X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=keydb_hkp.c;h=b4540e15ab915d5cf01542a72cb87964106c4040;hp=f1dfe4477786b83b087359533d5e95457b6b5532;hb=adc800dbc424a1e246dd4a82a0c2e88eeda25531;hpb=54288021d24e0b40119d2ffae5a24ecd720d3aca

diff --git a/keydb_hkp.c b/keydb_hkp.c
index f1dfe44..b4540e1 100644
--- a/keydb_hkp.c
+++ b/keydb_hkp.c
@@ -13,14 +13,14 @@
  * more details.
  *
  * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
+#include <inttypes.h>
+#include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <unistd.h>
 #include <curl/curl.h>
 
 #include "armor.h"
@@ -31,32 +31,65 @@
 #include "mem.h"
 #include "onak-conf.h"
 #include "parsekey.h"
+#include "version.h"
 
-static CURL *curl = NULL;
+struct onak_hkp_dbctx {
+	struct onak_db_config *config; /* Our DB config info */
+	CURL *curl;
+	char hkpbase[512];
+};
 
-/**
- *	initdb - Initialize the key database.
- *
- *	We initialize CURL here.
- */
-static void hkp_initdb(bool readonly)
+static int hkp_parse_url(struct onak_hkp_dbctx *privctx, const char *url)
 {
-	curl_global_init(CURL_GLOBAL_DEFAULT);
-	curl = curl_easy_init();
-}
+	char proto[6], host[256];
+	unsigned int port;
+	int matched;
+	int ret = 1;
+
+	proto[0] = host[0] = 0;
+	port = 0;
+
+	matched = sscanf(url, "%5[a-z]://%256[a-zA-Z0-9.-]:%u", proto, host,
+			&port);
+	if (matched < 2) {
+		proto[0] = 0;
+		sscanf(url, "%256[a-zA-Z0-9.-]:%u", host, &port);
+	}
 
-/**
- *	cleanupdb - De-initialize the key database.
- *
- *	We cleanup CURL here.
- */
-static void hkp_cleanupdb(void)
-{
-	if (curl) {
-		curl_easy_cleanup(curl);
-		curl = NULL;
+	if (host[0] == 0) {
+		logthing(LOGTHING_CRITICAL, "Couldn't parse HKP host: %s",
+			url);
+		ret = 0;
+		goto out;
 	}
-	curl_global_cleanup();
+
+	if (proto[0] == 0 || !strcmp(proto, "hkp")) {
+		if (port == 0) {
+			port = 11371;
+		}
+		snprintf(privctx->hkpbase, sizeof(privctx->hkpbase),
+			"http://%s:%u/pks", host, port);
+	} else if (!strcmp(proto, "hkps")) {
+		if (port == 0) {
+			port = 11372;
+		}
+		snprintf(privctx->hkpbase, sizeof(privctx->hkpbase),
+			"https://%s:%u/pks", host, port);
+	} else if (strcmp(proto, "http") && strcmp(proto, "https")) {
+		logthing(LOGTHING_CRITICAL, "Unknown HKP protocol: %s",
+			proto);
+		ret = 0;
+		goto out;
+	} else if (port == 0) {
+		snprintf(privctx->hkpbase, sizeof(privctx->hkpbase),
+			"%s://%s/pks", proto, host);
+	} else {
+		snprintf(privctx->hkpbase, sizeof(privctx->hkpbase),
+			"%s://%s:%u/pks", proto, host, port);
+	}
+
+out:
+	return ret;
 }
 
 /**
@@ -70,44 +103,31 @@ static size_t hkp_curl_recv_data(void *buffer, size_t size, size_t nmemb,
 	return (nmemb * size);
 }
 
-/**
- *	fetch_key - Given a keyid fetch the key from storage.
- *	@keyid: The keyid to fetch.
- *	@publickey: A pointer to a structure to return the key in.
- *	@intrans: If we're already in a transaction.
- *
- *	We use the hex representation of the keyid as the filename to fetch the
- *	key from. The key is stored in the file as a binary OpenPGP stream of
- *	packets, so we can just use read_openpgp_stream() to read the packets
- *	in and then parse_keys() to parse the packets into a publickey
- *	structure.
- */
-static int hkp_fetch_key(uint64_t keyid, struct openpgp_publickey **publickey,
+static int hkp_fetch_key_url(struct onak_dbctx *dbctx,
+		char *url,
+		struct openpgp_publickey **publickey,
 		bool intrans)
 {
+	struct onak_hkp_dbctx *privctx = (struct onak_hkp_dbctx *) dbctx->priv;
 	struct openpgp_packet_list *packets = NULL;
-	char keyurl[1024];
 	CURLcode res;
 	struct buffer_ctx buf;
+	int count = 0;
 
 	buf.offset = 0;
 	buf.size = 8192;
 	buf.buffer = malloc(8192);
 
