Fix a problem with dirmngr looked up certificates.

Typo fixes.

ChangeLog

@@ -1,3 +1,8 @@
+2008-04-01  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Require curl 7.10 (Oct 1 2002) or later as we use
+	curl_version_info().
+
 2008-03-27  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am (dist_doc_DATA): New. Install README.

configure.ac

@@ -831,8 +831,9 @@ fi
 
 #
 # Check for curl.  We fake the curl API if libcurl isn't installed.
+# We require 7.10 or later as we use curl_version_info().
 #
-LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
+LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
 AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
 
 # Generic, for us, means curl

kbx/ChangeLog

@@ -1,3 +1,10 @@
+2008-04-01  Werner Koch  <wk@g10code.com>
+
+	* keybox-init.c (keybox_new, keybox_release): Track used handles.
+	(_keybox_close_file): New.
+	* keybox-update.c (keybox_insert_cert, keybox_set_flags) 
+	(keybox_delete, keybox_compress): Use the new close function.
+
 2008-03-13  Werner Koch  <wk@g10code.com>
 
 	* keybox-blob.c (x509_email_kludge): Use the same code as in
@@ -280,7 +287,8 @@
 	names.
 
 
- Copyright 2001 g10 Code GmbH
+ Copyright 2001, 2002, 2003, 2004, 2005, 2006,
+	   2007, 2008 Free Software Foundation, Inc.
 
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without
@@ -289,4 +297,3 @@
  This file is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-	

kbx/keybox-defs.h

@@ -53,13 +53,31 @@ typedef struct keyboxblob *KEYBOXBLOB;
 
 
 typedef struct keybox_name *KB_NAME;
-typedef struct keybox_name const * CONST_KB_NAME;
+typedef struct keybox_name const *CONST_KB_NAME;
-struct keybox_name {
+struct keybox_name 
-  struct keybox_name *next;
+{
+  /* Link to the next resources, so that we can walk all
+     resources.  */
+  KB_NAME next;
+
+  /* True if this is a keybox with secret keys.  */
   int secret;
+
   /*DOTLOCK lockhd;*/
+
+  /* A table with all the handles accessing this resources.
+     HANDLE_TABLE_SIZE gives the allocated length of this table unused
+     entrues are set to NULL.  HANDLE_TABLE may be NULL. */
+  KEYBOX_HANDLE *handle_table;
+  size_t handle_table_size;
+  
+  /* Not yet used.  */
   int is_locked;
+
+  /* Not yet used.  */
   int did_full_scan;
+
+  /* The name of the resource file. */
   char fname[1];
 };
 
@@ -129,6 +147,9 @@ typedef struct _keybox_openpgp_info *keybox_openpgp_info_t;
 /*    int preserve_permissions; */
 /*  } keybox_opt; */
 
+/*-- keybox-init.c --*/
+void _keybox_close_file (KEYBOX_HANDLE hd);
+
 
 /*-- keybox-blob.c --*/
 #ifdef KEYBOX_WITH_OPENPGP

kbx/keybox-init.c

@@ -30,10 +30,9 @@
 static KB_NAME kb_names;
 
 
-/* 
+/* Register a filename for plain keybox files.  Returns a pointer to
-  Register a filename for plain keybox files.  Returns a pointer to be
+   be used to create a handles and so on.  Returns NULL to indicate
-  used to create a handles etc or NULL to indicate that it has already
+   that FNAME has already been registered.  */
-  been registered */
 void *
 keybox_register_file (const char *fname, int secret)
 {
@@ -50,6 +49,10 @@ keybox_register_file (const char *fname, int secret)
     return NULL;
   strcpy (kr->fname, fname);
   kr->secret = !!secret;
+
+  kr->handle_table = NULL;
+  kr->handle_table_size = 0;
+
   /* kr->lockhd = NULL;*/
   kr->is_locked = 0;
   kr->did_full_scan = 0;
@@ -83,6 +86,7 @@ keybox_new (void *token, int secret)
 {
   KEYBOX_HANDLE hd;
   KB_NAME resource = token;
+  int idx;
 
   assert (resource && !resource->secret == !secret);
   hd = xtrycalloc (1, sizeof *hd);
@@ -90,6 +94,43 @@ keybox_new (void *token, int secret)
     {
       hd->kb = resource;
       hd->secret = !!secret;
+      if (!resource->handle_table)
+        {
+          resource->handle_table_size = 3;
+          resource->handle_table = xtrycalloc (resource->handle_table_size,
+                                               sizeof *resource->handle_table);
+          if (!resource->handle_table)
+            {
+              resource->handle_table_size = 0;
+              xfree (hd);
+              return NULL;
+            }
+        }
+      for (idx=0; idx < resource->handle_table_size; idx++)
+        if (!resource->handle_table[idx])
+          {
+            resource->handle_table[idx] = hd;
+            break;
+          }
+      if (!(idx < resource->handle_table_size))
+        {
+          KEYBOX_HANDLE *tmptbl;
+          size_t newsize;
+
+          newsize = resource->handle_table_size + 5;
+          tmptbl = xtryrealloc (resource->handle_table, 
+                                newsize * sizeof (*tmptbl));
+          if (!tmptbl)
+            {
+              xfree (hd);
+              return NULL;
+            }
+          resource->handle_table = tmptbl;
+          resource->handle_table_size = newsize;
+          resource->handle_table[idx] = hd;
+          for (idx++; idx < resource->handle_table_size; idx++)
+            resource->handle_table[idx] = NULL;
+        }
     }
   return hd;
 }
@@ -99,6 +140,13 @@ keybox_release (KEYBOX_HANDLE hd)
 {
   if (!hd)
     return;
+  if (hd->kb->handle_table)
+    {
+      int idx;
+      for (idx=0; idx < hd->kb->handle_table_size; idx++)
+        if (hd->kb->handle_table[idx] == hd)
+          hd->kb->handle_table[idx] = NULL;
+    }
   _keybox_release_blob (hd->found.blob);
   if (hd->fp)
     {
@@ -128,3 +176,27 @@ keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes)
   return 0;
 }
 
