2 * keydb_db4.c - Routines to store and fetch keys in a DB4 database.
4 * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 #include <sys/types.h>
33 #include "charfuncs.h"
37 #include "decodekey.h"
38 #include "keystructs.h"
41 #include "onak-conf.h"
45 #define DB4_UPGRADE_FILE "db_upgrade.lck"
47 struct onak_db4_dbctx {
48 DB_ENV *dbenv; /* The database environment context */
49 int numdbs; /* Number of data databases in use */
50 DB **dbconns; /* Connections to the key data databases */
51 DB *worddb; /* Connection to the word lookup database */
52 DB *id32db; /* Connection to the 32 bit ID lookup database */
53 DB *id64db; /* Connection to the 64 bit ID lookup database */
54 DB *skshashdb; /* Connection to the SKS hash database */
55 DB *subkeydb; /* Connection to the subkey ID lookup database */
56 DB_TXN *txn; /* Our current transaction ID */
59 DB *keydb_id(struct onak_db4_dbctx *privctx, uint64_t keyid)
65 return(privctx->dbconns[keytrun % privctx->numdbs]);
68 DB *keydb_fp(struct onak_db4_dbctx *privctx, struct openpgp_fingerprint *fp)
72 keytrun = (fp->fp[4] << 24) |
77 return(privctx->dbconns[keytrun % privctx->numdbs]);
81 * db4_errfunc - Direct DB errors to logfile
83 * Basic function to take errors from the DB library and output them to
84 * the logfile rather than stderr.
86 #if (DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR < 3)
87 static void db4_errfunc(const char *errpfx, const char *errmsg)
89 static void db4_errfunc(const DB_ENV *edbenv, const char *errpfx,
94 logthing(LOGTHING_DEBUG, "db4 error: %s:%s", errpfx, errmsg);
96 logthing(LOGTHING_DEBUG, "db4 error: %s", errmsg);
103 * starttrans - Start a transaction.
105 * Start a transaction. Intended to be used if we're about to perform many
106 * operations on the database to help speed it all up, or if we want
107 * something to only succeed if all relevant operations are successful.
109 static bool db4_starttrans(struct onak_dbctx *dbctx)
111 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
114 log_assert(privctx->dbenv != NULL);
115 log_assert(privctx->txn == NULL);
117 ret = privctx->dbenv->txn_begin(privctx->dbenv,
118 NULL, /* No parent transaction */
122 logthing(LOGTHING_CRITICAL,
123 "Error starting transaction: %s",
132 * endtrans - End a transaction.
134 * Ends a transaction.
136 static void db4_endtrans(struct onak_dbctx *dbctx)
138 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
141 log_assert(privctx->dbenv != NULL);
142 log_assert(privctx->txn != NULL);
144 ret = privctx->txn->commit(privctx->txn,
147 logthing(LOGTHING_CRITICAL,
148 "Error ending transaction: %s",
158 * db4_upgradedb - Upgrade a DB4 database
160 * Called if we discover we need to upgrade our DB4 database; ie if
161 * we're running with a newer version of db4 than the database was
164 static int db4_upgradedb(struct onak_db4_dbctx *privctx)
173 snprintf(buf, sizeof(buf) - 1, "%s/%s", config.db_dir,
175 lockfile_fd = open(buf, O_RDWR | O_CREAT | O_EXCL, 0600);
176 if (lockfile_fd < 0) {
177 if (errno == EEXIST) {
178 while (stat(buf, &statbuf) == 0) ;
181 logthing(LOGTHING_CRITICAL, "Couldn't open database "
182 "update lock file: %s", strerror(errno));
186 snprintf(buf, sizeof(buf) - 1, "%d", getpid());
187 write(lockfile_fd, buf, strlen(buf));
190 logthing(LOGTHING_NOTICE, "Upgrading DB4 database");
191 ret = db_env_create(&privctx->dbenv, 0);
193 privctx->dbenv->set_errcall(privctx->dbenv, &db4_errfunc);
194 privctx->dbenv->remove(privctx->dbenv, config.db_dir, 0);
195 privctx->dbenv = NULL;
197 for (i = 0; i < privctx->numdbs; i++) {
198 ret = db_create(&curdb, NULL, 0);
200 snprintf(buf, sizeof(buf) - 1, "%s/keydb.%d.db",
202 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
203 curdb->upgrade(curdb, buf, 0);
204 curdb->close(curdb, 0);
206 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
212 ret = db_create(&curdb, NULL, 0);
214 snprintf(buf, sizeof(buf) - 1, "%s/worddb", config.db_dir);
215 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
216 curdb->upgrade(curdb, buf, 0);
217 curdb->close(curdb, 0);
219 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
224 ret = db_create(&curdb, NULL, 0);
226 snprintf(buf, sizeof(buf) - 1, "%s/id32db", config.db_dir);
227 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
228 curdb->upgrade(curdb, buf, 0);
229 curdb->close(curdb, 0);
231 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
236 ret = db_create(&curdb, NULL, 0);
238 snprintf(buf, sizeof(buf) - 1, "%s/id64db", config.db_dir);
239 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
240 curdb->upgrade(curdb, buf, 0);
241 curdb->close(curdb, 0);
243 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
248 ret = db_create(&curdb, NULL, 0);
250 snprintf(buf, sizeof(buf) - 1, "%s/skshashdb", config.db_dir);
251 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
252 curdb->upgrade(curdb, buf, 0);
253 curdb->close(curdb, 0);
255 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
260 ret = db_create(&curdb, NULL, 0);
262 snprintf(buf, sizeof(buf) - 1, "%s/subkeydb", config.db_dir);
263 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
264 curdb->upgrade(curdb, buf, 0);
265 curdb->close(curdb, 0);
267 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
272 snprintf(buf, sizeof(buf) - 1, "%s/%s", config.db_dir,
280 * getfullkeyid - Maps a 32bit key id to a 64bit one.
