[git] GnuPG - branch, master, updated. gnupg-2.1.15-352-g5d13581
by Werner Koch
cvs at cvs.gnupg.org
Thu Nov 10 17:10:49 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 5d13581f4737c18430f6572dd4ef486d1ad80dd1 (commit)
via c8044c6e335f044d7386b9e8869bc4a0d3adff70 (commit)
from ee08677d63a900cea85228024861a4f5c5a87c69 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5d13581f4737c18430f6572dd4ef486d1ad80dd1
Author: Werner Koch <wk at gnupg.org>
Date: Thu Nov 10 17:01:19 2016 +0100
gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
file-global. Write a STATUS_ERROR.
(maybe_create_keyring_or_box): Check for non-accessible but existant
file.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.
* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
and make file-global. Write a STATUS_ERROR.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND. Also add new arg CTRL and change
all callers to pass it down.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keydb.c b/g10/keydb.c
index 76850f9..1467b2d 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -64,6 +64,8 @@ static int used_resources;
to the struct resource_item's TOKEN. */
static void *primary_keydb;
+/* Whether we have successfully registered any resource. */
+static int any_registered;
/* This is a simple cache used to return the last result of a
successful fingerprint search. This works only for keybox resources
@@ -277,7 +279,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
/* A quick test whether the filename already exists. */
if (!access (filename, F_OK))
- return 0;
+ return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
/* If we don't want to create a new file at all, there is no need to
go any further - bail out right here. */
@@ -616,8 +618,6 @@ keydb_search_desc_dump (struct keydb_search_desc *desc)
gpg_error_t
keydb_add_resource (const char *url, unsigned int flags)
{
- /* Whether we have successfully registered a resource. */
- static int any_registered;
/* The file named by the URL (i.e., without the prototype). */
const char *resname = url;
@@ -819,7 +819,11 @@ keydb_add_resource (const char *url, unsigned int flags)
leave:
if (err)
- log_error (_("keyblock resource '%s': %s\n"), filename, gpg_strerror (err));
+ {
+ log_error (_("keyblock resource '%s': %s\n"),
+ filename, gpg_strerror (err));
+ write_status_error ("add_keyblock_resource", err);
+ }
else
any_registered = 1;
xfree (filename);
@@ -1875,6 +1879,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (!hd)
return gpg_error (GPG_ERR_INV_ARG);
+ if (!any_registered)
+ {
+ write_status_error ("keydb_search", gpg_error (GPG_ERR_KEYRING_OPEN));
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ }
+
if (DBG_CLOCK)
log_clock ("keydb_search enter");
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 6dbaba5..11e6ae7 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -967,7 +967,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
{
int existed;
- if (!keydb_store_cert (cert, 0, &existed))
+ if (!keydb_store_cert (parm->ctrl, cert, 0, &existed))
{
if (opt.verbose > 1 && existed)
log_info ("certificate already in DB\n");
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index dd56641..d025063 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -78,6 +78,7 @@ struct lookup_parm_s {
};
struct run_command_parm_s {
+ ctrl_t ctrl;
assuan_context_t ctx;
};
@@ -407,7 +408,7 @@ inq_certificate (void *opaque, const char *line)
ksba_cert_t cert;
- err = gpgsm_find_cert (line, ski, &cert);
+ err = gpgsm_find_cert (parm->ctrl, line, ski, &cert);
if (err)
{
log_error ("certificate not found: %s\n", gpg_strerror (err));
@@ -580,7 +581,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
if (!kh)
rc = gpg_error (GPG_ERR_ENOMEM);
if (!rc)
- rc = keydb_search_fpr (kh, stparm.fpr);
+ rc = keydb_search_fpr (ctrl, kh, stparm.fpr);
if (!rc)
rc = keydb_get_cert (kh, &rspcert);
if (rc)
@@ -928,7 +929,7 @@ run_command_inq_cb (void *opaque, const char *line)
if (!*line)
return gpg_error (GPG_ERR_ASS_PARAMETER);
- err = gpgsm_find_cert (line, NULL, &cert);
+ err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert);
if (err)
{
log_error ("certificate not found: %s\n", gpg_strerror (err));
@@ -1002,6 +1003,7 @@ gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
if (rc)
return rc;
+ parm.ctrl = ctrl;
parm.ctx = dirmngr_ctx;
len = strlen (command) + 1;
diff --git a/sm/certchain.c b/sm/certchain.c
index 1ac7228..083c3ad 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -438,7 +438,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
for an issuer ISSUER with a subjectKeyIdentifier of KEYID. Returns
0 on success or -1 when not found. */
static int
-find_up_search_by_keyid (KEYDB_HANDLE kh,
+find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh,
const char *issuer, ksba_sexp_t keyid)
{
int rc;
@@ -448,7 +448,7 @@ find_up_search_by_keyid (KEYDB_HANDLE kh,
ksba_isotime_t not_before, last_not_before;
keydb_search_reset (kh);
- while (!(rc = keydb_search_subject (kh, issuer)))
+ while (!(rc = keydb_search_subject (ctrl, kh, issuer)))
{
ksba_cert_release (cert); cert = NULL;
rc = keydb_get_cert (kh, &cert);
@@ -499,12 +499,20 @@ find_up_search_by_keyid (KEYDB_HANDLE kh,
}
+struct find_up_store_certs_s
+{
+ ctrl_t ctrl;
+ int count;
+};
+
static void
find_up_store_certs_cb (void *cb_value, ksba_cert_t cert)
{
- if (keydb_store_cert (cert, 1, NULL))
