security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

With --enable-gpg the keyservers are now build and a first test using gpg2

Browse Source 
shows no prblems.   Needs more testing of course.
This commit is contained in:
Werner Koch 2006-08-16 10:47:53 +00:00
parent 5be40e9fad
commit b744f963d7
36 changed files with 952 additions and 372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2006-08-15 Werner Koch <wk@g10code.com>
* Makefile.am (keyserver): Enable building of keyserver helpers.
* configure.ac: Merged with the current configure from 1.4.5.
Require libgpg-error 1.2 and libksba 0.9.16.
2006-07-29 Marcus Brinkmann <marcus@g10code.de> 2006-07-29 Marcus Brinkmann <marcus@g10code.de>
* README: Spelling fixes. * README: Spelling fixes.

3
Makefile.am
View File

@ -35,8 +35,7 @@ endif
if BUILD_GPG if BUILD_GPG
gpg = g10 gpg = g10
# fixme: Noy yet ready for a build keyserver = keyserver
keyserver =
else else
gpg = gpg =
keyserver = keyserver =

6
TODO
View File

@ -119,3 +119,9 @@ might want to have an agent context for each service request
Add completion support. Add completion support.
** yesno ** yesno
Update to gpg 1.4.3 version Update to gpg 1.4.3 version
what about gnupg_use_iconv?
Extend selinux support to other modules
Does the check for Linux capabilities still makes sense?

8
agent/ChangeLog
View File

@ -1,3 +1,9 @@
2006-07-31 Werner Koch <wk@g10code.com>
* preset-passphrase.c (make_hexstring): For conistency use
xtrymalloc and changed caller to use xfree. Fixed function
comment.
2006-07-29 Marcus Brinkmann <marcus@g10code.de> 2006-07-29 Marcus Brinkmann <marcus@g10code.de>
* preset-passphrase.c (preset_passphrase): Do not strip off last * preset-passphrase.c (preset_passphrase): Do not strip off last
@ -23,7 +29,7 @@
2006-06-26 Werner Koch <wk@g10code.com> 2006-06-26 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_signal): Print infor for SIGUSR2 only in * gpg-agent.c (handle_signal): Print info for SIGUSR2 only in
verbose mode. verbose mode.
2006-06-22 Werner Koch <wk@g10code.com> 2006-06-22 Werner Koch <wk@g10code.com>

8
agent/preset-passphrase.c
View File

@ -152,8 +152,8 @@ map_spwq_error (int err)
} }
/* Percent-Escape special characters. The string is valid until the /* Convert the string SRC into HEX encoding. Caller needs to xfree
next invocation of the function. */ the returned string. */
static char * static char *
make_hexstring (const char *src) make_hexstring (const char *src)
{ {
@ -161,7 +161,7 @@ make_hexstring (const char *src)
char *dst; char *dst;
char *res; char *res;
res = dst = malloc (len); res = dst = xtrymalloc (len);
if (!dst) if (!dst)
{ {
log_error ("can not escape string: %s\n", log_error ("can not escape string: %s\n",
@ -225,7 +225,7 @@ preset_passphrase (const char *keygrip)
rc = asprintf (&line, "PRESET_PASSPHRASE %s -1 %s\n", keygrip, rc = asprintf (&line, "PRESET_PASSPHRASE %s -1 %s\n", keygrip,
passphrase_esc); passphrase_esc);
wipememory (passphrase_esc, strlen (passphrase_esc)); wipememory (passphrase_esc, strlen (passphrase_esc));
free (passphrase_esc); xfree (passphrase_esc);
if (rc < 0) if (rc < 0)
{ {

8
common/ChangeLog
View File

@ -1,3 +1,11 @@
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.h: Moved from ../include to here.
* http.c: Include srv.h.
* srv.c, srv.h: New. Taken from GnuPG 1.4
2006-08-14 Werner Koch <wk@g10code.com> 2006-08-14 Werner Koch <wk@g10code.com>
* http.h (struct http_context_s): Moved to implementation. * http.h (struct http_context_s): Moved to implementation.

1
common/Makefile.am
View File

@ -51,6 +51,7 @@ libcommon_a_SOURCES = \
signal.c \ signal.c \
dynload.h \ dynload.h \
estream.c estream.h \ estream.c estream.h \
srv.c srv.h \
dns-cert.c dns-cert.h \ dns-cert.c dns-cert.h \
pka.c pka.h \ pka.c pka.h \
http.c http.h http.c http.h

7
common/http.c
View File

@ -67,10 +67,11 @@ typedef gnutls_transport_ptr gnutls_transport_ptr_t;
#include "util.h" #include "util.h"
#include "http.h" #include "http.h"
#ifdef USE_DNS_SRV
#include "srv.h"
#else /*!USE_DNS_SRV*/
/* If we are not compiling with SRV record support we provide stub /* If we are not compiling with SRV record support we provide stub
data structures. */ data structures. */
#ifndef USE_DNS_SRV
#ifndef MAXDNAME #ifndef MAXDNAME
#define MAXDNAME 1025 #define MAXDNAME 1025
#endif #endif
@ -1366,7 +1367,7 @@ connect_server (const char *server, unsigned short port,
{ {
char srvname[MAXDNAME]; char srvname[MAXDNAME];
stprcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag), stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
"._tcp."), server); "._tcp."), server);
srvcount = getsrv (srvname, &serverlist); srvcount = getsrv (srvname, &serverlist);
} }

8
include/keyserver.h → common/keyserver.h
View File

@ -1,4 +1,4 @@
/* keyserver.h /* keyserver.h - Public definitions for gpg keyserver helpers.
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
@ -19,8 +19,8 @@
* USA. * USA.
*/ */
#ifndef _KEYSERVER_H_ #ifndef GNUPG_COMMON_KEYSERVER_H
#define _KEYSERVER_H_ #define GNUPG_COMMON_KEYSERVER_H
#define KEYSERVER_PROTO_VERSION 1 #define KEYSERVER_PROTO_VERSION 1
@ -41,4 +41,4 @@
/* Must be 127 due to shell internal magic. */ /* Must be 127 due to shell internal magic. */
#define KEYSERVER_SCHEME_NOT_FOUND 127 #define KEYSERVER_SCHEME_NOT_FOUND 127
#endif /* !_KEYSERVER_H_ */ #endif /*GNUPG_COMMON_KEYSERVER_H*/

257
common/srv.c Normal file
View File

@ -0,0 +1,257 @@
/* srv.c - DNS SRV code
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
* USA.
*/
#include <config.h>
#include <sys/types.h>
#ifdef _WIN32
#include <windows.h>
#else
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#endif
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "util.h"
#include "srv.h"
/* Not every installation has gotten around to supporting SRVs
yet... */
#ifndef T_SRV
#define T_SRV 33
#endif
static int
priosort(const void *a,const void *b)
{
const struct srventry *sa=a,*sb=b;
if(sa->priority>sb->priority)
return 1;
else if(sa->priority<sb->priority)
return -1;
else
return 0;
}
int
getsrv(const char *name,struct srventry **list)
{
unsigned char answer[PACKETSZ];
int r,srvcount=0;
unsigned char *pt,*emsg;
u16 count,dlen;
*list=NULL;
r=res_query(name,C_IN,T_SRV,answer,PACKETSZ);
if(r<sizeof(HEADER) || r>PACKETSZ)
return -1;
if((((HEADER *)answer)->rcode)==NOERROR &&
(count=ntohs(((HEADER *)answer)->ancount)))
{
int i,rc;
emsg=&answer[r];
pt=&answer[sizeof(HEADER)];
/* Skip over the query */
rc=dn_skipname(pt,emsg);
if(rc==-1)
goto fail;
pt+=rc+QFIXEDSZ;
while(count-->0 && pt<emsg)
{
struct srventry *srv=NULL;
u16 type,class;
*list=xrealloc(*list,(srvcount+1)*sizeof(struct srventry));
memset(&(*list)[srvcount],0,sizeof(struct srventry));
srv=&(*list)[srvcount];
srvcount++;
rc=dn_skipname(pt,emsg); /* the name we just queried for */
if(rc==-1)
goto fail;
pt+=rc;
/* Truncated message? */
if((emsg-pt)<16)
goto fail;
type=*pt++ << 8;
type|=*pt++;
/* We asked for SRV and got something else !? */
if(type!=T_SRV)
goto fail;
class=*pt++ << 8;
class|=*pt++;
/* We asked for IN and got something else !? */
if(class!=C_IN)
goto fail;
pt+=4; /* ttl */
dlen=*pt++ << 8;
dlen|=*pt++;
srv->priority=*pt++ << 8;
srv->priority|=*pt++;
srv->weight=*pt++ << 8;
srv->weight|=*pt++;
srv->port=*pt++ << 8;
srv->port|=*pt++;
/* Get the name. 2782 doesn't allow name compression, but
dn_expand still works to pull the name out of the
packet. */
rc=dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
if(rc==1 && srv->target[0]==0) /* "." */
goto noanswer;
if(rc==-1)
goto fail;
pt+=rc;
/* Corrupt packet? */
if(dlen!=rc+6)
goto fail;
#if 0
printf("count=%d\n",srvcount);
printf("priority=%d\n",srv->priority);
printf("weight=%d\n",srv->weight);
printf("port=%d\n",srv->port);
printf("target=%s\n",srv->target);
#endif
}
/* Now we have an array of all the srv records. */
/* Order by priority */
qsort(*list,srvcount,sizeof(struct srventry),priosort);
/* For each priority, move the zero-weighted items first. */
for(i=0;i<srvcount;i++)
{
int j;
for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
if((*list)[j].weight==0)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy(&temp,&(*list)[j],sizeof(struct srventry));
memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy(&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
/* Run the RFC-2782 weighting algorithm. We don't need very
high quality randomness for this, so regular libc srand/rand
is sufficient. */
srand(time(NULL)*getpid());
for(i=0;i<srvcount;i++)
{
int j;
float prio_count=0,chose;
for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
prio_count+=(*list)[j].weight;
(*list)[j].run_count=prio_count;
}
chose=prio_count*rand()/RAND_MAX;
for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
if(chose<=(*list)[j].run_count)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy(&temp,&(*list)[j],sizeof(struct srventry));
memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy(&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
}
return srvcount;
noanswer:
xfree(*list);
*list=NULL;
return 0;
fail:
xfree(*list);
*list=NULL;
return -1;
}
#ifdef TEST
int
main(int argc,char *argv[])
{
struct srventry *srv;
int rc,i;
rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
printf("Count=%d\n\n",rc);
for(i=0;i<rc;i++)
{
printf("priority=%hu\n",srv[i].priority);
printf("weight=%hu\n",srv[i].weight);
printf("port=%hu\n",srv[i].port);
printf("target=%s\n",srv[i].target);
printf("\n");
}
xfree(srv);
return 0;
}
#endif /* TEST */
/*
Local Variables:
compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv libutil.a"
End:
*/

