search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translate the oktext (yes/no).
[gnupg.git] / keyserver / gpgkeys_ldap.c
blobf44a5c369b41ccb44f846fda593e0adff2bf7d55
1 /* gpgkeys_ldap.c - talk to a LDAP keyserver
2 * Copyright (C) 2001, 2002, 2004, 2005, 2006
3 * 2007 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 *
20 * In addition, as a special exception, the Free Software Foundation
21 * gives permission to link the code of the keyserver helper tools:
22 * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
23 * project's "OpenSSL" library (or with modified versions of it that
24 * use the same license as the "OpenSSL" library), and distribute the
25 * linked executables. You must obey the GNU General Public License
26 * in all respects for all of the code used other than "OpenSSL". If
27 * you modify this file, you may extend this exception to your version
28 * of the file, but you are not obligated to do so. If you do not
29 * wish to do so, delete this exception statement from your version.
30 */
31
32 #include <config.h>
33 #include <stdio.h>
34 #include <string.h>
35 #include <time.h>
36 #include <unistd.h>
37 #ifdef HAVE_GETOPT_H
38 #include <getopt.h>
39 #endif
40 #include <stdlib.h>
41 #include <errno.h>
42 #include <assert.h>
43
44 #ifdef _WIN32
45 #include <winsock2.h>
46 #include <winldap.h>
47 #else
48 #ifdef NEED_LBER_H
49 #include <lber.h>
50 #endif
51 /* For OpenLDAP, to enable the API that we're using. */
52 #define LDAP_DEPRECATED 1
53 #include <ldap.h>
54 #endif
55
56 #include "util.h"
57 #include "keyserver.h"
58 #include "ksutil.h"
59
60 #ifdef __riscos__
61 #include "util.h"
62 #endif
63
64 extern char *optarg;
65 extern int optind;
66
67 static int real_ldap=0;
68 static char *basekeyspacedn=NULL;
69 static char *pgpkeystr="pgpKey";
70 static FILE *input=NULL,*output=NULL,*console=NULL;
71 static LDAP *ldap=NULL;
72 static struct ks_options *opt;
73
74 #ifndef HAVE_TIMEGM
75 time_t timegm(struct tm *tm);
76 #endif
77
78 static int
79 ldap_err_to_gpg_err(int err)
80 {
81 int ret;
82
83 switch(err)
84 {
85 case LDAP_ALREADY_EXISTS:
86 ret=KEYSERVER_KEY_EXISTS;
87 break;
88
89 case LDAP_SERVER_DOWN:
90 ret=KEYSERVER_UNREACHABLE;
91 break;
92
93 default:
94 ret=KEYSERVER_GENERAL_ERROR;
95 break;
96 }
97
98 return ret;
99 }
100
101 static int
102 ldap_to_gpg_err(LDAP *ld)
103 {
104 #if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER)
105
106 int err;
107
108 if(ldap_get_option(ld,LDAP_OPT_ERROR_NUMBER,&err)==0)
109 return ldap_err_to_gpg_err(err);
110 else
111 return KEYSERVER_GENERAL_ERROR;
112
113 #elif defined(HAVE_LDAP_LD_ERRNO)
114
115 return ldap_err_to_gpg_err(ld->ld_errno);
116
117 #else
118
119 /* We should never get here since the LDAP library should always
120 have either ldap_get_option or ld_errno, but just in case... */
121 return KEYSERVER_GENERAL_ERROR;
122
123 #endif
124 }
125
126 static int
127 key_in_keylist(const char *key,struct keylist *list)
128 {
129 struct keylist *keyptr=list;
130
131 while(keyptr!=NULL)
132 {
133 if(strcasecmp(key,keyptr->str)==0)
134 return 1;
135
136 keyptr=keyptr->next;
137 }
138
139 return 0;
140 }
141
142 static int
143 add_key_to_keylist(const char *key,struct keylist **list)
144 {
145 struct keylist *keyptr=malloc(sizeof(struct keylist));
146
147 if(keyptr==NULL)
148 {
149 fprintf(console,"gpgkeys: out of memory when deduping "
150 "key list\n");
151 return KEYSERVER_NO_MEMORY;
152 }
153
154 strncpy(keyptr->str,key,MAX_LINE);
155 keyptr->str[MAX_LINE-1]='\0';
156 keyptr->next=*list;
157 *list=keyptr;
158
159 return 0;
160 }
161
162 static void
163 free_keylist(struct keylist *list)
164 {
165 while(list!=NULL)
166 {
167 struct keylist *keyptr=list;
168
169 list=keyptr->next;
170 free(keyptr);
171 }
172 }
173
174 static time_t
175 ldap2epochtime(const char *timestr)
176 {
177 struct tm pgptime;
178 time_t answer;
179
180 memset(&pgptime,0,sizeof(pgptime));
181
182 /* YYYYMMDDHHmmssZ */
183
184 sscanf(timestr,"%4d%2d%2d%2d%2d%2d",
185 &pgptime.tm_year,
186 &pgptime.tm_mon,
187 &pgptime.tm_mday,
188 &pgptime.tm_hour,
189 &pgptime.tm_min,
190 &pgptime.tm_sec);
191
192 pgptime.tm_year-=1900;
193 pgptime.tm_isdst=-1;
194 pgptime.tm_mon--;
195
196 /* mktime() takes the timezone into account, so we use timegm() */
197
198 answer=timegm(&pgptime);
199
200 return answer;
201 }
202
203 /* Caller must free */
204 static char *
205 epoch2ldaptime(time_t stamp)
206 {
207 struct tm *ldaptime;
208 char buf[16];
209
210 ldaptime=gmtime(&stamp);
211
212 ldaptime->tm_year+=1900;
213 ldaptime->tm_mon++;
214
215 /* YYYYMMDDHHmmssZ */
216
217 sprintf(buf,"%04d%02d%02d%02d%02d%02dZ",
218 ldaptime->tm_year,
219 ldaptime->tm_mon,
220 ldaptime->tm_mday,
221 ldaptime->tm_hour,
222 ldaptime->tm_min,
223 ldaptime->tm_sec);
224
225 return strdup(buf);
226 }
227
228 /* Append two onto the end of one. Two is not freed, but its pointers
229 are now part of one. Make sure you don't free them both! */
230 static int
231 join_two_modlists(LDAPMod ***one,LDAPMod **two)
232 {
233 int i,one_count=0,two_count=0;
234 LDAPMod **grow;
235
236 for(grow=*one;*grow;grow++)
237 one_count++;
238
239 for(grow=two;*grow;grow++)
240 two_count++;
241
242 grow=realloc(*one,sizeof(LDAPMod *)*(one_count+two_count+1));
243 if(!grow)
244 return 0;
245
246 for(i=0;i<two_count;i++)
247 grow[one_count+i]=two[i];
248
249 grow[one_count+i]=NULL;
250
251 *one=grow;
252
253 return 1;
254 }
255
256 /* Passing a NULL for value effectively deletes that attribute. This
257 doesn't mean "delete" in the sense of removing something from the
258 modlist, but "delete" in the LDAP sense of adding a modlist item
259 that specifies LDAP_MOD_REPLACE and a null attribute for the given
260 attribute. LDAP_MOD_DELETE doesn't work here as we don't know if
261 the attribute in question exists or not. */
262
263 static int
264 make_one_attr(LDAPMod ***modlist,char *attr,const char *value)
265 {
266 LDAPMod **m;
267 int nummods=0;
268
269 /* Search modlist for the attribute we're playing with. */
270 for(m=*modlist;*m;m++)
271 {
272 if(strcasecmp((*m)->mod_type,attr)==0)
273 {
274 char **ptr=(*m)->mod_values;
275 int numvalues=0;
276
277 /* We have this attribute already, so when the REPLACE
278 happens, the server attributes will be replaced
279 anyway. */
280 if(!value)
281 return 1;
282
283 if(ptr)
284 for(ptr=(*m)->mod_values;*ptr;ptr++)
285 {
286 /* Duplicate value */
287 if(strcmp(*ptr,value)==0)
288 return 1;
289 numvalues++;
290 }
291
292 ptr=realloc((*m)->mod_values,sizeof(char *)*(numvalues+2));
293 if(!ptr)
294 return 0;
295
296 (*m)->mod_values=ptr;
297 ptr[numvalues]=strdup(value);
298 if(!ptr[numvalues])
299 return 0;
300
301 ptr[numvalues+1]=NULL;
302 break;
303 }
304
