mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-06 12:33:23 +01:00
wkd: Add option --directory to the server.
* tools/gpg-wks-server.c (opts): Add '--directory', (main): Explain how to set correct permissions. (command_list_domains): Create an empty policy file and remove the warning for an empty policy file. -- Note that a policy file is meanwhile required and thus is is useful to create it. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit f248416bc9792e80bb0785302058131de49d7639)
This commit is contained in:
parent
04604e6cb9
commit
839426104a
29
doc/wks.texi
29
doc/wks.texi
@ -215,9 +215,9 @@ Further it creates missing directories for the configuration and
|
|||||||
prints warnings pertaining to problems in the configuration.
|
prints warnings pertaining to problems in the configuration.
|
||||||
|
|
||||||
The command @option{--check-key} (or just @option{--check}) checks
|
The command @option{--check-key} (or just @option{--check}) checks
|
||||||
whether a key with the given user-id is installed. The process return
|
whether a key with the given user-id is installed. The process returns
|
||||||
success in this case; to also print a diagnostic, use option
|
success in this case; to also print a diagnostic use the option
|
||||||
@option{-v}. If the key is not installed a diagnostics is printed and
|
@option{-v}. If the key is not installed a diagnostic is printed and
|
||||||
the process returns failure; to suppress the diagnostic, use option
|
the process returns failure; to suppress the diagnostic, use option
|
||||||
@option{-q}. More than one user-id can be given; see also option
|
@option{-q}. More than one user-id can be given; see also option
|
||||||
@option{with-file}.
|
@option{with-file}.
|
||||||
@ -243,6 +243,12 @@ The command @option{--revoke-key} is not yet functional.
|
|||||||
|
|
||||||
@table @gnupgtabopt
|
@table @gnupgtabopt
|
||||||
|
|
||||||
|
@item -C @var{dir}
|
||||||
|
@itemx --directory @var{dir}
|
||||||
|
@opindex directory
|
||||||
|
Use @var{dir} as top level directory for domains. The default is
|
||||||
|
@file{/var/lib/gnupg/wks}.
|
||||||
|
|
||||||
@item --from @var{mailaddr}
|
@item --from @var{mailaddr}
|
||||||
@opindex from
|
@opindex from
|
||||||
Use @var{mailaddr} as the default sender address.
|
Use @var{mailaddr} as the default sender address.
|
||||||
@ -256,21 +262,22 @@ Add the mail header "@var{name}: @var{value}" to all outgoing mails.
|
|||||||
Directly send created mails using the @command{sendmail} command.
|
Directly send created mails using the @command{sendmail} command.
|
||||||
Requires installation of that command.
|
Requires installation of that command.
|
||||||
|
|
||||||
@item --output @var{file}
|
@item -o @var{file}
|
||||||
@itemx -o
|
@itemx --output @var{file}
|
||||||
@opindex output
|
@opindex output
|
||||||
Write the created mail also to @var{file}. Note that the value
|
Write the created mail also to @var{file}. Note that the value
|
||||||
@code{-} for @var{file} would write it to stdout.
|
@code{-} for @var{file} would write it to stdout.
|
||||||
|
|
||||||
@item --with-dir
|
@item --with-dir
|
||||||
@opindex with-dir
|
@opindex with-dir
|
||||||
Also print the directory name for each domain listed by command
|
When used with the command @option{--list-domains} print for each
|
||||||
@option{--list-domains}.
|
installed domain the domain name and its directory name.
|
||||||
|
|
||||||
@item --with-file
|
@item --with-file
|
||||||
@opindex with-file
|
@opindex with-file
|
||||||
With command @option{--check-key} print for each user-id, the address,
|
When used with the command @option{--check-key} print for each user-id,
|
||||||
'i' for installed key or 'n' for not installed key, and the filename.
|
the address, 'i' for installed key or 'n' for not installed key, and
|
||||||
|
the filename.
