]> the.earth.li Git - onak.git/blob - keyd.c
Fix header size for v5 packet sig checks
[onak.git] / keyd.c
1 /*
2  * keyd.c - key retrieval daemon
3  *
4  * Copyright 2004,2011 Jonathan McDowell <noodles@earth.li>
5  *
6  * This program is free software: you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; version 2 of the License.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program.  If not, see <https://www.gnu.org/licenses/>.
17  */
18
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <getopt.h>
22 #include <inttypes.h>
23 #include <signal.h>
24 #include <stdbool.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <sys/select.h>
29 #include <sys/socket.h>
30 #include <sys/types.h>
31 #include <sys/un.h>
32 #include <time.h>
33 #include <unistd.h>
34
35 #include "build-config.h"
36
37 #ifdef HAVE_SYSTEMD
38 #include <systemd/sd-daemon.h>
39 #endif
40
41 #include "charfuncs.h"
42 #include "cleanup.h"
43 #include "keyd.h"
44 #include "keydb.h"
45 #include "keyid.h"
46 #include "keystructs.h"
47 #include "log.h"
48 #include "mem.h"
49 #include "onak-conf.h"
50 #include "parsekey.h"
51
52 /* Maximum number of clients we're prepared to accept at once */
53 #define MAX_CLIENTS 16
54
55 #ifdef HAVE_SYSTEMD
56 static bool using_socket_activation = false;
57 #endif
58
59 static struct keyd_stats *stats;
60
61 static void daemonize(void)
62 {
63         pid_t pid;
64
65         pid = fork();
66
67         if (pid < 0) {
68                 logthing(LOGTHING_CRITICAL,
69                         "Failed to fork into background: %d (%s)",
70                         errno,
71                         strerror(errno));
72                 exit(EXIT_FAILURE);
73         } else if (pid > 0) {
74                 logthing(LOGTHING_INFO, "Backgrounded as pid %d.", pid);
75                 exit(EXIT_SUCCESS);
76         }
77
78         if (setsid() == -1) {
79                 logthing(LOGTHING_CRITICAL,
80                         "Couldn't set process group leader: %d (%s)",
81                         errno,
82                         strerror(errno));
83                 exit(EXIT_FAILURE);
84         }
85
86         if (!freopen("/dev/null", "r", stdin)) {
87                 logthing(LOGTHING_CRITICAL,
88                         "Couldn't reopen stdin to NULL: %d (%s)",
89                         errno,
90                         strerror(errno));
91                 exit(EXIT_FAILURE);
92         }
93         if (!freopen("/dev/null", "w", stdout)) {
94                 logthing(LOGTHING_CRITICAL,
95                         "Couldn't reopen stdout to NULL: %d (%s)",
96                         errno,
97                         strerror(errno));
98                 exit(EXIT_FAILURE);
99         }
100         if (!freopen("/dev/null", "w", stderr)) {
101                 logthing(LOGTHING_CRITICAL,
102                         "Couldn't reopen stderr to NULL: %d (%s)",
103                         errno,
104                         strerror(errno));
105                 exit(EXIT_FAILURE);
106         }
107
108         return;
109 }
110
111 static bool keyd_write_key(int fd, struct openpgp_publickey *key)
112 {
113         struct openpgp_packet_list *packets = NULL;
114         struct openpgp_packet_list *list_end = NULL;
115         struct buffer_ctx           storebuf;
116         ssize_t written;
117         bool    ok = true;
118
119         storebuf.offset = 0;
120         storebuf.size = 8192;
121         storebuf.buffer = malloc(8192);
122
123         flatten_publickey(key,
124                                 &packets,
125                                 &list_end);
126         write_openpgp_stream(buffer_putchar,
127                                 &storebuf,
128                                 packets);
129         logthing(LOGTHING_TRACE,
130                                 "Sending %d bytes.",
131                                 storebuf.offset);
132         written = write(fd, &storebuf.offset,
133                         sizeof(storebuf.offset));
134         if (written == 0) {