+ struct find_up_store_certs_s *parm = cb_value;
+
+ if (keydb_store_cert (parm->ctrl, cert, 1, NULL))
log_error ("error storing issuer certificate as ephemeral\n");
- ++*(int*)cb_value;
+ parm->count++;
}
@@ -519,10 +527,13 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
{
int rc;
strlist_t names = NULL;
- int count = 0;
+ struct find_up_store_certs_s find_up_store_certs_parm;
char *pattern;
const char *s;
+ find_up_store_certs_parm.ctrl = ctrl;
+ find_up_store_certs_parm.count = 0;
+
if (opt.verbose)
log_info (_("looking up issuer at external location\n"));
/* The Dirmngr process is confused about unknown attributes. As a
@@ -539,17 +550,19 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
add_to_strlist (&names, pattern);
xfree (pattern);
- rc = gpgsm_dirmngr_lookup (ctrl, names, 0, find_up_store_certs_cb, &count);
+ rc = gpgsm_dirmngr_lookup (ctrl, names, 0, find_up_store_certs_cb,
+ &find_up_store_certs_parm);
free_strlist (names);
if (opt.verbose)
- log_info (_("number of issuers matching: %d\n"), count);
+ log_info (_("number of issuers matching: %d\n"),
+ find_up_store_certs_parm.count);
if (rc)
{
log_error ("external key lookup failed: %s\n", gpg_strerror (rc));
rc = -1;
}
- else if (!count)
+ else if (!find_up_store_certs_parm.count)
rc = -1;
else
{
@@ -558,11 +571,11 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
we temporary switch to ephemeral mode. */
old = keydb_set_ephemeral (kh, 1);
if (keyid)
- rc = find_up_search_by_keyid (kh, issuer, keyid);
+ rc = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
else
{
keydb_search_reset (kh);
- rc = keydb_search_subject (kh, issuer);
+ rc = keydb_search_subject (ctrl, kh, issuer);
}
keydb_set_ephemeral (kh, old);
}
@@ -581,11 +594,14 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
{
int rc;
strlist_t names = NULL;
- int count = 0;
+ struct find_up_store_certs_s find_up_store_certs_parm;
char *pattern;
(void)kh;
+ find_up_store_certs_parm.ctrl = ctrl;
+ find_up_store_certs_parm.count = 0;
+
if (opt.verbose)
log_info (_("looking up issuer from the Dirmngr cache\n"));
if (subject_mode)
@@ -607,15 +623,17 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
add_to_strlist (&names, pattern);
xfree (pattern);
- rc = gpgsm_dirmngr_lookup (ctrl, names, 1, find_up_store_certs_cb, &count);
+ rc = gpgsm_dirmngr_lookup (ctrl, names, 1, find_up_store_certs_cb,
+ &find_up_store_certs_parm);
free_strlist (names);
if (opt.verbose)
- log_info (_("number of matching certificates: %d\n"), count);
+ log_info (_("number of matching certificates: %d\n"),
+ find_up_store_certs_parm.count);
if (rc && !opt.quiet)
log_info (_("dirmngr cache-only key lookup failed: %s\n"),
gpg_strerror (rc));
- return (!rc && count)? 0 : -1;
+ return (!rc && find_up_store_certs_parm.count)? 0 : -1;
}
@@ -642,7 +660,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
const char *s = ksba_name_enum (authid, 0);
if (s && *authidno)
{
- rc = keydb_search_issuer_sn (kh, s, authidno);
+ rc = keydb_search_issuer_sn (ctrl, kh, s, authidno);
if (rc)
keydb_search_reset (kh);
@@ -665,7 +683,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
int old = keydb_set_ephemeral (kh, 1);
if (!old)
{
- rc = keydb_search_issuer_sn (kh, s, authidno);
+ rc = keydb_search_issuer_sn (ctrl, kh, s, authidno);
if (rc)
keydb_search_reset (kh);
@@ -685,14 +703,14 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
subject and stop for the one with a matching
subjectKeyIdentifier. */
/* Fixme: Should we also search in the dirmngr? */
- rc = find_up_search_by_keyid (kh, issuer, keyid);
+ rc = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
if (!rc && DBG_X509)
log_debug (" found via authid and keyid\n");
if (rc)
{
int old = keydb_set_ephemeral (kh, 1);
if (!old)
- rc = find_up_search_by_keyid (kh, issuer, keyid);
+ rc = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
if (!rc && DBG_X509)
log_debug (" found via authid and keyid (ephem)\n");
keydb_set_ephemeral (kh, old);
@@ -709,11 +727,11 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
{
int old = keydb_set_ephemeral (kh, 1);
if (keyid)
- rc = find_up_search_by_keyid (kh, issuer, keyid);
+ rc = find_up_search_by_keyid (ctrl, kh, issuer, keyid);
else
{
keydb_search_reset (kh);
- rc = keydb_search_subject (kh, issuer);
+ rc = keydb_search_subject (ctrl, kh, issuer);
}
keydb_set_ephemeral (kh, old);
}
@@ -765,7 +783,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
}
if (rc) /* Not found via authorithyKeyIdentifier, try regular issuer name. */
- rc = keydb_search_subject (kh, issuer);
+ rc = keydb_search_subject (ctrl, kh, issuer);
if (rc == -1 && !find_next)
{
int old;
@@ -779,7 +797,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
if (!old)
{
keydb_search_reset (kh);
- rc = keydb_search_subject (kh, issuer);
+ rc = keydb_search_subject (ctrl, kh, issuer);
}
keydb_set_ephemeral (kh, old);
@@ -983,7 +1001,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
/* Store that in the keybox so that key listings are able to
return the revoked flag. We don't care about error,
though. */
- keydb_set_cert_flags (subject_cert, 1, KEYBOX_FLAG_VALIDITY, 0,
+ keydb_set_cert_flags (ctrl, subject_cert, 1, KEYBOX_FLAG_VALIDITY, 0,
~0, VALIDITY_REVOKED);
break;
@@ -1786,7 +1804,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
been stored in the keybox and thus the flag can't be set.
