1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GnuPG; if not, see <http://www.gnu.org/licenses/>.
28 #include <sys/types.h>
35 #ifdef HAVE_W32_SYSTEM
36 # define WIN32_LEAN_AND_MEAN 1
43 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
44 #define JNLIB_NEED_LOG_LOGV
49 #include "gc-opt-flags.h"
53 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
54 returns a plain filename without escaping. As long as we have not
55 fixed that we need to use gpg2 - it might actually be better to use
57 #ifdef HAVE_W32_SYSTEM
58 #define GPGNAME "gpg2"
65 Components: Add more components and their options.
66 Robustness: Do more validation. Call programs to do validation for us.
67 Add options to change backend binary path.
68 Extract binary path for some backends from gpgsm/gpg config.
72 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
73 void gc_error (int status, int errnum, const char *fmt, ...) \
74 __attribute__ ((format (printf, 3, 4)));
77 /* Output a diagnostic message. If ERRNUM is not 0, then the output
78 is followed by a colon, a white space, and the error string for the
79 error number ERRNUM. In any case the output is finished by a
80 newline. The message is prepended by the program name, a colon,
81 and a whitespace. The output may be further formatted or
82 redirected by the jnlib logging facility. */
84 gc_error (int status, int errnum, const char *fmt, ...)
88 va_start (arg_ptr, fmt);
89 log_logv (JNLIB_LOG_ERROR, fmt, arg_ptr);
93 log_printf (": %s\n", strerror (errnum));
100 log_printf ("fatal error (exit status %i)\n", status);
106 /* Forward declaration. */
107 static void gpg_agent_runtime_change (void);
108 static void scdaemon_runtime_change (void);
110 /* Backend configuration. Backends are used to decide how the default
111 and current value of an option can be determined, and how the
112 option can be changed. To every option in every component belongs
113 exactly one backend that controls and determines the option. Some
114 backends are programs from the GPG system. Others might be
115 implemented by GPGConf itself. If you change this enum, don't
116 forget to update GC_BACKEND below. */
119 /* Any backend, used for find_option (). */
122 /* The Gnu Privacy Guard. */
125 /* The Gnu Privacy Guard for S/MIME. */
129 GC_BACKEND_GPG_AGENT,
131 /* The GnuPG SCDaemon. */
134 /* The Aegypten directory manager. */
137 /* The LDAP server list file for the Aegypten director manager. */
138 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
140 /* The number of the above entries. */
145 /* To be able to implement generic algorithms for the various
146 backends, we collect all information about them in this struct. */
149 /* The name of the backend. */
152 /* The name of the program that acts as the backend. Some backends
153 don't have an associated program, but are implemented directly by
154 GPGConf. In this case, PROGRAM is NULL. */
157 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
158 ../common/util.h. This value is used to get the actual installed
159 path of the program. 0 is used if no backedn program is
163 /* The runtime change callback. */
164 void (*runtime_change) (void);
166 /* The option name for the configuration filename of this backend.
167 This must be an absolute filename. It can be an option from a
168 different backend (but then ordering of the options might
169 matter). Note: This must be unique among all components. */
170 const char *option_config_filename;
172 /* If this is a file backend rather than a program backend, then
173 this is the name of the option associated with the file. */
174 const char *option_name;
175 } gc_backend[GC_BACKEND_NR] =
177 { NULL }, /* GC_BACKEND_ANY dummy entry. */
178 { "GnuPG", GPGNAME, GNUPG_MODULE_NAME_GPG,
179 NULL, "gpgconf-gpg.conf" },
180 { "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM,
181 NULL, "gpgconf-gpgsm.conf" },
182 { "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT,
183 gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" },
184 { "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON,
185 scdaemon_runtime_change, "gpgconf-scdaemon.conf" },
186 { "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR,
187 NULL, "gpgconf-dirmngr.conf" },
188 { "DirMngr LDAP Server List", NULL, 0,
189 NULL, "ldapserverlist-file", "LDAP Server" },
193 /* Option configuration. */
195 /* An option might take an argument, or not. Argument types can be
196 basic or complex. Basic types are generic and easy to validate.
197 Complex types provide more specific information about the intended
198 use, but can be difficult to validate. If you add to this enum,
199 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
200 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
204 /* Basic argument types. */
207 GC_ARG_TYPE_NONE = 0,
209 /* A String argument. */
210 GC_ARG_TYPE_STRING = 1,
212 /* A signed integer argument. */
213 GC_ARG_TYPE_INT32 = 2,
215 /* An unsigned integer argument. */
216 GC_ARG_TYPE_UINT32 = 3,
218 /* ADD NEW BASIC TYPE ENTRIES HERE. */
220 /* Complex argument types. */
222 /* A complete filename. */
223 GC_ARG_TYPE_FILENAME = 32,
225 /* An LDAP server in the format
226 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
227 GC_ARG_TYPE_LDAP_SERVER = 33,
229 /* A 40 character fingerprint. */
230 GC_ARG_TYPE_KEY_FPR = 34,
232 /* A user ID or key ID or fingerprint for a certificate. */
233 GC_ARG_TYPE_PUB_KEY = 35,
235 /* A user ID or key ID or fingerprint for a certificate with a key. */
236 GC_ARG_TYPE_SEC_KEY = 36,
238 /* A alias list made up of a key, an equal sign and a space
239 separated list of values. */
240 GC_ARG_TYPE_ALIAS_LIST = 37,
242 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
244 /* The number of the above entries. */
249 /* For every argument, we record some information about it in the
253 /* For every argument type exists a basic argument type that can be
254 used as a fallback for input and validation purposes. */
255 gc_arg_type_t fallback;
257 /* Human-readable name of the type. */
259 } gc_arg_type[GC_ARG_TYPE_NR] =
261 /* The basic argument types have their own types as fallback. */
262 { GC_ARG_TYPE_NONE, "none" },
263 { GC_ARG_TYPE_STRING, "string" },
264 { GC_ARG_TYPE_INT32, "int32" },
265 { GC_ARG_TYPE_UINT32, "uint32" },
267 /* Reserved basic type entries for future extension. */
268 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
269 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
270 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
271 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
272 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
273 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
274 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
275 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 /* The complex argument types have a basic type as fallback. */
284 { GC_ARG_TYPE_STRING, "filename" },
285 { GC_ARG_TYPE_STRING, "ldap server" },
286 { GC_ARG_TYPE_STRING, "key fpr" },
287 { GC_ARG_TYPE_STRING, "pub key" },
288 { GC_ARG_TYPE_STRING, "sec key" },
289 { GC_ARG_TYPE_STRING, "alias list" },
293 /* Every option has an associated expert level, than can be used to
294 hide advanced and expert options from beginners. If you add to
295 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
296 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
297 EXTERNAL INTERFACE. */
300 /* The basic options should always be displayed. */
303 /* The advanced options may be hidden from beginners. */
306 /* The expert options should only be displayed to experts. */
309 /* The invisible options should normally never be displayed. */
312 /* The internal options are never exported, they mark options that
313 are recorded for internal use only. */
316 /* ADD NEW ENTRIES HERE. */
318 /* The number of the above entries. */
322 /* A description for each expert level. */
336 /* Option flags. The flags which are used by the backends are defined
337 by gc-opt-flags.h, included above.
339 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
340 PART OF THE EXTERNAL INTERFACE. */
342 /* Some entries in the option list are not options, but mark the
343 beginning of a new group of options. These entries have the GROUP
345 #define GC_OPT_FLAG_GROUP (1UL << 0)
346 /* The ARG_OPT flag for an option indicates that the argument is
347 optional. This is never set for GC_ARG_TYPE_NONE options. */
348 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
349 /* The LIST flag for an option indicates that the option can occur
350 several times. A comma separated list of arguments is used as the
352 #define GC_OPT_FLAG_LIST (1UL << 2)
353 /* The NO_CHANGE flag for an option indicates that the user should not
354 be allowed to change this option using the standard gpgconf method.
355 Frontends using gpgconf should grey out such options, so that only
356 the current value is displayed. */
357 #define GC_OPT_FLAG_NO_CHANGE (1UL <<7)
360 /* A human-readable description for each flag. */
377 /* To each option, or group marker, the information in the GC_OPTION
378 struct is provided. If you change this, don't forget to update the
379 option list of each component. */
382 /* If this is NULL, then this is a terminator in an array of unknown
383 length. Otherwise, if this entry is a group marker (see FLAGS),
384 then this is the name of the group described by this entry.
385 Otherwise it is the name of the option described by this
386 entry. The name must not contain a colon. */
389 /* The option flags. If the GROUP flag is set, then this entry is a
390 group marker, not an option, and only the fields LEVEL,
391 DESC_DOMAIN and DESC are valid. In all other cases, this entry
392 describes a new option and all fields are valid. */
395 /* The expert level. This field is valid for options and groups. A
396 group has the expert level of the lowest-level option in the
398 gc_expert_level_t level;
400 /* A gettext domain in which the following description can be found.
