Line data Source code
1 : /* keyserver.c - generic keyserver code
2 : * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3 : * 2009, 2011, 2012 Free Software Foundation, Inc.
4 : * Copyright (C) 2014 Werner Koch
5 : *
6 : * This file is part of GnuPG.
7 : *
8 : * GnuPG is free software; you can redistribute it and/or modify
9 : * it under the terms of the GNU General Public License as published by
10 : * the Free Software Foundation; either version 3 of the License, or
11 : * (at your option) any later version.
12 : *
13 : * GnuPG is distributed in the hope that it will be useful,
14 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : * GNU General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU General Public License
19 : * along with this program; if not, see <https://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include <config.h>
23 : #include <ctype.h>
24 : #include <stdio.h>
25 : #include <string.h>
26 : #include <stdlib.h>
27 : #include <errno.h>
28 :
29 : #include "gpg.h"
30 : #include "iobuf.h"
31 : #include "filter.h"
32 : #include "keydb.h"
33 : #include "status.h"
34 : #include "exec.h"
35 : #include "main.h"
36 : #include "i18n.h"
37 : #include "ttyio.h"
38 : #include "options.h"
39 : #include "packet.h"
40 : #include "trustdb.h"
41 : #include "keyserver-internal.h"
42 : #include "util.h"
43 : #include "membuf.h"
44 : #include "mbox-util.h"
45 : #include "call-dirmngr.h"
46 :
47 : #ifdef HAVE_W32_SYSTEM
48 : /* It seems Vista doesn't grok X_OK and so fails access() tests.
49 : Previous versions interpreted X_OK as F_OK anyway, so we'll just
50 : use F_OK directly. */
51 : #undef X_OK
52 : #define X_OK F_OK
53 : #endif /* HAVE_W32_SYSTEM */
54 :
55 : struct keyrec
56 : {
57 : KEYDB_SEARCH_DESC desc;
58 : u32 createtime,expiretime;
59 : int size,flags;
60 : byte type;
61 : IOBUF uidbuf;
62 : unsigned int lines;
63 : };
64 :
65 : /* Parameters for the search line handler. */
66 : struct search_line_handler_parm_s
67 : {
68 : ctrl_t ctrl; /* The session control structure. */
69 : char *searchstr_disp; /* Native encoded search string or NULL. */
70 : KEYDB_SEARCH_DESC *desc; /* Array with search descriptions. */
71 : int count; /* Number of keys we are currently prepared to
72 : handle. This is the size of the DESC array. If
73 : it is too small, it will grow safely. */
74 : int validcount; /* Enable the "Key x-y of z" messages. */
75 : int nkeys; /* Number of processed records. */
76 : int any_lines; /* At least one line has been processed. */
77 : unsigned int numlines; /* Counter for displayed lines. */
78 : int eof_seen; /* EOF encountered. */
79 : int not_found; /* Set if no keys have been found. */
80 : };
81 :
82 :
83 : enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
84 :
85 : static struct parse_options keyserver_opts[]=
86 : {
87 : /* some of these options are not real - just for the help
88 : message */
89 : {"max-cert-size",0,NULL,NULL}, /* MUST be the first in this array! */
90 : {"http-proxy", KEYSERVER_HTTP_PROXY, NULL, /* MUST be the second! */
91 : N_("override proxy options set for dirmngr")},
92 :
93 : {"include-revoked",0,NULL,N_("include revoked keys in search results")},
94 : {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
95 : {"timeout", KEYSERVER_TIMEOUT, NULL,
96 : N_("override timeout options set for dirmngr")},
97 : {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
98 : NULL},
99 : {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
100 : N_("automatically retrieve keys when verifying signatures")},
101 : {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
102 : N_("honor the preferred keyserver URL set on the key")},
103 : {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
104 : N_("honor the PKA record set on a key when retrieving keys")},
105 : {NULL,0,NULL,NULL}
106 : };
107 :
108 : static gpg_error_t keyserver_get (ctrl_t ctrl,
109 : KEYDB_SEARCH_DESC *desc, int ndesc,
110 : struct keyserver_spec *override_keyserver,
111 : int quick,
112 : unsigned char **r_fpr, size_t *r_fprlen);
113 : static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
114 :
115 :
116 : /* Reasonable guess. The commonly used test key simon.josefsson.org
117 : is larger than 32k, thus we need at least this value. */
118 : #define DEFAULT_MAX_CERT_SIZE 65536
119 :
120 : static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
121 :
122 :
123 : static void
124 0 : warn_kshelper_option(char *option, int noisy)
125 : {
126 : char *p;
127 :
128 0 : if ((p=strchr (option, '=')))
129 0 : *p = 0;
130 :
131 0 : if (!strcmp (option, "ca-cert-file"))
132 0 : log_info ("keyserver option '%s' is obsolete; please use "
133 : "'%s' in dirmngr.conf\n",
134 : "ca-cert-file", "hkp-cacert");
135 0 : else if (!strcmp (option, "check-cert")
136 0 : || !strcmp (option, "broken-http-proxy"))
137 0 : log_info ("keyserver option '%s' is obsolete\n", option);
138 0 : else if (noisy || opt.verbose)
139 0 : log_info ("keyserver option '%s' is unknown\n", option);
140 0 : }
141 :
142 :
143 : /* Called from main to parse the args for --keyserver-options. */
144 : int
145 3 : parse_keyserver_options(char *options)
146 : {
147 3 : int ret=1;
148 : char *tok;
149 3 : char *max_cert=NULL;
150 :
151 3 : keyserver_opts[0].value=&max_cert;
152 3 : keyserver_opts[1].value=&opt.keyserver_options.http_proxy;
153 :
154 9 : while((tok=optsep(&options)))
155 : {
156 3 : if(tok[0]=='\0')
157 0 : continue;
158 :
159 : /* We accept quite a few possible options here - some options to
160 : handle specially, the keyserver_options list, and import and
161 : export options that pertain to keyserver operations. */
162 :
163 3 : if (!parse_options (tok,&opt.keyserver_options.options, keyserver_opts,0)
164 0 : && !parse_import_options(tok,&opt.keyserver_options.import_options,0)
165 0 : && !parse_export_options(tok,&opt.keyserver_options.export_options,0))
166 : {
167 : /* All of the standard options have failed, so the option was
168 : destined for a keyserver plugin as used by GnuPG < 2.1 */
169 0 : warn_kshelper_option (tok, 1);
170 : }
171 : }
172 :
173 3 : if(max_cert)
174 : {
175 0 : max_cert_size=strtoul(max_cert,(char **)NULL,10);
176 :
177 0 : if(max_cert_size==0)
178 0 : max_cert_size=DEFAULT_MAX_CERT_SIZE;
179 : }
180 :
181 3 : return ret;
182 : }
183 :
184 :
185 : void
186 0 : free_keyserver_spec(struct keyserver_spec *keyserver)
187 : {
188 0 : xfree(keyserver->uri);
189 0 : xfree(keyserver->scheme);
190 0 : xfree(keyserver->auth);
191 0 : xfree(keyserver->host);
192 0 : xfree(keyserver->port);
193 0 : xfree(keyserver->path);
194 0 : xfree(keyserver->opaque);
195 0 : free_strlist(keyserver->options);
196 0 : xfree(keyserver);
197 0 : }
198 :
199 : /* Return 0 for match */
200 : static int
201 0 : cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
202 : {
203 0 : if(ascii_strcasecmp(one->scheme,two->scheme)==0)
204 : {
205 0 : if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
206 : {
207 0 : if((one->port && two->port
208 0 : && ascii_strcasecmp(one->port,two->port)==0)
209 0 : || (!one->port && !two->port))
210 0 : return 0;
211 : }
212 0 : else if(one->opaque && two->opaque
213 0 : && ascii_strcasecmp(one->opaque,two->opaque)==0)
214 0 : return 0;
215 : }
216 :
217 0 : return 1;
218 : }
219 :
220 : /* Try and match one of our keyservers. If we can, return that. If
221 : we can't, return our input. */
222 : struct keyserver_spec *
223 0 : keyserver_match(struct keyserver_spec *spec)
224 : {
225 : struct keyserver_spec *ks;
226 :
227 0 : for(ks=opt.keyserver;ks;ks=ks->next)
228 0 : if(cmp_keyserver_spec(spec,ks)==0)
229 0 : return ks;
230 :
231 0 : return spec;
232 : }
233 :
234 : /* TODO: once we cut over to an all-curl world, we don't need this
235 : parser any longer so it can be removed, or at least moved to
236 : keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
237 :
238 : keyserver_spec_t
239 3 : parse_keyserver_uri (const char *string,int require_scheme)
240 : {
241 3 : int assume_hkp=0;
242 : struct keyserver_spec *keyserver;
243 : const char *idx;
244 : int count;
245 : char *uri, *duped_uri, *options;
246 :
247 3 : log_assert (string);
248 :
249 3 : keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
250 :
251 3 : duped_uri = uri = xstrdup (string);
252 :
253 3 : options=strchr(uri,' ');
254 3 : if(options)
255 : {
256 : char *tok;
257 :
258 0 : *options='\0';
259 0 : options++;
260 :
261 0 : while((tok=optsep(&options)))
262 0 : warn_kshelper_option (tok, 0);
263 : }
264 :
265 : /* Get the scheme */
266 :
267 12 : for(idx=uri,count=0;*idx && *idx!=':';idx++)
268 : {
269 9 : count++;
270 :
271 : /* Do we see the start of an RFC-2732 ipv6 address here? If so,
272 : there clearly isn't a scheme so get out early. */
273 9 : if(*idx=='[')
274 : {
275 : /* Was the '[' the first thing in the string? If not, we
276 : have a mangled scheme with a [ in it so fail. */
277 0 : if(count==1)
278 0 : break;
279 : else
280 0 : goto fail;
281 : }
282 : }
283 :
284 3 : if(count==0)
285 0 : goto fail;
286 :
287 3 : if(*idx=='\0' || *idx=='[')
288 : {
289 0 : if(require_scheme)
290 0 : return NULL;
291 :
292 : /* Assume HKP if there is no scheme */
293 0 : assume_hkp=1;
294 0 : keyserver->scheme=xstrdup("hkp");
295 :
296 0 : keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
297 0 : strcpy(keyserver->uri,keyserver->scheme);
298 0 : strcat(keyserver->uri,"://");
299 0 : strcat(keyserver->uri,uri);
300 : }
301 : else
302 : {
303 : int i;
304 :
305 3 : keyserver->uri=xstrdup(uri);
306 :
307 3 : keyserver->scheme=xmalloc(count+1);
308 :
309 : /* Force to lowercase */
310 12 : for(i=0;i<count;i++)
311 9 : keyserver->scheme[i]=ascii_tolower(uri[i]);
312 :
313 3 : keyserver->scheme[i]='\0';
314 :
315 : /* Skip past the scheme and colon */
316 3 : uri+=count+1;
317 : }
318 :
319 3 : if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
320 : {
321 0 : log_info ("keyserver option '%s' is obsolete\n",
322 : "x-broken-hkp");
323 : }
324 3 : else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
325 : {
326 : /* Canonicalize this to "hkp" so it works with both the internal
327 : and external keyserver interface. */
328 0 : xfree(keyserver->scheme);
329 0 : keyserver->scheme=xstrdup("hkp");
330 : }
331 :
332 3 : if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
333 : {
334 : /* Three slashes means network path with a default host name.
