* photoid.c (get_default_photo_command, show_photos): Honor
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002 Free Software Foundation, Inc.
3  *
4  * This file is part of GnuPG.
5  *
6  * GnuPG is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * GnuPG is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19  */
20
21 #include <config.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26
27 #include "filter.h"
28 #include "keydb.h"
29 #include "status.h"
30 #include "exec.h"
31 #include "main.h"
32 #include "i18n.h"
33 #include "hkp.h"
34 #include "iobuf.h"
35 #include "memory.h"
36 #include "options.h"
37 #include "packet.h"
38 #include "keyserver-internal.h"
39 #include "util.h"
40
41 #define KEYSERVER_PROTO_VERSION 0
42
43 #define GET    0
44 #define SEND   1
45 #define SEARCH 2
46
47 struct kopts
48 {
49   char *name;
50   int tell; /* tell remote process about this one */
51   int *flag;
52 } keyserver_opts[]=
53 {
54   {"include-revoked",1,&opt.keyserver_options.include_revoked},
55   {"include-disabled",1,&opt.keyserver_options.include_disabled},
56   {"include-subkeys",1,&opt.keyserver_options.include_subkeys},
57   {"keep-temp-files",0,&opt.keyserver_options.keep_temp_files},
58   {"honor-http-proxy",1,&opt.keyserver_options.honor_http_proxy},
59   {"broken-http-proxy",1,&opt.keyserver_options.broken_http_proxy},
60   {"refresh-add-fake-v3-keyids",0,&opt.keyserver_options.fake_v3_keyids},
61   {"auto-key-retrieve",0,&opt.keyserver_options.auto_key_retrieve},
62   {NULL}
63 };
64
65 void 
66 parse_keyserver_options(char *options)
67 {
68   char *tok="";
69
70   do
71     {
72       struct kopts *kopts=keyserver_opts;
73       int i,hit=0;
74
75       for(i=0,kopts=keyserver_opts;kopts[i].name;i++)
76         {
77           if(ascii_strcasecmp(tok,kopts[i].name)==0)
78             {
79               *(kopts[i].flag)=1;
80               hit=1;
81               break;
82             }
83           else if(ascii_memcasecmp("no-",tok,3)==0 && strlen(tok)>3 &&
84                   ascii_strcasecmp(&tok[3],kopts[i].name)==0)
85             {
86               *(kopts[i].flag)=0;
87               hit=1;
88               break;
89             }
90         }
91
92       /* These options need more than just a flag */
93       if(!hit)
94         {
95           if(ascii_strcasecmp(tok,"verbose")==0)
96             opt.keyserver_options.verbose++;
97           else if(ascii_strcasecmp(tok,"no-verbose")==0)
98             opt.keyserver_options.verbose--;
99 #ifdef EXEC_TEMPFILE_ONLY
100           else if(ascii_strcasecmp(tok,"use-temp-files")==0 ||
101                   ascii_strcasecmp(tok,"no-use-temp-files")==0)
102             log_info(_("Warning: keyserver option \"%s\" is not used "
103                        "on this platform\n"),tok);
104 #else
105           else if(ascii_strcasecmp(tok,"use-temp-files")==0)
106             opt.keyserver_options.use_temp_files=1;
107           else if(ascii_strcasecmp(tok,"no-use-temp-files")==0)
108             opt.keyserver_options.use_temp_files=0;
109 #endif
110           else if(strlen(tok)>0)
111             add_to_strlist(&opt.keyserver_options.other,tok);
112         }
113
114       tok=strsep(&options," ,");
115     }
116     while(tok!=NULL);
117 }
118
119 int 
120 parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
121 {
122   /* Get the scheme */
123
124   opt.keyserver_scheme=strsep(&uri,":");
125   if(uri==NULL)
126     {
127       uri=opt.keyserver_scheme;
128       opt.keyserver_scheme="hkp";
129     }
130
131   if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)
132     {
133       deprecated_warning(configname,configlineno,"x-broken-hkp",
134                          "--keyserver-options ","broken-http-proxy");
135       opt.keyserver_scheme="hkp";
136       opt.keyserver_options.broken_http_proxy=1;
137     }
138   else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0)
139     {
140       /* Canonicalize this to "hkp" so it works with both the internal
