security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

wkd: Add option --directory to the server. 

* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--

Note that a policy file is meanwhile required and thus is is useful to
create it.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-10-26 14:44:32 +02:00
parent 4249e9a2bf
commit f248416bc9
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
doc/wks.texi
View File

@ -215,9 +215,9 @@ Further it creates missing directories for the configuration and
prints warnings pertaining to problems in the configuration.
The command @option{--check-key} (or just @option{--check}) checks
whether a key with the given user-id is installed. The process return
success in this case; to also print a diagnostic, use option
@option{-v}. If the key is not installed a diagnostics is printed and
whether a key with the given user-id is installed. The process returns
success in this case; to also print a diagnostic use the option
@option{-v}. If the key is not installed a diagnostic is printed and
the process returns failure; to suppress the diagnostic, use option
@option{-q}. More than one user-id can be given; see also option
@option{with-file}.
@ -243,6 +243,12 @@ The command @option{--revoke-key} is not yet functional.
@table @gnupgtabopt
@item -C @var{dir}
@itemx --directory @var{dir}
@opindex directory
Use @var{dir} as top level directory for domains. The default is
@file{/var/lib/gnupg/wks}.
@item --from @var{mailaddr}
@opindex from
Use @var{mailaddr} as the default sender address.
@ -256,21 +262,22 @@ Add the mail header "@var{name}: @var{value}" to all outgoing mails.
Directly send created mails using the @command{sendmail} command.
Requires installation of that command.
@item --output @var{file}
@itemx -o
@item -o @var{file}
@itemx --output @var{file}
@opindex output
Write the created mail also to @var{file}. Note that the value
@code{-} for @var{file} would write it to stdout.
@item --with-dir
@opindex with-dir
Also print the directory name for each domain listed by command
@option{--list-domains}.
When used with the command @option{--list-domains} print for each
installed domain the domain name and its directory name.
@item --with-file
@opindex with-file
With command @option{--check-key} print for each user-id, the address,
'i' for installed key or 'n' for not installed key, and the filename.
When used with the command @option{--check-key} print for each user-id,
the address, 'i' for installed key or 'n' for not installed key, and
the filename.
@item --verbose
@opindex verbose
@ -316,7 +323,7 @@ Finally run
$ gpg-wks-server --list-domains
@end example
to create the required sub-directories with the permission set
to create the required sub-directories with the permissions set
correctly. For each domain a submission address needs to be
configured. All service mails are directed to that address. It can
be the same address for all configured domains, for example:
@ -326,7 +333,7 @@ be the same address for all configured domains, for example:
$ echo key-submission@@example.net >submission-address
@end example
The protocol requires that the key to be published is sent with an
The protocol requires that the key to be published is send with an
encrypted mail to the service. Thus you need to create a key for
the submission address:

29
tools/gpg-wks-server.c
View File

@ -58,6 +58,7 @@ enum cmd_and_opt_values
oQuiet = 'q',
oVerbose = 'v',
oOutput = 'o',
oDirectory = 'C',
oDebug = 500,
@ -108,6 +109,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"),
ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"),
ARGPARSE_s_s (oDirectory, "directory", "|DIR|use DIR as top directory"),
ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"),
ARGPARSE_s_s (oHeader, "header" ,
"|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"),
@ -225,6 +227,9 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
case oGpgProgram:
opt.gpg_program = pargs->r.ret_str;
break;
case oDirectory:
opt.directory = pargs->r.ret_str;
break;
case oFrom:
opt.default_from = pargs->r.ret_str;
break;
@ -350,6 +355,7 @@ main (int argc, char **argv)
{
log_error ("directory '%s' has too relaxed permissions\n",
opt.directory);
log_info ("Fix by running: chmod o-rw '%s'\n", opt.directory);
exit (2);
}
}
@ -1667,7 +1673,7 @@ command_receive_cb (void *opaque, const char *mediatype,
/* Return a list of all configured domains. ECh list element is the
/* Return a list of all configured domains. Each list element is the
* top directory for the domain. To figure out the actual domain
* name strrchr(name, '/') can be used. */
static gpg_error_t
@ -1946,7 +1952,17 @@ command_list_domains (void)
if (!fp)
{
err = gpg_error_from_syserror ();
if (gpg_err_code (err) != GPG_ERR_ENOENT)
if (gpg_err_code (err) == GPG_ERR_ENOENT)
{
fp = es_fopen (fname, "w");
if (!fp)
log_error ("domain %s: can't create policy file: %s\n",
domain, gpg_strerror (err));
else
es_fclose (fp);
fp = NULL;
}
else
log_error ("domain %s: error in policy file: %s\n",
domain, gpg_strerror (err));
}
@ -1955,17 +1971,8 @@ command_list_domains (void)
struct policy_flags_s policy;
err = wks_parse_policy (&policy, fp, 0);
es_fclose (fp);
if (!err)
{
struct policy_flags_s empty_policy;
memset (&empty_policy, 0, sizeof empty_policy);
if (!memcmp (&empty_policy, &policy, sizeof policy))
log_error ("domain %s: empty policy file\n", domain);
}
wks_free_policy (&policy);
}
}
err = 0;