2003-06-05 09:14:21 +02:00
|
|
|
/* keyserver.c - generic keyserver code
|
2009-05-11 05:56:34 +02:00
|
|
|
* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
|
2012-11-29 18:00:46 +01:00
|
|
|
* 2009, 2011, 2012 Free Software Foundation, Inc.
|
2014-03-17 15:39:33 +01:00
|
|
|
* Copyright (C) 2014 Werner Koch
|
2003-06-05 09:14:21 +02:00
|
|
|
*
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
*
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 21:49:40 +02:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-06-05 09:14:21 +02:00
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2003-06-05 09:14:21 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <ctype.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdlib.h>
|
2006-04-28 16:31:29 +02:00
|
|
|
#include <errno.h>
|
2003-06-18 21:56:13 +02:00
|
|
|
|
|
|
|
#include "gpg.h"
|
2017-03-07 12:21:23 +01:00
|
|
|
#include "../common/iobuf.h"
|
2003-06-05 09:14:21 +02:00
|
|
|
#include "filter.h"
|
|
|
|
#include "keydb.h"
|
2017-03-07 12:21:23 +01:00
|
|
|
#include "../common/status.h"
|
2003-06-05 09:14:21 +02:00
|
|
|
#include "main.h"
|
2017-03-07 12:21:23 +01:00
|
|
|
#include "../common/i18n.h"
|
|
|
|
#include "../common/ttyio.h"
|
2003-06-05 09:14:21 +02:00
|
|
|
#include "options.h"
|
|
|
|
#include "packet.h"
|
2006-04-19 13:26:11 +02:00
|
|
|
#include "trustdb.h"
|
2003-06-05 09:14:21 +02:00
|
|
|
#include "keyserver-internal.h"
|
2017-03-07 12:21:23 +01:00
|
|
|
#include "../common/util.h"
|
|
|
|
#include "../common/membuf.h"
|
|
|
|
#include "../common/mbox-util.h"
|
2011-01-18 12:51:16 +01:00
|
|
|
#include "call-dirmngr.h"
|
2009-12-08 17:30:33 +01:00
|
|
|
|
2007-03-14 14:26:18 +01:00
|
|
|
#ifdef HAVE_W32_SYSTEM
|
|
|
|
/* It seems Vista doesn't grok X_OK and so fails access() tests.
|
|
|
|
Previous versions interpreted X_OK as F_OK anyway, so we'll just
|
|
|
|
use F_OK directly. */
|
|
|
|
#undef X_OK
|
|
|
|
#define X_OK F_OK
|
|
|
|
#endif /* HAVE_W32_SYSTEM */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
struct keyrec
|
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
2006-04-19 13:26:11 +02:00
|
|
|
u32 createtime,expiretime;
|
2003-06-05 09:14:21 +02:00
|
|
|
int size,flags;
|
|
|
|
byte type;
|
2006-04-19 13:26:11 +02:00
|
|
|
IOBUF uidbuf;
|
|
|
|
unsigned int lines;
|
2003-06-05 09:14:21 +02:00
|
|
|
};
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Parameters for the search line handler. */
|
|
|
|
struct search_line_handler_parm_s
|
|
|
|
{
|
|
|
|
ctrl_t ctrl; /* The session control structure. */
|
|
|
|
char *searchstr_disp; /* Native encoded search string or NULL. */
|
|
|
|
KEYDB_SEARCH_DESC *desc; /* Array with search descriptions. */
|
|
|
|
int count; /* Number of keys we are currently prepared to
|
|
|
|
handle. This is the size of the DESC array. If
|
|
|
|
it is too small, it will grow safely. */
|
|
|
|
int validcount; /* Enable the "Key x-y of z" messages. */
|
|
|
|
int nkeys; /* Number of processed records. */
|
|
|
|
int any_lines; /* At least one line has been processed. */
|
|
|
|
unsigned int numlines; /* Counter for displayed lines. */
|
|
|
|
int eof_seen; /* EOF encountered. */
|
|
|
|
int not_found; /* Set if no keys have been found. */
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
|
|
|
|
|
|
|
|
static struct parse_options keyserver_opts[]=
|
|
|
|
{
|
|
|
|
/* some of these options are not real - just for the help
|
|
|
|
message */
|
2015-04-21 10:15:04 +02:00
|
|
|
{"max-cert-size",0,NULL,NULL}, /* MUST be the first in this array! */
|
2015-04-21 19:29:53 +02:00
|
|
|
{"http-proxy", KEYSERVER_HTTP_PROXY, NULL, /* MUST be the second! */
|
|
|
|
N_("override proxy options set for dirmngr")},
|
2015-04-21 10:15:04 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
{"include-revoked",0,NULL,N_("include revoked keys in search results")},
|
|
|
|
{"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
|
2015-04-21 10:15:04 +02:00
|
|
|
{"timeout", KEYSERVER_TIMEOUT, NULL,
|
|
|
|
N_("override timeout options set for dirmngr")},
|
2006-04-19 13:26:11 +02:00
|
|
|
{"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
|
|
|
|
NULL},
|
|
|
|
{"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
|
|
|
|
N_("automatically retrieve keys when verifying signatures")},
|
|
|
|
{"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
|
|
|
|
N_("honor the preferred keyserver URL set on the key")},
|
|
|
|
{NULL,0,NULL,NULL}
|
|
|
|
};
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
static gpg_error_t keyserver_get (ctrl_t ctrl,
|
|
|
|
KEYDB_SEARCH_DESC *desc, int ndesc,
|
2015-04-21 15:36:30 +02:00
|
|
|
struct keyserver_spec *override_keyserver,
|
2021-04-16 20:21:23 +02:00
|
|
|
unsigned int flags,
|
2014-03-17 15:39:33 +01:00
|
|
|
unsigned char **r_fpr, size_t *r_fprlen);
|
2016-01-21 11:49:27 +01:00
|
|
|
static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2011-11-28 18:18:12 +01:00
|
|
|
/* Reasonable guess. The commonly used test key simon.josefsson.org
|
|
|
|
is larger than 32k, thus we need at least this value. */
|
|
|
|
#define DEFAULT_MAX_CERT_SIZE 65536
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
|
|
|
|
|
2015-04-21 19:29:53 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
static void
|
2015-04-21 19:29:53 +02:00
|
|
|
warn_kshelper_option(char *option, int noisy)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2014-12-08 15:14:35 +01:00
|
|
|
char *p;
|
|
|
|
|
|
|
|
if ((p=strchr (option, '=')))
|
|
|
|
*p = 0;
|
|
|
|
|
|
|
|
if (!strcmp (option, "ca-cert-file"))
|
|
|
|
log_info ("keyserver option '%s' is obsolete; please use "
|
|
|
|
"'%s' in dirmngr.conf\n",
|
|
|
|
"ca-cert-file", "hkp-cacert");
|
|
|
|
else if (!strcmp (option, "check-cert")
|
|
|
|
|| !strcmp (option, "broken-http-proxy"))
|
|
|
|
log_info ("keyserver option '%s' is obsolete\n", option);
|
2015-04-21 19:29:53 +02:00
|
|
|
else if (noisy || opt.verbose)
|
|
|
|
log_info ("keyserver option '%s' is unknown\n", option);
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2014-12-08 15:14:35 +01:00
|
|
|
|
2015-04-21 19:29:53 +02:00
|
|
|
/* Called from main to parse the args for --keyserver-options. */
|
2006-04-19 13:26:11 +02:00
|
|
|
int
|
2003-06-05 09:14:21 +02:00
|
|
|
parse_keyserver_options(char *options)
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
int ret=1;
|
2003-06-05 09:14:21 +02:00
|
|
|
char *tok;
|
2006-04-19 13:26:11 +02:00
|
|
|
char *max_cert=NULL;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
keyserver_opts[0].value=&max_cert;
|
2015-04-21 19:29:53 +02:00
|
|
|
keyserver_opts[1].value=&opt.keyserver_options.http_proxy;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
while((tok=optsep(&options)))
|
|
|
|
{
|
2003-06-05 09:14:21 +02:00
|
|
|
if(tok[0]=='\0')
|
|
|
|
continue;
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
/* We accept quite a few possible options here - some options to
|
|
|
|
handle specially, the keyserver_options list, and import and
|
2015-04-21 10:15:04 +02:00
|
|
|
export options that pertain to keyserver operations. */
|
|
|
|
|
|
|
|
if (!parse_options (tok,&opt.keyserver_options.options, keyserver_opts,0)
|
|
|
|
&& !parse_import_options(tok,&opt.keyserver_options.import_options,0)
|
|
|
|
&& !parse_export_options(tok,&opt.keyserver_options.export_options,0))
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
2014-12-08 15:14:35 +01:00
|
|
|
/* All of the standard options have failed, so the option was
|
|
|
|
destined for a keyserver plugin as used by GnuPG < 2.1 */
|
2015-04-21 19:29:53 +02:00
|
|
|
warn_kshelper_option (tok, 1);
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
if(max_cert)
|
|
|
|
{
|
|
|
|
max_cert_size=strtoul(max_cert,(char **)NULL,10);
|
|
|
|
|
|
|
|
if(max_cert_size==0)
|
|
|
|
max_cert_size=DEFAULT_MAX_CERT_SIZE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2015-04-21 10:15:04 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
void
|
|
|
|
free_keyserver_spec(struct keyserver_spec *keyserver)
|
|
|
|
{
|
|
|
|
xfree(keyserver->uri);
|
|
|
|
xfree(keyserver);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return 0 for match */
|
|
|
|
static int
|
2021-05-26 14:28:26 +02:00
|
|
|
cmp_keyserver_spec(struct keyserver_spec *one, struct keyserver_spec *two)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
2021-05-26 14:28:26 +02:00
|
|
|
return !!ascii_strcasecmp(one->uri, two->uri);
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
|
|
|
|
2021-05-26 14:28:26 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
/* Try and match one of our keyservers. If we can, return that. If
|
|
|
|
we can't, return our input. */
|
|
|
|
struct keyserver_spec *
|
|
|
|
keyserver_match(struct keyserver_spec *spec)
|
|
|
|
{
|
|
|
|
struct keyserver_spec *ks;
|
|
|
|
|
|
|
|
for(ks=opt.keyserver;ks;ks=ks->next)
|
|
|
|
if(cmp_keyserver_spec(spec,ks)==0)
|
|
|
|
return ks;
|
|
|
|
|
|
|
|
return spec;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-05-26 14:28:26 +02:00
|
|
|
/* Create a new keyserver object from STRING. Unless REQUIRE_SCHEME
|
|
|
|
* is set a missing scheme is replaced by "hkp://". The data structure
|
|
|
|
* could be much easier but in the past we parsed the URI here for the
|
|
|
|
* old 2.0 keyserver helpers - which is not anymore needed. */
|
2011-01-10 14:30:17 +01:00
|
|
|
keyserver_spec_t
|
2021-05-26 14:28:26 +02:00
|
|
|
parse_keyserver_uri (const char *string, int require_scheme)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
struct keyserver_spec *keyserver;
|
|
|
|
const char *idx;
|
|
|
|
int count;
|
|
|
|
|
2016-04-29 11:05:24 +02:00
|
|
|
log_assert (string);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2021-05-26 14:28:26 +02:00
|
|
|
keyserver = xcalloc (1, sizeof *keyserver);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
/* Get the scheme */
|
2021-05-26 14:28:26 +02:00
|
|
|
for(idx=string, count=0; *idx && *idx!=':';idx++)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
|
|
|
count++;
|
|
|
|
|
|
|
|
/* Do we see the start of an RFC-2732 ipv6 address here? If so,
|
|
|
|
there clearly isn't a scheme so get out early. */
|
|
|
|
if(*idx=='[')
|
|
|
|
{
|
|
|
|
/* Was the '[' the first thing in the string? If not, we
|
|
|
|
have a mangled scheme with a [ in it so fail. */
|
|
|
|
if(count==1)
|
|
|
|
break;
|
|
|
|
else
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(count==0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if(*idx=='\0' || *idx=='[')
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
if(require_scheme)
|
2021-05-20 10:13:51 +02:00
|
|
|
goto fail;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
/* Assume HKP if there is no scheme */
|
2021-05-26 14:28:26 +02:00
|
|
|
keyserver->uri = xstrconcat ("hkp://", string, NULL);
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2021-05-26 14:28:26 +02:00
|
|
|
keyserver->uri = xstrdup (string);
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
return keyserver;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
fail:
|
|
|
|
free_keyserver_spec(keyserver);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2021-05-26 14:28:26 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
struct keyserver_spec *
|
|
|
|
parse_preferred_keyserver(PKT_signature *sig)
|
|
|
|
{
|
|
|
|
struct keyserver_spec *spec=NULL;
|
|
|
|
const byte *p;
|
|
|
|
size_t plen;
|
|
|
|
|
2019-09-05 20:36:38 +02:00
|
|
|