305 nummods++;
306 }
307
308 /* We didn't find the attr, so make one and add it to the end */
309 if(!*m)
310 {
311 LDAPMod **grow;
312
313 grow=realloc(*modlist,sizeof(LDAPMod *)*(nummods+2));
314 if(!grow)
315 return 0;
316
317 *modlist=grow;
318 grow[nummods]=malloc(sizeof(LDAPMod));
319 if(!grow[nummods])
320 return 0;
321 grow[nummods]->mod_op=LDAP_MOD_REPLACE;
322 grow[nummods]->mod_type=attr;
323 if(value)
324 {
325 grow[nummods]->mod_values=malloc(sizeof(char *)*2);
326 if(!grow[nummods]->mod_values)
327 {
328 grow[nummods]=NULL;
329 return 0;
330 }
331
332 /* Is this the right thing? Can a UTF8-encoded user ID have
333 embedded nulls? */
334 grow[nummods]->mod_values[0]=strdup(value);
335 if(!grow[nummods]->mod_values[0])
336 {
337 free(grow[nummods]->mod_values);
338 grow[nummods]=NULL;
339 return 0;
340 }
341
342 grow[nummods]->mod_values[1]=NULL;
343 }
344 else
345 grow[nummods]->mod_values=NULL;
346
347 grow[nummods+1]=NULL;
348 }
349
350 return 1;
351 }
352
353 static void
354 build_attrs(LDAPMod ***modlist,char *line)
355 {
356 char *record;
357 int i;
358
359 /* Remove trailing whitespace */
360 for(i=strlen(line);i>0;i--)
361 if(ascii_isspace(line[i-1]))
362 line[i-1]='\0';
363 else
364 break;
365
366 if((record=strsep(&line,":"))==NULL)
367 return;
368
369 if(ks_strcasecmp("pub",record)==0)
370 {
371 char *tok;
372 int disabled=0,revoked=0;
373
374 /* The long keyid */
375 if((tok=strsep(&line,":"))==NULL)
376 return;
377
378 if(strlen(tok)==16)
379 {
380 make_one_attr(modlist,"pgpCertID",tok);
381 make_one_attr(modlist,"pgpKeyID",&tok[8]);
382 }
383 else
384 return;
385
386 /* The primary pubkey algo */
387 if((tok=strsep(&line,":"))==NULL)
388 return;
389
390 switch(atoi(tok))
391 {
392 case 1:
393 make_one_attr(modlist,"pgpKeyType","RSA");
394 break;
395
396 case 17:
397 make_one_attr(modlist,"pgpKeyType","DSS/DH");
398 break;
399 }
400
401 /* Size of primary key */
402 if((tok=strsep(&line,":"))==NULL)
403 return;
404
405 if(atoi(tok)>0)
406 {
407 char padded[6];
408 int val=atoi(tok);
409
410 /* We zero pad this on the left to make PGP happy. */
411
412 if(val<99999 && val>0)
413 {
414 sprintf(padded,"%05u",atoi(tok));
415 make_one_attr(modlist,"pgpKeySize",padded);
416 }
417 }
418
419 /* pk timestamp */
420 if((tok=strsep(&line,":"))==NULL)
421 return;
422
423 if(atoi(tok)>0)
424 {
425 char *stamp=epoch2ldaptime(atoi(tok));
426 if(stamp)
427 {
428 make_one_attr(modlist,"pgpKeyCreateTime",stamp);
429 free(stamp);
430 }
431 }
432
433 /* pk expire */
434 if((tok=strsep(&line,":"))==NULL)
435 return;
436
437 if(atoi(tok)>0)
438 {
439 char *stamp=epoch2ldaptime(atoi(tok));
440 if(stamp)
441 {
442 make_one_attr(modlist,"pgpKeyExpireTime",stamp);
443 free(stamp);
444 }
445 }
446
447 /* flags */
448 if((tok=strsep(&line,":"))==NULL)
449 return;
450
451 while(*tok)
452 switch(*tok++)
453 {
454 case 'r':
455 case 'R':
456 revoked=1;
457 break;
458
459 case 'd':
460 case 'D':
461 disabled=1;
462 break;
463 }
464
465 /*
466 Note that we always create the pgpDisabled and pgpRevoked
467 attributes, regardless of whether the key is disabled/revoked
468 or not. This is because a very common search is like
469 "(&(pgpUserID=*isabella*)(pgpDisabled=0))"
470 */
471
472 make_one_attr(modlist,"pgpDisabled",disabled?"1":"0");
473 make_one_attr(modlist,"pgpRevoked",revoked?"1":"0");
474 }
475 else if(ks_strcasecmp("sub",record)==0)
476 {
477 char *tok;
478
479 /* The long keyid */
480 if((tok=strsep(&line,":"))==NULL)
481 return;
482
483 if(strlen(tok)==16)
484 make_one_attr(modlist,"pgpSubKeyID",tok);
485 else
486 return;
487
488 /* The subkey algo */
489 if((tok=strsep(&line,":"))==NULL)
490 return;
491
492 /* Size of subkey */
493 if((tok=strsep(&line,":"))==NULL)
494 return;
495
496 if(atoi(tok)>0)
497 {
498 char padded[6];
499 int val=atoi(tok);
500
501 /* We zero pad this on the left to make PGP happy. */
502
503 if(val<99999 && val>0)
504 {
505 sprintf(padded,"%05u",atoi(tok));
506 make_one_attr(modlist,"pgpKeySize",padded);
507 }
508 }
509
510 /* Ignore the rest of the items for subkeys since the LDAP
511 schema doesn't store them. */
512 }
513 else if(ks_strcasecmp("uid",record)==0)
514 {
515 char *userid,*tok;
516
517 /* The user ID string */
518 if((tok=strsep(&line,":"))==NULL)
519 return;
520
521 if(strlen(tok)==0)
522 return;
523
524 userid=tok;
525
526 /* By definition, de-%-encoding is always smaller than the
527 original string so we can decode in place. */
528
529 i=0;
530
531 while(*tok)
532 if(tok[0]=='%' && tok[1] && tok[2])
533 {
534 int c;
535
536 userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
537 i++;
538 tok+=3;
539 }
540 else
541 userid[i++]=*tok++;
542
543 userid[i]='\0';
544
545 /* We don't care about the other info provided in the uid: line
546 since the LDAP schema doesn't need it. */
547
548 make_one_attr(modlist,"pgpUserID",userid);
549 }
550 else if(ks_strcasecmp("sig",record)==0)
551 {
552 char *tok;
553
554 if((tok=strsep(&line,":"))==NULL)
555 return;
556
557 if(strlen(tok)==16)
558 make_one_attr(modlist,"pgpSignerID",tok);
559 }
560 }
561
562 static void
563 free_mod_values(LDAPMod *mod)
564 {
565 char **ptr;
566
567 if(!mod->mod_values)
568 return;
569
570 for(ptr=mod->mod_values;*ptr;ptr++)
571 free(*ptr);
572
573 free(mod->mod_values);
574 }
575
576 static int
577 send_key(int *r_eof)
578 {
579 int err,begin=0,end=0,keysize=1,ret=KEYSERVER_INTERNAL_ERROR;
580 char *dn=NULL,line[MAX_LINE],*key=NULL;
581 char keyid[17],state[6];
582 LDAPMod **modlist,**addlist,**ml;
583
584 modlist=malloc(sizeof(LDAPMod *));
585 if(!modlist)
586 {
587 fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
588 ret=KEYSERVER_NO_MEMORY;
589 goto fail;
590 }
591
592 *modlist=NULL;
593
594 addlist=malloc(sizeof(LDAPMod *));
595 if(!addlist)
596 {
597 fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
598 ret=KEYSERVER_NO_MEMORY;
599 goto fail;
600 }
601
602 *addlist=NULL;
603
604 /* Start by nulling out all attributes. We try and do a modify
605 operation first, so this ensures that we don't leave old
606 attributes lying around. */
607 make_one_attr(&modlist,"pgpDisabled",NULL);
608 make_one_attr(&modlist,"pgpKeyID",NULL);
609 make_one_attr(&modlist,"pgpKeyType",NULL);
610 make_one_attr(&modlist,"pgpUserID",NULL);
611 make_one_attr(&modlist,"pgpKeyCreateTime",NULL);
612 make_one_attr(&modlist,"pgpSignerID",NULL);
613 make_one_attr(&modlist,"pgpRevoked",NULL);
614 make_one_attr(&modlist,"pgpSubKeyID",NULL);
615 make_one_attr(&modlist,"pgpKeySize",NULL);
616 make_one_attr(&modlist,"pgpKeyExpireTime",NULL);
617 make_one_attr(&modlist,"pgpCertID",NULL);
618
619 /* Assemble the INFO stuff into LDAP attributes */
620
621 while(fgets(line,MAX_LINE,input)!=NULL)