-	snprintf(keyurl, sizeof(keyurl),
-			"http://%s:11371/pks/lookup?op=get&search=0x%08" PRIX64,
-			config.db_dir, keyid);
-
-	curl_easy_setopt(curl, CURLOPT_URL, keyurl);
-	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
+	curl_easy_setopt(privctx->curl, CURLOPT_URL, url);
+	curl_easy_setopt(privctx->curl, CURLOPT_WRITEFUNCTION,
 			hkp_curl_recv_data);
-	curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buf);
-	res = curl_easy_perform(curl);
+	curl_easy_setopt(privctx->curl, CURLOPT_WRITEDATA, &buf);
+	res = curl_easy_perform(privctx->curl);
 
 	if (res == 0) {
 		buf.offset = 0;
 		dearmor_openpgp_stream(buffer_fetchchar, &buf, &packets);
-		parse_keys(packets, publickey);
+		count = parse_keys(packets, publickey);
 		free_packet_list(packets);
 		packets = NULL;
 	} else {
@@ -119,7 +139,55 @@ static int hkp_fetch_key(uint64_t keyid, struct openpgp_publickey **publickey,
 	buf.offset = buf.size = 0;
 	buf.buffer = NULL;
 
-	return (res == 0) ? 1 : 0;
+	return count;
+}
+
+/**
+ *	hkp_fetch_key_id - Given a keyid fetch the key from HKP server.
+ */
+static int hkp_fetch_key_id(struct onak_dbctx *dbctx,
+		uint64_t keyid,
+		struct openpgp_publickey **publickey,
+		bool intrans)
+{
+	struct onak_hkp_dbctx *privctx = (struct onak_hkp_dbctx *) dbctx->priv;
+	char keyurl[1024];
+
+	snprintf(keyurl, sizeof(keyurl),
+			"%s/lookup?op=get&search=0x%08" PRIX64,
+			privctx->hkpbase, keyid);
+
+	return (hkp_fetch_key_url(dbctx, keyurl, publickey, intrans));
+}
+
+/**
+ *	hkp_fetch_key_fp - Given a fingerprint fetch the key from HKP server.
+ */
+static int hkp_fetch_key_fp(struct onak_dbctx *dbctx,
+		struct openpgp_fingerprint *fingerprint,
+		struct openpgp_publickey **publickey,
+		bool intrans)
+{
+	struct onak_hkp_dbctx *privctx = (struct onak_hkp_dbctx *) dbctx->priv;
+	char keyurl[1024];
+	int i, ofs;
+
+	if (fingerprint->length > MAX_FINGERPRINT_LEN) {
+		return 0;
+	}
+
+	ofs = snprintf(keyurl, sizeof(keyurl),
+			"%s/lookup?op=get&search=0x", privctx->hkpbase);
+
+	if ((ofs + fingerprint->length * 2 + 1)> sizeof(keyurl)) {
+		return 0;
+	}
+
+	for (i = 0; i < fingerprint->length; i++) {
+		ofs += sprintf(&keyurl[ofs], "%02X", fingerprint->fp[i]);
+	}
+
+	return (hkp_fetch_key_url(dbctx, keyurl, publickey, intrans));
 }
 
 /**
@@ -132,45 +200,18 @@ static int hkp_fetch_key(uint64_t keyid, struct openpgp_publickey **publickey,
  *
  *	TODO: Write for flat file access. Some sort of grep?
  */
-static int hkp_fetch_key_text(const char *search,
+static int hkp_fetch_key_text(struct onak_dbctx *dbctx,
+		const char *search,
 		struct openpgp_publickey **publickey)
 {
-	struct openpgp_packet_list *packets = NULL;
+	struct onak_hkp_dbctx *privctx = (struct onak_hkp_dbctx *) dbctx->priv;
 	char keyurl[1024];
-	CURLcode res;
-	struct buffer_ctx buf;
-	int count = 0;
-
-	buf.offset = 0;
-	buf.size = 8192;
-	buf.buffer = malloc(8192);
 
