/*
* keydb.c - Routines for DB access that just use store/fetch.
*
- * Jonathan McDowell <noodles@earth.li>
+ * Copyright 2002-2004 Jonathan McDowell <noodles@earth.li>
*
- * Copyright 2002-2004 Project Purple
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* slower than custom functions however.
*/
+#include <stdbool.h>
#include <stdio.h>
#include "decodekey.h"
#include "keydb.h"
#include "keyid.h"
#include "keystructs.h"
+#include "ll.h"
#include "mem.h"
#include "merge.h"
-#include "parsekey.h"
+#include "openpgp.h"
#include "sendsync.h"
+#include "stats.h"
#ifdef NEED_KEYID2UID
/**
* keyid2uid - Takes a keyid and returns the primary UID for it.
* @keyid: The keyid to lookup.
*/
-char *generic_keyid2uid(uint64_t keyid)
+char *generic_keyid2uid(struct onak_dbctx *dbctx, uint64_t keyid)
{
struct openpgp_publickey *publickey = NULL;
struct openpgp_signedpacket_list *curuid = NULL;
char buf[1024];
buf[0]=0;
- if (config.dbbackend->fetch_key(keyid, &publickey, false) &&
+ if (dbctx->fetch_key_id(dbctx, keyid, &publickey, false) &&
publickey != NULL) {
curuid = publickey->uids;
while (curuid != NULL && buf[0] == 0) {
- if (curuid->packet->tag == 13) {
+ if (curuid->packet->tag == OPENPGP_PACKET_UID) {
snprintf(buf, 1023, "%.*s",
(int) curuid->packet->length,
curuid->packet->data);
* indexing and doing stats bits. If revoked is non-NULL then if the key
* is revoked it's set to true.
*/
-struct ll *generic_getkeysigs(uint64_t keyid, bool *revoked)
+struct ll *generic_getkeysigs(struct onak_dbctx *dbctx,
+ uint64_t keyid, bool *revoked)
{
struct ll *sigs = NULL;
struct openpgp_signedpacket_list *uids = NULL;
+ struct openpgp_packet_list *cursig;
struct openpgp_publickey *publickey = NULL;
- config.dbbackend->fetch_key(keyid, &publickey, false);
+ dbctx->fetch_key_id(dbctx, keyid, &publickey, false);
if (publickey != NULL) {
for (uids = publickey->uids; uids != NULL; uids = uids->next) {
- sigs = keysigs(sigs, uids->sigs);
+ for (cursig = uids->sigs; cursig != NULL;
+ cursig = cursig->next) {
+ sigs = lladd(sigs,
+ createandaddtohash(sig_keyid(
+ cursig->packet)));
+ }
}
if (revoked != NULL) {
*revoked = publickey->revoked;
* getkeysigs function above except we use the hash module to cache the
* data so if we need it again it's already loaded.
*/
-struct ll *generic_cached_getkeysigs(uint64_t keyid)
+struct ll *generic_cached_getkeysigs(struct onak_dbctx *dbctx, uint64_t keyid)
{
struct stats_key *key = NULL;
struct stats_key *signedkey = NULL;
key = findinhash(keyid);
if (key == NULL || key->gotsigs == false) {
- sigs = config.dbbackend->getkeysigs(keyid, &revoked);
+ sigs = dbctx->getkeysigs(dbctx, keyid, &revoked);
if (sigs == NULL) {
return NULL;
}
return key->sigs;
}
-#ifdef NEED_GETFULLKEYID
-/**
- * getfullkeyid - Maps a 32bit key id to a 64bit one.
- * @keyid: The 32bit keyid.
- *
- * This function maps a 32bit key id to the full 64bit one. It returns the
- * full keyid. If the key isn't found a keyid of 0 is returned.
- */
-uint64_t generic_getfullkeyid(uint64_t keyid)
-{
- struct openpgp_publickey *publickey = NULL;
-
- if (keyid < 0x100000000LL) {
- config.dbbackend->fetch_key(keyid, &publickey, false);
- if (publickey != NULL) {
- keyid = get_keyid(publickey);
- free_publickey(publickey);
- publickey = NULL;
- } else {
- keyid = 0;
- }
- }
-
- return keyid;
-}
-#endif
-
#ifdef NEED_UPDATEKEYS
/**
* update_keys - Takes a list of public keys and updates them in the DB.
* @keys: The keys to update in the DB.
+ * @blacklist: A keyarray of key fingerprints not to accept.
+ * @updateonly: Only update existing keys, don't add new ones.
* @sendsync: Should we send a sync mail to our peers.
*
* Takes a list of keys and adds them to the database, merging them with
* we had before to what we have now (ie the set of data that was added to
* the DB). Returns the number of entirely new keys added.
