1 /* keyring.c - keyring file handling
2 * Copyright (C) 1998-2010 Free Software Foundation, Inc.
3 * Copyright (C) 1997-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #include <sys/types.h>
36 #include "main.h" /*for check_key_signature()*/
38 #include "../kbx/keybox.h"
41 typedef struct keyring_resource *KR_RESOURCE;
42 struct keyring_resource
44 struct keyring_resource *next;
51 typedef struct keyring_resource const * CONST_KR_RESOURCE;
53 static KR_RESOURCE kr_resources;
57 CONST_KR_RESOURCE resource;
69 unsigned int n_packets; /*used for delete and update*/
77 /* The number of extant handles. */
78 static int active_handles;
80 static int do_copy (int mode, const char *fname, KBNODE root,
81 off_t start_offset, unsigned int n_packets );
85 /* We keep a cache of entries that we have entered in the DB. This
86 includes not only public keys, but also subkeys.
88 Note: we'd like to keep the offset of the items that are present,
89 however, this doesn't work, because another concurrent GnuPG
90 process could modify the keyring. */
92 struct key_present *next;
96 /* For the hash table, we use separate chaining with linked lists.
97 This means that we have an array of N linked lists (buckets), which
98 is indexed by KEYID[1] mod N. Elements present in the keyring will
99 be on the list; elements not present in the keyring will not be on
102 Note: since the hash table stores both present and not present
103 information, it cannot be used until we complete a full scan of the
104 keyring. This is indicated by key_present_hash_ready. */
105 typedef struct key_present **key_present_hash_t;
106 static key_present_hash_t key_present_hash;
107 static int key_present_hash_ready;
109 #define KEY_PRESENT_HASH_BUCKETS 2048
111 /* Allocate a new value for a key present hash table. */
112 static struct key_present *
113 key_present_value_new (void)
115 struct key_present *k;
117 k = xmalloc_clear (sizeof *k);
121 /* Allocate a new key present hash table. */
122 static key_present_hash_t
123 key_present_hash_new (void)
125 struct key_present **tbl;
127 tbl = xmalloc_clear (KEY_PRESENT_HASH_BUCKETS * sizeof *tbl);
131 /* Return whether the value described by KID if it is in the hash
132 table. Otherwise, return NULL. */
133 static struct key_present *
134 key_present_hash_lookup (key_present_hash_t tbl, u32 *kid)
136 struct key_present *k;
138 for (k = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))]; k; k = k->next)
139 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
144 /* Add the key to the hash table TBL if it is not already present. */
146 key_present_hash_update (key_present_hash_t tbl, u32 *kid)
148 struct key_present *k;
150 for (k = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))]; k; k = k->next)
152 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
156 k = key_present_value_new ();
159 k->next = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))];
160 tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))] = k;
163 /* Add all the keys (public and subkeys) present in the keyblock to
166 key_present_hash_update_from_kb (key_present_hash_t tbl, KBNODE node)
168 for (; node; node = node->next)
170 if (node->pkt->pkttype == PKT_PUBLIC_KEY
171 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
174 keyid_from_pk (node->pkt->pkt.public_key, aki);
175 key_present_hash_update (tbl, aki);
181 * Register a filename for plain keyring files. ptr is set to a
182 * pointer to be used to create a handles etc, or the already-issued
183 * pointer if it has already been registered. The function returns 1
184 * if a new keyring was registered.
187 keyring_register_filename (const char *fname, int read_only, void **ptr)
192 /* There are open handles. */
195 for (kr=kr_resources; kr; kr = kr->next)
197 if (same_file_p (kr->fname, fname))
199 /* Already registered. */
207 kr = xmalloc (sizeof *kr + strlen (fname));
208 strcpy (kr->fname, fname);
209 kr->read_only = read_only;
212 kr->did_full_scan = 0;
213 /* keep a list of all issued pointers */
214 kr->next = kr_resources;
217 /* create the offset table the first time a function here is used */
218 if (!key_present_hash)
219 key_present_hash = key_present_hash_new ();
227 keyring_is_writable (void *token)
229 KR_RESOURCE r = token;
231 return r? (r->read_only || !access (r->fname, W_OK)) : 0;
236 /* Create a new handle for the resource associated with TOKEN.
237 On error NULL is returned and ERRNO is set.
238 The returned handle must be released using keyring_release (). */
240 keyring_new (void *token)
243 KR_RESOURCE resource = token;
245 log_assert (resource);
247 hd = xtrycalloc (1, sizeof *hd);
250 hd->resource = resource;
256 keyring_release (KEYRING_HANDLE hd)
260 log_assert (active_handles > 0);
262 xfree (hd->word_match.name);
263 xfree (hd->word_match.pattern);
264 iobuf_close (hd->current.iobuf);
269 /* Save the current found state in HD for later retrieval by
270 keybox_pop_found_state. Only one state may be saved. */
272 keyring_push_found_state (KEYRING_HANDLE hd)
274 hd->saved_found = hd->found;
279 /* Restore the saved found state in HD. */
281 keyring_pop_found_state (KEYRING_HANDLE hd)
283 hd->found = hd->saved_found;
284 hd->saved_found.kr = NULL;
289 keyring_get_resource_name (KEYRING_HANDLE hd)
291 if (!hd || !hd->resource)
293 return hd->resource->fname;
298 * Lock the keyring with the given handle, or unlock if YES is false.
