[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-24-g6d94918
by Werner Koch
cvs at cvs.gnupg.org
Fri Oct 17 16:02:11 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 6d9491842d5da597980eaa59e1e3e2137965fe09 (commit)
via a13705f4c18db56765f4af31376e81241dbabebe (commit)
from 8fd150b05b744fe9465057c12529d5e6b6b02785 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6d9491842d5da597980eaa59e1e3e2137965fe09
Author: Werner Koch <wk at gnupg.org>
Date: Fri Oct 17 15:59:45 2014 +0200
dirmngr: Allow building without LDAP support.
* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/NEWS b/NEWS
index fe80aab..ffe7733 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
Noteworthy changes in version 2.1.0 (unreleased)
------------------------------------------------
+ * Dirmngr may now be build without support for LDAP.
+
* For a complete list of changes see the lists of changes for the
2.1.0 beta versions below.
diff --git a/configure.ac b/configure.ac
index 7ce8c09..ce328e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -716,11 +716,6 @@ if test "$run_tests" = yes; then
fi
AM_CONDITIONAL(RUN_TESTS, test "$run_tests" = yes)
-if test "$use_ldapwrapper" = yes; then
- AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
-fi
-AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
-
# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
@@ -1049,16 +1044,45 @@ AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
#
# Note that running the check changes the variable
# gnupg_have_ldap from "n/a" to "no" or "yes".
-if test "$build_dirmngr" = "yes" ; then
- GNUPG_CHECK_LDAP($NETLIBS)
- AC_CHECK_LIB(lber, ber_free,
- [ LBER_LIBS="$LBER_LIBS -llber"
- AC_DEFINE(HAVE_LBER,1,
- [defined if liblber is available])
- have_lber=yes
- ])
+
+AC_ARG_ENABLE(ldap,
+ AC_HELP_STRING([--disable-ldap],[disable LDAP support]),
+ [if test "$enableval" = "no"; then gnupg_have_ldap=no; fi])
+
+if test "$gnupg_have_ldap" != "no" ; then
+ if test "$build_dirmngr" = "yes" ; then
+ GNUPG_CHECK_LDAP($NETLIBS)
+ AC_CHECK_LIB(lber, ber_free,
+ [ LBER_LIBS="$LBER_LIBS -llber"
+ AC_DEFINE(HAVE_LBER,1,
+ [defined if liblber is available])
+ have_lber=yes
+ ])
+ fi
fi
AC_SUBST(LBER_LIBS)
+if test "$gnupg_have_ldap" = "no"; then
+ AC_MSG_WARN([[
+***
+*** Building without LDAP support.
+*** No CRL access or X.509 certificate search available.
+***]])
+fi
+
+AM_CONDITIONAL(USE_LDAP, [test "$gnupg_have_ldap" = yes])
+if test "$gnupg_have_ldap" = yes ; then
+ AC_DEFINE(USE_LDAP,1,[Defined if LDAP is support])
+else
+ use_ldapwrapper=no
+fi
+
+if test "$use_ldapwrapper" = yes; then
+ AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
+fi
+AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
+
+
+
#
# Check for sendmail
@@ -1703,16 +1727,8 @@ if test "$have_ksba" = "no"; then
*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
***]])
fi
-if test "$gnupg_have_ldap" = "no"; then
- die=yes
- AC_MSG_NOTICE([[
-***
-*** The Dirmngr part requires an LDAP library
-*** Check out
-*** http://www.openldap.org
-*** for a suitable implementation.
