New gpgsm server option no-encrypt-to.
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3  *               2009 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20
21 #include <config.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <assert.h>
27 #include <errno.h>
28
29 #include "gpg.h"
30 #include "iobuf.h"
31 #include "filter.h"
32 #include "keydb.h"
33 #include "status.h"
34 #include "exec.h"
35 #include "main.h"
36 #include "i18n.h"
37 #include "ttyio.h"
38 #include "options.h"
39 #include "packet.h"
40 #include "trustdb.h"
41 #include "keyserver-internal.h"
42 #include "util.h"
43 #include "dns-cert.h"
44 #include "pka.h"
45
46 #ifdef HAVE_W32_SYSTEM
47 /* It seems Vista doesn't grok X_OK and so fails access() tests.
48    Previous versions interpreted X_OK as F_OK anyway, so we'll just
49    use F_OK directly. */
50 #undef X_OK
51 #define X_OK F_OK
52 #endif /* HAVE_W32_SYSTEM */
53
54 struct keyrec
55 {
56   KEYDB_SEARCH_DESC desc;
57   u32 createtime,expiretime;
58   int size,flags;
59   byte type;
60   IOBUF uidbuf;
61   unsigned int lines;
62 };
63
64 enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
65
66 static struct parse_options keyserver_opts[]=
67   {
68     /* some of these options are not real - just for the help
69        message */
70     {"max-cert-size",0,NULL,NULL},
71     {"include-revoked",0,NULL,N_("include revoked keys in search results")},
72     {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
73     {"use-temp-files",0,NULL,
74      N_("use temporary files to pass data to keyserver helpers")},
75     {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL,
76      N_("do not delete temporary files after using them")},
77     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
78      NULL},
79     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
80      N_("automatically retrieve keys when verifying signatures")},
81     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
82      N_("honor the preferred keyserver URL set on the key")},
83     {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
84      N_("honor the PKA record set on a key when retrieving keys")},
85     {NULL,0,NULL,NULL}
86   };
87
88 static int keyserver_work(enum ks_action action,strlist_t list,
89                           KEYDB_SEARCH_DESC *desc,int count,
90                           unsigned char **fpr,size_t *fpr_len,
91                           struct keyserver_spec *keyserver);
92
93 /* Reasonable guess */
94 #define DEFAULT_MAX_CERT_SIZE 16384
95
96 static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
97
98 static void
99 add_canonical_option(char *option,strlist_t *list)
100 {
101   char *arg=argsplit(option);
102
103   if(arg)
104     {
105       char *joined;
106
107       joined=xmalloc(strlen(option)+1+strlen(arg)+1);
108       /* Make a canonical name=value form with no spaces */
109       strcpy(joined,option);
110       strcat(joined,"=");
111       strcat(joined,arg);
112       append_to_strlist(list,joined);
113       xfree(joined);
114     }
115   else
116     append_to_strlist(list,option);
117 }
118
119 int
120 parse_keyserver_options(char *options)
121 {
122   int ret=1;
123   char *tok;
124   char *max_cert=NULL;
125
126   keyserver_opts[0].value=&max_cert;
127
128   while((tok=optsep(&options)))
129     {
130       if(tok[0]=='\0')
131         continue;
132
133       /* For backwards compatibility.  1.2.x used honor-http-proxy and
134          there are a good number of documents published that recommend
135          it. */
136       if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
137         tok="http-proxy";
138       else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
139         tok="no-http-proxy";
140
141       /* We accept quite a few possible options here - some options to
142          handle specially, the keyserver_options list, and import and
143          export options that pertain to keyserver operations.  Note
144          that you must use strncasecmp here as there might be an
145          =argument attached which will foil the use of strcasecmp. */
146
147 #ifdef EXEC_TEMPFILE_ONLY
148       if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
149               ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
150         log_info(_("WARNING: keyserver option `%s' is not used"
151                    " on this platform\n"),tok);
152 #else
153       if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
154         opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
155       else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
156         opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
157 #endif
158       else if(!parse_options(tok,&opt.keyserver_options.options,
159                              keyserver_opts,0)
160          && !parse_import_options(tok,
161                                   &opt.keyserver_options.import_options,0)
162          && !parse_export_options(tok,
163                                   &opt.keyserver_options.export_options,0))
164         {
165           /* All of the standard options have failed, so the option is
166              destined for a keyserver plugin. */
167           add_canonical_option(tok,&opt.keyserver_options.other);
168         }
169     }
170
171   if(max_cert)
172     {
173       max_cert_size=strtoul(max_cert,(char **)NULL,10);
174
175       if(max_cert_size==0)
176         max_cert_size=DEFAULT_MAX_CERT_SIZE;
177     }
178
179   return ret;
180 }
181
182 void
183 free_keyserver_spec(struct keyserver_spec *keyserver)
184 {
185   xfree(keyserver->uri);
186   xfree(keyserver->scheme);
187   xfree(keyserver->auth);
188   xfree(keyserver->host);
189   xfree(keyserver->port);
190   xfree(keyserver->path);
191   xfree(keyserver->opaque);
192   free_strlist(keyserver->options);
193   xfree(keyserver);
194 }
195
196 /* Return 0 for match */
197 static int
198 cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
199 {
200   if(ascii_strcasecmp(one->scheme,two->scheme)==0)
201     {
202       if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
203         {
204           if((one->port && two->port
205               && ascii_strcasecmp(one->port,two->port)==0)
206              || (!one->port && !two->port))
207             return 0;
208         }
209       else if(one->opaque && two->opaque
210               && ascii_strcasecmp(one->opaque,two->opaque)==0)
211         return 0;
212     }
213
214   return 1;
215 }
216
217 /* Try and match one of our keyservers.  If we can, return that.  If
218    we can't, return our input. */
219 struct keyserver_spec *
220 keyserver_match(struct keyserver_spec *spec)
221 {
222   struct keyserver_spec *ks;
223
224   for(ks=opt.keyserver;ks;ks=ks->next)
225     if(cmp_keyserver_spec(spec,ks)==0)
226       return ks;
227
228   return spec;
229 }
230
231 /* TODO: once we cut over to an all-curl world, we don't need this
232    parser any longer so it can be removed, or at least moved to
233    keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
234
235 struct keyserver_spec *
236 parse_keyserver_uri(const char *string,int require_scheme,
237                     const char *configname,unsigned int configlineno)
238 {
239   int assume_hkp=0;
240   struct keyserver_spec *keyserver;
241   const char *idx;
242   int count;
243   char *uri,*options;
244
245   assert(string!=NULL);
246
247   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
248
249   uri=xstrdup(string);
250
251   options=strchr(uri,' ');
252   if(options)
253     {
254       char *tok;
255
256       *options='\0';
257       options++;
258
259       while((tok=optsep(&options)))
260         add_canonical_option(tok,&keyserver->options);
261     }
262
263   /* Get the scheme */
264
265   for(idx=uri,count=0;*idx && *idx!=':';idx++)
266     {
267       count++;
268
269       /* Do we see the start of an RFC-2732 ipv6 address here?  If so,
270          there clearly isn't a scheme so get out early. */
271       if(*idx=='[')
272         {
273           /* Was the '[' the first thing in the string?  If not, we
274              have a mangled scheme with a [ in it so fail. */
275           if(count==1)
276             break;
277           else
278             goto fail;
279         }
280     }
281
282   if(count==0)
283     goto fail;
284
285   if(*idx=='\0' || *idx=='[')
286     {
287       if(require_scheme)
288         return NULL;
289
290       /* Assume HKP if there is no scheme */
291       assume_hkp=1;
292       keyserver->scheme=xstrdup("hkp");
293
294       keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
295       strcpy(keyserver->uri,keyserver->scheme);
296       strcat(keyserver->uri,"://");
297       strcat(keyserver->uri,uri);
298     }
299   else
300     {
301       int i;
302
303       keyserver->uri=xstrdup(uri);
304
305       keyserver->scheme=xmalloc(count+1);
306
307       /* Force to lowercase */
308       for(i=0;i<count;i++)
309         keyserver->scheme[i]=ascii_tolower(uri[i]);
310
311       keyserver->scheme[i]='\0';
312
313       /* Skip past the scheme and colon */
314       uri+=count+1;
315     }
316
317   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
318     {
319       deprecated_warning(configname,configlineno,"x-broken-hkp",
320                          "--keyserver-options ","broken-http-proxy");
321       xfree(keyserver->scheme);
322       keyserver->scheme=xstrdup("hkp");
323       append_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
324     }
325   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
326     {
327       /* Canonicalize this to "hkp" so it works with both the internal
328          and external keyserver interface. */
329       xfree(keyserver->scheme);
330       keyserver->scheme=xstrdup("hkp");
331     }
332
333   if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
334     {
335       /* Three slashes means network path with a default host name.
