2 * keydb_db4.c - Routines to store and fetch keys in a DB4 database.
4 * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 #include <sys/types.h>
35 #include "charfuncs.h"
39 #include "decodekey.h"
40 #include "keystructs.h"
45 #include "onak-conf.h"
49 #define DB4_UPGRADE_FILE "db_upgrade.lck"
51 struct onak_db4_dbctx {
52 DB_ENV *dbenv; /* The database environment context */
53 int numdbs; /* Number of data databases in use */
54 DB **dbconns; /* Connections to the key data databases */
55 DB *worddb; /* Connection to the word lookup database */
56 DB *id32db; /* Connection to the 32 bit ID lookup database */
57 DB *id64db; /* Connection to the 64 bit ID lookup database */
58 DB *skshashdb; /* Connection to the SKS hash database */
59 DB *subkeydb; /* Connection to the subkey ID lookup database */
60 DB_TXN *txn; /* Our current transaction ID */
63 DB *keydb_id(struct onak_db4_dbctx *privctx, uint64_t keyid)
69 return(privctx->dbconns[keytrun % privctx->numdbs]);
72 DB *keydb_fp(struct onak_db4_dbctx *privctx, struct openpgp_fingerprint *fp)
76 keytrun = (fp->fp[4] << 24) |
81 return(privctx->dbconns[keytrun % privctx->numdbs]);
85 * db4_errfunc - Direct DB errors to logfile
87 * Basic function to take errors from the DB library and output them to
88 * the logfile rather than stderr.
90 #if (DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR < 3)
91 static void db4_errfunc(const char *errpfx, const char *errmsg)
93 static void db4_errfunc(const DB_ENV *edbenv, const char *errpfx,
98 logthing(LOGTHING_DEBUG, "db4 error: %s:%s", errpfx, errmsg);
100 logthing(LOGTHING_DEBUG, "db4 error: %s", errmsg);
107 * starttrans - Start a transaction.
109 * Start a transaction. Intended to be used if we're about to perform many
110 * operations on the database to help speed it all up, or if we want
111 * something to only succeed if all relevant operations are successful.
113 static bool db4_starttrans(struct onak_dbctx *dbctx)
115 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
118 log_assert(privctx->dbenv != NULL);
119 log_assert(privctx->txn == NULL);
121 ret = privctx->dbenv->txn_begin(privctx->dbenv,
122 NULL, /* No parent transaction */
126 logthing(LOGTHING_CRITICAL,
127 "Error starting transaction: %s",
136 * endtrans - End a transaction.
138 * Ends a transaction.
140 static void db4_endtrans(struct onak_dbctx *dbctx)
142 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
145 log_assert(privctx->dbenv != NULL);
146 log_assert(privctx->txn != NULL);
148 ret = privctx->txn->commit(privctx->txn,
151 logthing(LOGTHING_CRITICAL,
152 "Error ending transaction: %s",
162 * db4_upgradedb - Upgrade a DB4 database
164 * Called if we discover we need to upgrade our DB4 database; ie if
165 * we're running with a newer version of db4 than the database was
168 static int db4_upgradedb(struct onak_dbctx *dbctx)
170 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
179 snprintf(buf, sizeof(buf) - 1, "%s/%s", dbctx->config->location,
181 lockfile_fd = open(buf, O_RDWR | O_CREAT | O_EXCL, 0600);
182 if (lockfile_fd < 0) {
183 if (errno == EEXIST) {
184 while (stat(buf, &statbuf) == 0) ;
187 logthing(LOGTHING_CRITICAL, "Couldn't open database "
188 "update lock file: %s", strerror(errno));
192 snprintf(buf, sizeof(buf) - 1, "%d", getpid());
193 written = write(lockfile_fd, buf, strlen(buf));
195 if (written != strlen(buf)) {
196 logthing(LOGTHING_CRITICAL, "Couldn't write PID to lockfile: "
197 "%s", strerror(errno));
198 snprintf(buf, sizeof(buf) - 1, "%s/%s", dbctx->config->location,
204 logthing(LOGTHING_NOTICE, "Upgrading DB4 database");
205 ret = db_env_create(&privctx->dbenv, 0);
207 privctx->dbenv->set_errcall(privctx->dbenv, &db4_errfunc);
208 privctx->dbenv->remove(privctx->dbenv, dbctx->config->location, 0);
209 privctx->dbenv = NULL;
211 for (i = 0; i < privctx->numdbs; i++) {
212 ret = db_create(&curdb, NULL, 0);
214 snprintf(buf, sizeof(buf) - 1, "%s/keydb.%d.db",
215 dbctx->config->location, i);
216 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
217 curdb->upgrade(curdb, buf, 0);
218 curdb->close(curdb, 0);
220 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
226 ret = db_create(&curdb, NULL, 0);
228 snprintf(buf, sizeof(buf) - 1, "%s/worddb", dbctx->config->location);
229 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
230 curdb->upgrade(curdb, buf, 0);
231 curdb->close(curdb, 0);
233 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
238 ret = db_create(&curdb, NULL, 0);
240 snprintf(buf, sizeof(buf) - 1, "%s/id32db", dbctx->config->location);
241 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
242 curdb->upgrade(curdb, buf, 0);
243 curdb->close(curdb, 0);
245 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
250 ret = db_create(&curdb, NULL, 0);
252 snprintf(buf, sizeof(buf) - 1, "%s/id64db", dbctx->config->location);
253 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
254 curdb->upgrade(curdb, buf, 0);
255 curdb->close(curdb, 0);
257 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
262 ret = db_create(&curdb, NULL, 0);
264 snprintf(buf, sizeof(buf) - 1, "%s/skshashdb", dbctx->config->location);
265 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
266 curdb->upgrade(curdb, buf, 0);
267 curdb->close(curdb, 0);
269 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
274 ret = db_create(&curdb, NULL, 0);
276 snprintf(buf, sizeof(buf) - 1, "%s/subkeydb", dbctx->config->location);
277 logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
278 curdb->upgrade(curdb, buf, 0);
279 curdb->close(curdb, 0);
281 logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
286 snprintf(buf, sizeof(buf) - 1, "%s/%s", dbctx->config->location,
294 * getfullkeyid - Maps a 32bit key id to a 64bit one.