141          and external keyserver interface. */
142       opt.keyserver_scheme="hkp";
143     }
144
145   /* Skip the "//", if any */
146   if(strlen(uri)>2 && uri[0]=='/' && uri[1]=='/')
147     uri+=2;
148
149   /* Get the host */
150   opt.keyserver_host=strsep(&uri,":/");
151   if(uri==NULL || uri[0]=='\0')
152     opt.keyserver_port="0";
153   else
154     {
155       char *ch;
156
157       /* Get the port */
158       opt.keyserver_port=strsep(&uri,"/");
159
160       /* Ports are digits only */
161       ch=opt.keyserver_port;
162       while(*ch!='\0')
163         {
164           if(!isdigit(*ch))
165             return G10ERR_BAD_URI;
166
167           ch++;
168         }
169
170       if(strlen(opt.keyserver_port)==0 ||
171          atoi(opt.keyserver_port)<1 || atoi(opt.keyserver_port)>65535)
172         return G10ERR_BAD_URI;
173     }
174
175   /* (any path part of the URI is discarded for now as no keyserver
176      uses it) */
177
178   if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
179     return G10ERR_BAD_URI;
180
181   return 0;
182 }
183
184 /* Unquote only the delimiter character and backslashes (\x5C) */
185 static void 
186 printunquoted(char *string,char delim)
187 {
188   char *ch=string;
189
190   while(*ch)
191     {
192       if(*ch=='\\')
193         {
194           int c;
195
196           sscanf(ch,"\\x%02x",&c);
197           if(c==delim)
198             {
199               printf("%c",c);
200               ch+=3;
201             }
202           else if(c=='\\')
203             {
204               fputc('\\',stdout);
205               ch+=3;
206             }
207           else
208             fputc(*ch,stdout);
209         }
210       else
211         fputc(*ch,stdout);
212
213       ch++;
214     }
215 }
216
217 static int 
218 print_keyinfo(int count,char *keystring,KEYDB_SEARCH_DESC *desc)
219 {
220   char *certid,*userid,*keytype,*tok;
221   int flags,keysize=0;
222   time_t createtime=0,expiretime=0,modifytime=0;
223
224   if((certid=strsep(&keystring,":"))==NULL)
225     return -1;
226
227   classify_user_id (certid, desc);
228   if(desc->mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
229      desc->mode!=KEYDB_SEARCH_MODE_LONG_KID &&
230      desc->mode!=KEYDB_SEARCH_MODE_FPR16 &&
231      desc->mode!=KEYDB_SEARCH_MODE_FPR20)
232     return -1;
233
234   if((tok=strsep(&keystring,":"))==NULL)
235     return -1;
236
237   userid=utf8_to_native(tok,strlen(tok),0);
238
239   if((tok=strsep(&keystring,":"))==NULL)
240     return -1;
241
242   flags=atoi(tok);
243
244   if((tok=strsep(&keystring,":"))==NULL)
245     return -1;
246
247   createtime=atoi(tok);
248
249   if((tok=strsep(&keystring,":"))==NULL)
250     return -1;
251
252   expiretime=atoi(tok);
253
254   if((tok=strsep(&keystring,":"))==NULL)
255     return -1;
256
257   modifytime=atoi(tok);
258
259   if((keytype=strsep(&keystring,":"))==NULL)
260     return -1;
261
262   /* The last one */
263   if(keystring!=NULL)
264     keysize=atoi(keystring);
265
266   printf("(%d)\t",count);
267
268   /* No need to check for control characters, as utf8_to_native does
269      this for us. */
270   printunquoted(userid,':');
271
272   if(flags&1)
273     printf(" (revoked)");
274   if(flags&2)
275     printf(" (disabled)");
276
277   if(keytype[0])
278     printf(" %s",keytype);
279
280   if(keysize>0)
281     printf(" %d",keysize);
282
283   printf("\n\t  created %s,",strtimestamp(createtime));
284
285   if(expiretime>0)
286     printf(" expires %s,",strtimestamp(expiretime));
287
288   printf(" key %s\n",certid);
289
290   return 0;
291 }
292
293 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
294 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
295
296 static int 
297 keyserver_spawn(int action,STRLIST list,
298                 KEYDB_SEARCH_DESC *desc,int count,int *prog)
299 {
300   int ret=0,i,gotversion=0,outofband=0;
301   STRLIST temp;
302   unsigned int maxlen=256,buflen;
303   char *command=NULL,*searchstr=NULL;
304   byte *line=NULL;