336          This is a hack because it does not crok all possible
337          combiantions.  We should better repalce all code bythe parser
338          from http.c.  */
339       keyserver->path = xstrdup (uri+2);
340     }
341   else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
342     {
343       /* Two slashes means network path. */
344
345       /* Skip over the "//", if any */
346       if(!assume_hkp)
347         uri+=2;
348
349       /* Do we have userinfo auth data present? */
350       for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
351         count++;
352
353       /* We found a @ before the slash, so that means everything
354          before the @ is auth data. */
355       if(*idx=='@')
356         {
357           if(count==0)
358             goto fail;
359
360           keyserver->auth=xmalloc(count+1);
361           strncpy(keyserver->auth,uri,count);
362           keyserver->auth[count]='\0';
363           uri+=count+1;
364         }
365
366       /* Is it an RFC-2732 ipv6 [literal address] ? */
367       if(*uri=='[')
368         {
369           for(idx=uri+1,count=1;*idx
370                 && ((isascii (*idx) && isxdigit(*idx))
371                     || *idx==':' || *idx=='.');idx++)
372             count++;
373
374           /* Is the ipv6 literal address terminated? */
375           if(*idx==']')
376             count++;
377           else
378             goto fail;
379         }
380       else
381         for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
382           count++;
383
384       if(count==0)
385         goto fail;
386
387       keyserver->host=xmalloc(count+1);
388       strncpy(keyserver->host,uri,count);
389       keyserver->host[count]='\0';
390
391       /* Skip past the host */
392       uri+=count;
393
394       if(*uri==':')
395         {
396           /* It would seem to be reasonable to limit the range of the
397              ports to values between 1-65535, but RFC 1738 and 1808
398              imply there is no limit.  Of course, the real world has
399              limits. */
400
401           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
402             {
403               count++;
404
405               /* Ports are digits only */
406               if(!digitp(idx))
407                 goto fail;
408             }
409
410           keyserver->port=xmalloc(count+1);
411           strncpy(keyserver->port,uri+1,count);
412           keyserver->port[count]='\0';
413
414           /* Skip past the colon and port number */
415           uri+=1+count;
416         }
417
418       /* Everything else is the path */
419       if(*uri)
420         keyserver->path=xstrdup(uri);
421       else
422         keyserver->path=xstrdup("/");
423
424       if(keyserver->path[1])
425         keyserver->flags.direct_uri=1;
426     }
427   else if(uri[0]!='/')
428     {
429       /* No slash means opaque.  Just record the opaque blob and get
430          out. */
431       keyserver->opaque=xstrdup(uri);
432     }
433   else
434     {
435       /* One slash means absolute path.  We don't need to support that
436          yet. */
437       goto fail;
438     }
439
440   return keyserver;
441
442  fail:
443   free_keyserver_spec(keyserver);
444
445   return NULL;
446 }
447
448 struct keyserver_spec *
449 parse_preferred_keyserver(PKT_signature *sig)
450 {
451   struct keyserver_spec *spec=NULL;
452   const byte *p;
453   size_t plen;
454
455   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
456   if(p && plen)
457     {
458       byte *dupe=xmalloc(plen+1);
459
460       memcpy(dupe,p,plen);
461       dupe[plen]='\0';
462       spec=parse_keyserver_uri(dupe,1,NULL,0);
463       xfree(dupe);
464     }
465
466   return spec;
467 }
468
469 static void
470 print_keyrec(int number,struct keyrec *keyrec)
471 {
472   int i;
473
474   iobuf_writebyte(keyrec->uidbuf,0);
475   iobuf_flush_temp(keyrec->uidbuf);
476   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
477
478   if(keyrec->size>0)
479     printf("%d bit ",keyrec->size);
480
481   if(keyrec->type)
482     {
483       const char *str = gcry_pk_algo_name (keyrec->type);
484
485       if(str)
486         printf("%s ",str);
487       else
488         printf("unknown ");
489     }
490
491   switch(keyrec->desc.mode)
492     {
493       /* If the keyserver helper gave us a short keyid, we have no
494          choice but to use it.  Do check --keyid-format to add a 0x if
495          needed. */
496     case KEYDB_SEARCH_MODE_SHORT_KID:
497       printf("key %s%08lX",
498              (opt.keyid_format==KF_0xSHORT
499               || opt.keyid_format==KF_0xLONG)?"0x":"",
500              (ulong)keyrec->desc.u.kid[1]);
501       break;
502
503       /* However, if it gave us a long keyid, we can honor
504          --keyid-format */
505     case KEYDB_SEARCH_MODE_LONG_KID:
506       printf("key %s",keystr(keyrec->desc.u.kid));
507       break;
508
509     case KEYDB_SEARCH_MODE_FPR16:
510       printf("key ");
511       for(i=0;i<16;i++)
512         printf("%02X",keyrec->desc.u.fpr[i]);
513       break;
514
515     case KEYDB_SEARCH_MODE_FPR20:
516       printf("key ");
517       for(i=0;i<20;i++)
518         printf("%02X",keyrec->desc.u.fpr[i]);
519       break;
520
521     default:
522       BUG();
523       break;
524     }
525
526   if(keyrec->createtime>0)
527     {
528       printf(", ");
529       printf(_("created: %s"),strtimestamp(keyrec->createtime));
530     }
531
532   if(keyrec->expiretime>0)
533     {
534       printf(", ");
535       printf(_("expires: %s"),strtimestamp(keyrec->expiretime));
536     }
537
538   if(keyrec->flags&1)
539     printf(" (%s)",_("revoked"));
540   if(keyrec->flags&2)
541     printf(" (%s)",_("disabled"));
542   if(keyrec->flags&4)
543     printf(" (%s)",_("expired"));
544
545   printf("\n");
546 }
547
548 /* Returns a keyrec (which must be freed) once a key is complete, and
549    NULL otherwise.  Call with a NULL keystring once key parsing is
550    complete to return any unfinished keys. */
551 static struct keyrec *
552 parse_keyrec(char *keystring)
553 {
554   static struct keyrec *work=NULL;
555   struct keyrec *ret=NULL;
556   char *record;
557   int i;
558
559   if(keystring==NULL)
560     {
561       if(work==NULL)
562         return NULL;
563       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
564         {
565           xfree(work);
566           return NULL;
567         }
568       else
569         {
570           ret=work;
571           work=NULL;
572           return ret;
573         }
574     }
575
576   if(work==NULL)
577     {
578       work=xmalloc_clear(sizeof(struct keyrec));
579       work->uidbuf=iobuf_temp();
580     }
581
582   /* Remove trailing whitespace */
583   for(i=strlen(keystring);i>0;i--)
584     if(ascii_isspace(keystring[i-1]))
585       keystring[i-1]='\0';
586     else
587       break;
588
589   if((record=strsep(&keystring,":"))==NULL)
590     return ret;
591
592   if(ascii_strcasecmp("pub",record)==0)
593     {
594       char *tok;
595
596       if(work->desc.mode)
597         {
598           ret=work;
599           work=xmalloc_clear(sizeof(struct keyrec));
600           work->uidbuf=iobuf_temp();
601         }
602
603       if((tok=strsep(&keystring,":"))==NULL)
604         return ret;
605
606       classify_user_id(tok,&work->desc);
607       if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
608          && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
609          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
610          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
611         {
612           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
613           return ret;
614         }
615
616       /* Note all items after this are optional.  This allows us to
617          have a pub line as simple as pub:keyid and nothing else. */
618
619       work->lines++;
620
621       if((tok=strsep(&keystring,":"))==NULL)
622         return ret;
623
624       work->type=atoi(tok);
625
626       if((tok=strsep(&keystring,":"))==NULL)
627         return ret;
628
629       work->size=atoi(tok);
630
631       if((tok=strsep(&keystring,":"))==NULL)
632         return ret;
633
634       if(atoi(tok)<=0)
635         work->createtime=0;
636       else
637         work->createtime=atoi(tok);
638
639       if((tok=strsep(&keystring,":"))==NULL)
