* plaintext.c (handle_plaintext): Properly handle a --max-output of zero
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
3  *
4  * This file is part of GnuPG.
5  *
6  * GnuPG is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * GnuPG is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19  */
20
21 #include <config.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <assert.h>
27 #include "filter.h"
28 #include "keydb.h"
29 #include "status.h"
30 #include "exec.h"
31 #include "main.h"
32 #include "i18n.h"
33 #include "iobuf.h"
34 #include "memory.h"
35 #include "ttyio.h"
36 #include "options.h"
37 #include "packet.h"
38 #include "keyserver-internal.h"
39 #include "util.h"
40
41 #define GET    0
42 #define SEND   1
43 #define SEARCH 2
44
45 struct keyrec
46 {
47   KEYDB_SEARCH_DESC desc;
48   time_t createtime,expiretime;
49   int size,flags;
50   byte type;
51   IOBUF uidbuf;
52   int lines;
53 };
54
55 struct kopts
56 {
57   char *name;
58   int tell; /* tell remote process about this one */
59   int *flag;
60 } keyserver_opts[]=
61 {
62   {"include-revoked",1,&opt.keyserver_options.include_revoked},
63   {"include-disabled",1,&opt.keyserver_options.include_disabled},
64   {"include-subkeys",1,&opt.keyserver_options.include_subkeys},
65   {"keep-temp-files",0,&opt.keyserver_options.keep_temp_files},
66   {"refresh-add-fake-v3-keyids",0,&opt.keyserver_options.fake_v3_keyids},
67   {"auto-key-retrieve",0,&opt.keyserver_options.auto_key_retrieve},
68   {"try-dns-srv",1,&opt.keyserver_options.try_dns_srv},
69   {NULL}
70 };
71
72 static int keyserver_work(int action,STRLIST list,
73                           KEYDB_SEARCH_DESC *desc,int count);
74
75 void 
76 parse_keyserver_options(char *options)
77 {
78   char *tok,*arg;
79
80   while((tok=argsep(&options,&arg)))
81     {
82       int i,hit=0;
83
84       if(tok[0]=='\0')
85         continue;
86
87       for(i=0;keyserver_opts[i].name;i++)
88         {
89           if(ascii_strcasecmp(tok,keyserver_opts[i].name)==0)
90             {
91               *(keyserver_opts[i].flag)=1;
92               hit=1;
93               break;
94             }
95           else if(ascii_strncasecmp("no-",tok,3)==0 &&
96                   ascii_strcasecmp(&tok[3],keyserver_opts[i].name)==0)
97             {
98               *(keyserver_opts[i].flag)=0;
99               hit=1;
100               break;
101             }
102         }
103
104       /* These options need more than just a flag */
105       if(!hit)
106         {
107           if(ascii_strcasecmp(tok,"verbose")==0)
108             opt.keyserver_options.verbose++;
109           else if(ascii_strcasecmp(tok,"no-verbose")==0)
110             opt.keyserver_options.verbose--;
111 #ifdef EXEC_TEMPFILE_ONLY
112           else if(ascii_strcasecmp(tok,"use-temp-files")==0 ||
113                   ascii_strcasecmp(tok,"no-use-temp-files")==0)
114             log_info(_("WARNING: keyserver option \"%s\" is not used "
115                        "on this platform\n"),tok);
116 #else
117           else if(ascii_strcasecmp(tok,"use-temp-files")==0)
118             opt.keyserver_options.use_temp_files=1;
119           else if(ascii_strcasecmp(tok,"no-use-temp-files")==0)
120             opt.keyserver_options.use_temp_files=0;
121 #endif
122           else
123             if(!parse_import_options(tok,
124                                      &opt.keyserver_options.import_options,0)
125                &&
126                !parse_export_options(tok,
127                                      &opt.keyserver_options.export_options,0))
128               {
129                 if(arg)
130                   {
131                     char *joined;
132
133                     joined=m_alloc(strlen(tok)+1+strlen(arg)+1);
134                     /* Make a canonical name=value form with no
135                        spaces */
136                     strcpy(joined,tok);
137                     strcat(joined,"=");
138                     strcat(joined,arg);
139                     add_to_strlist(&opt.keyserver_options.other,joined);
140                     m_free(joined);
141                   }
142                 else
143                   add_to_strlist(&opt.keyserver_options.other,tok);
144               }
145         }
146     }
147 }
148
149 int 
150 parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
151 {
152   int assume_hkp=0;
153
154   assert(uri!=NULL);
155
156   opt.keyserver_host=NULL;
157   opt.keyserver_port=NULL;
158   opt.keyserver_opaque=NULL;
159
160   /* Get the scheme */
161
162   opt.keyserver_scheme=strsep(&uri,":");
163   if(uri==NULL)
164     {
165       /* Assume HKP if there is no scheme */
166       assume_hkp=1;
167       uri=opt.keyserver_scheme;
168       opt.keyserver_scheme="hkp";
169     }
170   else
171     {
172       /* Force to lowercase */
173       char *i;
174
175       for(i=opt.keyserver_scheme;*i!='\0';i++)
176         *i=ascii_tolower(*i);
177     }
178
179   if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)
180     {
181       deprecated_warning(configname,configlineno,"x-broken-hkp",
182                          "--keyserver-options ","broken-http-proxy");
183       opt.keyserver_scheme="hkp";
184       add_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
185     }
186   else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0
187           || ascii_strcasecmp(opt.keyserver_scheme,"http")==0)
