1 /* keydb.c - key database dispatcher
2 * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
3 * Copyright (C) 2014 g10 Code GmbH
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #include <sys/types.h>
32 #include "../kbx/keybox.h"
36 static int active_handles;
39 KEYDB_RESOURCE_TYPE_NONE = 0,
40 KEYDB_RESOURCE_TYPE_KEYBOX
42 #define MAX_KEYDB_RESOURCES 20
44 struct resource_item {
45 KeydbResourceType type;
54 static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
55 static int used_resources;
63 int used; /* items in active */
64 struct resource_item active[MAX_KEYDB_RESOURCES];
68 static int lock_all (KEYDB_HANDLE hd);
69 static void unlock_all (KEYDB_HANDLE hd);
73 try_make_homedir (const char *fname)
75 const char *defhome = standard_homedir ();
77 /* Create the directory only if the supplied directory name is the
78 same as the default one. This way we avoid to create arbitrary
79 directories when a non-default home directory is used. To cope
80 with HOME, we do compare only the suffix if we see that the
81 default homedir does start with a tilde. */
82 if ( opt.dry_run || opt.no_homedir_creation )
86 #ifdef HAVE_W32_SYSTEM
87 ( !compare_filenames (fname, defhome) )
90 && (strlen(fname) >= strlen (defhome+1)
91 && !strcmp(fname+strlen(fname)-strlen(defhome+1), defhome+1 ) ))
92 || (*defhome != '~' && !compare_filenames( fname, defhome ) )
96 if (gnupg_mkdir (fname, "-rwx"))
97 log_info (_("can't create directory '%s': %s\n"),
98 fname, strerror(errno) );
100 log_info (_("directory '%s' created\n"), fname);
105 /* Handle the creation of a keybox if it does not yet exist. Take
106 into acount that other processes might have the keybox already
107 locked. This lock check does not work if the directory itself is
108 not yet available. If R_CREATED is not NULL it will be set to true
109 if the function created a new keybox. */
111 maybe_create_keybox (char *filename, int force, int *r_created)
113 dotlock_t lockhd = NULL;
117 char *last_slash_in_filename;
123 /* A quick test whether the filename already exists. */
124 if (!access (filename, F_OK))
127 /* If we don't want to create a new file at all, there is no need to
128 go any further - bail out right here. */
130 return gpg_error (GPG_ERR_ENOENT);
132 /* First of all we try to create the home directory. Note, that we
133 don't do any locking here because any sane application of gpg
134 would create the home directory by itself and not rely on gpg's
135 tricky auto-creation which is anyway only done for some home
136 directory name patterns. */
137 last_slash_in_filename = strrchr (filename, DIRSEP_C);
140 /* Windows may either have a slash or a backslash. Take care of it. */
141 char *p = strrchr (filename, '/');
142 if (!last_slash_in_filename || p > last_slash_in_filename)
143 last_slash_in_filename = p;
145 #endif /*HAVE_W32_SYSTEM*/
146 if (!last_slash_in_filename)
147 return gpg_error (GPG_ERR_ENOENT); /* No slash at all - should
148 not happen though. */
149 save_slash = *last_slash_in_filename;
150 *last_slash_in_filename = 0;
151 if (access(filename, F_OK))
158 try_make_homedir (filename);
160 if (access (filename, F_OK))
162 rc = gpg_error_from_syserror ();
163 *last_slash_in_filename = save_slash;
167 *last_slash_in_filename = save_slash;
169 /* To avoid races with other instances of gpg trying to create or
170 update the keybox (it is removed during an update for a short
171 time), we do the next stuff in a locked state. */
172 lockhd = dotlock_create (filename, 0);
