[svn] dirmngr - r259 - in trunk: . doc m4 src
svn author wk
cvs at cvs.gnupg.org
Wed Aug 8 19:07:05 CEST 2007
Author: wk
Date: 2007-08-08 19:06:34 +0200 (Wed, 08 Aug 2007)
New Revision: 259
Removed:
trunk/m4/Makefile
trunk/m4/Makefile.in
Modified:
trunk/ChangeLog
trunk/Makefile.am
trunk/NEWS
trunk/configure.ac
trunk/doc/dirmngr.texi
trunk/src/ChangeLog
trunk/src/crlcache.c
trunk/src/dirmngr.c
trunk/src/dirmngr_ldap.c
trunk/src/exechelp.c
trunk/src/get-path.c
trunk/src/ldap.c
Log:
Fixed dirmngr_wait_process.
Typo fixes.
LDAP fixes.
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/ChangeLog 2007-08-08 17:06:34 UTC (rev 259)
@@ -1,3 +1,10 @@
+2007-08-07 Werner Koch <wk at g10code.com>
+
+ * configure.ac (COPYRIGHT_YEAR_NAME): Set to 2007.
+
+ * Makefile.am (dist-hook, stowinstall): New.
+ (AUTOMAKE_OPTIONS): Do not create gzip tarballs.
+
2007-07-26 Marcus Brinkmann <marcus at g10code.de>
* Makefile.am (tests): New variable.
Modified: trunk/Makefile.am
===================================================================
--- trunk/Makefile.am 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/Makefile.am 2007-08-08 17:06:34 UTC (rev 259)
@@ -20,7 +20,7 @@
## Process this file with automake to produce Makefile.in
ACLOCAL_AMFLAGS = -I m4
-AUTOMAKE_OPTIONS = dist-bzip2
+AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip
EXTRA_DIST = config.rpath autogen.sh
@@ -31,3 +31,9 @@
endif
SUBDIRS = m4 jnlib src po doc $(tests)
+
+dist-hook:
+ echo "$(VERSION)" > $(distdir)/VERSION
+
+stowinstall:
+ $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/dirmngr
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/NEWS 2007-08-08 17:06:34 UTC (rev 259)
@@ -1,6 +1,10 @@
-Noteworthy changes in version 1.0 0 (2006-11-29)
+Noteworthy changes in version 1.0.1
------------------------------------------------
+
+Noteworthy changes in version 1.0.0 (2006-11-29)
+------------------------------------------------
+
* Bumbed the version number.
* Removed included gettext. We now require the system to provide a
Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/configure.ac 2007-08-08 17:06:34 UTC (rev 259)
@@ -26,8 +26,8 @@
# Remember to change the version number immediately *after* a release.
# Set my_issvn to "yes" for non-released code. Remember to run an
# "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [1.0.0])
-m4_define([my_issvn], [no])
+m4_define([my_version], [1.0.1])
+m4_define([my_issvn], [yes])
m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \
|| echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')]))
@@ -45,7 +45,7 @@
NEED_KSBA_API=1
NEED_KSBA_VERSION=1.0.0
-COPYRIGHT_YEAR_NAME="2006 g10 Code GmbH"
+COPYRIGHT_YEAR_NAME="2007 g10 Code GmbH"
PACKAGE=$PACKAGE_NAME
VERSION=$PACKAGE_VERSION
Modified: trunk/doc/dirmngr.texi
===================================================================
--- trunk/doc/dirmngr.texi 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/doc/dirmngr.texi 2007-08-08 17:06:34 UTC (rev 259)
@@ -460,13 +460,13 @@
Lines starting with a @samp{#} are comments.
-Note that as usual all strings entered are expected to be UTF_8 encoded.
+Note that as usual all strings entered are expected to be UTF-8 encoded.
