* keyserver.c (parse_keyserver_options): Accept honor-http-proxy as an
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
3  *
4  * This file is part of GnuPG.
5  *
6  * GnuPG is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * GnuPG is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19  */
20
21 #include <config.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <assert.h>
27 #include "filter.h"
28 #include "keydb.h"
29 #include "status.h"
30 #include "exec.h"
31 #include "main.h"
32 #include "i18n.h"
33 #include "iobuf.h"
34 #include "memory.h"
35 #include "ttyio.h"
36 #include "options.h"
37 #include "packet.h"
38 #include "trustdb.h"
39 #include "keyserver-internal.h"
40 #include "util.h"
41
42 #define GET    0
43 #define SEND   1
44 #define SEARCH 2
45
46 struct keyrec
47 {
48   KEYDB_SEARCH_DESC desc;
49   u32 createtime,expiretime;
50   int size,flags;
51   byte type;
52   IOBUF uidbuf;
53   unsigned int lines;
54 };
55
56 /* Tell remote processes about these options */
57 #define REMOTE_TELL (KEYSERVER_INCLUDE_REVOKED|KEYSERVER_INCLUDE_DISABLED|KEYSERVER_INCLUDE_SUBKEYS|KEYSERVER_TRY_DNS_SRV)
58
59 static struct parse_options keyserver_opts[]=
60   {
61     {"include-revoked",KEYSERVER_INCLUDE_REVOKED,NULL},      
62     {"include-disabled",KEYSERVER_INCLUDE_DISABLED,NULL},
63     {"include-subkeys",KEYSERVER_INCLUDE_SUBKEYS,NULL},
64     {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL},
65     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL},
66     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL},
67     {"try-dns-srv",KEYSERVER_TRY_DNS_SRV,NULL},
68     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL},
69     {NULL,0,NULL}
70   };
71
72 static int keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
73                           int count,struct keyserver_spec *keyserver);
74
75 int
76 parse_keyserver_options(char *options)
77 {
78   int ret=1;
79   char *tok;
80
81   while((tok=optsep(&options)))
82     {
83       if(tok[0]=='\0')
84         continue;
85
86       /* For backwards compatibility.  1.2.x used honor-http-proxy and
87          there are a good number of documents published that recommend
88          it. */
89       if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
90         tok="http-proxy";
91       else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
92         tok="no-http-proxy";
93
94       /* We accept quite a few possible options here - some options to
95          handle specially, the keyserver_options list, and import and
96          export options that pertain to keyserver operations.  Note
97          that you must use strncasecmp here as there might be an
98          =argument attached which will foil the use of strcasecmp. */
99
100       if(ascii_strncasecmp(tok,"verbose",7)==0)
101         opt.keyserver_options.verbose++;
102       else if(ascii_strncasecmp(tok,"no-verbose",10)==0)
103         opt.keyserver_options.verbose--;
104 #ifdef EXEC_TEMPFILE_ONLY
105       else if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
106               ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
107         log_info(_("WARNING: keyserver option `%s' is not used"
108                    " on this platform\n"),tok);
109 #else
110       else if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
111         opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
112       else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
113         opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
114 #endif
115       else if(!parse_options(tok,&opt.keyserver_options.options,
116                              keyserver_opts,0)
117          && !parse_import_options(tok,
118                                   &opt.keyserver_options.import_options,0)
119          && !parse_export_options(tok,
120                                   &opt.keyserver_options.export_options,0))
121         {
122           /* All of the standard options have failed, so the option is
123              destined for a keyserver plugin. */
124           char *arg=argsplit(tok);
125
126           if(arg)
127             {
128               char *joined;
129
130               joined=m_alloc(strlen(tok)+1+strlen(arg)+1);
131               /* Make a canonical name=value form with no
132                  spaces */
133               strcpy(joined,tok);
134               strcat(joined,"=");
135               strcat(joined,arg);
136               add_to_strlist(&opt.keyserver_options.other,joined);
137               m_free(joined);
138             }
139           else
140             add_to_strlist(&opt.keyserver_options.other,tok);
141         }
142     }
143
144   return ret;
145 }
146
147 void
148 free_keyserver_spec(struct keyserver_spec *keyserver)
149 {
150   m_free(keyserver->uri);
151   m_free(keyserver->scheme);
152   m_free(keyserver->auth);
153   m_free(keyserver->host);
154   m_free(keyserver->port);
155   m_free(keyserver->path);
156   m_free(keyserver->opaque);
157   m_free(keyserver);
158 }
159
160 struct keyserver_spec *
161 parse_keyserver_uri(const char *uri,int require_scheme,
162                     const char *configname,unsigned int configlineno)
163 {
164   int assume_hkp=0;
165   struct keyserver_spec *keyserver;
166   const char *idx;
167   int count;
168
169   assert(uri!=NULL);
170
171   keyserver=m_alloc_clear(sizeof(struct keyserver_spec));
172
173   keyserver->uri=m_strdup(uri);
174
175   /* Get the scheme */
176
177   for(idx=uri,count=0;*idx && *idx!=':';idx++)
178     {
179       count++;
180
181       /* Do we see the start of an RFC-2732 ipv6 address here?  If so,
182          there clearly isn't a scheme so get out early. */
183       if(*idx=='[')
184         {
185           /* Was the '[' the first thing in the string?  If not, we
186              have a mangled scheme with a [ in it so fail. */
187           if(count==1)
188             break;
189           else
190             goto fail;
191         }
192     }
193
194   if(count==0)
195     goto fail;
196
197   if(*idx=='\0' || *idx=='[')
198     {
199       if(require_scheme)
200         return NULL;
201
202       /* Assume HKP if there is no scheme */
203       assume_hkp=1;
204       keyserver->scheme=m_strdup("hkp");
205     }
206   else
207     {
208       int i;
209
210       keyserver->scheme=m_alloc(count+1);
211
212       /* Force to lowercase */
213       for(i=0;i<count;i++)
214         keyserver->scheme[i]=ascii_tolower(uri[i]);
215
216       keyserver->scheme[i]='\0';
217
218       /* Skip past the scheme and colon */
219       uri+=count+1;
220     }
221
222   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
223     {
224       deprecated_warning(configname,configlineno,"x-broken-hkp",