51
common/srv.h Normal file
View File

@ -0,0 +1,51 @@
/* srv.h
* Copyright (C) 2003, 2004 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
* USA.
*/
#ifndef GNUPG_COMMON_SRV_H
#define GNUPG_COMMON_SRV_H
#ifdef USE_DNS_SRV
#ifdef _WIN32
#include <windows.h>
#else
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#endif /* !_WIN32 */
#endif /* USE_DNS_SRV */
#ifndef MAXDNAME
#define MAXDNAME 1025
#endif
struct srventry
{
unsigned short priority;
unsigned short weight;
unsigned short port;
int run_count;
char target[MAXDNAME];
};
int getsrv(const char *name,struct srventry **list);
#endif /*GNUPG_COMMON_SRV_H*/

627
configure.ac
View File

@ -33,19 +33,20 @@ m4_define([my_issvn], [yes])
m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \ m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
|| echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q}')])) || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q}')]))
AC_INIT([gnupg], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]), AC_INIT([gnupg], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]),
[gnupg-devel@gnupg.org]) [bug-gnupg@gnupg.org])
# Set development_version to yes if the minor number is odd or you # Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not # feel that the default check for a development version is not
# sufficient. # sufficient.
development_version=yes development_version=yes
NEED_GPG_ERROR_VERSION=1.0
NEED_GPG_ERROR_VERSION=1.2
NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.1.94 NEED_LIBGCRYPT_VERSION=1.1.94
NEED_LIBASSUAN_VERSION=0.6.10 NEED_LIBASSUAN_VERSION=0.6.10
NEED_KSBA_VERSION=0.9.13 NEED_KSBA_VERSION=0.9.16
PACKAGE=$PACKAGE_NAME PACKAGE=$PACKAGE_NAME
@ -61,20 +62,24 @@ AB_INIT
AC_GNU_SOURCE AC_GNU_SOURCE
# Some status variables to give feedback at the end of a configure run # Some status variables.
have_gpg_error=no have_gpg_error=no
have_libgcrypt=no have_libgcrypt=no
have_libassuan=no have_libassuan=no
have_ksba=no have_ksba=no
have_pth=no have_pth=no
use_bzip2=yes
use_exec=yes
disable_keyserver_path=no
GNUPG_BUILD_PROGRAM(gpg, no) GNUPG_BUILD_PROGRAM(gpg, no)
GNUPG_BUILD_PROGRAM(gpgsm, yes) GNUPG_BUILD_PROGRAM(gpgsm, yes)
GNUPG_BUILD_PROGRAM(agent, yes) GNUPG_BUILD_PROGRAM(agent, yes)
GNUPG_BUILD_PROGRAM(scdaemon, yes) GNUPG_BUILD_PROGRAM(scdaemon, yes)
GNUPG_BUILD_PROGRAM(symcryptrun, no) GNUPG_BUILD_PROGRAM(symcryptrun, no)
AC_SUBST(PACKAGE) AC_SUBST(PACKAGE)
AC_SUBST(PACKAGE_GT) AC_SUBST(PACKAGE_GT)
AC_SUBST(VERSION) AC_SUBST(VERSION)
@ -140,8 +145,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \
&& show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM" && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
# Some folks want to use only the agent from this packet. Make it
# Some folks want to use only the agent form this packet. Make it
# easier for them by providing the configure option # easier for them by providing the configure option
# --enable-only-agent. # --enable-only-agent.
AC_ARG_ENABLE(agent-only, AC_ARG_ENABLE(agent-only,
@ -149,9 +153,17 @@ AC_ARG_ENABLE(agent-only,
build_agent_only=$enableval) build_agent_only=$enableval)
# SELinux support includes tracking of sensitive files to avoid
# leaking their contents through processing these files by gpg itself
AC_MSG_CHECKING([whether SELinux support is requested])
AC_ARG_ENABLE(selinux-support,
AC_HELP_STRING([--enable-selinux-support],
[enable SELinux support]),
selinux_support=$enableval, selinux_support=no)
AC_MSG_RESULT($selinux_support)
# Allow disabling of bzib2 support. # Allow disabling of bzib2 support.
# It is defined only after we confirm the library is available later # It is defined only after we confirm the library is available later
use_bzip2=yes
AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm]) AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
AC_ARG_ENABLE(bzip2, AC_ARG_ENABLE(bzip2,
AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]), AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
@ -204,92 +216,102 @@ if test "$use_exec" = yes ; then
AC_MSG_RESULT($enableval) AC_MSG_RESULT($enableval)
if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
# LDAP is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether LDAP keyserver support is requested]) AC_MSG_CHECKING([whether LDAP keyserver support is requested])
AC_ARG_ENABLE(ldap, AC_ARG_ENABLE(ldap,
[ --disable-ldap disable LDAP keyserver interface], AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
try_ldap=$enableval, try_ldap=yes) try_ldap=$enableval, try_ldap=yes)
AC_MSG_RESULT($try_ldap) AC_MSG_RESULT($try_ldap)
AC_MSG_CHECKING([whether HKP keyserver support is requested]) AC_MSG_CHECKING([whether HKP keyserver support is requested])
AC_ARG_ENABLE(hkp, AC_ARG_ENABLE(hkp,
[ --disable-hkp disable HKP keyserver interface], AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
try_hkp=$enableval, try_hkp=yes) try_hkp=$enableval, try_hkp=yes)
AC_MSG_RESULT($try_hkp) AC_MSG_RESULT($try_hkp)
if test "$try_hkp" = yes ; then AC_MSG_CHECKING([whether finger key fetching support is requested])
AC_SUBST(GPGKEYS_HKP,"gpgkeys_hkp$EXEEXT") AC_ARG_ENABLE(finger,
fi AC_HELP_STRING([--disable-finger],
[disable finger key fetching interface only]),
try_finger=$enableval, try_finger=yes)
AC_MSG_RESULT($try_finger)
AC_MSG_CHECKING([whether generic object key fetching support is requested])
AC_ARG_ENABLE(generic,
AC_HELP_STRING([--disable-generic],
[disable generic object key fetching interface only]),
try_generic=$enableval, try_generic=yes)
AC_MSG_RESULT($try_generic)
AC_MSG_CHECKING([whether email keyserver support is requested]) AC_MSG_CHECKING([whether email keyserver support is requested])
AC_ARG_ENABLE(mailto, AC_ARG_ENABLE(mailto,
[ --disable-mailto disable email keyserver interface], AC_HELP_STRING([--enable-mailto],
try_mailto=$enableval, try_mailto=yes) [enable email keyserver interface only]),
try_mailto=$enableval, try_mailto=no)
AC_MSG_RESULT($try_mailto) AC_MSG_RESULT($try_mailto)
fi fi
AC_MSG_CHECKING([whether keyserver exec-path is enabled]) AC_MSG_CHECKING([whether keyserver exec-path is enabled])
AC_ARG_ENABLE(keyserver-path, AC_ARG_ENABLE(keyserver-path,
[ --disable-keyserver-path disable the exec-path option for keyserver helpers], AC_HELP_STRING([--disable-keyserver-path],
[if test "$enableval" = no ; then [disable the exec-path option for keyserver helpers]),
AC_DEFINE(DISABLE_KEYSERVER_PATH,1,[define to disable exec-path for keyserver helpers]) [if test "$enableval" = no ; then
fi],enableval=yes) disable_keyserver_path=yes
fi],enableval=yes)
AC_MSG_RESULT($enableval) AC_MSG_RESULT($enableval)
fi fi
dnl #
dnl Check for the key/uid cache size. This can't be zero, but can be # Check for the key/uid cache size. This can't be zero, but can be
dnl pretty small on embedded systems. # pretty small on embedded systems. This is used for the gpg part.
dnl #
AC_MSG_CHECKING([for the size of the key and uid cache]) AC_MSG_CHECKING([for the size of the key and uid cache])
AC_ARG_ENABLE(key-cache, AC_ARG_ENABLE(key-cache,
AC_HELP_STRING([--enable-key-cache=SIZE],[Set key cache to SIZE (default 4096)]),,enableval=4096) AC_HELP_STRING([--enable-key-cache=SIZE],
[Set key cache to SIZE (default 4096)]),,enableval=4096)
if test "$enableval" = "no"; then if test "$enableval" = "no"; then
enableval=5 enableval=5
elif test "$enableval" = "yes" || test "$enableval" = ""; then elif test "$enableval" = "yes" || test "$enableval" = ""; then
enableval=4096 enableval=4096
fi fi
changequote(,)dnl changequote(,)dnl
key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'` key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
changequote([,])dnl changequote([,])dnl
if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
AC_MSG_ERROR([invalid key-cache size]) AC_MSG_ERROR([invalid key-cache size])
fi fi
AC_MSG_RESULT($key_cache_size) AC_MSG_RESULT($key_cache_size)
AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,[Size of the key and UID caches]) AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,
[Size of the key and UID caches])
dnl #
dnl Check whether we want to use Linux capabilities # Check whether we want to use Linux capabilities
dnl #
AC_MSG_CHECKING([whether use of capabilities is requested]) AC_MSG_CHECKING([whether use of capabilities is requested])
AC_ARG_WITH(capabilities, AC_ARG_WITH(capabilities,
[ --with-capabilities use linux capabilities [default=no]], [ --with-capabilities use linux capabilities [default=no]],
[use_capabilities="$withval"],[use_capabilities=no]) [use_capabilities="$withval"],[use_capabilities=no])
AC_MSG_RESULT($use_capabilities) AC_MSG_RESULT($use_capabilities)
#
# To avoid double inclusion of config.h which might happen at some
# places, we add the usual double inclusion protection at the top of
# config.h.
#
AH_TOP([
#ifndef GNUPG_CONFIG_H_INCLUDED
#define GNUPG_CONFIG_H_INCLUDED
])
#
# Stuff which goes at the bottom of config.h.
#
AH_BOTTOM([ AH_BOTTOM([
/* Some global constants. */
#ifdef HAVE_DRIVE_LETTERS
#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
#elif defined(__VMS)
#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
#else
#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
#endif
#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
/* Tell libgcrypt not to use its own libgpg-error implementation. */
#define USE_LIBGPG_ERROR 1
