 :
1518 0 : if (gpg_err_code (err) == GPG_ERR_NO_KEYSERVER)
1519 0 : log_error (_("no keyserver known (use option --keyserver)\n"));
1520 0 : else if (err)
1521 0 : log_error ("error searching keyserver: %s\n", gpg_strerror (err));
1522 :
1523 : /* switch(ret) */
1524 : /* { */
1525 : /* case KEYSERVER_SCHEME_NOT_FOUND: */
1526 : /* log_error(_("no handler for keyserver scheme '%s'\n"), */
1527 : /* opt.keyserver->scheme); */
1528 : /* break; */
1529 :
1530 : /* case KEYSERVER_NOT_SUPPORTED: */
1531 : /* log_error(_("action '%s' not supported with keyserver " */
1532 : /* "scheme '%s'\n"), "search", opt.keyserver->scheme); */
1533 : /* break; */
1534 :
1535 : /* case KEYSERVER_TIMEOUT: */
1536 : /* log_error(_("keyserver timed out\n")); */
1537 : /* break; */
1538 :
1539 : /* case KEYSERVER_INTERNAL_ERROR: */
1540 : /* default: */
1541 : /* log_error(_("keyserver internal error\n")); */
1542 : /* break; */
1543 : /* } */
1544 :
1545 : /* return gpg_error (GPG_ERR_KEYSERVER); */
1546 :
1547 :
1548 : leave:
1549 0 : xfree (parm.desc);
1550 0 : xfree (parm.searchstr_disp);
1551 0 : xfree(searchstr);
1552 :
1553 0 : return err;
1554 : }
1555 :
1556 : /* Helper for keyserver_get. Here we only receive a chunk of the
1557 : description to be processed in one batch. This is required due to
1558 : the limited number of patterns the dirmngr interface (KS_GET) can
1559 : grok and to limit the amount of temporary required memory. */
1560 : static gpg_error_t
1561 0 : keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
1562 : int *r_ndesc_used,
1563 : void *stats_handle,
1564 : struct keyserver_spec *override_keyserver,
1565 : unsigned char **r_fpr, size_t *r_fprlen)
1566 :
1567 : {
1568 0 : gpg_error_t err = 0;
1569 : char **pattern;
1570 : int idx, npat;
1571 : estream_t datastream;
1572 0 : char *source = NULL;
1573 : size_t linelen; /* Estimated linelen for KS_GET. */
1574 : size_t n;
1575 :
1576 : #define MAX_KS_GET_LINELEN 950 /* Somewhat lower than the real limit. */
1577 :
1578 0 : *r_ndesc_used = 0;
1579 :
1580 : /* Create an array filled with a search pattern for each key. The
1581 : array is delimited by a NULL entry. */
1582 0 : pattern = xtrycalloc (ndesc+1, sizeof *pattern);
1583 0 : if (!pattern)
1584 0 : return gpg_error_from_syserror ();
1585 :
1586 : /* Note that we break the loop as soon as our estimation of the to
1587 : be used line length reaches the limit. But we do this only if we
1588 : have processed at leas one search requests so that an overlong
1589 : single request will be rejected only later by gpg_dirmngr_ks_get
1590 : but we are sure that R_NDESC_USED has been updated. This avoids
1591 : a possible indefinite loop. */
1592 0 : linelen = 9; /* "KS_GET --" */
1593 0 : for (npat=idx=0; idx < ndesc; idx++)
1594 : {
1595 0 : int quiet = 0;
1596 :
1597 0 : if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
1598 0 : || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
1599 : {
1600 0 : n = 1+2+2*20;
1601 0 : if (idx && linelen + n > MAX_KS_GET_LINELEN)
1602 0 : break; /* Declare end of this chunk. */
1603 0 : linelen += n;
1604 :
1605 0 : pattern[npat] = xtrymalloc (n);
1606 0 : if (!pattern[npat])
