2 * keyd.c - key retrieval daemon
4 * Copyright 2004,2011 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
28 #include <sys/select.h>
29 #include <sys/socket.h>
30 #include <sys/types.h>
35 #include "build-config.h"
38 #include <systemd/sd-daemon.h>
41 #include "charfuncs.h"
46 #include "keystructs.h"
49 #include "onak-conf.h"
52 /* Maximum number of clients we're prepared to accept at once */
53 #define MAX_CLIENTS 16
56 static bool using_socket_activation = false;
59 static struct keyd_stats *stats;
61 static void daemonize(void)
68 logthing(LOGTHING_CRITICAL,
69 "Failed to fork into background: %d (%s)",
74 logthing(LOGTHING_INFO, "Backgrounded as pid %d.", pid);
79 logthing(LOGTHING_CRITICAL,
80 "Couldn't set process group leader: %d (%s)",
86 if (!freopen("/dev/null", "r", stdin)) {
87 logthing(LOGTHING_CRITICAL,
88 "Couldn't reopen stdin to NULL: %d (%s)",
93 if (!freopen("/dev/null", "w", stdout)) {
94 logthing(LOGTHING_CRITICAL,
95 "Couldn't reopen stdout to NULL: %d (%s)",
100 if (!freopen("/dev/null", "w", stderr)) {
101 logthing(LOGTHING_CRITICAL,
102 "Couldn't reopen stderr to NULL: %d (%s)",
111 static bool keyd_write_key(int fd, struct openpgp_publickey *key)
113 struct openpgp_packet_list *packets = NULL;
114 struct openpgp_packet_list *list_end = NULL;
115 struct buffer_ctx storebuf;
120 storebuf.size = 8192;
121 storebuf.buffer = malloc(8192);
123 flatten_publickey(key,
126 write_openpgp_stream(buffer_putchar,
129 logthing(LOGTHING_TRACE,
132 written = write(fd, &storebuf.offset,
133 sizeof(storebuf.offset));
137 written = write(fd, storebuf.buffer,
139 if (written != storebuf.offset) {
144 free(storebuf.buffer);
145 storebuf.buffer = NULL;
146 storebuf.size = storebuf.offset = 0;
147 free_packet_list(packets);
148 packets = list_end = NULL;
153 static bool keyd_write_reply(int fd, enum keyd_reply _reply)
155 uint32_t reply = _reply;
159 written = write(fd, &reply, sizeof(reply));
160 if (written != sizeof(reply)) {
167 static bool keyd_write_size(int fd, size_t size)
172 written = write(fd, &size, sizeof(size));
173 if (written != sizeof(size)) {
180 static void iteratefunc(void *ctx, struct openpgp_publickey *key)
182 int *fd = (int *) ctx;
186 get_keyid(key, &keyid);
187 logthing(LOGTHING_TRACE,
188 "Iterating over 0x%016" PRIX64 ".",
191 keyd_write_key(*fd, key);
197 static int sock_init(const char *sockname)
199 struct sockaddr_un sock;
205 n = sd_listen_fds(0);
207 logthing(LOGTHING_ERROR,
208 "Too many file descriptors received from systemd.");
210 fd = SD_LISTEN_FDS_START + 0;
211 if (sd_is_socket_unix(fd, SOCK_STREAM, 1, NULL, 0) <= 0) {
212 logthing(LOGTHING_ERROR,
213 "systemd passed an invalid socket.");
216 using_socket_activation = true;
219 fd = socket(PF_UNIX, SOCK_STREAM, 0);
221 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
225 sock.sun_family = AF_UNIX;
226 strncpy(sock.sun_path, sockname,
227 sizeof(sock.sun_path) - 1);
229 ret = bind(fd, (struct sockaddr *) &sock,
238 logthing(LOGTHING_ERROR,
239 "Couldn't open socket to listen on: %s (%d)",
252 static int sock_do(struct onak_dbctx *dbctx, int fd)
254 uint32_t cmd = KEYD_CMD_UNKNOWN;
260 struct openpgp_publickey *key = NULL;
261 struct openpgp_packet_list *packets = NULL;
262 struct buffer_ctx storebuf;
264 struct openpgp_fingerprint fingerprint;
267 * Get the command from the client.
