diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 2d8d33656..c0918a771 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -27,6 +27,9 @@ if USE_LDAPWRAPPER
libexec_PROGRAMS = dirmngr_ldap
endif
+noinst_PROGRAMS = $(module_tests)
+TESTS = $(module_tests)
+
AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
include $(top_srcdir)/am/cmacros.am
@@ -99,4 +102,14 @@ no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c
cat $(top_srcdir)/tools/no-libgcrypt.c > no-libgcrypt.c
+t_common_src = t-support.h
+# We need libcommontls, because we use the http functions.
+t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o $(GPG_ERROR_LIBS)
+
+module_tests = t-ldap-parse-uri
+t_ldap_parse_uri_SOURCES = \
+ t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
+ $(t_common_src)
+t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd)
+
$(PROGRAMS) : $(libcommon) $(libcommonpth) $(libcommontls) $(libcommontlsnpth)
diff --git a/dirmngr/ldap-parse-uri.c b/dirmngr/ldap-parse-uri.c
new file mode 100644
index 000000000..4be58fdf5
--- /dev/null
+++ b/dirmngr/ldap-parse-uri.c
@@ -0,0 +1,237 @@
+/* ldap-parse-uri.c - Parse an LDAP URI.
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include
+
+#include
+
+#ifdef HAVE_W32_SYSTEM
+# include "ldap-url.h"
+#else
+# include
+#endif
+
+#include "util.h"
+#include "http.h"
+
+/* Returns 1 if the string is an LDAP URL (begins with ldap:, ldaps:
+ or ldapi:). */
+int
+ldap_uri_p (const char *url)
+{
+ char *colon = strchr (url, ':');
+ if (! colon)
+ return 0;
+ else
+ {
+ int offset = (uintptr_t) colon - (uintptr_t) url;
+
+ if (/* All lower case. */
+ (offset == 4 && memcmp (url, "ldap", 4) == 0)
+ || (offset == 5
+ && (memcmp (url, "ldaps", 5) == 0
+ && memcmp (url, "ldapi", 5) == 0))
+ /* Mixed case. */
+ || ((url[0] == 'l' || url[0] == 'L')
+ && (url[1] == 'd' || url[1] == 'D')
+ && (url[2] == 'a' || url[2] == 'A')
+ && (url[3] == 'p' || url[3] == 'P')
+ && (url[4] == ':'
+ || ((url[4] == 's' || url[4] == 'S'
+ || url[4] == 'i' || url[4] == 'i')
+ && url[5] == ':'))))
+ return 1;
+ return 0;
+ }
+}
+
+/* Parse a URI and put the result into *purip. On success the
+ caller must use http_release_parsed_uri() to releases the resources.
+
+ uri->path is the base DN (or NULL for the default).
+ uri->auth is the bindname (or NULL for none).
+ The uri->query variable "password" is the password.
+
+ Note: any specified scope, any attributes, any filter and any
+ unknown extensions are simply ignored. */
+gpg_error_t
+ldap_parse_uri (parsed_uri_t *purip, const char *uri)
+{
+ gpg_err_code_t err = 0;
+ parsed_uri_t puri = NULL;
+
+ int result;
+ LDAPURLDesc *lud = NULL;
+
+ char *scheme = NULL;
+ char *host = NULL;
+ char *dn = NULL;
+ char *bindname = NULL;
+ char *password = NULL;
+
+ char **s;
+
+ char *buffer;
+ int len;
+
+ result = ldap_url_parse (uri, &lud);
+ if (result != 0)
+ {
+ log_error ("Unable to parse LDAP uri '%s'\n", uri);
+ err = GPG_ERR_ASS_GENERAL;
+ goto out;
+ }
+
+ scheme = lud->lud_scheme;
+ host = lud->lud_host;
+ dn = lud->lud_dn;
+
+ for (s = lud->lud_exts; s && *s; s ++)
+ {
+ if (strncmp (*s, "bindname=", 9) == 0)
+ {
+ if (bindname)
+ log_error ("bindname given multiple times in URL '%s', ignoring.\n",
+ uri);
+ else
+ bindname = *s + 9;
+ }
+ else if (strncmp (*s, "password=", 9) == 0)
