struct openpgp_packet_list *packets = NULL;
struct openpgp_packet_list *list_end = NULL;
struct buffer_ctx storebuf;
+ struct skshash hash;
/*
* Get the command from the client.
write(fd, stats,
sizeof(*stats));
break;
+ case KEYD_CMD_GETSKSHASH:
+ cmd = KEYD_REPLY_OK;
+ write(fd, &cmd, sizeof(cmd));
+ bytes = read(fd, hash.hash, sizeof(hash.hash));
+ if (bytes != sizeof(hash.hash)) {
+ ret = 1;
+ }
+ storebuf.offset = 0;
+ if (ret == 0) {
+ logthing(LOGTHING_INFO,
+ "Fetching by hash"
+ ", result: %d",
+ config.dbbackend->
+ fetch_key_skshash(&hash,
+ &key));
+ if (key != NULL) {
+ storebuf.size = 8192;
+ storebuf.buffer = malloc(8192);
+
+ flatten_publickey(key,
+ &packets,
+ &list_end);
+ write_openpgp_stream(buffer_putchar,
+ &storebuf,
+ packets);
+ logthing(LOGTHING_TRACE,
+ "Sending %d bytes.",
+ storebuf.offset);
+ write(fd, &storebuf.offset,
+ sizeof(storebuf.offset));
+ write(fd, storebuf.buffer,
+ storebuf.offset);
+
+ free(storebuf.buffer);
+ storebuf.buffer = NULL;
+ storebuf.size = storebuf.offset = 0;
+ free_packet_list(packets);
+ packets = list_end = NULL;
+ free_publickey(key);
+ key = NULL;
+ } else {
+ write(fd, &storebuf.offset,
+ sizeof(storebuf.offset));
+ }
+ }
+ break;
+
default:
logthing(LOGTHING_ERROR, "Got unknown command: %d",
cmd);
KEYD_CMD_CLOSE,
KEYD_CMD_QUIT,
KEYD_CMD_STATS,
+ KEYD_CMD_GETSKSHASH,
KEYD_CMD_LAST /* Placeholder */
};
KEYD_REPLY_UNKNOWN_CMD = 1
};
-static uint32_t keyd_version = 2;
+static uint32_t keyd_version = 3;
struct keyd_stats {
time_t started;
int (*fetch_key_text)(const char *search,
struct openpgp_publickey **publickey);
+/**
+ * fetch_key_skshash - Tries to find the keys from an SKS hash
+ * @hash: The hash to search for.
+ * @publickey: A pointer to a structure to return the key in.
+ *
+ * This function looks for the key that is referenced by the supplied
+ * SKS hash and returns it.
+ */
+ int (*fetch_key_skshash)(const struct skshash *hash,
+ struct openpgp_publickey **publickey);
+
/**
* update_keys - Takes a list of public keys and updates them in the DB.
* @keys: The keys to update in the DB.
*/
static DB *id32db = NULL;
+/**
+ * skshashdb - our connection to the SKS hash database.
+ */
+static DB *skshashdb = NULL;
+
/**
* txn - our current transaction id.
*/
if (dbenv != NULL) {
dbenv->txn_checkpoint(dbenv, 0, 0, 0);
+ if (skshashdb != NULL) {
+ skshashdb->close(skshashdb, 0);
+ skshashdb = NULL;
+ }
if (id32db != NULL) {
id32db->close(id32db, 0);
id32db = NULL;
db_strerror(ret));
}
+ ret = db_create(&curdb, NULL, 0);
+ if (ret == 0) {
+ snprintf(buf, sizeof(buf) - 1, "%s/skshashdb", config.db_dir);
+ logthing(LOGTHING_DEBUG, "Upgrading %s", buf);
+ ret = curdb->upgrade(curdb, buf, 0);
+ curdb->close(curdb, 0);
+ } else {
+ logthing(LOGTHING_ERROR, "Error upgrading DB %s : %s",
+ buf,
+ db_strerror(ret));
+ }
+
snprintf(buf, sizeof(buf) - 1, "%s/%s", config.db_dir,
DB4_UPGRADE_FILE);
unlink(buf);
}
}
+ if (ret == 0) {
+ ret = db_create(&skshashdb, dbenv, 0);
+ if (ret != 0) {
+ logthing(LOGTHING_CRITICAL, "db_create: %s",
+ db_strerror(ret));
+ }
+ }
+
+ if (ret == 0) {
+ ret = skshashdb->open(skshashdb, txn, "skshashdb",
+ "skshashdb", DB_HASH,
+ flags,
+ 0664);
+ if (ret != 0) {
+ logthing(LOGTHING_CRITICAL,
+ "Error opening skshash database: %s (%s)",
+ "skshashdb",
+ db_strerror(ret));
+ }
+ }
+
if (txn != NULL) {
db4_endtrans();
}
return (numkeys);
}
+static int db4_fetch_key_skshash(const struct skshash *hash,
+ struct openpgp_publickey **publickey)
+{
+ DBT key, data;
+ DBC *cursor = NULL;
+ uint64_t keyid = 0;
+ int ret = 0;
+
+ ret = skshashdb->cursor(skshashdb,
+ txn,
+ &cursor,
+ 0); /* flags */
+
+ memset(&key, 0, sizeof(key));
+ memset(&data, 0, sizeof(data));
+ key.data = (void *) hash->hash;
+ key.size = sizeof(hash->hash);
+ data.flags = DB_DBT_MALLOC;
+
+ ret = cursor->c_get(cursor,
+ &key,
+ &data,
+ DB_SET);
+
+ if (ret == 0) {
+ keyid = *(uint64_t *) data.data;
+
+ if (data.data != NULL) {
+ free(data.data);
+ data.data = NULL;
+ }
+ }
+
+ ret = cursor->c_close(cursor);
+ cursor = NULL;
+
+ return db4_fetch_key(keyid, publickey, false);
+}
+
/**
* delete_key - Given a keyid delete the key from storage.
