1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007, 2008, 2009, 2010,
3 * 2011 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GnuPG; if not, see <http://www.gnu.org/licenses/>.
29 #include <sys/types.h>
38 #ifdef HAVE_W32_SYSTEM
39 # define WIN32_LEAN_AND_MEAN 1
46 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
51 #include "gc-opt-flags.h"
54 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
55 returns a plain filename without escaping. As long as we have not
56 fixed that we need to use gpg2. */
57 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
58 #define GPGNAME "gpg2"
60 #define GPGNAME GPG_NAME
65 Components: Add more components and their options.
66 Robustness: Do more validation. Call programs to do validation for us.
67 Add options to change backend binary path.
68 Extract binary path for some backends from gpgsm/gpg config.
72 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
73 void gc_error (int status, int errnum, const char *fmt, ...) \
74 __attribute__ ((format (printf, 3, 4)));
77 /* Output a diagnostic message. If ERRNUM is not 0, then the output
78 is followed by a colon, a white space, and the error string for the
79 error number ERRNUM. In any case the output is finished by a
80 newline. The message is prepended by the program name, a colon,
81 and a whitespace. The output may be further formatted or
82 redirected by the jnlib logging facility. */
84 gc_error (int status, int errnum, const char *fmt, ...)
88 va_start (arg_ptr, fmt);
89 log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
93 log_printf (": %s\n", strerror (errnum));
100 log_printf ("fatal error (exit status %i)\n", status);
106 /* Forward declaration. */
107 static void gpg_agent_runtime_change (int killflag);
108 static void scdaemon_runtime_change (int killflag);
109 static void dirmngr_runtime_change (int killflag);
111 /* Backend configuration. Backends are used to decide how the default
112 and current value of an option can be determined, and how the
113 option can be changed. To every option in every component belongs
114 exactly one backend that controls and determines the option. Some
115 backends are programs from the GPG system. Others might be
116 implemented by GPGConf itself. If you change this enum, don't
117 forget to update GC_BACKEND below. */
120 /* Any backend, used for find_option (). */
123 /* The Gnu Privacy Guard. */
126 /* The Gnu Privacy Guard for S/MIME. */
130 GC_BACKEND_GPG_AGENT,
132 /* The GnuPG SCDaemon. */
135 /* The GnuPG directory manager. */
138 /* The LDAP server list file for the director manager. */
139 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
141 /* The Pinentry (not a part of GnuPG, proper). */
144 /* The number of the above entries. */
149 /* To be able to implement generic algorithms for the various
150 backends, we collect all information about them in this struct. */
153 /* The name of the backend. */
156 /* The name of the program that acts as the backend. Some backends
157 don't have an associated program, but are implemented directly by
158 GPGConf. In this case, PROGRAM is NULL. */
161 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
162 ../common/util.h. This value is used to get the actual installed
163 path of the program. 0 is used if no backend program is
167 /* The runtime change callback. If KILLFLAG is true the component
168 is killed and not just reloaded. */
169 void (*runtime_change) (int killflag);
171 /* The option name for the configuration filename of this backend.
172 This must be an absolute filename. It can be an option from a
173 different backend (but then ordering of the options might
174 matter). Note: This must be unique among all components. */
175 const char *option_config_filename;
177 /* If this is a file backend rather than a program backend, then
178 this is the name of the option associated with the file. */
179 const char *option_name;
180 } gc_backend[GC_BACKEND_NR] =
182 { NULL }, /* GC_BACKEND_ANY dummy entry. */
183 { GPG_DISP_NAME, GPGNAME, GNUPG_MODULE_NAME_GPG,
184 NULL, GPGCONF_NAME "-" GPG_NAME ".conf" },
185 { GPGSM_DISP_NAME, GPGSM_NAME, GNUPG_MODULE_NAME_GPGSM,
186 NULL, GPGCONF_NAME "-" GPGSM_NAME ".conf" },
187 { GPG_AGENT_DISP_NAME, GPG_AGENT_NAME, GNUPG_MODULE_NAME_AGENT,
188 gpg_agent_runtime_change, GPGCONF_NAME"-" GPG_AGENT_NAME ".conf" },
189 { SCDAEMON_DISP_NAME, SCDAEMON_NAME, GNUPG_MODULE_NAME_SCDAEMON,
190 scdaemon_runtime_change, GPGCONF_NAME"-" SCDAEMON_NAME ".conf" },
191 { DIRMNGR_DISP_NAME, DIRMNGR_NAME, GNUPG_MODULE_NAME_DIRMNGR,
192 dirmngr_runtime_change, GPGCONF_NAME "-" DIRMNGR_NAME ".conf" },
193 { DIRMNGR_DISP_NAME " LDAP Server List", NULL, 0,
194 NULL, "ldapserverlist-file", "LDAP Server" },
195 { "Pinentry", "pinentry", GNUPG_MODULE_NAME_PINENTRY,
196 NULL, GPGCONF_NAME "-pinentry.conf" },
200 /* Option configuration. */
202 /* An option might take an argument, or not. Argument types can be
203 basic or complex. Basic types are generic and easy to validate.
204 Complex types provide more specific information about the intended
205 use, but can be difficult to validate. If you add to this enum,
206 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
207 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
211 /* Basic argument types. */
214 GC_ARG_TYPE_NONE = 0,
216 /* A String argument. */
217 GC_ARG_TYPE_STRING = 1,
219 /* A signed integer argument. */
220 GC_ARG_TYPE_INT32 = 2,
222 /* An unsigned integer argument. */
223 GC_ARG_TYPE_UINT32 = 3,
225 /* ADD NEW BASIC TYPE ENTRIES HERE. */
227 /* Complex argument types. */
229 /* A complete filename. */
230 GC_ARG_TYPE_FILENAME = 32,
232 /* An LDAP server in the format
233 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
234 GC_ARG_TYPE_LDAP_SERVER = 33,
236 /* A 40 character fingerprint. */
237 GC_ARG_TYPE_KEY_FPR = 34,
239 /* A user ID or key ID or fingerprint for a certificate. */
240 GC_ARG_TYPE_PUB_KEY = 35,
242 /* A user ID or key ID or fingerprint for a certificate with a key. */
243 GC_ARG_TYPE_SEC_KEY = 36,
245 /* A alias list made up of a key, an equal sign and a space
246 separated list of values. */
247 GC_ARG_TYPE_ALIAS_LIST = 37,
249 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
251 /* The number of the above entries. */
256 /* For every argument, we record some information about it in the
260 /* For every argument type exists a basic argument type that can be
261 used as a fallback for input and validation purposes. */
262 gc_arg_type_t fallback;
264 /* Human-readable name of the type. */
266 } gc_arg_type[GC_ARG_TYPE_NR] =
268 /* The basic argument types have their own types as fallback. */
269 { GC_ARG_TYPE_NONE, "none" },
270 { GC_ARG_TYPE_STRING, "string" },
271 { GC_ARG_TYPE_INT32, "int32" },
272 { GC_ARG_TYPE_UINT32, "uint32" },
274 /* Reserved basic type entries for future extension. */
275 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
282 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
284 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
285 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
286 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
287 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
288 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
290 /* The complex argument types have a basic type as fallback. */
291 { GC_ARG_TYPE_STRING, "filename" },
292 { GC_ARG_TYPE_STRING, "ldap server" },
293 { GC_ARG_TYPE_STRING, "key fpr" },
294 { GC_ARG_TYPE_STRING, "pub key" },
295 { GC_ARG_TYPE_STRING, "sec key" },
296 { GC_ARG_TYPE_STRING, "alias list" },
300 /* Every option has an associated expert level, than can be used to
301 hide advanced and expert options from beginners. If you add to
302 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
303 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
304 EXTERNAL INTERFACE. */
307 /* The basic options should always be displayed. */
310 /* The advanced options may be hidden from beginners. */
313 /* The expert options should only be displayed to experts. */
316 /* The invisible options should normally never be displayed. */
319 /* The internal options are never exported, they mark options that
320 are recorded for internal use only. */
323 /* ADD NEW ENTRIES HERE. */
325 /* The number of the above entries. */
329 /* A description for each expert level. */
343 /* Option flags. The flags which are used by the backends are defined
344 by gc-opt-flags.h, included above.
346 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
347 PART OF THE EXTERNAL INTERFACE. */
349 /* Some entries in the option list are not options, but mark the
350 beginning of a new group of options. These entries have the GROUP
352 #define GC_OPT_FLAG_GROUP (1UL << 0)
353 /* The ARG_OPT flag for an option indicates that the argument is
354 optional. This is never set for GC_ARG_TYPE_NONE options. */
355 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
356 /* The LIST flag for an option indicates that the option can occur
357 several times. A comma separated list of arguments is used as the
359 #define GC_OPT_FLAG_LIST (1UL << 2)
362 /* A human-readable description for each flag. */
379 /* To each option, or group marker, the information in the GC_OPTION
380 struct is provided. If you change this, don't forget to update the
381 option list of each component. */
384 /* If this is NULL, then this is a terminator in an array of unknown
385 length. Otherwise, if this entry is a group marker (see FLAGS),
386 then this is the name of the group described by this entry.
387 Otherwise it is the name of the option described by this
388 entry. The name must not contain a colon. */
391 /* The option flags. If the GROUP flag is set, then this entry is a
392 group marker, not an option, and only the fields LEVEL,
393 DESC_DOMAIN and DESC are valid. In all other cases, this entry
394 describes a new option and all fields are valid. */
397 /* The expert level. This field is valid for options and groups. A
398 group has the expert level of the lowest-level option in the
400 gc_expert_level_t level;
402 /* A gettext domain in which the following description can be found.
