1 files changed, 67 insertions, 13 deletions

diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index a056b1163..1ffd30ecb 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -1004,6 +1004,15 @@ extract_keys (estream_t output,
     }
   my_ldap_value_free (vals);
 
+  vals = ldap_get_values (ldap_conn, message, "modifyTimestamp");
+  if (vals && vals[0])
+    {
+      gnupg_isotime_t atime;
+      if (!rfc4517toisotime (atime, vals[0]))
+        es_fprintf (output, "chg:%s:\n", atime);
+    }
+  my_ldap_value_free (vals);
+
   es_fprintf (output, "INFO %s END\n", certid);
 }
 
@@ -1368,7 +1377,7 @@ fetch_rootdse (ctrl_t ctrl, parsed_uri_t uri)
       || puri->parsed_uri->opaque)
     {
       err = ks_ldap_query (ctrl, puri->parsed_uri, KS_GET_FLAG_ROOTDSE,
-                           "^&base&(objectclass=*)", NULL, &infp);
+                           "^&base&(objectclass=*)", NULL, NULL, &infp);
       if (err)
         log_error ("ldap: reading the rootDES failed: %s\n",
                    gpg_strerror (err));
@@ -1417,7 +1426,7 @@ basedn_from_rootdse (ctrl_t ctrl, parsed_uri_t uri)
  * data.  KS_GET_FLAGS conveys flags from the client.  */
 gpg_error_t
 ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
-	     unsigned int ks_get_flags, estream_t *r_fp)
+	     unsigned int ks_get_flags, gnupg_isotime_t newer, estream_t *r_fp)
 {
   gpg_error_t err;
   unsigned int serverinfo;
@@ -1442,7 +1451,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
     {
      "dummy", /* (to be be replaced.)  */
      "pgpcertid", "pgpuserid", "pgpkeyid", "pgprevoked", "pgpdisabled",
-     "pgpkeycreatetime", "modifytimestamp", "pgpkeysize", "pgpkeytype",
+     "pgpkeycreatetime", "modifyTimestamp", "pgpkeysize", "pgpkeytype",
      "gpgfingerprint",
      NULL
     };
@@ -1542,6 +1551,28 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
       if (err)
         goto leave;
 
+      if (*newer)
+        {
+          char *tstr, *fstr;
+
+          tstr = isotime2rfc4517 (newer);
+          if (!tstr)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          fstr = strconcat ("(&", filter,
+                            "(modifyTimestamp>=", tstr, "))", NULL);
+          xfree (tstr);
+          if (!fstr)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          xfree (filter);
+          filter = fstr;
+        }
+
       if (opt.debug)
         log_debug ("ks-ldap: using filter: %s\n", filter);
 
@@ -1697,7 +1728,7 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
     char *attrs[] =
       {
 	"pgpcertid", "pgpuserid", "pgprevoked", "pgpdisabled",
-	"pgpkeycreatetime", "pgpkeyexpiretime", "modifytimestamp",
+	"pgpkeycreatetime", "pgpkeyexpiretime", "modifyTimestamp",
 	"pgpkeysize", "pgpkeytype", "gpgfingerprint",
         NULL
       };
@@ -1851,19 +1882,17 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 		  }
                 my_ldap_value_free (vals);
 
-#if 0
-		/* This is not yet specified in the keyserver
-		   protocol, but may be someday. */
 		es_fputc (':', fp);
 
-		vals = ldap_get_values (ldap_conn, each, "modifytimestamp");
-		if(vals && vals[0] strlen (vals[0]) == 15)
+		vals = ldap_get_values (ldap_conn, each, "modifyTimestamp");
+		if(vals && vals[0])
 		  {
-		    es_fprintf (fp, "%u",
-				(unsigned int) ldap2epochtime (vals[0]));
+                    gnupg_isotime_t atime;
+                    if (rfc4517toisotime (atime, vals[0]))
+                      *atime = 0;
+                    es_fprintf (fp, "%s", atime);
 		  }
                 my_ldap_value_free (vals);
-#endif
 
 		es_fprintf (fp, "\n");
 
@@ -2785,7 +2814,8 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
  * return or NULL for all. */
 gpg_error_t
 ks_ldap_query (ctrl_t ctrl, parsed_uri_t uri, unsigned int ks_get_flags,
-               const char *filter_arg, char **attrs, estream_t *r_fp)
+               const char *filter_arg, char **attrs,
+               gnupg_isotime_t newer, estream_t *r_fp)
 {
   gpg_error_t err;
   unsigned int serverinfo;
@@ -2823,6 +2853,30 @@ ks_ldap_query (ctrl_t ctrl, parsed_uri_t uri, unsigned int ks_get_flags,
       err = ldap_parse_extfilter (filter_arg, 0, &basedn, &scope, &filter);
       if (err)
         goto leave;
+      if (newer && *newer)
+        {
+          char *tstr, *fstr;
+
+          tstr = isotime2rfc4517 (newer);
+          if (!tstr)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          if (filter && *filter)
+            fstr = strconcat ("(&", filter,
+                              "(modifyTimestamp>=", tstr, "))", NULL);
+          else
+            fstr = strconcat ("(modifyTimestamp>=", tstr, ")", NULL);
+          xfree (tstr);
+          if (!fstr)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          xfree (filter);
+          filter = fstr;
+        }
     }