1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GnuPG; if not, see <https://www.gnu.org/licenses/>.
29 #include <sys/types.h>
38 #ifdef HAVE_W32_SYSTEM
39 # define WIN32_LEAN_AND_MEAN 1
46 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
47 #include "../common/util.h"
48 #include "../common/i18n.h"
49 #include "../common/exechelp.h"
50 #include "../common/sysutils.h"
51 #include "../common/status.h"
53 #include "../common/gc-opt-flags.h"
56 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
57 returns a plain filename without escaping. As long as we have not
58 fixed that we need to use gpg2. */
59 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
60 #define GPGNAME "gpg2"
62 #define GPGNAME GPG_NAME
67 Components: Add more components and their options.
68 Robustness: Do more validation. Call programs to do validation for us.
69 Add options to change backend binary path.
70 Extract binary path for some backends from gpgsm/gpg config.
74 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
75 void gc_error (int status, int errnum, const char *fmt, ...) \
76 __attribute__ ((format (printf, 3, 4)));
79 /* Output a diagnostic message. If ERRNUM is not 0, then the output
80 is followed by a colon, a white space, and the error string for the
81 error number ERRNUM. In any case the output is finished by a
82 newline. The message is prepended by the program name, a colon,
83 and a whitespace. The output may be further formatted or
84 redirected by the jnlib logging facility. */
86 gc_error (int status, int errnum, const char *fmt, ...)
90 va_start (arg_ptr, fmt);
91 log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
95 log_printf (": %s\n", strerror (errnum));
102 log_printf ("fatal error (exit status %i)\n", status);
103 gpgconf_failure (gpg_error_from_errno (errnum));
108 /* Forward declaration. */
109 static void gpg_agent_runtime_change (int killflag);
110 static void scdaemon_runtime_change (int killflag);
111 static void dirmngr_runtime_change (int killflag);
113 /* Backend configuration. Backends are used to decide how the default
114 and current value of an option can be determined, and how the
115 option can be changed. To every option in every component belongs
116 exactly one backend that controls and determines the option. Some
117 backends are programs from the GPG system. Others might be
118 implemented by GPGConf itself. If you change this enum, don't
119 forget to update GC_BACKEND below. */
122 /* Any backend, used for find_option (). */
125 /* The Gnu Privacy Guard. */
128 /* The Gnu Privacy Guard for S/MIME. */
132 GC_BACKEND_GPG_AGENT,
134 /* The GnuPG SCDaemon. */
137 /* The GnuPG directory manager. */
140 /* The LDAP server list file for the director manager. */
141 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
143 /* The Pinentry (not a part of GnuPG, proper). */
146 /* The number of the above entries. */
151 /* To be able to implement generic algorithms for the various
152 backends, we collect all information about them in this struct. */
155 /* The name of the backend. */
158 /* The name of the program that acts as the backend. Some backends
159 don't have an associated program, but are implemented directly by
160 GPGConf. In this case, PROGRAM is NULL. */
163 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
164 ../common/util.h. This value is used to get the actual installed
165 path of the program. 0 is used if no backend program is
169 /* The runtime change callback. If KILLFLAG is true the component
170 is killed and not just reloaded. */
171 void (*runtime_change) (int killflag);
173 /* The option name for the configuration filename of this backend.
174 This must be an absolute filename. It can be an option from a
175 different backend (but then ordering of the options might
176 matter). Note: This must be unique among all components. */
177 const char *option_config_filename;
179 /* If this is a file backend rather than a program backend, then
180 this is the name of the option associated with the file. */
181 const char *option_name;
182 } gc_backend[GC_BACKEND_NR] =
184 { NULL }, /* GC_BACKEND_ANY dummy entry. */
185 { GPG_DISP_NAME, GPGNAME, GNUPG_MODULE_NAME_GPG,
186 NULL, GPGCONF_NAME "-" GPG_NAME ".conf" },
187 { GPGSM_DISP_NAME, GPGSM_NAME, GNUPG_MODULE_NAME_GPGSM,
188 NULL, GPGCONF_NAME "-" GPGSM_NAME ".conf" },
189 { GPG_AGENT_DISP_NAME, GPG_AGENT_NAME, GNUPG_MODULE_NAME_AGENT,
190 gpg_agent_runtime_change, GPGCONF_NAME"-" GPG_AGENT_NAME ".conf" },
191 { SCDAEMON_DISP_NAME, SCDAEMON_NAME, GNUPG_MODULE_NAME_SCDAEMON,
192 scdaemon_runtime_change, GPGCONF_NAME"-" SCDAEMON_NAME ".conf" },
193 { DIRMNGR_DISP_NAME, DIRMNGR_NAME, GNUPG_MODULE_NAME_DIRMNGR,
194 dirmngr_runtime_change, GPGCONF_NAME "-" DIRMNGR_NAME ".conf" },
195 { DIRMNGR_DISP_NAME " LDAP Server List", NULL, 0,
196 NULL, "ldapserverlist-file", "LDAP Server" },
197 { "Pinentry", "pinentry", GNUPG_MODULE_NAME_PINENTRY,
198 NULL, GPGCONF_NAME "-pinentry.conf" },
202 /* Option configuration. */
204 /* An option might take an argument, or not. Argument types can be
205 basic or complex. Basic types are generic and easy to validate.
206 Complex types provide more specific information about the intended
207 use, but can be difficult to validate. If you add to this enum,
208 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
209 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
213 /* Basic argument types. */
216 GC_ARG_TYPE_NONE = 0,
218 /* A String argument. */
219 GC_ARG_TYPE_STRING = 1,
221 /* A signed integer argument. */
222 GC_ARG_TYPE_INT32 = 2,
224 /* An unsigned integer argument. */
225 GC_ARG_TYPE_UINT32 = 3,
227 /* ADD NEW BASIC TYPE ENTRIES HERE. */
229 /* Complex argument types. */
231 /* A complete filename. */
232 GC_ARG_TYPE_FILENAME = 32,
234 /* An LDAP server in the format
235 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
236 GC_ARG_TYPE_LDAP_SERVER = 33,
238 /* A 40 character fingerprint. */
239 GC_ARG_TYPE_KEY_FPR = 34,
241 /* A user ID or key ID or fingerprint for a certificate. */
242 GC_ARG_TYPE_PUB_KEY = 35,
244 /* A user ID or key ID or fingerprint for a certificate with a key. */
245 GC_ARG_TYPE_SEC_KEY = 36,
247 /* A alias list made up of a key, an equal sign and a space
248 separated list of values. */
249 GC_ARG_TYPE_ALIAS_LIST = 37,
251 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
253 /* The number of the above entries. */
258 /* For every argument, we record some information about it in the
262 /* For every argument type exists a basic argument type that can be
263 used as a fallback for input and validation purposes. */
264 gc_arg_type_t fallback;
266 /* Human-readable name of the type. */
268 } gc_arg_type[GC_ARG_TYPE_NR] =
270 /* The basic argument types have their own types as fallback. */
271 { GC_ARG_TYPE_NONE, "none" },
272 { GC_ARG_TYPE_STRING, "string" },
273 { GC_ARG_TYPE_INT32, "int32" },
274 { GC_ARG_TYPE_UINT32, "uint32" },
276 /* Reserved basic type entries for future extension. */
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
282 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
284 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
285 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
286 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
287 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
288 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
289 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
290 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
292 /* The complex argument types have a basic type as fallback. */
293 { GC_ARG_TYPE_STRING, "filename" },
294 { GC_ARG_TYPE_STRING, "ldap server" },
295 { GC_ARG_TYPE_STRING, "key fpr" },
296 { GC_ARG_TYPE_STRING, "pub key" },
297 { GC_ARG_TYPE_STRING, "sec key" },
298 { GC_ARG_TYPE_STRING, "alias list" },
302 /* Every option has an associated expert level, than can be used to
303 hide advanced and expert options from beginners. If you add to
304 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
305 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
306 EXTERNAL INTERFACE. */
309 /* The basic options should always be displayed. */
312 /* The advanced options may be hidden from beginners. */
315 /* The expert options should only be displayed to experts. */
318 /* The invisible options should normally never be displayed. */
321 /* The internal options are never exported, they mark options that
322 are recorded for internal use only. */
325 /* ADD NEW ENTRIES HERE. */
327 /* The number of the above entries. */
331 /* A description for each expert level. */
345 /* Option flags. The flags which are used by the backends are defined
346 by gc-opt-flags.h, included above.
348 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
349 PART OF THE EXTERNAL INTERFACE. */
351 /* Some entries in the option list are not options, but mark the
352 beginning of a new group of options. These entries have the GROUP
354 #define GC_OPT_FLAG_GROUP (1UL << 0)
355 /* The ARG_OPT flag for an option indicates that the argument is
356 optional. This is never set for GC_ARG_TYPE_NONE options. */
357 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
358 /* The LIST flag for an option indicates that the option can occur
359 several times. A comma separated list of arguments is used as the
361 #define GC_OPT_FLAG_LIST (1UL << 2)
364 /* A human-readable description for each flag. */
381 /* To each option, or group marker, the information in the GC_OPTION
382 struct is provided. If you change this, don't forget to update the
383 option list of each component. */
386 /* If this is NULL, then this is a terminator in an array of unknown
387 length. Otherwise, if this entry is a group marker (see FLAGS),
388 then this is the name of the group described by this entry.
389 Otherwise it is the name of the option described by this
390 entry. The name must not contain a colon. */
393 /* The option flags. If the GROUP flag is set, then this entry is a
394 group marker, not an option, and only the fields LEVEL,
395 DESC_DOMAIN and DESC are valid. In all other cases, this entry
396 describes a new option and all fields are valid. */
399 /* The expert level. This field is valid for options and groups. A
400 group has the expert level of the lowest-level option in the
402 gc_expert_level_t level;
404 /* A gettext domain in which the following description can be found.
405 If this is NULL, then DESC is not translated. Valid for groups
408 Note that we try to keep the description of groups within the
411 IMPORTANT: If you add a new domain please make sure to add a code
412 set switching call to the function my_dgettext further below. */
413 const char *desc_domain;
415 /* A gettext description for this group or option. If it starts
416 with a '|', then the string up to the next '|' describes the
417 argument, and the description follows the second '|'.
