1 /* keyring.c - keyring file handling
2 * Copyright (C) 1998-2010 Free Software Foundation, Inc.
3 * Copyright (C) 1997-2015 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #include <sys/types.h>
36 #include "main.h" /*for check_key_signature()*/
38 #include "../kbx/keybox.h"
41 typedef struct keyring_resource *KR_RESOURCE;
42 struct keyring_resource
44 struct keyring_resource *next;
51 typedef struct keyring_resource const * CONST_KR_RESOURCE;
53 static KR_RESOURCE kr_resources;
57 CONST_KR_RESOURCE resource;
69 unsigned int n_packets; /*used for delete and update*/
77 /* The number of extant handles. */
78 static int active_handles;
80 static int do_copy (int mode, const char *fname, KBNODE root,
81 off_t start_offset, unsigned int n_packets );
85 /* We keep a cache of entries that we have entered in the DB. This
86 includes not only public keys, but also subkeys.
88 Note: we'd like to keep the offset of the items that are present,
89 however, this doesn't work, because another concurrent GnuPG
90 process could modify the keyring. */
92 struct key_present *next;
96 /* For the hash table, we use separate chaining with linked lists.
97 This means that we have an array of N linked lists (buckets), which
98 is indexed by KEYID[1] mod N. Elements present in the keyring will
99 be on the list; elements not present in the keyring will not be on
102 Note: since the hash table stores both present and not present
103 information, it cannot be used until we complete a full scan of the
104 keyring. This is indicated by key_present_hash_ready. */
105 typedef struct key_present **key_present_hash_t;
106 static key_present_hash_t key_present_hash;
107 static int key_present_hash_ready;
109 #define KEY_PRESENT_HASH_BUCKETS 2048
111 /* Allocate a new value for a key present hash table. */
112 static struct key_present *
113 key_present_value_new (void)
115 struct key_present *k;
117 k = xmalloc_clear (sizeof *k);
121 /* Allocate a new key present hash table. */
122 static key_present_hash_t
123 key_present_hash_new (void)
125 struct key_present **tbl;
127 tbl = xmalloc_clear (KEY_PRESENT_HASH_BUCKETS * sizeof *tbl);
131 /* Return whether the value described by KID if it is in the hash
132 table. Otherwise, return NULL. */
133 static struct key_present *
134 key_present_hash_lookup (key_present_hash_t tbl, u32 *kid)
136 struct key_present *k;
138 for (k = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))]; k; k = k->next)
139 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
144 /* Add the key to the hash table TBL if it is not already present. */
146 key_present_hash_update (key_present_hash_t tbl, u32 *kid)
148 struct key_present *k;
150 for (k = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))]; k; k = k->next)
152 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
156 k = key_present_value_new ();
159 k->next = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))];
160 tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))] = k;
163 /* Add all the keys (public and subkeys) present in the keyblock to
166 key_present_hash_update_from_kb (key_present_hash_t tbl, KBNODE node)
168 for (; node; node = node->next)
170 if (node->pkt->pkttype == PKT_PUBLIC_KEY
171 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
174 keyid_from_pk (node->pkt->pkt.public_key, aki);
175 key_present_hash_update (tbl, aki);
181 * Register a filename for plain keyring files. ptr is set to a
182 * pointer to be used to create a handles etc, or the already-issued
183 * pointer if it has already been registered. The function returns 1
184 * if a new keyring was registered.
187 keyring_register_filename (const char *fname, int read_only, void **ptr)
192 /* There are open handles. */
195 for (kr=kr_resources; kr; kr = kr->next)
197 if (same_file_p (kr->fname, fname))
199 /* Already registered. */
207 kr = xmalloc (sizeof *kr + strlen (fname));
208 strcpy (kr->fname, fname);
209 kr->read_only = read_only;
212 kr->did_full_scan = 0;
213 /* keep a list of all issued pointers */
214 kr->next = kr_resources;
217 /* create the offset table the first time a function here is used */
218 if (!key_present_hash)
219 key_present_hash = key_present_hash_new ();
227 keyring_is_writable (void *token)
229 KR_RESOURCE r = token;
231 return r? (r->read_only || !access (r->fname, W_OK)) : 0;
236 /* Create a new handle for the resource associated with TOKEN.
237 On error NULL is returned and ERRNO is set.
238 The returned handle must be released using keyring_release (). */
240 keyring_new (void *token)
243 KR_RESOURCE resource = token;
245 log_assert (resource);
247 hd = xtrycalloc (1, sizeof *hd);
250 hd->resource = resource;
256 keyring_release (KEYRING_HANDLE hd)
260 log_assert (active_handles > 0);
262 xfree (hd->word_match.name);
263 xfree (hd->word_match.pattern);
264 iobuf_close (hd->current.iobuf);
269 /* Save the current found state in HD for later retrieval by
270 keybox_pop_found_state. Only one state may be saved. */
272 keyring_push_found_state (KEYRING_HANDLE hd)
274 hd->saved_found = hd->found;
279 /* Restore the saved found state in HD. */
281 keyring_pop_found_state (KEYRING_HANDLE hd)
283 hd->found = hd->saved_found;
284 hd->saved_found.kr = NULL;
289 keyring_get_resource_name (KEYRING_HANDLE hd)
291 if (!hd || !hd->resource)
293 return hd->resource->fname;
298 * Lock the keyring with the given handle, or unlock if YES is false.