640         return ret;
641
642       if(atoi(tok)<=0)
643         work->expiretime=0;
644       else
645         {
646           work->expiretime=atoi(tok);
647           /* Force the 'e' flag on if this key is expired. */
648           if(work->expiretime<=make_timestamp())
649             work->flags|=4;
650         }
651
652       if((tok=strsep(&keystring,":"))==NULL)
653         return ret;
654
655       while(*tok)
656         switch(*tok++)
657           {
658           case 'r':
659           case 'R':
660             work->flags|=1;
661             break;
662             
663           case 'd':
664           case 'D':
665             work->flags|=2;
666             break;
667
668           case 'e':
669           case 'E':
670             work->flags|=4;
671             break;
672           }
673     }
674   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
675     {
676       char *userid,*tok,*decoded;
677
678       if((tok=strsep(&keystring,":"))==NULL)
679         return ret;
680
681       if(strlen(tok)==0)
682         return ret;
683
684       userid=tok;
685
686       /* By definition, de-%-encoding is always smaller than the
687          original string so we can decode in place. */
688
689       i=0;
690
691       while(*tok)
692         if(tok[0]=='%' && tok[1] && tok[2])
693           {
694             int c;
695
696             userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
697             i++;
698             tok+=3;
699           }
700         else
701           userid[i++]=*tok++;
702
703       /* We don't care about the other info provided in the uid: line
704          since no keyserver supports marking userids with timestamps
705          or revoked/expired/disabled yet. */
706
707       /* No need to check for control characters, as utf8_to_native
708          does this for us. */
709
710       decoded=utf8_to_native(userid,i,0);
711       if(strlen(decoded)>opt.screen_columns-10)
712         decoded[opt.screen_columns-10]='\0';
713       iobuf_writestr(work->uidbuf,decoded);
714       xfree(decoded);
715       iobuf_writestr(work->uidbuf,"\n\t");
716       work->lines++;
717     }
718
719   /* Ignore any records other than "pri" and "uid" for easy future
720      growth. */
721
722   return ret;
723 }
724
725 /* TODO: do this as a list sent to keyserver_work rather than calling
726    it once for each key to get the correct counts after the import
727    (cosmetics, really) and to better take advantage of the keyservers
728    that can do multiple fetches in one go (LDAP). */
729 static int
730 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
731 {
732   char *answer;
733
734   fflush (stdout);
735
736   if(count && opt.command_fd==-1)
737     {
738       static int from=1;
739       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
740       from=numdesc+1;
741     }
742
743   answer=cpr_get_no_help("keysearch.prompt",
744                          _("Enter number(s), N)ext, or Q)uit > "));
745   /* control-d */
746   if(answer[0]=='\x04')
747     {
748       printf("Q\n");
749       answer[0]='q';
750     }
751
752   if(answer[0]=='q' || answer[0]=='Q')
753     {
754       xfree(answer);
755       return 1;
756     }
757   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
758     {
759       char *split=answer,*num;
760
761       while((num=strsep(&split," ,"))!=NULL)
762         if(atoi(num)>=1 && atoi(num)<=numdesc)
763           keyserver_work(KS_GET,NULL,&desc[atoi(num)-1],1,
764                          NULL,NULL,opt.keyserver);
765
766       xfree(answer);
767       return 1;
768     }
769
770   return 0;
771 }
772
773 /* Count and searchstr are just for cosmetics.  If the count is too
774    small, it will grow safely.  If negative it disables the "Key x-y
775    of z" messages.  searchstr should be UTF-8 (rather than native). */
776 static void
777 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
778 {
779   int i=0,validcount=0,started=0,header=0,count=1;
780   unsigned int maxlen,buflen,numlines=0;
781   KEYDB_SEARCH_DESC *desc;
782   byte *line=NULL;
783   char *localstr=NULL;
784
785   if(searchstr)
786     localstr=utf8_to_native(searchstr,strlen(searchstr),0);
787
788   desc=xmalloc(count*sizeof(KEYDB_SEARCH_DESC));
789
790   for(;;)
791     {
792       struct keyrec *keyrec;
793       int rl;
794
795       maxlen=1024;
796       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
797
798       if(opt.with_colons)
799         {
800           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
801              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
802             {
803               header=1;
804               continue;
805             }
806           else if(ascii_strncasecmp("SEARCH ",line,7)==0
807                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
808             continue;
809
810           printf("%s",line);
811         }
812
813       /* Look for an info: line.  The only current info: values
814          defined are the version and key count. */
815       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
816         {
817           char *tok,*str=&line[5];
818
819           if((tok=strsep(&str,":"))!=NULL)
820             {
821               int version;
822
823               if(sscanf(tok,"%d",&version)!=1)
824                 version=1;
825
826               if(version!=1)
827                 {
828                   log_error(_("invalid keyserver protocol "
829                               "(us %d!=handler %d)\n"),1,version);
830                   break;
831                 }
832             }
833
834           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
835             {
836               if(count==0)
837                 goto notfound;
838               else if(count<0)
839                 count=10;
840               else
841                 validcount=1;
842
843               desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
844             }
845
846           started=1;
847           continue;
848         }
849
850       if(rl==0)
851         {
852           keyrec=parse_keyrec(NULL);
853
854           if(keyrec==NULL)
855             {
856               if(i==0)
857                 {
858                   count=0;
859                   break;
860                 }
861
862               if(i!=count)
863                 validcount=0;
864
865               for(;;)
866                 {
867                   if(show_prompt(desc,i,validcount?count:0,localstr))
868                     break;
869                   validcount=0;
870                 }
871
872               break;
873             }
874         }
875       else
876         keyrec=parse_keyrec(line);
877
878       if(i==count)
879         {
880           /* keyserver helper sent more keys than they claimed in the
881              info: line. */
882           count+=10;
883           desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
884           validcount=0;
885         }
886
887       if(keyrec)
888         {
889           desc[i]=keyrec->desc;
890
891           if(!opt.with_colons)
892             {
893               /* screen_lines - 1 for the prompt. */
894               if(numlines+keyrec->lines>opt.screen_lines-1)
895                 {
896                   if(show_prompt(desc,i,validcount?count:0,localstr))
897                     break;
898                   else
899                     numlines=0;
900                 }
901
902               print_keyrec(i+1,keyrec);
903             }
904
905           numlines+=keyrec->lines;
906           iobuf_close(keyrec->uidbuf);
907           xfree(keyrec);
908
909           started=1;
910           i++;
911         }
912     }
913
914  notfound:
915   /* Leave this commented out or now, and perhaps for a very long
916      time.  All HKPish servers return HTML error messages for
917      no-key-found. */
918   /* 
919      if(!started)
920      log_info(_("keyserver does not support searching\n"));
921      else
922   */
923   if(count==0)
924     {
925       if(localstr)
926         log_info(_("key \"%s\" not found on keyserver\n"),localstr);
927       else
928         log_info(_("key not found on keyserver\n"));
929     }
930
931   xfree(localstr);
932   xfree(desc);
933   xfree(line);
934 }
935
936 /* We sometimes want to use a different gpgkeys_xxx for a given