335 : This is a hack because it does not crok all possible
336 : combiantions. We should better repalce all code bythe parser
337 : from http.c. */
338 0 : keyserver->path = xstrdup (uri+2);
339 : }
340 3 : else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
341 : {
342 : /* Two slashes means network path. */
343 :
344 : /* Skip over the "//", if any */
345 3 : if(!assume_hkp)
346 3 : uri+=2;
347 :
348 : /* Do we have userinfo auth data present? */
349 81 : for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
350 78 : count++;
351 :
352 : /* We found a @ before the slash, so that means everything
353 : before the @ is auth data. */
354 3 : if(*idx=='@')
355 : {
356 0 : if(count==0)
357 0 : goto fail;
358 :
359 0 : keyserver->auth=xmalloc(count+1);
360 0 : strncpy(keyserver->auth,uri,count);
361 0 : keyserver->auth[count]='\0';
362 0 : uri+=count+1;
363 : }
364 :
365 : /* Is it an RFC-2732 ipv6 [literal address] ? */
366 3 : if(*uri=='[')
367 : {
368 0 : for(idx=uri+1,count=1;*idx
369 0 : && ((isascii (*idx) && isxdigit(*idx))
370 0 : || *idx==':' || *idx=='.');idx++)
371 0 : count++;
372 :
373 : /* Is the ipv6 literal address terminated? */
374 0 : if(*idx==']')
375 0 : count++;
376 : else
377 0 : goto fail;
378 : }
379 : else
380 81 : for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
381 78 : count++;
382 :
383 3 : if(count==0)
384 0 : goto fail;
385 :
386 3 : keyserver->host=xmalloc(count+1);
387 3 : strncpy(keyserver->host,uri,count);
388 3 : keyserver->host[count]='\0';
389 :
390 : /* Skip past the host */
391 3 : uri+=count;
392 :
393 3 : if(*uri==':')
394 : {
395 : /* It would seem to be reasonable to limit the range of the
396 : ports to values between 1-65535, but RFC 1738 and 1808
397 : imply there is no limit. Of course, the real world has
398 : limits. */
399 :
400 0 : for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
401 : {
402 0 : count++;
403 :
404 : /* Ports are digits only */
405 0 : if(!digitp(idx))
406 : goto fail;
407 : }
408 :
409 0 : keyserver->port=xmalloc(count+1);
410 0 : strncpy(keyserver->port,uri+1,count);
411 0 : keyserver->port[count]='\0';
412 :
413 : /* Skip past the colon and port number */
414 0 : uri+=1+count;
415 : }
416 :
417 : /* Everything else is the path */
418 3 : if(*uri)
419 0 : keyserver->path=xstrdup(uri);
420 : else
421 3 : keyserver->path=xstrdup("/");
422 :
423 6 : if(keyserver->path[1])
424 0 : keyserver->flags.direct_uri=1;
425 : }
426 0 : else if(uri[0]!='/')
427 : {
428 : /* No slash means opaque. Just record the opaque blob and get
429 : out. */
430 0 : keyserver->opaque=xstrdup(uri);
431 : }
432 : else
433 : {
434 : /* One slash means absolute path. We don't need to support that
435 : yet. */
436 0 : goto fail;
437 : }
438 :
439 3 : xfree (duped_uri);
440 3 : return keyserver;
441 :
442 : fail:
443 0 : free_keyserver_spec(keyserver);
444 :
445 0 : xfree (duped_uri);
446 0 : return NULL;
447 : }
448 :
449 : struct keyserver_spec *
450 0 : parse_preferred_keyserver(PKT_signature *sig)
451 : {
452 0 : struct keyserver_spec *spec=NULL;
453 : const byte *p;
454 : size_t plen;
455 :
456 0 : p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
457 0 : if(p && plen)
458 : {
459 0 : byte *dupe=xmalloc(plen+1);
460 :
461 0 : memcpy(dupe,p,plen);
462 0 : dupe[plen]='\0';
463 0 : spec = parse_keyserver_uri (dupe, 1);
464 0 : xfree(dupe);
465 : }
466 :
467 0 : return spec;
468 : }
469 :
470 : static void
471 0 : print_keyrec(int number,struct keyrec *keyrec)
472 : {
473 : int i;
474 :
475 0 : iobuf_writebyte(keyrec->uidbuf,0);
476 0 : iobuf_flush_temp(keyrec->uidbuf);
477 0 : es_printf ("(%d)\t%s ", number, iobuf_get_temp_buffer (keyrec->uidbuf));
478 :
479 0 : if (keyrec->size>0)
480 0 : es_printf ("%d bit ", keyrec->size);
481 :
482 0 : if(keyrec->type)
483 : {
484 : const char *str;
485 :
486 0 : str = openpgp_pk_algo_name (keyrec->type);
487 :
488 0 : if (str && strcmp (str, "?"))
