1
1
/* getkey.c - Get a key from the database
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3
* 2006, 2007 Free Software Foundation, Inc.
2
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3
* 2007, 2008 Free Software Foundation, Inc.
5
5
* This file is part of GnuPG.
912
915
/* Find a public key from NAME and return the keyblock or the key. If
913
916
ret_kdb is not NULL, the KEYDB handle used to locate this keyblock
914
917
is returned and the caller is responsible for closing it. If a key
915
was not found and NAME is a valid RFC822 mailbox and --auto-key-locate
916
has been enabled, we try to import the key via the online mechanisms
917
defined by --auto-key-locate. */
918
was not found (or if local search has been disabled) and NAME is a
919
valid RFC822 mailbox and --auto-key-locate has been enabled, we try
920
to import the key via the online mechanisms defined by
921
--auto-key-locate. */
919
get_pubkey_byname (PKT_public_key *pk,
923
get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
920
924
const char *name, KBNODE *ret_keyblock,
921
KEYDB_HANDLE *ret_kdbhd, int include_unusable )
925
KEYDB_HANDLE *ret_kdbhd, int include_unusable,
924
929
strlist_t namelist = NULL;
926
add_to_strlist( &namelist, name );
928
rc = key_byname( NULL, namelist, pk, NULL, 0,
929
include_unusable, ret_keyblock, ret_kdbhd);
933
int anylocalfirst = 0;
938
is_mbox = is_valid_mailbox (name);
940
/* Check whether we the default local search has been disabled.
941
This is the case if either the "nodefault" or the "local" keyword
942
are in the list of auto key locate mechanisms.
944
ANYLOCALFIRST is set if the search order has the local method
945
before any other or if "local" is used first by default. This
946
makes sure that if a RETCTX is used it gets only set if a local
947
search has precedence over the other search methods and only then
948
a followup call to get_pubkey_next shall succeed. */
951
for (akl=opt.auto_key_locate; akl; akl=akl->next)
952
if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
957
for (akl=opt.auto_key_locate; akl; akl=akl->next)
958
if (akl->type != AKL_NODEFAULT)
960
if (akl->type == AKL_LOCAL)
969
if (nodefault && is_mbox)
971
/* Nodefault but a mailbox - let the AKL locate the key. */
972
rc = G10ERR_NO_PUBKEY;
976
add_to_strlist (&namelist, name);
977
rc = key_byname (retctx, namelist, pk, NULL, 0,
978
include_unusable, ret_keyblock, ret_kdbhd);
931
981
/* If the requested name resembles a valid mailbox and automatic
932
982
retrieval has been enabled, we try to import the key. */
934
if (rc == G10ERR_NO_PUBKEY && is_valid_mailbox(name))
983
if (gpg_err_code (rc) == G10ERR_NO_PUBKEY && !no_akl && is_mbox)
938
for(akl=opt.auto_key_locate;akl;akl=akl->next)
985
for (akl=opt.auto_key_locate; akl; akl=akl->next)
940
unsigned char *fpr=NULL;
987
unsigned char *fpr = NULL;
989
int did_key_byname = 0;
990
int no_fingerprint = 0;
991
const char *mechanism = "?";
996
/* This is a dummy mechanism. */
998
rc = G10ERR_NO_PUBKEY;
1002
mechanism = "Local";
1006
get_pubkey_end (*retctx);
1009
add_to_strlist (&namelist, name);
1010
rc = key_byname (anylocalfirst? retctx:NULL,
1011
namelist, pk, NULL, 0,
1012
include_unusable, ret_keyblock, ret_kdbhd);
1016
mechanism = "DNS CERT";
946
1017
glo_ctrl.in_auto_key_retrieve++;
947
1018
rc=keyserver_import_cert(name,&fpr,&fpr_len);
948
1019
glo_ctrl.in_auto_key_retrieve--;
951
log_info(_("automatically retrieved `%s' via %s\n"),
956
1024
glo_ctrl.in_auto_key_retrieve++;
957
1025
rc=keyserver_import_pka(name,&fpr,&fpr_len);
958
1026
glo_ctrl.in_auto_key_retrieve--;
961
log_info(_("automatically retrieved `%s' via %s\n"),
966
1031
glo_ctrl.in_auto_key_retrieve++;
967
1032
rc=keyserver_import_ldap(name,&fpr,&fpr_len);
968
1033
glo_ctrl.in_auto_key_retrieve--;
971
log_info(_("automatically retrieved `%s' via %s\n"),
975
1036
case AKL_KEYSERVER:
979
1040
and getting a whole lot of keys back. */
980
1041
if(opt.keyserver)
1043
mechanism = opt.keyserver->uri;
982
1044
glo_ctrl.in_auto_key_retrieve++;
983
1045
rc=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
984
1046
glo_ctrl.in_auto_key_retrieve--;
987
log_info(_("automatically retrieved `%s' via %s\n"),
988
name,opt.keyserver->uri);
1050
mechanism = "Unconfigured keyserver";
1051
rc = G10ERR_NO_PUBKEY;
994
1057
struct keyserver_spec *keyserver;
1059
mechanism = akl->spec->uri;
996
1060
keyserver=keyserver_match(akl->spec);
997
1061
glo_ctrl.in_auto_key_retrieve++;
998
1062
rc=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
999
1063
glo_ctrl.in_auto_key_retrieve--;
1002
log_info(_("automatically retrieved `%s' via %s\n"),
1003
name,akl->spec->uri);
1008
1068
/* Use the fingerprint of the key that we actually fetched.