* @keyid: The keyid to delete.
struct ll *wordlist = NULL;
struct ll *curword = NULL;
bool deadlock = false;
+ struct skshash hash;
if (!intrans) {
db4_starttrans();
free(subkeyids);
subkeyids = NULL;
}
+ ret = cursor->c_close(cursor);
+ cursor = NULL;
+
+ }
+
+ if (!deadlock) {
+ get_skshash(publickey, &hash);
+
+ memset(&key, 0, sizeof(key));
+ memset(&data, 0, sizeof(data));
+ key.data = hash.hash;
+ key.size = sizeof(hash.hash);
+ data.data = &keyid;
+ data.size = sizeof(keyid);
+
+ ret = cursor->c_get(cursor,
+ &key,
+ &data,
+ DB_GET_BOTH);
+
+ if (ret == 0) {
+ ret = cursor->c_del(cursor, 0);
+ }
+
+ if (ret != 0) {
+ logthing(LOGTHING_ERROR,
+ "Problem deleting skshash: %s",
+ db_strerror(ret));
+ if (ret == DB_LOCK_DEADLOCK) {
+ deadlock = true;
+ }
+ }
ret = cursor->c_close(cursor);
cursor = NULL;
struct ll *wordlist = NULL;
struct ll *curword = NULL;
bool deadlock = false;
+ struct skshash hash;
keyid = get_keyid(publickey);
}
}
+ if (!deadlock) {
+ get_skshash(publickey, &hash);
+ memset(&key, 0, sizeof(key));
+ memset(&data, 0, sizeof(data));
+ key.data = hash.hash;
+ key.size = sizeof(hash.hash);
+ data.data = &keyid;
+ data.size = sizeof(keyid);
+
+ ret = skshashdb->put(skshashdb,
+ txn,
+ &key,
+ &data,
+ 0);
+ if (ret != 0) {
+ logthing(LOGTHING_ERROR,
+ "Problem storing SKS hash: %s",
+ db_strerror(ret));
+ if (ret == DB_LOCK_DEADLOCK) {
+ deadlock = true;
+ }
+ }
+ }
+
if (!intrans) {
db4_endtrans();
}
.endtrans = db4_endtrans,
.fetch_key = db4_fetch_key,
.fetch_key_text = db4_fetch_key_text,
+ .fetch_key_skshash = db4_fetch_key_skshash,
.store_key = db4_store_key,
.update_keys = generic_update_keys,
.delete_key = db4_delete_key,
return -1;
}
+static int dynamic_fetch_key_skshash(const struct skshash *hash,
+ struct openpgp_publickey **publickey)
+{
+ if (loaded_backend == NULL) {
+ load_backend();
+ }
+
+ if (loaded_backend != NULL) {
+ if (loaded_backend->fetch_key_skshash != NULL) {
+ return loaded_backend->fetch_key_skshash(hash,
+ publickey);
+ }
+ }
+
+ return -1;
+}
+
static int dynamic_iterate_keys(void (*iterfunc)(void *ctx,
struct openpgp_publickey *key), void *ctx)
{
.endtrans = dynamic_endtrans,
.fetch_key = dynamic_fetch_key,
.fetch_key_text = dynamic_fetch_key_text,
+ .fetch_key_skshash = dynamic_fetch_key_skshash,
.store_key = dynamic_store_key,
.update_keys = dynamic_update_keys,
.delete_key = dynamic_delete_key,
keyid);
}
+static void skshashpath(char *buffer, size_t length,
+ const struct skshash *hash)
+{
+ snprintf(buffer, length, "%s/skshash/%02X/%02X/%02X%02X%02X%02X/"
+ "%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
+ config.db_dir,
+ hash->hash[0], hash->hash[1],
+ hash->hash[0], hash->hash[1], hash->hash[2], hash->hash[3],
+ hash->hash[4], hash->hash[5], hash->hash[6], hash->hash[7],
+ hash->hash[8], hash->hash[9], hash->hash[10], hash->hash[11],
+ hash->hash[12], hash->hash[13], hash->hash[14],
+ hash->hash[15]);
+}
static void subkeydir(char *buffer, size_t length, uint64_t subkey)
{
snprintf(buffer, length, "%s/subkeys/%02X/%02X/%08X",
struct openpgp_publickey *next = NULL;
uint64_t keyid = get_keyid(publickey);
struct ll *wordlist = NULL, *wl = NULL;
+ struct skshash hash;