*/
-int generic_update_keys(struct openpgp_publickey **keys, bool sendsync)
+int generic_update_keys(struct onak_dbctx *dbctx,
+ struct openpgp_publickey **keys,
+ struct keyarray *blacklist,
+ bool updateonly,
+ bool sendsync)
{
- struct openpgp_publickey *curkey = NULL;
+ struct openpgp_publickey **curkey, *tmp = NULL;
struct openpgp_publickey *oldkey = NULL;
- struct openpgp_publickey *prev = NULL;
- int newkeys = 0;
+ struct openpgp_fingerprint fp;
+ int newkeys = 0, ret;
bool intrans;
- for (curkey = *keys; curkey != NULL; curkey = curkey->next) {
- intrans = config.dbbackend->starttrans();
- logthing(LOGTHING_INFO,
- "Fetching key 0x%llX, result: %d",
- get_keyid(curkey),
- config.dbbackend->fetch_key(get_keyid(curkey), &oldkey,
- intrans));
+ curkey = keys;
+ while (*curkey != NULL) {
+ get_fingerprint((*curkey)->publickey, &fp);
+ if (blacklist && array_find(blacklist, &fp)) {
+ logthing(LOGTHING_INFO, "Ignoring blacklisted key.");
+ tmp = *curkey;
+ *curkey = (*curkey)->next;
+ tmp->next = NULL;
+ free_publickey(tmp);
+ continue;
+ }
+
+ intrans = dbctx->starttrans(dbctx);
+
+ ret = dbctx->fetch_key_fp(dbctx, &fp, &oldkey, intrans);
+ if (ret == 0 && updateonly) {
+ logthing(LOGTHING_INFO,
+ "Skipping new key as update only set.");
+ curkey = &(*curkey)->next;
+ goto next;
+ }
/*
* If we already have the key stored in the DB then merge it
* one that we send out.
*/
if (oldkey != NULL) {
- merge_keys(oldkey, curkey);
- if (curkey->sigs == NULL &&
- curkey->uids == NULL &&
- curkey->subkeys == NULL) {
- if (prev == NULL) {
- *keys = curkey->next;
- } else {
- prev->next = curkey->next;
- curkey->next = NULL;
- free_publickey(curkey);
- curkey = prev;
- }
+ merge_keys(oldkey, *curkey);
+ if ((*curkey)->sigs == NULL &&
+ (*curkey)->uids == NULL &&
+ (*curkey)->subkeys == NULL) {
+ tmp = *curkey;
+ *curkey = (*curkey)->next;
+ tmp->next = NULL;
+ free_publickey(tmp);
} else {
- prev = curkey;
logthing(LOGTHING_INFO,
"Merged key; storing updated key.");
- config.dbbackend->store_key(oldkey, intrans,
+ dbctx->store_key(dbctx, oldkey, intrans,
true);
+ curkey = &(*curkey)->next;
}
free_publickey(oldkey);
oldkey = NULL;
} else {
logthing(LOGTHING_INFO,
"Storing completely new key.");
- config.dbbackend->store_key(curkey, intrans, false);
+ dbctx->store_key(dbctx, *curkey, intrans, false);
newkeys++;
+ curkey = &(*curkey)->next;
}
- config.dbbackend->endtrans();
- intrans = false;
+next:
+ dbctx->endtrans(dbctx);
}
- if (sendsync && keys != NULL) {
+ if (sendsync && keys != NULL && *keys != NULL) {
sendkeysync(*keys);
}
return newkeys;
}
#endif /* NEED_UPDATEKEYS */
+
+#ifdef NEED_GET_FP
+static int generic_fetch_key_fp(struct onak_dbctx *dbctx,
+ struct openpgp_fingerprint *fingerprint,
+ struct openpgp_publickey **publickey, bool intrans)
+{
+ uint64_t keyid;
+ int i;
+
+ if (fingerprint->length > MAX_FINGERPRINT_LEN) {
+ return 0;
+ }
+
+ /*
+ * We assume if the backend is using this function it's not storing
+ * anything bigger than the 64 bit key ID and just truncate the
+ * fingerprint to get that value. v4 keys want the lowest 64 bits, v5
+ * keys need the top 64 bits. This doesn't work for v3 keys,
+ * but there's no way to map from v3 fingerprint to v3 key ID so
+ * if the backend can't do it we're going to fail anyway.
+ */
+ keyid = 0;
+ if (fingerprint->length == 20) {
+ /* v4 */
+ for (i = (fingerprint->length - 8); i < fingerprint->length;
+ i++) {
+ keyid = (keyid << 8) + fingerprint->fp[i];
+ }
+ } else {
+ /* v5 */
+ for (i = 0; i < 8; i++) {
+ keyid = (keyid << 8) + fingerprint->fp[i];
+ }
+ }
+
+ return dbctx->fetch_key_id(dbctx, keyid, publickey, intrans);
+}
+#endif