1c854a26dSagc /*-
2c854a26dSagc * Copyright (c) 2009,2010 The NetBSD Foundation, Inc.
3c854a26dSagc * All rights reserved.
4c854a26dSagc *
5c854a26dSagc * This code is derived from software contributed to The NetBSD Foundation
6c854a26dSagc * by Alistair Crooks (agc@NetBSD.org)
7c854a26dSagc *
8c854a26dSagc * Redistribution and use in source and binary forms, with or without
9c854a26dSagc * modification, are permitted provided that the following conditions
10c854a26dSagc * are met:
11c854a26dSagc * 1. Redistributions of source code must retain the above copyright
12c854a26dSagc * notice, this list of conditions and the following disclaimer.
13c854a26dSagc * 2. Redistributions in binary form must reproduce the above copyright
14c854a26dSagc * notice, this list of conditions and the following disclaimer in the
15c854a26dSagc * documentation and/or other materials provided with the distribution.
16c854a26dSagc *
17c854a26dSagc * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
18c854a26dSagc * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19c854a26dSagc * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
20c854a26dSagc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
21c854a26dSagc * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22c854a26dSagc * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23c854a26dSagc * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24c854a26dSagc * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25c854a26dSagc * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26c854a26dSagc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27c854a26dSagc * POSSIBILITY OF SUCH DAMAGE.
28c854a26dSagc */
29c854a26dSagc
30c854a26dSagc #include <sys/types.h>
31c854a26dSagc #include <sys/param.h>
32c854a26dSagc #include <sys/socket.h>
33c854a26dSagc #include <sys/stat.h>
34aa9b2037Sagc #include <sys/select.h>
35c854a26dSagc
36c854a26dSagc #include <netinet/in.h>
37c854a26dSagc
38c854a26dSagc #include <errno.h>
39c854a26dSagc #include <netdb.h>
40c854a26dSagc #include <netpgp.h>
41c854a26dSagc #include <regex.h>
42c854a26dSagc #include <stdio.h>
43c854a26dSagc #include <stdlib.h>
44c854a26dSagc #include <string.h>
45c854a26dSagc #include <unistd.h>
46c854a26dSagc
47c854a26dSagc #include "hkpd.h"
48c854a26dSagc
49c854a26dSagc /* make the string have %xx -> %c */
50c854a26dSagc static size_t
frompercent(char * in,size_t insize,char * out,size_t outsize)51c854a26dSagc frompercent(char *in, size_t insize, char *out, size_t outsize)
52c854a26dSagc {
53c854a26dSagc size_t outcc;
54c854a26dSagc char *next;
55c854a26dSagc char *pc;
56c854a26dSagc
57c854a26dSagc outcc = 0;
58c854a26dSagc for (pc = in ; (next = strchr(pc, '%')) != NULL ; pc = next + 3) {
59c854a26dSagc (void) memcpy(&out[outcc], pc, (size_t)(next - pc));
60c854a26dSagc outcc += (size_t)(next - pc);
61c854a26dSagc out[outcc++] = (char)strtol(next + 1, NULL, 16);
62c854a26dSagc }
63c854a26dSagc (void) memcpy(&out[outcc], pc, insize - (int)(pc - in));
64c854a26dSagc outcc += insize - (int)(pc - in);
65c854a26dSagc out[outcc] = 0x0;
66c854a26dSagc return outcc;
67c854a26dSagc }
68c854a26dSagc
69c854a26dSagc #define HKP_HTTP_LEVEL "HTTP/1.0"
70c854a26dSagc #define HKP_NAME "hkpd"
71c854a26dSagc #define HKP_MIME_GET "application/pgp-keys"
72c854a26dSagc #define HKP_MIME_INDEX "text/plain"
73c854a26dSagc #define HKP_MACHREAD "info:1:1\r\n"
74c854a26dSagc
75c854a26dSagc #define HKP_SUCCESS 200
76c854a26dSagc #define HKP_NOT_FOUND 404
77c854a26dSagc
