* mainproc.c (check_sig_and_print): If we're honoring preferred
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
3  *
4  * This file is part of GnuPG.
5  *
6  * GnuPG is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * GnuPG is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19  */
20
21 #include <config.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <assert.h>
27 #include "filter.h"
28 #include "keydb.h"
29 #include "status.h"
30 #include "exec.h"
31 #include "main.h"
32 #include "i18n.h"
33 #include "iobuf.h"
34 #include "memory.h"
35 #include "ttyio.h"
36 #include "options.h"
37 #include "packet.h"
38 #include "keyserver-internal.h"
39 #include "util.h"
40
41 #define GET    0
42 #define SEND   1
43 #define SEARCH 2
44
45 struct keyrec
46 {
47   KEYDB_SEARCH_DESC desc;
48   u32 createtime,expiretime;
49   int size,flags;
50   byte type;
51   IOBUF uidbuf;
52   unsigned int lines;
53 };
54
55 /* Tell remote processes about these options */
56 #define REMOTE_TELL (KEYSERVER_INCLUDE_REVOKED|KEYSERVER_INCLUDE_DISABLED|KEYSERVER_INCLUDE_SUBKEYS|KEYSERVER_TRY_DNS_SRV)
57
58 static struct parse_options keyserver_opts[]=
59   {
60     {"include-revoked",KEYSERVER_INCLUDE_REVOKED,NULL},      
61     {"include-disabled",KEYSERVER_INCLUDE_DISABLED,NULL},
62     {"include-subkeys",KEYSERVER_INCLUDE_SUBKEYS,NULL},
63     {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL},
64     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL},
65     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL},
66     {"try-dns-srv",KEYSERVER_TRY_DNS_SRV,NULL},
67     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL},
68     {NULL,0,NULL}
69   };
70
71 static int keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
72                           int count,struct keyserver_spec *keyserver);
73
74 int
75 parse_keyserver_options(char *options)
76 {
77   int ret=1;
78   char *tok;
79
80   while((tok=optsep(&options)))
81     {
82       if(tok[0]=='\0')
83         continue;
84
85       /* We accept quite a few possible options here - some options to
86          handle specially, the keyserver_options list, and import and
87          export options that pertain to keyserver operations.  Note
88          that you must use strncasecmp here as there might be an
89          =argument attached which will foil the use of strcasecmp. */
90
91       if(ascii_strncasecmp(tok,"verbose",7)==0)
92         opt.keyserver_options.verbose++;
93       else if(ascii_strncasecmp(tok,"no-verbose",10)==0)
94         opt.keyserver_options.verbose--;
95 #ifdef EXEC_TEMPFILE_ONLY
96       else if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
97               ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
98         log_info(_("WARNING: keyserver option \"%s\" is not used "
99                    "on this platform\n"),tok);
100 #else
101       else if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
102         opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
103       else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
104         opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
105 #endif
106       else if(!parse_options(tok,&opt.keyserver_options.options,
107                              keyserver_opts,0)
108          && !parse_import_options(tok,
109                                   &opt.keyserver_options.import_options,0)
110          && !parse_export_options(tok,
111                                   &opt.keyserver_options.export_options,0))
112         {
113           /* All of the standard options have failed, so the option is
114              destined for a keyserver plugin. */
115           char *arg=argsplit(tok);
116
117           if(arg)
118             {
119               char *joined;
120
121               joined=m_alloc(strlen(tok)+1+strlen(arg)+1);
122               /* Make a canonical name=value form with no
123                  spaces */
124               strcpy(joined,tok);
125               strcat(joined,"=");
126               strcat(joined,arg);
127               add_to_strlist(&opt.keyserver_options.other,joined);
128               m_free(joined);
129             }
130           else
131             add_to_strlist(&opt.keyserver_options.other,tok);
132         }
133     }
134
135   return ret;
136 }
137
138 void
139 free_keyserver_spec(struct keyserver_spec *keyserver)
140 {
141   m_free(keyserver->uri);
142   m_free(keyserver->host);
143   m_free(keyserver->port);
144   m_free(keyserver->path);
145   m_free(keyserver->opaque);
146   m_free(keyserver);
147 }
148
149 struct keyserver_spec *
150 parse_keyserver_uri(const char *uri,int require_scheme,
151                     const char *configname,unsigned int configlineno)
152 {
153   int assume_hkp=0;
154   struct keyserver_spec *keyserver;
155   const char *idx;
156   int count;
157
158   assert(uri!=NULL);
159
160   keyserver=m_alloc_clear(sizeof(struct keyserver_spec));
161
162   keyserver->uri=m_strdup(uri);
163
164   /* Get the scheme */
165
166   for(idx=uri,count=0;*idx && *idx!=':';idx++)
167     count++;
168
169   if(count==0)
170     goto fail;
171
172   if(*idx=='\0')
173     {
174       if(require_scheme)
175         return NULL;
176
177       /* Assume HKP if there is no scheme */
178       assume_hkp=1;
179       keyserver->scheme=m_strdup("hkp");
180     }
181   else
182     {
183       int i;
184
185       keyserver->scheme=m_alloc(count+1);
186
187       /* Force to lowercase */
188       for(i=0;i<count;i++)
189         keyserver->scheme[i]=ascii_tolower(uri[i]);
190
191       keyserver->scheme[i]='\0';
192
193       /* Skip past the scheme and colon */
194       uri+=count+1;
195     }
196
197   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
198     {
199       deprecated_warning(configname,configlineno,"x-broken-hkp",
200                          "--keyserver-options ","broken-http-proxy");
201       m_free(keyserver->scheme);
202       keyserver->scheme=m_strdup("hkp");