269 bytes = read(fd, &cmd, sizeof(cmd));
271 logthing(LOGTHING_DEBUG, "Read %d bytes, command: %d", bytes, cmd);
273 if (bytes != sizeof(cmd)) {
278 if (cmd < KEYD_CMD_LAST) {
279 stats->command_stats[cmd]++;
281 stats->command_stats[KEYD_CMD_UNKNOWN]++;
284 case KEYD_CMD_VERSION:
285 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
289 cmd = sizeof(keyd_version);
290 bytes = write(fd, &cmd, sizeof(cmd));
291 if (bytes != sizeof(cmd)) {
296 bytes = write(fd, &keyd_version,
297 sizeof(keyd_version));
298 if (bytes != sizeof(keyd_version)) {
304 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
308 if ((read(fd, &bytes, 1) != 1) ||
309 (bytes > MAX_FINGERPRINT_LEN)) {
312 fingerprint.length = bytes;
313 bytes = read(fd, fingerprint.fp,
315 if (bytes != fingerprint.length) {
321 logthing(LOGTHING_INFO,
322 "Fetching by fingerprint"
324 dbctx->fetch_key(dbctx,
328 keyd_write_key(fd, key);
332 if (!keyd_write_size(fd, 0)) {
338 case KEYD_CMD_GET_ID:
339 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
343 bytes = read(fd, &keyid, sizeof(keyid));
344 if (bytes != sizeof(keyid)) {
349 logthing(LOGTHING_INFO,
350 "Fetching 0x%" PRIX64
353 dbctx->fetch_key_id(dbctx,
357 keyd_write_key(fd, key);
361 if (!keyd_write_size(fd, 0)) {
367 case KEYD_CMD_GET_FP:
368 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
372 if ((read(fd, &bytes, 1) != 1) ||
373 (bytes > MAX_FINGERPRINT_LEN)) {
376 fingerprint.length = bytes;
377 bytes = read(fd, fingerprint.fp,
379 if (bytes != fingerprint.length) {
385 logthing(LOGTHING_INFO,
386 "Fetching by fingerprint"
388 dbctx->fetch_key_fp(dbctx,
392 keyd_write_key(fd, key);
396 if (!keyd_write_size(fd, 0)) {
402 case KEYD_CMD_GET_TEXT:
403 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
407 bytes = read(fd, &count, sizeof(count));
408 if (bytes != sizeof(count)) {
413 search = malloc(count+1);
414 bytes = read(fd, search, count);
415 if (bytes != count) {
421 logthing(LOGTHING_INFO,
422 "Fetching %s, result: %d",
424 dbctx->fetch_key_text(dbctx,
427 keyd_write_key(fd, key);
431 if (!keyd_write_size(fd, 0)) {
439 case KEYD_CMD_UPDATE:
440 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
444 bytes = read(fd, &storebuf.size,
445 sizeof(storebuf.size));
446 logthing(LOGTHING_TRACE, "Reading %d bytes.",
448 if (bytes != sizeof(storebuf.size)) {
452 if (ret == 0 && storebuf.size > 0) {
453 storebuf.buffer = malloc(storebuf.size);
456 while (bytes >= 0 && count < storebuf.size) {
458 &storebuf.buffer[count],
459 storebuf.size - count);
460 logthing(LOGTHING_TRACE,
465 read_openpgp_stream(buffer_fetchchar,
469 parse_keys(packets, &key);
470 dbctx->store_key(dbctx, key, false,
471 (cmd == KEYD_CMD_UPDATE));
472 free_packet_list(packets);
476 free(storebuf.buffer);
477 storebuf.buffer = NULL;
478 storebuf.size = storebuf.offset = 0;
481 case KEYD_CMD_DELETE:
482 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
486 bytes = read(fd, &fingerprint,
487 sizeof(fingerprint));
488 if (bytes != sizeof(fingerprint)) {
493 logthing(LOGTHING_INFO,
494 "Deleting 0x%" PRIX64
497 dbctx->delete_key(dbctx,
498 &fingerprint, false));
501 case KEYD_CMD_KEYITER:
502 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
506 dbctx->iterate_keys(dbctx, iteratefunc,
508 if (!keyd_write_size(fd, 0)) {
514 /* We're going to close the FD even if this fails */
515 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