937    protocol (for example, ldaps is handled by gpgkeys_ldap).  Map
938    these here. */
939 static const char *
940 keyserver_typemap(const char *type)
941 {
942   if(strcmp(type,"ldaps")==0)
943     return "ldap";
944   else if(strcmp(type,"hkps")==0)
945     return "hkp";
946   else
947     return type;
948 }
949
950 /* The PGP LDAP and the curl fetch-a-LDAP-object methodologies are
951    sufficiently different that we can't use curl to do LDAP. */
952 static int
953 direct_uri_map(const char *scheme,unsigned int is_direct)
954 {
955   if(is_direct && strcmp(scheme,"ldap")==0)
956     return 1;
957
958   return 0;
959 }
960
961 #if GNUPG_MAJOR_VERSION == 2
962 #define GPGKEYS_PREFIX "gpg2keys_"
963 #else
964 #define GPGKEYS_PREFIX "gpgkeys_"
965 #endif
966 #define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
967 #define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
968 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
969 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
970
971 static int 
972 keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
973                 int count,int *prog,unsigned char **fpr,size_t *fpr_len,
974                 struct keyserver_spec *keyserver)
975 {
976   int ret=0,i,gotversion=0,outofband=0;
977   strlist_t temp;
978   unsigned int maxlen,buflen;
979   char *command,*end,*searchstr=NULL;
980   byte *line=NULL;
981   struct exec_info *spawn;
982   const char *scheme;
983   const char *libexecdir = gnupg_libexecdir ();
984
985   assert(keyserver);
986
987 #ifdef EXEC_TEMPFILE_ONLY
988   opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
989 #endif
990
991   /* Build the filename for the helper to execute */
992   scheme=keyserver_typemap(keyserver->scheme);
993
994 #ifdef DISABLE_KEYSERVER_PATH
995   /* Destroy any path we might have.  This is a little tricky,
996      portability-wise.  It's not correct to delete the PATH
997      environment variable, as that may fall back to a system built-in
998      PATH.  Similarly, it is not correct to set PATH to the null
999      string (PATH="") since this actually deletes the PATH environment
1000      variable under MinGW.  The safest thing to do here is to force
1001      PATH to be GNUPG_LIBEXECDIR.  All this is not that meaningful on
1002      Unix-like systems (since we're going to give a full path to
1003      gpgkeys_foo), but on W32 it prevents loading any DLLs from
1004      directories in %PATH%.
1005
1006      After some more thinking about this we came to the conclusion
1007      that it is better to load the helpers from the directory where
1008      the program of this process lives.  Fortunately Windows provides
1009      a way to retrieve this and our gnupg_libexecdir function has been
1010      modified to return just this.  Setting the exec-path is not
1011      anymore required.  
1012        set_exec_path(libexecdir);
1013  */
1014 #else
1015   if(opt.exec_path_set)
1016     {
1017       /* If exec-path was set, and DISABLE_KEYSERVER_PATH is
1018          undefined, then don't specify a full path to gpgkeys_foo, so
1019          that the PATH can work. */
1020       command=xmalloc(GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
1021       command[0]='\0';
1022     }
1023   else
1024 #endif
1025     {
1026       /* Specify a full path to gpgkeys_foo. */
1027       command=xmalloc(strlen(libexecdir)+strlen(DIRSEP_S)+
1028                       GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
1029       strcpy(command,libexecdir);
1030       strcat(command,DIRSEP_S);
1031     }
1032
1033   end=command+strlen(command);
1034
1035   /* Build a path for the keyserver helper.  If it is direct_uri
1036      (i.e. an object fetch and not a keyserver), then add "_uri" to
1037      the end to distinguish the keyserver helper from an object
1038      fetcher that can speak that protocol (this is a problem for
1039      LDAP). */
1040
1041   strcat(command,GPGKEYS_PREFIX); 
1042   strcat(command,scheme);
1043
1044   /* This "_uri" thing is in case we need to call a direct handler
1045      instead of the keyserver handler.  This lets us use gpgkeys_curl
1046      or gpgkeys_ldap_uri (we don't provide it, but a user might)
1047      instead of gpgkeys_ldap to fetch things like
1048      ldap://keyserver.pgp.com/o=PGP%20keys?pgpkey?sub?pgpkeyid=99242560 */
1049
1050   if(direct_uri_map(scheme,keyserver->flags.direct_uri))
1051     strcat(command,"_uri");
1052
1053   strcat(command,EXEEXT);
1054
1055   /* Can we execute it?  If not, try curl as our catchall. */
1056   if(path_access(command,X_OK)!=0)
1057     strcpy(end,GPGKEYS_CURL);
1058
1059   if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
1060     {
1061       if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
1062         {
1063           command=xrealloc(command,strlen(command)+
1064                             strlen(KEYSERVER_ARGS_KEEP)+1);
1065           strcat(command,KEYSERVER_ARGS_KEEP);
1066         }
1067       else
1068         {
1069           command=xrealloc(command,strlen(command)+
1070                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
1071           strcat(command,KEYSERVER_ARGS_NOKEEP);  
1072         }
1073
1074       ret=exec_write(&spawn,NULL,command,NULL,0,0);
1075     }
1076   else
1077     ret=exec_write(&spawn,command,NULL,NULL,0,0);
1078
1079   xfree(command);
1080
1081   if(ret)
1082     return ret;
1083
1084   fprintf(spawn->tochild,
1085           "# This is a GnuPG %s keyserver communications file\n",VERSION);
1086   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
1087   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
1088   fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
1089
1090   if(keyserver->opaque)
1091     fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
1092   else
1093     {
1094       if(keyserver->auth)
1095         fprintf(spawn->tochild,"AUTH %s\n",keyserver->auth);
1096
1097       if(keyserver->host)
1098         fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
1099
1100       if(keyserver->port)
1101         fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
1102
1103       if(keyserver->path)
1104         fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
1105     }
1106
1107   /* Write global options */
1108
1109   for(temp=opt.keyserver_options.other;temp;temp=temp->next)
1110     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1111
1112   /* Write per-keyserver options */
1113
1114   for(temp=keyserver->options;temp;temp=temp->next)
1115     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1116
1117   switch(action)
1118     {
1119     case KS_GET:
1120       {
1121         fprintf(spawn->tochild,"COMMAND GET\n\n");
1122
1123         /* Which keys do we want? */
1124
1125         for(i=0;i<count;i++)
1126           {
1127             int quiet=0;
1128
1129             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
1130               {
1131                 int f;
1132
1133                 fprintf(spawn->tochild,"0x");
1134
1135                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
1136                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1137
1138                 fprintf(spawn->tochild,"\n");
1139               }
1140             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
1141               {
1142                 int f;
1143
1144                 fprintf(spawn->tochild,"0x");
1145
1146                 for(f=0;f<16;f++)
1147                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1148
1149                 fprintf(spawn->tochild,"\n");
1150               }
1151             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
1152               fprintf(spawn->tochild,"0x%08lX%08lX\n",
1153                       (ulong)desc[i].u.kid[0],
1154                       (ulong)desc[i].u.kid[1]);
1155             else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
1156               fprintf(spawn->tochild,"0x%08lX\n",
1157                       (ulong)desc[i].u.kid[1]);
1158             else if(desc[i].mode==KEYDB_SEARCH_MODE_EXACT)
1159               {
1160                 fprintf(spawn->tochild,"0x0000000000000000\n");
1161                 quiet=1;
1162               }
1163             else if(desc[i].mode==KEYDB_SEARCH_MODE_NONE)
1164               continue;
1165             else
1166               BUG();
