Fixes for CVE-2006-6235
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004, 2005,
3  *               2006 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
20  * USA.
21  */
22
23 #include <config.h>
24 #include <ctype.h>
25 #include <stdio.h>
26 #include <string.h>
27 #include <stdlib.h>
28 #include <assert.h>
29 #include <errno.h>
30
31 #include "gpg.h"
32 #include "iobuf.h"
33 #include "filter.h"
34 #include "keydb.h"
35 #include "status.h"
36 #include "exec.h"
37 #include "main.h"
38 #include "i18n.h"
39 #include "ttyio.h"
40 #include "options.h"
41 #include "packet.h"
42 #include "trustdb.h"
43 #include "keyserver-internal.h"
44 #include "util.h"
45 #include "dns-cert.h"
46 #include "pka.h"
47
48
49 struct keyrec
50 {
51   KEYDB_SEARCH_DESC desc;
52   u32 createtime,expiretime;
53   int size,flags;
54   byte type;
55   IOBUF uidbuf;
56   unsigned int lines;
57 };
58
59 enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
60
61 static struct parse_options keyserver_opts[]=
62   {
63     /* some of these options are not real - just for the help
64        message */
65     {"max-cert-size",0,NULL,NULL},
66     {"include-revoked",0,NULL,N_("include revoked keys in search results")},
67     {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
68     {"use-temp-files",0,NULL,
69      N_("use temporary files to pass data to keyserver helpers")},
70     {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL,
71      N_("do not delete temporary files after using them")},
72     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
73      NULL},
74     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
75      N_("automatically retrieve keys when verifying signatures")},
76     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
77      N_("honor the preferred keyserver URL set on the key")},
78     {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
79      N_("honor the PKA record set on a key when retrieving keys")},
80     {NULL,0,NULL,NULL}
81   };
82
83 static int keyserver_work(enum ks_action action,strlist_t list,
84                           KEYDB_SEARCH_DESC *desc,int count,
85                           unsigned char **fpr,size_t *fpr_len,
86                           struct keyserver_spec *keyserver);
87
88 /* Reasonable guess */
89 #define DEFAULT_MAX_CERT_SIZE 16384
90
91 static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
92
93 static void
94 add_canonical_option(char *option,strlist_t *list)
95 {
96   char *arg=argsplit(option);
97
98   if(arg)
99     {
100       char *joined;
101
102       joined=xmalloc(strlen(option)+1+strlen(arg)+1);
103       /* Make a canonical name=value form with no spaces */
104       strcpy(joined,option);
105       strcat(joined,"=");
106       strcat(joined,arg);
107       append_to_strlist(list,joined);
108       xfree(joined);
109     }
110   else
111     append_to_strlist(list,option);
112 }
113
114 int
115 parse_keyserver_options(char *options)
116 {
117   int ret=1;
118   char *tok;
119   char *max_cert=NULL;
120
121   keyserver_opts[0].value=&max_cert;
122
123   while((tok=optsep(&options)))
124     {
125       if(tok[0]=='\0')
126         continue;
127
128       /* For backwards compatibility.  1.2.x used honor-http-proxy and
129          there are a good number of documents published that recommend
130          it. */
131       if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
132         tok="http-proxy";
133       else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
134         tok="no-http-proxy";
135
136       /* We accept quite a few possible options here - some options to
137          handle specially, the keyserver_options list, and import and
138          export options that pertain to keyserver operations.  Note
139          that you must use strncasecmp here as there might be an
140          =argument attached which will foil the use of strcasecmp. */
141
142 #ifdef EXEC_TEMPFILE_ONLY
143       if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
144               ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
145         log_info(_("WARNING: keyserver option `%s' is not used"
146                    " on this platform\n"),tok);
147 #else
148       if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
149         opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
150       else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
151         opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
152 #endif
153       else if(!parse_options(tok,&opt.keyserver_options.options,
154                              keyserver_opts,0)
155          && !parse_import_options(tok,
156                                   &opt.keyserver_options.import_options,0)
157          && !parse_export_options(tok,
158                                   &opt.keyserver_options.export_options,0))
159         {
160           /* All of the standard options have failed, so the option is
161              destined for a keyserver plugin. */
162           add_canonical_option(tok,&opt.keyserver_options.other);
163         }
164     }
165
166   if(max_cert)
167     {
168       max_cert_size=strtoul(max_cert,(char **)NULL,10);
169
170       if(max_cert_size==0)
171         max_cert_size=DEFAULT_MAX_CERT_SIZE;
172     }
173
174   return ret;
175 }
176
177 void
178 free_keyserver_spec(struct keyserver_spec *keyserver)
179 {
180   xfree(keyserver->uri);
181   xfree(keyserver->scheme);
182   xfree(keyserver->auth);
183   xfree(keyserver->host);
184   xfree(keyserver->port);
185   xfree(keyserver->path);
186   xfree(keyserver->opaque);
187   free_strlist(keyserver->options);
188   xfree(keyserver);
189 }
190
191 /* Return 0 for match */
192 static int
193 cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
194 {
195   if(ascii_strcasecmp(one->scheme,two->scheme)==0)
196     {
197       if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
198         {
199           if((one->port && two->port
200               && ascii_strcasecmp(one->port,two->port)==0)
201              || (!one->port && !two->port))
202             return 0;
203         }
204       else if(one->opaque && two->opaque
205               && ascii_strcasecmp(one->opaque,two->opaque)==0)
206         return 0;
207     }
208
209   return 1;
210 }
211
212 /* Try and match one of our keyservers.  If we can, return that.  If
213    we can't, return our input. */
214 struct keyserver_spec *
215 keyserver_match(struct keyserver_spec *spec)
216 {
217   struct keyserver_spec *ks;
218
219   for(ks=opt.keyserver;ks;ks=ks->next)
220     if(cmp_keyserver_spec(spec,ks)==0)
221       return ks;
222
223   return spec;
224 }
225
226 /* TODO: once we cut over to an all-curl world, we don't need this
227    parser any longer so it can be removed, or at least moved to
228    keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
229
230 struct keyserver_spec *
231 parse_keyserver_uri(const char *string,int require_scheme,
232                     const char *configname,unsigned int configlineno)
233 {
234   int assume_hkp=0;
235   struct keyserver_spec *keyserver;
236   const char *idx;
237   int count;
238   char *uri,*options;
239
240   assert(string!=NULL);
241
242   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
243
244   uri=xstrdup(string);
245
246   options=strchr(uri,' ');
247   if(options)
248     {
249       char *tok;
250
251       *options='\0';
252       options++;
253
254       while((tok=optsep(&options)))
255         add_canonical_option(tok,&keyserver->options);
256     }
257
258   /* Get the scheme */
259
260   for(idx=uri,count=0;*idx && *idx!=':';idx++)
261     {
262       count++;
263
264       /* Do we see the start of an RFC-2732 ipv6 address here?  If so,
265          there clearly isn't a scheme so get out early. */
266       if(*idx=='[')
267         {
268           /* Was the '[' the first thing in the string?  If not, we
269              have a mangled scheme with a [ in it so fail. */
270           if(count==1)
271             break;
272           else
273             goto fail;
274         }
275     }
276
277   if(count==0)
278     goto fail;
279
280   if(*idx=='\0' || *idx=='[')
281     {
282       if(require_scheme)
283         return NULL;
284
285       /* Assume HKP if there is no scheme */
286       assume_hkp=1;
287       keyserver->scheme=xstrdup("hkp");
288
289       keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
290       strcpy(keyserver->uri,keyserver->scheme);
291       strcat(keyserver->uri,"://");