401 If this is NULL, then DESC is not translated. Valid for groups
404 Note that we try to keep the description of groups within the
407 IMPORTANT: If you add a new domain please make sure to add a code
408 set switching call to the function my_dgettext further below. */
409 const char *desc_domain;
411 /* A gettext description for this group or option. If it starts
412 with a '|', then the string up to the next '|' describes the
413 argument, and the description follows the second '|'.
415 In general enclosing these description in N_() is not required
416 because the description should be identical to the one in the
417 help menu of the respective program. */
420 /* The following fields are only valid for options. */
422 /* The type of the option argument. */
423 gc_arg_type_t arg_type;
425 /* The backend that implements this option. */
426 gc_backend_t backend;
428 /* The following fields are set to NULL at startup (because all
429 option's are declared as static variables). They are at the end
430 of the list so that they can be omitted from the option
433 /* This is true if the option is supported by this version of the
437 /* The default value for this option. This is NULL if the option is
438 not present in the backend, the empty string if no default is
439 available, and otherwise a quoted string. */
442 /* The default argument is only valid if the "optional arg" flag is
443 set, and specifies the default argument (value) that is used if
444 the argument is omitted. */
447 /* The current value of this option. */
450 /* The new flags for this option. The only defined flag is actually
451 GC_OPT_FLAG_DEFAULT, and it means that the option should be
452 deleted. In this case, NEW_VALUE is NULL. */
453 unsigned long new_flags;
455 /* The new value of this option. */
458 typedef struct gc_option gc_option_t;
460 /* Use this macro to terminate an option list. */
461 #define GC_OPTION_NULL { NULL }
464 /* The options of the GC_COMPONENT_GPG_AGENT component. */
465 static gc_option_t gc_options_gpg_agent[] =
467 /* The configuration file to which we write the changes. */
468 { "gpgconf-gpg-agent.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
469 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
472 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
473 "gnupg", N_("Options controlling the diagnostic output") },
474 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
476 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
477 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
478 "gnupg", "be somewhat more quiet",
479 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
480 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
482 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
485 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
486 "gnupg", N_("Options controlling the configuration") },
487 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
488 "gnupg", "|FILE|read options from FILE",
489 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
490 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
491 "gnupg", "do not use the SCdaemon",
492 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
493 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
494 "gnupg", "enable ssh support",
495 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
496 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
497 "gnupg", "enable putty support",
498 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
501 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
502 "gnupg", N_("Options useful for debugging") },
503 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
504 "gnupg", "|LEVEL|set the debugging level to LEVEL",
505 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
506 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
507 "gnupg", N_("|FILE|write server mode logs to FILE"),
508 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
509 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
511 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
514 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
515 "gnupg", N_("Options controlling the security") },
516 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
517 GC_LEVEL_BASIC, "gnupg",
518 "|N|expire cached PINs after N seconds",
519 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
520 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
521 GC_LEVEL_ADVANCED, "gnupg",
522 N_("|N|expire SSH keys after N seconds"),
523 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
524 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
525 GC_LEVEL_EXPERT, "gnupg",
526 N_("|N|set maximum PIN cache lifetime to N seconds"),
527 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
528 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
529 GC_LEVEL_EXPERT, "gnupg",
530 N_("|N|set maximum SSH key lifetime to N seconds"),
531 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
532 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
533 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
534 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
535 { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
536 GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
537 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
538 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
539 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
540 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
541 { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
542 "gnupg", "do not grab keyboard and mouse",
543 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
545 { "Passphrase policy",
546 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
547 "gnupg", N_("Options enforcing a passphrase policy") },
548 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
549 GC_LEVEL_EXPERT, "gnupg",
550 N_("do not allow to bypass the passphrase policy"),
551 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
552 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
553 GC_LEVEL_ADVANCED, "gnupg",
554 N_("|N|set minimal required length for new passphrases to N"),
555 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
556 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
557 GC_LEVEL_EXPERT, "gnupg",
558 N_("|N|require at least N non-alpha characters for a new passphrase"),
559 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
560 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
562 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
563 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
564 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
565 GC_LEVEL_EXPERT, "gnupg",
566 N_("|N|expire the passphrase after N days"),
567 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
568 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
569 GC_LEVEL_EXPERT, "gnupg",
570 N_("do not allow the reuse of old passphrases"),
571 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
577 /* The options of the GC_COMPONENT_SCDAEMON component. */
578 static gc_option_t gc_options_scdaemon[] =
580 /* The configuration file to which we write the changes. */
581 { "gpgconf-scdaemon.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
582 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
585 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
586 "gnupg", N_("Options controlling the diagnostic output") },
587 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
589 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
590 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
591 "gnupg", "be somewhat more quiet",
592 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
593 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
595 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
598 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
599 "gnupg", N_("Options controlling the configuration") },
600 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
601 "gnupg", "|FILE|read options from FILE",
602 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
603 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
604 "gnupg", "|N|connect to reader at port N",
605 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
606 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
607 "gnupg", "|NAME|use NAME as ct-API driver",
608 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
609 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
610 "gnupg", "|NAME|use NAME as PC/SC driver",
611 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
612 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
613 "gnupg", "do not use the internal CCID driver",
614 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
615 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
616 "gnupg", "do not use a reader's pinpad",
617 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
618 { "enable-pinpad-varlen",
619 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
620 "gnupg", "use variable length input for pinpad",
621 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
622 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
623 "gnupg", "|N|disconnect the card after N seconds of inactivity",
624 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
627 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
628 "gnupg", N_("Options useful for debugging") },
629 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
630 "gnupg", "|LEVEL|set the debugging level to LEVEL",
631 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
632 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
633 "gnupg", N_("|FILE|write a log to FILE"),
634 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
637 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
638 "gnupg", N_("Options controlling the security") },
639 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
640 "gnupg", "deny the use of admin card commands",
641 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
648 /* The options of the GC_COMPONENT_GPG component. */
649 static gc_option_t gc_options_gpg[] =
651 /* The configuration file to which we write the changes. */
652 { "gpgconf-gpg.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
653 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
656 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
657 "gnupg", N_("Options controlling the diagnostic output") },
658 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
660 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
661 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
662 "gnupg", "be somewhat more quiet",
663 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
664 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
666 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
669 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
670 "gnupg", N_("Options controlling the configuration") },
671 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
672 "gnupg", N_("|NAME|use NAME as default secret key"),
673 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
674 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
675 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
676 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
677 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
678 "gnupg", N_("|SPEC|set up email aliases"),
679 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
680 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
681 "gnupg", "|FILE|read options from FILE",
682 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
685 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
686 "gnupg", N_("Options useful for debugging") },
687 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
688 "gnupg", "|LEVEL|set the debugging level to LEVEL",
689 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
690 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
691 "gnupg", N_("|FILE|write server mode logs to FILE"),
692 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
693 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
695 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
698 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
699 "gnupg", N_("Configuration for Keyservers") },
700 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
701 "gnupg", N_("|URL|use keyserver at URL"),
702 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
703 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
704 "gnupg", N_("allow PKA lookups (DNS requests)"),
705 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
706 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
707 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
708 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
716 /* The options of the GC_COMPONENT_GPGSM component. */
717 static gc_option_t gc_options_gpgsm[] =
719 /* The configuration file to which we write the changes. */
720 { "gpgconf-gpgsm.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
721 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
724 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
725 "gnupg", N_("Options controlling the diagnostic output") },
726 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
728 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
729 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
730 "gnupg", "be somewhat more quiet",
731 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
732 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
734 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
737 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
738 "gnupg", N_("Options controlling the configuration") },
739 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
740 "gnupg", N_("|NAME|use NAME as default secret key"),
741 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
742 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
743 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
744 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
745 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
746 "gnupg", "|FILE|read options from FILE",
747 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
748 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
749 "gnupg", "use system's dirmngr if available",
750 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
751 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
752 "gnupg", N_("disable all access to the dirmngr"),
753 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
754 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
755 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
756 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
757 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
758 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
759 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
762 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
763 "gnupg", N_("Options useful for debugging") },
764 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
765 "gnupg", "|LEVEL|set the debugging level to LEVEL",
766 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
767 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
768 "gnupg", N_("|FILE|write server mode logs to FILE"),
769 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
770 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
772 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
775 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