188     {
189       /* Canonicalize this to "hkp" so it works with both the internal
190          and external keyserver interface. */
191       opt.keyserver_scheme="hkp";
192     }
193
194   if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
195     {
196       /* Two slashes means network path. */
197
198       /* Skip over the "//", if any */
199       if(!assume_hkp)
200         uri+=2;
201
202       /* Get the host */
203       opt.keyserver_host=strsep(&uri,":/");
204       if(opt.keyserver_host[0]=='\0')
205         return G10ERR_BAD_URI;
206
207       if(uri==NULL || uri[0]=='\0')
208         opt.keyserver_port=NULL;
209       else
210         {
211           char *ch;
212
213           /* Get the port */
214           opt.keyserver_port=strsep(&uri,"/");
215
216           /* Ports are digits only */
217           ch=opt.keyserver_port;
218           while(*ch!='\0')
219             {
220               if(!digitp(ch))
221                 return G10ERR_BAD_URI;
222
223               ch++;
224             }
225
226           /* It would seem to be reasonable to limit the range of the
227              ports to values between 1-65535, but RFC 1738 and 1808
228              imply there is no limit.  Of course, the real world has
229              limits. */
230         }
231
232       /* (any path part of the URI is discarded for now as no keyserver
233          uses it yet) */
234     }
235   else if(uri[0]!='/')
236     {
237       /* No slash means opaque.  Just record the opaque blob and get
238          out. */
239       opt.keyserver_opaque=uri;
240       return 0;
241     }
242   else
243     {
244       /* One slash means absolute path.  We don't need to support that
245          yet. */
246       return G10ERR_BAD_URI;
247     }
248
249   if(opt.keyserver_scheme[0]=='\0')
250     return G10ERR_BAD_URI;
251
252   return 0;
253 }
254
255 static void
256 print_keyrec(int number,struct keyrec *keyrec)
257 {
258   int i;
259
260   iobuf_writebyte(keyrec->uidbuf,0);
261   iobuf_flush_temp(keyrec->uidbuf);
262   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
263
264   if(keyrec->size>0)
265     printf("%d bit ",keyrec->size);
266
267   if(keyrec->type)
268     {
269       const char *str=pubkey_algo_to_string(keyrec->type);
270
271       if(str)
272         printf("%s ",str);
273       else
274         printf("unknown ");
275     }
276
277   switch(keyrec->desc.mode)
278     {
279     case KEYDB_SEARCH_MODE_SHORT_KID:
280       printf("key %08lX",(ulong)keyrec->desc.u.kid[1]);
281       break;
282
283     case KEYDB_SEARCH_MODE_LONG_KID:
284       printf("key %08lX%08lX",(ulong)keyrec->desc.u.kid[0],
285              (ulong)keyrec->desc.u.kid[1]);
286       break;
287
288     case KEYDB_SEARCH_MODE_FPR16:
289       printf("key ");
290       for(i=0;i<16;i++)
291         printf("%02X",(unsigned char)keyrec->desc.u.fpr[i]);
292       break;
293
294     case KEYDB_SEARCH_MODE_FPR20:
295       printf("key ");
296       for(i=0;i<20;i++)
297         printf("%02X",(unsigned char)keyrec->desc.u.fpr[i]);
298       break;
299
300     default:
301       BUG();
302       break;
303     }
304
305   if(keyrec->createtime>0)
306     printf(", created %s",strtimestamp(keyrec->createtime));
307
308   if(keyrec->expiretime>0)
309     printf(", expires %s",strtimestamp(keyrec->expiretime));
310
311   if(keyrec->flags&1)
312     printf(" (%s)",("revoked"));
313   if(keyrec->flags&2)
314     printf(" (%s)",("disabled"));
315   if(keyrec->flags&4)
316     printf(" (%s)",("expired"));
317
318   printf("\n");
319 }
320
321 /* Returns a keyrec (which must be freed) once a key is complete, and
322    NULL otherwise.  Call with a NULL keystring once key parsing is
323    complete to return any unfinished keys. */
324 static struct keyrec *
325 parse_keyrec(char *keystring)
326 {
327   static struct keyrec *work=NULL;
328   struct keyrec *ret=NULL;
329   char *record;
330   int i;
331
332   if(keystring==NULL)
333     {
334       if(work==NULL)
335         return NULL;
336       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
337         {
338           m_free(work);
339           return NULL;
340         }
341       else
342         {
343           ret=work;
344           work=NULL;
345           return ret;
346         }
347     }
348
349   if(work==NULL)
350     {
351       work=m_alloc_clear(sizeof(struct keyrec));
352       work->uidbuf=iobuf_temp();
353     }
354
355   /* Remove trailing whitespace */
356   for(i=strlen(keystring);i>0;i--)
357     if(ascii_isspace(keystring[i-1]))
358       keystring[i-1]='\0';
359     else
360       break;
361
362   if((record=strsep(&keystring,":"))==NULL)
363     return ret;
364
365   if(ascii_strcasecmp("pub",record)==0)
366     {
367       char *tok;
368
369       if(work->desc.mode)
370         {
371           ret=work;
372           work=m_alloc_clear(sizeof(struct keyrec));
373           work->uidbuf=iobuf_temp();
374         }
375
376       if((tok=strsep(&keystring,":"))==NULL)
377         return ret;
378
379       classify_user_id(tok,&work->desc);
380       if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
381          && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
382          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
383          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
384         {
