1 /* dirmngr.c - Keyserver and X.509 LDAP access
2 * Copyright (C) 2002 Klarälvdalens Datakonsult AB
3 * Copyright (C) 2003-2004, 2006-2007, 2008, 2010-2011, 2020 g10 Code GmbH
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
20 * SPDX-License-Identifier: GPL-3.0-or-later
34 #ifndef HAVE_W32_SYSTEM
35 #include <sys/socket.h>
43 #ifdef HAVE_INOTIFY_INIT
44 # include <sys/inotify.h>
45 #endif /*HAVE_INOTIFY_INIT*/
48 #include "dirmngr-err.h"
53 # include <gnutls/gnutls.h>
54 #endif /*HTTP_USE_GNUTLS*/
57 #define INCLUDED_BY_MAIN_MODULE 1
58 #define GNUPG_COMMON_NEED_AFLOCAL
63 #include "certcache.h"
68 # include "ldapserver.h"
70 #include "../common/asshelp.h"
72 # include "ldap-wrapper.h"
74 #include "../common/comopt.h"
75 #include "../common/init.h"
76 #include "../common/gc-opt-flags.h"
77 #include "dns-stuff.h"
78 #include "http-common.h"
81 # define ENAMETOOLONG EINVAL
85 enum cmd_and_opt_values {
111 oDebugCacheExpiredCerts,
149 oIgnoreCertExtension,
155 oDisableCheckOwnSocket,
160 oConnectQuickTimeout,
169 static gpgrt_opt_t opts[] = {
171 ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
172 ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
173 ARGPARSE_c (aGPGConfVersions, "gpgconf-versions", "@"),
175 ARGPARSE_group (300, N_("@Commands:\n ")),
177 ARGPARSE_c (aServer, "server", N_("run in server mode (foreground)") ),
178 ARGPARSE_c (aDaemon, "daemon", N_("run in daemon mode (background)") ),
179 #ifndef HAVE_W32_SYSTEM
180 ARGPARSE_c (aSupervised, "supervised", "@"),
182 ARGPARSE_c (aListCRLs, "list-crls", N_("list the contents of the CRL cache")),
183 ARGPARSE_c (aLoadCRL, "load-crl", N_("|FILE|load CRL from FILE into cache")),
184 ARGPARSE_c (aFetchCRL, "fetch-crl", N_("|URL|fetch a CRL from URL")),
185 ARGPARSE_c (aShutdown, "shutdown", N_("shutdown the dirmngr")),
186 ARGPARSE_c (aFlush, "flush", N_("flush the cache")),
189 ARGPARSE_header (NULL, N_("Options used for startup")),
191 ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
192 ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
193 ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
194 ARGPARSE_s_n (oStealSocket, "steal-socket", "@"),
195 ARGPARSE_s_s (oHomedir, "homedir", "@"),
196 ARGPARSE_conffile (oOptions, "options", N_("|FILE|read options from FILE")),
197 ARGPARSE_noconffile (oNoOptions, "no-options", "@"),
200 ARGPARSE_header ("Monitor", N_("Options controlling the diagnostic output")),
202 ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
203 ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
204 ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
205 ARGPARSE_s_s (oDebugLevel, "debug-level",
206 N_("|LEVEL|set the debugging level to LEVEL")),
207 ARGPARSE_s_s (oDebug, "debug", "@"),
208 ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
209 ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"),
210 ARGPARSE_s_i (oGnutlsDebug, "tls-debug", "@"),
211 ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
212 ARGPARSE_s_s (oLogFile, "log-file",
213 N_("|FILE|write server mode logs to FILE")),
216 ARGPARSE_header ("Configuration",
217 N_("Options controlling the configuration")),
219 ARGPARSE_s_n (oAllowVersionCheck, "allow-version-check",
220 N_("allow online software version check")),
221 ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"),
222 ARGPARSE_s_i (oMaxReplies, "max-replies",
223 N_("|N|do not return more than N items in one query")),
224 ARGPARSE_s_u (oFakedSystemTime, "faked-system-time", "@"), /*(epoch time)*/
225 ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
226 ARGPARSE_s_s (oIgnoreCert,"ignore-cert", "@"),
227 ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"),
228 ARGPARSE_s_s (oIgnoreCRLExtension,"ignore-crl-extension", "@"),
231 ARGPARSE_header ("Network", N_("Network related options")),
233 ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via Tor")),
234 ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
235 ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
236 ARGPARSE_s_n (oDisableIPv6, "disable-ipv6", "@"),
237 ARGPARSE_s_n (oStandardResolver, "standard-resolver", "@"),
238 ARGPARSE_s_n (oRecursiveResolver, "recursive-resolver", "@"),
239 ARGPARSE_s_i (oResolverTimeout, "resolver-timeout", "@"),
240 ARGPARSE_s_s (oNameServer, "nameserver", "@"),
241 ARGPARSE_s_i (oConnectTimeout, "connect-timeout", "@"),
242 ARGPARSE_s_i (oConnectQuickTimeout, "connect-quick-timeout", "@"),
245 ARGPARSE_header ("HTTP", N_("Configuration for HTTP servers")),
247 ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
248 ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp",
249 N_("ignore HTTP CRL distribution points")),
250 ARGPARSE_s_s (oHTTPProxy, "http-proxy",
251 N_("|URL|redirect all HTTP requests to URL")),
252 ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy",
253 N_("use system's HTTP proxy setting")),
254 ARGPARSE_s_s (oLDAPWrapperProgram, "ldap-wrapper-program", "@"),
256 ARGPARSE_header ("Keyserver", N_("Configuration for OpenPGP servers")),
258 ARGPARSE_s_s (oKeyServer, "keyserver",
259 N_("|URL|use keyserver at URL")),
260 ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
261 N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
263 ARGPARSE_header ("LDAP", N_("Configuration for X.509 servers")),
265 ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")),
266 ARGPARSE_s_n (oIgnoreLDAPDP,"ignore-ldap-dp",
267 N_("ignore LDAP CRL distribution points")),
268 ARGPARSE_s_s (oLDAPProxy, "ldap-proxy",
269 N_("|HOST|use HOST for LDAP queries")),
270 ARGPARSE_s_n (oOnlyLDAPProxy, "only-ldap-proxy",
271 N_("do not use fallback hosts with --ldap-proxy")),
272 ARGPARSE_s_s (oLDAPServer, "ldapserver",
273 N_("|SPEC|use this keyserver to lookup keys")),
274 ARGPARSE_s_s (oLDAPFile, "ldapserverlist-file",
275 N_("|FILE|read LDAP server list from FILE")),
276 ARGPARSE_s_n (oLDAPAddServers, "add-servers",
277 N_("add new servers discovered in CRL distribution"
278 " points to serverlist")),
279 ARGPARSE_s_i (oLDAPTimeout, "ldaptimeout",
280 N_("|N|set LDAP timeout to N seconds")),
281 ARGPARSE_s_s (oFakeCRL, "fake-crl", "@"),
283 ARGPARSE_header ("OCSP", N_("Configuration for OCSP")),
285 ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")),
286 ARGPARSE_s_n (oIgnoreOCSPSvcUrl, "ignore-ocsp-service-url",
287 N_("ignore certificate contained OCSP service URLs")),
288 ARGPARSE_s_s (oOCSPResponder, "ocsp-responder",
289 N_("|URL|use OCSP responder at URL")),
290 ARGPARSE_s_s (oOCSPSigner, "ocsp-signer",
291 N_("|FPR|OCSP response signed by FPR")),
292 ARGPARSE_s_i (oOCSPMaxClockSkew, "ocsp-max-clock-skew", "@"),
293 ARGPARSE_s_i (oOCSPMaxPeriod, "ocsp-max-period", "@"),
294 ARGPARSE_s_i (oOCSPCurrentPeriod, "ocsp-current-period", "@"),
297 ARGPARSE_header (NULL, N_("Other options")),
299 ARGPARSE_s_n (oForce, "force", N_("force loading of outdated CRLs")),
301 ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
302 ARGPARSE_s_n (oDebugCacheExpiredCerts, "debug-cache-expired-certs", "@"),
303 ARGPARSE_s_s (oCompatibilityFlags, "compatibility-flags", "@"),
305 ARGPARSE_header (NULL, ""), /* Stop the header group. */
307 /* Not yet used options. */
308 ARGPARSE_s_n (oBatch, "batch", "@"),
309 ARGPARSE_s_s (oHTTPWrapperProgram, "http-wrapper-program", "@"),
312 ARGPARSE_group (302,N_("@\n(See the \"info\" manual for a complete listing "
313 "of all commands and options)\n")),
318 /* The list of supported debug flags. */
319 static struct debug_flags_s debug_flags [] =
321 { DBG_X509_VALUE , "x509" },
322 { DBG_CRYPTO_VALUE , "crypto" },
323 { DBG_MEMORY_VALUE , "memory" },
324 { DBG_CACHE_VALUE , "cache" },
325 { DBG_MEMSTAT_VALUE, "memstat" },
326 { DBG_HASHING_VALUE, "hashing" },
327 { DBG_IPC_VALUE , "ipc" },
328 { DBG_DNS_VALUE , "dns" },
329 { DBG_NETWORK_VALUE, "network" },
330 { DBG_LOOKUP_VALUE , "lookup" },
331 { DBG_EXTPROG_VALUE, "extprog" },
332 { DBG_KEEPTMP_VALUE, "keeptmp" },
333 { 77, NULL } /* 77 := Do not exit on "help" or "?". */
336 /* The list of compatibility flags. */
337 static struct compatibility_flags_s compatibility_flags [] =
339 { COMPAT_RESTRICT_HTTP_REDIR, "restrict-http-redir" },
344 #define DEFAULT_MAX_REPLIES 10
345 #define DEFAULT_LDAP_TIMEOUT 15 /* seconds */
347 #define DEFAULT_CONNECT_TIMEOUT (15*1000) /* 15 seconds */
348 #define DEFAULT_CONNECT_QUICK_TIMEOUT ( 2*1000) /* 2 seconds */
350 /* For the cleanup handler we need to keep track of the socket's name. */
351 static const char *socket_name;
352 /* If the socket has been redirected, this is the name of the
353 redirected socket.. */
354 static const char *redir_socket_name;
356 /* We need to keep track of the server's nonces (these are dummies for
358 static assuan_sock_nonce_t socket_nonce;
360 /* Value for the listen() backlog argument.