135                 ok = false;
136         } else {
137                 written = write(fd, storebuf.buffer,
138                         storebuf.offset);
139                 if (written != storebuf.offset) {
140                         ok = false;
141                 }
142         }
143
144         free(storebuf.buffer);
145         storebuf.buffer = NULL;
146         storebuf.size = storebuf.offset = 0;
147         free_packet_list(packets);
148         packets = list_end = NULL;
149
150         return (ok);
151 }
152
153 static bool keyd_write_reply(int fd, enum keyd_reply _reply)
154 {
155         uint32_t reply = _reply;
156         ssize_t written;
157         bool ok = true;
158
159         written = write(fd, &reply, sizeof(reply));
160         if (written != sizeof(reply)) {
161                 ok = false;
162         }
163
164         return (ok);
165 }
166
167 static bool keyd_write_size(int fd, size_t size)
168 {
169         ssize_t written;
170         bool ok = true;
171
172         written = write(fd, &size, sizeof(size));
173         if (written != sizeof(size)) {
174                 ok = false;
175         }
176
177         return (ok);
178 }
179
180 static void iteratefunc(void *ctx, struct openpgp_publickey *key)
181 {
182         int      *fd = (int *) ctx;
183         uint64_t  keyid;
184
185         if (key != NULL) {
186                 get_keyid(key, &keyid);
187                 logthing(LOGTHING_TRACE,
188                                 "Iterating over 0x%016" PRIX64 ".",
189                                 keyid);
190
191                 keyd_write_key(*fd, key);
192         }
193
194         return;
195 }
196
197 static int sock_init(const char *sockname)
198 {
199         struct sockaddr_un sock;
200         int                fd = -1;
201         int                ret = -1;
202 #ifdef HAVE_SYSTEMD
203         int                n;
204
205         n = sd_listen_fds(0);
206         if (n > 1) {
207                 logthing(LOGTHING_ERROR,
208                         "Too many file descriptors received from systemd.");
209         } else if (n == 1) {
210                 fd = SD_LISTEN_FDS_START + 0;
211                 if (sd_is_socket_unix(fd, SOCK_STREAM, 1, NULL, 0) <= 0) {
212                         logthing(LOGTHING_ERROR,
213                                 "systemd passed an invalid socket.");
214                         fd = -1;
215                 }
216                 using_socket_activation = true;
217         } else {
218 #endif
219                 fd = socket(PF_UNIX, SOCK_STREAM, 0);
220                 if (fd != -1) {
221                         ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
222                 }
223
224                 if (ret != -1) {
225                         sock.sun_family = AF_UNIX;
226                         strncpy(sock.sun_path, sockname,
227                                         sizeof(sock.sun_path) - 1);
228                         unlink(sockname);
229                         ret = bind(fd, (struct sockaddr *) &sock,
230                                         sizeof(sock));
231                 }
232
233                 if (ret != -1) {
234                         ret = listen(fd, 5);
235                         if (ret == -1) {
236                                 close(fd);
237                                 fd = -1;
238                         }
239                 }
240 #ifdef HAVE_SYSTEMD
241         }
242 #endif
243
244         return fd;
245 }
246
247 static int sock_do(struct onak_dbctx *dbctx, int fd)
248 {
249         uint32_t cmd = KEYD_CMD_UNKNOWN;
250         ssize_t  bytes = 0;
251         ssize_t  count = 0;
252         int      ret = 0;
253         uint64_t keyid = 0;
254         char     *search = NULL;
255         struct openpgp_publickey *key = NULL;
256         struct openpgp_packet_list *packets = NULL;
257         struct buffer_ctx storebuf;
258         struct skshash hash;
259         struct openpgp_fingerprint fingerprint;
260
261         /*
262          * Get the command from the client.