1167
1168             if(!quiet)
1169               {
1170                 if(keyserver->host)
1171                   log_info(_("requesting key %s from %s server %s\n"),
1172                            keystr_from_desc(&desc[i]),
1173                            keyserver->scheme,keyserver->host);
1174                 else
1175                   log_info(_("requesting key %s from %s\n"),
1176                            keystr_from_desc(&desc[i]),keyserver->uri);
1177               }
1178           }
1179
1180         fprintf(spawn->tochild,"\n");
1181
1182         break;
1183       }
1184
1185     case KS_GETNAME:
1186       {
1187         strlist_t key;
1188
1189         fprintf(spawn->tochild,"COMMAND GETNAME\n\n");
1190
1191         /* Which names do we want? */
1192
1193         for(key=list;key!=NULL;key=key->next)
1194           fprintf(spawn->tochild,"%s\n",key->d);
1195
1196         fprintf(spawn->tochild,"\n");
1197
1198         if(keyserver->host)
1199           log_info(_("searching for names from %s server %s\n"),
1200                    keyserver->scheme,keyserver->host);
1201         else
1202           log_info(_("searching for names from %s\n"),keyserver->uri);
1203
1204         break;
1205       }
1206
1207     case KS_SEND:
1208       {
1209         strlist_t key;
1210
1211         /* Note the extra \n here to send an empty keylist block */
1212         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
1213
1214         for(key=list;key!=NULL;key=key->next)
1215           {
1216             armor_filter_context_t *afx;
1217             IOBUF buffer = iobuf_temp ();
1218             KBNODE block;
1219
1220             temp=NULL;
1221             add_to_strlist(&temp,key->d);
1222
1223             afx = new_armor_context ();
1224             afx->what = 1;
1225             /* Tell the armor filter to use Unix-style \n line
1226                endings, since we're going to fprintf this to a file
1227                that (on Win32) is open in text mode.  The win32 stdio
1228                will transform the \n to \r\n and we'll end up with the
1229                proper line endings on win32.  This is a no-op on
1230                Unix. */
1231             afx->eol[0] = '\n';
1232             push_armor_filter (afx, buffer);
1233             release_armor_context (afx);
1234
1235             /* TODO: Remove Comment: lines from keys exported this
1236                way? */
1237
1238             if(export_pubkeys_stream(buffer,temp,&block,
1239                                      opt.keyserver_options.export_options)==-1)
1240               iobuf_close(buffer);
1241             else
1242               {
1243                 KBNODE node;
1244
1245                 iobuf_flush_temp(buffer);
1246
1247                 merge_keys_and_selfsig(block);
1248
1249                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
1250                         (ulong)block->pkt->pkt.public_key->keyid[0],
1251                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1252
1253                 for(node=block;node;node=node->next)
1254                   {
1255                     switch(node->pkt->pkttype)
1256                       {
1257                       default:
1258                         continue;
1259
1260                       case PKT_PUBLIC_KEY:
1261                       case PKT_PUBLIC_SUBKEY:
1262                         {
1263                           PKT_public_key *pk=node->pkt->pkt.public_key;
1264
1265                           keyid_from_pk(pk,NULL);
1266
1267                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
1268                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
1269                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
1270                                   pk->pubkey_algo,
1271                                   nbits_from_pk(pk),
1272                                   pk->timestamp,
1273                                   pk->expiredate);
1274
1275                           if(pk->is_revoked)
1276                             fprintf(spawn->tochild,"r");
1277                           if(pk->has_expired)
1278                             fprintf(spawn->tochild,"e");
1279
1280                           fprintf(spawn->tochild,"\n");
1281                         }
1282                         break;
1283
1284                       case PKT_USER_ID:
1285                         {
1286                           PKT_user_id *uid=node->pkt->pkt.user_id;
1287                           int r;
1288
1289                           if(uid->attrib_data)
1290                             continue;
1291
1292                           fprintf(spawn->tochild,"uid:");
1293
1294                           /* Quote ':', '%', and any 8-bit
1295                              characters */
1296                           for(r=0;r<uid->len;r++)
1297                             {
1298                               if(uid->name[r]==':' || uid->name[r]=='%'
1299                                  || uid->name[r]&0x80)
1300                                 fprintf(spawn->tochild,"%%%02X",
1301                                         (byte)uid->name[r]);
1302                               else
1303                                 fprintf(spawn->tochild,"%c",uid->name[r]);
1304                             }
1305
1306                           fprintf(spawn->tochild,":%u:%u:",
1307                                   uid->created,uid->expiredate);
1308
1309                           if(uid->is_revoked)
1310                             fprintf(spawn->tochild,"r");
1311                           if(uid->is_expired)
1312                             fprintf(spawn->tochild,"e");
1313
1314                           fprintf(spawn->tochild,"\n");
1315                         }
1316                         break;
1317
1318                         /* This bit is really for the benefit of
1319                            people who store their keys in LDAP
1320                            servers.  It makes it easy to do queries
1321                            for things like "all keys signed by
1322                            Isabella". */
1323                       case PKT_SIGNATURE:
1324                         {
1325                           PKT_signature *sig=node->pkt->pkt.signature;
1326
1327                           if(!IS_UID_SIG(sig))
1328                             continue;
1329
1330                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
1331                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
1332                                   sig->sig_class,sig->timestamp,
1333                                   sig->expiredate);
1334                         }
1335                         break;
1336                       }
1337                   }
1338
1339                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
1340                         (ulong)block->pkt->pkt.public_key->keyid[0],
1341                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1342
1343                 fprintf(spawn->tochild,"KEY %08lX%08lX BEGIN\n",
1344                         (ulong)block->pkt->pkt.public_key->keyid[0],
1345                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1346                 fwrite(iobuf_get_temp_buffer(buffer),
1347                        iobuf_get_temp_length(buffer),1,spawn->tochild);
1348                 fprintf(spawn->tochild,"KEY %08lX%08lX END\n",
1349                         (ulong)block->pkt->pkt.public_key->keyid[0],
1350                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1351
1352                 iobuf_close(buffer);
1353
1354                 if(keyserver->host)
1355                   log_info(_("sending key %s to %s server %s\n"),
1356                            keystr(block->pkt->pkt.public_key->keyid),
1357                            keyserver->scheme,keyserver->host);
1358                 else
1359                   log_info(_("sending key %s to %s\n"),
1360                            keystr(block->pkt->pkt.public_key->keyid),
1361                            keyserver->uri);
1362
1363                 release_kbnode(block);
1364               }
1365
1366             free_strlist(temp);
1367           }
1368
1369         break;
1370       }
1371
1372     case KS_SEARCH:
1373       {
