security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

With --enable-gpg the keyservers are now build and a first test using gpg2

Browse Source 
shows no prblems.   Needs more testing of course.
This commit is contained in:
Werner Koch 2006-08-16 10:47:53 +00:00
parent 5be40e9fad
commit b744f963d7
36 changed files with 952 additions and 372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2006-08-15 Werner Koch <wk@g10code.com>
* Makefile.am (keyserver): Enable building of keyserver helpers.
* configure.ac: Merged with the current configure from 1.4.5.
Require libgpg-error 1.2 and libksba 0.9.16.
2006-07-29 Marcus Brinkmann <marcus@g10code.de>
* README: Spelling fixes.

3
Makefile.am
View File

@ -35,8 +35,7 @@ endif
if BUILD_GPG
gpg = g10
# fixme: Noy yet ready for a build
keyserver =
keyserver = keyserver
else
gpg =
keyserver =

6
TODO
View File

@ -119,3 +119,9 @@ might want to have an agent context for each service request
Add completion support.
** yesno
Update to gpg 1.4.3 version
what about gnupg_use_iconv?
Extend selinux support to other modules
Does the check for Linux capabilities still makes sense?

8
agent/ChangeLog
View File

@ -1,3 +1,9 @@
2006-07-31 Werner Koch <wk@g10code.com>
* preset-passphrase.c (make_hexstring): For conistency use
xtrymalloc and changed caller to use xfree. Fixed function
comment.
2006-07-29 Marcus Brinkmann <marcus@g10code.de>
* preset-passphrase.c (preset_passphrase): Do not strip off last
@ -23,7 +29,7 @@
2006-06-26 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_signal): Print infor for SIGUSR2 only in
* gpg-agent.c (handle_signal): Print info for SIGUSR2 only in
verbose mode.
2006-06-22 Werner Koch <wk@g10code.com>

8
agent/preset-passphrase.c
View File

@ -152,8 +152,8 @@ map_spwq_error (int err)
}
/* Percent-Escape special characters. The string is valid until the
next invocation of the function. */
/* Convert the string SRC into HEX encoding. Caller needs to xfree
the returned string. */
static char *
make_hexstring (const char *src)
{
@ -161,7 +161,7 @@ make_hexstring (const char *src)
char *dst;
char *res;
res = dst = malloc (len);
res = dst = xtrymalloc (len);
if (!dst)
{
log_error ("can not escape string: %s\n",
@ -225,7 +225,7 @@ preset_passphrase (const char *keygrip)
rc = asprintf (&line, "PRESET_PASSPHRASE %s -1 %s\n", keygrip,
passphrase_esc);
wipememory (passphrase_esc, strlen (passphrase_esc));
free (passphrase_esc);
xfree (passphrase_esc);
if (rc < 0)
{

8
common/ChangeLog
View File

@ -1,3 +1,11 @@
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.h: Moved from ../include to here.
* http.c: Include srv.h.
* srv.c, srv.h: New. Taken from GnuPG 1.4
2006-08-14 Werner Koch <wk@g10code.com>
* http.h (struct http_context_s): Moved to implementation.

1
common/Makefile.am
View File

@ -51,6 +51,7 @@ libcommon_a_SOURCES = \
signal.c \
dynload.h \
estream.c estream.h \
srv.c srv.h \
dns-cert.c dns-cert.h \
pka.c pka.h \
http.c http.h

7
common/http.c
View File

@ -67,10 +67,11 @@ typedef gnutls_transport_ptr gnutls_transport_ptr_t;
#include "util.h"
#include "http.h"
#ifdef USE_DNS_SRV
#include "srv.h"
#else /*!USE_DNS_SRV*/
/* If we are not compiling with SRV record support we provide stub
data structures. */
#ifndef USE_DNS_SRV
#ifndef MAXDNAME
#define MAXDNAME 1025
#endif
@ -1366,7 +1367,7 @@ connect_server (const char *server, unsigned short port,
{
char srvname[MAXDNAME];
stprcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
"._tcp."), server);
srvcount = getsrv (srvname, &serverlist);
}

8
include/keyserver.h → common/keyserver.h
View File

@ -1,4 +1,4 @@
/* keyserver.h
/* keyserver.h - Public definitions for gpg keyserver helpers.
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
@ -19,8 +19,8 @@
* USA.
*/
#ifndef _KEYSERVER_H_
#define _KEYSERVER_H_
#ifndef GNUPG_COMMON_KEYSERVER_H
#define GNUPG_COMMON_KEYSERVER_H
#define KEYSERVER_PROTO_VERSION 1
@ -41,4 +41,4 @@
/* Must be 127 due to shell internal magic. */
#define KEYSERVER_SCHEME_NOT_FOUND 127
#endif /* !_KEYSERVER_H_ */
#endif /*GNUPG_COMMON_KEYSERVER_H*/

257
common/srv.c Normal file
View File

@ -0,0 +1,257 @@
/* srv.c - DNS SRV code
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
* USA.
*/
#include <config.h>
#include <sys/types.h>
#ifdef _WIN32
#include <windows.h>
#else
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#endif
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "util.h"
#include "srv.h"
/* Not every installation has gotten around to supporting SRVs
yet... */
#ifndef T_SRV
#define T_SRV 33
#endif
static int
priosort(const void *a,const void *b)
{
const struct srventry *sa=a,*sb=b;
if(sa->priority>sb->priority)
return 1;
else if(sa->priority<sb->priority)
return -1;
else
return 0;
}
int
getsrv(const char *name,struct srventry **list)
{
unsigned char answer[PACKETSZ];
int r,srvcount=0;
unsigned char *pt,*emsg;
u16 count,dlen;
*list=NULL;
r=res_query(name,C_IN,T_SRV,answer,PACKETSZ);
if(r<sizeof(HEADER) || r>PACKETSZ)
return -1;
if((((HEADER *)answer)->rcode)==NOERROR &&
(count=ntohs(((HEADER *)answer)->ancount)))
{
int i,rc;
emsg=&answer[r];
pt=&answer[sizeof(HEADER)];
/* Skip over the query */
rc=dn_skipname(pt,emsg);
if(rc==-1)
goto fail;
pt+=rc+QFIXEDSZ;
while(count-->0 && pt<emsg)
{
struct srventry *srv=NULL;
u16 type,class;
*list=xrealloc(*list,(srvcount+1)*sizeof(struct srventry));
memset(&(*list)[srvcount],0,sizeof(struct srventry));
srv=&(*list)[srvcount];
srvcount++;
rc=dn_skipname(pt,emsg); /* the name we just queried for */
if(rc==-1)
goto fail;
pt+=rc;
/* Truncated message? */
if((emsg-pt)<16)
goto fail;
type=*pt++ << 8;
type|=*pt++;
/* We asked for SRV and got something else !? */
if(type!=T_SRV)
goto fail;
class=*pt++ << 8;
class|=*pt++;
/* We asked for IN and got something else !? */
if(class!=C_IN)
goto fail;
pt+=4; /* ttl */
dlen=*pt++ << 8;
dlen|=*pt++;
srv->priority=*pt++ << 8;
srv->priority|=*pt++;
srv->weight=*pt++ << 8;
srv->weight|=*pt++;
srv->port=*pt++ << 8;
srv->port|=*pt++;
/* Get the name. 2782 doesn't allow name compression, but
dn_expand still works to pull the name out of the
packet. */
rc=dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
if(rc==1 && srv->target[0]==0) /* "." */
goto noanswer;
if(rc==-1)
goto fail;
pt+=rc;
/* Corrupt packet? */
if(dlen!=rc+6)
goto fail;
#if 0
printf("count=%d\n",srvcount);
printf("priority=%d\n",srv->priority);
printf("weight=%d\n",srv->weight);
printf("port=%d\n",srv->port);
printf("target=%s\n",srv->target);
#endif
}
/* Now we have an array of all the srv records. */
/* Order by priority */
qsort(*list,srvcount,sizeof(struct srventry),priosort);
/* For each priority, move the zero-weighted items first. */
for(i=0;i<srvcount;i++)
{
int j;
for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
if((*list)[j].weight==0)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy(&temp,&(*list)[j],sizeof(struct srventry));
memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy(&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
/* Run the RFC-2782 weighting algorithm. We don't need very
high quality randomness for this, so regular libc srand/rand
is sufficient. */
srand(time(NULL)*getpid());
for(i=0;i<srvcount;i++)
{
int j;
float prio_count=0,chose;
for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
prio_count+=(*list)[j].weight;
(*list)[j].run_count=prio_count;
}
chose=prio_count*rand()/RAND_MAX;
for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
if(chose<=(*list)[j].run_count)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy(&temp,&(*list)[j],sizeof(struct srventry));
memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy(&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
}
return srvcount;
noanswer:
xfree(*list);
*list=NULL;
return 0;
fail:
xfree(*list);
*list=NULL;
return -1;
}
#ifdef TEST
int
main(int argc,char *argv[])
{
struct srventry *srv;
int rc,i;
rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
printf("Count=%d\n\n",rc);
for(i=0;i<rc;i++)
{
printf("priority=%hu\n",srv[i].priority);
printf("weight=%hu\n",srv[i].weight);
printf("port=%hu\n",srv[i].port);
printf("target=%s\n",srv[i].target);
printf("\n");
}
xfree(srv);
return 0;
}
#endif /* TEST */
/*
Local Variables:
compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv libutil.a"
End:
*/