299 * We ignore the handle and lock all registered files.
302 keyring_lock (KEYRING_HANDLE hd, int yes)
310 /* first make sure the lock handles are created */
311 for (kr=kr_resources; kr; kr = kr->next) {
312 if (!keyring_is_writable(kr))
315 kr->lockhd = dotlock_create (kr->fname, 0);
317 log_info ("can't allocate lock for '%s'\n", kr->fname );
318 rc = GPG_ERR_GENERAL;
325 /* and now set the locks */
326 for (kr=kr_resources; kr; kr = kr->next) {
327 if (!keyring_is_writable(kr))
332 #ifdef HAVE_W32_SYSTEM
333 /* Under Windows we need to CloseHandle the file before we
334 * try to lock it. This is because another process might
335 * have taken the lock and is using keybox_file_rename to
336 * rename the base file. How if our dotlock_take below is
337 * waiting for the lock but we have the base file still
338 * open, keybox_file_rename will never succeed as we are
340 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0,
342 #endif /*HAVE_W32_SYSTEM*/
343 if (dotlock_take (kr->lockhd, -1) ) {
344 log_info ("can't lock '%s'\n", kr->fname );
345 rc = GPG_ERR_GENERAL;
353 for (kr=kr_resources; kr; kr = kr->next) {
354 if (!keyring_is_writable(kr))
359 if (dotlock_release (kr->lockhd))
360 log_info ("can't unlock '%s'\n", kr->fname );
372 * Return the last found keyblock. Caller must free it.
373 * The returned keyblock has the kbode flag bit 0 set for the node with
374 * the public key used to locate the keyblock or flag bit 1 set for
378 keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
382 KBNODE keyblock = NULL, node, lastnode;
393 return -1; /* no successful search */
395 a = iobuf_open (hd->found.kr->fname);
398 log_error(_("can't open '%s'\n"), hd->found.kr->fname);
399 return GPG_ERR_KEYRING_OPEN;
402 if (iobuf_seek (a, hd->found.offset) ) {
403 log_error ("can't seek '%s'\n", hd->found.kr->fname);
405 return GPG_ERR_KEYRING_OPEN;
408 pkt = xmalloc (sizeof *pkt);
410 hd->found.n_packets = 0;;
412 save_mode = set_packet_list_mode(0);
413 while ((rc=parse_packet (a, pkt)) != -1) {
414 hd->found.n_packets++;
415 if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
420 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
423 /* It is not this key that is problematic, but the
427 hd->found.n_packets --;
430 /* Upper layer needs to handle this. */
436 log_error ("keyring_get_keyblock: read error: %s\n",
438 rc = GPG_ERR_INV_KEYRING;
442 /* Filter allowed packets. */
443 switch (pkt->pkttype)
446 case PKT_PUBLIC_SUBKEY:
448 case PKT_SECRET_SUBKEY:
452 break; /* Allowed per RFC. */
454 case PKT_OLD_COMMENT:
456 case PKT_GPG_CONTROL:
457 break; /* Allowed by us. */
460 log_error ("skipped packet of type %d in keyring\n",
467 if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY
468 || pkt->pkttype == PKT_SECRET_KEY)) {
469 hd->found.n_packets--; /* fix counter */
474 if (pkt->pkttype == PKT_RING_TRUST)
476 /*(this code is duplicated after the loop)*/
478 && lastnode->pkt->pkttype == PKT_SIGNATURE
479 && (pkt->pkt.ring_trust->sigcache & 1) ) {
480 /* This is a ring trust packet with a checked signature
481 * status cache following directly a signature paket.
