a7c67c00db0287e256e86c7bd06ea1c6ad61aebc
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3  *               2009 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20
21 #include <config.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <assert.h>
27 #include <errno.h>
28
29 #include "gpg.h"
30 #include "iobuf.h"
31 #include "filter.h"
32 #include "keydb.h"
33 #include "status.h"
34 #include "exec.h"
35 #include "main.h"
36 #include "i18n.h"
37 #include "ttyio.h"
38 #include "options.h"
39 #include "packet.h"
40 #include "trustdb.h"
41 #include "keyserver-internal.h"
42 #include "util.h"
43 #include "dns-cert.h"
44 #include "pka.h"
45
46 #ifdef HAVE_W32_SYSTEM
47 /* It seems Vista doesn't grok X_OK and so fails access() tests.
48    Previous versions interpreted X_OK as F_OK anyway, so we'll just
49    use F_OK directly. */
50 #undef X_OK
51 #define X_OK F_OK
52 #endif /* HAVE_W32_SYSTEM */
53
54 struct keyrec
55 {
56   KEYDB_SEARCH_DESC desc;
57   u32 createtime,expiretime;
58   int size,flags;
59   byte type;
60   IOBUF uidbuf;
61   unsigned int lines;
62 };
63
64 enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
65
66 static struct parse_options keyserver_opts[]=
67   {
68     /* some of these options are not real - just for the help
69        message */
70     {"max-cert-size",0,NULL,NULL},
71     {"include-revoked",0,NULL,N_("include revoked keys in search results")},
72     {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
73     {"use-temp-files",0,NULL,
74      N_("use temporary files to pass data to keyserver helpers")},
75     {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL,
76      N_("do not delete temporary files after using them")},
77     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
78      NULL},
79     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
80      N_("automatically retrieve keys when verifying signatures")},
81     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
82      N_("honor the preferred keyserver URL set on the key")},
83     {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
84      N_("honor the PKA record set on a key when retrieving keys")},
85     {NULL,0,NULL,NULL}
86   };
87
88 static int keyserver_work(enum ks_action action,strlist_t list,
89                           KEYDB_SEARCH_DESC *desc,int count,
90                           unsigned char **fpr,size_t *fpr_len,
91                           struct keyserver_spec *keyserver);
92
93 /* Reasonable guess */
94 #define DEFAULT_MAX_CERT_SIZE 16384
95
96 static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
97
98 static void
99 add_canonical_option(char *option,strlist_t *list)
100 {
101   char *arg=argsplit(option);
102
103   if(arg)
104     {
105       char *joined;
106
107       joined=xmalloc(strlen(option)+1+strlen(arg)+1);
108       /* Make a canonical name=value form with no spaces */
109       strcpy(joined,option);
110       strcat(joined,"=");
111       strcat(joined,arg);
112       append_to_strlist(list,joined);
113       xfree(joined);
114     }
115   else
116     append_to_strlist(list,option);
117 }
118
119 int
120 parse_keyserver_options(char *options)
121 {
122   int ret=1;
123   char *tok;
124   char *max_cert=NULL;
125
126   keyserver_opts[0].value=&max_cert;
127
128   while((tok=optsep(&options)))
129     {
130       if(tok[0]=='\0')
131         continue;
132
133       /* For backwards compatibility.  1.2.x used honor-http-proxy and
134          there are a good number of documents published that recommend
135          it. */
136       if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
137         tok="http-proxy";
138       else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
139         tok="no-http-proxy";
140
141       /* We accept quite a few possible options here - some options to
142          handle specially, the keyserver_options list, and import and
143          export options that pertain to keyserver operations.  Note
144          that you must use strncasecmp here as there might be an
145          =argument attached which will foil the use of strcasecmp. */
146
147 #ifdef EXEC_TEMPFILE_ONLY
148       if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
149               ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
150         log_info(_("WARNING: keyserver option `%s' is not used"
151                    " on this platform\n"),tok);
152 #else
153       if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
154         opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
155       else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
156         opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
157 #endif
158       else if(!parse_options(tok,&opt.keyserver_options.options,
159                              keyserver_opts,0)
160          && !parse_import_options(tok,
161                                   &opt.keyserver_options.import_options,0)
162          && !parse_export_options(tok,
163                                   &opt.keyserver_options.export_options,0))
164         {
165           /* All of the standard options have failed, so the option is
166              destined for a keyserver plugin. */
167           add_canonical_option(tok,&opt.keyserver_options.other);
168         }
169     }
170
171   if(max_cert)
172     {
173       max_cert_size=strtoul(max_cert,(char **)NULL,10);
174
175       if(max_cert_size==0)
176         max_cert_size=DEFAULT_MAX_CERT_SIZE;
177     }
178
179   return ret;
180 }
181
182 void
183 free_keyserver_spec(struct keyserver_spec *keyserver)
184 {
185   xfree(keyserver->uri);
186   xfree(keyserver->scheme);
187   xfree(keyserver->auth);
188   xfree(keyserver->host);
189   xfree(keyserver->port);
190   xfree(keyserver->path);
191   xfree(keyserver->opaque);
192   free_strlist(keyserver->options);
193   xfree(keyserver);
194 }
195
196 /* Return 0 for match */
197 static int
198 cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
199 {
200   if(ascii_strcasecmp(one->scheme,two->scheme)==0)
201     {
202       if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
203         {
204           if((one->port && two->port
205               && ascii_strcasecmp(one->port,two->port)==0)
206              || (!one->port && !two->port))
207             return 0;
208         }
209       else if(one->opaque && two->opaque
210               && ascii_strcasecmp(one->opaque,two->opaque)==0)
211         return 0;
212     }
213
214   return 1;
215 }
216
217 /* Try and match one of our keyservers.  If we can, return that.  If
218    we can't, return our input. */
219 struct keyserver_spec *
220 keyserver_match(struct keyserver_spec *spec)
221 {
222   struct keyserver_spec *ks;
223
224   for(ks=opt.keyserver;ks;ks=ks->next)
225     if(cmp_keyserver_spec(spec,ks)==0)
226       return ks;
227
228   return spec;
229 }
230
231 /* TODO: once we cut over to an all-curl world, we don't need this
232    parser any longer so it can be removed, or at least moved to
233    keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
234
235 struct keyserver_spec *
236 parse_keyserver_uri(const char *string,int require_scheme,
237                     const char *configname,unsigned int configlineno)
238 {
239   int assume_hkp=0;
240   struct keyserver_spec *keyserver;
241   const char *idx;
242   int count;
243   char *uri,*options;
244
245   assert(string!=NULL);
246
247   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
248
249   uri=xstrdup(string);
250
251   options=strchr(uri,' ');
252   if(options)
253     {
254       char *tok;
255
256       *options='\0';
257       options++;
258
259       while((tok=optsep(&options)))
260         add_canonical_option(tok,&keyserver->options);
261     }
262
263   /* Get the scheme */
264
265   for(idx=uri,count=0;*idx && *idx!=':';idx++)
266     {
267       count++;
268
269       /* Do we see the start of an RFC-2732 ipv6 address here?  If so,
270          there clearly isn't a scheme so get out early. */
271       if(*idx=='[')
272         {
273           /* Was the '[' the first thing in the string?  If not, we
274              have a mangled scheme with a [ in it so fail. */
275           if(count==1)
276             break;
277           else
278             goto fail;
279         }
280     }
281
282   if(count==0)
283     goto fail;
284
285   if(*idx=='\0' || *idx=='[')
286     {
287       if(require_scheme)
288         return NULL;
289
290       /* Assume HKP if there is no scheme */
291       assume_hkp=1;
292       keyserver->scheme=xstrdup("hkp");
293
294       keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
295       strcpy(keyserver->uri,keyserver->scheme);
296       strcat(keyserver->uri,"://");
297       strcat(keyserver->uri,uri);
298     }
299   else
300     {
301       int i;
302
303       keyserver->uri=xstrdup(uri);
304
305       keyserver->scheme=xmalloc(count+1);
306
307       /* Force to lowercase */
308       for(i=0;i<count;i++)
309         keyserver->scheme[i]=ascii_tolower(uri[i]);
310
311       keyserver->scheme[i]='\0';
312
313       /* Skip past the scheme and colon */
314       uri+=count+1;
315     }
316
317   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
318     {
319       deprecated_warning(configname,configlineno,"x-broken-hkp",
320                          "--keyserver-options ","broken-http-proxy");
321       xfree(keyserver->scheme);
322       keyserver->scheme=xstrdup("hkp");
323       append_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
324     }
325   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
326     {
327       /* Canonicalize this to "hkp" so it works with both the internal
328          and external keyserver interface. */
329       xfree(keyserver->scheme);
330       keyserver->scheme=xstrdup("hkp");
331     }
332
333   if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
334     {
335       /* Three slashes means network path with a default host name.
