security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

wkd: Add option --directory to the server. 

* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--

Note that a policy file is meanwhile required and thus is is useful to
create it.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-10-26 14:44:32 +02:00
parent 4249e9a2bf
commit f248416bc9
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
doc/wks.texi
View File

@ -215,9 +215,9 @@ Further it creates missing directories for the configuration and
prints warnings pertaining to problems in the configuration. prints warnings pertaining to problems in the configuration.
The command @option{--check-key} (or just @option{--check}) checks The command @option{--check-key} (or just @option{--check}) checks
whether a key with the given user-id is installed. The process return whether a key with the given user-id is installed. The process returns
success in this case; to also print a diagnostic, use option success in this case; to also print a diagnostic use the option
@option{-v}. If the key is not installed a diagnostics is printed and @option{-v}. If the key is not installed a diagnostic is printed and
the process returns failure; to suppress the diagnostic, use option the process returns failure; to suppress the diagnostic, use option
@option{-q}. More than one user-id can be given; see also option @option{-q}. More than one user-id can be given; see also option
@option{with-file}. @option{with-file}.
@ -243,6 +243,12 @@ The command @option{--revoke-key} is not yet functional.
@table @gnupgtabopt @table @gnupgtabopt
@item -C @var{dir}
@itemx --directory @var{dir}
@opindex directory
Use @var{dir} as top level directory for domains. The default is
@file{/var/lib/gnupg/wks}.
@item --from @var{mailaddr} @item --from @var{mailaddr}
@opindex from @opindex from
Use @var{mailaddr} as the default sender address. Use @var{mailaddr} as the default sender address.
@ -256,21 +262,22 @@ Add the mail header "@var{name}: @var{value}" to all outgoing mails.
Directly send created mails using the @command{sendmail} command. Directly send created mails using the @command{sendmail} command.
Requires installation of that command. Requires installation of that command.
@item --output @var{file} @item -o @var{file}
@itemx -o @itemx --output @var{file}
@opindex output @opindex output
Write the created mail also to @var{file}. Note that the value Write the created mail also to @var{file}. Note that the value
@code{-} for @var{file} would write it to stdout. @code{-} for @var{file} would write it to stdout.
@item --with-dir @item --with-dir
@opindex with-dir @opindex with-dir
Also print the directory name for each domain listed by command When used with the command @option{--list-domains} print for each
@option{--list-domains}. installed domain the domain name and its directory name.
@item --with-file @item --with-file
@opindex with-file @opindex with-file
With command @option{--check-key} print for each user-id, the address, When used with the command @option{--check-key} print for each user-id,
'i' for installed key or 'n' for not installed key, and the filename. the address, 'i' for installed key or 'n' for not installed key, and
the filename.
@item --verbose @item --verbose
@opindex verbose @opindex verbose
@ -316,7 +323,7 @@ Finally run
$ gpg-wks-server --list-domains $ gpg-wks-server --list-domains
@end example @end example
to create the required sub-directories with the permission set to create the required sub-directories with the permissions set
correctly. For each domain a submission address needs to be correctly. For each domain a submission address needs to be
configured. All service mails are directed to that address. It can configured. All service mails are directed to that address. It can
be the same address for all configured domains, for example: be the same address for all configured domains, for example:
@ -326,7 +333,7 @@ be the same address for all configured domains, for example:
$ echo key-submission@@example.net >submission-address $ echo key-submission@@example.net >submission-address
@end example @end example
The protocol requires that the key to be published is sent with an The protocol requires that the key to be published is send with an
encrypted mail to the service. Thus you need to create a key for encrypted mail to the service. Thus you need to create a key for
the submission address: the submission address:

29
tools/gpg-wks-server.c
View File

@ -58,6 +58,7 @@ enum cmd_and_opt_values
oQuiet = 'q', oQuiet = 'q',
oVerbose = 'v', oVerbose = 'v',
oOutput = 'o', oOutput = 'o',
oDirectory = 'C',
oDebug = 500, oDebug = 500,
@ -108,6 +109,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oGpgProgram, "gpg", "@"), ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"), ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"),
ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"), ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"),
ARGPARSE_s_s (oDirectory, "directory", "|DIR|use DIR as top directory"),
ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"), ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"),
ARGPARSE_s_s (oHeader, "header" , ARGPARSE_s_s (oHeader, "header" ,
"|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"), "|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"),
@ -225,6 +227,9 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
case oGpgProgram: case oGpgProgram:
opt.gpg_program = pargs->r.ret_str; opt.gpg_program = pargs->r.ret_str;
break; break;
case oDirectory:
opt.directory = pargs->r.ret_str;
break;
case oFrom: case oFrom:
opt.default_from = pargs->r.ret_str; opt.default_from = pargs->r.ret_str;
break; break;
@ -350,6 +355,7 @@ main (int argc, char **argv)
{ {
log_error ("directory '%s' has too relaxed permissions\n", log_error ("directory '%s' has too relaxed permissions\n",
opt.directory); opt.directory);
log_info ("Fix by running: chmod o-rw '%s'\n", opt.directory);
exit (2); exit (2);
} }
} }
@ -1667,7 +1673,7 @@ command_receive_cb (void *opaque, const char *mediatype,
/* Return a list of all configured domains. ECh list element is the /* Return a list of all configured domains. Each list element is the
* top directory for the domain. To figure out the actual domain * top directory for the domain. To figure out the actual domain
* name strrchr(name, '/') can be used. */ * name strrchr(name, '/') can be used. */
static gpg_error_t static gpg_error_t
@ -1946,7 +1952,17 @@ command_list_domains (void)
if (!fp) if (!fp)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
if (gpg_err_code (err) != GPG_ERR_ENOENT) if (gpg_err_code (err) == GPG_ERR_ENOENT)
{
fp = es_fopen (fname, "w");
if (!fp)
log_error ("domain %s: can't create policy file: %s\n",
domain, gpg_strerror (err));
else
es_fclose (fp);
fp = NULL;
}
else
log_error ("domain %s: error in policy file: %s\n", log_error ("domain %s: error in policy file: %s\n",
domain, gpg_strerror (err)); domain, gpg_strerror (err));
} }
@ -1955,17 +1971,8 @@ command_list_domains (void)
struct policy_flags_s policy; struct policy_flags_s policy;
err = wks_parse_policy (&policy, fp, 0); err = wks_parse_policy (&policy, fp, 0);
es_fclose (fp); es_fclose (fp);
if (!err)
{
struct policy_flags_s empty_policy;
memset (&empty_policy, 0, sizeof empty_policy);
if (!memcmp (&empty_policy, &policy, sizeof policy))
log_error ("domain %s: empty policy file\n", domain);
}
wks_free_policy (&policy); wks_free_policy (&policy);
} }
} }
err = 0; err = 0;