776 "gnupg", N_("Options controlling the security") },
777 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
778 "gnupg", "never consult a CRL",
779 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
780 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
781 "gnupg", N_("do not check CRLs for root certificates"),
782 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
783 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
784 "gnupg", "check validity using OCSP",
785 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
786 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
787 "gnupg", "|N|number of certificates to include",
788 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
789 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
790 "gnupg", "do not check certificate policies",
791 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
792 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
793 "gnupg", "fetch missing issuer certificates",
794 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
795 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
796 "gnupg", "|NAME|use cipher algorithm NAME",
797 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
803 /* The options of the GC_COMPONENT_DIRMNGR component. */
804 static gc_option_t gc_options_dirmngr[] =
806 /* The configuration file to which we write the changes. */
807 { "gpgconf-dirmngr.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
808 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
811 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
812 "gnupg", N_("Options controlling the diagnostic output") },
813 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
814 "dirmngr", "verbose",
815 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
816 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
817 "dirmngr", "be somewhat more quiet",
818 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
819 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
821 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
824 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
825 "gnupg", N_("Options controlling the format of the output") },
826 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
827 "dirmngr", "sh-style command output",
828 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
829 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
830 "dirmngr", "csh-style command output",
831 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
834 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
835 "gnupg", N_("Options controlling the configuration") },
836 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
837 "dirmngr", "|FILE|read options from FILE",
838 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
841 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
842 "gnupg", N_("Options useful for debugging") },
843 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
844 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
845 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
846 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
847 "dirmngr", "do not detach from the console",
848 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
849 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
850 "dirmngr", N_("|FILE|write server mode logs to FILE"),
851 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
852 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
854 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
855 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
857 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
860 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
861 "gnupg", N_("Options controlling the interactivity and enforcement") },
862 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
863 "dirmngr", "run without asking a user",
864 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
865 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
866 "dirmngr", "force loading of outdated CRLs",
867 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
870 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
871 "gnupg", N_("Configuration for HTTP servers") },
872 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
873 "dirmngr", "inhibit the use of HTTP",
874 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
875 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
876 "dirmngr", "ignore HTTP CRL distribution points",
877 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
878 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
879 "dirmngr", "|URL|redirect all HTTP requests to URL",
880 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
881 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
882 "gnupg", N_("use system's HTTP proxy setting"),
883 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
886 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
887 "gnupg", N_("Configuration of LDAP servers to use") },
888 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
889 "dirmngr", "inhibit the use of LDAP",
890 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
891 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
892 "dirmngr", "ignore LDAP CRL distribution points",
893 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
894 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
895 "dirmngr", "|HOST|use HOST for LDAP queries",
896 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
897 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
898 "dirmngr", "do not use fallback hosts with --ldap-proxy",
899 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
900 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
901 "dirmngr", "add new servers discovered in CRL distribution points"
902 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
903 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
904 "dirmngr", "|N|set LDAP timeout to N seconds",
905 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
906 /* The following entry must not be removed, as it is required for
907 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
908 { "ldapserverlist-file",
909 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
910 "dirmngr", "|FILE|read LDAP server list from FILE",
911 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
912 /* This entry must come after at least one entry for
913 GC_BACKEND_DIRMNGR in this component, so that the entry for
914 "ldapserverlist-file will be initialized before this one. */
915 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
916 "gnupg", N_("LDAP server list"),
917 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
918 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
919 "dirmngr", "|N|do not return more than N items in one query",
920 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
923 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
924 "gnupg", N_("Configuration for OCSP") },
925 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
926 "dirmngr", "allow sending OCSP requests",
927 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
928 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
929 "dirmngr", "ignore certificate contained OCSP service URLs",
930 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
931 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
932 "dirmngr", "|URL|use OCSP responder at URL",
933 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
934 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
935 "dirmngr", "|FPR|OCSP response signed by FPR",
936 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
943 /* Component system. Each component is a set of options that can be
944 configured at the same time. If you change this, don't forget to
945 update GC_COMPONENT below. */
948 /* The classic GPG for OpenPGP. */
952 GC_COMPONENT_GPG_AGENT,
954 /* The Smardcard Daemon. */
955 GC_COMPONENT_SCDAEMON,
957 /* GPG for S/MIME. */
960 /* The LDAP Directory Manager for CRLs. */
961 GC_COMPONENT_DIRMNGR,
963 /* The number of components. */
968 /* The information associated with each component. */
971 /* The name of this component. Must not contain a colon (':')
975 /* The gettext domain for the description DESC. If this is NULL,
976 then the description is not translated. */
977 const char *desc_domain;
979 /* The description for this domain. */
982 /* The list of options for this component, terminated by
984 gc_option_t *options;
987 { "gpg", NULL, "GPG for OpenPGP", gc_options_gpg },
988 { "gpg-agent", NULL, "GPG Agent", gc_options_gpg_agent },
989 { "scdaemon", NULL, "Smartcard Daemon", gc_options_scdaemon },
990 { "gpgsm", NULL, "GPG for S/MIME", gc_options_gpgsm },
991 { "dirmngr", NULL, "Directory Manager", gc_options_dirmngr }
996 /* Structure used to collect error output of the backend programs. */
998 typedef struct error_line_s *error_line_t;
1001 error_line_t next; /* Link to next item. */
1002 const char *fname; /* Name of the config file (points into BUFFER). */
1003 unsigned int lineno; /* Line number of the config file. */
1004 const char *errtext; /* Text of the error message (points into BUFFER). */
1005 char buffer[1]; /* Helper buffer. */
1010 /* Engine specific support. */
1012 gpg_agent_runtime_change (void)
1014 #ifndef HAVE_W32_SYSTEM
1015 char *agent = getenv ("GPG_AGENT_INFO");
1017 unsigned long pid_long;
1024 pid_str = strchr (agent, ':');
1030 pid_long = strtoul (pid_str, &tail, 0);
1031 if (errno || (*tail != ':' && *tail != '\0'))
1034 pid = (pid_t) pid_long;
1036 /* Check for overflow. */
1037 if (pid_long != (unsigned long) pid)
1040 /* Ignore any errors here. */
1044 const char *pgmname;
1045 const char *argv[2];
1048 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1049 argv[0] = "reloadagent";
1052 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1054 err = gnupg_wait_process (pgmname, pid, NULL);
1056 gc_error (0, 0, "error running `%s%s': %s",
1057 pgmname, " reloadagent", gpg_strerror (err));
1058 #endif /*!HAVE_W32_SYSTEM*/
1063 scdaemon_runtime_change (void)
1066 const char *pgmname;
1067 const char *argv[6];
1070 /* We use "GETINFO app_running" to see whether the agent is already
1071 running and kill it only in this case. This avoids an explicit
1072 starting of the agent in case it is not yet running. There is
1073 obviously a race condition but that should not harm too much. */
1075 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1077 argv[1] = "GETINFO scd_running";
1078 argv[2] = "/if ${! $?}";
1079 argv[3] = "scd killscd";
1083 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1085 err = gnupg_wait_process (pgmname, pid, NULL);
1087 gc_error (0, 0, "error running `%s%s': %s",
1088 pgmname, " scd killscd", gpg_strerror (err));
1092 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1094 gc_component_reload (int component)
1096 int runtime[GC_BACKEND_NR];
1097 gc_option_t *option;
1098 gc_backend_t backend;
1100 /* Set a flag for the backends to be reloaded. */
1101 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1102 runtime[backend] = 0;
1104 if (component == -1)
1106 for (component = 0; component < GC_COMPONENT_NR; component++)
1108 option = gc_component[component].options;
1109 for (; option && option->name; option++)
1110 runtime[option->backend] = 1;
1115 assert (component < GC_COMPONENT_NR);
1116 option = gc_component[component].options;
1117 for (; option && option->name; option++)
1118 runtime[option->backend] = 1;
1121 /* Do the reload for all selected backends. */
1122 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1124 if (runtime[backend] && gc_backend[backend].runtime_change)
1125 (*gc_backend[backend].runtime_change) ();
1131 /* More or less Robust version of dgettext. It has the side effect of
1132 switching the codeset to utf-8 because this is what we want to
1133 output. In theory it is posible to keep the orginal code set and
1134 switch back for regular disgnostic output (redefine "_(" for that)
1135 but given the natur of this tool, being something invoked from
1136 other pograms, it does not make much sense. */
1138 my_dgettext (const char *domain, const char *msgid)
1140 #ifdef USE_SIMPLE_GETTEXT
1143 static int switched_codeset;
1146 if (!switched_codeset)
1148 switched_codeset = 1;
1149 gettext_select_utf8 (1);
1152 if (!strcmp (domain, "gnupg"))
1153 domain = PACKAGE_GT;
1155 /* FIXME: we have no dgettext, thus we can't switch. */
1157 text = (char*)gettext (msgid);
1158 return text ? text : msgid;
1160 #elif defined(ENABLE_NLS)
1163 static int switched_codeset;
1166 if (!switched_codeset)
1168 switched_codeset = 1;
1169 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1171 bindtextdomain ("dirmngr", LOCALEDIR);
1172 bind_textdomain_codeset ("dirmngr", "utf-8");
1176 /* Note: This is a hack to actually use the gnupg2 domain as
1177 long we are in a transition phase where gnupg 1.x and 1.9 may
1179 if (!strcmp (domain, "gnupg"))
1180 domain = PACKAGE_GT;
1182 text = dgettext (domain, msgid);
1183 return text ? text : msgid;
1191 /* Percent-Escape special characters. The string is valid until the
1192 next invocation of the function. */
1194 gc_percent_escape (const char *src)
1196 static char *esc_str;
1197 static int esc_str_len;
1198 int new_len = 3 * strlen (src) + 1;
1201 if (esc_str_len < new_len)
1203 char *new_esc_str = realloc (esc_str, new_len);
1205 gc_error (1, errno, "can not escape string");
1206 esc_str = new_esc_str;
1207 esc_str_len = new_len;
1219 else if (*src == ':')
1221 /* The colon is used as field separator. */
1226 else if (*src == ',')
1228 /* The comma is used as list separator. */
1243 /* Percent-Deescape special characters. The string is valid until the
1244 next invocation of the function. */
1246 percent_deescape (const char *src)
1250 int new_len = 3 * strlen (src) + 1;
1253 if (str_len < new_len)
1255 char *new_str = realloc (str, new_len);
1257 gc_error (1, errno, "can not deescape string");
1267 int val = hextobyte (src + 1);
1270 gc_error (1, 0, "malformed end of string %s", src);
1272 *(dst++) = (char) val;
1276 *(dst++) = *(src++);
1283 /* List all components that are available. */
1285 gc_component_list_components (FILE *out)
1287 gc_component_t component;
1288 gc_option_t *option;
1289 gc_backend_t backend;
1290 int backend_seen[GC_BACKEND_NR];
1292 const char *pgmname;
1294 for (component = 0; component < GC_COMPONENT_NR; component++)
1296 option = gc_component[component].options;
1299 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1300 backend_seen[backend] = 0;
1303 for (; option && option->name; option++)
1305 if ((option->flags & GC_OPT_FLAG_GROUP))
1307 backend = option->backend;
1308 if (backend_seen[backend])
1310 backend_seen[backend] = 1;
1311 assert (backend != GC_BACKEND_ANY);
1312 if (gc_backend[backend].program
1313 && !gc_backend[backend].module_name)
1315 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1319 desc = gc_component[component].desc;
1320 desc = my_dgettext (gc_component[component].desc_domain, desc);
1321 fprintf (out, "%s:%s:",
1322 gc_component[component].name, gc_percent_escape (desc));
1323 fprintf (out, "%s\n", gc_percent_escape (pgmname));
1331 all_digits_p (const char *p, size_t len)
1335 for (; len; len--, p++)
1336 if (!isascii (*p) || !isdigit (*p))
1338 return 1; /* Yes. */
1342 /* Collect all error lines from file descriptor FD. Only lines
1343 prefixed with TAG are considered. Close that file descriptor
1344 then. Returns a list of error line items (which may be empty).
