1
/* keyring.c - keyring file handling
2
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
4
* This file is part of GnuPG.
6
* GnuPG is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* GnuPG is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
28
#include <sys/types.h>
37
#include "main.h" /*for check_key_signature()*/
40
/* off_item is a funny named for an object used to keep track of known
41
* keys. The idea was to use the offset to seek to the known keyblock, but
42
* this is not possible if more than one process is using the keyring.
45
struct off_item *next;
50
typedef struct off_item **OffsetHashTable;
53
typedef struct keyring_name *KR_NAME;
55
struct keyring_name *next;
62
typedef struct keyring_name const * CONST_KR_NAME;
64
static KR_NAME kr_names;
65
static int active_handles;
67
static OffsetHashTable kr_offtbl;
68
static int kr_offtbl_ready;
71
struct keyring_handle {
72
CONST_KR_NAME resource;
73
int secret; /* this is for a secret keyring */
85
unsigned int n_packets; /*used for delete and update*/
95
static int do_copy (int mode, const char *fname, KBNODE root, int secret,
96
off_t start_offset, unsigned int n_packets );
100
static struct off_item *
101
new_offset_item (void)
105
k = xcalloc (1,sizeof *k);
111
release_offset_items (struct off_item *k)
123
static OffsetHashTable
124
new_offset_hash_table (void)
126
struct off_item **tbl;
128
tbl = xcalloc (2048, sizeof *tbl);
134
release_offset_hash_table (OffsetHashTable tbl)
140
for (i=0; i < 2048; i++)
141
release_offset_items (tbl[i]);
146
static struct off_item *
147
lookup_offset_hash_table (OffsetHashTable tbl, u32 *kid)
151
for (k = tbl[(kid[1] & 0x07ff)]; k; k = k->next)
152
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
158
update_offset_hash_table (OffsetHashTable tbl, u32 *kid, off_t off)
162
for (k = tbl[(kid[1] & 0x07ff)]; k; k = k->next)
164
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
171
k = new_offset_item ();
175
k->next = tbl[(kid[1] & 0x07ff)];
176
tbl[(kid[1] & 0x07ff)] = k;
180
update_offset_hash_table_from_kb (OffsetHashTable tbl, KBNODE node, off_t off)
182
for (; node; node = node->next)
184
if (node->pkt->pkttype == PKT_PUBLIC_KEY
185
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
188
keyid_from_pk (node->pkt->pkt.public_key, aki);
189
update_offset_hash_table (tbl, aki, off);
195
* Register a filename for plain keyring files. ptr is set to a
196
* pointer to be used to create a handles etc, or the already-issued
197
* pointer if it has already been registered. The function returns 1
198
* if a new keyring was registered.
201
keyring_register_filename (const char *fname, int secret, void **ptr)
206
BUG (); /* We don't allow that */
208
for (kr=kr_names; kr; kr = kr->next)
210
if ( !compare_filenames (kr->fname, fname) )
213
return 0; /* already registered */
217
kr = xmalloc (sizeof *kr + strlen (fname));
218
strcpy (kr->fname, fname);
219
kr->secret = !!secret;
222
kr->did_full_scan = 0;
223
/* keep a list of all issued pointers */
227
/* create the offset table the first time a function here is used */
229
kr_offtbl = new_offset_hash_table ();
237
keyring_is_writable (void *token)
241
return r? !access (r->fname, W_OK) : 0;
246
/* Create a new handle for the resource associated with TOKEN. SECRET
247
is just just as a cross-check.
249
The returned handle must be released using keyring_release (). */
251
keyring_new (void *token, int secret)
254
KR_NAME resource = token;
256
assert (resource && !resource->secret == !secret);
258
hd = xcalloc (1,sizeof *hd);
259
hd->resource = resource;
260
hd->secret = !!secret;
266
keyring_release (KEYRING_HANDLE hd)
270
assert (active_handles > 0);
272
xfree (hd->word_match.name);
273
xfree (hd->word_match.pattern);
274
iobuf_close (hd->current.iobuf);
280
keyring_get_resource_name (KEYRING_HANDLE hd)
282
if (!hd || !hd->resource)
284
return hd->resource->fname;
289
* Lock the keyring with the given handle, or unlok if yes is false.
290
* We ignore the handle and lock all registered files.
