2 * keyd.c - key retrieval daemon
4 * Copyright 2004,2011 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
28 #include <sys/select.h>
29 #include <sys/socket.h>
30 #include <sys/types.h>
35 #include "build-config.h"
38 #include <systemd/sd-daemon.h>
41 #include "charfuncs.h"
46 #include "keystructs.h"
49 #include "onak-conf.h"
52 /* Maximum number of clients we're prepared to accept at once */
53 #define MAX_CLIENTS 16
55 static bool using_socket_activation = false;
57 static struct keyd_stats *stats;
59 static void daemonize(void)
66 logthing(LOGTHING_CRITICAL,
67 "Failed to fork into background: %d (%s)",
72 logthing(LOGTHING_INFO, "Backgrounded as pid %d.", pid);
77 logthing(LOGTHING_CRITICAL,
78 "Couldn't set process group leader: %d (%s)",
84 if (!freopen("/dev/null", "r", stdin)) {
85 logthing(LOGTHING_CRITICAL,
86 "Couldn't reopen stdin to NULL: %d (%s)",
91 if (!freopen("/dev/null", "w", stdout)) {
92 logthing(LOGTHING_CRITICAL,
93 "Couldn't reopen stdout to NULL: %d (%s)",
98 if (!freopen("/dev/null", "w", stderr)) {
99 logthing(LOGTHING_CRITICAL,
100 "Couldn't reopen stderr to NULL: %d (%s)",
109 static bool keyd_write_key(int fd, struct openpgp_publickey *key)
111 struct openpgp_packet_list *packets = NULL;
112 struct openpgp_packet_list *list_end = NULL;
113 struct buffer_ctx storebuf;
118 storebuf.size = 8192;
119 storebuf.buffer = malloc(8192);
121 flatten_publickey(key,
124 write_openpgp_stream(buffer_putchar,
127 logthing(LOGTHING_TRACE,
130 written = write(fd, &storebuf.offset,
131 sizeof(storebuf.offset));
135 written = write(fd, storebuf.buffer,
137 if (written != storebuf.offset) {
142 free(storebuf.buffer);
143 storebuf.buffer = NULL;
144 storebuf.size = storebuf.offset = 0;
145 free_packet_list(packets);
146 packets = list_end = NULL;
151 static bool keyd_write_reply(int fd, enum keyd_reply _reply)
153 uint32_t reply = _reply;
157 written = write(fd, &reply, sizeof(reply));
158 if (written != sizeof(reply)) {
165 static bool keyd_write_size(int fd, size_t size)
170 written = write(fd, &size, sizeof(size));
171 if (written != sizeof(size)) {
178 static void iteratefunc(void *ctx, struct openpgp_publickey *key)
180 int *fd = (int *) ctx;
184 get_keyid(key, &keyid);
185 logthing(LOGTHING_TRACE,
186 "Iterating over 0x%016" PRIX64 ".",
189 keyd_write_key(*fd, key);
195 static int sock_init(const char *sockname)
197 struct sockaddr_un sock;
203 n = sd_listen_fds(0);
205 logthing(LOGTHING_ERROR,
206 "Too many file descriptors received from systemd.");
208 fd = SD_LISTEN_FDS_START + 0;
209 if (sd_is_socket_unix(fd, SOCK_STREAM, 1, NULL, 0) <= 0) {
210 logthing(LOGTHING_ERROR,
211 "systemd passed an invalid socket.");
214 using_socket_activation = true;
217 fd = socket(PF_UNIX, SOCK_STREAM, 0);
219 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
223 sock.sun_family = AF_UNIX;
224 strncpy(sock.sun_path, sockname,
225 sizeof(sock.sun_path) - 1);
227 ret = bind(fd, (struct sockaddr *) &sock,
236 logthing(LOGTHING_ERROR,
237 "Couldn't open socket to listen on: %s (%d)",
250 static int sock_do(struct onak_dbctx *dbctx, int fd)
252 uint32_t cmd = KEYD_CMD_UNKNOWN;
258 struct openpgp_publickey *key = NULL;
259 struct openpgp_packet_list *packets = NULL;
260 struct buffer_ctx storebuf;
262 struct openpgp_fingerprint fingerprint;
265 * Get the command from the client.
