trunk/Src/wptKeyserver.cpp

/* wptKeyserver.cpp - W32 Keyserver Access
 *      Copyright (C) 2000-2005 Timo Schulz
 *      Copyright (C) 2001 Marco Cunha
 *
 * This file is part of WinPT.
 *
 * WinPT is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License 
 * as published by the Free Software Foundation; either version 2 
 * of the License, or (at your option) any later version.
 *  
 * WinPT is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with WinPT; if not, write to the Free Software Foundation, 
 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <windows.h>
#include <shlobj.h>
#include <stdio.h>
#include <sys/stat.h>
#include <ctype.h>

#include "wptKeyserver.h"
#include "wptErrors.h"
#include "wptTypes.h"
#include "wptNLS.h"
#include "wptW32API.h"
#include "wptGPG.h"
#include "wptRegistry.h"

#define net_errno ((int)WSAGetLastError ())

static char base64code[] =
  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

keyserver server[MAX_KEYSERVERS] = {0};
keyserver_proxy_s proxy = {0};
static const char *server_list[] = {
    "hkp://wwwkeys.nl.pgp.net",
    "hkp://wwwkeys.pl.pgp.net",
    "hkp://wwwkeys.at.pgp.net",
    "hkp://wwwkeys.ch.pgp.net",
    "hkp://wwwkeys.de.pgp.net",
    "hkp://wwwkeys.dk.pgp.net",
    "hkp://wwwkeys.cz.pgp.net",
    "hkp://wwwkeys.es.pgp.net",
    "hkp://wwwkeys.eu.pgp.net",
    "hkp://wwwkeys.uk.pgp.net",
    "hkp://wwwkeys.us.pgp.net",
    "hkp://subkeys.pgp.net",
    "ldap://keyserver.pgp.com",
    NULL
};


static char  hkp_errmsg[1024];  /* Holds the error message from the server */
static int   hkp_err = 0;       /* != 0 indicates an error occurred. */
static DWORD conf_timestamp = 0;/* timestamp of the configuration fiele. */

/* Default keyserver and port. */
char *default_keyserver = NULL;
WORD default_keyserver_port = 0;


/* Basic64 encode the input @inbuf to @outbuf. */
static void
base64_encode (const char *inbuf, char *outbuf)
{       
    int index = 0, temp = 0, res = 0;
    int i = 0, inputlen = 0, len = 0;
    
    inputlen = strlen (inbuf);
    for (i = 0; i < inputlen; i++) {
        res = temp;
        res = (res << 8) | (inbuf[i] & 0xFF);
        switch (index++) {
        case 0: 
            outbuf[len++] = base64code[res >> 2 & 0x3F]; 
            res &= 0x3; 
            break;
        case 1: 
            outbuf[len++] = base64code[res >> 4 & 0x3F]; 
            res &= 0xF; 
            break;
        case 2:
            outbuf[len++] = base64code[res >> 6 & 0x3F];
            outbuf[len++] = base64code[res & 0x3F]; 
            res = index = 0; 
            break;
        }
        temp = res;
    }
    
    if (index == 2) {      
        outbuf[len++] = base64code[temp << 2 & 0x3F];   
        outbuf[len++] = '=';
    }
    else if (index == 1) {
        outbuf[len++] = base64code[temp << 4 & 0x3F];
        outbuf[len++] = '=';
        outbuf[len++] = '=';
    }

    outbuf[len] = '\0';
}


/* Skip the URL schema and return only the host part of it. */
static const char*
skip_type_prefix (const char *hostname)
{
    if (hostname && !strncmp (hostname, "http://", 7))
        hostname += 7;
    else if (hostname && !strncmp (hostname, "hkp://", 6)) 
        hostname += 6;
    else if (hostname && !strncmp (hostname, "finger://", 9))
        hostname += 9;
    else if (hostname && !strncmp (hostname, "ldap://", 7))
        hostname += 7;
    return hostname;
}


/* Check that the keyserver response indicates an OK.
   Return 0 on success. */
static int
check_hkp_response (const char *resp, int recv)
{    
    char *p, *end;
    int ec, len;

    ec = recv ? WPTERR_WINSOCK_RECVKEY : WPTERR_WINSOCK_SENDKEY;
    if (!strstr (resp, "HTTP/1.0 200 OK") &&
        !strstr (resp, "HTTP/1.1 200 OK")) /* http error */
        return ec;
    if (strstr (resp, "Public Key Server -- Error")
        || strstr (resp, "Public Key Server -- Error")
        || strstr (resp, "No matching keys in database")) {
        p = strstr (resp, "<p>");
        if (p && strlen (p) < sizeof (hkp_errmsg)) {
            end = strstr (p, "</p>");
            len = end? (end - p + 1) : strlen (p);
            memset (hkp_errmsg, 0, sizeof (hkp_errmsg));
            strncpy (hkp_errmsg, p, len);
            hkp_err = 1;
        }
        return ec;
    }
    return 0;
}


