[git] GnuPG - branch, master, updated. gnupg-2.1.15-57-g18a808b
by Werner Koch
cvs at cvs.gnupg.org
Fri Sep 2 17:02:24 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 18a808bccf543d563239f93257aee40aa1b5a475 (commit)
via 46362cbc0e2260e989820795a6e4245c72335172 (commit)
via 505ee45106d6aa2902bbdd6326f8eb7527c273c4 (commit)
via fc445b36fafc8a4cc3ce5a675ac42df7a9d9a02a (commit)
from 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 18a808bccf543d563239f93257aee40aa1b5a475
Author: Werner Koch <wk at gnupg.org>
Date: Fri Sep 2 16:59:49 2016 +0200
po: Fix line ending mismatch in Japanese translation.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/po/ja.po b/po/ja.po
index bbcf6d4..b7cefa8 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 2.1.15\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2016-09-02 10:06+0900\n"
+"PO-Revision-Date: 2016-09-02 16:58+0200\n"
"Last-Translator: NIIBE Yutaka <gniibe at fsij.org>\n"
"Language-Team: none\n"
"Language: ja\n"
@@ -4290,7 +4290,7 @@ msgstr "%sに%s鍵ID %sで施された署名\n"
#, c-format
msgid " issuer \"%s\"\n"
-msgstr " 発行者\"%s\""
+msgstr " 発行者\"%s\"\n"
msgid "Key available at: "
msgstr "以下に鍵があります: "
commit 46362cbc0e2260e989820795a6e4245c72335172
Author: Werner Koch <wk at gnupg.org>
Date: Fri Sep 2 16:54:42 2016 +0200
wks: Add framework for policy flags.
* tools/call-dirmngr.c (wkd_get_policy_flags): New.
* tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New.
* tools/wks-util.c (wks_parse_policy): New.
* tools/gpg-wks-client.c (command_send): Get the policy flags to show
a new info line.
* tools/gpg-wks-server.c (get_policy_flags): New.
(process_new_key): get policy flag and add a stub for "auth-submit".
(command_list_domains): Check policy flags.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/tools/call-dirmngr.c b/tools/call-dirmngr.c
index 0e591dd..9142350 100644
--- a/tools/call-dirmngr.c
+++ b/tools/call-dirmngr.c
@@ -203,3 +203,58 @@ wkd_get_submission_address (const char *addrspec, char **r_addrspec)
assuan_release (ctx);
return err;
}
+
+
+/* Ask the dirmngr for the policy flags and return them as an estream
+ * memory stream. If no policy flags are set, NULL is stored at
+ * R_BUFFER. */
+gpg_error_t
+wkd_get_policy_flags (const char *addrspec, estream_t *r_buffer)
+{
+ gpg_error_t err;
+ assuan_context_t ctx;
+ struct wkd_get_parm_s parm;
+ char *line = NULL;
+ char *buffer = NULL;
+
+ memset (&parm, 0, sizeof parm);
+ *r_buffer = NULL;
+
+ err = connect_dirmngr (&ctx);
+ if (err)
+ return err;
+
+ line = es_bsprintf ("WKD_GET --policy-flags -- %s", addrspec);
+ if (!line)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
+ {
+ err = gpg_error (GPG_ERR_TOO_LARGE);
+ goto leave;
+ }
+
+ parm.memfp = es_fopenmem (0, "rwb");
+ if (!parm.memfp)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ err = assuan_transact (ctx, line, wkd_get_data_cb, &parm,
+ NULL, NULL, wkd_get_status_cb, &parm);
+ if (err)
+ goto leave;
+
+ es_rewind (parm.memfp);
+ *r_buffer = parm.memfp;
+ parm.memfp = 0;
+
+ leave:
+ es_free (buffer);
+ es_fclose (parm.memfp);
+ xfree (line);
+ assuan_release (ctx);
+ return err;
+}
diff --git a/tools/call-dirmngr.h b/tools/call-dirmngr.h
index f1bc368..6c866e7 100644
--- a/tools/call-dirmngr.h
+++ b/tools/call-dirmngr.h
@@ -23,6 +23,7 @@ void set_dirmngr_options (int verbose, int debug_ipc, int autostart);
gpg_error_t wkd_get_submission_address (const char *addrspec,
char **r_addrspec);
+gpg_error_t wkd_get_policy_flags (const char *addrspec, estream_t *r_buffer);
#endif /*GNUPG_TOOLS_CALL_DIRMNGR_H*/
diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index 34b26ea..c0e34c4 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -447,6 +447,9 @@ command_send (const char *fingerprint, char *userid)