305   struct kopts *kopts;
306   struct exec_info *spawn;
307
308 #ifdef EXEC_TEMPFILE_ONLY
309   opt.keyserver_options.use_temp_files=1;
310 #endif
311
312   /* Build the filename for the helper to execute */
313
314   command=m_alloc(strlen("gpgkeys_")+strlen(opt.keyserver_scheme)+1);
315   strcpy(command,"gpgkeys_");
316   strcat(command,opt.keyserver_scheme);
317
318   if(opt.keyserver_options.use_temp_files)
319     {
320       if(opt.keyserver_options.keep_temp_files)
321         {
322           command=m_realloc(command,strlen(command)+
323                             strlen(KEYSERVER_ARGS_KEEP)+1);
324           strcat(command,KEYSERVER_ARGS_KEEP);
325         }
326       else
327         {
328           command=m_realloc(command,strlen(command)+
329                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
330           strcat(command,KEYSERVER_ARGS_NOKEEP);  
331         }
332
333       ret=exec_write(&spawn,NULL,command,NULL,0,0);
334     }
335   else
336     ret=exec_write(&spawn,command,NULL,NULL,0,0);
337
338   if(ret)
339     return ret;
340
341   fprintf(spawn->tochild,"# This is a gpg keyserver communications file\n");
342   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
343   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
344   fprintf(spawn->tochild,"HOST %s\n",opt.keyserver_host);
345
346   if(atoi(opt.keyserver_port)>0)
347     fprintf(spawn->tochild,"PORT %s\n",opt.keyserver_port);
348
349   /* Write options */
350
351   for(i=0,kopts=keyserver_opts;kopts[i].name;i++)
352     if(*(kopts[i].flag) && kopts[i].tell)
353       fprintf(spawn->tochild,"OPTION %s\n",kopts[i].name);
354
355   for(i=0;i<opt.keyserver_options.verbose;i++)
356     fprintf(spawn->tochild,"OPTION verbose\n");
357
358   temp=opt.keyserver_options.other;
359
360   for(;temp;temp=temp->next)
361     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
362
363   switch(action)
364     {
365     case GET:
366       {
367         fprintf(spawn->tochild,"COMMAND GET\n\n");
368
369         /* Which keys do we want? */
370
371         for(i=0;i<count;i++)
372           {
373             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
374               {
375                 int f;
376
377                 fprintf(spawn->tochild,"0x");
378
379                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
380                   fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]);
381
382                 fprintf(spawn->tochild,"\n");
383               }
384             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
385               {
386                 int f;
387
388                 fprintf(spawn->tochild,"0x");
389
390                 for(f=0;f<16;f++)
391                   fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]);
392
393                 fprintf(spawn->tochild,"\n");
394               }
395             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
396               fprintf(spawn->tochild,"0x%08lX%08lX\n",
397                       (ulong)desc[i].u.kid[0],
398                       (ulong)desc[i].u.kid[1]);
399             else
400               fprintf(spawn->tochild,"0x%08lX\n",
401                       (ulong)desc[i].u.kid[1]);
402           }
403
404         fprintf(spawn->tochild,"\n");
405
406         break;
407       }
408
409     case SEND:
410       {
411         STRLIST key;
412
413         /* Note the extra \n here to send an empty keylist block */
414         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
415
416         for(key=list;key!=NULL;key=key->next)
417           {
418             armor_filter_context_t afx;
419             IOBUF buffer=iobuf_temp();
420
421             temp=NULL;
422             add_to_strlist(&temp,key->d);
423
424             memset(&afx,0,sizeof(afx));
425             afx.what=1;
426             iobuf_push_filter(buffer,armor_filter,&afx);
427
428             if(export_pubkeys_stream(buffer,temp,1)==-1)
429               iobuf_close(buffer);
430             else