203       add_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
204     }
205   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
206     {
207       /* Canonicalize this to "hkp" so it works with both the internal
208          and external keyserver interface. */
209       m_free(keyserver->scheme);
210       keyserver->scheme=m_strdup("hkp");
211     }
212
213   if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
214     {
215       /* Two slashes means network path. */
216
217       /* Skip over the "//", if any */
218       if(!assume_hkp)
219         uri+=2;
220
221       for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
222         count++;
223
224       if(count==0)
225         goto fail;
226
227       keyserver->host=m_alloc(count+1);
228       strncpy(keyserver->host,uri,count);
229       keyserver->host[count]='\0';
230
231       /* Skip past the host */
232       uri+=count;
233
234       if(*uri==':')
235         {
236           /* It would seem to be reasonable to limit the range of the
237              ports to values between 1-65535, but RFC 1738 and 1808
238              imply there is no limit.  Of course, the real world has
239              limits. */
240
241           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
242             {
243               count++;
244
245               /* Ports are digits only */
246               if(!digitp(idx))
247                 goto fail;
248             }
249
250           keyserver->port=m_alloc(count+1);
251           strncpy(keyserver->port,uri+1,count);
252           keyserver->port[count]='\0';
253
254           /* Skip past the colon and port number */
255           uri+=1+count;
256         }
257
258       /* Everything else is the path */
259       if(*uri)
260         keyserver->path=m_strdup(uri);
261       else
262         keyserver->path=m_strdup("/");
263     }
264   else if(uri[0]!='/')
265     {
266       /* No slash means opaque.  Just record the opaque blob and get
267          out. */
268       keyserver->opaque=m_strdup(uri);
269     }
270   else
271     {
272       /* One slash means absolute path.  We don't need to support that
273          yet. */
274       goto fail;
275     }
276
277   return keyserver;
278
279  fail:
280   free_keyserver_spec(keyserver);
281
282   return NULL;
283 }
284
285 struct keyserver_spec *
286 parse_preferred_keyserver(PKT_signature *sig)
287 {
288   struct keyserver_spec *spec=NULL;
289   const byte *p;
290   size_t plen;
291
292   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
293   if(p && plen)
294     {
295       byte *dupe=m_alloc(plen+1);
296
297       memcpy(dupe,p,plen);
298       dupe[plen]='\0';
299       spec=parse_keyserver_uri(dupe,0,NULL,0);
300       m_free(dupe);
301     }
302
303   return spec;
304 }
305
306 static void
307 print_keyrec(int number,struct keyrec *keyrec)
308 {
309   int i;
310
311   iobuf_writebyte(keyrec->uidbuf,0);
312   iobuf_flush_temp(keyrec->uidbuf);
313   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
314
315   if(keyrec->size>0)
316     printf("%d bit ",keyrec->size);
317
318   if(keyrec->type)
319     {
320       const char *str=pubkey_algo_to_string(keyrec->type);
321
322       if(str)
323         printf("%s ",str);
324       else
325         printf("unknown ");
326     }
327
328   switch(keyrec->desc.mode)
329     {
330       /* If the keyserver helper gave us a short keyid, we have no
331          choice but to use it.  Do check --keyid-format to add a 0x if
332          needed. */
333     case KEYDB_SEARCH_MODE_SHORT_KID:
334       printf("key %s%08lX",
335              (opt.keyid_format==KF_0xSHORT
336               || opt.keyid_format==KF_0xLONG)?"0x":"",
337              (ulong)keyrec->desc.u.kid[1]);
338       break;
339
340       /* However, if it gave us a long keyid, we can honor
341          --keyid-format */
342     case KEYDB_SEARCH_MODE_LONG_KID:
343       printf("key %s",keystr(keyrec->desc.u.kid));
344       break;
345
346     case KEYDB_SEARCH_MODE_FPR16:
347       printf("key ");
348       for(i=0;i<16;i++)
349         printf("%02X",(unsigned char)keyrec->desc.u.fpr[i]);
350       break;
351
352     case KEYDB_SEARCH_MODE_FPR20:
353       printf("key ");
354       for(i=0;i<20;i++)
355         printf("%02X",(unsigned char)keyrec->desc.u.fpr[i]);
356       break;
357
358     default:
359       BUG();
360       break;
361     }
362
363   if(keyrec->createtime>0)
364     printf(", created %s",strtimestamp(keyrec->createtime));
365
366   if(keyrec->expiretime>0)
367     printf(", expires %s",strtimestamp(keyrec->expiretime));
368
369   if(keyrec->flags&1)
370     printf(" (%s)",("revoked"));
371   if(keyrec->flags&2)
372     printf(" (%s)",("disabled"));
373   if(keyrec->flags&4)
374     printf(" (%s)",("expired"));
375
376   printf("\n");
377 }
378
379 /* Returns a keyrec (which must be freed) once a key is complete, and
380    NULL otherwise.  Call with a NULL keystring once key parsing is
381    complete to return any unfinished keys. */
382 static struct keyrec *
383 parse_keyrec(char *keystring)
384 {
385   static struct keyrec *work=NULL;
386   struct keyrec *ret=NULL;
387   char *record;
388   int i;
389
390   if(keystring==NULL)
391     {
392       if(work==NULL)
393         return NULL;
394       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
395         {
396           m_free(work);
397           return NULL;
398         }
399       else
400         {
401           ret=work;
402           work=NULL;
403           return ret;
404         }
405     }
406
407   if(work==NULL)
408     {
409       work=m_alloc_clear(sizeof(struct keyrec));
410       work->uidbuf=iobuf_temp();
411     }
412
413   /* Remove trailing whitespace */
414   for(i=strlen(keystring);i>0;i--)
415     if(ascii_isspace(keystring[i-1]))
416       keystring[i-1]='\0';
417     else
418       break;
419
420   if((record=strsep(&keystring,":"))==NULL)
421     return ret;
422
423   if(ascii_strcasecmp("pub",record)==0)
424     {
425       char *tok;
426
