b1094f973d0e66bbbffa3173493040b11ebc4a09
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
3  *
4  * This file is part of GnuPG.
5  *
6  * GnuPG is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * GnuPG is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19  */
20
21 #include <config.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <assert.h>
27 #include "filter.h"
28 #include "keydb.h"
29 #include "status.h"
30 #include "exec.h"
31 #include "main.h"
32 #include "i18n.h"
33 #include "iobuf.h"
34 #include "memory.h"
35 #include "ttyio.h"
36 #include "options.h"
37 #include "packet.h"
38 #include "keyserver-internal.h"
39 #include "util.h"
40
41 #define GET    0
42 #define SEND   1
43 #define SEARCH 2
44
45 struct keyrec
46 {
47   KEYDB_SEARCH_DESC desc;
48   u32 createtime,expiretime;
49   int size,flags;
50   byte type;
51   IOBUF uidbuf;
52   unsigned int lines;
53 };
54
55 /* Tell remote processes about these options */
56 #define REMOTE_TELL (KEYSERVER_INCLUDE_REVOKED|KEYSERVER_INCLUDE_DISABLED|KEYSERVER_INCLUDE_SUBKEYS|KEYSERVER_TRY_DNS_SRV)
57
58 static struct parse_options keyserver_opts[]=
59   {
60     {"include-revoked",KEYSERVER_INCLUDE_REVOKED,NULL},      
61     {"include-disabled",KEYSERVER_INCLUDE_DISABLED,NULL},
62     {"include-subkeys",KEYSERVER_INCLUDE_SUBKEYS,NULL},
63     {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL},
64     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL},
65     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL},
66     {"try-dns-srv",KEYSERVER_TRY_DNS_SRV,NULL},
67     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL},
68     {NULL,0,NULL}
69   };
70
71 static int keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
72                           int count,struct keyserver_spec *keyserver);
73
74 int
75 parse_keyserver_options(char *options)
76 {
77   int ret=1;
78   char *tok;
79
80   while((tok=optsep(&options)))
81     {
82       if(tok[0]=='\0')
83         continue;
84
85       /* We accept quite a few possible options here - some options to
86          handle specially, the keyserver_options list, and import and
87          export options that pertain to keyserver operations.  Note
88          that you must use strncasecmp here as there might be an
89          =argument attached which will foil the use of strcasecmp. */
90
91       if(ascii_strncasecmp(tok,"verbose",7)==0)
92         opt.keyserver_options.verbose++;
93       else if(ascii_strncasecmp(tok,"no-verbose",10)==0)
94         opt.keyserver_options.verbose--;
95 #ifdef EXEC_TEMPFILE_ONLY
96       else if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
97               ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
98         log_info(_("WARNING: keyserver option \"%s\" is not used "
99                    "on this platform\n"),tok);
100 #else
101       else if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
102         opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
103       else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
104         opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
105 #endif
106       else if(!parse_options(tok,&opt.keyserver_options.options,
107                              keyserver_opts,0)
108          && !parse_import_options(tok,
109                                   &opt.keyserver_options.import_options,0)
110          && !parse_export_options(tok,
111                                   &opt.keyserver_options.export_options,0))
112         {
113           /* All of the standard options have failed, so the option is
114              destined for a keyserver plugin. */
115           char *arg=argsplit(tok);
116
117           if(arg)
118             {
119               char *joined;
120
121               joined=m_alloc(strlen(tok)+1+strlen(arg)+1);
122               /* Make a canonical name=value form with no
123                  spaces */
124               strcpy(joined,tok);
125               strcat(joined,"=");
126               strcat(joined,arg);
127               add_to_strlist(&opt.keyserver_options.other,joined);
128               m_free(joined);
129             }
130           else
131             add_to_strlist(&opt.keyserver_options.other,tok);
132         }
133     }
134
135   return ret;
136 }
137
138 void
139 free_keyserver_spec(struct keyserver_spec *keyserver)
140 {
141   m_free(keyserver->uri);
142   m_free(keyserver->host);
143   m_free(keyserver->port);
144   m_free(keyserver->path);
145   m_free(keyserver->opaque);
146   m_free(keyserver);
147 }
148
149 struct keyserver_spec *
150 parse_keyserver_uri(const char *uri,int require_scheme,
151                     const char *configname,unsigned int configlineno)
152 {
153   int assume_hkp=0;
154   struct keyserver_spec *keyserver;
155   const char *idx;
156   int count;
157
158   assert(uri!=NULL);
159
160   keyserver=m_alloc_clear(sizeof(struct keyserver_spec));
161
162   keyserver->uri=m_strdup(uri);
163
164   /* Get the scheme */
165
166   for(idx=uri,count=0;*idx && *idx!=':';idx++)
167     count++;
168
169   if(count==0)
170     goto fail;
171
172   if(*idx=='\0')
173     {
174       if(require_scheme)
175         return NULL;
176
177       /* Assume HKP if there is no scheme */
178       assume_hkp=1;
179       keyserver->scheme=m_strdup("hkp");
180     }
181   else
182     {
183       int i;
184
185       keyserver->scheme=m_alloc(count+1);
186
187       /* Force to lowercase */
188       for(i=0;i<count;i++)
189         keyserver->scheme[i]=ascii_tolower(uri[i]);
190
191       keyserver->scheme[i]='\0';
192
193       /* Skip past the scheme and colon */
194       uri+=count+1;
195     }
196
197   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
198     {
199       deprecated_warning(configname,configlineno,"x-broken-hkp",
200                          "--keyserver-options ","broken-http-proxy");
201       m_free(keyserver->scheme);
202       keyserver->scheme=m_strdup("hkp");
203       add_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