431               {
432                 iobuf_flush_temp(buffer);
433
434                 fprintf(spawn->tochild,"KEY %s BEGIN\n",key->d);
435                 fwrite(iobuf_get_temp_buffer(buffer),
436                        iobuf_get_temp_length(buffer),1,spawn->tochild);
437                 fprintf(spawn->tochild,"KEY %s END\n",key->d);
438
439                 iobuf_close(buffer);
440               }
441
442             free_strlist(temp);
443           }
444
445         break;
446       }
447
448     case SEARCH:
449       {
450         STRLIST key;
451
452         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
453
454         /* Which keys do we want?  Remember that the gpgkeys_ program
455            is going to lump these together into a search string. */
456
457         for(key=list;key!=NULL;key=key->next)
458           {
459             fprintf(spawn->tochild,"%s\n",key->d);
460             if(key!=list)
461               {
462                 searchstr=m_realloc(searchstr,
463                                     strlen(searchstr)+strlen(key->d)+2);
464                 strcat(searchstr," ");
465               }
466             else
467               {
468                 searchstr=m_alloc(strlen(key->d)+1);
469                 searchstr[0]='\0';
470               }
471
472             strcat(searchstr,key->d);
473           }
474
475         fprintf(spawn->tochild,"\n");
476
477         break;
478       }
479
480     default:
481       log_fatal(_("no keyserver action!\n"));
482       break;
483     }
484
485   /* Done sending, so start reading. */
486   ret=exec_read(spawn);
487   if(ret)
488     goto fail;
489
490   /* Now handle the response */
491
492   for(;;)
493     {
494       char *ptr;
495
496       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
497         {
498           ret=G10ERR_READ_FILE;
499           goto fail; /* i.e. EOF */
500         }
501
502       ptr=line;
503
504       if(*ptr=='\r')
505         ptr++;
506
507       if(*ptr=='\n')
508         ptr++;
509
510       if(*ptr=='\0')
511         break;
512
513       if(ascii_memcasecmp(ptr,"VERSION ",8)==0)
514         {
515           gotversion=1;
516
517           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
518             {
519               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
520                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
521               goto fail;
522             }
523         }
524       else if(ascii_memcasecmp(ptr,"PROGRAM ",8)==0)
525         {
526           if(ascii_memcasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
527             log_info(_("Warning: keyserver handler from a different "
528                        "version of GnuPG (%s)\n"),&ptr[8]);
529         }
530       else if(ascii_memcasecmp(ptr,"OPTION OUTOFBAND",16)==0)
531         outofband=1; /* Currently the only OPTION */
532     }
533
534   m_free(line);
535
536   if(!gotversion)
537     {
538       log_error(_("keyserver did not send VERSION\n"));
539       goto fail;
540     }
541
542   if(!outofband)
543     switch(action)
544       {
545       case GET:
546         {
547           void *stats_handle;
548
549           stats_handle=import_new_stats_handle();
550
551           /* Slurp up all the key data.  In the future, it might be nice
552              to look for KEY foo OUTOFBAND and FAILED indicators.  It's
553              harmless to ignore them, but ignoring them does make gpg
554              complain about "no valid OpenPGP data found".  One way to
555              do this could be to continue parsing this line-by-line and
556              make a temp iobuf for each key. */
557
558           import_keys_stream(spawn->fromchild,0,stats_handle);
559
560           import_print_stats(stats_handle);
561           import_release_stats_handle(stats_handle);
562
563           break;
564         }
565
566         /* Nothing to do here */
567       case SEND:
568         break;
569
570       case SEARCH:
571         {
