dirmngr: Allow for non-URL specified ldap keyservers.

* dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
(make_keyserver_item): Handle non-URL ldap specs.
* dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
ldap_over_tls, and ntds.

* dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
string.  Improve error messages for the non-file case.  Support flags.
* dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
(ks_action_search, ks_action_get, ks_action_put): Ditto.
* dirmngr/ks-engine-ldap.c: Include ldapserver.h.
(ks_ldap_help): Handle non-URL ldap specs.
(my_ldap_connect): Add args r_host and r_use_tls.  Rewrite to support
URLs and non-URL specified keyservers.
(ks_ldap_get): Adjust for changes in my_ldap_connect.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
--

The idea here is to unify our use of URLS or colon delimited ldap
keyserver specification.  The requirement for percent escaping, for
example the bindname in an URLs, is cumbersome and prone to errors.
This we allow our classic colon delimited format as an alternative.
That format makes it also easy to specify flags to tell dirmngr
whether to use starttls or ldap-over-tls.  The code is nearly 100%
compatible to existing specification.  There is one ambiguity if the
hostname for CRL/X509 searches is just "ldap"; this can be solved by
prefixing it with "ldap:" (already implemented in gpgsm).

GnuPG-bug-id: 5405, 5452
Ported-from: 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b

1 files changed, 3 insertions, 1 deletions

diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 92d9d4b6a..498a3d7b1 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -50,7 +50,9 @@ struct ldap_server_s
   char *user;
   char *pass;
   char *base;
-  unsigned int use_ldaps:1;
+  unsigned int starttls:1;       /* Use STARTTLS.  */
+  unsigned int ldap_over_tls:1;  /* Use LDAP over an TLS tunnel */
+  unsigned int ntds:1;           /* Use Active Directory authentication.  */
 };
 typedef struct ldap_server_s *ldap_server_t;