dirmngr: Return modifyTimestamp and add server option --newer.

* dirmngr/server.c (cmd_ks_get): Add option --newer. (cmd_ad_query): Ditto. * dirmngr/ldap-misc.c (isotime2rfc4517): New. (rfc4517toisotime): New. * dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on. (ks_action_query): Ditto. * dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record. (ks_ldap_get): Add arg newer. Modify filter with newer arg. (ks_ldap_search): Print the modifyTimestamp. (ks_ldap_query): Add arg newer. Modify filter with newer arg. -- Note that the modifyTimestamp is also available on Windows, where its value is more commonly known as whenChanged. Both are constructed attributes. Note that the --newer option is a bit of a misnomer because LDAP has only a greater-or-equal and no greater-than operator.
author: Werner Koch <[email protected]> 2023-04-04 06:49:55 +0000
committer: Werner Koch <[email protected]> 2023-04-04 06:49:55 +0000
commit: 56d309133f0e54ac5e2f95871fb74f8cb97e2636 (patch)
tree: 79624645582e9dbe72b16287b553b37abfcfc724 /dirmngr/server.c
parent: agent: Add trustlist flag "de-vs". (diff)
download: gnupg-56d309133f0e54ac5e2f95871fb74f8cb97e2636.tar.gz
gnupg-56d309133f0e54ac5e2f95871fb74f8cb97e2636.zip
1 files changed, 27 insertions, 6 deletions
diff --git a/dirmngr/server.c b/dirmngr/server.c
index c93437247..2c5a41b07 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2461,22 +2461,28 @@ cmd_ks_search (assuan_context_t ctx, char *line)
 
 
 static const char hlp_ks_get[] =
-  "KS_GET [--quick] [--ldap] [--first|--next] {<pattern>}\n"
+  "KS_GET [--quick] [--newer=TIME] [--ldap] [--first|--next] {<pattern>}\n"
   "\n"
   "Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
   "(see command KEYSERVER).  Each pattern should be a keyid, a fingerprint,\n"
   "or an exact name indicated by the '=' prefix.  Option --quick uses a\n"
   "shorter timeout; --ldap will use only ldap servers.  With --first only\n"
-  "the first item is returned; --next is used to return the next item";
+  "the first item is returned; --next is used to return the next item\n"
+  "Option --newer works only with certain LDAP servers.";
 static gpg_error_t
 cmd_ks_get (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
   gpg_error_t err;
-  strlist_t list, sl;
+  strlist_t list = NULL;
+  strlist_t sl;
+  const char *s;
   char *p;
   estream_t outfp;
   unsigned int flags = 0;
+  gnupg_isotime_t opt_newer;
+
+  *opt_newer = 0;
 
   if (has_option (line, "--quick"))
     ctrl->timeout = opt.connect_quick_timeout;
@@ -2486,13 +2492,18 @@ cmd_ks_get (assuan_context_t ctx, char *line)
     flags |= KS_GET_FLAG_FIRST;
   if (has_option (line, "--next"))
     flags |= KS_GET_FLAG_NEXT;
+  if ((s = option_value (line, "--newer"))
+      && !string2isotime (opt_newer, s))
+    {
+      err = set_error (GPG_ERR_SYNTAX, "invalid time format");
+      goto leave;
+    }
   line = skip_options (line);
 
   /* Break the line into a strlist.  Each pattern is by
      definition percent-plus escaped.  However we only support keyids
      and fingerprints and thus the client has no need to apply the
      escaping.  */
-  list = NULL;
   for (p=line; *p; line = p)
     {
       while (*p && *p != ' ')
@@ -2569,7 +2580,7 @@ cmd_ks_get (assuan_context_t ctx, char *line)
       ctrl->server_local->inhibit_data_logging_now = 0;
       ctrl->server_local->inhibit_data_logging_count = 0;
       err = ks_action_get (ctrl, ctrl->server_local->keyservers,
-                           list, flags, outfp);
+                           list, flags, opt_newer, outfp);
       es_fclose (outfp);
       ctrl->server_local->inhibit_data_logging = 0;
     }
@@ -2710,6 +2721,10 @@ cmd_ad_query (assuan_context_t ctx, char *line)
   estream_t outfp = NULL;
   char *p;
   char **opt_attr = NULL;
+  const char *s;
+  gnupg_isotime_t opt_newer;
+
+  *opt_newer = 0;
 
   /* No options for now.  */
   if (has_option (line, "--first"))
@@ -2718,6 +2733,12 @@ cmd_ad_query (assuan_context_t ctx, char *line)
     flags |= KS_GET_FLAG_NEXT;
   if (has_option (line, "--rootdse"))
     flags |= KS_GET_FLAG_ROOTDSE;
+  if ((s = option_value (line, "--newer"))
+      && !string2isotime (opt_newer, s))
+    {
+      err = set_error (GPG_ERR_SYNTAX, "invalid time format");
+      goto leave;
+    }
   err = get_option_value (line, "--attr", &p);
   if (err)
     goto leave;
@@ -2758,7 +2779,7 @@ cmd_ad_query (assuan_context_t ctx, char *line)
 
   err = ks_action_query (ctrl,
                          (flags & KS_GET_FLAG_ROOTDSE)? NULL : "ldap:///",
-                         flags, filter, opt_attr, outfp);
+                         flags, filter, opt_attr, opt_newer, outfp);
 
  leave:
   es_fclose (outfp);
author	Werner Koch <[email protected]>	2023-04-04 06:49:55 +0000
committer	Werner Koch <[email protected]>	2023-04-04 06:49:55 +0000
commit	56d309133f0e54ac5e2f95871fb74f8cb97e2636 (patch)
tree	79624645582e9dbe72b16287b553b37abfcfc724 /dirmngr/server.c
parent	agent: Add trustlist flag "de-vs". (diff)
download	gnupg-56d309133f0e54ac5e2f95871fb74f8cb97e2636.tar.gz gnupg-56d309133f0e54ac5e2f95871fb74f8cb97e2636.zip