security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

dirmngr: Remove cruft from dirmngr_ldap

Browse Source 
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff.  Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--

Note that the ldap_sslinit stuff for Windows has not been tested.

This patch removes the whole wrapper-but-linked business because we do
not need it anymore.  WindowsCE for which we used it is pretty dead.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-11-11 20:49:04 +01:00
parent dd18be979e
commit 4c295646ba
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
6 changed files with 58 additions and 708 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
configure.ac
View File

@ -664,7 +664,6 @@ have_w32_system=no
have_w32ce_system=no have_w32ce_system=no
have_android_system=no have_android_system=no
use_simple_gettext=no use_simple_gettext=no
use_ldapwrapper=yes
mmap_needed=yes mmap_needed=yes
require_pipe_to_unblock_pselect=yes require_pipe_to_unblock_pselect=yes
case "${host}" in case "${host}" in
@ -1225,16 +1224,8 @@ fi
AM_CONDITIONAL(USE_LDAP, [test "$gnupg_have_ldap" = yes]) AM_CONDITIONAL(USE_LDAP, [test "$gnupg_have_ldap" = yes])
if test "$gnupg_have_ldap" = yes ; then if test "$gnupg_have_ldap" = yes ; then
AC_DEFINE(USE_LDAP,1,[Defined if LDAP is support]) AC_DEFINE(USE_LDAP,1,[Defined if LDAP is support])
else
use_ldapwrapper=no
fi fi
if test "$use_ldapwrapper" = yes; then
AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
fi
AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
# #

15
dirmngr/Makefile.am
View File

@ -26,9 +26,7 @@ dist_pkgdata_DATA = sks-keyservers.netCA.pem
bin_PROGRAMS = dirmngr dirmngr-client bin_PROGRAMS = dirmngr dirmngr-client
if USE_LDAPWRAPPER
libexec_PROGRAMS = dirmngr_ldap libexec_PROGRAMS = dirmngr_ldap
endif
noinst_PROGRAMS = $(module_tests) $(module_net_tests) $(module_maint_tests) noinst_PROGRAMS = $(module_tests) $(module_net_tests) $(module_maint_tests)
TESTS = $(module_tests) $(module_net_tests) TESTS = $(module_tests) $(module_net_tests)
@ -49,12 +47,6 @@ else
ldap_url = ldap_url =
endif endif
if USE_LDAPWRAPPER
extraldap_src = ldap-wrapper.c
else
extraldap_src = ldap-wrapper-ce.c dirmngr_ldap.c
endif
noinst_HEADERS = dirmngr.h crlcache.h crlfetch.h misc.h noinst_HEADERS = dirmngr.h crlcache.h crlfetch.h misc.h
dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
@ -76,7 +68,7 @@ endif
if USE_LDAP if USE_LDAP
dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \ dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \ ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
ks-engine-ldap.c $(ldap_url) $(extraldap_src) ks-engine-ldap.c $(ldap_url) ldap-wrapper.c
ldaplibs = $(LDAPLIBS) ldaplibs = $(LDAPLIBS)
else else
ldaplibs = ldaplibs =
@ -90,19 +82,14 @@ dirmngr_LDADD = $(libcommonpth) \
if USE_LDAP if USE_LDAP
dirmngr_LDADD += $(ldaplibs) dirmngr_LDADD += $(ldaplibs)
endif endif
if !USE_LDAPWRAPPER
dirmngr_LDADD += $(ldaplibs)
endif
dirmngr_LDFLAGS = $(extra_bin_ldflags) dirmngr_LDFLAGS = $(extra_bin_ldflags)
if USE_LDAPWRAPPER
dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url) dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url)
dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
dirmngr_ldap_LDFLAGS = dirmngr_ldap_LDFLAGS =
dirmngr_ldap_LDADD = $(libcommon) \ dirmngr_ldap_LDADD = $(libcommon) \
$(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LDAPLIBS) \ $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LDAPLIBS) \
$(LBER_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) $(LBER_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS)
endif
dirmngr_client_SOURCES = dirmngr-client.c dirmngr_client_SOURCES = dirmngr-client.c
dirmngr_client_LDADD = $(libcommon) \ dirmngr_client_LDADD = $(libcommon) \