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen);
|
2006-04-19 13:26:11 +02:00
|
|
|
if(p && plen)
|
|
|
|
{
|
|
|
|
byte *dupe=xmalloc(plen+1);
|
|
|
|
|
|
|
|
memcpy(dupe,p,plen);
|
|
|
|
dupe[plen]='\0';
|
2015-01-05 15:07:23 +01:00
|
|
|
spec = parse_keyserver_uri (dupe, 1);
|
2006-04-19 13:26:11 +02:00
|
|
|
xfree(dupe);
|
|
|
|
}
|
|
|
|
|
|
|
|
return spec;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2017-03-31 20:03:52 +02:00
|
|
|
print_keyrec (ctrl_t ctrl, int number,struct keyrec *keyrec)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
|
|
|
|
|
|
|
iobuf_writebyte(keyrec->uidbuf,0);
|
|
|
|
iobuf_flush_temp(keyrec->uidbuf);
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("(%d)\t%s ", number, iobuf_get_temp_buffer (keyrec->uidbuf));
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-02-09 19:46:00 +01:00
|
|
|
if (keyrec->size>0)
|
|
|
|
es_printf ("%d bit ", keyrec->size);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
if(keyrec->type)
|
|
|
|
{
|
2012-11-27 16:51:09 +01:00
|
|
|
const char *str;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
str = openpgp_pk_algo_name (keyrec->type);
|
2012-11-27 16:51:09 +01:00
|
|
|
|
|
|
|
if (str && strcmp (str, "?"))
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("%s ",str);
|
2003-06-05 09:14:21 +02:00
|
|
|
else
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("unknown ");
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
switch(keyrec->desc.mode)
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
/* If the keyserver helper gave us a short keyid, we have no
|
|
|
|
choice but to use it. Do check --keyid-format to add a 0x if
|
|
|
|
needed. */
|
2003-06-05 09:14:21 +02:00
|
|
|
case KEYDB_SEARCH_MODE_SHORT_KID:
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("key %s%08lX",
|
|
|
|
(opt.keyid_format==KF_0xSHORT
|
|
|
|
|| opt.keyid_format==KF_0xLONG)?"0x":"",
|
|
|
|
(ulong)keyrec->desc.u.kid[1]);
|
2003-06-05 09:14:21 +02:00
|
|
|
break;
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
/* However, if it gave us a long keyid, we can honor
|
2012-11-29 18:00:46 +01:00
|
|
|
--keyid-format via keystr(). */
|
2003-06-05 09:14:21 +02:00
|
|
|
case KEYDB_SEARCH_MODE_LONG_KID:
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("key %s",keystr(keyrec->desc.u.kid));
|
2003-06-05 09:14:21 +02:00
|
|
|
break;
|
|
|
|
|
2019-03-14 08:54:59 +01:00
|
|
|
case KEYDB_SEARCH_MODE_FPR:
|
|
|
|
{
|
|
|
|
u32 kid[2];
|
|
|
|
keyid_from_fingerprint (ctrl, keyrec->desc.u.fpr, keyrec->desc.fprlen,
|
|
|
|
kid);
|
|
|
|
es_printf("key %s",keystr(kid));
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
default:
|
|
|
|
BUG();
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(keyrec->createtime>0)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf (", ");
|
|
|
|
es_printf (_("created: %s"), strtimestamp(keyrec->createtime));
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
if(keyrec->expiretime>0)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf (", ");
|
|
|
|
es_printf (_("expires: %s"), strtimestamp(keyrec->expiretime));
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-02-09 19:46:00 +01:00
|
|
|
if (keyrec->flags&1)
|
|
|
|
es_printf (" (%s)", _("revoked"));
|
2003-06-05 09:14:21 +02:00
|
|
|
if(keyrec->flags&2)
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf (" (%s)", _("disabled"));
|
2003-06-05 09:14:21 +02:00
|
|
|
if(keyrec->flags&4)
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf (" (%s)", _("expired"));
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("\n");
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Returns a keyrec (which must be freed) once a key is complete, and
|
|
|
|
NULL otherwise. Call with a NULL keystring once key parsing is
|
|
|
|
complete to return any unfinished keys. */
|
|
|
|
static struct keyrec *
|
|
|
|
parse_keyrec(char *keystring)
|
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
/* FIXME: Remove the static and put the data into the parms we use
|
|
|
|
for the caller anyway. */
|
2003-06-05 09:14:21 +02:00
|
|
|
static struct keyrec *work=NULL;
|
|
|
|
struct keyrec *ret=NULL;
|
|
|
|
char *record;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if(keystring==NULL)
|
|
|
|
{
|
|
|
|
if(work==NULL)
|
|
|
|
return NULL;
|
|
|
|
else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
xfree(work);
|
2003-06-05 09:14:21 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ret=work;
|
|
|
|
work=NULL;
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(work==NULL)
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
work=xmalloc_clear(sizeof(struct keyrec));
|
2003-06-05 09:14:21 +02:00
|
|
|
work->uidbuf=iobuf_temp();
|
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
trim_trailing_ws (keystring, strlen (keystring));
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
if((record=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
if(ascii_strcasecmp("pub",record)==0)
|
|
|
|
{
|
|
|
|
char *tok;
|
2009-12-08 17:30:33 +01:00
|
|
|
gpg_error_t err;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
if(work->desc.mode)
|
|
|
|
{
|
|
|
|
ret=work;
|
2006-04-19 13:26:11 +02:00
|
|
|
work=xmalloc_clear(sizeof(struct keyrec));
|
2003-06-05 09:14:21 +02:00
|
|
|
work->uidbuf=iobuf_temp();
|
|
|
|
}
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
2011-04-25 23:56:47 +02:00
|
|
|
err = classify_user_id (tok, &work->desc, 1);
|
2009-12-08 17:30:33 +01:00
|
|
|
if (err || (work->desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
|
|
|
|
&& work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID
|
2019-03-14 08:54:59 +01:00
|
|
|
&& work->desc.mode != KEYDB_SEARCH_MODE_FPR))
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
|
|
|
work->desc.mode=KEYDB_SEARCH_MODE_NONE;
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Note all items after this are optional. This allows us to
|
|
|
|
have a pub line as simple as pub:keyid and nothing else. */
|
|
|
|
|
|
|
|
work->lines++;
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
work->type=atoi(tok);
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
work->size=atoi(tok);
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
if(atoi(tok)<=0)
|
|
|
|
work->createtime=0;
|
|
|
|
else
|
|
|
|
work->createtime=atoi(tok);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
if(atoi(tok)<=0)
|
|
|
|
work->expiretime=0;
|
|
|
|
else
|
|
|
|
{
|
|
|
|
work->expiretime=atoi(tok);
|
|
|
|
/* Force the 'e' flag on if this key is expired. */
|
|
|
|
if(work->expiretime<=make_timestamp())
|
|
|
|
work->flags|=4;
|
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
while(*tok)
|
|
|
|
switch(*tok++)
|
|
|
|
{
|
|
|
|
case 'r':
|
|
|
|
case 'R':
|
|
|
|
work->flags|=1;
|
|
|
|
break;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
case 'd':
|
|
|
|
case 'D':
|
|
|
|
work->flags|=2;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'e':
|
|
|
|
case 'E':
|
|
|
|
work->flags|=4;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
|
|
|
|
{
|
|
|
|
char *userid,*tok,*decoded;
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
if(strlen(tok)==0)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
userid=tok;
|
|
|
|
|
|
|
|
/* By definition, de-%-encoding is always smaller than the
|
|
|
|
original string so we can decode in place. */
|
|
|
|
|
|
|
|
i=0;
|
|
|
|
|
|
|
|
while(*tok)
|
|
|
|
if(tok[0]=='%' && tok[1] && tok[2])
|
|
|
|
{
|
2008-03-25 20:41:11 +01:00
|
|
|
int c;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2008-03-25 20:41:11 +01:00
|
|
|
userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
|
2003-06-05 09:14:21 +02:00
|
|
|
i++;
|
|
|
|
tok+=3;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
userid[i++]=*tok++;
|
|
|
|
|
|
|
|
/* We don't care about the other info provided in the uid: line
|
|
|
|
since no keyserver supports marking userids with timestamps
|
|
|
|
or revoked/expired/disabled yet. */
|
|
|
|
|
|
|
|
/* No need to check for control characters, as utf8_to_native
|
|
|
|
does this for us. */
|
|
|
|
|
|
|
|
decoded=utf8_to_native(userid,i,0);
|
2006-04-19 13:26:11 +02:00
|
|
|
if(strlen(decoded)>opt.screen_columns-10)
|
|
|
|
decoded[opt.screen_columns-10]='\0';
|
2003-06-05 09:14:21 +02:00
|
|
|
iobuf_writestr(work->uidbuf,decoded);
|
2006-04-19 13:26:11 +02:00
|
|
|
xfree(decoded);
|
2003-06-05 09:14:21 +02:00
|
|
|
iobuf_writestr(work->uidbuf,"\n\t");
|
|
|
|
work->lines++;
|
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
/* Ignore any records other than "pri" and "uid" for easy future
|
|
|
|
growth. */
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Show a prompt and allow the user to select keys for retrieval. */
|
|
|
|
static gpg_error_t
|
|
|
|
show_prompt (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int numdesc,
|
|
|
|
int count, const char *search)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
gpg_error_t err;
|
|
|
|
char *answer = NULL;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-02-09 19:46:00 +01:00
|
|
|
es_fflush (es_stdout);
|
2008-12-09 11:46:29 +01:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (count && opt.command_fd == -1)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
static int from = 1;
|
|
|
|
tty_printf ("Keys %d-%d of %d for \"%s\". ",
|
|
|
|
from, numdesc, count, search);
|
|
|
|
from = numdesc + 1;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
again:
|
|
|
|
err = 0;
|
|
|
|
xfree (answer);
|
|
|
|
answer = cpr_get_no_help ("keysearch.prompt",
|
|
|
|
_("Enter number(s), N)ext, or Q)uit > "));
|
2003-06-05 09:14:21 +02:00
|
|
|
/* control-d */
|
2011-01-18 12:51:16 +01:00
|
|
|
if (answer[0]=='\x04')
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
tty_printf ("Q\n");
|
|
|
|
answer[0] = 'q';
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (answer[0]=='q' || answer[0]=='Q')
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
else if (atoi (answer) >= 1 && atoi (answer) <= numdesc)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
char *split = answer;
|
|
|
|
char *num;
|
|
|
|
int numarray[50];
|
|
|
|
int numidx = 0;
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
while ((num = strsep (&split, " ,")))
|
|
|
|
if (atoi (num) >= 1 && atoi (num) <= numdesc)
|
|
|
|
{
|
|
|
|
if (numidx >= DIM (numarray))
|
|
|
|
{
|
|
|
|
tty_printf ("Too many keys selected\n");
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
numarray[numidx++] = atoi (num);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!numidx)
|
|
|
|
goto again;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC *selarray;
|
|
|
|
|
|
|
|
selarray = xtrymalloc (numidx * sizeof *selarray);
|
|
|
|
if (!selarray)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
for (idx = 0; idx < numidx; idx++)
|
|
|
|
selarray[idx] = desc[numarray[idx]-1];
|
2016-10-27 08:44:19 +02:00
|
|
|
err = keyserver_get (ctrl, selarray, numidx, NULL, 0, NULL, NULL);
|
2011-01-18 12:51:16 +01:00
|
|
|
xfree (selarray);
|
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
leave:
|
|
|
|
xfree (answer);
|
|
|
|
return err;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* This is a callback used by call-dirmngr.c to process the result of
|
2014-03-14 16:12:54 +01:00
|
|
|
KS_SEARCH command. If SPECIAL is 0, LINE is the actual data line
|
|
|
|
received with all escaping removed and guaranteed to be exactly one
|
|
|
|
line with stripped LF; an EOF is indicated by LINE passed as NULL.