292       strcat(keyserver->uri,uri);
293     }
294   else
295     {
296       int i;
297
298       keyserver->uri=xstrdup(uri);
299
300       keyserver->scheme=xmalloc(count+1);
301
302       /* Force to lowercase */
303       for(i=0;i<count;i++)
304         keyserver->scheme[i]=ascii_tolower(uri[i]);
305
306       keyserver->scheme[i]='\0';
307
308       /* Skip past the scheme and colon */
309       uri+=count+1;
310     }
311
312   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
313     {
314       deprecated_warning(configname,configlineno,"x-broken-hkp",
315                          "--keyserver-options ","broken-http-proxy");
316       xfree(keyserver->scheme);
317       keyserver->scheme=xstrdup("hkp");
318       append_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
319     }
320   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
321     {
322       /* Canonicalize this to "hkp" so it works with both the internal
323          and external keyserver interface. */
324       xfree(keyserver->scheme);
325       keyserver->scheme=xstrdup("hkp");
326     }
327
328   if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
329     {
330       /* Two slashes means network path. */
331
332       /* Skip over the "//", if any */
333       if(!assume_hkp)
334         uri+=2;
335
336       /* Do we have userinfo auth data present? */
337       for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
338         count++;
339
340       /* We found a @ before the slash, so that means everything
341          before the @ is auth data. */
342       if(*idx=='@')
343         {
344           if(count==0)
345             goto fail;
346
347           keyserver->auth=xmalloc(count+1);
348           strncpy(keyserver->auth,uri,count);
349           keyserver->auth[count]='\0';
350           uri+=count+1;
351         }
352
353       /* Is it an RFC-2732 ipv6 [literal address] ? */
354       if(*uri=='[')
355         {
356           for(idx=uri+1,count=1;*idx
357                 && ((isascii (*idx) && isxdigit(*idx))
358                     || *idx==':' || *idx=='.');idx++)
359             count++;
360
361           /* Is the ipv6 literal address terminated? */
362           if(*idx==']')
363             count++;
364           else
365             goto fail;
366         }
367       else
368         for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
369           count++;
370
371       if(count==0)
372         goto fail;
373
374       keyserver->host=xmalloc(count+1);
375       strncpy(keyserver->host,uri,count);
376       keyserver->host[count]='\0';
377
378       /* Skip past the host */
379       uri+=count;
380
381       if(*uri==':')
382         {
383           /* It would seem to be reasonable to limit the range of the
384              ports to values between 1-65535, but RFC 1738 and 1808
385              imply there is no limit.  Of course, the real world has
386              limits. */
387
388           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
389             {
390               count++;
391
392               /* Ports are digits only */
393               if(!digitp(idx))
394                 goto fail;
395             }
396
397           keyserver->port=xmalloc(count+1);
398           strncpy(keyserver->port,uri+1,count);
399           keyserver->port[count]='\0';
400
401           /* Skip past the colon and port number */
402           uri+=1+count;
403         }
404
405       /* Everything else is the path */
406       if(*uri)
407         keyserver->path=xstrdup(uri);
408       else
409         keyserver->path=xstrdup("/");
410
411       if(keyserver->path[1])
412         keyserver->flags.direct_uri=1;
413     }
414   else if(uri[0]!='/')
415     {
416       /* No slash means opaque.  Just record the opaque blob and get
417          out. */
418       keyserver->opaque=xstrdup(uri);
419     }
420   else
421     {
422       /* One slash means absolute path.  We don't need to support that
423          yet. */
424       goto fail;
425     }
426
427   return keyserver;
428
429  fail:
430   free_keyserver_spec(keyserver);
431
432   return NULL;
433 }
434
435 struct keyserver_spec *
436 parse_preferred_keyserver(PKT_signature *sig)
437 {
438   struct keyserver_spec *spec=NULL;
439   const byte *p;
440   size_t plen;
441
442   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
443   if(p && plen)
444     {
445       byte *dupe=xmalloc(plen+1);
446
447       memcpy(dupe,p,plen);
448       dupe[plen]='\0';
449       spec=parse_keyserver_uri(dupe,1,NULL,0);
450       xfree(dupe);
451     }
452
453   return spec;
454 }
455
456 static void
457 print_keyrec(int number,struct keyrec *keyrec)
458 {
459   int i;
460
461   iobuf_writebyte(keyrec->uidbuf,0);
462   iobuf_flush_temp(keyrec->uidbuf);
463   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
464
465   if(keyrec->size>0)
466     printf("%d bit ",keyrec->size);
467
468   if(keyrec->type)
469     {
470       const char *str = gcry_pk_algo_name (keyrec->type);
471
472       if(str)
473         printf("%s ",str);
474       else
475         printf("unknown ");
476     }
477
478   switch(keyrec->desc.mode)
479     {
480       /* If the keyserver helper gave us a short keyid, we have no
481          choice but to use it.  Do check --keyid-format to add a 0x if
482          needed. */
483     case KEYDB_SEARCH_MODE_SHORT_KID:
484       printf("key %s%08lX",
485              (opt.keyid_format==KF_0xSHORT
486               || opt.keyid_format==KF_0xLONG)?"0x":"",
487              (ulong)keyrec->desc.u.kid[1]);
488       break;
489
490       /* However, if it gave us a long keyid, we can honor
491          --keyid-format */
492     case KEYDB_SEARCH_MODE_LONG_KID:
493       printf("key %s",keystr(keyrec->desc.u.kid));
494       break;
495
496     case KEYDB_SEARCH_MODE_FPR16:
497       printf("key ");
498       for(i=0;i<16;i++)
499         printf("%02X",keyrec->desc.u.fpr[i]);
500       break;
501
502     case KEYDB_SEARCH_MODE_FPR20:
503       printf("key ");
504       for(i=0;i<20;i++)
505         printf("%02X",keyrec->desc.u.fpr[i]);
506       break;
507
508     default:
509       BUG();
510       break;
511     }
512
513   if(keyrec->createtime>0)
514     {
515       printf(", ");
516       printf(_("created: %s"),strtimestamp(keyrec->createtime));
517     }
518
519   if(keyrec->expiretime>0)
520     {
521       printf(", ");
522       printf(_("expires: %s"),strtimestamp(keyrec->expiretime));
523     }
524
525   if(keyrec->flags&1)
526     printf(" (%s)",_("revoked"));
527   if(keyrec->flags&2)
528     printf(" (%s)",_("disabled"));
529   if(keyrec->flags&4)
530     printf(" (%s)",_("expired"));
531
532   printf("\n");
533 }
534
535 /* Returns a keyrec (which must be freed) once a key is complete, and
536    NULL otherwise.  Call with a NULL keystring once key parsing is
537    complete to return any unfinished keys. */
538 static struct keyrec *
539 parse_keyrec(char *keystring)
540 {
541   static struct keyrec *work=NULL;
542   struct keyrec *ret=NULL;
543   char *record;
544   int i;
545
546   if(keystring==NULL)
547     {
548       if(work==NULL)
549         return NULL;
550       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
551         {
552           xfree(work);
553           return NULL;
554         }
555       else
556         {
557           ret=work;
558           work=NULL;
559           return ret;
560         }
561     }
562
563   if(work==NULL)
564     {
565       work=xmalloc_clear(sizeof(struct keyrec));
566       work->uidbuf=iobuf_temp();
567     }
568
569   /* Remove trailing whitespace */
570   for(i=strlen(keystring);i>0;i--)
571     if(ascii_isspace(keystring[i-1]))
572       keystring[i-1]='\0';
573     else
574       break;
575
576   if((record=strsep(&keystring,":"))==NULL)
577     return ret;
578
579   if(ascii_strcasecmp("pub",record)==0)
580     {
581       char *tok;
582
583       if(work->desc.mode)
584         {
585           ret=work;
586           work=xmalloc_clear(sizeof(struct keyrec));
587           work->uidbuf=iobuf_temp();
588         }
589
590       if((tok=strsep(&keystring,":"))==NULL)
591         return ret;
592
593       classify_user_id(tok,&work->desc);
594       if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
595          && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
596          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
597          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
598         {