204     }
205   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
206     {
207       /* Canonicalize this to "hkp" so it works with both the internal
208          and external keyserver interface. */
209       m_free(keyserver->scheme);
210       keyserver->scheme=m_strdup("hkp");
211     }
212
213   if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
214     {
215       /* Two slashes means network path. */
216
217       /* Skip over the "//", if any */
218       if(!assume_hkp)
219         uri+=2;
220
221       for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
222         count++;
223
224       if(count==0)
225         goto fail;
226
227       keyserver->host=m_alloc(count+1);
228       strncpy(keyserver->host,uri,count);
229       keyserver->host[count]='\0';
230
231       /* Skip past the host */
232       uri+=count;
233
234       if(*uri==':')
235         {
236           /* It would seem to be reasonable to limit the range of the
237              ports to values between 1-65535, but RFC 1738 and 1808
238              imply there is no limit.  Of course, the real world has
239              limits. */
240
241           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
242             {
243               count++;
244
245               /* Ports are digits only */
246               if(!digitp(idx))
247                 goto fail;
248             }
249
250           keyserver->port=m_alloc(count+1);
251           strncpy(keyserver->port,uri+1,count);
252           keyserver->port[count]='\0';
253
254           /* Skip past the colon and port number */
255           uri+=1+count;
256         }
257
258       /* Everything else is the path */
259       if(*uri)
260         keyserver->path=m_strdup(uri);
261       else
262         keyserver->path=m_strdup("/");
263     }
264   else if(uri[0]!='/')
265     {
266       /* No slash means opaque.  Just record the opaque blob and get
267          out. */
268       keyserver->opaque=m_strdup(uri);
269     }
270   else
271     {
272       /* One slash means absolute path.  We don't need to support that
273          yet. */
274       goto fail;
275     }
276
277   return keyserver;
278
279  fail:
280   free_keyserver_spec(keyserver);
281
282   return NULL;
283 }
284
285 static void
286 print_keyrec(int number,struct keyrec *keyrec)
287 {
288   int i;
289
290   iobuf_writebyte(keyrec->uidbuf,0);
291   iobuf_flush_temp(keyrec->uidbuf);
292   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
293
294   if(keyrec->size>0)
295     printf("%d bit ",keyrec->size);
296
297   if(keyrec->type)
298     {
299       const char *str=pubkey_algo_to_string(keyrec->type);
300
301       if(str)
302         printf("%s ",str);
303       else
304         printf("unknown ");
305     }
306
307   switch(keyrec->desc.mode)
308     {
309       /* If the keyserver helper gave us a short keyid, we have no
310          choice but to use it.  Do check --keyid-format to add a 0x if
311          needed. */
312     case KEYDB_SEARCH_MODE_SHORT_KID:
313       printf("key %s%08lX",
314              (opt.keyid_format==KF_0xSHORT
315               || opt.keyid_format==KF_0xLONG)?"0x":"",
316              (ulong)keyrec->desc.u.kid[1]);
317       break;
318
319       /* However, if it gave us a long keyid, we can honor
320          --keyid-format */
321     case KEYDB_SEARCH_MODE_LONG_KID:
322       printf("key %s",keystr(keyrec->desc.u.kid));
323       break;
324
325     case KEYDB_SEARCH_MODE_FPR16:
326       printf("key ");
327       for(i=0;i<16;i++)
328         printf("%02X",(unsigned char)keyrec->desc.u.fpr[i]);
329       break;
330
331     case KEYDB_SEARCH_MODE_FPR20:
332       printf("key ");
333       for(i=0;i<20;i++)
334         printf("%02X",(unsigned char)keyrec->desc.u.fpr[i]);
335       break;
336
337     default:
338       BUG();
339       break;
340     }
341
342   if(keyrec->createtime>0)
343     printf(", created %s",strtimestamp(keyrec->createtime));
344
345   if(keyrec->expiretime>0)
346     printf(", expires %s",strtimestamp(keyrec->expiretime));
347
348   if(keyrec->flags&1)
349     printf(" (%s)",("revoked"));
350   if(keyrec->flags&2)
351     printf(" (%s)",("disabled"));
352   if(keyrec->flags&4)
353     printf(" (%s)",("expired"));
354
355   printf("\n");
356 }
357
358 /* Returns a keyrec (which must be freed) once a key is complete, and
359    NULL otherwise.  Call with a NULL keystring once key parsing is
360    complete to return any unfinished keys. */
361 static struct keyrec *
362 parse_keyrec(char *keystring)
363 {
364   static struct keyrec *work=NULL;
365   struct keyrec *ret=NULL;
366   char *record;
367   int i;
368
369   if(keystring==NULL)
370     {
371       if(work==NULL)
372         return NULL;
373       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
374         {
375           m_free(work);
376           return NULL;
377         }
378       else
379         {
380           ret=work;
381           work=NULL;
382           return ret;
383         }
384     }
385
386   if(work==NULL)
387     {
388       work=m_alloc_clear(sizeof(struct keyrec));
389       work->uidbuf=iobuf_temp();
390     }
391
392   /* Remove trailing whitespace */
393   for(i=strlen(keystring);i>0;i--)
394     if(ascii_isspace(keystring[i-1]))
395       keystring[i-1]='\0';
396     else
397       break;
398
399   if((record=strsep(&keystring,":"))==NULL)
400     return ret;
401
402   if(ascii_strcasecmp("pub",record)==0)
403     {
404       char *tok;
405
406       if(work->desc.mode)
407         {
408           ret=work;
409           work=m_alloc_clear(sizeof(struct keyrec));
410           work->uidbuf=iobuf_temp();
411         }
412
413       if((tok=strsep(&keystring,":"))==NULL)
414         return ret;
415
416       classify_user_id(tok,&work->desc);
417       if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
418          && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
419          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