299 * We ignore the handle and lock all registered files.
302 keyring_lock (KEYRING_HANDLE hd, int yes)
310 /* first make sure the lock handles are created */
311 for (kr=kr_resources; kr; kr = kr->next) {
312 if (!keyring_is_writable(kr))
315 kr->lockhd = dotlock_create (kr->fname, 0);
317 log_info ("can't allocate lock for '%s'\n", kr->fname );
318 rc = GPG_ERR_GENERAL;
325 /* and now set the locks */
326 for (kr=kr_resources; kr; kr = kr->next) {
327 if (!keyring_is_writable(kr))
332 #ifdef HAVE_W32_SYSTEM
333 /* Under Windows we need to CloseHandle the file before we
334 * try to lock it. This is because another process might
335 * have taken the lock and is using keybox_file_rename to
336 * rename the base file. How if our dotlock_take below is
337 * waiting for the lock but we have the base file still
338 * open, keybox_file_rename will never succeed as we are
340 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0,
342 #endif /*HAVE_W32_SYSTEM*/
343 if (dotlock_take (kr->lockhd, -1) ) {
344 log_info ("can't lock '%s'\n", kr->fname );
345 rc = GPG_ERR_GENERAL;
353 for (kr=kr_resources; kr; kr = kr->next) {
354 if (!keyring_is_writable(kr))
359 if (dotlock_release (kr->lockhd))
360 log_info ("can't unlock '%s'\n", kr->fname );
372 * Return the last found keyblock. Caller must free it.
373 * The returned keyblock has the kbode flag bit 0 set for the node with
374 * the public key used to locate the keyblock or flag bit 1 set for
378 keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
382 KBNODE keyblock = NULL, node, lastnode;
393 return -1; /* no successful search */
395 a = iobuf_open (hd->found.kr->fname);
398 log_error(_("can't open '%s'\n"), hd->found.kr->fname);
399 return GPG_ERR_KEYRING_OPEN;
402 if (iobuf_seek (a, hd->found.offset) ) {
403 log_error ("can't seek '%s'\n", hd->found.kr->fname);
405 return GPG_ERR_KEYRING_OPEN;
408 pkt = xmalloc (sizeof *pkt);
410 hd->found.n_packets = 0;;
412 save_mode = set_packet_list_mode(0);
413 while ((rc=parse_packet (a, pkt)) != -1) {
414 hd->found.n_packets++;
415 if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
420 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
423 /* It is not this key that is problematic, but the
427 hd->found.n_packets --;
430 /* Upper layer needs to handle this. */
436 log_error ("keyring_get_keyblock: read error: %s\n",
438 rc = GPG_ERR_INV_KEYRING;
442 /* Filter allowed packets. */
443 switch (pkt->pkttype)
446 case PKT_PUBLIC_SUBKEY:
448 case PKT_SECRET_SUBKEY:
452 break; /* Allowed per RFC. */
454 case PKT_OLD_COMMENT:
456 case PKT_GPG_CONTROL:
457 break; /* Allowed by us. */
460 log_error ("skipped packet of type %d in keyring\n",
467 if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY
468 || pkt->pkttype == PKT_SECRET_KEY)) {
469 hd->found.n_packets--; /* fix counter */
474 if (pkt->pkttype == PKT_RING_TRUST)
476 /*(this code is duplicated after the loop)*/
478 && lastnode->pkt->pkttype == PKT_SIGNATURE
479 && (pkt->pkt.ring_trust->sigcache & 1) ) {
480 /* This is a ring trust packet with a checked signature
481 * status cache following directly a signature paket.
