* gpgv.c: Stub.
[gnupg.git] / g10 / keyserver.c
1 /* keyserver.c - generic keyserver code
2  * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
3  *
4  * This file is part of GnuPG.
5  *
6  * GnuPG is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * GnuPG is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
19  * USA.
20  */
21
22 #include <config.h>
23 #include <ctype.h>
24 #include <stdio.h>
25 #include <string.h>
26 #include <stdlib.h>
27 #include <assert.h>
28 #ifdef HAVE_LIBCURL
29 #include <curl/curl.h>
30 #endif
31 #include "filter.h"
32 #include "keydb.h"
33 #include "status.h"
34 #include "exec.h"
35 #include "main.h"
36 #include "i18n.h"
37 #include "iobuf.h"
38 #include "memory.h"
39 #include "ttyio.h"
40 #include "options.h"
41 #include "packet.h"
42 #include "trustdb.h"
43 #include "keyserver-internal.h"
44 #include "util.h"
45
46 #define GPGKEYS_PREFIX "gpgkeys_"
47
48 #if defined(HAVE_LIBCURL) || defined(FAKE_CURL)
49 #define GPGKEYS_CURL "gpgkeys_curl"
50 #endif
51
52 #ifdef GPGKEYS_CURL
53 #define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_PREFIX)+strlen(GPGKEYS_CURL))
54 #else
55 #define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_PREFIX))
56 #endif
57
58 struct keyrec
59 {
60   KEYDB_SEARCH_DESC desc;
61   u32 createtime,expiretime;
62   int size,flags;
63   byte type;
64   IOBUF uidbuf;
65   unsigned int lines;
66 };
67
68 enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
69
70 /* Tell remote processes about these options */
71 #define REMOTE_TELL (KEYSERVER_INCLUDE_REVOKED|KEYSERVER_INCLUDE_SUBKEYS|KEYSERVER_TRY_DNS_SRV)
72
73 static struct parse_options keyserver_opts[]=
74   {
75     {"include-revoked",KEYSERVER_INCLUDE_REVOKED,NULL,
76      N_("include revoked keys in search results")},
77     {"include-subkeys",KEYSERVER_INCLUDE_SUBKEYS,NULL,
78      N_("include subkeys when searching by key ID")},
79     /* not a real option - just for the help message */
80     {"use-temp-files",0,NULL,
81      N_("use temporary files to pass data to keyserver helpers")},
82     {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL,
83      N_("do not delete temporary files after using them")},
84     {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
85      NULL},
86     {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
87      N_("automatically retrieve keys when verifying signatures")},
88     {"auto-pka-retrieve",KEYSERVER_AUTO_PKA_RETRIEVE,NULL,
89      N_("automatically retrieve keys from DNS")},
90     {"try-dns-srv",KEYSERVER_TRY_DNS_SRV,NULL,
91      NULL},
92     {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
93      N_("honor the preferred keyserver URL set on the key")},
94     {NULL,0,NULL,NULL}
95   };
96
97 static int keyserver_work(enum ks_action action,STRLIST list,
98                           KEYDB_SEARCH_DESC *desc,int count,
99                           struct keyserver_spec *keyserver);
100
101 int
102 parse_keyserver_options(char *options)
103 {
104   int ret=1;
105   char *tok;
106
107   while((tok=optsep(&options)))
108     {
109       if(tok[0]=='\0')
110         continue;
111
112       /* For backwards compatibility.  1.2.x used honor-http-proxy and
113          there are a good number of documents published that recommend
114          it. */
115       if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
116         tok="http-proxy";
117       else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
118         tok="no-http-proxy";
119
120       /* We accept quite a few possible options here - some options to
121          handle specially, the keyserver_options list, and import and
122          export options that pertain to keyserver operations.  Note
123          that you must use strncasecmp here as there might be an
124          =argument attached which will foil the use of strcasecmp. */
125
126 #ifdef EXEC_TEMPFILE_ONLY
127       if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
128               ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
129         log_info(_("WARNING: keyserver option `%s' is not used"
130                    " on this platform\n"),tok);
131 #else
132       if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
133         opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
134       else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
135         opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
136 #endif
137       else if(!parse_options(tok,&opt.keyserver_options.options,
138                              keyserver_opts,0)
139          && !parse_import_options(tok,
140                                   &opt.keyserver_options.import_options,0)
141          && !parse_export_options(tok,
142                                   &opt.keyserver_options.export_options,0))
143         {
144           /* All of the standard options have failed, so the option is
145              destined for a keyserver plugin. */
146           char *arg=argsplit(tok);
147
148           if(arg)
149             {
150               char *joined;
151
152               joined=xmalloc(strlen(tok)+1+strlen(arg)+1);
153               /* Make a canonical name=value form with no
154                  spaces */
155               strcpy(joined,tok);
156               strcat(joined,"=");
157               strcat(joined,arg);
158               add_to_strlist(&opt.keyserver_options.other,joined);
159               xfree(joined);
160             }
161           else
162             add_to_strlist(&opt.keyserver_options.other,tok);
163         }
164     }
165
166   return ret;
167 }
168
169 void
170 free_keyserver_spec(struct keyserver_spec *keyserver)
171 {
172   xfree(keyserver->uri);
173   xfree(keyserver->scheme);
174   xfree(keyserver->auth);
175   xfree(keyserver->host);
176   xfree(keyserver->port);
177   xfree(keyserver->path);
178   xfree(keyserver->opaque);
179   xfree(keyserver);
180 }
181
182 /* TODO: once we cut over to an all-curl world, we don't need this
183    parser any longer so it can be removed, or at least moved to
184    keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
185
186 struct keyserver_spec *
187 parse_keyserver_uri(const char *uri,int require_scheme,
188                     const char *configname,unsigned int configlineno)
189 {
190   int assume_hkp=0;
191   struct keyserver_spec *keyserver;
192   const char *idx;
193   int count;
194
195   assert(uri!=NULL);
196
197   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
198
199   keyserver->uri=xstrdup(uri);
200
201   /* Get the scheme */
202
203   for(idx=uri,count=0;*idx && *idx!=':';idx++)
204     {
205       count++;
206
207       /* Do we see the start of an RFC-2732 ipv6 address here?  If so,
208          there clearly isn't a scheme so get out early. */
209       if(*idx=='[')
210         {
211           /* Was the '[' the first thing in the string?  If not, we
212              have a mangled scheme with a [ in it so fail. */
213           if(count==1)
214             break;
215           else
216             goto fail;
217         }
218     }
219
220   if(count==0)
221     goto fail;
222
223   if(*idx=='\0' || *idx=='[')
224     {
225       if(require_scheme)
226         return NULL;
227
228       /* Assume HKP if there is no scheme */