295 * @keyid: The 32bit keyid.
297 * This function maps a 32bit key id to the full 64bit one. It returns the
298 * full keyid. If the key isn't found a keyid of 0 is returned.
300 static uint64_t db4_getfullkeyid(struct onak_dbctx *dbctx, uint64_t keyid)
302 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
305 uint32_t shortkeyid = 0;
309 if (keyid < 0x100000000LL) {
310 ret = privctx->id32db->cursor(privctx->id32db,
319 shortkeyid = keyid & 0xFFFFFFFF;
321 memset(&key, 0, sizeof(key));
322 memset(&data, 0, sizeof(data));
323 key.data = &shortkeyid;
324 key.size = sizeof(shortkeyid);
325 data.flags = DB_DBT_MALLOC;
327 ret = cursor->c_get(cursor,
333 if (data.size == 8) {
334 keyid = * (uint64_t *) data.data;
337 for (i = 12; i < 20; i++) {
339 keyid |= ((uint8_t *) data.data)[i];
343 if (data.data != NULL) {
349 cursor->c_close(cursor);
357 * fetch_key_fp - Given a fingerprint fetch the key from storage.
359 static int db4_fetch_key_fp(struct onak_dbctx *dbctx,
360 struct openpgp_fingerprint *fingerprint,
361 struct openpgp_publickey **publickey,
364 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
365 struct openpgp_packet_list *packets = NULL;
369 struct buffer_ctx fetchbuf;
370 struct openpgp_fingerprint subfp;
372 memset(&key, 0, sizeof(key));
373 memset(&data, 0, sizeof(data));
378 key.size = fingerprint->length;
379 key.data = fingerprint->fp;
382 db4_starttrans(dbctx);
385 ret = keydb_fp(privctx, fingerprint)->get(keydb_fp(privctx,
392 if (ret == DB_NOTFOUND) {
393 /* If we didn't find the key ID see if it's a subkey ID */
394 memset(&key, 0, sizeof(key));
395 memset(&data, 0, sizeof(data));
396 data.data = subfp.fp;
397 data.ulen = MAX_FINGERPRINT_LEN;
398 data.flags = DB_DBT_USERMEM;
399 key.data = fingerprint->fp;
400 key.size = fingerprint->length;
402 ret = privctx->subkeydb->get(privctx->subkeydb,
409 /* We got a subkey match; retrieve the actual key */
410 memset(&key, 0, sizeof(key));
411 key.size = subfp.length = data.size;
414 memset(&data, 0, sizeof(data));
418 ret = keydb_fp(privctx, &subfp)->get(
419 keydb_fp(privctx, &subfp),
428 fetchbuf.buffer = data.data;
430 fetchbuf.size = data.size;
431 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
433 parse_keys(packets, publickey);
434 free_packet_list(packets);
437 } else if (ret != DB_NOTFOUND) {
438 logthing(LOGTHING_ERROR,
439 "Problem retrieving key: %s",
451 * fetch_key_id - Given a keyid fetch the key from storage.
452 * @keyid: The keyid to fetch.
453 * @publickey: A pointer to a structure to return the key in.
454 * @intrans: If we're already in a transaction.
456 * We use the hex representation of the keyid as the filename to fetch the
457 * key from. The key is stored in the file as a binary OpenPGP stream of
458 * packets, so we can just use read_openpgp_stream() to read the packets
459 * in and then parse_keys() to parse the packets into a publickey
462 static int db4_fetch_key_id(struct onak_dbctx *dbctx, uint64_t keyid,
463 struct openpgp_publickey **publickey,
466 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
467 struct openpgp_packet_list *packets = NULL;
471 struct buffer_ctx fetchbuf;
472 struct openpgp_fingerprint fingerprint;
474 if (keyid < 0x100000000LL) {
475 keyid = db4_getfullkeyid(dbctx, keyid);
478 memset(&key, 0, sizeof(key));
479 memset(&data, 0, sizeof(data));
484 key.size = sizeof(keyid);
488 db4_starttrans(dbctx);
492 * First we try a legacy stored key where we used the 64 bit key ID
495 ret = keydb_id(privctx, keyid)->get(keydb_id(privctx, keyid),
501 if (ret == DB_NOTFOUND) {
502 /* If we didn't find the key ID try the 64 bit map DB */
503 memset(&key, 0, sizeof(key));
504 memset(&data, 0, sizeof(data));
505 data.ulen = MAX_FINGERPRINT_LEN;
506 data.data = fingerprint.fp;
507 data.flags = DB_DBT_USERMEM;
508 key.size = sizeof(keyid);
511 ret = privctx->id64db->get(privctx->id64db,
518 /* We got a match; retrieve the actual key */
519 fingerprint.length = data.size;
521 memset(&key, 0, sizeof(key));
522 memset(&data, 0, sizeof(data));
523 key.size = fingerprint.length;
524 key.data = fingerprint.fp;
526 ret = keydb_fp(privctx, &fingerprint)->get(
527 keydb_fp(privctx, &fingerprint),
536 fetchbuf.buffer = data.data;
538 fetchbuf.size = data.size;
539 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
541 parse_keys(packets, publickey);
542 free_packet_list(packets);
545 } else if (ret != DB_NOTFOUND) {
546 logthing(LOGTHING_ERROR,
547 "Problem retrieving key: %s",
559 int worddb_cmp(const void *d1, const void *d2)
561 return memcmp(d1, d2, 12);
565 * fetch_key_text - Trys to find the keys that contain the supplied text.