225                          "--keyserver-options ","broken-http-proxy");
226       m_free(keyserver->scheme);
227       keyserver->scheme=m_strdup("hkp");
228       add_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
229     }
230   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
231     {
232       /* Canonicalize this to "hkp" so it works with both the internal
233          and external keyserver interface. */
234       m_free(keyserver->scheme);
235       keyserver->scheme=m_strdup("hkp");
236     }
237
238   if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
239     {
240       /* Two slashes means network path. */
241
242       /* Skip over the "//", if any */
243       if(!assume_hkp)
244         uri+=2;
245
246       /* Do we have userinfo auth data present? */
247       for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
248         count++;
249
250       /* We found a @ before the slash, so that means everything
251          before the @ is auth data. */
252       if(*idx=='@')
253         {
254           if(count==0)
255             goto fail;
256
257           keyserver->auth=m_alloc(count+1);
258           strncpy(keyserver->auth,uri,count);
259           keyserver->auth[count]='\0';
260           uri+=count+1;
261         }
262
263       /* Is it an RFC-2732 ipv6 [literal address] ? */
264       if(*uri=='[')
265         {
266           for(idx=uri+1,count=1;*idx
267                 && (isxdigit(*idx) || *idx==':' || *idx=='.');idx++)
268             count++;
269
270           /* Is the ipv6 literal address terminated? */
271           if(*idx==']')
272             count++;
273           else
274             goto fail;
275         }
276       else
277         for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
278           count++;
279
280       if(count==0)
281         goto fail;
282
283       keyserver->host=m_alloc(count+1);
284       strncpy(keyserver->host,uri,count);
285       keyserver->host[count]='\0';
286
287       /* Skip past the host */
288       uri+=count;
289
290       if(*uri==':')
291         {
292           /* It would seem to be reasonable to limit the range of the
293              ports to values between 1-65535, but RFC 1738 and 1808
294              imply there is no limit.  Of course, the real world has
295              limits. */
296
297           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
298             {
299               count++;
300
301               /* Ports are digits only */
302               if(!digitp(idx))
303                 goto fail;
304             }
305
306           keyserver->port=m_alloc(count+1);
307           strncpy(keyserver->port,uri+1,count);
308           keyserver->port[count]='\0';
309
310           /* Skip past the colon and port number */
311           uri+=1+count;
312         }
313
314       /* Everything else is the path */
315       if(*uri)
316         keyserver->path=m_strdup(uri);
317       else
318         keyserver->path=m_strdup("/");
319     }
320   else if(uri[0]!='/')
321     {
322       /* No slash means opaque.  Just record the opaque blob and get
323          out. */
324       keyserver->opaque=m_strdup(uri);
325     }
326   else
327     {
328       /* One slash means absolute path.  We don't need to support that
329          yet. */
330       goto fail;
331     }
332
333   return keyserver;
334
335  fail:
336   free_keyserver_spec(keyserver);
337
338   return NULL;
339 }
340
341 struct keyserver_spec *
342 parse_preferred_keyserver(PKT_signature *sig)
343 {
344   struct keyserver_spec *spec=NULL;
345   const byte *p;
346   size_t plen;
347
348   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
349   if(p && plen)
350     {
351       byte *dupe=m_alloc(plen+1);
352
353       memcpy(dupe,p,plen);
354       dupe[plen]='\0';
355       spec=parse_keyserver_uri(dupe,1,NULL,0);
356       m_free(dupe);
357     }
358
359   return spec;
360 }
361
362 static void
363 print_keyrec(int number,struct keyrec *keyrec)
364 {
365   int i;
366
367   iobuf_writebyte(keyrec->uidbuf,0);
368   iobuf_flush_temp(keyrec->uidbuf);
369   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
370
371   if(keyrec->size>0)
372     printf("%d bit ",keyrec->size);
373
374   if(keyrec->type)
375     {
376       const char *str=pubkey_algo_to_string(keyrec->type);
377
378       if(str)
379         printf("%s ",str);
380       else
381         printf("unknown ");
382     }
383
384   switch(keyrec->desc.mode)
385     {
386       /* If the keyserver helper gave us a short keyid, we have no
387          choice but to use it.  Do check --keyid-format to add a 0x if
388          needed. */
389     case KEYDB_SEARCH_MODE_SHORT_KID:
390       printf("key %s%08lX",
391              (opt.keyid_format==KF_0xSHORT
392               || opt.keyid_format==KF_0xLONG)?"0x":"",
393              (ulong)keyrec->desc.u.kid[1]);
394       break;
395
396       /* However, if it gave us a long keyid, we can honor
397          --keyid-format */
398     case KEYDB_SEARCH_MODE_LONG_KID:
399       printf("key %s",keystr(keyrec->desc.u.kid));
400       break;
401
402     case KEYDB_SEARCH_MODE_FPR16:
403       printf("key ");
404       for(i=0;i<16;i++)
405         printf("%02X",keyrec->desc.u.fpr[i]);
406       break;
407
408     case KEYDB_SEARCH_MODE_FPR20:
409       printf("key ");
410       for(i=0;i<20;i++)
411         printf("%02X",keyrec->desc.u.fpr[i]);
412       break;
413
414     default:
415       BUG();
416       break;
417     }
418
419   if(keyrec->createtime>0)
420     {
421       printf(", ");
422       printf(_("created: %s"),strtimestamp(keyrec->createtime));
423     }
424
425   if(keyrec->expiretime>0)
426     {
427       printf(", ");
428       printf(_("expires: %s"),strtimestamp(keyrec->expiretime));
429     }
430
431   if(keyrec->flags&1)
432     printf(" (%s)",_("revoked"));
433   if(keyrec->flags&2)
434     printf(" (%s)",_("disabled"));
435   if(keyrec->flags&4)
436     printf(" (%s)",_("expired"));
437
438   printf("\n");
439 }
440
441 /* Returns a keyrec (which must be freed) once a key is complete, and
442    NULL otherwise.  Call with a NULL keystring once key parsing is
443    complete to return any unfinished keys. */
444 static struct keyrec *
445 parse_keyrec(char *keystring)
446 {
447   static struct keyrec *work=NULL;
448   struct keyrec *ret=NULL;
449   char *record;
450   int i;
451
452   if(keystring==NULL)
453     {
454       if(work==NULL)
455         return NULL;
456       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
457         {
458           m_free(work);
459           return NULL;
460         }
461       else
462         {
463           ret=work;
464           work=NULL;
465           return ret;
466         }
467     }
468
469   if(work==NULL)
470     {