229       assume_hkp=1;
230       keyserver->scheme=xstrdup("hkp");
231     }
232   else
233     {
234       int i;
235
236       keyserver->scheme=xmalloc(count+1);
237
238       /* Force to lowercase */
239       for(i=0;i<count;i++)
240         keyserver->scheme[i]=ascii_tolower(uri[i]);
241
242       keyserver->scheme[i]='\0';
243
244       /* Skip past the scheme and colon */
245       uri+=count+1;
246     }
247
248   if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
249     {
250       deprecated_warning(configname,configlineno,"x-broken-hkp",
251                          "--keyserver-options ","broken-http-proxy");
252       xfree(keyserver->scheme);
253       keyserver->scheme=xstrdup("hkp");
254       add_to_strlist(&opt.keyserver_options.other,"broken-http-proxy");
255     }
256   else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
257     {
258       /* Canonicalize this to "hkp" so it works with both the internal
259          and external keyserver interface. */
260       xfree(keyserver->scheme);
261       keyserver->scheme=xstrdup("hkp");
262     }
263
264   if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
265     {
266       /* Two slashes means network path. */
267
268       /* Skip over the "//", if any */
269       if(!assume_hkp)
270         uri+=2;
271
272       /* Do we have userinfo auth data present? */
273       for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
274         count++;
275
276       /* We found a @ before the slash, so that means everything
277          before the @ is auth data. */
278       if(*idx=='@')
279         {
280           if(count==0)
281             goto fail;
282
283           keyserver->auth=xmalloc(count+1);
284           strncpy(keyserver->auth,uri,count);
285           keyserver->auth[count]='\0';
286           uri+=count+1;
287         }
288
289       /* Is it an RFC-2732 ipv6 [literal address] ? */
290       if(*uri=='[')
291         {
292           for(idx=uri+1,count=1;*idx
293                 && ((isascii (*idx) && isxdigit(*idx))
294                     || *idx==':' || *idx=='.');idx++)
295             count++;
296
297           /* Is the ipv6 literal address terminated? */
298           if(*idx==']')
299             count++;
300           else
301             goto fail;
302         }
303       else
304         for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
305           count++;
306
307       if(count==0)
308         goto fail;
309
310       keyserver->host=xmalloc(count+1);
311       strncpy(keyserver->host,uri,count);
312       keyserver->host[count]='\0';
313
314       /* Skip past the host */
315       uri+=count;
316
317       if(*uri==':')
318         {
319           /* It would seem to be reasonable to limit the range of the
320              ports to values between 1-65535, but RFC 1738 and 1808
321              imply there is no limit.  Of course, the real world has
322              limits. */
323
324           for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
325             {
326               count++;
327
328               /* Ports are digits only */
329               if(!digitp(idx))
330                 goto fail;
331             }
332
333           keyserver->port=xmalloc(count+1);
334           strncpy(keyserver->port,uri+1,count);
335           keyserver->port[count]='\0';
336
337           /* Skip past the colon and port number */
338           uri+=1+count;
339         }
340
341       /* Everything else is the path */
342       if(*uri)
343         keyserver->path=xstrdup(uri);
344       else
345         keyserver->path=xstrdup("/");
346     }
347   else if(uri[0]!='/')
348     {
349       /* No slash means opaque.  Just record the opaque blob and get
350          out. */
351       keyserver->opaque=xstrdup(uri);
352     }
353   else
354     {
355       /* One slash means absolute path.  We don't need to support that
356          yet. */
357       goto fail;
358     }
359
360   return keyserver;
361
362  fail:
363   free_keyserver_spec(keyserver);
364
365   return NULL;
366 }
367
368 struct keyserver_spec *
369 parse_preferred_keyserver(PKT_signature *sig)
370 {
371   struct keyserver_spec *spec=NULL;
372   const byte *p;
373   size_t plen;
374
375   p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
376   if(p && plen)
377     {
378       byte *dupe=xmalloc(plen+1);
379
380       memcpy(dupe,p,plen);
381       dupe[plen]='\0';
382       spec=parse_keyserver_uri(dupe,1,NULL,0);
383       xfree(dupe);
384     }
385
386   return spec;
387 }
388
389 static void
390 print_keyrec(int number,struct keyrec *keyrec)
391 {
392   int i;
393
394   iobuf_writebyte(keyrec->uidbuf,0);
395   iobuf_flush_temp(keyrec->uidbuf);
396   printf("(%d)\t%s  ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
397
398   if(keyrec->size>0)
399     printf("%d bit ",keyrec->size);
400
401   if(keyrec->type)
402     {
403       const char *str=pubkey_algo_to_string(keyrec->type);
404
405       if(str)
406         printf("%s ",str);
407       else
408         printf("unknown ");
409     }
410
411   switch(keyrec->desc.mode)
412     {
413       /* If the keyserver helper gave us a short keyid, we have no
414          choice but to use it.  Do check --keyid-format to add a 0x if
415          needed. */
416     case KEYDB_SEARCH_MODE_SHORT_KID:
417       printf("key %s%08lX",
418              (opt.keyid_format==KF_0xSHORT
419               || opt.keyid_format==KF_0xLONG)?"0x":"",
420              (ulong)keyrec->desc.u.kid[1]);
421       break;
422
423       /* However, if it gave us a long keyid, we can honor
424          --keyid-format */
425     case KEYDB_SEARCH_MODE_LONG_KID:
426       printf("key %s",keystr(keyrec->desc.u.kid));
427       break;
428
429     case KEYDB_SEARCH_MODE_FPR16:
430       printf("key ");
431       for(i=0;i<16;i++)
432         printf("%02X",keyrec->desc.u.fpr[i]);
433       break;
434
435     case KEYDB_SEARCH_MODE_FPR20:
436       printf("key ");
437       for(i=0;i<20;i++)
438         printf("%02X",keyrec->desc.u.fpr[i]);
439       break;
440
441     default:
442       BUG();
443       break;
444     }
445
446   if(keyrec->createtime>0)
447     {
448       printf(", ");
449       printf(_("created: %s"),strtimestamp(keyrec->createtime));
450     }
451
452   if(keyrec->expiretime>0)
453     {
454       printf(", ");
455       printf(_("expires: %s"),strtimestamp(keyrec->expiretime));
456     }
457
458   if(keyrec->flags&1)
459     printf(" (%s)",_("revoked"));
460   if(keyrec->flags&2)
461     printf(" (%s)",_("disabled"));
462   if(keyrec->flags&4)
463     printf(" (%s)",_("expired"));
464
465   printf("\n");
466 }
467
468 /* Returns a keyrec (which must be freed) once a key is complete, and
469    NULL otherwise.  Call with a NULL keystring once key parsing is
470    complete to return any unfinished keys. */
471 static struct keyrec *
472 parse_keyrec(char *keystring)
473 {
474   static struct keyrec *work=NULL;
475   struct keyrec *ret=NULL;
476   char *record;
477   int i;
478
479   if(keystring==NULL)
480     {
481       if(work==NULL)
482         return NULL;
483       else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
484         {
485           xfree(work);
486           return NULL;
487         }
488       else
