2 * keyd.c - key retrieval daemon
4 * Copyright 2004,2011 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
27 #include <sys/select.h>
28 #include <sys/socket.h>
29 #include <sys/types.h>
34 #include "charfuncs.h"
39 #include "keystructs.h"
42 #include "onak-conf.h"
46 /* Maximum number of clients we're prepared to accept at once */
47 #define MAX_CLIENTS 16
49 static struct keyd_stats *stats;
51 static void daemonize(void)
58 logthing(LOGTHING_CRITICAL,
59 "Failed to fork into background: %d (%s)",
64 logthing(LOGTHING_INFO, "Backgrounded as pid %d.", pid);
69 logthing(LOGTHING_CRITICAL,
70 "Couldn't set process group leader: %d (%s)",
76 if (!freopen("/dev/null", "r", stdin)) {
77 logthing(LOGTHING_CRITICAL,
78 "Couldn't reopen stdin to NULL: %d (%s)",
83 if (!freopen("/dev/null", "w", stdout)) {
84 logthing(LOGTHING_CRITICAL,
85 "Couldn't reopen stdout to NULL: %d (%s)",
90 if (!freopen("/dev/null", "w", stderr)) {
91 logthing(LOGTHING_CRITICAL,
92 "Couldn't reopen stderr to NULL: %d (%s)",
101 static bool keyd_write_key(int fd, struct openpgp_publickey *key)
103 struct openpgp_packet_list *packets = NULL;
104 struct openpgp_packet_list *list_end = NULL;
105 struct buffer_ctx storebuf;
110 storebuf.size = 8192;
111 storebuf.buffer = malloc(8192);
113 flatten_publickey(key,
116 write_openpgp_stream(buffer_putchar,
119 logthing(LOGTHING_TRACE,
122 written = write(fd, &storebuf.offset,
123 sizeof(storebuf.offset));
127 written = write(fd, storebuf.buffer,
129 if (written != storebuf.offset) {
134 free(storebuf.buffer);
135 storebuf.buffer = NULL;
136 storebuf.size = storebuf.offset = 0;
137 free_packet_list(packets);
138 packets = list_end = NULL;
143 static bool keyd_write_reply(int fd, enum keyd_reply _reply)
145 uint32_t reply = _reply;
149 written = write(fd, &reply, sizeof(reply));
150 if (written != sizeof(reply)) {
157 static bool keyd_write_size(int fd, size_t size)
162 written = write(fd, &size, sizeof(size));
163 if (written != sizeof(size)) {
170 static void iteratefunc(void *ctx, struct openpgp_publickey *key)
172 int *fd = (int *) ctx;
176 get_keyid(key, &keyid);
177 logthing(LOGTHING_TRACE,
178 "Iterating over 0x%016" PRIX64 ".",
181 keyd_write_key(*fd, key);
187 static int sock_init(const char *sockname)
189 struct sockaddr_un sock;
193 fd = socket(PF_UNIX, SOCK_STREAM, 0);
195 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
199 sock.sun_family = AF_UNIX;
200 strncpy(sock.sun_path, sockname, sizeof(sock.sun_path) - 1);
202 ret = bind(fd, (struct sockaddr *) &sock, sizeof(sock));
216 static int sock_do(struct onak_dbctx *dbctx, int fd)
218 uint32_t cmd = KEYD_CMD_UNKNOWN;
224 struct openpgp_publickey *key = NULL;
225 struct openpgp_packet_list *packets = NULL;
226 struct buffer_ctx storebuf;
228 struct openpgp_fingerprint fingerprint;
231 * Get the command from the client.
