1 /* keyring.c - keyring file handling
2 * Copyright (C) 1998-2010 Free Software Foundation, Inc.
3 * Copyright (C) 1997-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #include <sys/types.h>
36 #include "main.h" /*for check_key_signature()*/
38 #include "../kbx/keybox.h"
41 typedef struct keyring_resource *KR_RESOURCE;
42 struct keyring_resource
44 struct keyring_resource *next;
51 typedef struct keyring_resource const * CONST_KR_RESOURCE;
53 static KR_RESOURCE kr_resources;
57 CONST_KR_RESOURCE resource;
69 unsigned int n_packets; /*used for delete and update*/
77 /* The number of extant handles. */
78 static int active_handles;
80 static int do_copy (int mode, const char *fname, KBNODE root,
81 off_t start_offset, unsigned int n_packets );
85 /* We keep a cache of entries that we have entered in the DB. This
86 includes not only public keys, but also subkeys.
88 Note: we'd like to keep the offset of the items that are present,
89 however, this doesn't work, because another concurrent GnuPG
90 process could modify the keyring. */
92 struct key_present *next;
96 /* For the hash table, we use separate chaining with linked lists.
97 This means that we have an array of N linked lists (buckets), which
98 is indexed by KEYID[1] mod N. Elements present in the keyring will
99 be on the list; elements not present in the keyring will not be on
102 Note: since the hash table stores both present and not present
103 information, it cannot be used until we complete a full scan of the
104 keyring. This is indicated by key_present_hash_ready. */
105 typedef struct key_present **key_present_hash_t;
106 static key_present_hash_t key_present_hash;
107 static int key_present_hash_ready;
109 #define KEY_PRESENT_HASH_BUCKETS 2048
111 /* Allocate a new value for a key present hash table. */
112 static struct key_present *
113 key_present_value_new (void)
115 struct key_present *k;
117 k = xmalloc_clear (sizeof *k);
121 /* Allocate a new key present hash table. */
122 static key_present_hash_t
123 key_present_hash_new (void)
125 struct key_present **tbl;
127 tbl = xmalloc_clear (KEY_PRESENT_HASH_BUCKETS * sizeof *tbl);
131 /* Return whether the value described by KID if it is in the hash
132 table. Otherwise, return NULL. */
133 static struct key_present *
134 key_present_hash_lookup (key_present_hash_t tbl, u32 *kid)
136 struct key_present *k;
138 for (k = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))]; k; k = k->next)
139 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
144 /* Add the key to the hash table TBL if it is not already present. */
146 key_present_hash_update (key_present_hash_t tbl, u32 *kid)
148 struct key_present *k;
150 for (k = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))]; k; k = k->next)
152 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
156 k = key_present_value_new ();
159 k->next = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))];
160 tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))] = k;
163 /* Add all the keys (public and subkeys) present in the keyblock to
166 key_present_hash_update_from_kb (key_present_hash_t tbl, KBNODE node)
168 for (; node; node = node->next)
170 if (node->pkt->pkttype == PKT_PUBLIC_KEY
171 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
174 keyid_from_pk (node->pkt->pkt.public_key, aki);
175 key_present_hash_update (tbl, aki);
181 * Register a filename for plain keyring files. ptr is set to a
182 * pointer to be used to create a handles etc, or the already-issued
183 * pointer if it has already been registered. The function returns 1
184 * if a new keyring was registered.
187 keyring_register_filename (const char *fname, int read_only, void **ptr)
192 /* There are open handles. */
195 for (kr=kr_resources; kr; kr = kr->next)
197 if (same_file_p (kr->fname, fname))
199 /* Already registered. */
207 kr = xmalloc (sizeof *kr + strlen (fname));
208 strcpy (kr->fname, fname);
209 kr->read_only = read_only;
212 kr->did_full_scan = 0;
213 /* keep a list of all issued pointers */
214 kr->next = kr_resources;
217 /* create the offset table the first time a function here is used */
218 if (!key_present_hash)
219 key_present_hash = key_present_hash_new ();
227 keyring_is_writable (void *token)
229 KR_RESOURCE r = token;
231 return r? (r->read_only || !access (r->fname, W_OK)) : 0;
236 /* Create a new handle for the resource associated with TOKEN.
237 On error NULL is returned and ERRNO is set.
238 The returned handle must be released using keyring_release (). */
240 keyring_new (void *token)
243 KR_RESOURCE resource = token;
245 log_assert (resource);
247 hd = xtrycalloc (1, sizeof *hd);
250 hd->resource = resource;
256 keyring_release (KEYRING_HANDLE hd)
260 log_assert (active_handles > 0);
262 xfree (hd->word_match.name);
263 xfree (hd->word_match.pattern);
264 iobuf_close (hd->current.iobuf);
269 /* Save the current found state in HD for later retrieval by
270 keybox_pop_found_state. Only one state may be saved. */
272 keyring_push_found_state (KEYRING_HANDLE hd)
274 hd->saved_found = hd->found;
279 /* Restore the saved found state in HD. */
281 keyring_pop_found_state (KEYRING_HANDLE hd)
283 hd->found = hd->saved_found;
284 hd->saved_found.kr = NULL;
289 keyring_get_resource_name (KEYRING_HANDLE hd)
291 if (!hd || !hd->resource)
293 return hd->resource->fname;
298 * Lock the keyring with the given handle, or unlock if YES is false.