We ignore this error because it will later be stored
anyway. */
- err = keydb_set_cert_flags (ci->cert, 1, KEYBOX_FLAG_BLOB, 0,
+ err = keydb_set_cert_flags (ctrl, ci->cert, 1, KEYBOX_FLAG_BLOB, 0,
KEYBOX_FLAG_BLOB_EPHEMERAL, 0);
if (!ci->next && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
;
diff --git a/sm/certlist.c b/sm/certlist.c
index a041a75..7baec65 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -329,7 +329,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
char *first_issuer = NULL;
get_next:
- rc = keydb_search (kh, &desc, 1);
+ rc = keydb_search (ctrl, kh, &desc, 1);
if (!rc)
rc = keydb_get_cert (kh, &cert);
if (!rc)
@@ -376,7 +376,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
certlist_t dup_certs = NULL;
next_ambigious:
- rc = keydb_search (kh, &desc, 1);
+ rc = keydb_search (ctrl, kh, &desc, 1);
if (rc == -1)
rc = 0;
else if (!rc)
@@ -488,7 +488,8 @@ gpgsm_release_certlist (certlist_t list)
additional filter value which must match the
subjectKeyIdentifier. */
int
-gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
+gpgsm_find_cert (ctrl_t ctrl,
+ const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
{
int rc;
KEYDB_SEARCH_DESC desc;
@@ -504,7 +505,7 @@ gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
else
{
nextone:
- rc = keydb_search (kh, &desc, 1);
+ rc = keydb_search (ctrl, kh, &desc, 1);
if (!rc)
{
rc = keydb_get_cert (kh, r_cert);
@@ -537,7 +538,7 @@ gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
if (!rc && !keyid)
{
next_ambiguous:
- rc = keydb_search (kh, &desc, 1);
+ rc = keydb_search (ctrl, kh, &desc, 1);
if (rc == -1)
rc = 0;
else
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 9ae87d8..11c1cf8 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -400,7 +400,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
}
keydb_search_reset (kh);
- rc = keydb_search_issuer_sn (kh, issuer, serial);
+ rc = keydb_search_issuer_sn (ctrl, kh, issuer, serial);
if (rc)
{
log_error ("failed to find the certificate: %s\n",
diff --git a/sm/delete.c b/sm/delete.c
index ae06261..3536968 100644
--- a/sm/delete.c
+++ b/sm/delete.c
@@ -72,7 +72,7 @@ delete_one (ctrl_t ctrl, const char *username)
keydb_set_ephemeral (kh, 1);
}
- rc = keydb_search (kh, &desc, 1);
+ rc = keydb_search (ctrl, kh, &desc, 1);
if (!rc)
rc = keydb_get_cert (kh, &cert);
if (!rc && !is_ephem)
@@ -82,7 +82,7 @@ delete_one (ctrl_t ctrl, const char *username)
gpgsm_get_fingerprint (cert, 0, fpr, NULL);
next_ambigious:
- rc = keydb_search (kh, &desc, 1);
+ rc = keydb_search (ctrl, kh, &desc, 1);
if (rc == -1)
rc = 0;
else if (!rc)
@@ -126,7 +126,7 @@ delete_one (ctrl_t ctrl, const char *username)
do
{
keydb_search_reset (kh);
- rc = keydb_search (kh, &desc, 1);
+ rc = keydb_search (ctrl, kh, &desc, 1);
if (rc)
{
log_error ("problem re-searching certificate: %s\n",
diff --git a/sm/export.c b/sm/export.c
index 4fedfa2..a32414e 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -206,7 +206,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
keydb_set_ephemeral (hd, 1);
}
- while (!(rc = keydb_search (hd, desc, ndesc)))
+ while (!(rc = keydb_search (ctrl, hd, desc, ndesc)))
{
unsigned char fpr[20];
int exists;
@@ -362,7 +362,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
}
/* Lookup the certificate and make sure that it is unique. */
- err = keydb_search (hd, desc, 1);
+ err = keydb_search (ctrl, hd, desc, 1);
if (!err)
{
err = keydb_get_cert (hd, &cert);
@@ -373,7 +373,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
}
next_ambiguous:
- err = keydb_search (hd, desc, 1);
+ err = keydb_search (ctrl, hd, desc, 1);
if (!err)
{
ksba_cert_t cert2 = NULL;
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index ae447ee..d012465 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1616,7 +1616,7 @@ main ( int argc, char **argv)
{
int created;
- keydb_add_resource ("pubring.kbx", 0, &created);
+ keydb_add_resource (&ctrl, "pubring.kbx", 0, &created);
if (created && !no_common_certs_import)
{
/* Import the standard certificates for a new default keybox. */
