1
/* keydb.c - key database dispatcher
2
* Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
4
* This file is part of GnuPG.
6
* GnuPG is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* GnuPG is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
27
#include <sys/types.h>
32
#include "../kbx/keybox.h"
36
static int active_handles;
39
KEYDB_RESOURCE_TYPE_NONE = 0,
40
KEYDB_RESOURCE_TYPE_KEYBOX
42
#define MAX_KEYDB_RESOURCES 20
44
struct resource_item {
45
KeydbResourceType type;
54
static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
55
static int used_resources;
62
int used; /* items in active */
63
struct resource_item active[MAX_KEYDB_RESOURCES];
67
static int lock_all (KEYDB_HANDLE hd);
68
static void unlock_all (KEYDB_HANDLE hd);
72
* Register a resource (which currently may only be a keybox file).
73
* The first keybox which is added by this function is
74
* created if it does not exist.
75
* Note: this function may be called before secure memory is
79
keydb_add_resource (const char *url, int force, int secret)
81
static int any_secret, any_public;
82
const char *resname = url;
83
char *filename = NULL;
86
KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
87
const char *created_fname = NULL;
90
gnupg-kbx:filename := this is a plain keybox
91
filename := See what is is, but create as plain keybox.
93
if (strlen (resname) > 10)
95
if (!strncmp (resname, "gnupg-kbx:", 10) )
97
rt = KEYDB_RESOURCE_TYPE_KEYBOX;
100
#if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
101
else if (strchr (resname, ':'))
103
log_error ("invalid key resource URL `%s'\n", url );
104
rc = gpg_error (GPG_ERR_GENERAL);
107
#endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
110
if (*resname != DIRSEP_C )
111
{ /* do tilde expansion etc */
112
if (strchr(resname, DIRSEP_C) )
113
filename = make_filename (resname, NULL);
115
filename = make_filename (opt.homedir, resname, NULL);
118
filename = xstrdup (resname);
121
force = secret? !any_secret : !any_public;
123
/* see whether we can determine the filetype */
124
if (rt == KEYDB_RESOURCE_TYPE_NONE)
126
FILE *fp2 = fopen( filename, "rb" );
131
/* FIXME: check for the keybox magic */
132
if (fread( &magic, 4, 1, fp2) == 1 )
134
if (magic == 0x13579ace || magic == 0xce9a5713)
135
; /* GDBM magic - no more support */
137
rt = KEYDB_RESOURCE_TYPE_KEYBOX;
139
else /* maybe empty: assume ring */
140
rt = KEYDB_RESOURCE_TYPE_KEYBOX;
143
else /* no file yet: create ring */
144
rt = KEYDB_RESOURCE_TYPE_KEYBOX;
149
case KEYDB_RESOURCE_TYPE_NONE:
150
log_error ("unknown type of key resource `%s'\n", url );
151
rc = gpg_error (GPG_ERR_GENERAL);
154
case KEYDB_RESOURCE_TYPE_KEYBOX:
155
fp = fopen (filename, "rb");
158
rc = gpg_error (gpg_err_code_from_errno (errno));
164
#if 0 /* no autocreate of the homedirectory yet */
166
char *last_slash_in_filename;
168
last_slash_in_filename = strrchr (filename, DIRSEP_C);
169
*last_slash_in_filename = 0;
170
if (access (filename, F_OK))
171
{ /* on the first time we try to create the default
172
homedir and in this case the process will be
173
terminated, so that on the next invocation can
174
read the options file in on startup */
175
try_make_homedir (filename);
176
rc = gpg_error (GPG_ERR_FILE_OPEN_ERROR);
177
*last_slash_in_filename = DIRSEP_C;
180
*last_slash_in_filename = DIRSEP_C;
183
fp = fopen (filename, "w");
186
rc = gpg_error (gpg_err_code_from_errno (errno));
187
log_error (_("error creating keybox `%s': %s\n"),
188
filename, strerror(errno));
190
log_info (_("you may want to start the gpg-agent first\n"));
195
log_info (_("keybox `%s' created\n"), filename);
196
created_fname = filename;
200
/* now register the file */
203
void *token = keybox_register_file (filename, secret);
205
; /* already registered - ignore it */
206
else if (used_resources >= MAX_KEYDB_RESOURCES)
207
rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
210
all_resources[used_resources].type = rt;
211
all_resources[used_resources].u.kr = NULL; /* Not used here */
212
all_resources[used_resources].token = token;
213
all_resources[used_resources].secret = secret;
215
all_resources[used_resources].lockhandle
216
= create_dotlock (filename);
217
if (!all_resources[used_resources].lockhandle)
218