|
||||||
|
|
||||||
@item --verbose
|
@item --verbose
|
||||||
@opindex verbose
|
@opindex verbose
|
||||||
@ -316,7 +323,7 @@ Finally run
|
|||||||
$ gpg-wks-server --list-domains
|
$ gpg-wks-server --list-domains
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
to create the required sub-directories with the permission set
|
to create the required sub-directories with the permissions set
|
||||||
correctly. For each domain a submission address needs to be
|
correctly. For each domain a submission address needs to be
|
||||||
configured. All service mails are directed to that address. It can
|
configured. All service mails are directed to that address. It can
|
||||||
be the same address for all configured domains, for example:
|
be the same address for all configured domains, for example:
|
||||||
@ -326,7 +333,7 @@ be the same address for all configured domains, for example:
|
|||||||
$ echo key-submission@@example.net >submission-address
|
$ echo key-submission@@example.net >submission-address
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
The protocol requires that the key to be published is sent with an
|
The protocol requires that the key to be published is send with an
|
||||||
encrypted mail to the service. Thus you need to create a key for
|
encrypted mail to the service. Thus you need to create a key for
|
||||||
the submission address:
|
the submission address:
|
||||||
|
|
||||||
|
@ -58,6 +58,7 @@ enum cmd_and_opt_values
|
|||||||
oQuiet = 'q',
|
oQuiet = 'q',
|
||||||
oVerbose = 'v',
|
oVerbose = 'v',
|
||||||
oOutput = 'o',
|
oOutput = 'o',
|
||||||
|
oDirectory = 'C',
|
||||||
|
|
||||||
oDebug = 500,
|
oDebug = 500,
|
||||||
|
|
||||||
@ -108,6 +109,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
|
ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
|
||||||
ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"),
|
ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"),
|
||||||
ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"),
|
ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"),
|
||||||
|
ARGPARSE_s_s (oDirectory, "directory", "|DIR|use DIR as top directory"),
|
||||||
ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"),
|
ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"),
|
||||||
ARGPARSE_s_s (oHeader, "header" ,
|
ARGPARSE_s_s (oHeader, "header" ,
|
||||||
"|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"),
|
"|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"),
|
||||||
@ -225,6 +227,9 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
|
|||||||
case oGpgProgram:
|
case oGpgProgram:
|
||||||
opt.gpg_program = pargs->r.ret_str;
|
opt.gpg_program = pargs->r.ret_str;
|
||||||
break;
|
break;
|
||||||
|
case oDirectory:
|
||||||
|
opt.directory = pargs->r.ret_str;
|
||||||
|
break;
|
||||||
case oFrom:
|
case oFrom:
|
||||||
opt.default_from = pargs->r.ret_str;
|
opt.default_from = pargs->r.ret_str;
|
||||||
break;
|
break;
|
||||||
@ -350,6 +355,7 @@ main (int argc, char **argv)
|
|||||||
{
|
{
|
||||||
log_error ("directory '%s' has too relaxed permissions\n",
|
log_error ("directory '%s' has too relaxed permissions\n",
|
||||||
opt.directory);
|
opt.directory);
|
||||||
|
log_info ("Fix by running: chmod o-rw '%s'\n", opt.directory);
|
||||||
exit (2);
|
exit (2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1667,7 +1673,7 @@ command_receive_cb (void *opaque, const char *mediatype,
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Return a list of all configured domains. ECh list element is the
|
/* Return a list of all configured domains. Each list element is the
|
||||||
* top directory for the domain. To figure out the actual domain
|
* top directory for the domain. To figure out the actual domain
|
||||||
* name strrchr(name, '/') can be used. */
|
* name strrchr(name, '/') can be used. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
@ -1946,7 +1952,17 @@ command_list_domains (void)
|
|||||||
if (!fp)
|
if (!fp)
|
||||||
{
|
{
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
if (gpg_err_code (err) != GPG_ERR_ENOENT)
|
if (gpg_err_code (err) == GPG_ERR_ENOENT)
|
||||||
|
{
|
||||||
|
fp = es_fopen (fname, "w");
|
||||||
|
if (!fp)
|
||||||
|
log_error ("domain %s: can't create policy file: %s\n",
|
||||||
|
domain, gpg_strerror (err));
|
||||||
|
else
|
||||||
|
es_fclose (fp);
|
||||||
|
fp = NULL;
|
||||||
|
}
|
||||||
|
else
|
||||||
log_error ("domain %s: error in policy file: %s\n",
|
log_error ("domain %s: error in policy file: %s\n",
|
||||||
domain, gpg_strerror (err));
|
domain, gpg_strerror (err));
|
||||||
}
|
}
|
||||||
@ -1955,17 +1971,8 @@ command_list_domains (void)
|
|||||||
struct policy_flags_s policy;
|
struct policy_flags_s policy;
|
||||||
err = wks_parse_policy (&policy, fp, 0);
|
err = wks_parse_policy (&policy, fp, 0);
|
||||||
es_fclose (fp);
|
es_fclose (fp);
|
||||||
if (!err)
|
|
||||||
{
|
|
||||||
struct policy_flags_s empty_policy;
|
|
||||||
memset (&empty_policy, 0, sizeof empty_policy);
|
|
||||||
if (!memcmp (&empty_policy, &policy, sizeof policy))
|
|
||||||
log_error ("domain %s: empty policy file\n", domain);
|
|
||||||
}
|
|
||||||
wks_free_policy (&policy);
|
wks_free_policy (&policy);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
err = 0;
|
err = 0;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user