128
dirmngr/dirmngr_ldap.c
View File

@ -31,9 +31,6 @@
#include <errno.h> #include <errno.h>
#include <sys/time.h> #include <sys/time.h>
#include <unistd.h> #include <unistd.h>
#ifndef USE_LDAPWRAPPER
# include <npth.h>
#endif
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
# include <winsock2.h> # include <winsock2.h>
@ -59,43 +56,12 @@
#include "../common/util.h" #include "../common/util.h"
#include "../common/init.h" #include "../common/init.h"
/* With the ldap wrapper, there is no need for the npth_unprotect and leave /* There is no need for the npth_unprotect and leave functions here;
functions; thus we redefine them to nops. If we are not using the * thus we redefine them to nops. We keep them in the code just for
ldap wrapper process we need to include the prototype for our * the case we ever want to reuse parts of the code in npth programs. */
module's main function. */
#ifdef USE_LDAPWRAPPER
static void npth_unprotect (void) { } static void npth_unprotect (void) { }
static void npth_protect (void) { } static void npth_protect (void) { }
#else
# include "./ldap-wrapper.h"
#endif
#ifdef HAVE_W32CE_SYSTEM
# include "w32-ldap-help.h"
# define my_ldap_init(a,b) \
_dirmngr_ldap_init ((a), (b))
# define my_ldap_simple_bind_s(a,b,c) \
_dirmngr_ldap_simple_bind_s ((a),(b),(c))
# define my_ldap_search_st(a,b,c,d,e,f,g,h) \
_dirmngr_ldap_search_st ((a), (b), (c), (d), (e), (f), (g), (h))
# define my_ldap_first_attribute(a,b,c) \
_dirmngr_ldap_first_attribute ((a),(b),(c))
# define my_ldap_next_attribute(a,b,c) \
_dirmngr_ldap_next_attribute ((a),(b),(c))
# define my_ldap_get_values_len(a,b,c) \
_dirmngr_ldap_get_values_len ((a),(b),(c))
# define my_ldap_free_attr(a) \
xfree ((a))
#else
# define my_ldap_init(a,b) ldap_init ((a), (b))
# define my_ldap_simple_bind_s(a,b,c) ldap_simple_bind_s ((a), (b), (c))
# define my_ldap_search_st(a,b,c,d,e,f,g,h) \
ldap_search_st ((a), (b), (c), (d), (e), (f), (g), (h))
# define my_ldap_first_attribute(a,b,c) ldap_first_attribute ((a),(b),(c))
# define my_ldap_next_attribute(a,b,c) ldap_next_attribute ((a),(b),(c))
# define my_ldap_get_values_len(a,b,c) ldap_get_values_len ((a),(b),(c))
# define my_ldap_free_attr(a) ldap_memfree ((a))
#endif
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
typedef LDAP_TIMEVAL my_ldap_timeval_t; typedef LDAP_TIMEVAL my_ldap_timeval_t;
@ -192,7 +158,6 @@ static int process_url (my_opt_t myopt, const char *url);
/* Function called by argparse.c to display information. */ /* Function called by argparse.c to display information. */
#ifdef USE_LDAPWRAPPER
static const char * static const char *
my_strusage (int level) my_strusage (int level)
{ {
@ -220,19 +185,11 @@ my_strusage (int level)
} }
return p; return p;
} }
#endif /*!USE_LDAPWRAPPER*/
int int
#ifdef USE_LDAPWRAPPER
main (int argc, char **argv) main (int argc, char **argv)
#else
ldap_wrapper_main (char **argv, estream_t outstream)
#endif
{ {
#ifndef USE_LDAPWRAPPER
int argc;
#endif
ARGPARSE_ARGS pargs; ARGPARSE_ARGS pargs;
int any_err = 0; int any_err = 0;
char *p; char *p;
@ -245,7 +202,6 @@ ldap_wrapper_main (char **argv, estream_t outstream)
early_system_init (); early_system_init ();
#ifdef USE_LDAPWRAPPER
set_strusage (my_strusage); set_strusage (my_strusage);
log_set_prefix ("dirmngr_ldap", GPGRT_LOG_WITH_PREFIX); log_set_prefix ("dirmngr_ldap", GPGRT_LOG_WITH_PREFIX);
@ -256,11 +212,6 @@ ldap_wrapper_main (char **argv, estream_t outstream)
es_set_binary (es_stdout); es_set_binary (es_stdout);
myopt->outstream = es_stdout; myopt->outstream = es_stdout;
#else /*!USE_LDAPWRAPPER*/
myopt->outstream = outstream;
for (argc=0; argv[argc]; argc++)
;
#endif /*!USE_LDAPWRAPPER*/
/* LDAP defaults */ /* LDAP defaults */
myopt->timeout.tv_sec = DEFAULT_LDAP_TIMEOUT; myopt->timeout.tv_sec = DEFAULT_LDAP_TIMEOUT;
@ -305,11 +256,7 @@ ldap_wrapper_main (char **argv, estream_t outstream)
break; break;
