1
1
/* getkey.c - Get a key from the database
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002,
3
* 2003 Free Software Foundation, Inc.
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3
* 2006, 2007 Free Software Foundation, Inc.
5
5
* This file is part of GnuPG.
7
7
* GnuPG is free software; you can redistribute it and/or modify
8
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
9
* the Free Software Foundation; either version 3 of the License, or
10
10
* (at your option) any later version.
12
12
* GnuPG is distributed in the hope that it will be useful,
731
skip_disabled(void *dummy,u32 *keyid)
762
skip_unusable(void *dummy,u32 *keyid,PKT_user_id *uid)
734
PKT_public_key *pk=xcalloc (1,sizeof(PKT_public_key));
736
rc = get_pubkey(pk, keyid);
767
keyblock=get_pubkeyblock(keyid);
739
log_error("error checking disabled status of %08lX: %s\n",
740
(ulong)keyid[1],gpg_strerror (rc));
770
log_error("error checking usability status of %s\n",keystr(keyid));
744
disabled=pk_is_disabled(pk);
774
/* Is the user ID in question revoked/expired? */
779
for(node=keyblock;node;node=node->next)
781
if(node->pkt->pkttype==PKT_USER_ID)
783
if(cmp_user_ids(uid,node->pkt->pkt.user_id)==0
784
&& (node->pkt->pkt.user_id->is_revoked
785
|| node->pkt->pkt.user_id->is_expired))
795
unusable=pk_is_disabled(keyblock->pkt->pkt.public_key);
798
release_kbnode(keyblock);
751
802
/****************
752
803
* Try to get the pubkey by the userid. This function looks for the
753
* first pubkey certificate which has the given name in a user_id.
754
* if pk/sk has the pubkey algo set, the function will only return
755
* a pubkey with that algo.
756
* The caller should provide storage for either the pk or the sk.
757
* If ret_kb is not NULL the function will return the keyblock there.
804
* first pubkey certificate which has the given name in a user_id. if
805
* pk/sk has the pubkey algo set, the function will only return a
806
* pubkey with that algo. If namelist is NULL, the first key is
807
* returned. The caller should provide storage for either the pk or
808
* the sk. If ret_kb is not NULL the function will return the
761
key_byname( GETKEY_CTX *retctx, STRLIST namelist,
813
key_byname( GETKEY_CTX *retctx, strlist_t namelist,
762
814
PKT_public_key *pk, PKT_secret_key *sk,
763
int secmode, int include_disabled,
815
int secmode, int include_unusable,
764
816
KBNODE *ret_kb, KEYDB_HANDLE *ret_kdbhd )
770
822
KBNODE help_kb = NULL;
778
830
*ret_kdbhd = NULL;
780
/* build the search context */
781
for(n=0, r=namelist; r; r = r->next )
783
ctx = xcalloc (1,sizeof *ctx + (n-1)*sizeof ctx->items );
786
for(n=0, r=namelist; r; r = r->next, n++ ) {
787
classify_user_id (r->d, &ctx->items[n]);
834
ctx = xmalloc_clear (sizeof *ctx);
836
ctx->items[0].mode=KEYDB_SEARCH_MODE_FIRST;
837
if(!include_unusable)
838
ctx->items[0].skipfnc=skip_unusable;
842
/* build the search context */
843
for(n=0, r=namelist; r; r = r->next )
846
ctx = xmalloc_clear (sizeof *ctx + (n-1)*sizeof ctx->items );
849
for(n=0, r=namelist; r; r = r->next, n++ )
851
classify_user_id (r->d, &ctx->items[n]);
789
if (ctx->items[n].exact)
791
if (!ctx->items[n].mode) {
793
return GPG_ERR_INV_USER_ID;
796
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_SHORT_KID
797
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_LONG_KID
798
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR16
799
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR20
800
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR)
801
ctx->items[n].skipfnc=skip_disabled;
853
if (ctx->items[n].exact)
855
if (!ctx->items[n].mode)
858
return G10ERR_INV_USER_ID;
861
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_SHORT_KID
862
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_LONG_KID
863
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR16
864
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR20
865
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR)
866
ctx->items[n].skipfnc=skip_unusable;
804
870
ctx->kr_handle = keydb_new (secmode);
845
* Find a public key from NAME and returh the keyblock or the key.
