Import OpenPGP keys into the agent.
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3  *               2009 Free Software Foundation, Inc.
4  *
5  * This file is part of GnuPG.
6  *
7  * GnuPG is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * GnuPG is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20
21 #include <config.h>
22 #include <ctype.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <assert.h>
27 #include <errno.h>
28
29 #include "gpg.h"
30 #include "iobuf.h"
31 #include "filter.h"
32 #include "keydb.h"
33 #include "status.h"
34 #include "exec.h"
35 #include "main.h"
36 #include "i18n.h"
37 #include "ttyio.h"
38 #include "options.h"
39 #include "packet.h"
40 #include "trustdb.h"
41 #include "keyserver-internal.h"
42 #include "util.h"
43 #include "dns-cert.h"
44 #include "pka.h"
45 #ifdef USE_DNS_SRV
46 #include "srv.h"
47 #endif
48
49
50 #ifdef HAVE_W32_SYSTEM
51 /* It seems Vista doesn't grok X_OK and so fails access() tests.
52    Previous versions interpreted X_OK as F_OK anyway, so we'll just
53    use F_OK directly. */
54 #undef X_OK
55 #define X_OK F_OK
56 #endif /* HAVE_W32_SYSTEM */
57
58 struct keyrec
59 {
60   KEYDB_SEARCH_DESC desc;
61   u32 createtime,expiretime;
62   int size,flags;
63   byte type;
64   IOBUF uidbuf;
65   unsigned int lines;
66 };
67
68 enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
69
70 static struct parse_options keyserver_opts[]=
71   {
72     /* some of these options are not real - just for the help
73        message */
74     {"max-cert-size",0,NULL,NULL},
75     {"include-revoked",0,NULL,N_("include revoked keys in search results")},
76     {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
77     {"use-temp-files",0,NULL,
78      N_("use temporary files to pass data to keyserver helpers")},
79     {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL,
80      N_("do not delete temporary files after using them")},
81     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
82      NULL},
83     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
84      N_("automatically retrieve keys when verifying signatures")},
85     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
86      N_("honor the preferred keyserver URL set on the key")},
87     {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
88      N_("honor the PKA record set on a key when retrieving keys")},
89     {NULL,0,NULL,NULL}
90   };
91
92 static int keyserver_work(enum ks_action action,strlist_t list,
93                           KEYDB_SEARCH_DESC *desc,int count,
94                           unsigned char **fpr,size_t *fpr_len,
95                           struct keyserver_spec *keyserver);
96
97 /* Reasonable guess */
98 #define DEFAULT_MAX_CERT_SIZE 16384
99
100 static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
101
102 static void
103 add_canonical_option(char *option,strlist_t *list)
104 {
105   char *arg=argsplit(option);
106
107   if(arg)
108     {
109       char *joined;
110
111       joined=xmalloc(strlen(option)+1+strlen(arg)+1);
112       /* Make a canonical name=value form with no spaces */
113       strcpy(joined,option);
114       strcat(joined,"=");
115       strcat(joined,arg);
116       append_to_strlist(list,joined);
117       xfree(joined);
118     }
119   else
120     append_to_strlist(list,option);
121 }
122
123 int
124 parse_keyserver_options(char *options)
125 {
126   int ret=1;
127   char *tok;
128   char *max_cert=NULL;
129
130   keyserver_opts[0].value=&max_cert;
131
132   while((tok=optsep(&options)))
133     {
134       if(tok[0]=='\0')
135         continue;
136
137       /* For backwards compatibility.  1.2.x used honor-http-proxy and
138          there are a good number of documents published that recommend
139          it. */
140       if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
141         tok="http-proxy";
142       else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
143         tok="no-http-proxy";
144
145       /* We accept quite a few possible options here - some options to
146          handle specially, the keyserver_options list, and import and
147          export options that pertain to keyserver operations.  Note
148          that you must use strncasecmp here as there might be an
149          =argument attached which will foil the use of strcasecmp. */
150
151 #ifdef EXEC_TEMPFILE_ONLY
152       if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
153               ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
154         log_info(_("WARNING: keyserver option `%s' is not used"
155                    " on this platform\n"),tok);
156 #else
157       if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
158         opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
159       else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
160         opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
161 #endif
162       else if(!parse_options(tok,&opt.keyserver_options.options,
163                              keyserver_opts,0)
164          && !parse_import_options(tok,
165                                   &opt.keyserver_options.import_options,0)
166          && !parse_export_options(tok,
167                                   &opt.keyserver_options.export_options,0))
168         {
169           /* All of the standard options have failed, so the option is
170              destined for a keyserver plugin. */
171           add_canonical_option(tok,&opt.keyserver_options.other);
172         }
173     }
174
175   if(max_cert)
176     {
177       max_cert_size=strtoul(max_cert,(char **)NULL,10);
178
179       if(max_cert_size==0)
180         max_cert_size=DEFAULT_MAX_CERT_SIZE;
181     }
182
183   return ret;
184 }
185
186 void
187 free_keyserver_spec(struct keyserver_spec *keyserver)
188 {
189   xfree(keyserver->uri);
190   xfree(keyserver->scheme);
191   xfree(keyserver->auth);
192   xfree(keyserver->host);
193   xfree(keyserver->port);
194   xfree(keyserver->path);
195   xfree(keyserver->opaque);
196   free_strlist(keyserver->options);
197   xfree(keyserver);
198 }
199
200 /* Return 0 for match */
201 static int
202 cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
203 {
204   if(ascii_strcasecmp(one->scheme,two->scheme)==0)
205     {
206       if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
207         {
208           if((one->port && two->port
209               && ascii_strcasecmp(one->port,two->port)==0)
210              || (!one->port && !two->port))
211             return 0;
212         }
213       else if(one->opaque && two->opaque
214               && ascii_strcasecmp(one->opaque,two->opaque)==0)
215         return 0;
216     }
217
218   return 1;
219 }
220
221 /* Try and match one of our keyservers.  If we can, return that.  If
222    we can't, return our input. */
223 struct keyserver_spec *
224 keyserver_match(struct keyserver_spec *spec)
225 {
226   struct keyserver_spec *ks;
227
228   for(ks=opt.keyserver;ks;ks=ks->next)
229     if(cmp_keyserver_spec(spec,ks)==0)
230       return ks;
231
232   return spec;
233 }
234
235 /* TODO: once we cut over to an all-curl world, we don't need this
236    parser any longer so it can be removed, or at least moved to
237    keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
238
239 struct keyserver_spec *
240 parse_keyserver_uri(const char *string,int require_scheme,
241                     const char *configname,unsigned int configlineno)
242 {
243   int assume_hkp=0;
244   struct keyserver_spec *keyserver;
245   const char *idx;
246   int count;
247   char *uri,*options;
248
249   assert(string!=NULL);
250
251   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
252
253   uri=xstrdup(string);
254
255   options=strchr(uri,' ');
256   if(options)
257     {
258       char *tok;
259
260       *options='\0';
261       options++;
262
263       while((tok=optsep(&options)))
264         add_canonical_option(tok,&keyserver->options);
265     }
266
267   /* Get the scheme */
268
269   for(idx=uri,count=0;*idx && *idx!=':';idx++)
270     {
271       count++;
272
273       /* Do we see the start of an RFC-2732 ipv6 address here?  If so,
274          there clearly isn't a scheme so get out early. */
275       if(*idx=='[')
276         {
277           /* Was the '[' the first thing in the string?  If not, we
278              have a mangled scheme with a [ in it so fail. */
279           if(count==1)
280             break;
281           else
282             goto fail;
283         }
284     }
285
286   if(count==0)
287     goto fail;
288
289   if(*idx=='\0' || *idx=='[')
290     {
291       if(require_scheme)
292         return NULL;
293
294       /* Assume HKP if there is no scheme */
295       assume_hkp=1;
296       keyserver->scheme=xstrdup("hkp");
297
298       keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
299       strcpy(keyserver->uri,keyserver->scheme);
300       strcat(keyserver->uri,"://");
301       strcat(keyserver->uri,uri);
302     }
303   else
304     {
305       int i;
306
307       keyserver->uri=xstrdup(uri);
308
309       keyserver->scheme=xmalloc(count+1);
310
311       /* Force to lowercase */
312       for(i=0;i<count;i++)
313         keyserver->scheme[i]=ascii_tolower(uri[i]);
314
315       keyserver->scheme[i]='\0';
316
317       /* Skip past the scheme and colon */
318       uri+=count+1;
319     }
320
321   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
322     {
323       deprecated_warning(configname,configlineno,"x-broken-hkp",
324                          "--keyserver-options ","broken-http-proxy");
325       xfree(keyserver->scheme);
326       keyserver->scheme=xstrdup("hkp");
327       append_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
328     }
329   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
330     {
331       /* Canonicalize this to "hkp" so it works with both the internal
332          and external keyserver interface. */
333       xfree(keyserver->scheme);
334       keyserver->scheme=xstrdup("hkp");
335     }
336
337   if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
338     {
339       /* Three slashes means network path with a default host name.
