diff --git a/doc/wks.texi b/doc/wks.texi index 51b86ca4a..bd2b8d502 100644 --- a/doc/wks.texi +++ b/doc/wks.texi @@ -215,9 +215,9 @@ Further it creates missing directories for the configuration and prints warnings pertaining to problems in the configuration. The command @option{--check-key} (or just @option{--check}) checks -whether a key with the given user-id is installed. The process return -success in this case; to also print a diagnostic, use option -@option{-v}. If the key is not installed a diagnostics is printed and +whether a key with the given user-id is installed. The process returns +success in this case; to also print a diagnostic use the option +@option{-v}. If the key is not installed a diagnostic is printed and the process returns failure; to suppress the diagnostic, use option @option{-q}. More than one user-id can be given; see also option @option{with-file}. @@ -243,6 +243,12 @@ The command @option{--revoke-key} is not yet functional. @table @gnupgtabopt +@item -C @var{dir} +@itemx --directory @var{dir} +@opindex directory +Use @var{dir} as top level directory for domains. The default is +@file{/var/lib/gnupg/wks}. + @item --from @var{mailaddr} @opindex from Use @var{mailaddr} as the default sender address. @@ -256,21 +262,22 @@ Add the mail header "@var{name}: @var{value}" to all outgoing mails. Directly send created mails using the @command{sendmail} command. Requires installation of that command. -@item --output @var{file} -@itemx -o +@item -o @var{file} +@itemx --output @var{file} @opindex output Write the created mail also to @var{file}. Note that the value @code{-} for @var{file} would write it to stdout. @item --with-dir @opindex with-dir -Also print the directory name for each domain listed by command -@option{--list-domains}. +When used with the command @option{--list-domains} print for each +installed domain the domain name and its directory name. @item --with-file @opindex with-file -With command @option{--check-key} print for each user-id, the address, -'i' for installed key or 'n' for not installed key, and the filename. +When used with the command @option{--check-key} print for each user-id, +the address, 'i' for installed key or 'n' for not installed key, and +the filename. @item --verbose @opindex verbose @@ -316,7 +323,7 @@ Finally run $ gpg-wks-server --list-domains @end example -to create the required sub-directories with the permission set +to create the required sub-directories with the permissions set correctly. For each domain a submission address needs to be configured. All service mails are directed to that address. It can be the same address for all configured domains, for example: @@ -326,7 +333,7 @@ be the same address for all configured domains, for example: $ echo key-submission@@example.net >submission-address @end example -The protocol requires that the key to be published is sent with an +The protocol requires that the key to be published is send with an encrypted mail to the service. Thus you need to create a key for the submission address: diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index a5881557f..24b331262 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -58,6 +58,7 @@ enum cmd_and_opt_values oQuiet = 'q', oVerbose = 'v', oOutput = 'o', + oDirectory = 'C', oDebug = 500, @@ -108,6 +109,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oGpgProgram, "gpg", "@"), ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"), ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"), + ARGPARSE_s_s (oDirectory, "directory", "|DIR|use DIR as top directory"), ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"), ARGPARSE_s_s (oHeader, "header" , "|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"), @@ -225,6 +227,9 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case oGpgProgram: opt.gpg_program = pargs->r.ret_str; break; + case oDirectory: + opt.directory = pargs->r.ret_str; + break; case oFrom: opt.default_from = pargs->r.ret_str; break; @@ -350,6 +355,7 @@ main (int argc, char **argv) { log_error ("directory '%s' has too relaxed permissions\n", opt.directory); + log_info ("Fix by running: chmod o-rw '%s'\n", opt.directory); exit (2); } } @@ -1667,7 +1673,7 @@ command_receive_cb (void *opaque, const char *mediatype, -/* Return a list of all configured domains. ECh list element is the +/* Return a list of all configured domains. Each list element is the * top directory for the domain. To figure out the actual domain * name strrchr(name, '/') can be used. */ static gpg_error_t @@ -1946,7 +1952,17 @@ command_list_domains (void) if (!fp) { err = gpg_error_from_syserror (); - if (gpg_err_code (err) != GPG_ERR_ENOENT) + if (gpg_err_code (err) == GPG_ERR_ENOENT) + { + fp = es_fopen (fname, "w"); + if (!fp) + log_error ("domain %s: can't create policy file: %s\n", + domain, gpg_strerror (err)); + else + es_fclose (fp); + fp = NULL; + } + else log_error ("domain %s: error in policy file: %s\n", domain, gpg_strerror (err)); } @@ -1955,17 +1971,8 @@ command_list_domains (void) struct policy_flags_s policy; err = wks_parse_policy (&policy, fp, 0); es_fclose (fp); - if (!err) - { - struct policy_flags_s empty_policy; - memset (&empty_policy, 0, sizeof empty_policy); - if (!memcmp (&empty_policy, &policy, sizeof policy)) - log_error ("domain %s: empty policy file\n", domain); - } wks_free_policy (&policy); } - - } err = 0;