299 * We ignore the handle and lock all registered files.
302 keyring_lock (KEYRING_HANDLE hd, int yes)
310 /* first make sure the lock handles are created */
311 for (kr=kr_resources; kr; kr = kr->next) {
312 if (!keyring_is_writable(kr))
315 kr->lockhd = dotlock_create (kr->fname, 0);
317 log_info ("can't allocate lock for '%s'\n", kr->fname );
318 rc = GPG_ERR_GENERAL;
325 /* and now set the locks */
326 for (kr=kr_resources; kr; kr = kr->next) {
327 if (!keyring_is_writable(kr))
332 #ifdef HAVE_W32_SYSTEM
333 /* Under Windows we need to CloseHandle the file before we
334 * try to lock it. This is because another process might
335 * have taken the lock and is using keybox_file_rename to
336 * rename the base file. How if our dotlock_take below is
337 * waiting for the lock but we have the base file still
338 * open, keybox_file_rename will never succeed as we are
340 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0,
342 #endif /*HAVE_W32_SYSTEM*/
343 if (dotlock_take (kr->lockhd, -1) ) {
344 log_info ("can't lock '%s'\n", kr->fname );
345 rc = GPG_ERR_GENERAL;
353 for (kr=kr_resources; kr; kr = kr->next) {
354 if (!keyring_is_writable(kr))
359 if (dotlock_release (kr->lockhd))
360 log_info ("can't unlock '%s'\n", kr->fname );
372 * Return the last found keyblock. Caller must free it.
373 * The returned keyblock has the kbode flag bit 0 set for the node with
374 * the public key used to locate the keyblock or flag bit 1 set for
378 keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
382 KBNODE keyblock = NULL, node, lastnode;
393 return -1; /* no successful search */
395 a = iobuf_open (hd->found.kr->fname);
398 log_error(_("can't open '%s'\n"), hd->found.kr->fname);
399 return GPG_ERR_KEYRING_OPEN;
402 if (iobuf_seek (a, hd->found.offset) ) {
403 log_error ("can't seek '%s'\n", hd->found.kr->fname);
405 return GPG_ERR_KEYRING_OPEN;
408 pkt = xmalloc (sizeof *pkt);
410 hd->found.n_packets = 0;;
412 save_mode = set_packet_list_mode(0);
413 while ((rc=parse_packet (a, pkt)) != -1) {
414 hd->found.n_packets++;
415 if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
420 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
423 /* It is not this key that is problematic, but the
427 hd->found.n_packets --;
430 /* Upper layer needs to handle this. */
436 log_error ("keyring_get_keyblock: read error: %s\n",
438 rc = GPG_ERR_INV_KEYRING;
442 /* Filter allowed packets. */
443 switch (pkt->pkttype)
446 case PKT_PUBLIC_SUBKEY:
448 case PKT_SECRET_SUBKEY:
452 break; /* Allowed per RFC. */
454 case PKT_OLD_COMMENT:
456 case PKT_GPG_CONTROL:
457 break; /* Allowed by us. */
460 log_error ("skipped packet of type %d in keyring\n",
467 if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY
468 || pkt->pkttype == PKT_SECRET_KEY)) {
469 hd->found.n_packets--; /* fix counter */
474 if (pkt->pkttype == PKT_RING_TRUST)
476 /*(this code is duplicated after the loop)*/
478 && lastnode->pkt->pkttype == PKT_SIGNATURE
479 && (pkt->pkt.ring_trust->sigcache & 1) ) {
480 /* This is a ring trust packet with a checked signature
481 * status cache following directly a signature paket.