Obviously this will lead to problems if the password has orginally been
-encoded as Latin-1. tehre isno solutionhere than to put such a password
-in the binary encoding into the file (i.e. non-ascii characters won't
-show up readable). at footnote{The @command{gpgconf} tool might be helpful
-for frontends as it allows to edit this configuration file suing percent
-escaped strings.}
+encoded as Latin-1. There is no other solution here than to put such a
+password in the binary encoding into the file (i.e. non-ascii characters
+won't show up readable). at footnote{The @command{gpgconf} tool might be
+helpful for frontends as it allows to edit this configuration file using
+percent escaped strings.}
@item --ldaptimeout @var{secs}
Deleted: trunk/m4/Makefile
Deleted: trunk/m4/Makefile.in
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/src/ChangeLog 2007-08-08 17:06:34 UTC (rev 259)
@@ -1,3 +1,25 @@
+2007-08-08 Werner Koch <wk at g10code.com>
+
+ * crlcache.c (crl_parse_insert): Hack to allow for a missing
+ nextUpdate.
+
+ * dirmngr_ldap.c (print_ldap_entries): Strip the extension from
+ the want_attr.
+
+ * exechelp.c (dirmngr_wait_process): Reworked for clear error
+ semantics.
+ * ldap.c (ldap_wrapper_thread): Adjust for new
+ dirmngr_wait_process semantics.
+
+2007-08-07 Werner Koch <wk at g10code.com>
+
+ * get-path.c (default_socket_name) [!W32]: Fixed syntax error.
+
+ * ldap.c (X509CACERT, make_url, fetch_next_cert_ldap): Support
+ x509caCert as used by the Bundesnetzagentur.
+ (ldap_wrapper): Do not pass the prgtram name as the first
+ argument. dirmngr_spawn_process takes care of that.
+
2007-08-04 Marcus Brinkmann <marcus at g10code.de>
* dirmngr.h (opt): Add member system_service.
@@ -14,8 +36,8 @@
option.
* util.h (dirmngr_sysconfdir, dirmngr_libexecdir, dirmngr_datadir,
dirmngr_cachedir, default_socket_name): New prototypes.
- * get-path.c (dirmngr_sysconfdir, dirmngr_libexecdir,
- dirmngr_datadir, dirmngr_cachedir, default_socket_name): New
+ * get-path.c (dirmngr_sysconfdir, dirmngr_libexecdir)
+ (dirmngr_datadir, dirmngr_cachedir, default_socket_name): New
functions.
(DIRSEP_C, DIRSEP_S): New macros.
@@ -42,7 +64,8 @@
2007-07-30 Marcus Brinkmann <marcus at g10code.de>
- * ldap-url.c (ldap_str2charray): Fix buglet in ldap_utf8_strchr invocation.
+ * ldap-url.c (ldap_str2charray): Fix buglet in ldap_utf8_strchr
+ invocation.
2007-07-27 Marcus Brinkmann <marcus at g10code.de>
Modified: trunk/src/crlcache.c
===================================================================
--- trunk/src/crlcache.c 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/src/crlcache.c 2007-08-08 17:06:34 UTC (rev 259)
@@ -1586,9 +1586,16 @@
goto failure;
}
- if (opt.verbose)
+ if (opt.verbose || !*nextupdate)
log_info (_("update times of this CRL: this=%s next=%s\n"),
thisupdate, nextupdate);
+ if (!*nextupdate)
+ {
+ log_info (_("nextUpdate not given; "
+ "assuming a validity period of one day\n"));
+ copy_time (nextupdate, thisupdate);
+ add_isotime (nextupdate, 86400);
+ }
}
break;
Modified: trunk/src/dirmngr.c
===================================================================
--- trunk/src/dirmngr.c 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/src/dirmngr.c 2007-08-08 17:06:34 UTC (rev 259)
@@ -1,6 +1,6 @@
/* dirmngr.c - LDAP access
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003, 2004, 2006 g10 Code GmbH
+ * Copyright (C) 2003, 2004, 2006, 2007 g10 Code GmbH
*
* This file is part of DirMngr.