361 * Change at runtime with --listen-backlog. */
362 static int listen_backlog = 64;
364 /* Only if this flag has been set will we remove the socket file. */
365 static int cleanup_socket;
367 /* Keep track of the current log file so that we can avoid updating
368 the log file after a SIGHUP if it didn't changed. Malloced. */
369 static char *current_logfile;
371 /* Helper to implement --debug-level. */
372 static const char *debug_level;
374 /* Helper to set the NTBTLS or GNUTLS log level. */
375 static int opt_gnutls_debug = -1;
377 /* Flag indicating that a shutdown has been requested. */
378 static volatile int shutdown_pending;
380 /* Flags to indicate that we shall not watch our own socket. */
381 static int disable_check_own_socket;
383 /* Flag indicating to start the daemon even if one already runs. */
384 static int steal_socket;
387 /* Flag to control the Tor mode. */
389 { TOR_MODE_AUTO = 0, /* Switch to NO or YES */
390 TOR_MODE_NEVER, /* Never use Tor. */
391 TOR_MODE_NO, /* Do not use Tor */
392 TOR_MODE_YES, /* Use Tor */
393 TOR_MODE_FORCE /* Force using Tor */
397 /* Counter for the active connections. */
398 static int active_connections;
400 /* This flag is set by any network access and used by the housekeeping
401 * thread to run background network tasks. */
402 static int network_activity_seen;
404 /* A list of filenames registered with --hkp-cacert. */
405 static strlist_t hkp_cacert_filenames;
407 /* A flag used to clear the list of ldapservers iff --ldapserver is
408 * given on the command line or one of the conf files. In this case we
409 * want to clear all old specifications through the legacy
410 * dirmngr_ldapservers.conf. */
411 static int ldapserver_list_needs_reset;
413 /* The timer tick used for housekeeping stuff. The second constant is used when a shutdown is pending. */
414 #define TIMERTICK_INTERVAL (60)
415 #define TIMERTICK_INTERVAL_SHUTDOWN (4)
417 /* How oft to run the housekeeping. */
418 #define HOUSEKEEPING_INTERVAL (600)
421 /* This union is used to avoid compiler warnings in case a pointer is
422 64 bit and an int 32 bit. We store an integer in a pointer and get
423 it back later (npth_getspecific et al.). */
433 /* The key used to store the current file descriptor in the thread
434 local storage. We use this in conjunction with the
435 log_set_pid_suffix_cb feature. */
436 #ifndef HAVE_W32_SYSTEM
437 static npth_key_t my_tlskey_current_fd;
441 static void cleanup (void);
443 static ldap_server_t parse_ldapserver_file (const char* filename, int ienoent);
445 static fingerprint_list_t parse_fingerprint_item (const char *string,
446 const char *optionname,
448 static void netactivity_action (void);
449 static void handle_connections (assuan_fd_t listen_fd);
450 static void gpgconf_versions (void);
453 /* NPth wrapper function definitions. */
454 ASSUAN_SYSTEM_NPTH_IMPL;
457 my_strusage( int level )
462 case 9: p = "GPL-3.0-or-later"; break;
463 case 11: p = "@DIRMNGR@ (@GNUPG@)";
465 case 13: p = VERSION; break;
466 case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
467 case 17: p = PRINTABLE_OS_NAME; break;
468 /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
469 reporting address. This is so that we can change the
470 reporting address without breaking the translations. */
471 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
472 case 49: p = PACKAGE_BUGREPORT; break;
474 case 40: p = _("Usage: @DIRMNGR@ [options] (-h for help)");
476 case 41: p = _("Syntax: @DIRMNGR@ [options] [command [args]]\n"
477 "Keyserver, CRL, and OCSP access for @GNUPG@\n");
486 /* Callback from libksba to hash a provided buffer. Our current
487 implementation does only allow SHA-1 for hashing. This may be
488 extended by mapping the name, testing for algorithm availability
489 and adjust the length checks accordingly. */
491 my_ksba_hash_buffer (void *arg, const char *oid,
492 const void *buffer, size_t length, size_t resultsize,
493 unsigned char *result, size_t *resultlen)
497 if (oid && strcmp (oid, "1.3.14.3.2.26"))
498 return gpg_error (GPG_ERR_NOT_SUPPORTED);
500 return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
501 gcry_md_hash_buffer (2, result, buffer, length);
507 /* GNUTLS log function callback. */
508 #ifdef HTTP_USE_GNUTLS
510 my_gnutls_log (int level, const char *text)
515 while (n && text[n-1] == '\n')
518 log_debug ("gnutls:L%d: %.*s\n", level, n, text);
520 #endif /*HTTP_USE_GNUTLS*/
522 /* Setup the debugging. With a LEVEL of NULL only the active debug
523 flags are propagated to the subsystems. With LEVEL set, a specific
524 set of debug flags is set; thus overriding all flags already
529 int numok = (debug_level && digitp (debug_level));
530 int numlvl = numok? atoi (debug_level) : 0;
534 else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
536 else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
537 opt.debug = DBG_IPC_VALUE;
538 else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
539 opt.debug = (DBG_IPC_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE);
540 else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
541 opt.debug = (DBG_IPC_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE
542 |DBG_CACHE_VALUE|DBG_CRYPTO_VALUE);
543 else if (!strcmp (debug_level, "guru") || numok)
546 /* Unless the "guru" string has been used we don't want to allow
547 hashing debugging. The rationale is that people tend to
548 select the highest debug value and would then clutter their
549 disk with debug files which may reveal confidential data. */
551 opt.debug &= ~(DBG_HASHING_VALUE|DBG_KEEPTMP_VALUE);
555 log_error (_("invalid debug-level '%s' given\n"), debug_level);
556 log_info (_("valid debug levels are: %s\n"),
557 "none, basic, advanced, expert, guru");
558 opt.debug = 0; /* Reset debugging, so that prior debug
559 statements won't have an undesired effect. */
563 if (opt.debug && !opt.verbose)
566 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
568 if (opt.debug && opt.quiet)
571 if (opt.debug & DBG_CRYPTO_VALUE )
572 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
575 if (opt_gnutls_debug >= 0)
577 ntbtls_set_debug (opt_gnutls_debug, NULL, NULL);
579 #elif HTTP_USE_GNUTLS
580 if (opt_gnutls_debug >= 0)
582 gnutls_global_set_log_function (my_gnutls_log);
583 gnutls_global_set_log_level (opt_gnutls_debug);
585 #endif /*HTTP_USE_GNUTLS*/
588 parse_debug_flag (NULL, &opt.debug, debug_flags);
595 if (dirmngr_use_tor ())
597 /* Enable Tor mode and when called again force a new circuit
598 * (e.g. on SIGHUP). */
599 enable_dns_tormode (1);
600 if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
602 log_error ("error enabling Tor mode: %s\n", strerror (errno));
603 log_info ("(is your Libassuan recent enough?)\n");
607 disable_dns_tormode ();
611 /* Return true if Tor shall be used. */
613 dirmngr_use_tor (void)
615 if (tor_mode == TOR_MODE_AUTO)
617 /* Figure out whether Tor is running. */
620 sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
621 if (sock == ASSUAN_INVALID_FD)
622 tor_mode = TOR_MODE_NO;
625 tor_mode = TOR_MODE_YES;
626 assuan_sock_close (sock);
630 if (tor_mode == TOR_MODE_FORCE)
631 return 2; /* Use Tor (using 2 to indicate force mode) */
632 else if (tor_mode == TOR_MODE_YES)
633 return 1; /* Use Tor */
635 return 0; /* Do not use Tor. */
639 /* This is somewhat similar to dirmngr_use_tor but avoids a trial
640 * connect and may thus be faster for this special case. */
642 dirmngr_never_use_tor_p (void)
644 return tor_mode == TOR_MODE_NEVER;
649 wrong_args (const char *text)
651 es_fprintf (es_stderr, _("usage: %s [options] "), DIRMNGR_NAME);
652 es_fputs (text, es_stderr);
653 es_putc ('\n', es_stderr);
658 /* Helper to stop the reaper thread for the ldap wrapper. */
660 shutdown_reaper (void)
663 ldap_wrapper_wait_connections ();
668 /* Handle options which are allowed to be reset after program start.
