diff --git a/doc/gpg.texi b/doc/gpg.texi index 67c6012c9..af87064e5 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2006,15 +2006,15 @@ list. The default is "local,wkd". Locate a key using the Web Key Directory protocol. @item ldap - Using DNS Service Discovery, check the domain in question for any LDAP - keyservers to use. If this fails, attempt to locate the key using the - PGP Universal method of checking @samp{ldap://keys.(thedomain)}. + Locate the key using the configured LDAP servers. This method is + similar to the @code{keyserver} mechanism but always uses only LDAP + servers. @item ntds Locate the key using the Active Directory (Windows only). This method also allows one to search by fingerprint using the command @option{--locate-external-key}. Note that this mechanism is - actually a shortcut for the mechanism @samp{keyserver} but using + actually a shortcut for the mechanism @samp{ldap} using only "ldap:///" as the keyserver. @item keyserver diff --git a/g10/getkey.c b/g10/getkey.c index 3e5d32e01..e0d99311a 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1,7 +1,7 @@ /* getkey.c - Get a key from the database * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, * 2007, 2008, 2010 Free Software Foundation, Inc. - * Copyright (C) 2015, 2016 g10 Code GmbH + * Copyright (C) 2015, 2016, 2024 g10 Code GmbH * * This file is part of GnuPG. * @@ -17,6 +17,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, see . + * SPDX-License-Identifier: GPL-3.0-or-later */ #include @@ -1176,16 +1177,31 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode, break; case AKL_LDAP: - if (is_fpr) + if (!keyserver_any_configured (ctrl)) { mechanism_string = ""; rc = GPG_ERR_NO_PUBKEY; } else { - mechanism_string = "LDAP"; + mechanism_string = is_fpr? "ldap/fpr":"ldap/mbox"; glo_ctrl.in_auto_key_retrieve++; - rc = keyserver_import_ldap (ctrl, name, &fpr, &fpr_len); + if (is_fpr) + rc = keyserver_import_fpr (ctrl, + fprbuf.u.fpr, fprbuf.fprlen, + opt.keyserver, + KEYSERVER_IMPORT_FLAG_LDAP); + else + rc = keyserver_import_mbox (ctrl, name, &fpr, &fpr_len, + opt.keyserver, + KEYSERVER_IMPORT_FLAG_LDAP); + /* Map error codes because Dirmngr returns NO DATA + * if the keyserver does not have the requested key. + * It returns NO KEYSERVER if no LDAP keyservers are + * configured. */ + if (gpg_err_code (rc) == GPG_ERR_NO_DATA + || gpg_err_code (rc) == GPG_ERR_NO_KEYSERVER) + rc = gpg_error (GPG_ERR_NO_PUBKEY); glo_ctrl.in_auto_key_retrieve--; } break; @@ -1227,7 +1243,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode, else { rc = keyserver_import_mbox (ctrl, name, &fpr, &fpr_len, - opt.keyserver); + opt.keyserver, 0); } glo_ctrl.in_auto_key_retrieve--; } @@ -1258,7 +1274,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode, else { rc = keyserver_import_mbox (ctrl, name, - &fpr, &fpr_len, keyserver); + &fpr, &fpr_len, keyserver, 0); } glo_ctrl.in_auto_key_retrieve--; } diff --git a/g10/gpg.c b/g10/gpg.c index 5359d1582..65e32c097 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4773,8 +4773,6 @@ main (int argc, char **argv) parse_auto_key_locate (DEFAULT_AKL_LIST); } public_key_list (ctrl, sl, 1, cmd == aLocateExtKeys); - - free_strlist (sl); break; diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h index 5c27c3a2b..cb2c005b4 100644 --- a/g10/keyserver-internal.h +++ b/g10/keyserver-internal.h @@ -55,10 +55,9 @@ gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned char **fpr, size_t *fpr_len); int keyserver_import_ntds (ctrl_t ctrl, const char *name, unsigned char **fpr,size_t *fpr_len); -int keyserver_import_mbox (ctrl_t ctrl, const char *mbox, - unsigned char **fpr,size_t *fpr_len, - struct keyserver_spec *keyserver); -int keyserver_import_ldap (ctrl_t ctrl, const char *name, - unsigned char **fpr,size_t *fpr_len); +gpg_error_t keyserver_import_mbox (ctrl_t ctrl, const char *mbox, + unsigned char **fpr,size_t *fpr_len, + struct keyserver_spec *keyserver, + unsigned int flags); #endif /* !