599           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
600           return ret;
601         }
602
603       /* Note all items after this are optional.  This allows us to
604          have a pub line as simple as pub:keyid and nothing else. */
605
606       work->lines++;
607
608       if((tok=strsep(&keystring,":"))==NULL)
609         return ret;
610
611       work->type=atoi(tok);
612
613       if((tok=strsep(&keystring,":"))==NULL)
614         return ret;
615
616       work->size=atoi(tok);
617
618       if((tok=strsep(&keystring,":"))==NULL)
619         return ret;
620
621       if(atoi(tok)<=0)
622         work->createtime=0;
623       else
624         work->createtime=atoi(tok);
625
626       if((tok=strsep(&keystring,":"))==NULL)
627         return ret;
628
629       if(atoi(tok)<=0)
630         work->expiretime=0;
631       else
632         {
633           work->expiretime=atoi(tok);
634           /* Force the 'e' flag on if this key is expired. */
635           if(work->expiretime<=make_timestamp())
636             work->flags|=4;
637         }
638
639       if((tok=strsep(&keystring,":"))==NULL)
640         return ret;
641
642       while(*tok)
643         switch(*tok++)
644           {
645           case 'r':
646           case 'R':
647             work->flags|=1;
648             break;
649             
650           case 'd':
651           case 'D':
652             work->flags|=2;
653             break;
654
655           case 'e':
656           case 'E':
657             work->flags|=4;
658             break;
659           }
660     }
661   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
662     {
663       char *userid,*tok,*decoded;
664
665       if((tok=strsep(&keystring,":"))==NULL)
666         return ret;
667
668       if(strlen(tok)==0)
669         return ret;
670
671       userid=tok;
672
673       /* By definition, de-%-encoding is always smaller than the
674          original string so we can decode in place. */
675
676       i=0;
677
678       while(*tok)
679         if(tok[0]=='%' && tok[1] && tok[2])
680           {
681             if((userid[i]=hextobyte(&tok[1]))==-1)
682               userid[i]='?';
683
684             i++;
685             tok+=3;
686           }
687         else
688           userid[i++]=*tok++;
689
690       /* We don't care about the other info provided in the uid: line
691          since no keyserver supports marking userids with timestamps
692          or revoked/expired/disabled yet. */
693
694       /* No need to check for control characters, as utf8_to_native
695          does this for us. */
696
697       decoded=utf8_to_native(userid,i,0);
698       if(strlen(decoded)>opt.screen_columns-10)
699         decoded[opt.screen_columns-10]='\0';
700       iobuf_writestr(work->uidbuf,decoded);
701       xfree(decoded);
702       iobuf_writestr(work->uidbuf,"\n\t");
703       work->lines++;
704     }
705
706   /* Ignore any records other than "pri" and "uid" for easy future
707      growth. */
708
709   return ret;
710 }
711
712 /* TODO: do this as a list sent to keyserver_work rather than calling
713    it once for each key to get the correct counts after the import
714    (cosmetics, really) and to better take advantage of the keyservers
715    that can do multiple fetches in one go (LDAP). */
716 static int
717 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
718 {
719   char *answer;
720
721   if(count && opt.command_fd==-1)
722     {
723       static int from=1;
724       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
725       from=numdesc+1;
726     }
727
728   answer=cpr_get_no_help("keysearch.prompt",
729                          _("Enter number(s), N)ext, or Q)uit > "));
730   /* control-d */
731   if(answer[0]=='\x04')
732     {
733       printf("Q\n");
734       answer[0]='q';
735     }
736
737   if(answer[0]=='q' || answer[0]=='Q')
738     {
739       xfree(answer);
740       return 1;
741     }
742   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
743     {
744       char *split=answer,*num;
745
746       while((num=strsep(&split," ,"))!=NULL)
747         if(atoi(num)>=1 && atoi(num)<=numdesc)
748           keyserver_work(KS_GET,NULL,&desc[atoi(num)-1],1,
749                          NULL,NULL,opt.keyserver);
750
751       xfree(answer);
752       return 1;
753     }
754
755   return 0;
756 }
757
758 /* Count and searchstr are just for cosmetics.  If the count is too
759    small, it will grow safely.  If negative it disables the "Key x-y
760    of z" messages.  searchstr should be UTF-8 (rather than native). */
761 static void
762 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
763 {
764   int i=0,validcount=0,started=0,header=0,count=1;
765   unsigned int maxlen,buflen,numlines=0;
766   KEYDB_SEARCH_DESC *desc;
767   byte *line=NULL;
768   char *localstr=NULL;
769
770   if(searchstr)
771     localstr=utf8_to_native(searchstr,strlen(searchstr),0);
772
773   desc=xmalloc(count*sizeof(KEYDB_SEARCH_DESC));
774
775   for(;;)
776     {
777       struct keyrec *keyrec;
778       int rl;
779
780       maxlen=1024;
781       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
782
783       if(opt.with_colons)
784         {
785           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
786              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
787             {
788               header=1;
789               continue;
790             }
791           else if(ascii_strncasecmp("SEARCH ",line,7)==0
792                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
793             continue;
794
795           printf("%s",line);
796         }
797
798       /* Look for an info: line.  The only current info: values
799          defined are the version and key count. */
800       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
801         {
802           char *tok,*str=&line[5];
803
804           if((tok=strsep(&str,":"))!=NULL)
805             {
806               int version;
807
808               if(sscanf(tok,"%d",&version)!=1)
809                 version=1;
810
811               if(version!=1)
812                 {
813                   log_error(_("invalid keyserver protocol "
814                               "(us %d!=handler %d)\n"),1,version);
815                   break;
816                 }
817             }
818
819           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
820             {
821               if(count==0)
822                 goto notfound;
823               else if(count<0)
824                 count=10;
825               else
826                 validcount=1;
827
828               desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
829             }
830
831           started=1;
832           continue;
833         }
834
835       if(rl==0)
836         {
837           keyrec=parse_keyrec(NULL);
838
839           if(keyrec==NULL)
840             {
841               if(i==0)
842                 {
843                   count=0;
844                   break;
845                 }
846
847               if(i!=count)
848                 validcount=0;
849
850               for(;;)
851                 {
852                   if(show_prompt(desc,i,validcount?count:0,localstr))
853                     break;
854                   validcount=0;
855                 }
856
857               break;
858             }
859         }
860       else
861         keyrec=parse_keyrec(line);
862
863       if(i==count)
864         {
865           /* keyserver helper sent more keys than they claimed in the
866              info: line. */
867           count+=10;
868           desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
869           validcount=0;
870         }
871
872       if(keyrec)
873         {
874           desc[i]=keyrec->desc;
875
876           if(!opt.with_colons)
877             {
878               /* screen_lines - 1 for the prompt. */
879               if(numlines+keyrec->lines>opt.screen_lines-1)
880                 {
881                   if(show_prompt(desc,i,validcount?count:0,localstr))
882                     break;
883                   else
884                     numlines=0;
885                 }
886
887               print_keyrec(i+1,keyrec);
888             }
889
890           numlines+=keyrec->lines;
891           iobuf_close(keyrec->uidbuf);
892           xfree(keyrec);
893
894           started=1;
895           i++;
896         }
897     }
898
899  notfound:
900   /* Leave this commented out or now, and perhaps for a very long
