wkd: New command --mirror for gpg-wks-client.

* tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New.
(opts): Add ----mirror, --no-autostart, and --blacklist.
(parse_arguments): Parse new options.
(main): Parse common.conf.  Implement aMirror.
(mirror_one_key_parm): New.
(mirror_one_keys_userid, mirror_one_key): New.
(command_mirror): New.

* tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags.
* tools/wks-util.c (wks_cmd_install_key): Factor some code out to ...
(wks_install_key_core): new.

* tools/call-dirmngr.c (wkd_dirmngr_ks_get): New.
--

This implements the basic LDAP to WKD mirroring.  The blacklist
option and domain restrictions are not yet fully implemented.

Take care: In OpenLDAP you may need to increase the paged result limit
by using a configuration like:

  dn: olcDatabase={1}mdb,cn=config
  changetype: modify
  replace: olcLimits
  olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited

GnuPG-bug-id: 6224

1 files changed, 39 insertions, 26 deletions

diff --git a/tools/wks-util.c b/tools/wks-util.c
index 3f8e8206d..e1d08b9ed 100644
--- a/tools/wks-util.c
+++ b/tools/wks-util.c
@@ -119,6 +119,7 @@ append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created)
 
   strcpy (sl->uid, plainuid);
   sl->created = created;
+  sl->flags = 0;
   sl->mbox = mailbox_from_userid (plainuid, 0);
   sl->next = NULL;
   if (!*list)
@@ -1031,6 +1032,43 @@ install_key_from_spec_file (const char *fname)
 }
 
 
+/* The core of the code to install a key as a file.  */
+gpg_error_t
+wks_install_key_core (estream_t key, const char *addrspec)
+{
+  gpg_error_t err;
+  char *huname = NULL;
+
+  /* Hash user ID and create filename.  */
+  err = wks_compute_hu_fname (&huname, addrspec);
+  if (err)
+    goto leave;
+
+  /* Now that wks_compute_hu_fname has created missing directories we
+   * can create a policy file if it does not exist.  */
+  err = ensure_policy_file (addrspec);
+  if (err)
+    goto leave;
+
+  /* Publish.  */
+  err = write_to_file (key, huname);
+  if (err)
+    {
+      log_error ("copying key to '%s' failed: %s\n", huname,gpg_strerror (err));
+      goto leave;
+    }
+
+  /* Make sure it is world readable.  */
+  if (gnupg_chmod (huname, "-rw-r--r--"))
+    log_error ("can't set permissions of '%s': %s\n",
+               huname, gpg_strerror (gpg_err_code_from_syserror()));
+
+ leave:
+  xfree (huname);
+  return err;
+}
+
+
 /* Install a single key into the WKD by reading FNAME and extracting
  * USERID.  If USERID is NULL FNAME is expected to be a list of fpr
  * mbox lines and for each line the respective key will be
@@ -1046,7 +1084,6 @@ wks_cmd_install_key (const char *fname, const char *userid)
   uidinfo_list_t uidlist = NULL;
   uidinfo_list_t uid, thisuid;
   time_t thistime;
-  char *huname = NULL;
   int any;
 
   if (!userid)
@@ -1137,36 +1174,12 @@ wks_cmd_install_key (const char *fname, const char *userid)
     fp = fp2;
   }
 
-  /* Hash user ID and create filename.  */
-  err = wks_compute_hu_fname (&huname, addrspec);
-  if (err)
-    goto leave;
-
-  /* Now that wks_compute_hu_fname has created missing directories we
-   * can create a policy file if it does not exist.  */
-  err = ensure_policy_file (addrspec);
-  if (err)
-    goto leave;
-
-  /* Publish.  */
-  err = write_to_file (fp, huname);
-  if (err)
-    {
-      log_error ("copying key to '%s' failed: %s\n", huname,gpg_strerror (err));
-      goto leave;
-    }
-
-  /* Make sure it is world readable.  */
-  if (gnupg_chmod (huname, "-rw-r--r--"))
-    log_error ("can't set permissions of '%s': %s\n",
-               huname, gpg_strerror (gpg_err_code_from_syserror()));
-
+  err = wks_install_key_core (fp, addrspec);
   if (!opt.quiet)
     log_info ("key %s published for '%s'\n", fpr, addrspec);
 
 
  leave:
-  xfree (huname);
   free_uidinfo_list (uidlist);
   xfree (fpr);
   xfree (addrspec);