340          This is a hack because it does not crok all possible
341          combiantions.  We should better repalce all code bythe parser
342          from http.c.  */
343       keyserver->path = xstrdup (uri+2);
344     }
345   else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
346     {
347       /* Two slashes means network path. */
348
349       /* Skip over the "//", if any */
350       if(!assume_hkp)
351         uri+=2;
352
353       /* Do we have userinfo auth data present? */
354       for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
355         count++;
356
357       /* We found a @ before the slash, so that means everything
358          before the @ is auth data. */
359       if(*idx=='@')
360         {
361           if(count==0)
362             goto fail;
363
364           keyserver->auth=xmalloc(count+1);
365           strncpy(keyserver->auth,uri,count);
366           keyserver->auth[count]='\0';
367           uri+=count+1;
368         }
369
370       /* Is it an RFC-2732 ipv6 [literal address] ? */
371       if(*uri=='[')
372         {
373           for(idx=uri+1,count=1;*idx
374                 && ((isascii (*idx) && isxdigit(*idx))
375                     || *idx==':' || *idx=='.');idx++)
376             count++;
377
378           /* Is the ipv6 literal address terminated? */
379           if(*idx==']')
380             count++;
381           else
382             goto fail;
383         }
384       else
385         for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
386           count++;
387
388       if(count==0)
389         goto fail;
390
391       keyserver->host=xmalloc(count+1);
392       strncpy(keyserver->host,uri,count);
393       keyserver->host[count]='\0';
394
395       /* Skip past the host */
396       uri+=count;
397
398       if(*uri==':')
399         {
400           /* It would seem to be reasonable to limit the range of the
401              ports to values between 1-65535, but RFC 1738 and 1808
402              imply there is no limit.  Of course, the real world has
403              limits. */
404
405           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
406             {
407               count++;
408
409               /* Ports are digits only */
410               if(!digitp(idx))
411                 goto fail;
412             }
413
414           keyserver->port=xmalloc(count+1);
415           strncpy(keyserver->port,uri+1,count);
416           keyserver->port[count]='\0';
417
418           /* Skip past the colon and port number */
419           uri+=1+count;
420         }
421
422       /* Everything else is the path */
423       if(*uri)
424         keyserver->path=xstrdup(uri);
425       else
426         keyserver->path=xstrdup("/");
427
428       if(keyserver->path[1])
429         keyserver->flags.direct_uri=1;
430     }
431   else if(uri[0]!='/')
432     {
433       /* No slash means opaque.  Just record the opaque blob and get
434          out. */
435       keyserver->opaque=xstrdup(uri);
436     }
437   else
438     {
439       /* One slash means absolute path.  We don't need to support that
440          yet. */
441       goto fail;
442     }
443
444   return keyserver;
445
446  fail:
447   free_keyserver_spec(keyserver);
448
449   return NULL;
450 }
451
452 struct keyserver_spec *
453 parse_preferred_keyserver(PKT_signature *sig)
454 {
455   struct keyserver_spec *spec=NULL;
456   const byte *p;
457   size_t plen;
458
459   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
460   if(p && plen)
461     {
462       byte *dupe=xmalloc(plen+1);
463
464       memcpy(dupe,p,plen);
465       dupe[plen]='\0';
466       spec=parse_keyserver_uri(dupe,1,NULL,0);
467       xfree(dupe);
468     }
469
470   return spec;
471 }
472
473 static void
474 print_keyrec(int number,struct keyrec *keyrec)
475 {
476   int i;
477
478   iobuf_writebyte(keyrec->uidbuf,0);
479   iobuf_flush_temp(keyrec->uidbuf);
480   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
481
482   if(keyrec->size>0)
483     printf("%d bit ",keyrec->size);
484
485   if(keyrec->type)
486     {
487       const char *str = gcry_pk_algo_name (keyrec->type);
488
489       if(str)
490         printf("%s ",str);
491       else
492         printf("unknown ");
493     }
494
495   switch(keyrec->desc.mode)
496     {
497       /* If the keyserver helper gave us a short keyid, we have no
498          choice but to use it.  Do check --keyid-format to add a 0x if
499          needed. */
500     case KEYDB_SEARCH_MODE_SHORT_KID:
501       printf("key %s%08lX",
502              (opt.keyid_format==KF_0xSHORT
503               || opt.keyid_format==KF_0xLONG)?"0x":"",
504              (ulong)keyrec->desc.u.kid[1]);
505       break;
506
507       /* However, if it gave us a long keyid, we can honor
508          --keyid-format */
509     case KEYDB_SEARCH_MODE_LONG_KID:
510       printf("key %s",keystr(keyrec->desc.u.kid));
511       break;
512
513     case KEYDB_SEARCH_MODE_FPR16:
514       printf("key ");
515       for(i=0;i<16;i++)
516         printf("%02X",keyrec->desc.u.fpr[i]);
517       break;
518
519     case KEYDB_SEARCH_MODE_FPR20:
520       printf("key ");
521       for(i=0;i<20;i++)
522         printf("%02X",keyrec->desc.u.fpr[i]);
523       break;
524
525     default:
526       BUG();
527       break;
528     }
529
530   if(keyrec->createtime>0)
531     {
532       printf(", ");
533       printf(_("created: %s"),strtimestamp(keyrec->createtime));
534     }
535
536   if(keyrec->expiretime>0)
537     {
538       printf(", ");
539       printf(_("expires: %s"),strtimestamp(keyrec->expiretime));
540     }
541
542   if(keyrec->flags&1)
543     printf(" (%s)",_("revoked"));
544   if(keyrec->flags&2)
545     printf(" (%s)",_("disabled"));
546   if(keyrec->flags&4)
547     printf(" (%s)",_("expired"));
548
549   printf("\n");
550 }
551
552 /* Returns a keyrec (which must be freed) once a key is complete, and
553    NULL otherwise.  Call with a NULL keystring once key parsing is
554    complete to return any unfinished keys. */
555 static struct keyrec *
556 parse_keyrec(char *keystring)
557 {
558   static struct keyrec *work=NULL;
559   struct keyrec *ret=NULL;
560   char *record;
561   int i;
562
563   if(keystring==NULL)
564     {
565       if(work==NULL)
566         return NULL;
567       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
568         {
569           xfree(work);
570           return NULL;
571         }
572       else
573         {
574           ret=work;
575           work=NULL;
576           return ret;
577         }
578     }
579
580   if(work==NULL)
581     {
582       work=xmalloc_clear(sizeof(struct keyrec));
583       work->uidbuf=iobuf_temp();
584     }
585
586   /* Remove trailing whitespace */
587   for(i=strlen(keystring);i>0;i--)
588     if(ascii_isspace(keystring[i-1]))
589       keystring[i-1]='\0';
590     else
591       break;
592
593   if((record=strsep(&keystring,":"))==NULL)
594     return ret;
595
596   if(ascii_strcasecmp("pub",record)==0)
597     {
598       char *tok;
599       gpg_error_t err;
600
601       if(work->desc.mode)
602         {
603           ret=work;
604           work=xmalloc_clear(sizeof(struct keyrec));
605           work->uidbuf=iobuf_temp();
606         }
607
608       if((tok=strsep(&keystring,":"))==NULL)
609         return ret;
610
611       err = classify_user_id (tok, &work->desc);
612       if (err || (work->desc.mode    != KEYDB_SEARCH_MODE_SHORT_KID
613                   && work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID
614                   && work->desc.mode != KEYDB_SEARCH_MODE_FPR16
615                   && work->desc.mode != KEYDB_SEARCH_MODE_FPR20))
616         {
617           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
618           return ret;
619         }
620
621       /* Note all items after this are optional.  This allows us to
622          have a pub line as simple as pub:keyid and nothing else. */
623
624       work->lines++;
625
626       if((tok=strsep(&keystring,":"))==NULL)
627         return ret;
628
629       work->type=atoi(tok);
630
631       if((tok=strsep(&keystring,":"))==NULL)
632         return ret;
633
634       work->size=atoi(tok);
635
636       if((tok=strsep(&keystring,":"))==NULL)
637         return ret;
638
639       if(atoi(tok)<=0)
640         work->createtime=0;
641       else
642         work->createtime=atoi(tok);
643
644       if((tok=strsep(&keystring,":"))==NULL)
645         return ret;
646
647       if(atoi(tok)<=0)
648         work->expiretime=0;
649       else
650         {
651           work->expiretime=atoi(tok);
652           /* Force the 'e' flag on if this key is expired. */
653           if(work->expiretime<=make_timestamp())
654             work->flags|=4;
655         }
656
