1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GnuPG; if not, see <https://www.gnu.org/licenses/>.
29 #include <sys/types.h>
38 #ifdef HAVE_W32_SYSTEM
39 # define WIN32_LEAN_AND_MEAN 1
46 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
47 #include "../common/util.h"
48 #include "../common/i18n.h"
49 #include "../common/exechelp.h"
50 #include "../common/sysutils.h"
52 #include "../common/gc-opt-flags.h"
55 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
56 returns a plain filename without escaping. As long as we have not
57 fixed that we need to use gpg2. */
58 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
59 #define GPGNAME "gpg2"
61 #define GPGNAME GPG_NAME
66 Components: Add more components and their options.
67 Robustness: Do more validation. Call programs to do validation for us.
68 Add options to change backend binary path.
69 Extract binary path for some backends from gpgsm/gpg config.
73 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
74 void gc_error (int status, int errnum, const char *fmt, ...) \
75 __attribute__ ((format (printf, 3, 4)));
78 /* Output a diagnostic message. If ERRNUM is not 0, then the output
79 is followed by a colon, a white space, and the error string for the
80 error number ERRNUM. In any case the output is finished by a
81 newline. The message is prepended by the program name, a colon,
82 and a whitespace. The output may be further formatted or
83 redirected by the jnlib logging facility. */
85 gc_error (int status, int errnum, const char *fmt, ...)
89 va_start (arg_ptr, fmt);
90 log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
94 log_printf (": %s\n", strerror (errnum));
101 log_printf ("fatal error (exit status %i)\n", status);
107 /* Forward declaration. */
108 static void gpg_agent_runtime_change (int killflag);
109 static void scdaemon_runtime_change (int killflag);
110 static void dirmngr_runtime_change (int killflag);
112 /* Backend configuration. Backends are used to decide how the default
113 and current value of an option can be determined, and how the
114 option can be changed. To every option in every component belongs
115 exactly one backend that controls and determines the option. Some
116 backends are programs from the GPG system. Others might be
117 implemented by GPGConf itself. If you change this enum, don't
118 forget to update GC_BACKEND below. */
121 /* Any backend, used for find_option (). */
124 /* The Gnu Privacy Guard. */
127 /* The Gnu Privacy Guard for S/MIME. */
131 GC_BACKEND_GPG_AGENT,
133 /* The GnuPG SCDaemon. */
136 /* The GnuPG directory manager. */
139 /* The LDAP server list file for the director manager. */
140 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
142 /* The Pinentry (not a part of GnuPG, proper). */
145 /* The number of the above entries. */
150 /* To be able to implement generic algorithms for the various
151 backends, we collect all information about them in this struct. */
154 /* The name of the backend. */
157 /* The name of the program that acts as the backend. Some backends
158 don't have an associated program, but are implemented directly by
159 GPGConf. In this case, PROGRAM is NULL. */
162 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
163 ../common/util.h. This value is used to get the actual installed
164 path of the program. 0 is used if no backend program is
168 /* The runtime change callback. If KILLFLAG is true the component
169 is killed and not just reloaded. */
170 void (*runtime_change) (int killflag);
172 /* The option name for the configuration filename of this backend.
173 This must be an absolute filename. It can be an option from a
174 different backend (but then ordering of the options might
175 matter). Note: This must be unique among all components. */
176 const char *option_config_filename;
178 /* If this is a file backend rather than a program backend, then
179 this is the name of the option associated with the file. */
180 const char *option_name;
181 } gc_backend[GC_BACKEND_NR] =
183 { NULL }, /* GC_BACKEND_ANY dummy entry. */
184 { GPG_DISP_NAME, GPGNAME, GNUPG_MODULE_NAME_GPG,
185 NULL, GPGCONF_NAME "-" GPG_NAME ".conf" },
186 { GPGSM_DISP_NAME, GPGSM_NAME, GNUPG_MODULE_NAME_GPGSM,
187 NULL, GPGCONF_NAME "-" GPGSM_NAME ".conf" },
188 { GPG_AGENT_DISP_NAME, GPG_AGENT_NAME, GNUPG_MODULE_NAME_AGENT,
189 gpg_agent_runtime_change, GPGCONF_NAME"-" GPG_AGENT_NAME ".conf" },
190 { SCDAEMON_DISP_NAME, SCDAEMON_NAME, GNUPG_MODULE_NAME_SCDAEMON,
191 scdaemon_runtime_change, GPGCONF_NAME"-" SCDAEMON_NAME ".conf" },
192 { DIRMNGR_DISP_NAME, DIRMNGR_NAME, GNUPG_MODULE_NAME_DIRMNGR,
193 dirmngr_runtime_change, GPGCONF_NAME "-" DIRMNGR_NAME ".conf" },
194 { DIRMNGR_DISP_NAME " LDAP Server List", NULL, 0,
195 NULL, "ldapserverlist-file", "LDAP Server" },
196 { "Pinentry", "pinentry", GNUPG_MODULE_NAME_PINENTRY,
197 NULL, GPGCONF_NAME "-pinentry.conf" },
201 /* Option configuration. */
203 /* An option might take an argument, or not. Argument types can be
204 basic or complex. Basic types are generic and easy to validate.
205 Complex types provide more specific information about the intended
206 use, but can be difficult to validate. If you add to this enum,
207 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
208 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
212 /* Basic argument types. */
215 GC_ARG_TYPE_NONE = 0,
217 /* A String argument. */
218 GC_ARG_TYPE_STRING = 1,
220 /* A signed integer argument. */
221 GC_ARG_TYPE_INT32 = 2,
223 /* An unsigned integer argument. */
224 GC_ARG_TYPE_UINT32 = 3,
226 /* ADD NEW BASIC TYPE ENTRIES HERE. */
228 /* Complex argument types. */
230 /* A complete filename. */
231 GC_ARG_TYPE_FILENAME = 32,
233 /* An LDAP server in the format
234 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
235 GC_ARG_TYPE_LDAP_SERVER = 33,
237 /* A 40 character fingerprint. */
238 GC_ARG_TYPE_KEY_FPR = 34,
240 /* A user ID or key ID or fingerprint for a certificate. */
241 GC_ARG_TYPE_PUB_KEY = 35,
243 /* A user ID or key ID or fingerprint for a certificate with a key. */
244 GC_ARG_TYPE_SEC_KEY = 36,
246 /* A alias list made up of a key, an equal sign and a space
247 separated list of values. */
248 GC_ARG_TYPE_ALIAS_LIST = 37,
250 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
252 /* The number of the above entries. */
257 /* For every argument, we record some information about it in the
261 /* For every argument type exists a basic argument type that can be
262 used as a fallback for input and validation purposes. */
263 gc_arg_type_t fallback;
265 /* Human-readable name of the type. */
267 } gc_arg_type[GC_ARG_TYPE_NR] =
269 /* The basic argument types have their own types as fallback. */
270 { GC_ARG_TYPE_NONE, "none" },
271 { GC_ARG_TYPE_STRING, "string" },
272 { GC_ARG_TYPE_INT32, "int32" },
273 { GC_ARG_TYPE_UINT32, "uint32" },
275 /* Reserved basic type entries for future extension. */
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
282 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
284 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
285 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
286 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
287 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
288 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
289 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
291 /* The complex argument types have a basic type as fallback. */
292 { GC_ARG_TYPE_STRING, "filename" },
293 { GC_ARG_TYPE_STRING, "ldap server" },
294 { GC_ARG_TYPE_STRING, "key fpr" },
295 { GC_ARG_TYPE_STRING, "pub key" },
296 { GC_ARG_TYPE_STRING, "sec key" },
297 { GC_ARG_TYPE_STRING, "alias list" },
301 /* Every option has an associated expert level, than can be used to
302 hide advanced and expert options from beginners. If you add to
303 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
304 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
305 EXTERNAL INTERFACE. */
308 /* The basic options should always be displayed. */
311 /* The advanced options may be hidden from beginners. */
314 /* The expert options should only be displayed to experts. */
317 /* The invisible options should normally never be displayed. */
320 /* The internal options are never exported, they mark options that
321 are recorded for internal use only. */
324 /* ADD NEW ENTRIES HERE. */
326 /* The number of the above entries. */
330 /* A description for each expert level. */
344 /* Option flags. The flags which are used by the backends are defined
345 by gc-opt-flags.h, included above.
347 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
348 PART OF THE EXTERNAL INTERFACE. */
350 /* Some entries in the option list are not options, but mark the
351 beginning of a new group of options. These entries have the GROUP
353 #define GC_OPT_FLAG_GROUP (1UL << 0)
354 /* The ARG_OPT flag for an option indicates that the argument is
355 optional. This is never set for GC_ARG_TYPE_NONE options. */
356 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
357 /* The LIST flag for an option indicates that the option can occur
358 several times. A comma separated list of arguments is used as the
360 #define GC_OPT_FLAG_LIST (1UL << 2)
363 /* A human-readable description for each flag. */
380 /* To each option, or group marker, the information in the GC_OPTION
381 struct is provided. If you change this, don't forget to update the
382 option list of each component. */
385 /* If this is NULL, then this is a terminator in an array of unknown
386 length. Otherwise, if this entry is a group marker (see FLAGS),
387 then this is the name of the group described by this entry.
388 Otherwise it is the name of the option described by this
389 entry. The name must not contain a colon. */
392 /* The option flags. If the GROUP flag is set, then this entry is a
393 group marker, not an option, and only the fields LEVEL,
394 DESC_DOMAIN and DESC are valid. In all other cases, this entry
395 describes a new option and all fields are valid. */
398 /* The expert level. This field is valid for options and groups. A
399 group has the expert level of the lowest-level option in the
401 gc_expert_level_t level;
403 /* A gettext domain in which the following description can be found.
404 If this is NULL, then DESC is not translated. Valid for groups
407 Note that we try to keep the description of groups within the
410 IMPORTANT: If you add a new domain please make sure to add a code
411 set switching call to the function my_dgettext further below. */
412 const char *desc_domain;
414 /* A gettext description for this group or option. If it starts
415 with a '|', then the string up to the next '|' describes the
416 argument, and the description follows the second '|'.
