~ubuntu-branches/ubuntu/precise/gnupg2/precise-proposed

Viewing changes to g10/getkey.c

Committer: Bazaar Package Importer
Author(s): Eric Dorland
Date: 2009-03-08 22:46:47 UTC
mfrom: (1.1.11 upstream)
Revision ID: james.westby@ubuntu.com-20090308224647-gq17gatcl71lrc2k

Tags: 2.0.11-1

http://bugs.debian.org/496663

http://bugs.debian.org/496323

* New upstream release. (Closes: #496663)
* debian/control: Make the description a little more distinctive than
gnupg v1's. Thanks Jari Aalto. (Closes: #496323)

files added:
common/b64dec.c

common/percent.c

common/t-b64.c

common/t-percent.c

g10/rmd160.c

g10/rmd160.h

g10/t-rmd160.c

keyserver/gpgkeys_kdns.c

m4/socklen.m4

m4/sys_socket_h.m4

scd/app-geldkarte.c

files modified:
AUTHORS

ChangeLog

Makefile.am

Makefile.in

NEWS

README

THANKS

TODO

VERSION

aclocal.m4

agent/ChangeLog

agent/Makefile.in

agent/agent.h

agent/call-pinentry.c

agent/call-scd.c

agent/command-ssh.c

agent/command.c

agent/divert-scd.c

agent/findkey.c

agent/genkey.c

agent/gpg-agent.c

agent/learncard.c

agent/minip12.c

agent/pksign.c

agent/preset-passphrase.c

agent/protect-tool.c

agent/t-protect.c

agent/trustlist.c

autogen.sh

common/ChangeLog

common/Makefile.am

common/Makefile.in

common/asshelp.c

common/audit.c

common/b64enc.c

common/convert.c

common/estream-printf.c

common/estream.c

common/exechelp.c

common/gettime.c

common/homedir.c

common/http.c

common/i18n.c

common/iobuf.c

common/localename.c

common/miscellaneous.c

common/pka.c

common/signal.c

common/sysutils.c

common/t-convert.c

common/t-gettime.c

common/t-sexputil.c

common/util.h

config.h.in

configure

configure.ac

debian/changelog

debian/control

doc/ChangeLog

doc/DETAILS

doc/FAQ

doc/Makefile.am

doc/Makefile.in

doc/TRANSLATE

doc/com-certs.pem

doc/debugging.texi

doc/examples/trustlist.txt

doc/faq.html

doc/faq.raw

doc/gnupg.info

doc/gnupg.info-1

doc/gnupg.info-2

doc/gpg-agent.texi

doc/gpg.texi

doc/gpgsm.texi

doc/gpgv.texi

doc/help.de.txt

doc/help.txt

doc/opt-homedir.texi

doc/qualified.txt

doc/scdaemon.texi

doc/stamp-vti

doc/tools.texi

doc/version.texi

doc/yat2m.c

g10/ChangeLog

g10/Makefile.am

g10/Makefile.in

g10/build-packet.c

g10/call-agent.c

g10/call-agent.h

g10/card-util.c

g10/cpr.c

g10/exec.c

g10/getkey.c

g10/gpg.c

g10/gpgv.c

g10/import.c

g10/keydb.c

g10/keydb.h

g10/keyedit.c

g10/keygen.c

g10/keyid.c

g10/keylist.c

g10/keyring.c

g10/keyserver.c

g10/main.h

g10/mainproc.c

g10/misc.c

g10/options.h

g10/options.skel

g10/parse-packet.c

g10/passphrase.c

g10/photoid.c

g10/photoid.h

g10/pkclist.c

g10/pkglue.c

g10/pubkey-enc.c

g10/server.c

g10/seskey.c

g10/sig-check.c

g10/sign.c

g10/skclist.c

g10/tdbdump.c

g10/tdbio.c

g10/trustdb.c

g10/trustdb.h

g10/verify.c

gl/Makefile.in

include/ChangeLog

include/Makefile.in

include/cipher.h

jnlib/ChangeLog

jnlib/Makefile.am

jnlib/Makefile.in

jnlib/argparse.c