420          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
421         {
422           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
423           return ret;
424         }
425
426       /* Note all items after this are optional.  This allows us to
427          have a pub line as simple as pub:keyid and nothing else. */
428
429       work->lines++;
430
431       if((tok=strsep(&keystring,":"))==NULL)
432         return ret;
433
434       work->type=atoi(tok);
435
436       if((tok=strsep(&keystring,":"))==NULL)
437         return ret;
438
439       work->size=atoi(tok);
440
441       if((tok=strsep(&keystring,":"))==NULL)
442         return ret;
443
444       if(atoi(tok)<0)
445         work->createtime=0;
446       else
447         work->createtime=atoi(tok);
448
449       if((tok=strsep(&keystring,":"))==NULL)
450         return ret;
451
452       if(atoi(tok)<0)
453         work->expiretime=0;
454       else
455         work->expiretime=atoi(tok);
456
457       if((tok=strsep(&keystring,":"))==NULL)
458         return ret;
459
460       while(*tok)
461         switch(*tok++)
462           {
463           case 'r':
464           case 'R':
465             work->flags|=1;
466             break;
467             
468           case 'd':
469           case 'D':
470             work->flags|=2;
471             break;
472
473           case 'e':
474           case 'E':
475             work->flags|=4;
476             break;
477           }
478
479       if(work->expiretime && work->expiretime<=make_timestamp())
480         work->flags|=4;
481     }
482   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
483     {
484       char *userid,*tok,*decoded;
485
486       if((tok=strsep(&keystring,":"))==NULL)
487         return ret;
488
489       if(strlen(tok)==0)
490         return ret;
491
492       userid=tok;
493
494       /* By definition, de-%-encoding is always smaller than the
495          original string so we can decode in place. */
496
497       i=0;
498
499       while(*tok)
500         if(tok[0]=='%' && tok[1] && tok[2])
501           {
502             if((userid[i]=hextobyte(&tok[1]))==-1)
503               userid[i]='?';
504
505             i++;
506             tok+=3;
507           }
508         else
509           userid[i++]=*tok++;
510
511       /* We don't care about the other info provided in the uid: line
512          since no keyserver supports marking userids with timestamps
513          or revoked/expired/disabled yet. */
514
515       /* No need to check for control characters, as utf8_to_native
516          does this for us. */
517
518       decoded=utf8_to_native(userid,i,0);
519       if(strlen(decoded)>opt.screen_columns-10)
520         decoded[opt.screen_columns-10]='\0';
521       iobuf_writestr(work->uidbuf,decoded);
522       m_free(decoded);
523       iobuf_writestr(work->uidbuf,"\n\t");
524       work->lines++;
525     }
526
527   /* Ignore any records other than "pri" and "uid" for easy future
528      growth. */
529
530   return ret;
531 }
532
533 /* TODO: do this as a list sent to keyserver_work rather than calling
534    it once for each key to get the correct counts after the import
535    (cosmetics, really) and to better take advantage of the keyservers
536    that can do multiple fetches in one go (LDAP). */
537 static int
538 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
539 {
540   char *answer;
541
542   if(count && opt.command_fd==-1)
543     {
544       static int from=1;
545       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
546       from=numdesc+1;
547     }
548
549   answer=cpr_get_no_help("keysearch.prompt",
550                          _("Enter number(s), N)ext, or Q)uit > "));
551   /* control-d */
552   if(answer[0]=='\x04')
553     {
554       printf("Q\n");
555       answer[0]='q';
556     }
557
558   if(answer[0]=='q' || answer[0]=='Q')
559     {
560       m_free(answer);
561       return 1;
562     }
563   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
564     {
565       char *split=answer,*num;
566
567       while((num=strsep(&split," ,"))!=NULL)
568         if(atoi(num)>=1 && atoi(num)<=numdesc)
569           keyserver_work(GET,NULL,&desc[atoi(num)-1],1,opt.keyserver);
570
571       m_free(answer);
572       return 1;
573     }
574
575   return 0;
576 }
577
578 /* Count and searchstr are just for cosmetics.  If the count is too
579    small, it will grow safely.  If negative it disables the "Key x-y
580    of z" messages. */
581 static void
582 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
583 {
584   int i=0,validcount=0,started=0,header=0,count=1;
585   unsigned int maxlen,buflen,numlines=0;
586   KEYDB_SEARCH_DESC *desc;
587   byte *line=NULL;
588
589   desc=m_alloc(count*sizeof(KEYDB_SEARCH_DESC));
590
591   for(;;)
592     {
593       struct keyrec *keyrec;
594       int rl;
595
596       maxlen=1024;
597       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
598
599       if(opt.with_colons)
600         {
601           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
602              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
603             {
604               header=1;
605               continue;
606             }
607           else if(ascii_strncasecmp("SEARCH ",line,7)==0
608                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
609             continue;
610
611           printf("%s",line);
612         }
613
614       /* Look for an info: line.  The only current info: values
615          defined are the version and key count. */
616       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
617         {
618           char *tok,*str=&line[5];
619
620           if((tok=strsep(&str,":"))!=NULL)
621             {
622               int version;
623
624               if(sscanf(tok,"%d",&version)!=1)
625                 version=1;
626
627               if(version!=1)
628                 {
629                   log_error(_("invalid keyserver protocol "