-***]])
- if test "$have_w32ce_system" = yes; then
+if test "$gnupg_have_ldap" = yes; then
+ if test "$have_w32ce_system" = yes; then
AC_MSG_NOTICE([[
*** Note that CeGCC might be broken, a package fixing this is:
*** http://files.kolab.org/local/windows-ce/
@@ -1804,6 +1820,7 @@ echo "
Dirmngr auto start: $dirmngr_auto_start
Readline support: $gnupg_cv_have_readline
+ LDAP support: $gnupg_have_ldap
DNS SRV support: $use_dns_srv
TLS support: $use_tls_library
"
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 632e525..0e9a7c7 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -44,19 +44,27 @@ else
ldap_url =
endif
+if USE_LDAPWRAPPER
+extraldap_src = ldap-wrapper.c
+else
+extraldap_src = ldap-wrapper-ce.c dirmngr_ldap.c
+endif
+
noinst_HEADERS = dirmngr.h crlcache.h crlfetch.h misc.h
dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
- ldapserver.h ldapserver.c certcache.c certcache.h \
- cdb.h cdblib.c ldap.c misc.c dirmngr-err.h w32-ldap-help.h \
- ocsp.c ocsp.h validate.c validate.h ldap-wrapper.h $(ldap_url) \
+ certcache.c certcache.h \
+ cdb.h cdblib.c misc.c dirmngr-err.h \
+ ocsp.c ocsp.h validate.c validate.h \
ks-action.c ks-action.h ks-engine.h \
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
-if USE_LDAPWRAPPER
-dirmngr_SOURCES += ldap-wrapper.c
+if USE_LDAP
+dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
+ ldap-wrapper.h $(ldap_url) $(extraldap_src)
+ldaplibs = $(LDAPLIBS)
else
-dirmngr_SOURCES += ldap-wrapper-ce.c dirmngr_ldap.c
+ldaplibs =
endif
@@ -65,7 +73,7 @@ dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
if !USE_LDAPWRAPPER
-dirmngr_LDADD += $(LDAPLIBS)
+dirmngr_LDADD += $(ldaplibs)
endif
dirmngr_LDFLAGS = $(extra_bin_ldflags)
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index f335de8..2471ca2 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -29,8 +29,9 @@
#include "misc.h"
#include "http.h"
-#include "ldap-wrapper.h"
-
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
/* For detecting armored CRLs received via HTTP (yes, such CRLS really
exits, e.g. http://grid.fzk.de/ca/gridka-crl.pem at least in June
@@ -156,6 +157,10 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
char *free_this = NULL;
int redirects_left = 2; /* We allow for 2 redirect levels. */
+#ifndef USE_LDAP
+ (void)ctrl;
+#endif
+
*reader = NULL;
once_more:
@@ -286,7 +291,13 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
}
else
- err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
+ {
+# if USE_LDAP
+ err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
+# else /*!USE_LDAP*/
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+# endif /*!USE_LDAP*/
+ }
}
xfree (free_this);
@@ -305,8 +316,15 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
"LDAP");
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+#if USE_LDAP
return attr_fetch_ldap (ctrl, issuer, "certificateRevocationList",
reader);
+#else
+ (void)ctrl;
+ (void)issuer;
+ (void)reader;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
}
@@ -323,7 +341,14 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
"LDAP");
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+#if USE_LDAP
return start_default_fetch_ldap (ctrl, context, dn, "cACertificate");
+#else
+ (void)ctrl;
+ (void)context;
+ (void)dn;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
}
@@ -337,7 +362,15 @@ start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
"LDAP");
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+#if USE_LDAP
return start_cert_fetch_ldap (ctrl, context, patterns, server);
+#else
+ (void)ctrl;
+ (void)context;
+ (void)patterns;
+ (void)server;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
}
@@ -345,7 +378,14 @@ gpg_error_t
fetch_next_cert (cert_fetch_context_t context,
unsigned char **value, size_t * valuelen)
{
+#if USE_LDAP
return fetch_next_cert_ldap (context, value, valuelen);
+#else
+ (void)context;
+ (void)value;
+ (void)valuelen;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
}
@@ -361,9 +401,14 @@ fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
*r_cert = NULL;
+#if USE_LDAP
err = fetch_next_cert_ldap (context, &value, &valuelen);
if (!err && !value)
err = gpg_error (GPG_ERR_BUG);
+#else