jnlib/argparse.h

jnlib/dotlock.c

jnlib/dynload.h

jnlib/libjnlib-config.h

jnlib/logging.c

jnlib/logging.h

jnlib/stringhelp.c

jnlib/stringhelp.h

jnlib/t-stringhelp.c

jnlib/t-support.c

jnlib/utf8conv.c

jnlib/w32-afunix.c

jnlib/w32-gettext.c

jnlib/w32help.h

kbx/ChangeLog

kbx/Makefile.am

kbx/Makefile.in

kbx/kbxutil.c

kbx/keybox-blob.c

kbx/keybox-defs.h

kbx/keybox-dump.c

kbx/keybox-file.c

kbx/keybox-init.c

kbx/keybox-search.c

kbx/keybox-update.c

keyserver/ChangeLog

keyserver/Makefile.am

keyserver/Makefile.in

keyserver/curl-shim.c

keyserver/gpgkeys_curl.c

keyserver/gpgkeys_finger.c

keyserver/gpgkeys_hkp.c

keyserver/ksutil.c

keyserver/ksutil.h

keyserver/no-libgcrypt.c

m4/ChangeLog

m4/Makefile.am

m4/Makefile.in

po/ChangeLog

po/POTFILES.in

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/nb.gmo

po/nb.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scd/ChangeLog

scd/Makefile.am

scd/Makefile.in

scd/apdu.c

scd/apdu.h

scd/app-common.h

scd/app-dinsig.c

scd/app-help.c

scd/app-nks.c

scd/app-openpgp.c

scd/app-p15.c

scd/app.c

scd/ccid-driver.c

scd/command.c

scd/iso7816.c

scd/iso7816.h

scd/pcsc-wrapper.c

scd/scdaemon.c

scd/scdaemon.h

sm/ChangeLog

sm/Makefile.in

sm/call-agent.c

sm/call-dirmngr.c

sm/certchain.c

sm/certcheck.c

sm/certdump.c

sm/certlist.c

sm/certreqgen-ui.c

sm/certreqgen.c

sm/encrypt.c

sm/export.c

sm/fingerprint.c

sm/gpgsm.c

sm/gpgsm.h

sm/import.c

sm/keydb.c

sm/keylist.c

sm/qualified.c

sm/server.c

sm/sign.c

sm/verify.c

tests/ChangeLog

tests/Makefile.am

tests/Makefile.in

tests/asschk.c

tests/inittests

tests/openpgp/ChangeLog

tests/openpgp/Makefile.in

tests/openpgp/clearsig.test

tests/pkits/ChangeLog

tests/pkits/Makefile.am

tests/pkits/Makefile.in

tests/pkits/common.sh

tests/pkits/inittests

tools/ChangeLog

tools/Makefile.in

tools/clean-sat.c

tools/gpg-check-pattern.c

tools/gpg-connect-agent.c

tools/gpgconf-comp.c

tools/gpgconf.c

tools/gpgconf.h

tools/gpgkey2ssh.c

tools/gpgparsemail.c

tools/gpgsplit.c

tools/make-dns-cert.c

tools/mk-tdata.c

tools/no-libgcrypt.c

tools/symcryptrun.c

version

Show diffs side-by-side

added added

removed removed

g10/getkey.c

/* getkey.c - Get a key from the database

* 2006, 2007 Free Software Foundation, Inc.

* 2007, 2008 Free Software Foundation, Inc.

* This file is part of GnuPG.

int exact;

KBNODE keyblock;

KBPOS kbpos;

KBNODE found_key; /* pointer into some keyblock */

KBNODE found_key; /* Pointer into some keyblock. */

strlist_t extra_list; /* Will be freed when releasing the context. */

int last_rc;

int req_usage;

int req_algo;

759

760

761

762

static int

762

skip_unusable(void *dummy,u32 *keyid,PKT_user_id *uid)

763

skip_unusable (void *dummy, u32 *keyid, PKT_user_id *uid)

763

764

{

764

765

int unusable=0;

765

766

KBNODE keyblock;

767

768

(void)dummy;

766

769

767

770

keyblock=get_pubkeyblock(keyid);

768

771

if(!keyblock)