293
keyring_lock (KEYRING_HANDLE hd, int yes)
299
/* first make sure the lock handles are created */
300
for (kr=kr_names; kr; kr = kr->next) {
301
if (!keyring_is_writable(kr))
304
kr->lockhd = create_dotlock( kr->fname );
306
log_info ("can't allocate lock for `%s'\n", kr->fname );
307
rc = GPG_ERR_GENERAL;
314
/* and now set the locks */
315
for (kr=kr_names; kr; kr = kr->next) {
316
if (!keyring_is_writable(kr))
320
else if (make_dotlock (kr->lockhd, -1) ) {
321
log_info ("can't lock `%s'\n", kr->fname );
322
rc = GPG_ERR_GENERAL;
330
for (kr=kr_names; kr; kr = kr->next) {
331
if (!keyring_is_writable(kr))
335
else if (release_dotlock (kr->lockhd))
336
log_info ("can't unlock `%s'\n", kr->fname );
348
* Return the last found keyring. Caller must free it.
349
* The returned keyblock has the kbode flag bit 0 set for the node with
350
* the public key used to locate the keyblock or flag bit 1 set for
354
keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
358
KBNODE keyblock = NULL, node, lastnode;
369
return -1; /* no successful search */
371
a = iobuf_open (hd->found.kr->fname);
373
log_error ("can't open `%s'\n", hd->found.kr->fname);
374
return GPG_ERR_KEYRING_OPEN;
377
if (iobuf_seek (a, hd->found.offset) ) {
378
log_error ("can't seek `%s'\n", hd->found.kr->fname);
380
return GPG_ERR_KEYRING_OPEN;
383
pkt = xmalloc (sizeof *pkt);
385
hd->found.n_packets = 0;;
387
save_mode = set_packet_list_mode(0);
388
while ((rc=parse_packet (a, pkt)) != -1) {
389
hd->found.n_packets++;
390
if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
396
log_error ("keyring_get_keyblock: read error: %s\n",
398
rc = GPG_ERR_INV_KEYRING;
401
if (pkt->pkttype == PKT_COMPRESSED) {
402
log_error ("skipped compressed packet in keyring\n");
408
if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY
409
|| pkt->pkttype == PKT_SECRET_KEY)) {
410
hd->found.n_packets--; /* fix counter */
415
if (pkt->pkttype == PKT_RING_TRUST) {
416
/*(this code is duplicated after the loop)*/
418
&& lastnode->pkt->pkttype == PKT_SIGNATURE
419
&& (pkt->pkt.ring_trust->sigcache & 1) ) {
420
/* this is a ring trust packet with a checked signature
421
* status cache following directly a signature paket.
422
* Set the cache status into that signature packet */
423
PKT_signature *sig = lastnode->pkt->pkt.signature;
425
sig->flags.checked = 1;
426
sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
428
/* reset lastnode, so that we set the cache status only from
429
* the ring trust packet immediately folling a signature */
433
node = lastnode = new_kbnode (pkt);
437
add_kbnode (keyblock, node);
439
if ( pkt->pkttype == PKT_PUBLIC_KEY
440
|| pkt->pkttype == PKT_PUBLIC_SUBKEY
441
|| pkt->pkttype == PKT_SECRET_KEY
442
|| pkt->pkttype == PKT_SECRET_SUBKEY) {
443
if (++pk_no == hd->found.pk_no)
446
else if ( pkt->pkttype == PKT_USER_ID) {
447
if (++uid_no == hd->found.uid_no)
452
pkt = xmalloc (sizeof *pkt);
455
set_packet_list_mode(save_mode);
457
if (rc == -1 && keyblock)
458
rc = 0; /* got the entire keyblock */
461
release_kbnode (keyblock);
463
/*(duplicated form the loop body)*/
464
if ( pkt && pkt->pkttype == PKT_RING_TRUST
466
&& lastnode->pkt->pkttype == PKT_SIGNATURE
467
&& (pkt->pkt.ring_trust->sigcache & 1) ) {
468
PKT_signature *sig = lastnode->pkt->pkt.signature;
469
sig->flags.checked = 1;
470
sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
478
/* Make sure that future search operations fail immediately when
479
* we know that we are working on a invalid keyring
481
if (gpg_err_code (rc) == GPG_ERR_INV_KEYRING)
482
hd->current.error = rc;
488
keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
493
return -1; /* no successful prior search */
495
if (!hd->found.n_packets) {
496
/* need to know the number of packets - do a dummy get_keyblock*/
497
rc = keyring_get_keyblock (hd, NULL);
499
log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
502
if (!hd->found.n_packets)
506
/* The open iobuf isn't needed anymore and in fact is a problem when
507
it comes to renaming the keyring files on some operating systems,
509
iobuf_close(hd->current.iobuf);
510
hd->current.iobuf = NULL;
513
rc = do_copy (3, hd->found.kr->fname, kb, hd->secret,
514
hd->found.offset, hd->found.n_packets );
516
if (!hd->secret && kr_offtbl)
518
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
520
/* better reset the found info */
522
hd->found.offset = 0;
528
keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
535
else if (hd->found.kr)
536
fname = hd->found.kr->fname;
537
else if (hd->current.kr)
538
fname = hd->current.kr->fname;
540
fname = hd->resource? hd->resource->fname:NULL;
543
return GPG_ERR_GENERAL;
545
/* close this one otherwise we will lose the position for
546
* a next search. Fixme: it would be better to adjust the position
547
* after the write opertions.