175 /* A reason for this to fail is that the directory is not
176 writable. However, this whole locking stuff does not make
177 sense if this is the case. An empty non-writable directory
178 with no keyring is not really useful at all. */
180 log_info ("can't allocate lock for '%s'\n", filename );
183 return gpg_error (GPG_ERR_ENOENT);
185 return gpg_error (GPG_ERR_GENERAL);
188 if ( dotlock_take (lockhd, -1) )
190 /* This is something bad. Probably a stale lockfile. */
191 log_info ("can't lock '%s'\n", filename);
192 rc = gpg_error (GPG_ERR_GENERAL);
196 /* Now the real test while we are locked. */
197 if (!access(filename, F_OK))
199 rc = 0; /* Okay, we may access the file now. */
203 /* The file does not yet exist, create it now. */
204 oldmask = umask (077);
205 fp = fopen (filename, "w");
208 rc = gpg_error_from_syserror ();
210 log_error (_("error creating keybox '%s': %s\n"),
211 filename, gpg_strerror (rc));
216 /* Make sure that at least one record is in a new keybox file, so
217 that the detection magic for OpenPGP keyboxes works the next time
219 rc = _keybox_write_header_blob (fp, 0);
223 log_error (_("error creating keybox '%s': %s\n"),
224 filename, gpg_strerror (rc));
229 log_info (_("keybox '%s' created\n"), filename);
239 dotlock_release (lockhd);
240 dotlock_destroy (lockhd);
247 * Register a resource (which currently may only be a keybox file).
248 * The first keybox which is added by this function is created if it
249 * does not exist. If AUTO_CREATED is not NULL it will be set to true
250 * if the function has created a new keybox.
253 keydb_add_resource (const char *url, int force, int secret, int *auto_created)
255 static int any_secret, any_public;
256 const char *resname = url;
257 char *filename = NULL;
259 KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
264 /* Do we have an URL?
265 gnupg-kbx:filename := this is a plain keybox
266 filename := See what is is, but create as plain keybox.
268 if (strlen (resname) > 10)
270 if (!strncmp (resname, "gnupg-kbx:", 10) )
272 rt = KEYDB_RESOURCE_TYPE_KEYBOX;
275 #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
276 else if (strchr (resname, ':'))
278 log_error ("invalid key resource URL '%s'\n", url );
279 err = gpg_error (GPG_ERR_GENERAL);
282 #endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
285 if (*resname != DIRSEP_C )
286 { /* do tilde expansion etc */
287 if (strchr(resname, DIRSEP_C) )
288 filename = make_filename (resname, NULL);
290 filename = make_filename (opt.homedir, resname, NULL);
293 filename = xstrdup (resname);
296 force = secret? !any_secret : !any_public;
298 /* see whether we can determine the filetype */
299 if (rt == KEYDB_RESOURCE_TYPE_NONE)
301 FILE *fp = fopen( filename, "rb" );
307 /* FIXME: check for the keybox magic */
308 if (fread (&magic, 4, 1, fp) == 1 )
310 if (magic == 0x13579ace || magic == 0xce9a5713)
311 ; /* GDBM magic - no more support */
313 rt = KEYDB_RESOURCE_TYPE_KEYBOX;
315 else /* maybe empty: assume keybox */
316 rt = KEYDB_RESOURCE_TYPE_KEYBOX;
319 else /* no file yet: create keybox */
320 rt = KEYDB_RESOURCE_TYPE_KEYBOX;
325 case KEYDB_RESOURCE_TYPE_NONE:
326 log_error ("unknown type of key resource '%s'\n", url );
327 err = gpg_error (GPG_ERR_GENERAL);
330 case KEYDB_RESOURCE_TYPE_KEYBOX:
331 err = maybe_create_keybox (filename, force, auto_created);
334 /* Now register the file */
338 err = keybox_register_file (filename, secret, &token);
339 if (gpg_err_code (err) == GPG_ERR_EEXIST)
340 ; /* Already registered - ignore. */