281 * @keyid: The 32bit keyid.
283 * This function maps a 32bit key id to the full 64bit one. It returns the
284 * full keyid. If the key isn't found a keyid of 0 is returned.
286 static uint64_t db4_getfullkeyid(struct onak_dbctx *dbctx, uint64_t keyid)
288 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
291 uint32_t shortkeyid = 0;
295 if (keyid < 0x100000000LL) {
296 ret = privctx->id32db->cursor(privctx->id32db,
305 shortkeyid = keyid & 0xFFFFFFFF;
307 memset(&key, 0, sizeof(key));
308 memset(&data, 0, sizeof(data));
309 key.data = &shortkeyid;
310 key.size = sizeof(shortkeyid);
311 data.flags = DB_DBT_MALLOC;
313 ret = cursor->c_get(cursor,
319 if (data.size == 8) {
320 keyid = * (uint64_t *) data.data;
323 for (i = 12; i < 20; i++) {
325 keyid |= ((uint8_t *) data.data)[i];
329 if (data.data != NULL) {
335 cursor->c_close(cursor);
343 * fetch_key_fp - Given a fingerprint fetch the key from storage.
345 static int db4_fetch_key_fp(struct onak_dbctx *dbctx,
346 struct openpgp_fingerprint *fingerprint,
347 struct openpgp_publickey **publickey,
350 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
351 struct openpgp_packet_list *packets = NULL;
355 struct buffer_ctx fetchbuf;
356 struct openpgp_fingerprint subfp;
358 memset(&key, 0, sizeof(key));
359 memset(&data, 0, sizeof(data));
364 key.size = fingerprint->length;
365 key.data = fingerprint->fp;
368 db4_starttrans(dbctx);
371 ret = keydb_fp(privctx, fingerprint)->get(keydb_fp(privctx,
378 if (ret == DB_NOTFOUND) {
379 /* If we didn't find the key ID see if it's a subkey ID */
380 memset(&key, 0, sizeof(key));
381 memset(&data, 0, sizeof(data));
382 data.data = subfp.fp;
383 data.ulen = MAX_FINGERPRINT_LEN;
384 data.flags = DB_DBT_USERMEM;
385 key.data = fingerprint->fp;
386 key.size = fingerprint->length;
388 ret = privctx->subkeydb->get(privctx->subkeydb,
395 /* We got a subkey match; retrieve the actual key */
396 memset(&key, 0, sizeof(key));
397 key.size = subfp.length = data.size;
400 memset(&data, 0, sizeof(data));
404 ret = keydb_fp(privctx, &subfp)->get(
405 keydb_fp(privctx, &subfp),
414 fetchbuf.buffer = data.data;
416 fetchbuf.size = data.size;
417 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
419 parse_keys(packets, publickey);
420 free_packet_list(packets);
423 } else if (ret != DB_NOTFOUND) {
424 logthing(LOGTHING_ERROR,
425 "Problem retrieving key: %s",
437 * fetch_key_id - Given a keyid fetch the key from storage.
438 * @keyid: The keyid to fetch.
439 * @publickey: A pointer to a structure to return the key in.
440 * @intrans: If we're already in a transaction.
442 * We use the hex representation of the keyid as the filename to fetch the
443 * key from. The key is stored in the file as a binary OpenPGP stream of
444 * packets, so we can just use read_openpgp_stream() to read the packets
445 * in and then parse_keys() to parse the packets into a publickey
448 static int db4_fetch_key_id(struct onak_dbctx *dbctx, uint64_t keyid,
449 struct openpgp_publickey **publickey,
452 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
453 struct openpgp_packet_list *packets = NULL;
457 struct buffer_ctx fetchbuf;
458 struct openpgp_fingerprint fingerprint;
460 if (keyid < 0x100000000LL) {
461 keyid = db4_getfullkeyid(dbctx, keyid);
464 memset(&key, 0, sizeof(key));
465 memset(&data, 0, sizeof(data));
470 key.size = sizeof(keyid);
474 db4_starttrans(dbctx);
478 * First we try a legacy stored key where we used the 64 bit key ID
481 ret = keydb_id(privctx, keyid)->get(keydb_id(privctx, keyid),
487 if (ret == DB_NOTFOUND) {
488 /* If we didn't find the key ID try the 64 bit map DB */
489 memset(&key, 0, sizeof(key));
490 memset(&data, 0, sizeof(data));
491 data.ulen = MAX_FINGERPRINT_LEN;
492 data.data = fingerprint.fp;
493 data.flags = DB_DBT_USERMEM;
494 key.size = sizeof(keyid);
497 ret = privctx->id64db->get(privctx->id64db,
504 /* We got a match; retrieve the actual key */
505 fingerprint.length = data.size;
507 memset(&key, 0, sizeof(key));
508 memset(&data, 0, sizeof(data));
509 key.size = fingerprint.length;
510 key.data = fingerprint.fp;
512 ret = keydb_fp(privctx, &fingerprint)->get(
513 keydb_fp(privctx, &fingerprint),
522 fetchbuf.buffer = data.data;
524 fetchbuf.size = data.size;
525 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
527 parse_keys(packets, publickey);
528 free_packet_list(packets);
531 } else if (ret != DB_NOTFOUND) {
532 logthing(LOGTHING_ERROR,
533 "Problem retrieving key: %s",
545 int worddb_cmp(const void *d1, const void *d2)
547 return memcmp(d1, d2, 12);
551 * fetch_key_text - Trys to find the keys that contain the supplied text.
