-/* call-dirmngr.c - communication with the dromngr
- * Copyright (C) 2002, 2003, 2005, 2007, 2008 Free Software Foundation, Inc.
+/* call-dirmngr.c - Communication with the dirmngr
+ * Copyright (C) 2002, 2003, 2005, 2007, 2008,
+ * 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
#include <stdlib.h>
#include <string.h>
#include <errno.h>
-#include <unistd.h>
+#include <unistd.h>
#include <time.h>
#include <assert.h>
#include <ctype.h>
#include "i18n.h"
#include "keydb.h"
+#include "asshelp.h"
struct membuf {
+/* fixme: We need a context for each thread or serialize the access to
+ the dirmngr. */
static assuan_context_t dirmngr_ctx = NULL;
-static int force_pipe_server = 0;
+static assuan_context_t dirmngr2_ctx = NULL;
+
+static int dirmngr_ctx_locked;
+static int dirmngr2_ctx_locked;
struct inq_certificate_parm_s {
+ ctrl_t ctrl;
assuan_context_t ctx;
ksba_cert_t cert;
ksba_cert_t issuer_cert;
};
+
+static gpg_error_t get_cached_cert (assuan_context_t ctx,
+ const unsigned char *fpr,
+ ksba_cert_t *r_cert);
+
+
+\f
/* A simple implementation of a dynamic buffer. Use init_membuf() to
create a buffer, put_membuf to append bytes and get_membuf to
release and return the buffer. Allocation errors are detected but
if (mb->len + len >= mb->size)
{
char *p;
-
+
mb->size += len + 1024;
p = xtryrealloc (mb->buf, mb->size);
if (!p)
}
-/* This fucntion prepares the dirmngr for a new session. The
+/* This function prepares the dirmngr for a new session. The
audit-events option is used so that other dirmngr clients won't get
disturbed by such events. */
static void
prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
{
- if (!ctrl->dirmngr_seen)
+ struct keyserver_spec *server;
+
+ if (!err)
{
- ctrl->dirmngr_seen = 1;
- if (!err)
- {
- err = assuan_transact (ctx, "OPTION audit-events=1",
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
- err = 0; /* Allow the use of old dirmngr versions. */
- }
- audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
+ err = assuan_transact (ctx, "OPTION audit-events=1",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
+ err = 0; /* Allow the use of old dirmngr versions. */
+ }
+ audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
+
+ if (!ctx || err)
+ return;
+
+ server = opt.keyserver;
+ while (server)
+ {
+ char line[ASSUAN_LINELENGTH];
+ char *user = server->user ? server->user : "";
+ char *pass = server->pass ? server->pass : "";
+ char *base = server->base ? server->base : "";
+
+ snprintf (line, DIM (line) - 1, "LDAPSERVER %s:%i:%s:%s:%s",
+ server->host, server->port, user, pass, base);
+ line[DIM (line) - 1] = 0;
+
+ err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (gpg_err_code (err) == GPG_ERR_ASS_UNKNOWN_CMD)
+ err = 0; /* Allow the use of old dirmngr versions. */
+
+ server = server->next;
}
}
\f
-/* Try to connect to the agent via socket or fork it off and work by
- pipes. Handle the server's initial greeting */
-static int
-start_dirmngr (ctrl_t ctrl)
+/* Return a new assuan context for a Dirmngr connection. */
+static gpg_error_t
+start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
{
- int rc;
- char *infostr, *p;
