* more details.
*
* You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
+#include <inttypes.h>
#include <signal.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
+#include "build-config.h"
+
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
#include "charfuncs.h"
#include "cleanup.h"
#include "keyd.h"
#include "mem.h"
#include "onak-conf.h"
#include "parsekey.h"
-#include "version.h"
/* Maximum number of clients we're prepared to accept at once */
#define MAX_CLIENTS 16
+#ifdef HAVE_SYSTEMD
+static bool using_socket_activation = false;
+#endif
+
static struct keyd_stats *stats;
-void daemonize(void)
+static void daemonize(void)
{
pid_t pid;
exit(EXIT_SUCCESS);
}
- setsid();
+ if (setsid() == -1) {
+ logthing(LOGTHING_CRITICAL,
+ "Couldn't set process group leader: %d (%s)",
+ errno,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
- freopen("/dev/null", "r", stdin);
- freopen("/dev/null", "w", stdout);
- freopen("/dev/null", "w", stderr);
+ if (!freopen("/dev/null", "r", stdin)) {
+ logthing(LOGTHING_CRITICAL,
+ "Couldn't reopen stdin to NULL: %d (%s)",
+ errno,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ if (!freopen("/dev/null", "w", stdout)) {
+ logthing(LOGTHING_CRITICAL,
+ "Couldn't reopen stdout to NULL: %d (%s)",
+ errno,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ if (!freopen("/dev/null", "w", stderr)) {
+ logthing(LOGTHING_CRITICAL,
+ "Couldn't reopen stderr to NULL: %d (%s)",
+ errno,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
return;
}
-void iteratefunc(void *ctx, struct openpgp_publickey *key)
+static bool keyd_write_key(int fd, struct openpgp_publickey *key)
{
struct openpgp_packet_list *packets = NULL;
struct openpgp_packet_list *list_end = NULL;
struct buffer_ctx storebuf;
- int ret = 0;
- int *fd = (int *) ctx;
- uint64_t keyid;
+ ssize_t written;
+ bool ok = true;
- if (key != NULL) {
- storebuf.offset = 0;
- storebuf.size = 8192;
- storebuf.buffer = malloc(8192);
+ storebuf.offset = 0;
+ storebuf.size = 8192;
+ storebuf.buffer = malloc(8192);
- get_keyid(key, &keyid);
- logthing(LOGTHING_TRACE,
- "Iterating over 0x%016" PRIX64 ".",
- keyid);
-
- flatten_publickey(key,
+ flatten_publickey(key,
&packets,
&list_end);
- write_openpgp_stream(buffer_putchar,
+ write_openpgp_stream(buffer_putchar,
&storebuf,
packets);
- logthing(LOGTHING_TRACE,
+ logthing(LOGTHING_TRACE,
"Sending %d bytes.",
storebuf.offset);
- ret = write(*fd, &storebuf.offset,
+ written = write(fd, &storebuf.offset,
sizeof(storebuf.offset));
- if (ret != 0) {
- write(*fd, storebuf.buffer,
- storebuf.offset);
+ if (written == 0) {
+ ok = false;
+ } else {
+ written = write(fd, storebuf.buffer,
+ storebuf.offset);
+ if (written != storebuf.offset) {
+ ok = false;
}
+ }
+
+ free(storebuf.buffer);
+ storebuf.buffer = NULL;
+ storebuf.size = storebuf.offset = 0;
+ free_packet_list(packets);