418 In general enclosing these description in N_() is not required
419 because the description should be identical to the one in the
420 help menu of the respective program. */
423 /* The following fields are only valid for options. */
425 /* The type of the option argument. */
426 gc_arg_type_t arg_type;
428 /* The backend that implements this option. */
429 gc_backend_t backend;
431 /* The following fields are set to NULL at startup (because all
432 option's are declared as static variables). They are at the end
433 of the list so that they can be omitted from the option
436 /* This is true if the option is supported by this version of the
440 /* The default value for this option. This is NULL if the option is
441 not present in the backend, the empty string if no default is
442 available, and otherwise a quoted string. */
445 /* The default argument is only valid if the "optional arg" flag is
446 set, and specifies the default argument (value) that is used if
447 the argument is omitted. */
450 /* The current value of this option. */
453 /* The new flags for this option. The only defined flag is actually
454 GC_OPT_FLAG_DEFAULT, and it means that the option should be
455 deleted. In this case, NEW_VALUE is NULL. */
456 unsigned long new_flags;
458 /* The new value of this option. */
461 typedef struct gc_option gc_option_t;
463 /* Use this macro to terminate an option list. */
464 #define GC_OPTION_NULL { NULL }
467 #ifndef BUILD_WITH_AGENT
468 #define gc_options_gpg_agent NULL
470 /* The options of the GC_COMPONENT_GPG_AGENT component. */
471 static gc_option_t gc_options_gpg_agent[] =
473 /* The configuration file to which we write the changes. */
474 { GPGCONF_NAME"-" GPG_AGENT_NAME ".conf",
475 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
476 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
479 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
480 "gnupg", N_("Options controlling the diagnostic output") },
481 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
483 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
484 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
485 "gnupg", "be somewhat more quiet",
486 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
487 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
489 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
492 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
493 "gnupg", N_("Options controlling the configuration") },
494 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
495 "gnupg", "|FILE|read options from FILE",
496 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
497 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
498 "gnupg", "do not use the SCdaemon",
499 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
500 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
501 "gnupg", "enable ssh support",
502 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
503 { "ssh-fingerprint-digest",
504 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
505 "gnupg", "|ALGO|use ALGO to show ssh fingerprints",
506 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
507 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
508 "gnupg", "enable putty support",
509 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
510 { "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE,
512 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
515 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
516 "gnupg", N_("Options useful for debugging") },
517 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
518 "gnupg", "|LEVEL|set the debugging level to LEVEL",
519 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
520 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
521 "gnupg", N_("|FILE|write server mode logs to FILE"),
522 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
523 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
525 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
528 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
529 "gnupg", N_("Options controlling the security") },
530 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
531 GC_LEVEL_BASIC, "gnupg",
532 "|N|expire cached PINs after N seconds",
533 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
534 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
535 GC_LEVEL_ADVANCED, "gnupg",
536 N_("|N|expire SSH keys after N seconds"),
537 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
538 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
539 GC_LEVEL_EXPERT, "gnupg",
540 N_("|N|set maximum PIN cache lifetime to N seconds"),
541 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
542 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
543 GC_LEVEL_EXPERT, "gnupg",
544 N_("|N|set maximum SSH key lifetime to N seconds"),
545 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
546 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
547 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
548 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
549 { "allow-emacs-pinentry", GC_OPT_FLAG_RUNTIME,
551 "gnupg", "allow passphrase to be prompted through Emacs",
552 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
553 { "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
555 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
556 { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
557 GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
558 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
559 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
560 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
561 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
562 { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
563 GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
564 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
566 { "Passphrase policy",
567 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
568 "gnupg", N_("Options enforcing a passphrase policy") },
569 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
570 GC_LEVEL_EXPERT, "gnupg",
571 N_("do not allow bypassing the passphrase policy"),
572 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
573 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
574 GC_LEVEL_ADVANCED, "gnupg",
575 N_("|N|set minimal required length for new passphrases to N"),
576 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
577 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
578 GC_LEVEL_EXPERT, "gnupg",
579 N_("|N|require at least N non-alpha characters for a new passphrase"),
580 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
581 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
583 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
584 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
585 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
586 GC_LEVEL_EXPERT, "gnupg",
587 N_("|N|expire the passphrase after N days"),
588 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
589 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
590 GC_LEVEL_EXPERT, "gnupg",
591 N_("do not allow the reuse of old passphrases"),
592 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
593 { "pinentry-timeout", GC_OPT_FLAG_RUNTIME,
594 GC_LEVEL_ADVANCED, "gnupg",
595 N_("|N|set the Pinentry timeout to N seconds"),
596 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
600 #endif /*BUILD_WITH_AGENT*/
603 #ifndef BUILD_WITH_SCDAEMON
604 #define gc_options_scdaemon NULL
606 /* The options of the GC_COMPONENT_SCDAEMON component. */
607 static gc_option_t gc_options_scdaemon[] =
609 /* The configuration file to which we write the changes. */
610 { GPGCONF_NAME"-"SCDAEMON_NAME".conf",
611 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
612 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
615 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
616 "gnupg", N_("Options controlling the diagnostic output") },
617 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
619 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
620 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
621 "gnupg", "be somewhat more quiet",
622 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
623 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
625 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
628 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
629 "gnupg", N_("Options controlling the configuration") },
630 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
631 "gnupg", "|FILE|read options from FILE",
632 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
633 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
634 "gnupg", "|N|connect to reader at port N",
635 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
636 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
637 "gnupg", "|NAME|use NAME as ct-API driver",
638 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
639 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
640 "gnupg", "|NAME|use NAME as PC/SC driver",
641 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
642 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
643 "gnupg", "do not use the internal CCID driver",
644 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
645 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
646 "gnupg", "do not use a reader's pinpad",
647 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
648 { "enable-pinpad-varlen",
649 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
650 "gnupg", "use variable length input for pinpad",
651 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
652 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
653 "gnupg", "|N|disconnect the card after N seconds of inactivity",
654 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
657 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
658 "gnupg", N_("Options useful for debugging") },
659 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
660 "gnupg", "|LEVEL|set the debugging level to LEVEL",
661 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
662 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
663 "gnupg", N_("|FILE|write a log to FILE"),
664 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
667 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
668 "gnupg", N_("Options controlling the security") },
669 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
670 "gnupg", "deny the use of admin card commands",
671 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
676 #endif /*BUILD_WITH_SCDAEMON*/
678 #ifndef BUILD_WITH_GPG
679 #define gc_options_gpg NULL
681 /* The options of the GC_COMPONENT_GPG component. */
682 static gc_option_t gc_options_gpg[] =
684 /* The configuration file to which we write the changes. */
685 { GPGCONF_NAME"-"GPG_NAME".conf",
686 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
687 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
690 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
691 "gnupg", N_("Options controlling the diagnostic output") },
692 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
694 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
695 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
696 "gnupg", "be somewhat more quiet",
697 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
698 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
700 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
703 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
704 "gnupg", N_("Options controlling the configuration") },
705 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
706 "gnupg", N_("|NAME|use NAME as default secret key"),
707 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
708 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
709 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
710 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
711 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
712 "gnupg", N_("|SPEC|set up email aliases"),
713 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
714 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
716 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
717 { "compliance", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
719 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
720 { "default-new-key-algo", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
722 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
723 { "default_pubkey_algo",
724 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
726 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
728 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
730 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
734 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
735 "gnupg", N_("Options useful for debugging") },
736 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
737 "gnupg", "|LEVEL|set the debugging level to LEVEL",
738 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
739 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
740 "gnupg", N_("|FILE|write server mode logs to FILE"),
741 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
742 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
744 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
747 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
748 "gnupg", N_("Configuration for Keyservers") },
749 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
750 "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
751 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
752 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
753 "gnupg", N_("allow PKA lookups (DNS requests)"),
754 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
755 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
756 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
757 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
758 { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
759 NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
760 { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
761 NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
762 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
763 "gnupg", N_("disable all access to the dirmngr"),
764 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
766 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
768 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
769 { "completes-needed",
770 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
772 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
773 { "marginals-needed",
774 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
776 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
781 #endif /*BUILD_WITH_GPG*/
784 #ifndef BUILD_WITH_GPGSM
785 #define gc_options_gpgsm NULL
