security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Fix a problem with dirmngr looked up certificates. 

Typo fixes.
This commit is contained in:
Werner Koch 2008-04-01 15:08:57 +00:00
parent 03d6961073
commit 80f77d79c5
10 changed files with 133 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2008-04-01 Werner Koch <wk@g10code.com>
* configure.ac: Require curl 7.10 (Oct 1 2002) or later as we use
curl_version_info().
2008-03-27 Werner Koch <wk@g10code.com>
* Makefile.am (dist_doc_DATA): New. Install README.

3
configure.ac
View File

@ -831,8 +831,9 @@ fi
#
# Check for curl. We fake the curl API if libcurl isn't installed.
# We require 7.10 or later as we use curl_version_info().
#
LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
# Generic, for us, means curl

11
kbx/ChangeLog
View File

@ -1,3 +1,10 @@
2008-04-01 Werner Koch <wk@g10code.com>
* keybox-init.c (keybox_new, keybox_release): Track used handles.
(_keybox_close_file): New.
* keybox-update.c (keybox_insert_cert, keybox_set_flags)
(keybox_delete, keybox_compress): Use the new close function.
2008-03-13 Werner Koch <wk@g10code.com>
* keybox-blob.c (x509_email_kludge): Use the same code as in
@ -280,7 +287,8 @@
names.
Copyright 2001 g10 Code GmbH
Copyright 2001, 2002, 2003, 2004, 2005, 2006,
2007, 2008 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
@ -289,4 +297,3 @@
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

27
kbx/keybox-defs.h
View File

@ -53,13 +53,31 @@ typedef struct keyboxblob *KEYBOXBLOB;
typedef struct keybox_name *KB_NAME;
typedef struct keybox_name const * CONST_KB_NAME;
struct keybox_name {
struct keybox_name *next;
typedef struct keybox_name const *CONST_KB_NAME;
struct keybox_name
{
/* Link to the next resources, so that we can walk all
resources. */
KB_NAME next;
/* True if this is a keybox with secret keys. */
int secret;
/*DOTLOCK lockhd;*/
/* A table with all the handles accessing this resources.
HANDLE_TABLE_SIZE gives the allocated length of this table unused
entrues are set to NULL. HANDLE_TABLE may be NULL. */
KEYBOX_HANDLE *handle_table;
size_t handle_table_size;
/* Not yet used. */
int is_locked;
/* Not yet used. */
int did_full_scan;
/* The name of the resource file. */
char fname[1];
};
@ -129,6 +147,9 @@ typedef struct _keybox_openpgp_info *keybox_openpgp_info_t;
/* int preserve_permissions; */
/* } keybox_opt; */
/*-- keybox-init.c --*/
void _keybox_close_file (KEYBOX_HANDLE hd);
/*-- keybox-blob.c --*/
#ifdef KEYBOX_WITH_OPENPGP

80
kbx/keybox-init.c
View File

@ -30,10 +30,9 @@
static KB_NAME kb_names;
/*
Register a filename for plain keybox files. Returns a pointer to be
used to create a handles etc or NULL to indicate that it has already
been registered */
/* Register a filename for plain keybox files. Returns a pointer to
be used to create a handles and so on. Returns NULL to indicate
that FNAME has already been registered. */
void *
keybox_register_file (const char *fname, int secret)
{
@ -50,6 +49,10 @@ keybox_register_file (const char *fname, int secret)
return NULL;
strcpy (kr->fname, fname);
kr->secret = !!secret;
kr->handle_table = NULL;
kr->handle_table_size = 0;
/* kr->lockhd = NULL;*/
kr->is_locked = 0;
kr->did_full_scan = 0;
@ -83,6 +86,7 @@ keybox_new (void *token, int secret)
{
KEYBOX_HANDLE hd;
KB_NAME resource = token;
int idx;
assert (resource && !resource->secret == !secret);
hd = xtrycalloc (1, sizeof *hd);
@ -90,6 +94,43 @@ keybox_new (void *token, int secret)
{
hd->kb = resource;
hd->secret = !!secret;
if (!resource->handle_table)
{
resource->handle_table_size = 3;
resource->handle_table = xtrycalloc (resource->handle_table_size,
sizeof *resource->handle_table);
if (!resource->handle_table)
{
resource->handle_table_size = 0;
xfree (hd);
return NULL;
}
}
for (idx=0; idx < resource->handle_table_size; idx++)
if (!resource->handle_table[idx])
{
resource->handle_table[idx] = hd;
break;
}
if (!(idx < resource->handle_table_size))
{
KEYBOX_HANDLE *tmptbl;
size_t newsize;
newsize = resource->handle_table_size + 5;
tmptbl = xtryrealloc (resource->handle_table,
newsize * sizeof (*tmptbl));
if (!tmptbl)
{
xfree (hd);
return NULL;
}
resource->handle_table = tmptbl;
resource->handle_table_size = newsize;
resource->handle_table[idx] = hd;
for (idx++; idx < resource->handle_table_size; idx++)
resource->handle_table[idx] = NULL;
}
}
return hd;
}
@ -99,6 +140,13 @@ keybox_release (KEYBOX_HANDLE hd)
{
if (!hd)
return;
if (hd->kb->handle_table)
{
int idx;
for (idx=0; idx < hd->kb->handle_table_size; idx++)
if (hd->kb->handle_table[idx] == hd)
hd->kb->handle_table[idx] = NULL;
}
_keybox_release_blob (hd->found.blob);
if (hd->fp)
{
@ -128,3 +176,27 @@ keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes)
return 0;
}
/* Close the file of the resource identified by HD. For consistent
results this fucntion closes the files of all handles pointing to
the resource identified by HD. */
void
_keybox_close_file (KEYBOX_HANDLE hd)
{
int idx;
KEYBOX_HANDLE roverhd;
if (!hd || !hd->kb || !hd->kb->handle_table)
return;
for (idx=0; idx < hd->kb->handle_table_size; idx++)
if ((roverhd = hd->kb->handle_table[idx]))
{
if (roverhd->fp)
{
fclose (roverhd->fp);
roverhd->fp = NULL;
}
}
assert (!hd->fp);
}