471       work=m_alloc_clear(sizeof(struct keyrec));
472       work->uidbuf=iobuf_temp();
473     }
474
475   /* Remove trailing whitespace */
476   for(i=strlen(keystring);i>0;i--)
477     if(ascii_isspace(keystring[i-1]))
478       keystring[i-1]='\0';
479     else
480       break;
481
482   if((record=strsep(&keystring,":"))==NULL)
483     return ret;
484
485   if(ascii_strcasecmp("pub",record)==0)
486     {
487       char *tok;
488
489       if(work->desc.mode)
490         {
491           ret=work;
492           work=m_alloc_clear(sizeof(struct keyrec));
493           work->uidbuf=iobuf_temp();
494         }
495
496       if((tok=strsep(&keystring,":"))==NULL)
497         return ret;
498
499       classify_user_id(tok,&work->desc);
500       if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
501          && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
502          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
503          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
504         {
505           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
506           return ret;
507         }
508
509       /* Note all items after this are optional.  This allows us to
510          have a pub line as simple as pub:keyid and nothing else. */
511
512       work->lines++;
513
514       if((tok=strsep(&keystring,":"))==NULL)
515         return ret;
516
517       work->type=atoi(tok);
518
519       if((tok=strsep(&keystring,":"))==NULL)
520         return ret;
521
522       work->size=atoi(tok);
523
524       if((tok=strsep(&keystring,":"))==NULL)
525         return ret;
526
527       if(atoi(tok)<=0)
528         work->createtime=0;
529       else
530         work->createtime=atoi(tok);
531
532       if((tok=strsep(&keystring,":"))==NULL)
533         return ret;
534
535       if(atoi(tok)<=0)
536         work->expiretime=0;
537       else
538         {
539           work->expiretime=atoi(tok);
540           /* Force the 'e' flag on if this key is expired. */
541           if(work->expiretime<=make_timestamp())
542             work->flags|=4;
543         }
544
545       if((tok=strsep(&keystring,":"))==NULL)
546         return ret;
547
548       while(*tok)
549         switch(*tok++)
550           {
551           case 'r':
552           case 'R':
553             work->flags|=1;
554             break;
555             
556           case 'd':
557           case 'D':
558             work->flags|=2;
559             break;
560
561           case 'e':
562           case 'E':
563             work->flags|=4;
564             break;
565           }
566     }
567   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
568     {
569       char *userid,*tok,*decoded;
570
571       if((tok=strsep(&keystring,":"))==NULL)
572         return ret;
573
574       if(strlen(tok)==0)
575         return ret;
576
577       userid=tok;
578
579       /* By definition, de-%-encoding is always smaller than the
580          original string so we can decode in place. */
581
582       i=0;
583
584       while(*tok)
585         if(tok[0]=='%' && tok[1] && tok[2])
586           {
587             if((userid[i]=hextobyte(&tok[1]))==-1)
588               userid[i]='?';
589
590             i++;
591             tok+=3;
592           }
593         else
594           userid[i++]=*tok++;
595
596       /* We don't care about the other info provided in the uid: line
597          since no keyserver supports marking userids with timestamps
598          or revoked/expired/disabled yet. */
599
600       /* No need to check for control characters, as utf8_to_native
601          does this for us. */
602
603       decoded=utf8_to_native(userid,i,0);
604       if(strlen(decoded)>opt.screen_columns-10)
605         decoded[opt.screen_columns-10]='\0';
606       iobuf_writestr(work->uidbuf,decoded);
607       m_free(decoded);
608       iobuf_writestr(work->uidbuf,"\n\t");
609       work->lines++;
610     }
611
612   /* Ignore any records other than "pri" and "uid" for easy future
613      growth. */
614
615   return ret;
616 }
617
618 /* TODO: do this as a list sent to keyserver_work rather than calling
619    it once for each key to get the correct counts after the import
620    (cosmetics, really) and to better take advantage of the keyservers
621    that can do multiple fetches in one go (LDAP). */
622 static int
623 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
624 {
625   char *answer;
626
627   if(count && opt.command_fd==-1)
628     {
629       static int from=1;
630       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
631       from=numdesc+1;
632     }
633
634   answer=cpr_get_no_help("keysearch.prompt",
635                          _("Enter number(s), N)ext, or Q)uit > "));
636   /* control-d */
637   if(answer[0]=='\x04')
638     {
639       printf("Q\n");
640       answer[0]='q';
641     }
642
643   if(answer[0]=='q' || answer[0]=='Q')
644     {
645       m_free(answer);
646       return 1;
647     }
648   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
649     {
650       char *split=answer,*num;
651
652       while((num=strsep(&split," ,"))!=NULL)
653         if(atoi(num)>=1 && atoi(num)<=numdesc)
654           keyserver_work(GET,NULL,&desc[atoi(num)-1],1,opt.keyserver);
655
656       m_free(answer);
657       return 1;
658     }
659
660   return 0;
661 }
662
663 /* Count and searchstr are just for cosmetics.  If the count is too
664    small, it will grow safely.  If negative it disables the "Key x-y
665    of z" messages.  searchstr should be UTF-8 (rather than native). */
666 static void
667 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
668 {
669   int i=0,validcount=0,started=0,header=0,count=1;
670   unsigned int maxlen,buflen,numlines=0;
671   KEYDB_SEARCH_DESC *desc;
672   byte *line=NULL;
673   char *localstr=NULL;
674
675   if(searchstr)
676     localstr=utf8_to_native(searchstr,strlen(searchstr),0);
677
678   desc=m_alloc(count*sizeof(KEYDB_SEARCH_DESC));
679
680   for(;;)
681     {
682       struct keyrec *keyrec;
683       int rl;
684
685       maxlen=1024;
686       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
687
688       if(opt.with_colons)
689         {
690           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
691              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
692             {
693               header=1;
694               continue;
695             }
696           else if(ascii_strncasecmp("SEARCH ",line,7)==0
697                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
698             continue;
699
700           printf("%s",line);
701         }
702
703       /* Look for an info: line.  The only current info: values
704          defined are the version and key count. */
705       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