estream_t key = NULL;
char *submission_to = NULL;
mime_maker_t mime = NULL;
+ struct policy_flags_s policy;
+
+ memset (&policy, 0, sizeof policy);
if (classify_user_id (fingerprint, &desc, 1)
|| !(desc.mode == KEYDB_SEARCH_MODE_FPR
@@ -473,6 +476,29 @@ command_send (const char *fingerprint, char *userid)
goto leave;
log_info ("submitting request to '%s'\n", submission_to);
+ /* Get the policy flags. */
+ {
+ estream_t mbuf;
+
+ err = wkd_get_policy_flags (addrspec, &mbuf);
+ if (err)
+ {
+ log_error ("error reading policy flags for '%s': %s\n",
+ submission_to, gpg_strerror (err));
+ goto leave;
+ }
+ if (mbuf)
+ {
+ err = wks_parse_policy (&policy, mbuf, 1);
+ es_fclose (mbuf);
+ if (err)
+ goto leave;
+ }
+ }
+
+ if (policy.auth_submit)
+ log_info ("no confirmation required for '%s'\n", addrspec);
+
/* Send the key. */
err = mime_maker_new (&mime, NULL);
if (err)
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index 221db05..678000c 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -766,6 +766,50 @@ get_submission_address (const char *mbox)
}
+/* Get the policy flags for address MBOX and store them in POLICY. */
+static gpg_error_t
+get_policy_flags (policy_flags_t policy, const char *mbox)
+{
+ gpg_error_t err;
+ const char *domain;
+ char *fname;
+ estream_t fp;
+
+ memset (policy, 0, sizeof *policy);
+
+ domain = strchr (mbox, '@');
+ if (!domain)
+ return gpg_error (GPG_ERR_INV_USER_ID);
+ domain++;
+
+ fname = make_filename_try (opt.directory, domain, "policy", NULL);
+ if (!fname)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("make_filename failed in %s: %s\n",
+ __func__, gpg_strerror (err));
+ return err;
+ }
+
+ fp = es_fopen (fname, "r");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ if (gpg_err_code (err) == GPG_ERR_ENOENT)
+ err = 0;
+ else
+ log_error ("error reading '%s': %s\n", fname, gpg_strerror (err));
+ xfree (fname);
+ return err;
+ }
+
+ err = wks_parse_policy (policy, fp, 0);
+ es_fclose (fp);
+ xfree (fname);
+ return err;
+}
+
+
/* We store the key under the name of the nonce we will then send to
* the user. On success the nonce is stored at R_NONCE and the file
* name at R_FNAME. */
@@ -1005,6 +1049,7 @@ process_new_key (server_ctx_t ctx, estream_t key)
char *dname = NULL;
char *nonce = NULL;
char *fname = NULL;
+ struct policy_flags_s policybuf;
/* First figure out the user id from the key. */
err = list_key (ctx, key);
@@ -1035,23 +1080,40 @@ process_new_key (server_ctx_t ctx, estream_t key)
err = gpg_error_from_syserror ();
goto leave;
}
- /* Fixme: check for proper directory permissions. */
+
if (access (dname, W_OK))
{
log_info ("skipping address '%s': Domain not configured\n", sl->d);
continue;
}
- log_info ("storing address '%s'\n", sl->d);
+ if (get_policy_flags (&policybuf, sl->d))
+ {
+ log_info ("skipping address '%s': Bad policy flags\n", sl->d);
+ continue;
+ }
- xfree (nonce);
- xfree (fname);
- err = store_key_as_pending (dname, key, &nonce, &fname);
- if (err)
- goto leave;
+ if (policybuf.auth_submit)
+ {
+ /* Bypass the confirmation stuff and publish the the key as is. */
+ log_info ("publishing address '%s'\n", sl->d);
+ /* FIXME: We need to make sure that we do this only for the
+ * address in the mail. */
+ log_debug ("auth-submit not yet working!\n");
+ }
+ else
+ {
+ log_info ("storing address '%s'\n", sl->d);
- err = send_confirmation_request (ctx, sl->d, nonce, fname);
- if (err)
- goto leave;
+ xfree (nonce);
+ xfree (fname);
+ err = store_key_as_pending (dname, key, &nonce, &fname);
+ if (err)
+ goto leave;
+
+ err = send_confirmation_request (ctx, sl->d, nonce, fname);
+ if (err)