log_fatal ( _("can't create lock for `%s'\n"), filename);
220
/* Do a compress run if needed and the file is not locked. */
221
if (!make_dotlock (all_resources[used_resources].lockhandle, 0))
223
KEYBOX_HANDLE kbxhd = keybox_new (token, secret);
227
keybox_compress (kbxhd);
228
keybox_release (kbxhd);
230
release_dotlock (all_resources[used_resources].lockhandle);
240
log_error ("resource type of `%s' not supported\n", url);
241
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
245
/* fixme: check directory permissions and print a warning */
249
log_error ("keyblock resource `%s': %s\n", filename, gpg_strerror(rc));
260
keydb_new (int secret)
265
hd = xcalloc (1, sizeof *hd);
268
assert (used_resources <= MAX_KEYDB_RESOURCES);
269
for (i=j=0; i < used_resources; i++)
271
if (!all_resources[i].secret != !secret)
273
switch (all_resources[i].type)
275
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
277
case KEYDB_RESOURCE_TYPE_KEYBOX:
278
hd->active[j].type = all_resources[i].type;
279
hd->active[j].token = all_resources[i].token;
280
hd->active[j].secret = all_resources[i].secret;
281
hd->active[j].lockhandle = all_resources[i].lockhandle;
282
hd->active[j].u.kr = keybox_new (all_resources[i].token, secret);
283
if (!hd->active[j].u.kr)
286
return NULL; /* fixme: release all previously allocated handles*/
299
keydb_release (KEYDB_HANDLE hd)
305
assert (active_handles > 0);
309
for (i=0; i < hd->used; i++)
311
switch (hd->active[i].type)
313
case KEYDB_RESOURCE_TYPE_NONE:
315
case KEYDB_RESOURCE_TYPE_KEYBOX:
316
keybox_release (hd->active[i].u.kr);
325
/* Return the name of the current resource. This is function first
326
looks for the last found found, then for the current search
327
position, and last returns the first available resource. The
328
returned string is only valid as long as the handle exists. This
329
function does only return NULL if no handle is specified, in all
330
other error cases an empty string is returned. */
332
keydb_get_resource_name (KEYDB_HANDLE hd)
335
const char *s = NULL;
340
if ( hd->found >= 0 && hd->found < hd->used)
342
else if ( hd->current >= 0 && hd->current < hd->used)
347
switch (hd->active[idx].type)
349
case KEYDB_RESOURCE_TYPE_NONE:
352
case KEYDB_RESOURCE_TYPE_KEYBOX:
353
s = keybox_get_resource_name (hd->active[idx].u.kr);
360
/* Switch the handle into ephemeral mode and return the orginal value. */
362
keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
370
if (hd->is_ephemeral != yes)
372
for (i=0; i < hd->used; i++)
374
switch (hd->active[i].type)
376
case KEYDB_RESOURCE_TYPE_NONE:
378
case KEYDB_RESOURCE_TYPE_KEYBOX:
379
keybox_set_ephemeral (hd->active[i].u.kr, yes);
385
i = hd->is_ephemeral;
386
hd->is_ephemeral = yes;
391
/* If the keyring has not yet been locked, lock it now. This
392
operation is required before any update opeations; it is optionaly
393
for an insert operation. The lock is released with
396
keydb_lock (KEYDB_HANDLE hd)
399
return gpg_error (GPG_ERR_INV_HANDLE);
401
return 0; /* Already locked. */
402
return lock_all (hd);
408
lock_all (KEYDB_HANDLE hd)
412
/* Fixme: This locking scheme may lead to deadlock if the resources
413
are not added in the same order by all processes. We are
414
currently only allowing one resource so it is not a problem. */
415
for (i=0; i < hd->used; i++)
417
switch (hd->active[i].type)
419
case KEYDB_RESOURCE_TYPE_NONE:
421
case KEYDB_RESOURCE_TYPE_KEYBOX:
422
if (hd->active[i].lockhandle)
423
rc = make_dotlock (hd->active[i].lockhandle, -1);
432
/* revert the already set locks */
433
for (i--; i >= 0; i--)
435
switch (hd->active[i].type)
437
case KEYDB_RESOURCE_TYPE_NONE:
439
case KEYDB_RESOURCE_TYPE_KEYBOX:
440
if (hd->active[i].lockhandle)
441
release_dotlock (hd->active[i].lockhandle);
449
/* make_dotlock () does not yet guarantee that errno is set, thus
450
we can't rely on the error reason and will simply use
452
return rc? gpg_error (GPG_ERR_EACCES) : 0;
456
unlock_all (KEYDB_HANDLE hd)
463
for (i=hd->used-1; i >= 0; i--)
465
switch (hd->active[i].type)
467
case KEYDB_RESOURCE_TYPE_NONE:
469
case KEYDB_RESOURCE_TYPE_KEYBOX:
470
if (hd->active[i].lockhandle)
471
release_dotlock (hd->active[i].lockhandle);
481
* Return the last found keybox. Caller must free it.
