Line data Source code
1 : /* keydb.c - key database dispatcher
2 : * Copyright (C) 2001-2013 Free Software Foundation, Inc.
3 : * Coyrright (C) 2001-2015 Werner Koch
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <errno.h>
26 : #include <sys/types.h>
27 : #include <sys/stat.h>
28 : #include <unistd.h>
29 :
30 : #include "gpg.h"
31 : #include "util.h"
32 : #include "options.h"
33 : #include "main.h" /*try_make_homedir ()*/
34 : #include "packet.h"
35 : #include "keyring.h"
36 : #include "../kbx/keybox.h"
37 : #include "keydb.h"
38 : #include "i18n.h"
39 :
40 : static int active_handles;
41 :
42 : typedef enum
43 : {
44 : KEYDB_RESOURCE_TYPE_NONE = 0,
45 : KEYDB_RESOURCE_TYPE_KEYRING,
46 : KEYDB_RESOURCE_TYPE_KEYBOX
47 : } KeydbResourceType;
48 : #define MAX_KEYDB_RESOURCES 40
49 :
50 : struct resource_item
51 : {
52 : KeydbResourceType type;
53 : union {
54 : KEYRING_HANDLE kr;
55 : KEYBOX_HANDLE kb;
56 : } u;
57 : void *token;
58 : };
59 :
60 : static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
61 : static int used_resources;
62 :
63 : /* A pointer used to check for the primary key database by comparing
64 : to the struct resource_item's TOKEN. */
65 : static void *primary_keydb;
66 :
67 :
68 : /* This is a simple cache used to return the last result of a
69 : successful fingerprint search. This works only for keybox resources
70 : because (due to lack of a copy_keyblock function) we need to store
71 : an image of the keyblock which is fortunately instantly available
72 : for keyboxes. */
73 : enum keyblock_cache_states {
74 : KEYBLOCK_CACHE_EMPTY,
75 : KEYBLOCK_CACHE_PREPARED,
76 : KEYBLOCK_CACHE_FILLED
77 : };
78 :
79 : struct keyblock_cache {
80 : enum keyblock_cache_states state;
81 : byte fpr[MAX_FINGERPRINT_LEN];
82 : iobuf_t iobuf; /* Image of the keyblock. */
83 : u32 *sigstatus;
84 : int pk_no;
85 : int uid_no;
86 : /* Offset of the record in the keybox. */
87 : int resource;
88 : off_t offset;
89 : };
90 :
91 :
92 : struct keydb_handle
93 : {
94 : /* When we locked all of the resources in ACTIVE (using keyring_lock
95 : / keybox_lock, as appropriate). */
96 : int locked;
97 :
98 : /* The index into ACTIVE of the resources in which the last search
99 : result was found. Initially -1. */
100 : int found;
101 :
102 : /* Initially -1 (invalid). This is used to save a search result and
103 : later restore it as the selected result. */
104 : int saved_found;
105 :
106 : /* The number of skipped long blobs since the last search
107 : (keydb_search_reset). */
108 : unsigned long skipped_long_blobs;
109 :
110 : /* If set, this disables the use of the keyblock cache. */
111 : int no_caching;
112 :
113 : /* Whether the next search will be from the beginning of the
114 : database (and thus consider all records). */
115 : int is_reset;
116 :
117 : /* The "file position." In our case, this is index of the current
118 : resource in ACTIVE. */
119 : int current;
120 :
121 : /* The number of resources in ACTIVE. */
122 : int used;
123 :
124 : /* Cache of the last found and parsed key block (only used for
125 : keyboxes, not keyrings). */
126 : struct keyblock_cache keyblock_cache;
127 :
128 : /* Copy of ALL_RESOURCES when keydb_new is called. */
129 : struct resource_item active[MAX_KEYDB_RESOURCES];
130 : };
131 :
132 : /* Looking up keys is expensive. To hide the cost, we cache whether
133 : keys exist in the key database. Then, if we know a key does not
134 : exist, we don't have to spend time looking it up. This
135 : particularly helps the --list-sigs and --check-sigs commands.
136 :
137 : The cache stores the results in a hash using separate chaining.
138 : Concretely: we use the LSB of the keyid to index the hash table and
139 : each bucket consists of a linked list of entries. An entry
140 : consists of the 64-bit key id. If a key id is not in the cache,
141 : then we don't know whether it is in the DB or not.
142 :
143 : To simplify the cache consistency protocol, we simply flush the
144 : whole cache whenever a key is inserted or updated. */
145 :
146 : #define KID_NOT_FOUND_CACHE_BUCKETS 256
147 : static struct kid_not_found_cache_bucket *
148 : kid_not_found_cache[KID_NOT_FOUND_CACHE_BUCKETS];
149 :
150 : /* The total number of entries in the hash table. */
151 : static unsigned int kid_not_found_cache_count;
152 :
153 : struct kid_not_found_cache_bucket
154 : {
155 : struct kid_not_found_cache_bucket *next;
156 : u32 kid[2];
157 : };
158 :
159 :
160 : static int lock_all (KEYDB_HANDLE hd);
161 : static void unlock_all (KEYDB_HANDLE hd);
162 :
163 :
164 : /* Check whether the keyid KID is in key id is definitely not in the
165 : database.
166 :
167 : Returns:
168 :
169 : 0 - Indeterminate: the key id is not in the cache; we don't know
170 : whether the key is in the database or not. If you want a
171 : definitive answer, you'll need to perform a lookup.
172 :
173 : 1 - There is definitely no key with this key id in the database.
174 : We searched for a key with this key id previously, but we
175 : didn't find it in the database. */
176 : static int
177 2013 : kid_not_found_p (u32 *kid)
178 : {
179 : struct kid_not_found_cache_bucket *k;
180 :
181 2013 : for (k = kid_not_found_cache[kid[0] % KID_NOT_FOUND_CACHE_BUCKETS]; k; k = k->next)
182 3 : if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
183 : {
184 3 : if (DBG_CACHE)
185 0 : log_debug ("keydb: kid_not_found_p (%08lx%08lx) => not in DB\n",
186 0 : (ulong)kid[0], (ulong)kid[1]);
187 3 : return 1;
188 : }
189 :
190 2010 : if (DBG_CACHE)
191 0 : log_debug ("keydb: kid_not_found_p (%08lx%08lx) => indeterminate\n",
192 0 : (ulong)kid[0], (ulong)kid[1]);
193 2010 : return 0;
194 : }
195 :
196 :
197 : /* Insert the keyid KID into the kid_not_found_cache. FOUND is whether
198 : the key is in the key database or not.
199 :
200 : Note this function does not check whether the key id is already in
201 : the cache. As such, kid_not_found_p() should be called first. */
202 : static void
203 7 : kid_not_found_insert (u32 *kid)
204 : {
205 : struct kid_not_found_cache_bucket *k;
206 :
207 7 : if (DBG_CACHE)
208 0 : log_debug ("keydb: kid_not_found_insert (%08lx%08lx)\n",
209 0 : (ulong)kid[0], (ulong)kid[1]);
210 7 : k = xmalloc (sizeof *k);
211 7 : k->kid[0] = kid[0];
212 7 : k->kid[1] = kid[1];
213 7 : k->next = kid_not_found_cache[kid[0] % KID_NOT_FOUND_CACHE_BUCKETS];
214 7 : kid_not_found_cache[kid[0] % KID_NOT_FOUND_CACHE_BUCKETS] = k;
215 7 : kid_not_found_cache_count++;
216 7 : }
217 :
218 :
219 : /* Flush the kid not found cache. */
220 : static void
221 70 : kid_not_found_flush (void)
222 : {
223 : struct kid_not_found_cache_bucket *k, *knext;
224 : int i;
225 :
226 70 : if (DBG_CACHE)
227 0 : log_debug ("keydb: kid_not_found_flush\n");
228 :
229 70 : if (!kid_not_found_cache_count)
230 138 : return;
231 :
232 514 : for (i=0; i < DIM(kid_not_found_cache); i++)
233 : {
234 514 : for (k = kid_not_found_cache[i]; k; k = knext)
235 : {
236 2 : knext = k->next;
237 2 : xfree (k);
238 : }
239 512 : kid_not_found_cache[i] = NULL;
240 : }
241 2 : kid_not_found_cache_count = 0;
242 : }
243 :
244 :
245 : static void
246 8108 : keyblock_cache_clear (struct keydb_handle *hd)
247 : {
248 8108 : hd->keyblock_cache.state = KEYBLOCK_CACHE_EMPTY;
249 8108 : xfree (hd->keyblock_cache.sigstatus);
250 8108 : hd->keyblock_cache.sigstatus = NULL;
251 8108 : iobuf_close (hd->keyblock_cache.iobuf);
252 8108 : hd->keyblock_cache.iobuf = NULL;
253 8108 : hd->keyblock_cache.resource = -1;
254 8108 : hd->keyblock_cache.offset = -1;
255 8108 : }
256 :
257 :
258 : /* Handle the creation of a keyring or a keybox if it does not yet
259 : exist. Take into account that other processes might have the
260 : keyring/keybox already locked. This lock check does not work if
261 : the directory itself is not yet available. If IS_BOX is true the
262 : filename is expected to refer to a keybox. If FORCE_CREATE is true
263 : the keyring or keybox will be created.
