aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dirmngr/ks-action.c6
-rw-r--r--dirmngr/ks-action.h2
-rw-r--r--dirmngr/ks-engine-ldap.c112
-rw-r--r--dirmngr/ks-engine.h2
-rw-r--r--dirmngr/server.c7
-rw-r--r--g10/sign.c2
6 files changed, 114 insertions, 17 deletions
diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c
index 6be2072e9..dd1865d4f 100644
--- a/dirmngr/ks-action.c
+++ b/dirmngr/ks-action.c
@@ -551,7 +551,7 @@ ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
/* Delete an OpenPGP key from all KEYSERVERS which use LDAP. The key
* is specifified by PATTERNS. */
gpg_error_t
-ks_action_del (ctrl_t ctrl, uri_item_t keyservers, strlist_t patterns)
+ks_action_del (ctrl_t ctrl, uri_item_t keyservers, strlist_t fprlist)
{
gpg_error_t err = 0;
gpg_error_t first_err = 0;
@@ -567,7 +567,7 @@ ks_action_del (ctrl_t ctrl, uri_item_t keyservers, strlist_t patterns)
|| uri->parsed_uri->opaque )
{
any_server = 1;
- err = ks_ldap_del (ctrl, uri->parsed_uri, patterns);
+ err = ks_ldap_del (ctrl, uri->parsed_uri, fprlist);
if (err && !first_err)
first_err = err;
}
@@ -575,7 +575,7 @@ ks_action_del (ctrl_t ctrl, uri_item_t keyservers, strlist_t patterns)
}
if (!any_server)
- err = gpg_error (GPG_ERR_NO_KEYSERVER); /* Actual: No LDAP keyserver */
+ err = gpg_error (GPG_ERR_NO_KEYSERVER); /* No LDAP keyserver */
else if (!err && first_err)
err = first_err;
return err;
diff --git a/dirmngr/ks-action.h b/dirmngr/ks-action.h
index d222d6afe..0df497266 100644
--- a/dirmngr/ks-action.h
+++ b/dirmngr/ks-action.h
@@ -34,7 +34,7 @@ gpg_error_t ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
void *data, size_t datalen,
void *info, size_t infolen);
gpg_error_t ks_action_del (ctrl_t ctrl, uri_item_t keyservers,
- strlist_t patterns);
+ strlist_t fprlist);
gpg_error_t ks_action_query (ctrl_t ctrl, const char *ldapserver,
unsigned int ks_get_flags,
const char *filter, char **attr,
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index ff4f005f4..9bb604707 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -3048,15 +3048,113 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
}
-/* Delete the keys given by PATTERNS from the keyserver identified by
- * URI. */
+/* Delete the keys given by the list of fingerprints in FPRLIST from
+ * the keyserver identified by URI. The function stops at the first
+ * error encountered. */
gpg_error_t
-ks_ldap_del (ctrl_t ctrl, parsed_uri_t uri, strlist_t patterns)
+ks_ldap_del (ctrl_t ctrl, parsed_uri_t uri, strlist_t fprlist)
{
- (void)ctrl;
- (void)uri;
- (void)patterns;
- return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ gpg_error_t err = 0;
+ int ldap_err;
+ unsigned int serverinfo;
+ LDAP *ldap_conn = NULL;
+ char *basedn = NULL;
+ char *dn = NULL;
+ strlist_t fpr;
+ unsigned int count = 0;
+ unsigned int totalcount = 0;
+
+ if (dirmngr_use_tor ())
+ {
+ return no_ldap_due_to_tor (ctrl);
+ }
+
+ for (fpr = fprlist; fpr; fpr = fpr->next)
+ totalcount++;
+
+ err = my_ldap_connect (uri, 0, &ldap_conn, &basedn, NULL, NULL, &serverinfo);
+ if (err || !basedn)
+ {
+ if(opt.verbose)
+ log_info ("%s: connecting to server failed\n", __func__);
+ if (!err)
+ err = gpg_error (GPG_ERR_GENERAL); /* (no baseDN) */
+ goto leave;
+ }
+
+ if (!(serverinfo & SERVERINFO_REALLDAP))
+ {
+ if(opt.verbose)
+ log_info ("%s: The PGP.com keyserver is not supported\n", __func__);
