X-Git-Url: https://the.earth.li/gitweb/?a=blobdiff_plain;f=keydb.c;h=f6b9682f2d4b4ade0db0494fbf4c4b312a80171e;hb=70842462a490e56a607a48b2d27807816c4d8a80;hp=57472f9da64356035865d2ee1654e5bb7e7e4e76;hpb=83ae316a7b14e55418349e87d1a1942a0627ae14;p=onak.git

diff --git a/keydb.c b/keydb.c
index 57472f9..f6b9682 100644
--- a/keydb.c
+++ b/keydb.c
@@ -13,8 +13,7 @@
  * more details.
  *
  * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
 /**
@@ -25,6 +24,7 @@
  *	slower than custom functions however.
  */
 
+#include <stdbool.h>
 #include <stdio.h>
 
 #include "decodekey.h"
@@ -32,11 +32,12 @@
 #include "keydb.h"
 #include "keyid.h"
 #include "keystructs.h"
+#include "ll.h"
 #include "mem.h"
 #include "merge.h"
 #include "openpgp.h"
-#include "parsekey.h"
 #include "sendsync.h"
+#include "stats.h"
 
 #ifdef NEED_KEYID2UID
 /**
@@ -87,13 +88,19 @@ struct ll *generic_getkeysigs(struct onak_dbctx *dbctx,
 {
 	struct ll *sigs = NULL;
 	struct openpgp_signedpacket_list *uids = NULL;
+	struct openpgp_packet_list *cursig;
 	struct openpgp_publickey *publickey = NULL;
 
 	dbctx->fetch_key_id(dbctx, keyid, &publickey, false);
 	
 	if (publickey != NULL) {
 		for (uids = publickey->uids; uids != NULL; uids = uids->next) {
-			sigs = keysigs(sigs, uids->sigs);
+			for (cursig = uids->sigs; cursig != NULL;
+					cursig = cursig->next) {
+				sigs = lladd(sigs,
+						createandaddtohash(sig_keyid(
+							cursig->packet)));
+			}
 		}
 		if (revoked != NULL) {
 			*revoked = publickey->revoked;
@@ -148,37 +155,12 @@ struct ll *generic_cached_getkeysigs(struct onak_dbctx *dbctx, uint64_t keyid)
 	return key->sigs;
 }
 
-#ifdef NEED_GETFULLKEYID
-/**
- *	getfullkeyid - Maps a 32bit key id to a 64bit one.
- *	@keyid: The 32bit keyid.
- *
- *	This function maps a 32bit key id to the full 64bit one. It returns the
- *	full keyid. If the key isn't found a keyid of 0 is returned.
- */
-uint64_t generic_getfullkeyid(struct onak_dbctx *dbctx, uint64_t keyid)
-{
-	struct openpgp_publickey *publickey = NULL;
-
-	if (keyid < 0x100000000LL) {
-		dbctx->fetch_key_id(dbctx, keyid, &publickey, false);
-		if (publickey != NULL) {
-			get_keyid(publickey, &keyid);
-			free_publickey(publickey);
-			publickey = NULL;
-		} else {
-			keyid = 0;
-		}
-	}
-	
-	return keyid;
-}
-#endif
-
 #ifdef NEED_UPDATEKEYS
 /**
  *	update_keys - Takes a list of public keys and updates them in the DB.
  *	@keys: The keys to update in the DB.
+ *	@blacklist: A keyarray of key fingerprints not to accept.
+ *	@updateonly: Only update existing keys, don't add new ones.
  *	@sendsync: Should we send a sync mail to our peers.
  *
  *	Takes a list of keys and adds them to the database, merging them with
@@ -188,23 +170,38 @@ uint64_t generic_getfullkeyid(struct onak_dbctx *dbctx, uint64_t keyid)
  *	the DB). Returns the number of entirely new keys added.
  */
 int generic_update_keys(struct onak_dbctx *dbctx,
-		struct openpgp_publickey **keys, bool sendsync)
+		struct openpgp_publickey **keys,
+		struct keyarray *blacklist,
+		bool updateonly,
+		bool sendsync)
 {
-	struct openpgp_publickey *curkey = NULL;
+	struct openpgp_publickey **curkey, *tmp = NULL;
 	struct openpgp_publickey *oldkey = NULL;
-	struct openpgp_publickey *prev = NULL;
-	int newkeys = 0;
+	struct openpgp_fingerprint fp;
+	int newkeys = 0, ret;
 	bool intrans;
-	uint64_t keyid;
 