default : default :
#ifdef USE_LDAPWRAPPER
pargs.err = ARGPARSE_PRINT_ERROR; pargs.err = ARGPARSE_PRINT_ERROR;
#else
pargs.err = ARGPARSE_PRINT_WARNING; /* No exit() please. */
#endif
break; break;
} }
} }
@ -339,17 +286,11 @@ ldap_wrapper_main (char **argv, estream_t outstream)
if (myopt->port < 0 || myopt->port > 65535) if (myopt->port < 0 || myopt->port > 65535)
log_error (_("invalid port number %d\n"), myopt->port); log_error (_("invalid port number %d\n"), myopt->port);
#ifdef USE_LDAPWRAPPER
if (log_get_errorcount (0)) if (log_get_errorcount (0))
exit (2); exit (2);
if (argc < 1) if (argc < 1)
usage (1); usage (1);
#else
/* All passed arguments should be fine in this case. */
log_assert (argc);
#endif
#ifdef USE_LDAPWRAPPER
if (myopt->alarm_timeout) if (myopt->alarm_timeout)
{ {
#ifndef HAVE_W32_SYSTEM #ifndef HAVE_W32_SYSTEM
@ -366,7 +307,6 @@ ldap_wrapper_main (char **argv, estream_t outstream)
log_fatal ("unable to register timeout handler\n"); log_fatal ("unable to register timeout handler\n");
#endif #endif
} }
#endif /*USE_LDAPWRAPPER*/
for (; argc; argc--, argv++) for (; argc; argc--, argv++)
if (process_url (myopt, *argv)) if (process_url (myopt, *argv))
@ -467,10 +407,10 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
} }
for (npth_unprotect (), attr = my_ldap_first_attribute (ld, item, &berctx), for (npth_unprotect (), attr = ldap_first_attribute (ld, item, &berctx),
npth_protect (); npth_protect ();
attr; attr;
npth_unprotect (), attr = my_ldap_next_attribute (ld, item, berctx), npth_unprotect (), attr = ldap_next_attribute (ld, item, berctx),
npth_protect ()) npth_protect ())
{ {
struct berval **values; struct berval **values;
@ -503,20 +443,20 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
*cp2 = ';'; *cp2 = ';';
if (cmpres) if (cmpres)
{ {
my_ldap_free_attr (attr); ldap_memfree (attr);
continue; /* Not found: Try next attribute. */ continue; /* Not found: Try next attribute. */
} }
} }
npth_unprotect (); npth_unprotect ();
values = my_ldap_get_values_len (ld, item, attr); values = ldap_get_values_len (ld, item, attr);
npth_protect (); npth_protect ();
if (!values) if (!values)
{ {
if (myopt->verbose) if (myopt->verbose)
log_info (_("attribute '%s' not found\n"), attr); log_info (_("attribute '%s' not found\n"), attr);
my_ldap_free_attr (attr); ldap_memfree (attr);
continue; continue;
} }
@ -546,7 +486,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
log_error (_("error writing to stdout: %s\n"), log_error (_("error writing to stdout: %s\n"),
strerror (errno)); strerror (errno));
ldap_value_free_len (values); ldap_value_free_len (values);
my_ldap_free_attr (attr); ldap_memfree (attr);
ber_free (berctx, 0); ber_free (berctx, 0);
return -1; return -1;
} }
@ -570,7 +510,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
log_error (_("error writing to stdout: %s\n"), log_error (_("error writing to stdout: %s\n"),
strerror (errno)); strerror (errno));
ldap_value_free_len (values); ldap_value_free_len (values);
my_ldap_free_attr (attr); ldap_memfree (attr);
ber_free (berctx, 0); ber_free (berctx, 0);
return -1; return -1;
} }
@ -582,7 +522,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
log_error (_("error writing to stdout: %s\n"), log_error (_("error writing to stdout: %s\n"),
strerror (errno)); strerror (errno));
ldap_value_free_len (values); ldap_value_free_len (values);
my_ldap_free_attr (attr); ldap_memfree (attr);
ber_free (berctx, 0); ber_free (berctx, 0);
return -1; return -1;
} }
@ -592,7 +532,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
break; /* Print only the first value. */ break; /* Print only the first value. */
} }
ldap_value_free_len (values); ldap_value_free_len (values);
my_ldap_free_attr (attr); ldap_memfree (attr);
if (want_attr || !myopt->multi) if (want_attr || !myopt->multi)
break; /* We only want to return the first attribute. */ break; /* We only want to return the first attribute. */