1345 There is no error return. */
1347 collect_error_output (int fd, const char *tag)
1354 error_line_t eitem, errlines, *errlines_tail;
1355 size_t taglen = strlen (tag);
1357 fp = fdopen (fd, "r");
1359 gc_error (1, errno, "can't fdopen pipe for reading");
1362 errlines_tail = &errlines;
1365 while ((c=getc (fp)) != EOF)
1368 if (pos >= sizeof buffer - 5 || c == '\n')
1370 buffer[pos - (c == '\n')] = 0;
1372 ; /*Ignore continuations of previous line. */
1373 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1375 /* "gpgsm: foo:4: bla" */
1376 /* Yep, we are interested in this line. */
1377 p = buffer + taglen + 1;
1378 while (*p == ' ' || *p == '\t')
1381 ; /* Empty lines are ignored. */
1382 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1383 && all_digits_p (p2+1, p3 - (p2+1)))
1385 /* Line in standard compiler format. */
1387 while (*p3 == ' ' || *p3 == '\t')
1389 eitem = xmalloc (sizeof *eitem + strlen (p));
1391 strcpy (eitem->buffer, p);
1392 eitem->fname = eitem->buffer;
1393 eitem->buffer[p2-p] = 0;
1394 eitem->errtext = eitem->buffer + (p3 - p);
1395 /* (we already checked that there are only ascii
1396 digits followed by a colon) */
1398 for (p2++; isdigit (*p2); p2++)
1399 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1400 *errlines_tail = eitem;
1401 errlines_tail = &eitem->next;
1405 /* Other error output. */
1406 eitem = xmalloc (sizeof *eitem + strlen (p));
1408 strcpy (eitem->buffer, p);
1409 eitem->fname = NULL;
1410 eitem->errtext = eitem->buffer;
1412 *errlines_tail = eitem;
1413 errlines_tail = &eitem->next;
1417 /* If this was not a complete line mark that we are in a
1419 cont_line = (c != '\n');
1423 /* We ignore error lines not terminated by a LF. */
1430 /* Check the options of a single component. Returns 0 if everything
1433 gc_component_check_options (int component, FILE *out, const char *conf_file)
1436 unsigned int result;
1437 int backend_seen[GC_BACKEND_NR];
1438 gc_backend_t backend;
1439 gc_option_t *option;
1440 const char *pgmname;
1441 const char *argv[4];
1446 error_line_t errlines;
1448 /* We use a temporary file to collect the error output. It would be
1449 better to use a pipe here but as of now we have no suitable
1450 fucntion to create a portable pipe outside of exechelp. Thus it
1451 is easier to use the tempfile approach. */
1453 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1454 backend_seen[backend] = 0;
1456 option = gc_component[component].options;
1457 for (; option && option->name; option++)
1459 if ((option->flags & GC_OPT_FLAG_GROUP))
1461 backend = option->backend;
1462 if (backend_seen[backend])
1464 backend_seen[backend] = 1;
1465 assert (backend != GC_BACKEND_ANY);
1466 if (!gc_backend[backend].program)
1468 if (!gc_backend[backend].module_name)
1473 if (! option || ! option->name)
1476 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1480 argv[i++] = "--options";
1481 argv[i++] = conf_file;
1483 argv[i++] = "--gpgconf-test";
1486 err = gnupg_create_inbound_pipe (filedes);
1488 gc_error (1, 0, _("error creating a pipe: %s\n"),
1489 gpg_strerror (err));
1493 if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
1497 result |= 1; /* Program could not be run. */
1502 errlines = collect_error_output (filedes[0],
1503 gc_component[component].name);
1504 if (gnupg_wait_process (pgmname, pid, &exitcode))
1507 result |= 1; /* Program could not be run or it
1508 terminated abnormally. */
1509 result |= 2; /* Program returned an error. */
1513 /* If the program could not be run, we can't tell whether
1514 the config file is good. */
1521 error_line_t errptr;
1523 desc = gc_component[component].desc;
1524 desc = my_dgettext (gc_component[component].desc_domain, desc);
1525 fprintf (out, "%s:%s:",
1526 gc_component[component].name, gc_percent_escape (desc));
1527 fputs (gc_percent_escape (pgmname), out);
1528 fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1529 for (errptr = errlines; errptr; errptr = errptr->next)
1531 if (errptr != errlines)
1532 fputs ("\n:::::", out); /* Continuation line. */
1534 fputs (gc_percent_escape (errptr->fname), out);
1537 fprintf (out, "%u", errptr->lineno);
1539 fputs (gc_percent_escape (errptr->errtext), out);
1547 error_line_t tmp = errlines->next;
1556 /* Check all components that are available. */
1558 gc_check_programs (FILE *out)
1560 gc_component_t component;
1562 for (component = 0; component < GC_COMPONENT_NR; component++)
1563 gc_component_check_options (component, out, NULL);
1568 /* Find the component with the name NAME. Returns -1 if not
1571 gc_component_find (const char *name)
1575 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1577 if (gc_component[idx].options
1578 && !strcmp (name, gc_component[idx].name))
1585 /* List the option OPTION. */
1587 list_one_option (const gc_option_t *option, FILE *out)
1589 const char *desc = NULL;
1590 char *arg_name = NULL;
1594 desc = my_dgettext (option->desc_domain, option->desc);
1598 const char *arg_tail = strchr (&desc[1], '|');
1602 int arg_len = arg_tail - &desc[1];
1603 arg_name = xmalloc (arg_len + 1);
1604 memcpy (arg_name, &desc[1], arg_len);
1605 arg_name[arg_len] = '\0';
1606 desc = arg_tail + 1;
1612 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1613 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1616 /* The name field. */
1617 fprintf (out, "%s", option->name);
1619 /* The flags field. */
1620 fprintf (out, ":%lu", option->flags);
1626 fprintf (out, "none");
1629 unsigned long flags = option->flags;
1630 unsigned long flag = 0;
1631 unsigned long first = 1;
1641 fprintf (out, "%s", gc_flag[flag].name);
1649 /* The level field. */
1650 fprintf (out, ":%u", option->level);
1652 fprintf (out, " %s", gc_level[option->level].name);
1654 /* The description field. */
1655 fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1657 /* The type field. */
1658 fprintf (out, ":%u", option->arg_type);
1660 fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1662 /* The alternate type field. */
1663 fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1665 fprintf (out, " %s",
1666 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1668 /* The argument name field. */
1669 fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1673 /* The default value field. */
1674 fprintf (out, ":%s", option->default_value ? option->default_value : "");
1676 /* The default argument field. */
1677 fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1679 /* The value field. */
1680 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1681 && (option->flags & GC_OPT_FLAG_LIST)
1683 /* The special format "1,1,1,1,...,1" is converted to a number
1685 fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1687 fprintf (out, ":%s", option->value ? option->value : "");
1689 /* ADD NEW FIELDS HERE. */
1695 /* List all options of the component COMPONENT. */
1697 gc_component_list_options (int component, FILE *out)
1699 const gc_option_t *option = gc_component[component].options;
1701 while (option && option->name)
1703 /* Do not output unknown or internal options. */
1704 if (!(option->flags & GC_OPT_FLAG_GROUP)
1705 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1711 if (option->flags & GC_OPT_FLAG_GROUP)
1713 const gc_option_t *group_option = option + 1;
1714 gc_expert_level_t level = GC_LEVEL_NR;
1716 /* The manual states that the group level is always the
1717 minimum of the levels of all contained options. Due to
1718 different active options, and because it is hard to
1719 maintain manually, we calculate it here. The value in
1720 the global static table is ignored. */
1722 while (group_option->name)
1724 if (group_option->flags & GC_OPT_FLAG_GROUP)
1726 if (group_option->level < level)
1727 level = group_option->level;
1731 /* Check if group is empty. */
1732 if (level != GC_LEVEL_NR)
1734 gc_option_t opt_copy;
1736 /* Fix up the group level. */
1737 memcpy (&opt_copy, option, sizeof (opt_copy));
1738 opt_copy.level = level;
1739 list_one_option (&opt_copy, out);
1743 list_one_option (option, out);
1750 /* Find the option NAME in component COMPONENT, for the backend
1751 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
1752 static gc_option_t *
1753 find_option (gc_component_t component, const char *name,
1754 gc_backend_t backend)
1756 gc_option_t *option = gc_component[component].options;
1757 while (option->name)
1759 if (!(option->flags & GC_OPT_FLAG_GROUP)
1760 && !strcmp (option->name, name)
1761 && (backend == GC_BACKEND_ANY || option->backend == backend))
1765 return option->name ? option : NULL;
1769 /* Determine the configuration filename for the component COMPONENT
1770 and backend BACKEND. */
1772 get_config_filename (gc_component_t component, gc_backend_t backend)
1774 char *filename = NULL;
1775 gc_option_t *option = find_option
1776 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
1778 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
1779 assert (!(option->flags & GC_OPT_FLAG_LIST));
1781 if (!option->active || !option->default_value)
1782 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
1783 gc_backend[backend].option_config_filename,
1784 gc_backend[backend].name);
1786 if (option->value && *option->value)
1787 filename = percent_deescape (&option->value[1]);
1788 else if (option->default_value && *option->default_value)
1789 filename = percent_deescape (&option->default_value[1]);