706         {
707           char *tok,*str=&line[5];
708
709           if((tok=strsep(&str,":"))!=NULL)
710             {
711               int version;
712
713               if(sscanf(tok,"%d",&version)!=1)
714                 version=1;
715
716               if(version!=1)
717                 {
718                   log_error(_("invalid keyserver protocol "
719                               "(us %d!=handler %d)\n"),1,version);
720                   break;
721                 }
722             }
723
724           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
725             {
726               if(count==0)
727                 goto notfound;
728               else if(count<0)
729                 count=10;
730               else
731                 validcount=1;
732
733               desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
734             }
735
736           started=1;
737           continue;
738         }
739
740       if(rl==0)
741         {
742           keyrec=parse_keyrec(NULL);
743
744           if(keyrec==NULL)
745             {
746               if(i==0)
747                 {
748                   count=0;
749                   break;
750                 }
751
752               if(i!=count)
753                 validcount=0;
754
755               for(;;)
756                 {
757                   if(show_prompt(desc,i,validcount?count:0,localstr))
758                     break;
759                   validcount=0;
760                 }
761
762               break;
763             }
764         }
765       else
766         keyrec=parse_keyrec(line);
767
768       if(i==count)
769         {
770           /* keyserver helper sent more keys than they claimed in the
771              info: line. */
772           count+=10;
773           desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
774           validcount=0;
775         }
776
777       if(keyrec)
778         {
779           desc[i]=keyrec->desc;
780
781           if(!opt.with_colons)
782             {
783               /* screen_lines - 1 for the prompt. */
784               if(numlines+keyrec->lines>opt.screen_lines-1)
785                 {
786                   if(show_prompt(desc,i,validcount?count:0,localstr))
787                     break;
788                   else
789                     numlines=0;
790                 }
791
792               print_keyrec(i+1,keyrec);
793             }
794
795           numlines+=keyrec->lines;
796           iobuf_close(keyrec->uidbuf);
797           m_free(keyrec);
798
799           started=1;
800           i++;
801         }
802     }
803
804  notfound:
805   if(count==0)
806     {
807       if(localstr)
808         log_info(_("key \"%s\" not found on keyserver\n"),localstr);
809       else
810         log_info(_("key not found on keyserver\n"));
811     }
812
813   m_free(localstr);
814   m_free(desc);
815   m_free(line);
816 }
817
818 /* We sometimes want to use a different gpgkeys_xxx for a given
819    protocol (for example, ldaps is handled by gpgkeys_ldap).  Map
820    these here. */
821 static const char *
822 keyserver_typemap(const char *type)
823 {
824   if(strcmp(type,"ldaps")==0)
825     return "ldap";
826 #ifdef FTP_VIA_LIBCURL
827   else if(strcmp(type,"ftp")==0)
828     return "curl";
829 #endif
830 #ifdef FTPS_VIA_LIBCURL
831   else if(strcmp(type,"ftps")==0)
832     return "curl";
833 #endif
834 #ifdef HTTP_VIA_LIBCURL
835   else if(strcmp(type,"http")==0)
836     return "curl";
837 #endif
838 #ifdef HTTPS_VIA_LIBCURL
839   else if(strcmp(type,"https")==0)
840     return "curl";
841 #endif
842   else
843     return type;
844 }
845
846 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
847 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
848
849 static int 
850 keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
851                 int count,int *prog,struct keyserver_spec *keyserver)
852 {
853   int ret=0,i,gotversion=0,outofband=0;
854   STRLIST temp;
855   unsigned int maxlen,buflen;
856   char *command=NULL,*searchstr=NULL;
857   byte *line=NULL;
858   struct parse_options *kopts;
859   struct exec_info *spawn;
860   const char *scheme;
861
862   assert(keyserver);
863
864 #ifdef EXEC_TEMPFILE_ONLY
865   opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
866 #endif
867
868   /* Push the libexecdir into path.  If DISABLE_KEYSERVER_PATH is set,
869      use the 0 arg to replace the path. */
870 #ifdef DISABLE_KEYSERVER_PATH
871   set_exec_path(GNUPG_LIBEXECDIR,0);
872 #else
873   set_exec_path(GNUPG_LIBEXECDIR,opt.exec_path_set);
874 #endif
875
876   /* Build the filename for the helper to execute */
877   scheme=keyserver_typemap(keyserver->scheme);
878   command=m_alloc(strlen("gpgkeys_")+strlen(scheme)+1);
879   strcpy(command,"gpgkeys_"); 
880   strcat(command,scheme);
881   
882   if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
883     {
884       if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
885         {
886           command=m_realloc(command,strlen(command)+
887                             strlen(KEYSERVER_ARGS_KEEP)+1);
888           strcat(command,KEYSERVER_ARGS_KEEP);
889         }
890       else
891         {
892           command=m_realloc(command,strlen(command)+
893                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
894           strcat(command,KEYSERVER_ARGS_NOKEEP);  
895         }
896
897       ret=exec_write(&spawn,NULL,command,NULL,0,0);
898     }
899   else
900     ret=exec_write(&spawn,command,NULL,NULL,0,0);
901
902   if(ret)
903     return ret;
904
905   fprintf(spawn->tochild,
906           "# This is a GnuPG %s keyserver communications file\n",VERSION);
907   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
908   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
909   fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
910
911   if(keyserver->opaque)
912     fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
913   else
914     {
915       if(keyserver->auth)
916         fprintf(spawn->tochild,"AUTH %s\n",keyserver->auth);
917
918       if(keyserver->host)
919         fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
920
921       if(keyserver->port)
922         fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
923
924       if(keyserver->path)
925         fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
926     }
927
928   /* Write options */
929
930   for(i=0,kopts=keyserver_opts;kopts[i].name;i++)
931     if(opt.keyserver_options.options & kopts[i].bit & REMOTE_TELL)
932       fprintf(spawn->tochild,"OPTION %s\n",kopts[i].name);
933
934   for(i=0;i<opt.keyserver_options.verbose;i++)
935     fprintf(spawn->tochild,"OPTION verbose\n");
936
937   for(temp=opt.keyserver_options.other;temp;temp=temp->next)
