/*
* keyd.c - key retrieval daemon
*
- * Jonathan McDowell <noodles@earth.li>
+ * Copyright 2004,2011 Jonathan McDowell <noodles@earth.li>
*
- * Copyright 2004 Project Purple
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
+#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
+#include <time.h>
#include <unistd.h>
#include "charfuncs.h"
#include "mem.h"
#include "onak-conf.h"
#include "parsekey.h"
+#include "version.h"
+
+/* Maximum number of clients we're prepared to accept at once */
+#define MAX_CLIENTS 16
+
+static struct keyd_stats *stats;
void daemonize(void)
{
exit(EXIT_SUCCESS);
}
- pid = setsid();
+ setsid();
freopen("/dev/null", "r", stdin);
freopen("/dev/null", "w", stdout);
struct buffer_ctx storebuf;
int ret = 0;
int *fd = (int *) ctx;
+ uint64_t keyid;
if (key != NULL) {
storebuf.offset = 0;
storebuf.size = 8192;
storebuf.buffer = malloc(8192);
+ get_keyid(key, &keyid);
logthing(LOGTHING_TRACE,
"Iterating over 0x%016" PRIX64 ".",
- get_keyid(key));
+ keyid);
flatten_publickey(key,
&packets,
fd = socket(PF_UNIX, SOCK_STREAM, 0);
if (fd != -1) {
- ret = fcntl(fd, F_SETFD, 1);
+ ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
}
if (ret != -1) {
if (ret != -1) {
ret = listen(fd, 5);
+ if (ret == -1) {
+ close(fd);
+ fd = -1;
+ }
}
-
+
return fd;
}
-int sock_do(int fd)
+int sock_do(struct onak_dbctx *dbctx, int fd)
{
uint32_t cmd = KEYD_CMD_UNKNOWN;
ssize_t bytes = 0;
ssize_t count = 0;
int ret = 0;
uint64_t keyid = 0;
+ uint8_t fp[MAX_FINGERPRINT_LEN];
char *search = NULL;
struct openpgp_publickey *key = NULL;
struct openpgp_packet_list *packets = NULL;
struct openpgp_packet_list *list_end = NULL;
struct buffer_ctx storebuf;
+ struct skshash hash;
/*
* Get the command from the client.
}
if (ret == 0) {
+ if (cmd < KEYD_CMD_LAST) {
+ stats->command_stats[cmd]++;
+ } else {
+ stats->command_stats[KEYD_CMD_UNKNOWN]++;
+ }
switch (cmd) {
case KEYD_CMD_VERSION:
cmd = KEYD_REPLY_OK;
write(fd, &cmd, sizeof(cmd));
+ cmd = sizeof(keyd_version);
+ write(fd, &cmd, sizeof(cmd));
write(fd, &keyd_version, sizeof(keyd_version));
break;
- case KEYD_CMD_GET:
+ case KEYD_CMD_GET_ID:
cmd = KEYD_REPLY_OK;
write(fd, &cmd, sizeof(cmd));
bytes = read(fd, &keyid, sizeof(keyid));
"Fetching 0x%" PRIX64
", result: %d",
keyid,
- config.dbbackend->
- fetch_key(keyid, &key, false));
+ dbctx->fetch_key_id(dbctx,
+ keyid,
+ &key, false));
if (key != NULL) {
storebuf.size = 8192;
storebuf.buffer = malloc(8192);
}
}
break;
- case KEYD_CMD_GETTEXT:
+ case KEYD_CMD_GET_FP:
+ cmd = KEYD_REPLY_OK;
+ write(fd, &cmd, sizeof(cmd));
+ read(fd, &bytes, 1);
+ if (bytes > MAX_FINGERPRINT_LEN) {
+ ret = 1;
+ } else {
+ read(fd, fp, bytes);
+ }
+ storebuf.offset = 0;
+ if (ret == 0) {
+ logthing(LOGTHING_INFO,
+ "Fetching by fingerprint"
+ ", result: %d",
+ dbctx->fetch_key_fp(dbctx,
+ fp, bytes,
+ &key, false));
+ if (key != NULL) {
+ storebuf.size = 8192;
+ storebuf.buffer = malloc(8192);
+
+ flatten_publickey(key,
+ &packets,
+ &list_end);
+ write_openpgp_stream(buffer_putchar,
+ &storebuf,
+ packets);
+ logthing(LOGTHING_TRACE,
+ "Sending %d bytes.",
+ storebuf.offset);