336          This is a hack because it does not crok all possible
337          combiantions.  We should better repalce all code bythe parser
338          from http.c.  */
339       keyserver->path = xstrdup (uri+2);
340     }
341   else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
342     {
343       /* Two slashes means network path. */
344
345       /* Skip over the "//", if any */
346       if(!assume_hkp)
347         uri+=2;
348
349       /* Do we have userinfo auth data present? */
350       for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
351         count++;
352
353       /* We found a @ before the slash, so that means everything
354          before the @ is auth data. */
355       if(*idx=='@')
356         {
357           if(count==0)
358             goto fail;
359
360           keyserver->auth=xmalloc(count+1);
361           strncpy(keyserver->auth,uri,count);
362           keyserver->auth[count]='\0';
363           uri+=count+1;
364         }
365
366       /* Is it an RFC-2732 ipv6 [literal address] ? */
367       if(*uri=='[')
368         {
369           for(idx=uri+1,count=1;*idx
370                 && ((isascii (*idx) && isxdigit(*idx))
371                     || *idx==':' || *idx=='.');idx++)
372             count++;
373
374           /* Is the ipv6 literal address terminated? */
375           if(*idx==']')
376             count++;
377           else
378             goto fail;
379         }
380       else
381         for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
382           count++;
383
384       if(count==0)
385         goto fail;
386
387       keyserver->host=xmalloc(count+1);
388       strncpy(keyserver->host,uri,count);
389       keyserver->host[count]='\0';
390
391       /* Skip past the host */
392       uri+=count;
393
394       if(*uri==':')
395         {
396           /* It would seem to be reasonable to limit the range of the
397              ports to values between 1-65535, but RFC 1738 and 1808
398              imply there is no limit.  Of course, the real world has
399              limits. */
400
401           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
402             {
403               count++;
404
405               /* Ports are digits only */
406               if(!digitp(idx))
407                 goto fail;
408             }
409
410           keyserver->port=xmalloc(count+1);
411           strncpy(keyserver->port,uri+1,count);
412           keyserver->port[count]='\0';
413
414           /* Skip past the colon and port number */
415           uri+=1+count;
416         }
417
418       /* Everything else is the path */
419       if(*uri)
420         keyserver->path=xstrdup(uri);
421       else
422         keyserver->path=xstrdup("/");
423
424       if(keyserver->path[1])
425         keyserver->flags.direct_uri=1;
426     }
427   else if(uri[0]!='/')
428     {
429       /* No slash means opaque.  Just record the opaque blob and get
430          out. */
431       keyserver->opaque=xstrdup(uri);
432     }
433   else
434     {
435       /* One slash means absolute path.  We don't need to support that
436          yet. */
437       goto fail;
438     }
439
440   return keyserver;
441
442  fail:
443   free_keyserver_spec(keyserver);
444
445   return NULL;
446 }
447
448 struct keyserver_spec *
449 parse_preferred_keyserver(PKT_signature *sig)
450 {
451   struct keyserver_spec *spec=NULL;
452   const byte *p;
453   size_t plen;
454
455   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
456   if(p && plen)
457     {
458       byte *dupe=xmalloc(plen+1);
459
460       memcpy(dupe,p,plen);
461       dupe[plen]='\0';
462       spec=parse_keyserver_uri(dupe,1,NULL,0);
463       xfree(dupe);
464     }
465
466   return spec;
467 }
468
469 static void
470 print_keyrec(int number,struct keyrec *keyrec)
471 {
472   int i;
473
474   iobuf_writebyte(keyrec->uidbuf,0);
475   iobuf_flush_temp(keyrec->uidbuf);
476   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
477
478   if(keyrec->size>0)
479     printf("%d bit ",keyrec->size);
480
481   if(keyrec->type)
482     {
483       const char *str = gcry_pk_algo_name (keyrec->type);
484
485       if(str)
486         printf("%s ",str);
487       else
488         printf("unknown ");
489     }
490
491   switch(keyrec->desc.mode)
492     {
493       /* If the keyserver helper gave us a short keyid, we have no
494          choice but to use it.  Do check --keyid-format to add a 0x if
495          needed. */
496     case KEYDB_SEARCH_MODE_SHORT_KID:
497       printf("key %s%08lX",
498              (opt.keyid_format==KF_0xSHORT
499               || opt.keyid_format==KF_0xLONG)?"0x":"",
500              (ulong)keyrec->desc.u.kid[1]);
501       break;
502
503       /* However, if it gave us a long keyid, we can honor
504          --keyid-format */
505     case KEYDB_SEARCH_MODE_LONG_KID:
506       printf("key %s",keystr(keyrec->desc.u.kid));
507       break;
508
509     case KEYDB_SEARCH_MODE_FPR16:
510       printf("key ");
511       for(i=0;i<16;i++)
512         printf("%02X",keyrec->desc.u.fpr[i]);
513       break;
514
515     case KEYDB_SEARCH_MODE_FPR20:
516       printf("key ");
517       for(i=0;i<20;i++)
518         printf("%02X",keyrec->desc.u.fpr[i]);
519       break;
520
521     default:
522       BUG();
523       break;
524     }
525
526   if(keyrec->createtime>0)
527     {
528       printf(", ");
529       printf(_("created: %s"),strtimestamp(keyrec->createtime));
530     }
531
532   if(keyrec->expiretime>0)
533     {
534       printf(", ");
535       printf(_("expires: %s"),strtimestamp(keyrec->expiretime));
536     }
537
538   if(keyrec->flags&1)
539     printf(" (%s)",_("revoked"));
540   if(keyrec->flags&2)
541     printf(" (%s)",_("disabled"));
542   if(keyrec->flags&4)
543     printf(" (%s)",_("expired"));
544
545   printf("\n");
546 }
547
548 /* Returns a keyrec (which must be freed) once a key is complete, and
549    NULL otherwise.  Call with a NULL keystring once key parsing is
550    complete to return any unfinished keys. */
551 static struct keyrec *
552 parse_keyrec(char *keystring)
553 {
554   static struct keyrec *work=NULL;
555   struct keyrec *ret=NULL;
556   char *record;
557   int i;
558
559   if(keystring==NULL)
560     {
561       if(work==NULL)
562         return NULL;
563       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
564         {
565           xfree(work);
566           return NULL;
567         }
568       else
569         {
570           ret=work;
571           work=NULL;
572           return ret;
573         }
574     }
575
576   if(work==NULL)
577     {
578       work=xmalloc_clear(sizeof(struct keyrec));
579       work->uidbuf=iobuf_temp();
580     }
581
582   /* Remove trailing whitespace */
583   for(i=strlen(keystring);i>0;i--)
584     if(ascii_isspace(keystring[i-1]))
585       keystring[i-1]='\0';
586     else
587       break;
588
589   if((record=strsep(&keystring,":"))==NULL)
590     return ret;
591
592   if(ascii_strcasecmp("pub",record)==0)
593     {
594       char *tok;
595
596       if(work->desc.mode)
597         {
598           ret=work;
599           work=xmalloc_clear(sizeof(struct keyrec));
600           work->uidbuf=iobuf_temp();
601         }
602
603       if((tok=strsep(&keystring,":"))==NULL)
604         return ret;
605
606       classify_user_id(tok,&work->desc);
607       if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
608          && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
609          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
610          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
611         {
612           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
613           return ret;
614         }
615
616       /* Note all items after this are optional.  This allows us to
617          have a pub line as simple as pub:keyid and nothing else. */
618
619       work->lines++;
620
621       if((tok=strsep(&keystring,":"))==NULL)
622         return ret;
623
624       work->type=atoi(tok);
625
626       if((tok=strsep(&keystring,":"))==NULL)
627         return ret;
628
629       work->size=atoi(tok);
630
631       if((tok=strsep(&keystring,":"))==NULL)
632         return ret;
633
634       if(atoi(tok)<=0)
635         work->createtime=0;
636       else
637         work->createtime=atoi(tok);
638
639       if((tok=strsep(&keystring,":"))==NULL)