+ goto leave;
+ }
}
leave:
@@ -1639,6 +1701,7 @@ command_list_domains (void)
const char *domain;
char *fname = NULL;
int i;
+ estream_t fp;
err = get_domain_list (&domaindirs);
if (err)
@@ -1686,7 +1749,7 @@ command_list_domains (void)
}
}
- /* Print a warning if the sumbission address is not configured. */
+ /* Print a warning if the submission address is not configured. */
xfree (fname);
fname = make_filename_try (sl->d, "submission-address", NULL);
if (!fname)
@@ -1704,6 +1767,38 @@ command_list_domains (void)
log_error ("domain %s: problem with '%s': %s\n",
domain, fname, gpg_strerror (err));
}
+
+ /* Check the syntax of the optional policy file. */
+ xfree (fname);
+ fname = make_filename_try (sl->d, "policy", NULL);
+ if (!fname)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ fp = es_fopen (fname, "r");
+ if (!fp)
+ {
+ err = gpg_error_from_syserror ();
+ if (gpg_err_code (err) != GPG_ERR_ENOENT)
+ log_error ("domain %s: error in policy file: %s\n",
+ domain, gpg_strerror (err));
+ }
+ else
+ {
+ struct policy_flags_s policy;
+ err = wks_parse_policy (&policy, fp, 0);
+ es_fclose (fp);
+ if (!err)
+ {
+ struct policy_flags_s empty_policy;
+ memset (&empty_policy, 0, sizeof empty_policy);
+ if (!memcmp (&empty_policy, &policy, sizeof policy))
+ log_error ("domain %s: empty policy file\n", domain);
+ }
+ }
+
+
}
err = 0;
diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h
index be85eec..85000cc 100644
--- a/tools/gpg-wks.h
+++ b/tools/gpg-wks.h
@@ -46,8 +46,22 @@ struct
#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */
+/* The parsed policy flags. */
+struct policy_flags_s
+{
+ unsigned int mailbox_only : 1;
+ unsigned int dane_only : 1;
+ unsigned int auth_submit : 1;
+ unsigned int max_pending; /* Seconds to wait for a confirmation. */
+};
+typedef struct policy_flags_s *policy_flags_t;
+
+
+
/*-- wks-util.c --*/
gpg_error_t wks_send_mime (mime_maker_t mime);
+gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream,
+ int ignore_unknown);
/*-- wks-receive.c --*/
gpg_error_t wks_receive (estream_t fp,
diff --git a/tools/wks-util.c b/tools/wks-util.c
index 8d9f92b..7a87a27 100644
--- a/tools/wks-util.c
+++ b/tools/wks-util.c
@@ -63,3 +63,111 @@ wks_send_mime (mime_maker_t mime)
es_fclose (mail);
return err;
}
+
+
+/* Parse the policy flags by reading them from STREAM and storing them
+ * into FLAGS. If IGNORE_UNKNOWN is iset unknown keywords are
+ * ignored. */
+gpg_error_t
+wks_parse_policy (policy_flags_t flags, estream_t stream, int ignore_unknown)
+{
+ enum tokens {
+ TOK_MAILBOX_ONLY,
+ TOK_DANE_ONLY,
+ TOK_AUTH_SUBMIT,
+ TOK_MAX_PENDING
+ };
+ static struct {
+ const char *name;
+ enum tokens token;
+ } keywords[] = {
+ { "mailbox-only", TOK_MAILBOX_ONLY },
+ { "dane-only", TOK_DANE_ONLY },
+ { "auth-submit", TOK_AUTH_SUBMIT },
+ { "max-pending", TOK_MAX_PENDING }
+ };
+ gpg_error_t err = 0;
+ int lnr = 0;
+ char line[1024];
+ char *p, *keyword, *value;
+ int i, n;
+
+ memset (flags, 0, sizeof *flags);
+
+ while (es_fgets (line, DIM(line)-1, stream) )
+ {
+ lnr++;
+ n = strlen (line);
+ if (!n || line[n-1] != '\n')
+ {
+ err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG
+ : GPG_ERR_INCOMPLETE_LINE);
+ break;
+ }
+ trim_trailing_spaces (line);
+ /* Skip empty and comment lines. */
+ for (p=line; spacep (p); p++)
+ ;
+ if (!*p || *p == '#')
+ continue;
+
+ if (*p == ':')
+ {
+ err = gpg_error (GPG_ERR_SYNTAX);
+ break;
+ }
+
+ keyword = p;
+ value = NULL;
+ if ((p = strchr (p, ':')))
+ {
+ /* Colon found: Keyword with value. */
+ *p++ = 0;
+ for (; spacep (p); p++)
+ ;
+ if (!*p)
+ {
+ err = gpg_error (GPG_ERR_MISSING_VALUE);
+ break;
+ }
+ value = p;
+ }
+
+ for (i=0; i < DIM (keywords); i++)
