From 7ccd489aa2e5c5ef6c4554c9f04dd74394b43409 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 6 Oct 2022 18:38:29 +0200 Subject: wkd: New command --mirror for gpg-wks-client. * tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New. (opts): Add ----mirror, --no-autostart, and --blacklist. (parse_arguments): Parse new options. (main): Parse common.conf. Implement aMirror. (mirror_one_key_parm): New. (mirror_one_keys_userid, mirror_one_key): New. (command_mirror): New. * tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags. * tools/wks-util.c (wks_cmd_install_key): Factor some code out to ... (wks_install_key_core): new. * tools/call-dirmngr.c (wkd_dirmngr_ks_get): New. -- This implements the basic LDAP to WKD mirroring. The blacklist option and domain restrictions are not yet fully implemented. Take care: In OpenLDAP you may need to increase the paged result limit by using a configuration like: dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcLimits olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited GnuPG-bug-id: 6224 --- tools/wks-util.c | 65 +++++++++++++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 26 deletions(-) (limited to 'tools/wks-util.c') diff --git a/tools/wks-util.c b/tools/wks-util.c index 3f8e8206d..e1d08b9ed 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -119,6 +119,7 @@ append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created) strcpy (sl->uid, plainuid); sl->created = created; + sl->flags = 0; sl->mbox = mailbox_from_userid (plainuid, 0); sl->next = NULL; if (!*list) @@ -1031,6 +1032,43 @@ install_key_from_spec_file (const char *fname) } +/* The core of the code to install a key as a file. */ +gpg_error_t +wks_install_key_core (estream_t key, const char *addrspec) +{ + gpg_error_t err; + char *huname = NULL; + + /* Hash user ID and create filename. */ + err = wks_compute_hu_fname (&huname, addrspec); + if (err) + goto leave; + + /* Now that wks_compute_hu_fname has created missing directories we + * can create a policy file if it does not exist. */ + err = ensure_policy_file (addrspec); + if (err) + goto leave; + + /* Publish. */ + err = write_to_file (key, huname); + if (err) + { + log_error ("copying key to '%s' failed: %s\n", huname,gpg_strerror (err)); + goto leave; + } + + /* Make sure it is world readable. */ + if (gnupg_chmod (huname, "-rw-r--r--")) + log_error ("can't set permissions of '%s': %s\n", + huname, gpg_strerror (gpg_err_code_from_syserror())); + + leave: + xfree (huname); + return err; +} + + /* Install a single key into the WKD by reading FNAME and extracting * USERID. If USERID is NULL FNAME is expected to be a list of fpr * mbox lines and for each line the respective key will be @@ -1046,7 +1084,6 @@ wks_cmd_install_key (const char *fname, const char *userid) uidinfo_list_t uidlist = NULL; uidinfo_list_t uid, thisuid; time_t thistime; - char *huname = NULL; int any; if (!userid) @@ -1137,36 +1174,12 @@ wks_cmd_install_key (const char *fname, const char *userid) fp = fp2; } - /* Hash user ID and create filename. */ - err = wks_compute_hu_fname (&huname, addrspec); - if (err) - goto leave; - - /* Now that wks_compute_hu_fname has created missing directories we - * can create a policy file if it does not exist. */ - err = ensure_policy_file (addrspec); - if (err) - goto leave; - - /* Publish. */ - err = write_to_file (fp, huname); - if (err) - { - log_error ("copying key to '%s' failed: %s\n", huname,gpg_strerror (err)); - goto leave; - } - - /* Make sure it is world readable. */ - if (gnupg_chmod (huname, "-rw-r--r--")) - log_error ("can't set permissions of '%s': %s\n", - huname, gpg_strerror (gpg_err_code_from_syserror())); - + err = wks_install_key_core (fp, addrspec); if (!opt.quiet) log_info ("key %s published for '%s'\n", fpr, addrspec); leave: - xfree (huname); free_uidinfo_list (uidlist); xfree (fpr); xfree (addrspec); -- cgit v1.2.3