+ packets = list_end = NULL;
+
+ return (ok);
+}
+
+static bool keyd_write_reply(int fd, enum keyd_reply _reply)
+{
+ uint32_t reply = _reply;
+ ssize_t written;
+ bool ok = true;
+
+ written = write(fd, &reply, sizeof(reply));
+ if (written != sizeof(reply)) {
+ ok = false;
+ }
- free(storebuf.buffer);
- storebuf.buffer = NULL;
- storebuf.size = storebuf.offset = 0;
- free_packet_list(packets);
- packets = list_end = NULL;
+ return (ok);
+}
+
+static bool keyd_write_size(int fd, size_t size)
+{
+ ssize_t written;
+ bool ok = true;
+
+ written = write(fd, &size, sizeof(size));
+ if (written != sizeof(size)) {
+ ok = false;
+ }
+
+ return (ok);
+}
+
+static void iteratefunc(void *ctx, struct openpgp_publickey *key)
+{
+ int *fd = (int *) ctx;
+ uint64_t keyid;
+
+ if (key != NULL) {
+ get_keyid(key, &keyid);
+ logthing(LOGTHING_TRACE,
+ "Iterating over 0x%016" PRIX64 ".",
+ keyid);
+
+ keyd_write_key(*fd, key);
}
return;
}
-int sock_init(const char *sockname)
+static int sock_init(const char *sockname)
{
struct sockaddr_un sock;
int fd = -1;
int ret = -1;
+#ifdef HAVE_SYSTEMD
+ int n;
- fd = socket(PF_UNIX, SOCK_STREAM, 0);
- if (fd != -1) {
- ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
- }
+ n = sd_listen_fds(0);
+ if (n > 1) {
+ logthing(LOGTHING_ERROR,
+ "Too many file descriptors received from systemd.");
+ } else if (n == 1) {
+ fd = SD_LISTEN_FDS_START + 0;
+ if (sd_is_socket_unix(fd, SOCK_STREAM, 1, NULL, 0) <= 0) {
+ logthing(LOGTHING_ERROR,
+ "systemd passed an invalid socket.");
+ fd = -1;
+ }
+ using_socket_activation = true;
+ } else {
+#endif
+ fd = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (fd != -1) {
+ ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
+ }
- if (ret != -1) {
- sock.sun_family = AF_UNIX;
- strncpy(sock.sun_path, sockname, sizeof(sock.sun_path) - 1);
- unlink(sockname);
- ret = bind(fd, (struct sockaddr *) &sock, sizeof(sock));
- }
+ if (ret != -1) {
+ sock.sun_family = AF_UNIX;
+ strncpy(sock.sun_path, sockname,
+ sizeof(sock.sun_path) - 1);
+ unlink(sockname);
+ ret = bind(fd, (struct sockaddr *) &sock,
+ sizeof(sock));
+ }
- if (ret != -1) {
- ret = listen(fd, 5);
- if (ret == -1) {
- close(fd);
- fd = -1;
+ if (ret != -1) {
+ ret = listen(fd, 5);
+ if (ret == -1) {
+ close(fd);
+ fd = -1;
+ }
}
+#ifdef HAVE_SYSTEMD
}
+#endif
return fd;
}
-int sock_do(struct onak_dbctx *dbctx, int fd)
+static int sock_do(struct onak_dbctx *dbctx, int fd)
{
uint32_t cmd = KEYD_CMD_UNKNOWN;
ssize_t bytes = 0;
ssize_t count = 0;
int ret = 0;
uint64_t keyid = 0;
- uint8_t fp[MAX_FINGERPRINT_LEN];
char *search = NULL;
struct openpgp_publickey *key = NULL;
struct openpgp_packet_list *packets = NULL;
- struct openpgp_packet_list *list_end = NULL;
struct buffer_ctx storebuf;
struct skshash hash;
+ struct openpgp_fingerprint fingerprint;
/*
* Get the command from the client.
}
switch (cmd) {
case KEYD_CMD_VERSION:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- cmd = sizeof(keyd_version);
- write(fd, &cmd, sizeof(cmd));
- write(fd, &keyd_version, sizeof(keyd_version));
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
+ ret = 1;
+ }
+ if (ret == 0) {
+ cmd = sizeof(keyd_version);
+ bytes = write(fd, &cmd, sizeof(cmd));
+ if (bytes != sizeof(cmd)) {
+ ret = 1;
+ }
+ }
+ if (ret == 0) {
+ bytes = write(fd, &keyd_version,
+ sizeof(keyd_version));
+ if (bytes != sizeof(keyd_version)) {
+ ret = 1;
+ }
+ }
break;
case KEYD_CMD_GET_ID:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- bytes = read(fd, &keyid, sizeof(keyid));
- if (bytes != sizeof(keyid)) {
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
ret = 1;
}
- storebuf.offset = 0;
+ if (ret == 0) {
+ bytes = read(fd, &keyid, sizeof(keyid));
+ if (bytes != sizeof(keyid)) {
+ ret = 1;
+ }
+ }
if (ret == 0) {
logthing(LOGTHING_INFO,
"Fetching 0x%" PRIX64
keyid,
&key, false));
if (key != NULL) {
- storebuf.size = 8192;
- storebuf.buffer = malloc(8192);
-
- flatten_publickey(key,
- &packets,
- &list_end);
- write_openpgp_stream(buffer_putchar,
- &storebuf,
- packets);
- logthing(LOGTHING_TRACE,
- "Sending %d bytes.",
- storebuf.offset);
- write(fd, &storebuf.offset,
- sizeof(storebuf.offset));
- write(fd, storebuf.buffer,
- storebuf.offset);
-
- free(storebuf.buffer);
- storebuf.buffer = NULL;
- storebuf.size = storebuf.offset = 0;
- free_packet_list(packets);
- packets = list_end = NULL;
+ keyd_write_key(fd, key);
free_publickey(key);
key = NULL;
} else {
- write(fd, &storebuf.offset,
- sizeof(storebuf.offset));
+ if (!keyd_write_size(fd, 0)) {
+ ret = 1;
+ }
}
}
break;
case KEYD_CMD_GET_FP:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- read(fd, &bytes, 1);
- if (bytes > MAX_FINGERPRINT_LEN) {
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
ret = 1;
- } else {
- read(fd, fp, bytes);
}
- storebuf.offset = 0;
+ if (ret == 0) {
+ if ((read(fd, &bytes, 1) != 1) ||
+ (bytes > MAX_FINGERPRINT_LEN)) {
+ ret = 1;
+ } else {
+ fingerprint.length = bytes;
+ bytes = read(fd, fingerprint.fp,
+ fingerprint.length);
+ if (bytes != fingerprint.length) {
+ ret = 1;
+ }
+ }
+ }
if (ret == 0) {
logthing(LOGTHING_INFO,
"Fetching by fingerprint"
", result: %d",
dbctx->fetch_key_fp(dbctx,
- fp, bytes,
+ &fingerprint,
&key, false));
if (key != NULL) {
- storebuf.size = 8192;
- storebuf.buffer = malloc(8192);
-
- flatten_publickey(key,
- &packets,
- &list_end);
- write_openpgp_stream(buffer_putchar,
- &storebuf,
- packets);
- logthing(LOGTHING_TRACE,
- "Sending %d bytes.",
- storebuf.offset);
- write(fd, &storebuf.offset,
- sizeof(storebuf.offset));
- write(fd, storebuf.buffer,
- storebuf.offset);
-
- free(storebuf.buffer);
- storebuf.buffer = NULL;
- storebuf.size = storebuf.offset = 0;
- free_packet_list(packets);
- packets = list_end = NULL;
+ keyd_write_key(fd, key);
free_publickey(key);
key = NULL;
} else {
- write(fd, &storebuf.offset,
- sizeof(storebuf.offset));
+ if (!keyd_write_size(fd, 0)) {
+ ret = 1;
+ }
}
}
break;
case KEYD_CMD_GET_TEXT:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- bytes = read(fd, &count, sizeof(count));
- if (bytes != sizeof(count)) {
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
ret = 1;
}
- storebuf.offset = 0;
+ if (ret == 0) {
+ bytes = read(fd, &count, sizeof(count));