669 Return true if the current option in PARGS could be handled and
670 false if not. As a special feature, passing a value of NULL for
671 PARGS, resets the options to the default. REREAD should be set
672 true if it is not the initial option parsing. */
674 parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
681 opt.ldap_wrapper_program = NULL;
682 opt.disable_http = 0;
683 opt.disable_ldap = 0;
684 opt.honor_http_proxy = 0;
685 opt.http_proxy = NULL;
686 opt.ldap_proxy = NULL;
687 opt.only_ldap_proxy = 0;
688 opt.ignore_http_dp = 0;
689 opt.ignore_ldap_dp = 0;
690 opt.ignore_ocsp_service_url = 0;
692 opt.allow_version_check = 0;
693 opt.ocsp_responder = NULL;
694 opt.ocsp_max_clock_skew = 10 * 60; /* 10 minutes. */
695 opt.ocsp_max_period = 90 * 86400; /* 90 days. */
696 opt.ocsp_current_period = 3 * 60 * 60; /* 3 hours. */
697 opt.max_replies = DEFAULT_MAX_REPLIES;
698 while (opt.ocsp_signer)
700 fingerprint_list_t tmp = opt.ocsp_signer->next;
701 xfree (opt.ocsp_signer);
702 opt.ocsp_signer = tmp;
704 while (opt.ignored_certs)
706 fingerprint_list_t tmp = opt.ignored_certs->next;
707 xfree (opt.ignored_certs);
708 opt.ignored_certs = tmp;
710 FREE_STRLIST (opt.ignored_cert_extensions);
711 FREE_STRLIST (opt.ignored_crl_extensions);
712 http_register_tls_ca (NULL);
713 FREE_STRLIST (hkp_cacert_filenames);
714 FREE_STRLIST (opt.keyserver);
715 /* Note: We do not allow resetting of TOR_MODE_FORCE at runtime. */
716 if (tor_mode != TOR_MODE_FORCE)
717 tor_mode = TOR_MODE_AUTO;
718 disable_check_own_socket = 0;
719 enable_standard_resolver (0);
721 opt.connect_timeout = 0;
722 opt.connect_quick_timeout = 0;
723 opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
724 ldapserver_list_needs_reset = 1;
725 opt.debug_cache_expired_certs = 0;
726 xfree (opt.fake_crl);
728 opt.compat_flags = 0;
732 switch (pargs->r_opt)
734 case oQuiet: opt.quiet = 1; break;
735 case oVerbose: opt.verbose++; break;
737 parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags);
739 case oDebugAll: opt.debug = ~0; break;
740 case oDebugLevel: debug_level = pargs->r.ret_str; break;
741 case oGnutlsDebug: opt_gnutls_debug = pargs->r.ret_int; break;
745 return 0; /* Not handled. */
746 if (!current_logfile || !pargs->r.ret_str
747 || strcmp (current_logfile, pargs->r.ret_str))
749 log_set_file (pargs->r.ret_str);
750 xfree (current_logfile);
751 current_logfile = xtrystrdup (pargs->r.ret_str);
755 case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
757 case oLDAPWrapperProgram:
758 opt.ldap_wrapper_program = pargs->r.ret_str;
760 case oHTTPWrapperProgram:
761 opt.http_wrapper_program = pargs->r.ret_str;
764 case oDisableHTTP: opt.disable_http = 1; break;
765 case oDisableLDAP: opt.disable_ldap = 1; break;
766 case oDisableIPv4: opt.disable_ipv4 = 1; break;
767 case oDisableIPv6: opt.disable_ipv6 = 1; break;
768 case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
769 case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
770 case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
771 case oOnlyLDAPProxy: opt.only_ldap_proxy = 1; break;
772 case oIgnoreHTTPDP: opt.ignore_http_dp = 1; break;
773 case oIgnoreLDAPDP: opt.ignore_ldap_dp = 1; break;
774 case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break;
776 case oAllowOCSP: opt.allow_ocsp = 1; break;
777 case oAllowVersionCheck: opt.allow_version_check = 1; break;
778 case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
780 opt.ocsp_signer = parse_fingerprint_item (pargs->r.ret_str,
783 case oOCSPMaxClockSkew: opt.ocsp_max_clock_skew = pargs->r.ret_int; break;
784 case oOCSPMaxPeriod: opt.ocsp_max_period = pargs->r.ret_int; break;
785 case oOCSPCurrentPeriod: opt.ocsp_current_period = pargs->r.ret_int; break;
787 case oMaxReplies: opt.max_replies = pargs->r.ret_int; break;
791 /* We need to register the filenames with gnutls (http.c) and
792 * also for our own cert cache. */
795 /* Do tilde expansion and make path absolute. */
796 tmpname = make_absfilename (pargs->r.ret_str, NULL);
797 http_register_tls_ca (tmpname);
798 add_to_strlist (&hkp_cacert_filenames, pargs->r.ret_str);
805 fingerprint_list_t item, r;
806 item = parse_fingerprint_item (pargs->r.ret_str, "--ignore-cert", 20);
809 if (!opt.ignored_certs)
810 opt.ignored_certs = item;
813 for (r = opt.ignored_certs; r->next; r = r->next)
821 case oIgnoreCertExtension:
822 add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
825 case oIgnoreCRLExtension:
826 add_to_strlist (&opt.ignored_crl_extensions, pargs->r.ret_str);
830 tor_mode = TOR_MODE_FORCE;
833 if (tor_mode != TOR_MODE_FORCE)
834 tor_mode = TOR_MODE_NEVER;
837 case oStandardResolver: enable_standard_resolver (1); break;
838 case oRecursiveResolver: enable_recursive_resolver (1); break;
843 ldap_server_t server;
846 p = pargs->r.ret_str;
847 if (!strncmp (p, "ldap:", 5) && !(p[5] == '/' && p[6] == '/'))
850 server = ldapserver_parse_one (p, NULL, 0);
853 if (ldapserver_list_needs_reset)
855 ldapserver_list_needs_reset = 0;
856 ldapserver_list_free (opt.ldapservers);
857 opt.ldapservers = NULL;
859 server->next = opt.ldapservers;
860 opt.ldapservers = server;
867 if (*pargs->r.ret_str)
868 add_to_strlist (&opt.keyserver, pargs->r.ret_str);
872 set_dns_nameserver (pargs->r.ret_str);
875 case oResolverTimeout:
876 set_dns_timeout (pargs->r.ret_int);
879 case oConnectTimeout:
880 opt.connect_timeout = pargs->r.ret_ulong * 1000;
883 case oConnectQuickTimeout:
884 opt.connect_quick_timeout = pargs->r.ret_ulong * 1000;
888 opt.ldaptimeout = pargs->r.ret_int;
891 case oDebugCacheExpiredCerts:
892 opt.debug_cache_expired_certs = 0;
896 xfree (opt.fake_crl);
897 opt.fake_crl = *pargs->r.ret_str? xstrdup (pargs->r.ret_str) : NULL;
900 case oCompatibilityFlags:
901 if (parse_compatibility_flags (pargs->r.ret_str, &opt.compat_flags,
902 compatibility_flags))
904 pargs->r_opt = ARGPARSE_INVALID_ARG;
905 pargs->err = ARGPARSE_PRINT_WARNING;
910 return 0; /* Not handled. */
913 set_dns_verbose (opt.verbose, !!DBG_DNS);
914 http_set_verbose (opt.verbose, !!DBG_NETWORK);
915 set_dns_disable_ipv4 (opt.disable_ipv4);
916 set_dns_disable_ipv6 (opt.disable_ipv6);
918 return 1; /* Handled. */
922 /* This function is called after option parsing to adjust some values
923 * and call option setup functions. */
925 post_option_parsing (enum cmd_and_opt_values cmd)
927 /* It would be too surpirsing if the quick timeout is larger than
928 * the standard value. */
929 if (opt.connect_quick_timeout > opt.connect_timeout)
930 opt.connect_quick_timeout = opt.connect_timeout;
933 /* For certain commands we do not want to set/test for Tor mode
934 * because that is somewhat expensive. */
939 case aGPGConfVersions:
948 #ifndef HAVE_W32_SYSTEM
950 pid_suffix_callback (unsigned long *r_suffix)
952 union int_and_ptr_u value;
954 memset (&value, 0, sizeof value);
