1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007, 2008, 2009, 2010,
3 * 2011 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GnuPG; if not, see <http://www.gnu.org/licenses/>.
29 #include <sys/types.h>
38 #ifdef HAVE_W32_SYSTEM
39 # define WIN32_LEAN_AND_MEAN 1
46 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
51 #include "gc-opt-flags.h"
54 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
55 returns a plain filename without escaping. As long as we have not
56 fixed that we need to use gpg2. */
57 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
58 #define GPGNAME "gpg2"
60 #define GPGNAME GPG_NAME
65 Components: Add more components and their options.
66 Robustness: Do more validation. Call programs to do validation for us.
67 Add options to change backend binary path.
68 Extract binary path for some backends from gpgsm/gpg config.
72 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
73 void gc_error (int status, int errnum, const char *fmt, ...) \
74 __attribute__ ((format (printf, 3, 4)));
77 /* Output a diagnostic message. If ERRNUM is not 0, then the output
78 is followed by a colon, a white space, and the error string for the
79 error number ERRNUM. In any case the output is finished by a
80 newline. The message is prepended by the program name, a colon,
81 and a whitespace. The output may be further formatted or
82 redirected by the jnlib logging facility. */
84 gc_error (int status, int errnum, const char *fmt, ...)
88 va_start (arg_ptr, fmt);
89 log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
93 log_printf (": %s\n", strerror (errnum));
100 log_printf ("fatal error (exit status %i)\n", status);
106 /* Forward declaration. */
107 static void gpg_agent_runtime_change (int killflag);
108 static void scdaemon_runtime_change (int killflag);
109 static void dirmngr_runtime_change (int killflag);
111 /* Backend configuration. Backends are used to decide how the default
112 and current value of an option can be determined, and how the
113 option can be changed. To every option in every component belongs
114 exactly one backend that controls and determines the option. Some
115 backends are programs from the GPG system. Others might be
116 implemented by GPGConf itself. If you change this enum, don't
117 forget to update GC_BACKEND below. */
120 /* Any backend, used for find_option (). */
123 /* The Gnu Privacy Guard. */
126 /* The Gnu Privacy Guard for S/MIME. */
130 GC_BACKEND_GPG_AGENT,
132 /* The GnuPG SCDaemon. */
135 /* The GnuPG directory manager. */
138 /* The LDAP server list file for the director manager. */
139 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
141 /* The Pinentry (not a part of GnuPG, proper). */
144 /* The number of the above entries. */
149 /* To be able to implement generic algorithms for the various
150 backends, we collect all information about them in this struct. */
153 /* The name of the backend. */
156 /* The name of the program that acts as the backend. Some backends
157 don't have an associated program, but are implemented directly by
158 GPGConf. In this case, PROGRAM is NULL. */
161 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
162 ../common/util.h. This value is used to get the actual installed
163 path of the program. 0 is used if no backend program is
167 /* The runtime change callback. If KILLFLAG is true the component
168 is killed and not just reloaded. */
169 void (*runtime_change) (int killflag);
171 /* The option name for the configuration filename of this backend.
172 This must be an absolute filename. It can be an option from a
173 different backend (but then ordering of the options might
174 matter). Note: This must be unique among all components. */
175 const char *option_config_filename;
177 /* If this is a file backend rather than a program backend, then
178 this is the name of the option associated with the file. */
179 const char *option_name;
180 } gc_backend[GC_BACKEND_NR] =
182 { NULL }, /* GC_BACKEND_ANY dummy entry. */
183 { GPG_DISP_NAME, GPGNAME, GNUPG_MODULE_NAME_GPG,
184 NULL, GPGCONF_NAME "-" GPG_NAME ".conf" },
185 { GPGSM_DISP_NAME, GPGSM_NAME, GNUPG_MODULE_NAME_GPGSM,
186 NULL, GPGCONF_NAME "-" GPGSM_NAME ".conf" },
187 { GPG_AGENT_DISP_NAME, GPG_AGENT_NAME, GNUPG_MODULE_NAME_AGENT,
188 gpg_agent_runtime_change, GPGCONF_NAME"-" GPG_AGENT_NAME ".conf" },
189 { SCDAEMON_DISP_NAME, SCDAEMON_NAME, GNUPG_MODULE_NAME_SCDAEMON,
190 scdaemon_runtime_change, GPGCONF_NAME"-" SCDAEMON_NAME ".conf" },
191 { DIRMNGR_DISP_NAME, DIRMNGR_NAME, GNUPG_MODULE_NAME_DIRMNGR,
192 dirmngr_runtime_change, GPGCONF_NAME "-" DIRMNGR_NAME ".conf" },
193 { DIRMNGR_DISP_NAME " LDAP Server List", NULL, 0,
194 NULL, "ldapserverlist-file", "LDAP Server" },
195 { "Pinentry", "pinentry", GNUPG_MODULE_NAME_PINENTRY,
196 NULL, GPGCONF_NAME "-pinentry.conf" },
200 /* Option configuration. */
202 /* An option might take an argument, or not. Argument types can be
203 basic or complex. Basic types are generic and easy to validate.
204 Complex types provide more specific information about the intended
205 use, but can be difficult to validate. If you add to this enum,
206 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
207 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
211 /* Basic argument types. */
214 GC_ARG_TYPE_NONE = 0,
216 /* A String argument. */
217 GC_ARG_TYPE_STRING = 1,
219 /* A signed integer argument. */
220 GC_ARG_TYPE_INT32 = 2,
222 /* An unsigned integer argument. */
223 GC_ARG_TYPE_UINT32 = 3,
225 /* ADD NEW BASIC TYPE ENTRIES HERE. */
227 /* Complex argument types. */
229 /* A complete filename. */
230 GC_ARG_TYPE_FILENAME = 32,
232 /* An LDAP server in the format
233 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
234 GC_ARG_TYPE_LDAP_SERVER = 33,
236 /* A 40 character fingerprint. */
237 GC_ARG_TYPE_KEY_FPR = 34,
239 /* A user ID or key ID or fingerprint for a certificate. */
240 GC_ARG_TYPE_PUB_KEY = 35,
242 /* A user ID or key ID or fingerprint for a certificate with a key. */
243 GC_ARG_TYPE_SEC_KEY = 36,
245 /* A alias list made up of a key, an equal sign and a space
246 separated list of values. */
247 GC_ARG_TYPE_ALIAS_LIST = 37,
249 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
251 /* The number of the above entries. */
256 /* For every argument, we record some information about it in the
260 /* For every argument type exists a basic argument type that can be
261 used as a fallback for input and validation purposes. */
262 gc_arg_type_t fallback;
264 /* Human-readable name of the type. */
266 } gc_arg_type[GC_ARG_TYPE_NR] =
268 /* The basic argument types have their own types as fallback. */
269 { GC_ARG_TYPE_NONE, "none" },
270 { GC_ARG_TYPE_STRING, "string" },
271 { GC_ARG_TYPE_INT32, "int32" },
272 { GC_ARG_TYPE_UINT32, "uint32" },
274 /* Reserved basic type entries for future extension. */
275 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
282 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
284 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
285 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
286 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
287 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
288 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
290 /* The complex argument types have a basic type as fallback. */
291 { GC_ARG_TYPE_STRING, "filename" },
292 { GC_ARG_TYPE_STRING, "ldap server" },
293 { GC_ARG_TYPE_STRING, "key fpr" },
294 { GC_ARG_TYPE_STRING, "pub key" },
295 { GC_ARG_TYPE_STRING, "sec key" },
296 { GC_ARG_TYPE_STRING, "alias list" },
300 /* Every option has an associated expert level, than can be used to
301 hide advanced and expert options from beginners. If you add to
302 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
303 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
304 EXTERNAL INTERFACE. */
307 /* The basic options should always be displayed. */
310 /* The advanced options may be hidden from beginners. */
313 /* The expert options should only be displayed to experts. */
316 /* The invisible options should normally never be displayed. */
319 /* The internal options are never exported, they mark options that
320 are recorded for internal use only. */
323 /* ADD NEW ENTRIES HERE. */
325 /* The number of the above entries. */
329 /* A description for each expert level. */
343 /* Option flags. The flags which are used by the backends are defined
344 by gc-opt-flags.h, included above.
346 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
347 PART OF THE EXTERNAL INTERFACE. */
349 /* Some entries in the option list are not options, but mark the
350 beginning of a new group of options. These entries have the GROUP
352 #define GC_OPT_FLAG_GROUP (1UL << 0)
353 /* The ARG_OPT flag for an option indicates that the argument is
354 optional. This is never set for GC_ARG_TYPE_NONE options. */
355 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
356 /* The LIST flag for an option indicates that the option can occur
357 several times. A comma separated list of arguments is used as the
359 #define GC_OPT_FLAG_LIST (1UL << 2)
362 /* A human-readable description for each flag. */
379 /* To each option, or group marker, the information in the GC_OPTION
380 struct is provided. If you change this, don't forget to update the
381 option list of each component. */
384 /* If this is NULL, then this is a terminator in an array of unknown
385 length. Otherwise, if this entry is a group marker (see FLAGS),
386 then this is the name of the group described by this entry.
387 Otherwise it is the name of the option described by this
388 entry. The name must not contain a colon. */
391 /* The option flags. If the GROUP flag is set, then this entry is a
392 group marker, not an option, and only the fields LEVEL,
393 DESC_DOMAIN and DESC are valid. In all other cases, this entry
394 describes a new option and all fields are valid. */
397 /* The expert level. This field is valid for options and groups. A
398 group has the expert level of the lowest-level option in the
400 gc_expert_level_t level;
402 /* A gettext domain in which the following description can be found.