489 0 : es_printf ("%s ",str);
490 : else
491 0 : es_printf ("unknown ");
492 : }
493 :
494 0 : switch(keyrec->desc.mode)
495 : {
496 : /* If the keyserver helper gave us a short keyid, we have no
497 : choice but to use it. Do check --keyid-format to add a 0x if
498 : needed. */
499 : case KEYDB_SEARCH_MODE_SHORT_KID:
500 0 : es_printf ("key %s%08lX",
501 0 : (opt.keyid_format==KF_0xSHORT
502 0 : || opt.keyid_format==KF_0xLONG)?"0x":"",
503 0 : (ulong)keyrec->desc.u.kid[1]);
504 0 : break;
505 :
506 : /* However, if it gave us a long keyid, we can honor
507 : --keyid-format via keystr(). */
508 : case KEYDB_SEARCH_MODE_LONG_KID:
509 0 : es_printf ("key %s",keystr(keyrec->desc.u.kid));
510 0 : break;
511 :
512 : /* If it gave us a PGP 2.x fingerprint, not much we can do
513 : beyond displaying it. */
514 : case KEYDB_SEARCH_MODE_FPR16:
515 0 : es_printf ("key ");
516 0 : for(i=0;i<16;i++)
517 0 : es_printf ("%02X",keyrec->desc.u.fpr[i]);
518 0 : break;
519 :
520 : /* If we get a modern fingerprint, we have the most
521 : flexibility. */
522 : case KEYDB_SEARCH_MODE_FPR20:
523 : {
524 : u32 kid[2];
525 0 : keyid_from_fingerprint(keyrec->desc.u.fpr,20,kid);
526 0 : es_printf("key %s",keystr(kid));
527 : }
528 0 : break;
529 :
530 : default:
531 0 : BUG();
532 : break;
533 : }
534 :
535 0 : if(keyrec->createtime>0)
536 : {
537 0 : es_printf (", ");
538 0 : es_printf (_("created: %s"), strtimestamp(keyrec->createtime));
539 : }
540 :
541 0 : if(keyrec->expiretime>0)
542 : {
543 0 : es_printf (", ");
544 0 : es_printf (_("expires: %s"), strtimestamp(keyrec->expiretime));
545 : }
546 :
547 0 : if (keyrec->flags&1)
548 0 : es_printf (" (%s)", _("revoked"));
549 0 : if(keyrec->flags&2)
550 0 : es_printf (" (%s)", _("disabled"));
551 0 : if(keyrec->flags&4)
552 0 : es_printf (" (%s)", _("expired"));
553 :
554 0 : es_printf ("\n");
555 0 : }
556 :
557 : /* Returns a keyrec (which must be freed) once a key is complete, and
558 : NULL otherwise. Call with a NULL keystring once key parsing is
559 : complete to return any unfinished keys. */
560 : static struct keyrec *
561 0 : parse_keyrec(char *keystring)
562 : {
563 : /* FIXME: Remove the static and put the data into the parms we use
564 : for the caller anyway. */
565 : static struct keyrec *work=NULL;
566 0 : struct keyrec *ret=NULL;
567 : char *record;
568 : int i;
569 :
570 0 : if(keystring==NULL)
571 : {
572 0 : if(work==NULL)
573 0 : return NULL;
574 0 : else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
575 : {
576 0 : xfree(work);
577 0 : return NULL;
578 : }
579 : else
580 : {
581 0 : ret=work;
582 0 : work=NULL;
583 0 : return ret;
584 : }
585 : }
586 :
587 0 : if(work==NULL)
588 : {
589 0 : work=xmalloc_clear(sizeof(struct keyrec));
590 0 : work->uidbuf=iobuf_temp();
591 : }
592 :
593 0 : trim_trailing_ws (keystring, strlen (keystring));
594 :
595 0 : if((record=strsep(&keystring,":"))==NULL)
596 0 : return ret;
597 :
598 0 : if(ascii_strcasecmp("pub",record)==0)
599 : {
600 : char *tok;
601 : gpg_error_t err;
602 :
603 0 : if(work->desc.mode)
604 : {
605 0 : ret=work;
606 0 : work=xmalloc_clear(sizeof(struct keyrec));
607 0 : work->uidbuf=iobuf_temp();
608 : }
609 :
610 0 : if((tok=strsep(&keystring,":"))==NULL)
611 0 : return ret;
612 :
613 0 : err = classify_user_id (tok, &work->desc, 1);
614 0 : if (err || (work->desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
615 0 : && work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID
616 0 : && work->desc.mode != KEYDB_SEARCH_MODE_FPR16
617 0 : && work->desc.mode != KEYDB_SEARCH_MODE_FPR20))
618 : {
619 0 : work->desc.mode=KEYDB_SEARCH_MODE_NONE;
620 0 : return ret;
621 : }
622 :
623 : /* Note all items after this are optional. This allows us to
624 : have a pub line as simple as pub:keyid and nothing else. */
625 :
626 0 : work->lines++;
627 :
628 0 : if((tok=strsep(&keystring,":"))==NULL)
629 0 : return ret;
630 :
631 0 : work->type=atoi(tok);
632 :
633 0 : if((tok=strsep(&keystring,":"))==NULL)
634 0 : return ret;
635 :
636 0 : work->size=atoi(tok);
637 :
638 0 : if((tok=strsep(&keystring,":"))==NULL)
639 0 : return ret;
640 :
641 0 : if(atoi(tok)<=0)
642 0 : work->createtime=0;
643 : else
644 0 : work->createtime=atoi(tok);
645 :
646 0 : if((tok=strsep(&keystring,":"))==NULL)
647 0 : return ret;
648 :
649 0 : if(atoi(tok)<=0)
650 0 : work->expiretime=0;
651 : else
652 : {
653 0 : work->expiretime=atoi(tok);
654 : /* Force the 'e' flag on if this key is expired. */
655 0 : if(work->expiretime<=make_timestamp())
656 0 : work->flags|=4;
657 : }
658 :
659 0 : if((tok=strsep(&keystring,":"))==NULL)
660 0 : return ret;
661 :
662 0 : while(*tok)
663 0 : switch(*tok++)
664 : {
665 : case 'r':
666 : case 'R':
667 0 : work->flags|=1;
668 0 : break;
669 :
670 : case 'd':
671 : case 'D':
672 0 : work->flags|=2;
673 0 : break;
674 :
675 : case 'e':
676 : case 'E':
677 0 : work->flags|=4;
678 0 : break;
679 : }
680 : }
681 0 : else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
682 : {
683 : char *userid,*tok,*decoded;
684 :
685 0 : if((tok=strsep(&keystring,":"))==NULL)
686 0 : return ret;
687 :
688 0 : if(strlen(tok)==0)
689 0 : return ret;
690 :
691 0 : userid=tok;
692 :
693 : /* By definition, de-%-encoding is always smaller than the
694 : original string so we can decode in place. */
695 :
696 0 : i=0;
697 :
698 0 : while(*tok)
699 0 : if(tok[0]=='%' && tok[1] && tok[2])
700 0 : {
701 : int c;
702 :
703 0 : userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
704 0 : i++;
705 0 : tok+=3;
706 : }
707 : else
708 0 : userid[i++]=*tok++;
709 :
710 : /* We don't care about the other info provided in the uid: line
711 : since no keyserver supports marking userids with timestamps
712 : or revoked/expired/disabled yet. */
713 :
714 : /* No need to check for control characters, as utf8_to_native
715 : does this for us. */
716 :
717 0 : decoded=utf8_to_native(userid,i,0);
718 0 : if(strlen(decoded)>opt.screen_columns-10)
719 0 : decoded[opt.screen_columns-10]='\0';
720 0 : iobuf_writestr(work->uidbuf,decoded);
721 0 : xfree(decoded);
722 0 : iobuf_writestr(work->uidbuf,"\n\t");
723 0 : work->lines++;
724 : }
725 :
726 : /* Ignore any records other than "pri" and "uid" for easy future
727 : growth. */
728 :
729 0 : return ret;
730 : }
731 :
732 : /* Show a prompt and allow the user to select keys for retrieval. */
733 : static gpg_error_t
734 0 : show_prompt (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int numdesc,
735 : int count, const char *search)
736 : {
737 : gpg_error_t err;
738 0 : char *answer = NULL;
739 :
740 0 : es_fflush (es_stdout);
741 :
742 0 : if (count && opt.command_fd == -1)
743 : {
744 : static int from = 1;
745 0 : tty_printf ("Keys %d-%d of %d for \"%s\". ",
746 : from, numdesc, count, search);
747 0 : from = numdesc + 1;
748 : }
749 :
750 : again:
751 0 : err = 0;
752 0 : xfree (answer);
753 0 : answer = cpr_get_no_help ("keysearch.prompt",
754 0 : _("Enter number(s), N)ext, or Q)uit > "));
755 : /* control-d */
756 0 : if (answer[0]=='\x04')
757 : {
758 0 : tty_printf ("Q\n");
759 0 : answer[0] = 'q';
760 : }
761 :
762 0 : if (answer[0]=='q' || answer[0]=='Q')
763 0 : err = gpg_error (GPG_ERR_CANCELED);
764 0 : else if (atoi (answer) >= 1 && atoi (answer) <= numdesc)
765 : {
766 0 : char *split = answer;
767 : char *num;
768 : int numarray[50];
769 0 : int numidx = 0;
770 : int idx;
771 :
772 0 : while ((num = strsep (&split, " ,")))
773 0 : if (atoi (num) >= 1 && atoi (num) <= numdesc)
774 : {
775 0 : if (numidx >= DIM (numarray))
776 : {
777 0 : tty_printf ("Too many keys selected\n");
778 0 : goto again;
779 : }
780 0 : numarray[numidx++] = atoi (num);
781 : }
782 :
783 0 : if (!numidx)
784 0 : goto again;
785 :
786 : {
787 : KEYDB_SEARCH_DESC *selarray;
788 :
789 0 : selarray = xtrymalloc (numidx * sizeof *selarray);
790 0 : if (!selarray)
791 : {
792 0 : err = gpg_error_from_syserror ();
793 0 : goto leave;
794 : }
795 0 : for (idx = 0; idx < numidx; idx++)
796 0 : selarray[idx] = desc[numarray[idx]-1];
797 0 : err = keyserver_get (ctrl, selarray, numidx, NULL, 0, NULL, NULL);
798 0 : xfree (selarray);
799 : }
800 : }
801 :
802 : leave:
803 0 : xfree (answer);
804 0 : return err;
805 : }
806 :
807 :
808 : /* This is a callback used by call-dirmngr.c to process the result of
809 : KS_SEARCH command. If SPECIAL is 0, LINE is the actual data line
810 : received with all escaping removed and guaranteed to be exactly one
811 : line with stripped LF; an EOF is indicated by LINE passed as NULL.