630                               "(us %d!=handler %d)\n"),1,version);
631                   break;
632                 }
633             }
634
635           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
636             {
637               if(count==0)
638                 goto notfound;
639               else if(count<0)
640                 count=10;
641               else
642                 validcount=1;
643
644               desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
645             }
646
647           started=1;
648           continue;
649         }
650
651       if(rl==0)
652         {
653           keyrec=parse_keyrec(NULL);
654
655           if(keyrec==NULL)
656             {
657               if(i==0)
658                 {
659                   count=0;
660                   break;
661                 }
662
663               if(i!=count)
664                 validcount=0;
665
666               for(;;)
667                 {
668                   if(show_prompt(desc,i,validcount?count:0,searchstr))
669                     break;
670                   validcount=0;
671                 }
672
673               break;
674             }
675         }
676       else
677         keyrec=parse_keyrec(line);
678
679       if(i==count)
680         {
681           /* keyserver helper sent more keys than they claimed in the
682              info: line. */
683           count+=10;
684           desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
685           validcount=0;
686         }
687
688       if(keyrec)
689         {
690           desc[i]=keyrec->desc;
691
692           if(!opt.with_colons)
693             {
694               /* screen_lines - 1 for the prompt. */
695               if(numlines+keyrec->lines>opt.screen_lines-1)
696                 {
697                   if(show_prompt(desc,i,validcount?count:0,searchstr))
698                     break;
699                   else
700                     numlines=0;
701                 }
702
703               print_keyrec(i+1,keyrec);
704             }
705
706           numlines+=keyrec->lines;
707           iobuf_close(keyrec->uidbuf);
708           m_free(keyrec);
709
710           started=1;
711           i++;
712         }
713     }
714
715   m_free(desc);
716   m_free(line);
717
718  notfound:
719   if(count==0)
720     {
721       if(searchstr)
722         log_info(_("key \"%s\" not found on keyserver\n"),searchstr);
723       else
724         log_info(_("key not found on keyserver\n"));
725       return;
726     }
727 }
728
729 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
730 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
731
732 static int 
733 keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
734                 int count,int *prog,struct keyserver_spec *keyserver)
735 {
736   int ret=0,i,gotversion=0,outofband=0;
737   STRLIST temp;
738   unsigned int maxlen,buflen;
739   char *command=NULL,*searchstr=NULL;
740   byte *line=NULL;
741   struct parse_options *kopts;
742   struct exec_info *spawn;
743
744   assert(keyserver);
745
746 #ifdef EXEC_TEMPFILE_ONLY
747   opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
748 #endif
749
750   /* Push the libexecdir into path.  If DISABLE_KEYSERVER_PATH is set,
751      use the 0 arg to replace the path. */
752 #ifdef DISABLE_KEYSERVER_PATH
753   set_exec_path(GNUPG_LIBEXECDIR,0);
754 #else
755   set_exec_path(GNUPG_LIBEXECDIR,opt.exec_path_set);
756 #endif
757
758   /* Build the filename for the helper to execute */
759   command=m_alloc(strlen("gpgkeys_")+strlen(keyserver->scheme)+1);
760   strcpy(command,"gpgkeys_");
761   strcat(command,keyserver->scheme);
762
763   if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
764     {
765       if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
766         {
767           command=m_realloc(command,strlen(command)+
768                             strlen(KEYSERVER_ARGS_KEEP)+1);
769           strcat(command,KEYSERVER_ARGS_KEEP);
770         }
771       else
772         {
773           command=m_realloc(command,strlen(command)+
774                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
775           strcat(command,KEYSERVER_ARGS_NOKEEP);  
776         }
777
778       ret=exec_write(&spawn,NULL,command,NULL,0,0);
779     }
780   else
781     ret=exec_write(&spawn,command,NULL,NULL,0,0);
782
783   if(ret)
784     return ret;
785
786   fprintf(spawn->tochild,"# This is a gpg keyserver communications file\n");
787   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
788   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
789   fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
790
791   if(keyserver->opaque)
792     fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
793   else
794     {
795       if(keyserver->host)
796         fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
797
798       if(keyserver->port)
799         fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
800
801       if(keyserver->path)
802         fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
803     }
804
805   /* Write options */
806
807   for(i=0,kopts=keyserver_opts;kopts[i].name;i++)
808     if(opt.keyserver_options.options & kopts[i].bit & REMOTE_TELL)
809       fprintf(spawn->tochild,"OPTION %s\n",kopts[i].name);
810
811   for(i=0;i<opt.keyserver_options.verbose;i++)
812     fprintf(spawn->tochild,"OPTION verbose\n");
813
814   for(temp=opt.keyserver_options.other;temp;temp=temp->next)
815     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
816
817   switch(action)
818     {
819     case GET:
820       {
821         fprintf(spawn->tochild,"COMMAND GET\n\n");
822
823         /* Which keys do we want? */
824
825         for(i=0;i<count;i++)
826           {
827             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
828               {
829                 int f;
830
831                 fprintf(spawn->tochild,"0x");
832
833                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
