2 * keydb_db4.c - Routines to store and fetch keys in a DB4 database.
4 * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 #include <sys/types.h>
33 #include "charfuncs.h"
37 #include "decodekey.h"
38 #include "keystructs.h"
41 #include "onak-conf.h"
45 #define DB4_UPGRADE_FILE "db_upgrade.lck"
47 struct onak_db4_dbctx {
48 DB_ENV *dbenv; /* The database environment context */
49 int numdbs; /* Number of data databases in use */
50 DB **dbconns; /* Connections to the key data databases */
51 DB *worddb; /* Connection to the word lookup database */
52 DB *id32db; /* Connection to the 32 bit ID lookup database */
53 DB *id64db; /* Connection to the 64 bit ID lookup database */
54 DB *skshashdb; /* Connection to the SKS hash database */
55 DB *subkeydb; /* Connection to the subkey ID lookup database */
56 DB_TXN *txn; /* Our current transaction ID */
59 DB *keydb_id(struct onak_db4_dbctx *privctx, uint64_t keyid)
65 return(privctx->dbconns[keytrun % privctx->numdbs]);
68 DB *keydb_fp(struct onak_db4_dbctx *privctx, struct openpgp_fingerprint *fp)
72 keytrun = (fp->fp[4] << 24) |
77 return(privctx->dbconns[keytrun % privctx->numdbs]);
81 * db4_errfunc - Direct DB errors to logfile
83 * Basic function to take errors from the DB library and output them to
84 * the logfile rather than stderr.
86 #if (DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR < 3)
87 static void db4_errfunc(const char *errpfx, const char *errmsg)
89 static void db4_errfunc(const DB_ENV *edbenv, const char *errpfx,
94 logthing(LOGTHING_DEBUG, "db4 error: %s:%s", errpfx, errmsg);
96 logthing(LOGTHING_DEBUG, "db4 error: %s", errmsg);
103 * starttrans - Start a transaction.
105 * Start a transaction. Intended to be used if we're about to perform many
106 * operations on the database to help speed it all up, or if we want
107 * something to only succeed if all relevant operations are successful.
109 static bool db4_starttrans(struct onak_dbctx *dbctx)
111 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
114 log_assert(privctx->dbenv != NULL);
115 log_assert(privctx->txn == NULL);
117 ret = privctx->dbenv->txn_begin(privctx->dbenv,
118 NULL, /* No parent transaction */
122 logthing(LOGTHING_CRITICAL,
123 "Error starting transaction: %s",
132 * endtrans - End a transaction.
134 * Ends a transaction.
136 static void db4_endtrans(struct onak_dbctx *dbctx)
138 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
141 log_assert(privctx->dbenv != NULL);
142 log_assert(privctx->txn != NULL);
144 ret = privctx->txn->commit(privctx->txn,
147 logthing(LOGTHING_CRITICAL,
148 "Error ending transaction: %s",
158 * db4_upgradedb - Upgrade a DB4 database
160 * Called if we discover we need to upgrade our DB4 database; ie if
161 * we're running with a newer version of db4 than the database was
164 static int db4_upgradedb(struct onak_db4_dbctx *privctx)
174 snprintf(buf, sizeof(buf) - 1, "%s/%s", config.db_dir,
176 lockfile_fd = open(buf, O_RDWR | O_CREAT | O_EXCL, 0600);
177 if (lockfile_fd < 0) {
178 if (errno == EEXIST) {
179 while (stat(buf, &statbuf) == 0) ;
182 logthing(LOGTHING_CRITICAL, "Couldn't open database "
183 "update lock file: %s", strerror(errno));
187 snprintf(buf, sizeof(buf) - 1, "%d", getpid());
188 written = write(lockfile_fd, buf, strlen(buf));
190 if (written != strlen(buf)) {
191 logthing(LOGTHING_CRITICAL, "Couldn't write PID to lockfile: "
192 "%s", strerror(errno));
193 snprintf(buf, sizeof(buf) - 1, "%s/%s", config.db_dir,
199 logthing(LOGTHING_NOTICE, "Upgrading DB4 database");
200 ret = db_env_create(&privctx->dbenv, 0);
202 privctx->dbenv->set_errcall(privctx->dbenv, &db4_errfunc);
203 privctx->dbenv->remove(privctx->dbenv, config.db_dir, 0);
204 privctx->dbenv = NULL;
206 for (i = 0; i < privctx->numdbs; i++) {
207 ret = db_create(&curdb, NULL, 0);
209 snprintf(buf, sizeof(buf) - 1, "%s/keydb.%d.db",
211 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
212 curdb->upgrade(curdb, buf, 0);
213 curdb->close(curdb, 0);
215 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
221 ret = db_create(&curdb, NULL, 0);
223 snprintf(buf, sizeof(buf) - 1, "%s/worddb", config.db_dir);
224 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
225 curdb->upgrade(curdb, buf, 0);
226 curdb->close(curdb, 0);
228 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
233 ret = db_create(&curdb, NULL, 0);
235 snprintf(buf, sizeof(buf) - 1, "%s/id32db", config.db_dir);
236 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
237 curdb->upgrade(curdb, buf, 0);
238 curdb->close(curdb, 0);
240 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
245 ret = db_create(&curdb, NULL, 0);
247 snprintf(buf, sizeof(buf) - 1, "%s/id64db", config.db_dir);
248 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
249 curdb->upgrade(curdb, buf, 0);
250 curdb->close(curdb, 0);
252 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
257 ret = db_create(&curdb, NULL, 0);
259 snprintf(buf, sizeof(buf) - 1, "%s/skshashdb", config.db_dir);
260 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
261 curdb->upgrade(curdb, buf, 0);
262 curdb->close(curdb, 0);
264 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
269 ret = db_create(&curdb, NULL, 0);
271 snprintf(buf, sizeof(buf) - 1, "%s/subkeydb", config.db_dir);
272 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
273 curdb->upgrade(curdb, buf, 0);
274 curdb->close(curdb, 0);
276 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
281 snprintf(buf, sizeof(buf) - 1, "%s/%s", config.db_dir,
289 * getfullkeyid - Maps a 32bit key id to a 64bit one.