787 /* The options of the GC_COMPONENT_GPGSM component. */
788 static gc_option_t gc_options_gpgsm[] =
790 /* The configuration file to which we write the changes. */
791 { GPGCONF_NAME"-"GPGSM_NAME".conf",
792 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
793 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
796 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
797 "gnupg", N_("Options controlling the diagnostic output") },
798 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
800 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
801 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
802 "gnupg", "be somewhat more quiet",
803 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
804 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
806 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
809 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
810 "gnupg", N_("Options controlling the configuration") },
811 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
812 "gnupg", N_("|NAME|use NAME as default secret key"),
813 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
814 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
815 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
816 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
817 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
818 "gnupg", "|FILE|read options from FILE",
819 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
820 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
821 "gnupg", "use system's dirmngr if available",
822 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
823 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
824 "gnupg", N_("disable all access to the dirmngr"),
825 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
826 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
827 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
828 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
829 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
830 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
831 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
832 { "default_pubkey_algo",
833 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
835 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
838 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
839 "gnupg", N_("Options useful for debugging") },
840 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
841 "gnupg", "|LEVEL|set the debugging level to LEVEL",
842 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
843 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
844 "gnupg", N_("|FILE|write server mode logs to FILE"),
845 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
846 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
848 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
851 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
852 "gnupg", N_("Options controlling the security") },
853 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
854 "gnupg", "never consult a CRL",
855 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
856 { "enable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
858 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
859 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
860 "gnupg", N_("do not check CRLs for root certificates"),
861 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
862 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
863 "gnupg", "check validity using OCSP",
864 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
865 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
866 "gnupg", "|N|number of certificates to include",
867 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
868 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
869 "gnupg", "do not check certificate policies",
870 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
871 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
872 "gnupg", "fetch missing issuer certificates",
873 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
874 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
875 "gnupg", "|NAME|use cipher algorithm NAME",
876 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
880 #endif /*BUILD_WITH_GPGSM*/
883 #ifndef BUILD_WITH_DIRMNGR
884 #define gc_options_dirmngr NULL
886 /* The options of the GC_COMPONENT_DIRMNGR component. */
887 static gc_option_t gc_options_dirmngr[] =
889 /* The configuration file to which we write the changes. */
890 { GPGCONF_NAME"-"DIRMNGR_NAME".conf",
891 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
892 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
895 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
896 "gnupg", N_("Options controlling the diagnostic output") },
897 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
898 "dirmngr", "verbose",
899 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
900 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
901 "dirmngr", "be somewhat more quiet",
902 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
903 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
905 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
908 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
909 "gnupg", N_("Options controlling the format of the output") },
910 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
911 "dirmngr", "sh-style command output",
912 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
913 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
914 "dirmngr", "csh-style command output",
915 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
918 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
919 "gnupg", N_("Options controlling the configuration") },
920 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
921 "dirmngr", "|FILE|read options from FILE",
922 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
923 { "resolver-timeout", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
925 GC_ARG_TYPE_INT32, GC_BACKEND_DIRMNGR },
926 { "nameserver", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
928 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
931 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
932 "gnupg", N_("Options useful for debugging") },
933 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
934 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
935 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
936 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
937 "dirmngr", "do not detach from the console",
938 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
939 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
940 "dirmngr", N_("|FILE|write server mode logs to FILE"),
941 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
942 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
944 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
945 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
947 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
950 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
951 "gnupg", N_("Options controlling the interactivity and enforcement") },
952 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
953 "dirmngr", "run without asking a user",
954 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
955 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
956 "dirmngr", "force loading of outdated CRLs",
957 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
958 { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
959 "dirmngr", "allow online software version check",
960 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
963 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
964 "gnupg", N_("Options controlling the use of Tor") },
965 { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
966 "dirmngr", "route all network traffic via TOR",
967 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
970 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
971 "gnupg", N_("Configuration for Keyservers") },
972 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
973 "gnupg", N_("|URL|use keyserver at URL"),
974 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
977 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
978 "gnupg", N_("Configuration for HTTP servers") },
979 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
980 "dirmngr", "inhibit the use of HTTP",
981 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
982 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
983 "dirmngr", "ignore HTTP CRL distribution points",
984 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
985 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
986 "dirmngr", "|URL|redirect all HTTP requests to URL",
987 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
988 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
989 "gnupg", N_("use system's HTTP proxy setting"),
990 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
993 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
994 "gnupg", N_("Configuration of LDAP servers to use") },
995 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
996 "dirmngr", "inhibit the use of LDAP",
997 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
998 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
999 "dirmngr", "ignore LDAP CRL distribution points",
1000 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1001 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1002 "dirmngr", "|HOST|use HOST for LDAP queries",
1003 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1004 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1005 "dirmngr", "do not use fallback hosts with --ldap-proxy",
1006 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1007 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1008 "dirmngr", "add new servers discovered in CRL distribution points"
1009 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1010 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1011 "dirmngr", "|N|set LDAP timeout to N seconds",
1012 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
1013 /* The following entry must not be removed, as it is required for
1014 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
1015 { "ldapserverlist-file",
1016 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1017 "dirmngr", "|FILE|read LDAP server list from FILE",
1018 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
1019 /* This entry must come after at least one entry for
1020 GC_BACKEND_DIRMNGR in this component, so that the entry for
1021 "ldapserverlist-file will be initialized before this one. */
1022 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
1023 "gnupg", N_("LDAP server list"),
1024 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
1025 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1026 "dirmngr", "|N|do not return more than N items in one query",
1027 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
1030 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
1031 "gnupg", N_("Configuration for OCSP") },
1032 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1033 "dirmngr", "allow sending OCSP requests",
1034 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1035 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1036 "dirmngr", "ignore certificate contained OCSP service URLs",
1037 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1038 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1039 "dirmngr", "|URL|use OCSP responder at URL",
1040 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1041 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1042 "dirmngr", "|FPR|OCSP response signed by FPR",
1043 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1048 #endif /*BUILD_WITH_DIRMNGR*/
1051 /* The options of the GC_COMPONENT_PINENTRY component. */
1052 static gc_option_t gc_options_pinentry[] =
1054 /* A dummy option to allow gc_component_list_components to find the
1055 pinentry backend. Needs to be a conf file. */
1056 { GPGCONF_NAME"-pinentry.conf",
1057 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1058 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_PINENTRY },
1065 /* Component system. Each component is a set of options that can be
1066 configured at the same time. If you change this, don't forget to
1067 update GC_COMPONENT below. */
1070 /* The classic GPG for OpenPGP. */
1073 /* The GPG Agent. */
1074 GC_COMPONENT_GPG_AGENT,
1076 /* The Smardcard Daemon. */
1077 GC_COMPONENT_SCDAEMON,
1079 /* GPG for S/MIME. */
1082 /* The LDAP Directory Manager for CRLs. */
1083 GC_COMPONENT_DIRMNGR,
1085 /* The external Pinentry. */
1086 GC_COMPONENT_PINENTRY,
1088 /* The number of components. */
1093 /* The information associated with each component. */
1096 /* The name of this component. Must not contain a colon (':')
1100 /* The gettext domain for the description DESC. If this is NULL,
1101 then the description is not translated. */
1102 const char *desc_domain;
1104 /* The description for this domain. */
1107 /* The list of options for this component, terminated by
1109 gc_option_t *options;
1112 { "gpg", "gnupg", N_("OpenPGP"), gc_options_gpg },
1113 { "gpg-agent","gnupg", N_("Private Keys"), gc_options_gpg_agent },
1114 { "scdaemon", "gnupg", N_("Smartcards"), gc_options_scdaemon },
1115 { "gpgsm", "gnupg", N_("S/MIME"), gc_options_gpgsm },
1116 { "dirmngr", "gnupg", N_("Network"), gc_options_dirmngr },
1117 { "pinentry", "gnupg", N_("Passphrase Entry"), gc_options_pinentry }
1122 /* Structure used to collect error output of the backend programs. */
1123 struct error_line_s;
1124 typedef struct error_line_s *error_line_t;
1127 error_line_t next; /* Link to next item. */
1128 const char *fname; /* Name of the config file (points into BUFFER). */
1129 unsigned int lineno; /* Line number of the config file. */
1130 const char *errtext; /* Text of the error message (points into BUFFER). */
1131 char buffer[1]; /* Helper buffer. */
1137 /* Initialization and finalization. */
1140 gc_option_free (gc_option_t *o)
1142 if (o == NULL || o->name == NULL)
1146 gc_option_free (o + 1);
1150 gc_components_free (void)
1153 for (i = 0; i < DIM (gc_component); i++)
1154 gc_option_free (gc_component[i].options);
1158 gc_components_init (void)
1160 atexit (gc_components_free);
1165 /* Engine specific support. */
1167 gpg_agent_runtime_change (int killflag)
1169 gpg_error_t err = 0;
1170 const char *pgmname;
1171 const char *argv[5];
1172 pid_t pid = (pid_t)(-1);
1173 char *abs_homedir = NULL;
1176 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1177 if (!gnupg_default_homedir_p ())
1179 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1181 err = gpg_error_from_syserror ();
1183 argv[i++] = "--homedir";
1184 argv[i++] = abs_homedir;
