2003-06-05 07:14:21 +00:00
|
|
|
/* keyserver.c - generic keyserver code
|
2009-05-11 03:56:34 +00:00
|
|
|
* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
|
2012-11-29 12:00:46 -05:00
|
|
|
* 2009, 2011, 2012 Free Software Foundation, Inc.
|
2014-03-17 15:39:33 +01:00
|
|
|
* Copyright (C) 2014 Werner Koch
|
2003-06-05 07:14:21 +00:00
|
|
|
*
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
*
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 19:49:40 +00:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-06-05 07:14:21 +00:00
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2007-07-04 19:49:40 +00:00
|
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2003-06-05 07:14:21 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <ctype.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <assert.h>
|
2006-04-28 14:31:29 +00:00
|
|
|
#include <errno.h>
|
2003-06-18 19:56:13 +00:00
|
|
|
|
|
|
|
#include "gpg.h"
|
2006-04-21 12:56:40 +00:00
|
|
|
#include "iobuf.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
#include "filter.h"
|
|
|
|
#include "keydb.h"
|
|
|
|
#include "status.h"
|
|
|
|
#include "exec.h"
|
|
|
|
#include "main.h"
|
|
|
|
#include "i18n.h"
|
|
|
|
#include "ttyio.h"
|
|
|
|
#include "options.h"
|
|
|
|
#include "packet.h"
|
2006-04-19 11:26:11 +00:00
|
|
|
#include "trustdb.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
#include "keyserver-internal.h"
|
|
|
|
#include "util.h"
|
2011-01-10 14:30:17 +01:00
|
|
|
#include "membuf.h"
|
2011-01-18 12:51:16 +01:00
|
|
|
#include "call-dirmngr.h"
|
2009-12-08 16:30:33 +00:00
|
|
|
|
2007-03-14 13:26:18 +00:00
|
|
|
#ifdef HAVE_W32_SYSTEM
|
|
|
|
/* It seems Vista doesn't grok X_OK and so fails access() tests.
|
|
|
|
Previous versions interpreted X_OK as F_OK anyway, so we'll just
|
|
|
|
use F_OK directly. */
|
|
|
|
#undef X_OK
|
|
|
|
#define X_OK F_OK
|
|
|
|
#endif /* HAVE_W32_SYSTEM */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
struct keyrec
|
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
2006-04-19 11:26:11 +00:00
|
|
|
u32 createtime,expiretime;
|
2003-06-05 07:14:21 +00:00
|
|
|
int size,flags;
|
|
|
|
byte type;
|
2006-04-19 11:26:11 +00:00
|
|
|
IOBUF uidbuf;
|
|
|
|
unsigned int lines;
|
2003-06-05 07:14:21 +00:00
|
|
|
};
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Parameters for the search line handler. */
|
|
|
|
struct search_line_handler_parm_s
|
|
|
|
{
|
|
|
|
ctrl_t ctrl; /* The session control structure. */
|
|
|
|
char *searchstr_disp; /* Native encoded search string or NULL. */
|
|
|
|
KEYDB_SEARCH_DESC *desc; /* Array with search descriptions. */
|
|
|
|
int count; /* Number of keys we are currently prepared to
|
|
|
|
handle. This is the size of the DESC array. If
|
|
|
|
it is too small, it will grow safely. */
|
|
|
|
int validcount; /* Enable the "Key x-y of z" messages. */
|
|
|
|
int nkeys; /* Number of processed records. */
|
|
|
|
int any_lines; /* At least one line has been processed. */
|
|
|
|
unsigned int numlines; /* Counter for displayed lines. */
|
|
|
|
int eof_seen; /* EOF encountered. */
|
|
|
|
int not_found; /* Set if no keys have been found. */
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
|
|
|
|
|
|
|
|
static struct parse_options keyserver_opts[]=
|
|
|
|
{
|
|
|
|
/* some of these options are not real - just for the help
|
|
|
|
message */
|
2015-04-21 10:15:04 +02:00
|
|
|
{"max-cert-size",0,NULL,NULL}, /* MUST be the first in this array! */
|
2015-04-21 19:29:53 +02:00
|
|
|
{"http-proxy", KEYSERVER_HTTP_PROXY, NULL, /* MUST be the second! */
|
|
|
|
N_("override proxy options set for dirmngr")},
|
2015-04-21 10:15:04 +02:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
{"include-revoked",0,NULL,N_("include revoked keys in search results")},
|
|
|
|
{"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
|
2015-04-21 10:15:04 +02:00
|
|
|
{"timeout", KEYSERVER_TIMEOUT, NULL,
|
|
|
|
N_("override timeout options set for dirmngr")},
|
2006-04-19 11:26:11 +00:00
|
|
|
{"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
|
|
|
|
NULL},
|
|
|
|
{"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
|
|
|
|
N_("automatically retrieve keys when verifying signatures")},
|
|
|
|
{"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL,
|
|
|
|
N_("honor the preferred keyserver URL set on the key")},
|
|
|
|
{"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL,
|
|
|
|
N_("honor the PKA record set on a key when retrieving keys")},
|
|
|
|
{NULL,0,NULL,NULL}
|
|
|
|
};
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
static gpg_error_t keyserver_get (ctrl_t ctrl,
|
|
|
|
KEYDB_SEARCH_DESC *desc, int ndesc,
|
2015-04-21 15:36:30 +02:00
|
|
|
struct keyserver_spec *override_keyserver,
|
2014-03-17 15:39:33 +01:00
|
|
|
unsigned char **r_fpr, size_t *r_fprlen);
|
2016-01-21 11:49:27 +01:00
|
|
|
static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs);
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2011-11-28 18:18:12 +01:00
|
|
|
/* Reasonable guess. The commonly used test key simon.josefsson.org
|
|
|
|
is larger than 32k, thus we need at least this value. */
|
|
|
|
#define DEFAULT_MAX_CERT_SIZE 65536
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
|
|
|
|
|
2015-04-21 19:29:53 +02:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
static void
|
2015-04-21 19:29:53 +02:00
|
|
|
warn_kshelper_option(char *option, int noisy)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-12-08 15:14:35 +01:00
|
|
|
char *p;
|
|
|
|
|
|
|
|
if ((p=strchr (option, '=')))
|
|
|
|
*p = 0;
|
|
|
|
|
|
|
|
if (!strcmp (option, "ca-cert-file"))
|
|
|
|
log_info ("keyserver option '%s' is obsolete; please use "
|
|
|
|
"'%s' in dirmngr.conf\n",
|
|
|
|
"ca-cert-file", "hkp-cacert");
|
|
|
|
else if (!strcmp (option, "check-cert")
|
|
|
|
|| !strcmp (option, "broken-http-proxy"))
|
|
|
|
log_info ("keyserver option '%s' is obsolete\n", option);
|
2015-04-21 19:29:53 +02:00
|
|
|
else if (noisy || opt.verbose)
|
|
|
|
log_info ("keyserver option '%s' is unknown\n", option);
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-12-08 15:14:35 +01:00
|
|
|
|
2015-04-21 19:29:53 +02:00
|
|
|
/* Called from main to parse the args for --keyserver-options. */
|
2006-04-19 11:26:11 +00:00
|
|
|
int
|
2003-06-05 07:14:21 +00:00
|
|
|
parse_keyserver_options(char *options)
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
int ret=1;
|
2003-06-05 07:14:21 +00:00
|
|
|
char *tok;
|
2006-04-19 11:26:11 +00:00
|
|
|
char *max_cert=NULL;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
keyserver_opts[0].value=&max_cert;
|
2015-04-21 19:29:53 +02:00
|
|
|
keyserver_opts[1].value=&opt.keyserver_options.http_proxy;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
while((tok=optsep(&options)))
|
|
|
|
{
|
2003-06-05 07:14:21 +00:00
|
|
|
if(tok[0]=='\0')
|
|
|
|
continue;
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* We accept quite a few possible options here - some options to
|
|
|
|
handle specially, the keyserver_options list, and import and
|
2015-04-21 10:15:04 +02:00
|
|
|
export options that pertain to keyserver operations. */
|
|
|
|
|
|
|
|
if (!parse_options (tok,&opt.keyserver_options.options, keyserver_opts,0)
|
|
|
|
&& !parse_import_options(tok,&opt.keyserver_options.import_options,0)
|
|
|
|
&& !parse_export_options(tok,&opt.keyserver_options.export_options,0))
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2014-12-08 15:14:35 +01:00
|
|
|
/* All of the standard options have failed, so the option was
|
|
|
|
destined for a keyserver plugin as used by GnuPG < 2.1 */
|
2015-04-21 19:29:53 +02:00
|
|
|
warn_kshelper_option (tok, 1);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
if(max_cert)
|
|
|
|
{
|
|
|
|
max_cert_size=strtoul(max_cert,(char **)NULL,10);
|
|
|
|
|
|
|
|
if(max_cert_size==0)
|
|
|
|
max_cert_size=DEFAULT_MAX_CERT_SIZE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2015-04-21 10:15:04 +02:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
void
|
|
|
|
free_keyserver_spec(struct keyserver_spec *keyserver)
|
|
|
|
{
|
|
|
|
xfree(keyserver->uri);
|
|
|
|
xfree(keyserver->scheme);
|
|
|
|
xfree(keyserver->auth);
|
|
|
|
xfree(keyserver->host);
|
|
|
|
xfree(keyserver->port);
|
|
|
|
xfree(keyserver->path);
|
|
|
|
xfree(keyserver->opaque);
|
|
|
|
free_strlist(keyserver->options);
|
|
|
|
xfree(keyserver);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return 0 for match */
|
|
|
|
static int
|
|
|
|
cmp_keyserver_spec(struct keyserver_spec *one,struct keyserver_spec *two)
|
|
|
|
{
|
|
|
|
if(ascii_strcasecmp(one->scheme,two->scheme)==0)
|
|
|
|
{
|
|
|
|
if(one->host && two->host && ascii_strcasecmp(one->host,two->host)==0)
|
|
|
|
{
|
|
|
|
if((one->port && two->port
|
|
|
|
&& ascii_strcasecmp(one->port,two->port)==0)
|
|
|
|
|| (!one->port && !two->port))
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else if(one->opaque && two->opaque
|
|
|
|
&& ascii_strcasecmp(one->opaque,two->opaque)==0)
