From 5516f92224b6baf6d100d58fc273018bdac173f8 Mon Sep 17 00:00:00 2001
From: Joey Berkovitz <joeyberkovitz@gmail.com>
Date: Tue, 27 Sep 2022 20:20:53 -0400
Subject: [PATCH] dirmngr: Interrogate LDAP server when base DN specified.

* dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP
server when basedn specified.

--

GnuPG-bug-id: 6047
Signed-off-by: Joey Berkovitz <joeyberkovitz@gmail.com>
(cherry picked from commit 3257385378bb3f19ebf089538f0efe2154487989)
---
 dirmngr/ks-engine-ldap.c | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 347a33042..12e212b82 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -294,6 +294,7 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact,
 }
 
 
+/* Returns 1 if R_BASEDDN is substituted, 0 if not.  */
 static int
 interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
                      unsigned int *r_serverinfo, char **r_basedn)
@@ -302,7 +303,6 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
   char **vals;
   LDAPMessage *si_res;
   int is_gnupg = 0;
-  int result = 0;
   char *basedn = NULL;
   char *attr2[] = { "pgpBaseKeySpaceDN", "pgpVersion", "pgpSoftware", NULL };
   char *object = xasprintf ("cn=pgpServerInfo,%s", basedn_search);
@@ -317,9 +317,7 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
     {
       vals = ldap_get_values (ldap_conn, si_res, "pgpBaseKeySpaceDN");
       if (vals && vals[0])
-        {
-          basedn = xtrystrdup (vals[0]);
-        }
+        basedn = xtrystrdup (vals[0]);
       my_ldap_value_free (vals);
 
       vals = ldap_get_values (ldap_conn, si_res, "pgpSoftware");
@@ -357,9 +355,19 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
      freed with ldap_msgfree() regardless of return
      value of these functions.  */
   ldap_msgfree (si_res);
-  if (r_basedn)
-    *r_basedn = basedn;
-  return result;
+  if (r_basedn && basedn)
+    {
+      if (*r_basedn)
+        xfree (*r_basedn);
+      *r_basedn = basedn;
+      return 1;
+    }
+  else
+    {
+      if (basedn)
+        xfree (basedn);
+      return 0;
+    }
 }
 
 
@@ -666,6 +674,17 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
           goto out;
         }
       *r_serverinfo |= SERVERINFO_REALLDAP;
+
+      /* First try with provided basedn, else retry up one level.
+       * Retry assumes that provided entry is for keyspace,
+       * matching old behavior */
+      if (!interrogate_ldap_dn (ldap_conn, basedn, r_serverinfo, &basedn))
+        {
+          const char *basedn_parent = strchr (basedn, ',');
+          if (basedn_parent)
+            interrogate_ldap_dn (ldap_conn, basedn_parent + 1, r_serverinfo,
+                                 &basedn);
+        }
     }
   else
     { /* Look for namingContexts.  */