549
iobuf_close (hd->current.iobuf);
550
hd->current.iobuf = NULL;
553
rc = do_copy (1, fname, kb, hd->secret, 0, 0 );
554
if (!rc && !hd->secret && kr_offtbl)
556
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
564
keyring_delete_keyblock (KEYRING_HANDLE hd)
569
return -1; /* no successful prior search */
571
if (!hd->found.n_packets) {
572
/* need to know the number of packets - do a dummy get_keyblock*/
573
rc = keyring_get_keyblock (hd, NULL);
575
log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
578
if (!hd->found.n_packets)
582
/* close this one otherwise we will lose the position for
583
* a next search. Fixme: it would be better to adjust the position
584
* after the write opertions.
586
iobuf_close (hd->current.iobuf);
587
hd->current.iobuf = NULL;
590
rc = do_copy (2, hd->found.kr->fname, NULL, hd->secret,
591
hd->found.offset, hd->found.n_packets );
593
/* better reset the found info */
595
hd->found.offset = 0;
596
/* Delete is a rare operations, so we don't remove the keys
597
* from the offset table */
605
* Start the next search on this handle right at the beginning
608
keyring_search_reset (KEYRING_HANDLE hd)
612
hd->current.kr = NULL;
613
iobuf_close (hd->current.iobuf);
614
hd->current.iobuf = NULL;
616
hd->current.error = 0;
619
hd->found.offset = 0;
625
prepare_search (KEYRING_HANDLE hd)
627
if (hd->current.error)
628
return hd->current.error; /* still in error state */
630
if (hd->current.kr && !hd->current.eof) {
631
if ( !hd->current.iobuf )
632
return GPG_ERR_GENERAL; /* position invalid after a modify */
636
if (!hd->current.kr && hd->current.eof)
637
return -1; /* still EOF */
639
if (!hd->current.kr) { /* start search with first keyring */
640
hd->current.kr = hd->resource;
641
if (!hd->current.kr) {
643
return -1; /* keyring not available */
645
assert (!hd->current.iobuf);
648
iobuf_close (hd->current.iobuf);
649
hd->current.iobuf = NULL;
650
hd->current.kr = NULL;
656
hd->current.iobuf = iobuf_open (hd->current.kr->fname);
657
if (!hd->current.iobuf) {
658
hd->current.error = gpg_error_from_errno (errno);
659
log_error ("can't open `%s'\n", hd->current.kr->fname );
660
return hd->current.error;
667
/* A map of the all characters valid used for word_match()
668
* Valid characters are in in this table converted to uppercase.
669
* because the upper 128 bytes have special meaning, we assume
670
* that they are all valid.
671
* Note: We must use numerical values here in case that this program
672
* will be converted to those little blue HAL9000s with their strange
673
* EBCDIC character set (user ids are UTF-8).
674
* wk 2000-04-13: Hmmm, does this really make sense, given the fact that
675
* we can run gpg now on a S/390 running GNU/Linux, where the code
676
* translation is done by the device drivers?
678
static const byte word_match_chars[256] = {
679
/* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
680
/* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
681
/* 10 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
682
/* 18 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
683
/* 20 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
684
/* 28 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
685
/* 30 */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
686
/* 38 */ 0x38, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
687
/* 40 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
688
/* 48 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
689
/* 50 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
690
/* 58 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
691
/* 60 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
692
/* 68 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
693
/* 70 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
694
/* 78 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
695
/* 80 */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
696
/* 88 */ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
697
/* 90 */ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
698
/* 98 */ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
699
/* a0 */ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
700
/* a8 */ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
701
/* b0 */ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
702
/* b8 */ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
703
/* c0 */ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
704
/* c8 */ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
705
/* d0 */ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
706
/* d8 */ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
707
/* e0 */ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
708
/* e8 */ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
709
/* f0 */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
710
/* f8 */ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
714
* Do a word match (original user id starts with a '+').