427       if(work->desc.mode)
428         {
429           ret=work;
430           work=m_alloc_clear(sizeof(struct keyrec));
431           work->uidbuf=iobuf_temp();
432         }
433
434       if((tok=strsep(&keystring,":"))==NULL)
435         return ret;
436
437       classify_user_id(tok,&work->desc);
438       if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
439          && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
440          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
441          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
442         {
443           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
444           return ret;
445         }
446
447       /* Note all items after this are optional.  This allows us to
448          have a pub line as simple as pub:keyid and nothing else. */
449
450       work->lines++;
451
452       if((tok=strsep(&keystring,":"))==NULL)
453         return ret;
454
455       work->type=atoi(tok);
456
457       if((tok=strsep(&keystring,":"))==NULL)
458         return ret;
459
460       work->size=atoi(tok);
461
462       if((tok=strsep(&keystring,":"))==NULL)
463         return ret;
464
465       if(atoi(tok)<0)
466         work->createtime=0;
467       else
468         work->createtime=atoi(tok);
469
470       if((tok=strsep(&keystring,":"))==NULL)
471         return ret;
472
473       if(atoi(tok)<0)
474         work->expiretime=0;
475       else
476         work->expiretime=atoi(tok);
477
478       if((tok=strsep(&keystring,":"))==NULL)
479         return ret;
480
481       while(*tok)
482         switch(*tok++)
483           {
484           case 'r':
485           case 'R':
486             work->flags|=1;
487             break;
488             
489           case 'd':
490           case 'D':
491             work->flags|=2;
492             break;
493
494           case 'e':
495           case 'E':
496             work->flags|=4;
497             break;
498           }
499
500       if(work->expiretime && work->expiretime<=make_timestamp())
501         work->flags|=4;
502     }
503   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
504     {
505       char *userid,*tok,*decoded;
506
507       if((tok=strsep(&keystring,":"))==NULL)
508         return ret;
509
510       if(strlen(tok)==0)
511         return ret;
512
513       userid=tok;
514
515       /* By definition, de-%-encoding is always smaller than the
516          original string so we can decode in place. */
517
518       i=0;
519
520       while(*tok)
521         if(tok[0]=='%' && tok[1] && tok[2])
522           {
523             if((userid[i]=hextobyte(&tok[1]))==-1)
524               userid[i]='?';
525
526             i++;
527             tok+=3;
528           }
529         else
530           userid[i++]=*tok++;
531
532       /* We don't care about the other info provided in the uid: line
533          since no keyserver supports marking userids with timestamps
534          or revoked/expired/disabled yet. */
535
536       /* No need to check for control characters, as utf8_to_native
537          does this for us. */
538
539       decoded=utf8_to_native(userid,i,0);
540       if(strlen(decoded)>opt.screen_columns-10)
541         decoded[opt.screen_columns-10]='\0';
542       iobuf_writestr(work->uidbuf,decoded);
543       m_free(decoded);
544       iobuf_writestr(work->uidbuf,"\n\t");
545       work->lines++;
546     }
547
548   /* Ignore any records other than "pri" and "uid" for easy future
549      growth. */
550
551   return ret;
552 }
553
554 /* TODO: do this as a list sent to keyserver_work rather than calling
555    it once for each key to get the correct counts after the import
556    (cosmetics, really) and to better take advantage of the keyservers
557    that can do multiple fetches in one go (LDAP). */
558 static int
559 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
560 {
561   char *answer;
562
563   if(count && opt.command_fd==-1)
564     {
565       static int from=1;
566       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
567       from=numdesc+1;
568     }
569
570   answer=cpr_get_no_help("keysearch.prompt",
571                          _("Enter number(s), N)ext, or Q)uit > "));
572   /* control-d */
573   if(answer[0]=='\x04')
574     {
575       printf("Q\n");
576       answer[0]='q';
577     }
578
579   if(answer[0]=='q' || answer[0]=='Q')
580     {
581       m_free(answer);
582       return 1;
583     }
584   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
585     {
586       char *split=answer,*num;
587
588       while((num=strsep(&split," ,"))!=NULL)
589         if(atoi(num)>=1 && atoi(num)<=numdesc)
590           keyserver_work(GET,NULL,&desc[atoi(num)-1],1,opt.keyserver);
591
592       m_free(answer);
593       return 1;
594     }
595
596   return 0;
597 }
598
599 /* Count and searchstr are just for cosmetics.  If the count is too
600    small, it will grow safely.  If negative it disables the "Key x-y
601    of z" messages. */
602 static void
603 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
604 {
605   int i=0,validcount=0,started=0,header=0,count=1;
606   unsigned int maxlen,buflen,numlines=0;
607   KEYDB_SEARCH_DESC *desc;
608   byte *line=NULL;
609
610   desc=m_alloc(count*sizeof(KEYDB_SEARCH_DESC));
611
612   for(;;)
613     {
614       struct keyrec *keyrec;
615       int rl;
616
617       maxlen=1024;
618       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
619
620       if(opt.with_colons)
621         {
622           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
623              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
624             {
625               header=1;
626               continue;
627             }
628           else if(ascii_strncasecmp("SEARCH ",line,7)==0
629                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
630             continue;
631
632           printf("%s",line);
633         }
634
635       /* Look for an info: line.  The only current info: values