552 * @search: The text to search for.
553 * @publickey: A pointer to a structure to return the key in.
555 * This function searches for the supplied text and returns the keys that
558 static int db4_fetch_key_text(struct onak_dbctx *dbctx, const char *search,
559 struct openpgp_publickey **publickey)
561 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
568 char *searchtext = NULL;
569 struct ll *wordlist = NULL;
570 struct ll *curword = NULL;
571 struct keyarray keylist = { NULL, 0, 0 };
572 struct keyarray newkeylist = { NULL, 0, 0 };
574 struct openpgp_fingerprint fingerprint;
577 searchtext = strdup(search);
578 wordlist = makewordlist(wordlist, searchtext);
580 for (curword = wordlist; curword != NULL; curword = curword->next) {
581 db4_starttrans(dbctx);
583 ret = privctx->worddb->cursor(privctx->worddb,
593 memset(&key, 0, sizeof(key));
594 memset(&data, 0, sizeof(data));
595 key.data = curword->object;
596 key.size = strlen(curword->object);
597 data.flags = DB_DBT_MALLOC;
598 ret = cursor->c_get(cursor,
602 while (ret == 0 && strncmp(key.data, curword->object,
604 ((char *) curword->object)[key.size] == 0) {
605 if (data.size == 12) {
606 /* Old style creation + key id */
607 fingerprint.length = 8;
608 for (i = 4; i < 12; i++) {
609 fingerprint.fp[i - 4] =
614 fingerprint.length = data.size;
615 memcpy(fingerprint.fp, data.data, data.size);
619 * Only add the keys containing this word if this is
620 * our first pass (ie we have no existing key list),
621 * or the key contained a previous word.
623 if (firstpass || array_find(&keylist, &fingerprint)) {
624 array_add(&newkeylist, &fingerprint);
630 ret = cursor->c_get(cursor,
635 array_free(&keylist);
636 keylist.keys = newkeylist.keys;
637 keylist.count = newkeylist.count;
638 keylist.size = newkeylist.size;
639 newkeylist.keys = NULL;
640 newkeylist.count = newkeylist.size = 0;
641 if (data.data != NULL) {
645 cursor->c_close(cursor);
650 llfree(wordlist, NULL);
653 if (keylist.count > config.maxkeys) {
654 keylist.count = config.maxkeys;
657 db4_starttrans(dbctx);
658 for (i = 0; i < keylist.count; i++) {
659 if (keylist.keys[i].length == 8) {
661 for (int j = 0; j < 8; j++) {
663 keyid |= keylist.keys[i].fp[j];
665 numkeys += db4_fetch_key_id(dbctx, keyid,
669 numkeys += db4_fetch_key_fp(dbctx, &keylist.keys[i],
674 array_free(&keylist);
683 static int db4_fetch_key_skshash(struct onak_dbctx *dbctx,
684 const struct skshash *hash,
685 struct openpgp_publickey **publickey)
687 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
693 struct openpgp_fingerprint fingerprint;
695 ret = privctx->skshashdb->cursor(privctx->skshashdb,
704 memset(&key, 0, sizeof(key));
705 memset(&data, 0, sizeof(data));
706 key.data = (void *) hash->hash;
707 key.size = sizeof(hash->hash);
708 data.flags = DB_DBT_MALLOC;
710 ret = cursor->c_get(cursor,
716 if (data.size == 8) {
717 /* Legacy key ID record */
718 keyid = *(uint64_t *) data.data;
719 count = db4_fetch_key_id(dbctx, keyid, publickey,
722 fingerprint.length = data.size;
723 memcpy(fingerprint.fp, data.data, data.size);
724 count = db4_fetch_key_fp(dbctx, &fingerprint,
728 if (data.data != NULL) {
734 cursor->c_close(cursor);
741 * delete_key - Given a keyid delete the key from storage.
742 * @keyid: The keyid to delete.
743 * @intrans: If we're already in a transaction.
745 * This function deletes a public key from whatever storage mechanism we
746 * are using. Returns 0 if the key existed.
748 static int db4_delete_key(struct onak_dbctx *dbctx,
749 uint64_t keyid, bool intrans)
751 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
752 struct openpgp_publickey *publickey = NULL;
755 DBC *cursor64 = NULL;
756 uint32_t shortkeyid = 0;
757 uint64_t subkeyid = 0;
758 struct openpgp_fingerprint *subkeyids = NULL;
762 char *primary = NULL;
763 unsigned char worddb_data[12];
764 struct ll *wordlist = NULL;
765 struct ll *curword = NULL;
766 bool deadlock = false;
768 struct openpgp_fingerprint fingerprint;
771 db4_starttrans(dbctx);
774 if (db4_fetch_key_id(dbctx, keyid, &publickey, true) == 0) {
781 get_fingerprint(publickey->publickey, &fingerprint);
784 * Walk through the uids removing the words from the worddb.
786 if (publickey != NULL) {
787 uids = keyuids(publickey, &primary);
790 for (i = 0; ret == 0 && uids[i] != NULL; i++) {
791 wordlist = makewordlist(wordlist, uids[i]);
794 privctx->worddb->cursor(privctx->worddb,
799 for (curword = wordlist; curword != NULL && !deadlock;
800 curword = curword->next) {
801 memset(&key, 0, sizeof(key));
802 memset(&data, 0, sizeof(data));
803 key.data = curword->object;
804 key.size = strlen(key.data);
805 data.data = worddb_data;
806 data.size = sizeof(worddb_data);
809 * Old format word db data was the key creation time
810 * followed by the 64 bit key id.