51
common/srv.h Normal file
View File

@ -0,0 +1,51 @@
/* srv.h
* Copyright (C) 2003, 2004 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
* USA.
*/
#ifndef GNUPG_COMMON_SRV_H
#define GNUPG_COMMON_SRV_H
#ifdef USE_DNS_SRV
#ifdef _WIN32
#include <windows.h>
#else
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#endif /* !_WIN32 */
#endif /* USE_DNS_SRV */
#ifndef MAXDNAME
#define MAXDNAME 1025
#endif
struct srventry
{
unsigned short priority;
unsigned short weight;
unsigned short port;
int run_count;
char target[MAXDNAME];
};
int getsrv(const char *name,struct srventry **list);
#endif /*GNUPG_COMMON_SRV_H*/

627
configure.ac
View File

@ -33,19 +33,20 @@ m4_define([my_issvn], [yes])
m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
|| echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q}')]))
AC_INIT([gnupg], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]),
[gnupg-devel@gnupg.org])
[bug-gnupg@gnupg.org])
# Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not
# sufficient.
development_version=yes
NEED_GPG_ERROR_VERSION=1.0
NEED_GPG_ERROR_VERSION=1.2
NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.1.94
NEED_LIBASSUAN_VERSION=0.6.10
NEED_KSBA_VERSION=0.9.13
NEED_KSBA_VERSION=0.9.16
PACKAGE=$PACKAGE_NAME
@ -61,20 +62,24 @@ AB_INIT
AC_GNU_SOURCE
# Some status variables to give feedback at the end of a configure run
# Some status variables.
have_gpg_error=no
have_libgcrypt=no
have_libassuan=no
have_ksba=no
have_pth=no
use_bzip2=yes
use_exec=yes
disable_keyserver_path=no
GNUPG_BUILD_PROGRAM(gpg, no)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
GNUPG_BUILD_PROGRAM(agent, yes)
GNUPG_BUILD_PROGRAM(scdaemon, yes)
GNUPG_BUILD_PROGRAM(symcryptrun, no)
AC_SUBST(PACKAGE)
AC_SUBST(PACKAGE_GT)
AC_SUBST(VERSION)
@ -140,8 +145,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \
&& show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
# Some folks want to use only the agent form this packet. Make it
# Some folks want to use only the agent from this packet. Make it
# easier for them by providing the configure option
# --enable-only-agent.
AC_ARG_ENABLE(agent-only,
@ -149,9 +153,17 @@ AC_ARG_ENABLE(agent-only,
build_agent_only=$enableval)
# SELinux support includes tracking of sensitive files to avoid
# leaking their contents through processing these files by gpg itself
AC_MSG_CHECKING([whether SELinux support is requested])
AC_ARG_ENABLE(selinux-support,
AC_HELP_STRING([--enable-selinux-support],
[enable SELinux support]),
selinux_support=$enableval, selinux_support=no)
AC_MSG_RESULT($selinux_support)
# Allow disabling of bzib2 support.
# It is defined only after we confirm the library is available later
use_bzip2=yes
AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
AC_ARG_ENABLE(bzip2,
AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
@ -204,92 +216,102 @@ if test "$use_exec" = yes ; then
AC_MSG_RESULT($enableval)
if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
# LDAP is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether LDAP keyserver support is requested])
AC_ARG_ENABLE(ldap,
[ --disable-ldap disable LDAP keyserver interface],
try_ldap=$enableval, try_ldap=yes)
AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
try_ldap=$enableval, try_ldap=yes)
AC_MSG_RESULT($try_ldap)
AC_MSG_CHECKING([whether HKP keyserver support is requested])
AC_ARG_ENABLE(hkp,
[ --disable-hkp disable HKP keyserver interface],
try_hkp=$enableval, try_hkp=yes)
AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
try_hkp=$enableval, try_hkp=yes)
AC_MSG_RESULT($try_hkp)
if test "$try_hkp" = yes ; then
AC_SUBST(GPGKEYS_HKP,"gpgkeys_hkp$EXEEXT")
fi
AC_MSG_CHECKING([whether finger key fetching support is requested])
AC_ARG_ENABLE(finger,
AC_HELP_STRING([--disable-finger],
[disable finger key fetching interface only]),
try_finger=$enableval, try_finger=yes)
AC_MSG_RESULT($try_finger)
AC_MSG_CHECKING([whether generic object key fetching support is requested])
AC_ARG_ENABLE(generic,
AC_HELP_STRING([--disable-generic],
[disable generic object key fetching interface only]),
try_generic=$enableval, try_generic=yes)
AC_MSG_RESULT($try_generic)
AC_MSG_CHECKING([whether email keyserver support is requested])
AC_ARG_ENABLE(mailto,
[ --disable-mailto disable email keyserver interface],
try_mailto=$enableval, try_mailto=yes)
AC_HELP_STRING([--enable-mailto],
[enable email keyserver interface only]),
try_mailto=$enableval, try_mailto=no)
AC_MSG_RESULT($try_mailto)
fi
AC_MSG_CHECKING([whether keyserver exec-path is enabled])
AC_ARG_ENABLE(keyserver-path,
[ --disable-keyserver-path disable the exec-path option for keyserver helpers],
[if test "$enableval" = no ; then
AC_DEFINE(DISABLE_KEYSERVER_PATH,1,[define to disable exec-path for keyserver helpers])
fi],enableval=yes)
AC_HELP_STRING([--disable-keyserver-path],
[disable the exec-path option for keyserver helpers]),
[if test "$enableval" = no ; then
disable_keyserver_path=yes
fi],enableval=yes)
AC_MSG_RESULT($enableval)
fi
dnl
dnl Check for the key/uid cache size. This can't be zero, but can be
dnl pretty small on embedded systems.
dnl
#
# Check for the key/uid cache size. This can't be zero, but can be
# pretty small on embedded systems. This is used for the gpg part.
#
AC_MSG_CHECKING([for the size of the key and uid cache])
AC_ARG_ENABLE(key-cache,
AC_HELP_STRING([--enable-key-cache=SIZE],[Set key cache to SIZE (default 4096)]),,enableval=4096)
AC_HELP_STRING([--enable-key-cache=SIZE],
[Set key cache to SIZE (default 4096)]),,enableval=4096)
if test "$enableval" = "no"; then
enableval=5
elif test "$enableval" = "yes" || test "$enableval" = ""; then
enableval=4096
fi
changequote(,)dnl
key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
changequote([,])dnl
if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
AC_MSG_ERROR([invalid key-cache size])
fi
AC_MSG_RESULT($key_cache_size)
AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,[Size of the key and UID caches])
AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,
[Size of the key and UID caches])
dnl
dnl Check whether we want to use Linux capabilities
dnl
#
# Check whether we want to use Linux capabilities
#
AC_MSG_CHECKING([whether use of capabilities is requested])
AC_ARG_WITH(capabilities,
[ --with-capabilities use linux capabilities [default=no]],
[use_capabilities="$withval"],[use_capabilities=no])
AC_MSG_RESULT($use_capabilities)
#
# To avoid double inclusion of config.h which might happen at some
# places, we add the usual double inclusion protection at the top of
# config.h.
#
AH_TOP([
#ifndef GNUPG_CONFIG_H_INCLUDED
#define GNUPG_CONFIG_H_INCLUDED
])
#
# Stuff which goes at the bottom of config.h.
#
AH_BOTTOM([
/* Some global constants. */
#ifdef HAVE_DRIVE_LETTERS
#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
#elif defined(__VMS)
#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
#else
#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
#endif
#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
/* Tell libgcrypt not to use its own libgpg-error implementation. */
#define USE_LIBGPG_ERROR 1
/* This is the major version number of GnuPG so that
source included files can test for this. Note, that\
source included files can test for this. Note, that
we use 2 here even for GnuPG 1.9.x. */
#define GNUPG_MAJOR_VERSION 2