|
2014-08-12 10:36:30 +02:00
|
|
|
If special is 1, the line contains the source of the information
|
2014-03-14 16:12:54 +01:00
|
|
|
(usually an URL). LINE may be modified after return. */
|
2011-01-18 12:51:16 +01:00
|
|
|
static gpg_error_t
|
2014-03-14 16:12:54 +01:00
|
|
|
search_line_handler (void *opaque, int special, char *line)
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
|
|
|
struct search_line_handler_parm_s *parm = opaque;
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
struct keyrec *keyrec;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2014-03-14 16:12:54 +01:00
|
|
|
if (special == 1)
|
|
|
|
{
|
|
|
|
log_info ("data source: %s\n", line);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else if (special)
|
|
|
|
{
|
|
|
|
log_debug ("unknown value %d for special search callback", special);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (parm->eof_seen && line)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
log_debug ("ooops: unexpected data after EOF\n");
|
|
|
|
line = NULL;
|
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Print the received line. */
|
|
|
|
if (opt.with_colons && line)
|
|
|
|
{
|
2014-08-12 10:36:30 +02:00
|
|
|
es_printf ("%s\n", line);
|
2011-01-18 12:51:16 +01:00
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Look for an info: line. The only current info: values defined
|
|
|
|
are the version and key count. */
|
|
|
|
if (line && !parm->any_lines && !ascii_strncasecmp ("info:", line, 5))
|
|
|
|
{
|
|
|
|
char *str = line + 5;
|
|
|
|
char *tok;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if ((tok = strsep (&str, ":")))
|
|
|
|
{
|
|
|
|
int version;
|
|
|
|
|
|
|
|
if (sscanf (tok, "%d", &version) !=1 )
|
|
|
|
version = 1;
|
|
|
|
|
|
|
|
if (version !=1 )
|
|
|
|
{
|
|
|
|
log_error (_("invalid keyserver protocol "
|
|
|
|
"(us %d!=handler %d)\n"), 1, version);
|
|
|
|
return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((tok = strsep (&str, ":"))
|
|
|
|
&& sscanf (tok, "%d", &parm->count) == 1)
|
|
|
|
{
|
|
|
|
if (!parm->count)
|
|
|
|
parm->not_found = 1;/* Server indicated that no items follow. */
|
|
|
|
else if (parm->count < 0)
|
|
|
|
parm->count = 10; /* Bad value - assume something reasonable. */
|
|
|
|
else
|
|
|
|
parm->validcount = 1; /* COUNT seems to be okay. */
|
|
|
|
}
|
|
|
|
|
|
|
|
parm->any_lines = 1;
|
|
|
|
return 0; /* Line processing finished. */
|
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
again:
|
|
|
|
if (line)
|
|
|
|
keyrec = parse_keyrec (line);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Received EOF - flush data */
|
|
|
|
parm->eof_seen = 1;
|
|
|
|
keyrec = parse_keyrec (NULL);
|
|
|
|
if (!keyrec)
|
|
|
|
{
|
|
|
|
if (!parm->nkeys)
|
|
|
|
parm->not_found = 1; /* No keys at all. */
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if (parm->nkeys != parm->count)
|
|
|
|
parm->validcount = 0;
|
|
|
|
|
|
|
|
if (!(opt.with_colons && opt.batch))
|
|
|
|
{
|
|
|
|
err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
|
|
|
|
parm->validcount? parm->count : 0,
|
|
|
|
parm->searchstr_disp);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Save the key in the key array. */
|
|
|
|
if (keyrec)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Allocate or enlarge the key array if needed. */
|
|
|
|
if (!parm->desc)
|
|
|
|
{
|
|
|
|
if (parm->count < 1)
|
|
|
|
{
|
|
|
|
parm->count = 10;
|
|
|
|
parm->validcount = 0;
|
|
|
|
}
|
|
|
|
parm->desc = xtrymalloc (parm->count * sizeof *parm->desc);
|
|
|
|
if (!parm->desc)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
iobuf_close (keyrec->uidbuf);
|
|
|
|
xfree (keyrec);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (parm->nkeys == parm->count)
|
|
|
|
{
|
|
|
|
/* Keyserver sent more keys than claimed in the info: line. */
|
|
|
|
KEYDB_SEARCH_DESC *tmp;
|
|
|
|
int newcount = parm->count + 10;
|
|
|
|
|
|
|
|
tmp = xtryrealloc (parm->desc, newcount * sizeof *parm->desc);
|
|
|
|
if (!tmp)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
iobuf_close (keyrec->uidbuf);
|
|
|
|
xfree (keyrec);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
parm->count = newcount;
|
|
|
|
parm->desc = tmp;
|
|
|
|
parm->validcount = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
parm->desc[parm->nkeys] = keyrec->desc;
|
|
|
|
|
|
|
|
if (!opt.with_colons)
|
|
|
|
{
|
|
|
|
/* SCREEN_LINES - 1 for the prompt. */
|
|
|
|
if (parm->numlines + keyrec->lines > opt.screen_lines - 1)
|
|
|
|
{
|
|
|
|
err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
|
|
|
|
parm->validcount ? parm->count:0,
|
|
|
|
parm->searchstr_disp);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
parm->numlines = 0;
|
|
|
|
}
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
print_keyrec (parm->ctrl, parm->nkeys+1, keyrec);
|
2011-01-18 12:51:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
parm->numlines += keyrec->lines;
|
|
|
|
iobuf_close (keyrec->uidbuf);
|
|
|
|
xfree (keyrec);
|
|
|
|
|
|
|
|
parm->any_lines = 1;
|
|
|
|
parm->nkeys++;
|
|
|
|
|
|
|
|
/* If we are here due to a flush after the EOF, run again for
|
|
|
|
the last prompt. Fixme: Make this code better readable. */
|
|
|
|
if (parm->eof_seen)
|
|
|
|
goto again;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
return 0;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
|
|
|
|
int
|
2010-10-01 22:33:53 +02:00
|
|
|
keyserver_export (ctrl_t ctrl, strlist_t users)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2009-12-08 17:30:33 +01:00
|
|
|
gpg_error_t err;
|
2006-10-02 13:54:35 +02:00
|
|
|
strlist_t sl=NULL;
|
2006-04-19 13:26:11 +02:00
|
|
|
KEYDB_SEARCH_DESC desc;
|
|
|
|
int rc=0;
|
|
|
|
|
|
|
|
/* Weed out descriptors that we don't support sending */
|
|
|
|
for(;users;users=users->next)
|
|
|
|
{
|
2011-04-25 23:56:47 +02:00
|
|
|
err = classify_user_id (users->d, &desc, 1);
|
2009-12-08 17:30:33 +01:00
|
|
|
if (err || (desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
|
|
|
|
&& desc.mode != KEYDB_SEARCH_MODE_LONG_KID
|
2019-03-14 08:54:59 +01:00
|
|
|
&& desc.mode != KEYDB_SEARCH_MODE_FPR))
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
|
|
|
log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
append_to_strlist(&sl,users->d);
|
|
|
|
}
|
|
|
|
|
|
|
|
if(sl)
|
|
|
|
{
|
2016-01-21 11:49:27 +01:00
|
|
|
rc = keyserver_put (ctrl, sl);
|
2006-04-19 13:26:11 +02:00
|
|
|
free_strlist(sl);
|
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
return rc;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2014-03-17 15:39:33 +01:00
|
|
|
|
2014-08-14 15:20:53 +02:00
|
|
|
/* Structure to convey the arg to keyserver_retrieval_screener. */
|
|
|
|
struct ks_retrieval_screener_arg_s
|
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC *desc;
|
|
|
|
int ndesc;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* Check whether a key matches the search description. The function
|
|
|
|
returns 0 if the key shall be imported. */
|
|
|
|
static gpg_error_t
|
|
|
|
keyserver_retrieval_screener (kbnode_t keyblock, void *opaque)
|
|
|
|
{
|
|
|
|
struct ks_retrieval_screener_arg_s *arg = opaque;
|
|
|
|
KEYDB_SEARCH_DESC *desc = arg->desc;
|
|
|
|
int ndesc = arg->ndesc;
|
|
|
|
kbnode_t node;
|
|
|
|
PKT_public_key *pk;
|
|
|
|
int n;
|
|
|
|
u32 keyid[2];
|
|
|
|
byte fpr[MAX_FINGERPRINT_LEN];
|
|
|
|
size_t fpr_len = 0;
|
|
|
|
|
|
|
|
/* Secret keys are not expected from a keyserver. We do not
|
|
|
|
care about secret subkeys because the import code takes care
|
|
|
|
of skipping them. Not allowing an import of a public key
|
|
|
|
with a secret subkey would make it too easy to inhibit the
|
|
|
|
downloading of a public key. Recall that keyservers do only
|
|
|
|
limited checks. */
|
|
|
|
node = find_kbnode (keyblock, PKT_SECRET_KEY);
|
|
|
|
if (node)
|
|
|
|
return gpg_error (GPG_ERR_GENERAL); /* Do not import. */
|
|
|
|
|
|
|
|
if (!ndesc)
|
|
|
|
return 0; /* Okay if no description given. */
|
|
|
|
|
|
|
|
/* Loop over all key packets. */
|
|
|
|
for (node = keyblock; node; node = node->next)
|
|
|
|
{
|
|
|
|
if (node->pkt->pkttype != PKT_PUBLIC_KEY
|
|
|
|
&& node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
pk = node->pkt->pkt.public_key;
|
|
|
|
fingerprint_from_pk (pk, fpr, &fpr_len);
|
|
|
|
keyid_from_pk (pk, keyid);
|
|
|
|
|
|
|
|
/* Compare requested and returned fingerprints if available. */
|
|
|
|
for (n = 0; n < ndesc; n++)
|
|
|
|
{
|
2019-03-14 14:55:06 +01:00
|
|
|
if (desc[n].mode == KEYDB_SEARCH_MODE_FPR)