482 * Set the cache status into that signature packet. */
483 PKT_signature *sig = lastnode->pkt->pkt.signature;
485 sig->flags.checked = 1;
486 sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
488 /* Reset LASTNODE, so that we set the cache status only from
489 * the ring trust packet immediately following a signature. */
497 node = lastnode = new_kbnode (pkt);
501 add_kbnode (keyblock, node);
502 switch (pkt->pkttype)
505 case PKT_PUBLIC_SUBKEY:
507 case PKT_SECRET_SUBKEY:
508 if (++pk_no == hd->found.pk_no)
513 if (++uid_no == hd->found.uid_no)
521 pkt = xmalloc (sizeof *pkt);
524 set_packet_list_mode(save_mode);
526 if (rc == -1 && keyblock)
527 rc = 0; /* got the entire keyblock */
530 release_kbnode (keyblock);
532 /*(duplicated from the loop body)*/
533 if ( pkt && pkt->pkttype == PKT_RING_TRUST
535 && lastnode->pkt->pkttype == PKT_SIGNATURE
536 && (pkt->pkt.ring_trust->sigcache & 1) ) {
537 PKT_signature *sig = lastnode->pkt->pkt.signature;
538 sig->flags.checked = 1;
539 sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
547 /* Make sure that future search operations fail immediately when
548 * we know that we are working on a invalid keyring
550 if (gpg_err_code (rc) == GPG_ERR_INV_KEYRING)
551 hd->current.error = rc;
557 keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
562 return -1; /* no successful prior search */
564 if (hd->found.kr->read_only)
565 return gpg_error (GPG_ERR_EACCES);
567 if (!hd->found.n_packets) {
568 /* need to know the number of packets - do a dummy get_keyblock*/
569 rc = keyring_get_keyblock (hd, NULL);
571 log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
574 if (!hd->found.n_packets)
578 /* The open iobuf isn't needed anymore and in fact is a problem when
579 it comes to renaming the keyring files on some operating systems,
581 iobuf_close(hd->current.iobuf);
582 hd->current.iobuf = NULL;
585 rc = do_copy (3, hd->found.kr->fname, kb,
586 hd->found.offset, hd->found.n_packets );
588 if (key_present_hash)
590 key_present_hash_update_from_kb (key_present_hash, kb);
592 /* better reset the found info */
594 hd->found.offset = 0;
600 keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
607 else if (hd->found.kr)
609 fname = hd->found.kr->fname;
610 if (hd->found.kr->read_only)
611 return gpg_error (GPG_ERR_EACCES);
613 else if (hd->current.kr)
615 fname = hd->current.kr->fname;
616 if (hd->current.kr->read_only)
617 return gpg_error (GPG_ERR_EACCES);
620 fname = hd->resource? hd->resource->fname:NULL;
623 return GPG_ERR_GENERAL;
625 /* Close this one otherwise we will lose the position for
626 * a next search. Fixme: it would be better to adjust the position
627 * after the write opertions.
629 iobuf_close (hd->current.iobuf);
630 hd->current.iobuf = NULL;
633 rc = do_copy (1, fname, kb, 0, 0 );
634 if (!rc && key_present_hash)
636 key_present_hash_update_from_kb (key_present_hash, kb);
644 keyring_delete_keyblock (KEYRING_HANDLE hd)
649 return -1; /* no successful prior search */
651 if (hd->found.kr->read_only)
652 return gpg_error (GPG_ERR_EACCES);
654 if (!hd->found.n_packets) {
655 /* need to know the number of packets - do a dummy get_keyblock*/
656 rc = keyring_get_keyblock (hd, NULL);
658 log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
661 if (!hd->found.n_packets)
665 /* close this one otherwise we will lose the position for
666 * a next search. Fixme: it would be better to adjust the position
667 * after the write opertions.
669 iobuf_close (hd->current.iobuf);
670 hd->current.iobuf = NULL;
673 rc = do_copy (2, hd->found.kr->fname, NULL,
674 hd->found.offset, hd->found.n_packets );
676 /* better reset the found info */
678 hd->found.offset = 0;
679 /* Delete is a rare operations, so we don't remove the keys
680 * from the offset table */
688 * Start the next search on this handle right at the beginning
691 keyring_search_reset (KEYRING_HANDLE hd)
695 hd->current.kr = NULL;
696 iobuf_close (hd->current.iobuf);
697 hd->current.iobuf = NULL;
699 hd->current.error = 0;
702 hd->found.offset = 0;
708 prepare_search (KEYRING_HANDLE hd)
710 if (hd->current.error) {
711 /* If the last key was a legacy key, we simply ignore the error so that
712 we can easily use search_next. */
713 if (gpg_err_code (hd->current.error) == GPG_ERR_LEGACY_KEY)
716 log_debug ("%s: last error was GPG_ERR_LEGACY_KEY, clearing\n",
718 hd->current.error = 0;
723 log_debug ("%s: returning last error: %s\n",
724 __func__, gpg_strerror (hd->current.error));
725 return hd->current.error; /* still in error state */
729 if (hd->current.kr && !hd->current.eof) {
730 if ( !hd->current.iobuf )
733 log_debug ("%s: missing iobuf!\n", __func__);
734 return GPG_ERR_GENERAL; /* Position invalid after a modify. */
739 if (!hd->current.kr && hd->current.eof)
742 log_debug ("%s: EOF!\n", __func__);
743 return -1; /* still EOF */
746 if (!hd->current.kr) { /* start search with first keyring */
747 hd->current.kr = hd->resource;
748 if (!hd->current.kr) {
750 log_debug ("%s: keyring not available!\n", __func__);
752 return -1; /* keyring not available */
754 log_assert (!hd->current.iobuf);
758 log_debug ("%s: EOF\n", __func__);
759 iobuf_close (hd->current.iobuf);
760 hd->current.iobuf = NULL;
761 hd->current.kr = NULL;
767 hd->current.iobuf = iobuf_open (hd->current.kr->fname);
768 if (!hd->current.iobuf)
770 hd->current.error = gpg_error_from_syserror ();
771 log_error(_("can't open '%s'\n"), hd->current.kr->fname );
772 return hd->current.error;
779 /* A map of the all characters valid used for word_match()
780 * Valid characters are in in this table converted to uppercase.