@@ -1634,7 +1634,7 @@ main ( int argc, char **argv)
}
}
for (sl = nrings; sl; sl = sl->next)
- keydb_add_resource (sl->d, 0, NULL);
+ keydb_add_resource (&ctrl, sl->d, 0, NULL);
FREE_STRLIST(nrings);
@@ -1996,7 +1996,7 @@ main ( int argc, char **argv)
ksba_cert_t cert = NULL;
char *grip = NULL;
- rc = gpgsm_find_cert (*argv, NULL, &cert);
+ rc = gpgsm_find_cert (&ctrl, *argv, NULL, &cert);
if (rc)
;
else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 88db670..76ff327 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -244,6 +244,8 @@ gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GPGRT_ATTR_SENTINEL(0);
gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
gpg_err_code_t ec);
+gpg_error_t gpgsm_status_with_error (ctrl_t ctrl, int no, const char *text,
+ gpg_error_t err);
gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
const unsigned char *line);
@@ -339,7 +341,8 @@ int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
certlist_t *listaddr, int is_encrypt_to);
void gpgsm_release_certlist (certlist_t list);
-int gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert);
+int gpgsm_find_cert (ctrl_t ctrl, const char *name, ksba_sexp_t keyid,
+ ksba_cert_t *r_cert);
/*-- keylist.c --*/
gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names,
diff --git a/sm/import.c b/sm/import.c
index bd1af27..4a8ecf7 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -199,7 +199,7 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
{
int existed;
- if (!keydb_store_cert (cert, 0, &existed))
+ if (!keydb_store_cert (ctrl, cert, 0, &existed))
{
ksba_cert_t next = NULL;
@@ -442,7 +442,7 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
}
keydb_search_reset (kh);
- err = keydb_search (kh, &desc, 1);
+ err = keydb_search (ctrl, kh, &desc, 1);
if (err)
{
print_import_problem (ctrl, NULL, 0);
@@ -476,7 +476,7 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
continue;
}
- err = keydb_set_cert_flags (cert, 1, KEYBOX_FLAG_BLOB, 0,
+ err = keydb_set_cert_flags (ctrl, cert, 1, KEYBOX_FLAG_BLOB, 0,
KEYBOX_FLAG_BLOB_EPHEMERAL, 0);
if (err)
{
diff --git a/sm/keydb.c b/sm/keydb.c
index 64b06e7..44dd9ca 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -53,6 +53,10 @@ struct resource_item {
static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
static int used_resources;
+/* Whether we have successfully registered any resource. */
+static int any_registered;
+
+
struct keydb_handle {
int locked;
int found;
@@ -121,7 +125,7 @@ maybe_create_keybox (char *filename, int force, int *r_created)
/* A quick test whether the filename already exists. */
if (!access (filename, F_OK))
- return 0;
+ return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);
/* If we don't want to create a new file at all, there is no need to
go any further - bail out right here. */
@@ -249,9 +253,8 @@ maybe_create_keybox (char *filename, int force, int *r_created)
* if the function has created a new keybox.
*/
gpg_error_t
-keydb_add_resource (const char *url, int force, int *auto_created)
+keydb_add_resource (ctrl_t ctrl, const char *url, int force, int *auto_created)
{
- static int any_public;
const char *resname = url;
char *filename = NULL;
gpg_error_t err = 0;
@@ -292,7 +295,7 @@ keydb_add_resource (const char *url, int force, int *auto_created)
filename = xstrdup (resname);
if (!force)
- force = !any_public;
+ force = !any_registered;
/* see whether we can determine the filetype */
if (rt == KEYDB_RESOURCE_TYPE_NONE)
@@ -380,9 +383,13 @@ keydb_add_resource (const char *url, int force, int *auto_created)
leave:
if (err)
- log_error ("keyblock resource '%s': %s\n", filename, gpg_strerror (err));
+ {
+ log_error ("keyblock resource '%s': %s\n", filename, gpg_strerror (err));
+ gpgsm_status_with_error (ctrl, STATUS_ERROR,
+ "add_keyblock_resource", err);
+ }
else
- any_public = 1;
+ any_registered = 1;
xfree (filename);
return err;
}
@@ -962,7 +969,8 @@ keydb_search_reset (KEYDB_HANDLE hd)
* for a keyblock which contains one of the keys described in the DESC array.