715
* The pattern is already tokenized to a more suitable format:
716
* There are only the real words in it delimited by one space
717
* and all converted to uppercase.
719
* Returns: 0 if all words match.
721
* Note: This algorithm is a straightforward one and not very
722
* fast. It works for UTF-8 strings. The uidlen should
723
* be removed but due to the fact that old versions of
724
* pgp don't use UTF-8 we still use the length; this should
725
* be fixed in parse-packet (and replace \0 by some special
729
word_match( const byte *uid, size_t uidlen, const byte *pattern )
735
for( s=pattern; *s; ) {
737
/* skip leading delimiters */
738
while( uidlen && !word_match_chars[*uid] )
740
/* get length of the word */
742
while( n && word_match_chars[*p] )
745
/* and compare against the current word from pattern */
746
for(n=0, p=uid; n < wlen && s[n] != ' ' && s[n] ; n++, p++ ) {
747
if( word_match_chars[*p] != s[n] )
750
if( n == wlen && (s[n] == ' ' || !s[n]) )
756
return -1; /* not found */
758
/* advance to next word in pattern */
759
for(; *s != ' ' && *s ; s++ )
764
return 0; /* found */
768
* prepare word word_match; that is parse the name and
770
* caller has to free the returned pattern
773
prepare_word_match (const byte *name)
778
/* the original length is always enough for the pattern */
779
p = pattern = xmalloc (strlen(name)+1);
781
/* skip leading delimiters */
782
while( *name && !word_match_chars[*name] )
784
/* copy as long as we don't have a delimiter and convert
786
* fixme: how can we handle utf8 uppercasing */
787
for( ; *name && (c=word_match_chars[*name]); name++ )
789
*p++ = ' '; /* append pattern delimiter */
791
p[-1] = 0; /* replace last pattern delimiter by EOS */
800
compare_name (int mode, const char *name, const char *uid, size_t uidlen)
805
if (mode == KEYDB_SEARCH_MODE_EXACT) {
806
for (i=0; name[i] && uidlen; i++, uidlen--)
807
if (uid[i] != name[i])
809
if (!uidlen && !name[i])
810
return 0; /* found */
812
else if (mode == KEYDB_SEARCH_MODE_SUBSTR) {
813
if (ascii_memistr( uid, uidlen, name ))
816
else if ( mode == KEYDB_SEARCH_MODE_MAIL
817
|| mode == KEYDB_SEARCH_MODE_MAILSUB
818
|| mode == KEYDB_SEARCH_MODE_MAILEND) {
819
for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
822
/* skip opening delim and one char and look for the closing one*/
824
for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
828
if (mode == KEYDB_SEARCH_MODE_MAIL) {
829
if( strlen(name)-2 == i
830
&& !ascii_memcasecmp( s, name+1, i) )
833
else if (mode == KEYDB_SEARCH_MODE_MAILSUB) {
834
if( ascii_memistr( s, i, name ) )
837
else { /* email from end */
843
else if (mode == KEYDB_SEARCH_MODE_WORDS)
844
return word_match (uid, uidlen, name);
848
return -1; /* not found */
853
* Search through the keyring(s), starting at the current position,
854
* for a keyblock which contains one of the keys described in the DESC array.