846
* If ret_kdb is not NULL, the KEYDB handle used to locate this keyblock is
847
* returned and the caller is responsible for closing it.
912
/* Find a public key from NAME and return the keyblock or the key. If
913
ret_kdb is not NULL, the KEYDB handle used to locate this keyblock
914
is returned and the caller is responsible for closing it. If a key
915
was not found and NAME is a valid RFC822 mailbox and --auto-key-locate
916
has been enabled, we try to import the key via the online mechanisms
917
defined by --auto-key-locate. */
850
919
get_pubkey_byname (PKT_public_key *pk,
851
920
const char *name, KBNODE *ret_keyblock,
852
KEYDB_HANDLE *ret_kdbhd, int include_disabled )
921
KEYDB_HANDLE *ret_kdbhd, int include_unusable )
855
STRLIST namelist = NULL;
857
add_to_strlist( &namelist, name );
858
rc = key_byname( NULL, namelist, pk, NULL, 0,
859
include_disabled, ret_keyblock, ret_kdbhd);
860
free_strlist( namelist );
924
strlist_t namelist = NULL;
926
add_to_strlist( &namelist, name );
928
rc = key_byname( NULL, namelist, pk, NULL, 0,
929
include_unusable, ret_keyblock, ret_kdbhd);
931
/* If the requested name resembles a valid mailbox and automatic
932
retrieval has been enabled, we try to import the key. */
934
if (rc == G10ERR_NO_PUBKEY && is_valid_mailbox(name))
938
for(akl=opt.auto_key_locate;akl;akl=akl->next)
940
unsigned char *fpr=NULL;
946
glo_ctrl.in_auto_key_retrieve++;
947
rc=keyserver_import_cert(name,&fpr,&fpr_len);
948
glo_ctrl.in_auto_key_retrieve--;
951
log_info(_("automatically retrieved `%s' via %s\n"),
956
glo_ctrl.in_auto_key_retrieve++;
957
rc=keyserver_import_pka(name,&fpr,&fpr_len);
958
glo_ctrl.in_auto_key_retrieve--;
961
log_info(_("automatically retrieved `%s' via %s\n"),
966
glo_ctrl.in_auto_key_retrieve++;
967
rc=keyserver_import_ldap(name,&fpr,&fpr_len);
968
glo_ctrl.in_auto_key_retrieve--;
971
log_info(_("automatically retrieved `%s' via %s\n"),
976
/* Strictly speaking, we don't need to only use a valid
977
mailbox for the getname search, but it helps cut down
978
on the problem of searching for something like "john"
979
and getting a whole lot of keys back. */
982
glo_ctrl.in_auto_key_retrieve++;
983
rc=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
984
glo_ctrl.in_auto_key_retrieve--;
987
log_info(_("automatically retrieved `%s' via %s\n"),
988
name,opt.keyserver->uri);
994
struct keyserver_spec *keyserver;
996
keyserver=keyserver_match(akl->spec);
997
glo_ctrl.in_auto_key_retrieve++;
998
rc=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
999
glo_ctrl.in_auto_key_retrieve--;
1002
log_info(_("automatically retrieved `%s' via %s\n"),
1003
name,akl->spec->uri);
1008
/* Use the fingerprint of the key that we actually fetched.
