dirmngr (8 files)
cvs user wk
cvs at cvs.gnupg.org
Mon Dec 13 16:12:25 CET 2004
Date: Monday, December 13, 2004 @ 16:16:35
Author: wk
Path: /cvs/dirmngr/dirmngr
Modified: ChangeLog configure.ac doc/dirmngr.texi src/ChangeLog
src/dirmngr.c src/dirmngr.h src/dirmngr_ldap.c src/ldap.c
* configure.ac (AC_CHECK_TYPES): Check for sigset_t.
* dirmngr_ldap.c (catch_alarm, set_timeout): new.
(main): Install alarm handler. Add new option --only-search-timeout.
(print_ldap_entries, fetch_ldap): Use set_timeout ();
* dirmngr.h: Make LDAPTIMEOUT a simple unsigned int. Change all
initializations.
* ldap.c (start_cert_fetch_ldap, run_ldap_wrapper): Pass timeout
option to the wrapper.
(INACTIVITY_TIMEOUT): Depend on LDAPTIMEOUT.
(run_ldap_wrapper): Add arg IGNORE_TIMEOUT.
(ldap_wrapper_thread): Check for special timeout exit code.
* dirmngr.c: Workaround a typo in gpgconf for
ignore-ocsp-service-url.
--------------------+
ChangeLog | 4 +++
configure.ac | 4 +--
doc/dirmngr.texi | 7 +++++-
src/ChangeLog | 13 +++++++++++-
src/dirmngr.c | 7 +-----
src/dirmngr.h | 2 -
src/dirmngr_ldap.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++----
src/ldap.c | 32 ++++++++++++++++++++++++++-----
8 files changed, 102 insertions(+), 19 deletions(-)
Index: dirmngr/ChangeLog
diff -u dirmngr/ChangeLog:1.79 dirmngr/ChangeLog:1.80
--- dirmngr/ChangeLog:1.79 Fri Dec 3 15:42:36 2004
+++ dirmngr/ChangeLog Mon Dec 13 16:16:35 2004
@@ -1,3 +1,7 @@
+2004-12-13 Werner Koch <wk at g10code.com>
+
+ * configure.ac (AC_CHECK_TYPES): Check for sigset_t.
+
2004-12-03 Werner Koch <wk at g10code.com>
* configure.ac (canonicalize_file_name): Check for it.
Index: dirmngr/configure.ac
diff -u dirmngr/configure.ac:1.64 dirmngr/configure.ac:1.65
--- dirmngr/configure.ac:1.64 Fri Dec 3 15:42:36 2004
+++ dirmngr/configure.ac Mon Dec 13 16:16:35 2004
@@ -345,6 +345,8 @@
GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
+AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
+
# Checks for library functions.
@@ -376,14 +378,12 @@
fi
fi
-
# We use jnlib, so tell other modules about it
AC_DEFINE(HAVE_JNLIB_LOGGING, 1,
[Defined if jnlib style logging fucntions are available])
-
#
# Print errors here so that they are visible all
# together and the user can acquire them all together.
Index: dirmngr/doc/dirmngr.texi
diff -u dirmngr/doc/dirmngr.texi:1.18 dirmngr/doc/dirmngr.texi:1.19
--- dirmngr/doc/dirmngr.texi:1.18 Thu Nov 25 12:37:38 2004
+++ dirmngr/doc/dirmngr.texi Mon Dec 13 16:16:35 2004
@@ -447,7 +447,7 @@
@item --ldaptimeout @var{secs}
@opindex ldaptimeout
Specify the number of seconds to wait for an LDAP query before timing
-out. The default is currently 100 seconds.
+out. The default is currently 100 seconds. 0 will never timeout.
@item --add-servers
@@ -838,6 +838,11 @@
Validate the given certificate using dirmngr's internal validation code.
This is mainly useful for debugging.
+ at item --load-crl
+ at opindex load-crl
+This command expects a list of filenames with DER encoded CRL files.
+All CRL will be vfalidated and then loaded into dirmngr's cache.