/* Read a single line (\r\n) from a socket.
   Return 0 on success. */
static int
sock_getline (int fd, char *buf, int buflen, int *nbytes)
{
    char ch;
    int nread = 0;      
    
    if (nbytes)
        *nbytes = 0;
    *buf = 0;
    while (recv (fd, &ch, 1, 0) > 0) {
        *buf++ = ch;
        nread++;
        if (ch == '\r')
            continue; /* remove this char. */
        if (ch == '\n' || nread == (buflen - 1)) {
            *buf = 0;
            if (nbytes)
                *nbytes = nread;
            return 0;
        }
    }

    return -1;
}


/* Perform a select() on the given fd to find out
   is there is data for reading. Wait at least @nsecs seconds. */
static int
sock_select (int fd, int nsecs)
{
    FD_SET rfd;
    timeval tv = {nsecs, 0};

    FD_ZERO (&rfd);
    FD_SET (fd, &rfd);
    if (select (fd + 1, &rfd, NULL, NULL, &tv) == SOCKET_ERROR) {
        log_debug ("sock_select: select() failed ec=%d.\r\n", net_errno);
        return SOCKET_ERROR;
    }
    if (FD_ISSET (fd, &rfd))
        return 1;
    return 0;
}


/* Read from a socket @fd to buffer @buf with a fixed timeout 
   of 10 seconds. The amount of bytes which were read are 
   returned in @nbytes.
   Return value: 0 on success. */
static int
sock_read (int fd, char *buf, int buflen, int *nbytes)
{       
    DWORD nread;
    int nleft = buflen;
    int rc, n = 0;

    while (nleft > 0) {
        if (n >= 10)
            return WPTERR_WINSOCK_TIMEOUT;
        rc = sock_select (fd, 1);
        if (rc == SOCKET_ERROR)
            return rc;
        else if (!rc)
            n++;
        else {
            nread = recv (fd, buf, nleft, 0);
            if (nread == SOCKET_ERROR) {
                log_debug ("sock_read: recv() failed ec=%d.\r\n", net_errno);
                return SOCKET_ERROR;
            }
            else if (!nread)
                break;
            nleft -= nread;
            buf += nread;
        }       
    }
    if (nbytes)
        *nbytes = buflen - nleft;
        
    return 0;
}

/* Read much data as possible from the socket @fd and
   return the data in @buffer. Caller must free data.
   Return value: 0 on success. */
int
sock_read_ext (int fd, char **buffer, int *r_bufferlen)
{
    gpgme_data_t dh;
    char buf[1024], *p;
    size_t n=0;
    int nread, rc;

    gpgme_data_new (&dh);
    while (n < 10) {
        rc = sock_select (fd, 1);
        if (rc == SOCKET_ERROR) {
            gpgme_data_release (dh);
            return rc;
        }
        else if (!rc)
            n++;
        else {
            nread = recv (fd, buf, sizeof (buf), 0);
            if (nread == SOCKET_ERROR)
                return SOCKET_ERROR;
            else if (!nread)
                break;
            gpgme_data_write (dh, buf, nread);
        }
    }
    gpg_data_putc (dh, '\0');
    p = gpgme_data_release_and_get_mem (dh, &n);
    *buffer = m_strdup (p);
    if (r_bufferlen)
        *r_bufferlen = n;
    gpgme_free (p);
    return 0;
}


/* Write the buffer @buf with the length @buflen to a socket @fd. */
static int
sock_write (int fd, const char *buf, int buflen)
{
    DWORD nwritten;
    int nleft = buflen;

    while (nleft > 0) {
        nwritten = send (fd, buf, nleft, 0);
        if (nwritten == SOCKET_ERROR) {
            log_debug ("sock_write: send() failed ec=%d\r\n", net_errno);
            return SOCKET_ERROR;
        }
        nleft -= nwritten;
        buf += nwritten;
    }

    return 0;
}


/* Set the default keyserver. */
void
set_default_kserver (void)
{
    char *p = get_reg_entry_keyserver ("Default");
    free_if_alloc (default_keyserver);
    default_keyserver = p && *p != ' ' ? p : m_strdup (DEF_HKP_KEYSERVER);
    p = get_reg_entry_keyserver ("Default_Port");
    if (p && *p) {
        default_keyserver_port = (WORD)strtoul (p, NULL, 10);
        free_if_alloc (p);
    }
    else
        default_keyserver_port = HKP_PORT;
}


/* Initialize the Winsock2 interface.*/
int
wsock_init (void)
{
    WSADATA wsa;

    if (WSAStartup (0x202, &wsa)) {
        log_debug ("wsock_init: WSAStartup failed ec=%d\r\n", net_errno);
        return WPTERR_WINSOCK_INIT;
    }
    set_default_kserver ();
    return 0;
}