343 else if (used_resources >= MAX_KEYDB_RESOURCES)
344 err = gpg_error (GPG_ERR_RESOURCE_LIMIT);
347 all_resources[used_resources].type = rt;
348 all_resources[used_resources].u.kr = NULL; /* Not used here */
349 all_resources[used_resources].token = token;
350 all_resources[used_resources].secret = secret;
352 all_resources[used_resources].lockhandle
353 = dotlock_create (filename, 0);
354 if (!all_resources[used_resources].lockhandle)
355 log_fatal ( _("can't create lock for '%s'\n"), filename);
357 /* Do a compress run if needed and the file is not locked. */
358 if (!dotlock_take (all_resources[used_resources].lockhandle, 0))
360 KEYBOX_HANDLE kbxhd = keybox_new_x509 (token, secret);
364 keybox_compress (kbxhd);
365 keybox_release (kbxhd);
367 dotlock_release (all_resources[used_resources].lockhandle);
376 log_error ("resource type of '%s' not supported\n", url);
377 err = gpg_error (GPG_ERR_NOT_SUPPORTED);
381 /* fixme: check directory permissions and print a warning */
385 log_error ("keyblock resource '%s': %s\n", filename, gpg_strerror (err));
396 keydb_new (int secret)
401 hd = xcalloc (1, sizeof *hd);
403 hd->saved_found = -1;
405 assert (used_resources <= MAX_KEYDB_RESOURCES);
406 for (i=j=0; i < used_resources; i++)
408 if (!all_resources[i].secret != !secret)
410 switch (all_resources[i].type)
412 case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
414 case KEYDB_RESOURCE_TYPE_KEYBOX:
415 hd->active[j].type = all_resources[i].type;
416 hd->active[j].token = all_resources[i].token;
417 hd->active[j].secret = all_resources[i].secret;
418 hd->active[j].lockhandle = all_resources[i].lockhandle;
419 hd->active[j].u.kr = keybox_new_x509 (all_resources[i].token, secret);
420 if (!hd->active[j].u.kr)
423 return NULL; /* fixme: release all previously allocated handles*/
436 keydb_release (KEYDB_HANDLE hd)
442 assert (active_handles > 0);
446 for (i=0; i < hd->used; i++)
448 switch (hd->active[i].type)
450 case KEYDB_RESOURCE_TYPE_NONE:
452 case KEYDB_RESOURCE_TYPE_KEYBOX:
453 keybox_release (hd->active[i].u.kr);
462 /* Return the name of the current resource. This is function first
463 looks for the last found found, then for the current search
464 position, and last returns the first available resource. The
465 returned string is only valid as long as the handle exists. This
466 function does only return NULL if no handle is specified, in all
467 other error cases an empty string is returned. */
469 keydb_get_resource_name (KEYDB_HANDLE hd)
472 const char *s = NULL;
477 if ( hd->found >= 0 && hd->found < hd->used)
479 else if ( hd->current >= 0 && hd->current < hd->used)
484 switch (hd->active[idx].type)
486 case KEYDB_RESOURCE_TYPE_NONE:
489 case KEYDB_RESOURCE_TYPE_KEYBOX:
490 s = keybox_get_resource_name (hd->active[idx].u.kr);
497 /* Switch the handle into ephemeral mode and return the original value. */
499 keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
507 if (hd->is_ephemeral != yes)
509 for (i=0; i < hd->used; i++)
511 switch (hd->active[i].type)
513 case KEYDB_RESOURCE_TYPE_NONE:
515 case KEYDB_RESOURCE_TYPE_KEYBOX:
516 keybox_set_ephemeral (hd->active[i].u.kr, yes);
522 i = hd->is_ephemeral;
523 hd->is_ephemeral = yes;
528 /* If the keyring has not yet been locked, lock it now. This
529 operation is required before any update operation; it is optional
530 for an insert operation. The lock is released with
533 keydb_lock (KEYDB_HANDLE hd)
536 return gpg_error (GPG_ERR_INV_HANDLE);
538 return 0; /* Already locked. */
539 return lock_all (hd);
