diff options
Diffstat (limited to 'dirmngr')
| -rw-r--r-- | dirmngr/Makefile.am | 8 | ||||
| -rw-r--r-- | dirmngr/OAUTHORS | 2 | ||||
| -rw-r--r-- | dirmngr/ONEWS | 2 | ||||
| -rw-r--r-- | dirmngr/cdblib.c | 20 | ||||
| -rw-r--r-- | dirmngr/certcache.c | 89 | ||||
| -rw-r--r-- | dirmngr/certcache.h | 2 | ||||
| -rw-r--r-- | dirmngr/crlcache.c | 245 | ||||
| -rw-r--r-- | dirmngr/crlcache.h | 8 | ||||
| -rw-r--r-- | dirmngr/crlfetch.c | 22 | ||||
| -rw-r--r-- | dirmngr/dirmngr-client.c | 48 | ||||
| -rw-r--r-- | dirmngr/dirmngr.h | 14 | ||||
| -rw-r--r-- | dirmngr/dirmngr_ldap.c | 37 | ||||
| -rw-r--r-- | dirmngr/get-path.c | 50 | ||||
| -rw-r--r-- | dirmngr/ks-action.c | 3 | ||||
| -rw-r--r-- | dirmngr/ks-engine-hkp.c | 24 | ||||
| -rw-r--r-- | dirmngr/ldap-url.c | 9 | ||||
| -rw-r--r-- | dirmngr/ldap-wrapper-ce.c | 14 | ||||
| -rw-r--r-- | dirmngr/ldap-wrapper.c | 34 | ||||
| -rw-r--r-- | dirmngr/ldap.c | 48 | ||||
| -rw-r--r-- | dirmngr/ldapserver.c | 26 | ||||
| -rw-r--r-- | dirmngr/ldapserver.h | 8 | ||||
| -rw-r--r-- | dirmngr/misc.c | 20 | ||||
| -rw-r--r-- | dirmngr/ocsp.c | 50 | ||||
| -rw-r--r-- | dirmngr/server.c | 146 | ||||
| -rw-r--r-- | dirmngr/validate.c | 73 | ||||
| -rw-r--r-- | dirmngr/w32-ldap-help.h | 6 |
26 files changed, 499 insertions, 509 deletions
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 8c41c53b2..d5aecc7ab 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -8,12 +8,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see <http://www.gnu.org/licenses/>. @@ -53,7 +53,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ ks-action.c ks-action.h ks-engine.h ks-engine-hkp.c if USE_LDAPWRAPPER -dirmngr_SOURCES += ldap-wrapper.c +dirmngr_SOURCES += ldap-wrapper.c else dirmngr_SOURCES += ldap-wrapper-ce.c dirmngr_ldap.c endif @@ -67,7 +67,7 @@ endif dirmngr_LDFLAGS = $(extra_bin_ldflags) if USE_LDAPWRAPPER -dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url) +dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url) dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) dirmngr_ldap_LDFLAGS = dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o ../gl/libgnu.a $(DNSLIBS) \ diff --git a/dirmngr/OAUTHORS b/dirmngr/OAUTHORS index f9adc324c..78324493d 100644 --- a/dirmngr/OAUTHORS +++ b/dirmngr/OAUTHORS @@ -36,5 +36,3 @@ src/cdblib.h which are in the public domain. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/dirmngr/ONEWS b/dirmngr/ONEWS index a9ec4d77c..cb2050748 100644 --- a/dirmngr/ONEWS +++ b/dirmngr/ONEWS @@ -156,7 +156,7 @@ Noteworthy changes in version 0.5.6 (2004-09-28) ------------------------------------------------ * LDAP fix. - + * Logging fixes. * Updated some configuration files. diff --git a/dirmngr/cdblib.c b/dirmngr/cdblib.c index 3bfeffc11..26a01b30f 100644 --- a/dirmngr/cdblib.c +++ b/dirmngr/cdblib.c @@ -59,7 +59,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> #endif -#include <stdlib.h> +#include <stdlib.h> #include <errno.h> #include <string.h> #include <unistd.h> @@ -89,7 +89,7 @@ struct cdb_rec { cdbi_t hval; cdbi_t rpos; }; - + struct cdb_rl { struct cdb_rl *next; cdbi_t cnt; @@ -306,7 +306,7 @@ cdb_find(struct cdb *cdbp, const void *key, cdbi_t klen) result), use cdb_datapos() and cdb_datalen() macros with cdbp pointer. It is error to use cdb_findnext() after it returned 0 or error condition. These routines is a bit slower than - cdb_find(). + cdb_find(). Setting KEY to NULL will start a sequential search through the entire DB. @@ -344,7 +344,7 @@ cdb_findinit(struct cdb_find *cdbfp, struct cdb *cdbp, } else /* Walk over all entries. */ { - cdbfp->cdb_hval = 0; + cdbfp->cdb_hval = 0; /* Force stepping in findnext. */ cdbfp->cdb_htp = cdbfp->cdb_htend = cdbp->cdb_mem; } @@ -353,7 +353,7 @@ cdb_findinit(struct cdb_find *cdbfp, struct cdb *cdbp, /* See cdb_findinit. */ -int +int cdb_findnext(struct cdb_find *cdbfp) { cdbi_t pos, n; @@ -403,7 +403,7 @@ cdb_findnext(struct cdb_find *cdbfp) { if (cdbfp->cdb_hval > 255) return 0; /* No more items. */ - + cdbfp->cdb_htp = cdbp->cdb_mem + cdbfp->cdb_hval * 8; cdbfp->cdb_hval++; /* Advance for next round. */ pos = cdb_unpack (cdbfp->cdb_htp); /* Offset of table. */ @@ -416,22 +416,22 @@ cdb_findnext(struct cdb_find *cdbfp) gpg_err_set_errno (EPROTO); return -1; } - + cdbfp->cdb_htab = cdbp->cdb_mem + pos; cdbfp->cdb_htend = cdbfp->cdb_htab + cdbfp->cdb_httodo; cdbfp->cdb_htp = cdbfp->cdb_htab; } - + pos = cdb_unpack (cdbfp->cdb_htp + 4); /* Offset of record. */ cdbfp->cdb_htp += 8; - } + } while (!pos); if (pos > cdbp->cdb_fsize - 8) { gpg_err_set_errno (EPROTO); return -1; } - + cdbp->cdb_kpos = pos + 8; cdbp->cdb_klen = cdb_unpack(cdbp->cdb_mem + pos); cdbp->cdb_vpos = pos + 8 + cdbp->cdb_klen; diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c index d8528118e..1fb585ae2 100644 --- a/dirmngr/certcache.c +++ b/dirmngr/certcache.c @@ -36,7 +36,7 @@ #define MAX_EXTRA_CACHED_CERTS 1000 /* Constants used to classify search patterns. */ -enum pattern_class +enum pattern_class { PATTERN_UNKNOWN = 0, PATTERN_EMAIL, @@ -66,7 +66,7 @@ struct cert_item_s char *issuer_dn; /* The malloced issuer DN. */ ksba_sexp_t sn; /* The malloced serial number */ char *subject_dn; /* The malloced subject DN - maybe NULL. */ - struct + struct { unsigned int loaded:1; /* It has been explicitly loaded. */ unsigned int trusted:1; /* This is a trusted root certificate. */ @@ -144,7 +144,7 @@ compare_serialno (ksba_sexp_t serial1, ksba_sexp_t serial2 ) /* Return a malloced canonical S-Expression with the serialnumber converted from the hex string HEXSN. Return NULL on memory error. */ -ksba_sexp_t +ksba_sexp_t hexsn_to_sexp (const char *hexsn) { char *buffer, *p; @@ -159,8 +159,8 @@ hexsn_to_sexp (const char *hexsn) p = stpcpy (buffer, numbuf); len = unhexify (p, hexsn); p[len] = ')'; - p[len+1] = 0; - + p[len+1] = 0; + return buffer; } @@ -251,7 +251,7 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer) drop_count = MAX_EXTRA_CACHED_CERTS / 20; if (drop_count < 2) drop_count = 2; - + log_info (_("dropping %u certificates from the cache\n"), drop_count); assert (idx < 256); for (i=idx; drop_count; i = ((i+1)%256)) @@ -277,7 +277,7 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer) cert_compute_fpr (cert, fpr); for (ci=cert_cache[*fpr]; ci; ci = ci->next) if (ci->cert && !memcmp (ci->fpr, fpr, 20)) - return gpg_error (GPG_ERR_DUP_VALUE); + return gpg_error (GPG_ERR_DUP_VALUE); /* Try to reuse an existing entry. */ for (ci=cert_cache[*fpr]; ci; ci = ci->next) if (!ci->cert) @@ -350,7 +350,7 @@ load_certs_from_dir (const char *dirname, int are_trusted) n = strlen (p); if ( n < 5 || (strcmp (p+n-4,".crt") && strcmp (p+n-4,".der"))) continue; /* Not the desired "*.crt" or "*.der" pattern. */ - + xfree (fname); fname = make_filename (dirname, p, NULL); fp = es_fopen (fname, "rb"); @@ -417,7 +417,7 @@ void cert_cache_init (void) { char *dname; - + if (initialization_done) return; init_cache_lock (); @@ -433,7 +433,7 @@ cert_cache_init (void) initialization_done = 1; release_cache_lock (); - + cert_cache_print_stats (); } @@ -682,15 +682,15 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset) const char *s; int hexprefix = 0; int hexlength; - int mode = 0; - + int mode = 0; + *r_offset = *r_sn_offset = 0; /* Skip leading spaces. */ for(s = pattern; *s && spacep (s); s++ ) ; - switch (*s) + switch (*s) { case 0: /* Empty string is an error. */ result = PATTERN_UNKNOWN; @@ -732,12 +732,12 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset) break; case '#': /* Serial number or issuer DN. */ - { + { const char *si; - + s++; if ( *s == '/') - { + { /* An issuer's DN is indicated by "#/" */ s++; if (!*s || spacep (s)) @@ -745,7 +745,7 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset) else result = PATTERN_ISSUER; } - else + else { /* Serialnumber + optional issuer ID. */ for (si=s; *si && *si != '/'; si++) if (!strchr("01234567890abcdefABCDEF", *si)) @@ -772,10 +772,10 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset) break; case ':': /* Unified fingerprint. */ - { + { const char *se, *si; int i; - + se = strchr (++s, ':'); if (!se) result = PATTERN_UNKNOWN; @@ -793,7 +793,7 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset) else result = PATTERN_UNKNOWN; /* Invalid length for a fingerprint. */ } - } + } break; case '&': /* Keygrip. */ @@ -810,52 +810,52 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset) hexlength = strspn(s, "0123456789abcdefABCDEF"); /* Check if a hexadecimal number is terminated by EOS or blank. */ - if (hexlength && s[hexlength] && !spacep (s+hexlength)) + if (hexlength && s[hexlength] && !spacep (s+hexlength)) { /* If the "0x" prefix is used a correct termination is required. */ - if (hexprefix) + if (hexprefix) { - result = PATTERN_UNKNOWN; + result = PATTERN_UNKNOWN; break; /* switch */ } hexlength = 0; /* Not a hex number. */ } - + if (hexlength == 8 || (!hexprefix && hexlength == 9 && *s == '0')) - { + { if (hexlength == 9) s++; result = PATTERN_SHORT_KEYID; } else if (hexlength == 16 || (!hexprefix && hexlength == 17 && *s == '0')) - { + { if (hexlength == 17) s++; result = PATTERN_LONG_KEYID; } else if (hexlength == 32 || (!hexprefix && hexlength == 33 && *s == '0')) - { + { if (hexlength == 33) s++; result = PATTERN_FINGERPRINT16; } else if (hexlength == 40 || (!hexprefix && hexlength == 41 && *s == '0')) - { + { if (hexlength == 41) s++; result = PATTERN_FINGERPRINT20; } else if (!hexprefix) - { + { /* The fingerprints used with X.509 are often delimited by colons, so we try to single this case out. */ result = PATTERN_UNKNOWN; hexlength = strspn (s, ":0123456789abcdefABCDEF"); - if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) + if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) { int i, c; - for (i=0; i < 20; i++, s += 3) + for (i=0; i < 20; i++, s += 3) { c = hextobyte(s); if (c == -1 || (i < 19 && s[2] != ':')) @@ -865,14 +865,14 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset) result = PATTERN_FINGERPRINT20; } if (result == PATTERN_UNKNOWN) /* Default to substring match. */ - { + { result = PATTERN_SUBSTR; } } else /* A hex number with a prefix but with a wrong length. */ result = PATTERN_UNKNOWN; } - + if (result != PATTERN_UNKNOWN) *r_offset = s - pattern; return result; @@ -884,7 +884,7 @@ classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset) certificate, return all matching certificates by calling the supplied function RETFNC. */ gpg_error_t -get_certs_bypattern (const char *pattern, +get_certs_bypattern (const char *pattern, gpg_error_t (*retfnc)(void*,ksba_cert_t), void *retfnc_data) { @@ -904,7 +904,7 @@ get_certs_bypattern (const char *pattern, pattern += offset; switch (class) { - case PATTERN_UNKNOWN: + case PATTERN_UNKNOWN: err = gpg_error (GPG_ERR_INV_NAME); break; @@ -945,7 +945,7 @@ get_certs_bypattern (const char *pattern, if (!err && !seq) err = gpg_error (GPG_ERR_NOT_FOUND); break; - + case PATTERN_EMAIL: case PATTERN_EMAIL_SUBSTR: case PATTERN_FINGERPRINT16: @@ -1030,7 +1030,7 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno) break; } } - + err = fetch_next_ksba_cert (context, &cert); if (err) { @@ -1038,7 +1038,7 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno) gpg_strerror (err) ); break; } - + issdn = ksba_cert_get_issuer (cert, 0); if (strcmp (issuer_dn, issdn)) { @@ -1046,7 +1046,7 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno) ksba_cert_release (cert); cert = NULL; ksba_free (issdn); - break; + break; } sn = ksba_cert_get_serial (cert); @@ -1193,7 +1193,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid) break; } } - + err = fetch_next_ksba_cert (context, &cert); if (err) { @@ -1201,7 +1201,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid) gpg_strerror (err) ); break; } - + subjdn = ksba_cert_get_subject (cert, 0); if (strcmp (subject_dn, subjdn)) { @@ -1209,7 +1209,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid) ksba_cert_release (cert); cert = NULL; ksba_free (subjdn); - continue; + continue; } @@ -1257,7 +1257,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid) /* Return 0 if the certificate is a trusted certificate. Returns GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in case of systems errors. */ -gpg_error_t +gpg_error_t is_trusted_cert (ksba_cert_t cert) { unsigned char fpr[20]; @@ -1365,7 +1365,7 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert) err = 0; } - leave: + leave: if (!err && !issuer_cert) err = gpg_error (GPG_ERR_NOT_FOUND); @@ -1378,4 +1378,3 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert) return err; } - diff --git a/dirmngr/certcache.h b/dirmngr/certcache.h index 2b7aeaf74..9986f15c0 100644 --- a/dirmngr/certcache.h +++ b/dirmngr/certcache.h @@ -73,7 +73,7 @@ ksba_cert_t get_cert_bysubject (const char *subject_dn, unsigned int seq); /* Given PATTERN, which is a string as used by GnuPG to specify a certificate, return all