diff --git a/doc/gpg.texi b/doc/gpg.texi
index 67c6012c9..af87064e5 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2006,15 +2006,15 @@ list. The default is "local,wkd".
Locate a key using the Web Key Directory protocol.
@item ldap
- Using DNS Service Discovery, check the domain in question for any LDAP
- keyservers to use. If this fails, attempt to locate the key using the
- PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
+ Locate the key using the configured LDAP servers. This method is
+ similar to the @code{keyserver} mechanism but always uses only LDAP
+ servers.
@item ntds
Locate the key using the Active Directory (Windows only). This
method also allows one to search by fingerprint using the command
@option{--locate-external-key}. Note that this mechanism is
- actually a shortcut for the mechanism @samp{keyserver} but using
+ actually a shortcut for the mechanism @samp{ldap} using only
"ldap:///" as the keyserver.
@item keyserver
diff --git a/g10/getkey.c b/g10/getkey.c
index 3e5d32e01..e0d99311a 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1,7 +1,7 @@
/* getkey.c - Get a key from the database
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2007, 2008, 2010 Free Software Foundation, Inc.
- * Copyright (C) 2015, 2016 g10 Code GmbH
+ * Copyright (C) 2015, 2016, 2024 g10 Code GmbH
*
* This file is part of GnuPG.
*
@@ -17,6 +17,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
+ * SPDX-License-Identifier: GPL-3.0-or-later
*/
#include
@@ -1176,16 +1177,31 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
break;
case AKL_LDAP:
- if (is_fpr)
+ if (!keyserver_any_configured (ctrl))
{
mechanism_string = "";
rc = GPG_ERR_NO_PUBKEY;
}
else
{
- mechanism_string = "LDAP";
+ mechanism_string = is_fpr? "ldap/fpr":"ldap/mbox";
glo_ctrl.in_auto_key_retrieve++;
- rc = keyserver_import_ldap (ctrl, name, &fpr, &fpr_len);
+ if (is_fpr)
+ rc = keyserver_import_fpr (ctrl,
+ fprbuf.u.fpr, fprbuf.fprlen,
+ opt.keyserver,
+ KEYSERVER_IMPORT_FLAG_LDAP);
+ else
+ rc = keyserver_import_mbox (ctrl, name, &fpr, &fpr_len,
+ opt.keyserver,
+ KEYSERVER_IMPORT_FLAG_LDAP);
+ /* Map error codes because Dirmngr returns NO DATA
+ * if the keyserver does not have the requested key.
+ * It returns NO KEYSERVER if no LDAP keyservers are
+ * configured. */
+ if (gpg_err_code (rc) == GPG_ERR_NO_DATA
+ || gpg_err_code (rc) == GPG_ERR_NO_KEYSERVER)
+ rc = gpg_error (GPG_ERR_NO_PUBKEY);
glo_ctrl.in_auto_key_retrieve--;
}
break;
@@ -1227,7 +1243,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
else
{
rc = keyserver_import_mbox (ctrl, name, &fpr, &fpr_len,
- opt.keyserver);
+ opt.keyserver, 0);
}
glo_ctrl.in_auto_key_retrieve--;
}
@@ -1258,7 +1274,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
else
{
rc = keyserver_import_mbox (ctrl, name,
- &fpr, &fpr_len, keyserver);
+ &fpr, &fpr_len, keyserver, 0);
}
glo_ctrl.in_auto_key_retrieve--;
}
diff --git a/g10/gpg.c b/g10/gpg.c
index 5359d1582..65e32c097 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4773,8 +4773,6 @@ main (int argc, char **argv)
parse_auto_key_locate (DEFAULT_AKL_LIST);
}
public_key_list (ctrl, sl, 1, cmd == aLocateExtKeys);
-
-
free_strlist (sl);
break;
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index 5c27c3a2b..cb2c005b4 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -55,10 +55,9 @@ gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name,
unsigned char **fpr, size_t *fpr_len);
int keyserver_import_ntds (ctrl_t ctrl, const char *name,
