2 * keyd.c - key retrieval daemon
4 * Copyright 2004,2011 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
27 #include <sys/select.h>
28 #include <sys/socket.h>
29 #include <sys/types.h>
34 #include "charfuncs.h"
39 #include "keystructs.h"
42 #include "onak-conf.h"
46 /* Maximum number of clients we're prepared to accept at once */
47 #define MAX_CLIENTS 16
49 static struct keyd_stats *stats;
51 static void daemonize(void)
58 logthing(LOGTHING_CRITICAL,
59 "Failed to fork into background: %d (%s)",
64 logthing(LOGTHING_INFO, "Backgrounded as pid %d.", pid);
69 logthing(LOGTHING_CRITICAL,
70 "Couldn't set process group leader: %d (%s)",
76 if (!freopen("/dev/null", "r", stdin)) {
77 logthing(LOGTHING_CRITICAL,
78 "Couldn't reopen stdin to NULL: %d (%s)",
83 if (!freopen("/dev/null", "w", stdout)) {
84 logthing(LOGTHING_CRITICAL,
85 "Couldn't reopen stdout to NULL: %d (%s)",
90 if (!freopen("/dev/null", "w", stderr)) {
91 logthing(LOGTHING_CRITICAL,
92 "Couldn't reopen stderr to NULL: %d (%s)",
101 static bool keyd_write_key(int fd, struct openpgp_publickey *key)
103 struct openpgp_packet_list *packets = NULL;
104 struct openpgp_packet_list *list_end = NULL;
105 struct buffer_ctx storebuf;
110 storebuf.size = 8192;
111 storebuf.buffer = malloc(8192);
113 flatten_publickey(key,
116 write_openpgp_stream(buffer_putchar,
119 logthing(LOGTHING_TRACE,
122 written = write(fd, &storebuf.offset,
123 sizeof(storebuf.offset));
127 written = write(fd, storebuf.buffer,
129 if (written != storebuf.offset) {
134 free(storebuf.buffer);
135 storebuf.buffer = NULL;
136 storebuf.size = storebuf.offset = 0;
137 free_packet_list(packets);
138 packets = list_end = NULL;
143 static bool keyd_write_reply(int fd, enum keyd_reply _reply)
145 uint32_t reply = _reply;
149 written = write(fd, &reply, sizeof(reply));
150 if (written != sizeof(reply)) {
157 static bool keyd_write_size(int fd, size_t size)
162 written = write(fd, &size, sizeof(size));
163 if (written != sizeof(size)) {
170 static void iteratefunc(void *ctx, struct openpgp_publickey *key)
172 int *fd = (int *) ctx;
176 get_keyid(key, &keyid);
177 logthing(LOGTHING_TRACE,
178 "Iterating over 0x%016" PRIX64 ".",
181 keyd_write_key(*fd, key);
187 static int sock_init(const char *sockname)
189 struct sockaddr_un sock;
193 fd = socket(PF_UNIX, SOCK_STREAM, 0);
195 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
199 sock.sun_family = AF_UNIX;
200 strncpy(sock.sun_path, sockname, sizeof(sock.sun_path) - 1);
202 ret = bind(fd, (struct sockaddr *) &sock, sizeof(sock));
216 static int sock_do(struct onak_dbctx *dbctx, int fd)
218 uint32_t cmd = KEYD_CMD_UNKNOWN;
224 struct openpgp_publickey *key = NULL;
225 struct openpgp_packet_list *packets = NULL;
226 struct buffer_ctx storebuf;
228 struct openpgp_fingerprint fingerprint;
231 * Get the command from the client.