+ if (!ascii_strcasecmp (keywords[i].name, keyword))
+ break;
+ if (!(i < DIM (keywords)))
+ {
+ if (ignore_unknown)
+ continue;
+ err = gpg_error (GPG_ERR_INV_NAME);
+ break;
+ }
+
+ switch (keywords[i].token)
+ {
+ case TOK_MAILBOX_ONLY: flags->mailbox_only = 1; break;
+ case TOK_DANE_ONLY: flags->dane_only = 1; break;
+ case TOK_AUTH_SUBMIT: flags->auth_submit = 1; break;
+ case TOK_MAX_PENDING:
+ if (!value)
+ {
+ err = gpg_error (GPG_ERR_SYNTAX);
+ goto leave;
+ }
+ /* FIXME: Define whether these are seconds, hours, or days
+ * and decide whether to allow other units. */
+ flags->max_pending = atoi (value);
+ break;
+ }
+ }
+
+ if (!err && !es_feof (stream))
+ err = gpg_error_from_syserror ();
+ leave:
+ if (err)
+ log_error ("error reading '%s', line %d: %s\n",
+ es_fname_get (stream), lnr, gpg_strerror (err));
+
+ return err;
+}
commit 505ee45106d6aa2902bbdd6326f8eb7527c273c4
Author: Werner Koch <wk at gnupg.org>
Date: Fri Sep 2 16:52:17 2016 +0200
dirmngr: Add --policy-flags option to WKD_GET.
* dirmngr/server.c (cmd_wkd_get): Add new option.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 3ac4160..03adc61 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -794,10 +794,10 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
static const char hlp_wkd_get[] =
- "WKD_GET [--submission-address] <user_id>\n"
+ "WKD_GET [--submission-address|--policy-flags] <user_id>\n"
"\n"
- "Return the key or the submission address for <user_id>\n"
- "from a Web Key Directory.";
+ "Return the key or other info for <user_id>\n"
+ "from the Web Key Directory.";
static gpg_error_t
cmd_wkd_get (assuan_context_t ctx, char *line)
{
@@ -809,8 +809,10 @@ cmd_wkd_get (assuan_context_t ctx, char *line)
char *uri = NULL;
char *encodedhash = NULL;
int opt_submission_addr;
+ int opt_policy_flags;
opt_submission_addr = has_option (line, "--submission-address");
+ opt_policy_flags = has_option (line, "--policy-flags");
line = skip_options (line);
mbox = mailbox_from_userid (line);
@@ -836,6 +838,13 @@ cmd_wkd_get (assuan_context_t ctx, char *line)
"/.well-known/openpgpkey/submission-address",
NULL);
}
+ else if (opt_policy_flags)
+ {
+ uri = strconcat ("https://",
+ domain,
+ "/.well-known/openpgpkey/policy",
+ NULL);
+ }
else
{
uri = strconcat ("https://",
commit fc445b36fafc8a4cc3ce5a675ac42df7a9d9a02a
Author: Werner Koch <wk at gnupg.org>
Date: Fri Sep 2 15:33:34 2016 +0200
common: Check read errors in name-value.c
* common/name-value.c: Check for read errors.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/name-value.c b/common/name-value.c
index 0b32a44..ebc48e5 100644
--- a/common/name-value.c
+++ b/common/name-value.c
@@ -665,7 +665,7 @@ do_nvc_parse (nvc_t *result, int *errlinep, estream_t stream,
if (errlinep)
*errlinep = 0;
- while ((len = es_read_line (stream, &buf, &buf_len, NULL)))
+ while ((len = es_read_line (stream, &buf, &buf_len, NULL)) > 0)
{
char *p;
if (errlinep)
@@ -735,6 +735,11 @@ do_nvc_parse (nvc_t *result, int *errlinep, estream_t stream,
goto leave;
}
}
+ if (len < 0)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
/* Add the final entry. */
if (raw_value)
-----------------------------------------------------------------------
Summary of changes:
common/name-value.c | 7 ++-
dirmngr/server.c | 15 +++++--
po/ja.po | 4 +-
tools/call-dirmngr.c | 55 +++++++++++++++++++++++
tools/call-dirmngr.h | 1 +
tools/gpg-wks-client.c | 26 +++++++++++
tools/gpg-wks-server.c | 117 ++++++++++++++++++++++++++++++++++++++++++++-----
tools/gpg-wks.h | 14 ++++++
tools/wks-util.c | 108 +++++++++++++++++++++++++++++++++++++++++++++
9 files changed, 330 insertions(+), 17 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list