482 * Set the cache status into that signature packet. */
483 PKT_signature *sig = lastnode->pkt->pkt.signature;
485 sig->flags.checked = 1;
486 sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
488 /* Reset LASTNODE, so that we set the cache status only from
489 * the ring trust packet immediately following a signature. */
497 node = lastnode = new_kbnode (pkt);
501 add_kbnode (keyblock, node);
502 switch (pkt->pkttype)
505 case PKT_PUBLIC_SUBKEY:
507 case PKT_SECRET_SUBKEY:
508 if (++pk_no == hd->found.pk_no)
513 if (++uid_no == hd->found.uid_no)
521 pkt = xmalloc (sizeof *pkt);
524 set_packet_list_mode(save_mode);
526 if (rc == -1 && keyblock)
527 rc = 0; /* got the entire keyblock */
530 release_kbnode (keyblock);
532 /*(duplicated from the loop body)*/
533 if ( pkt && pkt->pkttype == PKT_RING_TRUST
535 && lastnode->pkt->pkttype == PKT_SIGNATURE
536 && (pkt->pkt.ring_trust->sigcache & 1) ) {
537 PKT_signature *sig = lastnode->pkt->pkt.signature;
538 sig->flags.checked = 1;
539 sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
547 /* Make sure that future search operations fail immediately when
548 * we know that we are working on a invalid keyring
550 if (gpg_err_code (rc) == GPG_ERR_INV_KEYRING)
551 hd->current.error = rc;
557 keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
562 return -1; /* no successful prior search */
564 if (hd->found.kr->read_only)
565 return gpg_error (GPG_ERR_EACCES);
567 if (!hd->found.n_packets) {
568 /* need to know the number of packets - do a dummy get_keyblock*/
569 rc = keyring_get_keyblock (hd, NULL);
571 log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
574 if (!hd->found.n_packets)
578 /* The open iobuf isn't needed anymore and in fact is a problem when
579 it comes to renaming the keyring files on some operating systems,
581 iobuf_close(hd->current.iobuf);
582 hd->current.iobuf = NULL;
585 rc = do_copy (3, hd->found.kr->fname, kb,
586 hd->found.offset, hd->found.n_packets );
588 if (key_present_hash)
590 key_present_hash_update_from_kb (key_present_hash, kb);
592 /* better reset the found info */
594 hd->found.offset = 0;
600 keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
607 else if (hd->found.kr)
609 fname = hd->found.kr->fname;
610 if (hd->found.kr->read_only)
611 return gpg_error (GPG_ERR_EACCES);
613 else if (hd->current.kr)
615 fname = hd->current.kr->fname;
616 if (hd->current.kr->read_only)
617 return gpg_error (GPG_ERR_EACCES);
620 fname = hd->resource? hd->resource->fname:NULL;
623 return GPG_ERR_GENERAL;
625 /* Close this one otherwise we will lose the position for
626 * a next search. Fixme: it would be better to adjust the position
627 * after the write opertions.
629 iobuf_close (hd->current.iobuf);
630 hd->current.iobuf = NULL;
633 rc = do_copy (1, fname, kb, 0, 0 );
634 if (!rc && key_present_hash)
636 key_present_hash_update_from_kb (key_present_hash, kb);
644 keyring_delete_keyblock (KEYRING_HANDLE hd)
649 return -1; /* no successful prior search */
651 if (hd->found.kr->read_only)
652 return gpg_error (GPG_ERR_EACCES);
654 if (!hd->found.n_packets) {
655 /* need to know the number of packets - do a dummy get_keyblock*/
656 rc = keyring_get_keyblock (hd, NULL);
658 log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
661 if (!hd->found.n_packets)
665 /* close this one otherwise we will lose the position for
666 * a next search. Fixme: it would be better to adjust the position
667 * after the write opertions.
669 iobuf_close (hd->current.iobuf);
670 hd->current.iobuf = NULL;
673 rc = do_copy (2, hd->found.kr->fname, NULL,
674 hd->found.offset, hd->found.n_packets );
676 /* better reset the found info */
678 hd->found.offset = 0;
679 /* Delete is a rare operations, so we don't remove the keys
680 * from the offset table */
688 * Start the next search on this handle right at the beginning
691 keyring_search_reset (KEYRING_HANDLE hd)
695 hd->current.kr = NULL;
696 iobuf_close (hd->current.iobuf);
697 hd->current.iobuf = NULL;
699 hd->current.error = 0;
702 hd->found.offset = 0;
708 prepare_search (KEYRING_HANDLE hd)
710 if (hd->current.error) {
711 /* If the last key was a legacy key, we simply ignore the error so that
712 we can easily use search_next. */
713 if (gpg_err_code (hd->current.error) == GPG_ERR_LEGACY_KEY)
716 log_debug ("%s: last error was GPG_ERR_LEGACY_KEY, clearing\n",
718 hd->current.error = 0;
723 log_debug ("%s: returning last error: %s\n",
724 __func__, gpg_strerror (hd->current.error));
725 return hd->current.error; /* still in error state */
729 if (hd->current.kr && !hd->current.eof) {
730 if ( !hd->current.iobuf )
733 log_debug ("%s: missing iobuf!\n", __func__);
734 return GPG_ERR_GENERAL; /* Position invalid after a modify. */
739 if (!hd->current.kr && hd->current.eof)
742 log_debug ("%s: EOF!\n", __func__);
743 return -1; /* still EOF */
746 if (!hd->current.kr) { /* start search with first keyring */
747 hd->current.kr = hd->resource;
748 if (!hd->current.kr) {
750 log_debug ("%s: keyring not available!\n", __func__);
752 return -1; /* keyring not available */
754 log_assert (!hd->current.iobuf);
758 log_debug ("%s: EOF\n", __func__);
759 iobuf_close (hd->current.iobuf);
760 hd->current.iobuf = NULL;
761 hd->current.kr = NULL;
767 hd->current.iobuf = iobuf_open (hd->current.kr->fname);
768 if (!hd->current.iobuf)
770 hd->current.error = gpg_error_from_syserror ();
771 log_error(_("can't open '%s'\n"), hd->current.kr->fname );
772 return hd->current.error;
779 /* A map of the all characters valid used for word_match()
780 * Valid characters are in in this table converted to uppercase.