912

915

/* Find a public key from NAME and return the keyblock or the key. If

913

916

ret_kdb is not NULL, the KEYDB handle used to locate this keyblock

914

917

is returned and the caller is responsible for closing it. If a key

915

was not found and NAME is a valid RFC822 mailbox and --auto-key-locate

916

has been enabled, we try to import the key via the online mechanisms

917

defined by --auto-key-locate. */

918

was not found (or if local search has been disabled) and NAME is a

919

valid RFC822 mailbox and --auto-key-locate has been enabled, we try

920

to import the key via the online mechanisms defined by

921

--auto-key-locate. */

918

922

int

919

get_pubkey_byname (PKT_public_key *pk,

923

get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,

920

924

const char *name, KBNODE *ret_keyblock,

921

KEYDB_HANDLE *ret_kdbhd, int include_unusable )

925

KEYDB_HANDLE *ret_kdbhd, int include_unusable,

926

int no_akl)

922

927

{

923

928

int rc;

924

929

strlist_t namelist = NULL;

925

926

add_to_strlist( &namelist, name );

927

928

rc = key_byname( NULL, namelist, pk, NULL, 0,

929

include_unusable, ret_keyblock, ret_kdbhd);

930

struct akl *akl;

931

int is_mbox;

932

int nodefault = 0;

933

int anylocalfirst = 0;

934

935

if (retctx)

936

*retctx = NULL;

937

938

is_mbox = is_valid_mailbox (name);

939

940

/* Check whether we the default local search has been disabled.

941

This is the case if either the "nodefault" or the "local" keyword

942

are in the list of auto key locate mechanisms.

943

944

ANYLOCALFIRST is set if the search order has the local method

945

before any other or if "local" is used first by default. This

946

makes sure that if a RETCTX is used it gets only set if a local

947

search has precedence over the other search methods and only then

948

a followup call to get_pubkey_next shall succeed. */

949

if (!no_akl)

950

{

951

for (akl=opt.auto_key_locate; akl; akl=akl->next)

952

if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)

953

{

954

nodefault = 1;

955

break;

956

}

957

for (akl=opt.auto_key_locate; akl; akl=akl->next)

958

if (akl->type != AKL_NODEFAULT)

959

{

960

if (akl->type == AKL_LOCAL)

961

anylocalfirst = 1;

962

break;

963

}

964

}

965

966

if (!nodefault)

967

anylocalfirst = 1;

968

969

if (nodefault && is_mbox)

970

{

971

/* Nodefault but a mailbox - let the AKL locate the key. */

972

rc = G10ERR_NO_PUBKEY;

973

}

974

else

975

{

976

add_to_strlist (&namelist, name);

977

rc = key_byname (retctx, namelist, pk, NULL, 0,

978

include_unusable, ret_keyblock, ret_kdbhd);

979

}

930

980

931

981

/* If the requested name resembles a valid mailbox and automatic

932

982

retrieval has been enabled, we try to import the key. */

933

934

if (rc == G10ERR_NO_PUBKEY && is_valid_mailbox(name))

983

if (gpg_err_code (rc) == G10ERR_NO_PUBKEY && !no_akl && is_mbox)

935

984

{

936

struct akl *akl;

937

938

for(akl=opt.auto_key_locate;akl;akl=akl->next)

985

for (akl=opt.auto_key_locate; akl; akl=akl->next)

939

986

{

940

unsigned char *fpr=NULL;

987

unsigned char *fpr = NULL;

941

988

size_t fpr_len;

942

943

switch(akl->type)

989

int did_key_byname = 0;

990

int no_fingerprint = 0;

991

const char *mechanism = "?";

992

993

switch(akl->type)

944

994

{

995

case AKL_NODEFAULT:

996

/* This is a dummy mechanism. */

997

mechanism = "None";

998

rc = G10ERR_NO_PUBKEY;

999

break;

1000

1001

case AKL_LOCAL:

1002

mechanism = "Local";

1003

did_key_byname = 1;

1004

if (retctx)

1005

{

1006

get_pubkey_end (*retctx);

1007

*retctx = NULL;

1008

}

1009

add_to_strlist (&namelist, name);

1010

rc = key_byname (anylocalfirst? retctx:NULL,

1011

namelist, pk, NULL, 0,

1012

include_unusable, ret_keyblock, ret_kdbhd);

