gpg: Do not use self-sigs-only for LDAP keyserver imports.

* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--

I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are.  Thus we
can allow the import of key signature from LDAP keyservers by default.

GnuPG-bug-id: 5387

1 files changed, 7 insertions, 1 deletions

diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 52a14a11c..67c456ce3 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -964,7 +964,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
   {
     /* The ordering is significant.  Specifically, "pgpcertid" needs
        to be the second item in the list, since everything after it
-       may be discarded we aren't in verbose mode. */
+       may be discarded if we aren't in verbose mode. */
     char *attrs[] =
       {
 	"dummy",
@@ -1014,6 +1014,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
       /* The set of entries that we've seen.  */
       strlist_t seen = NULL;
       LDAPMessage *each;
+      int anykey = 0;
 
       for (npth_unprotect (),
              each = ldap_first_entry (ldap_conn, message),
@@ -1066,6 +1067,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
 		      es_fprintf (fp, "\nKEY 0x%s END\n", certid[0]);
 
 		      ldap_value_free (vals);
+                      anykey = 1;
 		    }
 		}
 	    }
@@ -1077,6 +1079,10 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
 
       if (! fp)
 	err = gpg_error (GPG_ERR_NO_DATA);
+
+      if (!err && anykey)
+        err = dirmngr_status_printf (ctrl, "SOURCE", "%s://%s",
+                                     uri->scheme, uri->host? uri->host:"");
     }
   }