@ -322,6 +344,16 @@ AH_BOTTOM([
#define SAFE_VERSION_DOT '.'
#define SAFE_VERSION_DASH '-'
/* Some global constants. */
#ifdef HAVE_DRIVE_LETTERS
#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
#elif defined(__VMS)
#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
#else
#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
#endif
#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
/* For some systems (DOS currently), we hardcode the path here. For
POSIX systems the values are constructed by the Makefiles, so that
the values may be overridden by the make invocations; this is to
@ -357,13 +389,37 @@ AH_BOTTOM([
#define EXEC_TEMPFILE_ONLY
#endif
/* Temporary hacks to avoid requring a libgpg-error update. */
#if !HAVE_DECL_GPG_ERR_LOCKED
#define GPG_ERR_LOCKED 173
/* We didn't define endianness above, so get it from OS macros. This
is intended for making fat binary builds on OS X. */
#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
#if defined(__BIG_ENDIAN__)
#define BIG_ENDIAN_HOST 1
#elif defined(__LITTLE_ENDIAN__)
#define LITTLE_ENDIAN_HOST 1
#else
#error "No endianness found"
#endif
#endif
/* Tell libgcrypt not to use its own libgpg-error implementation. */
#define USE_LIBGPG_ERROR 1
/* We use jnlib, so tell other modules about it. */
#define HAVE_JNLIB_LOGGING 1
/* Our HTTP code is used in estream mode. */
#define HTTP_USE_ESTREAM 1
/* We always include support for the OpenPGP card. */
#define ENABLE_CARD_SUPPORT 1
#endif /*GNUPG_CONFIG_H_INCLUDED*/
])
AM_MAINTAINER_MODE
# Checks for programs.
@ -380,7 +436,6 @@ AC_PROG_CC
AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_RANLIB
AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl")
@ -391,11 +446,13 @@ AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no)
AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
GNUPG_CHECK_FAQPROG
GNUPG_CHECK_DOCBOOK_TO_TEXI
GNUPG_CHECK_USTAR
try_gettext=yes
have_dosish_system=no
have_w32_system=no
use_simple_gettext=no
case "${host}" in
*-mingw32*)
# special stuff for Windoze NT
@ -408,9 +465,11 @@ case "${host}" in
[because the Unix gettext has too much overhead on
MingW32 systems and these systems lack Posix functions,
we use a simplified version of gettext])
disable_keyserver_path=yes
have_dosish_system=yes
have_w32_system=yes
try_gettext="no"
use_simple_gettext=yes
;;
i?86-emx-os2 | i?86-*-os2*emx )
# OS/2 with the EMX environment
@ -448,11 +507,11 @@ case "${host}" in
;;
*-dec-osf5*)
if test -z "$GCC" ; then
# Use the newer compiler `-msg_disable ptrmismatch' to
# Use the newer compiler `-msg_disable ptrmismatch1' to
# get rid of the unsigned/signed char mismatch warnings.
# Using this may hide other pointer mismatch warnings, but
# it at least lets other warning classes through
CFLAGS="$CFLAGS -msg_disable ptrmismatch"
CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
fi
;;
m68k-atari-mint)
@ -469,14 +528,30 @@ if test "$have_dosish_system" = yes; then
fi
AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
if test "$have_w32_system" = yes; then
AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
fi
AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
# These need to go after AC_PROG_CC so that $EXEEXT is defined
if test "$disable_keyserver_path" = yes; then
AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
[Defined to disable exec-path for keyserver helpers])
fi
# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
if test x"$try_hkp" = xyes ; then
AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
fi
if test x"$try_finger" = xyes ; then
AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
fi
#
# Checks for libraries.
@ -513,15 +588,12 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_VERSION",
# libksba is our X.509 support library
#
AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
# fixme: Remove the following test and require newer libksba instead.
_ksba_save_libs=$LIBS
LIBS=$KSBA_LIBS
AC_CHECK_FUNCS(ksba_dn_teststr)
LIBS=$_ksba_save_libs
#
# libusb allows us to use the integrated CCID smartcard reader driver.
#
# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
AC_CHECK_LIB(usb, usb_bulk_write,
[ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
AC_DEFINE(HAVE_LIBUSB,1,
@ -556,8 +628,9 @@ AC_DEFINE_UNQUOTED(SHRED,
"${SHRED}", [defines the filename of the shred program])
#
# Check whether the (highly desirable) GNU Pth library is available
# Check whether the GNU Pth library is available
# Note, that we include a Pth emulation for W32.
#
AC_ARG_WITH(pth-prefix,
@ -601,163 +674,166 @@ AC_SUBST(PTH_CFLAGS)
AC_SUBST(PTH_LIBS)
dnl Must check for network library requirements before doing link tests
dnl for ldap, for example. If ldap libs are static (or dynamic and without
dnl ELF runtime link paths), then link will fail and LDAP support won't
dnl be detected.
#
# Must check for network library requirements before doing link tests
# for ldap, for example. If ldap libs are static (or dynamic and without
# ELF runtime link paths), then link will fail and LDAP support won't
# be detected.
#
AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname,
[NETLIBS="-lnsl $NETLIBS"]))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
[NETLIBS="-lsocket $NETLIBS"]))
dnl Now try for the resolver functions so we can use DNS SRV
#
# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
#
if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
AC_ARG_ENABLE(dns-srv,
AC_HELP_STRING([--disable-dns-srv],
[disable the use of DNS SRV in HKP and HTTP]),
use_dns_srv=$enableval,use_dns_srv=yes)
fi
AC_ARG_ENABLE(dns-srv,
AC_HELP_STRING([--disable-dns-srv],[disable the use of DNS SRV in HKP]),
use_dns_srv=$enableval,use_dns_srv=yes)
AC_ARG_ENABLE(dns-pka,
AC_HELP_STRING([--disable-dns-pka],
[disable the use of PKA records in DNS]),
use_dns_pka=$enableval,use_dns_pka=yes)
if test x"$try_hkp" = xyes && test x"$use_dns_srv" = xyes ; then
_srv_save_libs=$LIBS
AC_ARG_ENABLE(dns-cert,
AC_HELP_STRING([--disable-dns-cert],
[disable the use of CERT records in DNS]),
use_dns_cert=$enableval,use_dns_cert=yes)
if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
|| test x"$use_dns_cert" = xyes; then
_dns_save_libs=$LIBS
LIBS=""
# the double underscore thing is a glibc-ism?
AC_SEARCH_LIBS(res_query,resolv bind,,
AC_SEARCH_LIBS(__res_query,resolv bind,,use_dns_srv=no))
AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_expand,resolv bind,,
AC_SEARCH_LIBS(__dn_expand,resolv bind,,use_dns_srv=no))
AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_skipname,resolv bind,,
AC_SEARCH_LIBS(__dn_skipname,resolv bind,,use_dns_srv=no))
AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
if test x"$use_dns_srv" = xyes ; then
AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
SRVLIBS=$LIBS
else
AC_MSG_WARN([Resolver functions not found. Disabling DNS SRV.])
if test x"$have_resolver" != xno ; then
# Make sure that the BIND 4 resolver interface is workable before
# enabling any code that calls it. At some point I'll rewrite the
# code to use the BIND 8 resolver API.
AC_MSG_CHECKING([whether the resolver is usable])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>],
[[unsigned char answer[PACKETSZ];
res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
dn_skipname(0,0);
dn_expand(0,0,0,0,0);
]])],have_resolver=yes,have_resolver=no)