264 :
265 : Return 0 if it is okay to access the specified file. */
266 : static gpg_error_t
267 1293 : maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
268 : {
269 1293 : dotlock_t lockhd = NULL;
270 : IOBUF iobuf;
271 : int rc;
272 : mode_t oldmask;
273 : char *last_slash_in_filename;
274 1293 : char *bak_fname = NULL;
275 1293 : char *tmp_fname = NULL;
276 : int save_slash;
277 :
278 : /* A quick test whether the filename already exists. */
279 1293 : if (!access (filename, F_OK))
280 1291 : return 0;
281 :
282 : /* If we don't want to create a new file at all, there is no need to
283 : go any further - bail out right here. */
284 2 : if (!force_create)
285 0 : return gpg_error (GPG_ERR_ENOENT);
286 :
287 : /* First of all we try to create the home directory. Note, that we
288 : don't do any locking here because any sane application of gpg
289 : would create the home directory by itself and not rely on gpg's
290 : tricky auto-creation which is anyway only done for certain home
291 : directory name pattern. */
292 2 : last_slash_in_filename = strrchr (filename, DIRSEP_C);
293 : #if HAVE_W32_SYSTEM
294 : {
295 : /* Windows may either have a slash or a backslash. Take care of it. */
296 : char *p = strrchr (filename, '/');
297 : if (!last_slash_in_filename || p > last_slash_in_filename)
298 : last_slash_in_filename = p;
299 : }
300 : #endif /*HAVE_W32_SYSTEM*/
301 2 : if (!last_slash_in_filename)
302 0 : return gpg_error (GPG_ERR_ENOENT); /* No slash at all - should
303 : not happen though. */
304 2 : save_slash = *last_slash_in_filename;
305 2 : *last_slash_in_filename = 0;
306 2 : if (access(filename, F_OK))
307 : {
308 : static int tried;
309 :
310 0 : if (!tried)
311 : {
312 0 : tried = 1;
313 0 : try_make_homedir (filename);
314 : }
315 0 : if (access (filename, F_OK))
316 : {
317 0 : rc = gpg_error_from_syserror ();
318 0 : *last_slash_in_filename = save_slash;
319 0 : goto leave;
320 : }
321 : }
322 2 : *last_slash_in_filename = save_slash;
323 :
324 : /* To avoid races with other instances of gpg trying to create or
325 : update the keyring (it is removed during an update for a short
326 : time), we do the next stuff in a locked state. */
327 2 : lockhd = dotlock_create (filename, 0);
328 2 : if (!lockhd)
329 : {
330 0 : rc = gpg_error_from_syserror ();
331 : /* A reason for this to fail is that the directory is not
332 : writable. However, this whole locking stuff does not make
333 : sense if this is the case. An empty non-writable directory
334 : with no keyring is not really useful at all. */
335 0 : if (opt.verbose)
336 0 : log_info ("can't allocate lock for '%s': %s\n",
337 : filename, gpg_strerror (rc));
338 :
339 0 : if (!force_create)
340 0 : return gpg_error (GPG_ERR_ENOENT); /* Won't happen. */
341 : else
342 0 : return rc;
343 : }
344 :
345 2 : if ( dotlock_take (lockhd, -1) )
346 : {
347 0 : rc = gpg_error_from_syserror ();
348 : /* This is something bad. Probably a stale lockfile. */
349 0 : log_info ("can't lock '%s': %s\n", filename, gpg_strerror (rc));
350 0 : goto leave;
351 : }
352 :
353 : /* Now the real test while we are locked. */
354 :
355 : /* Gpg either uses pubring.gpg or pubring.kbx and thus different
356 : * lock files. Now, when one gpg process is updating a pubring.gpg
357 : * and thus holding the corresponding lock, a second gpg process may
358 : * get to here at the time between the two rename operation used by
359 : * the first process to update pubring.gpg. The lock taken above
360 : * may not protect the second process if it tries to create a
361 : * pubring.kbx file which would be protected by a different lock
362 : * file.
363 : *
364 : * We can detect this case by checking that the two temporary files
365 : * used by the update code exist at the same time. In that case we
366 : * do not create a new file but act as if FORCE_CREATE has not been
367 : * given. Obviously there is a race between our two checks but the
368 : * worst thing is that we won't create a new file, which is better
369 : * than to accidentally creating one. */
370 2 : rc = keybox_tmp_names (filename, is_box, &bak_fname, &tmp_fname);
371 2 : if (rc)
372 0 : goto leave;
373 :
374 2 : if (!access (filename, F_OK))
375 : {
376 0 : rc = 0; /* Okay, we may access the file now. */
377 0 : goto leave;
378 : }
379 2 : if (!access (bak_fname, F_OK) && !access (tmp_fname, F_OK))
380 : {
381 : /* Very likely another process is updating a pubring.gpg and we
382 : should not create a pubring.kbx. */
383 0 : rc = gpg_error (GPG_ERR_ENOENT);
384 0 : goto leave;
385 : }
386 :
387 :
388 : /* The file does not yet exist, create it now. */
389 2 : oldmask = umask (077);
390 2 : if (is_secured_filename (filename))
391 : {
392 0 : iobuf = NULL;
393 0 : gpg_err_set_errno (EPERM);
394 : }
395 : else
396 2 : iobuf = iobuf_create (filename, 0);
397 2 : umask (oldmask);
398 2 : if (!iobuf)
399 : {
400 0 : rc = gpg_error_from_syserror ();
401 0 : if (is_box)
402 0 : log_error (_("error creating keybox '%s': %s\n"),
403 : filename, gpg_strerror (rc));
404 : else
405 0 : log_error (_("error creating keyring '%s': %s\n"),
406 : filename, gpg_strerror (rc));
407 0 : goto leave;
408 : }
409 :
410 2 : iobuf_close (iobuf);
411 : /* Must invalidate that ugly cache */
412 2 : iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, filename);
413 :
414 : /* Make sure that at least one record is in a new keybox file, so
415 : that the detection magic will work the next time it is used. */
416 2 : if (is_box)
417 : {
418 2 : FILE *fp = fopen (filename, "w");
419 2 : if (!fp)
420 0 : rc = gpg_error_from_syserror ();
421 : else
422 : {
423 2 : rc = _keybox_write_header_blob (fp, 1);
424 2 : fclose (fp);
425 : }
426 2 : if (rc)
427 : {
428 0 : if (is_box)
429 0 : log_error (_("error creating keybox '%s': %s\n"),
430 : filename, gpg_strerror (rc));
431 : else
432 0 : log_error (_("error creating keyring '%s': %s\n"),
433 : filename, gpg_strerror (rc));
434 0 : goto leave;
435 : }
436 : }
437 :
438 2 : if (!opt.quiet)
439 : {
440 2 : if (is_box)
441 2 : log_info (_("keybox '%s' created\n"), filename);
442 : else
443 0 : log_info (_("keyring '%s' created\n"), filename);
444 : }
445 :
446 2 : rc = 0;
447 :
448 : leave:
449 2 : if (lockhd)
450 : {
451 2 : dotlock_release (lockhd);
452 2 : dotlock_destroy (lockhd);
453 : }
454 2 : xfree (bak_fname);
455 2 : xfree (tmp_fname);
456 2 : return rc;
457 : }
458 :
459 :
460 : /* Helper for keydb_add_resource. Opens FILENAME to figure out the
461 : resource type.
462 :
463 : Returns the specified file's likely type. If the file does not
464 : exist, returns KEYDB_RESOURCE_TYPE_NONE and sets *R_FOUND to 0.
465 : Otherwise, tries to figure out the file's type. This is either
466 : KEYDB_RESOURCE_TYPE_KEYBOX, KEYDB_RESOURCE_TYPE_KEYRING or
467 : KEYDB_RESOURCE_TYPE_KEYNONE. If the file is a keybox and it has
468 : the OpenPGP flag set, then R_OPENPGP is also set. */
469 : static KeydbResourceType
470 2583 : rt_from_file (const char *filename, int *r_found, int *r_openpgp)
471 : {
472 : u32 magic;
473 : unsigned char verbuf[4];
474 : FILE *fp;
475 2583 : KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
476 :
477 2583 : *r_found = *r_openpgp = 0;
478 2583 : fp = fopen (filename, "rb");
479 2583 : if (fp)
480 : {
481 1292 : *r_found = 1;
482 :
483 1292 : if (fread (&magic, 4, 1, fp) == 1 )
484 : {
485 1290 : if (magic == 0x13579ace || magic == 0xce9a5713)
486 : ; /* GDBM magic - not anymore supported. */
487 1290 : else if (fread (&verbuf, 4, 1, fp) == 1
488 1290 : && verbuf[0] == 1
489 1274 : && fread (&magic, 4, 1, fp) == 1
490 1274 : && !memcmp (&magic, "KBXf", 4))
491 : {
492 1274 : if ((verbuf[3] & 0x02))
493 1274 : *r_openpgp = 1;
494 1274 : rt = KEYDB_RESOURCE_TYPE_KEYBOX;
495 : }
496 : else
497 16 : rt = KEYDB_RESOURCE_TYPE_KEYRING;
498 : }
499 : else /* Maybe empty: assume keyring. */
500 2 : rt = KEYDB_RESOURCE_TYPE_KEYRING;
501 :
502 1292 : fclose (fp);
503 : }
504 :
505 2583 : return rt;
506 : }
507 :
508 : char *
509 0 : keydb_search_desc_dump (struct keydb_search_desc *desc)
510 : {
511 : char b[MAX_FORMATTED_FINGERPRINT_LEN + 1];
512 : char fpr[2 * MAX_FINGERPRINT_LEN + 1];
513 :
514 0 : switch (desc->mode)
515 : {
516 : case KEYDB_SEARCH_MODE_EXACT:
517 0 : return xasprintf ("EXACT: '%s'", desc->u.name);
518 : case KEYDB_SEARCH_MODE_SUBSTR:
519 0 : return xasprintf ("SUBSTR: '%s'", desc->u.name);
520 : case KEYDB_SEARCH_MODE_MAIL:
521 0 : return xasprintf ("MAIL: '%s'", desc->u.name);
522 : case KEYDB_SEARCH_MODE_MAILSUB:
523 0 : return xasprintf ("MAILSUB: '%s'", desc->u.name);
524 : case KEYDB_SEARCH_MODE_MAILEND:
525 0 : return xasprintf ("MAILEND: '%s'", desc->u.name);
526 : case KEYDB_SEARCH_MODE_WORDS:
527 0 : return xasprintf ("WORDS: '%s'", desc->u.name);
528 : case KEYDB_SEARCH_MODE_SHORT_KID:
529 0 : return xasprintf ("SHORT_KID: '%s'",
530 0 : format_keyid (desc->u.kid, KF_SHORT, b, sizeof (b)));
531 : case KEYDB_SEARCH_MODE_LONG_KID:
532 0 : return xasprintf ("LONG_KID: '%s'",
533 0 : format_keyid (desc->u.kid, KF_LONG, b, sizeof (b)));
534 : case KEYDB_SEARCH_MODE_FPR16:
535 0 : bin2hex (desc->u.fpr, 16, fpr);
536 0 : return xasprintf ("FPR16: '%s'",
537 : format_hexfingerprint (fpr, b, sizeof (b)));
538 : case KEYDB_SEARCH_MODE_FPR20:
539 0 : bin2hex (desc->u.fpr, 20, fpr);
540 0 : return xasprintf ("FPR20: '%s'",
541 : format_hexfingerprint (fpr, b, sizeof (b)));
542 : case KEYDB_SEARCH_MODE_FPR:
543 0 : bin2hex (desc->u.fpr, 20, fpr);
544 0 : return xasprintf ("FPR: '%s'",
545 : format_hexfingerprint (fpr, b, sizeof (b)));
546 : case KEYDB_SEARCH_MODE_ISSUER:
547 0 : return xasprintf ("ISSUER: '%s'", desc->u.name);
548 : case KEYDB_SEARCH_MODE_ISSUER_SN:
549 0 : return xasprintf ("ISSUER_SN: '%*s'",
550 0 : (int) (desc->snlen == -1
551 0 : ? strlen (desc->sn) : desc->snlen),
552 : desc->sn);
553 : case KEYDB_SEARCH_MODE_SN:
554 0 : return xasprintf ("SN: '%*s'",
555 0 : (int) (desc->snlen == -1
556 0 : ? strlen (desc->sn) : desc->snlen),
557 : desc->sn);
558 : case KEYDB_SEARCH_MODE_SUBJECT:
559 0 : return xasprintf ("SUBJECT: '%s'", desc->u.name);
560 : case KEYDB_SEARCH_MODE_KEYGRIP:
561 0 : return xasprintf ("KEYGRIP: %s", desc->u.grip);
562 : case KEYDB_SEARCH_MODE_FIRST:
563 0 : return xasprintf ("FIRST");
564 : case KEYDB_SEARCH_MODE_NEXT:
565 0 : return xasprintf ("NEXT");
566 : default:
567 0 : return xasprintf ("Bad search mode (%d)", desc->mode);
568 : }
569 : }
570 :
571 :
572 :
573 : /* Register a resource (keyring or keybox). The first keyring or
574 : * keybox that is added using this function is created if it does not
575 : * already exist and the KEYDB_RESOURCE_FLAG_READONLY is not set.