233 bytes = read(fd, &cmd, sizeof(cmd));
235 logthing(LOGTHING_DEBUG, "Read %d bytes, command: %d", bytes, cmd);
237 if (bytes != sizeof(cmd)) {
242 if (cmd < KEYD_CMD_LAST) {
243 stats->command_stats[cmd]++;
245 stats->command_stats[KEYD_CMD_UNKNOWN]++;
248 case KEYD_CMD_VERSION:
249 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
253 cmd = sizeof(keyd_version);
254 bytes = write(fd, &cmd, sizeof(cmd));
255 if (bytes != sizeof(cmd)) {
260 bytes = write(fd, &keyd_version,
261 sizeof(keyd_version));
262 if (bytes != sizeof(keyd_version)) {
267 case KEYD_CMD_GET_ID:
268 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
272 bytes = read(fd, &keyid, sizeof(keyid));
273 if (bytes != sizeof(keyid)) {
278 logthing(LOGTHING_INFO,
279 "Fetching 0x%" PRIX64
282 dbctx->fetch_key_id(dbctx,
286 keyd_write_key(fd, key);
290 if (!keyd_write_size(fd, 0)) {
296 case KEYD_CMD_GET_FP:
297 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
301 if ((read(fd, &bytes, 1) != 1) ||
302 (bytes > MAX_FINGERPRINT_LEN)) {
305 fingerprint.length = bytes;
306 bytes = read(fd, fingerprint.fp,
308 if (bytes != fingerprint.length) {
314 logthing(LOGTHING_INFO,
315 "Fetching by fingerprint"
317 dbctx->fetch_key_fp(dbctx,
321 keyd_write_key(fd, key);
325 if (!keyd_write_size(fd, 0)) {
332 case KEYD_CMD_GET_TEXT:
333 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
337 bytes = read(fd, &count, sizeof(count));
338 if (bytes != sizeof(count)) {
343 search = malloc(count+1);
344 bytes = read(fd, search, count);
345 if (bytes != count) {
350 logthing(LOGTHING_INFO,
351 "Fetching %s, result: %d",
353 dbctx->fetch_key_text(dbctx,
356 keyd_write_key(fd, key);
360 if (!keyd_write_size(fd, 0)) {
368 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
372 bytes = read(fd, &storebuf.size,
373 sizeof(storebuf.size));
374 logthing(LOGTHING_TRACE, "Reading %d bytes.",
376 if (bytes != sizeof(storebuf.size)) {
380 if (ret == 0 && storebuf.size > 0) {
381 storebuf.buffer = malloc(storebuf.size);
384 while (bytes >= 0 && count < storebuf.size) {
386 &storebuf.buffer[count],
387 storebuf.size - count);
388 logthing(LOGTHING_TRACE,
393 read_openpgp_stream(buffer_fetchchar,
397 parse_keys(packets, &key);
398 dbctx->store_key(dbctx, key, false, false);
399 free_packet_list(packets);
403 free(storebuf.buffer);
404 storebuf.buffer = NULL;
405 storebuf.size = storebuf.offset = 0;
408 case KEYD_CMD_DELETE:
409 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
413 bytes = read(fd, &keyid, sizeof(keyid));
414 if (bytes != sizeof(keyid)) {
419 logthing(LOGTHING_INFO,
420 "Deleting 0x%" PRIX64
423 dbctx->delete_key(dbctx,
427 case KEYD_CMD_GETFULLKEYID:
428 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
432 bytes = read(fd, &keyid, sizeof(keyid));
433 if (bytes != sizeof(keyid)) {
438 keyid = dbctx->getfullkeyid(dbctx, keyid);
440 bytes = write(fd, &cmd, sizeof(cmd));
441 if (bytes != sizeof(cmd)) {
446 bytes = write(fd, &keyid, sizeof(keyid));
447 if (bytes != sizeof(keyid)) {
452 case KEYD_CMD_KEYITER:
453 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
457 dbctx->iterate_keys(dbctx, iteratefunc,
459 if (!keyd_write_size(fd, 0)) {
465 /* We're going to close the FD even if this fails */
466 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