566 * @search: The text to search for.
567 * @publickey: A pointer to a structure to return the key in.
569 * This function searches for the supplied text and returns the keys that
572 static int db4_fetch_key_text(struct onak_dbctx *dbctx, const char *search,
573 struct openpgp_publickey **publickey)
575 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
582 char *searchtext = NULL;
583 struct ll *wordlist = NULL;
584 struct ll *curword = NULL;
585 struct keyarray keylist = { NULL, 0, 0 };
586 struct keyarray newkeylist = { NULL, 0, 0 };
588 struct openpgp_fingerprint fingerprint;
591 searchtext = strdup(search);
592 wordlist = makewordlist(wordlist, searchtext);
594 for (curword = wordlist; curword != NULL; curword = curword->next) {
595 db4_starttrans(dbctx);
597 ret = privctx->worddb->cursor(privctx->worddb,
607 memset(&key, 0, sizeof(key));
608 memset(&data, 0, sizeof(data));
609 key.data = curword->object;
610 key.size = strlen(curword->object);
611 data.flags = DB_DBT_MALLOC;
612 ret = cursor->c_get(cursor,
616 while (ret == 0 && strncmp(key.data, curword->object,
618 ((char *) curword->object)[key.size] == 0) {
619 if (data.size == 12) {
620 /* Old style creation + key id */
621 fingerprint.length = 8;
622 for (i = 4; i < 12; i++) {
623 fingerprint.fp[i - 4] =
628 fingerprint.length = data.size;
629 memcpy(fingerprint.fp, data.data, data.size);
633 * Only add the keys containing this word if this is
634 * our first pass (ie we have no existing key list),
635 * or the key contained a previous word.
637 if (firstpass || array_find(&keylist, &fingerprint)) {
638 array_add(&newkeylist, &fingerprint);
644 ret = cursor->c_get(cursor,
649 array_free(&keylist);
650 keylist.keys = newkeylist.keys;
651 keylist.count = newkeylist.count;
652 keylist.size = newkeylist.size;
653 newkeylist.keys = NULL;
654 newkeylist.count = newkeylist.size = 0;
655 if (data.data != NULL) {
659 cursor->c_close(cursor);
664 llfree(wordlist, NULL);
667 if (keylist.count > config.maxkeys) {
668 keylist.count = config.maxkeys;
671 db4_starttrans(dbctx);
672 for (i = 0; i < keylist.count; i++) {
673 if (keylist.keys[i].length == 8) {
675 for (int j = 0; j < 8; j++) {
677 keyid |= keylist.keys[i].fp[j];
679 numkeys += db4_fetch_key_id(dbctx, keyid,
683 numkeys += db4_fetch_key_fp(dbctx, &keylist.keys[i],
688 array_free(&keylist);
697 static int db4_fetch_key_skshash(struct onak_dbctx *dbctx,
698 const struct skshash *hash,
699 struct openpgp_publickey **publickey)
701 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
707 struct openpgp_fingerprint fingerprint;
709 ret = privctx->skshashdb->cursor(privctx->skshashdb,
718 memset(&key, 0, sizeof(key));
719 memset(&data, 0, sizeof(data));
720 key.data = (void *) hash->hash;
721 key.size = sizeof(hash->hash);
722 data.flags = DB_DBT_MALLOC;
724 ret = cursor->c_get(cursor,
730 if (data.size == 8) {
731 /* Legacy key ID record */
732 keyid = *(uint64_t *) data.data;
733 count = db4_fetch_key_id(dbctx, keyid, publickey,
736 fingerprint.length = data.size;
737 memcpy(fingerprint.fp, data.data, data.size);
738 count = db4_fetch_key_fp(dbctx, &fingerprint,
742 if (data.data != NULL) {
748 cursor->c_close(cursor);
755 * delete_key - Given a keyid delete the key from storage.
756 * @keyid: The keyid to delete.
757 * @intrans: If we're already in a transaction.
759 * This function deletes a public key from whatever storage mechanism we
760 * are using. Returns 0 if the key existed.
762 static int db4_delete_key(struct onak_dbctx *dbctx,
763 uint64_t keyid, bool intrans)
765 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
766 struct openpgp_publickey *publickey = NULL;
769 DBC *cursor64 = NULL;
770 uint32_t shortkeyid = 0;
771 uint64_t subkeyid = 0;
772 struct openpgp_fingerprint *subkeyids = NULL;
776 char *primary = NULL;
777 unsigned char worddb_data[12];
778 struct ll *wordlist = NULL;
779 struct ll *curword = NULL;
780 bool deadlock = false;
782 struct openpgp_fingerprint fingerprint;
785 db4_starttrans(dbctx);
788 if (db4_fetch_key_id(dbctx, keyid, &publickey, true) == 0) {
795 get_fingerprint(publickey->publickey, &fingerprint);
798 * Walk through the uids removing the words from the worddb.
800 if (publickey != NULL) {
801 uids = keyuids(publickey, &primary);
804 for (i = 0; ret == 0 && uids[i] != NULL; i++) {
805 wordlist = makewordlist(wordlist, uids[i]);
808 privctx->worddb->cursor(privctx->worddb,
813 for (curword = wordlist; curword != NULL && !deadlock;
814 curword = curword->next) {
815 memset(&key, 0, sizeof(key));
816 memset(&data, 0, sizeof(data));
817 key.data = curword->object;
818 key.size = strlen(key.data);
819 data.data = worddb_data;
820 data.size = sizeof(worddb_data);
823 * Old format word db data was the key creation time
824 * followed by the 64 bit key id.
