diff options
Diffstat (limited to '')
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | common/iobuf.c | 5 | ||||
| -rw-r--r-- | dirmngr/ks-engine-ldap.c | 14 | ||||
| -rw-r--r-- | doc/ldap/gnupg-ldap-init.ldif | 8 | ||||
| -rw-r--r-- | g10/misc.c | 22 | ||||
| -rw-r--r-- | g10/pkglue.c | 2 |
6 files changed, 39 insertions, 15 deletions
@@ -1,6 +1,9 @@ Noteworthy changes in version 2.5.12 (unreleased) ------------------------------------------------- + * dirmgr: Support LDAP servers using a schema like the Windows LDS + servers. [T7742] + * gpgtar: Fix regression in end-of-archive detection. [T7757] Release-info: https://dev.gnupg.org/T7756 diff --git a/common/iobuf.c b/common/iobuf.c index 7aaf3a878..833b90295 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -3057,7 +3057,7 @@ is_file_compressed (iobuf_t inp) { byte len; byte extchk; - byte magic[5]; + byte magic[6]; } magic[] = { { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */ @@ -3065,7 +3065,8 @@ is_file_compressed (iobuf_t inp) { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */ { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */ { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */ - { 5, 2, { 0x89, 'P','N','G', 0x0d} } /* Likely PNG */ + { 5, 2, { 0x89, 'P','N','G', 0x0d} }, /* Likely PNG */ + { 6, 0, { '7', 'z', 0xbc, 0xaf, 0x27, 0x1c} } /* 7z */ }; if (!inp) diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 9bb604707..789f9706b 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -54,6 +54,7 @@ #define SERVERINFO_SCHEMAV2 4 /* Version 2 of the Schema. */ #define SERVERINFO_NTDS 8 /* Server is an Active Directory. */ #define SERVERINFO_GENERIC 16 /* Connected in generic mode. */ +#define SERVERINFO_CNFPR 32 /* Server uses CN=fingerprint. */ /* The page size requested from the server. */ @@ -648,7 +649,10 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search, *r_serverinfo |= SERVERINFO_SCHEMAV2; if (nfields > 1 && !ascii_strcasecmp (fields[1], "ntds")) - *r_serverinfo |= SERVERINFO_NTDS; + *r_serverinfo |= (SERVERINFO_NTDS|SERVERINFO_CNFPR); + else if (nfields > 1 + && !ascii_strcasecmp (fields[1], "cnfpr")) + *r_serverinfo |= SERVERINFO_CNFPR; } } my_ldap_value_free (vals); @@ -2978,7 +2982,7 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri, char **attrval; char *dn; - if ((serverinfo & SERVERINFO_NTDS)) + if ((serverinfo & SERVERINFO_CNFPR)) { /* The modern way using a CN RDN with the fingerprint. This * has the advantage that we won't have duplicate 64 bit @@ -3101,12 +3105,12 @@ ks_ldap_del (ctrl_t ctrl, parsed_uri_t uri, strlist_t fprlist) if (opt.verbose) log_info ("%s: Using DN: %s,%s\n", __func__, - (serverinfo & SERVERINFO_NTDS)? "CN=<fingerprint>" - /* */ : "pgpCertID=<keyid>", + (serverinfo & SERVERINFO_CNFPR)? "CN=<fingerprint>" + /* */ : "pgpCertID=<keyid>", basedn); for (fpr = fprlist; fpr; fpr = fpr->next) { - if ((serverinfo & SERVERINFO_NTDS)) + if ((serverinfo & SERVERINFO_CNFPR)) { xfree (dn); dn = xtryasprintf ("CN=%s,%s", fpr->d, basedn); diff --git a/doc/ldap/gnupg-ldap-init.ldif b/doc/ldap/gnupg-ldap-init.ldif index 8f62c5c61..fa302e750 100644 --- a/doc/ldap/gnupg-ldap-init.ldif +++ b/doc/ldap/gnupg-ldap-init.ldif @@ -19,12 +19,16 @@ pgpSoftware: GnuPG # 1 = Classic PGP schema (default) # 2 = The attributes gpgFingerprint, gpgSubFingerprint, # gpgSubCertID, and gpgMailbox are part of the schema. -# Item 2 - A string with the used LDAP server +# Item 2 - A string with the LDAP server type # "-" = Unknown (default) # "ntds" = Windows Directory Service (AD DS) # "openldap" = OpenLDAP +# "cnfpr" = As with "ntds" the DN has CN=fingerprint +# instead of the legacy pgpCertID=keyid. +# Use this for openldap if your client software +# is new enough (gnupg >= (2.2.28 or 2.5.12). # -pgpVersion: 2 +pgpVersion: 2 cnfpr dn: ou=GnuPG Keys,dc=example,dc=com objectClass: organizationalUnit diff --git a/g10/misc.c b/g10/misc.c index c52091830..43be620e6 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1578,25 +1578,37 @@ parse_options(char *str,unsigned int *options, { char *tok; - if (str && (!strcmp (str, "help") || !strcmp (str, "full-help"))) + if (str && (!strcmp (str, "help") + || !strcmp (str, "full-help") || !strcmp (str, "fullhelp"))) { int i,maxlen=0; int full = *str == 'f'; + int set; /* Figure out the longest option name so we can line these up neatly. */ for(i=0;opts[i].name;i++) - if(opts[i].help && maxlen<strlen(opts[i].name)) + if((full || opts[i].help) && maxlen<strlen(opts[i].name)) maxlen=strlen(opts[i].name); for(i=0;opts[i].name;i++) if(opts[i].help) - es_printf("%s%*s%s\n",opts[i].name, - maxlen+2-(int)strlen(opts[i].name),"",_(opts[i].help)); + { + set = (*options & opts[i].bit); + es_printf("%s%*s%s%s%s%s\n",opts[i].name, + maxlen+2-(int)strlen(opts[i].name),"",_(opts[i].help), + set?" [":"", set? _("enabled"):"", set?"]":""); + } + if (full) for (i=0; opts[i].name; i++) if(!opts[i].help) - es_printf("%s\n",opts[i].name); + { + set = (*options & opts[i].bit); + es_printf("%s%*s%s%s%s\n",opts[i].name, + set? (maxlen+2-(int)strlen(opts[i].name)):0,"", + set?"[":"", set? _("enabled"):"", set?"]":""); + } g10_exit(0); } diff --git a/g10/pkglue.c b/g10/pkglue.c index a6bd893b3..11d252f0a 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -486,8 +486,8 @@ do_encrypt_kem (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo, goto leave; } ecc_ct_len = ecc_ecdh_len = ecc->point_len; - ecc_ss_len = ecc->scalar_len; ecc_hash_algo = ecc->hash_algo; + ecc_ss_len = gcry_md_get_algo_dlen (ecc_hash_algo); ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits); ecc_pubkey_len = (nbits+7)/8; |