385           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
386           return ret;
387         }
388
389       /* Note all items after this are optional.  This allows us to
390          have a pub line as simple as pub:keyid and nothing else. */
391
392       work->lines++;
393
394       if((tok=strsep(&keystring,":"))==NULL)
395         return ret;
396
397       work->type=atoi(tok);
398
399       if((tok=strsep(&keystring,":"))==NULL)
400         return ret;
401
402       work->size=atoi(tok);
403
404       if((tok=strsep(&keystring,":"))==NULL)
405         return ret;
406
407       work->createtime=atoi(tok);
408
409       if((tok=strsep(&keystring,":"))==NULL)
410         return ret;
411
412       work->expiretime=atoi(tok);
413
414       if((tok=strsep(&keystring,":"))==NULL)
415         return ret;
416
417       while(*tok)
418         switch(*tok++)
419           {
420           case 'r':
421           case 'R':
422             work->flags|=1;
423             break;
424             
425           case 'd':
426           case 'D':
427             work->flags|=2;
428             break;
429
430           case 'e':
431           case 'E':
432             work->flags|=4;
433             break;
434           }
435
436       if(work->expiretime && work->expiretime<=make_timestamp())
437         work->flags|=4;
438     }
439   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
440     {
441       char *userid,*tok,*decoded;
442
443       if((tok=strsep(&keystring,":"))==NULL)
444         return ret;
445
446       if(strlen(tok)==0)
447         return ret;
448
449       userid=tok;
450
451       /* By definition, de-%-encoding is always smaller than the
452          original string so we can decode in place. */
453
454       i=0;
455
456       while(*tok)
457         if(tok[0]=='%' && tok[1] && tok[2])
458           {
459             if((userid[i]=hextobyte(&tok[1]))==-1)
460               userid[i]='?';
461
462             i++;
463             tok+=3;
464           }
465         else
466           userid[i++]=*tok++;
467
468       /* We don't care about the other info provided in the uid: line
469          since no keyserver supports marking userids with timestamps
470          or revoked/expired/disabled yet. */
471
472       /* No need to check for control characters, as utf8_to_native
473          does this for us. */
474
475       decoded=utf8_to_native(userid,i,0);
476       if(strlen(decoded)>opt.screen_columns-10)
477         decoded[opt.screen_columns-10]='\0';
478       iobuf_writestr(work->uidbuf,decoded);
479       m_free(decoded);
480       iobuf_writestr(work->uidbuf,"\n\t");
481       work->lines++;
482     }
483
484   /* Ignore any records other than "pri" and "uid" for easy future
485      growth. */
486
487   return ret;
488 }
489
490 /* TODO: do this as a list sent to keyserver_work rather than calling
491    it once for each key to get the correct counts after the import
492    (cosmetics, really) and to better take advantage of the keyservers
493    that can do multiple fetches in one go (LDAP). */
494 static int
495 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
496 {
497   char *answer;
498
499   if(count && opt.command_fd==-1)
500     {
501       static int from=1;
502       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
503       from=numdesc+1;
504     }
505
506   answer=cpr_get_no_help("keysearch.prompt",
507                          _("Enter number(s), N)ext, or Q)uit > "));
508   /* control-d */
509   if(answer[0]=='\x04')
510     {
511       printf("Q\n");
512       answer[0]='q';
513     }
514
515   if(answer[0]=='q' || answer[0]=='Q')
516     {
517       m_free(answer);
518       return 1;
519     }
520   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
521     {
522       char *split=answer,*num;
523
524       while((num=strsep(&split," ,"))!=NULL)
525         if(atoi(num)>=1 && atoi(num)<=numdesc)
526           keyserver_work(GET,NULL,&desc[atoi(num)-1],1);
527
528       m_free(answer);
529       return 1;
530     }
531
532   return 0;
533 }
534
535 /* Count and searchstr are just for cosmetics.  If the count is too
536    small, it will grow safely.  If negative it disables the "Key x-y
537    of z" messages. */
538 static void
539 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
540 {
541   int i=0,validcount=0,started=0,header=0,count=1,numlines=0;
542   unsigned int maxlen,buflen;
543   KEYDB_SEARCH_DESC *desc;
544   byte *line=NULL;
545
546   desc=m_alloc(count*sizeof(KEYDB_SEARCH_DESC));
547
548   for(;;)
549     {
550       struct keyrec *keyrec;
551       int rl;
552
553       maxlen=1024;
554       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
555
556       if(opt.with_colons)
557         {
558           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
559              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
560             {
561               header=1;
562               continue;
563             }
564           else if(ascii_strncasecmp("SEARCH ",line,7)==0
565                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
566             continue;
567
568           printf("%s",line);
569         }
570
571       /* Look for an info: line.  The only current info: values
572          defined are the version and key count. */
573       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
574         {