857
keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
858
size_t ndesc, size_t *descindex)
863
off_t offset, main_offset;
865
int need_uid, need_words, need_keyid, need_fpr, any_skip;
869
PKT_user_id *uid = NULL;
870
PKT_public_key *pk = NULL;
871
PKT_secret_key *sk = NULL;
874
/* figure out what information we need */
875
need_uid = need_words = need_keyid = need_fpr = any_skip = 0;
876
for (n=0; n < ndesc; n++)
878
switch (desc[n].mode)
880
case KEYDB_SEARCH_MODE_EXACT:
881
case KEYDB_SEARCH_MODE_SUBSTR:
882
case KEYDB_SEARCH_MODE_MAIL:
883
case KEYDB_SEARCH_MODE_MAILSUB:
884
case KEYDB_SEARCH_MODE_MAILEND:
887
case KEYDB_SEARCH_MODE_WORDS:
891
case KEYDB_SEARCH_MODE_SHORT_KID:
892
case KEYDB_SEARCH_MODE_LONG_KID:
895
case KEYDB_SEARCH_MODE_FPR16:
896
case KEYDB_SEARCH_MODE_FPR20:
897
case KEYDB_SEARCH_MODE_FPR:
900
case KEYDB_SEARCH_MODE_FIRST:
901
/* always restart the search in this mode */
902
keyring_search_reset (hd);
913
rc = prepare_search (hd);
917
use_offtbl = !hd->secret && kr_offtbl;
920
else if (!kr_offtbl_ready)
922
else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
926
oi = lookup_offset_hash_table (kr_offtbl, desc[0].u.kid);
928
{ /* We know that we don't have this key */
933
/* We could now create a positive search status and return.
934
* However the problem is that another instance of gpg may
935
* have changed the keyring so that the offsets are not valid
936
* anymore - therefore we don't do it
942
const char *name = NULL;
944
log_debug ("word search mode does not yet work\n");
945
/* FIXME: here is a long standing bug in our function and in addition we
946
just use the first search description */
947
for (n=0; n < ndesc && !name; n++)
949
if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
950
name = desc[n].u.name;
953
if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
956
xfree (hd->word_match.name);
957
xfree (hd->word_match.pattern);
958
hd->word_match.name = xstrdup (name);
959
hd->word_match.pattern = prepare_word_match (name);
961
name = hd->word_match.pattern;
965
save_mode = set_packet_list_mode(0);
970
initial_skip = 1; /* skip until we see the start of a keyblock */
971
while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid)))
973
byte afp[MAX_FINGERPRINT_LEN];
976
if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY)
978
main_offset = offset;
991
if ( pkt.pkttype == PKT_PUBLIC_KEY
992
|| pkt.pkttype == PKT_PUBLIC_SUBKEY)
994
pk = pkt.pkt.public_key;
998
fingerprint_from_pk (pk, afp, &an);
999
while (an < 20) /* fill up to 20 bytes */
1003
keyid_from_pk (pk, aki);
1005
if (use_offtbl && !kr_offtbl_ready)
1006
update_offset_hash_table (kr_offtbl, aki, main_offset);
1008
else if (pkt.pkttype == PKT_USER_ID)
1010
uid = pkt.pkt.user_id;
1013
else if ( pkt.pkttype == PKT_SECRET_KEY
1014
|| pkt.pkttype == PKT_SECRET_SUBKEY)
1016
sk = pkt.pkt.secret_key;
1020
fingerprint_from_sk (sk, afp, &an);
1021
while (an < 20) /* fill up to 20 bytes */
1025
keyid_from_sk (sk, aki);
1029
for (n=0; n < ndesc; n++)
1031
switch (desc[n].mode) {
1032
case KEYDB_SEARCH_MODE_NONE:
1035
case KEYDB_SEARCH_MODE_EXACT:
1036
case KEYDB_SEARCH_MODE_SUBSTR:
1037
case KEYDB_SEARCH_MODE_MAIL:
1038
case KEYDB_SEARCH_MODE_MAILSUB:
1039
case KEYDB_SEARCH_MODE_MAILEND:
1040
case KEYDB_SEARCH_MODE_WORDS:
1041
if ( uid && !compare_name (desc[n].mode,
1043
uid->name, uid->len))
1047
case KEYDB_SEARCH_MODE_SHORT_KID:
1048
if ((pk||sk) && desc[n].u.kid[1] == aki[1])
1051
case KEYDB_SEARCH_MODE_LONG_KID:
1052
if ((pk||sk) && desc[n].u.kid[0] == aki[0]
1053
&& desc[n].u.kid[1] == aki[1])
1056
case KEYDB_SEARCH_MODE_FPR16:
1057
if ((pk||sk) && !memcmp (desc[n].u.fpr, afp, 16))
1060
case KEYDB_SEARCH_MODE_FPR20:
1061
case KEYDB_SEARCH_MODE_FPR:
1062
if ((pk||sk) && !memcmp (desc[n].u.fpr, afp, 20))
1065
case KEYDB_SEARCH_MODE_FIRST:
1069
case KEYDB_SEARCH_MODE_NEXT:
1074
rc = GPG_ERR_INV_ARG;
1081
/* Record which desc we matched on. Note this value is only
1082
meaningful if this function returns with no errors. */
1085