622 if(sscanf(line,"INFO%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
623 && strcmp(state,"BEGIN")==0)
624 {
625 begin=1;
626 break;
627 }
628
629 if(!begin)
630 {
631 /* i.e. eof before the INFO BEGIN was found. This isn't an
632 error. */
633 *r_eof=1;
634 ret=KEYSERVER_OK;
635 goto fail;
636 }
637
638 if(strlen(keyid)!=16)
639 {
640 *r_eof=1;
641 ret=KEYSERVER_KEY_INCOMPLETE;
642 goto fail;
643 }
644
645 dn=malloc(strlen("pgpCertID=")+16+1+strlen(basekeyspacedn)+1);
646 if(dn==NULL)
647 {
648 fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
649 ret=KEYSERVER_NO_MEMORY;
650 goto fail;
651 }
652
653 sprintf(dn,"pgpCertID=%s,%s",keyid,basekeyspacedn);
654
655 key=malloc(1);
656 if(!key)
657 {
658 fprintf(console,"gpgkeys: unable to allocate memory for key\n");
659 ret=KEYSERVER_NO_MEMORY;
660 goto fail;
661 }
662
663 key[0]='\0';
664
665 /* Now parse each line until we see the END */
666
667 while(fgets(line,MAX_LINE,input)!=NULL)
668 if(sscanf(line,"INFO%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
669 && strcmp(state,"END")==0)
670 {
671 end=1;
672 break;
673 }
674 else
675 build_attrs(&addlist,line);
676
677 if(!end)
678 {
679 fprintf(console,"gpgkeys: no INFO %s END found\n",keyid);
680 *r_eof=1;
681 ret=KEYSERVER_KEY_INCOMPLETE;
682 goto fail;
683 }
684
685 begin=end=0;
686
687 /* Read and throw away stdin until we see the BEGIN */
688
689 while(fgets(line,MAX_LINE,input)!=NULL)
690 if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
691 && strcmp(state,"BEGIN")==0)
692 {
693 begin=1;
694 break;
695 }
696
697 if(!begin)
698 {
699 /* i.e. eof before the KEY BEGIN was found. This isn't an
700 error. */
701 *r_eof=1;
702 ret=KEYSERVER_OK;
703 goto fail;
704 }
705
706 /* Now slurp up everything until we see the END */
707
708 while(fgets(line,MAX_LINE,input)!=NULL)
709 if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
710 && strcmp(state,"END")==0)
711 {
712 end=1;
713 break;
714 }
715 else
716 {
717 char *tempkey;
718 keysize+=strlen(line);
719 tempkey=realloc(key,keysize);
720 if(tempkey==NULL)
721 {
722 fprintf(console,"gpgkeys: unable to reallocate for key\n");
723 ret=KEYSERVER_NO_MEMORY;
724 goto fail;
725 }
726 else
727 key=tempkey;
728
729 strcat(key,line);
730 }
731
732 if(!end)
733 {
734 fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
735 *r_eof=1;
736 ret=KEYSERVER_KEY_INCOMPLETE;
737 goto fail;
738 }
739
740 make_one_attr(&addlist,"objectClass","pgpKeyInfo");
741 make_one_attr(&addlist,"pgpKey",key);
742
743 /* Now append addlist onto modlist */
744 if(!join_two_modlists(&modlist,addlist))
745 {
746 fprintf(console,"gpgkeys: unable to merge LDAP modification lists\n");
747 ret=KEYSERVER_NO_MEMORY;
748 goto fail;
749 }
750
751 /* Going on the assumption that modify operations are more frequent
752 than adds, we try a modify first. If it's not there, we just
753 turn around and send an add command for the same key. Otherwise,
754 the modify brings the server copy into compliance with our copy.
755 Note that unlike the LDAP keyserver (and really, any other
756 keyserver) this does NOT merge signatures, but replaces the whole
757 key. This should make some people very happy. */
758
759 err=ldap_modify_s(ldap,dn,modlist);
760 if(err==LDAP_NO_SUCH_OBJECT)
761 err=ldap_add_s(ldap,dn,addlist);
762
763 if(err!=LDAP_SUCCESS)
764 {
765 fprintf(console,"gpgkeys: error adding key %s to keyserver: %s\n",
766 keyid,ldap_err2string(err));
767 ret=ldap_err_to_gpg_err(err);
768 goto fail;
769 }
770
771 ret=KEYSERVER_OK;
772
773 fail:
774 /* Unwind and free the whole modlist structure */
775 for(ml=modlist;*ml;ml++)
776 {
777 free_mod_values(*ml);
778 free(*ml);
779 }
780
781 free(modlist);
782 free(addlist);
783 free(dn);
784 free(key);
785
786 if(ret!=0 && begin)
787 fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
788
789 return ret;
790 }
791
792 static int
793 send_key_keyserver(int *r_eof)
794 {
795 int err,begin=0,end=0,keysize=1,ret=KEYSERVER_INTERNAL_ERROR;
796 char *dn=NULL,line[MAX_LINE],*key[2]={NULL,NULL};
797 char keyid[17],state[6];
798 LDAPMod mod, *attrs[2];
799
800 memset(&mod,0,sizeof(mod));
801 mod.mod_op=LDAP_MOD_ADD;
802 mod.mod_type=pgpkeystr;
803 mod.mod_values=key;
804 attrs[0]=&mod;
805 attrs[1]=NULL;
806
807 dn=malloc(strlen("pgpCertid=virtual,")+strlen(basekeyspacedn)+1);
808 if(dn==NULL)
809 {
810 fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
811 ret=KEYSERVER_NO_MEMORY;
812 goto fail;
813 }
814
815 strcpy(dn,"pgpCertid=virtual,");
816 strcat(dn,basekeyspacedn);
817
818 key[0]=malloc(1);
819 if(key[0]==NULL)
820 {
821 fprintf(console,"gpgkeys: unable to allocate memory for key\n");
822 ret=KEYSERVER_NO_MEMORY;
823 goto fail;
824 }
825
826 key[0][0]='\0';
827
828 /* Read and throw away stdin until we see the BEGIN */
829
830 while(fgets(line,MAX_LINE,input)!=NULL)
831 if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
832 && strcmp(state,"BEGIN")==0)
833 {
834 begin=1;
835 break;
836 }
837
838 if(!begin)
839 {
840 /* i.e. eof before the KEY BEGIN was found. This isn't an
841 error. */
842 *r_eof=1;
843 ret=KEYSERVER_OK;
844 goto fail;
845 }
846
847 /* Now slurp up everything until we see the END */
848
849 while(fgets(line,MAX_LINE,input)!=NULL)
850 if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
851 && strcmp(state,"END")==0)
852 {
853 end=1;
854 break;
855 }
856 else
857 {
858 keysize+=strlen(line);
859 key[0]=realloc(key[0],keysize);
860 if(key[0]==NULL)
861 {
862 fprintf(console,"gpgkeys: unable to reallocate for key\n");
863 ret=KEYSERVER_NO_MEMORY;
864 goto fail;
865 }
866
867 strcat(key[0],line);
868 }
869
870 if(!end)
871 {
872 fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
873 *r_eof=1;
874 ret=KEYSERVER_KEY_INCOMPLETE;
875 goto fail;
876 }
877
878 err=ldap_add_s(ldap,dn,attrs);
879 if(err!=LDAP_SUCCESS)
880 {
881 fprintf(console,"gpgkeys: error adding key %s to keyserver: %s\n",
882 keyid,ldap_err2string(err));
883 ret=ldap_err_to_gpg_err(err);
884 goto fail;
885 }
886
887 ret=KEYSERVER_OK;
888
889 fail:
890
891 free(key[0]);
892 free(dn);
893
894 if(ret!=0 && begin)
895 fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
896
897 /* Not a fatal error */
898 if(ret==KEYSERVER_KEY_EXISTS)
899 ret=KEYSERVER_OK;
900
901 return ret;
902 }
903
904 static void
905 build_info(const char *certid,LDAPMessage *each)
906 {
907 char **vals;
908
909 fprintf(output,"INFO %s BEGIN\n",certid);
910
911 fprintf(output,"pub:%s:",certid);
912
913 vals=ldap_get_values(ldap,each,"pgpkeytype");
914 if(vals!=NULL)
915 {
916 if(strcmp(vals[0],"RSA")==0)
917 fprintf(output,"1");
918 else if(strcmp(vals[0],"DSS/DH")==0)
919 fprintf(output,"17");
920 ldap_value_free(vals);
921 }
922
923 fprintf(output,":");
924