576 : *
577 : * FLAGS are a combination of the KEYDB_RESOURCE_FLAG_* constants.
578 : *
579 : * URL must have the following form:
580 : *
581 : * gnupg-ring:filename = plain keyring
582 : * gnupg-kbx:filename = keybox file
583 : * filename = check file's type (create as a plain keyring)
584 : *
585 : * Note: on systems with drive letters (Windows) invalid URLs (i.e.,
586 : * those with an unrecognized part before the ':' such as "c:\...")
587 : * will silently be treated as bare filenames. On other systems, such
588 : * URLs will cause this function to return GPG_ERR_GENERAL.
589 : *
590 : * If KEYDB_RESOURCE_FLAG_DEFAULT is set, the resource is a keyring
591 : * and the file ends in ".gpg", then this function also checks if a
592 : * file with the same name, but the extension ".kbx" exists, is a
593 : * keybox and the OpenPGP flag is set. If so, this function opens
594 : * that resource instead.
595 : *
596 : * If the file is not found, KEYDB_RESOURCE_FLAG_GPGVDEF is set and
597 : * the URL ends in ".kbx", then this function will try opening the
598 : * same URL, but with the extension ".gpg". If that file is a keybox
599 : * with the OpenPGP flag set or it is a keyring, then we use that
600 : * instead.
601 : *
602 : * If the file is not found, KEYDB_RESOURCE_FLAG_DEFAULT is set, the
603 : * file should be created and the file's extension is ".gpg" then we
604 : * replace the extension with ".kbx".
605 : *
606 : * If the KEYDB_RESOURCE_FLAG_PRIMARY is set and the resource is a
607 : * keyring (not a keybox), then this resource is considered the
608 : * primary resource. This is used by keydb_locate_writable(). If
609 : * another primary keyring is set, then that keyring is considered the
610 : * primary.
611 : *
612 : * If KEYDB_RESOURCE_FLAG_READONLY is set and the resource is a
613 : * keyring (not a keybox), then the keyring is marked as read only and
614 : * operations just as keyring_insert_keyblock will return
615 : * GPG_ERR_ACCESS. */
616 : gpg_error_t
617 1293 : keydb_add_resource (const char *url, unsigned int flags)
618 : {
619 : /* Whether we have successfully registered a resource. */
620 : static int any_registered;
621 : /* The file named by the URL (i.e., without the prototype). */
622 1293 : const char *resname = url;
623 :
624 1293 : char *filename = NULL;
625 : int create;
626 1293 : int read_only = !!(flags&KEYDB_RESOURCE_FLAG_READONLY);
627 1293 : int is_default = !!(flags&KEYDB_RESOURCE_FLAG_DEFAULT);
628 1293 : int is_gpgvdef = !!(flags&KEYDB_RESOURCE_FLAG_GPGVDEF);
629 1293 : gpg_error_t err = 0;
630 1293 : KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
631 : void *token;
632 :
633 : /* Create the resource if it is the first registered one. */
634 1293 : create = (!read_only && !any_registered);
635 :
636 1293 : if (strlen (resname) > 11 && !strncmp( resname, "gnupg-ring:", 11) )
637 : {
638 0 : rt = KEYDB_RESOURCE_TYPE_KEYRING;
639 0 : resname += 11;
640 : }
641 1293 : else if (strlen (resname) > 10 && !strncmp (resname, "gnupg-kbx:", 10) )
642 : {
643 0 : rt = KEYDB_RESOURCE_TYPE_KEYBOX;
644 0 : resname += 10;
645 : }
646 : #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
647 1293 : else if (strchr (resname, ':'))
648 : {
649 0 : log_error ("invalid key resource URL '%s'\n", url );
650 0 : err = gpg_error (GPG_ERR_GENERAL);
651 0 : goto leave;
652 : }
653 : #endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
654 :
655 1293 : if (*resname != DIRSEP_C
656 : #ifdef HAVE_W32_SYSTEM
657 : && *resname != '/' /* Fixme: does not handle drive letters. */
658 : #endif
659 : )
660 : {
661 : /* Do tilde expansion etc. */
662 1292 : if (strchr (resname, DIRSEP_C)
663 : #ifdef HAVE_W32_SYSTEM
664 : || strchr (resname, '/') /* Windows also accepts this. */
665 : #endif
666 : )
667 2 : filename = make_filename (resname, NULL);
668 : else
669 1290 : filename = make_filename (gnupg_homedir (), resname, NULL);
670 : }
671 : else
672 1 : filename = xstrdup (resname);
673 :
674 : /* See whether we can determine the filetype. */
675 1293 : if (rt == KEYDB_RESOURCE_TYPE_NONE)
676 : {
677 : int found, openpgp_flag;
678 1293 : int pass = 0;
679 : size_t filenamelen;
680 :
681 : check_again:
682 2568 : filenamelen = strlen (filename);
683 2568 : rt = rt_from_file (filename, &found, &openpgp_flag);
684 2568 : if (found)
685 : {
686 : /* The file exists and we have the resource type in RT.
687 :
688 : Now let us check whether in addition to the "pubring.gpg"
689 : a "pubring.kbx with openpgp keys exists. This is so that
690 : GPG 2.1 will use an existing "pubring.kbx" by default iff
691 : that file has been created or used by 2.1. This check is
692 : needed because after creation or use of the kbx file with
693 : 2.1 an older version of gpg may have created a new
694 : pubring.gpg for its own use. */
695 1291 : if (!pass && is_default && rt == KEYDB_RESOURCE_TYPE_KEYRING
696 15 : && filenamelen > 4 && !strcmp (filename+filenamelen-4, ".gpg"))
697 : {
698 15 : strcpy (filename+filenamelen-4, ".kbx");
699 15 : if ((rt_from_file (filename, &found, &openpgp_flag)
700 0 : == KEYDB_RESOURCE_TYPE_KEYBOX) && found && openpgp_flag)
701 0 : rt = KEYDB_RESOURCE_TYPE_KEYBOX;
702 : else /* Restore filename */
703 15 : strcpy (filename+filenamelen-4, ".gpg");
704 : }
705 : }
706 1277 : else if (!pass && is_gpgvdef
707 0 : && filenamelen > 4 && !strcmp (filename+filenamelen-4, ".kbx"))
708 0 : {
709 : /* Not found but gpgv's default "trustedkeys.kbx" file has
710 : been requested. We did not found it so now check whether
711 : a "trustedkeys.gpg" file exists and use that instead. */
712 : KeydbResourceType rttmp;
713 :
714 0 : strcpy (filename+filenamelen-4, ".gpg");
715 0 : rttmp = rt_from_file (filename, &found, &openpgp_flag);
716 0 : if (found
717 0 : && ((rttmp == KEYDB_RESOURCE_TYPE_KEYBOX && openpgp_flag)
718 0 : || (rttmp == KEYDB_RESOURCE_TYPE_KEYRING)))
719 0 : rt = rttmp;
720 : else /* Restore filename */
721 0 : strcpy (filename+filenamelen-4, ".kbx");
722 : }
723 1277 : else if (!pass
724 1275 : && is_default && create
725 1275 : && filenamelen > 4 && !strcmp (filename+filenamelen-4, ".gpg"))
726 : {
727 : /* The file does not exist, the default resource has been
728 : requested, the file shall be created, and the file has a
729 : ".gpg" suffix. Change the suffix to ".kbx" and try once
730 : more. This way we achieve that we open an existing
731 : ".gpg" keyring, but create a new keybox file with an
732 : ".kbx" suffix. */
733 1275 : strcpy (filename+filenamelen-4, ".kbx");
734 1275 : pass++;
735 1275 : goto check_again;
736 : }
737 : else /* No file yet: create keybox. */
738 2 : rt = KEYDB_RESOURCE_TYPE_KEYBOX;
739 : }
740 :
741 1293 : switch (rt)
742 : {
743 : case KEYDB_RESOURCE_TYPE_NONE:
744 0 : log_error ("unknown type of key resource '%s'\n", url );
745 0 : err = gpg_error (GPG_ERR_GENERAL);
746 0 : goto leave;
747 :
748 : case KEYDB_RESOURCE_TYPE_KEYRING:
749 17 : err = maybe_create_keyring_or_box (filename, 0, create);
750 17 : if (err)
751 0 : goto leave;
752 :
753 17 : if (keyring_register_filename (filename, read_only, &token))
754 : {
755 17 : if (used_resources >= MAX_KEYDB_RESOURCES)
756 0 : err = gpg_error (GPG_ERR_RESOURCE_LIMIT);
757 : else
758 : {
759 17 : if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY))
760 0 : primary_keydb = token;
761 17 : all_resources[used_resources].type = rt;
762 17 : all_resources[used_resources].u.kr = NULL; /* Not used here */
763 17 : all_resources[used_resources].token = token;
764 17 : used_resources++;
765 : }
766 : }
767 : else
768 : {
769 : /* This keyring was already registered, so ignore it.