403 If this is NULL, then DESC is not translated. Valid for groups
406 Note that we try to keep the description of groups within the
409 IMPORTANT: If you add a new domain please make sure to add a code
410 set switching call to the function my_dgettext further below. */
411 const char *desc_domain;
413 /* A gettext description for this group or option. If it starts
414 with a '|', then the string up to the next '|' describes the
415 argument, and the description follows the second '|'.
417 In general enclosing these description in N_() is not required
418 because the description should be identical to the one in the
419 help menu of the respective program. */
422 /* The following fields are only valid for options. */
424 /* The type of the option argument. */
425 gc_arg_type_t arg_type;
427 /* The backend that implements this option. */
428 gc_backend_t backend;
430 /* The following fields are set to NULL at startup (because all
431 option's are declared as static variables). They are at the end
432 of the list so that they can be omitted from the option
435 /* This is true if the option is supported by this version of the
439 /* The default value for this option. This is NULL if the option is
440 not present in the backend, the empty string if no default is
441 available, and otherwise a quoted string. */
444 /* The default argument is only valid if the "optional arg" flag is
445 set, and specifies the default argument (value) that is used if
446 the argument is omitted. */
449 /* The current value of this option. */
452 /* The new flags for this option. The only defined flag is actually
453 GC_OPT_FLAG_DEFAULT, and it means that the option should be
454 deleted. In this case, NEW_VALUE is NULL. */
455 unsigned long new_flags;
457 /* The new value of this option. */
460 typedef struct gc_option gc_option_t;
462 /* Use this macro to terminate an option list. */
463 #define GC_OPTION_NULL { NULL }
466 #ifndef BUILD_WITH_AGENT
467 #define gc_options_gpg_agent NULL
469 /* The options of the GC_COMPONENT_GPG_AGENT component. */
470 static gc_option_t gc_options_gpg_agent[] =
472 /* The configuration file to which we write the changes. */
473 { GPGCONF_NAME"-" GPG_AGENT_NAME ".conf",
474 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
475 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
478 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
479 "gnupg", N_("Options controlling the diagnostic output") },
480 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
482 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
483 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
484 "gnupg", "be somewhat more quiet",
485 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
486 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
488 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
491 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
492 "gnupg", N_("Options controlling the configuration") },
493 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
494 "gnupg", "|FILE|read options from FILE",
495 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
496 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
497 "gnupg", "do not use the SCdaemon",
498 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
499 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
500 "gnupg", "enable ssh support",
501 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
502 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
503 "gnupg", "enable putty support",
504 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
507 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
508 "gnupg", N_("Options useful for debugging") },
509 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
510 "gnupg", "|LEVEL|set the debugging level to LEVEL",
511 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
512 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
513 "gnupg", N_("|FILE|write server mode logs to FILE"),
514 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
515 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
517 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
520 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
521 "gnupg", N_("Options controlling the security") },
522 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
523 GC_LEVEL_BASIC, "gnupg",
524 "|N|expire cached PINs after N seconds",
525 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
526 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
527 GC_LEVEL_ADVANCED, "gnupg",
528 N_("|N|expire SSH keys after N seconds"),
529 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
530 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
531 GC_LEVEL_EXPERT, "gnupg",
532 N_("|N|set maximum PIN cache lifetime to N seconds"),
533 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
534 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
535 GC_LEVEL_EXPERT, "gnupg",
536 N_("|N|set maximum SSH key lifetime to N seconds"),
537 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
538 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
539 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
540 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
541 { "allow-emacs-pinentry", GC_OPT_FLAG_RUNTIME,
543 "gnupg", "allow passphrase to be prompted through Emacs",
544 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
545 { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
546 GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
547 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
548 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
549 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
550 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
551 { "allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
552 GC_LEVEL_EXPERT, "gnupg", "allow caller to override the pinentry",
553 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
554 { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
555 "gnupg", "do not grab keyboard and mouse",
556 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
558 { "Passphrase policy",
559 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
560 "gnupg", N_("Options enforcing a passphrase policy") },
561 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
562 GC_LEVEL_EXPERT, "gnupg",
563 N_("do not allow to bypass the passphrase policy"),
564 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
565 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
566 GC_LEVEL_ADVANCED, "gnupg",
567 N_("|N|set minimal required length for new passphrases to N"),
568 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
569 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
570 GC_LEVEL_EXPERT, "gnupg",
571 N_("|N|require at least N non-alpha characters for a new passphrase"),
572 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
573 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
575 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
576 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
577 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
578 GC_LEVEL_EXPERT, "gnupg",
579 N_("|N|expire the passphrase after N days"),
580 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
581 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
582 GC_LEVEL_EXPERT, "gnupg",
583 N_("do not allow the reuse of old passphrases"),
584 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
585 { "pinentry-timeout", GC_OPT_FLAG_RUNTIME,
586 GC_LEVEL_ADVANCED, "gnupg",
587 N_("|N|set the Pinentry timeout to N seconds"),
588 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
592 #endif /*BUILD_WITH_AGENT*/
595 #ifndef BUILD_WITH_SCDAEMON
596 #define gc_options_scdaemon NULL
598 /* The options of the GC_COMPONENT_SCDAEMON component. */
599 static gc_option_t gc_options_scdaemon[] =
601 /* The configuration file to which we write the changes. */
602 { GPGCONF_NAME"-"SCDAEMON_NAME".conf",
603 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
604 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
607 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
608 "gnupg", N_("Options controlling the diagnostic output") },
609 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
611 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
612 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
613 "gnupg", "be somewhat more quiet",
614 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
615 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
617 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
620 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
621 "gnupg", N_("Options controlling the configuration") },
622 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
623 "gnupg", "|FILE|read options from FILE",
624 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
625 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
626 "gnupg", "|N|connect to reader at port N",
627 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
628 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
629 "gnupg", "|NAME|use NAME as ct-API driver",
630 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
631 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
632 "gnupg", "|NAME|use NAME as PC/SC driver",
633 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
634 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
635 "gnupg", "do not use the internal CCID driver",
636 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
637 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
638 "gnupg", "do not use a reader's pinpad",
639 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
640 { "enable-pinpad-varlen",
641 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
642 "gnupg", "use variable length input for pinpad",
643 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
644 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
645 "gnupg", "|N|disconnect the card after N seconds of inactivity",
646 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
649 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
650 "gnupg", N_("Options useful for debugging") },
651 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
652 "gnupg", "|LEVEL|set the debugging level to LEVEL",
653 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
654 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
655 "gnupg", N_("|FILE|write a log to FILE"),
656 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
659 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
660 "gnupg", N_("Options controlling the security") },
661 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
662 "gnupg", "deny the use of admin card commands",
663 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
668 #endif /*BUILD_WITH_SCDAEMON*/
670 #ifndef BUILD_WITH_GPG
671 #define gc_options_gpg NULL
673 /* The options of the GC_COMPONENT_GPG component. */
674 static gc_option_t gc_options_gpg[] =
676 /* The configuration file to which we write the changes. */
677 { GPGCONF_NAME"-"GPG_NAME".conf",
678 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
679 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
682 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
683 "gnupg", N_("Options controlling the diagnostic output") },
684 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
686 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
687 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
688 "gnupg", "be somewhat more quiet",
689 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
690 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
692 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
695 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
696 "gnupg", N_("Options controlling the configuration") },
697 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