1013

break;

1014

945

1015

case AKL_CERT:

1016

mechanism = "DNS CERT";

946

1017

glo_ctrl.in_auto_key_retrieve++;

947

1018

rc=keyserver_import_cert(name,&fpr,&fpr_len);

948

1019

glo_ctrl.in_auto_key_retrieve--;

949

950

if(rc==0)

951

log_info(_("automatically retrieved `%s' via %s\n"),

952

name,"DNS CERT");

953

1020

break;

954

1021

955

1022

case AKL_PKA:

1023

mechanism = "PKA";

956

1024

glo_ctrl.in_auto_key_retrieve++;

957

1025

rc=keyserver_import_pka(name,&fpr,&fpr_len);

958

1026

glo_ctrl.in_auto_key_retrieve--;

959

960

if(rc==0)

961

log_info(_("automatically retrieved `%s' via %s\n"),

962

name,"PKA");

963

1027

break;

964

1028

965

1029

case AKL_LDAP:

1030

mechanism = "LDAP";

966

1031

glo_ctrl.in_auto_key_retrieve++;

967

1032

rc=keyserver_import_ldap(name,&fpr,&fpr_len);

968

1033

glo_ctrl.in_auto_key_retrieve--;

969

970

if(rc==0)

971

log_info(_("automatically retrieved `%s' via %s\n"),

972

name,"LDAP");

973

1034

break;

974

1035

975

1036

case AKL_KEYSERVER:

979

1040

and getting a whole lot of keys back. */

980

1041

if(opt.keyserver)

981

1042

{

1043

mechanism = opt.keyserver->uri;

982

1044

glo_ctrl.in_auto_key_retrieve++;

983

1045

rc=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);

984

1046

glo_ctrl.in_auto_key_retrieve--;

985

986

if(rc==0)

987

log_info(_("automatically retrieved `%s' via %s\n"),

988

name,opt.keyserver->uri);

989

1047

}

1048

else

1049

{

1050

mechanism = "Unconfigured keyserver";

1051

rc = G10ERR_NO_PUBKEY;

1052

}

990

1053

break;

991

1054

992

1055

case AKL_SPEC:

993

1056

{

994

1057

struct keyserver_spec *keyserver;

995

1058

1059

mechanism = akl->spec->uri;

996

1060

keyserver=keyserver_match(akl->spec);

997

1061

glo_ctrl.in_auto_key_retrieve++;

998

1062

rc=keyserver_import_name(name,&fpr,&fpr_len,keyserver);

999

1063

glo_ctrl.in_auto_key_retrieve--;

1000

1001

if(rc==0)

1002

log_info(_("automatically retrieved `%s' via %s\n"),

1003

name,akl->spec->uri);

1004

1064

}

1005

1065

break;

1006

1066

}

1007

1067

1008

1068

/* Use the fingerprint of the key that we actually fetched.

1009

1069

This helps prevent problems where the key that we fetched

1010

1070

doesn't have the same name that we used to fetch it. In

1012

1072

requirement as the URL might point to a key put in by an

1013

1073

attacker. By forcing the use of the fingerprint, we

1014

1074

won't use the attacker's key here. */

1015

if(rc==0 && fpr)

1075

if (!rc && fpr)

1016

1076

{

1017

int i;

1018

1077

char fpr_string[MAX_FINGERPRINT_LEN*2+1];

1019

1078

1020

1079

assert(fpr_len<=MAX_FINGERPRINT_LEN);

1022

1081

free_strlist(namelist);

1023

1082

namelist=NULL;

1024

1083

1025

for(i=0;i<fpr_len;i++)

1026

sprintf(fpr_string+2*i,"%02X",fpr[i]);

1027

1084

bin2hex (fpr, fpr_len, fpr_string);

1085

1028

1086

if(opt.verbose)

1029

1087

log_info("auto-key-locate found fingerprint %s\n",fpr_string);

1030

1088

1031

1089

add_to_strlist( &namelist, fpr_string );

1032

1033

xfree(fpr);

1034

1090

}

1091

else if (!rc && !fpr && !did_key_byname)

