2 * keyd.c - key retrieval daemon
4 * Copyright 2004,2011 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
28 #include <sys/select.h>
29 #include <sys/socket.h>
30 #include <sys/types.h>
38 #include <systemd/sd-daemon.h>
41 #include "charfuncs.h"
46 #include "keystructs.h"
49 #include "onak-conf.h"
53 /* Maximum number of clients we're prepared to accept at once */
54 #define MAX_CLIENTS 16
57 static bool using_socket_activation = false;
60 static struct keyd_stats *stats;
62 static void daemonize(void)
69 logthing(LOGTHING_CRITICAL,
70 "Failed to fork into background: %d (%s)",
75 logthing(LOGTHING_INFO, "Backgrounded as pid %d.", pid);
80 logthing(LOGTHING_CRITICAL,
81 "Couldn't set process group leader: %d (%s)",
87 if (!freopen("/dev/null", "r", stdin)) {
88 logthing(LOGTHING_CRITICAL,
89 "Couldn't reopen stdin to NULL: %d (%s)",
94 if (!freopen("/dev/null", "w", stdout)) {
95 logthing(LOGTHING_CRITICAL,
96 "Couldn't reopen stdout to NULL: %d (%s)",
101 if (!freopen("/dev/null", "w", stderr)) {
102 logthing(LOGTHING_CRITICAL,
103 "Couldn't reopen stderr to NULL: %d (%s)",
112 static bool keyd_write_key(int fd, struct openpgp_publickey *key)
114 struct openpgp_packet_list *packets = NULL;
115 struct openpgp_packet_list *list_end = NULL;
116 struct buffer_ctx storebuf;
121 storebuf.size = 8192;
122 storebuf.buffer = malloc(8192);
124 flatten_publickey(key,
127 write_openpgp_stream(buffer_putchar,
130 logthing(LOGTHING_TRACE,
133 written = write(fd, &storebuf.offset,
134 sizeof(storebuf.offset));
138 written = write(fd, storebuf.buffer,
140 if (written != storebuf.offset) {
145 free(storebuf.buffer);
146 storebuf.buffer = NULL;
147 storebuf.size = storebuf.offset = 0;
148 free_packet_list(packets);
149 packets = list_end = NULL;
154 static bool keyd_write_reply(int fd, enum keyd_reply _reply)
156 uint32_t reply = _reply;
160 written = write(fd, &reply, sizeof(reply));
161 if (written != sizeof(reply)) {
168 static bool keyd_write_size(int fd, size_t size)
173 written = write(fd, &size, sizeof(size));
174 if (written != sizeof(size)) {
181 static void iteratefunc(void *ctx, struct openpgp_publickey *key)
183 int *fd = (int *) ctx;
187 get_keyid(key, &keyid);
188 logthing(LOGTHING_TRACE,
189 "Iterating over 0x%016" PRIX64 ".",
192 keyd_write_key(*fd, key);
198 static int sock_init(const char *sockname)
200 struct sockaddr_un sock;
206 n = sd_listen_fds(0);
208 logthing(LOGTHING_ERROR,
209 "Too many file descriptors received from systemd.");
211 fd = SD_LISTEN_FDS_START + 0;
212 if (sd_is_socket_unix(fd, SOCK_STREAM, 1, NULL, 0) <= 0) {
213 logthing(LOGTHING_ERROR,
214 "systemd passed an invalid socket.");
217 using_socket_activation = true;
220 fd = socket(PF_UNIX, SOCK_STREAM, 0);
222 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
226 sock.sun_family = AF_UNIX;
227 strncpy(sock.sun_path, sockname,
228 sizeof(sock.sun_path) - 1);
230 ret = bind(fd, (struct sockaddr *) &sock,
248 static int sock_do(struct onak_dbctx *dbctx, int fd)
250 uint32_t cmd = KEYD_CMD_UNKNOWN;
256 struct openpgp_publickey *key = NULL;
257 struct openpgp_packet_list *packets = NULL;
258 struct buffer_ctx storebuf;
260 struct openpgp_fingerprint fingerprint;
263 * Get the command from the client.