+ if (bytes != sizeof(count)) {
+ ret = 1;
+ }
+ }
if (ret == 0) {
search = malloc(count+1);
- read(fd, search, count);
+ bytes = read(fd, search, count);
+ if (bytes != count) {
+ ret = 1;
+ free(search);
+ break;
+ }
search[count] = 0;
logthing(LOGTHING_INFO,
"Fetching %s, result: %d",
dbctx->fetch_key_text(dbctx,
search, &key));
if (key != NULL) {
- storebuf.size = 8192;
- storebuf.buffer = malloc(8192);
-
- flatten_publickey(key,
- &packets,
- &list_end);
- write_openpgp_stream(buffer_putchar,
- &storebuf,
- packets);
- logthing(LOGTHING_TRACE,
- "Sending %d bytes.",
- storebuf.offset);
- write(fd, &storebuf.offset,
- sizeof(storebuf.offset));
- write(fd, storebuf.buffer,
- storebuf.offset);
-
- free(storebuf.buffer);
- storebuf.buffer = NULL;
- storebuf.size = storebuf.offset = 0;
- free_packet_list(packets);
- packets = list_end = NULL;
+ keyd_write_key(fd, key);
free_publickey(key);
key = NULL;
} else {
- write(fd, &storebuf.offset,
- sizeof(storebuf.offset));
+ if (!keyd_write_size(fd, 0)) {
+ ret = 1;
+ }
}
free(search);
}
break;
case KEYD_CMD_STORE:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- storebuf.offset = 0;
- bytes = read(fd, &storebuf.size,
+ case KEYD_CMD_UPDATE:
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
+ ret = 1;
+ }
+ if (ret == 0) {
+ bytes = read(fd, &storebuf.size,
sizeof(storebuf.size));
- logthing(LOGTHING_TRACE, "Reading %d bytes.",
+ logthing(LOGTHING_TRACE, "Reading %d bytes.",
storebuf.size);
- if (bytes != sizeof(storebuf.size)) {
- ret = 1;
+ if (bytes != sizeof(storebuf.size)) {
+ ret = 1;
+ }
}
if (ret == 0 && storebuf.size > 0) {
storebuf.buffer = malloc(storebuf.size);
+ storebuf.offset = 0;
bytes = count = 0;
while (bytes >= 0 && count < storebuf.size) {
bytes = read(fd,
&packets,
0);
parse_keys(packets, &key);
- dbctx->store_key(dbctx, key, false, false);
+ dbctx->store_key(dbctx, key, false,
+ (cmd == KEYD_CMD_UPDATE));
free_packet_list(packets);
packets = NULL;
free_publickey(key);
}
break;
case KEYD_CMD_DELETE:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- bytes = read(fd, &keyid, sizeof(keyid));
- if (bytes != sizeof(keyid)) {
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
ret = 1;
}
+ if (ret == 0) {
+ bytes = read(fd, &fingerprint,
+ sizeof(fingerprint));
+ if (bytes != sizeof(fingerprint)) {
+ ret = 1;
+ }
+ }
if (ret == 0) {
logthing(LOGTHING_INFO,
"Deleting 0x%" PRIX64
", result: %d",
keyid,
dbctx->delete_key(dbctx,
- keyid, false));
+ &fingerprint, false));
}
break;
- case KEYD_CMD_GETFULLKEYID:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- bytes = read(fd, &keyid, sizeof(keyid));
- if (bytes != sizeof(keyid)) {
+ case KEYD_CMD_KEYITER:
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
ret = 1;
}
if (ret == 0) {
- keyid = dbctx->getfullkeyid(dbctx, keyid);
- cmd = sizeof(keyid);
- write(fd, &cmd, sizeof(cmd));
- write(fd, &keyid, sizeof(keyid));
- }
- break;
- case KEYD_CMD_KEYITER:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- dbctx->iterate_keys(dbctx, iteratefunc,
+ dbctx->iterate_keys(dbctx, iteratefunc,
&fd);
- bytes = 0;
- write(fd, &bytes, sizeof(bytes));
+ if (!keyd_write_size(fd, 0)) {
+ ret = 1;
+ }
+ }
break;
case KEYD_CMD_CLOSE:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
+ /* We're going to close the FD even if this fails */
+ (void) keyd_write_reply(fd, KEYD_REPLY_OK);
