security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-06-14 18:31:03 +02:00
Code Activity

* gpgkeys_ldap.c (find_basekeyspacedn): Use LDAP_SCOPE_BASE along with a

Browse Source 
full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to find the
pgpServerInfo object.  Some LDAP setups don't like the search. (main):
Stop binding to the server since it seems no server really requires it,
and some require it not be there.
This commit is contained in:
David Shaw 2004-08-23 03:13:27 +00:00
parent b9167cb0d8
commit 4615a538bf
2 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
keyserver/ChangeLog
View File

@ -1,3 +1,12 @@
2004-08-22 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c (find_basekeyspacedn): Use LDAP_SCOPE_BASE along
with a full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to
find the pgpServerInfo object. Some LDAP setups don't like the
search.
(main): Stop binding to the server since it seems no server really
requires it, and some require it not be there.
2004-07-29 David Shaw <dshaw@jabberwocky.com> 2004-07-29 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c (main): Add "debug" option. This is only really * gpgkeys_ldap.c (main): Add "debug" option. This is only really

31
keyserver/gpgkeys_ldap.c
View File

@ -1423,17 +1423,27 @@ find_basekeyspacedn(void)
{ {
char **vals; char **vals;
LDAPMessage *si_res; LDAPMessage *si_res;
err=ldap_search_s(ldap,context[i],LDAP_SCOPE_ONELEVEL, char *object;
"(cn=pgpServerInfo)",attr,0,&si_res);
if(err!=LDAP_SUCCESS) object=malloc(17+strlen(context[i])+1);
if(!object)
return -1;
strcpy(object,"cn=pgpServerInfo,");
strcat(object,context[i]);
err=ldap_search_s(ldap,object,LDAP_SCOPE_BASE,
"(objectClass=*)",attr,0,&si_res);
free(object);
if(err==LDAP_NO_SUCH_OBJECT)
continue;
else if(err!=LDAP_SUCCESS)
return err; return err;
vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN"); vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN");
if(vals) if(vals)
{ {
/* This is always "OU=ACTIVE,O=PGP KEYSPACE,C=US", but
it might not be in the future. */
basekeyspacedn=strdup(vals[0]); basekeyspacedn=strdup(vals[0]);
ldap_value_free(vals); ldap_value_free(vals);
} }
@ -1479,6 +1489,9 @@ find_basekeyspacedn(void)
if(err!=LDAP_SUCCESS) if(err!=LDAP_SUCCESS)
return err; return err;
/* For the LDAP keyserver, this is always "OU=ACTIVE,O=PGP
KEYSPACE,C=US", but it might not be in the future. */
vals=ldap_get_values(ldap,si_res,"baseKeySpaceDN"); vals=ldap_get_values(ldap,si_res,"baseKeySpaceDN");
if(vals) if(vals)
{ {
@ -1908,9 +1921,12 @@ main(int argc,char *argv[])
} }
} }
#if 0
/* The LDAP keyserver doesn't require this, but it might be useful /* The LDAP keyserver doesn't require this, but it might be useful
if someone stores keys on a V2 LDAP server somewhere. (V3 if someone stores keys on a V2 LDAP server somewhere. (V3
doesn't require a bind). */ doesn't require a bind). Leave this out for now since it is not
clear if anyone server we're likely to use really cares, plus
there are some servers that don't allow it. */
err=ldap_simple_bind_s(ldap,NULL,NULL); err=ldap_simple_bind_s(ldap,NULL,NULL);
if(err!=0) if(err!=0)
@ -1922,6 +1938,7 @@ main(int argc,char *argv[])
} }
else else
bound=1; bound=1;
#endif
switch(action) switch(action)
{ {