925 vals=ldap_get_values(ldap,each,"pgpkeysize");
926 if(vals!=NULL)
927 {
928 if(atoi(vals[0])>0)
929 fprintf(output,"%d",atoi(vals[0]));
930 ldap_value_free(vals);
931 }
932
933 fprintf(output,":");
934
935 vals=ldap_get_values(ldap,each,"pgpkeycreatetime");
936 if(vals!=NULL)
937 {
938 if(strlen(vals[0])==15)
939 fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0]));
940 ldap_value_free(vals);
941 }
942
943 fprintf(output,":");
944
945 vals=ldap_get_values(ldap,each,"pgpkeyexpiretime");
946 if(vals!=NULL)
947 {
948 if(strlen(vals[0])==15)
949 fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0]));
950 ldap_value_free(vals);
951 }
952
953 fprintf(output,":");
954
955 vals=ldap_get_values(ldap,each,"pgprevoked");
956 if(vals!=NULL)
957 {
958 if(atoi(vals[0])==1)
959 fprintf(output,"r");
960 ldap_value_free(vals);
961 }
962
963 fprintf(output,"\n");
964
965 vals=ldap_get_values(ldap,each,"pgpuserid");
966 if(vals!=NULL)
967 {
968 int i;
969
970 for(i=0;vals[i];i++)
971 fprintf(output,"uid:%s\n",vals[i]);
972 ldap_value_free(vals);
973 }
974
975 fprintf(output,"INFO %s END\n",certid);
976 }
977
978 /* Note that key-not-found is not a fatal error */
979 static int
980 get_key(char *getkey)
981 {
982 LDAPMessage *res,*each;
983 int ret=KEYSERVER_INTERNAL_ERROR,err,count;
984 struct keylist *dupelist=NULL;
985 char search[62];
986 /* This ordering is significant - specifically, "pgpcertid" needs to
987 be the second item in the list, since everything after it may be
988 discarded if the user isn't in verbose mode. */
989 char *attrs[]={"replaceme","pgpcertid","pgpuserid","pgpkeyid","pgprevoked",
990 "pgpdisabled","pgpkeycreatetime","modifytimestamp",
991 "pgpkeysize","pgpkeytype",NULL};
992 attrs[0]=pgpkeystr; /* Some compilers don't like using variables as
993 array initializers. */
994
995 /* Build the search string */
996
997 /* GPG can send us a v4 fingerprint, a v3 or v4 long key id, or a v3
998 or v4 short key id */
999
1000 if(strncmp(getkey,"0x",2)==0)
1001 getkey+=2;
1002
1003 if(strlen(getkey)==32)
1004 {
1005 fprintf(console,
1006 "gpgkeys: LDAP keyservers do not support v3 fingerprints\n");
1007 fprintf(output,"KEY 0x%s BEGIN\n",getkey);
1008 fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED);
1009 return KEYSERVER_NOT_SUPPORTED;
1010 }
1011
1012 if(strlen(getkey)>16)
1013 {
1014 char *offset=&getkey[strlen(getkey)-16];
1015
1016 /* fingerprint. Take the last 16 characters and treat it like a
1017 long key id */
1018
1019 if(opt->flags.include_subkeys)
1020 sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
1021 offset,offset);
1022 else
1023 sprintf(search,"(pgpcertid=%.16s)",offset);
1024 }
1025 else if(strlen(getkey)>8)
1026 {
1027 /* long key id */
1028
1029 if(opt->flags.include_subkeys)
1030 sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
1031 getkey,getkey);
1032 else
1033 sprintf(search,"(pgpcertid=%.16s)",getkey);
1034 }
1035 else
1036 {
1037 /* short key id */
1038
1039 sprintf(search,"(pgpkeyid=%.8s)",getkey);
1040 }
1041
1042 if(opt->verbose>2)
1043 fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
1044
1045 if(!opt->verbose)
1046 attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
1047
1048 err=ldap_search_s(ldap,basekeyspacedn,
1049 LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
1050 if(err!=0)
1051 {
1052 int errtag=ldap_err_to_gpg_err(err);
1053
1054 fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
1055 fprintf(output,"KEY 0x%s BEGIN\n",getkey);
1056 fprintf(output,"KEY 0x%s FAILED %d\n",getkey,errtag);
1057 return errtag;
1058 }
1059
1060 count=ldap_count_entries(ldap,res);
1061 if(count<1)
1062 {
1063 fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
1064 fprintf(output,"KEY 0x%s BEGIN\n",getkey);
1065 fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND);
1066 }
1067 else
1068 {
1069 /* There may be more than one unique result for a given keyID,
1070 so we should fetch them all (test this by fetching short key
1071 id 0xDEADBEEF). */
1072
1073 each=ldap_first_entry(ldap,res);
1074 while(each!=NULL)
1075 {
1076 char **vals,**certid;
1077
1078 /* Use the long keyid to remove duplicates. The LDAP server
1079 returns the same keyid more than once if there are
1080 multiple user IDs on the key. Note that this does NOT
1081 mean that a keyid that exists multiple times on the
1082 keyserver will not be fetched. It means that each KEY,
1083 no matter how many user IDs share its keyid, will be
1084 fetched only once. If a keyid that belongs to more than
1085 one key is fetched, the server quite properly responds
1086 with all matching keys. -ds */
1087
1088 certid=ldap_get_values(ldap,each,"pgpcertid");
1089 if(certid!=NULL)
1090 {
1091 if(!key_in_keylist(certid[0],dupelist))
1092 {
1093 /* it's not a duplicate, so add it */
1094
1095 int rc=add_key_to_keylist(certid[0],&dupelist);
1096 if(rc)
1097 {
1098 ret=rc;
1099 goto fail;
1100 }
1101
1102 build_info(certid[0],each);
1103
1104 fprintf(output,"KEY 0x%s BEGIN\n",getkey);
1105
1106 vals=ldap_get_values(ldap,each,pgpkeystr);
1107 if(vals==NULL)
1108 {
1109 int errtag=ldap_to_gpg_err(ldap);
1110
1111 fprintf(console,"gpgkeys: unable to retrieve key %s "
1112 "from keyserver\n",getkey);
1113 fprintf(output,"KEY 0x%s FAILED %d\n",getkey,errtag);
1114 }
1115 else
1116 {
1117 print_nocr(output,vals[0]);
1118 fprintf(output,"\nKEY 0x%s END\n",getkey);
1119
1120 ldap_value_free(vals);
1121 }
1122 }
1123
1124 ldap_value_free(certid);
1125 }
1126
1127 each=ldap_next_entry(ldap,each);
1128 }
1129 }
1130
1131 ret=KEYSERVER_OK;
1132
1133 fail:
1134 ldap_msgfree(res);
1135 free_keylist(dupelist);
1136
1137 return ret;
1138 }
1139
1140 #define LDAP_ESCAPE_CHARS "*()\\"
1141
1142 /* Append string to buffer in a LDAP-quoted way */
1143 static void
1144 ldap_quote(char *buffer,const char *string)
1145 {
1146 /* Find the end of buffer */
1147 buffer+=strlen(buffer);
1148
1149 for(;*string;string++)
1150 {
1151 if(strchr(LDAP_ESCAPE_CHARS,*string))
1152 {
1153 sprintf(buffer,"\\%02X",*string);
1154 buffer+=3;
1155 }
1156 else
1157 *buffer++=*string;
1158 }
1159
1160 *buffer='\0';
1161 }
1162
1163 /* Note that key-not-found is not a fatal error */
1164 static int
1165 get_name(char *getkey)
1166 {
1167 LDAPMessage *res,*each;
1168 int ret=KEYSERVER_INTERNAL_ERROR,err,count;
1169 /* The maximum size of the search, including the optional stuff and
1170 the trailing \0 */
1171 char search[2+12+(MAX_LINE*3)+2+15+14+1+1+20];
1172 /* This ordering is significant - specifically, "pgpcertid" needs to
1173 be the second item in the list, since everything after it may be
1174 discarded if the user isn't in verbose mode. */
1175 char *attrs[]={"replaceme","pgpcertid","pgpuserid","pgpkeyid","pgprevoked",
