security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: New AKL method "ntds" 

* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
* g10/options.h (AKL_NTDS): New.
* g10/keyserver.c (keyserver_import_ntds): New.
(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
* g10/getkey.c (parse_auto_key_locate): Support "ntds".
(get_pubkey_byname): Ditto.
This commit is contained in:
Werner Koch 2020-12-17 18:18:52 +01:00
parent 1194e4f7e2
commit 4a3836e2b2
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
8 changed files with 90 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
dirmngr/ks-engine-ldap.c
View File

@ -343,6 +343,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
char *f = NULL; char *f = NULL;
char *freeme = NULL; char *freeme = NULL;
char *p;
gpg_error_t err = classify_user_id (keyspec, &desc, 1); gpg_error_t err = classify_user_id (keyspec, &desc, 1);
if (err) if (err)
@ -362,14 +363,24 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
break; break;
case KEYDB_SEARCH_MODE_MAIL: case KEYDB_SEARCH_MODE_MAIL:
if (only_exact) freeme = ldap_escape_filter (desc.u.name);
if (!freeme)
break; break;
if ((serverinfo & SERVERINFO_SCHEMAV2)) if (*freeme == '<' && freeme[1] && freeme[2])
f = xasprintf ("(gpgMailbox=%s)", {
(freeme = ldap_escape_filter (desc.u.name))); /* Strip angle brackets. Note that it is does not
* matter whether we work on the plan or LDAP escaped
* version of the mailbox. */
p = freeme + 1;
if (p[strlen(p)-1] == '>')
p[strlen(p)-1] = 0;
}
else else
f = xasprintf ("(pgpUserID=*<%s>*)", p = freeme;
(freeme = ldap_escape_filter (desc.u.name))); if ((serverinfo & SERVERINFO_SCHEMAV2))
f = xasprintf ("(gpgMailbox=%s)", p);
else if (!only_exact)
f = xasprintf ("(pgpUserID=*<%s>*)", p);
break; break;
case KEYDB_SEARCH_MODE_MAILSUB: case KEYDB_SEARCH_MODE_MAILSUB:
@ -934,6 +945,8 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
if (err) if (err)
goto out; goto out;
if (opt.debug)
log_debug ("ks-ldap: using filter: %s\n", filter);
{ {
/* The ordering is significant. Specifically, "pgpcertid" needs /* The ordering is significant. Specifically, "pgpcertid" needs

3
doc/gpg.texi
View File

@ -1825,6 +1825,9 @@ list. The default is "local,wkd".
keyservers to use. If this fails, attempt to locate the key using the keyservers to use. If this fails, attempt to locate the key using the
PGP Universal method of checking @samp{ldap://keys.(thedomain)}. PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
@item ntds
Locate the key using the Active Directory (Windows only).
@item keyserver @item keyserver
Locate a key using a keyserver. Locate a key using a keyserver.

9
g10/getkey.c
View File

@ -1107,6 +1107,13 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
glo_ctrl.in_auto_key_retrieve--; glo_ctrl.in_auto_key_retrieve--;
break; break;
case AKL_NTDS:
mechanism_string = "NTDS";
glo_ctrl.in_auto_key_retrieve++;
rc = keyserver_import_ntds (ctrl, name, &fpr, &fpr_len);
glo_ctrl.in_auto_key_retrieve--;
break;
case AKL_KEYSERVER: case AKL_KEYSERVER:
/* Strictly speaking, we don't need to only use a valid /* Strictly speaking, we don't need to only use a valid
* mailbox for the getname search, but it helps cut down * mailbox for the getname search, but it helps cut down
@ -4152,6 +4159,8 @@ parse_auto_key_locate (const char *options_arg)
akl->type = AKL_DANE; akl->type = AKL_DANE;
else if (ascii_strcasecmp (tok, "wkd") == 0) else if (ascii_strcasecmp (tok, "wkd") == 0)
akl->type = AKL_WKD; akl->type = AKL_WKD;
else if (ascii_strcasecmp (tok, "ntds") == 0)
akl->type = AKL_NTDS;
else if ((akl->spec = parse_keyserver_uri (tok, 1))) else if ((akl->spec = parse_keyserver_uri (tok, 1)))
akl->type = AKL_SPEC; akl->type = AKL_SPEC;
else else