290 * @keyid: The 32bit keyid.
292 * This function maps a 32bit key id to the full 64bit one. It returns the
293 * full keyid. If the key isn't found a keyid of 0 is returned.
295 static uint64_t db4_getfullkeyid(struct onak_dbctx *dbctx, uint64_t keyid)
297 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
300 uint32_t shortkeyid = 0;
304 if (keyid < 0x100000000LL) {
305 ret = privctx->id32db->cursor(privctx->id32db,
314 shortkeyid = keyid & 0xFFFFFFFF;
316 memset(&key, 0, sizeof(key));
317 memset(&data, 0, sizeof(data));
318 key.data = &shortkeyid;
319 key.size = sizeof(shortkeyid);
320 data.flags = DB_DBT_MALLOC;
322 ret = cursor->c_get(cursor,
328 if (data.size == 8) {
329 keyid = * (uint64_t *) data.data;
332 for (i = 12; i < 20; i++) {
334 keyid |= ((uint8_t *) data.data)[i];
338 if (data.data != NULL) {
344 cursor->c_close(cursor);
352 * fetch_key_fp - Given a fingerprint fetch the key from storage.
354 static int db4_fetch_key_fp(struct onak_dbctx *dbctx,
355 struct openpgp_fingerprint *fingerprint,
356 struct openpgp_publickey **publickey,
359 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
360 struct openpgp_packet_list *packets = NULL;
364 struct buffer_ctx fetchbuf;
365 struct openpgp_fingerprint subfp;
367 memset(&key, 0, sizeof(key));
368 memset(&data, 0, sizeof(data));
373 key.size = fingerprint->length;
374 key.data = fingerprint->fp;
377 db4_starttrans(dbctx);
380 ret = keydb_fp(privctx, fingerprint)->get(keydb_fp(privctx,
387 if (ret == DB_NOTFOUND) {
388 /* If we didn't find the key ID see if it's a subkey ID */
389 memset(&key, 0, sizeof(key));
390 memset(&data, 0, sizeof(data));
391 data.data = subfp.fp;
392 data.ulen = MAX_FINGERPRINT_LEN;
393 data.flags = DB_DBT_USERMEM;
394 key.data = fingerprint->fp;
395 key.size = fingerprint->length;
397 ret = privctx->subkeydb->get(privctx->subkeydb,
404 /* We got a subkey match; retrieve the actual key */
405 memset(&key, 0, sizeof(key));
406 key.size = subfp.length = data.size;
409 memset(&data, 0, sizeof(data));
413 ret = keydb_fp(privctx, &subfp)->get(
414 keydb_fp(privctx, &subfp),
423 fetchbuf.buffer = data.data;
425 fetchbuf.size = data.size;
426 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
428 parse_keys(packets, publickey);
429 free_packet_list(packets);
432 } else if (ret != DB_NOTFOUND) {
433 logthing(LOGTHING_ERROR,
434 "Problem retrieving key: %s",
446 * fetch_key_id - Given a keyid fetch the key from storage.
447 * @keyid: The keyid to fetch.
448 * @publickey: A pointer to a structure to return the key in.
449 * @intrans: If we're already in a transaction.
451 * We use the hex representation of the keyid as the filename to fetch the
452 * key from. The key is stored in the file as a binary OpenPGP stream of
453 * packets, so we can just use read_openpgp_stream() to read the packets
454 * in and then parse_keys() to parse the packets into a publickey
457 static int db4_fetch_key_id(struct onak_dbctx *dbctx, uint64_t keyid,
458 struct openpgp_publickey **publickey,
461 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
462 struct openpgp_packet_list *packets = NULL;
466 struct buffer_ctx fetchbuf;
467 struct openpgp_fingerprint fingerprint;
469 if (keyid < 0x100000000LL) {
470 keyid = db4_getfullkeyid(dbctx, keyid);
473 memset(&key, 0, sizeof(key));
474 memset(&data, 0, sizeof(data));
479 key.size = sizeof(keyid);
483 db4_starttrans(dbctx);
487 * First we try a legacy stored key where we used the 64 bit key ID
490 ret = keydb_id(privctx, keyid)->get(keydb_id(privctx, keyid),
496 if (ret == DB_NOTFOUND) {
497 /* If we didn't find the key ID try the 64 bit map DB */
498 memset(&key, 0, sizeof(key));
499 memset(&data, 0, sizeof(data));
500 data.ulen = MAX_FINGERPRINT_LEN;
501 data.data = fingerprint.fp;
502 data.flags = DB_DBT_USERMEM;
503 key.size = sizeof(keyid);
506 ret = privctx->id64db->get(privctx->id64db,
513 /* We got a match; retrieve the actual key */
514 fingerprint.length = data.size;
516 memset(&key, 0, sizeof(key));
517 memset(&data, 0, sizeof(data));
518 key.size = fingerprint.length;
519 key.data = fingerprint.fp;
521 ret = keydb_fp(privctx, &fingerprint)->get(
522 keydb_fp(privctx, &fingerprint),
531 fetchbuf.buffer = data.data;
533 fetchbuf.size = data.size;
534 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
536 parse_keys(packets, publickey);
537 free_packet_list(packets);
540 } else if (ret != DB_NOTFOUND) {
541 logthing(LOGTHING_ERROR,
542 "Problem retrieving key: %s",
554 int worddb_cmp(const void *d1, const void *d2)
556 return memcmp(d1, d2, 12);
560 * fetch_key_text - Trys to find the keys that contain the supplied text.
