From 4a3836e2b2f9a91995d5ce058820e1121298f548 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 17 Dec 2020 18:18:52 +0100
Subject: gpg: New AKL method "ntds"

* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
* g10/options.h (AKL_NTDS): New.
* g10/keyserver.c (keyserver_import_ntds): New.
(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
* g10/getkey.c (parse_auto_key_locate): Support "ntds".
(get_pubkey_byname): Ditto.
---
 dirmngr/ks-engine-ldap.c | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

(limited to 'dirmngr/ks-engine-ldap.c')

diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 7dfd7ea94..9b65a5dda 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -343,6 +343,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
   KEYDB_SEARCH_DESC desc;
   char *f = NULL;
   char *freeme = NULL;
+  char *p;
 
   gpg_error_t err = classify_user_id (keyspec, &desc, 1);
   if (err)
@@ -362,14 +363,24 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
       break;
 
     case KEYDB_SEARCH_MODE_MAIL:
-      if (only_exact)
+      freeme = ldap_escape_filter (desc.u.name);
+      if (!freeme)
         break;
-      if ((serverinfo & SERVERINFO_SCHEMAV2))
-        f = xasprintf ("(gpgMailbox=%s)",
-                       (freeme = ldap_escape_filter (desc.u.name)));
+      if (*freeme == '<' && freeme[1] && freeme[2])
+        {
+          /* Strip angle brackets.  Note that it is does not
+           * matter whether we work on the plan or LDAP escaped
+           * version of the mailbox.  */
+          p = freeme + 1;
+          if (p[strlen(p)-1] == '>')
+            p[strlen(p)-1] = 0;
+        }
       else
-        f = xasprintf ("(pgpUserID=*<%s>*)",
-                       (freeme = ldap_escape_filter (desc.u.name)));
+        p = freeme;
+      if ((serverinfo & SERVERINFO_SCHEMAV2))
+        f = xasprintf ("(gpgMailbox=%s)", p);
+      else if (!only_exact)
+        f = xasprintf ("(pgpUserID=*<%s>*)", p);
       break;
 
     case KEYDB_SEARCH_MODE_MAILSUB:
@@ -934,6 +945,8 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
   if (err)
     goto out;
 
+  if (opt.debug)
+    log_debug ("ks-ldap: using filter: %s\n", filter);
 
   {
     /* The ordering is significant.  Specifically, "pgpcertid" needs
-- 
cgit v1.2.3