/* Cleanup the Winsock2 interface. */
void
wsock_end (void)
{
    char *p;
    int i;

    p = make_special_filename (CSIDL_APPDATA, "winpt\\keyserver.conf", NULL);
    kserver_save_conf (p);
    free_if_alloc (p);
    free_if_alloc (default_keyserver);
    for (i=0; i < MAX_KEYSERVERS; i++) {
        if (server[i].used)
            free_if_alloc (server[i].name);
    }
    kserver_proxy_release (&proxy);
    WSACleanup ();
}


/* Return a string representation of a winsock error. */
const char*
wsock_strerror (void)
{    
    static char buf[384];
    int ec = WSAGetLastError ();
    
    switch (ec) {
    case WSAENETDOWN:
        return _("The network subsystem has failed");
    case WSAHOST_NOT_FOUND:
        return _("Authoritative Answer Host not found");
    case WSAETIMEDOUT:
        return _("The connection has been dropped because of a network failure");
    default:
        _snprintf (buf, sizeof (buf) -1, _("Unknown Winsock error ec=%d"),ec); 
        return buf;
    }
    return NULL;
}


/* Return the last keyserver error as a string. */
const char*
kserver_strerror (void)
{       
    if (hkp_err)
        return hkp_errmsg;
    return NULL;
}


/* Read a keyserver from the list at index @idx.
   Return value: keyserver name at the given position. */
const char*
kserver_get_hostname (int idx, int type, WORD *port)
{
    if (type == -1) {
        *port = default_keyserver_port;
        return default_keyserver;
    }
    else if (!type && idx < DIM (server_list)) {
        *port = HKP_PORT;
        return server_list[idx];
    }
    return NULL;
}


/* Check if the computer is connected to the internet.
   Return 0 on success -1 otherwise. */
int
kserver_check_inet_connection (void)
{
    int fd;

    if (!kserver_connect (default_keyserver, default_keyserver_port, &fd)) {
        closesocket (fd);
        return 0;
    }
    return -1;
}


/* If the request contains the keyid, it have to be
   always postfix with '0x'+keyid. This code checks
   if the keyid is a decimal value and if so if it contains
   the '0x'. If not it is inserted. */
const char*
kserver_check_keyid (const char *keyid)
{       
    static char id[21];

    if (strstr (keyid, "@"))
        return keyid; /* email address */
    if (strncmp (keyid, "0x", 2)) {
        memset (&id, 0, sizeof (id));
        _snprintf (id, sizeof (id)-1, "0x%s", keyid);
        return id;
    }
    return keyid;
}


/* Update the keyserver proxy user. */
static void
update_proxy_user (const char *proxy_user, const char *proxy_pass)
{
    char t[257]; /* user:pass = 127+1+127+1 = 257 */
    int n = 0;

    n = 4*strlen (proxy_user) / 3 + 32 + strlen (proxy_pass) + 2;
    free_if_alloc (proxy.base64_user);
    proxy.base64_user = new char[n];
    if (!proxy.base64_user)
        BUG (0);
    _snprintf (t, sizeof (t)-1, "%s:%s", proxy_user, proxy_pass);
    base64_encode (t, proxy.base64_user);
    free_if_alloc (proxy.user);
    free_if_alloc (proxy.pass);
    proxy.user = m_strdup (proxy_user);
    proxy.pass = m_strdup (proxy_pass);
}


/* Check that the given buffer contains a valid keyserver URL. */
static int
check_URL (const char * buf)
{
    if (strlen (buf) < 7)
        return -1;
    if (!strstr (buf, "ldap://")
        && !strstr (buf, "http://") 
        && !strstr (buf, "finger://")
        && !strstr (buf, "hkp://"))
        return -1;
    return 0;
}
    

/* Get the port number from the given protocol. */
static int
port_from_proto (int proto)
{
    switch (proto) {
    case KSPROTO_LDAP: return 0;
    case KSPROTO_FINGER: return FINGER_PORT;
    case KSPROTO_HTTP: return HKP_PORT;
    }
    return 0;
}


/* Get the port number from the given URL. */
static int
proto_from_URL (const char *buf)
{
    if (strstr( buf, "ldap"))
        return KSPROTO_LDAP;
    else if (strstr( buf, "finger"))
        return KSPROTO_FINGER;
    return KSPROTO_HKP;
}


void
keyserver_set_default (const char *hostname, WORD port)
{
    if (hostname) {
        free_if_alloc (default_keyserver);
        default_keyserver = m_strdup (hostname);
        if (!default_keyserver)
            BUG (0);
        default_keyserver_port = port;
    }
    server[0].name =  m_strdup (default_keyserver);
    server[0].used = 1;
    server[0].port = port;
    server[0].proto = proto_from_URL (default_keyserver);
}


/* Skip all kind of whitespace chars in @str. */
static const char*
skip_whitespace (const char *str)
{
    while (str && *str) {
        if (*str == ' ' ||
            *str == '\t' ||
            *str == '\n' ||
            *str == '\r') {
            str++;
            continue;
        }
        break;
    }
    return str;
}


/* Save the keyserver config file in @conf. */
int
kserver_save_conf (const char *conf)
{
    FILE *fp;
    int pos;

    fp = fopen (conf, "wb");
    if (!fp) {
        msg_box (NULL, _("Could not save keyserver.conf file"), 
                 _("Keyserver"), MB_ERR);
        return -1;
    }

    fprintf (fp, "# do NOT manually modify this file, it will be "
                 "generated automatically!!\r\n");
    for (pos = 0; pos < MAX_KEYSERVERS; pos++) {
        if (!server[pos].used)
            continue;
        fprintf (fp, "%s:%d\r\n", server[pos].name, server[pos].port);
    }
    fclose (fp);
    return 0;
}


/* Load the keyserver config file @conf. */
int
kserver_load_conf (const char *conf)
{
    struct stat statbuf;
    FILE *fp;
    char buf[1024], *s, *p;
    char *user = NULL, *pass = NULL;    
    int no_config=0, chk_pos=0;
    int pos;
    
    for (pos = 0; pos < MAX_KEYSERVERS; pos++) {
        server[pos].used = 0;
        server[pos].port = HKP_PORT;
    }
    
    fp = fopen (conf, "rb");
    if (!fp) {
        for (pos = 0; server_list[pos]; pos++) {
            server[pos].used = 1;
            server[pos].name = m_strdup (server_list[pos]);
            server[pos].proto = proto_from_URL (server_list[pos]);
        }
        no_config=1;
    }
    get_reg_proxy_prefs (&proxy);
    if (user && pass)
        update_proxy_user (user, pass); 
    else if (user && !pass || !user && pass) {
        msg_box (NULL, _("Invalid proxy configuration."
                         "You need to set a user and a password"
                         "to use proxy authentication!"), 
                         _("Proxy Error"), MB_ERR);
    }
    /* check if the host has a http:// prefix and skip it */
    if (proxy.host && !strncmp (proxy.host, "http://", 7)) {
        char *host = m_strdup (proxy.host+7);
        if (!host)
            BUG (0);
        free_if_alloc (proxy.host);
        proxy.host = host;
    }
    free_if_alloc (user);
    free_if_alloc (pass);
    
    pos = 0;
    while (fp && !feof (fp)) {
        s = fgets (buf, sizeof (buf)-1, fp);
        if (!s)
            break;
        if (strstr (buf, "\r\n"))
            buf[strlen (buf)-2] = '\0';
        if (strstr (buf, "\n"))
            buf[strlen (buf)-1] = '\0';
        s = (char *)skip_whitespace (buf);
        if (*s == '#' || strlen (s) < 7)
            continue;
        if (check_URL (s)) {
            msg_box (NULL, _("All entries of this file must have a valid prefix.\n"
                             "Currently HKP/HTTP, LDAP and FINGER are supported.\n"), 
                             _("Keyserver Error"), MB_ERR);
            continue;
        }
        chk_pos = 6;
        if (strstr (s, "finger"))
            chk_pos = 10;
        p = strchr (s+chk_pos, ':');
        server[pos].used = 1;
        server[pos].proto = proto_from_URL (s); 
        server[pos].port = port_from_proto (server[pos].proto);
        if (!p)
            server[pos].name = m_strdup (s);
        else {      
            server[pos].port = atol (p+1);
            if (server[pos].port < 0 || server[pos].port > 65536)
                server[pos].port = HKP_PORT;
            server[pos].name = new char [(p-s)+2];
            if (!server[pos].name)
                BUG (0);
            memset (server[pos].name, 0, (p-s)+2);
            memcpy (server[pos].name, s, (p-s));
        }
        pos++;
        if (pos > MAX_KEYSERVERS) {
            msg_box (NULL, _("The keyserver limit is exceeded"), 
                     _("Keyserver Warning"), MB_INFO);
            break;
        }
    }
    if (fp)
        fclose (fp);
    if (!pos) {
        /* only issue an error if the config file exist but 
           it has no valid entries. */
        keyserver_set_default (NULL, HKP_PORT);
        if (!no_config)
            return WPTERR_CONFIG_FILE;
    }

    if (!stat (conf, &statbuf))
        conf_timestamp = statbuf.st_mtime;
    return 0;
}


/* Connect to the keyserver @hostname (port @port).
   Return value: 0 on success */
int
kserver_connect (const char *hostname, WORD port, int *conn_fd)
{
    int rc, fd;
    DWORD iaddr;
    char host[128] = {0};
    struct hostent *hp;
    struct sockaddr_in sock;

    log_debug ("kserver_connect: %s:%d\r\n", hostname, port);

    if (!port)
        port = HKP_PORT;
    if (conn_fd)
        *conn_fd = 0;
    hostname = skip_type_prefix (hostname);
    
    memset (&sock, 0, sizeof (sock));
    sock.sin_family = AF_INET;
    sock.sin_port = proxy.host? htons (proxy.port) : htons (port);
    if (proxy.host)
        strncpy (host, proxy.host, 127);
    else
        strncpy (host, hostname, 127);
    
