sm: Fix finding of issuer in use-keyboxd mode.

* sm/keydb.c (struct keydb_local_s): Add field saved_search_result.
(keydb_push_found_state): Implement for keyboxd.
(keydb_pop_found_state): Ditto.
(keydb_get_cert): Do not release the cert so that the function can be
used again to get the same cert.  This is the same behaviour as in
pubring.kbx mode.

* sm/certchain.c, sm/import.c: Improve some error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>

sm/certchain.c

@@ -459,7 +459,8 @@ find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh,
       rc = keydb_get_cert (kh, &cert);
       if (rc)
         {
-          log_error ("keydb_get_cert() failed: rc=%d\n", rc);
+          log_error ("keydb_get_cert failed in %s: %s <%s>\n",
+                     __func__, gpg_strerror (rc), gpg_strsource (rc));
           rc = gpg_error (GPG_ERR_NOT_FOUND);
           goto leave;
         }
@@ -1084,8 +1085,8 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
   err = keydb_get_cert (kh, r_next);
   if (err)
     {
-      log_error ("keydb_get_cert() failed: %s <%s>\n",
-                 gpg_strerror (err), gpg_strsource (err));
+      log_error ("keydb_get_cert failed in %s: %s <%s>\n",
+                 __func__, gpg_strerror (err), gpg_strsource (err));
       err = gpg_error (GPG_ERR_GENERAL);
     }
 
@@ -1824,7 +1825,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
       rc = keydb_get_cert (kh, &issuer_cert);
       if (rc)
         {
-          log_error ("keydb_get_cert() failed: rc=%d\n", rc);
+          log_error ("keydb_get_cert failed in %s: %s <%s>\n",
+                     __func__, gpg_strerror (rc), gpg_strsource (rc));
           rc = gpg_error (GPG_ERR_GENERAL);
           goto leave;
         }
@@ -2253,7 +2255,8 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
       rc = keydb_get_cert (kh, &issuer_cert);
       if (rc)
         {
-          log_error ("keydb_get_cert() failed: rc=%d\n", rc);
+          log_error ("keydb_get_cert failed in %s: %s <%s>\n",
+                     __func__, gpg_strerror (rc), gpg_strsource (rc));
           rc = gpg_error (GPG_ERR_GENERAL);
           goto leave;
         }

sm/import.c

@@ -459,7 +459,8 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
       err = keydb_get_cert (kh, &cert);
       if (err)
         {
-          log_error ("keydb_get_cert() failed: %s\n", gpg_strerror (err));
+          log_error ("keydb_get_cert failed in %s: %s <%s>\n",
+                     __func__, gpg_strerror (err), gpg_strsource (err));
           print_import_problem (ctrl, NULL, 1);
           stats->not_imported++;
           continue;

sm/keydb.c

@@ -72,6 +72,11 @@ struct keydb_local_s
     char *buf;
     size_t len;
   } search_result;
+  /* The "stack" used by keydb_push_found_state.  */
+  struct {
+    char *buf;
+    size_t len;
+  } saved_search_result;
 
   /* This flag set while an operation is running on this context.  */
   unsigned int is_active : 1;
@@ -855,7 +860,7 @@ unlock_all (KEYDB_HANDLE hd)
 
 
 
-/* Push the last found state if any.  */
+/* Push the last found state if any.   Only one state is saved.  */
 void
 keydb_push_found_state (KEYDB_HANDLE hd)
 {
@@ -863,25 +868,33 @@ keydb_push_found_state (KEYDB_HANDLE hd)
     return;
 
   if (hd->use_keyboxd)
-    return; /* FIXME: Do we need this? */
-
-  if (hd->found < 0 || hd->found >= hd->used)
     {
-      hd->saved_found = -1;
-      return;
+      xfree (hd->kbl->saved_search_result.buf);
+      hd->kbl->saved_search_result.buf = hd->kbl->search_result.buf;
+      hd->kbl->saved_search_result.len = hd->kbl->search_result.len;
+      hd->kbl->search_result.buf = NULL;
+      hd->kbl->search_result.len = 0;
+    }
+  else
+    {
+      if (hd->found < 0 || hd->found >= hd->used)
+        hd->saved_found = -1;
+      else
+        {
+          switch (hd->active[hd->found].type)
+            {
+            case KEYDB_RESOURCE_TYPE_NONE:
+              break;
+            case KEYDB_RESOURCE_TYPE_KEYBOX:
+              keybox_push_found_state (hd->active[hd->found].u.kr);
+              break;
+            }
+
+          hd->saved_found = hd->found;
+          hd->found = -1;
+        }
     }
 
-  switch (hd->active[hd->found].type)
-    {
-    case KEYDB_RESOURCE_TYPE_NONE:
-      break;
-    case KEYDB_RESOURCE_TYPE_KEYBOX:
-      keybox_push_found_state (hd->active[hd->found].u.kr);
-      break;
-    }
-
-  hd->saved_found = hd->found;
-  hd->found = -1;
   if (DBG_CLOCK)
     log_clock ("%s: done (hd=%p)\n", __func__, hd);
 }
@@ -895,21 +908,32 @@ keydb_pop_found_state (KEYDB_HANDLE hd)
     return;
 
   if (hd->use_keyboxd)
-    return; /* FIXME: Do we need this? */
-
-  hd->found = hd->saved_found;
-  hd->saved_found = -1;
-  if (hd->found < 0 || hd->found >= hd->used)
-    return;
-
-  switch (hd->active[hd->found].type)
     {
-    case KEYDB_RESOURCE_TYPE_NONE:
-      break;
-    case KEYDB_RESOURCE_TYPE_KEYBOX:
-      keybox_pop_found_state (hd->active[hd->found].u.kr);
-      break;
+      xfree (hd->kbl->search_result.buf);
+      hd->kbl->search_result.buf = hd->kbl->saved_search_result.buf;
+      hd->kbl->search_result.len = hd->kbl->saved_search_result.len;
+      hd->kbl->saved_search_result.buf = NULL;
+      hd->kbl->saved_search_result.len = 0;
     }
+  else
+    {
+      hd->found = hd->saved_found;
+      hd->saved_found = -1;
+      if (hd->found < 0 || hd->found >= hd->used)
+        ;
+      else
+        {
+          switch (hd->active[hd->found].type)
+            {
+            case KEYDB_RESOURCE_TYPE_NONE:
+              break;
+            case KEYDB_RESOURCE_TYPE_KEYBOX:
+              keybox_pop_found_state (hd->active[hd->found].u.kr);
+              break;
+            }
+        }
+    }
+
   if (DBG_CLOCK)
     log_clock ("%s: done (hd=%p)\n", __func__, hd);
 }
@@ -955,9 +979,6 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
           ksba_cert_release (cert);
           goto leave;
         }
-      xfree (hd->kbl->search_result.buf);
-      hd->kbl->search_result.buf = NULL;
-      hd->kbl->search_result.len = 0;
       *r_cert = cert;
       goto leave;
     }