*
Modified: trunk/src/dirmngr_ldap.c
===================================================================
--- trunk/src/dirmngr_ldap.c 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/src/dirmngr_ldap.c 2007-08-08 17:06:34 UTC (rev 259)
@@ -343,22 +343,31 @@
/* I case we want only one attribute we do a case
insensitive compare without the optional extension
- (i.e. ";binary"). case insensive is not really correct
- but the best we can do. */
+ (i.e. ";binary"). Case insensitive is not really correct
+ but the best we can do. */
if (want_attr)
{
- char *cp = strchr (attr, ';');
- if (cp)
- *cp = 0;
- if ( ascii_strcasecmp (want_attr, attr) )
+ char *cp1, *cp2;
+ int cmpres;
+
+ cp1 = strchr (want_attr, ';');
+ if (cp1)
+ *cp1 = 0;
+ cp2 = strchr (attr, ';');
+ if (cp2)
+ *cp2 = 0;
+ cmpres = ascii_strcasecmp (want_attr, attr);
+ if (cp1)
+ *cp1 = ';';
+ if (cp2)
+ *cp2 = ';';
+ if (cmpres)
{
ldap_memfree (attr);
continue; /* Not found: Try next attribute. */
}
- if (cp)
- *cp = ';';
}
-
+
values = ldap_get_values_len (ld, item, attr);
if (!values)
@@ -559,7 +568,7 @@
-/* Main processing. Take the URL and run the DLAP query. The result
+/* Main processing. Take the URL and run the LDAP query. The result
is printed to stdout, errors are logged to the log stream. */
static int
process_url (const char *url)
Modified: trunk/src/exechelp.c
===================================================================
--- trunk/src/exechelp.c 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/src/exechelp.c 2007-08-08 17:06:34 UTC (rev 259)
@@ -72,7 +72,7 @@
p = stpcpy (p, "\"\"");
else if (strpbrk (string, " \t\n\v\f\""))
{
- /* Need top do some kind of quoting. */
+ /* Need to do some kind of quoting. */
p = stpcpy (p, "\"");
for (s=string; *s; s++)
{
@@ -102,13 +102,13 @@
*cmdline = NULL;
n = 0;
s = pgmname;
- n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */
+ n += strlen (s) + 1 + 2; /* (1 space, 2 quoting) */
for (; *s; s++)
if (*s == '\"')
n++; /* Need to double inner quotes. */
for (i=0; (s=argv[i]); i++)
{
- n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */
+ n += strlen (s) + 1 + 2; /* (1 space, 2 quoting) */
for (; *s; s++)
if (*s == '\"')
n++; /* Need to double inner quotes. */
@@ -426,12 +426,25 @@
}
-/* Wait for the process identified by PID to terminate. PGMNAME should
- be the same as suplieed to the spawn fucntion and is only used for
- diagnostics. Returns 0 if the process succeded, GPG_ERR_GENERAL for
- any failures of the spawned program or other error codes.*/
+/* If HANG is true, waits for the process identified by PID to exit.
+ If HANG is false, checks whether the process has terminated.
+ Return values:
+
+ GPG_ERR_NO_ERROR
+ The process exited. The exit code of process is then stored at
+ R_STATUS. An exit code of -1 indicates that the process
+ terminated abnormally (e.g. due to a signal).
+
+ GPG_ERR_TIMEOUT
+ The process is still running (returned only if HANG is false).
+
+ GPG_ERR_INV_VALUE
+ An invalid PID has been specified.