265 bytes = read(fd, &cmd, sizeof(cmd));
267 logthing(LOGTHING_DEBUG, "Read %d bytes, command: %d", bytes, cmd);
269 if (bytes != sizeof(cmd)) {
274 if (cmd < KEYD_CMD_LAST) {
275 stats->command_stats[cmd]++;
277 stats->command_stats[KEYD_CMD_UNKNOWN]++;
280 case KEYD_CMD_VERSION:
281 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
285 cmd = sizeof(keyd_version);
286 bytes = write(fd, &cmd, sizeof(cmd));
287 if (bytes != sizeof(cmd)) {
292 bytes = write(fd, &keyd_version,
293 sizeof(keyd_version));
294 if (bytes != sizeof(keyd_version)) {
299 case KEYD_CMD_GET_ID:
300 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
304 bytes = read(fd, &keyid, sizeof(keyid));
305 if (bytes != sizeof(keyid)) {
310 logthing(LOGTHING_INFO,
311 "Fetching 0x%" PRIX64
314 dbctx->fetch_key_id(dbctx,
318 keyd_write_key(fd, key);
322 if (!keyd_write_size(fd, 0)) {
328 case KEYD_CMD_GET_FP:
329 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
333 if ((read(fd, &bytes, 1) != 1) ||
334 (bytes > MAX_FINGERPRINT_LEN)) {
337 fingerprint.length = bytes;
338 bytes = read(fd, fingerprint.fp,
340 if (bytes != fingerprint.length) {
346 logthing(LOGTHING_INFO,
347 "Fetching by fingerprint"
349 dbctx->fetch_key_fp(dbctx,
353 keyd_write_key(fd, key);
357 if (!keyd_write_size(fd, 0)) {
364 case KEYD_CMD_GET_TEXT:
365 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
369 bytes = read(fd, &count, sizeof(count));
370 if (bytes != sizeof(count)) {
375 search = malloc(count+1);
376 bytes = read(fd, search, count);
377 if (bytes != count) {
383 logthing(LOGTHING_INFO,
384 "Fetching %s, result: %d",
386 dbctx->fetch_key_text(dbctx,
389 keyd_write_key(fd, key);
393 if (!keyd_write_size(fd, 0)) {
401 case KEYD_CMD_UPDATE:
402 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
406 bytes = read(fd, &storebuf.size,
407 sizeof(storebuf.size));
408 logthing(LOGTHING_TRACE, "Reading %d bytes.",
410 if (bytes != sizeof(storebuf.size)) {
414 if (ret == 0 && storebuf.size > 0) {
415 storebuf.buffer = malloc(storebuf.size);
418 while (bytes >= 0 && count < storebuf.size) {
420 &storebuf.buffer[count],
421 storebuf.size - count);
422 logthing(LOGTHING_TRACE,
427 read_openpgp_stream(buffer_fetchchar,
431 parse_keys(packets, &key);
432 dbctx->store_key(dbctx, key, false,
433 (cmd == KEYD_CMD_UPDATE));
434 free_packet_list(packets);
438 free(storebuf.buffer);
439 storebuf.buffer = NULL;
440 storebuf.size = storebuf.offset = 0;
443 case KEYD_CMD_DELETE:
444 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
448 bytes = read(fd, &keyid, sizeof(keyid));
449 if (bytes != sizeof(keyid)) {
454 logthing(LOGTHING_INFO,
455 "Deleting 0x%" PRIX64
458 dbctx->delete_key(dbctx,
462 case KEYD_CMD_GETFULLKEYID:
463 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
467 bytes = read(fd, &keyid, sizeof(keyid));
468 if (bytes != sizeof(keyid)) {
473 keyid = dbctx->getfullkeyid(dbctx, keyid);
475 bytes = write(fd, &cmd, sizeof(cmd));
476 if (bytes != sizeof(cmd)) {
481 bytes = write(fd, &keyid, sizeof(keyid));
482 if (bytes != sizeof(keyid)) {
487 case KEYD_CMD_KEYITER:
488 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
492 dbctx->iterate_keys(dbctx, iteratefunc,
494 if (!keyd_write_size(fd, 0)) {
500 /* We're going to close the FD even if this fails */
501 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
505 /* We're going to quit even if this fails */