1793 #ifdef HAVE_DOSISH_SYSTEM
1795 && filename[1] == ':'
1796 && (filename[2] == '/' || filename[2] == '\\')))
1798 if (filename[0] != '/')
1800 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
1801 gc_backend[backend].option_config_filename,
1802 gc_backend[backend].name);
1808 /* Retrieve the options for the component COMPONENT from backend
1809 BACKEND, which we already know is a program-type backend. */
1811 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
1815 const char *pgmname;
1816 const char *argv[2];
1820 size_t line_len = 0;
1823 char *config_filename;
1825 err = gnupg_create_inbound_pipe (filedes);
1827 gc_error (1, 0, _("error creating a pipe: %s\n"), gpg_strerror (err));
1829 pgmname = (gc_backend[backend].module_name
1830 ? gnupg_module_name (gc_backend[backend].module_name)
1831 : gc_backend[backend].program );
1832 argv[0] = "--gpgconf-list";
1835 err = gnupg_spawn_process_fd (pgmname, argv, -1, filedes[1], -1, &pid);
1840 gc_error (1, 0, "could not gather active options from `%s': %s",
1841 pgmname, gpg_strerror (err));
1844 config = fdopen (filedes[0], "r");
1846 gc_error (1, errno, "can't fdopen pipe for reading");
1848 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
1850 gc_option_t *option;
1852 unsigned long flags = 0;
1853 char *default_value = NULL;
1855 /* Strip newline and carriage return, if present. */
1857 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
1858 line[--length] = '\0';
1860 linep = strchr (line, ':');
1864 /* Extract additional flags. Default to none. */
1870 end = strchr (linep, ':');
1875 flags = strtoul (linep, &tail, 0);
1877 gc_error (1, errno, "malformed flags in option %s from %s",
1879 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
1880 gc_error (1, 0, "garbage after flags in option %s from %s",
1886 /* Extract default value, if present. Default to empty if
1892 end = strchr (linep, ':');
1896 if (flags & GC_OPT_FLAG_DEFAULT)
1897 default_value = linep;
1902 /* Look up the option in the component and install the
1903 configuration data. */
1904 option = find_option (component, line, backend);
1908 gc_error (1, errno, "option %s returned twice from %s",
1912 option->flags |= flags;
1913 if (default_value && *default_value)
1914 option->default_value = xstrdup (default_value);
1917 if (length < 0 || ferror (config))
1918 gc_error (1, errno, "error reading from %s",pgmname);
1919 if (fclose (config))
1920 gc_error (1, errno, "error closing %s", pgmname);
1922 err = gnupg_wait_process (pgmname, pid, &exitcode);
1924 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
1925 pgmname, exitcode, gpg_strerror (err));
1928 /* At this point, we can parse the configuration file. */
1929 config_filename = get_config_filename (component, backend);
1931 config = fopen (config_filename, "r");
1933 gc_error (0, errno, "warning: can not open config file %s",
1937 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
1941 gc_option_t *option;
1944 while (*name == ' ' || *name == '\t')
1946 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
1950 while (*value && *value != ' ' && *value != '\t'
1951 && *value != '#' && *value != '\r' && *value != '\n')
1953 if (*value == ' ' || *value == '\t')
1958 while (*value == ' ' || *value == '\t')
1962 while (*end && *end != '#' && *end != '\r' && *end != '\n')
1964 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
1971 /* Look up the option in the component and install the
1972 configuration data. */
1973 option = find_option (component, line, backend);
1978 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
1982 "warning: ignoring argument %s for option %s",
1984 opt_value = xstrdup ("1");
1986 else if (gc_arg_type[option->arg_type].fallback
1987 == GC_ARG_TYPE_STRING)
1988 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
1991 /* FIXME: Verify that the number is sane. */
1992 opt_value = xstrdup (value);
1995 /* Now enter the option into the table. */
1996 if (!(option->flags & GC_OPT_FLAG_LIST))
1999 free (option->value);
2000 option->value = opt_value;
2005 option->value = opt_value;
2008 char *opt_val = opt_value;
2010 option->value = xasprintf ("%s,%s", option->value,
2018 if (length < 0 || ferror (config))
2019 gc_error (1, errno, "error reading from %s", config_filename);
2020 if (fclose (config))
2021 gc_error (1, errno, "error closing %s", config_filename);
2028 /* Retrieve the options for the component COMPONENT from backend
2029 BACKEND, which we already know is of type file list. */
2031 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2033 gc_option_t *list_option;
2034 gc_option_t *config_option;
2035 char *list_filename;
2038 size_t line_len = 0;
2042 list_option = find_option (component,
2043 gc_backend[backend].option_name, GC_BACKEND_ANY);
2044 assert (list_option);
2045 assert (!list_option->active);
2047 list_filename = get_config_filename (component, backend);
2048 list_file = fopen (list_filename, "r");
2050 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2054 while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
2061 while (*start == ' ' || *start == '\t')
2063 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2067 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2069 /* Walk back to skip trailing white spaces. Looks evil, but
2070 works because of the conditions on START and END imposed
2071 at this point (END is at least START + 1, and START is
2072 not a whitespace character). */
2073 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2076 /* FIXME: Oh, no! This is so lame! Should use realloc and
2080 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2085 list = xasprintf ("\"%s", gc_percent_escape (start));
2087 if (length < 0 || ferror (list_file))
2088 gc_error (1, errno, "can not read list file %s", list_filename);
2091 list_option->active = 1;
2092 list_option->value = list;
2094 /* Fix up the read-only flag. */
2095 config_option = find_option
2096 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2097 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2098 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2100 if (list_file && fclose (list_file))
2101 gc_error (1, errno, "error closing %s", list_filename);
2106 /* Retrieve the currently active options and their defaults from all
2107 involved backends for this component. Using -1 for component will
2108 retrieve all options from all components. */
2110 gc_component_retrieve_options (int component)
2112 int process_all = 0;
2113 int backend_seen[GC_BACKEND_NR];
2114 gc_backend_t backend;
2115 gc_option_t *option;
2117 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2118 backend_seen[backend] = 0;
2120 if (component == -1)
2124 assert (component < GC_COMPONENT_NR);
2129 option = gc_component[component].options;
2131 while (option && option->name)
2133 if (!(option->flags & GC_OPT_FLAG_GROUP))
2135 backend = option->backend;
2137 if (backend_seen[backend])
2142 backend_seen[backend] = 1;
2144 assert (backend != GC_BACKEND_ANY);
2146 if (gc_backend[backend].program)
2147 retrieve_options_from_program (component, backend);
2149 retrieve_options_from_file (component, backend);
2154 while (process_all && ++component < GC_COMPONENT_NR);
2160 /* Perform a simple validity check based on the type. Return in
2161 NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2162 type GC_ARG_TYPE_NONE. */
2164 option_check_validity (gc_option_t *option, unsigned long flags,
2165 char *new_value, unsigned long *new_value_nr)
2169 if (!option->active)
2170 gc_error (1, 0, "option %s not supported by backend %s",
2171 option->name, gc_backend[option->backend].name);
2173 if (option->new_flags || option->new_value)
2174 gc_error (1, 0, "option %s already changed", option->name);
2176 if (flags & GC_OPT_FLAG_DEFAULT)
2179 gc_error (1, 0, "argument %s provided for deleted option %s",
2180 new_value, option->name);
2185 /* GC_ARG_TYPE_NONE options have special list treatment. */
2186 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2191 *new_value_nr = strtoul (new_value, &tail, 0);
2194 gc_error (1, errno, "invalid argument for option %s",
2197 gc_error (1, 0, "garbage after argument for option %s",
2200 if (!(option->flags & GC_OPT_FLAG_LIST))
2202 if (*new_value_nr != 1)
2203 gc_error (1, 0, "argument for non-list option %s of type 0 "
2204 "(none) must be 1", option->name);
2208 if (*new_value_nr == 0)
2209 gc_error (1, 0, "argument for option %s of type 0 (none) "
2210 "must be positive", option->name);
2219 if (*arg == '\0' || *arg == ',')
2221 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2222 gc_error (1, 0, "argument required for option %s", option->name);
2224 if (*arg == ',' && !(option->flags & GC_OPT_FLAG_LIST))
2225 gc_error (1, 0, "list found for non-list option %s", option->name);
2227 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2230 gc_error (1, 0, "string argument for option %s must begin "
2231 "with a quote (\") character", option->name);
2233 /* FIXME: We do not allow empty string arguments for now, as
2234 we do not quote arguments in configuration files, and
2235 thus no argument is indistinguishable from the empty
2237 if (arg[1] == '\0' || arg[1] == ',')
2238 gc_error (1, 0, "empty string argument for option %s is "
2239 "currently not allowed. Please report this!",