/* This is the major version number of GnuPG so that /* This is the major version number of GnuPG so that
source included files can test for this. Note, that\ source included files can test for this. Note, that
we use 2 here even for GnuPG 1.9.x. */ we use 2 here even for GnuPG 1.9.x. */
#define GNUPG_MAJOR_VERSION 2 #define GNUPG_MAJOR_VERSION 2
@ -322,6 +344,16 @@ AH_BOTTOM([
#define SAFE_VERSION_DOT '.' #define SAFE_VERSION_DOT '.'
#define SAFE_VERSION_DASH '-' #define SAFE_VERSION_DASH '-'
/* Some global constants. */
#ifdef HAVE_DRIVE_LETTERS
#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
#elif defined(__VMS)
#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
#else
#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
#endif
#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
/* For some systems (DOS currently), we hardcode the path here. For /* For some systems (DOS currently), we hardcode the path here. For
POSIX systems the values are constructed by the Makefiles, so that POSIX systems the values are constructed by the Makefiles, so that
the values may be overridden by the make invocations; this is to the values may be overridden by the make invocations; this is to
@ -357,13 +389,37 @@ AH_BOTTOM([
#define EXEC_TEMPFILE_ONLY #define EXEC_TEMPFILE_ONLY
#endif #endif
/* Temporary hacks to avoid requring a libgpg-error update. */
#if !HAVE_DECL_GPG_ERR_LOCKED /* We didn't define endianness above, so get it from OS macros. This
#define GPG_ERR_LOCKED 173 is intended for making fat binary builds on OS X. */
#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
#if defined(__BIG_ENDIAN__)
#define BIG_ENDIAN_HOST 1
#elif defined(__LITTLE_ENDIAN__)
#define LITTLE_ENDIAN_HOST 1
#else
#error "No endianness found"
#endif
#endif #endif
/* Tell libgcrypt not to use its own libgpg-error implementation. */
#define USE_LIBGPG_ERROR 1
/* We use jnlib, so tell other modules about it. */
#define HAVE_JNLIB_LOGGING 1
/* Our HTTP code is used in estream mode. */
#define HTTP_USE_ESTREAM 1
/* We always include support for the OpenPGP card. */
#define ENABLE_CARD_SUPPORT 1
#endif /*GNUPG_CONFIG_H_INCLUDED*/
]) ])
AM_MAINTAINER_MODE AM_MAINTAINER_MODE
# Checks for programs. # Checks for programs.
@ -380,7 +436,6 @@ AC_PROG_CC
AC_PROG_CPP AC_PROG_CPP
AC_PROG_INSTALL AC_PROG_INSTALL
AC_PROG_LN_S AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_RANLIB AC_PROG_RANLIB
AC_CHECK_TOOL(AR, ar, :) AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl") AC_PATH_PROG(PERL,"perl")
@ -391,11 +446,13 @@ AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no)
AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes) AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
GNUPG_CHECK_FAQPROG GNUPG_CHECK_FAQPROG
GNUPG_CHECK_DOCBOOK_TO_TEXI GNUPG_CHECK_DOCBOOK_TO_TEXI
GNUPG_CHECK_USTAR
try_gettext=yes try_gettext=yes
have_dosish_system=no have_dosish_system=no
have_w32_system=no have_w32_system=no
use_simple_gettext=no
case "${host}" in case "${host}" in
*-mingw32*) *-mingw32*)
# special stuff for Windoze NT # special stuff for Windoze NT
@ -408,9 +465,11 @@ case "${host}" in
[because the Unix gettext has too much overhead on [because the Unix gettext has too much overhead on
MingW32 systems and these systems lack Posix functions, MingW32 systems and these systems lack Posix functions,
we use a simplified version of gettext]) we use a simplified version of gettext])
disable_keyserver_path=yes
have_dosish_system=yes have_dosish_system=yes
have_w32_system=yes have_w32_system=yes
try_gettext="no" try_gettext="no"
use_simple_gettext=yes
;; ;;
i?86-emx-os2 | i?86-*-os2*emx ) i?86-emx-os2 | i?86-*-os2*emx )
# OS/2 with the EMX environment # OS/2 with the EMX environment
@ -448,11 +507,11 @@ case "${host}" in
;; ;;
*-dec-osf5*) *-dec-osf5*)
if test -z "$GCC" ; then if test -z "$GCC" ; then
# Use the newer compiler `-msg_disable ptrmismatch' to # Use the newer compiler `-msg_disable ptrmismatch1' to
# get rid of the unsigned/signed char mismatch warnings. # get rid of the unsigned/signed char mismatch warnings.
# Using this may hide other pointer mismatch warnings, but # Using this may hide other pointer mismatch warnings, but
# it at least lets other warning classes through # it at least lets other warning classes through
CFLAGS="$CFLAGS -msg_disable ptrmismatch" CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
fi fi
;; ;;
m68k-atari-mint) m68k-atari-mint)
@ -469,14 +528,30 @@ if test "$have_dosish_system" = yes; then
fi fi
AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes) AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
if test "$have_w32_system" = yes; then if test "$have_w32_system" = yes; then
AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
fi fi
AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
# These need to go after AC_PROG_CC so that $EXEEXT is defined if test "$disable_keyserver_path" = yes; then
AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
[Defined to disable exec-path for keyserver helpers])
fi
# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any]) AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
if test x"$try_hkp" = xyes ; then
AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
fi
if test x"$try_finger" = xyes ; then
AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
fi
# #
# Checks for libraries. # Checks for libraries.
@ -513,15 +588,12 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_VERSION",
# libksba is our X.509 support library # libksba is our X.509 support library
# #
AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no) AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
# fixme: Remove the following test and require newer libksba instead.
_ksba_save_libs=$LIBS
LIBS=$KSBA_LIBS
AC_CHECK_FUNCS(ksba_dn_teststr)
LIBS=$_ksba_save_libs
# #
# libusb allows us to use the integrated CCID smartcard reader driver. # libusb allows us to use the integrated CCID smartcard reader driver.
# #
# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
AC_CHECK_LIB(usb, usb_bulk_write, AC_CHECK_LIB(usb, usb_bulk_write,
[ LIBUSB_LIBS="$LIBUSB_LIBS -lusb" [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
AC_DEFINE(HAVE_LIBUSB,1, AC_DEFINE(HAVE_LIBUSB,1,
@ -556,8 +628,9 @@ AC_DEFINE_UNQUOTED(SHRED,
"${SHRED}", [defines the filename of the shred program]) "${SHRED}", [defines the filename of the shred program])
# #
# Check whether the (highly desirable) GNU Pth library is available # Check whether the GNU Pth library is available
# Note, that we include a Pth emulation for W32. # Note, that we include a Pth emulation for W32.
# #
AC_ARG_WITH(pth-prefix, AC_ARG_WITH(pth-prefix,
@ -601,163 +674,166 @@ AC_SUBST(PTH_CFLAGS)
AC_SUBST(PTH_LIBS) AC_SUBST(PTH_LIBS)
dnl Must check for network library requirements before doing link tests #
dnl for ldap, for example. If ldap libs are static (or dynamic and without # Must check for network library requirements before doing link tests
dnl ELF runtime link paths), then link will fail and LDAP support won't # for ldap, for example. If ldap libs are static (or dynamic and without
dnl be detected. # ELF runtime link paths), then link will fail and LDAP support won't
# be detected.
#
AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname, AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname,
[NETLIBS="-lnsl $NETLIBS"])) [NETLIBS="-lnsl $NETLIBS"]))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt, AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
[NETLIBS="-lsocket $NETLIBS"])) [NETLIBS="-lsocket $NETLIBS"]))
dnl Now try for the resolver functions so we can use DNS SRV #
# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
#
if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
AC_ARG_ENABLE(dns-srv,
AC_HELP_STRING([--disable-dns-srv],
[disable the use of DNS SRV in HKP and HTTP]),
use_dns_srv=$enableval,use_dns_srv=yes)
fi
AC_ARG_ENABLE(dns-srv, AC_ARG_ENABLE(dns-pka,
AC_HELP_STRING([--disable-dns-srv],[disable the use of DNS SRV in HKP]), AC_HELP_STRING([--disable-dns-pka],
use_dns_srv=$enableval,use_dns_srv=yes) [disable the use of PKA records in DNS]),
use_dns_pka=$enableval,use_dns_pka=yes)
if test x"$try_hkp" = xyes && test x"$use_dns_srv" = xyes ; then AC_ARG_ENABLE(dns-cert,
_srv_save_libs=$LIBS AC_HELP_STRING([--disable-dns-cert],
[disable the use of CERT records in DNS]),
use_dns_cert=$enableval,use_dns_cert=yes)
if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
|| test x"$use_dns_cert" = xyes; then
_dns_save_libs=$LIBS
LIBS="" LIBS=""
# the double underscore thing is a glibc-ism? # the double underscore thing is a glibc-ism?
AC_SEARCH_LIBS(res_query,resolv bind,, AC_SEARCH_LIBS(res_query,resolv bind,,
AC_SEARCH_LIBS(__res_query,resolv bind,,use_dns_srv=no)) AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_expand,resolv bind,, AC_SEARCH_LIBS(dn_expand,resolv bind,,
AC_SEARCH_LIBS(__dn_expand,resolv bind,,use_dns_srv=no)) AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_skipname,resolv bind,, AC_SEARCH_LIBS(dn_skipname,resolv bind,,
AC_SEARCH_LIBS(__dn_skipname,resolv bind,,use_dns_srv=no)) AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
if test x"$use_dns_srv" = xyes ; then if test x"$have_resolver" != xno ; then
AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
SRVLIBS=$LIBS # Make sure that the BIND 4 resolver interface is workable before
else # enabling any code that calls it. At some point I'll rewrite the