    if ((iaddr = inet_addr (host)) != INADDR_NONE)
        memcpy (&sock.sin_addr, &iaddr, sizeof (iaddr));
    else if ((hp = gethostbyname (host))) {
        if (hp->h_addrtype != AF_INET || hp->h_length != 4) {
            log_debug ("gethostbyname: unknown address type.\r\n");
            return WPTERR_WINSOCK_RESOLVE;
        }
        memcpy (&sock.sin_addr, hp->h_addr, hp->h_length);
    }
    else {
        log_debug ("gethostbyname: failed ec=%d.\r\n", net_errno);
        return WPTERR_WINSOCK_RESOLVE;
    }
    fd = socket (AF_INET, SOCK_STREAM, 0);
    if (fd == INVALID_SOCKET)   
        return WPTERR_WINSOCK_SOCKET;
    rc = connect (fd, (struct sockaddr *) &sock, sizeof (sock));
    if (rc == SOCKET_ERROR) {
        log_debug ("connect: failed ec=%d.\r\n", net_errno);
        closesocket (fd);
        return WPTERR_WINSOCK_CONNECT;
    }

    if (proxy.proto != PROXY_PROTO_HTTP) {
        rc = socks_handshake (&proxy, fd, hostname, port);
        if (rc) {
            closesocket (fd);
            return WPTERR_GENERAL; /* XXX: use better code. */
        }
    }

    if (conn_fd)
        *conn_fd = fd;
    WSASetLastError (0);
    return 0;
}


static bool
URL_must_encoded (const char *url)
{
    if (strchr (url, '.') || strchr (url, '@') || strchr (url, ' '))
        return true;
    return false;
}


/* Perform URL encoding of the given data. */
static char*
URL_encode (const char *url, size_t ulen, size_t *ret_nlen)
{
    gpgme_data_t hd;
    char numbuf[5], *pp, *p;
    size_t i, n;

    gpgme_data_new (&hd);
    for (i=0; i < ulen; i++) {
        if (isalnum (url[i]) || url[i] == '-')
            gpg_data_putc (hd, url[i]);
        else if (url[i] == ' ')
            gpg_data_putc (hd, '+');
        else {
            sprintf (numbuf, "%%%02X", url[i]);
            gpgme_data_write (hd, numbuf, strlen (numbuf));
        }
    }
    gpg_data_putc (hd, '\0');

    /* Copy memory to avoid that we need to use gpgme_free later. */
    pp = gpgme_data_release_and_get_mem (hd, &n);
    p = m_strdup (pp);
    gpgme_free (pp);
    if (ret_nlen)
        *ret_nlen = n;
    return p;
}


/* Format a request for the given keyid (send). */
static char*
kserver_send_request (const char *hostname, WORD port, 
                      const char *pubkey, int octets)
{
    char *request = NULL;
    char *enc_pubkey = NULL;
    size_t enc_octets;
    int reqlen;

    log_debug ("kserver_send_request: %s:%d\r\n", hostname, port);

    if (!port)
        port = HKP_PORT;
    reqlen = 512 + strlen (hostname) + 2*strlen (pubkey);
    request = new char[reqlen];
    if (!request)
        BUG (0);
    enc_pubkey = URL_encode (pubkey, octets, &enc_octets);
    if (!enc_pubkey || !enc_octets) {
        free_if_alloc (request);
        return NULL;
    }
    
    if (proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
        _snprintf (request, reqlen-1,
                   "POST http://%s:%d/pks/add HTTP/1.0\r\n"
                   "Referer: \r\n"
                   "User-Agent: WinPT/W32\r\n"
                   "Host: %s:%d\r\n"
                   "Proxy-Authorization: Basic %s\r\n"
                   "Content-type: application/x-www-form-urlencoded\r\n"
                   "Content-length: %d\r\n"
                   "\r\n"
                   "keytext=%s"
                   "\n",
                   skip_type_prefix (hostname), port, hostname, port, 
                   proxy.base64_user, enc_octets+9, enc_pubkey);
    }
    else {
        _snprintf (request, reqlen-1,
                   "POST /pks/add HTTP/1.0\r\n"
                   "Referer: \r\n"
                   "User-Agent: WinPT/W32\r\n"
                   "Host: %s:%d\r\n"
                   "Content-type: application/x-www-form-urlencoded\r\n"
                   "Content-length: %d\r\n"
                   "\r\n"
                   "keytext=%s"
                   "\n",
                   skip_type_prefix (hostname), port, 
                   enc_octets+9, enc_pubkey);
    }
    free_if_alloc (enc_pubkey);

    log_debug ("%s\r\n", request);
    return request;
}


int
kserver_recvkey_ext (const char *hostname, WORD port, const char *keyid,
                     char **r_key, int *r_keylen)
{
    char *request = NULL;
    int conn_fd;
    int rc, n;

    if (!port)
        port = HKP_PORT;
    hkp_err = 0; /* reset */    
    rc = kserver_connect (hostname, port, &conn_fd);
    if (rc)
        goto leave;
    
    request = new char[300+1];
    if (!request)
        BUG (0);
    
