| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (aPrintWKDHash): New.
(opts) : Add "--print-wkd-hash".
(main): Implement that command.
(proc_userid_from_stdin): New.
* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
(wks_cmd_print_wkd_hash): New.
--
GnuPG-bug-id: 4418
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
* tools/gpg-wks-server.c (encrypt_stream): Ditto.
--
If for example a server was built without the development packages of
the compression libraries installed, the server will not be able to
decrypt a request. In theory this can't happen due to the preference
system but it is just to easy to create the server's key using a
different version of gpg and then use gpg-wks-server built
differently.
For the short messages we exchange compression is not really required
and thus we better do without to make the system more robust.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 70a8db0333e3c22403b3647f8b5f924f6dace719)
|
| |
|
|
|
|
|
|
|
|
| |
* tools/wks-util.c (install_key_from_spec_file): New.
(wks_cmd_install_key): Call it.
* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
* tools/gpg-wks-server.c (main): Ditto.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (write_to_file): Move to ...
* tools/wks-util.c: here.
* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
* tools/wks-util.c (wks_compute_hu_fname): here.
* tools/gpg-wks-server.c (fname_from_userid): Move to ...
* tools/wks-util.c (wks_fname_from_userid): here.
* tools/gpg-wks-server.c (command_install_key): Move to ...
* tools/wks-util.c (wks_cmd_install_key): here and change caller.
* tools/gpg-wks-server.c (command_remove_key): Move to ...
* tools/wks-util.c (wks_cmd_remove_key): here and change callers.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--
Note that a policy file is meanwhile required and thus is is useful to
create it.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit f248416bc9792e80bb0785302058131de49d7639)
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (get_key_status_parm_s)
(get_key_status_cb, get_key): Move to ...
* tools/wks-util.c: ...here.
(get_key): Rename to wks_get_key.
* tools/gpg-wks-server.c: Include userids.h.
(command_install_key): Allow use of a fingerprint.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
* tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
(write_to_file): New.
(check_and_publish): Factor some code out to ...
(compute_hu_fname): ... new.
(command_install_key): Implement.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
* tools/wks-util.c (wks_parse_policy): Parse that field.
(wks_free_policy): New.
* tools/gpg-wks-client.c (command_send): Also try to take the
submission-address from the policy file. Free POLICY.
* tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
(command_list_domains): Free POLICY.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
(opts): New options --check, --with-dir, and --with-file.
(main): Call command_check_key.
(command_list_domains): Implement option --with-dir.
(fname_from_userid): New.
(command_check_key): New.
(command_remove_key): Implement existsing command.
(command_revoke_key): Call command_remove_key as a simple
implementation.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/wks-util.c (list_key_status_cb): Rename to key_status_cb.
(wks_filter_uid): New.
(wks_list_key): Allow FPR to be NULL. Return an error if no
fingerprint was found.
* tools/gpg-wks-server.c (process_new_key)
(check_and_publish): Remove now useless extra check for FPR.
* tools/gpg-wks-client.c (command_check): Ditto.
(command_send): Filter out the newest uid.
--
This fixes the case of having several userids with all the the same
mailbox. Now we use the latest user id created. This patch is also a
prerequisite to automatically create a new user id for providers with
the mailbox-only policy.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New.
* tools/wks-util.c (append_to_uidinfo_list): New.
(free_uidinfo_list): New.
(wks_list_key): Change arg r_mboxes to uidinfo_list_t. Use
append_to_uidinfo_list.
* tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by
uidinfo_list_t.
(process_new_key): Ditto.
(check_and_publish): Ditto.
(command_receive_cb): Replace free_strlist by free_uidinfo_list.
* tools/gpg-wks-client.c (command_check): Replace strlist_t by
uidinfo_list_t. Also print user id in verbose mode.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* tools/gpg-wks-client.c (my_strusage): Add case 12.
* tools/gpg-wks-server.c (my_strusage): Add case 12:
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* COPYING.LIB: Rename to COPYING.LGPL3.
* COPYING.LGPL21: New.
* COPYING.GPL2: New.