|
2019-03-14 08:54:59 +01:00
|
|
|
{
|
2019-09-30 18:03:31 +02:00
|
|
|
if (fpr_len == desc[n].fprlen
|
|
|
|
&& !memcmp (fpr, desc[n].u.fpr, desc[n].fprlen))
|
2019-03-14 08:54:59 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2014-08-14 15:20:53 +02:00
|
|
|
else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
|
|
|
|
{
|
|
|
|
if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
|
|
|
|
{
|
|
|
|
if (keyid[1] == desc[n].u.kid[1])
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else /* No keyid or fingerprint - can't check. */
|
|
|
|
return 0; /* allow import. */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return gpg_error (GPG_ERR_GENERAL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
int
|
2010-10-01 22:33:53 +02:00
|
|
|
keyserver_import (ctrl_t ctrl, strlist_t users)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2009-12-08 17:30:33 +01:00
|
|
|
gpg_error_t err;
|
2003-06-05 09:14:21 +02:00
|
|
|
KEYDB_SEARCH_DESC *desc;
|
|
|
|
int num=100,count=0;
|
|
|
|
int rc=0;
|
|
|
|
|
|
|
|
/* Build a list of key ids */
|
2006-04-19 13:26:11 +02:00
|
|
|
desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
for(;users;users=users->next)
|
|
|
|
{
|
2011-04-25 23:56:47 +02:00
|
|
|
err = classify_user_id (users->d, &desc[count], 1);
|
2009-12-08 17:30:33 +01:00
|
|
|
if (err || (desc[count].mode != KEYDB_SEARCH_MODE_SHORT_KID
|
|
|
|
&& desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID
|
2019-03-14 08:54:59 +01:00
|
|
|
&& desc[count].mode != KEYDB_SEARCH_MODE_FPR))
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2009-12-08 17:30:33 +01:00
|
|
|
log_error (_("\"%s\" not a key ID: skipping\n"), users->d);
|
2003-06-05 09:14:21 +02:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
count++;
|
|
|
|
if(count==num)
|
|
|
|
{
|
|
|
|
num+=100;
|
2003-06-18 21:56:13 +02:00
|
|
|
desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(count>0)
|
2016-10-27 08:44:19 +02:00
|
|
|
rc = keyserver_get (ctrl, desc, count, NULL, 0, NULL, NULL);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
xfree(desc);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2014-03-17 15:39:33 +01:00
|
|
|
|
2016-01-21 11:49:27 +01:00
|
|
|
/* Return true if any keyserver has been configured. */
|
|
|
|
int
|
|
|
|
keyserver_any_configured (ctrl_t ctrl)
|
|
|
|
{
|
|
|
|
return !gpg_dirmngr_ks_list (ctrl, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-04-26 15:32:51 +02:00
|
|
|
/* Import all keys that exactly match MBOX */
|
2014-03-17 15:39:33 +01:00
|
|
|
int
|
2021-04-26 15:32:51 +02:00
|
|
|
keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
|
2014-03-17 15:39:33 +01:00
|
|
|
unsigned char **fpr, size_t *fprlen,
|
|
|
|
struct keyserver_spec *keyserver)
|
|
|
|
{
|
2021-04-26 15:32:51 +02:00
|
|
|
KEYDB_SEARCH_DESC desc = { 0 };
|
2014-03-17 15:39:33 +01:00
|
|
|
|
2021-04-26 15:32:51 +02:00
|
|
|
desc.mode = KEYDB_SEARCH_MODE_MAIL;
|
|
|
|
desc.u.name = mbox;
|
2014-03-17 15:39:33 +01:00
|
|
|
|
2016-10-27 08:44:19 +02:00
|
|
|
return keyserver_get (ctrl, &desc, 1, keyserver, 0, fpr, fprlen);
|
2014-03-17 15:39:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-12-17 18:18:52 +01:00
|
|
|
/* Import the keys that match exactly MBOX */
|
|
|
|
int
|
|
|
|
keyserver_import_ntds (ctrl_t ctrl, const char *mbox,
|
|
|
|
unsigned char **fpr, size_t *fprlen)
|
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC desc = { 0 };
|
|
|
|
struct keyserver_spec keyserver = { NULL, "ldap:///" };
|
|
|
|
|
|
|
|
desc.mode = KEYDB_SEARCH_MODE_MAIL;
|
|
|
|
desc.u.name = mbox;
|
|
|
|
|
|
|
|
return keyserver_get (ctrl, &desc, 1, &keyserver, 0, fpr, fprlen);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
int
|
2021-04-21 18:32:21 +02:00
|
|
|
keyserver_import_fprint (ctrl_t ctrl, const byte *fprint, size_t fprint_len,
|
2021-04-16 20:21:23 +02:00
|
|
|
struct keyserver_spec *keyserver,
|
|
|
|
unsigned int flags)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
|
|
|
|
2021-04-21 18:32:21 +02:00
|
|
|
memset (&desc, 0, sizeof(desc));
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2019-03-14 14:55:06 +01:00
|
|
|
if (fprint_len == 16 || fprint_len == 20 || fprint_len == 32)
|
|
|
|
desc.mode = KEYDB_SEARCH_MODE_FPR;
|
2003-06-05 09:14:21 +02:00
|
|
|
else
|
2021-04-21 18:32:21 +02:00
|
|
|
return gpg_error (GPG_ERR_INV_ARG);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2021-04-21 18:32:21 +02:00
|
|
|
memcpy (desc.u.fpr, fprint, fprint_len);
|
2019-03-14 08:54:59 +01:00
|
|
|
desc.fprlen = fprint_len;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2021-04-16 20:21:23 +02:00
|
|
|
return keyserver_get (ctrl, &desc, 1, keyserver, flags, NULL, NULL);
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2021-04-21 18:32:21 +02:00
|
|
|
|
|
|
|
int
|
|
|
|
keyserver_import_fprint_ntds (ctrl_t ctrl,
|
|
|
|
const byte *fprint, size_t fprint_len)
|
|
|
|
{
|
|
|
|
struct keyserver_spec keyserver = { NULL, "ldap:///" };
|
|
|
|
|
|
|
|
return keyserver_import_fprint (ctrl, fprint, fprint_len,
|
|
|
|
&keyserver, KEYSERVER_IMPORT_FLAG_LDAP);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
int
|
2010-10-01 22:33:53 +02:00
|
|
|
keyserver_import_keyid (ctrl_t ctrl,
|
2021-04-16 20:21:23 +02:00
|
|
|
u32 *keyid,struct keyserver_spec *keyserver,
|
|
|
|
unsigned int flags)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
|
|
|
|
|
|
|
memset(&desc,0,sizeof(desc));
|
|
|
|
|
|
|
|
desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
|
|
|
|
desc.u.kid[0]=keyid[0];
|
|
|
|
desc.u.kid[1]=keyid[1];
|
|
|
|
|
2021-04-16 20:21:23 +02:00
|
|
|
return keyserver_get (ctrl, &desc, 1, keyserver, flags, NULL, NULL);
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
/* code mostly stolen from do_export_stream */
|
2011-01-18 12:51:16 +01:00
|
|
|
static int
|
2017-03-31 20:03:52 +02:00
|
|
|
keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
|
2021-05-26 14:28:26 +02:00
|
|
|
int *count)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2015-12-03 12:18:32 +01:00
|
|
|
int rc = 0;
|
|
|
|
int num = 100;
|
|
|
|
kbnode_t keyblock = NULL;
|
|
|
|
kbnode_t node;
|
2003-06-05 09:14:21 +02:00
|
|
|
KEYDB_HANDLE kdbhd;
|
2015-12-03 12:18:32 +01:00
|
|
|
int ndesc;
|
|
|
|
KEYDB_SEARCH_DESC *desc = NULL;
|
2006-10-02 13:54:35 +02:00
|
|
|
strlist_t sl;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
*count=0;
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
*klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2019-09-09 14:34:09 +02:00
|
|
|
kdbhd = keydb_new (ctrl);
|
2015-12-03 12:18:32 +01:00
|
|
|
if (!kdbhd)
|
|
|
|
{
|
|
|
|
rc = gpg_error_from_syserror ();
|
|
|
|
goto leave;
|
|
|
|
}
|
2014-12-01 11:54:51 +01:00
|
|
|
keydb_disable_caching (kdbhd); /* We are looping the search. */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
if(!users)
|
|
|
|
{
|
|
|
|
ndesc = 1;
|
2006-04-19 13:26:11 +02:00
|
|
|
desc = xmalloc_clear ( ndesc * sizeof *desc);
|
2003-06-05 09:14:21 +02:00
|
|
|
desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
|
2003-06-05 09:14:21 +02:00
|
|
|
;
|
2003-06-18 21:56:13 +02:00
|
|
|
desc = xmalloc ( ndesc * sizeof *desc);
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
for (ndesc=0, sl=users; sl; sl = sl->next)
|
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
gpg_error_t err;
|
2011-04-25 23:56:47 +02:00
|
|
|
if (!(err = classify_user_id (sl->d, desc+ndesc, 1)))
|
2003-06-05 09:14:21 +02:00
|
|
|
ndesc++;
|
|
|
|
else
|
2006-04-19 13:26:11 +02:00
|
|
|
log_error (_("key \"%s\" not found: %s\n"),
|
2009-12-08 17:30:33 +01:00
|
|
|
sl->d, gpg_strerror (err));
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-22 16:36:28 +01:00
|
|
|
for (;;)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2015-01-22 16:36:28 +01:00
|
|
|
rc = keydb_search (kdbhd, desc, ndesc, NULL);
|
2015-11-17 14:38:03 +01:00
|
|
|
if (rc)
|
2015-01-22 16:36:28 +01:00
|
|
|
break; /* ready. */
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (!users)
|
2003-06-05 09:14:21 +02:00
|
|
|
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
|
|
|
|
|
|
|
|
/* read the keyblock */
|
|
|
|
rc = keydb_get_keyblock (kdbhd, &keyblock );
|
|
|
|
if( rc )
|
|
|
|
{
|
2015-01-22 16:36:28 +01:00
|
|
|
log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
|
2003-06-05 09:14:21 +02:00
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
|
|
|
|
if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
|
|
|
|
{
|
|
|
|
/* v4 keys get full fingerprints. v3 keys get long keyids.