2242 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2245 (void) strtol (arg, &arg, 0);
2248 gc_error (1, errno, "invalid argument for option %s",
2251 if (*arg != '\0' && *arg != ',')
2252 gc_error (1, 0, "garbage after argument for option %s",
2255 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2258 (void) strtoul (arg, &arg, 0);
2261 gc_error (1, errno, "invalid argument for option %s",
2264 if (*arg != '\0' && *arg != ',')
2265 gc_error (1, 0, "garbage after argument for option %s",
2268 arg = strchr (arg, ',');
2272 while (arg && *arg);
2275 #ifdef HAVE_W32_SYSTEM
2277 copy_file (const char *src_name, const char *dst_name)
2279 #define BUF_LEN 4096
2280 char buffer[BUF_LEN];
2285 src = fopen (src_name, "r");
2289 dst = fopen (dst_name, "w");
2292 int saved_err = errno;
2302 len = fread (buffer, 1, BUF_LEN, src);
2305 written = fwrite (buffer, 1, len, dst);
2309 while (!feof (src) && !ferror (src) && !ferror (dst));
2311 if (ferror (src) || ferror (dst) || !feof (src))
2313 int saved_errno = errno;
2317 errno = saved_errno;
2322 gc_error (1, errno, "error closing %s", dst_name);
2324 gc_error (1, errno, "error closing %s", src_name);
2328 #endif /* HAVE_W32_SYSTEM */
2331 /* Create and verify the new configuration file for the specified
2332 backend and component. Returns 0 on success and -1 on error. */
2334 change_options_file (gc_component_t component, gc_backend_t backend,
2335 char **src_filenamep, char **dest_filenamep,
2336 char **orig_filenamep)
2338 static const char marker[] = "###+++--- GPGConf ---+++###";
2339 /* True if we are within the marker in the config file. */
2341 gc_option_t *option;
2347 FILE *src_file = NULL;
2348 FILE *dest_file = NULL;
2350 char *dest_filename;
2351 char *orig_filename;
2353 char *cur_arg = NULL;
2355 option = find_option (component,
2356 gc_backend[backend].option_name, GC_BACKEND_ANY);
2358 assert (option->active);
2359 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2361 /* FIXME. Throughout the function, do better error reporting. */
2362 /* Note that get_config_filename() calls percent_deescape(), so we
2363 call this before processing the arguments. */
2364 dest_filename = xstrdup (get_config_filename (component, backend));
2365 src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
2366 orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
2368 arg = option->new_value;
2369 if (arg && arg[0] == '\0')
2376 end = strchr (arg, ',');
2380 cur_arg = percent_deescape (arg);
2390 #ifdef HAVE_W32_SYSTEM
2391 res = copy_file (dest_filename, orig_filename);
2393 res = link (dest_filename, orig_filename);
2395 if (res < 0 && errno != ENOENT)
2397 xfree (dest_filename);
2402 xfree (orig_filename);
2403 orig_filename = NULL;
2406 /* We now initialize the return strings, so the caller can do the
2408 *src_filenamep = src_filename;
2409 *dest_filenamep = dest_filename;
2410 *orig_filenamep = orig_filename;
2412 /* Use open() so that we can use O_EXCL. */
2413 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2416 src_file = fdopen (fd, "w");
2424 /* Only if ORIG_FILENAME is not NULL did the configuration file
2425 exist already. In this case, we will copy its content into the
2426 new configuration file, changing it to our liking in the
2430 dest_file = fopen (dest_filename, "r");
2432 goto change_file_one_err;
2434 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2439 if (!strncmp (marker, line, sizeof (marker) - 1))
2448 while (*start == ' ' || *start == '\t')
2450 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2459 /* Search for the end of the line. */
2460 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2463 if (*endp && *endp != ' ' && *endp != '\t'
2464 && *endp != '\r' && *endp != '\n' && *endp != '#')
2470 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2471 || !cur_arg || strcmp (start, cur_arg))
2475 /* Find next argument. */
2481 arg_end = strchr (arg, ',');
2485 cur_arg = percent_deescape (arg);
2506 "# GPGConf disabled this option here at %s\n",
2507 asctimestamp (gnupg_get_time ()));
2508 if (ferror (src_file))
2509 goto change_file_one_err;
2510 fprintf (src_file, "# %s", line);
2511 if (ferror (src_file))
2512 goto change_file_one_err;
2517 fprintf (src_file, "%s", line);
2518 if (ferror (src_file))
2519 goto change_file_one_err;
2522 if (length < 0 || ferror (dest_file))
2523 goto change_file_one_err;
2528 /* There was no marker. This is the first time we edit the
2529 file. We add our own marker at the end of the file and
2530 proceed. Note that we first write a newline, this guards us
2531 against files which lack the newline at the end of the last
2532 line, while it doesn't hurt us in all other cases. */
2533 fprintf (src_file, "\n%s\n", marker);
2534 if (ferror (src_file))
2535 goto change_file_one_err;
2538 /* At this point, we have copied everything up to the end marker
2539 into the new file, except for the arguments we are going to add.
2540 Now, dump the new arguments and write the end marker, possibly
2541 followed by the rest of the original file. */
2544 fprintf (src_file, "%s\n", cur_arg);
2546 /* Find next argument. */
2552 end = strchr (arg, ',');
2556 cur_arg = percent_deescape (arg);
2569 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2570 if (ferror (src_file))
2571 goto change_file_one_err;
2575 fprintf (src_file, "# GPGConf edited this configuration file.\n");
2576 if (ferror (src_file))
2577 goto change_file_one_err;
2578 fprintf (src_file, "# It will disable options before this marked "
2579 "block, but it will\n");
2580 if (ferror (src_file))
2581 goto change_file_one_err;
2582 fprintf (src_file, "# never change anything below these lines.\n");
2583 if (ferror (src_file))
2584 goto change_file_one_err;
2588 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2590 fprintf (src_file, "%s", line);
2591 if (ferror (src_file))
2592 goto change_file_one_err;
2594 if (length < 0 || ferror (dest_file))
2595 goto change_file_one_err;
2600 res = fclose (src_file);
2613 res = fclose (dest_file);
2619 change_file_one_err:
2634 /* Create and verify the new configuration file for the specified
2635 backend and component. Returns 0 on success and -1 on error. */
2637 change_options_program (gc_component_t component, gc_backend_t backend,
2638 char **src_filenamep, char **dest_filenamep,
2639 char **orig_filenamep)
2641 static const char marker[] = "###+++--- GPGConf ---+++###";
2642 /* True if we are within the marker in the config file. */
2644 gc_option_t *option;
2650 FILE *src_file = NULL;
2651 FILE *dest_file = NULL;
2653 char *dest_filename;
2654 char *orig_filename;
2655 /* Special hack for gpg, see below. */
2656 int utf8strings_seen = 0;
2658 /* FIXME. Throughout the function, do better error reporting. */
2659 dest_filename = xstrdup (get_config_filename (component, backend));
2660 src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
2661 orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
2663 #ifdef HAVE_W32_SYSTEM
2664 res = copy_file (dest_filename, orig_filename);
2666 res = link (dest_filename, orig_filename);
2668 if (res < 0 && errno != ENOENT)
2672 xfree (orig_filename);
2673 orig_filename = NULL;
2676 /* We now initialize the return strings, so the caller can do the
2678 *src_filenamep = src_filename;
2679 *dest_filenamep = dest_filename;
2680 *orig_filenamep = orig_filename;
2682 /* Use open() so that we can use O_EXCL. */
2683 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2686 src_file = fdopen (fd, "w");
2694 /* Only if ORIG_FILENAME is not NULL did the configuration file
2695 exist already. In this case, we will copy its content into the
2696 new configuration file, changing it to our liking in the
2700 dest_file = fopen (dest_filename, "r");
2702 goto change_one_err;
2704 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2709 if (!strncmp (marker, line, sizeof (marker) - 1))
2716 else if (backend == GC_BACKEND_GPG && in_marker
2717 && ! strcmp ("utf8-strings\n", line))
2719 /* Strip duplicated entries. */
2720 if (utf8strings_seen)
2723 utf8strings_seen = 1;
2727 while (*start == ' ' || *start == '\t')
2729 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2735 while (*end && *end != ' ' && *end != '\t'
2736 && *end != '\r' && *end != '\n' && *end != '#')
2741 option = find_option (component, start, backend);
2743 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2744 || option->new_value))
2752 "# GPGConf disabled this option here at %s\n",
2753 asctimestamp (gnupg_get_time ()));
2754 if (ferror (src_file))
2755 goto change_one_err;
2756 fprintf (src_file, "# %s", line);
2757 if (ferror (src_file))
2758 goto change_one_err;
2763 fprintf (src_file, "%s", line);
2764 if (ferror (src_file))
2765 goto change_one_err;
2768 if (length < 0 || ferror (dest_file))
2769 goto change_one_err;
2774 /* There was no marker. This is the first time we edit the
2775 file. We add our own marker at the end of the file and
2776 proceed. Note that we first write a newline, this guards us
2777 against files which lack the newline at the end of the last
2778 line, while it doesn't hurt us in all other cases. */
2779 fprintf (src_file, "\n%s\n", marker);
2780 if (ferror (src_file))
2781 goto change_one_err;
2783 /* At this point, we have copied everything up to the end marker
2784 into the new file, except for the options we are going to change.
