| blob | 2c894312da94110eb6a929b1fe03dddeb8b51805 |
1 /* keyring.c - keyring file handling
2 * Copyright (C) 2001, 2004, 2009 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
20 #include <config.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <errno.h>
25 #include <assert.h>
26 #include <unistd.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
39 /* off_item is a funny named for an object used to keep track of known
40 * keys. The idea was to use the offset to seek to the known keyblock, but
41 * this is not possible if more than one process is using the keyring.
42 */
46 /*off_t off;*/
47 };
53 struct keyring_name
54 {
58 DOTLOCK lockhd;
62 };
73 CONST_KR_NAME resource;
76 CONST_KR_NAME kr;
77 IOBUF iobuf;
82 CONST_KR_NAME kr;
83 off_t offset;
92 };
100 \f
103 {
108 }
110 #if 0
111 static void
113 {
117 {
120 }
121 }
122 #endif
124 static OffsetHashTable
126 {
131 }
133 #if 0
134 static void
136 {
144 }
145 #endif
149 {
156 }
158 static void
160 {
166 {
168 {
169 /*k->off = off;*/
171 }
172 }
177 /*k->off = off;*/
180 }
182 static void
184 {
186 {
189 {
193 }
194 }
195 }
197 /*
198 * Register a filename for plain keyring files. ptr is set to a
199 * pointer to be used to create a handles etc, or the already-issued
200 * pointer if it has already been registered. The function returns 1
201 * if a new keyring was registered.
202 */
203 int
206 {
207 KR_NAME kr;
213 {
215 {
216 /* Already registered. */
221 }
222 }
234 /* keep a list of all issued pointers */
238 /* create the offset table the first time a function here is used */
245 }
247 int
249 {
253 }
256 \f
257 /* Create a new handle for the resource associated with TOKEN. SECRET
258 is just just as a cross-check.
260 The returned handle must be released using keyring_release (). */
261 KEYRING_HANDLE
263 {
264 KEYRING_HANDLE hd;
272 active_handles++;
274 }
276 void
278 {
282 active_handles--;
287 }
292 {
296 }
299 /*
300 * Lock the keyring with the given handle, or unlock if YES is false.
301 * We ignore the handle and lock all registered files.
302 */
303 int
305 {
306 KR_NAME kr;
312 /* first make sure the lock handles are created */
321 }
322 }
323 }
327 /* and now set the locks */
332 ;
336 }
337 else
339 }
340 }
347 ;
350 else
352 }
353 }
356 }
359 \f
360 /*
361 * Return the last found keyring. Caller must free it.
362 * The returned keyblock has the kbode flag bit 0 set for the node with
363 * the public key used to locate the keyblock or flag bit 1 set for
364 * the user ID node.
365 */
366 int
368 {
372 IOBUF a;
386 {
389 }
395 }
408 }
414 }
420 }
426 }
430 {
431 /*(this code is duplicated after the loop)*/
435 /* This is a ring trust packet with a checked signature
436 * status cache following directly a signature paket.
437 * Set the cache status into that signature packet. */
442 }
443 /* Reset LASTNODE, so that we set the cache status only from
444 * the ring trust packet immediately following a signature. */
449 }
455 else
458 {
474 }
478 }
487 /*(duplicated form the loop body)*/
489 && lastnode
495 }
497 }
502 /* Make sure that future search operations fail immediately when
503 * we know that we are working on a invalid keyring
504 */
509 }
511 int
513 {
523 /* need to know the number of packets - do a dummy get_keyblock*/
528 }
531 }
533 /* The open iobuf isn't needed anymore and in fact is a problem when
534 it comes to renaming the keyring files on some operating systems,
535 so close it here */
539 /* do the update */
544 {
546 }
547 /* better reset the found info */
550 }
552 }
554 int
556 {
563 {
567 }
569 {
573 }
574 else
580 /* Close this one otherwise we will lose the position for
581 * a next search. Fixme: it would be better to adjust the position
582 * after the write opertions.