AC_MSG_WARN([Resolver functions not found. Disabling DNS SRV.]) # code to use the BIND 8 resolver API.
AC_MSG_CHECKING([whether the resolver is usable])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>],
[[unsigned char answer[PACKETSZ];
res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
dn_skipname(0,0);
dn_expand(0,0,0,0,0);
]])],have_resolver=yes,have_resolver=no)
AC_MSG_RESULT($have_resolver)
# This is Apple-specific and somewhat bizarre as they changed the
# define in bind 8 for some reason.
if test x"$have_resolver" != xyes ; then
AC_MSG_CHECKING(
[whether I can make the resolver usable with BIND_8_COMPAT])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#define BIND_8_COMPAT
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>],
[[unsigned char answer[PACKETSZ];
res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
dn_skipname(0,0); dn_expand(0,0,0,0,0);
]])],[have_resolver=yes ; need_compat=yes])
AC_MSG_RESULT($have_resolver)
fi
fi fi
LIBS=$_srv_save_libs
if test x"$have_resolver" = xyes ; then
DNSLIBS=$LIBS
if test x"$use_dns_srv" = xyes ; then
AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
fi
if test x"$use_dns_pka" = xyes ; then
AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
fi
if test x"$use_dns_cert" = xyes ; then
AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
fi
if test x"$need_compat" = xyes ; then
AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
fi
else
use_dns_srv=no
use_dns_pka=no
use_dns_cert=no
fi
LIBS=$_dns_save_libs
fi fi
AC_SUBST(SRVLIBS) AC_SUBST(DNSLIBS)
# Try and link a LDAP test program to weed out unusable LDAP AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
# libraries. -lldap [-llber [-lresolv]] is for OpenLDAP. OpenLDAP in
# general is terrible with creating weird dependencies. If all else
# fails, the user can play guess-the-dependency by using something
# like ./configure LDAPLIBS="-Lfoo -lbar"
#
# Check for LDAP
#
if test "$try_ldap" = yes ; then if test "$try_ldap" = yes ; then
for MY_LDAPLIBS in ${LDAPLIBS+"$LDAPLIBS"} "-lldap" "-lldap -llber" "-lldap -llber -lresolv"; do GNUPG_CHECK_LDAP($NETLIBS)
_ldap_save_libs=$LIBS
LIBS="$MY_LDAPLIBS $NETLIBS $LIBS"
AC_MSG_CHECKING([whether LDAP via \"$MY_LDAPLIBS\" is present and sane])
AC_TRY_LINK([#include <ldap.h>],[ldap_open("foobar",1234);],
[gnupg_cv_func_ldap_init=yes],[gnupg_cv_func_ldap_init=no])
AC_MSG_RESULT([$gnupg_cv_func_ldap_init])
if test $gnupg_cv_func_ldap_init = no; then
AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h])
AC_TRY_LINK([#include <lber.h>
#include <ldap.h>],[ldap_open("foobar",1234);],
[gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no])
AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init])
fi
if test "$gnupg_cv_func_ldaplber_init" = yes ; then
AC_DEFINE(NEED_LBER_H,1,[Define if the LDAP library requires including lber.h before ldap.h])
fi
if test "$gnupg_cv_func_ldap_init" = yes || \
test "$gnupg_cv_func_ldaplber_init" = yes ; then
LDAPLIBS=$MY_LDAPLIBS
GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT"
AC_MSG_CHECKING([whether LDAP supports ldap_get_option])
if test "$gnupg_cv_func_ldap_init" = yes ; then
AC_TRY_LINK([#include <ldap.h>],
[ldap_get_option((void *)0,0,(void *)0);],
[gnupg_cv_func_ldap_get_option=yes],
[gnupg_cv_func_ldap_get_option=no])
else
AC_TRY_LINK([#include <lber.h>
#include <ldap.h>],[ldap_get_option((void *)0,0,(void *)0);],
[gnupg_cv_func_ldap_get_option=yes],
[gnupg_cv_func_ldap_get_option=no])
fi
AC_MSG_RESULT([$gnupg_cv_func_ldap_get_option])
if test "$gnupg_cv_func_ldap_get_option" = yes ; then
AC_DEFINE(HAVE_LDAP_GET_OPTION,1,[Define if the LDAP library has ldap_get_option])
else
AC_MSG_CHECKING([whether LDAP supports ld_errno])
if test "$gnupg_cv_func_ldap_init" = yes ; then
AC_TRY_COMPILE([#include <ldap.h>],
[LDAP *ldap; ldap->ld_errno;],
[gnupg_cv_func_ldap_ld_errno=yes],
[gnupg_cv_func_ldap_ld_errno=no])
else
AC_TRY_LINK([#include <lber.h>
#include <ldap.h>],[LDAP *ldap; ldap->ld_errno;],
[gnupg_cv_func_ldap_ld_errno=yes],
[gnupg_cv_func_ldap_ld_errno=no])
fi
AC_MSG_RESULT([$gnupg_cv_func_ldap_ld_errno])
if test "$gnupg_cv_func_ldap_ld_errno" = yes ; then
AC_DEFINE(HAVE_LDAP_LD_ERRNO,1,[Define if the LDAP library supports ld_errno])
fi
fi
fi
LIBS=$_ldap_save_libs
if test "$GPGKEYS_LDAP" != "" ; then break; fi
done
fi fi
AC_SUBST(GPGKEYS_LDAP) #
AC_SUBST(LDAPLIBS)
# Check for curl. We fake the curl API if libcurl isn't installed. # Check for curl. We fake the curl API if libcurl isn't installed.
#
# fixme: need to add this LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
#LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes]) AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
#AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
AM_CONDITIONAL(FAKE_CURL,1)
# Generic, for us, means curl # Generic, for us, means curl
if test x"$try_generic" = xyes ; then if test x"$try_generic" = xyes ; then
AC_SUBST(GPGKEYS_CURL,"gpgkeys_curl$EXEEXT") AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
fi fi
dnl This isn't necessarily sendmail itself, but anything that gives a #
dnl sendmail-ish interface to the outside world. That includes qmail, # Check for sendmail
dnl postfix, etc. Basically, anything that can handle "sendmail -t". #
# This isn't necessarily sendmail itself, but anything that gives a
# sendmail-ish interface to the outside world. That includes Exim,
# Postfix, etc. Basically, anything that can handle "sendmail -t".
if test "$try_mailto" = yes ; then if test "$try_mailto" = yes ; then
AC_ARG_WITH(mailprog,[ --with-mailprog=NAME use "NAME -t" for mail transport],,with_mailprog=yes) AC_ARG_WITH(mailprog,
AC_HELP_STRING([--with-mailprog=NAME],
[use "NAME -t" for mail transport]),
,with_mailprog=yes)
if test "$with_mailprog" = yes ; then if test x"$with_mailprog" = xyes ; then
AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib) AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
if test "$ac_cv_path_SENDMAIL" ; then if test "$ac_cv_path_SENDMAIL" ; then
GPGKEYS_MAILTO="gpgkeys_mailto" GPGKEYS_MAILTO="gpg2keys_mailto"
fi fi
elif test "$with_mailprog" != no ; then elif test x"$with_mailprog" != xno ; then
AC_MSG_CHECKING([for a mail transport program]) AC_MSG_CHECKING([for a mail transport program])
AC_SUBST(SENDMAIL,$with_mailprog) AC_SUBST(SENDMAIL,$with_mailprog)
AC_MSG_RESULT($with_mailprog) AC_MSG_RESULT($with_mailprog)
GPGKEYS_MAILTO="gpgkeys_mailto" GPGKEYS_MAILTO="gpg2keys_mailto"
fi fi
fi fi
AC_SUBST(GPGKEYS_MAILTO) AC_SUBST(GPGKEYS_MAILTO)
#
# Construct a printable name of the OS
#
case "${host}" in case "${host}" in
*-mingw32*) *-mingw32*)
PRINTABLE_OS_NAME="MingW32" PRINTABLE_OS_NAME="MingW32"
@ -783,6 +859,9 @@ AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
[A human readable text with the name of the OS]) [A human readable text with the name of the OS])
#
# Check for gettext
#
AM_GNU_GETTEXT_VERSION(0.14.1) AM_GNU_GETTEXT_VERSION(0.14.1)
if test "$try_gettext" = yes; then if test "$try_gettext" = yes; then
AM_GNU_GETTEXT(,[need-ngettext]) AM_GNU_GETTEXT(,[need-ngettext])
@ -799,21 +878,50 @@ else
AC_SUBST(USE_NLS) AC_SUBST(USE_NLS)
AC_SUBST(USE_INCLUDED_LIBINTL) AC_SUBST(USE_INCLUDED_LIBINTL)
AC_SUBST(BUILD_INCLUDED_LIBINTL) AC_SUBST(BUILD_INCLUDED_LIBINTL)
AM_PO_SUBDIRS
fi fi
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS(string.h unistd.h langinfo.h termio.h locale.h)
#
# SELinux support
#
if test "$selinux_support" = yes ; then
AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support])
fi
#
# Checks for header files.
#
AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
AC_CHECK_HEADERS([pwd.h inttypes.h])
# Note that we do not check for iconv here because this is done anyway
# by the gettext checks and thus it allows us to disable the use of
# iconv by using --disable-nls.
#
# Checks for typedefs, structures, and compiler characteristics. # Checks for typedefs, structures, and compiler characteristics.
#
AC_C_CONST AC_C_CONST
AC_C_INLINE AC_C_INLINE
AC_C_VOLATILE
AC_TYPE_SIZE_T AC_TYPE_SIZE_T
AC_TYPE_MODE_T
AC_TYPE_SIGNAL AC_TYPE_SIGNAL
AC_DECL_SYS_SIGLIST AC_DECL_SYS_SIGLIST
GNUPG_CHECK_ENDIAN AC_ARG_ENABLE(endian-check,
AC_HELP_STRING([--disable-endian-check],
[disable the endian check and trust the OS provided macros]),
endiancheck=$enableval,endiancheck=yes)
if test x"$endiancheck" = xyes ; then
GNUPG_CHECK_ENDIAN
fi
# fixme: we should get rid of the byte type
GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF) GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF) GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF) GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
@ -825,16 +933,14 @@ AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long) AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_SIZEOF(unsigned long long) AC_CHECK_SIZEOF(unsigned long long)
# Ensure that we have UINT64_C before we bother to check for uint64_t # Ensure that we have UINT64_C before we bother to check for uint64_t
# fixme: really needed in gnupg? I think it is only useful in libcgrypt. # Fixme: really needed in gnupg? I think it is only useful in libcgrypt.
AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works], AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([#include <inttypes.h> AC_COMPILE_IFELSE(AC_LANG_PROGRAM([#include <inttypes.h>