2785 Now, dump the changed options (except for those we are going to
2786 revert to their default), and write the end marker, possibly
2787 followed by the rest of the original file. */
2789 /* We have to turn on UTF8 strings for GnuPG. */
2790 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
2791 fprintf (src_file, "utf8-strings\n");
2793 option = gc_component[component].options;
2794 while (option->name)
2796 if (!(option->flags & GC_OPT_FLAG_GROUP)
2797 && option->backend == backend
2798 && option->new_value)
2800 char *arg = option->new_value;
2804 if (*arg == '\0' || *arg == ',')
2806 fprintf (src_file, "%s\n", option->name);
2807 if (ferror (src_file))
2808 goto change_one_err;
2810 else if (gc_arg_type[option->arg_type].fallback
2811 == GC_ARG_TYPE_NONE)
2813 assert (*arg == '1');
2814 fprintf (src_file, "%s\n", option->name);
2815 if (ferror (src_file))
2816 goto change_one_err;
2820 else if (gc_arg_type[option->arg_type].fallback
2821 == GC_ARG_TYPE_STRING)
2825 assert (*arg == '"');
2828 end = strchr (arg, ',');
2832 fprintf (src_file, "%s %s\n", option->name,
2833 percent_deescape (arg));
2834 if (ferror (src_file))
2835 goto change_one_err;
2845 end = strchr (arg, ',');
2849 fprintf (src_file, "%s %s\n", option->name, arg);
2850 if (ferror (src_file))
2851 goto change_one_err;
2858 assert (arg == NULL || *arg == '\0' || *arg == ',');
2859 if (arg && *arg == ',')
2862 while (arg && *arg);
2867 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2868 if (ferror (src_file))
2869 goto change_one_err;
2873 fprintf (src_file, "# GPGConf edited this configuration file.\n");
2874 if (ferror (src_file))
2875 goto change_one_err;
2876 fprintf (src_file, "# It will disable options before this marked "
2877 "block, but it will\n");
2878 if (ferror (src_file))
2879 goto change_one_err;
2880 fprintf (src_file, "# never change anything below these lines.\n");
2881 if (ferror (src_file))
2882 goto change_one_err;
2886 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2888 fprintf (src_file, "%s", line);
2889 if (ferror (src_file))
2890 goto change_one_err;
2892 if (length < 0 || ferror (dest_file))
2893 goto change_one_err;
2898 res = fclose (src_file);
2911 res = fclose (dest_file);
2932 /* Common code for gc_component_change_options and
2933 gc_process_gpgconf_conf. */
2935 change_one_value (gc_option_t *option, int *runtime,
2936 unsigned long flags, char *new_value)
2938 unsigned long new_value_nr = 0;
2940 option_check_validity (option, flags, new_value, &new_value_nr);
2942 if (option->flags & GC_OPT_FLAG_RUNTIME)
2943 runtime[option->backend] = 1;
2945 option->new_flags = flags;
2946 if (!(flags & GC_OPT_FLAG_DEFAULT))
2948 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
2949 && (option->flags & GC_OPT_FLAG_LIST))
2953 /* We convert the number to a list of 1's for convenient
2955 assert (new_value_nr > 0);
2956 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
2957 str = option->new_value;
2959 while (--new_value_nr > 0)
2967 option->new_value = xstrdup (new_value);
2972 /* Read the modifications from IN and apply them. If IN is NULL the
2973 modifications are expected to already have been set to the global
2976 gc_component_change_options (int component, FILE *in, FILE *out)
2979 int runtime[GC_BACKEND_NR];
2980 char *src_filename[GC_BACKEND_NR];
2981 char *dest_filename[GC_BACKEND_NR];
2982 char *orig_filename[GC_BACKEND_NR];
2983 gc_backend_t backend;
2984 gc_option_t *option;
2986 size_t line_len = 0;
2989 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2991 runtime[backend] = 0;
2992 src_filename[backend] = NULL;
2993 dest_filename[backend] = NULL;
2994 orig_filename[backend] = NULL;
2999 /* Read options from the file IN. */
3000 while ((length = read_line (in, &line, &line_len, NULL)) > 0)
3003 unsigned long flags = 0;
3004 char *new_value = "";
3006 /* Strip newline and carriage return, if present. */
3008 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3009 line[--length] = '\0';
3011 linep = strchr (line, ':');
3015 /* Extract additional flags. Default to none. */
3021 end = strchr (linep, ':');
3026 flags = strtoul (linep, &tail, 0);
3028 gc_error (1, errno, "malformed flags in option %s", line);
3029 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3030 gc_error (1, 0, "garbage after flags in option %s", line);
3035 /* Don't allow setting of the no change flag. */
3036 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3038 /* Extract default value, if present. Default to empty if not. */
3042 end = strchr (linep, ':');
3049 option = find_option (component, line, GC_BACKEND_ANY);
3051 gc_error (1, 0, "unknown option %s", line);
3053 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3055 gc_error (0, 0, "ignoring new value for option %s",
3060 change_one_value (option, runtime, flags, new_value);
3064 /* Now that we have collected and locally verified the changes,
3065 write them out to new configuration files, verify them
3066 externally, and then commit them. */
3067 option = gc_component[component].options;
3068 while (option && option->name)
3070 /* Go on if we have already seen this backend, or if there is
3072 if (src_filename[option->backend]
3073 || !(option->new_flags || option->new_value))
3079 if (gc_backend[option->backend].program)
3081 err = change_options_program (component, option->backend,
3082 &src_filename[option->backend],
3083 &dest_filename[option->backend],
3084 &orig_filename[option->backend]);
3087 /* External verification. */
3088 err = gc_component_check_options (component, out,
3089 src_filename[option->backend]);
3093 _("External verification of component %s failed"),
3094 gc_component[component].name);
3101 err = change_options_file (component, option->backend,
3102 &src_filename[option->backend],
3103 &dest_filename[option->backend],
3104 &orig_filename[option->backend]);
3112 if (! err && ! opt.dry_run)
3116 for (i = 0; i < GC_BACKEND_NR; i++)
3118 if (src_filename[i])
3120 /* FIXME: Make a verification here. */
3122 assert (dest_filename[i]);
3124 if (orig_filename[i])
3126 #ifdef HAVE_W32_SYSTEM
3127 /* There is no atomic update on W32. */
3128 err = unlink (dest_filename[i]);
3129 #endif /* HAVE_W32_SYSTEM */
3131 err = rename (src_filename[i], dest_filename[i]);
3135 #ifdef HAVE_W32_SYSTEM
3136 /* We skip the unlink if we expect the file not to
3138 err = rename (src_filename[i], dest_filename[i]);
3139 #else /* HAVE_W32_SYSTEM */
3140 /* This is a bit safer than rename() because we
3141 expect DEST_FILENAME not to be there. If it
3142 happens to be there, this will fail. */
3143 err = link (src_filename[i], dest_filename[i]);
3145 err = unlink (src_filename[i]);
3146 #endif /* !HAVE_W32_SYSTEM */
3150 src_filename[i] = NULL;
3155 if (err || opt.dry_run)
3158 int saved_errno = errno;
3160 /* An error occured or a dry-run is requested. */
3161 for (i = 0; i < GC_BACKEND_NR; i++)
3163 if (src_filename[i])
3165 /* The change was not yet committed. */
3166 unlink (src_filename[i]);
3167 if (orig_filename[i])
3168 unlink (orig_filename[i]);
3172 /* The changes were already committed. FIXME: This is a
3173 tad dangerous, as we don't know if we don't overwrite
3174 a version of the file that is even newer than the one
3175 we just installed. */
3176 if (orig_filename[i])
3178 #ifdef HAVE_W32_SYSTEM
3179 /* There is no atomic update on W32. */
3180 unlink (dest_filename[i]);
3181 #endif /* HAVE_W32_SYSTEM */
3182 rename (orig_filename[i], dest_filename[i]);
3185 unlink (dest_filename[i]);
3189 gc_error (1, saved_errno, "could not commit changes");
3191 /* Fall-through for dry run. */
3195 /* If it all worked, notify the daemons of the changes. */
3197 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3199 if (runtime[backend] && gc_backend[backend].runtime_change)
3200 (*gc_backend[backend].runtime_change) ();
3203 /* Move the per-process backup file into its place. */
3204 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3205 if (orig_filename[backend])
3207 char *backup_filename;
3209 assert (dest_filename[backend]);
3211 backup_filename = xasprintf ("%s.gpgconf.bak", dest_filename[backend]);
3213 #ifdef HAVE_W32_SYSTEM
3214 /* There is no atomic update on W32. */
3215 unlink (backup_filename);
3216 #endif /* HAVE_W32_SYSTEM */
3217 rename (orig_filename[backend], backup_filename);
3225 /* Check whether USER matches the current user of one of its group.