+
+ Other error codes may be returned as well. Unless otherwise noted,
+ -1 will be stored at R_STATUS. */
gpg_error_t
-dirmngr_wait_process (pid_t pid, int hang, int *status)
+dirmngr_wait_process (pid_t pid, int hang, int *r_status)
{
gpg_err_code_t ec;
@@ -440,7 +453,7 @@
int code;
DWORD exc;
- *status = 0;
+ *r_status = -1;
if (pid == (pid_t)(-1))
return gpg_error (GPG_ERR_INV_VALUE);
@@ -451,12 +464,13 @@
switch (code)
{
case WAIT_TIMEOUT:
-
+ ec = GPG_ERR_TIMEOUT;
break;
+
case WAIT_FAILED:
log_error (_("waiting for process %d to terminate failed: %s\n"),
(int)pid, w32_strerror (-1));
- ec = GPG_ERR_GENERAL;
+ ec = 0;
break;
case WAIT_OBJECT_0:
@@ -466,15 +480,14 @@
(int)pid, w32_strerror (-1) );
ec = GPG_ERR_GENERAL;
}
- else if (exc)
+ else
{
- log_error (_("error detected in waitpid: exit status %d\n"),
- (int) exc);
- ec = GPG_ERR_GENERAL;
+ *r_status = exc;
+ if (exc)
+ log_error (_("error detected: exit status %d%s\n"),
+ *r_status, "");
+ ec = 0;
}
- else
- ec = 0;
- *status = 1;
break;
default:
@@ -486,44 +499,39 @@
#else /* !HAVE_W32_SYSTEM */
int i;
- int r_status;
+ int status;
- *status = 0;
+ *r_status = -1;
+
if (pid == (pid_t)(-1))
return gpg_error (GPG_ERR_INV_VALUE);
- i = pth_waitpid (pid, &r_status, 0);
+ i = pth_waitpid (pid, &status, hang? 0 : WNOHANG);
if (i == (pid_t)(-1))
{
+ ec = gpg_err_code_from_syserror ();
log_error (_("waiting for process %d to terminate failed: %s\n"),
(int)pid, strerror (errno));
- ec = gpg_err_code_from_errno (errno);
}
- if (i == 0)
+ else if (i == 0)
{
- *status = 0;
- ec = 0;
+ /* The process is still running. */
+ ec = GPG_ERR_TIMEOUT;
}
- else if (WIFEXITED (status) && WEXITSTATUS (status) == 127)
+ else if (WIFEXITED (status))
{
- log_error (_("error detected: program probably not installed\n"));
- ec = GPG_ERR_CONFIGURATION;
+ ec = 0;
+ *r_status = WEXITSTATUS (status);
+ if (*r_status)
+ log_error (_("error detected: exit status %d%s\n"), *r_status,
+ *r_status == 127? _(" (program probably not installed)")
+ /* */ :"");
}
- else if (WIFEXITED (status) && WEXITSTATUS (status))
+ else
{
- log_error (_("error detected: exit status %d\n"), WEXITSTATUS (status));
- ec = GPG_ERR_GENERAL;
- }
- else if (!WIFEXITED (status))
- {
+ ec = 0;
log_error (_("error detected: terminated\n"));
- ec = GPG_ERR_GENERAL;
}
- else
- {
- *status = 1;
- ec = 0;
- }
#endif /* !HAVE_W32_SYSTEM */
return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
Modified: trunk/src/get-path.c
===================================================================
--- trunk/src/get-path.c 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/src/get-path.c 2007-08-08 17:06:34 UTC (rev 259)
@@ -506,6 +506,6 @@
}
return name;
#else /*!HAVE_W32_SYSTEM*/
- return "/var/run/dirmngr/socket"
+ return "/var/run/dirmngr/socket";
#endif /*!HAVE_W32_SYSTEM*/
}
Modified: trunk/src/ldap.c
===================================================================
--- trunk/src/ldap.c 2007-08-04 03:39:35 UTC (rev 258)
+++ trunk/src/ldap.c 2007-08-08 17:06:34 UTC (rev 259)
@@ -1,6 +1,6 @@
/* ldap.c - LDAP access
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003, 2004, 2005 g10 Code GmbH
+ * Copyright (C) 2003, 2004, 2005, 2007 g10 Code GmbH
*
* This file is part of DirMngr.