770 : However, we can still mark it as primary even if it was
771 : already registered. */
772 0 : if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY))
773 0 : primary_keydb = token;
774 : }
775 17 : break;
776 :
777 : case KEYDB_RESOURCE_TYPE_KEYBOX:
778 : {
779 1276 : err = maybe_create_keyring_or_box (filename, 1, create);
780 1276 : if (err)
781 0 : goto leave;
782 :
783 1276 : err = keybox_register_file (filename, 0, &token);
784 1276 : if (!err)
785 : {
786 1276 : if (used_resources >= MAX_KEYDB_RESOURCES)
787 0 : err = gpg_error (GPG_ERR_RESOURCE_LIMIT);
788 : else
789 : {
790 1276 : if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY))
791 0 : primary_keydb = token;
792 1276 : all_resources[used_resources].type = rt;
793 1276 : all_resources[used_resources].u.kb = NULL; /* Not used here */
794 1276 : all_resources[used_resources].token = token;
795 :
796 : /* FIXME: Do a compress run if needed and no other
797 : user is currently using the keybox. */
798 :
799 1276 : used_resources++;
800 : }
801 : }
802 0 : else if (gpg_err_code (err) == GPG_ERR_EEXIST)
803 : {
804 : /* Already registered. We will mark it as the primary key
805 : if requested. */
806 0 : if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY))
807 0 : primary_keydb = token;
808 : }
809 : }
810 1276 : break;
811 :
812 : default:
813 0 : log_error ("resource type of '%s' not supported\n", url);
814 0 : err = gpg_error (GPG_ERR_GENERAL);
815 0 : goto leave;
816 : }
817 :
818 : /* fixme: check directory permissions and print a warning */
819 :
820 : leave:
821 1293 : if (err)
822 0 : log_error (_("keyblock resource '%s': %s\n"), filename, gpg_strerror (err));
823 : else
824 1293 : any_registered = 1;
825 1293 : xfree (filename);
826 1293 : return err;
827 : }
828 :
829 :
830 : void
831 0 : keydb_dump_stats (void)
832 : {
833 0 : if (kid_not_found_cache_count)
834 0 : log_info ("keydb: kid_not_found_cache: total: %u\n",
835 : kid_not_found_cache_count);
836 0 : }
837 :
838 :
839 : /* Create a new database handle. A database handle is similar to a
840 : file handle: it contains a local file position. This is used when
841 : searching: subsequent searches resume where the previous search
842 : left off. To rewind the position, use keydb_search_reset(). This
843 : function returns NULL on error, sets ERRNO, and prints an error
844 : diagnostic. */
845 : KEYDB_HANDLE
846 2710 : keydb_new (void)
847 : {
848 : KEYDB_HANDLE hd;
849 : int i, j;
850 2710 : int die = 0;
851 : int reterrno;
852 :
853 2710 : if (DBG_CLOCK)
854 0 : log_clock ("keydb_new");
855 :
856 2710 : hd = xtrycalloc (1, sizeof *hd);
857 2710 : if (!hd)
858 0 : goto leave;
859 2710 : hd->found = -1;
860 2710 : hd->saved_found = -1;
861 2710 : hd->is_reset = 1;
862 :
863 2710 : log_assert (used_resources <= MAX_KEYDB_RESOURCES);
864 5420 : for (i=j=0; ! die && i < used_resources; i++)
865 : {
866 2710 : switch (all_resources[i].type)
867 : {
868 : case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
869 0 : break;
870 : case KEYDB_RESOURCE_TYPE_KEYRING:
871 50 : hd->active[j].type = all_resources[i].type;
872 50 : hd->active[j].token = all_resources[i].token;
873 50 : hd->active[j].u.kr = keyring_new (all_resources[i].token);
874 50 : if (!hd->active[j].u.kr)
875 : {
876 0 : reterrno = errno;
877 0 : die = 1;
878 : }
879 50 : j++;
880 50 : break;
881 : case KEYDB_RESOURCE_TYPE_KEYBOX:
882 2660 : hd->active[j].type = all_resources[i].type;
883 2660 : hd->active[j].token = all_resources[i].token;
884 2660 : hd->active[j].u.kb = keybox_new_openpgp (all_resources[i].token, 0);
885 2660 : if (!hd->active[j].u.kb)
886 : {
887 0 : reterrno = errno;
888 0 : die = 1;
889 : }
890 2660 : j++;
891 2660 : break;
892 : }
893 : }
894 2710 : hd->used = j;
895 :
896 2710 : active_handles++;
897 :
898 2710 : if (die)
899 : {
900 0 : keydb_release (hd);
901 0 : gpg_err_set_errno (reterrno);
902 0 : hd = NULL;
903 : }
904 :
905 : leave:
906 2710 : if (!hd)
907 0 : log_error (_("error opening key DB: %s\n"),
908 : gpg_strerror (gpg_error_from_syserror()));
909 :
910 2710 : return hd;
911 : }
912 :
913 :
914 : void
915 2710 : keydb_release (KEYDB_HANDLE hd)
916 : {
917 : int i;
918 :
919 2710 : if (!hd)
920 2710 : return;
921 2710 : log_assert (active_handles > 0);
922 2710 : active_handles--;
923 :
924 2710 : unlock_all (hd);
925 5420 : for (i=0; i < hd->used; i++)
926 : {
927 2710 : switch (hd->active[i].type)
928 : {
929 : case KEYDB_RESOURCE_TYPE_NONE:
930 0 : break;
931 : case KEYDB_RESOURCE_TYPE_KEYRING:
932 50 : keyring_release (hd->active[i].u.kr);
933 50 : break;
934 : case KEYDB_RESOURCE_TYPE_KEYBOX:
935 2660 : keybox_release (hd->active[i].u.kb);
936 2660 : break;
937 : }
938 : }
939 :
940 2710 : keyblock_cache_clear (hd);
941 2710 : xfree (hd);
942 : }
943 :
944 :
945 : /* Set a flag on the handle to suppress use of cached results. This
946 : * is required for updating a keyring and for key listings. Fixme:
947 : * Using a new parameter for keydb_new might be a better solution. */
948 : void
949 106 : keydb_disable_caching (KEYDB_HANDLE hd)
950 : {
951 106 : if (hd)
952 106 : hd->no_caching = 1;
953 106 : }
954 :
955 :
956 : /* Return the file name of the resource in which the current search
957 : * result was found or, if there is no search result, the filename of
958 : * the current resource (i.e., the resource that the file position
959 : * points to). Note: the filename is not necessarily the URL used to
960 : * open it!
961 : *
962 : * This function only returns NULL if no handle is specified, in all
963 : * other error cases an empty string is returned. */
964 : const char *
965 9 : keydb_get_resource_name (KEYDB_HANDLE hd)
966 : {
967 : int idx;
968 9 : const char *s = NULL;
969 :
970 9 : if (!hd)
971 0 : return NULL;
972 :
973 9 : if ( hd->found >= 0 && hd->found < hd->used)
974 9 : idx = hd->found;
975 0 : else if ( hd->current >= 0 && hd->current < hd->used)
976 0 : idx = hd->current;
977 : else
978 0 : idx = 0;
979 :
980 9 : switch (hd->active[idx].type)
981 : {
982 : case KEYDB_RESOURCE_TYPE_NONE:
983 0 : s = NULL;
984 0 : break;
985 : case KEYDB_RESOURCE_TYPE_KEYRING:
986 9 : s = keyring_get_resource_name (hd->active[idx].u.kr);
987 9 : break;
988 : case KEYDB_RESOURCE_TYPE_KEYBOX:
989 0 : s = keybox_get_resource_name (hd->active[idx].u.kb);
990 0 : break;
991 : }
992 :
993 9 : return s? s: "";
994 : }
995 :
996 :
997 :
998 : static int
999 70 : lock_all (KEYDB_HANDLE hd)
1000 : {
1001 70 : int i, rc = 0;
1002 :
1003 : /* Fixme: This locking scheme may lead to a deadlock if the resources
1004 : are not added in the same order by all processes. We are
1005 : currently only allowing one resource so it is not a problem.