901      time.  All HKPish servers return HTML error messages for
902      no-key-found. */
903   /* 
904      if(!started)
905      log_info(_("keyserver does not support searching\n"));
906      else
907   */
908   if(count==0)
909     {
910       if(localstr)
911         log_info(_("key \"%s\" not found on keyserver\n"),localstr);
912       else
913         log_info(_("key not found on keyserver\n"));
914     }
915
916   xfree(localstr);
917   xfree(desc);
918   xfree(line);
919 }
920
921 /* We sometimes want to use a different gpgkeys_xxx for a given
922    protocol (for example, ldaps is handled by gpgkeys_ldap).  Map
923    these here. */
924 static const char *
925 keyserver_typemap(const char *type)
926 {
927   if(strcmp(type,"ldaps")==0)
928     return "ldap";
929   else
930     return type;
931 }
932
933 /* The PGP LDAP and the curl fetch-a-LDAP-object methodologies are
934    sufficiently different that we can't use curl to do LDAP. */
935 static int
936 direct_uri_map(const char *scheme,unsigned int is_direct)
937 {
938   if(is_direct && strcmp(scheme,"ldap")==0)
939     return 1;
940
941   return 0;
942 }
943
944 #if GNUPG_MAJOR_VERSION == 2
945 #define GPGKEYS_PREFIX "gpg2keys_"
946 #else
947 #define GPGKEYS_PREFIX "gpgkeys_"
948 #endif
949 #define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
950 #define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
951 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
952 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
953
954 static int 
955 keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
956                 int count,int *prog,unsigned char **fpr,size_t *fpr_len,
957                 struct keyserver_spec *keyserver)
958 {
959   int ret=0,i,gotversion=0,outofband=0;
960   strlist_t temp;
961   unsigned int maxlen,buflen;
962   char *command,*end,*searchstr=NULL;
963   byte *line=NULL;
964   struct exec_info *spawn;
965   const char *scheme;
966   const char *libexecdir = get_libexecdir ();
967
968   assert(keyserver);
969
970 #ifdef EXEC_TEMPFILE_ONLY
971   opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
972 #endif
973
974   /* Build the filename for the helper to execute */
975   scheme=keyserver_typemap(keyserver->scheme);
976
977 #ifdef DISABLE_KEYSERVER_PATH
978   /* Destroy any path we might have.  This is a little tricky,
979      portability-wise.  It's not correct to delete the PATH
980      environment variable, as that may fall back to a system built-in
981      PATH.  Similarly, it is not correct to set PATH to the null
982      string (PATH="") since this actually deletes the PATH environment
983      variable under MinGW.  The safest thing to do here is to force
984      PATH to be GNUPG_LIBEXECDIR.  All this is not that meaningful on
985      Unix-like systems (since we're going to give a full path to
986      gpgkeys_foo), but on W32 it prevents loading any DLLs from
987      directories in %PATH%.
988
989      After some more thinking about this we came to the conclusion
990      that it is better to load the helpers from the directory where
991      the program of this process lives.  Fortunately Windows provides
992      a way to retrieve this and our get_libexecdir function has been
993      modified to return just this.  Setting the exec-path is not
994      anymore required.  
995        set_exec_path(libexecdir);
996  */
997 #else
998   if(opt.exec_path_set)
999     {
1000       /* If exec-path was set, and DISABLE_KEYSERVER_PATH is
1001          undefined, then don't specify a full path to gpgkeys_foo, so
1002          that the PATH can work. */
1003       command=xmalloc(GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
1004       command[0]='\0';
1005     }
1006   else
1007 #endif
1008     {
1009       /* Specify a full path to gpgkeys_foo. */
1010       command=xmalloc(strlen(libexecdir)+strlen(DIRSEP_S)+
1011                       GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
1012       strcpy(command,libexecdir);
1013       strcat(command,DIRSEP_S);
1014     }
1015
1016   end=command+strlen(command);
1017
1018   /* Build a path for the keyserver helper.  If it is direct_uri
1019      (i.e. an object fetch and not a keyserver), then add "_uri" to
1020      the end to distinguish the keyserver helper from an object
1021      fetcher that can speak that protocol (this is a problem for
1022      LDAP). */
1023
1024   strcat(command,GPGKEYS_PREFIX); 
1025   strcat(command,scheme);
1026
1027   /* This "_uri" thing is in case we need to call a direct handler
1028      instead of the keyserver handler.  This lets us use gpgkeys_curl
1029      or gpgkeys_ldap_uri (we don't provide it, but a user might)
1030      instead of gpgkeys_ldap to fetch things like
1031      ldap://keyserver.pgp.com/o=PGP%20keys?pgpkey?sub?pgpkeyid=99242560 */
1032
1033   if(direct_uri_map(scheme,keyserver->flags.direct_uri))
1034     strcat(command,"_uri");
1035
1036   strcat(command,EXEEXT);
1037
1038   /* Can we execute it?  If not, try curl as our catchall. */
1039   if(path_access(command,X_OK)!=0)
1040     strcpy(end,GPGKEYS_CURL);
1041
1042   if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
1043     {
1044       if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
1045         {
1046           command=xrealloc(command,strlen(command)+
1047                             strlen(KEYSERVER_ARGS_KEEP)+1);
1048           strcat(command,KEYSERVER_ARGS_KEEP);
1049         }
1050       else
1051         {
1052           command=xrealloc(command,strlen(command)+
1053                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
1054           strcat(command,KEYSERVER_ARGS_NOKEEP);  
1055         }
1056
1057       ret=exec_write(&spawn,NULL,command,NULL,0,0);
1058     }
1059   else
1060     ret=exec_write(&spawn,command,NULL,NULL,0,0);
1061
1062   xfree(command);
1063
1064   if(ret)
1065     return ret;
1066
1067   fprintf(spawn->tochild,
1068           "# This is a GnuPG %s keyserver communications file\n",VERSION);
1069   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
1070   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
1071   fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
1072
1073   if(keyserver->opaque)
1074     fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
1075   else
1076     {
1077       if(keyserver->auth)
1078         fprintf(spawn->tochild,"AUTH %s\n",keyserver->auth);
1079
1080       if(keyserver->host)
1081         fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
1082
1083       if(keyserver->port)
1084         fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
1085
1086       if(keyserver->path)
1087         fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
1088     }
1089
1090   /* Write global options */
1091
1092   for(temp=opt.keyserver_options.other;temp;temp=temp->next)
1093     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1094
1095   /* Write per-keyserver options */
1096
1097   for(temp=keyserver->options;temp;temp=temp->next)
1098     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1099
1100   switch(action)
1101     {
1102     case KS_GET:
1103       {
1104         fprintf(spawn->tochild,"COMMAND GET\n\n");
1105
1106         /* Which keys do we want? */
1107
1108         for(i=0;i<count;i++)
1109           {
1110             int quiet=0;
1111
1112             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
1113               {
1114                 int f;
1115
1116                 fprintf(spawn->tochild,"0x");
1117
1118                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
1119                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1120
1121                 fprintf(spawn->tochild,"\n");
1122               }
1123             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
1124               {
1125                 int f;
1126
1127                 fprintf(spawn->tochild,"0x");
1128
1129                 for(f=0;f<16;f++)
1130                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1131
1132                 fprintf(spawn->tochild,"\n");
1133               }
1134             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
1135               fprintf(spawn->tochild,"0x%08lX%08lX\n",
1136                       (ulong)desc[i].u.kid[0],
1137                       (ulong)desc[i].u.kid[1]);
1138             else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
1139               fprintf(spawn->tochild,"0x%08lX\n",