403 If this is NULL, then DESC is not translated. Valid for groups
406 Note that we try to keep the description of groups within the
409 IMPORTANT: If you add a new domain please make sure to add a code
410 set switching call to the function my_dgettext further below. */
411 const char *desc_domain;
413 /* A gettext description for this group or option. If it starts
414 with a '|', then the string up to the next '|' describes the
415 argument, and the description follows the second '|'.
417 In general enclosing these description in N_() is not required
418 because the description should be identical to the one in the
419 help menu of the respective program. */
422 /* The following fields are only valid for options. */
424 /* The type of the option argument. */
425 gc_arg_type_t arg_type;
427 /* The backend that implements this option. */
428 gc_backend_t backend;
430 /* The following fields are set to NULL at startup (because all
431 option's are declared as static variables). They are at the end
432 of the list so that they can be omitted from the option
435 /* This is true if the option is supported by this version of the
439 /* The default value for this option. This is NULL if the option is
440 not present in the backend, the empty string if no default is
441 available, and otherwise a quoted string. */
444 /* The default argument is only valid if the "optional arg" flag is
445 set, and specifies the default argument (value) that is used if
446 the argument is omitted. */
449 /* The current value of this option. */
452 /* The new flags for this option. The only defined flag is actually
453 GC_OPT_FLAG_DEFAULT, and it means that the option should be
454 deleted. In this case, NEW_VALUE is NULL. */
455 unsigned long new_flags;
457 /* The new value of this option. */
460 typedef struct gc_option gc_option_t;
462 /* Use this macro to terminate an option list. */
463 #define GC_OPTION_NULL { NULL }
466 #ifndef BUILD_WITH_AGENT
467 #define gc_options_gpg_agent NULL
469 /* The options of the GC_COMPONENT_GPG_AGENT component. */
470 static gc_option_t gc_options_gpg_agent[] =
472 /* The configuration file to which we write the changes. */
473 { GPGCONF_NAME"-" GPG_AGENT_NAME ".conf",
474 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
475 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
478 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
479 "gnupg", N_("Options controlling the diagnostic output") },
480 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
482 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
483 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
484 "gnupg", "be somewhat more quiet",
485 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
486 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
488 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
491 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
492 "gnupg", N_("Options controlling the configuration") },
493 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
494 "gnupg", "|FILE|read options from FILE",
495 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
496 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
497 "gnupg", "do not use the SCdaemon",
498 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
499 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
500 "gnupg", "enable ssh support",
501 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
502 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
503 "gnupg", "enable putty support",
504 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
507 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
508 "gnupg", N_("Options useful for debugging") },
509 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
510 "gnupg", "|LEVEL|set the debugging level to LEVEL",
511 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
512 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
513 "gnupg", N_("|FILE|write server mode logs to FILE"),
514 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
515 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
517 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
520 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
521 "gnupg", N_("Options controlling the security") },
522 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
523 GC_LEVEL_BASIC, "gnupg",
524 "|N|expire cached PINs after N seconds",
525 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
526 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
527 GC_LEVEL_ADVANCED, "gnupg",
528 N_("|N|expire SSH keys after N seconds"),
529 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
530 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
531 GC_LEVEL_EXPERT, "gnupg",
532 N_("|N|set maximum PIN cache lifetime to N seconds"),
533 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
534 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
535 GC_LEVEL_EXPERT, "gnupg",
536 N_("|N|set maximum SSH key lifetime to N seconds"),
537 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
538 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
539 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
540 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
541 { "allow-emacs-pinentry", GC_OPT_FLAG_RUNTIME,
543 "gnupg", "allow passphrase to be prompted through Emacs",
544 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
545 { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
546 GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
547 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
548 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
549 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
550 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
551 { "allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
552 GC_LEVEL_EXPERT, "gnupg", "allow caller to override the pinentry",
553 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
554 { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
555 "gnupg", "do not grab keyboard and mouse",
556 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
558 { "Passphrase policy",
559 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
560 "gnupg", N_("Options enforcing a passphrase policy") },
561 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
562 GC_LEVEL_EXPERT, "gnupg",
563 N_("do not allow to bypass the passphrase policy"),
564 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
565 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
566 GC_LEVEL_ADVANCED, "gnupg",
567 N_("|N|set minimal required length for new passphrases to N"),
568 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
569 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
570 GC_LEVEL_EXPERT, "gnupg",
571 N_("|N|require at least N non-alpha characters for a new passphrase"),
572 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
573 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
575 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
576 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
577 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
578 GC_LEVEL_EXPERT, "gnupg",
579 N_("|N|expire the passphrase after N days"),
580 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
581 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
582 GC_LEVEL_EXPERT, "gnupg",
583 N_("do not allow the reuse of old passphrases"),
584 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
588 #endif /*BUILD_WITH_AGENT*/
591 #ifndef BUILD_WITH_SCDAEMON
592 #define gc_options_scdaemon NULL
594 /* The options of the GC_COMPONENT_SCDAEMON component. */
595 static gc_option_t gc_options_scdaemon[] =
597 /* The configuration file to which we write the changes. */
598 { GPGCONF_NAME"-"SCDAEMON_NAME".conf",
599 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
600 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
603 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
604 "gnupg", N_("Options controlling the diagnostic output") },
605 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
607 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
608 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
609 "gnupg", "be somewhat more quiet",
610 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
611 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
613 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
616 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
617 "gnupg", N_("Options controlling the configuration") },
618 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
619 "gnupg", "|FILE|read options from FILE",
620 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
621 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
622 "gnupg", "|N|connect to reader at port N",
623 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
624 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
625 "gnupg", "|NAME|use NAME as ct-API driver",
626 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
627 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
628 "gnupg", "|NAME|use NAME as PC/SC driver",
629 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
630 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
631 "gnupg", "do not use the internal CCID driver",
632 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
633 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
634 "gnupg", "do not use a reader's pinpad",
635 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
636 { "enable-pinpad-varlen",
637 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
638 "gnupg", "use variable length input for pinpad",
639 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
640 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
641 "gnupg", "|N|disconnect the card after N seconds of inactivity",
642 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
645 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
646 "gnupg", N_("Options useful for debugging") },
647 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
648 "gnupg", "|LEVEL|set the debugging level to LEVEL",
649 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
650 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
651 "gnupg", N_("|FILE|write a log to FILE"),
652 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
655 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
656 "gnupg", N_("Options controlling the security") },
657 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
658 "gnupg", "deny the use of admin card commands",
659 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
664 #endif /*BUILD_WITH_SCDAEMON*/
666 #ifndef BUILD_WITH_GPG
667 #define gc_options_gpg NULL
669 /* The options of the GC_COMPONENT_GPG component. */
670 static gc_option_t gc_options_gpg[] =
672 /* The configuration file to which we write the changes. */
673 { GPGCONF_NAME"-"GPG_NAME".conf",
674 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
675 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
678 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
679 "gnupg", N_("Options controlling the diagnostic output") },
680 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
682 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
683 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
684 "gnupg", "be somewhat more quiet",
685 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
686 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
688 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
691 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
692 "gnupg", N_("Options controlling the configuration") },
693 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
694 "gnupg", N_("|NAME|use NAME as default secret key"),
695 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