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Try and match one of our keyservers. If we can, return that. If
|
|
|
|
we can't, return our input. */
|
|
|
|
struct keyserver_spec *
|
|
|
|
keyserver_match(struct keyserver_spec *spec)
|
|
|
|
{
|
|
|
|
struct keyserver_spec *ks;
|
|
|
|
|
|
|
|
for(ks=opt.keyserver;ks;ks=ks->next)
|
|
|
|
if(cmp_keyserver_spec(spec,ks)==0)
|
|
|
|
return ks;
|
|
|
|
|
|
|
|
return spec;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* TODO: once we cut over to an all-curl world, we don't need this
|
|
|
|
parser any longer so it can be removed, or at least moved to
|
|
|
|
keyserver/ksutil.c for limited use in gpgkeys_ldap or the like. */
|
|
|
|
|
2011-01-10 14:30:17 +01:00
|
|
|
keyserver_spec_t
|
2015-01-05 15:07:23 +01:00
|
|
|
parse_keyserver_uri (const char *string,int require_scheme)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
|
|
|
int assume_hkp=0;
|
2006-04-19 11:26:11 +00:00
|
|
|
struct keyserver_spec *keyserver;
|
|
|
|
const char *idx;
|
|
|
|
int count;
|
|
|
|
char *uri,*options;
|
|
|
|
|
|
|
|
assert(string!=NULL);
|
|
|
|
|
|
|
|
keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
|
|
|
|
|
|
|
|
uri=xstrdup(string);
|
|
|
|
|
|
|
|
options=strchr(uri,' ');
|
|
|
|
if(options)
|
|
|
|
{
|
|
|
|
char *tok;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
*options='\0';
|
|
|
|
options++;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
while((tok=optsep(&options)))
|
2015-04-21 19:29:53 +02:00
|
|
|
warn_kshelper_option (tok, 0);
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
/* Get the scheme */
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
for(idx=uri,count=0;*idx && *idx!=':';idx++)
|
|
|
|
{
|
|
|
|
count++;
|
|
|
|
|
|
|
|
/* Do we see the start of an RFC-2732 ipv6 address here? If so,
|
|
|
|
there clearly isn't a scheme so get out early. */
|
|
|
|
if(*idx=='[')
|
|
|
|
{
|
|
|
|
/* Was the '[' the first thing in the string? If not, we
|
|
|
|
have a mangled scheme with a [ in it so fail. */
|
|
|
|
if(count==1)
|
|
|
|
break;
|
|
|
|
else
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(count==0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if(*idx=='\0' || *idx=='[')
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
if(require_scheme)
|
|
|
|
return NULL;
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
/* Assume HKP if there is no scheme */
|
|
|
|
assume_hkp=1;
|
2006-04-19 11:26:11 +00:00
|
|
|
keyserver->scheme=xstrdup("hkp");
|
|
|
|
|
|
|
|
keyserver->uri=xmalloc(strlen(keyserver->scheme)+3+strlen(uri)+1);
|
|
|
|
strcpy(keyserver->uri,keyserver->scheme);
|
|
|
|
strcat(keyserver->uri,"://");
|
|
|
|
strcat(keyserver->uri,uri);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
int i;
|
|
|
|
|
|
|
|
keyserver->uri=xstrdup(uri);
|
|
|
|
|
|
|
|
keyserver->scheme=xmalloc(count+1);
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
/* Force to lowercase */
|
2006-04-19 11:26:11 +00:00
|
|
|
for(i=0;i<count;i++)
|
|
|
|
keyserver->scheme[i]=ascii_tolower(uri[i]);
|
|
|
|
|
|
|
|
keyserver->scheme[i]='\0';
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* Skip past the scheme and colon */
|
|
|
|
uri+=count+1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
if(ascii_strcasecmp(keyserver->scheme,"x-broken-hkp")==0)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2014-12-08 15:14:35 +01:00
|
|
|
log_info ("keyserver option '%s' is obsolete\n",
|
|
|
|
"x-broken-hkp");
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
else if(ascii_strcasecmp(keyserver->scheme,"x-hkp")==0)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
|
|
|
/* Canonicalize this to "hkp" so it works with both the internal
|
|
|
|
and external keyserver interface. */
|
2006-04-19 11:26:11 +00:00
|
|
|
xfree(keyserver->scheme);
|
|
|
|
keyserver->scheme=xstrdup("hkp");
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2008-04-07 19:31:12 +00:00
|
|
|
if (uri[0]=='/' && uri[1]=='/' && uri[2] == '/')
|
|
|
|
{
|
|
|
|
/* Three slashes means network path with a default host name.
|
|
|
|
This is a hack because it does not crok all possible
|
|
|
|
combiantions. We should better repalce all code bythe parser
|
|
|
|
from http.c. */
|
|
|
|
keyserver->path = xstrdup (uri+2);
|
|
|
|
}
|
|
|
|
else if(assume_hkp || (uri[0]=='/' && uri[1]=='/'))
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
|
|
|
/* Two slashes means network path. */
|
|
|
|
|
|
|
|
/* Skip over the "//", if any */
|
|
|
|
if(!assume_hkp)
|
|
|
|
uri+=2;
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* Do we have userinfo auth data present? */
|
|
|
|
for(idx=uri,count=0;*idx && *idx!='@' && *idx!='/';idx++)
|
|
|
|
count++;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* We found a @ before the slash, so that means everything
|
|
|
|
before the @ is auth data. */
|
|
|
|
if(*idx=='@')
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
if(count==0)
|
|
|
|
goto fail;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
keyserver->auth=xmalloc(count+1);
|
|
|
|
strncpy(keyserver->auth,uri,count);
|
|
|
|
keyserver->auth[count]='\0';
|
|
|
|
uri+=count+1;
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* Is it an RFC-2732 ipv6 [literal address] ? */
|
|
|
|
if(*uri=='[')
|
|
|
|
{
|
|
|
|
for(idx=uri+1,count=1;*idx
|
|
|
|
&& ((isascii (*idx) && isxdigit(*idx))
|
|
|
|
|| *idx==':' || *idx=='.');idx++)
|
|
|
|
count++;
|
|
|
|
|
|
|
|
/* Is the ipv6 literal address terminated? */
|
|
|
|
if(*idx==']')
|
|
|
|
count++;
|
|
|
|
else
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
for(idx=uri,count=0;*idx && *idx!=':' && *idx!='/';idx++)
|
|
|
|
count++;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
if(count==0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
keyserver->host=xmalloc(count+1);
|
|
|
|
strncpy(keyserver->host,uri,count);
|
|
|
|
keyserver->host[count]='\0';
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* Skip past the host */
|
|
|
|
uri+=count;
|
|
|
|
|
|
|
|
if(*uri==':')
|
|
|
|
{
|
2003-06-05 07:14:21 +00:00
|
|
|
/* It would seem to be reasonable to limit the range of the
|
|
|
|
ports to values between 1-65535, but RFC 1738 and 1808
|
|
|
|
imply there is no limit. Of course, the real world has
|
|
|
|
limits. */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
for(idx=uri+1,count=0;*idx && *idx!='/';idx++)
|
|
|
|
{
|
|
|
|
count++;
|
|
|
|
|
|
|
|
/* Ports are digits only */
|
|
|
|
if(!digitp(idx))
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
keyserver->port=xmalloc(count+1);
|
|
|
|
strncpy(keyserver->port,uri+1,count);
|
|
|
|
keyserver->port[count]='\0';
|
|
|
|
|
|
|
|
/* Skip past the colon and port number */
|
|
|
|
uri+=1+count;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* Everything else is the path */
|
|
|
|
if(*uri)
|
|
|
|
keyserver->path=xstrdup(uri);
|
|
|
|
else
|
|
|
|
keyserver->path=xstrdup("/");
|
|
|
|
|
2006-04-28 14:31:29 +00:00
|
|
|
if(keyserver->path[1])
|
2006-04-19 11:26:11 +00:00
|
|
|
keyserver->flags.direct_uri=1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
else if(uri[0]!='/')
|
|
|
|
{
|
|
|
|
/* No slash means opaque. Just record the opaque blob and get
|
|
|
|
out. */
|
2006-04-19 11:26:11 +00:00
|
|
|
keyserver->opaque=xstrdup(uri);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* One slash means absolute path. We don't need to support that
|
|
|
|
yet. */
|
2006-04-19 11:26:11 +00:00
|
|
|
goto fail;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
return keyserver;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
fail:
|
|
|
|
free_keyserver_spec(keyserver);
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct keyserver_spec *
|
|
|
|
parse_preferred_keyserver(PKT_signature *sig)
|
|
|
|
{
|
|
|
|
struct keyserver_spec *spec=NULL;
|
|
|
|
const byte *p;
|
|
|
|
size_t plen;
|
|
|
|
|
|
|
|
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
|
|
|
|
if(p && plen)
|
|
|
|
{
|
|
|
|
byte *dupe=xmalloc(plen+1);
|
|
|
|
|
|
|
|
memcpy(dupe,p,plen);
|
|
|
|
dupe[plen]='\0';
|
2015-01-05 15:07:23 +01:00
|
|
|
spec = parse_keyserver_uri (dupe, 1);
|
2006-04-19 11:26:11 +00:00
|
|
|
xfree(dupe);
|
|
|
|
}
|
|
|
|
|
|
|
|
return spec;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
print_keyrec(int number,struct keyrec *keyrec)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
iobuf_writebyte(keyrec->uidbuf,0);
|
|
|
|
iobuf_flush_temp(keyrec->uidbuf);
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("(%d)\t%s ", number, iobuf_get_temp_buffer (keyrec->uidbuf));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-02-09 19:46:00 +01:00
|
|
|
if (keyrec->size>0)
|
|
|
|
es_printf ("%d bit ", keyrec->size);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
if(keyrec->type)
|
|
|
|
{
|
2012-11-27 16:51:09 +01:00
|
|
|
const char *str;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
str = openpgp_pk_algo_name (keyrec->type);
|
2012-11-27 16:51:09 +01:00
|
|
|
|
|
|
|
if (str && strcmp (str, "?"))
