* gpgkeys_ldap.c (main): Add "debug" option. This is only really useful

with OpenLDAP, but it's practically vital to debug SSL and TLS setups. Add "basedn" option. This allows users to override the autodetection for base DN. SSL overrides TLS, so TLS will not be started on SSL connections (starting an already started car).
author: David Shaw <[email protected]> 2004-07-29 14:01:04 +0000
committer: David Shaw <[email protected]> 2004-07-29 14:01:04 +0000
commit: f7a793ae28f982ba06d3f06f2ffda8d5c7a91697 (patch)
tree: aad040a4900f5d8c52ffb9d0f8d22b7d401a0149
parent: * gpgkeys_ldap.c (build_attrs): Add "pgpKeySize" and "pgpSubKeyID" (diff)
download: gnupg-f7a793ae28f982ba06d3f06f2ffda8d5c7a91697.tar.gz
gnupg-f7a793ae28f982ba06d3f06f2ffda8d5c7a91697.zip
2 files changed, 68 insertions, 11 deletions
diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog
index 9fea68780..806c7f38b 100644
--- a/keyserver/ChangeLog
+++ b/keyserver/ChangeLog
@@ -1,3 +1,11 @@
+2004-07-29  David Shaw  <[email protected]>
+
+	* gpgkeys_ldap.c (main): Add "debug" option.  This is only really
+	useful with OpenLDAP, but it's practically vital to debug SSL and
+	TLS setups.  Add "basedn" option.  This allows users to override
+	the autodetection for base DN.  SSL overrides TLS, so TLS will not
+	be started on SSL connections (starting an already started car).
+
 2004-07-28  David Shaw  <[email protected]>
 
 	* gpgkeys_ldap.c (build_attrs): Add "pgpKeySize" and "pgpSubKeyID"
diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c
index d72802a24..3912d4fb1 100644
--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@@ -1522,7 +1522,7 @@ find_basekeyspacedn(void)
 int
 main(int argc,char *argv[])
 {
-  int port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
+  int debug=0,port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
   char line[MAX_LINE];
   int version,failed=0,use_ssl=0,use_tls=0,bound=0;
   struct keylist *keylist=NULL,*keyptr=NULL;
@@ -1577,7 +1577,7 @@ main(int argc,char *argv[])
   while(fgets(line,MAX_LINE,input)!=NULL)
     {
       char commandstr[7];
-      char optionstr[30];
+      char optionstr[256];
       char schemestr[80];
       char hash;
 
@@ -1636,12 +1636,12 @@ main(int argc,char *argv[])
 	  continue;
 	}
 
-      if(sscanf(line,"OPTION %29s\n",optionstr)==1)
+      if(sscanf(line,"OPTION %255[^\n]\n",optionstr)==1)
 	{
 	  int no=0;
 	  char *start=&optionstr[0];
 
-	  optionstr[29]='\0';
+	  optionstr[255]='\0';
 
 	  if(strncasecmp(optionstr,"no-",3)==0)
 	    {
@@ -1697,11 +1697,44 @@ main(int argc,char *argv[])
 	      else if(start[3]=='\0')
 		use_tls=1;
 	    }
+	  else if(strncasecmp(start,"debug",5)==0)
+	    {
+	      if(no)
+		debug=0;
+	      else if(start[5]=='=')
+		debug=atoi(&start[6]);
+	    }
+	  else if(strncasecmp(start,"basedn",6)==0)
+	    {
+	      if(no)
+		{
+		  free(basekeyspacedn);
+		  basekeyspacedn=NULL;
+		}
+	      else if(start[6]=='=')
+		{
+		  free(basekeyspacedn);
+		  basekeyspacedn=strdup(&start[7]);
+		  if(!basekeyspacedn)
+		    {
+		      fprintf(console,"gpgkeys: out of memory while creating "
+			      "base DN\n");
+		      ret=KEYSERVER_NO_MEMORY;
+		      goto fail;
+		    }
+
+		  real_ldap=1;
+		}
+	    }
 
 	  continue;
 	}
     }
 
+  /* SSL trumps TLS */
+  if(use_ssl)
+    use_tls=0;
+
   /* If it's a GET or a SEARCH, the next thing to come in is the
      keyids.  If it's a SEND, then there are no keyids. */
 
@@ -1767,6 +1800,21 @@ main(int argc,char *argv[])
 	      action==SEND?"SEND":"SEARCH");
     }
 
+  if(debug)
+    {
+#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION)
+      err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&debug);
+      if(err!=LDAP_SUCCESS)
+	fprintf(console,"gpgkeys: unable to set debug mode: %s\n",
+		ldap_err2string(err));
+      else
+	fprintf(console,"gpgkeys: debug level %d\n",debug);
+#else
+      fprintf(console,"gpgkeys: not built with debugging support\n");
+#endif
+    }
+
+
   /* Note that this tries all A records on a given host (or at least,
      OpenLDAP does). */
   ldap=ldap_init(host,port);
@@ -1798,13 +1846,14 @@ main(int argc,char *argv[])
 #endif
     }
 
-  if((err=find_basekeyspacedn()) || !basekeyspacedn)
-    {
-      fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
-	      err?ldap_err2string(err):"not found");
-      fail_all(keylist,action,ldap_err_to_gpg_err(err));
-      goto fail;
-    }
+  if(!basekeyspacedn)
+    if((err=find_basekeyspacedn()) || !basekeyspacedn)
+      {
+	fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
+		err?ldap_err2string(err):"not found");
+	fail_all(keylist,action,ldap_err_to_gpg_err(err));
+	goto fail;
+      }
 
   /* use_tls: 0=don't use, 1=try silently to use, 2=try loudly to use,
      3=force use. */
author	David Shaw <[email protected]>	2004-07-29 14:01:04 +0000
committer	David Shaw <[email protected]>	2004-07-29 14:01:04 +0000
commit	f7a793ae28f982ba06d3f06f2ffda8d5c7a91697 (patch)
tree	aad040a4900f5d8c52ffb9d0f8d22b7d401a0149
parent	* gpgkeys_ldap.c (build_attrs): Add "pgpKeySize" and "pgpSubKeyID" (diff)
download	gnupg-f7a793ae28f982ba06d3f06f2ffda8d5c7a91697.tar.gz gnupg-f7a793ae28f982ba06d3f06f2ffda8d5c7a91697.zip