1140                       (ulong)desc[i].u.kid[1]);
1141             else if(desc[i].mode==KEYDB_SEARCH_MODE_EXACT)
1142               {
1143                 fprintf(spawn->tochild,"0x0000000000000000\n");
1144                 quiet=1;
1145               }
1146             else if(desc[i].mode==KEYDB_SEARCH_MODE_NONE)
1147               continue;
1148             else
1149               BUG();
1150
1151             if(!quiet)
1152               {
1153                 if(keyserver->host)
1154                   log_info(_("requesting key %s from %s server %s\n"),
1155                            keystr_from_desc(&desc[i]),
1156                            keyserver->scheme,keyserver->host);
1157                 else
1158                   log_info(_("requesting key %s from %s\n"),
1159                            keystr_from_desc(&desc[i]),keyserver->uri);
1160               }
1161           }
1162
1163         fprintf(spawn->tochild,"\n");
1164
1165         break;
1166       }
1167
1168     case KS_GETNAME:
1169       {
1170         strlist_t key;
1171
1172         fprintf(spawn->tochild,"COMMAND GETNAME\n\n");
1173
1174         /* Which names do we want? */
1175
1176         for(key=list;key!=NULL;key=key->next)
1177           fprintf(spawn->tochild,"%s\n",key->d);
1178
1179         fprintf(spawn->tochild,"\n");
1180
1181         if(keyserver->host)
1182           log_info(_("searching for names from %s server %s\n"),
1183                    keyserver->scheme,keyserver->host);
1184         else
1185           log_info(_("searching for names from %s\n"),keyserver->uri);
1186
1187         break;
1188       }
1189
1190     case KS_SEND:
1191       {
1192         strlist_t key;
1193
1194         /* Note the extra \n here to send an empty keylist block */
1195         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
1196
1197         for(key=list;key!=NULL;key=key->next)
1198           {
1199             armor_filter_context_t *afx;
1200             IOBUF buffer = iobuf_temp ();
1201             KBNODE block;
1202
1203             temp=NULL;
1204             add_to_strlist(&temp,key->d);
1205
1206             afx = new_armor_context ();
1207             afx->what = 1;
1208             /* Tell the armor filter to use Unix-style \n line
1209                endings, since we're going to fprintf this to a file
1210                that (on Win32) is open in text mode.  The win32 stdio
1211                will transform the \n to \r\n and we'll end up with the
1212                proper line endings on win32.  This is a no-op on
1213                Unix. */
1214             afx->eol[0] = '\n';
1215             push_armor_filter (afx, buffer);
1216             release_armor_context (afx);
1217
1218             /* TODO: Remove Comment: lines from keys exported this
1219                way? */
1220
1221             if(export_pubkeys_stream(buffer,temp,&block,
1222                                      opt.keyserver_options.export_options)==-1)
1223               iobuf_close(buffer);
1224             else
1225               {
1226                 KBNODE node;
1227
1228                 iobuf_flush_temp(buffer);
1229
1230                 merge_keys_and_selfsig(block);
1231
1232                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
1233                         (ulong)block->pkt->pkt.public_key->keyid[0],
1234                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1235
1236                 for(node=block;node;node=node->next)
1237                   {
1238                     switch(node->pkt->pkttype)
1239                       {
1240                       default:
1241                         continue;
1242
1243                       case PKT_PUBLIC_KEY:
1244                       case PKT_PUBLIC_SUBKEY:
1245                         {
1246                           PKT_public_key *pk=node->pkt->pkt.public_key;
1247
1248                           keyid_from_pk(pk,NULL);
1249
1250                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
1251                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
1252                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
1253                                   pk->pubkey_algo,
1254                                   nbits_from_pk(pk),
1255                                   pk->timestamp,
1256                                   pk->expiredate);
1257
1258                           if(pk->is_revoked)
1259                             fprintf(spawn->tochild,"r");
1260                           if(pk->has_expired)
1261                             fprintf(spawn->tochild,"e");
1262
1263                           fprintf(spawn->tochild,"\n");
1264                         }
1265                         break;
1266
1267                       case PKT_USER_ID:
1268                         {
1269                           PKT_user_id *uid=node->pkt->pkt.user_id;
1270                           int r;
1271
1272                           if(uid->attrib_data)
1273                             continue;
1274
1275                           fprintf(spawn->tochild,"uid:");
1276
1277                           /* Quote ':', '%', and any 8-bit
1278                              characters */
1279                           for(r=0;r<uid->len;r++)
1280                             {
1281                               if(uid->name[r]==':' || uid->name[r]=='%'
1282                                  || uid->name[r]&0x80)
1283                                 fprintf(spawn->tochild,"%%%02X",
1284                                         (byte)uid->name[r]);
1285                               else
1286                                 fprintf(spawn->tochild,"%c",uid->name[r]);
1287                             }
1288
1289                           fprintf(spawn->tochild,":%u:%u:",
1290                                   uid->created,uid->expiredate);
1291
1292                           if(uid->is_revoked)
1293                             fprintf(spawn->tochild,"r");
1294                           if(uid->is_expired)
1295                             fprintf(spawn->tochild,"e");
1296
1297                           fprintf(spawn->tochild,"\n");
1298                         }
1299                         break;
1300
1301                         /* This bit is really for the benefit of
1302                            people who store their keys in LDAP
1303                            servers.  It makes it easy to do queries
1304                            for things like "all keys signed by
1305                            Isabella". */
1306                       case PKT_SIGNATURE:
1307                         {
1308                           PKT_signature *sig=node->pkt->pkt.signature;
1309
1310                           if(!IS_UID_SIG(sig))
1311                             continue;
1312
1313                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
1314                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
1315                                   sig->sig_class,sig->timestamp,
1316                                   sig->expiredate);
1317                         }
1318                         break;
1319                       }
1320                   }
1321
1322                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
1323                         (ulong)block->pkt->pkt.public_key->keyid[0],
1324                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1325
1326                 fprintf(spawn->tochild,"KEY %08lX%08lX BEGIN\n",
1327                         (ulong)block->pkt->pkt.public_key->keyid[0],
1328                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1329                 fwrite(iobuf_get_temp_buffer(buffer),
1330                        iobuf_get_temp_length(buffer),1,spawn->tochild);
1331                 fprintf(spawn->tochild,"KEY %08lX%08lX END\n",
1332                         (ulong)block->pkt->pkt.public_key->keyid[0],
1333                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1334
1335                 iobuf_close(buffer);
1336
1337                 if(keyserver->host)
1338                   log_info(_("sending key %s to %s server %s\n"),
1339                            keystr(block->pkt->pkt.public_key->keyid),
1340                            keyserver->scheme,keyserver->host);
1341                 else
1342                   log_info(_("sending key %s to %s\n"),
1343                            keystr(block->pkt->pkt.public_key->keyid),