    if (proxy.host && proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
        _snprintf (request, 300,
            "GET http://%s:%d/pks/lookup?op=get&search=%s HTTP/1.0\r\n"
            "Proxy-Authorization: Basic %s\r\n\r\n",
            skip_type_prefix (hostname), port, keyid, proxy.base64_user);
    }
    else if (proxy.host && proxy.proto == PROXY_PROTO_HTTP) {
        _snprintf (request, 300,
            "GET http://%s:%d/pks/lookup?op=get&search=%s HTTP/1.0\r\n\r\n",
            skip_type_prefix (hostname), port, keyid);
    }    
    else {
        _snprintf (request, 300,
            "GET /pks/lookup?op=get&search=%s HTTP/1.0\r\n\r\n", keyid);
    }

    log_debug ("%s\r\n", request);
    
    rc = sock_write (conn_fd, request, strlen (request));
    if (rc == SOCKET_ERROR) {
        rc = WPTERR_WINSOCK_RECVKEY;
        goto leave;
    }
    
    rc = sock_read_ext (conn_fd, r_key, &n);
    if (rc == SOCKET_ERROR) {
        rc = WPTERR_WINSOCK_RECVKEY;
        goto leave;
    }

    if (r_keylen)
        *r_keylen = n;
    log_debug("%s\r\n", *r_key);
    rc = check_hkp_response (*r_key, 1);
    if (rc)
        goto leave;
    
    WSASetLastError (0);
    
leave:
    closesocket (conn_fd);
    free_if_alloc (request);
    return rc;
}

/* Interface for receiving a public key. */
int
kserver_recvkey (const char *hostname, WORD port, const char *keyid,
                 char *key, int maxkeylen)
{
    char *tmpkey;
    int rc, nread=0;

    /* XXX: just a wrapper around the new method, replace it
            soon as possible. */
    rc = kserver_recvkey_ext (hostname, port, keyid, &tmpkey, &nread);
    if (rc)
        return rc;

    if (nread > maxkeylen) {
        free_if_alloc (tmpkey);
        return WPTERR_GENERAL;
    }
    strcpy (key, tmpkey);
    free_if_alloc (tmpkey);
    return 0;
}


/* Interface to send a public key. */
int
kserver_sendkey (const char *hostname, WORD port, const char *pubkey, int len )
{
    char *request = NULL;
    char log[2048];
    int conn_fd, n;
    int rc;
    
    hkp_err = 0; /* reset */
    rc = kserver_connect (hostname, port, &conn_fd);
    if (rc)
        goto leave;
    
    request = kserver_send_request (hostname, port, pubkey, len);
    if (request == NULL) {
        rc = WPTERR_GENERAL;
        goto leave;     
    }
    
    rc = sock_write (conn_fd, request, strlen (request));
    if (rc == SOCKET_ERROR) {
        rc = WPTERR_WINSOCK_SENDKEY;
        goto leave;     
    }
    
    rc = sock_read (conn_fd, log, sizeof (log)-1, &n);
    if (rc == SOCKET_ERROR) {
        rc = WPTERR_WINSOCK_SENDKEY;
        goto leave;
    }

    log_debug ("kserver_sendkey:\r\n%s\r\n", log);
    rc = check_hkp_response (log, 0);
    if (rc)
        goto leave;
    
    WSASetLastError (0);
    
leave:
    closesocket (conn_fd);
    free_if_alloc (request);
    return rc;
}


int
kserver_search_init (const char *hostname, WORD port, 
                     const char *keyid, int *conn_fd)
{
    char *request = NULL;
    char *enc_keyid = NULL;
    int n = 0;
    int rc, sock_fd;
    
    rc = kserver_connect (hostname, port, &sock_fd);
    if (rc) {
        *conn_fd = 0;
        goto leave;
    }

    enc_keyid = URL_encode (keyid, strlen (keyid), NULL);
    n=300;
    request = new char[n+1];
    if (!request)
        BUG (0);
    
    if (proxy.host && proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
        _snprintf (request, n,
            "GET http://%s:%d/pks/lookup?op=index&search=%s HTTP/1.0\r\n"
            "Proxy-Authorization: Basic %s\r\n\r\n",
            skip_type_prefix (hostname), port, enc_keyid, proxy.base64_user);
    }    
    else if (proxy.host && proxy.proto == PROXY_PROTO_HTTP) {
        _snprintf (request, n,
            "GET http://%s:%d/pks/lookup?op=index&search=%s HTTP/1.0\r\n\r\n",
            skip_type_prefix (hostname), port, enc_keyid);
    }
    else {
        _snprintf (request, n,
                   "GET /pks/lookup?op=index&search=%s HTTP/1.0\r\n\r\n", 
                   enc_keyid);
    }
    
    log_debug ("kserver_search_init:\r\n%s\r\n", request);
    
    if (sock_write (sock_fd, request, strlen (request)) == SOCKET_ERROR) {
        rc = WPTERR_GENERAL;
        goto leave;
    }
    