267 bytes = read(fd, &cmd, sizeof(cmd));
269 logthing(LOGTHING_DEBUG, "Read %d bytes, command: %d", bytes, cmd);
271 if (bytes != sizeof(cmd)) {
276 if (cmd < KEYD_CMD_LAST) {
277 stats->command_stats[cmd]++;
279 stats->command_stats[KEYD_CMD_UNKNOWN]++;
282 case KEYD_CMD_VERSION:
283 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
287 cmd = sizeof(keyd_version);
288 bytes = write(fd, &cmd, sizeof(cmd));
289 if (bytes != sizeof(cmd)) {
294 bytes = write(fd, &keyd_version,
295 sizeof(keyd_version));
296 if (bytes != sizeof(keyd_version)) {
302 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
306 if ((read(fd, &bytes, 1) != 1) ||
307 (bytes > MAX_FINGERPRINT_LEN)) {
310 fingerprint.length = bytes;
311 bytes = read(fd, fingerprint.fp,
313 if (bytes != fingerprint.length) {
319 logthing(LOGTHING_INFO,
320 "Fetching by fingerprint"
322 dbctx->fetch_key(dbctx,
326 keyd_write_key(fd, key);
330 if (!keyd_write_size(fd, 0)) {
336 case KEYD_CMD_GET_ID:
337 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
341 bytes = read(fd, &keyid, sizeof(keyid));
342 if (bytes != sizeof(keyid)) {
347 logthing(LOGTHING_INFO,
348 "Fetching 0x%" PRIX64
351 dbctx->fetch_key_id(dbctx,
355 keyd_write_key(fd, key);
359 if (!keyd_write_size(fd, 0)) {
365 case KEYD_CMD_GET_FP:
366 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
370 if ((read(fd, &bytes, 1) != 1) ||
371 (bytes > MAX_FINGERPRINT_LEN)) {
374 fingerprint.length = bytes;
375 bytes = read(fd, fingerprint.fp,
377 if (bytes != fingerprint.length) {
383 logthing(LOGTHING_INFO,
384 "Fetching by fingerprint"
386 dbctx->fetch_key_fp(dbctx,
390 keyd_write_key(fd, key);
394 if (!keyd_write_size(fd, 0)) {
400 case KEYD_CMD_GET_TEXT:
401 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
405 bytes = read(fd, &count, sizeof(count));
406 if (bytes != sizeof(count)) {
411 search = malloc(count+1);
412 bytes = read(fd, search, count);
413 if (bytes != count) {
419 logthing(LOGTHING_INFO,
420 "Fetching %s, result: %d",
422 dbctx->fetch_key_text(dbctx,
425 keyd_write_key(fd, key);
429 if (!keyd_write_size(fd, 0)) {
437 case KEYD_CMD_UPDATE:
438 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
442 bytes = read(fd, &storebuf.size,
443 sizeof(storebuf.size));
444 logthing(LOGTHING_TRACE, "Reading %d bytes.",
446 if (bytes != sizeof(storebuf.size)) {
450 if (ret == 0 && storebuf.size > 0) {
451 storebuf.buffer = malloc(storebuf.size);
454 while (bytes >= 0 && count < storebuf.size) {
456 &storebuf.buffer[count],
457 storebuf.size - count);
458 logthing(LOGTHING_TRACE,
463 read_openpgp_stream(buffer_fetchchar,
467 parse_keys(packets, &key);
468 dbctx->store_key(dbctx, key, false,
469 (cmd == KEYD_CMD_UPDATE));
470 free_packet_list(packets);
474 free(storebuf.buffer);
475 storebuf.buffer = NULL;
476 storebuf.size = storebuf.offset = 0;
479 case KEYD_CMD_DELETE:
480 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
484 bytes = read(fd, &fingerprint,
485 sizeof(fingerprint));
486 if (bytes != sizeof(fingerprint)) {
491 logthing(LOGTHING_INFO,
492 "Deleting 0x%" PRIX64
495 dbctx->delete_key(dbctx,
496 &fingerprint, false));
499 case KEYD_CMD_KEYITER:
500 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
504 dbctx->iterate_keys(dbctx, iteratefunc,
506 if (!keyd_write_size(fd, 0)) {
512 /* We're going to close the FD even if this fails */
513 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
517 /* We're going to quit even if this fails */