696 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
697 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
698 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
699 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
700 "gnupg", N_("|SPEC|set up email aliases"),
701 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
702 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
703 "gnupg", "|FILE|read options from FILE",
704 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
705 { "default_pubkey_algo",
706 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
708 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
712 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
713 "gnupg", N_("Options useful for debugging") },
714 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
715 "gnupg", "|LEVEL|set the debugging level to LEVEL",
716 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
717 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
718 "gnupg", N_("|FILE|write server mode logs to FILE"),
719 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
720 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
722 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
725 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
726 "gnupg", N_("Configuration for Keyservers") },
727 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
728 "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
729 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
730 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
731 "gnupg", N_("allow PKA lookups (DNS requests)"),
732 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
733 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
734 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
735 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
740 #endif /*BUILD_WITH_GPG*/
743 #ifndef BUILD_WITH_GPGSM
744 #define gc_options_gpgsm NULL
746 /* The options of the GC_COMPONENT_GPGSM component. */
747 static gc_option_t gc_options_gpgsm[] =
749 /* The configuration file to which we write the changes. */
750 { GPGCONF_NAME"-"GPGSM_NAME".conf",
751 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
752 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
755 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
756 "gnupg", N_("Options controlling the diagnostic output") },
757 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
759 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
760 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
761 "gnupg", "be somewhat more quiet",
762 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
763 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
765 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
768 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
769 "gnupg", N_("Options controlling the configuration") },
770 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
771 "gnupg", N_("|NAME|use NAME as default secret key"),
772 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
773 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
774 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
775 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
776 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
777 "gnupg", "|FILE|read options from FILE",
778 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
779 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
780 "gnupg", "use system's dirmngr if available",
781 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
782 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
783 "gnupg", N_("disable all access to the dirmngr"),
784 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
785 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
786 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
787 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
788 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
789 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
790 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
791 { "default_pubkey_algo",
792 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
794 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
797 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
798 "gnupg", N_("Options useful for debugging") },
799 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
800 "gnupg", "|LEVEL|set the debugging level to LEVEL",
801 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
802 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
803 "gnupg", N_("|FILE|write server mode logs to FILE"),
804 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
805 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
807 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
810 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
811 "gnupg", N_("Options controlling the security") },
812 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
813 "gnupg", "never consult a CRL",
814 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
815 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
816 "gnupg", N_("do not check CRLs for root certificates"),
817 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
818 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
819 "gnupg", "check validity using OCSP",
820 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
821 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
822 "gnupg", "|N|number of certificates to include",
823 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
824 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
825 "gnupg", "do not check certificate policies",
826 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
827 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
828 "gnupg", "fetch missing issuer certificates",
829 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
830 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
831 "gnupg", "|NAME|use cipher algorithm NAME",
832 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
836 #endif /*BUILD_WITH_GPGSM*/
839 #ifndef BUILD_WITH_DIRMNGR
840 #define gc_options_dirmngr NULL
842 /* The options of the GC_COMPONENT_DIRMNGR component. */
843 static gc_option_t gc_options_dirmngr[] =
845 /* The configuration file to which we write the changes. */
846 { GPGCONF_NAME"-"DIRMNGR_NAME".conf",
847 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
848 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
851 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
852 "gnupg", N_("Options controlling the diagnostic output") },
853 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
854 "dirmngr", "verbose",
855 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
856 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
857 "dirmngr", "be somewhat more quiet",
858 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
859 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
861 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
864 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
865 "gnupg", N_("Options controlling the format of the output") },
866 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
867 "dirmngr", "sh-style command output",
868 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
869 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
870 "dirmngr", "csh-style command output",
871 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
874 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
875 "gnupg", N_("Options controlling the configuration") },
876 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
877 "dirmngr", "|FILE|read options from FILE",
878 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
881 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
882 "gnupg", N_("Options useful for debugging") },
883 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
884 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
885 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
886 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
887 "dirmngr", "do not detach from the console",
888 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
889 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
890 "dirmngr", N_("|FILE|write server mode logs to FILE"),
891 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
892 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
894 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
895 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
897 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
900 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
901 "gnupg", N_("Options controlling the interactivity and enforcement") },
902 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
903 "dirmngr", "run without asking a user",
904 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
905 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
906 "dirmngr", "force loading of outdated CRLs",
907 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
910 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
911 "gnupg", N_("Options controlling the use of TOR") },
912 { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
913 "dirmngr", "route all network traffic via TOR",
914 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
917 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
918 "gnupg", N_("Configuration for Keyservers") },
919 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
920 "gnupg", N_("|URL|use keyserver at URL"),
921 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
924 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
925 "gnupg", N_("Configuration for HTTP servers") },
926 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
927 "dirmngr", "inhibit the use of HTTP",
928 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
929 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
930 "dirmngr", "ignore HTTP CRL distribution points",
931 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
932 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
933 "dirmngr", "|URL|redirect all HTTP requests to URL",
934 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
935 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
936 "gnupg", N_("use system's HTTP proxy setting"),
937 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
940 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
941 "gnupg", N_("Configuration of LDAP servers to use") },
942 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
943 "dirmngr", "inhibit the use of LDAP",
944 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
945 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
946 "dirmngr", "ignore LDAP CRL distribution points",
947 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
948 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
949 "dirmngr", "|HOST|use HOST for LDAP queries",
950 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
951 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
952 "dirmngr", "do not use fallback hosts with --ldap-proxy",
953 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
954 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
955 "dirmngr", "add new servers discovered in CRL distribution points"
956 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
957 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
958 "dirmngr", "|N|set LDAP timeout to N seconds",
959 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
960 /* The following entry must not be removed, as it is required for
961 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
962 { "ldapserverlist-file",
963 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
964 "dirmngr", "|FILE|read LDAP server list from FILE",
965 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