for (n=any_skip?0:ndesc; n < ndesc; n++)
1088
&& desc[n].skipfnc (desc[n].skipfncvalue, aki))
1098
hd->found.offset = main_offset;
1099
hd->found.kr = hd->current.kr;
1100
hd->found.pk_no = (pk||sk)? pk_no : 0;
1101
hd->found.uid_no = uid? uid_no : 0;
1105
hd->current.eof = 1;
1106
/* if we scanned all keyrings, we are sure that
1107
* all known key IDs are in our offtbl, mark that. */
1108
if (use_offtbl && !kr_offtbl_ready)
1112
/* First set the did_full_scan flag for this keyring (ignore
1114
for (kr=kr_names; kr; kr = kr->next)
1116
if (!kr->secret && hd->resource == kr)
1118
kr->did_full_scan = 1;
1122
/* Then check whether all flags are set and if so, mark the
1124
for (kr=kr_names; kr; kr = kr->next)
1126
if (!kr->secret && !kr->did_full_scan)
1130
kr_offtbl_ready = 1;
1134
hd->current.error = rc;
1137
set_packet_list_mode(save_mode);
1143
create_tmp_file (const char *template,
1144
char **r_bakfname, char **r_tmpfname, iobuf_t *r_fp)
1146
char *bakfname, *tmpfname;
1152
# ifdef USE_ONLY_8DOT3
1153
/* Here is another Windoze bug?:
1154
* you cant rename("pubring.gpg.tmp", "pubring.gpg");
1155
* but rename("pubring.gpg.tmp", "pubring.aaa");
1156
* works. So we replace .gpg by .bak or .tmp
1158
if (strlen (template) > 4
1159
&& !strcmp (template+strlen(template)-4, EXTSEP_S "gpg") )
1161
bakfname = xmalloc (strlen (template) + 1);
1162
strcpy (bakfname, template);
1163
strcpy (bakfname+strlen(template)-4, EXTSEP_S "bak");
1165
tmpfname = xmalloc (strlen( template ) + 1 );
1166
strcpy (tmpfname,template);
1167
strcpy (tmpfname+strlen(template)-4, EXTSEP_S "tmp");
1170
{ /* file does not end with gpg; hmmm */
1171
bakfname = xmalloc (strlen( template ) + 5);
1172
strcpy (stpcpy(bakfname, template), EXTSEP_S "bak");
1174
tmpfname = xmalloc (strlen( template ) + 5);
1175
strcpy (stpcpy(tmpfname, template), EXTSEP_S "tmp");
1177
# else /* Posix file names */
1178
bakfname = xmalloc (strlen( template ) + 2);
1179
strcpy (stpcpy (bakfname,template),"~");
1181
tmpfname = xmalloc (strlen( template ) + 5);
1182
strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
1183
# endif /* Posix filename */
1185
/* Create the temp file with limited access */
1187
*r_fp = iobuf_create (tmpfname);
1190
int tmperr = gpg_error_from_errno (errno);
1191
log_error ("can't create `%s': %s\n", tmpfname, strerror(errno) );
1197
*r_bakfname = bakfname;
1198
*r_tmpfname = tmpfname;
1204
rename_tmp_file (const char *bakfname, const char *tmpfname,
1205
const char *fname, int secret )
1209
/* invalidate close caches*/
1210
iobuf_ioctl (NULL, 2, 0, (char*)tmpfname );
1211
iobuf_ioctl (NULL, 2, 0, (char*)bakfname );
1212
iobuf_ioctl (NULL, 2, 0, (char*)fname );
1214
/* first make a backup file except for secret keyrings */
1217
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
1220
if (rename (fname, bakfname) )
1222
int tmperr = gpg_error_from_errno (errno);
1223
log_error ("renaming `%s' to `%s' failed: %s\n",
1224
fname, bakfname, strerror(errno) );
1229
/* then rename the file */
1230
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
1233
if (rename (tmpfname, fname) )
1235
rc = gpg_error_from_errno (errno);
1236
log_error ("renaming `%s' to `%s' failed: %s\n",
1237
tmpfname, fname, strerror(errno) );
1240
log_info(_("WARNING: 2 files with confidential"
1241
" information exists.\n"));
1242
log_info(_("%s is the unchanged one\n"), fname );
1243
log_info(_("%s is the new one\n"), tmpfname );
1244
log_info(_("Please fix this possible security flaw\n"));
1249
/* Now make sure the file has the same permissions as the original */
1251
#ifndef HAVE_DOSISH_SYSTEM
1253
struct stat statbuf;
1255
statbuf.st_mode=S_IRUSR | S_IWUSR;
1257
if(((secret && !opt.preserve_permissions) ||
1258
(stat(bakfname,&statbuf)==0)) &&
1259
(chmod(fname,statbuf.st_mode)==0))
1262
log_error("WARNING: unable to restore permissions to `%s': %s",
1263
fname,strerror(errno));
1272
write_keyblock (iobuf_t fp, KBNODE keyblock)
1274
KBNODE kbctx = NULL, node;
1277
while ( (node = walk_kbnode (keyblock, &kbctx, 0)) )