812 : If special is 1, the line contains the source of the information
813 : (usually an URL). LINE may be modified after return. */
814 : static gpg_error_t
815 0 : search_line_handler (void *opaque, int special, char *line)
816 : {
817 0 : struct search_line_handler_parm_s *parm = opaque;
818 0 : gpg_error_t err = 0;
819 : struct keyrec *keyrec;
820 :
821 0 : if (special == 1)
822 : {
823 0 : log_info ("data source: %s\n", line);
824 0 : return 0;
825 : }
826 0 : else if (special)
827 : {
828 0 : log_debug ("unknown value %d for special search callback", special);
829 0 : return 0;
830 : }
831 :
832 0 : if (parm->eof_seen && line)
833 : {
834 0 : log_debug ("ooops: unexpected data after EOF\n");
835 0 : line = NULL;
836 : }
837 :
838 : /* Print the received line. */
839 0 : if (opt.with_colons && line)
840 : {
841 0 : es_printf ("%s\n", line);
842 : }
843 :
844 : /* Look for an info: line. The only current info: values defined
845 : are the version and key count. */
846 0 : if (line && !parm->any_lines && !ascii_strncasecmp ("info:", line, 5))
847 : {
848 0 : char *str = line + 5;
849 : char *tok;
850 :
851 0 : if ((tok = strsep (&str, ":")))
852 : {
853 : int version;
854 :
855 0 : if (sscanf (tok, "%d", &version) !=1 )
856 0 : version = 1;
857 :
858 0 : if (version !=1 )
859 : {
860 0 : log_error (_("invalid keyserver protocol "
861 : "(us %d!=handler %d)\n"), 1, version);
862 0 : return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
863 : }
864 : }
865 :
866 0 : if ((tok = strsep (&str, ":"))
867 0 : && sscanf (tok, "%d", &parm->count) == 1)
868 : {
869 0 : if (!parm->count)
870 0 : parm->not_found = 1;/* Server indicated that no items follow. */
871 0 : else if (parm->count < 0)
872 0 : parm->count = 10; /* Bad value - assume something reasonable. */
873 : else
874 0 : parm->validcount = 1; /* COUNT seems to be okay. */
875 : }
876 :
877 0 : parm->any_lines = 1;
878 0 : return 0; /* Line processing finished. */
879 : }
880 :
881 : again:
882 0 : if (line)
883 0 : keyrec = parse_keyrec (line);
884 : else
885 : {
886 : /* Received EOF - flush data */
887 0 : parm->eof_seen = 1;
888 0 : keyrec = parse_keyrec (NULL);
889 0 : if (!keyrec)
890 : {
891 0 : if (!parm->nkeys)
892 0 : parm->not_found = 1; /* No keys at all. */
893 : else
894 : {
895 0 : if (parm->nkeys != parm->count)
896 0 : parm->validcount = 0;
897 :
898 0 : if (!(opt.with_colons && opt.batch))
899 : {
900 0 : err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
901 0 : parm->validcount? parm->count : 0,
902 0 : parm->searchstr_disp);
903 0 : return err;
904 : }
905 : }
906 : }
907 : }
908 :
909 : /* Save the key in the key array. */
910 0 : if (keyrec)
911 : {
912 : /* Allocate or enlarge the key array if needed. */
913 0 : if (!parm->desc)
914 : {
915 0 : if (parm->count < 1)
916 : {
917 0 : parm->count = 10;
918 0 : parm->validcount = 0;
919 : }
920 0 : parm->desc = xtrymalloc (parm->count * sizeof *parm->desc);
921 0 : if (!parm->desc)
922 : {
923 0 : err = gpg_error_from_syserror ();
924 0 : iobuf_close (keyrec->uidbuf);
925 0 : xfree (keyrec);
926 0 : return err;
927 : }
928 : }
929 0 : else if (parm->nkeys == parm->count)
930 : {
931 : /* Keyserver sent more keys than claimed in the info: line. */
932 : KEYDB_SEARCH_DESC *tmp;
933 0 : int newcount = parm->count + 10;
934 :
935 0 : tmp = xtryrealloc (parm->desc, newcount * sizeof *parm->desc);
936 0 : if (!tmp)
937 : {
938 0 : err = gpg_error_from_syserror ();
939 0 : iobuf_close (keyrec->uidbuf);
940 0 : xfree (keyrec);
941 0 : return err;
942 : }
943 0 : parm->count = newcount;
944 0 : parm->desc = tmp;
945 0 : parm->validcount = 0;
946 : }
947 :
948 0 : parm->desc[parm->nkeys] = keyrec->desc;
949 :
950 0 : if (!opt.with_colons)
951 : {
952 : /* SCREEN_LINES - 1 for the prompt. */
953 0 : if (parm->numlines + keyrec->lines > opt.screen_lines - 1)
954 : {
955 0 : err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
956 0 : parm->validcount ? parm->count:0,
957 0 : parm->searchstr_disp);
958 0 : if (err)
959 0 : return err;
960 0 : parm->numlines = 0;
961 : }
962 :
963 0 : print_keyrec (parm->nkeys+1, keyrec);
964 : }
965 :
966 0 : parm->numlines += keyrec->lines;
967 0 : iobuf_close (keyrec->uidbuf);
968 0 : xfree (keyrec);
969 :
970 0 : parm->any_lines = 1;
971 0 : parm->nkeys++;
972 :
973 : /* If we are here due to a flush after the EOF, run again for
974 : the last prompt. Fixme: Make this code better readable. */
975 0 : if (parm->eof_seen)
976 0 : goto again;
977 : }
978 :
979 0 : return 0;
980 : }
981 :
982 :
983 :
984 : int
985 0 : keyserver_export (ctrl_t ctrl, strlist_t users)
986 : {
987 : gpg_error_t err;
988 0 : strlist_t sl=NULL;
989 : KEYDB_SEARCH_DESC desc;
990 0 : int rc=0;
991 :
992 : /* Weed out descriptors that we don't support sending */
993 0 : for(;users;users=users->next)
994 : {
995 0 : err = classify_user_id (users->d, &desc, 1);
996 0 : if (err || (desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
997 0 : && desc.mode != KEYDB_SEARCH_MODE_LONG_KID
998 0 : && desc.mode != KEYDB_SEARCH_MODE_FPR16
999 0 : && desc.mode != KEYDB_SEARCH_MODE_FPR20))
1000 : {
1001 0 : log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1002 0 : continue;
1003 : }
1004 : else
1005 0 : append_to_strlist(&sl,users->d);
1006 : }
1007 :
1008 0 : if(sl)
1009 : {
1010 0 : rc = keyserver_put (ctrl, sl);
1011 0 : free_strlist(sl);
1012 : }
1013 :
1014 0 : return rc;
1015 : }
1016 :
1017 :
1018 : /* Structure to convey the arg to keyserver_retrieval_screener. */
1019 : struct ks_retrieval_screener_arg_s
1020 : {
1021 : KEYDB_SEARCH_DESC *desc;
1022 : int ndesc;
1023 : };
1024 :
1025 :
1026 : /* Check whether a key matches the search description. The function
1027 : returns 0 if the key shall be imported. */
1028 : static gpg_error_t
1029 0 : keyserver_retrieval_screener (kbnode_t keyblock, void *opaque)
1030 : {
1031 0 : struct ks_retrieval_screener_arg_s *arg = opaque;
1032 0 : KEYDB_SEARCH_DESC *desc = arg->desc;
1033 0 : int ndesc = arg->ndesc;
1034 : kbnode_t node;
1035 : PKT_public_key *pk;
1036 : int n;
1037 : u32 keyid[2];
1038 : byte fpr[MAX_FINGERPRINT_LEN];
1039 0 : size_t fpr_len = 0;
1040 :
1041 : /* Secret keys are not expected from a keyserver. We do not
1042 : care about secret subkeys because the import code takes care
1043 : of skipping them. Not allowing an import of a public key
1044 : with a secret subkey would make it too easy to inhibit the
1045 : downloading of a public key. Recall that keyservers do only
1046 : limited checks. */
1047 0 : node = find_kbnode (keyblock, PKT_SECRET_KEY);
1048 0 : if (node)
1049 0 : return gpg_error (GPG_ERR_GENERAL); /* Do not import. */
1050 :
1051 0 : if (!ndesc)
1052 0 : return 0; /* Okay if no description given. */
1053 :
1054 : /* Loop over all key packets. */
1055 0 : for (node = keyblock; node; node = node->next)
1056 : {
1057 0 : if (node->pkt->pkttype != PKT_PUBLIC_KEY
1058 0 : && node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
1059 0 : continue;
1060 :
1061 0 : pk = node->pkt->pkt.public_key;
1062 0 : fingerprint_from_pk (pk, fpr, &fpr_len);
1063 0 : keyid_from_pk (pk, keyid);
1064 :
1065 : /* Compare requested and returned fingerprints if available. */
1066 0 : for (n = 0; n < ndesc; n++)
1067 : {
1068 0 : if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
1069 : {
1070 0 : if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
1071 0 : return 0;
1072 : }
1073 0 : else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
1074 : {
1075 0 : if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
1076 0 : return 0;
1077 : }
1078 0 : else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
1079 : {
1080 0 : if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
1081 0 : return 0;
1082 : }
1083 0 : else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
1084 : {
1085 0 : if (keyid[1] == desc[n].u.kid[1])
1086 0 : return 0;
1087 : }
1088 : else /* No keyid or fingerprint - can't check. */
1089 0 : return 0; /* allow import. */
1090 : }
1091 : }
1092 :
1093 0 : return gpg_error (GPG_ERR_GENERAL);
1094 : }
1095 :
1096 :
1097 : int
1098 0 : keyserver_import (ctrl_t ctrl, strlist_t users)
1099 : {
1100 : gpg_error_t err;
1101 : KEYDB_SEARCH_DESC *desc;
1102 0 : int num=100,count=0;
1103 0 : int rc=0;
1104 :
1105 : /* Build a list of key ids */
1106 0 : desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1107 :
1108 0 : for(;users;users=users->next)
1109 : {
1110 0 : err = classify_user_id (users->d, &desc[count], 1);
1111 0 : if (err || (desc[count].mode != KEYDB_SEARCH_MODE_SHORT_KID
1112 0 : && desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID
1113 0 : && desc[count].mode != KEYDB_SEARCH_MODE_FPR16
1114 0 : && desc[count].mode != KEYDB_SEARCH_MODE_FPR20))
1115 : {
1116 0 : log_error (_("\"%s\" not a key ID: skipping\n"), users->d);
1117 0 : continue;
1118 : }
1119 :
1120 0 : count++;
1121 0 : if(count==num)
1122 : {
1123 0 : num+=100;
1124 0 : desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1125 : }
1126 : }
1127 :
1128 0 : if(count>0)