1607 0 : err = gpg_error_from_syserror ();
1608 : else
1609 : {
1610 0 : strcpy (pattern[npat], "0x");
1611 0 : bin2hex (desc[idx].u.fpr,
1612 0 : desc[idx].mode == KEYDB_SEARCH_MODE_FPR20? 20 : 16,
1613 0 : pattern[npat]+2);
1614 0 : npat++;
1615 : }
1616 : }
1617 0 : else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
1618 : {
1619 0 : n = 1+2+16;
1620 0 : if (idx && linelen + n > MAX_KS_GET_LINELEN)
1621 0 : break; /* Declare end of this chunk. */
1622 0 : linelen += n;
1623 :
1624 0 : pattern[npat] = xtryasprintf ("0x%08lX%08lX",
1625 0 : (ulong)desc[idx].u.kid[0],
1626 0 : (ulong)desc[idx].u.kid[1]);
1627 0 : if (!pattern[npat])
1628 0 : err = gpg_error_from_syserror ();
1629 : else
1630 0 : npat++;
1631 : }
1632 0 : else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
1633 : {
1634 0 : n = 1+2+8;
1635 0 : if (idx && linelen + n > MAX_KS_GET_LINELEN)
1636 0 : break; /* Declare end of this chunk. */
1637 0 : linelen += n;
1638 :
1639 0 : pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
1640 0 : if (!pattern[npat])
1641 0 : err = gpg_error_from_syserror ();
1642 : else
1643 0 : npat++;
1644 : }
1645 0 : else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
1646 : {
1647 : /* The Dirmngr also uses classify_user_id to detect the type
1648 : of the search string. By adding the '=' prefix we force
1649 : Dirmngr's KS_GET to consider this an exact search string.
1650 : (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
1651 : KS_GETNAME command to indicate this.) */
1652 :
1653 0 : n = 1+1+strlen (desc[idx].u.name);
1654 0 : if (idx && linelen + n > MAX_KS_GET_LINELEN)
1655 0 : break; /* Declare end of this chunk. */
1656 0 : linelen += n;
1657 :
1658 0 : pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
1659 0 : if (!pattern[npat])
1660 0 : err = gpg_error_from_syserror ();
1661 : else
1662 : {
1663 0 : npat++;
1664 0 : quiet = 1;
1665 : }
1666 : }
1667 0 : else if (desc[idx].mode == KEYDB_SEARCH_MODE_NONE)
1668 0 : continue;
1669 : else
1670 0 : BUG();
1671 :
1672 0 : if (err)
1673 : {
1674 0 : for (idx=0; idx < npat; idx++)
1675 0 : xfree (pattern[idx]);
1676 0 : xfree (pattern);
1677 0 : return err;
1678 : }
1679 :
1680 0 : if (!quiet && override_keyserver)
1681 : {
1682 0 : if (override_keyserver->host)
1683 0 : log_info (_("requesting key %s from %s server %s\n"),
1684 0 : keystr_from_desc (&desc[idx]),
1685 : override_keyserver->scheme, override_keyserver->host);
1686 : else
1687 0 : log_info (_("requesting key %s from %s\n"),
1688 0 : keystr_from_desc (&desc[idx]), override_keyserver->uri);
1689 : }
1690 : }
1691 :
1692 : /* Remember now many of search items were considered. Note that
1693 : this is different from NPAT. */
1694 0 : *r_ndesc_used = idx;
1695 :
1696 0 : err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver,
1697 : &datastream, &source);
1698 0 : for (idx=0; idx < npat; idx++)
1699 0 : xfree (pattern[idx]);
1700 0 : xfree (pattern);
1701 0 : if (opt.verbose && source)
1702 0 : log_info ("data source: %s\n", source);
1703 :
1704 0 : if (!err)
1705 : {
1706 : struct ks_retrieval_screener_arg_s screenerarg;
1707 :
1708 : /* FIXME: Check whether this comment should be moved to dirmngr.