812 worddb_data[ 0] = publickey->publickey->data[1];
813 worddb_data[ 1] = publickey->publickey->data[2];
814 worddb_data[ 2] = publickey->publickey->data[3];
815 worddb_data[ 3] = publickey->publickey->data[4];
816 worddb_data[ 4] = (keyid >> 56) & 0xFF;
817 worddb_data[ 5] = (keyid >> 48) & 0xFF;
818 worddb_data[ 6] = (keyid >> 40) & 0xFF;
819 worddb_data[ 7] = (keyid >> 32) & 0xFF;
820 worddb_data[ 8] = (keyid >> 24) & 0xFF;
821 worddb_data[ 9] = (keyid >> 16) & 0xFF;
822 worddb_data[10] = (keyid >> 8) & 0xFF;
823 worddb_data[11] = keyid & 0xFF;
825 ret = cursor->c_get(cursor,
831 cursor->c_del(cursor, 0);
834 /* New style just uses the fingerprint as the data */
835 memset(&key, 0, sizeof(key));
836 memset(&data, 0, sizeof(data));
837 key.data = curword->object;
838 key.size = strlen(key.data);
839 data.data = fingerprint.fp;
840 data.size = fingerprint.length;
842 ret = cursor->c_get(cursor,
848 ret = cursor->c_del(cursor, 0);
851 if (ret != 0 && ret != DB_NOTFOUND) {
852 logthing(LOGTHING_ERROR,
853 "Problem deleting word: %s "
854 "(0x%016" PRIX64 ")",
857 if (ret == DB_LOCK_DEADLOCK) {
862 cursor->c_close(cursor);
866 * Free our UID and word lists.
868 llfree(wordlist, NULL);
869 for (i = 0; uids[i] != NULL; i++) {
878 privctx->id32db->cursor(privctx->id32db,
882 privctx->id64db->cursor(privctx->id64db,
887 shortkeyid = keyid & 0xFFFFFFFF;
889 /* Old style mapping to 64 bit key id */
890 memset(&key, 0, sizeof(key));
891 memset(&data, 0, sizeof(data));
892 key.data = &shortkeyid;
893 key.size = sizeof(shortkeyid);
895 data.size = sizeof(keyid);
897 ret = cursor->c_get(cursor,
903 cursor->c_del(cursor, 0);
906 /* New style mapping to fingerprint */
907 memset(&key, 0, sizeof(key));
908 memset(&data, 0, sizeof(data));
909 key.data = &shortkeyid;
910 key.size = sizeof(shortkeyid);
911 data.data = fingerprint.fp;
912 data.size = fingerprint.length;
914 ret = cursor->c_get(cursor,
920 ret = cursor->c_del(cursor, 0);
923 if (ret != 0 && ret != DB_NOTFOUND) {
924 logthing(LOGTHING_ERROR,
925 "Problem deleting short keyid: %s "
926 "(0x%016" PRIX64 ")",
929 if (ret == DB_LOCK_DEADLOCK) {
934 /* 64 bit key mapping to fingerprint */
935 memset(&key, 0, sizeof(key));
936 memset(&data, 0, sizeof(data));
938 key.size = sizeof(keyid);
939 data.data = fingerprint.fp;
940 data.size = fingerprint.length;
942 ret = cursor64->c_get(cursor64,
948 ret = cursor64->c_del(cursor64, 0);
951 if (ret != 0 && ret != DB_NOTFOUND) {
952 logthing(LOGTHING_ERROR,
953 "Problem deleting keyid: %s "
954 "(0x%016" PRIX64 ")",
957 if (ret == DB_LOCK_DEADLOCK) {
962 subkeyids = keysubkeys(publickey);
964 while (subkeyids != NULL && subkeyids[i].length != 0) {
965 subkeyid = fingerprint2keyid(&subkeyids[i]);
966 memset(&key, 0, sizeof(key));
967 key.data = subkeyids[i].fp;
968 key.size = subkeyids[i].length;
969 privctx->subkeydb->del(privctx->subkeydb,
970 privctx->txn, &key, 0);
971 if (ret != 0 && ret != DB_NOTFOUND) {
972 logthing(LOGTHING_ERROR,
973 "Problem deleting subkey id: %s "
974 "(0x%016" PRIX64 ")",
977 if (ret == DB_LOCK_DEADLOCK) {
982 shortkeyid = subkeyid & 0xFFFFFFFF;
984 /* Remove 32 bit keyid -> 64 bit keyid mapping */
985 memset(&key, 0, sizeof(key));
986 memset(&data, 0, sizeof(data));
987 key.data = &shortkeyid;
988 key.size = sizeof(shortkeyid);
990 data.size = sizeof(keyid);
992 ret = cursor->c_get(cursor,
998 cursor->c_del(cursor, 0);
1001 /* Remove 32 bit keyid -> fingerprint mapping */
1002 memset(&key, 0, sizeof(key));
1003 memset(&data, 0, sizeof(data));
1004 key.data = &shortkeyid;
1005 key.size = sizeof(shortkeyid);
1006 data.data = fingerprint.fp;
1007 data.size = fingerprint.length;
1009 ret = cursor->c_get(cursor,
1015 ret = cursor->c_del(cursor, 0);
1018 if (ret != 0 && ret != DB_NOTFOUND) {
1019 logthing(LOGTHING_ERROR,
1020 "Problem deleting short keyid: %s "
1021 "(0x%016" PRIX64 ")",
1024 if (ret == DB_LOCK_DEADLOCK) {
1029 /* Remove 64 bit keyid -> fingerprint mapping */
1030 memset(&key, 0, sizeof(key));
1031 memset(&data, 0, sizeof(data));
1032 key.data = &subkeyid;
1033 key.size = sizeof(subkeyid);
1034 data.data = fingerprint.fp;
1035 data.size = fingerprint.length;
1037 ret = cursor64->c_get(cursor64,
1043 ret = cursor64->c_del(cursor64, 0);
1046 if (ret != 0 && ret != DB_NOTFOUND) {
1047 logthing(LOGTHING_ERROR,