|
2006-04-19 13:26:11 +02:00
|
|
|
This is because it's easy to calculate any sort of keyid
|
2003-06-05 09:14:21 +02:00
|
|
|
from a v4 fingerprint, but not a v3 fingerprint. */
|
|
|
|
|
2019-03-14 08:54:59 +01:00
|
|
|
if (node->pkt->pkt.public_key->version < 4)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
|
|
|
(*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
|
|
|
|
keyid_from_pk(node->pkt->pkt.public_key,
|
|
|
|
(*klist)[*count].u.kid);
|
|
|
|
}
|
|
|
|
else
|
2019-03-14 08:54:59 +01:00
|
|
|
{
|
2019-03-14 14:55:06 +01:00
|
|
|
size_t fprlen;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2019-03-14 08:54:59 +01:00
|
|
|
fingerprint_from_pk (node->pkt->pkt.public_key,
|
2019-03-14 14:55:06 +01:00
|
|
|
(*klist)[*count].u.fpr, &fprlen);
|
|
|
|
(*klist)[*count].mode = KEYDB_SEARCH_MODE_FPR;
|
|
|
|
(*klist)[*count].fprlen = fprlen;
|
2019-03-14 08:54:59 +01:00
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
/* This is a little hackish, using the skipfncvalue as a
|
|
|
|
void* pointer to the keyserver spec, but we don't need
|
|
|
|
the skipfnc here, and it saves having an additional field
|
|
|
|
for this (which would be wasted space most of the
|
|
|
|
time). */
|
|
|
|
|
|
|
|
(*klist)[*count].skipfncvalue=NULL;
|
|
|
|
|
|
|
|
/* Are we honoring preferred keyservers? */
|
|
|
|
if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
|
|
|
|
{
|
|
|
|
PKT_user_id *uid=NULL;
|
|
|
|
PKT_signature *sig=NULL;
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
merge_keys_and_selfsig (ctrl, keyblock);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
for(node=node->next;node;node=node->next)
|
|
|
|
{
|
|
|
|
if(node->pkt->pkttype==PKT_USER_ID
|
2017-03-08 11:01:22 +01:00
|
|
|
&& node->pkt->pkt.user_id->flags.primary)
|
2006-04-19 13:26:11 +02:00
|
|
|
uid=node->pkt->pkt.user_id;
|
|
|
|
else if(node->pkt->pkttype==PKT_SIGNATURE
|
|
|
|
&& node->pkt->pkt.signature->
|
|
|
|
flags.chosen_selfsig && uid)
|
|
|
|
{
|
|
|
|
sig=node->pkt->pkt.signature;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Try and parse the keyserver URL. If it doesn't work,
|
|
|
|
then we end up writing NULL which indicates we are
|
|
|
|
the same as any other key. */
|
|
|
|
if(sig)
|
|
|
|
(*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
|
|
|
|
}
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
(*count)++;
|
|
|
|
|
|
|
|
if(*count==num)
|
|
|
|
{
|
|
|
|
num+=100;
|
2003-06-18 21:56:13 +02:00
|
|
|
*klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-04-29 15:07:11 +02:00
|
|
|
if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
|
|
|
|
rc = 0;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
leave:
|
2006-04-19 13:26:11 +02:00
|
|
|
if(rc)
|
2015-12-03 12:19:30 +01:00
|
|
|
{
|
|
|
|
xfree(*klist);
|
|
|
|
*klist = NULL;
|
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
xfree(desc);
|
2003-06-05 09:14:21 +02:00
|
|
|
keydb_release(kdbhd);
|
|
|
|
release_kbnode(keyblock);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Note this is different than the original HKP refresh. It allows
|
|
|
|
usernames to refresh only part of the keyring. */
|
|
|
|
|
2015-10-05 17:52:28 +02:00
|
|
|
gpg_error_t
|
2010-10-01 22:33:53 +02:00
|
|
|
keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2015-10-05 17:52:28 +02:00
|
|
|
gpg_error_t err;
|
|
|
|
int count, numdesc;
|
2003-06-05 09:14:21 +02:00
|
|
|
KEYDB_SEARCH_DESC *desc;
|
2006-04-19 13:26:11 +02:00
|
|
|
unsigned int options=opt.keyserver_options.import_options;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
/* We switch merge-only on during a refresh, as 'refresh' should
|
|
|
|
never import new keys, even if their keyids match. */
|
|
|
|
opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
|
|
|
|
|
|
|
|
/* Similarly, we switch on fast-import, since refresh may make
|
|
|
|
multiple import sets (due to preferred keyserver URLs). We don't
|
|
|
|
want each set to rebuild the trustdb. Instead we do it once at
|
|
|
|
the end here. */
|
|
|
|
opt.keyserver_options.import_options|=IMPORT_FAST;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2021-05-26 14:28:26 +02:00
|
|
|
|
|
|
|
err = keyidlist (ctrl, users, &desc, &numdesc);
|
2015-10-05 17:52:28 +02:00
|
|
|
if (err)
|
|
|
|
return err;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
count=numdesc;
|
2003-06-05 09:14:21 +02:00
|
|
|
if(count>0)
|
|
|
|
{
|
2006-04-19 13:26:11 +02:00
|
|
|
int i;
|
|
|
|
|
|
|
|
/* Try to handle preferred keyserver keys first */
|
|
|
|
for(i=0;i<numdesc;i++)
|
|
|
|
{
|
|
|
|
if(desc[i].skipfncvalue)
|
|
|
|
{
|
|
|
|
struct keyserver_spec *keyserver=desc[i].skipfncvalue;
|
|
|
|
|
2015-04-21 15:36:30 +02:00
|
|
|
if (!opt.quiet)
|
2016-01-18 11:20:15 +01:00
|
|
|
log_info (_("refreshing %d key from %s\n"), 1, keyserver->uri);
|
2015-04-21 15:36:30 +02:00
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
/* We use the keyserver structure we parsed out before.
|
|
|
|
Note that a preferred keyserver without a scheme://
|
|
|
|
will be interpreted as hkp:// */
|
2016-10-27 08:44:19 +02:00
|
|
|
err = keyserver_get (ctrl, &desc[i], 1, keyserver, 0, NULL, NULL);
|
2015-10-05 17:52:28 +02:00
|
|
|
if (err)
|
2006-04-19 13:26:11 +02:00
|
|
|
log_info(_("WARNING: unable to refresh key %s"
|
|
|
|
" via %s: %s\n"),keystr_from_desc(&desc[i]),
|
2015-10-05 17:52:28 +02:00
|
|
|
keyserver->uri,gpg_strerror (err));
|
2006-04-19 13:26:11 +02:00
|
|
|
else
|
|
|
|
{
|
|
|
|
/* We got it, so mark it as NONE so we don't try and
|
|
|
|
get it again from the regular keyserver. */
|
|
|
|
|
|
|
|
desc[i].mode=KEYDB_SEARCH_MODE_NONE;
|
|
|
|
count--;
|
|
|
|
}
|
|
|
|
|
|
|
|
free_keyserver_spec(keyserver);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(count>0)
|
|
|
|
{
|
2015-10-05 17:52:28 +02:00
|
|
|
char *tmpuri;
|
|
|
|
|
|
|
|
err = gpg_dirmngr_ks_list (ctrl, &tmpuri);
|
|
|
|
if (!err)
|
|
|
|
{
|
|
|
|
if (!opt.quiet)
|
|
|
|
{
|
2016-01-18 11:20:15 +01:00
|
|
|
log_info (ngettext("refreshing %d key from %s\n",
|
|
|
|
"refreshing %d keys from %s\n",
|
|
|
|
count), count, tmpuri);
|
2015-10-05 17:52:28 +02:00
|
|
|
}
|
|
|
|
xfree (tmpuri);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2016-10-27 08:44:19 +02:00
|
|
|
err = keyserver_get (ctrl, desc, numdesc, NULL, 0, NULL, NULL);
|
2015-10-05 17:52:28 +02:00
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2006-04-19 13:26:11 +02:00
|
|
|
xfree(desc);
|
|
|
|
|
|
|
|
opt.keyserver_options.import_options=options;
|
|
|
|
|
|
|
|
/* If the original options didn't have fast import, and the trustdb
|
|
|
|
is dirty, rebuild. */
|
|
|
|
if(!(opt.keyserver_options.import_options&IMPORT_FAST))
|
2016-05-21 11:41:49 +02:00
|
|
|
check_or_update_trustdb (ctrl);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
2015-10-05 17:52:28 +02:00
|
|
|
return err;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2011-01-10 14:30:17 +01:00
|
|
|
/* Search for keys on the keyservers. The patterns are given in the
|
|
|
|
string list TOKENS. */
|
|
|
|
gpg_error_t
|
2010-10-01 22:33:53 +02:00
|
|
|
keyserver_search (ctrl_t ctrl, strlist_t tokens)
|
2003-06-05 09:14:21 +02:00
|
|
|
{
|
2011-01-10 14:30:17 +01:00
|
|
|
gpg_error_t err;
|
|
|
|
char *searchstr;
|
2011-01-18 12:51:16 +01:00
|
|
|
struct search_line_handler_parm_s parm;
|
|
|
|
|
|
|
|
memset (&parm, 0, sizeof parm);
|
2011-01-10 14:30:17 +01:00
|
|
|
|
|
|
|
if (!tokens)
|
|
|
|
return 0; /* Return success if no patterns are given. */
|
|
|
|
|
|
|
|
{
|
|
|
|
membuf_t mb;
|
|
|
|
strlist_t item;
|
|
|
|
|
|
|
|
init_membuf (&mb, 1024);
|
|
|
|
for (item = tokens; item; item = item->next)
|
|
|
|
{
|
|
|
|
if (item != tokens)
|
|
|
|
put_membuf (&mb, " ", 1);
|
|
|
|
put_membuf_str (&mb, item->d);
|
|
|
|
}
|
|
|
|
put_membuf (&mb, "", 1); /* Append Nul. */
|
|
|
|
searchstr = get_membuf (&mb, NULL);
|
|
|
|
if (!searchstr)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
2011-01-18 12:51:16 +01:00
|
|
|
goto leave;
|
2011-01-10 14:30:17 +01:00
|
|
|
}
|
