The regular keydb functions for talking to keyd work fine for key
related operations, but there are extra things we want to do with
keyd (such as checking its status or asking it to cleanly exit) that
there's no way to do at present. Add keydctl to provide a way to
access these additional features.
catchsignals() normally catches SIGPIPE and sets the cleanup flag,
as per the other signals it catches. This is fine for the HKP CGI,
but not appropriate for keyd (as it's probably because the client
has exited without doing appropriate cleanup). Ignore it; we'll
deal with the error when we try to read/write to the socket.
Output KEYD_REPLY_OK response for close/quite commands as well
as data size for version/longkeyid commands. Means that commands
can always expect to get an OK response if they've been understood
and a size if they're going to result in some more data.
While cross machine compatibility is not currently an aim for keyd
we should specify the word size for commands to help down the line
if we decide to do this.
Configure db4 locks according to maxkeys and actually check maxkeys
The number of db4 objects iin use is related to the maximum number of
keys we return at once. Configure the locking subsystem accordingly
and limit the number of returned keys to maxkeys.
Significantly improves the reliability of the db4 backend on a large
busy server.
Add use_keyd config file option to select keyd as the backend
We want to be able to use a common config file across the various
tools, so add a config variable to indicate that we're using keyd.
This allows keyd to override the option and then get the configured
backend, while everything else knows to use keyd.
Only seed database for Debian install if we're using default config
If the user changes the config away from DB4 or the default DB
directory and deletes the old directory we'll think they don't
have an initialised key database and try to seed it with my key.
Check the config file and if it doesn't match what we expect
assume the user has configured appropriately and don't seed the DB.
Actually close the socket in keyd/the keyd backend
We were calling shutdown() on the socket, but this isn't sufficient -
we need to call close() as well. Otherwise we end up leaking sockets
and eventually keyd can no longer service requests.
We were defining a custom compile rule for the keydb .c -> .o stage,
which left out the CFLAGS. We don't need this; the custom bit is at
link time so we pick up the right libs.
libdb4.7 isn't in stable (lenny) and libdb4.8 is in testing (squeeze)
and sid, so given that we can do the auto upgrade no reason not to
bump to use the latest. Tested with 20000+ invocations of "onak index"
to try to confirm no repeat of the read-only-open problem hit with 4.6.
We didn't specify the version in the README, though it was correct in
debian/copyright. Add the version to the README and point to the
versioned file in debian/copyright rather than the symlink to the
current version.
Change PostgreSQL backend to use PQescapeStringConn
While the PostgreSQL backend is not known to be in use anywhere we were
using an older escaping function (PQescapeString) which does not have
knowledge of the connection character encoding and so has potential
problems. Switch to using PQescapeStringConn, which does have this
knowledge.
Don't add a key to the stats hash if it doesn't have any sigs
We always added a key to the stats hash if we tried to find its sigs,
even if it didn't exist. So if it doesn't have any sigs (either because
it doesn't exist or it's just a non linked in key), don't add it.
Closes Debian bug #542187.
Correct formatting of some places we output a keyid
Format keyids in various places to be 16 digits long, zero padded
if necessary. Closes Debian bug #540196 (which has a patch from
Philippe Teuwen, but that uses 8 digits instead of 16).
db4.6 (on Debian at least) seems to throw a fit after a number of
read-only opens. db4.7 (and 4.5) don't seem to suffer from this.
Closes Debian bug #520117
Ensure DB4 backend dbconns memory is initialised to zero
Change to using calloc to allocate the memory for the dbconns array,
as this will ensure that all the pointers in it are NULL which
prevents us segfaulting on abnormal cleanup. Fixes the segfault from
Debian bug #520117 but not the underlying issue.
We were using the void * ctx argument as the file descriptor. Find for
32 bit, but on 64 bit we're truncating. No reason not to just pass the
pointer to the fd, so do so.
Add initial support for upgrading db4 DBs built with older DB4 versions
DB4 data base files are tied to the version of DB4 that created them.