    *conn_fd = sock_fd;
    
leave:
    free_if_alloc (request);
    free_if_alloc (enc_keyid);
    return rc;
}


/* Check keyserver response. */
int
kserver_search_chkresp (int fd)
{
    char buf[128];
    int n=0;
    
    /* parse response 'HTTP/1.0 500 OK' */
    if (sock_getline (fd, buf, 127, &n))
        return WPTERR_KEYSERVER_NOTFOUND;

    log_debug ("kserver_search_chkpresp: %s\r\n", buf);
    if (strncmp (buf, "HTTP/1.", 7))
        return WPTERR_KEYSERVER_NOTFOUND;
    if (strncmp (buf+(8+1), "200", 3))
        return WPTERR_KEYSERVER_NOTFOUND;
    return 0;
}


/* Convert an iso date @iso_date (YYYY-MM-DD) into the locale
   representation and store it into @loc_date.
   Return value: 0 on success. */
static int
parse_iso_date (const char *iso_date, char *loc_date, size_t loclen)
{
    SYSTEMTIME st;
    char buf[16] = {0}, *p;
    int pos=0;

    strncpy (buf, iso_date, sizeof (buf)-1);
    p = strtok (buf, "-");
    while (p != NULL) {
        switch (pos) {
        case 0: st.wYear  = (WORD)atoi (p); pos++; break;
        case 1: st.wMonth = (WORD)atoi (p); pos++; break;
        case 2: st.wDay   = (WORD)atoi (p); pos++; break;
        default: break;
        }
        p = strtok (NULL, "-");
    }
    if (pos != 3)
        return -1;
    
    if (!GetDateFormat (LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, 
                        NULL, loc_date, loclen))
        return -1;
    return 0;
}


int
kserver_search (int fd, keyserver_key *key)
{
    char buf[1024], *p;
    int uidlen, nbytes, pos = 0;

    log_debug ("keyserver_search:\r\n");
    
    if (sock_getline (fd, buf, sizeof (buf) - 1, &nbytes))
        return WPTERR_GENERAL;

    log_debug ("%s\r\n", buf);
    
    if (!strncmp (buf, "pub", 3)) {
        int revoked = strstr (buf, "KEY REVOKED") != NULL? 1 : 0;
        key->bits = atol (buf+3);
        p = strchr (buf, '>');
        if (!p)
            goto fail;
        pos = p - buf + 1;
        memcpy (key->keyid, buf + pos, 8);
        key->keyid[8] = '\0';
        p = strstr (buf, "</a>");
        if (!p)
            goto fail;
        pos = p - buf + 5;
        memcpy (key->date, buf + pos, 10);
        key->date[10] = '\0';
        parse_iso_date (key->date, key->date, sizeof (key->date)-1);
        if (revoked) {
            strcpy (key->uid, "KEY REVOKED: not checked");
            return 0;
        }
        pos += 10;
        p = buf + pos + 1;
        while (p && *p != '>')
            p++;
        p++;
        uidlen = strlen (p) - 10;
        if (!strstr (p, "&lt;") && !strstr (p, "&gt;")) {
            pos=0;
            while (p && *p && pos < sizeof (key->uid)-1) {
                if (*p == '<')
                    break;
                key->uid[pos++] = *p++;
            }
            key->uid[pos] ='\0';
            return 0;
        }

        if (uidlen > sizeof (key->uid)-1)
            uidlen = sizeof (key->uid)-1;
        memcpy (key->uid, p, uidlen);
        key->uid[uidlen] = '\0';
        strcat (key->uid, ">");
        p = strchr (key->uid, '&');
        if (p) {
            key->uid[(p-key->uid)] = '<';
            memmove (key->uid+(p-key->uid)+1, key->uid+(p-key->uid)+4, 
                     strlen (key->uid)-3);
        }
        return 0;
    }

fail:
    key->bits = 0;
    memset (key, 0, sizeof *key);
    return 0;
}


/* Release mbmers in the proxy context @ctx. */
void
kserver_proxy_release (keyserver_proxy_t ctx)
{
    free_if_alloc (ctx->host);
    free_if_alloc (ctx->pass);
    free_if_alloc (ctx->user);
}


/* Spawn a process given by @cmdl. */
static int
spawn_application (char *cmdl)
{
    STARTUPINFO si;
    PROCESS_INFORMATION pi;
    int rc = 0;

    memset (&si, 0, sizeof (si));
    si.cb = sizeof (si);
    si.dwFlags = STARTF_USESHOWWINDOW;
    si.wShowWindow = SW_HIDE;
    memset (&pi, 0, sizeof (pi));

    if (!CreateProcess (NULL, cmdl, NULL, NULL, FALSE, 0, 
                        NULL, NULL, &si, &pi)) {
        log_box ("Keyserver Plugin", MB_ERR, "Could not spawn helper process");
        rc = -1;
    }

    CloseHandle (pi.hThread);
    WaitForSingleObject (pi.hProcess, INFINITE);
    CloseHandle (pi.hProcess);
    return rc;
}