uint64_t foo=UINT64_C(42);]),gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no)) uint64_t foo=UINT64_C(42);]),
gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
if test "$gnupg_cv_uint64_c_works" = "yes" ; then if test "$gnupg_cv_uint64_c_works" = "yes" ; then
AC_CHECK_SIZEOF(uint64_t) AC_CHECK_SIZEOF(uint64_t)
fi fi
if test "$ac_cv_sizeof_unsigned_short" = "0" \ if test "$ac_cv_sizeof_unsigned_short" = "0" \
|| test "$ac_cv_sizeof_unsigned_int" = "0" \ || test "$ac_cv_sizeof_unsigned_int" = "0" \
@ -842,92 +948,54 @@ if test "$ac_cv_sizeof_unsigned_short" = "0" \
AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]); AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
fi fi
dnl Do we have any 64-bit data types? #
if test "$ac_cv_sizeof_unsigned_int" != "8" \
&& test "$ac_cv_sizeof_unsigned_long" != "8" \
&& test "$ac_cv_sizeof_unsigned_long_long" != "8" \
&& test "$ac_cv_sizeof_uint64_t" != "8"; then
AC_MSG_WARN([No 64-bit types. Disabling SHA-384, and SHA-512])
else
if test x"$use_sha512" = xyes ; then
AC_SUBST(SHA512_O,sha512.o)
AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests])
fi
fi
# fixme: do we really need this - it should be encapsulated in libassuan # fixme: do we really need this - it should be encapsulated in libassuan
#
GNUPG_SYS_SO_PEERCRED GNUPG_SYS_SO_PEERCRED
#
# Checks for library functions. # Checks for library functions.
#
AC_CHECK_DECLS(getpagesize)
AC_FUNC_FSEEKO AC_FUNC_FSEEKO
AC_FUNC_VPRINTF AC_FUNC_VPRINTF
AC_FUNC_FORK AC_FUNC_FORK
AC_CHECK_FUNCS(strerror stpcpy strsep strlwr tcgetattr strtoul mmap) AC_CHECK_FUNCS([strerror stpcpy strsep strlwr tcgetattr strtoul mmap])
AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times gmtime_r) AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times timegm gmtime_r])
AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime) AC_CHECK_FUNCS([unsetenv getpwnam getpwuid fcntl ftruncate])
AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale) AC_CHECK_FUNCS([memmove gettimeofday getrusage setrlimit clock_gettime])
AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo) AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
AC_CHECK_FUNCS(fseeko ftello ttyname isascii) AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo])
AC_CHECK_FUNCS([ttyname isascii memrchr rand ftello])
AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>]) AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
#
# gnulib checks # gnulib checks
#
gl_SOURCE_BASE(gl) gl_SOURCE_BASE(gl)
gl_M4_BASE(gl/m4) gl_M4_BASE(gl/m4)
gl_MODULES(setenv strsep mkdtemp vasprintf xsize) gl_MODULES(setenv strsep mkdtemp vasprintf xsize)
gl_INIT gl_INIT
#
# These are needed by libjnlib - fixme: we should have macros for them # These are needed by libjnlib - fixme: we should have macros for them
AC_CHECK_FUNCS(memicmp stpcpy strlwr strtoul memmove stricmp strtol) #
AC_CHECK_FUNCS(getrusage setrlimit stat setlocale) AC_CHECK_FUNCS([memicmp stpcpy strlwr strtoul memmove stricmp strtol])
AC_CHECK_FUNCS(flockfile funlockfile fopencookie funopen) AC_CHECK_FUNCS([getrusage setrlimit stat setlocale])
AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen])
#
# check for gethrtime and run a testprogram to see whether
# it is broken. It has been reported that some Solaris and HP UX systems
# raise an SIGILL
#
# fixme: Do we need this - iirc, this is only used by libgcrypt.
#
AC_CACHE_CHECK([for gethrtime],
[gnupg_cv_func_gethrtime],
[AC_TRY_LINK([#include <sys/times.h>],[
hrtime_t tv;
tv = gethrtime();
],
[gnupg_cv_func_gethrtime=yes],
[gnupg_cv_func_gethrtime=no])
])
if test $gnupg_cv_func_gethrtime = yes; then
AC_DEFINE([HAVE_GETHRTIME], 1,
[Define if you have the `gethrtime(2)' function.])
AC_CACHE_CHECK([whether gethrtime is broken],
[gnupg_cv_func_broken_gethrtime],
[AC_TRY_RUN([
#include <sys/times.h>
int main () {
hrtime_t tv;
tv = gethrtime();
}
],
[gnupg_cv_func_broken_gethrtime=no],
[gnupg_cv_func_broken_gethrtime=yes],
[gnupg_cv_func_broken_gethrtime=assume-no])
])
if test $gnupg_cv_func_broken_gethrtime = yes; then
AC_DEFINE([HAVE_BROKEN_GETHRTIME], 1,
[Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL.])
fi
fi
GNUPG_CHECK_MLOCK GNUPG_CHECK_MLOCK
GNUPG_FUNC_MKDIR_TAKES_ONE_ARG GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
dnl #
dnl Check whether we can use Linux capabilities as requested # Check whether we can use Linux capabilities as requested
dnl #
# fixme: Still required? # fixme: Still required?
# #
if test "$use_capabilities" = "yes" ; then if test "$use_capabilities" = "yes" ; then
@ -956,13 +1024,15 @@ if test "$use_capabilities" = "no" ; then
fi fi
fi fi
#
# Sanity check regex. Tests adapted from mutt. # Sanity check regex. Tests adapted from mutt.
# FIXME: We should use the the regex from gnulib
#
AC_MSG_CHECKING([whether regular expression support is requested]) AC_MSG_CHECKING([whether regular expression support is requested])
AC_ARG_ENABLE(regex, AC_ARG_ENABLE(regex,
[ --disable-regex do not handle regular expressions in trust sigs], AC_HELP_STRING([--disable-regex],
use_regex=$enableval, use_regex=yes) [do not handle regular expressions in trust signatures]),
use_regex=$enableval, use_regex=yes)
AC_MSG_RESULT($use_regex) AC_MSG_RESULT($use_regex)
if test "$use_regex" = yes ; then if test "$use_regex" = yes ; then
@ -994,14 +1064,16 @@ main() { regex_t blah ; regmatch_t p; p.rm_eo = p.rm_eo; return regcomp(&blah, "
fi fi
if test $gnupg_cv_included_regex = yes; then if test $gnupg_cv_included_regex = yes; then
AC_DEFINE(USE_GNU_REGEX,1,[ Define if you want to use the included regex lib ]) AC_DEFINE(USE_INTERNAL_REGEX,1,[ Define if you want to use the included regex lib ])
AC_SUBST(REGEX_O,regex.o)
fi fi
else else
AC_DEFINE(DISABLE_REGEX,1,[ Define to disable regular expression support ]) AC_DEFINE(DISABLE_REGEX,1,[ Define to disable regular expression support ])
fi fi
AM_CONDITIONAL(USE_INTERNAL_REGEX, test x"$gnupg_cv_included_regex" = xyes)
# #
# Do we have zlib? Must do it here because Solaris failed # Do we have zlib? Must do it here because Solaris failed
# when compiling a conftest (due to the "-lz" from LIBS). # when compiling a conftest (due to the "-lz" from LIBS).
@ -1058,16 +1130,20 @@ AM_CONDITIONAL(ENABLE_BZIP2_SUPPORT,test x"$have_bz2" = "xyes")
AC_SUBST(ZLIBS) AC_SUBST(ZLIBS)
# Check for readline support
GNUPG_CHECK_READLINE
# See wether we want to run the long test suite. # See wether we want to run the long test suite.
AC_ARG_WITH(pkits-tests, AC_ARG_WITH(pkits-tests,
AC_HELP_STRING([--with-pkits-tests],[run the PKITS based tests]), AC_HELP_STRING([--with-pkits-tests],[run the PKITS based tests]),
[run_pkits_tests=$withval], [run_pkits_tests=no]) [run_pkits_tests=$withval], [run_pkits_tests=no])
AM_CONDITIONAL(RUN_PKITS_TESTS, test "$run_pkits_tests" = "yes") AM_CONDITIONAL(RUN_PKITS_TESTS, test "$run_pkits_tests" = "yes")
#
# Allow users to append something to the version string without # Allow users to append something to the version string without
# flagging it as development version. The user version parts is # flagging it as development version. The user version parts is
# considered everything after a dash. # considered everything after a dash.
#
if test "$development_version" != yes; then if test "$development_version" != yes; then
changequote(,)dnl changequote(,)dnl
tmp_pat='[a-zA-Z]' tmp_pat='[a-zA-Z]'
@ -1091,16 +1167,36 @@ if test "$have_w32_system" = yes; then
W32LIBS="-lwsock32" W32LIBS="-lwsock32"
fi fi
AC_SUBST(NETLIBS)
AC_SUBST(W32LIBS)
#
# Setup gcc specific options
#
if test "$GCC" = yes; then if test "$GCC" = yes; then
# Note that it is okay to use CFLAGS here because this are just
# warning options and the user should have a chance of overriding
# them.
if test "$USE_MAINTAINER_MODE" = "yes"; then if test "$USE_MAINTAINER_MODE" = "yes"; then
CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security" CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security -Wformat-nonliteral"
else else
CFLAGS="$CFLAGS -Wall" CFLAGS="$CFLAGS -Wall"
fi fi
AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wno-pointer-sign"
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no)
AC_MSG_RESULT($_gcc_psign)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_psign" = xyes ; then
CFLAGS="$CFLAGS -Wno-pointer-sign"
fi
fi fi
# #
# This is handy for debugging so the compiler doesn't rearrange # This is handy for debugging so the compiler doesn't rearrange
# things and eliminate variables. # things and eliminate variables.
@ -1112,18 +1208,9 @@ AC_ARG_ENABLE(optimization,
CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'` CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
fi]) fi])
#
AC_SUBST(NETLIBS)
AC_SUBST(W32LIBS)
# We use jnlib, so tell other modules about it
AC_DEFINE(HAVE_JNLIB_LOGGING, 1,
[Defined if jnlib style logging functions are available])
# For W32 we need to use our Pth emulation code # For W32 we need to use our Pth emulation code
#
if test "$have_w32_system" = yes; then if test "$have_w32_system" = yes; then
AC_CONFIG_LINKS(pth.h:jnlib/w32-pth.h) AC_CONFIG_LINKS(pth.h:jnlib/w32-pth.h)
fi fi
@ -1254,13 +1341,13 @@ g10/Makefile
sm/Makefile sm/Makefile
agent/Makefile agent/Makefile
scd/Makefile scd/Makefile
keyserver/Makefile
tools/Makefile tools/Makefile
doc/Makefile doc/Makefile
tests/Makefile tests/Makefile
]) ])
AC_OUTPUT AC_OUTPUT
#./autogen keyserver/Makefile
#tests/pkits/Makefile #tests/pkits/Makefile

