From d65a0335e5cb947dc527d62eccf7c2a3cdbcc788 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 28 Sep 2022 09:43:25 +0200
Subject: dirmngr: New server flag "areconly" (A-record-only)

* dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly"
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag.
* dirmngr/dirmngr_ldap.c: Add option --areconly
(connect_ldap): Implement option.
* dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option.
--

This flag is used to pass the Windows specific option
LDAP_OPT_AREC_EXCLUSIVE.  It is ignored on other systems.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/ldap.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'dirmngr/ldap.c')

diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index 174c6d93f..f9f6d5f1a 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -119,13 +119,14 @@ run_ldap_wrapper (ctrl_t ctrl,
                   int multi_mode,
                   int tls_mode,
                   int ntds,
+                  int areconly,
                   const char *proxy,
                   const char *host, int port,
                   const char *user, const char *pass,
                   const char *base, const char *filter, const char *attr,
                   ksba_reader_t *reader)
 {
-  const char *argv[50];
+  const char *argv[51];
   int argc;
   char portbuf[30], timeoutbuf[30];
 
@@ -156,6 +157,9 @@ run_ldap_wrapper (ctrl_t ctrl,
   if (ntds)
     argv[argc++] = "--ntds";
 
+  if (areconly)
+    argv[argc++] = "--areconly";
+
   if (opt.ldaptimeout)
     {
       snprintf (timeoutbuf, sizeof timeoutbuf, "%u", opt.ldaptimeout);
@@ -262,6 +266,7 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
                           0, /* No Multi-mode.  */
                           tls_mode,
                           0, /* No AD authentication.  */
+                          0, /* No areconly.  */
                           opt.ldap_proxy,
                           ludp->lud_host, ludp->lud_port,
                           NULL, NULL,  /* user, password */
@@ -308,6 +313,7 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
                                   0, /* No Multi-mode */
                                   tls_mode,
                                   server->ntds,
+                                  server->areconly,
                                   NULL,
                                   server->host, server->port,
                                   server->user, server->pass,
@@ -358,6 +364,7 @@ attr_fetch_ldap (ctrl_t ctrl,
                               0,
                               tls_mode,
                               server->ntds,
+                              server->areconly,
                               opt.ldap_proxy,
                               server->host, server->port,
                               server->user, server->pass,
@@ -625,6 +632,7 @@ start_cacert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
                               1,  /* --multi (record format) */
                               0, /* No TLS */
                               0, /* No AD authentication.  */
+                              server->areconly,
                               opt.ldap_proxy,
                               server->host, server->port,
                               server->user, server->pass,
-- 
cgit v1.2.3