263          */
264         bytes = read(fd, &cmd, sizeof(cmd));
265
266         logthing(LOGTHING_DEBUG, "Read %d bytes, command: %d", bytes, cmd);
267
268         if (bytes != sizeof(cmd)) {
269                 ret = 1;
270         }
271         
272         if (ret == 0) {
273                 if (cmd < KEYD_CMD_LAST) {
274                         stats->command_stats[cmd]++;
275                 } else {
276                         stats->command_stats[KEYD_CMD_UNKNOWN]++;
277                 }
278                 switch (cmd) {
279                 case KEYD_CMD_VERSION:
280                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
281                                 ret = 1;
282                         }
283                         if (ret == 0) {
284                                 cmd = sizeof(keyd_version);
285                                 bytes = write(fd, &cmd, sizeof(cmd));
286                                 if (bytes != sizeof(cmd)) {
287                                         ret = 1;
288                                 }
289                         }
290                         if (ret == 0) {
291                                 bytes = write(fd, &keyd_version,
292                                         sizeof(keyd_version));
293                                 if (bytes != sizeof(keyd_version)) {
294                                         ret = 1;
295                                 }
296                         }
297                         break;
298                 case KEYD_CMD_GET_ID:
299                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
300                                 ret = 1;
301                         }
302                         if (ret == 0) {
303                                 bytes = read(fd, &keyid, sizeof(keyid));
304                                 if (bytes != sizeof(keyid)) {
305                                         ret = 1;
306                                 }
307                         }
308                         if (ret == 0) {
309                                 logthing(LOGTHING_INFO,
310                                                 "Fetching 0x%" PRIX64
311                                                 ", result: %d",
312                                                 keyid,
313                                                 dbctx->fetch_key_id(dbctx,
314                                                         keyid,
315                                                         &key, false));
316                                 if (key != NULL) {
317                                         keyd_write_key(fd, key);
318                                         free_publickey(key);
319                                         key = NULL;
320                                 } else {
321                                         if (!keyd_write_size(fd, 0)) {
322                                                 ret = 1;
323                                         }
324                                 }
325                         }
326                         break;
327                 case KEYD_CMD_GET_FP:
328                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
329                                 ret = 1;
330                         }
331                         if (ret == 0) {
332                                 if ((read(fd, &bytes, 1) != 1) ||
333                                                 (bytes > MAX_FINGERPRINT_LEN)) {
334                                         ret = 1;
335                                 } else {
336                                         fingerprint.length = bytes;
337                                         bytes = read(fd, fingerprint.fp,
338                                                 fingerprint.length);
339                                         if (bytes != fingerprint.length) {
340                                                 ret = 1;
341                                         }
342                                 }
343                         }
344                         if (ret == 0) {
345                                 logthing(LOGTHING_INFO,
346                                                 "Fetching by fingerprint"
347                                                 ", result: %d",
348                                                 dbctx->fetch_key_fp(dbctx,
349                                                         &fingerprint,
350                                                         &key, false));
351                                 if (key != NULL) {
352                                         keyd_write_key(fd, key);
353                                         free_publickey(key);
354                                         key = NULL;
355                                 } else {
356                                         if (!keyd_write_size(fd, 0)) {
357                                                 ret = 1;
358                                         }
359                                 }
360                         }
361                         break;
362
363                 case KEYD_CMD_GET_TEXT:
364                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
365                                 ret = 1;
366                         }
367                         if (ret == 0) {
368                                 bytes = read(fd, &count, sizeof(count));
369                                 if (bytes != sizeof(count)) {
370                                         ret = 1;
371                                 }
372                         }
373                         if (ret == 0) {
374                                 search = malloc(count+1);
375                                 bytes = read(fd, search, count);
376                                 if (bytes != count) {
377                                         ret = 1;
378                                         free(search);
379                                         break;
380                                 }
381                                 search[count] = 0;
382                                 logthing(LOGTHING_INFO,
383                                                 "Fetching %s, result: %d",
384                                                 search,
385                                                 dbctx->fetch_key_text(dbctx,
386                                                         search, &key));
387                                 if (key != NULL) {
388                                         keyd_write_key(fd, key);
389                                         free_publickey(key);
390                                         key = NULL;
391                                 } else {
392                                         if (!keyd_write_size(fd, 0)) {
393                                                 ret = 1;
394                                         }
395                                 }
396                                 free(search);
397                         }