834                   fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]);
835
836                 fprintf(spawn->tochild,"\n");
837               }
838             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
839               {
840                 int f;
841
842                 fprintf(spawn->tochild,"0x");
843
844                 for(f=0;f<16;f++)
845                   fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]);
846
847                 fprintf(spawn->tochild,"\n");
848               }
849             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
850               fprintf(spawn->tochild,"0x%08lX%08lX\n",
851                       (ulong)desc[i].u.kid[0],
852                       (ulong)desc[i].u.kid[1]);
853             else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
854               fprintf(spawn->tochild,"0x%08lX\n",
855                       (ulong)desc[i].u.kid[1]);
856           }
857
858         fprintf(spawn->tochild,"\n");
859
860         break;
861       }
862
863     case SEND:
864       {
865         STRLIST key;
866
867         /* Note the extra \n here to send an empty keylist block */
868         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
869
870         for(key=list;key!=NULL;key=key->next)
871           {
872             armor_filter_context_t afx;
873             IOBUF buffer=iobuf_temp();
874             KBNODE block;
875
876             temp=NULL;
877             add_to_strlist(&temp,key->d);
878
879             memset(&afx,0,sizeof(afx));
880             afx.what=1;
881             iobuf_push_filter(buffer,armor_filter,&afx);
882
883             /* TODO: Remove Comment: lines from keys exported this
884                way? */
885
886             if(export_pubkeys_stream(buffer,temp,&block,
887                                      opt.keyserver_options.export_options)==-1)
888               iobuf_close(buffer);
889             else
890               {
891                 KBNODE node;
892
893                 iobuf_flush_temp(buffer);
894
895                 merge_keys_and_selfsig(block);
896
897                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
898                         (ulong)block->pkt->pkt.public_key->keyid[0],
899                         (ulong)block->pkt->pkt.public_key->keyid[1]);
900
901                 for(node=block;node;node=node->next)
902                   {
903                     switch(node->pkt->pkttype)
904                       {
905                       default:
906                         continue;
907
908                       case PKT_PUBLIC_KEY:
909                       case PKT_PUBLIC_SUBKEY:
910                         {
911                           PKT_public_key *pk=node->pkt->pkt.public_key;
912
913                           keyid_from_pk(pk,NULL);
914
915                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
916                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
917                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
918                                   pk->pubkey_algo,
919                                   nbits_from_pk(pk),
920                                   pk->timestamp,
921                                   pk->expiredate);
922
923                           if(pk->is_revoked)
924                             fprintf(spawn->tochild,"r");
925                           if(pk->has_expired)
926                             fprintf(spawn->tochild,"e");
927
928                           fprintf(spawn->tochild,"\n");
929                         }
930                         break;
931
932                       case PKT_USER_ID:
933                         {
934                           PKT_user_id *uid=node->pkt->pkt.user_id;
935                           int r;
936
937                           if(uid->attrib_data)
938                             continue;
939
940                           fprintf(spawn->tochild,"uid:");
941
942                           /* Quote ':', '%', and any 8-bit
943                              characters */
944                           for(r=0;r<uid->len;r++)
945                             {
946                               if(uid->name[r]==':' || uid->name[r]=='%'
947                                  || uid->name[r]&0x80)
948                                 fprintf(spawn->tochild,"%%%02X",
949                                         (byte)uid->name[r]);
950                               else
951                                 fprintf(spawn->tochild,"%c",uid->name[r]);
952                             }
953
954                           fprintf(spawn->tochild,":%u:%u:",
955                                   uid->created,uid->expiredate);
956
957                           if(uid->is_revoked)
958                             fprintf(spawn->tochild,"r");
959                           if(uid->is_expired)
960                             fprintf(spawn->tochild,"e");
961
962                           fprintf(spawn->tochild,"\n");
963                         }
964                         break;
965
966                         /* This bit is really for the benefit of
967                            people who store their keys in LDAP
968                            servers.  It makes it easy to do queries
969                            for things like "all keys signed by
970                            Isabella". */
971                       case PKT_SIGNATURE:
972                         {
973                           PKT_signature *sig=node->pkt->pkt.signature;
974
975                           if(!IS_UID_SIG(sig))
976                             continue;
977
978                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
979                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
980                                   sig->sig_class,sig->timestamp,
981                                   sig->expiredate);
982                         }
983                         break;
984                       }
985                   }
986