1279
if (node->pkt->pkttype == PKT_RING_TRUST)
1280
continue; /* we write it later on our own */
1282
if ( (rc = build_packet (fp, node->pkt) ))
1284
log_error ("build_packet(%d) failed: %s\n",
1285
node->pkt->pkttype, gpg_strerror (rc) );
1288
if (node->pkt->pkttype == PKT_SIGNATURE)
1289
{ /* always write a signature cache packet */
1290
PKT_signature *sig = node->pkt->pkt.signature;
1291
unsigned int cacheval = 0;
1293
if (sig->flags.checked)
1296
if (sig->flags.valid)
1299
iobuf_put (fp, 0xb0); /* old style packet 12, 1 byte len*/
1300
iobuf_put (fp, 2); /* 2 bytes */
1301
iobuf_put (fp, 0); /* unused */
1302
if (iobuf_put (fp, cacheval)) {
1303
int tmperr = gpg_error_from_errno (errno);
1304
log_error ("writing sigcache packet failed\n");
1313
* Walk over all public keyrings, check the signatures and replace the
1314
* keyring with a new one where the signature cache is then updated.
1315
* This is only done for the public keyrings.
1318
keyring_rebuild_cache (void *token)
1321
KEYDB_SEARCH_DESC desc;
1322
KBNODE keyblock = NULL, node;
1323
const char *lastresname = NULL, *resname;
1324
iobuf_t tmpfp = NULL;
1325
char *tmpfilename = NULL;
1326
char *bakfilename = NULL;
1328
ulong count = 0, sigcount = 0;
1330
hd = keyring_new (token, 0);
1331
memset (&desc, 0, sizeof desc);
1332
desc.mode = KEYDB_SEARCH_MODE_FIRST;
1334
rc=keyring_lock (hd, 1);
1338
while ( !(rc = keyring_search (hd, &desc, 1, NULL)) )
1340
desc.mode = KEYDB_SEARCH_MODE_NEXT;
1341
resname = keyring_get_resource_name (hd);
1342
if (lastresname != resname )
1343
{ /* we have switched to a new keyring - commit changes */
1346
if (iobuf_close (tmpfp))
1348
rc = gpg_error_from_errno (errno);
1349
log_error ("error closing `%s': %s\n",
1350
tmpfilename, strerror (errno));
1353
/* because we have switched resources, we can be sure that
1354
* the original file is closed */
1357
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
1358
lastresname, 0) : 0;
1359
xfree (tmpfilename); tmpfilename = NULL;
1360
xfree (bakfilename); bakfilename = NULL;
1363
lastresname = resname;
1365
log_info (_("checking keyring `%s'\n"), resname);
1366
rc = create_tmp_file (resname, &bakfilename, &tmpfilename, &tmpfp);
1371
release_kbnode (keyblock);
1372
rc = keyring_get_keyblock (hd, &keyblock);
1375
log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc));
1378
assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
1380
/* check all signature to set the signature's cache flags */
1381
for (node=keyblock; node; node=node->next)
1383
if (node->pkt->pkttype == PKT_SIGNATURE)
1385
/* Note that this doesn't cache the result of a
1386
revocation issued by a designated revoker. This is
1387
because the pk in question does not carry the revkeys
1388
as we haven't merged the key and selfsigs. It is
1389
questionable whether this matters very much since
1390
there are very very few designated revoker revocation
1391
packets out there. */
1392
check_key_signature (keyblock, node, NULL);
1397
/* write the keyblock to the temporary file */
1398
rc = write_keyblock (tmpfp, keyblock);
1402
if ( !(++count % 50) && !opt.quiet)
1403
log_info(_("%lu keys checked so far (%lu signatures)\n"),
1406
} /* end main loop */
1411
log_error ("keyring_search failed: %s\n", gpg_strerror (rc));
1414
log_info(_("%lu keys checked (%lu signatures)\n"), count, sigcount );
1417
if (iobuf_close (tmpfp))
1419
rc = gpg_error_from_errno (errno);
1420
log_error ("error closing `%s': %s\n",
1421
tmpfilename, strerror (errno));
1424
/* because we have switched resources, we can be sure that
1425
* the original file is closed */
1428
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
1429
lastresname, 0) : 0;
1430
xfree (tmpfilename); tmpfilename = NULL;
1431
xfree (bakfilename); bakfilename = NULL;
1435
iobuf_cancel (tmpfp);
1436
xfree (tmpfilename);
1437
xfree (bakfilename);
1438
release_kbnode (keyblock);
1439
keyring_lock (hd, 0);
1440
keyring_release (hd);
1446
* Perform insert/delete/update operation.