398                         break;
399                 case KEYD_CMD_STORE:
400                 case KEYD_CMD_UPDATE:
401                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
402                                 ret = 1;
403                         }
404                         if (ret == 0) {
405                                 bytes = read(fd, &storebuf.size,
406                                         sizeof(storebuf.size));
407                                 logthing(LOGTHING_TRACE, "Reading %d bytes.",
408                                         storebuf.size);
409                                 if (bytes != sizeof(storebuf.size)) {
410                                         ret = 1;
411                                 }
412                         }
413                         if (ret == 0 && storebuf.size > 0) {
414                                 storebuf.buffer = malloc(storebuf.size);
415                                 storebuf.offset = 0;
416                                 bytes = count = 0;
417                                 while (bytes >= 0 && count < storebuf.size) {
418                                         bytes = read(fd,
419                                                 &storebuf.buffer[count],
420                                                 storebuf.size - count);
421                                         logthing(LOGTHING_TRACE,
422                                                         "Read %d bytes.",
423                                                         bytes);
424                                         count += bytes;
425                                 }
426                                 read_openpgp_stream(buffer_fetchchar,
427                                                 &storebuf,
428                                                 &packets,
429                                                 0);
430                                 parse_keys(packets, &key);
431                                 dbctx->store_key(dbctx, key, false,
432                                         (cmd == KEYD_CMD_UPDATE));
433                                 free_packet_list(packets);
434                                 packets = NULL;
435                                 free_publickey(key);
436                                 key = NULL;
437                                 free(storebuf.buffer);
438                                 storebuf.buffer = NULL;
439                                 storebuf.size = storebuf.offset = 0;
440                         }
441                         break;
442                 case KEYD_CMD_DELETE:
443                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
444                                 ret = 1;
445                         }
446                         if (ret == 0) {
447                                 bytes = read(fd, &fingerprint,
448                                                 sizeof(fingerprint));
449                                 if (bytes != sizeof(fingerprint)) {
450                                         ret = 1;
451                                 }
452                         }
453                         if (ret == 0) {
454                                 logthing(LOGTHING_INFO,
455                                                 "Deleting 0x%" PRIX64
456                                                 ", result: %d",
457                                                 keyid,
458                                                 dbctx->delete_key(dbctx,
459                                                         &fingerprint, false));
460                         }
461                         break;
462                 case KEYD_CMD_KEYITER:
463                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
464                                 ret = 1;
465                         }
466                         if (ret == 0) {
467                                 dbctx->iterate_keys(dbctx, iteratefunc,
468                                         &fd);
469                                 if (!keyd_write_size(fd, 0)) {
470                                         ret = 1;
471                                 }
472                         }
473                         break;
474                 case KEYD_CMD_CLOSE:
475                         /* We're going to close the FD even if this fails */
476                         (void) keyd_write_reply(fd, KEYD_REPLY_OK);
477                         ret = 1;
478                         break;
479                 case KEYD_CMD_QUIT:
480                         /* We're going to quit even if this fails */
481                         (void) keyd_write_reply(fd, KEYD_REPLY_OK);
482                         logthing(LOGTHING_NOTICE,
483                                 "Exiting due to quit request.");
484                         ret = 1;
485                         trytocleanup();
486                         break;
487                 case KEYD_CMD_STATS:
488                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
489                                 ret = 1;
490                         }
491                         if (ret == 0) {
492                                 cmd = sizeof(*stats);
493                                 bytes = write(fd, &cmd, sizeof(cmd));
494                                 if (bytes != sizeof(cmd)) {
495                                         ret = 1;
496                                 }
497                         }
498                         if (ret == 0) {
499                                 bytes = write(fd, stats, sizeof(*stats));
500                                 if (bytes != sizeof(*stats)) {
501                                         ret = 1;
502                                 }
503                         }
504                         break;
505                 case KEYD_CMD_GET_SKSHASH:
506                         if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
507                                 ret = 1;
508                         }
509                         if (ret == 0) {
510                                 bytes = read(fd, hash.hash, sizeof(hash.hash));
511                                 if (bytes != sizeof(hash.hash)) {
512                                         ret = 1;
513                                 }
514                         }
515                         if (ret == 0) {
516                                 logthing(LOGTHING_INFO,
517                                                 "Fetching by hash"
518                                                 ", result: %d",
519                                                 dbctx->fetch_key_skshash(dbctx,
520                                                         &hash, &key));
521                                 if (key != NULL) {
522                                         keyd_write_key(fd, key);
523                                         free_publickey(key);
524                                         key = NULL;
525                                 } else {
