security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-09 12:54:23 +01:00
Code Activity

* gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out what

Browse Source 
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP
keyserver.
This commit is contained in:
David Shaw 2004-02-19 15:09:14 +00:00
parent 6c13b96a1d
commit 7e7364973d
2 changed files with 132 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
keyserver/ChangeLog
View File

@ -1,3 +1,11 @@
2004-02-19 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out
what kind of LDAP server we're talking to (either real LDAP or the
LDAP keyserver), and return the baseKeySpaceDN to find keys under.
(main): Call it from here, and remove the old code that only
handled the LDAP keyserver.
2004-02-18 David Shaw <dshaw@jabberwocky.com> 2004-02-18 David Shaw <dshaw@jabberwocky.com>
* gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that * gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that

187
keyserver/gpgkeys_ldap.c
View File

@ -1,5 +1,5 @@
/* gpgkeys_ldap.c - talk to a LDAP keyserver /* gpgkeys_ldap.c - talk to a LDAP keyserver
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2004 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -794,14 +794,132 @@ fail_all(struct keylist *keylist,int action,int err)
} }
} }
static int
find_basekeyspacedn(void)
{
int err,i;
char *attr[]={"namingContexts",NULL,NULL,NULL};
LDAPMessage *res;
char **context;
/* Look for namingContexts */
err=ldap_search_s(ldap,"",LDAP_SCOPE_BASE,"(objectClass=*)",attr,0,&res);
if(err==LDAP_SUCCESS)
{
context=ldap_get_values(ldap,res,"namingContexts");
attr[0]="pgpBaseKeySpaceDN";
attr[1]="pgpVersion";
attr[2]="pgpSoftware";
/* We found some, so try each namingContext as the search base
and look for pgpBaseKeySpaceDN. Because we found this, we
know we're talking to a regular-ish LDAP server and not a
LDAP keyserver. */
for(i=0;context[i] && !basekeyspacedn;i++)
{
char **vals;
LDAPMessage *si_res;
err=ldap_search_s(ldap,context[i],LDAP_SCOPE_ONELEVEL,
"(cn=pgpServerInfo)",attr,0,&si_res);
if(err!=LDAP_SUCCESS)
return err;
vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN");
if(vals)
{
/* This is always "OU=ACTIVE,O=PGP KEYSPACE,C=US", but
it might not be in the future. */
basekeyspacedn=strdup(vals[0]);
ldap_value_free(vals);
}
if(verbose>1)
{
vals=ldap_get_values(ldap,si_res,"pgpSoftware");
if(vals)
{
fprintf(console,"Server: \t%s\n",vals[0]);
ldap_value_free(vals);
}
vals=ldap_get_values(ldap,si_res,"pgpVersion");
if(vals)
{
fprintf(console,"Version:\t%s\n",vals[0]);
ldap_value_free(vals);
}
}
ldap_msgfree(si_res);
}
ldap_value_free(context);
ldap_msgfree(res);
}
else
{
/* We don't have an answer yet, which means the server might be
a LDAP keyserver. */
char **vals;
LDAPMessage *si_res;
attr[0]="pgpBaseKeySpaceDN";
attr[1]="version";
attr[2]="software";
err=ldap_search_s(ldap,"cn=pgpServerInfo",LDAP_SCOPE_BASE,
"(objectClass=*)",attr,0,&si_res);
if(err!=LDAP_SUCCESS)
return err;
vals=ldap_get_values(ldap,si_res,"baseKeySpaceDN");
if(vals)
{
basekeyspacedn=strdup(vals[0]);
ldap_value_free(vals);
}
if(verbose>1)
{
vals=ldap_get_values(ldap,si_res,"software");
if(vals)
{
fprintf(console,"Server: \t%s\n",vals[0]);
ldap_value_free(vals);
}
}
vals=ldap_get_values(ldap,si_res,"version");
if(vals)
{
if(verbose>1)
fprintf(console,"Version:\t%s\n",vals[0]);
/* If the version is high enough, use the new pgpKeyV2
attribute. This design if iffy at best, but it matches how
PGP does it. I figure the NAI folks assumed that there would
never be a LDAP keyserver vendor with a different numbering
scheme. */
if(atoi(vals[0])>1)
pgpkeystr="pgpKeyV2";
ldap_value_free(vals);
}
ldap_msgfree(si_res);
}
return LDAP_SUCCESS;
}
int int
main(int argc,char *argv[]) main(int argc,char *argv[])
{ {
int port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR; int port=0,arg,err,action=-1,ret=KEYSERVER_INTERNAL_ERROR;
char line[MAX_LINE],**vals; char line[MAX_LINE];
int version,failed=0; int version,failed=0;
char *attrs[]={"basekeyspacedn","version","software",NULL};
LDAPMessage *res;
struct keylist *keylist=NULL,*keyptr=NULL; struct keylist *keylist=NULL,*keyptr=NULL;
console=stderr; console=stderr;
@ -1032,71 +1150,14 @@ main(int argc,char *argv[])
goto fail; goto fail;
} }
/* Get the magic info record */ if((err=find_basekeyspacedn()))
err=ldap_search_s(ldap,"cn=PGPServerInfo",LDAP_SCOPE_BASE,
"(objectclass=*)",attrs,0,&res);
if(err!=0)
{ {
fprintf(console,"gpgkeys: error retrieving LDAP server info: %s\n", fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
ldap_err2string(err)); ldap_err2string(err));
fail_all(keylist,action,ldap_err_to_gpg_err(err)); fail_all(keylist,action,ldap_err_to_gpg_err(err));
goto fail; goto fail;
} }
if(ldap_count_entries(ldap,res)!=1)
{
fprintf(console,"gpgkeys: more than one serverinfo record\n");
fail_all(keylist,action,KEYSERVER_INTERNAL_ERROR);
goto fail;
}
if(verbose>1)
{
vals=ldap_get_values(ldap,res,"software");
if(vals!=NULL)
{
fprintf(console,"Server: \t%s\n",vals[0]);
ldap_value_free(vals);
}
}
vals=ldap_get_values(ldap,res,"version");
if(vals!=NULL)
{
if(verbose>1)
fprintf(console,"Version:\t%s\n",vals[0]);
/* If the version is high enough, use the new pgpKeyV2
attribute. This design if iffy at best, but it matches how
PGP does it. I figure the NAI folks assumed that there would
never be a LDAP keyserver vendor with a different numbering
scheme. */
if(atoi(vals[0])>1)
pgpkeystr="pgpKeyV2";
ldap_value_free(vals);
}
/* This is always "OU=ACTIVE,O=PGP KEYSPACE,C=US", but it might not
be in the future. */
vals=ldap_get_values(ldap,res,"basekeyspacedn");
if(vals!=NULL)
{
basekeyspacedn=strdup(vals[0]);
ldap_value_free(vals);
if(basekeyspacedn==NULL)
{
fprintf(console,"gpgkeys: can't allocate string space "
"for LDAP base\n");
fail_all(keylist,action,KEYSERVER_NO_MEMORY);
goto fail;
}
}
ldap_msgfree(res);
switch(action) switch(action)
{ {
case GET: case GET: