gpg: Do not use self-sigs-only for LDAP keyserver imports.

* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status. * g10/options.h (opts): New field expl_import_self_sigs_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we can allow the import of key signature from LDAP keyservers by default. GnuPG-bug-id: 5387
2021-04-13 14:25:16 +02:00 · 2021-04-13 14:25:16 +02:00 · 6c26e593df
parent a16f726f94
commit 6c26e593df
5 changed files with 37 additions and 5 deletions
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@ -964,7 +964,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
  {
    /* The ordering is significant.  Specifically, "pgpcertid" needs
       to be the second item in the list, since everything after it
-       may be discarded we aren't in verbose mode. */
+       may be discarded if we aren't in verbose mode. */
    char *attrs[] =
      {
 	"dummy",
@ -1014,6 +1014,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
      /* The set of entries that we've seen.  */
      strlist_t seen = NULL;
      LDAPMessage *each;
+      int anykey = 0;

      for (npth_unprotect (),
             each = ldap_first_entry (ldap_conn, message),
@ -1066,6 +1067,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
 		      es_fprintf (fp, "\nKEY 0x%s END\n", certid[0]);

 		      ldap_value_free (vals);
+                      anykey = 1;
 		    }
 		}
 	    }
@ -1077,6 +1079,10 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,

      if (! fp)
 	err = gpg_error (GPG_ERR_NO_DATA);
+
+      if (!err && anykey)
+        err = dirmngr_status_printf (ctrl, "SOURCE", "%s://%s",
+                                     uri->scheme, uri->host? uri->host:"");
    }
  }

--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -2010,7 +2010,9 @@ are available for all keyserver types, some common options are:
@end table

 The default list of options is: "self-sigs-only, import-clean,
-repair-keys, repair-pks-subkey-bug, export-attributes".
+repair-keys, repair-pks-subkey-bug, export-attributes". However, if
+the actual used source is an LDAP server "no-self-sigs-only" is
+assumed unless "self-sigs-only" has been explictly configured.


@item --completes-needed @var{n}
--- a/g10/import.c
+++ b/g10/import.c
@ -225,8 +225,20 @@ parse_import_options(char *str,unsigned int *options,int noisy)
      {NULL,0,NULL,NULL}
    };
  int rc;
+  int saved_self_sigs_only;
+
+  /* We need to set a flag indicating wether the user has set
+   * IMPORT_SELF_SIGS_ONLY or it came from the default.  */
+  saved_self_sigs_only = (*options & IMPORT_SELF_SIGS_ONLY);
+  saved_self_sigs_only &= ~IMPORT_SELF_SIGS_ONLY;

  rc = parse_options (str, options, import_opts, noisy);
+
+  if (rc && (*options & IMPORT_SELF_SIGS_ONLY))
+    opt.flags.expl_import_self_sigs_only = 1;
+  else
+    *options |= saved_self_sigs_only;
+
  if (rc && (*options & IMPORT_RESTORE))
    {
      /* Alter other options we want or don't want for restore.  */
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@ -1740,9 +1740,12 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
  if (opt.verbose && source)
    log_info ("data source: %s\n", source);

+
+
  if (!err)
    {
      struct ks_retrieval_screener_arg_s screenerarg;
+      unsigned int options;

      /* FIXME: Check whether this comment should be moved to dirmngr.

@ -1756,12 +1759,18 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
         never accept or send them but we better protect against rogue
         keyservers. */

+      /* For LDAP servers we reset IMPORT_SELF_SIGS_ONLY unless it has
+       * been set explicitly.  */
+      options = (opt.keyserver_options.import_options | IMPORT_NO_SECKEY);
+      if (source && (!strncmp (source, "ldap:", 5)
+                     || !strncmp (source, "ldaps:", 6))
+          && !opt.flags.expl_import_self_sigs_only)
+        options &= ~IMPORT_SELF_SIGS_ONLY;
+
      screenerarg.desc = desc;
      screenerarg.ndesc = *r_ndesc_used;
      import_keys_es_stream (ctrl, datastream, stats_handle,
-                             r_fpr, r_fprlen,
-                             (opt.keyserver_options.import_options
-                              | IMPORT_NO_SECKEY),
+                             r_fpr, r_fprlen, options,
                             keyserver_retrieval_screener, &screenerarg,
                             only_fprs? KEYORG_KS : 0,
                             source);
--- a/g10/options.h
+++ b/g10/options.h
@ -256,6 +256,9 @@ struct
    unsigned int force_sign_key:1;
    /* On key generation do not set the ownertrust.  */
    unsigned int no_auto_trust_new_key:1;
+    /* The next flag is set internally iff IMPORT_SELF_SIGS_ONLY has
+     * been set by the user and is not the default value.  */
+    unsigned int expl_import_self_sigs_only:1;
  } flags;

  /* Linked list of ways to find a key if the key isn't on the local