526                                         if (!keyd_write_size(fd, 0)) {
527                                                 ret = 1;
528                                         }
529                                 }
530                         }
531                         break;
532
533                 default:
534                         logthing(LOGTHING_ERROR, "Got unknown command: %d",
535                                         cmd);
536                         if (!keyd_write_reply(fd, KEYD_REPLY_UNKNOWN_CMD)) {
537                                 ret = 1;
538                         }
539                 }
540         }
541
542         return(ret);
543 }
544
545 static int sock_close(int fd)
546 {
547         shutdown(fd, SHUT_RDWR);
548         return close(fd);
549 }
550
551 static int sock_accept(int fd)
552 {
553         struct sockaddr_un sock;
554         socklen_t          socklen;
555         int    srv = -1;
556         int    ret = -1;
557
558         socklen = sizeof(sock);
559         srv = accept(fd, (struct sockaddr *) &sock, &socklen);
560         if (srv != -1) {
561                 ret = fcntl(srv, F_SETFD, FD_CLOEXEC);
562         }
563
564         if (ret != -1) {
565                 stats->connects++;
566         }
567
568         return (srv);
569 }
570
571 static void usage(void)
572 {
573         puts("keyd " ONAK_VERSION " - backend key serving daemon for the "
574                 "onak PGP keyserver.\n");
575         puts("Usage:\n");
576         puts("\tkeyd [options]\n");
577         puts("\tOptions:\n:");
578         puts("-c <file> - use <file> as the config file");
579         puts("-f        - run in the foreground");
580         puts("-h        - show this help text");
581         exit(EXIT_FAILURE);
582 }
583
584 int main(int argc, char *argv[])
585 {
586         int fd = -1, maxfd, i, clients[MAX_CLIENTS];
587         fd_set rfds = { 0 }; /* Avoid scan-build false report for FD_SET */
588         char sockname[100];
589         char *configfile = NULL;
590         bool foreground = false;
591         int optchar;
592         struct onak_dbctx *dbctx;
593
594         while ((optchar = getopt(argc, argv, "c:fh")) != -1 ) {
595                 switch (optchar) {
596                 case 'c':
597                         if (configfile != NULL) {
598                                 free(configfile);
599                         }
600                         configfile = strdup(optarg);
601                         break;
602                 case 'f':
603                         foreground = true;
604                         break;
605                 case 'h':
606                 default:
607                         usage();
608                         break;
609                 }
610         }
611
612         readconfig(configfile);
613         free(configfile);
614         configfile = NULL;
615         initlogthing("keyd", config.logfile);
616         config.use_keyd = false;
617
618         if (!foreground) {
619                 daemonize();
620         }
621
622         catchsignals();
623         signal(SIGPIPE, SIG_IGN);
624
625
626         stats = calloc(1, sizeof(*stats));
627         if (!stats) {
628                 logthing(LOGTHING_ERROR,
629                         "Couldn't allocate memory for stats structure.");
630                 exit(EXIT_FAILURE);
631         }
632         stats->started = time(NULL);
633
634         snprintf(sockname, sizeof(sockname) - 1, "%s/%s",
635                         config.sock_dir, KEYD_SOCKET);
636         fd = sock_init(sockname);
637
638         if (fd != -1) {
639                 FD_ZERO(&rfds);
640                 FD_SET(fd, &rfds);
641                 maxfd = fd;
642                 memset(clients, -1, sizeof (clients));
643
644                 dbctx = config.dbinit(config.backend, false);
645
646                 logthing(LOGTHING_NOTICE, "Accepting connections.");
647                 while (!cleanup() && select(maxfd + 1, &rfds, NULL, NULL, NULL) != -1) {
648                         /*
649                          * Deal with existing clients first; if we're at our
650                          * connection limit then processing them might free
651                          * things up and let us accept the next client below.
652                          */
653                         for (i = 0; i < MAX_CLIENTS; i++) {
654                                 if (clients[i] != -1 &&
655                                                 FD_ISSET(clients[i], &rfds)) {
656                                         logthing(LOGTHING_DEBUG,
657                                                 "Handling connection for client %d.", i);
658                                         if (sock_do(dbctx, clients[i])) {
659                                                 sock_close(clients[i]);
660                                                 clients[i] = -1;
661                                                 logthing(LOGTHING_DEBUG,
662                                                         "Closed connection for client %d.", i);
663                                         }
664                                 }
665                         }
666                         /*
667                          * Check if we have a new incoming connection to accept.
668                          */
669                         if (FD_ISSET(fd, &rfds)) {
670                                 for (i = 0; i < MAX_CLIENTS; i++) {
671                                         if (clients[i] == -1) {
672                                                 break;
673                                         }
674                                 }
675                                 if (i < MAX_CLIENTS) {
676                                         logthing(LOGTHING_INFO,
677                                                 "Accepted connection %d.", i);
678                                         clients[i] = sock_accept(fd);
679                                 }
680                         }
681                         FD_ZERO(&rfds);
682                         FD_SET(fd, &rfds);
683                         maxfd = fd;
684                         for (i = 0; i < MAX_CLIENTS; i++) {
685                                 if (clients[i] != -1) {
686                                         FD_SET(clients[i], &rfds);
687                                         maxfd = (maxfd > clients[i]) ?
688                                                         maxfd : clients[i];
689                                 }
690                         }
691                 }
692                 dbctx->cleanupdb(dbctx);
693 #ifdef HAVE_SYSTEMD
694                 if (!using_socket_activation) {
695 #endif
696                         sock_close(fd);
697                         unlink(sockname);
698 #ifdef HAVE_SYSTEMD
699                 }
700 #endif
701         }
702
703         free(stats);
704
705         cleanuplogthing();
706         cleanupconfig();
707
708         return(EXIT_SUCCESS);
709 }