diff options
| author | Werner Koch <[email protected]> | 2021-05-26 12:48:27 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-06-16 10:25:13 +0000 |
| commit | eb3a629154de10a5414a5d2c2b9941ef8bf1eeaf (patch) | |
| tree | e483f1cb8633c7459dfe69d8e5ad66526e0d8eb6 /dirmngr/server.c | |
| parent | gpg,sm: Simplify keyserver spec parsing. (diff) | |
| download | gnupg-eb3a629154de10a5414a5d2c2b9941ef8bf1eeaf.tar.gz gnupg-eb3a629154de10a5414a5d2c2b9941ef8bf1eeaf.zip | |
dirmngr: Allow for non-URL specified ldap keyservers.
* dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
(make_keyserver_item): Handle non-URL ldap specs.
* dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
ldap_over_tls, and ntds.
* dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
string. Improve error messages for the non-file case. Support flags.
* dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
(ks_action_search, ks_action_get, ks_action_put): Ditto.
* dirmngr/ks-engine-ldap.c: Include ldapserver.h.
(ks_ldap_help): Handle non-URL ldap specs.
(my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support
URLs and non-URL specified keyservers.
(ks_ldap_get): Adjust for changes in my_ldap_connect.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
--
The idea here is to unify our use of URLS or colon delimited ldap
keyserver specification. The requirement for percent escaping, for
example the bindname in an URLs, is cumbersome and prone to errors.
This we allow our classic colon delimited format as an alternative.
That format makes it also easy to specify flags to tell dirmngr
whether to use starttls or ldap-over-tls. The code is nearly 100%
compatible to existing specification. There is one ambiguity if the
hostname for CRL/X509 searches is just "ldap"; this can be solved by
prefixing it with "ldap:" (already implemented in gpgsm).
GnuPG-bug-id: 5405, 5452
Ported-from: 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
Diffstat (limited to 'dirmngr/server.c')
| -rw-r--r-- | dirmngr/server.c | 49 |
1 files changed, 45 insertions, 4 deletions
diff --git a/dirmngr/server.c b/dirmngr/server.c index a35402271..105275845 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -1143,7 +1143,8 @@ static const char hlp_ldapserver[] = "LDAPSERVER <data>\n" "\n" "Add a new LDAP server to the list of configured LDAP servers.\n" - "DATA is in the same format as expected in the configure file."; + "DATA is in the same format as expected in the configure file.\n" + "An optional prefix \"ldap:\" is allowed."; static gpg_error_t cmd_ldapserver (assuan_context_t ctx, char *line) { @@ -1157,7 +1158,11 @@ cmd_ldapserver (assuan_context_t ctx, char *line) if (*line == '\0') return leave_cmd (ctx, PARM_ERROR (_("ldapserver missing"))); - server = ldapserver_parse_one (line, "", 0); + /* Skip an "ldap:" prefix unless it is a valid ldap url. */ + if (!strncmp (line, "ldap:", 5) && !(line[5] == '/' && line[6] == '/')) + line += 5; + + server = ldapserver_parse_one (line, NULL, 0); if (! server) return leave_cmd (ctx, gpg_error (GPG_ERR_INV_ARG)); @@ -2065,6 +2070,7 @@ make_keyserver_item (const char *uri, uri_item_t *r_item) { gpg_error_t err; uri_item_t item; + const char *s; *r_item = NULL; @@ -2108,8 +2114,43 @@ make_keyserver_item (const char *uri, uri_item_t *r_item) strcpy (item->uri, uri); #if USE_LDAP - if (ldap_uri_p (item->uri)) - err = ldap_parse_uri (&item->parsed_uri, uri); + if (!strncmp (uri, "ldap:", 5) && !(uri[5] == '/' && uri[6] == '/')) + { + char *tmpstr; + /* Special ldap scheme given. This differs from a valid ldap + * scheme in that no double slash follows.. Use http_parse_uri + * to put it as opaque value into parsed_uri. */ + tmpstr = strconcat ("opaque:", uri+5, NULL); + if (!tmpstr) + err = gpg_error_from_syserror (); + else + { + log_debug ("tmpstr='%s'\n", tmpstr); + err = http_parse_uri (&item->parsed_uri, tmpstr, 0); + xfree (tmpstr); + } + } + else if ((s=strchr (uri, ':')) && !(s[1] == '/' && s[2] == '/')) + { + char *tmpstr; + /* No valid scheme given. Use http_parse_uri to put the string + * as opaque value into parsed_uri. */ + tmpstr = strconcat ("opaque:", uri, NULL); + if (!tmpstr) + err = gpg_error_from_syserror (); + else + { + log_debug ("tmpstr2='%s'\n", tmpstr); + err = http_parse_uri (&item->parsed_uri, tmpstr, 0); + xfree (tmpstr); + } + } + else if (ldap_uri_p (uri)) + { + /* Fixme: We should get rid of that parser and replace it with + * our generic (http) URI parser. */ + err = ldap_parse_uri (&item->parsed_uri, uri); + } else #endif { |