636          defined are the version and key count. */
637       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
638         {
639           char *tok,*str=&line[5];
640
641           if((tok=strsep(&str,":"))!=NULL)
642             {
643               int version;
644
645               if(sscanf(tok,"%d",&version)!=1)
646                 version=1;
647
648               if(version!=1)
649                 {
650                   log_error(_("invalid keyserver protocol "
651                               "(us %d!=handler %d)\n"),1,version);
652                   break;
653                 }
654             }
655
656           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
657             {
658               if(count==0)
659                 goto notfound;
660               else if(count<0)
661                 count=10;
662               else
663                 validcount=1;
664
665               desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
666             }
667
668           started=1;
669           continue;
670         }
671
672       if(rl==0)
673         {
674           keyrec=parse_keyrec(NULL);
675
676           if(keyrec==NULL)
677             {
678               if(i==0)
679                 {
680                   count=0;
681                   break;
682                 }
683
684               if(i!=count)
685                 validcount=0;
686
687               for(;;)
688                 {
689                   if(show_prompt(desc,i,validcount?count:0,searchstr))
690                     break;
691                   validcount=0;
692                 }
693
694               break;
695             }
696         }
697       else
698         keyrec=parse_keyrec(line);
699
700       if(i==count)
701         {
702           /* keyserver helper sent more keys than they claimed in the
703              info: line. */
704           count+=10;
705           desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
706           validcount=0;
707         }
708
709       if(keyrec)
710         {
711           desc[i]=keyrec->desc;
712
713           if(!opt.with_colons)
714             {
715               /* screen_lines - 1 for the prompt. */
716               if(numlines+keyrec->lines>opt.screen_lines-1)
717                 {
718                   if(show_prompt(desc,i,validcount?count:0,searchstr))
719                     break;
720                   else
721                     numlines=0;
722                 }
723
724               print_keyrec(i+1,keyrec);
725             }
726
727           numlines+=keyrec->lines;
728           iobuf_close(keyrec->uidbuf);
729           m_free(keyrec);
730
731           started=1;
732           i++;
733         }
734     }
735
736   m_free(desc);
737   m_free(line);
738
739  notfound:
740   if(count==0)
741     {
742       if(searchstr)
743         log_info(_("key \"%s\" not found on keyserver\n"),searchstr);
744       else
745         log_info(_("key not found on keyserver\n"));
746       return;
747     }
748 }
749
750 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
751 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
752
753 static int 
754 keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
755                 int count,int *prog,struct keyserver_spec *keyserver)
756 {
757   int ret=0,i,gotversion=0,outofband=0;
758   STRLIST temp;
759   unsigned int maxlen,buflen;
760   char *command=NULL,*searchstr=NULL;
761   byte *line=NULL;
762   struct parse_options *kopts;
763   struct exec_info *spawn;
764
765   assert(keyserver);
766
767 #ifdef EXEC_TEMPFILE_ONLY
768   opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
769 #endif
770
771   /* Push the libexecdir into path.  If DISABLE_KEYSERVER_PATH is set,
772      use the 0 arg to replace the path. */
773 #ifdef DISABLE_KEYSERVER_PATH
774   set_exec_path(GNUPG_LIBEXECDIR,0);
775 #else
776   set_exec_path(GNUPG_LIBEXECDIR,opt.exec_path_set);
777 #endif
778
779   /* Build the filename for the helper to execute */
780   command=m_alloc(strlen("gpgkeys_")+strlen(keyserver->scheme)+1);
781   strcpy(command,"gpgkeys_");
782   strcat(command,keyserver->scheme);
783
784   if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
785     {
786       if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
787         {
788           command=m_realloc(command,strlen(command)+
789                             strlen(KEYSERVER_ARGS_KEEP)+1);
790           strcat(command,KEYSERVER_ARGS_KEEP);
791         }
792       else
793         {
794           command=m_realloc(command,strlen(command)+
795                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
796           strcat(command,KEYSERVER_ARGS_NOKEEP);  
797         }
798
799       ret=exec_write(&spawn,NULL,command,NULL,0,0);
800     }
801   else
802     ret=exec_write(&spawn,command,NULL,NULL,0,0);
803
804   if(ret)
805     return ret;
806
807   fprintf(spawn->tochild,"# This is a gpg keyserver communications file\n");
808   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
809   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
810   fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
811
812   if(keyserver->opaque)
813     fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
814   else
815     {
816       if(keyserver->host)
817         fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
818
819       if(keyserver->port)
820         fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
821
822       if(keyserver->path)
823         fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
824     }
825
826   /* Write options */
827
828   for(i=0,kopts=keyserver_opts;kopts[i].name;i++)
829     if(opt.keyserver_options.options & kopts[i].bit & REMOTE_TELL)
830       fprintf(spawn->tochild,"OPTION %s\n",kopts[i].name);
831
832   for(i=0;i<opt.keyserver_options.verbose;i++)
833     fprintf(spawn->tochild,"OPTION verbose\n");
834
835   for(temp=opt.keyserver_options.other;temp;temp=temp->next)