545 lock_all (KEYDB_HANDLE hd)
549 /* Fixme: This locking scheme may lead to deadlock if the resources
550 are not added in the same order by all processes. We are
551 currently only allowing one resource so it is not a problem. */
552 for (i=0; i < hd->used; i++)
554 switch (hd->active[i].type)
556 case KEYDB_RESOURCE_TYPE_NONE:
558 case KEYDB_RESOURCE_TYPE_KEYBOX:
559 if (hd->active[i].lockhandle)
560 rc = dotlock_take (hd->active[i].lockhandle, -1);
569 /* revert the already set locks */
570 for (i--; i >= 0; i--)
572 switch (hd->active[i].type)
574 case KEYDB_RESOURCE_TYPE_NONE:
576 case KEYDB_RESOURCE_TYPE_KEYBOX:
577 if (hd->active[i].lockhandle)
578 dotlock_release (hd->active[i].lockhandle);
586 /* make_dotlock () does not yet guarantee that errno is set, thus
587 we can't rely on the error reason and will simply use
589 return rc? gpg_error (GPG_ERR_EACCES) : 0;
593 unlock_all (KEYDB_HANDLE hd)
600 for (i=hd->used-1; i >= 0; i--)
602 switch (hd->active[i].type)
604 case KEYDB_RESOURCE_TYPE_NONE:
606 case KEYDB_RESOURCE_TYPE_KEYBOX:
607 if (hd->active[i].lockhandle)
608 dotlock_release (hd->active[i].lockhandle);
617 /* Push the last found state if any. */
619 keydb_push_found_state (KEYDB_HANDLE hd)
624 if (hd->found < 0 || hd->found >= hd->used)
626 hd->saved_found = -1;
630 switch (hd->active[hd->found].type)
632 case KEYDB_RESOURCE_TYPE_NONE:
634 case KEYDB_RESOURCE_TYPE_KEYBOX:
635 keybox_push_found_state (hd->active[hd->found].u.kr);
639 hd->saved_found = hd->found;
644 /* Pop the last found state. */
646 keydb_pop_found_state (KEYDB_HANDLE hd)
651 hd->found = hd->saved_found;
652 hd->saved_found = -1;
653 if (hd->found < 0 || hd->found >= hd->used)
656 switch (hd->active[hd->found].type)
658 case KEYDB_RESOURCE_TYPE_NONE:
660 case KEYDB_RESOURCE_TYPE_KEYBOX:
661 keybox_pop_found_state (hd->active[hd->found].u.kr);
669 Return the last found object. Caller must free it. The returned
670 keyblock has the kbode flag bit 0 set for the node with the public
671 key used to locate the keyblock or flag bit 1 set for the user ID
674 keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
679 return gpg_error (GPG_ERR_INV_VALUE);
681 if ( hd->found < 0 || hd->found >= hd->used)
682 return -1; /* nothing found */
684 switch (hd->active[hd->found].type)
686 case KEYDB_RESOURCE_TYPE_NONE:
687 rc = gpg_error (GPG_ERR_GENERAL); /* oops */
689 case KEYDB_RESOURCE_TYPE_KEYBOX:
690 rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
697 /* Return a flag of the last found object. WHICH is the flag requested;
698 it should be one of the KEYBOX_FLAG_ values. If the operation is
699 successful, the flag value will be stored at the address given by
700 VALUE. Return 0 on success or an error code. */
702 keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
707 return gpg_error (GPG_ERR_INV_VALUE);
709 if ( hd->found < 0 || hd->found >= hd->used)
710 return gpg_error (GPG_ERR_NOTHING_FOUND);
712 switch (hd->active[hd->found].type)
714 case KEYDB_RESOURCE_TYPE_NONE:
715 err = gpg_error (GPG_ERR_GENERAL); /* oops */
717 case KEYDB_RESOURCE_TYPE_KEYBOX:
718 err = keybox_get_flags (hd->active[hd->found].u.kr, which, idx, value);
725 /* Set a flag of the last found object. WHICH is the flag to be set; it
726 should be one of the KEYBOX_FLAG_ values. If the operation is
727 successful, the flag value will be stored in the keybox. Note,
728 that some flag values can't be updated and thus may return an
729 error, some other flag values may be masked out before an update.