ret = 1;
break;
case KEYD_CMD_QUIT:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
+ /* We're going to quit even if this fails */
+ (void) keyd_write_reply(fd, KEYD_REPLY_OK);
logthing(LOGTHING_NOTICE,
"Exiting due to quit request.");
ret = 1;
trytocleanup();
break;
case KEYD_CMD_STATS:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- cmd = sizeof(*stats);
- write(fd, &cmd, sizeof(cmd));
- write(fd, stats,
- sizeof(*stats));
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
+ ret = 1;
+ }
+ if (ret == 0) {
+ cmd = sizeof(*stats);
+ bytes = write(fd, &cmd, sizeof(cmd));
+ if (bytes != sizeof(cmd)) {
+ ret = 1;
+ }
+ }
+ if (ret == 0) {
+ bytes = write(fd, stats, sizeof(*stats));
+ if (bytes != sizeof(*stats)) {
+ ret = 1;
+ }
+ }
break;
case KEYD_CMD_GET_SKSHASH:
- cmd = KEYD_REPLY_OK;
- write(fd, &cmd, sizeof(cmd));
- bytes = read(fd, hash.hash, sizeof(hash.hash));
- if (bytes != sizeof(hash.hash)) {
+ if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
ret = 1;
}
- storebuf.offset = 0;
+ if (ret == 0) {
+ bytes = read(fd, hash.hash, sizeof(hash.hash));
+ if (bytes != sizeof(hash.hash)) {
+ ret = 1;
+ }
+ }
if (ret == 0) {
logthing(LOGTHING_INFO,
"Fetching by hash"
dbctx->fetch_key_skshash(dbctx,
&hash, &key));
if (key != NULL) {
- storebuf.size = 8192;
- storebuf.buffer = malloc(8192);
-
- flatten_publickey(key,
- &packets,
- &list_end);
- write_openpgp_stream(buffer_putchar,
- &storebuf,
- packets);
- logthing(LOGTHING_TRACE,
- "Sending %d bytes.",
- storebuf.offset);
- write(fd, &storebuf.offset,
- sizeof(storebuf.offset));
- write(fd, storebuf.buffer,
- storebuf.offset);
-
- free(storebuf.buffer);
- storebuf.buffer = NULL;
- storebuf.size = storebuf.offset = 0;
- free_packet_list(packets);
- packets = list_end = NULL;
+ keyd_write_key(fd, key);
free_publickey(key);
key = NULL;
} else {
- write(fd, &storebuf.offset,
- sizeof(storebuf.offset));
+ if (!keyd_write_size(fd, 0)) {
+ ret = 1;
+ }
}
}
break;
default:
logthing(LOGTHING_ERROR, "Got unknown command: %d",
cmd);
- cmd = KEYD_REPLY_UNKNOWN_CMD;
- write(fd, &cmd, sizeof(cmd));
+ if (!keyd_write_reply(fd, KEYD_REPLY_UNKNOWN_CMD)) {
+ ret = 1;
+ }
}
}
return(ret);
}
-int sock_close(int fd)
+static int sock_close(int fd)
{
shutdown(fd, SHUT_RDWR);
return close(fd);
}
-int sock_accept(int fd)
+static int sock_accept(int fd)
{
struct sockaddr_un sock;
socklen_t socklen;
int main(int argc, char *argv[])
{
int fd = -1, maxfd, i, clients[MAX_CLIENTS];
- fd_set rfds;
- char sockname[1024];
+ fd_set rfds = { 0 }; /* Avoid scan-build false report for FD_SET */
+ char sockname[100];
char *configfile = NULL;
bool foreground = false;
int optchar;
}
stats->started = time(NULL);
- snprintf(sockname, 1023, "%s/%s", config.db_dir, KEYD_SOCKET);
+ snprintf(sockname, sizeof(sockname) - 1, "%s/%s",
+ config.sock_dir, KEYD_SOCKET);
fd = sock_init(sockname);
if (fd != -1) {
maxfd = fd;
memset(clients, -1, sizeof (clients));
- dbctx = config.dbinit(false);
+ dbctx = config.dbinit(config.backend, false);
logthing(LOGTHING_NOTICE, "Accepting connections.");
while (!cleanup() && select(maxfd + 1, &rfds, NULL, NULL, NULL) != -1) {
}
}
dbctx->cleanupdb(dbctx);
- sock_close(fd);
- unlink(sockname);
+#ifdef HAVE_SYSTEMD
+ if (!using_socket_activation) {
+#endif
+ sock_close(fd);
+ unlink(sockname);
+#ifdef HAVE_SYSTEMD
+ }
+#endif
}
free(stats);