+ gpg_error_t err;
assuan_context_t ctx;
- int try_default = 0;
if (opt.disable_dirmngr)
return gpg_error (GPG_ERR_NO_DIRMNGR);
- if (dirmngr_ctx)
- {
- prepare_dirmngr (ctrl, dirmngr_ctx, 0);
- return 0; /* fixme: We need a context for each thread or serialize
- the access to the dirmngr */
- }
+ if (*ctx_r)
+ return 0;
+
/* Note: if you change this to multiple connections, you also need
to take care of the implicit option sending caching. */
-#ifdef HAVE_W32_SYSTEM
- infostr = NULL;
- opt.prefer_system_dirmngr = 1;
-#else
- infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO");
-#endif /*HAVE_W32_SYSTEM*/
- if (infostr && !*infostr)
- infostr = NULL;
- else if (infostr)
- infostr = xstrdup (infostr);
-
- if (opt.prefer_system_dirmngr && !force_pipe_server && !infostr)
- {
- infostr = xstrdup (dirmngr_socket_name ());
- try_default = 1;
- }
- if (!infostr)
- {
- const char *pgmname;
- const char *argv[3];
- int no_close_list[3];
- int i;
-
- if (!opt.dirmngr_program || !*opt.dirmngr_program)
- opt.dirmngr_program = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR);
- if ( !(pgmname = strrchr (opt.dirmngr_program, '/')))
- pgmname = opt.dirmngr_program;
- else
- pgmname++;
+ err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT,
+ opt.homedir, opt.dirmngr_program,
+ opt.autostart, opt.verbose, DBG_ASSUAN,
+ gpgsm_status2, ctrl);
+ if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
+ {
+ static int shown;
- if (opt.verbose)
- log_info (_("no running dirmngr - starting `%s'\n"),
- opt.dirmngr_program);
-
- if (fflush (NULL))
+ if (!shown)
{
- gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
- log_error ("error flushing pending output: %s\n", strerror (errno));
- return tmperr;
+ shown = 1;
+ log_info (_("no dirmngr running in this session\n"));
}
+ }
+ prepare_dirmngr (ctrl, ctx, err);
+ if (err)
+ return err;
- argv[0] = pgmname;
- argv[1] = "--server";
- argv[2] = NULL;
+ *ctx_r = ctx;
+ return 0;
+}
- i=0;
- if (log_get_fd () != -1)
- no_close_list[i++] = log_get_fd ();
- no_close_list[i++] = fileno (stderr);
- no_close_list[i] = -1;
- /* connect to the agent and perform initial handshaking */
- rc = assuan_pipe_connect (&ctx, opt.dirmngr_program, argv,
- no_close_list);
- }
- else
- {
- int prot;
- int pid;
+static int
+start_dirmngr (ctrl_t ctrl)
+{
+ gpg_error_t err;
+
+ assert (! dirmngr_ctx_locked);
+ dirmngr_ctx_locked = 1;
+
+ err = start_dirmngr_ext (ctrl, &dirmngr_ctx);
+ /* We do not check ERR but the existance of a context because the
+ error might come from a failed command send to the dirmngr.
+ Fixme: Why don't we close the drimngr context if we encountered
+ an error in prepare_dirmngr? */
+ if (!dirmngr_ctx)
+ dirmngr_ctx_locked = 0;
+ return err;
+}
- if (!try_default)
- {
- if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
- {
- log_error (_("malformed DIRMNGR_INFO environment variable\n"));
- xfree (infostr);
- force_pipe_server = 1;
- return start_dirmngr (ctrl);
- }
- *p++ = 0;
- pid = atoi (p);
- while (*p && *p != PATHSEP_C)
- p++;
- prot = *p? atoi (p+1) : 0;
- if (prot != 1)
- {
- log_error (_("dirmngr protocol version %d is not supported\n"),
- prot);
- xfree (infostr);
- force_pipe_server = 1;
- return start_dirmngr (ctrl);
- }
- }
- else
- pid = -1;
- rc = assuan_socket_connect (&ctx, infostr, pid);
-#ifdef HAVE_W32_SYSTEM
- if (rc)
- log_debug ("connecting dirmngr at `%s' failed\n", infostr);
-#endif
+static void
+release_dirmngr (ctrl_t ctrl)
+{
+ (void)ctrl;
- xfree (infostr);
-#ifndef HAVE_W32_SYSTEM
- if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED)
- {
- log_info (_("can't connect to the dirmngr - trying fall back\n"));
- force_pipe_server = 1;
- return start_dirmngr (ctrl);
- }
-#endif /*!HAVE_W32_SYSTEM*/
- }
+ if (!dirmngr_ctx_locked)
+ log_error ("WARNING: trying to release a non-locked dirmngr ctx\n");
+ dirmngr_ctx_locked = 0;
+}
- prepare_dirmngr (ctrl, ctx, rc);
- if (rc)
- {
- log_error ("can't connect to the dirmngr: %s\n", gpg_strerror (rc));
- return gpg_error (GPG_ERR_NO_DIRMNGR);
- }
- dirmngr_ctx = ctx;
+static int
+start_dirmngr2 (ctrl_t ctrl)
+{
+ gpg_error_t err;
- if (DBG_ASSUAN)
- log_debug ("connection to dirmngr established\n");
- return 0;
+ assert (! dirmngr2_ctx_locked);
+ dirmngr2_ctx_locked = 1;
+
+ err = start_dirmngr_ext (ctrl, &dirmngr2_ctx);
+ if (!dirmngr2_ctx)
+ dirmngr2_ctx_locked = 0;
+ return err;
+}
+
+
+static void
+release_dirmngr2 (ctrl_t ctrl)
+{
+ (void)ctrl;
+
+ if (!dirmngr2_ctx_locked)
+ log_error ("WARNING: trying to release a non-locked dirmngr2 ctx\n");
+ dirmngr2_ctx_locked = 0;
}
\f
/* Handle a SENDCERT inquiry. */
-static int
+static gpg_error_t
inq_certificate (void *opaque, const char *line)
{
struct inq_certificate_parm_s *parm = opaque;
+ const char *s;
int rc;
+ size_t n;
const unsigned char *der;
size_t derlen;
int issuer_mode = 0;
ksba_sexp_t ski = NULL;
- if (!strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]))
+ if ((s = has_leading_keyword (line, "SENDCERT")))
{
- line += 8;
+ line = s;
}
- else if (!strncmp (line, "SENDCERT_SKI", 12) && (line[12]==' ' || !line[12]))
+ else if ((s = has_leading_keyword (line, "SENDCERT_SKI")))
{
- size_t n;
-
/* Send a certificate where a sourceKeyIdentifier is included. */
- line += 12;
- while (*line == ' ')
- line++;
+ line = s;
ski = make_simple_sexp_from_hexstr (line, &n);
line += n;
while (*line == ' ')
line++;
}
- else if (!strncmp (line, "SENDISSUERCERT", 14)
- && (line[14] == ' ' || !line[14]))
+ else if ((s = has_leading_keyword (line, "SENDISSUERCERT")))
{
- line += 14;
+ line = s;
issuer_mode = 1;
}
+ else if ((s = has_leading_keyword (line, "ISTRUSTED")))
+ {
+ /* The server is asking us whether the certificate is a trusted
+ root certificate. */
+ char fpr[41];
+ struct rootca_flags_s rootca_flags;
+
+ line = s;
+
+ for (s=line,n=0; hexdigitp (s); s++, n++)
+ ;
+ if (*s || n != 40)
+ return gpg_error (GPG_ERR_ASS_PARAMETER);
+ for (s=line, n=0; n < 40; s++, n++)
+ fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
+ fpr[n] = 0;
+
+ if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
+ rc = assuan_send_data (parm->ctx, "1", 1);
+ else
+ rc = 0;
+ return rc;
+ }
else
{
- log_error ("unsupported inquiry `%s'\n", line);
+ log_error ("unsupported inquiry '%s'\n", line);
return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
"is not yet implemented\n");
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
- else
+ else
{ /* Send the given certificate. */
int err;
ksba_cert_t cert;
}
xfree (ski);
- return rc;
+ return rc;
}
}
-static assuan_error_t
+static gpg_error_t
isvalid_status_cb (void *opaque, const char *line)
{
struct isvalid_status_parm_s *parm = opaque;
+ const char *s;
- if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8]))
+ if ((s = has_leading_keyword (line, "PROGRESS")))
{
if (parm->ctrl)
{
- for (line += 8; *line == ' '; line++)
- ;
+ line = s;
if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
return gpg_error (GPG_ERR_ASS_CANCELED);
}
}
- else if (!strncmp (line, "ONLY_VALID_IF_CERT_VALID", 24)
- && (line[24]==' ' || !line[24]))
+ else if ((s = has_leading_keyword (line, "ONLY_VALID_IF_CERT_VALID")))
{
parm->seen++;
- if (!line[24] || !unhexify_fpr (line+25, parm->fpr))
+ if (!*s || !unhexify_fpr (s, parm->fpr))
parm->seen++; /* Bumb it to indicate an error. */
}
return 0;
if (!certid)
{
log_error ("error getting the certificate ID\n");
+ release_dirmngr (ctrl);
return gpg_error (GPG_ERR_GENERAL);
}
}
}
parm.ctx = dirmngr_ctx;
+ parm.ctrl = ctrl;
parm.cert = cert;
parm.issuer_cert = issuer_cert;
NULL, NULL, NULL, NULL, NULL, NULL);
did_options = 1;
}
- snprintf (line, DIM(line)-1, "ISVALID%s %s",
+ snprintf (line, DIM(line)-1, "ISVALID%s %s",
use_ocsp == 2? " --only-ocsp --force-default-responder":"",
certid);
line[DIM(line)-1] = 0;
}
else
{
- KEYDB_HANDLE kh;
ksba_cert_t rspcert = NULL;
- /* Fixme: First try to get the certificate from the
- dirmngr's cache - it should be there. */
- kh = keydb_new (0);
- if (!kh)
- rc = gpg_error (GPG_ERR_ENOMEM);
- if (!rc)
- rc = keydb_search_fpr (kh, stparm.fpr);
- if (!rc)
- rc = keydb_get_cert (kh, &rspcert);
- if (rc)
+ if (get_cached_cert (dirmngr_ctx, stparm.fpr, &rspcert))
{
- log_error ("unable to find the certificate used "
- "by the dirmngr: %s\n", gpg_strerror (rc));
- rc = gpg_error (GPG_ERR_INV_CRL);
+ /* Ooops: Something went wrong getting the certificate
+ from the dirmngr. Try our own cert store now. */
+ KEYDB_HANDLE kh;
+
+ kh = keydb_new (0);
+ if (!kh)
+ rc = gpg_error (GPG_ERR_ENOMEM);
+ if (!rc)
+ rc = keydb_search_fpr (kh, stparm.fpr);
+ if (!rc)
+ rc = keydb_get_cert (kh, &rspcert);
+ if (rc)
+ {
+ log_error ("unable to find the certificate used "
+ "by the dirmngr: %s\n", gpg_strerror (rc));
+ rc = gpg_error (GPG_ERR_INV_CRL);
+ }
+ keydb_release (kh);
}
- keydb_release (kh);
if (!rc)
{
{
/* Note the no_dirmngr flag: This avoids checking
this certificate over and over again. */
- rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL,
+ rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL,
VALIDATE_FLAG_NO_DIRMNGR, NULL);
if (rc)
{
ksba_cert_release (rspcert);
}
}
+ release_dirmngr (ctrl);
return rc;
}
\f
/* Lookup helpers*/
-static int
+static gpg_error_t
lookup_cb (void *opaque, const void *buffer, size_t length)
{
struct lookup_parm_s *parm = opaque;
if (!pattern)
return NULL;
- for (n=0, sl=names; sl; sl = sl->next)
+ for (sl=names; sl; sl = sl->next)