482 * Set the cache status into that signature packet. */
483 PKT_signature *sig = lastnode->pkt->pkt.signature;
485 sig->flags.checked = 1;
486 sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
488 /* Reset LASTNODE, so that we set the cache status only from
489 * the ring trust packet immediately following a signature. */
497 node = lastnode = new_kbnode (pkt);
501 add_kbnode (keyblock, node);
502 switch (pkt->pkttype)
505 case PKT_PUBLIC_SUBKEY:
507 case PKT_SECRET_SUBKEY:
508 if (++pk_no == hd->found.pk_no)
513 if (++uid_no == hd->found.uid_no)
521 pkt = xmalloc (sizeof *pkt);
524 set_packet_list_mode(save_mode);
526 if (rc == -1 && keyblock)
527 rc = 0; /* got the entire keyblock */
530 release_kbnode (keyblock);
532 /*(duplicated from the loop body)*/
533 if ( pkt && pkt->pkttype == PKT_RING_TRUST
535 && lastnode->pkt->pkttype == PKT_SIGNATURE
536 && (pkt->pkt.ring_trust->sigcache & 1) ) {
537 PKT_signature *sig = lastnode->pkt->pkt.signature;
538 sig->flags.checked = 1;
539 sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
547 /* Make sure that future search operations fail immediately when
548 * we know that we are working on a invalid keyring
550 if (gpg_err_code (rc) == GPG_ERR_INV_KEYRING)
551 hd->current.error = rc;
557 keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
562 return -1; /* no successful prior search */
564 if (hd->found.kr->read_only)
565 return gpg_error (GPG_ERR_EACCES);
567 if (!hd->found.n_packets) {
568 /* need to know the number of packets - do a dummy get_keyblock*/
569 rc = keyring_get_keyblock (hd, NULL);
571 log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
574 if (!hd->found.n_packets)
578 /* The open iobuf isn't needed anymore and in fact is a problem when
579 it comes to renaming the keyring files on some operating systems,
581 iobuf_close(hd->current.iobuf);
582 hd->current.iobuf = NULL;
585 rc = do_copy (3, hd->found.kr->fname, kb,
586 hd->found.offset, hd->found.n_packets );
588 if (key_present_hash)
590 key_present_hash_update_from_kb (key_present_hash, kb);
592 /* better reset the found info */
594 hd->found.offset = 0;
600 keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
607 else if (hd->found.kr)
609 fname = hd->found.kr->fname;
610 if (hd->found.kr->read_only)
611 return gpg_error (GPG_ERR_EACCES);
613 else if (hd->current.kr)
615 fname = hd->current.kr->fname;
616 if (hd->current.kr->read_only)
617 return gpg_error (GPG_ERR_EACCES);
620 fname = hd->resource? hd->resource->fname:NULL;
623 return GPG_ERR_GENERAL;
625 /* Close this one otherwise we will lose the position for
626 * a next search. Fixme: it would be better to adjust the position
627 * after the write opertions.
629 iobuf_close (hd->current.iobuf);
630 hd->current.iobuf = NULL;
633 rc = do_copy (1, fname, kb, 0, 0 );
634 if (!rc && key_present_hash)
636 key_present_hash_update_from_kb (key_present_hash, kb);
644 keyring_delete_keyblock (KEYRING_HANDLE hd)
649 return -1; /* no successful prior search */
651 if (hd->found.kr->read_only)
652 return gpg_error (GPG_ERR_EACCES);
654 if (!hd->found.n_packets) {
655 /* need to know the number of packets - do a dummy get_keyblock*/
656 rc = keyring_get_keyblock (hd, NULL);
658 log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
661 if (!hd->found.n_packets)
665 /* close this one otherwise we will lose the position for
666 * a next search. Fixme: it would be better to adjust the position
667 * after the write opertions.
669 iobuf_close (hd->current.iobuf);
670 hd->current.iobuf = NULL;
673 rc = do_copy (2, hd->found.kr->fname, NULL,
674 hd->found.offset, hd->found.n_packets );
676 /* better reset the found info */
678 hd->found.offset = 0;
679 /* Delete is a rare operations, so we don't remove the keys
680 * from the offset table */
688 * Start the next search on this handle right at the beginning
691 keyring_search_reset (KEYRING_HANDLE hd)
695 hd->current.kr = NULL;
696 iobuf_close (hd->current.iobuf);
697 hd->current.iobuf = NULL;
699 hd->current.error = 0;
702 hd->found.offset = 0;
708 prepare_search (KEYRING_HANDLE hd)
710 if (hd->current.error) {
711 /* If the last key was a legacy key, we simply ignore the error so that
712 we can easily use search_next. */
713 if (gpg_err_code (hd->current.error) == GPG_ERR_LEGACY_KEY)
716 log_debug ("%s: last error was GPG_ERR_LEGACY_KEY, clearing\n",
718 hd->current.error = 0;
723 log_debug ("%s: returning last error: %s\n",
724 __func__, gpg_strerror (hd->current.error));
725 return hd->current.error; /* still in error state */
729 if (hd->current.kr && !hd->current.eof) {
730 if ( !hd->current.iobuf )
733 log_debug ("%s: missing iobuf!\n", __func__);
734 return GPG_ERR_GENERAL; /* Position invalid after a modify. */
739 if (!hd->current.kr && hd->current.eof)
742 log_debug ("%s: EOF!\n", __func__);
743 return -1; /* still EOF */
746 if (!hd->current.kr) { /* start search with first keyring */
747 hd->current.kr = hd->resource;
748 if (!hd->current.kr) {
750 log_debug ("%s: keyring not available!\n", __func__);
752 return -1; /* keyring not available */
754 log_assert (!hd->current.iobuf);
758 log_debug ("%s: EOF\n", __func__);
759 iobuf_close (hd->current.iobuf);
760 hd->current.iobuf = NULL;
761 hd->current.kr = NULL;
767 hd->current.iobuf = iobuf_open (hd->current.kr->fname);
768 if (!hd->current.iobuf)
770 hd->current.error = gpg_error_from_syserror ();
771 log_error(_("can't open '%s'\n"), hd->current.kr->fname );
772 return hd->current.error;
779 /* A map of the all characters valid used for word_match()
780 * Valid characters are in in this table converted to uppercase.