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("%s ",str);
|
2003-06-05 07:14:21 +00:00
|
|
|
else
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("unknown ");
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
switch(keyrec->desc.mode)
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
/* If the keyserver helper gave us a short keyid, we have no
|
|
|
|
choice but to use it. Do check --keyid-format to add a 0x if
|
|
|
|
needed. */
|
2003-06-05 07:14:21 +00:00
|
|
|
case KEYDB_SEARCH_MODE_SHORT_KID:
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("key %s%08lX",
|
|
|
|
(opt.keyid_format==KF_0xSHORT
|
|
|
|
|| opt.keyid_format==KF_0xLONG)?"0x":"",
|
|
|
|
(ulong)keyrec->desc.u.kid[1]);
|
2003-06-05 07:14:21 +00:00
|
|
|
break;
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* However, if it gave us a long keyid, we can honor
|
2012-11-29 12:00:46 -05:00
|
|
|
--keyid-format via keystr(). */
|
2003-06-05 07:14:21 +00:00
|
|
|
case KEYDB_SEARCH_MODE_LONG_KID:
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("key %s",keystr(keyrec->desc.u.kid));
|
2003-06-05 07:14:21 +00:00
|
|
|
break;
|
|
|
|
|
2012-11-29 12:00:46 -05:00
|
|
|
/* If it gave us a PGP 2.x fingerprint, not much we can do
|
|
|
|
beyond displaying it. */
|
2003-06-05 07:14:21 +00:00
|
|
|
case KEYDB_SEARCH_MODE_FPR16:
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("key ");
|
2003-06-05 07:14:21 +00:00
|
|
|
for(i=0;i<16;i++)
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("%02X",keyrec->desc.u.fpr[i]);
|
2003-06-05 07:14:21 +00:00
|
|
|
break;
|
|
|
|
|
2012-11-29 12:00:46 -05:00
|
|
|
/* If we get a modern fingerprint, we have the most
|
|
|
|
flexibility. */
|
2003-06-05 07:14:21 +00:00
|
|
|
case KEYDB_SEARCH_MODE_FPR20:
|
2012-11-29 12:00:46 -05:00
|
|
|
{
|
|
|
|
u32 kid[2];
|
|
|
|
keyid_from_fingerprint(keyrec->desc.u.fpr,20,kid);
|
|
|
|
es_printf("key %s",keystr(kid));
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
BUG();
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(keyrec->createtime>0)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf (", ");
|
|
|
|
es_printf (_("created: %s"), strtimestamp(keyrec->createtime));
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
if(keyrec->expiretime>0)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf (", ");
|
|
|
|
es_printf (_("expires: %s"), strtimestamp(keyrec->expiretime));
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-02-09 19:46:00 +01:00
|
|
|
if (keyrec->flags&1)
|
|
|
|
es_printf (" (%s)", _("revoked"));
|
2003-06-05 07:14:21 +00:00
|
|
|
if(keyrec->flags&2)
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf (" (%s)", _("disabled"));
|
2003-06-05 07:14:21 +00:00
|
|
|
if(keyrec->flags&4)
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf (" (%s)", _("expired"));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-02-09 19:46:00 +01:00
|
|
|
es_printf ("\n");
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Returns a keyrec (which must be freed) once a key is complete, and
|
|
|
|
NULL otherwise. Call with a NULL keystring once key parsing is
|
|
|
|
complete to return any unfinished keys. */
|
|
|
|
static struct keyrec *
|
|
|
|
parse_keyrec(char *keystring)
|
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
/* FIXME: Remove the static and put the data into the parms we use
|
|
|
|
for the caller anyway. */
|
2003-06-05 07:14:21 +00:00
|
|
|
static struct keyrec *work=NULL;
|
|
|
|
struct keyrec *ret=NULL;
|
|
|
|
char *record;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if(keystring==NULL)
|
|
|
|
{
|
|
|
|
if(work==NULL)
|
|
|
|
return NULL;
|
|
|
|
else if(work->desc.mode==KEYDB_SEARCH_MODE_NONE)
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
xfree(work);
|
2003-06-05 07:14:21 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ret=work;
|
|
|
|
work=NULL;
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(work==NULL)
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
work=xmalloc_clear(sizeof(struct keyrec));
|
2003-06-05 07:14:21 +00:00
|
|
|
work->uidbuf=iobuf_temp();
|
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
trim_trailing_ws (keystring, strlen (keystring));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
if((record=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
if(ascii_strcasecmp("pub",record)==0)
|
|
|
|
{
|
|
|
|
char *tok;
|
2009-12-08 16:30:33 +00:00
|
|
|
gpg_error_t err;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
if(work->desc.mode)
|
|
|
|
{
|
|
|
|
ret=work;
|
2006-04-19 11:26:11 +00:00
|
|
|
work=xmalloc_clear(sizeof(struct keyrec));
|
2003-06-05 07:14:21 +00:00
|
|
|
work->uidbuf=iobuf_temp();
|
|
|
|
}
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
2011-04-25 23:56:47 +02:00
|
|
|
err = classify_user_id (tok, &work->desc, 1);
|
2009-12-08 16:30:33 +00:00
|
|
|
if (err || (work->desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
|
|
|
|
&& work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID
|
|
|
|
&& work->desc.mode != KEYDB_SEARCH_MODE_FPR16
|
|
|
|
&& work->desc.mode != KEYDB_SEARCH_MODE_FPR20))
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
|
|
|
work->desc.mode=KEYDB_SEARCH_MODE_NONE;
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Note all items after this are optional. This allows us to
|
|
|
|
have a pub line as simple as pub:keyid and nothing else. */
|
|
|
|
|
|
|
|
work->lines++;
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
work->type=atoi(tok);
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
work->size=atoi(tok);
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
if(atoi(tok)<=0)
|
|
|
|
work->createtime=0;
|
|
|
|
else
|
|
|
|
work->createtime=atoi(tok);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
if(atoi(tok)<=0)
|
|
|
|
work->expiretime=0;
|
|
|
|
else
|
|
|
|
{
|
|
|
|
work->expiretime=atoi(tok);
|
|
|
|
/* Force the 'e' flag on if this key is expired. */
|
|
|
|
if(work->expiretime<=make_timestamp())
|
|
|
|
work->flags|=4;
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
while(*tok)
|
|
|
|
switch(*tok++)
|
|
|
|
{
|
|
|
|
case 'r':
|
|
|
|
case 'R':
|
|
|
|
work->flags|=1;
|
|
|
|
break;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
case 'd':
|
|
|
|
case 'D':
|
|
|
|
work->flags|=2;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'e':
|
|
|
|
case 'E':
|
|
|
|
work->flags|=4;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if(ascii_strcasecmp("uid",record)==0 && work->desc.mode)
|
|
|
|
{
|
|
|
|
char *userid,*tok,*decoded;
|
|
|
|
|
|
|
|
if((tok=strsep(&keystring,":"))==NULL)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
if(strlen(tok)==0)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
userid=tok;
|
|
|
|
|
|
|
|
/* By definition, de-%-encoding is always smaller than the
|
|
|
|
original string so we can decode in place. */
|
|
|
|
|
|
|
|
i=0;
|
|
|
|
|
|
|
|
while(*tok)
|
|
|
|
if(tok[0]=='%' && tok[1] && tok[2])
|
|
|
|
{
|
2008-03-25 19:41:11 +00:00
|
|
|
int c;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2008-03-25 19:41:11 +00:00
|
|
|
userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
|
2003-06-05 07:14:21 +00:00
|
|
|
i++;
|
|
|
|
tok+=3;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
userid[i++]=*tok++;
|
|
|
|
|
|
|
|
/* We don't care about the other info provided in the uid: line
|
|
|
|
since no keyserver supports marking userids with timestamps
|
|
|
|
or revoked/expired/disabled yet. */
|
|
|
|
|
|
|
|
/* No need to check for control characters, as utf8_to_native
|
|
|
|
does this for us. */
|
|
|
|
|
|
|
|
decoded=utf8_to_native(userid,i,0);
|
2006-04-19 11:26:11 +00:00
|
|
|
if(strlen(decoded)>opt.screen_columns-10)
|
|
|
|
decoded[opt.screen_columns-10]='\0';
|
2003-06-05 07:14:21 +00:00
|
|
|
iobuf_writestr(work->uidbuf,decoded);
|
2006-04-19 11:26:11 +00:00
|
|
|
xfree(decoded);
|
2003-06-05 07:14:21 +00:00
|
|
|
iobuf_writestr(work->uidbuf,"\n\t");
|
|
|
|
work->lines++;
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
/* Ignore any records other than "pri" and "uid" for easy future
|
|
|
|
growth. */
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Show a prompt and allow the user to select keys for retrieval. */
|
|
|
|
static gpg_error_t
|
|
|
|
show_prompt (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int numdesc,
|
|
|
|
int count, const char *search)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
gpg_error_t err;
|
|
|
|
char *answer = NULL;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-02-09 19:46:00 +01:00
|
|
|
es_fflush (es_stdout);
|
2008-12-09 10:46:29 +00:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (count && opt.command_fd == -1)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
static int from = 1;
|
|
|
|
tty_printf ("Keys %d-%d of %d for \"%s\". ",
|
|
|
|
from, numdesc, count, search);
|
|
|
|
from = numdesc + 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
again:
|
|
|
|
err = 0;
|
|
|
|
xfree (answer);
|
|
|
|
answer = cpr_get_no_help ("keysearch.prompt",
|
|
|
|
_("Enter number(s), N)ext, or Q)uit > "));
|
2003-06-05 07:14:21 +00:00
|
|
|
/* control-d */
|
2011-01-18 12:51:16 +01:00
|
|
|
if (answer[0]=='\x04')
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
tty_printf ("Q\n");
|
|
|
|
answer[0] = 'q';
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (answer[0]=='q' || answer[0]=='Q')
|
|
|
|
err = gpg_error (GPG_ERR_CANCELED);
|
|
|
|
else if (atoi (answer) >= 1 && atoi (answer) <= numdesc)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
char *split = answer;
|
|
|
|
char *num;
|
|
|
|
int numarray[50];
|
|
|
|
int numidx = 0;
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
while ((num = strsep (&split, " ,")))
|
|
|
|
if (atoi (num) >= 1 && atoi (num) <= numdesc)
|
|
|
|
{
|
|
|
|
if (numidx >= DIM (numarray))
|
|
|
|
{
|
|
|
|
tty_printf ("Too many keys selected\n");
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
numarray[numidx++] = atoi (num);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!numidx)
|
|
|
|
goto again;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC *selarray;
|
|
|
|
|
|
|
|
selarray = xtrymalloc (numidx * sizeof *selarray);
|
|
|
|
if (!selarray)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
for (idx = 0; idx < numidx; idx++)
|
|
|
|
selarray[idx] = desc[numarray[idx]-1];
|
2014-03-17 15:39:33 +01:00
|
|
|
err = keyserver_get (ctrl, selarray, numidx, NULL, NULL, NULL);
|
2011-01-18 12:51:16 +01:00
|
|
|
xfree (selarray);
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
leave:
|
|
|
|
xfree (answer);
|
|
|
|
return err;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* This is a callback used by call-dirmngr.c to process the result of
|
2014-03-14 16:12:54 +01:00
|
|
|
KS_SEARCH command. If SPECIAL is 0, LINE is the actual data line
|
|
|
|
received with all escaping removed and guaranteed to be exactly one
|
|
|
|
line with stripped LF; an EOF is indicated by LINE passed as NULL.