 	snprintf(keyurl, sizeof(keyurl),
-			"http://%s:11371/pks/lookup?op=get&search=%s",
-			config.db_dir, search);
-
-	curl_easy_setopt(curl, CURLOPT_URL, keyurl);
-	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
-			hkp_curl_recv_data);
-	curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buf);
-	res = curl_easy_perform(curl);
-
-	if (res == 0) {
-		buf.offset = 0;
-		dearmor_openpgp_stream(buffer_fetchchar, &buf, &packets);
-		count = parse_keys(packets, publickey);
-		free_packet_list(packets);
-		packets = NULL;
-	} else {
-		logthing(LOGTHING_ERROR, "Couldn't find key: %s (%d)",
-			curl_easy_strerror(res), res);
-	}
+			"%s/lookup?op=get&search=%s",
+			privctx->hkpbase, search);
 
-	free(buf.buffer);
-	buf.offset = buf.size = 0;
-	buf.buffer = NULL;
-
-	return count;
+	return (hkp_fetch_key_url(dbctx, keyurl, publickey, false));
 }
 
 /**
@@ -180,9 +221,11 @@ static int hkp_fetch_key_text(const char *search,
  *	@update: If true the key exists and should be updated.
  *
  */
-static int hkp_store_key(struct openpgp_publickey *publickey, bool intrans,
+static int hkp_store_key(struct onak_dbctx *dbctx,
+		struct openpgp_publickey *publickey, bool intrans,
 		bool update)
 {
+	struct onak_hkp_dbctx *privctx = (struct onak_hkp_dbctx *) dbctx->priv;
 	struct openpgp_packet_list *packets = NULL;
 	struct openpgp_packet_list *list_end = NULL;
 	char keyurl[1024];
@@ -197,20 +240,18 @@ static int hkp_store_key(struct openpgp_publickey *publickey, bool intrans,
 
 	flatten_publickey(publickey, &packets, &list_end);
 	armor_openpgp_stream(buffer_putchar, &buf, packets);
-	addform = curl_easy_escape(curl, buf.buffer, buf.offset);
+	addform = curl_easy_escape(privctx->curl, buf.buffer, buf.offset);
 	addform[7] = '=';
 
-	snprintf(keyurl, sizeof(keyurl),
-			"http://%s:11371/pks/add",
-			config.db_dir);
+	snprintf(keyurl, sizeof(keyurl), "%s/add", privctx->hkpbase);
 
-	curl_easy_setopt(curl, CURLOPT_URL, keyurl);
-	curl_easy_setopt(curl, CURLOPT_POSTFIELDS, addform);
-	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
+	curl_easy_setopt(privctx->curl, CURLOPT_URL, keyurl);
+	curl_easy_setopt(privctx->curl, CURLOPT_POSTFIELDS, addform);
+	curl_easy_setopt(privctx->curl, CURLOPT_WRITEFUNCTION,
 			hkp_curl_recv_data);
 	buf.offset = 0;
-	curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buf);
-	res = curl_easy_perform(curl);
+	curl_easy_setopt(privctx->curl, CURLOPT_WRITEDATA, &buf);
+	res = curl_easy_perform(privctx->curl);
 
 	if (res != 0) {
 		logthing(LOGTHING_ERROR, "Couldn't send key: %s (%d)",
@@ -234,7 +275,8 @@ static int hkp_store_key(struct openpgp_publickey *publickey, bool intrans,
  *
  *	No op for HKP.
  */
-static int hkp_delete_key(uint64_t keyid, bool intrans)
+static int hkp_delete_key(struct onak_dbctx *dbctx,
+		uint64_t keyid, bool intrans)
 {
 	return -1;
 }
@@ -246,8 +288,9 @@ static int hkp_delete_key(uint64_t keyid, bool intrans)
  *
  *	Not applicable for HKP backend.
  */
-static int hkp_iterate_keys(void (*iterfunc)(void *ctx,
-		struct openpgp_publickey *key),	void *ctx)
+static int hkp_iterate_keys(struct onak_dbctx *dbctx,
+		void (*iterfunc)(void *ctx, struct openpgp_publickey *key),
+		void *ctx)
 {
 	return 0;
 }
@@ -257,7 +300,7 @@ static int hkp_iterate_keys(void (*iterfunc)(void *ctx,
  *
  *	This is just a no-op for HKP access.
  */
-static bool hkp_starttrans(void)
+static bool hkp_starttrans(struct onak_dbctx *dbctx)
 {
 	return true;
 }
@@ -267,7 +310,7 @@ static bool hkp_starttrans(void)
  *
  *	This is just a no-op for HKP access.
  */
-static void hkp_endtrans(void)
+static void hkp_endtrans(struct onak_dbctx *dbctx)
 {
 	return;
 }
@@ -281,19 +324,84 @@ static void hkp_endtrans(void)
 #define NEED_UPDATEKEYS 1
 #include "keydb.c"
 
