From 8ee9a59daf7a1ab1bf4ad8f4d2bcb88282db58a8 Mon Sep 17 00:00:00 2001 From: Jonathan McDowell Date: Wed, 28 Aug 2019 08:20:03 +0100 Subject: [PATCH] Pass a keydb context into cleankeys in preparation for signature checks In order to validate signatures cleankeys() will need to do key lookups of the signing keys. Plumb in the database context in preparation for this. --- cgi/add.c | 2 +- cgi/lookup.c | 3 ++- cleankey.c | 3 ++- cleankey.h | 5 ++++- keydb/keydb_stacked.c | 2 +- onak.c | 11 +++++++---- stripkey.c | 2 +- 7 files changed, 18 insertions(+), 10 deletions(-) diff --git a/cgi/add.c b/cgi/add.c index e17d3d9..5775e81 100644 --- a/cgi/add.c +++ b/cgi/add.c @@ -88,7 +88,7 @@ int main(int argc, char *argv[]) catchsignals(); dbctx = config.dbinit(config.backend, false); - count = cleankeys(&keys, config.clean_policies); + count = cleankeys(dbctx, &keys, config.clean_policies); logthing(LOGTHING_INFO, "%d keys cleaned.", count); diff --git a/cgi/lookup.c b/cgi/lookup.c index 35c039b..5977ad0 100644 --- a/cgi/lookup.c +++ b/cgi/lookup.c @@ -252,7 +252,8 @@ int main(int argc, char *argv[]) result, search); puts("
");
-				cleankeys(&publickey, config.clean_policies);
+				cleankeys(dbctx, &publickey,
+						config.clean_policies);
 				flatten_publickey(publickey,
 							&packets,
 							&list_end);
diff --git a/cleankey.c b/cleankey.c
index 52d482a..55e3161 100644
--- a/cleankey.c
+++ b/cleankey.c
@@ -255,7 +255,8 @@ int clean_large_packets(struct openpgp_publickey *key)
  *	made, otherwise the number of keys cleaned. Note that some options
  *	may result in keys being removed entirely from the list.
  */
-int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
+int cleankeys(struct onak_dbctx *dbctx, struct openpgp_publickey **keys,
+		uint64_t policies)
 {
 	struct openpgp_publickey **curkey, *tmp;
 	int changed = 0, count = 0;
diff --git a/cleankey.h b/cleankey.h
index 22a7e45..4671d20 100644
--- a/cleankey.h
+++ b/cleankey.h
@@ -19,6 +19,7 @@
 #ifndef __CLEANKEY_H__
 #define __CLEANKEY_H__
 
+#include "keydb.h"
 #include "keystructs.h"
 
 #define ONAK_CLEAN_CHECK_SIGHASH	(1 << 0)
@@ -29,6 +30,7 @@
 
 /**
  *	cleankeys - Apply all available cleaning options on a list of keys.
+ *	@dbctx: A database context suitable for looking up signing keys
  *	@publickey: The list of keys to clean.
  *	@policies: The cleaning policies to apply.
  *
@@ -38,6 +40,7 @@
  *	made, otherwise the number of keys cleaned. Note that some options
  *	may result in keys being removed entirely from the list.
  */
-int cleankeys(struct openpgp_publickey **keys, uint64_t policies);
+int cleankeys(struct onak_dbctx *dbctx, struct openpgp_publickey **keys,
+		uint64_t policies);
 
 #endif
diff --git a/keydb/keydb_stacked.c b/keydb/keydb_stacked.c
index 7e997d9..6cfb1f7 100644
--- a/keydb/keydb_stacked.c
+++ b/keydb/keydb_stacked.c
@@ -118,7 +118,7 @@ static void store_on_fallback(struct onak_stacked_dbctx *privctx,
 			(struct onak_dbctx *) privctx->backends->object;
 	struct openpgp_publickey *curkey;
 
-	cleankeys(&publickey, config.clean_policies);
+	cleankeys(backend, &publickey, config.clean_policies);
 	/*
 	 * If we walked the stack at all, store the key in the first
 	 * backend if configured to do so. It's not an update as we
diff --git a/onak.c b/onak.c
index 030d468..717402e 100644
--- a/onak.c
+++ b/onak.c
@@ -234,11 +234,12 @@ int main(int argc, char *argv[])
 			logthing(LOGTHING_INFO, "Finished reading %d keys.",
 					result);
 
-			result = cleankeys(&keys, config.clean_policies);
+			dbctx = config.dbinit(config.backend, false);
+			result = cleankeys(dbctx, &keys,
+					config.clean_policies);
 			logthing(LOGTHING_INFO, "%d keys cleaned.",
 					result);
 
-			dbctx = config.dbinit(config.backend, false);
 			logthing(LOGTHING_NOTICE, "Got %d new keys.",
 					dbctx->update_keys(dbctx, &keys,
 						&config.blacklist,
@@ -275,6 +276,7 @@ int main(int argc, char *argv[])
 			logthing(LOGTHING_NOTICE, "No changes.");
 		}
 	} else if (!strcmp("clean", argv[optind])) {
+		dbctx = config.dbinit(config.backend, true);
 		if (binary) {
 			result = read_openpgp_stream(stdin_getchar, NULL,
 				 &packets, 0);
@@ -292,7 +294,7 @@ int main(int argc, char *argv[])
 					result);
 
 			if (keys != NULL) {
-				result = cleankeys(&keys,
+				result = cleankeys(dbctx, &keys,
 						config.clean_policies);
 				logthing(LOGTHING_INFO, "%d keys cleaned.",
 						result);
@@ -322,6 +324,7 @@ int main(int argc, char *argv[])
 			free_publickey(keys);
 			keys = NULL;
 		}
+		dbctx->cleanupdb(dbctx);
 	} else if (!strcmp("dumpconfig", argv[optind])) {
 		if ((argc - optind) == 2) {
 			writeconfig(argv[optind + 1]);
@@ -462,7 +465,7 @@ int main(int argc, char *argv[])
 			if (dbctx->fetch_key_id(dbctx, keyid, &keys, true)) {
 				get_fingerprint(keys->publickey, &fingerprint);
 				dbctx->delete_key(dbctx, &fingerprint, true);
-				cleankeys(&keys, config.clean_policies);
+				cleankeys(dbctx, &keys, config.clean_policies);
 				dbctx->store_key(dbctx, keys, true, false);
 			} else {
 				puts("Key not found");
diff --git a/stripkey.c b/stripkey.c
index 5579236..af15784 100644
--- a/stripkey.c
+++ b/stripkey.c
@@ -49,7 +49,7 @@ int main(int argc, char** argv) {
   parse_keys( packets, &keys );
   free_packet_list(packets);
   packets = NULL;
-  cleankeys(&keys, ONAK_CLEAN_ALL);
+  cleankeys(NULL, &keys, ONAK_CLEAN_ALL);
   /* Iterate over the keys... */
   for( key = keys; key; key = key->next ) {
     uint64_t keyid;
-- 
2.39.5