583 */
587 /* do the insert */
590 {
592 }
595 }
598 int
600 {
610 /* need to know the number of packets - do a dummy get_keyblock*/
615 }
618 }
620 /* close this one otherwise we will lose the position for
621 * a next search. Fixme: it would be better to adjust the position
622 * after the write opertions.
623 */
627 /* do the delete */
631 /* better reset the found info */
634 /* Delete is a rare operations, so we don't remove the keys
635 * from the offset table */
636 }
638 }
641 \f
642 /*
643 * Start the next search on this handle right at the beginning
644 */
645 int
647 {
659 }
662 static int
664 {
672 }
682 }
684 }
691 }
696 {
700 }
703 }
705 \f
706 /* A map of the all characters valid used for word_match()
707 * Valid characters are in in this table converted to uppercase.
708 * because the upper 128 bytes have special meaning, we assume
709 * that they are all valid.
710 * Note: We must use numerical values here in case that this program
711 * will be converted to those little blue HAL9000s with their strange
712 * EBCDIC character set (user ids are UTF-8).
713 * wk 2000-04-13: Hmmm, does this really make sense, given the fact that
714 * we can run gpg now on a S/390 running GNU/Linux, where the code
715 * translation is done by the device drivers?
716 */
750 };
752 /****************
753 * Do a word match (original user id starts with a '+').
754 * The pattern is already tokenized to a more suitable format:
755 * There are only the real words in it delimited by one space
756 * and all converted to uppercase.
757 *
758 * Returns: 0 if all words match.
759 *
760 * Note: This algorithm is a straightforward one and not very
761 * fast. It works for UTF-8 strings. The uidlen should
762 * be removed but due to the fact that old versions of
763 * pgp don't use UTF-8 we still use the length; this should
764 * be fixed in parse-packet (and replace \0 by some special
765 * UTF-8 encoding)
766 */
767 static int
769 {
776 /* skip leading delimiters */
779 /* get length of the word */
784 /* and compare against the current word from pattern */
788 }
797 /* advance to next word in pattern */
799 ;
801 s++ ;
802 }
804 }
806 /****************
807 * prepare word word_match; that is parse the name and
808 * build the pattern.
809 * caller has to free the returned pattern
810 */
813 {
817 /* the original length is always enough for the pattern */
820 /* skip leading delimiters */
822 name++;
823 /* copy as long as we don't have a delimiter and convert
824 * to uppercase.
825 * fixme: how can we handle utf8 uppercasing */
833 }
838 static int
840 {
850 }
854 }
859 ;
861 /* skip opening delim and one char and look for the closing one*/
864 ;
871 }
875 }
877 /* nyi */
878 }
879 }
880 }
881 }
884 else
888 }
890 \f
891 /*
892 * Search through the keyring(s), starting at the current position,
893 * for a keyblock which contains one of the keys described in the DESC array.
894 */
895 int
898 {
900 PACKET pkt;
913 /* figure out what information we need */
916 {
918 {
940 /* always restart the search in this mode */
944 }
946 {
949 }
950 }
958 ;
962 {
971 }
972 /* We could now create a positive search status and return.