+
@item --lookup
@opindex lookup
Take the remaining arguments and run a lookup command on each of them.
Index: dirmngr/src/ChangeLog
diff -u dirmngr/src/ChangeLog:1.34 dirmngr/src/ChangeLog:1.35
--- dirmngr/src/ChangeLog:1.34 Mon Dec 13 12:43:05 2004
+++ dirmngr/src/ChangeLog Mon Dec 13 16:16:35 2004
@@ -1,7 +1,18 @@
2004-12-13 Werner Koch <wk at g10code.com>
+ * dirmngr_ldap.c (catch_alarm, set_timeout): new.
+ (main): Install alarm handler. Add new option --only-search-timeout.
+ (print_ldap_entries, fetch_ldap): Use set_timeout ();
+ * dirmngr.h: Make LDAPTIMEOUT a simple unsigned int. Change all
+ initializations.
+ * ldap.c (start_cert_fetch_ldap, run_ldap_wrapper): Pass timeout
+ option to the wrapper.
+ (INACTIVITY_TIMEOUT): Depend on LDAPTIMEOUT.
+ (run_ldap_wrapper): Add arg IGNORE_TIMEOUT.
+ (ldap_wrapper_thread): Check for special timeout exit code.
+
* dirmngr.c: Workaround a typo in gpgconf for
- ignore-ocsp-servic-url.
+ ignore-ocsp-service-url.
2004-12-10 Werner Koch <wk at g10code.com>
Index: dirmngr/src/dirmngr.c
diff -u dirmngr/src/dirmngr.c:1.51 dirmngr/src/dirmngr.c:1.52
--- dirmngr/src/dirmngr.c:1.51 Mon Dec 13 12:43:05 2004
+++ dirmngr/src/dirmngr.c Mon Dec 13 16:16:35 2004
@@ -533,9 +533,7 @@
/* LDAP defaults */
opt.add_new_ldapservers = 0;
- opt.ldaptimeout.tv_sec = DEFAULT_LDAP_TIMEOUT;
- opt.ldaptimeout.tv_usec = 0;
-
+ opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
/* Other defaults. */
socket_name = DEFAULT_SOCKET_NAME;
@@ -659,8 +657,7 @@
case oLDAPFile: ldapfile = pargs.r.ret_str; break;
case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
case oLDAPTimeout:
- opt.ldaptimeout.tv_sec = pargs.r.ret_int;
- opt.ldaptimeout.tv_usec = 0;
+ opt.ldaptimeout = pargs.r.ret_int;
break;
case oFakedSystemTime:
Index: dirmngr/src/dirmngr.h
diff -u dirmngr/src/dirmngr.h:1.24 dirmngr/src/dirmngr.h:1.25
--- dirmngr/src/dirmngr.h:1.24 Wed Dec 1 17:11:14 2004
+++ dirmngr/src/dirmngr.h Mon Dec 13 16:16:35 2004
@@ -95,7 +95,7 @@
int allow_ocsp; /* Allow using OCSP. */
int max_replies;
- struct timeval ldaptimeout;
+ unsigned int ldaptimeout;
ldap_server_t ldapservers;
int add_new_ldapservers;
Index: dirmngr/src/dirmngr_ldap.c
diff -u dirmngr/src/dirmngr_ldap.c:1.6 dirmngr/src/dirmngr_ldap.c:1.7
--- dirmngr/src/dirmngr_ldap.c:1.6 Wed Dec 1 17:11:14 2004
+++ dirmngr/src/dirmngr_ldap.c Mon Dec 13 16:16:35 2004
@@ -25,9 +25,11 @@
#include <stddef.h>
#include <stdarg.h>
#include <string.h>
+#include <signal.h>
#include <errno.h>
#include <assert.h>
#include <sys/time.h>
+#include <unistd.h>
#include <ldap.h>
@@ -64,6 +66,7 @@
oFilter,
oAttr,
+ oOnlySearchTimeout,
oLogWithPID
};
@@ -86,6 +89,7 @@
{ oDN, "dn", 2, N_("|STRING|query DN STRING")},
