[svn] GnuPG - r5094 - in trunk: doc g10

svn author dshaw cvs at cvs.gnupg.org
Thu Jul 23 20:28:55 CEST 2009 

Author: dshaw
Date: 2009-07-23 20:28:54 +0200 (Thu, 23 Jul 2009)
New Revision: 5094

Modified:
   trunk/doc/ChangeLog
   trunk/doc/gpg.texi
   trunk/g10/ChangeLog
   trunk/g10/keyserver.c
Log:
Try a DNS-SD lookup to find a domain-specific LDAP server before
resorting to keys.{domain}.


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2009-07-23 15:18:58 UTC (rev 5093)
+++ trunk/doc/ChangeLog	2009-07-23 18:28:54 UTC (rev 5094)
@@ -1,3 +1,8 @@
+2009-07-23  David Shaw  <dshaw at jabberwocky.com>
+
+	* gpg.texi (GPG Configuration Options): LDAP uses DNS-SD to locate
+	a server before falling back to keys.{domain}.
+
 2009-07-23  Werner Koch  <wk at g10code.com>
 
 	* help.txt (gpgsm.crl-problem): New.

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-07-23 15:18:58 UTC (rev 5093)
+++ trunk/g10/ChangeLog	2009-07-23 18:28:54 UTC (rev 5094)
@@ -1,3 +1,8 @@
+2009-07-23  David Shaw  <dshaw at jabberwocky.com>
+
+	* keyserver.c (keyserver_import_ldap): Try a DNS-SD lookup to find
+	a domain-specific LDAP server before resorting to keys.{domain}.
+
 2009-07-22  Werner Koch  <wk at g10code.com>
 
 	* card-util.c (generate_card_keys): Ask for off-card keys only if

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2009-07-23 15:18:58 UTC (rev 5093)
+++ trunk/doc/gpg.texi	2009-07-23 18:28:54 UTC (rev 5094)
@@ -1376,8 +1376,9 @@
 Locate a key using DNS PKA.
 
 @item ldap
-Locate a key using the PGP Universal method of checking
- at samp{ldap://keys.(thedomain)}.
+Using DNS Service Discovery, check the domain in question for any LDAP
+keyservers to use.  If this fails, attempt to locate the key using the
+PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
 
 @item keyserver
 Locate a key using whatever keyserver is defined using the

Modified: trunk/g10/keyserver.c
===================================================================
--- trunk/g10/keyserver.c	2009-07-23 15:18:58 UTC (rev 5093)
+++ trunk/g10/keyserver.c	2009-07-23 18:28:54 UTC (rev 5094)
@@ -42,6 +42,9 @@
 #include "util.h"
 #include "dns-cert.h"
 #include "pka.h"
+#ifdef USE_DNS_SRV
+#include "srv.h"
+#endif
 
 #ifdef HAVE_W32_SYSTEM
 /* It seems Vista doesn't grok X_OK and so fails access() tests.
@@ -2125,18 +2128,20 @@
   return rc;
 }
 
-/* Use the PGP Universal trick of asking ldap://keys.(maildomain) for
-   the key. */
+/* Import a key by name using LDAP */
 int
 keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
 {
   char *domain;
   struct keyserver_spec *keyserver;
   strlist_t list=NULL;
-  int rc;
+  int rc,hostlen=1;
+#ifdef USE_DNS_SRV
+  struct srventry *srvlist=NULL;
+  int srvcount,i;
+  char srvname[MAXDNAME];
+#endif
 
-  append_to_strlist(&list,name);
-
   /* Parse out the domain */
   domain=strrchr(name,'@');
   if(!domain)
@@ -2145,16 +2150,48 @@
   domain++;
 
   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
+  keyserver->scheme=xstrdup("ldap");
+  keyserver->host=xmalloc(1);
+  keyserver->host[0]='\0';
 
-  keyserver->scheme=xstrdup("ldap");
-  keyserver->host=xmalloc(5+strlen(domain)+1);
-  strcpy(keyserver->host,"keys.");
+#ifdef USE_DNS_SRV
+  snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
+
+  srvcount=getsrv(srvname,&srvlist);
+
+  for(i=0;i<srvcount;i++)
+    {
+      hostlen+=strlen(srvlist[i].target)+1;
+      keyserver->host=xrealloc(keyserver->host,hostlen);
+
+      strcat(keyserver->host,srvlist[i].target);
+
+      if(srvlist[i].port!=389)
+	{
+	  char port[7];
+
+	  hostlen+=6; /* a colon, plus 5 digits (unsigned 16-bit value) */
+	  keyserver->host=xrealloc(keyserver->host,hostlen);
+
+	  snprintf(port,7,":%u",srvlist[i].port);
+	  strcat(keyserver->host,port);
+	}
+	
+      strcat(keyserver->host," ");
+    }
+
+  free(srvlist);
+#endif
+
+  /* If all else fails, do the PGP Universal trick of
+     ldap://keys.(domain) */
+
+  hostlen+=5+strlen(domain);
+  keyserver->host=xrealloc(keyserver->host,hostlen);
+  strcat(keyserver->host,"keys.");
   strcat(keyserver->host,domain);
-  keyserver->uri=xmalloc(strlen(keyserver->scheme)+
-			 3+strlen(keyserver->host)+1);
-  strcpy(keyserver->uri,keyserver->scheme);
-  strcat(keyserver->uri,"://");
-  strcat(keyserver->uri,keyserver->host);
+
+  append_to_strlist(&list,name);
     
   rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);

More information about the Gnupg-commits mailing list