955 value.aptr = npth_getspecific (my_tlskey_current_fd);
956 *r_suffix = value.aint;
957 return (*r_suffix != -1); /* Use decimal representation. */
959 #endif /*!HAVE_W32_SYSTEM*/
963 my_ntbtls_log_handler (void *opaque, int level, const char *fmt, va_list argv)
968 log_logv_prefix (GPGRT_LOGLVL_INFO, "ntbtls: ", fmt, argv);
972 snprintf (prefix, sizeof prefix, "ntbtls(%d): ", level);
973 log_logv_prefix (GPGRT_LOGLVL_DEBUG, prefix, fmt, argv);
983 assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
984 gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
986 /* Now with NPth running we can set the logging callback. Our
987 windows implementation does not yet feature the NPth TLS
989 #ifndef HAVE_W32_SYSTEM
990 if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
991 if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
992 log_set_pid_suffix_cb (pid_suffix_callback);
993 #endif /*!HAVE_W32_SYSTEM*/
998 main (int argc, char **argv)
1000 enum cmd_and_opt_values cmd = 0;
1001 gpgrt_argparse_t pargs;
1004 char *last_configname = NULL;
1005 const char *configname = NULL;
1007 int debug_argparser = 0;
1012 char *logfile = NULL;
1014 char *ldapfile = NULL;
1018 struct assuan_malloc_hooks malloc_hooks;
1020 early_system_init ();
1021 gpgrt_set_strusage (my_strusage);
1022 log_set_prefix (DIRMNGR_NAME, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_PID);
1024 /* Make sure that our subsystems are ready. */
1026 init_common_subsystems (&argc, &argv);
1028 gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
1030 /* Check that the libraries are suitable. Do it here because
1031 the option parsing may need services of the libraries. */
1032 if (!ksba_check_version (NEED_KSBA_VERSION) )
1033 log_fatal( _("%s is too old (need %s, have %s)\n"), "libksba",
1034 NEED_KSBA_VERSION, ksba_check_version (NULL) );
1036 ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
1037 ksba_set_hash_buffer_function (my_ksba_hash_buffer, NULL);
1039 /* Init TLS library. */
1041 if (!ntbtls_check_version (NEED_NTBTLS_VERSION) )
1042 log_fatal( _("%s is too old (need %s, have %s)\n"), "ntbtls",
1043 NEED_NTBTLS_VERSION, ntbtls_check_version (NULL) );
1044 #elif HTTP_USE_GNUTLS
1045 rc = gnutls_global_init ();
1047 log_fatal ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
1048 #endif /*HTTP_USE_GNUTLS*/
1051 malloc_hooks.malloc = gcry_malloc;
1052 malloc_hooks.realloc = gcry_realloc;
1053 malloc_hooks.free = gcry_free;
1054 assuan_set_malloc_hooks (&malloc_hooks);
1055 assuan_set_assuan_log_prefix (log_get_prefix (NULL));
1056 assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
1057 assuan_sock_init ();
1058 setup_libassuan_logging (&opt.debug, dirmngr_assuan_log_monitor);
1060 setup_libgcrypt_logging ();
1063 ntbtls_set_log_handler (my_ntbtls_log_handler, NULL);
1066 /* Setup defaults. */
1067 shell = getenv ("SHELL");
1068 if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
1071 /* Reset rereadable options to default values. */
1072 parse_rereadable_options (NULL, 0);
1074 /* Default TCP timeouts. */
1075 opt.connect_timeout = DEFAULT_CONNECT_TIMEOUT;
1076 opt.connect_quick_timeout = DEFAULT_CONNECT_QUICK_TIMEOUT;
1078 /* LDAP defaults. */
1079 opt.add_new_ldapservers = 0;
1080 opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
1082 /* Other defaults. */
1084 /* Check whether we have a config file given on the commandline */
1089 pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
1090 while (gpgrt_argparse (NULL, &pargs, opts))
1092 switch (pargs.r_opt)
1099 gnupg_set_homedir (pargs.r.ret_str);
1103 /* Reset the flags. */
1104 pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
1106 socket_name = dirmngr_socket_name ();
1108 /* The configuraton directories for use by gpgrt_argparser. */
1109 gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
1110 gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
1112 /* We are re-using the struct, thus the reset flag. We OR the
1113 * flags so that the internal intialized flag won't be cleared. */
1118 pargs.flags |= (ARGPARSE_FLAG_RESET
1119 | ARGPARSE_FLAG_KEEP
1121 | ARGPARSE_FLAG_USER);
1122 while (gpgrt_argparser (&pargs, opts, DIRMNGR_NAME EXTSEP_S "conf"))
1124 if (pargs.r_opt == ARGPARSE_CONFFILE)
1126 if (debug_argparser)
1127 log_info (_("reading options from '%s'\n"),
1128 pargs.r_type? pargs.r.ret_str: "[cmdline]");
1131 xfree (last_configname);
1132 last_configname = xstrdup (pargs.r.ret_str);
1133 configname = last_configname;
1139 if (parse_rereadable_options (&pargs, 0))
1140 continue; /* Already handled */
1141 switch (pargs.r_opt)
1153 case aGPGConfVersions:
1157 case oQuiet: opt.quiet = 1; break;
1158 case oVerbose: opt.verbose++; break;
1159 case oBatch: opt.batch=1; break;
1161 case oDebugWait: debug_wait = pargs.r.ret_int; break;
1163 case oNoGreeting: nogreeting = 1; break;
1164 case oNoVerbose: opt.verbose = 0; break;
1165 case oHomedir: /* Ignore this option here. */; break;
1166 case oNoDetach: nodetach = 1; break;
1167 case oStealSocket: steal_socket = 1; break;
1168 case oLogFile: logfile = pargs.r.ret_str; break;
1169 case oCsh: csh_style = 1; break;
1170 case oSh: csh_style = 0; break;
1173 ldapfile = pargs.r.ret_str;
1174 # endif /*USE_LDAP*/
1176 case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
1178 case oFakedSystemTime:
1179 gnupg_set_time ((time_t)pargs.r.ret_ulong, 0);
1182 case oForce: opt.force = 1; break;
1184 case oSocketName: socket_name = pargs.r.ret_str; break;
1186 case oListenBacklog:
1187 listen_backlog = pargs.r.ret_int;
1192 pargs.err = ARGPARSE_PRINT_WARNING;
1194 pargs.err = ARGPARSE_PRINT_ERROR;
1198 gpgrt_argparse (NULL, &pargs, NULL); /* Release internal state. */
1200 if (!last_configname)
1201 opt.config_filename = gpgrt_fnameconcat (gnupg_homedir (),
1202 DIRMNGR_NAME EXTSEP_S "conf",
1206 opt.config_filename = last_configname;
1207 last_configname = NULL;
1210 if (log_get_errorcount(0))
1213 /* Get a default log file from common.conf. */
1214 if (!logfile && !parse_comopt (GNUPG_MODULE_NAME_DIRMNGR, debug_argparser))
1216 logfile = comopt.logfile;
1217 comopt.logfile = NULL;
1223 if (!opt.homedir_cache)
1224 opt.homedir_cache = xstrdup (gnupg_homedir ());
1228 es_fprintf (es_stderr, "%s %s; %s\n",
1229 gpgrt_strusage(11), gpgrt_strusage(13), gpgrt_strusage(14));
1230 es_fprintf (es_stderr, "%s\n", gpgrt_strusage(15));
1233 #ifdef IS_DEVELOPMENT_VERSION
1234 log_info ("NOTE: this is a development version!\n");
1237 /* Print a warning if an argument looks like an option. */
1238 if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
1242 for (i=0; i < argc; i++)
1243 if (argv[i][0] == '-' && argv[i][1] == '-')
1244 log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
1247 if (!gnupg_access ("/etc/"DIRMNGR_NAME, F_OK)
1248 && !strncmp (gnupg_homedir (), "/etc/", 5))