matching certificates by calling the supplied function RETFNC. */ -gpg_error_t get_certs_bypattern (const char *pattern, +gpg_error_t get_certs_bypattern (const char *pattern, gpg_error_t (*retfnc)(void*,ksba_cert_t), void *retfnc_data); diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index 12d451060..edf3837af 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -18,16 +18,16 @@ * along with this program; if not, see <http://www.gnu.org/licenses/>. */ -/* +/* 1. To keep track of the CRLs actually cached and to store the meta information of the CRLs a simple record oriented text file is used. Fields in the file are colon (':') separated and values containing colons or linefeeds are percent escaped (e.g. a colon - itself is represented as "%3A"). + itself is represented as "%3A"). The first field is a record type identifier, so that the file is - useful to keep track of other meta data too. + useful to keep track of other meta data too. The name of the file is "DIR.txt". @@ -55,7 +55,7 @@ to be done. An "i" indicates an invalid cache entry which should not be used but still exists so that it can be - updated at NEXT_UPDATE. + updated at NEXT_UPDATE. Field 2: Hexadecimal encoded SHA-1 hash of the issuer DN using uppercase letters. Field 3: Issuer DN in RFC-2253 notation. @@ -75,7 +75,7 @@ n bytes Serialnumber (binary) used as key thus there is no need to store the length explicitly with DB2. - 1 byte Reason for revocation + 1 byte Reason for revocation (currently the KSBA reason flags are used) 15 bytes ISO date of revocation (e.g. 19980815T142000) Note that there is no terminating 0 stored. @@ -83,7 +83,7 @@ The filename used is the hexadecimal (using uppercase letters) SHA-1 hash value of the issuer DN prefixed with a "crl-" and suffixed with a ".db". Thus the length of the filename is 47. - + */ @@ -133,7 +133,7 @@ static const char oidstr_authorityKeyIdentifier[] = "2.5.29.35"; /* Definition of one cached item. */ -struct crl_cache_entry_s +struct crl_cache_entry_s { struct crl_cache_entry_s *next; int deleted; /* True if marked for deletion. */ @@ -164,7 +164,7 @@ struct crl_cache_entry_s /* Definition of the entire cache object. */ -struct crl_cache_s +struct crl_cache_s { crl_cache_entry_t entries; }; @@ -197,7 +197,7 @@ get_current_cache (void) } -/* +/* Create ae directory if it does not yet exists. Returns on success, or -1 on error. */ @@ -221,7 +221,7 @@ create_directory_if_needed (const char *name) gpg_err_set_errno (save_errno); return -1; } - } + } else closedir (dir); xfree (fname); @@ -265,7 +265,7 @@ cleanup_cache_dir (int force) char *cdbname = make_filename (dname, de->d_name, NULL); int okay; struct stat sbuf; - + if (force) okay = 1; else @@ -285,7 +285,7 @@ cleanup_cache_dir (int force) log_info (_("not removing file `%s'\n"), cdbname); xfree (cdbname); } - } + } xfree (dname); closedir (dir); return problem; @@ -345,7 +345,7 @@ next_line_from_file (estream_t fp, gpg_error_t *r_err) if (c == EOF && !len) return NULL; p[len] = 0; - + if (largebuf) tmpbuf = xtryrealloc (largebuf, len+1); else @@ -413,8 +413,8 @@ open_dir_file (const char *fname) fname, strerror (errno)); /* Make sure that the directory exists, try to create if otherwise. */ - if (create_directory_if_needed (NULL) - || create_directory_if_needed (DBDIR_D)) + if (create_directory_if_needed (NULL) + || create_directory_if_needed (DBDIR_D)) return NULL; fp = es_fopen (fname, "w"); if (!fp) @@ -518,7 +518,7 @@ static gpg_error_t open_dir (crl_cache_t *r_cache) { crl_cache_t cache; - char *fname; + char *fname; char *line = NULL; gpg_error_t lineerr = 0; estream_t fp; @@ -527,7 +527,7 @@ open_dir (crl_cache_t *r_cache) gpg_error_t err = 0; int anyerr = 0; - cache = xtrycalloc (1, sizeof *cache); + cache = xtrycalloc (1, sizeof *cache); if (!cache) return gpg_error_from_syserror (); @@ -591,15 +591,15 @@ open_dir (crl_cache_t *r_cache) case 6: strncpy (entry->next_update, p, 15); break; case 7: entry->dbfile_hash = p; break; case 8: if (*p) entry->crl_number = p; break; - case 9: + case 9: if (*p) entry->authority_issuer = unpercent_string (p); break; - case 10: + case 10: if (*p) entry->authority_serialno = unpercent_string (p); break; - case 11: + case 11: if (*p) entry->check_trust_anchor = xtrystrdup (p); break; @@ -629,7 +629,7 @@ open_dir (crl_cache_t *r_cache) } else { - line = NULL; + line = NULL; *entrytail = entry; entrytail = &entry->next; } @@ -683,9 +683,9 @@ open_dir (crl_cache_t *r_cache) /* Checks not leading to an immediate fail. */ if (strlen (entry->dbfile_hash) != 32) log_info (_("WARNING: invalid cache file hash in `%s' line %u\n"), - fname, entry->lineno); + fname, entry->lineno); } - + if (anyerr) { log_error (_("detected errors in cache dir file\n")); @@ -738,9 +738,9 @@ write_dir_line_crl (estream_t fp, crl_cache_entry_t e) es_putc (':', fp); write_percented_string (e->url, fp); es_putc (':', fp); - es_fwrite (e->this_update, 15, 1, fp); + es_fwrite (e->this_update, 15, 1, fp); es_putc (':', fp); - es_fwrite (e->next_update, 15, 1, fp); + es_fwrite (e->next_update, 15, 1, fp); es_putc (':', fp); es_fputs (e->dbfile_hash, fp); es_putc (':', fp); @@ -802,7 +802,7 @@ update_dir (crl_cache_t cache) #ifndef HAVE_W32_SYSTEM struct utsname utsbuf; #endif - + #ifdef HAVE_W32_SYSTEM nodename = "unknown"; #else @@ -853,10 +853,10 @@ update_dir (crl_cache_t cache) *endp = 0; e = find_entry ( cache->entries, fieldp); *endp = ':'; /* Restore orginal line. */ - if (e && e->deleted) + if (e && e->deleted) { /* Marked for deletion, so don't write it. */ - e->mark = 0; + e->mark = 0; } else if (e) { @@ -869,7 +869,7 @@ update_dir (crl_cache_t cache) because they may have been added in the meantime by other instances of dirmngr. */ es_fprintf (fpout, "# Next line added by " - "another process; our pid is %lu\n", + "another process; our pid is %lu\n", (unsigned long)getpid ()); es_fputs (line, fpout); es_putc ('\n', fpout); @@ -882,7 +882,7 @@ update_dir (crl_cache_t cache) es_putc ('\n', fpout); } } - else + else { /* Write out all non CRL lines as they are. */ es_fputs (line, fpout); @@ -1011,7 +1011,7 @@ hash_dbfile (const char *fname, unsigned char *md5buffer) /* We better hash some information about the cache file layout in. */ sprintf (buffer, "%.100s/%.100s:%d", DBDIR_D, DBDIRFILE, DBDIRVERSION); gcry_md_write (md5, buffer, strlen (buffer)); - + for (;;) { n = es_fread (buffer, 1, 65536, fp); @@ -1059,7 +1059,7 @@ check_dbfile (const char *fname, const char *md5hexvalue) /* Open the cache file for ENTRY. This function implements a caching strategy and might close unused cache files. It is required to use - unlock_db_file after using the file. */ + unlock_db_file after using the file. */ static struct cdb * lock_db_file (crl_cache_t cache, crl_cache_entry_t entry) { @@ -1168,7 +1168,7 @@ unlock_db_file (crl_cache_t cache, crl_cache_entry_t entry) log_error (_("calling unlock_db_file on a closed file\n")); else if (!entry->cdb_use_count) log_error (_("calling unlock_db_file on an unlocked file\n")); - else + else { entry->cdb_use_count--; entry->cdb_lru_count++; @@ -1196,12 +1196,12 @@ unlock_db_file (crl_cache_t cache, crl_cache_entry_t entry) /* Find ISSUER_HASH in our cache FIRST. This may be used to enumerate the linked list we use to keep the CRLs of an issuer. */ -static crl_cache_entry_t +static crl_cache_entry_t find_entry (crl_cache_entry_t first, const char *issuer_hash) { while (first && (first->deleted || strcmp (issuer_hash, first->issuer_hash))) first = first->next; - return first; + return first; } @@ -1220,7 +1220,7 @@ crl_cache_init(void) } err = open_dir (&cache); - if (err) + if (err) log_fatal (_("failed to create a new cache object: %s\n"), gpg_strerror (err)); current_cache = cache; @@ -1229,7 +1229,7 @@ crl_cache_init(void) /* Remove the cache information and all its resources. Note that we still keep the cache on disk. */ -void +void crl_cache_deinit (void) { if (current_cache) @@ -1241,7 +1241,7 @@ crl_cache_deinit (void) /* Delete the cache from disk. Return 0 on success.*/ -int +int crl_cache_flush (void) { int rc; @@ -1258,7 +1258,7 @@ crl_cache_flush (void) cache has not yet expired. We use a 30 minutes threshold here so that invoking this function several times won't load the CRL over and over. */ -static crl_cache_result_t +static crl_cache_result_t cache_isvalid (ctrl_t ctrl, const char *issuer_hash, const unsigned char *sn, size_t snlen, int force_refresh) @@ -1290,7 +1290,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash, if (force_refresh) { gnupg_isotime_t tmptime; - + if (*entry->last_refresh) { gnupg_copy_time (tmptime, entry->last_refresh); @@ -1298,7 +1298,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash, if (strcmp (tmptime, current_time) < 0 ) { log_info (_("force-crl-refresh active and %d minutes passed for" - " issuer id %s; update required\n"), + " issuer id %s; update required\n"), 30, issuer_hash); return CRL_CACHE_DONTKNOW; } @@ -1306,7 +1306,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash, else { log_info (_("force-crl-refresh active for" - " issuer id %s; update required\n"), + " issuer id %s; update required\n"), issuer_hash); return CRL_CACHE_DONTKNOW; } @@ -1322,7 +1322,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash, cdb = lock_db_file (cache, entry); if (!cdb) return CRL_CACHE_DONTKNOW; /* Hmmm, not the best error code. */ - + if (!entry->dbfile_checked) { log_error (_("cached CRL for issuer id %s tampered; we need to update\n") @@ -1332,7 +1332,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash, } rc = cdb_find (cdb, sn, snlen); - if (rc == 1) + if (rc == 1) { n = cdb_datalen (cdb); if (n != 16) @@ -1366,7 +1366,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash, } retval = CRL_CACHE_VALID; } - else + else { log_error (_("error getting data from cache file: %s\n"), strerror (errno)); @@ -1407,7 +1407,7 @@ cache_isvalid (ctrl_t ctrl, const char *issuer_hash, cache has not yet expired. We use a 30 minutes threshold here so that invoking this function several times won't load the CRL over and over. */ -crl_cache_result_t +crl_cache_result_t crl_cache_isvalid (ctrl_t ctrl, const char *issuer_hash, const char *serialno, int force_refresh) { @@ -1434,7 +1434,7 @@ crl_cache_isvalid (ctrl_t ctrl, const char *issuer_hash, const char *serialno, xfree (snbuf); return result; -} +} /* Check whether the certificate CERT is valid; i.e. not listed in our @@ -1467,7 +1467,7 @@ crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert, xfree (tmp); for (i=0,tmp=issuerhash_hex; i < 20; i++, tmp += 2) sprintf (tmp, "%02X", issuerhash[i]); - + /* Get the serial number. */ serial = ksba_cert_get_serial (cert); if (!serial) @@ -1503,9 +1503,9 @@ crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert, case CRL_CACHE_INVALID: err = gpg_error (GPG_ERR_CERT_REVOKED); break; - case CRL_CACHE_DONTKNOW: + case CRL_CACHE_DONTKNOW: err = gpg_error (GPG_ERR_NO_CRL_KNOWN); - case CRL_CACHE_CANTUSE: + case CRL_CACHE_CANTUSE: err = gpg_error (GPG_ERR_NO_CRL_KNOWN); break; default: @@ -1514,21 +1514,21 @@ crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert, xfree (serial); return err; -} +} /* Prepare a hash context for the signature verification. Input is the CRL and the output is the hash context MD as well as the uses algorithm identifier ALGO. */ static gpg_error_t -start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo) +start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo) { gpg_error_t err; const char *algoid; algoid = ksba_crl_get_digest_algo (crl); *algo = gcry_md_map_name (algoid); - if (!*algo) + if (!