+ write(fd, &storebuf.offset,
+ sizeof(storebuf.offset));
+ write(fd, storebuf.buffer,
+ storebuf.offset);
+
+ free(storebuf.buffer);
+ storebuf.buffer = NULL;
+ storebuf.size = storebuf.offset = 0;
+ free_packet_list(packets);
+ packets = list_end = NULL;
+ free_publickey(key);
+ key = NULL;
+ } else {
+ write(fd, &storebuf.offset,
+ sizeof(storebuf.offset));
+ }
+ }
+ break;
+
+ case KEYD_CMD_GET_TEXT:
cmd = KEYD_REPLY_OK;
write(fd, &cmd, sizeof(cmd));
bytes = read(fd, &count, sizeof(count));
logthing(LOGTHING_INFO,
"Fetching %s, result: %d",
search,
- config.dbbackend->
- fetch_key_text(search, &key));
+ dbctx->fetch_key_text(dbctx,
+ search, &key));
if (key != NULL) {
storebuf.size = 8192;
storebuf.buffer = malloc(8192);
write(fd, &storebuf.offset,
sizeof(storebuf.offset));
}
+ free(search);
}
break;
case KEYD_CMD_STORE:
&packets,
0);
parse_keys(packets, &key);
- config.dbbackend->store_key(key, false, false);
+ dbctx->store_key(dbctx, key, false, false);
free_packet_list(packets);
packets = NULL;
free_publickey(key);
"Deleting 0x%" PRIX64
", result: %d",
keyid,
- config.dbbackend->delete_key(
+ dbctx->delete_key(dbctx,
keyid, false));
}
break;
ret = 1;
}
if (ret == 0) {
- keyid = config.dbbackend->getfullkeyid(keyid);
+ keyid = dbctx->getfullkeyid(dbctx, keyid);
+ cmd = sizeof(keyid);
+ write(fd, &cmd, sizeof(cmd));
write(fd, &keyid, sizeof(keyid));
}
break;
case KEYD_CMD_KEYITER:
cmd = KEYD_REPLY_OK;
write(fd, &cmd, sizeof(cmd));
- config.dbbackend->iterate_keys(iteratefunc,
+ dbctx->iterate_keys(dbctx, iteratefunc,
&fd);
bytes = 0;
write(fd, &bytes, sizeof(bytes));
break;
case KEYD_CMD_CLOSE:
+ cmd = KEYD_REPLY_OK;
+ write(fd, &cmd, sizeof(cmd));
ret = 1;
break;
case KEYD_CMD_QUIT:
+ cmd = KEYD_REPLY_OK;
+ write(fd, &cmd, sizeof(cmd));
+ logthing(LOGTHING_NOTICE,
+ "Exiting due to quit request.");
+ ret = 1;
trytocleanup();
break;
+ case KEYD_CMD_STATS:
+ cmd = KEYD_REPLY_OK;
+ write(fd, &cmd, sizeof(cmd));
+ cmd = sizeof(*stats);
+ write(fd, &cmd, sizeof(cmd));
+ write(fd, stats,
+ sizeof(*stats));
+ break;
+ case KEYD_CMD_GET_SKSHASH:
+ cmd = KEYD_REPLY_OK;
+ write(fd, &cmd, sizeof(cmd));
+ bytes = read(fd, hash.hash, sizeof(hash.hash));
+ if (bytes != sizeof(hash.hash)) {
+ ret = 1;
+ }
+ storebuf.offset = 0;
+ if (ret == 0) {
+ logthing(LOGTHING_INFO,
+ "Fetching by hash"
+ ", result: %d",
+ dbctx->fetch_key_skshash(dbctx,
+ &hash, &key));
+ if (key != NULL) {
+ storebuf.size = 8192;
+ storebuf.buffer = malloc(8192);
+
+ flatten_publickey(key,
+ &packets,
+ &list_end);
+ write_openpgp_stream(buffer_putchar,
+ &storebuf,
+ packets);
+ logthing(LOGTHING_TRACE,
+ "Sending %d bytes.",
+ storebuf.offset);
+ write(fd, &storebuf.offset,
+ sizeof(storebuf.offset));
+ write(fd, storebuf.buffer,
+ storebuf.offset);
+
+ free(storebuf.buffer);
+ storebuf.buffer = NULL;
+ storebuf.size = storebuf.offset = 0;
+ free_packet_list(packets);
+ packets = list_end = NULL;
+ free_publickey(key);
+ key = NULL;
+ } else {
+ write(fd, &storebuf.offset,
+ sizeof(storebuf.offset));
+ }
+ }
+ break;
+
default:
logthing(LOGTHING_ERROR, "Got unknown command: %d",
cmd);