1048 "Problem deleting keyid: %s "
1049 "(0x%016" PRIX64 ")",
1052 if (ret == DB_LOCK_DEADLOCK) {
1058 if (subkeyids != NULL) {
1062 cursor64->c_close(cursor64);
1064 cursor->c_close(cursor);
1069 ret = privctx->skshashdb->cursor(privctx->skshashdb,
1074 get_skshash(publickey, &hash);
1076 /* First delete old style keyid mapping */
1077 memset(&key, 0, sizeof(key));
1078 memset(&data, 0, sizeof(data));
1079 key.data = hash.hash;
1080 key.size = sizeof(hash.hash);
1082 data.size = sizeof(keyid);
1084 ret = cursor->c_get(cursor,
1090 cursor->c_del(cursor, 0);
1093 /* Then delete new style fingerprint mapping */
1094 memset(&key, 0, sizeof(key));
1095 memset(&data, 0, sizeof(data));
1096 key.data = hash.hash;
1097 key.size = sizeof(hash.hash);
1098 data.data = fingerprint.fp;
1099 data.size = fingerprint.length;
1101 ret = cursor->c_get(cursor,
1107 ret = cursor->c_del(cursor, 0);
1110 if (ret != 0 && ret != DB_NOTFOUND) {
1111 logthing(LOGTHING_ERROR,
1112 "Problem deleting skshash: %s "
1113 "(0x%016" PRIX64 ")",
1116 if (ret == DB_LOCK_DEADLOCK) {
1121 cursor->c_close(cursor);
1125 free_publickey(publickey);
1129 key.data = fingerprint.fp;
1130 key.size = fingerprint.length;
1132 keydb_fp(privctx, &fingerprint)->del(keydb_fp(privctx,
1138 /* Delete old style 64 bit keyid */
1140 key.size = sizeof(keyid);
1142 keydb_id(privctx, keyid)->del(keydb_id(privctx, keyid),
1149 db4_endtrans(dbctx);
1152 return deadlock ? (-1) : (ret == DB_NOTFOUND);
1156 * store_key - Takes a key and stores it.
1157 * @publickey: A pointer to the public key to store.
1158 * @intrans: If we're already in a transaction.
1159 * @update: If true the key exists and should be updated.
1161 * Again we just use the hex representation of the keyid as the filename
1162 * to store the key to. We flatten the public key to a list of OpenPGP
1163 * packets and then use write_openpgp_stream() to write the stream out to
1164 * the file. If update is true then we delete the old key first, otherwise
1165 * we trust that it doesn't exist.
1167 static int db4_store_key(struct onak_dbctx *dbctx,
1168 struct openpgp_publickey *publickey, bool intrans,
1171 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1172 struct openpgp_packet_list *packets = NULL;
1173 struct openpgp_packet_list *list_end = NULL;
1174 struct openpgp_publickey *next = NULL;
1177 struct buffer_ctx storebuf;
1181 uint32_t shortkeyid = 0;
1182 struct openpgp_fingerprint *subkeyids = NULL;
1184 char *primary = NULL;
1185 struct ll *wordlist = NULL;
1186 struct ll *curword = NULL;
1187 bool deadlock = false;
1188 struct skshash hash;
1189 struct openpgp_fingerprint fingerprint;
1191 if (get_keyid(publickey, &keyid) != ONAK_E_OK) {
1192 logthing(LOGTHING_ERROR, "Couldn't find key ID for key.");
1196 if (get_fingerprint(publickey->publickey, &fingerprint) != ONAK_E_OK) {
1197 logthing(LOGTHING_ERROR, "Couldn't find fingerprint for key.");
1202 db4_starttrans(dbctx);
1206 * Delete the key if we already have it.
1208 * TODO: Can we optimize this perhaps? Possibly when other data is
1209 * involved as well? I suspect this is easiest and doesn't make a lot
1210 * of difference though - the largest chunk of data is the keydata and
1211 * it definitely needs updated.
1214 deadlock = (db4_delete_key(dbctx, keyid, true) == -1);
1218 * Convert the key to a flat set of binary data.
1221 next = publickey->next;
1222 publickey->next = NULL;
1223 flatten_publickey(publickey, &packets, &list_end);
1224 publickey->next = next;
1226 storebuf.offset = 0;
1227 storebuf.size = 8192;
1228 storebuf.buffer = malloc(8192);
1230 write_openpgp_stream(buffer_putchar, &storebuf, packets);
1233 * Now we have the key data store it in the DB; the keyid is
1236 memset(&key, 0, sizeof(key));
1237 memset(&data, 0, sizeof(data));
1238 key.data = fingerprint.fp;
1239 key.size = fingerprint.length;
1240 data.size = storebuf.offset;
1241 data.data = storebuf.buffer;
1243 ret = keydb_fp(privctx, &fingerprint)->put(
1244 keydb_fp(privctx, &fingerprint),
1250 logthing(LOGTHING_ERROR,
1251 "Problem storing key: %s",
1253 if (ret == DB_LOCK_DEADLOCK) {
1258 free(storebuf.buffer);
1259 storebuf.buffer = NULL;
1261 storebuf.offset = 0;
1263 free_packet_list(packets);
1268 * Walk through our uids storing the words into the db with the keyid.