1344                            keyserver->uri);
1345
1346                 release_kbnode(block);
1347               }
1348
1349             free_strlist(temp);
1350           }
1351
1352         break;
1353       }
1354
1355     case KS_SEARCH:
1356       {
1357         strlist_t key;
1358
1359         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
1360
1361         /* Which keys do we want?  Remember that the gpgkeys_ program
1362            is going to lump these together into a search string. */
1363
1364         for(key=list;key!=NULL;key=key->next)
1365           {
1366             fprintf(spawn->tochild,"%s\n",key->d);
1367             if(key!=list)
1368               {
1369                 searchstr=xrealloc(searchstr,
1370                                     strlen(searchstr)+strlen(key->d)+2);
1371                 strcat(searchstr," ");
1372               }
1373             else
1374               {
1375                 searchstr=xmalloc(strlen(key->d)+1);
1376                 searchstr[0]='\0';
1377               }
1378
1379             strcat(searchstr,key->d);
1380           }
1381
1382         fprintf(spawn->tochild,"\n");
1383
1384         if(keyserver->host)
1385           log_info(_("searching for \"%s\" from %s server %s\n"),
1386                    searchstr,keyserver->scheme,keyserver->host);
1387         else
1388           log_info(_("searching for \"%s\" from %s\n"),
1389                    searchstr,keyserver->uri);
1390
1391         break;
1392       }
1393
1394     default:
1395       log_fatal(_("no keyserver action!\n"));
1396       break;
1397     }
1398
1399   /* Done sending, so start reading. */
1400   ret=exec_read(spawn);
1401   if(ret)
1402     goto fail;
1403
1404   /* Now handle the response */
1405
1406   for(;;)
1407     {
1408       int plen;
1409       char *ptr;
1410
1411       maxlen=1024;
1412       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1413         {
1414           ret = gpg_error_from_syserror ();
1415           goto fail; /* i.e. EOF */
1416         }
1417
1418       ptr=line;
1419
1420       /* remove trailing whitespace */
1421       plen=strlen(ptr);
1422       while(plen>0 && ascii_isspace(ptr[plen-1]))
1423         plen--;
1424       plen[ptr]='\0';
1425
1426       if(*ptr=='\0')
1427         break;
1428
1429       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1430         {
1431           gotversion=1;
1432
1433           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1434             {
1435               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1436                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1437               goto fail;
1438             }
1439         }
1440       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1441         {
1442           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1443             log_info(_("WARNING: keyserver handler from a different"
1444                        " version of GnuPG (%s)\n"),&ptr[8]);
1445         }
1446       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1447         outofband=1; /* Currently the only OPTION */
1448     }
1449
1450   if(!gotversion)
1451     {
1452       log_error(_("keyserver did not send VERSION\n"));
1453       goto fail;
1454     }
1455
1456   if(!outofband)
1457     switch(action)
1458       {
1459       case KS_GET:
1460       case KS_GETNAME:
1461         {
1462           void *stats_handle;
1463
1464           stats_handle=import_new_stats_handle();
1465
1466           /* Slurp up all the key data.  In the future, it might be
1467              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1468              It's harmless to ignore them, but ignoring them does make
1469              gpg complain about "no valid OpenPGP data found".  One
1470              way to do this could be to continue parsing this
1471              line-by-line and make a temp iobuf for each key. */
1472
1473           import_keys_stream(spawn->fromchild,stats_handle,fpr,fpr_len,
1474                              opt.keyserver_options.import_options);
1475
1476           import_print_stats(stats_handle);
1477           import_release_stats_handle(stats_handle);
1478
1479           break;
1480         }
1481
1482         /* Nothing to do here */
1483       case KS_SEND:
1484         break;
1485
1486       case KS_SEARCH:
1487         keyserver_search_prompt(spawn->fromchild,searchstr);
1488         break;
1489
1490       default:
1491         log_fatal(_("no keyserver action!\n"));
1492         break;
1493       }
1494
1495  fail:
1496   xfree(line);
1497   xfree(searchstr);
1498
1499
1500   *prog=exec_finish(spawn);
1501
1502   return ret;
1503 }
1504
1505 static int 
1506 keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
1507                int count,unsigned char **fpr,size_t *fpr_len,
1508                struct keyserver_spec *keyserver)
1509 {
1510   int rc=0,ret=0;
1511
1512   if(!keyserver)
1513     {
1514       log_error(_("no keyserver known (use option --keyserver)\n"));
1515       return G10ERR_BAD_URI;
1516     }
1517
1518 #ifdef DISABLE_KEYSERVER_HELPERS
1519
1520   log_error(_("external keyserver calls are not supported in this build\n"));
1521   return G10ERR_KEYSERVER;
1522
1523 #else
1524   /* Spawn a handler */
1525
1526   rc=keyserver_spawn(action,list,desc,count,&ret,fpr,fpr_len,keyserver);
1527   if(ret)
1528     {
1529       switch(ret)
1530         {
1531         case KEYSERVER_SCHEME_NOT_FOUND:
1532           log_error(_("no handler for keyserver scheme `%s'\n"),
1533                     keyserver->scheme);
1534           break;
1535
1536         case KEYSERVER_NOT_SUPPORTED:
1537           log_error(_("action `%s' not supported with keyserver "
1538                       "scheme `%s'\n"),
1539                     action==KS_GET?"get":action==KS_SEND?"send":
1540                     action==KS_SEARCH?"search":"unknown",
1541                     keyserver->scheme);
1542           break;
1543
1544         case KEYSERVER_VERSION_ERROR:
1545           log_error(_(GPGKEYS_PREFIX "%s does not support"
1546                       " handler version %d\n"),
1547                     keyserver_typemap(keyserver->scheme),
1548                     KEYSERVER_PROTO_VERSION);
1549           break;
1550
1551         case KEYSERVER_TIMEOUT:
1552           log_error(_("keyserver timed out\n"));
1553           break;
1554
1555         case KEYSERVER_INTERNAL_ERROR:
1556         default:
1557           log_error(_("keyserver internal error\n"));
1558           break;
1559         }
1560
1561       return G10ERR_KEYSERVER;
1562     }
1563
1564   if(rc)
1565     {
1566       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1567
1568       return rc;
1569     }
1570
1571   return 0;
1572 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1573 }
1574
1575 int 
1576 keyserver_export(strlist_t users)
1577 {
1578   strlist_t sl=NULL;
1579   KEYDB_SEARCH_DESC desc;
1580   int rc=0;
1581
1582   /* Weed out descriptors that we don't support sending */
1583   for(;users;users=users->next)
1584     {
1585       classify_user_id (users->d, &desc);
1586       if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1587          desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1588          desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
1589          desc.mode!=KEYDB_SEARCH_MODE_FPR20)
1590         {
1591           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1592           continue;
1593         }
1594       else
1595         append_to_strlist(&sl,users->d);
1596     }
1597
1598   if(sl)
1599     {
1600       rc=keyserver_work(KS_SEND,sl,NULL,0,NULL,NULL,opt.keyserver);
1601       free_strlist(sl);
1602     }
1603
1604   return rc;
1605 }
1606
1607 int 
1608 keyserver_import(strlist_t users)
1609 {
1610   KEYDB_SEARCH_DESC *desc;
1611   int num=100,count=0;
1612   int rc=0;
1613
1614   /* Build a list of key ids */
1615   desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1616
1617   for(;users;users=users->next)
1618     {
1619       classify_user_id (users->d, &desc[count]);
1620       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1621          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1622          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
1623          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
1624         {
1625           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1626           continue;
1627         }
1628
1629       count++;