10
kbx/keybox-search.c
View File

@ -458,7 +458,7 @@ blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr)
#ifdef KEYBOX_WITH_X509
/* Return true if the key in BLOB matches the 20 bytes keygrip GRIP.
We don't have the keygrips as meta data, thus wen need to parse the
certificate. Fixme: We might wat to return proper error codes
certificate. Fixme: We might want to return proper error codes
instead of failing a search for invalid certificates etc. */
static int
blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip)
@ -750,10 +750,10 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
}
}
/* kludge: we need to convert an SN given as hexstring to it's
binary representation - in some cases we are not able to store it
in the search descriptor, because due to its usage it is not
possible to free allocated memory */
/* Kludge: We need to convert an SN given as hexstring to its binary
representation - in some cases we are not able to store it in the
search descriptor, because due to the way we use it, it is not
possible to free allocated memory. */
if (sn_array)
{
const unsigned char *s;

33
kbx/keybox-update.c
View File

@ -136,7 +136,7 @@ create_tmp_file (const char *template,
xfree (bakfname);
return tmperr;
}
*r_bakfname = bakfname;
*r_tmpfname = tmpfname;
return 0;
@ -167,7 +167,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
/* iobuf_ioctl (NULL, 2, 0, (char*)bakfname ); */
/* iobuf_ioctl (NULL, 2, 0, (char*)fname ); */
/* first make a backup file except for secret keyboxs */
/* First make a backup file except for secret keyboxes. */
if (!secret)
{
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
@ -179,7 +179,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
}
}
/* then rename the file */
/* Then rename the file. */
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
remove (fname);
#endif
@ -386,12 +386,8 @@ keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
/* Close this one otherwise we will mess up the position for a next
search. Fixme: it would be better to adjust the position after
the write opertions. */
if (hd->fp)
{
fclose (hd->fp);
hd->fp = NULL;
}
the write operation. */
_keybox_close_file (hd);
rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral);
if (!rc)
@ -453,11 +449,7 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
off += flag_pos;
if (hd->fp)
{
fclose (hd->fp);
hd->fp = NULL;
}
_keybox_close_file (hd);
fp = fopen (hd->kb->fname, "r+b");
if (!fp)
return gpg_error (gpg_err_code_from_errno (errno));
@ -522,12 +514,7 @@ keybox_delete (KEYBOX_HANDLE hd)
return gpg_error (GPG_ERR_GENERAL);
off += 4;
if (hd->fp)
{
fclose (hd->fp);
hd->fp = NULL;
}
_keybox_close_file (hd);
fp = fopen (hd->kb->fname, "r+b");
if (!fp)
return gpg_error (gpg_err_code_from_errno (errno));
@ -575,11 +562,7 @@ keybox_compress (KEYBOX_HANDLE hd)
if (!fname)
return gpg_error (GPG_ERR_INV_HANDLE);
if (hd->fp)
{
fclose (hd->fp);
hd->fp = NULL;
}
_keybox_close_file (hd);
/* Open the source file. Because we do a rename, we have to check the
permissions of the file */

2
sm/call-dirmngr.c
View File

@ -703,7 +703,7 @@ lookup_status_cb (void *opaque, const char *line)
}
/* Run the Directroy Managers lookup command using the pattern
/* Run the Directory Manager's lookup command using the pattern
compiled from the strings given in NAMES. The caller must provide
the callback CB which will be passed cert by cert. Note that CTRL
is optional. With CACHE_ONLY the dirmngr will search only its own

4
sm/certchain.c
View File

@ -596,9 +596,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
{
rc = keydb_search_issuer_sn (kh, s, authidno);
if (rc)
keydb_search_reset (kh);
keydb_search_reset (kh);
/* In case of an error, try to get the certifcate from the
/* In case of an error, try to get the certificate from the
dirmngr. That is done by trying to put that certifcate
into the ephemeral DB and let the code below do the
actual retrieve. Thus there is no error checking.

2
sm/keydb.c
View File

@ -392,7 +392,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
/* If the keyring has not yet been locked, lock it now. This
operation is required before any update opeations; it is optionaly
operation is required before any update operation; it is optional
for an insert operation. The lock is released with
keydb_released. */
gpg_error_t