-struct dbfuncs keydb_hkp_funcs = {
-	.initdb			= hkp_initdb,
-	.cleanupdb		= hkp_cleanupdb,
-	.starttrans		= hkp_starttrans,
-	.endtrans		= hkp_endtrans,
-	.fetch_key		= hkp_fetch_key,
-	.fetch_key_text		= hkp_fetch_key_text,
-	.store_key		= hkp_store_key,
-	.update_keys		= generic_update_keys,
-	.delete_key		= hkp_delete_key,
-	.getkeysigs		= generic_getkeysigs,
-	.cached_getkeysigs	= generic_cached_getkeysigs,
-	.keyid2uid		= generic_keyid2uid,
-	.getfullkeyid		= generic_getfullkeyid,
-	.iterate_keys		= hkp_iterate_keys,
-};
+/**
+ *	cleanupdb - De-initialize the key database.
+ *
+ *	We cleanup CURL here.
+ */
+static void hkp_cleanupdb(struct onak_dbctx *dbctx)
+{
+	struct onak_hkp_dbctx *privctx = (struct onak_hkp_dbctx *) dbctx->priv;
+
+	if (privctx->curl) {
+		curl_easy_cleanup(privctx->curl);
+		privctx->curl = NULL;
+	}
+	curl_global_cleanup();
+	free(privctx);
+	free(dbctx);
+}
+
+/**
+ *	initdb - Initialize the key database.
+ *
+ *	We initialize CURL here.
+ */
+struct onak_dbctx *keydb_hkp_init(struct onak_db_config *dbcfg, bool readonly)
+{
+	struct onak_dbctx *dbctx;
+	struct onak_hkp_dbctx *privctx;
+	curl_version_info_data *curl_info;
+
+	dbctx = malloc(sizeof(struct onak_dbctx));
+	if (dbctx == NULL) {
+		return NULL;
+	}
+
+	dbctx->config = dbcfg;
+	dbctx->priv = privctx = malloc(sizeof(*privctx));
+	dbctx->cleanupdb		= hkp_cleanupdb;
+	dbctx->starttrans		= hkp_starttrans;
+	dbctx->endtrans			= hkp_endtrans;
+	dbctx->fetch_key_id		= hkp_fetch_key_id;
+	dbctx->fetch_key_fp		= hkp_fetch_key_fp;
+	dbctx->fetch_key_text		= hkp_fetch_key_text;
+	dbctx->store_key		= hkp_store_key;
+	dbctx->update_keys		= generic_update_keys;
+	dbctx->delete_key		= hkp_delete_key;
+	dbctx->getkeysigs		= generic_getkeysigs;
+	dbctx->cached_getkeysigs	= generic_cached_getkeysigs;
+	dbctx->keyid2uid		= generic_keyid2uid;
+	dbctx->getfullkeyid		= generic_getfullkeyid;
+	dbctx->iterate_keys		= hkp_iterate_keys;
+
+	if (!hkp_parse_url(privctx, dbcfg->location)) {
+		exit(EXIT_FAILURE);
+	}
+	logthing(LOGTHING_INFO, "Using %s as HKP forwarding URL.",
+		privctx->hkpbase);
+	curl_global_init(CURL_GLOBAL_DEFAULT);
+	privctx->curl = curl_easy_init();
+	if (privctx->curl == NULL) {
+		logthing(LOGTHING_CRITICAL, "Could not initialize CURL.");
+		hkp_cleanupdb(dbctx);
+		dbctx = NULL;
+		exit(EXIT_FAILURE);
+	}
+	curl_easy_setopt(privctx->curl, CURLOPT_USERAGENT,
+		"onak/" ONAK_VERSION);
+
+	if (strncmp(privctx->hkpbase, "https://", 8) == 0) {
+		curl_info = curl_version_info(CURLVERSION_NOW);
+		if (! (curl_info->features & CURL_VERSION_SSL)) {
+			logthing(LOGTHING_CRITICAL,
+				"CURL lacks SSL support; cannot use HKP url: %s",
+				privctx->hkpbase);
+			hkp_cleanupdb(dbctx);
+			dbctx = NULL;
+			exit(EXIT_FAILURE);
+		}
+	}
+
+	return dbctx;
+}