1374         strlist_t key;
1375
1376         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
1377
1378         /* Which keys do we want?  Remember that the gpgkeys_ program
1379            is going to lump these together into a search string. */
1380
1381         for(key=list;key!=NULL;key=key->next)
1382           {
1383             fprintf(spawn->tochild,"%s\n",key->d);
1384             if(key!=list)
1385               {
1386                 searchstr=xrealloc(searchstr,
1387                                     strlen(searchstr)+strlen(key->d)+2);
1388                 strcat(searchstr," ");
1389               }
1390             else
1391               {
1392                 searchstr=xmalloc(strlen(key->d)+1);
1393                 searchstr[0]='\0';
1394               }
1395
1396             strcat(searchstr,key->d);
1397           }
1398
1399         fprintf(spawn->tochild,"\n");
1400
1401         if(keyserver->host)
1402           log_info(_("searching for \"%s\" from %s server %s\n"),
1403                    searchstr,keyserver->scheme,keyserver->host);
1404         else
1405           log_info(_("searching for \"%s\" from %s\n"),
1406                    searchstr,keyserver->uri);
1407
1408         break;
1409       }
1410
1411     default:
1412       log_fatal(_("no keyserver action!\n"));
1413       break;
1414     }
1415
1416   /* Done sending, so start reading. */
1417   ret=exec_read(spawn);
1418   if(ret)
1419     goto fail;
1420
1421   /* Now handle the response */
1422
1423   for(;;)
1424     {
1425       int plen;
1426       char *ptr;
1427
1428       maxlen=1024;
1429       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1430         {
1431           ret = gpg_error_from_syserror ();
1432           goto fail; /* i.e. EOF */
1433         }
1434
1435       ptr=line;
1436
1437       /* remove trailing whitespace */
1438       plen=strlen(ptr);
1439       while(plen>0 && ascii_isspace(ptr[plen-1]))
1440         plen--;
1441       plen[ptr]='\0';
1442
1443       if(*ptr=='\0')
1444         break;
1445
1446       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1447         {
1448           gotversion=1;
1449
1450           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1451             {
1452               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1453                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1454               goto fail;
1455             }
1456         }
1457       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1458         {
1459           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1460             log_info(_("WARNING: keyserver handler from a different"
1461                        " version of GnuPG (%s)\n"),&ptr[8]);
1462         }
1463       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1464         outofband=1; /* Currently the only OPTION */
1465     }
1466
1467   if(!gotversion)
1468     {
1469       log_error(_("keyserver did not send VERSION\n"));
1470       goto fail;
1471     }
1472
1473   if(!outofband)
1474     switch(action)
1475       {
1476       case KS_GET:
1477       case KS_GETNAME:
1478         {
1479           void *stats_handle;
1480
1481           stats_handle=import_new_stats_handle();
1482
1483           /* Slurp up all the key data.  In the future, it might be
1484              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1485              It's harmless to ignore them, but ignoring them does make
1486              gpg complain about "no valid OpenPGP data found".  One
1487              way to do this could be to continue parsing this
1488              line-by-line and make a temp iobuf for each key. */
1489
1490           import_keys_stream(spawn->fromchild,stats_handle,fpr,fpr_len,
1491                              opt.keyserver_options.import_options);
1492
1493           import_print_stats(stats_handle);
1494           import_release_stats_handle(stats_handle);
1495
1496           break;
1497         }
1498
1499         /* Nothing to do here */
1500       case KS_SEND:
1501         break;
1502
1503       case KS_SEARCH:
1504         keyserver_search_prompt(spawn->fromchild,searchstr);
1505         break;
1506
1507       default:
1508         log_fatal(_("no keyserver action!\n"));
1509         break;
1510       }
1511
1512  fail:
1513   xfree(line);
1514   xfree(searchstr);
1515
1516
1517   *prog=exec_finish(spawn);
1518
1519   return ret;
1520 }
1521
1522 static int 
1523 keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
1524                int count,unsigned char **fpr,size_t *fpr_len,
1525                struct keyserver_spec *keyserver)
1526 {
1527   int rc=0,ret=0;
1528
1529   if(!keyserver)
1530     {
1531       log_error(_("no keyserver known (use option --keyserver)\n"));
1532       return G10ERR_BAD_URI;
1533     }
1534
1535 #ifdef DISABLE_KEYSERVER_HELPERS
1536
1537   log_error(_("external keyserver calls are not supported in this build\n"));
1538   return G10ERR_KEYSERVER;
1539
1540 #else
1541   /* Spawn a handler */
1542
1543   rc=keyserver_spawn(action,list,desc,count,&ret,fpr,fpr_len,keyserver);
1544   if(ret)
1545     {
1546       switch(ret)
1547         {
1548         case KEYSERVER_SCHEME_NOT_FOUND:
1549           log_error(_("no handler for keyserver scheme `%s'\n"),
1550                     keyserver->scheme);
1551           break;
1552
1553         case KEYSERVER_NOT_SUPPORTED:
1554           log_error(_("action `%s' not supported with keyserver "
1555                       "scheme `%s'\n"),
1556                     action==KS_GET?"get":action==KS_SEND?"send":
1557                     action==KS_SEARCH?"search":"unknown",
1558                     keyserver->scheme);
1559           break;
1560
1561         case KEYSERVER_VERSION_ERROR:
1562           log_error(_(GPGKEYS_PREFIX "%s does not support"
1563                       " handler version %d\n"),
1564                     keyserver_typemap(keyserver->scheme),
1565                     KEYSERVER_PROTO_VERSION);
1566           break;
1567
1568         case KEYSERVER_TIMEOUT:
1569           log_error(_("keyserver timed out\n"));
1570           break;
1571
1572         case KEYSERVER_INTERNAL_ERROR:
1573         default:
1574           log_error(_("keyserver internal error\n"));
1575           break;
1576         }
1577
1578       return G10ERR_KEYSERVER;
1579     }
1580
1581   if(rc)
1582     {
1583       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1584
1585       return rc;
1586     }
1587
1588   return 0;
1589 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1590 }
1591
1592 int 
1593 keyserver_export(strlist_t users)
1594 {
1595   strlist_t sl=NULL;
1596   KEYDB_SEARCH_DESC desc;
1597   int rc=0;
1598
1599   /* Weed out descriptors that we don't support sending */
1600   for(;users;users=users->next)
1601     {
1602       classify_user_id (users->d, &desc);
1603       if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1604          desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1605          desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
1606          desc.mode!=KEYDB_SEARCH_MODE_FPR20)
1607         {
1608           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1609           continue;
1610         }
1611       else
1612         append_to_strlist(&sl,users->d);
1613     }
1614
1615   if(sl)
1616     {
1617       rc=keyserver_work(KS_SEND,sl,NULL,0,NULL,NULL,opt.keyserver);
1618       free_strlist(sl);
1619     }
1620
1621   return rc;
1622 }
1623
1624 int 
1625 keyserver_import(strlist_t users)
1626 {
1627   KEYDB_SEARCH_DESC *desc;
1628   int num=100,count=0;
1629   int rc=0;
1630
1631   /* Build a list of key ids */
1632   desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1633
1634   for(;users;users=users->next)
1635     {
1636       classify_user_id (users->d, &desc[count]);
1637       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1638          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1639          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
1640          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
1641         {
1642           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1643           continue;
1644         }
1645
1646       count++;
1647       if(count==num)
1648         {
1649           num+=100;
1650           desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1651         }