419 In general enclosing these description in N_() is not required
420 because the description should be identical to the one in the
421 help menu of the respective program. */
424 /* The following fields are only valid for options. */
426 /* The type of the option argument. */
427 gc_arg_type_t arg_type;
429 /* The backend that implements this option. */
430 gc_backend_t backend;
432 /* The following fields are set to NULL at startup (because all
433 option's are declared as static variables). They are at the end
434 of the list so that they can be omitted from the option
437 /* This is true if the option is supported by this version of the
441 /* The default value for this option. This is NULL if the option is
442 not present in the backend, the empty string if no default is
443 available, and otherwise a quoted string. */
446 /* The default argument is only valid if the "optional arg" flag is
447 set, and specifies the default argument (value) that is used if
448 the argument is omitted. */
451 /* The current value of this option. */
454 /* The new flags for this option. The only defined flag is actually
455 GC_OPT_FLAG_DEFAULT, and it means that the option should be
456 deleted. In this case, NEW_VALUE is NULL. */
457 unsigned long new_flags;
459 /* The new value of this option. */
462 typedef struct gc_option gc_option_t;
464 /* Use this macro to terminate an option list. */
465 #define GC_OPTION_NULL { NULL }
468 #ifndef BUILD_WITH_AGENT
469 #define gc_options_gpg_agent NULL
471 /* The options of the GC_COMPONENT_GPG_AGENT component. */
472 static gc_option_t gc_options_gpg_agent[] =
474 /* The configuration file to which we write the changes. */
475 { GPGCONF_NAME"-" GPG_AGENT_NAME ".conf",
476 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
477 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
480 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
481 "gnupg", N_("Options controlling the diagnostic output") },
482 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
484 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
485 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
486 "gnupg", "be somewhat more quiet",
487 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
488 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
490 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
493 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
494 "gnupg", N_("Options controlling the configuration") },
495 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
496 "gnupg", "|FILE|read options from FILE",
497 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
498 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
499 "gnupg", "do not use the SCdaemon",
500 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
501 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
502 "gnupg", "enable ssh support",
503 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
504 { "ssh-fingerprint-digest",
505 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
506 "gnupg", "|ALGO|use ALGO to show ssh fingerprints",
507 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
508 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
509 "gnupg", "enable putty support",
510 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
511 { "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE,
513 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
516 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
517 "gnupg", N_("Options useful for debugging") },
518 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
519 "gnupg", "|LEVEL|set the debugging level to LEVEL",
520 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
521 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
522 "gnupg", N_("|FILE|write server mode logs to FILE"),
523 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
524 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
526 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
529 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
530 "gnupg", N_("Options controlling the security") },
531 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
532 GC_LEVEL_BASIC, "gnupg",
533 "|N|expire cached PINs after N seconds",
534 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
535 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
536 GC_LEVEL_ADVANCED, "gnupg",
537 N_("|N|expire SSH keys after N seconds"),
538 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
539 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
540 GC_LEVEL_EXPERT, "gnupg",
541 N_("|N|set maximum PIN cache lifetime to N seconds"),
542 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
543 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
544 GC_LEVEL_EXPERT, "gnupg",
545 N_("|N|set maximum SSH key lifetime to N seconds"),
546 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
547 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
548 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
549 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
550 { "allow-emacs-pinentry", GC_OPT_FLAG_RUNTIME,
552 "gnupg", "allow passphrase to be prompted through Emacs",
553 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
554 { "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
556 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
557 { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
558 GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
559 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
560 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
561 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
562 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
563 { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
564 GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
565 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
567 { "Passphrase policy",
568 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
569 "gnupg", N_("Options enforcing a passphrase policy") },
570 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
571 GC_LEVEL_EXPERT, "gnupg",
572 N_("do not allow bypassing the passphrase policy"),
573 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
574 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
575 GC_LEVEL_ADVANCED, "gnupg",
576 N_("|N|set minimal required length for new passphrases to N"),
577 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
578 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
579 GC_LEVEL_EXPERT, "gnupg",
580 N_("|N|require at least N non-alpha characters for a new passphrase"),
581 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
582 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
584 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
585 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
586 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
587 GC_LEVEL_EXPERT, "gnupg",
588 N_("|N|expire the passphrase after N days"),
589 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
590 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
591 GC_LEVEL_EXPERT, "gnupg",
592 N_("do not allow the reuse of old passphrases"),
593 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
594 { "pinentry-timeout", GC_OPT_FLAG_RUNTIME,
595 GC_LEVEL_ADVANCED, "gnupg",
596 N_("|N|set the Pinentry timeout to N seconds"),
597 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
601 #endif /*BUILD_WITH_AGENT*/
604 #ifndef BUILD_WITH_SCDAEMON
605 #define gc_options_scdaemon NULL
607 /* The options of the GC_COMPONENT_SCDAEMON component. */
608 static gc_option_t gc_options_scdaemon[] =
610 /* The configuration file to which we write the changes. */
611 { GPGCONF_NAME"-"SCDAEMON_NAME".conf",
612 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
613 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
616 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
617 "gnupg", N_("Options controlling the diagnostic output") },
618 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
620 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
621 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
622 "gnupg", "be somewhat more quiet",
623 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
624 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
626 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
629 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
630 "gnupg", N_("Options controlling the configuration") },
631 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
632 "gnupg", "|FILE|read options from FILE",
633 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
634 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
635 "gnupg", "|N|connect to reader at port N",
636 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
637 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
638 "gnupg", "|NAME|use NAME as ct-API driver",
639 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
640 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
641 "gnupg", "|NAME|use NAME as PC/SC driver",
642 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
643 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
644 "gnupg", "do not use the internal CCID driver",
645 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
646 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
647 "gnupg", "do not use a reader's pinpad",
648 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
649 { "enable-pinpad-varlen",
650 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
651 "gnupg", "use variable length input for pinpad",
652 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
653 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
654 "gnupg", "|N|disconnect the card after N seconds of inactivity",
655 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
658 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
659 "gnupg", N_("Options useful for debugging") },
660 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
661 "gnupg", "|LEVEL|set the debugging level to LEVEL",
662 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
663 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
664 "gnupg", N_("|FILE|write a log to FILE"),
665 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
668 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
669 "gnupg", N_("Options controlling the security") },
670 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
671 "gnupg", "deny the use of admin card commands",
672 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
677 #endif /*BUILD_WITH_SCDAEMON*/
679 #ifndef BUILD_WITH_GPG
680 #define gc_options_gpg NULL
682 /* The options of the GC_COMPONENT_GPG component. */
683 static gc_option_t gc_options_gpg[] =
685 /* The configuration file to which we write the changes. */
686 { GPGCONF_NAME"-"GPG_NAME".conf",
687 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
688 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
691 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
692 "gnupg", N_("Options controlling the diagnostic output") },
693 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
695 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
696 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
697 "gnupg", "be somewhat more quiet",
698 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
699 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
701 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
704 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
705 "gnupg", N_("Options controlling the configuration") },
706 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
707 "gnupg", N_("|NAME|use NAME as default secret key"),
708 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
709 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
710 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
711 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
712 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
713 "gnupg", N_("|SPEC|set up email aliases"),
714 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
715 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
717 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
718 { "compliance", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
720 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
721 { "default-new-key-algo", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
723 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
724 { "default_pubkey_algo",
725 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
727 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
729 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
731 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
735 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
736 "gnupg", N_("Options useful for debugging") },
737 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
738 "gnupg", "|LEVEL|set the debugging level to LEVEL",
739 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
740 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
741 "gnupg", N_("|FILE|write server mode logs to FILE"),
742 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
743 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
745 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
748 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
749 "gnupg", N_("Configuration for Keyservers") },
750 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
751 "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
752 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
753 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
754 "gnupg", N_("allow PKA lookups (DNS requests)"),
755 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
756 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
757 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
758 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
759 { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
760 NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
761 { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
762 NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
763 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
764 "gnupg", N_("disable all access to the dirmngr"),
765 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
767 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
769 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
770 { "completes-needed",
771 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
773 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
774 { "marginals-needed",
775 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
777 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
782 #endif /*BUILD_WITH_GPG*/
785 #ifndef BUILD_WITH_GPGSM
786 #define gc_options_gpgsm NULL
788 /* The options of the GC_COMPONENT_GPGSM component. */
789 static gc_option_t gc_options_gpgsm[] =
