aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr
diff options
context:
space:
mode:
Diffstat (limited to 'dirmngr')
-rw-r--r--dirmngr/certcache.c3
-rw-r--r--dirmngr/crlfetch.c16
-rw-r--r--dirmngr/dirmngr-client.c18
-rw-r--r--dirmngr/dirmngr.c25
-rw-r--r--dirmngr/dns-stuff.c1
-rw-r--r--dirmngr/http.c12
-rw-r--r--dirmngr/ks-action.c9
-rw-r--r--dirmngr/ks-engine-ldap.c2
-rw-r--r--dirmngr/ldap-wrapper.c79
-rw-r--r--dirmngr/misc.c14
10 files changed, 99 insertions, 80 deletions
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 6b194f31c..b7b5b3d15 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -100,7 +100,8 @@ static unsigned int any_cert_of_class;
#ifdef HAVE_W32_SYSTEM
-/* We load some functions dynamically. Provide typedefs for tehse
+#include <wincrypt.h>
+/* We load some functions dynamically. Provide typedefs for these
* functions. */
typedef HCERTSTORE (WINAPI *CERTOPENSYSTEMSTORE)
(HCRYPTPROV hProv, LPCSTR szSubsystemProtocol);
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 5b6b648e2..620edf788 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -39,10 +39,10 @@
2008) we need a context in the reader callback. */
struct reader_cb_context_s
{
- estream_t fp; /* The stream used with the ksba reader. */
- int checked:1; /* PEM/binary detection ahs been done. */
- int is_pem:1; /* The file stream is PEM encoded. */
- struct b64state b64state; /* The state used for Base64 decoding. */
+ estream_t fp; /* The stream used with the ksba reader. */
+ unsigned int checked:1; /* PEM/binary detection ahs been done. */
+ unsigned int is_pem:1; /* The file stream is PEM encoded. */
+ gpgrt_b64state_t b64state; /* The state used for Base64 decoding. */
};
@@ -126,14 +126,16 @@ my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread)
else
{
cb_ctx->is_pem = 1;
- b64dec_start (&cb_ctx->b64state, "");
+ cb_ctx->b64state = gpgrt_b64dec_start ("");
+ if (!cb_ctx->b64state)
+ return gpg_error_from_syserror ();
}
}
if (cb_ctx->is_pem && *nread)
{
size_t nread2;
- if (b64dec_proc (&cb_ctx->b64state, buffer, *nread, &nread2))
+ if (gpgrt_b64dec_proc (cb_ctx->b64state, buffer, *nread, &nread2))
{
/* EOF from decoder. */
*nread = 0;
@@ -581,7 +583,7 @@ crl_close_reader (ksba_reader_t reader)
es_fclose (cb_ctx->fp);
/* Release the base64 decoder state. */
if (cb_ctx->is_pem)
- b64dec_finish (&cb_ctx->b64state);
+ gpgrt_b64dec_finish (cb_ctx->b64state);
/* Release the callback context. */
xfree (cb_ctx);
}
diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c
index 3912bf47b..ece4fbcc9 100644
--- a/dirmngr/dirmngr-client.c
+++ b/dirmngr/dirmngr-client.c
@@ -308,7 +308,7 @@ main (int argc, char **argv )
opt.dirmngr_program
? opt.dirmngr_program
: gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR),
- ! cmd_ping,
+ cmd_ping? 0 : ASSHELP_FLAG_AUTOSTART,
opt.verbose,
0,
NULL, NULL);
@@ -441,11 +441,11 @@ static gpg_error_t
data_cb (void *opaque, const void *buffer, size_t length)
{
gpg_error_t err;
- struct b64state *state = opaque;
+ gpgrt_b64state_t state = opaque;
if (buffer)
{
- err = b64enc_write (state, buffer, length);
+ err = gpgrt_b64enc_write (state, buffer, length);
if (err)
log_error (_("error writing base64 encoding: %s\n"),
gpg_strerror (err));
@@ -853,14 +853,14 @@ do_lookup (assuan_context_t ctx, const char *pattern)
gpg_error_t err;
const unsigned char *s;