socklen = sizeof(sock);
srv = accept(fd, (struct sockaddr *) &sock, &socklen);
if (srv != -1) {
- ret = fcntl(srv, F_SETFD, 1);
+ ret = fcntl(srv, F_SETFD, FD_CLOEXEC);
}
if (ret != -1) {
- while (!sock_do(srv)) ;
- sock_close(srv);
+ stats->connects++;
}
- return 1;
+ return (srv);
+}
+
+static void usage(void)
+{
+ puts("keyd " ONAK_VERSION " - backend key serving daemon for the "
+ "onak PGP keyserver.\n");
+ puts("Usage:\n");
+ puts("\tkeyd [options]\n");
+ puts("\tOptions:\n:");
+ puts("-c <file> - use <file> as the config file");
+ puts("-f - run in the foreground");
+ puts("-h - show this help text");
+ exit(EXIT_FAILURE);
}
int main(int argc, char *argv[])
{
- int fd = -1;
+ int fd = -1, maxfd, i, clients[MAX_CLIENTS];
fd_set rfds;
char sockname[1024];
char *configfile = NULL;
bool foreground = false;
int optchar;
+ struct onak_dbctx *dbctx;
- while ((optchar = getopt(argc, argv, "c:f")) != -1 ) {
+ while ((optchar = getopt(argc, argv, "c:fh")) != -1 ) {
switch (optchar) {
case 'c':
+ if (configfile != NULL) {
+ free(configfile);
+ }
configfile = strdup(optarg);
break;
case 'f':
foreground = true;
break;
+ case 'h':
+ default:
+ usage();
+ break;
}
}
}
catchsignals();
-
+ signal(SIGPIPE, SIG_IGN);
+
+
+ stats = calloc(1, sizeof(*stats));
+ if (!stats) {
+ logthing(LOGTHING_ERROR,
+ "Couldn't allocate memory for stats structure.");
+ exit(EXIT_FAILURE);
+ }
+ stats->started = time(NULL);
+
snprintf(sockname, 1023, "%s/%s", config.db_dir, KEYD_SOCKET);
fd = sock_init(sockname);
if (fd != -1) {
FD_ZERO(&rfds);
FD_SET(fd, &rfds);
+ maxfd = fd;
+ memset(clients, -1, sizeof (clients));
- config.dbbackend->initdb(false);
+ dbctx = config.dbinit(false);
logthing(LOGTHING_NOTICE, "Accepting connections.");
- while (!cleanup() && select(fd + 1, &rfds, NULL, NULL, NULL) != -1) {
- logthing(LOGTHING_INFO, "Accepted connection.");
- sock_accept(fd);
+ while (!cleanup() && select(maxfd + 1, &rfds, NULL, NULL, NULL) != -1) {
+ /*
+ * Deal with existing clients first; if we're at our
+ * connection limit then processing them might free
+ * things up and let us accept the next client below.
+ */
+ for (i = 0; i < MAX_CLIENTS; i++) {
+ if (clients[i] != -1 &&
+ FD_ISSET(clients[i], &rfds)) {
+ logthing(LOGTHING_DEBUG,
+ "Handling connection for client %d.", i);
+ if (sock_do(dbctx, clients[i])) {
+ sock_close(clients[i]);
+ clients[i] = -1;
+ logthing(LOGTHING_DEBUG,
+ "Closed connection for client %d.", i);
+ }
+ }
+ }
+ /*
+ * Check if we have a new incoming connection to accept.
+ */
+ if (FD_ISSET(fd, &rfds)) {
+ for (i = 0; i < MAX_CLIENTS; i++) {
+ if (clients[i] == -1) {
+ break;
+ }
+ }
+ if (i < MAX_CLIENTS) {
+ logthing(LOGTHING_INFO,
+ "Accepted connection %d.", i);
+ clients[i] = sock_accept(fd);
+ }
+ }
+ FD_ZERO(&rfds);
FD_SET(fd, &rfds);
+ maxfd = fd;
+ for (i = 0; i < MAX_CLIENTS; i++) {
+ if (clients[i] != -1) {
+ FD_SET(clients[i], &rfds);
+ maxfd = (maxfd > clients[i]) ?
+ maxfd : clients[i];
+ }
+ }
}
- config.dbbackend->cleanupdb();
+ dbctx->cleanupdb(dbctx);
sock_close(fd);
unlink(sockname);
}
+ free(stats);
+
cleanuplogthing();
cleanupconfig();