489         {
490           ret=work;
491           work=NULL;
492           return ret;
493         }
494     }
495
496   if(work==NULL)
497     {
498       work=xmalloc_clear(sizeof(struct keyrec));
499       work->uidbuf=iobuf_temp();
500     }
501
502   /* Remove trailing whitespace */
503   for(i=strlen(keystring);i>0;i--)
504     if(ascii_isspace(keystring[i-1]))
505       keystring[i-1]='\0';
506     else
507       break;
508
509   if((record=strsep(&keystring,":"))==NULL)
510     return ret;
511
512   if(ascii_strcasecmp("pub",record)==0)
513     {
514       char *tok;
515
516       if(work->desc.mode)
517         {
518           ret=work;
519           work=xmalloc_clear(sizeof(struct keyrec));
520           work->uidbuf=iobuf_temp();
521         }
522
523       if((tok=strsep(&keystring,":"))==NULL)
524         return ret;
525
526       classify_user_id(tok,&work->desc);
527       if(work->desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID
528          && work->desc.mode!=KEYDB_SEARCH_MODE_LONG_KID
529          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR16
530          && work->desc.mode!=KEYDB_SEARCH_MODE_FPR20)
531         {
532           work->desc.mode=KEYDB_SEARCH_MODE_NONE;
533           return ret;
534         }
535
536       /* Note all items after this are optional.  This allows us to
537          have a pub line as simple as pub:keyid and nothing else. */
538
539       work->lines++;
540
541       if((tok=strsep(&keystring,":"))==NULL)
542         return ret;
543
544       work->type=atoi(tok);
545
546       if((tok=strsep(&keystring,":"))==NULL)
547         return ret;
548
549       work->size=atoi(tok);
550
551       if((tok=strsep(&keystring,":"))==NULL)
552         return ret;
553
554       if(atoi(tok)<=0)
555         work->createtime=0;
556       else
557         work->createtime=atoi(tok);
558
559       if((tok=strsep(&keystring,":"))==NULL)
560         return ret;
561
562       if(atoi(tok)<=0)
563         work->expiretime=0;
564       else
565         {
566           work->expiretime=atoi(tok);
567           /* Force the 'e' flag on if this key is expired. */
568           if(work->expiretime<=make_timestamp())
569             work->flags|=4;
570         }
571
572       if((tok=strsep(&keystring,":"))==NULL)
573         return ret;
574
575       while(*tok)
576         switch(*tok++)
577           {
578           case 'r':
579           case 'R':
580             work->flags|=1;
581             break;
582             
583           case 'd':
584           case 'D':
585             work->flags|=2;
586             break;
587
588           case 'e':
589           case 'E':
590             work->flags|=4;
591             break;
592           }
593     }
594   else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
595     {
596       char *userid,*tok,*decoded;
597
598       if((tok=strsep(&keystring,":"))==NULL)
599         return ret;
600
601       if(strlen(tok)==0)
602         return ret;
603
604       userid=tok;
605
606       /* By definition, de-%-encoding is always smaller than the
607          original string so we can decode in place. */
608
609       i=0;
610
611       while(*tok)
612         if(tok[0]=='%' && tok[1] && tok[2])
613           {
614             if((userid[i]=hextobyte(&tok[1]))==-1)
615               userid[i]='?';
616
617             i++;
618             tok+=3;
619           }
620         else
621           userid[i++]=*tok++;
622
623       /* We don't care about the other info provided in the uid: line
624          since no keyserver supports marking userids with timestamps
625          or revoked/expired/disabled yet. */
626
627       /* No need to check for control characters, as utf8_to_native
628          does this for us. */
629
630       decoded=utf8_to_native(userid,i,0);
631       if(strlen(decoded)>opt.screen_columns-10)
632         decoded[opt.screen_columns-10]='\0';
633       iobuf_writestr(work->uidbuf,decoded);
634       xfree(decoded);
635       iobuf_writestr(work->uidbuf,"\n\t");
636       work->lines++;
637     }
638
639   /* Ignore any records other than "pri" and "uid" for easy future
640      growth. */
641
642   return ret;
643 }
644
645 /* TODO: do this as a list sent to keyserver_work rather than calling
646    it once for each key to get the correct counts after the import
647    (cosmetics, really) and to better take advantage of the keyservers
648    that can do multiple fetches in one go (LDAP). */
649 static int
650 show_prompt(KEYDB_SEARCH_DESC *desc,int numdesc,int count,const char *search)
651 {
652   char *answer;
653
654   if(count && opt.command_fd==-1)
655     {
656       static int from=1;
657       tty_printf("Keys %d-%d of %d for \"%s\".  ",from,numdesc,count,search);
658       from=numdesc+1;
659     }
660
661   answer=cpr_get_no_help("keysearch.prompt",
662                          _("Enter number(s), N)ext, or Q)uit > "));
663   /* control-d */
664   if(answer[0]=='\x04')
665     {
666       printf("Q\n");
667       answer[0]='q';
668     }
669
670   if(answer[0]=='q' || answer[0]=='Q')
671     {
672       xfree(answer);
673       return 1;
674     }
675   else if(atoi(answer)>=1 && atoi(answer)<=numdesc)
676     {
677       char *split=answer,*num;
678
679       while((num=strsep(&split," ,"))!=NULL)
680         if(atoi(num)>=1 && atoi(num)<=numdesc)
681           keyserver_work(KS_GET,NULL,&desc[atoi(num)-1],1,opt.keyserver);
682
683       xfree(answer);
684       return 1;
685     }
686
687   return 0;
688 }
689
690 /* Count and searchstr are just for cosmetics.  If the count is too
691    small, it will grow safely.  If negative it disables the "Key x-y
692    of z" messages.  searchstr should be UTF-8 (rather than native). */
693 static void
694 keyserver_search_prompt(IOBUF buffer,const char *searchstr)
695 {
696   int i=0,validcount=0,started=0,header=0,count=1;
697   unsigned int maxlen,buflen,numlines=0;
698   KEYDB_SEARCH_DESC *desc;
699   byte *line=NULL;
700   char *localstr=NULL;
701
702   if(searchstr)
703     localstr=utf8_to_native(searchstr,strlen(searchstr),0);
704
705   desc=xmalloc(count*sizeof(KEYDB_SEARCH_DESC));
706
707   for(;;)
708     {
709       struct keyrec *keyrec;
710       int rl;
711
712       maxlen=1024;
713       rl=iobuf_read_line(buffer,&line,&buflen,&maxlen);
714
715       if(opt.with_colons)
716         {
717           if(!header && ascii_strncasecmp("SEARCH ",line,7)==0
718              && ascii_strncasecmp(" BEGIN",&line[strlen(line)-7],6)==0)
719             {
720               header=1;
721               continue;
722             }
723           else if(ascii_strncasecmp("SEARCH ",line,7)==0
724                   && ascii_strncasecmp(" END",&line[strlen(line)-5],4)==0)
725             continue;
726
727           printf("%s",line);
728         }
729
730       /* Look for an info: line.  The only current info: values
731          defined are the version and key count. */
732       if(!started && rl>0 && ascii_strncasecmp("info:",line,5)==0)
733         {
734           char *tok,*str=&line[5];
735
736           if((tok=strsep(&str,":"))!=NULL)
737             {
738               int version;
739
740               if(sscanf(tok,"%d",&version)!=1)
741                 version=1;
742