575           char *tok,*str=&line[5];
576
577           if((tok=strsep(&str,":"))!=NULL)
578             {
579               int version;
580
581               if(sscanf(tok,"%d",&version)!=1)
582                 version=1;
583
584               if(version!=1)
585                 {
586                   log_error(_("invalid keyserver protocol "
587                               "(us %d!=handler %d)\n"),1,version);
588                   break;
589                 }
590             }
591
592           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
593             {
594               if(count==0)
595                 goto notfound;
596               else if(count<0)
597                 count=10;
598               else
599                 validcount=1;
600
601               desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
602             }
603
604           started=1;
605           continue;
606         }
607
608       if(rl==0)
609         {
610           keyrec=parse_keyrec(NULL);
611
612           if(keyrec==NULL)
613             {
614               if(i==0)
615                 {
616                   count=0;
617                   break;
618                 }
619
620               if(i!=count)
621                 validcount=0;
622
623               for(;;)
624                 {
625                   if(show_prompt(desc,i,validcount?count:0,searchstr))
626                     break;
627                   validcount=0;
628                 }
629
630               break;
631             }
632         }
633       else
634         keyrec=parse_keyrec(line);
635
636       if(i==count)
637         {
638           /* keyserver helper sent more keys than they claimed in the
639              info: line. */
640           count+=10;
641           desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
642           validcount=0;
643         }
644
645       if(keyrec)
646         {
647           desc[i]=keyrec->desc;
648
649           if(!opt.with_colons)
650             {
651               /* screen_lines - 1 for the prompt. */
652               if(numlines+keyrec->lines>opt.screen_lines-1)
653                 {
654                   if(show_prompt(desc,i,validcount?count:0,searchstr))
655                     break;
656                   else
657                     numlines=0;
658                 }
659
660               print_keyrec(i+1,keyrec);
661             }
662
663           numlines+=keyrec->lines;
664           iobuf_close(keyrec->uidbuf);
665           m_free(keyrec);
666
667           started=1;
668           i++;
669         }
670     }
671
672   m_free(desc);
673   m_free(line);
674
675  notfound:
676   if(count==0)
677     {
678       if(searchstr)
679         log_info(_("key \"%s\" not found on keyserver\n"),searchstr);
680       else
681         log_info(_("key not found on keyserver\n"));
682       return;
683     }
684 }
685
686 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
687 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
688
689 static int 
690 keyserver_spawn(int action,STRLIST list,
691                 KEYDB_SEARCH_DESC *desc,int count,int *prog)
692 {
693   int ret=0,i,gotversion=0,outofband=0;
694   STRLIST temp;
695   unsigned int maxlen,buflen;
696   char *command=NULL,*searchstr=NULL;
697   byte *line=NULL;
698   struct kopts *kopts;
699   struct exec_info *spawn;
700
701 #ifdef EXEC_TEMPFILE_ONLY
702   opt.keyserver_options.use_temp_files=1;
703 #endif
704
705   /* Push the libexecdir into path.  If DISABLE_KEYSERVER_PATH is set,
706      use the 0 arg to replace the path. */
707 #ifdef DISABLE_KEYSERVER_PATH
708   set_exec_path(GNUPG_LIBEXECDIR,0);
709 #else
710   set_exec_path(GNUPG_LIBEXECDIR,opt.exec_path_set);
711 #endif
712
713   /* Build the filename for the helper to execute */
714   command=m_alloc(strlen("gpgkeys_")+strlen(opt.keyserver_scheme)+1);
715   strcpy(command,"gpgkeys_");
716   strcat(command,opt.keyserver_scheme);
717
718   if(opt.keyserver_options.use_temp_files)
719     {
720       if(opt.keyserver_options.keep_temp_files)
721         {
722           command=m_realloc(command,strlen(command)+
723                             strlen(KEYSERVER_ARGS_KEEP)+1);
724           strcat(command,KEYSERVER_ARGS_KEEP);
725         }
726       else
727         {
728           command=m_realloc(command,strlen(command)+
729                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
730           strcat(command,KEYSERVER_ARGS_NOKEEP);  
731         }
732
733       ret=exec_write(&spawn,NULL,command,NULL,0,0);
734     }
735   else
736     ret=exec_write(&spawn,command,NULL,NULL,0,0);
737
738   if(ret)
739     return ret;
740
741   fprintf(spawn->tochild,"# This is a gpg keyserver communications file\n");
742   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
743   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
744   fprintf(spawn->tochild,"SCHEME %s\n",opt.keyserver_scheme);
745
746   if(opt.keyserver_opaque)
747     fprintf(spawn->tochild,"OPAQUE %s\n",opt.keyserver_opaque);
748   else
749     {
750       if(opt.keyserver_host)
751         fprintf(spawn->tochild,"HOST %s\n",opt.keyserver_host);
752
753       if(opt.keyserver_port)
754         fprintf(spawn->tochild,"PORT %s\n",opt.keyserver_port);
755     }
756
757   /* Write options */
758
759   for(i=0,kopts=keyserver_opts;kopts[i].name;i++)
760     if(*(kopts[i].flag) && kopts[i].tell)