/* Receive an key via LDAP from host @host with the keyid @keyid.
   @key contains the key on success. */
int
ldap_recvkey (const char *host, const char *keyid, char *key, int maxkeylen)
{    
    FILE *fp;
    const char *s;
    char *ksprg = NULL, *p = NULL, *sep;
    char inf[256], outf[256], buf[512];
    DWORD n;
    int start_key = 0, failed = 0;
    int rc = 0;

    p = get_gnupg_prog ();
    n = strlen (p) + 1 + 128;
    ksprg = new char[n+1];
    if (!ksprg)
        BUG (0);
    sep = strrchr (p, '\\');
    if (sep != NULL)
        p[(sep-p)] = 0;

    _snprintf (ksprg, n, "%s\\gpgkeys_ldap.exe", p);
    free_if_alloc (p);
    if (file_exist_check (ksprg)) {
        log_box ("LDAP Keyserver Plugin", MB_ERR, 
                 "%s: could not find LDAP keyserver module!", ksprg);
        rc = -1;
        goto leave;
    }
    get_temp_name (outf, sizeof (outf)-1, keyid);
    get_temp_name (inf, sizeof (inf)-1, NULL);
    fp = fopen (inf, "w+b");
    if (!fp) {
        log_box ("LDAP Keyserver Plugin", MB_ERR, "%s: %s", inf,
                 winpt_strerror (WPTERR_FILE_OPEN));
        rc = -1;
        goto leave;
    }
    fprintf (fp,
        "VERSION 1\n"
        "PROGRAM 1.4.3-cvs\n"
        "SCHEME ldap\n"
        "HOST %s\n"
        "COMMAND GET\n"
        "\n"
        "%s\n",
        host? skip_type_prefix (host): "64.94.85.200", keyid);
    fclose (fp);

    p = new char[strlen (ksprg) + strlen (inf) + strlen (outf) + 32];
    if (!p)
        BUG (NULL);
    sprintf (p, "%s -o %s %s", ksprg, outf, inf);
    if (spawn_application (p)) {
        rc = -1;
        goto leave;
    }

    fp = fopen (outf, "rb");
    if (!fp) {
        log_box ("LDAP Keyserver Plugin", MB_ERR, "%s: %s", outf, 
                 winpt_strerror (WPTERR_FILE_OPEN));
        rc = -1;
        goto leave;
    }
    memset (key, 0, maxkeylen);
    while (!feof (fp)) {
        s = fgets (buf, sizeof (buf)-1, fp);
        if (!s)
            break;
        if (strstr (s, "KEY") && strstr (s, "FAILED")) {
            failed = 1;
            break;
        }
        if (!start_key && strstr (s, "KEY") && strstr (s, "BEGIN")) {
            start_key = 1;
            continue;
        }       
        if (!start_key)
            continue;
        strcat (key, buf);
        maxkeylen -= strlen (buf);
        if (maxkeylen < 0 || (strstr (s, "KEY") && strstr (s, "END")))
            break;
    }
    fclose (fp);

leave:
    if (failed || !strlen (key))
        rc = WPTERR_WINSOCK_RECVKEY;
    DeleteFile (inf);
    DeleteFile (outf);
    free_if_alloc (p);
    free_if_alloc (ksprg);
    return rc;
}


/* Receive an key via FINGER from host @host with the user @user.
   On success @key contains the key. */
int
finger_recvkey (const char *host, const char *user, char *key, int maxkeylen)
{
    char buf[128];
    int fd, nread;
    int start_key = 0;
    int rc=0;

    rc = kserver_connect (host, FINGER_PORT, &fd);
    if (rc)
        return rc;

    sock_write (fd, user, strlen (user));
    sock_write (fd, "\r\n", 2);

    memset (key, 0, maxkeylen);
    while (maxkeylen > 0) {
        if (sock_getline (fd, buf, sizeof (buf), &nread))
            break;
        strcat (buf, "\n");
        if (strstr (buf, "BEGIN PGP PUBLIC KEY BLOCK")) {
            strcat (key, buf);
            start_key = 1;
            maxkeylen -= nread;
        }
        else if (strstr (buf, "END PGP PUBLIC KEY BLOCK" ) && start_key) {
            strcat (key, buf);
            start_key--;
            maxkeylen -= nread;
            break;
        }
        else if (start_key) {
            strcat (key, buf);
            maxkeylen -= nread;
        }
    }
    closesocket (fd);
    if (start_key != 0)
        rc = WPTERR_WINSOCK_RECVKEY;
    return rc;
}


/* Check if the given name @name is a valid hostname. */
int
check_IP_or_hostname (const char *name)
{
    const char *not_allowed = "=!§$%&@#*~\\/}][{<>|,;:'";
    size_t i, j;

    for (i=0; i < strlen (name); i++) {
        for (j =0; j < strlen (not_allowed); j++) {
            if (name[i] == not_allowed[j])
                return -1;
        }
    }
    return 0;
}