657       if((tok=strsep(&keystring,":"))==NULL)
658         return ret;
659
660       while(*tok)
661         switch(*tok++)
662           {
663           case 'r':
664           case 'R':
665             work->flags|=1;
666             break;
667             
668           case 'd':
669           case 'D':
670             work->flags|=2;
671             break;
672
673           case 'e':
674           case 'E':
675             work->flags|=4;
676             break;
677           }
678     }
679   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
680     {
681       char *userid,*tok,*decoded;
682
683       if((tok=strsep(&keystring,":"))==NULL)
684         return ret;
685
686       if(strlen(tok)==0)
687         return ret;
688
689       userid=tok;
690
691       /* By definition, de-%-encoding is always smaller than the
692          original string so we can decode in place. */
693
694       i=0;
695
696       while(*tok)
697         if(tok[0]=='%' && tok[1] && tok[2])
698           {
699             int c;
700
701             userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
702             i++;
703             tok+=3;
704           }
705         else
706           userid[i++]=*tok++;
707
708       /* We don't care about the other info provided in the uid: line
709          since no keyserver supports marking userids with timestamps
710          or revoked/expired/disabled yet. */
711
712       /* No need to check for control characters, as utf8_to_native
713          does this for us. */
714
715       decoded=utf8_to_native(userid,i,0);
716       if(strlen(decoded)>opt.screen_columns-10)
717         decoded[opt.screen_columns-10]='\0';
718       iobuf_writestr(work->uidbuf,decoded);
719       xfree(decoded);
720       iobuf_writestr(work->uidbuf,"\n\t");
721       work->lines++;
722     }
723
724   /* Ignore any records other than "pri" and "uid" for easy future
725      growth. */
726
727   return ret;
728 }
729
730 /* TODO: do this as a list sent to keyserver_work rather than calling
731    it once for each key to get the correct counts after the import
732    (cosmetics, really) and to better take advantage of the keyservers
733    that can do multiple fetches in one go (LDAP). */
734 static int
735 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
736 {
737   char *answer;
738
739   fflush (stdout);
740
741   if(count && opt.command_fd==-1)
742     {
743       static int from=1;
744       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
745       from=numdesc+1;
746     }
747
748   answer=cpr_get_no_help("keysearch.prompt",
749                          _("Enter number(s), N)ext, or Q)uit > "));
750   /* control-d */
751   if(answer[0]=='\x04')
752     {
753       printf("Q\n");
754       answer[0]='q';
755     }
756
757   if(answer[0]=='q' || answer[0]=='Q')
758     {
759       xfree(answer);
760       return 1;
761     }
762   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
763     {
764       char *split=answer,*num;
765
766       while((num=strsep(&split," ,"))!=NULL)
767         if(atoi(num)>=1 && atoi(num)<=numdesc)
768           keyserver_work(KS_GET,NULL,&desc[atoi(num)-1],1,
769                          NULL,NULL,opt.keyserver);
770
771       xfree(answer);
772       return 1;
773     }
774
775   return 0;
776 }
777
778 /* Count and searchstr are just for cosmetics.  If the count is too
779    small, it will grow safely.  If negative it disables the "Key x-y
780    of z" messages.  searchstr should be UTF-8 (rather than native). */
781 static void
782 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
783 {
784   int i=0,validcount=0,started=0,header=0,count=1;
785   unsigned int maxlen,buflen,numlines=0;
786   KEYDB_SEARCH_DESC *desc;
787   byte *line=NULL;
788   char *localstr=NULL;
789
790   if(searchstr)
791     localstr=utf8_to_native(searchstr,strlen(searchstr),0);
792
793   desc=xmalloc(count*sizeof(KEYDB_SEARCH_DESC));
794
795   for(;;)
796     {
797       struct keyrec *keyrec;
798       int rl;
799
800       maxlen=1024;
801       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
802
803       if(opt.with_colons)
804         {
805           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
806              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
807             {
808               header=1;
809               continue;
810             }
811           else if(ascii_strncasecmp("SEARCH ",line,7)==0
812                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
813             continue;
814
815           printf("%s",line);
816         }
817
818       /* Look for an info: line.  The only current info: values
819          defined are the version and key count. */
820       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
821         {
822           char *tok,*str=&line[5];
823
824           if((tok=strsep(&str,":"))!=NULL)
825             {
826               int version;
827
828               if(sscanf(tok,"%d",&version)!=1)
829                 version=1;
830
831               if(version!=1)
832                 {
833                   log_error(_("invalid keyserver protocol "
834                               "(us %d!=handler %d)\n"),1,version);
835                   break;
836                 }
837             }
838
839           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
840             {
841               if(count==0)
842                 goto notfound;
843               else if(count<0)
844                 count=10;
845               else
846                 validcount=1;
847
848               desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
849             }
850
851           started=1;
852           continue;
853         }
854
855       if(rl==0)
856         {
857           keyrec=parse_keyrec(NULL);
858
859           if(keyrec==NULL)
860             {
861               if(i==0)
862                 {
863                   count=0;
864                   break;
865                 }
866
867               if(i!=count)
868                 validcount=0;
869
870               if (opt.with_colons && opt.batch)
871                 break;
872                 
873               for(;;)
874                 {
875                   if(show_prompt(desc,i,validcount?count:0,localstr))
876                     break;
877                   validcount=0;
878                 }
879
880               break;
881             }
882         }
883       else
884         keyrec=parse_keyrec(line);
885
886       if(i==count)
887         {
888           /* keyserver helper sent more keys than they claimed in the
889              info: line. */
890           count+=10;
891           desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
892           validcount=0;
893         }
894
895       if(keyrec)
896         {
897           desc[i]=keyrec->desc;
898
899           if(!opt.with_colons)
900             {
901               /* screen_lines - 1 for the prompt. */
902               if(numlines+keyrec->lines>opt.screen_lines-1)
903                 {
904                   if(show_prompt(desc,i,validcount?count:0,localstr))
905                     break;
906                   else
907                     numlines=0;
908                 }
909
910               print_keyrec(i+1,keyrec);
911             }
912
913           numlines+=keyrec->lines;
914           iobuf_close(keyrec->uidbuf);
915           xfree(keyrec);
916
917           started=1;
918           i++;
919         }
920     }
921
922  notfound:
923   /* Leave this commented out or now, and perhaps for a very long
924      time.  All HKPish servers return HTML error messages for
925      no-key-found. */
926   /* 
927      if(!started)
928      log_info(_("keyserver does not support searching\n"));
929      else
930   */
931   if(count==0)
932     {
933       if(localstr)
934         log_info(_("key \"%s\" not found on keyserver\n"),localstr);
935       else
936         log_info(_("key not found on keyserver\n"));
937     }
938
939   xfree(localstr);
940   xfree(desc);
941   xfree(line);
942 }
943
944 /* We sometimes want to use a different gpgkeys_xxx for a given
945    protocol (for example, ldaps is handled by gpgkeys_ldap).  Map
946    these here. */
947 static const char *
948 keyserver_typemap(const char *type)
949 {
950   if(strcmp(type,"ldaps")==0)
951     return "ldap";
952   else if(strcmp(type,"hkps")==0)
953     return "hkp";
954   else
955     return type;
956 }
957
958 /* The PGP LDAP and the curl fetch-a-LDAP-object methodologies are
959    sufficiently different that we can't use curl to do LDAP. */
960 static int
961 direct_uri_map(const char *scheme,unsigned int is_direct)
962 {
963   if(is_direct && strcmp(scheme,"ldap")==0)
964     return 1;
965
966   return 0;
967 }
968
969 #if GNUPG_MAJOR_VERSION == 2