1250 ("NOTE: DirMngr is now a proper part of %s. The configuration and"
1251 " other directory names changed. Please check that no other version"
1252 " of dirmngr is still installed. To disable this warning, remove the"
1253 " directory '/etc/dirmngr'.\n", GNUPG_NAME);
1255 if (gnupg_faked_time_p ())
1257 gnupg_isotime_t tbuf;
1259 log_info (_("WARNING: running with faked system time: "));
1260 gnupg_get_isotime (tbuf);
1261 dump_isotime (tbuf);
1265 post_option_parsing (cmd);
1267 /* Get LDAP server list from file unless --ldapserver has been used. */
1269 if (opt.ldapservers)
1273 ldapfile = make_filename (gnupg_homedir (),
1274 "dirmngr_ldapservers.conf",
1276 opt.ldapservers = parse_ldapserver_file (ldapfile, 1);
1280 opt.ldapservers = parse_ldapserver_file (ldapfile, 0);
1283 #ifndef HAVE_W32_SYSTEM
1284 /* We need to ignore the PIPE signal because the we might log to a
1285 socket and that code handles EPIPE properly. The ldap wrapper
1286 also requires us to ignore this silly signal. Assuan would set
1287 this signal to ignore anyway.*/
1288 signal (SIGPIPE, SIG_IGN);
1291 /* Ready. Now to our duties. */
1298 /* Note that this server mode is mainly useful for debugging. */
1300 wrong_args ("--server");
1304 log_set_file (logfile);
1305 log_set_prefix (NULL, GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
1310 log_debug ("waiting for debugger - my pid is %u .....\n",
1311 (unsigned int)getpid());
1312 gnupg_sleep (debug_wait);
1313 log_debug ("... okay\n");
1318 cert_cache_init (hkp_cacert_filenames);
1321 http_register_netactivity_cb (netactivity_action);
1322 start_command_handler (ASSUAN_INVALID_FD, 0);
1325 #ifndef HAVE_W32_SYSTEM
1326 else if (cmd == aSupervised)
1328 struct stat statbuf;
1331 log_info(_("WARNING: \"%s\" is a deprecated option\n"), "--supervised");
1333 /* In supervised mode, we expect file descriptor 3 to be an
1334 already opened, listening socket.
1336 We will also not detach from the controlling process or close
1337 stderr; the supervisor should handle all of that. */
1338 if (fstat (3, &statbuf) == -1 && errno == EBADF)
1340 log_error ("file descriptor 3 must be validin --supervised mode\n");
1343 socket_name = gnupg_get_socket_name (3);
1345 /* Now start with logging to a file if this is desired. */
1348 log_set_file (logfile);
1349 log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
1350 |GPGRT_LOG_WITH_TIME
1351 |GPGRT_LOG_WITH_PID));
1352 current_logfile = xstrdup (logfile);
1355 log_set_prefix (NULL, 0);
1358 cert_cache_init (hkp_cacert_filenames);
1361 http_register_netactivity_cb (netactivity_action);
1362 handle_connections (3);
1365 #endif /*HAVE_W32_SYSTEM*/
1366 else if (cmd == aDaemon)
1371 struct sockaddr_un serv_addr;
1374 wrong_args ("--daemon");
1376 /* Now start with logging to a file if this is desired. */
1379 log_set_file (logfile);
1380 log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
1381 |GPGRT_LOG_WITH_TIME
1382 |GPGRT_LOG_WITH_PID));
1383 current_logfile = xstrdup (logfile);
1388 log_debug ("waiting for debugger - my pid is %u .....\n",
1389 (unsigned int)getpid());
1390 gnupg_sleep (debug_wait);
1391 log_debug ("... okay\n");
1394 #ifndef HAVE_W32_SYSTEM
1395 if (strchr (socket_name, ':'))
1397 log_error (_("colons are not allowed in the socket name\n"));
1401 fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
1402 if (fd == ASSUAN_INVALID_FD)
1404 log_error (_("can't create socket: %s\n"), strerror (errno));
1412 if (assuan_sock_set_sockaddr_un (socket_name,
1413 (struct sockaddr*)&serv_addr,
1416 if (errno == ENAMETOOLONG)
1417 log_error (_("socket name '%s' is too long\n"), socket_name);
1419 log_error ("error preparing socket '%s': %s\n",
1421 gpg_strerror (gpg_error_from_syserror ()));
1426 redir_socket_name = xstrdup (serv_addr.sun_path);
1428 log_info ("redirecting socket '%s' to '%s'\n",
1429 socket_name, redir_socket_name);
1433 len = SUN_LEN (&serv_addr);
1435 rc = assuan_sock_bind (fd, (struct sockaddr*) &serv_addr, len);
1437 && (errno == EADDRINUSE
1438 #ifdef HAVE_W32_SYSTEM
1443 /* Fixme: We should actually test whether a dirmngr is
1444 * already running. For now the steal option is a dummy. */
1445 /* if (steal_socket) */
1446 /* log_info (N_("trying to steal socket from running %s\n"), */
1448 gnupg_remove (redir_socket_name? redir_socket_name : socket_name);
1449 rc = assuan_sock_bind (fd, (struct sockaddr*) &serv_addr, len);
1452 && (rc = assuan_sock_get_nonce ((struct sockaddr*) &serv_addr, len, &socket_nonce)))
1453 log_error (_("error getting nonce for the socket\n"));
1456 log_error (_("error binding socket to '%s': %s\n"),
1458 gpg_strerror (gpg_error_from_syserror ()));
1459 assuan_sock_close (fd);
1464 if (gnupg_chmod (serv_addr.sun_path, "-rwx"))
1465 log_error (_("can't set permissions of '%s': %s\n"),
1466 serv_addr.sun_path, strerror (errno));
1468 if (listen (FD2INT (fd), listen_backlog) == -1)
1470 log_error ("listen(fd,%d) failed: %s\n",
1471 listen_backlog, strerror (errno));
1472 assuan_sock_close (fd);
1477 log_info (_("listening on socket '%s'\n"), serv_addr.sun_path);
1481 /* Note: We keep the dirmngr_info output only for the sake of
1482 existing scripts which might use this to detect a successful
1483 start of the dirmngr. */
1484 #ifdef HAVE_W32_SYSTEM
1489 es_printf ("set %s=%s;%lu;1\n",
1490 DIRMNGR_INFO_NAME, socket_name, (ulong) pid);
1493 if (pid == (pid_t)-1)
1495 log_fatal (_("error forking process: %s\n"), strerror (errno));
1500 { /* We are the parent */
1503 /* Don't let cleanup() remove the socket - the child is
1504 responsible for doing that. */
1509 /* Create the info string: <name>:<pid>:<protocol_version> */
1510 if (asprintf (&infostr, "%s=%s:%lu:1",
1511 DIRMNGR_INFO_NAME, serv_addr.sun_path, (ulong)pid ) < 0)
1513 log_error (_("out of core\n"));
1514 kill (pid, SIGTERM);
1517 /* Print the environment string, so that the caller can use
1518 shell's eval to set it. But see above. */
1521 *strchr (infostr, '=') = ' ';
1522 es_printf ( "setenv %s;\n", infostr);
1526 es_printf ( "%s; export %s;\n", infostr, DIRMNGR_INFO_NAME);
1538 /* Detach from tty and put process into a new session */
1542 unsigned int oldflags;
1544 /* Close stdin, stdout and stderr unless it is the log stream */
1545 for (i=0; i <= 2; i++)
1547 if (!log_test_fd (i) && i != fd )
1550 && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
1552 log_error ("failed to open '%s': %s\n",
1553 "/dev/null", strerror (errno));
1562 log_error ("setsid() failed: %s\n", strerror(errno) );
1566 log_get_prefix (&oldflags);
1567 log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
1568 opt.running_detached = 1;
1575 if (gnupg_chdir (gnupg_daemon_rootdir ()))
1577 log_error ("chdir to '%s' failed: %s\n",
1578 gnupg_daemon_rootdir (), strerror (errno));