char *line, *p;
- struct b64state state;
+ gpgrt_b64state_t state;
if (opt.verbose)
log_info (_("looking up '%s'\n"), pattern);
- err = b64enc_start (&state, stdout, NULL);
- if (err)
- return err;
+ state = gpgrt_b64enc_start (es_stdout, NULL);
+ if (!state)
+ return gpg_error_from_syserror ();
line = xmalloc (10 + 6 + 13 + strlen (pattern)*3 + 1);
@@ -885,13 +885,13 @@ do_lookup (assuan_context_t ctx, const char *pattern)
err = assuan_transact (ctx, line,
- data_cb, &state,
+ data_cb, state,
NULL, NULL,
status_cb, NULL);
if (opt.verbose > 1)
log_info ("response of dirmngr: %s\n", err? gpg_strerror (err): "okay");
- err = b64enc_finish (&state);
+ err = gpgrt_b64enc_finish (state);
xfree (line);
return err;
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index f79a0f877..d58a27372 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -394,6 +394,9 @@ static enum
} tor_mode;
+/* Flag indicating that we are in supervised mode. */
+static int is_supervised;
+
/* Counter for the active connections. */
static int active_connections;
@@ -450,9 +453,6 @@ static void handle_connections (assuan_fd_t listen_fd);
static void gpgconf_versions (void);
-/* NPth wrapper function definitions. */
-ASSUAN_SYSTEM_NPTH_IMPL;
-
static const char *
my_strusage( int level )
{
@@ -980,7 +980,6 @@ static void
thread_init (void)
{
npth_init ();
- assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
/* Now with NPth running we can set the logging callback. Our
@@ -1335,6 +1334,8 @@ main (int argc, char **argv)
if (!opt.quiet)
log_info(_("WARNING: \"%s\" is a deprecated option\n"), "--supervised");
+ is_supervised = 1;
+
/* In supervised mode, we expect file descriptor 3 to be an
already opened, listening socket.
@@ -2233,7 +2234,7 @@ check_nonce (assuan_fd_t fd, assuan_sock_nonce_t *nonce)
if (assuan_sock_check_nonce (fd, nonce))
{
log_info (_("error reading nonce on fd %d: %s\n"),
- FD2INT (fd), strerror (errno));
+ FD_DBG (fd), strerror (errno));
assuan_sock_close (fd);
return -1;
}
@@ -2267,7 +2268,7 @@ start_connection_thread (void *arg)
active_connections++;
if (opt.verbose)
- log_info (_("handler for fd %d started\n"), FD2INT (fd));
+ log_info (_("handler for fd %d started\n"), FD_DBG (fd));
session_id = ++last_session_id;
if (!session_id)
@@ -2275,7 +2276,7 @@ start_connection_thread (void *arg)
start_command_handler (fd, session_id);
if (opt.verbose)
- log_info (_("handler for fd %d terminated\n"), FD2INT (fd));
+ log_info (_("handler for fd %d terminated\n"), FD_DBG (fd));
active_connections--;
workqueue_run_post_session_tasks (session_id);
@@ -2378,7 +2379,7 @@ handle_connections (assuan_fd_t listen_fd)
to full second. */
FD_ZERO (&fdset);
FD_SET (FD2INT (listen_fd), &fdset);
- nfd = FD2INT (listen_fd);
+ nfd = FD2NUM (listen_fd);
if (my_inotify_fd != -1)
{
FD_SET (my_inotify_fd, &fdset);
@@ -2395,7 +2396,7 @@ handle_connections (assuan_fd_t listen_fd)
/* Shutdown test. */
if (shutdown_pending)
{
- if (!active_connections)
+ if (!active_connections || is_supervised)
break; /* ready */
/* Do not accept new connections but keep on running the
@@ -2479,8 +2480,8 @@ handle_connections (assuan_fd_t listen_fd)
gnupg_fd_t fd;
plen = sizeof paddr;
- fd = INT2FD (npth_accept (FD2INT(listen_fd),
- (struct sockaddr *)&paddr, &plen));
+ fd = assuan_sock_accept (listen_fd,
+ (struct sockaddr *)&paddr, &plen);