} }
@ -617,6 +557,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
char *host, *dn, *filter, *attrs[2], *attr; char *host, *dn, *filter, *attrs[2], *attr;
int port; int port;
int ret; int ret;
int usetls;
host = myopt->host? myopt->host : ludp->lud_host; host = myopt->host? myopt->host : ludp->lud_host;
port = myopt->port? myopt->port : ludp->lud_port; port = myopt->port? myopt->port : ludp->lud_port;
@ -678,8 +619,24 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
set_timeout (myopt); set_timeout (myopt);
if (myopt->force_tls usetls = (myopt->force_tls
|| (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))) || (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps")));
#if HAVE_W32_SYSTEM
if (1)
{
npth_unprotect ();
ld = ldap_sslinit (host, port, usetls);
npth_protect ();
if (!ld)
{
ret = LdapGetLastError ();
log_error (_("LDAP init to '%s:%d' failed: %s\n"),
host, port, ldap_err2string (ret));
return -1;
}
}
#else /*!W32*/
if (usetls)
{ {
char *uri; char *uri;
@ -690,7 +647,9 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
gpg_strerror (gpg_error_from_syserror ())); gpg_strerror (gpg_error_from_syserror ()));
return -1; return -1;
} }
npth_unprotect ();
ret = ldap_initialize (&ld, uri); ret = ldap_initialize (&ld, uri);
npth_protect ();
if (ret) if (ret)
{ {
log_error (_("LDAP init to '%s' failed: %s\n"), log_error (_("LDAP init to '%s' failed: %s\n"),
@ -708,7 +667,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
* should really consider the supplied scheme and use only * should really consider the supplied scheme and use only
* ldap_initialize. */ * ldap_initialize. */
npth_unprotect (); npth_unprotect ();
ld = my_ldap_init (host, port); ld = ldap_init (host, port);
npth_protect (); npth_protect ();
if (!ld) if (!ld)
{ {
@ -717,10 +676,11 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
return -1; return -1;
} }
} }
#endif /*!W32*/
npth_unprotect (); npth_unprotect ();
/* Fixme: Can we use MYOPT->user or is it shared with other theeads?. */ /* Fixme: Can we use MYOPT->user or is it shared with other theeads?. */
ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass); ret = ldap_simple_bind_s (ld, myopt->user, myopt->pass);
npth_protect (); npth_protect ();
#ifdef LDAP_VERSION3 #ifdef LDAP_VERSION3
if (ret == LDAP_PROTOCOL_ERROR) if (ret == LDAP_PROTOCOL_ERROR)
@ -731,7 +691,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
log_info ("protocol error; retrying bind with v3 protocol\n"); log_info ("protocol error; retrying bind with v3 protocol\n");
npth_unprotect (); npth_unprotect ();
ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version); ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass); ret = ldap_simple_bind_s (ld, myopt->user, myopt->pass);
npth_protect (); npth_protect ();
} }
#endif #endif
@ -745,11 +705,11 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
set_timeout (myopt); set_timeout (myopt);
npth_unprotect (); npth_unprotect ();
rc = my_ldap_search_st (ld, dn, ludp->lud_scope, filter, rc = ldap_search_st (ld, dn, ludp->lud_scope, filter,
myopt->multi && !myopt->attr && ludp->lud_attrs? myopt->multi && !myopt->attr && ludp->lud_attrs?
ludp->lud_attrs:attrs, ludp->lud_attrs:attrs,
0, 0,
&myopt->timeout, &msg); &myopt->timeout, &msg);
npth_protect (); npth_protect ();
if (rc == LDAP_SIZELIMIT_EXCEEDED && myopt->multi) if (rc == LDAP_SIZELIMIT_EXCEEDED && myopt->multi)
{ {
@ -761,12 +721,8 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
} }
else if (rc) else if (rc)
{ {
#ifdef HAVE_W32CE_SYSTEM
log_error ("searching '%s' failed: %d\n", url, rc);
#else
log_error (_("searching '%s' failed: %s\n"), log_error (_("searching '%s' failed: %s\n"),
url, ldap_err2string (rc)); url, ldap_err2string (rc));
#endif
if (rc != LDAP_NO_SUCH_OBJECT) if (rc != LDAP_NO_SUCH_OBJECT)
{ {
/* FIXME: Need deinit (ld)? */ /* FIXME: Need deinit (ld)? */

