| blob | c01834a6acc9273f2344c4a7208f17ac91f820c2 |
1 /* keyring.c - keyring file handling
2 * Copyright (C) 2001, 2004, 2009 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
20 #include <config.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <errno.h>
25 #include <assert.h>
26 #include <unistd.h>
27 #include <sys/types.h>
28 #include <sys/stat.h>
39 /* off_item is a funny named for an object used to keep track of known
40 * keys. The idea was to use the offset to seek to the known keyblock, but
41 * this is not possible if more than one process is using the keyring.
42 */
46 /*off_t off;*/
47 };
53 struct keyring_name
54 {
58 DOTLOCK lockhd;
62 };
73 CONST_KR_NAME resource;
76 CONST_KR_NAME kr;
77 IOBUF iobuf;
82 CONST_KR_NAME kr;
83 off_t offset;
92 };
100 \f
103 {
108 }
110 #if 0
111 static void
113 {
117 {
120 }
121 }
122 #endif
124 static OffsetHashTable
126 {
131 }
133 #if 0
134 static void
136 {
144 }
145 #endif
149 {
156 }
158 static void
160 {
166 {
168 {
169 /*k->off = off;*/
171 }
172 }
177 /*k->off = off;*/
180 }
182 static void
184 {
186 {
189 {
193 }
194 }
195 }
197 /*
198 * Register a filename for plain keyring files. ptr is set to a
199 * pointer to be used to create a handles etc, or the already-issued
200 * pointer if it has already been registered. The function returns 1
201 * if a new keyring was registered.
202 */
203 int
206 {
207 KR_NAME kr;
213 {
215 {
216 /* Already registered. */
221 }
222 }
234 /* keep a list of all issued pointers */
238 /* create the offset table the first time a function here is used */
245 }
247 int
249 {
253 }
256 \f
257 /* Create a new handle for the resource associated with TOKEN. SECRET
258 is just just as a cross-check.
260 The returned handle must be released using keyring_release (). */
261 KEYRING_HANDLE
263 {
264 KEYRING_HANDLE hd;
272 active_handles++;
274 }
276 void
278 {
282 active_handles--;
287 }
292 {
296 }
299 /*
300 * Lock the keyring with the given handle, or unlock if YES is false.
301 * We ignore the handle and lock all registered files.
302 */
303 int
305 {
306 KR_NAME kr;
312 /* first make sure the lock handles are created */
321 }
322 }
323 }
327 /* and now set the locks */
332 ;
336 }
337 else
339 }
340 }
347 ;
350 else
352 }
353 }
356 }
359 \f
360 /*
361 * Return the last found keyring. Caller must free it.
362 * The returned keyblock has the kbode flag bit 0 set for the node with
363 * the public key used to locate the keyblock or flag bit 1 set for
364 * the user ID node.
365 */
366 int
368 {
372 IOBUF a;
386 {
389 }
395 }
408 }
414 }
420 }
426 }
430 /*(this code is duplicated after the loop)*/
434 /* this is a ring trust packet with a checked signature
435 * status cache following directly a signature paket.
436 * Set the cache status into that signature packet */
441 }
442 /* reset lastnode, so that we set the cache status only from
443 * the ring trust packet immediately folling a signature */
445 }
450 else
459 }
463 }
464 }
468 }
477 /*(duplicated form the loop body)*/
479 && lastnode
485 }
487 }
492 /* Make sure that future search operations fail immediately when
493 * we know that we are working on a invalid keyring
494 */
499 }
501 int
503 {
513 /* need to know the number of packets - do a dummy get_keyblock*/
518 }
521 }
523 /* The open iobuf isn't needed anymore and in fact is a problem when
524 it comes to renaming the keyring files on some operating systems,
525 so close it here */
529 /* do the update */
534 {
536 }
537 /* better reset the found info */
540 }
542 }
544 int
546 {
553 {
557 }
559 {
563 }
564 else
570 /* Close this one otherwise we will lose the position for
571 * a next search. Fixme: it would be better to adjust the position
572 * after the write opertions.
