security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

dirmngr: Interrogate LDAP server when base DN specified.

Browse Source 
* dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP
server when basedn specified.

--

GnuPG-bug-id: 6047
Signed-off-by: Joey Berkovitz <joeyberkovitz@gmail.com>
This commit is contained in:
Joey Berkovitz 2022-09-27 20:20:53 -04:00 committed by NIIBE Yutaka
parent 03f3923337
commit 3257385378
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
1 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
dirmngr/ks-engine-ldap.c
View File

@ -288,6 +288,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
} }
/* Returns 1 if R_BASEDDN is substituted, 0 if not. */
static int static int
interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search, interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
unsigned int *r_serverinfo, char **r_basedn) unsigned int *r_serverinfo, char **r_basedn)
@ -296,7 +297,6 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
char **vals; char **vals;
LDAPMessage *si_res; LDAPMessage *si_res;
int is_gnupg = 0; int is_gnupg = 0;
int result = 0;
char *basedn = NULL; char *basedn = NULL;
char *attr2[] = { "pgpBaseKeySpaceDN", "pgpVersion", "pgpSoftware", NULL }; char *attr2[] = { "pgpBaseKeySpaceDN", "pgpVersion", "pgpSoftware", NULL };
char *object = xasprintf ("cn=pgpServerInfo,%s", basedn_search); char *object = xasprintf ("cn=pgpServerInfo,%s", basedn_search);
@ -311,9 +311,7 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
{ {
vals = ldap_get_values (ldap_conn, si_res, "pgpBaseKeySpaceDN"); vals = ldap_get_values (ldap_conn, si_res, "pgpBaseKeySpaceDN");
if (vals && vals[0]) if (vals && vals[0])
{ basedn = xtrystrdup (vals[0]);
basedn = xtrystrdup (vals[0]);
}
my_ldap_value_free (vals); my_ldap_value_free (vals);
vals = ldap_get_values (ldap_conn, si_res, "pgpSoftware"); vals = ldap_get_values (ldap_conn, si_res, "pgpSoftware");
@ -351,9 +349,19 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
freed with ldap_msgfree() regardless of return freed with ldap_msgfree() regardless of return
value of these functions. */ value of these functions. */
ldap_msgfree (si_res); ldap_msgfree (si_res);
if (r_basedn) if (r_basedn && basedn)
*r_basedn = basedn; {
return result; if (*r_basedn)
xfree (*r_basedn);
*r_basedn = basedn;
return 1;
}
else
{
if (basedn)
xfree (basedn);
return 0;
}
} }
/* Connect to an LDAP server and interrogate it. /* Connect to an LDAP server and interrogate it.
@ -653,6 +661,17 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
goto out; goto out;
} }
*r_serverinfo |= SERVERINFO_REALLDAP; *r_serverinfo |= SERVERINFO_REALLDAP;
/* First try with provided basedn, else retry up one level.
* Retry assumes that provided entry is for keyspace,
* matching old behavior */
if (!interrogate_ldap_dn (ldap_conn, basedn, r_serverinfo, &basedn))
{
const char *basedn_parent = strchr (basedn, ',');
if (basedn_parent)
interrogate_ldap_dn (ldap_conn, basedn_parent + 1, r_serverinfo,
&basedn);
}
} }
else else
{ /* Look for namingContexts. */ { /* Look for namingContexts. */