AC_MSG_RESULT($have_resolver)
# This is Apple-specific and somewhat bizarre as they changed the
# define in bind 8 for some reason.
if test x"$have_resolver" != xyes ; then
AC_MSG_CHECKING(
[whether I can make the resolver usable with BIND_8_COMPAT])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#define BIND_8_COMPAT
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>],
[[unsigned char answer[PACKETSZ];
res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
dn_skipname(0,0); dn_expand(0,0,0,0,0);
]])],[have_resolver=yes ; need_compat=yes])
AC_MSG_RESULT($have_resolver)
fi
fi
LIBS=$_srv_save_libs
if test x"$have_resolver" = xyes ; then
DNSLIBS=$LIBS
if test x"$use_dns_srv" = xyes ; then
AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
fi
if test x"$use_dns_pka" = xyes ; then
AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
fi
if test x"$use_dns_cert" = xyes ; then
AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
fi
if test x"$need_compat" = xyes ; then
AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
fi
else
use_dns_srv=no
use_dns_pka=no
use_dns_cert=no
fi
LIBS=$_dns_save_libs
fi
AC_SUBST(SRVLIBS)
AC_SUBST(DNSLIBS)
# Try and link a LDAP test program to weed out unusable LDAP
# libraries. -lldap [-llber [-lresolv]] is for OpenLDAP. OpenLDAP in
# general is terrible with creating weird dependencies. If all else
# fails, the user can play guess-the-dependency by using something
# like ./configure LDAPLIBS="-Lfoo -lbar"
AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
#
# Check for LDAP
#
if test "$try_ldap" = yes ; then
for MY_LDAPLIBS in ${LDAPLIBS+"$LDAPLIBS"} "-lldap" "-lldap -llber" "-lldap -llber -lresolv"; do
_ldap_save_libs=$LIBS
LIBS="$MY_LDAPLIBS $NETLIBS $LIBS"
AC_MSG_CHECKING([whether LDAP via \"$MY_LDAPLIBS\" is present and sane])
AC_TRY_LINK([#include <ldap.h>],[ldap_open("foobar",1234);],
[gnupg_cv_func_ldap_init=yes],[gnupg_cv_func_ldap_init=no])
AC_MSG_RESULT([$gnupg_cv_func_ldap_init])
if test $gnupg_cv_func_ldap_init = no; then
AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h])
AC_TRY_LINK([#include <lber.h>
#include <ldap.h>],[ldap_open("foobar",1234);],
[gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no])
AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init])
fi
if test "$gnupg_cv_func_ldaplber_init" = yes ; then
AC_DEFINE(NEED_LBER_H,1,[Define if the LDAP library requires including lber.h before ldap.h])
fi
if test "$gnupg_cv_func_ldap_init" = yes || \
test "$gnupg_cv_func_ldaplber_init" = yes ; then
LDAPLIBS=$MY_LDAPLIBS
GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT"
AC_MSG_CHECKING([whether LDAP supports ldap_get_option])
if test "$gnupg_cv_func_ldap_init" = yes ; then
AC_TRY_LINK([#include <ldap.h>],
[ldap_get_option((void *)0,0,(void *)0);],
[gnupg_cv_func_ldap_get_option=yes],
[gnupg_cv_func_ldap_get_option=no])
else
AC_TRY_LINK([#include <lber.h>
#include <ldap.h>],[ldap_get_option((void *)0,0,(void *)0);],
[gnupg_cv_func_ldap_get_option=yes],
[gnupg_cv_func_ldap_get_option=no])
fi
AC_MSG_RESULT([$gnupg_cv_func_ldap_get_option])
if test "$gnupg_cv_func_ldap_get_option" = yes ; then
AC_DEFINE(HAVE_LDAP_GET_OPTION,1,[Define if the LDAP library has ldap_get_option])
else
AC_MSG_CHECKING([whether LDAP supports ld_errno])
if test "$gnupg_cv_func_ldap_init" = yes ; then
AC_TRY_COMPILE([#include <ldap.h>],
[LDAP *ldap; ldap->ld_errno;],
[gnupg_cv_func_ldap_ld_errno=yes],
[gnupg_cv_func_ldap_ld_errno=no])
else
AC_TRY_LINK([#include <lber.h>
#include <ldap.h>],[LDAP *ldap; ldap->ld_errno;],
[gnupg_cv_func_ldap_ld_errno=yes],
[gnupg_cv_func_ldap_ld_errno=no])
fi
AC_MSG_RESULT([$gnupg_cv_func_ldap_ld_errno])
if test "$gnupg_cv_func_ldap_ld_errno" = yes ; then
AC_DEFINE(HAVE_LDAP_LD_ERRNO,1,[Define if the LDAP library supports ld_errno])
fi
fi
fi
LIBS=$_ldap_save_libs
if test "$GPGKEYS_LDAP" != "" ; then break; fi
done
GNUPG_CHECK_LDAP($NETLIBS)
fi
AC_SUBST(GPGKEYS_LDAP)
AC_SUBST(LDAPLIBS)
#
# Check for curl. We fake the curl API if libcurl isn't installed.
# fixme: need to add this
#LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
#AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
AM_CONDITIONAL(FAKE_CURL,1)
#
LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
# Generic, for us, means curl
if test x"$try_generic" = xyes ; then
AC_SUBST(GPGKEYS_CURL,"gpgkeys_curl$EXEEXT")
AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
fi
dnl This isn't necessarily sendmail itself, but anything that gives a
dnl sendmail-ish interface to the outside world. That includes qmail,
dnl postfix, etc. Basically, anything that can handle "sendmail -t".
#
# Check for sendmail
#
# This isn't necessarily sendmail itself, but anything that gives a
# sendmail-ish interface to the outside world. That includes Exim,
# Postfix, etc. Basically, anything that can handle "sendmail -t".
if test "$try_mailto" = yes ; then
AC_ARG_WITH(mailprog,[ --with-mailprog=NAME use "NAME -t" for mail transport],,with_mailprog=yes)
AC_ARG_WITH(mailprog,
AC_HELP_STRING([--with-mailprog=NAME],
[use "NAME -t" for mail transport]),
,with_mailprog=yes)
if test "$with_mailprog" = yes ; then
if test x"$with_mailprog" = xyes ; then
AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
if test "$ac_cv_path_SENDMAIL" ; then
GPGKEYS_MAILTO="gpgkeys_mailto"
GPGKEYS_MAILTO="gpg2keys_mailto"
fi
elif test "$with_mailprog" != no ; then
elif test x"$with_mailprog" != xno ; then
AC_MSG_CHECKING([for a mail transport program])
AC_SUBST(SENDMAIL,$with_mailprog)
AC_MSG_RESULT($with_mailprog)
GPGKEYS_MAILTO="gpgkeys_mailto"
GPGKEYS_MAILTO="gpg2keys_mailto"
fi
fi
AC_SUBST(GPGKEYS_MAILTO)
#
# Construct a printable name of the OS
#
case "${host}" in
*-mingw32*)
PRINTABLE_OS_NAME="MingW32"
@ -783,6 +859,9 @@ AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
[A human readable text with the name of the OS])
#
# Check for gettext
#
AM_GNU_GETTEXT_VERSION(0.14.1)
if test "$try_gettext" = yes; then
AM_GNU_GETTEXT(,[need-ngettext])
@ -799,21 +878,50 @@ else
AC_SUBST(USE_NLS)
AC_SUBST(USE_INCLUDED_LIBINTL)
AC_SUBST(BUILD_INCLUDED_LIBINTL)
AM_PO_SUBDIRS
fi
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS(string.h unistd.h langinfo.h termio.h locale.h)
#
# SELinux support
#
if test "$selinux_support" = yes ; then
AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support])
fi
#
# Checks for header files.
#
AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
AC_CHECK_HEADERS([pwd.h inttypes.h])
# Note that we do not check for iconv here because this is done anyway
# by the gettext checks and thus it allows us to disable the use of
# iconv by using --disable-nls.
#
# Checks for typedefs, structures, and compiler characteristics.
#
AC_C_CONST
AC_C_INLINE
AC_C_VOLATILE
AC_TYPE_SIZE_T
AC_TYPE_MODE_T
AC_TYPE_SIGNAL
AC_DECL_SYS_SIGLIST
GNUPG_CHECK_ENDIAN
AC_ARG_ENABLE(endian-check,
AC_HELP_STRING([--disable-endian-check],
[disable the endian check and trust the OS provided macros]),
endiancheck=$enableval,endiancheck=yes)
if test x"$endiancheck" = xyes ; then
GNUPG_CHECK_ENDIAN
fi
# fixme: we should get rid of the byte type
GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
@ -825,16 +933,14 @@ AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_SIZEOF(unsigned long long)