*algo) { log_error (_("unknown hash algorithm `%s'\n"), algoid? algoid:"?"); return gpg_error (GPG_ERR_DIGEST_ALGO); @@ -1544,7 +1544,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo) if (DBG_HASHING) gcry_md_debug (*md, "hash.cert"); - ksba_crl_set_hash_function (crl, HASH_FNC, *md); + ksba_crl_set_hash_function (crl, HASH_FNC, *md); return 0; } @@ -1572,33 +1572,33 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, /* Get and convert the signature value. */ sigval = ksba_crl_get_sig_val (crl); n = gcry_sexp_canon_len (sigval, 0, NULL, NULL); - if (!n) + if (!n) { log_error (_("got an invalid S-expression from libksba\n")); err = gpg_error (GPG_ERR_INV_SEXP); goto leave; } err = gcry_sexp_sscan (&s_sig, NULL, sigval, n); - if (err) + if (err) { log_error (_("converting S-expression failed: %s\n"), gcry_strerror (err)); goto leave; } - + /* Get and convert the public key for the issuer certificate. */ if (DBG_X509) dump_cert ("crl_issuer_cert", issuer_cert); pubkey = ksba_cert_get_public_key (issuer_cert); n = gcry_sexp_canon_len (pubkey, 0, NULL, NULL); - if (!n) + if (!n) { log_error (_("got an invalid S-expression from libksba\n")); err = gpg_error (GPG_ERR_INV_SEXP); goto leave; } err = gcry_sexp_sscan (&s_pkey, NULL, pubkey, n); - if (err) + if (err) { log_error (_("converting S-expression failed: %s\n"), gcry_strerror (err)); @@ -1610,10 +1610,10 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, for (i = 0; *s && i < sizeof(algoname) - 1; s++, i++) algoname[i] = ascii_tolower (*s); algoname[i] = 0; - err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))", + err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))", algoname, gcry_md_get_algo_dlen (algo), gcry_md_read (md, algo)); - if (err) + if (err) { log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err)); goto leave; @@ -1660,21 +1660,21 @@ abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md) error. R_TRUST_ANCHOR is set on exit to NULL or a string with the hexified fingerprint of the root certificate, if checking this certificate for trustiness is required. -*/ -static int +*/ +static int crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, struct cdb_make *cdb, const char *fname, char **r_crlissuer, ksba_isotime_t thisupdate, ksba_isotime_t nextupdate, char **r_trust_anchor) -{ +{ gpg_error_t err; ksba_stop_reason_t stopreason; ksba_cert_t crlissuer_cert = NULL; gcry_md_hd_t md = NULL; int algo = 0; size_t n; - + (void)fname; *r_crlissuer = NULL; @@ -1697,19 +1697,19 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, { if (start_sig_check (crl, &md, &algo )) goto failure; - + err = ksba_crl_get_update_times (crl, thisupdate, nextupdate); if (err) { log_error (_("error getting update times of CRL: %s\n"), - gpg_strerror (err)); + gpg_strerror (err)); err = gpg_error (GPG_ERR_INV_CRL); goto failure; } if (opt.verbose || !*nextupdate) - log_info (_("update times of this CRL: this=%s next=%s\n"), - thisupdate, nextupdate); + log_info (_("update times of this CRL: this=%s next=%s\n"), + thisupdate, nextupdate); if (!*nextupdate) { log_info (_("nextUpdate not given; " @@ -1719,7 +1719,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, } } break; - + case KSBA_SR_GOT_ITEM: { ksba_sexp_t serial; @@ -1742,7 +1742,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, if (!p) BUG (); record[0] = (reason & 0xff); - memcpy (record+1, rdate, 15); + memcpy (record+1, rdate, 15); rc = cdb_make_add (cdb, p, n, record, 1+15); if (rc) { @@ -1756,10 +1756,10 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, ksba_free (serial); } break; - + case KSBA_SR_END_ITEMS: break; - + case KSBA_SR_READY: { char *crlissuer; @@ -1791,7 +1791,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, if (opt.verbose) log_info (_("locating CRL issuer certificate by " "authorityKeyIdentifier\n")); - + s = ksba_name_enum (authid, 0); if (s && *authidsn) crlissuer_cert = find_cert_bysn (ctrl, s, authidsn); @@ -1830,11 +1830,11 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, err = gpg_error (GPG_ERR_MISSING_CERT); goto failure; } - + err = finish_sig_check (crl, md, algo, crlissuer_cert); if (err) { - log_error (_("CRL signature verification failed: %s\n"), + log_error (_("CRL signature verification failed: %s\n"), gpg_strerror (err)); goto failure; } @@ -1846,20 +1846,20 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, if (err) { log_error (_("error checking validity of CRL " - "issuer certificate: %s\n"), + "issuer certificate: %s\n"), gpg_strerror (err)); goto failure; } } break; - + default: log_debug ("crl_parse_insert: unknown stop reason\n"); err = gpg_error (GPG_ERR_BUG); goto failure; } - } + } while (stopreason != KSBA_SR_READY); assert (!err); @@ -1914,7 +1914,7 @@ get_auth_key_id (ksba_crl_t crl, char **serialno) if (!name) return xstrdup (""); - + length = 0; for (idx=0; (s = ksba_name_enum (name, idx)); idx++) { @@ -1954,7 +1954,7 @@ get_auth_key_id (ksba_crl_t crl, char **serialno) cmd_checkcrl cmd_loadcrl --fetch-crl - + */ gpg_error_t crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) @@ -1982,7 +1982,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) /* FIXME: We should acquire a mutex for the URL, so that we don't simultaneously enter the same CRL twice. However this needs to be interweaved with the checking function.*/ - + err2 = 0; err = ksba_crl_new (&crl); @@ -1991,7 +1991,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) log_error (_("ksba_crl_new failed: %s\n"), gpg_strerror (err)); goto leave; } - + err = ksba_crl_set_reader (crl, reader); if ( err ) { @@ -2030,7 +2030,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) xfree (tmpfname); if (!gnupg_remove (fname)) log_info (_("removed stale temporary cache file `%s'\n"), fname); - else if (errno != ENOENT) + else if (errno != ENOENT) { err = gpg_error_from_syserror (); log_error (_("problem removing stale temporary cache file `%s': %s\n"), @@ -2120,7 +2120,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) err2 = gpg_error (GPG_ERR_INV_CRL); invalidate_crl |= 2; } - if (gpg_err_code (err) == GPG_ERR_EOF + if (gpg_err_code (err) == GPG_ERR_EOF || gpg_err_code (err) == GPG_ERR_NO_DATA ) err = 0; if (err) @@ -2141,9 +2141,9 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) err = gpg_error_from_syserror (); goto leave; } - entry->release_ptr = xtrymalloc (strlen (issuer_hash) + 1 + entry->release_ptr = xtrymalloc (strlen (issuer_hash) + 1 + strlen (issuer) + 1 - + strlen (url) + 1 + + strlen (url) + 1 + strlen (checksum) + 1); if (!entry->release_ptr) { @@ -2157,8 +2157,8 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) entry->url = stpcpy (entry->issuer, issuer) + 1; entry->dbfile_hash = stpcpy (entry->url, url) + 1; strcpy (entry->dbfile_hash, checksum); - gnupg_copy_time (entry->this_update, thisupdate); - gnupg_copy_time (entry->next_update, nextupdate); + gnupg_copy_time (entry->this_update, thisupdate); + gnupg_copy_time (entry->next_update, nextupdate); gnupg_copy_time (entry->last_refresh, current_time); entry->crl_number = get_crl_number (crl); entry->authority_issuer = get_auth_key_id (crl, &entry->authority_serialno); @@ -2172,7 +2172,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) somehow into the list. */ for (e = cache->entries; (e=find_entry (e, entry->issuer_hash)); e = e->next) e->deleted = 1; - + /* Rename the temporary DB to the real name. */ newfname = make_db_file_name (entry->issuer_hash); if (opt.verbose) @@ -2182,7 +2182,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) only under Windows but saving file descriptors is never bad. */ { int any; - do + do { any = 0; for (e = cache->entries; e; e = e->next) @@ -2262,8 +2262,8 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp) es_fprintf (fp, _("Begin CRL dump (retrieved via %s)\n"), e->url ); es_fprintf (fp, " Issuer:\t%s\n", e->issuer ); es_fprintf (fp, " Issuer Hash:\t%s\n", e->issuer_hash ); - es_fprintf (fp, " This Update:\t%s\n", e->this_update ); - es_fprintf (fp, " Next Update:\t%s\n", e->next_update ); + es_fprintf (fp, " This Update:\t%s\n", e->this_update ); + es_fprintf (fp, " Next Update:\t%s\n", e->next_update ); es_fprintf (fp, " CRL Number :\t%s\n", e->crl_number? e->crl_number: "none"); es_fprintf (fp, " AuthKeyId :\t%s\n", e->authority_serialno? e->authority_serialno:"none"); @@ -2277,7 +2277,7 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp) es_putc (*s, fp); es_putc ('\n', fp); } - es_fprintf (fp, " Trust Check:\t%s\n", + es_fprintf (fp, " Trust Check:\t%s\n", !e->user_trust_req? "[system]" : e->check_trust_anchor? e->check_trust_anchor:"[missing]"); @@ -2325,7 +2325,7 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp) warn = 1; continue; } - + n = cdb_keylen (cdb); if (n > sizeof keyrecord) n = sizeof keyrecord; @@ -2341,26 +2341,26 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp) for (i = 0; i < n; i++) es_fprintf (fp, "%02X", keyrecord[i]); es_fputs (":\t reasons( ", fp); - + if (reason & KSBA_CRLREASON_UNSPECIFIED) es_fputs( "unspecified ", fp ), any = 1; if (reason & KSBA_CRLREASON_KEY_COMPROMISE ) - es_fputs( "key_compromise ", fp ), any = 1; + es_fputs( "key_compromise ", fp ), any = 1; if (reason & KSBA_CRLREASON_CA_COMPROMISE ) - es_fputs( "ca_compromise ", fp ), any = 1; + es_fputs( "ca_compromise ", fp ), any = 1; if (reason & KSBA_CRLREASON_AFFILIATION_CHANGED ) - es_fputs( "affiliation_changed ", fp ), any = 1; + es_fputs( "affiliation_changed ", fp ), any = 1; if (reason & KSBA_CRLREASON_SUPERSEDED ) - es_fputs( "superseeded", fp ), any = 1; + es_fputs( "superseeded", fp ), any = 1; if (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION ) - es_fputs( "cessation_of_operation", fp ), any = 1; + es_fputs( "cessation_of_operation", fp ), any = 1; if (reason & KSBA_CRLREASON_CERTIFICATE_HOLD ) - es_fputs( "certificate_hold", fp ), any = 1; + es_fputs( "certificate_hold", fp ), any = 1; if (reason && !any) - es_fputs( "other", fp ); - + es_fputs( "other", fp ); + es_fprintf (fp, ") rdate: %.15s\n", record+1); - } + } if (rc) log_error (_("error reading cache entry from db: %s\n"), strerror (rc)); @@ -2374,8 +2374,8 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp) /* Print the contents of the CRL CACHE in a human readable format to stream FP. */ -gpg_error_t -crl_cache_list (estream_t fp) +gpg_error_t +crl_cache_list (estream_t fp) { crl_cache_t cache = get_current_cache (); crl_cache_entry_t entry; @@ -2383,7 +2383,7 @@ crl_cache_list (estream_t fp) for (entry = cache->entries; entry && !entry->deleted && !err; - entry = entry->next ) + entry = entry->next ) err = list_one_crl_entry (cache, entry, fp); return err; @@ -2420,7 +2420,7 @@ crl_cache_load (ctrl_t ctrl, const char *filename) /* Locate the corresponding CRL for the certificate CERT, read and verify the CRL and store it in the cache. */ gpg_error_t -crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) +crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) { gpg_error_t err; ksba_reader_t reader = NULL; @@ -2441,7 +2441,7 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) &distpoint, &issuername, NULL ))) { - int name_seq; + int name_seq; gpg_error_t last_err = 0; if (!distpoint && !issuername) @@ -2463,7 +2463,7 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) distpoint_uri = ksba_name_get_uri (distpoint, name_seq); if (!distpoint_uri) continue; - + if (!strncmp (distpoint_uri, "ldap:", 5) || !strncmp (distpoint_uri, "ldaps:", 6)) { @@ -2478,9 +2478,9 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) } else continue; /* Skip unknown schemes. */ - + any_dist_point = 1; - + if (opt.verbose) log_info ("fetching CRL from `%s'\n", distpoint_uri); err = crl_fetch (ctrl, distpoint_uri, &reader); @@ -2491,10 +2491,10 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) last_err = err; continue; /* with the next name. */ } - + if (opt.verbose) log_info ("inserting CRL (reader %p)\n", reader); - err = crl_cache_insert (ctrl, distpoint_uri, reader); + err = crl_cache_insert (ctrl, distpoint_uri, reader); if (err) { log_error (_("crl_cache_insert via DP failed: %s\n"), @@ -2510,12 +2510,12 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) err = last_err; goto leave; } - + ksba_name_release (distpoint); distpoint = NULL; /* We don't do anything with issuername_uri yet but we keep the code for documentation. */ - issuername_uri = ksba_name_get_uri (issuername, 0); + issuername_uri = ksba_name_get_uri (issuername, 0); ksba_name_release (issuername); issuername = NULL; } @@ -2527,7 +2527,7 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) { if (opt.verbose) log_info ("no distribution point - trying issuer name\n"); - + if (reader) { crl_close_reader (reader); @@ -2535,10 +2535,10 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) } issuer = ksba_cert_get_issuer (cert, 0); - if (!issuer) + if (!issuer) { log_error ("oops: issuer missing in certificate\n"); - err = gpg_error (GPG_ERR_INV_CERT_OBJ); + err = gpg_error (GPG_ERR_INV_CERT_OBJ); goto leave; } @@ -2568,9 +2568,8 @@ crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert) crl_close_reader (reader); xfree (distpoint_uri); xfree (issuername_uri); - ksba_name_release (distpoint); - ksba_name_release (issuername); + ksba_name_release (distpoint); + ksba_name_release (issuername); ksba_free (issuer); return err; } - diff --git a/dirmngr/crlcache.h b/dirmngr/crlcache.h index c2995129c..6e9dc28ff 100644 --- a/dirmngr/crlcache.h +++ b/dirmngr/crlcache.h @@ -22,9 +22,9 @@ #define CRLCACHE_H -typedef enum +typedef enum { - CRL_CACHE_VALID = 0, + CRL_CACHE_VALID = 0, CRL_CACHE_INVALID, CRL_CACHE_DONTKNOW, CRL_CACHE_CANTUSE @@ -32,11 +32,11 @@ typedef enum crl_cache_result_t; typedef enum foo - { + { CRL_SIG_OK = 0, CRL_SIG_NOT_OK, CRL_TOO_OLD, - CRL_SIG_ERROR, + CRL_SIG_ERROR, CRL_GENERAL_ERROR } crl_sig_result_t; diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c index 057742389..822584b49 100644 --- a/dirmngr/crlfetch.c +++ b/dirmngr/crlfetch.c @@ -13,7 +13,7 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. */ @@ -61,7 +61,7 @@ static void register_file_reader (ksba_reader_t reader, struct reader_cb_context_s *cb_ctx) { int i; - + for (;;) { for (i=0; i < MAX_FILE_READER; i++) @@ -72,7 +72,7 @@ register_file_reader (ksba_reader_t reader, struct reader_cb_context_s *cb_ctx) return; } log_info (_("reader to file mapping table full - waiting\n")); - pth_sleep (2); + pth_sleep (2); } } @@ -97,7 +97,7 @@ get_file_reader (ksba_reader_t reader) -static int +static int my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread) { struct reader_cb_context_s *cb_ctx = opaque; @@ -144,7 +144,7 @@ my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread) return result; } - + /* Fetch CRL from URL and return the entire CRL using new ksba reader object in READER. Note that this reader object should be closed @@ -194,7 +194,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader) else err = http_open_document (&hd, url, NULL, (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) - |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0), + |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0), opt.http_proxy, NULL, NULL, NULL); switch ( err? 99999 : http_get_status_code (hd) ) @@ -236,7 +236,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader) } } break; - + case 301: /* Redirection (perm.). */ case 302: /* Redirection (temp.). */ { @@ -265,7 +265,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader) http_close (hd, 0); } break; - + case 99999: /* Made up status code for error reporting. */ log_error (_("error retrieving `%s': %s\n"), url, gpg_strerror (err)); @@ -359,7 +359,7 @@ fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert) unsigned char *value; size_t valuelen; ksba_cert_t cert; - + *r_cert = NULL; err = fetch_next_cert_ldap (context, &value, &valuelen); @@ -445,7 +445,7 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url, ksba_cert_release (cert); ldap_wrapper_release_context (reader); - return err; + return err; } /* This function is to be used to close the reader object. In @@ -464,7 +464,7 @@ crl_close_reader (ksba_reader_t reader) if (cb_ctx) { /* This is an HTTP context. */ - if (cb_ctx->fp) + if (cb_ctx->fp) es_fclose (cb_ctx->fp); /* Release the base64 decoder state. */ if (cb_ctx->is_pem) diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c index 5aba0c80a..e20e6c08f 100644 --- a/dirmngr/dirmngr-client.c +++ b/dirmngr/dirmngr-client.c @@ -29,7 +29,7 @@ #include <assert.h> #include <gpg-error.h> -#include <assuan.h> +#include <assuan.h> #define JNLIB_NEED_LOG_LOGV #include "../common/logging.h" @@ -43,7 +43,7 @@ /* Constants for the options. */ -enum +enum { oQuiet = 'q', oVerbose = 'v', @@ -81,7 +81,7 @@ static ARGPARSE_OPTS opts[] = { N_("force the use of the default OCSP responder")}, { 0, NULL, 0, NULL } }; - + /* The usual structure for the program flags. */ static struct @@ -137,7 +137,7 @@ static const char * my_strusage (int level) { const char *p; - + switch(level) { case 11: p = "dirmngr-client (GnuPG)"; @@ -182,18 +182,18 @@ main (int argc, char **argv ) set_strusage (my_strusage); log_set_prefix ("dirmngr-client", - JNLIB_LOG_WITH_PREFIX); + JNLIB_LOG_WITH_PREFIX); /* For W32 we need to initialize the socket subsystem. Becuase we don't use Pth we need to do this explicit. */ -#ifdef HAVE_W32_SYSTEM +#ifdef HAVE_W32_SYSTEM { WSADATA wsadat; WSAStartup (0x202, &wsadat); } #endif /*HAVE_W32_SYSTEM*/ - + /* Init Assuan. */ assuan_set_assuan_log_prefix (log_get_prefix (NULL)); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); @@ -211,7 +211,7 @@ main (int argc, char **argv ) { case oVerbose: opt.verbose++; break; case oQuiet: opt.quiet++; break; - + case oOCSP: opt.use_ocsp++; break; case oPing: cmd_ping = 1; break; case oCacheCert: cmd_cache_cert = 1; break; @@ -221,7 +221,7 @@ main (int argc, char **argv ) case oLocal: opt.local = 1; break; case oLoadCRL: cmd_loadcrl = 1; break; case oPEM: opt.pem = 1; break; - case oSquidMode: + case oSquidMode: opt.pem = 1; opt.escaped_pem = 1; cmd_squid_mode = 1; @@ -235,11 +235,11 @@ main (int argc, char **argv ) exit (2); /* Build the helptable for radix64 to bin conversion. */ - if (opt.pem) + if (opt.pem) { int i; unsigned char *s; - + for (i=0; i < 256; i++ ) asctobin[i] = 255; /* Used to detect invalid characters. */ for (s=bintoasc, i=0; *s; s++, i++) @@ -428,7 +428,7 @@ data_cb (void *opaque, const void *buffer, size_t length) } return 0; } - + /* Try to connect to the dirmngr via socket or fork it off and work by pipes. Handle the server's initial greeting */ @@ -470,7 +470,7 @@ start_dirmngr (int only_daemon) if (opt.verbose) log_info (_("no running dirmngr - starting one\n")); - + if (!opt.dirmngr_program || !*opt.dirmngr_program) opt.dirmngr_program = "./dirmngr"; if ( !(pgmname = strrchr (opt.dirmngr_program, '/'))) @@ -681,8 +681,8 @@ read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen) real LF and not a trailing percent escaped one. */ if (c== '\n' && !escaped_c) goto ready; - break; - default: + break; + default: BUG(); } } @@ -729,7 +729,7 @@ read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen) buf = NULL; bufsize = buflen = 0; #define NCHUNK 8192 - do + do { bufsize += NCHUNK; if (!buf) @@ -816,10 +816,10 @@ do_check (assuan_context_t ctx, const unsigned char *cert, size_t certlen) parm.cert = cert; parm.certlen = certlen; - err = assuan_transact (ctx, + err = assuan_transact (ctx, (opt.use_ocsp && opt.force_default_responder - ? "CHECKOCSP --force-default-responder" - : opt.use_ocsp? "CHECKOCSP" : "CHECKCRL"), + ? "CHECKOCSP --force-default-responder" + : opt.use_ocsp? "CHECKOCSP" : "CHECKCRL"), NULL, NULL, inq_cert, &parm, status_cb, NULL); if (opt.verbose > 1) log_info ("response of dirmngr: %s\n", err? gpg_strerror (err): "okay"); @@ -887,7 +887,7 @@ do_loadcrl (assuan_context_t ctx, const char *filename) log_error ("error canonicalizing `%s': %s\n", filename, strerror (errno)); return gpg_error (GPG_ERR_GENERAL); - } + } #else fname = xstrdup (filename); #endif @@ -897,7 +897,7 @@ do_loadcrl (assuan_context_t ctx, const char *filename) return gpg_error (GPG_ERR_GENERAL); } } - + line = xmalloc (8 + 6 + strlen (fname) * 3 + 1); p = stpcpy (line, "LOADCRL "); if (opt.url) @@ -988,7 +988,7 @@ squid_loop_body (assuan_context_t ctx) gpg_error_t err; unsigned char *certbuf; size_t certbuflen = 0; - + err = read_pem_certificate (NULL, &certbuf, &certbuflen); if (gpg_err_code (err) == GPG_ERR_EOF) return err; @@ -1008,7 +1008,7 @@ squid_loop_body (assuan_context_t ctx) log_info (_("certificate is valid\n")); puts ("OK"); } - else + else { if (!opt.quiet) { @@ -1020,7 +1020,7 @@ squid_loop_body (assuan_context_t ctx) } puts ("ERROR"); } - + fflush (stdout); return 0; diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 1ba90b8ed..de243ee25 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -36,10 +36,10 @@ /* This objects keeps information about a particular LDAP server and is used as item of a single linked list of servers. */ -struct ldap_server_s +struct ldap_server_s { struct ldap_server_s* next; - + char *host; int port; char *user; @@ -71,7 +71,7 @@ struct fingerprint_list_s /* A large struct named "opt" to keep global flags. */ -struct +struct { unsigned int debug; /* debug flags (DBG_foo_VALUE) */ int verbose; /* verbosity level */ @@ -116,18 +116,18 @@ struct int max_replies; unsigned int ldaptimeout; - + ldap_server_t ldapservers; int add_new_ldapservers; const char *ocsp_responder; /* Standard OCSP responder's URL. */ fingerprint_list_t ocsp_signer; /* The list of fingerprints with allowed standard OCSP signer certificates. */ - + unsigned int ocsp_max_clock_skew; /* Allowed seconds of clocks skew. */ unsigned int ocsp_max_period; /* Seconds a response is at maximum considered valid after thisUpdate. */ - unsigned int ocsp_current_period; /* Seconds a response is considered + unsigned int ocsp_current_period; /* Seconds a response is considered current after nextUpdate. */ } opt; @@ -168,7 +168,7 @@ struct server_control_s int status_fd; /* Only for non-server mode. */ struct server_local_s *server_local; int force_crl_refresh; /* Always load a fresh CRL. */ - + int check_revocations_nest_level; /* Internal to check_revovations. */ cert_ref_t ocsp_certs; /* Certificates from the current OCSP response. */ diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c index a0df499d4..8433bbf81 100644 --- a/dirmngr/dirmngr_ldap.c +++ b/dirmngr/dirmngr_ldap.c @@ -100,7 +100,7 @@ static void pth_leave (void) { } /* Constants for the options. */ -enum +enum { oQuiet = 'q', oVerbose = 'v', @@ -187,7 +187,7 @@ static const char * my_strusage (int level) { const char *p; - + switch(level) { case 11: p = "dirmngr_ldap (GnuPG)"; @@ -230,13 +230,13 @@ ldap_wrapper_main (char **argv, estream_t outstream) struct my_opt_s my_opt_buffer; my_opt_t myopt = &my_opt_buffer; char *malloced_buffer1 = NULL; - + memset (&my_opt_buffer, 0, sizeof my_opt_buffer); #ifdef USE_LDAPWRAPPER set_strusage (my_strusage); - log_set_prefix ("dirmngr_ldap", JNLIB_LOG_WITH_PREFIX); - + log_set_prefix ("dirmngr_ldap", JNLIB_LOG_WITH_PREFIX); + /* Setup I18N and common subsystems. */ i18n_init(); @@ -265,8 +265,8 @@ ldap_wrapper_main (char **argv, estream_t outstream) { case oVerbose: myopt->verbose++; break; case oQuiet: myopt->quiet++; break; - case oTimeout: - myopt->timeout.tv_sec = pargs.r.ret_int; + case oTimeout: + myopt->timeout.tv_sec = pargs.r.ret_int; myopt->timeout.tv_usec = 0; myopt->alarm_timeout = pargs.r.ret_int; break; @@ -322,7 +322,7 @@ ldap_wrapper_main (char **argv, estream_t outstream) if (!myopt->port) myopt->port = 389; /* make sure ports gets overridden. */ } - + if (myopt->port < 0 || myopt->port > 65535) log_error (_("invalid port number %d\n"), myopt->port); @@ -342,12 +342,12 @@ ldap_wrapper_main (char **argv, estream_t outstream) #ifndef HAVE_W32_SYSTEM # if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION) struct sigaction act; - + act.sa_handler = catch_alarm; sigemptyset (&act.sa_mask); act.sa_flags = 0; if (sigaction (SIGALRM,&act,NULL)) -# else +# else if (signal (SIGALRM, catch_alarm) == SIG_ERR) # endif log_fatal ("unable to register timeout handler\n"); @@ -413,7 +413,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr) } } - + for (pth_enter (), attr = my_ldap_first_attribute (ld, item, &berctx), pth_leave (); attr; @@ -425,7 +425,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr) if (myopt->verbose > 1) log_info (_(" available attribute `%s'\n"), attr); - + set_timeout (myopt); /* I case we want only one attribute we do a case @@ -474,7 +474,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr) for (idx=0; values[idx]; idx++) log_info (" length[%d]=%d\n", idx, (int)values[0]->bv_len); - + } if (myopt->multi) @@ -487,7 +487,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr) tmp[2] = (n >> 16); tmp[3] = (n >> 8); tmp[4] = (n); - if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1 + if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1 || es_fwrite (attr, n, 1, myopt->outstream) != 1) { log_error (_("error writing to stdout: %s\n"), @@ -544,7 +544,7 @@ print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr) break; /* We only want to return the first attribute. */ } ber_free (berctx, 0); - } + } if (myopt->verbose > 1 && any) log_info ("result has been printed\n"); @@ -623,7 +623,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp) pth_leave (); if (!ld) { - log_error (_("LDAP init to `%s:%d' failed: %s\n"), + log_error (_("LDAP init to `%s:%d' failed: %s\n"), host, port, strerror (errno)); return -1; } @@ -633,7 +633,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp) pth_leave (); if (ret) { - log_error (_("binding to `%s:%d' failed: %s\n"), + log_error (_("binding to `%s:%d' failed: %s\n"), host, port, strerror (errno)); ldap_unbind (ld); return -1; @@ -660,7 +660,7 @@ fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp) #ifdef HAVE_W32CE_SYSTEM log_error ("searching `%s' failed: %d\n", url, rc); #else - log_error (_("searching `%s' failed: %s\n"), + log_error (_("searching `%s' failed: %s\n"), url, ldap_err2string (rc)); #endif if (rc != LDAP_NO_SUCH_OBJECT) @@ -707,4 +707,3 @@ process_url (my_opt_t myopt, const char *url) ldap_free_urldesc (ludp); return rc; } - diff --git a/dirmngr/get-path.c b/dirmngr/get-path.c index c944ec1dd..c773e7074 100644 --- a/dirmngr/get-path.c +++ b/dirmngr/get-path.c @@ -4,17 +4,17 @@ Copyright (C) 2001, 2002, 2003, 2004, 2007 g10 Code GmbH This file is part of DirMngr. - + DirMngr is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + DirMngr is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -45,10 +45,10 @@ #ifdef HAVE_W32_SYSTEM #define GNUPG_DEFAULT_HOMEDIR "c:/gnupg" #elif defined(__VMS) -#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" +#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" #else #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" -#endif +#endif #ifdef HAVE_DOSISH_SYSTEM #define DIRSEP_C '\\' @@ -91,7 +91,7 @@ dlclose (void * hd) return 0; } return -1; -} +} /* Return a string from the W32 Registry or NULL in case of error. @@ -103,7 +103,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) HKEY root_key, key_handle; DWORD n1, nbytes, type; char *result = NULL; - + if ( !root ) root_key = HKEY_CURRENT_USER; else if ( !strcmp( root, "HKEY_CLASSES_ROOT" ) ) @@ -120,7 +120,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) root_key = HKEY_CURRENT_CONFIG; else return NULL; - + if ( RegOpenKeyEx ( root_key, dir, 0, KEY_READ, &key_handle ) ) { if (root) @@ -151,10 +151,10 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) goto leave; } result[nbytes] = 0; /* Make sure it is really a string. */ - if (type == REG_EXPAND_SZ && strchr (result, '%')) + if (type == REG_EXPAND_SZ && strchr (result, '%')) { char *tmp; - + n1 += 1000; tmp = malloc (n1+1); if (!tmp) @@ -183,7 +183,7 @@ read_w32_registry_string (const char *root, const char *dir, const char *name) result = malloc (strlen (tmp)+1); if (!result) result = tmp; - else + else { strcpy (result, tmp); free (tmp); @@ -276,8 +276,8 @@ find_program_at_standard_place (const char *name) { char path[MAX_PATH]; char *result = NULL; - - if (w32_shgetfolderpath (NULL, CSIDL_PROGRAM_FILES, NULL, 0, path) >= 0) + + if (w32_shgetfolderpath (NULL, CSIDL_PROGRAM_FILES, NULL, 0, path) >= 0) { result = malloc (strlen (path) + 1 + strlen (name) + 1); if (result) @@ -348,7 +348,7 @@ standard_homedir (void) if (!dir) { char path[MAX_PATH]; - + /* It might be better to use LOCAL_APPDATA because this is defined as "non roaming" and thus more likely to be kept locally. For private keys this is desired. However, given @@ -356,13 +356,13 @@ standard_homedir (void) using a system roaming services might be better than to let them do it manually. A security conscious user will anyway use the registry entry to have better control. */ - if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, - NULL, 0, path) >= 0) + if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, + NULL, 0, path) >= 0) { char *tmp = xmalloc (strlen (path) + 6 +1); strcpy (stpcpy (tmp, path), "\\gnupg"); dir = tmp; - + /* Try to create the directory if it does not yet exists. */ if (access (dir, F_OK)) CreateDirectory (dir, NULL); @@ -388,7 +388,7 @@ default_homedir (void) if (!dir || !*dir) { static const char *saved_dir; - + if (!saved_dir) { if (!dir || !*dir) @@ -405,7 +405,7 @@ default_homedir (void) if (tmp) saved_dir = tmp; } - + if (!saved_dir) saved_dir = standard_homedir (); } @@ -442,7 +442,7 @@ w32_rootdir (void) else { log_debug ("bad filename `%s' returned for this process\n", dir); - *dir = 0; + *dir = 0; } } @@ -461,8 +461,8 @@ w32_commondir (void) { char path[MAX_PATH]; - if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, - NULL, 0, path) >= 0) + if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA, + NULL, 0, path) >= 0) { char *tmp = xmalloc (strlen (path) + 4 +1); strcpy (stpcpy (tmp, path), "\\GNU"); @@ -477,7 +477,7 @@ w32_commondir (void) dir = xstrdup (w32_rootdir ()); } } - + return dir; } #endif /*HAVE_W32_SYSTEM*/ @@ -563,8 +563,8 @@ dirmngr_cachedir (void) s1_len += 1 + strlen (*comp); } - if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE, - NULL, 0, path) >= 0) + if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE, + NULL, 0, path) >= 0) { char *tmp = xmalloc (strlen (path) + s1_len + 1); char *p; diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index fd2a2b568..50f0d5063 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -173,11 +173,10 @@ ks_action_put (ctrl_t ctrl, const void *data, size_t datalen) } } } - + if (!any) err = gpg_error (GPG_ERR_NO_KEYSERVER); else if (!err && first_err) err = first_err; /* fixme: Do we really want to do that? */ return err; } - diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index e25900ae1..3467a6df3 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -107,7 +107,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, case 302: { const char *s = http_get_header (http, "Location"); - + log_info (_("URL `%s' redirected to `%s' (%u)\n"), request, s?s:"[none]", http_get_status_code (http)); if (s && *s && redirects_left-- ) @@ -197,7 +197,7 @@ armor_data (char **r_string, const void *data, size_t datalen) es_fclose (fp); return err; } - + es_rewind (fp); if (es_read (fp, buffer, length, &nread)) { @@ -207,7 +207,7 @@ armor_data (char **r_string, const void *data, size_t datalen) } buffer[nread] = 0; es_fclose (fp); - + *r_string = buffer; return 0; } @@ -252,7 +252,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, pattern = fprbuf; break; case KEYDB_SEARCH_MODE_LONG_KID: - snprintf (fprbuf, sizeof fprbuf, "0x%08lX%08lX", + snprintf (fprbuf, sizeof fprbuf, "0x%08lX%08lX", (ulong)desc.u.kid[0], (ulong)desc.u.kid[1]); pattern = fprbuf; break; @@ -268,7 +268,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, default: return gpg_error (GPG_ERR_INV_USER_ID); } - + /* Map scheme and port. */ if (!strcmp (uri->scheme,"hkps") || !strcmp (uri->scheme,"https")) { @@ -289,7 +289,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, { char *searchkey; - hostport = strconcat (scheme, "://", + hostport = strconcat (scheme, "://", *uri->host? uri->host: "localhost", ":", portstr, NULL); if (!hostport) @@ -316,7 +316,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, goto leave; } } - + /* Send the request. */ err = send_request (ctrl, request, hostport, NULL, NULL, &fp); if (err) @@ -395,7 +395,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) default: return gpg_error (GPG_ERR_INV_USER_ID); } - + /* Map scheme and port. */ if (!strcmp (uri->scheme,"hkps") || !strcmp (uri->scheme,"https")) { @@ -414,7 +414,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) /* Build the request string. */ { - hostport = strconcat (scheme, "://", + hostport = strconcat (scheme, "://", *uri->host? uri->host: "localhost", ":", portstr, NULL); if (!hostport) @@ -433,7 +433,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) goto leave; } } - + /* Send the request. */ err = send_request (ctrl, request, hostport, NULL, NULL, &fp); if (err) @@ -527,7 +527,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) armored = NULL; /* Build the request string. */ - hostport = strconcat (scheme, "://", + hostport = strconcat (scheme, "://", *uri->host? uri->host: "localhost", ":", portstr, NULL); if (!hostport) @@ -542,7 +542,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) err = gpg_error_from_syserror (); goto leave; } - + /* Send the request. */ err = send_request (ctrl, request, hostport, put_post_cb, &parm, &fp); if (err) diff --git a/dirmngr/ldap-url.c b/dirmngr/ldap-url.c index eedcc6fd2..7b27a3096 100644 --- a/dirmngr/ldap-url.c +++ b/dirmngr/ldap-url.c @@ -92,7 +92,7 @@ software is provided ``as is'' without express or implied warranty. */ #define LDAP_REALLOC realloc #define ldap_utf8_strchr strchr #define ldap_utf8_strtok(n,d,s) strtok (n,d) -#define Debug(a,b,c,d,e) +#define Debug(a,b,c,d,e) void ldap_pvt_hex_unescape( char *s ); @@ -336,7 +336,7 @@ char * ldap_charray2str( char **a, const char *sep ) s = LDAP_MALLOC ( len + 1 ); if ( s == NULL ) { - return NULL; + return NULL; } p = s; @@ -636,7 +636,7 @@ ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp ) * anything real. */ if( (p == NULL) && (q != NULL) && ((q = strchr( q, '?')) != NULL)) { - q++; + q++; /* ? immediately followed by question */ if( *q == '?') { q++; @@ -866,7 +866,7 @@ ldap_free_urldesc( LDAPURLDesc *ludp ) if ( ludp == NULL ) { return; } - + if ( ludp->lud_scheme != NULL ) { LDAP_FREE( ludp->lud_scheme ); } @@ -929,4 +929,3 @@ ldap_pvt_hex_unescape( char *s ) *p = '\0'; } - diff --git a/dirmngr/ldap-wrapper-ce.c b/dirmngr/ldap-wrapper-ce.c index 9e6f785de..d50beb153 100644 --- a/dirmngr/ldap-wrapper-ce.c +++ b/dirmngr/ldap-wrapper-ce.c @@ -17,7 +17,7 @@ * along with this program; if not, see <http://www.gnu.org/licenses/>. */ -/* +/* Alternative wrapper for use with WindowsCE. Under WindowsCE the number of processes is strongly limited (32 processes including the kernel processes) and thus we don't use the process approach but @@ -54,7 +54,7 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count) { gpg_error_t err; size_t nread; - + while (count) { err = ksba_reader_read (reader, buffer, count, &nread); @@ -132,7 +132,7 @@ outstream_cookie_writer (void *cookie_arg, const void *buffer, size_t size) /* Buffer is full: Wait for space. */ pth_yield (NULL); } - + /* Copy data. */ dst = cookie->buffer + cookie->buffer_len; while (size && cookie->buffer_len < DIM (cookie->buffer)) @@ -213,7 +213,7 @@ outstream_reader_cb (void *cb_value, char *buffer, size_t count, /* Wait for data to become available. */ pth_yield (NULL); } - + src = cookie->buffer + cookie->buffer_pos; while (count && cookie->buffer_pos < cookie->buffer_len) { @@ -225,7 +225,7 @@ outstream_reader_cb (void *cb_value, char *buffer, size_t count, if (cookie->buffer_pos == cookie->buffer_len) cookie->buffer_pos = cookie->buffer_len = 0; - + /* Now there should be some space available. We do this even if COUNT was zero so to give the writer end a chance to continue. */ pth_yield (NULL); @@ -330,7 +330,7 @@ static void * ldap_wrapper_thread (void *opaque) { struct ldap_wrapper_thread_parms *parms = opaque; - + /*err =*/ ldap_wrapper_main (parms->arg_list, parms->outstream); /* FIXME: Do we need to return ERR? */ @@ -418,7 +418,7 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *r_reader, const char *argv[]) pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 128*1024); pth_attr_set (tattr, PTH_ATTR_NAME, "ldap-wrapper"); - + if (pth_spawn (tattr, ldap_wrapper_thread, parms)) parms = NULL; /* Now owned by the thread. */ else diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c index fa5bf3c6b..dd378d1ae 100644 --- a/dirmngr/ldap-wrapper.c +++ b/dirmngr/ldap-wrapper.c @@ -23,7 +23,7 @@ 1. On some systems the LDAP library uses (indirectly) pthreads and that is not compatible with PTh. - + 2. It is huge library in particular if TLS comes into play. So problems with unfreed memory might turn up and we don't want this in a long running daemon. @@ -35,7 +35,7 @@ process to commit suicide or have our own housekepping function kill it after some time. The latter also allows proper cancellation of a query at any point of time. - + 4. Given that we are going out to the network and usually get back a long response, the fork/exec overhead is acceptable. @@ -129,7 +129,7 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count) { gpg_error_t err; size_t nread; - + while (count) { err = ksba_reader_read (reader, buffer, count, &nread); @@ -144,7 +144,7 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count) /* Release the wrapper context and kill a running wrapper process. */ static void -destroy_wrapper (struct wrapper_context_s *ctx) +destroy_wrapper (struct wrapper_context_s *ctx) { if (ctx->pid != (pid_t)(-1)) { @@ -175,18 +175,18 @@ print_log_line (struct wrapper_context_s *ctx, char *line) if (ctx->line && ctx->linelen) { - log_info ("%s\n", ctx->line); + log_info ("%s\n", ctx->line); ctx->linelen = 0; } return; } - + while ((s = strchr (line, '\n'))) { *s = 0; if (ctx->line && ctx->linelen) { - log_info ("%s", ctx->line); + log_info ("%s", ctx->line); ctx->linelen = 0; log_printf ("%s\n", line); } @@ -229,7 +229,7 @@ read_log_data (struct wrapper_context_s *ctx) char line[256]; /* We must use the pth_read function for pipes, always. */ - do + do n = pth_read (ctx->log_fd, line, sizeof line - 1); while (n < 0 && errno == EINTR); @@ -334,7 +334,7 @@ ldap_wrapper_thread (void *dummy) { gpg_error_t err; int status; - + err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0, &status); if (!err) @@ -384,15 +384,15 @@ ldap_wrapper_thread (void *dummy) /* If something has been printed to the log file or we got an EOF from a wrapper, we now print the list of active wrappers. */ - if (any_action && DBG_LOOKUP) + if (any_action && DBG_LOOKUP) { log_info ("ldap worker stati:\n"); for (ctx = wrapper_list; ctx; ctx = ctx->next) log_info (" c=%p pid=%d/%d rdr=%p ctrl=%p/%d la=%lu rdy=%d\n", - ctx, + ctx, (int)ctx->pid, (int)ctx->printable_pid, ctx->reader, - ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0, + ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0, (unsigned long)ctx->stamp, ctx->ready); } @@ -402,7 +402,7 @@ ldap_wrapper_thread (void *dummy) is not anymore in use or we are in shutdown state. */ again: for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next) - if (ctx->ready + if (ctx->ready && ((ctx->log_fd == -1 && !ctx->reader) || shutting_down)) { if (ctx_prev) @@ -470,13 +470,13 @@ ldap_wrapper_release_context (ksba_reader_t reader) if (!reader ) return; - + for (ctx=wrapper_list; ctx; ctx=ctx->next) if (ctx->reader == reader) { if (DBG_LOOKUP) log_info ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n", - ctx, + ctx, (int)ctx->pid, (int)ctx->printable_pid, ctx->reader, ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0); @@ -518,7 +518,7 @@ ldap_wrapper_connection_cleanup (ctrl_t ctrl) /* This is the callback used by the ldap wrapper to feed the ksba reader with the wrappers stdout. See the description of ksba_reader_set_cb for details. */ -static int +static int reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread) { struct wrapper_context_s *ctx = cb_value; @@ -580,7 +580,7 @@ reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread) pth_event_free (evt, PTH_FREE_THIS); return -1; /* EOF. */ } - break; + break; } nleft -= n; buffer += n; diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index b71a0d3c9..87121fd83 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -112,11 +112,11 @@ add_server_to_servers (const char *host, int port) /* Perform an LDAP query. Returns an gpg error code or 0 on success. The function returns a new reader object at READER. */ static gpg_error_t -run_ldap_wrapper (ctrl_t ctrl, +run_ldap_wrapper (ctrl_t ctrl, int ignore_timeout, int multi_mode, const char *proxy, - const char *host, int port, + const char *host, int port, const char *user, const char *pass, const char *dn, const char *filter, const char *attr, const char *url, @@ -125,7 +125,7 @@ run_ldap_wrapper (ctrl_t ctrl, const char *argv[40]; int argc; char portbuf[30], timeoutbuf[30]; - + *reader = NULL; @@ -186,7 +186,7 @@ run_ldap_wrapper (ctrl_t ctrl, } argv[argc++] = url? url : "ldap://"; argv[argc] = NULL; - + return ldap_wrapper (ctrl, reader, argv); } @@ -216,7 +216,7 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, const char *host, int port, will enlarge the list of servers to consult without a limit and all LDAP queries w/o a host are will then try each host in turn. */ - if (!err && opt.add_new_ldapservers && !opt.ldap_proxy) + if (!err && opt.add_new_ldapservers && !opt.ldap_proxy) { if (host) add_server_to_servers (host, port); @@ -236,11 +236,11 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, const char *host, int port, if (err && !(opt.ldap_proxy && opt.only_ldap_proxy)) { struct ldapserver_iter iter; - + if (DBG_LOOKUP) log_debug ("no hostname in URL or query failed; " "trying all default hostnames\n"); - + for (ldapserver_iter_begin (&iter, ctrl); err && ! ldapserver_iter_end_p (&iter); ldapserver_iter_next (&iter)) @@ -365,19 +365,19 @@ parse_one_pattern (const char *pattern) default: /* Take as substring match. */ { const char format[] = "(|(sn=*%s*)(|(cn=*%s*)(mail=*%s*)))"; - + if (*pattern) { result = xmalloc (sizeof *result + strlen (format) + 3 * strlen (pattern)); result->next = NULL; - result->flags = 0; + result->flags = 0; sprintf (result->d, format, pattern, pattern, pattern); } } break; } - + return result; } @@ -396,9 +396,9 @@ escape4url (const char *string) for (s=string,n=0; *s; s++) if (strchr (UNENCODED_URL_CHARS, *s)) n++; - else + else n += 3; - + buf = malloc (n+1); if (!buf) return NULL; @@ -406,7 +406,7 @@ escape4url (const char *string) for (s=string,p=buf; *s; s++) if (strchr (UNENCODED_URL_CHARS, *s)) *p++ = *s; - else + else { sprintf (p, "%%%02X", *(const unsigned char *)s); p += 3; @@ -454,7 +454,7 @@ make_url (char **url, const char *dn, const char *filter) xfree (u_filter); return err; } - + stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (*url, "ldap:///"), u_dn), "?"), @@ -528,7 +528,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, int argc; char portbuf[30], timeoutbuf[30]; - + *context = NULL; if (server) { @@ -640,7 +640,7 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count) { gpg_error_t err; size_t nread; - + while (count) { err = ksba_reader_read (reader, buffer, count, &nread); @@ -681,14 +681,14 @@ fetch_next_cert_ldap (cert_fetch_context_t context, if (*hdr == 'V' && okay) { #if 0 /* That code is not yet ready. */ - + if (is_cms) { /* The certificate needs to be parsed from CMS data. */ ksba_cms_t cms; ksba_stop_reason_t stopreason; int i; - + err = ksba_cms_new (&cms); if (err) goto leave; @@ -700,7 +700,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context, goto leave; } - do + do { err = ksba_cms_parse (cms, &stopreason); if (err) @@ -714,12 +714,12 @@ fetch_next_cert_ldap (cert_fetch_context_t context, log_error ("userSMIMECertificate is not " "a certs-only message\n"); } - while (stopreason != KSBA_SR_READY); - + while (stopreason != KSBA_SR_READY); + for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++) { check_and_store (ctrl, stats, cert, 0); - ksba_cert_release (cert); + ksba_cert_release (cert); cert = NULL; } if (!i) @@ -733,7 +733,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context, *value = xtrymalloc (n); if (!*value) return gpg_error_from_errno (errno); - *valuelen = n; + *valuelen = n; err = read_buffer (context->reader, *value, n); break; /* Ready or error. */ } @@ -750,7 +750,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context, if (!context->tmpbuf) return gpg_error_from_errno (errno); context->tmpbufsize = n; - } + } err = read_buffer (context->reader, context->tmpbuf, n); if (err) break; diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c index da702ec52..20a574cb6 100644 --- a/dirmngr/ldapserver.c +++ b/dirmngr/ldapserver.c @@ -1,18 +1,18 @@ /* dirmngr.c - LDAP access Copyright (C) 2008 g10 Code GmbH - + This file is part of DirMngr. - + DirMngr is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + DirMngr is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA @@ -52,7 +52,7 @@ ldapserver_list_free (ldap_server_t servers) 1. field: Hostname 2. field: Portnumber - 3. field: Username + 3. field: Username 4. field: Password 5. field: Base DN @@ -88,39 +88,39 @@ ldapserver_parse_one (char *line, fail = 1; } break; - + case 2: if (*p) server->port = atoi (p); break; - + case 3: if (*p) server->user = xstrdup (p); break; - + case 4: if (*p && !server->user) { - log_error (_("%s:%u: password given without user\n"), + log_error (_("%s:%u: password given without user\n"), filename, lineno); fail = 1; } else if (*p) server->pass = xstrdup (p); break; - + case 5: if (*p) server->base = xstrdup (p); break; - + default: /* (We silently ignore extra fields.) */ break; } } - + if (fail) { log_info (_("%s:%u: skipping this line\n"), filename, lineno); @@ -129,5 +129,3 @@ ldapserver_parse_one (char *line, return server; } - - diff --git a/dirmngr/ldapserver.h b/dirmngr/ldapserver.h index 6e5f163f4..8056e6789 100644 --- a/dirmngr/ldapserver.h +++ b/dirmngr/ldapserver.h @@ -2,17 +2,17 @@ Copyright (C) 2008 g10 Code GmbH This file is part of DirMngr. - + DirMngr is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + DirMngr is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>. */ @@ -32,7 +32,7 @@ void ldapserver_list_free (ldap_server_t servers); 1. field: Hostname 2. field: Portnumber - 3. field: Username + 3. field: Username 4. field: Password 5. field: Base DN diff --git a/dirmngr/misc.c b/dirmngr/misc.c index 3d33bee58..82b694998 100644 --- a/dirmngr/misc.c +++ b/dirmngr/misc.c @@ -54,7 +54,7 @@ unhexify (unsigned char *result, const char *string) } -char* +char* hashify_data( const char* data, size_t len ) { unsigned char buf[20]; @@ -62,7 +62,7 @@ hashify_data( const char* data, size_t len ) return hexify_data( buf, 20 ); } -char* +char* hexify_data( const unsigned char* data, size_t len ) { int i; @@ -136,7 +136,7 @@ unpercent_string (char *string) while (*s) { if (*s == '%' && s[1] && s[2]) - { + { s++; *d++ = xtoi_2 ( s); s += 2; @@ -144,7 +144,7 @@ unpercent_string (char *string) else *d++ = *s++; } - *d = 0; + *d = 0; return string; } @@ -159,7 +159,7 @@ canon_sexp_to_gcry (const unsigned char *canon, gcry_sexp_t *r_sexp) *r_sexp = NULL; n = gcry_sexp_canon_len (canon, 0, NULL, NULL); - if (!n) + if (!n) { log_error (_("invalid canonical S-expression found\n")); err = gpg_error (GPG_ERR_INV_SEXP); @@ -284,7 +284,7 @@ dump_string (const char *string) /* Dump an KSBA cert object to the log stream. Prefix the output with TEXT. This is used for debugging. */ -void +void dump_cert (const char *text, ksba_cert_t cert) { ksba_sexp_t sexp; @@ -314,7 +314,7 @@ dump_cert (const char *text, ksba_cert_t cert) dump_string (p); ksba_free (p); log_printf ("\n"); - + p = ksba_cert_get_subject (cert, 0); log_debug (" subject: "); dump_string (p); @@ -334,7 +334,7 @@ dump_cert (const char *text, ksba_cert_t cert) /* Log the certificate's name in "#SN/ISSUERDN" format along with TEXT. */ -void +void cert_log_name (const char *text, ksba_cert_t cert) { log_info ("%s", text? text:"certificate" ); @@ -362,7 +362,7 @@ cert_log_name (const char *text, ksba_cert_t cert) /* Log the certificate's subject DN along with TEXT. */ -void +void cert_log_subject (const char *text, ksba_cert_t cert) { log_info ("%s", text? text:"subject" ); @@ -491,7 +491,7 @@ my_estream_ksba_reader_cb (void *cb_value, char *buffer, size_t count, size_t *r_nread) { estream_t fp = cb_value; - + if (!fp) return gpg_error (GPG_ERR_INV_VALUE); diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index ec727f014..e7a1f747f 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -39,7 +39,7 @@ static const char oidstr_ocsp[] = "1.3.6.1.5.5.7.48.1"; -/* Telesec attribute used to implement a positive confirmation. +/* Telesec attribute used to implement a positive confirmation. CertHash ::= SEQUENCE { HashAlgorithm AlgorithmIdentifier, @@ -177,7 +177,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, es_fprintf (http_get_write_ptr (http), "Content-Type: application/ocsp-request\r\n" - "Content-Length: %lu\r\n", + "Content-Length: %lu\r\n", (unsigned long)requestlen ); http_start_data (http); if (es_fwrite (request, requestlen, 1, http_get_write_ptr (http)) != 1) @@ -206,7 +206,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, case 302: { const char *s = http_get_header (http, "Location"); - + log_info (_("URL `%s' redirected to `%s' (%u)\n"), url, s?s:"[none]", http_get_status_code (http)); if (s && *s && redirects_left-- ) @@ -264,13 +264,13 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, switch (response_status) { case KSBA_OCSP_RSPSTATUS_SUCCESS: t = "success"; break; - case KSBA_OCSP_RSPSTATUS_MALFORMED: t = "malformed"; break; - case KSBA_OCSP_RSPSTATUS_INTERNAL: t = "internal error"; break; - case KSBA_OCSP_RSPSTATUS_TRYLATER: t = "try later"; break; - case KSBA_OCSP_RSPSTATUS_SIGREQUIRED: t = "must sign request"; break; - case KSBA_OCSP_RSPSTATUS_UNAUTHORIZED: t = "unauthorized"; break; - case KSBA_OCSP_RSPSTATUS_REPLAYED: t = "replay detected"; break; - case KSBA_OCSP_RSPSTATUS_OTHER: t = "other (unknown)"; break; + case KSBA_OCSP_RSPSTATUS_MALFORMED: t = "malformed"; break; + case KSBA_OCSP_RSPSTATUS_INTERNAL: t = "internal error"; break; + case KSBA_OCSP_RSPSTATUS_TRYLATER: t = "try later"; break; + case KSBA_OCSP_RSPSTATUS_SIGREQUIRED: t = "must sign request"; break; + case KSBA_OCSP_RSPSTATUS_UNAUTHORIZED: t = "unauthorized"; break; + case KSBA_OCSP_RSPSTATUS_REPLAYED: t = "replay detected"; break; + case KSBA_OCSP_RSPSTATUS_OTHER: t = "other (unknown)"; break; case KSBA_OCSP_RSPSTATUS_NONE: t = "no status"; break; default: t = "[unknown status]"; break; } @@ -280,7 +280,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, log_info (_("OCSP responder at `%s' status: %s\n"), url, t); err = ksba_ocsp_hash_response (ocsp, response, responselen, - HASH_FNC, md); + HASH_FNC, md); if (err) log_error (_("hashing the OCSP response for `%s' failed: %s\n"), url, gpg_strerror (err)); @@ -301,7 +301,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, SIGNER_FPR_LIST is not NULL we simply check that CERT matches one of the fingerprints in this list. */ static gpg_error_t -validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert, +validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert, fingerprint_list_t signer_fpr_list) { gpg_error_t err; @@ -310,7 +310,7 @@ validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert, if (signer_fpr_list) { fpr = get_fingerprint_hexstring (cert); - for (; signer_fpr_list && strcmp (signer_fpr_list->hexfpr, fpr); + for (; signer_fpr_list && strcmp (signer_fpr_list->hexfpr, fpr); signer_fpr_list = signer_fpr_list->next) ; if (signer_fpr_list) @@ -409,10 +409,10 @@ check_signature (ctrl_t ctrl, log_error (_("only SHA-1 is supported for OCSP responses\n")); return gpg_error (GPG_ERR_DIGEST_ALGO); } - err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash sha1 %b))", + err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash sha1 %b))", gcry_md_get_algo_dlen (algo), gcry_md_read (md, algo)); - if (err) + if (err) { log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err)); return err; @@ -546,7 +546,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, err = find_issuing_cert (ctrl, cert, &issuer_cert); if (err) { - log_error (_("issuer certificate not found: %s\n"), + log_error (_("issuer certificate not found: %s\n"), gpg_strerror (err)); goto leave; } @@ -580,7 +580,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, - /* Figure out the OCSP responder to use. + /* Figure out the OCSP responder to use. 1. Try to get the reponder from the certificate. We do only take http and https style URIs into account. 