826 worddb_data[ 0] = publickey->publickey->data[1];
827 worddb_data[ 1] = publickey->publickey->data[2];
828 worddb_data[ 2] = publickey->publickey->data[3];
829 worddb_data[ 3] = publickey->publickey->data[4];
830 worddb_data[ 4] = (keyid >> 56) & 0xFF;
831 worddb_data[ 5] = (keyid >> 48) & 0xFF;
832 worddb_data[ 6] = (keyid >> 40) & 0xFF;
833 worddb_data[ 7] = (keyid >> 32) & 0xFF;
834 worddb_data[ 8] = (keyid >> 24) & 0xFF;
835 worddb_data[ 9] = (keyid >> 16) & 0xFF;
836 worddb_data[10] = (keyid >> 8) & 0xFF;
837 worddb_data[11] = keyid & 0xFF;
839 ret = cursor->c_get(cursor,
845 cursor->c_del(cursor, 0);
848 /* New style just uses the fingerprint as the data */
849 memset(&key, 0, sizeof(key));
850 memset(&data, 0, sizeof(data));
851 key.data = curword->object;
852 key.size = strlen(key.data);
853 data.data = fingerprint.fp;
854 data.size = fingerprint.length;
856 ret = cursor->c_get(cursor,
862 ret = cursor->c_del(cursor, 0);
865 if (ret != 0 && ret != DB_NOTFOUND) {
866 logthing(LOGTHING_ERROR,
867 "Problem deleting word: %s "
868 "(0x%016" PRIX64 ")",
871 if (ret == DB_LOCK_DEADLOCK) {
876 cursor->c_close(cursor);
880 * Free our UID and word lists.
882 llfree(wordlist, NULL);
883 for (i = 0; uids[i] != NULL; i++) {
892 privctx->id32db->cursor(privctx->id32db,
896 privctx->id64db->cursor(privctx->id64db,
901 shortkeyid = keyid & 0xFFFFFFFF;
903 /* Old style mapping to 64 bit key id */
904 memset(&key, 0, sizeof(key));
905 memset(&data, 0, sizeof(data));
906 key.data = &shortkeyid;
907 key.size = sizeof(shortkeyid);
909 data.size = sizeof(keyid);
911 ret = cursor->c_get(cursor,
917 cursor->c_del(cursor, 0);
920 /* New style mapping to fingerprint */
921 memset(&key, 0, sizeof(key));
922 memset(&data, 0, sizeof(data));
923 key.data = &shortkeyid;
924 key.size = sizeof(shortkeyid);
925 data.data = fingerprint.fp;
926 data.size = fingerprint.length;
928 ret = cursor->c_get(cursor,
934 ret = cursor->c_del(cursor, 0);
937 if (ret != 0 && ret != DB_NOTFOUND) {
938 logthing(LOGTHING_ERROR,
939 "Problem deleting short keyid: %s "
940 "(0x%016" PRIX64 ")",
943 if (ret == DB_LOCK_DEADLOCK) {
948 /* 64 bit key mapping to fingerprint */
949 memset(&key, 0, sizeof(key));
950 memset(&data, 0, sizeof(data));
952 key.size = sizeof(keyid);
953 data.data = fingerprint.fp;
954 data.size = fingerprint.length;
956 ret = cursor64->c_get(cursor64,
962 ret = cursor64->c_del(cursor64, 0);
965 if (ret != 0 && ret != DB_NOTFOUND) {
966 logthing(LOGTHING_ERROR,
967 "Problem deleting keyid: %s "
968 "(0x%016" PRIX64 ")",
971 if (ret == DB_LOCK_DEADLOCK) {
976 subkeyids = keysubkeys(publickey);
978 while (subkeyids != NULL && subkeyids[i].length != 0) {
979 subkeyid = fingerprint2keyid(&subkeyids[i]);
980 memset(&key, 0, sizeof(key));
981 key.data = subkeyids[i].fp;
982 key.size = subkeyids[i].length;
983 privctx->subkeydb->del(privctx->subkeydb,
984 privctx->txn, &key, 0);
985 if (ret != 0 && ret != DB_NOTFOUND) {
986 logthing(LOGTHING_ERROR,
987 "Problem deleting subkey id: %s "
988 "(0x%016" PRIX64 ")",
991 if (ret == DB_LOCK_DEADLOCK) {
996 shortkeyid = subkeyid & 0xFFFFFFFF;
998 /* Remove 32 bit keyid -> 64 bit keyid mapping */
999 memset(&key, 0, sizeof(key));
1000 memset(&data, 0, sizeof(data));
1001 key.data = &shortkeyid;
1002 key.size = sizeof(shortkeyid);
1004 data.size = sizeof(keyid);
1006 ret = cursor->c_get(cursor,
1012 cursor->c_del(cursor, 0);
1015 /* Remove 32 bit keyid -> fingerprint mapping */
1016 memset(&key, 0, sizeof(key));
1017 memset(&data, 0, sizeof(data));
1018 key.data = &shortkeyid;
1019 key.size = sizeof(shortkeyid);
1020 data.data = fingerprint.fp;
1021 data.size = fingerprint.length;
1023 ret = cursor->c_get(cursor,
1029 ret = cursor->c_del(cursor, 0);
1032 if (ret != 0 && ret != DB_NOTFOUND) {
1033 logthing(LOGTHING_ERROR,
1034 "Problem deleting short keyid: %s "
1035 "(0x%016" PRIX64 ")",
1038 if (ret == DB_LOCK_DEADLOCK) {
1043 /* Remove 64 bit keyid -> fingerprint mapping */
1044 memset(&key, 0, sizeof(key));
1045 memset(&data, 0, sizeof(data));
1046 key.data = &subkeyid;
1047 key.size = sizeof(subkeyid);
1048 data.data = fingerprint.fp;
1049 data.size = fingerprint.length;
1051 ret = cursor64->c_get(cursor64,
1057 ret = cursor64->c_del(cursor64, 0);
1060 if (ret != 0 && ret != DB_NOTFOUND) {
1061 logthing(LOGTHING_ERROR,