# Ensure that we have UINT64_C before we bother to check for uint64_t
# fixme: really needed in gnupg? I think it is only useful in libcgrypt.
# Fixme: really needed in gnupg? I think it is only useful in libcgrypt.
AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([#include <inttypes.h>
uint64_t foo=UINT64_C(42);]),gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
uint64_t foo=UINT64_C(42);]),
gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
if test "$gnupg_cv_uint64_c_works" = "yes" ; then
AC_CHECK_SIZEOF(uint64_t)
fi
if test "$ac_cv_sizeof_unsigned_short" = "0" \
|| test "$ac_cv_sizeof_unsigned_int" = "0" \
@ -842,92 +948,54 @@ if test "$ac_cv_sizeof_unsigned_short" = "0" \
AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
fi
dnl Do we have any 64-bit data types?
if test "$ac_cv_sizeof_unsigned_int" != "8" \
&& test "$ac_cv_sizeof_unsigned_long" != "8" \
&& test "$ac_cv_sizeof_unsigned_long_long" != "8" \
&& test "$ac_cv_sizeof_uint64_t" != "8"; then
AC_MSG_WARN([No 64-bit types. Disabling SHA-384, and SHA-512])
else
if test x"$use_sha512" = xyes ; then
AC_SUBST(SHA512_O,sha512.o)
AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests])
fi
fi
#
# fixme: do we really need this - it should be encapsulated in libassuan
#
GNUPG_SYS_SO_PEERCRED
#
# Checks for library functions.
#
AC_CHECK_DECLS(getpagesize)
AC_FUNC_FSEEKO
AC_FUNC_VPRINTF
AC_FUNC_FORK
AC_CHECK_FUNCS(strerror stpcpy strsep strlwr tcgetattr strtoul mmap)
AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times gmtime_r)
AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime)
AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale)
AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo)
AC_CHECK_FUNCS(fseeko ftello ttyname isascii)
AC_CHECK_FUNCS([strerror stpcpy strsep strlwr tcgetattr strtoul mmap])
AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times timegm gmtime_r])
AC_CHECK_FUNCS([unsetenv getpwnam getpwuid fcntl ftruncate])
AC_CHECK_FUNCS([memmove gettimeofday getrusage setrlimit clock_gettime])
AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo])
AC_CHECK_FUNCS([ttyname isascii memrchr rand ftello])
AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
#
# gnulib checks
#
gl_SOURCE_BASE(gl)
gl_M4_BASE(gl/m4)
gl_MODULES(setenv strsep mkdtemp vasprintf xsize)
gl_INIT
#
# These are needed by libjnlib - fixme: we should have macros for them
AC_CHECK_FUNCS(memicmp stpcpy strlwr strtoul memmove stricmp strtol)
AC_CHECK_FUNCS(getrusage setrlimit stat setlocale)
AC_CHECK_FUNCS(flockfile funlockfile fopencookie funopen)
#
AC_CHECK_FUNCS([memicmp stpcpy strlwr strtoul memmove stricmp strtol])
AC_CHECK_FUNCS([getrusage setrlimit stat setlocale])
AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen])
#
# check for gethrtime and run a testprogram to see whether
# it is broken. It has been reported that some Solaris and HP UX systems
# raise an SIGILL
#
# fixme: Do we need this - iirc, this is only used by libgcrypt.
#
AC_CACHE_CHECK([for gethrtime],
[gnupg_cv_func_gethrtime],
[AC_TRY_LINK([#include <sys/times.h>],[
hrtime_t tv;
tv = gethrtime();
],
[gnupg_cv_func_gethrtime=yes],
[gnupg_cv_func_gethrtime=no])
])
if test $gnupg_cv_func_gethrtime = yes; then
AC_DEFINE([HAVE_GETHRTIME], 1,
[Define if you have the `gethrtime(2)' function.])
AC_CACHE_CHECK([whether gethrtime is broken],
[gnupg_cv_func_broken_gethrtime],
[AC_TRY_RUN([
#include <sys/times.h>
int main () {
hrtime_t tv;
tv = gethrtime();
}
],
[gnupg_cv_func_broken_gethrtime=no],
[gnupg_cv_func_broken_gethrtime=yes],
[gnupg_cv_func_broken_gethrtime=assume-no])
])
if test $gnupg_cv_func_broken_gethrtime = yes; then
AC_DEFINE([HAVE_BROKEN_GETHRTIME], 1,
[Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL.])
fi
fi
GNUPG_CHECK_MLOCK
GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
dnl
dnl Check whether we can use Linux capabilities as requested
dnl
#
# Check whether we can use Linux capabilities as requested
#
# fixme: Still required?
#
if test "$use_capabilities" = "yes" ; then
@ -956,13 +1024,15 @@ if test "$use_capabilities" = "no" ; then
fi
fi
#
# Sanity check regex. Tests adapted from mutt.
# FIXME: We should use the the regex from gnulib
#
AC_MSG_CHECKING([whether regular expression support is requested])
AC_ARG_ENABLE(regex,
[ --disable-regex do not handle regular expressions in trust sigs],
use_regex=$enableval, use_regex=yes)
AC_HELP_STRING([--disable-regex],
[do not handle regular expressions in trust signatures]),
use_regex=$enableval, use_regex=yes)
AC_MSG_RESULT($use_regex)
if test "$use_regex" = yes ; then
@ -994,14 +1064,16 @@ main() { regex_t blah ; regmatch_t p; p.rm_eo = p.rm_eo; return regcomp(&blah, "
fi
if test $gnupg_cv_included_regex = yes; then
AC_DEFINE(USE_GNU_REGEX,1,[ Define if you want to use the included regex lib ])
AC_SUBST(REGEX_O,regex.o)
AC_DEFINE(USE_INTERNAL_REGEX,1,[ Define if you want to use the included regex lib ])
fi
else
AC_DEFINE(DISABLE_REGEX,1,[ Define to disable regular expression support ])
fi
AM_CONDITIONAL(USE_INTERNAL_REGEX, test x"$gnupg_cv_included_regex" = xyes)
#
# Do we have zlib? Must do it here because Solaris failed
# when compiling a conftest (due to the "-lz" from LIBS).
@ -1058,16 +1130,20 @@ AM_CONDITIONAL(ENABLE_BZIP2_SUPPORT,test x"$have_bz2" = "xyes")
AC_SUBST(ZLIBS)
# Check for readline support
GNUPG_CHECK_READLINE
# See wether we want to run the long test suite.
AC_ARG_WITH(pkits-tests,
AC_HELP_STRING([--with-pkits-tests],[run the PKITS based tests]),
[run_pkits_tests=$withval], [run_pkits_tests=no])
AM_CONDITIONAL(RUN_PKITS_TESTS, test "$run_pkits_tests" = "yes")
#
# Allow users to append something to the version string without
# flagging it as development version. The user version parts is
# considered everything after a dash.
#
if test "$development_version" != yes; then
changequote(,)dnl
tmp_pat='[a-zA-Z]'
@ -1091,16 +1167,36 @@ if test "$have_w32_system" = yes; then
W32LIBS="-lwsock32"
fi
AC_SUBST(NETLIBS)
AC_SUBST(W32LIBS)
#
# Setup gcc specific options
#
if test "$GCC" = yes; then
# Note that it is okay to use CFLAGS here because this are just
# warning options and the user should have a chance of overriding
# them.
if test "$USE_MAINTAINER_MODE" = "yes"; then
CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security"
CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security -Wformat-nonliteral"
else
CFLAGS="$CFLAGS -Wall"
fi
AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wno-pointer-sign"
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no)
AC_MSG_RESULT($_gcc_psign)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_psign" = xyes ; then
CFLAGS="$CFLAGS -Wno-pointer-sign"
fi
fi
#
# This is handy for debugging so the compiler doesn't rearrange
# things and eliminate variables.
@ -1112,18 +1208,9 @@ AC_ARG_ENABLE(optimization,
CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
fi])
AC_SUBST(NETLIBS)
AC_SUBST(W32LIBS)
# We use jnlib, so tell other modules about it
AC_DEFINE(HAVE_JNLIB_LOGGING, 1,
[Defined if jnlib style logging functions are available])
#
# For W32 we need to use our Pth emulation code
#
if test "$have_w32_system" = yes; then
AC_CONFIG_LINKS(pth.h:jnlib/w32-pth.h)
fi
@ -1254,13 +1341,13 @@ g10/Makefile
sm/Makefile
agent/Makefile
scd/Makefile
keyserver/Makefile
tools/Makefile
doc/Makefile
tests/Makefile
])
AC_OUTPUT
#./autogen keyserver/Makefile
#tests/pkits/Makefile

