security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Add support to talking to LDAP key servers.

Browse source 
* g10/call-dirmngr.c (record_output): New function.
(ks_put_inq_cb): Use it here to generate a --with-colons like output
instead of a custom format.
* dirmngr/ks-action.c: Include "ldap-parse-uri.h".
(ks_action_help): If the provided URI is an LDAP URI, then use
ldap_parse_uri to parse.  Call ks_ldap_help.
(ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
(ks_action_get): Likewise.
(ks_action_put): Likewise.  Also, change data from a 'const void *' to
a 'void *' and add info and infolen parameters.  Add note that
function may modify DATA.
* dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
* dirmngr/server.c: Include "ldap-parse-uri.h".
(cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
ldap_parse_uri.
(hlp_ks_put): Improve documentation.
(cmd_ks_put): Also pass info and infolen to ks_action_put.  Improve
documentation.
* dirmngr/ks-engine.h (ks_ldap_help): New declaration.
(ks_ldap_search): Likewise.
(ks_ldap_get): Likewise.
(ks_ldap_put): Likewise.
* dirmngr/ks-engine-ldap.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
ldap-parse-uri.c and ldap-parse-uri.h.
(dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
This commit is contained in:
Neal H. Walfield 2015-03-19 11:02:46 +01:00
parent 81e8306085
commit 51341badb6
8 changed files with 2322 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

58
dirmngr/ks-action.c
View file

@ -1,6 +1,7 @@
/* ks-action.c - OpenPGP keyserver actions
* Copyright (C) 2011 Free Software Foundation, Inc.
* Copyright (C) 2011, 2014 Werner Koch
* Copyright (C) 2015 g10 Code GmbH
*
* This file is part of GnuPG.
*
@ -29,7 +30,7 @@
#include "misc.h"
#include "ks-engine.h"
#include "ks-action.h"
#include "ldap-parse-uri.h"
/* Called by the engine's help functions to print the actual help. */
gpg_error_t
@ -72,7 +73,11 @@ ks_action_help (ctrl_t ctrl, const char *url)
}
else
{
err = http_parse_uri (&parsed_uri, url, 1);
if (ldap_uri_p (url))
err = ldap_parse_uri (&parsed_uri, url);
else
err = http_parse_uri (&parsed_uri, url, 1);
if (err)
return err;
}
@ -85,6 +90,8 @@ ks_action_help (ctrl_t ctrl, const char *url)
err = ks_finger_help (ctrl, parsed_uri);
if (!err)
err = ks_kdns_help (ctrl, parsed_uri);
if (!err)
err = ks_ldap_help (ctrl, parsed_uri);
if (!parsed_uri)
ks_print_help (ctrl,
@ -142,10 +149,18 @@ ks_action_search (ctrl_t ctrl, strlist_t patterns, estream_t outfp)
stop at the first error. */
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
{
if (uri->parsed_uri->is_http)
int is_http = uri->parsed_uri->is_http;
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
if (is_http || is_ldap)
{
any_server = 1;
err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
if (is_http)
err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
else if (is_ldap)
err = ks_ldap_search (ctrl, uri->parsed_uri, patterns->d, &infp);
if (!err)
{
err = copy_stream (infp, outfp);
@ -185,12 +200,20 @@ ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp)
Need to think about a better strategy. */
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
{
if (uri->parsed_uri->is_http)
int is_http = uri->parsed_uri->is_http;
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
if (is_http || is_ldap)
{
any_server = 1;
for (sl = patterns; !err && sl; sl = sl->next)
{
err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
if (is_http)
err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
else
err = ks_ldap_get (ctrl, uri->parsed_uri, sl->d, &infp);
if (err)
{
/* It is possible that a server does not carry a
@ -282,9 +305,14 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
/* Send an OpenPGP key to all keyservers. The key in {DATA,DATALEN}
is expected in OpenPGP binary transport format. */
is expected to be in OpenPGP binary transport format. The metadata
in {INFO,INFOLEN} is in colon-separated format (concretely, it is
the output of 'for x in keys sigs; do gpg --list-$x --with-colons
KEYID; done'. This function may modify DATA and INFO. If this is
a problem, then the caller should create a copy. */
gpg_error_t
ks_action_put (ctrl_t ctrl, const void *data, size_t datalen)
ks_action_put (ctrl_t ctrl, void *data, size_t datalen,
void *info, size_t infolen)
{
gpg_error_t err = 0;
gpg_error_t first_err = 0;
@ -293,10 +321,20 @@ ks_action_put (ctrl_t ctrl, const void *data, size_t datalen)
for (uri = ctrl->keyservers; !err && uri; uri = uri->next)
{
if (uri->parsed_uri->is_http)
int is_http = uri->parsed_uri->is_http;
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
if (is_http || is_ldap)
{
any_server = 1;
err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
if (is_http)
err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
else
err = ks_ldap_put (ctrl, uri->parsed_uri, data, datalen,
info, infolen);
if (err)
{
first_err = err;