1176 "pgpdisabled","pgpkeycreatetime","modifytimestamp",
1177 "pgpkeysize","pgpkeytype",NULL};
1178 attrs[0]=pgpkeystr; /* Some compilers don't like using variables as
1179 array initializers. */
1180
1181 /* Build the search string */
1182
1183 search[0]='\0';
1184
1185 if(!opt->flags.include_disabled || !opt->flags.include_revoked)
1186 strcat(search,"(&");
1187
1188 strcat(search,"(pgpUserID=*");
1189 ldap_quote(search,getkey);
1190 strcat(search,"*)");
1191
1192 if(!opt->flags.include_disabled)
1193 strcat(search,"(pgpDisabled=0)");
1194
1195 if(!opt->flags.include_revoked)
1196 strcat(search,"(pgpRevoked=0)");
1197
1198 if(!opt->flags.include_disabled || !opt->flags.include_revoked)
1199 strcat(search,")");
1200
1201 if(opt->verbose>2)
1202 fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
1203
1204 if(!opt->verbose)
1205 attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
1206
1207 err=ldap_search_s(ldap,basekeyspacedn,
1208 LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
1209 if(err!=0)
1210 {
1211 int errtag=ldap_err_to_gpg_err(err);
1212
1213 fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
1214 fprintf(output,"NAME %s BEGIN\n",getkey);
1215 fprintf(output,"NAME %s FAILED %d\n",getkey,errtag);
1216 return errtag;
1217 }
1218
1219 count=ldap_count_entries(ldap,res);
1220 if(count<1)
1221 {
1222 fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
1223 fprintf(output,"NAME %s BEGIN\n",getkey);
1224 fprintf(output,"NAME %s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND);
1225 }
1226 else
1227 {
1228 /* There may be more than one result, but we return them all. */
1229
1230 each=ldap_first_entry(ldap,res);
1231 while(each!=NULL)
1232 {
1233 char **vals,**certid;
1234
1235 certid=ldap_get_values(ldap,each,"pgpcertid");
1236 if(certid!=NULL)
1237 {
1238 build_info(certid[0],each);
1239
1240 fprintf(output,"NAME %s BEGIN\n",getkey);
1241
1242 vals=ldap_get_values(ldap,each,pgpkeystr);
1243 if(vals==NULL)
1244 {
1245 int errtag=ldap_to_gpg_err(ldap);
1246
1247 fprintf(console,"gpgkeys: unable to retrieve key %s "
1248 "from keyserver\n",getkey);
1249 fprintf(output,"NAME %s FAILED %d\n",getkey,errtag);
1250 }
1251 else
1252 {
1253 print_nocr(output,vals[0]);
1254 fprintf(output,"\nNAME %s END\n",getkey);
1255
1256 ldap_value_free(vals);
1257 }
1258
1259 ldap_value_free(certid);
1260 }
1261
1262 each=ldap_next_entry(ldap,each);
1263 }
1264 }
1265
1266 ret=KEYSERVER_OK;
1267
1268 ldap_msgfree(res);
1269
1270 return ret;
1271 }
1272
1273 static void
1274 printquoted(FILE *stream,char *string,char delim)
1275 {
1276 while(*string)
1277 {
1278 if(*string==delim || *string=='%')
1279 fprintf(stream,"%%%02x",*string);
1280 else
1281 fputc(*string,stream);
1282
1283 string++;
1284 }
1285 }
1286
1287 /* Returns 0 on success and -1 on error. Note that key-not-found is
1288 not an error! */
1289 static int
1290 search_key(const char *searchkey)
1291 {
1292 char **vals,*search;
1293 LDAPMessage *res,*each;
1294 int err,count=0;
1295 struct keylist *dupelist=NULL;
1296 /* The maximum size of the search, including the optional stuff and
1297 the trailing \0 */
1298 char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled",
1299 "pgpkeycreatetime","pgpkeyexpiretime","modifytimestamp",
1300 "pgpkeysize","pgpkeytype",NULL};
1301 enum ks_search_type search_type;
1302
1303 search=malloc(2+1+9+1+3+strlen(searchkey)+3+1+15+14+1+1+20);
1304 if(!search)
1305 {
1306 fprintf(console,"gpgkeys: out of memory when building search list\n");
1307 fprintf(output,"SEARCH %s FAILED %d\n",searchkey,KEYSERVER_NO_MEMORY);
1308 return KEYSERVER_NO_MEMORY;
1309 }
1310
1311 fprintf(output,"SEARCH %s BEGIN\n",searchkey);
1312
1313 search_type=classify_ks_search(&searchkey);
1314
1315 if(opt->debug)
1316 fprintf(console,"search type is %d, and key is \"%s\"\n",
1317 search_type,searchkey);
1318
1319 /* Build the search string */
1320
1321 search[0]='\0';
1322
1323 if(!opt->flags.include_disabled || !opt->flags.include_revoked)
1324 strcat(search,"(&");
1325
1326 strcat(search,"(");
1327
1328 switch(search_type)
1329 {
1330 case KS_SEARCH_KEYID_SHORT:
1331 strcat(search,"pgpKeyID");
1332 break;
1333
1334 case KS_SEARCH_KEYID_LONG:
1335 strcat(search,"pgpCertID");
1336 break;
1337
1338 default:
1339 strcat(search,"pgpUserID");
1340 break;
1341 }
1342
1343 strcat(search,"=");
1344
1345 switch(search_type)
1346 {
1347 case KS_SEARCH_SUBSTR:
1348 strcat(search,"*");
1349 break;
1350
1351 case KS_SEARCH_MAIL:
1352 strcat(search,"*<");
1353 break;
1354
1355 case KS_SEARCH_MAILSUB:
1356 strcat(search,"*<*");
1357 break;
1358
1359 case KS_SEARCH_EXACT:
1360 case KS_SEARCH_KEYID_LONG:
1361 case KS_SEARCH_KEYID_SHORT:
1362 break;
1363 }
1364
1365 strcat(search,searchkey);
1366
1367 switch(search_type)
1368 {
1369 case KS_SEARCH_SUBSTR:
1370 strcat(search,"*");
1371 break;
1372
1373 case KS_SEARCH_MAIL:
1374 strcat(search,">*");
1375 break;
1376
1377 case KS_SEARCH_MAILSUB:
1378 strcat(search,"*>*");
1379 break;
1380
1381 case KS_SEARCH_EXACT:
1382 case KS_SEARCH_KEYID_LONG:
1383 case KS_SEARCH_KEYID_SHORT:
1384 break;
1385 }
1386
1387 strcat(search,")");
1388
1389 if(!opt->flags.include_disabled)
1390 strcat(search,"(pgpDisabled=0)");
1391
1392 if(!opt->flags.include_revoked)
1393 strcat(search,"(pgpRevoked=0)");
1394
1395 if(!opt->flags.include_disabled || !opt->flags.include_revoked)
1396 strcat(search,")");
1397
1398 if(opt->verbose>2)
1399 fprintf(console,"gpgkeys: LDAP search for: %s\n",search);
1400
1401 err=ldap_search_s(ldap,basekeyspacedn,
1402 LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
1403 free(search);
1404 if(err!=LDAP_SUCCESS && err!=LDAP_SIZELIMIT_EXCEEDED)
1405 {
1406 int errtag=ldap_err_to_gpg_err(err);
1407
1408 fprintf(output,"SEARCH %s FAILED %d\n",searchkey,errtag);
1409 fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
1410 return errtag;
1411 }
1412
1413 /* The LDAP server doesn't return a real count of unique keys, so we
1414 can't use ldap_count_entries here. */
1415 each=ldap_first_entry(ldap,res);
1416 while(each!=NULL)
1417 {
1418 char **certid=ldap_get_values(ldap,each,"pgpcertid");
1419
1420 if(certid!=NULL)
1421 {
1422 if(!key_in_keylist(certid[0],dupelist))
1423 {
1424 int rc=add_key_to_keylist(certid[0],&dupelist);
1425 if(rc!=0)
1426 {
1427 fprintf(output,"SEARCH %s FAILED %d\n",searchkey,rc);
1428 free_keylist(dupelist);
1429 return rc;
1430 }
1431
1432 count++;
1433 }
1434 }
1435
1436 each=ldap_next_entry(ldap,each);
1437 }
1438
1439 if(err==LDAP_SIZELIMIT_EXCEEDED)
1440 {
1441 if(count==1)
1442 fprintf(console,"gpgkeys: search results exceeded server limit."
1443 " First %d result shown.\n",count);
1444 else
1445 fprintf(console,"gpgkeys: search results exceeded server limit."