1092

{

1093

no_fingerprint = 1;

1094

rc = G10ERR_NO_PUBKEY;

1095

}

1096

xfree (fpr);

1097

fpr = NULL;

1035

1098

1036

rc = key_byname( NULL, namelist, pk, NULL, 0,

1037

include_unusable, ret_keyblock, ret_kdbhd);

1038

if(rc!=G10ERR_NO_PUBKEY)

1039

break;

1099

if (!rc && !did_key_byname)

1100

{

1101

if (retctx)

1102

{

1103

get_pubkey_end (*retctx);

1104

*retctx = NULL;

1105

}

1106

rc = key_byname (anylocalfirst?retctx:NULL,

1107

namelist, pk, NULL, 0,

1108

include_unusable, ret_keyblock, ret_kdbhd);

1109

}

1110

if (!rc)

1111

{

1112

/* Key found. */

1113

log_info (_("automatically retrieved `%s' via %s\n"),

1114

name, mechanism);

1115

break;

1116

}

1117

if (rc != G10ERR_NO_PUBKEY || opt.verbose || no_fingerprint)

1118

log_info (_("error retrieving `%s' via %s: %s\n"),

1119

name, mechanism,

1120

no_fingerprint? _("No fingerprint"):g10_errstr(rc));

1040

1121

}

1041

1122

}

1042

1123

1043

free_strlist( namelist );

1124

1125

if (rc && retctx)

1126

{

1127

get_pubkey_end (*retctx);

1128

*retctx = NULL;

1129

}

1130

1131

if (retctx && *retctx)

1132

{

1133

assert (!(*retctx)->extra_list);

1134

(*retctx)->extra_list = namelist;

1135

}

1136

else

1137

free_strlist (namelist);

1044

1138

return rc;

1045

1139

}

1046

1140

1141

1047

1142

int

1048

1143

get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk,

1049

1144

strlist_t names, KBNODE *ret_keyblock )

1069

1164

if( ctx ) {

1070

1165

memset (&ctx->kbpos, 0, sizeof ctx->kbpos);

1071

1166

keydb_release (ctx->kr_handle);

1167

free_strlist (ctx->extra_list);

1072

1168

if( !ctx->not_allocated )

1073

1169

xfree( ctx );

1074

1170

}

2042

2138

}

2043

2139

}

2044

2140

2141

/* Convert a buffer to a signature. Useful for 0x19 embedded sigs.

2142

Caller must free the signature when they are done. */

2143

static PKT_signature *

2144

buf_to_sig(const byte *buf,size_t len)

2145

{

2146

PKT_signature *sig=xmalloc_clear(sizeof(PKT_signature));

2147

IOBUF iobuf=iobuf_temp_with_content(buf,len);

2148

int save_mode=set_packet_list_mode(0);

2149

2150

if(parse_signature(iobuf,PKT_SIGNATURE,len,sig)!=0)

2151

{

2152

xfree(sig);

2153

sig=NULL;

2154

}

2155

2156

set_packet_list_mode(save_mode);

2157

iobuf_close(iobuf);

2158

2159

return sig;

2160

}

2045

2161

2046

2162

static void

2047

2163

merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )

2148

2264

2149

2265

subpk->is_valid = 1;

2150

2266

2151

/* Find the first 0x19 embedded signature on our self-sig. */

2267

/* Find the most recent 0x19 embedded signature on our self-sig. */

2152

2268

if(subpk->backsig==0)

2153

2269

{

2154

2270

int seq=0;

2155

2271

size_t n;

2272

PKT_signature *backsig=NULL;

2273

2274

sigdate=0;

2156

2275

2157

2276

/* We do this while() since there may be other embedded

2158

2277

signatures in the future. We only want 0x19 here. */

2278

2159

2279

while((p=enum_sig_subpkt(sig->hashed,

2160

2280

SIGSUBPKT_SIGNATURE,&n,&seq,NULL)))

2161

2281

if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))

2162

break;

2163

2164

if(p==NULL)

2165

{

2166

seq=0;

2167

/* It is safe to have this in the unhashed area since the

2168

0x19 is located on the selfsig for convenience, not

2169

security. */

2170

while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,

2171

&n,&seq,NULL)))