482
* The returned keyblock has the kbode flag bit 0 set for the node with
483
* the public key used to locate the keyblock or flag bit 1 set for
487
keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
492
return G10ERR_INV_ARG;
494
if ( hd->found < 0 || hd->found >= hd->used)
495
return -1; /* nothing found */
497
switch (hd->active[hd->found].type) {
498
case KEYDB_RESOURCE_TYPE_NONE:
499
rc = G10ERR_GENERAL; /* oops */
501
case KEYDB_RESOURCE_TYPE_KEYBOX:
502
rc = keybox_get_keyblock (hd->active[hd->found].u.kr, ret_kb);
510
* update the current keyblock with KB
513
keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
518
return G10ERR_INV_ARG;
520
if ( hd->found < 0 || hd->found >= hd->used)
521
return -1; /* nothing found */
527
return gpg_error (GPG_ERR_NOT_LOCKED);
529
switch (hd->active[hd->found].type) {
530
case KEYDB_RESOURCE_TYPE_NONE:
531
rc = G10ERR_GENERAL; /* oops */
533
case KEYDB_RESOURCE_TYPE_KEYBOX:
534
rc = keybox_update_keyblock (hd->active[hd->found].u.kr, kb);
544
* Insert a new KB into one of the resources.
547
keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
553
return G10ERR_INV_ARG;
558
if ( hd->found >= 0 && hd->found < hd->used)
560
else if ( hd->current >= 0 && hd->current < hd->used)
563
return G10ERR_GENERAL;
569
switch (hd->active[idx].type) {
570
case KEYDB_RESOURCE_TYPE_NONE:
571
rc = G10ERR_GENERAL; /* oops */
573
case KEYDB_RESOURCE_TYPE_KEYBOX:
574
rc = keybox_insert_keyblock (hd->active[idx].u.kr, kb);
582
#endif /*disabled code*/
587
Return the last found object. Caller must free it. The returned
588
keyblock has the kbode flag bit 0 set for the node with the public
589
key used to locate the keyblock or flag bit 1 set for the user ID
592
keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
597
return gpg_error (GPG_ERR_INV_VALUE);
599
if ( hd->found < 0 || hd->found >= hd->used)
600
return -1; /* nothing found */
602
switch (hd->active[hd->found].type)
604
case KEYDB_RESOURCE_TYPE_NONE:
605
rc = gpg_error (GPG_ERR_GENERAL); /* oops */
607
case KEYDB_RESOURCE_TYPE_KEYBOX:
608
rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
615
/* Return a flag of the last found object. WHICH is the flag requested;
616
it should be one of the KEYBOX_FLAG_ values. If the operation is
617
successful, the flag value will be stored at the address given by
618
VALUE. Return 0 on success or an error code. */
620
keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
625
return gpg_error (GPG_ERR_INV_VALUE);
627
if ( hd->found < 0 || hd->found >= hd->used)
628
return gpg_error (GPG_ERR_NOTHING_FOUND);
630
switch (hd->active[hd->found].type)
632
case KEYDB_RESOURCE_TYPE_NONE:
633
err = gpg_error (GPG_ERR_GENERAL); /* oops */
635
case KEYDB_RESOURCE_TYPE_KEYBOX:
636
err = keybox_get_flags (hd->active[hd->found].u.kr, which, idx, value);
643
/* Set a flag of the last found object. WHICH is the flag to be set; it
644
should be one of the KEYBOX_FLAG_ values. If the operation is
645
successful, the flag value will be stored in the keybox. Note,
646
that some flag values can't be updated and thus may return an
647
error, some other flag values may be masked out before an update.