*
@@ -61,6 +61,7 @@
"$-_.+!*'(),"
#define USERCERTIFICATE "userCertificate"
#define CACERTIFICATE "caCertificate"
+#define X509CACERT "x509caCert"
#define USERSMIMECERTIFICATE "userSMIMECertificate"
@@ -322,16 +323,19 @@
int status;
err = dirmngr_wait_process (ctx->pid, 0, &status);
-
- if (err == -1)
- log_error (_("waiting for ldap wrapper %d failed: %s\n"),
- (int)ctx->pid, gpg_strerror (err));
- else if (status)
+ if (!err)
{
- log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
+ log_info (status == 10 ?
+ _("ldap wrapper %d ready: timeout\n") :
+ _("ldap wrapper %d ready"), (int)ctx->pid);
ctx->ready = 1;
ctx->pid = (pid_t)(-1);
}
+ else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
+ {
+ log_error (_("waiting for ldap wrapper %d failed: %s\n"),
+ (int)ctx->pid, gpg_strerror (err));
+ }
}
/* Check whether we should terminate the process. */
@@ -514,9 +518,8 @@
}
/* Fork and exec the LDAP wrapper and returns a new libksba reader
- object at READER. ARGV is a NULL terminated list or argumenst for
- the wrapper; however the function adds the program's name as the
- first arg. The function returns 0 on success or an error code.
+ object at READER. ARGV is a NULL terminated list or arguments for
+ the wrapper. The function returns 0 on success or an error code.
We can't use LDAP directly for these reasons:
@@ -530,20 +533,20 @@
3. There is no easy way for timeouts. In particular the timeout
value does not work for DNS lookups (well, this is usual) and it
seems not to work while loading a large attribute like a
- CRL. Having a separate process allows us to either tell than
+ CRL. Having a separate process allows us to either tell the
process to commit suicide or have our own housekepping function
kill it after some time. The latter also allows proper
- cancellation of a query at any point.
+ cancellation of a query at any point of time.
4. Given that we are going out to the network and usually get back
- a long response, the frok/exec overhead is acceptable.
+ a long response, the fork/exec overhead is acceptable.
Special hack to avoid passing a password through the command line
which is globally visible: If the first element of ARGV is "--pass"
it will be removed and instead the environment variable
DIRMNGR_LDAP_PASS will be set to the next value of ARGV. On modern
- OSes the environment is not visible to other other user. For those
- old systems where it can't be avoided, we don't want to go into the
+ OSes the environment is not visible to other users. For those old
+ systems where it can't be avoided, we don't want to go into the
hassle of passing the password via stdin; it's just too complicated
and an LDAP password used for public directory lookups should not
be that confidential. */
@@ -581,13 +584,8 @@
/* Create command line argument array. */
for (i = 0; argv[i]; i++)
;
- arg_list = xcalloc (i + 3, sizeof *arg_list);
- arg_list[0] = strrchr (pgmname, '/');
- if (arg_list[0])
- arg_list[0]++;
- else
- arg_list[0] = pgmname;
- for (i = 0, j = 1; argv[i]; i++, j++)
+ arg_list = xcalloc (i + 2, sizeof *arg_list);
+ for (i = j = 0; argv[i]; i++, j++)
if (!i && argv[i + 1] && !strcmp (*argv, "--pass"))
{
arg_list[j] = "--env-pass";
@@ -987,7 +985,8 @@
char *u_dn, *u_filter;
char const attrs[] = (USERCERTIFICATE ","
/* USERSMIMECERTIFICATE "," */
- CACERTIFICATE);
+ CACERTIFICATE ","
+ X509CACERT );
*url = NULL;
@@ -1329,6 +1328,13 @@
CACERTIFICATE);
okay = 1;
}
+ else if (!ascii_strcasecmp (p, X509CACERT))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("fetch_next_cert_ldap: got attribute `%s'\n",
+ CACERTIFICATE);
+ okay = 1;
+ }
/* else if (!ascii_strcasecmp (p, USERSMIMECERTIFICATE)) */
/* { */
/* if (DBG_LOOKUP) */
More information about the Gnupg-commits
mailing list