791 /* The configuration file to which we write the changes. */
792 { GPGCONF_NAME"-"GPGSM_NAME".conf",
793 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
794 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
797 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
798 "gnupg", N_("Options controlling the diagnostic output") },
799 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
801 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
802 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
803 "gnupg", "be somewhat more quiet",
804 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
805 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
807 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
810 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
811 "gnupg", N_("Options controlling the configuration") },
812 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
813 "gnupg", N_("|NAME|use NAME as default secret key"),
814 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
815 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
816 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
817 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
818 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
819 "gnupg", "|FILE|read options from FILE",
820 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
821 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
822 "gnupg", "use system's dirmngr if available",
823 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
824 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
825 "gnupg", N_("disable all access to the dirmngr"),
826 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
827 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
828 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
829 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
830 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
831 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
832 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
833 { "default_pubkey_algo",
834 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
836 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
837 { "compliance", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
839 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
842 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
843 "gnupg", N_("Options useful for debugging") },
844 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
845 "gnupg", "|LEVEL|set the debugging level to LEVEL",
846 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
847 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
848 "gnupg", N_("|FILE|write server mode logs to FILE"),
849 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
850 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
852 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
855 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
856 "gnupg", N_("Options controlling the security") },
857 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
858 "gnupg", "never consult a CRL",
859 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
860 { "enable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
862 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
863 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
864 "gnupg", N_("do not check CRLs for root certificates"),
865 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
866 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
867 "gnupg", "check validity using OCSP",
868 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
869 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
870 "gnupg", "|N|number of certificates to include",
871 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
872 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
873 "gnupg", "do not check certificate policies",
874 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
875 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
876 "gnupg", "fetch missing issuer certificates",
877 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
878 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
879 "gnupg", "|NAME|use cipher algorithm NAME",
880 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
884 #endif /*BUILD_WITH_GPGSM*/
887 #ifndef BUILD_WITH_DIRMNGR
888 #define gc_options_dirmngr NULL
890 /* The options of the GC_COMPONENT_DIRMNGR component. */
891 static gc_option_t gc_options_dirmngr[] =
893 /* The configuration file to which we write the changes. */
894 { GPGCONF_NAME"-"DIRMNGR_NAME".conf",
895 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
896 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
899 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
900 "gnupg", N_("Options controlling the diagnostic output") },
901 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
902 "dirmngr", "verbose",
903 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
904 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
905 "dirmngr", "be somewhat more quiet",
906 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
907 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
909 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
912 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
913 "gnupg", N_("Options controlling the format of the output") },
914 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
915 "dirmngr", "sh-style command output",
916 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
917 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
918 "dirmngr", "csh-style command output",
919 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
922 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
923 "gnupg", N_("Options controlling the configuration") },
924 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
925 "dirmngr", "|FILE|read options from FILE",
926 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
927 { "resolver-timeout", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
929 GC_ARG_TYPE_INT32, GC_BACKEND_DIRMNGR },
930 { "nameserver", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
932 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
935 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
936 "gnupg", N_("Options useful for debugging") },
937 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
938 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
939 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
940 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
941 "dirmngr", "do not detach from the console",
942 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
943 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
944 "dirmngr", N_("|FILE|write server mode logs to FILE"),
945 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
946 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
948 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
949 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
951 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
954 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
955 "gnupg", N_("Options controlling the interactivity and enforcement") },
956 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
957 "dirmngr", "run without asking a user",
958 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
959 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
960 "dirmngr", "force loading of outdated CRLs",
961 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
962 { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
963 "dirmngr", "allow online software version check",
964 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
967 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
968 "gnupg", N_("Options controlling the use of Tor") },
969 { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
970 "dirmngr", "route all network traffic via TOR",
971 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
974 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
975 "gnupg", N_("Configuration for Keyservers") },
976 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
977 "gnupg", N_("|URL|use keyserver at URL"),
978 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
981 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
982 "gnupg", N_("Configuration for HTTP servers") },
983 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
984 "dirmngr", "inhibit the use of HTTP",
985 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
986 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
987 "dirmngr", "ignore HTTP CRL distribution points",
988 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
989 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
990 "dirmngr", "|URL|redirect all HTTP requests to URL",
991 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
992 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
993 "gnupg", N_("use system's HTTP proxy setting"),
994 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
997 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
998 "gnupg", N_("Configuration of LDAP servers to use") },
999 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1000 "dirmngr", "inhibit the use of LDAP",
1001 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1002 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1003 "dirmngr", "ignore LDAP CRL distribution points",
1004 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1005 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1006 "dirmngr", "|HOST|use HOST for LDAP queries",
1007 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1008 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1009 "dirmngr", "do not use fallback hosts with --ldap-proxy",
1010 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1011 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1012 "dirmngr", "add new servers discovered in CRL distribution points"
1013 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1014 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1015 "dirmngr", "|N|set LDAP timeout to N seconds",
1016 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
1017 /* The following entry must not be removed, as it is required for
1018 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
1019 { "ldapserverlist-file",
1020 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1021 "dirmngr", "|FILE|read LDAP server list from FILE",
1022 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
1023 /* This entry must come after at least one entry for
1024 GC_BACKEND_DIRMNGR in this component, so that the entry for
1025 "ldapserverlist-file will be initialized before this one. */
1026 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
1027 "gnupg", N_("LDAP server list"),
1028 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
1029 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1030 "dirmngr", "|N|do not return more than N items in one query",
1031 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
1034 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
1035 "gnupg", N_("Configuration for OCSP") },
1036 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1037 "dirmngr", "allow sending OCSP requests",
1038 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1039 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1040 "dirmngr", "ignore certificate contained OCSP service URLs",
1041 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1042 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1043 "dirmngr", "|URL|use OCSP responder at URL",
1044 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1045 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1046 "dirmngr", "|FPR|OCSP response signed by FPR",
1047 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1052 #endif /*BUILD_WITH_DIRMNGR*/
1055 /* The options of the GC_COMPONENT_PINENTRY component. */
1056 static gc_option_t gc_options_pinentry[] =
1058 /* A dummy option to allow gc_component_list_components to find the
1059 pinentry backend. Needs to be a conf file. */
1060 { GPGCONF_NAME"-pinentry.conf",
1061 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1062 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_PINENTRY },
1069 /* Component system. Each component is a set of options that can be
1070 configured at the same time. If you change this, don't forget to
1071 update GC_COMPONENT below. */
1074 /* The classic GPG for OpenPGP. */
1077 /* The GPG Agent. */
1078 GC_COMPONENT_GPG_AGENT,
1080 /* The Smardcard Daemon. */
1081 GC_COMPONENT_SCDAEMON,
1083 /* GPG for S/MIME. */
1086 /* The LDAP Directory Manager for CRLs. */
1087 GC_COMPONENT_DIRMNGR,
1089 /* The external Pinentry. */
1090 GC_COMPONENT_PINENTRY,
1092 /* The number of components. */
1097 /* The information associated with each component. */
1100 /* The name of this component. Must not contain a colon (':')
1104 /* The gettext domain for the description DESC. If this is NULL,
1105 then the description is not translated. */
1106 const char *desc_domain;
1108 /* The description for this domain. */
1111 /* The list of options for this component, terminated by
1113 gc_option_t *options;
1116 { "gpg", "gnupg", N_("OpenPGP"), gc_options_gpg },
1117 { "gpg-agent","gnupg", N_("Private Keys"), gc_options_gpg_agent },
1118 { "scdaemon", "gnupg", N_("Smartcards"), gc_options_scdaemon },
1119 { "gpgsm", "gnupg", N_("S/MIME"), gc_options_gpgsm },
1120 { "dirmngr", "gnupg", N_("Network"), gc_options_dirmngr },
1121 { "pinentry", "gnupg", N_("Passphrase Entry"), gc_options_pinentry }
1126 /* Structure used to collect error output of the backend programs. */
1127 struct error_line_s;
1128 typedef struct error_line_s *error_line_t;
1131 error_line_t next; /* Link to next item. */
1132 const char *fname; /* Name of the config file (points into BUFFER). */
1133 unsigned int lineno; /* Line number of the config file. */
1134 const char *errtext; /* Text of the error message (points into BUFFER). */
1135 char buffer[1]; /* Helper buffer. */
1141 /* Initialization and finalization. */
1144 gc_option_free (gc_option_t *o)
1146 if (o == NULL || o->name == NULL)
1150 gc_option_free (o + 1);
1154 gc_components_free (void)
1157 for (i = 0; i < DIM (gc_component); i++)
1158 gc_option_free (gc_component[i].options);
1162 gc_components_init (void)
1164 atexit (gc_components_free);
1169 /* Engine specific support. */
1171 gpg_agent_runtime_change (int killflag)
1173 gpg_error_t err = 0;
1174 const char *pgmname;
1175 const char *argv[5];
1176 pid_t pid = (pid_t)(-1);
1177 char *abs_homedir = NULL;
1180 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1181 if (!gnupg_default_homedir_p ())
1183 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1185 err = gpg_error_from_syserror ();
1187 argv[i++] = "--homedir";
1188 argv[i++] = abs_homedir;
1190 argv[i++] = "--no-autostart";
1191 argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT";