1186 argv[i++] = "--no-autostart";
1187 argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT";
1191 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1193 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1195 gc_error (0, 0, "error running '%s %s': %s",
1196 pgmname, argv[1], gpg_strerror (err));
1197 gnupg_release_process (pid);
1198 xfree (abs_homedir);
1203 scdaemon_runtime_change (int killflag)
1205 gpg_error_t err = 0;
1206 const char *pgmname;
1207 const char *argv[9];
1208 pid_t pid = (pid_t)(-1);
1209 char *abs_homedir = NULL;
1212 (void)killflag; /* For scdaemon kill and reload are synonyms. */
1214 /* We use "GETINFO app_running" to see whether the agent is already
1215 running and kill it only in this case. This avoids an explicit
1216 starting of the agent in case it is not yet running. There is
1217 obviously a race condition but that should not harm too much. */
1219 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1220 if (!gnupg_default_homedir_p ())
1222 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1224 err = gpg_error_from_syserror ();
1226 argv[i++] = "--homedir";
1227 argv[i++] = abs_homedir;
1230 argv[i++] = "--no-autostart";
1231 argv[i++] = "GETINFO scd_running";
1232 argv[i++] = "/if ${! $?}";
1233 argv[i++] = "scd killscd";
1238 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1240 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1242 gc_error (0, 0, "error running '%s %s': %s",
1243 pgmname, argv[4], gpg_strerror (err));
1244 gnupg_release_process (pid);
1245 xfree (abs_homedir);
1250 dirmngr_runtime_change (int killflag)
1252 gpg_error_t err = 0;
1253 const char *pgmname;
1254 const char *argv[6];
1255 pid_t pid = (pid_t)(-1);
1256 char *abs_homedir = NULL;
1258 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1259 argv[0] = "--no-autostart";
1260 argv[1] = "--dirmngr";
1261 argv[2] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
1262 if (gnupg_default_homedir_p ())
1266 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1268 err = gpg_error_from_syserror ();
1270 argv[3] = "--homedir";
1271 argv[4] = abs_homedir;
1276 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1278 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1280 gc_error (0, 0, "error running '%s %s': %s",
1281 pgmname, argv[2], gpg_strerror (err));
1282 gnupg_release_process (pid);
1283 xfree (abs_homedir);
1287 /* Launch the gpg-agent or the dirmngr if not already running. */
1289 gc_component_launch (int component)
1292 const char *pgmname;
1293 const char *argv[3];
1299 err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
1301 err = gc_component_launch (GC_COMPONENT_DIRMNGR);
1305 if (!(component == GC_COMPONENT_GPG_AGENT
1306 || component == GC_COMPONENT_DIRMNGR))
1308 es_fputs (_("Component not suitable for launching"), es_stderr);
1309 es_putc ('\n', es_stderr);
1313 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1315 if (component == GC_COMPONENT_DIRMNGR)
1316 argv[i++] = "--dirmngr";
1320 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1322 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1324 gc_error (0, 0, "error running '%s%s%s': %s",
1326 component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
1328 gpg_strerror (err));
1329 gnupg_release_process (pid);
1334 /* Unconditionally restart COMPONENT. */
1336 gc_component_kill (int component)
1338 int runtime[GC_BACKEND_NR];
1339 gc_option_t *option;
1340 gc_backend_t backend;
1342 /* Set a flag for the backends to be reloaded. */
1343 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1344 runtime[backend] = 0;
1348 for (component = 0; component < GC_COMPONENT_NR; component++)
1350 option = gc_component[component].options;
1351 for (; option && option->name; option++)
1352 runtime[option->backend] = 1;
1357 assert (component < GC_COMPONENT_NR);
1358 option = gc_component[component].options;
1359 for (; option && option->name; option++)
1360 runtime[option->backend] = 1;
1363 /* Do the restart for the selected backends. */
1364 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1366 if (runtime[backend] && gc_backend[backend].runtime_change)
1367 (*gc_backend[backend].runtime_change) (1);
1372 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1374 gc_component_reload (int component)
1376 int runtime[GC_BACKEND_NR];
1377 gc_option_t *option;
1378 gc_backend_t backend;
1380 /* Set a flag for the backends to be reloaded. */
1381 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1382 runtime[backend] = 0;
1386 for (component = 0; component < GC_COMPONENT_NR; component++)
1388 option = gc_component[component].options;
1389 for (; option && option->name; option++)
1390 runtime[option->backend] = 1;
1395 assert (component < GC_COMPONENT_NR);
1396 option = gc_component[component].options;
1397 for (; option && option->name; option++)
1398 runtime[option->backend] = 1;
1401 /* Do the reload for all selected backends. */
1402 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1404 if (runtime[backend] && gc_backend[backend].runtime_change)
1405 (*gc_backend[backend].runtime_change) (0);
1411 /* More or less Robust version of dgettext. It has the side effect of
1412 switching the codeset to utf-8 because this is what we want to
1413 output. In theory it is possible to keep the original code set and
1414 switch back for regular disgnostic output (redefine "_(" for that)
1415 but given the natur of this tool, being something invoked from
1416 other pograms, it does not make much sense. */
1418 my_dgettext (const char *domain, const char *msgid)
1420 #ifdef USE_SIMPLE_GETTEXT
1423 static int switched_codeset;
1426 if (!switched_codeset)
1428 switched_codeset = 1;
1429 gettext_use_utf8 (1);
1432 if (!strcmp (domain, "gnupg"))
1433 domain = PACKAGE_GT;
1435 /* FIXME: we have no dgettext, thus we can't switch. */
1437 text = (char*)gettext (msgid);
1438 return text ? text : msgid;
1442 #elif defined(ENABLE_NLS)
1445 static int switched_codeset;
1448 if (!switched_codeset)
1450 switched_codeset = 1;
1451 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1453 bindtextdomain (DIRMNGR_NAME, LOCALEDIR);
1454 bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
1458 /* Note: This is a hack to actually use the gnupg2 domain as
1459 long we are in a transition phase where gnupg 1.x and 1.9 may
1461 if (!strcmp (domain, "gnupg"))
1462 domain = PACKAGE_GT;
1464 text = dgettext (domain, msgid);
1465 return text ? text : msgid;
1476 /* Percent-Escape special characters. The string is valid until the
1477 next invocation of the function. */
1479 gc_percent_escape (const char *src)
1481 static char *esc_str;
1482 static int esc_str_len;
1483 int new_len = 3 * strlen (src) + 1;
1486 if (esc_str_len < new_len)
1488 char *new_esc_str = realloc (esc_str, new_len);
1490 gc_error (1, errno, "can not escape string");
1491 esc_str = new_esc_str;
1492 esc_str_len = new_len;
1504 else if (*src == ':')
1506 /* The colon is used as field separator. */
1511 else if (*src == ',')
1513 /* The comma is used as list separator. */
1518 else if (*src == '\n')
1520 /* The newline is problematic in a line-based format. */
1535 /* Percent-Deescape special characters. The string is valid until the
1536 next invocation of the function. */
1538 percent_deescape (const char *src)
1542 int new_len = 3 * strlen (src) + 1;
1545 if (str_len < new_len)
1547 char *new_str = realloc (str, new_len);
1549 gc_error (1, errno, "can not deescape string");
1559 int val = hextobyte (src + 1);
1562 gc_error (1, 0, "malformed end of string %s", src);
1564 *(dst++) = (char) val;
1568 *(dst++) = *(src++);
1575 /* List all components that are available. */
1577 gc_component_list_components (estream_t out)
1579 gc_component_t component;
1580 gc_option_t *option;
1581 gc_backend_t backend;
1582 int backend_seen[GC_BACKEND_NR];
1584 const char *pgmname;
1586 for (component = 0; component < GC_COMPONENT_NR; component++)
1588 option = gc_component[component].options;
1591 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1592 backend_seen[backend] = 0;
1595 for (; option && option->name; option++)
1597 if ((option->flags & GC_OPT_FLAG_GROUP))
1599 backend = option->backend;
1600 if (backend_seen[backend])
1602 backend_seen[backend] = 1;
1603 assert (backend != GC_BACKEND_ANY);
1604 if (gc_backend[backend].program
1605 && !gc_backend[backend].module_name)
1607 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1611 desc = gc_component[component].desc;
1612 desc = my_dgettext (gc_component[component].desc_domain, desc);
1613 es_fprintf (out, "%s:%s:",
1614 gc_component[component].name, gc_percent_escape (desc));
1615 es_fprintf (out, "%s\n", gc_percent_escape (pgmname));
1623 all_digits_p (const char *p, size_t len)
1627 for (; len; len--, p++)
1628 if (!isascii (*p) || !isdigit (*p))
1630 return 1; /* Yes. */
1634 /* Collect all error lines from stream FP. Only lines prefixed with
1635 TAG are considered. Returns a list of error line items (which may
1636 be empty). There is no error return. */
1638 collect_error_output (estream_t fp, const char *tag)
1644 error_line_t eitem, errlines, *errlines_tail;
1645 size_t taglen = strlen (tag);
1648 errlines_tail = &errlines;
1651 while ((c=es_getc (fp)) != EOF)
1654 if (pos >= sizeof buffer - 5 || c == '\n')
1656 buffer[pos - (c == '\n')] = 0;
1658 ; /*Ignore continuations of previous line. */
1659 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1661 /* "gpgsm: foo:4: bla" */
1662 /* Yep, we are interested in this line. */
1663 p = buffer + taglen + 1;
1664 while (*p == ' ' || *p == '\t')
1666 trim_trailing_spaces (p); /* Get rid of extra CRs. */
1668 ; /* Empty lines are ignored. */
1669 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1670 && all_digits_p (p2+1, p3 - (p2+1)))
1672 /* Line in standard compiler format. */
1674 while (*p3 == ' ' || *p3 == '\t')
1676 eitem = xmalloc (sizeof *eitem + strlen (p));
1678 strcpy (eitem->buffer, p);
1679 eitem->fname = eitem->buffer;
1680 eitem->buffer[p2-p] = 0;
1681 eitem->errtext = eitem->buffer + (p3 - p);
1682 /* (we already checked that there are only ascii
1683 digits followed by a colon) */
1685 for (p2++; isdigit (*p2); p2++)
1686 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1687 *errlines_tail = eitem;
1688 errlines_tail = &eitem->next;
1692 /* Other error output. */
1693 eitem = xmalloc (sizeof *eitem + strlen (p));
1695 strcpy (eitem->buffer, p);
1696 eitem->fname = NULL;
1697 eitem->errtext = eitem->buffer;
1699 *errlines_tail = eitem;
1700 errlines_tail = &eitem->next;
1704 /* If this was not a complete line mark that we are in a
1706 cont_line = (c != '\n');
1710 /* We ignore error lines not terminated by a LF. */
1715 /* Check the options of a single component. Returns 0 if everything
1718 gc_component_check_options (int component, estream_t out, const char *conf_file)
1721 unsigned int result;
1722 int backend_seen[GC_BACKEND_NR];
1723 gc_backend_t backend;
1724 gc_option_t *option;
1725 const char *pgmname;
1726 const char *argv[4];
1731 error_line_t errlines;
1733 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1734 backend_seen[backend] = 0;
1736 option = gc_component[component].options;
1737 for (; option && option->name; option++)
1739 if ((option->flags & GC_OPT_FLAG_GROUP))
1741 backend = option->backend;
1742 if (backend_seen[backend])
1744 backend_seen[backend] = 1;
1745 assert (backend != GC_BACKEND_ANY);
1746 if (!gc_backend[backend].program)
1748 if (!gc_backend[backend].module_name)
1753 if (! option || ! option->name)
1756 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1760 argv[i++] = "--options";
1761 argv[i++] = conf_file;
1763 if (component == GC_COMPONENT_PINENTRY)
1764 argv[i++] = "--version";
1766 argv[i++] = "--gpgconf-test";
1771 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
1772 NULL, NULL, &errfp, &pid);
1774 result |= 1; /* Program could not be run. */
1777 errlines = collect_error_output (errfp,
1778 gc_component[component].name);
1779 if (gnupg_wait_process (pgmname, pid, 1, &exitcode))
1782 result |= 1; /* Program could not be run or it
1783 terminated abnormally. */
1784 result |= 2; /* Program returned an error. */
1786 gnupg_release_process (pid);
1790 /* If the program could not be run, we can't tell whether
1791 the config file is good. */
1798 error_line_t errptr;
1800 desc = gc_component[component].desc;
1801 desc = my_dgettext (gc_component[component].desc_domain, desc);
1802 es_fprintf (out, "%s:%s:",
1803 gc_component[component].name, gc_percent_escape (desc));
1804 es_fputs (gc_percent_escape (pgmname), out);
1805 es_fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1806 for (errptr = errlines; errptr; errptr = errptr->next)
1808 if (errptr != errlines)
1809 es_fputs ("\n:::::", out); /* Continuation line. */
1811 es_fputs (gc_percent_escape (errptr->fname), out);
1814 es_fprintf (out, "%u", errptr->lineno);
1816 es_fputs (gc_percent_escape (errptr->errtext), out);
1819 es_putc ('\n', out);
1824 error_line_t tmp = errlines->next;
1834 /* Check all components that are available. */
1836 gc_check_programs (estream_t out)
1838 gc_component_t component;
1840 for (component = 0; component < GC_COMPONENT_NR; component++)
1841 gc_component_check_options (component, out, NULL);
1846 /* Find the component with the name NAME. Returns -1 if not
1849 gc_component_find (const char *name)
1853 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1855 if (gc_component[idx].options
1856 && !strcmp (name, gc_component[idx].name))
1863 /* List the option OPTION. */
1865 list_one_option (const gc_option_t *option, estream_t out)
1867 const char *desc = NULL;
1868 char *arg_name = NULL;
1872 desc = my_dgettext (option->desc_domain, option->desc);
1876 const char *arg_tail = strchr (&desc[1], '|');
1880 int arg_len = arg_tail - &desc[1];
1881 arg_name = xmalloc (arg_len + 1);
1882 memcpy (arg_name, &desc[1], arg_len);
1883 arg_name[arg_len] = '\0';
1884 desc = arg_tail + 1;
1890 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1891 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1894 /* The name field. */
1895 es_fprintf (out, "%s", option->name);
1897 /* The flags field. */
1898 es_fprintf (out, ":%lu", option->flags);
1904 es_fprintf (out, "none");
1907 unsigned long flags = option->flags;
1908 unsigned long flag = 0;
1909 unsigned long first = 1;
1919 es_fprintf (out, "%s", gc_flag[flag].name);
1927 /* The level field. */
1928 es_fprintf (out, ":%u", option->level);
1930 es_fprintf (out, " %s", gc_level[option->level].name);
1932 /* The description field. */
1933 es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1935 /* The type field. */
1936 es_fprintf (out, ":%u", option->arg_type);
1938 es_fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1940 /* The alternate type field. */
1941 es_fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1943 es_fprintf (out, " %s",