781 * because the upper 128 bytes have special meaning, we assume
782 * that they are all valid.
783 * Note: We must use numerical values here in case that this program
784 * will be converted to those little blue HAL9000s with their strange
785 * EBCDIC character set (user ids are UTF-8).
786 * wk 2000-04-13: Hmmm, does this really make sense, given the fact that
787 * we can run gpg now on a S/390 running GNU/Linux, where the code
788 * translation is done by the device drivers?
790 static const byte word_match_chars[256] = {
791 /* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
792 /* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
793 /* 10 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
794 /* 18 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
795 /* 20 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
796 /* 28 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
797 /* 30 */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
798 /* 38 */ 0x38, 0x39, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
799 /* 40 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
800 /* 48 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
801 /* 50 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
802 /* 58 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
803 /* 60 */ 0x00, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
804 /* 68 */ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
805 /* 70 */ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
806 /* 78 */ 0x58, 0x59, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00,
807 /* 80 */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
808 /* 88 */ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
809 /* 90 */ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
810 /* 98 */ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
811 /* a0 */ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
812 /* a8 */ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
813 /* b0 */ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
814 /* b8 */ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
815 /* c0 */ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
816 /* c8 */ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
817 /* d0 */ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
818 /* d8 */ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
819 /* e0 */ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
820 /* e8 */ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
821 /* f0 */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
822 /* f8 */ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
826 * Do a word match (original user id starts with a '+').
827 * The pattern is already tokenized to a more suitable format:
828 * There are only the real words in it delimited by one space
829 * and all converted to uppercase.
831 * Returns: 0 if all words match.
833 * Note: This algorithm is a straightforward one and not very
834 * fast. It works for UTF-8 strings. The uidlen should
835 * be removed but due to the fact that old versions of
836 * pgp don't use UTF-8 we still use the length; this should
837 * be fixed in parse-packet (and replace \0 by some special
841 word_match( const byte *uid, size_t uidlen, const byte *pattern )
847 for( s=pattern; *s; ) {
849 /* skip leading delimiters */
850 while( uidlen && !word_match_chars[*uid] )
852 /* get length of the word */
854 while( n && word_match_chars[*p] )
857 /* and compare against the current word from pattern */
858 for(n=0, p=uid; n < wlen && s[n] != ' ' && s[n] ; n++, p++ ) {
859 if( word_match_chars[*p] != s[n] )
862 if( n == wlen && (s[n] == ' ' || !s[n]) )
868 return -1; /* not found */
870 /* advance to next word in pattern */
871 for(; *s != ' ' && *s ; s++ )
876 return 0; /* found */
880 * prepare word word_match; that is parse the name and
882 * caller has to free the returned pattern
885 prepare_word_match (const byte *name)
890 /* the original length is always enough for the pattern */
891 p = pattern = xmalloc(strlen(name)+1);
893 /* skip leading delimiters */
894 while( *name && !word_match_chars[*name] )
896 /* copy as long as we don't have a delimiter and convert
898 * fixme: how can we handle utf8 uppercasing */
899 for( ; *name && (c=word_match_chars[*name]); name++ )
901 *p++ = ' '; /* append pattern delimiter */
903 p[-1] = 0; /* replace last pattern delimiter by EOS */
912 compare_name (int mode, const char *name, const char *uid, size_t uidlen)
917 if (mode == KEYDB_SEARCH_MODE_EXACT) {
918 for (i=0; name[i] && uidlen; i++, uidlen--)
919 if (uid[i] != name[i])
921 if (!uidlen && !name[i])
922 return 0; /* found */
924 else if (mode == KEYDB_SEARCH_MODE_SUBSTR) {
925 if (ascii_memistr( uid, uidlen, name ))
928 else if ( mode == KEYDB_SEARCH_MODE_MAIL
929 || mode == KEYDB_SEARCH_MODE_MAILSUB
930 || mode == KEYDB_SEARCH_MODE_MAILEND) {
932 for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
936 /* The UID is a plain addr-spec (cf. RFC2822 section 4.3). */
944 /* skip opening delim and one char and look for the closing one*/
946 for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
954 if (mode == KEYDB_SEARCH_MODE_MAIL) {
955 if( strlen(name)-2 == i
956 && !ascii_memcasecmp( s, name+1, i) )
959 else if (mode == KEYDB_SEARCH_MODE_MAILSUB) {
960 if( ascii_memistr( s, i, name ) )
963 else { /* email from end */
969 else if (mode == KEYDB_SEARCH_MODE_WORDS)
970 return word_match (uid, uidlen, name);
974 return -1; /* not found */
979 * Search through the keyring(s), starting at the current position,
980 * for a keyblock which contains one of the keys described in the DESC array.
