dirmngr: New server flag "areconly" (A-record-only)

* dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly" * dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag. * dirmngr/dirmngr_ldap.c: Add option --areconly (connect_ldap): Implement option. * dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option. -- This flag is used to pass the Windows specific option LDAP_OPT_AREC_EXCLUSIVE. It is ignored on other systems. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2022-09-28 09:43:25 +02:00 · 2022-09-28 09:43:25 +02:00 · d65a0335e5
commit d65a0335e5
parent acabbc0078
6 changed files with 51 additions and 3 deletions
--- a/dirmngr/dirmngr_ldap.c
+++ b/dirmngr/dirmngr_ldap.c
@ -92,6 +92,7 @@ enum
    oStartTLS,
    oLdapTLS,
    oNtds,
+    oARecOnly,
    oOnlySearchTimeout,
    oLogWithPID
  };
@ -109,6 +110,7 @@ static gpgrt_opt_t opts[] = {
  { oStartTLS, "starttls",  0, "use STARTLS for the conenction"},
  { oLdapTLS,  "ldaptls",   0, "use a TLS for the connection"},
  { oNtds,     "ntds",      0, "authenticate using AD"},
+  { oARecOnly, "areconly",  0, "do only an A record lookup"},
  { oHost,     "host",      2, "|NAME|connect to host NAME"},
  { oPort,     "port",      1, "|N|connect to port N"},
  { oUser,     "user",      2, "|NAME|use NAME for authentication"},
@ -134,6 +136,7 @@ static struct
  int starttls;
  int ldaptls;
  int ntds;
+  int areconly;

  estream_t outstream;    /* Send output to this stream.  */

@ -234,6 +237,7 @@ main (int argc, char **argv)
        case oStartTLS: opt.starttls = 1; opt.ldaptls = 0; break;
        case oLdapTLS:  opt.starttls = 0; opt.ldaptls = 1; break;
        case oNtds:     opt.ntds = 1; break;
+        case oARecOnly: opt.areconly = 1; break;
        case oMulti: opt.multi = 1; break;
        case oUser: opt.user = pargs.r.ret_str; break;
        case oPass: opt.pass = pargs.r.ret_str; break;
@ -436,6 +440,17 @@ connect_ldap (LDAP **r_ld)
                 opt.host, opt.port, ldap_err2string (lerr));
      goto leave;
    }
+  if (opt.areconly)
+    {
+      lerr = ldap_set_option (ld, LDAP_OPT_AREC_EXCLUSIVE, LDAP_OPT_ON);
+      if (lerr != LDAP_SUCCESS)
+        {
+          log_error ("ldap: unable to set AREC_EXLUSIVE: %s\n",
+                     ldap_err2string (lerr));
+          err = ldap_err_to_gpg_err (lerr);
+          goto leave;
+        }
+    }
 #else /* Unix */
  tmpstr = xtryasprintf ("%s://%s:%d",
                         opt.ldaptls? "ldaps" : "ldap",