966 /* This entry must come after at least one entry for
967 GC_BACKEND_DIRMNGR in this component, so that the entry for
968 "ldapserverlist-file will be initialized before this one. */
969 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
970 "gnupg", N_("LDAP server list"),
971 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
972 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
973 "dirmngr", "|N|do not return more than N items in one query",
974 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
977 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
978 "gnupg", N_("Configuration for OCSP") },
979 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
980 "dirmngr", "allow sending OCSP requests",
981 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
982 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
983 "dirmngr", "ignore certificate contained OCSP service URLs",
984 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
985 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
986 "dirmngr", "|URL|use OCSP responder at URL",
987 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
988 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
989 "dirmngr", "|FPR|OCSP response signed by FPR",
990 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
995 #endif /*BUILD_WITH_DIRMNGR*/
998 /* The options of the GC_COMPONENT_PINENTRY component. */
999 static gc_option_t gc_options_pinentry[] =
1001 /* A dummy option to allow gc_component_list_components to find the
1002 pinentry backend. Needs to be a conf file. */
1003 { GPGCONF_NAME"-pinentry.conf",
1004 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1005 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_PINENTRY },
1012 /* Component system. Each component is a set of options that can be
1013 configured at the same time. If you change this, don't forget to
1014 update GC_COMPONENT below. */
1017 /* The classic GPG for OpenPGP. */
1020 /* The GPG Agent. */
1021 GC_COMPONENT_GPG_AGENT,
1023 /* The Smardcard Daemon. */
1024 GC_COMPONENT_SCDAEMON,
1026 /* GPG for S/MIME. */
1029 /* The LDAP Directory Manager for CRLs. */
1030 GC_COMPONENT_DIRMNGR,
1032 /* The external Pinentry. */
1033 GC_COMPONENT_PINENTRY,
1035 /* The number of components. */
1040 /* The information associated with each component. */
1043 /* The name of this component. Must not contain a colon (':')
1047 /* The gettext domain for the description DESC. If this is NULL,
1048 then the description is not translated. */
1049 const char *desc_domain;
1051 /* The description for this domain. */
1054 /* The list of options for this component, terminated by
1056 gc_option_t *options;
1059 { "gpg", "gnupg", N_("GPG for OpenPGP"), gc_options_gpg },
1060 { "gpg-agent","gnupg", N_("GPG Agent"), gc_options_gpg_agent },
1061 { "scdaemon", "gnupg", N_("Smartcard Daemon"), gc_options_scdaemon },
1062 { "gpgsm", "gnupg", N_("GPG for S/MIME"), gc_options_gpgsm },
1063 { "dirmngr", "gnupg", N_("Key Acquirer"), gc_options_dirmngr },
1064 { "pinentry", "gnupg", N_("PIN and Passphrase Entry"), gc_options_pinentry }
1069 /* Structure used to collect error output of the backend programs. */
1070 struct error_line_s;
1071 typedef struct error_line_s *error_line_t;
1074 error_line_t next; /* Link to next item. */
1075 const char *fname; /* Name of the config file (points into BUFFER). */
1076 unsigned int lineno; /* Line number of the config file. */
1077 const char *errtext; /* Text of the error message (points into BUFFER). */
1078 char buffer[1]; /* Helper buffer. */
1083 /* Engine specific support. */
1085 gpg_agent_runtime_change (int killflag)
1088 const char *pgmname;
1089 const char *argv[3];
1092 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1093 argv[0] = "--no-autostart";
1094 argv[1] = killflag? "KILLAGENT" : "RELOADAGENT";
1097 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1099 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1101 gc_error (0, 0, "error running '%s %s': %s",
1102 pgmname, argv[1], gpg_strerror (err));
1103 gnupg_release_process (pid);
1108 scdaemon_runtime_change (int killflag)
1111 const char *pgmname;
1112 const char *argv[7];
1115 (void)killflag; /* For scdaemon kill and reload are synonyms. */
1117 /* We use "GETINFO app_running" to see whether the agent is already
1118 running and kill it only in this case. This avoids an explicit
1119 starting of the agent in case it is not yet running. There is
1120 obviously a race condition but that should not harm too much. */
1122 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1124 argv[1] = "--no-autostart";
1125 argv[2] = "GETINFO scd_running";
1126 argv[3] = "/if ${! $?}";
1127 argv[4] = "scd killscd";
1131 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1133 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1135 gc_error (0, 0, "error running '%s %s': %s",
1136 pgmname, argv[4], gpg_strerror (err));
1137 gnupg_release_process (pid);
1142 dirmngr_runtime_change (int killflag)
1145 const char *pgmname;
1146 const char *argv[4];
1149 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1150 argv[0] = "--no-autostart";
1151 argv[1] = "--dirmngr";
1152 argv[2] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
1155 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1157 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1159 gc_error (0, 0, "error running '%s %s': %s",
1160 pgmname, argv[2], gpg_strerror (err));
1161 gnupg_release_process (pid);
1165 /* Launch the gpg-agent or the dirmngr if not already running. */
1167 gc_component_launch (int component)
1170 const char *pgmname;
1171 const char *argv[3];
1175 if (!(component == GC_COMPONENT_GPG_AGENT
1176 || component == GC_COMPONENT_DIRMNGR))
1178 es_fputs (_("Component not suitable for launching"), es_stderr);
1179 es_putc ('\n', es_stderr);
1183 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1185 if (component == GC_COMPONENT_DIRMNGR)
1186 argv[i++] = "--dirmngr";
1190 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1192 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1194 gc_error (0, 0, "error running '%s%s%s': %s",
1196 component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
1198 gpg_strerror (err));
1199 gnupg_release_process (pid);
1204 /* Unconditionally restart COMPONENT. */
1206 gc_component_kill (int component)
1208 int runtime[GC_BACKEND_NR];
1209 gc_option_t *option;
1210 gc_backend_t backend;
1212 /* Set a flag for the backends to be reloaded. */
1213 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1214 runtime[backend] = 0;
1218 assert (component < GC_COMPONENT_NR);
1219 option = gc_component[component].options;
1220 for (; option && option->name; option++)
1221 runtime[option->backend] = 1;
1224 /* Do the restart for the selected backends. */
1225 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1227 if (runtime[backend] && gc_backend[backend].runtime_change)
1228 (*gc_backend[backend].runtime_change) (1);
1233 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1235 gc_component_reload (int component)
1237 int runtime[GC_BACKEND_NR];
1238 gc_option_t *option;
1239 gc_backend_t backend;
1241 /* Set a flag for the backends to be reloaded. */
1242 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1243 runtime[backend] = 0;
1245 if (component == -1)
1247 for (component = 0; component < GC_COMPONENT_NR; component++)
1249 option = gc_component[component].options;
1250 for (; option && option->name; option++)
1251 runtime[option->backend] = 1;
1256 assert (component < GC_COMPONENT_NR);
1257 option = gc_component[component].options;
1258 for (; option && option->name; option++)
1259 runtime[option->backend] = 1;
1262 /* Do the reload for all selected backends. */
1263 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1265 if (runtime[backend] && gc_backend[backend].runtime_change)
1266 (*gc_backend[backend].runtime_change) (0);
1272 /* More or less Robust version of dgettext. It has the side effect of
1273 switching the codeset to utf-8 because this is what we want to
1274 output. In theory it is posible to keep the orginal code set and
1275 switch back for regular disgnostic output (redefine "_(" for that)
1276 but given the natur of this tool, being something invoked from
1277 other pograms, it does not make much sense. */
1279 my_dgettext (const char *domain, const char *msgid)
1281 #ifdef USE_SIMPLE_GETTEXT
1284 static int switched_codeset;
1287 if (!switched_codeset)
1289 switched_codeset = 1;
1290 gettext_use_utf8 (1);
1293 if (!strcmp (domain, "gnupg"))
1294 domain = PACKAGE_GT;
1296 /* FIXME: we have no dgettext, thus we can't switch. */
1298 text = (char*)gettext (msgid);
1299 return text ? text : msgid;
1303 #elif defined(ENABLE_NLS)
1306 static int switched_codeset;
1309 if (!switched_codeset)
1311 switched_codeset = 1;
1312 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1314 bindtextdomain (DIRMNGR_NAME, LOCALEDIR);
1315 bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
1319 /* Note: This is a hack to actually use the gnupg2 domain as
1320 long we are in a transition phase where gnupg 1.x and 1.9 may
1322 if (!strcmp (domain, "gnupg"))
1323 domain = PACKAGE_GT;
1325 text = dgettext (domain, msgid);
1326 return text ? text : msgid;
1337 /* Percent-Escape special characters. The string is valid until the
1338 next invocation of the function. */
1340 gc_percent_escape (const char *src)
1342 static char *esc_str;
1343 static int esc_str_len;
1344 int new_len = 3 * strlen (src) + 1;
1347 if (esc_str_len < new_len)
1349 char *new_esc_str = realloc (esc_str, new_len);
1351 gc_error (1, errno, "can not escape string");
1352 esc_str = new_esc_str;
1353 esc_str_len = new_len;
1365 else if (*src == ':')
1367 /* The colon is used as field separator. */
1372 else if (*src == ',')
1374 /* The comma is used as list separator. */
1389 /* Percent-Deescape special characters. The string is valid until the
1390 next invocation of the function. */
1392 percent_deescape (const char *src)
1396 int new_len = 3 * strlen (src) + 1;
1399 if (str_len < new_len)
1401 char *new_str = realloc (str, new_len);
1403 gc_error (1, errno, "can not deescape string");
1413 int val = hextobyte (src + 1);
1416 gc_error (1, 0, "malformed end of string %s", src);
1418 *(dst++) = (char) val;
1422 *(dst++) = *(src++);
1429 /* List all components that are available. */
1431 gc_component_list_components (estream_t out)
1433 gc_component_t component;
1434 gc_option_t *option;
1435 gc_backend_t backend;
1436 int backend_seen[GC_BACKEND_NR];
1438 const char *pgmname;
1440 for (component = 0; component < GC_COMPONENT_NR; component++)
1442 option = gc_component[component].options;
1445 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1446 backend_seen[backend] = 0;
1449 for (; option && option->name; option++)
1451 if ((option->flags & GC_OPT_FLAG_GROUP))
1453 backend = option->backend;
1454 if (backend_seen[backend])
1456 backend_seen[backend] = 1;
1457 assert (backend != GC_BACKEND_ANY);
1458 if (gc_backend[backend].program
1459 && !gc_backend[backend].module_name)
1461 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1465 desc = gc_component[component].desc;
1466 desc = my_dgettext (gc_component[component].desc_domain, desc);
1467 es_fprintf (out, "%s:%s:",
1468 gc_component[component].name, gc_percent_escape (desc));
1469 es_fprintf (out, "%s\n", gc_percent_escape (pgmname));
1477 all_digits_p (const char *p, size_t len)
1481 for (; len; len--, p++)
1482 if (!isascii (*p) || !isdigit (*p))
1484 return 1; /* Yes. */
1488 /* Collect all error lines from stream FP. Only lines prefixed with
1489 TAG are considered. Returns a list of error line items (which may
1490 be empty). There is no error return. */
1492 collect_error_output (estream_t fp, const char *tag)
1498 error_line_t eitem, errlines, *errlines_tail;