78c854a26dSagc /* make into html */
79c854a26dSagc static int
htmlify(char * buf,size_t size,const int code,const int get,const char * title,const char * out,const char * body)80*44647216Sagc htmlify(char *buf, size_t size, const int code, const int get, const char *title, const char *out, const char *body)
81c854a26dSagc {
82c854a26dSagc return snprintf(buf, size,
83c854a26dSagc "%s %d %s\r\n"
84c854a26dSagc "Server: %s/%d\r\n"
85c854a26dSagc "Content-type: %s\r\n"
86c854a26dSagc "\r\n"
87c854a26dSagc "%s"
88c854a26dSagc "%s",
89c854a26dSagc HKP_HTTP_LEVEL, code, (code == HKP_SUCCESS) ? "OK" : "not found",
90c854a26dSagc HKP_NAME, HKPD_VERSION,
91c854a26dSagc (get) ? HKP_MIME_GET : HKP_MIME_INDEX,
92*44647216Sagc (get || strcmp(out, "mr") != 0) ? "" : HKP_MACHREAD,
93c854a26dSagc body);
94c854a26dSagc }
95c854a26dSagc
96c854a26dSagc /* send the response now */
97c854a26dSagc static int
response(int sock,const int code,const char * search,const int get,char * buf,int cc,const char * out)98*44647216Sagc response(int sock, const int code, const char *search, const int get, char *buf, int cc, const char *out)
99c854a26dSagc {
10065386b72Sagc char outbuf[1024 * 512];
101c854a26dSagc char item[BUFSIZ];
10265386b72Sagc int tot;
10365386b72Sagc int wc;
104c854a26dSagc int n;
105c854a26dSagc
106c854a26dSagc if (buf == NULL) {
107c854a26dSagc (void) snprintf(item, sizeof(item),
108c854a26dSagc "Error handling request: No keys found for '%s'\r\n", search);
109c854a26dSagc n = htmlify(outbuf, sizeof(outbuf), code, get,
110c854a26dSagc "Error handling request\r\n",
111*44647216Sagc out,
112c854a26dSagc item);
113c854a26dSagc } else {
114c854a26dSagc (void) snprintf(item, sizeof(item), "Search results for '%s'", search);
115c854a26dSagc n = htmlify(outbuf, sizeof(outbuf), code, get,
116c854a26dSagc item,
117*44647216Sagc out,
118c854a26dSagc buf);
119c854a26dSagc }
12065386b72Sagc for (tot = 0 ; (wc = write(sock, &outbuf[tot], n - tot)) > 0 && tot < n ; tot += wc) {
121c854a26dSagc }
122c854a26dSagc return 1;
123c854a26dSagc }
124c854a26dSagc
125c854a26dSagc /* get a socket (we'll bind it later) */
126aa9b2037Sagc static int
hkpd_sock_get(const int fam)127aa9b2037Sagc hkpd_sock_get(const int fam)
128c854a26dSagc {
129c854a26dSagc int sock;
130c854a26dSagc int on = 1;
131c854a26dSagc
132aa9b2037Sagc sock = socket((fam == 4) ? AF_INET : AF_INET6, SOCK_STREAM, 0);
133aa9b2037Sagc if (sock < 0) {
134c854a26dSagc (void) fprintf(stderr,"hkpd_sock_get: can't get a socket\n");
135c854a26dSagc return -1;
136c854a26dSagc }
137c854a26dSagc if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
138c854a26dSagc (void *)&on, sizeof(on)) == -1) {
139c854a26dSagc (void) fprintf(stderr,
140c854a26dSagc "hkpd_sock_get: can't set SO_REUSEADDR\n");
141c854a26dSagc return -1;
142c854a26dSagc }
143c854a26dSagc if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
144c854a26dSagc (void *)&on, sizeof(on)) == -1) {
145c854a26dSagc (void) fprintf(stderr,
146c854a26dSagc "hkpd_sock_get: can't set SO_KEEPALIVE\n");
147c854a26dSagc return -1;
148c854a26dSagc }
149c854a26dSagc return sock;
150c854a26dSagc }
151c854a26dSagc
152aa9b2037Sagc /**************************************************************************/
153aa9b2037Sagc
154aa9b2037Sagc /* get a socket and bind it to the server */
155aa9b2037Sagc int
hkpd_sock_bind(const char * hostname,const int port,const int fam)156aa9b2037Sagc hkpd_sock_bind(const char *hostname, const int port, const int fam)
157aa9b2037Sagc {
158aa9b2037Sagc struct addrinfo hints;