836     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
837
838   switch(action)
839     {
840     case GET:
841       {
842         fprintf(spawn->tochild,"COMMAND GET\n\n");
843
844         /* Which keys do we want? */
845
846         for(i=0;i<count;i++)
847           {
848             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
849               {
850                 int f;
851
852                 fprintf(spawn->tochild,"0x");
853
854                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
855                   fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]);
856
857                 fprintf(spawn->tochild,"\n");
858               }
859             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
860               {
861                 int f;
862
863                 fprintf(spawn->tochild,"0x");
864
865                 for(f=0;f<16;f++)
866                   fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]);
867
868                 fprintf(spawn->tochild,"\n");
869               }
870             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
871               fprintf(spawn->tochild,"0x%08lX%08lX\n",
872                       (ulong)desc[i].u.kid[0],
873                       (ulong)desc[i].u.kid[1]);
874             else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
875               fprintf(spawn->tochild,"0x%08lX\n",
876                       (ulong)desc[i].u.kid[1]);
877           }
878
879         fprintf(spawn->tochild,"\n");
880
881         break;
882       }
883
884     case SEND:
885       {
886         STRLIST key;
887
888         /* Note the extra \n here to send an empty keylist block */
889         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
890
891         for(key=list;key!=NULL;key=key->next)
892           {
893             armor_filter_context_t afx;
894             IOBUF buffer=iobuf_temp();
895             KBNODE block;
896
897             temp=NULL;
898             add_to_strlist(&temp,key->d);
899
900             memset(&afx,0,sizeof(afx));
901             afx.what=1;
902             iobuf_push_filter(buffer,armor_filter,&afx);
903
904             /* TODO: Remove Comment: lines from keys exported this
905                way? */
906
907             if(export_pubkeys_stream(buffer,temp,&block,
908                                      opt.keyserver_options.export_options)==-1)
909               iobuf_close(buffer);
910             else
911               {
912                 KBNODE node;
913
914                 iobuf_flush_temp(buffer);
915
916                 merge_keys_and_selfsig(block);
917
918                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
919                         (ulong)block->pkt->pkt.public_key->keyid[0],
920                         (ulong)block->pkt->pkt.public_key->keyid[1]);
921
922                 for(node=block;node;node=node->next)
923                   {
924                     switch(node->pkt->pkttype)
925                       {
926                       default:
927                         continue;
928
929                       case PKT_PUBLIC_KEY:
930                       case PKT_PUBLIC_SUBKEY:
931                         {
932                           PKT_public_key *pk=node->pkt->pkt.public_key;
933
934                           keyid_from_pk(pk,NULL);
935
936                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
937                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
938                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
939                                   pk->pubkey_algo,
940                                   nbits_from_pk(pk),
941                                   pk->timestamp,
942                                   pk->expiredate);
943
944                           if(pk->is_revoked)
945                             fprintf(spawn->tochild,"r");
946                           if(pk->has_expired)
947                             fprintf(spawn->tochild,"e");
948
949                           fprintf(spawn->tochild,"\n");
950                         }
951                         break;
952
953                       case PKT_USER_ID:
954                         {
955                           PKT_user_id *uid=node->pkt->pkt.user_id;
956                           int r;
957
958                           if(uid->attrib_data)
959                             continue;
960
961                           fprintf(spawn->tochild,"uid:");
962
963                           /* Quote ':', '%', and any 8-bit
964                              characters */
965                           for(r=0;r<uid->len;r++)
966                             {
967                               if(uid->name[r]==':' || uid->name[r]=='%'
968                                  || uid->name[r]&0x80)
969                                 fprintf(spawn->tochild,"%%%02X",
970                                         (byte)uid->name[r]);
971                               else
972                                 fprintf(spawn->tochild,"%c",uid->name[r]);
973                             }
974
975                           fprintf(spawn->tochild,":%u:%u:",
976                                   uid->created,uid->expiredate);
977
978                           if(uid->is_revoked)
979                             fprintf(spawn->tochild,"r");
980                           if(uid->is_expired)
981                             fprintf(spawn->tochild,"e");
982
983                           fprintf(spawn->tochild,"\n");
984                         }
985                         break;
986
987                         /* This bit is really for the benefit of
988                            people who store their keys in LDAP
989                            servers.  It makes it easy to do queries
990                            for things like "all keys signed by
991                            Isabella". */
992                       case PKT_SIGNATURE:
993                         {