698 "gnupg", N_("|NAME|use NAME as default secret key"),
699 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
700 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
701 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
702 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
703 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
704 "gnupg", N_("|SPEC|set up email aliases"),
705 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
706 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
707 "gnupg", "|FILE|read options from FILE",
708 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
709 { "default_pubkey_algo",
710 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
712 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
716 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
717 "gnupg", N_("Options useful for debugging") },
718 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
719 "gnupg", "|LEVEL|set the debugging level to LEVEL",
720 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
721 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
722 "gnupg", N_("|FILE|write server mode logs to FILE"),
723 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
724 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
726 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
729 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
730 "gnupg", N_("Configuration for Keyservers") },
731 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
732 "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
733 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
734 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
735 "gnupg", N_("allow PKA lookups (DNS requests)"),
736 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
737 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
738 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
739 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
744 #endif /*BUILD_WITH_GPG*/
747 #ifndef BUILD_WITH_GPGSM
748 #define gc_options_gpgsm NULL
750 /* The options of the GC_COMPONENT_GPGSM component. */
751 static gc_option_t gc_options_gpgsm[] =
753 /* The configuration file to which we write the changes. */
754 { GPGCONF_NAME"-"GPGSM_NAME".conf",
755 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
756 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
759 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
760 "gnupg", N_("Options controlling the diagnostic output") },
761 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
763 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
764 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
765 "gnupg", "be somewhat more quiet",
766 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
767 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
769 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
772 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
773 "gnupg", N_("Options controlling the configuration") },
774 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
775 "gnupg", N_("|NAME|use NAME as default secret key"),
776 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
777 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
778 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
779 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
780 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
781 "gnupg", "|FILE|read options from FILE",
782 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
783 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
784 "gnupg", "use system's dirmngr if available",
785 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
786 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
787 "gnupg", N_("disable all access to the dirmngr"),
788 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
789 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
790 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
791 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
792 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
793 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
794 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
795 { "default_pubkey_algo",
796 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
798 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
801 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
802 "gnupg", N_("Options useful for debugging") },
803 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
804 "gnupg", "|LEVEL|set the debugging level to LEVEL",
805 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
806 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
807 "gnupg", N_("|FILE|write server mode logs to FILE"),
808 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
809 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
811 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
814 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
815 "gnupg", N_("Options controlling the security") },
816 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
817 "gnupg", "never consult a CRL",
818 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
819 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
820 "gnupg", N_("do not check CRLs for root certificates"),
821 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
822 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
823 "gnupg", "check validity using OCSP",
824 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
825 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
826 "gnupg", "|N|number of certificates to include",
827 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
828 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
829 "gnupg", "do not check certificate policies",
830 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
831 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
832 "gnupg", "fetch missing issuer certificates",
833 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
834 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
835 "gnupg", "|NAME|use cipher algorithm NAME",
836 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
840 #endif /*BUILD_WITH_GPGSM*/
843 #ifndef BUILD_WITH_DIRMNGR
844 #define gc_options_dirmngr NULL
846 /* The options of the GC_COMPONENT_DIRMNGR component. */
847 static gc_option_t gc_options_dirmngr[] =
849 /* The configuration file to which we write the changes. */
850 { GPGCONF_NAME"-"DIRMNGR_NAME".conf",
851 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
852 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
855 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
856 "gnupg", N_("Options controlling the diagnostic output") },
857 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
858 "dirmngr", "verbose",
859 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
860 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
861 "dirmngr", "be somewhat more quiet",
862 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
863 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
865 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
868 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
869 "gnupg", N_("Options controlling the format of the output") },
870 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
871 "dirmngr", "sh-style command output",
872 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
873 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
874 "dirmngr", "csh-style command output",
875 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
878 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
879 "gnupg", N_("Options controlling the configuration") },
880 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
881 "dirmngr", "|FILE|read options from FILE",
882 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
885 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
886 "gnupg", N_("Options useful for debugging") },
887 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
888 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
889 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
890 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
891 "dirmngr", "do not detach from the console",
892 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
893 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
894 "dirmngr", N_("|FILE|write server mode logs to FILE"),
895 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
896 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
898 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
899 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
901 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
904 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
905 "gnupg", N_("Options controlling the interactivity and enforcement") },
906 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
907 "dirmngr", "run without asking a user",
908 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
909 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
910 "dirmngr", "force loading of outdated CRLs",
911 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
914 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
915 "gnupg", N_("Options controlling the use of Tor") },
916 { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
917 "dirmngr", "route all network traffic via TOR",
918 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
921 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
922 "gnupg", N_("Configuration for Keyservers") },
923 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
924 "gnupg", N_("|URL|use keyserver at URL"),
925 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
928 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
929 "gnupg", N_("Configuration for HTTP servers") },
930 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
931 "dirmngr", "inhibit the use of HTTP",
932 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
933 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
934 "dirmngr", "ignore HTTP CRL distribution points",
935 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
936 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
937 "dirmngr", "|URL|redirect all HTTP requests to URL",
938 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
939 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
940 "gnupg", N_("use system's HTTP proxy setting"),
941 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
944 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
945 "gnupg", N_("Configuration of LDAP servers to use") },
946 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
947 "dirmngr", "inhibit the use of LDAP",
948 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
949 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
950 "dirmngr", "ignore LDAP CRL distribution points",
951 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
952 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
953 "dirmngr", "|HOST|use HOST for LDAP queries",
954 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
955 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
956 "dirmngr", "do not use fallback hosts with --ldap-proxy",
957 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
958 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
959 "dirmngr", "add new servers discovered in CRL distribution points"
960 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
961 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
962 "dirmngr", "|N|set LDAP timeout to N seconds",
963 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
964 /* The following entry must not be removed, as it is required for
965 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
966 { "ldapserverlist-file",
967 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