983 keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
984 size_t ndesc, size_t *descindex, int ignore_legacy)
989 off_t offset, main_offset;
991 int need_uid, need_words, need_keyid, need_fpr, any_skip;
994 int scanned_from_start;
995 int use_key_present_hash;
996 PKT_user_id *uid = NULL;
997 PKT_public_key *pk = NULL;
1000 /* figure out what information we need */
1001 need_uid = need_words = need_keyid = need_fpr = any_skip = 0;
1002 for (n=0; n < ndesc; n++)
1004 switch (desc[n].mode)
1006 case KEYDB_SEARCH_MODE_EXACT:
1007 case KEYDB_SEARCH_MODE_SUBSTR:
1008 case KEYDB_SEARCH_MODE_MAIL:
1009 case KEYDB_SEARCH_MODE_MAILSUB:
1010 case KEYDB_SEARCH_MODE_MAILEND:
1013 case KEYDB_SEARCH_MODE_WORDS:
1017 case KEYDB_SEARCH_MODE_SHORT_KID:
1018 case KEYDB_SEARCH_MODE_LONG_KID:
1021 case KEYDB_SEARCH_MODE_FPR16:
1022 case KEYDB_SEARCH_MODE_FPR20:
1023 case KEYDB_SEARCH_MODE_FPR:
1026 case KEYDB_SEARCH_MODE_FIRST:
1027 /* always restart the search in this mode */
1028 keyring_search_reset (hd);
1032 if (desc[n].skipfnc)
1040 log_debug ("%s: need_uid = %d; need_words = %d; need_keyid = %d; need_fpr = %d; any_skip = %d\n",
1041 __func__, need_uid, need_words, need_keyid, need_fpr, any_skip);
1043 rc = prepare_search (hd);
1047 log_debug ("%s: prepare_search failed: %s (%d)\n",
1048 __func__, gpg_strerror (rc), gpg_err_code (rc));
1052 use_key_present_hash = !!key_present_hash;
1053 if (!use_key_present_hash)
1056 log_debug ("%s: no offset table.\n", __func__);
1058 else if (!key_present_hash_ready)
1061 log_debug ("%s: initializing offset table. (need_keyid: %d => 1)\n",
1062 __func__, need_keyid);
1065 else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
1067 struct key_present *oi;
1070 log_debug ("%s: look up by long key id, checking cache\n", __func__);
1072 oi = key_present_hash_lookup (key_present_hash, desc[0].u.kid);
1074 { /* We know that we don't have this key */
1076 log_debug ("%s: cache says not present\n", __func__);
1077 hd->found.kr = NULL;
1078 hd->current.eof = 1;
1081 /* We could now create a positive search status and return.
1082 * However the problem is that another instance of gpg may
1083 * have changed the keyring so that the offsets are not valid
1084 * anymore - therefore we don't do it
1090 const char *name = NULL;
1092 log_debug ("word search mode does not yet work\n");
1093 /* FIXME: here is a long standing bug in our function and in addition we
1094 just use the first search description */
1095 for (n=0; n < ndesc && !name; n++)
1097 if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
1098 name = desc[n].u.name;
1101 if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
1104 xfree (hd->word_match.name);
1105 xfree (hd->word_match.pattern);
1106 hd->word_match.name = xstrdup (name);
1107 hd->word_match.pattern = prepare_word_match (name);
1109 /* name = hd->word_match.pattern; */
1113 save_mode = set_packet_list_mode(0);
1115 hd->found.kr = NULL;
1118 initial_skip = 1; /* skip until we see the start of a keyblock */
1119 scanned_from_start = iobuf_tell (hd->current.iobuf) == 0;
1121 log_debug ("%s: %ssearching from start of resource.\n",
1122 __func__, scanned_from_start ? "" : "not ");
1125 byte afp[MAX_FINGERPRINT_LEN];
1128 rc = search_packet (hd->current.iobuf, &pkt, &offset, need_uid);
1129 if (ignore_legacy && gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1137 if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY)
1139 main_offset = offset;
1151 if ( pkt.pkttype == PKT_PUBLIC_KEY
1152 || pkt.pkttype == PKT_PUBLIC_SUBKEY
1153 || pkt.pkttype == PKT_SECRET_KEY
1154 || pkt.pkttype == PKT_SECRET_SUBKEY)
1156 pk = pkt.pkt.public_key;
1160 fingerprint_from_pk (pk, afp, &an);
1161 while (an < 20) /* fill up to 20 bytes */
1165 keyid_from_pk (pk, aki);
1167 if (use_key_present_hash
1168 && !key_present_hash_ready
1169 && scanned_from_start)
1170 key_present_hash_update (key_present_hash, aki);
1172 else if (pkt.pkttype == PKT_USER_ID)
1174 uid = pkt.pkt.user_id;
1178 for (n=0; n < ndesc; n++)
1180 switch (desc[n].mode) {
1181 case KEYDB_SEARCH_MODE_NONE:
1184 case KEYDB_SEARCH_MODE_EXACT:
1185 case KEYDB_SEARCH_MODE_SUBSTR:
1186 case KEYDB_SEARCH_MODE_MAIL:
1187 case KEYDB_SEARCH_MODE_MAILSUB:
1188 case KEYDB_SEARCH_MODE_MAILEND:
1189 case KEYDB_SEARCH_MODE_WORDS:
1190 if ( uid && !compare_name (desc[n].mode,
1192 uid->name, uid->len))
1196 case KEYDB_SEARCH_MODE_SHORT_KID:
1197 if (pk && desc[n].u.kid[1] == aki[1])
1200 case KEYDB_SEARCH_MODE_LONG_KID:
1201 if (pk && desc[n].u.kid[0] == aki[0]
1202 && desc[n].u.kid[1] == aki[1])
1205 case KEYDB_SEARCH_MODE_FPR16:
1206 if (pk && !memcmp (desc[n].u.fpr, afp, 16))
1209 case KEYDB_SEARCH_MODE_FPR20:
1210 case KEYDB_SEARCH_MODE_FPR:
1211 if (pk && !memcmp (desc[n].u.fpr, afp, 20))
1214 case KEYDB_SEARCH_MODE_FIRST:
1218 case KEYDB_SEARCH_MODE_NEXT:
1223 rc = GPG_ERR_INV_ARG;
1234 log_debug ("%s: packet starting at offset %lld matched descriptor %zu\n"
1235 , __func__, (long long)offset, n);
1237 /* Record which desc we matched on. Note this value is only
1238 meaningful if this function returns with no errors. */
1241 for (n=any_skip?0:ndesc; n < ndesc; n++)
1244 && desc[n].skipfnc (desc[n].skipfncvalue, aki, uid_no))
1247 log_debug ("%s: skipping match: desc %zd's skip function returned TRUE\n",
1260 log_debug ("%s: returning success\n", __func__);
1261 hd->found.offset = main_offset;
1262 hd->found.kr = hd->current.kr;
1263 hd->found.pk_no = pk? pk_no : 0;
1264 hd->found.uid_no = uid? uid_no : 0;
1269 log_debug ("%s: no matches (EOF)\n", __func__);
1271 hd->current.eof = 1;
1272 /* if we scanned all keyrings, we are sure that
1273 * all known key IDs are in our offtbl, mark that. */
1274 if (use_key_present_hash
1275 && !key_present_hash_ready
1276 && scanned_from_start)
1280 /* First set the did_full_scan flag for this keyring. */
1281 for (kr=kr_resources; kr; kr = kr->next)
1283 if (hd->resource == kr)
1285 kr->did_full_scan = 1;
1289 /* Then check whether all flags are set and if so, mark the
1291 for (kr=kr_resources; kr; kr = kr->next)
1293 if (!kr->did_full_scan)
1297 key_present_hash_ready = 1;
1303 log_debug ("%s: error encountered during search: %s (%d)\n",
1304 __func__, gpg_strerror (rc), rc);
1305 hd->current.error = rc;
1309 set_packet_list_mode(save_mode);
1315 create_tmp_file (const char *template,
1316 char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
1321 err = keybox_tmp_names (template, 1, r_bakfname, r_tmpfname);
1325 /* Create the temp file with limited access. Note that the umask
1326 call is not anymore needed because iobuf_create now takes care of
1327 it. However, it does not harm and thus we keep it. */
1328 oldmask = umask (077);
1329 if (is_secured_filename (*r_tmpfname))
1332 gpg_err_set_errno (EPERM);
1335 *r_fp = iobuf_create (*r_tmpfname, 1);
1339 err = gpg_error_from_syserror ();
1340 log_error (_("can't create '%s': %s\n"), *r_tmpfname, gpg_strerror (err));
1341 xfree (*r_tmpfname);
1343 xfree (*r_bakfname);
1352 rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname)
1357 /* Invalidate close caches. */
1358 if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname ))
1360 rc = gpg_error_from_syserror ();
1363 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)bakfname );
1364 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname );
1366 /* First make a backup file. */
1368 rc = gnupg_rename_file (fname, bakfname, &block);
1372 /* then rename the file */
1373 rc = gnupg_rename_file (tmpfname, fname, NULL);
1376 gnupg_unblock_all_signals ();
1381 register_secured_file (fname);
1385 /* Now make sure the file has the same permissions as the original */
1386 #ifndef HAVE_DOSISH_SYSTEM
1388 struct stat statbuf;
1390 statbuf.st_mode=S_IRUSR | S_IWUSR;
1392 if (!stat (bakfname, &statbuf) && !chmod (fname, statbuf.st_mode))
1395 log_error ("WARNING: unable to restore permissions to '%s': %s",
1396 fname, strerror(errno));
1404 gnupg_unblock_all_signals ();
1410 write_keyblock (IOBUF fp, KBNODE keyblock)
1412 KBNODE kbctx = NULL, node;
1415 while ( (node = walk_kbnode (keyblock, &kbctx, 0)) )
1417 if (node->pkt->pkttype == PKT_RING_TRUST)
1418 continue; /* we write it later on our own */
1420 if ( (rc = build_packet (fp, node->pkt) ))
1422 log_error ("build_packet(%d) failed: %s\n",
1423 node->pkt->pkttype, gpg_strerror (rc) );
1426 if (node->pkt->pkttype == PKT_SIGNATURE)
1427 { /* always write a signature cache packet */
1428 PKT_signature *sig = node->pkt->pkt.signature;
1429 unsigned int cacheval = 0;
1431 if (sig->flags.checked)
1434 if (sig->flags.valid)
1437 iobuf_put (fp, 0xb0); /* old style packet 12, 1 byte len*/
1438 iobuf_put (fp, 2); /* 2 bytes */
1439 iobuf_put (fp, 0); /* unused */
1440 if (iobuf_put (fp, cacheval))
1442 rc = gpg_error_from_syserror ();
1443 log_error ("writing sigcache packet failed\n");
1452 * Walk over all public keyrings, check the signatures and replace the
1453 * keyring with a new one where the signature cache is then updated.