+ {
+ if (password)
+ log_error ("password given multiple times in URL '%s', ignoring.\n",
+ uri);
+ else
+ password = *s + 9;
+ }
+ else
+ log_error ("Unhandled extension (%s) in URL '%s', ignoring.",
+ *s, uri);
+ }
+
+ len = 0;
+
+#define add(s) ({ if (s) len += strlen (s) + 1; })
+
+ add (scheme);
+ add (host);
+ add (dn);
+ add (bindname);
+ add (password);
+
+ puri = xtrycalloc (1, sizeof *puri + len);
+ if (! puri)
+ {
+ err = gpg_err_code_from_syserror ();
+ goto out;
+ }
+
+ buffer = puri->buffer;
+
+#define copy(s) \
+ ({ \
+ char *copy_result = NULL; \
+ if (s) \
+ { \
+ copy_result = buffer; \
+ buffer = stpcpy (buffer, s) + 1; \
+ } \
+ copy_result; \
+ })
+
+ puri->scheme = ascii_strlwr (copy (scheme));
+ puri->host = copy (host);
+ puri->path = copy (dn);
+ puri->auth = copy (bindname);
+
+ if (password)
+ {
+ puri->query = calloc (sizeof (*puri->query), 1);
+ puri->query->name = "password";
+ puri->query->value = copy (password);
+ puri->query->valuelen = strlen (password) + 1;
+ }
+
+ puri->use_tls = strcmp (puri->scheme, "ldaps") == 0;
+ puri->port = lud->lud_port;
+
+ out:
+ if (lud)
+ ldap_free_urldesc (lud);
+
+ if (err)
+ {
+ if (puri)
+ http_release_parsed_uri (puri);
+ }
+ else
+ *purip = puri;
+
+ return gpg_err_make (default_errsource, err);
+}
+
+/* The following characters need to be escaped to be part of an LDAP
+ filter: *, (, ), \, NUL and /. Note: we don't handle NUL, since a
+ NUL can't be part of a C string.
+
+ This function always allocates a new string on success. It is the
+ caller's responsibility to free it.
+*/
+char *
+ldap_escape_filter (const char *filter)
+{
+ int l = strcspn (filter, "*()\\/");
+ if (l == strlen (filter))
+ /* Nothing to escape. */
+ return xstrdup (filter);
+
+ {
+ /* In the worst case we need to escape every letter. */
+ char *escaped = xmalloc (1 + 3 * strlen (filter));
+
+ /* Indices into filter and escaped. */
+ int filter_i = 0;
+ int escaped_i = 0;
+
+ for (filter_i = 0; filter_i < strlen (filter); filter_i ++)
+ {
+ switch (filter[filter_i])
+ {
+ case '*':
+ case '(':
+ case ')':
+ case '\\':
+ case '/':
+ sprintf (&escaped[escaped_i], "%%%02x", filter[filter_i]);
+ escaped_i += 3;
+ break;
+
+ default:
+ escaped[escaped_i ++] = filter[filter_i];
+ break;
+ }
+ }
+ /* NUL terminate it. */
+ escaped[escaped_i] = 0;
+
+ /* We could shrink escaped to be just escaped_i bytes, but the
+ result will probably be freed very quickly anyways. */
+ return escaped;
+ }
+}
diff --git a/dirmngr/ldap-parse-uri.h b/dirmngr/ldap-parse-uri.h
new file mode 100644
index 000000000..1ef1b91c6
--- /dev/null
+++ b/dirmngr/ldap-parse-uri.h
@@ -0,0 +1,33 @@
+/* ldap-parse-uri.h - Parse an LDAP URI.
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#ifndef DIRMNGR_LDAP_PARSE_URI_H
+#define DIRMNGR_LDAP_PARSE_URI_H
+
+#include "util.h"
+#include "http.h"
+
+extern int ldap_uri_p (const char *url);
+
+extern gpg_error_t ldap_parse_uri (parsed_uri_t *ret_uri, const char *uri);
+
+extern char *ldap_escape_filter (const char *filter);
+
+
+#endif
diff --git a/dirmngr/t-ldap-parse-uri.c b/dirmngr/t-ldap-parse-uri.c
new file mode 100644
index 000000000..100ce0de8
--- /dev/null
+++ b/dirmngr/t-ldap-parse-uri.c
@@ -0,0 +1,255 @@
+/* t-ldap-parse-uri.c - Regression tests for ldap-parse-uri.c.