1129 0 : rc = keyserver_get (ctrl, desc, count, NULL, 0, NULL, NULL);
1130 :
1131 0 : xfree(desc);
1132 :
1133 0 : return rc;
1134 : }
1135 :
1136 :
1137 : /* Return true if any keyserver has been configured. */
1138 : int
1139 0 : keyserver_any_configured (ctrl_t ctrl)
1140 : {
1141 0 : return !gpg_dirmngr_ks_list (ctrl, NULL);
1142 : }
1143 :
1144 :
1145 : /* Import all keys that exactly match NAME */
1146 : int
1147 0 : keyserver_import_name (ctrl_t ctrl, const char *name,
1148 : unsigned char **fpr, size_t *fprlen,
1149 : struct keyserver_spec *keyserver)
1150 : {
1151 : KEYDB_SEARCH_DESC desc;
1152 :
1153 0 : memset (&desc, 0, sizeof desc);
1154 :
1155 0 : desc.mode = KEYDB_SEARCH_MODE_EXACT;
1156 0 : desc.u.name = name;
1157 :
1158 0 : return keyserver_get (ctrl, &desc, 1, keyserver, 0, fpr, fprlen);
1159 : }
1160 :
1161 :
1162 : int
1163 0 : keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
1164 : struct keyserver_spec *keyserver, int quick)
1165 : {
1166 : KEYDB_SEARCH_DESC desc;
1167 :
1168 0 : memset(&desc,0,sizeof(desc));
1169 :
1170 0 : if(fprint_len==16)
1171 0 : desc.mode=KEYDB_SEARCH_MODE_FPR16;
1172 0 : else if(fprint_len==20)
1173 0 : desc.mode=KEYDB_SEARCH_MODE_FPR20;
1174 : else
1175 0 : return -1;
1176 :
1177 0 : memcpy(desc.u.fpr,fprint,fprint_len);
1178 :
1179 : /* TODO: Warn here if the fingerprint we got doesn't match the one
1180 : we asked for? */
1181 0 : return keyserver_get (ctrl, &desc, 1, keyserver, quick, NULL, NULL);
1182 : }
1183 :
1184 : int
1185 0 : keyserver_import_keyid (ctrl_t ctrl,
1186 : u32 *keyid,struct keyserver_spec *keyserver, int quick)
1187 : {
1188 : KEYDB_SEARCH_DESC desc;
1189 :
1190 0 : memset(&desc,0,sizeof(desc));
1191 :
1192 0 : desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1193 0 : desc.u.kid[0]=keyid[0];
1194 0 : desc.u.kid[1]=keyid[1];
1195 :
1196 0 : return keyserver_get (ctrl, &desc, 1, keyserver, quick, NULL, NULL);
1197 : }
1198 :
1199 : /* code mostly stolen from do_export_stream */
1200 : static int
1201 0 : keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1202 : {
1203 0 : int rc = 0;
1204 0 : int num = 100;
1205 0 : kbnode_t keyblock = NULL;
1206 : kbnode_t node;
1207 : KEYDB_HANDLE kdbhd;
1208 : int ndesc;
1209 0 : KEYDB_SEARCH_DESC *desc = NULL;
1210 : strlist_t sl;
1211 :
1212 0 : *count=0;
1213 :
1214 0 : *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1215 :
1216 0 : kdbhd = keydb_new ();
1217 0 : if (!kdbhd)
1218 : {
1219 0 : rc = gpg_error_from_syserror ();
1220 0 : goto leave;
1221 : }
1222 0 : keydb_disable_caching (kdbhd); /* We are looping the search. */
1223 :
1224 0 : if(!users)
1225 : {
1226 0 : ndesc = 1;
1227 0 : desc = xmalloc_clear ( ndesc * sizeof *desc);
1228 0 : desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1229 : }
1230 : else
1231 : {
1232 0 : for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
1233 : ;
1234 0 : desc = xmalloc ( ndesc * sizeof *desc);
1235 :
1236 0 : for (ndesc=0, sl=users; sl; sl = sl->next)
1237 : {
1238 : gpg_error_t err;
1239 0 : if (!(err = classify_user_id (sl->d, desc+ndesc, 1)))
1240 0 : ndesc++;
1241 : else
1242 0 : log_error (_("key \"%s\" not found: %s\n"),
1243 0 : sl->d, gpg_strerror (err));
1244 : }
1245 : }
1246 :
1247 : for (;;)
1248 : {
1249 0 : rc = keydb_search (kdbhd, desc, ndesc, NULL);
1250 0 : if (rc)
1251 0 : break; /* ready. */
1252 :
1253 0 : if (!users)
1254 0 : desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1255 :
1256 : /* read the keyblock */
1257 0 : rc = keydb_get_keyblock (kdbhd, &keyblock );
1258 0 : if( rc )
1259 : {
1260 0 : log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
1261 0 : goto leave;
1262 : }
1263 :
1264 0 : if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1265 : {
1266 : /* This is to work around a bug in some keyservers (pksd and
1267 : OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1268 : The answer is to refresh both the correct v4 keyid
1269 : (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1270 : This only happens for key refresh using the HKP scheme
1271 : and if the refresh-add-fake-v3-keyids keyserver option is
1272 : set. */
1273 0 : if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1274 0 : node->pkt->pkt.public_key->version>=4)
1275 : {
1276 0 : (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1277 0 : v3_keyid (node->pkt->pkt.public_key->pkey[0],
1278 0 : (*klist)[*count].u.kid);
1279 0 : (*count)++;
1280 :
1281 0 : if(*count==num)
1282 : {
1283 0 : num+=100;
1284 0 : *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1285 : }
1286 : }
1287 :
1288 : /* v4 keys get full fingerprints. v3 keys get long keyids.
1289 : This is because it's easy to calculate any sort of keyid
1290 : from a v4 fingerprint, but not a v3 fingerprint. */
1291 :
1292 0 : if(node->pkt->pkt.public_key->version<4)
1293 : {
1294 0 : (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1295 0 : keyid_from_pk(node->pkt->pkt.public_key,
1296 0 : (*klist)[*count].u.kid);
1297 : }
1298 : else
1299 : {
1300 : size_t dummy;
1301 :
1302 0 : (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1303 0 : fingerprint_from_pk(node->pkt->pkt.public_key,
1304 0 : (*klist)[*count].u.fpr,&dummy);
1305 : }
1306 :
1307 : /* This is a little hackish, using the skipfncvalue as a
1308 : void* pointer to the keyserver spec, but we don't need
1309 : the skipfnc here, and it saves having an additional field
1310 : for this (which would be wasted space most of the
1311 : time). */
1312 :
1313 0 : (*klist)[*count].skipfncvalue=NULL;
1314 :
1315 : /* Are we honoring preferred keyservers? */
1316 0 : if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1317 : {
1318 0 : PKT_user_id *uid=NULL;
1319 0 : PKT_signature *sig=NULL;
1320 :
1321 0 : merge_keys_and_selfsig(keyblock);
1322 :
1323 0 : for(node=node->next;node;node=node->next)
1324 : {
1325 0 : if(node->pkt->pkttype==PKT_USER_ID
1326 0 : && node->pkt->pkt.user_id->is_primary)
1327 0 : uid=node->pkt->pkt.user_id;
1328 0 : else if(node->pkt->pkttype==PKT_SIGNATURE
1329 0 : && node->pkt->pkt.signature->
1330 0 : flags.chosen_selfsig && uid)
1331 : {
1332 0 : sig=node->pkt->pkt.signature;
1333 0 : break;
1334 : }
1335 : }
1336 :
1337 : /* Try and parse the keyserver URL. If it doesn't work,
1338 : then we end up writing NULL which indicates we are
1339 : the same as any other key. */
1340 0 : if(sig)
1341 0 : (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1342 : }
1343 :
1344 0 : (*count)++;
1345 :
1346 0 : if(*count==num)
1347 : {
1348 0 : num+=100;
1349 0 : *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1350 : }
1351 : }
1352 0 : }
1353 :
1354 0 : if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
1355 0 : rc = 0;
1356 :
1357 : leave:
1358 0 : if(rc)
1359 : {
1360 0 : xfree(*klist);
1361 0 : *klist = NULL;
1362 : }
1363 0 : xfree(desc);
1364 0 : keydb_release(kdbhd);
1365 0 : release_kbnode(keyblock);
1366 :
1367 0 : return rc;
1368 : }
1369 :
1370 : /* Note this is different than the original HKP refresh. It allows
1371 : usernames to refresh only part of the keyring. */
1372 :
1373 : gpg_error_t
1374 0 : keyserver_refresh (ctrl_t ctrl, strlist_t users)
1375 : {
1376 : gpg_error_t err;
1377 : int count, numdesc;
1378 0 : int fakev3 = 0;
1379 : KEYDB_SEARCH_DESC *desc;
1380 0 : unsigned int options=opt.keyserver_options.import_options;
1381 :
1382 : /* We switch merge-only on during a refresh, as 'refresh' should
1383 : never import new keys, even if their keyids match. */
1384 0 : opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
1385 :
1386 : /* Similarly, we switch on fast-import, since refresh may make
1387 : multiple import sets (due to preferred keyserver URLs). We don't
1388 : want each set to rebuild the trustdb. Instead we do it once at
1389 : the end here. */
1390 0 : opt.keyserver_options.import_options|=IMPORT_FAST;
1391 :
1392 : /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1393 : scheme, then enable fake v3 keyid generation. Note that this
1394 : works only with a keyserver configured. gpg.conf
1395 : (i.e. opt.keyserver); however that method of configuring a
1396 : keyserver is deprecated and in any case it is questionable
1397 : whether we should keep on supporting these ancient and broken
1398 : keyservers. */
1399 0 : if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1400 0 : && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1401 0 : ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1402 0 : fakev3=1;
1403 :
1404 0 : err = keyidlist (users, &desc, &numdesc, fakev3);
1405 0 : if (err)
1406 0 : return err;
1407 :
1408 0 : count=numdesc;
1409 0 : if(count>0)
1410 : {
1411 : int i;
1412 :
1413 : /* Try to handle preferred keyserver keys first */
1414 0 : for(i=0;i<numdesc;i++)
1415 : {
1416 0 : if(desc[i].skipfncvalue)
1417 : {
1418 0 : struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1419 :
1420 0 : if (!opt.quiet)
1421 0 : log_info (_("refreshing %d key from %s\n"), 1, keyserver->uri);
1422 :
1423 : /* We use the keyserver structure we parsed out before.