1271 uids = keyuids(publickey, &primary);
1274 for (i = 0; ret == 0 && uids[i] != NULL; i++) {
1275 wordlist = makewordlist(wordlist, uids[i]);
1278 for (curword = wordlist; curword != NULL && !deadlock;
1279 curword = curword->next) {
1280 memset(&key, 0, sizeof(key));
1281 memset(&data, 0, sizeof(data));
1282 key.data = curword->object;
1283 key.size = strlen(key.data);
1284 data.data = fingerprint.fp;
1285 data.size = fingerprint.length;
1287 ret = privctx->worddb->put(privctx->worddb,
1293 logthing(LOGTHING_ERROR,
1294 "Problem storing word: %s",
1296 if (ret == DB_LOCK_DEADLOCK) {
1303 * Free our UID and word lists.
1305 llfree(wordlist, NULL);
1306 for (i = 0; uids[i] != NULL; i++) {
1315 * Write the truncated 32 bit keyid so we can lookup the fingerprint
1319 shortkeyid = keyid & 0xFFFFFFFF;
1321 memset(&key, 0, sizeof(key));
1322 memset(&data, 0, sizeof(data));
1323 key.data = &shortkeyid;
1324 key.size = sizeof(shortkeyid);
1325 data.data = fingerprint.fp;
1326 data.size = fingerprint.length;
1328 ret = privctx->id32db->put(privctx->id32db,
1334 logthing(LOGTHING_ERROR,
1335 "Problem storing short keyid: %s",
1337 if (ret == DB_LOCK_DEADLOCK) {
1344 * Write the 64 bit keyid so we can lookup the fingerprint for
1348 memset(&key, 0, sizeof(key));
1349 memset(&data, 0, sizeof(data));
1351 key.size = sizeof(keyid);
1352 data.data = fingerprint.fp;
1353 data.size = fingerprint.length;
1355 ret = privctx->id64db->put(privctx->id64db,
1361 logthing(LOGTHING_ERROR,
1362 "Problem storing keyid: %s",
1364 if (ret == DB_LOCK_DEADLOCK) {
1371 subkeyids = keysubkeys(publickey);
1373 while (subkeyids != NULL && subkeyids[i].length != 0) {
1374 /* Store the subkey ID -> main key fp mapping */
1375 memset(&key, 0, sizeof(key));
1376 memset(&data, 0, sizeof(data));
1377 key.data = subkeyids[i].fp;
1378 key.size = subkeyids[i].length;
1379 data.data = fingerprint.fp;
1380 data.size = fingerprint.length;
1382 ret = privctx->subkeydb->put(privctx->subkeydb,
1388 logthing(LOGTHING_ERROR,
1389 "Problem storing subkey keyid: %s",
1391 if (ret == DB_LOCK_DEADLOCK) {
1396 /* Store the 64 bit subkey ID -> main key fp mapping */
1397 memset(&key, 0, sizeof(key));
1398 memset(&data, 0, sizeof(data));
1400 keyid = fingerprint2keyid(&subkeyids[i]);
1402 key.size = sizeof(keyid);
1403 data.data = fingerprint.fp;
1404 data.size = fingerprint.length;
1406 ret = privctx->id64db->put(privctx->id64db,
1412 logthing(LOGTHING_ERROR,
1413 "Problem storing keyid: %s",
1415 if (ret == DB_LOCK_DEADLOCK) {
1420 /* Store the short subkey ID -> main key fp mapping */
1421 shortkeyid = keyid & 0xFFFFFFFF;
1423 memset(&key, 0, sizeof(key));
1424 memset(&data, 0, sizeof(data));
1425 key.data = &shortkeyid;
1426 key.size = sizeof(shortkeyid);
1427 data.data = fingerprint.fp;
1428 data.size = fingerprint.length;
1430 ret = privctx->id32db->put(privctx->id32db,
1436 logthing(LOGTHING_ERROR,
1437 "Problem storing short keyid: %s",
1439 if (ret == DB_LOCK_DEADLOCK) {
1445 if (subkeyids != NULL) {
1452 get_skshash(publickey, &hash);
1453 memset(&key, 0, sizeof(key));
1454 memset(&data, 0, sizeof(data));
1455 key.data = hash.hash;
1456 key.size = sizeof(hash.hash);
1457 data.data = fingerprint.fp;
1458 data.size = fingerprint.length;
1460 ret = privctx->skshashdb->put(privctx->skshashdb,
1466 logthing(LOGTHING_ERROR,
1467 "Problem storing SKS hash: %s",
1469 if (ret == DB_LOCK_DEADLOCK) {
1476 db4_endtrans(dbctx);
1479 return deadlock ? -1 : 0 ;
1483 * iterate_keys - call a function once for each key in the db.
1484 * @iterfunc: The function to call.
1485 * @ctx: A context pointer
1487 * Calls iterfunc once for each key in the database. ctx is passed
1488 * unaltered to iterfunc. This function is intended to aid database dumps
1489 * and statistic calculations.
1491 * Returns the number of keys we iterated over.
