dirmngr: Allow building without LDAP support.

* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>

NEWS

@@ -1,6 +1,8 @@
 Noteworthy changes in version 2.1.0 (unreleased)
 ------------------------------------------------
 
+ * Dirmngr may now be build without support for LDAP.
+
  * For a complete list of changes see the lists of changes for the
    2.1.0 beta versions below.
 

configure.ac

@@ -716,11 +716,6 @@ if test "$run_tests" = yes; then
 fi
 AM_CONDITIONAL(RUN_TESTS, test "$run_tests" = yes)
 
-if test "$use_ldapwrapper" = yes; then
-   AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
-fi
-AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
-
 
 # (These need to go after AC_PROG_CC so that $EXEEXT is defined)
 AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
@@ -1049,16 +1044,45 @@ AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
 #
 # Note that running the check changes the variable
 # gnupg_have_ldap from "n/a" to "no" or "yes".
-if test "$build_dirmngr" = "yes" ; then
-   GNUPG_CHECK_LDAP($NETLIBS)
-   AC_CHECK_LIB(lber, ber_free,
-                [ LBER_LIBS="$LBER_LIBS -llber"
-                  AC_DEFINE(HAVE_LBER,1,
-                           [defined if liblber is available])
-                  have_lber=yes
-               ])
+
+AC_ARG_ENABLE(ldap,
+    AC_HELP_STRING([--disable-ldap],[disable LDAP support]),
+    [if test "$enableval" = "no"; then gnupg_have_ldap=no; fi])
+
+if test "$gnupg_have_ldap" != "no" ; then
+  if test "$build_dirmngr" = "yes" ; then
+     GNUPG_CHECK_LDAP($NETLIBS)
+     AC_CHECK_LIB(lber, ber_free,
+                  [ LBER_LIBS="$LBER_LIBS -llber"
+                    AC_DEFINE(HAVE_LBER,1,
+                             [defined if liblber is available])
+                    have_lber=yes
+                 ])
+  fi
 fi
 AC_SUBST(LBER_LIBS)
+if test "$gnupg_have_ldap" = "no"; then
+    AC_MSG_WARN([[
+***
+*** Building without LDAP support.
+*** No CRL access or X.509 certificate search available.
+***]])
+fi
+
+AM_CONDITIONAL(USE_LDAP, [test "$gnupg_have_ldap" = yes])
+if test "$gnupg_have_ldap" = yes ; then
+  AC_DEFINE(USE_LDAP,1,[Defined if LDAP is support])
+else
+ use_ldapwrapper=no
+fi
+
+if test "$use_ldapwrapper" = yes; then
+   AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
+fi
+AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
+
+
+
 
 #
 # Check for sendmail
@@ -1703,16 +1727,8 @@ if test "$have_ksba" = "no"; then
 *** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
 ***]])
 fi
-if test "$gnupg_have_ldap" = "no"; then
-    die=yes
-    AC_MSG_NOTICE([[
-***
-*** The Dirmngr part requires an LDAP library
-*** Check out
-***    http://www.openldap.org
-*** for a suitable implementation.
-***]])
-   if test "$have_w32ce_system" = yes; then
+if test "$gnupg_have_ldap" = yes; then
+  if test "$have_w32ce_system" = yes; then
     AC_MSG_NOTICE([[
 *** Note that CeGCC might be broken, a package fixing this is:
 ***    http://files.kolab.org/local/windows-ce/
@@ -1804,6 +1820,7 @@ echo "
 
         Dirmngr auto start:  $dirmngr_auto_start
         Readline support:    $gnupg_cv_have_readline
+        LDAP support:        $gnupg_have_ldap
         DNS SRV support:     $use_dns_srv
         TLS support:         $use_tls_library
 "

dirmngr/Makefile.am

@@ -44,19 +44,27 @@ else
 ldap_url =
 endif
 
+if USE_LDAPWRAPPER
+extraldap_src = ldap-wrapper.c
+else
+extraldap_src = ldap-wrapper-ce.c  dirmngr_ldap.c
+endif
+
 noinst_HEADERS = dirmngr.h crlcache.h crlfetch.h misc.h
 
 dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c	\
-	ldapserver.h ldapserver.c certcache.c certcache.h \
-	cdb.h cdblib.c ldap.c misc.c dirmngr-err.h w32-ldap-help.h \
-	ocsp.c ocsp.h validate.c validate.h ldap-wrapper.h $(ldap_url) \
+	certcache.c certcache.h \
+	cdb.h cdblib.c misc.c dirmngr-err.h  \
+	ocsp.c ocsp.h validate.c validate.h  \
 	ks-action.c ks-action.h ks-engine.h \
         ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
 