743               if(version!=1)
744                 {
745                   log_error(_("invalid keyserver protocol "
746                               "(us %d!=handler %d)\n"),1,version);
747                   break;
748                 }
749             }
750
751           if((tok=strsep(&str,":"))!=NULL && sscanf(tok,"%d",&count)==1)
752             {
753               if(count==0)
754                 goto notfound;
755               else if(count<0)
756                 count=10;
757               else
758                 validcount=1;
759
760               desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
761             }
762
763           started=1;
764           continue;
765         }
766
767       if(rl==0)
768         {
769           keyrec=parse_keyrec(NULL);
770
771           if(keyrec==NULL)
772             {
773               if(i==0)
774                 {
775                   count=0;
776                   break;
777                 }
778
779               if(i!=count)
780                 validcount=0;
781
782               for(;;)
783                 {
784                   if(show_prompt(desc,i,validcount?count:0,localstr))
785                     break;
786                   validcount=0;
787                 }
788
789               break;
790             }
791         }
792       else
793         keyrec=parse_keyrec(line);
794
795       if(i==count)
796         {
797           /* keyserver helper sent more keys than they claimed in the
798              info: line. */
799           count+=10;
800           desc=xrealloc(desc,count*sizeof(KEYDB_SEARCH_DESC));
801           validcount=0;
802         }
803
804       if(keyrec)
805         {
806           desc[i]=keyrec->desc;
807
808           if(!opt.with_colons)
809             {
810               /* screen_lines - 1 for the prompt. */
811               if(numlines+keyrec->lines>opt.screen_lines-1)
812                 {
813                   if(show_prompt(desc,i,validcount?count:0,localstr))
814                     break;
815                   else
816                     numlines=0;
817                 }
818
819               print_keyrec(i+1,keyrec);
820             }
821
822           numlines+=keyrec->lines;
823           iobuf_close(keyrec->uidbuf);
824           xfree(keyrec);
825
826           started=1;
827           i++;
828         }
829     }
830
831  notfound:
832   /* Leave this commented out or now, and perhaps for a very long
833      time.  All HKPish servers return HTML error messages for
834      no-key-found. */
835   /* 
836      if(!started)
837      log_info(_("keyserver does not support searching\n"));
838      else
839   */
840   if(count==0)
841     {
842       if(localstr)
843         log_info(_("key \"%s\" not found on keyserver\n"),localstr);
844       else
845         log_info(_("key not found on keyserver\n"));
846     }
847
848   xfree(localstr);
849   xfree(desc);
850   xfree(line);
851 }
852
853 /* We sometimes want to use a different gpgkeys_xxx for a given
854    protocol (for example, ldaps is handled by gpgkeys_ldap).  Map
855    these here. */
856 static const char *
857 keyserver_typemap(const char *type)
858 {
859   if(strcmp(type,"ldaps")==0)
860     return "ldap";
861   else
862     return type;
863 }
864
865 #ifdef GPGKEYS_CURL
866 /* The PGP LDAP and the curl fetch-a-LDAP-object methodologies are
867    sufficiently different that we can't use curl to do LDAP. */
868 static int
869 curl_cant_handle(const char *scheme,unsigned int direct_uri)
870 {
871   if(!direct_uri && (strcmp(scheme,"ldap")==0 || strcmp(scheme,"ldaps")==0))
872     return 1;
873
874   return 0;
875 }
876 #endif
877
878 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
879 #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
880
881 static int 
882 keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
883                 int count,int *prog,struct keyserver_spec *keyserver)
884 {
885   int ret=0,i,gotversion=0,outofband=0;
886   STRLIST temp;
887   unsigned int maxlen,buflen;
888   char *command,*end,*searchstr=NULL;
889   byte *line=NULL;
890   struct parse_options *kopts;
891   struct exec_info *spawn;
892   const char *scheme;
893   const char *libexecdir = get_libexecdir ();
894
895   assert(keyserver);
896
897 #ifdef EXEC_TEMPFILE_ONLY
898   opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
899 #endif
900
901   /* Build the filename for the helper to execute */
902   scheme=keyserver_typemap(keyserver->scheme);
903
904 #ifdef DISABLE_KEYSERVER_PATH
905   /* Destroy any path we might have.  This is a little tricky,
906      portability-wise.  It's not correct to delete the PATH
907      environment variable, as that may fall back to a system built-in
908      PATH.  Similarly, it is not correct to set PATH to the null
909      string (PATH="") since this actually deletes the PATH environment
910      variable under MinGW.  The safest thing to do here is to force
911      PATH to be GNUPG_LIBEXECDIR.  All this is not that meaningful on
912      Unix-like systems (since we're going to give a full path to
913      gpgkeys_foo), but on W32 it prevents loading any DLLs from
914      directories in %PATH%.
915
916      After some more thinking about this we came to the conclusion
917      that it is better to load the helpers from the directory where
918      the program of this process lives.  Fortunately Windows provides
919      a way to retrieve this and our get_libexecdir function has been
920      modified to return just this.  Setting the exec-path is not
921      anymore required.  
922        set_exec_path(libexecdir);
923  */
924 #else
925   if(opt.exec_path_set)
926     {
927       /* If exec-path was set, and DISABLE_KEYSERVER_PATH is
928          undefined, then don't specify a full path to gpgkeys_foo, so
929          that the PATH can work. */
930       command=xmalloc(GPGKEYS_PREFIX_LEN+strlen(scheme)+3+1);
931       command[0]='\0';
932     }
933   else
934 #endif
935     {
936       /* Specify a full path to gpgkeys_foo. */
937       command=xmalloc(strlen(libexecdir)+strlen(DIRSEP_S)+
938                       GPGKEYS_PREFIX_LEN+strlen(scheme)+3+1);
939       strcpy(command,libexecdir);
940       strcat(command,DIRSEP_S);
941     }
942
943   end=command+strlen(command);
944
945   strcat(command,GPGKEYS_PREFIX); 
946   strcat(command,scheme);
947
948   if(keyserver->flags.direct_uri)
949     strcat(command,"uri");
950
951 #ifdef GPGKEYS_CURL
952   if(!curl_cant_handle(scheme,keyserver->flags.direct_uri)
953      && path_access(command,X_OK)!=0)
954     strcpy(end,GPGKEYS_CURL);
955 #endif
956
957   if(opt.keyserver_options.options&KEYSERVER_USE_TEMP_FILES)
958     {
959       if(opt.keyserver_options.options&KEYSERVER_KEEP_TEMP_FILES)
960         {
961           command=xrealloc(command,strlen(command)+
962                             strlen(KEYSERVER_ARGS_KEEP)+1);
963           strcat(command,KEYSERVER_ARGS_KEEP);
964         }
965       else
966         {
967           command=xrealloc(command,strlen(command)+
968                             strlen(KEYSERVER_ARGS_NOKEEP)+1);
969           strcat(command,KEYSERVER_ARGS_NOKEEP);  
970         }
971
972       ret=exec_write(&spawn,NULL,command,NULL,0,0);
973     }
974   else