781 * because the upper 128 bytes have special meaning, we assume
782 * that they are all valid.
783 * Note: We must use numerical values here in case that this program
784 * will be converted to those little blue HAL9000s with their strange
785 * EBCDIC character set (user ids are UTF-8).
786 * wk 2000-04-13: Hmmm, does this really make sense, given the fact that
787 * we can run gpg now on a S/390 running GNU/Linux, where the code
788 * translation is done by the device drivers?
790 static const byte word_match_chars[256] = {
791 /* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
792 /* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
793 /* 10 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
794 /* 18 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
795 /* 20 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
796 /* 28 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
797 /* 30 */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
798 /* 38 */ 0x38, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
799 /* 40 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
800 /* 48 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
801 /* 50 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
802 /* 58 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
803 /* 60 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
804 /* 68 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
805 /* 70 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
806 /* 78 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
807 /* 80 */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
808 /* 88 */ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
809 /* 90 */ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
810 /* 98 */ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
811 /* a0 */ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
812 /* a8 */ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
813 /* b0 */ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
814 /* b8 */ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
815 /* c0 */ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
816 /* c8 */ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
817 /* d0 */ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
818 /* d8 */ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
819 /* e0 */ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
820 /* e8 */ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
821 /* f0 */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
822 /* f8 */ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
826 * Do a word match (original user id starts with a '+').
827 * The pattern is already tokenized to a more suitable format:
828 * There are only the real words in it delimited by one space
829 * and all converted to uppercase.
831 * Returns: 0 if all words match.
833 * Note: This algorithm is a straightforward one and not very
834 * fast. It works for UTF-8 strings. The uidlen should
835 * be removed but due to the fact that old versions of
836 * pgp don't use UTF-8 we still use the length; this should
837 * be fixed in parse-packet (and replace \0 by some special
841 word_match( const byte *uid, size_t uidlen, const byte *pattern )
847 for( s=pattern; *s; ) {
849 /* skip leading delimiters */
850 while( uidlen && !word_match_chars[*uid] )
852 /* get length of the word */
854 while( n && word_match_chars[*p] )
857 /* and compare against the current word from pattern */
858 for(n=0, p=uid; n < wlen && s[n] != ' ' && s[n] ; n++, p++ ) {
859 if( word_match_chars[*p] != s[n] )
862 if( n == wlen && (s[n] == ' ' || !s[n]) )
868 return -1; /* not found */
870 /* advance to next word in pattern */
871 for(; *s != ' ' && *s ; s++ )
876 return 0; /* found */
880 * prepare word word_match; that is parse the name and
882 * caller has to free the returned pattern
885 prepare_word_match (const byte *name)
890 /* the original length is always enough for the pattern */
891 p = pattern = xmalloc(strlen(name)+1);
893 /* skip leading delimiters */
894 while( *name && !word_match_chars[*name] )
896 /* copy as long as we don't have a delimiter and convert
898 * fixme: how can we handle utf8 uppercasing */
899 for( ; *name && (c=word_match_chars[*name]); name++ )
901 *p++ = ' '; /* append pattern delimiter */
903 p[-1] = 0; /* replace last pattern delimiter by EOS */
912 compare_name (int mode, const char *name, const char *uid, size_t uidlen)
917 if (mode == KEYDB_SEARCH_MODE_EXACT) {
918 for (i=0; name[i] && uidlen; i++, uidlen--)
919 if (uid[i] != name[i])
921 if (!uidlen && !name[i])
922 return 0; /* found */
924 else if (mode == KEYDB_SEARCH_MODE_SUBSTR) {
925 if (ascii_memistr( uid, uidlen, name ))
928 else if ( mode == KEYDB_SEARCH_MODE_MAIL
929 || mode == KEYDB_SEARCH_MODE_MAILSUB
930 || mode == KEYDB_SEARCH_MODE_MAILEND) {
931 for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
934 /* skip opening delim and one char and look for the closing one*/
936 for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
940 if (mode == KEYDB_SEARCH_MODE_MAIL) {
941 if( strlen(name)-2 == i
942 && !ascii_memcasecmp( s, name+1, i) )
945 else if (mode == KEYDB_SEARCH_MODE_MAILSUB) {
946 if( ascii_memistr( s, i, name ) )
949 else { /* email from end */
955 else if (mode == KEYDB_SEARCH_MODE_WORDS)
956 return word_match (uid, uidlen, name);
960 return -1; /* not found */
965 * Search through the keyring(s), starting at the current position,
966 * for a keyblock which contains one of the keys described in the DESC array.