1452
do_copy (int mode, const char *fname, KBNODE root, int secret,
1453
off_t start_offset, unsigned int n_packets )
1457
char *bakfname = NULL;
1458
char *tmpfname = NULL;
1460
/* Open the source file. Because we do a rname, we have to check the
1461
permissions of the file */
1462
if (access (fname, W_OK))
1463
return gpg_error_from_errno (errno);
1466
fp = iobuf_open (fname);
1467
if (mode == 1 && !fp && errno == ENOENT) {
1468
/* insert mode but file does not exist: create a new file */
1473
newfp = iobuf_create (fname);
1476
int tmperr = gpg_error_from_errno (errno);
1477
log_error (_("%s: can't create: %s\n"),
1478
fname, strerror(errno));
1482
log_info(_("%s: keyring created\n"), fname );
1485
while ( (node = walk_kbnode( root, &kbctx, 0 )) ) {
1486
if( (rc = build_packet( newfp, node->pkt )) ) {
1487
log_error("build_packet(%d) failed: %s\n",
1488
node->pkt->pkttype, gpg_strerror (rc) );
1489
iobuf_cancel(newfp);
1493
if (iobuf_close(newfp)) {
1494
int tmperr = gpg_error_from_errno (errno);
1495
log_error ("%s: close failed: %s\n", fname, strerror(errno));
1498
return 0; /* ready */
1502
rc = gpg_error_from_errno (errno);
1503
log_error ("%s: can't open: %s\n", fname, strerror(errno) );
1507
/* create the new file */
1508
rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp);
1513
if( mode == 1 ) { /* insert */
1514
/* copy everything to the new file */
1515
rc = copy_all_packets (fp, newfp);
1517
log_error("%s: copy to `%s' failed: %s\n",
1518
fname, tmpfname, gpg_strerror (rc) );
1520
iobuf_cancel(newfp);
1526
if( mode == 2 || mode == 3 ) { /* delete or update */
1527
/* copy first part to the new file */
1528
rc = copy_some_packets( fp, newfp, start_offset );
1529
if( rc ) { /* should never get EOF here */
1530
log_error ("%s: copy to `%s' failed: %s\n",
1531
fname, tmpfname, gpg_strerror (rc) );
1533
iobuf_cancel(newfp);
1536
/* skip this keyblock */
1537
assert( n_packets );
1538
rc = skip_some_packets( fp, n_packets );
1540
log_error("%s: skipping %u packets failed: %s\n",
1541
fname, n_packets, gpg_strerror (rc));
1543
iobuf_cancel(newfp);
1548
if( mode == 1 || mode == 3 ) { /* insert or update */
1549
rc = write_keyblock (newfp, root);
1552
iobuf_cancel(newfp);
1557
if( mode == 2 || mode == 3 ) { /* delete or update */
1559
rc = copy_all_packets( fp, newfp );
1561
log_error("%s: copy to `%s' failed: %s\n",
1562
fname, tmpfname, gpg_strerror (rc) );
1564
iobuf_cancel(newfp);
1570
/* close both files */
1571
if( iobuf_close(fp) ) {
1572
rc = gpg_error_from_errno (errno);
1573
log_error("%s: close failed: %s\n", fname, strerror(errno) );
1576
if( iobuf_close(newfp) ) {
1577
rc = gpg_error_from_errno (errno);
1578
log_error("%s: close failed: %s\n", tmpfname, strerror(errno) );
1582
rc = rename_tmp_file (bakfname, tmpfname, fname, secret);