994                           PKT_signature *sig=node->pkt->pkt.signature;
995
996                           if(!IS_UID_SIG(sig))
997                             continue;
998
999                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
1000                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
1001                                   sig->sig_class,sig->timestamp,
1002                                   sig->expiredate);
1003                         }
1004                         break;
1005                       }
1006                   }
1007
1008                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
1009                         (ulong)block->pkt->pkt.public_key->keyid[0],
1010                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1011
1012                 fprintf(spawn->tochild,"KEY %s BEGIN\n",key->d);
1013                 fwrite(iobuf_get_temp_buffer(buffer),
1014                        iobuf_get_temp_length(buffer),1,spawn->tochild);
1015                 fprintf(spawn->tochild,"KEY %s END\n",key->d);
1016
1017                 iobuf_close(buffer);
1018                 release_kbnode(block);
1019               }
1020
1021             free_strlist(temp);
1022           }
1023
1024         break;
1025       }
1026
1027     case SEARCH:
1028       {
1029         STRLIST key;
1030
1031         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
1032
1033         /* Which keys do we want?  Remember that the gpgkeys_ program
1034            is going to lump these together into a search string. */
1035
1036         for(key=list;key!=NULL;key=key->next)
1037           {
1038             fprintf(spawn->tochild,"%s\n",key->d);
1039             if(key!=list)
1040               {
1041                 searchstr=m_realloc(searchstr,
1042                                     strlen(searchstr)+strlen(key->d)+2);
1043                 strcat(searchstr," ");
1044               }
1045             else
1046               {
1047                 searchstr=m_alloc(strlen(key->d)+1);
1048                 searchstr[0]='\0';
1049               }
1050
1051             strcat(searchstr,key->d);
1052           }
1053
1054         fprintf(spawn->tochild,"\n");
1055
1056         break;
1057       }
1058
1059     default:
1060       log_fatal(_("no keyserver action!\n"));
1061       break;
1062     }
1063
1064   /* Done sending, so start reading. */
1065   ret=exec_read(spawn);
1066   if(ret)
1067     goto fail;
1068
1069   /* Now handle the response */
1070
1071   for(;;)
1072     {
1073       int plen;
1074       char *ptr;
1075
1076       maxlen=1024;
1077       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1078         {
1079           ret=G10ERR_READ_FILE;
1080           goto fail; /* i.e. EOF */
1081         }
1082
1083       ptr=line;
1084
1085       /* remove trailing whitespace */
1086       plen=strlen(ptr);
1087       while(plen>0 && ascii_isspace(ptr[plen-1]))
1088         plen--;
1089       plen[ptr]='\0';
1090
1091       if(*ptr=='\0')
1092         break;
1093
1094       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1095         {
1096           gotversion=1;
1097
1098           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1099             {
1100               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1101                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1102               goto fail;
1103             }
1104         }
1105       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1106         {
1107           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1108             log_info(_("WARNING: keyserver handler from a different "
1109                        "version of GnuPG (%s)\n"),&ptr[8]);
1110         }
1111       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1112         outofband=1; /* Currently the only OPTION */
1113     }
1114
1115   if(!gotversion)
1116     {
1117       log_error(_("keyserver did not send VERSION\n"));
1118       goto fail;
1119     }
1120
1121   if(!outofband)
1122     switch(action)
1123       {
1124       case GET:
1125         {
1126           void *stats_handle;
1127
1128           stats_handle=import_new_stats_handle();
1129
1130           /* Slurp up all the key data.  In the future, it might be
1131              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1132              It's harmless to ignore them, but ignoring them does make
1133              gpg complain about "no valid OpenPGP data found".  One
1134              way to do this could be to continue parsing this
1135              line-by-line and make a temp iobuf for each key. */
1136
1137           import_keys_stream(spawn->fromchild,stats_handle,
1138                              opt.keyserver_options.import_options);
1139
1140           import_print_stats(stats_handle);
1141           import_release_stats_handle(stats_handle);
1142
1143           break;
1144         }
1145
1146         /* Nothing to do here */
1147       case SEND:
1148         break;
1149
1150       case SEARCH:
1151         {
1152           keyserver_search_prompt(spawn->fromchild,searchstr);
1153
1154           break;
1155         }
1156
1157       default:
1158         log_fatal(_("no keyserver action!\n"));
1159         break;
1160       }
1161
1162  fail:
1163   m_free(line);
1164
1165   *prog=exec_finish(spawn);
1166
1167   return ret;
1168 }
1169
1170 static int 
1171 keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,
1172                int count,struct keyserver_spec *keyserver)
1173 {
1174   int rc=0,ret=0;
1175
1176   if(!keyserver)
1177     {
1178       log_error(_("no keyserver known (use option --keyserver)\n"));
1179       return G10ERR_BAD_URI;
1180     }
1181
1182 #ifdef DISABLE_KEYSERVER_HELPERS
1183
1184   log_error(_("external keyserver calls are not supported in this build\n"));
1185   return G10ERR_KEYSERVER;
1186
1187 #else
1188   /* Spawn a handler */
1189
1190   rc=keyserver_spawn(action,list,desc,count,&ret,keyserver);
1191   if(ret)