968 "dirmngr", "|FILE|read LDAP server list from FILE",
969 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
970 /* This entry must come after at least one entry for
971 GC_BACKEND_DIRMNGR in this component, so that the entry for
972 "ldapserverlist-file will be initialized before this one. */
973 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
974 "gnupg", N_("LDAP server list"),
975 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
976 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
977 "dirmngr", "|N|do not return more than N items in one query",
978 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
981 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
982 "gnupg", N_("Configuration for OCSP") },
983 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
984 "dirmngr", "allow sending OCSP requests",
985 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
986 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
987 "dirmngr", "ignore certificate contained OCSP service URLs",
988 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
989 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
990 "dirmngr", "|URL|use OCSP responder at URL",
991 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
992 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
993 "dirmngr", "|FPR|OCSP response signed by FPR",
994 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
999 #endif /*BUILD_WITH_DIRMNGR*/
1002 /* The options of the GC_COMPONENT_PINENTRY component. */
1003 static gc_option_t gc_options_pinentry[] =
1005 /* A dummy option to allow gc_component_list_components to find the
1006 pinentry backend. Needs to be a conf file. */
1007 { GPGCONF_NAME"-pinentry.conf",
1008 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1009 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_PINENTRY },
1016 /* Component system. Each component is a set of options that can be
1017 configured at the same time. If you change this, don't forget to
1018 update GC_COMPONENT below. */
1021 /* The classic GPG for OpenPGP. */
1024 /* The GPG Agent. */
1025 GC_COMPONENT_GPG_AGENT,
1027 /* The Smardcard Daemon. */
1028 GC_COMPONENT_SCDAEMON,
1030 /* GPG for S/MIME. */
1033 /* The LDAP Directory Manager for CRLs. */
1034 GC_COMPONENT_DIRMNGR,
1036 /* The external Pinentry. */
1037 GC_COMPONENT_PINENTRY,
1039 /* The number of components. */
1044 /* The information associated with each component. */
1047 /* The name of this component. Must not contain a colon (':')
1051 /* The gettext domain for the description DESC. If this is NULL,
1052 then the description is not translated. */
1053 const char *desc_domain;
1055 /* The description for this domain. */
1058 /* The list of options for this component, terminated by
1060 gc_option_t *options;
1063 { "gpg", "gnupg", N_("GPG for OpenPGP"), gc_options_gpg },
1064 { "gpg-agent","gnupg", N_("GPG Agent"), gc_options_gpg_agent },
1065 { "scdaemon", "gnupg", N_("Smartcard Daemon"), gc_options_scdaemon },
1066 { "gpgsm", "gnupg", N_("GPG for S/MIME"), gc_options_gpgsm },
1067 { "dirmngr", "gnupg", N_("Key Acquirer"), gc_options_dirmngr },
1068 { "pinentry", "gnupg", N_("PIN and Passphrase Entry"), gc_options_pinentry }
1073 /* Structure used to collect error output of the backend programs. */
1074 struct error_line_s;
1075 typedef struct error_line_s *error_line_t;
1078 error_line_t next; /* Link to next item. */
1079 const char *fname; /* Name of the config file (points into BUFFER). */
1080 unsigned int lineno; /* Line number of the config file. */
1081 const char *errtext; /* Text of the error message (points into BUFFER). */
1082 char buffer[1]; /* Helper buffer. */
1087 /* Engine specific support. */
1089 gpg_agent_runtime_change (int killflag)
1092 const char *pgmname;
1093 const char *argv[3];
1096 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1097 argv[0] = "--no-autostart";
1098 argv[1] = killflag? "KILLAGENT" : "RELOADAGENT";
1101 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1103 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1105 gc_error (0, 0, "error running '%s %s': %s",
1106 pgmname, argv[1], gpg_strerror (err));
1107 gnupg_release_process (pid);
1112 scdaemon_runtime_change (int killflag)
1115 const char *pgmname;
1116 const char *argv[7];
1119 (void)killflag; /* For scdaemon kill and reload are synonyms. */
1121 /* We use "GETINFO app_running" to see whether the agent is already
1122 running and kill it only in this case. This avoids an explicit
1123 starting of the agent in case it is not yet running. There is
1124 obviously a race condition but that should not harm too much. */
1126 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1128 argv[1] = "--no-autostart";
1129 argv[2] = "GETINFO scd_running";
1130 argv[3] = "/if ${! $?}";
1131 argv[4] = "scd killscd";
1135 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1137 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1139 gc_error (0, 0, "error running '%s %s': %s",
1140 pgmname, argv[4], gpg_strerror (err));
1141 gnupg_release_process (pid);
1146 dirmngr_runtime_change (int killflag)
1149 const char *pgmname;
1150 const char *argv[4];
1153 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1154 argv[0] = "--no-autostart";
1155 argv[1] = "--dirmngr";
1156 argv[2] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
1159 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1161 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1163 gc_error (0, 0, "error running '%s %s': %s",
1164 pgmname, argv[2], gpg_strerror (err));
1165 gnupg_release_process (pid);
1169 /* Launch the gpg-agent or the dirmngr if not already running. */
1171 gc_component_launch (int component)
1174 const char *pgmname;
1175 const char *argv[3];
1179 if (!(component == GC_COMPONENT_GPG_AGENT
1180 || component == GC_COMPONENT_DIRMNGR))
1182 es_fputs (_("Component not suitable for launching"), es_stderr);
1183 es_putc ('\n', es_stderr);
1187 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1189 if (component == GC_COMPONENT_DIRMNGR)
1190 argv[i++] = "--dirmngr";
1194 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1196 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1198 gc_error (0, 0, "error running '%s%s%s': %s",
1200 component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
1202 gpg_strerror (err));
1203 gnupg_release_process (pid);
1208 /* Unconditionally restart COMPONENT. */
1210 gc_component_kill (int component)
1212 int runtime[GC_BACKEND_NR];
1213 gc_option_t *option;
1214 gc_backend_t backend;
1216 /* Set a flag for the backends to be reloaded. */
1217 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1218 runtime[backend] = 0;
1222 assert (component < GC_COMPONENT_NR);
1223 option = gc_component[component].options;
1224 for (; option && option->name; option++)
1225 runtime[option->backend] = 1;
1228 /* Do the restart for the selected backends. */
1229 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1231 if (runtime[backend] && gc_backend[backend].runtime_change)
1232 (*gc_backend[backend].runtime_change) (1);
1237 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1239 gc_component_reload (int component)
1241 int runtime[GC_BACKEND_NR];
1242 gc_option_t *option;
1243 gc_backend_t backend;
1245 /* Set a flag for the backends to be reloaded. */
1246 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1247 runtime[backend] = 0;
1249 if (component == -1)
1251 for (component = 0; component < GC_COMPONENT_NR; component++)
1253 option = gc_component[component].options;
1254 for (; option && option->name; option++)
1255 runtime[option->backend] = 1;
1260 assert (component < GC_COMPONENT_NR);
1261 option = gc_component[component].options;
1262 for (; option && option->name; option++)
1263 runtime[option->backend] = 1;
1266 /* Do the reload for all selected backends. */
1267 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1269 if (runtime[backend] && gc_backend[backend].runtime_change)
1270 (*gc_backend[backend].runtime_change) (0);
1276 /* More or less Robust version of dgettext. It has the side effect of
1277 switching the codeset to utf-8 because this is what we want to
1278 output. In theory it is posible to keep the original code set and
1279 switch back for regular disgnostic output (redefine "_(" for that)
1280 but given the natur of this tool, being something invoked from
1281 other pograms, it does not make much sense. */
1283 my_dgettext (const char *domain, const char *msgid)
1285 #ifdef USE_SIMPLE_GETTEXT
1288 static int switched_codeset;
1291 if (!switched_codeset)
1293 switched_codeset = 1;
1294 gettext_use_utf8 (1);
1297 if (!strcmp (domain, "gnupg"))
1298 domain = PACKAGE_GT;
1300 /* FIXME: we have no dgettext, thus we can't switch. */
1302 text = (char*)gettext (msgid);
1303 return text ? text : msgid;
1307 #elif defined(ENABLE_NLS)
1310 static int switched_codeset;
1313 if (!switched_codeset)
1315 switched_codeset = 1;
1316 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1318 bindtextdomain (DIRMNGR_NAME, LOCALEDIR);
1319 bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
1323 /* Note: This is a hack to actually use the gnupg2 domain as
1324 long we are in a transition phase where gnupg 1.x and 1.9 may
1326 if (!strcmp (domain, "gnupg"))
1327 domain = PACKAGE_GT;
1329 text = dgettext (domain, msgid);
1330 return text ? text : msgid;
1341 /* Percent-Escape special characters. The string is valid until the
1342 next invocation of the function. */
1344 gc_percent_escape (const char *src)
1346 static char *esc_str;
1347 static int esc_str_len;
1348 int new_len = 3 * strlen (src) + 1;
1351 if (esc_str_len < new_len)
1353 char *new_esc_str = realloc (esc_str, new_len);
1355 gc_error (1, errno, "can not escape string");
1356 esc_str = new_esc_str;
1357 esc_str_len = new_len;
1369 else if (*src == ':')
1371 /* The colon is used as field separator. */
1376 else if (*src == ',')
1378 /* The comma is used as list separator. */
1393 /* Percent-Deescape special characters. The string is valid until the
1394 next invocation of the function. */
1396 percent_deescape (const char *src)
1400 int new_len = 3 * strlen (src) + 1;
1403 if (str_len < new_len)
1405 char *new_str = realloc (str, new_len);
1407 gc_error (1, errno, "can not deescape string");
1417 int val = hextobyte (src + 1);
1420 gc_error (1, 0, "malformed end of string %s", src);
1422 *(dst++) = (char) val;
1426 *(dst++) = *(src++);
1433 /* List all components that are available. */
1435 gc_component_list_components (estream_t out)
1437 gc_component_t component;
1438 gc_option_t *option;
1439 gc_backend_t backend;
1440 int backend_seen[GC_BACKEND_NR];
1442 const char *pgmname;
1444 for (component = 0; component < GC_COMPONENT_NR; component++)
1446 option = gc_component[component].options;
1449 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1450 backend_seen[backend] = 0;
1453 for (; option && option->name; option++)
1455 if ((option->flags & GC_OPT_FLAG_GROUP))
1457 backend = option->backend;
1458 if (backend_seen[backend])
1460 backend_seen[backend] = 1;
1461 assert (backend != GC_BACKEND_ANY);
1462 if (gc_backend[backend].program
1463 && !gc_backend[backend].module_name)
1465 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1469 desc = gc_component[component].desc;
1470 desc = my_dgettext (gc_component[component].desc_domain, desc);
1471 es_fprintf (out, "%s:%s:",
1472 gc_component[component].name, gc_percent_escape (desc));
1473 es_fprintf (out, "%s\n", gc_percent_escape (pgmname));
1481 all_digits_p (const char *p, size_t len)
1485 for (; len; len--, p++)
1486 if (!isascii (*p) || !isdigit (*p))
1488 return 1; /* Yes. */
1492 /* Collect all error lines from stream FP. Only lines prefixed with
1493 TAG are considered. Returns a list of error line items (which may
1494 be empty). There is no error return. */