2. If this fails use the default responder, if any. @@ -606,10 +606,10 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, ksba_free (oid); } if (err && gpg_err_code (err) != GPG_ERR_EOF) - { + { log_error (_("can't get authorityInfoAccess: %s\n"), gpg_strerror (err)); goto leave; - } + } if (!url) { if (!opt.ocsp_responder || !*opt.ocsp_responder) @@ -684,14 +684,14 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, if (err) { log_error ("set_user_data(validated_at) failed: %s\n", - gpg_strerror (err)); + gpg_strerror (err)); err = 0; /* The certificate is anyway revoked, and that is a more important message than the failure of our cache. */ } } - + if (opt.verbose) { log_info (_("certificate status is: %s (this=%s next=%s)\n"), @@ -710,9 +710,9 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, "affiliation changed": reason == KSBA_CRLREASON_SUPERSEDED? "superseeded": reason == KSBA_CRLREASON_CESSATION_OF_OPERATION? - "cessation of operation": + "cessation of operation": reason == KSBA_CRLREASON_CERTIFICATE_HOLD? - "certificate on hold": + "certificate on hold": reason == KSBA_CRLREASON_REMOVE_FROM_CRL? "removed from CRL": reason == KSBA_CRLREASON_PRIVILEGE_WITHDRAWN? @@ -749,7 +749,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, if (!*tmp_time || strcmp (tmp_time, current_time) < 0 ) { log_error (_("OCSP responder returned a non-current status\n")); - log_info ("used now: %s this_update: %s\n", + log_info ("used now: %s this_update: %s\n", current_time, this_update); if (!err) err = gpg_error (GPG_ERR_TIME_CONFLICT); @@ -764,7 +764,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, if (!*tmp_time && strcmp (tmp_time, current_time) < 0 ) { log_error (_("OCSP responder returned an too old status\n")); - log_info ("used now: %s next_update: %s\n", + log_info ("used now: %s next_update: %s\n", current_time, next_update); if (!err) err = gpg_error (GPG_ERR_TIME_CONFLICT); diff --git a/dirmngr/server.c b/dirmngr/server.c index fc7b22989..86b21b67b 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -60,7 +60,7 @@ /* Control structure per connection. */ -struct server_local_s +struct server_local_s { /* Data used to associate an Assuan context with local server data */ assuan_context_t assuan_ctx; @@ -266,11 +266,11 @@ skip_options (char *line) /* Common code for get_cert_local and get_issuer_cert_local. */ -static ksba_cert_t +static ksba_cert_t do_get_cert_local (ctrl_t ctrl, const char *name, const char *command) { unsigned char *value; - size_t valuelen; + size_t valuelen; int rc; char *buf; ksba_cert_t cert; @@ -292,7 +292,7 @@ do_get_cert_local (ctrl_t ctrl, const char *name, const char *command) command, gpg_strerror (rc)); return NULL; } - + if (!valuelen) { xfree (value); @@ -321,7 +321,7 @@ do_get_cert_local (ctrl_t ctrl, const char *name, const char *command) return the current target certificate. Either return the certificate in a KSBA object or NULL if it is not available. */ -ksba_cert_t +ksba_cert_t get_cert_local (ctrl_t ctrl, const char *name) { if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx) @@ -333,15 +333,15 @@ get_cert_local (ctrl_t ctrl, const char *name) return do_get_cert_local (ctrl, name, "SENDCERT"); } - + /* Ask back to return the issuing certificate for name, given as a regular gpgsm certificate indentificates (e.g. fingerprint or one of the other methods). Alternatively, NULL may be used for NAME to return thecurrent target certificate. Either return the certificate in a KSBA object or NULL if it is not available. - + */ -ksba_cert_t +ksba_cert_t get_issuing_cert_local (ctrl_t ctrl, const char *name) { if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx) @@ -355,11 +355,11 @@ get_issuing_cert_local (ctrl_t ctrl, const char *name) /* Ask back to return a certificate with subject NAME and a subjectKeyIdentifier of KEYID. */ -ksba_cert_t +ksba_cert_t get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid) { unsigned char *value; - size_t valuelen; + size_t valuelen; int rc; char *buf; ksba_cert_t cert; @@ -404,7 +404,7 @@ get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid) gpg_strerror (rc)); return NULL; } - + if (!valuelen) { xfree (value); @@ -433,14 +433,14 @@ gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr) { unsigned char *value; - size_t valuelen; + size_t valuelen; int rc; char request[100]; if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx || !hexfpr) return gpg_error (GPG_ERR_INV_ARG); - + snprintf (request, sizeof request, "ISTRUSTED %s", hexfpr); rc = assuan_inquire (ctrl->server_local->assuan_ctx, request, &value, &valuelen, 100); @@ -472,7 +472,7 @@ inquire_cert_and_load_crl (assuan_context_t ctx) ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; unsigned char *value = NULL; - size_t valuelen; + size_t valuelen; ksba_cert_t cert = NULL; err = assuan_inquire( ctx, "SENDCERT", &value, &valuelen, 0); @@ -528,7 +528,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) return 0; } -static const char hlp_ldapserver[] = +static const char hlp_ldapserver[] = "LDAPSERVER <data>\n" "\n" "Add a new LDAP server to the list of configured LDAP servers.\n" @@ -557,7 +557,7 @@ cmd_ldapserver (assuan_context_t ctx, char *line) } -static const char hlp_isvalid[] = +static const char hlp_isvalid[] = "ISVALID [--only-ocsp] [--force-default-responder]" " <certificate_id>|<certificate_fpr>\n" "\n" @@ -590,7 +590,7 @@ cmd_isvalid (assuan_context_t ctx, char *line) int ocsp_mode = 0; int only_ocsp; int force_default_responder; - + only_ocsp = has_option (line, "--only-ocsp"); force_default_responder = has_option (line, "--force-default-responder"); line = skip_options (line); @@ -636,7 +636,7 @@ cmd_isvalid (assuan_context_t ctx, char *line) } else if (only_ocsp) err = gpg_error (GPG_ERR_NO_CRL_KNOWN); - else + else { switch (crl_cache_isvalid (ctrl, issuerhash, serialno, @@ -648,7 +648,7 @@ cmd_isvalid (assuan_context_t ctx, char *line) case CRL_CACHE_INVALID: err = gpg_error (GPG_ERR_CERT_REVOKED); break; - case CRL_CACHE_DONTKNOW: + case CRL_CACHE_DONTKNOW: if (did_inquire) err = gpg_error (GPG_ERR_NO_CRL_KNOWN); else if (!(err = inquire_cert_and_load_crl (ctx))) @@ -657,7 +657,7 @@ cmd_isvalid (assuan_context_t ctx, char *line) goto again; } break; - case CRL_CACHE_CANTUSE: + case CRL_CACHE_CANTUSE: err = gpg_error (GPG_ERR_NO_CRL_KNOWN); break; default: @@ -675,7 +675,7 @@ cmd_isvalid (assuan_context_t ctx, char *line) fingerprint consists of valid characters and prints and error message if it does not and returns NULL. Fingerprints are considered optional and thus no explicit error is returned. NULL is - also returned if there is no fingerprint at all available. + also returned if there is no fingerprint at all available. FPR must be a caller provided buffer of at least 20 bytes. Note that colons within the fingerprint are allowed to separate 2 @@ -707,7 +707,7 @@ get_fingerprint_from_line (const char *line, unsigned char *fpr) -static const char hlp_checkcrl[] = +static const char hlp_checkcrl[] = "CHECKCRL [<fingerprint>]\n" "\n" "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n" @@ -737,14 +737,14 @@ cmd_checkcrl (assuan_context_t ctx, char *line) fpr = get_fingerprint_from_line (line, fprbuffer); cert = fpr? get_cert_byfpr (fpr) : NULL; - + if (!cert) { /* We do not have this certificate yet or the fingerprint has not been given. Inquire it from the client. */ unsigned char *value = NULL; - size_t valuelen; - + size_t valuelen; + err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT", &value, &valuelen, MAX_CERT_LENGTH); if (err) @@ -752,7 +752,7 @@ cmd_checkcrl (assuan_context_t ctx, char *line) log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } - + if (!valuelen) /* No data returned; return a comprehensible error. */ err = gpg_error (GPG_ERR_MISSING_CERT); else @@ -782,7 +782,7 @@ cmd_checkcrl (assuan_context_t ctx, char *line) } -static const char hlp_checkocsp[] = +static const char hlp_checkocsp[] = "CHECKOCSP [--force-default-responder] [<fingerprint>]\n" "\n" "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n" @@ -817,20 +817,20 @@ cmd_checkocsp (assuan_context_t ctx, char *line) unsigned char fprbuffer[20], *fpr; ksba_cert_t cert; int force_default_responder; - + force_default_responder = has_option (line, "--force-default-responder"); line = skip_options (line); fpr = get_fingerprint_from_line (line, fprbuffer); cert = fpr? get_cert_byfpr (fpr) : NULL; - + if (!cert) { /* We do not have this certificate yet or the fingerprint has not been given. Inquire it from the client. */ unsigned char *value = NULL; - size_t valuelen; - + size_t valuelen; + err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT", &value, &valuelen, MAX_CERT_LENGTH); if (err) @@ -838,7 +838,7 @@ cmd_checkocsp (assuan_context_t ctx, char *line) log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } - + if (!valuelen) /* No data returned; return a comprehensible error. */ err = gpg_error (GPG_ERR_MISSING_CERT); else @@ -872,7 +872,7 @@ lookup_cert_by_url (assuan_context_t ctx, const char *url) ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; unsigned char *value = NULL; - size_t valuelen; + size_t valuelen; /* Fetch single certificate given it's URL. */ err = fetch_cert_by_url (ctrl, url, &value, &valuelen); @@ -883,12 +883,12 @@ lookup_cert_by_url (assuan_context_t ctx, const char *url) } /* Send the data, flush the buffer and then send an END. */ - err = assuan_send_data (ctx, value, valuelen); + err = assuan_send_data (ctx, value, valuelen); if (!err) err = assuan_send_data (ctx, NULL, 0); if (!err) err = assuan_write_line (ctx, "END"); - if (err) + if (err) { log_error (_("error sending data: %s\n"), gpg_strerror (err)); goto leave; @@ -914,13 +914,13 @@ return_one_cert (void *opaque, ksba_cert_t cert) err = gpg_error (GPG_ERR_INV_CERT_OBJ); else { - err = assuan_send_data (ctx, der, derlen); + err = assuan_send_data (ctx, der, derlen); if (!err) err = assuan_send_data (ctx, NULL, 0); if (!err) err = assuan_write_line (ctx, "END"); } - if (err) + if (err) log_error (_("error sending data: %s\n"), gpg_strerror (err)); return err; } @@ -929,7 +929,7 @@ return_one_cert (void *opaque, ksba_cert_t cert) /* Lookup certificates from the internal cache or using the ldap servers. */ static int -lookup_cert_by_pattern (assuan_context_t ctx, char *line, +lookup_cert_by_pattern (assuan_context_t ctx, char *line, int single, int cache_only) { ctrl_t ctrl = assuan_get_pointer (ctx); @@ -940,7 +940,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line, int count = 0; int local_count = 0; unsigned char *value = NULL; - size_t valuelen; + size_t valuelen; struct ldapserver_iter ldapserver_iter; cert_fetch_context_t fetch_context; int any_no_data = 0; @@ -950,7 +950,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line, { while (*p && *p != ' ') p++; - if (*p) + if (*p) *p++ = 0; if (*line) @@ -980,7 +980,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line, if (!err) local_count++; if (!err && single) - goto ready; + goto ready; if (gpg_err_code (err) == GPG_ERR_NO_DATA) { @@ -1007,9 +1007,9 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line, ldapserver_iter_next (&ldapserver_iter)) { ldap_server_t ldapserver = ldapserver_iter.server; - + if (DBG_LOOKUP) - log_debug ("cmd_lookup: trying %s:%d base=%s\n", + log_debug ("cmd_lookup: trying %s:%d base=%s\n", ldapserver->host, ldapserver->port, ldapserver->base?ldapserver->base : "[default]"); @@ -1063,25 +1063,25 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line, end_cert_fetch (fetch_context); goto leave; } - + if (DBG_LOOKUP) log_debug ("cmd_lookup: returning one cert%s\n", truncated? " (truncated)":""); - + /* Send the data, flush the buffer and then send an END line as a certificate delimiter. */ - err = assuan_send_data (ctx, value, valuelen); + err = assuan_send_data (ctx, value, valuelen); if (!err) err = assuan_send_data (ctx, NULL, 0); if (!err) err = assuan_write_line (ctx, "END"); - if (err) + if (err) { log_error (_("error sending data: %s\n"), gpg_strerror (err)); end_cert_fetch (fetch_context); goto leave; } - + if (++count >= opt.max_replies ) { truncation_forced = 1; @@ -1100,7 +1100,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line, char str[50]; sprintf (str, "%d", count); - assuan_write_status (ctx, "TRUNCATED", str); + assuan_write_status (ctx, "TRUNCATED", str); } if (!err && !count && !local_count && any_no_data) @@ -1112,7 +1112,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line, } -static