640         return ret;
641
642       if(atoi(tok)<=0)
643         work->expiretime=0;
644       else
645         {
646           work->expiretime=atoi(tok);
647           /* Force the 'e' flag on if this key is expired. */
648           if(work->expiretime<=make_timestamp())
649             work->flags|=4;
650         }
651
652       if((tok=strsep(&keystring,":"))==NULL)
653         return ret;
654
655       while(*tok)
656         switch(*tok++)
657           {
658           case 'r':
659           case 'R':
660             work->flags|=1;
661             break;
662             
663           case 'd':
664           case 'D':
665             work->flags|=2;
666             break;
667
668           case 'e':
669           case 'E':
670             work->flags|=4;
671             break;
672           }
673     }
674   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
675     {
676       char *userid,*tok,*decoded;
677
678       if((tok=strsep(&keystring,":"))==NULL)
679         return ret;
680
681       if(strlen(tok)==0)
682         return ret;
683
684       userid=tok;
685
686       /* By definition, de-%-encoding is always smaller than the
687          original string so we can decode in place. */
688
689       i=0;
690
691       while(*tok)
692         if(tok[0]=='%' && tok[1] && tok[2])
693           {
694             int c;
695
696             userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
697             i++;
698             tok+=3;
699           }
700         else
701           userid[i++]=*tok++;
702
703       /* We don't care about the other info provided in the uid: line
704          since no keyserver supports marking userids with timestamps
705          or revoked/expired/disabled yet. */
706
707       /* No need to check for control characters, as utf8_to_native
708          does this for us. */
709
710       decoded=utf8_to_native(userid,i,0);
711       if(strlen(decoded)>opt.screen_columns-10)
712         decoded[opt.screen_columns-10]='\0';
713       iobuf_writestr(work->uidbuf,decoded);
714       xfree(decoded);
715       iobuf_writestr(work->uidbuf,"\n\t");
716       work->lines++;
717     }
718
719   /* Ignore any records other than "pri" and "uid" for easy future
720      growth. */
721
722   return ret;
723 }
724
725 /* TODO: do this as a list sent to keyserver_work rather than calling
726    it once for each key to get the correct counts after the import
727    (cosmetics, really) and to better take advantage of the keyservers
728    that can do multiple fetches in one go (LDAP). */
729 static int
730 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
731 {
732   char *answer;
733
734   fflush (stdout);
735
736   if(count && opt.command_fd==-1)
737     {
738       static int from=1;
739       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
740       from=numdesc+1;
741     }
742
743   answer=cpr_get_no_help("keysearch.prompt",
744                          _("Enter number(s), N)ext, or Q)uit > "));
745   /* control-d */
746   if(answer[0]=='\x04')
747     {
748       printf("Q\n");
749       answer[0]='q';
750     }
751
752   if(answer[0]=='q' || answer[0]=='Q')
753     {
754       xfree(answer);
755       return 1;
756     }
757   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
758     {
759       char *split=answer,*num;
760
761       while((num=strsep(&split," ,"))!=NULL)
762         if(atoi(num)>=1 && atoi(num)<=numdesc)
763           keyserver_work(KS_GET,NULL,&desc[atoi(num)-1],1,
764                          NULL,NULL,opt.keyserver);
765
766       xfree(answer);
767       return 1;
768     }
769
770   return 0;
771 }
772
773 /* Count and searchstr are just for cosmetics.  If the count is too
774    small, it will grow safely.  If negative it disables the "Key x-y
775    of z" messages.  searchstr should be UTF-8 (rather than native). */
776 static void
777 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
778 {
779   int i=0,validcount=0,started=0,header=0,count=1;
780   unsigned int maxlen,buflen,numlines=0;
781   KEYDB_SEARCH_DESC *desc;
782   byte *line=NULL;
783   char *localstr=NULL;
784
785   if(searchstr)
786     localstr=utf8_to_native(searchstr,strlen(searchstr),0);
787
788   desc=xmalloc(count*sizeof(KEYDB_SEARCH_DESC));
789
790   for(;;)
791     {
792       struct keyrec *keyrec;
793       int rl;
794
795       maxlen=1024;
796       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
797
798       if(opt.with_colons)
799         {
800           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
801              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
802             {
803               header=1;
804               continue;
805             }
806           else if(ascii_strncasecmp("SEARCH ",line,7)==0
807                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
808             continue;
809
810           printf("%s",line);
811         }
812
813       /* Look for an info: line.  The only current info: values
814          defined are the version and key count. */
815       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
816         {
817           char *tok,*str=&line[5];
818
819           if((tok=strsep(&str,":"))!=NULL)
820             {
821               int version;
822
823               if(sscanf(tok,"%d",&version)!=1)
824                 version=1;
825
826               if(version!=1)
827                 {
828                   log_error(_("invalid keyserver protocol "
829                               "(us %d!=handler %d)\n"),1,version);
830                   break;
831                 }
832             }
833
834           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
835             {
836               if(count==0)
837                 goto notfound;
838               else if(count<0)
839                 count=10;
840               else
841                 validcount=1;
842
843               desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
844             }
845
846           started=1;
847           continue;
848         }
849
850       if(rl==0)
851         {
852           keyrec=parse_keyrec(NULL);
853
854           if(keyrec==NULL)
855             {
856               if(i==0)
857                 {
858                   count=0;
859                   break;
860                 }
861
862               if(i!=count)
863                 validcount=0;
864
865               if (opt.with_colons && opt.batch)
866                 break;
867                 
868               for(;;)
869                 {
870                   if(show_prompt(desc,i,validcount?count:0,localstr))
871                     break;
872                   validcount=0;
873                 }
874
875               break;
876             }
877         }
878       else
879         keyrec=parse_keyrec(line);
880
881       if(i==count)
882         {
883           /* keyserver helper sent more keys than they claimed in the
884              info: line. */
885           count+=10;
886           desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
887           validcount=0;
888         }
889
890       if(keyrec)
891         {
892           desc[i]=keyrec->desc;
893
894           if(!opt.with_colons)
895             {
896               /* screen_lines - 1 for the prompt. */
897               if(numlines+keyrec->lines>opt.screen_lines-1)
898                 {
899                   if(show_prompt(desc,i,validcount?count:0,localstr))
900                     break;
901                   else
902                     numlines=0;
903                 }
904
905               print_keyrec(i+1,keyrec);
906             }
907
908           numlines+=keyrec->lines;
909           iobuf_close(keyrec->uidbuf);
910           xfree(keyrec);
911
912           started=1;
913           i++;
914         }
915     }
916
917  notfound:
918   /* Leave this commented out or now, and perhaps for a very long
919      time.  All HKPish servers return HTML error messages for
920      no-key-found. */
921   /* 
922      if(!started)
923      log_info(_("keyserver does not support searching\n"));
924      else
925   */
926   if(count==0)
927     {
928       if(localstr)
929         log_info(_("key \"%s\" not found on keyserver\n"),localstr);
930       else
931         log_info(_("key not found on keyserver\n"));
932     }
933
934   xfree(localstr);
935   xfree(desc);
936   xfree(line);
937 }
938