975     ret=exec_write(&spawn,command,NULL,NULL,0,0);
976
977   xfree(command);
978
979   if(ret)
980     return ret;
981
982   fprintf(spawn->tochild,
983           "# This is a GnuPG %s keyserver communications file\n",VERSION);
984   fprintf(spawn->tochild,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
985   fprintf(spawn->tochild,"PROGRAM %s\n",VERSION);
986   fprintf(spawn->tochild,"SCHEME %s\n",keyserver->scheme);
987
988   if(keyserver->opaque)
989     fprintf(spawn->tochild,"OPAQUE %s\n",keyserver->opaque);
990   else
991     {
992       if(keyserver->auth)
993         fprintf(spawn->tochild,"AUTH %s\n",keyserver->auth);
994
995       if(keyserver->host)
996         fprintf(spawn->tochild,"HOST %s\n",keyserver->host);
997
998       if(keyserver->port)
999         fprintf(spawn->tochild,"PORT %s\n",keyserver->port);
1000
1001       if(keyserver->path)
1002         fprintf(spawn->tochild,"PATH %s\n",keyserver->path);
1003     }
1004
1005   /* Write options */
1006
1007   for(i=0,kopts=keyserver_opts;kopts[i].name;i++)
1008     if(opt.keyserver_options.options & kopts[i].bit & REMOTE_TELL)
1009       fprintf(spawn->tochild,"OPTION %s\n",kopts[i].name);
1010
1011   for(temp=opt.keyserver_options.other;temp;temp=temp->next)
1012     fprintf(spawn->tochild,"OPTION %s\n",temp->d);
1013
1014   switch(action)
1015     {
1016     case KS_GET:
1017       {
1018         fprintf(spawn->tochild,"COMMAND GET\n\n");
1019
1020         /* Which keys do we want? */
1021
1022         for(i=0;i<count;i++)
1023           {
1024             int quiet=0;
1025
1026             if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20)
1027               {
1028                 int f;
1029
1030                 fprintf(spawn->tochild,"0x");
1031
1032                 for(f=0;f<MAX_FINGERPRINT_LEN;f++)
1033                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1034
1035                 fprintf(spawn->tochild,"\n");
1036               }
1037             else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16)
1038               {
1039                 int f;
1040
1041                 fprintf(spawn->tochild,"0x");
1042
1043                 for(f=0;f<16;f++)
1044                   fprintf(spawn->tochild,"%02X",desc[i].u.fpr[f]);
1045
1046                 fprintf(spawn->tochild,"\n");
1047               }
1048             else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID)
1049               fprintf(spawn->tochild,"0x%08lX%08lX\n",
1050                       (ulong)desc[i].u.kid[0],
1051                       (ulong)desc[i].u.kid[1]);
1052             else if(desc[i].mode==KEYDB_SEARCH_MODE_SHORT_KID)
1053               fprintf(spawn->tochild,"0x%08lX\n",
1054                       (ulong)desc[i].u.kid[1]);
1055             else if(desc[i].mode==KEYDB_SEARCH_MODE_EXACT)
1056               {
1057                 fprintf(spawn->tochild,"0x0000000000000000\n");
1058                 quiet=1;
1059               }
1060             else if(desc[i].mode==KEYDB_SEARCH_MODE_NONE)
1061               continue;
1062             else
1063               BUG();
1064
1065             if(!quiet)
1066               {
1067                 if(keyserver->host)
1068                   log_info(_("requesting key %s from %s server %s\n"),
1069                            keystr_from_desc(&desc[i]),
1070                            keyserver->scheme,keyserver->host);
1071                 else
1072                   log_info(_("requesting key %s from %s\n"),
1073                            keystr_from_desc(&desc[i]),keyserver->uri);
1074               }
1075           }
1076
1077         fprintf(spawn->tochild,"\n");
1078
1079         break;
1080       }
1081
1082     case KS_GETNAME:
1083       {
1084         STRLIST key;
1085
1086         fprintf(spawn->tochild,"COMMAND GETNAME\n\n");
1087
1088         /* Which names do we want? */
1089
1090         for(key=list;key!=NULL;key=key->next)
1091           fprintf(spawn->tochild,"%s\n",key->d);
1092
1093         fprintf(spawn->tochild,"\n");
1094
1095         if(keyserver->host)
1096           log_info(_("searching for names from %s server %s\n"),
1097                    keyserver->scheme,keyserver->host);
1098         else
1099           log_info(_("searching for names from %s\n"),keyserver->uri);
1100
1101         break;
1102       }
1103
1104     case KS_SEND:
1105       {
1106         STRLIST key;
1107
1108         /* Note the extra \n here to send an empty keylist block */
1109         fprintf(spawn->tochild,"COMMAND SEND\n\n\n");
1110
1111         for(key=list;key!=NULL;key=key->next)
1112           {
1113             armor_filter_context_t afx;
1114             IOBUF buffer=iobuf_temp();
1115             KBNODE block;
1116
1117             temp=NULL;
1118             add_to_strlist(&temp,key->d);
1119
1120             memset(&afx,0,sizeof(afx));
1121             afx.what=1;
1122             /* Tell the armor filter to use Unix-style \n line
1123                endings, since we're going to fprintf this to a file
1124                that (on Win32) is open in text mode.  The win32 stdio
1125                will transform the \n to \r\n and we'll end up with the
1126                proper line endings on win32.  This is a no-op on
1127                Unix. */
1128             afx.eol[0]='\n';
1129             iobuf_push_filter(buffer,armor_filter,&afx);
1130
1131             /* TODO: Remove Comment: lines from keys exported this
1132                way? */
1133
1134             if(export_pubkeys_stream(buffer,temp,&block,
1135                                      opt.keyserver_options.export_options)==-1)
1136               iobuf_close(buffer);
1137             else
1138               {
1139                 KBNODE node;
1140
1141                 iobuf_flush_temp(buffer);
1142
1143                 merge_keys_and_selfsig(block);
1144
1145                 fprintf(spawn->tochild,"INFO %08lX%08lX BEGIN\n",
1146                         (ulong)block->pkt->pkt.public_key->keyid[0],
1147                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1148
1149                 for(node=block;node;node=node->next)
1150                   {
1151                     switch(node->pkt->pkttype)
1152                       {
1153                       default:
1154                         continue;
1155
1156                       case PKT_PUBLIC_KEY:
1157                       case PKT_PUBLIC_SUBKEY:
1158                         {
1159                           PKT_public_key *pk=node->pkt->pkt.public_key;
1160
1161                           keyid_from_pk(pk,NULL);
1162
1163                           fprintf(spawn->tochild,"%sb:%08lX%08lX:%u:%u:%u:%u:",
1164                                   node->pkt->pkttype==PKT_PUBLIC_KEY?"pu":"su",
1165                                   (ulong)pk->keyid[0],(ulong)pk->keyid[1],
1166                                   pk->pubkey_algo,
1167                                   nbits_from_pk(pk),
1168                                   pk->timestamp,
1169                                   pk->expiredate);
1170
1171                           if(pk->is_revoked)
1172                             fprintf(spawn->tochild,"r");
1173                           if(pk->has_expired)
1174                             fprintf(spawn->tochild,"e");