1493 static int db4_iterate_keys(struct onak_dbctx *dbctx,
1494 void (*iterfunc)(void *ctx, struct openpgp_publickey *key),
1497 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1503 struct buffer_ctx fetchbuf;
1504 struct openpgp_packet_list *packets = NULL;
1505 struct openpgp_publickey *key = NULL;
1507 for (i = 0; i < privctx->numdbs; i++) {
1508 ret = privctx->dbconns[i]->cursor(privctx->dbconns[i],
1517 memset(&dbkey, 0, sizeof(dbkey));
1518 memset(&data, 0, sizeof(data));
1519 ret = cursor->c_get(cursor, &dbkey, &data, DB_NEXT);
1521 fetchbuf.buffer = data.data;
1522 fetchbuf.offset = 0;
1523 fetchbuf.size = data.size;
1524 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
1526 parse_keys(packets, &key);
1530 free_publickey(key);
1532 free_packet_list(packets);
1535 memset(&dbkey, 0, sizeof(dbkey));
1536 memset(&data, 0, sizeof(data));
1537 ret = cursor->c_get(cursor, &dbkey, &data,
1541 if (ret != DB_NOTFOUND) {
1542 logthing(LOGTHING_ERROR,
1543 "Problem reading key: %s",
1547 cursor->c_close(cursor);
1555 * Include the basic keydb routines.
1557 #define NEED_GETKEYSIGS 1
1558 #define NEED_KEYID2UID 1
1559 #define NEED_UPDATEKEYS 1
1563 * cleanupdb - De-initialize the key database.
1565 * This function should be called upon program exit to allow the DB to
1566 * cleanup after itself.
1568 static void db4_cleanupdb(struct onak_dbctx *dbctx)
1570 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1573 if (privctx->dbenv != NULL) {
1574 privctx->dbenv->txn_checkpoint(privctx->dbenv, 0, 0, 0);
1575 if (privctx->subkeydb != NULL) {
1576 privctx->subkeydb->close(privctx->subkeydb, 0);
1577 privctx->subkeydb = NULL;
1579 if (privctx->skshashdb != NULL) {
1580 privctx->skshashdb->close(privctx->skshashdb, 0);
1581 privctx->skshashdb = NULL;
1583 if (privctx->id64db != NULL) {
1584 privctx->id64db->close(privctx->id64db, 0);
1585 privctx->id64db = NULL;
1587 if (privctx->id32db != NULL) {
1588 privctx->id32db->close(privctx->id32db, 0);
1589 privctx->id32db = NULL;
1591 if (privctx->worddb != NULL) {
1592 privctx->worddb->close(privctx->worddb, 0);
1593 privctx->worddb = NULL;
1595 for (i = 0; i < privctx->numdbs; i++) {
1596 if (privctx->dbconns[i] != NULL) {
1597 privctx->dbconns[i]->close(privctx->dbconns[i],
1599 privctx->dbconns[i] = NULL;
1602 free(privctx->dbconns);
1603 privctx->dbconns = NULL;
1604 privctx->dbenv->close(privctx->dbenv, 0);
1605 privctx->dbenv = NULL;
1614 * initdb - Initialize the key database.
1616 * This function should be called before any of the other functions in
1617 * this file are called in order to allow the DB to be initialized ready
1620 struct onak_dbctx *keydb_db4_init(bool readonly)
1627 struct stat statbuf;
1629 struct onak_dbctx *dbctx;
1630 struct onak_db4_dbctx *privctx;
1632 dbctx = malloc(sizeof(*dbctx));
1633 if (dbctx == NULL) {
1636 dbctx->priv = privctx = calloc(1, sizeof(*privctx));
1637 if (privctx == NULL) {
1642 /* Default to 16 key data DBs */
1643 privctx->numdbs = 16;
1645 snprintf(buf, sizeof(buf) - 1, "%s/%s", config.db_dir,
1647 ret = stat(buf, &statbuf);
1648 while ((ret == 0) || (errno != ENOENT)) {
1650 logthing(LOGTHING_CRITICAL, "Couldn't stat upgrade "
1651 "lock file: %s (%d)", strerror(errno), ret);
1654 logthing(LOGTHING_DEBUG, "DB4 upgrade in progress; waiting.");
1656 ret = stat(buf, &statbuf);
1660 snprintf(buf, sizeof(buf) - 1, "%s/num_keydb", config.db_dir);
1661 numdb = fopen(buf, "r");
1662 if (numdb != NULL) {
1663 if (fgets(buf, sizeof(buf), numdb) != NULL) {
1664 privctx->numdbs = atoi(buf);
1667 } else if (!readonly) {
1668 logthing(LOGTHING_ERROR, "Couldn't open num_keydb: %s",
1670 numdb = fopen(buf, "w");
1671 if (numdb != NULL) {
1672 fprintf(numdb, "%d", privctx->numdbs);
1675 logthing(LOGTHING_ERROR,
1676 "Couldn't write num_keydb: %s",
1681 privctx->dbconns = calloc(privctx->numdbs, sizeof (DB *));
1682 if (privctx->dbconns == NULL) {
1683 logthing(LOGTHING_CRITICAL,
1684 "Couldn't allocate memory for dbconns");
1689 ret = db_env_create(&privctx->dbenv, 0);
1691 logthing(LOGTHING_CRITICAL,
1692 "db_env_create: %s", db_strerror(ret));
1697 * Up the number of locks we're allowed at once. We base this on
1698 * the maximum number of keys we're going to return.
1700 maxlocks = config.maxkeys * 16;
1701 if (maxlocks < 1000) {
1704 privctx->dbenv->set_lk_max_locks(privctx->dbenv, maxlocks);
1705 privctx->dbenv->set_lk_max_objects(privctx->dbenv, maxlocks);
1708 * Enable deadlock detection so that we don't block indefinitely on
1709 * anything. What we really want is simple 2 state locks, but I'm not
1710 * sure how to make the standard DB functions do that yet.