1195 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1197 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1199 gc_error (0, 0, "error running '%s %s': %s",
1200 pgmname, argv[1], gpg_strerror (err));
1201 gnupg_release_process (pid);
1202 xfree (abs_homedir);
1207 scdaemon_runtime_change (int killflag)
1209 gpg_error_t err = 0;
1210 const char *pgmname;
1211 const char *argv[9];
1212 pid_t pid = (pid_t)(-1);
1213 char *abs_homedir = NULL;
1216 (void)killflag; /* For scdaemon kill and reload are synonyms. */
1218 /* We use "GETINFO app_running" to see whether the agent is already
1219 running and kill it only in this case. This avoids an explicit
1220 starting of the agent in case it is not yet running. There is
1221 obviously a race condition but that should not harm too much. */
1223 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1224 if (!gnupg_default_homedir_p ())
1226 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1228 err = gpg_error_from_syserror ();
1230 argv[i++] = "--homedir";
1231 argv[i++] = abs_homedir;
1234 argv[i++] = "--no-autostart";
1235 argv[i++] = "GETINFO scd_running";
1236 argv[i++] = "/if ${! $?}";
1237 argv[i++] = "scd killscd";
1242 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1244 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1246 gc_error (0, 0, "error running '%s %s': %s",
1247 pgmname, argv[4], gpg_strerror (err));
1248 gnupg_release_process (pid);
1249 xfree (abs_homedir);
1254 dirmngr_runtime_change (int killflag)
1256 gpg_error_t err = 0;
1257 const char *pgmname;
1258 const char *argv[6];
1259 pid_t pid = (pid_t)(-1);
1260 char *abs_homedir = NULL;
1262 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1263 argv[0] = "--no-autostart";
1264 argv[1] = "--dirmngr";
1265 argv[2] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
1266 if (gnupg_default_homedir_p ())
1270 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1272 err = gpg_error_from_syserror ();
1274 argv[3] = "--homedir";
1275 argv[4] = abs_homedir;
1280 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1282 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1284 gc_error (0, 0, "error running '%s %s': %s",
1285 pgmname, argv[2], gpg_strerror (err));
1286 gnupg_release_process (pid);
1287 xfree (abs_homedir);
1291 /* Launch the gpg-agent or the dirmngr if not already running. */
1293 gc_component_launch (int component)
1296 const char *pgmname;
1297 const char *argv[3];
1303 err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
1305 err = gc_component_launch (GC_COMPONENT_DIRMNGR);
1309 if (!(component == GC_COMPONENT_GPG_AGENT
1310 || component == GC_COMPONENT_DIRMNGR))
1312 es_fputs (_("Component not suitable for launching"), es_stderr);
1313 es_putc ('\n', es_stderr);
1314 gpgconf_failure (0);
1317 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1319 if (component == GC_COMPONENT_DIRMNGR)
1320 argv[i++] = "--dirmngr";
1324 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1326 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1328 gc_error (0, 0, "error running '%s%s%s': %s",
1330 component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
1332 gpg_strerror (err));
1333 gnupg_release_process (pid);
1338 /* Unconditionally restart COMPONENT. */
1340 gc_component_kill (int component)
1342 int runtime[GC_BACKEND_NR];
1343 gc_option_t *option;
1344 gc_backend_t backend;
1346 /* Set a flag for the backends to be reloaded. */
1347 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1348 runtime[backend] = 0;
1352 for (component = 0; component < GC_COMPONENT_NR; component++)
1354 option = gc_component[component].options;
1355 for (; option && option->name; option++)
1356 runtime[option->backend] = 1;
1361 assert (component < GC_COMPONENT_NR);
1362 option = gc_component[component].options;
1363 for (; option && option->name; option++)
1364 runtime[option->backend] = 1;
1367 /* Do the restart for the selected backends. */
1368 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1370 if (runtime[backend] && gc_backend[backend].runtime_change)
1371 (*gc_backend[backend].runtime_change) (1);
1376 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1378 gc_component_reload (int component)
1380 int runtime[GC_BACKEND_NR];
1381 gc_option_t *option;
1382 gc_backend_t backend;
1384 /* Set a flag for the backends to be reloaded. */
1385 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1386 runtime[backend] = 0;
1390 for (component = 0; component < GC_COMPONENT_NR; component++)
1392 option = gc_component[component].options;
1393 for (; option && option->name; option++)
1394 runtime[option->backend] = 1;
1399 assert (component < GC_COMPONENT_NR);
1400 option = gc_component[component].options;
1401 for (; option && option->name; option++)
1402 runtime[option->backend] = 1;
1405 /* Do the reload for all selected backends. */
1406 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1408 if (runtime[backend] && gc_backend[backend].runtime_change)
1409 (*gc_backend[backend].runtime_change) (0);
1415 /* More or less Robust version of dgettext. It has the side effect of
1416 switching the codeset to utf-8 because this is what we want to
1417 output. In theory it is possible to keep the original code set and
1418 switch back for regular disgnostic output (redefine "_(" for that)
1419 but given the natur of this tool, being something invoked from
1420 other pograms, it does not make much sense. */
1422 my_dgettext (const char *domain, const char *msgid)
1424 #ifdef USE_SIMPLE_GETTEXT
1427 static int switched_codeset;
1430 if (!switched_codeset)
1432 switched_codeset = 1;
1433 gettext_use_utf8 (1);
1436 if (!strcmp (domain, "gnupg"))
1437 domain = PACKAGE_GT;
1439 /* FIXME: we have no dgettext, thus we can't switch. */
1441 text = (char*)gettext (msgid);
1442 return text ? text : msgid;
1446 #elif defined(ENABLE_NLS)
1449 static int switched_codeset;
1452 if (!switched_codeset)
1454 switched_codeset = 1;
1455 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1457 bindtextdomain (DIRMNGR_NAME, LOCALEDIR);
1458 bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
1462 /* Note: This is a hack to actually use the gnupg2 domain as
1463 long we are in a transition phase where gnupg 1.x and 1.9 may
1465 if (!strcmp (domain, "gnupg"))
1466 domain = PACKAGE_GT;
1468 text = dgettext (domain, msgid);
1469 return text ? text : msgid;
1480 /* Percent-Escape special characters. The string is valid until the
1481 next invocation of the function. */
1483 gc_percent_escape (const char *src)
1485 static char *esc_str;
1486 static int esc_str_len;
1487 int new_len = 3 * strlen (src) + 1;
1490 if (esc_str_len < new_len)
1492 char *new_esc_str = realloc (esc_str, new_len);
1494 gc_error (1, errno, "can not escape string");
1495 esc_str = new_esc_str;
1496 esc_str_len = new_len;
1508 else if (*src == ':')
1510 /* The colon is used as field separator. */
1515 else if (*src == ',')
1517 /* The comma is used as list separator. */
1522 else if (*src == '\n')
1524 /* The newline is problematic in a line-based format. */
1539 /* Percent-Deescape special characters. The string is valid until the
1540 next invocation of the function. */
1542 percent_deescape (const char *src)
1546 int new_len = 3 * strlen (src) + 1;
1549 if (str_len < new_len)
1551 char *new_str = realloc (str, new_len);
1553 gc_error (1, errno, "can not deescape string");
1563 int val = hextobyte (src + 1);
1566 gc_error (1, 0, "malformed end of string %s", src);
1568 *(dst++) = (char) val;
1572 *(dst++) = *(src++);
1579 /* List all components that are available. */
1581 gc_component_list_components (estream_t out)
1583 gc_component_t component;
1584 gc_option_t *option;
1585 gc_backend_t backend;
1586 int backend_seen[GC_BACKEND_NR];
1588 const char *pgmname;
1590 for (component = 0; component < GC_COMPONENT_NR; component++)
1592 option = gc_component[component].options;
1595 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1596 backend_seen[backend] = 0;
1599 for (; option && option->name; option++)
1601 if ((option->flags & GC_OPT_FLAG_GROUP))
1603 backend = option->backend;
1604 if (backend_seen[backend])
1606 backend_seen[backend] = 1;
1607 assert (backend != GC_BACKEND_ANY);
1608 if (gc_backend[backend].program
1609 && !gc_backend[backend].module_name)
1611 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1615 desc = gc_component[component].desc;
1616 desc = my_dgettext (gc_component[component].desc_domain, desc);
1617 es_fprintf (out, "%s:%s:",
1618 gc_component[component].name, gc_percent_escape (desc));
1619 es_fprintf (out, "%s\n", gc_percent_escape (pgmname));
1627 all_digits_p (const char *p, size_t len)
1631 for (; len; len--, p++)
1632 if (!isascii (*p) || !isdigit (*p))
1634 return 1; /* Yes. */
1638 /* Collect all error lines from stream FP. Only lines prefixed with
1639 TAG are considered. Returns a list of error line items (which may
1640 be empty). There is no error return. */
1642 collect_error_output (estream_t fp, const char *tag)
1648 error_line_t eitem, errlines, *errlines_tail;
1649 size_t taglen = strlen (tag);
1652 errlines_tail = &errlines;
1655 while ((c=es_getc (fp)) != EOF)
1658 if (pos >= sizeof buffer - 5 || c == '\n')
1660 buffer[pos - (c == '\n')] = 0;
1662 ; /*Ignore continuations of previous line. */
1663 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1665 /* "gpgsm: foo:4: bla" */
1666 /* Yep, we are interested in this line. */
1667 p = buffer + taglen + 1;
1668 while (*p == ' ' || *p == '\t')
1670 trim_trailing_spaces (p); /* Get rid of extra CRs. */
1672 ; /* Empty lines are ignored. */
1673 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1674 && all_digits_p (p2+1, p3 - (p2+1)))
1676 /* Line in standard compiler format. */
1678 while (*p3 == ' ' || *p3 == '\t')
1680 eitem = xmalloc (sizeof *eitem + strlen (p));
1682 strcpy (eitem->buffer, p);
1683 eitem->fname = eitem->buffer;
1684 eitem->buffer[p2-p] = 0;
1685 eitem->errtext = eitem->buffer + (p3 - p);
1686 /* (we already checked that there are only ascii
1687 digits followed by a colon) */
1689 for (p2++; isdigit (*p2); p2++)
1690 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1691 *errlines_tail = eitem;
1692 errlines_tail = &eitem->next;
1696 /* Other error output. */
1697 eitem = xmalloc (sizeof *eitem + strlen (p));
1699 strcpy (eitem->buffer, p);
1700 eitem->fname = NULL;
1701 eitem->errtext = eitem->buffer;
1703 *errlines_tail = eitem;
1704 errlines_tail = &eitem->next;
1708 /* If this was not a complete line mark that we are in a
1710 cont_line = (c != '\n');
1714 /* We ignore error lines not terminated by a LF. */
1719 /* Check the options of a single component. Returns 0 if everything
1722 gc_component_check_options (int component, estream_t out, const char *conf_file)
1725 unsigned int result;
1726 int backend_seen[GC_BACKEND_NR];
1727 gc_backend_t backend;
1728 gc_option_t *option;
1729 const char *pgmname;
1730 const char *argv[4];
1735 error_line_t errlines;
1737 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1738 backend_seen[backend] = 0;
1740 option = gc_component[component].options;
1741 for (; option && option->name; option++)
1743 if ((option->flags & GC_OPT_FLAG_GROUP))
1745 backend = option->backend;
1746 if (backend_seen[backend])
1748 backend_seen[backend] = 1;
1749 assert (backend != GC_BACKEND_ANY);
1750 if (!gc_backend[backend].program)
1752 if (!gc_backend[backend].module_name)
1757 if (! option || ! option->name)
1760 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1764 argv[i++] = "--options";
1765 argv[i++] = conf_file;
1767 if (component == GC_COMPONENT_PINENTRY)
1768 argv[i++] = "--version";
1770 argv[i++] = "--gpgconf-test";
1775 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
1776 NULL, NULL, &errfp, &pid);
1778 result |= 1; /* Program could not be run. */
1781 errlines = collect_error_output (errfp,
1782 gc_component[component].name);
1783 if (gnupg_wait_process (pgmname, pid, 1, &exitcode))
1786 result |= 1; /* Program could not be run or it
1787 terminated abnormally. */
1788 result |= 2; /* Program returned an error. */
1790 gnupg_release_process (pid);
1794 /* If the program could not be run, we can't tell whether
1795 the config file is good. */
1802 error_line_t errptr;
1804 desc = gc_component[component].desc;
1805 desc = my_dgettext (gc_component[component].desc_domain, desc);
1806 es_fprintf (out, "%s:%s:",
1807 gc_component[component].name, gc_percent_escape (desc));
1808 es_fputs (gc_percent_escape (pgmname), out);
1809 es_fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1810 for (errptr = errlines; errptr; errptr = errptr->next)
1812 if (errptr != errlines)
1813 es_fputs ("\n:::::", out); /* Continuation line. */
1815 es_fputs (gc_percent_escape (errptr->fname), out);
1818 es_fprintf (out, "%u", errptr->lineno);
1820 es_fputs (gc_percent_escape (errptr->errtext), out);
1823 es_putc ('\n', out);
1828 error_line_t tmp = errlines->next;
1838 /* Check all components that are available. */
1840 gc_check_programs (estream_t out)
1842 gc_component_t component;
1844 for (component = 0; component < GC_COMPONENT_NR; component++)
1845 gc_component_check_options (component, out, NULL);
1850 /* Find the component with the name NAME. Returns -1 if not
1853 gc_component_find (const char *name)
1857 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1859 if (gc_component[idx].options
1860 && !strcmp (name, gc_component[idx].name))
1867 /* List the option OPTION. */
1869 list_one_option (const gc_option_t *option, estream_t out)
1871 const char *desc = NULL;
1872 char *arg_name = NULL;
1876 desc = my_dgettext (option->desc_domain, option->desc);
1880 const char *arg_tail = strchr (&desc[1], '|');
1884 int arg_len = arg_tail - &desc[1];
1885 arg_name = xmalloc (arg_len + 1);
1886 memcpy (arg_name, &desc[1], arg_len);
1887 arg_name[arg_len] = '\0';
1888 desc = arg_tail + 1;
1894 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1895 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1898 /* The name field. */
1899 es_fprintf (out, "%s", option->name);
1901 /* The flags field. */
1902 es_fprintf (out, ":%lu", option->flags);
1908 es_fprintf (out, "none");
1911 unsigned long flags = option->flags;
1912 unsigned long flag = 0;
1913 unsigned long first = 1;
1923 es_fprintf (out, "%s", gc_flag[flag].name);
1931 /* The level field. */
1932 es_fprintf (out, ":%u", option->level);
1934 es_fprintf (out, " %s", gc_level[option->level].name);
1936 /* The description field. */
1937 es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1939 /* The type field. */
1940 es_fprintf (out, ":%u", option->arg_type);
1942 es_fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1944 /* The alternate type field. */
1945 es_fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1947 es_fprintf (out, " %s",
1948 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1950 /* The argument name field. */
1951 es_fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1954 /* The default value field. */