730 Returns 0 on success or an error code. */
732 keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
737 return gpg_error (GPG_ERR_INV_VALUE);
739 if ( hd->found < 0 || hd->found >= hd->used)
740 return gpg_error (GPG_ERR_NOTHING_FOUND);
743 return gpg_error (GPG_ERR_NOT_LOCKED);
745 switch (hd->active[hd->found].type)
747 case KEYDB_RESOURCE_TYPE_NONE:
748 err = gpg_error (GPG_ERR_GENERAL); /* oops */
750 case KEYDB_RESOURCE_TYPE_KEYBOX:
751 err = keybox_set_flags (hd->active[hd->found].u.kr, which, idx, value);
759 * Insert a new Certificate into one of the resources.
762 keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
766 unsigned char digest[20];
769 return gpg_error (GPG_ERR_INV_VALUE);
774 if ( hd->found >= 0 && hd->found < hd->used)
776 else if ( hd->current >= 0 && hd->current < hd->used)
779 return gpg_error (GPG_ERR_GENERAL);
782 return gpg_error (GPG_ERR_NOT_LOCKED);
784 gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
786 switch (hd->active[idx].type)
788 case KEYDB_RESOURCE_TYPE_NONE:
789 rc = gpg_error (GPG_ERR_GENERAL);
791 case KEYDB_RESOURCE_TYPE_KEYBOX:
792 rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
802 /* Update the current keyblock with KB. */
804 keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
807 unsigned char digest[20];
810 return gpg_error (GPG_ERR_INV_VALUE);
812 if ( hd->found < 0 || hd->found >= hd->used)
813 return -1; /* nothing found */
822 gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
824 switch (hd->active[hd->found].type)
826 case KEYDB_RESOURCE_TYPE_NONE:
827 rc = gpg_error (GPG_ERR_GENERAL); /* oops */
829 case KEYDB_RESOURCE_TYPE_KEYBOX:
830 rc = keybox_update_cert (hd->active[hd->found].u.kr, cert, digest);
840 * The current keyblock or cert will be deleted.
843 keydb_delete (KEYDB_HANDLE hd, int unlock)
848 return gpg_error (GPG_ERR_INV_VALUE);
850 if ( hd->found < 0 || hd->found >= hd->used)
851 return -1; /* nothing found */
857 return gpg_error (GPG_ERR_NOT_LOCKED);
859 switch (hd->active[hd->found].type)
861 case KEYDB_RESOURCE_TYPE_NONE:
862 rc = gpg_error (GPG_ERR_GENERAL);
864 case KEYDB_RESOURCE_TYPE_KEYBOX:
865 rc = keybox_delete (hd->active[hd->found].u.kr);
877 * Locate the default writable key resource, so that the next
878 * operation (which is only relevant for inserts) will be done on this
882 keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
889 return gpg_error (GPG_ERR_INV_VALUE);
891 rc = keydb_search_reset (hd); /* this does reset hd->current */
895 for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
897 switch (hd->active[hd->current].type)
899 case KEYDB_RESOURCE_TYPE_NONE:
902 case KEYDB_RESOURCE_TYPE_KEYBOX:
903 if (keybox_is_writable (hd->active[hd->current].token))
904 return 0; /* found (hd->current is set to it) */
913 * Rebuild the caches of all key resources.