*/
int
-keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
+keydb_search (ctrl_t ctrl, KEYDB_HANDLE hd,
+ KEYDB_SEARCH_DESC *desc, size_t ndesc)
{
int rc = -1;
unsigned long skipped;
@@ -970,6 +978,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
+ if (!any_registered)
+ {
+ gpgsm_status_with_error (ctrl, STATUS_ERROR, "keydb_search",
+ gpg_error (GPG_ERR_KEYRING_OPEN));
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ }
+
while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
{
switch (hd->active[hd->current].type)
@@ -996,27 +1011,27 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
int
-keydb_search_first (KEYDB_HANDLE hd)
+keydb_search_first (ctrl_t ctrl, KEYDB_HANDLE hd)
{
KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FIRST;
- return keydb_search (hd, &desc, 1);
+ return keydb_search (ctrl, hd, &desc, 1);
}
int
-keydb_search_next (KEYDB_HANDLE hd)
+keydb_search_next (ctrl_t ctrl, KEYDB_HANDLE hd)
{
KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_NEXT;
- return keydb_search (hd, &desc, 1);
+ return keydb_search (ctrl, hd, &desc, 1);
}
int
-keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
+keydb_search_kid (ctrl_t ctrl, KEYDB_HANDLE hd, u32 *kid)
{
KEYDB_SEARCH_DESC desc;
@@ -1026,22 +1041,22 @@ keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
desc.u.kid[0] = kid[0];
desc.u.kid[1] = kid[1];
- return keydb_search (hd, &desc, 1);
+ return keydb_search (ctrl, hd, &desc, 1);
}
int
-keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
+keydb_search_fpr (ctrl_t ctrl, KEYDB_HANDLE hd, const byte *fpr)
{
KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FPR;
memcpy (desc.u.fpr, fpr, 20);
- return keydb_search (hd, &desc, 1);
+ return keydb_search (ctrl, hd, &desc, 1);
}
int
-keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
+keydb_search_issuer (ctrl_t ctrl, KEYDB_HANDLE hd, const char *issuer)
{
KEYDB_SEARCH_DESC desc;
int rc;
@@ -1049,12 +1064,12 @@ keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_ISSUER;
desc.u.name = issuer;
- rc = keydb_search (hd, &desc, 1);
+ rc = keydb_search (ctrl, hd, &desc, 1);
return rc;
}
int
-keydb_search_issuer_sn (KEYDB_HANDLE hd,
+keydb_search_issuer_sn (ctrl_t ctrl, KEYDB_HANDLE hd,
const char *issuer, ksba_const_sexp_t serial)
{
KEYDB_SEARCH_DESC desc;
@@ -1073,12 +1088,12 @@ keydb_search_issuer_sn (KEYDB_HANDLE hd,
return gpg_error (GPG_ERR_INV_VALUE);
desc.sn = s+1;
desc.u.name = issuer;
- rc = keydb_search (hd, &desc, 1);
+ rc = keydb_search (ctrl, hd, &desc, 1);
return rc;
}
int
-keydb_search_subject (KEYDB_HANDLE hd, const char *name)
+keydb_search_subject (ctrl_t ctrl, KEYDB_HANDLE hd, const char *name)
{
KEYDB_SEARCH_DESC desc;
int rc;
@@ -1086,7 +1101,7 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_SUBJECT;
desc.u.name = name;
- rc = keydb_search (hd, &desc, 1);
+ rc = keydb_search (ctrl, hd, &desc, 1);
return rc;
}
@@ -1097,7 +1112,7 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)
If EXISTED is not NULL it will be set to true if the certificate
was already in the DB. */
int
-keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
+keydb_store_cert (ctrl_t ctrl, ksba_cert_t cert, int ephemeral, int *existed)
{
KEYDB_HANDLE kh;
int rc;
@@ -1127,7 +1142,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
if (rc)
return rc;
- rc = keydb_search_fpr (kh, fpr);
+ rc = keydb_search_fpr (ctrl, kh, fpr);
if (rc != -1)
{
keydb_release (kh);
@@ -1139,7 +1154,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
{
/* Remove ephemeral flags from existing certificate to "store"
it permanently. */
- rc = keydb_set_cert_flags (cert, 1, KEYBOX_FLAG_BLOB, 0,
+ rc = keydb_set_cert_flags (ctrl, cert, 1, KEYBOX_FLAG_BLOB, 0,
KEYBOX_FLAG_BLOB_EPHEMERAL, 0);
if (rc)
{
@@ -1183,7 +1198,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
transaction by locating the certificate in the DB and updating the
flags. */
gpg_error_t
-keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
+keydb_set_cert_flags (ctrl_t ctrl, ksba_cert_t cert, int ephemeral,
int which, int idx,
unsigned int mask, unsigned int value)
{
@@ -1216,7 +1231,7 @@ keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
return err;
}
- err = keydb_search_fpr (kh, fpr);
+ err = keydb_search_fpr (ctrl, kh, fpr);
if (err)
{
if (err == -1)
@@ -1313,7 +1328,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
goto leave;
}
- while (!(rc = keydb_search (hd, desc, ndesc)))
+ while (!(rc = keydb_search (ctrl, hd, desc, ndesc)))
{
if (!names)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
diff --git a/sm/keydb.h b/sm/keydb.h
index bdf4a2d..6234625 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -31,7 +31,8 @@ typedef struct keydb_handle *KEYDB_HANDLE;
/*-- keydb.c --*/
-gpg_error_t keydb_add_resource (const char *url, int force, int *auto_created);
+gpg_error_t keydb_add_resource (ctrl_t ctrl, const char *url,
+ int force, int *auto_created);
KEYDB_HANDLE keydb_new (void);
void keydb_release (KEYDB_HANDLE hd);
int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);