761       fprintf(spawn->tochild,"OPTION %s\n",kopts[i].name);
762
763   for(i=0;i<opt.keyserver_options.verbose;i++)
764     fprintf(spawn->tochild,"OPTION verbose\n");
765
766   temp=opt.keyserver_options.other;
767
768   for(;temp;temp=temp->next)
769     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
770
771   switch(action)
772     {
773     case GET:
774       {
775         fprintf(spawn->tochild,"COMMAND GET\n\n");
776
777         /* Which keys do we want? */
778
779         for(i=0;i<count;i++)
780           {
781             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
782               {
783                 int f;
784
785                 fprintf(spawn->tochild,"0x");
786
787                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
788                   fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]);
789
790                 fprintf(spawn->tochild,"\n");
791               }
792             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
793               {
794                 int f;
795
796                 fprintf(spawn->tochild,"0x");
797
798                 for(f=0;f<16;f++)
799                   fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]);
800
801                 fprintf(spawn->tochild,"\n");
802               }
803             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
804               fprintf(spawn->tochild,"0x%08lX%08lX\n",
805                       (ulong)desc[i].u.kid[0],
806                       (ulong)desc[i].u.kid[1]);
807             else
808               fprintf(spawn->tochild,"0x%08lX\n",
809                       (ulong)desc[i].u.kid[1]);
810           }
811
812         fprintf(spawn->tochild,"\n");
813
814         break;
815       }
816
817     case SEND:
818       {
819         STRLIST key;
820
821         /* Note the extra \n here to send an empty keylist block */
822         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
823
824         for(key=list;key!=NULL;key=key->next)
825           {
826             armor_filter_context_t afx;
827             IOBUF buffer=iobuf_temp();
828             KBNODE block;
829
830             temp=NULL;
831             add_to_strlist(&temp,key->d);
832
833             memset(&afx,0,sizeof(afx));
834             afx.what=1;
835             iobuf_push_filter(buffer,armor_filter,&afx);
836
837             /* TODO: Remove Comment: lines from keys exported this
838                way? */
839
840             if(export_pubkeys_stream(buffer,temp,&block,
841                                      opt.keyserver_options.export_options)==-1)
842               iobuf_close(buffer);
843             else
844               {
845                 KBNODE node;
846
847                 iobuf_flush_temp(buffer);
848
849                 merge_keys_and_selfsig(block);
850
851                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
852                         (ulong)block->pkt->pkt.public_key->keyid[0],
853                         (ulong)block->pkt->pkt.public_key->keyid[1]);
854
855                 for(node=block;node;node=node->next)
856                   {
857                     switch(node->pkt->pkttype)
858                       {
859                       default:
860                         continue;
861
862                       case PKT_PUBLIC_KEY:
863                       case PKT_PUBLIC_SUBKEY:
864                         {
865                           PKT_public_key *pk=node->pkt->pkt.public_key;
866
867                           keyid_from_pk(pk,NULL);
868
869                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
870                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
871                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
872                                   pk->pubkey_algo,
873                                   nbits_from_pk(pk),
874                                   pk->timestamp,
875                                   pk->expiredate);
876
877                           if(pk->is_revoked)
878                             fprintf(spawn->tochild,"r");
879                           if(pk->has_expired)
880                             fprintf(spawn->tochild,"e");
881
882                           fprintf(spawn->tochild,"\n");
883                         }
884                         break;
885
886                       case PKT_USER_ID:
887                         {
888                           PKT_user_id *uid=node->pkt->pkt.user_id;
889                           int r;
890
891                           if(uid->attrib_data)
892                             continue;
893
894                           fprintf(spawn->tochild,"uid:");
895
896                           /* Quote ':', '%', and any 8-bit
897                              characters */
898                           for(r=0;r<uid->len;r++)
899                             {
900                               if(uid->name[r]==':' || uid->name[r]=='%'
901                                  || uid->name[r]&0x80)
902                                 fprintf(spawn->tochild,"%%%02X",
903                                         (byte)uid->name[r]);
904                               else
905                                 fprintf(spawn->tochild,"%c",uid->name[r]);
906                             }
907
908                           fprintf(spawn->tochild,":%u:%u:",