if (fd == GNUPG_INVALID_FD)
{
log_error ("accept failed: %s\n", strerror (errno));
@@ -2494,7 +2495,7 @@ handle_connections (assuan_fd_t listen_fd)
memset (&argval, 0, sizeof argval);
argval.afd = fd;
snprintf (threadname, sizeof threadname,
- "conn fd=%d", FD2INT(fd));
+ "conn fd=%d", FD_DBG (fd));
ret = npth_create (&thread, &tattr,
start_connection_thread, argval.aptr);
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 0edbc0442..270717215 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -34,6 +34,7 @@
# define WIN32_LEAN_AND_MEAN
# ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
+# include <ws2tcpip.h>
# endif
# include <windows.h>
# include <iphlpapi.h>
diff --git a/dirmngr/http.c b/dirmngr/http.c
index e4c719348..6ae9029be 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -441,7 +441,7 @@ _my_socket_new (int lnr, assuan_fd_t fd)
so->refcount = 1;
if (opt_debug)
log_debug ("http.c:%d:socket_new: object %p for fd %d created\n",
- lnr, so, (int)so->fd);
+ lnr, so, FD_DBG (so->fd));
return so;
}
#define my_socket_new(a) _my_socket_new (__LINE__, (a))
@@ -453,7 +453,7 @@ _my_socket_ref (int lnr, my_socket_t so)
so->refcount++;
if (opt_debug > 1)
log_debug ("http.c:%d:socket_ref: object %p for fd %d refcount now %d\n",
- lnr, so, (int)so->fd, so->refcount);
+ lnr, so, FD_DBG (so->fd), so->refcount);
return so;
}
#define my_socket_ref(a) _my_socket_ref (__LINE__,(a))
@@ -471,7 +471,7 @@ _my_socket_unref (int lnr, my_socket_t so,
so->refcount--;
if (opt_debug > 1)
log_debug ("http.c:%d:socket_unref: object %p for fd %d ref now %d\n",
- lnr, so, (int)so->fd, so->refcount);
+ lnr, so, FD_DBG (so->fd), so->refcount);
if (!so->refcount)
{
@@ -2200,7 +2200,7 @@ run_ntbtls_handshake (http_t hd)
/* Until we support send/recv in estream under Windows we need
* to use es_fopencookie. */
# ifdef HAVE_W32_SYSTEM
- in = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "rb",
+ in = es_fopencookie (hd->sock->fd, "rb",
simple_cookie_functions);
# else
in = es_fdopen_nc (hd->sock->fd, "rb");
@@ -2212,7 +2212,7 @@ run_ntbtls_handshake (http_t hd)
}
# ifdef HAVE_W32_SYSTEM
- out = es_fopencookie ((void*)(unsigned int)hd->sock->fd, "wb",
+ out = es_fopencookie (hd->sock->fd, "wb",
simple_cookie_functions);
# else
out = es_fdopen_nc (hd->sock->fd, "wb");
@@ -3571,7 +3571,7 @@ connect_with_timeout (assuan_fd_t sock,
tval.tv_sec = timeout / 1000;
tval.tv_usec = (timeout % 1000) * 1000;
- n = my_select (FD2INT(sock)+1, &rset, &wset, NULL, &tval);
+ n = my_select (FD2NUM(sock)+1, &rset, &wset, NULL, &tval);
if (n < 0)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c
index 002f1a7a5..2e04582a1 100644
--- a/dirmngr/ks-action.c
+++ b/dirmngr/ks-action.c
@@ -373,6 +373,8 @@ ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
|| !strcmp (uri->parsed_uri->scheme, "ldaps")
|| !strcmp (uri->parsed_uri->scheme, "ldapi")
|| uri->parsed_uri->opaque);
+#else
+ (void)newer;
#endif
if (is_hkp_s || is_http_s || is_ldap)
@@ -590,6 +592,13 @@ ks_action_query (ctrl_t ctrl, const char *url, unsigned int ks_get_flags,
return err;
#else /* !USE_LDAP */
+ (void)ctrl;
+ (void)url;
+ (void)ks_get_flags;
+ (void)filter;
+ (void)attrs;
+ (void)newer;
+ (void)outfp;
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
#endif
}