1009
This helps prevent problems where the key that we fetched
1010
doesn't have the same name that we used to fetch it. In
1011
the case of CERT and PKA, this is an actual security
1012
requirement as the URL might point to a key put in by an
1013
attacker. By forcing the use of the fingerprint, we
1014
won't use the attacker's key here. */
1018
char fpr_string[MAX_FINGERPRINT_LEN*2+1];
1020
assert(fpr_len<=MAX_FINGERPRINT_LEN);
1022
free_strlist(namelist);
1025
for(i=0;i<fpr_len;i++)
1026
sprintf(fpr_string+2*i,"%02X",fpr[i]);
1029
log_info("auto-key-locate found fingerprint %s\n",fpr_string);
1031
add_to_strlist( &namelist, fpr_string );
1036
rc = key_byname( NULL, namelist, pk, NULL, 0,
1037
include_unusable, ret_keyblock, ret_kdbhd);
1038
if(rc!=G10ERR_NO_PUBKEY)
1043
free_strlist( namelist );
865
1048
get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk,
866
STRLIST names, KBNODE *ret_keyblock )
1049
strlist_t names, KBNODE *ret_keyblock )
868
1051
return key_byname( retctx, names, pk, NULL, 0, 1, ret_keyblock, NULL);
1016
1196
get_seckey_byname2( GETKEY_CTX *retctx,
1017
PKT_secret_key *sk, const char *name, int unprotect,
1197
PKT_secret_key *sk, const char *name, int unprotect,
1020
STRLIST namelist = NULL;
1023
if( !name && opt.def_secret_key && *opt.def_secret_key ) {
1024
add_to_strlist( &namelist, opt.def_secret_key );
1025
rc = key_byname( retctx, namelist, NULL, sk, 1, 1, retblock, NULL );
1027
else if( !name ) { /* use the first one as default key */
1028
struct getkey_ctx_s ctx;
1031
assert (!retctx ); /* do we need this at all */
1033
memset( &ctx, 0, sizeof ctx );
1034
ctx.not_allocated = 1;
1035
ctx.kr_handle = keydb_new (1);
1037
ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST;
1038
rc = lookup( &ctx, &kb, 1 );
1040
sk_from_block ( &ctx, sk, kb );
1041
release_kbnode ( kb );
1042
get_seckey_end( &ctx );
1045
add_to_strlist( &namelist, name );
1046
rc = key_byname( retctx, namelist, NULL, sk, 1, 1, retblock, NULL );
1049
free_strlist( namelist );
1051
if( !rc && unprotect )
1052
rc = check_secret_key( sk, 0 );
1200
strlist_t namelist = NULL;
1201
int rc,include_unusable=1;
1203
/* If we have no name, try to use the default secret key. If we
1204
have no default, we'll use the first usable one. */
1206
if( !name && opt.def_secret_key && *opt.def_secret_key )
1207
add_to_strlist( &namelist, opt.def_secret_key );
1209
add_to_strlist( &namelist, name );
1213
rc = key_byname( retctx, namelist, NULL, sk, 1, include_unusable,
1216
free_strlist( namelist );
1218
if( !rc && unprotect )
1219
rc = check_secret_key( sk, 0 );
1117
1284
if (!rc && sk )
1118
1285
sk_from_block ( &ctx, sk, kb );
1119
1286
release_kbnode ( kb );
1120
get_pubkey_end( &ctx );
1287
get_seckey_end( &ctx );
1123
rc = GPG_ERR_GENERAL; /* Oops */
1290
rc = G10ERR_GENERAL; /* Oops */
1295
/* Search for a secret key with the given fingerprint and return the
1296
complete keyblock which may have more than only this key. */
1298
get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
1302
struct getkey_ctx_s ctx;
1304
if (fprint_len != 20 && fprint_len == 16)
1305
return G10ERR_GENERAL; /* Oops */
1307
memset (&ctx, 0, sizeof ctx);
