1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-08 21:18:51 +01:00
Commit Graph

24 Commits

Author SHA1 Message Date
NIIBE Yutaka
3918fa1a94 agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.
* agent/findkey.c (unprotect): Use gnupg_sleep.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/crlfetch.c (handle_connections): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* tpm2d/tpm3daemon.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* scd/command.c (cmd_lock): Likewise.
* dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
(ldap_wrapper_wait_connections): Use gnupg_usleep.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-10-05 14:05:56 +09:00
Werner Koch
864ea25198
dirmngr: Rewrite the LDAP wrapper tool
* dirmngr/ldap-misc.c: New.
* dirmngr/ldap-misc.h: New.
* dirmngr/ks-engine-ldap.c: Include ldap-misc.h.
(ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug
mode.
* dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND
the saqme as GPG_ERR_NO_DATA.
* dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds.
Remove arg url.  Adjust for changes in dirmngr_ldap.
(url_fetch_ldap): Remove args host and port.  Parse the URL and use
these values to call run_ldap_wrapper.
(attr_fetch_ldap): Pass tls flags to run_ldap_wrapper.
(rfc2254_need_escape, rfc2254_escape): New.
(extfilt_need_escape, extfilt_escape): New.
(parse_one_pattern): Rename to ...
(make_one_filter): this.  Change for new dirmngr_ldap calling
convention.  Make issuer DN searching partly work.
(escape4url, make_url): Remove.
(start_cert_fetch_ldap): Change for new dirmngr_ldap calling
convention.
* dirmngr/dirmngr_ldap.c: Major rewrite.

* dirmngr/t-ldap-misc.c: New.
* dirmngr/t-support.h (DIM, DIMof): New.
* dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c
(module_tests) [USE_LDAP]: Add t-ldap-misc.
(t_ldap_parse_uri_SOURCES): Ditto.
(t_ldap_misc_SOURCES): New.
--

This rewrite allows to properly handle TLS and avoids some code
duplication.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 39815c023f)
2021-06-16 12:58:32 +02:00
Daniel Kahn Gillmor
0904b8ef34 Spelling cleanup.
No functional changes, just fixing minor spelling issues.

---

Most of these were identified from the command line by running:

  codespell \
    --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
    --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
    doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
    NEWS README README.maint TODO

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 18:07:46 -05:00
Werner Koch
4c295646ba
dirmngr: Remove cruft from dirmngr_ldap
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff.  Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--

Note that the ldap_sslinit stuff for Windows has not been tested.

This patch removes the whole wrapper-but-linked business because we do
not need it anymore.  WindowsCE for which we used it is pretty dead.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-11 20:49:04 +01:00
Werner Koch
a598bbeeaf
dirmngr: Sleep in the ldap wrapper thread.
* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
(ldap_reaper_thread): Protect all list modification with a mutex.  Use
a condition var to wake up the reaper thread.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-30 08:46:03 +02:00
Werner Koch
f9fbfc64e4
dirmngr: Use the LDAP wrapper process also for Windows.
* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--

Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows.  Our long term use of the old Window CE wrapper
thing didn't fixed this either.  The new code uses the portable
es_poll function and thus code which is tested at several other
places.  It Should(tm) fix the Windows issues.

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-27 12:05:31 +02:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Daniel Kahn Gillmor
f6728d13e8
dirmngr: Lazily launch ldap reaper thread.
* dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread()
Before we need it.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Call
ldap_wrapper_launch_thread() just in time (before any attempt to use
an ldap subprocess).

--

A dirmngr process that never looks anything up in LDAP has no need for
a reaper thread, but one was started automatically.  This thread wakes
up every two seconds to look for ldap processes that might never have
been running.  We won't start more than one reaper thread for any
given dirmngr due to the static int "done" in
ldap_wrapper_launch_thread(), so it's safe to call this every time
there is a use of ldap_wrapper.

If someone wants to do further dirmngr optimizations for ldap users,
the reaper thread itself could use dynamically-calculated timeouts
(and probably needs to be alerted dynamically when a new ldap
subprocess is available so it can re-calculate those timeouts).