1006 : [Oops: Who claimed the latter]
1007 :
1008 : To fix this we need to use a lock file to protect lock_all. */
1009 :
1010 140 : for (i=0; !rc && i < hd->used; i++)
1011 : {
1012 70 : switch (hd->active[i].type)
1013 : {
1014 : case KEYDB_RESOURCE_TYPE_NONE:
1015 0 : break;
1016 : case KEYDB_RESOURCE_TYPE_KEYRING:
1017 1 : rc = keyring_lock (hd->active[i].u.kr, 1);
1018 1 : break;
1019 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1020 69 : rc = keybox_lock (hd->active[i].u.kb, 1);
1021 69 : break;
1022 : }
1023 : }
1024 :
1025 70 : if (rc)
1026 : {
1027 : /* Revert the already taken locks. */
1028 0 : for (i--; i >= 0; i--)
1029 : {
1030 0 : switch (hd->active[i].type)
1031 : {
1032 : case KEYDB_RESOURCE_TYPE_NONE:
1033 0 : break;
1034 : case KEYDB_RESOURCE_TYPE_KEYRING:
1035 0 : keyring_lock (hd->active[i].u.kr, 0);
1036 0 : break;
1037 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1038 0 : keybox_lock (hd->active[i].u.kb, 0);
1039 0 : break;
1040 : }
1041 : }
1042 : }
1043 : else
1044 70 : hd->locked = 1;
1045 :
1046 70 : return rc;
1047 : }
1048 :
1049 :
1050 : static void
1051 2780 : unlock_all (KEYDB_HANDLE hd)
1052 : {
1053 : int i;
1054 :
1055 2780 : if (!hd->locked)
1056 5490 : return;
1057 :
1058 140 : for (i=hd->used-1; i >= 0; i--)
1059 : {
1060 70 : switch (hd->active[i].type)
1061 : {
1062 : case KEYDB_RESOURCE_TYPE_NONE:
1063 0 : break;
1064 : case KEYDB_RESOURCE_TYPE_KEYRING:
1065 1 : keyring_lock (hd->active[i].u.kr, 0);
1066 1 : break;
1067 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1068 69 : keybox_lock (hd->active[i].u.kb, 0);
1069 69 : break;
1070 : }
1071 : }
1072 70 : hd->locked = 0;
1073 : }
1074 :
1075 :
1076 :
1077 : /* Save the last found state and invalidate the current selection
1078 : * (i.e., the entry selected by keydb_search() is invalidated and
1079 : * something like keydb_get_keyblock() will return an error). This
1080 : * does not change the file position. This makes it possible to do
1081 : * something like:
1082 : *
1083 : * keydb_search (hd, ...); // Result 1.
1084 : * keydb_push_found_state (hd);
1085 : * keydb_search_reset (hd);
1086 : * keydb_search (hd, ...); // Result 2.
1087 : * keydb_pop_found_state (hd);
1088 : * keydb_get_keyblock (hd, ...); // -> Result 1.
1089 : *
1090 : * Note: it is only possible to save a single save state at a time.
1091 : * In other words, the the save stack only has room for a single
1092 : * instance of the state. */
1093 : void
1094 0 : keydb_push_found_state (KEYDB_HANDLE hd)
1095 : {
1096 0 : if (!hd)
1097 0 : return;
1098 :
1099 0 : if (hd->found < 0 || hd->found >= hd->used)
1100 : {
1101 0 : hd->saved_found = -1;
1102 0 : return;
1103 : }
1104 :
1105 0 : switch (hd->active[hd->found].type)
1106 : {
1107 : case KEYDB_RESOURCE_TYPE_NONE:
1108 0 : break;
1109 : case KEYDB_RESOURCE_TYPE_KEYRING:
1110 0 : keyring_push_found_state (hd->active[hd->found].u.kr);
1111 0 : break;
1112 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1113 0 : keybox_push_found_state (hd->active[hd->found].u.kb);
1114 0 : break;
1115 : }
1116 :
1117 0 : hd->saved_found = hd->found;
1118 0 : hd->found = -1;
1119 : }
1120 :
1121 :
1122 : /* Restore the previous save state. If the saved state is NULL or
1123 : invalid, this is a NOP. */
1124 : void
1125 0 : keydb_pop_found_state (KEYDB_HANDLE hd)
1126 : {
1127 0 : if (!hd)
1128 0 : return;
1129 :
1130 0 : hd->found = hd->saved_found;
1131 0 : hd->saved_found = -1;
1132 0 : if (hd->found < 0 || hd->found >= hd->used)
1133 0 : return;
1134 :
1135 0 : switch (hd->active[hd->found].type)
1136 : {
1137 : case KEYDB_RESOURCE_TYPE_NONE:
1138 0 : break;
1139 : case KEYDB_RESOURCE_TYPE_KEYRING:
1140 0 : keyring_pop_found_state (hd->active[hd->found].u.kr);
1141 0 : break;
1142 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1143 0 : keybox_pop_found_state (hd->active[hd->found].u.kb);
1144 0 : break;
1145 : }
1146 : }
1147 :
1148 :
1149 :
1150 : static gpg_error_t
1151 2527 : parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
1152 : const u32 *sigstatus, kbnode_t *r_keyblock)
1153 : {
1154 : gpg_error_t err;
1155 : PACKET *pkt;
1156 2527 : kbnode_t keyblock = NULL;
1157 : kbnode_t node, *tail;
1158 : int in_cert, save_mode;
1159 : u32 n_sigs;
1160 : int pk_count, uid_count;
1161 :
1162 2527 : *r_keyblock = NULL;
1163 :
1164 2527 : pkt = xtrymalloc (sizeof *pkt);
1165 2527 : if (!pkt)
1166 0 : return gpg_error_from_syserror ();
1167 2527 : init_packet (pkt);
1168 2527 : save_mode = set_packet_list_mode (0);
1169 2527 : in_cert = 0;
1170 2527 : n_sigs = 0;
1171 2527 : tail = NULL;
1172 2527 : pk_count = uid_count = 0;
1173 19847 : while ((err = parse_packet (iobuf, pkt)) != -1)
1174 : {
1175 14793 : if (gpg_err_code (err) == GPG_ERR_UNKNOWN_PACKET)
1176 : {
1177 0 : free_packet (pkt);
1178 0 : init_packet (pkt);
1179 0 : continue;
1180 : }
1181 14793 : if (err)
1182 : {
1183 0 : log_error ("parse_keyblock_image: read error: %s\n",
1184 : gpg_strerror (err));
1185 0 : err = gpg_error (GPG_ERR_INV_KEYRING);
1186 0 : break;
1187 : }
1188 :
1189 : /* Filter allowed packets. */
1190 14793 : switch (pkt->pkttype)
1191 : {
1192 : case PKT_PUBLIC_KEY:
1193 : case PKT_PUBLIC_SUBKEY:
1194 : case PKT_SECRET_KEY:
1195 : case PKT_SECRET_SUBKEY:
1196 : case PKT_USER_ID:
1197 : case PKT_ATTRIBUTE:
1198 : case PKT_SIGNATURE:
1199 14793 : break; /* Allowed per RFC. */
1200 :
1201 : default:
1202 : /* Note that can't allow ring trust packets here and some of
1203 : the other GPG specific packets don't make sense either. */
1204 0 : log_error ("skipped packet of type %d in keybox\n",
1205 0 : (int)pkt->pkttype);
1206 0 : free_packet(pkt);
1207 0 : init_packet(pkt);
1208 0 : continue;
1209 : }
1210 :
1211 : /* Other sanity checks. */
1212 14793 : if (!in_cert && pkt->pkttype != PKT_PUBLIC_KEY)
1213 : {
1214 0 : log_error ("parse_keyblock_image: first packet in a keybox blob "
1215 : "is not a public key packet\n");
1216 0 : err = gpg_error (GPG_ERR_INV_KEYRING);
1217 0 : break;
1218 : }
1219 14793 : if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY
1220 12266 : || pkt->pkttype == PKT_SECRET_KEY))
1221 : {
1222 0 : log_error ("parse_keyblock_image: "
1223 : "multiple keyblocks in a keybox blob\n");
1224 0 : err = gpg_error (GPG_ERR_INV_KEYRING);
1225 0 : break;
1226 : }
1227 14793 : in_cert = 1;
1228 :
1229 14793 : if (pkt->pkttype == PKT_SIGNATURE && sigstatus)
1230 : {
1231 6290 : PKT_signature *sig = pkt->pkt.signature;
1232 :
1233 6290 : n_sigs++;
1234 6290 : if (n_sigs > sigstatus[0])
1235 : {
1236 0 : log_error ("parse_keyblock_image: "
1237 : "more signatures than found in the meta data\n");
1238 0 : err = gpg_error (GPG_ERR_INV_KEYRING);
1239 0 : break;
1240 :
1241 : }
1242 6290 : if (sigstatus[n_sigs])
1243 : {
1244 5979 : sig->flags.checked = 1;
1245 5979 : if (sigstatus[n_sigs] == 1 )
1246 : ; /* missing key */
1247 5979 : else if (sigstatus[n_sigs] == 2 )
1248 : ; /* bad signature */
1249 5979 : else if (sigstatus[n_sigs] < 0x10000000)
1250 : ; /* bad flag */
1251 : else
1252 : {
1253 5979 : sig->flags.valid = 1;
1254 : /* Fixme: Shall we set the expired flag here? */
1255 : }
1256 : }
1257 : }
1258 :
1259 14793 : node = new_kbnode (pkt);
1260 :
1261 14793 : switch (pkt->pkttype)
1262 : {
1263 : case PKT_PUBLIC_KEY:
1264 : case PKT_PUBLIC_SUBKEY:
1265 : case PKT_SECRET_KEY:
1266 : case PKT_SECRET_SUBKEY:
1267 5194 : if (++pk_count == pk_no)
1268 2304 : node->flag |= 1;
1269 5194 : break;
1270 :
1271 : case PKT_USER_ID:
1272 3309 : if (++uid_count == uid_no)
1273 138 : node->flag |= 2;
1274 3309 : break;
1275 :
1276 : default:
1277 6290 : break;
1278 : }
1279 :
1280 14793 : if (!keyblock)
1281 2527 : keyblock = node;
1282 : else
1283 12266 : *tail = node;
1284 14793 : tail = &node->next;
1285 14793 : pkt = xtrymalloc (sizeof *pkt);
1286 14793 : if (!pkt)
1287 : {
1288 0 : err = gpg_error_from_syserror ();
1289 0 : break;
1290 : }
1291 14793 : init_packet (pkt);
1292 : }
1293 2527 : set_packet_list_mode (save_mode);
1294 :
1295 2527 : if (err == -1 && keyblock)
1296 2527 : err = 0; /* Got the entire keyblock. */
1297 :
1298 2527 : if (!err && sigstatus && n_sigs != sigstatus[0])
1299 : {
1300 0 : log_error ("parse_keyblock_image: signature count does not match\n");
1301 0 : err = gpg_error (GPG_ERR_INV_KEYRING);
1302 : }
1303 :
1304 2527 : if (err)
1305 0 : release_kbnode (keyblock);
1306 : else
1307 2527 : *r_keyblock = keyblock;
1308 2527 : free_packet (pkt);
1309 2527 : xfree (pkt);
1310 2527 : return err;
1311 : }
1312 :
1313 :
1314 : /* Return the keyblock last found by keydb_search() in *RET_KB.
1315 : *
1316 : * On success, the function returns 0 and the caller must free *RET_KB
1317 : * using release_kbnode(). Otherwise, the function returns an error
1318 : * code.