2
doc/gpg-agent.texi
View File

@ -430,7 +430,7 @@ agent. By default they may all be found in the current home directory
hash mark, as well as empty lines are ignored. To mark a key as trusted hash mark, as well as empty lines are ignored. To mark a key as trusted
you need to enter its fingerprint followed by a space and a capital you need to enter its fingerprint followed by a space and a capital
letter @code{S}. Colons may optionally be used to separate the bytes of letter @code{S}. Colons may optionally be used to separate the bytes of
a fingerprint; this allows to cut and paste the fingeperint from a key a fingerprint; this allows to cut and paste the fingerprint from a key
listing output. listing output.
Here is an example where two keys are marked as ultimately trusted: Here is an example where two keys are marked as ultimately trusted:

18
g10/ChangeLog
View File

@ -1,3 +1,21 @@
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_. This is so
that we can install helpers from 1.4 and 2 without conflicts and
first of all don't get lost with weird bug reports.
* keyid.c (serialno_and_fpr_from_sk): New. Actually lost during
the last 1.4 to 1.9 merge.
* gpg.c (list_config): Output ccid-reader-id only for gnupg 1.
* call-agent.c (agent_scd_writekey): New.
(inq_writekey_parms): New.
* gpgv.c: Include call-agent.h for use by stubs.
* misc.c: Include call-agent.h for use by get_signature_count.
2006-07-27 Werner Koch <wk@g10code.com> 2006-07-27 Werner Koch <wk@g10code.com>
* parse-packet.c (parse_comment): Cap comments at 65k. * parse-packet.c (parse_comment): Cap comments at 65k.

3
g10/Makefile.am
View File

@ -108,7 +108,8 @@ gpgv2_SOURCES = gpgv.c \
# ks-db.h \ # ks-db.h \
# $(common_source) # $(common_source)
LDADD = $(needed_libs) $(ZLIBS) @LIBINTL@ @CAPLIBS@ @W32LIBS@ LDADD = $(needed_libs) $(ZLIBS) $(DNSLIBS) $(LIBREADLINE) \
$(LIBINTL) $(CAPLIBS) $(W32LIBS)
gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error

67
g10/call-agent.c
View File

@ -1,5 +1,5 @@
/* call-agent.c - divert operations to the agent /* call-agent.c - divert operations to the agent
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -47,17 +47,26 @@
# define DBG_ASSUAN 1 # define DBG_ASSUAN 1
#endif #endif
static ASSUAN_CONTEXT agent_ctx = NULL; static assuan_context_t agent_ctx = NULL;
static int force_pipe_server = 1; /* FIXME: set this back to 0. */ static int force_pipe_server = 1; /* FIXME: set this back to 0. */
struct cipher_parm_s { struct cipher_parm_s
ASSUAN_CONTEXT ctx; {
assuan_context_t ctx;
const char *ciphertext; const char *ciphertext;
size_t ciphertextlen; size_t ciphertextlen;
}; };
struct genkey_parm_s { struct writekey_parm_s
ASSUAN_CONTEXT ctx; {
assuan_context_t ctx;
const unsigned char *keydata;
size_t keydatalen;
};
struct genkey_parm_s
{
assuan_context_t ctx;
const char *sexp; const char *sexp;
size_t sexplen; size_t sexplen;
}; };
@ -672,6 +681,48 @@ agent_scd_setattr (const char *name,
return map_assuan_err (rc); return map_assuan_err (rc);
} }
/* Handle a KEYDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */
static assuan_error_t
inq_writekey_parms (void *opaque, const char *keyword)
{
struct writekey_parm_s *parm = opaque;
return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
}
/* Send a WRITEKEY command to the SCdaemon. */
int
agent_scd_writekey (int keyno, const char *serialno,
const unsigned char *keydata, size_t keydatalen)
{
int rc;
char line[ASSUAN_LINELENGTH];
struct writekey_parm_s parms;
rc = start_agent ();
if (rc)
return rc;
memset (&parms, 0, sizeof parms);
snprintf (line, DIM(line)-1, "SCD WRITEKEY --force OPENPGP.%d", keyno);
line[DIM(line)-1] = 0;
parms.ctx = agent_ctx;
parms.keydata = keydata;
parms.keydatalen = keydatalen;
rc = assuan_transact (agent_ctx, line, NULL, NULL,
inq_writekey_parms, &parms, NULL, NULL);
return map_assuan_err (rc);
}
/* Status callback for the SCD GENKEY command. */ /* Status callback for the SCD GENKEY command. */
static AssuanError static AssuanError
@ -765,7 +816,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
int int
agent_scd_pksign (const char *serialno, int hashalgo, agent_scd_pksign (const char *serialno, int hashalgo,
const unsigned char *indata, size_t indatalen, const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen) unsigned char **r_buf, size_t *r_buflen)
{ {
int rc, i; int rc, i;
char *p, line[ASSUAN_LINELENGTH]; char *p, line[ASSUAN_LINELENGTH];
@ -822,7 +873,7 @@ agent_scd_pksign (const char *serialno, int hashalgo,
int int
agent_scd_pkdecrypt (const char *serialno, agent_scd_pkdecrypt (const char *serialno,
const unsigned char *indata, size_t indatalen, const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen) unsigned char **r_buf, size_t *r_buflen)
{ {
int rc, i; int rc, i;
char *p, line[ASSUAN_LINELENGTH]; char *p, line[ASSUAN_LINELENGTH];

8
g10/call-agent.h
View File

@ -82,6 +82,10 @@ int agent_scd_setattr (const char *name,
const unsigned char *value, size_t valuelen, const unsigned char *value, size_t valuelen,
const char *serialno); const char *serialno);
/* Send a WRITEKEY command to the SCdaemon. */
int agent_scd_writekey (int keyno, const char *serialno,
const unsigned char *keydata, size_t keydatalen);
/* Send a GENKEY command to the SCdaemon. */ /* Send a GENKEY command to the SCdaemon. */
int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force, int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
const char *serialno); const char *serialno);
@ -89,12 +93,12 @@ int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
/* Send a PKSIGN command to the SCdaemon. */ /* Send a PKSIGN command to the SCdaemon. */
int agent_scd_pksign (const char *keyid, int hashalgo, int agent_scd_pksign (const char *keyid, int hashalgo,
const unsigned char *indata, size_t indatalen, const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen); unsigned char **r_buf, size_t *r_buflen);
/* Send a PKDECRYPT command to the SCdaemon. */ /* Send a PKDECRYPT command to the SCdaemon. */
int agent_scd_pkdecrypt (const char *serialno, int agent_scd_pkdecrypt (const char *serialno,
const unsigned char *indata, size_t indatalen, const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen); unsigned char **r_buf, size_t *r_buflen);
/* Change the PIN of an OpenPGP card or reset the retry counter. */ /* Change the PIN of an OpenPGP card or reset the retry counter. */
int agent_scd_change_pin (int chvno, const char *serialno); int agent_scd_change_pin (int chvno, const char *serialno);