It'd be nice to be able to compile with a more recent version of db4
than db4.2, which is currently used for the Debian packages. However
we don't want to have dump and reload the database, so this adds a
first cut at trying to use the DB4 provided upgrade functions.
We sometimes see critical subpackets for signature UIDs and and Policy
URIs. While we should probably display such things in indexes in the
future this isn't critical enough for us to log the packets as an error.
We would always show the first photo ID on a key when displaying it
in /pks/lookup. Fix this so we show them all correctly. Patch from
Philippe Teuwen as reporting in Debian bug #467020
We don't want to add keys when there are no keys in the previous list,
we want to only add new keys on the first pass. Otherwise if we end up
with an empty list we'll start again as if none of the previous words
where specified.
Apparently PGP Desktop doesn't like our "Storing %d keys." success
message when storing keys received via HKP. Change our output to match
what the pgp.com and SKS keyservers return. Patch from Timothy Legge.
Fix up dynamic loading; we export a structure of functions now from
each of the backends, which means we can maintain unique namespaces.
This should allow further cleanups/cunningness, but hopefully this is
enough to get us operating correctly across all platforms to start with.
Fix config structure references for dynamic backends
This patch fixes the config structure when dynamic backends are
used - the basic issue is that when the backend was loaded, it wouldn't
(neccessarily) share the config structure with the program that called
it (and had therefore read the config). Thanks to Brett Parker.
Fixup config file for Debian package upgrades
We now need to configure a suitable DB backend and are also using the
mail_dir setting, so we need to add/fix these in onak.conf for package
upgrades.
Allow checking for signature times and use in merging
Add support for pulling out the creation time of a signature, then use
this information when we're merging key signatures. This allows for
updating of signatures (eg key preferences) or adding new signatures eg
with later expiry dates. As reported in Debian bug #410796
Fix assumption that a signature on a public key is a revocation
We've been assuming that a signature directly on a public key means the
key is revoked. This isn't the case; it's used for key preferences for
example. Change the structure element names to reflect this
(revocations->sigs) and check for revoked status by looking for a
signature type of 0x20.
Fix incoming mail spool directory
onak-mail has spooled incoming mail for a long time; fix up the default
config to put this in spool/onak rather than the hardcoded /community
that was previously configured.
Change Debian package to use dynamic backend.
This hopefully does all that's required to build a Debian package with
all our backends but defaulting to db4 so we don't break those
upgrading.
Try to load backends from current dir if none specified.
If we don't specify a directory for the backends in the config file
then try to load them from the current directory.
Gracefully fail when we can't open a DB4 DB.
If we don't have permissions to open a DB4 DB we'll not even get to
open our environment. As such we should close it cleanly and fail rather
than segfaulting. As reported in Debian bug #370440
Gracefully exit if no backend defined.
If no backend was defined we were attempting to strlen a NULL string,
which isn't sensible. Gracefully exit with a critical error instead.
Fix replyto email address bug.
If Reply-To wasn't set we wouldn't be able to send a reply email from
onak-mail.pl for ADD/(V)INDEX mails. Fix this so we'll use Reply-To or
From if that isn't set.
Enable ADD support for email interface.
onak-mail.pl didn't support ADD; this is still in use by some people,
so has now been added. Thanks to Ian Jackson for reporting, I'd
forgotten it didn't support this yet.
Support 16 digit key ids in lookup.
When generating our html keyindexes, use 64bit key ids for the links,
to help avoid collisions. Also make lookup support this length of id.
Add dynamic loading of backends.
This adds support for the dynamic loading of backends. By default we
now try to build all the backends we can and then dynamically load the
one the user wants.
Make onak-mail.pl queue requests.
onak-mail.pl sequentially processes requests. Rather than having a lot
of these processes hang around waiting for other requests to complete we
now dump requests to a file and then the active copy will process all
pending requests.
Handle signature revokations better.
Hanna Wallach reported an issue with UID revokations. This was because
we weren't allowing multiple signatures from the same keyid for a UID;
we now check the signature type and allow them if they're different.