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include
+
+#include "ldap-parse-uri.h"
+
+#include "t-support.h"
+
+struct test_ldap_uri_p
+{
+ const char *uri;
+ int result;
+};
+
+void
+check_ldap_uri_p (int test_count, struct test_ldap_uri_p *test)
+{
+ int result = ldap_uri_p (test->uri);
+ if (result != test->result)
+ {
+ printf ("'%s' is %san LDAP schema, but ldap_uri_p says opposite.\n",
+ test->uri, test->result ? "" : "not ");
+ fail(1000 * test_count);
+ }
+}
+
+static void
+test_ldap_uri_p (void)
+{
+ struct test_ldap_uri_p tests[] = {
+ { "ldap://foo", 1 },
+ { "ldap://", 1 },
+ { "ldap:", 1 },
+ { "ldap", 0 },
+ { "ldapfoobar", 0 },
+
+ { "ldaps://foo", 1 },
+ { "ldaps://", 1 },
+ { "ldaps:", 1 },
+ { "ldaps", 0 },
+ { "ldapsfoobar", 0 },
+
+ { "ldapi://foo", 1 },
+ { "ldapi://", 1 },
+ { "ldapi:", 1 },
+ { "ldapi", 0 },
+ { "ldapifoobar", 0 },
+
+ { "LDAP://FOO", 1 },
+ { "LDAP://", 1 },
+ { "LDAP:", 1 },
+ { "LDAP", 0 },
+ { "LDAPFOOBAR", 0 }
+ };
+
+ int test_count;
+ for (test_count = 1;
+ test_count <= sizeof (tests) / sizeof (tests[0]);
+ test_count ++)
+ check_ldap_uri_p (test_count, &tests[test_count - 1]);
+}
+�
+struct test_ldap_parse_uri
+{
+ const char *uri;
+ const char *scheme;
+ const char *host;
+ const int port;
+ const int use_tls;
+ const char *path; /* basedn. */
+ const char *auth; /* binddn. */
+ const char *password; /* query[1]. */
+};
+
+static int
+cmp (const char *a, const char *b)
+{
+ if (! a)
+ a = "";
+ if (! b)
+ b = "";
+
+ return strcmp (a, b) == 0;
+}
+
+void
+check_ldap_parse_uri (int test_count, struct test_ldap_parse_uri *test)
+{
+ gpg_error_t err;
+ parsed_uri_t puri;
+
+ err = ldap_parse_uri (&puri, test->uri);
+ if (err)
+ {
+ printf ("Parsing '%s' failed (%d).\n", test->uri, err);
+ fail (test_count * 1000 + 0);
+ }
+
+ if (! cmp(test->scheme, puri->scheme))
+ {
+ printf ("scheme mismatch: got '%s', expected '%s'.\n",
+ puri->scheme, test->scheme);
+ fail (test_count * 1000 + 1);
+ }
+
+ if (! cmp(test->host, puri->host))
+ {
+ printf ("host mismatch: got '%s', expected '%s'.\n",
+ puri->host, test->host);
+ fail (test_count * 1000 + 2);
+ }
+
+ if (test->port != puri->port)
+ {
+ printf ("port mismatch: got '%d', expected '%d'.\n",
+ puri->port, test->port);
+ fail (test_count * 1000 + 3);
+ }
+
+ if (test->use_tls != puri->use_tls)
+ {
+ printf ("use_tls mismatch: got '%d', expected '%d'.\n",
+ puri->use_tls, test->use_tls);
+ fail (test_count * 1000 + 4);
+ }
+
+ if (! cmp(test->path, puri->path))
+ {
+ printf ("path mismatch: got '%s', expected '%s'.\n",
+ puri->path, test->path);
+ fail (test_count * 1000 + 5);
+ }
+
+ if (! cmp(test->auth, puri->auth))
+ {
+ printf ("auth mismatch: got '%s', expected '%s'.\n",
+ puri->auth, test->auth);
+ fail (test_count * 1000 + 6);
+ }
+
+ if (! test->password && ! puri->query)
+ /* Ok. */
+ ;
+ else if (test->password && ! puri->query)
+ {
+ printf ("password mismatch: got NULL, expected '%s'.\n",
+ test->auth);
+ fail (test_count * 1000 + 7);
+ }
+ else if (! test->password && puri->query)
+ {
+ printf ("password mismatch: got something, expected NULL.\n");
+ fail (test_count * 1000 + 8);
+ }
