gpgsm: Allow sepcification of ldaps servers.

* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps. * sm/gpgsm.c (parse_keyserver_line): Parse flags. * sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr. * dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags. * dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls. * dirmngr/dirmngr_ldap.c: New option --tls. (fetch_ldap): Make use of that option. -- There was no way to specify an LDAPS server in dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This patch fixes this. Eventually we should allow to replace host and port by a partial URI in the same way ldap_initialize does it. For backward compatibility we do not yet do that. Although the dirmngr code accepts an URL (eg. taken from a certificate), I can't see how the scheme was ever used. Thus the patch also detects an ldaps scheme and uses this. That part has not been tested, though. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2019-11-09 11:29:59 +01:00 · 2019-11-09 11:29:59 +01:00 · 6e1c99bc39
commit 6e1c99bc39
parent 2b9d399cf0
9 changed files with 145 additions and 17 deletions
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@ -223,8 +223,9 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
      char *pass = server->pass ? server->pass : "";
      char *base = server->base ? server->base : "";

-      snprintf (line, DIM (line), "LDAPSERVER %s:%i:%s:%s:%s",
-		server->host, server->port, user, pass, base);
+      snprintf (line, DIM (line), "LDAPSERVER %s:%i:%s:%s:%s:%s",
+		server->host, server->port, user, pass, base,
+                server->use_ldaps? "ldaps":"");

      assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
      /* The code below is not required because we don't return an error.  */
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -817,9 +817,17 @@ parse_keyserver_line (char *line,
 {
  char *p;
  char *endp;
+  const char *s;
  struct keyserver_spec *server;
  int fieldno;
  int fail = 0;
+  int i;
+
+  if (!filename)
+    {
+      filename = "[cmd]";
+      lineno = 0;
+    }

  /* Parse the colon separated fields.  */
  server = xcalloc (1, sizeof *server);
@ -833,7 +841,7 @@ parse_keyserver_line (char *line,
 	{
 	case 1:
 	  if (*p)
-	    server->host = xstrdup (p);
+            server->host = xstrdup (p);
 	  else
 	    {
 	      log_error (_("%s:%u: no hostname given\n"),
@ -868,6 +876,32 @@ parse_keyserver_line (char *line,
 	    server->base = xstrdup (p);
 	  break;

+        case 6:
+          {
+            char **flags = NULL;
+
+            flags = strtokenize (p, ",");
+            if (!flags)
+              log_fatal ("strtokenize failed: %s\n",
+                         gpg_strerror (gpg_error_from_syserror ()));
+
+            for (i=0; (s = flags[i]); i++)
+              {
+                if (!*s)
+                  ;
+                else if (!ascii_strcasecmp (s, "ldaps"))
+                  server->use_ldaps = 1;
+                else if (!ascii_strcasecmp (s, "ldap"))
+                  server->use_ldaps = 0;
+                else
+                  log_info (_("%s:%u: ignoring unknown flag '%s'\n"),
+                            filename, lineno, s);
+              }
+
+            xfree (flags);
+          }
+          break;
+
 	default:
 	  /* (We silently ignore extra fields.) */
 	  break;
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -48,6 +48,7 @@ struct keyserver_spec
  char *user;
  char *pass;
  char *base;
+  unsigned int use_ldaps:1;
 };