-if USE_LDAPWRAPPER
-dirmngr_SOURCES += ldap-wrapper.c
+if USE_LDAP
+dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
+                   ldap-wrapper.h $(ldap_url) $(extraldap_src)
+ldaplibs = $(LDAPLIBS)
 else
-dirmngr_SOURCES += ldap-wrapper-ce.c  dirmngr_ldap.c
+ldaplibs =
 endif
 
 
@@ -65,7 +73,7 @@ dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
 	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
 	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
 if !USE_LDAPWRAPPER
-dirmngr_LDADD += $(LDAPLIBS)
+dirmngr_LDADD += $(ldaplibs)
 endif
 dirmngr_LDFLAGS = $(extra_bin_ldflags)
 

dirmngr/crlfetch.c

@@ -29,8 +29,9 @@
 #include "misc.h"
 #include "http.h"
 
-#include "ldap-wrapper.h"
-
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
 
 /* For detecting armored CRLs received via HTTP (yes, such CRLS really
    exits, e.g. http://grid.fzk.de/ca/gridka-crl.pem at least in June
@@ -156,6 +157,10 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
   char *free_this = NULL;
   int redirects_left = 2; /* We allow for 2 redirect levels.  */
 
+#ifndef USE_LDAP
+  (void)ctrl;
+#endif
+
   *reader = NULL;
 
  once_more:
@@ -286,7 +291,13 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
           err = gpg_error (GPG_ERR_NOT_SUPPORTED);
         }
       else
-        err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
+        {
+#       if USE_LDAP
+          err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
+#       else /*!USE_LDAP*/
+          err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#       endif /*!USE_LDAP*/
+        }
     }
 
   xfree (free_this);
@@ -305,8 +316,15 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
                  "LDAP");
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
+#if USE_LDAP
   return attr_fetch_ldap (ctrl, issuer, "certificateRevocationList",
                           reader);
+#else
+  (void)ctrl;
+  (void)issuer;
+  (void)reader;
+  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
 }
 
 
@@ -323,7 +341,14 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
                  "LDAP");
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
+#if USE_LDAP
   return start_default_fetch_ldap (ctrl, context, dn, "cACertificate");
+#else
+  (void)ctrl;
+  (void)context;
+  (void)dn;
+  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
 }
 
 
@@ -337,7 +362,15 @@ start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
                  "LDAP");
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
+#if USE_LDAP
   return start_cert_fetch_ldap (ctrl, context, patterns, server);
+#else
+  (void)ctrl;
+  (void)context;
+  (void)patterns;
+  (void)server;
+  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
 }
 
 
@@ -345,7 +378,14 @@ gpg_error_t
 fetch_next_cert (cert_fetch_context_t context,
                  unsigned char **value, size_t * valuelen)
 {
+#if USE_LDAP
   return fetch_next_cert_ldap (context, value, valuelen);
+#else
+  (void)context;
+  (void)value;
+  (void)valuelen;
+  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
 }
 
 
@@ -361,9 +401,14 @@ fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
 
   *r_cert = NULL;
 
+#if USE_LDAP
   err = fetch_next_cert_ldap (context, &value, &valuelen);
   if (!err && !value)
     err = gpg_error (GPG_ERR_BUG);
+#else
+  (void)context;
+  err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
   if (err)
     return err;
 
@@ -389,7 +434,11 @@ fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
 void
 end_cert_fetch (cert_fetch_context_t context)
 {
-  return end_cert_fetch_ldap (context);
+#if USE_LDAP
+  end_cert_fetch_ldap (context);
+#else
+  (void)context;
+#endif
 }
 
 
@@ -410,7 +459,13 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url,
   reader = NULL;
   cert = NULL;
 
+#if USE_LDAP
   err = url_fetch_ldap (ctrl, url, NULL, 0, &reader);
+#else
+  (void)ctrl;
+  (void)url;
+  err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif /*USE_LDAP*/
   if (err)
     goto leave;
 