* Makefile.am: Distribute them.
* AUTHORS: Update license pointers. Add BSI as copyright holder.
* common/compliance.c, common/compliance.h: Add BSI copyright notice.
Break overlong lines.
* dirmngr/loadswdb.c: Add BSI copyright notices.
* dirmngr/server.c: Ditto.
* tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI
copyright notice.
* tools/call-dirmngr.h: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpg-wks.h: Ditto.
* tools/mime-maker.c: Ditto.
* tools/mime-maker.h: Ditto.
* tools/mime-parser.c: Ditto.
* tools/mime-parser.h: Ditto.
* tools/send-mail.c: Ditto.
* tools/send-mail.h: Ditto.
* tools/wks-receive.c: Ditto.
* tools/wks-util.c: Ditto.
* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
--
For better deployment it seems to be better to make the Web Key
Directory code more easily available.
Some code was been developed under contract of the BSI.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* tools/gpg-wks-server.c: Follow the change.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* tools/gpg-wks-server.c (check_and_publish): Set the permissions.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks.h (WKS_DRAFT_VERSION): New.
* tools/wks-receive.c (new_part): Move test wks draft version to ...
(t2body): new callback.
(wks_receive): Register this callback.
* tools/gpg-wks-server.c (send_confirmation_request): Emit draft
version header.
(send_congratulation_message): Ditto.
* tools/gpg-wks-client.c (decrypt_stream_parm_s): New.
(decrypt_stream_status_cb): Check DECRYTPION_KEY status.
(decrypt_stream): Get infor from new callback.
(process_confirmation_request): New arg 'mainfpr'. Check that it
matches the decryption key.
(read_confirmation_request): Check that the decryption key has been
generated by us.
(command_send): Use macro from draft version header.
(send_confirmation_response): Emit draft version header.
--
This patch also adds a check to only send a confirmation when the
decryption has been done by an ultimately trusted (self-generated)
key.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
--
This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (send_confirmation_request): Add custom
header.
(send_congratulation_message): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (list_key_status_cb): Remove.
(list_key): Move to ...
* tools/wks-util.c (wks_list_key): here and rename. Add new args
R_FPR and R_MBOXES and remove the CTX.
(list_key_status_cb): New.
* tools/wks-util.c: Include ccparray.h, exectool.h, and mbox-util.h.
* tools/gpg-wks-server.c (process_new_key): Replace list_key by
wks_list_key.
(check_and_publish): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
* tools/gpg-wks-server.c (copy_key_as_binary): Initialize 'argv'.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New.
* tools/wks-receive.c: Include rfc822parse.h.
(struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and
MULTIPART_MIXED_SEEN.
(decrypt_data): Add --no-options.
(verify_signature): Ditto.
(new_part): Check for Wks-Draft-Version header. Take care of text
parts.
(wks_receive): Set Parser and pass a flag value to RESULT_CB.
* tools/gpg-wks-client.c (read_confirmation_request): New.
(main) <aRead>: Call read_confirmation_request instead of
process_confirmation_request.
(command_receive_cb): Ditto. Add arg FLAGS..
(decrypt_stream_status_cb, decrypt_stream): New.
(command_send): Set header Wks-Draft-Version.
* tools/gpg-wks-server.c (struct server_ctx_s): Add field
DRAFT_VERSION_2.
(sign_stream_status_cb, sign_stream): New.
(command_receive_cb): Set draft flag.
(send_confirmation_request): Rework to implement protocol draft
version 2.
* tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New.
(DBG_MIME, DBG_PARSER, DBG_CRYPTO): New. Use instead of a plain
opt.debug where useful.
* tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser".
* tools/gpg-wks-server.c (debug_flags): Ditto.
--
If a client supporting the version 2 of the protocol is used, it will
tell this the server using a mail header. An old server will ignore
that but a recent server will use the new protocol. Next task is to
actually write draft-02.
There are still a lot of FIXMEs - take care.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools/mime-maker.c (struct part_s): Remove field MEDIATYPE.
(release_parts): Ditto.