909                                   uid->created,uid->expiredate);
910
911                           if(uid->is_revoked)
912                             fprintf(spawn->tochild,"r");
913                           if(uid->is_expired)
914                             fprintf(spawn->tochild,"e");
915
916                           fprintf(spawn->tochild,"\n");
917                         }
918                         break;
919
920                         /* This bit is really for the benefit of
921                            people who store their keys in LDAP
922                            servers.  It makes it easy to do queries
923                            for things like "all keys signed by
924                            Isabella". */
925                       case PKT_SIGNATURE:
926                         {
927                           PKT_signature *sig=node->pkt->pkt.signature;
928
929                           if(!IS_UID_SIG(sig))
930                             continue;
931
932                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
933                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
934                                   sig->sig_class,sig->timestamp,
935                                   sig->expiredate);
936                         }
937                         break;
938                       }
939                   }
940
941                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
942                         (ulong)block->pkt->pkt.public_key->keyid[0],
943                         (ulong)block->pkt->pkt.public_key->keyid[1]);
944
945                 fprintf(spawn->tochild,"KEY %s BEGIN\n",key->d);
946                 fwrite(iobuf_get_temp_buffer(buffer),
947                        iobuf_get_temp_length(buffer),1,spawn->tochild);
948                 fprintf(spawn->tochild,"KEY %s END\n",key->d);
949
950                 iobuf_close(buffer);
951                 release_kbnode(block);
952               }
953
954             free_strlist(temp);
955           }
956
957         break;
958       }
959
960     case SEARCH:
961       {
962         STRLIST key;
963
964         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
965
966         /* Which keys do we want?  Remember that the gpgkeys_ program
967            is going to lump these together into a search string. */
968
969         for(key=list;key!=NULL;key=key->next)
970           {
971             fprintf(spawn->tochild,"%s\n",key->d);
972             if(key!=list)
973               {
974                 searchstr=m_realloc(searchstr,
975                                     strlen(searchstr)+strlen(key->d)+2);
976                 strcat(searchstr," ");
977               }
978             else
979               {
980                 searchstr=m_alloc(strlen(key->d)+1);
981                 searchstr[0]='\0';
982               }
983
984             strcat(searchstr,key->d);
985           }
986
987         fprintf(spawn->tochild,"\n");
988
989         break;
990       }
991
992     default:
993       log_fatal(_("no keyserver action!\n"));
994       break;
995     }
996
997   /* Done sending, so start reading. */
998   ret=exec_read(spawn);
999   if(ret)
1000     goto fail;
1001
1002   /* Now handle the response */
1003
1004   for(;;)
1005     {
1006       int plen;
1007       char *ptr;
1008
1009       maxlen=1024;
1010       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1011         {
1012           ret=G10ERR_READ_FILE;
1013           goto fail; /* i.e. EOF */
1014         }
1015
1016       ptr=line;
1017
1018       /* remove trailing whitespace */
1019       plen=strlen(ptr);
1020       while(plen>0 && ascii_isspace(ptr[plen-1]))
1021         plen--;
1022       plen[ptr]='\0';
1023
1024       if(*ptr=='\0')
1025         break;
1026
1027       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1028         {
1029           gotversion=1;
1030
1031           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1032             {
1033               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1034                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1035               goto fail;
1036             }
1037         }
1038       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1039         {
1040           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1041             log_info(_("WARNING: keyserver handler from a different "
1042                        "version of GnuPG (%s)\n"),&ptr[8]);
1043         }
1044       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1045         outofband=1; /* Currently the only OPTION */
1046     }
1047
1048   if(!gotversion)
1049     {
1050       log_error(_("keyserver did not send VERSION\n"));
1051       goto fail;
1052     }
1053
1054   if(!outofband)
1055     switch(action)
1056       {
1057       case GET:
1058         {
1059           void *stats_handle;
1060
1061           stats_handle=import_new_stats_handle();
1062
1063           /* Slurp up all the key data.  In the future, it might be
1064              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1065              It's harmless to ignore them, but ignoring them does make
1066              gpg complain about "no valid OpenPGP data found".  One
1067              way to do this could be to continue parsing this
1068              line-by-line and make a temp iobuf for each key. */