939 /* We sometimes want to use a different gpgkeys_xxx for a given
940    protocol (for example, ldaps is handled by gpgkeys_ldap).  Map
941    these here. */
942 static const char *
943 keyserver_typemap(const char *type)
944 {
945   if(strcmp(type,"ldaps")==0)
946     return "ldap";
947   else if(strcmp(type,"hkps")==0)
948     return "hkp";
949   else
950     return type;
951 }
952
953 /* The PGP LDAP and the curl fetch-a-LDAP-object methodologies are
954    sufficiently different that we can't use curl to do LDAP. */
955 static int
956 direct_uri_map(const char *scheme,unsigned int is_direct)
957 {
958   if(is_direct && strcmp(scheme,"ldap")==0)
959     return 1;
960
961   return 0;
962 }
963
964 #if GNUPG_MAJOR_VERSION == 2
965 #define GPGKEYS_PREFIX "gpg2keys_"
966 #else
967 #define GPGKEYS_PREFIX "gpgkeys_"
968 #endif
969 #define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
970 #define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
971 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
972 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
973
974 static int 
975 keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
976                 int count,int *prog,unsigned char **fpr,size_t *fpr_len,
977                 struct keyserver_spec *keyserver)
978 {
979   int ret=0,i,gotversion=0,outofband=0;
980   strlist_t temp;
981   unsigned int maxlen,buflen;
982   char *command,*end,*searchstr=NULL;
983   byte *line=NULL;
984   struct exec_info *spawn;
985   const char *scheme;
986   const char *libexecdir = gnupg_libexecdir ();
987
988   assert(keyserver);
989
990 #ifdef EXEC_TEMPFILE_ONLY
991   opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
992 #endif
993
994   /* Build the filename for the helper to execute */
995   scheme=keyserver_typemap(keyserver->scheme);
996
997 #ifdef DISABLE_KEYSERVER_PATH
998   /* Destroy any path we might have.  This is a little tricky,
999      portability-wise.  It's not correct to delete the PATH
1000      environment variable, as that may fall back to a system built-in
1001      PATH.  Similarly, it is not correct to set PATH to the null
1002      string (PATH="") since this actually deletes the PATH environment
1003      variable under MinGW.  The safest thing to do here is to force
1004      PATH to be GNUPG_LIBEXECDIR.  All this is not that meaningful on
1005      Unix-like systems (since we're going to give a full path to
1006      gpgkeys_foo), but on W32 it prevents loading any DLLs from
1007      directories in %PATH%.
1008
1009      After some more thinking about this we came to the conclusion
1010      that it is better to load the helpers from the directory where
1011      the program of this process lives.  Fortunately Windows provides
1012      a way to retrieve this and our gnupg_libexecdir function has been
1013      modified to return just this.  Setting the exec-path is not
1014      anymore required.  
1015        set_exec_path(libexecdir);
1016  */
1017 #else
1018   if(opt.exec_path_set)
1019     {
1020       /* If exec-path was set, and DISABLE_KEYSERVER_PATH is
1021          undefined, then don't specify a full path to gpgkeys_foo, so
1022          that the PATH can work. */
1023       command=xmalloc(GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
1024       command[0]='\0';
1025     }
1026   else
1027 #endif
1028     {
1029       /* Specify a full path to gpgkeys_foo. */
1030       command=xmalloc(strlen(libexecdir)+strlen(DIRSEP_S)+
1031                       GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
1032       strcpy(command,libexecdir);
1033       strcat(command,DIRSEP_S);
1034     }
1035
1036   end=command+strlen(command);
1037
1038   /* Build a path for the keyserver helper.  If it is direct_uri
1039      (i.e. an object fetch and not a keyserver), then add "_uri" to
1040      the end to distinguish the keyserver helper from an object
1041      fetcher that can speak that protocol (this is a problem for
1042      LDAP). */
1043
1044   strcat(command,GPGKEYS_PREFIX); 
1045   strcat(command,scheme);
1046
1047   /* This "_uri" thing is in case we need to call a direct handler
1048      instead of the keyserver handler.  This lets us use gpgkeys_curl
1049      or gpgkeys_ldap_uri (we don't provide it, but a user might)
1050      instead of gpgkeys_ldap to fetch things like
1051      ldap://keyserver.pgp.com/o=PGP%20keys?pgpkey?sub?pgpkeyid=99242560 */
1052
1053   if(direct_uri_map(scheme,keyserver->flags.direct_uri))
1054     strcat(command,"_uri");
1055
1056   strcat(command,EXEEXT);
1057
1058   /* Can we execute it?  If not, try curl as our catchall. */
1059   if(path_access(command,X_OK)!=0)
1060     strcpy(end,GPGKEYS_CURL);
1061
1062   if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
1063     {
1064       if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
1065         {
1066           command=xrealloc(command,strlen(command)+
1067                             strlen(KEYSERVER_ARGS_KEEP)+1);
1068           strcat(command,KEYSERVER_ARGS_KEEP);
1069         }
1070       else
1071         {
1072           command=xrealloc(command,strlen(command)+
1073                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
1074           strcat(command,KEYSERVER_ARGS_NOKEEP);  
1075         }
1076
1077       ret=exec_write(&spawn,NULL,command,NULL,0,0);
1078     }
1079   else
1080     ret=exec_write(&spawn,command,NULL,NULL,0,0);
1081
1082   xfree(command);
1083
1084   if(ret)
1085     return ret;
1086
1087   fprintf(spawn->tochild,
1088           "# This is a GnuPG %s keyserver communications file\n",VERSION);
1089   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
1090   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
1091   fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
1092
1093   if(keyserver->opaque)
1094     fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
1095   else
1096     {
1097       if(keyserver->auth)
1098         fprintf(spawn->tochild,"AUTH %s\n",keyserver->auth);
1099
1100       if(keyserver->host)
1101         fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
1102
1103       if(keyserver->port)
1104         fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
1105
1106       if(keyserver->path)
1107         fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
1108     }
1109
1110   /* Write global options */
1111
1112   for(temp=opt.keyserver_options.other;temp;temp=temp->next)
1113     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1114
1115   /* Write per-keyserver options */
1116
1117   for(temp=keyserver->options;temp;temp=temp->next)
1118     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1119
1120   switch(action)
1121     {
1122     case KS_GET:
1123       {
1124         fprintf(spawn->tochild,"COMMAND GET\n\n");
1125
1126         /* Which keys do we want? */
1127
1128         for(i=0;i<count;i++)
1129           {
1130             int quiet=0;
1131
1132             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
1133               {
1134                 int f;
1135
1136                 fprintf(spawn->tochild,"0x");
1137
1138                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
1139                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1140
1141                 fprintf(spawn->tochild,"\n");
1142               }
1143             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
1144               {
1145                 int f;
1146
1147                 fprintf(spawn->tochild,"0x");
1148
1149                 for(f=0;f<16;f++)
1150                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1151
1152                 fprintf(spawn->tochild,"\n");
1153               }
1154             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
1155               fprintf(spawn->tochild,"0x%08lX%08lX\n",
1156                       (ulong)desc[i].u.kid[0],
1157                       (ulong)desc[i].u.kid[1]);
1158             else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
1159               fprintf(spawn->tochild,"0x%08lX\n",
1160                       (ulong)desc[i].u.kid[1]);
1161             else if(desc[i].mode==KEYDB_SEARCH_MODE_EXACT)
1162               {
1163                 fprintf(spawn->tochild,"0x0000000000000000\n");
1164                 quiet=1;
1165               }
1166             else if(desc[i].mode==KEYDB_SEARCH_MODE_NONE)