|
|
|
}
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
parm.ctrl = ctrl;
|
|
|
|
if (searchstr)
|
|
|
|
parm.searchstr_disp = utf8_to_native (searchstr, strlen (searchstr), 0);
|
|
|
|
|
|
|
|
err = gpg_dirmngr_ks_search (ctrl, searchstr, search_line_handler, &parm);
|
|
|
|
|
2018-12-11 12:29:58 +01:00
|
|
|
if (parm.not_found || gpg_err_code (err) == GPG_ERR_NO_DATA)
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
|
|
|
if (parm.searchstr_disp)
|
|
|
|
log_info (_("key \"%s\" not found on keyserver\n"),
|
|
|
|
parm.searchstr_disp);
|
|
|
|
else
|
|
|
|
log_info (_("key not found on keyserver\n"));
|
|
|
|
}
|
|
|
|
|
2019-05-14 07:56:10 +02:00
|
|
|
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
|
2018-12-11 12:29:58 +01:00
|
|
|
err = gpg_error (GPG_ERR_NOT_FOUND);
|
2011-01-18 12:51:16 +01:00
|
|
|
else if (err)
|
|
|
|
log_error ("error searching keyserver: %s\n", gpg_strerror (err));
|
|
|
|
|
2011-01-10 14:30:17 +01:00
|
|
|
leave:
|
2011-01-18 12:51:16 +01:00
|
|
|
xfree (parm.desc);
|
|
|
|
xfree (parm.searchstr_disp);
|
2011-01-10 14:30:17 +01:00
|
|
|
xfree(searchstr);
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
return err;
|
|
|
|
}
|
2011-01-10 14:30:17 +01:00
|
|
|
|
2014-11-12 12:14:32 +01:00
|
|
|
/* Helper for keyserver_get. Here we only receive a chunk of the
|
|
|
|
description to be processed in one batch. This is required due to
|
|
|
|
the limited number of patterns the dirmngr interface (KS_GET) can
|
|
|
|
grok and to limit the amount of temporary required memory. */
|
2011-01-18 12:51:16 +01:00
|
|
|
static gpg_error_t
|
2014-11-12 12:14:32 +01:00
|
|
|
keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
|
|
|
|
int *r_ndesc_used,
|
2015-12-12 18:19:35 +01:00
|
|
|
import_stats_t stats_handle,
|
2015-04-21 15:36:30 +02:00
|
|
|
struct keyserver_spec *override_keyserver,
|
2021-04-16 20:21:23 +02:00
|
|
|
unsigned int flags,
|
2014-11-12 12:14:32 +01:00
|
|
|
unsigned char **r_fpr, size_t *r_fprlen)
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
{
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
char **pattern;
|
2017-07-24 20:47:41 +02:00
|
|
|
int idx, npat, npat_fpr;
|
2011-01-18 12:51:16 +01:00
|
|
|
estream_t datastream;
|
2014-03-14 16:12:54 +01:00
|
|
|
char *source = NULL;
|
2014-11-12 12:14:32 +01:00
|
|
|
size_t linelen; /* Estimated linelen for KS_GET. */
|
|
|
|
size_t n;
|
2017-07-24 20:47:41 +02:00
|
|
|
int only_fprs;
|
2014-11-12 12:14:32 +01:00
|
|
|
|
|
|
|
#define MAX_KS_GET_LINELEN 950 /* Somewhat lower than the real limit. */
|
|
|
|
|
|
|
|
*r_ndesc_used = 0;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
/* Create an array filled with a search pattern for each key. The
|
|
|
|
array is delimited by a NULL entry. */
|
|
|
|
pattern = xtrycalloc (ndesc+1, sizeof *pattern);
|
|
|
|
if (!pattern)
|
|
|
|
return gpg_error_from_syserror ();
|
2014-11-12 12:14:32 +01:00
|
|
|
|
|
|
|
/* Note that we break the loop as soon as our estimation of the to
|
|
|
|
be used line length reaches the limit. But we do this only if we
|
2016-10-27 08:44:19 +02:00
|
|
|
have processed at least one search requests so that an overlong
|
2014-11-12 12:14:32 +01:00
|
|
|
single request will be rejected only later by gpg_dirmngr_ks_get
|
|
|
|
but we are sure that R_NDESC_USED has been updated. This avoids
|
|
|
|
a possible indefinite loop. */
|
2021-04-16 20:21:23 +02:00
|
|
|
linelen = 24; /* "KS_GET --quick --ldap --" */
|
2017-07-24 20:47:41 +02:00
|
|
|
for (npat=npat_fpr=0, idx=0; idx < ndesc; idx++)
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
|
|
|
int quiet = 0;
|
|
|
|
|
2019-03-14 14:55:06 +01:00
|
|
|
if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR)
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
2019-03-14 14:55:06 +01:00
|
|
|
n = 1+2+2*desc[idx].fprlen;
|
2014-11-12 12:14:32 +01:00
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
|
|
|
pattern[npat] = xtrymalloc (n);
|
2011-01-18 12:51:16 +01:00
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
strcpy (pattern[npat], "0x");
|
2019-03-14 14:55:06 +01:00
|
|
|
bin2hex (desc[idx].u.fpr, desc[idx].fprlen, pattern[npat]+2);
|
2011-01-18 12:51:16 +01:00
|
|
|
npat++;
|
2019-03-14 14:55:06 +01:00
|
|
|
if (desc[idx].fprlen == 20 || desc[idx].fprlen == 32)
|
2017-07-24 20:47:41 +02:00
|
|
|
npat_fpr++;
|
2011-01-18 12:51:16 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
|
|
|
|
{
|
2014-11-12 12:14:32 +01:00
|
|
|
n = 1+2+16;
|
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
pattern[npat] = xtryasprintf ("0x%08lX%08lX",
|
|
|
|
(ulong)desc[idx].u.kid[0],
|
|
|
|
(ulong)desc[idx].u.kid[1]);
|
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
npat++;
|
|
|
|
}
|
|
|
|
else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
|
|
|
|
{
|
2014-11-12 12:14:32 +01:00
|
|
|
n = 1+2+8;
|
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
|
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
npat++;
|
|
|
|
}
|
|
|
|
else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
|
|
|
|
{
|
2014-11-12 12:14:32 +01:00
|
|
|
/* The Dirmngr also uses classify_user_id to detect the type
|
2014-03-17 15:39:33 +01:00
|
|
|
of the search string. By adding the '=' prefix we force
|
|
|
|
Dirmngr's KS_GET to consider this an exact search string.
|
|
|
|
(In gpg 1.4 and gpg 2.0 the keyserver helpers used the
|
|
|
|
KS_GETNAME command to indicate this.) */
|
2014-11-12 12:14:32 +01:00
|
|
|
|
|
|
|
n = 1+1+strlen (desc[idx].u.name);
|
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
2014-03-17 15:39:33 +01:00
|
|
|
pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
|
2011-01-18 12:51:16 +01:00
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
npat++;
|
|
|
|
quiet = 1;
|
|
|
|
}
|
|
|
|
}
|
2020-12-17 18:18:52 +01:00
|
|
|
else if(desc[idx].mode == KEYDB_SEARCH_MODE_MAIL)
|
|
|
|
{
|
|
|
|
n = 1 + strlen (desc[idx].u.name) + 1 + 1;
|
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
|
|
|
if (desc[idx].u.name[0] == '<')
|
|
|
|
pattern[npat] = xtrystrdup (desc[idx].u.name);
|
|
|
|
else
|
|
|
|
pattern[npat] = strconcat ("<", desc[idx].u.name, ">", NULL);
|
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
npat++;
|
|
|
|
quiet = 1;
|
|
|
|
}
|
|
|
|
}
|
2011-01-18 12:51:16 +01:00
|
|
|
else if (desc[idx].mode == KEYDB_SEARCH_MODE_NONE)
|
|
|
|
continue;
|
|
|
|
else
|
|
|
|
BUG();
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
for (idx=0; idx < npat; idx++)
|
|
|
|
xfree (pattern[idx]);
|
|
|
|
xfree (pattern);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2015-04-21 15:36:30 +02:00
|
|
|
if (!quiet && override_keyserver)
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
2021-05-26 14:28:26 +02:00
|
|
|
log_info (_("requesting key %s from %s\n"),
|
|
|
|
keystr_from_desc (&desc[idx]), override_keyserver->uri);
|
2011-01-18 12:51:16 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-03-14 08:54:59 +01:00
|
|
|
/* Remember how many of the search items were considered. Note that
|
2014-11-12 12:14:32 +01:00
|
|
|
this is different from NPAT. */
|
|
|
|
*r_ndesc_used = idx;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2017-07-24 20:47:41 +02:00
|
|
|
only_fprs = (npat && npat == npat_fpr);
|
|
|
|
|
2021-04-16 20:21:23 +02:00
|
|
|
err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver, flags,
|
2015-04-21 15:36:30 +02:00
|
|
|
&datastream, &source);
|
2011-01-18 12:51:16 +01:00
|
|
|
for (idx=0; idx < npat; idx++)
|
|
|
|
xfree (pattern[idx]);
|
|
|
|
xfree (pattern);
|
2014-03-17 15:39:33 +01:00
|
|
|
if (opt.verbose && source)
|
2014-03-14 16:12:54 +01:00
|
|
|
log_info ("data source: %s\n", source);
|
|
|
|
|
2021-04-13 14:25:16 +02:00
|
|
|
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (!err)
|
|
|
|
{
|
2014-08-14 15:20:53 +02:00
|
|
|
struct ks_retrieval_screener_arg_s screenerarg;
|
2021-04-13 14:25:16 +02:00
|
|
|
unsigned int options;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
/* FIXME: Check whether this comment should be moved to dirmngr.