1944 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1946 /* The argument name field. */
1947 es_fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1950 /* The default value field. */
1951 es_fprintf (out, ":%s", option->default_value ? option->default_value : "");
1953 /* The default argument field. */
1954 es_fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1956 /* The value field. */
1957 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1958 && (option->flags & GC_OPT_FLAG_LIST)
1960 /* The special format "1,1,1,1,...,1" is converted to a number
1962 es_fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1964 es_fprintf (out, ":%s", option->value ? option->value : "");
1966 /* ADD NEW FIELDS HERE. */
1968 es_putc ('\n', out);
1972 /* List all options of the component COMPONENT. */
1974 gc_component_list_options (int component, estream_t out)
1976 const gc_option_t *option = gc_component[component].options;
1978 while (option && option->name)
1980 /* Do not output unknown or internal options. */
1981 if (!(option->flags & GC_OPT_FLAG_GROUP)
1982 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1988 if (option->flags & GC_OPT_FLAG_GROUP)
1990 const gc_option_t *group_option = option + 1;
1991 gc_expert_level_t level = GC_LEVEL_NR;
1993 /* The manual states that the group level is always the
1994 minimum of the levels of all contained options. Due to
1995 different active options, and because it is hard to
1996 maintain manually, we calculate it here. The value in
1997 the global static table is ignored. */
1999 while (group_option->name)
2001 if (group_option->flags & GC_OPT_FLAG_GROUP)
2003 if (group_option->level < level)
2004 level = group_option->level;
2008 /* Check if group is empty. */
2009 if (level != GC_LEVEL_NR)
2011 gc_option_t opt_copy;
2013 /* Fix up the group level. */
2014 memcpy (&opt_copy, option, sizeof (opt_copy));
2015 opt_copy.level = level;
2016 list_one_option (&opt_copy, out);
2020 list_one_option (option, out);
2027 /* Find the option NAME in component COMPONENT, for the backend
2028 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
2029 static gc_option_t *
2030 find_option (gc_component_t component, const char *name,
2031 gc_backend_t backend)
2033 gc_option_t *option = gc_component[component].options;
2034 while (option->name)
2036 if (!(option->flags & GC_OPT_FLAG_GROUP)
2037 && !strcmp (option->name, name)
2038 && (backend == GC_BACKEND_ANY || option->backend == backend))
2042 return option->name ? option : NULL;
2046 /* Determine the configuration filename for the component COMPONENT
2047 and backend BACKEND. */
2049 get_config_filename (gc_component_t component, gc_backend_t backend)
2051 char *filename = NULL;
2052 gc_option_t *option = find_option
2053 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2055 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
2056 assert (!(option->flags & GC_OPT_FLAG_LIST));
2058 if (!option->active || !option->default_value)
2059 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
2060 gc_backend[backend].option_config_filename,
2061 gc_backend[backend].name);
2063 if (option->value && *option->value)
2064 filename = percent_deescape (&option->value[1]);
2065 else if (option->default_value && *option->default_value)
2066 filename = percent_deescape (&option->default_value[1]);
2070 #if HAVE_W32CE_SYSTEM
2071 if (!(filename[0] == '/' || filename[0] == '\\'))
2072 #elif defined(HAVE_DOSISH_SYSTEM)
2074 && filename[1] == ':'
2075 && (filename[2] == '/' || filename[2] == '\\')))
2077 if (filename[0] != '/')
2079 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
2080 gc_backend[backend].option_config_filename,
2081 gc_backend[backend].name);
2087 /* Retrieve the options for the component COMPONENT from backend
2088 BACKEND, which we already know is a program-type backend. */
2090 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
2093 const char *pgmname;
2094 const char *argv[2];
2099 size_t line_len = 0;
2102 char *config_filename;
2104 pgmname = (gc_backend[backend].module_name
2105 ? gnupg_module_name (gc_backend[backend].module_name)
2106 : gc_backend[backend].program );
2107 argv[0] = "--gpgconf-list";
2110 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
2111 NULL, &outfp, NULL, &pid);
2114 gc_error (1, 0, "could not gather active options from '%s': %s",
2115 pgmname, gpg_strerror (err));
2118 while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
2120 gc_option_t *option;
2122 unsigned long flags = 0;
2123 char *default_value = NULL;
2125 /* Strip newline and carriage return, if present. */
2127 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
2128 line[--length] = '\0';
2130 linep = strchr (line, ':');
2134 /* Extract additional flags. Default to none. */
2140 end = strchr (linep, ':');
2144 gpg_err_set_errno (0);
2145 flags = strtoul (linep, &tail, 0);
2147 gc_error (1, errno, "malformed flags in option %s from %s",
2149 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
2150 gc_error (1, 0, "garbage after flags in option %s from %s",
2156 /* Extract default value, if present. Default to empty if
2162 end = strchr (linep, ':');
2166 if (flags & GC_OPT_FLAG_DEFAULT)
2167 default_value = linep;
2172 /* Look up the option in the component and install the
2173 configuration data. */
2174 option = find_option (component, line, backend);
2178 gc_error (1, errno, "option %s returned twice from %s",
2182 option->flags |= flags;
2183 if (default_value && *default_value)
2184 option->default_value = xstrdup (default_value);
2187 if (length < 0 || es_ferror (outfp))
2188 gc_error (1, errno, "error reading from %s", pgmname);
2189 if (es_fclose (outfp))
2190 gc_error (1, errno, "error closing %s", pgmname);
2192 err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
2194 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
2195 pgmname, exitcode, gpg_strerror (err));
2196 gnupg_release_process (pid);
2199 /* At this point, we can parse the configuration file. */
2200 config_filename = get_config_filename (component, backend);
2202 config = es_fopen (config_filename, "r");
2205 if (errno != ENOENT)
2206 gc_error (0, errno, "warning: can not open config file %s",
2211 while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
2215 gc_option_t *option;
2218 while (*name == ' ' || *name == '\t')
2220 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
2224 while (*value && *value != ' ' && *value != '\t'
2225 && *value != '#' && *value != '\r' && *value != '\n')
2227 if (*value == ' ' || *value == '\t')
2232 while (*value == ' ' || *value == '\t')
2236 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2238 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
2245 /* Look up the option in the component and install the
2246 configuration data. */
2247 option = find_option (component, line, backend);
2252 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2256 "warning: ignoring argument %s for option %s",
2258 opt_value = xstrdup ("1");
2260 else if (gc_arg_type[option->arg_type].fallback
2261 == GC_ARG_TYPE_STRING)
2262 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
2265 /* FIXME: Verify that the number is sane. */
2266 opt_value = xstrdup (value);
2269 /* Now enter the option into the table. */
2270 if (!(option->flags & GC_OPT_FLAG_LIST))
2273 xfree (option->value);
2274 option->value = opt_value;
2279 option->value = opt_value;
2282 char *old = option->value;
2283 option->value = xasprintf ("%s,%s", old, opt_value);
2291 if (length < 0 || es_ferror (config))
2292 gc_error (1, errno, "error reading from %s", config_filename);
2293 if (es_fclose (config))
2294 gc_error (1, errno, "error closing %s", config_filename);
2301 /* Retrieve the options for the component COMPONENT from backend
2302 BACKEND, which we already know is of type file list. */
2304 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2306 gc_option_t *list_option;
2307 gc_option_t *config_option;
2308 char *list_filename;
2309 gpgrt_stream_t list_file;
2311 size_t line_len = 0;
2315 list_option = find_option (component,
2316 gc_backend[backend].option_name, GC_BACKEND_ANY);
2317 assert (list_option);
2318 assert (!list_option->active);
2320 list_filename = get_config_filename (component, backend);
2321 list_file = gpgrt_fopen (list_filename, "r");
2323 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2327 while ((length = gpgrt_read_line (list_file, &line, &line_len, NULL)) > 0)
2334 while (*start == ' ' || *start == '\t')
2336 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2340 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2342 /* Walk back to skip trailing white spaces. Looks evil, but
2343 works because of the conditions on START and END imposed
2344 at this point (END is at least START + 1, and START is
2345 not a whitespace character). */
2346 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2349 /* FIXME: Oh, no! This is so lame! Should use realloc and
2353 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2358 list = xasprintf ("\"%s", gc_percent_escape (start));
2360 if (length < 0 || gpgrt_ferror (list_file))
2361 gc_error (1, errno, "can not read list file %s", list_filename);
2364 list_option->active = 1;
2365 list_option->value = list;
2367 /* Fix up the read-only flag. */
2368 config_option = find_option
2369 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2370 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2371 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2373 if (list_file && gpgrt_fclose (list_file))
2374 gc_error (1, errno, "error closing %s", list_filename);
2379 /* Retrieve the currently active options and their defaults from all
2380 involved backends for this component. Using -1 for component will
2381 retrieve all options from all components. */
2383 gc_component_retrieve_options (int component)
2385 int process_all = 0;
2386 int backend_seen[GC_BACKEND_NR];
2387 gc_backend_t backend;
2388 gc_option_t *option;
2390 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2391 backend_seen[backend] = 0;
2393 if (component == -1)
2397 assert (component < GC_COMPONENT_NR);
2402 if (component == GC_COMPONENT_PINENTRY)
2403 continue; /* Skip this dummy component. */
2405 option = gc_component[component].options;
2407 while (option && option->name)
2409 if (!(option->flags & GC_OPT_FLAG_GROUP))
2411 backend = option->backend;
2413 if (backend_seen[backend])
2418 backend_seen[backend] = 1;
2420 assert (backend != GC_BACKEND_ANY);
2422 if (gc_backend[backend].program)
2423 retrieve_options_from_program (component, backend);
2425 retrieve_options_from_file (component, backend);
2430 while (process_all && ++component < GC_COMPONENT_NR);
2436 /* Perform a simple validity check based on the type. Return in
2437 * NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2438 * type GC_ARG_TYPE_NONE. If VERBATIM is set the profile parsing mode
2441 option_check_validity (gc_option_t *option, unsigned long flags,
2442 char *new_value, unsigned long *new_value_nr,
2447 if (!option->active)
2448 gc_error (1, 0, "option %s not supported by backend %s",
2449 option->name, gc_backend[option->backend].name);
2451 if (option->new_flags || option->new_value)
2452 gc_error (1, 0, "option %s already changed", option->name);
2454 if (flags & GC_OPT_FLAG_DEFAULT)
2457 gc_error (1, 0, "argument %s provided for deleted option %s",
2458 new_value, option->name);
2463 /* GC_ARG_TYPE_NONE options have special list treatment. */
2464 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2468 gpg_err_set_errno (0);
2469 *new_value_nr = strtoul (new_value, &tail, 0);
2472 gc_error (1, errno, "invalid argument for option %s",
2475 gc_error (1, 0, "garbage after argument for option %s",
2478 if (!(option->flags & GC_OPT_FLAG_LIST))
2480 if (*new_value_nr != 1)
2481 gc_error (1, 0, "argument for non-list option %s of type 0 "
2482 "(none) must be 1", option->name);
2486 if (*new_value_nr == 0)
2487 gc_error (1, 0, "argument for option %s of type 0 (none) "
2488 "must be positive", option->name);
2497 if (*arg == '\0' || (*arg == ',' && !verbatim))
2499 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2500 gc_error (1, 0, "argument required for option %s", option->name);
2502 if (*arg == ',' && !verbatim && !(option->flags & GC_OPT_FLAG_LIST))
2503 gc_error (1, 0, "list found for non-list option %s", option->name);
2505 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2507 if (*arg != '"' && !verbatim)
2508 gc_error (1, 0, "string argument for option %s must begin "
2509 "with a quote (\") character", option->name);
2511 /* FIXME: We do not allow empty string arguments for now, as
2512 we do not quote arguments in configuration files, and
2513 thus no argument is indistinguishable from the empty
2515 if (arg[1] == '\0' || (arg[1] == ',' && !verbatim))
2516 gc_error (1, 0, "empty string argument for option %s is "
2517 "currently not allowed. Please report this!",
2520 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2524 gpg_err_set_errno (0);
2525 res = strtol (arg, &arg, 0);
2529 gc_error (1, errno, "invalid argument for option %s",
2532 if (*arg != '\0' && (*arg != ',' || verbatim))
2533 gc_error (1, 0, "garbage after argument for option %s",
2536 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2540 gpg_err_set_errno (0);
2541 res = strtoul (arg, &arg, 0);
2545 gc_error (1, errno, "invalid argument for option %s",
2548 if (*arg != '\0' && (*arg != ',' || verbatim))
2549 gc_error (1, 0, "garbage after argument for option %s",
2552 arg = verbatim? strchr (arg, ',') : NULL;
2556 while (arg && *arg);
2559 #ifdef HAVE_W32_SYSTEM
2561 copy_file (const char *src_name, const char *dst_name)
2563 #define BUF_LEN 4096
2564 char buffer[BUF_LEN];
2569 src = gpgrt_fopen (src_name, "r");
2573 dst = gpgrt_fopen (dst_name, "w");
2576 int saved_err = errno;
2578 gpg_err_set_errno (saved_err);
2586 len = gpgrt_fread (buffer, 1, BUF_LEN, src);
2589 written = gpgrt_fwrite (buffer, 1, len, dst);
2593 while (! gpgrt_feof (src) && ! gpgrt_ferror (src) && ! gpgrt_ferror (dst));
2595 if (gpgrt_ferror (src) || gpgrt_ferror (dst) || ! gpgrt_feof (src))
2597 int saved_errno = errno;
2601 gpg_err_set_errno (saved_errno);
2605 if (gpgrt_fclose (dst))
2606 gc_error (1, errno, "error closing %s", dst_name);
2607 if (gpgrt_fclose (src))
2608 gc_error (1, errno, "error closing %s", src_name);
2612 #endif /* HAVE_W32_SYSTEM */
2615 /* Create and verify the new configuration file for the specified
2616 * backend and component. Returns 0 on success and -1 on error. This
2617 * function may store pointers to malloced strings in SRC_FILENAMEP,
2618 * DEST_FILENAMEP, and ORIG_FILENAMEP. Those must be freed by the
2619 * caller. The strings refer to three versions of the configuration
2622 * SRC_FILENAME: The updated configuration is written to this file.