2
doc/gpg-agent.texi
View File

@ -430,7 +430,7 @@ agent. By default they may all be found in the current home directory
hash mark, as well as empty lines are ignored. To mark a key as trusted
you need to enter its fingerprint followed by a space and a capital
letter @code{S}. Colons may optionally be used to separate the bytes of
a fingerprint; this allows to cut and paste the fingeperint from a key
a fingerprint; this allows to cut and paste the fingerprint from a key
listing output.
Here is an example where two keys are marked as ultimately trusted:

18
g10/ChangeLog
View File

@ -1,3 +1,21 @@
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_. This is so
that we can install helpers from 1.4 and 2 without conflicts and
first of all don't get lost with weird bug reports.
* keyid.c (serialno_and_fpr_from_sk): New. Actually lost during
the last 1.4 to 1.9 merge.
* gpg.c (list_config): Output ccid-reader-id only for gnupg 1.
* call-agent.c (agent_scd_writekey): New.
(inq_writekey_parms): New.
* gpgv.c: Include call-agent.h for use by stubs.
* misc.c: Include call-agent.h for use by get_signature_count.
2006-07-27 Werner Koch <wk@g10code.com>
* parse-packet.c (parse_comment): Cap comments at 65k.

3
g10/Makefile.am
View File

@ -108,7 +108,8 @@ gpgv2_SOURCES = gpgv.c \
# ks-db.h \
# $(common_source)
LDADD = $(needed_libs) $(ZLIBS) @LIBINTL@ @CAPLIBS@ @W32LIBS@
LDADD = $(needed_libs) $(ZLIBS) $(DNSLIBS) $(LIBREADLINE) \
$(LIBINTL) $(CAPLIBS) $(W32LIBS)
gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error

67
g10/call-agent.c
View File

@ -1,5 +1,5 @@
/* call-agent.c - divert operations to the agent
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -47,17 +47,26 @@
# define DBG_ASSUAN 1
#endif
static ASSUAN_CONTEXT agent_ctx = NULL;
static assuan_context_t agent_ctx = NULL;
static int force_pipe_server = 1; /* FIXME: set this back to 0. */
struct cipher_parm_s {
ASSUAN_CONTEXT ctx;
struct cipher_parm_s
{
assuan_context_t ctx;
const char *ciphertext;
size_t ciphertextlen;
};
struct genkey_parm_s {
ASSUAN_CONTEXT ctx;
struct writekey_parm_s
{
assuan_context_t ctx;
const unsigned char *keydata;
size_t keydatalen;
};
struct genkey_parm_s
{
assuan_context_t ctx;
const char *sexp;
size_t sexplen;
};
@ -672,6 +681,48 @@ agent_scd_setattr (const char *name,
return map_assuan_err (rc);
}
/* Handle a KEYDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */
static assuan_error_t
inq_writekey_parms (void *opaque, const char *keyword)
{
struct writekey_parm_s *parm = opaque;
return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
}
/* Send a WRITEKEY command to the SCdaemon. */
int
agent_scd_writekey (int keyno, const char *serialno,
const unsigned char *keydata, size_t keydatalen)
{
int rc;
char line[ASSUAN_LINELENGTH];
struct writekey_parm_s parms;
rc = start_agent ();
if (rc)
return rc;
memset (&parms, 0, sizeof parms);
snprintf (line, DIM(line)-1, "SCD WRITEKEY --force OPENPGP.%d", keyno);
line[DIM(line)-1] = 0;
parms.ctx = agent_ctx;
parms.keydata = keydata;
parms.keydatalen = keydatalen;
rc = assuan_transact (agent_ctx, line, NULL, NULL,
inq_writekey_parms, &parms, NULL, NULL);
return map_assuan_err (rc);
}
/* Status callback for the SCD GENKEY command. */
static AssuanError
@ -765,7 +816,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
int
agent_scd_pksign (const char *serialno, int hashalgo,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen)
unsigned char **r_buf, size_t *r_buflen)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
@ -822,7 +873,7 @@ agent_scd_pksign (const char *serialno, int hashalgo,
int
agent_scd_pkdecrypt (const char *serialno,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen)
unsigned char **r_buf, size_t *r_buflen)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];

8
g10/call-agent.h
View File

@ -82,6 +82,10 @@ int agent_scd_setattr (const char *name,
const unsigned char *value, size_t valuelen,
const char *serialno);
/* Send a WRITEKEY command to the SCdaemon. */
int agent_scd_writekey (int keyno, const char *serialno,
const unsigned char *keydata, size_t keydatalen);
/* Send a GENKEY command to the SCdaemon. */
int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
const char *serialno);
@ -89,12 +93,12 @@ int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
/* Send a PKSIGN command to the SCdaemon. */
int agent_scd_pksign (const char *keyid, int hashalgo,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen);
unsigned char **r_buf, size_t *r_buflen);
/* Send a PKDECRYPT command to the SCdaemon. */
int agent_scd_pkdecrypt (const char *serialno,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen);
unsigned char **r_buf, size_t *r_buflen);
/* Change the PIN of an OpenPGP card or reset the retry counter. */
int agent_scd_change_pin (int chvno, const char *serialno);