233 bytes = read(fd, &cmd, sizeof(cmd));
235 logthing(LOGTHING_DEBUG, "Read %d bytes, command: %d", bytes, cmd);
237 if (bytes != sizeof(cmd)) {
242 if (cmd < KEYD_CMD_LAST) {
243 stats->command_stats[cmd]++;
245 stats->command_stats[KEYD_CMD_UNKNOWN]++;
248 case KEYD_CMD_VERSION:
249 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
253 cmd = sizeof(keyd_version);
254 bytes = write(fd, &cmd, sizeof(cmd));
255 if (bytes != sizeof(cmd)) {
260 bytes = write(fd, &keyd_version,
261 sizeof(keyd_version));
262 if (bytes != sizeof(keyd_version)) {
267 case KEYD_CMD_GET_ID:
268 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
272 bytes = read(fd, &keyid, sizeof(keyid));
273 if (bytes != sizeof(keyid)) {
278 logthing(LOGTHING_INFO,
279 "Fetching 0x%" PRIX64
282 dbctx->fetch_key_id(dbctx,
286 keyd_write_key(fd, key);
290 if (!keyd_write_size(fd, 0)) {
296 case KEYD_CMD_GET_FP:
297 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
301 if ((read(fd, &bytes, 1) != 1) ||
302 (bytes > MAX_FINGERPRINT_LEN)) {
305 fingerprint.length = bytes;
306 bytes = read(fd, fingerprint.fp,
308 if (bytes != fingerprint.length) {
314 logthing(LOGTHING_INFO,
315 "Fetching by fingerprint"
317 dbctx->fetch_key_fp(dbctx,
321 keyd_write_key(fd, key);
325 if (!keyd_write_size(fd, 0)) {
332 case KEYD_CMD_GET_TEXT:
333 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
337 bytes = read(fd, &count, sizeof(count));
338 if (bytes != sizeof(count)) {
343 search = malloc(count+1);
344 bytes = read(fd, search, count);
345 if (bytes != count) {
351 logthing(LOGTHING_INFO,
352 "Fetching %s, result: %d",
354 dbctx->fetch_key_text(dbctx,
357 keyd_write_key(fd, key);
361 if (!keyd_write_size(fd, 0)) {
369 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
373 bytes = read(fd, &storebuf.size,
374 sizeof(storebuf.size));
375 logthing(LOGTHING_TRACE, "Reading %d bytes.",
377 if (bytes != sizeof(storebuf.size)) {
381 if (ret == 0 && storebuf.size > 0) {
382 storebuf.buffer = malloc(storebuf.size);
385 while (bytes >= 0 && count < storebuf.size) {
387 &storebuf.buffer[count],
388 storebuf.size - count);
389 logthing(LOGTHING_TRACE,
394 read_openpgp_stream(buffer_fetchchar,
398 parse_keys(packets, &key);
399 dbctx->store_key(dbctx, key, false, false);
400 free_packet_list(packets);
404 free(storebuf.buffer);
405 storebuf.buffer = NULL;
406 storebuf.size = storebuf.offset = 0;
409 case KEYD_CMD_DELETE:
410 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
414 bytes = read(fd, &keyid, sizeof(keyid));
415 if (bytes != sizeof(keyid)) {
420 logthing(LOGTHING_INFO,
421 "Deleting 0x%" PRIX64
424 dbctx->delete_key(dbctx,
428 case KEYD_CMD_GETFULLKEYID:
429 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
433 bytes = read(fd, &keyid, sizeof(keyid));
434 if (bytes != sizeof(keyid)) {
439 keyid = dbctx->getfullkeyid(dbctx, keyid);
441 bytes = write(fd, &cmd, sizeof(cmd));
442 if (bytes != sizeof(cmd)) {
447 bytes = write(fd, &keyid, sizeof(keyid));
448 if (bytes != sizeof(keyid)) {
453 case KEYD_CMD_KEYITER:
454 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
458 dbctx->iterate_keys(dbctx, iteratefunc,
460 if (!keyd_write_size(fd, 0)) {
466 /* We're going to close the FD even if this fails */
467 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