1955 es_fprintf (out, ":%s", option->default_value ? option->default_value : "");
1957 /* The default argument field. */
1958 es_fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1960 /* The value field. */
1961 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1962 && (option->flags & GC_OPT_FLAG_LIST)
1964 /* The special format "1,1,1,1,...,1" is converted to a number
1966 es_fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1968 es_fprintf (out, ":%s", option->value ? option->value : "");
1970 /* ADD NEW FIELDS HERE. */
1972 es_putc ('\n', out);
1976 /* List all options of the component COMPONENT. */
1978 gc_component_list_options (int component, estream_t out)
1980 const gc_option_t *option = gc_component[component].options;
1982 while (option && option->name)
1984 /* Do not output unknown or internal options. */
1985 if (!(option->flags & GC_OPT_FLAG_GROUP)
1986 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1992 if (option->flags & GC_OPT_FLAG_GROUP)
1994 const gc_option_t *group_option = option + 1;
1995 gc_expert_level_t level = GC_LEVEL_NR;
1997 /* The manual states that the group level is always the
1998 minimum of the levels of all contained options. Due to
1999 different active options, and because it is hard to
2000 maintain manually, we calculate it here. The value in
2001 the global static table is ignored. */
2003 while (group_option->name)
2005 if (group_option->flags & GC_OPT_FLAG_GROUP)
2007 if (group_option->level < level)
2008 level = group_option->level;
2012 /* Check if group is empty. */
2013 if (level != GC_LEVEL_NR)
2015 gc_option_t opt_copy;
2017 /* Fix up the group level. */
2018 memcpy (&opt_copy, option, sizeof (opt_copy));
2019 opt_copy.level = level;
2020 list_one_option (&opt_copy, out);
2024 list_one_option (option, out);
2031 /* Find the option NAME in component COMPONENT, for the backend
2032 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
2033 static gc_option_t *
2034 find_option (gc_component_t component, const char *name,
2035 gc_backend_t backend)
2037 gc_option_t *option = gc_component[component].options;
2038 while (option->name)
2040 if (!(option->flags & GC_OPT_FLAG_GROUP)
2041 && !strcmp (option->name, name)
2042 && (backend == GC_BACKEND_ANY || option->backend == backend))
2046 return option->name ? option : NULL;
2050 /* Determine the configuration filename for the component COMPONENT
2051 and backend BACKEND. */
2053 get_config_filename (gc_component_t component, gc_backend_t backend)
2055 char *filename = NULL;
2056 gc_option_t *option = find_option
2057 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2059 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
2060 assert (!(option->flags & GC_OPT_FLAG_LIST));
2062 if (!option->active || !option->default_value)
2063 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
2064 gc_backend[backend].option_config_filename,
2065 gc_backend[backend].name);
2067 if (option->value && *option->value)
2068 filename = percent_deescape (&option->value[1]);
2069 else if (option->default_value && *option->default_value)
2070 filename = percent_deescape (&option->default_value[1]);
2074 #if HAVE_W32CE_SYSTEM
2075 if (!(filename[0] == '/' || filename[0] == '\\'))
2076 #elif defined(HAVE_DOSISH_SYSTEM)
2078 && filename[1] == ':'
2079 && (filename[2] == '/' || filename[2] == '\\')) /* x:\ or x:/ */
2080 && !((filename[0] == '\\' && filename[1] == '\\')
2081 || (filename[0] == '/' && filename[1] == '/'))) /* \\server */
2083 if (filename[0] != '/')
2085 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
2086 gc_backend[backend].option_config_filename,
2087 gc_backend[backend].name);
2093 /* Retrieve the options for the component COMPONENT from backend
2094 * BACKEND, which we already know is a program-type backend. With
2095 * ONLY_INSTALLED set components which are not installed are silently
2098 retrieve_options_from_program (gc_component_t component, gc_backend_t backend,
2102 const char *pgmname;
2103 const char *argv[2];
2108 size_t line_len = 0;
2111 char *config_filename;
2113 pgmname = (gc_backend[backend].module_name
2114 ? gnupg_module_name (gc_backend[backend].module_name)
2115 : gc_backend[backend].program );
2116 argv[0] = "--gpgconf-list";
2119 if (only_installed && access (pgmname, X_OK))
2121 return; /* The component is not installed. */
2124 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
2125 NULL, &outfp, NULL, &pid);
2128 gc_error (1, 0, "could not gather active options from '%s': %s",
2129 pgmname, gpg_strerror (err));
2132 while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
2134 gc_option_t *option;
2136 unsigned long flags = 0;
2137 char *default_value = NULL;
2139 /* Strip newline and carriage return, if present. */
2141 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
2142 line[--length] = '\0';
2144 linep = strchr (line, ':');
2148 /* Extract additional flags. Default to none. */
2154 end = strchr (linep, ':');
2158 gpg_err_set_errno (0);
2159 flags = strtoul (linep, &tail, 0);
2161 gc_error (1, errno, "malformed flags in option %s from %s",
2163 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
2164 gc_error (1, 0, "garbage after flags in option %s from %s",
2170 /* Extract default value, if present. Default to empty if
2176 end = strchr (linep, ':');
2180 if (flags & GC_OPT_FLAG_DEFAULT)
2181 default_value = linep;
2186 /* Look up the option in the component and install the
2187 configuration data. */
2188 option = find_option (component, line, backend);
2192 gc_error (1, errno, "option %s returned twice from %s",
2196 option->flags |= flags;
2197 if (default_value && *default_value)
2198 option->default_value = xstrdup (default_value);
2201 if (length < 0 || es_ferror (outfp))
2202 gc_error (1, errno, "error reading from %s", pgmname);
2203 if (es_fclose (outfp))
2204 gc_error (1, errno, "error closing %s", pgmname);
2206 err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
2208 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
2209 pgmname, exitcode, gpg_strerror (err));
2210 gnupg_release_process (pid);
2213 /* At this point, we can parse the configuration file. */
2214 config_filename = get_config_filename (component, backend);
2216 config = es_fopen (config_filename, "r");
2219 if (errno != ENOENT)
2220 gc_error (0, errno, "warning: can not open config file %s",
2225 while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
2229 gc_option_t *option;
2232 while (*name == ' ' || *name == '\t')
2234 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
2238 while (*value && *value != ' ' && *value != '\t'
2239 && *value != '#' && *value != '\r' && *value != '\n')
2241 if (*value == ' ' || *value == '\t')
2246 while (*value == ' ' || *value == '\t')
2250 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2252 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
2259 /* Look up the option in the component and install the
2260 configuration data. */
2261 option = find_option (component, line, backend);
2266 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2270 "warning: ignoring argument %s for option %s",
2272 opt_value = xstrdup ("1");
2274 else if (gc_arg_type[option->arg_type].fallback
2275 == GC_ARG_TYPE_STRING)
2276 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
2279 /* FIXME: Verify that the number is sane. */
2280 opt_value = xstrdup (value);
2283 /* Now enter the option into the table. */
2284 if (!(option->flags & GC_OPT_FLAG_LIST))
2287 xfree (option->value);
2288 option->value = opt_value;
2293 option->value = opt_value;
2296 char *old = option->value;
2297 option->value = xasprintf ("%s,%s", old, opt_value);
2305 if (length < 0 || es_ferror (config))
2306 gc_error (1, errno, "error reading from %s", config_filename);
2307 if (es_fclose (config))
2308 gc_error (1, errno, "error closing %s", config_filename);
2315 /* Retrieve the options for the component COMPONENT from backend
2316 BACKEND, which we already know is of type file list. */
2318 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2320 gc_option_t *list_option;
2321 gc_option_t *config_option;
2322 char *list_filename;
2323 gpgrt_stream_t list_file;
2325 size_t line_len = 0;
2329 list_option = find_option (component,
2330 gc_backend[backend].option_name, GC_BACKEND_ANY);
2331 assert (list_option);
2332 assert (!list_option->active);
2334 list_filename = get_config_filename (component, backend);
2335 list_file = gpgrt_fopen (list_filename, "r");
2337 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2341 while ((length = gpgrt_read_line (list_file, &line, &line_len, NULL)) > 0)
2348 while (*start == ' ' || *start == '\t')
2350 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2354 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2356 /* Walk back to skip trailing white spaces. Looks evil, but
2357 works because of the conditions on START and END imposed
2358 at this point (END is at least START + 1, and START is
2359 not a whitespace character). */
2360 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2363 /* FIXME: Oh, no! This is so lame! Should use realloc and
2367 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2372 list = xasprintf ("\"%s", gc_percent_escape (start));
2374 if (length < 0 || gpgrt_ferror (list_file))
2375 gc_error (1, errno, "can not read list file %s", list_filename);
2378 list_option->active = 1;
2379 list_option->value = list;
2381 /* Fix up the read-only flag. */
2382 config_option = find_option
2383 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2384 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2385 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2387 if (list_file && gpgrt_fclose (list_file))
2388 gc_error (1, errno, "error closing %s", list_filename);
2393 /* Retrieve the currently active options and their defaults from all
2394 involved backends for this component. Using -1 for component will
2395 retrieve all options from all installed components. */
2397 gc_component_retrieve_options (int component)
2399 int process_all = 0;
2400 int backend_seen[GC_BACKEND_NR];
2401 gc_backend_t backend;
2402 gc_option_t *option;
2404 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2405 backend_seen[backend] = 0;
2407 if (component == -1)
2411 assert (component < GC_COMPONENT_NR);
2416 if (component == GC_COMPONENT_PINENTRY)
2417 continue; /* Skip this dummy component. */
2419 option = gc_component[component].options;
2421 while (option && option->name)
2423 if (!(option->flags & GC_OPT_FLAG_GROUP))
2425 backend = option->backend;
2427 if (backend_seen[backend])
2432 backend_seen[backend] = 1;
2434 assert (backend != GC_BACKEND_ANY);
2436 if (gc_backend[backend].program)
2437 retrieve_options_from_program (component, backend,
2440 retrieve_options_from_file (component, backend);
2445 while (process_all && ++component < GC_COMPONENT_NR);
2451 /* Perform a simple validity check based on the type. Return in
2452 * NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2453 * type GC_ARG_TYPE_NONE. If VERBATIM is set the profile parsing mode
2456 option_check_validity (gc_option_t *option, unsigned long flags,
2457 char *new_value, unsigned long *new_value_nr,
2462 if (!option->active)
2463 gc_error (1, 0, "option %s not supported by backend %s",
2464 option->name, gc_backend[option->backend].name);
2466 if (option->new_flags || option->new_value)
2467 gc_error (1, 0, "option %s already changed", option->name);
2469 if (flags & GC_OPT_FLAG_DEFAULT)
2472 gc_error (1, 0, "argument %s provided for deleted option %s",
2473 new_value, option->name);
2478 /* GC_ARG_TYPE_NONE options have special list treatment. */
2479 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2483 gpg_err_set_errno (0);
2484 *new_value_nr = strtoul (new_value, &tail, 0);
2487 gc_error (1, errno, "invalid argument for option %s",
2490 gc_error (1, 0, "garbage after argument for option %s",
2493 if (!(option->flags & GC_OPT_FLAG_LIST))
2495 if (*new_value_nr != 1)
2496 gc_error (1, 0, "argument for non-list option %s of type 0 "
2497 "(none) must be 1", option->name);
2501 if (*new_value_nr == 0)
2502 gc_error (1, 0, "argument for option %s of type 0 (none) "
2503 "must be positive", option->name);
2512 if (*arg == '\0' || (*arg == ',' && !verbatim))
2514 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2515 gc_error (1, 0, "argument required for option %s", option->name);
2517 if (*arg == ',' && !verbatim && !(option->flags & GC_OPT_FLAG_LIST))
2518 gc_error (1, 0, "list found for non-list option %s", option->name);
2520 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2522 if (*arg != '"' && !verbatim)
2523 gc_error (1, 0, "string argument for option %s must begin "
2524 "with a quote (\") character", option->name);
2526 /* FIXME: We do not allow empty string arguments for now, as
2527 we do not quote arguments in configuration files, and
2528 thus no argument is indistinguishable from the empty
2530 if (arg[1] == '\0' || (arg[1] == ',' && !verbatim))
2531 gc_error (1, 0, "empty string argument for option %s is "
2532 "currently not allowed. Please report this!",
2535 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2539 gpg_err_set_errno (0);
2540 res = strtol (arg, &arg, 0);
2544 gc_error (1, errno, "invalid argument for option %s",
2547 if (*arg != '\0' && (*arg != ',' || verbatim))
2548 gc_error (1, 0, "garbage after argument for option %s",
2551 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2555 gpg_err_set_errno (0);
2556 res = strtoul (arg, &arg, 0);
2560 gc_error (1, errno, "invalid argument for option %s",
2563 if (*arg != '\0' && (*arg != ',' || verbatim))
2564 gc_error (1, 0, "garbage after argument for option %s",
2567 arg = verbatim? strchr (arg, ',') : NULL;
2571 while (arg && *arg);
2574 #ifdef HAVE_W32_SYSTEM
2576 copy_file (const char *src_name, const char *dst_name)
2578 #define BUF_LEN 4096
2579 char buffer[BUF_LEN];
2584 src = gpgrt_fopen (src_name, "r");
2588 dst = gpgrt_fopen (dst_name, "w");
2591 int saved_err = errno;
2593 gpg_err_set_errno (saved_err);
2601 len = gpgrt_fread (buffer, 1, BUF_LEN, src);
2604 written = gpgrt_fwrite (buffer, 1, len, dst);
2608 while (! gpgrt_feof (src) && ! gpgrt_ferror (src) && ! gpgrt_ferror (dst));
2610 if (gpgrt_ferror (src) || gpgrt_ferror (dst) || ! gpgrt_feof (src))
2612 int saved_errno = errno;
2616 gpg_err_set_errno (saved_errno);
2620 if (gpgrt_fclose (dst))
2621 gc_error (1, errno, "error closing %s", dst_name);
2622 if (gpgrt_fclose (src))
2623 gc_error (1, errno, "error closing %s", src_name);
2627 #endif /* HAVE_W32_SYSTEM */
2630 /* Create and verify the new configuration file for the specified
2631 * backend and component. Returns 0 on success and -1 on error. This
2632 * function may store pointers to malloced strings in SRC_FILENAMEP,
2633 * DEST_FILENAMEP, and ORIG_FILENAMEP. Those must be freed by the
2634 * caller. The strings refer to three versions of the configuration
2637 * SRC_FILENAME: The updated configuration is written to this file.
2638 * DEST_FILENAME: Name of the configuration file read by the
2640 * ORIG_FILENAME: A backup of the previous configuration file.
2642 * To apply the configuration change, rename SRC_FILENAME to
2643 * DEST_FILENAME. To revert to the previous configuration, rename
2644 * ORIG_FILENAME to DEST_FILENAME. */
2646 change_options_file (gc_component_t component, gc_backend_t backend,
2647 char **src_filenamep, char **dest_filenamep,
2648 char **orig_filenamep)
2650 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2651 /* True if we are within the marker in the config file. */
2653 gc_option_t *option;
2659 gpgrt_stream_t src_file = NULL;
2660 gpgrt_stream_t dest_file = NULL;
2662 char *dest_filename;
2663 char *orig_filename;
2665 char *cur_arg = NULL;
2667 option = find_option (component,
2668 gc_backend[backend].option_name, GC_BACKEND_ANY);
2670 assert (option->active);
2671 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2673 /* FIXME. Throughout the function, do better error reporting. */
2674 /* Note that get_config_filename() calls percent_deescape(), so we
2675 call this before processing the arguments. */
2676 dest_filename = xstrdup (get_config_filename (component, backend));
2677 src_filename = xasprintf ("%s.%s.%i.new",
2678 dest_filename, GPGCONF_NAME, (int)getpid ());
2679 orig_filename = xasprintf ("%s.%s.%i.bak",
2680 dest_filename, GPGCONF_NAME, (int)getpid ());
2682 arg = option->new_value;
2683 if (arg && arg[0] == '\0')
2690 end = strchr (arg, ',');
2694 cur_arg = percent_deescape (arg);
2704 #ifdef HAVE_W32_SYSTEM
2705 res = copy_file (dest_filename, orig_filename);
2707 res = link (dest_filename, orig_filename);
2709 if (res < 0 && errno != ENOENT)
2711 xfree (dest_filename);
2712 xfree (src_filename);
2713 xfree (orig_filename);
2718 xfree (orig_filename);
2719 orig_filename = NULL;
2722 /* We now initialize the return strings, so the caller can do the
2724 *src_filenamep = src_filename;
2725 *dest_filenamep = dest_filename;
2726 *orig_filenamep = orig_filename;
2728 /* Use open() so that we can use O_EXCL. */
2729 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2732 src_file = gpgrt_fdopen (fd, "w");
2736 gpg_err_set_errno (res);
2740 /* Only if ORIG_FILENAME is not NULL did the configuration file
2741 exist already. In this case, we will copy its content into the
2742 new configuration file, changing it to our liking in the
2746 dest_file = gpgrt_fopen (dest_filename, "r");
2748 goto change_file_one_err;
2750 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
2755 if (!strncmp (marker, line, sizeof (marker) - 1))
2764 while (*start == ' ' || *start == '\t')
2766 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2775 /* Search for the end of the line. */
2776 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2779 if (*endp && *endp != ' ' && *endp != '\t'
2780 && *endp != '\r' && *endp != '\n' && *endp != '#')
2786 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2787 || !cur_arg || strcmp (start, cur_arg))
2791 /* Find next argument. */
2797 arg_end = strchr (arg, ',');
2801 cur_arg = percent_deescape (arg);
2821 gpgrt_fprintf (src_file,
2822 "# %s disabled this option here at %s\n",
2823 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2824 if (gpgrt_ferror (src_file))
2825 goto change_file_one_err;
2826 gpgrt_fprintf (src_file, "# %s", line);
2827 if (gpgrt_ferror (src_file))
2828 goto change_file_one_err;
2833 gpgrt_fprintf (src_file, "%s", line);
2834 if (gpgrt_ferror (src_file))
2835 goto change_file_one_err;
2838 if (length < 0 || gpgrt_ferror (dest_file))
2839 goto change_file_one_err;
2844 /* There was no marker. This is the first time we edit the
2845 file. We add our own marker at the end of the file and
2846 proceed. Note that we first write a newline, this guards us
2847 against files which lack the newline at the end of the last
2848 line, while it doesn't hurt us in all other cases. */
2849 gpgrt_fprintf (src_file, "\n%s\n", marker);
2850 if (gpgrt_ferror (src_file))
2851 goto change_file_one_err;
2854 /* At this point, we have copied everything up to the end marker
2855 into the new file, except for the arguments we are going to add.
2856 Now, dump the new arguments and write the end marker, possibly
2857 followed by the rest of the original file. */
2860 gpgrt_fprintf (src_file, "%s\n", cur_arg);
2862 /* Find next argument. */
2868 end = strchr (arg, ',');
2872 cur_arg = percent_deescape (arg);
2885 gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2886 if (gpgrt_ferror (src_file))
2887 goto change_file_one_err;
2891 gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
2893 if (gpgrt_ferror (src_file))
2894 goto change_file_one_err;
2895 gpgrt_fprintf (src_file, "# It will disable options before this marked "
2896 "block, but it will\n");
2897 if (gpgrt_ferror (src_file))
2898 goto change_file_one_err;
2899 gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
2900 if (gpgrt_ferror (src_file))
2901 goto change_file_one_err;
2905 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
2907 gpgrt_fprintf (src_file, "%s", line);
2908 if (gpgrt_ferror (src_file))
2909 goto change_file_one_err;
2911 if (length < 0 || gpgrt_ferror (dest_file))
2912 goto change_file_one_err;
2917 res = gpgrt_fclose (src_file);
2923 gpgrt_fclose (dest_file);
2924 gpg_err_set_errno (res);
2930 res = gpgrt_fclose (dest_file);
2936 change_file_one_err:
2941 gpgrt_fclose (src_file);
2945 gpgrt_fclose (dest_file);
2946 gpg_err_set_errno (res);
2951 /* Create and verify the new configuration file for the specified
2952 * backend and component. Returns 0 on success and -1 on error. If
2953 * VERBATIM is set the profile mode is used. This function may store
2954 * pointers to malloced strings in SRC_FILENAMEP, DEST_FILENAMEP, and
2955 * ORIG_FILENAMEP. Those must be freed by the caller. The strings
2956 * refer to three versions of the configuration file:
2958 * SRC_FILENAME: The updated configuration is written to this file.
2959 * DEST_FILENAME: Name of the configuration file read by the
2961 * ORIG_FILENAME: A backup of the previous configuration file.
2963 * To apply the configuration change, rename SRC_FILENAME to
2964 * DEST_FILENAME. To revert to the previous configuration, rename
2965 * ORIG_FILENAME to DEST_FILENAME. */
2967 change_options_program (gc_component_t component, gc_backend_t backend,
2968 char **src_filenamep, char **dest_filenamep,
2969 char **orig_filenamep,
2972 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2973 /* True if we are within the marker in the config file. */
2975 gc_option_t *option;
2981 gpgrt_stream_t src_file = NULL;
2982 gpgrt_stream_t dest_file = NULL;
2984 char *dest_filename;
2985 char *orig_filename;
2986 /* Special hack for gpg, see below. */
2987 int utf8strings_seen = 0;
2989 /* FIXME. Throughout the function, do better error reporting. */
2990 dest_filename = xstrdup (get_config_filename (component, backend));
2991 src_filename = xasprintf ("%s.%s.%i.new",
2992 dest_filename, GPGCONF_NAME, (int)getpid ());
2993 orig_filename = xasprintf ("%s.%s.%i.bak",
2994 dest_filename, GPGCONF_NAME, (int)getpid ());
2996 #ifdef HAVE_W32_SYSTEM
2997 res = copy_file (dest_filename, orig_filename);
2999 res = link (dest_filename, orig_filename);
3001 if (res < 0 && errno != ENOENT)
3003 xfree (dest_filename);
3004 xfree (src_filename);
3005 xfree (orig_filename);
3010 xfree (orig_filename);
3011 orig_filename = NULL;
3014 /* We now initialize the return strings, so the caller can do the
3016 *src_filenamep = src_filename;
3017 *dest_filenamep = dest_filename;
3018 *orig_filenamep = orig_filename;
3020 /* Use open() so that we can use O_EXCL. */
3021 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
3024 src_file = gpgrt_fdopen (fd, "w");
3028 gpg_err_set_errno (res);
3032 /* Only if ORIG_FILENAME is not NULL did the configuration file
3033 exist already. In this case, we will copy its content into the
3034 new configuration file, changing it to our liking in the
3038 dest_file = gpgrt_fopen (dest_filename, "r");
3040 goto change_one_err;
3042 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
3047 if (!strncmp (marker, line, sizeof (marker) - 1))
3054 else if (backend == GC_BACKEND_GPG && in_marker
3055 && ! strcmp ("utf8-strings\n", line))
3057 /* Strip duplicated entries. */
3058 if (utf8strings_seen)
3061 utf8strings_seen = 1;
3065 while (*start == ' ' || *start == '\t')
3067 if (*start && *start != '\r' && *start != '\n' && *start != '#')
3073 while (*end && *end != ' ' && *end != '\t'
3074 && *end != '\r' && *end != '\n' && *end != '#')
3079 option = find_option (component, start, backend);
3081 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
3082 || option->new_value))
3089 gpgrt_fprintf (src_file,
3090 "# %s disabled this option here at %s\n",
3091 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
3092 if (gpgrt_ferror (src_file))
3093 goto change_one_err;
3094 gpgrt_fprintf (src_file, "# %s", line);
3095 if (gpgrt_ferror (src_file))
3096 goto change_one_err;
3101 gpgrt_fprintf (src_file, "%s", line);
3102 if (gpgrt_ferror (src_file))
3103 goto change_one_err;
3106 if (length < 0 || gpgrt_ferror (dest_file))
3107 goto change_one_err;
3112 /* There was no marker. This is the first time we edit the
3113 file. We add our own marker at the end of the file and
3114 proceed. Note that we first write a newline, this guards us
3115 against files which lack the newline at the end of the last
3116 line, while it doesn't hurt us in all other cases. */
3117 gpgrt_fprintf (src_file, "\n%s\n", marker);
3118 if (gpgrt_ferror (src_file))
3119 goto change_one_err;
3121 /* At this point, we have copied everything up to the end marker
3122 into the new file, except for the options we are going to change.