573 */
577 /* do the insert */
580 {
582 }
585 }
588 int
590 {
600 /* need to know the number of packets - do a dummy get_keyblock*/
605 }
608 }
610 /* close this one otherwise we will lose the position for
611 * a next search. Fixme: it would be better to adjust the position
612 * after the write opertions.
613 */
617 /* do the delete */
621 /* better reset the found info */
624 /* Delete is a rare operations, so we don't remove the keys
625 * from the offset table */
626 }
628 }
631 \f
632 /*
633 * Start the next search on this handle right at the beginning
634 */
635 int
637 {
649 }
652 static int
654 {
662 }
672 }
674 }
681 }
686 {
690 }
693 }
695 \f
696 /* A map of the all characters valid used for word_match()
697 * Valid characters are in in this table converted to uppercase.
698 * because the upper 128 bytes have special meaning, we assume
699 * that they are all valid.
700 * Note: We must use numerical values here in case that this program
701 * will be converted to those little blue HAL9000s with their strange
702 * EBCDIC character set (user ids are UTF-8).
703 * wk 2000-04-13: Hmmm, does this really make sense, given the fact that
704 * we can run gpg now on a S/390 running GNU/Linux, where the code
705 * translation is done by the device drivers?
706 */
740 };
742 /****************
743 * Do a word match (original user id starts with a '+').
744 * The pattern is already tokenized to a more suitable format:
745 * There are only the real words in it delimited by one space
746 * and all converted to uppercase.
747 *
748 * Returns: 0 if all words match.
749 *
750 * Note: This algorithm is a straightforward one and not very
751 * fast. It works for UTF-8 strings. The uidlen should
752 * be removed but due to the fact that old versions of
753 * pgp don't use UTF-8 we still use the length; this should
754 * be fixed in parse-packet (and replace \0 by some special
755 * UTF-8 encoding)
756 */
757 static int
759 {
766 /* skip leading delimiters */
769 /* get length of the word */
774 /* and compare against the current word from pattern */
778 }
787 /* advance to next word in pattern */
789 ;
791 s++ ;
792 }
794 }
796 /****************
797 * prepare word word_match; that is parse the name and
798 * build the pattern.
799 * caller has to free the returned pattern
800 */
803 {
807 /* the original length is always enough for the pattern */
810 /* skip leading delimiters */
812 name++;
813 /* copy as long as we don't have a delimiter and convert
814 * to uppercase.
815 * fixme: how can we handle utf8 uppercasing */
823 }
828 static int
830 {
840 }
844 }
849 ;
851 /* skip opening delim and one char and look for the closing one*/
854 ;
861 }
865 }
867 /* nyi */
868 }
869 }
870 }
871 }
874 else
878 }
880 \f
881 /*
882 * Search through the keyring(s), starting at the current position,
883 * for a keyblock which contains one of the keys described in the DESC array.
884 */
885 int
888 {
890 PACKET pkt;
903 /* figure out what information we need */
906 {
908 {
930 /* always restart the search in this mode */
934 }
936 {
939 }
940 }
948 ;
952 {
961 }
962 /* We could now create a positive search status and return.