-	for (curkey = *keys; curkey != NULL; curkey = curkey->next) {
+	curkey = keys;
+	while (*curkey != NULL) {
+		get_fingerprint((*curkey)->publickey, &fp);
+		if (blacklist && array_find(blacklist, &fp)) {
+			logthing(LOGTHING_INFO, "Ignoring blacklisted key.");
+			tmp = *curkey;
+			*curkey = (*curkey)->next;
+			tmp->next = NULL;
+			free_publickey(tmp);
+			continue;
+		}
+
 		intrans = dbctx->starttrans(dbctx);
-		get_keyid(curkey, &keyid);
-		logthing(LOGTHING_INFO,
-			"Fetching key 0x%" PRIX64 ", result: %d",
-			keyid,
-			dbctx->fetch_key_id(dbctx, keyid, &oldkey,
-					intrans));
+
+		ret = dbctx->fetch_key_fp(dbctx, &fp, &oldkey, intrans);
+		if (ret == 0 && updateonly) {
+			logthing(LOGTHING_INFO,
+				"Skipping new key as update only set.");
+			curkey = &(*curkey)->next;
+			goto next;
+		}
 
 		/*
 		 * If we already have the key stored in the DB then merge it
@@ -213,37 +210,35 @@ int generic_update_keys(struct onak_dbctx *dbctx,
 		 * one that we send out.
 		 */
 		if (oldkey != NULL) {
-			merge_keys(oldkey, curkey);
-			if (curkey->sigs == NULL &&
-					curkey->uids == NULL &&
-					curkey->subkeys == NULL) {
-				if (prev == NULL) {
-					*keys = curkey->next;
-				} else {
-					prev->next = curkey->next;
-					curkey->next = NULL;
-					free_publickey(curkey);
-					curkey = prev;
-				}
+			merge_keys(oldkey, *curkey);
+			if ((*curkey)->sigs == NULL &&
+					(*curkey)->uids == NULL &&
+					(*curkey)->subkeys == NULL) {
+				tmp = *curkey;
+				*curkey = (*curkey)->next;
+				tmp->next = NULL;
+				free_publickey(tmp);
 			} else {
-				prev = curkey;
 				logthing(LOGTHING_INFO,
 					"Merged key; storing updated key.");
 				dbctx->store_key(dbctx, oldkey, intrans,
 					true);
+				curkey = &(*curkey)->next;
 			}
 			free_publickey(oldkey);
 			oldkey = NULL;
 		} else {
 			logthing(LOGTHING_INFO,
 				"Storing completely new key.");
-			dbctx->store_key(dbctx, curkey, intrans, false);
+			dbctx->store_key(dbctx, *curkey, intrans, false);
 			newkeys++;
+			curkey = &(*curkey)->next;
 		}
+next:
 		dbctx->endtrans(dbctx);
 	}
 
-	if (sendsync && keys != NULL) {
+	if (sendsync && keys != NULL && *keys != NULL) {
 		sendkeysync(*keys);
 	}
 
@@ -253,26 +248,36 @@ int generic_update_keys(struct onak_dbctx *dbctx,
 
 #ifdef NEED_GET_FP
 static int generic_fetch_key_fp(struct onak_dbctx *dbctx,
-		uint8_t *fp, size_t fpsize,
+		struct openpgp_fingerprint *fingerprint,
 		struct openpgp_publickey **publickey, bool intrans)
 {
 	uint64_t keyid;
 	int i;
 
-	if (fpsize > MAX_FINGERPRINT_LEN) {
+	if (fingerprint->length > MAX_FINGERPRINT_LEN) {
 		return 0;
 	}
 
 	/*
 	 * We assume if the backend is using this function it's not storing
 	 * anything bigger than the 64 bit key ID and just truncate the
-	 * fingerprint to get that value. This doesn't work for v3 keys,
+	 * fingerprint to get that value. v4 keys want the lowest 64 bits, v5
+	 * keys need the top 64 bits.  This doesn't work for v3 keys,
 	 * but there's no way to map from v3 fingerprint to v3 key ID so
 	 * if the backend can't do it we're going to fail anyway.
 	 */
 	keyid = 0;
-	for (i = (fpsize - 8); i < fpsize; i++) {
-		keyid = (keyid << 8) + fp[i];
+	if (fingerprint->length == 20) {
+		/* v4 */
+		for (i = (fingerprint->length - 8); i < fingerprint->length;
+				i++) {
+			keyid = (keyid << 8) + fingerprint->fp[i];
+		}
+	} else {
+		/* v5 */
+		for (i = 0; i < 8; i++) {
+			keyid = (keyid << 8) + fingerprint->fp[i];
+		}
 	}
 
 	return dbctx->fetch_key_id(dbctx, keyid, publickey, intrans);