1652     }
1653
1654   if(count>0)
1655     rc=keyserver_work(KS_GET,NULL,desc,count,NULL,NULL,opt.keyserver);
1656
1657   xfree(desc);
1658
1659   return rc;
1660 }
1661
1662 int
1663 keyserver_import_fprint(const byte *fprint,size_t fprint_len,
1664                         struct keyserver_spec *keyserver)
1665 {
1666   KEYDB_SEARCH_DESC desc;
1667
1668   memset(&desc,0,sizeof(desc));
1669
1670   if(fprint_len==16)
1671     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1672   else if(fprint_len==20)
1673     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1674   else
1675     return -1;
1676
1677   memcpy(desc.u.fpr,fprint,fprint_len);
1678
1679   /* TODO: Warn here if the fingerprint we got doesn't match the one
1680      we asked for? */
1681   return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
1682 }
1683
1684 int 
1685 keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
1686 {
1687   KEYDB_SEARCH_DESC desc;
1688
1689   memset(&desc,0,sizeof(desc));
1690
1691   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1692   desc.u.kid[0]=keyid[0];
1693   desc.u.kid[1]=keyid[1];
1694
1695   return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
1696 }
1697
1698 /* code mostly stolen from do_export_stream */
1699 static int 
1700 keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1701 {
1702   int rc=0,ndesc,num=100;
1703   KBNODE keyblock=NULL,node;
1704   KEYDB_HANDLE kdbhd;
1705   KEYDB_SEARCH_DESC *desc;
1706   strlist_t sl;
1707
1708   *count=0;
1709
1710   *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1711
1712   kdbhd=keydb_new(0);
1713
1714   if(!users)
1715     {
1716       ndesc = 1;
1717       desc = xmalloc_clear ( ndesc * sizeof *desc);
1718       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1719     }
1720   else
1721     {
1722       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1723         ;
1724       desc = xmalloc ( ndesc * sizeof *desc);
1725         
1726       for (ndesc=0, sl=users; sl; sl = sl->next)
1727         {
1728           if(classify_user_id (sl->d, desc+ndesc))
1729             ndesc++;
1730           else
1731             log_error (_("key \"%s\" not found: %s\n"),
1732                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
1733         }
1734     }
1735
1736   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1737     {
1738       if (!users) 
1739         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1740
1741       /* read the keyblock */
1742       rc = keydb_get_keyblock (kdbhd, &keyblock );
1743       if( rc )
1744         {
1745           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1746           goto leave;
1747         }
1748
1749       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1750         {
1751           /* This is to work around a bug in some keyservers (pksd and
1752              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1753              The answer is to refresh both the correct v4 keyid
1754              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1755              This only happens for key refresh using the HKP scheme
1756              and if the refresh-add-fake-v3-keyids keyserver option is
1757              set. */
1758           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1759              node->pkt->pkt.public_key->version>=4)
1760             {
1761               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1762               v3_keyid (node->pkt->pkt.public_key->pkey[0],
1763                         (*klist)[*count].u.kid);
1764               (*count)++;
1765
1766               if(*count==num)
1767                 {
1768                   num+=100;
1769                   *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1770                 }
1771             }
1772
1773           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1774              This is because it's easy to calculate any sort of keyid
1775              from a v4 fingerprint, but not a v3 fingerprint. */
1776
1777           if(node->pkt->pkt.public_key->version<4)
1778             {
1779               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1780               keyid_from_pk(node->pkt->pkt.public_key,
1781                             (*klist)[*count].u.kid);
1782             }
1783           else
1784             {
1785               size_t dummy;
1786
1787               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1788               fingerprint_from_pk(node->pkt->pkt.public_key,
1789                                   (*klist)[*count].u.fpr,&dummy);
1790             }
1791
1792           /* This is a little hackish, using the skipfncvalue as a
1793              void* pointer to the keyserver spec, but we don't need
1794              the skipfnc here, and it saves having an additional field
1795              for this (which would be wasted space most of the
1796              time). */
1797
1798           (*klist)[*count].skipfncvalue=NULL;
1799
1800           /* Are we honoring preferred keyservers? */
1801           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1802             {
1803               PKT_user_id *uid=NULL;
1804               PKT_signature *sig=NULL;
1805
1806               merge_keys_and_selfsig(keyblock);
1807
1808               for(node=node->next;node;node=node->next)
1809                 {
1810                   if(node->pkt->pkttype==PKT_USER_ID
1811                      && node->pkt->pkt.user_id->is_primary)
1812                     uid=node->pkt->pkt.user_id;
1813                   else if(node->pkt->pkttype==PKT_SIGNATURE
1814                           && node->pkt->pkt.signature->
1815                           flags.chosen_selfsig && uid)
1816                     {
1817                       sig=node->pkt->pkt.signature;
1818                       break;
1819                     }
1820                 }
1821
1822               /* Try and parse the keyserver URL.  If it doesn't work,
1823                  then we end up writing NULL which indicates we are
1824                  the same as any other key. */
1825               if(sig)
1826                 (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1827             }
1828
1829           (*count)++;
1830
1831           if(*count==num)
1832             {
1833               num+=100;
1834               *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1835             }
1836         }
1837     }
1838
1839   if(rc==-1)
1840     rc=0;
1841   
1842  leave:
1843   if(rc)
1844     xfree(*klist);
1845   xfree(desc);
1846   keydb_release(kdbhd);
1847   release_kbnode(keyblock);
1848
1849   return rc;
1850 }
1851
1852 /* Note this is different than the original HKP refresh.  It allows
1853    usernames to refresh only part of the keyring. */
1854
1855 int
1856 keyserver_refresh(strlist_t users)
1857 {
1858   int rc,count,numdesc,fakev3=0;
1859   KEYDB_SEARCH_DESC *desc;
1860   unsigned int options=opt.keyserver_options.import_options;
1861
1862   /* We switch merge-only on during a refresh, as 'refresh' should
1863      never import new keys, even if their keyids match. */
1864   opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
1865
1866   /* Similarly, we switch on fast-import, since refresh may make
1867      multiple import sets (due to preferred keyserver URLs).  We don't
1868      want each set to rebuild the trustdb.  Instead we do it once at
1869      the end here. */
1870   opt.keyserver_options.import_options|=IMPORT_FAST;
1871
1872   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1873      scheme, then enable fake v3 keyid generation. */
1874   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1875      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1876          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1877     fakev3=1;
1878
1879   rc=keyidlist(users,&desc,&numdesc,fakev3);
1880   if(rc)
1881     return rc;
1882
1883   count=numdesc;
1884   if(count>0)
1885     {
1886       int i;
1887
1888       /* Try to handle preferred keyserver keys first */
1889       for(i=0;i<numdesc;i++)
1890         {
1891           if(desc[i].skipfncvalue)
1892             {
1893               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1894
1895               /* We use the keyserver structure we parsed out before.