@@ -442,7 +497,9 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url,
  leave:
 
   ksba_cert_release (cert);
+#if USE_LDAP
   ldap_wrapper_release_context (reader);
+#endif /*USE_LDAP*/
 
   return err;
 }
@@ -472,7 +529,11 @@ crl_close_reader (ksba_reader_t reader)
       xfree (cb_ctx);
     }
   else /* This is an ldap wrapper context (Currently not used). */
-    ldap_wrapper_release_context (reader);
+    {
+#if USE_LDAP
+      ldap_wrapper_release_context (reader);
+#endif /*USE_LDAP*/
+    }
 
   /* Now get rid of the reader object. */
   ksba_reader_release (reader);

dirmngr/dirmngr.c

@@ -60,9 +60,13 @@
 #include "crlcache.h"
 #include "crlfetch.h"
 #include "misc.h"
-#include "ldapserver.h"
+#if USE_LDAP
+# include "ldapserver.h"
+#endif
 #include "asshelp.h"
-#include "ldap-wrapper.h"
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
 #include "../common/init.h"
 #include "gc-opt-flags.h"
 
@@ -294,7 +298,9 @@ static int my_tlskey_current_fd;
 
 /* Prototypes. */
 static void cleanup (void);
+#if USE_LDAP
 static ldap_server_t parse_ldapserver_file (const char* filename);
+#endif /*USE_LDAP*/
 static fingerprint_list_t parse_ocsp_signer (const char *string);
 static void handle_connections (assuan_fd_t listen_fd);
 
@@ -445,7 +451,9 @@ wrong_args (const char *text)
 static void
 shutdown_reaper (void)
 {
+#if USE_LDAP
   ldap_wrapper_wait_connections ();
+#endif
 }
 
 
@@ -627,7 +635,9 @@ main (int argc, char **argv)
   int nodetach = 0;
   int csh_style = 0;
   char *logfile = NULL;
+#if USE_LDAP
   char *ldapfile = NULL;
+#endif /*USE_LDAP*/
   int debug_wait = 0;
   int rc;
   int homedir_seen = 0;
@@ -869,7 +879,11 @@ main (int argc, char **argv)
         case oLogFile: logfile = pargs.r.ret_str; break;
         case oCsh: csh_style = 1; break;
         case oSh: csh_style = 0; break;
-	case oLDAPFile: ldapfile = pargs.r.ret_str; break;
+	case oLDAPFile:
+#        if USE_LDAP
+          ldapfile = pargs.r.ret_str;
+#        endif /*USE_LDAP*/
+          break;
 	case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
 	case oLDAPTimeout:
 	  opt.ldaptimeout = pargs.r.ret_int;
@@ -948,6 +962,7 @@ main (int argc, char **argv)
   set_debug ();
 
   /* Get LDAP server list from file. */
+#if USE_LDAP
   if (!ldapfile)
     {
       ldapfile = make_filename (opt.homedir,
@@ -959,6 +974,7 @@ main (int argc, char **argv)
     }
   else
       opt.ldapservers = parse_ldapserver_file (ldapfile);
+#endif /*USE_LDAP*/
 
 #ifndef HAVE_W32_SYSTEM
   /* We need to ignore the PIPE signal because the we might log to a
@@ -995,7 +1011,10 @@ main (int argc, char **argv)
           log_debug ("... okay\n");
         }
 
+#if USE_LDAP
       ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
+
       cert_cache_init ();
       crl_cache_init ();
       start_command_handler (ASSUAN_INVALID_FD);
@@ -1170,7 +1189,10 @@ main (int argc, char **argv)
         }
 #endif
 
+#if USE_LDAP
       ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
+
       cert_cache_init ();
       crl_cache_init ();
 #ifdef USE_W32_SERVICE
@@ -1196,7 +1218,9 @@ main (int argc, char **argv)
       /* Just list the CRL cache and exit. */
       if (argc)
         wrong_args ("--list-crls");
+#if USE_LDAP
       ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
       crl_cache_init ();
       crl_cache_list (es_stdout);
     }
@@ -1207,7 +1231,9 @@ main (int argc, char **argv)
       memset (&ctrlbuf, 0, sizeof ctrlbuf);
       dirmngr_init_default_ctrl (&ctrlbuf);
 
+#if USE_LDAP
       ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
       cert_cache_init ();
       crl_cache_init ();
       if (!argc)
@@ -1229,7 +1255,9 @@ main (int argc, char **argv)
       memset (&ctrlbuf, 0, sizeof ctrlbuf);
       dirmngr_init_default_ctrl (&ctrlbuf);
 