3123 Now, dump the changed options (except for those we are going to
3124 revert to their default), and write the end marker, possibly
3125 followed by the rest of the original file. */
3127 /* We have to turn on UTF8 strings for GnuPG. */
3128 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
3129 gpgrt_fprintf (src_file, "utf8-strings\n");
3131 option = gc_component[component].options;
3132 while (option->name)
3134 if (!(option->flags & GC_OPT_FLAG_GROUP)
3135 && option->backend == backend
3136 && option->new_value)
3138 char *arg = option->new_value;
3142 if (*arg == '\0' || *arg == ',')
3144 gpgrt_fprintf (src_file, "%s\n", option->name);
3145 if (gpgrt_ferror (src_file))
3146 goto change_one_err;
3148 else if (gc_arg_type[option->arg_type].fallback
3149 == GC_ARG_TYPE_NONE)
3151 assert (*arg == '1');
3152 gpgrt_fprintf (src_file, "%s\n", option->name);
3153 if (gpgrt_ferror (src_file))
3154 goto change_one_err;
3158 else if (gc_arg_type[option->arg_type].fallback
3159 == GC_ARG_TYPE_STRING)
3165 log_assert (*arg == '"');
3168 end = strchr (arg, ',');
3175 gpgrt_fprintf (src_file, "%s %s\n", option->name,
3176 verbatim? arg : percent_deescape (arg));
3177 if (gpgrt_ferror (src_file))
3178 goto change_one_err;
3188 end = strchr (arg, ',');
3192 gpgrt_fprintf (src_file, "%s %s\n", option->name, arg);
3193 if (gpgrt_ferror (src_file))
3194 goto change_one_err;
3201 assert (arg == NULL || *arg == '\0' || *arg == ',');
3202 if (arg && *arg == ',')
3205 while (arg && *arg);
3210 gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
3211 if (gpgrt_ferror (src_file))
3212 goto change_one_err;
3216 gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
3218 if (gpgrt_ferror (src_file))
3219 goto change_one_err;
3220 gpgrt_fprintf (src_file, "# It will disable options before this marked "
3221 "block, but it will\n");
3222 if (gpgrt_ferror (src_file))
3223 goto change_one_err;
3224 gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
3225 if (gpgrt_ferror (src_file))
3226 goto change_one_err;
3230 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
3232 gpgrt_fprintf (src_file, "%s", line);
3233 if (gpgrt_ferror (src_file))
3234 goto change_one_err;
3236 if (length < 0 || gpgrt_ferror (dest_file))
3237 goto change_one_err;
3242 res = gpgrt_fclose (src_file);
3248 gpgrt_fclose (dest_file);
3249 gpg_err_set_errno (res);
3255 res = gpgrt_fclose (dest_file);
3266 gpgrt_fclose (src_file);
3270 gpgrt_fclose (dest_file);
3271 gpg_err_set_errno (res);
3276 /* Common code for gc_component_change_options and
3277 * gc_process_gpgconf_conf. If VERBATIM is set the profile parsing
3280 change_one_value (gc_option_t *option, int *runtime,
3281 unsigned long flags, char *new_value, int verbatim)
3283 unsigned long new_value_nr = 0;
3285 option_check_validity (option, flags, new_value, &new_value_nr, verbatim);
3287 if (option->flags & GC_OPT_FLAG_RUNTIME)
3288 runtime[option->backend] = 1;
3290 option->new_flags = flags;
3291 if (!(flags & GC_OPT_FLAG_DEFAULT))
3293 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
3294 && (option->flags & GC_OPT_FLAG_LIST))
3298 /* We convert the number to a list of 1's for convenient
3300 assert (new_value_nr > 0);
3301 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
3302 str = option->new_value;
3304 while (--new_value_nr > 0)
3312 option->new_value = xstrdup (new_value);
3317 /* Read the modifications from IN and apply them. If IN is NULL the
3318 modifications are expected to already have been set to the global
3319 table. If VERBATIM is set the profile mode is used. */
3321 gc_component_change_options (int component, estream_t in, estream_t out,
3326 int runtime[GC_BACKEND_NR];
3327 char *src_filename[GC_BACKEND_NR];
3328 char *dest_filename[GC_BACKEND_NR];
3329 char *orig_filename[GC_BACKEND_NR];
3330 gc_backend_t backend;
3331 gc_option_t *option;
3333 size_t line_len = 0;
3336 if (component == GC_COMPONENT_PINENTRY)
3337 return; /* Dummy component for now. */
3339 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3341 runtime[backend] = 0;
3342 src_filename[backend] = NULL;
3343 dest_filename[backend] = NULL;
3344 orig_filename[backend] = NULL;
3349 /* Read options from the file IN. */
3350 while ((length = es_read_line (in, &line, &line_len, NULL)) > 0)
3353 unsigned long flags = 0;
3354 char *new_value = "";
3356 /* Strip newline and carriage return, if present. */
3358 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3359 line[--length] = '\0';
3361 linep = strchr (line, ':');
3365 /* Extract additional flags. Default to none. */
3371 end = strchr (linep, ':');
3375 gpg_err_set_errno (0);
3376 flags = strtoul (linep, &tail, 0);
3378 gc_error (1, errno, "malformed flags in option %s", line);
3379 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3380 gc_error (1, 0, "garbage after flags in option %s", line);
3385 /* Don't allow setting of the no change flag. */
3386 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3388 /* Extract default value, if present. Default to empty if not. */
3392 end = strchr (linep, ':');
3399 option = find_option (component, line, GC_BACKEND_ANY);
3401 gc_error (1, 0, "unknown option %s", line);
3403 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3405 gc_error (0, 0, "ignoring new value for option %s",
3410 change_one_value (option, runtime, flags, new_value, 0);
3412 if (length < 0 || gpgrt_ferror (in))
3413 gc_error (1, errno, "error reading stream 'in'");
3416 /* Now that we have collected and locally verified the changes,
3417 write them out to new configuration files, verify them
3418 externally, and then commit them. */
3419 option = gc_component[component].options;
3420 while (option && option->name)
3422 /* Go on if we have already seen this backend, or if there is
3424 if (src_filename[option->backend]
3425 || !(option->new_flags || option->new_value))
3431 if (gc_backend[option->backend].program)
3433 err = change_options_program (component, option->backend,
3434 &src_filename[option->backend],
3435 &dest_filename[option->backend],
3436 &orig_filename[option->backend],
3440 /* External verification. */
3441 err = gc_component_check_options (component, out,
3442 src_filename[option->backend]);
3446 _("External verification of component %s failed"),
3447 gc_component[component].name);
3448 gpg_err_set_errno (EINVAL);
3454 err = change_options_file (component, option->backend,
3455 &src_filename[option->backend],
3456 &dest_filename[option->backend],
3457 &orig_filename[option->backend]);
3465 /* We are trying to atomically commit all changes. Unfortunately,
3466 we cannot rely on gnupg_rename_file to manage the signals for us,
3467 doing so would require us to pass NULL as BLOCK to any subsequent
3468 call to it. Instead, we just manage the signal handling
3471 gnupg_block_all_signals ();
3473 if (! err && ! opt.dry_run)
3477 for (i = 0; i < GC_BACKEND_NR; i++)
3479 if (src_filename[i])
3481 /* FIXME: Make a verification here. */
3483 assert (dest_filename[i]);
3485 if (orig_filename[i])
3486 err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
3489 #ifdef HAVE_W32_SYSTEM
3490 /* We skip the unlink if we expect the file not to
3492 err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
3493 #else /* HAVE_W32_SYSTEM */
3494 /* This is a bit safer than rename() because we
3495 expect DEST_FILENAME not to be there. If it
3496 happens to be there, this will fail. */
3497 err = link (src_filename[i], dest_filename[i]);
3499 err = unlink (src_filename[i]);
3500 #endif /* !HAVE_W32_SYSTEM */
3504 xfree (src_filename[i]);
3505 src_filename[i] = NULL;
3510 if (err || opt.dry_run)
3513 int saved_errno = errno;
3515 /* An error occurred or a dry-run is requested. */
3516 for (i = 0; i < GC_BACKEND_NR; i++)
3518 if (src_filename[i])
3520 /* The change was not yet committed. */
3521 unlink (src_filename[i]);
3522 if (orig_filename[i])
3523 unlink (orig_filename[i]);
3527 /* The changes were already committed. FIXME: This is a
3528 tad dangerous, as we don't know if we don't overwrite
3529 a version of the file that is even newer than the one
3530 we just installed. */
3531 if (orig_filename[i])
3532 gnupg_rename_file (orig_filename[i], dest_filename[i], NULL);
3534 unlink (dest_filename[i]);
3538 gc_error (1, saved_errno, "could not commit changes");
3540 /* Fall-through for dry run. */
3544 /* If it all worked, notify the daemons of the changes. */
3546 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3548 if (runtime[backend] && gc_backend[backend].runtime_change)
3549 (*gc_backend[backend].runtime_change) (0);
3552 /* Move the per-process backup file into its place. */
3553 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3554 if (orig_filename[backend])
3556 char *backup_filename;
3558 assert (dest_filename[backend]);
3560 backup_filename = xasprintf ("%s.%s.bak",
3561 dest_filename[backend], GPGCONF_NAME);
3562 gnupg_rename_file (orig_filename[backend], backup_filename, NULL);
3563 xfree (backup_filename);
3568 gnupg_unblock_all_signals ();
3570 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3572 xfree (src_filename[backend]);
3573 xfree (dest_filename[backend]);
3574 xfree (orig_filename[backend]);
3579 /* Check whether USER matches the current user of one of its group.
3580 This function may change USER. Returns true is there is a
3583 key_matches_user_or_group (char *user)
3587 if (*user == '*' && user[1] == 0)
3588 return 1; /* A single asterisk matches all users. */
3590 group = strchr (user, ':');
3594 #ifdef HAVE_W32_SYSTEM
3595 /* Under Windows we don't support groups. */
3596 if (group && *group)
3597 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3598 #ifndef HAVE_W32CE_SYSTEM
3601 static char *my_name;
3608 GetUserNameA (tmp, &size);
3609 my_name = xmalloc (size);
3610 if (!GetUserNameA (my_name, &size))
3611 gc_error (1,0, "error getting current user name: %s",
3615 if (!strcmp (user, my_name))
3616 return 1; /* Found. */
3618 #endif /*HAVE_W32CE_SYSTEM*/
3619 #else /*!HAVE_W32_SYSTEM*/
3620 /* First check whether the user matches. */
3623 static char *my_name;
3627 struct passwd *pw = getpwuid ( getuid () );
3629 gc_error (1, errno, "getpwuid failed for current user");
3630 my_name = xstrdup (pw->pw_name);
3632 if (!strcmp (user, my_name))
3633 return 1; /* Found. */
3636 /* If that failed, check whether a group matches. */
3637 if (group && *group)
3639 static char *my_group;
3640 static char **my_supgroups;
3645 struct group *gr = getgrgid ( getgid () );
3647 gc_error (1, errno, "getgrgid failed for current user");
3648 my_group = xstrdup (gr->gr_name);
3650 if (!strcmp (group, my_group))
3651 return 1; /* Found. */
3658 ngids = getgroups (0, NULL);
3659 gids = xcalloc (ngids+1, sizeof *gids);
3660 ngids = getgroups (ngids, gids);
3662 gc_error (1, errno, "getgroups failed for current user");
3663 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3664 for (n=0; n < ngids; n++)
3666 struct group *gr = getgrgid ( gids[n] );
3668 gc_error (1, errno, "getgrgid failed for supplementary group");
3669 my_supgroups[n] = xstrdup (gr->gr_name);
3674 for (n=0; my_supgroups[n]; n++)
3675 if (!strcmp (group, my_supgroups[n]))
3676 return 1; /* Found. */
3678 #endif /*!HAVE_W32_SYSTEM*/
3679 return 0; /* No match. */
3684 /* Read and process the global configuration file for gpgconf. This
3685 optional file is used to update our internal tables at runtime and
3686 may also be used to set new default values. If FNAME is NULL the
3687 default name will be used. With UPDATE set to true the internal
3688 tables are actually updated; if not set, only a syntax check is
3689 done. If DEFAULTS is true the global options are written to the
3690 configuration files. If LISTFP is set, no changes are done but the
3691 configuration file is printed to LISTFP in a colon separated format.