1175
1176                           fprintf(spawn->tochild,"\n");
1177                         }
1178                         break;
1179
1180                       case PKT_USER_ID:
1181                         {
1182                           PKT_user_id *uid=node->pkt->pkt.user_id;
1183                           int r;
1184
1185                           if(uid->attrib_data)
1186                             continue;
1187
1188                           fprintf(spawn->tochild,"uid:");
1189
1190                           /* Quote ':', '%', and any 8-bit
1191                              characters */
1192                           for(r=0;r<uid->len;r++)
1193                             {
1194                               if(uid->name[r]==':' || uid->name[r]=='%'
1195                                  || uid->name[r]&0x80)
1196                                 fprintf(spawn->tochild,"%%%02X",
1197                                         (byte)uid->name[r]);
1198                               else
1199                                 fprintf(spawn->tochild,"%c",uid->name[r]);
1200                             }
1201
1202                           fprintf(spawn->tochild,":%u:%u:",
1203                                   uid->created,uid->expiredate);
1204
1205                           if(uid->is_revoked)
1206                             fprintf(spawn->tochild,"r");
1207                           if(uid->is_expired)
1208                             fprintf(spawn->tochild,"e");
1209
1210                           fprintf(spawn->tochild,"\n");
1211                         }
1212                         break;
1213
1214                         /* This bit is really for the benefit of
1215                            people who store their keys in LDAP
1216                            servers.  It makes it easy to do queries
1217                            for things like "all keys signed by
1218                            Isabella". */
1219                       case PKT_SIGNATURE:
1220                         {
1221                           PKT_signature *sig=node->pkt->pkt.signature;
1222
1223                           if(!IS_UID_SIG(sig))
1224                             continue;
1225
1226                           fprintf(spawn->tochild,"sig:%08lX%08lX:%X:%u:%u\n",
1227                                   (ulong)sig->keyid[0],(ulong)sig->keyid[1],
1228                                   sig->sig_class,sig->timestamp,
1229                                   sig->expiredate);
1230                         }
1231                         break;
1232                       }
1233                   }
1234
1235                 fprintf(spawn->tochild,"INFO %08lX%08lX END\n",
1236                         (ulong)block->pkt->pkt.public_key->keyid[0],
1237                         (ulong)block->pkt->pkt.public_key->keyid[1]);
1238
1239                 fprintf(spawn->tochild,"KEY %s BEGIN\n",key->d);
1240                 fwrite(iobuf_get_temp_buffer(buffer),
1241                        iobuf_get_temp_length(buffer),1,spawn->tochild);
1242                 fprintf(spawn->tochild,"KEY %s END\n",key->d);
1243
1244                 iobuf_close(buffer);
1245
1246                 if(keyserver->host)
1247                   log_info(_("sending key %s to %s server %s\n"),
1248                            keystr(block->pkt->pkt.public_key->keyid),
1249                            keyserver->scheme,keyserver->host);
1250                 else
1251                   log_info(_("sending key %s to %s\n"),
1252                            keystr(block->pkt->pkt.public_key->keyid),
1253                            keyserver->uri);
1254
1255                 release_kbnode(block);
1256               }
1257
1258             free_strlist(temp);
1259           }
1260
1261         break;
1262       }
1263
1264     case KS_SEARCH:
1265       {
1266         STRLIST key;
1267
1268         fprintf(spawn->tochild,"COMMAND SEARCH\n\n");
1269
1270         /* Which keys do we want?  Remember that the gpgkeys_ program
1271            is going to lump these together into a search string. */
1272
1273         for(key=list;key!=NULL;key=key->next)
1274           {
1275             fprintf(spawn->tochild,"%s\n",key->d);
1276             if(key!=list)
1277               {
1278                 searchstr=xrealloc(searchstr,
1279                                     strlen(searchstr)+strlen(key->d)+2);
1280                 strcat(searchstr," ");
1281               }
1282             else
1283               {
1284                 searchstr=xmalloc(strlen(key->d)+1);
1285                 searchstr[0]='\0';
1286               }
1287
1288             strcat(searchstr,key->d);
1289           }
1290
1291         fprintf(spawn->tochild,"\n");
1292
1293         if(keyserver->host)
1294           log_info(_("searching for \"%s\" from %s server %s\n"),
1295                    searchstr,keyserver->scheme,keyserver->host);
1296         else
1297           log_info(_("searching for \"%s\" from %s\n"),
1298                    searchstr,keyserver->uri);
1299
1300         break;
1301       }
1302
1303     default:
1304       log_fatal(_("no keyserver action!\n"));
1305       break;
1306     }
1307
1308   /* Done sending, so start reading. */
1309   ret=exec_read(spawn);
1310   if(ret)
1311     goto fail;
1312
1313   /* Now handle the response */
1314
1315   for(;;)
1316     {
1317       int plen;
1318       char *ptr;
1319
1320       maxlen=1024;
1321       if(iobuf_read_line(spawn->fromchild,&line,&buflen,&maxlen)==0)
1322         {
1323           ret=G10ERR_READ_FILE;
1324           goto fail; /* i.e. EOF */
1325         }
1326
1327       ptr=line;
1328
1329       /* remove trailing whitespace */
1330       plen=strlen(ptr);
1331       while(plen>0 && ascii_isspace(ptr[plen-1]))
1332         plen--;
1333       plen[ptr]='\0';
1334
1335       if(*ptr=='\0')
1336         break;
1337
1338       if(ascii_strncasecmp(ptr,"VERSION ",8)==0)
1339         {
1340           gotversion=1;
1341
1342           if(atoi(&ptr[8])!=KEYSERVER_PROTO_VERSION)
1343             {
1344               log_error(_("invalid keyserver protocol (us %d!=handler %d)\n"),
1345                         KEYSERVER_PROTO_VERSION,atoi(&ptr[8]));
1346               goto fail;
1347             }
1348         }
1349       else if(ascii_strncasecmp(ptr,"PROGRAM ",8)==0)
1350         {
1351           if(ascii_strncasecmp(&ptr[8],VERSION,strlen(VERSION))!=0)
1352             log_info(_("WARNING: keyserver handler from a different"
1353                        " version of GnuPG (%s)\n"),&ptr[8]);
1354         }
1355       else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0)
1356         outofband=1; /* Currently the only OPTION */
1357     }
1358
1359   if(!gotversion)
1360     {
1361       log_error(_("keyserver did not send VERSION\n"));
1362       goto fail;
1363     }
1364
1365   if(!outofband)
1366     switch(action)
1367       {
1368       case KS_GET:
1369       case KS_GETNAME:
1370         {
1371           void *stats_handle;
1372
1373           stats_handle=import_new_stats_handle();
1374
1375           /* Slurp up all the key data.  In the future, it might be
1376              nice to look for KEY foo OUTOFBAND and FAILED indicators.