const char hlp_lookup[] = +static const char hlp_lookup[] = "LOOKUP [--url] [--single] [--cache-only] <pattern>\n" "\n" "Lookup certificates matching PATTERN. With --url the pattern is\n" @@ -1186,7 +1186,7 @@ cmd_loadcrl (assuan_context_t ctx, char *line) line, gpg_strerror (err)); else { - err = crl_cache_insert (ctrl, line, reader); + err = crl_cache_insert (ctrl, line, reader); if (err) log_error (_("processing CRL from `%s' failed: %s\n"), line, gpg_strerror (err)); @@ -1239,7 +1239,7 @@ cmd_listcrls (assuan_context_t ctx, char *line) } -static const char hlp_cachecert[] = +static const char hlp_cachecert[] = "CACHECERT\n" "\n" "Put a certificate into the internal cache. This command might be\n" @@ -1259,10 +1259,10 @@ cmd_cachecert (assuan_context_t ctx, char *line) gpg_error_t err; ksba_cert_t cert = NULL; unsigned char *value = NULL; - size_t valuelen; + size_t valuelen; (void)line; - + err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT", &value, &valuelen, MAX_CERT_LENGTH); if (err) @@ -1270,7 +1270,7 @@ cmd_cachecert (assuan_context_t ctx, char *line) log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } - + if (!valuelen) /* No data returned; return a comprehensible error. */ err = gpg_error (GPG_ERR_MISSING_CERT); else @@ -1310,10 +1310,10 @@ cmd_validate (assuan_context_t ctx, char *line) gpg_error_t err; ksba_cert_t cert = NULL; unsigned char *value = NULL; - size_t valuelen; + size_t valuelen; (void)line; - + err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT", &value, &valuelen, MAX_CERT_LENGTH); if (err) @@ -1321,7 +1321,7 @@ cmd_validate (assuan_context_t ctx, char *line) log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } - + if (!valuelen) /* No data returned; return a comprehensible error. */ err = gpg_error (GPG_ERR_MISSING_CERT); else @@ -1337,7 +1337,7 @@ cmd_validate (assuan_context_t ctx, char *line) /* If we have this certificate already in our cache, use the cached version for validation because this will take care of any cached results. */ - { + { unsigned char fpr[20]; ksba_cert_t tmpcert; @@ -1377,7 +1377,7 @@ cmd_keyserver (assuan_context_t ctx, char *line) int clear_flag, add_flag; uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it is always initialized. */ - + clear_flag = has_option (line, "--clear"); line = skip_options (line); add_flag = !!*line; @@ -1408,11 +1408,11 @@ cmd_keyserver (assuan_context_t ctx, char *line) item->next = ctrl->keyservers; ctrl->keyservers = item; } - + if (!add_flag && !clear_flag) /* List configured keyservers. */ { uri_item_t u; - + for (u=ctrl->keyservers; u; u = u->next) dirmngr_status (ctrl, "KEYSERVER", u->uri, NULL); } @@ -1563,7 +1563,7 @@ cmd_ks_put (assuan_context_t ctx, char *line) ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; unsigned char *value = NULL; - size_t valuelen; + size_t valuelen; unsigned char *info = NULL; size_t infolen; @@ -1578,7 +1578,7 @@ cmd_ks_put (assuan_context_t ctx, char *line) log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err)); goto leave; } - + if (!valuelen) /* No data returned; return a comprehensible error. */ { err = gpg_error (GPG_ERR_MISSING_CERT); @@ -1597,7 +1597,7 @@ cmd_ks_put (assuan_context_t ctx, char *line) /* Send the key. */ err = ks_action_put (ctrl, value, valuelen); - + leave: xfree (info); xfree (value); @@ -1607,7 +1607,7 @@ cmd_ks_put (assuan_context_t ctx, char *line) -static const char hlp_getinfo[] = +static const char hlp_getinfo[] = "GETINFO <what>\n" "\n" "Multi purpose command to return certain information. \n" @@ -1662,7 +1662,7 @@ cmd_killdirmngr (assuan_context_t ctx, char *line) ctrl_t ctrl = assuan_get_pointer (ctx); (void)line; - + if (opt.system_daemon) { if (opt.system_service) @@ -1795,7 +1795,7 @@ start_command_handler (assuan_fd_t fd) xfree (ctrl); return; } - + dirmngr_init_default_ctrl (ctrl); rc = assuan_new (&ctx); @@ -1809,7 +1809,7 @@ start_command_handler (assuan_fd_t fd) if (fd == ASSUAN_INVALID_FD) { assuan_fd_t filedes[2]; - + filedes[0] = assuan_fdopen (0); filedes[1] = assuan_fdopen (1); rc = assuan_init_pipe_server (ctx, filedes); @@ -1863,7 +1863,7 @@ start_command_handler (assuan_fd_t fd) assuan_register_option_handler (ctx, option_handler); assuan_register_reset_notify (ctx, reset_notify); - for (;;) + for (;;) { rc = assuan_accept (ctx); if (rc == -1) @@ -1893,7 +1893,7 @@ start_command_handler (assuan_fd_t fd) continue; } } - + ldap_wrapper_connection_cleanup (ctrl); ldapserver_list_free (ctrl->server_local->ldapservers); @@ -1934,8 +1934,8 @@ dirmngr_status (ctrl_t ctrl, const char *keyword, ...) assuan_context_t ctx = ctrl->server_local->assuan_ctx; char buf[950], *p; size_t n; - - p = buf; + + p = buf; n = 0; while ( (text = va_arg (arg_ptr, const char *)) ) { diff --git a/dirmngr/validate.c b/dirmngr/validate.c index de7443e11..8197d0d82 100644 --- a/dirmngr/validate.c +++ b/dirmngr/validate.c @@ -113,7 +113,7 @@ unknown_criticals (ksba_cert_t cert) rc = err; /* Such an error takes precendence. */ return rc; -} +} /* Basic check for supported policies. */ @@ -147,7 +147,7 @@ check_cert_policy (ksba_cert_t cert) any_critical = !!strstr (policies, ":C"); /* See whether we find ALLOWED (which is an OID) in POLICIES */ - for (idx=0; allowed[idx]; idx++) + for (idx=0; allowed[idx]; idx++) { for (haystack=policies; (p=strstr (haystack, allowed[idx])); haystack = p+1) @@ -161,7 +161,7 @@ check_cert_policy (ksba_cert_t cert) return 0; } } - + if (!any_critical) { log_info (_("note: non-critical certificate policy not allowed")); @@ -243,9 +243,9 @@ check_revocations (ctrl_t ctrl, chain_item_t chain) certificates in case they have been revoked. */ if (opt.verbose) cert_log_name (_("not checking CRL for"), ci->cert); - continue; + continue; } - + if (opt.verbose) cert_log_name (_("checking CRL for"), ci->cert); err = crl_cache_cert_isvalid (ctrl, ci->cert, 0); @@ -324,20 +324,20 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn) that is the case this is a root certificate. */ ak_name_str = ksba_name_enum (ak_name, 0); if (ak_name_str - && !strcmp (ak_name_str, issuerdn) + && !strcmp (ak_name_str, issuerdn) && !cmp_simple_canon_sexp (ak_sn, serialno)) { result = 1; /* Right, CERT is self-signed. */ goto leave; - } - + } + /* Similar for the ak_keyid. */ if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid) && !cmp_simple_canon_sexp (ak_keyid, subj_keyid)) { result = 1; /* Right, CERT is self-signed. */ goto leave; - } + } leave: @@ -346,13 +346,13 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn) ksba_name_release (ak_name); ksba_free (ak_sn); ksba_free (serialno); - return result; + return result; } /* Validate the certificate CHAIN up to the trust anchor. Optionally return the closest expiration time in R_EXPTIME (this is useful for - caching issues). MODE is one of the VALIDATE_MODE_* constants. + caching issues). MODE is one of the VALIDATE_MODE_* constants. If R_TRUST_ANCHOR is not NULL and the validation would fail only because the root certificate is not trusted, the hexified @@ -392,7 +392,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, if (DBG_X509) dump_cert ("subject", cert); - + /* May the target certificate be used for this purpose? */ switch (mode) { @@ -417,8 +417,8 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, { size_t buflen; time_t validated_at; - - err = ksba_cert_get_user_data (cert, "validated_at", + + err = ksba_cert_get_user_data (cert, "validated_at", &validated_at, sizeof (validated_at), &buflen); if (err || buflen != sizeof (validated_at) || !validated_at) @@ -462,7 +462,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, } /* Handle the notBefore and notAfter timestamps. */ - { + { ksba_isotime_t not_before, not_after; err = ksba_cert_get_validity (subject_cert, 0, not_before); @@ -494,7 +494,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, log_printf (")\n"); err = gpg_error (GPG_ERR_CERT_TOO_YOUNG); goto leave; - } + } /* Now check whether the certificate has expired. */ if (*not_after && strcmp (current_time, not_after) > 0 ) @@ -504,7 +504,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, dump_isotime (not_after); log_printf (")\n"); any_expired = 1; - } + } } /* Do we have any critical extensions in the certificate we @@ -518,14 +518,14 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, if (gpg_err_code (err) == GPG_ERR_NO_POLICY_MATCH) { any_no_policy_match = 1; - err = 0; + err = 0; } else if (err) goto leave; /* Is this a self-signed certificate? */ if (is_root_cert ( subject_cert, issuer, subject)) - { + { /* Yes, this is our trust anchor. */ if (check_cert_sig (subject_cert, subject_cert) ) { @@ -539,7 +539,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, err = allowed_ca (subject_cert, NULL); if (err) goto leave; /* No. */ - + err = is_trusted_cert (subject_cert); if (!err) ; /* Yes we trust this cert. */ @@ -560,7 +560,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, else xfree (fpr); } - else + else { log_error (_("checking trustworthiness of " "root certificate failed: %s\n"), @@ -572,7 +572,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, /* Prepend the certificate to our list. */ { chain_item_t ci; - + ci = xtrycalloc (1, sizeof *ci); if (!ci) { @@ -666,7 +666,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, { do_list (0, lm, fp, _("found another possible matching " "CA certificate - trying again")); - ksba_cert_release (issuer_cert); + ksba_cert_release (issuer_cert); issuer_cert = tmp_cert; goto try_another_cert; } @@ -700,7 +700,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, err = cert_use_cert_p (issuer_cert); if (err) goto leave; /* No. */ - + /* Prepend the certificate to our list. */ { chain_item_t ci; @@ -743,10 +743,10 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, for (citem = chain; citem; citem = citem->next) cert_log_name (" certificate", citem->cert); } - + if (!err && mode != VALIDATE_MODE_CRL) { /* Now that everything is fine, walk the chain and check each - certificate for revocations. + certificate for revocations. 1. item in the chain - The root certificate. 2. item - the CA below the root @@ -772,7 +772,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, else if (err && opt.verbose) log_info ("target certificate is NOT valid\n"); - + leave: if (!err && !(r_trust_anchor && *r_trust_anchor)) { @@ -792,7 +792,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, if (err) { log_error ("set_user_data(validated_at) failed: %s\n", - gpg_strerror (err)); + gpg_strerror (err)); err = 0; } } @@ -885,7 +885,7 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) s = gcry_md_algo_name (algo); for (i=0; *s && i < sizeof algo_name - 1; s++, i++) algo_name[i] = tolower (*s); - algo_name[i] = 0; + algo_name[i] = 0; err = gcry_md_open (&md, algo, 0); if (err) @@ -984,9 +984,9 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) if ( gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))", algo_name, (int)digestlen, digest) ) BUG (); - + } - + err = gcry_pk_verify (s_sig, s_hash, s_pkey); if (DBG_X509) log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err)); @@ -1052,7 +1052,7 @@ cert_usage_p (ksba_cert_t cert, int mode) extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE | KSBA_KEYUSAGE_NON_REPUDIATION); } - + /* This is a hack to cope with OCSP. Note that we do not yet fully comply with the requirements and that the entire CRL/OCSP checking thing should undergo a @@ -1065,7 +1065,7 @@ cert_usage_p (ksba_cert_t cert, int mode) } ksba_free (extkeyusages); extkeyusages = NULL; - + if (!any_critical) extusemask = ~0; /* Reset to the don't care mask. */ } @@ -1085,12 +1085,12 @@ cert_usage_p (ksba_cert_t cert, int mode) } if (err) - { + { log_error (_("error getting key usage information: %s\n"), gpg_strerror (err)); ksba_free (extkeyusages); return err; - } + } if (mode == 4) { @@ -1103,7 +1103,7 @@ cert_usage_p (ksba_cert_t cert, int mode) if (mode == 5) { - if (use != ~0 + if (use != ~0 && (have_ocsp_signing || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN |KSBA_KEYUSAGE_CRL_SIGN)))) @@ -1157,4 +1157,3 @@ cert_use_crl_p (ksba_cert_t cert) { return cert_usage_p (cert, 6); } - diff --git a/dirmngr/w32-ldap-help.h b/dirmngr/w32-ldap-help.h index 7efa299bc..80668d935 100644 --- a/dirmngr/w32-ldap-help.h +++ b/dirmngr/w32-ldap-help.h @@ -1,5 +1,5 @@ /* w32-ldap-help.h - Map utf8 based API into a wchar_t API. - o* Copyright (C) 2010 Free Software Foundation, Inc. + * Copyright (C) 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -72,7 +72,7 @@ _dirmngr_ldap_search_st (LDAP *ld, const char *base, ULONG scope, wchar_t **wattrs = NULL; int i; - if (base) + if (base) { wbase = utf8_to_wchar (base); if (!wbase) @@ -149,7 +149,7 @@ _dirmngr_ldap_get_values_len (LDAP *ld, LDAPMessage *msg, const char *attr) { BerValue **ret; wchar_t *wattr; - + if (attr) { wattr = utf8_to_wchar (attr); |