|
2014-08-12 10:36:30 +02:00
|
|
|
If special is 1, the line contains the source of the information
|
2014-03-14 16:12:54 +01:00
|
|
|
(usually an URL). LINE may be modified after return. */
|
2011-01-18 12:51:16 +01:00
|
|
|
static gpg_error_t
|
2014-03-14 16:12:54 +01:00
|
|
|
search_line_handler (void *opaque, int special, char *line)
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
|
|
|
struct search_line_handler_parm_s *parm = opaque;
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
struct keyrec *keyrec;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-03-14 16:12:54 +01:00
|
|
|
if (special == 1)
|
|
|
|
{
|
|
|
|
log_info ("data source: %s\n", line);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else if (special)
|
|
|
|
{
|
|
|
|
log_debug ("unknown value %d for special search callback", special);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (parm->eof_seen && line)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
log_debug ("ooops: unexpected data after EOF\n");
|
|
|
|
line = NULL;
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Print the received line. */
|
|
|
|
if (opt.with_colons && line)
|
|
|
|
{
|
2014-08-12 10:36:30 +02:00
|
|
|
es_printf ("%s\n", line);
|
2011-01-18 12:51:16 +01:00
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Look for an info: line. The only current info: values defined
|
|
|
|
are the version and key count. */
|
|
|
|
if (line && !parm->any_lines && !ascii_strncasecmp ("info:", line, 5))
|
|
|
|
{
|
|
|
|
char *str = line + 5;
|
|
|
|
char *tok;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if ((tok = strsep (&str, ":")))
|
|
|
|
{
|
|
|
|
int version;
|
|
|
|
|
|
|
|
if (sscanf (tok, "%d", &version) !=1 )
|
|
|
|
version = 1;
|
|
|
|
|
|
|
|
if (version !=1 )
|
|
|
|
{
|
|
|
|
log_error (_("invalid keyserver protocol "
|
|
|
|
"(us %d!=handler %d)\n"), 1, version);
|
|
|
|
return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((tok = strsep (&str, ":"))
|
|
|
|
&& sscanf (tok, "%d", &parm->count) == 1)
|
|
|
|
{
|
|
|
|
if (!parm->count)
|
|
|
|
parm->not_found = 1;/* Server indicated that no items follow. */
|
|
|
|
else if (parm->count < 0)
|
|
|
|
parm->count = 10; /* Bad value - assume something reasonable. */
|
|
|
|
else
|
|
|
|
parm->validcount = 1; /* COUNT seems to be okay. */
|
|
|
|
}
|
|
|
|
|
|
|
|
parm->any_lines = 1;
|
|
|
|
return 0; /* Line processing finished. */
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
again:
|
|
|
|
if (line)
|
|
|
|
keyrec = parse_keyrec (line);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Received EOF - flush data */
|
|
|
|
parm->eof_seen = 1;
|
|
|
|
keyrec = parse_keyrec (NULL);
|
|
|
|
if (!keyrec)
|
|
|
|
{
|
|
|
|
if (!parm->nkeys)
|
|
|
|
parm->not_found = 1; /* No keys at all. */
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if (parm->nkeys != parm->count)
|
|
|
|
parm->validcount = 0;
|
|
|
|
|
|
|
|
if (!(opt.with_colons && opt.batch))
|
|
|
|
{
|
|
|
|
err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
|
|
|
|
parm->validcount? parm->count : 0,
|
|
|
|
parm->searchstr_disp);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Save the key in the key array. */
|
|
|
|
if (keyrec)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
/* Allocate or enlarge the key array if needed. */
|
|
|
|
if (!parm->desc)
|
|
|
|
{
|
|
|
|
if (parm->count < 1)
|
|
|
|
{
|
|
|
|
parm->count = 10;
|
|
|
|
parm->validcount = 0;
|
|
|
|
}
|
|
|
|
parm->desc = xtrymalloc (parm->count * sizeof *parm->desc);
|
|
|
|
if (!parm->desc)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
iobuf_close (keyrec->uidbuf);
|
|
|
|
xfree (keyrec);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (parm->nkeys == parm->count)
|
|
|
|
{
|
|
|
|
/* Keyserver sent more keys than claimed in the info: line. */
|
|
|
|
KEYDB_SEARCH_DESC *tmp;
|
|
|
|
int newcount = parm->count + 10;
|
|
|
|
|
|
|
|
tmp = xtryrealloc (parm->desc, newcount * sizeof *parm->desc);
|
|
|
|
if (!tmp)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
iobuf_close (keyrec->uidbuf);
|
|
|
|
xfree (keyrec);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
parm->count = newcount;
|
|
|
|
parm->desc = tmp;
|
|
|
|
parm->validcount = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
parm->desc[parm->nkeys] = keyrec->desc;
|
|
|
|
|
|
|
|
if (!opt.with_colons)
|
|
|
|
{
|
|
|
|
/* SCREEN_LINES - 1 for the prompt. */
|
|
|
|
if (parm->numlines + keyrec->lines > opt.screen_lines - 1)
|
|
|
|
{
|
|
|
|
err = show_prompt (parm->ctrl, parm->desc, parm->nkeys,
|
|
|
|
parm->validcount ? parm->count:0,
|
|
|
|
parm->searchstr_disp);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
parm->numlines = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
print_keyrec (parm->nkeys+1, keyrec);
|
|
|
|
}
|
|
|
|
|
|
|
|
parm->numlines += keyrec->lines;
|
|
|
|
iobuf_close (keyrec->uidbuf);
|
|
|
|
xfree (keyrec);
|
|
|
|
|
|
|
|
parm->any_lines = 1;
|
|
|
|
parm->nkeys++;
|
|
|
|
|
|
|
|
/* If we are here due to a flush after the EOF, run again for
|
|
|
|
the last prompt. Fixme: Make this code better readable. */
|
|
|
|
if (parm->eof_seen)
|
|
|
|
goto again;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
return 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
|
|
|
|
int
|
2010-10-01 20:33:53 +00:00
|
|
|
keyserver_export (ctrl_t ctrl, strlist_t users)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2009-12-08 16:30:33 +00:00
|
|
|
gpg_error_t err;
|
2006-10-02 11:54:35 +00:00
|
|
|
strlist_t sl=NULL;
|
2006-04-19 11:26:11 +00:00
|
|
|
KEYDB_SEARCH_DESC desc;
|
|
|
|
int rc=0;
|
|
|
|
|
|
|
|
/* Weed out descriptors that we don't support sending */
|
|
|
|
for(;users;users=users->next)
|
|
|
|
{
|
2011-04-25 23:56:47 +02:00
|
|
|
err = classify_user_id (users->d, &desc, 1);
|
2009-12-08 16:30:33 +00:00
|
|
|
if (err || (desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
|
|
|
|
&& desc.mode != KEYDB_SEARCH_MODE_LONG_KID
|
|
|
|
&& desc.mode != KEYDB_SEARCH_MODE_FPR16
|
|
|
|
&& desc.mode != KEYDB_SEARCH_MODE_FPR20))
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
|
|
|
log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
append_to_strlist(&sl,users->d);
|
|
|
|
}
|
|
|
|
|
|
|
|
if(sl)
|
|
|
|
{
|
2016-01-21 11:49:27 +01:00
|
|
|
rc = keyserver_put (ctrl, sl);
|
2006-04-19 11:26:11 +00:00
|
|
|
free_strlist(sl);
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
return rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2014-03-17 15:39:33 +01:00
|
|
|
|
2014-08-14 15:20:53 +02:00
|
|
|
/* Structure to convey the arg to keyserver_retrieval_screener. */
|
|
|
|
struct ks_retrieval_screener_arg_s
|
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC *desc;
|
|
|
|
int ndesc;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/* Check whether a key matches the search description. The function
|
|
|
|
returns 0 if the key shall be imported. */
|
|
|
|
static gpg_error_t
|
|
|
|
keyserver_retrieval_screener (kbnode_t keyblock, void *opaque)
|
|
|
|
{
|
|
|
|
struct ks_retrieval_screener_arg_s *arg = opaque;
|
|
|
|
KEYDB_SEARCH_DESC *desc = arg->desc;
|
|
|
|
int ndesc = arg->ndesc;
|
|
|
|
kbnode_t node;
|
|
|
|
PKT_public_key *pk;
|
|
|
|
int n;
|
|
|
|
u32 keyid[2];
|
|
|
|
byte fpr[MAX_FINGERPRINT_LEN];
|
|
|
|
size_t fpr_len = 0;
|
|
|
|
|
|
|
|
/* Secret keys are not expected from a keyserver. We do not
|
|
|
|
care about secret subkeys because the import code takes care
|
|
|
|
of skipping them. Not allowing an import of a public key
|
|
|
|
with a secret subkey would make it too easy to inhibit the
|
|
|
|
downloading of a public key. Recall that keyservers do only
|
|
|
|
limited checks. */
|
|
|
|
node = find_kbnode (keyblock, PKT_SECRET_KEY);
|
|
|
|
if (node)
|
|
|
|
return gpg_error (GPG_ERR_GENERAL); /* Do not import. */
|
|
|
|
|
|
|
|
if (!ndesc)
|
|
|
|
return 0; /* Okay if no description given. */
|
|
|
|
|
|
|
|
/* Loop over all key packets. */
|
|
|
|
for (node = keyblock; node; node = node->next)
|
|
|
|
{
|
|
|
|
if (node->pkt->pkttype != PKT_PUBLIC_KEY
|
|
|
|
&& node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
pk = node->pkt->pkt.public_key;
|
|
|
|
fingerprint_from_pk (pk, fpr, &fpr_len);
|
|
|
|
keyid_from_pk (pk, keyid);
|
|
|
|
|
|
|
|
/* Compare requested and returned fingerprints if available. */
|
|
|
|
for (n = 0; n < ndesc; n++)
|
|
|
|
{
|
|
|
|
if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
|
|
|
|
{
|
|
|
|
if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
|
|
|
|
{
|
|
|
|
if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
|
|
|
|
{
|
|
|
|
if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
|
|
|
|
{
|
|
|
|
if (keyid[1] == desc[n].u.kid[1])
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
else /* No keyid or fingerprint - can't check. */
|
|
|
|
return 0; /* allow import. */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return gpg_error (GPG_ERR_GENERAL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
int
|
2010-10-01 20:33:53 +00:00
|
|
|
keyserver_import (ctrl_t ctrl, strlist_t users)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2009-12-08 16:30:33 +00:00
|
|
|
gpg_error_t err;
|
2003-06-05 07:14:21 +00:00
|
|
|
KEYDB_SEARCH_DESC *desc;
|
|
|
|
int num=100,count=0;
|
|
|
|
int rc=0;
|
|
|
|
|
|
|
|
/* Build a list of key ids */
|
2006-04-19 11:26:11 +00:00
|
|
|
desc=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
for(;users;users=users->next)
|
|
|
|
{
|
2011-04-25 23:56:47 +02:00
|
|
|
err = classify_user_id (users->d, &desc[count], 1);
|
2009-12-08 16:30:33 +00:00
|
|
|
if (err || (desc[count].mode != KEYDB_SEARCH_MODE_SHORT_KID
|
|
|
|
&& desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID
|
|
|
|
&& desc[count].mode != KEYDB_SEARCH_MODE_FPR16
|
|
|
|
&& desc[count].mode != KEYDB_SEARCH_MODE_FPR20))
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2009-12-08 16:30:33 +00:00
|
|
|
log_error (_("\"%s\" not a key ID: skipping\n"), users->d);
|
2003-06-05 07:14:21 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
count++;
|
|
|
|
if(count==num)
|
|
|
|
{
|
|
|
|
num+=100;
|
2003-06-18 19:56:13 +00:00
|
|
|
desc=xrealloc(desc,sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(count>0)
|
2014-03-17 15:39:33 +01:00
|
|
|
rc=keyserver_get (ctrl, desc, count, NULL, NULL, NULL);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
xfree(desc);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2014-03-17 15:39:33 +01:00
|
|
|
|
2016-01-21 11:49:27 +01:00
|
|
|
/* Return true if any keyserver has been configured. */
|
|
|
|
int
|
|
|
|
keyserver_any_configured (ctrl_t ctrl)
|
|
|
|
{
|
|
|
|
return !gpg_dirmngr_ks_list (ctrl, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-03-17 15:39:33 +01:00
|
|
|