1377              It's harmless to ignore them, but ignoring them does make
1378              gpg complain about "no valid OpenPGP data found".  One
1379              way to do this could be to continue parsing this
1380              line-by-line and make a temp iobuf for each key. */
1381
1382           import_keys_stream(spawn->fromchild,stats_handle,
1383                              opt.keyserver_options.import_options);
1384
1385           import_print_stats(stats_handle);
1386           import_release_stats_handle(stats_handle);
1387
1388           break;
1389         }
1390
1391         /* Nothing to do here */
1392       case KS_SEND:
1393         break;
1394
1395       case KS_SEARCH:
1396         keyserver_search_prompt(spawn->fromchild,searchstr);
1397         break;
1398
1399       default:
1400         log_fatal(_("no keyserver action!\n"));
1401         break;
1402       }
1403
1404  fail:
1405   xfree(line);
1406   xfree(searchstr);
1407
1408
1409   *prog=exec_finish(spawn);
1410
1411   return ret;
1412 }
1413
1414 static int 
1415 keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
1416                int count,struct keyserver_spec *keyserver)
1417 {
1418   int rc=0,ret=0;
1419
1420   if(!keyserver)
1421     {
1422       log_error(_("no keyserver known (use option --keyserver)\n"));
1423       return G10ERR_BAD_URI;
1424     }
1425
1426 #ifdef DISABLE_KEYSERVER_HELPERS
1427
1428   log_error(_("external keyserver calls are not supported in this build\n"));
1429   return G10ERR_KEYSERVER;
1430
1431 #else
1432   /* Spawn a handler */
1433
1434   rc=keyserver_spawn(action,list,desc,count,&ret,keyserver);
1435   if(ret)
1436     {
1437       switch(ret)
1438         {
1439         case KEYSERVER_SCHEME_NOT_FOUND:
1440           log_error(_("no handler for keyserver scheme `%s'\n"),
1441                     keyserver->scheme);
1442           break;
1443
1444         case KEYSERVER_NOT_SUPPORTED:
1445           log_error(_("action `%s' not supported with keyserver "
1446                       "scheme `%s'\n"),
1447                     action==KS_GET?"get":action==KS_SEND?"send":
1448                     action==KS_SEARCH?"search":"unknown",
1449                     keyserver->scheme);
1450           break;
1451
1452         case KEYSERVER_VERSION_ERROR:
1453           log_error(_(GPGKEYS_PREFIX "%s does not support"
1454                       " handler version %d\n"),
1455                     keyserver_typemap(keyserver->scheme),
1456                     KEYSERVER_PROTO_VERSION);
1457           break;
1458
1459         case KEYSERVER_TIMEOUT:
1460           log_error(_("keyserver timed out\n"));
1461           break;
1462
1463         case KEYSERVER_INTERNAL_ERROR:
1464         default:
1465           log_error(_("keyserver internal error\n"));
1466           break;
1467         }
1468
1469       return G10ERR_KEYSERVER;
1470     }
1471
1472   if(rc)
1473     {
1474       log_error(_("keyserver communications error: %s\n"),g10_errstr(rc));
1475
1476       return rc;
1477     }
1478
1479   return 0;
1480 #endif /* ! DISABLE_KEYSERVER_HELPERS*/
1481 }
1482
1483 int 
1484 keyserver_export(STRLIST users)
1485 {
1486   STRLIST sl=NULL;
1487   KEYDB_SEARCH_DESC desc;
1488   int rc=0;
1489
1490   /* Weed out descriptors that we don't support sending */
1491   for(;users;users=users->next)
1492     {
1493       classify_user_id (users->d, &desc);
1494       if(desc.mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1495          desc.mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1496          desc.mode!=KEYDB_SEARCH_MODE_FPR16 &&
1497          desc.mode!=KEYDB_SEARCH_MODE_FPR20)
1498         {
1499           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1500           continue;
1501         }
1502       else
1503         append_to_strlist(&sl,users->d);
1504     }
1505
1506   if(sl)
1507     {
1508       rc=keyserver_work(KS_SEND,sl,NULL,0,opt.keyserver);
1509       free_strlist(sl);
1510     }
1511
1512   return rc;
1513 }
1514
1515 int 
1516 keyserver_import(STRLIST users)
1517 {
1518   KEYDB_SEARCH_DESC *desc;
1519   int num=100,count=0;
1520   int rc=0;
1521
1522   /* Build a list of key ids */
1523   desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1524
1525   for(;users;users=users->next)
1526     {
1527       classify_user_id (users->d, &desc[count]);
1528       if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID &&
1529          desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID &&
1530          desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 &&
1531          desc[count].mode!=KEYDB_SEARCH_MODE_FPR20)
1532         {
1533           log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
1534           continue;
1535         }
1536
1537       count++;
1538       if(count==num)
1539         {
1540           num+=100;
1541           desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
1542         }
1543     }
1544
1545   if(count>0)
1546     rc=keyserver_work(KS_GET,NULL,desc,count,opt.keyserver);
1547
1548   xfree(desc);
1549
1550   return rc;
1551 }
1552
1553 int
1554 keyserver_import_fprint(const byte *fprint,size_t fprint_len,
1555                         struct keyserver_spec *keyserver)
1556 {
1557   KEYDB_SEARCH_DESC desc;
1558
1559   memset(&desc,0,sizeof(desc));
1560
1561   if(fprint_len==16)
1562     desc.mode=KEYDB_SEARCH_MODE_FPR16;
1563   else if(fprint_len==20)
1564     desc.mode=KEYDB_SEARCH_MODE_FPR20;
1565   else
1566     return -1;
1567
1568   memcpy(desc.u.fpr,fprint,fprint_len);
1569
1570   return keyserver_work(KS_GET,NULL,&desc,1,keyserver);
1571 }
1572
1573 int 
1574 keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
1575 {
1576   KEYDB_SEARCH_DESC desc;
1577
1578   memset(&desc,0,sizeof(desc));
1579
1580   desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
1581   desc.u.kid[0]=keyid[0];
1582   desc.u.kid[1]=keyid[1];
1583
1584   return keyserver_work(KS_GET,NULL,&desc,1,keyserver);
1585 }
1586
1587 /* code mostly stolen from do_export_stream */
1588 static int 
1589 keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
1590 {
1591   int rc=0,ndesc,num=100;
1592   KBNODE keyblock=NULL,node;
1593   KEYDB_HANDLE kdbhd;
1594   KEYDB_SEARCH_DESC *desc;
1595   STRLIST sl;
1596
1597   *count=0;
1598
1599   *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
1600
1601   kdbhd=keydb_new(0);
1602
1603   if(!users)
1604     {
1605       ndesc = 1;
1606       desc = xmalloc_clear ( ndesc * sizeof *desc);
1607       desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1608     }
1609   else
1610     {
1611       for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) 
1612         ;
1613       desc = xmalloc ( ndesc * sizeof *desc);
1614         
1615       for (ndesc=0, sl=users; sl; sl = sl->next)
1616         {
1617           if(classify_user_id (sl->d, desc+ndesc))
1618             ndesc++;
1619           else
1620             log_error (_("key \"%s\" not found: %s\n"),
1621                        sl->d, g10_errstr (G10ERR_INV_USER_ID));
1622         }
1623     }
1624
1625   while (!(rc = keydb_search (kdbhd, desc, ndesc)))
1626     {
1627       if (!users) 
1628         desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1629
1630       /* read the keyblock */
1631       rc = keydb_get_keyblock (kdbhd, &keyblock );
1632       if( rc )
1633         {
1634           log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
1635           goto leave;
1636         }
1637
1638       if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
1639         {
1640           /* This is to work around a bug in some keyservers (pksd and
1641              OKS) that calculate v4 RSA keyids as if they were v3 RSA.
1642              The answer is to refresh both the correct v4 keyid
1643              (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
1644              This only happens for key refresh using the HKP scheme
1645              and if the refresh-add-fake-v3-keyids keyserver option is
1646              set. */
1647           if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
1648              node->pkt->pkt.public_key->version>=4)
1649             {
1650               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1651               mpi_get_keyid(node->pkt->pkt.public_key->pkey[0],
1652                             (*klist)[*count].u.kid);
1653               (*count)++;
1654
1655               if(*count==num)
1656                 {
1657                   num+=100;
1658                   *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1659                 }
1660             }
1661
1662           /* v4 keys get full fingerprints.  v3 keys get long keyids.