159aa9b2037Sagc struct addrinfo *res;
160aa9b2037Sagc char portstr[32];
161aa9b2037Sagc int sock;
162aa9b2037Sagc int rc = 0;
163aa9b2037Sagc
164aa9b2037Sagc (void) memset(&hints, 0, sizeof(hints));
165aa9b2037Sagc hints.ai_family = (fam == 4) ? PF_INET : PF_INET6;
166aa9b2037Sagc hints.ai_socktype = SOCK_STREAM;
167aa9b2037Sagc (void) snprintf(portstr, sizeof(portstr), "%d", port);
168aa9b2037Sagc /* Attempt connection */
169aa9b2037Sagc #ifdef AI_NUMERICSERV
170aa9b2037Sagc hints.ai_flags = AI_NUMERICSERV;
171aa9b2037Sagc #endif
172aa9b2037Sagc if ((rc = getaddrinfo(hostname, portstr, &hints, &res)) != 0) {
173aa9b2037Sagc hints.ai_flags = 0;
174aa9b2037Sagc if ((rc = getaddrinfo(hostname, "hkp", &hints, &res)) != 0) {
175aa9b2037Sagc (void) fprintf(stderr, "getaddrinfo: %s",
176aa9b2037Sagc gai_strerror(rc));
177aa9b2037Sagc return -1;
178aa9b2037Sagc }
179aa9b2037Sagc }
180aa9b2037Sagc if ((sock = hkpd_sock_get(fam)) < 0) {
181aa9b2037Sagc (void) fprintf(stderr, "hkpd_sock_get failed %d\n", errno);
182aa9b2037Sagc freeaddrinfo(res);
183aa9b2037Sagc return -1;
184aa9b2037Sagc }
185aa9b2037Sagc if ((rc = bind(sock, res->ai_addr, res->ai_addrlen)) < 0) {
186aa9b2037Sagc (void) fprintf(stderr, "bind failed %d\n", errno);
187aa9b2037Sagc freeaddrinfo(res);
188aa9b2037Sagc return -1;
189aa9b2037Sagc }
190aa9b2037Sagc freeaddrinfo(res);
191aa9b2037Sagc if (rc < 0) {
192aa9b2037Sagc (void) fprintf(stderr, "bind() to %s:%d failed (rc %d)\n",
193aa9b2037Sagc hostname, port, rc);
194aa9b2037Sagc }
195aa9b2037Sagc return sock;
196aa9b2037Sagc }
197aa9b2037Sagc
198c854a26dSagc /* netpgp key daemon - does not return */
199c854a26dSagc int
hkpd(netpgp_t * netpgp,int sock4,int sock6)200aa9b2037Sagc hkpd(netpgp_t *netpgp, int sock4, int sock6)
201c854a26dSagc {
202c854a26dSagc struct sockaddr_in from;
203c854a26dSagc regmatch_t searchmatches[10];
204c854a26dSagc regmatch_t opmatches[10];
205*44647216Sagc regmatch_t fmtmatch[3];
206c854a26dSagc socklen_t fromlen;
207c854a26dSagc regex_t searchterm;
208*44647216Sagc regex_t fmtterm;
209c854a26dSagc regex_t opterm;
210c854a26dSagc regex_t get;
211aa9b2037Sagc fd_set sockets;
212c854a26dSagc char search[BUFSIZ];
213c854a26dSagc char buf[BUFSIZ];
214c854a26dSagc char *cp;
215*44647216Sagc char fmt[10];
216c854a26dSagc int newsock;
217aa9b2037Sagc int sock;
218c854a26dSagc int code;
219c854a26dSagc int ok;
220c854a26dSagc int cc;
221c854a26dSagc int n;
222c854a26dSagc
223c854a26dSagc /* GET /pks/lookup?search=agc%40netbsd.org&op=index&options=mr HTTP/1.1\n */
224c854a26dSagc #define HTTPGET "GET /pks/lookup\\?"
225c854a26dSagc #define OPTERM "op=([a-zA-Z]+)"
226c854a26dSagc #define SEARCHTERM "search=([^ \t&]+)"
227*44647216Sagc #define FMT "options=(mr|json)"
228c854a26dSagc
229c854a26dSagc (void) regcomp(&get, HTTPGET, REG_EXTENDED);
230c854a26dSagc (void) regcomp(&opterm, OPTERM, REG_EXTENDED);
231c854a26dSagc (void) regcomp(&searchterm, SEARCHTERM, REG_EXTENDED);
232*44647216Sagc (void) regcomp(&fmtterm, FMT, REG_EXTENDED);
233298da0bcSagc if (sock4 >= 0) {
234aa9b2037Sagc listen(sock4, 32);
235298da0bcSagc }
236298da0bcSagc if (sock6 >= 0) {
237aa9b2037Sagc listen(sock6, 32);
238298da0bcSagc }
239c854a26dSagc for (;;) {
240aa9b2037Sagc /* find out which socket we have data on */
241aa9b2037Sagc FD_ZERO(&sockets);
242aa9b2037Sagc if (sock4 >= 0) {
243aa9b2037Sagc FD_SET(sock4, &sockets);
244aa9b2037Sagc }
245aa9b2037Sagc if (sock6 >= 0) {
246aa9b2037Sagc FD_SET(sock6, &sockets);
247aa9b2037Sagc }