1896                  Note that a preferred keyserver without a scheme://
1897                  will be interpreted as hkp:// */
1898
1899               rc=keyserver_work(KS_GET,NULL,&desc[i],1,NULL,NULL,keyserver);
1900               if(rc)
1901                 log_info(_("WARNING: unable to refresh key %s"
1902                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
1903                          keyserver->uri,g10_errstr(rc));
1904               else
1905                 {
1906                   /* We got it, so mark it as NONE so we don't try and
1907                      get it again from the regular keyserver. */
1908
1909                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1910                   count--;
1911                 }
1912
1913               free_keyserver_spec(keyserver);
1914             }
1915         }
1916     }
1917
1918   if(count>0)
1919     {
1920       if(opt.keyserver)
1921         {
1922           if(count==1)
1923             log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
1924           else
1925             log_info(_("refreshing %d keys from %s\n"),
1926                      count,opt.keyserver->uri);
1927         }
1928
1929       rc=keyserver_work(KS_GET,NULL,desc,numdesc,NULL,NULL,opt.keyserver);
1930     }
1931
1932   xfree(desc);
1933
1934   opt.keyserver_options.import_options=options;
1935
1936   /* If the original options didn't have fast import, and the trustdb
1937      is dirty, rebuild. */
1938   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1939     trustdb_check_or_update();
1940
1941   return rc;
1942 }
1943
1944 int
1945 keyserver_search(strlist_t tokens)
1946 {
1947   if(tokens)
1948     return keyserver_work(KS_SEARCH,tokens,NULL,0,NULL,NULL,opt.keyserver);
1949   else
1950     return 0;
1951 }
1952
1953 int
1954 keyserver_fetch(strlist_t urilist)
1955 {
1956   KEYDB_SEARCH_DESC desc;
1957   strlist_t sl;
1958   unsigned int options=opt.keyserver_options.import_options;
1959
1960   /* Switch on fast-import, since fetch can handle more than one
1961      import and we don't want each set to rebuild the trustdb.
1962      Instead we do it once at the end. */
1963   opt.keyserver_options.import_options|=IMPORT_FAST;
1964
1965   /* A dummy desc since we're not actually fetching a particular key
1966      ID */
1967   memset(&desc,0,sizeof(desc));
1968   desc.mode=KEYDB_SEARCH_MODE_EXACT;
1969
1970   for(sl=urilist;sl;sl=sl->next)
1971     {
1972       struct keyserver_spec *spec;
1973
1974       spec=parse_keyserver_uri(sl->d,1,NULL,0);
1975       if(spec)
1976         {
1977           int rc;
1978
1979           rc=keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,spec);
1980           if(rc)
1981             log_info (_("WARNING: unable to fetch URI %s: %s\n"),
1982                      sl->d,g10_errstr(rc));
1983
1984           free_keyserver_spec(spec);
1985         }
1986       else
1987         log_info (_("WARNING: unable to parse URI %s\n"),sl->d);
1988     }
1989
1990   opt.keyserver_options.import_options=options;
1991
1992   /* If the original options didn't have fast import, and the trustdb
1993      is dirty, rebuild. */
1994   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1995     trustdb_check_or_update();
1996
1997   return 0;
1998 }
1999
2000 /* Import key in a CERT or pointed to by a CERT */
2001 int
2002 keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
2003 {
2004   char *domain,*look,*url;
2005   IOBUF key;
2006   int type,rc=G10ERR_GENERAL;
2007
2008   look=xstrdup(name);
2009
2010   domain=strrchr(look,'@');
2011   if(domain)
2012     *domain='.';
2013
2014   type=get_dns_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
2015   if (!type || type == -1)
2016     {
2017       /* There might be an error in res_query which leads to an error
2018          return (-1) in the case that nothing was found.  Thus we take
2019          all errors as key not found.  */
2020       rc = G10ERR_NO_PUBKEY;
2021     }
2022   else if (type==1)
2023     {
2024       int armor_status=opt.no_armor;
2025
2026       /* CERTs are always in binary format */
2027       opt.no_armor=1;
2028
2029       rc=import_keys_stream(key,NULL,fpr,fpr_len,
2030                             opt.keyserver_options.import_options);
2031
2032       opt.no_armor=armor_status;
2033
2034       iobuf_close(key);
2035     }
2036   else if(type==2 && *fpr)
2037     {
2038       /* We only consider the IPGP type if a fingerprint was provided.
2039          This lets us select the right key regardless of what a URL
2040          points to, or get the key from a keyserver. */
2041       if(url)
2042         {
2043           struct keyserver_spec *spec;
2044
2045           spec=parse_keyserver_uri(url,1,NULL,0);
2046           if(spec)
2047             {
2048               rc=keyserver_import_fprint(*fpr,*fpr_len,spec);
2049               free_keyserver_spec(spec);
2050             }
2051         }
2052       else if(opt.keyserver)
2053         {
2054           /* If only a fingerprint is provided, try and fetch it from
2055              our --keyserver */
2056
2057           rc=keyserver_import_fprint(*fpr,*fpr_len,opt.keyserver);
2058         }
2059       else
2060         log_info(_("no keyserver known (use option --keyserver)\n"));
2061
2062       /* Give a better string here? "CERT fingerprint for \"%s\"
2063          found, but no keyserver" " known (use option
2064          --keyserver)\n" ? */
2065
2066       xfree(url);
2067     }
2068
2069   xfree(look);
2070
2071   return rc;
2072 }
2073
2074 /* Import key pointed to by a PKA record. Return the requested
2075    fingerprint in fpr. */
2076 int
2077 keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
2078 {
2079   char *uri;
2080   int rc = G10ERR_NO_PUBKEY;
2081
2082   *fpr = xmalloc (20);
2083   *fpr_len = 20;
2084
2085   uri = get_pka_info (name, *fpr);
2086   if (uri && *uri)
2087     {
2088       /* An URI is available.  Lookup the key. */
2089       struct keyserver_spec *spec;
2090       spec = parse_keyserver_uri (uri, 1, NULL, 0);
2091       if (spec)
2092         {
2093           rc = keyserver_import_fprint (*fpr, 20, spec);
2094           free_keyserver_spec (spec);
2095         }
2096       xfree (uri);
2097     }
2098
2099   if (rc)
2100     {
2101       xfree(*fpr);
2102       *fpr = NULL;
2103     }
2104
2105   return rc;
2106 }
2107
2108 /* Import all keys that match name */
2109 int
2110 keyserver_import_name(const char *name,unsigned char **fpr,size_t *fpr_len,
2111                       struct keyserver_spec *keyserver)
2112 {
2113   strlist_t list=NULL;
2114   int rc;
2115
2116   append_to_strlist(&list,name);
2117
2118   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
2119
2120   free_strlist(list);
2121
2122   return rc;
2123 }
2124
2125 /* Use the PGP Universal trick of asking ldap://keys.(maildomain) for
2126    the key. */
2127 int
2128 keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
2129 {
2130   char *domain;
2131   struct keyserver_spec *keyserver;
2132   strlist_t list=NULL;
2133   int rc;
2134
2135   append_to_strlist(&list,name);
2136
2137   /* Parse out the domain */
2138   domain=strrchr(name,'@');
2139   if(!domain)
2140     return G10ERR_GENERAL;
2141
2142   domain++;
2143
2144   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
2145
2146   keyserver->scheme=xstrdup("ldap");
2147   keyserver->host=xmalloc(5+strlen(domain)+1);
2148   strcpy(keyserver->host,"keys.");
2149   strcat(keyserver->host,domain);
2150   keyserver->uri=xmalloc(strlen(keyserver->scheme)+
2151                          3+strlen(keyserver->host)+1);
2152   strcpy(keyserver->uri,keyserver->scheme);
2153   strcat(keyserver->uri,"://");
2154   strcat(keyserver->uri,keyserver->host);
2155     
2156   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
2157
2158   free_strlist(list);
2159
2160   free_keyserver_spec(keyserver);
2161
2162   return rc;
2163 }