/* Import all keys that exactly match NAME */
|
|
|
|
int
|
|
|
|
keyserver_import_name (ctrl_t ctrl, const char *name,
|
|
|
|
unsigned char **fpr, size_t *fprlen,
|
|
|
|
struct keyserver_spec *keyserver)
|
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
|
|
|
|
|
|
|
memset (&desc, 0, sizeof desc);
|
|
|
|
|
|
|
|
desc.mode = KEYDB_SEARCH_MODE_EXACT;
|
|
|
|
desc.u.name = name;
|
|
|
|
|
|
|
|
return keyserver_get (ctrl, &desc, 1, keyserver, fpr, fprlen);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
int
|
2010-10-01 20:33:53 +00:00
|
|
|
keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
|
|
|
|
struct keyserver_spec *keyserver)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
|
|
|
|
|
|
|
memset(&desc,0,sizeof(desc));
|
|
|
|
|
|
|
|
if(fprint_len==16)
|
|
|
|
desc.mode=KEYDB_SEARCH_MODE_FPR16;
|
|
|
|
else if(fprint_len==20)
|
|
|
|
desc.mode=KEYDB_SEARCH_MODE_FPR20;
|
|
|
|
else
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
memcpy(desc.u.fpr,fprint,fprint_len);
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* TODO: Warn here if the fingerprint we got doesn't match the one
|
|
|
|
we asked for? */
|
2014-03-17 15:39:33 +01:00
|
|
|
return keyserver_get (ctrl, &desc, 1, keyserver, NULL, NULL);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
int
|
2010-10-01 20:33:53 +00:00
|
|
|
keyserver_import_keyid (ctrl_t ctrl,
|
|
|
|
u32 *keyid,struct keyserver_spec *keyserver)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
|
|
|
|
|
|
|
memset(&desc,0,sizeof(desc));
|
|
|
|
|
|
|
|
desc.mode=KEYDB_SEARCH_MODE_LONG_KID;
|
|
|
|
desc.u.kid[0]=keyid[0];
|
|
|
|
desc.u.kid[1]=keyid[1];
|
|
|
|
|
2014-03-17 15:39:33 +01:00
|
|
|
return keyserver_get (ctrl, &desc,1, keyserver, NULL, NULL);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* code mostly stolen from do_export_stream */
|
2011-01-18 12:51:16 +01:00
|
|
|
static int
|
2006-10-02 11:54:35 +00:00
|
|
|
keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2015-12-03 12:18:32 +01:00
|
|
|
int rc = 0;
|
|
|
|
int num = 100;
|
|
|
|
kbnode_t keyblock = NULL;
|
|
|
|
kbnode_t node;
|
2003-06-05 07:14:21 +00:00
|
|
|
KEYDB_HANDLE kdbhd;
|
2015-12-03 12:18:32 +01:00
|
|
|
int ndesc;
|
|
|
|
KEYDB_SEARCH_DESC *desc = NULL;
|
2006-10-02 11:54:35 +00:00
|
|
|
strlist_t sl;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
*count=0;
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
*klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2014-12-01 11:54:51 +01:00
|
|
|
kdbhd = keydb_new ();
|
2015-12-03 12:18:32 +01:00
|
|
|
if (!kdbhd)
|
|
|
|
{
|
|
|
|
rc = gpg_error_from_syserror ();
|
|
|
|
goto leave;
|
|
|
|
}
|
2014-12-01 11:54:51 +01:00
|
|
|
keydb_disable_caching (kdbhd); /* We are looping the search. */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
if(!users)
|
|
|
|
{
|
|
|
|
ndesc = 1;
|
2006-04-19 11:26:11 +00:00
|
|
|
desc = xmalloc_clear ( ndesc * sizeof *desc);
|
2003-06-05 07:14:21 +00:00
|
|
|
desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
|
2003-06-05 07:14:21 +00:00
|
|
|
;
|
2003-06-18 19:56:13 +00:00
|
|
|
desc = xmalloc ( ndesc * sizeof *desc);
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
for (ndesc=0, sl=users; sl; sl = sl->next)
|
|
|
|
{
|
2011-01-18 12:51:16 +01:00
|
|
|
gpg_error_t err;
|
2011-04-25 23:56:47 +02:00
|
|
|
if (!(err = classify_user_id (sl->d, desc+ndesc, 1)))
|
2003-06-05 07:14:21 +00:00
|
|
|
ndesc++;
|
|
|
|
else
|
2006-04-19 11:26:11 +00:00
|
|
|
log_error (_("key \"%s\" not found: %s\n"),
|
2009-12-08 16:30:33 +00:00
|
|
|
sl->d, gpg_strerror (err));
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-22 16:36:28 +01:00
|
|
|
for (;;)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2015-01-22 16:36:28 +01:00
|
|
|
rc = keydb_search (kdbhd, desc, ndesc, NULL);
|
2015-11-17 14:38:03 +01:00
|
|
|
if (rc)
|
2015-01-22 16:36:28 +01:00
|
|
|
break; /* ready. */
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (!users)
|
2003-06-05 07:14:21 +00:00
|
|
|
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
|
|
|
|
|
|
|
|
/* read the keyblock */
|
|
|
|
rc = keydb_get_keyblock (kdbhd, &keyblock );
|
|
|
|
if( rc )
|
|
|
|
{
|
2015-01-22 16:36:28 +01:00
|
|
|
log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
|
2003-06-05 07:14:21 +00:00
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
|
|
|
|
if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
|
|
|
|
{
|
|
|
|
/* This is to work around a bug in some keyservers (pksd and
|
|
|
|
OKS) that calculate v4 RSA keyids as if they were v3 RSA.
|
|
|
|
The answer is to refresh both the correct v4 keyid
|
|
|
|
(e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7).
|
|
|
|
This only happens for key refresh using the HKP scheme
|
|
|
|
and if the refresh-add-fake-v3-keyids keyserver option is
|
|
|
|
set. */
|
|
|
|
if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) &&
|
|
|
|
node->pkt->pkt.public_key->version>=4)
|
|
|
|
{
|
|
|
|
(*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
|
2006-05-23 16:19:43 +00:00
|
|
|
v3_keyid (node->pkt->pkt.public_key->pkey[0],
|
|
|
|
(*klist)[*count].u.kid);
|
2003-06-05 07:14:21 +00:00
|
|
|
(*count)++;
|
|
|
|
|
|
|
|
if(*count==num)
|
|
|
|
{
|
|
|
|
num+=100;
|
2003-06-18 19:56:13 +00:00
|
|
|
*klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* v4 keys get full fingerprints. v3 keys get long keyids.
|
2006-04-19 11:26:11 +00:00
|
|
|
This is because it's easy to calculate any sort of keyid
|
2003-06-05 07:14:21 +00:00
|
|
|
from a v4 fingerprint, but not a v3 fingerprint. */
|
|
|
|
|
|
|
|
if(node->pkt->pkt.public_key->version<4)
|
|
|
|
{
|
|
|
|
(*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
|
|
|
|
keyid_from_pk(node->pkt->pkt.public_key,
|
|
|
|
(*klist)[*count].u.kid);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
size_t dummy;
|
|
|
|
|
|
|
|
(*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
|
|
|
|
fingerprint_from_pk(node->pkt->pkt.public_key,
|
|
|
|
(*klist)[*count].u.fpr,&dummy);
|
|
|
|
}
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* This is a little hackish, using the skipfncvalue as a
|
|
|
|
void* pointer to the keyserver spec, but we don't need
|
|
|
|
the skipfnc here, and it saves having an additional field
|
|
|
|
for this (which would be wasted space most of the
|
|
|
|
time). */
|
|
|
|
|
|
|
|
(*klist)[*count].skipfncvalue=NULL;
|
|
|
|
|
|
|
|
/* Are we honoring preferred keyservers? */
|
|
|
|
if(opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
|
|
|
|
{
|
|
|
|
PKT_user_id *uid=NULL;
|
|
|
|
PKT_signature *sig=NULL;
|
|
|
|
|
|
|
|
merge_keys_and_selfsig(keyblock);
|
|
|
|
|
|
|
|
for(node=node->next;node;node=node->next)
|
|
|
|
{
|
|
|
|
if(node->pkt->pkttype==PKT_USER_ID
|
|
|
|
&& node->pkt->pkt.user_id->is_primary)
|
|
|
|
uid=node->pkt->pkt.user_id;
|
|
|
|
else if(node->pkt->pkttype==PKT_SIGNATURE
|
|
|
|
&& node->pkt->pkt.signature->
|
|
|
|
flags.chosen_selfsig && uid)
|
|
|
|
{
|
|
|
|
sig=node->pkt->pkt.signature;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Try and parse the keyserver URL. If it doesn't work,
|
|
|
|
then we end up writing NULL which indicates we are
|
|
|
|
the same as any other key. */
|
|
|
|
if(sig)
|
|
|
|
(*klist)[*count].skipfncvalue=parse_preferred_keyserver(sig);
|
|
|
|
}
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
(*count)++;
|
|
|
|
|
|
|
|
if(*count==num)
|
|
|
|
{
|
|
|
|
num+=100;
|
2003-06-18 19:56:13 +00:00
|
|
|
*klist=xrealloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num);
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-04-29 15:07:11 +02:00
|
|
|
if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
|
|
|
|
rc = 0;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
leave:
|
2006-04-19 11:26:11 +00:00
|
|
|
if(rc)
|
2015-12-03 12:19:30 +01:00
|
|
|
{
|
|
|
|
xfree(*klist);
|
|
|
|
*klist = NULL;
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
xfree(desc);
|
2003-06-05 07:14:21 +00:00
|
|
|
keydb_release(kdbhd);
|
|
|
|
release_kbnode(keyblock);
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Note this is different than the original HKP refresh. It allows
|
|
|
|
usernames to refresh only part of the keyring. */
|
|
|
|
|
2015-10-05 17:52:28 +02:00
|
|
|
gpg_error_t
|
2010-10-01 20:33:53 +00:00
|
|
|
keyserver_refresh (ctrl_t ctrl, strlist_t users)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2015-10-05 17:52:28 +02:00
|
|
|
gpg_error_t err;
|
|
|
|
int count, numdesc;
|
|
|
|
int fakev3 = 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
KEYDB_SEARCH_DESC *desc;
|
2006-04-19 11:26:11 +00:00
|
|
|
unsigned int options=opt.keyserver_options.import_options;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* We switch merge-only on during a refresh, as 'refresh' should
|
|
|
|
never import new keys, even if their keyids match. */
|
|
|
|
opt.keyserver_options.import_options|=IMPORT_MERGE_ONLY;
|
|
|
|
|
|
|
|
/* Similarly, we switch on fast-import, since refresh may make
|
|
|
|
multiple import sets (due to preferred keyserver URLs). We don't
|
|
|
|
want each set to rebuild the trustdb. Instead we do it once at
|
|
|
|
the end here. */
|
|
|
|
opt.keyserver_options.import_options|=IMPORT_FAST;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
/* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
|
2016-01-21 11:49:27 +01:00
|
|
|
scheme, then enable fake v3 keyid generation. Note that this
|
|
|
|
works only with a keyserver configured. gpg.conf
|
|
|
|
(i.e. opt.keyserver); however that method of configuring a
|
|
|
|
keyserver is deprecated and in any case it is questionable
|
|
|
|
whether we should keep on supporting these ancient and broken
|
|
|
|
keyservers. */
|
2006-04-19 11:26:11 +00:00
|
|
|
if((opt.keyserver_options.options&KEYSERVER_ADD_FAKE_V3) && opt.keyserver
|
|
|
|
&& (ascii_strcasecmp(opt.keyserver->scheme,"hkp")==0 ||
|
|
|
|
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
|
2003-06-05 07:14:21 +00:00
|
|
|
fakev3=1;
|
|
|
|
|
2015-10-05 17:52:28 +02:00
|
|
|
err = keyidlist (users, &desc, &numdesc, fakev3);
|
|
|
|
if (err)
|
|
|
|
return err;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
count=numdesc;
|
2003-06-05 07:14:21 +00:00
|
|
|
if(count>0)
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
int i;
|
|
|
|
|
|
|
|
/* Try to handle preferred keyserver keys first */
|
|
|
|
for(i=0;i<numdesc;i++)
|
|
|
|
{
|
|
|
|
if(desc[i].skipfncvalue)
|
|
|
|
{
|
|
|
|
struct keyserver_spec *keyserver=desc[i].skipfncvalue;
|
|
|
|
|
2015-04-21 15:36:30 +02:00
|
|
|
if (!opt.quiet)
|
2016-01-18 11:20:15 +01:00
|
|
|
log_info (_("refreshing %d key from %s\n"), 1, keyserver->uri);
|
2015-04-21 15:36:30 +02:00
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
/* We use the keyserver structure we parsed out before.