916 keydb_rebuild_caches (void)
920 for (i=0; i < used_resources; i++)
922 if (all_resources[i].secret)
924 switch (all_resources[i].type)
926 case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
928 case KEYDB_RESOURCE_TYPE_KEYBOX:
929 /* rc = keybox_rebuild_cache (all_resources[i].token); */
931 /* log_error (_("failed to rebuild keybox cache: %s\n"), */
932 /* g10_errstr (rc)); */
941 * Start the next search on this handle right at the beginning
944 keydb_search_reset (KEYDB_HANDLE hd)
950 return gpg_error (GPG_ERR_INV_VALUE);
954 /* and reset all resources */
955 for (i=0; !rc && i < hd->used; i++)
957 switch (hd->active[i].type)
959 case KEYDB_RESOURCE_TYPE_NONE:
961 case KEYDB_RESOURCE_TYPE_KEYBOX:
962 rc = keybox_search_reset (hd->active[i].u.kr);
970 * Search through all keydb resources, starting at the current position,
971 * for a keyblock which contains one of the keys described in the DESC array.
974 keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
977 unsigned long skipped;
980 return gpg_error (GPG_ERR_INV_VALUE);
982 while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
984 switch (hd->active[hd->current].type)
986 case KEYDB_RESOURCE_TYPE_NONE:
987 BUG(); /* we should never see it here */
989 case KEYDB_RESOURCE_TYPE_KEYBOX:
990 rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc,
991 KEYBOX_BLOBTYPE_X509,
995 if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
996 { /* EOF -> switch to next resource */
1000 hd->found = hd->current;
1008 keydb_search_first (KEYDB_HANDLE hd)
1010 KEYDB_SEARCH_DESC desc;
1012 memset (&desc, 0, sizeof desc);
1013 desc.mode = KEYDB_SEARCH_MODE_FIRST;
1014 return keydb_search (hd, &desc, 1);
1018 keydb_search_next (KEYDB_HANDLE hd)
1020 KEYDB_SEARCH_DESC desc;
1022 memset (&desc, 0, sizeof desc);
1023 desc.mode = KEYDB_SEARCH_MODE_NEXT;
1024 return keydb_search (hd, &desc, 1);
1028 keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
1030 KEYDB_SEARCH_DESC desc;
1034 memset (&desc, 0, sizeof desc);
1035 desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
1036 desc.u.kid[0] = kid[0];
1037 desc.u.kid[1] = kid[1];
1038 return keydb_search (hd, &desc, 1);
1042 keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
1044 KEYDB_SEARCH_DESC desc;
1046 memset (&desc, 0, sizeof desc);
1047 desc.mode = KEYDB_SEARCH_MODE_FPR;
1048 memcpy (desc.u.fpr, fpr, 20);
1049 return keydb_search (hd, &desc, 1);
1053 keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
1055 KEYDB_SEARCH_DESC desc;
1058 memset (&desc, 0, sizeof desc);
1059 desc.mode = KEYDB_SEARCH_MODE_ISSUER;
1060 desc.u.name = issuer;
1061 rc = keydb_search (hd, &desc, 1);
1066 keydb_search_issuer_sn (KEYDB_HANDLE hd,
1067 const char *issuer, ksba_const_sexp_t serial)
1069 KEYDB_SEARCH_DESC desc;
1071 const unsigned char *s;
1073 memset (&desc, 0, sizeof desc);
1074 desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
1077 return gpg_error (GPG_ERR_INV_VALUE);
1079 for (desc.snlen = 0; digitp (s); s++)
1080 desc.snlen = 10*desc.snlen + atoi_1 (s);
1082 return gpg_error (GPG_ERR_INV_VALUE);
1084 desc.u.name = issuer;
1085 rc = keydb_search (hd, &desc, 1);
1090 keydb_search_subject (KEYDB_HANDLE hd, const char *name)
1092 KEYDB_SEARCH_DESC desc;
1095 memset (&desc, 0, sizeof desc);
1096 desc.mode = KEYDB_SEARCH_MODE_SUBJECT;
1098 rc = keydb_search (hd, &desc, 1);
1104 /* Store the certificate in the key DB but make sure that it does not
1105 already exists. We do this simply by comparing the fingerprint.
