Module Name: src
Committed By: agc
Date: Tue Mar 16 00:22:52 UTC 2010
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h
main.c
Added Files:
src/crypto/external/bsd/netpgp/dist/src/hkpd: hkpd.8
Log Message:
various changes to the hkpd server
+ add a man page for hkpd(8)
+ add support for ipv6 as well as ipv4. individual families can be specified
on the command line using the -f argument. default to inet4 and inet6.
+ rationalise the process of getting a socket and binding to it for hkpd.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 \
src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \
src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \
src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \
src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c
cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile
diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.2
--- src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.1 Mon Mar 1 07:41:56 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile Tue Mar 16 00:22:52 2010
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.1 2010/03/01 07:41:56 agc Exp $
+# $NetBSD: Makefile,v 1.2 2010/03/16 00:22:52 agc Exp $
PROG=hkpd
SRCS=hkpd.c main.c
CPPFLAGS+=-g # -DHAVE_CONFIG_H=1
LDFLAGS+=-g
LDADD+= -lnetpgp
-MKMAN=no
+MAN=hkpd.8
WARNS=0 # anything over 0 will fail at the link stage with IDEA errors
.include <bsd.prog.mk>
Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c
diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.2
--- src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.1 Mon Mar 1 07:41:56 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c Tue Mar 16 00:22:52 2010
@@ -32,6 +32,7 @@
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/param.h>
+#include <sys/select.h>
#include <netinet/in.h>
@@ -121,19 +122,47 @@
return 1;
}
+/* get a socket (we'll bind it later) */
+static int
+hkpd_sock_get(const int fam)
+{
+ int sock;
+ int on = 1;
+
+ sock = socket((fam == 4) ? AF_INET : AF_INET6, SOCK_STREAM, 0);
+ if (sock < 0) {
+ (void) fprintf(stderr,"hkpd_sock_get: can't get a socket\n");
+ return -1;
+ }
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
+ (void *)&on, sizeof(on)) == -1) {
+ (void) fprintf(stderr,
+ "hkpd_sock_get: can't set SO_REUSEADDR\n");
+ return -1;
+ }
+ if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+ (void *)&on, sizeof(on)) == -1) {
+ (void) fprintf(stderr,
+ "hkpd_sock_get: can't set SO_KEEPALIVE\n");
+ return -1;
+ }
+ return sock;
+}
+
/**************************************************************************/
-/* bind the socket to the server */
+/* get a socket and bind it to the server */
int
-hkpd_sock_bind(int sock, const char *hostname, const int port)
+hkpd_sock_bind(const char *hostname, const int port, const int fam)
{
struct addrinfo hints;
struct addrinfo *res;
char portstr[32];
+ int sock;
int rc = 0;
(void) memset(&hints, 0, sizeof(hints));
- hints.ai_family = PF_INET;
+ hints.ai_family = (fam == 4) ? PF_INET : PF_INET6;
hints.ai_socktype = SOCK_STREAM;
(void) snprintf(portstr, sizeof(portstr), "%d", port);
/* Attempt connection */
@@ -148,6 +177,11 @@
return -1;
}
}
+ if ((sock = hkpd_sock_get(fam)) < 0) {
+ (void) fprintf(stderr, "hkpd_sock_get failed %d\n", errno);
+ freeaddrinfo(res);
+ return -1;
+ }
if ((rc = bind(sock, res->ai_addr, res->ai_addrlen)) < 0) {
(void) fprintf(stderr, "bind failed %d\n", errno);
freeaddrinfo(res);
@@ -158,38 +192,12 @@
