1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GnuPG; if not, see <https://www.gnu.org/licenses/>.
29 #include <sys/types.h>
38 #ifdef HAVE_W32_SYSTEM
39 # define WIN32_LEAN_AND_MEAN 1
46 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
47 #include "../common/util.h"
48 #include "../common/i18n.h"
49 #include "../common/exechelp.h"
50 #include "../common/sysutils.h"
52 #include "../common/gc-opt-flags.h"
55 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
56 returns a plain filename without escaping. As long as we have not
57 fixed that we need to use gpg2. */
58 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
59 #define GPGNAME "gpg2"
61 #define GPGNAME GPG_NAME
66 Components: Add more components and their options.
67 Robustness: Do more validation. Call programs to do validation for us.
68 Add options to change backend binary path.
69 Extract binary path for some backends from gpgsm/gpg config.
73 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
74 void gc_error (int status, int errnum, const char *fmt, ...) \
75 __attribute__ ((format (printf, 3, 4)));
78 /* Output a diagnostic message. If ERRNUM is not 0, then the output
79 is followed by a colon, a white space, and the error string for the
80 error number ERRNUM. In any case the output is finished by a
81 newline. The message is prepended by the program name, a colon,
82 and a whitespace. The output may be further formatted or
83 redirected by the jnlib logging facility. */
85 gc_error (int status, int errnum, const char *fmt, ...)
89 va_start (arg_ptr, fmt);
90 log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
94 log_printf (": %s\n", strerror (errnum));
101 log_printf ("fatal error (exit status %i)\n", status);
107 /* Forward declaration. */
108 static void gpg_agent_runtime_change (int killflag);
109 static void scdaemon_runtime_change (int killflag);
110 static void dirmngr_runtime_change (int killflag);
112 /* Backend configuration. Backends are used to decide how the default
113 and current value of an option can be determined, and how the
114 option can be changed. To every option in every component belongs
115 exactly one backend that controls and determines the option. Some
116 backends are programs from the GPG system. Others might be
117 implemented by GPGConf itself. If you change this enum, don't
118 forget to update GC_BACKEND below. */
121 /* Any backend, used for find_option (). */
124 /* The Gnu Privacy Guard. */
127 /* The Gnu Privacy Guard for S/MIME. */
131 GC_BACKEND_GPG_AGENT,
133 /* The GnuPG SCDaemon. */
136 /* The GnuPG directory manager. */
139 /* The LDAP server list file for the director manager. */
140 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
142 /* The Pinentry (not a part of GnuPG, proper). */
145 /* The number of the above entries. */
150 /* To be able to implement generic algorithms for the various
151 backends, we collect all information about them in this struct. */
154 /* The name of the backend. */
157 /* The name of the program that acts as the backend. Some backends
158 don't have an associated program, but are implemented directly by
159 GPGConf. In this case, PROGRAM is NULL. */
162 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
163 ../common/util.h. This value is used to get the actual installed
164 path of the program. 0 is used if no backend program is
168 /* The runtime change callback. If KILLFLAG is true the component
169 is killed and not just reloaded. */
170 void (*runtime_change) (int killflag);
172 /* The option name for the configuration filename of this backend.
173 This must be an absolute filename. It can be an option from a
174 different backend (but then ordering of the options might
175 matter). Note: This must be unique among all components. */
176 const char *option_config_filename;
178 /* If this is a file backend rather than a program backend, then
179 this is the name of the option associated with the file. */
180 const char *option_name;
181 } gc_backend[GC_BACKEND_NR] =
183 { NULL }, /* GC_BACKEND_ANY dummy entry. */
184 { GPG_DISP_NAME, GPGNAME, GNUPG_MODULE_NAME_GPG,
185 NULL, GPGCONF_NAME "-" GPG_NAME ".conf" },
186 { GPGSM_DISP_NAME, GPGSM_NAME, GNUPG_MODULE_NAME_GPGSM,
187 NULL, GPGCONF_NAME "-" GPGSM_NAME ".conf" },
188 { GPG_AGENT_DISP_NAME, GPG_AGENT_NAME, GNUPG_MODULE_NAME_AGENT,
189 gpg_agent_runtime_change, GPGCONF_NAME"-" GPG_AGENT_NAME ".conf" },
190 { SCDAEMON_DISP_NAME, SCDAEMON_NAME, GNUPG_MODULE_NAME_SCDAEMON,
191 scdaemon_runtime_change, GPGCONF_NAME"-" SCDAEMON_NAME ".conf" },
192 { DIRMNGR_DISP_NAME, DIRMNGR_NAME, GNUPG_MODULE_NAME_DIRMNGR,
193 dirmngr_runtime_change, GPGCONF_NAME "-" DIRMNGR_NAME ".conf" },
194 { DIRMNGR_DISP_NAME " LDAP Server List", NULL, 0,
195 NULL, "ldapserverlist-file", "LDAP Server" },
196 { "Pinentry", "pinentry", GNUPG_MODULE_NAME_PINENTRY,
197 NULL, GPGCONF_NAME "-pinentry.conf" },
201 /* Option configuration. */
203 /* An option might take an argument, or not. Argument types can be
204 basic or complex. Basic types are generic and easy to validate.