1069
1070           import_keys_stream(spawn->fromchild,stats_handle,
1071                              opt.keyserver_options.import_options);
1072
1073           import_print_stats(stats_handle);
1074           import_release_stats_handle(stats_handle);
1075
1076           break;
1077         }
1078
1079         /* Nothing to do here */
1080       case SEND:
1081         break;
1082
1083       case SEARCH:
1084         {
1085           keyserver_search_prompt(spawn->fromchild,searchstr);
1086
1087           break;
1088         }
1089
1090       default:
1091         log_fatal(_("no keyserver action!\n"));
1092         break;
1093       }
1094
1095  fail:
1096   m_free(line);
1097
1098   *prog=exec_finish(spawn);
1099
1100   return ret;
1101 }
1102
1103 static int 
1104 keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,int count)
1105 {
1106   int rc=0,ret=0;
1107
1108   if(opt.keyserver_scheme==NULL)
1109     {
1110       log_error(_("no keyserver known (use option --keyserver)\n"));
1111       return G10ERR_BAD_URI;
1112     }
1113
1114 #ifdef DISABLE_KEYSERVER_HELPERS
1115
1116   log_error(_("external keyserver calls are not supported in this build\n"));
1117   return G10ERR_KEYSERVER;
1118
1119 #else
1120   /* Spawn a handler */
1121
1122   rc=keyserver_spawn(action,list,desc,count,&ret);
1123   if(ret)
1124     {
1125       switch(ret)
1126         {
1127         case KEYSERVER_SCHEME_NOT_FOUND:
1128           log_error(_("no handler for keyserver scheme \"%s\"\n"),
1129                     opt.keyserver_scheme);
1130           break;
1131
1132         case KEYSERVER_NOT_SUPPORTED:
1133           log_error(_("action \"%s\" not supported with keyserver "
1134                       "scheme \"%s\"\n"),
1135                     action==GET?"get":action==SEND?"send":
1136                     action==SEARCH?"search":"unknown",
1137                     opt.keyserver_scheme);
1138           break;
1139
1140         case KEYSERVER_VERSION_ERROR:
1141           log_error(_("gpgkeys_%s does not support handler version %d\n"),
1142                     opt.keyserver_scheme,KEYSERVER_PROTO_VERSION);
1143           break;
1144
1145         case KEYSERVER_INTERNAL_ERROR:
1146         default:
1147           log_error(_("keyserver internal error\n"));
1148           break;
1149         }
1150
1151       return G10ERR_KEYSERVER;
1152     }
1153
1154   if(rc)
1155     {
1156       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1157
1158       return rc;
1159     }
1160
1161   return 0;
1162 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1163 }
1164
1165 int 
1166 keyserver_export(STRLIST users)
1167 {
1168   STRLIST sl=NULL;
1169   KEYDB_SEARCH_DESC desc;
1170   int rc=0;
1171
1172   /* Weed out descriptors that we don't support sending */
1173   for(;users;users=users->next)
1174     {
1175       classify_user_id (users->d, &desc);
1176       if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1177          desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1178          desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
1179          desc.mode!=KEYDB_SEARCH_MODE_FPR20)
1180         {
1181           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1182           continue;
1183         }
1184       else
1185         append_to_strlist(&sl,users->d);
1186     }
1187
1188   if(sl)
1189     {
1190       rc=keyserver_work(SEND,sl,NULL,0);
1191       free_strlist(sl);
1192     }
1193
1194   return rc;
1195 }
1196
1197 int 
1198 keyserver_import(STRLIST users)
1199 {
1200   KEYDB_SEARCH_DESC *desc;
1201   int num=100,count=0;
1202   int rc=0;
1203
1204   /* Build a list of key ids */
1205   desc=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
1206
1207   for(;users;users=users->next)
1208     {
1209       classify_user_id (users->d, &desc[count]);
1210       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1211          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1212          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
1213          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
1214         {
1215           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1216           continue;
1217         }
1218
1219       count++;
1220       if(count==num)
1221         {
1222           num+=100;
1223           desc=m_realloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1224         }
1225     }
1226
1227   if(count>0)
1228     rc=keyserver_work(GET,NULL,desc,count);
1229
1230   m_free(desc);
1231
1232   return rc;
1233 }
1234
1235 int
1236 keyserver_import_fprint(const byte *fprint,size_t fprint_len)
1237 {
1238   KEYDB_SEARCH_DESC desc;
1239
1240   memset(&desc,0,sizeof(desc));
1241
1242   if(fprint_len==16)
1243     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1244   else if(fprint_len==20)
1245     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1246   else
1247     return -1;
1248
1249   memcpy(desc.u.fpr,fprint,fprint_len);
1250
1251   return keyserver_work(GET,NULL,&desc,1);
1252 }
1253
1254 int 
1255 keyserver_import_keyid(u32 *keyid)
1256 {
1257   KEYDB_SEARCH_DESC desc;
1258
1259   memset(&desc,0,sizeof(desc));
1260
1261   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1262   desc.u.kid[0]=keyid[0];
1263   desc.u.kid[1]=keyid[1];
1264
1265   return keyserver_work(GET,NULL,&desc,1);
1266 }
1267