+ (void)context;
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
if (err)
return err;
@@ -389,7 +434,11 @@ fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
void
end_cert_fetch (cert_fetch_context_t context)
{
- return end_cert_fetch_ldap (context);
+#if USE_LDAP
+ end_cert_fetch_ldap (context);
+#else
+ (void)context;
+#endif
}
@@ -410,7 +459,13 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url,
reader = NULL;
cert = NULL;
+#if USE_LDAP
err = url_fetch_ldap (ctrl, url, NULL, 0, &reader);
+#else
+ (void)ctrl;
+ (void)url;
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif /*USE_LDAP*/
if (err)
goto leave;
@@ -442,7 +497,9 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url,
leave:
ksba_cert_release (cert);
+#if USE_LDAP
ldap_wrapper_release_context (reader);
+#endif /*USE_LDAP*/
return err;
}
@@ -472,7 +529,11 @@ crl_close_reader (ksba_reader_t reader)
xfree (cb_ctx);
}
else /* This is an ldap wrapper context (Currently not used). */
- ldap_wrapper_release_context (reader);
+ {
+#if USE_LDAP
+ ldap_wrapper_release_context (reader);
+#endif /*USE_LDAP*/
+ }
/* Now get rid of the reader object. */
ksba_reader_release (reader);
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index f629cfd..95f9058 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -60,9 +60,13 @@
#include "crlcache.h"
#include "crlfetch.h"
#include "misc.h"
-#include "ldapserver.h"
+#if USE_LDAP
+# include "ldapserver.h"
+#endif
#include "asshelp.h"
-#include "ldap-wrapper.h"
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
#include "../common/init.h"
#include "gc-opt-flags.h"
@@ -294,7 +298,9 @@ static int my_tlskey_current_fd;
/* Prototypes. */
static void cleanup (void);
+#if USE_LDAP
static ldap_server_t parse_ldapserver_file (const char* filename);
+#endif /*USE_LDAP*/
static fingerprint_list_t parse_ocsp_signer (const char *string);
static void handle_connections (assuan_fd_t listen_fd);
@@ -445,7 +451,9 @@ wrong_args (const char *text)
static void
shutdown_reaper (void)
{
+#if USE_LDAP
ldap_wrapper_wait_connections ();
+#endif
}
@@ -627,7 +635,9 @@ main (int argc, char **argv)
int nodetach = 0;
int csh_style = 0;
char *logfile = NULL;
+#if USE_LDAP
char *ldapfile = NULL;
+#endif /*USE_LDAP*/
int debug_wait = 0;
int rc;
int homedir_seen = 0;
@@ -869,7 +879,11 @@ main (int argc, char **argv)
case oLogFile: logfile = pargs.r.ret_str; break;
case oCsh: csh_style = 1; break;
case oSh: csh_style = 0; break;
- case oLDAPFile: ldapfile = pargs.r.ret_str; break;
+ case oLDAPFile:
+# if USE_LDAP
+ ldapfile = pargs.r.ret_str;
+# endif /*USE_LDAP*/
+ break;
case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
case oLDAPTimeout:
opt.ldaptimeout = pargs.r.ret_int;
@@ -948,6 +962,7 @@ main (int argc, char **argv)
set_debug ();
/* Get LDAP server list from file. */
+#if USE_LDAP
if (!ldapfile)
{
ldapfile = make_filename (opt.homedir,
@@ -959,6 +974,7 @@ main (int argc, char **argv)
}
else
opt.ldapservers = parse_ldapserver_file (ldapfile);
+#endif /*USE_LDAP*/
#ifndef HAVE_W32_SYSTEM
/* We need to ignore the PIPE signal because the we might log to a
@@ -995,7 +1011,10 @@ main (int argc, char **argv)
log_debug ("... okay\n");
}
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
+
cert_cache_init ();
crl_cache_init ();
start_command_handler (ASSUAN_INVALID_FD);
@@ -1170,7 +1189,10 @@ main (int argc, char **argv)
}
#endif
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
+
cert_cache_init ();
crl_cache_init ();
#ifdef USE_W32_SERVICE
@@ -1196,7 +1218,9 @@ main (int argc, char **argv)
/* Just list the CRL cache and exit. */
if (argc)
wrong_args ("--list-crls");
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
crl_cache_init ();
crl_cache_list (es_stdout);
}
@@ -1207,7 +1231,9 @@ main (int argc, char **argv)
memset (&ctrlbuf, 0, sizeof ctrlbuf);
dirmngr_init_default_ctrl (&ctrlbuf);
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
cert_cache_init ();
crl_cache_init ();
if (!argc)
@@ -1229,7 +1255,9 @@ main (int argc, char **argv)
memset (&ctrlbuf, 0, sizeof ctrlbuf);
dirmngr_init_default_ctrl (&ctrlbuf);
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
cert_cache_init ();
crl_cache_init ();
