1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

* gpgkeys_ldap.c (delete_one_attr): New function to replace attributes

with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field.  Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.
This commit is contained in:
David Shaw 2004-02-23 03:43:45 +00:00
parent d8590475fe
commit 07a10b451e
2 changed files with 65 additions and 9 deletions

View File

@ -1,3 +1,13 @@
2004-02-22 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c (delete_one_attr): New function to replace
attributes with NULL (a "delete" that works even for nonexistant
attributes).
(send_key): Use it here to remove attributes so a modify operation
starts with a clean playing field. Bias sends to modify before
add, since (I suspect) people update their existing keys more
often than they make and send new keys to the server.
2004-02-21 David Shaw <dshaw@jabberwocky.com> 2004-02-21 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c (epoch2ldaptime): New. Converse of * gpgkeys_ldap.c (epoch2ldaptime): New. Converse of

View File

@ -305,6 +305,36 @@ make_one_attr(LDAPMod ***modlist,char *attr,const char *value)
return 1; return 1;
} }
/* This doesn't mean "delete" in the sense of removing something from
the modlist, but "delete" in the LDAP sense of adding a modlist
item that specifies LDAP_MOD_REPLACE and a null attribute for the
given attribute. LDAP_MOD_DELETE doesn't work here as we don't
know if the attribute in question exists or not. */
static int
delete_one_attr(LDAPMod ***modlist,char *attr)
{
LDAPMod **grow;
int nummods=0;
for(grow=*modlist;*grow;grow++)
nummods++;
grow=realloc(*modlist,sizeof(LDAPMod *)*(nummods+2));
if(!grow)
return 0;
*modlist=grow;
grow[nummods]=malloc(sizeof(LDAPMod));
if(!grow[nummods])
return 0;
grow[nummods]->mod_op=LDAP_MOD_REPLACE;
grow[nummods]->mod_type=attr;
grow[nummods]->mod_values=NULL;
grow[nummods+1]=NULL;
return 1;
}
static void static void
build_attrs(LDAPMod ***modlist,char *line) build_attrs(LDAPMod ***modlist,char *line)
{ {
@ -499,6 +529,19 @@ send_key(int *eof)
*modlist=NULL; *modlist=NULL;
/* Going on the assumption that modify operations are more frequent
than adds, I'm setting up the modify operations here first. */
delete_one_attr(&modlist,"pgpDisabled");
delete_one_attr(&modlist,"pgpKeyID");
delete_one_attr(&modlist,"pgpKeyType");
delete_one_attr(&modlist,"pgpUserID");
delete_one_attr(&modlist,"pgpKeyCreateTime");
delete_one_attr(&modlist,"pgpSignerID");
delete_one_attr(&modlist,"pgpRevoked");
delete_one_attr(&modlist,"pgpSubKeyID");
delete_one_attr(&modlist,"pgpKeySize");
delete_one_attr(&modlist,"pgpKeyExpireTime");
/* Assemble the INFO stuff into LDAP attributes */ /* Assemble the INFO stuff into LDAP attributes */
while(fgets(line,MAX_LINE,input)!=NULL) while(fgets(line,MAX_LINE,input)!=NULL)
@ -623,16 +666,19 @@ send_key(int *eof)
make_one_attr(&modlist,"objectClass","pgpKeyInfo"); make_one_attr(&modlist,"objectClass","pgpKeyInfo");
make_one_attr(&modlist,"pgpKey",key); make_one_attr(&modlist,"pgpKey",key);
err=ldap_add_s(ldap,dn,modlist); /* If it's not there, we just turn around and send an add command
for the same key. Otherwise, the modify brings the server copy
into compliance with our copy. Note that unlike the LDAP
keyserver (and really, any other keyserver) this does NOT merge
signatures, but replaces the whole key. This should make some
people very happy. */
/* If it's there already, we just turn around and send a modify
command for the same key to bring it into compliance with our
copy. Note that unlike the LDAP keyserver (and really, any other
keyserver) this does NOT merge signatures, but replaces the whole
key. This should make some people very happy. */
if(err==LDAP_ALREADY_EXISTS)
err=ldap_modify_s(ldap,dn,modlist); err=ldap_modify_s(ldap,dn,modlist);
if(err==LDAP_NO_SUCH_OBJECT)
{
LDAPMod **addlist=&modlist[10];
err=ldap_add_s(ldap,dn,addlist);
}
if(err!=LDAP_SUCCESS) if(err!=LDAP_SUCCESS)
{ {