575
dirmngr/ldap-wrapper-ce.c
View File

@ -1,575 +0,0 @@
/* ldap-wrapper-ce.c - LDAP access via W32 threads
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
/*
Alternative wrapper for use with WindowsCE. Under WindowsCE the
number of processes is strongly limited (32 processes including the
kernel processes) and thus we don't use the process approach but
implement a wrapper based on native threads.
See ldap-wrapper.c for the standard wrapper interface.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include <time.h>
#include <npth.h>
#include <assert.h>
#include "dirmngr.h"
#include "misc.h"
#include "ldap-wrapper.h"
#ifdef USE_LDAPWRAPPER
# error This module is not expected to be build.
#endif
#error This module might not anymore work.
/* Read a fixed amount of data from READER into BUFFER. */
static gpg_error_t
read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
{
gpg_error_t err;
size_t nread;
while (count)
{
err = ksba_reader_read (reader, buffer, count, &nread);
if (err)
return err;
buffer += nread;
count -= nread;
}
return 0;
}
/* Start the reaper thread for this wrapper. */
void
ldap_wrapper_launch_thread (void)
{
/* Not required. */
}
/* Wait until all ldap wrappers have terminated. We assume that the
kill has already been sent to all of them. */
void
ldap_wrapper_wait_connections ()
{
/* Not required. */
}
/* Cleanup all resources held by the connection associated with
CTRL. This is used after a cancel to kill running wrappers. */
void
ldap_wrapper_connection_cleanup (ctrl_t ctrl)
{
(void)ctrl;
/* Not required. */
}
/* The cookie we use to implement the outstream of the wrapper thread. */
struct outstream_cookie_s
{
int refcount; /* Reference counter - possible values are 1 and 2. */
/* We don't need a mutex for the conditions, as npth provides a
simpler condition interface that relies on the global lock. This
can be used if we never yield between testing the condition and
waiting on it. */
npth_cond_t wait_data; /* Condition that data is available. */
npth_cond_t wait_space; /* Condition that space is available. */
int eof_seen; /* EOF indicator. */
char buffer[4000]; /* Data ring buffer. */
size_t buffer_len; /* The amount of data in the BUFFER. */
size_t buffer_pos; /* The next read position of the BUFFER. */
size_t buffer_read_pos; /* The next read position of the BUFFER. */
};
#define BUFFER_EMPTY(c) ((c)->buffer_len == 0)
#define BUFFER_FULL(c) ((c)->buffer_len == DIM((c)->buffer))
#define BUFFER_DATA_AVAILABLE(c) ((c)->buffer_len)
#define BUFFER_SPACE_AVAILABLE(c) (DIM((c)->buffer) - (c)->buffer_len)
#define BUFFER_INC_POS(c,n) (c)->buffer_pos = ((c)->buffer_pos + (n)) % DIM((c)->buffer)
#define BUFFER_CUR_POS(c) (&(c)->buffer[(c)->buffer_pos])
#define BUFFER_INC_READ_POS(c,n) (c)->buffer_read_pos = ((c)->buffer_read_pos + (n)) % DIM((c)->buffer)
#define BUFFER_CUR_READ_POS(c) (&(c)->buffer[(c)->buffer_read_pos])
static int
buffer_get_data (struct outstream_cookie_s *cookie, char *dst, int cnt)
{
int amount;
int left;
int chunk;
amount = cnt;
if (BUFFER_DATA_AVAILABLE (cookie) < amount)
amount = BUFFER_DATA_AVAILABLE (cookie);
left = amount;
/* How large is the part up to the end of the buffer array? */
chunk = DIM(cookie->buffer) - cookie->buffer_pos;
if (chunk > left)
chunk = left;
memcpy (dst, BUFFER_CUR_READ_POS (cookie), chunk);
BUFFER_INC_READ_POS (cookie, chunk);
left -= chunk;
dst += chunk;
if (left)
{
memcpy (dst, BUFFER_CUR_READ_POS (cookie), left);
BUFFER_INC_READ_POS (cookie, left);
}
return amount;
}
static int
buffer_put_data (struct outstream_cookie_s *cookie, const char *src, int cnt)
{
int amount;
int remain;
int left;
int chunk;
remain = DIM(cookie->buffer) - cookie->buffer_len;
amount = cnt;
if (remain < amount)
amount = remain;
left = amount;
/* How large is the part up to the end of the buffer array? */
chunk = DIM(cookie->buffer) - cookie->buffer_pos;
if (chunk > left)
chunk = left;