_KEYSERVER_INTERNAL_H_ */ diff --git a/g10/keyserver.c b/g10/keyserver.c index 83c53a0cf..acb82ef32 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -946,17 +946,17 @@ keyserver_any_configured (ctrl_t ctrl) /* Import all keys that exactly match MBOX */ -int +gpg_error_t keyserver_import_mbox (ctrl_t ctrl, const char *mbox, unsigned char **fpr, size_t *fprlen, - struct keyserver_spec *keyserver) + struct keyserver_spec *keyserver, unsigned int flags) { KEYDB_SEARCH_DESC desc = { 0 }; desc.mode = KEYDB_SEARCH_MODE_MAIL; desc.u.name = mbox; - return keyserver_get (ctrl, &desc, 1, keyserver, 0, fpr, fprlen); + return keyserver_get (ctrl, &desc, 1, keyserver, flags, fpr, fprlen); } @@ -1864,85 +1864,3 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, unsigned int flags, xfree (mbox); return err; } - - -/* Import a key by name using LDAP */ -int -keyserver_import_ldap (ctrl_t ctrl, - const char *name, unsigned char **fpr, size_t *fprlen) -{ - (void)ctrl; - (void)name; - (void)fpr; - (void)fprlen; - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/ -#if 0 - char *domain; - struct keyserver_spec *keyserver; - strlist_t list=NULL; - int rc,hostlen=1; - struct srventry *srvlist=NULL; - int srvcount,i; - char srvname[MAXDNAME]; - - /* Parse out the domain */ - domain=strrchr(name,'@'); - if(!domain) - return GPG_ERR_GENERAL; - - domain++; - - keyserver=xmalloc_clear(sizeof(struct keyserver_spec)); - keyserver->scheme=xstrdup("ldap"); - keyserver->host=xmalloc(1); - keyserver->host[0]='\0'; - - snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain); - - FIXME("network related - move to dirmngr or drop the code"); - srvcount=getsrv(srvname,&srvlist); - - for(i=0;ihost=xrealloc(keyserver->host,hostlen); - - strcat(keyserver->host,srvlist[i].target); - - if(srvlist[i].port!=389) - { - char port[7]; - - hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */ - keyserver->host=xrealloc(keyserver->host,hostlen); - - snprintf(port,7,":%u",srvlist[i].port); - strcat(keyserver->host,port); - } - - strcat(keyserver->host," "); - } - - free(srvlist); - - /* If all else fails, do the PGP Universal trick of - ldap://keys.(domain) */ - - hostlen+=5+strlen(domain); - keyserver->host=xrealloc(keyserver->host,hostlen); - strcat(keyserver->host,"keys."); - strcat(keyserver->host,domain); - - append_to_strlist(&list,name); - - rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /*FIXME*/ - /* keyserver_work (ctrl, KS_GETNAME, list, NULL, */ - /* 0, fpr, fpr_len, keyserver); */ - - free_strlist(list); - - free_keyserver_spec(keyserver); - - return rc; -#endif -} diff --git a/g10/main.h b/g10/main.h index 2443aa7fe..7ce8b9a9c 100644 --- a/g10/main.h +++ b/g10/main.h @@ -327,6 +327,7 @@ gpg_error_t make_backsig (ctrl_t ctrl, PKT_signature *sig, PKT_public_key *pk, PKT_public_key *sub_pk, PKT_public_key *sub_psk, u32 timestamp, const char *cache_nonce); +void keygen_prepare_new_key_adsks (void); gpg_error_t generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, const char *usagestr,