1308
ctx.not_allocated = 1;
1309
ctx.kr_handle = keydb_new (1);
1311
ctx.items[0].mode = (fprint_len==16
1312
? KEYDB_SEARCH_MODE_FPR16
1313
: KEYDB_SEARCH_MODE_FPR20);
1314
memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
1315
rc = lookup (&ctx, ret_keyblock, 1);
1316
get_seckey_end (&ctx);
1128
1323
/************************************************
1129
1324
************* Merging stuff ********************
1238
1486
const byte *p, *sym, *hash, *zip;
1239
1487
size_t n, nsym, nhash, nzip;
1489
sig->flags.chosen_selfsig = 1; /* we chose this one */
1241
1490
uid->created = 0; /* not created == invalid */
1242
if ( IS_UID_REV ( sig ) ) {
1491
if ( IS_UID_REV ( sig ) )
1243
1493
uid->is_revoked = 1;
1244
1494
return; /* has been revoked */
1497
uid->is_revoked = 0;
1499
uid->expiredate = sig->expiredate;
1501
if (sig->flags.expired)
1503
uid->is_expired = 1;
1504
return; /* has expired */
1507
uid->is_expired = 0;
1247
1509
uid->created = sig->timestamp; /* this one is okay */
1248
1510
uid->selfsigversion = sig->version;
1249
1511
/* If we got this far, it's not expired :) */
1250
1512
uid->is_expired = 0;
1251
uid->expiredate = sig->expiredate;
1253
1514
/* store the key flags in the helper variable for later processing */
1254
uid->help_key_usage = 0;
1255
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
1257
/* first octet of the keyflags */
1259
uid->help_key_usage |= PUBKEY_USAGE_SIG;
1261
uid->help_key_usage |= PUBKEY_USAGE_ENC;
1262
/* Note: we do not set the CERT flag here because it can be assumed
1263
* that thre is no real policy to set it. */
1265
uid->help_key_usage |= PUBKEY_USAGE_AUTH;
1515
uid->help_key_usage=parse_key_usage(sig);
1268
/* ditto or the key expiration */
1269
uid->help_key_expire = 0;
1517
/* ditto for the key expiration */
1270
1518
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
1272
uid->help_key_expire = keycreated + buffer_to_u32(p);
1519
if( p && buffer_to_u32(p) )
1520
uid->help_key_expire = keycreated + buffer_to_u32(p);
1522
uid->help_key_expire = 0;
1275
1524
/* Set the primary user ID flag - we will later wipe out some
1276
1525
* of them to only have one in our keyblock */
1320
1569
/* see whether we have the MDC feature */
1321
uid->mdc_feature = 0;
1322
1571
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
1323
1572
if (p && n && (p[0] & 0x01))
1324
uid->mdc_feature = 1;
1326
1575
/* and the keyserver modify flag */
1576
uid->flags.ks_modify = 1;
1328
1577
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
1329
1578
if (p && n && (p[0] & 0x80))
1334
merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
1579
uid->flags.ks_modify = 0;
1583
sig_to_revoke_info(PKT_signature *sig,struct revoke_info *rinfo)
1585
rinfo->date = sig->timestamp;
1586
rinfo->algo = sig->pubkey_algo;
1587
rinfo->keyid[0] = sig->keyid[0];
1588
rinfo->keyid[1] = sig->keyid[1];
1592
merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
1336
1594
PKT_public_key *pk = NULL;
1459
1720
pk->numrevkeys*sizeof(struct revocation_key));
1463
1725
/* some information from a direct key signature take precedence
1464
1726
* over the same information given in UID sigs.