1630       if(count==num)
1631         {
1632           num+=100;
1633           desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1634         }
1635     }
1636
1637   if(count>0)
1638     rc=keyserver_work(KS_GET,NULL,desc,count,NULL,NULL,opt.keyserver);
1639
1640   xfree(desc);
1641
1642   return rc;
1643 }
1644
1645 int
1646 keyserver_import_fprint(const byte *fprint,size_t fprint_len,
1647                         struct keyserver_spec *keyserver)
1648 {
1649   KEYDB_SEARCH_DESC desc;
1650
1651   memset(&desc,0,sizeof(desc));
1652
1653   if(fprint_len==16)
1654     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1655   else if(fprint_len==20)
1656     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1657   else
1658     return -1;
1659
1660   memcpy(desc.u.fpr,fprint,fprint_len);
1661
1662   /* TODO: Warn here if the fingerprint we got doesn't match the one
1663      we asked for? */
1664   return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
1665 }
1666
1667 int 
1668 keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
1669 {
1670   KEYDB_SEARCH_DESC desc;
1671
1672   memset(&desc,0,sizeof(desc));
1673
1674   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1675   desc.u.kid[0]=keyid[0];
1676   desc.u.kid[1]=keyid[1];
1677
1678   return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
1679 }
1680
1681 /* code mostly stolen from do_export_stream */
1682 static int 
1683 keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1684 {
1685   int rc=0,ndesc,num=100;
1686   KBNODE keyblock=NULL,node;
1687   KEYDB_HANDLE kdbhd;
1688   KEYDB_SEARCH_DESC *desc;
1689   strlist_t sl;
1690
1691   *count=0;
1692
1693   *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1694
1695   kdbhd=keydb_new(0);
1696
1697   if(!users)
1698     {
1699       ndesc = 1;
1700       desc = xmalloc_clear ( ndesc * sizeof *desc);
1701       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1702     }
1703   else
1704     {
1705       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1706         ;
1707       desc = xmalloc ( ndesc * sizeof *desc);
1708         
1709       for (ndesc=0, sl=users; sl; sl = sl->next)
1710         {
1711           if(classify_user_id (sl->d, desc+ndesc))
1712             ndesc++;
1713           else
1714             log_error (_("key \"%s\" not found: %s\n"),
1715                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
1716         }
1717     }
1718
1719   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1720     {
1721       if (!users) 
1722         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1723
1724       /* read the keyblock */
1725       rc = keydb_get_keyblock (kdbhd, &keyblock );
1726       if( rc )
1727         {
1728           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1729           goto leave;
1730         }
1731
1732       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1733         {
1734           /* This is to work around a bug in some keyservers (pksd and
1735              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1736              The answer is to refresh both the correct v4 keyid
1737              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1738              This only happens for key refresh using the HKP scheme
1739              and if the refresh-add-fake-v3-keyids keyserver option is
1740              set. */
1741           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1742              node->pkt->pkt.public_key->version>=4)
1743             {
1744               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1745               v3_keyid (node->pkt->pkt.public_key->pkey[0],
1746                         (*klist)[*count].u.kid);
1747               (*count)++;
1748
1749               if(*count==num)
1750                 {
1751                   num+=100;
1752                   *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1753                 }
1754             }
1755
1756           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1757              This is because it's easy to calculate any sort of keyid
1758              from a v4 fingerprint, but not a v3 fingerprint. */
1759
1760           if(node->pkt->pkt.public_key->version<4)
1761             {
1762               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1763               keyid_from_pk(node->pkt->pkt.public_key,
1764                             (*klist)[*count].u.kid);
1765             }
1766           else
1767             {
1768               size_t dummy;
1769
1770               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1771               fingerprint_from_pk(node->pkt->pkt.public_key,
1772                                   (*klist)[*count].u.fpr,&dummy);
1773             }
1774
1775           /* This is a little hackish, using the skipfncvalue as a
1776              void* pointer to the keyserver spec, but we don't need
1777              the skipfnc here, and it saves having an additional field
1778              for this (which would be wasted space most of the
1779              time). */
1780
1781           (*klist)[*count].skipfncvalue=NULL;
1782
1783           /* Are we honoring preferred keyservers? */
1784           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1785             {
1786               PKT_user_id *uid=NULL;
1787               PKT_signature *sig=NULL;
1788
1789               merge_keys_and_selfsig(keyblock);
1790
1791               for(node=node->next;node;node=node->next)
1792                 {
1793                   if(node->pkt->pkttype==PKT_USER_ID
1794                      && node->pkt->pkt.user_id->is_primary)
1795                     uid=node->pkt->pkt.user_id;
1796                   else if(node->pkt->pkttype==PKT_SIGNATURE
1797                           && node->pkt->pkt.signature->
1798                           flags.chosen_selfsig && uid)
1799                     {
1800                       sig=node->pkt->pkt.signature;
1801                       break;
1802                     }
1803                 }
1804
1805               /* Try and parse the keyserver URL.  If it doesn't work,
1806                  then we end up writing NULL which indicates we are
1807                  the same as any other key. */
1808               if(sig)
1809                 (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1810             }
1811
1812           (*count)++;
1813
1814           if(*count==num)
1815             {
1816               num+=100;
1817               *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1818             }
1819         }
1820     }
1821
1822   if(rc==-1)
1823     rc=0;
1824   
1825  leave:
1826   if(rc)
1827     xfree(*klist);
1828   xfree(desc);
1829   keydb_release(kdbhd);
1830   release_kbnode(keyblock);
1831
1832   return rc;
1833 }
1834
1835 /* Note this is different than the original HKP refresh.  It allows
1836    usernames to refresh only part of the keyring. */
1837
1838 int
1839 keyserver_refresh(strlist_t users)
1840 {
1841   int rc,count,numdesc,fakev3=0;
1842   KEYDB_SEARCH_DESC *desc;
1843   unsigned int options=opt.keyserver_options.import_options;
1844
1845   /* We switch merge-only on during a refresh, as 'refresh' should
1846      never import new keys, even if their keyids match. */
1847   opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
1848
1849   /* Similarly, we switch on fast-import, since refresh may make
1850      multiple import sets (due to preferred keyserver URLs).  We don't
1851      want each set to rebuild the trustdb.  Instead we do it once at
1852      the end here. */
1853   opt.keyserver_options.import_options|=IMPORT_FAST;
1854
1855   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1856      scheme, then enable fake v3 keyid generation. */
1857   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1858      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1859          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1860     fakev3=1;
1861
1862   rc=keyidlist(users,&desc,&numdesc,fakev3);
1863   if(rc)
1864     return rc;
1865
1866   count=numdesc;
1867   if(count>0)
1868     {
1869       int i;
1870
1871       /* Try to handle preferred keyserver keys first */
1872       for(i=0;i<numdesc;i++)
1873         {
1874           if(desc[i].skipfncvalue)
1875             {
1876               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1877
1878               /* We use the keyserver structure we parsed out before.