987                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
988                         (ulong)block->pkt->pkt.public_key->keyid[0],
989                         (ulong)block->pkt->pkt.public_key->keyid[1]);
990
991                 fprintf(spawn->tochild,"KEY %s BEGIN\n",key->d);
992                 fwrite(iobuf_get_temp_buffer(buffer),
993                        iobuf_get_temp_length(buffer),1,spawn->tochild);
994                 fprintf(spawn->tochild,"KEY %s END\n",key->d);
995
996                 iobuf_close(buffer);
997                 release_kbnode(block);
998               }
999
1000             free_strlist(temp);
1001           }
1002
1003         break;
1004       }
1005
1006     case SEARCH:
1007       {
1008         STRLIST key;
1009
1010         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
1011
1012         /* Which keys do we want?  Remember that the gpgkeys_ program
1013            is going to lump these together into a search string. */
1014
1015         for(key=list;key!=NULL;key=key->next)
1016           {
1017             fprintf(spawn->tochild,"%s\n",key->d);
1018             if(key!=list)
1019               {
1020                 searchstr=m_realloc(searchstr,
1021                                     strlen(searchstr)+strlen(key->d)+2);
1022                 strcat(searchstr," ");
1023               }
1024             else
1025               {
1026                 searchstr=m_alloc(strlen(key->d)+1);
1027                 searchstr[0]='\0';
1028               }
1029
1030             strcat(searchstr,key->d);
1031           }
1032
1033         fprintf(spawn->tochild,"\n");
1034
1035         break;
1036       }
1037
1038     default:
1039       log_fatal(_("no keyserver action!\n"));
1040       break;
1041     }
1042
1043   /* Done sending, so start reading. */
1044   ret=exec_read(spawn);
1045   if(ret)
1046     goto fail;
1047
1048   /* Now handle the response */
1049
1050   for(;;)
1051     {
1052       int plen;
1053       char *ptr;
1054
1055       maxlen=1024;
1056       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1057         {
1058           ret=G10ERR_READ_FILE;
1059           goto fail; /* i.e. EOF */
1060         }
1061
1062       ptr=line;
1063
1064       /* remove trailing whitespace */
1065       plen=strlen(ptr);
1066       while(plen>0 && ascii_isspace(ptr[plen-1]))
1067         plen--;
1068       plen[ptr]='\0';
1069
1070       if(*ptr=='\0')
1071         break;
1072
1073       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1074         {
1075           gotversion=1;
1076
1077           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1078             {
1079               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1080                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1081               goto fail;
1082             }
1083         }
1084       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1085         {
1086           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1087             log_info(_("WARNING: keyserver handler from a different "
1088                        "version of GnuPG (%s)\n"),&ptr[8]);
1089         }
1090       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1091         outofband=1; /* Currently the only OPTION */
1092     }
1093
1094   if(!gotversion)
1095     {
1096       log_error(_("keyserver did not send VERSION\n"));
1097       goto fail;
1098     }
1099
1100   if(!outofband)
1101     switch(action)
1102       {
1103       case GET:
1104         {
1105           void *stats_handle;
1106
1107           stats_handle=import_new_stats_handle();
1108
1109           /* Slurp up all the key data.  In the future, it might be
1110              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1111              It's harmless to ignore them, but ignoring them does make
1112              gpg complain about "no valid OpenPGP data found".  One
1113              way to do this could be to continue parsing this
1114              line-by-line and make a temp iobuf for each key. */
1115
1116           import_keys_stream(spawn->fromchild,stats_handle,
1117                              opt.keyserver_options.import_options);
1118
1119           import_print_stats(stats_handle);
1120           import_release_stats_handle(stats_handle);
1121
1122           break;
1123         }
1124
1125         /* Nothing to do here */
1126       case SEND:
1127         break;
1128
1129       case SEARCH:
1130         {
1131           keyserver_search_prompt(spawn->fromchild,searchstr);
1132
1133           break;
1134         }
1135
1136       default:
1137         log_fatal(_("no keyserver action!\n"));
1138         break;
1139       }
1140
1141  fail:
1142   m_free(line);
1143
1144   *prog=exec_finish(spawn);
1145
1146   return ret;
1147 }
1148
1149 static int 
1150 keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
1151                int count,struct keyserver_spec *keyserver)
1152 {
1153   int rc=0,ret=0;
1154
1155   if(!keyserver)
1156     {
1157       log_error(_("no keyserver known (use option --keyserver)\n"));
1158       return G10ERR_BAD_URI;
1159     }
1160
1161 #ifdef DISABLE_KEYSERVER_HELPERS
1162
1163   log_error(_("external keyserver calls are not supported in this build\n"));
1164   return G10ERR_KEYSERVER;
1165
1166 #else
1167   /* Spawn a handler */
1168
1169   rc=keyserver_spawn(action,list,desc,count,&ret,keyserver);
1170   if(ret)
1171     {
1172       switch(ret)
1173         {
1174         case KEYSERVER_SCHEME_NOT_FOUND:
1175           log_error(_("no handler for keyserver scheme \"%s\"\n"),
1176                     opt.keyserver->scheme);
1177           break;
1178
1179         case KEYSERVER_NOT_SUPPORTED:
1180           log_error(_("action \"%s\" not supported with keyserver "
1181                       "scheme \"%s\"\n"),
1182                     action==GET?"get":action==SEND?"send":
1183                     action==SEARCH?"search":"unknown",
1184                     opt.keyserver->scheme);