938     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
939
940   switch(action)
941     {
942     case GET:
943       {
944         fprintf(spawn->tochild,"COMMAND GET\n\n");
945
946         /* Which keys do we want? */
947
948         for(i=0;i<count;i++)
949           {
950             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
951               {
952                 int f;
953
954                 fprintf(spawn->tochild,"0x");
955
956                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
957                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
958
959                 fprintf(spawn->tochild,"\n");
960               }
961             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
962               {
963                 int f;
964
965                 fprintf(spawn->tochild,"0x");
966
967                 for(f=0;f<16;f++)
968                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
969
970                 fprintf(spawn->tochild,"\n");
971               }
972             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
973               fprintf(spawn->tochild,"0x%08lX%08lX\n",
974                       (ulong)desc[i].u.kid[0],
975                       (ulong)desc[i].u.kid[1]);
976             else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
977               fprintf(spawn->tochild,"0x%08lX\n",
978                       (ulong)desc[i].u.kid[1]);
979             else if(desc[i].mode==KEYDB_SEARCH_MODE_NONE)
980               continue;
981             else
982               BUG();
983
984             if(keyserver->host)
985               log_info(_("requesting key %s from %s server %s\n"),
986                        keystr_from_desc(&desc[i]),
987                        keyserver->scheme,keyserver->host);
988             else
989               log_info(_("requesting key %s from %s\n"),
990                        keystr_from_desc(&desc[i]),keyserver->uri);
991           }
992
993         fprintf(spawn->tochild,"\n");
994
995         break;
996       }
997
998     case SEND:
999       {
1000         STRLIST key;
1001
1002         /* Note the extra \n here to send an empty keylist block */
1003         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
1004
1005         for(key=list;key!=NULL;key=key->next)
1006           {
1007             armor_filter_context_t afx;
1008             IOBUF buffer=iobuf_temp();
1009             KBNODE block;
1010
1011             temp=NULL;
1012             add_to_strlist(&temp,key->d);
1013
1014             memset(&afx,0,sizeof(afx));
1015             afx.what=1;
1016             /* Tell the armor filter to use Unix-style \n line
1017                endings, since we're going to fprintf this to a file
1018                that (on Win32) is open in text mode.  The win32 stdio
1019                will transform the \n to \r\n and we'll end up with the
1020                proper line endings on win32.  This is a no-op on
1021                Unix. */
1022             afx.eol[0]='\n';
1023             iobuf_push_filter(buffer,armor_filter,&afx);
1024
1025             /* TODO: Remove Comment: lines from keys exported this
1026                way? */
1027
1028             if(export_pubkeys_stream(buffer,temp,&block,
1029                                      opt.keyserver_options.export_options)==-1)
1030               iobuf_close(buffer);
1031             else
1032               {
1033                 KBNODE node;
1034
1035                 iobuf_flush_temp(buffer);
1036
1037                 merge_keys_and_selfsig(block);
1038
1039                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
1040                         (ulong)block->pkt->pkt.public_key->keyid[0],
1041                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1042
1043                 for(node=block;node;node=node->next)
1044                   {
1045                     switch(node->pkt->pkttype)
1046                       {
1047                       default:
1048                         continue;
1049
1050                       case PKT_PUBLIC_KEY:
1051                       case PKT_PUBLIC_SUBKEY:
1052                         {
1053                           PKT_public_key *pk=node->pkt->pkt.public_key;
1054
1055                           keyid_from_pk(pk,NULL);
1056
1057                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
1058                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
1059                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
1060                                   pk->pubkey_algo,
1061                                   nbits_from_pk(pk),
1062                                   pk->timestamp,
1063                                   pk->expiredate);
1064
1065                           if(pk->is_revoked)
1066                             fprintf(spawn->tochild,"r");
1067                           if(pk->has_expired)
1068                             fprintf(spawn->tochild,"e");
1069
1070                           fprintf(spawn->tochild,"\n");
1071                         }
1072                         break;
1073
1074                       case PKT_USER_ID:
1075                         {
1076                           PKT_user_id *uid=node->pkt->pkt.user_id;
1077                           int r;
1078
1079                           if(uid->attrib_data)
1080                             continue;
1081
1082                           fprintf(spawn->tochild,"uid:");
1083
1084                           /* Quote ':', '%', and any 8-bit
1085                              characters */
1086                           for(r=0;r<uid->len;r++)
1087                             {
1088                               if(uid->name[r]==':' || uid->name[r]=='%'
1089                                  || uid->name[r]&0x80)
1090                                 fprintf(spawn->tochild,"%%%02X",
1091                                         (byte)uid->name[r]);
1092                               else
1093                                 fprintf(spawn->tochild,"%c",uid->name[r]);
1094                             }
1095
1096                           fprintf(spawn->tochild,":%u:%u:",
1097                                   uid->created,uid->expiredate);
1098
1099                           if(uid->is_revoked)
1100                             fprintf(spawn->tochild,"r");
1101                           if(uid->is_expired)
1102                             fprintf(spawn->tochild,"e");
1103
1104                           fprintf(spawn->tochild,"\n");
1105                         }
1106                         break;
1107
1108                         /* This bit is really for the benefit of
1109                            people who store their keys in LDAP