572           line=NULL;
573           buflen = 0;
574           maxlen = 80;
575           /* Look for the COUNT line */
576           do
577             {
578               if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
579                 {
580                   ret=G10ERR_READ_FILE;
581                   goto fail; /* i.e. EOF */
582                 }
583             }
584           while(sscanf(line,"COUNT %d\n",&i)!=1);
585
586           keyserver_search_prompt(spawn->fromchild,i,searchstr);
587
588           break;
589         }
590
591       default:
592         log_fatal(_("no keyserver action!\n"));
593         break;
594       }
595
596  fail:
597   *prog=exec_finish(spawn);
598
599   return ret;
600 }
601
602 static int 
603 keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,int count)
604 {
605   int rc=0,ret=0;
606
607   if(opt.keyserver_scheme==NULL ||
608      opt.keyserver_host==NULL ||
609      opt.keyserver_port==NULL)
610     {
611       log_error(_("no keyserver known (use option --keyserver)\n"));
612       return G10ERR_BAD_URI;
613     }
614
615 #ifndef USE_EXTERNAL_HKP
616   /* Use the internal HKP code */
617   if(ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0)
618     {
619       void *stats_handle = import_new_stats_handle ();
620
621       switch(action)
622         {
623         case GET:
624           for(count--;count>=0;count--)
625             if(hkp_ask_import(&desc[count],stats_handle))
626               log_inc_errorcount();
627           break;
628         case SEND:
629           return hkp_export(list);
630         case SEARCH:
631           return hkp_search(list);
632         }
633
634       import_print_stats (stats_handle);
635       import_release_stats_handle (stats_handle);
636
637       return 0;
638     }
639 #endif
640
641 #ifdef DISABLE_KEYSERVER_HELPERS
642   log_error(_("external keyserver calls are not supported in this build\n"));
643   return G10ERR_KEYSERVER;
644 #endif
645
646   /* It's not the internal HKP code, so try and spawn a handler for it */
647
648   rc=keyserver_spawn(action,list,desc,count,&ret);
649   if(ret)
650     {
651       switch(ret)
652         {
653         case KEYSERVER_SCHEME_NOT_FOUND:
654           log_error(_("no handler for keyserver scheme \"%s\"\n"),
655                     opt.keyserver_scheme);
656           break;
657
658         case KEYSERVER_NOT_SUPPORTED:
659           log_error(_("action \"%s\" not supported with keyserver "
660                       "scheme \"%s\"\n"),
661                     action==GET?"get":action==SEND?"send":
662                     action==SEARCH?"search":"unknown",
663                     opt.keyserver_scheme);
664
665         case KEYSERVER_INTERNAL_ERROR:
666         default:
667           log_error(_("keyserver internal error\n"));
668           break;
669         }
670
671       return G10ERR_KEYSERVER;
672     }
673
674   if(rc)
675     {
676       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
677
678       return rc;
679     }
680
681   return 0;
682 }
683
684 int 
685 keyserver_export(STRLIST users)
686 {
687   /* We better ask for confirmation when the user entered --send-keys
688      without arguments.  Sending all keys might not be the thing he
689      intended to do */
690   if (users || opt.batch || opt.answer_yes)
691     ;
692   else if ( !cpr_get_answer_is_yes
693             ("keyserver_export.send_all",
694              _("Do you really want to send all your "
695                "public keys to the keyserver? (y/N) ")))
696     return -1;
697
698   return keyserver_work(SEND,users,NULL,0);
699 }
700
701 int 
702 keyserver_import(STRLIST users)
703 {
704   KEYDB_SEARCH_DESC *desc;
705   int num=100,count=0;
706   int rc=0;
707
708   /* Build a list of key ids */
709   desc=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
710
711   for(;users;users=users->next)
712     {
713       classify_user_id (users->d, &desc[count]);
714       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