970 #define GPGKEYS_PREFIX "gpg2keys_"
971 #else
972 #define GPGKEYS_PREFIX "gpgkeys_"
973 #endif
974 #define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
975 #define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
976 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
977 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
978
979 static int 
980 keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
981                 int count,int *prog,unsigned char **fpr,size_t *fpr_len,
982                 struct keyserver_spec *keyserver)
983 {
984   int ret=0,i,gotversion=0,outofband=0;
985   strlist_t temp;
986   unsigned int maxlen,buflen;
987   char *command,*end,*searchstr=NULL;
988   byte *line=NULL;
989   struct exec_info *spawn;
990   const char *scheme;
991   const char *libexecdir = gnupg_libexecdir ();
992
993   assert(keyserver);
994
995 #ifdef EXEC_TEMPFILE_ONLY
996   opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
997 #endif
998
999   /* Build the filename for the helper to execute */
1000   scheme=keyserver_typemap(keyserver->scheme);
1001
1002 #ifdef DISABLE_KEYSERVER_PATH
1003   /* Destroy any path we might have.  This is a little tricky,
1004      portability-wise.  It's not correct to delete the PATH
1005      environment variable, as that may fall back to a system built-in
1006      PATH.  Similarly, it is not correct to set PATH to the null
1007      string (PATH="") since this actually deletes the PATH environment
1008      variable under MinGW.  The safest thing to do here is to force
1009      PATH to be GNUPG_LIBEXECDIR.  All this is not that meaningful on
1010      Unix-like systems (since we're going to give a full path to
1011      gpgkeys_foo), but on W32 it prevents loading any DLLs from
1012      directories in %PATH%.
1013
1014      After some more thinking about this we came to the conclusion
1015      that it is better to load the helpers from the directory where
1016      the program of this process lives.  Fortunately Windows provides
1017      a way to retrieve this and our gnupg_libexecdir function has been
1018      modified to return just this.  Setting the exec-path is not
1019      anymore required.  
1020        set_exec_path(libexecdir);
1021  */
1022 #else
1023   if(opt.exec_path_set)
1024     {
1025       /* If exec-path was set, and DISABLE_KEYSERVER_PATH is
1026          undefined, then don't specify a full path to gpgkeys_foo, so
1027          that the PATH can work. */
1028       command=xmalloc(GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
1029       command[0]='\0';
1030     }
1031   else
1032 #endif
1033     {
1034       /* Specify a full path to gpgkeys_foo. */
1035       command=xmalloc(strlen(libexecdir)+strlen(DIRSEP_S)+
1036                       GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1);
1037       strcpy(command,libexecdir);
1038       strcat(command,DIRSEP_S);
1039     }
1040
1041   end=command+strlen(command);
1042
1043   /* Build a path for the keyserver helper.  If it is direct_uri
1044      (i.e. an object fetch and not a keyserver), then add "_uri" to
1045      the end to distinguish the keyserver helper from an object
1046      fetcher that can speak that protocol (this is a problem for
1047      LDAP). */
1048
1049   strcat(command,GPGKEYS_PREFIX); 
1050   strcat(command,scheme);
1051
1052   /* This "_uri" thing is in case we need to call a direct handler
1053      instead of the keyserver handler.  This lets us use gpgkeys_curl
1054      or gpgkeys_ldap_uri (we don't provide it, but a user might)
1055      instead of gpgkeys_ldap to fetch things like
1056      ldap://keyserver.pgp.com/o=PGP%20keys?pgpkey?sub?pgpkeyid=99242560 */
1057
1058   if(direct_uri_map(scheme,keyserver->flags.direct_uri))
1059     strcat(command,"_uri");
1060
1061   strcat(command,EXEEXT);
1062
1063   /* Can we execute it?  If not, try curl as our catchall. */
1064   if(path_access(command,X_OK)!=0)
1065     strcpy(end,GPGKEYS_CURL);
1066
1067   if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
1068     {
1069       if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
1070         {
1071           command=xrealloc(command,strlen(command)+
1072                             strlen(KEYSERVER_ARGS_KEEP)+1);
1073           strcat(command,KEYSERVER_ARGS_KEEP);
1074         }
1075       else
1076         {
1077           command=xrealloc(command,strlen(command)+
1078                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
1079           strcat(command,KEYSERVER_ARGS_NOKEEP);  
1080         }
1081
1082       ret=exec_write(&spawn,NULL,command,NULL,0,0);
1083     }
1084   else
1085     ret=exec_write(&spawn,command,NULL,NULL,0,0);
1086
1087   xfree(command);
1088
1089   if(ret)
1090     return ret;
1091
1092   fprintf(spawn->tochild,
1093           "# This is a GnuPG %s keyserver communications file\n",VERSION);
1094   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
1095   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
1096   fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
1097
1098   if(keyserver->opaque)
1099     fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
1100   else
1101     {
1102       if(keyserver->auth)
1103         fprintf(spawn->tochild,"AUTH %s\n",keyserver->auth);
1104
1105       if(keyserver->host)
1106         fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
1107
1108       if(keyserver->port)
1109         fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
1110
1111       if(keyserver->path)
1112         fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
1113     }
1114
1115   /* Write global options */
1116
1117   for(temp=opt.keyserver_options.other;temp;temp=temp->next)
1118     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1119
1120   /* Write per-keyserver options */
1121
1122   for(temp=keyserver->options;temp;temp=temp->next)
1123     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1124
1125   switch(action)
1126     {
1127     case KS_GET:
1128       {
1129         fprintf(spawn->tochild,"COMMAND GET\n\n");
1130
1131         /* Which keys do we want? */
1132
1133         for(i=0;i<count;i++)
1134           {
1135             int quiet=0;
1136
1137             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
1138               {
1139                 int f;
1140
1141                 fprintf(spawn->tochild,"0x");
1142
1143                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
1144                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1145
1146                 fprintf(spawn->tochild,"\n");
1147               }
1148             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
1149               {
1150                 int f;
1151
1152                 fprintf(spawn->tochild,"0x");
1153
1154                 for(f=0;f<16;f++)
1155                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1156
1157                 fprintf(spawn->tochild,"\n");
1158               }
1159             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
1160               fprintf(spawn->tochild,"0x%08lX%08lX\n",
1161                       (ulong)desc[i].u.kid[0],
1162                       (ulong)desc[i].u.kid[1]);
1163             else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
1164               fprintf(spawn->tochild,"0x%08lX\n",
1165                       (ulong)desc[i].u.kid[1]);
1166             else if(desc[i].mode==KEYDB_SEARCH_MODE_EXACT)
1167               {
1168                 fprintf(spawn->tochild,"0x0000000000000000\n");
1169                 quiet=1;
1170               }
1171             else if(desc[i].mode==KEYDB_SEARCH_MODE_NONE)
1172               continue;
1173             else
1174               BUG();
1175
1176             if(!quiet)
1177               {
1178                 if(keyserver->host)
1179                   log_info(_("requesting key %s from %s server %s\n"),
1180                            keystr_from_desc(&desc[i]),
1181                            keyserver->scheme,keyserver->host);
1182                 else
1183                   log_info(_("requesting key %s from %s\n"),
1184                            keystr_from_desc(&desc[i]),keyserver->uri);
1185               }
1186           }
1187
1188         fprintf(spawn->tochild,"\n");
1189
1190         break;
1191       }
1192
1193     case KS_GETNAME:
1194       {
1195         strlist_t key;
1196
1197         fprintf(spawn->tochild,"COMMAND GETNAME\n\n");
1198
1199         /* Which names do we want? */
1200
1201         for(key=list;key!=NULL;key=key->next)
1202           fprintf(spawn->tochild,"%s\n",key->d);
1203
1204         fprintf(spawn->tochild,"\n");
1205
1206         if(keyserver->host)
1207           log_info(_("searching for names from %s server %s\n"),