|
|
|
|
|
|
|
|
Slurp up all the key data. In the future, it might be nice
|
|
|
|
to look for KEY foo OUTOFBAND and FAILED indicators. It's
|
|
|
|
harmless to ignore them, but ignoring them does make gpg
|
|
|
|
complain about "no valid OpenPGP data found". One way to do
|
|
|
|
this could be to continue parsing this line-by-line and make
|
2013-10-04 13:44:39 +02:00
|
|
|
a temp iobuf for each key. Note that we don't allow the
|
|
|
|
import of secret keys from a keyserver. Keyservers should
|
|
|
|
never accept or send them but we better protect against rogue
|
|
|
|
keyservers. */
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2021-04-26 14:15:21 +02:00
|
|
|
/* For LDAP servers we reset IMPORT_SELF_SIGS_ONLY and
|
|
|
|
* IMPORT_CLEAN unless they have been set explicitly. */
|
2021-04-13 14:25:16 +02:00
|
|
|
options = (opt.keyserver_options.import_options | IMPORT_NO_SECKEY);
|
|
|
|
if (source && (!strncmp (source, "ldap:", 5)
|
2021-04-26 14:15:21 +02:00
|
|
|
|| !strncmp (source, "ldaps:", 6)))
|
|
|
|
{
|
|
|
|
if (!opt.flags.expl_import_self_sigs_only)
|
|
|
|
options &= ~IMPORT_SELF_SIGS_ONLY;
|
|
|
|
if (!opt.flags.expl_import_clean)
|
|
|
|
options &= ~IMPORT_CLEAN;
|
|
|
|
}
|
2021-04-13 14:25:16 +02:00
|
|
|
|
2014-08-14 15:20:53 +02:00
|
|
|
screenerarg.desc = desc;
|
2014-11-12 12:14:32 +01:00
|
|
|
screenerarg.ndesc = *r_ndesc_used;
|
2014-03-17 15:39:33 +01:00
|
|
|
import_keys_es_stream (ctrl, datastream, stats_handle,
|
2021-04-13 14:25:16 +02:00
|
|
|
r_fpr, r_fprlen, options,
|
2017-07-13 18:22:36 +02:00
|
|
|
keyserver_retrieval_screener, &screenerarg,
|
2017-07-24 20:47:41 +02:00
|
|
|
only_fprs? KEYORG_KS : 0,
|
|
|
|
source);
|
2011-01-18 12:51:16 +01:00
|
|
|
}
|
|
|
|
es_fclose (datastream);
|
2014-03-14 16:12:54 +01:00
|
|
|
xfree (source);
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
return err;
|
2003-06-05 09:14:21 +02:00
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2011-01-10 14:30:17 +01:00
|
|
|
|
2014-11-12 12:14:32 +01:00
|
|
|
/* Retrieve a key from a keyserver. The search pattern are in
|
|
|
|
(DESC,NDESC). Allowed search modes are keyid, fingerprint, and
|
2015-04-21 15:36:30 +02:00
|
|
|
exact searches. OVERRIDE_KEYSERVER gives an optional override
|
|
|
|
keyserver. If (R_FPR,R_FPRLEN) are not NULL, they may return the
|
2021-04-16 20:21:23 +02:00
|
|
|
fingerprint of a single imported key. If the FLAG bit
|
|
|
|
KEYSERVER_IMPORT_FLAG_QUICK is set, dirmngr is advised to use a
|
|
|
|
shorter timeout. */
|
2014-11-12 12:14:32 +01:00
|
|
|
static gpg_error_t
|
|
|
|
keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
|
2021-04-16 20:21:23 +02:00
|
|
|
struct keyserver_spec *override_keyserver, unsigned int flags,
|
2014-11-12 12:14:32 +01:00
|
|
|
unsigned char **r_fpr, size_t *r_fprlen)
|
|
|
|
{
|
|
|
|
gpg_error_t err;
|
2015-12-12 18:19:35 +01:00
|
|
|
import_stats_t stats_handle;
|
2014-11-12 12:14:32 +01:00
|
|
|
int ndesc_used;
|
|
|
|
int any_good = 0;
|
|
|
|
|
|
|
|
stats_handle = import_new_stats_handle();
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
{
|
|
|
|
err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
|
2021-04-16 20:21:23 +02:00
|
|
|
override_keyserver, flags, r_fpr, r_fprlen);
|
2014-11-12 12:14:32 +01:00
|
|
|
if (!err)
|
|
|
|
any_good = 1;
|
|
|
|
if (err || ndesc_used >= ndesc)
|
|
|
|
break; /* Error or all processed. */
|
|
|
|
/* Prepare for the next chunk. */
|
|
|
|
desc += ndesc_used;
|
|
|
|
ndesc -= ndesc_used;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (any_good)
|
|
|
|
import_print_stats (stats_handle);
|
|
|
|
|
|
|
|
import_release_stats_handle (stats_handle);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-01-21 11:49:27 +01:00
|
|
|
/* Send all keys specified by KEYSPECS to the configured keyserver. */
|
2011-01-20 14:12:53 +01:00
|
|
|
static gpg_error_t
|
2016-01-21 11:49:27 +01:00
|
|
|
keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
|
2011-01-20 14:12:53 +01:00
|
|
|
|
|
|
|
{
|
|
|
|
gpg_error_t err;
|
|
|
|
strlist_t kspec;
|
2016-01-21 11:49:27 +01:00
|
|
|
char *ksurl;
|
2011-01-20 14:12:53 +01:00
|
|
|
|
|
|
|
if (!keyspecs)
|
|
|
|
return 0; /* Return success if the list is empty. */
|
|
|
|
|
2016-01-21 11:49:27 +01:00
|
|
|
if (gpg_dirmngr_ks_list (ctrl, &ksurl))
|
2011-01-20 14:12:53 +01:00
|
|
|
{
|
2016-01-21 11:49:27 +01:00
|
|
|
log_error (_("no keyserver known\n"));
|
2011-01-20 14:12:53 +01:00
|
|
|
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
|
|
|
}
|
|
|
|
|
|
|
|
for (kspec = keyspecs; kspec; kspec = kspec->next)
|
|
|
|
{
|
|
|
|
void *data;
|
|
|
|
size_t datalen;
|
|
|
|
kbnode_t keyblock;
|
|
|
|
|
|
|
|
err = export_pubkey_buffer (ctrl, kspec->d,
|
|
|
|
opt.keyserver_options.export_options,
|
2020-03-13 13:17:51 +01:00
|
|
|
NULL, 0, NULL,
|
2011-01-20 14:12:53 +01:00
|
|
|
&keyblock, &data, &datalen);
|
|
|
|
if (err)
|
|
|
|
log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
|
|
|
|
else
|
|
|
|
{
|
2019-09-06 16:48:53 +02:00
|
|
|
if (!opt.quiet)
|
|
|
|
log_info (_("sending key %s to %s\n"),
|
|
|
|
keystr (keyblock->pkt->pkt.public_key->keyid),
|
|
|
|
ksurl?ksurl:"[?]");
|
2011-01-20 14:12:53 +01:00
|
|
|
|
|
|
|
err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
|
|
|
|
release_kbnode (keyblock);
|
|
|
|
xfree (data);
|
|
|
|
if (err)
|
2014-12-08 11:10:11 +01:00
|
|
|
{
|
|
|
|
write_status_error ("keyserver_send", err);
|
|
|
|
log_error (_("keyserver send failed: %s\n"), gpg_strerror (err));
|
|
|
|
}
|
2011-01-20 14:12:53 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-21 11:49:27 +01:00
|
|
|
xfree (ksurl);
|
2011-01-20 14:12:53 +01:00
|
|
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
}
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
|
2014-08-14 15:20:53 +02:00
|
|
|
/* Loop over all URLs in STRLIST and fetch the key at that URL. Note
|
2016-06-14 09:06:44 +02:00
|
|
|
that the fetch operation ignores the configured keyservers and
|
2014-03-12 14:27:50 +01:00
|
|
|
instead directly retrieves the keys. */
|
2006-04-19 13:26:11 +02:00
|
|
|
int
|
2017-07-13 18:22:36 +02:00
|
|
|
keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
2011-02-08 21:11:19 +01:00
|
|
|
gpg_error_t err;
|
2006-10-02 13:54:35 +02:00
|
|
|
strlist_t sl;
|
2011-02-08 21:11:19 +01:00
|
|
|
estream_t datastream;
|
2014-03-12 14:27:50 +01:00
|
|
|
unsigned int save_options = opt.keyserver_options.import_options;
|
2021-06-25 09:55:27 +02:00
|
|
|
int any_success = 0;
|
|
|
|
gpg_error_t firsterr = 0;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
/* Switch on fast-import, since fetch can handle more than one
|
|
|
|
import and we don't want each set to rebuild the trustdb.
|
|
|
|
Instead we do it once at the end. */
|
2011-02-08 21:11:19 +01:00
|
|
|
opt.keyserver_options.import_options |= IMPORT_FAST;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
for (sl=urilist; sl; sl=sl->next)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
2011-02-08 21:11:19 +01:00
|
|
|
if (!opt.quiet)
|
2012-06-05 19:29:22 +02:00
|
|
|
log_info (_("requesting key from '%s'\n"), sl->d);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
err = gpg_dirmngr_ks_fetch (ctrl, sl->d, &datastream);
|
|
|
|
if (!err)
|
|
|
|
{
|
2015-12-12 18:19:35 +01:00
|
|
|
import_stats_t stats_handle;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
stats_handle = import_new_stats_handle();
|
|
|
|
import_keys_es_stream (ctrl, datastream, stats_handle, NULL, NULL,
|
2014-08-14 15:20:53 +02:00
|
|
|
opt.keyserver_options.import_options,
|
2017-07-24 21:07:03 +02:00
|
|
|
NULL, NULL, origin, sl->d);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
import_print_stats (stats_handle);
|
|
|
|
import_release_stats_handle (stats_handle);
|
2021-06-25 09:55:27 +02:00
|
|
|
any_success = 1;
|
2011-02-08 21:11:19 +01:00
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
else
|
2021-06-25 09:55:27 +02:00
|
|
|
{
|
|
|
|
log_info (_("WARNING: unable to fetch URI %s: %s\n"),
|
|
|
|
sl->d, gpg_strerror (err));
|
|
|
|
if (!firsterr)
|
|
|
|
firsterr = err;
|
|
|
|
}
|
2011-02-08 21:11:19 +01:00
|
|
|
es_fclose (datastream);
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
|
|
|
|
2021-06-25 09:55:27 +02:00
|
|
|
if (!urilist)
|
|
|
|
err = gpg_error (GPG_ERR_NO_NAME);
|
|
|
|
else if (any_success)
|
|
|
|
err = 0;
|
|
|
|
else
|
|
|
|
err = firsterr;
|
|
|
|
|
2014-03-12 14:27:50 +01:00
|
|
|
opt.keyserver_options.import_options = save_options;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
/* If the original options didn't have fast import, and the trustdb
|
|
|
|
is dirty, rebuild. */
|
2011-02-08 21:11:19 +01:00
|
|
|
if (!(opt.keyserver_options.import_options&IMPORT_FAST))
|
2016-05-21 11:41:49 +02:00
|
|
|
check_or_update_trustdb (ctrl);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2021-06-25 09:55:27 +02:00
|
|
|
return err;
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
/* Import key in a CERT or pointed to by a CERT. In DANE_MODE fetch
|
|
|
|
the certificate using the DANE method. */
|
2006-04-19 13:26:11 +02:00
|
|
|
int
|
2015-10-06 20:31:43 +02:00
|
|
|
keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
|
|
|
|
unsigned char **fpr,size_t *fpr_len)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
2011-11-30 17:14:08 +01:00
|
|
|
gpg_error_t err;
|
2015-10-06 20:31:43 +02:00
|
|
|
char *look,*url;
|
2011-11-30 17:14:08 +01:00
|
|
|
estream_t key;
|
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
look = xstrdup(name);
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
if (!dane_mode)
|
|
|
|
{
|
|
|
|
char *domain = strrchr (look,'@');
|
|
|
|
if (domain)
|
|
|
|
*domain='.';
|
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
err = gpg_dirmngr_dns_cert (ctrl, look, dane_mode? NULL : "*",
|
|
|
|
&key, fpr, fpr_len, &url);
|
2011-11-30 17:14:08 +01:00
|
|
|
if (err)
|
|
|
|
;
|
|
|
|
else if (key)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
|
|
|
int armor_status=opt.no_armor;
|
2017-07-24 19:35:45 +02:00
|
|
|
import_filter_t save_filt;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
/* CERTs and DANE records are always in binary format */
|
2006-04-19 13:26:11 +02:00
|
|
|
opt.no_armor=1;
|
2017-07-24 19:35:45 +02:00
|
|
|
if (dane_mode)
|
|
|
|
{
|
|
|
|
save_filt = save_and_clear_import_filter ();
|
|
|
|
if (!save_filt)
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
char *filtstr = es_bsprintf ("keep-uid=mbox = %s", look);
|
|
|
|
err = filtstr? 0 : gpg_error_from_syserror ();
|
|
|
|
if (!err)
|
|
|
|
err = parse_and_set_import_filter (filtstr);
|
|
|
|
xfree (filtstr);
|
|
|
|
if (!err)
|
|
|
|
err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
|
|
|
|
IMPORT_NO_SECKEY,
|
2017-07-24 20:05:28 +02:00
|
|
|
NULL, NULL, KEYORG_DANE, NULL);
|
2017-07-24 19:35:45 +02:00
|
|
|
restore_import_filter (save_filt);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
|
|
|
|
(opt.keyserver_options.import_options
|
|
|
|
| IMPORT_NO_SECKEY),
|
2017-07-24 20:05:28 +02:00
|
|
|
NULL, NULL, 0, NULL);
|
2017-07-24 19:35:45 +02:00
|
|
|
}
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
opt.no_armor=armor_status;
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
es_fclose (key);
|
|
|
|
key = NULL;
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
2011-11-30 17:14:08 +01:00
|
|
|
else if (*fpr)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
|
|
|
/* We only consider the IPGP type if a fingerprint was provided.