963 * However the problem is that another instance of gpg may
964 * have changed the keyring so that the offsets are not valid
965 * anymore - therefore we don't do it
966 */
967 }
970 {
974 /* FIXME: here is a long standing bug in our function and in addition we
975 just use the first search description */
977 {
980 }
983 {
984 /* name changed */
989 }
991 }
1001 {
1006 {
1010 }
1012 {
1015 }
1022 {
1030 }
1036 }
1038 {
1041 }
1044 {
1052 }
1056 }
1059 {
1105 }
1106 }
1109 found:
1110 /* Record which desc we matched on. Note this value is only
1111 meaningful if this function returns with no errors. */
1115 {
1119 }
1123 }
1124 real_found:
1126 {
1131 }
1133 {
1135 /* if we scanned all keyrings, we are sure that
1136 * all known key IDs are in our offtbl, mark that. */
1138 {
1139 KR_NAME kr;
1141 /* First set the did_full_scan flag for this keyring (ignore
1142 secret keyrings) */
1144 {
1146 {
1149 }
1150 }
1151 /* Then check whether all flags are set and if so, mark the
1152 offtbl ready */
1154 {
1157 }
1160 }
1161 }
1162 else
1168 }
1171 static int
1174 {
1176 mode_t oldmask;
1181 # ifdef USE_ONLY_8DOT3
1182 /* Here is another Windoze bug?:
1183 * you cant rename("pubring.gpg.tmp", "pubring.gpg");
1184 * but rename("pubring.gpg.tmp", "pubring.aaa");
1185 * works. So we replace .gpg by .bak or .tmp
1186 */
1189 {
1197 }
1198 else
1205 }
1214 /* Create the temp file with limited access */
1217 {
1220 }
1221 else
1225 {
1231 }
1236 }
1239 static int
1242 {
1245 /* It's a secret keyring, so let's force a fsync just to be safe on
1246 filesystems that may not sync data and metadata together
1247 (e.g. ext4). */
1249 {
1252 }
1254 /* Invalidate close caches. */
1256 {
1259 }
1263 /* first make a backup file except for secret keyrings */
1265 {
1266 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
1268 #endif
1270 {
1275 }
1276 }
1278 /* then rename the file */
1279 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
1281 #endif
1285 {
1291 }
1293 /* Now make sure the file has the same permissions as the original */
1295 #ifndef HAVE_DOSISH_SYSTEM
1296 {
1304 ;
1305 else
1308 }
1309 #endif
1313 fail:
1315 {
1320 }
1322 }
1325 static int
1327 {
1332 {
1337 {
1341 }
1348 {
1352 }
1357 {
1361 }
1362 }
1363 }
1365 }
1367 /*
1368 * Walk over all public keyrings, check the signatures and replace the
1369 * keyring with a new one where the signature cache is then updated.
1370 * This is only done for the public keyrings.
1371 */
1372 int
1374 {
1375 KEYRING_HANDLE hd;
1376 KEYDB_SEARCH_DESC desc;
1394 {
1400 {
1402 {
1407 }
1408 /* because we have switched resources, we can be sure that
1409 * the original file is closed */
1411 }
1424 }
1429 {
1432 }
1435 /* check all signature to set the signature's cache flags */
1437 {
1438 /* Note that this doesn't cache the result of a revocation
1439 issued by a designated revoker. This is because the pk
1440 in question does not carry the revkeys as we haven't
1441 merged the key and selfsigs. It is questionable whether
1442 this matters very much since there are very very few
1443 designated revoker revocation packets out there. */
1446 {
1453 else
1456 sigcount++;
1457 }
1458 }
1460 /* write the keyblock to the temporary file */
1473 {
1476 }
1480 {
1482 {
1487 }
1488 /* because we have switched resources, we can be sure that
1489 * the original file is closed */
1491 }
1497 leave:
1506 }
1508 \f
1509 /****************
1510 * Perform insert/delete/update operation.
1511 * mode 1 = insert
1512 * 2 = delete
1513 * 3 = update
1514 */
1515 static int
1518 {
1524 /* Open the source file. Because we do a rename, we have to check the
1525 permissions of the file */
1531 /* insert mode but file does not exist: create a new file */
1533 mode_t oldmask;
1539 }
1540 else
1544 {
1548 }
1559 }
1560 }
1565 }
1567 }
1570 {
1574 }
1576 /* Create the new file. */
1581 }
1586 /* copy everything to the new file */
1596 }
1598 }
1601 /* copy first part to the new file */
1611 }
1612 /* skip this keyblock */
1623 }
1624 }
1634 }
1635 }
1638 /* copy the rest */
1648 }
1650 }
1652 /* close both files */
1657 }
1662 }
1666 leave:
1670 }