781 * because the upper 128 bytes have special meaning, we assume
782 * that they are all valid.
783 * Note: We must use numerical values here in case that this program
784 * will be converted to those little blue HAL9000s with their strange
785 * EBCDIC character set (user ids are UTF-8).
786 * wk 2000-04-13: Hmmm, does this really make sense, given the fact that
787 * we can run gpg now on a S/390 running GNU/Linux, where the code
788 * translation is done by the device drivers?
790 static const byte word_match_chars[256] = {
791 /* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
792 /* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
793 /* 10 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
794 /* 18 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
795 /* 20 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
796 /* 28 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
797 /* 30 */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
798 /* 38 */ 0x38, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
799 /* 40 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
800 /* 48 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
801 /* 50 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
802 /* 58 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
803 /* 60 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
804 /* 68 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
805 /* 70 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
806 /* 78 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
807 /* 80 */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
808 /* 88 */ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
809 /* 90 */ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
810 /* 98 */ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
811 /* a0 */ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
812 /* a8 */ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
813 /* b0 */ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
814 /* b8 */ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
815 /* c0 */ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
816 /* c8 */ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
817 /* d0 */ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
818 /* d8 */ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
819 /* e0 */ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
820 /* e8 */ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
821 /* f0 */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
822 /* f8 */ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
826 * Do a word match (original user id starts with a '+').
827 * The pattern is already tokenized to a more suitable format:
828 * There are only the real words in it delimited by one space
829 * and all converted to uppercase.
831 * Returns: 0 if all words match.
833 * Note: This algorithm is a straightforward one and not very
834 * fast. It works for UTF-8 strings. The uidlen should
835 * be removed but due to the fact that old versions of
836 * pgp don't use UTF-8 we still use the length; this should
837 * be fixed in parse-packet (and replace \0 by some special
841 word_match( const byte *uid, size_t uidlen, const byte *pattern )
847 for( s=pattern; *s; ) {
849 /* skip leading delimiters */
850 while( uidlen && !word_match_chars[*uid] )
852 /* get length of the word */
854 while( n && word_match_chars[*p] )
857 /* and compare against the current word from pattern */
858 for(n=0, p=uid; n < wlen && s[n] != ' ' && s[n] ; n++, p++ ) {
859 if( word_match_chars[*p] != s[n] )
862 if( n == wlen && (s[n] == ' ' || !s[n]) )
868 return -1; /* not found */
870 /* advance to next word in pattern */
871 for(; *s != ' ' && *s ; s++ )
876 return 0; /* found */
880 * prepare word word_match; that is parse the name and
882 * caller has to free the returned pattern
885 prepare_word_match (const byte *name)
890 /* the original length is always enough for the pattern */
891 p = pattern = xmalloc(strlen(name)+1);
893 /* skip leading delimiters */
894 while( *name && !word_match_chars[*name] )
896 /* copy as long as we don't have a delimiter and convert
898 * fixme: how can we handle utf8 uppercasing */
899 for( ; *name && (c=word_match_chars[*name]); name++ )
901 *p++ = ' '; /* append pattern delimiter */
903 p[-1] = 0; /* replace last pattern delimiter by EOS */
912 compare_name (int mode, const char *name, const char *uid, size_t uidlen)
917 if (mode == KEYDB_SEARCH_MODE_EXACT) {
918 for (i=0; name[i] && uidlen; i++, uidlen--)
919 if (uid[i] != name[i])
921 if (!uidlen && !name[i])
922 return 0; /* found */
924 else if (mode == KEYDB_SEARCH_MODE_SUBSTR) {
925 if (ascii_memistr( uid, uidlen, name ))
928 else if ( mode == KEYDB_SEARCH_MODE_MAIL
929 || mode == KEYDB_SEARCH_MODE_MAILSUB
930 || mode == KEYDB_SEARCH_MODE_MAILEND) {
931 for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
934 /* skip opening delim and one char and look for the closing one*/
936 for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
940 if (mode == KEYDB_SEARCH_MODE_MAIL) {
941 if( strlen(name)-2 == i
942 && !ascii_memcasecmp( s, name+1, i) )
945 else if (mode == KEYDB_SEARCH_MODE_MAILSUB) {
946 if( ascii_memistr( s, i, name ) )
949 else { /* email from end */
955 else if (mode == KEYDB_SEARCH_MODE_WORDS)
956 return word_match (uid, uidlen, name);
960 return -1; /* not found */
965 * Search through the keyring(s), starting at the current position,
966 * for a keyblock which contains one of the keys described in the DESC array.
969 keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
970 size_t ndesc, size_t *descindex, int ignore_legacy)
975 off_t offset, main_offset;
977 int need_uid, need_words, need_keyid, need_fpr, any_skip;
980 int scanned_from_start;
981 int use_key_present_hash;
982 PKT_user_id *uid = NULL;
983 PKT_public_key *pk = NULL;
986 /* figure out what information we need */
987 need_uid = need_words = need_keyid = need_fpr = any_skip = 0;
988 for (n=0; n < ndesc; n++)
990 switch (desc[n].mode)
992 case KEYDB_SEARCH_MODE_EXACT:
993 case KEYDB_SEARCH_MODE_SUBSTR:
994 case KEYDB_SEARCH_MODE_MAIL:
995 case KEYDB_SEARCH_MODE_MAILSUB:
996 case KEYDB_SEARCH_MODE_MAILEND:
999 case KEYDB_SEARCH_MODE_WORDS:
1003 case KEYDB_SEARCH_MODE_SHORT_KID:
1004 case KEYDB_SEARCH_MODE_LONG_KID:
1007 case KEYDB_SEARCH_MODE_FPR16:
1008 case KEYDB_SEARCH_MODE_FPR20:
1009 case KEYDB_SEARCH_MODE_FPR:
1012 case KEYDB_SEARCH_MODE_FIRST:
1013 /* always restart the search in this mode */
1014 keyring_search_reset (hd);
1018 if (desc[n].skipfnc)
1026 log_debug ("%s: need_uid = %d; need_words = %d; need_keyid = %d; need_fpr = %d; any_skip = %d\n",
1027 __func__, need_uid, need_words, need_keyid, need_fpr, any_skip);
1029 rc = prepare_search (hd);
1033 log_debug ("%s: prepare_search failed: %s (%d)\n",
1034 __func__, gpg_strerror (rc), gpg_err_code (rc));
1038 use_key_present_hash = !!key_present_hash;
1039 if (!use_key_present_hash)
1042 log_debug ("%s: no offset table.\n", __func__);
1044 else if (!key_present_hash_ready)
1047 log_debug ("%s: initializing offset table. (need_keyid: %d => 1)\n",
1048 __func__, need_keyid);
1051 else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
1053 struct key_present *oi;
1056 log_debug ("%s: look up by long key id, checking cache\n", __func__);
1058 oi = key_present_hash_lookup (key_present_hash, desc[0].u.kid);
1060 { /* We know that we don't have this key */
1062 log_debug ("%s: cache says not present\n", __func__);
1063 hd->found.kr = NULL;
1064 hd->current.eof = 1;
1067 /* We could now create a positive search status and return.
1068 * However the problem is that another instance of gpg may
1069 * have changed the keyring so that the offsets are not valid
1070 * anymore - therefore we don't do it
1076 const char *name = NULL;
1078 log_debug ("word search mode does not yet work\n");
1079 /* FIXME: here is a long standing bug in our function and in addition we
1080 just use the first search description */
1081 for (n=0; n < ndesc && !name; n++)
1083 if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
1084 name = desc[n].u.name;
1087 if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
1090 xfree (hd->word_match.name);
1091 xfree (hd->word_match.pattern);
1092 hd->word_match.name = xstrdup (name);
1093 hd->word_match.pattern = prepare_word_match (name);
1095 /* name = hd->word_match.pattern; */
1099 save_mode = set_packet_list_mode(0);
1101 hd->found.kr = NULL;
1104 initial_skip = 1; /* skip until we see the start of a keyblock */
1105 scanned_from_start = iobuf_tell (hd->current.iobuf) == 0;
1107 log_debug ("%s: %ssearching from start of resource.\n",
1108 __func__, scanned_from_start ? "" : "not ");
1111 byte afp[MAX_FINGERPRINT_LEN];
1114 rc = search_packet (hd->current.iobuf, &pkt, &offset, need_uid);
1115 if (ignore_legacy && gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1123 if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY)
1125 main_offset = offset;
1137 if ( pkt.pkttype == PKT_PUBLIC_KEY
1138 || pkt.pkttype == PKT_PUBLIC_SUBKEY
1139 || pkt.pkttype == PKT_SECRET_KEY
1140 || pkt.pkttype == PKT_SECRET_SUBKEY)
1142 pk = pkt.pkt.public_key;
1146 fingerprint_from_pk (pk, afp, &an);
1147 while (an < 20) /* fill up to 20 bytes */
1151 keyid_from_pk (pk, aki);
1153 if (use_key_present_hash
1154 && !key_present_hash_ready
1155 && scanned_from_start)
1156 key_present_hash_update (key_present_hash, aki);
1158 else if (pkt.pkttype == PKT_USER_ID)
1160 uid = pkt.pkt.user_id;
1164 for (n=0; n < ndesc; n++)
1166 switch (desc[n].mode) {
1167 case KEYDB_SEARCH_MODE_NONE:
1170 case KEYDB_SEARCH_MODE_EXACT:
1171 case KEYDB_SEARCH_MODE_SUBSTR:
1172 case KEYDB_SEARCH_MODE_MAIL:
1173 case KEYDB_SEARCH_MODE_MAILSUB:
1174 case KEYDB_SEARCH_MODE_MAILEND:
1175 case KEYDB_SEARCH_MODE_WORDS:
1176 if ( uid && !compare_name (desc[n].mode,
1178 uid->name, uid->len))
1182 case KEYDB_SEARCH_MODE_SHORT_KID:
1183 if (pk && desc[n].u.kid[1] == aki[1])
1186 case KEYDB_SEARCH_MODE_LONG_KID:
1187 if (pk && desc[n].u.kid[0] == aki[0]
1188 && desc[n].u.kid[1] == aki[1])
1191 case KEYDB_SEARCH_MODE_FPR16:
1192 if (pk && !memcmp (desc[n].u.fpr, afp, 16))
1195 case KEYDB_SEARCH_MODE_FPR20:
1196 case KEYDB_SEARCH_MODE_FPR:
1197 if (pk && !memcmp (desc[n].u.fpr, afp, 20))
1200 case KEYDB_SEARCH_MODE_FIRST:
1204 case KEYDB_SEARCH_MODE_NEXT:
1209 rc = GPG_ERR_INV_ARG;
1220 log_debug ("%s: packet starting at offset %lld matched descriptor %zu\n"
1221 , __func__, (long long)offset, n);
1223 /* Record which desc we matched on. Note this value is only
1224 meaningful if this function returns with no errors. */
1227 for (n=any_skip?0:ndesc; n < ndesc; n++)
1230 && desc[n].skipfnc (desc[n].skipfncvalue, aki, uid_no))
1233 log_debug ("%s: skipping match: desc %zd's skip function returned TRUE\n",
1246 log_debug ("%s: returning success\n", __func__);
1247 hd->found.offset = main_offset;
1248 hd->found.kr = hd->current.kr;
1249 hd->found.pk_no = pk? pk_no : 0;
1250 hd->found.uid_no = uid? uid_no : 0;
1255 log_debug ("%s: no matches (EOF)\n", __func__);
1257 hd->current.eof = 1;
1258 /* if we scanned all keyrings, we are sure that
1259 * all known key IDs are in our offtbl, mark that. */
1260 if (use_key_present_hash
1261 && !key_present_hash_ready
1262 && scanned_from_start)
1266 /* First set the did_full_scan flag for this keyring. */
1267 for (kr=kr_resources; kr; kr = kr->next)
1269 if (hd->resource == kr)
1271 kr->did_full_scan = 1;
1275 /* Then check whether all flags are set and if so, mark the
1277 for (kr=kr_resources; kr; kr = kr->next)
1279 if (!kr->did_full_scan)
1283 key_present_hash_ready = 1;
1289 log_debug ("%s: error encountered during search: %s (%d)\n",
1290 __func__, gpg_strerror (rc), rc);
1291 hd->current.error = rc;
1295 set_packet_list_mode(save_mode);
1301 create_tmp_file (const char *template,
1302 char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
1307 err = keybox_tmp_names (template, 1, r_bakfname, r_tmpfname);
1311 /* Create the temp file with limited access. Note that the umask
1312 call is not anymore needed because iobuf_create now takes care of
1313 it. However, it does not harm and thus we keep it. */
1314 oldmask = umask (077);
1315 if (is_secured_filename (*r_tmpfname))
1318 gpg_err_set_errno (EPERM);
1321 *r_fp = iobuf_create (*r_tmpfname, 1);
1325 err = gpg_error_from_syserror ();
1326 log_error (_("can't create '%s': %s\n"), *r_tmpfname, gpg_strerror (err));
1327 xfree (*r_tmpfname);
1329 xfree (*r_bakfname);
1338 rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname)
1343 /* Invalidate close caches. */
1344 if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname ))
1346 rc = gpg_error_from_syserror ();
1349 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)bakfname );
1350 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname );
1352 /* First make a backup file. */
1354 rc = gnupg_rename_file (fname, bakfname, &block);
1358 /* then rename the file */
1359 rc = gnupg_rename_file (tmpfname, fname, NULL);
1362 gnupg_unblock_all_signals ();
1367 register_secured_file (fname);
1371 /* Now make sure the file has the same permissions as the original */
1372 #ifndef HAVE_DOSISH_SYSTEM
1374 struct stat statbuf;
1376 statbuf.st_mode=S_IRUSR | S_IWUSR;
1378 if (!stat (bakfname, &statbuf) && !chmod (fname, statbuf.st_mode))
1381 log_error ("WARNING: unable to restore permissions to '%s': %s",
1382 fname, strerror(errno));
1390 gnupg_unblock_all_signals ();
1396 write_keyblock (IOBUF fp, KBNODE keyblock)
1398 KBNODE kbctx = NULL, node;
1401 while ( (node = walk_kbnode (keyblock, &kbctx, 0)) )
1403 if (node->pkt->pkttype == PKT_RING_TRUST)
1404 continue; /* we write it later on our own */
1406 if ( (rc = build_packet (fp, node->pkt) ))
1408 log_error ("build_packet(%d) failed: %s\n",
1409 node->pkt->pkttype, gpg_strerror (rc) );
1412 if (node->pkt->pkttype == PKT_SIGNATURE)
1413 { /* always write a signature cache packet */
1414 PKT_signature *sig = node->pkt->pkt.signature;
1415 unsigned int cacheval = 0;
1417 if (sig->flags.checked)
1420 if (sig->flags.valid)
1423 iobuf_put (fp, 0xb0); /* old style packet 12, 1 byte len*/
1424 iobuf_put (fp, 2); /* 2 bytes */
1425 iobuf_put (fp, 0); /* unused */
1426 if (iobuf_put (fp, cacheval))
1428 rc = gpg_error_from_syserror ();
1429 log_error ("writing sigcache packet failed\n");
1438 * Walk over all public keyrings, check the signatures and replace the
1439 * keyring with a new one where the signature cache is then updated.