|
|
|
|
Note that a preferred keyserver without a scheme://
|
|
|
|
will be interpreted as hkp:// */
|
2015-10-05 17:52:28 +02:00
|
|
|
err = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
|
|
|
|
if (err)
|
2006-04-19 11:26:11 +00:00
|
|
|
log_info(_("WARNING: unable to refresh key %s"
|
|
|
|
" via %s: %s\n"),keystr_from_desc(&desc[i]),
|
2015-10-05 17:52:28 +02:00
|
|
|
keyserver->uri,gpg_strerror (err));
|
2006-04-19 11:26:11 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
/* We got it, so mark it as NONE so we don't try and
|
|
|
|
get it again from the regular keyserver. */
|
|
|
|
|
|
|
|
desc[i].mode=KEYDB_SEARCH_MODE_NONE;
|
|
|
|
count--;
|
|
|
|
}
|
|
|
|
|
|
|
|
free_keyserver_spec(keyserver);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(count>0)
|
|
|
|
{
|
2015-10-05 17:52:28 +02:00
|
|
|
char *tmpuri;
|
|
|
|
|
|
|
|
err = gpg_dirmngr_ks_list (ctrl, &tmpuri);
|
|
|
|
if (!err)
|
|
|
|
{
|
|
|
|
if (!opt.quiet)
|
|
|
|
{
|
2016-01-18 11:20:15 +01:00
|
|
|
log_info (ngettext("refreshing %d key from %s\n",
|
|
|
|
"refreshing %d keys from %s\n",
|
|
|
|
count), count, tmpuri);
|
2015-10-05 17:52:28 +02:00
|
|
|
}
|
|
|
|
xfree (tmpuri);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2015-10-05 17:52:28 +02:00
|
|
|
err = keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
xfree(desc);
|
|
|
|
|
|
|
|
opt.keyserver_options.import_options=options;
|
|
|
|
|
|
|
|
/* If the original options didn't have fast import, and the trustdb
|
|
|
|
is dirty, rebuild. */
|
|
|
|
if(!(opt.keyserver_options.import_options&IMPORT_FAST))
|
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
2014-02-10 17:05:54 +01:00
|
|
|
check_or_update_trustdb ();
|
2003-06-05 07:14:21 +00:00
|
|
|
|
2015-10-05 17:52:28 +02:00
|
|
|
return err;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2011-01-10 14:30:17 +01:00
|
|
|
/* Search for keys on the keyservers. The patterns are given in the
|
|
|
|
string list TOKENS. */
|
|
|
|
gpg_error_t
|
2010-10-01 20:33:53 +00:00
|
|
|
keyserver_search (ctrl_t ctrl, strlist_t tokens)
|
2003-06-05 07:14:21 +00:00
|
|
|
{
|
2011-01-10 14:30:17 +01:00
|
|
|
gpg_error_t err;
|
|
|
|
char *searchstr;
|
2011-01-18 12:51:16 +01:00
|
|
|
struct search_line_handler_parm_s parm;
|
|
|
|
|
|
|
|
memset (&parm, 0, sizeof parm);
|
2011-01-10 14:30:17 +01:00
|
|
|
|
|
|
|
if (!tokens)
|
|
|
|
return 0; /* Return success if no patterns are given. */
|
|
|
|
|
|
|
|
/* Write global options */
|
|
|
|
|
|
|
|
/* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
|
2015-02-19 17:22:27 +01:00
|
|
|
/* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
|
2011-01-10 14:30:17 +01:00
|
|
|
|
|
|
|
/* Write per-keyserver options */
|
|
|
|
|
|
|
|
/* for(temp=keyserver->options;temp;temp=temp->next) */
|
2015-02-19 17:22:27 +01:00
|
|
|
/* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */
|
2011-01-10 14:30:17 +01:00
|
|
|
|
|
|
|
{
|
|
|
|
membuf_t mb;
|
|
|
|
strlist_t item;
|
|
|
|
|
|
|
|
init_membuf (&mb, 1024);
|
|
|
|
for (item = tokens; item; item = item->next)
|
|
|
|
{
|
|
|
|
if (item != tokens)
|
|
|
|
put_membuf (&mb, " ", 1);
|
|
|
|
put_membuf_str (&mb, item->d);
|
|
|
|
}
|
|
|
|
put_membuf (&mb, "", 1); /* Append Nul. */
|
|
|
|
searchstr = get_membuf (&mb, NULL);
|
|
|
|
if (!searchstr)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
2011-01-18 12:51:16 +01:00
|
|
|
goto leave;
|
2011-01-10 14:30:17 +01:00
|
|
|
}
|
|
|
|
}
|
2011-01-18 12:51:16 +01:00
|
|
|
/* FIXME: Enable the next line */
|
|
|
|
/* log_info (_("searching for \"%s\" from %s\n"), searchstr, keyserver->uri); */
|
|
|
|
|
|
|
|
parm.ctrl = ctrl;
|
|
|
|
if (searchstr)
|
|
|
|
parm.searchstr_disp = utf8_to_native (searchstr, strlen (searchstr), 0);
|
|
|
|
|
|
|
|
err = gpg_dirmngr_ks_search (ctrl, searchstr, search_line_handler, &parm);
|
|
|
|
|
|
|
|
if (parm.not_found)
|
|
|
|
{
|
|
|
|
if (parm.searchstr_disp)
|
|
|
|
log_info (_("key \"%s\" not found on keyserver\n"),
|
|
|
|
parm.searchstr_disp);
|
|
|
|
else
|
|
|
|
log_info (_("key not found on keyserver\n"));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NO_KEYSERVER)
|
|
|
|
log_error (_("no keyserver known (use option --keyserver)\n"));
|
|
|
|
else if (err)
|
|
|
|
log_error ("error searching keyserver: %s\n", gpg_strerror (err));
|
|
|
|
|
|
|
|
/* switch(ret) */
|
|
|
|
/* { */
|
|
|
|
/* case KEYSERVER_SCHEME_NOT_FOUND: */
|
2012-06-05 19:29:22 +02:00
|
|
|
/* log_error(_("no handler for keyserver scheme '%s'\n"), */
|
2011-01-18 12:51:16 +01:00
|
|
|
/* opt.keyserver->scheme); */
|
|
|
|
/* break; */
|
|
|
|
|
|
|
|
/* case KEYSERVER_NOT_SUPPORTED: */
|
2012-06-05 19:29:22 +02:00
|
|
|
/* log_error(_("action '%s' not supported with keyserver " */
|
|
|
|
/* "scheme '%s'\n"), "search", opt.keyserver->scheme); */
|
2011-01-18 12:51:16 +01:00
|
|
|
/* break; */
|
|
|
|
|
|
|
|
/* case KEYSERVER_TIMEOUT: */
|
|
|
|
/* log_error(_("keyserver timed out\n")); */
|
|
|
|
/* break; */
|
|
|
|
|
|
|
|
/* case KEYSERVER_INTERNAL_ERROR: */
|
|
|
|
/* default: */
|
|
|
|
/* log_error(_("keyserver internal error\n")); */
|
|
|
|
/* break; */
|
|
|
|
/* } */
|
|
|
|
|
|
|
|
/* return gpg_error (GPG_ERR_KEYSERVER); */
|
2011-01-10 14:30:17 +01:00
|
|
|
|
|
|
|
|
|
|
|
leave:
|
2011-01-18 12:51:16 +01:00
|
|
|
xfree (parm.desc);
|
|
|
|
xfree (parm.searchstr_disp);
|
2011-01-10 14:30:17 +01:00
|
|
|
xfree(searchstr);
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
return err;
|
|
|
|
}
|
2011-01-10 14:30:17 +01:00
|
|
|
|
2014-11-12 12:14:32 +01:00
|
|
|
/* Helper for keyserver_get. Here we only receive a chunk of the
|
|
|
|
description to be processed in one batch. This is required due to
|
|
|
|
the limited number of patterns the dirmngr interface (KS_GET) can
|
|
|
|
grok and to limit the amount of temporary required memory. */
|
2011-01-18 12:51:16 +01:00
|
|
|
static gpg_error_t
|
2014-11-12 12:14:32 +01:00
|
|
|
keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
|
|
|
|
int *r_ndesc_used,
|
2015-12-12 18:19:35 +01:00
|
|
|
import_stats_t stats_handle,
|
2015-04-21 15:36:30 +02:00
|
|
|
struct keyserver_spec *override_keyserver,
|
2014-11-12 12:14:32 +01:00
|
|
|
unsigned char **r_fpr, size_t *r_fprlen)
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
{
|
|
|
|
gpg_error_t err = 0;
|
|
|
|
char **pattern;
|
|
|
|
int idx, npat;
|
|
|
|
estream_t datastream;
|
2014-03-14 16:12:54 +01:00
|
|
|
char *source = NULL;
|
2014-11-12 12:14:32 +01:00
|
|
|
size_t linelen; /* Estimated linelen for KS_GET. */
|
|
|
|
size_t n;
|
|
|
|
|
|
|
|
#define MAX_KS_GET_LINELEN 950 /* Somewhat lower than the real limit. */
|
|
|
|
|
|
|
|
*r_ndesc_used = 0;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
/* Create an array filled with a search pattern for each key. The
|
|
|
|
array is delimited by a NULL entry. */
|
|
|
|
pattern = xtrycalloc (ndesc+1, sizeof *pattern);
|
|
|
|
if (!pattern)
|
|
|
|
return gpg_error_from_syserror ();
|
2014-11-12 12:14:32 +01:00
|
|
|
|
|
|
|
/* Note that we break the loop as soon as our estimation of the to
|
|
|
|
be used line length reaches the limit. But we do this only if we
|
|
|
|
have processed at leas one search requests so that an overlong
|
|
|
|
single request will be rejected only later by gpg_dirmngr_ks_get
|
|
|
|
but we are sure that R_NDESC_USED has been updated. This avoids
|
|
|
|
a possible indefinite loop. */
|
|
|
|
linelen = 9; /* "KS_GET --" */
|
2011-01-18 12:51:16 +01:00
|
|
|
for (npat=idx=0; idx < ndesc; idx++)
|
|
|
|
{
|
|
|
|
int quiet = 0;
|
|
|
|
|
|
|
|
if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
|
|
|
|
|| desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
|
|
|
|
{
|
2014-11-12 12:14:32 +01:00
|
|
|
n = 1+2+2*20;
|
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
|
|
|
pattern[npat] = xtrymalloc (n);
|
2011-01-18 12:51:16 +01:00
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
strcpy (pattern[npat], "0x");
|
|
|
|
bin2hex (desc[idx].u.fpr,
|
|
|
|
desc[idx].mode == KEYDB_SEARCH_MODE_FPR20? 20 : 16,
|
|
|
|
pattern[npat]+2);
|
|
|
|
npat++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
|
|
|
|
{
|
2014-11-12 12:14:32 +01:00
|
|
|
n = 1+2+16;
|
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
pattern[npat] = xtryasprintf ("0x%08lX%08lX",
|
|
|
|
(ulong)desc[idx].u.kid[0],
|
|
|
|
(ulong)desc[idx].u.kid[1]);
|
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
npat++;
|
|
|
|
}
|
|
|
|
else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
|
|
|
|
{
|
2014-11-12 12:14:32 +01:00
|
|
|
n = 1+2+8;
|
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
|
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
npat++;
|
|
|
|
}
|
|
|
|
else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
|
|
|
|
{
|
2014-11-12 12:14:32 +01:00
|
|
|
/* The Dirmngr also uses classify_user_id to detect the type
|
2014-03-17 15:39:33 +01:00
|
|
|
of the search string. By adding the '=' prefix we force
|
|
|
|
Dirmngr's KS_GET to consider this an exact search string.