1424 : Note that a preferred keyserver without a scheme://
1425 : will be interpreted as hkp:// */
1426 0 : err = keyserver_get (ctrl, &desc[i], 1, keyserver, 0, NULL, NULL);
1427 0 : if (err)
1428 0 : log_info(_("WARNING: unable to refresh key %s"
1429 0 : " via %s: %s\n"),keystr_from_desc(&desc[i]),
1430 : keyserver->uri,gpg_strerror (err));
1431 : else
1432 : {
1433 : /* We got it, so mark it as NONE so we don't try and
1434 : get it again from the regular keyserver. */
1435 :
1436 0 : desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1437 0 : count--;
1438 : }
1439 :
1440 0 : free_keyserver_spec(keyserver);
1441 : }
1442 : }
1443 : }
1444 :
1445 0 : if(count>0)
1446 : {
1447 : char *tmpuri;
1448 :
1449 0 : err = gpg_dirmngr_ks_list (ctrl, &tmpuri);
1450 0 : if (!err)
1451 : {
1452 0 : if (!opt.quiet)
1453 : {
1454 0 : log_info (ngettext("refreshing %d key from %s\n",
1455 : "refreshing %d keys from %s\n",
1456 : count), count, tmpuri);
1457 : }
1458 0 : xfree (tmpuri);
1459 :
1460 0 : err = keyserver_get (ctrl, desc, numdesc, NULL, 0, NULL, NULL);
1461 : }
1462 : }
1463 :
1464 0 : xfree(desc);
1465 :
1466 0 : opt.keyserver_options.import_options=options;
1467 :
1468 : /* If the original options didn't have fast import, and the trustdb
1469 : is dirty, rebuild. */
1470 0 : if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1471 0 : check_or_update_trustdb (ctrl);
1472 :
1473 0 : return err;
1474 : }
1475 :
1476 :
1477 : /* Search for keys on the keyservers. The patterns are given in the
1478 : string list TOKENS. */
1479 : gpg_error_t
1480 0 : keyserver_search (ctrl_t ctrl, strlist_t tokens)
1481 : {
1482 : gpg_error_t err;
1483 : char *searchstr;
1484 : struct search_line_handler_parm_s parm;
1485 :
1486 0 : memset (&parm, 0, sizeof parm);
1487 :
1488 0 : if (!tokens)
1489 0 : return 0; /* Return success if no patterns are given. */
1490 :
1491 : /* Write global options */
1492 :
1493 : /* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
1494 : /* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
1495 :
1496 : /* Write per-keyserver options */
1497 :
1498 : /* for(temp=keyserver->options;temp;temp=temp->next) */
1499 : /* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
1500 :
1501 : {
1502 : membuf_t mb;
1503 : strlist_t item;
1504 :
1505 0 : init_membuf (&mb, 1024);
1506 0 : for (item = tokens; item; item = item->next)
1507 : {
1508 0 : if (item != tokens)
1509 0 : put_membuf (&mb, " ", 1);
1510 0 : put_membuf_str (&mb, item->d);
1511 : }
1512 0 : put_membuf (&mb, "", 1); /* Append Nul. */
1513 0 : searchstr = get_membuf (&mb, NULL);
1514 0 : if (!searchstr)
1515 : {
1516 0 : err = gpg_error_from_syserror ();
1517 0 : goto leave;
1518 : }
1519 : }
1520 : /* FIXME: Enable the next line */
1521 : /* log_info (_("searching for \"%s\" from %s\n"), searchstr, keyserver->uri); */
1522 :
1523 0 : parm.ctrl = ctrl;
1524 0 : if (searchstr)
1525 0 : parm.searchstr_disp = utf8_to_native (searchstr, strlen (searchstr), 0);
1526 :
1527 0 : err = gpg_dirmngr_ks_search (ctrl, searchstr, search_line_handler, &parm);
1528 :
1529 0 : if (parm.not_found)
1530 : {
1531 0 : if (parm.searchstr_disp)
1532 0 : log_info (_("key \"%s\" not found on keyserver\n"),
1533 : parm.searchstr_disp);
1534 : else
1535 0 : log_info (_("key not found on keyserver\n"));
1536 : }
1537 :
1538 0 : if (gpg_err_code (err) == GPG_ERR_NO_KEYSERVER)
1539 0 : log_error (_("no keyserver known (use option --keyserver)\n"));
1540 0 : else if (err)
1541 0 : log_error ("error searching keyserver: %s\n", gpg_strerror (err));
1542 :
1543 : /* switch(ret) */
1544 : /* { */
1545 : /* case KEYSERVER_SCHEME_NOT_FOUND: */
1546 : /* log_error(_("no handler for keyserver scheme '%s'\n"), */
1547 : /* opt.keyserver->scheme); */
1548 : /* break; */
1549 :
1550 : /* case KEYSERVER_NOT_SUPPORTED: */
1551 : /* log_error(_("action '%s' not supported with keyserver " */
1552 : /* "scheme '%s'\n"), "search", opt.keyserver->scheme); */
1553 : /* break; */
1554 :
1555 : /* case KEYSERVER_TIMEOUT: */
1556 : /* log_error(_("keyserver timed out\n")); */
1557 : /* break; */
1558 :
1559 : /* case KEYSERVER_INTERNAL_ERROR: */
1560 : /* default: */
1561 : /* log_error(_("keyserver internal error\n")); */
1562 : /* break; */
1563 : /* } */
1564 :
1565 : /* return gpg_error (GPG_ERR_KEYSERVER); */
1566 :
1567 :
1568 : leave:
1569 0 : xfree (parm.desc);
1570 0 : xfree (parm.searchstr_disp);
1571 0 : xfree(searchstr);
1572 :
1573 0 : return err;
1574 : }
1575 :
1576 : /* Helper for keyserver_get. Here we only receive a chunk of the
1577 : description to be processed in one batch. This is required due to
1578 : the limited number of patterns the dirmngr interface (KS_GET) can
1579 : grok and to limit the amount of temporary required memory. */
1580 : static gpg_error_t
1581 0 : keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
1582 : int *r_ndesc_used,
1583 : import_stats_t stats_handle,
1584 : struct keyserver_spec *override_keyserver,
1585 : int quick,
1586 : unsigned char **r_fpr, size_t *r_fprlen)
1587 :
1588 : {
1589 0 : gpg_error_t err = 0;
1590 : char **pattern;
1591 : int idx, npat;
1592 : estream_t datastream;
1593 0 : char *source = NULL;
1594 : size_t linelen; /* Estimated linelen for KS_GET. */
1595 : size_t n;
1596 :
1597 : #define MAX_KS_GET_LINELEN 950 /* Somewhat lower than the real limit. */
1598 :
1599 0 : *r_ndesc_used = 0;
1600 :
1601 : /* Create an array filled with a search pattern for each key. The
1602 : array is delimited by a NULL entry. */
1603 0 : pattern = xtrycalloc (ndesc+1, sizeof *pattern);
1604 0 : if (!pattern)
1605 0 : return gpg_error_from_syserror ();
1606 :
1607 : /* Note that we break the loop as soon as our estimation of the to
1608 : be used line length reaches the limit. But we do this only if we
1609 : have processed at least one search requests so that an overlong
1610 : single request will be rejected only later by gpg_dirmngr_ks_get
1611 : but we are sure that R_NDESC_USED has been updated. This avoids
1612 : a possible indefinite loop. */
1613 0 : linelen = 17; /* "KS_GET --quick --" */
1614 0 : for (npat=idx=0; idx < ndesc; idx++)
1615 : {
1616 0 : int quiet = 0;
1617 :
1618 0 : if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
1619 0 : || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
1620 : {
1621 0 : n = 1+2+2*20;
1622 0 : if (idx && linelen + n > MAX_KS_GET_LINELEN)
1623 0 : break; /* Declare end of this chunk. */
1624 0 : linelen += n;
1625 :
1626 0 : pattern[npat] = xtrymalloc (n);
1627 0 : if (!pattern[npat])
1628 0 : err = gpg_error_from_syserror ();
1629 : else
1630 : {
1631 0 : strcpy (pattern[npat], "0x");
1632 0 : bin2hex (desc[idx].u.fpr,
1633 0 : desc[idx].mode == KEYDB_SEARCH_MODE_FPR20? 20 : 16,
1634 0 : pattern[npat]+2);
1635 0 : npat++;
1636 : }
1637 : }
1638 0 : else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
1639 : {
1640 0 : n = 1+2+16;
1641 0 : if (idx && linelen + n > MAX_KS_GET_LINELEN)
1642 0 : break; /* Declare end of this chunk. */
1643 0 : linelen += n;
1644 :
1645 0 : pattern[npat] = xtryasprintf ("0x%08lX%08lX",
1646 0 : (ulong)desc[idx].u.kid[0],
1647 0 : (ulong)desc[idx].u.kid[1]);
1648 0 : if (!pattern[npat])
1649 0 : err = gpg_error_from_syserror ();
1650 : else
1651 0 : npat++;
1652 : }
1653 0 : else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
1654 : {
1655 0 : n = 1+2+8;
1656 0 : if (idx && linelen + n > MAX_KS_GET_LINELEN)
1657 0 : break; /* Declare end of this chunk. */
1658 0 : linelen += n;
1659 :
1660 0 : pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
1661 0 : if (!pattern[npat])
1662 0 : err = gpg_error_from_syserror ();
1663 : else
1664 0 : npat++;
1665 : }
1666 0 : else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
1667 : {
1668 : /* The Dirmngr also uses classify_user_id to detect the type
1669 : of the search string. By adding the '=' prefix we force
1670 : Dirmngr's KS_GET to consider this an exact search string.