2623 * DEST_FILENAME: Name of the configuration file read by the
2625 * ORIG_FILENAME: A backup of the previous configuration file.
2627 * To apply the configuration change, rename SRC_FILENAME to
2628 * DEST_FILENAME. To revert to the previous configuration, rename
2629 * ORIG_FILENAME to DEST_FILENAME. */
2631 change_options_file (gc_component_t component, gc_backend_t backend,
2632 char **src_filenamep, char **dest_filenamep,
2633 char **orig_filenamep)
2635 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2636 /* True if we are within the marker in the config file. */
2638 gc_option_t *option;
2644 gpgrt_stream_t src_file = NULL;
2645 gpgrt_stream_t dest_file = NULL;
2647 char *dest_filename;
2648 char *orig_filename;
2650 char *cur_arg = NULL;
2652 option = find_option (component,
2653 gc_backend[backend].option_name, GC_BACKEND_ANY);
2655 assert (option->active);
2656 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2658 /* FIXME. Throughout the function, do better error reporting. */
2659 /* Note that get_config_filename() calls percent_deescape(), so we
2660 call this before processing the arguments. */
2661 dest_filename = xstrdup (get_config_filename (component, backend));
2662 src_filename = xasprintf ("%s.%s.%i.new",
2663 dest_filename, GPGCONF_NAME, (int)getpid ());
2664 orig_filename = xasprintf ("%s.%s.%i.bak",
2665 dest_filename, GPGCONF_NAME, (int)getpid ());
2667 arg = option->new_value;
2668 if (arg && arg[0] == '\0')
2675 end = strchr (arg, ',');
2679 cur_arg = percent_deescape (arg);
2689 #ifdef HAVE_W32_SYSTEM
2690 res = copy_file (dest_filename, orig_filename);
2692 res = link (dest_filename, orig_filename);
2694 if (res < 0 && errno != ENOENT)
2696 xfree (dest_filename);
2697 xfree (src_filename);
2698 xfree (orig_filename);
2703 xfree (orig_filename);
2704 orig_filename = NULL;
2707 /* We now initialize the return strings, so the caller can do the
2709 *src_filenamep = src_filename;
2710 *dest_filenamep = dest_filename;
2711 *orig_filenamep = orig_filename;
2713 /* Use open() so that we can use O_EXCL. */
2714 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2717 src_file = gpgrt_fdopen (fd, "w");
2721 gpg_err_set_errno (res);
2725 /* Only if ORIG_FILENAME is not NULL did the configuration file
2726 exist already. In this case, we will copy its content into the
2727 new configuration file, changing it to our liking in the
2731 dest_file = gpgrt_fopen (dest_filename, "r");
2733 goto change_file_one_err;
2735 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
2740 if (!strncmp (marker, line, sizeof (marker) - 1))
2749 while (*start == ' ' || *start == '\t')
2751 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2760 /* Search for the end of the line. */
2761 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2764 if (*endp && *endp != ' ' && *endp != '\t'
2765 && *endp != '\r' && *endp != '\n' && *endp != '#')
2771 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2772 || !cur_arg || strcmp (start, cur_arg))
2776 /* Find next argument. */
2782 arg_end = strchr (arg, ',');
2786 cur_arg = percent_deescape (arg);
2806 gpgrt_fprintf (src_file,
2807 "# %s disabled this option here at %s\n",
2808 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2809 if (gpgrt_ferror (src_file))
2810 goto change_file_one_err;
2811 gpgrt_fprintf (src_file, "# %s", line);
2812 if (gpgrt_ferror (src_file))
2813 goto change_file_one_err;
2818 gpgrt_fprintf (src_file, "%s", line);
2819 if (gpgrt_ferror (src_file))
2820 goto change_file_one_err;
2823 if (length < 0 || gpgrt_ferror (dest_file))
2824 goto change_file_one_err;
2829 /* There was no marker. This is the first time we edit the
2830 file. We add our own marker at the end of the file and
2831 proceed. Note that we first write a newline, this guards us
2832 against files which lack the newline at the end of the last
2833 line, while it doesn't hurt us in all other cases. */
2834 gpgrt_fprintf (src_file, "\n%s\n", marker);
2835 if (gpgrt_ferror (src_file))
2836 goto change_file_one_err;
2839 /* At this point, we have copied everything up to the end marker
2840 into the new file, except for the arguments we are going to add.
2841 Now, dump the new arguments and write the end marker, possibly
2842 followed by the rest of the original file. */
2845 gpgrt_fprintf (src_file, "%s\n", cur_arg);
2847 /* Find next argument. */
2853 end = strchr (arg, ',');
2857 cur_arg = percent_deescape (arg);
2870 gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2871 if (gpgrt_ferror (src_file))
2872 goto change_file_one_err;
2876 gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
2878 if (gpgrt_ferror (src_file))
2879 goto change_file_one_err;
2880 gpgrt_fprintf (src_file, "# It will disable options before this marked "
2881 "block, but it will\n");
2882 if (gpgrt_ferror (src_file))
2883 goto change_file_one_err;
2884 gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
2885 if (gpgrt_ferror (src_file))
2886 goto change_file_one_err;
2890 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
2892 gpgrt_fprintf (src_file, "%s", line);
2893 if (gpgrt_ferror (src_file))
2894 goto change_file_one_err;
2896 if (length < 0 || gpgrt_ferror (dest_file))
2897 goto change_file_one_err;
2902 res = gpgrt_fclose (src_file);
2908 gpgrt_fclose (dest_file);
2909 gpg_err_set_errno (res);
2915 res = gpgrt_fclose (dest_file);
2921 change_file_one_err:
2926 gpgrt_fclose (src_file);
2930 gpgrt_fclose (dest_file);
2931 gpg_err_set_errno (res);
2936 /* Create and verify the new configuration file for the specified
2937 * backend and component. Returns 0 on success and -1 on error. If
2938 * VERBATIM is set the profile mode is used. This function may store
2939 * pointers to malloced strings in SRC_FILENAMEP, DEST_FILENAMEP, and
2940 * ORIG_FILENAMEP. Those must be freed by the caller. The strings
2941 * refer to three versions of the configuration file:
2943 * SRC_FILENAME: The updated configuration is written to this file.
2944 * DEST_FILENAME: Name of the configuration file read by the
2946 * ORIG_FILENAME: A backup of the previous configuration file.
2948 * To apply the configuration change, rename SRC_FILENAME to
2949 * DEST_FILENAME. To revert to the previous configuration, rename
2950 * ORIG_FILENAME to DEST_FILENAME. */
2952 change_options_program (gc_component_t component, gc_backend_t backend,
2953 char **src_filenamep, char **dest_filenamep,
2954 char **orig_filenamep,
2957 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2958 /* True if we are within the marker in the config file. */
2960 gc_option_t *option;
2966 gpgrt_stream_t src_file = NULL;
2967 gpgrt_stream_t dest_file = NULL;
2969 char *dest_filename;
2970 char *orig_filename;
2971 /* Special hack for gpg, see below. */
2972 int utf8strings_seen = 0;
2974 /* FIXME. Throughout the function, do better error reporting. */
2975 dest_filename = xstrdup (get_config_filename (component, backend));
2976 src_filename = xasprintf ("%s.%s.%i.new",
2977 dest_filename, GPGCONF_NAME, (int)getpid ());
2978 orig_filename = xasprintf ("%s.%s.%i.bak",
2979 dest_filename, GPGCONF_NAME, (int)getpid ());
2981 #ifdef HAVE_W32_SYSTEM
2982 res = copy_file (dest_filename, orig_filename);
2984 res = link (dest_filename, orig_filename);
2986 if (res < 0 && errno != ENOENT)
2988 xfree (dest_filename);
2989 xfree (src_filename);
2990 xfree (orig_filename);
2995 xfree (orig_filename);
2996 orig_filename = NULL;
2999 /* We now initialize the return strings, so the caller can do the
3001 *src_filenamep = src_filename;
3002 *dest_filenamep = dest_filename;
3003 *orig_filenamep = orig_filename;
3005 /* Use open() so that we can use O_EXCL. */
3006 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
3009 src_file = gpgrt_fdopen (fd, "w");
3013 gpg_err_set_errno (res);
3017 /* Only if ORIG_FILENAME is not NULL did the configuration file
3018 exist already. In this case, we will copy its content into the
3019 new configuration file, changing it to our liking in the
3023 dest_file = gpgrt_fopen (dest_filename, "r");
3025 goto change_one_err;
3027 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
3032 if (!strncmp (marker, line, sizeof (marker) - 1))
3039 else if (backend == GC_BACKEND_GPG && in_marker
3040 && ! strcmp ("utf8-strings\n", line))
3042 /* Strip duplicated entries. */
3043 if (utf8strings_seen)
3046 utf8strings_seen = 1;
3050 while (*start == ' ' || *start == '\t')
3052 if (*start && *start != '\r' && *start != '\n' && *start != '#')
3058 while (*end && *end != ' ' && *end != '\t'
3059 && *end != '\r' && *end != '\n' && *end != '#')
3064 option = find_option (component, start, backend);
3066 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
3067 || option->new_value))
3074 gpgrt_fprintf (src_file,
3075 "# %s disabled this option here at %s\n",
3076 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
3077 if (gpgrt_ferror (src_file))
3078 goto change_one_err;
3079 gpgrt_fprintf (src_file, "# %s", line);
3080 if (gpgrt_ferror (src_file))
3081 goto change_one_err;
3086 gpgrt_fprintf (src_file, "%s", line);
3087 if (gpgrt_ferror (src_file))
3088 goto change_one_err;
3091 if (length < 0 || gpgrt_ferror (dest_file))
3092 goto change_one_err;
3097 /* There was no marker. This is the first time we edit the
3098 file. We add our own marker at the end of the file and
3099 proceed. Note that we first write a newline, this guards us
3100 against files which lack the newline at the end of the last
3101 line, while it doesn't hurt us in all other cases. */
3102 gpgrt_fprintf (src_file, "\n%s\n", marker);
3103 if (gpgrt_ferror (src_file))
3104 goto change_one_err;
3106 /* At this point, we have copied everything up to the end marker
3107 into the new file, except for the options we are going to change.