{ oFilter, "filter", 2, N_("|STRING|use STRING as filter expression")},
{ oAttr, "attr", 2, N_("|STRING|return the attribute STRING")},
+ { oOnlySearchTimeout, "only-search-timeout", 0, "@"},
{ oLogWithPID,"log-with-pid", 0, "@"},
{0}
};
@@ -96,7 +100,8 @@
{
int quiet;
int verbose;
- struct timeval timeout;
+ struct timeval timeout; /* Timeout for the LDAP search functions. */
+ unsigned int alarm_timeout; /* And for the alarm based timeout. */
int multi;
/* Note that we can't use const for the strings because ldap_* are
@@ -112,8 +117,8 @@
} opt;
-
/* Prototypes. */
+static void catch_alarm (int dummy);
static int process_url (const char *url);
@@ -171,6 +176,7 @@
ARGPARSE_ARGS pargs;
int any_err = 0;
char *p;
+ int only_search_timeout = 0;
set_strusage (my_strusage);
log_set_prefix ("dirmngr_ldap", JNLIB_LOG_WITH_PREFIX);
@@ -181,7 +187,7 @@
/* LDAP defaults */
opt.timeout.tv_sec = DEFAULT_LDAP_TIMEOUT;
opt.timeout.tv_usec = 0;
-
+ opt.alarm_timeout = 0;
/* Parse the command line. */
pargs.argc = &argc;
@@ -196,7 +202,9 @@
case oTimeout:
opt.timeout.tv_sec = pargs.r.ret_int;
opt.timeout.tv_usec = 0;
+ opt.alarm_timeout = pargs.r.ret_int;
break;
+ case oOnlySearchTimeout: only_search_timeout = 1; break;
case oMulti: opt.multi = 1; break;
case oUser: opt.user = pargs.r.ret_str; break;
case oPass: opt.pass = pargs.r.ret_str; break;
@@ -221,6 +229,9 @@
}
}
+ if (only_search_timeout)
+ opt.alarm_timeout = 0;
+
if (opt.proxy)
{
opt.host = xstrdup (opt.proxy);
@@ -243,6 +254,20 @@
if (argc < 1)
usage (1);
+ if (opt.alarm_timeout)
+ {
+#if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION)
+ struct sigaction act;
+
+ act.sa_handler = catch_alarm;
+ sigemptyset (&act.sa_mask);
+ act.sa_flags = 0;
+ if (sigaction (SIGALRM,&act,NULL))
+#else
+ if (signal (SIGALRM, catch_alarm) == SIG_ERR)
+#endif
+ log_fatal ("unable to register timeout handler\n");
+ }
for (; argc; argc--, argv++)
if (process_url (*argv))
@@ -252,6 +277,22 @@
}
+static void
+catch_alarm (int dummy)
+{
+ _exit (10);
+}
+
+
+static void
+set_timeout (void)
+{
+ if (opt.alarm_timeout)
+ alarm (opt.alarm_timeout);
+}
+
+
+
/* Helper for fetch_ldap(). */
static int
print_ldap_entries (LDAP *ld, LDAPMessage *msg, char *want_attr)
@@ -289,6 +330,8 @@
if (opt.verbose > 1)
log_info (_(" available attribute `%s'\n"), attr);
+ set_timeout ();
+
/* I case we want only one attribute we do a case
insensitive compare without the optional extension
(i.e. ";binary"). case insensive is not really correct
@@ -454,6 +497,7 @@
log_info (_("WARNING: using first attribute only\n"));
+ set_timeout ();
ld = ldap_init (host, port);
if (!ld)
{
@@ -469,6 +513,7 @@
return -1;
}
+ set_timeout ();
rc = ldap_search_st (ld, dn, ludp->lud_scope, filter,
opt.multi && !opt.attr && ludp->lud_attrs?