memcpy (BUFFER_CUR_POS (cookie), src, chunk);
BUFFER_INC_POS (cookie, chunk);
left -= chunk;
src += chunk;
if (left)
{
memcpy (BUFFER_CUR_POS (cookie), src, left);
BUFFER_INC_POS (cookie, left);
}
cookie->buffer_len -= amount;
return amount;
}
/* The writer function for the outstream. This is used to transfer
the output of the ldap wrapper thread to the ksba reader object. */
static gpgrt_ssize_t
outstream_cookie_writer (void *cookie_arg, const void *buffer, size_t size)
{
struct outstream_cookie_s *cookie = cookie_arg;
const char *src;
ssize_t nwritten = 0;
int res;
ssize_t amount = 0;
src = buffer;
do
{
int was_empty = 0;
/* Wait for free space. */
while (BUFFER_FULL(cookie))
{
/* Buffer is full: Wait for space. */
res = npth_cond_wait (&cookie->wait_space, NULL);
if (res)
{
gpg_err_set_errno (res);
return -1;
}
}
if (BUFFER_EMPTY(cookie))
was_empty = 1;
/* Copy data. */
nwritten = buffer_put_data (cookie, buffer, size);
size -= nwritten;
src += nwritten;
amount += nwritten;
if (was_empty)
npth_cond_signal (&cookie->wait_data);
}
while (size); /* Until done. */
return amount;
}
static void
outstream_release_cookie (struct outstream_cookie_s *cookie)
{
cookie->refcount--;
if (!cookie->refcount)
{
npth_cond_destroy (&cookie->wait_data);
npth_cond_destroy (&cookie->wait_space);
xfree (cookie);
}
}
/* Closer function for the outstream. This deallocates the cookie if
it won't be used anymore. */
static int
outstream_cookie_closer (void *cookie_arg)
{
struct outstream_cookie_s *cookie = cookie_arg;
if (!cookie)
return 0; /* Nothing to do. */
cookie->eof_seen = 1; /* (only useful if refcount > 1) */
assert (cookie->refcount > 0);
outstream_release_cookie (cookie);
return 0;
}
/* The KSBA reader callback which takes the output of the ldap thread
form the outstream_cookie_writer and make it available to the ksba
reader. */
static int
outstream_reader_cb (void *cb_value, char *buffer, size_t count,
size_t *r_nread)
{
struct outstream_cookie_s *cookie = cb_value;
size_t nread = 0;
int was_full = 0;
if (!buffer && !count && !r_nread)
return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Rewind is not supported. */
*r_nread = 0;
while (BUFFER_EMPTY(cookie))
{
if (cookie->eof_seen)
return gpg_error (GPG_ERR_EOF);
/* Wait for data to become available. */
npth_cond_wait (&cookie->wait_data, NULL);
}
if (BUFFER_FULL(cookie))
was_full = 1;
nread = buffer_get_data (cookie, buffer, count);
if (was_full)
{
npth_cond_signal (&cookie->wait_space);
}
*r_nread = nread;
return 0; /* Success. */
}
/* This function is called by ksba_reader_release. */
static void
outstream_reader_released (void *cb_value, ksba_reader_t r)
{
struct outstream_cookie_s *cookie = cb_value;
(void)r;
assert (cookie->refcount > 0);
outstream_release_cookie (cookie);
}
/* This function is to be used to release a context associated with the
given reader object. This does not release the reader object, though. */
void
ldap_wrapper_release_context (ksba_reader_t reader)
{
(void)reader;
/* Nothing to do. */
}
/* Free a NULL terminated array of malloced strings and the array
itself. */
static void
free_arg_list (char **arg_list)
{
int i;
if (arg_list)
{
for (i=0; arg_list[i]; i++)
xfree (arg_list[i]);
xfree (arg_list);
}
}
/* Copy ARGV into a new array and prepend one element as name of the
program (which is more or less a stub). We need to allocate all
the strings to get ownership of them. */
static gpg_error_t
create_arg_list (const char *argv[], char ***r_arg_list)
{
gpg_error_t err;
char **arg_list;
int i, j;
for (i = 0; argv[i]; i++)
;
arg_list = xtrycalloc (i + 2, sizeof *arg_list);
if (!arg_list)
goto outofcore;
i = 0;
arg_list[i] = xtrystrdup ("<ldap-wrapper-thread>");
if (!arg_list[i])
goto outofcore;
i++;
for (j=0; argv[j]; j++)
{
arg_list[i] = xtrystrdup (argv[j]);
if (!arg_list[i])
goto outofcore;
i++;
}
arg_list[i] = NULL;
*r_arg_list = arg_list;
return 0;
outofcore:
err = gpg_error_from_syserror ();