3108 Now, dump the changed options (except for those we are going to
3109 revert to their default), and write the end marker, possibly
3110 followed by the rest of the original file. */
3112 /* We have to turn on UTF8 strings for GnuPG. */
3113 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
3114 gpgrt_fprintf (src_file, "utf8-strings\n");
3116 option = gc_component[component].options;
3117 while (option->name)
3119 if (!(option->flags & GC_OPT_FLAG_GROUP)
3120 && option->backend == backend
3121 && option->new_value)
3123 char *arg = option->new_value;
3127 if (*arg == '\0' || *arg == ',')
3129 gpgrt_fprintf (src_file, "%s\n", option->name);
3130 if (gpgrt_ferror (src_file))
3131 goto change_one_err;
3133 else if (gc_arg_type[option->arg_type].fallback
3134 == GC_ARG_TYPE_NONE)
3136 assert (*arg == '1');
3137 gpgrt_fprintf (src_file, "%s\n", option->name);
3138 if (gpgrt_ferror (src_file))
3139 goto change_one_err;
3143 else if (gc_arg_type[option->arg_type].fallback
3144 == GC_ARG_TYPE_STRING)
3150 log_assert (*arg == '"');
3153 end = strchr (arg, ',');
3160 gpgrt_fprintf (src_file, "%s %s\n", option->name,
3161 verbatim? arg : percent_deescape (arg));
3162 if (gpgrt_ferror (src_file))
3163 goto change_one_err;
3173 end = strchr (arg, ',');
3177 gpgrt_fprintf (src_file, "%s %s\n", option->name, arg);
3178 if (gpgrt_ferror (src_file))
3179 goto change_one_err;
3186 assert (arg == NULL || *arg == '\0' || *arg == ',');
3187 if (arg && *arg == ',')
3190 while (arg && *arg);
3195 gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
3196 if (gpgrt_ferror (src_file))
3197 goto change_one_err;
3201 gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
3203 if (gpgrt_ferror (src_file))
3204 goto change_one_err;
3205 gpgrt_fprintf (src_file, "# It will disable options before this marked "
3206 "block, but it will\n");
3207 if (gpgrt_ferror (src_file))
3208 goto change_one_err;
3209 gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
3210 if (gpgrt_ferror (src_file))
3211 goto change_one_err;
3215 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
3217 gpgrt_fprintf (src_file, "%s", line);
3218 if (gpgrt_ferror (src_file))
3219 goto change_one_err;
3221 if (length < 0 || gpgrt_ferror (dest_file))
3222 goto change_one_err;
3227 res = gpgrt_fclose (src_file);
3233 gpgrt_fclose (dest_file);
3234 gpg_err_set_errno (res);
3240 res = gpgrt_fclose (dest_file);
3251 gpgrt_fclose (src_file);
3255 gpgrt_fclose (dest_file);
3256 gpg_err_set_errno (res);
3261 /* Common code for gc_component_change_options and
3262 * gc_process_gpgconf_conf. If VERBATIM is set the profile parsing
3265 change_one_value (gc_option_t *option, int *runtime,
3266 unsigned long flags, char *new_value, int verbatim)
3268 unsigned long new_value_nr = 0;
3270 option_check_validity (option, flags, new_value, &new_value_nr, verbatim);
3272 if (option->flags & GC_OPT_FLAG_RUNTIME)
3273 runtime[option->backend] = 1;
3275 option->new_flags = flags;
3276 if (!(flags & GC_OPT_FLAG_DEFAULT))
3278 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
3279 && (option->flags & GC_OPT_FLAG_LIST))
3283 /* We convert the number to a list of 1's for convenient
3285 assert (new_value_nr > 0);
3286 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
3287 str = option->new_value;
3289 while (--new_value_nr > 0)
3297 option->new_value = xstrdup (new_value);
3302 /* Read the modifications from IN and apply them. If IN is NULL the
3303 modifications are expected to already have been set to the global
3304 table. If VERBATIM is set the profile mode is used. */
3306 gc_component_change_options (int component, estream_t in, estream_t out,
3311 int runtime[GC_BACKEND_NR];
3312 char *src_filename[GC_BACKEND_NR];
3313 char *dest_filename[GC_BACKEND_NR];
3314 char *orig_filename[GC_BACKEND_NR];
3315 gc_backend_t backend;
3316 gc_option_t *option;
3318 size_t line_len = 0;
3321 if (component == GC_COMPONENT_PINENTRY)
3322 return; /* Dummy component for now. */
3324 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3326 runtime[backend] = 0;
3327 src_filename[backend] = NULL;
3328 dest_filename[backend] = NULL;
3329 orig_filename[backend] = NULL;
3334 /* Read options from the file IN. */
3335 while ((length = es_read_line (in, &line, &line_len, NULL)) > 0)
3338 unsigned long flags = 0;
3339 char *new_value = "";
3341 /* Strip newline and carriage return, if present. */
3343 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3344 line[--length] = '\0';
3346 linep = strchr (line, ':');
3350 /* Extract additional flags. Default to none. */
3356 end = strchr (linep, ':');
3360 gpg_err_set_errno (0);
3361 flags = strtoul (linep, &tail, 0);
3363 gc_error (1, errno, "malformed flags in option %s", line);
3364 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3365 gc_error (1, 0, "garbage after flags in option %s", line);
3370 /* Don't allow setting of the no change flag. */
3371 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3373 /* Extract default value, if present. Default to empty if not. */
3377 end = strchr (linep, ':');
3384 option = find_option (component, line, GC_BACKEND_ANY);
3386 gc_error (1, 0, "unknown option %s", line);
3388 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3390 gc_error (0, 0, "ignoring new value for option %s",
3395 change_one_value (option, runtime, flags, new_value, 0);
3397 if (length < 0 || gpgrt_ferror (in))
3398 gc_error (1, errno, "error reading stream 'in'");
3401 /* Now that we have collected and locally verified the changes,
3402 write them out to new configuration files, verify them
3403 externally, and then commit them. */
3404 option = gc_component[component].options;
3405 while (option && option->name)
3407 /* Go on if we have already seen this backend, or if there is
3409 if (src_filename[option->backend]
3410 || !(option->new_flags || option->new_value))
3416 if (gc_backend[option->backend].program)
3418 err = change_options_program (component, option->backend,
3419 &src_filename[option->backend],
3420 &dest_filename[option->backend],
3421 &orig_filename[option->backend],
3425 /* External verification. */
3426 err = gc_component_check_options (component, out,
3427 src_filename[option->backend]);
3431 _("External verification of component %s failed"),
3432 gc_component[component].name);
3433 gpg_err_set_errno (EINVAL);
3439 err = change_options_file (component, option->backend,
3440 &src_filename[option->backend],
3441 &dest_filename[option->backend],
3442 &orig_filename[option->backend]);
3450 /* We are trying to atomically commit all changes. Unfortunately,
3451 we cannot rely on gnupg_rename_file to manage the signals for us,
3452 doing so would require us to pass NULL as BLOCK to any subsequent
3453 call to it. Instead, we just manage the signal handling
3456 gnupg_block_all_signals ();
3458 if (! err && ! opt.dry_run)
3462 for (i = 0; i < GC_BACKEND_NR; i++)
3464 if (src_filename[i])
3466 /* FIXME: Make a verification here. */
3468 assert (dest_filename[i]);
3470 if (orig_filename[i])
3471 err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
3474 #ifdef HAVE_W32_SYSTEM
3475 /* We skip the unlink if we expect the file not to
3477 err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
3478 #else /* HAVE_W32_SYSTEM */
3479 /* This is a bit safer than rename() because we
3480 expect DEST_FILENAME not to be there. If it
3481 happens to be there, this will fail. */
3482 err = link (src_filename[i], dest_filename[i]);
3484 err = unlink (src_filename[i]);
3485 #endif /* !HAVE_W32_SYSTEM */
3489 xfree (src_filename[i]);
3490 src_filename[i] = NULL;
3495 if (err || opt.dry_run)
3498 int saved_errno = errno;
3500 /* An error occurred or a dry-run is requested. */
3501 for (i = 0; i < GC_BACKEND_NR; i++)
3503 if (src_filename[i])
3505 /* The change was not yet committed. */
3506 unlink (src_filename[i]);
3507 if (orig_filename[i])
3508 unlink (orig_filename[i]);
3512 /* The changes were already committed. FIXME: This is a
3513 tad dangerous, as we don't know if we don't overwrite
3514 a version of the file that is even newer than the one
3515 we just installed. */
3516 if (orig_filename[i])
3517 gnupg_rename_file (orig_filename[i], dest_filename[i], NULL);
3519 unlink (dest_filename[i]);
3523 gc_error (1, saved_errno, "could not commit changes");
3525 /* Fall-through for dry run. */
3529 /* If it all worked, notify the daemons of the changes. */
3531 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3533 if (runtime[backend] && gc_backend[backend].runtime_change)
3534 (*gc_backend[backend].runtime_change) (0);
3537 /* Move the per-process backup file into its place. */
3538 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3539 if (orig_filename[backend])
3541 char *backup_filename;
3543 assert (dest_filename[backend]);
3545 backup_filename = xasprintf ("%s.%s.bak",
3546 dest_filename[backend], GPGCONF_NAME);
3547 gnupg_rename_file (orig_filename[backend], backup_filename, NULL);
3548 xfree (backup_filename);
3553 gnupg_unblock_all_signals ();
3555 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3557 xfree (src_filename[backend]);
3558 xfree (dest_filename[backend]);
3559 xfree (orig_filename[backend]);
3564 /* Check whether USER matches the current user of one of its group.
