security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Code Activity
5a93acbc7a
gnupg/dirmngr/ldapserver.h
Werner Koch eb3a629154
dirmngr: Allow for non-URL specified ldap keyservers. 
* dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
(make_keyserver_item): Handle non-URL ldap specs.
* dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
ldap_over_tls, and ntds.

* dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
string.  Improve error messages for the non-file case.  Support flags.
* dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
(ks_action_search, ks_action_get, ks_action_put): Ditto.
* dirmngr/ks-engine-ldap.c: Include ldapserver.h.
(ks_ldap_help): Handle non-URL ldap specs.
(my_ldap_connect): Add args r_host and r_use_tls.  Rewrite to support
URLs and non-URL specified keyservers.
(ks_ldap_get): Adjust for changes in my_ldap_connect.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
--

The idea here is to unify our use of URLS or colon delimited ldap
keyserver specification.  The requirement for percent escaping, for
example the bindname in an URLs, is cumbersome and prone to errors.
This we allow our classic colon delimited format as an alternative.
That format makes it also easy to specify flags to tell dirmngr
whether to use starttls or ldap-over-tls.  The code is nearly 100%
compatible to existing specification.  There is one ambiguity if the
hostname for CRL/X509 searches is just "ldap"; this can be solved by
prefixing it with "ldap:" (already implemented in gpgsm).

GnuPG-bug-id: 5405, 5452
Ported-from: 2b4cddf908
2021-06-16 12:25:13 +02:00

79 lines
1.9 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/* ldapserver.h
Copyright (C) 2008 g10 Code GmbH
This file is part of DirMngr.
DirMngr is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
DirMngr is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, see <https://www.gnu.org/licenses/>. */
#ifndef LDAPSERVER_H
#define LDAPSERVER_H
#include "dirmngr.h"
/* Release the list of SERVERS. As usual it is okay to call this
function with SERVERS passed as NULL. */
void ldapserver_list_free (ldap_server_t servers);
ldap_server_t ldapserver_parse_one (char *line,
const char *filename, unsigned int lineno);
/* Iterate over all servers. */
struct ldapserver_iter
{
ctrl_t ctrl;
enum { LDAPSERVER_SESSION, LDAPSERVER_GLOBAL } group;
ldap_server_t server;
};
static inline void
ldapserver_iter_next (struct ldapserver_iter *iter)
{
if (iter->server)
iter->server = iter->server->next;
if (! iter->server)
{
if (iter->group == LDAPSERVER_SESSION)
{
iter->group = LDAPSERVER_GLOBAL;
iter->server = opt.ldapservers;
}
}
}
static inline int
ldapserver_iter_end_p (struct ldapserver_iter *iter)
{
return (iter->group == LDAPSERVER_GLOBAL && iter->server == NULL);
}
static inline void
ldapserver_iter_begin (struct ldapserver_iter *iter, ctrl_t ctrl)
{
iter->ctrl = ctrl;
iter->group = LDAPSERVER_SESSION;
iter->server = get_ldapservers_from_ctrl (ctrl);
while (iter->server == NULL && ! ldapserver_iter_end_p (iter))
ldapserver_iter_next (iter);
}
#endif /* LDAPSERVER_H */
View Git Blame Copy Permalink