1499 size_t taglen = strlen (tag);
1502 errlines_tail = &errlines;
1505 while ((c=es_getc (fp)) != EOF)
1508 if (pos >= sizeof buffer - 5 || c == '\n')
1510 buffer[pos - (c == '\n')] = 0;
1512 ; /*Ignore continuations of previous line. */
1513 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1515 /* "gpgsm: foo:4: bla" */
1516 /* Yep, we are interested in this line. */
1517 p = buffer + taglen + 1;
1518 while (*p == ' ' || *p == '\t')
1520 trim_trailing_spaces (p); /* Get rid of extra CRs. */
1522 ; /* Empty lines are ignored. */
1523 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1524 && all_digits_p (p2+1, p3 - (p2+1)))
1526 /* Line in standard compiler format. */
1528 while (*p3 == ' ' || *p3 == '\t')
1530 eitem = xmalloc (sizeof *eitem + strlen (p));
1532 strcpy (eitem->buffer, p);
1533 eitem->fname = eitem->buffer;
1534 eitem->buffer[p2-p] = 0;
1535 eitem->errtext = eitem->buffer + (p3 - p);
1536 /* (we already checked that there are only ascii
1537 digits followed by a colon) */
1539 for (p2++; isdigit (*p2); p2++)
1540 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1541 *errlines_tail = eitem;
1542 errlines_tail = &eitem->next;
1546 /* Other error output. */
1547 eitem = xmalloc (sizeof *eitem + strlen (p));
1549 strcpy (eitem->buffer, p);
1550 eitem->fname = NULL;
1551 eitem->errtext = eitem->buffer;
1553 *errlines_tail = eitem;
1554 errlines_tail = &eitem->next;
1558 /* If this was not a complete line mark that we are in a
1560 cont_line = (c != '\n');
1564 /* We ignore error lines not terminated by a LF. */
1569 /* Check the options of a single component. Returns 0 if everything
1572 gc_component_check_options (int component, estream_t out, const char *conf_file)
1575 unsigned int result;
1576 int backend_seen[GC_BACKEND_NR];
1577 gc_backend_t backend;
1578 gc_option_t *option;
1579 const char *pgmname;
1580 const char *argv[4];
1585 error_line_t errlines;
1587 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1588 backend_seen[backend] = 0;
1590 option = gc_component[component].options;
1591 for (; option && option->name; option++)
1593 if ((option->flags & GC_OPT_FLAG_GROUP))
1595 backend = option->backend;
1596 if (backend_seen[backend])
1598 backend_seen[backend] = 1;
1599 assert (backend != GC_BACKEND_ANY);
1600 if (!gc_backend[backend].program)
1602 if (!gc_backend[backend].module_name)
1607 if (! option || ! option->name)
1610 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1614 argv[i++] = "--options";
1615 argv[i++] = conf_file;
1617 if (component == GC_COMPONENT_PINENTRY)
1618 argv[i++] = "--version";
1620 argv[i++] = "--gpgconf-test";
1625 err = gnupg_spawn_process (pgmname, argv, GPG_ERR_SOURCE_DEFAULT, NULL, 0,
1626 NULL, NULL, &errfp, &pid);
1628 result |= 1; /* Program could not be run. */
1631 errlines = collect_error_output (errfp,
1632 gc_component[component].name);
1633 if (gnupg_wait_process (pgmname, pid, 1, &exitcode))
1636 result |= 1; /* Program could not be run or it
1637 terminated abnormally. */
1638 result |= 2; /* Program returned an error. */
1640 gnupg_release_process (pid);
1644 /* If the program could not be run, we can't tell whether
1645 the config file is good. */
1652 error_line_t errptr;
1654 desc = gc_component[component].desc;
1655 desc = my_dgettext (gc_component[component].desc_domain, desc);
1656 es_fprintf (out, "%s:%s:",
1657 gc_component[component].name, gc_percent_escape (desc));
1658 es_fputs (gc_percent_escape (pgmname), out);
1659 es_fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1660 for (errptr = errlines; errptr; errptr = errptr->next)
1662 if (errptr != errlines)
1663 es_fputs ("\n:::::", out); /* Continuation line. */
1665 es_fputs (gc_percent_escape (errptr->fname), out);
1668 es_fprintf (out, "%u", errptr->lineno);
1670 es_fputs (gc_percent_escape (errptr->errtext), out);
1673 es_putc ('\n', out);
1678 error_line_t tmp = errlines->next;
1688 /* Check all components that are available. */
1690 gc_check_programs (estream_t out)
1692 gc_component_t component;
1694 for (component = 0; component < GC_COMPONENT_NR; component++)
1695 gc_component_check_options (component, out, NULL);
1700 /* Find the component with the name NAME. Returns -1 if not
1703 gc_component_find (const char *name)
1707 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1709 if (gc_component[idx].options
1710 && !strcmp (name, gc_component[idx].name))
1717 /* List the option OPTION. */
1719 list_one_option (const gc_option_t *option, estream_t out)
1721 const char *desc = NULL;
1722 char *arg_name = NULL;
1726 desc = my_dgettext (option->desc_domain, option->desc);
1730 const char *arg_tail = strchr (&desc[1], '|');
1734 int arg_len = arg_tail - &desc[1];
1735 arg_name = xmalloc (arg_len + 1);
1736 memcpy (arg_name, &desc[1], arg_len);
1737 arg_name[arg_len] = '\0';
1738 desc = arg_tail + 1;
1744 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1745 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1748 /* The name field. */
1749 es_fprintf (out, "%s", option->name);
1751 /* The flags field. */
1752 es_fprintf (out, ":%lu", option->flags);
1758 es_fprintf (out, "none");
1761 unsigned long flags = option->flags;
1762 unsigned long flag = 0;
1763 unsigned long first = 1;
1773 es_fprintf (out, "%s", gc_flag[flag].name);
1781 /* The level field. */
1782 es_fprintf (out, ":%u", option->level);
1784 es_fprintf (out, " %s", gc_level[option->level].name);
1786 /* The description field. */
1787 es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1789 /* The type field. */
1790 es_fprintf (out, ":%u", option->arg_type);
1792 es_fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1794 /* The alternate type field. */
1795 es_fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1797 es_fprintf (out, " %s",
1798 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1800 /* The argument name field. */
1801 es_fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1804 /* The default value field. */
1805 es_fprintf (out, ":%s", option->default_value ? option->default_value : "");
1807 /* The default argument field. */
1808 es_fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1810 /* The value field. */
1811 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1812 && (option->flags & GC_OPT_FLAG_LIST)
1814 /* The special format "1,1,1,1,...,1" is converted to a number
1816 es_fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1818 es_fprintf (out, ":%s", option->value ? option->value : "");
1820 /* ADD NEW FIELDS HERE. */
1822 es_putc ('\n', out);
1826 /* List all options of the component COMPONENT. */
1828 gc_component_list_options (int component, estream_t out)
1830 const gc_option_t *option = gc_component[component].options;
1832 while (option && option->name)
1834 /* Do not output unknown or internal options. */
1835 if (!(option->flags & GC_OPT_FLAG_GROUP)
1836 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1842 if (option->flags & GC_OPT_FLAG_GROUP)
1844 const gc_option_t *group_option = option + 1;
1845 gc_expert_level_t level = GC_LEVEL_NR;
1847 /* The manual states that the group level is always the
1848 minimum of the levels of all contained options. Due to
1849 different active options, and because it is hard to
1850 maintain manually, we calculate it here. The value in
1851 the global static table is ignored. */
1853 while (group_option->name)
1855 if (group_option->flags & GC_OPT_FLAG_GROUP)
1857 if (group_option->level < level)
1858 level = group_option->level;
1862 /* Check if group is empty. */
1863 if (level != GC_LEVEL_NR)
1865 gc_option_t opt_copy;
1867 /* Fix up the group level. */
1868 memcpy (&opt_copy, option, sizeof (opt_copy));
1869 opt_copy.level = level;
1870 list_one_option (&opt_copy, out);
1874 list_one_option (option, out);
1881 /* Find the option NAME in component COMPONENT, for the backend
1882 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
1883 static gc_option_t *
1884 find_option (gc_component_t component, const char *name,
1885 gc_backend_t backend)
1887 gc_option_t *option = gc_component[component].options;
1888 while (option->name)
1890 if (!(option->flags & GC_OPT_FLAG_GROUP)
1891 && !strcmp (option->name, name)
1892 && (backend == GC_BACKEND_ANY || option->backend == backend))
1896 return option->name ? option : NULL;
1900 /* Determine the configuration filename for the component COMPONENT
1901 and backend BACKEND. */
1903 get_config_filename (gc_component_t component, gc_backend_t backend)
1905 char *filename = NULL;
1906 gc_option_t *option = find_option
1907 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
1909 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
1910 assert (!(option->flags & GC_OPT_FLAG_LIST));
1912 if (!option->active || !option->default_value)
1913 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
1914 gc_backend[backend].option_config_filename,
1915 gc_backend[backend].name);
1917 if (option->value && *option->value)
1918 filename = percent_deescape (&option->value[1]);
1919 else if (option->default_value && *option->default_value)
1920 filename = percent_deescape (&option->default_value[1]);
1924 #if HAVE_W32CE_SYSTEM
1925 if (!(filename[0] == '/' || filename[0] == '\\'))
1926 #elif defined(HAVE_DOSISH_SYSTEM)
1928 && filename[1] == ':'
1929 && (filename[2] == '/' || filename[2] == '\\')))
1931 if (filename[0] != '/')
1933 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
1934 gc_backend[backend].option_config_filename,
1935 gc_backend[backend].name);
1941 /* Retrieve the options for the component COMPONENT from backend
1942 BACKEND, which we already know is a program-type backend. */
1944 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
1947 const char *pgmname;
1948 const char *argv[2];
1953 size_t line_len = 0;
1956 char *config_filename;
1958 pgmname = (gc_backend[backend].module_name
1959 ? gnupg_module_name (gc_backend[backend].module_name)
1960 : gc_backend[backend].program );
1961 argv[0] = "--gpgconf-list";
1964 err = gnupg_spawn_process (pgmname, argv, GPG_ERR_SOURCE_DEFAULT, NULL, 0,
1965 NULL, &outfp, NULL, &pid);
1968 gc_error (1, 0, "could not gather active options from '%s': %s",
1969 pgmname, gpg_strerror (err));
1972 while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
1974 gc_option_t *option;
1976 unsigned long flags = 0;
1977 char *default_value = NULL;
1979 /* Strip newline and carriage return, if present. */
1981 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
1982 line[--length] = '\0';
1984 linep = strchr (line, ':');
1988 /* Extract additional flags. Default to none. */
1994 end = strchr (linep, ':');
1998 gpg_err_set_errno (0);
1999 flags = strtoul (linep, &tail, 0);
2001 gc_error (1, errno, "malformed flags in option %s from %s",
2003 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
2004 gc_error (1, 0, "garbage after flags in option %s from %s",
2010 /* Extract default value, if present. Default to empty if
2016 end = strchr (linep, ':');
2020 if (flags & GC_OPT_FLAG_DEFAULT)
2021 default_value = linep;
2026 /* Look up the option in the component and install the
2027 configuration data. */
2028 option = find_option (component, line, backend);
2032 gc_error (1, errno, "option %s returned twice from %s",
2036 option->flags |= flags;
2037 if (default_value && *default_value)
2038 option->default_value = xstrdup (default_value);
2041 if (length < 0 || es_ferror (outfp))
2042 gc_error (1, errno, "error reading from %s", pgmname);
2043 if (es_fclose (outfp))
2044 gc_error (1, errno, "error closing %s", pgmname);
2046 err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
2048 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
2049 pgmname, exitcode, gpg_strerror (err));
2050 gnupg_release_process (pid);
2053 /* At this point, we can parse the configuration file. */