(dump_parts): Print a body line only if tehre is a body.
(mime_maker_add_header): Check for body or container.
(mime_maker_add_container): Remove arg MEDIATYPE. Change all callers.
(mime_maker_end_container): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/call-dirmngr.c (wkd_get_policy_flags): New.
* tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New.
* tools/wks-util.c (wks_parse_policy): New.
* tools/gpg-wks-client.c (command_send): Get the policy flags to show
a new info line.
* tools/gpg-wks-server.c (get_policy_flags): New.
(process_new_key): get policy flag and add a stub for "auth-submit".
(command_list_domains): Check policy flags.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* tools/gpg-wks-server.c (send_congratulation_message): New.
(check_and_publish): Call it.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* tools/gpg-wks-server.c: Allow S_IXOTH for the top directory.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (copy_key_as_binary): New.
(check_and_publish): Use new function instead of rename.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (aListDomains): New.
(opts): Add --list-domains.
(parse_arguments): Implement.
(main): Ditto. Use only one final diagnostic message.
(command_list_domains): New.
(check_and_publish): Remove directory creation.
(get_domain_list): New.
(expire_pending_confirmations): Rewrite using a list of directories.
(command_cron): Get domain list and pass to
expire_pending_confirmations.
--
gpg-wks-server --list-domains
is required once to create the sub directories
|
| |
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (PENDING_TTL): New.
(expire_one_domain, expire_pending_confirmations): New.
(command_cron): New.
(main): Implement --cron.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (encrypt_response_status_cb): New.
(encrypt_response): New.
(send_confirmation_response): Encrypt the response.
* tools/gpg-wks-server.c (send_confirmation_request): Use freeing of
BODY and BODYENC.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* tools/gpg-wks-server.c (copy_key_as_dane): New.
(check_and_publish): Also publish as DANE record.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
'keyfile'.
(store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
(send_confirmation_request): Add arg 'keyfile'.
(process_new_key): Pass on the name of the keyfile.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/send-mail.c, tools/send-mail.h: New.
* tools/wks-util.c: New.
* tools/Makefile.am (gpg_wks_server_SOURCES): Add them.
(gpg_wks_client_SOURCES): Ditto.
* tools/gpg-wks.h (opt): Add fields use_sendmail and output.
* tools/gpg-wks-client.c: Add options --send and --output. Rename
command --send to --create.
(command_send, send_confirmation_response): Output via wks_send_mime.
* tools/gpg-wks-server.c: Add options --send and --output.
(send_confirmation_request): Output via wks_send_mime.
(check_and_publish): Add hack for name-value bug.
--
With this code, a dedicated user on the server along with a procmail
script, it was possible to run a basic test.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks.h (opt): Add 'default_from' and 'extra_headers'.
* tools/gpg-wks-server.c (oFrom, oHeader): New.
(parse_arguments): Set them and check args.
(get_submission_address): New.
(send_confirmation_request): Set correct From address. Add extra
headers.
(process_new_key): Return an error code.
Signed-off-by: Werner Koch <[email protected]>
|
|
|
* configure.ac: Add option --enable-wks-tools
* tools/gpg-wks-client.c: New.
* tools/gpg-wks-server.c: New.
* tools/gpg-wks.h: new.
* tools/wks-receive.c: New.
* tools/call-dirmngr.c, tools/call-dirmngr.h: New.
--
Note that this is just a starting point and not a finished
implementation. Here is how to test the system using
[email protected] as example.
Prepare:
mkdir /var/lib/gnupg/wks
chmod o-rwx /var/lib/gnupg/wks
mkdir /var/lib/gnupg/wks/test.gnupg.org
Run the protocol:
./gpg-wks-client -v --send FPR USERID >x
./gpg-wks-server -v --receive <x >y
./gpg-wks-client --receive <y >z
./gpg-wks-server -v --receive <z
You should also setup a cron job to rsync
/var/lib/gnupg/wks/test.gnupg.org/hu/* to the webserver.
Signed-off-by: Werner Koch <[email protected]>
|