648
Returns 0 on success or an error code. */
650
keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
655
return gpg_error (GPG_ERR_INV_VALUE);
657
if ( hd->found < 0 || hd->found >= hd->used)
658
return gpg_error (GPG_ERR_NOTHING_FOUND);
661
return gpg_error (GPG_ERR_NOT_LOCKED);
663
switch (hd->active[hd->found].type)
665
case KEYDB_RESOURCE_TYPE_NONE:
666
err = gpg_error (GPG_ERR_GENERAL); /* oops */
668
case KEYDB_RESOURCE_TYPE_KEYBOX:
669
err = keybox_set_flags (hd->active[hd->found].u.kr, which, idx, value);
677
* Insert a new Certificate into one of the resources.
680
keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
687
return gpg_error (GPG_ERR_INV_VALUE);
692
if ( hd->found >= 0 && hd->found < hd->used)
694
else if ( hd->current >= 0 && hd->current < hd->used)
697
return gpg_error (GPG_ERR_GENERAL);
703
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
705
switch (hd->active[idx].type)
707
case KEYDB_RESOURCE_TYPE_NONE:
708
rc = gpg_error (GPG_ERR_GENERAL);
710
case KEYDB_RESOURCE_TYPE_KEYBOX:
711
rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
721
/* update the current keyblock with KB */
723
keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
729
return gpg_error (GPG_ERR_INV_VALUE);
731
if ( hd->found < 0 || hd->found >= hd->used)
732
return -1; /* nothing found */
741
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
743
switch (hd->active[hd->found].type)
745
case KEYDB_RESOURCE_TYPE_NONE:
746
rc = gpg_error (GPG_ERR_GENERAL); /* oops */
748
case KEYDB_RESOURCE_TYPE_KEYBOX:
749
rc = keybox_update_cert (hd->active[hd->found].u.kr, cert, digest);
759
* The current keyblock or cert will be deleted.
762
keydb_delete (KEYDB_HANDLE hd)
767
return gpg_error (GPG_ERR_INV_VALUE);
769
if ( hd->found < 0 || hd->found >= hd->used)
770
return -1; /* nothing found */
776
return gpg_error (GPG_ERR_NOT_LOCKED);
778
switch (hd->active[hd->found].type)
780
case KEYDB_RESOURCE_TYPE_NONE:
781
rc = gpg_error (GPG_ERR_GENERAL);
783
case KEYDB_RESOURCE_TYPE_KEYBOX:
784
rc = keybox_delete (hd->active[hd->found].u.kr);
795
* Locate the default writable key resource, so that the next
796
* operation (which is only relevant for inserts) will be done on this
800
keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
805
return gpg_error (GPG_ERR_INV_VALUE);
807
rc = keydb_search_reset (hd); /* this does reset hd->current */
811
for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
813
switch (hd->active[hd->current].type)
815
case KEYDB_RESOURCE_TYPE_NONE:
818
case KEYDB_RESOURCE_TYPE_KEYBOX:
819
if (keybox_is_writable (hd->active[hd->current].token))
820
return 0; /* found (hd->current is set to it) */
829
* Rebuild the caches of all key resources.
832
keydb_rebuild_caches (void)
836
for (i=0; i < used_resources; i++)
838
if (all_resources[i].secret)
840
switch (all_resources[i].type)
842
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
844
case KEYDB_RESOURCE_TYPE_KEYBOX:
845
/* rc = keybox_rebuild_cache (all_resources[i].token); */
847
/* log_error (_("failed to rebuild keybox cache: %s\n"), */
848
/* g10_errstr (rc)); */
857
* Start the next search on this handle right at the beginning
860
keydb_search_reset (KEYDB_HANDLE hd)
865
return gpg_error (GPG_ERR_INV_VALUE);
869
/* and reset all resources */
870
for (i=0; !rc && i < hd->used; i++)
872
switch (hd->active[i].type)
874
case KEYDB_RESOURCE_TYPE_NONE:
876
case KEYDB_RESOURCE_TYPE_KEYBOX:
877
rc = keybox_search_reset (hd->active[i].u.kr);
881
return rc; /* fixme: we need to map error codes or share them with
886
* Search through all keydb resources, starting at the current position,
887
* for a keyblock which contains one of the keys described in the DESC array.