248aa9b2037Sagc if (select(32, &sockets, NULL, NULL, NULL) < 0) {
249aa9b2037Sagc (void) fprintf(stderr, "bad select call\n");
250aa9b2037Sagc continue;
251aa9b2037Sagc }
252aa9b2037Sagc sock = (sock4 >= 0 && FD_ISSET(sock4, &sockets)) ? sock4 : sock6;
253c854a26dSagc /* read data from socket */
254c854a26dSagc fromlen = sizeof(from);
255c854a26dSagc newsock = accept(sock, (struct sockaddr *) &from, &fromlen);
256c854a26dSagc cc = read(newsock, buf, sizeof(buf));
257c854a26dSagc /* parse the request */
258c854a26dSagc ok = 1;
259c854a26dSagc if (regexec(&get, buf, 10, opmatches, 0) != 0) {
260c854a26dSagc (void) fprintf(stderr, "not a valid get request\n");
261c854a26dSagc ok = 0;
262c854a26dSagc }
263c854a26dSagc if (ok && regexec(&opterm, buf, 10, opmatches, 0) != 0) {
264c854a26dSagc (void) fprintf(stderr, "no operation in request\n");
265c854a26dSagc ok = 0;
266c854a26dSagc }
267*44647216Sagc if (ok && regexec(&fmtterm, buf, 3, fmtmatch, 0) == 0) {
268*44647216Sagc (void) snprintf(fmt, sizeof(fmt), "%.*s",
269*44647216Sagc (int)(fmtmatch[1].rm_eo - fmtmatch[1].rm_so),
270*44647216Sagc &buf[(int)fmtmatch[1].rm_so]);
271*44647216Sagc } else {
272*44647216Sagc fmt[0] = 0x0;
273c854a26dSagc }
274c854a26dSagc if (ok && regexec(&searchterm, buf, 10, searchmatches, 0) != 0) {
275c854a26dSagc (void) fprintf(stderr, "no search term in request\n");
276c854a26dSagc ok = 0;
277c854a26dSagc }
278c854a26dSagc if (!ok) {
279c854a26dSagc (void) close(newsock);
280c854a26dSagc continue;
281c854a26dSagc }
282c854a26dSagc /* convert from %2f to / etc */
283c854a26dSagc n = frompercent(&buf[searchmatches[1].rm_so],
284c854a26dSagc (int)(searchmatches[1].rm_eo - searchmatches[1].rm_so),
285c854a26dSagc search,
286c854a26dSagc sizeof(search));
287c854a26dSagc code = HKP_NOT_FOUND;
288c854a26dSagc cc = 0;
28965386b72Sagc if (strncmp(&buf[opmatches[1].rm_so], "vindex", 6) == 0) {
290c854a26dSagc cc = 0;
29165386b72Sagc netpgp_setvar(netpgp, "subkey sigs", "yes");
292*44647216Sagc if (strcmp(fmt, "json") == 0) {
293*44647216Sagc if (netpgp_match_keys_json(netpgp, &cp, search, "human", 1)) {
29465386b72Sagc cc = strlen(cp);
29565386b72Sagc code = HKP_SUCCESS;
29665386b72Sagc }
297*44647216Sagc } else if ((cp = netpgp_get_key(netpgp, search, fmt)) != NULL) {
298*44647216Sagc cc = strlen(cp);
299*44647216Sagc code = HKP_SUCCESS;
300*44647216Sagc }
301*44647216Sagc response(newsock, code, search, 0, cp, cc, fmt);
30265386b72Sagc netpgp_unsetvar(netpgp, "subkey sigs");
30365386b72Sagc } else if (strncmp(&buf[opmatches[1].rm_so], "index", 5) == 0) {
30465386b72Sagc cc = 0;
30565386b72Sagc netpgp_unsetvar(netpgp, "subkey sigs");
306*44647216Sagc if (strcmp(fmt, "json") == 0) {
307*44647216Sagc if (netpgp_match_keys_json(netpgp, &cp, search, "human", 0)) {
308c854a26dSagc cc = strlen(cp);
309c854a26dSagc code = HKP_SUCCESS;
310c854a26dSagc }
311*44647216Sagc } else if ((cp = netpgp_get_key(netpgp, search, fmt)) != NULL) {
312*44647216Sagc cc = strlen(cp);
313*44647216Sagc code = HKP_SUCCESS;
314*44647216Sagc }
315*44647216Sagc response(newsock, code, search, 0, cp, cc, fmt);
316c854a26dSagc } else if (strncmp(&buf[opmatches[1].rm_so], "get", 3) == 0) {
317c854a26dSagc if ((cp = netpgp_export_key(netpgp, search)) != NULL) {
318c854a26dSagc cc = strlen(cp);
319c854a26dSagc code = HKP_SUCCESS;
320c854a26dSagc }
321*44647216Sagc response(newsock, code, search, 1, cp, cc, fmt);
322c854a26dSagc }
323c854a26dSagc free(cp);
324c854a26dSagc (void) close(newsock);
325c854a26dSagc }
326c854a26dSagc }
327