diff options
| author | Werner Koch <[email protected]> | 2021-04-16 18:21:23 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-04-16 18:21:23 +0000 |
| commit | d7e707170fbe2956deb3d81e2802d21352079722 (patch) | |
| tree | 69192a8a16bce8ea053039d882d8bdfff6e1bc77 /g10/call-dirmngr.c | |
| parent | scd:p15: Support attribute KEY-FPR. (diff) | |
| download | gnupg-d7e707170fbe2956deb3d81e2802d21352079722.tar.gz gnupg-d7e707170fbe2956deb3d81e2802d21352079722.zip | |
gpg: Lookup a missing public key of the current card via LDAP.
* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
key from the current card via LDAP.
* g10/call-dirmngr.c: Include keyserver-intetnal.h.
(gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the
new LDAP flag.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
Replace the use of the value 1 for the former quick arg.
(KEYSERVER_IMPORT_FLAG_LDAP): New.
* g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
length.
* dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
* dirmngr/server.c (cmd_ks_get): Add option --ldap.
--
This change makes it easy to start working with gnupg: Just insert the
smartcard or token provided to you and the first time you sign a
message the public key associated with the current card will be
imported and everything is set without any configuration.
This works only with an LDAP directory because it can be expected that
the public key has been put into the LDAP during card personalization.
Of course an LDAP server needs to be configured; in a Windows AD
domain this can be a mere "keyserver ldap:///" in dirmngr.conf. Other
configured keyservers are ignored.
Requirements for the card driver: The $SIGNKEYID attribute must exists
and a query for the KEY-FPR attribute needs to return the OpenPGP
fingerprint for that key. This is currently supported for OpenPGP
cards and certain PKCS#15 cards.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/call-dirmngr.c')
| -rw-r--r-- | g10/call-dirmngr.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 21edab639..434b46795 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -38,6 +38,7 @@ #include "../common/asshelp.h" #include "../common/keyserver.h" #include "../common/status.h" +#include "keyserver-internal.h" #include "call-dirmngr.h" @@ -637,7 +638,9 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen) don't need to escape the patterns before sending them to the server. - If QUICK is set the dirmngr is advised to use a shorter timeout. + Bit values for FLAGS are: + - KEYSERVER_IMPORT_FLAG_QUICK :: dirmngr shall use a shorter timeout. + - KEYSERVER_IMPORT_FLAG_LDAP :: dirmngr shall only use LDAP or NTDS. If R_SOURCE is not NULL the source of the data is stored as a malloced string there. If a source is not known NULL is stored. @@ -649,7 +652,8 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen) are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */ gpg_error_t gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern, - keyserver_spec_t override_keyserver, int quick, + keyserver_spec_t override_keyserver, + unsigned int flags, estream_t *r_fp, char **r_source) { gpg_error_t err; @@ -695,7 +699,12 @@ gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern, /* Lump all patterns into one string. */ init_membuf (&mb, 1024); - put_membuf_str (&mb, quick? "KS_GET --quick --" : "KS_GET --"); + put_membuf_str (&mb, "KS_GET"); + if ((flags & KEYSERVER_IMPORT_FLAG_QUICK)) + put_membuf_str (&mb, " --quick"); + if ((flags & KEYSERVER_IMPORT_FLAG_LDAP)) + put_membuf_str (&mb, " --ldap"); + put_membuf_str (&mb, " --"); for (idx=0; pattern[idx]; idx++) { put_membuf (&mb, " ", 1); /* Append Delimiter. */ |