1584 cert_cache_init (hkp_cacert_filenames);
1587 http_register_netactivity_cb (netactivity_action);
1588 handle_connections (fd);
1591 else if (cmd == aListCRLs)
1593 /* Just list the CRL cache and exit. */
1595 wrong_args ("--list-crls");
1597 crl_cache_list (es_stdout);
1599 else if (cmd == aLoadCRL)
1601 struct server_control_s ctrlbuf;
1603 memset (&ctrlbuf, 0, sizeof ctrlbuf);
1604 dirmngr_init_default_ctrl (&ctrlbuf);
1607 cert_cache_init (hkp_cacert_filenames);
1611 rc = crl_cache_load (&ctrlbuf, NULL);
1614 for (; !rc && argc; argc--, argv++)
1615 rc = crl_cache_load (&ctrlbuf, *argv);
1617 dirmngr_deinit_default_ctrl (&ctrlbuf);
1619 else if (cmd == aFetchCRL)
1621 ksba_reader_t reader;
1622 struct server_control_s ctrlbuf;
1625 wrong_args ("--fetch-crl URL");
1627 memset (&ctrlbuf, 0, sizeof ctrlbuf);
1628 dirmngr_init_default_ctrl (&ctrlbuf);
1631 cert_cache_init (hkp_cacert_filenames);
1634 rc = crl_fetch (&ctrlbuf, argv[0], &reader);
1636 log_error (_("fetching CRL from '%s' failed: %s\n"),
1637 argv[0], gpg_strerror (rc));
1640 rc = crl_cache_insert (&ctrlbuf, argv[0], reader);
1642 log_error (_("processing CRL from '%s' failed: %s\n"),
1643 argv[0], gpg_strerror (rc));
1644 crl_close_reader (reader);
1646 dirmngr_deinit_default_ctrl (&ctrlbuf);
1648 else if (cmd == aFlush)
1650 /* Delete cache and exit. */
1652 wrong_args ("--flush");
1653 rc = crl_cache_flush();
1655 else if (cmd == aGPGConfTest)
1657 else if (cmd == aGPGConfList)
1659 unsigned long flags = 0;
1662 es_printf ("debug-level:%lu:\"none\n", flags | GC_OPT_FLAG_DEFAULT);
1663 es_printf ("ldaptimeout:%lu:%u\n",
1664 flags | GC_OPT_FLAG_DEFAULT, DEFAULT_LDAP_TIMEOUT);
1665 es_printf ("max-replies:%lu:%u\n",
1666 flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES);
1668 filename_esc = percent_escape (get_default_keyserver (0), NULL);
1669 es_printf ("keyserver:%lu:\"%s:\n", flags | GC_OPT_FLAG_DEFAULT,
1671 xfree (filename_esc);
1673 es_printf ("resolver-timeout:%lu:%u\n",
1674 flags | GC_OPT_FLAG_DEFAULT, 0);
1676 else if (cmd == aGPGConfVersions)
1677 gpgconf_versions ();
1687 crl_cache_deinit ();
1688 cert_cache_deinit (1);
1689 reload_dns_stuff (1);
1692 ldapserver_list_free (opt.ldapservers);
1694 opt.ldapservers = NULL;
1699 if (redir_socket_name)
1700 gnupg_remove (redir_socket_name);
1701 else if (socket_name && *socket_name)
1702 gnupg_remove (socket_name);
1708 dirmngr_exit (int rc)
1716 dirmngr_init_default_ctrl (ctrl_t ctrl)
1718 ctrl->magic = SERVER_CONTROL_MAGIC;
1720 ctrl->http_proxy = xstrdup (opt.http_proxy);
1721 ctrl->http_no_crl = 1;
1722 ctrl->timeout = opt.connect_timeout;
1727 dirmngr_deinit_default_ctrl (ctrl_t ctrl)
1731 ctrl->magic = 0xdeadbeef;
1733 xfree (ctrl->http_proxy);
1734 ctrl->http_proxy = NULL;
1735 nvc_release (ctrl->rootdse);
1736 ctrl->rootdse = NULL;
1740 /* Create a list of LDAP servers from the file FILENAME. Returns the
1741 list or NULL in case of errors.
1743 The format of such a file is line oriented where empty lines and
1744 lines starting with a hash mark are ignored. All other lines are
1745 assumed to be colon seprated with these fields:
1748 2. field: Portnumber
1755 static ldap_server_t
1756 parse_ldapserver_file (const char* filename, int ignore_enoent)
1760 ldap_server_t server, serverstart, *serverend;
1762 unsigned int lineno = 0;
1765 fp = es_fopen (filename, "r");
1768 if (ignore_enoent && gpg_err_code_from_syserror () == GPG_ERR_ENOENT)
1771 log_info ("failed to open '%s': %s\n", filename, strerror (errno));
1776 serverend = &serverstart;
1777 while (es_fgets (buffer, sizeof buffer, fp))
1780 if (!*buffer || buffer[strlen(buffer)-1] != '\n')
1782 if (*buffer && es_feof (fp))
1783 ; /* Last line not terminated - continue. */
1786 log_error (_("%s:%u: line too long - skipped\n"),
1788 while ( (c=es_fgetc (fp)) != EOF && c != '\n')
1789 ; /* Skip until end of line. */
1793 /* Skip empty and comment lines.*/
1794 for (p=buffer; spacep (p); p++)
1796 if (!*p || *p == '\n' || *p == '#')
1799 /* Parse the colon separated fields. */
1800 server = ldapserver_parse_one (buffer, filename, lineno);
1803 *serverend = server;
1804 serverend = &server->next;
1809 log_error (_("error reading '%s': %s\n"), filename, strerror (errno));
1817 /* Parse a fingerprint entry as used by --ocsc-signer. OPTIONNAME as
1818 * a description on the options used. WANT_BINARY requests to store a
1819 * binary fingerprint. Returns NULL on error and logs that error. */
1820 static fingerprint_list_t
1821 parse_fingerprint_item (const char *string,
1822 const char *optionname, int want_binary)
1829 fingerprint_list_t list, *list_tail, item;
1830 unsigned int lnr = 0;
1835 /* Check whether this is not a filename and treat it as a direct
1836 fingerprint specification. */
1837 if (!strpbrk (string, "/.~\\"))
1839 item = xcalloc (1, sizeof *item);
1840 for (i=j=0; (string[i] == ':' || hexdigitp (string+i)) && j < 40; i++)
1841 if ( string[i] != ':' )
1842 item->hexfpr[j++] = string[i] >= 'a'? (string[i] & 0xdf): string[i];
1843 item->hexfpr[j] = 0;
1844 if (j != 40 || !(spacep (string+i) || !string[i]))
1846 log_error (_("%s:%u: invalid fingerprint detected\n"),
1854 hex2bin (item->hexfpr, item->hexfpr, 20);
1859 /* Well, it is a filename. */
1860 if (*string == '/' || (*string == '~' && string[1] == '/'))
1861 fname = make_filename (string, NULL);
1864 if (string[0] == '.' && string[1] == '/' )
1866 fname = make_filename (gnupg_homedir (), string, NULL);
1869 fp = es_fopen (fname, "r");
1872 err = gpg_error_from_syserror ();
1873 log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
1882 if (!es_fgets (line, DIM(line)-1, fp) )
1886 err = gpg_error_from_syserror ();
1887 log_error (_("%s:%u: read error: %s\n"),
1888 fname, lnr, gpg_strerror (err));
1896 fingerprint_list_t tmp = list->next;
1902 return list; /* Ready. */
1906 if (!*line || line[strlen(line)-1] != '\n')
1908 /* Eat until end of line. */
1909 while ( (c=es_getc (fp)) != EOF && c != '\n')
1911 err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG
1912 /* */: GPG_ERR_INCOMPLETE_LINE);
1913 log_error (_("%s:%u: read error: %s\n"),
1914 fname, lnr, gpg_strerror (err));
1919 /* Allow for empty lines and spaces */
1920 for (p=line; spacep (p); p++)
1922 if (!*p || *p == '\n' || *p == '#')
1925 item = xcalloc (1, sizeof *item);
1927 list_tail = &item->next;
1929 for (i=j=0; (p[i] == ':' || hexdigitp (p+i)) && j < 40; i++)
1931 item->hexfpr[j++] = p[i] >= 'a'? (p[i] & 0xdf): p[i];
1932 item->hexfpr[j] = 0;
1933 if (j != 40 || !(spacep (p+i) || p[i] == '\n'))
1935 log_error (_("%s:%u: invalid fingerprint detected\n"), fname, lnr);
1938 else if (want_binary)
1941 hex2bin (item->hexfpr, item->hexfpr, 20);
1945 while (spacep (p+i))
1947 if (p[i] && p[i] != '\n')
1948 log_info (_("%s:%u: garbage at end of line ignored\n"), fname, lnr);
