dirmngr: New option --ldapserver

* dirmngr/dirmngr.c (opts): Add option --ldapserver. (ldapserver_list_needs_reset): New var. (parse_rereadable_options): Implement option. (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used. * dirmngr/server.c (cmd_ldapserver): Add option --clear and list configured servers if none are given. -- This option allows to specify LDAP keyserver in dirmngr instead of using gpgsm.conf. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2021-05-26 15:49:14 +02:00 · 2021-05-26 15:49:14 +02:00 · ff17aee5d1
commit ff17aee5d1
parent 2b4cddf908
4 changed files with 127 additions and 10 deletions
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@ -124,6 +124,7 @@ enum cmd_and_opt_values {
  oHTTPProxy,
  oLDAPProxy,
  oOnlyLDAPProxy,
+  oLDAPServer,
  oLDAPFile,
  oLDAPTimeout,
  oLDAPAddServers,
@ -209,6 +210,8 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oOnlyLDAPProxy, "only-ldap-proxy",
                N_("do not use fallback hosts with --ldap-proxy")),

+  ARGPARSE_s_s (oLDAPServer, "ldapserver",
+                N_("|SPEC|use this keyserver to lookup keys")),
  ARGPARSE_s_s (oLDAPFile, "ldapserverlist-file",
                N_("|FILE|read LDAP server list from FILE")),
  ARGPARSE_s_n (oLDAPAddServers, "add-servers",
@ -344,6 +347,11 @@ static int network_activity_seen;
 /* A list of filenames registred with --hkp-cacert.  */
 static strlist_t hkp_cacert_filenames;

+/* A flag used to clear the list of ldapservers iff --ldapserver is
+ * given on the command line or one of the conf files. In this case we
+ * want to clear all old specifications through the legacy
+ * dirmngr_ldapservers.conf. */
+static int ldapserver_list_needs_reset;

 /* The timer tick used for housekeeping stuff.  The second constant is used when a shutdown is pending.  */
 #define TIMERTICK_INTERVAL           (60)
@ -637,6 +645,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
      set_dns_timeout (0);
      opt.connect_timeout = 0;
      opt.connect_quick_timeout = 0;
+      ldapserver_list_needs_reset = 1;
      return 1;
    }

@ -725,6 +734,30 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
    case oStandardResolver: enable_standard_resolver (1); break;
    case oRecursiveResolver: enable_recursive_resolver (1); break;

+    case oLDAPServer:
+      {
+        ldap_server_t server;
+        char *p;
+
+        p = pargs->r.ret_str;
+        if (!strncmp (p, "ldap:", 5) && !(p[5] == '/' && p[6] == '/'))
+          p += 5;
+
+        server = ldapserver_parse_one (p, NULL, 0);
+        if (server)
+          {
+            if (ldapserver_list_needs_reset)
+              {
+                ldapserver_list_needs_reset = 0;
+                ldapserver_list_free (opt.ldapservers);
+                opt.ldapservers = NULL;
+              }
+            server->next = opt.ldapservers;
+            opt.ldapservers = server;
+          }
+      }
+      break;
+
    case oKeyServer:
      if (*pargs->r.ret_str)
        add_to_strlist (&opt.keyserver, pargs->r.ret_str);
@ -1087,9 +1120,11 @@ main (int argc, char **argv)

  post_option_parsing ();

-  /* Get LDAP server list from file. */
+  /* Get LDAP server list from file unless --ldapserver has been used.  */
 #if USE_LDAP
-  if (!ldapfile)
+  if (opt.ldapservers)
+    ;
+  else if (!ldapfile)
    {
      ldapfile = make_filename (gnupg_homedir (),
                                "dirmngr_ldapservers.conf",