security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: If LDAP is not enable, don't build the LDAP bits. 

* dirmngr/Makefile.am (dirmngr_SOURCES): Only include
ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP
is TRUE.
(module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE.
* dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
* dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1949
This commit is contained in:
Neal H. Walfield 2015-04-13 12:02:40 +02:00
parent 454f60399c
commit 5cde5bf373
3 changed files with 72 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
dirmngr/Makefile.am
View File

@ -62,13 +62,12 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
cdb.h cdblib.c misc.c dirmngr-err.h \
ocsp.c ocsp.h validate.c validate.h \
ks-action.c ks-action.h ks-engine.h \
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c \
ks-engine-ldap.c \
ldap-parse-uri.c ldap-parse-uri.h
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
if USE_LDAP
dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
ldap-wrapper.h $(ldap_url) $(extraldap_src)
ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
ks-engine-ldap.c $(ldap_url) $(extraldap_src)
ldaplibs = $(LDAPLIBS)
else
ldaplibs =
@ -114,7 +113,12 @@ t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o \
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
$(DNSLIBS) $(LIBINTL) $(LIBICONV)
module_tests = t-ldap-parse-uri
module_tests =
if USE_LDAP
module_tests += t-ldap-parse-uri
endif
t_ldap_parse_uri_SOURCES = \
t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
$(ldap_url) $(t_common_src)

76
dirmngr/ks-action.c
View File

@ -30,7 +30,9 @@
#include "misc.h"
#include "ks-engine.h"
#include "ks-action.h"
#include "ldap-parse-uri.h"
#if USE_LDAP
# include "ldap-parse-uri.h"
#endif
/* Called by the engine's help functions to print the actual help. */
gpg_error_t
@ -73,10 +75,14 @@ ks_action_help (ctrl_t ctrl, const char *url)
}
else
{
#if USE_LDAP
if (ldap_uri_p (url))
err = ldap_parse_uri (&parsed_uri, url);
else
err = http_parse_uri (&parsed_uri, url, 1);
#endif
{
err = http_parse_uri (&parsed_uri, url, 1);
}
if (err)
return err;
@ -90,8 +96,10 @@ ks_action_help (ctrl_t ctrl, const char *url)
err = ks_finger_help (ctrl, parsed_uri);
if (!err)
err = ks_kdns_help (ctrl, parsed_uri);
#if USE_LDAP
if (!err)
err = ks_ldap_help (ctrl, parsed_uri);
#endif
if (!parsed_uri)
ks_print_help (ctrl,
@ -151,16 +159,23 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers,
for (uri = keyservers; !err && uri; uri = uri->next)
{
int is_http = uri->parsed_uri->is_http;
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
int is_ldap = 0;
#if USE_LDAP
is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
#endif
if (is_http || is_ldap)
{
any_server = 1;
if (is_http)
err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
else if (is_ldap)
#if USE_LDAP
if (is_ldap)
err = ks_ldap_search (ctrl, uri->parsed_uri, patterns->d, &infp);
else
#endif
{
err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
}
if (!err)
{
@ -203,18 +218,27 @@ ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
for (uri = keyservers; !err && uri; uri = uri->next)
{
int is_http = uri->parsed_uri->is_http;
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
int is_ldap = 0;
#if USE_LDAP
is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
#endif
if (is_http || is_ldap)
{
any_server = 1;
for (sl = patterns; !err && sl; sl = sl->next)
{
if (is_http)
err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
else
#if USE_LDAP
if (is_ldap)
err = ks_ldap_get (ctrl, uri->parsed_uri, sl->d, &infp);
else
#endif
{
err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
}
if (err)
{
@ -322,22 +346,32 @@ ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
int any_server = 0;
uri_item_t uri;
(void) info;
(void) infolen;
for (uri = keyservers; !err && uri; uri = uri->next)
{
int is_http = uri->parsed_uri->is_http;
int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
int is_ldap = 0;
#if USE_LDAP
is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
#endif
if (is_http || is_ldap)
{
any_server = 1;
if (is_http)
err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
else
#if USE_LDAP
if (is_ldap)
err = ks_ldap_put (ctrl, uri->parsed_uri, data, datalen,
info, infolen);
else
#endif
{
err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
}
if (err)
{
first_err = err;

10
dirmngr/server.c
View File

@ -48,7 +48,9 @@
#endif
#include "ks-action.h"
#include "ks-engine.h" /* (ks_hkp_print_hosttable) */
#include "ldap-parse-uri.h"
#if USE_LDAP
# include "ldap-parse-uri.h"
#endif
/* To avoid DoS attacks we limit the size of a certificate to
something reasonable. */
@ -1530,10 +1532,14 @@ cmd_keyserver (assuan_context_t ctx, char *line)
item->parsed_uri = NULL;
strcpy (item->uri, line);
#if USE_LDAP
if (ldap_uri_p (item->uri))
err = ldap_parse_uri (&item->parsed_uri, line);
else
err = http_parse_uri (&item->parsed_uri, line, 1);
#endif
{
err = http_parse_uri (&item->parsed_uri, line, 1);
}
if (err)
{
xfree (item);