506 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
507 logthing(LOGTHING_NOTICE,
508 "Exiting due to quit request.");
513 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
517 cmd = sizeof(*stats);
518 bytes = write(fd, &cmd, sizeof(cmd));
519 if (bytes != sizeof(cmd)) {
524 bytes = write(fd, stats, sizeof(*stats));
525 if (bytes != sizeof(*stats)) {
530 case KEYD_CMD_GET_SKSHASH:
531 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
535 bytes = read(fd, hash.hash, sizeof(hash.hash));
536 if (bytes != sizeof(hash.hash)) {
541 logthing(LOGTHING_INFO,
544 dbctx->fetch_key_skshash(dbctx,
547 keyd_write_key(fd, key);
551 if (!keyd_write_size(fd, 0)) {
559 logthing(LOGTHING_ERROR, "Got unknown command: %d",
561 if (!keyd_write_reply(fd, KEYD_REPLY_UNKNOWN_CMD)) {
570 static int sock_close(int fd)
572 shutdown(fd, SHUT_RDWR);
576 static int sock_accept(int fd)
578 struct sockaddr_un sock;
583 socklen = sizeof(sock);
584 srv = accept(fd, (struct sockaddr *) &sock, &socklen);
586 ret = fcntl(srv, F_SETFD, FD_CLOEXEC);
596 static void usage(void)
598 puts("keyd " ONAK_VERSION " - backend key serving daemon for the "
599 "onak PGP keyserver.\n");
601 puts("\tkeyd [options]\n");
602 puts("\tOptions:\n:");
603 puts("-c <file> - use <file> as the config file");
604 puts("-f - run in the foreground");
605 puts("-h - show this help text");
609 int main(int argc, char *argv[])
611 int fd = -1, maxfd, i, clients[MAX_CLIENTS];
612 fd_set rfds = { 0 }; /* Avoid scan-build false report for FD_SET */
614 char *configfile = NULL;
615 bool foreground = false;
617 struct onak_dbctx *dbctx;
619 while ((optchar = getopt(argc, argv, "c:fh")) != -1 ) {
622 if (configfile != NULL) {
625 configfile = strdup(optarg);
637 readconfig(configfile);
640 initlogthing("keyd", config.logfile);
641 config.use_keyd = false;
648 signal(SIGPIPE, SIG_IGN);
651 stats = calloc(1, sizeof(*stats));
653 logthing(LOGTHING_ERROR,
654 "Couldn't allocate memory for stats structure.");
657 stats->started = time(NULL);
659 snprintf(sockname, sizeof(sockname) - 1, "%s/%s",
660 config.sock_dir, KEYD_SOCKET);
661 fd = sock_init(sockname);
667 memset(clients, -1, sizeof (clients));
669 dbctx = config.dbinit(config.backend, false);
671 logthing(LOGTHING_NOTICE, "Accepting connections.");
672 while (!cleanup() && select(maxfd + 1, &rfds, NULL, NULL, NULL) != -1) {
674 * Deal with existing clients first; if we're at our
675 * connection limit then processing them might free
676 * things up and let us accept the next client below.
678 for (i = 0; i < MAX_CLIENTS; i++) {
679 if (clients[i] != -1 &&
680 FD_ISSET(clients[i], &rfds)) {
681 logthing(LOGTHING_DEBUG,
682 "Handling connection for client %d.", i);
683 if (sock_do(dbctx, clients[i])) {
684 sock_close(clients[i]);
686 logthing(LOGTHING_DEBUG,
687 "Closed connection for client %d.", i);
692 * Check if we have a new incoming connection to accept.
694 if (FD_ISSET(fd, &rfds)) {
695 for (i = 0; i < MAX_CLIENTS; i++) {
696 if (clients[i] == -1) {
700 if (i < MAX_CLIENTS) {
701 logthing(LOGTHING_INFO,
702 "Accepted connection %d.", i);
703 clients[i] = sock_accept(fd);
709 for (i = 0; i < MAX_CLIENTS; i++) {
710 if (clients[i] != -1) {
711 FD_SET(clients[i], &rfds);
712 maxfd = (maxfd > clients[i]) ?
717 dbctx->cleanupdb(dbctx);
719 if (!using_socket_activation) {
733 return(EXIT_SUCCESS);