|
|
|
|
(In gpg 1.4 and gpg 2.0 the keyserver helpers used the
|
|
|
|
KS_GETNAME command to indicate this.) */
|
2014-11-12 12:14:32 +01:00
|
|
|
|
|
|
|
n = 1+1+strlen (desc[idx].u.name);
|
|
|
|
if (idx && linelen + n > MAX_KS_GET_LINELEN)
|
|
|
|
break; /* Declare end of this chunk. */
|
|
|
|
linelen += n;
|
|
|
|
|
2014-03-17 15:39:33 +01:00
|
|
|
pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
|
2011-01-18 12:51:16 +01:00
|
|
|
if (!pattern[npat])
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
npat++;
|
|
|
|
quiet = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (desc[idx].mode == KEYDB_SEARCH_MODE_NONE)
|
|
|
|
continue;
|
|
|
|
else
|
|
|
|
BUG();
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
for (idx=0; idx < npat; idx++)
|
|
|
|
xfree (pattern[idx]);
|
|
|
|
xfree (pattern);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2015-04-21 15:36:30 +02:00
|
|
|
if (!quiet && override_keyserver)
|
2011-01-18 12:51:16 +01:00
|
|
|
{
|
2015-04-21 15:36:30 +02:00
|
|
|
if (override_keyserver->host)
|
2011-01-18 12:51:16 +01:00
|
|
|
log_info (_("requesting key %s from %s server %s\n"),
|
|
|
|
keystr_from_desc (&desc[idx]),
|
2015-04-21 15:36:30 +02:00
|
|
|
override_keyserver->scheme, override_keyserver->host);
|
2011-01-18 12:51:16 +01:00
|
|
|
else
|
|
|
|
log_info (_("requesting key %s from %s\n"),
|
2015-04-21 15:36:30 +02:00
|
|
|
keystr_from_desc (&desc[idx]), override_keyserver->uri);
|
2011-01-18 12:51:16 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-11-12 12:14:32 +01:00
|
|
|
/* Remember now many of search items were considered. Note that
|
|
|
|
this is different from NPAT. */
|
|
|
|
*r_ndesc_used = idx;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2015-04-21 15:36:30 +02:00
|
|
|
err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver,
|
|
|
|
&datastream, &source);
|
2011-01-18 12:51:16 +01:00
|
|
|
for (idx=0; idx < npat; idx++)
|
|
|
|
xfree (pattern[idx]);
|
|
|
|
xfree (pattern);
|
2014-03-17 15:39:33 +01:00
|
|
|
if (opt.verbose && source)
|
2014-03-14 16:12:54 +01:00
|
|
|
log_info ("data source: %s\n", source);
|
|
|
|
|
2011-01-18 12:51:16 +01:00
|
|
|
if (!err)
|
|
|
|
{
|
2014-08-14 15:20:53 +02:00
|
|
|
struct ks_retrieval_screener_arg_s screenerarg;
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
/* FIXME: Check whether this comment should be moved to dirmngr.
|
|
|
|
|
|
|
|
Slurp up all the key data. In the future, it might be nice
|
|
|
|
to look for KEY foo OUTOFBAND and FAILED indicators. It's
|
|
|
|
harmless to ignore them, but ignoring them does make gpg
|
|
|
|
complain about "no valid OpenPGP data found". One way to do
|
|
|
|
this could be to continue parsing this line-by-line and make
|
2013-10-04 13:44:39 +02:00
|
|
|
a temp iobuf for each key. Note that we don't allow the
|
|
|
|
import of secret keys from a keyserver. Keyservers should
|
|
|
|
never accept or send them but we better protect against rogue
|
|
|
|
keyservers. */
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2014-08-14 15:20:53 +02:00
|
|
|
screenerarg.desc = desc;
|
2014-11-12 12:14:32 +01:00
|
|
|
screenerarg.ndesc = *r_ndesc_used;
|
2014-03-17 15:39:33 +01:00
|
|
|
import_keys_es_stream (ctrl, datastream, stats_handle,
|
|
|
|
r_fpr, r_fprlen,
|
2013-10-04 13:44:39 +02:00
|
|
|
(opt.keyserver_options.import_options
|
2014-08-14 15:20:53 +02:00
|
|
|
| IMPORT_NO_SECKEY),
|
|
|
|
keyserver_retrieval_screener, &screenerarg);
|
2011-01-18 12:51:16 +01:00
|
|
|
}
|
|
|
|
es_fclose (datastream);
|
2014-03-14 16:12:54 +01:00
|
|
|
xfree (source);
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
return err;
|
2003-06-05 07:14:21 +00:00
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2011-01-10 14:30:17 +01:00
|
|
|
|
2014-11-12 12:14:32 +01:00
|
|
|
/* Retrieve a key from a keyserver. The search pattern are in
|
|
|
|
(DESC,NDESC). Allowed search modes are keyid, fingerprint, and
|
2015-04-21 15:36:30 +02:00
|
|
|
exact searches. OVERRIDE_KEYSERVER gives an optional override
|
|
|
|
keyserver. If (R_FPR,R_FPRLEN) are not NULL, they may return the
|
|
|
|
fingerprint of a single imported key. */
|
2014-11-12 12:14:32 +01:00
|
|
|
static gpg_error_t
|
|
|
|
keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
|
2015-04-21 15:36:30 +02:00
|
|
|
struct keyserver_spec *override_keyserver,
|
2014-11-12 12:14:32 +01:00
|
|
|
unsigned char **r_fpr, size_t *r_fprlen)
|
|
|
|
{
|
|
|
|
gpg_error_t err;
|
2015-12-12 18:19:35 +01:00
|
|
|
import_stats_t stats_handle;
|
2014-11-12 12:14:32 +01:00
|
|
|
int ndesc_used;
|
|
|
|
int any_good = 0;
|
|
|
|
|
|
|
|
stats_handle = import_new_stats_handle();
|
|
|
|
|
|
|
|
for (;;)
|
|
|
|
{
|
|
|
|
err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
|
2015-04-21 15:36:30 +02:00
|
|
|
override_keyserver, r_fpr, r_fprlen);
|
2014-11-12 12:14:32 +01:00
|
|
|
if (!err)
|
|
|
|
any_good = 1;
|
|
|
|
if (err || ndesc_used >= ndesc)
|
|
|
|
break; /* Error or all processed. */
|
|
|
|
/* Prepare for the next chunk. */
|
|
|
|
desc += ndesc_used;
|
|
|
|
ndesc -= ndesc_used;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (any_good)
|
|
|
|
import_print_stats (stats_handle);
|
|
|
|
|
|
|
|
import_release_stats_handle (stats_handle);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-01-21 11:49:27 +01:00
|
|
|
/* Send all keys specified by KEYSPECS to the configured keyserver. */
|
2011-01-20 14:12:53 +01:00
|
|
|
static gpg_error_t
|
2016-01-21 11:49:27 +01:00
|
|
|
keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
|
2011-01-20 14:12:53 +01:00
|
|
|
|
|
|
|
{
|
|
|
|
gpg_error_t err;
|
|
|
|
strlist_t kspec;
|
2016-01-21 11:49:27 +01:00
|
|
|
char *ksurl;
|
2011-01-20 14:12:53 +01:00
|
|
|
|
|
|
|
if (!keyspecs)
|
|
|
|
return 0; /* Return success if the list is empty. */
|
|
|
|
|
2016-01-21 11:49:27 +01:00
|
|
|
if (gpg_dirmngr_ks_list (ctrl, &ksurl))
|
2011-01-20 14:12:53 +01:00
|
|
|
{
|
2016-01-21 11:49:27 +01:00
|
|
|
log_error (_("no keyserver known\n"));
|
2011-01-20 14:12:53 +01:00
|
|
|
return gpg_error (GPG_ERR_NO_KEYSERVER);
|
|
|
|
}
|
|
|
|
|
|
|
|
for (kspec = keyspecs; kspec; kspec = kspec->next)
|
|
|
|
{
|
|
|
|
void *data;
|
|
|
|
size_t datalen;
|
|
|
|
kbnode_t keyblock;
|
|
|
|
|
|
|
|
err = export_pubkey_buffer (ctrl, kspec->d,
|
|
|
|
opt.keyserver_options.export_options,
|
2015-11-12 16:02:35 +01:00
|
|
|
NULL,
|
2011-01-20 14:12:53 +01:00
|
|
|
&keyblock, &data, &datalen);
|
|
|
|
if (err)
|
|
|
|
log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
|
|
|
|
else
|
|
|
|
{
|
2016-01-21 11:49:27 +01:00
|
|
|
log_info (_("sending key %s to %s\n"),
|
|
|
|
keystr (keyblock->pkt->pkt.public_key->keyid),
|
|
|
|
ksurl?ksurl:"[?]");
|
2011-01-20 14:12:53 +01:00
|
|
|
|
|
|
|
err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
|
|
|
|
release_kbnode (keyblock);
|
|
|
|
xfree (data);
|
|
|
|
if (err)
|
2014-12-08 11:10:11 +01:00
|
|
|
{
|
|
|
|
write_status_error ("keyserver_send", err);
|
|
|
|
log_error (_("keyserver send failed: %s\n"), gpg_strerror (err));
|
|
|
|
}
|
2011-01-20 14:12:53 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-21 11:49:27 +01:00
|
|
|
xfree (ksurl);
|
2011-01-20 14:12:53 +01:00
|
|
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
}
|
2011-01-18 12:51:16 +01:00
|
|
|
|
|
|
|
|
2014-08-14 15:20:53 +02:00
|
|
|
/* Loop over all URLs in STRLIST and fetch the key at that URL. Note
|
2014-03-12 14:27:50 +01:00
|
|
|
that the fetch operation ignores the configured key servers and
|
|
|
|
instead directly retrieves the keys. */
|
2006-04-19 11:26:11 +00:00
|
|
|
int
|
2010-10-01 20:33:53 +00:00
|
|
|
keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2011-02-08 21:11:19 +01:00
|
|
|
gpg_error_t err;
|
2006-10-02 11:54:35 +00:00
|
|
|
strlist_t sl;
|
2011-02-08 21:11:19 +01:00
|
|
|
estream_t datastream;
|
2014-03-12 14:27:50 +01:00
|
|
|
unsigned int save_options = opt.keyserver_options.import_options;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
/* Switch on fast-import, since fetch can handle more than one
|
|
|
|
import and we don't want each set to rebuild the trustdb.