(void) fprintf(stderr, "bind() to %s:%d failed (rc %d)\n",
hostname, port, rc);
}
- return rc;
-}
-
-/* get a socket (we'll bind it later) */
-int
-hkpd_sock_get(void)
-{
- int sock;
- int on = 1;
-
- if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
- (void) fprintf(stderr,"hkpd_sock_get: can't get a socket\n");
- return -1;
- }
- if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
- (void *)&on, sizeof(on)) == -1) {
- (void) fprintf(stderr,
- "hkpd_sock_get: can't set SO_REUSEADDR\n");
- return -1;
- }
- if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
- (void *)&on, sizeof(on)) == -1) {
- (void) fprintf(stderr,
- "hkpd_sock_get: can't set SO_KEEPALIVE\n");
- return -1;
- }
- return sock;
+ return sock;
}
/* netpgp key daemon - does not return */
int
-hkpd(netpgp_t *netpgp, int sock)
+hkpd(netpgp_t *netpgp, int sock4, int sock6)
{
struct sockaddr_in from;
regmatch_t searchmatches[10];
@@ -200,10 +208,12 @@
regex_t searchterm;
regex_t opterm;
regex_t get;
+ fd_set sockets;
char search[BUFSIZ];
char buf[BUFSIZ];
char *cp;
int newsock;
+ int sock;
int code;
int mr;
int ok;
@@ -220,8 +230,22 @@
(void) regcomp(&opterm, OPTERM, REG_EXTENDED);
(void) regcomp(&searchterm, SEARCHTERM, REG_EXTENDED);
(void) regcomp(&machreadterm, MACHREAD, REG_EXTENDED);
- listen(sock, 32);
+ listen(sock4, 32);
+ listen(sock6, 32);
for (;;) {
+ /* find out which socket we have data on */
+ FD_ZERO(&sockets);
+ if (sock4 >= 0) {
+ FD_SET(sock4, &sockets);
+ }
+ if (sock6 >= 0) {
+ FD_SET(sock6, &sockets);
+ }
+ if (select(32, &sockets, NULL, NULL, NULL) < 0) {
+ (void) fprintf(stderr, "bad select call\n");
+ continue;
+ }
+ sock = (sock4 >= 0 && FD_ISSET(sock4, &sockets)) ? sock4 : sock6;
/* read data from socket */
fromlen = sizeof(from);
newsock = accept(sock, (struct sockaddr *) &from, &fromlen);
Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h
diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h:1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h:1.2
--- src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h:1.1 Mon Mar 1 07:41:56 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h Tue Mar 16 00:22:52 2010
@@ -27,14 +27,13 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef HKPD_H_
-#define HKPD_H_ 20091022
+#define HKPD_H_ 20100315
#include <netpgp.h>
-#define HKPD_VERSION 20091022
+#define HKPD_VERSION 20100315
-int hkpd_sock_bind(int, const char *, const int);
-int hkpd_sock_get(void);
-int hkpd(netpgp_t *, int);
+int hkpd_sock_bind(const char */*hostname*/, const int /*port*/, const int /*family*/);
+int hkpd(netpgp_t */*netpgp*/, int /*sock4*/, int /*sock6*/);
#endif
Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c
diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.2
--- src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.1 Mon Mar 1 07:41:57 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c Tue Mar 16 00:22:52 2010
@@ -77,10 +77,12 @@
main(int argc, char **argv)
{
netpgp_t netpgp;
+ char *family;
char *host;
int daemonise;
int port;
- int sock;
+ int sock6;
+ int sock4;
int i;
(void) memset(&netpgp, 0x0, sizeof(netpgp));
@@ -89,7 +91,8 @@
port = 11371;
host = strdup("localhost");
daemonise = 1;
- while ((i = getopt(argc, argv, "DH:Vh:p:v:")) != -1) {
+ family = strdup("46");
+ while ((i = getopt(argc, argv, "DH:Vf:h:p:v:")) != -1) {
switch(i) {
case 'D':
daemonise = 0;
@@ -100,6 +103,10 @@
case 'V':
printf("%s: Version %d\n", *argv, HKPD_VERSION);
