diff --git a/ChangeLog b/ChangeLog index 9ff3d170a..f2f0af494 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2008-04-01 Werner Koch + + * configure.ac: Require curl 7.10 (Oct 1 2002) or later as we use + curl_version_info(). + 2008-03-27 Werner Koch * Makefile.am (dist_doc_DATA): New. Install README. diff --git a/configure.ac b/configure.ac index 717aa5921..4f0881a81 100644 --- a/configure.ac +++ b/configure.ac @@ -831,8 +831,9 @@ fi # # Check for curl. We fake the curl API if libcurl isn't installed. +# We require 7.10 or later as we use curl_version_info(). # -LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes]) +LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes]) AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes) # Generic, for us, means curl diff --git a/kbx/ChangeLog b/kbx/ChangeLog index 11dab22c4..8d7b91646 100644 --- a/kbx/ChangeLog +++ b/kbx/ChangeLog @@ -1,3 +1,10 @@ +2008-04-01 Werner Koch + + * keybox-init.c (keybox_new, keybox_release): Track used handles. + (_keybox_close_file): New. + * keybox-update.c (keybox_insert_cert, keybox_set_flags) + (keybox_delete, keybox_compress): Use the new close function. + 2008-03-13 Werner Koch * keybox-blob.c (x509_email_kludge): Use the same code as in @@ -280,7 +287,8 @@ names. - Copyright 2001 g10 Code GmbH + Copyright 2001, 2002, 2003, 2004, 2005, 2006, + 2007, 2008 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -289,4 +297,3 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - \ No newline at end of file diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h index c425cdd40..626f3e5c3 100644 --- a/kbx/keybox-defs.h +++ b/kbx/keybox-defs.h @@ -53,13 +53,31 @@ typedef struct keyboxblob *KEYBOXBLOB; typedef struct keybox_name *KB_NAME; -typedef struct keybox_name const * CONST_KB_NAME; -struct keybox_name { - struct keybox_name *next; +typedef struct keybox_name const *CONST_KB_NAME; +struct keybox_name +{ + /* Link to the next resources, so that we can walk all + resources. */ + KB_NAME next; + + /* True if this is a keybox with secret keys. */ int secret; + /*DOTLOCK lockhd;*/ + + /* A table with all the handles accessing this resources. + HANDLE_TABLE_SIZE gives the allocated length of this table unused + entrues are set to NULL. HANDLE_TABLE may be NULL. */ + KEYBOX_HANDLE *handle_table; + size_t handle_table_size; + + /* Not yet used. */ int is_locked; + + /* Not yet used. */ int did_full_scan; + + /* The name of the resource file. */ char fname[1]; }; @@ -129,6 +147,9 @@ typedef struct _keybox_openpgp_info *keybox_openpgp_info_t; /* int preserve_permissions; */ /* } keybox_opt; */ +/*-- keybox-init.c --*/ +void _keybox_close_file (KEYBOX_HANDLE hd); + /*-- keybox-blob.c --*/ #ifdef KEYBOX_WITH_OPENPGP diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index fcf3c7cee..e4138647e 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -30,10 +30,9 @@ static KB_NAME kb_names; -/* - Register a filename for plain keybox files. Returns a pointer to be - used to create a handles etc or NULL to indicate that it has already - been registered */ +/* Register a filename for plain keybox files. Returns a pointer to + be used to create a handles and so on. Returns NULL to indicate + that FNAME has already been registered. */ void * keybox_register_file (const char *fname, int secret) { @@ -50,6 +49,10 @@ keybox_register_file (const char *fname, int secret) return NULL; strcpy (kr->fname, fname); kr->secret = !!secret; + + kr->handle_table = NULL; + kr->handle_table_size = 0; + /* kr->lockhd = NULL;*/ kr->is_locked = 0; kr->did_full_scan = 0; @@ -83,6 +86,7 @@ keybox_new (void *token, int secret) { KEYBOX_HANDLE hd; KB_NAME resource = token; + int idx; assert (resource && !resource->secret == !secret); hd = xtrycalloc (1, sizeof *hd); @@ -90,6 +94,43 @@ keybox_new (void *token, int secret) { hd->kb = resource; hd->secret = !!secret; + if (!resource->handle_table) + { + resource->handle_table_size = 3; + resource->handle_table = xtrycalloc (resource->handle_table_size, + sizeof *resource->handle_table); + if (!resource->handle_table) + { + resource->handle_table_size = 0; + xfree (hd); + return NULL; + } + } + for (idx=0; idx < resource->handle_table_size; idx++) + if (!resource->handle_table[idx]) + { + resource->handle_table[idx] = hd; + break; + } + if (!(idx < resource->handle_table_size)) + { + KEYBOX_HANDLE *tmptbl; + size_t newsize; + + newsize = resource->handle_table_size + 5; + tmptbl = xtryrealloc (resource->handle_table, + newsize * sizeof (*tmptbl)); + if (!tmptbl) + { + xfree (hd); + return NULL; + } + resource->handle_table = tmptbl; + resource->handle_table_size = newsize; + resource->handle_table[idx] = hd; + for (idx++; idx < resource->handle_table_size; idx++) + resource->handle_table[idx] = NULL; + } } return hd; } @@ -99,6 +140,13 @@ keybox_release (KEYBOX_HANDLE hd) { if (!hd) return; + if (hd->kb->handle_table) + { + int idx; + for (idx=0; idx < hd->kb->handle_table_size; idx++) + if (hd->kb->handle_table[idx] == hd) + hd->kb->handle_table[idx] = NULL; + } _keybox_release_blob (hd->found.blob); if (hd->fp) { @@ -128,3 +176,27 @@ keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes) return 0; } + +/* Close the file of the resource identified by HD. For consistent + results this fucntion closes the files of all handles