1319 : *
1320 : * The returned keyblock has the kbnode flag bit 0 set for the node
1321 : * with the public key used to locate the keyblock or flag bit 1 set
1322 : * for the user ID node. */
1323 : gpg_error_t
1324 2577 : keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
1325 : {
1326 2577 : gpg_error_t err = 0;
1327 :
1328 2577 : *ret_kb = NULL;
1329 :
1330 2577 : if (!hd)
1331 0 : return gpg_error (GPG_ERR_INV_ARG);
1332 :
1333 2577 : if (DBG_CLOCK)
1334 0 : log_clock ("keydb_get_keybock enter");
1335 :
1336 2577 : if (hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED)
1337 : {
1338 0 : err = iobuf_seek (hd->keyblock_cache.iobuf, 0);
1339 0 : if (err)
1340 : {
1341 0 : log_error ("keydb_get_keyblock: failed to rewind iobuf for cache\n");
1342 0 : keyblock_cache_clear (hd);
1343 : }
1344 : else
1345 : {
1346 0 : err = parse_keyblock_image (hd->keyblock_cache.iobuf,
1347 : hd->keyblock_cache.pk_no,
1348 : hd->keyblock_cache.uid_no,
1349 0 : hd->keyblock_cache.sigstatus,
1350 : ret_kb);
1351 0 : if (err)
1352 0 : keyblock_cache_clear (hd);
1353 0 : if (DBG_CLOCK)
1354 0 : log_clock (err? "keydb_get_keyblock leave (cached, failed)"
1355 : : "keydb_get_keyblock leave (cached)");
1356 0 : return err;
1357 : }
1358 : }
1359 :
1360 2577 : if (hd->found < 0 || hd->found >= hd->used)
1361 0 : return gpg_error (GPG_ERR_VALUE_NOT_FOUND);
1362 :
1363 2577 : switch (hd->active[hd->found].type)
1364 : {
1365 : case KEYDB_RESOURCE_TYPE_NONE:
1366 0 : err = gpg_error (GPG_ERR_GENERAL); /* oops */
1367 0 : break;
1368 : case KEYDB_RESOURCE_TYPE_KEYRING:
1369 50 : err = keyring_get_keyblock (hd->active[hd->found].u.kr, ret_kb);
1370 50 : break;
1371 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1372 : {
1373 : iobuf_t iobuf;
1374 : u32 *sigstatus;
1375 : int pk_no, uid_no;
1376 :
1377 2527 : err = keybox_get_keyblock (hd->active[hd->found].u.kb,
1378 : &iobuf, &pk_no, &uid_no, &sigstatus);
1379 2527 : if (!err)
1380 : {
1381 2527 : err = parse_keyblock_image (iobuf, pk_no, uid_no, sigstatus,
1382 : ret_kb);
1383 2527 : if (!err && hd->keyblock_cache.state == KEYBLOCK_CACHE_PREPARED)
1384 : {
1385 105 : hd->keyblock_cache.state = KEYBLOCK_CACHE_FILLED;
1386 105 : hd->keyblock_cache.sigstatus = sigstatus;
1387 105 : hd->keyblock_cache.iobuf = iobuf;
1388 105 : hd->keyblock_cache.pk_no = pk_no;
1389 105 : hd->keyblock_cache.uid_no = uid_no;
1390 : }
1391 : else
1392 : {
1393 2422 : xfree (sigstatus);
1394 2422 : iobuf_close (iobuf);
1395 : }
1396 : }
1397 : }
1398 2527 : break;
1399 : }
1400 :
1401 2577 : if (hd->keyblock_cache.state != KEYBLOCK_CACHE_FILLED)
1402 2472 : keyblock_cache_clear (hd);
1403 :
1404 2577 : if (DBG_CLOCK)
1405 0 : log_clock (err? "keydb_get_keyblock leave (failed)"
1406 : : "keydb_get_keyblock leave");
1407 2577 : return err;
1408 : }
1409 :
1410 :
1411 : /* Build a keyblock image from KEYBLOCK. Returns 0 on success and
1412 : only then stores a new iobuf object at R_IOBUF and a signature
1413 : status vecotor at R_SIGSTATUS. */
1414 : static gpg_error_t
1415 66 : build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf, u32 **r_sigstatus)
1416 : {
1417 : gpg_error_t err;
1418 : iobuf_t iobuf;
1419 : kbnode_t kbctx, node;
1420 : u32 n_sigs;
1421 : u32 *sigstatus;
1422 :
1423 66 : *r_iobuf = NULL;
1424 66 : if (r_sigstatus)
1425 64 : *r_sigstatus = NULL;
1426 :
1427 : /* Allocate a vector for the signature cache. This is an array of
1428 : u32 values with the first value giving the number of elements to
1429 : follow and each element descriping the cache status of the
1430 : signature. */
1431 66 : if (r_sigstatus)
1432 : {
1433 600 : for (kbctx=NULL, n_sigs=0; (node = walk_kbnode (keyblock, &kbctx, 0));)
1434 472 : if (node->pkt->pkttype == PKT_SIGNATURE)
1435 275 : n_sigs++;
1436 64 : sigstatus = xtrycalloc (1+n_sigs, sizeof *sigstatus);
1437 64 : if (!sigstatus)
1438 0 : return gpg_error_from_syserror ();
1439 : }
1440 : else
1441 2 : sigstatus = NULL;
1442 :
1443 66 : iobuf = iobuf_temp ();
1444 618 : for (kbctx = NULL, n_sigs = 0; (node = walk_kbnode (keyblock, &kbctx, 0));)
1445 : {
1446 : /* Make sure to use only packets valid on a keyblock. */
1447 486 : switch (node->pkt->pkttype)
1448 : {
1449 : case PKT_PUBLIC_KEY:
1450 : case PKT_PUBLIC_SUBKEY:
1451 : case PKT_SIGNATURE:
1452 : case PKT_USER_ID:
1453 : case PKT_ATTRIBUTE:
1454 : /* Note that we don't want the ring trust packets. They are
1455 : not useful. */
1456 486 : break;
1457 : default:
1458 0 : continue;
1459 : }
1460 :
1461 486 : err = build_packet (iobuf, node->pkt);
1462 486 : if (err)
1463 : {
1464 0 : iobuf_close (iobuf);
1465 0 : return err;
1466 : }
1467 :
1468 : /* Build signature status vector. */
1469 486 : if (node->pkt->pkttype == PKT_SIGNATURE)
1470 : {
1471 282 : PKT_signature *sig = node->pkt->pkt.signature;
1472 :
1473 282 : n_sigs++;
1474 : /* Fixme: Detect the "missing key" status. */
1475 282 : if (sig->flags.checked && sigstatus)
1476 : {
1477 136 : if (sig->flags.valid)
1478 : {
1479 136 : if (!sig->expiredate)
1480 136 : sigstatus[n_sigs] = 0xffffffff;
1481 0 : else if (sig->expiredate < 0x1000000)
1482 0 : sigstatus[n_sigs] = 0x10000000;
1483 : else
1484 0 : sigstatus[n_sigs] = sig->expiredate;
1485 : }
1486 : else
1487 0 : sigstatus[n_sigs] = 0x00000002; /* Bad signature. */
1488 : }
1489 : }
1490 : }
1491 66 : if (sigstatus)
1492 64 : sigstatus[0] = n_sigs;
1493 :
1494 66 : *r_iobuf = iobuf;
1495 66 : if (r_sigstatus)
1496 64 : *r_sigstatus = sigstatus;
1497 66 : return 0;
1498 : }
1499 :
1500 :
1501 : /* Update the keyblock KB (i.e., extract the fingerprint and find the
1502 : * corresponding keyblock in the keyring).
1503 : *
1504 : * This doesn't do anything if --dry-run was specified.
1505 : *
1506 : * Returns 0 on success. Otherwise, it returns an error code. Note:
1507 : * if there isn't a keyblock in the keyring corresponding to KB, then
1508 : * this function returns GPG_ERR_VALUE_NOT_FOUND.
1509 : *
1510 : * This function selects the matching record and modifies the current
1511 : * file position to point to the record just after the selected entry.
1512 : * Thus, if you do a subsequent search using HD, you should first do a
1513 : * keydb_search_reset. Further, if the selected record is important,
1514 : * you should use keydb_push_found_state and keydb_pop_found_state to
1515 : * save and restore it. */
1516 : gpg_error_t
1517 2 : keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
1518 : {
1519 : gpg_error_t err;
1520 : PKT_public_key *pk;
1521 : KEYDB_SEARCH_DESC desc;
1522 : size_t len;
1523 :
1524 2 : log_assert (kb);
1525 2 : log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
1526 2 : pk = kb->pkt->pkt.public_key;
1527 :
1528 2 : if (!hd)
1529 0 : return gpg_error (GPG_ERR_INV_ARG);
1530 :
1531 2 : kid_not_found_flush ();
1532 2 : keyblock_cache_clear (hd);
1533 :
1534 2 : if (opt.dry_run)
1535 0 : return 0;
1536 :
1537 2 : err = lock_all (hd);
1538 2 : if (err)
1539 0 : return err;
1540 :
1541 2 : memset (&desc, 0, sizeof (desc));
1542 2 : fingerprint_from_pk (pk, desc.u.fpr, &len);
1543 2 : if (len == 20)
1544 2 : desc.mode = KEYDB_SEARCH_MODE_FPR20;
1545 : else
1546 0 : log_bug ("%s: Unsupported key length: %zu\n", __func__, len);
1547 :
1548 2 : keydb_search_reset (hd);
1549 2 : err = keydb_search (hd, &desc, 1, NULL);
1550 2 : if (err)
1551 0 : return gpg_error (GPG_ERR_VALUE_NOT_FOUND);
1552 2 : log_assert (hd->found >= 0 && hd->found < hd->used);
1553 :
1554 2 : switch (hd->active[hd->found].type)
1555 : {
1556 : case KEYDB_RESOURCE_TYPE_NONE:
1557 0 : err = gpg_error (GPG_ERR_GENERAL); /* oops */
1558 0 : break;
1559 : case KEYDB_RESOURCE_TYPE_KEYRING:
1560 0 : err = keyring_update_keyblock (hd->active[hd->found].u.kr, kb);
1561 0 : break;
1562 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1563 : {
1564 : iobuf_t iobuf;
1565 :
1566 2 : err = build_keyblock_image (kb, &iobuf, NULL);
1567 2 : if (!err)
1568 : {
1569 4 : err = keybox_update_keyblock (hd->active[hd->found].u.kb,
1570 2 : iobuf_get_temp_buffer (iobuf),
1571 2 : iobuf_get_temp_length (iobuf));
1572 2 : iobuf_close (iobuf);
1573 : }
1574 : }
1575 2 : break;
1576 : }
1577 :
1578 2 : unlock_all (hd);
1579 2 : return err;
1580 : }
1581 :
1582 :
1583 : /* Insert a keyblock into one of the underlying keyrings or keyboxes.