1496 collect_error_output (estream_t fp, const char *tag)
1502 error_line_t eitem, errlines, *errlines_tail;
1503 size_t taglen = strlen (tag);
1506 errlines_tail = &errlines;
1509 while ((c=es_getc (fp)) != EOF)
1512 if (pos >= sizeof buffer - 5 || c == '\n')
1514 buffer[pos - (c == '\n')] = 0;
1516 ; /*Ignore continuations of previous line. */
1517 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1519 /* "gpgsm: foo:4: bla" */
1520 /* Yep, we are interested in this line. */
1521 p = buffer + taglen + 1;
1522 while (*p == ' ' || *p == '\t')
1524 trim_trailing_spaces (p); /* Get rid of extra CRs. */
1526 ; /* Empty lines are ignored. */
1527 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1528 && all_digits_p (p2+1, p3 - (p2+1)))
1530 /* Line in standard compiler format. */
1532 while (*p3 == ' ' || *p3 == '\t')
1534 eitem = xmalloc (sizeof *eitem + strlen (p));
1536 strcpy (eitem->buffer, p);
1537 eitem->fname = eitem->buffer;
1538 eitem->buffer[p2-p] = 0;
1539 eitem->errtext = eitem->buffer + (p3 - p);
1540 /* (we already checked that there are only ascii
1541 digits followed by a colon) */
1543 for (p2++; isdigit (*p2); p2++)
1544 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1545 *errlines_tail = eitem;
1546 errlines_tail = &eitem->next;
1550 /* Other error output. */
1551 eitem = xmalloc (sizeof *eitem + strlen (p));
1553 strcpy (eitem->buffer, p);
1554 eitem->fname = NULL;
1555 eitem->errtext = eitem->buffer;
1557 *errlines_tail = eitem;
1558 errlines_tail = &eitem->next;
1562 /* If this was not a complete line mark that we are in a
1564 cont_line = (c != '\n');
1568 /* We ignore error lines not terminated by a LF. */
1573 /* Check the options of a single component. Returns 0 if everything
1576 gc_component_check_options (int component, estream_t out, const char *conf_file)
1579 unsigned int result;
1580 int backend_seen[GC_BACKEND_NR];
1581 gc_backend_t backend;
1582 gc_option_t *option;
1583 const char *pgmname;
1584 const char *argv[4];
1589 error_line_t errlines;
1591 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1592 backend_seen[backend] = 0;
1594 option = gc_component[component].options;
1595 for (; option && option->name; option++)
1597 if ((option->flags & GC_OPT_FLAG_GROUP))
1599 backend = option->backend;
1600 if (backend_seen[backend])
1602 backend_seen[backend] = 1;
1603 assert (backend != GC_BACKEND_ANY);
1604 if (!gc_backend[backend].program)
1606 if (!gc_backend[backend].module_name)
1611 if (! option || ! option->name)
1614 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1618 argv[i++] = "--options";
1619 argv[i++] = conf_file;
1621 if (component == GC_COMPONENT_PINENTRY)
1622 argv[i++] = "--version";
1624 argv[i++] = "--gpgconf-test";
1629 err = gnupg_spawn_process (pgmname, argv, GPG_ERR_SOURCE_DEFAULT, NULL, 0,
1630 NULL, NULL, &errfp, &pid);
1632 result |= 1; /* Program could not be run. */
1635 errlines = collect_error_output (errfp,
1636 gc_component[component].name);
1637 if (gnupg_wait_process (pgmname, pid, 1, &exitcode))
1640 result |= 1; /* Program could not be run or it
1641 terminated abnormally. */
1642 result |= 2; /* Program returned an error. */
1644 gnupg_release_process (pid);
1648 /* If the program could not be run, we can't tell whether
1649 the config file is good. */
1656 error_line_t errptr;
1658 desc = gc_component[component].desc;
1659 desc = my_dgettext (gc_component[component].desc_domain, desc);
1660 es_fprintf (out, "%s:%s:",
1661 gc_component[component].name, gc_percent_escape (desc));
1662 es_fputs (gc_percent_escape (pgmname), out);
1663 es_fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1664 for (errptr = errlines; errptr; errptr = errptr->next)
1666 if (errptr != errlines)
1667 es_fputs ("\n:::::", out); /* Continuation line. */
1669 es_fputs (gc_percent_escape (errptr->fname), out);
1672 es_fprintf (out, "%u", errptr->lineno);
1674 es_fputs (gc_percent_escape (errptr->errtext), out);
1677 es_putc ('\n', out);
1682 error_line_t tmp = errlines->next;
1692 /* Check all components that are available. */
1694 gc_check_programs (estream_t out)
1696 gc_component_t component;
1698 for (component = 0; component < GC_COMPONENT_NR; component++)
1699 gc_component_check_options (component, out, NULL);
1704 /* Find the component with the name NAME. Returns -1 if not
1707 gc_component_find (const char *name)
1711 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1713 if (gc_component[idx].options
1714 && !strcmp (name, gc_component[idx].name))
1721 /* List the option OPTION. */
1723 list_one_option (const gc_option_t *option, estream_t out)
1725 const char *desc = NULL;
1726 char *arg_name = NULL;
1730 desc = my_dgettext (option->desc_domain, option->desc);
1734 const char *arg_tail = strchr (&desc[1], '|');
1738 int arg_len = arg_tail - &desc[1];
1739 arg_name = xmalloc (arg_len + 1);
1740 memcpy (arg_name, &desc[1], arg_len);
1741 arg_name[arg_len] = '\0';
1742 desc = arg_tail + 1;
1748 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1749 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1752 /* The name field. */
1753 es_fprintf (out, "%s", option->name);
1755 /* The flags field. */
1756 es_fprintf (out, ":%lu", option->flags);
1762 es_fprintf (out, "none");
1765 unsigned long flags = option->flags;
1766 unsigned long flag = 0;
1767 unsigned long first = 1;
1777 es_fprintf (out, "%s", gc_flag[flag].name);
1785 /* The level field. */
1786 es_fprintf (out, ":%u", option->level);
1788 es_fprintf (out, " %s", gc_level[option->level].name);
1790 /* The description field. */
1791 es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1793 /* The type field. */
1794 es_fprintf (out, ":%u", option->arg_type);
1796 es_fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1798 /* The alternate type field. */
1799 es_fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1801 es_fprintf (out, " %s",
1802 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1804 /* The argument name field. */
1805 es_fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1808 /* The default value field. */
1809 es_fprintf (out, ":%s", option->default_value ? option->default_value : "");
1811 /* The default argument field. */
1812 es_fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1814 /* The value field. */
1815 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1816 && (option->flags & GC_OPT_FLAG_LIST)
1818 /* The special format "1,1,1,1,...,1" is converted to a number
1820 es_fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1822 es_fprintf (out, ":%s", option->value ? option->value : "");
1824 /* ADD NEW FIELDS HERE. */
1826 es_putc ('\n', out);
1830 /* List all options of the component COMPONENT. */
1832 gc_component_list_options (int component, estream_t out)
1834 const gc_option_t *option = gc_component[component].options;
1836 while (option && option->name)
1838 /* Do not output unknown or internal options. */
1839 if (!(option->flags & GC_OPT_FLAG_GROUP)
1840 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1846 if (option->flags & GC_OPT_FLAG_GROUP)
1848 const gc_option_t *group_option = option + 1;
1849 gc_expert_level_t level = GC_LEVEL_NR;
1851 /* The manual states that the group level is always the
1852 minimum of the levels of all contained options. Due to
1853 different active options, and because it is hard to
1854 maintain manually, we calculate it here. The value in
1855 the global static table is ignored. */
1857 while (group_option->name)
1859 if (group_option->flags & GC_OPT_FLAG_GROUP)
1861 if (group_option->level < level)
1862 level = group_option->level;
1866 /* Check if group is empty. */
1867 if (level != GC_LEVEL_NR)
1869 gc_option_t opt_copy;
1871 /* Fix up the group level. */
1872 memcpy (&opt_copy, option, sizeof (opt_copy));
1873 opt_copy.level = level;
1874 list_one_option (&opt_copy, out);
1878 list_one_option (option, out);
1885 /* Find the option NAME in component COMPONENT, for the backend
1886 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
1887 static gc_option_t *
1888 find_option (gc_component_t component, const char *name,
1889 gc_backend_t backend)
1891 gc_option_t *option = gc_component[component].options;
1892 while (option->name)
1894 if (!(option->flags & GC_OPT_FLAG_GROUP)
1895 && !strcmp (option->name, name)
1896 && (backend == GC_BACKEND_ANY || option->backend == backend))
1900 return option->name ? option : NULL;
1904 /* Determine the configuration filename for the component COMPONENT
1905 and backend BACKEND. */
1907 get_config_filename (gc_component_t component, gc_backend_t backend)
1909 char *filename = NULL;
1910 gc_option_t *option = find_option
1911 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
1913 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
1914 assert (!(option->flags & GC_OPT_FLAG_LIST));
1916 if (!option->active || !option->default_value)
1917 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
1918 gc_backend[backend].option_config_filename,
1919 gc_backend[backend].name);
1921 if (option->value && *option->value)
1922 filename = percent_deescape (&option->value[1]);
1923 else if (option->default_value && *option->default_value)
1924 filename = percent_deescape (&option->default_value[1]);
1928 #if HAVE_W32CE_SYSTEM
1929 if (!(filename[0] == '/' || filename[0] == '\\'))
1930 #elif defined(HAVE_DOSISH_SYSTEM)
1932 && filename[1] == ':'
1933 && (filename[2] == '/' || filename[2] == '\\')))
1935 if (filename[0] != '/')
1937 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
1938 gc_backend[backend].option_config_filename,
1939 gc_backend[backend].name);
1945 /* Retrieve the options for the component COMPONENT from backend
1946 BACKEND, which we already know is a program-type backend. */
1948 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
1951 const char *pgmname;
1952 const char *argv[2];
1957 size_t line_len = 0;
1960 char *config_filename;
1962 pgmname = (gc_backend[backend].module_name
1963 ? gnupg_module_name (gc_backend[backend].module_name)
1964 : gc_backend[backend].program );
1965 argv[0] = "--gpgconf-list";
1968 err = gnupg_spawn_process (pgmname, argv, GPG_ERR_SOURCE_DEFAULT, NULL, 0,
1969 NULL, &outfp, NULL, &pid);
1972 gc_error (1, 0, "could not gather active options from '%s': %s",
1973 pgmname, gpg_strerror (err));
1976 while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
1978 gc_option_t *option;
1980 unsigned long flags = 0;
1981 char *default_value = NULL;
1983 /* Strip newline and carriage return, if present. */
1985 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
1986 line[--length] = '\0';
1988 linep = strchr (line, ':');
1992 /* Extract additional flags. Default to none. */
1998 end = strchr (linep, ':');
2002 gpg_err_set_errno (0);
2003 flags = strtoul (linep, &tail, 0);
2005 gc_error (1, errno, "malformed flags in option %s from %s",
2007 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
2008 gc_error (1, 0, "garbage after flags in option %s from %s",
2014 /* Extract default value, if present. Default to empty if
2020 end = strchr (linep, ':');
2024 if (flags & GC_OPT_FLAG_DEFAULT)
2025 default_value = linep;
2030 /* Look up the option in the component and install the
2031 configuration data. */
2032 option = find_option (component, line, backend);
2036 gc_error (1, errno, "option %s returned twice from %s",
2040 option->flags |= flags;
2041 if (default_value && *default_value)
2042 option->default_value = xstrdup (default_value);
2045 if (length < 0 || es_ferror (outfp))
2046 gc_error (1, errno, "error reading from %s", pgmname);
2047 if (es_fclose (outfp))
2048 gc_error (1, errno, "error closing %s", pgmname);
2050 err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
2052 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
2053 pgmname, exitcode, gpg_strerror (err));
2054 gnupg_release_process (pid);
2057 /* At this point, we can parse the configuration file. */