969 keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
970 size_t ndesc, size_t *descindex, int ignore_legacy)
975 off_t offset, main_offset;
977 int need_uid, need_words, need_keyid, need_fpr, any_skip;
980 int scanned_from_start;
981 int use_key_present_hash;
982 PKT_user_id *uid = NULL;
983 PKT_public_key *pk = NULL;
986 /* figure out what information we need */
987 need_uid = need_words = need_keyid = need_fpr = any_skip = 0;
988 for (n=0; n < ndesc; n++)
990 switch (desc[n].mode)
992 case KEYDB_SEARCH_MODE_EXACT:
993 case KEYDB_SEARCH_MODE_SUBSTR:
994 case KEYDB_SEARCH_MODE_MAIL:
995 case KEYDB_SEARCH_MODE_MAILSUB:
996 case KEYDB_SEARCH_MODE_MAILEND:
999 case KEYDB_SEARCH_MODE_WORDS:
1003 case KEYDB_SEARCH_MODE_SHORT_KID:
1004 case KEYDB_SEARCH_MODE_LONG_KID:
1007 case KEYDB_SEARCH_MODE_FPR16:
1008 case KEYDB_SEARCH_MODE_FPR20:
1009 case KEYDB_SEARCH_MODE_FPR:
1012 case KEYDB_SEARCH_MODE_FIRST:
1013 /* always restart the search in this mode */
1014 keyring_search_reset (hd);
1018 if (desc[n].skipfnc)
1026 log_debug ("%s: need_uid = %d; need_words = %d; need_keyid = %d; need_fpr = %d; any_skip = %d\n",
1027 __func__, need_uid, need_words, need_keyid, need_fpr, any_skip);
1029 rc = prepare_search (hd);
1033 log_debug ("%s: prepare_search failed: %s (%d)\n",
1034 __func__, gpg_strerror (rc), gpg_err_code (rc));
1038 use_key_present_hash = !!key_present_hash;
1039 if (!use_key_present_hash)
1042 log_debug ("%s: no offset table.\n", __func__);
1044 else if (!key_present_hash_ready)
1047 log_debug ("%s: initializing offset table. (need_keyid: %d => 1)\n",
1048 __func__, need_keyid);
1051 else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
1053 struct key_present *oi;
1056 log_debug ("%s: look up by long key id, checking cache\n", __func__);
1058 oi = key_present_hash_lookup (key_present_hash, desc[0].u.kid);
1060 { /* We know that we don't have this key */
1062 log_debug ("%s: cache says not present\n", __func__);
1063 hd->found.kr = NULL;
1064 hd->current.eof = 1;
1067 /* We could now create a positive search status and return.
1068 * However the problem is that another instance of gpg may
1069 * have changed the keyring so that the offsets are not valid
1070 * anymore - therefore we don't do it
1076 const char *name = NULL;
1078 log_debug ("word search mode does not yet work\n");
1079 /* FIXME: here is a long standing bug in our function and in addition we
1080 just use the first search description */
1081 for (n=0; n < ndesc && !name; n++)
1083 if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
1084 name = desc[n].u.name;
1087 if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
1090 xfree (hd->word_match.name);
1091 xfree (hd->word_match.pattern);
1092 hd->word_match.name = xstrdup (name);
1093 hd->word_match.pattern = prepare_word_match (name);
1095 /* name = hd->word_match.pattern; */
1099 save_mode = set_packet_list_mode(0);
1101 hd->found.kr = NULL;
1104 initial_skip = 1; /* skip until we see the start of a keyblock */
1105 scanned_from_start = iobuf_tell (hd->current.iobuf) == 0;
1107 log_debug ("%s: %ssearching from start of resource.\n",
1108 __func__, scanned_from_start ? "" : "not ");
1111 byte afp[MAX_FINGERPRINT_LEN];
1114 rc = search_packet (hd->current.iobuf, &pkt, &offset, need_uid);
1115 if (ignore_legacy && gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1123 if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY)
1125 main_offset = offset;
1137 if ( pkt.pkttype == PKT_PUBLIC_KEY
1138 || pkt.pkttype == PKT_PUBLIC_SUBKEY
1139 || pkt.pkttype == PKT_SECRET_KEY
1140 || pkt.pkttype == PKT_SECRET_SUBKEY)
1142 pk = pkt.pkt.public_key;
1146 fingerprint_from_pk (pk, afp, &an);
1147 while (an < 20) /* fill up to 20 bytes */
1151 keyid_from_pk (pk, aki);
1153 if (use_key_present_hash
1154 && !key_present_hash_ready
1155 && scanned_from_start)
1156 key_present_hash_update (key_present_hash, aki);
1158 else if (pkt.pkttype == PKT_USER_ID)
1160 uid = pkt.pkt.user_id;
1164 for (n=0; n < ndesc; n++)
1166 switch (desc[n].mode) {
1167 case KEYDB_SEARCH_MODE_NONE:
1170 case KEYDB_SEARCH_MODE_EXACT:
1171 case KEYDB_SEARCH_MODE_SUBSTR:
1172 case KEYDB_SEARCH_MODE_MAIL:
1173 case KEYDB_SEARCH_MODE_MAILSUB:
1174 case KEYDB_SEARCH_MODE_MAILEND:
1175 case KEYDB_SEARCH_MODE_WORDS:
1176 if ( uid && !compare_name (desc[n].mode,
1178 uid->name, uid->len))
1182 case KEYDB_SEARCH_MODE_SHORT_KID:
1183 if (pk && desc[n].u.kid[1] == aki[1])