pointing to + the resource identified by HD. */ +void +_keybox_close_file (KEYBOX_HANDLE hd) +{ + int idx; + KEYBOX_HANDLE roverhd; + + if (!hd || !hd->kb || !hd->kb->handle_table) + return; + + for (idx=0; idx < hd->kb->handle_table_size; idx++) + if ((roverhd = hd->kb->handle_table[idx])) + { + if (roverhd->fp) + { + fclose (roverhd->fp); + roverhd->fp = NULL; + } + } + assert (!hd->fp); +} diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index a45f617e9..fc397c7ed 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -458,7 +458,7 @@ blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr) #ifdef KEYBOX_WITH_X509 /* Return true if the key in BLOB matches the 20 bytes keygrip GRIP. We don't have the keygrips as meta data, thus wen need to parse the - certificate. Fixme: We might wat to return proper error codes + certificate. Fixme: We might want to return proper error codes instead of failing a search for invalid certificates etc. */ static int blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip) @@ -750,10 +750,10 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc) } } - /* kludge: we need to convert an SN given as hexstring to it's - binary representation - in some cases we are not able to store it - in the search descriptor, because due to its usage it is not - possible to free allocated memory */ + /* Kludge: We need to convert an SN given as hexstring to its binary + representation - in some cases we are not able to store it in the + search descriptor, because due to the way we use it, it is not + possible to free allocated memory. */ if (sn_array) { const unsigned char *s; diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index 0cd50e532..7a28de3f2 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -136,7 +136,7 @@ create_tmp_file (const char *template, xfree (bakfname); return tmperr; } - + *r_bakfname = bakfname; *r_tmpfname = tmpfname; return 0; @@ -167,7 +167,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, /* iobuf_ioctl (NULL, 2, 0, (char*)bakfname ); */ /* iobuf_ioctl (NULL, 2, 0, (char*)fname ); */ - /* first make a backup file except for secret keyboxs */ + /* First make a backup file except for secret keyboxes. */ if (!secret) { #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__) @@ -179,7 +179,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, } } - /* then rename the file */ + /* Then rename the file. */ #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__) remove (fname); #endif @@ -386,12 +386,8 @@ keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert, /* Close this one otherwise we will mess up the position for a next search. Fixme: it would be better to adjust the position after - the write opertions. */ - if (hd->fp) - { - fclose (hd->fp); - hd->fp = NULL; - } + the write operation. */ + _keybox_close_file (hd); rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral); if (!rc) @@ -453,11 +449,7 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value) off += flag_pos; - if (hd->fp) - { - fclose (hd->fp); - hd->fp = NULL; - } + _keybox_close_file (hd); fp = fopen (hd->kb->fname, "r+b"); if (!fp) return gpg_error (gpg_err_code_from_errno (errno)); @@ -522,12 +514,7 @@ keybox_delete (KEYBOX_HANDLE hd) return gpg_error (GPG_ERR_GENERAL); off += 4; - if (hd->fp) - { - fclose (hd->fp); - hd->fp = NULL; - } - + _keybox_close_file (hd); fp = fopen (hd->kb->fname, "r+b"); if (!fp) return gpg_error (gpg_err_code_from_errno (errno)); @@ -575,11 +562,7 @@ keybox_compress (KEYBOX_HANDLE hd) if (!fname) return gpg_error (GPG_ERR_INV_HANDLE); - if (hd->fp) - { - fclose (hd->fp); - hd->fp = NULL; - } + _keybox_close_file (hd); /* Open the source file. Because we do a rename, we have to check the permissions of the file */ diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 34de7c166..63083cc92 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -703,7 +703,7 @@ lookup_status_cb (void *opaque, const char *line) } -/* Run the Directroy Managers lookup command using the pattern +/* Run the Directory Manager's lookup command using the pattern compiled from the strings given in NAMES. The caller must provide the callback CB which will be passed cert by cert. Note that CTRL is optional. With CACHE_ONLY the dirmngr will search only its own diff --git a/sm/certchain.c b/sm/certchain.c index f9751752f..05a6ace04 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -596,9 +596,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, { rc = keydb_search_issuer_sn (kh, s, authidno); if (rc) - keydb_search_reset (kh); + keydb_search_reset (kh); - /* In case of an error, try to get the certifcate from the + /* In case of an error, try to get the certificate from the dirmngr. That is done by trying to put that certifcate into the ephemeral DB and let the code below do the actual retrieve. Thus there is no error checking. diff --git a/sm/keydb.c b/sm/keydb.c index 1fbf9b6c1..a6efcc4cd 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -392,7 +392,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes) /* If the keyring has not yet been locked, lock it now. This - operation is required before any update opeations; it is optionaly + operation is required before any update operation; it is optional for an insert operation. The lock is released with keydb_released. */ gpg_error_t