1709 :
1710 : Slurp up all the key data. In the future, it might be nice
1711 : to look for KEY foo OUTOFBAND and FAILED indicators. It's
1712 : harmless to ignore them, but ignoring them does make gpg
1713 : complain about "no valid OpenPGP data found". One way to do
1714 : this could be to continue parsing this line-by-line and make
1715 : a temp iobuf for each key. Note that we don't allow the
1716 : import of secret keys from a keyserver. Keyservers should
1717 : never accept or send them but we better protect against rogue
1718 : keyservers. */
1719 :
1720 0 : screenerarg.desc = desc;
1721 0 : screenerarg.ndesc = *r_ndesc_used;
1722 0 : import_keys_es_stream (ctrl, datastream, stats_handle,
1723 : r_fpr, r_fprlen,
1724 0 : (opt.keyserver_options.import_options
1725 : | IMPORT_NO_SECKEY),
1726 : keyserver_retrieval_screener, &screenerarg);
1727 : }
1728 0 : es_fclose (datastream);
1729 0 : xfree (source);
1730 :
1731 0 : return err;
1732 : }
1733 :
1734 :
1735 : /* Retrieve a key from a keyserver. The search pattern are in
1736 : (DESC,NDESC). Allowed search modes are keyid, fingerprint, and
1737 : exact searches. OVERRIDE_KEYSERVER gives an optional override
1738 : keyserver. If (R_FPR,R_FPRLEN) are not NULL, they may return the
1739 : fingerprint of a single imported key. */
1740 : static gpg_error_t
1741 0 : keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
1742 : struct keyserver_spec *override_keyserver,
1743 : unsigned char **r_fpr, size_t *r_fprlen)
1744 : {
1745 : gpg_error_t err;
1746 : void *stats_handle;
1747 : int ndesc_used;
1748 0 : int any_good = 0;
1749 :
1750 0 : stats_handle = import_new_stats_handle();
1751 :
1752 : for (;;)
1753 : {
1754 0 : err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
1755 : override_keyserver, r_fpr, r_fprlen);
1756 0 : if (!err)
1757 0 : any_good = 1;
1758 0 : if (err || ndesc_used >= ndesc)
1759 : break; /* Error or all processed. */
1760 : /* Prepare for the next chunk. */
1761 0 : desc += ndesc_used;
1762 0 : ndesc -= ndesc_used;
1763 0 : }
1764 :
1765 0 : if (any_good)
1766 0 : import_print_stats (stats_handle);
1767 :
1768 0 : import_release_stats_handle (stats_handle);
1769 0 : return err;
1770 : }
1771 :
1772 :
1773 : /* Send all keys specified by KEYSPECS to the KEYSERVERS. */
1774 : static gpg_error_t
1775 0 : keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
1776 : struct keyserver_spec *keyserver)
1777 :
1778 : {
1779 : gpg_error_t err;
1780 : strlist_t kspec;
1781 :
1782 0 : if (!keyspecs)
1783 0 : return 0; /* Return success if the list is empty. */
1784 :
1785 0 : if (!opt.keyserver)
1786 : {
1787 0 : log_error (_("no keyserver known (use option --keyserver)\n"));
1788 0 : return gpg_error (GPG_ERR_NO_KEYSERVER);
1789 : }
1790 :
1791 0 : for (kspec = keyspecs; kspec; kspec = kspec->next)
1792 : {
1793 : void *data;
1794 : size_t datalen;
1795 : kbnode_t keyblock;
1796 :
1797 0 : err = export_pubkey_buffer (ctrl, kspec->d,
1798 : opt.keyserver_options.export_options,
1799 : &keyblock, &data, &datalen);
1800 0 : if (err)
1801 0 : log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
1802 : else
1803 : {
1804 0 : if (keyserver->host)
1805 0 : log_info (_("sending key %s to %s server %s\n"),
1806 0 : keystr (keyblock->pkt->pkt.public_key->keyid),
1807 : keyserver->scheme, keyserver->host);
1808 : else
1809 0 : log_info (_("sending key %s to %s\n"),
1810 0 : keystr (keyblock->pkt->pkt.public_key->keyid),
1811 : keyserver->uri);
1812 :
1813 0 : err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
1814 0 : release_kbnode (keyblock);
1815 0 : xfree (data);
1816 0 : if (err)
1817 : {
1818 0 : write_status_error ("keyserver_send", err);
1819 0 : log_error (_("keyserver send failed: %s\n"), gpg_strerror (err));
1820 : }
1821 : }
1822 : }
1823 :
1824 :
1825 0 : return err;
1826 :
1827 : }
1828 :
1829 :
1830 : /* Loop over all URLs in STRLIST and fetch the key at that URL. Note
1831 : that the fetch operation ignores the configured key servers and
1832 : instead directly retrieves the keys. */
1833 : int
1834 0 : keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
1835 : {
1836 : gpg_error_t err;
1837 : strlist_t sl;
1838 : estream_t datastream;
1839 0 : unsigned int save_options = opt.keyserver_options.import_options;
1840 :
1841 : /* Switch on fast-import, since fetch can handle more than one
1842 : import and we don't want each set to rebuild the trustdb.