519 /* We're going to quit even if this fails */
520 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
521 logthing(LOGTHING_NOTICE,
522 "Exiting due to quit request.");
527 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
531 cmd = sizeof(*stats);
532 bytes = write(fd, &cmd, sizeof(cmd));
533 if (bytes != sizeof(cmd)) {
538 bytes = write(fd, stats, sizeof(*stats));
539 if (bytes != sizeof(*stats)) {
544 case KEYD_CMD_GET_SKSHASH:
545 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
549 bytes = read(fd, hash.hash, sizeof(hash.hash));
550 if (bytes != sizeof(hash.hash)) {
555 logthing(LOGTHING_INFO,
558 dbctx->fetch_key_skshash(dbctx,
561 keyd_write_key(fd, key);
565 if (!keyd_write_size(fd, 0)) {
573 logthing(LOGTHING_ERROR, "Got unknown command: %d",
575 if (!keyd_write_reply(fd, KEYD_REPLY_UNKNOWN_CMD)) {
584 static int sock_close(int fd)
586 shutdown(fd, SHUT_RDWR);
590 static int sock_accept(int fd)
592 struct sockaddr_un sock;
597 socklen = sizeof(sock);
598 srv = accept(fd, (struct sockaddr *) &sock, &socklen);
600 ret = fcntl(srv, F_SETFD, FD_CLOEXEC);
610 static void usage(void)
612 puts("keyd " ONAK_VERSION " - backend key serving daemon for the "
613 "onak PGP keyserver.\n");
615 puts("\tkeyd [options]\n");
616 puts("\tOptions:\n:");
617 puts("-c <file> - use <file> as the config file");
618 puts("-f - run in the foreground");
619 puts("-h - show this help text");
623 int main(int argc, char *argv[])
625 int fd = -1, maxfd, i, clients[MAX_CLIENTS];
626 fd_set rfds = { 0 }; /* Avoid scan-build false report for FD_SET */
628 char *configfile = NULL;
629 bool foreground = false;
631 struct onak_dbctx *dbctx;
633 while ((optchar = getopt(argc, argv, "c:fh")) != -1 ) {
636 if (configfile != NULL) {
639 configfile = strdup(optarg);
651 readconfig(configfile);
654 initlogthing("keyd", config.logfile);
655 config.use_keyd = false;
662 signal(SIGPIPE, SIG_IGN);
665 stats = calloc(1, sizeof(*stats));
667 logthing(LOGTHING_ERROR,
668 "Couldn't allocate memory for stats structure.");
671 stats->started = time(NULL);
673 snprintf(sockname, sizeof(sockname) - 1, "%s/%s",
674 config.sock_dir, KEYD_SOCKET);
675 fd = sock_init(sockname);
681 memset(clients, -1, sizeof (clients));
683 dbctx = config.dbinit(config.backend, false);
685 logthing(LOGTHING_NOTICE, "Accepting connections.");
686 while (!cleanup() && select(maxfd + 1, &rfds, NULL, NULL, NULL) != -1) {
688 * Deal with existing clients first; if we're at our
689 * connection limit then processing them might free
690 * things up and let us accept the next client below.
692 for (i = 0; i < MAX_CLIENTS; i++) {
693 if (clients[i] != -1 &&
694 FD_ISSET(clients[i], &rfds)) {
695 logthing(LOGTHING_DEBUG,
696 "Handling connection for client %d.", i);
697 if (sock_do(dbctx, clients[i])) {
698 sock_close(clients[i]);
700 logthing(LOGTHING_DEBUG,
701 "Closed connection for client %d.", i);
706 * Check if we have a new incoming connection to accept.
708 if (FD_ISSET(fd, &rfds)) {
709 for (i = 0; i < MAX_CLIENTS; i++) {
710 if (clients[i] == -1) {
714 if (i < MAX_CLIENTS) {
715 logthing(LOGTHING_INFO,
716 "Accepted connection %d.", i);
717 clients[i] = sock_accept(fd);
723 for (i = 0; i < MAX_CLIENTS; i++) {
724 if (clients[i] != -1) {
725 FD_SET(clients[i], &rfds);
726 maxfd = (maxfd > clients[i]) ?
731 dbctx->cleanupdb(dbctx);
733 if (!using_socket_activation) {
747 return(EXIT_SUCCESS);