1957 Stuff used in daemon mode.
1962 /* Reread parts of the configuration. Note, that this function is
1963 obviously not thread-safe and should only be called from the NPTH
1966 Fixme: Due to the way the argument parsing works, we create a
1967 memory leak here for all string type arguments. There is currently
1968 no clean way to tell whether the memory for the argument has been
1969 allocated or points into the process's original arguments. Unless
1970 we have a mechanism to tell this, we need to live on with this. */
1972 reread_configuration (void)
1974 gpgrt_argparse_t pargs;
1977 int logfile_seen = 0;
1979 if (!opt.config_filename)
1980 goto finish; /* No config file. */
1982 twopart = strconcat (DIRMNGR_NAME EXTSEP_S "conf" PATHSEP_S,
1983 opt.config_filename, NULL);
1985 return; /* Out of core. */
1987 parse_rereadable_options (NULL, 1); /* Start from the default values. */
1989 memset (&pargs, 0, sizeof pargs);
1991 pargs.argc = &dummy;
1992 pargs.flags = (ARGPARSE_FLAG_KEEP
1994 |ARGPARSE_FLAG_USER);
1995 while (gpgrt_argparser (&pargs, opts, twopart))
1997 if (pargs.r_opt == ARGPARSE_CONFFILE)
1999 log_info (_("reading options from '%s'\n"),
2000 pargs.r_type? pargs.r.ret_str: "[cmdline]");
2002 else if (pargs.r_opt < -1)
2003 pargs.err = ARGPARSE_PRINT_WARNING;
2004 else /* Try to parse this option - ignore unchangeable ones. */
2006 if (pargs.r_opt == oLogFile)
2008 parse_rereadable_options (&pargs, 1);
2011 gpgrt_argparse (NULL, &pargs, NULL); /* Release internal state. */
2013 post_option_parsing (0);
2016 /* Get a default log file from common.conf. */
2017 if (!logfile_seen && !parse_comopt (GNUPG_MODULE_NAME_DIRMNGR, !!opt.debug))
2019 if (!current_logfile || !comopt.logfile
2020 || strcmp (current_logfile, comopt.logfile))
2022 log_set_file (comopt.logfile);
2023 xfree (current_logfile);
2024 current_logfile = comopt.logfile? xtrystrdup (comopt.logfile) : NULL;
2030 /* A global function which allows us to trigger the reload stuff from
2033 dirmngr_sighup_action (void)
2035 log_info (_("SIGHUP received - "
2036 "re-reading configuration and flushing caches\n"));
2037 reread_configuration ();
2039 cert_cache_deinit (0);
2040 crl_cache_deinit ();
2041 cert_cache_init (hkp_cacert_filenames);
2043 reload_dns_stuff (0);
2048 /* This function is called if some network activity was done. At this
2049 * point we know the we have a network and we can decide whether to
2050 * run scheduled background tasks soon. The function should return
2051 * quickly and only trigger actions for another thread. */
2053 netactivity_action (void)
2055 network_activity_seen = 1;
2059 /* The signal handler. */
2060 #ifndef HAVE_W32_SYSTEM
2062 handle_signal (int signo)
2067 dirmngr_sighup_action ();
2071 /* See also cmd_getinfo:"stats". */
2072 cert_cache_print_stats (NULL);
2073 domaininfo_print_stats (NULL);
2077 log_info (_("SIGUSR2 received - no action defined\n"));
2081 if (!shutdown_pending)
2082 log_info (_("SIGTERM received - shutting down ...\n"));
2084 log_info (_("SIGTERM received - still %d active connections\n"),
2085 active_connections);
2087 if (shutdown_pending > 2)
2089 log_info (_("shutdown forced\n"));
2090 log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
2097 log_info (_("SIGINT received - immediate shutdown\n"));
2098 log_info( "%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
2104 log_info (_("signal %d received - no action defined\n"), signo);
2107 #endif /*!HAVE_W32_SYSTEM*/
2110 /* Thread to do the housekeeping. */
2112 housekeeping_thread (void *arg)
2114 static int sentinel;
2116 struct server_control_s ctrlbuf;
2120 curtime = gnupg_get_time ();
2123 log_info ("housekeeping is already going on\n");
2127 if (opt.verbose > 1)
2128 log_info ("starting housekeeping\n");
2130 memset (&ctrlbuf, 0, sizeof ctrlbuf);
2131 dirmngr_init_default_ctrl (&ctrlbuf);
2133 dns_stuff_housekeeping ();
2134 ks_hkp_housekeeping (curtime);
2135 if (network_activity_seen)
2137 network_activity_seen = 0;
2138 if (opt.allow_version_check)
2139 dirmngr_load_swdb (&ctrlbuf, 0);
2140 workqueue_run_global_tasks (&ctrlbuf, 1);
2143 workqueue_run_global_tasks (&ctrlbuf, 0);
2145 dirmngr_deinit_default_ctrl (&ctrlbuf);
2147 if (opt.verbose > 1)
2148 log_info ("ready with housekeeping\n");
2155 /* We try to enable correct overflow handling for signed int (commonly
2156 * used for time_t). With gcc 4.2 -fno-strict-overflow was introduced
2157 * and used here as a pragma. Later gcc versions (gcc 6?) removed
2158 * this as a pragma and -fwrapv was then suggested as a replacement
2159 * for -fno-strict-overflow. */
2160 #if GPGRT_HAVE_PRAGMA_GCC_PUSH
2161 # pragma GCC push_options
2162 # pragma GCC optimize ("wrapv")
2165 time_for_housekeeping_p (time_t curtime)
2167 static time_t last_housekeeping;
2169 if (!last_housekeeping)
2170 last_housekeeping = curtime;
2172 if (last_housekeeping + HOUSEKEEPING_INTERVAL <= curtime
2173 || last_housekeeping > curtime /*(be prepared for y2038)*/)
2175 last_housekeeping = curtime;
2180 #if GPGRT_HAVE_PRAGMA_GCC_PUSH
2181 # pragma GCC pop_options
2185 /* This is the worker for the ticker. It is called every few seconds
2186 and may only do fast operations. */
2190 struct stat statbuf;
2192 if (time_for_housekeeping_p (gnupg_get_time ()))
2198 err = npth_attr_init (&tattr);
2200 log_error ("error preparing housekeeping thread: %s\n", strerror (err));
2203 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
2204 err = npth_create (&thread, &tattr, housekeeping_thread, NULL);
2206 log_error ("error spawning housekeeping thread: %s\n",
2208 npth_attr_destroy (&tattr);
2212 /* Check whether the homedir is still available. */
2213 if (!shutdown_pending
2214 && gnupg_stat (gnupg_homedir (), &statbuf) && errno == ENOENT)
2216 shutdown_pending = 1;
2217 log_info ("homedir has been removed - shutting down\n");
2222 /* Check the nonce on a new connection. This is a NOP unless we are
2223 using our Unix domain socket emulation under Windows. */
2225 check_nonce (assuan_fd_t fd, assuan_sock_nonce_t *nonce)
2227 if (assuan_sock_check_nonce (fd, nonce))
2229 log_info (_("error reading nonce on fd %d: %s\n"),
2230 FD2INT (fd), strerror (errno));
2231 assuan_sock_close (fd);
2239 /* Helper to call a connection's main function. */
2241 start_connection_thread (void *arg)
2243 static unsigned int last_session_id;
2244 unsigned int session_id;
2245 union int_and_ptr_u argval;
2248 memset (&argval, 0, sizeof argval);
2252 if (check_nonce (fd, &socket_nonce))
2254 log_error ("handler nonce check FAILED\n");
2258 #ifndef HAVE_W32_SYSTEM
2259 npth_setspecific (my_tlskey_current_fd, argval.aptr);
2262 active_connections++;