|
|
|
|
Instead we do it once at the end. */
|
2011-02-08 21:11:19 +01:00
|
|
|
opt.keyserver_options.import_options |= IMPORT_FAST;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
for (sl=urilist; sl; sl=sl->next)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2011-02-08 21:11:19 +01:00
|
|
|
if (!opt.quiet)
|
2012-06-05 19:29:22 +02:00
|
|
|
log_info (_("requesting key from '%s'\n"), sl->d);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
err = gpg_dirmngr_ks_fetch (ctrl, sl->d, &datastream);
|
|
|
|
if (!err)
|
|
|
|
{
|
2015-12-12 18:19:35 +01:00
|
|
|
import_stats_t stats_handle;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
stats_handle = import_new_stats_handle();
|
|
|
|
import_keys_es_stream (ctrl, datastream, stats_handle, NULL, NULL,
|
2014-08-14 15:20:53 +02:00
|
|
|
opt.keyserver_options.import_options,
|
|
|
|
NULL, NULL);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
import_print_stats (stats_handle);
|
|
|
|
import_release_stats_handle (stats_handle);
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
else
|
2011-02-08 21:11:19 +01:00
|
|
|
log_info (_("WARNING: unable to fetch URI %s: %s\n"),
|
|
|
|
sl->d, gpg_strerror (err));
|
|
|
|
es_fclose (datastream);
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
|
|
|
|
2014-03-12 14:27:50 +01:00
|
|
|
opt.keyserver_options.import_options = save_options;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
/* If the original options didn't have fast import, and the trustdb
|
|
|
|
is dirty, rebuild. */
|
2011-02-08 21:11:19 +01:00
|
|
|
if (!(opt.keyserver_options.import_options&IMPORT_FAST))
|
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
2014-02-10 17:05:54 +01:00
|
|
|
check_or_update_trustdb ();
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-02-08 21:11:19 +01:00
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
/* Import key in a CERT or pointed to by a CERT. In DANE_MODE fetch
|
|
|
|
the certificate using the DANE method. */
|
2006-04-19 11:26:11 +00:00
|
|
|
int
|
2015-10-06 20:31:43 +02:00
|
|
|
keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
|
|
|
|
unsigned char **fpr,size_t *fpr_len)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2011-11-30 17:14:08 +01:00
|
|
|
gpg_error_t err;
|
2015-10-06 20:31:43 +02:00
|
|
|
char *look,*url;
|
2011-11-30 17:14:08 +01:00
|
|
|
estream_t key;
|
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
look = xstrdup(name);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
if (!dane_mode)
|
|
|
|
{
|
|
|
|
char *domain = strrchr (look,'@');
|
|
|
|
if (domain)
|
|
|
|
*domain='.';
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
err = gpg_dirmngr_dns_cert (ctrl, look, dane_mode? NULL : "*",
|
|
|
|
&key, fpr, fpr_len, &url);
|
2011-11-30 17:14:08 +01:00
|
|
|
if (err)
|
|
|
|
;
|
|
|
|
else if (key)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
|
|
|
int armor_status=opt.no_armor;
|
|
|
|
|
2015-10-06 20:31:43 +02:00
|
|
|
/* CERTs and DANE records are always in binary format */
|
2006-04-19 11:26:11 +00:00
|
|
|
opt.no_armor=1;
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
|
2013-10-04 13:44:39 +02:00
|
|
|
(opt.keyserver_options.import_options
|
2014-08-14 15:20:53 +02:00
|
|
|
| IMPORT_NO_SECKEY),
|
|
|
|
NULL, NULL);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
opt.no_armor=armor_status;
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
es_fclose (key);
|
|
|
|
key = NULL;
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
2011-11-30 17:14:08 +01:00
|
|
|
else if (*fpr)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
|
|
|
/* We only consider the IPGP type if a fingerprint was provided.
|
|
|
|
This lets us select the right key regardless of what a URL
|
|
|
|
points to, or get the key from a keyserver. */
|
|
|
|
if(url)
|
|
|
|
{
|
|
|
|
struct keyserver_spec *spec;
|
|
|
|
|
2015-01-05 15:07:23 +01:00
|
|
|
spec = parse_keyserver_uri (url, 1);
|
2006-04-19 11:26:11 +00:00
|
|
|
if(spec)
|
|
|
|
{
|
2011-11-30 17:14:08 +01:00
|
|
|
err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,spec);
|
2006-04-19 11:26:11 +00:00
|
|
|
free_keyserver_spec(spec);
|
|
|
|
}
|
|
|
|
}
|
2016-01-21 11:49:27 +01:00
|
|
|
else if (keyserver_any_configured (ctrl))
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
|
|
|
/* If only a fingerprint is provided, try and fetch it from
|
2016-01-21 11:49:27 +01:00
|
|
|
the configured keyserver. */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver);
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
2006-04-28 14:31:29 +00:00
|
|
|
else
|
2016-01-21 11:49:27 +01:00
|
|
|
log_info(_("no keyserver known\n"));
|
2006-04-28 14:31:29 +00:00
|
|
|
|
|
|
|
/* Give a better string here? "CERT fingerprint for \"%s\"
|
|
|
|
found, but no keyserver" " known (use option
|
|
|
|
--keyserver)\n" ? */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
xfree(url);
|
2006-04-19 11:26:11 +00:00
|
|
|
xfree(look);
|
|
|
|
|
2011-11-30 17:14:08 +01:00
|
|
|
return err;
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Import key pointed to by a PKA record. Return the requested
|
|
|
|
fingerprint in fpr. */
|
2015-04-23 15:42:56 +02:00
|
|
|
gpg_error_t
|
|
|
|
keyserver_import_pka (ctrl_t ctrl, const char *name,
|
|
|
|
unsigned char **fpr, size_t *fpr_len)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2015-04-23 15:42:56 +02:00
|
|
|
gpg_error_t err;
|
|
|
|
char *url;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2015-04-23 15:42:56 +02:00
|
|
|
err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url);
|
|
|
|
if (url && *url && fpr && fpr_len)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2015-04-23 15:42:56 +02:00
|
|
|
/* An URL is available. Lookup the key. */
|
2006-04-19 11:26:11 +00:00
|
|
|
struct keyserver_spec *spec;
|
2015-04-23 15:42:56 +02:00
|
|
|
spec = parse_keyserver_uri (url, 1);
|
2006-04-19 11:26:11 +00:00
|
|
|
if (spec)
|
|
|
|
{
|
2015-04-23 15:42:56 +02:00
|
|
|
err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec);
|
2006-04-19 11:26:11 +00:00
|
|
|
free_keyserver_spec (spec);
|
|
|
|
}
|
|
|
|
}
|
2015-04-23 15:42:56 +02:00
|
|
|
xfree (url);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2015-04-23 15:42:56 +02:00
|
|
|
if (err)
|
2008-04-08 11:04:16 +00:00
|
|
|
{
|
|
|
|
xfree(*fpr);
|
|
|
|
*fpr = NULL;
|
2015-04-23 15:42:56 +02:00
|
|
|
*fpr_len = 0;
|
2008-04-08 11:04:16 +00:00
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
2015-04-23 15:42:56 +02:00
|
|
|
return err;
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-07-23 18:28:54 +00:00
|
|
|
/* Import a key by name using LDAP */
|
2006-04-19 11:26:11 +00:00
|
|
|
int
|
2010-10-01 20:33:53 +00:00
|
|
|
keyserver_import_ldap (ctrl_t ctrl,
|
2014-03-17 15:39:33 +01:00
|
|
|
const char *name, unsigned char **fpr, size_t *fprlen)
|
2006-04-19 11:26:11 +00:00
|
|
|
{
|
2014-03-17 15:39:33 +01:00
|
|
|
(void)ctrl;
|
|
|
|
(void)name;
|
|
|
|
(void)fpr;
|
|
|
|
(void)fprlen;
|
|
|
|
return gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
|
|
|
|
#if 0
|
2006-04-19 11:26:11 +00:00
|
|
|
char *domain;
|
|
|
|
struct keyserver_spec *keyserver;
|
2006-10-02 11:54:35 +00:00
|
|
|
strlist_t list=NULL;
|
2009-07-23 18:28:54 +00:00
|
|
|
int rc,hostlen=1;
|
|
|
|
#ifdef USE_DNS_SRV
|
|
|
|
struct srventry *srvlist=NULL;
|
|
|
|
int srvcount,i;
|
|
|
|
char srvname[MAXDNAME];
|
|
|
|
#endif
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
/* Parse out the domain */
|
|
|
|
domain=strrchr(name,'@');
|
|
|
|
if(!domain)
|
2015-01-22 12:06:11 +01:00
|
|
|
return GPG_ERR_GENERAL;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
domain++;
|
|
|
|
|
|
|
|
keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
|
|
|
|
keyserver->scheme=xstrdup("ldap");
|
2009-07-23 18:28:54 +00:00
|
|
|
keyserver->host=xmalloc(1);
|
|
|
|
keyserver->host[0]='\0';
|
|
|
|
|
|
|
|
#ifdef USE_DNS_SRV
|
|
|
|
snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
|
|
|
|
|
2015-10-22 09:22:41 +02:00
|
|
|
FIXME("network related - move to dirmngr or drop the code");
|
2009-07-23 18:28:54 +00:00
|
|
|
srvcount=getsrv(srvname,&srvlist);
|
|
|
|
|
|
|
|
for(i=0;i<srvcount;i++)
|
|
|
|
{
|
|
|
|
hostlen+=strlen(srvlist[i].target)+1;
|
|
|
|
keyserver->host=xrealloc(keyserver->host,hostlen);
|
|
|
|
|
|
|
|
strcat(keyserver->host,srvlist[i].target);
|
|
|
|
|
|
|
|
if(srvlist[i].port!=389)
|
|
|
|
{
|
|
|
|
char port[7];
|
|
|
|
|
|
|
|
hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
|
|
|
|
keyserver->host=xrealloc(keyserver->host,hostlen);
|
|
|
|
|
|
|
|
snprintf(port,7,":%u",srvlist[i].port);
|
|
|
|
strcat(keyserver->host,port);
|
|
|
|
}
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2009-07-23 18:28:54 +00:00
|
|
|
strcat(keyserver->host," ");
|
|
|
|
}
|
|
|
|
|
|
|
|
free(srvlist);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* If all else fails, do the PGP Universal trick of
|
|
|
|
ldap://keys.(domain) */
|
|
|
|
|
|
|
|
hostlen+=5+strlen(domain);
|
|
|
|
keyserver->host=xrealloc(keyserver->host,hostlen);
|
|
|
|
strcat(keyserver->host,"keys.");
|
2006-04-19 11:26:11 +00:00
|
|
|
strcat(keyserver->host,domain);
|
2009-07-23 18:28:54 +00:00
|
|
|
|
|
|
|
append_to_strlist(&list,name);
|
2011-01-18 12:51:16 +01:00
|
|
|
|
2011-01-20 14:12:53 +01:00
|
|
|
rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
|
|
|
|
/* keyserver_work (ctrl, KS_GETNAME, list, NULL, */
|
|
|
|
/* 0, fpr, fpr_len, keyserver); */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
free_strlist(list);
|
|
|
|
|
|
|
|
free_keyserver_spec(keyserver);
|
|
|
|
|
|
|
|
return rc;
|
2014-03-17 15:39:33 +01:00
|
|
|
#endif
|
2006-04-19 11:26:11 +00:00
|
|
|
}
|