1843 : Instead we do it once at the end. */
1844 0 : opt.keyserver_options.import_options |= IMPORT_FAST;
1845 :
1846 0 : for (sl=urilist; sl; sl=sl->next)
1847 : {
1848 0 : if (!opt.quiet)
1849 0 : log_info (_("requesting key from '%s'\n"), sl->d);
1850 :
1851 0 : err = gpg_dirmngr_ks_fetch (ctrl, sl->d, &datastream);
1852 0 : if (!err)
1853 : {
1854 : void *stats_handle;
1855 :
1856 0 : stats_handle = import_new_stats_handle();
1857 0 : import_keys_es_stream (ctrl, datastream, stats_handle, NULL, NULL,
1858 : opt.keyserver_options.import_options,
1859 : NULL, NULL);
1860 :
1861 0 : import_print_stats (stats_handle);
1862 0 : import_release_stats_handle (stats_handle);
1863 : }
1864 : else
1865 0 : log_info (_("WARNING: unable to fetch URI %s: %s\n"),
1866 0 : sl->d, gpg_strerror (err));
1867 0 : es_fclose (datastream);
1868 : }
1869 :
1870 0 : opt.keyserver_options.import_options = save_options;
1871 :
1872 : /* If the original options didn't have fast import, and the trustdb
1873 : is dirty, rebuild. */
1874 0 : if (!(opt.keyserver_options.import_options&IMPORT_FAST))
1875 0 : check_or_update_trustdb ();
1876 :
1877 0 : return 0;
1878 : }
1879 :
1880 :
1881 : /* Import key in a CERT or pointed to by a CERT. In DANE_MODE fetch
1882 : the certificate using the DANE method. */
1883 : int
1884 0 : keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
1885 : unsigned char **fpr,size_t *fpr_len)
1886 : {
1887 : gpg_error_t err;
1888 : char *look,*url;
1889 : estream_t key;
1890 :
1891 0 : look = xstrdup(name);
1892 :
1893 0 : if (!dane_mode)
1894 : {
1895 0 : char *domain = strrchr (look,'@');
1896 0 : if (domain)
1897 0 : *domain='.';
1898 : }
1899 :
1900 0 : err = gpg_dirmngr_dns_cert (ctrl, look, dane_mode? NULL : "*",
1901 : &key, fpr, fpr_len, &url);
1902 0 : if (err)
1903 : ;
1904 0 : else if (key)
1905 : {
1906 0 : int armor_status=opt.no_armor;
1907 :
1908 : /* CERTs and DANE records are always in binary format */
1909 0 : opt.no_armor=1;
1910 :
1911 0 : err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
1912 0 : (opt.keyserver_options.import_options
1913 : | IMPORT_NO_SECKEY),
1914 : NULL, NULL);
1915 :
1916 0 : opt.no_armor=armor_status;
1917 :
1918 0 : es_fclose (key);
1919 0 : key = NULL;
1920 : }
1921 0 : else if (*fpr)
1922 : {
1923 : /* We only consider the IPGP type if a fingerprint was provided.