1192     {
1193       switch(ret)
1194         {
1195         case KEYSERVER_SCHEME_NOT_FOUND:
1196           log_error(_("no handler for keyserver scheme \"%s\"\n"),
1197                     keyserver->scheme);
1198           break;
1199
1200         case KEYSERVER_NOT_SUPPORTED:
1201           log_error(_("action \"%s\" not supported with keyserver "
1202                       "scheme \"%s\"\n"),
1203                     action==GET?"get":action==SEND?"send":
1204                     action==SEARCH?"search":"unknown",
1205                     keyserver->scheme);
1206           break;
1207
1208         case KEYSERVER_VERSION_ERROR:
1209           log_error(_("gpgkeys_%s does not support handler version %d\n"),
1210                     keyserver->scheme,KEYSERVER_PROTO_VERSION);
1211           break;
1212
1213         case KEYSERVER_INTERNAL_ERROR:
1214         default:
1215           log_error(_("keyserver internal error\n"));
1216           break;
1217         }
1218
1219       return G10ERR_KEYSERVER;
1220     }
1221
1222   if(rc)
1223     {
1224       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1225
1226       return rc;
1227     }
1228
1229   return 0;
1230 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1231 }
1232
1233 int 
1234 keyserver_export(STRLIST users)
1235 {
1236   STRLIST sl=NULL;
1237   KEYDB_SEARCH_DESC desc;
1238   int rc=0;
1239
1240   /* Weed out descriptors that we don't support sending */
1241   for(;users;users=users->next)
1242     {
1243       classify_user_id (users->d, &desc);
1244       if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1245          desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1246          desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
1247          desc.mode!=KEYDB_SEARCH_MODE_FPR20)
1248         {
1249           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1250           continue;
1251         }
1252       else
1253         append_to_strlist(&sl,users->d);
1254     }
1255
1256   if(sl)
1257     {
1258       rc=keyserver_work(SEND,sl,NULL,0,opt.keyserver);
1259       free_strlist(sl);
1260     }
1261
1262   return rc;
1263 }
1264
1265 int 
1266 keyserver_import(STRLIST users)
1267 {
1268   KEYDB_SEARCH_DESC *desc;
1269   int num=100,count=0;
1270   int rc=0;
1271
1272   /* Build a list of key ids */
1273   desc=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
1274
1275   for(;users;users=users->next)
1276     {
1277       classify_user_id (users->d, &desc[count]);
1278       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1279          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1280          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
1281          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
1282         {
1283           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1284           continue;
1285         }
1286
1287       count++;
1288       if(count==num)
1289         {
1290           num+=100;
1291           desc=m_realloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1292         }
1293     }
1294
1295   if(count>0)
1296     rc=keyserver_work(GET,NULL,desc,count,opt.keyserver);
1297
1298   m_free(desc);
1299
1300   return rc;
1301 }
1302
1303 int
1304 keyserver_import_fprint(const byte *fprint,size_t fprint_len)
1305 {
1306   KEYDB_SEARCH_DESC desc;
1307
1308   memset(&desc,0,sizeof(desc));
1309
1310   if(fprint_len==16)
1311     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1312   else if(fprint_len==20)
1313     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1314   else
1315     return -1;
1316
1317   memcpy(desc.u.fpr,fprint,fprint_len);
1318
1319   return keyserver_work(GET,NULL,&desc,1,opt.keyserver);
1320 }
1321
1322 int 
1323 keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
1324 {
1325   KEYDB_SEARCH_DESC desc;
1326
1327   memset(&desc,0,sizeof(desc));
1328
1329   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1330   desc.u.kid[0]=keyid[0];
1331   desc.u.kid[1]=keyid[1];
1332
1333   return keyserver_work(GET,NULL,&desc,1,keyserver);
1334 }
1335
1336 /* code mostly stolen from do_export_stream */
1337 static int 
1338 keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1339 {
1340   int rc=0,ndesc,num=100;
1341   KBNODE keyblock=NULL,node;
1342   KEYDB_HANDLE kdbhd;
1343   KEYDB_SEARCH_DESC *desc;
1344   STRLIST sl;
1345
1346   *count=0;
1347
1348   *klist=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num);
1349
1350   kdbhd=keydb_new(0);
1351
1352   if(!users)
1353     {
1354       ndesc = 1;
1355       desc = m_alloc_clear ( ndesc * sizeof *desc);
1356       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1357     }
1358   else
1359     {
1360       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1361         ;
1362       desc = m_alloc ( ndesc * sizeof *desc);
1363         
1364       for (ndesc=0, sl=users; sl; sl = sl->next)
1365         {
1366           if(classify_user_id (sl->d, desc+ndesc))
1367             ndesc++;
1368           else
1369             log_error (_("key `%s' not found: %s\n"),
1370                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
1371         }
1372     }
1373
1374   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1375     {
1376       if (!users) 
1377         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1378
1379       /* read the keyblock */
1380       rc = keydb_get_keyblock (kdbhd, &keyblock );
1381       if( rc )
1382         {
1383           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1384           goto leave;
1385         }
1386
1387       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1388         {
1389           /* This is to work around a bug in some keyservers (pksd and
1390              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1391              The answer is to refresh both the correct v4 keyid
1392              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1393              This only happens for key refresh using the HKP scheme