1186 case KEYDB_SEARCH_MODE_LONG_KID:
1187 if (pk && desc[n].u.kid[0] == aki[0]
1188 && desc[n].u.kid[1] == aki[1])
1191 case KEYDB_SEARCH_MODE_FPR16:
1192 if (pk && !memcmp (desc[n].u.fpr, afp, 16))
1195 case KEYDB_SEARCH_MODE_FPR20:
1196 case KEYDB_SEARCH_MODE_FPR:
1197 if (pk && !memcmp (desc[n].u.fpr, afp, 20))
1200 case KEYDB_SEARCH_MODE_FIRST:
1204 case KEYDB_SEARCH_MODE_NEXT:
1209 rc = GPG_ERR_INV_ARG;
1220 log_debug ("%s: packet starting at offset %lld matched descriptor %zu\n"
1221 , __func__, (long long)offset, n);
1223 /* Record which desc we matched on. Note this value is only
1224 meaningful if this function returns with no errors. */
1227 for (n=any_skip?0:ndesc; n < ndesc; n++)
1230 && desc[n].skipfnc (desc[n].skipfncvalue, aki, uid_no))
1233 log_debug ("%s: skipping match: desc %zd's skip function returned TRUE\n",
1246 log_debug ("%s: returning success\n", __func__);
1247 hd->found.offset = main_offset;
1248 hd->found.kr = hd->current.kr;
1249 hd->found.pk_no = pk? pk_no : 0;
1250 hd->found.uid_no = uid? uid_no : 0;
1255 log_debug ("%s: no matches (EOF)\n", __func__);
1257 hd->current.eof = 1;
1258 /* if we scanned all keyrings, we are sure that
1259 * all known key IDs are in our offtbl, mark that. */
1260 if (use_key_present_hash
1261 && !key_present_hash_ready
1262 && scanned_from_start)
1266 /* First set the did_full_scan flag for this keyring. */
1267 for (kr=kr_resources; kr; kr = kr->next)
1269 if (hd->resource == kr)
1271 kr->did_full_scan = 1;
1275 /* Then check whether all flags are set and if so, mark the
1277 for (kr=kr_resources; kr; kr = kr->next)
1279 if (!kr->did_full_scan)
1283 key_present_hash_ready = 1;
1289 log_debug ("%s: error encountered during search: %s (%d)\n",
1290 __func__, gpg_strerror (rc), rc);
1291 hd->current.error = rc;
1295 set_packet_list_mode(save_mode);
1301 create_tmp_file (const char *template,
1302 char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
1307 err = keybox_tmp_names (template, 1, r_bakfname, r_tmpfname);
1311 /* Create the temp file with limited access. Note that the umask
1312 call is not anymore needed because iobuf_create now takes care of
1313 it. However, it does not harm and thus we keep it. */
1314 oldmask = umask (077);
1315 if (is_secured_filename (*r_tmpfname))
1318 gpg_err_set_errno (EPERM);
1321 *r_fp = iobuf_create (*r_tmpfname, 1);
1325 err = gpg_error_from_syserror ();
1326 log_error (_("can't create '%s': %s\n"), *r_tmpfname, gpg_strerror (err));
1327 xfree (*r_tmpfname);
1329 xfree (*r_bakfname);
1338 rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname)
1342 /* Invalidate close caches. */
1343 if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname ))
1345 rc = gpg_error_from_syserror ();
1348 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)bakfname );
1349 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname );
1351 /* First make a backup file. */
1352 rc = keybox_file_rename (fname, bakfname);
1356 /* then rename the file */
1357 rc = keybox_file_rename (tmpfname, fname);
1360 register_secured_file (fname);
1364 /* Now make sure the file has the same permissions as the original */
1365 #ifndef HAVE_DOSISH_SYSTEM
1367 struct stat statbuf;
1369 statbuf.st_mode=S_IRUSR | S_IWUSR;
1371 if (!stat (bakfname, &statbuf) && !chmod (fname, statbuf.st_mode))
1374 log_error ("WARNING: unable to restore permissions to '%s': %s",
1375 fname, strerror(errno));
1387 write_keyblock (IOBUF fp, KBNODE keyblock)
1389 KBNODE kbctx = NULL, node;
1392 while ( (node = walk_kbnode (keyblock, &kbctx, 0)) )
1394 if (node->pkt->pkttype == PKT_RING_TRUST)
1395 continue; /* we write it later on our own */
1397 if ( (rc = build_packet (fp, node->pkt) ))
1399 log_error ("build_packet(%d) failed: %s\n",
1400 node->pkt->pkttype, gpg_strerror (rc) );
1403 if (node->pkt->pkttype == PKT_SIGNATURE)
1404 { /* always write a signature cache packet */
1405 PKT_signature *sig = node->pkt->pkt.signature;
1406 unsigned int cacheval = 0;
1408 if (sig->flags.checked)
1411 if (sig->flags.valid)
1414 iobuf_put (fp, 0xb0); /* old style packet 12, 1 byte len*/
1415 iobuf_put (fp, 2); /* 2 bytes */
1416 iobuf_put (fp, 0); /* unused */
1417 if (iobuf_put (fp, cacheval))
1419 rc = gpg_error_from_syserror ();
1420 log_error ("writing sigcache packet failed\n");
1429 * Walk over all public keyrings, check the signatures and replace the
1430 * keyring with a new one where the signature cache is then updated.