1062 "Problem deleting keyid: %s "
1063 "(0x%016" PRIX64 ")",
1066 if (ret == DB_LOCK_DEADLOCK) {
1072 if (subkeyids != NULL) {
1076 cursor64->c_close(cursor64);
1078 cursor->c_close(cursor);
1083 ret = privctx->skshashdb->cursor(privctx->skshashdb,
1088 get_skshash(publickey, &hash);
1090 /* First delete old style keyid mapping */
1091 memset(&key, 0, sizeof(key));
1092 memset(&data, 0, sizeof(data));
1093 key.data = hash.hash;
1094 key.size = sizeof(hash.hash);
1096 data.size = sizeof(keyid);
1098 ret = cursor->c_get(cursor,
1104 cursor->c_del(cursor, 0);
1107 /* Then delete new style fingerprint mapping */
1108 memset(&key, 0, sizeof(key));
1109 memset(&data, 0, sizeof(data));
1110 key.data = hash.hash;
1111 key.size = sizeof(hash.hash);
1112 data.data = fingerprint.fp;
1113 data.size = fingerprint.length;
1115 ret = cursor->c_get(cursor,
1121 ret = cursor->c_del(cursor, 0);
1124 if (ret != 0 && ret != DB_NOTFOUND) {
1125 logthing(LOGTHING_ERROR,
1126 "Problem deleting skshash: %s "
1127 "(0x%016" PRIX64 ")",
1130 if (ret == DB_LOCK_DEADLOCK) {
1135 cursor->c_close(cursor);
1139 free_publickey(publickey);
1143 key.data = fingerprint.fp;
1144 key.size = fingerprint.length;
1146 keydb_fp(privctx, &fingerprint)->del(keydb_fp(privctx,
1152 /* Delete old style 64 bit keyid */
1154 key.size = sizeof(keyid);
1156 keydb_id(privctx, keyid)->del(keydb_id(privctx, keyid),
1163 db4_endtrans(dbctx);
1166 return deadlock ? (-1) : (ret == DB_NOTFOUND);
1170 * store_key - Takes a key and stores it.
1171 * @publickey: A pointer to the public key to store.
1172 * @intrans: If we're already in a transaction.
1173 * @update: If true the key exists and should be updated.
1175 * Again we just use the hex representation of the keyid as the filename
1176 * to store the key to. We flatten the public key to a list of OpenPGP
1177 * packets and then use write_openpgp_stream() to write the stream out to
1178 * the file. If update is true then we delete the old key first, otherwise
1179 * we trust that it doesn't exist.
1181 static int db4_store_key(struct onak_dbctx *dbctx,
1182 struct openpgp_publickey *publickey, bool intrans,
1185 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1186 struct openpgp_packet_list *packets = NULL;
1187 struct openpgp_packet_list *list_end = NULL;
1188 struct openpgp_publickey *next = NULL;
1191 struct buffer_ctx storebuf;
1195 uint32_t shortkeyid = 0;
1196 struct openpgp_fingerprint *subkeyids = NULL;
1198 char *primary = NULL;
1199 struct ll *wordlist = NULL;
1200 struct ll *curword = NULL;
1201 bool deadlock = false;
1202 struct skshash hash;
1203 struct openpgp_fingerprint fingerprint;
1205 if (get_keyid(publickey, &keyid) != ONAK_E_OK) {
1206 logthing(LOGTHING_ERROR, "Couldn't find key ID for key.");
1210 if (get_fingerprint(publickey->publickey, &fingerprint) != ONAK_E_OK) {
1211 logthing(LOGTHING_ERROR, "Couldn't find fingerprint for key.");
1216 db4_starttrans(dbctx);
1220 * Delete the key if we already have it.
1222 * TODO: Can we optimize this perhaps? Possibly when other data is
1223 * involved as well? I suspect this is easiest and doesn't make a lot
1224 * of difference though - the largest chunk of data is the keydata and
1225 * it definitely needs updated.
1228 deadlock = (db4_delete_key(dbctx, keyid, true) == -1);
1232 * Convert the key to a flat set of binary data.
1235 next = publickey->next;
1236 publickey->next = NULL;
1237 flatten_publickey(publickey, &packets, &list_end);
1238 publickey->next = next;
1240 storebuf.offset = 0;
1241 storebuf.size = 8192;
1242 storebuf.buffer = malloc(8192);
1244 write_openpgp_stream(buffer_putchar, &storebuf, packets);
1247 * Now we have the key data store it in the DB; the keyid is
1250 memset(&key, 0, sizeof(key));
1251 memset(&data, 0, sizeof(data));
1252 key.data = fingerprint.fp;
1253 key.size = fingerprint.length;
1254 data.size = storebuf.offset;
1255 data.data = storebuf.buffer;
1257 ret = keydb_fp(privctx, &fingerprint)->put(
1258 keydb_fp(privctx, &fingerprint),
1264 logthing(LOGTHING_ERROR,
1265 "Problem storing key: %s",
1267 if (ret == DB_LOCK_DEADLOCK) {
1272 free(storebuf.buffer);
1273 storebuf.buffer = NULL;
1275 storebuf.offset = 0;
1277 free_packet_list(packets);
1282 * Walk through our uids storing the words into the db with the keyid.