1466
1728
PKT_signature *sig = signode->pkt->pkt.signature;
1470
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
1472
/* first octet of the keyflags */
1474
key_usage |= PUBKEY_USAGE_SIG;
1476
key_usage |= PUBKEY_USAGE_ENC;
1478
key_usage |= PUBKEY_USAGE_AUTH;
1731
key_usage=parse_key_usage(sig);
1481
1733
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
1483
key_expire = keytimestamp + buffer_to_u32(p);
1484
key_expire_seen = 1;
1734
if( p && buffer_to_u32(p) )
1736
key_expire = keytimestamp + buffer_to_u32(p);
1737
key_expire_seen = 1;
1487
1740
/* mark that key as valid: one direct key signature should
1488
1741
* render a key as valid */
1489
1742
pk->is_valid = 1;
1492
1745
/* pass 1.5: look for key revocation signatures that were not made
1493
1746
by the key (i.e. did a revocation key issue a revocation for
1494
1747
us?). Only bother to do this if there is a revocation key in
1748
the first place and we're not revoked already. */
1750
if(!*r_revoked && pk->revkey)
1498
1751
for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next )
1500
1753
if ( k->pkt->pkttype == PKT_SIGNATURE )
1504
1757
if(IS_KEY_REV(sig) &&
1505
1758
(sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
1507
/* Failure here means the sig did not verify, is was
1760
int rc=check_revocation_keys(pk,sig);
1764
sig_to_revoke_info(sig,rinfo);
1765
/* don't continue checking since we can't be any
1766
more revoked than this */
1769
else if(rc==G10ERR_NO_PUBKEY)
1770
pk->maybe_revoked=1;
1772
/* A failure here means the sig did not verify, was
1508
1773
not issued by a revocation key, or a revocation
1509
key loop was broken. */
1511
if(check_revocation_keys(pk,sig)==0)
1514
/* In the future handle subkey and cert revocations?
1515
PGP doesn't, but it's in 2440. */
1774
key loop was broken. If a revocation key isn't
1775
findable, however, the key might be revoked and
1776
we don't know it. */
1778
/* TODO: In the future handle subkey and cert
1779
revocations? PGP doesn't, but it's in 2440. */
1834
2091
problem is in the distribution. Plus, PGP (7)
1835
2092
does this the same way. */
1836
2093
subpk->is_revoked = 1;
2094
sig_to_revoke_info(sig,&subpk->revoked);
1837
2095
/* although we could stop now, we continue to
1838
2096
* figure out other information like the old expiration
1841
else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate ) {
2099
else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate )
1842
2101
if(sig->flags.expired)
1843
; /* signature has expired - ignore it */
2102
; /* signature has expired - ignore it */
1845
2105
sigdate = sig->timestamp;
2107
signode->pkt->pkt.signature->flags.chosen_selfsig=0;
1854
return; /* no valid key binding */
2114
/* no valid key binding */
1857
subpk->is_valid = 1;
1858
2118
sig = signode->pkt->pkt.signature;
1860
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
1862
/* first octet of the keyflags */
1864
key_usage |= PUBKEY_USAGE_SIG;
1866
key_usage |= PUBKEY_USAGE_ENC;
1868
key_usage |= PUBKEY_USAGE_AUTH;
1870
if ( !key_usage ) { /* no key flags at all: get it from the algo */
2119
sig->flags.chosen_selfsig=1; /* so we know which selfsig we chose later */
2121
key_usage=parse_key_usage(sig);
2124
/* no key flags at all: get it from the algo */
1871
2125
key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
1873
else { /* check that the usage matches the usage as given by the algo */
2129
/* check that the usage matches the usage as given by the algo */
1874
2130
int x = openpgp_pk_algo_usage ( subpk->pubkey_algo );
1875
2131
if ( x ) /* mask it down to the actual allowed usage */
1878
2135
subpk->pubkey_usage = key_usage;
1880
2137
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
2138
if ( p && buffer_to_u32(p) )
1882
2139
key_expire = keytimestamp + buffer_to_u32(p);
1884
2141
key_expire = 0;
1885
2142
subpk->has_expired = key_expire >= curtime? 0 : key_expire;
1886
2143
subpk->expiredate = key_expire;
2145
/* algo doesn't exist */
2146
if(openpgp_pk_test_algo(subpk->pubkey_algo))
2149
subpk->is_valid = 1;
2151
/* Find the first 0x19 embedded signature on our self-sig. */
2152
if(subpk->backsig==0)
2157
/* We do this while() since there may be other embedded
2158
signatures in the future. We only want 0x19 here. */
2159
while((p=enum_sig_subpkt(sig->hashed,
2160
SIGSUBPKT_SIGNATURE,&n,&seq,NULL)))
2161
if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
2167
/* It is safe to have this in the unhashed area since the
2168
0x19 is located on the selfsig for convenience, not
2170
while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,
2172
if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
2178
PKT_signature *backsig=xmalloc_clear(sizeof(PKT_signature));
2179
IOBUF backsig_buf=iobuf_temp_with_content(p,n);
2180
int save_mode=set_packet_list_mode(0);
2182
if(parse_signature(backsig_buf,PKT_SIGNATURE,n,backsig)==0)
2184
if(check_backsig(mainpk,subpk,backsig)==0)
2190
set_packet_list_mode(save_mode);
2192
iobuf_close(backsig_buf);
2193
free_seckey_enc(backsig);
1892
2200
* Merge information from the self-signatures with the key, so that
1893
2201
* we can later use them more easy.