rc = crl_fetch (&ctrlbuf, argv[0], &reader);
@@ -1376,7 +1404,9 @@ cleanup (void)
crl_cache_deinit ();
cert_cache_deinit (1);
+#if USE_LDAP
ldapserver_list_free (opt.ldapservers);
+#endif /*USE_LDAP*/
opt.ldapservers = NULL;
if (cleanup_socket)
@@ -1419,6 +1449,7 @@ dirmngr_init_default_ctrl (ctrl_t ctrl)
5. field: Base DN
*/
+#if USE_LDAP
static ldap_server_t
parse_ldapserver_file (const char* filename)
{
@@ -1475,7 +1506,7 @@ parse_ldapserver_file (const char* filename)
return serverstart;
}
-
+#endif /*USE_LDAP*/
static fingerprint_list_t
parse_ocsp_signer (const char *string)
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 6cf4dd6..9b4cdb2 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -36,12 +36,16 @@
#include "crlcache.h"
#include "crlfetch.h"
-#include "ldapserver.h"
+#if USE_LDAP
+# include "ldapserver.h"
+#endif
#include "ocsp.h"
#include "certcache.h"
#include "validate.h"
#include "misc.h"
-#include "ldap-wrapper.h"
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
#include "ks-action.h"
#include "ks-engine.h" /* (ks_hkp_print_hosttable) */
@@ -595,6 +599,7 @@ static const char hlp_ldapserver[] =
static gpg_error_t
cmd_ldapserver (assuan_context_t ctx, char *line)
{
+#if USE_LDAP
ctrl_t ctrl = assuan_get_pointer (ctx);
ldap_server_t server;
ldap_server_t *last_next_p;
@@ -613,6 +618,10 @@ cmd_ldapserver (assuan_context_t ctx, char *line)
last_next_p = &(*last_next_p)->next;
*last_next_p = server;
return leave_cmd (ctx, 0);
+#else
+ (void)line;
+ return leave_cmd (ctx, gpg_error (GPG_ERR_NOT_IMPLEMENTED));
+#endif
}
@@ -991,17 +1000,19 @@ static int
lookup_cert_by_pattern (assuan_context_t ctx, char *line,
int single, int cache_only)
{
- ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
char *p;
strlist_t sl, list = NULL;
int truncated = 0, truncation_forced = 0;
int count = 0;
int local_count = 0;
+#if USE_LDAP
+ ctrl_t ctrl = assuan_get_pointer (ctx);
unsigned char *value = NULL;
size_t valuelen;
struct ldapserver_iter ldapserver_iter;
cert_fetch_context_t fetch_context;
+#endif /*USE_LDAP*/
int any_no_data = 0;
/* Break the line down into an STRLIST */
@@ -1060,6 +1071,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
/* Loop over all configured servers unless we want only the
certificates from the cache. */
+#if USE_LDAP
for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
!cache_only && !ldapserver_iter_end_p (&ldapserver_iter)
&& ldapserver_iter.server->host && !truncation_forced;
@@ -1152,6 +1164,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
end_cert_fetch (fetch_context);
}
+#endif /*USE_LDAP*/
ready:
if (truncated || truncation_forced)
@@ -1916,7 +1929,9 @@ reset_notify (assuan_context_t ctx, char *line)
ctrl_t ctrl = assuan_get_pointer (ctx);
(void)line;
+#if USE_LDAP
ldapserver_list_free (ctrl->server_local->ldapservers);
+#endif /*USE_LDAP*/
ctrl->server_local->ldapservers = NULL;
return 0;
}
@@ -2042,9 +2057,11 @@ start_command_handler (assuan_fd_t fd)
}
}
+#if USE_LDAP
ldap_wrapper_connection_cleanup (ctrl);
ldapserver_list_free (ctrl->server_local->ldapservers);
+#endif /*USE_LDAP*/
ctrl->server_local->ldapservers = NULL;
ctrl->server_local->assuan_ctx = NULL;
commit a13705f4c18db56765f4af31376e81241dbabebe
Author: Werner Koch <wk at gnupg.org>
Date: Fri Oct 17 15:55:08 2014 +0200
w32: Set SYSROOT to help finding config scripts.
* autogen.sh <build-w32>: Set SYSROOT.
diff --git a/autogen.sh b/autogen.sh
index 31cfeeb..112d2ee 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -310,7 +310,7 @@ if [ "$myhost" = "w32" ]; then
$tsdir/configure --enable-maintainer-mode ${SILENT} \
--prefix=${w32root} \
- --host=${host} --build=${build} \
+ --host=${host} --build=${build} SYSROOT=${w32root} \
${configure_opts} ${extraoptions} "$@"
rc=$?
exit $rc
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 ++
autogen.sh | 2 +-
configure.ac | 63 ++++++++++++++++++++++++++++-----------------
dirmngr/Makefile.am | 22 +++++++++++-----
dirmngr/crlfetch.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++----
dirmngr/dirmngr.c | 39 +++++++++++++++++++++++++---
dirmngr/server.c | 23 ++++++++++++++---
7 files changed, 179 insertions(+), 43 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list