1454 * This is only done for the public keyrings.
1457 keyring_rebuild_cache (void *token,int noisy)
1460 KEYDB_SEARCH_DESC desc;
1461 KBNODE keyblock = NULL, node;
1462 const char *lastresname = NULL, *resname;
1464 char *tmpfilename = NULL;
1465 char *bakfilename = NULL;
1467 ulong count = 0, sigcount = 0;
1469 hd = keyring_new (token);
1471 return gpg_error_from_syserror ();
1472 memset (&desc, 0, sizeof desc);
1473 desc.mode = KEYDB_SEARCH_MODE_FIRST;
1475 rc=keyring_lock (hd, 1);
1481 rc = keyring_search (hd, &desc, 1, NULL, 1 /* ignore_legacy */);
1485 desc.mode = KEYDB_SEARCH_MODE_NEXT;
1486 resname = keyring_get_resource_name (hd);
1487 if (lastresname != resname )
1488 { /* we have switched to a new keyring - commit changes */
1491 if (iobuf_close (tmpfp))
1493 rc = gpg_error_from_syserror ();
1494 log_error ("error closing '%s': %s\n",
1495 tmpfilename, strerror (errno));
1498 /* because we have switched resources, we can be sure that
1499 * the original file is closed */
1502 /* Static analyzer note: BAKFILENAME is never NULL here
1503 because it is controlled by LASTRESNAME. */
1504 rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
1506 xfree (tmpfilename); tmpfilename = NULL;
1507 xfree (bakfilename); bakfilename = NULL;
1510 lastresname = resname;
1511 if (noisy && !opt.quiet)
1512 log_info (_("caching keyring '%s'\n"), resname);
1513 rc = create_tmp_file (resname, &bakfilename, &tmpfilename, &tmpfp);
1518 release_kbnode (keyblock);
1519 rc = keyring_get_keyblock (hd, &keyblock);
1522 if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
1523 continue; /* Skip legacy keys. */
1524 log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc));
1527 if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
1529 /* We had a few reports about corrupted keyrings; if we have
1530 been called directly from the command line we delete such
1531 a keyblock instead of bailing out. */
1532 log_error ("unexpected keyblock found (pkttype=%d)%s\n",
1533 keyblock->pkt->pkttype, noisy? " - deleted":"");
1536 log_info ("Hint: backup your keys and try running '%s'\n",
1537 "gpg --rebuild-keydb-caches");
1538 rc = gpg_error (GPG_ERR_INV_KEYRING);
1542 if (keyblock->pkt->pkt.public_key->version < 4)
1544 /* We do not copy/cache v3 keys or any other unknown
1545 packets. It is better to remove them from the keyring.
1546 The code required to keep them in the keyring would be
1547 too complicated. Given that we do not touch the old
1548 secring.gpg a suitable backup for decryption of v3 stuff
1549 using an older gpg version will always be available.