+
+/* Close the file of the resource identified by HD.  For consistent
+   results this fucntion closes the files of all handles pointing to
+   the resource identified by HD.  */
+void 
+_keybox_close_file (KEYBOX_HANDLE hd)
+{
+  int idx;
+  KEYBOX_HANDLE roverhd;
+
+  if (!hd || !hd->kb || !hd->kb->handle_table)
+    return;
+
+  for (idx=0; idx < hd->kb->handle_table_size; idx++)
+    if ((roverhd = hd->kb->handle_table[idx]))
+      {
+        if (roverhd->fp)
+          {
+            fclose (roverhd->fp);
+            roverhd->fp = NULL;
+          }
+      }
+  assert (!hd->fp);
+}

kbx/keybox-search.c

@@ -458,7 +458,7 @@ blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr)
 #ifdef KEYBOX_WITH_X509
 /* Return true if the key in BLOB matches the 20 bytes keygrip GRIP.
    We don't have the keygrips as meta data, thus wen need to parse the
-   certificate. Fixme: We might wat to return proper error codes
+   certificate. Fixme: We might want to return proper error codes
    instead of failing a search for invalid certificates etc.  */
 static int
 blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip)
@@ -750,10 +750,10 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
         }
     }
 
-  /* kludge: we need to convert an SN given as hexstring to it's
+  /* Kludge: We need to convert an SN given as hexstring to its binary
-     binary representation - in some cases we are not able to store it
+     representation - in some cases we are not able to store it in the
-     in the search descriptor, because due to its usage it is not
+     search descriptor, because due to the way we use it, it is not
-     possible to free allocated memory */
+     possible to free allocated memory. */
   if (sn_array)
     {
       const unsigned char *s;

kbx/keybox-update.c

@@ -136,7 +136,7 @@ create_tmp_file (const char *template,
       xfree (bakfname);
       return tmperr;
     }
-  
+
   *r_bakfname = bakfname;
   *r_tmpfname = tmpfname;
   return 0;
@@ -167,7 +167,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 /*    iobuf_ioctl (NULL, 2, 0, (char*)bakfname ); */
 /*    iobuf_ioctl (NULL, 2, 0, (char*)fname ); */
 
-  /* first make a backup file except for secret keyboxs */
+  /* First make a backup file except for secret keyboxes. */
   if (!secret)
     { 
 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
@@ -179,7 +179,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 	}
     }
   
-  /* then rename the file */
+  /* Then rename the file. */
 #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
   remove (fname);
 #endif
@@ -386,12 +386,8 @@ keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
 
   /* Close this one otherwise we will mess up the position for a next
      search.  Fixme: it would be better to adjust the position after
-     the write opertions.  */
+     the write operation.  */
-  if (hd->fp)
+  _keybox_close_file (hd);
-    {
-      fclose (hd->fp);
-      hd->fp = NULL;
-    }
 
   rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral);
   if (!rc)
@@ -453,11 +449,7 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
   
   off += flag_pos;
 
-  if (hd->fp)
+  _keybox_close_file (hd);
-    {
-      fclose (hd->fp);
-      hd->fp = NULL;
-    }
   fp = fopen (hd->kb->fname, "r+b");
   if (!fp)
     return gpg_error (gpg_err_code_from_errno (errno));
@@ -522,12 +514,7 @@ keybox_delete (KEYBOX_HANDLE hd)
     return gpg_error (GPG_ERR_GENERAL);
   off += 4;
 
-  if (hd->fp)
+  _keybox_close_file (hd);
-    {
-      fclose (hd->fp);
-      hd->fp = NULL;
-    }
-  
   fp = fopen (hd->kb->fname, "r+b");
   if (!fp)
     return gpg_error (gpg_err_code_from_errno (errno));
@@ -575,11 +562,7 @@ keybox_compress (KEYBOX_HANDLE hd)
   if (!fname)
     return gpg_error (GPG_ERR_INV_HANDLE); 
 
-  if (hd->fp)
+  _keybox_close_file (hd);
-    {
-      fclose (hd->fp);
-      hd->fp = NULL;
-    }
 
   /* Open the source file. Because we do a rename, we have to check the 
      permissions of the file */

sm/call-dirmngr.c

@@ -703,7 +703,7 @@ lookup_status_cb (void *opaque, const char *line)
 }
 
 
-/* Run the Directroy Managers lookup command using the pattern
+/* Run the Directory Manager's lookup command using the pattern
    compiled from the strings given in NAMES.  The caller must provide
    the callback CB which will be passed cert by cert.  Note that CTRL
    is optional.  With CACHE_ONLY the dirmngr will search only its own

sm/certchain.c

@@ -596,9 +596,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
         {
           rc = keydb_search_issuer_sn (kh, s, authidno);
           if (rc)
-              keydb_search_reset (kh);
+            keydb_search_reset (kh);
           
-          /* In case of an error, try to get the certifcate from the
+          /* In case of an error, try to get the certificate from the
              dirmngr.  That is done by trying to put that certifcate
              into the ephemeral DB and let the code below do the
              actual retrieve.  Thus there is no error checking.

sm/keydb.c

@@ -392,7 +392,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
 
 
 /* If the keyring has not yet been locked, lock it now.  This
-   operation is required before any update opeations; it is optionaly
+   operation is required before any update operation; it is optional
    for an insert operation.  The lock is released with
    keydb_released. */
 gpg_error_t