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ goto leave;
+ }
+
+ if (!(serverinfo & SERVERINFO_SCHEMAV2))
+ {
+ if(opt.verbose)
+ log_info ("%s: The keyserver does not support the v2 schema\n",
+ __func__);
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ goto leave;
+ }
+
+ if (opt.verbose)
+ log_info ("%s: Using DN: %s,%s\n", __func__,
+ (serverinfo & SERVERINFO_NTDS)? "CN=<fingerprint>"
+ /* */ : "pgpCertID=<keyid>",
+ basedn);
+ for (fpr = fprlist; fpr; fpr = fpr->next)
+ {
+ if ((serverinfo & SERVERINFO_NTDS))
+ {
+ xfree (dn);
+ dn = xtryasprintf ("CN=%s,%s", fpr->d, basedn);
+ }
+ else
+ {
+ unsigned int off;
+
+ /* Simle method to get the keyID. Note that a v5 key
+ * (len>40) has the keyid at the left. If the length is
+ * less than 17 we assume a keyid has been given. */
+ off = strlen (fpr->d);
+ if (off <= 40 && off > 16)
+ off = off - 16;
+ else
+ off = 0;
+
+ xfree (dn);
+ dn = xtryasprintf ("pgpCertID=%.16s,%s", fpr->d+off, basedn);
+ }
+
+ npth_unprotect ();
+ ldap_err = ldap_delete_ext_s (ldap_conn, dn, NULL, NULL);
+ npth_protect ();
+ if (ldap_err == LDAP_SUCCESS)
+ {
+ if (opt.verbose)
+ log_info ("%s: key %s deleted\n", __func__, fpr->d);
+ count++;
+ }
+ else
+ {
+ log_error ("%s: error deleting key %s: %s\n",
+ __func__, fpr->d, ldap_err2string (ldap_err));
+ err = ldap_err_to_gpg_err (ldap_err);
+ break; /* Stop at the first failed deletion. */
+ }
+ }
+ log_info ("%s: number of keys deleted: %u of %u\n",
+ __func__, count, totalcount);
+
+
+ leave:
+ if (ldap_conn)
+ ldap_unbind (ldap_conn);
+ xfree (dn);
+ xfree (basedn);
+ return err;
}
diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h
index dfc626d56..005d07490 100644
--- a/dirmngr/ks-engine.h
+++ b/dirmngr/ks-engine.h
@@ -82,7 +82,7 @@ gpg_error_t ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri,
gpg_error_t ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
void *data, size_t datalen,
void *info, size_t infolen);
-gpg_error_t ks_ldap_del (ctrl_t ctrl, parsed_uri_t uri, strlist_t patterns);
+gpg_error_t ks_ldap_del (ctrl_t ctrl, parsed_uri_t uri, strlist_t fprlist);
gpg_error_t ks_ldap_query (ctrl_t ctrl, parsed_uri_t uri,
unsigned int ks_get_flags,
const char *filter, char **attrs,
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 3ad939a6b..747d0a914 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2723,11 +2723,10 @@ cmd_ks_put (assuan_context_t ctx, char *line)
static const char hlp_ks_del[] =
- "KS_DEL --ldap {<pattern>}\n"
+ "KS_DEL --ldap {<fingerprints>}\n"
"\n"
- "Delete the keys matching PATTERN from the configured OpenPGP LDAP server\n"
- "The pattern should be a fingerprint.\n"
- "The option --ldap is mandatory.\n";
+ "Delete the keys specified by primary keys FINGERPRINTS from the\n"
+ "configured OpenPGP LDAP server. The option --ldap is mandatory.";
static gpg_error_t
cmd_ks_del (assuan_context_t ctx, char *line)
{
diff --git a/g10/sign.c b/g10/sign.c
index 1e8bd8f95..b3bda581c 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -825,7 +825,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
/*
* Helper to write the plaintext (literal data) packet. At
- * R_EXTRAHASH a malloced object with the with the extra data hashed
+ * R_EXTRAHASH a malloced object with the extra data hashed
* into v5 signatures is stored.
*/
static int