Module Name: src Committed By: agc Date: Tue Mar 16 00:22:52 UTC 2010
Modified Files: src/crypto/external/bsd/netpgp/dist/src/hkpd: Makefile hkpd.c hkpd.h main.c Added Files: src/crypto/external/bsd/netpgp/dist/src/hkpd: hkpd.8 Log Message: various changes to the hkpd server + add a man page for hkpd(8) + add support for ipv6 as well as ipv4. individual families can be specified on the command line using the -f argument. default to inet4 and inet6. + rationalise the process of getting a socket and binding to it for hkpd. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 \ src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c \ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h \ src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.2 --- src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile:1.1 Mon Mar 1 07:41:56 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpd/Makefile Tue Mar 16 00:22:52 2010 @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.1 2010/03/01 07:41:56 agc Exp $ +# $NetBSD: Makefile,v 1.2 2010/03/16 00:22:52 agc Exp $ PROG=hkpd SRCS=hkpd.c main.c CPPFLAGS+=-g # -DHAVE_CONFIG_H=1 LDFLAGS+=-g LDADD+= -lnetpgp -MKMAN=no +MAN=hkpd.8 WARNS=0 # anything over 0 will fail at the link stage with IDEA errors .include <bsd.prog.mk> Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.2 --- src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c:1.1 Mon Mar 1 07:41:56 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.c Tue Mar 16 00:22:52 2010 @@ -32,6 +32,7 @@ #include <sys/socket.h> #include <sys/stat.h> #include <sys/param.h> +#include <sys/select.h> #include <netinet/in.h> @@ -121,19 +122,47 @@ return 1; } +/* get a socket (we'll bind it later) */ +static int +hkpd_sock_get(const int fam) +{ + int sock; + int on = 1; + + sock = socket((fam == 4) ? AF_INET : AF_INET6, SOCK_STREAM, 0); + if (sock < 0) { + (void) fprintf(stderr,"hkpd_sock_get: can't get a socket\n"); + return -1; + } + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, + (void *)&on, sizeof(on)) == -1) { + (void) fprintf(stderr, + "hkpd_sock_get: can't set SO_REUSEADDR\n"); + return -1; + } + if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, + (void *)&on, sizeof(on)) == -1) { + (void) fprintf(stderr, + "hkpd_sock_get: can't set SO_KEEPALIVE\n"); + return -1; + } + return sock; +} + /**************************************************************************/ -/* bind the socket to the server */ +/* get a socket and bind it to the server */ int -hkpd_sock_bind(int sock, const char *hostname, const int port) +hkpd_sock_bind(const char *hostname, const int port, const int fam) { struct addrinfo hints; struct addrinfo *res; char portstr[32]; + int sock; int rc = 0; (void) memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_INET; + hints.ai_family = (fam == 4) ? PF_INET : PF_INET6; hints.ai_socktype = SOCK_STREAM; (void) snprintf(portstr, sizeof(portstr), "%d", port); /* Attempt connection */ @@ -148,6 +177,11 @@ return -1; } } + if ((sock = hkpd_sock_get(fam)) < 0) { + (void) fprintf(stderr, "hkpd_sock_get failed %d\n", errno); + freeaddrinfo(res); + return -1; + } if ((rc = bind(sock, res->ai_addr, res->ai_addrlen)) < 0) { (void) fprintf(stderr, "bind failed %d\n", errno); freeaddrinfo(res); @@ -158,38 +192,12 @@ (void) fprintf(stderr, "bind() to %s:%d failed (rc %d)\n", hostname, port, rc); } - return rc; -} - -/* get a socket (we'll bind it later) */ -int -hkpd_sock_get(void) -{ - int sock; - int on = 1; - - if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - (void) fprintf(stderr,"hkpd_sock_get: can't get a socket\n"); - return -1; - } - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, - (void *)&on, sizeof(on)) == -1) { - (void) fprintf(stderr, - "hkpd_sock_get: can't set SO_REUSEADDR\n"); - return -1; - } - if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, - (void *)&on, sizeof(on)) == -1) { - (void) fprintf(stderr, - "hkpd_sock_get: can't set SO_KEEPALIVE\n"); - return -1; - } - return sock; + return sock; } /* netpgp key daemon - does not return */ int -hkpd(netpgp_t *netpgp, int sock) +hkpd(netpgp_t *netpgp, int sock4, int sock6) { struct sockaddr_in from; regmatch_t searchmatches[10]; @@ -200,10 +208,12 @@ regex_t searchterm; regex_t opterm; regex_t get; + fd_set sockets; char search[BUFSIZ]; char buf[BUFSIZ]; char *cp; int newsock; + int sock; int code; int mr; int ok; @@ -220,8 +230,22 @@ (void) regcomp(&opterm, OPTERM, REG_EXTENDED); (void) regcomp(&searchterm, SEARCHTERM, REG_EXTENDED); (void) regcomp(&machreadterm, MACHREAD, REG_EXTENDED); - listen(sock, 32); + listen(sock4, 32); + listen(sock6, 32); for (;;) { + /* find out which socket we have data on */ + FD_ZERO(&sockets); + if (sock4 >= 0) { + FD_SET(sock4, &sockets); + } + if (sock6 >= 0) { + FD_SET(sock6, &sockets); + } + if (select(32, &sockets, NULL, NULL, NULL) < 0) { + (void) fprintf(stderr, "bad select call\n"); + continue; + } + sock = (sock4 >= 0 && FD_ISSET(sock4, &sockets)) ? sock4 : sock6; /* read data from socket */ fromlen = sizeof(from); newsock = accept(sock, (struct sockaddr *) &from, &fromlen); Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h:1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h:1.2 --- src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h:1.1 Mon Mar 1 07:41:56 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.h Tue Mar 16 00:22:52 2010 @@ -27,14 +27,13 @@ * POSSIBILITY OF SUCH DAMAGE. */ #ifndef HKPD_H_ -#define HKPD_H_ 20091022 +#define HKPD_H_ 20100315 #include <netpgp.h> -#define HKPD_VERSION 20091022 +#define HKPD_VERSION 20100315 -int hkpd_sock_bind(int, const char *, const int); -int hkpd_sock_get(void); -int hkpd(netpgp_t *, int); +int hkpd_sock_bind(const char */*hostname*/, const int /*port*/, const int /*family*/); +int hkpd(netpgp_t */*netpgp*/, int /*sock4*/, int /*sock6*/); #endif Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c diff -u src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.1 src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.2 --- src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c:1.1 Mon Mar 1 07:41:57 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpd/main.c Tue Mar 16 00:22:52 2010 @@ -77,10 +77,12 @@ main(int argc, char **argv) { netpgp_t netpgp; + char *family; char *host; int daemonise; int port; - int sock; + int sock6; + int sock4; int i; (void) memset(&netpgp, 0x0, sizeof(netpgp)); @@ -89,7 +91,8 @@ port = 11371; host = strdup("localhost"); daemonise = 1; - while ((i = getopt(argc, argv, "DH:Vh:p:v:")) != -1) { + family = strdup("46"); + while ((i = getopt(argc, argv, "DH:Vf:h:p:v:")) != -1) { switch(i) { case 'D': daemonise = 0; @@ -100,6 +103,10 @@ case 'V': printf("%s: Version %d\n", *argv, HKPD_VERSION); exit(EXIT_SUCCESS); + case 'f': + (void) free(family); + family = strdup(optarg); + break; case 'h': (void) free(host); host = strdup(optarg); @@ -125,13 +132,18 @@ (void) fprintf(stderr, "can't initialise\n"); exit(EXIT_FAILURE); } - if ((sock = hkpd_sock_get()) < 0) { - (void) fprintf(stderr,"hkpd: can't get a socket\n"); - exit(EXIT_FAILURE); + sock4 = sock6 = -1; + if (strchr(family, '4') != NULL && + (sock4 = hkpd_sock_bind(host, port, 4)) < 0) { + (void) fprintf(stderr,"hkpd: can't bind inet4 socket\n"); + } + if (strchr(family, '6') != NULL && + (sock6 = hkpd_sock_bind(host, port, 6)) < 0) { + (void) fprintf(stderr,"hkpd: can't bind inet6 socket\n"); } - if (hkpd_sock_bind(sock, host, port) < 0) { - (void) fprintf(stderr,"hkpd: can't connect socket\n"); + if (sock4 < 0 && sock6 < 0) { + (void) fprintf(stderr,"hkpd: no sockets available\n"); exit(EXIT_FAILURE); } - hkpd(&netpgp, sock); + hkpd(&netpgp, sock4, sock6); } Added files: Index: src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.8 diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.8:1.1 --- /dev/null Tue Mar 16 00:22:52 2010 +++ src/crypto/external/bsd/netpgp/dist/src/hkpd/hkpd.8 Tue Mar 16 00:22:52 2010 @@ -0,0 +1,120 @@ +.\" $NetBSD: hkpd.8,v 1.1 2010/03/16 00:22:52 agc Exp $ +.\" +.\" Copyright (c) 2009,2010 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This manual page is derived from software contributed to +.\" The NetBSD Foundation by Alistair Crooks (a...@netbsd.org). +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd March 15, 2010 +.Dt HKPD 8 +.Os +.Sh NAME +.Nm hkpd +.Nd HTTP key protocol daemon +.Sh SYNOPSIS +.Nm +.Op Fl DV +.Op Fl H homedir +.Op Fl f families +.Op Fl h hostname +.Op Fl p port +.Op Fl v filename +.Sh DESCRIPTION +The +.Nm +daemon is used to provide public key information on +a socket to client programs. +The client can request the information in two separate ways, +.Dq human +and +.Dq machine readable . +.Pp +The following options can be used to modify the behaviour +of the daemon: +.Bl -tag -width Ar +.It Fl D +do not detach the daemon from the controlling tty, and keep +the +.Nm +process running in the foreground. +.It Fl H Ar homedir +use the setting of +.Dv homedir +as the directory for the public key keyrings. +.It Fl V +display the version number of the daemon and exit. +.It Fl f Ar protocol-families +allows the address families for sockets to be selected. +The argument is the string concatenating the families, +with +.Dq 4 +representing +.Dv INET4 , +and +.Dq 6 +representing +.Dv INET6 . +The default value for this parameter is +.Dq 46 +which means that both INET4 and INET6 protocol +families are used when setting up the sockets. +.It Fl h Ar hostname +set the hostname (for use in binding sockets). +.It Fl p Ar port +set the port number (for use in binding sockets). +The default port number is +the +.Dq hkp +service, defined as port +.Dv 11371 . +.It Fl v Ar filename +produce extra debugging output from the internal +file named +.Dv filename . +.El +.Pp +The +.Nm +daemon is built on +.Xr libnetpgp 3 +and returns public key information as held in the +public keyring of the user running the +.Nm +daemon utility by default. +.Sh RETURN VALUES +In normal operation, the +.Nm +daemon will not return. +.Sh SEE ALSO +.Xr netpgpkeys 1 , +.Xr ssh 1 , +.Xr libnetpgp 3 +.Sh HISTORY +The +.Nm +command first appeared in +.Nx 6.0 . +.Sh AUTHOR +.An Alistair Crooks Aq a...@netbsd.org .