2054 config_filename = get_config_filename (component, backend);
2056 config = es_fopen (config_filename, "r");
2058 gc_error (0, errno, "warning: can not open config file %s",
2062 while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
2066 gc_option_t *option;
2069 while (*name == ' ' || *name == '\t')
2071 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
2075 while (*value && *value != ' ' && *value != '\t'
2076 && *value != '#' && *value != '\r' && *value != '\n')
2078 if (*value == ' ' || *value == '\t')
2083 while (*value == ' ' || *value == '\t')
2087 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2089 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
2096 /* Look up the option in the component and install the
2097 configuration data. */
2098 option = find_option (component, line, backend);
2103 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2107 "warning: ignoring argument %s for option %s",
2109 opt_value = xstrdup ("1");
2111 else if (gc_arg_type[option->arg_type].fallback
2112 == GC_ARG_TYPE_STRING)
2113 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
2116 /* FIXME: Verify that the number is sane. */
2117 opt_value = xstrdup (value);
2120 /* Now enter the option into the table. */
2121 if (!(option->flags & GC_OPT_FLAG_LIST))
2124 free (option->value);
2125 option->value = opt_value;
2130 option->value = opt_value;
2133 char *opt_val = opt_value;
2135 option->value = xasprintf ("%s,%s", option->value,
2143 if (length < 0 || es_ferror (config))
2144 gc_error (1, errno, "error reading from %s", config_filename);
2145 if (es_fclose (config))
2146 gc_error (1, errno, "error closing %s", config_filename);
2153 /* Retrieve the options for the component COMPONENT from backend
2154 BACKEND, which we already know is of type file list. */
2156 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2158 gc_option_t *list_option;
2159 gc_option_t *config_option;
2160 char *list_filename;
2163 size_t line_len = 0;
2167 list_option = find_option (component,
2168 gc_backend[backend].option_name, GC_BACKEND_ANY);
2169 assert (list_option);
2170 assert (!list_option->active);
2172 list_filename = get_config_filename (component, backend);
2173 list_file = fopen (list_filename, "r");
2175 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2179 while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
2186 while (*start == ' ' || *start == '\t')
2188 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2192 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2194 /* Walk back to skip trailing white spaces. Looks evil, but
2195 works because of the conditions on START and END imposed
2196 at this point (END is at least START + 1, and START is
2197 not a whitespace character). */
2198 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2201 /* FIXME: Oh, no! This is so lame! Should use realloc and
2205 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2210 list = xasprintf ("\"%s", gc_percent_escape (start));
2212 if (length < 0 || ferror (list_file))
2213 gc_error (1, errno, "can not read list file %s", list_filename);
2216 list_option->active = 1;
2217 list_option->value = list;
2219 /* Fix up the read-only flag. */
2220 config_option = find_option
2221 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2222 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2223 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2225 if (list_file && fclose (list_file))
2226 gc_error (1, errno, "error closing %s", list_filename);
2231 /* Retrieve the currently active options and their defaults from all
2232 involved backends for this component. Using -1 for component will
2233 retrieve all options from all components. */
2235 gc_component_retrieve_options (int component)
2237 int process_all = 0;
2238 int backend_seen[GC_BACKEND_NR];
2239 gc_backend_t backend;
2240 gc_option_t *option;
2242 if (component == GC_COMPONENT_PINENTRY)
2243 return; /* Dummy module for now. */
2245 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2246 backend_seen[backend] = 0;
2248 if (component == -1)
2252 assert (component < GC_COMPONENT_NR);
2257 option = gc_component[component].options;
2259 while (option && option->name)
2261 if (!(option->flags & GC_OPT_FLAG_GROUP))
2263 backend = option->backend;
2265 if (backend_seen[backend])
2270 backend_seen[backend] = 1;
2272 assert (backend != GC_BACKEND_ANY);
2274 if (gc_backend[backend].program)
2275 retrieve_options_from_program (component, backend);
2277 retrieve_options_from_file (component, backend);
2282 while (process_all && ++component < GC_COMPONENT_NR);
2288 /* Perform a simple validity check based on the type. Return in
2289 NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2290 type GC_ARG_TYPE_NONE. */
2292 option_check_validity (gc_option_t *option, unsigned long flags,
2293 char *new_value, unsigned long *new_value_nr)
2297 if (!option->active)
2298 gc_error (1, 0, "option %s not supported by backend %s",
2299 option->name, gc_backend[option->backend].name);
2301 if (option->new_flags || option->new_value)
2302 gc_error (1, 0, "option %s already changed", option->name);
2304 if (flags & GC_OPT_FLAG_DEFAULT)
2307 gc_error (1, 0, "argument %s provided for deleted option %s",
2308 new_value, option->name);
2313 /* GC_ARG_TYPE_NONE options have special list treatment. */
2314 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2318 gpg_err_set_errno (0);
2319 *new_value_nr = strtoul (new_value, &tail, 0);
2322 gc_error (1, errno, "invalid argument for option %s",
2325 gc_error (1, 0, "garbage after argument for option %s",
2328 if (!(option->flags & GC_OPT_FLAG_LIST))
2330 if (*new_value_nr != 1)
2331 gc_error (1, 0, "argument for non-list option %s of type 0 "
2332 "(none) must be 1", option->name);
2336 if (*new_value_nr == 0)
2337 gc_error (1, 0, "argument for option %s of type 0 (none) "
2338 "must be positive", option->name);
2347 if (*arg == '\0' || *arg == ',')
2349 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2350 gc_error (1, 0, "argument required for option %s", option->name);
2352 if (*arg == ',' && !(option->flags & GC_OPT_FLAG_LIST))
2353 gc_error (1, 0, "list found for non-list option %s", option->name);
2355 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2358 gc_error (1, 0, "string argument for option %s must begin "
2359 "with a quote (\") character", option->name);
2361 /* FIXME: We do not allow empty string arguments for now, as
2362 we do not quote arguments in configuration files, and
2363 thus no argument is indistinguishable from the empty
2365 if (arg[1] == '\0' || arg[1] == ',')
2366 gc_error (1, 0, "empty string argument for option %s is "
2367 "currently not allowed. Please report this!",
2370 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2374 gpg_err_set_errno (0);
2375 res = strtol (arg, &arg, 0);
2379 gc_error (1, errno, "invalid argument for option %s",
2382 if (*arg != '\0' && *arg != ',')
2383 gc_error (1, 0, "garbage after argument for option %s",
2386 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2390 gpg_err_set_errno (0);
2391 res = strtoul (arg, &arg, 0);
2395 gc_error (1, errno, "invalid argument for option %s",
2398 if (*arg != '\0' && *arg != ',')
2399 gc_error (1, 0, "garbage after argument for option %s",
2402 arg = strchr (arg, ',');
2406 while (arg && *arg);
2409 #ifdef HAVE_W32_SYSTEM
2411 copy_file (const char *src_name, const char *dst_name)
2413 #define BUF_LEN 4096
2414 char buffer[BUF_LEN];
2419 src = fopen (src_name, "r");
2423 dst = fopen (dst_name, "w");
2426 int saved_err = errno;
2428 gpg_err_set_errno (saved_err);
2436 len = fread (buffer, 1, BUF_LEN, src);
2439 written = fwrite (buffer, 1, len, dst);
2443 while (!feof (src) && !ferror (src) && !ferror (dst));
2445 if (ferror (src) || ferror (dst) || !feof (src))
2447 int saved_errno = errno;
2451 gpg_err_set_errno (saved_errno);
2456 gc_error (1, errno, "error closing %s", dst_name);
2458 gc_error (1, errno, "error closing %s", src_name);
2462 #endif /* HAVE_W32_SYSTEM */
2465 /* Create and verify the new configuration file for the specified
2466 backend and component. Returns 0 on success and -1 on error. */
2468 change_options_file (gc_component_t component, gc_backend_t backend,
2469 char **src_filenamep, char **dest_filenamep,
2470 char **orig_filenamep)
2472 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2473 /* True if we are within the marker in the config file. */
2475 gc_option_t *option;
2481 FILE *src_file = NULL;
2482 FILE *dest_file = NULL;
2484 char *dest_filename;
2485 char *orig_filename;
2487 char *cur_arg = NULL;
2489 option = find_option (component,
2490 gc_backend[backend].option_name, GC_BACKEND_ANY);
2492 assert (option->active);
2493 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2495 /* FIXME. Throughout the function, do better error reporting. */
2496 /* Note that get_config_filename() calls percent_deescape(), so we
2497 call this before processing the arguments. */
2498 dest_filename = xstrdup (get_config_filename (component, backend));
2499 src_filename = xasprintf ("%s.%s.%i.new",
2500 dest_filename, GPGCONF_NAME, (int)getpid ());
2501 orig_filename = xasprintf ("%s.%s.%i.bak",
2502 dest_filename, GPGCONF_NAME, (int)getpid ());
2504 arg = option->new_value;
2505 if (arg && arg[0] == '\0')
2512 end = strchr (arg, ',');
2516 cur_arg = percent_deescape (arg);
2526 #ifdef HAVE_W32_SYSTEM
2527 res = copy_file (dest_filename, orig_filename);
2529 res = link (dest_filename, orig_filename);
2531 if (res < 0 && errno != ENOENT)
2533 xfree (dest_filename);
2538 xfree (orig_filename);
2539 orig_filename = NULL;
2542 /* We now initialize the return strings, so the caller can do the
2544 *src_filenamep = src_filename;
2545 *dest_filenamep = dest_filename;
2546 *orig_filenamep = orig_filename;
2548 /* Use open() so that we can use O_EXCL. */
2549 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2552 src_file = fdopen (fd, "w");
2556 gpg_err_set_errno (res);
2560 /* Only if ORIG_FILENAME is not NULL did the configuration file
2561 exist already. In this case, we will copy its content into the
2562 new configuration file, changing it to our liking in the
2566 dest_file = fopen (dest_filename, "r");
2568 goto change_file_one_err;
2570 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2575 if (!strncmp (marker, line, sizeof (marker) - 1))
2584 while (*start == ' ' || *start == '\t')
2586 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2595 /* Search for the end of the line. */
2596 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2599 if (*endp && *endp != ' ' && *endp != '\t'
2600 && *endp != '\r' && *endp != '\n' && *endp != '#')
2606 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2607 || !cur_arg || strcmp (start, cur_arg))
2611 /* Find next argument. */
2617 arg_end = strchr (arg, ',');
2621 cur_arg = percent_deescape (arg);
2642 "# %s disabled this option here at %s\n",
2643 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2644 if (ferror (src_file))
2645 goto change_file_one_err;
2646 fprintf (src_file, "# %s", line);
2647 if (ferror (src_file))
2648 goto change_file_one_err;
2653 fprintf (src_file, "%s", line);
2654 if (ferror (src_file))
2655 goto change_file_one_err;
2658 if (length < 0 || ferror (dest_file))
2659 goto change_file_one_err;
2664 /* There was no marker. This is the first time we edit the
2665 file. We add our own marker at the end of the file and
2666 proceed. Note that we first write a newline, this guards us
2667 against files which lack the newline at the end of the last
2668 line, while it doesn't hurt us in all other cases. */
2669 fprintf (src_file, "\n%s\n", marker);
2670 if (ferror (src_file))
2671 goto change_file_one_err;
2674 /* At this point, we have copied everything up to the end marker
2675 into the new file, except for the arguments we are going to add.