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 749c0de09..688972a89 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -31,6 +31,8 @@
# define WINVER 0x0500 /* Same as in common/sysutils.c */
# endif
# include <winsock2.h>
+# include <winldap.h>
+# include <winber.h>
# include <sddl.h>
#endif
diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c
index 23d514cf9..2ec944c72 100644
--- a/dirmngr/ldap-wrapper.c
+++ b/dirmngr/ldap-wrapper.c
@@ -87,7 +87,7 @@ struct wrapper_context_s
{
struct wrapper_context_s *next;
- pid_t pid; /* The pid of the wrapper process. */
+ gnupg_process_t proc;/* The wrapper process. */
int printable_pid; /* Helper to print diagnostics after the process has
* been cleaned up. */
estream_t fp; /* Connected with stdout of the ldap wrapper. */
@@ -170,10 +170,10 @@ read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
static void
destroy_wrapper (struct wrapper_context_s *ctx)
{
- if (ctx->pid != (pid_t)(-1))
+ if (ctx->proc)
{
- gnupg_kill_process (ctx->pid);
- gnupg_release_process (ctx->pid);
+ gnupg_process_terminate (ctx->proc);
+ gnupg_process_release (ctx->proc);
}
ksba_reader_release (ctx->reader);
SAFE_CLOSE (ctx->fp);
@@ -260,7 +260,7 @@ read_log_data (struct wrapper_context_s *ctx)
if (gpg_err_code (err) == GPG_ERR_EAGAIN)
return 0;
log_error (_("error reading log from ldap wrapper %d: %s\n"),
- (int)ctx->pid, gpg_strerror (err));
+ ctx->printable_pid, gpg_strerror (err));
}
print_log_line (ctx, NULL); /* Flush. */
SAFE_CLOSE (ctx->log_fp);
@@ -438,50 +438,44 @@ ldap_reaper_thread (void *dummy)
}
/* Check whether the process is still running. */
- if (ctx->pid != (pid_t)(-1))
+ if (ctx->proc)
{
- int status;
-
- err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
- &status);
+ err = gnupg_process_wait (ctx->proc, 0);
if (!err)
{
+ int status;
+
+ gnupg_process_ctl (ctx->proc, GNUPG_PROCESS_GET_EXIT_ID,
+ &status);
if (DBG_EXTPROG)
- log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
+ log_info (_("ldap wrapper %d ready"), ctx->printable_pid);
ctx->ready = 1;
- gnupg_release_process (ctx->pid);
- ctx->pid = (pid_t)(-1);
+ gnupg_process_release (ctx->proc);
+ ctx->proc = NULL;
any_action = 1;
- }
- else if (gpg_err_code (err) == GPG_ERR_GENERAL)
- {
+
if (status == 10)
log_info (_("ldap wrapper %d ready: timeout\n"),
- (int)ctx->pid);
+ ctx->printable_pid);
else
log_info (_("ldap wrapper %d ready: exitcode=%d\n"),
- (int)ctx->pid, status);
- ctx->ready = 1;
- gnupg_release_process (ctx->pid);
- ctx->pid = (pid_t)(-1);
- any_action = 1;
+ ctx->printable_pid, status);
}
else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
{
log_error (_("waiting for ldap wrapper %d failed: %s\n"),
- (int)ctx->pid, gpg_strerror (err));
+ ctx->printable_pid, gpg_strerror (err));
any_action = 1;
}
}
/* Check whether we should terminate the process. */
- if (ctx->pid != (pid_t)(-1)
- && ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
+ if (ctx->proc && ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
{
- gnupg_kill_process (ctx->pid);
+ gnupg_process_terminate (ctx->proc);
ctx->stamp = (time_t)(-1);
log_info (_("ldap wrapper %d stalled - killing\n"),
- (int)ctx->pid);
+ ctx->printable_pid);
/* We need to close the log stream because the cleanup
* loop waits for it. */
SAFE_CLOSE (ctx->log_fp);
@@ -496,10 +490,10 @@ ldap_reaper_thread (void *dummy)
{
log_debug ("ldap worker states:\n");