log_error (_("error allocating memory: %s\n"), strerror (errno));
free_arg_list (arg_list);
*r_arg_list = NULL;
return err;
}
/* Parameters passed to the wrapper thread. */
struct ldap_wrapper_thread_parms
{
char **arg_list;
estream_t outstream;
};
/* The thread which runs the LDAP wrapper. */
static void *
ldap_wrapper_thread (void *opaque)
{
struct ldap_wrapper_thread_parms *parms = opaque;
/*err =*/ ldap_wrapper_main (parms->arg_list, parms->outstream);
/* FIXME: Do we need to return ERR? */
free_arg_list (parms->arg_list);
es_fclose (parms->outstream);
xfree (parms);
return NULL;
}
/* Start a new LDAP thread and returns a new libksba reader
object at READER. ARGV is a NULL terminated list of arguments for
the wrapper. The function returns 0 on success or an error code. */
gpg_error_t
ldap_wrapper (ctrl_t ctrl, ksba_reader_t *r_reader, const char *argv[])
{
gpg_error_t err;
struct ldap_wrapper_thread_parms *parms;
npth_attr_t tattr;
es_cookie_io_functions_t outstream_func = { NULL };
struct outstream_cookie_s *outstream_cookie;
ksba_reader_t reader;
int res;
npth_t thread;
(void)ctrl;
*r_reader = NULL;
parms = xtrycalloc (1, sizeof *parms);
if (!parms)
return gpg_error_from_syserror ();
err = create_arg_list (argv, &parms->arg_list);
if (err)
{
xfree (parms);
return err;
}
outstream_cookie = xtrycalloc (1, sizeof *outstream_cookie);
if (!outstream_cookie)
{
err = gpg_error_from_syserror ();
free_arg_list (parms->arg_list);
xfree (parms);
return err;
}
outstream_cookie->refcount++;
res = npth_cond_init (&outstream_cookie->wait_data, NULL);
if (res)
{
free_arg_list (parms->arg_list);
xfree (parms);
return gpg_error_from_errno (res);
}
res = npth_cond_init (&outstream_cookie->wait_space, NULL);
if (res)
{
npth_cond_destroy (&outstream_cookie->wait_data);
free_arg_list (parms->arg_list);
xfree (parms);
return gpg_error_from_errno (res);
}
err = ksba_reader_new (&reader);
if (!err)
err = ksba_reader_set_release_notify (reader,
outstream_reader_released,
outstream_cookie);
if (!err)
err = ksba_reader_set_cb (reader,
outstream_reader_cb, outstream_cookie);
if (err)
{
log_error (_("error initializing reader object: %s\n"),
gpg_strerror (err));
ksba_reader_release (reader);
outstream_release_cookie (outstream_cookie);
free_arg_list (parms->arg_list);
xfree (parms);
return err;
}
outstream_func.func_write = outstream_cookie_writer;
outstream_func.func_close = outstream_cookie_closer;
parms->outstream = es_fopencookie (outstream_cookie, "wb", outstream_func);
if (!parms->outstream)
{
err = gpg_error_from_syserror ();
ksba_reader_release (reader);
outstream_release_cookie (outstream_cookie);
free_arg_list (parms->arg_list);
xfree (parms);
return err;
}
outstream_cookie->refcount++;
res = npth_attr_init(&tattr);
if (res)
{
err = gpg_error_from_errno (res);
ksba_reader_release (reader);
free_arg_list (parms->arg_list);
es_fclose (parms->outstream);
xfree (parms);
return err;
}
npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
res = npth_create (&thread, &tattr, ldap_wrapper_thread, parms);
npth_attr_destroy (&tattr);
if (res)
{
err = gpg_error_from_errno (res);
log_error ("error spawning ldap wrapper thread: %s\n",
strerror (res) );
}
else
parms = NULL; /* Now owned by the thread. */
if (parms)
{
free_arg_list (parms->arg_list);
es_fclose (parms->outstream);
xfree (parms);
}
if (err)
{
ksba_reader_release (reader);
return err;
}
/* Need to wait for the first byte so we are able to detect an empty
output and not let the consumer see an EOF without further error
indications. The CRL loading logic assumes that after return
from this function, a failed search (e.g. host not found ) is
indicated right away. */
{
unsigned char c;
err = read_buffer (reader, &c, 1);
if (err)
{
ksba_reader_release (reader);
reader = NULL;
if (gpg_err_code (err) == GPG_ERR_EOF)
return gpg_error (GPG_ERR_NO_DATA);
else
return err;
}
ksba_reader_unread (reader, &c, 1);
}
*r_reader = reader;
return 0;
}