973 * However the problem is that another instance of gpg may
974 * have changed the keyring so that the offsets are not valid
975 * anymore - therefore we don't do it
976 */
977 }
980 {
984 /* FIXME: here is a long standing bug in our function and in addition we
985 just use the first search description */
987 {
990 }
993 {
994 /* name changed */
999 }
1001 }
1011 {
1016 {
1020 }
1022 {
1025 }
1032 {
1040 }
1046 }
1048 {
1051 }
1054 {
1062 }
1066 }
1069 {
1115 }
1116 }
1119 found:
1120 /* Record which desc we matched on. Note this value is only
1121 meaningful if this function returns with no errors. */
1125 {
1129 }
1133 }
1134 real_found:
1136 {
1141 }
1143 {
1145 /* if we scanned all keyrings, we are sure that
1146 * all known key IDs are in our offtbl, mark that. */
1148 {
1149 KR_NAME kr;
1151 /* First set the did_full_scan flag for this keyring (ignore
1152 secret keyrings) */
1154 {
1156 {
1159 }
1160 }
1161 /* Then check whether all flags are set and if so, mark the
1162 offtbl ready */
1164 {
1167 }
1170 }
1171 }
1172 else
1178 }
1181 static int
1184 {
1186 mode_t oldmask;
1191 # ifdef USE_ONLY_8DOT3
1192 /* Here is another Windoze bug?:
1193 * you cant rename("pubring.gpg.tmp", "pubring.gpg");
1194 * but rename("pubring.gpg.tmp", "pubring.aaa");
1195 * works. So we replace .gpg by .bak or .tmp
1196 */
1199 {
1207 }
1208 else
1215 }
1224 /* Create the temp file with limited access */
1227 {
1230 }
1231 else
1235 {
1241 }
1246 }
1249 static int
1252 {
1255 /* It's a secret keyring, so let's force a fsync just to be safe on
1256 filesystems that may not sync data and metadata together
1257 (e.g. ext4). */
1259 {
1262 }
1264 /* Invalidate close caches. */
1266 {
1269 }
1273 /* first make a backup file except for secret keyrings */
1275 {
1276 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
1278 #endif
1280 {
1285 }
1286 }
1288 /* then rename the file */
1289 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
1291 #endif
1295 {
1301 }
1303 /* Now make sure the file has the same permissions as the original */
1305 #ifndef HAVE_DOSISH_SYSTEM
1306 {
1314 ;
1315 else
1318 }
1319 #endif
1323 fail:
1325 {
1330 }
1332 }
1335 static int
1337 {
1342 {
1347 {
1351 }
1358 {
1362 }
1367 {
1371 }
1372 }
1373 }
1375 }
1377 /*
1378 * Walk over all public keyrings, check the signatures and replace the
1379 * keyring with a new one where the signature cache is then updated.
1380 * This is only done for the public keyrings.
1381 */
1382 int
1384 {
1385 KEYRING_HANDLE hd;
1386 KEYDB_SEARCH_DESC desc;
1404 {
1410 {
1412 {
1417 }
1418 /* because we have switched resources, we can be sure that
1419 * the original file is closed */
1421 }
1434 }
1439 {
1442 }
1445 /* check all signature to set the signature's cache flags */
1447 {
1448 /* Note that this doesn't cache the result of a revocation
1449 issued by a designated revoker. This is because the pk
1450 in question does not carry the revkeys as we haven't
1451 merged the key and selfsigs. It is questionable whether
1452 this matters very much since there are very very few
1453 designated revoker revocation packets out there. */
1456 {
1463 else
1466 sigcount++;
1467 }
1468 }
1470 /* write the keyblock to the temporary file */
1483 {
1486 }
1490 {
1492 {
1497 }
1498 /* because we have switched resources, we can be sure that
1499 * the original file is closed */
1501 }
1507 leave:
1516 }
1518 \f
1519 /****************
1520 * Perform insert/delete/update operation.
1521 * mode 1 = insert
1522 * 2 = delete
1523 * 3 = update
1524 */
1525 static int
1528 {
1534 /* Open the source file. Because we do a rename, we have to check the
1535 permissions of the file */
1541 /* insert mode but file does not exist: create a new file */
1543 mode_t oldmask;
1549 }
1550 else
1554 {
1558 }
1569 }
1570 }
1575 }
1577 }
1580 {
1584 }
1586 /* Create the new file. */
1591 }
1596 /* copy everything to the new file */
1606 }
1608 }
1611 /* copy first part to the new file */
1621 }
1622 /* skip this keyblock */
1633 }
1634 }
1644 }
1645 }
1648 /* copy the rest */
1658 }
1660 }
1662 /* close both files */
1667 }
1672 }
1676 leave:
1680 }