1663              This is because it's easy to calculate any sort of keyid
1664              from a v4 fingerprint, but not a v3 fingerprint. */
1665
1666           if(node->pkt->pkt.public_key->version<4)
1667             {
1668               (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
1669               keyid_from_pk(node->pkt->pkt.public_key,
1670                             (*klist)[*count].u.kid);
1671             }
1672           else
1673             {
1674               size_t dummy;
1675
1676               (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
1677               fingerprint_from_pk(node->pkt->pkt.public_key,
1678                                   (*klist)[*count].u.fpr,&dummy);
1679             }
1680
1681           /* This is a little hackish, using the skipfncvalue as a
1682              void* pointer to the keyserver spec, but we don't need
1683              the skipfnc here, and it saves having an additional field
1684              for this (which would be wasted space most of the
1685              time). */
1686
1687           (*klist)[*count].skipfncvalue=NULL;
1688
1689           /* Are we honoring preferred keyservers? */
1690           if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
1691             {
1692               PKT_user_id *uid=NULL;
1693               PKT_signature *sig=NULL;
1694
1695               merge_keys_and_selfsig(keyblock);
1696
1697               for(node=node->next;node;node=node->next)
1698                 {
1699                   if(node->pkt->pkttype==PKT_USER_ID
1700                      && node->pkt->pkt.user_id->is_primary)
1701                     uid=node->pkt->pkt.user_id;
1702                   else if(node->pkt->pkttype==PKT_SIGNATURE
1703                           && node->pkt->pkt.signature->
1704                           flags.chosen_selfsig && uid)
1705                     {
1706                       sig=node->pkt->pkt.signature;
1707                       break;
1708                     }
1709                 }
1710
1711               /* Try and parse the keyserver URL.  If it doesn't work,
1712                  then we end up writing NULL which indicates we are
1713                  the same as any other key. */
1714               if(uid && sig)
1715                 (*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
1716             }
1717
1718           (*count)++;
1719
1720           if(*count==num)
1721             {
1722               num+=100;
1723               *klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
1724             }
1725         }
1726     }
1727
1728   if(rc==-1)
1729     rc=0;
1730   
1731  leave:
1732   if(rc)
1733     xfree(*klist);
1734   xfree(desc);
1735   keydb_release(kdbhd);
1736   release_kbnode(keyblock);
1737
1738   return rc;
1739 }
1740
1741 /* Note this is different than the original HKP refresh.  It allows
1742    usernames to refresh only part of the keyring. */
1743
1744 int
1745 keyserver_refresh(STRLIST users)
1746 {
1747   int rc,count,numdesc,fakev3=0;
1748   KEYDB_SEARCH_DESC *desc;
1749   unsigned int options=opt.keyserver_options.import_options;
1750
1751   /* We switch merge-only on during a refresh, as 'refresh' should
1752      never import new keys, even if their keyids match. */
1753   opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
1754
1755   /* Similarly, we switch on fast-import, since refresh may make
1756      multiple import sets (due to preferred keyserver URLs).  We don't
1757      want each set to rebuild the trustdb.  Instead we do it once at
1758      the end here. */
1759   opt.keyserver_options.import_options|=IMPORT_FAST;
1760
1761   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
1762      scheme, then enable fake v3 keyid generation. */
1763   if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
1764      && (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
1765          ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
1766     fakev3=1;
1767
1768   rc=keyidlist(users,&desc,&numdesc,fakev3);
1769   if(rc)
1770     return rc;
1771
1772   count=numdesc;
1773   if(count>0)
1774     {
1775       int i;
1776
1777       /* Try to handle preferred keyserver keys first */
1778       for(i=0;i<count;i++)
1779         {
1780           if(desc[i].skipfncvalue)
1781             {
1782               struct keyserver_spec *keyserver=desc[i].skipfncvalue;
1783
1784               /* We use the keyserver structure we parsed out before.
1785                  Note that a preferred keyserver without a scheme://
1786                  will be interpreted as hkp:// */
1787
1788               rc=keyserver_work(KS_GET,NULL,&desc[i],1,keyserver);
1789               if(rc)
1790                 log_info(_("WARNING: unable to refresh key %s"
1791                            " via %s: %s\n"),keystr_from_desc(&desc[i]),
1792                          keyserver->uri,g10_errstr(rc));
1793               else
1794                 {
1795                   /* We got it, so mark it as NONE so we don't try and
1796                      get it again from the regular keyserver. */
1797
1798                   desc[i].mode=KEYDB_SEARCH_MODE_NONE;
1799                   count--;
1800                 }
1801
1802               free_keyserver_spec(keyserver);
1803             }
1804         }
1805     }
1806
1807   if(count>0)
1808     {
1809       if(opt.keyserver)
1810         {
1811           if(count==1)
1812             log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
1813           else
1814             log_info(_("refreshing %d keys from %s\n"),
1815                      count,opt.keyserver->uri);
1816         }
1817
1818       rc=keyserver_work(KS_GET,NULL,desc,numdesc,opt.keyserver);
1819     }
1820
1821   xfree(desc);
1822
1823   opt.keyserver_options.import_options=options;
1824
1825   /* If the original options didn't have fast import, and the trustdb
1826      is dirty, rebuild. */
1827   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1828     trustdb_check_or_update();
1829
1830   return rc;
1831 }
1832
1833 int
1834 keyserver_search(STRLIST tokens)
1835 {
1836   if(tokens)
1837     return keyserver_work(KS_SEARCH,tokens,NULL,0,opt.keyserver);
1838   else
1839     return 0;
1840 }
1841
1842 int
1843 keyserver_fetch(STRLIST urilist)
1844 {
1845   KEYDB_SEARCH_DESC desc;
1846   STRLIST sl;
1847   unsigned int options=opt.keyserver_options.import_options;
1848
1849   /* Switch on fast-import, since fetch can handle more than one
1850      import and we don't want each set to rebuild the trustdb.
1851      Instead we do it once at the end. */
1852   opt.keyserver_options.import_options|=IMPORT_FAST;
1853
1854   /* A dummy desc since we're not actually fetching a particular key
1855      ID */
1856   memset(&desc,0,sizeof(desc));
1857   desc.mode=KEYDB_SEARCH_MODE_EXACT;
1858
1859   for(sl=urilist;sl;sl=sl->next)
1860     {
1861       struct keyserver_spec *spec;
1862
1863       spec=parse_keyserver_uri(sl->d,1,NULL,0);
1864       if(spec)
1865         {
1866           int rc;
1867
1868           /*
1869             Set the direct_uri flag so we know later to call a direct
1870             handler instead of the keyserver style.  This lets us use
1871             gpgkeys_curl or gpgkeys_ldapuri instead of gpgkeys_ldap to
1872             fetch things like
1873             ldap://keyserver.pgp.com/o=PGP%20keys?pgpkey?sub?pgpkeyid=99242560
1874           */
1875           spec->flags.direct_uri=1;
1876
1877           rc=keyserver_work(KS_GET,NULL,&desc,1,spec);
1878           if(rc)
1879             log_info (_("WARNING: unable to fetch URI %s: %s\n"),
1880                      sl->d,g10_errstr(rc));
1881
1882           free_keyserver_spec(spec);
1883         }
1884       else
1885         log_info (_("WARNING: unable to parse URI %s\n"),sl->d);
1886     }
1887
1888   opt.keyserver_options.import_options=options;
1889
1890   /* If the original options didn't have fast import, and the trustdb
1891      is dirty, rebuild. */
1892   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
1893     trustdb_check_or_update();
1894
1895   return 0;
1896 }
1897
1898 int
1899 keyserver_getname(const char *name)
1900 {
1901   STRLIST list=NULL;
1902   int rc;
1903
1904   append_to_strlist(&list,name);
1905
1906   rc=keyserver_work(KS_GETNAME,list,NULL,0,opt.keyserver);
1907
1908   free_strlist(list);
1909
1910   return rc;
1911 }