dirmngr: New server flag "areconly" (A-record-only)

* dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly" * dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag. * dirmngr/dirmngr_ldap.c: Add option --areconly (connect_ldap): Implement option. * dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option. -- This flag is used to pass the Windows specific option LDAP_OPT_AREC_EXCLUSIVE. It is ignored on other systems. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2022-09-28 09:43:25 +02:00 · 2022-09-28 09:43:25 +02:00 · d65a0335e5
commit d65a0335e5
parent acabbc0078
6 changed files with 51 additions and 3 deletions
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@ -119,13 +119,14 @@ run_ldap_wrapper (ctrl_t ctrl,
                  int multi_mode,
                  int tls_mode,
                  int ntds,
+                  int areconly,
                  const char *proxy,
                  const char *host, int port,
                  const char *user, const char *pass,
                  const char *base, const char *filter, const char *attr,
                  ksba_reader_t *reader)
 {
-  const char *argv[50];
+  const char *argv[51];
  int argc;
  char portbuf[30], timeoutbuf[30];

@ -156,6 +157,9 @@ run_ldap_wrapper (ctrl_t ctrl,
  if (ntds)
    argv[argc++] = "--ntds";

+  if (areconly)
+    argv[argc++] = "--areconly";
+
  if (opt.ldaptimeout)
    {
      snprintf (timeoutbuf, sizeof timeoutbuf, "%u", opt.ldaptimeout);
@ -262,6 +266,7 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
                          0, /* No Multi-mode.  */
                          tls_mode,
                          0, /* No AD authentication.  */
+                          0, /* No areconly.  */
                          opt.ldap_proxy,
                          ludp->lud_host, ludp->lud_port,
                          NULL, NULL,  /* user, password */
@ -308,6 +313,7 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
                                  0, /* No Multi-mode */
                                  tls_mode,
                                  server->ntds,
+                                  server->areconly,
                                  NULL,
                                  server->host, server->port,
                                  server->user, server->pass,
@ -358,6 +364,7 @@ attr_fetch_ldap (ctrl_t ctrl,
                              0,
                              tls_mode,
                              server->ntds,
+                              server->areconly,
                              opt.ldap_proxy,
                              server->host, server->port,
                              server->user, server->pass,
@ -625,6 +632,7 @@ start_cacert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
                              1,  /* --multi (record format) */
                              0, /* No TLS */
                              0, /* No AD authentication.  */
+                              server->areconly,
                              opt.ldap_proxy,
                              server->host, server->port,
                              server->user, server->pass,