1009
1069
This helps prevent problems where the key that we fetched
1010
1070
doesn't have the same name that we used to fetch it. In
1022
1081
free_strlist(namelist);
1025
for(i=0;i<fpr_len;i++)
1026
sprintf(fpr_string+2*i,"%02X",fpr[i]);
1084
bin2hex (fpr, fpr_len, fpr_string);
1028
1086
if(opt.verbose)
1029
1087
log_info("auto-key-locate found fingerprint %s\n",fpr_string);
1031
1089
add_to_strlist( &namelist, fpr_string );
1091
else if (!rc && !fpr && !did_key_byname)
1094
rc = G10ERR_NO_PUBKEY;
1036
rc = key_byname( NULL, namelist, pk, NULL, 0,
1037
include_unusable, ret_keyblock, ret_kdbhd);
1038
if(rc!=G10ERR_NO_PUBKEY)
1099
if (!rc && !did_key_byname)
1103
get_pubkey_end (*retctx);
1106
rc = key_byname (anylocalfirst?retctx:NULL,
1107
namelist, pk, NULL, 0,
1108
include_unusable, ret_keyblock, ret_kdbhd);
1113
log_info (_("automatically retrieved `%s' via %s\n"),
1117
if (rc != G10ERR_NO_PUBKEY || opt.verbose || no_fingerprint)
1118
log_info (_("error retrieving `%s' via %s: %s\n"),
1120
no_fingerprint? _("No fingerprint"):g10_errstr(rc));
1043
free_strlist( namelist );
1127
get_pubkey_end (*retctx);
1131
if (retctx && *retctx)
1133
assert (!(*retctx)->extra_list);
1134
(*retctx)->extra_list = namelist;
1137
free_strlist (namelist);
1048
1143
get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk,
1049
1144
strlist_t names, KBNODE *ret_keyblock )
2149
2265
subpk->is_valid = 1;
2151
/* Find the first 0x19 embedded signature on our self-sig. */
2267
/* Find the most recent 0x19 embedded signature on our self-sig. */
2152
2268
if(subpk->backsig==0)
2272
PKT_signature *backsig=NULL;
2157
2276
/* We do this while() since there may be other embedded
2158
2277
signatures in the future. We only want 0x19 here. */
2159
2279
while((p=enum_sig_subpkt(sig->hashed,
2160
2280
SIGSUBPKT_SIGNATURE,&n,&seq,NULL)))
2161
2281
if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
2167
/* It is safe to have this in the unhashed area since the
2168
0x19 is located on the selfsig for convenience, not
2170
while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,
2172
if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
2178
PKT_signature *backsig=xmalloc_clear(sizeof(PKT_signature));
2179
IOBUF backsig_buf=iobuf_temp_with_content(p,n);
2180
int save_mode=set_packet_list_mode(0);
2182
if(parse_signature(backsig_buf,PKT_SIGNATURE,n,backsig)==0)
2184
if(check_backsig(mainpk,subpk,backsig)==0)
2190
set_packet_list_mode(save_mode);
2192
iobuf_close(backsig_buf);
2283
PKT_signature *tempsig=buf_to_sig(p,n);
2286
if(tempsig->timestamp>sigdate)
2289
free_seckey_enc(backsig);
2292
sigdate=backsig->timestamp;
2295
free_seckey_enc(tempsig);
2301
/* It is safe to have this in the unhashed area since the 0x19
2302
is located on the selfsig for convenience, not security. */
2304
while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,
2306
if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
2308
PKT_signature *tempsig=buf_to_sig(p,n);
2311
if(tempsig->timestamp>sigdate)
2314
free_seckey_enc(backsig);
2317
sigdate=backsig->timestamp;
2320
free_seckey_enc(tempsig);
2326
/* At ths point, backsig contains the most recent 0x19 sig.
2327
Let's see if it is good. */
2329
/* 2==valid, 1==invalid, 0==didn't check */
2330
if(check_backsig(mainpk,subpk,backsig)==0)
2193
2335
free_seckey_enc(backsig);