Note: It's not clear to me how to test ldap access effectively; i know
of no public ldap services that i can verify against, and i do not run
my own ldap servers.  If someone has a publicly-available ldap server
that developers can run tests against, i would be happy to hear about
it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-29 14:32:31 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Daniel Kahn Gillmor
dc107b7850 More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
  common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
  dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
  doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
  doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
  g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
  m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
  po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
  po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
  po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
  po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
  scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
  sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
  with clearer text.

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:55:33 +02:00
Werner Koch
5d991e333a
common: Extend gnupg_create_inbound_pipe et al.
* common/exechelp-posix.c (gnupg_create_inbound_pipe): Add args 'r_fp'
and 'nonblock'.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-w32.c (gnupg_create_inbound_pipe): Add non yet
functional args 'r_fp' and 'nonblock'.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-w32ce.c (gnupg_create_inbound_pipe): Ditto.
(gnupg_create_outbound_pipe): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 15:41:55 +02:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Werner Koch
c97198371b
dirmngr: Fix the cleanup zombies fix (685b782).
* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the
stdout reader after EOF from read_log_data.
* dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before
the next iteration.
--

I assumed that the log_fd also has a reader object but that reader
object is used for stdout and needs to be closed by the consumer.

The real bug with the non-released ldap_wrapper control objects was
that when looping over distribution points we did not closed the used
reader object before the next iteration.  Now, the test case had more
than one DP and thus we lost one reader object.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-18 13:34:48 +02:00
Werner Koch
685b782a18
dirmngr: Cleanup zombies and fix hang on shutdown.
* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation
into the loop.  Check the queue also on timeout.  Close log_fd and
reader context on EOF or error.
--

The major bug here was that on an EOF of the log fd the log fd was not
closed and thus the final queue item removal could not work.  Checking
the queue on a timeout is not really necessary but it help in case
there is a race condition lingering.

GnuPG-bug-id: 1838, 1978
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-16 18:11:32 +02:00
Werner Koch
eb4d33cba9
dirmngr: Add missing cast for use of pid_t in printf.
--
2015-06-16 18:11:31 +02:00
Neal H. Walfield
096f4186c8 Improve spelling and grammar of some comments.
--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-23 19:58:30 +01:00
Marcus Brinkmann
8f8c659414 Replace npth_yield in busy wait by npth_usleep.
* dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): Call
npth_usleep instead of npth_yield.
2012-02-28 17:26:32 +01:00
Marcus Brinkmann
7a7a597827 Port to npth.
* configure.ac: Don't check for PTH but for NPTH.
(AH_BOTTOM): Remove PTH_SYSCALL_SOFT.
(have_pth): Rename to ...
(have_npth): ... this.
(USE_GNU_NPTH): Rename to ...
(USE_GNU_PTH): ... this.
* m4/npth.m4: New file.
* agent/Makefile.am, agent/cache.c, agent/call-pinentry.c,
agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c,
agent/trustlist.c, common/Makefile.am, common/estream.c,
common/exechelp-posix.c, common/exechelp-w32.c,
common/exechelp-w32ce.c, common/http.c, common/init.c,
common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c,
dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c,
dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am,
g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am,
scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c,
scd/scdaemon.c, tools/Makefile.am: Port to npth.
2012-01-25 14:50:47 +01:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
2b81258b2b Make dirmngr more battery friendly.
Similar to gpg-agent, dirmngr's wait timeouts are now synced to the
full second.  Increased ldap helper thread timeout to 2 seconds.

Nuked some white spaces.
2011-01-25 11:26:01 +01:00
Werner Koch
d1946ed718 Translate dirmngr strings 2010-10-21 08:23:29 +00:00
Werner Koch
ca279dc707 Some work on the dirmngr 2010-07-26 14:01:32 +00:00
Werner Koch
a22c38baad Some work on the dirmngr 2010-07-23 16:16:14 +00:00