@@ -54,18 +55,20 @@ int keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved);
void keydb_rebuild_caches (void);
gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
-int keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc);
-int keydb_search_first (KEYDB_HANDLE hd);
-int keydb_search_next (KEYDB_HANDLE hd);
-int keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
-int keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
-int keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer);
-int keydb_search_issuer_sn (KEYDB_HANDLE hd,
+int keydb_search (ctrl_t ctrl, KEYDB_HANDLE hd,
+ KEYDB_SEARCH_DESC *desc, size_t ndesc);
+int keydb_search_first (ctrl_t ctrl, KEYDB_HANDLE hd);
+int keydb_search_next (ctrl_t ctrl, KEYDB_HANDLE hd);
+int keydb_search_kid (ctrl_t ctrl, KEYDB_HANDLE hd, u32 *kid);
+int keydb_search_fpr (ctrl_t ctrl, KEYDB_HANDLE hd, const byte *fpr);
+int keydb_search_issuer (ctrl_t ctrl, KEYDB_HANDLE hd, const char *issuer);
+int keydb_search_issuer_sn (ctrl_t ctrl, KEYDB_HANDLE hd,
const char *issuer, const unsigned char *serial);
-int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer);
+int keydb_search_subject (ctrl_t ctrl, KEYDB_HANDLE hd, const char *issuer);
-int keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed);
-gpg_error_t keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
+int keydb_store_cert (ctrl_t ctrl, ksba_cert_t cert, int ephemeral,
+ int *existed);
+gpg_error_t keydb_set_cert_flags (ctrl_t ctrl, ksba_cert_t cert, int ephemeral,
int which, int idx,
unsigned int mask, unsigned int value);
diff --git a/sm/keylist.c b/sm/keylist.c
index 7bd20dd..88a9c4f 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -1401,7 +1401,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
/* Suppress duplicates at least when they follow each other. */
lastresname = NULL;
- while (!(rc = keydb_search (hd, desc, ndesc)))
+ while (!(rc = keydb_search (ctrl, hd, desc, ndesc)))
{
unsigned int validity;
@@ -1462,8 +1462,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
}
}
- if (!mode
- || ((mode & 1) && !have_secret)
+ if (!mode || ((mode & 1) && !have_secret)
|| ((mode & 2) && have_secret) )
{
if (ctrl->with_colons)
@@ -1507,7 +1506,7 @@ list_external_cb (void *cb_value, ksba_cert_t cert)
{
struct list_external_parm_s *parm = cb_value;
- if (keydb_store_cert (cert, 1, NULL))
+ if (keydb_store_cert (parm->ctrl, cert, 1, NULL))
log_error ("error storing certificate as ephemeral\n");
if (parm->print_header)
diff --git a/sm/server.c b/sm/server.c
index d6a2dbb..0fadcad 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -1179,7 +1179,7 @@ cmd_passwd (assuan_context_t ctx, char *line)
line = skip_options (line);
- err = gpgsm_find_cert (line, NULL, &cert);
+ err = gpgsm_find_cert (ctrl, line, NULL, &cert);
if (err)
;
else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
@@ -1469,6 +1469,19 @@ gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
return gpgsm_status2 (ctrl, no, buf, NULL);
}
+gpg_error_t
+gpgsm_status_with_error (ctrl_t ctrl, int no, const char *text,
+ gpg_error_t err)
+{
+ char buf[30];
+
+ snprintf (buf, sizeof buf, "%u", err);
+ if (text)
+ return gpgsm_status2 (ctrl, no, text, buf, NULL);
+ else
+ return gpgsm_status2 (ctrl, no, buf, NULL);
+}
+
/* Helper to notify the client about Pinentry events. Because that
might disturb some older clients, this is only done when enabled
diff --git a/sm/sign.c b/sm/sign.c
index ff7215f..9153d58 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -144,7 +144,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
hd = keydb_new ();
if (!hd)
return gpg_error (GPG_ERR_GENERAL);
- rc = keydb_search_first (hd);
+ rc = keydb_search_first (ctrl, hd);
if (rc)
{
keydb_release (hd);
@@ -180,7 +180,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
ksba_cert_release (cert);
cert = NULL;
}
- while (!(rc = keydb_search_next (hd)));
+ while (!(rc = keydb_search_next (ctrl, hd)));
if (rc && rc != -1)
log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
@@ -222,7 +222,7 @@ get_default_signer (ctrl_t ctrl)
if (!kh)
return NULL;
- rc = keydb_search (kh, &desc, 1);
+ rc = keydb_search (ctrl, kh, &desc, 1);
if (rc)
{
log_debug ("failed to find default certificate: rc=%d\n", rc);
diff --git a/sm/verify.c b/sm/verify.c
index 7a9f7e1..a046883 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -270,7 +270,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
we would avoid cluttering the DB with invalid
certificates. */
audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert,
- keydb_store_cert (cert, 0, NULL));
+ keydb_store_cert (ctrl, cert, 0, NULL));
ksba_cert_release (cert);
}
@@ -417,7 +417,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
/* Find the certificate of the signer */
keydb_search_reset (kh);
- rc = keydb_search_issuer_sn (kh, issuer, serial);
+ rc = keydb_search_issuer_sn (ctrl, kh, issuer, serial);
if (rc)
{
if (rc == -1)
commit c8044c6e335f044d7386b9e8869bc4a0d3adff70
Author: Werner Koch <wk at gnupg.org>
Date: Thu Nov 10 15:38:14 2016 +0100
sm: Remove unused arg SECRET from keydb functions.