1208                    keyserver->scheme,keyserver->host);
1209         else
1210           log_info(_("searching for names from %s\n"),keyserver->uri);
1211
1212         break;
1213       }
1214
1215     case KS_SEND:
1216       {
1217         strlist_t key;
1218
1219         /* Note the extra \n here to send an empty keylist block */
1220         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
1221
1222         for(key=list;key!=NULL;key=key->next)
1223           {
1224             armor_filter_context_t *afx;
1225             IOBUF buffer = iobuf_temp ();
1226             KBNODE block;
1227
1228             temp=NULL;
1229             add_to_strlist(&temp,key->d);
1230
1231             afx = new_armor_context ();
1232             afx->what = 1;
1233             /* Tell the armor filter to use Unix-style \n line
1234                endings, since we're going to fprintf this to a file
1235                that (on Win32) is open in text mode.  The win32 stdio
1236                will transform the \n to \r\n and we'll end up with the
1237                proper line endings on win32.  This is a no-op on
1238                Unix. */
1239             afx->eol[0] = '\n';
1240             push_armor_filter (afx, buffer);
1241             release_armor_context (afx);
1242
1243             /* TODO: Remove Comment: lines from keys exported this
1244                way? */
1245
1246             if(export_pubkeys_stream(buffer,temp,&block,
1247                                      opt.keyserver_options.export_options)==-1)
1248               iobuf_close(buffer);
1249             else
1250               {
1251                 KBNODE node;
1252
1253                 iobuf_flush_temp(buffer);
1254
1255                 merge_keys_and_selfsig(block);
1256
1257                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
1258                         (ulong)block->pkt->pkt.public_key->keyid[0],
1259                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1260
1261                 for(node=block;node;node=node->next)
1262                   {
1263                     switch(node->pkt->pkttype)
1264                       {
1265                       default:
1266                         continue;
1267
1268                       case PKT_PUBLIC_KEY:
1269                       case PKT_PUBLIC_SUBKEY:
1270                         {
1271                           PKT_public_key *pk=node->pkt->pkt.public_key;
1272
1273                           keyid_from_pk(pk,NULL);
1274
1275                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
1276                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
1277                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
1278                                   pk->pubkey_algo,
1279                                   nbits_from_pk(pk),
1280                                   pk->timestamp,
1281                                   pk->expiredate);
1282
1283                           if(pk->is_revoked)
1284                             fprintf(spawn->tochild,"r");
1285                           if(pk->has_expired)
1286                             fprintf(spawn->tochild,"e");
1287
1288                           fprintf(spawn->tochild,"\n");
1289                         }
1290                         break;
1291
1292                       case PKT_USER_ID:
1293                         {
1294                           PKT_user_id *uid=node->pkt->pkt.user_id;
1295                           int r;
1296
1297                           if(uid->attrib_data)
1298                             continue;
1299
1300                           fprintf(spawn->tochild,"uid:");
1301
1302                           /* Quote ':', '%', and any 8-bit
1303                              characters */
1304                           for(r=0;r<uid->len;r++)
1305                             {
1306                               if(uid->name[r]==':' || uid->name[r]=='%'
1307                                  || uid->name[r]&0x80)
1308                                 fprintf(spawn->tochild,"%%%02X",
1309                                         (byte)uid->name[r]);
1310                               else
1311                                 fprintf(spawn->tochild,"%c",uid->name[r]);
1312                             }
1313
1314                           fprintf(spawn->tochild,":%u:%u:",
1315                                   uid->created,uid->expiredate);
1316
1317                           if(uid->is_revoked)
1318                             fprintf(spawn->tochild,"r");
1319                           if(uid->is_expired)
1320                             fprintf(spawn->tochild,"e");
1321
1322                           fprintf(spawn->tochild,"\n");
1323                         }
1324                         break;
1325
1326                         /* This bit is really for the benefit of
1327                            people who store their keys in LDAP
1328                            servers.  It makes it easy to do queries
1329                            for things like "all keys signed by
1330                            Isabella". */
1331                       case PKT_SIGNATURE:
1332                         {
1333                           PKT_signature *sig=node->pkt->pkt.signature;
1334
1335                           if(!IS_UID_SIG(sig))
1336                             continue;
1337
1338                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
1339                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
1340                                   sig->sig_class,sig->timestamp,
1341                                   sig->expiredate);
1342                         }
1343                         break;
1344                       }
1345                   }
1346
1347                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
1348                         (ulong)block->pkt->pkt.public_key->keyid[0],
1349                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1350
1351                 fprintf(spawn->tochild,"KEY %08lX%08lX BEGIN\n",
1352                         (ulong)block->pkt->pkt.public_key->keyid[0],
1353                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1354                 fwrite(iobuf_get_temp_buffer(buffer),
1355                        iobuf_get_temp_length(buffer),1,spawn->tochild);
1356                 fprintf(spawn->tochild,"KEY %08lX%08lX END\n",
1357                         (ulong)block->pkt->pkt.public_key->keyid[0],
1358                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1359
1360                 iobuf_close(buffer);
1361
1362                 if(keyserver->host)
1363                   log_info(_("sending key %s to %s server %s\n"),
1364                            keystr(block->pkt->pkt.public_key->keyid),
1365                            keyserver->scheme,keyserver->host);
1366                 else
1367                   log_info(_("sending key %s to %s\n"),
1368                            keystr(block->pkt->pkt.public_key->keyid),
1369                            keyserver->uri);
1370
1371                 release_kbnode(block);
1372               }
1373
1374             free_strlist(temp);
1375           }
1376
1377         break;
1378       }
1379
1380     case KS_SEARCH:
1381       {
1382         strlist_t key;
1383
1384         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
1385
1386         /* Which keys do we want?  Remember that the gpgkeys_ program
1387            is going to lump these together into a search string. */
1388
1389         for(key=list;key!=NULL;key=key->next)
1390           {
1391             fprintf(spawn->tochild,"%s\n",key->d);
1392             if(key!=list)
1393               {
1394                 searchstr=xrealloc(searchstr,
1395                                     strlen(searchstr)+strlen(key->d)+2);
1396                 strcat(searchstr," ");
1397               }
1398             else
1399               {
1400                 searchstr=xmalloc(strlen(key->d)+1);
1401                 searchstr[0]='\0';
1402               }
1403
1404             strcat(searchstr,key->d);
1405           }
1406
1407         fprintf(spawn->tochild,"\n");
1408
1409         if(keyserver->host)
1410           log_info(_("searching for \"%s\" from %s server %s\n"),
1411                    searchstr,keyserver->scheme,keyserver->host);
1412         else
1413           log_info(_("searching for \"%s\" from %s\n"),
1414                    searchstr,keyserver->uri);
1415
1416         break;
1417       }
1418
1419     default:
1420       log_fatal(_("no keyserver action!\n"));
1421       break;
1422     }
1423
1424   /* Done sending, so start reading. */
1425   ret=exec_read(spawn);
1426   if(ret)
1427     goto fail;
1428
1429   /* Now handle the response */