+#if USE_LDAP
       ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
       cert_cache_init ();
       crl_cache_init ();
       rc = crl_fetch (&ctrlbuf, argv[0], &reader);
@@ -1376,7 +1404,9 @@ cleanup (void)
   crl_cache_deinit ();
   cert_cache_deinit (1);
 
+#if USE_LDAP
   ldapserver_list_free (opt.ldapservers);
+#endif /*USE_LDAP*/
   opt.ldapservers = NULL;
 
   if (cleanup_socket)
@@ -1419,6 +1449,7 @@ dirmngr_init_default_ctrl (ctrl_t ctrl)
    5. field: Base DN
 
 */
+#if USE_LDAP
 static ldap_server_t
 parse_ldapserver_file (const char* filename)
 {
@@ -1475,7 +1506,7 @@ parse_ldapserver_file (const char* filename)
 
   return serverstart;
 }
-
+#endif /*USE_LDAP*/
 
 static fingerprint_list_t
 parse_ocsp_signer (const char *string)

dirmngr/server.c

@@ -36,12 +36,16 @@
 
 #include "crlcache.h"
 #include "crlfetch.h"
-#include "ldapserver.h"
+#if USE_LDAP
+# include "ldapserver.h"
+#endif
 #include "ocsp.h"
 #include "certcache.h"
 #include "validate.h"
 #include "misc.h"
-#include "ldap-wrapper.h"
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
 #include "ks-action.h"
 #include "ks-engine.h"  /* (ks_hkp_print_hosttable) */
 
@@ -595,6 +599,7 @@ static const char hlp_ldapserver[] =
 static gpg_error_t
 cmd_ldapserver (assuan_context_t ctx, char *line)
 {
+#if USE_LDAP
   ctrl_t ctrl = assuan_get_pointer (ctx);
   ldap_server_t server;
   ldap_server_t *last_next_p;
@@ -613,6 +618,10 @@ cmd_ldapserver (assuan_context_t ctx, char *line)
     last_next_p = &(*last_next_p)->next;
   *last_next_p = server;
   return leave_cmd (ctx, 0);
+#else
+  (void)line;
+  return leave_cmd (ctx, gpg_error (GPG_ERR_NOT_IMPLEMENTED));
+#endif
 }
 
 
@@ -991,17 +1000,19 @@ static int
 lookup_cert_by_pattern (assuan_context_t ctx, char *line,
                         int single, int cache_only)
 {
-  ctrl_t ctrl = assuan_get_pointer (ctx);
   gpg_error_t err = 0;
   char *p;
   strlist_t sl, list = NULL;
   int truncated = 0, truncation_forced = 0;
   int count = 0;
   int local_count = 0;
+#if USE_LDAP
+  ctrl_t ctrl = assuan_get_pointer (ctx);
   unsigned char *value = NULL;
   size_t valuelen;
   struct ldapserver_iter ldapserver_iter;
   cert_fetch_context_t fetch_context;
+#endif /*USE_LDAP*/
   int any_no_data = 0;
 
   /* Break the line down into an STRLIST */
@@ -1060,6 +1071,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
 
   /* Loop over all configured servers unless we want only the
      certificates from the cache.  */
+#if USE_LDAP
   for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
        !cache_only && !ldapserver_iter_end_p (&ldapserver_iter)
 	 && ldapserver_iter.server->host && !truncation_forced;
@@ -1152,6 +1164,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
 
       end_cert_fetch (fetch_context);
     }
+#endif /*USE_LDAP*/
 
  ready:
   if (truncated || truncation_forced)
@@ -1916,7 +1929,9 @@ reset_notify (assuan_context_t ctx, char *line)
   ctrl_t ctrl = assuan_get_pointer (ctx);
   (void)line;
 
+#if USE_LDAP
   ldapserver_list_free (ctrl->server_local->ldapservers);
+#endif /*USE_LDAP*/
   ctrl->server_local->ldapservers = NULL;
   return 0;
 }
@@ -2042,9 +2057,11 @@ start_command_handler (assuan_fd_t fd)
         }
     }
 
+#if USE_LDAP
   ldap_wrapper_connection_cleanup (ctrl);
 
   ldapserver_list_free (ctrl->server_local->ldapservers);
+#endif /*USE_LDAP*/
   ctrl->server_local->ldapservers = NULL;
 
   ctrl->server_local->assuan_ctx = NULL;