561 * @search: The text to search for.
562 * @publickey: A pointer to a structure to return the key in.
564 * This function searches for the supplied text and returns the keys that
567 static int db4_fetch_key_text(struct onak_dbctx *dbctx, const char *search,
568 struct openpgp_publickey **publickey)
570 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
577 char *searchtext = NULL;
578 struct ll *wordlist = NULL;
579 struct ll *curword = NULL;
580 struct keyarray keylist = { NULL, 0, 0 };
581 struct keyarray newkeylist = { NULL, 0, 0 };
583 struct openpgp_fingerprint fingerprint;
586 searchtext = strdup(search);
587 wordlist = makewordlist(wordlist, searchtext);
589 for (curword = wordlist; curword != NULL; curword = curword->next) {
590 db4_starttrans(dbctx);
592 ret = privctx->worddb->cursor(privctx->worddb,
602 memset(&key, 0, sizeof(key));
603 memset(&data, 0, sizeof(data));
604 key.data = curword->object;
605 key.size = strlen(curword->object);
606 data.flags = DB_DBT_MALLOC;
607 ret = cursor->c_get(cursor,
611 while (ret == 0 && strncmp(key.data, curword->object,
613 ((char *) curword->object)[key.size] == 0) {
614 if (data.size == 12) {
615 /* Old style creation + key id */
616 fingerprint.length = 8;
617 for (i = 4; i < 12; i++) {
618 fingerprint.fp[i - 4] =
623 fingerprint.length = data.size;
624 memcpy(fingerprint.fp, data.data, data.size);
628 * Only add the keys containing this word if this is
629 * our first pass (ie we have no existing key list),
630 * or the key contained a previous word.
632 if (firstpass || array_find(&keylist, &fingerprint)) {
633 array_add(&newkeylist, &fingerprint);
639 ret = cursor->c_get(cursor,
644 array_free(&keylist);
645 keylist.keys = newkeylist.keys;
646 keylist.count = newkeylist.count;
647 keylist.size = newkeylist.size;
648 newkeylist.keys = NULL;
649 newkeylist.count = newkeylist.size = 0;
650 if (data.data != NULL) {
654 cursor->c_close(cursor);
659 llfree(wordlist, NULL);
662 if (keylist.count > config.maxkeys) {
663 keylist.count = config.maxkeys;
666 db4_starttrans(dbctx);
667 for (i = 0; i < keylist.count; i++) {
668 if (keylist.keys[i].length == 8) {
670 for (int j = 0; j < 8; j++) {
672 keyid |= keylist.keys[i].fp[j];
674 numkeys += db4_fetch_key_id(dbctx, keyid,
678 numkeys += db4_fetch_key_fp(dbctx, &keylist.keys[i],
683 array_free(&keylist);
692 static int db4_fetch_key_skshash(struct onak_dbctx *dbctx,
693 const struct skshash *hash,
694 struct openpgp_publickey **publickey)
696 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
702 struct openpgp_fingerprint fingerprint;
704 ret = privctx->skshashdb->cursor(privctx->skshashdb,
713 memset(&key, 0, sizeof(key));
714 memset(&data, 0, sizeof(data));
715 key.data = (void *) hash->hash;
716 key.size = sizeof(hash->hash);
717 data.flags = DB_DBT_MALLOC;
719 ret = cursor->c_get(cursor,
725 if (data.size == 8) {
726 /* Legacy key ID record */
727 keyid = *(uint64_t *) data.data;
728 count = db4_fetch_key_id(dbctx, keyid, publickey,
731 fingerprint.length = data.size;
732 memcpy(fingerprint.fp, data.data, data.size);
733 count = db4_fetch_key_fp(dbctx, &fingerprint,
737 if (data.data != NULL) {
743 cursor->c_close(cursor);
750 * delete_key - Given a keyid delete the key from storage.
751 * @keyid: The keyid to delete.
752 * @intrans: If we're already in a transaction.
754 * This function deletes a public key from whatever storage mechanism we
755 * are using. Returns 0 if the key existed.
757 static int db4_delete_key(struct onak_dbctx *dbctx,
758 uint64_t keyid, bool intrans)
760 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
761 struct openpgp_publickey *publickey = NULL;
764 DBC *cursor64 = NULL;
765 uint32_t shortkeyid = 0;
766 uint64_t subkeyid = 0;
767 struct openpgp_fingerprint *subkeyids = NULL;
771 char *primary = NULL;
772 unsigned char worddb_data[12];
773 struct ll *wordlist = NULL;
774 struct ll *curword = NULL;
775 bool deadlock = false;
777 struct openpgp_fingerprint fingerprint;
780 db4_starttrans(dbctx);
783 if (db4_fetch_key_id(dbctx, keyid, &publickey, true) == 0) {
790 get_fingerprint(publickey->publickey, &fingerprint);
793 * Walk through the uids removing the words from the worddb.
795 if (publickey != NULL) {
796 uids = keyuids(publickey, &primary);
799 for (i = 0; ret == 0 && uids[i] != NULL; i++) {
800 wordlist = makewordlist(wordlist, uids[i]);
803 privctx->worddb->cursor(privctx->worddb,
808 for (curword = wordlist; curword != NULL && !deadlock;
809 curword = curword->next) {
810 memset(&key, 0, sizeof(key));
811 memset(&data, 0, sizeof(data));
812 key.data = curword->object;
813 key.size = strlen(key.data);
814 data.data = worddb_data;
815 data.size = sizeof(worddb_data);
818 * Old format word db data was the key creation time
819 * followed by the 64 bit key id.