+ else if (! (test->password && puri->query
+ && puri->query->name && puri->query->value
+ && strcmp (puri->query->name, "password") == 0
+ && cmp (puri->query->value, test->password)))
+ {
+ printf ("password mismatch: got '%s:%s', expected 'password:%s'.\n",
+ puri->query->name, puri->query->value,
+ test->password);
+ fail (test_count * 1000 + 9);
+ }
+
+ http_release_parsed_uri (puri);
+}
+
+static void
+test_ldap_parse_uri (void)
+{
+ struct test_ldap_parse_uri tests[] = {
+ { "ldap://", "ldap", NULL, 389, 0, NULL, NULL, NULL },
+ { "ldap://host", "ldap", "host", 389, 0, NULL, NULL, NULL },
+ { "ldap://host:100", "ldap", "host", 100, 0, NULL, NULL, NULL },
+ { "ldaps://host", "ldaps", "host", 636, 1, NULL, NULL, NULL },
+ { "ldap://host/ou%3DPGP%20Keys%2Cdc%3DEXAMPLE%2Cdc%3DORG",
+ "ldap", "host", 389, 0, "ou=PGP Keys,dc=EXAMPLE,dc=ORG" },
+ { "ldap://host/????bindname=uid%3Duser%2Cou%3DPGP%20Users%2Cdc%3DEXAMPLE%2Cdc%3DORG,password=foobar",
+ "ldap", "host", 389, 0, "",
+ "uid=user,ou=PGP Users,dc=EXAMPLE,dc=ORG", "foobar" }
+ };
+
+ int test_count;
+ for (test_count = 1;
+ test_count <= sizeof (tests) / sizeof (tests[0]);
+ test_count ++)
+ check_ldap_parse_uri (test_count, &tests[test_count - 1]);
+}
+�
+struct test_ldap_escape_filter
+{
+ const char *filter;
+ const char *result;
+};
+
+static void
+check_ldap_escape_filter (int test_count, struct test_ldap_escape_filter *test)
+{
+ char *result = ldap_escape_filter (test->filter);
+
+ if (strcmp (result, test->result) != 0)
+ {
+ printf ("Filter: '%s'. Escaped: '%s'. Expected: '%s'.\n",
+ test->filter, result, test->result);
+ fail (test_count * 1000);
+ }
+}
+
+static void
+test_ldap_escape_filter (void)
+{
+ struct test_ldap_escape_filter tests[] = {
+ { "foobar", "foobar" },
+ { "", "" },
+ { "(foo)", "%28foo%29" },
+ { "* ( ) \\ /", "%2a %28 %29 %5c %2f" }
+ };
+
+ int test_count;
+ for (test_count = 1;
+ test_count <= sizeof (tests) / sizeof (tests[0]);
+ test_count ++)
+ check_ldap_escape_filter (test_count, &tests[test_count - 1]);
+}
+�
+int
+main (int argc, char **argv)
+{
+ (void)argc;
+ (void)argv;
+
+ test_ldap_uri_p ();
+ test_ldap_parse_uri ();
+ test_ldap_escape_filter ();
+
+ return 0;
+}
diff --git a/dirmngr/t-support.h b/dirmngr/t-support.h
new file mode 100644
index 000000000..99fd267ac
--- /dev/null
+++ b/dirmngr/t-support.h
@@ -0,0 +1,42 @@
+/* t-support.h - Helper for the regression tests
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of JNLIB, which is a subsystem of GnuPG.
+ *
+ * JNLIB is free software; you can redistribute it and/or modify it
+ * under the terms of either
+ *
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * JNLIB is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copies of the GNU General Public License
+ * and the GNU Lesser General Public License along with this program;
+ * if not, see .
+ */
+
+#ifndef DIRMNGR_T_SUPPORT_H
+#define DIRMNGR_T_SUPPORT_H 1
+
+/* Macros to print the result of a test. */
+#define pass() do { ; } while(0)
+#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
+ __FILE__,__LINE__, (a)); \
+ exit (1); \
+ } while(0)
+
+
+#endif /* DIRMNGR_T_SUPPORT_H */