1430
1431   for(;;)
1432     {
1433       int plen;
1434       char *ptr;
1435
1436       maxlen=1024;
1437       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1438         {
1439           ret = gpg_error_from_syserror ();
1440           goto fail; /* i.e. EOF */
1441         }
1442
1443       ptr=line;
1444
1445       /* remove trailing whitespace */
1446       plen=strlen(ptr);
1447       while(plen>0 && ascii_isspace(ptr[plen-1]))
1448         plen--;
1449       plen[ptr]='\0';
1450
1451       if(*ptr=='\0')
1452         break;
1453
1454       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1455         {
1456           gotversion=1;
1457
1458           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1459             {
1460               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1461                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1462               goto fail;
1463             }
1464         }
1465       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1466         {
1467           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1468             log_info(_("WARNING: keyserver handler from a different"
1469                        " version of GnuPG (%s)\n"),&ptr[8]);
1470         }
1471       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1472         outofband=1; /* Currently the only OPTION */
1473     }
1474
1475   if(!gotversion)
1476     {
1477       log_error(_("keyserver did not send VERSION\n"));
1478       goto fail;
1479     }
1480
1481   if(!outofband)
1482     switch(action)
1483       {
1484       case KS_GET:
1485       case KS_GETNAME:
1486         {
1487           void *stats_handle;
1488
1489           stats_handle=import_new_stats_handle();
1490
1491           /* Slurp up all the key data.  In the future, it might be
1492              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1493              It's harmless to ignore them, but ignoring them does make
1494              gpg complain about "no valid OpenPGP data found".  One
1495              way to do this could be to continue parsing this
1496              line-by-line and make a temp iobuf for each key. */
1497           
1498           /* FIXME: Pass CTRL.  */
1499           import_keys_stream (NULL, spawn->fromchild,stats_handle,fpr,fpr_len,
1500                               opt.keyserver_options.import_options);
1501
1502           import_print_stats(stats_handle);
1503           import_release_stats_handle(stats_handle);
1504
1505           break;
1506         }
1507
1508         /* Nothing to do here */
1509       case KS_SEND:
1510         break;
1511
1512       case KS_SEARCH:
1513         keyserver_search_prompt(spawn->fromchild,searchstr);
1514         break;
1515
1516       default:
1517         log_fatal(_("no keyserver action!\n"));
1518         break;
1519       }
1520
1521  fail:
1522   xfree(line);
1523   xfree(searchstr);
1524
1525
1526   *prog=exec_finish(spawn);
1527
1528   return ret;
1529 }
1530
1531 static int 
1532 keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
1533                int count,unsigned char **fpr,size_t *fpr_len,
1534                struct keyserver_spec *keyserver)
1535 {
1536   int rc=0,ret=0;
1537
1538   if(!keyserver)
1539     {
1540       log_error(_("no keyserver known (use option --keyserver)\n"));
1541       return G10ERR_BAD_URI;
1542     }
1543
1544 #ifdef DISABLE_KEYSERVER_HELPERS
1545
1546   log_error(_("external keyserver calls are not supported in this build\n"));
1547   return G10ERR_KEYSERVER;
1548
1549 #else
1550   /* Spawn a handler */
1551
1552   rc=keyserver_spawn(action,list,desc,count,&ret,fpr,fpr_len,keyserver);
1553   if(ret)
1554     {
1555       switch(ret)
1556         {
1557         case KEYSERVER_SCHEME_NOT_FOUND:
1558           log_error(_("no handler for keyserver scheme `%s'\n"),
1559                     keyserver->scheme);
1560           break;
1561
1562         case KEYSERVER_NOT_SUPPORTED:
1563           log_error(_("action `%s' not supported with keyserver "
1564                       "scheme `%s'\n"),
1565                     action==KS_GET?"get":action==KS_SEND?"send":
1566                     action==KS_SEARCH?"search":"unknown",
1567                     keyserver->scheme);
1568           break;
1569
1570         case KEYSERVER_VERSION_ERROR:
1571           log_error(_(GPGKEYS_PREFIX "%s does not support"
1572                       " handler version %d\n"),
1573                     keyserver_typemap(keyserver->scheme),
1574                     KEYSERVER_PROTO_VERSION);
1575           break;
1576
1577         case KEYSERVER_TIMEOUT:
1578           log_error(_("keyserver timed out\n"));
1579           break;
1580
1581         case KEYSERVER_INTERNAL_ERROR:
1582         default:
1583           log_error(_("keyserver internal error\n"));
1584           break;
1585         }
1586
1587       return G10ERR_KEYSERVER;
1588     }
1589
1590   if(rc)
1591     {
1592       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1593
1594       return rc;
1595     }
1596
1597   return 0;
1598 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1599 }
1600
1601 int 
1602 keyserver_export(strlist_t users)
1603 {
1604   gpg_error_t err;
1605   strlist_t sl=NULL;
1606   KEYDB_SEARCH_DESC desc;
1607   int rc=0;
1608
1609   /* Weed out descriptors that we don't support sending */
1610   for(;users;users=users->next)
1611     {
1612       err = classify_user_id (users->d, &desc);
1613       if (err || (desc.mode    != KEYDB_SEARCH_MODE_SHORT_KID
1614                   && desc.mode != KEYDB_SEARCH_MODE_LONG_KID
1615                   && desc.mode != KEYDB_SEARCH_MODE_FPR16
1616                   && desc.mode != KEYDB_SEARCH_MODE_FPR20))
1617         {
1618           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1619           continue;
1620         }
1621       else
1622         append_to_strlist(&sl,users->d);
1623     }
1624
1625   if(sl)
1626     {
1627       rc=keyserver_work(KS_SEND,sl,NULL,0,NULL,NULL,opt.keyserver);
1628       free_strlist(sl);
1629     }
1630
1631   return rc;
1632 }
1633
1634 int 
1635 keyserver_import(strlist_t users)
1636 {
1637   gpg_error_t err;
1638   KEYDB_SEARCH_DESC *desc;
1639   int num=100,count=0;
1640   int rc=0;
1641
1642   /* Build a list of key ids */
1643   desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1644
1645   for(;users;users=users->next)
1646     {
1647       err = classify_user_id (users->d, &desc[count]);
1648       if (err || (desc[count].mode    != KEYDB_SEARCH_MODE_SHORT_KID
1649                   && desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID
1650                   && desc[count].mode != KEYDB_SEARCH_MODE_FPR16
1651                   && desc[count].mode != KEYDB_SEARCH_MODE_FPR20))
1652         {
1653           log_error (_("\"%s\" not a key ID: skipping\n"), users->d);
1654           continue;
1655         }
1656
1657       count++;
1658       if(count==num)
1659         {
1660           num+=100;
1661           desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1662         }
1663     }
1664
1665   if(count>0)
1666     rc=keyserver_work(KS_GET,NULL,desc,count,NULL,NULL,opt.keyserver);
1667
1668   xfree(desc);
1669
1670   return rc;
1671 }
1672
1673 int
1674 keyserver_import_fprint(const byte *fprint,size_t fprint_len,
1675                         struct keyserver_spec *keyserver)
1676 {
1677   KEYDB_SEARCH_DESC desc;
1678
1679   memset(&desc,0,sizeof(desc));
1680
1681   if(fprint_len==16)
1682     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1683   else if(fprint_len==20)
1684     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1685   else
1686     return -1;
1687
1688   memcpy(desc.u.fpr,fprint,fprint_len);
1689
1690   /* TODO: Warn here if the fingerprint we got doesn't match the one
1691      we asked for? */
1692   return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
1693 }
1694
1695 int 
1696 keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
1697 {
1698   KEYDB_SEARCH_DESC desc;
1699
1700   memset(&desc,0,sizeof(desc));
1701
1702   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1703   desc.u.kid[0]=keyid[0];
1704   desc.u.kid[1]=keyid[1];
1705
1706   return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
1707 }
1708
1709 /* code mostly stolen from do_export_stream */
1710 static int 
1711 keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1712 {
1713   int rc=0,ndesc,num=100;
1714   KBNODE keyblock=NULL,node;
1715   KEYDB_HANDLE kdbhd;
1716   KEYDB_SEARCH_DESC *desc;
1717   strlist_t sl;
1718
1719   *count=0;
1720
1721   *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1722
1723   kdbhd=keydb_new ();
1724
1725   if(!users)
1726     {
1727       ndesc = 1;
1728       desc = xmalloc_clear ( ndesc * sizeof *desc);