2676 Now, dump the new arguments and write the end marker, possibly
2677 followed by the rest of the original file. */
2680 fprintf (src_file, "%s\n", cur_arg);
2682 /* Find next argument. */
2688 end = strchr (arg, ',');
2692 cur_arg = percent_deescape (arg);
2705 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2706 if (ferror (src_file))
2707 goto change_file_one_err;
2711 fprintf (src_file, "# %s edited this configuration file.\n",
2713 if (ferror (src_file))
2714 goto change_file_one_err;
2715 fprintf (src_file, "# It will disable options before this marked "
2716 "block, but it will\n");
2717 if (ferror (src_file))
2718 goto change_file_one_err;
2719 fprintf (src_file, "# never change anything below these lines.\n");
2720 if (ferror (src_file))
2721 goto change_file_one_err;
2725 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2727 fprintf (src_file, "%s", line);
2728 if (ferror (src_file))
2729 goto change_file_one_err;
2731 if (length < 0 || ferror (dest_file))
2732 goto change_file_one_err;
2737 res = fclose (src_file);
2744 gpg_err_set_errno (res);
2750 res = fclose (dest_file);
2756 change_file_one_err:
2766 gpg_err_set_errno (res);
2771 /* Create and verify the new configuration file for the specified
2772 backend and component. Returns 0 on success and -1 on error. */
2774 change_options_program (gc_component_t component, gc_backend_t backend,
2775 char **src_filenamep, char **dest_filenamep,
2776 char **orig_filenamep)
2778 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2779 /* True if we are within the marker in the config file. */
2781 gc_option_t *option;
2787 FILE *src_file = NULL;
2788 FILE *dest_file = NULL;
2790 char *dest_filename;
2791 char *orig_filename;
2792 /* Special hack for gpg, see below. */
2793 int utf8strings_seen = 0;
2795 /* FIXME. Throughout the function, do better error reporting. */
2796 dest_filename = xstrdup (get_config_filename (component, backend));
2797 src_filename = xasprintf ("%s.%s.%i.new",
2798 dest_filename, GPGCONF_NAME, (int)getpid ());
2799 orig_filename = xasprintf ("%s.%s.%i.bak",
2800 dest_filename, GPGCONF_NAME, (int)getpid ());
2802 #ifdef HAVE_W32_SYSTEM
2803 res = copy_file (dest_filename, orig_filename);
2805 res = link (dest_filename, orig_filename);
2807 if (res < 0 && errno != ENOENT)
2811 xfree (orig_filename);
2812 orig_filename = NULL;
2815 /* We now initialize the return strings, so the caller can do the
2817 *src_filenamep = src_filename;
2818 *dest_filenamep = dest_filename;
2819 *orig_filenamep = orig_filename;
2821 /* Use open() so that we can use O_EXCL. */
2822 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2825 src_file = fdopen (fd, "w");
2829 gpg_err_set_errno (res);
2833 /* Only if ORIG_FILENAME is not NULL did the configuration file
2834 exist already. In this case, we will copy its content into the
2835 new configuration file, changing it to our liking in the
2839 dest_file = fopen (dest_filename, "r");
2841 goto change_one_err;
2843 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2848 if (!strncmp (marker, line, sizeof (marker) - 1))
2855 else if (backend == GC_BACKEND_GPG && in_marker
2856 && ! strcmp ("utf8-strings\n", line))
2858 /* Strip duplicated entries. */
2859 if (utf8strings_seen)
2862 utf8strings_seen = 1;
2866 while (*start == ' ' || *start == '\t')
2868 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2874 while (*end && *end != ' ' && *end != '\t'
2875 && *end != '\r' && *end != '\n' && *end != '#')
2880 option = find_option (component, start, backend);
2882 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2883 || option->new_value))
2891 "# %s disabled this option here at %s\n",
2892 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2893 if (ferror (src_file))
2894 goto change_one_err;
2895 fprintf (src_file, "# %s", line);
2896 if (ferror (src_file))
2897 goto change_one_err;
2902 fprintf (src_file, "%s", line);
2903 if (ferror (src_file))
2904 goto change_one_err;
2907 if (length < 0 || ferror (dest_file))
2908 goto change_one_err;
2913 /* There was no marker. This is the first time we edit the
2914 file. We add our own marker at the end of the file and
2915 proceed. Note that we first write a newline, this guards us
2916 against files which lack the newline at the end of the last
2917 line, while it doesn't hurt us in all other cases. */
2918 fprintf (src_file, "\n%s\n", marker);
2919 if (ferror (src_file))
2920 goto change_one_err;
2922 /* At this point, we have copied everything up to the end marker
2923 into the new file, except for the options we are going to change.
2924 Now, dump the changed options (except for those we are going to
2925 revert to their default), and write the end marker, possibly
2926 followed by the rest of the original file. */
2928 /* We have to turn on UTF8 strings for GnuPG. */
2929 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
2930 fprintf (src_file, "utf8-strings\n");
2932 option = gc_component[component].options;
2933 while (option->name)
2935 if (!(option->flags & GC_OPT_FLAG_GROUP)
2936 && option->backend == backend
2937 && option->new_value)
2939 char *arg = option->new_value;
2943 if (*arg == '\0' || *arg == ',')
2945 fprintf (src_file, "%s\n", option->name);
2946 if (ferror (src_file))
2947 goto change_one_err;
2949 else if (gc_arg_type[option->arg_type].fallback
2950 == GC_ARG_TYPE_NONE)
2952 assert (*arg == '1');
2953 fprintf (src_file, "%s\n", option->name);
2954 if (ferror (src_file))
2955 goto change_one_err;
2959 else if (gc_arg_type[option->arg_type].fallback
2960 == GC_ARG_TYPE_STRING)
2964 assert (*arg == '"');
2967 end = strchr (arg, ',');
2971 fprintf (src_file, "%s %s\n", option->name,
2972 percent_deescape (arg));
2973 if (ferror (src_file))
2974 goto change_one_err;
2984 end = strchr (arg, ',');
2988 fprintf (src_file, "%s %s\n", option->name, arg);
2989 if (ferror (src_file))
2990 goto change_one_err;
2997 assert (arg == NULL || *arg == '\0' || *arg == ',');
2998 if (arg && *arg == ',')
3001 while (arg && *arg);
3006 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
3007 if (ferror (src_file))
3008 goto change_one_err;
3012 fprintf (src_file, "# %s edited this configuration file.\n",
3014 if (ferror (src_file))
3015 goto change_one_err;
3016 fprintf (src_file, "# It will disable options before this marked "
3017 "block, but it will\n");
3018 if (ferror (src_file))
3019 goto change_one_err;
3020 fprintf (src_file, "# never change anything below these lines.\n");
3021 if (ferror (src_file))
3022 goto change_one_err;
3026 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
3028 fprintf (src_file, "%s", line);
3029 if (ferror (src_file))
3030 goto change_one_err;
3032 if (length < 0 || ferror (dest_file))
3033 goto change_one_err;
3038 res = fclose (src_file);
3045 gpg_err_set_errno (res);
3051 res = fclose (dest_file);
3067 gpg_err_set_errno (res);
3072 /* Common code for gc_component_change_options and
3073 gc_process_gpgconf_conf. */
3075 change_one_value (gc_option_t *option, int *runtime,
3076 unsigned long flags, char *new_value)
3078 unsigned long new_value_nr = 0;
3080 option_check_validity (option, flags, new_value, &new_value_nr);
3082 if (option->flags & GC_OPT_FLAG_RUNTIME)
3083 runtime[option->backend] = 1;
3085 option->new_flags = flags;
3086 if (!(flags & GC_OPT_FLAG_DEFAULT))
3088 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
3089 && (option->flags & GC_OPT_FLAG_LIST))
3093 /* We convert the number to a list of 1's for convenient
3095 assert (new_value_nr > 0);
3096 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
3097 str = option->new_value;
3099 while (--new_value_nr > 0)
3107 option->new_value = xstrdup (new_value);
3112 /* Read the modifications from IN and apply them. If IN is NULL the
3113 modifications are expected to already have been set to the global
3116 gc_component_change_options (int component, estream_t in, estream_t out)
3119 int runtime[GC_BACKEND_NR];
3120 char *src_filename[GC_BACKEND_NR];
3121 char *dest_filename[GC_BACKEND_NR];
3122 char *orig_filename[GC_BACKEND_NR];
3123 gc_backend_t backend;
3124 gc_option_t *option;
3126 size_t line_len = 0;
3129 if (component == GC_COMPONENT_PINENTRY)
3130 return; /* Dummy component for now. */
3132 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3134 runtime[backend] = 0;
3135 src_filename[backend] = NULL;
3136 dest_filename[backend] = NULL;
3137 orig_filename[backend] = NULL;
3142 /* Read options from the file IN. */
3143 while ((length = es_read_line (in, &line, &line_len, NULL)) > 0)
3146 unsigned long flags = 0;
3147 char *new_value = "";
3149 /* Strip newline and carriage return, if present. */
3151 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3152 line[--length] = '\0';
3154 linep = strchr (line, ':');
3158 /* Extract additional flags. Default to none. */
3164 end = strchr (linep, ':');
3168 gpg_err_set_errno (0);
3169 flags = strtoul (linep, &tail, 0);
3171 gc_error (1, errno, "malformed flags in option %s", line);
3172 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3173 gc_error (1, 0, "garbage after flags in option %s", line);
3178 /* Don't allow setting of the no change flag. */
3179 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3181 /* Extract default value, if present. Default to empty if not. */
3185 end = strchr (linep, ':');
3192 option = find_option (component, line, GC_BACKEND_ANY);
3194 gc_error (1, 0, "unknown option %s", line);
3196 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3198 gc_error (0, 0, "ignoring new value for option %s",
3203 change_one_value (option, runtime, flags, new_value);
3207 /* Now that we have collected and locally verified the changes,
3208 write them out to new configuration files, verify them
3209 externally, and then commit them. */
3210 option = gc_component[component].options;
3211 while (option && option->name)
3213 /* Go on if we have already seen this backend, or if there is
3215 if (src_filename[option->backend]
3216 || !(option->new_flags || option->new_value))
3222 if (gc_backend[option->backend].program)
3224 err = change_options_program (component, option->backend,
3225 &src_filename[option->backend],
3226 &dest_filename[option->backend],
3227 &orig_filename[option->backend]);
3230 /* External verification. */
3231 err = gc_component_check_options (component, out,
3232 src_filename[option->backend]);
3236 _("External verification of component %s failed"),
3237 gc_component[component].name);
3238 gpg_err_set_errno (EINVAL);
3244 err = change_options_file (component, option->backend,
3245 &src_filename[option->backend],
3246 &dest_filename[option->backend],
3247 &orig_filename[option->backend]);
3255 if (! err && ! opt.dry_run)
3259 for (i = 0; i < GC_BACKEND_NR; i++)
3261 if (src_filename[i])
3263 /* FIXME: Make a verification here. */
3265 assert (dest_filename[i]);
3267 if (orig_filename[i])
3269 #ifdef HAVE_W32_SYSTEM
3270 /* There is no atomic update on W32. */
3271 err = unlink (dest_filename[i]);
3272 #endif /* HAVE_W32_SYSTEM */
3274 err = rename (src_filename[i], dest_filename[i]);
3278 #ifdef HAVE_W32_SYSTEM
3279 /* We skip the unlink if we expect the file not to
3281 err = rename (src_filename[i], dest_filename[i]);
3282 #else /* HAVE_W32_SYSTEM */
3283 /* This is a bit safer than rename() because we
3284 expect DEST_FILENAME not to be there. If it
3285 happens to be there, this will fail. */
3286 err = link (src_filename[i], dest_filename[i]);
3288 err = unlink (src_filename[i]);
3289 #endif /* !HAVE_W32_SYSTEM */
3293 src_filename[i] = NULL;
3298 if (err || opt.dry_run)
3301 int saved_errno = errno;
3303 /* An error occured or a dry-run is requested. */
3304 for (i = 0; i < GC_BACKEND_NR; i++)
3306 if (src_filename[i])
3308 /* The change was not yet committed. */
3309 unlink (src_filename[i]);
3310 if (orig_filename[i])
3311 unlink (orig_filename[i]);
3315 /* The changes were already committed. FIXME: This is a
3316 tad dangerous, as we don't know if we don't overwrite
3317 a version of the file that is even newer than the one
3318 we just installed. */
3319 if (orig_filename[i])
3321 #ifdef HAVE_W32_SYSTEM
3322 /* There is no atomic update on W32. */
3323 unlink (dest_filename[i]);
3324 #endif /* HAVE_W32_SYSTEM */
3325 rename (orig_filename[i], dest_filename[i]);
3328 unlink (dest_filename[i]);
3332 gc_error (1, saved_errno, "could not commit changes");
3334 /* Fall-through for dry run. */
3338 /* If it all worked, notify the daemons of the changes. */
3340 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3342 if (runtime[backend] && gc_backend[backend].runtime_change)
3343 (*gc_backend[backend].runtime_change) (0);
3346 /* Move the per-process backup file into its place. */
3347 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3348 if (orig_filename[backend])
3350 char *backup_filename;
3352 assert (dest_filename[backend]);
3354 backup_filename = xasprintf ("%s.%s.bak",
3355 dest_filename[backend], GPGCONF_NAME);
3357 #ifdef HAVE_W32_SYSTEM
3358 /* There is no atomic update on W32. */
3359 unlink (backup_filename);
3360 #endif /* HAVE_W32_SYSTEM */
3361 rename (orig_filename[backend], backup_filename);
3369 /* Check whether USER matches the current user of one of its group.