821 worddb_data[ 0] = publickey->publickey->data[1];
822 worddb_data[ 1] = publickey->publickey->data[2];
823 worddb_data[ 2] = publickey->publickey->data[3];
824 worddb_data[ 3] = publickey->publickey->data[4];
825 worddb_data[ 4] = (keyid >> 56) & 0xFF;
826 worddb_data[ 5] = (keyid >> 48) & 0xFF;
827 worddb_data[ 6] = (keyid >> 40) & 0xFF;
828 worddb_data[ 7] = (keyid >> 32) & 0xFF;
829 worddb_data[ 8] = (keyid >> 24) & 0xFF;
830 worddb_data[ 9] = (keyid >> 16) & 0xFF;
831 worddb_data[10] = (keyid >> 8) & 0xFF;
832 worddb_data[11] = keyid & 0xFF;
834 ret = cursor->c_get(cursor,
840 cursor->c_del(cursor, 0);
843 /* New style just uses the fingerprint as the data */
844 memset(&key, 0, sizeof(key));
845 memset(&data, 0, sizeof(data));
846 key.data = curword->object;
847 key.size = strlen(key.data);
848 data.data = fingerprint.fp;
849 data.size = fingerprint.length;
851 ret = cursor->c_get(cursor,
857 ret = cursor->c_del(cursor, 0);
860 if (ret != 0 && ret != DB_NOTFOUND) {
861 logthing(LOGTHING_ERROR,
862 "Problem deleting word: %s "
863 "(0x%016" PRIX64 ")",
866 if (ret == DB_LOCK_DEADLOCK) {
871 cursor->c_close(cursor);
875 * Free our UID and word lists.
877 llfree(wordlist, NULL);
878 for (i = 0; uids[i] != NULL; i++) {
887 privctx->id32db->cursor(privctx->id32db,
891 privctx->id64db->cursor(privctx->id64db,
896 shortkeyid = keyid & 0xFFFFFFFF;
898 /* Old style mapping to 64 bit key id */
899 memset(&key, 0, sizeof(key));
900 memset(&data, 0, sizeof(data));
901 key.data = &shortkeyid;
902 key.size = sizeof(shortkeyid);
904 data.size = sizeof(keyid);
906 ret = cursor->c_get(cursor,
912 cursor->c_del(cursor, 0);
915 /* New style mapping to fingerprint */
916 memset(&key, 0, sizeof(key));
917 memset(&data, 0, sizeof(data));
918 key.data = &shortkeyid;
919 key.size = sizeof(shortkeyid);
920 data.data = fingerprint.fp;
921 data.size = fingerprint.length;
923 ret = cursor->c_get(cursor,
929 ret = cursor->c_del(cursor, 0);
932 if (ret != 0 && ret != DB_NOTFOUND) {
933 logthing(LOGTHING_ERROR,
934 "Problem deleting short keyid: %s "
935 "(0x%016" PRIX64 ")",
938 if (ret == DB_LOCK_DEADLOCK) {
943 /* 64 bit key mapping to fingerprint */
944 memset(&key, 0, sizeof(key));
945 memset(&data, 0, sizeof(data));
947 key.size = sizeof(keyid);
948 data.data = fingerprint.fp;
949 data.size = fingerprint.length;
951 ret = cursor64->c_get(cursor64,
957 ret = cursor64->c_del(cursor64, 0);
960 if (ret != 0 && ret != DB_NOTFOUND) {
961 logthing(LOGTHING_ERROR,
962 "Problem deleting keyid: %s "
963 "(0x%016" PRIX64 ")",
966 if (ret == DB_LOCK_DEADLOCK) {
971 subkeyids = keysubkeys(publickey);
973 while (subkeyids != NULL && subkeyids[i].length != 0) {
974 subkeyid = fingerprint2keyid(&subkeyids[i]);
975 memset(&key, 0, sizeof(key));
976 key.data = subkeyids[i].fp;
977 key.size = subkeyids[i].length;
978 privctx->subkeydb->del(privctx->subkeydb,
979 privctx->txn, &key, 0);
980 if (ret != 0 && ret != DB_NOTFOUND) {
981 logthing(LOGTHING_ERROR,
982 "Problem deleting subkey id: %s "
983 "(0x%016" PRIX64 ")",
986 if (ret == DB_LOCK_DEADLOCK) {
991 shortkeyid = subkeyid & 0xFFFFFFFF;
993 /* Remove 32 bit keyid -> 64 bit keyid mapping */
994 memset(&key, 0, sizeof(key));
995 memset(&data, 0, sizeof(data));
996 key.data = &shortkeyid;
997 key.size = sizeof(shortkeyid);
999 data.size = sizeof(keyid);
1001 ret = cursor->c_get(cursor,
1007 cursor->c_del(cursor, 0);
1010 /* Remove 32 bit keyid -> fingerprint mapping */
1011 memset(&key, 0, sizeof(key));
1012 memset(&data, 0, sizeof(data));
1013 key.data = &shortkeyid;
1014 key.size = sizeof(shortkeyid);
1015 data.data = fingerprint.fp;
1016 data.size = fingerprint.length;
1018 ret = cursor->c_get(cursor,
1024 ret = cursor->c_del(cursor, 0);
1027 if (ret != 0 && ret != DB_NOTFOUND) {
1028 logthing(LOGTHING_ERROR,
1029 "Problem deleting short keyid: %s "
1030 "(0x%016" PRIX64 ")",
1033 if (ret == DB_LOCK_DEADLOCK) {
1038 /* Remove 64 bit keyid -> fingerprint mapping */
1039 memset(&key, 0, sizeof(key));
1040 memset(&data, 0, sizeof(data));
1041 key.data = &subkeyid;
1042 key.size = sizeof(subkeyid);
1043 data.data = fingerprint.fp;
1044 data.size = fingerprint.length;
1046 ret = cursor64->c_get(cursor64,
1052 ret = cursor64->c_del(cursor64, 0);
1055 if (ret != 0 && ret != DB_NOTFOUND) {
1056 logthing(LOGTHING_ERROR,
