wkd: Add option --directory to the server.

* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--

Note that a policy file is meanwhile required and thus is is useful to
create it.

Signed-off-by: Werner Koch <wk@gnupg.org>

2 files changed, 36 insertions, 22 deletions

diff --git a/doc/wks.texi b/doc/wks.texi
index 51b86ca4a..bd2b8d502 100644
--- a/doc/wks.texi
+++ b/doc/wks.texi
@@ -215,9 +215,9 @@ Further it creates missing directories for the configuration and
 prints warnings pertaining to problems in the configuration.
 
 The command @option{--check-key} (or just @option{--check}) checks
-whether a key with the given user-id is installed.  The process return
-success in this case; to also print a diagnostic, use option
-@option{-v}.  If the key is not installed a diagnostics is printed and
+whether a key with the given user-id is installed.  The process returns
+success in this case; to also print a diagnostic use the option
+@option{-v}.  If the key is not installed a diagnostic is printed and
 the process returns failure; to suppress the diagnostic, use option
 @option{-q}.  More than one user-id can be given; see also option
 @option{with-file}.
@@ -243,6 +243,12 @@ The command @option{--revoke-key} is not yet functional.
 
 @table @gnupgtabopt
 
+@item -C @var{dir}
+@itemx --directory @var{dir}
+@opindex directory
+Use @var{dir} as top level directory for domains.  The default is
+@file{/var/lib/gnupg/wks}.
+
 @item --from @var{mailaddr}
 @opindex from
 Use @var{mailaddr} as the default sender address.
@@ -256,21 +262,22 @@ Add the mail header "@var{name}: @var{value}" to all outgoing mails.
 Directly send created mails using the @command{sendmail} command.
 Requires installation of that command.
 
-@item --output @var{file}
-@itemx -o
+@item -o @var{file}
+@itemx --output @var{file}
 @opindex output
 Write the created mail also to @var{file}. Note that the value
 @code{-} for @var{file} would write it to stdout.
 
 @item --with-dir
 @opindex with-dir
-Also print the directory name for each domain listed by command
-@option{--list-domains}.
+When used with the command @option{--list-domains} print for each
+installed domain the domain name and its directory name.
 
 @item --with-file
 @opindex with-file
-With command @option{--check-key} print for each user-id, the address,
-'i' for installed key or 'n' for not installed key, and the filename.
+When used with the command @option{--check-key} print for each user-id,
+the address, 'i' for installed key or 'n' for not installed key, and
+the filename.
 
 @item --verbose
 @opindex verbose
@@ -316,7 +323,7 @@ Finally run
   $ gpg-wks-server --list-domains
 @end example
 
-to create the required sub-directories with the permission set
+to create the required sub-directories with the permissions set
 correctly.  For each domain a submission address needs to be
 configured.  All service mails are directed to that address.  It can
 be the same address for all configured domains, for example:
@@ -326,7 +333,7 @@ be the same address for all configured domains, for example:
   $ echo key-submission@@example.net >submission-address
 @end example
 
-The protocol requires that the key to be published is sent with an
+The protocol requires that the key to be published is send with an
 encrypted mail to the service.  Thus you need to create a key for
 the submission address:
 
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index a5881557f..24b331262 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -58,6 +58,7 @@ enum cmd_and_opt_values
     oQuiet      = 'q',
     oVerbose	= 'v',
     oOutput     = 'o',
+    oDirectory  = 'C',
 
     oDebug      = 500,
 
@@ -108,6 +109,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
   ARGPARSE_s_n (oSend, "send", "send the mail using sendmail"),
   ARGPARSE_s_s (oOutput, "output", "|FILE|write the mail to FILE"),
+  ARGPARSE_s_s (oDirectory, "directory", "|DIR|use DIR as top directory"),
   ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"),
   ARGPARSE_s_s (oHeader, "header" ,
                 "|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"),
@@ -225,6 +227,9 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
         case oGpgProgram:
           opt.gpg_program = pargs->r.ret_str;
           break;
+        case oDirectory:
+          opt.directory = pargs->r.ret_str;
+          break;
         case oFrom:
           opt.default_from = pargs->r.ret_str;
           break;
@@ -350,6 +355,7 @@ main (int argc, char **argv)
       {
         log_error ("directory '%s' has too relaxed permissions\n",
                    opt.directory);
+        log_info ("Fix by running: chmod o-rw '%s'\n", opt.directory);
         exit (2);
       }
   }
@@ -1667,7 +1673,7 @@ command_receive_cb (void *opaque, const char *mediatype,
 
 
 
-/* Return a list of all configured domains.  ECh list element is the
+/* Return a list of all configured domains.  Each list element is the
  * top directory for the domain.  To figure out the actual domain
  * name strrchr(name, '/') can be used.  */
 static gpg_error_t
@@ -1946,7 +1952,17 @@ command_list_domains (void)
       if (!fp)
         {
           err = gpg_error_from_syserror ();
-          if (gpg_err_code (err) != GPG_ERR_ENOENT)
+          if (gpg_err_code (err) == GPG_ERR_ENOENT)
+            {
+              fp = es_fopen (fname, "w");
+              if (!fp)
+                log_error ("domain %s: can't create policy file: %s\n",
+                           domain, gpg_strerror (err));
+              else
+                es_fclose (fp);
+              fp = NULL;
+            }
+          else
             log_error ("domain %s: error in policy file: %s\n",
                        domain, gpg_strerror (err));
         }
@@ -1955,17 +1971,8 @@ command_list_domains (void)
           struct policy_flags_s policy;
           err = wks_parse_policy (&policy, fp, 0);
           es_fclose (fp);
-          if (!err)
-            {
-              struct policy_flags_s empty_policy;
-              memset (&empty_policy, 0, sizeof empty_policy);
-              if (!memcmp (&empty_policy, &policy, sizeof policy))
-                log_error ("domain %s: empty policy file\n", domain);
-            }
           wks_free_policy (&policy);
         }
-
-
     }
   err = 0;