1550 Note: This test is actually superfluous because we
1551 already acted upon GPG_ERR_LEGACY_KEY. */
1555 /* Check all signature to set the signature's cache flags. */
1556 for (node=keyblock; node; node=node->next)
1558 /* Note that this doesn't cache the result of a
1559 revocation issued by a designated revoker. This is
1560 because the pk in question does not carry the revkeys
1561 as we haven't merged the key and selfsigs. It is
1562 questionable whether this matters very much since
1563 there are very very few designated revoker revocation
1564 packets out there. */
1565 if (node->pkt->pkttype == PKT_SIGNATURE)
1567 PKT_signature *sig=node->pkt->pkt.signature;
1569 if(!opt.no_sig_cache && sig->flags.checked && sig->flags.valid
1570 && (openpgp_md_test_algo(sig->digest_algo)
1571 || openpgp_pk_test_algo(sig->pubkey_algo)))
1572 sig->flags.checked=sig->flags.valid=0;
1574 check_key_signature (keyblock, node, NULL);
1580 /* Write the keyblock to the temporary file. */
1581 rc = write_keyblock (tmpfp, keyblock);
1585 if ( !(++count % 50) && noisy && !opt.quiet)
1586 log_info (ngettext("%lu keys cached so far (%lu signature)\n",
1587 "%lu keys cached so far (%lu signatures)\n",
1591 } /* end main loop */
1596 log_error ("keyring_search failed: %s\n", gpg_strerror (rc));
1600 if (noisy || opt.verbose)
1602 log_info (ngettext("%lu key cached",
1603 "%lu keys cached", count), count);
1604 log_printf (ngettext(" (%lu signature)\n",
1605 " (%lu signatures)\n", sigcount), sigcount);
1610 if (iobuf_close (tmpfp))
1612 rc = gpg_error_from_syserror ();
1613 log_error ("error closing '%s': %s\n",
1614 tmpfilename, strerror (errno));
1617 /* because we have switched resources, we can be sure that
1618 * the original file is closed */
1621 rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
1623 xfree (tmpfilename); tmpfilename = NULL;
1624 xfree (bakfilename); bakfilename = NULL;
1628 iobuf_cancel (tmpfp);
1629 xfree (tmpfilename);
1630 xfree (bakfilename);
1631 release_kbnode (keyblock);
1632 keyring_lock (hd, 0);
1633 keyring_release (hd);
1639 * Perform insert/delete/update operation.
1645 do_copy (int mode, const char *fname, KBNODE root,
1646 off_t start_offset, unsigned int n_packets )
1650 char *bakfname = NULL;
1651 char *tmpfname = NULL;
1653 /* Open the source file. Because we do a rename, we have to check the
1654 permissions of the file */
1655 if (access (fname, W_OK))
1656 return gpg_error_from_syserror ();
1658 fp = iobuf_open (fname);
1659 if (mode == 1 && !fp && errno == ENOENT) {
1660 /* insert mode but file does not exist: create a new file */
1665 if (is_secured_filename (fname)) {
1667 gpg_err_set_errno (EPERM);
1670 newfp = iobuf_create (fname, 1);
1674 rc = gpg_error_from_syserror ();
1675 log_error (_("can't create '%s': %s\n"), fname, strerror(errno));
1679 log_info(_("%s: keyring created\n"), fname );
1682 while ( (node = walk_kbnode( root, &kbctx, 0 )) ) {
1683 if( (rc = build_packet( newfp, node->pkt )) ) {
1684 log_error("build_packet(%d) failed: %s\n",
1685 node->pkt->pkttype, gpg_strerror (rc) );
1686 iobuf_cancel(newfp);
1690 if( iobuf_close(newfp) ) {
1691 rc = gpg_error_from_syserror ();
1692 log_error ("%s: close failed: %s\n", fname, strerror(errno));
1695 return 0; /* ready */
1700 rc = gpg_error_from_syserror ();
1701 log_error(_("can't open '%s': %s\n"), fname, strerror(errno) );
1705 /* Create the new file. */
1706 rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp);
1712 if( mode == 1 ) { /* insert */
1713 /* copy everything to the new file */
1714 rc = copy_all_packets (fp, newfp);
1716 log_error("%s: copy to '%s' failed: %s\n",
1717 fname, tmpfname, gpg_strerror (rc) );
1719 iobuf_cancel(newfp);
1724 if( mode == 2 || mode == 3 ) { /* delete or update */
1725 /* copy first part to the new file */
1726 rc = copy_some_packets( fp, newfp, start_offset );
1727 if( rc ) { /* should never get EOF here */
1728 log_error ("%s: copy to '%s' failed: %s\n",
1729 fname, tmpfname, gpg_strerror (rc) );
1731 iobuf_cancel(newfp);
1734 /* skip this keyblock */
1735 log_assert( n_packets );
1736 rc = skip_some_packets( fp, n_packets );
1738 log_error("%s: skipping %u packets failed: %s\n",
1739 fname, n_packets, gpg_strerror (rc));
1741 iobuf_cancel(newfp);
1746 if( mode == 1 || mode == 3 ) { /* insert or update */
1747 rc = write_keyblock (newfp, root);
1750 iobuf_cancel(newfp);
1755 if( mode == 2 || mode == 3 ) { /* delete or update */
1757 rc = copy_all_packets( fp, newfp );
1759 log_error("%s: copy to '%s' failed: %s\n",
1760 fname, tmpfname, gpg_strerror (rc) );
1762 iobuf_cancel(newfp);
1767 /* close both files */
1768 if( iobuf_close(fp) ) {
1769 rc = gpg_error_from_syserror ();
1770 log_error("%s: close failed: %s\n", fname, strerror(errno) );
1773 if( iobuf_close(newfp) ) {
1774 rc = gpg_error_from_syserror ();
1775 log_error("%s: close failed: %s\n", tmpfname, strerror(errno) );
1779 rc = rename_tmp_file (bakfname, tmpfname, fname);