2058 config_filename = get_config_filename (component, backend);
2060 config = es_fopen (config_filename, "r");
2062 gc_error (0, errno, "warning: can not open config file %s",
2066 while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
2070 gc_option_t *option;
2073 while (*name == ' ' || *name == '\t')
2075 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
2079 while (*value && *value != ' ' && *value != '\t'
2080 && *value != '#' && *value != '\r' && *value != '\n')
2082 if (*value == ' ' || *value == '\t')
2087 while (*value == ' ' || *value == '\t')
2091 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2093 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
2100 /* Look up the option in the component and install the
2101 configuration data. */
2102 option = find_option (component, line, backend);
2107 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2111 "warning: ignoring argument %s for option %s",
2113 opt_value = xstrdup ("1");
2115 else if (gc_arg_type[option->arg_type].fallback
2116 == GC_ARG_TYPE_STRING)
2117 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
2120 /* FIXME: Verify that the number is sane. */
2121 opt_value = xstrdup (value);
2124 /* Now enter the option into the table. */
2125 if (!(option->flags & GC_OPT_FLAG_LIST))
2128 free (option->value);
2129 option->value = opt_value;
2134 option->value = opt_value;
2137 char *opt_val = opt_value;
2139 option->value = xasprintf ("%s,%s", option->value,
2147 if (length < 0 || es_ferror (config))
2148 gc_error (1, errno, "error reading from %s", config_filename);
2149 if (es_fclose (config))
2150 gc_error (1, errno, "error closing %s", config_filename);
2157 /* Retrieve the options for the component COMPONENT from backend
2158 BACKEND, which we already know is of type file list. */
2160 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2162 gc_option_t *list_option;
2163 gc_option_t *config_option;
2164 char *list_filename;
2167 size_t line_len = 0;
2171 list_option = find_option (component,
2172 gc_backend[backend].option_name, GC_BACKEND_ANY);
2173 assert (list_option);
2174 assert (!list_option->active);
2176 list_filename = get_config_filename (component, backend);
2177 list_file = fopen (list_filename, "r");
2179 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2183 while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
2190 while (*start == ' ' || *start == '\t')
2192 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2196 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2198 /* Walk back to skip trailing white spaces. Looks evil, but
2199 works because of the conditions on START and END imposed
2200 at this point (END is at least START + 1, and START is
2201 not a whitespace character). */
2202 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2205 /* FIXME: Oh, no! This is so lame! Should use realloc and
2209 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2214 list = xasprintf ("\"%s", gc_percent_escape (start));
2216 if (length < 0 || ferror (list_file))
2217 gc_error (1, errno, "can not read list file %s", list_filename);
2220 list_option->active = 1;
2221 list_option->value = list;
2223 /* Fix up the read-only flag. */
2224 config_option = find_option
2225 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2226 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2227 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2229 if (list_file && fclose (list_file))
2230 gc_error (1, errno, "error closing %s", list_filename);
2235 /* Retrieve the currently active options and their defaults from all
2236 involved backends for this component. Using -1 for component will
2237 retrieve all options from all components. */
2239 gc_component_retrieve_options (int component)
2241 int process_all = 0;
2242 int backend_seen[GC_BACKEND_NR];
2243 gc_backend_t backend;
2244 gc_option_t *option;
2246 if (component == GC_COMPONENT_PINENTRY)
2247 return; /* Dummy module for now. */
2249 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2250 backend_seen[backend] = 0;
2252 if (component == -1)
2256 assert (component < GC_COMPONENT_NR);
2261 option = gc_component[component].options;
2263 while (option && option->name)
2265 if (!(option->flags & GC_OPT_FLAG_GROUP))
2267 backend = option->backend;
2269 if (backend_seen[backend])
2274 backend_seen[backend] = 1;
2276 assert (backend != GC_BACKEND_ANY);
2278 if (gc_backend[backend].program)
2279 retrieve_options_from_program (component, backend);
2281 retrieve_options_from_file (component, backend);
2286 while (process_all && ++component < GC_COMPONENT_NR);
2292 /* Perform a simple validity check based on the type. Return in
2293 NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2294 type GC_ARG_TYPE_NONE. */
2296 option_check_validity (gc_option_t *option, unsigned long flags,
2297 char *new_value, unsigned long *new_value_nr)
2301 if (!option->active)
2302 gc_error (1, 0, "option %s not supported by backend %s",
2303 option->name, gc_backend[option->backend].name);
2305 if (option->new_flags || option->new_value)
2306 gc_error (1, 0, "option %s already changed", option->name);
2308 if (flags & GC_OPT_FLAG_DEFAULT)
2311 gc_error (1, 0, "argument %s provided for deleted option %s",
2312 new_value, option->name);
2317 /* GC_ARG_TYPE_NONE options have special list treatment. */
2318 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2322 gpg_err_set_errno (0);
2323 *new_value_nr = strtoul (new_value, &tail, 0);
2326 gc_error (1, errno, "invalid argument for option %s",
2329 gc_error (1, 0, "garbage after argument for option %s",
2332 if (!(option->flags & GC_OPT_FLAG_LIST))
2334 if (*new_value_nr != 1)
2335 gc_error (1, 0, "argument for non-list option %s of type 0 "
2336 "(none) must be 1", option->name);
2340 if (*new_value_nr == 0)
2341 gc_error (1, 0, "argument for option %s of type 0 (none) "
2342 "must be positive", option->name);
2351 if (*arg == '\0' || *arg == ',')
2353 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2354 gc_error (1, 0, "argument required for option %s", option->name);
2356 if (*arg == ',' && !(option->flags & GC_OPT_FLAG_LIST))
2357 gc_error (1, 0, "list found for non-list option %s", option->name);
2359 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2362 gc_error (1, 0, "string argument for option %s must begin "
2363 "with a quote (\") character", option->name);
2365 /* FIXME: We do not allow empty string arguments for now, as
2366 we do not quote arguments in configuration files, and
2367 thus no argument is indistinguishable from the empty
2369 if (arg[1] == '\0' || arg[1] == ',')
2370 gc_error (1, 0, "empty string argument for option %s is "
2371 "currently not allowed. Please report this!",
2374 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2378 gpg_err_set_errno (0);
2379 res = strtol (arg, &arg, 0);
2383 gc_error (1, errno, "invalid argument for option %s",
2386 if (*arg != '\0' && *arg != ',')
2387 gc_error (1, 0, "garbage after argument for option %s",
2390 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2394 gpg_err_set_errno (0);
2395 res = strtoul (arg, &arg, 0);
2399 gc_error (1, errno, "invalid argument for option %s",
2402 if (*arg != '\0' && *arg != ',')
2403 gc_error (1, 0, "garbage after argument for option %s",
2406 arg = strchr (arg, ',');
2410 while (arg && *arg);
2413 #ifdef HAVE_W32_SYSTEM
2415 copy_file (const char *src_name, const char *dst_name)
2417 #define BUF_LEN 4096
2418 char buffer[BUF_LEN];
2423 src = fopen (src_name, "r");
2427 dst = fopen (dst_name, "w");
2430 int saved_err = errno;
2432 gpg_err_set_errno (saved_err);
2440 len = fread (buffer, 1, BUF_LEN, src);
2443 written = fwrite (buffer, 1, len, dst);
2447 while (!feof (src) && !ferror (src) && !ferror (dst));
2449 if (ferror (src) || ferror (dst) || !feof (src))
2451 int saved_errno = errno;
2455 gpg_err_set_errno (saved_errno);
2460 gc_error (1, errno, "error closing %s", dst_name);
2462 gc_error (1, errno, "error closing %s", src_name);
2466 #endif /* HAVE_W32_SYSTEM */
2469 /* Create and verify the new configuration file for the specified
2470 backend and component. Returns 0 on success and -1 on error. */
2472 change_options_file (gc_component_t component, gc_backend_t backend,
2473 char **src_filenamep, char **dest_filenamep,
2474 char **orig_filenamep)
2476 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2477 /* True if we are within the marker in the config file. */
2479 gc_option_t *option;
2485 FILE *src_file = NULL;
2486 FILE *dest_file = NULL;
2488 char *dest_filename;
2489 char *orig_filename;
2491 char *cur_arg = NULL;
2493 option = find_option (component,
2494 gc_backend[backend].option_name, GC_BACKEND_ANY);
2496 assert (option->active);
2497 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2499 /* FIXME. Throughout the function, do better error reporting. */
2500 /* Note that get_config_filename() calls percent_deescape(), so we
2501 call this before processing the arguments. */
2502 dest_filename = xstrdup (get_config_filename (component, backend));
2503 src_filename = xasprintf ("%s.%s.%i.new",
2504 dest_filename, GPGCONF_NAME, (int)getpid ());
2505 orig_filename = xasprintf ("%s.%s.%i.bak",
2506 dest_filename, GPGCONF_NAME, (int)getpid ());
2508 arg = option->new_value;
2509 if (arg && arg[0] == '\0')
2516 end = strchr (arg, ',');
2520 cur_arg = percent_deescape (arg);
2530 #ifdef HAVE_W32_SYSTEM
2531 res = copy_file (dest_filename, orig_filename);
2533 res = link (dest_filename, orig_filename);
2535 if (res < 0 && errno != ENOENT)
2537 xfree (dest_filename);
2542 xfree (orig_filename);
2543 orig_filename = NULL;
2546 /* We now initialize the return strings, so the caller can do the
2548 *src_filenamep = src_filename;
2549 *dest_filenamep = dest_filename;
2550 *orig_filenamep = orig_filename;
2552 /* Use open() so that we can use O_EXCL. */
2553 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2556 src_file = fdopen (fd, "w");
2560 gpg_err_set_errno (res);
2564 /* Only if ORIG_FILENAME is not NULL did the configuration file
2565 exist already. In this case, we will copy its content into the
2566 new configuration file, changing it to our liking in the
2570 dest_file = fopen (dest_filename, "r");
2572 goto change_file_one_err;
2574 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2579 if (!strncmp (marker, line, sizeof (marker) - 1))
2588 while (*start == ' ' || *start == '\t')
2590 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2599 /* Search for the end of the line. */
2600 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2603 if (*endp && *endp != ' ' && *endp != '\t'
2604 && *endp != '\r' && *endp != '\n' && *endp != '#')
2610 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2611 || !cur_arg || strcmp (start, cur_arg))
2615 /* Find next argument. */
2621 arg_end = strchr (arg, ',');
2625 cur_arg = percent_deescape (arg);
2646 "# %s disabled this option here at %s\n",
2647 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2648 if (ferror (src_file))
2649 goto change_file_one_err;
2650 fprintf (src_file, "# %s", line);
2651 if (ferror (src_file))
2652 goto change_file_one_err;
2657 fprintf (src_file, "%s", line);
2658 if (ferror (src_file))
2659 goto change_file_one_err;
2662 if (length < 0 || ferror (dest_file))
2663 goto change_file_one_err;
2668 /* There was no marker. This is the first time we edit the
2669 file. We add our own marker at the end of the file and
2670 proceed. Note that we first write a newline, this guards us
2671 against files which lack the newline at the end of the last
2672 line, while it doesn't hurt us in all other cases. */
2673 fprintf (src_file, "\n%s\n", marker);
2674 if (ferror (src_file))
2675 goto change_file_one_err;
2678 /* At this point, we have copied everything up to the end marker
2679 into the new file, except for the arguments we are going to add.