unsigned char **fpr,size_t *fpr_len);
-int keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
- unsigned char **fpr,size_t *fpr_len,
- struct keyserver_spec *keyserver);
-int keyserver_import_ldap (ctrl_t ctrl, const char *name,
- unsigned char **fpr,size_t *fpr_len);
+gpg_error_t keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
+ unsigned char **fpr,size_t *fpr_len,
+ struct keyserver_spec *keyserver,
+ unsigned int flags);
#endif /* !_KEYSERVER_INTERNAL_H_ */
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 83c53a0cf..acb82ef32 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -946,17 +946,17 @@ keyserver_any_configured (ctrl_t ctrl)
/* Import all keys that exactly match MBOX */
-int
+gpg_error_t
keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
unsigned char **fpr, size_t *fprlen,
- struct keyserver_spec *keyserver)
+ struct keyserver_spec *keyserver, unsigned int flags)
{
KEYDB_SEARCH_DESC desc = { 0 };
desc.mode = KEYDB_SEARCH_MODE_MAIL;
desc.u.name = mbox;
- return keyserver_get (ctrl, &desc, 1, keyserver, 0, fpr, fprlen);
+ return keyserver_get (ctrl, &desc, 1, keyserver, flags, fpr, fprlen);
}
@@ -1864,85 +1864,3 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags,
xfree (mbox);
return err;
}
-
-
-/* Import a key by name using LDAP */
-int
-keyserver_import_ldap (ctrl_t ctrl,
- const char *name, unsigned char **fpr, size_t *fprlen)
-{
- (void)ctrl;
- (void)name;
- (void)fpr;
- (void)fprlen;
- return gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
-#if 0
- char *domain;
- struct keyserver_spec *keyserver;
- strlist_t list=NULL;
- int rc,hostlen=1;
- struct srventry *srvlist=NULL;
- int srvcount,i;
- char srvname[MAXDNAME];
-
- /* Parse out the domain */
- domain=strrchr(name,'@');
- if(!domain)
- return GPG_ERR_GENERAL;
-
- domain++;
-
- keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
- keyserver->scheme=xstrdup("ldap");
- keyserver->host=xmalloc(1);
- keyserver->host[0]='\0';
-
- snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
-
- FIXME("network related - move to dirmngr or drop the code");
- srvcount=getsrv(srvname,&srvlist);
-
- for(i=0;ihost=xrealloc(keyserver->host,hostlen);
-
- strcat(keyserver->host,srvlist[i].target);
-
- if(srvlist[i].port!=389)
- {
- char port[7];
-
- hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
- keyserver->host=xrealloc(keyserver->host,hostlen);
-
- snprintf(port,7,":%u",srvlist[i].port);
- strcat(keyserver->host,port);
- }
-
- strcat(keyserver->host," ");
- }
-
- free(srvlist);
-
- /* If all else fails, do the PGP Universal trick of
- ldap://keys.(domain) */
-
- hostlen+=5+strlen(domain);
- keyserver->host=xrealloc(keyserver->host,hostlen);
- strcat(keyserver->host,"keys.");
- strcat(keyserver->host,domain);
-
- append_to_strlist(&list,name);
-
- rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/
- /* keyserver_work (ctrl, KS_GETNAME, list, NULL, */
- /* 0, fpr, fpr_len, keyserver); */
-
- free_strlist(list);
-
- free_keyserver_spec(keyserver);
-
- return rc;
-#endif
-}
diff --git a/g10/main.h b/g10/main.h
index 2443aa7fe..7ce8b9a9c 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -327,6 +327,7 @@ gpg_error_t make_backsig (ctrl_t ctrl,
PKT_signature *sig, PKT_public_key *pk,
PKT_public_key *sub_pk, PKT_public_key *sub_psk,
u32 timestamp, const char *cache_nonce);
+void keygen_prepare_new_key_adsks (void);
gpg_error_t generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock,
const char *algostr,
const char *usagestr,