gpg: New AKL method "ntds"

* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new support for KEYDB_SEARCH_MODE_MAIL. (ks_ldap_get): Add a debug. * g10/options.h (AKL_NTDS): New. * g10/keyserver.c (keyserver_import_ntds): New. (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL. * g10/getkey.c (parse_auto_key_locate): Support "ntds". (get_pubkey_byname): Ditto.
author: Werner Koch <[email protected]> 2020-12-17 17:18:52 +0000
committer: Werner Koch <[email protected]> 2020-12-17 17:25:34 +0000
commit: 4a3836e2b2f9a91995d5ce058820e1121298f548 (patch)
tree: 29040bbaf899bdd5843710645f5367f35812ff16 /dirmngr/ks-engine-ldap.c
parent: dirmngr: Support "ldap:///" for the current AD user. (diff)
download: gnupg-4a3836e2b2f9a91995d5ce058820e1121298f548.tar.gz
gnupg-4a3836e2b2f9a91995d5ce058820e1121298f548.zip
1 files changed, 19 insertions, 6 deletions
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 7dfd7ea94..9b65a5dda 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -343,6 +343,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
   KEYDB_SEARCH_DESC desc;
   char *f = NULL;
   char *freeme = NULL;
+  char *p;
 
   gpg_error_t err = classify_user_id (keyspec, &desc, 1);
   if (err)
@@ -362,14 +363,24 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
       break;
 
     case KEYDB_SEARCH_MODE_MAIL:
-      if (only_exact)
+      freeme = ldap_escape_filter (desc.u.name);
+      if (!freeme)
         break;
-      if ((serverinfo & SERVERINFO_SCHEMAV2))
-        f = xasprintf ("(gpgMailbox=%s)",
-                       (freeme = ldap_escape_filter (desc.u.name)));
+      if (*freeme == '<' && freeme[1] && freeme[2])
+        {
+          /* Strip angle brackets.  Note that it is does not
+           * matter whether we work on the plan or LDAP escaped
+           * version of the mailbox.  */
+          p = freeme + 1;
+          if (p[strlen(p)-1] == '>')
+            p[strlen(p)-1] = 0;
+        }
       else
-        f = xasprintf ("(pgpUserID=*<%s>*)",
-                       (freeme = ldap_escape_filter (desc.u.name)));
+        p = freeme;
+      if ((serverinfo & SERVERINFO_SCHEMAV2))
+        f = xasprintf ("(gpgMailbox=%s)", p);
+      else if (!only_exact)
+        f = xasprintf ("(pgpUserID=*<%s>*)", p);
       break;
 
     case KEYDB_SEARCH_MODE_MAILSUB:
@@ -934,6 +945,8 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
   if (err)
     goto out;
 
+  if (opt.debug)
+    log_debug ("ks-ldap: using filter: %s\n", filter);
 
   {
     /* The ordering is significant.  Specifically, "pgpcertid" needs
author	Werner Koch <[email protected]>	2020-12-17 17:18:52 +0000
committer	Werner Koch <[email protected]>	2020-12-17 17:25:34 +0000
commit	4a3836e2b2f9a91995d5ce058820e1121298f548 (patch)
tree	29040bbaf899bdd5843710645f5367f35812ff16 /dirmngr/ks-engine-ldap.c
parent	dirmngr: Support "ldap:///" for the current AD user. (diff)
download	gnupg-4a3836e2b2f9a91995d5ce058820e1121298f548.tar.gz gnupg-4a3836e2b2f9a91995d5ce058820e1121298f548.zip