* sm/keydb.c (struct resource_item): Remove field 'secret'.
(keydb_add_resource): Remove arg 'secret' and change all callers.
(keydb_new): Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index ea1bb5f..dd56641 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -576,7 +576,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
from the dirmngr. Try our own cert store now. */
KEYDB_HANDLE kh;
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
rc = gpg_error (GPG_ERR_ENOMEM);
if (!rc)
diff --git a/sm/certchain.c b/sm/certchain.c
index feefbb7..1ac7228 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -807,7 +807,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
int rc = 0;
char *issuer = NULL;
char *subject = NULL;
- KEYDB_HANDLE kh = keydb_new (0);
+ KEYDB_HANDLE kh = keydb_new ();
*r_next = NULL;
if (!kh)
@@ -1303,7 +1303,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
return 0;
}
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
@@ -1941,7 +1941,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
return 0;
}
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
diff --git a/sm/certlist.c b/sm/certlist.c
index 616f4f1..a041a75 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -319,7 +319,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
rc = classify_user_id (name, &desc, 0);
if (!rc)
{
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
rc = gpg_error (GPG_ERR_ENOMEM);
else
@@ -498,7 +498,7 @@ gpgsm_find_cert (const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert)
rc = classify_user_id (name, &desc, 0);
if (!rc)
{
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
rc = gpg_error (GPG_ERR_ENOMEM);
else
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 3cee54b..9ae87d8 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -256,7 +256,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
audit_set_type (ctrl->audit, AUDIT_TYPE_DECRYPT);
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
diff --git a/sm/delete.c b/sm/delete.c
index e8638c3..ae06261 100644
--- a/sm/delete.c
+++ b/sm/delete.c
@@ -54,7 +54,7 @@ delete_one (ctrl_t ctrl, const char *username)
goto leave;
}
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error ("keydb_new failed\n");
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 8555f4a..2c664f8 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -336,7 +336,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
count++;
audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count);
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
diff --git a/sm/export.c b/sm/export.c
index 1317945..4fedfa2 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -150,7 +150,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
goto leave;
}
- hd = keydb_new (0);
+ hd = keydb_new ();
if (!hd)
{
log_error ("keydb_new failed\n");
@@ -338,8 +338,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
void *data;
size_t datalen;
-
- hd = keydb_new (0);
+ hd = keydb_new ();
if (!hd)
{
log_error ("keydb_new failed\n");
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 6c9d85c..ae447ee 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1616,7 +1616,7 @@ main ( int argc, char **argv)
{
int created;
- keydb_add_resource ("pubring.kbx", 0, 0, &created);
+ keydb_add_resource ("pubring.kbx", 0, &created);
if (created && !no_common_certs_import)
{
/* Import the standard certificates for a new default keybox. */
@@ -1634,7 +1634,7 @@ main ( int argc, char **argv)
}
}
for (sl = nrings; sl; sl = sl->next)
- keydb_add_resource (sl->d, 0, 0, NULL);
+ keydb_add_resource (sl->d, 0, NULL);
FREE_STRLIST(nrings);
diff --git a/sm/import.c b/sm/import.c
index 2011fb5..bd1af27 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -403,7 +403,7 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
ksba_cert_t cert = NULL;
unsigned int flags;
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
err = gpg_error (GPG_ERR_ENOMEM);;
diff --git a/sm/keydb.c b/sm/keydb.c
index 02ca5ad..64b06e7 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -47,7 +47,6 @@ struct resource_item {
KEYBOX_HANDLE kr;
} u;
void *token;
- int secret;
dotlock_t lockhandle;
};
@@ -250,9 +249,9 @@ maybe_create_keybox (char *filename, int force, int *r_created)
* if the function has created a new keybox.