2508
2823
/****************
2509
2824
* Return a string with a printable representation of the user_id.
2510
* this string must be freed by m_free.
2825
* this string must be freed by xfree.
2513
2828
get_user_id_string( u32 *keyid )
2518
/* try it two times; second pass reads from key resources */
2520
for(r=user_id_db; r; r = r->next ) {
2522
for (a=r->keyids; a; a= a->next ) {
2523
if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) {
2524
p = xmalloc ( r->len + 10 );
2525
sprintf(p, "%08lX %.*s",
2526
(ulong)keyid[1], r->len, r->name );
2833
/* try it two times; second pass reads from key resources */
2836
for(r=user_id_db; r; r = r->next )
2839
for (a=r->keyids; a; a= a->next )
2841
if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] )
2843
p = xmalloc( keystrlen() + 1 + r->len + 1 );
2844
sprintf(p, "%s %.*s", keystr(keyid), r->len, r->name );
2531
2849
} while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
2533
sprintf(p, "%08lX [?]", (ulong)keyid[1] );
2850
p = xmalloc( keystrlen() + 5 );
2851
sprintf(p, "%s [?]", keystr(keyid));
2539
get_user_id_string_printable ( u32 *keyid )
2857
get_user_id_string_native ( u32 *keyid )
2541
char *p = get_user_id_string( keyid );
2542
char *p2 = utf8_to_native( p, strlen(p), 0 );
2544
p = make_printable_string (p2, strlen (p2), 0);
2859
char *p = get_user_id_string( keyid );
2860
char *p2 = utf8_to_native( p, strlen(p), 0 );
2617
2931
return ctx->kr_handle;
2935
free_akl(struct akl *akl)
2938
free_keyserver_spec(akl->spec);
2946
while(opt.auto_key_locate)
2948
struct akl *akl2=opt.auto_key_locate;
2949
opt.auto_key_locate=opt.auto_key_locate->next;
2955
parse_auto_key_locate(char *options)
2959
while((tok=optsep(&options)))
2961
struct akl *akl,*check,*last=NULL;
2967
akl=xmalloc_clear(sizeof(*akl));
2969
if(ascii_strcasecmp(tok,"ldap")==0)
2971
else if(ascii_strcasecmp(tok,"keyserver")==0)
2972
akl->type=AKL_KEYSERVER;
2974
else if(ascii_strcasecmp(tok,"cert")==0)
2978
else if(ascii_strcasecmp(tok,"pka")==0)
2981
else if((akl->spec=parse_keyserver_uri(tok,1,NULL,0)))
2989
/* We must maintain the order the user gave us */
2990
for(check=opt.auto_key_locate;check;last=check,check=check->next)
2992
/* Check for duplicates */
2993
if(check->type==akl->type
2994
&& (akl->type!=AKL_SPEC
2995
|| (akl->type==AKL_SPEC
2996
&& strcmp(check->spec->uri,akl->spec->uri)==0)))
3009
opt.auto_key_locate=akl;