X-Git-Url: https://the.earth.li/gitweb/?a=blobdiff_plain;f=keydb%2Fkeydb.c;fp=keydb%2Fkeydb.c;h=f6b9682f2d4b4ade0db0494fbf4c4b312a80171e;hb=51c1a7dd950efef6a4d00df1878341777f8064ff;hp=0000000000000000000000000000000000000000;hpb=dfab9e96ee1fa4a10acf9c1cf644d7a4366a5af6;p=onak.git diff --git a/keydb/keydb.c b/keydb/keydb.c new file mode 100644 index 0000000..f6b9682 --- /dev/null +++ b/keydb/keydb.c @@ -0,0 +1,285 @@ +/* + * keydb.c - Routines for DB access that just use store/fetch. + * + * Copyright 2002-2004 Jonathan McDowell + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program. If not, see . + */ + +/** + * The routines in this file are meant to be used as an initial step when + * adding a new db access module. They provide various functions required + * of the db access module using only the store and fetch functions. As + * they need to parse the actual OpenPGP data to work they are a lot + * slower than custom functions however. + */ + +#include +#include + +#include "decodekey.h" +#include "hash.h" +#include "keydb.h" +#include "keyid.h" +#include "keystructs.h" +#include "ll.h" +#include "mem.h" +#include "merge.h" +#include "openpgp.h" +#include "sendsync.h" +#include "stats.h" + +#ifdef NEED_KEYID2UID +/** + * keyid2uid - Takes a keyid and returns the primary UID for it. + * @keyid: The keyid to lookup. + */ +char *generic_keyid2uid(struct onak_dbctx *dbctx, uint64_t keyid) +{ + struct openpgp_publickey *publickey = NULL; + struct openpgp_signedpacket_list *curuid = NULL; + char buf[1024]; + + buf[0]=0; + if (dbctx->fetch_key_id(dbctx, keyid, &publickey, false) && + publickey != NULL) { + curuid = publickey->uids; + while (curuid != NULL && buf[0] == 0) { + if (curuid->packet->tag == OPENPGP_PACKET_UID) { + snprintf(buf, 1023, "%.*s", + (int) curuid->packet->length, + curuid->packet->data); + } + curuid = curuid -> next; + } + free_publickey(publickey); + } + + if (buf[0] == 0) { + return NULL; + } else { + return strdup(buf); + } +} +#endif + +#ifdef NEED_GETKEYSIGS +/** + * getkeysigs - Gets a linked list of the signatures on a key. + * @keyid: The keyid to get the sigs for. + * @revoked: Is the key revoked? + * + * This function gets the list of signatures on a key. Used for key + * indexing and doing stats bits. If revoked is non-NULL then if the key + * is revoked it's set to true. + */ +struct ll *generic_getkeysigs(struct onak_dbctx *dbctx, + uint64_t keyid, bool *revoked) +{ + struct ll *sigs = NULL; + struct openpgp_signedpacket_list *uids = NULL; + struct openpgp_packet_list *cursig; + struct openpgp_publickey *publickey = NULL; + + dbctx->fetch_key_id(dbctx, keyid, &publickey, false); + + if (publickey != NULL) { + for (uids = publickey->uids; uids != NULL; uids = uids->next) { + for (cursig = uids->sigs; cursig != NULL; + cursig = cursig->next) { + sigs = lladd(sigs, + createandaddtohash(sig_keyid( + cursig->packet))); + } + } + if (revoked != NULL) { + *revoked = publickey->revoked; + } + free_publickey(publickey); + } + + return sigs; +} +#endif + +/** + * cached_getkeysigs - Gets the signatures on a key. + * @keyid: The key we want the signatures for. + * + * This function gets the signatures on a key. It's the same as the + * getkeysigs function above except we use the hash module to cache the + * data so if we need it again it's already loaded. + */ +struct ll *generic_cached_getkeysigs(struct onak_dbctx *dbctx, uint64_t keyid) +{ + struct stats_key *key = NULL; + struct stats_key *signedkey = NULL; + struct ll *cursig = NULL; + struct ll *sigs = NULL; + bool revoked = false; + + if (keyid == 0) { + return NULL; + } + + key = findinhash(keyid); + + if (key == NULL || key->gotsigs == false) { + sigs = dbctx->getkeysigs(dbctx, keyid, &revoked); + if (sigs == NULL) { + return NULL; + } + if (key == NULL) { + key = createandaddtohash(keyid); + } + key->sigs = sigs; + key->revoked = revoked; + for (cursig = key->sigs; cursig != NULL; + cursig = cursig->next) { + signedkey = (struct stats_key *) cursig->object; + signedkey->signs = lladd(signedkey->signs, key); + } + key->gotsigs = true; + } + + return key->sigs; +} + +#ifdef NEED_UPDATEKEYS +/** + * update_keys - Takes a list of public keys and updates them in the DB. + * @keys: The keys to update in the DB. + * @blacklist: A keyarray of key fingerprints not to accept. + * @updateonly: Only update existing keys, don't add new ones. + * @sendsync: Should we send a sync mail to our peers. + * + * Takes a list of keys and adds them to the database, merging them with + * the key in the database if it's already present there. The key list is + * update to contain the minimum set of updates required to get from what + * we had before to what we have now (ie the set of data that was added to + * the DB). Returns the number of entirely new keys added. + */ +int generic_update_keys(struct onak_dbctx *dbctx, + struct openpgp_publickey **keys, + struct keyarray *blacklist, + bool updateonly, + bool sendsync) +{ + struct openpgp_publickey **curkey, *tmp = NULL; + struct openpgp_publickey *oldkey = NULL; + struct openpgp_fingerprint fp; + int newkeys = 0, ret; + bool intrans; + + curkey = keys; + while (*curkey != NULL) { + get_fingerprint((*curkey)->publickey, &fp); + if (blacklist && array_find(blacklist, &fp)) { + logthing(LOGTHING_INFO, "Ignoring blacklisted key."); + tmp = *curkey; + *curkey = (*curkey)->next; + tmp->next = NULL; + free_publickey(tmp); + continue; + } + + intrans = dbctx->starttrans(dbctx); + + ret = dbctx->fetch_key_fp(dbctx, &fp, &oldkey, intrans); + if (ret == 0 && updateonly) { + logthing(LOGTHING_INFO, + "Skipping new key as update only set."); + curkey = &(*curkey)->next; + goto next; + } + + /* + * If we already have the key stored in the DB then merge it + * with the new one that's been supplied. Otherwise the key + * we've just got is the one that goes in the DB and also the + * one that we send out. + */ + if (oldkey != NULL) { + merge_keys(oldkey, *curkey); + if ((*curkey)->sigs == NULL && + (*curkey)->uids == NULL && + (*curkey)->subkeys == NULL) { + tmp = *curkey; + *curkey = (*curkey)->next; + tmp->next = NULL; + free_publickey(tmp); + } else { + logthing(LOGTHING_INFO, + "Merged key; storing updated key."); + dbctx->store_key(dbctx, oldkey, intrans, + true); + curkey = &(*curkey)->next; + } + free_publickey(oldkey); + oldkey = NULL; + } else { + logthing(LOGTHING_INFO, + "Storing completely new key."); + dbctx->store_key(dbctx, *curkey, intrans, false); + newkeys++; + curkey = &(*curkey)->next; + } +next: + dbctx->endtrans(dbctx); + } + + if (sendsync && keys != NULL && *keys != NULL) { + sendkeysync(*keys); + } + + return newkeys; +} +#endif /* NEED_UPDATEKEYS */ + +#ifdef NEED_GET_FP +static int generic_fetch_key_fp(struct onak_dbctx *dbctx, + struct openpgp_fingerprint *fingerprint, + struct openpgp_publickey **publickey, bool intrans) +{ + uint64_t keyid; + int i; + + if (fingerprint->length > MAX_FINGERPRINT_LEN) { + return 0; + } + + /* + * We assume if the backend is using this function it's not storing + * anything bigger than the 64 bit key ID and just truncate the + * fingerprint to get that value. v4 keys want the lowest 64 bits, v5 + * keys need the top 64 bits. This doesn't work for v3 keys, + * but there's no way to map from v3 fingerprint to v3 key ID so + * if the backend can't do it we're going to fail anyway. + */ + keyid = 0; + if (fingerprint->length == 20) { + /* v4 */ + for (i = (fingerprint->length - 8); i < fingerprint->length; + i++) { + keyid = (keyid << 8) + fingerprint->fp[i]; + } + } else { + /* v5 */ + for (i = 0; i < 8; i++) { + keyid = (keyid << 8) + fingerprint->fp[i]; + } + } + + return dbctx->fetch_key_id(dbctx, keyid, publickey, intrans); +} +#endif