3693 Returns 0 on success or if the config file is not present; -1 is
3694 returned on error. */
3696 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3701 size_t line_len = 0;
3703 gpgrt_stream_t config;
3707 int runtime[GC_BACKEND_NR];
3708 int backend_id, component_id;
3712 fname = xstrdup (fname_arg);
3714 fname = make_filename (gnupg_sysconfdir (), GPGCONF_NAME EXTSEP_S "conf",
3717 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3718 runtime[backend_id] = 0;
3720 config = gpgrt_fopen (fname, "r");
3723 /* Do not print an error if the file is not available, except
3724 when running in syntax check mode. */
3725 if (errno != ENOENT || !update)
3727 gc_error (0, errno, "can not open global config file '%s'", fname);
3734 while ((length = gpgrt_read_line (config, &line, &line_len, NULL)) > 0)
3736 char *key, *component, *option, *flags, *value;
3738 gc_option_t *option_info = NULL;
3740 int is_continuation;
3744 while (*key == ' ' || *key == '\t')
3746 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3749 is_continuation = (key != line);
3751 /* Parse the key field. */
3752 if (!is_continuation && got_match)
3753 break; /* Finish after the first match. */
3754 else if (!is_continuation)
3757 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3761 gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
3763 gpgconf_write_status (STATUS_WARNING,
3764 "gpgconf.conf %d file '%s' line %d "
3766 GPG_ERR_SYNTAX, fname, lineno);
3774 gc_error (0, 0, "continuation but no rule at '%s', line %d",
3787 /* Parse the component. */
3788 while (*component == ' ' || *component == '\t')
3790 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3794 gc_error (0, 0, "missing component at '%s', line %d",
3796 gpgconf_write_status (STATUS_WARNING,
3797 "gpgconf.conf %d file '%s' line %d "
3798 " missing component",
3799 GPG_ERR_NO_NAME, fname, lineno);
3806 component_id = gc_component_find (component);
3807 if (component_id < 0)
3809 gc_error (0, 0, "unknown component at '%s', line %d",
3811 gpgconf_write_status (STATUS_WARNING,
3812 "gpgconf.conf %d file '%s' line %d "
3813 "unknown component",
3814 GPG_ERR_UNKNOWN_NAME, fname, lineno);
3818 /* Parse the option name. */
3819 while (*option == ' ' || *option == '\t')
3821 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3825 gc_error (0, 0, "missing option at '%s', line %d",
3827 gpgconf_write_status (STATUS_WARNING,
3828 "gpgconf.conf %d file '%s' line %d "
3830 GPG_ERR_INV_NAME, fname, lineno);
3836 if ( component_id != -1)
3838 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3841 gc_error (0, 0, "unknown option at '%s', line %d",
3843 gpgconf_write_status (STATUS_WARNING,
3844 "gpgconf.conf %d file '%s' line %d "
3846 GPG_ERR_UNKNOWN_OPTION, fname, lineno);
3852 /* Parse the optional flags. */
3853 while (*flags == ' ' || *flags == '\t')
3858 p = strchr (flags, ']');
3861 gc_error (0, 0, "syntax error in rule at '%s', line %d",
3863 gpgconf_write_status (STATUS_WARNING,
3864 "gpgconf.conf %d file '%s' line %d "
3865 "syntax error in rule",
3866 GPG_ERR_SYNTAX, fname, lineno);
3873 else /* No flags given. */
3879 /* Parse the optional value. */
3880 while (*value == ' ' || *value == '\t')
3882 for (p=value; *p && !strchr ("\r\n", *p); p++)
3885 value = empty; /* No value given; let it point to an empty string. */
3888 /* Strip trailing white space. */
3890 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3894 /* Check flag combinations. */
3897 else if (!strcmp (flags, "default"))
3901 gc_error (0, 0, "flag \"default\" may not be combined "
3902 "with a value at '%s', line %d",
3907 else if (!strcmp (flags, "change"))
3909 else if (!strcmp (flags, "no-change"))
3913 gc_error (0, 0, "unknown flag at '%s', line %d",
3918 /* In list mode we print out all records. */
3919 if (listfp && !result)
3921 /* If this is a new ruleset, print a key record. */
3922 if (!is_continuation)
3924 char *group = strchr (key, ':');
3928 if ((p = strchr (group, ':')))
3929 *p = 0; /* We better strip any extra stuff. */
3932 es_fprintf (listfp, "k:%s:", gc_percent_escape (key));
3933 es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3936 /* All other lines are rule records. */
3937 es_fprintf (listfp, "r:::%s:%s:%s:",
3938 gc_component[component_id].name,
3939 option_info->name? option_info->name : "",
3942 es_fprintf (listfp, "\"%s", gc_percent_escape (value));
3944 es_putc ('\n', listfp);
3947 /* Check whether the key matches but do this only if we are not
3948 running in syntax check mode. */
3950 && !result && !listfp
3951 && (got_match || (key && key_matches_user_or_group (key))) )
3957 /* Apply the flags from gpgconf.conf. */
3960 else if (!strcmp (flags, "default"))
3961 newflags |= GC_OPT_FLAG_DEFAULT;
3962 else if (!strcmp (flags, "no-change"))
3963 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3964 else if (!strcmp (flags, "change"))
3965 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3969 /* Here we explicitly allow updating the value again. */
3972 option_info->new_flags = 0;
3976 xfree (option_info->new_value);
3977 option_info->new_value = NULL;
3979 change_one_value (option_info, runtime, newflags, value, 0);
3984 if (length < 0 || gpgrt_ferror (config))
3986 gc_error (0, errno, "error reading from '%s'", fname);
3989 if (gpgrt_fclose (config))
3990 gc_error (0, errno, "error closing '%s'", fname);
3994 /* If it all worked, process the options. */
3995 if (!result && update && defaults && !listfp)
3997 /* We need to switch off the runtime update, so that we can do
3998 it later all at once. */
3999 int save_opt_runtime = opt.runtime;
4002 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
4004 gc_component_change_options (component_id, NULL, NULL, 0);
4006 opt.runtime = save_opt_runtime;
4010 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
4011 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
4012 (*gc_backend[backend_id].runtime_change) (0);
4022 * Apply the profile FNAME to all known configure files.
4025 gc_apply_profile (const char *fname)
4028 char *fname_buffer = NULL;
4030 size_t line_len = 0;
4034 int runtime[GC_BACKEND_NR];
4036 int component_id = -1;
4037 int skip_section = 0;
4038 int error_count = 0;
4044 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
4045 runtime[backend_id] = 0;
4048 if (!(!strcmp (fname, "-")
4049 || strchr (fname, '/')
4050 #ifdef HAVE_W32_SYSTEM
4051 || strchr (fname, '\\')
4053 || strchr (fname, '.')))
4055 /* FNAME looks like a standard profile name. Check whether one
4056 * is installed and use that instead of the given file name. */
4057 fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S,
4058 fname, ".prf", NULL);
4059 if (!access (fname_buffer, F_OK))
4060 fname = fname_buffer;
4063 fp = !strcmp (fname, "-")? es_stdin : es_fopen (fname, "r");
4066 err = gpg_error_from_syserror ();
4067 log_error ("can't open '%s': %s\n", fname, gpg_strerror (err));
4072 log_info ("applying profile '%s'\n", fname);
4075 while ((length = es_read_line (fp, &line, &line_len, NULL)) > 0)
4077 char *name, *flags, *value;
4078 gc_option_t *option_info = NULL;
4083 while (*name == ' ' || *name == '\t')
4085 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
4087 trim_trailing_spaces (name);
4089 /* Check whether this is a new section. */
4094 /* New section: Get the name of the component. */
4095 p = strchr (name, ']');
4099 log_info ("%s:%d:%d: error: syntax error in section tag\n",
4100 fname, lineno, (int)(name - line));
4106 log_info ("%s:%d:%d: warning: garbage after section tag\n",
4107 fname, lineno, (int)(p - line));
4110 component_id = gc_component_find (name);
4111 if (component_id < 0)
4113 log_info ("%s:%d:%d: warning: skipping unknown section '%s'\n",
4114 fname, lineno, (int)(name - line), name );
4122 if (component_id < 0)
4125 log_info ("%s:%d:%d: error: not in a valid section\n",
4126 fname, lineno, (int)(name - line));
4131 /* Parse the option name. */
4132 for (p = name; *p && !spacep (p); p++)
4137 option_info = find_option (component_id, name, GC_BACKEND_ANY);
4141 log_info ("%s:%d:%d: error: unknown option '%s' in section '%s'\n",
4142 fname, lineno, (int)(name - line),
4143 name, gc_component[component_id].name);
4147 /* Parse the optional flags. */
4148 trim_spaces (value);
4153 p = strchr (flags, ']');
4156 log_info ("%s:%d:%d: warning: invalid flag specification\n",
4157 fname, lineno, (int)(p - line));
4162 trim_spaces (value);
4164 else /* No flags given. */
4167 /* Set required defaults. */
4168 if (gc_arg_type[option_info->arg_type].fallback == GC_ARG_TYPE_NONE
4172 /* Check and save this option. */
4174 if (flags && !strcmp (flags, "default"))
4175 newflags |= GC_OPT_FLAG_DEFAULT;
4178 option_info->new_flags = 0;
4181 xfree (option_info->new_value);
4182 option_info->new_value = NULL;
4184 change_one_value (option_info, runtime, newflags, value, 1);
4187 if (length < 0 || es_ferror (fp))
4189 err = gpg_error_from_syserror ();
4191 log_error (_("%s:%u: read error: %s\n"),
4192 fname, lineno, gpg_strerror (err));
4195 log_error (_("error closing '%s'\n"), fname);
4197 log_error (_("error parsing '%s'\n"), fname);
4201 /* If it all worked, process the options. */
4204 /* We need to switch off the runtime update, so that we can do
4205 it later all at once. */
4206 int save_opt_runtime = opt.runtime;
4209 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
4211 gc_component_change_options (component_id, NULL, NULL, 1);
4213 opt.runtime = save_opt_runtime;
4217 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
4218 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
4219 (*gc_backend[backend_id].runtime_change) (0);
4223 xfree (fname_buffer);