8
g10/gpg.c
View File

@ -1434,7 +1434,9 @@ list_config(char *items)
if(show_all || ascii_strcasecmp(name,"ccid-reader-id")==0)
{
#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB)
#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) \
&& GNUPG_MAJOR_VERSION == 1
char *p, *p2, *list = ccid_get_reader_list ();
for (p=list; p && (p2 = strchr (p, '\n')); p = p2+1)
@ -3871,10 +3873,6 @@ emergency_cleanup (void)
void
g10_exit( int rc )
{
#ifdef ENABLE_CARD_SUPPORT
card_close ();
#endif
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
if ( (opt.debug & DBG_MEMSTAT_VALUE) )
{

1
g10/gpgv.c
View File

@ -49,6 +49,7 @@
#include "ttyio.h"
#include "i18n.h"
#include "status.h"
#include "call-agent.h"
enum cmd_and_opt_values { aNull = 0,

2
g10/keydb.h
View File

@ -292,6 +292,8 @@ const char *colon_datestr_from_sig (PKT_signature *sig);
const char *colon_expirestr_from_sig (PKT_signature *sig);
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
char *serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
PKT_secret_key *sk);
/*-- kbnode.c --*/
KBNODE new_kbnode( PACKET *pkt );

24
g10/keygen.c
View File

@ -2921,6 +2921,7 @@ generate_raw_key (int algo, unsigned int nbits, u32 created_at,
PKT_secret_key *sk = NULL;
int i;
size_t nskey, npkey;
gcry_sexp_t s_parms, s_key;
npkey = pubkey_get_npkey (algo);
nskey = pubkey_get_nskey (algo);
@ -3613,8 +3614,8 @@ gen_card_key (int algo, int keyno, int is_primary,
if ( !info.n || !info.e )
{
log_error ("communication error with SCD\n");
mpi_free (info.n);
mpi_free (info.e);
gcry_mpi_release (info.n);
gcry_mpi_release (info.e);
return gpg_error (GPG_ERR_GENERAL);
}
@ -3672,7 +3673,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
int rc;
const char *s;
PACKET *pkt;
PKT_secret_key *sk, *sk_unprotected, *sk_protected;
PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL;
PKT_public_key *pk;
size_t n;
int i;
@ -3697,7 +3698,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
n = pubkey_get_nskey (sk->pubkey_algo);
for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
{
mpi_free (sk->skey[i]);
gcry_mpi_release (sk->skey[i]);
sk->skey[i] = NULL;
}
i = pubkey_get_npkey (sk->pubkey_algo);
@ -3733,12 +3734,13 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
umask (oldmask);
if (!fp)
{
rc = gpg_error_from_errno (errno);
log_error (_("can't create backup file `%s': %s\n"),
fname, strerror(errno) );
xfree (fname);
free_secret_key (sk_unprotected);
free_secret_key (sk_protected);
return G10ERR_OPEN_FILE;
return rc;
}
pkt = xcalloc (1, sizeof *pkt);
@ -3754,7 +3756,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
}
else
{
byte array[MAX_FINGERPRINT_LEN];
unsigned char array[MAX_FINGERPRINT_LEN];
char *fprbuf, *p;
iobuf_close (fp);
@ -3831,11 +3833,11 @@ save_unprotected_key_to_card (PKT_secret_key *sk, int keyno)
assert (!sk->is_protected);
/* Copy the parameters into straight buffers. */
rsa_n = mpi_get_secure_buffer (sk->skey[0], &rsa_n_len, NULL);
rsa_e = mpi_get_secure_buffer (sk->skey[1], &rsa_e_len, NULL);
rsa_p = mpi_get_secure_buffer (sk->skey[3], &rsa_p_len, NULL);
rsa_q = mpi_get_secure_buffer (sk->skey[4], &rsa_q_len, NULL);
if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]);
gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]);
gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[2]);
gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[3]);
if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
{
rc = G10ERR_INV_ARG;
goto leave;

25
g10/keyid.c
View File

@ -812,3 +812,28 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
*ret_len = len;
return array;
}
/* Create a serialno/fpr string from the serial number and the secret
key. Caller must free the returned string. There is no error
return. */
char *
serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
PKT_secret_key *sk)
{
unsigned char fpr[MAX_FINGERPRINT_LEN];
size_t fprlen;
char *buffer, *p;
int i;
fingerprint_from_sk (sk, fpr, &fprlen);
buffer = p = xmalloc (snlen*2 + 1 + fprlen*2 + 1);
for (i=0; i < snlen; i++, p+=2)
sprintf (p, "%02X", sn[i]);
*p++ = '/';
for (i=0; i < fprlen; i++, p+=2)
sprintf (p, "%02X", fpr[i]);
*p = 0;
return buffer;
}

4
g10/keyserver.c
View File

@ -941,7 +941,11 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
return 0;
}
#if GNUPG_MAJOR_VERSION == 2
#define GPGKEYS_PREFIX "gpg2keys_"
#else
#define GPGKEYS_PREFIX "gpgkeys_"
#endif
#define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
#define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""

5
g10/misc.c
View File

@ -64,6 +64,7 @@
#include "main.h"
#include "photoid.h"
#include "options.h"
#include "call-agent.h"
#include "i18n.h"
@ -490,7 +491,9 @@ idea_cipher_warn(int show)
}
#endif
static unsigned long get_signature_count(PKT_secret_key *sk)
static unsigned long
get_signature_count (PKT_secret_key *sk)
{
#ifdef ENABLE_CARD_SUPPORT
if(sk && sk->is_protected && sk->protect.s2k.mode==1002)

1
g10/pubkey-enc.c
View File

@ -37,6 +37,7 @@
#include "main.h"
#include "i18n.h"
#include "pkglue.h"
#include "call-agent.h"
static int get_it( PKT_pubkey_enc *k,

5
include/ChangeLog
View File

@ -1,3 +1,8 @@
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.h: Moved to ../common.
* http.h: Retired.
2006-04-28 Werner Koch <wk@g10code.com>
* cipher.h (DIGEST_ALGO_SHA224): Define it.

1
include/distfiles
View File

@ -7,7 +7,6 @@ util.h
i18n.h
host2net.h
http.h
keyserver.h
_regex.h
ChangeLog

3
include/http.h
View File

@ -23,6 +23,9 @@
#ifndef G10_HTTP_H
#define G10_HTTP_H 1
#error this file should not be used anymore
#include "../common/iobuf.h"
struct uri_tuple {

17
keyserver/ChangeLog
View File

@ -1,3 +1,20 @@
2006-08-16 Werner Koch <wk@g10code.com>
* Makefile.am: Renamed all binaries to gpg2keys_*.
(gpg2keys_ldap_CPPFLAGS): Add AM_CPPFLAGS.
2006-08-15 Werner Koch <wk@g10code.com>
* Makefile.am: Adjusted to the gnupg2 framework.
2006-08-14 Werner Koch <wk@g10code.com>
* curl-shil.c, curl-shim.h: Changed to make use of the new http.c
API.
* curl-shim.c (curl_easy_perform): Add missing http_close to the
POST case.
2006-07-24 David Shaw <dshaw@jabberwocky.com> (wk)
* curl-shim.c (curl_easy_perform): Minor cleanup of proxy code.