1440 * This is only done for the public keyrings.
1443 keyring_rebuild_cache (void *token,int noisy)
1446 KEYDB_SEARCH_DESC desc;
1447 KBNODE keyblock = NULL, node;
1448 const char *lastresname = NULL, *resname;
1450 char *tmpfilename = NULL;
1451 char *bakfilename = NULL;
1453 ulong count = 0, sigcount = 0;
1455 hd = keyring_new (token);
1457 return gpg_error_from_syserror ();
1458 memset (&desc, 0, sizeof desc);
1459 desc.mode = KEYDB_SEARCH_MODE_FIRST;
1461 rc=keyring_lock (hd, 1);
1467 rc = keyring_search (hd, &desc, 1, NULL, 1 /* ignore_legacy */);
1471 desc.mode = KEYDB_SEARCH_MODE_NEXT;
1472 resname = keyring_get_resource_name (hd);
1473 if (lastresname != resname )
1474 { /* we have switched to a new keyring - commit changes */
1477 if (iobuf_close (tmpfp))
1479 rc = gpg_error_from_syserror ();
1480 log_error ("error closing '%s': %s\n",
1481 tmpfilename, strerror (errno));
1484 /* because we have switched resources, we can be sure that
1485 * the original file is closed */
1488 /* Static analyzer note: BAKFILENAME is never NULL here
1489 because it is controlled by LASTRESNAME. */
1490 rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
1492 xfree (tmpfilename); tmpfilename = NULL;
1493 xfree (bakfilename); bakfilename = NULL;
1496 lastresname = resname;
1497 if (noisy && !opt.quiet)
1498 log_info (_("caching keyring '%s'\n"), resname);
1499 rc = create_tmp_file (resname, &bakfilename, &tmpfilename, &tmpfp);
1504 release_kbnode (keyblock);
1505 rc = keyring_get_keyblock (hd, &keyblock);
1508 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1509 continue; /* Skip legacy keys. */
1510 log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc));
1513 if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
1515 /* We had a few reports about corrupted keyrings; if we have
1516 been called directly from the command line we delete such
1517 a keyblock instead of bailing out. */
1518 log_error ("unexpected keyblock found (pkttype=%d)%s\n",
1519 keyblock->pkt->pkttype, noisy? " - deleted":"");
1522 log_info ("Hint: backup your keys and try running '%s'\n",
1523 "gpg --rebuild-keydb-caches");
1524 rc = gpg_error (GPG_ERR_INV_KEYRING);
1528 if (keyblock->pkt->pkt.public_key->version < 4)
1530 /* We do not copy/cache v3 keys or any other unknown
1531 packets. It is better to remove them from the keyring.
1532 The code required to keep them in the keyring would be
1533 too complicated. Given that we do not touch the old
1534 secring.gpg a suitable backup for decryption of v3 stuff
1535 using an older gpg version will always be available.