1431 * This is only done for the public keyrings.
1434 keyring_rebuild_cache (void *token,int noisy)
1437 KEYDB_SEARCH_DESC desc;
1438 KBNODE keyblock = NULL, node;
1439 const char *lastresname = NULL, *resname;
1441 char *tmpfilename = NULL;
1442 char *bakfilename = NULL;
1444 ulong count = 0, sigcount = 0;
1446 hd = keyring_new (token);
1448 return gpg_error_from_syserror ();
1449 memset (&desc, 0, sizeof desc);
1450 desc.mode = KEYDB_SEARCH_MODE_FIRST;
1452 rc=keyring_lock (hd, 1);
1458 rc = keyring_search (hd, &desc, 1, NULL, 0);
1462 desc.mode = KEYDB_SEARCH_MODE_NEXT;
1463 resname = keyring_get_resource_name (hd);
1464 if (lastresname != resname )
1465 { /* we have switched to a new keyring - commit changes */
1468 if (iobuf_close (tmpfp))
1470 rc = gpg_error_from_syserror ();
1471 log_error ("error closing '%s': %s\n",
1472 tmpfilename, strerror (errno));
1475 /* because we have switched resources, we can be sure that
1476 * the original file is closed */
1479 /* Static analyzer note: BAKFILENAME is never NULL here
1480 because it is controlled by LASTRESNAME. */
1481 rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
1483 xfree (tmpfilename); tmpfilename = NULL;
1484 xfree (bakfilename); bakfilename = NULL;
1487 lastresname = resname;
1488 if (noisy && !opt.quiet)
1489 log_info (_("caching keyring '%s'\n"), resname);
1490 rc = create_tmp_file (resname, &bakfilename, &tmpfilename, &tmpfp);
1495 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1498 release_kbnode (keyblock);
1499 rc = keyring_get_keyblock (hd, &keyblock);
1502 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1503 continue; /* Skip legacy keys. */
1504 log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc));
1507 if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
1509 /* We had a few reports about corrupted keyrings; if we have
1510 been called directly from the command line we delete such
1511 a keyblock instead of bailing out. */
1512 log_error ("unexpected keyblock found (pkttype=%d)%s\n",
1513 keyblock->pkt->pkttype, noisy? " - deleted":"");
1516 log_info ("Hint: backup your keys and try running '%s'\n",
1517 "gpg --rebuild-keydb-caches");
1518 rc = gpg_error (GPG_ERR_INV_KEYRING);
1522 if (keyblock->pkt->pkt.public_key->version < 4)
1524 /* We do not copy/cache v3 keys or any other unknown
1525 packets. It is better to remove them from the keyring.
1526 The code required to keep them in the keyring would be
1527 too complicated. Given that we do not touch the old
1528 secring.gpg a suitable backup for decryption of v3 stuff
1529 using an older gpg version will always be available.