1185           break;
1186
1187         case KEYSERVER_VERSION_ERROR:
1188           log_error(_("gpgkeys_%s does not support handler version %d\n"),
1189                     opt.keyserver->scheme,KEYSERVER_PROTO_VERSION);
1190           break;
1191
1192         case KEYSERVER_INTERNAL_ERROR:
1193         default:
1194           log_error(_("keyserver internal error\n"));
1195           break;
1196         }
1197
1198       return G10ERR_KEYSERVER;
1199     }
1200
1201   if(rc)
1202     {
1203       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1204
1205       return rc;
1206     }
1207
1208   return 0;
1209 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1210 }
1211
1212 int 
1213 keyserver_export(STRLIST users)
1214 {
1215   STRLIST sl=NULL;
1216   KEYDB_SEARCH_DESC desc;
1217   int rc=0;
1218
1219   /* Weed out descriptors that we don't support sending */
1220   for(;users;users=users->next)
1221     {
1222       classify_user_id (users->d, &desc);
1223       if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1224          desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1225          desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
1226          desc.mode!=KEYDB_SEARCH_MODE_FPR20)
1227         {
1228           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1229           continue;
1230         }
1231       else
1232         append_to_strlist(&sl,users->d);
1233     }
1234
1235   if(sl)
1236     {
1237       rc=keyserver_work(SEND,sl,NULL,0,opt.keyserver);
1238       free_strlist(sl);
1239     }
1240
1241   return rc;
1242 }
1243
1244 int 
1245 keyserver_import(STRLIST users)
1246 {
1247   KEYDB_SEARCH_DESC *desc;
1248   int num=100,count=0;
1249   int rc=0;
1250
1251   /* Build a list of key ids */
1252   desc=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
1253
1254   for(;users;users=users->next)
1255     {
1256       classify_user_id (users->d, &desc[count]);
1257       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1258          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1259          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
1260          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
1261         {
1262           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1263           continue;
1264         }
1265
1266       count++;
1267       if(count==num)
1268         {
1269           num+=100;
1270           desc=m_realloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1271         }
1272     }
1273
1274   if(count>0)
1275     rc=keyserver_work(GET,NULL,desc,count,opt.keyserver);
1276
1277   m_free(desc);
1278
1279   return rc;
1280 }
1281
1282 int
1283 keyserver_import_fprint(const byte *fprint,size_t fprint_len)
1284 {
1285   KEYDB_SEARCH_DESC desc;
1286
1287   memset(&desc,0,sizeof(desc));
1288
1289   if(fprint_len==16)
1290     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1291   else if(fprint_len==20)
1292     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1293   else
1294     return -1;
1295
1296   memcpy(desc.u.fpr,fprint,fprint_len);
1297
1298   return keyserver_work(GET,NULL,&desc,1,opt.keyserver);
1299 }
1300
1301 int 
1302 keyserver_import_keyid(u32 *keyid)
1303 {
1304   KEYDB_SEARCH_DESC desc;
1305
1306   memset(&desc,0,sizeof(desc));
1307
1308   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1309   desc.u.kid[0]=keyid[0];
1310   desc.u.kid[1]=keyid[1];
1311
1312   return keyserver_work(GET,NULL,&desc,1,opt.keyserver);
1313 }
1314
1315 /* code mostly stolen from do_export_stream */
1316 static int 
1317 keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1318 {
1319   int rc=0,ndesc,num=100;
1320   KBNODE keyblock=NULL,node;
1321   KEYDB_HANDLE kdbhd;
1322   KEYDB_SEARCH_DESC *desc;
1323   STRLIST sl;
1324
1325   *count=0;
1326
1327   *klist=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
1328
1329   kdbhd=keydb_new(0);
1330
1331   if(!users)
1332     {
1333       ndesc = 1;
1334       desc = m_alloc_clear ( ndesc * sizeof *desc);
1335       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1336     }
1337   else
1338     {
1339       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1340         ;
1341       desc = m_alloc ( ndesc * sizeof *desc);
1342         
1343       for (ndesc=0, sl=users; sl; sl = sl->next)
1344         {
1345           if(classify_user_id (sl->d, desc+ndesc))
1346             ndesc++;
1347           else
1348             log_error (_("key `%s' not found: %s\n"),
1349                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
1350         }
1351     }
1352
1353   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1354     {
1355       if (!users) 
1356         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1357
1358       /* read the keyblock */
1359       rc = keydb_get_keyblock (kdbhd, &keyblock );
1360       if( rc )
1361         {
1362           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1363           goto leave;
1364         }
1365
1366       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1367         {
1368           /* This is to work around a bug in some keyservers (pksd and
1369              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1370              The answer is to refresh both the correct v4 keyid
1371              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1372              This only happens for key refresh using the HKP scheme
1373              and if the refresh-add-fake-v3-keyids keyserver option is
1374              set. */
1375           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1376              node->pkt->pkt.public_key->version>=4)
1377             {
1378               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1379               mpi_get_keyid(node->pkt->pkt.public_key->pkey[0],
1380                             (*klist)[*count].u.kid);
1381               (*count)++;
1382
1383               if(*count==num)
1384                 {
1385                   num+=100;