for (ctx = reaper_list; ctx; ctx = ctx->next)
- log_debug (" c=%p pid=%d/%d rdr=%p logfp=%p"
+ log_debug (" c=%p pid=%d rdr=%p logfp=%p"
" ctrl=%p/%d la=%lu rdy=%d\n",
ctx,
- (int)ctx->pid, (int)ctx->printable_pid,
+ ctx->printable_pid,
ctx->reader, ctx->log_fp,
ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
(unsigned long)ctx->stamp, ctx->ready);
@@ -602,9 +596,9 @@ ldap_wrapper_release_context (ksba_reader_t reader)
if (ctx->reader == reader)
{
if (DBG_EXTPROG)
- log_debug ("releasing ldap worker c=%p pid=%d/%d rdr=%p"
+ log_debug ("releasing ldap worker c=%p pid=%d rdr=%p"
" ctrl=%p/%d\n", ctx,
- (int)ctx->pid, (int)ctx->printable_pid,
+ ctx->printable_pid,
ctx->reader,
ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
@@ -639,8 +633,8 @@ ldap_wrapper_connection_cleanup (ctrl_t ctrl)
{
ctx->ctrl->refcount--;
ctx->ctrl = NULL;
- if (ctx->pid != (pid_t)(-1))
- gnupg_kill_process (ctx->pid);
+ if (ctx->proc)
+ gnupg_process_terminate (ctx->proc);
if (ctx->fp_err)
log_info ("%s: reading from ldap wrapper %d failed: %s\n",
__func__, ctx->printable_pid, gpg_strerror (ctx->fp_err));
@@ -798,7 +792,7 @@ gpg_error_t
ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
{
gpg_error_t err;
- pid_t pid;
+ gnupg_process_t process;
struct wrapper_context_s *ctx;
int i;
int j;
@@ -854,19 +848,22 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
return err;
}
- err = gnupg_spawn_process (pgmname, arg_list,
- NULL, GNUPG_SPAWN_NONBLOCK,
- NULL, &outfp, &errfp, &pid);
+ err = gnupg_process_spawn (pgmname, arg_list,
+ (GNUPG_PROCESS_STDOUT_PIPE
+ | GNUPG_PROCESS_STDERR_PIPE),
+ NULL, NULL, &process);
if (err)
{
- xfree (arg_list);
+ xfree (arg_list);
xfree (ctx);
log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err));
return err;
}
+ gnupg_process_get_streams (process, GNUPG_PROCESS_STREAM_NONBLOCK,
+ NULL, &outfp, &errfp);
+ gnupg_process_ctl (process, GNUPG_PROCESS_GET_PROC_ID, &ctx->printable_pid);
- ctx->pid = pid;
- ctx->printable_pid = (int) pid;
+ ctx->proc = process;
ctx->fp = outfp;
ctx->log_fp = errfp;
ctx->ctrl = ctrl;
@@ -902,7 +899,7 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
if (DBG_EXTPROG)
{
log_debug ("ldap wrapper %d started (%p, %s)",
- (int)ctx->pid, ctx->reader, pgmname);
+ ctx->printable_pid, ctx->reader, pgmname);
for (i=0; arg_list[i]; i++)
log_printf (" [%s]", arg_list[i]);
log_printf ("\n");
diff --git a/dirmngr/misc.c b/dirmngr/misc.c
index 9cedf911c..d1830237d 100644
--- a/dirmngr/misc.c
+++ b/dirmngr/misc.c
@@ -583,7 +583,7 @@ gpg_error_t
armor_data (char **r_string, const void *data, size_t datalen)
{
gpg_error_t err;
- struct b64state b64state;
+ gpgrt_b64state_t b64state;
estream_t fp;
long length;
char *buffer;
@@ -595,9 +595,15 @@ armor_data (char **r_string, const void *data, size_t datalen)
if (!fp)
return gpg_error_from_syserror ();
- if ((err=b64enc_start_es (&b64state, fp, "PGP PUBLIC KEY BLOCK"))
- || (err=b64enc_write (&b64state, data, datalen))
- || (err = b64enc_finish (&b64state)))
+ b64state = gpgrt_b64enc_start (fp, "PGP PUBLIC KEY BLOCK");
+ if (!b64state)
+ {
+ es_fclose (fp);
+ return gpg_error_from_syserror ();
+ }
+
+ if ((err = gpgrt_b64enc_write (b64state, data, datalen))
+ || (err = gpgrt_b64enc_finish (b64state)))
{
es_fclose (fp);
return err;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 22:38:03 +0000