1530 Note: This test is actually superfluous because we
1531 already acted upon GPG_ERR_LEGACY_KEY. */
1535 /* Check all signature to set the signature's cache flags. */
1536 for (node=keyblock; node; node=node->next)
1538 /* Note that this doesn't cache the result of a
1539 revocation issued by a designated revoker. This is
1540 because the pk in question does not carry the revkeys
1541 as we haven't merged the key and selfsigs. It is
1542 questionable whether this matters very much since
1543 there are very very few designated revoker revocation
1544 packets out there. */
1545 if (node->pkt->pkttype == PKT_SIGNATURE)
1547 PKT_signature *sig=node->pkt->pkt.signature;
1549 if(!opt.no_sig_cache && sig->flags.checked && sig->flags.valid
1550 && (openpgp_md_test_algo(sig->digest_algo)
1551 || openpgp_pk_test_algo(sig->pubkey_algo)))
1552 sig->flags.checked=sig->flags.valid=0;
1554 check_key_signature (keyblock, node, NULL);
1560 /* Write the keyblock to the temporary file. */
1561 rc = write_keyblock (tmpfp, keyblock);
1565 if ( !(++count % 50) && noisy && !opt.quiet)
1566 log_info (ngettext("%lu keys cached so far (%lu signature)\n",
1567 "%lu keys cached so far (%lu signatures)\n",
1571 } /* end main loop */
1576 log_error ("keyring_search failed: %s\n", gpg_strerror (rc));
1580 if (noisy || opt.verbose)
1582 log_info (ngettext("%lu key cached",
1583 "%lu keys cached", count), count);
1584 log_printf (ngettext(" (%lu signature)\n",
1585 " (%lu signatures)\n", sigcount), sigcount);
1590 if (iobuf_close (tmpfp))
1592 rc = gpg_error_from_syserror ();
1593 log_error ("error closing '%s': %s\n",
1594 tmpfilename, strerror (errno));
1597 /* because we have switched resources, we can be sure that
1598 * the original file is closed */
1601 rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
1603 xfree (tmpfilename); tmpfilename = NULL;
1604 xfree (bakfilename); bakfilename = NULL;
1608 iobuf_cancel (tmpfp);
1609 xfree (tmpfilename);
1610 xfree (bakfilename);
1611 release_kbnode (keyblock);
1612 keyring_lock (hd, 0);
1613 keyring_release (hd);
1619 * Perform insert/delete/update operation.
1625 do_copy (int mode, const char *fname, KBNODE root,
1626 off_t start_offset, unsigned int n_packets )
1630 char *bakfname = NULL;
1631 char *tmpfname = NULL;
1633 /* Open the source file. Because we do a rename, we have to check the
1634 permissions of the file */
1635 if (access (fname, W_OK))
1636 return gpg_error_from_syserror ();
1638 fp = iobuf_open (fname);
1639 if (mode == 1 && !fp && errno == ENOENT) {
1640 /* insert mode but file does not exist: create a new file */
1645 if (is_secured_filename (fname)) {
1647 gpg_err_set_errno (EPERM);
1650 newfp = iobuf_create (fname, 1);
1654 rc = gpg_error_from_syserror ();
1655 log_error (_("can't create '%s': %s\n"), fname, strerror(errno));
1659 log_info(_("%s: keyring created\n"), fname );
1662 while ( (node = walk_kbnode( root, &kbctx, 0 )) ) {
1663 if( (rc = build_packet( newfp, node->pkt )) ) {
1664 log_error("build_packet(%d) failed: %s\n",
1665 node->pkt->pkttype, gpg_strerror (rc) );
1666 iobuf_cancel(newfp);
1670 if( iobuf_close(newfp) ) {
1671 rc = gpg_error_from_syserror ();
1672 log_error ("%s: close failed: %s\n", fname, strerror(errno));
1675 return 0; /* ready */
1680 rc = gpg_error_from_syserror ();
1681 log_error(_("can't open '%s': %s\n"), fname, strerror(errno) );
1685 /* Create the new file. */
1686 rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp);
1692 if( mode == 1 ) { /* insert */
1693 /* copy everything to the new file */
1694 rc = copy_all_packets (fp, newfp);
1696 log_error("%s: copy to '%s' failed: %s\n",
1697 fname, tmpfname, gpg_strerror (rc) );
1699 iobuf_cancel(newfp);
1704 if( mode == 2 || mode == 3 ) { /* delete or update */
1705 /* copy first part to the new file */
1706 rc = copy_some_packets( fp, newfp, start_offset );
1707 if( rc ) { /* should never get EOF here */
1708 log_error ("%s: copy to '%s' failed: %s\n",
1709 fname, tmpfname, gpg_strerror (rc) );
1711 iobuf_cancel(newfp);
1714 /* skip this keyblock */
1715 log_assert( n_packets );
1716 rc = skip_some_packets( fp, n_packets );
1718 log_error("%s: skipping %u packets failed: %s\n",
1719 fname, n_packets, gpg_strerror (rc));
1721 iobuf_cancel(newfp);
1726 if( mode == 1 || mode == 3 ) { /* insert or update */
1727 rc = write_keyblock (newfp, root);
1730 iobuf_cancel(newfp);
1735 if( mode == 2 || mode == 3 ) { /* delete or update */
1737 rc = copy_all_packets( fp, newfp );
1739 log_error("%s: copy to '%s' failed: %s\n",
1740 fname, tmpfname, gpg_strerror (rc) );
1742 iobuf_cancel(newfp);
1747 /* close both files */
1748 if( iobuf_close(fp) ) {
1749 rc = gpg_error_from_syserror ();
1750 log_error("%s: close failed: %s\n", fname, strerror(errno) );
1753 if( iobuf_close(newfp) ) {
1754 rc = gpg_error_from_syserror ();
1755 log_error("%s: close failed: %s\n", tmpfname, strerror(errno) );
1759 rc = rename_tmp_file (bakfname, tmpfname, fname);
projects / gnupg.git / blob