1386                   *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1387                 }
1388             }
1389
1390           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1391              This is because it's easy to calculate any sort of keyid
1392              from a v4 fingerprint, but not a v3 fingerprint. */
1393
1394           if(node->pkt->pkt.public_key->version<4)
1395             {
1396               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1397               keyid_from_pk(node->pkt->pkt.public_key,
1398                             (*klist)[*count].u.kid);
1399             }
1400           else
1401             {
1402               size_t dummy;
1403
1404               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1405               fingerprint_from_pk(node->pkt->pkt.public_key,
1406                                   (*klist)[*count].u.fpr,&dummy);
1407             }
1408
1409           (*klist)[*count].skipfncvalue=NULL;
1410
1411           /* Are we honoring preferred keyservers? */
1412           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1413             {
1414               PKT_user_id *uid=NULL;
1415               PKT_signature *sig=NULL;
1416
1417               merge_keys_and_selfsig(keyblock);
1418
1419               for(node=node->next;node;node=node->next)
1420                 {
1421                   if(node->pkt->pkttype==PKT_USER_ID
1422                      && node->pkt->pkt.user_id->is_primary)
1423                     uid=node->pkt->pkt.user_id;
1424                   else if(node->pkt->pkttype==PKT_SIGNATURE
1425                           && node->pkt->pkt.signature->
1426                           flags.chosen_selfsig && uid)
1427                     {
1428                       sig=node->pkt->pkt.signature;
1429                       break;
1430                     }
1431                 }
1432
1433               if(uid && sig)
1434                 {
1435                   const byte *p;
1436                   size_t plen;
1437                   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
1438                   if(p && plen)
1439                     {
1440                       byte *dupe=m_alloc(plen+1);
1441
1442                       memcpy(dupe,p,plen);
1443                       dupe[plen]='\0';
1444
1445                       /* Try and parse the keyserver URL.  If it
1446                          doesn't work, then we end up writing NULL
1447                          which indicates we are the same as any other
1448                          key. */
1449
1450                       (*klist)[*count].skipfncvalue=
1451                         parse_keyserver_uri(dupe,0,NULL,0);
1452                       m_free(dupe);
1453                     }
1454                 }
1455             }
1456
1457           (*count)++;
1458
1459           if(*count==num)
1460             {
1461               num+=100;
1462               *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1463             }
1464         }
1465     }
1466
1467   if(rc==-1)
1468     rc=0;
1469   
1470  leave:
1471   if(rc)
1472     m_free(*klist);
1473   m_free(desc);
1474   keydb_release(kdbhd);
1475   release_kbnode(keyblock);
1476
1477   return rc;
1478 }
1479
1480 /* Note this is different than the original HKP refresh.  It allows
1481    usernames to refresh only part of the keyring. */
1482
1483 int 
1484 keyserver_refresh(STRLIST users)
1485 {
1486   int rc,count,fakev3=0;
1487   KEYDB_SEARCH_DESC *desc;
1488
1489   /* We switch merge_only on during a refresh, as 'refresh' should
1490      never import new keys, even if their keyids match.  Is it worth
1491      preserving the old merge_only value here? */
1492   opt.import_options|=IMPORT_MERGE_ONLY;
1493
1494   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1495      scheme, then enable fake v3 keyid generation. */
1496   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1497      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1498          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1499     fakev3=1;
1500
1501   rc=keyidlist(users,&desc,&count,fakev3);
1502   if(rc)
1503     return rc;
1504
1505   if(count>0)
1506     {
1507       int i;
1508
1509       /* Try to handle preferred keyserver keys first */
1510       for(i=0;i<count;i++)
1511         {
1512           if(desc[i].skipfncvalue)
1513             {
1514               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1515
1516               /* We use the keyserver structure we parsed out before.
1517                  Note that a preferred keyserver without a scheme://
1518                  will be interpreted as hkp:// */
1519
1520               rc=keyserver_work(GET,NULL,&desc[i],1,keyserver);
1521               if(rc)
1522                 log_info(_("WARNING: unable to refresh key %s"
1523                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
1524                          keyserver->uri,g10_errstr(rc));
1525               else
1526                 {
1527                   /* We got it, so mark it as NONE so we don't try and
1528                      get it again from the regular keyserver. */
1529
1530                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1531                 }
1532
1533               free_keyserver_spec(keyserver);
1534             }
1535         }
1536
1537       if(opt.keyserver)
1538         {
1539           if(count==1)
1540             log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
1541           else
1542             log_info(_("refreshing %d keys from %s\n"),
1543                      count,opt.keyserver->uri);
1544         }
1545
1546       rc=keyserver_work(GET,NULL,desc,count,opt.keyserver);
1547     }
1548
1549   m_free(desc);
1550
1551   return rc;
1552 }
1553
1554 int
1555 keyserver_search(STRLIST tokens)
1556 {
1557   if(tokens)
1558     return keyserver_work(SEARCH,tokens,NULL,0,opt.keyserver);
1559   else
1560     return 0;
1561 }