1446 " First %d results shown.\n",count);
1447 }
1448
1449 free_keylist(dupelist);
1450 dupelist=NULL;
1451
1452 if(count<1)
1453 fprintf(output,"info:1:0\n");
1454 else
1455 {
1456 fprintf(output,"info:1:%d\n",count);
1457
1458 each=ldap_first_entry(ldap,res);
1459 while(each!=NULL)
1460 {
1461 char **certid;
1462
1463 certid=ldap_get_values(ldap,each,"pgpcertid");
1464 if(certid!=NULL)
1465 {
1466 LDAPMessage *uids;
1467
1468 /* Have we seen this certid before? */
1469 if(!key_in_keylist(certid[0],dupelist))
1470 {
1471 int rc=add_key_to_keylist(certid[0],&dupelist);
1472 if(rc)
1473 {
1474 fprintf(output,"SEARCH %s FAILED %d\n",searchkey,rc);
1475 free_keylist(dupelist);
1476 ldap_value_free(certid);
1477 ldap_msgfree(res);
1478 return rc;
1479 }
1480
1481 fprintf(output,"pub:%s:",certid[0]);
1482
1483 vals=ldap_get_values(ldap,each,"pgpkeytype");
1484 if(vals!=NULL)
1485 {
1486 /* The LDAP server doesn't exactly handle this
1487 well. */
1488 if(strcasecmp(vals[0],"RSA")==0)
1489 fprintf(output,"1");
1490 else if(strcasecmp(vals[0],"DSS/DH")==0)
1491 fprintf(output,"17");
1492 ldap_value_free(vals);
1493 }
1494
1495 fputc(':',output);
1496
1497 vals=ldap_get_values(ldap,each,"pgpkeysize");
1498 if(vals!=NULL)
1499 {
1500 /* Not sure why, but some keys are listed with a
1501 key size of 0. Treat that like an
1502 unknown. */
1503 if(atoi(vals[0])>0)
1504 fprintf(output,"%d",atoi(vals[0]));
1505 ldap_value_free(vals);
1506 }
1507
1508 fputc(':',output);
1509
1510 /* YYYYMMDDHHmmssZ */
1511
1512 vals=ldap_get_values(ldap,each,"pgpkeycreatetime");
1513 if(vals!=NULL && strlen(vals[0])==15)
1514 {
1515 fprintf(output,"%u",
1516 (unsigned int)ldap2epochtime(vals[0]));
1517 ldap_value_free(vals);
1518 }
1519
1520 fputc(':',output);
1521
1522 vals=ldap_get_values(ldap,each,"pgpkeyexpiretime");
1523 if(vals!=NULL && strlen(vals[0])==15)
1524 {
1525 fprintf(output,"%u",
1526 (unsigned int)ldap2epochtime(vals[0]));
1527 ldap_value_free(vals);
1528 }
1529
1530 fputc(':',output);
1531
1532 vals=ldap_get_values(ldap,each,"pgprevoked");
1533 if(vals!=NULL)
1534 {
1535 if(atoi(vals[0])==1)
1536 fprintf(output,"r");
1537 ldap_value_free(vals);
1538 }
1539
1540 vals=ldap_get_values(ldap,each,"pgpdisabled");
1541 if(vals!=NULL)
1542 {
1543 if(atoi(vals[0])==1)
1544 fprintf(output,"d");
1545 ldap_value_free(vals);
1546 }
1547
1548 #if 0
1549 /* This is not yet specified in the keyserver
1550 protocol, but may be someday. */
1551 fputc(':',output);
1552
1553 vals=ldap_get_values(ldap,each,"modifytimestamp");
1554 if(vals!=NULL && strlen(vals[0])==15)
1555 {
1556 fprintf(output,"%u",
1557 (unsigned int)ldap2epochtime(vals[0]));
1558 ldap_value_free(vals);
1559 }
1560 #endif
1561
1562 fprintf(output,"\n");
1563
1564 /* Now print all the uids that have this certid */
1565 uids=ldap_first_entry(ldap,res);
1566 while(uids!=NULL)
1567 {
1568 vals=ldap_get_values(ldap,uids,"pgpcertid");
1569 if(vals!=NULL)
1570 {
1571 if(strcasecmp(certid[0],vals[0])==0)
1572 {
1573 char **uidvals;
1574
1575 fprintf(output,"uid:");
1576
1577 uidvals=ldap_get_values(ldap,uids,"pgpuserid");
1578 if(uidvals!=NULL)
1579 {
1580 /* Need to escape any colons */
1581 printquoted(output,uidvals[0],':');
1582 ldap_value_free(uidvals);
1583 }
1584
1585 fprintf(output,"\n");
1586 }
1587
1588 ldap_value_free(vals);
1589 }
1590
1591 uids=ldap_next_entry(ldap,uids);
1592 }
1593 }
1594
1595 ldap_value_free(certid);
1596 }
1597
1598 each=ldap_next_entry(ldap,each);
1599 }
1600 }
1601
1602 ldap_msgfree(res);
1603 free_keylist(dupelist);
1604
1605 fprintf(output,"SEARCH %s END\n",searchkey);
1606
1607 return KEYSERVER_OK;
1608 }
1609
1610 static void
1611 fail_all(struct keylist *keylist,int err)
1612 {
1613 if(!keylist)
1614 return;
1615
1616 if(opt->action==KS_SEARCH)
1617 {
1618 fprintf(output,"SEARCH ");
1619 while(keylist)
1620 {
1621 fprintf(output,"%s ",keylist->str);
1622 keylist=keylist->next;
1623 }
1624 fprintf(output,"FAILED %d\n",err);
1625 }
1626 else
1627 while(keylist)
1628 {
1629 fprintf(output,"KEY %s FAILED %d\n",keylist->str,err);
1630 keylist=keylist->next;
1631 }
1632 }
1633
1634 static int
1635 find_basekeyspacedn(void)
1636 {
1637 int err,i;
1638 char *attr[]={"namingContexts",NULL,NULL,NULL};
1639 LDAPMessage *res;
1640 char **context;
1641
1642 /* Look for namingContexts */
1643 err=ldap_search_s(ldap,"",LDAP_SCOPE_BASE,"(objectClass=*)",attr,0,&res);
1644 if(err==LDAP_SUCCESS)
1645 {
1646 context=ldap_get_values(ldap,res,"namingContexts");
1647 if(context)
1648 {
1649 attr[0]="pgpBaseKeySpaceDN";
1650 attr[1]="pgpVersion";
1651 attr[2]="pgpSoftware";
1652
1653 real_ldap=1;
1654
1655 /* We found some, so try each namingContext as the search base
1656 and look for pgpBaseKeySpaceDN. Because we found this, we
1657 know we're talking to a regular-ish LDAP server and not a
1658 LDAP keyserver. */
1659
1660 for(i=0;context[i] && !basekeyspacedn;i++)
1661 {
1662 char **vals;
1663 LDAPMessage *si_res;
1664 char *object;
1665
1666 object=malloc(17+strlen(context[i])+1);
1667 if(!object)
1668 return -1;
1669
1670 strcpy(object,"cn=pgpServerInfo,");
1671 strcat(object,context[i]);
1672
1673 err=ldap_search_s(ldap,object,LDAP_SCOPE_BASE,
1674 "(objectClass=*)",attr,0,&si_res);
1675 free(object);
1676
1677 if(err==LDAP_NO_SUCH_OBJECT)
1678 continue;
1679 else if(err!=LDAP_SUCCESS)
1680 return err;
1681
1682 vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN");
1683 if(vals)
1684 {
1685 basekeyspacedn=strdup(vals[0]);
1686 ldap_value_free(vals);
1687 }
1688
1689 if(opt->verbose>1)
1690 {
1691 vals=ldap_get_values(ldap,si_res,"pgpSoftware");
1692 if(vals)
1693 {
1694 fprintf(console,"Server: \t%s\n",vals[0]);
1695 ldap_value_free(vals);
1696 }
1697
1698 vals=ldap_get_values(ldap,si_res,"pgpVersion");
1699 if(vals)
1700 {
1701 fprintf(console,"Version:\t%s\n",vals[0]);
1702 ldap_value_free(vals);
1703 }
1704 }
1705
1706 ldap_msgfree(si_res);
1707 }
1708
1709 ldap_value_free(context);
1710 }
1711
1712 ldap_msgfree(res);
1713 }
1714 else
1715 {
1716 /* We don't have an answer yet, which means the server might be
1717 a LDAP keyserver. */
1718 char **vals;
1719 LDAPMessage *si_res;
1720
1721 attr[0]="pgpBaseKeySpaceDN";
1722 attr[1]="version";
1723 attr[2]="software";
1724
1725 err=ldap_search_s(ldap,"cn=pgpServerInfo",LDAP_SCOPE_BASE,
1726 "(objectClass=*)",attr,0,&si_res);
1727 if(err!=LDAP_SUCCESS)
1728 return err;
1729
1730 /* For the LDAP keyserver, this is always "OU=ACTIVE,O=PGP
1731 KEYSPACE,C=US", but it might not be in the future. */
1732
1733 vals=ldap_get_values(ldap,si_res,"baseKeySpaceDN");
1734 if(vals)
1735 {
1736 basekeyspacedn=strdup(vals[0]);
1737 ldap_value_free(vals);
1738 }
1739
1740 if(opt->verbose>1)
1741 {
1742 vals=ldap_get_values(ldap,si_res,"software");
1743 if(vals)
1744 {
1745 fprintf(console,"Server: \t%s\n",vals[0]);
1746 ldap_value_free(vals);
1747 }
1748 }
1749
1750 vals=ldap_get_values(ldap,si_res,"version");
1751 if(vals)
1752 {
1753 if(opt->verbose>1)
1754 fprintf(console,"Version:\t%s\n",vals[0]);
1755