715          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
716          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
717          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
718         {
719           log_error(_("skipping invalid key ID \"%s\"\n"),users->d);
720           continue;
721         }
722
723       count++;
724       if(count==num)
725         {
726           num+=100;
727           desc=m_realloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
728         }
729     }
730
731   if(count>0)
732     rc=keyserver_work(GET,NULL,desc,count);
733
734   m_free(desc);
735
736   return rc;
737 }
738
739 int
740 keyserver_import_fprint(const byte *fprint,size_t fprint_len)
741 {
742   KEYDB_SEARCH_DESC desc;
743
744   memset(&desc,0,sizeof(desc));
745
746   if(fprint_len==16)
747     desc.mode=KEYDB_SEARCH_MODE_FPR16;
748   else if(fprint_len==20)
749     desc.mode=KEYDB_SEARCH_MODE_FPR20;
750   else
751     return -1;
752
753   memcpy(desc.u.fpr,fprint,fprint_len);
754
755   return keyserver_work(GET,NULL,&desc,1);
756 }
757
758 int 
759 keyserver_import_keyid(u32 *keyid)
760 {
761   KEYDB_SEARCH_DESC desc;
762
763   memset(&desc,0,sizeof(desc));
764
765   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
766   desc.u.kid[0]=keyid[0];
767   desc.u.kid[1]=keyid[1];
768
769   return keyserver_work(GET,NULL,&desc,1);
770 }
771
772 /* code mostly stolen from do_export_stream */
773 static int 
774 keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
775 {
776   int rc=0,ndesc,num=100;
777   KBNODE keyblock=NULL,node;
778   KEYDB_HANDLE kdbhd;
779   KEYDB_SEARCH_DESC *desc;
780   STRLIST sl;
781
782   *count=0;
783
784   *klist=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
785
786   kdbhd=keydb_new(0);
787
788   if(!users)
789     {
790       ndesc = 1;
791       desc = m_alloc_clear ( ndesc * sizeof *desc);
792       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
793     }
794   else
795     {
796       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
797         ;
798       desc = m_alloc ( ndesc * sizeof *desc);
799         
800       for (ndesc=0, sl=users; sl; sl = sl->next)
801         {
802           if(classify_user_id (sl->d, desc+ndesc))
803             ndesc++;
804           else
805             log_error (_("key `%s' not found: %s\n"),
806                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
807         }
808     }
809
810   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
811     {
812       if (!users) 
813         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
814
815       /* read the keyblock */
816       rc = keydb_get_keyblock (kdbhd, &keyblock );
817       if( rc )
818         {
819           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
820           goto leave;
821         }
822
823       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
824         {
825           /* This is to work around a bug in some keyservers (pksd and
826              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
827              The answer is to refresh both the correct v4 keyid
828              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
829              This only happens for key refresh using the HKP scheme
830              and if the refresh-add-fake-v3-keyids keyserver option is
831              set. */
832           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
833              node->pkt->pkt.public_key->version>=4)
834             {
835               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
836               mpi_get_keyid(node->pkt->pkt.public_key->pkey[0],
837                             (*klist)[*count].u.kid);
838               (*count)++;
839
840               if(*count==num)
841                 {
842                   num+=100;
843                   *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
844                 }
845             }
846
847           /* v4 keys get full fingerprints.  v3 keys get long keyids.