1536 Note: This test is actually superfluous because we
1537 already acted upon GPG_ERR_LEGACY_KEY. */
1541 /* Check all signature to set the signature's cache flags. */
1542 for (node=keyblock; node; node=node->next)
1544 /* Note that this doesn't cache the result of a
1545 revocation issued by a designated revoker. This is
1546 because the pk in question does not carry the revkeys
1547 as we haven't merged the key and selfsigs. It is
1548 questionable whether this matters very much since
1549 there are very very few designated revoker revocation
1550 packets out there. */
1551 if (node->pkt->pkttype == PKT_SIGNATURE)
1553 PKT_signature *sig=node->pkt->pkt.signature;
1555 if(!opt.no_sig_cache && sig->flags.checked && sig->flags.valid
1556 && (openpgp_md_test_algo(sig->digest_algo)
1557 || openpgp_pk_test_algo(sig->pubkey_algo)))
1558 sig->flags.checked=sig->flags.valid=0;
1560 check_key_signature (keyblock, node, NULL);
1566 /* Write the keyblock to the temporary file. */
1567 rc = write_keyblock (tmpfp, keyblock);
1571 if ( !(++count % 50) && noisy && !opt.quiet)
1572 log_info (ngettext("%lu keys cached so far (%lu signature)\n",
1573 "%lu keys cached so far (%lu signatures)\n",
1577 } /* end main loop */
1582 log_error ("keyring_search failed: %s\n", gpg_strerror (rc));
1586 if (noisy || opt.verbose)
1588 log_info (ngettext("%lu key cached",
1589 "%lu keys cached", count), count);
1590 log_printf (ngettext(" (%lu signature)\n",
1591 " (%lu signatures)\n", sigcount), sigcount);
1596 if (iobuf_close (tmpfp))
1598 rc = gpg_error_from_syserror ();
1599 log_error ("error closing '%s': %s\n",
1600 tmpfilename, strerror (errno));
1603 /* because we have switched resources, we can be sure that
1604 * the original file is closed */
1607 rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
1609 xfree (tmpfilename); tmpfilename = NULL;
1610 xfree (bakfilename); bakfilename = NULL;
1614 iobuf_cancel (tmpfp);
1615 xfree (tmpfilename);
1616 xfree (bakfilename);
1617 release_kbnode (keyblock);
1618 keyring_lock (hd, 0);
1619 keyring_release (hd);
1625 * Perform insert/delete/update operation.
1631 do_copy (int mode, const char *fname, KBNODE root,
1632 off_t start_offset, unsigned int n_packets )
1636 char *bakfname = NULL;
1637 char *tmpfname = NULL;
1639 /* Open the source file. Because we do a rename, we have to check the
1640 permissions of the file */
1641 if (access (fname, W_OK))
1642 return gpg_error_from_syserror ();
1644 fp = iobuf_open (fname);
1645 if (mode == 1 && !fp && errno == ENOENT) {
1646 /* insert mode but file does not exist: create a new file */
1651 if (is_secured_filename (fname)) {
1653 gpg_err_set_errno (EPERM);
1656 newfp = iobuf_create (fname, 1);
1660 rc = gpg_error_from_syserror ();
1661 log_error (_("can't create '%s': %s\n"), fname, strerror(errno));
1665 log_info(_("%s: keyring created\n"), fname );
1668 while ( (node = walk_kbnode( root, &kbctx, 0 )) ) {
1669 if( (rc = build_packet( newfp, node->pkt )) ) {
1670 log_error("build_packet(%d) failed: %s\n",
1671 node->pkt->pkttype, gpg_strerror (rc) );
1672 iobuf_cancel(newfp);
1676 if( iobuf_close(newfp) ) {
1677 rc = gpg_error_from_syserror ();
1678 log_error ("%s: close failed: %s\n", fname, strerror(errno));
1681 return 0; /* ready */
1686 rc = gpg_error_from_syserror ();
1687 log_error(_("can't open '%s': %s\n"), fname, strerror(errno) );
1691 /* Create the new file. */
1692 rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp);
1698 if( mode == 1 ) { /* insert */
1699 /* copy everything to the new file */
1700 rc = copy_all_packets (fp, newfp);
1702 log_error("%s: copy to '%s' failed: %s\n",
1703 fname, tmpfname, gpg_strerror (rc) );
1705 iobuf_cancel(newfp);
1710 if( mode == 2 || mode == 3 ) { /* delete or update */
1711 /* copy first part to the new file */
1712 rc = copy_some_packets( fp, newfp, start_offset );
1713 if( rc ) { /* should never get EOF here */
1714 log_error ("%s: copy to '%s' failed: %s\n",
1715 fname, tmpfname, gpg_strerror (rc) );
1717 iobuf_cancel(newfp);
1720 /* skip this keyblock */
1721 log_assert( n_packets );
1722 rc = skip_some_packets( fp, n_packets );
1724 log_error("%s: skipping %u packets failed: %s\n",
1725 fname, n_packets, gpg_strerror (rc));
1727 iobuf_cancel(newfp);
1732 if( mode == 1 || mode == 3 ) { /* insert or update */
1733 rc = write_keyblock (newfp, root);
1736 iobuf_cancel(newfp);
1741 if( mode == 2 || mode == 3 ) { /* delete or update */
1743 rc = copy_all_packets( fp, newfp );
1745 log_error("%s: copy to '%s' failed: %s\n",
1746 fname, tmpfname, gpg_strerror (rc) );
1748 iobuf_cancel(newfp);
1753 /* close both files */
1754 if( iobuf_close(fp) ) {
1755 rc = gpg_error_from_syserror ();
1756 log_error("%s: close failed: %s\n", fname, strerror(errno) );
1759 if( iobuf_close(newfp) ) {
1760 rc = gpg_error_from_syserror ();
1761 log_error("%s: close failed: %s\n", tmpfname, strerror(errno) );
1765 rc = rename_tmp_file (bakfname, tmpfname, fname);