1756 /* If the version is high enough, use the new pgpKeyV2
1757 attribute. This design if iffy at best, but it matches how
1758 PGP does it. I figure the NAI folks assumed that there would
1759 never be a LDAP keyserver vendor with a different numbering
1760 scheme. */
1761 if(atoi(vals[0])>1)
1762 pgpkeystr="pgpKeyV2";
1763
1764 ldap_value_free(vals);
1765 }
1766
1767 ldap_msgfree(si_res);
1768 }
1769
1770 return LDAP_SUCCESS;
1771 }
1772
1773 static void
1774 show_help (FILE *fp)
1775 {
1776 fprintf (fp,"-h\thelp\n");
1777 fprintf (fp,"-V\tversion\n");
1778 fprintf (fp,"-o\toutput to this file\n");
1779 }
1780
1781 int
1782 main(int argc,char *argv[])
1783 {
1784 int port=0,arg,err,ret=KEYSERVER_INTERNAL_ERROR;
1785 char line[MAX_LINE],*binddn=NULL,*bindpw=NULL;
1786 int failed=0,use_ssl=0,use_tls=0,bound=0;
1787 struct keylist *keylist=NULL,*keyptr=NULL;
1788
1789 console=stderr;
1790
1791 /* Kludge to implement standard GNU options. */
1792 if (argc > 1 && !strcmp (argv[1], "--version"))
1793 {
1794 fputs ("gpgkeys_ldap (GnuPG) " VERSION"\n", stdout);
1795 return 0;
1796 }
1797 else if (argc > 1 && !strcmp (argv[1], "--help"))
1798 {
1799 show_help (stdout);
1800 return 0;
1801 }
1802
1803 while((arg=getopt(argc,argv,"hVo:"))!=-1)
1804 switch(arg)
1805 {
1806 default:
1807 case 'h':
1808 show_help (console);
1809 return KEYSERVER_OK;
1810
1811 case 'V':
1812 fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
1813 return KEYSERVER_OK;
1814
1815 case 'o':
1816 output=fopen(optarg,"w");
1817 if(output==NULL)
1818 {
1819 fprintf(console,"gpgkeys: Cannot open output file `%s': %s\n",
1820 optarg,strerror(errno));
1821 return KEYSERVER_INTERNAL_ERROR;
1822 }
1823
1824 break;
1825 }
1826
1827 if(argc>optind)
1828 {
1829 input=fopen(argv[optind],"r");
1830 if(input==NULL)
1831 {
1832 fprintf(console,"gpgkeys: Cannot open input file `%s': %s\n",
1833 argv[optind],strerror(errno));
1834 return KEYSERVER_INTERNAL_ERROR;
1835 }
1836 }
1837
1838 if(input==NULL)
1839 input=stdin;
1840
1841 if(output==NULL)
1842 output=stdout;
1843
1844 opt=init_ks_options();
1845 if(!opt)
1846 return KEYSERVER_NO_MEMORY;
1847
1848 /* Get the command and info block */
1849
1850 while(fgets(line,MAX_LINE,input)!=NULL)
1851 {
1852 char optionstr[MAX_OPTION+1];
1853
1854 if(line[0]=='\n')
1855 break;
1856
1857 err=parse_ks_options(line,opt);
1858 if(err>0)
1859 {
1860 ret=err;
1861 goto fail;
1862 }
1863 else if(err==0)
1864 continue;
1865
1866 if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",optionstr)==1)
1867 {
1868 int no=0;
1869 char *start=&optionstr[0];
1870
1871 optionstr[MAX_OPTION]='\0';
1872
1873 if(strncasecmp(optionstr,"no-",3)==0)
1874 {
1875 no=1;
1876 start=&optionstr[3];
1877 }
1878
1879 if(strncasecmp(start,"tls",3)==0)
1880 {
1881 if(no)
1882 use_tls=0;
1883 else if(start[3]=='=')
1884 {
1885 if(strcasecmp(&start[4],"no")==0)
1886 use_tls=0;
1887 else if(strcasecmp(&start[4],"try")==0)
1888 use_tls=1;
1889 else if(strcasecmp(&start[4],"warn")==0)
1890 use_tls=2;
1891 else if(strcasecmp(&start[4],"require")==0)
1892 use_tls=3;
1893 else
1894 use_tls=1;
1895 }
1896 else if(start[3]=='\0')
1897 use_tls=1;
1898 }
1899 else if(strncasecmp(start,"basedn",6)==0)
1900 {
1901 if(no)
1902 {
1903 free(basekeyspacedn);
1904 basekeyspacedn=NULL;
1905 }
1906 else if(start[6]=='=')
1907 {
1908 free(basekeyspacedn);
1909 basekeyspacedn=strdup(&start[7]);
1910 if(!basekeyspacedn)
1911 {
1912 fprintf(console,"gpgkeys: out of memory while creating "
1913 "base DN\n");
1914 ret=KEYSERVER_NO_MEMORY;
1915 goto fail;
1916 }
1917
1918 real_ldap=1;
1919 }
1920 }
1921 else if(strncasecmp(start,"binddn",6)==0)
1922 {
1923 if(no)
1924 {
1925 free(binddn);
1926 binddn=NULL;
1927 }
1928 else if(start[6]=='=')
1929 {
1930 free(binddn);
1931 binddn=strdup(&start[7]);
1932 if(!binddn)
1933 {
1934 fprintf(console,"gpgkeys: out of memory while creating "
1935 "bind DN\n");
1936 ret=KEYSERVER_NO_MEMORY;
1937 goto fail;
1938 }
1939
1940 real_ldap=1;
1941 }
1942 }
1943 else if(strncasecmp(start,"bindpw",6)==0)
1944 {
1945 if(no)
1946 {
1947 free(bindpw);
1948 bindpw=NULL;
1949 }
1950 else if(start[6]=='=')
1951 {
1952 free(bindpw);
1953 bindpw=strdup(&start[7]);
1954 if(!bindpw)
1955 {
1956 fprintf(console,"gpgkeys: out of memory while creating "
1957 "bind password\n");
1958 ret=KEYSERVER_NO_MEMORY;
1959 goto fail;
1960 }
1961
1962 real_ldap=1;
1963 }
1964 }
1965
1966 continue;
1967 }
1968 }
1969
1970 if(!opt->scheme)
1971 {
1972 fprintf(console,"gpgkeys: no scheme supplied!\n");
1973 ret=KEYSERVER_SCHEME_NOT_FOUND;
1974 goto fail;
1975 }
1976
1977 if(strcasecmp(opt->scheme,"ldaps")==0)
1978 {
1979 port=636;
1980 use_ssl=1;
1981 }
1982
1983 if(opt->port)
1984 port=atoi(opt->port);
1985
1986 if(!opt->host)
1987 {
1988 fprintf(console,"gpgkeys: no keyserver host provided\n");
1989 goto fail;
1990 }
1991
1992 if(opt->timeout && register_timeout()==-1)
1993 {
1994 fprintf(console,"gpgkeys: unable to register timeout handler\n");
1995 return KEYSERVER_INTERNAL_ERROR;
1996 }
1997
1998 #if defined(LDAP_OPT_X_TLS_CACERTFILE) && defined(HAVE_LDAP_SET_OPTION)
1999
2000 if(opt->ca_cert_file)
2001 {
2002 err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,opt->ca_cert_file);
2003 if(err!=LDAP_SUCCESS)
2004 {
2005 fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
2006 ldap_err2string(err));
2007 ret=KEYSERVER_INTERNAL_ERROR;
2008 goto fail;
2009 }
2010 }
2011 #endif /* LDAP_OPT_X_TLS_CACERTFILE && HAVE_LDAP_SET_OPTION */
2012
2013 /* SSL trumps TLS */
2014 if(use_ssl)
2015 use_tls=0;
2016
2017 /* If it's a GET or a SEARCH, the next thing to come in is the
2018 keyids. If it's a SEND, then there are no keyids. */
2019
2020 if(opt->action==KS_SEND)
2021 while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
2022 else if(opt->action==KS_GET
2023 || opt->action==KS_GETNAME || opt->action==KS_SEARCH)
2024 {
2025 for(;;)
2026 {
2027 struct keylist *work;
2028
2029 if(fgets(line,MAX_LINE,input)==NULL)
2030 break;
2031 else
2032 {
2033 if(line[0]=='\n' || line[0]=='\0')
2034 break;
2035
2036 work=malloc(sizeof(struct keylist));
2037 if(work==NULL)
2038 {
2039 fprintf(console,"gpgkeys: out of memory while "
2040 "building key list\n");
2041 ret=KEYSERVER_NO_MEMORY;
2042 goto fail;
2043 }
2044
2045 strcpy(work->str,line);
2046
2047 /* Trim the trailing \n */
2048 work->str[strlen(line)-1]='\0';
2049
2050 work->next=NULL;
2051
2052 /* Always attach at the end to keep the list in proper
2053 order for searching */
2054 if(keylist==NULL)
2055 keylist=work;
2056 else
2057 keyptr->next=work;
2058
2059 keyptr=work;
2060 }
2061 }
2062 }
2063 else
2064 {
2065 fprintf(console,"gpgkeys: no keyserver command specified\n");
2066 goto fail;
2067 }
2068
2069 /* Send the response */
2070
2071 fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
2072 fprintf(output,"PROGRAM %s\n\n",VERSION);
2073
2074 if(opt->verbose>1)
2075 {
2076 fprintf(console,"Host:\t\t%s\n",opt->host);
2077 if(port)
2078 fprintf(console,"Port:\t\t%d\n",port);
2079 fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