1268 /* code mostly stolen from do_export_stream */
1269 static int 
1270 keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1271 {
1272   int rc=0,ndesc,num=100;
1273   KBNODE keyblock=NULL,node;
1274   KEYDB_HANDLE kdbhd;
1275   KEYDB_SEARCH_DESC *desc;
1276   STRLIST sl;
1277
1278   *count=0;
1279
1280   *klist=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
1281
1282   kdbhd=keydb_new(0);
1283
1284   if(!users)
1285     {
1286       ndesc = 1;
1287       desc = m_alloc_clear ( ndesc * sizeof *desc);
1288       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1289     }
1290   else
1291     {
1292       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1293         ;
1294       desc = m_alloc ( ndesc * sizeof *desc);
1295         
1296       for (ndesc=0, sl=users; sl; sl = sl->next)
1297         {
1298           if(classify_user_id (sl->d, desc+ndesc))
1299             ndesc++;
1300           else
1301             log_error (_("key `%s' not found: %s\n"),
1302                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
1303         }
1304     }
1305
1306   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1307     {
1308       if (!users) 
1309         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1310
1311       /* read the keyblock */
1312       rc = keydb_get_keyblock (kdbhd, &keyblock );
1313       if( rc )
1314         {
1315           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1316           goto leave;
1317         }
1318
1319       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1320         {
1321           /* This is to work around a bug in some keyservers (pksd and
1322              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1323              The answer is to refresh both the correct v4 keyid
1324              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1325              This only happens for key refresh using the HKP scheme
1326              and if the refresh-add-fake-v3-keyids keyserver option is
1327              set. */
1328           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1329              node->pkt->pkt.public_key->version>=4)
1330             {
1331               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1332               mpi_get_keyid(node->pkt->pkt.public_key->pkey[0],
1333                             (*klist)[*count].u.kid);
1334               (*count)++;
1335
1336               if(*count==num)
1337                 {
1338                   num+=100;
1339                   *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1340                 }
1341             }
1342
1343           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1344              This is because it's easy to calculate any sort of key id
1345              from a v4 fingerprint, but not a v3 fingerprint. */
1346
1347           if(node->pkt->pkt.public_key->version<4)
1348             {
1349               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1350               keyid_from_pk(node->pkt->pkt.public_key,
1351                             (*klist)[*count].u.kid);
1352             }
1353           else
1354             {
1355               size_t dummy;
1356
1357               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1358               fingerprint_from_pk(node->pkt->pkt.public_key,
1359                                   (*klist)[*count].u.fpr,&dummy);
1360             }
1361
1362           (*count)++;
1363
1364           if(*count==num)
1365             {
1366               num+=100;
1367               *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1368             }
1369         }
1370     }
1371
1372   if(rc==-1)
1373     rc=0;
1374   
1375  leave:
1376   m_free(desc);
1377   keydb_release(kdbhd);
1378   release_kbnode(keyblock);
1379
1380   return rc;
1381 }
1382
1383 /* Note this is different than the original HKP refresh.  It allows
1384    usernames to refresh only part of the keyring. */
1385
1386 int 
1387 keyserver_refresh(STRLIST users)
1388 {
1389   int rc,count,fakev3=0;
1390   KEYDB_SEARCH_DESC *desc;
1391
1392   /* We switch merge_only on during a refresh, as 'refresh' should
1393      never import new keys, even if their keyids match.  Is it worth
1394      preserving the old merge_only value here? */
1395   opt.import_options|=IMPORT_MERGE_ONLY;
1396
1397   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1398      scheme, then enable fake v3 keyid generation. */
1399   if(opt.keyserver_options.fake_v3_keyids && opt.keyserver_scheme &&
1400      (ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0 ||
1401       ascii_strcasecmp(opt.keyserver_scheme,"mailto")==0))
1402     fakev3=1;
1403
1404   rc=keyidlist(users,&desc,&count,fakev3);
1405   if(rc)
1406     return rc;
1407
1408   if(count>0)
1409     {
1410       if(opt.keyserver_uri)
1411         {
1412           if(count==1)
1413             log_info(_("refreshing 1 key from %s\n"),opt.keyserver_uri);
1414           else
1415             log_info(_("refreshing %d keys from %s\n"),
1416                      count,opt.keyserver_uri);
1417         }
1418
1419       rc=keyserver_work(GET,NULL,desc,count);
1420     }
1421
1422   m_free(desc);
1423
1424   return rc;
1425 }
1426
1427 int
1428 keyserver_search(STRLIST tokens)
1429 {
1430   if(tokens)
1431     return keyserver_work(SEARCH,tokens,NULL,0);
1432   else
1433     return 0;
1434 }