11
g10/gpgv.c
View File

@ -478,6 +478,17 @@ keyserver_import_name (const char *name,struct keyserver_spec *spec)
return -1; return -1;
} }
int
keyserver_import_ntds (ctrl_t ctrl, const char *mbox,
unsigned char **fpr, size_t *fprlen)
{
(void)ctrl;
(void)mbox;
(void)fpr;
(void)fprlen;
return -1;
}
int int
keyserver_import_ldap (const char *name) keyserver_import_ldap (const char *name)
{ {

2
g10/keyserver-internal.h
View File

@ -47,6 +47,8 @@ gpg_error_t keyserver_import_pka (ctrl_t ctrl, const char *name,
unsigned char **fpr,size_t *fpr_len); unsigned char **fpr,size_t *fpr_len);
gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick, gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick,
unsigned char **fpr, size_t *fpr_len); unsigned char **fpr, size_t *fpr_len);
int keyserver_import_ntds (ctrl_t ctrl, const char *name,
unsigned char **fpr,size_t *fpr_len);
int keyserver_import_name (ctrl_t ctrl, int keyserver_import_name (ctrl_t ctrl,
const char *name,unsigned char **fpr,size_t *fpr_len, const char *name,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver); struct keyserver_spec *keyserver);

34
g10/keyserver.c
View File

@ -1141,6 +1141,21 @@ keyserver_import_name (ctrl_t ctrl, const char *name,
} }
/* Import the keys that match exactly MBOX */
int
keyserver_import_ntds (ctrl_t ctrl, const char *mbox,
unsigned char **fpr, size_t *fprlen)
{
KEYDB_SEARCH_DESC desc = { 0 };
struct keyserver_spec keyserver = { NULL, "ldap:///" };
desc.mode = KEYDB_SEARCH_MODE_MAIL;
desc.u.name = mbox;
return keyserver_get (ctrl, &desc, 1, &keyserver, 0, fpr, fprlen);
}
int int
keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len, keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
struct keyserver_spec *keyserver, int quick) struct keyserver_spec *keyserver, int quick)
@ -1669,6 +1684,25 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
quiet = 1; quiet = 1;
} }
} }
else if(desc[idx].mode == KEYDB_SEARCH_MODE_MAIL)
{
n = 1 + strlen (desc[idx].u.name) + 1 + 1;
if (idx && linelen + n > MAX_KS_GET_LINELEN)
break; /* Declare end of this chunk. */
linelen += n;
if (desc[idx].u.name[0] == '<')
pattern[npat] = xtrystrdup (desc[idx].u.name);
else
pattern[npat] = strconcat ("<", desc[idx].u.name, ">", NULL);
if (!pattern[npat])
err = gpg_error_from_syserror ();
else
{
npat++;
quiet = 1;
}
}
else if (desc[idx].mode == KEYDB_SEARCH_MODE_NONE) else if (desc[idx].mode == KEYDB_SEARCH_MODE_NONE)
continue; continue;
else else

1
g10/options.h
View File

@ -265,6 +265,7 @@ struct
AKL_DANE, AKL_DANE,
AKL_WKD, AKL_WKD,
AKL_LDAP, AKL_LDAP,
AKL_NTDS,
AKL_KEYSERVER, AKL_KEYSERVER,
AKL_SPEC AKL_SPEC
} type; } type;

11
g10/test-stubs.c
View File

@ -236,6 +236,17 @@ keyserver_import_name (const char *name,struct keyserver_spec *spec)
return -1; return -1;
} }
int
keyserver_import_ntds (ctrl_t ctrl, const char *mbox,
unsigned char **fpr, size_t *fprlen)
{
(void)ctrl;
(void)mbox;
(void)fpr;
(void)fprlen;
return -1;
}
int int
keyserver_import_ldap (const char *name) keyserver_import_ldap (const char *name)
{ {