ludp->lud_attrs:attrs,
@@ -526,7 +571,6 @@
return -1;
}
-
rc = fetch_ldap (url, ludp);
ldap_free_urldesc (ludp);
Index: dirmngr/src/ldap.c
diff -u dirmngr/src/ldap.c:1.41 dirmngr/src/ldap.c:1.42
--- dirmngr/src/ldap.c:1.41 Fri Dec 10 16:15:45 2004
+++ dirmngr/src/ldap.c Mon Dec 13 16:16:35 2004
@@ -43,7 +43,7 @@
#define MAX_OPEN_FDS 20
#endif
-#define INACTIVITY_TIMEOUT (60*5) /* seconds */
+#define INACTIVITY_TIMEOUT (opt.ldaptimeout + 60*5) /* seconds */
#define UNENCODED_URL_CHARS "abcdefghijklmnopqrstuvwxyz" \
"ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
@@ -94,7 +94,6 @@
static struct wrapper_context_s *wrapper_list;
-
/* Add HOST and PORT to our list of LDAP servers. Fixme: We should
better use an extra list of servers. */
static void
@@ -310,6 +309,9 @@
if (!WIFEXITED (status))
log_info (_("ldap wrapper %d ready: terminated\n"),
(int)ctx->pid);
+ else if (WEXITSTATUS (status) == 10 )
+ log_info (_("ldap wrapper %d ready: timeout\n"),
+ (int)ctx->pid);
else
log_info (_("ldap wrapper %d ready: exit status %d\n"),
(int)ctx->pid, WEXITSTATUS (status));
@@ -692,6 +694,7 @@
The function returns a new stream at R_FP. */
static gpg_error_t
run_ldap_wrapper (ctrl_t ctrl,
+ int ignore_timeout,
const char *proxy,
const char *host, int port,
const char *user, const char *pass,
@@ -699,9 +702,10 @@
const char *url,
ksba_reader_t *reader)
{
- const char *argv[20];
+ const char *argv[30];
int argc;
- char portbuf[30];
+ char portbuf[30], timeoutbuf[30];
+
*reader = NULL;
@@ -714,6 +718,14 @@
if (opt.verbose)
argv[argc++] = "-vv";
argv[argc++] = "--log-with-pid";
+ if (opt.ldaptimeout)
+ {
+ sprintf (timeoutbuf, "%u", opt.ldaptimeout);
+ argv[argc++] = "--timeout";
+ argv[argc++] = timeoutbuf;
+ if (ignore_timeout)
+ argv[argc++] = "--only-search-timeout";
+ }
if (proxy)
{
argv[argc++] = "--proxy";
@@ -769,6 +781,8 @@
gpg_error_t err;
err = run_ldap_wrapper (ctrl,
+ 1, /* Ignore explicit timeout because CRLS
+ might be very large. */
opt.ldap_proxy,
host, port,
NULL, NULL,
@@ -807,6 +821,7 @@
for (server = opt.ldapservers; err && server; server = server->next)
{
err = run_ldap_wrapper (ctrl,
+ 0,
NULL,
server->host, server->port,
NULL, NULL,
@@ -838,6 +853,7 @@
for (server = opt.ldapservers; server; server = server->next)
{
err = run_ldap_wrapper (ctrl,
+ 0,
opt.ldap_proxy,
server->host, server->port,
server->user, server->pass,
@@ -1036,7 +1052,7 @@
const char *base;
const char *argv[50];
int argc;
- char portbuf[30];
+ char portbuf[30], timeoutbuf[30];
*context = NULL;
@@ -1064,6 +1080,12 @@
argv[argc++] = "-vv";
argv[argc++] = "--log-with-pid";
argv[argc++] = "--multi";
+ if (opt.ldaptimeout)
+ {
+ sprintf (timeoutbuf, "%u", opt.ldaptimeout);
+ argv[argc++] = "--timeout";
+ argv[argc++] = timeoutbuf;
+ }
if (opt.ldap_proxy)
{
argv[argc++] = "--proxy";
More information about the Gnupg-commits
mailing list