890
keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
895
return gpg_error (GPG_ERR_INV_VALUE);
897
while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
899
switch (hd->active[hd->current].type)
901
case KEYDB_RESOURCE_TYPE_NONE:
902
BUG(); /* we should never see it here */
904
case KEYDB_RESOURCE_TYPE_KEYBOX:
905
rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc);
908
if (rc == -1) /* EOF -> switch to next resource */
911
hd->found = hd->current;
919
keydb_search_first (KEYDB_HANDLE hd)
921
KEYDB_SEARCH_DESC desc;
923
memset (&desc, 0, sizeof desc);
924
desc.mode = KEYDB_SEARCH_MODE_FIRST;
925
return keydb_search (hd, &desc, 1);
929
keydb_search_next (KEYDB_HANDLE hd)
931
KEYDB_SEARCH_DESC desc;
933
memset (&desc, 0, sizeof desc);
934
desc.mode = KEYDB_SEARCH_MODE_NEXT;
935
return keydb_search (hd, &desc, 1);
939
keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
941
KEYDB_SEARCH_DESC desc;
943
memset (&desc, 0, sizeof desc);
944
desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
945
/* desc.u.kid[0] = kid[0]; */
946
/* desc.u.kid[1] = kid[1]; */
947
return keydb_search (hd, &desc, 1);
951
keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
953
KEYDB_SEARCH_DESC desc;
955
memset (&desc, 0, sizeof desc);
956
desc.mode = KEYDB_SEARCH_MODE_FPR;
957
memcpy (desc.u.fpr, fpr, 20);
958
return keydb_search (hd, &desc, 1);
962
keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
964
KEYDB_SEARCH_DESC desc;
967
memset (&desc, 0, sizeof desc);
968
desc.mode = KEYDB_SEARCH_MODE_ISSUER;
969
desc.u.name = issuer;
970
rc = keydb_search (hd, &desc, 1);
975
keydb_search_issuer_sn (KEYDB_HANDLE hd,
976
const char *issuer, ksba_const_sexp_t serial)
978
KEYDB_SEARCH_DESC desc;
980
const unsigned char *s;
982
memset (&desc, 0, sizeof desc);
983
desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
986
return gpg_error (GPG_ERR_INV_VALUE);
988
for (desc.snlen = 0; digitp (s); s++)
989
desc.snlen = 10*desc.snlen + atoi_1 (s);
991
return gpg_error (GPG_ERR_INV_VALUE);
993
desc.u.name = issuer;
994
rc = keydb_search (hd, &desc, 1);
999
keydb_search_subject (KEYDB_HANDLE hd, const char *name)
1001
KEYDB_SEARCH_DESC desc;
1004
memset (&desc, 0, sizeof desc);
1005
desc.mode = KEYDB_SEARCH_MODE_SUBJECT;
1007
rc = keydb_search (hd, &desc, 1);
1013
hextobyte (const unsigned char *s)
1017
if( *s >= '0' && *s <= '9' )
1018
c = 16 * (*s - '0');
1019
else if ( *s >= 'A' && *s <= 'F' )
1020
c = 16 * (10 + *s - 'A');
1021
else if ( *s >= 'a' && *s <= 'f' )
1022
c = 16 * (10 + *s - 'a');
1026
if ( *s >= '0' && *s <= '9' )
1028
else if ( *s >= 'A' && *s <= 'F' )
1030
else if ( *s >= 'a' && *s <= 'f' )
1039
classify_user_id (const char *name,
1040
KEYDB_SEARCH_DESC *desc,
1048
/* clear the structure so that the mode field is set to zero unless
1049
* we set it to the correct value right at the end of this function */
1050
memset (desc, 0, sizeof *desc);
1052
/* Skip leading spaces. Fixme: what about trailing white space? */
1053
for(s = name; *s && spacep (s); s++ )
1058
case 0: /* empty string is an error */
1061
case '.': /* an email address, compare from end */
1062
mode = KEYDB_SEARCH_MODE_MAILEND;
1067
case '<': /* an email address */
1068
mode = KEYDB_SEARCH_MODE_MAIL;
1073
case '@': /* part of an email address */
1074
mode = KEYDB_SEARCH_MODE_MAILSUB;
1079
case '=': /* exact compare */
1080
mode = KEYDB_SEARCH_MODE_EXACT;
1085
case '*': /* case insensitive substring search */
1086
mode = KEYDB_SEARCH_MODE_SUBSTR;
1091
case '+': /* compare individual words */
1092
mode = KEYDB_SEARCH_MODE_WORDS;
1097
case '/': /* subject's DN */
1099
if (!*s || spacep (s))
1100
return 0; /* no DN or prefixed with a space */
1102
