mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-10 21:38:50 +01:00
6e1c99bc39
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps. * sm/gpgsm.c (parse_keyserver_line): Parse flags. * sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr. * dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags. * dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls. * dirmngr/dirmngr_ldap.c: New option --tls. (fetch_ldap): Make use of that option. -- There was no way to specify an LDAPS server in dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This patch fixes this. Eventually we should allow to replace host and port by a partial URI in the same way ldap_initialize does it. For backward compatibility we do not yet do that. Although the dirmngr code accepts an URL (eg. taken from a certificate), I can't see how the scheme was ever used. Thus the patch also detects an ldaps scheme and uses this. That part has not been tested, though. Signed-off-by: Werner Koch <wk@gnupg.org>
162 lines
3.7 KiB
C
162 lines
3.7 KiB
C
/* dirmngr.c - LDAP access
|
||
Copyright (C) 2008 g10 Code GmbH
|
||
|
||
This file is part of DirMngr.
|
||
|
||
DirMngr is free software; you can redistribute it and/or modify
|
||
it under the terms of the GNU General Public License as published by
|
||
the Free Software Foundation; either version 2 of the License, or
|
||
(at your option) any later version.
|
||
|
||
DirMngr is distributed in the hope that it will be useful,
|
||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
GNU General Public License for more details.
|
||
|
||
You should have received a copy of the GNU General Public License
|
||
along with this program; if not, write to the Free Software
|
||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||
02110-1301, USA. */
|
||
|
||
#ifdef HAVE_CONFIG_H
|
||
# include <config.h>
|
||
#endif
|
||
|
||
#include "dirmngr.h"
|
||
#include "ldapserver.h"
|
||
|
||
|
||
/* Release the list of SERVERS. As usual it is okay to call this
|
||
function with SERVERS passed as NULL. */
|
||
void
|
||
ldapserver_list_free (ldap_server_t servers)
|
||
{
|
||
while (servers)
|
||
{
|
||
ldap_server_t tmp = servers->next;
|
||
xfree (servers->host);
|
||
xfree (servers->user);
|
||
if (servers->pass)
|
||
memset (servers->pass, 0, strlen (servers->pass));
|
||
xfree (servers->pass);
|
||
xfree (servers->base);
|
||
xfree (servers);
|
||
servers = tmp;
|
||
}
|
||
}
|
||
|
||
|
||
/* Parse a single LDAP server configuration line. Returns the server
|
||
or NULL in case of errors. The configuration line is assumed to be
|
||
colon separated with these fields:
|
||
|
||
1. field: Hostname
|
||
2. field: Portnumber
|
||
3. field: Username
|
||
4. field: Password
|
||
5. field: Base DN
|
||
6. field: Flags
|
||
|
||
FILENAME and LINENO are used for diagnostic purposes only.
|
||
*/
|
||
ldap_server_t
|
||
ldapserver_parse_one (char *line,
|
||
const char *filename, unsigned int lineno)
|
||
{
|
||
char *p;
|
||
char *endp;
|
||
const char *s;
|
||
ldap_server_t server;
|
||
int fieldno;
|
||
int fail = 0;
|
||
int i;
|
||
|
||
/* Parse the colon separated fields. */
|
||
server = xcalloc (1, sizeof *server);
|
||
for (fieldno = 1, p = line; p; p = endp, fieldno++ )
|
||
{
|
||
endp = strchr (p, ':');
|
||
if (endp)
|
||
*endp++ = '\0';
|
||
trim_spaces (p);
|
||
switch (fieldno)
|
||
{
|
||
case 1:
|
||
if (*p)
|
||
server->host = xstrdup (p);
|
||
else
|
||
{
|
||
log_error (_("%s:%u: no hostname given\n"),
|
||
filename, lineno);
|
||
fail = 1;
|
||
}
|
||
break;
|
||
|
||
case 2:
|
||
if (*p)
|
||
server->port = atoi (p);
|
||
break;
|
||
|
||
case 3:
|
||
if (*p)
|
||
server->user = xstrdup (p);
|
||
break;
|
||
|
||
case 4:
|
||
if (*p && !server->user)
|
||
{
|
||
log_error (_("%s:%u: password given without user\n"),
|
||
filename, lineno);
|
||
fail = 1;
|
||
}
|
||
else if (*p)
|
||
server->pass = xstrdup (p);
|
||
break;
|
||
|
||
case 5:
|
||
if (*p)
|
||
server->base = xstrdup (p);
|
||
break;
|
||
|
||
case 6:
|
||
{
|
||
char **flags = NULL;
|
||
|
||
flags = strtokenize (p, ",");
|
||
if (!flags)
|
||
log_fatal ("strtokenize failed: %s\n",
|
||
gpg_strerror (gpg_error_from_syserror ()));
|
||
|
||
for (i=0; (s = flags[i]); i++)
|
||
{
|
||
if (!*s)
|
||
;
|
||
else if (!ascii_strcasecmp (s, "ldaps"))
|
||
server->use_ldaps = 1;
|
||
else if (!ascii_strcasecmp (s, "ldap"))
|
||
server->use_ldaps = 0;
|
||
else
|
||
log_info (_("%s:%u: ignoring unknown flag '%s'\n"),
|
||
filename, lineno, s);
|
||
}
|
||
|
||
xfree (flags);
|
||
}
|
||
break;
|
||
|
||
default:
|
||
/* (We silently ignore extra fields.) */
|
||
break;
|
||
}
|
||
}
|
||
|
||
if (fail)
|
||
{
|
||
log_info (_("%s:%u: skipping this line\n"), filename, lineno);
|
||
ldapserver_list_free (server);
|
||
server = NULL;
|
||
}
|
||
|
||
return server;
|
||
}
|