1729       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1730     }
1731   else
1732     {
1733       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1734         ;
1735       desc = xmalloc ( ndesc * sizeof *desc);
1736         
1737       for (ndesc=0, sl=users; sl; sl = sl->next)
1738         {
1739           gpg_error_t err; 
1740           if (!(err = classify_user_id (sl->d, desc+ndesc)))
1741             ndesc++;
1742           else
1743             log_error (_("key \"%s\" not found: %s\n"),
1744                        sl->d, gpg_strerror (err));
1745         }
1746     }
1747
1748   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1749     {
1750       if (!users) 
1751         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1752
1753       /* read the keyblock */
1754       rc = keydb_get_keyblock (kdbhd, &keyblock );
1755       if( rc )
1756         {
1757           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1758           goto leave;
1759         }
1760
1761       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1762         {
1763           /* This is to work around a bug in some keyservers (pksd and
1764              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1765              The answer is to refresh both the correct v4 keyid
1766              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1767              This only happens for key refresh using the HKP scheme
1768              and if the refresh-add-fake-v3-keyids keyserver option is
1769              set. */
1770           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1771              node->pkt->pkt.public_key->version>=4)
1772             {
1773               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1774               v3_keyid (node->pkt->pkt.public_key->pkey[0],
1775                         (*klist)[*count].u.kid);
1776               (*count)++;
1777
1778               if(*count==num)
1779                 {
1780                   num+=100;
1781                   *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1782                 }
1783             }
1784
1785           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1786              This is because it's easy to calculate any sort of keyid
1787              from a v4 fingerprint, but not a v3 fingerprint. */
1788
1789           if(node->pkt->pkt.public_key->version<4)
1790             {
1791               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1792               keyid_from_pk(node->pkt->pkt.public_key,
1793                             (*klist)[*count].u.kid);
1794             }
1795           else
1796             {
1797               size_t dummy;
1798
1799               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1800               fingerprint_from_pk(node->pkt->pkt.public_key,
1801                                   (*klist)[*count].u.fpr,&dummy);
1802             }
1803
1804           /* This is a little hackish, using the skipfncvalue as a
1805              void* pointer to the keyserver spec, but we don't need
1806              the skipfnc here, and it saves having an additional field
1807              for this (which would be wasted space most of the
1808              time). */
1809
1810           (*klist)[*count].skipfncvalue=NULL;
1811
1812           /* Are we honoring preferred keyservers? */
1813           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1814             {
1815               PKT_user_id *uid=NULL;
1816               PKT_signature *sig=NULL;
1817
1818               merge_keys_and_selfsig(keyblock);
1819
1820               for(node=node->next;node;node=node->next)
1821                 {
1822                   if(node->pkt->pkttype==PKT_USER_ID
1823                      && node->pkt->pkt.user_id->is_primary)
1824                     uid=node->pkt->pkt.user_id;
1825                   else if(node->pkt->pkttype==PKT_SIGNATURE
1826                           && node->pkt->pkt.signature->
1827                           flags.chosen_selfsig && uid)
1828                     {
1829                       sig=node->pkt->pkt.signature;
1830                       break;
1831                     }
1832                 }
1833
1834               /* Try and parse the keyserver URL.  If it doesn't work,
1835                  then we end up writing NULL which indicates we are
1836                  the same as any other key. */
1837               if(sig)
1838                 (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1839             }
1840
1841           (*count)++;
1842
1843           if(*count==num)
1844             {
1845               num+=100;
1846               *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1847             }
1848         }
1849     }
1850
1851   if(rc==-1)
1852     rc=0;
1853   
1854  leave:
1855   if(rc)
1856     xfree(*klist);
1857   xfree(desc);
1858   keydb_release(kdbhd);
1859   release_kbnode(keyblock);
1860
1861   return rc;
1862 }
1863
1864 /* Note this is different than the original HKP refresh.  It allows
1865    usernames to refresh only part of the keyring. */
1866
1867 int
1868 keyserver_refresh(strlist_t users)
1869 {
1870   int rc,count,numdesc,fakev3=0;
1871   KEYDB_SEARCH_DESC *desc;
1872   unsigned int options=opt.keyserver_options.import_options;
1873
1874   /* We switch merge-only on during a refresh, as 'refresh' should
1875      never import new keys, even if their keyids match. */
1876   opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
1877
1878   /* Similarly, we switch on fast-import, since refresh may make
1879      multiple import sets (due to preferred keyserver URLs).  We don't
1880      want each set to rebuild the trustdb.  Instead we do it once at
1881      the end here. */
1882   opt.keyserver_options.import_options|=IMPORT_FAST;
1883
1884   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1885      scheme, then enable fake v3 keyid generation. */
1886   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1887      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1888          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1889     fakev3=1;
1890
1891   rc=keyidlist(users,&desc,&numdesc,fakev3);
1892   if(rc)
1893     return rc;
1894
1895   count=numdesc;
1896   if(count>0)
1897     {
1898       int i;
1899
1900       /* Try to handle preferred keyserver keys first */
1901       for(i=0;i<numdesc;i++)
1902         {
1903           if(desc[i].skipfncvalue)
1904             {
1905               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1906
1907               /* We use the keyserver structure we parsed out before.
1908                  Note that a preferred keyserver without a scheme://
1909                  will be interpreted as hkp:// */
1910
1911               rc=keyserver_work(KS_GET,NULL,&desc[i],1,NULL,NULL,keyserver);
1912               if(rc)
1913                 log_info(_("WARNING: unable to refresh key %s"
1914                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
1915                          keyserver->uri,g10_errstr(rc));
1916               else
1917                 {
1918                   /* We got it, so mark it as NONE so we don't try and
1919                      get it again from the regular keyserver. */
1920
1921                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1922                   count--;
1923                 }
1924
1925               free_keyserver_spec(keyserver);
1926             }
1927         }
1928     }
1929
1930   if(count>0)
1931     {
1932       if(opt.keyserver)
1933         {
1934           if(count==1)
1935             log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
1936           else
1937             log_info(_("refreshing %d keys from %s\n"),
1938                      count,opt.keyserver->uri);
1939         }
1940
1941       rc=keyserver_work(KS_GET,NULL,desc,numdesc,NULL,NULL,opt.keyserver);
1942     }
1943
1944   xfree(desc);
1945
1946   opt.keyserver_options.import_options=options;
1947
1948   /* If the original options didn't have fast import, and the trustdb
1949      is dirty, rebuild. */
1950   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1951     trustdb_check_or_update();
1952
1953   return rc;
1954 }
1955
1956 int
1957 keyserver_search(strlist_t tokens)
1958 {
1959   if(tokens)
1960     return keyserver_work(KS_SEARCH,tokens,NULL,0,NULL,NULL,opt.keyserver);
1961   else
1962     return 0;
1963 }
1964
1965 int
1966 keyserver_fetch(strlist_t urilist)
1967 {
1968   KEYDB_SEARCH_DESC desc;
1969   strlist_t sl;
1970   unsigned int options=opt.keyserver_options.import_options;
1971
1972   /* Switch on fast-import, since fetch can handle more than one
1973      import and we don't want each set to rebuild the trustdb.
1974      Instead we do it once at the end. */
1975   opt.keyserver_options.import_options|=IMPORT_FAST;
1976
1977   /* A dummy desc since we're not actually fetching a particular key
1978      ID */
1979   memset(&desc,0,sizeof(desc));
1980   desc.mode=KEYDB_SEARCH_MODE_EXACT;
1981
1982   for(sl=urilist;sl;sl=sl->next)
1983     {
1984       struct keyserver_spec *spec;
1985
1986       spec=parse_keyserver_uri(sl->d,1,NULL,0);
1987       if(spec)
1988         {
1989           int rc;
1990
1991           rc=keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,spec);
1992           if(rc)
1993             log_info (_("WARNING: unable to fetch URI %s: %s\n"),
1994                      sl->d,g10_errstr(rc));
1995
1996           free_keyserver_spec(spec);
1997         }
1998       else
1999         log_info (_("WARNING: unable to parse URI %s\n"),sl->d);
2000     }
2001
2002   opt.keyserver_options.import_options=options;
2003
2004   /* If the original options didn't have fast import, and the trustdb
2005      is dirty, rebuild. */
2006   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
2007     trustdb_check_or_update();
2008
2009   return 0;
2010 }
2011
2012 /* Import key in a CERT or pointed to by a CERT */
2013 int
2014 keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
2015 {
2016   char *domain,*look,*url;
2017   IOBUF key;
2018   int type,rc=G10ERR_GENERAL;
2019
2020   look=xstrdup(name);
2021
2022   domain=strrchr(look,'@');
2023   if(domain)
2024     *domain='.';
2025
2026   type=get_dns_cert(look,max_cert_size,&key,fpr,fpr_len,&url);
2027   if (!type || type == -1)
2028     {
2029       /* There might be an error in res_query which leads to an error
2030          return (-1) in the case that nothing was found.  Thus we take
2031          all errors as key not found.  */
2032       rc = G10ERR_NO_PUBKEY;
2033     }
2034   else if (type==1)
2035     {
2036       int armor_status=opt.no_armor;
2037
2038       /* CERTs are always in binary format */
2039       opt.no_armor=1;
2040
2041       /* FIXME: Pass CTRL.  */
2042       rc = import_keys_stream (NULL, key, NULL, fpr, fpr_len,
2043                                opt.keyserver_options.import_options);
2044
2045       opt.no_armor=armor_status;
2046
2047       iobuf_close(key);
2048     }
2049   else if(type==2 && *fpr)
2050     {
2051       /* We only consider the IPGP type if a fingerprint was provided.
2052          This lets us select the right key regardless of what a URL
2053          points to, or get the key from a keyserver. */
2054       if(url)
2055         {
2056           struct keyserver_spec *spec;
2057
2058           spec=parse_keyserver_uri(url,1,NULL,0);
2059           if(spec)
2060             {
2061               rc=keyserver_import_fprint(*fpr,*fpr_len,spec);
2062               free_keyserver_spec(spec);
2063             }
2064         }
2065       else if(opt.keyserver)
2066         {
2067           /* If only a fingerprint is provided, try and fetch it from
2068              our --keyserver */
2069
2070           rc=keyserver_import_fprint(*fpr,*fpr_len,opt.keyserver);
2071         }
2072       else
2073         log_info(_("no keyserver known (use option --keyserver)\n"));
2074
2075       /* Give a better string here? "CERT fingerprint for \"%s\"
2076          found, but no keyserver" " known (use option
2077          --keyserver)\n" ? */
2078
2079       xfree(url);
2080     }
2081
2082   xfree(look);
2083
2084   return rc;
2085 }
2086
2087 /* Import key pointed to by a PKA record. Return the requested
2088    fingerprint in fpr. */
2089 int
2090 keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len)
2091 {
2092   char *uri;
2093   int rc = G10ERR_NO_PUBKEY;
2094
2095   *fpr = xmalloc (20);
2096   *fpr_len = 20;
2097
2098   uri = get_pka_info (name, *fpr);
2099   if (uri && *uri)
2100     {
2101       /* An URI is available.  Lookup the key. */
2102       struct keyserver_spec *spec;
2103       spec = parse_keyserver_uri (uri, 1, NULL, 0);
2104       if (spec)
2105         {
2106           rc = keyserver_import_fprint (*fpr, 20, spec);
2107           free_keyserver_spec (spec);
2108         }
2109       xfree (uri);
2110     }
2111
2112   if (rc)
2113     {
2114       xfree(*fpr);
2115       *fpr = NULL;
2116     }
2117
2118   return rc;
2119 }
2120
2121 /* Import all keys that match name */
2122 int
2123 keyserver_import_name(const char *name,unsigned char **fpr,size_t *fpr_len,
2124                       struct keyserver_spec *keyserver)
2125 {
2126   strlist_t list=NULL;
2127   int rc;
2128
2129   append_to_strlist(&list,name);
2130
2131   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
2132
2133   free_strlist(list);
2134
2135   return rc;
2136 }
2137
2138 /* Import a key by name using LDAP */
2139 int
2140 keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
2141 {
2142   char *domain;
2143   struct keyserver_spec *keyserver;
2144   strlist_t list=NULL;
2145   int rc,hostlen=1;
2146 #ifdef USE_DNS_SRV
2147   struct srventry *srvlist=NULL;
2148   int srvcount,i;
2149   char srvname[MAXDNAME];
2150 #endif
2151
2152   /* Parse out the domain */
2153   domain=strrchr(name,'@');
2154   if(!domain)
2155     return G10ERR_GENERAL;
2156
2157   domain++;
2158
2159   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
2160   keyserver->scheme=xstrdup("ldap");
2161   keyserver->host=xmalloc(1);
2162   keyserver->host[0]='\0';
2163
2164 #ifdef USE_DNS_SRV
2165   snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
2166
2167   srvcount=getsrv(srvname,&srvlist);
2168
2169   for(i=0;i<srvcount;i++)
2170     {
2171       hostlen+=strlen(srvlist[i].target)+1;
2172       keyserver->host=xrealloc(keyserver->host,hostlen);
2173
2174       strcat(keyserver->host,srvlist[i].target);
2175
2176       if(srvlist[i].port!=389)
2177         {
2178           char port[7];
2179
2180           hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
2181           keyserver->host=xrealloc(keyserver->host,hostlen);
2182
2183           snprintf(port,7,":%u",srvlist[i].port);
2184           strcat(keyserver->host,port);
2185         }
2186         
2187       strcat(keyserver->host," ");
2188     }
2189
2190   free(srvlist);
2191 #endif
2192
2193   /* If all else fails, do the PGP Universal trick of
2194      ldap://keys.(domain) */
2195
2196   hostlen+=5+strlen(domain);
2197   keyserver->host=xrealloc(keyserver->host,hostlen);
2198   strcat(keyserver->host,"keys.");
2199   strcat(keyserver->host,domain);
2200
2201   append_to_strlist(&list,name);
2202     
2203   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
2204
2205   free_strlist(list);
2206
2207   free_keyserver_spec(keyserver);
2208
2209   return rc;
2210 }