2172

if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))

2173

break;

2174

}

2175

2176

if(p)

2177

{

2178

PKT_signature *backsig=xmalloc_clear(sizeof(PKT_signature));

2179

IOBUF backsig_buf=iobuf_temp_with_content(p,n);

2180

int save_mode=set_packet_list_mode(0);

2181

2182

if(parse_signature(backsig_buf,PKT_SIGNATURE,n,backsig)==0)

2183

{

2184

if(check_backsig(mainpk,subpk,backsig)==0)

2185

subpk->backsig=2;

2186

else

2187

subpk->backsig=1;

2188

}

2189

2190

set_packet_list_mode(save_mode);

2191

2192

iobuf_close(backsig_buf);

2282

{

2283

PKT_signature *tempsig=buf_to_sig(p,n);

2284

if(tempsig)

2285

{

2286

if(tempsig->timestamp>sigdate)

2287

{

2288

if(backsig)

2289

free_seckey_enc(backsig);

2290

2291

backsig=tempsig;

2292

sigdate=backsig->timestamp;

2293

}

2294

else

2295

free_seckey_enc(tempsig);

2296

}

2297

}

2298

2299

seq=0;

2300

2301

/* It is safe to have this in the unhashed area since the 0x19

2302

is located on the selfsig for convenience, not security. */

2303

2304

while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,

2305

&n,&seq,NULL)))

2306

if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))

2307

{

2308

PKT_signature *tempsig=buf_to_sig(p,n);

2309

if(tempsig)

2310

{

2311

if(tempsig->timestamp>sigdate)

2312

{

2313

if(backsig)

2314

free_seckey_enc(backsig);

2315

2316

backsig=tempsig;

2317

sigdate=backsig->timestamp;

2318

}

2319

else

2320

free_seckey_enc(tempsig);

2321

}

2322

}

2323

2324

if(backsig)

2325

{

2326

/* At ths point, backsig contains the most recent 0x19 sig.

2327

Let's see if it is good. */

2328

2329

/* 2==valid, 1==invalid, 0==didn't check */

2330

if(check_backsig(mainpk,subpk,backsig)==0)

2331

subpk->backsig=2;

2332

else

2333

subpk->backsig=1;

2334

2193

2335

free_seckey_enc(backsig);

2194

2336

}

2195

2337

}

2554

2696

}

2555

2697

2556

2698

if (DBG_CACHE)

2557

log_debug( "\tsubkey looks fine\n");

2558

if ( pk->timestamp > latest_date ) {

2699

log_debug( "\tsubkey might be fine\n");

2700

/* In case a key has a timestamp of 0 set, we make sure

2701

that it is used. A better change would be to compare

2702

">=" but that might also change the selected keys and

2703

is as such a more intrusive change. */

2704

if ( pk->timestamp > latest_date

2705

|| (!pk->timestamp && !latest_date)) {

2559

2706

latest_date = pk->timestamp;

2560

2707

latest_key = k;

2561

2708

}

2640

2787

rc = 0;

2641

2788

while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) {

2642

2789

/* If we are searching for the first key we have to make sure

2643

that the next interation does not no an implicit reset.

2790

that the next iteration does not do an implicit reset.

2644

2791

This can be triggered by an empty key ring. */

2645

2792

if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)

2646

2793

ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;

2951

3098

}

2952

3099

}

2953

3100

3101

/* Returns false on error. */

2954

3102

int

2955

3103

parse_auto_key_locate(char *options)

2956

3104

{

2966

3114

2967

3115

akl=xmalloc_clear(sizeof(*akl));

2968

3116

2969

if(ascii_strcasecmp(tok,"ldap")==0)

3117

if(ascii_strcasecmp(tok,"nodefault")==0)

3118

akl->type=AKL_NODEFAULT;

3119

else if(ascii_strcasecmp(tok,"local")==0)

3120

akl->type=AKL_LOCAL;

3121

else if(ascii_strcasecmp(tok,"ldap")==0)

2970

3122

akl->type=AKL_LDAP;

2971

3123

else if(ascii_strcasecmp(tok,"keyserver")==0)

2972

3124

akl->type=AKL_KEYSERVER;

Older »