518 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
519 logthing(LOGTHING_NOTICE,
520 "Exiting due to quit request.");
525 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
529 cmd = sizeof(*stats);
530 bytes = write(fd, &cmd, sizeof(cmd));
531 if (bytes != sizeof(cmd)) {
536 bytes = write(fd, stats, sizeof(*stats));
537 if (bytes != sizeof(*stats)) {
542 case KEYD_CMD_GET_SKSHASH:
543 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
547 bytes = read(fd, hash.hash, sizeof(hash.hash));
548 if (bytes != sizeof(hash.hash)) {
553 logthing(LOGTHING_INFO,
556 dbctx->fetch_key_skshash(dbctx,
559 keyd_write_key(fd, key);
563 if (!keyd_write_size(fd, 0)) {
571 logthing(LOGTHING_ERROR, "Got unknown command: %d",
573 if (!keyd_write_reply(fd, KEYD_REPLY_UNKNOWN_CMD)) {
582 static int sock_close(int fd)
584 shutdown(fd, SHUT_RDWR);
588 static int sock_accept(int fd)
590 struct sockaddr_un sock;
595 socklen = sizeof(sock);
596 srv = accept(fd, (struct sockaddr *) &sock, &socklen);
598 ret = fcntl(srv, F_SETFD, FD_CLOEXEC);
608 static void usage(void)
610 puts("keyd " ONAK_VERSION " - backend key serving daemon for the "
611 "onak PGP keyserver.\n");
613 puts("\tkeyd [options]\n");
614 puts("\tOptions:\n:");
615 puts("-c <file> - use <file> as the config file");
616 puts("-f - run in the foreground");
617 puts("-h - show this help text");
621 int main(int argc, char *argv[])
623 int fd = -1, maxfd, i, clients[MAX_CLIENTS];
624 fd_set rfds = { 0 }; /* Avoid scan-build false report for FD_SET */
626 char *configfile = NULL;
627 bool foreground = false;
629 struct onak_dbctx *dbctx;
631 while ((optchar = getopt(argc, argv, "c:fh")) != -1 ) {
634 if (configfile != NULL) {
637 configfile = strdup(optarg);
649 readconfig(configfile);
652 initlogthing("keyd", config.logfile);
653 config.use_keyd = false;
660 signal(SIGPIPE, SIG_IGN);
663 stats = calloc(1, sizeof(*stats));
665 logthing(LOGTHING_ERROR,
666 "Couldn't allocate memory for stats structure.");
669 stats->started = time(NULL);
671 snprintf(sockname, sizeof(sockname) - 1, "%s/%s",
672 config.sock_dir, KEYD_SOCKET);
673 fd = sock_init(sockname);
679 memset(clients, -1, sizeof (clients));
681 dbctx = config.dbinit(config.backend, false);
683 logthing(LOGTHING_NOTICE, "Accepting connections%s",
684 using_socket_activation ? " (via systemd)" : "");
685 while (!cleanup() && select(maxfd + 1, &rfds, NULL, NULL, NULL) != -1) {
687 * Deal with existing clients first; if we're at our
688 * connection limit then processing them might free
689 * things up and let us accept the next client below.
691 for (i = 0; i < MAX_CLIENTS; i++) {
692 if (clients[i] != -1 &&
693 FD_ISSET(clients[i], &rfds)) {
694 logthing(LOGTHING_DEBUG,
695 "Handling connection for client %d.", i);
696 if (sock_do(dbctx, clients[i])) {
697 sock_close(clients[i]);
699 logthing(LOGTHING_DEBUG,
700 "Closed connection for client %d.", i);
705 * Check if we have a new incoming connection to accept.
707 if (FD_ISSET(fd, &rfds)) {
708 for (i = 0; i < MAX_CLIENTS; i++) {
709 if (clients[i] == -1) {
713 if (i < MAX_CLIENTS) {
714 logthing(LOGTHING_INFO,
715 "Accepted connection %d.", i);
716 clients[i] = sock_accept(fd);
722 for (i = 0; i < MAX_CLIENTS; i++) {
723 if (clients[i] != -1) {
724 FD_SET(clients[i], &rfds);
725 maxfd = (maxfd > clients[i]) ?
730 dbctx->cleanupdb(dbctx);
732 if (!using_socket_activation) {
743 logthing(LOGTHING_NOTICE, "Exiting");
747 return(EXIT_SUCCESS);