mode = KEYDB_SEARCH_MODE_SUBJECT;
1111
{ /* "#/" indicates an issuer's DN */
1113
if (!*s || spacep (s))
1114
return 0; /* no DN or prefixed with a space */
1116
mode = KEYDB_SEARCH_MODE_ISSUER;
1119
{ /* serialnumber + optional issuer ID */
1120
for (si=s; *si && *si != '/'; si++)
1122
if (!strchr("01234567890abcdefABCDEF", *si))
1123
return 0; /* invalid digit in serial number*/
1128
mode = KEYDB_SEARCH_MODE_SN;
1132
if (!*s || spacep (s))
1133
return 0; /* no DN or prefixed with a space */
1135
mode = KEYDB_SEARCH_MODE_ISSUER_SN;
1141
case ':': /*Unified fingerprint */
1143
const char *se, *si;
1146
se = strchr (++s,':');
1149
for (i=0,si=s; si < se; si++, i++ )
1151
if (!strchr("01234567890abcdefABCDEF", *si))
1152
return 0; /* invalid digit */
1154
if (i != 32 && i != 40)
1155
return 0; /* invalid length of fpr*/
1156
for (i=0,si=s; si < se; i++, si +=2)
1157
desc->u.fpr[i] = hextobyte(si);
1161
mode = KEYDB_SEARCH_MODE_FPR;
1166
if (s[0] == '0' && s[1] == 'x')
1172
hexlength = strspn(s, "0123456789abcdefABCDEF");
1173
if (hexlength >= 8 && s[hexlength] =='!')
1176
hexlength++; /* just for the following check */
1179
/* check if a hexadecimal number is terminated by EOS or blank */
1180
if (hexlength && s[hexlength] && !spacep (s+hexlength))
1182
if (hexprefix) /* a "0x" prefix without correct */
1183
return 0; /* termination is an error */
1184
/* The first chars looked like a hex number, but really is
1190
hexlength--; /* remove the bang */
1193
|| (!hexprefix && hexlength == 9 && *s == '0'))
1198
kid = strtoul( s, NULL, 16 );
1199
desc->u.kid[4] = kid >> 24;
1200
desc->u.kid[5] = kid >> 16;
1201
desc->u.kid[6] = kid >> 8;
1202
desc->u.kid[7] = kid;
1203
mode = KEYDB_SEARCH_MODE_SHORT_KID;
1205
else if (hexlength == 16
1206
|| (!hexprefix && hexlength == 17 && *s == '0'))
1207
{ /* complete keyid */
1208
unsigned long kid0, kid1;
1210
if (hexlength == 17)
1212
mem2str(buf, s, 9 );
1213
kid0 = strtoul (buf, NULL, 16);
1214
kid1 = strtoul (s+8, NULL, 16);
1215
desc->u.kid[0] = kid0 >> 24;
1216
desc->u.kid[1] = kid0 >> 16;
1217
desc->u.kid[2] = kid0 >> 8;
1218
desc->u.kid[3] = kid0;
1219
desc->u.kid[4] = kid1 >> 24;
1220
desc->u.kid[5] = kid1 >> 16;
1221
desc->u.kid[6] = kid1 >> 8;
1222
desc->u.kid[7] = kid1;
1223
mode = KEYDB_SEARCH_MODE_LONG_KID;
1225
else if (hexlength == 32
1226
|| (!hexprefix && hexlength == 33 && *s == '0'))
1227
{ /* md5 fingerprint */
1229
if (hexlength == 33)
1231
memset(desc->u.fpr+16, 0, 4);
1232
for (i=0; i < 16; i++, s+=2)
1234
int c = hextobyte(s);
1239
mode = KEYDB_SEARCH_MODE_FPR16;
1241
else if (hexlength == 40
1242
|| (!hexprefix && hexlength == 41 && *s == '0'))
1243
{ /* sha1/rmd160 fingerprint */
1245
if (hexlength == 41)
1247
for (i=0; i < 20; i++, s+=2)
1249
int c = hextobyte(s);
1254
mode = KEYDB_SEARCH_MODE_FPR20;
1256
else if (!hexprefix)
1258
/* The fingerprint in an X.509 listing is often delimited by
1259
colons, so we try to single this case out. */
1261
hexlength = strspn (s, ":0123456789abcdefABCDEF");
1262
if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
1266
for (i=0; i < 20; i++, s += 3)
1268
int c = hextobyte(s);
1269
if (c == -1 || (i < 19 && s[2] != ':'))
1274
mode = KEYDB_SEARCH_MODE_FPR20;
1276
if (!mode) /* default is substring search */
1280
mode = KEYDB_SEARCH_MODE_SUBSTR;
1284
{ /* hex number with a prefix but a wrong length */
1295
keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
1298
KEYDB_SEARCH_DESC dummy_desc;
1303
if (!classify_user_id (name, desc, &dummy))
1304
return gpg_error (GPG_ERR_INV_NAME);
1309
/* Store the certificate in the key DB but make sure that it does not
1310
already exists. We do this simply by comparing the fingerprint.
