1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

wkd: Let --install-key write a template policy file.

* tools/wks-util.c (ensure_policy_file): New.
(wks_cmd_install_key): Call it.
--

GnuPG-bug-id: 4753
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 50cd1a58f3a612704a0056386e1d5cd7cb28d57d)
This commit is contained in:
Werner Koch 2019-11-23 13:48:30 +01:00
parent 499cd4d2eb
commit 6e893061b5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -21,6 +21,7 @@
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include "../common/util.h"
#include "../common/status.h"
@ -867,6 +868,81 @@ wks_compute_hu_fname (char **r_fname, const char *addrspec)
}
/* Make sure that a policy file exists for addrspec. Directories must
* already exist. */
static gpg_error_t
ensure_policy_file (const char *addrspec)
{
gpg_error_t err;
const char *domain;
char *fname;
estream_t fp;
domain = strchr (addrspec, '@');
if (!domain || !domain[1] || domain == addrspec)
return gpg_error (GPG_ERR_INV_ARG);
domain++;
/* Create the filename. */
fname = make_filename_try (opt.directory, domain, "policy", NULL);
err = fname? 0 : gpg_error_from_syserror ();
if (err)
goto leave;
/* First a quick check whether it already exists. */
if (!access (fname, F_OK))
{
err = 0; /* File already exists. */
goto leave;
}
err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_ENOENT)
err = 0;
else
{
log_error ("domain %s: problem with '%s': %s\n",
domain, fname, gpg_strerror (err));
goto leave;
}
/* Now create the file. */
fp = es_fopen (fname, "wxb");
if (!fp)
{
err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_EEXIST)
err = 0; /* Was created between the access() and fopen(). */
else
log_error ("domain %s: error creating '%s': %s\n",
domain, fname, gpg_strerror (err));
goto leave;
}
es_fprintf (fp, "# Policy flags for domain %s\n", domain);
if (es_ferror (fp) || es_fclose (fp))
{
err = gpg_error_from_syserror ();
log_error ("error writing '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
if (opt.verbose)
log_info ("policy file '%s' created\n", fname);
/* Make sure the policy file world readable. */
if (gnupg_chmod (fname, "-rw-rw-r--"))
{
err = gpg_error_from_syserror ();
log_error ("can't set permissions of '%s': %s\n",
fname, gpg_strerror (err));
goto leave;
}
leave:
xfree (fname);
return err;
}
/* Helper form wks_cmd_install_key. */
static gpg_error_t
@ -1040,6 +1116,12 @@ wks_cmd_install_key (const char *fname, const char *userid)
if (err)
goto leave;
/* Now that wks_compute_hu_fname has created missing directories we
* can create a policy file if it does not exist. */
err = ensure_policy_file (addrspec);
if (err)
goto leave;
/* Publish. */
err = write_to_file (fp, huname);
if (err)
@ -1056,6 +1138,7 @@ wks_cmd_install_key (const char *fname, const char *userid)
if (!opt.quiet)
log_info ("key %s published for '%s'\n", fpr, addrspec);
leave:
xfree (huname);
free_uidinfo_list (uidlist);