33
dirmngr/ldap-wrapper.c
View File

@ -21,11 +21,10 @@
/* /*
* We can't use LDAP directly for these reasons: * We can't use LDAP directly for these reasons:
* *
* 1. On some systems the LDAP library uses (indirectly) pthreads and * 1. The LDAP library is linked to separate crypto library like
* that is not compatible with GNU Pth. Since 2.1 we use nPth * OpenSSL and even if it is linked to the libary we use in dirmngr
* instead of GNU Pth which does not have this problem anymore * (ntbtls or gnutls) it is sometimes a different version of that
* because it will use pthreads if the platform supports it. Thus * libary with all the surprising failures you may get due to this.
* this was a historical reasons.
* *
* 2. It is huge library in particular if TLS comes into play. So * 2. It is huge library in particular if TLS comes into play. So
* problems with unfreed memory might turn up and we don't want * problems with unfreed memory might turn up and we don't want
@ -72,10 +71,6 @@
#define pth_close(fd) close(fd) #define pth_close(fd) close(fd)
#endif #endif
#ifndef USE_LDAPWRAPPER
# error This module is not expected to be build.
#endif
/* In case sysconf does not return a value we need to have a limit. */ /* In case sysconf does not return a value we need to have a limit. */
#ifdef _POSIX_OPEN_MAX #ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX #define MAX_OPEN_FDS _POSIX_OPEN_MAX
@ -188,7 +183,7 @@ destroy_wrapper (struct wrapper_context_s *ctx)
} }
/* Print the content of LINE to thye log stream but make sure to only /* Print the content of LINE to the log stream but make sure to only
print complete lines. Using NULL for LINE will flush any pending print complete lines. Using NULL for LINE will flush any pending
output. LINE may be modified by this function. */ output. LINE may be modified by this function. */
static void static void
@ -377,12 +372,13 @@ ldap_reaper_thread (void *dummy)
if (DBG_EXTPROG) if (DBG_EXTPROG)
{ {
log_debug ("ldap-reaper: next run (count=%d size=%d, timeout=%d)\n", log_debug ("ldap-reaper: next run (count=%d size=%d timeout=%d)\n",
count, fparraysize, millisecs); count, fparraysize, millisecs);
for (count=0; count < fparraysize; count++) for (count=0; count < fparraysize; count++)
if (!fparray[count].ignore) if (!fparray[count].ignore)
log_debug ("ldap-reaper: fp[%d] stream=%p want=%d\n", log_debug ("ldap-reaper: fp[%d] stream=%p %s\n",
count, fparray[count].stream,fparray[count].want_read); count, fparray[count].stream,
fparray[count].want_read? "want_read":"");
} }
ret = es_poll (fparray, fparraysize, millisecs); ret = es_poll (fparray, fparraysize, millisecs);
@ -405,7 +401,7 @@ ldap_reaper_thread (void *dummy)
{ {
for (count=0; count < fparraysize; count++) for (count=0; count < fparraysize; count++)
if (!fparray[count].ignore) if (!fparray[count].ignore)
log_debug ("ldap-reaper: fp[%d] stream=%p r=%d %c%c%c%c%c%c%c\n", log_debug ("ldap-reaper: fp[%d] stream=%p rc=%d %c%c%c%c%c%c%c\n",
count, fparray[count].stream, ret, count, fparray[count].stream, ret,
fparray[count].got_read? 'r':'-', fparray[count].got_read? 'r':'-',
fparray[count].got_write?'w':'-', fparray[count].got_write?'w':'-',
@ -498,7 +494,7 @@ ldap_reaper_thread (void *dummy)
* wrappers. */ * wrappers. */
if (any_action && DBG_EXTPROG) if (any_action && DBG_EXTPROG)
{ {
log_debug ("ldap worker stati:\n"); log_debug ("ldap worker states:\n");
for (ctx = reaper_list; ctx; ctx = ctx->next) for (ctx = reaper_list; ctx; ctx = ctx->next)
log_debug (" c=%p pid=%d/%d rdr=%p logfp=%p" log_debug (" c=%p pid=%d/%d rdr=%p logfp=%p"
" ctrl=%p/%d la=%lu rdy=%d\n", " ctrl=%p/%d la=%lu rdy=%d\n",
@ -718,8 +714,9 @@ reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread)
if (DBG_EXTPROG) if (DBG_EXTPROG)
{ {
log_debug ("%s: fp[0] stream=%p want=%d\n", log_debug ("%s: fp[0] stream=%p %s\n",
__func__, fparray[0].stream,fparray[0].want_read); __func__, fparray[0].stream,
fparray[0].want_read?"want_read":"");
} }
ret = es_poll (fparray, DIM (fparray), millisecs); ret = es_poll (fparray, DIM (fparray), millisecs);
@ -733,7 +730,7 @@ reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread)
} }
if (DBG_EXTPROG) if (DBG_EXTPROG)
{ {
log_debug ("%s: fp[0] stream=%p r=%d %c%c%c%c%c%c%c\n", log_debug ("%s: fp[0] stream=%p rc=%d %c%c%c%c%c%c%c\n",
__func__, fparray[0].stream, ret, __func__, fparray[0].stream, ret,
fparray[0].got_read? 'r':'-', fparray[0].got_read? 'r':'-',
fparray[0].got_write?'w':'-', fparray[0].got_write?'w':'-',

6
dirmngr/ldap-wrapper.h
View File

@ -31,10 +31,4 @@ gpg_error_t ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader,
const char *argv[]); const char *argv[]);
/* dirmngr_ldap.c */
#ifndef USE_LDAPWRAPPER
int ldap_wrapper_main (char **argv, estream_t outstream);
#endif
#endif /*LDAP_WRAPPER_H*/ #endif /*LDAP_WRAPPER_H*/