diff options
| author | Werner Koch <wk@gnupg.org> | 2021-06-11 20:15:13 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2021-06-11 20:15:32 +0200 |
| commit | 6b76693ff54297456b724ba53f7e6283e2a5a126 (patch) | |
| tree | 9f7443424f24cfbf895936b98c42998cd7c2d1a6 /sm | |
| parent | scd: Support clearing of Reset Code by ''. (diff) | |
| download | gnupg2-6b76693ff54297456b724ba53f7e6283e2a5a126.tar.xz gnupg2-6b76693ff54297456b724ba53f7e6283e2a5a126.zip | |
sm: Fix finding of issuer in use-keyboxd mode.
* sm/keydb.c (struct keydb_local_s): Add field saved_search_result.
(keydb_push_found_state): Implement for keyboxd.
(keydb_pop_found_state): Ditto.
(keydb_get_cert): Do not release the cert so that the function can be
used again to get the same cert. This is the same behaviour as in
pubring.kbx mode.
* sm/certchain.c, sm/import.c: Improve some error messages.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'sm')
| -rw-r--r-- | sm/certchain.c | 13 | ||||
| -rw-r--r-- | sm/import.c | 3 | ||||
| -rw-r--r-- | sm/keydb.c | 83 |
3 files changed, 62 insertions, 37 deletions
diff --git a/sm/certchain.c b/sm/certchain.c index e23a1c427..ee17599d1 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -459,7 +459,8 @@ find_up_search_by_keyid (ctrl_t ctrl, KEYDB_HANDLE kh, rc = keydb_get_cert (kh, &cert); if (rc) { - log_error ("keydb_get_cert() failed: rc=%d\n", rc); + log_error ("keydb_get_cert failed in %s: %s <%s>\n", + __func__, gpg_strerror (rc), gpg_strsource (rc)); rc = gpg_error (GPG_ERR_NOT_FOUND); goto leave; } @@ -1084,8 +1085,8 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next) err = keydb_get_cert (kh, r_next); if (err) { - log_error ("keydb_get_cert() failed: %s <%s>\n", - gpg_strerror (err), gpg_strsource (err)); + log_error ("keydb_get_cert failed in %s: %s <%s>\n", + __func__, gpg_strerror (err), gpg_strsource (err)); err = gpg_error (GPG_ERR_GENERAL); } @@ -1824,7 +1825,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, rc = keydb_get_cert (kh, &issuer_cert); if (rc) { - log_error ("keydb_get_cert() failed: rc=%d\n", rc); + log_error ("keydb_get_cert failed in %s: %s <%s>\n", + __func__, gpg_strerror (rc), gpg_strsource (rc)); rc = gpg_error (GPG_ERR_GENERAL); goto leave; } @@ -2253,7 +2255,8 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert) rc = keydb_get_cert (kh, &issuer_cert); if (rc) { - log_error ("keydb_get_cert() failed: rc=%d\n", rc); + log_error ("keydb_get_cert failed in %s: %s <%s>\n", + __func__, gpg_strerror (rc), gpg_strsource (rc)); rc = gpg_error (GPG_ERR_GENERAL); goto leave; } diff --git a/sm/import.c b/sm/import.c index 0b8fbadb6..d506913d0 100644 --- a/sm/import.c +++ b/sm/import.c @@ -459,7 +459,8 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd) err = keydb_get_cert (kh, &cert); if (err) { - log_error ("keydb_get_cert() failed: %s\n", gpg_strerror (err)); + log_error ("keydb_get_cert failed in %s: %s <%s>\n", + __func__, gpg_strerror (err), gpg_strsource (err)); print_import_problem (ctrl, NULL, 1); stats->not_imported++; continue; diff --git a/sm/keydb.c b/sm/keydb.c index 990f63a61..048d04d31 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -72,6 +72,11 @@ struct keydb_local_s char *buf; size_t len; } search_result; + /* The "stack" used by keydb_push_found_state. */ + struct { + char *buf; + size_t len; + } saved_search_result; /* This flag set while an operation is running on this context. */ unsigned int is_active : 1; @@ -855,7 +860,7 @@ unlock_all (KEYDB_HANDLE hd) -/* Push the last found state if any. */ +/* Push the last found state if any. Only one state is saved. */ void keydb_push_found_state (KEYDB_HANDLE hd) { @@ -863,25 +868,33 @@ keydb_push_found_state (KEYDB_HANDLE hd) return; if (hd->use_keyboxd) - return; /* FIXME: Do we need this? */ - - if (hd->found < 0 || hd->found >= hd->used) { - hd->saved_found = -1; - return; + xfree (hd->kbl->saved_search_result.buf); + hd->kbl->saved_search_result.buf = hd->kbl->search_result.buf; + hd->kbl->saved_search_result.len = hd->kbl->search_result.len; + hd->kbl->search_result.buf = NULL; + hd->kbl->search_result.len = 0; } - - switch (hd->active[hd->found].type) + else { - case KEYDB_RESOURCE_TYPE_NONE: - break; - case KEYDB_RESOURCE_TYPE_KEYBOX: - keybox_push_found_state (hd->active[hd->found].u.kr); - break; + if (hd->found < 0 || hd->found >= hd->used) + hd->saved_found = -1; + else + { + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_push_found_state (hd->active[hd->found].u.kr); + break; + } + + hd->saved_found = hd->found; + hd->found = -1; + } } - hd->saved_found = hd->found; - hd->found = -1; if (DBG_CLOCK) log_clock ("%s: done (hd=%p)\n", __func__, hd); } @@ -895,21 +908,32 @@ keydb_pop_found_state (KEYDB_HANDLE hd) return; if (hd->use_keyboxd) - return; /* FIXME: Do we need this? */ - - hd->found = hd->saved_found; - hd->saved_found = -1; - if (hd->found < 0 || hd->found >= hd->used) - return; - - switch (hd->active[hd->found].type) { - case KEYDB_RESOURCE_TYPE_NONE: - break; - case KEYDB_RESOURCE_TYPE_KEYBOX: - keybox_pop_found_state (hd->active[hd->found].u.kr); - break; + xfree (hd->kbl->search_result.buf); + hd->kbl->search_result.buf = hd->kbl->saved_search_result.buf; + hd->kbl->search_result.len = hd->kbl->saved_search_result.len; + hd->kbl->saved_search_result.buf = NULL; + hd->kbl->saved_search_result.len = 0; + } + else + { + hd->found = hd->saved_found; + hd->saved_found = -1; + if (hd->found < 0 || hd->found >= hd->used) + ; + else + { + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_pop_found_state (hd->active[hd->found].u.kr); + break; + } + } } + if (DBG_CLOCK) log_clock ("%s: done (hd=%p)\n", __func__, hd); } @@ -955,9 +979,6 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert) ksba_cert_release (cert); goto leave; } - xfree (hd->kbl->search_result.buf); - hd->kbl->search_result.buf = NULL; - hd->kbl->search_result.len = 0; *r_cert = cert; goto leave; } |