gpg: Do not use self-sigs-only for LDAP keyserver imports.

* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status. * g10/options.h (opts): New field expl_import_self_sigs_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we can allow the import of key signature from LDAP keyservers by default. GnuPG-bug-id: 5387
author: Werner Koch <[email protected]> 2021-04-13 12:25:16 +0000
committer: Werner Koch <[email protected]> 2021-04-13 12:33:50 +0000
commit: 6c26e593df51475921410ac97e9227df6b258618 (patch)
tree: 6dc3982e9453c4b1f83684e7797835ff7cf01e56 /g10/keyserver.c
parent: common: Fix memory leaks. (diff)
download: gnupg-6c26e593df51475921410ac97e9227df6b258618.tar.gz
gnupg-6c26e593df51475921410ac97e9227df6b258618.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 0b3718050..c4a1d5e19 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1740,9 +1740,12 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
   if (opt.verbose && source)
     log_info ("data source: %s\n", source);
 
+
+
   if (!err)
     {
       struct ks_retrieval_screener_arg_s screenerarg;
+      unsigned int options;
 
       /* FIXME: Check whether this comment should be moved to dirmngr.
 
@@ -1756,12 +1759,18 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
          never accept or send them but we better protect against rogue
          keyservers. */
 
+      /* For LDAP servers we reset IMPORT_SELF_SIGS_ONLY unless it has
+       * been set explicitly.  */
+      options = (opt.keyserver_options.import_options | IMPORT_NO_SECKEY);
+      if (source && (!strncmp (source, "ldap:", 5)
+                     || !strncmp (source, "ldaps:", 6))
+          && !opt.flags.expl_import_self_sigs_only)
+        options &= ~IMPORT_SELF_SIGS_ONLY;
+
       screenerarg.desc = desc;
       screenerarg.ndesc = *r_ndesc_used;
       import_keys_es_stream (ctrl, datastream, stats_handle,
-                             r_fpr, r_fprlen,
-                             (opt.keyserver_options.import_options
-                              | IMPORT_NO_SECKEY),
+                             r_fpr, r_fprlen, options,
                              keyserver_retrieval_screener, &screenerarg,
                              only_fprs? KEYORG_KS : 0,
                              source);
author	Werner Koch <[email protected]>	2021-04-13 12:25:16 +0000
committer	Werner Koch <[email protected]>	2021-04-13 12:33:50 +0000
commit	6c26e593df51475921410ac97e9227df6b258618 (patch)
tree	6dc3982e9453c4b1f83684e7797835ff7cf01e56 /g10/keyserver.c
parent	common: Fix memory leaks. (diff)
download	gnupg-6c26e593df51475921410ac97e9227df6b258618.tar.gz gnupg-6c26e593df51475921410ac97e9227df6b258618.zip