{
for (s=sl->d; *s; s++)
{
*pattern = 0; /* is empty */
else
p[-1] = '\0'; /* remove trailing blank */
-
+
return pattern;
}
-static int
+static gpg_error_t
lookup_status_cb (void *opaque, const char *line)
{
struct lookup_parm_s *parm = opaque;
+ const char *s;
- if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8]))
+ if ((s = has_leading_keyword (line, "PROGRESS")))
{
if (parm->ctrl)
{
- for (line += 8; *line == ' '; line++)
- ;
+ line = s;
if (gpgsm_status (parm->ctrl, STATUS_PROGRESS, line))
return gpg_error (GPG_ERR_ASS_CANCELED);
}
}
- else if (!strncmp (line, "TRUNCATED", 9) && (line[9]==' ' || !line[9]))
+ else if ((s = has_leading_keyword (line, "TRUNCATED")))
{
if (parm->ctrl)
{
- for (line +=9; *line == ' '; line++)
- ;
+ line = s;
gpgsm_status (parm->ctrl, STATUS_TRUNCATED, line);
}
}
the callback CB which will be passed cert by cert. Note that CTRL
is optional. With CACHE_ONLY the dirmngr will search only its own
key cache. */
-int
+int
gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
void (*cb)(void*, ksba_cert_t), void *cb_value)
-{
+{
int rc;
char *pattern;
char line[ASSUAN_LINELENGTH];
struct lookup_parm_s parm;
size_t len;
+ assuan_context_t ctx;
- rc = start_dirmngr (ctrl);
- if (rc)
- return rc;
+ /* The lookup function can be invoked from the callback of a lookup
+ function, for example to walk the chain. */
+ if (!dirmngr_ctx_locked)
+ {
+ rc = start_dirmngr (ctrl);
+ if (rc)
+ return rc;
+ ctx = dirmngr_ctx;
+ }
+ else if (!dirmngr2_ctx_locked)
+ {
+ rc = start_dirmngr2 (ctrl);
+ if (rc)
+ return rc;
+ ctx = dirmngr2_ctx;
+ }
+ else
+ {
+ log_fatal ("both dirmngr contexts are in use\n");
+ }
pattern = pattern_from_strlist (names);
if (!pattern)
- return out_of_core ();
- snprintf (line, DIM(line)-1, "LOOKUP%s %s",
+ {
+ if (ctx == dirmngr_ctx)
+ release_dirmngr (ctrl);
+ else
+ release_dirmngr2 (ctrl);
+
+ return out_of_core ();
+ }
+ snprintf (line, DIM(line)-1, "LOOKUP%s %s",
cache_only? " --cache-only":"", pattern);
line[DIM(line)-1] = 0;
xfree (pattern);
parm.ctrl = ctrl;
- parm.ctx = dirmngr_ctx;
+ parm.ctx = ctx;
parm.cb = cb;
parm.cb_value = cb_value;
parm.error = 0;
init_membuf (&parm.data, 4096);
- rc = assuan_transact (dirmngr_ctx, line, lookup_cb, &parm,
+ rc = assuan_transact (ctx, line, lookup_cb, &parm,
NULL, NULL, lookup_status_cb, &parm);
xfree (get_membuf (&parm.data, &len));
+
+ if (ctx == dirmngr_ctx)
+ release_dirmngr (ctrl);
+ else
+ release_dirmngr2 (ctrl);
+
if (rc)
- return rc;
+ return rc;
return parm.error;
}
\f
+static gpg_error_t
+get_cached_cert_data_cb (void *opaque, const void *buffer, size_t length)
+{
+ struct membuf *mb = opaque;
+
+ if (buffer)
+ put_membuf (mb, buffer, length);
+ return 0;
+}
+
+/* Return a certificate from the Directory Manager's cache. This
+ function only returns one certificate which must be specified using
+ the fingerprint FPR and will be stored at R_CERT. On error NULL is
+ stored at R_CERT and an error code returned. Note that the caller
+ must provide the locked dirmngr context CTX. */
+static gpg_error_t
+get_cached_cert (assuan_context_t ctx,
+ const unsigned char *fpr, ksba_cert_t *r_cert)