3565 This function may change USER. Returns true is there is a
3568 key_matches_user_or_group (char *user)
3572 if (*user == '*' && user[1] == 0)
3573 return 1; /* A single asterisk matches all users. */
3575 group = strchr (user, ':');
3579 #ifdef HAVE_W32_SYSTEM
3580 /* Under Windows we don't support groups. */
3581 if (group && *group)
3582 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3583 #ifndef HAVE_W32CE_SYSTEM
3586 static char *my_name;
3593 GetUserNameA (tmp, &size);
3594 my_name = xmalloc (size);
3595 if (!GetUserNameA (my_name, &size))
3596 gc_error (1,0, "error getting current user name: %s",
3600 if (!strcmp (user, my_name))
3601 return 1; /* Found. */
3603 #endif /*HAVE_W32CE_SYSTEM*/
3604 #else /*!HAVE_W32_SYSTEM*/
3605 /* First check whether the user matches. */
3608 static char *my_name;
3612 struct passwd *pw = getpwuid ( getuid () );
3614 gc_error (1, errno, "getpwuid failed for current user");
3615 my_name = xstrdup (pw->pw_name);
3617 if (!strcmp (user, my_name))
3618 return 1; /* Found. */
3621 /* If that failed, check whether a group matches. */
3622 if (group && *group)
3624 static char *my_group;
3625 static char **my_supgroups;
3630 struct group *gr = getgrgid ( getgid () );
3632 gc_error (1, errno, "getgrgid failed for current user");
3633 my_group = xstrdup (gr->gr_name);
3635 if (!strcmp (group, my_group))
3636 return 1; /* Found. */
3643 ngids = getgroups (0, NULL);
3644 gids = xcalloc (ngids+1, sizeof *gids);
3645 ngids = getgroups (ngids, gids);
3647 gc_error (1, errno, "getgroups failed for current user");
3648 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3649 for (n=0; n < ngids; n++)
3651 struct group *gr = getgrgid ( gids[n] );
3653 gc_error (1, errno, "getgrgid failed for supplementary group");
3654 my_supgroups[n] = xstrdup (gr->gr_name);
3659 for (n=0; my_supgroups[n]; n++)
3660 if (!strcmp (group, my_supgroups[n]))
3661 return 1; /* Found. */
3663 #endif /*!HAVE_W32_SYSTEM*/
3664 return 0; /* No match. */
3669 /* Read and process the global configuration file for gpgconf. This
3670 optional file is used to update our internal tables at runtime and
3671 may also be used to set new default values. If FNAME is NULL the
3672 default name will be used. With UPDATE set to true the internal
3673 tables are actually updated; if not set, only a syntax check is
3674 done. If DEFAULTS is true the global options are written to the
3675 configuration files. If LISTFP is set, no changes are done but the
3676 configuration file is printed to LISTFP in a colon separated format.
3678 Returns 0 on success or if the config file is not present; -1 is
3679 returned on error. */
3681 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3686 size_t line_len = 0;
3688 gpgrt_stream_t config;
3692 int runtime[GC_BACKEND_NR];
3693 int backend_id, component_id;
3697 fname = xstrdup (fname_arg);
3699 fname = make_filename (gnupg_sysconfdir (), GPGCONF_NAME EXTSEP_S "conf",
3702 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3703 runtime[backend_id] = 0;
3705 config = gpgrt_fopen (fname, "r");
3708 /* Do not print an error if the file is not available, except
3709 when running in syntax check mode. */
3710 if (errno != ENOENT || !update)
3712 gc_error (0, errno, "can not open global config file '%s'", fname);
3719 while ((length = gpgrt_read_line (config, &line, &line_len, NULL)) > 0)
3721 char *key, *component, *option, *flags, *value;
3723 gc_option_t *option_info = NULL;
3725 int is_continuation;
3729 while (*key == ' ' || *key == '\t')
3731 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3734 is_continuation = (key != line);
3736 /* Parse the key field. */
3737 if (!is_continuation && got_match)
3738 break; /* Finish after the first match. */
3739 else if (!is_continuation)
3742 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3746 gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
3755 gc_error (0, 0, "continuation but no rule at '%s', line %d",
3768 /* Parse the component. */
3769 while (*component == ' ' || *component == '\t')
3771 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3775 gc_error (0, 0, "missing component at '%s', line %d",
3783 component_id = gc_component_find (component);
3784 if (component_id < 0)
3786 gc_error (0, 0, "unknown component at '%s', line %d",
3791 /* Parse the option name. */
3792 while (*option == ' ' || *option == '\t')
3794 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3798 gc_error (0, 0, "missing option at '%s', line %d",
3805 if ( component_id != -1)
3807 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3810 gc_error (0, 0, "unknown option at '%s', line %d",
3817 /* Parse the optional flags. */
3818 while (*flags == ' ' || *flags == '\t')
3823 p = strchr (flags, ']');
3826 gc_error (0, 0, "syntax error in rule at '%s', line %d",
3834 else /* No flags given. */
3840 /* Parse the optional value. */
3841 while (*value == ' ' || *value == '\t')
3843 for (p=value; *p && !strchr ("\r\n", *p); p++)
3846 value = empty; /* No value given; let it point to an empty string. */
3849 /* Strip trailing white space. */
3851 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3855 /* Check flag combinations. */
3858 else if (!strcmp (flags, "default"))
3862 gc_error (0, 0, "flag \"default\" may not be combined "
3863 "with a value at '%s', line %d",
3868 else if (!strcmp (flags, "change"))
3870 else if (!strcmp (flags, "no-change"))
3874 gc_error (0, 0, "unknown flag at '%s', line %d",
3879 /* In list mode we print out all records. */
3880 if (listfp && !result)
3882 /* If this is a new ruleset, print a key record. */
3883 if (!is_continuation)
3885 char *group = strchr (key, ':');
3889 if ((p = strchr (group, ':')))
3890 *p = 0; /* We better strip any extra stuff. */
3893 es_fprintf (listfp, "k:%s:", gc_percent_escape (key));
3894 es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3897 /* All other lines are rule records. */
3898 es_fprintf (listfp, "r:::%s:%s:%s:",
3899 gc_component[component_id].name,
3900 option_info->name? option_info->name : "",
3903 es_fprintf (listfp, "\"%s", gc_percent_escape (value));
3905 es_putc ('\n', listfp);
3908 /* Check whether the key matches but do this only if we are not
3909 running in syntax check mode. */
3911 && !result && !listfp
3912 && (got_match || (key && key_matches_user_or_group (key))) )
3918 /* Apply the flags from gpgconf.conf. */
3921 else if (!strcmp (flags, "default"))
3922 newflags |= GC_OPT_FLAG_DEFAULT;
3923 else if (!strcmp (flags, "no-change"))
3924 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3925 else if (!strcmp (flags, "change"))
3926 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3930 /* Here we explicitly allow updating the value again. */
3933 option_info->new_flags = 0;
3937 xfree (option_info->new_value);
3938 option_info->new_value = NULL;
3940 change_one_value (option_info, runtime, newflags, value, 0);
3945 if (length < 0 || gpgrt_ferror (config))
3947 gc_error (0, errno, "error reading from '%s'", fname);
3950 if (gpgrt_fclose (config))
3951 gc_error (0, errno, "error closing '%s'", fname);
3955 /* If it all worked, process the options. */
3956 if (!result && update && defaults && !listfp)
3958 /* We need to switch off the runtime update, so that we can do
3959 it later all at once. */
3960 int save_opt_runtime = opt.runtime;
3963 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3965 gc_component_change_options (component_id, NULL, NULL, 0);
3967 opt.runtime = save_opt_runtime;
3971 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3972 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3973 (*gc_backend[backend_id].runtime_change) (0);
3983 * Apply the profile FNAME to all known configure files.
3986 gc_apply_profile (const char *fname)
3989 char *fname_buffer = NULL;
3991 size_t line_len = 0;
3995 int runtime[GC_BACKEND_NR];
3997 int component_id = -1;
3998 int skip_section = 0;
3999 int error_count = 0;
4005 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
4006 runtime[backend_id] = 0;
4009 if (!(!strcmp (fname, "-")
4010 || strchr (fname, '/')
4011 #ifdef HAVE_W32_SYSTEM
4012 || strchr (fname, '\\')
4014 || strchr (fname, '.')))
4016 /* FNAME looks like a standard profile name. Check whether one
4017 * is installed and use that instead of the given file name. */
4018 fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S,
4019 fname, ".prf", NULL);
4020 if (!access (fname_buffer, F_OK))
4021 fname = fname_buffer;
4024 fp = !strcmp (fname, "-")? es_stdin : es_fopen (fname, "r");
4027 err = gpg_error_from_syserror ();
4028 log_error ("can't open '%s': %s\n", fname, gpg_strerror (err));
4033 log_info ("applying profile '%s'\n", fname);
4036 while ((length = es_read_line (fp, &line, &line_len, NULL)) > 0)
4038 char *name, *flags, *value;
4039 gc_option_t *option_info = NULL;
4044 while (*name == ' ' || *name == '\t')
4046 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
4048 trim_trailing_spaces (name);
4050 /* Check whether this is a new section. */
4055 /* New section: Get the name of the component. */
4056 p = strchr (name, ']');
4060 log_info ("%s:%d:%d: error: syntax error in section tag\n",
4061 fname, lineno, (int)(name - line));
4067 log_info ("%s:%d:%d: warning: garbage after section tag\n",
4068 fname, lineno, (int)(p - line));
4071 component_id = gc_component_find (name);
4072 if (component_id < 0)
4074 log_info ("%s:%d:%d: warning: skipping unknown section '%s'\n",
4075 fname, lineno, (int)(name - line), name );
4083 if (component_id < 0)
4086 log_info ("%s:%d:%d: error: not in a valid section\n",
4087 fname, lineno, (int)(name - line));
4092 /* Parse the option name. */
4093 for (p = name; *p && !spacep (p); p++)
4098 option_info = find_option (component_id, name, GC_BACKEND_ANY);
4102 log_info ("%s:%d:%d: error: unknown option '%s' in section '%s'\n",
4103 fname, lineno, (int)(name - line),
4104 name, gc_component[component_id].name);
4108 /* Parse the optional flags. */
4109 trim_spaces (value);
4114 p = strchr (flags, ']');
4117 log_info ("%s:%d:%d: warning: invalid flag specification\n",
4118 fname, lineno, (int)(p - line));
4123 trim_spaces (value);
4125 else /* No flags given. */
4128 /* Set required defaults. */
4129 if (gc_arg_type[option_info->arg_type].fallback == GC_ARG_TYPE_NONE
4133 /* Check and save this option. */
4135 if (flags && !strcmp (flags, "default"))
4136 newflags |= GC_OPT_FLAG_DEFAULT;
4139 option_info->new_flags = 0;
4142 xfree (option_info->new_value);
4143 option_info->new_value = NULL;
4145 change_one_value (option_info, runtime, newflags, value, 1);
4148 if (length < 0 || es_ferror (fp))
4150 err = gpg_error_from_syserror ();
4152 log_error (_("%s:%u: read error: %s\n"),
4153 fname, lineno, gpg_strerror (err));
4156 log_error (_("error closing '%s'\n"), fname);
4158 log_error (_("error parsing '%s'\n"), fname);
4162 /* If it all worked, process the options. */
4165 /* We need to switch off the runtime update, so that we can do
4166 it later all at once. */
4167 int save_opt_runtime = opt.runtime;
4170 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
4172 gc_component_change_options (component_id, NULL, NULL, 1);
4174 opt.runtime = save_opt_runtime;
4178 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
4179 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
4180 (*gc_backend[backend_id].runtime_change) (0);
4184 xfree (fname_buffer);