1285 uids = keyuids(publickey, &primary);
1288 for (i = 0; ret == 0 && uids[i] != NULL; i++) {
1289 wordlist = makewordlist(wordlist, uids[i]);
1292 for (curword = wordlist; curword != NULL && !deadlock;
1293 curword = curword->next) {
1294 memset(&key, 0, sizeof(key));
1295 memset(&data, 0, sizeof(data));
1296 key.data = curword->object;
1297 key.size = strlen(key.data);
1298 data.data = fingerprint.fp;
1299 data.size = fingerprint.length;
1301 ret = privctx->worddb->put(privctx->worddb,
1307 logthing(LOGTHING_ERROR,
1308 "Problem storing word: %s",
1310 if (ret == DB_LOCK_DEADLOCK) {
1317 * Free our UID and word lists.
1319 llfree(wordlist, NULL);
1320 for (i = 0; uids[i] != NULL; i++) {
1329 * Write the truncated 32 bit keyid so we can lookup the fingerprint
1333 shortkeyid = keyid & 0xFFFFFFFF;
1335 memset(&key, 0, sizeof(key));
1336 memset(&data, 0, sizeof(data));
1337 key.data = &shortkeyid;
1338 key.size = sizeof(shortkeyid);
1339 data.data = fingerprint.fp;
1340 data.size = fingerprint.length;
1342 ret = privctx->id32db->put(privctx->id32db,
1348 logthing(LOGTHING_ERROR,
1349 "Problem storing short keyid: %s",
1351 if (ret == DB_LOCK_DEADLOCK) {
1358 * Write the 64 bit keyid so we can lookup the fingerprint for
1362 memset(&key, 0, sizeof(key));
1363 memset(&data, 0, sizeof(data));
1365 key.size = sizeof(keyid);
1366 data.data = fingerprint.fp;
1367 data.size = fingerprint.length;
1369 ret = privctx->id64db->put(privctx->id64db,
1375 logthing(LOGTHING_ERROR,
1376 "Problem storing keyid: %s",
1378 if (ret == DB_LOCK_DEADLOCK) {
1385 subkeyids = keysubkeys(publickey);
1387 while (subkeyids != NULL && subkeyids[i].length != 0) {
1388 /* Store the subkey ID -> main key fp mapping */
1389 memset(&key, 0, sizeof(key));
1390 memset(&data, 0, sizeof(data));
1391 key.data = subkeyids[i].fp;
1392 key.size = subkeyids[i].length;
1393 data.data = fingerprint.fp;
1394 data.size = fingerprint.length;
1396 ret = privctx->subkeydb->put(privctx->subkeydb,
1402 logthing(LOGTHING_ERROR,
1403 "Problem storing subkey keyid: %s",
1405 if (ret == DB_LOCK_DEADLOCK) {
1410 /* Store the 64 bit subkey ID -> main key fp mapping */
1411 memset(&key, 0, sizeof(key));
1412 memset(&data, 0, sizeof(data));
1414 keyid = fingerprint2keyid(&subkeyids[i]);
1416 key.size = sizeof(keyid);
1417 data.data = fingerprint.fp;
1418 data.size = fingerprint.length;
1420 ret = privctx->id64db->put(privctx->id64db,
1426 logthing(LOGTHING_ERROR,
1427 "Problem storing keyid: %s",
1429 if (ret == DB_LOCK_DEADLOCK) {
1434 /* Store the short subkey ID -> main key fp mapping */
1435 shortkeyid = keyid & 0xFFFFFFFF;
1437 memset(&key, 0, sizeof(key));
1438 memset(&data, 0, sizeof(data));
1439 key.data = &shortkeyid;
1440 key.size = sizeof(shortkeyid);
1441 data.data = fingerprint.fp;
1442 data.size = fingerprint.length;
1444 ret = privctx->id32db->put(privctx->id32db,
1450 logthing(LOGTHING_ERROR,
1451 "Problem storing short keyid: %s",
1453 if (ret == DB_LOCK_DEADLOCK) {
1459 if (subkeyids != NULL) {
1466 get_skshash(publickey, &hash);
1467 memset(&key, 0, sizeof(key));
1468 memset(&data, 0, sizeof(data));
1469 key.data = hash.hash;
1470 key.size = sizeof(hash.hash);
1471 data.data = fingerprint.fp;
1472 data.size = fingerprint.length;
1474 ret = privctx->skshashdb->put(privctx->skshashdb,
1480 logthing(LOGTHING_ERROR,
1481 "Problem storing SKS hash: %s",
1483 if (ret == DB_LOCK_DEADLOCK) {
1490 db4_endtrans(dbctx);
1493 return deadlock ? -1 : 0 ;
1497 * iterate_keys - call a function once for each key in the db.
1498 * @iterfunc: The function to call.
1499 * @ctx: A context pointer
1501 * Calls iterfunc once for each key in the database. ctx is passed
1502 * unaltered to iterfunc. This function is intended to aid database dumps
1503 * and statistic calculations.
1505 * Returns the number of keys we iterated over.