1167               continue;
1168             else
1169               BUG();
1170
1171             if(!quiet)
1172               {
1173                 if(keyserver->host)
1174                   log_info(_("requesting key %s from %s server %s\n"),
1175                            keystr_from_desc(&desc[i]),
1176                            keyserver->scheme,keyserver->host);
1177                 else
1178                   log_info(_("requesting key %s from %s\n"),
1179                            keystr_from_desc(&desc[i]),keyserver->uri);
1180               }
1181           }
1182
1183         fprintf(spawn->tochild,"\n");
1184
1185         break;
1186       }
1187
1188     case KS_GETNAME:
1189       {
1190         strlist_t key;
1191
1192         fprintf(spawn->tochild,"COMMAND GETNAME\n\n");
1193
1194         /* Which names do we want? */
1195
1196         for(key=list;key!=NULL;key=key->next)
1197           fprintf(spawn->tochild,"%s\n",key->d);
1198
1199         fprintf(spawn->tochild,"\n");
1200
1201         if(keyserver->host)
1202           log_info(_("searching for names from %s server %s\n"),
1203                    keyserver->scheme,keyserver->host);
1204         else
1205           log_info(_("searching for names from %s\n"),keyserver->uri);
1206
1207         break;
1208       }
1209
1210     case KS_SEND:
1211       {
1212         strlist_t key;
1213
1214         /* Note the extra \n here to send an empty keylist block */
1215         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
1216
1217         for(key=list;key!=NULL;key=key->next)
1218           {
1219             armor_filter_context_t *afx;
1220             IOBUF buffer = iobuf_temp ();
1221             KBNODE block;
1222
1223             temp=NULL;
1224             add_to_strlist(&temp,key->d);
1225
1226             afx = new_armor_context ();
1227             afx->what = 1;
1228             /* Tell the armor filter to use Unix-style \n line
1229                endings, since we're going to fprintf this to a file
1230                that (on Win32) is open in text mode.  The win32 stdio
1231                will transform the \n to \r\n and we'll end up with the
1232                proper line endings on win32.  This is a no-op on
1233                Unix. */
1234             afx->eol[0] = '\n';
1235             push_armor_filter (afx, buffer);
1236             release_armor_context (afx);
1237
1238             /* TODO: Remove Comment: lines from keys exported this
1239                way? */
1240
1241             if(export_pubkeys_stream(buffer,temp,&block,
1242                                      opt.keyserver_options.export_options)==-1)
1243               iobuf_close(buffer);
1244             else
1245               {
1246                 KBNODE node;
1247
1248                 iobuf_flush_temp(buffer);
1249
1250                 merge_keys_and_selfsig(block);
1251
1252                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
1253                         (ulong)block->pkt->pkt.public_key->keyid[0],
1254                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1255
1256                 for(node=block;node;node=node->next)
1257                   {
1258                     switch(node->pkt->pkttype)
1259                       {
1260                       default:
1261                         continue;
1262
1263                       case PKT_PUBLIC_KEY:
1264                       case PKT_PUBLIC_SUBKEY:
1265                         {
1266                           PKT_public_key *pk=node->pkt->pkt.public_key;
1267
1268                           keyid_from_pk(pk,NULL);
1269
1270                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
1271                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
1272                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
1273                                   pk->pubkey_algo,
1274                                   nbits_from_pk(pk),
1275                                   pk->timestamp,
1276                                   pk->expiredate);
1277
1278                           if(pk->is_revoked)
1279                             fprintf(spawn->tochild,"r");
1280                           if(pk->has_expired)
1281                             fprintf(spawn->tochild,"e");
1282
1283                           fprintf(spawn->tochild,"\n");
1284                         }
1285                         break;
1286
1287                       case PKT_USER_ID:
1288                         {
1289                           PKT_user_id *uid=node->pkt->pkt.user_id;
1290                           int r;
1291
1292                           if(uid->attrib_data)
1293                             continue;
1294
1295                           fprintf(spawn->tochild,"uid:");
1296
1297                           /* Quote ':', '%', and any 8-bit
1298                              characters */
1299                           for(r=0;r<uid->len;r++)
1300                             {
1301                               if(uid->name[r]==':' || uid->name[r]=='%'
1302                                  || uid->name[r]&0x80)
1303                                 fprintf(spawn->tochild,"%%%02X",
1304                                         (byte)uid->name[r]);
1305                               else
1306                                 fprintf(spawn->tochild,"%c",uid->name[r]);
1307                             }
1308
1309                           fprintf(spawn->tochild,":%u:%u:",
1310                                   uid->created,uid->expiredate);
1311
1312                           if(uid->is_revoked)
1313                             fprintf(spawn->tochild,"r");
1314                           if(uid->is_expired)
1315                             fprintf(spawn->tochild,"e");
1316
1317                           fprintf(spawn->tochild,"\n");
1318                         }
1319                         break;
1320
1321                         /* This bit is really for the benefit of
1322                            people who store their keys in LDAP
1323                            servers.  It makes it easy to do queries
1324                            for things like "all keys signed by
1325                            Isabella". */
1326                       case PKT_SIGNATURE:
1327                         {
1328                           PKT_signature *sig=node->pkt->pkt.signature;
1329
1330                           if(!IS_UID_SIG(sig))
1331                             continue;
1332
1333                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
1334                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
1335                                   sig->sig_class,sig->timestamp,
1336                                   sig->expiredate);
1337                         }
1338                         break;
1339                       }
1340                   }
1341
1342                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
1343                         (ulong)block->pkt->pkt.public_key->keyid[0],
1344                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1345
1346                 fprintf(spawn->tochild,"KEY %08lX%08lX BEGIN\n",
1347                         (ulong)block->pkt->pkt.public_key->keyid[0],
1348                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1349                 fwrite(iobuf_get_temp_buffer(buffer),
1350                        iobuf_get_temp_length(buffer),1,spawn->tochild);
1351                 fprintf(spawn->tochild,"KEY %08lX%08lX END\n",
1352                         (ulong)block->pkt->pkt.public_key->keyid[0],
1353                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1354
1355                 iobuf_close(buffer);
1356
1357                 if(keyserver->host)
1358                   log_info(_("sending key %s to %s server %s\n"),
1359                            keystr(block->pkt->pkt.public_key->keyid),
1360                            keyserver->scheme,keyserver->host);
1361                 else
1362                   log_info(_("sending key %s to %s\n"),
1363                            keystr(block->pkt->pkt.public_key->keyid),
1364                            keyserver->uri);
1365
1366                 release_kbnode(block);
1367               }
1368
1369             free_strlist(temp);
1370           }
1371
1372         break;
1373       }
1374
1375     case KS_SEARCH:
1376       {
1377         strlist_t key;
1378
1379         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
1380
1381         /* Which keys do we want?  Remember that the gpgkeys_ program
1382            is going to lump these together into a search string. */
1383
1384         for(key=list;key!=NULL;key=key->next)
1385           {
1386             fprintf(spawn->tochild,"%s\n",key->d);
1387             if(key!=list)
1388               {
1389                 searchstr=xrealloc(searchstr,
1390                                     strlen(searchstr)+strlen(key->d)+2);
1391                 strcat(searchstr," ");
1392               }
1393             else
1394               {
1395                 searchstr=xmalloc(strlen(key->d)+1);
1396                 searchstr[0]='\0';
1397               }
1398
1399             strcat(searchstr,key->d);
1400           }
1401
1402         fprintf(spawn->tochild,"\n");
1403
1404         if(keyserver->host)
1405           log_info(_("searching for \"%s\" from %s server %s\n"),
1406                    searchstr,keyserver->scheme,keyserver->host);
1407         else
1408           log_info(_("searching for \"%s\" from %s\n"),
1409                    searchstr,keyserver->uri);
1410
1411         break;
1412       }
1413
1414     default:
1415       log_fatal(_("no keyserver action!\n"));
1416       break;
1417     }
1418
1419   /* Done sending, so start reading. */
1420   ret=exec_read(spawn);
1421   if(ret)
1422     goto fail;
1423
1424   /* Now handle the response */
1425
1426   for(;;)
1427     {
1428       int plen;
1429       char *ptr;
1430
1431       maxlen=1024;
1432       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1433         {
1434           ret = gpg_error_from_syserror ();
1435           goto fail; /* i.e. EOF */
1436         }
1437
1438       ptr=line;
1439
1440       /* remove trailing whitespace */
1441       plen=strlen(ptr);
1442       while(plen>0 && ascii_isspace(ptr[plen-1]))
1443         plen--;
1444       plen[ptr]='\0';
1445
1446       if(*ptr=='\0')
1447         break;
1448
1449       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1450         {
1451           gotversion=1;
1452
1453           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1454             {
1455               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1456                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1457               goto fail;
1458             }
1459         }
1460       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1461         {
1462           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1463             log_info(_("WARNING: keyserver handler from a different"
1464                        " version of GnuPG (%s)\n"),&ptr[8]);
1465         }
1466       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1467         outofband=1; /* Currently the only OPTION */
1468     }
1469
1470   if(!gotversion)
1471     {
1472       log_error(_("keyserver did not send VERSION\n"));
1473       goto fail;
1474     }
1475
1476   if(!outofband)
1477     switch(action)
1478       {
1479       case KS_GET:
1480       case KS_GETNAME:
1481         {
1482           void *stats_handle;
1483
1484           stats_handle=import_new_stats_handle();
1485
1486           /* Slurp up all the key data.  In the future, it might be
1487              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1488              It's harmless to ignore them, but ignoring them does make
1489              gpg complain about "no valid OpenPGP data found".  One
1490              way to do this could be to continue parsing this
1491              line-by-line and make a temp iobuf for each key. */
1492
1493           import_keys_stream(spawn->fromchild,stats_handle,fpr,fpr_len,
1494                              opt.keyserver_options.import_options);
1495
1496           import_print_stats(stats_handle);
1497           import_release_stats_handle(stats_handle);
1498
1499           break;
1500         }
1501
1502         /* Nothing to do here */
1503       case KS_SEND:
1504         break;
1505
1506       case KS_SEARCH:
1507         keyserver_search_prompt(spawn->fromchild,searchstr);
1508         break;
1509
1510       default:
1511         log_fatal(_("no keyserver action!\n"));
1512         break;
1513       }
1514
1515  fail:
1516   xfree(line);
1517   xfree(searchstr);
1518
1519
1520   *prog=exec_finish(spawn);
1521
1522   return ret;
1523 }
1524
1525 static int 
1526 keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
1527                int count,unsigned char **fpr,size_t *fpr_len,
1528                struct keyserver_spec *keyserver)
1529 {
1530   int rc=0,ret=0;
1531
1532   if(!keyserver)
1533     {
1534       log_error(_("no keyserver known (use option --keyserver)\n"));
1535       return G10ERR_BAD_URI;
1536     }
1537
1538 #ifdef DISABLE_KEYSERVER_HELPERS
1539
1540   log_error(_("external keyserver calls are not supported in this build\n"));
1541   return G10ERR_KEYSERVER;
1542
1543 #else
1544   /* Spawn a handler */
1545
1546   rc=keyserver_spawn(action,list,desc,count,&ret,fpr,fpr_len,keyserver);
1547   if(ret)
1548     {
1549       switch(ret)
1550         {
1551         case KEYSERVER_SCHEME_NOT_FOUND:
1552           log_error(_("no handler for keyserver scheme `%s'\n"),
1553                     keyserver->scheme);
1554           break;
1555
1556         case KEYSERVER_NOT_SUPPORTED:
1557           log_error(_("action `%s' not supported with keyserver "
1558                       "scheme `%s'\n"),
1559                     action==KS_GET?"get":action==KS_SEND?"send":
1560                     action==KS_SEARCH?"search":"unknown",
1561                     keyserver->scheme);
1562           break;
1563
1564         case KEYSERVER_VERSION_ERROR:
1565           log_error(_(GPGKEYS_PREFIX "%s does not support"
1566                       " handler version %d\n"),
1567                     keyserver_typemap(keyserver->scheme),
1568                     KEYSERVER_PROTO_VERSION);
1569           break;
1570
1571         case KEYSERVER_TIMEOUT:
1572           log_error(_("keyserver timed out\n"));
1573           break;
1574
1575         case KEYSERVER_INTERNAL_ERROR:
1576         default:
1577           log_error(_("keyserver internal error\n"));
1578           break;
1579         }
1580
1581       return G10ERR_KEYSERVER;
1582     }
1583
1584   if(rc)
1585     {
1586       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1587
1588       return rc;
1589     }
1590
1591   return 0;
1592 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1593 }
1594
1595 int 
1596 keyserver_export(strlist_t users)
1597 {
1598   strlist_t sl=NULL;
1599   KEYDB_SEARCH_DESC desc;
1600   int rc=0;
1601
1602   /* Weed out descriptors that we don't support sending */
1603   for(;users;users=users->next)
1604     {
1605       classify_user_id (users->d, &desc);
1606       if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1607          desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1608          desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
1609          desc.mode!=KEYDB_SEARCH_MODE_FPR20)
1610         {
1611           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1612           continue;
1613         }
1614       else
1615         append_to_strlist(&sl,users->d);
1616     }
1617
1618   if(sl)
1619     {
1620       rc=keyserver_work(KS_SEND,sl,NULL,0,NULL,NULL,opt.keyserver);
1621       free_strlist(sl);
1622     }
1623
1624   return rc;
1625 }
1626
1627 int 
1628 keyserver_import(strlist_t users)
1629 {
1630   KEYDB_SEARCH_DESC *desc;
1631   int num=100,count=0;
1632   int rc=0;
1633
1634   /* Build a list of key ids */
1635   desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1636
1637   for(;users;users=users->next)
1638     {
1639       classify_user_id (users->d, &desc[count]);
1640       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1641          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1642          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
1643          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
1644         {
1645           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1646           continue;
1647         }
1648
1649       count++;
1650       if(count==num)
1651         {
1652           num+=100;