1057 "Problem deleting keyid: %s "
1058 "(0x%016" PRIX64 ")",
1061 if (ret == DB_LOCK_DEADLOCK) {
1067 if (subkeyids != NULL) {
1071 cursor64->c_close(cursor64);
1073 cursor->c_close(cursor);
1078 ret = privctx->skshashdb->cursor(privctx->skshashdb,
1083 get_skshash(publickey, &hash);
1085 /* First delete old style keyid mapping */
1086 memset(&key, 0, sizeof(key));
1087 memset(&data, 0, sizeof(data));
1088 key.data = hash.hash;
1089 key.size = sizeof(hash.hash);
1091 data.size = sizeof(keyid);
1093 ret = cursor->c_get(cursor,
1099 cursor->c_del(cursor, 0);
1102 /* Then delete new style fingerprint mapping */
1103 memset(&key, 0, sizeof(key));
1104 memset(&data, 0, sizeof(data));
1105 key.data = hash.hash;
1106 key.size = sizeof(hash.hash);
1107 data.data = fingerprint.fp;
1108 data.size = fingerprint.length;
1110 ret = cursor->c_get(cursor,
1116 ret = cursor->c_del(cursor, 0);
1119 if (ret != 0 && ret != DB_NOTFOUND) {
1120 logthing(LOGTHING_ERROR,
1121 "Problem deleting skshash: %s "
1122 "(0x%016" PRIX64 ")",
1125 if (ret == DB_LOCK_DEADLOCK) {
1130 cursor->c_close(cursor);
1134 free_publickey(publickey);
1138 key.data = fingerprint.fp;
1139 key.size = fingerprint.length;
1141 keydb_fp(privctx, &fingerprint)->del(keydb_fp(privctx,
1147 /* Delete old style 64 bit keyid */
1149 key.size = sizeof(keyid);
1151 keydb_id(privctx, keyid)->del(keydb_id(privctx, keyid),
1158 db4_endtrans(dbctx);
1161 return deadlock ? (-1) : (ret == DB_NOTFOUND);
1165 * store_key - Takes a key and stores it.
1166 * @publickey: A pointer to the public key to store.
1167 * @intrans: If we're already in a transaction.
1168 * @update: If true the key exists and should be updated.
1170 * Again we just use the hex representation of the keyid as the filename
1171 * to store the key to. We flatten the public key to a list of OpenPGP
1172 * packets and then use write_openpgp_stream() to write the stream out to
1173 * the file. If update is true then we delete the old key first, otherwise
1174 * we trust that it doesn't exist.
1176 static int db4_store_key(struct onak_dbctx *dbctx,
1177 struct openpgp_publickey *publickey, bool intrans,
1180 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1181 struct openpgp_packet_list *packets = NULL;
1182 struct openpgp_packet_list *list_end = NULL;
1183 struct openpgp_publickey *next = NULL;
1186 struct buffer_ctx storebuf;
1190 uint32_t shortkeyid = 0;
1191 struct openpgp_fingerprint *subkeyids = NULL;
1193 char *primary = NULL;
1194 struct ll *wordlist = NULL;
1195 struct ll *curword = NULL;
1196 bool deadlock = false;
1197 struct skshash hash;
1198 struct openpgp_fingerprint fingerprint;
1200 if (get_keyid(publickey, &keyid) != ONAK_E_OK) {
1201 logthing(LOGTHING_ERROR, "Couldn't find key ID for key.");
1205 if (get_fingerprint(publickey->publickey, &fingerprint) != ONAK_E_OK) {
1206 logthing(LOGTHING_ERROR, "Couldn't find fingerprint for key.");
1211 db4_starttrans(dbctx);
1215 * Delete the key if we already have it.
1217 * TODO: Can we optimize this perhaps? Possibly when other data is
1218 * involved as well? I suspect this is easiest and doesn't make a lot
1219 * of difference though - the largest chunk of data is the keydata and
1220 * it definitely needs updated.
1223 deadlock = (db4_delete_key(dbctx, keyid, true) == -1);
1227 * Convert the key to a flat set of binary data.
1230 next = publickey->next;
1231 publickey->next = NULL;
1232 flatten_publickey(publickey, &packets, &list_end);
1233 publickey->next = next;
1235 storebuf.offset = 0;
1236 storebuf.size = 8192;
1237 storebuf.buffer = malloc(8192);
1239 write_openpgp_stream(buffer_putchar, &storebuf, packets);
1242 * Now we have the key data store it in the DB; the keyid is
1245 memset(&key, 0, sizeof(key));
1246 memset(&data, 0, sizeof(data));
1247 key.data = fingerprint.fp;
1248 key.size = fingerprint.length;
1249 data.size = storebuf.offset;
1250 data.data = storebuf.buffer;
1252 ret = keydb_fp(privctx, &fingerprint)->put(
1253 keydb_fp(privctx, &fingerprint),
1259 logthing(LOGTHING_ERROR,
1260 "Problem storing key: %s",
1262 if (ret == DB_LOCK_DEADLOCK) {
1267 free(storebuf.buffer);
1268 storebuf.buffer = NULL;
1270 storebuf.offset = 0;
1272 free_packet_list(packets);
1277 * Walk through our uids storing the words into the db with the keyid.