1110                            servers.  It makes it easy to do queries
1111                            for things like "all keys signed by
1112                            Isabella". */
1113                       case PKT_SIGNATURE:
1114                         {
1115                           PKT_signature *sig=node->pkt->pkt.signature;
1116
1117                           if(!IS_UID_SIG(sig))
1118                             continue;
1119
1120                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
1121                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
1122                                   sig->sig_class,sig->timestamp,
1123                                   sig->expiredate);
1124                         }
1125                         break;
1126                       }
1127                   }
1128
1129                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
1130                         (ulong)block->pkt->pkt.public_key->keyid[0],
1131                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1132
1133                 fprintf(spawn->tochild,"KEY %s BEGIN\n",key->d);
1134                 fwrite(iobuf_get_temp_buffer(buffer),
1135                        iobuf_get_temp_length(buffer),1,spawn->tochild);
1136                 fprintf(spawn->tochild,"KEY %s END\n",key->d);
1137
1138                 iobuf_close(buffer);
1139
1140                 if(keyserver->host)
1141                   log_info(_("sending key %s to %s server %s\n"),
1142                            keystr(block->pkt->pkt.public_key->keyid),
1143                            keyserver->scheme,keyserver->host);
1144                 else
1145                   log_info(_("sending key %s to %s\n"),
1146                            keystr(block->pkt->pkt.public_key->keyid),
1147                            keyserver->uri);
1148
1149                 release_kbnode(block);
1150               }
1151
1152             free_strlist(temp);
1153           }
1154
1155         break;
1156       }
1157
1158     case SEARCH:
1159       {
1160         STRLIST key;
1161
1162         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
1163
1164         /* Which keys do we want?  Remember that the gpgkeys_ program
1165            is going to lump these together into a search string. */
1166
1167         for(key=list;key!=NULL;key=key->next)
1168           {
1169             fprintf(spawn->tochild,"%s\n",key->d);
1170             if(key!=list)
1171               {
1172                 searchstr=m_realloc(searchstr,
1173                                     strlen(searchstr)+strlen(key->d)+2);
1174                 strcat(searchstr," ");
1175               }
1176             else
1177               {
1178                 searchstr=m_alloc(strlen(key->d)+1);
1179                 searchstr[0]='\0';
1180               }
1181
1182             strcat(searchstr,key->d);
1183           }
1184
1185         fprintf(spawn->tochild,"\n");
1186
1187         if(keyserver->host)
1188           log_info(_("searching for \"%s\" from %s server %s\n"),
1189                    searchstr,keyserver->scheme,keyserver->host);
1190         else
1191           log_info(_("searching for \"%s\" from %s\n"),
1192                    searchstr,keyserver->uri);
1193
1194         break;
1195       }
1196
1197     default:
1198       log_fatal(_("no keyserver action!\n"));
1199       break;
1200     }
1201
1202   /* Done sending, so start reading. */
1203   ret=exec_read(spawn);
1204   if(ret)
1205     goto fail;
1206
1207   /* Now handle the response */
1208
1209   for(;;)
1210     {
1211       int plen;
1212       char *ptr;
1213
1214       maxlen=1024;
1215       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1216         {
1217           ret=G10ERR_READ_FILE;
1218           goto fail; /* i.e. EOF */
1219         }
1220
1221       ptr=line;
1222
1223       /* remove trailing whitespace */
1224       plen=strlen(ptr);
1225       while(plen>0 && ascii_isspace(ptr[plen-1]))
1226         plen--;
1227       plen[ptr]='\0';
1228
1229       if(*ptr=='\0')
1230         break;
1231
1232       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1233         {
1234           gotversion=1;
1235
1236           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1237             {
1238               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1239                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1240               goto fail;
1241             }
1242         }
1243       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1244         {
1245           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1246             log_info(_("WARNING: keyserver handler from a different"
1247                        " version of GnuPG (%s)\n"),&ptr[8]);
1248         }
1249       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1250         outofband=1; /* Currently the only OPTION */
1251     }
1252
1253   if(!gotversion)
1254     {
1255       log_error(_("keyserver did not send VERSION\n"));
1256       goto fail;
1257     }
1258
1259   if(!outofband)
1260     switch(action)
1261       {
1262       case GET:
1263         {
1264           void *stats_handle;
1265
1266           stats_handle=import_new_stats_handle();
1267
1268           /* Slurp up all the key data.  In the future, it might be
1269              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1270              It's harmless to ignore them, but ignoring them does make
1271              gpg complain about "no valid OpenPGP data found".  One
1272              way to do this could be to continue parsing this
1273              line-by-line and make a temp iobuf for each key. */
1274
1275           import_keys_stream(spawn->fromchild,stats_handle,
1276                              opt.keyserver_options.import_options);
1277
1278           import_print_stats(stats_handle);
1279           import_release_stats_handle(stats_handle);
1280
1281           break;
1282         }
1283
1284         /* Nothing to do here */
1285       case SEND:
1286         break;
1287
1288       case SEARCH:
1289         keyserver_search_prompt(spawn->fromchild,searchstr);
1290         break;
1291
1292       default:
1293         log_fatal(_("no keyserver action!\n"));
1294         break;
1295       }
1296
1297  fail:
1298   m_free(line);
1299   m_free(searchstr);
1300
1301   *prog=exec_finish(spawn);
1302
1303   return ret;
1304 }
1305
1306 static int 
1307 keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
1308                int count,struct keyserver_spec *keyserver)
1309 {
1310   int rc=0,ret=0;
1311
1312   if(!keyserver)
1313     {
1314       log_error(_("no keyserver known (use option --keyserver)\n"));
1315       return G10ERR_BAD_URI;