8
g10/gpg.c
View File

@ -1434,7 +1434,9 @@ list_config(char *items)
if(show_all || ascii_strcasecmp(name,"ccid-reader-id")==0) if(show_all || ascii_strcasecmp(name,"ccid-reader-id")==0)
{ {
#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) #if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) \
&& GNUPG_MAJOR_VERSION == 1
char *p, *p2, *list = ccid_get_reader_list (); char *p, *p2, *list = ccid_get_reader_list ();
for (p=list; p && (p2 = strchr (p, '\n')); p = p2+1) for (p=list; p && (p2 = strchr (p, '\n')); p = p2+1)
@ -3871,10 +3873,6 @@ emergency_cleanup (void)
void void
g10_exit( int rc ) g10_exit( int rc )
{ {
#ifdef ENABLE_CARD_SUPPORT
card_close ();
#endif
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE); gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
if ( (opt.debug & DBG_MEMSTAT_VALUE) ) if ( (opt.debug & DBG_MEMSTAT_VALUE) )
{ {

1
g10/gpgv.c
View File

@ -49,6 +49,7 @@
#include "ttyio.h" #include "ttyio.h"
#include "i18n.h" #include "i18n.h"
#include "status.h" #include "status.h"
#include "call-agent.h"
enum cmd_and_opt_values { aNull = 0, enum cmd_and_opt_values { aNull = 0,

2
g10/keydb.h
View File

@ -292,6 +292,8 @@ const char *colon_datestr_from_sig (PKT_signature *sig);
const char *colon_expirestr_from_sig (PKT_signature *sig); const char *colon_expirestr_from_sig (PKT_signature *sig);
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len ); byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len ); byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
char *serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
PKT_secret_key *sk);
/*-- kbnode.c --*/ /*-- kbnode.c --*/
KBNODE new_kbnode( PACKET *pkt ); KBNODE new_kbnode( PACKET *pkt );

24
g10/keygen.c
View File

@ -2921,6 +2921,7 @@ generate_raw_key (int algo, unsigned int nbits, u32 created_at,
PKT_secret_key *sk = NULL; PKT_secret_key *sk = NULL;
int i; int i;
size_t nskey, npkey; size_t nskey, npkey;
gcry_sexp_t s_parms, s_key;
npkey = pubkey_get_npkey (algo); npkey = pubkey_get_npkey (algo);
nskey = pubkey_get_nskey (algo); nskey = pubkey_get_nskey (algo);
@ -3613,8 +3614,8 @@ gen_card_key (int algo, int keyno, int is_primary,
if ( !info.n || !info.e ) if ( !info.n || !info.e )
{ {
log_error ("communication error with SCD\n"); log_error ("communication error with SCD\n");
mpi_free (info.n); gcry_mpi_release (info.n);
mpi_free (info.e); gcry_mpi_release (info.e);
return gpg_error (GPG_ERR_GENERAL); return gpg_error (GPG_ERR_GENERAL);
} }
@ -3672,7 +3673,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
int rc; int rc;
const char *s; const char *s;
PACKET *pkt; PACKET *pkt;
PKT_secret_key *sk, *sk_unprotected, *sk_protected; PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL;
PKT_public_key *pk; PKT_public_key *pk;
size_t n; size_t n;
int i; int i;
@ -3697,7 +3698,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
n = pubkey_get_nskey (sk->pubkey_algo); n = pubkey_get_nskey (sk->pubkey_algo);
for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++) for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
{ {
mpi_free (sk->skey[i]); gcry_mpi_release (sk->skey[i]);
sk->skey[i] = NULL; sk->skey[i] = NULL;
} }
i = pubkey_get_npkey (sk->pubkey_algo); i = pubkey_get_npkey (sk->pubkey_algo);
@ -3733,12 +3734,13 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
umask (oldmask); umask (oldmask);
if (!fp) if (!fp)
{ {
rc = gpg_error_from_errno (errno);
log_error (_("can't create backup file `%s': %s\n"), log_error (_("can't create backup file `%s': %s\n"),
fname, strerror(errno) ); fname, strerror(errno) );
xfree (fname); xfree (fname);
free_secret_key (sk_unprotected); free_secret_key (sk_unprotected);
free_secret_key (sk_protected); free_secret_key (sk_protected);
return G10ERR_OPEN_FILE; return rc;
} }
pkt = xcalloc (1, sizeof *pkt); pkt = xcalloc (1, sizeof *pkt);
@ -3754,7 +3756,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
} }
else else
{ {
byte array[MAX_FINGERPRINT_LEN]; unsigned char array[MAX_FINGERPRINT_LEN];
char *fprbuf, *p; char *fprbuf, *p;
iobuf_close (fp); iobuf_close (fp);
@ -3831,11 +3833,11 @@ save_unprotected_key_to_card (PKT_secret_key *sk, int keyno)
assert (!sk->is_protected); assert (!sk->is_protected);
/* Copy the parameters into straight buffers. */ /* Copy the parameters into straight buffers. */
rsa_n = mpi_get_secure_buffer (sk->skey[0], &rsa_n_len, NULL); gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]);
rsa_e = mpi_get_secure_buffer (sk->skey[1], &rsa_e_len, NULL); gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]);
rsa_p = mpi_get_secure_buffer (sk->skey[3], &rsa_p_len, NULL); gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[2]);
rsa_q = mpi_get_secure_buffer (sk->skey[4], &rsa_q_len, NULL); gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[3]);
if (!rsa_n || !rsa_e || !rsa_p || !rsa_q) if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
{ {
rc = G10ERR_INV_ARG; rc = G10ERR_INV_ARG;
goto leave; goto leave;

25
g10/keyid.c
View File

@ -812,3 +812,28 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
*ret_len = len; *ret_len = len;
return array; return array;
} }
/* Create a serialno/fpr string from the serial number and the secret
key. Caller must free the returned string. There is no error
return. */
char *
serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
PKT_secret_key *sk)
{
unsigned char fpr[MAX_FINGERPRINT_LEN];
size_t fprlen;
char *buffer, *p;
int i;
fingerprint_from_sk (sk, fpr, &fprlen);
buffer = p = xmalloc (snlen*2 + 1 + fprlen*2 + 1);
for (i=0; i < snlen; i++, p+=2)
sprintf (p, "%02X", sn[i]);
*p++ = '/';
for (i=0; i < fprlen; i++, p+=2)
sprintf (p, "%02X", fpr[i]);
*p = 0;
return buffer;
}

4
g10/keyserver.c
View File

@ -941,7 +941,11 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
return 0; return 0;
} }
#if GNUPG_MAJOR_VERSION == 2
#define GPGKEYS_PREFIX "gpg2keys_"
#else
#define GPGKEYS_PREFIX "gpgkeys_" #define GPGKEYS_PREFIX "gpgkeys_"
#endif
#define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT #define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
#define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL)) #define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\"" #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""

5
g10/misc.c
View File

@ -64,6 +64,7 @@
#include "main.h" #include "main.h"
#include "photoid.h" #include "photoid.h"
#include "options.h" #include "options.h"
#include "call-agent.h"
#include "i18n.h" #include "i18n.h"
@ -490,7 +491,9 @@ idea_cipher_warn(int show)
} }
#endif #endif
static unsigned long get_signature_count(PKT_secret_key *sk)
static unsigned long
get_signature_count (PKT_secret_key *sk)
{ {
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
if(sk && sk->is_protected && sk->protect.s2k.mode==1002) if(sk && sk->is_protected && sk->protect.s2k.mode==1002)

1
g10/pubkey-enc.c
View File

@ -37,6 +37,7 @@
#include "main.h" #include "main.h"
#include "i18n.h" #include "i18n.h"
#include "pkglue.h" #include "pkglue.h"
#include "call-agent.h"
static int get_it( PKT_pubkey_enc *k, static int get_it( PKT_pubkey_enc *k,

5
include/ChangeLog
View File

@ -1,3 +1,8 @@
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.h: Moved to ../common.
* http.h: Retired.
2006-04-28 Werner Koch <wk@g10code.com> 2006-04-28 Werner Koch <wk@g10code.com>
* cipher.h (DIGEST_ALGO_SHA224): Define it. * cipher.h (DIGEST_ALGO_SHA224): Define it.

1
include/distfiles
View File

@ -7,7 +7,6 @@ util.h
i18n.h i18n.h
host2net.h host2net.h
http.h http.h
keyserver.h
_regex.h _regex.h
ChangeLog ChangeLog

3
include/http.h
View File

@ -23,6 +23,9 @@
#ifndef G10_HTTP_H #ifndef G10_HTTP_H
#define G10_HTTP_H 1 #define G10_HTTP_H 1
#error this file should not be used anymore
#include "../common/iobuf.h" #include "../common/iobuf.h"
struct uri_tuple { struct uri_tuple {

17
keyserver/ChangeLog
View File

@ -1,3 +1,20 @@
2006-08-16 Werner Koch <wk@g10code.com>
* Makefile.am: Renamed all binaries to gpg2keys_*.
(gpg2keys_ldap_CPPFLAGS): Add AM_CPPFLAGS.
2006-08-15 Werner Koch <wk@g10code.com>
* Makefile.am: Adjusted to the gnupg2 framework.
2006-08-14 Werner Koch <wk@g10code.com>
* curl-shil.c, curl-shim.h: Changed to make use of the new http.c
API.
* curl-shim.c (curl_easy_perform): Add missing http_close to the
POST case.
2006-07-24 David Shaw <dshaw@jabberwocky.com> (wk) 2006-07-24 David Shaw <dshaw@jabberwocky.com> (wk)
* curl-shim.c (curl_easy_perform): Minor cleanup of proxy code. * curl-shim.c (curl_easy_perform): Minor cleanup of proxy code.