1106 If EXISTED is not NULL it will be set to true if the certificate
1107 was already in the DB. */
1109 keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
1113 unsigned char fpr[20];
1118 if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
1120 log_error (_("failed to get the fingerprint\n"));
1121 return gpg_error (GPG_ERR_GENERAL);
1127 log_error (_("failed to allocate keyDB handle\n"));
1128 return gpg_error (GPG_ERR_ENOMEM);;
1131 /* Set the ephemeral flag so that the search looks at all
1133 keydb_set_ephemeral (kh, 1);
1139 rc = keydb_search_fpr (kh, fpr);
1149 /* Remove ephemeral flags from existing certificate to "store"
1151 rc = keydb_set_cert_flags (cert, 1, KEYBOX_FLAG_BLOB, 0,
1152 KEYBOX_FLAG_BLOB_EPHEMERAL, 0);
1155 log_error ("clearing ephemeral flag failed: %s\n",
1160 return 0; /* okay */
1162 log_error (_("problem looking for existing certificate: %s\n"),
1167 /* Reset the ephemeral flag if not requested. */
1169 keydb_set_ephemeral (kh, 0);
1171 rc = keydb_locate_writable (kh, 0);
1174 log_error (_("error finding writable keyDB: %s\n"), gpg_strerror (rc));
1179 rc = keydb_insert_cert (kh, cert);
1182 log_error (_("error storing certificate: %s\n"), gpg_strerror (rc));
1191 /* This is basically keydb_set_flags but it implements a complete
1192 transaction by locating the certificate in the DB and updating the
1195 keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
1197 unsigned int mask, unsigned int value)
1201 unsigned char fpr[20];
1202 unsigned int old_value;
1204 if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
1206 log_error (_("failed to get the fingerprint\n"));
1207 return gpg_error (GPG_ERR_GENERAL);
1213 log_error (_("failed to allocate keyDB handle\n"));
1214 return gpg_error (GPG_ERR_ENOMEM);;
1218 keydb_set_ephemeral (kh, 1);
1220 err = keydb_lock (kh);
1223 log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
1228 err = keydb_search_fpr (kh, fpr);
1232 err = gpg_error (GPG_ERR_NOT_FOUND);
1234 log_error (_("problem re-searching certificate: %s\n"),
1235 gpg_strerror (err));
1240 err = keydb_get_flags (kh, which, idx, &old_value);
1243 log_error (_("error getting stored flags: %s\n"), gpg_strerror (err));
1248 value = ((old_value & ~mask) | (value & mask));
1250 if (value != old_value)
1252 err = keydb_set_flags (kh, which, idx, value);
1255 log_error (_("error storing flags: %s\n"), gpg_strerror (err));
1266 /* Reset all the certificate flags we have stored with the certificates
1267 for performance reasons. */
1269 keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
1272 KEYDB_HANDLE hd = NULL;
1273 KEYDB_SEARCH_DESC *desc = NULL;
1277 unsigned int old_value, value;
1284 log_error ("keydb_new failed\n");
1292 for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
1296 desc = xtrycalloc (ndesc, sizeof *desc);
1299 log_error ("allocating memory failed: %s\n",
1300 gpg_strerror (out_of_core ()));
1305 desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
1308 for (ndesc=0, sl=names; sl; sl = sl->next)
1310 rc = classify_user_id (sl->d, desc+ndesc, 0);
1312 log_error ("key '%s' not found: %s\n", sl->d, gpg_strerror (rc));
1318 err = keydb_lock (hd);
1321 log_error (_("error locking keybox: %s\n"), gpg_strerror (err));
1325 while (!(rc = keydb_search (hd, desc, ndesc)))
1328 desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
1330 err = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &old_value);
1333 log_error (_("error getting stored flags: %s\n"),
1334 gpg_strerror (err));
1338 value = (old_value & ~VALIDITY_REVOKED);
1339 if (value != old_value)
1341 err = keydb_set_flags (hd, KEYBOX_FLAG_VALIDITY, 0, value);
1344 log_error (_("error storing flags: %s\n"), gpg_strerror (err));
1350 log_error ("keydb_search failed: %s\n", gpg_strerror (rc));