1924 : This lets us select the right key regardless of what a URL
1925 : points to, or get the key from a keyserver. */
1926 0 : if(url)
1927 : {
1928 : struct keyserver_spec *spec;
1929 :
1930 0 : spec = parse_keyserver_uri (url, 1);
1931 0 : if(spec)
1932 : {
1933 0 : err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,spec);
1934 0 : free_keyserver_spec(spec);
1935 : }
1936 : }
1937 0 : else if(opt.keyserver)
1938 : {
1939 : /* If only a fingerprint is provided, try and fetch it from
1940 : our --keyserver */
1941 :
1942 0 : err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
1943 : }
1944 : else
1945 0 : log_info(_("no keyserver known (use option --keyserver)\n"));
1946 :
1947 : /* Give a better string here? "CERT fingerprint for \"%s\"
1948 : found, but no keyserver" " known (use option
1949 : --keyserver)\n" ? */
1950 :
1951 : }
1952 :
1953 0 : xfree(url);
1954 0 : xfree(look);
1955 :
1956 0 : return err;
1957 : }
1958 :
1959 : /* Import key pointed to by a PKA record. Return the requested
1960 : fingerprint in fpr. */
1961 : gpg_error_t
1962 0 : keyserver_import_pka (ctrl_t ctrl, const char *name,
1963 : unsigned char **fpr, size_t *fpr_len)
1964 : {
1965 : gpg_error_t err;
1966 : char *url;
1967 :
1968 0 : err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url);
1969 0 : if (url && *url && fpr && fpr_len)
1970 : {
1971 : /* An URL is available. Lookup the key. */
1972 : struct keyserver_spec *spec;
1973 0 : spec = parse_keyserver_uri (url, 1);
1974 0 : if (spec)
1975 : {
1976 0 : err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec);
1977 0 : free_keyserver_spec (spec);
1978 : }
1979 : }
1980 0 : xfree (url);
1981 :
1982 0 : if (err)
1983 : {
1984 0 : xfree(*fpr);
1985 0 : *fpr = NULL;
1986 0 : *fpr_len = 0;
1987 : }
1988 :
1989 0 : return err;
1990 : }
1991 :
1992 :
1993 : /* Import a key by name using LDAP */
1994 : int
1995 0 : keyserver_import_ldap (ctrl_t ctrl,
1996 : const char *name, unsigned char **fpr, size_t *fprlen)
1997 : {
1998 : (void)ctrl;
1999 : (void)name;
2000 : (void)fpr;
2001 : (void)fprlen;
2002 0 : return gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
2003 : #if 0
2004 : char *domain;
2005 : struct keyserver_spec *keyserver;
2006 : strlist_t list=NULL;
2007 : int rc,hostlen=1;
2008 : #ifdef USE_DNS_SRV
2009 : struct srventry *srvlist=NULL;
2010 : int srvcount,i;
2011 : char srvname[MAXDNAME];
2012 : #endif
2013 :
2014 : /* Parse out the domain */
2015 : domain=strrchr(name,'@');
2016 : if(!domain)
2017 : return GPG_ERR_GENERAL;
2018 :
2019 : domain++;
2020 :
2021 : keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
2022 : keyserver->scheme=xstrdup("ldap");
2023 : keyserver->host=xmalloc(1);
2024 : keyserver->host[0]='\0';
2025 :
2026 : #ifdef USE_DNS_SRV
2027 : snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
2028 :
2029 : FIXME("network related - move to dirmngr or drop the code");
2030 : srvcount=getsrv(srvname,&srvlist);
2031 :
2032 : for(i=0;i<srvcount;i++)
2033 : {
2034 : hostlen+=strlen(srvlist[i].target)+1;
2035 : keyserver->host=xrealloc(keyserver->host,hostlen);
2036 :
2037 : strcat(keyserver->host,srvlist[i].target);
2038 :
2039 : if(srvlist[i].port!=389)
2040 : {
2041 : char port[7];
2042 :
2043 : hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
2044 : keyserver->host=xrealloc(keyserver->host,hostlen);
2045 :
2046 : snprintf(port,7,":%u",srvlist[i].port);
2047 : strcat(keyserver->host,port);
2048 : }
2049 :
2050 : strcat(keyserver->host," ");
2051 : }
2052 :
2053 : free(srvlist);
2054 : #endif
2055 :
2056 : /* If all else fails, do the PGP Universal trick of
2057 : ldap://keys.(domain) */
2058 :
2059 : hostlen+=5+strlen(domain);
2060 : keyserver->host=xrealloc(keyserver->host,hostlen);
2061 : strcat(keyserver->host,"keys.");
2062 : strcat(keyserver->host,domain);
2063 :
2064 : append_to_strlist(&list,name);
2065 :
2066 : rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
2067 : /* keyserver_work (ctrl, KS_GETNAME, list, NULL, */
2068 : /* 0, fpr, fpr_len, keyserver); */
2069 :
2070 : free_strlist(list);
2071 :
2072 : free_keyserver_spec(keyserver);
2073 :
2074 : return rc;
2075 : #endif
2076 : }
|