1507 static int db4_iterate_keys(struct onak_dbctx *dbctx,
1508 void (*iterfunc)(void *ctx, struct openpgp_publickey *key),
1511 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1517 struct buffer_ctx fetchbuf;
1518 struct openpgp_packet_list *packets = NULL;
1519 struct openpgp_publickey *key = NULL;
1521 for (i = 0; i < privctx->numdbs; i++) {
1522 ret = privctx->dbconns[i]->cursor(privctx->dbconns[i],
1531 memset(&dbkey, 0, sizeof(dbkey));
1532 memset(&data, 0, sizeof(data));
1533 ret = cursor->c_get(cursor, &dbkey, &data, DB_NEXT);
1535 fetchbuf.buffer = data.data;
1536 fetchbuf.offset = 0;
1537 fetchbuf.size = data.size;
1538 read_openpgp_stream(buffer_fetchchar, &fetchbuf,
1540 parse_keys(packets, &key);
1544 free_publickey(key);
1546 free_packet_list(packets);
1549 memset(&dbkey, 0, sizeof(dbkey));
1550 memset(&data, 0, sizeof(data));
1551 ret = cursor->c_get(cursor, &dbkey, &data,
1555 if (ret != DB_NOTFOUND) {
1556 logthing(LOGTHING_ERROR,
1557 "Problem reading key: %s",
1561 cursor->c_close(cursor);
1569 * Include the basic keydb routines.
1571 #define NEED_GETKEYSIGS 1
1572 #define NEED_KEYID2UID 1
1573 #define NEED_UPDATEKEYS 1
1577 * cleanupdb - De-initialize the key database.
1579 * This function should be called upon program exit to allow the DB to
1580 * cleanup after itself.
1582 static void db4_cleanupdb(struct onak_dbctx *dbctx)
1584 struct onak_db4_dbctx *privctx = (struct onak_db4_dbctx *) dbctx->priv;
1587 if (privctx->dbenv != NULL) {
1588 privctx->dbenv->txn_checkpoint(privctx->dbenv, 0, 0, 0);
1589 if (privctx->subkeydb != NULL) {
1590 privctx->subkeydb->close(privctx->subkeydb, 0);
1591 privctx->subkeydb = NULL;
1593 if (privctx->skshashdb != NULL) {
1594 privctx->skshashdb->close(privctx->skshashdb, 0);
1595 privctx->skshashdb = NULL;
1597 if (privctx->id64db != NULL) {
1598 privctx->id64db->close(privctx->id64db, 0);
1599 privctx->id64db = NULL;
1601 if (privctx->id32db != NULL) {
1602 privctx->id32db->close(privctx->id32db, 0);
1603 privctx->id32db = NULL;
1605 if (privctx->worddb != NULL) {
1606 privctx->worddb->close(privctx->worddb, 0);
1607 privctx->worddb = NULL;
1609 for (i = 0; i < privctx->numdbs; i++) {
1610 if (privctx->dbconns[i] != NULL) {
1611 privctx->dbconns[i]->close(privctx->dbconns[i],
1613 privctx->dbconns[i] = NULL;
1616 free(privctx->dbconns);
1617 privctx->dbconns = NULL;
1618 privctx->dbenv->close(privctx->dbenv, 0);
1619 privctx->dbenv = NULL;
1628 * initdb - Initialize the key database.
1630 * This function should be called before any of the other functions in
1631 * this file are called in order to allow the DB to be initialized ready
1634 struct onak_dbctx *keydb_db4_init(struct onak_db_config *dbcfg, bool readonly)
1641 struct stat statbuf;
1643 struct onak_dbctx *dbctx;
1644 struct onak_db4_dbctx *privctx;
1646 dbctx = malloc(sizeof(*dbctx));
1647 if (dbctx == NULL) {
1650 dbctx->config = dbcfg;
1651 dbctx->priv = privctx = calloc(1, sizeof(*privctx));
1652 if (privctx == NULL) {
1657 /* Default to 16 key data DBs */
1658 privctx->numdbs = 16;
1660 snprintf(buf, sizeof(buf) - 1, "%s/%s", dbcfg->location,
1662 ret = stat(buf, &statbuf);
1663 while ((ret == 0) || (errno != ENOENT)) {
1665 logthing(LOGTHING_CRITICAL, "Couldn't stat upgrade "
1666 "lock file: %s (%d)", strerror(errno), ret);
1669 logthing(LOGTHING_DEBUG, "DB4 upgrade in progress; waiting.");
1671 ret = stat(buf, &statbuf);
1675 snprintf(buf, sizeof(buf) - 1, "%s/num_keydb", dbcfg->location);
1676 numdb = fopen(buf, "r");
1677 if (numdb != NULL) {
1678 if (fgets(buf, sizeof(buf), numdb) != NULL) {
1679 privctx->numdbs = atoi(buf);
1682 } else if (!readonly) {
1683 logthing(LOGTHING_ERROR, "Couldn't open num_keydb: %s",
1685 numdb = fopen(buf, "w");
1686 if (numdb != NULL) {
1687 fprintf(numdb, "%d", privctx->numdbs);
1690 logthing(LOGTHING_ERROR,
1691 "Couldn't write num_keydb: %s",
1696 privctx->dbconns = calloc(privctx->numdbs, sizeof (DB *));
1697 if (privctx->dbconns == NULL) {
1698 logthing(LOGTHING_CRITICAL,
1699 "Couldn't allocate memory for dbconns");
1704 ret = db_env_create(&privctx->dbenv, 0);
1706 logthing(LOGTHING_CRITICAL,
1707 "db_env_create: %s", db_strerror(ret));
1712 * Up the number of locks we're allowed at once. We base this on
1713 * the maximum number of keys we're going to return.
1716 maxlocks = config.maxkeys * 16;
1717 if (maxlocks < 1000) {
1720 privctx->dbenv->set_lk_max_locks(privctx->dbenv, maxlocks);
1721 privctx->dbenv->set_lk_max_objects(privctx->dbenv, maxlocks);
1725 * Enable deadlock detection so that we don't block indefinitely on
1726 * anything. What we really want is simple 2 state locks, but I'm not
1727 * sure how to make the standard DB functions do that yet.