1584 : *
1585 : * Be default, the keyring / keybox from which the last search result
1586 : * came is used. If there was no previous search result (or
1587 : * keydb_search_reset was called), then the keyring / keybox where the
1588 : * next search would start is used (i.e., the current file position).
1589 : *
1590 : * Note: this doesn't do anything if --dry-run was specified.
1591 : *
1592 : * Returns 0 on success. Otherwise, it returns an error code. */
1593 : gpg_error_t
1594 65 : keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
1595 : {
1596 : gpg_error_t err;
1597 : int idx;
1598 :
1599 65 : if (!hd)
1600 0 : return gpg_error (GPG_ERR_INV_ARG);
1601 :
1602 65 : kid_not_found_flush ();
1603 65 : keyblock_cache_clear (hd);
1604 :
1605 65 : if (opt.dry_run)
1606 0 : return 0;
1607 :
1608 65 : if (hd->found >= 0 && hd->found < hd->used)
1609 0 : idx = hd->found;
1610 65 : else if (hd->current >= 0 && hd->current < hd->used)
1611 65 : idx = hd->current;
1612 : else
1613 0 : return gpg_error (GPG_ERR_GENERAL);
1614 :
1615 65 : err = lock_all (hd);
1616 65 : if (err)
1617 0 : return err;
1618 :
1619 65 : switch (hd->active[idx].type)
1620 : {
1621 : case KEYDB_RESOURCE_TYPE_NONE:
1622 0 : err = gpg_error (GPG_ERR_GENERAL); /* oops */
1623 0 : break;
1624 : case KEYDB_RESOURCE_TYPE_KEYRING:
1625 1 : err = keyring_insert_keyblock (hd->active[idx].u.kr, kb);
1626 1 : break;
1627 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1628 : { /* We need to turn our kbnode_t list of packets into a proper
1629 : keyblock first. This is required by the OpenPGP key parser
1630 : included in the keybox code. Eventually we can change this
1631 : kludge to have the caller pass the image. */
1632 : iobuf_t iobuf;
1633 : u32 *sigstatus;
1634 :
1635 64 : err = build_keyblock_image (kb, &iobuf, &sigstatus);
1636 64 : if (!err)
1637 : {
1638 192 : err = keybox_insert_keyblock (hd->active[idx].u.kb,
1639 64 : iobuf_get_temp_buffer (iobuf),
1640 64 : iobuf_get_temp_length (iobuf),
1641 : sigstatus);
1642 64 : xfree (sigstatus);
1643 64 : iobuf_close (iobuf);
1644 : }
1645 : }
1646 64 : break;
1647 : }
1648 :
1649 65 : unlock_all (hd);
1650 65 : return err;
1651 : }
1652 :
1653 :
1654 : /* Delete the currently selected keyblock. If you haven't done a
1655 : * search yet on this database handle (or called keydb_search_reset),
1656 : * then this will return an error.
1657 : *
1658 : * Returns 0 on success or an error code, if an error occurs. */
1659 : gpg_error_t
1660 3 : keydb_delete_keyblock (KEYDB_HANDLE hd)
1661 : {
1662 : gpg_error_t rc;
1663 :
1664 3 : if (!hd)
1665 0 : return gpg_error (GPG_ERR_INV_ARG);
1666 :
1667 3 : kid_not_found_flush ();
1668 3 : keyblock_cache_clear (hd);
1669 :
1670 3 : if (hd->found < 0 || hd->found >= hd->used)
1671 0 : return gpg_error (GPG_ERR_VALUE_NOT_FOUND);
1672 :
1673 3 : if (opt.dry_run)
1674 0 : return 0;
1675 :
1676 3 : rc = lock_all (hd);
1677 3 : if (rc)
1678 0 : return rc;
1679 :
1680 3 : switch (hd->active[hd->found].type)
1681 : {
1682 : case KEYDB_RESOURCE_TYPE_NONE:
1683 0 : rc = gpg_error (GPG_ERR_GENERAL);
1684 0 : break;
1685 : case KEYDB_RESOURCE_TYPE_KEYRING:
1686 0 : rc = keyring_delete_keyblock (hd->active[hd->found].u.kr);
1687 0 : break;
1688 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1689 3 : rc = keybox_delete (hd->active[hd->found].u.kb);
1690 3 : break;
1691 : }
1692 :
1693 3 : unlock_all (hd);
1694 3 : return rc;
1695 : }
1696 :
1697 :
1698 :
1699 : /* A database may consists of multiple keyrings / key boxes. This
1700 : * sets the "file position" to the start of the first keyring / key
1701 : * box that is writable (i.e., doesn't have the read-only flag set).
1702 : *
1703 : * This first tries the primary keyring (the last keyring (not
1704 : * keybox!) added using keydb_add_resource() and with
1705 : * KEYDB_RESOURCE_FLAG_PRIMARY set). If that is not writable, then it
1706 : * tries the keyrings / keyboxes in the order in which they were
1707 : * added. */
1708 : gpg_error_t
1709 65 : keydb_locate_writable (KEYDB_HANDLE hd)
1710 : {
1711 : gpg_error_t rc;
1712 :
1713 65 : if (!hd)
1714 0 : return GPG_ERR_INV_ARG;
1715 :
1716 65 : rc = keydb_search_reset (hd); /* this does reset hd->current */
1717 65 : if (rc)
1718 0 : return rc;
1719 :
1720 : /* If we have a primary set, try that one first */
1721 65 : if (primary_keydb)
1722 : {
1723 0 : for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
1724 : {
1725 0 : if(hd->active[hd->current].token == primary_keydb)
1726 : {
1727 0 : if(keyring_is_writable (hd->active[hd->current].token))
1728 0 : return 0;
1729 : else
1730 0 : break;
1731 : }
1732 : }
1733 :
1734 0 : rc = keydb_search_reset (hd); /* this does reset hd->current */
1735 0 : if (rc)
1736 0 : return rc;
1737 : }
1738 :
1739 65 : for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
1740 : {
1741 65 : switch (hd->active[hd->current].type)
1742 : {
1743 : case KEYDB_RESOURCE_TYPE_NONE:
1744 0 : BUG();
1745 : break;
1746 : case KEYDB_RESOURCE_TYPE_KEYRING:
1747 1 : if (keyring_is_writable (hd->active[hd->current].token))
1748 1 : return 0; /* found (hd->current is set to it) */
1749 0 : break;
1750 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1751 64 : if (keybox_is_writable (hd->active[hd->current].token))
1752 64 : return 0; /* found (hd->current is set to it) */
1753 0 : break;
1754 : }
1755 : }
1756 :
1757 0 : return gpg_error (GPG_ERR_NOT_FOUND);
1758 : }
1759 :
1760 :
1761 : /* Rebuild the on-disk caches of all key resources. */
1762 : void
1763 1 : keydb_rebuild_caches (int noisy)
1764 : {
1765 : int i, rc;
1766 :
1767 2 : for (i=0; i < used_resources; i++)
1768 : {
1769 1 : if (!keyring_is_writable (all_resources[i].token))
1770 0 : continue;
1771 1 : switch (all_resources[i].type)
1772 : {
1773 : case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
1774 0 : break;
1775 : case KEYDB_RESOURCE_TYPE_KEYRING:
1776 1 : rc = keyring_rebuild_cache (all_resources[i].token,noisy);
1777 1 : if (rc)
1778 0 : log_error (_("failed to rebuild keyring cache: %s\n"),
1779 : gpg_strerror (rc));
1780 1 : break;
1781 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1782 : /* N/A. */
1783 0 : break;
1784 : }
1785 : }
1786 1 : }
1787 :
1788 :
1789 : /* Return the number of skipped blocks (because they were to large to
1790 : read from a keybox) since the last search reset. */
1791 : unsigned long
1792 3 : keydb_get_skipped_counter (KEYDB_HANDLE hd)
1793 : {
1794 3 : return hd ? hd->skipped_long_blobs : 0;
1795 : }
1796 :
1797 :
1798 : /* Clears the current search result and resets the handle's position
1799 : * so that the next search starts at the beginning of the database
1800 : * (the start of the first resource).
1801 : *
1802 : * Returns 0 on success and an error code if an error occurred.
1803 : * (Currently, this function always returns 0 if HD is valid.) */
1804 : gpg_error_t
1805 80 : keydb_search_reset (KEYDB_HANDLE hd)
1806 : {
1807 80 : gpg_error_t rc = 0;
1808 : int i;
1809 :
1810 80 : if (!hd)
1811 0 : return gpg_error (GPG_ERR_INV_ARG);
1812 :
1813 80 : keyblock_cache_clear (hd);
1814 :
1815 80 : if (DBG_CLOCK)
1816 0 : log_clock ("keydb_search_reset");
1817 :
1818 80 : if (DBG_CACHE)
1819 0 : log_debug ("keydb_search: reset (hd=%p)", hd);
1820 :
1821 80 : hd->skipped_long_blobs = 0;
1822 80 : hd->current = 0;
1823 80 : hd->found = -1;
1824 : /* Now reset all resources. */
1825 160 : for (i=0; !rc && i < hd->used; i++)
1826 : {
1827 80 : switch (hd->active[i].type)
1828 : {
1829 : case KEYDB_RESOURCE_TYPE_NONE:
1830 0 : break;
1831 : case KEYDB_RESOURCE_TYPE_KEYRING:
1832 4 : rc = keyring_search_reset (hd->active[i].u.kr);
1833 4 : break;
1834 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1835 76 : rc = keybox_search_reset (hd->active[i].u.kb);
1836 76 : break;
1837 : }
1838 : }
1839 80 : hd->is_reset = 1;
1840 80 : return rc;
1841 : }
1842 :
1843 :
1844 : /* Search the database for keys matching the search description. If
1845 : * the DB contains any legacy keys, these are silently ignored.