1713 privctx->dbenv->set_errcall(privctx->dbenv, &db4_errfunc);
1714 ret = privctx->dbenv->set_lk_detect(privctx->dbenv, DB_LOCK_DEFAULT);
1716 logthing(LOGTHING_CRITICAL,
1717 "db_env_create: %s", db_strerror(ret));
1722 ret = privctx->dbenv->open(privctx->dbenv, config.db_dir,
1723 DB_INIT_LOG | DB_INIT_MPOOL | DB_INIT_LOCK |
1727 #ifdef DB_VERSION_MISMATCH
1728 if (ret == DB_VERSION_MISMATCH) {
1729 privctx->dbenv->close(privctx->dbenv, 0);
1730 privctx->dbenv = NULL;
1731 ret = db4_upgradedb(privctx);
1733 ret = db_env_create(&privctx->dbenv, 0);
1736 privctx->dbenv->set_errcall(privctx->dbenv,
1738 privctx->dbenv->set_lk_detect(privctx->dbenv,
1740 ret = privctx->dbenv->open(privctx->dbenv,
1742 DB_INIT_LOG | DB_INIT_MPOOL |
1743 DB_INIT_LOCK | DB_INIT_TXN |
1744 DB_CREATE | DB_RECOVER,
1748 privctx->dbenv->txn_checkpoint(
1758 logthing(LOGTHING_CRITICAL,
1759 "Error opening db environment: %s (%s)",
1762 if (privctx->dbenv != NULL) {
1763 privctx->dbenv->close(privctx->dbenv, 0);
1764 privctx->dbenv = NULL;
1770 db4_starttrans(dbctx);
1772 for (i = 0; !ret && i < privctx->numdbs; i++) {
1773 ret = db_create(&privctx->dbconns[i],
1776 logthing(LOGTHING_CRITICAL,
1777 "db_create: %s", db_strerror(ret));
1781 snprintf(buf, 1023, "keydb.%d.db", i);
1786 ret = privctx->dbconns[i]->open(
1787 privctx->dbconns[i],
1795 logthing(LOGTHING_CRITICAL,
1796 "Error opening key database:"
1806 ret = db_create(&privctx->worddb, privctx->dbenv, 0);
1808 logthing(LOGTHING_CRITICAL, "db_create: %s",
1814 ret = privctx->worddb->set_flags(privctx->worddb, DB_DUP);
1818 ret = privctx->worddb->open(privctx->worddb, privctx->txn,
1819 "worddb", "worddb", DB_BTREE,
1823 logthing(LOGTHING_CRITICAL,
1824 "Error opening word database: %s (%s)",
1831 ret = db_create(&privctx->id32db, privctx->dbenv, 0);
1833 logthing(LOGTHING_CRITICAL, "db_create: %s",
1839 ret = privctx->id32db->set_flags(privctx->id32db, DB_DUP);
1843 ret = privctx->id32db->open(privctx->id32db, privctx->txn,
1844 "id32db", "id32db", DB_HASH,
1848 logthing(LOGTHING_CRITICAL,
1849 "Error opening id32 database: %s (%s)",
1856 ret = db_create(&privctx->id64db, privctx->dbenv, 0);
1858 logthing(LOGTHING_CRITICAL, "db_create: %s",
1864 ret = privctx->id64db->set_flags(privctx->id64db, DB_DUP);
1868 ret = privctx->id64db->open(privctx->id64db, privctx->txn,
1869 "id64db", "id64db", DB_HASH,
1873 logthing(LOGTHING_CRITICAL,
1874 "Error opening id64 database: %s (%s)",
1881 ret = db_create(&privctx->skshashdb, privctx->dbenv, 0);
1883 logthing(LOGTHING_CRITICAL, "db_create: %s",
1889 ret = privctx->skshashdb->open(privctx->skshashdb, privctx->txn,
1891 "skshashdb", DB_HASH,
1895 logthing(LOGTHING_CRITICAL,
1896 "Error opening skshash database: %s (%s)",
1903 ret = db_create(&privctx->subkeydb, privctx->dbenv, 0);
1905 logthing(LOGTHING_CRITICAL, "db_create: %s",
1911 ret = privctx->subkeydb->open(privctx->subkeydb, privctx->txn,
1912 "subkeydb", "subkeydb",
1917 logthing(LOGTHING_CRITICAL,
1918 "Error opening subkey database: %s (%s)",
1924 if (privctx->txn != NULL) {
1925 db4_endtrans(dbctx);
1929 db4_cleanupdb(dbctx);
1930 logthing(LOGTHING_CRITICAL,
1931 "Error opening database; exiting");
1935 dbctx->cleanupdb = db4_cleanupdb;
1936 dbctx->starttrans = db4_starttrans;
1937 dbctx->endtrans = db4_endtrans;
1938 dbctx->fetch_key_id = db4_fetch_key_id;
1939 dbctx->fetch_key_fp = db4_fetch_key_fp;
1940 dbctx->fetch_key_text = db4_fetch_key_text;
1941 dbctx->fetch_key_skshash = db4_fetch_key_skshash;
1942 dbctx->store_key = db4_store_key;
1943 dbctx->update_keys = generic_update_keys;
1944 dbctx->delete_key = db4_delete_key;
1945 dbctx->getkeysigs = generic_getkeysigs;
1946 dbctx->cached_getkeysigs = generic_cached_getkeysigs;
1947 dbctx->keyid2uid = generic_keyid2uid;
1948 dbctx->getfullkeyid = db4_getfullkeyid;
1949 dbctx->iterate_keys = db4_iterate_keys;