+{
+ gpg_error_t err;
+ char line[ASSUAN_LINELENGTH];
+ char hexfpr[2*20+1];
+ struct membuf mb;
+ char *buf;
+ size_t buflen = 0;
+ ksba_cert_t cert;
+
+ *r_cert = NULL;
+
+ bin2hex (fpr, 20, hexfpr);
+ snprintf (line, DIM(line)-1, "LOOKUP --signle --cache-only 0x%s", hexfpr);
+
+ init_membuf (&mb, 4096);
+ err = assuan_transact (ctx, line, get_cached_cert_data_cb, &mb,
+ NULL, NULL, NULL, NULL);
+ buf = get_membuf (&mb, &buflen);
+ if (err)
+ {
+ xfree (buf);
+ return err;
+ }
+ if (!buf)
+ return gpg_error (GPG_ERR_ENOMEM);
+
+ err = ksba_cert_new (&cert);
+ if (err)
+ {
+ xfree (buf);
+ return err;
+ }
+ err = ksba_cert_init_from_mem (cert, buf, buflen);
+ xfree (buf);
+ if (err)
+ {
+ log_error ("failed to parse a certificate: %s\n", gpg_strerror (err));
+ ksba_cert_release (cert);
+ return err;
+ }
+
+ *r_cert = cert;
+ return 0;
+}
+
+
+\f
/* Run Command helpers*/
/* Fairly simple callback to write all output of dirmngr to stdout. */
-static int
+static gpg_error_t
run_command_cb (void *opaque, const void *buffer, size_t length)
{
+ (void)opaque;
+
if (buffer)
{
if ( fwrite (buffer, length, 1, stdout) != 1 )
}
/* Handle inquiries from the dirmngr COMMAND. */
-static int
+static gpg_error_t
run_command_inq_cb (void *opaque, const char *line)
{
struct run_command_parm_s *parm = opaque;
+ const char *s;
int rc = 0;
- if ( !strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]) )
+ if ((s = has_leading_keyword (line, "SENDCERT")))
{ /* send the given certificate */
int err;
ksba_cert_t cert;
const unsigned char *der;
size_t derlen;
- line += 8;
+ line = s;
if (!*line)
return gpg_error (GPG_ERR_ASS_PARAMETER);
ksba_cert_release (cert);
}
}
- else if ( !strncmp (line, "PRINTINFO", 9) && (line[9] == ' ' || !line[9]) )
+ else if ((s = has_leading_keyword (line, "PRINTINFO")))
{ /* Simply show the message given in the argument. */
- line += 9;
+ line = s;
log_info ("dirmngr: %s\n", line);
}
else
{
- log_error ("unsupported inquiry `%s'\n", line);
+ log_error ("unsupported inquiry '%s'\n", line);
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
- return rc;
+ return rc;
}
-static int
+static gpg_error_t
run_command_status_cb (void *opaque, const char *line)
{
ctrl_t ctrl = opaque;
+ const char *s;
if (opt.verbose)
{
log_info ("dirmngr status: %s\n", line);
}
- if (!strncmp (line, "PROGRESS", 8) && (line[8]==' ' || !line[8]))
+ if ((s = has_leading_keyword (line, "PROGRESS")))
{
if (ctrl)
{
- for (line += 8; *line == ' '; line++)
- ;
+ line = s;
if (gpgsm_status (ctrl, STATUS_PROGRESS, line))
return gpg_error (GPG_ERR_ASS_CANCELED);
}
int
gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
int argc, char **argv)
-{
+{
int rc;
int i;
const char *s;
len += 1 + 3*strlen (argv[i]); /* enough space for percent escaping */
line = xtrymalloc (len);
if (!line)
- return out_of_core ();
+ {
+ release_dirmngr (ctrl);
+ return out_of_core ();
+ }
p = stpcpy (line, command);
for (i=0; i < argc; i++)
run_command_status_cb, ctrl);
xfree (line);
log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
+ release_dirmngr (ctrl);
return rc;
}
projects / gnupg.git / blobdiff