2680 Now, dump the new arguments and write the end marker, possibly
2681 followed by the rest of the original file. */
2684 fprintf (src_file, "%s\n", cur_arg);
2686 /* Find next argument. */
2692 end = strchr (arg, ',');
2696 cur_arg = percent_deescape (arg);
2709 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2710 if (ferror (src_file))
2711 goto change_file_one_err;
2715 fprintf (src_file, "# %s edited this configuration file.\n",
2717 if (ferror (src_file))
2718 goto change_file_one_err;
2719 fprintf (src_file, "# It will disable options before this marked "
2720 "block, but it will\n");
2721 if (ferror (src_file))
2722 goto change_file_one_err;
2723 fprintf (src_file, "# never change anything below these lines.\n");
2724 if (ferror (src_file))
2725 goto change_file_one_err;
2729 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2731 fprintf (src_file, "%s", line);
2732 if (ferror (src_file))
2733 goto change_file_one_err;
2735 if (length < 0 || ferror (dest_file))
2736 goto change_file_one_err;
2741 res = fclose (src_file);
2748 gpg_err_set_errno (res);
2754 res = fclose (dest_file);
2760 change_file_one_err:
2770 gpg_err_set_errno (res);
2775 /* Create and verify the new configuration file for the specified
2776 backend and component. Returns 0 on success and -1 on error. */
2778 change_options_program (gc_component_t component, gc_backend_t backend,
2779 char **src_filenamep, char **dest_filenamep,
2780 char **orig_filenamep)
2782 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2783 /* True if we are within the marker in the config file. */
2785 gc_option_t *option;
2791 FILE *src_file = NULL;
2792 FILE *dest_file = NULL;
2794 char *dest_filename;
2795 char *orig_filename;
2796 /* Special hack for gpg, see below. */
2797 int utf8strings_seen = 0;
2799 /* FIXME. Throughout the function, do better error reporting. */
2800 dest_filename = xstrdup (get_config_filename (component, backend));
2801 src_filename = xasprintf ("%s.%s.%i.new",
2802 dest_filename, GPGCONF_NAME, (int)getpid ());
2803 orig_filename = xasprintf ("%s.%s.%i.bak",
2804 dest_filename, GPGCONF_NAME, (int)getpid ());
2806 #ifdef HAVE_W32_SYSTEM
2807 res = copy_file (dest_filename, orig_filename);
2809 res = link (dest_filename, orig_filename);
2811 if (res < 0 && errno != ENOENT)
2815 xfree (orig_filename);
2816 orig_filename = NULL;
2819 /* We now initialize the return strings, so the caller can do the
2821 *src_filenamep = src_filename;
2822 *dest_filenamep = dest_filename;
2823 *orig_filenamep = orig_filename;
2825 /* Use open() so that we can use O_EXCL. */
2826 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2829 src_file = fdopen (fd, "w");
2833 gpg_err_set_errno (res);
2837 /* Only if ORIG_FILENAME is not NULL did the configuration file
2838 exist already. In this case, we will copy its content into the
2839 new configuration file, changing it to our liking in the
2843 dest_file = fopen (dest_filename, "r");
2845 goto change_one_err;
2847 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2852 if (!strncmp (marker, line, sizeof (marker) - 1))
2859 else if (backend == GC_BACKEND_GPG && in_marker
2860 && ! strcmp ("utf8-strings\n", line))
2862 /* Strip duplicated entries. */
2863 if (utf8strings_seen)
2866 utf8strings_seen = 1;
2870 while (*start == ' ' || *start == '\t')
2872 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2878 while (*end && *end != ' ' && *end != '\t'
2879 && *end != '\r' && *end != '\n' && *end != '#')
2884 option = find_option (component, start, backend);
2886 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2887 || option->new_value))
2895 "# %s disabled this option here at %s\n",
2896 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2897 if (ferror (src_file))
2898 goto change_one_err;
2899 fprintf (src_file, "# %s", line);
2900 if (ferror (src_file))
2901 goto change_one_err;
2906 fprintf (src_file, "%s", line);
2907 if (ferror (src_file))
2908 goto change_one_err;
2911 if (length < 0 || ferror (dest_file))
2912 goto change_one_err;
2917 /* There was no marker. This is the first time we edit the
2918 file. We add our own marker at the end of the file and
2919 proceed. Note that we first write a newline, this guards us
2920 against files which lack the newline at the end of the last
2921 line, while it doesn't hurt us in all other cases. */
2922 fprintf (src_file, "\n%s\n", marker);
2923 if (ferror (src_file))
2924 goto change_one_err;
2926 /* At this point, we have copied everything up to the end marker
2927 into the new file, except for the options we are going to change.
2928 Now, dump the changed options (except for those we are going to
2929 revert to their default), and write the end marker, possibly
2930 followed by the rest of the original file. */
2932 /* We have to turn on UTF8 strings for GnuPG. */
2933 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
2934 fprintf (src_file, "utf8-strings\n");
2936 option = gc_component[component].options;
2937 while (option->name)
2939 if (!(option->flags & GC_OPT_FLAG_GROUP)
2940 && option->backend == backend
2941 && option->new_value)
2943 char *arg = option->new_value;
2947 if (*arg == '\0' || *arg == ',')
2949 fprintf (src_file, "%s\n", option->name);
2950 if (ferror (src_file))
2951 goto change_one_err;
2953 else if (gc_arg_type[option->arg_type].fallback
2954 == GC_ARG_TYPE_NONE)
2956 assert (*arg == '1');
2957 fprintf (src_file, "%s\n", option->name);
2958 if (ferror (src_file))
2959 goto change_one_err;
2963 else if (gc_arg_type[option->arg_type].fallback
2964 == GC_ARG_TYPE_STRING)
2968 assert (*arg == '"');
2971 end = strchr (arg, ',');
2975 fprintf (src_file, "%s %s\n", option->name,
2976 percent_deescape (arg));
2977 if (ferror (src_file))
2978 goto change_one_err;
2988 end = strchr (arg, ',');
2992 fprintf (src_file, "%s %s\n", option->name, arg);
2993 if (ferror (src_file))
2994 goto change_one_err;
3001 assert (arg == NULL || *arg == '\0' || *arg == ',');
3002 if (arg && *arg == ',')
3005 while (arg && *arg);
3010 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
3011 if (ferror (src_file))
3012 goto change_one_err;
3016 fprintf (src_file, "# %s edited this configuration file.\n",
3018 if (ferror (src_file))
3019 goto change_one_err;
3020 fprintf (src_file, "# It will disable options before this marked "
3021 "block, but it will\n");
3022 if (ferror (src_file))
3023 goto change_one_err;
3024 fprintf (src_file, "# never change anything below these lines.\n");
3025 if (ferror (src_file))
3026 goto change_one_err;
3030 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
3032 fprintf (src_file, "%s", line);
3033 if (ferror (src_file))
3034 goto change_one_err;
3036 if (length < 0 || ferror (dest_file))
3037 goto change_one_err;
3042 res = fclose (src_file);
3049 gpg_err_set_errno (res);
3055 res = fclose (dest_file);
3071 gpg_err_set_errno (res);
3076 /* Common code for gc_component_change_options and
3077 gc_process_gpgconf_conf. */
3079 change_one_value (gc_option_t *option, int *runtime,
3080 unsigned long flags, char *new_value)
3082 unsigned long new_value_nr = 0;
3084 option_check_validity (option, flags, new_value, &new_value_nr);
3086 if (option->flags & GC_OPT_FLAG_RUNTIME)
3087 runtime[option->backend] = 1;
3089 option->new_flags = flags;
3090 if (!(flags & GC_OPT_FLAG_DEFAULT))
3092 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
3093 && (option->flags & GC_OPT_FLAG_LIST))
3097 /* We convert the number to a list of 1's for convenient
3099 assert (new_value_nr > 0);
3100 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
3101 str = option->new_value;
3103 while (--new_value_nr > 0)
3111 option->new_value = xstrdup (new_value);
3116 /* Read the modifications from IN and apply them. If IN is NULL the
3117 modifications are expected to already have been set to the global
3120 gc_component_change_options (int component, estream_t in, estream_t out)
3123 int runtime[GC_BACKEND_NR];
3124 char *src_filename[GC_BACKEND_NR];
3125 char *dest_filename[GC_BACKEND_NR];
3126 char *orig_filename[GC_BACKEND_NR];
3127 gc_backend_t backend;
3128 gc_option_t *option;
3130 size_t line_len = 0;
3133 if (component == GC_COMPONENT_PINENTRY)
3134 return; /* Dummy component for now. */
3136 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3138 runtime[backend] = 0;
3139 src_filename[backend] = NULL;
3140 dest_filename[backend] = NULL;
3141 orig_filename[backend] = NULL;
3146 /* Read options from the file IN. */
3147 while ((length = es_read_line (in, &line, &line_len, NULL)) > 0)
3150 unsigned long flags = 0;
3151 char *new_value = "";
3153 /* Strip newline and carriage return, if present. */
3155 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3156 line[--length] = '\0';
3158 linep = strchr (line, ':');
3162 /* Extract additional flags. Default to none. */
3168 end = strchr (linep, ':');
3172 gpg_err_set_errno (0);
3173 flags = strtoul (linep, &tail, 0);
3175 gc_error (1, errno, "malformed flags in option %s", line);
3176 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3177 gc_error (1, 0, "garbage after flags in option %s", line);
3182 /* Don't allow setting of the no change flag. */
3183 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3185 /* Extract default value, if present. Default to empty if not. */
3189 end = strchr (linep, ':');
3196 option = find_option (component, line, GC_BACKEND_ANY);
3198 gc_error (1, 0, "unknown option %s", line);
3200 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3202 gc_error (0, 0, "ignoring new value for option %s",
3207 change_one_value (option, runtime, flags, new_value);
3211 /* Now that we have collected and locally verified the changes,
3212 write them out to new configuration files, verify them
3213 externally, and then commit them. */
3214 option = gc_component[component].options;
3215 while (option && option->name)
3217 /* Go on if we have already seen this backend, or if there is
3219 if (src_filename[option->backend]
3220 || !(option->new_flags || option->new_value))
3226 if (gc_backend[option->backend].program)
3228 err = change_options_program (component, option->backend,
3229 &src_filename[option->backend],
3230 &dest_filename[option->backend],
3231 &orig_filename[option->backend]);
3234 /* External verification. */
3235 err = gc_component_check_options (component, out,
3236 src_filename[option->backend]);
3240 _("External verification of component %s failed"),
3241 gc_component[component].name);
3242 gpg_err_set_errno (EINVAL);
3248 err = change_options_file (component, option->backend,
3249 &src_filename[option->backend],
3250 &dest_filename[option->backend],
3251 &orig_filename[option->backend]);
3259 if (! err && ! opt.dry_run)
3263 for (i = 0; i < GC_BACKEND_NR; i++)
3265 if (src_filename[i])
3267 /* FIXME: Make a verification here. */
3269 assert (dest_filename[i]);
3271 if (orig_filename[i])
3273 #ifdef HAVE_W32_SYSTEM
3274 /* There is no atomic update on W32. */
3275 err = unlink (dest_filename[i]);
3276 #endif /* HAVE_W32_SYSTEM */
3278 err = rename (src_filename[i], dest_filename[i]);
3282 #ifdef HAVE_W32_SYSTEM
3283 /* We skip the unlink if we expect the file not to
3285 err = rename (src_filename[i], dest_filename[i]);
3286 #else /* HAVE_W32_SYSTEM */
3287 /* This is a bit safer than rename() because we
3288 expect DEST_FILENAME not to be there. If it
3289 happens to be there, this will fail. */
3290 err = link (src_filename[i], dest_filename[i]);
3292 err = unlink (src_filename[i]);
3293 #endif /* !HAVE_W32_SYSTEM */
3297 src_filename[i] = NULL;
3302 if (err || opt.dry_run)
3305 int saved_errno = errno;
3307 /* An error occurred or a dry-run is requested. */
3308 for (i = 0; i < GC_BACKEND_NR; i++)
3310 if (src_filename[i])
3312 /* The change was not yet committed. */
3313 unlink (src_filename[i]);
3314 if (orig_filename[i])
3315 unlink (orig_filename[i]);
3319 /* The changes were already committed. FIXME: This is a
3320 tad dangerous, as we don't know if we don't overwrite
3321 a version of the file that is even newer than the one
3322 we just installed. */
3323 if (orig_filename[i])
3325 #ifdef HAVE_W32_SYSTEM
3326 /* There is no atomic update on W32. */
3327 unlink (dest_filename[i]);
3328 #endif /* HAVE_W32_SYSTEM */
3329 rename (orig_filename[i], dest_filename[i]);
3332 unlink (dest_filename[i]);
3336 gc_error (1, saved_errno, "could not commit changes");
3338 /* Fall-through for dry run. */
3342 /* If it all worked, notify the daemons of the changes. */
3344 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3346 if (runtime[backend] && gc_backend[backend].runtime_change)
3347 (*gc_backend[backend].runtime_change) (0);
3350 /* Move the per-process backup file into its place. */
3351 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3352 if (orig_filename[backend])
3354 char *backup_filename;
3356 assert (dest_filename[backend]);
3358 backup_filename = xasprintf ("%s.%s.bak",
3359 dest_filename[backend], GPGCONF_NAME);
3361 #ifdef HAVE_W32_SYSTEM
3362 /* There is no atomic update on W32. */
3363 unlink (backup_filename);
3364 #endif /* HAVE_W32_SYSTEM */
3365 rename (orig_filename[backend], backup_filename);
3373 /* Check whether USER matches the current user of one of its group.
