diff options
| author | Joey Berkovitz <[email protected]> | 2022-09-28 00:20:53 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-10-07 11:21:20 +0000 |
| commit | 5516f92224b6baf6d100d58fc273018bdac173f8 (patch) | |
| tree | 4c526cb8a573cbf1b102ffe3a375eaf30b4d1812 | |
| parent | dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND. (diff) | |
| download | gnupg-5516f92224b6baf6d100d58fc273018bdac173f8.tar.gz gnupg-5516f92224b6baf6d100d58fc273018bdac173f8.zip | |
dirmngr: Interrogate LDAP server when base DN specified.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP
server when basedn specified.
--
GnuPG-bug-id: 6047
Signed-off-by: Joey Berkovitz <[email protected]>
(cherry picked from commit 3257385378bb3f19ebf089538f0efe2154487989)
| -rw-r--r-- | dirmngr/ks-engine-ldap.c | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 347a33042..12e212b82 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -294,6 +294,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact, } +/* Returns 1 if R_BASEDDN is substituted, 0 if not. */ static int interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search, unsigned int *r_serverinfo, char **r_basedn) @@ -302,7 +303,6 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search, char **vals; LDAPMessage *si_res; int is_gnupg = 0; - int result = 0; char *basedn = NULL; char *attr2[] = { "pgpBaseKeySpaceDN", "pgpVersion", "pgpSoftware", NULL }; char *object = xasprintf ("cn=pgpServerInfo,%s", basedn_search); @@ -317,9 +317,7 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search, { vals = ldap_get_values (ldap_conn, si_res, "pgpBaseKeySpaceDN"); if (vals && vals[0]) - { - basedn = xtrystrdup (vals[0]); - } + basedn = xtrystrdup (vals[0]); my_ldap_value_free (vals); vals = ldap_get_values (ldap_conn, si_res, "pgpSoftware"); @@ -357,9 +355,19 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search, freed with ldap_msgfree() regardless of return value of these functions. */ ldap_msgfree (si_res); - if (r_basedn) - *r_basedn = basedn; - return result; + if (r_basedn && basedn) + { + if (*r_basedn) + xfree (*r_basedn); + *r_basedn = basedn; + return 1; + } + else + { + if (basedn) + xfree (basedn); + return 0; + } } @@ -666,6 +674,17 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, goto out; } *r_serverinfo |= SERVERINFO_REALLDAP; + + /* First try with provided basedn, else retry up one level. + * Retry assumes that provided entry is for keyspace, + * matching old behavior */ + if (!interrogate_ldap_dn (ldap_conn, basedn, r_serverinfo, &basedn)) + { + const char *basedn_parent = strchr (basedn, ','); + if (basedn_parent) + interrogate_ldap_dn (ldap_conn, basedn_parent + 1, r_serverinfo, + &basedn); + } } else { /* Look for namingContexts. */ |