exit(EXIT_SUCCESS);
+ case 'f':
+ (void) free(family);
+ family = strdup(optarg);
+ break;
case 'h':
(void) free(host);
host = strdup(optarg);
@@ -125,13 +132,18 @@
(void) fprintf(stderr, "can't initialise\n");
exit(EXIT_FAILURE);
}
- if ((sock = hkpd_sock_get()) < 0) {
- (void) fprintf(stderr,"hkpd: can't get a socket\n");
- exit(EXIT_FAILURE);
+ sock4 = sock6 = -1;
+ if (strchr(family, '4') != NULL &&
+ (sock4 = hkpd_sock_bind(host, port, 4)) < 0) {
+ (void) fprintf(stderr,"hkpd: can't bind inet4 socket\n");
+ }
+ if (strchr(family, '6') != NULL &&
+ (sock6 = hkpd_sock_bind(host, port, 6)) < 0) {
+ (void) fprintf(stderr,"hkpd: can't bind inet6 socket\n");
}
- if (hkpd_sock_bind(sock, host, port) < 0) {
- (void) fprintf(stderr,"hkpd: can't connect socket\n");
+ if (sock4 < 0 && sock6 < 0) {
+ (void) fprintf(stderr,"hkpd: no sockets available\n");
exit(EXIT_FAILURE);
}
- hkpd(&netpgp, sock);
+ hkpd(&netpgp, sock4, sock6);
}
Added files:
Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.8
diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.8:1.1
--- /dev/null Tue Mar 16 00:22:52 2010
+++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.8 Tue Mar 16 00:22:52 2010
@@ -0,0 +1,120 @@
+.\" $NetBSD: hkpd.8,v 1.1 2010/03/16 00:22:52 agc Exp $
+.\"
+.\" Copyright (c) 2009,2010 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This manual page is derived from software contributed to
+.\" The NetBSD Foundation by Alistair Crooks ([email protected]).
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd March 15, 2010
+.Dt HKPD 8
+.Os
+.Sh NAME
+.Nm hkpd
+.Nd HTTP key protocol daemon
+.Sh SYNOPSIS
+.Nm
+.Op Fl DV
+.Op Fl H homedir
+.Op Fl f families
+.Op Fl h hostname
+.Op Fl p port
+.Op Fl v filename
+.Sh DESCRIPTION
+The
+.Nm
+daemon is used to provide public key information on
+a socket to client programs.
+The client can request the information in two separate ways,
+.Dq human
+and
+.Dq machine readable .
+.Pp
+The following options can be used to modify the behaviour
+of the daemon:
+.Bl -tag -width Ar
+.It Fl D
+do not detach the daemon from the controlling tty, and keep
+the
+.Nm
+process running in the foreground.
+.It Fl H Ar homedir
+use the setting of
+.Dv homedir
+as the directory for the public key keyrings.
+.It Fl V
+display the version number of the daemon and exit.
+.It Fl f Ar protocol-families
+allows the address families for sockets to be selected.
+The argument is the string concatenating the families,
+with
+.Dq 4
+representing
+.Dv INET4 ,
+and
+.Dq 6
+representing
+.Dv INET6 .
+The default value for this parameter is
+.Dq 46
+which means that both INET4 and INET6 protocol
+families are used when setting up the sockets.
+.It Fl h Ar hostname
+set the hostname (for use in binding sockets).
+.It Fl p Ar port
+set the port number (for use in binding sockets).
+The default port number is
+the
+.Dq hkp
+service, defined as port
+.Dv 11371 .
+.It Fl v Ar filename
+produce extra debugging output from the internal
+file named
+.Dv filename .
+.El
+.Pp
+The
+.Nm
+daemon is built on
+.Xr libnetpgp 3
+and returns public key information as held in the
+public keyring of the user running the
+.Nm
+daemon utility by default.
+.Sh RETURN VALUES
+In normal operation, the
+.Nm
+daemon will not return.
+.Sh SEE ALSO
+.Xr netpgpkeys 1 ,
+.Xr ssh 1 ,
+.Xr libnetpgp 3
+.Sh HISTORY
+The
+.Nm
+command first appeared in
+.Nx 6.0 .
+.Sh AUTHOR
+.An Alistair Crooks Aq [email protected] .