|
|
|
|
This lets us select the right key regardless of what a URL
|
|
|
|
points to, or get the key from a keyserver. */
|
|
|
|
if(url)
|
|
|
|
{
|
|
|
|
struct keyserver_spec *spec;
|
|
|
|
|
2015-01-05 15:07:23 +01:00
|
|
|
spec = parse_keyserver_uri (url, 1);
|
2006-04-19 13:26:11 +02:00
|
|
|
if(spec)
|
|
|
|
{
|
2016-10-27 08:44:19 +02:00
|
|
|
err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec, 0);
|
2006-04-19 13:26:11 +02:00
|
|
|
free_keyserver_spec(spec);
|
|
|
|
}
|
|
|
|
}
|
2016-01-21 11:49:27 +01:00
|
|
|
else if (keyserver_any_configured (ctrl))
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
|
|
|
/* If only a fingerprint is provided, try and fetch it from
|
2016-01-21 11:49:27 +01:00
|
|
|
the configured keyserver. */
|
2006-04-19 13:26:11 +02:00
|
|
|
|
2016-10-27 08:44:19 +02:00
|
|
|
err = keyserver_import_fprint (ctrl,
|
|
|
|
*fpr, *fpr_len, opt.keyserver, 0);
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
2006-04-28 16:31:29 +02:00
|
|
|
else
|
2016-01-21 11:49:27 +01:00
|
|
|
log_info(_("no keyserver known\n"));
|
2006-04-28 16:31:29 +02:00
|
|
|
|
|
|
|
/* Give a better string here? "CERT fingerprint for \"%s\"
|
|
|
|
found, but no keyserver" " known (use option
|
|
|
|
--keyserver)\n" ? */
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
xfree(url);
|
2006-04-19 13:26:11 +02:00
|
|
|
xfree(look);
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
return err;
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-04-27 08:34:29 +02:00
|
|
|
/* Import a key using the Web Key Directory protocol. */
|
|
|
|
gpg_error_t
|
2021-04-16 20:21:23 +02:00
|
|
|
keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
|
2016-04-27 08:34:29 +02:00
|
|
|
unsigned char **fpr, size_t *fpr_len)
|
|
|
|
{
|
|
|
|
gpg_error_t err;
|
2016-09-28 15:35:31 +02:00
|
|
|
char *mbox;
|
2016-04-27 08:34:29 +02:00
|
|
|
estream_t key;
|
2017-07-24 20:05:28 +02:00
|
|
|
char *url = NULL;
|
2016-04-27 08:34:29 +02:00
|
|
|
|
2016-09-28 15:35:31 +02:00
|
|
|
/* We want to work on the mbox. That is what dirmngr will do anyway
|
|
|
|
* and we need the mbox for the import filter anyway. */
|
2018-11-12 07:44:33 +01:00
|
|
|
mbox = mailbox_from_userid (name, 0);
|
2016-09-28 15:35:31 +02:00
|
|
|
if (!mbox)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_EINVAL)
|
|
|
|
err = gpg_error (GPG_ERR_INV_USER_ID);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2021-04-16 20:21:23 +02:00
|
|
|
err = gpg_dirmngr_wkd_get (ctrl, mbox, flags, &key, &url);
|
2016-04-27 08:34:29 +02:00
|
|
|
if (err)
|
|
|
|
;
|
|
|
|
else if (key)
|
|
|
|
{
|
|
|
|
int armor_status = opt.no_armor;
|
2016-09-28 15:35:31 +02:00
|
|
|
import_filter_t save_filt;
|
2016-04-27 08:34:29 +02:00
|
|
|
|
2019-04-11 09:54:28 +02:00
|
|
|
/* Keys returned via WKD are in binary format. However, we
|
|
|
|
* relax that requirement and allow also for armored data. */
|
|
|
|
opt.no_armor = 0;
|
2016-09-28 15:35:31 +02:00
|
|
|
save_filt = save_and_clear_import_filter ();
|
|
|
|
if (!save_filt)
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
char *filtstr = es_bsprintf ("keep-uid=mbox = %s", mbox);
|
|
|
|
err = filtstr? 0 : gpg_error_from_syserror ();
|
|
|
|
if (!err)
|
|
|
|
err = parse_and_set_import_filter (filtstr);
|
|
|
|
xfree (filtstr);
|
|
|
|
if (!err)
|
|
|
|
err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
|
|
|
|
IMPORT_NO_SECKEY,
|
2017-07-24 20:05:28 +02:00
|
|
|
NULL, NULL, KEYORG_WKD, url);
|
2016-04-27 08:34:29 +02:00
|
|
|
|
2016-09-28 15:35:31 +02:00
|
|
|
}
|
2016-04-27 08:34:29 +02:00
|
|
|
|
2016-09-28 15:35:31 +02:00
|
|
|
restore_import_filter (save_filt);
|
2016-04-27 08:34:29 +02:00
|
|
|
opt.no_armor = armor_status;
|
|
|
|
|
|
|
|
es_fclose (key);
|
|
|
|
key = NULL;
|
|
|
|
}
|
|
|
|
|
2017-07-24 20:05:28 +02:00
|
|
|
xfree (url);
|
2016-09-28 15:35:31 +02:00
|
|
|
xfree (mbox);
|
2016-04-27 08:34:29 +02:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-07-23 20:28:54 +02:00
|
|
|
/* Import a key by name using LDAP */
|
2006-04-19 13:26:11 +02:00
|
|
|
int
|
2010-10-01 22:33:53 +02:00
|
|
|
keyserver_import_ldap (ctrl_t ctrl,
|
2014-03-17 15:39:33 +01:00
|
|
|
const char *name, unsigned char **fpr, size_t *fprlen)
|
2006-04-19 13:26:11 +02:00
|
|
|
{
|
2014-03-17 15:39:33 +01:00
|
|
|
(void)ctrl;
|
|
|
|
(void)name;
|
|
|
|
(void)fpr;
|
|
|
|
(void)fprlen;
|
|
|
|
return gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
|
|
|
|
#if 0
|
2006-04-19 13:26:11 +02:00
|
|
|
char *domain;
|
|
|
|
struct keyserver_spec *keyserver;
|
2006-10-02 13:54:35 +02:00
|
|
|
strlist_t list=NULL;
|
2009-07-23 20:28:54 +02:00
|
|
|
int rc,hostlen=1;
|
|
|
|
struct srventry *srvlist=NULL;
|
|
|
|
int srvcount,i;
|
|
|
|
char srvname[MAXDNAME];
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
/* Parse out the domain */
|
|
|
|
domain=strrchr(name,'@');
|
|
|
|
if(!domain)
|
2015-01-22 12:06:11 +01:00
|
|
|
return GPG_ERR_GENERAL;
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
domain++;
|
|
|
|
|
|
|
|
keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
|
|
|
|
keyserver->scheme=xstrdup("ldap");
|
2009-07-23 20:28:54 +02:00
|
|
|
keyserver->host=xmalloc(1);
|
|
|
|
keyserver->host[0]='\0';
|
|
|
|
|
|
|
|
snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
|
|
|
|
|
2015-10-22 09:22:41 +02:00
|
|
|
FIXME("network related - move to dirmngr or drop the code");
|
2009-07-23 20:28:54 +02:00
|
|
|
srvcount=getsrv(srvname,&srvlist);
|
|
|
|
|
|
|
|
for(i=0;i<srvcount;i++)
|
|
|
|
{
|
|
|
|
hostlen+=strlen(srvlist[i].target)+1;
|
|
|
|
keyserver->host=xrealloc(keyserver->host,hostlen);
|
|
|
|
|
|
|
|
strcat(keyserver->host,srvlist[i].target);
|
|
|
|
|
|
|
|
if(srvlist[i].port!=389)
|
|
|
|
{
|
|
|
|
char port[7];
|
|
|
|
|
|
|
|
hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
|
|
|
|
keyserver->host=xrealloc(keyserver->host,hostlen);
|
|
|
|
|
|
|
|
snprintf(port,7,":%u",srvlist[i].port);
|
|
|
|
strcat(keyserver->host,port);
|
|
|
|
}
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2009-07-23 20:28:54 +02:00
|
|
|
strcat(keyserver->host," ");
|
|
|
|
}
|
|
|
|
|
|
|
|
free(srvlist);
|
|
|
|
|
|
|
|
/* If all else fails, do the PGP Universal trick of
|
|
|
|
ldap://keys.(domain) */
|
|
|
|
|
|
|
|
hostlen+=5+strlen(domain);
|
|
|
|
keyserver->host=xrealloc(keyserver->host,hostlen);
|
|
|
|
strcat(keyserver->host,"keys.");
|
2006-04-19 13:26:11 +02:00
|
|
|
strcat(keyserver->host,domain);
|
2009-07-23 20:28:54 +02:00
|
|
|
|
|
|
|
append_to_strlist(&list,name);
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2011-01-20 14:12:53 +01:00
|
|
|
rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
|
|
|
|
/* keyserver_work (ctrl, KS_GETNAME, list, NULL, */
|
|
|
|
/* 0, fpr, fpr_len, keyserver); */
|
2006-04-19 13:26:11 +02:00
|
|
|
|
|
|
|
free_strlist(list);
|
|
|
|
|
|
|
|
free_keyserver_spec(keyserver);
|
|
|
|
|
|
|
|
return rc;
|
2014-03-17 15:39:33 +01:00
|
|
|
#endif
|
2006-04-19 13:26:11 +02:00
|
|
|
}
|