1671 : (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
1672 : KS_GETNAME command to indicate this.) */
1673 :
1674 0 : n = 1+1+strlen (desc[idx].u.name);
1675 0 : if (idx && linelen + n > MAX_KS_GET_LINELEN)
1676 0 : break; /* Declare end of this chunk. */
1677 0 : linelen += n;
1678 :
1679 0 : pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
1680 0 : if (!pattern[npat])
1681 0 : err = gpg_error_from_syserror ();
1682 : else
1683 : {
1684 0 : npat++;
1685 0 : quiet = 1;
1686 : }
1687 : }
1688 0 : else if (desc[idx].mode == KEYDB_SEARCH_MODE_NONE)
1689 0 : continue;
1690 : else
1691 0 : BUG();
1692 :
1693 0 : if (err)
1694 : {
1695 0 : for (idx=0; idx < npat; idx++)
1696 0 : xfree (pattern[idx]);
1697 0 : xfree (pattern);
1698 0 : return err;
1699 : }
1700 :
1701 0 : if (!quiet && override_keyserver)
1702 : {
1703 0 : if (override_keyserver->host)
1704 0 : log_info (_("requesting key %s from %s server %s\n"),
1705 0 : keystr_from_desc (&desc[idx]),
1706 : override_keyserver->scheme, override_keyserver->host);
1707 : else
1708 0 : log_info (_("requesting key %s from %s\n"),
1709 0 : keystr_from_desc (&desc[idx]), override_keyserver->uri);
1710 : }
1711 : }
1712 :
1713 : /* Remember now many of search items were considered. Note that
1714 : this is different from NPAT. */
1715 0 : *r_ndesc_used = idx;
1716 :
1717 0 : err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver, quick,
1718 : &datastream, &source);
1719 0 : for (idx=0; idx < npat; idx++)
1720 0 : xfree (pattern[idx]);
1721 0 : xfree (pattern);
1722 0 : if (opt.verbose && source)
1723 0 : log_info ("data source: %s\n", source);
1724 :
1725 0 : if (!err)
1726 : {
1727 : struct ks_retrieval_screener_arg_s screenerarg;
1728 :
1729 : /* FIXME: Check whether this comment should be moved to dirmngr.
1730 :
1731 : Slurp up all the key data. In the future, it might be nice
1732 : to look for KEY foo OUTOFBAND and FAILED indicators. It's
1733 : harmless to ignore them, but ignoring them does make gpg
1734 : complain about "no valid OpenPGP data found". One way to do
1735 : this could be to continue parsing this line-by-line and make
1736 : a temp iobuf for each key. Note that we don't allow the
1737 : import of secret keys from a keyserver. Keyservers should
1738 : never accept or send them but we better protect against rogue
1739 : keyservers. */
1740 :
1741 0 : screenerarg.desc = desc;
1742 0 : screenerarg.ndesc = *r_ndesc_used;
1743 0 : import_keys_es_stream (ctrl, datastream, stats_handle,
1744 : r_fpr, r_fprlen,
1745 0 : (opt.keyserver_options.import_options
1746 : | IMPORT_NO_SECKEY),
1747 : keyserver_retrieval_screener, &screenerarg);
1748 : }
1749 0 : es_fclose (datastream);
1750 0 : xfree (source);
1751 :
1752 0 : return err;
1753 : }
1754 :
1755 :
1756 : /* Retrieve a key from a keyserver. The search pattern are in
1757 : (DESC,NDESC). Allowed search modes are keyid, fingerprint, and
1758 : exact searches. OVERRIDE_KEYSERVER gives an optional override
1759 : keyserver. If (R_FPR,R_FPRLEN) are not NULL, they may return the
1760 : fingerprint of a single imported key. If QUICK is set, dirmngr is
1761 : advised to use a shorter timeout. */
1762 : static gpg_error_t
1763 0 : keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
1764 : struct keyserver_spec *override_keyserver, int quick,
1765 : unsigned char **r_fpr, size_t *r_fprlen)
1766 : {
1767 : gpg_error_t err;
1768 : import_stats_t stats_handle;
1769 : int ndesc_used;
1770 0 : int any_good = 0;
1771 :
1772 0 : stats_handle = import_new_stats_handle();
1773 :
1774 : for (;;)
1775 : {
1776 0 : err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
1777 : override_keyserver, quick, r_fpr, r_fprlen);
1778 0 : if (!err)
1779 0 : any_good = 1;
1780 0 : if (err || ndesc_used >= ndesc)
1781 : break; /* Error or all processed. */
1782 : /* Prepare for the next chunk. */
1783 0 : desc += ndesc_used;
1784 0 : ndesc -= ndesc_used;
1785 0 : }
1786 :
1787 0 : if (any_good)
1788 0 : import_print_stats (stats_handle);
1789 :
1790 0 : import_release_stats_handle (stats_handle);
1791 0 : return err;
1792 : }
1793 :
1794 :
1795 : /* Send all keys specified by KEYSPECS to the configured keyserver. */
1796 : static gpg_error_t
1797 0 : keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
1798 :
1799 : {
1800 : gpg_error_t err;
1801 : strlist_t kspec;
1802 : char *ksurl;
1803 :
1804 0 : if (!keyspecs)
1805 0 : return 0; /* Return success if the list is empty. */
1806 :
1807 0 : if (gpg_dirmngr_ks_list (ctrl, &ksurl))
1808 : {
1809 0 : log_error (_("no keyserver known\n"));
1810 0 : return gpg_error (GPG_ERR_NO_KEYSERVER);
1811 : }
1812 :
1813 0 : for (kspec = keyspecs; kspec; kspec = kspec->next)
1814 : {
1815 : void *data;
1816 : size_t datalen;
1817 : kbnode_t keyblock;
1818 :
1819 0 : err = export_pubkey_buffer (ctrl, kspec->d,
1820 : opt.keyserver_options.export_options,
1821 : NULL,
1822 : &keyblock, &data, &datalen);
1823 0 : if (err)
1824 0 : log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
1825 : else
1826 : {
1827 0 : log_info (_("sending key %s to %s\n"),
1828 0 : keystr (keyblock->pkt->pkt.public_key->keyid),
1829 0 : ksurl?ksurl:"[?]");
1830 :
1831 0 : err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
1832 0 : release_kbnode (keyblock);
1833 0 : xfree (data);
1834 0 : if (err)
1835 : {
1836 0 : write_status_error ("keyserver_send", err);
1837 0 : log_error (_("keyserver send failed: %s\n"), gpg_strerror (err));
1838 : }
1839 : }
1840 : }
1841 :
1842 0 : xfree (ksurl);
1843 :
1844 0 : return err;
1845 :
1846 : }
1847 :
1848 :
1849 : /* Loop over all URLs in STRLIST and fetch the key at that URL. Note
1850 : that the fetch operation ignores the configured keyservers and
1851 : instead directly retrieves the keys. */
1852 : int
1853 0 : keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
1854 : {
1855 : gpg_error_t err;
1856 : strlist_t sl;
1857 : estream_t datastream;
1858 0 : unsigned int save_options = opt.keyserver_options.import_options;
1859 :
1860 : /* Switch on fast-import, since fetch can handle more than one
1861 : import and we don't want each set to rebuild the trustdb.