1846 : *
1847 : * DESC is an array of search terms with NDESC entries. The search
1848 : * terms are or'd together. That is, the next entry in the DB that
1849 : * matches any of the descriptions will be returned.
1850 : *
1851 : * Note: this function resumes searching where the last search left
1852 : * off (i.e., at the current file position). If you want to search
1853 : * from the start of the database, then you need to first call
1854 : * keydb_search_reset().
1855 : *
1856 : * If no key matches the search description, returns
1857 : * GPG_ERR_NOT_FOUND. If there was a match, returns 0. If an error
1858 : * occurred, returns an error code.
1859 : *
1860 : * The returned key is considered to be selected and the raw data can,
1861 : * for instance, be returned by calling keydb_get_keyblock(). */
1862 : gpg_error_t
1863 2779 : keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
1864 : size_t ndesc, size_t *descindex)
1865 : {
1866 : int i;
1867 : gpg_error_t rc;
1868 2779 : int was_reset = hd->is_reset;
1869 : /* If an entry is already in the cache, then don't add it again. */
1870 2779 : int already_in_cache = 0;
1871 :
1872 2779 : if (descindex)
1873 14 : *descindex = 0; /* Make sure it is always set on return. */
1874 :
1875 2779 : if (!hd)
1876 0 : return gpg_error (GPG_ERR_INV_ARG);
1877 :
1878 2779 : if (DBG_CLOCK)
1879 0 : log_clock ("keydb_search enter");
1880 :
1881 2779 : if (DBG_LOOKUP)
1882 : {
1883 0 : log_debug ("%s: %zd search descriptions:\n", __func__, ndesc);
1884 0 : for (i = 0; i < ndesc; i ++)
1885 : {
1886 0 : char *t = keydb_search_desc_dump (&desc[i]);
1887 0 : log_debug ("%s %d: %s\n", __func__, i, t);
1888 0 : xfree (t);
1889 : }
1890 : }
1891 :
1892 :
1893 2779 : if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID
1894 2013 : && (already_in_cache = kid_not_found_p (desc[0].u.kid)) == 1 )
1895 : {
1896 3 : if (DBG_CLOCK)
1897 0 : log_clock ("keydb_search leave (not found, cached)");
1898 3 : return gpg_error (GPG_ERR_NOT_FOUND);
1899 : }
1900 :
1901 : /* NB: If one of the exact search modes below is used in a loop to
1902 : walk over all keys (with the same fingerprint) the caching must
1903 : have been disabled for the handle. */
1904 2776 : if (!hd->no_caching
1905 2661 : && ndesc == 1
1906 2659 : && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
1907 2582 : || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
1908 180 : && hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED
1909 0 : && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)
1910 : /* Make sure the current file position occurs before the cached
1911 : result to avoid an infinite loop. */
1912 0 : && (hd->current < hd->keyblock_cache.resource
1913 0 : || (hd->current == hd->keyblock_cache.resource
1914 0 : && (keybox_offset (hd->active[hd->current].u.kb)
1915 0 : <= hd->keyblock_cache.offset))))
1916 : {
1917 : /* (DESCINDEX is already set). */
1918 0 : if (DBG_CLOCK)
1919 0 : log_clock ("keydb_search leave (cached)");
1920 :
1921 0 : hd->current = hd->keyblock_cache.resource;
1922 : /* HD->KEYBLOCK_CACHE.OFFSET is the last byte in the record.
1923 : Seek just beyond that. */
1924 0 : keybox_seek (hd->active[hd->current].u.kb,
1925 0 : hd->keyblock_cache.offset + 1);
1926 0 : return 0;
1927 : }
1928 :
1929 2776 : rc = -1;
1930 8328 : while ((rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
1931 2973 : && hd->current >= 0 && hd->current < hd->used)
1932 : {
1933 2776 : if (DBG_LOOKUP)
1934 0 : log_debug ("%s: searching %s (resource %d of %d)\n",
1935 : __func__,
1936 0 : hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYRING
1937 : ? "keyring"
1938 0 : : (hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX
1939 0 : ? "keybox" : "unknown type"),
1940 : hd->current, hd->used);
1941 :
1942 2776 : switch (hd->active[hd->current].type)
1943 : {
1944 : case KEYDB_RESOURCE_TYPE_NONE:
1945 0 : BUG(); /* we should never see it here */
1946 : break;
1947 : case KEYDB_RESOURCE_TYPE_KEYRING:
1948 66 : rc = keyring_search (hd->active[hd->current].u.kr, desc,
1949 : ndesc, descindex, 1);
1950 66 : break;
1951 : case KEYDB_RESOURCE_TYPE_KEYBOX:
1952 : do
1953 2710 : rc = keybox_search (hd->active[hd->current].u.kb, desc,
1954 : ndesc, KEYBOX_BLOBTYPE_PGP,
1955 : descindex, &hd->skipped_long_blobs);
1956 2710 : while (rc == GPG_ERR_LEGACY_KEY);
1957 2710 : break;
1958 : }
1959 :
1960 2776 : if (DBG_LOOKUP)
1961 0 : log_debug ("%s: searched %s (resource %d of %d) => %s\n",
1962 : __func__,
1963 0 : hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYRING
1964 : ? "keyring"
1965 0 : : (hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX
1966 0 : ? "keybox" : "unknown type"),
1967 : hd->current, hd->used,
1968 : rc == -1 ? "EOF" : gpg_strerror (rc));
1969 :
1970 2776 : if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
1971 : {
1972 : /* EOF -> switch to next resource */
1973 197 : hd->current++;
1974 : }
1975 2579 : else if (!rc)
1976 2579 : hd->found = hd->current;
1977 : }
1978 2776 : hd->is_reset = 0;
1979 :
1980 5355 : rc = ((rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
1981 : ? gpg_error (GPG_ERR_NOT_FOUND)
1982 2973 : : rc);
1983 :
1984 2776 : keyblock_cache_clear (hd);
1985 2776 : if (!hd->no_caching
1986 2661 : && !rc
1987 2529 : && ndesc == 1 && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
1988 2451 : || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
1989 116 : && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX)
1990 : {
1991 105 : hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED;
1992 105 : hd->keyblock_cache.resource = hd->current;
1993 : /* The current offset is at the start of the next record. Since
1994 : a record is at least 1 byte, we just use offset - 1, which is
1995 : within the record. */
1996 : hd->keyblock_cache.offset
1997 105 : = keybox_offset (hd->active[hd->current].u.kb) - 1;
1998 105 : memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20);
1999 : }
2000 :
2001 2776 : if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND
2002 197 : && ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID && was_reset
2003 7 : && !already_in_cache)
2004 7 : kid_not_found_insert (desc[0].u.kid);
2005 :
2006 2776 : if (DBG_CLOCK)
2007 0 : log_clock (rc? "keydb_search leave (not found)"
2008 : : "keydb_search leave (found)");
2009 2776 : return rc;
2010 : }
2011 :
2012 :
2013 : /* Return the first non-legacy key in the database.
2014 : *
2015 : * If you want the very first key in the database, you can directly
2016 : * call keydb_search with the search description
2017 : * KEYDB_SEARCH_MODE_FIRST. */
2018 : gpg_error_t
2019 3 : keydb_search_first (KEYDB_HANDLE hd)
2020 : {
2021 : gpg_error_t err;
2022 : KEYDB_SEARCH_DESC desc;
2023 :
2024 3 : err = keydb_search_reset (hd);
2025 3 : if (err)
2026 0 : return err;
2027 :
2028 3 : memset (&desc, 0, sizeof desc);
2029 3 : desc.mode = KEYDB_SEARCH_MODE_FIRST;
2030 3 : return keydb_search (hd, &desc, 1, NULL);
2031 : }
2032 :
2033 :
2034 : /* Return the next key (not the next matching key!).
2035 : *
2036 : * Unlike calling keydb_search with KEYDB_SEARCH_MODE_NEXT, this
2037 : * function silently skips legacy keys. */
2038 : gpg_error_t
2039 9 : keydb_search_next (KEYDB_HANDLE hd)
2040 : {
2041 : KEYDB_SEARCH_DESC desc;
2042 :
2043 9 : memset (&desc, 0, sizeof desc);
2044 9 : desc.mode = KEYDB_SEARCH_MODE_NEXT;
2045 9 : return keydb_search (hd, &desc, 1, NULL);
2046 : }
2047 :
2048 :
2049 : /* This is a convenience function for searching for keys with a long
2050 : * key id.
2051 : *
2052 : * Note: this function resumes searching where the last search left
2053 : * off. If you want to search the whole database, then you need to
2054 : * first call keydb_search_reset(). */
2055 : gpg_error_t
2056 3 : keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
2057 : {
2058 : KEYDB_SEARCH_DESC desc;
2059 :
2060 3 : memset (&desc, 0, sizeof desc);
2061 3 : desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
2062 3 : desc.u.kid[0] = kid[0];
2063 3 : desc.u.kid[1] = kid[1];
2064 3 : return keydb_search (hd, &desc, 1, NULL);
2065 : }
2066 :
2067 :
2068 : /* This is a convenience function for searching for keys with a long
2069 : * (20 byte) fingerprint.
2070 : *
2071 : * Note: this function resumes searching where the last search left
2072 : * off. If you want to search the whole database, then you need to
2073 : * first call keydb_search_reset(). */
2074 : gpg_error_t
2075 143 : keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
2076 : {
2077 : KEYDB_SEARCH_DESC desc;
2078 :
2079 143 : memset (&desc, 0, sizeof desc);
2080 143 : desc.mode = KEYDB_SEARCH_MODE_FPR;
2081 143 : memcpy (desc.u.fpr, fpr, MAX_FINGERPRINT_LEN);
2082 143 : return keydb_search (hd, &desc, 1, NULL);
2083 : }
|