55
keyserver/Makefile.am
View File

@ -18,36 +18,47 @@
## Process this file with automake to produce Makefile.in ## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl EXTRA_PROGRAMS = gpg2keys_ldap gpg2keys_hkp gpg2keys_finger gpg2keys_curl
EXTRA_PROGRAMS = gpgkeys_ldap gpgkeys_hkp gpgkeys_finger gpgkeys_curl EXTRA_SCRIPTS = gpg2keys_mailto
EXTRA_SCRIPTS = gpgkeys_mailto
gpglibexecdir = $(libexecdir)/@PACKAGE@ AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
gpglibexec_PROGRAMS = @GPGKEYS_LDAP@ @GPGKEYS_HKP@ @GPGKEYS_FINGER@ @GPGKEYS_CURL@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS)
gpglibexec_SCRIPTS = @GPGKEYS_MAILTO@
include $(top_srcdir)/am/cmacros.am
libexec_PROGRAMS = $(GPGKEYS_LDAP) $(GPGKEYS_HKP) $(GPGKEYS_FINGER) \
$(GPGKEYS_CURL)
libexec_SCRIPTS = $(GPGKEYS_MAILTO)
noinst_SCRIPTS = gpgkeys_test noinst_SCRIPTS = gpgkeys_test
gpgkeys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h needed_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
gpgkeys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
gpgkeys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
gpgkeys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS) other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@ gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h
gpgkeys_ldap_LDADD = ../util/libutil.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
gpgkeys_finger_LDADD = ../util/libutil.a @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
gpg2keys_ldap_LDADD = $(needed_libs) $(LDAPLIBS) $(NETLIBS) \
$(other_libs) $(W32LIBS)
gpg2keys_finger_LDADD = $(needed_libs) $(LIBGCRYPT_LIBS) \
$(NETLIBS) $(other_libs) $(W32LIBS)
if FAKE_CURL if FAKE_CURL
gpgkeys_curl_SOURCES += curl-shim.c curl-shim.h gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
gpgkeys_curl_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ gpg2keys_curl_LDADD = $(needed_libs) $(NETLIBS) $(DNSLIBS) \
gpgkeys_hkp_SOURCES += curl-shim.c curl-shim.h $(other_libs) $(W32LIBS)
gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ gpg2keys_hkp_SOURCES += curl-shim.c curl-shim.h
gpg2keys_hkp_LDADD = $(needed_libs) $(NETLIBS) $(DNSLIBS) \
$(other_libs) $(W32LIBS)
else else
gpgkeys_curl_CPPFLAGS = @LIBCURL_CPPFLAGS@ gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
gpgkeys_curl_LDADD = @LIBCURL@ @GETOPT@ gpg2keys_curl_LDADD = $(LIBCURL) $(GETOPT)
gpgkeys_hkp_CPPFLAGS = @LIBCURL_CPPFLAGS@ gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
gpgkeys_hkp_LDADD = @LIBCURL@ @GETOPT@ gpg2keys_hkp_LDADD = $(LIBCURL) $(GETOPT)
endif endif

69
keyserver/curl-shim.c
View File

@ -27,6 +27,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <errno.h> #include <errno.h>
#include "http.h" #include "http.h"
#include "util.h" #include "util.h"
#include "ksutil.h" #include "ksutil.h"
@ -100,7 +101,11 @@ curl_easy_init(void)
void void
curl_easy_cleanup(CURL *curl) curl_easy_cleanup(CURL *curl)
{ {
free(curl); if (curl)
{
http_close (curl->hd);
free(curl);
}
} }
CURLcode CURLcode
@ -177,42 +182,46 @@ curl_easy_perform(CURL *curl)
if(curl->flags.post) if(curl->flags.post)
{ {
rc=http_open(&curl->hd,HTTP_REQ_POST,curl->url,curl->auth,0,proxy); rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
if(rc==0) 0, proxy, NULL);
if (!rc)
{ {
char content_len[50]; unsigned int post_len = strlen(curl->postfields);
unsigned int post_len=strlen(curl->postfields);
iobuf_writestr(curl->hd.fp_write, es_fprintf (http_get_write_ptr (curl->hd),
"Content-Type: application/x-www-form-urlencoded\r\n"); "Content-Type: application/x-www-form-urlencoded\r\n"
sprintf(content_len,"Content-Length: %u\r\n",post_len); "Content-Length: %u\r\n", post_len);
http_start_data (curl->hd);
es_write (http_get_write_ptr (curl->hd),
curl->postfields, post_len, NULL);
iobuf_writestr(curl->hd.fp_write,content_len); rc = http_wait_response (curl->hd);
curl->status = http_get_status_code (curl->hd);
http_start_data(&curl->hd); if (!rc && curl->flags.failonerror && curl->status>=300)
iobuf_write(curl->hd.fp_write,curl->postfields,post_len); err = CURLE_HTTP_RETURNED_ERROR;
rc=http_wait_response(&curl->hd,&curl->status); http_close(curl->hd);
if(rc==0 && curl->flags.failonerror && curl->status>=300) curl->hd = NULL;
err=CURLE_HTTP_RETURNED_ERROR;
} }
} }
else else
{ {
rc=http_open(&curl->hd,HTTP_REQ_GET,curl->url,curl->auth,0,proxy); rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
if(rc==0) 0, proxy, NULL);
if (!rc)
{ {
rc=http_wait_response(&curl->hd,&curl->status); rc = http_wait_response (curl->hd);
if(rc==0) curl->status = http_get_status_code (curl->hd);
if (!rc)
{ {
if(curl->flags.failonerror && curl->status>=300) if (curl->flags.failonerror && curl->status>=300)
err=CURLE_HTTP_RETURNED_ERROR; err = CURLE_HTTP_RETURNED_ERROR;
else else
{ {
unsigned int maxlen=1024,buflen,len; unsigned int maxlen = 1024, buflen, len;
byte *line=NULL; unsigned char *line = NULL;
while((len=iobuf_read_line(curl->hd.fp_read, while ((len = es_read_line (http_get_read_ptr (curl->hd),
&line,&buflen,&maxlen))) &line, &buflen, &maxlen)))
{ {
size_t ret; size_t ret;
@ -226,12 +235,16 @@ curl_easy_perform(CURL *curl)
} }
} }
xfree(line); es_free (line);
http_close(&curl->hd); http_close(curl->hd);
curl->hd = NULL;
} }
} }
else else
http_close(&curl->hd); {
http_close (curl->hd);
curl->hd = NULL;
}
} }
} }

2
keyserver/curl-shim.h
View File

@ -73,7 +73,7 @@ typedef struct
unsigned int failonerror:1; unsigned int failonerror:1;
unsigned int verbose:1; unsigned int verbose:1;
} flags; } flags;
struct http_context hd; http_t hd;
} CURL; } CURL;
#define CURL_ERROR_SIZE 256 #define CURL_ERROR_SIZE 256

3
keyserver/gpgkeys_finger.c
View File

@ -46,6 +46,7 @@
#include "util.h" #include "util.h"
#include "keyserver.h" #include "keyserver.h"
#include "ksutil.h" #include "ksutil.h"
#include "iobuf.h"
#ifdef _WIN32 #ifdef _WIN32
#define sock_close(a) closesocket(a) #define sock_close(a) closesocket(a)
@ -289,7 +290,7 @@ get_key (char *getkey)
{ {
int rc; int rc;
int sock; int sock;
IOBUF fp_read; iobuf_t fp_read;
unsigned int maxlen, buflen, gotit=0; unsigned int maxlen, buflen, gotit=0;
byte *line = NULL; byte *line = NULL;

2
m4/Makefile.am
View File

@ -1,6 +1,6 @@
EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4 EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4
EXTRA_DIST += ldap.m4 EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4 EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4

2
m4/ldap.m4
View File

@ -65,7 +65,7 @@ if test x$_ldap_with != xno ; then
if test "$gnupg_cv_func_ldap_init" = yes || \ if test "$gnupg_cv_func_ldap_init" = yes || \
test "$gnupg_cv_func_ldaplber_init" = yes ; then test "$gnupg_cv_func_ldaplber_init" = yes ; then
LDAPLIBS="$LDAP_LDFLAGS $MY_LDAPLIBS" LDAPLIBS="$LDAP_LDFLAGS $MY_LDAPLIBS"
GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT" GPGKEYS_LDAP="gpg2keys_ldap$EXEEXT"
AC_CHECK_FUNCS(ldap_get_option ldap_set_option ldap_start_tls_s) AC_CHECK_FUNCS(ldap_get_option ldap_set_option ldap_start_tls_s)

6
sm/certreqgen.c
View File

@ -467,7 +467,7 @@ proc_parameters (ctrl_t ctrl,
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
/* check the keylength */ /* Check the keylength. */
if (!get_parameter (para, pKEYLENGTH, 0)) if (!get_parameter (para, pKEYLENGTH, 0))
nbits = 1024; nbits = 1024;
else else
@ -481,7 +481,7 @@ proc_parameters (ctrl_t ctrl,
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
/* check the usage */ /* Check the usage. */
if (parse_parameter_usage (para, pKEYUSAGE)) if (parse_parameter_usage (para, pKEYUSAGE))
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
@ -493,7 +493,6 @@ proc_parameters (ctrl_t ctrl,
log_error (_("line %d: no subject name given\n"), r->lnr); log_error (_("line %d: no subject name given\n"), r->lnr);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
#if HAVE_KSBA_DN_TESTSTR
err = ksba_dn_teststr (s, 0, &erroff, &errlen); err = ksba_dn_teststr (s, 0, &erroff, &errlen);
if (err) if (err)
{ {
@ -507,7 +506,6 @@ proc_parameters (ctrl_t ctrl,
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
#endif /*HAVE_KSBA_DN_TESTSTR*/
/* Check that the optional email address is okay. */ /* Check that the optional email address is okay. */
for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++) for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)