1280 uids = keyuids(publickey, &primary);
1283 for (i = 0; ret == 0 && uids[i] != NULL; i++) {
1284 wordlist = makewordlist(wordlist, uids[i]);
1287 for (curword = wordlist; curword != NULL && !deadlock;
1288 curword = curword->next) {
1289 memset(&key, 0, sizeof(key));
1290 memset(&data, 0, sizeof(data));
1291 key.data = curword->object;
1292 key.size = strlen(key.data);
1293 data.data = fingerprint.fp;
1294 data.size = fingerprint.length;
1296 ret = privctx->worddb->put(privctx->worddb,
1302 logthing(LOGTHING_ERROR,
1303 "Problem storing word: %s",
1305 if (ret == DB_LOCK_DEADLOCK) {
1312 * Free our UID and word lists.
1314 llfree(wordlist, NULL);
1315 for (i = 0; uids[i] != NULL; i++) {
1324 * Write the truncated 32 bit keyid so we can lookup the fingerprint
1328 shortkeyid = keyid & 0xFFFFFFFF;
1330 memset(&key, 0, sizeof(key));
1331 memset(&data, 0, sizeof(data));
1332 key.data = &shortkeyid;
1333 key.size = sizeof(shortkeyid);
1334 data.data = fingerprint.fp;
1335 data.size = fingerprint.length;
1337 ret = privctx->id32db->put(privctx->id32db,
1343 logthing(LOGTHING_ERROR,
1344 "Problem storing short keyid: %s",
1346 if (ret == DB_LOCK_DEADLOCK) {
1353 * Write the 64 bit keyid so we can lookup the fingerprint for
1357 memset(&key, 0, sizeof(key));
1358 memset(&data, 0, sizeof(data));
1360 key.size = sizeof(keyid);
1361 data.data = fingerprint.fp;
1362 data.size = fingerprint.length;
1364 ret = privctx->id64db->put(privctx->id64db,
1370 logthing(LOGTHING_ERROR,
1371 "Problem storing keyid: %s",
1373 if (ret == DB_LOCK_DEADLOCK) {
1380 subkeyids = keysubkeys(publickey);
1382 while (subkeyids != NULL && subkeyids[i].length != 0) {
1383 /* Store the subkey ID -> main key fp mapping */
1384 memset(&key, 0, sizeof(key));
1385 memset(&data, 0, sizeof(data));
1386 key.data = subkeyids[i].fp;
1387 key.size = subkeyids[i].length;
1388 data.data = fingerprint.fp;
1389 data.size = fingerprint.length;
1391 ret = privctx->subkeydb->put(privctx->subkeydb,
1397 logthing(LOGTHING_ERROR,
1398 "Problem storing subkey keyid: %s",
1400 if (ret == DB_LOCK_DEADLOCK) {
1405 /* Store the 64 bit subkey ID -> main key fp mapping */
1406 memset(&key, 0, sizeof(key));
1407 memset(&data, 0, sizeof(data));
1409 keyid = fingerprint2keyid(&subkeyids[i]);
1411 key.size = sizeof(keyid);
1412 data.data = fingerprint.fp;
1413 data.size = fingerprint.length;
1415 ret = privctx->id64db->put(privctx->id64db,
1421 logthing(LOGTHING_ERROR,
1422 "Problem storing keyid: %s",
1424 if (ret == DB_LOCK_DEADLOCK) {
1429 /* Store the short subkey ID -> main key fp mapping */
1430 shortkeyid = keyid & 0xFFFFFFFF;
1432 memset(&key, 0, sizeof(key));
1433 memset(&data, 0, sizeof(data));
1434 key.data = &shortkeyid;
1435 key.size = sizeof(shortkeyid);
1436 data.data = fingerprint.fp;
1437 data.size = fingerprint.length;
1439 ret = privctx->id32db->put(privctx->id32db,
1445 logthing(LOGTHING_ERROR,
1446 "Problem storing short keyid: %s",
1448 if (ret == DB_LOCK_DEADLOCK) {
1454 if (subkeyids != NULL) {
1461 get_skshash(publickey, &hash);
1462 memset(&key, 0, sizeof(key));
1463 memset(&data, 0, sizeof(data));
1464 key.data = hash.hash;
1465 key.size = sizeof(hash.hash);
1466 data.data = fingerprint.fp;
1467 data.size = fingerprint.length;
1469 ret = privctx->skshashdb->put(privctx->skshashdb,
1475 logthing(LOGTHING_ERROR,
1476 "Problem storing SKS hash: %s",
1478 if (ret == DB_LOCK_DEADLOCK) {
1485 db4_endtrans(dbctx);
1488 return deadlock ? -1 : 0 ;
1492 * iterate_keys - call a function once for each key in the db.
1493 * @iterfunc: The function to call.
1494 * @ctx: A context pointer
1496 * Calls iterfunc once for each key in the database. ctx is passed
1497 * unaltered to iterfunc. This function is intended to aid database dumps
1498 * and statistic calculations.
1500 * Returns the number of keys we iterated over.