3370 This function may change USER. Returns true is there is a
3373 key_matches_user_or_group (char *user)
3377 if (*user == '*' && user[1] == 0)
3378 return 1; /* A single asterisk matches all users. */
3380 group = strchr (user, ':');
3384 #ifdef HAVE_W32_SYSTEM
3385 /* Under Windows we don't support groups. */
3386 if (group && *group)
3387 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3388 #ifndef HAVE_W32CE_SYSTEM
3391 static char *my_name;
3398 GetUserNameA (tmp, &size);
3399 my_name = xmalloc (size);
3400 if (!GetUserNameA (my_name, &size))
3401 gc_error (1,0, "error getting current user name: %s",
3405 if (!strcmp (user, my_name))
3406 return 1; /* Found. */
3408 #endif /*HAVE_W32CE_SYSTEM*/
3409 #else /*!HAVE_W32_SYSTEM*/
3410 /* First check whether the user matches. */
3413 static char *my_name;
3417 struct passwd *pw = getpwuid ( getuid () );
3419 gc_error (1, errno, "getpwuid failed for current user");
3420 my_name = xstrdup (pw->pw_name);
3422 if (!strcmp (user, my_name))
3423 return 1; /* Found. */
3426 /* If that failed, check whether a group matches. */
3427 if (group && *group)
3429 static char *my_group;
3430 static char **my_supgroups;
3435 struct group *gr = getgrgid ( getgid () );
3437 gc_error (1, errno, "getgrgid failed for current user");
3438 my_group = xstrdup (gr->gr_name);
3440 if (!strcmp (group, my_group))
3441 return 1; /* Found. */
3448 ngids = getgroups (0, NULL);
3449 gids = xcalloc (ngids+1, sizeof *gids);
3450 ngids = getgroups (ngids, gids);
3452 gc_error (1, errno, "getgroups failed for current user");
3453 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3454 for (n=0; n < ngids; n++)
3456 struct group *gr = getgrgid ( gids[n] );
3458 gc_error (1, errno, "getgrgid failed for supplementary group");
3459 my_supgroups[n] = xstrdup (gr->gr_name);
3464 for (n=0; my_supgroups[n]; n++)
3465 if (!strcmp (group, my_supgroups[n]))
3466 return 1; /* Found. */
3468 #endif /*!HAVE_W32_SYSTEM*/
3469 return 0; /* No match. */
3474 /* Read and process the global configuration file for gpgconf. This
3475 optional file is used to update our internal tables at runtime and
3476 may also be used to set new default values. If FNAME is NULL the
3477 default name will be used. With UPDATE set to true the internal
3478 tables are actually updated; if not set, only a syntax check is
3479 done. If DEFAULTS is true the global options are written to the
3480 configuration files. If LISTFP is set, no changes are done but the
3481 configuration file is printed to LISTFP in a colon separated format.
3483 Returns 0 on success or if the config file is not present; -1 is
3484 returned on error. */
3486 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3491 size_t line_len = 0;
3497 int runtime[GC_BACKEND_NR];
3498 int backend_id, component_id;
3502 fname = xstrdup (fname_arg);
3504 fname = make_filename (gnupg_sysconfdir (), GPGCONF_NAME EXTSEP_S "conf",
3507 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3508 runtime[backend_id] = 0;
3510 config = fopen (fname, "r");
3513 /* Do not print an error if the file is not available, except
3514 when running in syntax check mode. */
3515 if (errno != ENOENT || !update)
3517 gc_error (0, errno, "can not open global config file '%s'", fname);
3524 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
3526 char *key, *component, *option, *flags, *value;
3528 gc_option_t *option_info = NULL;
3530 int is_continuation;
3534 while (*key == ' ' || *key == '\t')
3536 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3539 is_continuation = (key != line);
3541 /* Parse the key field. */
3542 if (!is_continuation && got_match)
3543 break; /* Finish after the first match. */
3544 else if (!is_continuation)
3547 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3551 gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
3560 gc_error (0, 0, "continuation but no rule at '%s', line %d",
3573 /* Parse the component. */
3574 while (*component == ' ' || *component == '\t')
3576 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3580 gc_error (0, 0, "missing component at '%s', line %d",
3588 component_id = gc_component_find (component);
3589 if (component_id < 0)
3591 gc_error (0, 0, "unknown component at '%s', line %d",
3596 /* Parse the option name. */
3597 while (*option == ' ' || *option == '\t')
3599 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3603 gc_error (0, 0, "missing option at '%s', line %d",
3610 if ( component_id != -1)
3612 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3615 gc_error (0, 0, "unknown option at '%s', line %d",
3622 /* Parse the optional flags. */
3623 while (*flags == ' ' || *flags == '\t')
3628 p = strchr (flags, ']');
3631 gc_error (0, 0, "syntax error in rule at '%s', line %d",
3639 else /* No flags given. */
3645 /* Parse the optional value. */
3646 while (*value == ' ' || *value == '\t')
3648 for (p=value; *p && !strchr ("\r\n", *p); p++)
3651 value = empty; /* No value given; let it point to an empty string. */
3654 /* Strip trailing white space. */
3656 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3660 /* Check flag combinations. */
3663 else if (!strcmp (flags, "default"))
3667 gc_error (0, 0, "flag \"default\" may not be combined "
3668 "with a value at '%s', line %d",
3673 else if (!strcmp (flags, "change"))
3675 else if (!strcmp (flags, "no-change"))
3679 gc_error (0, 0, "unknown flag at '%s', line %d",
3684 /* In list mode we print out all records. */
3685 if (listfp && !result)
3687 /* If this is a new ruleset, print a key record. */
3688 if (!is_continuation)
3690 char *group = strchr (key, ':');
3694 if ((p = strchr (group, ':')))
3695 *p = 0; /* We better strip any extra stuff. */
3698 es_fprintf (listfp, "k:%s:", gc_percent_escape (key));
3699 es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3702 /* All other lines are rule records. */
3703 es_fprintf (listfp, "r:::%s:%s:%s:",
3704 gc_component[component_id].name,
3705 option_info->name? option_info->name : "",
3708 es_fprintf (listfp, "\"%s", gc_percent_escape (value));
3710 es_putc ('\n', listfp);
3713 /* Check whether the key matches but do this only if we are not
3714 running in syntax check mode. */
3716 && !result && !listfp
3717 && (got_match || (key && key_matches_user_or_group (key))) )
3723 /* Apply the flags from gpgconf.conf. */
3726 else if (!strcmp (flags, "default"))
3727 newflags |= GC_OPT_FLAG_DEFAULT;
3728 else if (!strcmp (flags, "no-change"))
3729 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3730 else if (!strcmp (flags, "change"))
3731 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3735 /* Here we explicitly allow to update the value again. */
3738 option_info->new_flags = 0;
3742 xfree (option_info->new_value);
3743 option_info->new_value = NULL;
3745 change_one_value (option_info, runtime, newflags, value);
3750 if (length < 0 || ferror (config))
3752 gc_error (0, errno, "error reading from '%s'", fname);
3755 if (fclose (config))
3756 gc_error (0, errno, "error closing '%s'", fname);
3760 /* If it all worked, process the options. */
3761 if (!result && update && defaults && !listfp)
3763 /* We need to switch off the runtime update, so that we can do
3764 it later all at once. */
3765 int save_opt_runtime = opt.runtime;
3768 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3770 gc_component_change_options (component_id, NULL, NULL);
3772 opt.runtime = save_opt_runtime;
3776 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3777 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3778 (*gc_backend[backend_id].runtime_change) (0);