1653           desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1654         }
1655     }
1656
1657   if(count>0)
1658     rc=keyserver_work(KS_GET,NULL,desc,count,NULL,NULL,opt.keyserver);
1659
1660   xfree(desc);
1661
1662   return rc;
1663 }
1664
1665 int
1666 keyserver_import_fprint(const byte *fprint,size_t fprint_len,
1667                         struct keyserver_spec *keyserver)
1668 {
1669   KEYDB_SEARCH_DESC desc;
1670
1671   memset(&desc,0,sizeof(desc));
1672
1673   if(fprint_len==16)
1674     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1675   else if(fprint_len==20)
1676     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1677   else
1678     return -1;
1679
1680   memcpy(desc.u.fpr,fprint,fprint_len);
1681
1682   /* TODO: Warn here if the fingerprint we got doesn't match the one
1683      we asked for? */
1684   return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
1685 }
1686
1687 int 
1688 keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
1689 {
1690   KEYDB_SEARCH_DESC desc;
1691
1692   memset(&desc,0,sizeof(desc));
1693
1694   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1695   desc.u.kid[0]=keyid[0];
1696   desc.u.kid[1]=keyid[1];
1697
1698   return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
1699 }
1700
1701 /* code mostly stolen from do_export_stream */
1702 static int 
1703 keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1704 {
1705   int rc=0,ndesc,num=100;
1706   KBNODE keyblock=NULL,node;
1707   KEYDB_HANDLE kdbhd;
1708   KEYDB_SEARCH_DESC *desc;
1709   strlist_t sl;
1710
1711   *count=0;
1712
1713   *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1714
1715   kdbhd=keydb_new(0);
1716
1717   if(!users)
1718     {
1719       ndesc = 1;
1720       desc = xmalloc_clear ( ndesc * sizeof *desc);
1721       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1722     }
1723   else
1724     {
1725       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1726         ;
1727       desc = xmalloc ( ndesc * sizeof *desc);
1728         
1729       for (ndesc=0, sl=users; sl; sl = sl->next)
1730         {
1731           if(classify_user_id (sl->d, desc+ndesc))
1732             ndesc++;
1733           else
1734             log_error (_("key \"%s\" not found: %s\n"),
1735                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
1736         }
1737     }
1738
1739   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1740     {
1741       if (!users) 
1742         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1743
1744       /* read the keyblock */
1745       rc = keydb_get_keyblock (kdbhd, &keyblock );
1746       if( rc )
1747         {
1748           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1749           goto leave;
1750         }
1751
1752       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1753         {
1754           /* This is to work around a bug in some keyservers (pksd and
1755              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1756              The answer is to refresh both the correct v4 keyid
1757              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1758              This only happens for key refresh using the HKP scheme
1759              and if the refresh-add-fake-v3-keyids keyserver option is
1760              set. */
1761           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1762              node->pkt->pkt.public_key->version>=4)
1763             {
1764               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1765               v3_keyid (node->pkt->pkt.public_key->pkey[0],
1766                         (*klist)[*count].u.kid);
1767               (*count)++;
1768
1769               if(*count==num)
1770                 {
1771                   num+=100;
1772                   *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1773                 }
1774             }
1775
1776           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1777              This is because it's easy to calculate any sort of keyid
1778              from a v4 fingerprint, but not a v3 fingerprint. */
1779
1780           if(node->pkt->pkt.public_key->version<4)
1781             {
1782               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1783               keyid_from_pk(node->pkt->pkt.public_key,
1784                             (*klist)[*count].u.kid);
1785             }
1786           else
1787             {
1788               size_t dummy;
1789
1790               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1791               fingerprint_from_pk(node->pkt->pkt.public_key,
1792                                   (*klist)[*count].u.fpr,&dummy);
1793             }
1794
1795           /* This is a little hackish, using the skipfncvalue as a
1796              void* pointer to the keyserver spec, but we don't need
1797              the skipfnc here, and it saves having an additional field
1798              for this (which would be wasted space most of the
1799              time). */
1800
1801           (*klist)[*count].skipfncvalue=NULL;
1802
1803           /* Are we honoring preferred keyservers? */
1804           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1805             {
1806               PKT_user_id *uid=NULL;
1807               PKT_signature *sig=NULL;
1808
1809               merge_keys_and_selfsig(keyblock);
1810
1811               for(node=node->next;node;node=node->next)
1812                 {
1813                   if(node->pkt->pkttype==PKT_USER_ID
1814                      && node->pkt->pkt.user_id->is_primary)
1815                     uid=node->pkt->pkt.user_id;
1816                   else if(node->pkt->pkttype==PKT_SIGNATURE
1817                           && node->pkt->pkt.signature->
1818                           flags.chosen_selfsig && uid)
1819                     {
1820                       sig=node->pkt->pkt.signature;
1821                       break;
1822                     }
1823                 }
1824
1825               /* Try and parse the keyserver URL.  If it doesn't work,
1826                  then we end up writing NULL which indicates we are
1827                  the same as any other key. */
1828               if(sig)
1829                 (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1830             }
1831
1832           (*count)++;
1833
1834           if(*count==num)
1835             {
1836               num+=100;
1837               *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1838             }
1839         }
1840     }
1841
1842   if(rc==-1)
1843     rc=0;
1844   
1845  leave:
1846   if(rc)
1847     xfree(*klist);
1848   xfree(desc);
1849   keydb_release(kdbhd);
1850   release_kbnode(keyblock);
1851
1852   return rc;
1853 }
1854
1855 /* Note this is different than the original HKP refresh.  It allows
1856    usernames to refresh only part of the keyring. */
1857
1858 int
1859 keyserver_refresh(strlist_t users)
1860 {
1861   int rc,count,numdesc,fakev3=0;
1862   KEYDB_SEARCH_DESC *desc;
1863   unsigned int options=opt.keyserver_options.import_options;
1864
1865   /* We switch merge-only on during a refresh, as 'refresh' should
1866      never import new keys, even if their keyids match. */
1867   opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
1868
1869   /* Similarly, we switch on fast-import, since refresh may make
1870      multiple import sets (due to preferred keyserver URLs).  We don't
1871      want each set to rebuild the trustdb.  Instead we do it once at
1872      the end here. */
1873   opt.keyserver_options.import_options|=IMPORT_FAST;
1874
1875   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1876      scheme, then enable fake v3 keyid generation. */
1877   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1878      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1879          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1880     fakev3=1;
1881
1882   rc=keyidlist(users,&desc,&numdesc,fakev3);
1883   if(rc)
1884     return rc;
1885
1886   count=numdesc;
1887   if(count>0)
1888     {
1889       int i;
1890
1891       /* Try to handle preferred keyserver keys first */
1892       for(i=0;i<numdesc;i++)
1893         {
1894           if(desc[i].skipfncvalue)
1895             {
1896               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1897
1898               /* We use the keyserver structure we parsed out before.