1502 static int db4_iterate_keys(struct onak_dbctx *dbctx,
1503 void (*iterfunc)(void *ctx, struct openpgp_publickey *key),
1506 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1512 struct buffer_ctx fetchbuf;
1513 struct openpgp_packet_list *packets = NULL;
1514 struct openpgp_publickey *key = NULL;
1516 for (i = 0; i < privctx->numdbs; i++) {
1517 ret = privctx->dbconns[i]->cursor(privctx->dbconns[i],
1526 memset(&dbkey, 0, sizeof(dbkey));
1527 memset(&data, 0, sizeof(data));
1528 ret = cursor->c_get(cursor, &dbkey, &data, DB_NEXT);
1530 fetchbuf.buffer = data.data;
1531 fetchbuf.offset = 0;
1532 fetchbuf.size = data.size;
1533 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
1535 parse_keys(packets, &key);
1539 free_publickey(key);
1541 free_packet_list(packets);
1544 memset(&dbkey, 0, sizeof(dbkey));
1545 memset(&data, 0, sizeof(data));
1546 ret = cursor->c_get(cursor, &dbkey, &data,
1550 if (ret != DB_NOTFOUND) {
1551 logthing(LOGTHING_ERROR,
1552 "Problem reading key: %s",
1556 cursor->c_close(cursor);
1564 * Include the basic keydb routines.
1566 #define NEED_GETKEYSIGS 1
1567 #define NEED_KEYID2UID 1
1568 #define NEED_UPDATEKEYS 1
1572 * cleanupdb - De-initialize the key database.
1574 * This function should be called upon program exit to allow the DB to
1575 * cleanup after itself.
1577 static void db4_cleanupdb(struct onak_dbctx *dbctx)
1579 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1582 if (privctx->dbenv != NULL) {
1583 privctx->dbenv->txn_checkpoint(privctx->dbenv, 0, 0, 0);
1584 if (privctx->subkeydb != NULL) {
1585 privctx->subkeydb->close(privctx->subkeydb, 0);
1586 privctx->subkeydb = NULL;
1588 if (privctx->skshashdb != NULL) {
1589 privctx->skshashdb->close(privctx->skshashdb, 0);
1590 privctx->skshashdb = NULL;
1592 if (privctx->id64db != NULL) {
1593 privctx->id64db->close(privctx->id64db, 0);
1594 privctx->id64db = NULL;
1596 if (privctx->id32db != NULL) {
1597 privctx->id32db->close(privctx->id32db, 0);
1598 privctx->id32db = NULL;
1600 if (privctx->worddb != NULL) {
1601 privctx->worddb->close(privctx->worddb, 0);
1602 privctx->worddb = NULL;
1604 for (i = 0; i < privctx->numdbs; i++) {
1605 if (privctx->dbconns[i] != NULL) {
1606 privctx->dbconns[i]->close(privctx->dbconns[i],
1608 privctx->dbconns[i] = NULL;
1611 free(privctx->dbconns);
1612 privctx->dbconns = NULL;
1613 privctx->dbenv->close(privctx->dbenv, 0);
1614 privctx->dbenv = NULL;
1623 * initdb - Initialize the key database.
1625 * This function should be called before any of the other functions in
1626 * this file are called in order to allow the DB to be initialized ready
1629 struct onak_dbctx *keydb_db4_init(bool readonly)
1636 struct stat statbuf;
1638 struct onak_dbctx *dbctx;
1639 struct onak_db4_dbctx *privctx;
1641 dbctx = malloc(sizeof(*dbctx));
1642 if (dbctx == NULL) {
1645 dbctx->priv = privctx = calloc(1, sizeof(*privctx));
1646 if (privctx == NULL) {
1651 /* Default to 16 key data DBs */
1652 privctx->numdbs = 16;
1654 snprintf(buf, sizeof(buf) - 1, "%s/%s", config.db_dir,
1656 ret = stat(buf, &statbuf);
1657 while ((ret == 0) || (errno != ENOENT)) {
1659 logthing(LOGTHING_CRITICAL, "Couldn't stat upgrade "
1660 "lock file: %s (%d)", strerror(errno), ret);
1663 logthing(LOGTHING_DEBUG, "DB4 upgrade in progress; waiting.");
1665 ret = stat(buf, &statbuf);
1669 snprintf(buf, sizeof(buf) - 1, "%s/num_keydb", config.db_dir);
1670 numdb = fopen(buf, "r");
1671 if (numdb != NULL) {
1672 if (fgets(buf, sizeof(buf), numdb) != NULL) {
1673 privctx->numdbs = atoi(buf);
1676 } else if (!readonly) {
1677 logthing(LOGTHING_ERROR, "Couldn't open num_keydb: %s",
1679 numdb = fopen(buf, "w");
1680 if (numdb != NULL) {
1681 fprintf(numdb, "%d", privctx->numdbs);
1684 logthing(LOGTHING_ERROR,
1685 "Couldn't write num_keydb: %s",
1690 privctx->dbconns = calloc(privctx->numdbs, sizeof (DB *));
1691 if (privctx->dbconns == NULL) {
1692 logthing(LOGTHING_CRITICAL,
1693 "Couldn't allocate memory for dbconns");
1698 ret = db_env_create(&privctx->dbenv, 0);
1700 logthing(LOGTHING_CRITICAL,
1701 "db_env_create: %s", db_strerror(ret));
1706 * Up the number of locks we're allowed at once. We base this on
1707 * the maximum number of keys we're going to return.
1710 maxlocks = config.maxkeys * 16;
1711 if (maxlocks < 1000) {
1714 privctx->dbenv->set_lk_max_locks(privctx->dbenv, maxlocks);
1715 privctx->dbenv->set_lk_max_objects(privctx->dbenv, maxlocks);
1719 * Enable deadlock detection so that we don't block indefinitely on
1720 * anything. What we really want is simple 2 state locks, but I'm not
1721 * sure how to make the standard DB functions do that yet.
