diff options
| -rw-r--r-- | dirmngr/dirmngr.h | 2 | ||||
| -rw-r--r-- | dirmngr/ks-action.c | 46 | ||||
| -rw-r--r-- | dirmngr/ldapserver.c | 5 | ||||
| -rw-r--r-- | doc/dirmngr.texi | 2 |
4 files changed, 55 insertions, 0 deletions
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 984c60db2..d32f125d2 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -55,7 +55,9 @@ struct ldap_server_s unsigned int ldap_over_tls:1; /* Use LDAP over an TLS tunnel */ unsigned int ntds:1; /* Use Active Directory authentication. */ unsigned int areconly:1; /* Set LDAP_OPT_AREC_EXCLUSIVE. */ + unsigned int upload:1; /* Use this server only for upload. */ }; + typedef struct ldap_server_s *ldap_server_t; diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index dd1865d4f..2b356975b 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -31,6 +31,7 @@ #include "ks-engine.h" #include "ks-action.h" #if USE_LDAP +# include "ldapserver.h" /* (ldapserver_parse_one) */ # include "ldap-parse-uri.h" #endif @@ -373,6 +374,22 @@ ks_action_get (ctrl_t ctrl, uri_item_t keyservers, || !strcmp (uri->parsed_uri->scheme, "ldaps") || !strcmp (uri->parsed_uri->scheme, "ldapi") || uri->parsed_uri->opaque); + if (is_ldap && uri->parsed_uri->opaque) + { + ldap_server_t server; + + server = ldapserver_parse_one (uri->parsed_uri->path, NULL, 0); + if (server && server->upload) + { + if (DBG_LDAP) + log_debug ("skipping upload-only server '%s'\n", + uri->parsed_uri->path); + is_ldap = 0; + } + ldapserver_list_free (server); + if (!is_ldap ) + continue; + } #else (void)newer; #endif @@ -503,15 +520,44 @@ ks_action_put (ctrl_t ctrl, uri_item_t keyservers, gpg_error_t first_err = 0; int any_server = 0; uri_item_t uri; + uri_item_t upload_uri = NULL; (void) info; (void) infolen; + +#if USE_LDAP + /* Check whether we have an upload only server and save the first + * one. Fixme: We should do the parsing when loading the list of + * ldap servers to keep the upload flags in the uri_item_t. */ + for (uri = keyservers; uri && !upload_uri; uri = uri->next) + { + ldap_server_t server; + + if (!uri->parsed_uri->opaque) + continue; + server = ldapserver_parse_one (uri->parsed_uri->path, NULL, 0); + if (server && server->upload) + { + if (DBG_LDAP) + log_debug ("found upload-only server '%s'\n", + uri->parsed_uri->path); + upload_uri = uri; /* found */ + } + ldapserver_list_free (server); + } +#endif /*USE_LDAP*/ + + for (uri = keyservers; !err && uri; uri = uri->next) { int is_http = uri->parsed_uri->is_http; int is_ldap = 0; + /* If we have an upload server skip all other servers. */ + if (upload_uri && upload_uri != uri) + continue; + #if USE_LDAP is_ldap = (!strcmp (uri->parsed_uri->scheme, "ldap") || !strcmp (uri->parsed_uri->scheme, "ldaps") diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c index 8cd193f86..d0e9822e4 100644 --- a/dirmngr/ldapserver.c +++ b/dirmngr/ldapserver.c @@ -65,6 +65,7 @@ ldapserver_list_free (ldap_server_t servers) * (The last of these 3 flags is the effective one) * ntds := Use Active Directory authentication * areconly := Use option LDAP_OPT_AREC_EXCLUSIVE + * upload := Use this server only for upload. * * FILENAME and LINENO are used for diagnostic purposes only. */ @@ -182,6 +183,10 @@ ldapserver_parse_one (const char *line, { server->areconly = 1; } + else if (!ascii_strcasecmp (s, "upload")) + { + server->upload = 1; + } else { if (filename) diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index eda33064e..9335a3324 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -516,6 +516,8 @@ with the current user. @item areconly On Windows use only the A or AAAA record when resolving the LDAP server name. +@item upload +This server is only used for uploading (sending) data to an LDAP server. @end table Note that in an URL style specification the scheme @code{ldaps://} |