1394              and if the refresh-add-fake-v3-keyids keyserver option is
1395              set. */
1396           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1397              node->pkt->pkt.public_key->version>=4)
1398             {
1399               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1400               mpi_get_keyid(node->pkt->pkt.public_key->pkey[0],
1401                             (*klist)[*count].u.kid);
1402               (*count)++;
1403
1404               if(*count==num)
1405                 {
1406                   num+=100;
1407                   *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1408                 }
1409             }
1410
1411           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1412              This is because it's easy to calculate any sort of keyid
1413              from a v4 fingerprint, but not a v3 fingerprint. */
1414
1415           if(node->pkt->pkt.public_key->version<4)
1416             {
1417               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1418               keyid_from_pk(node->pkt->pkt.public_key,
1419                             (*klist)[*count].u.kid);
1420             }
1421           else
1422             {
1423               size_t dummy;
1424
1425               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1426               fingerprint_from_pk(node->pkt->pkt.public_key,
1427                                   (*klist)[*count].u.fpr,&dummy);
1428             }
1429
1430           (*klist)[*count].skipfncvalue=NULL;
1431
1432           /* Are we honoring preferred keyservers? */
1433           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1434             {
1435               PKT_user_id *uid=NULL;
1436               PKT_signature *sig=NULL;
1437
1438               merge_keys_and_selfsig(keyblock);
1439
1440               for(node=node->next;node;node=node->next)
1441                 {
1442                   if(node->pkt->pkttype==PKT_USER_ID
1443                      && node->pkt->pkt.user_id->is_primary)
1444                     uid=node->pkt->pkt.user_id;
1445                   else if(node->pkt->pkttype==PKT_SIGNATURE
1446                           && node->pkt->pkt.signature->
1447                           flags.chosen_selfsig && uid)
1448                     {
1449                       sig=node->pkt->pkt.signature;
1450                       break;
1451                     }
1452                 }
1453
1454               /* Try and parse the keyserver URL.  If it doesn't work,
1455                  then we end up writing NULL which indicates we are
1456                  the same as any other key. */
1457               if(uid && sig)
1458                 (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1459             }
1460
1461           (*count)++;
1462
1463           if(*count==num)
1464             {
1465               num+=100;
1466               *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1467             }
1468         }
1469     }
1470
1471   if(rc==-1)
1472     rc=0;
1473   
1474  leave:
1475   if(rc)
1476     m_free(*klist);
1477   m_free(desc);
1478   keydb_release(kdbhd);
1479   release_kbnode(keyblock);
1480
1481   return rc;
1482 }
1483
1484 /* Note this is different than the original HKP refresh.  It allows
1485    usernames to refresh only part of the keyring. */
1486
1487 int 
1488 keyserver_refresh(STRLIST users)
1489 {
1490   int rc,count,fakev3=0;
1491   KEYDB_SEARCH_DESC *desc;
1492
1493   /* We switch merge_only on during a refresh, as 'refresh' should
1494      never import new keys, even if their keyids match.  Is it worth
1495      preserving the old merge_only value here? */
1496   opt.import_options|=IMPORT_MERGE_ONLY;
1497
1498   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1499      scheme, then enable fake v3 keyid generation. */
1500   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1501      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1502          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1503     fakev3=1;
1504
1505   rc=keyidlist(users,&desc,&count,fakev3);
1506   if(rc)
1507     return rc;
1508
1509   if(count>0)
1510     {
1511       int i;
1512
1513       /* Try to handle preferred keyserver keys first */
1514       for(i=0;i<count;i++)
1515         {
1516           if(desc[i].skipfncvalue)
1517             {
1518               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1519
1520               /* We use the keyserver structure we parsed out before.
1521                  Note that a preferred keyserver without a scheme://
1522                  will be interpreted as hkp:// */
1523
1524               rc=keyserver_work(GET,NULL,&desc[i],1,keyserver);
1525               if(rc)
1526                 log_info(_("WARNING: unable to refresh key %s"
1527                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
1528                          keyserver->uri,g10_errstr(rc));
1529               else
1530                 {
1531                   /* We got it, so mark it as NONE so we don't try and
1532                      get it again from the regular keyserver. */
1533
1534                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1535                 }
1536
1537               free_keyserver_spec(keyserver);
1538             }
1539         }
1540
1541       if(opt.keyserver)
1542         {
1543           if(count==1)
1544             log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
1545           else
1546             log_info(_("refreshing %d keys from %s\n"),
1547                      count,opt.keyserver->uri);
1548         }
1549
1550       rc=keyserver_work(GET,NULL,desc,count,opt.keyserver);
1551     }
1552
1553   m_free(desc);
1554
1555   return rc;
1556 }
1557
1558 int
1559 keyserver_search(STRLIST tokens)
1560 {
1561   if(tokens)
1562     return keyserver_work(SEARCH,tokens,NULL,0,opt.keyserver);
1563   else
1564     return 0;
1565 }