1724 privctx->dbenv->set_errcall(privctx->dbenv, &db4_errfunc);
1725 ret = privctx->dbenv->set_lk_detect(privctx->dbenv, DB_LOCK_DEFAULT);
1727 logthing(LOGTHING_CRITICAL,
1728 "db_env_create: %s", db_strerror(ret));
1733 ret = privctx->dbenv->open(privctx->dbenv, config.db_dir,
1734 DB_INIT_LOG | DB_INIT_MPOOL | DB_INIT_LOCK |
1738 #ifdef DB_VERSION_MISMATCH
1739 if (ret == DB_VERSION_MISMATCH) {
1740 privctx->dbenv->close(privctx->dbenv, 0);
1741 privctx->dbenv = NULL;
1742 ret = db4_upgradedb(privctx);
1744 ret = db_env_create(&privctx->dbenv, 0);
1747 privctx->dbenv->set_errcall(privctx->dbenv,
1749 privctx->dbenv->set_lk_detect(privctx->dbenv,
1751 ret = privctx->dbenv->open(privctx->dbenv,
1753 DB_INIT_LOG | DB_INIT_MPOOL |
1754 DB_INIT_LOCK | DB_INIT_TXN |
1755 DB_CREATE | DB_RECOVER,
1759 privctx->dbenv->txn_checkpoint(
1769 logthing(LOGTHING_CRITICAL,
1770 "Error opening db environment: %s (%s)",
1773 if (privctx->dbenv != NULL) {
1774 privctx->dbenv->close(privctx->dbenv, 0);
1775 privctx->dbenv = NULL;
1781 db4_starttrans(dbctx);
1783 for (i = 0; !ret && i < privctx->numdbs; i++) {
1784 ret = db_create(&privctx->dbconns[i],
1787 logthing(LOGTHING_CRITICAL,
1788 "db_create: %s", db_strerror(ret));
1792 snprintf(buf, 1023, "keydb.%d.db", i);
1797 ret = privctx->dbconns[i]->open(
1798 privctx->dbconns[i],
1806 logthing(LOGTHING_CRITICAL,
1807 "Error opening key database:"
1817 ret = db_create(&privctx->worddb, privctx->dbenv, 0);
1819 logthing(LOGTHING_CRITICAL, "db_create: %s",
1825 ret = privctx->worddb->set_flags(privctx->worddb, DB_DUP);
1829 ret = privctx->worddb->open(privctx->worddb, privctx->txn,
1830 "worddb", "worddb", DB_BTREE,
1834 logthing(LOGTHING_CRITICAL,
1835 "Error opening word database: %s (%s)",
1842 ret = db_create(&privctx->id32db, privctx->dbenv, 0);
1844 logthing(LOGTHING_CRITICAL, "db_create: %s",
1850 ret = privctx->id32db->set_flags(privctx->id32db, DB_DUP);
1854 ret = privctx->id32db->open(privctx->id32db, privctx->txn,
1855 "id32db", "id32db", DB_HASH,
1859 logthing(LOGTHING_CRITICAL,
1860 "Error opening id32 database: %s (%s)",
1867 ret = db_create(&privctx->id64db, privctx->dbenv, 0);
1869 logthing(LOGTHING_CRITICAL, "db_create: %s",
1875 ret = privctx->id64db->set_flags(privctx->id64db, DB_DUP);
1879 ret = privctx->id64db->open(privctx->id64db, privctx->txn,
1880 "id64db", "id64db", DB_HASH,
1884 logthing(LOGTHING_CRITICAL,
1885 "Error opening id64 database: %s (%s)",
1892 ret = db_create(&privctx->skshashdb, privctx->dbenv, 0);
1894 logthing(LOGTHING_CRITICAL, "db_create: %s",
1900 ret = privctx->skshashdb->open(privctx->skshashdb, privctx->txn,
1902 "skshashdb", DB_HASH,
1906 logthing(LOGTHING_CRITICAL,
1907 "Error opening skshash database: %s (%s)",
1914 ret = db_create(&privctx->subkeydb, privctx->dbenv, 0);
1916 logthing(LOGTHING_CRITICAL, "db_create: %s",
1922 ret = privctx->subkeydb->open(privctx->subkeydb, privctx->txn,
1923 "subkeydb", "subkeydb",
1928 logthing(LOGTHING_CRITICAL,
1929 "Error opening subkey database: %s (%s)",
1935 if (privctx->txn != NULL) {
1936 db4_endtrans(dbctx);
1940 db4_cleanupdb(dbctx);
1941 logthing(LOGTHING_CRITICAL,
1942 "Error opening database; exiting");
1946 dbctx->cleanupdb = db4_cleanupdb;
1947 dbctx->starttrans = db4_starttrans;
1948 dbctx->endtrans = db4_endtrans;
1949 dbctx->fetch_key_id = db4_fetch_key_id;
1950 dbctx->fetch_key_fp = db4_fetch_key_fp;
1951 dbctx->fetch_key_text = db4_fetch_key_text;
1952 dbctx->fetch_key_skshash = db4_fetch_key_skshash;
1953 dbctx->store_key = db4_store_key;
1954 dbctx->update_keys = generic_update_keys;
1955 dbctx->delete_key = db4_delete_key;
1956 dbctx->getkeysigs = generic_getkeysigs;
1957 dbctx->cached_getkeysigs = generic_cached_getkeysigs;
1958 dbctx->keyid2uid = generic_keyid2uid;
1959 dbctx->getfullkeyid = db4_getfullkeyid;
1960 dbctx->iterate_keys = db4_iterate_keys;