471 /* We're going to quit even if this fails */
472 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
473 logthing(LOGTHING_NOTICE,
474 "Exiting due to quit request.");
479 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
483 cmd = sizeof(*stats);
484 bytes = write(fd, &cmd, sizeof(cmd));
485 if (bytes != sizeof(cmd)) {
490 bytes = write(fd, stats, sizeof(*stats));
491 if (bytes != sizeof(*stats)) {
496 case KEYD_CMD_GET_SKSHASH:
497 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
501 bytes = read(fd, hash.hash, sizeof(hash.hash));
502 if (bytes != sizeof(hash.hash)) {
507 logthing(LOGTHING_INFO,
510 dbctx->fetch_key_skshash(dbctx,
513 keyd_write_key(fd, key);
517 if (!keyd_write_size(fd, 0)) {
525 logthing(LOGTHING_ERROR, "Got unknown command: %d",
527 if (!keyd_write_reply(fd, KEYD_REPLY_UNKNOWN_CMD)) {
536 static int sock_close(int fd)
538 shutdown(fd, SHUT_RDWR);
542 static int sock_accept(int fd)
544 struct sockaddr_un sock;
549 socklen = sizeof(sock);
550 srv = accept(fd, (struct sockaddr *) &sock, &socklen);
552 ret = fcntl(srv, F_SETFD, FD_CLOEXEC);
562 static void usage(void)
564 puts("keyd " ONAK_VERSION " - backend key serving daemon for the "
565 "onak PGP keyserver.\n");
567 puts("\tkeyd [options]\n");
568 puts("\tOptions:\n:");
569 puts("-c <file> - use <file> as the config file");
570 puts("-f - run in the foreground");
571 puts("-h - show this help text");
575 int main(int argc, char *argv[])
577 int fd = -1, maxfd, i, clients[MAX_CLIENTS];
580 char *configfile = NULL;
581 bool foreground = false;
583 struct onak_dbctx *dbctx;
585 while ((optchar = getopt(argc, argv, "c:fh")) != -1 ) {
588 if (configfile != NULL) {
591 configfile = strdup(optarg);
603 readconfig(configfile);
606 initlogthing("keyd", config.logfile);
607 config.use_keyd = false;
614 signal(SIGPIPE, SIG_IGN);
617 stats = calloc(1, sizeof(*stats));
619 logthing(LOGTHING_ERROR,
620 "Couldn't allocate memory for stats structure.");
623 stats->started = time(NULL);
625 snprintf(sockname, 1023, "%s/%s", config.db_dir, KEYD_SOCKET);
626 fd = sock_init(sockname);
632 memset(clients, -1, sizeof (clients));
634 dbctx = config.dbinit(false);
636 logthing(LOGTHING_NOTICE, "Accepting connections.");
637 while (!cleanup() && select(maxfd + 1, &rfds, NULL, NULL, NULL) != -1) {
639 * Deal with existing clients first; if we're at our
640 * connection limit then processing them might free
641 * things up and let us accept the next client below.
643 for (i = 0; i < MAX_CLIENTS; i++) {
644 if (clients[i] != -1 &&
645 FD_ISSET(clients[i], &rfds)) {
646 logthing(LOGTHING_DEBUG,
647 "Handling connection for client %d.", i);
648 if (sock_do(dbctx, clients[i])) {
649 sock_close(clients[i]);
651 logthing(LOGTHING_DEBUG,
652 "Closed connection for client %d.", i);
657 * Check if we have a new incoming connection to accept.
659 if (FD_ISSET(fd, &rfds)) {
660 for (i = 0; i < MAX_CLIENTS; i++) {
661 if (clients[i] == -1) {
665 if (i < MAX_CLIENTS) {
666 logthing(LOGTHING_INFO,
667 "Accepted connection %d.", i);
668 clients[i] = sock_accept(fd);
674 for (i = 0; i < MAX_CLIENTS; i++) {
675 if (clients[i] != -1) {
676 FD_SET(clients[i], &rfds);
677 maxfd = (maxfd > clients[i]) ?
682 dbctx->cleanupdb(dbctx);
692 return(EXIT_SUCCESS);