2264 log_info (_("handler for fd %d started\n"), FD2INT (fd));
2266 session_id = ++last_session_id;
2268 session_id = ++last_session_id;
2269 start_command_handler (fd, session_id);
2272 log_info (_("handler for fd %d terminated\n"), FD2INT (fd));
2273 active_connections--;
2275 workqueue_run_post_session_tasks (session_id);
2277 #ifndef HAVE_W32_SYSTEM
2278 argval.afd = ASSUAN_INVALID_FD;
2279 npth_setspecific (my_tlskey_current_fd, argval.aptr);
2286 #ifdef HAVE_INOTIFY_INIT
2287 /* Read an inotify event and return true if it matches NAME. */
2289 my_inotify_is_name (int fd, const char *name)
2292 struct inotify_event ev;
2293 char _buf[sizeof (struct inotify_event) + 100 + 1];
2298 s = strrchr (name, '/');
2302 n = npth_read (fd, &buf, sizeof buf);
2303 if (n < sizeof (struct inotify_event))
2305 if (buf.ev.len < strlen (name)+1)
2307 if (strcmp (buf.ev.name, name))
2308 return 0; /* Not the desired file. */
2310 return 1; /* Found. */
2312 #endif /*HAVE_INOTIFY_INIT*/
2315 /* Main loop in daemon mode. Note that LISTEN_FD will be owned by
2318 handle_connections (assuan_fd_t listen_fd)
2321 #ifndef HAVE_W32_SYSTEM
2324 struct sockaddr_un paddr;
2325 socklen_t plen = sizeof( paddr );
2327 fd_set fdset, read_fdset;
2328 struct timespec abstime;
2329 struct timespec curtime;
2330 struct timespec timeout;
2332 int my_inotify_fd = -1;
2334 npth_attr_init (&tattr);
2335 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
2337 #ifndef HAVE_W32_SYSTEM /* FIXME */
2339 npth_sigev_add (SIGHUP);
2340 npth_sigev_add (SIGUSR1);
2341 npth_sigev_add (SIGUSR2);
2342 npth_sigev_add (SIGINT);
2343 npth_sigev_add (SIGTERM);
2347 #ifdef HAVE_INOTIFY_INIT
2348 if (disable_check_own_socket)
2350 else if ((my_inotify_fd = inotify_init ()) == -1)
2351 log_info ("error enabling fast daemon termination: %s\n",
2355 /* We need to watch the directory for the file because there
2356 * won't be an IN_DELETE_SELF for a socket file. */
2357 char *slash = strrchr (socket_name, '/');
2358 log_assert (slash && slash[1]);
2360 if (inotify_add_watch (my_inotify_fd, socket_name, IN_DELETE) == -1)
2362 close (my_inotify_fd);
2367 #endif /*HAVE_INOTIFY_INIT*/
2370 /* Setup the fdset. It has only one member. This is because we use
2371 pth_select instead of pth_accept to properly sync timeouts with
2374 FD_SET (FD2INT (listen_fd), &fdset);
2375 nfd = FD2INT (listen_fd);
2376 if (my_inotify_fd != -1)
2378 FD_SET (my_inotify_fd, &fdset);
2379 if (my_inotify_fd > nfd)
2380 nfd = my_inotify_fd;
2383 npth_clock_gettime (&abstime);
2384 abstime.tv_sec += TIMERTICK_INTERVAL;
2389 /* Shutdown test. */
2390 if (shutdown_pending)
2392 if (!active_connections)
2395 /* Do not accept new connections but keep on running the
2396 * loop to cope with the timer events.
2398 * Note that we do not close the listening socket because a
2399 * client trying to connect to that socket would instead
2400 * restart a new dirmngr instance - which is unlikely the
2401 * intention of a shutdown. */
2402 /* assuan_sock_close (listen_fd); */
2403 /* listen_fd = -1; */
2406 if (my_inotify_fd != -1)
2408 FD_SET (my_inotify_fd, &fdset);
2409 nfd = my_inotify_fd;
2413 /* Take a copy of the fdset. */
2416 npth_clock_gettime (&curtime);
2417 if (!(npth_timercmp (&curtime, &abstime, <)))
2419 /* Timeout. When a shutdown is pending we use a shorter
2420 * interval to handle the shutdown more quickly. */
2422 npth_clock_gettime (&abstime);
2423 abstime.tv_sec += (shutdown_pending
2424 ? TIMERTICK_INTERVAL_SHUTDOWN
2425 : TIMERTICK_INTERVAL);
2427 npth_timersub (&abstime, &curtime, &timeout);
2429 #ifndef HAVE_W32_SYSTEM
2430 ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout,
2431 npth_sigev_sigmask());
2432 saved_errno = errno;
2434 while (npth_sigev_get_pending(&signo))
2435 handle_signal (signo);
2437 ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, NULL, NULL);
2438 saved_errno = errno;
2441 if (ret == -1 && saved_errno != EINTR)
2443 log_error (_("npth_pselect failed: %s - waiting 1s\n"),
2444 strerror (saved_errno));
2451 /* Interrupt or timeout. Will be handled when calculating the
2456 if (shutdown_pending)
2458 /* Do not anymore accept connections. */
2462 #ifdef HAVE_INOTIFY_INIT
2463 if (my_inotify_fd != -1 && FD_ISSET (my_inotify_fd, &read_fdset)
2464 && my_inotify_is_name (my_inotify_fd, socket_name))
2466 shutdown_pending = 1;
2467 log_info ("socket file has been removed - shutting down\n");
2469 #endif /*HAVE_INOTIFY_INIT*/
2471 if (FD_ISSET (FD2INT (listen_fd), &read_fdset))
2475 plen = sizeof paddr;
2476 fd = INT2FD (npth_accept (FD2INT(listen_fd),
2477 (struct sockaddr *)&paddr, &plen));
2478 if (fd == GNUPG_INVALID_FD)
2480 log_error ("accept failed: %s\n", strerror (errno));
2484 char threadname[50];
2485 union int_and_ptr_u argval;
2488 memset (&argval, 0, sizeof argval);
2490 snprintf (threadname, sizeof threadname,
2491 "conn fd=%d", FD2INT(fd));
2493 ret = npth_create (&thread, &tattr,
2494 start_connection_thread, argval.aptr);
2497 log_error ("error spawning connection handler: %s\n",
2499 assuan_sock_close (fd);
2501 npth_setname_np (thread, threadname);
2506 #ifdef HAVE_INOTIFY_INIT
2507 if (my_inotify_fd != -1)
2508 close (my_inotify_fd);
2509 #endif /*HAVE_INOTIFY_INIT*/
2510 npth_attr_destroy (&tattr);
2511 if (listen_fd != GNUPG_INVALID_FD)
2512 assuan_sock_close (listen_fd);
2514 log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13));
2518 dirmngr_get_current_socket_name (void)
2523 return dirmngr_socket_name ();
2528 /* Parse the revision part from the extended version blurb. */
2530 get_revision_from_blurb (const char *blurb, int *r_len)
2532 const char *s = blurb? blurb : "";
2536 if (*s == '\n' && s[1] == '(')
2541 for (n=0; s[n] && s[n] != ' '; n++)
2554 /* Print versions of dirmngr and used libraries. This is used by
2555 * "gpgconf --show-versions" so that there is no need to link gpgconf
2556 * against all these libraries. This is an internal API and should
2557 * not be relied upon. */
2559 gpgconf_versions (void)
2564 /* Unfortunately Npth has no way to get the version. */
2566 s = get_revision_from_blurb (assuan_check_version ("\x01\x01"), &n);
2567 es_fprintf (es_stdout, "* Libassuan %s (%.*s)\n\n",
2568 assuan_check_version (NULL), n, s);
2570 s = get_revision_from_blurb (ksba_check_version ("\x01\x01"), &n);
2571 es_fprintf (es_stdout, "* KSBA %s (%.*s)\n\n",
2572 ksba_check_version (NULL), n, s);
2574 #ifdef HTTP_USE_NTBTLS
2575 s = get_revision_from_blurb (ntbtls_check_version ("\x01\x01"), &n);
2576 es_fprintf (es_stdout, "* NTBTLS %s (%.*s)\n\n",
2577 ntbtls_check_version (NULL), n, s);
2578 #elif HTTP_USE_GNUTLS
2579 es_fprintf (es_stdout, "* GNUTLS %s\n\n",
2580 gnutls_check_version (NULL));