uint64_t *subkeyids = NULL;
+ uint32_t hashid;
int i = 0;
free(subkeyids);
subkeyids = NULL;
}
+
+ get_skshash(publickey, &hash);
+ hashid = (hash.hash[0] << 24) + (hash.hash[1] << 16) +
+ (hash.hash[2] << 8) + hash.hash[3];
+ prove_path_to(hashid, "skshash");
+ skshashpath(wbuffer, sizeof(wbuffer), &hash);
+ link(buffer, wbuffer);
}
if (!intrans)
static char buffer[PATH_MAX];
int ret;
struct openpgp_publickey *pk = NULL;
+ struct skshash hash;
struct ll *wordlist = NULL, *wl = NULL;
uint64_t *subkeyids = NULL;
int i = 0;
subkeyids = NULL;
}
+ get_skshash(pk, &hash);
+ skshashpath(buffer, sizeof(buffer), &hash);
+ unlink(buffer);
}
keypath(buffer, sizeof(buffer), keyid);
return addedkeys;
}
+/**
+ * fetch_key_skshash - Given an SKS hash fetch the key from storage.
+ * @hash: The hash to fetch.
+ * @publickey: A pointer to a structure to return the key in.
+ * @intrans: If we're already in a transaction.
+ */
+static int fs_fetch_key_skshash(const struct skshash *hash,
+ struct openpgp_publickey **publickey)
+{
+ static char buffer[PATH_MAX];
+ int ret = 0, fd;
+ struct openpgp_packet_list *packets = NULL;
+
+ skshashpath(buffer, sizeof(buffer), hash);
+ if ((fd = open(buffer, O_RDONLY)) != -1) {
+ read_openpgp_stream(file_fetchchar, &fd, &packets, 0);
+ parse_keys(packets, publickey);
+ free_packet_list(packets);
+ packets = NULL;
+ close(fd);
+ ret = 1;
+ }
+
+ return ret;
+}
+
/**
* iterate_keys - call a function once for each key in the db.
* @iterfunc: The function to call.
.endtrans = fs_endtrans,
.fetch_key = fs_fetch_key,
.fetch_key_text = fs_fetch_key_text,
+ .fetch_key_skshash = fs_fetch_key_skshash,
.store_key = fs_store_key,
.update_keys = generic_update_keys,
.delete_key = fs_delete_key,
return 0;
}
+static int keyd_fetch_key_skshash(const struct skshash *hash,
+ struct openpgp_publickey **publickey)
+{
+ struct buffer_ctx keybuf;
+ struct openpgp_packet_list *packets = NULL;
+ uint32_t cmd = KEYD_CMD_GETSKSHASH;
+ ssize_t bytes = 0;
+ ssize_t count = 0;
+
+ write(keyd_fd, &cmd, sizeof(cmd));
+ read(keyd_fd, &cmd, sizeof(cmd));
+ if (cmd == KEYD_REPLY_OK) {
+ write(keyd_fd, hash->hash, sizeof(hash->hash));
+ keybuf.offset = 0;
+ read(keyd_fd, &keybuf.size, sizeof(keybuf.size));
+ if (keybuf.size > 0) {
+ keybuf.buffer = malloc(keybuf.size);
+ bytes = count = 0;
+ logthing(LOGTHING_TRACE,
+ "Getting %d bytes of key data.",
+ keybuf.size);
+ while (bytes >= 0 && count < keybuf.size) {
+ bytes = read(keyd_fd, &keybuf.buffer[count],
+ keybuf.size - count);
+ logthing(LOGTHING_TRACE,
+ "Read %d bytes.", bytes);
+ count += bytes;
+ }
+ read_openpgp_stream(buffer_fetchchar, &keybuf,
+ &packets, 0);
+ parse_keys(packets, publickey);
+ free_packet_list(packets);
+ packets = NULL;
+ free(keybuf.buffer);
+ keybuf.buffer = NULL;
+ keybuf.size = 0;
+ }
+ }
+
+ return (count > 0) ? 1 : 0;
+}
+
+
/**
* getfullkeyid - Maps a 32bit key id to a 64bit one.
* @keyid: The 32bit keyid.
.endtrans = keyd_endtrans,
.fetch_key = keyd_fetch_key,
.fetch_key_text = keyd_fetch_key_text,
+ .fetch_key_skshash = keyd_fetch_key_skshash,
.store_key = keyd_store_key,
.update_keys = generic_update_keys,
.delete_key = keyd_delete_key,
projects / onak.git / commitdiff