2080 }
2081
2082 if(opt->debug)
2083 {
2084 #if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION)
2085 err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&opt->debug);
2086 if(err!=LDAP_SUCCESS)
2087 fprintf(console,"gpgkeys: unable to set debug mode: %s\n",
2088 ldap_err2string(err));
2089 else
2090 fprintf(console,"gpgkeys: debug level %d\n",opt->debug);
2091 #else
2092 fprintf(console,"gpgkeys: not built with debugging support\n");
2093 #endif
2094 }
2095
2096 /* We have a timeout set for the setup stuff since it could time out
2097 as well. */
2098 set_timeout(opt->timeout);
2099
2100 /* Note that this tries all A records on a given host (or at least,
2101 OpenLDAP does). */
2102 ldap=ldap_init(opt->host,port);
2103 if(ldap==NULL)
2104 {
2105 fprintf(console,"gpgkeys: internal LDAP init error: %s\n",
2106 strerror(errno));
2107 fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
2108 goto fail;
2109 }
2110
2111 if(use_ssl)
2112 {
2113 #if defined(LDAP_OPT_X_TLS) && defined(HAVE_LDAP_SET_OPTION)
2114 int ssl=LDAP_OPT_X_TLS_HARD;
2115
2116 err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
2117 if(err!=LDAP_SUCCESS)
2118 {
2119 fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
2120 ldap_err2string(err));
2121 fail_all(keylist,ldap_err_to_gpg_err(err));
2122 goto fail;
2123 }
2124
2125 if(!opt->flags.check_cert)
2126 ssl=LDAP_OPT_X_TLS_NEVER;
2127
2128 err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl);
2129 if(err!=LDAP_SUCCESS)
2130 {
2131 fprintf(console,
2132 "gpgkeys: unable to set certificate validation: %s\n",
2133 ldap_err2string(err));
2134 fail_all(keylist,ldap_err_to_gpg_err(err));
2135 goto fail;
2136 }
2137 #else
2138 fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
2139 "not built with LDAPS support");
2140 fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
2141 goto fail;
2142 #endif
2143 }
2144
2145 if(!basekeyspacedn)
2146 if((err=find_basekeyspacedn()) || !basekeyspacedn)
2147 {
2148 fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
2149 err?ldap_err2string(err):"not found");
2150 fail_all(keylist,ldap_err_to_gpg_err(err));
2151 goto fail;
2152 }
2153
2154 /* use_tls: 0=don't use, 1=try silently to use, 2=try loudly to use,
2155 3=force use. */
2156 if(use_tls)
2157 {
2158 if(!real_ldap)
2159 {
2160 if(use_tls>=2)
2161 fprintf(console,"gpgkeys: unable to start TLS: %s\n",
2162 "not supported by the NAI LDAP keyserver");
2163 if(use_tls==3)
2164 {
2165 fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
2166 goto fail;
2167 }
2168 }
2169 else
2170 {
2171 #if defined(HAVE_LDAP_START_TLS_S) && defined(HAVE_LDAP_SET_OPTION)
2172 int ver=LDAP_VERSION3;
2173
2174 err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
2175
2176 #ifdef LDAP_OPT_X_TLS
2177 if(err==LDAP_SUCCESS)
2178 {
2179 if(opt->flags.check_cert)
2180 ver=LDAP_OPT_X_TLS_HARD;
2181 else
2182 ver=LDAP_OPT_X_TLS_NEVER;
2183
2184 err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ver);
2185 }
2186 #endif
2187
2188 if(err==LDAP_SUCCESS)
2189 err=ldap_start_tls_s(ldap,NULL,NULL);
2190
2191 if(err!=LDAP_SUCCESS)
2192 {
2193 if(use_tls>=2 || opt->verbose>2)
2194 fprintf(console,"gpgkeys: unable to start TLS: %s\n",
2195 ldap_err2string(err));
2196 /* Are we forcing it? */
2197 if(use_tls==3)
2198 {
2199 fail_all(keylist,ldap_err_to_gpg_err(err));
2200 goto fail;
2201 }
2202 }
2203 else if(opt->verbose>1)
2204 fprintf(console,"gpgkeys: TLS started successfully.\n");
2205 #else
2206 if(use_tls>=2)
2207 fprintf(console,"gpgkeys: unable to start TLS: %s\n",
2208 "not built with TLS support");
2209 if(use_tls==3)
2210 {
2211 fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
2212 goto fail;
2213 }
2214 #endif
2215 }
2216 }
2217
2218 /* By default we don't bind as there is usually no need to. For
2219 cases where the server needs some authentication, the user can
2220 use binddn and bindpw for auth. */
2221
2222 if(binddn)
2223 {
2224 #ifdef HAVE_LDAP_SET_OPTION
2225 int ver=LDAP_VERSION3;
2226
2227 err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
2228 if(err!=LDAP_SUCCESS)
2229 {
2230 fprintf(console,"gpgkeys: unable to go to LDAP 3: %s\n",
2231 ldap_err2string(err));
2232 fail_all(keylist,ldap_err_to_gpg_err(err));
2233 goto fail;
2234 }
2235 #endif
2236
2237 if(opt->verbose>2)
2238 fprintf(console,"gpgkeys: LDAP bind to %s, pw %s\n",binddn,
2239 bindpw?">not shown<":">none<");
2240 err=ldap_simple_bind_s(ldap,binddn,bindpw);
2241 if(err!=LDAP_SUCCESS)
2242 {
2243 fprintf(console,"gpgkeys: internal LDAP bind error: %s\n",
2244 ldap_err2string(err));
2245 fail_all(keylist,ldap_err_to_gpg_err(err));
2246 goto fail;
2247 }
2248 else
2249 bound=1;
2250 }
2251
2252 if(opt->action==KS_GET)
2253 {
2254 keyptr=keylist;
2255
2256 while(keyptr!=NULL)
2257 {
2258 set_timeout(opt->timeout);
2259
2260 if(get_key(keyptr->str)!=KEYSERVER_OK)
2261 failed++;
2262
2263 keyptr=keyptr->next;
2264 }
2265 }
2266 else if(opt->action==KS_GETNAME)
2267 {
2268 keyptr=keylist;
2269
2270 while(keyptr!=NULL)
2271 {
2272 set_timeout(opt->timeout);
2273
2274 if(get_name(keyptr->str)!=KEYSERVER_OK)
2275 failed++;
2276
2277 keyptr=keyptr->next;
2278 }
2279 }
2280 else if(opt->action==KS_SEND)
2281 {
2282 int eof_seen = 0;
2283
2284 do
2285 {
2286 set_timeout(opt->timeout);
2287
2288 if(real_ldap)
2289 {
2290 if (send_key(&eof_seen) != KEYSERVER_OK)
2291 failed++;
2292 }
2293 else
2294 {
2295 if (send_key_keyserver(&eof_seen) != KEYSERVER_OK)
2296 failed++;
2297 }
2298 }
2299 while (!eof_seen);
2300 }
2301 else if(opt->action==KS_SEARCH)
2302 {
2303 char *searchkey=NULL;
2304 int len=0;
2305
2306 set_timeout(opt->timeout);
2307
2308 /* To search, we stick a * in between each key to search for.
2309 This means that if the user enters words, they'll get
2310 "enters*words". If the user "enters words", they'll get
2311 "enters words" */
2312
2313 keyptr=keylist;
2314 while(keyptr!=NULL)
2315 {
2316 len+=strlen(keyptr->str)+1;
2317 keyptr=keyptr->next;
2318 }
2319
2320 searchkey=malloc((len*3)+1);
2321 if(searchkey==NULL)
2322 {
2323 ret=KEYSERVER_NO_MEMORY;
2324 fail_all(keylist,KEYSERVER_NO_MEMORY);
2325 goto fail;
2326 }
2327
2328 searchkey[0]='\0';
2329
2330 keyptr=keylist;
2331 while(keyptr!=NULL)
2332 {
2333 ldap_quote(searchkey,keyptr->str);
2334 strcat(searchkey,"*");
2335 keyptr=keyptr->next;
2336 }
2337
2338 /* Nail that last "*" */
2339 if(*searchkey)
2340 searchkey[strlen(searchkey)-1]='\0';
2341
2342 if(search_key(searchkey)!=KEYSERVER_OK)
2343 failed++;
2344
2345 free(searchkey);
2346 }
2347 else
2348 assert (!"bad action");
2349
2350 if(!failed)
2351 ret=KEYSERVER_OK;
2352
2353 fail:
2354
2355 while(keylist!=NULL)
2356 {
2357 struct keylist *current=keylist;
2358 keylist=keylist->next;
2359 free(current);
2360 }
2361
2362 if(input!=stdin)
2363 fclose(input);
2364
2365 if(output!=stdout)
2366 fclose(output);
2367
2368 free_ks_options(opt);
2369
2370 if(ldap!=NULL && bound)
2371 ldap_unbind_s(ldap);
2372
2373 free(basekeyspacedn);
2374
2375 return ret;
2376 }
gnupg svn clone