1311
If EXISTED is not NULL it will be set to true if the certificate
1312
was already in the DB. */
1314
keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
1318
unsigned char fpr[20];
1323
if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
1325
log_error (_("failed to get the fingerprint\n"));
1326
return gpg_error (GPG_ERR_GENERAL);
1332
log_error (_("failed to allocate keyDB handle\n"));
1333
return gpg_error (GPG_ERR_ENOMEM);;
1337
keydb_set_ephemeral (kh, 1);
1339
rc = keydb_search_fpr (kh, fpr);
1347
return 0; /* okay */
1349
log_error (_("problem looking for existing certificate: %s\n"),
1354
rc = keydb_locate_writable (kh, 0);
1357
log_error (_("error finding writable keyDB: %s\n"), gpg_strerror (rc));
1362
rc = keydb_insert_cert (kh, cert);
1365
log_error (_("error storing certificate: %s\n"), gpg_strerror (rc));
1374
/* This is basically keydb_set_flags but it implements a complete
1375
transaction by locating the certificate in the DB and updating the
1378
keydb_set_cert_flags (ksba_cert_t cert, int which, int idx, unsigned int value)
1382
unsigned char fpr[20];
1383
unsigned int old_value;
1385
if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
1387
log_error (_("failed to get the fingerprint\n"));
1388
return gpg_error (GPG_ERR_GENERAL);
1394
log_error (_("failed to allocate keyDB handle\n"));
1395
return gpg_error (GPG_ERR_ENOMEM);;
1398
err = keydb_lock (kh);
1401
log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
1406
err = keydb_search_fpr (kh, fpr);
1409
log_error (_("problem re-searching certificate: %s\n"),
1410
gpg_strerror (err));
1415
err = keydb_get_flags (kh, which, idx, &old_value);
1418
log_error (_("error getting stored flags: %s\n"), gpg_strerror (err));
1422
if (value != old_value)
1424
err = keydb_set_flags (kh, which, idx, value);
1427
log_error (_("error storing flags: %s\n"), gpg_strerror (err));
1437
/* Reset all the certificate flags we have stored with the certificates
1438
for performance reasons. */
1440
keydb_clear_some_cert_flags (ctrl_t ctrl, STRLIST names)
1443
KEYDB_HANDLE hd = NULL;
1444
KEYDB_SEARCH_DESC *desc = NULL;
1448
unsigned int old_value, value;
1453
log_error ("keydb_new failed\n");
1461
for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
1465
desc = xtrycalloc (ndesc, sizeof *desc);
1468
log_error ("allocating memory failed: %s\n",
1469
gpg_strerror (OUT_OF_CORE (errno)));
1474
desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1477
for (ndesc=0, sl=names; sl; sl = sl->next)
1479
rc = keydb_classify_name (sl->d, desc+ndesc);
1482
log_error ("key `%s' not found: %s\n",
1483
sl->d, gpg_strerror (rc));
1491
err = keydb_lock (hd);
1494
log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
1498
while (!(rc = keydb_search (hd, desc, ndesc)))
1501
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1503
err = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &old_value);
1506
log_error (_("error getting stored flags: %s\n"),
1507
gpg_strerror (err));
1511
value = (old_value & ~VALIDITY_REVOKED);
1512
if (value != old_value)
1514
err = keydb_set_flags (hd, KEYBOX_FLAG_VALIDITY, 0, value);
1517
log_error (_("error storing flags: %s\n"), gpg_strerror (err));
1523
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));