1730 privctx->dbenv->set_errcall(privctx->dbenv, &db4_errfunc);
1731 ret = privctx->dbenv->set_lk_detect(privctx->dbenv, DB_LOCK_DEFAULT);
1733 logthing(LOGTHING_CRITICAL,
1734 "db_env_create: %s", db_strerror(ret));
1739 ret = privctx->dbenv->open(privctx->dbenv, dbcfg->location,
1740 DB_INIT_LOG | DB_INIT_MPOOL | DB_INIT_LOCK |
1744 #ifdef DB_VERSION_MISMATCH
1745 if (ret == DB_VERSION_MISMATCH) {
1746 privctx->dbenv->close(privctx->dbenv, 0);
1747 privctx->dbenv = NULL;
1748 ret = db4_upgradedb(dbctx);
1750 ret = db_env_create(&privctx->dbenv, 0);
1753 privctx->dbenv->set_errcall(privctx->dbenv,
1755 privctx->dbenv->set_lk_detect(privctx->dbenv,
1757 ret = privctx->dbenv->open(privctx->dbenv,
1759 DB_INIT_LOG | DB_INIT_MPOOL |
1760 DB_INIT_LOCK | DB_INIT_TXN |
1761 DB_CREATE | DB_RECOVER,
1765 privctx->dbenv->txn_checkpoint(
1775 logthing(LOGTHING_CRITICAL,
1776 "Error opening db environment: %s (%s)",
1779 if (privctx->dbenv != NULL) {
1780 privctx->dbenv->close(privctx->dbenv, 0);
1781 privctx->dbenv = NULL;
1787 db4_starttrans(dbctx);
1789 for (i = 0; !ret && i < privctx->numdbs; i++) {
1790 ret = db_create(&privctx->dbconns[i],
1793 logthing(LOGTHING_CRITICAL,
1794 "db_create: %s", db_strerror(ret));
1798 snprintf(buf, 1023, "keydb.%d.db", i);
1803 ret = privctx->dbconns[i]->open(
1804 privctx->dbconns[i],
1812 logthing(LOGTHING_CRITICAL,
1813 "Error opening key database:"
1823 ret = db_create(&privctx->worddb, privctx->dbenv, 0);
1825 logthing(LOGTHING_CRITICAL, "db_create: %s",
1831 ret = privctx->worddb->set_flags(privctx->worddb, DB_DUP);
1835 ret = privctx->worddb->open(privctx->worddb, privctx->txn,
1836 "worddb", "worddb", DB_BTREE,
1840 logthing(LOGTHING_CRITICAL,
1841 "Error opening word database: %s (%s)",
1848 ret = db_create(&privctx->id32db, privctx->dbenv, 0);
1850 logthing(LOGTHING_CRITICAL, "db_create: %s",
1856 ret = privctx->id32db->set_flags(privctx->id32db, DB_DUP);
1860 ret = privctx->id32db->open(privctx->id32db, privctx->txn,
1861 "id32db", "id32db", DB_HASH,
1865 logthing(LOGTHING_CRITICAL,
1866 "Error opening id32 database: %s (%s)",
1873 ret = db_create(&privctx->id64db, privctx->dbenv, 0);
1875 logthing(LOGTHING_CRITICAL, "db_create: %s",
1881 ret = privctx->id64db->set_flags(privctx->id64db, DB_DUP);
1885 ret = privctx->id64db->open(privctx->id64db, privctx->txn,
1886 "id64db", "id64db", DB_HASH,
1890 logthing(LOGTHING_CRITICAL,
1891 "Error opening id64 database: %s (%s)",
1898 ret = db_create(&privctx->skshashdb, privctx->dbenv, 0);
1900 logthing(LOGTHING_CRITICAL, "db_create: %s",
1906 ret = privctx->skshashdb->open(privctx->skshashdb, privctx->txn,
1908 "skshashdb", DB_HASH,
1912 logthing(LOGTHING_CRITICAL,
1913 "Error opening skshash database: %s (%s)",
1920 ret = db_create(&privctx->subkeydb, privctx->dbenv, 0);
1922 logthing(LOGTHING_CRITICAL, "db_create: %s",
1928 ret = privctx->subkeydb->open(privctx->subkeydb, privctx->txn,
1929 "subkeydb", "subkeydb",
1934 logthing(LOGTHING_CRITICAL,
1935 "Error opening subkey database: %s (%s)",
1941 if (privctx->txn != NULL) {
1942 db4_endtrans(dbctx);
1946 db4_cleanupdb(dbctx);
1947 logthing(LOGTHING_CRITICAL,
1948 "Error opening database; exiting");
1952 dbctx->cleanupdb = db4_cleanupdb;
1953 dbctx->starttrans = db4_starttrans;
1954 dbctx->endtrans = db4_endtrans;
1955 dbctx->fetch_key_id = db4_fetch_key_id;
1956 dbctx->fetch_key_fp = db4_fetch_key_fp;
1957 dbctx->fetch_key_text = db4_fetch_key_text;
1958 dbctx->fetch_key_skshash = db4_fetch_key_skshash;
1959 dbctx->store_key = db4_store_key;
1960 dbctx->update_keys = generic_update_keys;
1961 dbctx->delete_key = db4_delete_key;
1962 dbctx->getkeysigs = generic_getkeysigs;
1963 dbctx->cached_getkeysigs = generic_cached_getkeysigs;
1964 dbctx->keyid2uid = generic_keyid2uid;
1965 dbctx->getfullkeyid = db4_getfullkeyid;
1966 dbctx->iterate_keys = db4_iterate_keys;