1316     }
1317
1318 #ifdef DISABLE_KEYSERVER_HELPERS
1319
1320   log_error(_("external keyserver calls are not supported in this build\n"));
1321   return G10ERR_KEYSERVER;
1322
1323 #else
1324   /* Spawn a handler */
1325
1326   rc=keyserver_spawn(action,list,desc,count,&ret,keyserver);
1327   if(ret)
1328     {
1329       switch(ret)
1330         {
1331         case KEYSERVER_SCHEME_NOT_FOUND:
1332           log_error(_("no handler for keyserver scheme `%s'\n"),
1333                     keyserver->scheme);
1334           break;
1335
1336         case KEYSERVER_NOT_SUPPORTED:
1337           log_error(_("action `%s' not supported with keyserver "
1338                       "scheme `%s'\n"),
1339                     action==GET?"get":action==SEND?"send":
1340                     action==SEARCH?"search":"unknown",
1341                     keyserver->scheme);
1342           break;
1343
1344         case KEYSERVER_VERSION_ERROR:
1345           log_error(_("gpgkeys_%s does not support handler version %d\n"),
1346                     keyserver_typemap(keyserver->scheme),
1347                     KEYSERVER_PROTO_VERSION);
1348           break;
1349
1350         case KEYSERVER_TIMEOUT:
1351           log_error(_("keyserver timed out\n"));
1352           break;
1353
1354         case KEYSERVER_INTERNAL_ERROR:
1355         default:
1356           log_error(_("keyserver internal error\n"));
1357           break;
1358         }
1359
1360       return G10ERR_KEYSERVER;
1361     }
1362
1363   if(rc)
1364     {
1365       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1366
1367       return rc;
1368     }
1369
1370   return 0;
1371 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1372 }
1373
1374 int 
1375 keyserver_export(STRLIST users)
1376 {
1377   STRLIST sl=NULL;
1378   KEYDB_SEARCH_DESC desc;
1379   int rc=0;
1380
1381   /* Weed out descriptors that we don't support sending */
1382   for(;users;users=users->next)
1383     {
1384       classify_user_id (users->d, &desc);
1385       if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1386          desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1387          desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
1388          desc.mode!=KEYDB_SEARCH_MODE_FPR20)
1389         {
1390           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1391           continue;
1392         }
1393       else
1394         append_to_strlist(&sl,users->d);
1395     }
1396
1397   if(sl)
1398     {
1399       rc=keyserver_work(SEND,sl,NULL,0,opt.keyserver);
1400       free_strlist(sl);
1401     }
1402
1403   return rc;
1404 }
1405
1406 int 
1407 keyserver_import(STRLIST users)
1408 {
1409   KEYDB_SEARCH_DESC *desc;
1410   int num=100,count=0;
1411   int rc=0;
1412
1413   /* Build a list of key ids */
1414   desc=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
1415
1416   for(;users;users=users->next)
1417     {
1418       classify_user_id (users->d, &desc[count]);
1419       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1420          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1421          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
1422          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
1423         {
1424           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1425           continue;
1426         }
1427
1428       count++;
1429       if(count==num)
1430         {
1431           num+=100;
1432           desc=m_realloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1433         }
1434     }
1435
1436   if(count>0)
1437     rc=keyserver_work(GET,NULL,desc,count,opt.keyserver);
1438
1439   m_free(desc);
1440
1441   return rc;
1442 }
1443
1444 int
1445 keyserver_import_fprint(const byte *fprint,size_t fprint_len,
1446                         struct keyserver_spec *keyserver)
1447 {
1448   KEYDB_SEARCH_DESC desc;
1449
1450   memset(&desc,0,sizeof(desc));
1451
1452   if(fprint_len==16)
1453     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1454   else if(fprint_len==20)
1455     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1456   else
1457     return -1;
1458
1459   memcpy(desc.u.fpr,fprint,fprint_len);
1460
1461   return keyserver_work(GET,NULL,&desc,1,keyserver);
1462 }
1463
1464 int 
1465 keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
1466 {
1467   KEYDB_SEARCH_DESC desc;
1468
1469   memset(&desc,0,sizeof(desc));
1470
1471   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1472   desc.u.kid[0]=keyid[0];
1473   desc.u.kid[1]=keyid[1];
1474
1475   return keyserver_work(GET,NULL,&desc,1,keyserver);
1476 }
1477
1478 /* code mostly stolen from do_export_stream */
1479 static int 
1480 keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1481 {
1482   int rc=0,ndesc,num=100;
1483   KBNODE keyblock=NULL,node;
1484   KEYDB_HANDLE kdbhd;
1485   KEYDB_SEARCH_DESC *desc;
1486   STRLIST sl;
1487
1488   *count=0;
1489
1490   *klist=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
1491
1492   kdbhd=keydb_new(0);
1493
1494   if(!users)
1495     {
1496       ndesc = 1;
1497       desc = m_alloc_clear ( ndesc * sizeof *desc);
1498       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1499     }
1500   else
1501     {
1502       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1503         ;
1504       desc = m_alloc ( ndesc * sizeof *desc);
1505         
1506       for (ndesc=0, sl=users; sl; sl = sl->next)
1507         {
1508           if(classify_user_id (sl->d, desc+ndesc))
1509             ndesc++;
1510           else
1511             log_error (_("key \"%s\" not found: %s\n"),
1512                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
1513         }
1514     }
1515
1516   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1517     {
1518       if (!users) 
1519         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1520
1521       /* read the keyblock */
1522       rc = keydb_get_keyblock (kdbhd, &keyblock );
1523       if( rc )
1524         {
1525           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1526           goto leave;
1527         }
1528
1529       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1530         {
1531           /* This is to work around a bug in some keyservers (pksd and
1532              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1533              The answer is to refresh both the correct v4 keyid
1534              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1535              This only happens for key refresh using the HKP scheme
1536              and if the refresh-add-fake-v3-keyids keyserver option is
1537              set. */
1538           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1539              node->pkt->pkt.public_key->version>=4)