1879                  Note that a preferred keyserver without a scheme://
1880                  will be interpreted as hkp:// */
1881
1882               rc=keyserver_work(KS_GET,NULL,&desc[i],1,NULL,NULL,keyserver);
1883               if(rc)
1884                 log_info(_("WARNING: unable to refresh key %s"
1885                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
1886                          keyserver->uri,g10_errstr(rc));
1887               else
1888                 {
1889                   /* We got it, so mark it as NONE so we don't try and
1890                      get it again from the regular keyserver. */
1891
1892                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1893                   count--;
1894                 }
1895
1896               free_keyserver_spec(keyserver);
1897             }
1898         }
1899     }
1900
1901   if(count>0)
1902     {
1903       if(opt.keyserver)
1904         {
1905           if(count==1)
1906             log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
1907           else
1908             log_info(_("refreshing %d keys from %s\n"),
1909                      count,opt.keyserver->uri);
1910         }
1911
1912       rc=keyserver_work(KS_GET,NULL,desc,numdesc,NULL,NULL,opt.keyserver);
1913     }
1914
1915   xfree(desc);
1916
1917   opt.keyserver_options.import_options=options;
1918
1919   /* If the original options didn't have fast import, and the trustdb
1920      is dirty, rebuild. */
1921   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1922     trustdb_check_or_update();
1923
1924   return rc;
1925 }
1926
1927 int
1928 keyserver_search(strlist_t tokens)
1929 {
1930   if(tokens)
1931     return keyserver_work(KS_SEARCH,tokens,NULL,0,NULL,NULL,opt.keyserver);
1932   else
1933     return 0;
1934 }
1935
1936 int
1937 keyserver_fetch(strlist_t urilist)
1938 {
1939   KEYDB_SEARCH_DESC desc;
1940   strlist_t sl;
1941   unsigned int options=opt.keyserver_options.import_options;
1942
1943   /* Switch on fast-import, since fetch can handle more than one
1944      import and we don't want each set to rebuild the trustdb.
1945      Instead we do it once at the end. */
1946   opt.keyserver_options.import_options|=IMPORT_FAST;
1947
1948   /* A dummy desc since we're not actually fetching a particular key
1949      ID */
1950   memset(&desc,0,sizeof(desc));
1951   desc.mode=KEYDB_SEARCH_MODE_EXACT;
1952
1953   for(sl=urilist;sl;sl=sl->next)
1954     {
1955       struct keyserver_spec *spec;
1956
1957       spec=parse_keyserver_uri(sl->d,1,NULL,0);
1958       if(spec)
1959         {
1960           int rc;
1961
1962           rc=keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,spec);
1963           if(rc)
1964             log_info (_("WARNING: unable to fetch URI %s: %s\n"),
1965                      sl->d,g10_errstr(rc));
1966
1967           free_keyserver_spec(spec);
1968         }
1969       else
1970         log_info (_("WARNING: unable to parse URI %s\n"),sl->d);
1971     }
1972
1973   opt.keyserver_options.import_options=options;
1974
1975   /* If the original options didn't have fast import, and the trustdb
1976      is dirty, rebuild. */
1977   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1978     trustdb_check_or_update();
1979
1980   return 0;
1981 }
1982
1983 /* Import key in a CERT or pointed to by a CERT */
1984 int
1985 keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
1986 {
1987   char *domain,*look,*url;
1988   IOBUF key;
1989   int type,rc=G10ERR_GENERAL;
1990
1991   look=xstrdup(name);
1992
1993   domain=strrchr(look,'@');
1994   if(domain)
1995     *domain='.';
1996
1997   type=get_dns_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
1998   if(type==1)
1999     {
2000       int armor_status=opt.no_armor;
2001
2002       /* CERTs are always in binary format */
2003       opt.no_armor=1;
2004
2005       rc=import_keys_stream(key,NULL,fpr,fpr_len,
2006                             opt.keyserver_options.import_options);
2007
2008       opt.no_armor=armor_status;
2009
2010       iobuf_close(key);
2011     }
2012   else if(type==2 && *fpr)
2013     {
2014       /* We only consider the IPGP type if a fingerprint was provided.
2015          This lets us select the right key regardless of what a URL
2016          points to, or get the key from a keyserver. */
2017       if(url)
2018         {
2019           struct keyserver_spec *spec;
2020
2021           spec=parse_keyserver_uri(url,1,NULL,0);
2022           if(spec)
2023             {
2024               strlist_t list=NULL;
2025
2026               add_to_strlist(&list,url);
2027
2028               rc=keyserver_fetch(list);
2029
2030               free_strlist(list);
2031               free_keyserver_spec(spec);
2032             }
2033         }
2034       else if(opt.keyserver)
2035         {
2036           /* If only a fingerprint is provided, try and fetch it from
2037              our --keyserver */
2038
2039           rc=keyserver_import_fprint(*fpr,*fpr_len,opt.keyserver);
2040         }
2041       else
2042         log_info(_("no keyserver known (use option --keyserver)\n"));
2043
2044       /* Give a better string here? "CERT fingerprint for \"%s\"
2045          found, but no keyserver" " known (use option
2046          --keyserver)\n" ? */
2047
2048       xfree(url);
2049     }
2050
2051   xfree(look);
2052
2053   return rc;
2054 }
2055
2056 /* Import key pointed to by a PKA record. Return the requested
2057    fingerprint in fpr. */
2058 int
2059 keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
2060 {
2061   char *uri;
2062   int rc=-1;
2063
2064   *fpr=xmalloc(20);
2065   *fpr_len=20;
2066
2067   uri = get_pka_info (name, *fpr);
2068   if (uri)
2069     {
2070       struct keyserver_spec *spec;
2071       spec = parse_keyserver_uri (uri, 1, NULL, 0);
2072       if (spec)
2073         {
2074           rc=keyserver_import_fprint (*fpr, 20, spec);
2075           free_keyserver_spec (spec);
2076         }
2077       xfree (uri);
2078     }
2079
2080   if(rc!=0)
2081     xfree(*fpr);
2082
2083   return rc;
2084 }
2085
2086 /* Import all keys that match name */
2087 int
2088 keyserver_import_name(const char *name,unsigned char **fpr,size_t *fpr_len,
2089                       struct keyserver_spec *keyserver)
2090 {
2091   strlist_t list=NULL;
2092   int rc;
2093
2094   append_to_strlist(&list,name);
2095
2096   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
2097
2098   free_strlist(list);
2099
2100   return rc;
2101 }
2102
2103 /* Use the PGP Universal trick of asking ldap://keys.(maildomain) for
2104    the key. */
2105 int
2106 keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
2107 {
2108   char *domain;
2109   struct keyserver_spec *keyserver;
2110   strlist_t list=NULL;
2111   int rc;
2112
2113   append_to_strlist(&list,name);
2114
2115   /* Parse out the domain */
2116   domain=strrchr(name,'@');
2117   if(!domain)
2118     return G10ERR_GENERAL;
2119
2120   domain++;
2121
2122   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
2123
2124   keyserver->scheme=xstrdup("ldap");
2125   keyserver->host=xmalloc(5+strlen(domain)+1);
2126   strcpy(keyserver->host,"keys.");
2127   strcat(keyserver->host,domain);
2128   keyserver->uri=xmalloc(strlen(keyserver->scheme)+
2129                          3+strlen(keyserver->host)+1);
2130   strcpy(keyserver->uri,keyserver->scheme);
2131   strcat(keyserver->uri,"://");
2132   strcat(keyserver->uri,keyserver->host);
2133     
2134   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
2135
2136   free_strlist(list);
2137
2138   free_keyserver_spec(keyserver);
2139
2140   return rc;
2141 }