*/
gpg_error_t
-keydb_add_resource (const char *url, int force, int secret, int *auto_created)
+keydb_add_resource (const char *url, int force, int *auto_created)
{
- static int any_secret, any_public;
+ static int any_public;
const char *resname = url;
char *filename = NULL;
gpg_error_t err = 0;
@@ -293,7 +292,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
filename = xstrdup (resname);
if (!force)
- force = secret? !any_secret : !any_public;
+ force = !any_public;
/* see whether we can determine the filetype */
if (rt == KEYDB_RESOURCE_TYPE_NONE)
@@ -335,7 +334,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
{
void *token;
- err = keybox_register_file (filename, secret, &token);
+ err = keybox_register_file (filename, 0, &token);
if (gpg_err_code (err) == GPG_ERR_EEXIST)
; /* Already registered - ignore. */
else if (err)
@@ -347,7 +346,6 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
all_resources[used_resources].type = rt;
all_resources[used_resources].u.kr = NULL; /* Not used here */
all_resources[used_resources].token = token;
- all_resources[used_resources].secret = secret;
all_resources[used_resources].lockhandle
= dotlock_create (filename, 0);
@@ -357,7 +355,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
/* Do a compress run if needed and the file is not locked. */
if (!dotlock_take (all_resources[used_resources].lockhandle, 0))
{
- KEYBOX_HANDLE kbxhd = keybox_new_x509 (token, secret);
+ KEYBOX_HANDLE kbxhd = keybox_new_x509 (token, 0);
if (kbxhd)
{
@@ -383,8 +381,6 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
leave:
if (err)
log_error ("keyblock resource '%s': %s\n", filename, gpg_strerror (err));
- else if (secret)
- any_secret = 1;
else
any_public = 1;
xfree (filename);
@@ -393,7 +389,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
KEYDB_HANDLE
-keydb_new (int secret)
+keydb_new (void)
{
KEYDB_HANDLE hd;
int i, j;
@@ -405,8 +401,6 @@ keydb_new (int secret)
assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++)
{
- if (!all_resources[i].secret != !secret)
- continue;
switch (all_resources[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
@@ -414,9 +408,8 @@ keydb_new (int secret)
case KEYDB_RESOURCE_TYPE_KEYBOX:
hd->active[j].type = all_resources[i].type;
hd->active[j].token = all_resources[i].token;
- hd->active[j].secret = all_resources[i].secret;
hd->active[j].lockhandle = all_resources[i].lockhandle;
- hd->active[j].u.kr = keybox_new_x509 (all_resources[i].token, secret);
+ hd->active[j].u.kr = keybox_new_x509 (all_resources[i].token, 0);
if (!hd->active[j].u.kr)
{
xfree (hd);
@@ -919,8 +912,6 @@ keydb_rebuild_caches (void)
for (i=0; i < used_resources; i++)
{
- if (all_resources[i].secret)
- continue;
switch (all_resources[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
@@ -1121,7 +1112,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
return gpg_error (GPG_ERR_GENERAL);
}
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
@@ -1207,7 +1198,7 @@ keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
return gpg_error (GPG_ERR_GENERAL);
}
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
@@ -1278,7 +1269,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
(void)ctrl;
- hd = keydb_new (0);
+ hd = keydb_new ();
if (!hd)
{
log_error ("keydb_new failed\n");
diff --git a/sm/keydb.h b/sm/keydb.h
index 5713fde..bdf4a2d 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -31,9 +31,8 @@ typedef struct keydb_handle *KEYDB_HANDLE;
/*-- keydb.c --*/
-gpg_error_t keydb_add_resource (const char *url, int force, int secret,
- int *auto_created);
-KEYDB_HANDLE keydb_new (int secret);
+gpg_error_t keydb_add_resource (const char *url, int force, int *auto_created);
+KEYDB_HANDLE keydb_new (void);
void keydb_release (KEYDB_HANDLE hd);
int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);
const char *keydb_get_resource_name (KEYDB_HANDLE hd);
diff --git a/sm/keylist.c b/sm/keylist.c
index c4d475c..7bd20dd 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -1329,7 +1329,7 @@ list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,
int have_secret;
int want_ephemeral = ctrl->with_ephemeral_keys;
- hd = keydb_new (0);
+ hd = keydb_new ();
if (!hd)
{
log_error ("keydb_new failed\n");
diff --git a/sm/sign.c b/sm/sign.c
index 6eec2e9..ff7215f 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -141,7 +141,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
int rc;
char *p;
- hd = keydb_new (0);
+ hd = keydb_new ();
if (!hd)
return gpg_error (GPG_ERR_GENERAL);
rc = keydb_search_first (hd);
@@ -218,7 +218,7 @@ get_default_signer (ctrl_t ctrl)
return NULL;
}
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
return NULL;
@@ -331,7 +331,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
audit_set_type (ctrl->audit, AUDIT_TYPE_SIGN);
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
diff --git a/sm/verify.c b/sm/verify.c
index 4df1cc0..7a9f7e1 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -108,7 +108,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
- kh = keydb_new (0);
+ kh = keydb_new ();
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
-----------------------------------------------------------------------
Summary of changes:
g10/keydb.c | 18 ++++++++---
sm/call-agent.c | 2 +-
sm/call-dirmngr.c | 10 +++---
sm/certchain.c | 72 +++++++++++++++++++++++++++----------------
sm/certlist.c | 15 ++++-----
sm/decrypt.c | 4 +--
sm/delete.c | 8 ++---
sm/encrypt.c | 2 +-
sm/export.c | 11 +++----
sm/gpgsm.c | 6 ++--
sm/gpgsm.h | 5 ++-
sm/import.c | 8 ++---
sm/keydb.c | 92 +++++++++++++++++++++++++++++--------------------------
sm/keydb.h | 28 +++++++++--------
sm/keylist.c | 9 +++---
sm/server.c | 15 ++++++++-
sm/sign.c | 12 ++++----
sm/verify.c | 6 ++--
18 files changed, 188 insertions(+), 135 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list