470 /* We're going to quit even if this fails */
471 (void) keyd_write_reply(fd, KEYD_REPLY_OK);
472 logthing(LOGTHING_NOTICE,
473 "Exiting due to quit request.");
478 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
482 cmd = sizeof(*stats);
483 bytes = write(fd, &cmd, sizeof(cmd));
484 if (bytes != sizeof(cmd)) {
489 bytes = write(fd, stats, sizeof(*stats));
490 if (bytes != sizeof(*stats)) {
495 case KEYD_CMD_GET_SKSHASH:
496 if (!keyd_write_reply(fd, KEYD_REPLY_OK)) {
500 bytes = read(fd, hash.hash, sizeof(hash.hash));
501 if (bytes != sizeof(hash.hash)) {
506 logthing(LOGTHING_INFO,
509 dbctx->fetch_key_skshash(dbctx,
512 keyd_write_key(fd, key);
516 if (!keyd_write_size(fd, 0)) {
524 logthing(LOGTHING_ERROR, "Got unknown command: %d",
526 if (!keyd_write_reply(fd, KEYD_REPLY_UNKNOWN_CMD)) {
535 static int sock_close(int fd)
537 shutdown(fd, SHUT_RDWR);
541 static int sock_accept(int fd)
543 struct sockaddr_un sock;
548 socklen = sizeof(sock);
549 srv = accept(fd, (struct sockaddr *) &sock, &socklen);
551 ret = fcntl(srv, F_SETFD, FD_CLOEXEC);
561 static void usage(void)
563 puts("keyd " ONAK_VERSION " - backend key serving daemon for the "
564 "onak PGP keyserver.\n");
566 puts("\tkeyd [options]\n");
567 puts("\tOptions:\n:");
568 puts("-c <file> - use <file> as the config file");
569 puts("-f - run in the foreground");
570 puts("-h - show this help text");
574 int main(int argc, char *argv[])
576 int fd = -1, maxfd, i, clients[MAX_CLIENTS];
579 char *configfile = NULL;
580 bool foreground = false;
582 struct onak_dbctx *dbctx;
584 while ((optchar = getopt(argc, argv, "c:fh")) != -1 ) {
587 if (configfile != NULL) {
590 configfile = strdup(optarg);
602 readconfig(configfile);
605 initlogthing("keyd", config.logfile);
606 config.use_keyd = false;
613 signal(SIGPIPE, SIG_IGN);
616 stats = calloc(1, sizeof(*stats));
618 logthing(LOGTHING_ERROR,
619 "Couldn't allocate memory for stats structure.");
622 stats->started = time(NULL);
624 snprintf(sockname, 1023, "%s/%s", config.db_dir, KEYD_SOCKET);
625 fd = sock_init(sockname);
631 memset(clients, -1, sizeof (clients));
633 dbctx = config.dbinit(false);
635 logthing(LOGTHING_NOTICE, "Accepting connections.");
636 while (!cleanup() && select(maxfd + 1, &rfds, NULL, NULL, NULL) != -1) {
638 * Deal with existing clients first; if we're at our
639 * connection limit then processing them might free
640 * things up and let us accept the next client below.
642 for (i = 0; i < MAX_CLIENTS; i++) {
643 if (clients[i] != -1 &&
644 FD_ISSET(clients[i], &rfds)) {
645 logthing(LOGTHING_DEBUG,
646 "Handling connection for client %d.", i);
647 if (sock_do(dbctx, clients[i])) {
648 sock_close(clients[i]);
650 logthing(LOGTHING_DEBUG,
651 "Closed connection for client %d.", i);
656 * Check if we have a new incoming connection to accept.
658 if (FD_ISSET(fd, &rfds)) {
659 for (i = 0; i < MAX_CLIENTS; i++) {
660 if (clients[i] == -1) {
664 if (i < MAX_CLIENTS) {
665 logthing(LOGTHING_INFO,
666 "Accepted connection %d.", i);
667 clients[i] = sock_accept(fd);
673 for (i = 0; i < MAX_CLIENTS; i++) {
674 if (clients[i] != -1) {
675 FD_SET(clients[i], &rfds);
676 maxfd = (maxfd > clients[i]) ?
681 dbctx->cleanupdb(dbctx);
691 return(EXIT_SUCCESS);