3374 This function may change USER. Returns true is there is a
3377 key_matches_user_or_group (char *user)
3381 if (*user == '*' && user[1] == 0)
3382 return 1; /* A single asterisk matches all users. */
3384 group = strchr (user, ':');
3388 #ifdef HAVE_W32_SYSTEM
3389 /* Under Windows we don't support groups. */
3390 if (group && *group)
3391 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3392 #ifndef HAVE_W32CE_SYSTEM
3395 static char *my_name;
3402 GetUserNameA (tmp, &size);
3403 my_name = xmalloc (size);
3404 if (!GetUserNameA (my_name, &size))
3405 gc_error (1,0, "error getting current user name: %s",
3409 if (!strcmp (user, my_name))
3410 return 1; /* Found. */
3412 #endif /*HAVE_W32CE_SYSTEM*/
3413 #else /*!HAVE_W32_SYSTEM*/
3414 /* First check whether the user matches. */
3417 static char *my_name;
3421 struct passwd *pw = getpwuid ( getuid () );
3423 gc_error (1, errno, "getpwuid failed for current user");
3424 my_name = xstrdup (pw->pw_name);
3426 if (!strcmp (user, my_name))
3427 return 1; /* Found. */
3430 /* If that failed, check whether a group matches. */
3431 if (group && *group)
3433 static char *my_group;
3434 static char **my_supgroups;
3439 struct group *gr = getgrgid ( getgid () );
3441 gc_error (1, errno, "getgrgid failed for current user");
3442 my_group = xstrdup (gr->gr_name);
3444 if (!strcmp (group, my_group))
3445 return 1; /* Found. */
3452 ngids = getgroups (0, NULL);
3453 gids = xcalloc (ngids+1, sizeof *gids);
3454 ngids = getgroups (ngids, gids);
3456 gc_error (1, errno, "getgroups failed for current user");
3457 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3458 for (n=0; n < ngids; n++)
3460 struct group *gr = getgrgid ( gids[n] );
3462 gc_error (1, errno, "getgrgid failed for supplementary group");
3463 my_supgroups[n] = xstrdup (gr->gr_name);
3468 for (n=0; my_supgroups[n]; n++)
3469 if (!strcmp (group, my_supgroups[n]))
3470 return 1; /* Found. */
3472 #endif /*!HAVE_W32_SYSTEM*/
3473 return 0; /* No match. */
3478 /* Read and process the global configuration file for gpgconf. This
3479 optional file is used to update our internal tables at runtime and
3480 may also be used to set new default values. If FNAME is NULL the
3481 default name will be used. With UPDATE set to true the internal
3482 tables are actually updated; if not set, only a syntax check is
3483 done. If DEFAULTS is true the global options are written to the
3484 configuration files. If LISTFP is set, no changes are done but the
3485 configuration file is printed to LISTFP in a colon separated format.
3487 Returns 0 on success or if the config file is not present; -1 is
3488 returned on error. */
3490 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3495 size_t line_len = 0;
3501 int runtime[GC_BACKEND_NR];
3502 int backend_id, component_id;
3506 fname = xstrdup (fname_arg);
3508 fname = make_filename (gnupg_sysconfdir (), GPGCONF_NAME EXTSEP_S "conf",
3511 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3512 runtime[backend_id] = 0;
3514 config = fopen (fname, "r");
3517 /* Do not print an error if the file is not available, except
3518 when running in syntax check mode. */
3519 if (errno != ENOENT || !update)
3521 gc_error (0, errno, "can not open global config file '%s'", fname);
3528 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
3530 char *key, *component, *option, *flags, *value;
3532 gc_option_t *option_info = NULL;
3534 int is_continuation;
3538 while (*key == ' ' || *key == '\t')
3540 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3543 is_continuation = (key != line);
3545 /* Parse the key field. */
3546 if (!is_continuation && got_match)
3547 break; /* Finish after the first match. */
3548 else if (!is_continuation)
3551 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3555 gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
3564 gc_error (0, 0, "continuation but no rule at '%s', line %d",
3577 /* Parse the component. */
3578 while (*component == ' ' || *component == '\t')
3580 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3584 gc_error (0, 0, "missing component at '%s', line %d",
3592 component_id = gc_component_find (component);
3593 if (component_id < 0)
3595 gc_error (0, 0, "unknown component at '%s', line %d",
3600 /* Parse the option name. */
3601 while (*option == ' ' || *option == '\t')
3603 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3607 gc_error (0, 0, "missing option at '%s', line %d",
3614 if ( component_id != -1)
3616 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3619 gc_error (0, 0, "unknown option at '%s', line %d",
3626 /* Parse the optional flags. */
3627 while (*flags == ' ' || *flags == '\t')
3632 p = strchr (flags, ']');
3635 gc_error (0, 0, "syntax error in rule at '%s', line %d",
3643 else /* No flags given. */
3649 /* Parse the optional value. */
3650 while (*value == ' ' || *value == '\t')
3652 for (p=value; *p && !strchr ("\r\n", *p); p++)
3655 value = empty; /* No value given; let it point to an empty string. */
3658 /* Strip trailing white space. */
3660 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3664 /* Check flag combinations. */
3667 else if (!strcmp (flags, "default"))
3671 gc_error (0, 0, "flag \"default\" may not be combined "
3672 "with a value at '%s', line %d",
3677 else if (!strcmp (flags, "change"))
3679 else if (!strcmp (flags, "no-change"))
3683 gc_error (0, 0, "unknown flag at '%s', line %d",
3688 /* In list mode we print out all records. */
3689 if (listfp && !result)
3691 /* If this is a new ruleset, print a key record. */
3692 if (!is_continuation)
3694 char *group = strchr (key, ':');
3698 if ((p = strchr (group, ':')))
3699 *p = 0; /* We better strip any extra stuff. */
3702 es_fprintf (listfp, "k:%s:", gc_percent_escape (key));
3703 es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3706 /* All other lines are rule records. */
3707 es_fprintf (listfp, "r:::%s:%s:%s:",
3708 gc_component[component_id].name,
3709 option_info->name? option_info->name : "",
3712 es_fprintf (listfp, "\"%s", gc_percent_escape (value));
3714 es_putc ('\n', listfp);
3717 /* Check whether the key matches but do this only if we are not
3718 running in syntax check mode. */
3720 && !result && !listfp
3721 && (got_match || (key && key_matches_user_or_group (key))) )
3727 /* Apply the flags from gpgconf.conf. */
3730 else if (!strcmp (flags, "default"))
3731 newflags |= GC_OPT_FLAG_DEFAULT;
3732 else if (!strcmp (flags, "no-change"))
3733 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3734 else if (!strcmp (flags, "change"))
3735 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3739 /* Here we explicitly allow to update the value again. */
3742 option_info->new_flags = 0;
3746 xfree (option_info->new_value);
3747 option_info->new_value = NULL;
3749 change_one_value (option_info, runtime, newflags, value);
3754 if (length < 0 || ferror (config))
3756 gc_error (0, errno, "error reading from '%s'", fname);
3759 if (fclose (config))
3760 gc_error (0, errno, "error closing '%s'", fname);
3764 /* If it all worked, process the options. */
3765 if (!result && update && defaults && !listfp)
3767 /* We need to switch off the runtime update, so that we can do
3768 it later all at once. */
3769 int save_opt_runtime = opt.runtime;
3772 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3774 gc_component_change_options (component_id, NULL, NULL);
3776 opt.runtime = save_opt_runtime;
3780 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3781 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3782 (*gc_backend[backend_id].runtime_change) (0);