55
keyserver/Makefile.am
View File

@ -18,36 +18,47 @@
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
EXTRA_PROGRAMS = gpgkeys_ldap gpgkeys_hkp gpgkeys_finger gpgkeys_curl
EXTRA_SCRIPTS = gpgkeys_mailto
EXTRA_PROGRAMS = gpg2keys_ldap gpg2keys_hkp gpg2keys_finger gpg2keys_curl
EXTRA_SCRIPTS = gpg2keys_mailto
gpglibexecdir = $(libexecdir)/@PACKAGE@
AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
gpglibexec_PROGRAMS = @GPGKEYS_LDAP@ @GPGKEYS_HKP@ @GPGKEYS_FINGER@ @GPGKEYS_CURL@
gpglibexec_SCRIPTS = @GPGKEYS_MAILTO@
AM_CFLAGS = $(LIBGCRYPT_CFLAGS)
include $(top_srcdir)/am/cmacros.am
libexec_PROGRAMS = $(GPGKEYS_LDAP) $(GPGKEYS_HKP) $(GPGKEYS_FINGER) \
$(GPGKEYS_CURL)
libexec_SCRIPTS = $(GPGKEYS_MAILTO)
noinst_SCRIPTS = gpgkeys_test
gpgkeys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h
gpgkeys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
gpgkeys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
gpgkeys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
needed_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@
gpgkeys_ldap_LDADD = ../util/libutil.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h
gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
gpgkeys_finger_LDADD = ../util/libutil.a @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
gpg2keys_ldap_LDADD = $(needed_libs) $(LDAPLIBS) $(NETLIBS) \
$(other_libs) $(W32LIBS)
gpg2keys_finger_LDADD = $(needed_libs) $(LIBGCRYPT_LIBS) \
$(NETLIBS) $(other_libs) $(W32LIBS)
if FAKE_CURL
gpgkeys_curl_SOURCES += curl-shim.c curl-shim.h
gpgkeys_curl_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
gpgkeys_hkp_SOURCES += curl-shim.c curl-shim.h
gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
gpg2keys_curl_LDADD = $(needed_libs) $(NETLIBS) $(DNSLIBS) \
$(other_libs) $(W32LIBS)
gpg2keys_hkp_SOURCES += curl-shim.c curl-shim.h
gpg2keys_hkp_LDADD = $(needed_libs) $(NETLIBS) $(DNSLIBS) \
$(other_libs) $(W32LIBS)
else
gpgkeys_curl_CPPFLAGS = @LIBCURL_CPPFLAGS@
gpgkeys_curl_LDADD = @LIBCURL@ @GETOPT@
gpgkeys_hkp_CPPFLAGS = @LIBCURL_CPPFLAGS@
gpgkeys_hkp_LDADD = @LIBCURL@ @GETOPT@
gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
gpg2keys_curl_LDADD = $(LIBCURL) $(GETOPT)
gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
gpg2keys_hkp_LDADD = $(LIBCURL) $(GETOPT)
endif

69
keyserver/curl-shim.c
View File

@ -27,6 +27,7 @@
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include "http.h"
#include "util.h"
#include "ksutil.h"
@ -100,7 +101,11 @@ curl_easy_init(void)
void
curl_easy_cleanup(CURL *curl)
{
free(curl);
if (curl)
{
http_close (curl->hd);
free(curl);
}
}
CURLcode
@ -177,42 +182,46 @@ curl_easy_perform(CURL *curl)
if(curl->flags.post)
{
rc=http_open(&curl->hd,HTTP_REQ_POST,curl->url,curl->auth,0,proxy);
if(rc==0)
rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
0, proxy, NULL);
if (!rc)
{
char content_len[50];
unsigned int post_len=strlen(curl->postfields);
unsigned int post_len = strlen(curl->postfields);
iobuf_writestr(curl->hd.fp_write,
"Content-Type: application/x-www-form-urlencoded\r\n");
sprintf(content_len,"Content-Length: %u\r\n",post_len);
es_fprintf (http_get_write_ptr (curl->hd),
"Content-Type: application/x-www-form-urlencoded\r\n"
"Content-Length: %u\r\n", post_len);
http_start_data (curl->hd);
es_write (http_get_write_ptr (curl->hd),
curl->postfields, post_len, NULL);
iobuf_writestr(curl->hd.fp_write,content_len);
http_start_data(&curl->hd);
iobuf_write(curl->hd.fp_write,curl->postfields,post_len);
rc=http_wait_response(&curl->hd,&curl->status);
if(rc==0 && curl->flags.failonerror && curl->status>=300)
err=CURLE_HTTP_RETURNED_ERROR;
rc = http_wait_response (curl->hd);
curl->status = http_get_status_code (curl->hd);
if (!rc && curl->flags.failonerror && curl->status>=300)
err = CURLE_HTTP_RETURNED_ERROR;
http_close(curl->hd);
curl->hd = NULL;
}
}
else
{
rc=http_open(&curl->hd,HTTP_REQ_GET,curl->url,curl->auth,0,proxy);
if(rc==0)
rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
0, proxy, NULL);
if (!rc)
{
rc=http_wait_response(&curl->hd,&curl->status);
if(rc==0)
rc = http_wait_response (curl->hd);
curl->status = http_get_status_code (curl->hd);
if (!rc)
{
if(curl->flags.failonerror && curl->status>=300)
err=CURLE_HTTP_RETURNED_ERROR;
if (curl->flags.failonerror && curl->status>=300)
err = CURLE_HTTP_RETURNED_ERROR;
else
{
unsigned int maxlen=1024,buflen,len;
byte *line=NULL;
unsigned int maxlen = 1024, buflen, len;
unsigned char *line = NULL;
while((len=iobuf_read_line(curl->hd.fp_read,
&line,&buflen,&maxlen)))
while ((len = es_read_line (http_get_read_ptr (curl->hd),
&line, &buflen, &maxlen)))
{
size_t ret;
@ -226,12 +235,16 @@ curl_easy_perform(CURL *curl)
}
}
xfree(line);
http_close(&curl->hd);
es_free (line);
http_close(curl->hd);
curl->hd = NULL;
}
}
else
http_close(&curl->hd);
{
http_close (curl->hd);
curl->hd = NULL;
}
}
}

2
keyserver/curl-shim.h
View File

@ -73,7 +73,7 @@ typedef struct
unsigned int failonerror:1;
unsigned int verbose:1;
} flags;
struct http_context hd;
http_t hd;
} CURL;
#define CURL_ERROR_SIZE 256

3
keyserver/gpgkeys_finger.c
View File

@ -46,6 +46,7 @@
#include "util.h"
#include "keyserver.h"
#include "ksutil.h"
#include "iobuf.h"
#ifdef _WIN32
#define sock_close(a) closesocket(a)
@ -289,7 +290,7 @@ get_key (char *getkey)
{
int rc;
int sock;
IOBUF fp_read;
iobuf_t fp_read;
unsigned int maxlen, buflen, gotit=0;
byte *line = NULL;

2
m4/Makefile.am
View File

@ -1,6 +1,6 @@
EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4
EXTRA_DIST += ldap.m4
EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4

2
m4/ldap.m4
View File

@ -65,7 +65,7 @@ if test x$_ldap_with != xno ; then
if test "$gnupg_cv_func_ldap_init" = yes || \
test "$gnupg_cv_func_ldaplber_init" = yes ; then
LDAPLIBS="$LDAP_LDFLAGS $MY_LDAPLIBS"
GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT"
GPGKEYS_LDAP="gpg2keys_ldap$EXEEXT"
AC_CHECK_FUNCS(ldap_get_option ldap_set_option ldap_start_tls_s)

6
sm/certreqgen.c
View File

@ -467,7 +467,7 @@ proc_parameters (ctrl_t ctrl,
return gpg_error (GPG_ERR_INV_PARAMETER);
}
/* check the keylength */
/* Check the keylength. */
if (!get_parameter (para, pKEYLENGTH, 0))
nbits = 1024;
else
@ -481,7 +481,7 @@ proc_parameters (ctrl_t ctrl,
return gpg_error (GPG_ERR_INV_PARAMETER);
}
/* check the usage */
/* Check the usage. */
if (parse_parameter_usage (para, pKEYUSAGE))
return gpg_error (GPG_ERR_INV_PARAMETER);
@ -493,7 +493,6 @@ proc_parameters (ctrl_t ctrl,
log_error (_("line %d: no subject name given\n"), r->lnr);
return gpg_error (GPG_ERR_INV_PARAMETER);
}
#if HAVE_KSBA_DN_TESTSTR
err = ksba_dn_teststr (s, 0, &erroff, &errlen);
if (err)
{
@ -507,7 +506,6 @@ proc_parameters (ctrl_t ctrl,
return gpg_error (GPG_ERR_INV_PARAMETER);
}
#endif /*HAVE_KSBA_DN_TESTSTR*/
/* Check that the optional email address is okay. */
for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)