mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-17 00:39:50 +02:00
dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT. * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ... (parse_rereadable_options): here. -- Note that this has not yet been tested. In fact a test with OpenLDAP using a modified route got stuck in the connection attempt. Maybe it works on Windows - will be tested later. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
ff17aee5d1
commit
317d5947b8
|
@ -645,6 +645,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
||||||
set_dns_timeout (0);
|
set_dns_timeout (0);
|
||||||
opt.connect_timeout = 0;
|
opt.connect_timeout = 0;
|
||||||
opt.connect_quick_timeout = 0;
|
opt.connect_quick_timeout = 0;
|
||||||
|
opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
|
||||||
ldapserver_list_needs_reset = 1;
|
ldapserver_list_needs_reset = 1;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -779,6 +780,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
||||||
opt.connect_quick_timeout = pargs->r.ret_ulong * 1000;
|
opt.connect_quick_timeout = pargs->r.ret_ulong * 1000;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case oLDAPTimeout:
|
||||||
|
opt.ldaptimeout = pargs->r.ret_int;
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return 0; /* Not handled. */
|
return 0; /* Not handled. */
|
||||||
}
|
}
|
||||||
|
@ -1035,9 +1040,6 @@ main (int argc, char **argv)
|
||||||
# endif /*USE_LDAP*/
|
# endif /*USE_LDAP*/
|
||||||
break;
|
break;
|
||||||
case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
|
case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
|
||||||
case oLDAPTimeout:
|
|
||||||
opt.ldaptimeout = pargs.r.ret_int;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case oFakedSystemTime:
|
case oFakedSystemTime:
|
||||||
gnupg_set_time ((time_t)pargs.r.ret_ulong, 0);
|
gnupg_set_time ((time_t)pargs.r.ret_ulong, 0);
|
||||||
|
|
|
@ -313,7 +313,7 @@ ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri)
|
||||||
{
|
{
|
||||||
const char data[] =
|
const char data[] =
|
||||||
"Handler for LDAP URLs:\n"
|
"Handler for LDAP URLs:\n"
|
||||||
" ldap://HOST:PORT/[BASEDN]???[bindname=BINDNAME,password=PASSWORD]\n"
|
" ldap://HOST:PORT/[BASEDN]????[bindname=BINDNAME,password=PASSWORD]\n"
|
||||||
"\n"
|
"\n"
|
||||||
"Note: basedn, bindname and password need to be percent escaped. In\n"
|
"Note: basedn, bindname and password need to be percent escaped. In\n"
|
||||||
"particular, spaces need to be replaced with %20 and commas with %2c.\n"
|
"particular, spaces need to be replaced with %20 and commas with %2c.\n"
|
||||||
|
@ -646,6 +646,20 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (opt.ldaptimeout)
|
||||||
|
{
|
||||||
|
int ver = opt.ldaptimeout;
|
||||||
|
|
||||||
|
lerr = ldap_set_option (ldap_conn, LDAP_OPT_TIMELIMIT, &ver);
|
||||||
|
if (lerr != LDAP_SUCCESS)
|
||||||
|
{
|
||||||
|
log_error ("ks-ldap: unable to set LDAP timelimit to %us: %s\n",
|
||||||
|
opt.ldaptimeout, ldap_err2string (lerr));
|
||||||
|
err = ldap_err_to_gpg_err (lerr);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -440,7 +440,7 @@ encoded as Latin-1. There is no other solution here than to put such a
|
||||||
password in the binary encoding into the file (i.e. non-ascii characters
|
password in the binary encoding into the file (i.e. non-ascii characters
|
||||||
won't show up readable).@footnote{The @command{gpgconf} tool might be
|
won't show up readable).@footnote{The @command{gpgconf} tool might be
|
||||||
helpful for frontends as it enables editing this configuration file using
|
helpful for frontends as it enables editing this configuration file using
|
||||||
percent-escaped strings.}jj
|
percent-escaped strings.}
|
||||||
|
|
||||||
|
|
||||||
@item --ldapserver @var{spec}
|
@item --ldapserver @var{spec}
|
||||||
|
@ -448,10 +448,12 @@ percent-escaped strings.}jj
|
||||||
This is an alternative way to specify LDAP servers for CRL and X.509
|
This is an alternative way to specify LDAP servers for CRL and X.509
|
||||||
certificate retrieval. If this option is used the servers configured
|
certificate retrieval. If this option is used the servers configured
|
||||||
in @file{dirmngr_ldapservers.conf} (or the file given by
|
in @file{dirmngr_ldapservers.conf} (or the file given by
|
||||||
@option{--ldapserverlist-file}) are cleared. Reloading dirmngr will
|
@option{--ldapserverlist-file}) are cleared. Note that
|
||||||
consider these again will in no case use those from
|
@file{dirmngr_ldapservers.conf} is not read again by a reload
|
||||||
@file{dirmngr_ldapservers.conf} again. The @var{spec} is either a
|
signal. However, @option{--ldapserver} options are read again.
|
||||||
proper LDAP URL or a colon delimited list of the form
|
|
||||||
|
@var{spec} is either a proper LDAP URL or a colon delimited list of
|
||||||
|
the form
|
||||||
|
|
||||||
@sc{hostname:port:username:password:base_dn:flags:}
|
@sc{hostname:port:username:password:base_dn:flags:}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user