1862 : Instead we do it once at the end. */
1863 0 : opt.keyserver_options.import_options |= IMPORT_FAST;
1864 :
1865 0 : for (sl=urilist; sl; sl=sl->next)
1866 : {
1867 0 : if (!opt.quiet)
1868 0 : log_info (_("requesting key from '%s'\n"), sl->d);
1869 :
1870 0 : err = gpg_dirmngr_ks_fetch (ctrl, sl->d, &datastream);
1871 0 : if (!err)
1872 : {
1873 : import_stats_t stats_handle;
1874 :
1875 0 : stats_handle = import_new_stats_handle();
1876 0 : import_keys_es_stream (ctrl, datastream, stats_handle, NULL, NULL,
1877 : opt.keyserver_options.import_options,
1878 : NULL, NULL);
1879 :
1880 0 : import_print_stats (stats_handle);
1881 0 : import_release_stats_handle (stats_handle);
1882 : }
1883 : else
1884 0 : log_info (_("WARNING: unable to fetch URI %s: %s\n"),
1885 0 : sl->d, gpg_strerror (err));
1886 0 : es_fclose (datastream);
1887 : }
1888 :
1889 0 : opt.keyserver_options.import_options = save_options;
1890 :
1891 : /* If the original options didn't have fast import, and the trustdb
1892 : is dirty, rebuild. */
1893 0 : if (!(opt.keyserver_options.import_options&IMPORT_FAST))
1894 0 : check_or_update_trustdb (ctrl);
1895 :
1896 0 : return 0;
1897 : }
1898 :
1899 :
1900 : /* Import key in a CERT or pointed to by a CERT. In DANE_MODE fetch
1901 : the certificate using the DANE method. */
1902 : int
1903 0 : keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
1904 : unsigned char **fpr,size_t *fpr_len)
1905 : {
1906 : gpg_error_t err;
1907 : char *look,*url;
1908 : estream_t key;
1909 :
1910 0 : look = xstrdup(name);
1911 :
1912 0 : if (!dane_mode)
1913 : {
1914 0 : char *domain = strrchr (look,'@');
1915 0 : if (domain)
1916 0 : *domain='.';
1917 : }
1918 :
1919 0 : err = gpg_dirmngr_dns_cert (ctrl, look, dane_mode? NULL : "*",
1920 : &key, fpr, fpr_len, &url);
1921 0 : if (err)
1922 : ;
1923 0 : else if (key)
1924 : {
1925 0 : int armor_status=opt.no_armor;
1926 :
1927 : /* CERTs and DANE records are always in binary format */
1928 0 : opt.no_armor=1;
1929 :
1930 0 : err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
1931 0 : (opt.keyserver_options.import_options
1932 : | IMPORT_NO_SECKEY),
1933 : NULL, NULL);
1934 :
1935 0 : opt.no_armor=armor_status;
1936 :
1937 0 : es_fclose (key);
1938 0 : key = NULL;
1939 : }
1940 0 : else if (*fpr)
1941 : {
1942 : /* We only consider the IPGP type if a fingerprint was provided.
1943 : This lets us select the right key regardless of what a URL
1944 : points to, or get the key from a keyserver. */
1945 0 : if(url)
1946 : {
1947 : struct keyserver_spec *spec;
1948 :
1949 0 : spec = parse_keyserver_uri (url, 1);
1950 0 : if(spec)
1951 : {
1952 0 : err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec, 0);
1953 0 : free_keyserver_spec(spec);
1954 : }
1955 : }
1956 0 : else if (keyserver_any_configured (ctrl))
1957 : {
1958 : /* If only a fingerprint is provided, try and fetch it from
1959 : the configured keyserver. */
1960 :
1961 0 : err = keyserver_import_fprint (ctrl,
1962 : *fpr, *fpr_len, opt.keyserver, 0);
1963 : }
1964 : else
1965 0 : log_info(_("no keyserver known\n"));
1966 :
1967 : /* Give a better string here? "CERT fingerprint for \"%s\"
1968 : found, but no keyserver" " known (use option
1969 : --keyserver)\n" ? */
1970 :
1971 : }
1972 :
1973 0 : xfree(url);
1974 0 : xfree(look);
1975 :
1976 0 : return err;
1977 : }
1978 :
1979 : /* Import key pointed to by a PKA record. Return the requested
1980 : fingerprint in fpr. */
1981 : gpg_error_t
1982 0 : keyserver_import_pka (ctrl_t ctrl, const char *name,
1983 : unsigned char **fpr, size_t *fpr_len)
1984 : {
1985 : gpg_error_t err;
1986 : char *url;
1987 :
1988 0 : err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url);
1989 0 : if (url && *url && fpr && fpr_len)
1990 : {
1991 : /* An URL is available. Lookup the key. */
1992 : struct keyserver_spec *spec;
1993 0 : spec = parse_keyserver_uri (url, 1);
1994 0 : if (spec)
1995 : {
1996 0 : err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec, 0);
1997 0 : free_keyserver_spec (spec);
1998 : }
1999 : }
2000 0 : xfree (url);
2001 :
2002 0 : if (err)
2003 : {
2004 0 : xfree(*fpr);
2005 0 : *fpr = NULL;
2006 0 : *fpr_len = 0;
2007 : }
2008 :
2009 0 : return err;
2010 : }
2011 :
2012 :
2013 : /* Import a key using the Web Key Directory protocol. */
2014 : gpg_error_t
2015 0 : keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick,
2016 : unsigned char **fpr, size_t *fpr_len)
2017 : {
2018 : gpg_error_t err;
2019 : char *mbox;
2020 : estream_t key;
2021 :
2022 : /* We want to work on the mbox. That is what dirmngr will do anyway
2023 : * and we need the mbox for the import filter anyway. */
2024 0 : mbox = mailbox_from_userid (name);
2025 0 : if (!mbox)
2026 : {
2027 0 : err = gpg_error_from_syserror ();
2028 0 : if (gpg_err_code (err) == GPG_ERR_EINVAL)
2029 0 : err = gpg_error (GPG_ERR_INV_USER_ID);
2030 0 : return err;
2031 : }
2032 :
2033 0 : err = gpg_dirmngr_wkd_get (ctrl, mbox, quick, &key);
2034 0 : if (err)
2035 : ;
2036 0 : else if (key)
2037 : {
2038 0 : int armor_status = opt.no_armor;
2039 : import_filter_t save_filt;
2040 :
2041 : /* Keys returned via WKD are in binary format. */
2042 0 : opt.no_armor = 1;
2043 0 : save_filt = save_and_clear_import_filter ();
2044 0 : if (!save_filt)
2045 0 : err = gpg_error_from_syserror ();
2046 : else
2047 : {
2048 0 : char *filtstr = es_bsprintf ("keep-uid=mbox = %s", mbox);
2049 0 : err = filtstr? 0 : gpg_error_from_syserror ();
2050 0 : if (!err)
2051 0 : err = parse_and_set_import_filter (filtstr);
2052 0 : xfree (filtstr);
2053 0 : if (!err)
2054 0 : err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
2055 : IMPORT_NO_SECKEY,
2056 : NULL, NULL);
2057 :
2058 : }
2059 :
2060 0 : restore_import_filter (save_filt);
2061 0 : opt.no_armor = armor_status;
2062 :
2063 0 : es_fclose (key);
2064 0 : key = NULL;
2065 : }
2066 :
2067 0 : xfree (mbox);
2068 0 : return err;
2069 : }
2070 :
2071 :
2072 : /* Import a key by name using LDAP */
2073 : int
2074 0 : keyserver_import_ldap (ctrl_t ctrl,
2075 : const char *name, unsigned char **fpr, size_t *fprlen)
2076 : {
2077 : (void)ctrl;
2078 : (void)name;
2079 : (void)fpr;
2080 : (void)fprlen;
2081 0 : return gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
2082 : #if 0
2083 : char *domain;
2084 : struct keyserver_spec *keyserver;
2085 : strlist_t list=NULL;
2086 : int rc,hostlen=1;
2087 : #ifdef USE_DNS_SRV
2088 : struct srventry *srvlist=NULL;
2089 : int srvcount,i;
2090 : char srvname[MAXDNAME];
2091 : #endif
2092 :
2093 : /* Parse out the domain */
2094 : domain=strrchr(name,'@');
2095 : if(!domain)
2096 : return GPG_ERR_GENERAL;
2097 :
2098 : domain++;
2099 :
2100 : keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
2101 : keyserver->scheme=xstrdup("ldap");
2102 : keyserver->host=xmalloc(1);
2103 : keyserver->host[0]='\0';
2104 :
2105 : #ifdef USE_DNS_SRV
2106 : snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
2107 :
2108 : FIXME("network related - move to dirmngr or drop the code");
2109 : srvcount=getsrv(srvname,&srvlist);
2110 :
2111 : for(i=0;i<srvcount;i++)
2112 : {
2113 : hostlen+=strlen(srvlist[i].target)+1;
2114 : keyserver->host=xrealloc(keyserver->host,hostlen);
2115 :
2116 : strcat(keyserver->host,srvlist[i].target);
2117 :
2118 : if(srvlist[i].port!=389)
2119 : {
2120 : char port[7];
2121 :
2122 : hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
2123 : keyserver->host=xrealloc(keyserver->host,hostlen);
2124 :
2125 : snprintf(port,7,":%u",srvlist[i].port);
2126 : strcat(keyserver->host,port);
2127 : }
2128 :
2129 : strcat(keyserver->host," ");
2130 : }
2131 :
2132 : free(srvlist);
2133 : #endif
2134 :
2135 : /* If all else fails, do the PGP Universal trick of
2136 : ldap://keys.(domain) */
2137 :
2138 : hostlen+=5+strlen(domain);
2139 : keyserver->host=xrealloc(keyserver->host,hostlen);
2140 : strcat(keyserver->host,"keys.");
2141 : strcat(keyserver->host,domain);
2142 :
2143 : append_to_strlist(&list,name);
2144 :
2145 : rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
2146 : /* keyserver_work (ctrl, KS_GETNAME, list, NULL, */
2147 : /* 0, fpr, fpr_len, keyserver); */
2148 :
2149 : free_strlist(list);
2150 :
2151 : free_keyserver_spec(keyserver);
2152 :
2153 : return rc;
2154 : #endif
2155 : }
|