1540             {
1541               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1542               mpi_get_keyid(node->pkt->pkt.public_key->pkey[0],
1543                             (*klist)[*count].u.kid);
1544               (*count)++;
1545
1546               if(*count==num)
1547                 {
1548                   num+=100;
1549                   *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1550                 }
1551             }
1552
1553           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1554              This is because it's easy to calculate any sort of keyid
1555              from a v4 fingerprint, but not a v3 fingerprint. */
1556
1557           if(node->pkt->pkt.public_key->version<4)
1558             {
1559               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1560               keyid_from_pk(node->pkt->pkt.public_key,
1561                             (*klist)[*count].u.kid);
1562             }
1563           else
1564             {
1565               size_t dummy;
1566
1567               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1568               fingerprint_from_pk(node->pkt->pkt.public_key,
1569                                   (*klist)[*count].u.fpr,&dummy);
1570             }
1571
1572           /* This is a little hackish, using the skipfncvalue as a
1573              void* pointer to the keyserver spec, but we don't need
1574              the skipfnc here, and it saves having an additional field
1575              for this (which would be wasted space most of the
1576              time). */
1577
1578           (*klist)[*count].skipfncvalue=NULL;
1579
1580           /* Are we honoring preferred keyservers? */
1581           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1582             {
1583               PKT_user_id *uid=NULL;
1584               PKT_signature *sig=NULL;
1585
1586               merge_keys_and_selfsig(keyblock);
1587
1588               for(node=node->next;node;node=node->next)
1589                 {
1590                   if(node->pkt->pkttype==PKT_USER_ID
1591                      && node->pkt->pkt.user_id->is_primary)
1592                     uid=node->pkt->pkt.user_id;
1593                   else if(node->pkt->pkttype==PKT_SIGNATURE
1594                           && node->pkt->pkt.signature->
1595                           flags.chosen_selfsig && uid)
1596                     {
1597                       sig=node->pkt->pkt.signature;
1598                       break;
1599                     }
1600                 }
1601
1602               /* Try and parse the keyserver URL.  If it doesn't work,
1603                  then we end up writing NULL which indicates we are
1604                  the same as any other key. */
1605               if(uid && sig)
1606                 (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1607             }
1608
1609           (*count)++;
1610
1611           if(*count==num)
1612             {
1613               num+=100;
1614               *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1615             }
1616         }
1617     }
1618
1619   if(rc==-1)
1620     rc=0;
1621   
1622  leave:
1623   if(rc)
1624     m_free(*klist);
1625   m_free(desc);
1626   keydb_release(kdbhd);
1627   release_kbnode(keyblock);
1628
1629   return rc;
1630 }
1631
1632 /* Note this is different than the original HKP refresh.  It allows
1633    usernames to refresh only part of the keyring. */
1634
1635 int 
1636 keyserver_refresh(STRLIST users)
1637 {
1638   int rc,count,numdesc,fakev3=0;
1639   KEYDB_SEARCH_DESC *desc;
1640   unsigned int options=opt.keyserver_options.import_options;
1641
1642   /* We switch merge-only on during a refresh, as 'refresh' should
1643      never import new keys, even if their keyids match. */
1644   opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
1645
1646   /* Similarly, we switch on fast-import, since refresh may make
1647      multiple import sets (due to preferred keyserver URLs).  We don't
1648      want each set to rebuild the trustdb.  Instead we do it once at
1649      the end here. */
1650   opt.keyserver_options.import_options|=IMPORT_FAST;
1651
1652   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1653      scheme, then enable fake v3 keyid generation. */
1654   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1655      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1656          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1657     fakev3=1;
1658
1659   rc=keyidlist(users,&desc,&numdesc,fakev3);
1660   if(rc)
1661     return rc;
1662
1663   count=numdesc;
1664   if(count>0)
1665     {
1666       int i;
1667
1668       /* Try to handle preferred keyserver keys first */
1669       for(i=0;i<count;i++)
1670         {
1671           if(desc[i].skipfncvalue)
1672             {
1673               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1674
1675               /* We use the keyserver structure we parsed out before.
1676                  Note that a preferred keyserver without a scheme://
1677                  will be interpreted as hkp:// */
1678
1679               rc=keyserver_work(GET,NULL,&desc[i],1,keyserver);
1680               if(rc)
1681                 log_info(_("WARNING: unable to refresh key %s"
1682                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
1683                          keyserver->uri,g10_errstr(rc));
1684               else
1685                 {
1686                   /* We got it, so mark it as NONE so we don't try and
1687                      get it again from the regular keyserver. */
1688
1689                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1690                   count--;
1691                 }
1692
1693               free_keyserver_spec(keyserver);
1694             }
1695         }
1696     }
1697
1698   if(count>0)
1699     {
1700       if(opt.keyserver)
1701         {
1702           if(count==1)
1703             log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
1704           else
1705             log_info(_("refreshing %d keys from %s\n"),
1706                      count,opt.keyserver->uri);
1707         }
1708
1709       rc=keyserver_work(GET,NULL,desc,numdesc,opt.keyserver);
1710     }
1711
1712   m_free(desc);
1713
1714   opt.keyserver_options.import_options=options;
1715
1716   /* If the original options didn't have fast import, and the trustdb
1717      is dirty, rebuild. */
1718   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1719     trustdb_check_or_update();
1720
1721   return rc;
1722 }
1723
1724 int
1725 keyserver_search(STRLIST tokens)
1726 {
1727   if(tokens)
1728     return keyserver_work(SEARCH,tokens,NULL,0,opt.keyserver);
1729   else
1730     return 0;
1731 }