3226 This function may change USER. Returns true is there is a
3229 key_matches_user_or_group (char *user)
3233 if (*user == '*' && user[1] == 0)
3234 return 1; /* A single asterisk matches all users. */
3236 group = strchr (user, ':');
3240 #ifdef HAVE_W32_SYSTEM
3241 /* Under Windows we don't support groups. */
3242 if (group && *group)
3243 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3246 static char *my_name;
3253 GetUserNameA (tmp, &size);
3254 my_name = xmalloc (size);
3255 if (!GetUserNameA (my_name, &size))
3256 gc_error (1,0, "error getting current user name: %s",
3260 if (!strcmp (user, my_name))
3261 return 1; /* Found. */
3263 #else /*!HAVE_W32_SYSTEM*/
3264 /* First check whether the user matches. */
3267 static char *my_name;
3271 struct passwd *pw = getpwuid ( getuid () );
3273 gc_error (1, errno, "getpwuid failed for current user");
3274 my_name = xstrdup (pw->pw_name);
3276 if (!strcmp (user, my_name))
3277 return 1; /* Found. */
3280 /* If that failed, check whether a group matches. */
3281 if (group && *group)
3283 static char *my_group;
3284 static char **my_supgroups;
3289 struct group *gr = getgrgid ( getgid () );
3291 gc_error (1, errno, "getgrgid failed for current user");
3292 my_group = xstrdup (gr->gr_name);
3294 if (!strcmp (group, my_group))
3295 return 1; /* Found. */
3302 ngids = getgroups (0, NULL);
3303 gids = xcalloc (ngids+1, sizeof *gids);
3304 ngids = getgroups (ngids, gids);
3306 gc_error (1, errno, "getgroups failed for current user");
3307 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3308 for (n=0; n < ngids; n++)
3310 struct group *gr = getgrgid ( gids[n] );
3312 gc_error (1, errno, "getgrgid failed for supplementary group");
3313 my_supgroups[n] = xstrdup (gr->gr_name);
3318 for (n=0; my_supgroups[n]; n++)
3319 if (!strcmp (group, my_supgroups[n]))
3320 return 1; /* Found. */
3322 #endif /*!HAVE_W32_SYSTEM*/
3323 return 0; /* No match. */
3328 /* Read and process the global configuration file for gpgconf. This
3329 optional file is used to update our internal tables at runtime and
3330 may also be used to set new default values. If FNAME is NULL the
3331 default name will be used. With UPDATE set to true the internal
3332 tables are actually updated; if not set, only a syntax check is
3333 done. If DEFAULTS is true the global options are written to the
3334 configuration files. If LISTFP is set, no changes are done but the
3335 configuration file is printed to LISTFP in a colon separated format.
3337 Returns 0 on success or if the config file is not present; -1 is
3338 returned on error. */
3340 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3345 size_t line_len = 0;
3351 int runtime[GC_BACKEND_NR];
3352 int backend_id, component_id;
3356 fname = xstrdup (fname_arg);
3358 fname = make_filename (gnupg_sysconfdir (), "gpgconf.conf", NULL);
3360 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3361 runtime[backend_id] = 0;
3363 config = fopen (fname, "r");
3366 /* Do not print an error if the file is not available, except
3367 when running in syntax check mode. */
3368 if (errno != ENOENT || !update)
3370 gc_error (0, errno, "can not open global config file `%s'", fname);
3377 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
3379 char *key, *component, *option, *flags, *value;
3381 gc_option_t *option_info = NULL;
3383 int is_continuation;
3387 while (*key == ' ' || *key == '\t')
3389 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3392 is_continuation = (key != line);
3394 /* Parse the key field. */
3395 if (!is_continuation && got_match)
3396 break; /* Finish after the first match. */
3397 else if (!is_continuation)
3400 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3404 gc_error (0, 0, "missing rule at `%s', line %d", fname, lineno);
3413 gc_error (0, 0, "continuation but no rule at `%s', line %d",
3426 /* Parse the component. */
3427 while (*component == ' ' || *component == '\t')
3429 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3433 gc_error (0, 0, "missing component at `%s', line %d",
3441 component_id = gc_component_find (component);
3442 if (component_id < 0)
3444 gc_error (0, 0, "unknown component at `%s', line %d",
3449 /* Parse the option name. */
3450 while (*option == ' ' || *option == '\t')
3452 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3456 gc_error (0, 0, "missing option at `%s', line %d",
3463 if ( component_id != -1)
3465 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3468 gc_error (0, 0, "unknown option at `%s', line %d",
3475 /* Parse the optional flags. */
3476 while (*flags == ' ' || *flags == '\t')
3481 p = strchr (flags, ']');
3484 gc_error (0, 0, "syntax error in rule at `%s', line %d",
3492 else /* No flags given. */
3498 /* Parse the optional value. */
3499 while (*value == ' ' || *value == '\t')
3501 for (p=value; *p && !strchr ("\r\n", *p); p++)
3504 value = empty; /* No value given; let it point to an empty string. */
3507 /* Strip trailing white space. */
3509 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3513 /* Check flag combinations. */
3516 else if (!strcmp (flags, "default"))
3520 gc_error (0, 0, "flag \"default\" may not be combined "
3521 "with a value at `%s', line %d",
3526 else if (!strcmp (flags, "change"))
3528 else if (!strcmp (flags, "no-change"))
3532 gc_error (0, 0, "unknown flag at `%s', line %d",
3537 /* In list mode we print out all records. */
3538 if (listfp && !result)
3540 /* If this is a new ruleset, print a key record. */
3541 if (!is_continuation)
3543 char *group = strchr (key, ':');
3547 if ((p = strchr (group, ':')))
3548 *p = 0; /* We better strip any extra stuff. */
3551 fprintf (listfp, "k:%s:", gc_percent_escape (key));
3552 fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3555 /* All other lines are rule records. */
3556 fprintf (listfp, "r:::%s:%s:%s:",
3557 gc_component[component_id].name,
3558 option_info->name? option_info->name : "",
3561 fprintf (listfp, "\"%s", gc_percent_escape (value));
3563 putc ('\n', listfp);
3566 /* Check whether the key matches but do this only if we are not
3567 running in syntax check mode. */
3569 && !result && !listfp
3570 && (got_match || (key && key_matches_user_or_group (key))) )
3576 /* Apply the flags from gpgconf.conf. */
3579 else if (!strcmp (flags, "default"))
3580 newflags |= GC_OPT_FLAG_DEFAULT;
3581 else if (!strcmp (flags, "no-change"))
3582 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3583 else if (!strcmp (flags, "change"))
3584 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3588 assert (component_id >= 0 && component_id < GC_COMPONENT_NR);
3590 /* Here we explicitly allow to update the value again. */
3593 option_info->new_flags = 0;
3597 xfree (option_info->new_value);
3598 option_info->new_value = NULL;
3600 change_one_value (option_info, runtime, newflags, value);
3605 if (length < 0 || ferror (config))
3607 gc_error (0, errno, "error reading from `%s'", fname);
3610 if (fclose (config) && ferror (config))
3611 gc_error (0, errno, "error closing `%s'", fname);
3615 /* If it all worked, process the options. */
3616 if (!result && update && defaults && !listfp)
3618 /* We need to switch off the runtime update, so that we can do
3619 it later all at once. */
3620 int save_opt_runtime = opt.runtime;
3623 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3625 gc_component_change_options (component_id, NULL, NULL);
3627 opt.runtime = save_opt_runtime;
3631 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3632 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3633 (*gc_backend[backend_id].runtime_change) ();