848              This is because it's easy to calculate any sort of key id
849              from a v4 fingerprint, but not a v3 fingerprint. */
850
851           if(node->pkt->pkt.public_key->version<4)
852             {
853               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
854               keyid_from_pk(node->pkt->pkt.public_key,
855                             (*klist)[*count].u.kid);
856             }
857           else
858             {
859               size_t dummy;
860
861               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
862               fingerprint_from_pk(node->pkt->pkt.public_key,
863                                   (*klist)[*count].u.fpr,&dummy);
864             }
865
866           (*count)++;
867
868           if(*count==num)
869             {
870               num+=100;
871               *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
872             }
873         }
874     }
875
876   if(rc==-1)
877     rc=0;
878   
879  leave:
880   m_free(desc);
881   keydb_release(kdbhd);
882   release_kbnode(keyblock);
883
884   return rc;
885 }
886
887 /* Note this is different than the original HKP refresh.  It allows
888    usernames to refresh only part of the keyring. */
889
890 int 
891 keyserver_refresh(STRLIST users)
892 {
893   int rc,count,fakev3=0;
894   KEYDB_SEARCH_DESC *desc;
895
896   /* We switch merge_only on during a refresh, as 'refresh' should
897      never import new keys, even if their keyids match.  Is it worth
898      preserving the old merge_only value here? */
899   opt.merge_only=1;
900
901   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
902      scheme, then enable fake v3 keyid generation. */
903   if(opt.keyserver_options.fake_v3_keyids && opt.keyserver_scheme &&
904      (ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0 ||
905       ascii_strcasecmp(opt.keyserver_scheme,"mailto")==0))
906     fakev3=1;
907
908   rc=keyidlist(users,&desc,&count,fakev3);
909   if(rc)
910     return rc;
911
912   if(count==1)
913     log_info(_("refreshing 1 key from %s\n"),opt.keyserver_uri);
914   else
915     log_info(_("refreshing %d keys from %s\n"),count,opt.keyserver_uri);
916
917   if(count>0)
918     rc=keyserver_work(GET,NULL,desc,count);
919
920   m_free(desc);
921
922   return 0;
923 }
924
925 int 
926 keyserver_search(STRLIST tokens)
927 {
928   if(tokens)
929     return keyserver_work(SEARCH,tokens,NULL,0);
930   else
931     return 0;
932 }
933
934 /* Count and searchstr are just for cosmetics.  If the count is too
935    small, it will grow safely.  If negative it disables the "Key x-y
936    of z" messages. */
937 void 
938 keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
939 {
940   int i=0,validcount=1;
941   unsigned int maxlen=256,buflen=0;
942   KEYDB_SEARCH_DESC *desc;
943   byte *line=NULL;
944   char *answer;
945
946   if(count==0)
947     goto notfound;
948
949   if(count<0)
950     {
951       validcount=0;
952       count=10;
953     }
954
955   desc=m_alloc(count*sizeof(KEYDB_SEARCH_DESC));
956
957   /* Read each line and show it to the user */
958
959   for(;;)
960     {
961       int rl;
962
963       if(validcount && i%10==0)
964         {
965           printf("Keys %d-%d of %d",i+1,(i+10<count)?i+10:count,count);
966           if(searchstr)
967             printf(" for \"%s\"",searchstr);
968           printf("\n");
969         }
970
971       maxlen=1024;
972       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
973       if(rl>0)
974         {
975           if(print_keyinfo(i+1,line,&desc[i])==0)
976             {
977               i++;
978
979               if(i==count)
980                 {
981                   count+=10;
982                   desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
983                   validcount=0;
984                 }
985             }
986           else
987             continue;
988         }
989
990       if(rl==0 && i==0)
991         {
992           count=0;
993           break;
994         }
995
996       if(i%10==0 || rl==0)
997         {
998           answer=cpr_get_no_help("keysearch.prompt",
999                                  _("Enter number(s), N)ext, or Q)uit > "));
1000           /* control-d */
1001           if(answer[0]=='\x04')
1002             {
1003               printf("Q\n");
1004               answer[0]='q';
1005             }
1006
1007           if(answer[0]=='q' || answer[0]=='Q')
1008             {
1009               m_free(answer);
1010               break;
1011             }
1012           else if(atoi(answer)>=1 && atoi(answer)<=i)
1013             {
1014               char *split=answer,*num;
1015
1016               while((num=strsep(&split," ,"))!=NULL)
1017                 if(atoi(num)>=1 && atoi(num)<=i)
1018                   keyserver_work(GET,NULL,&desc[atoi(num)-1],1);
1019
1020               m_free(answer);
1021               break;
1022             }
1023         }
1024     }
1025
1026   m_free(desc);
1027   m_free(line);
1028
1029  notfound:
1030   if(count==0)
1031     {
1032       if(searchstr)
1033         log_info(_("key \"%s\" not found on keyserver\n"),searchstr);
1034       else
1035         log_info(_("key not found on keyserver\n"));
1036       return;
1037     }
1038 }