1899                  Note that a preferred keyserver without a scheme://
1900                  will be interpreted as hkp:// */
1901
1902               rc=keyserver_work(KS_GET,NULL,&desc[i],1,NULL,NULL,keyserver);
1903               if(rc)
1904                 log_info(_("WARNING: unable to refresh key %s"
1905                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
1906                          keyserver->uri,g10_errstr(rc));
1907               else
1908                 {
1909                   /* We got it, so mark it as NONE so we don't try and
1910                      get it again from the regular keyserver. */
1911
1912                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1913                   count--;
1914                 }
1915
1916               free_keyserver_spec(keyserver);
1917             }
1918         }
1919     }
1920
1921   if(count>0)
1922     {
1923       if(opt.keyserver)
1924         {
1925           if(count==1)
1926             log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
1927           else
1928             log_info(_("refreshing %d keys from %s\n"),
1929                      count,opt.keyserver->uri);
1930         }
1931
1932       rc=keyserver_work(KS_GET,NULL,desc,numdesc,NULL,NULL,opt.keyserver);
1933     }
1934
1935   xfree(desc);
1936
1937   opt.keyserver_options.import_options=options;
1938
1939   /* If the original options didn't have fast import, and the trustdb
1940      is dirty, rebuild. */
1941   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1942     trustdb_check_or_update();
1943
1944   return rc;
1945 }
1946
1947 int
1948 keyserver_search(strlist_t tokens)
1949 {
1950   if(tokens)
1951     return keyserver_work(KS_SEARCH,tokens,NULL,0,NULL,NULL,opt.keyserver);
1952   else
1953     return 0;
1954 }
1955
1956 int
1957 keyserver_fetch(strlist_t urilist)
1958 {
1959   KEYDB_SEARCH_DESC desc;
1960   strlist_t sl;
1961   unsigned int options=opt.keyserver_options.import_options;
1962
1963   /* Switch on fast-import, since fetch can handle more than one
1964      import and we don't want each set to rebuild the trustdb.
1965      Instead we do it once at the end. */
1966   opt.keyserver_options.import_options|=IMPORT_FAST;
1967
1968   /* A dummy desc since we're not actually fetching a particular key
1969      ID */
1970   memset(&desc,0,sizeof(desc));
1971   desc.mode=KEYDB_SEARCH_MODE_EXACT;
1972
1973   for(sl=urilist;sl;sl=sl->next)
1974     {
1975       struct keyserver_spec *spec;
1976
1977       spec=parse_keyserver_uri(sl->d,1,NULL,0);
1978       if(spec)
1979         {
1980           int rc;
1981
1982           rc=keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,spec);
1983           if(rc)
1984             log_info (_("WARNING: unable to fetch URI %s: %s\n"),
1985                      sl->d,g10_errstr(rc));
1986
1987           free_keyserver_spec(spec);
1988         }
1989       else
1990         log_info (_("WARNING: unable to parse URI %s\n"),sl->d);
1991     }
1992
1993   opt.keyserver_options.import_options=options;
1994
1995   /* If the original options didn't have fast import, and the trustdb
1996      is dirty, rebuild. */
1997   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1998     trustdb_check_or_update();
1999
2000   return 0;
2001 }
2002
2003 /* Import key in a CERT or pointed to by a CERT */
2004 int
2005 keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
2006 {
2007   char *domain,*look,*url;
2008   IOBUF key;
2009   int type,rc=G10ERR_GENERAL;
2010
2011   look=xstrdup(name);
2012
2013   domain=strrchr(look,'@');
2014   if(domain)
2015     *domain='.';
2016
2017   type=get_dns_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
2018   if (!type || type == -1)
2019     {
2020       /* There might be an error in res_query which leads to an error
2021          return (-1) in the case that nothing was found.  Thus we take
2022          all errors as key not found.  */
2023       rc = G10ERR_NO_PUBKEY;
2024     }
2025   else if (type==1)
2026     {
2027       int armor_status=opt.no_armor;
2028
2029       /* CERTs are always in binary format */
2030       opt.no_armor=1;
2031
2032       rc=import_keys_stream(key,NULL,fpr,fpr_len,
2033                             opt.keyserver_options.import_options);
2034
2035       opt.no_armor=armor_status;
2036
2037       iobuf_close(key);
2038     }
2039   else if(type==2 && *fpr)
2040     {
2041       /* We only consider the IPGP type if a fingerprint was provided.
2042          This lets us select the right key regardless of what a URL
2043          points to, or get the key from a keyserver. */
2044       if(url)
2045         {
2046           struct keyserver_spec *spec;
2047
2048           spec=parse_keyserver_uri(url,1,NULL,0);
2049           if(spec)
2050             {
2051               rc=keyserver_import_fprint(*fpr,*fpr_len,spec);
2052               free_keyserver_spec(spec);
2053             }
2054         }
2055       else if(opt.keyserver)
2056         {
2057           /* If only a fingerprint is provided, try and fetch it from
2058              our --keyserver */
2059
2060           rc=keyserver_import_fprint(*fpr,*fpr_len,opt.keyserver);
2061         }
2062       else
2063         log_info(_("no keyserver known (use option --keyserver)\n"));
2064
2065       /* Give a better string here? "CERT fingerprint for \"%s\"
2066          found, but no keyserver" " known (use option
2067          --keyserver)\n" ? */
2068
2069       xfree(url);
2070     }
2071
2072   xfree(look);
2073
2074   return rc;
2075 }
2076
2077 /* Import key pointed to by a PKA record. Return the requested
2078    fingerprint in fpr. */
2079 int
2080 keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
2081 {
2082   char *uri;
2083   int rc = G10ERR_NO_PUBKEY;
2084
2085   *fpr = xmalloc (20);
2086   *fpr_len = 20;
2087
2088   uri = get_pka_info (name, *fpr);
2089   if (uri && *uri)
2090     {
2091       /* An URI is available.  Lookup the key. */
2092       struct keyserver_spec *spec;
2093       spec = parse_keyserver_uri (uri, 1, NULL, 0);
2094       if (spec)
2095         {
2096           rc = keyserver_import_fprint (*fpr, 20, spec);
2097           free_keyserver_spec (spec);
2098         }
2099       xfree (uri);
2100     }
2101
2102   if (rc)
2103     {
2104       xfree(*fpr);
2105       *fpr = NULL;
2106     }
2107
2108   return rc;
2109 }
2110
2111 /* Import all keys that match name */
2112 int
2113 keyserver_import_name(const char *name,unsigned char **fpr,size_t *fpr_len,
2114                       struct keyserver_spec *keyserver)
2115 {
2116   strlist_t list=NULL;
2117   int rc;
2118
2119   append_to_strlist(&list,name);
2120
2121   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
2122
2123   free_strlist(list);
2124
2125   return rc;
2126 }
2127
2128 /* Use the PGP Universal trick of asking ldap://keys.(maildomain) for
2129    the key. */
2130 int
2131 keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
2132 {
2133   char *domain;
2134   struct keyserver_spec *keyserver;
2135   strlist_t list=NULL;
2136   int rc;
2137
2138   append_to_strlist(&list,name);
2139
2140   /* Parse out the domain */
2141   domain=strrchr(name,'@');
2142   if(!domain)
2143     return G10ERR_GENERAL;
2144
2145   domain++;
2146
2147   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
2148
2149   keyserver->scheme=xstrdup("ldap");
2150   keyserver->host=xmalloc(5+strlen(domain)+1);
2151   strcpy(keyserver->host,"keys.");
2152   strcat(keyserver->host,domain);
2153   keyserver->uri=xmalloc(strlen(keyserver->scheme)+
2154                          3+strlen(keyserver->host)+1);
2155   strcpy(keyserver->uri,keyserver->scheme);
2156   strcat(keyserver->uri,"://");
2157   strcat(keyserver->uri,keyserver->host);
2158     
2159   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
2160
2161   free_strlist(list);
2162
2163   free_keyserver_spec(keyserver);
2164
2165   return rc;
2166 }