205 Complex types provide more specific information about the intended
206 use, but can be difficult to validate. If you add to this enum,
207 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
208 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
212 /* Basic argument types. */
215 GC_ARG_TYPE_NONE = 0,
217 /* A String argument. */
218 GC_ARG_TYPE_STRING = 1,
220 /* A signed integer argument. */
221 GC_ARG_TYPE_INT32 = 2,
223 /* An unsigned integer argument. */
224 GC_ARG_TYPE_UINT32 = 3,
226 /* ADD NEW BASIC TYPE ENTRIES HERE. */
228 /* Complex argument types. */
230 /* A complete filename. */
231 GC_ARG_TYPE_FILENAME = 32,
233 /* An LDAP server in the format
234 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
235 GC_ARG_TYPE_LDAP_SERVER = 33,
237 /* A 40 character fingerprint. */
238 GC_ARG_TYPE_KEY_FPR = 34,
240 /* A user ID or key ID or fingerprint for a certificate. */
241 GC_ARG_TYPE_PUB_KEY = 35,
243 /* A user ID or key ID or fingerprint for a certificate with a key. */
244 GC_ARG_TYPE_SEC_KEY = 36,
246 /* A alias list made up of a key, an equal sign and a space
247 separated list of values. */
248 GC_ARG_TYPE_ALIAS_LIST = 37,
250 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
252 /* The number of the above entries. */
257 /* For every argument, we record some information about it in the
261 /* For every argument type exists a basic argument type that can be
262 used as a fallback for input and validation purposes. */
263 gc_arg_type_t fallback;
265 /* Human-readable name of the type. */
267 } gc_arg_type[GC_ARG_TYPE_NR] =
269 /* The basic argument types have their own types as fallback. */
270 { GC_ARG_TYPE_NONE, "none" },
271 { GC_ARG_TYPE_STRING, "string" },
272 { GC_ARG_TYPE_INT32, "int32" },
273 { GC_ARG_TYPE_UINT32, "uint32" },
275 /* Reserved basic type entries for future extension. */
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
282 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
284 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
285 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
286 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
287 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
288 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
289 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
291 /* The complex argument types have a basic type as fallback. */
292 { GC_ARG_TYPE_STRING, "filename" },
293 { GC_ARG_TYPE_STRING, "ldap server" },
294 { GC_ARG_TYPE_STRING, "key fpr" },
295 { GC_ARG_TYPE_STRING, "pub key" },
296 { GC_ARG_TYPE_STRING, "sec key" },
297 { GC_ARG_TYPE_STRING, "alias list" },
301 /* Every option has an associated expert level, than can be used to
302 hide advanced and expert options from beginners. If you add to
303 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
304 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
305 EXTERNAL INTERFACE. */
308 /* The basic options should always be displayed. */
311 /* The advanced options may be hidden from beginners. */
314 /* The expert options should only be displayed to experts. */
317 /* The invisible options should normally never be displayed. */
320 /* The internal options are never exported, they mark options that
321 are recorded for internal use only. */
324 /* ADD NEW ENTRIES HERE. */
326 /* The number of the above entries. */
330 /* A description for each expert level. */
344 /* Option flags. The flags which are used by the backends are defined
345 by gc-opt-flags.h, included above.
347 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
348 PART OF THE EXTERNAL INTERFACE. */
350 /* Some entries in the option list are not options, but mark the
351 beginning of a new group of options. These entries have the GROUP
353 #define GC_OPT_FLAG_GROUP (1UL << 0)
354 /* The ARG_OPT flag for an option indicates that the argument is
355 optional. This is never set for GC_ARG_TYPE_NONE options. */
356 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
357 /* The LIST flag for an option indicates that the option can occur
358 several times. A comma separated list of arguments is used as the
360 #define GC_OPT_FLAG_LIST (1UL << 2)
363 /* A human-readable description for each flag. */
380 /* To each option, or group marker, the information in the GC_OPTION
381 struct is provided. If you change this, don't forget to update the
382 option list of each component. */
385 /* If this is NULL, then this is a terminator in an array of unknown
386 length. Otherwise, if this entry is a group marker (see FLAGS),
387 then this is the name of the group described by this entry.
388 Otherwise it is the name of the option described by this
389 entry. The name must not contain a colon. */
392 /* The option flags. If the GROUP flag is set, then this entry is a
393 group marker, not an option, and only the fields LEVEL,
394 DESC_DOMAIN and DESC are valid. In all other cases, this entry
395 describes a new option and all fields are valid. */
398 /* The expert level. This field is valid for options and groups. A
399 group has the expert level of the lowest-level option in the
401 gc_expert_level_t level;
403 /* A gettext domain in which the following description can be found.
404 If this is NULL, then DESC is not translated. Valid for groups
407 Note that we try to keep the description of groups within the
410 IMPORTANT: If you add a new domain please make sure to add a code
411 set switching call to the function my_dgettext further below. */
412 const char *desc_domain;
414 /* A gettext description for this group or option. If it starts
415 with a '|', then the string up to the next '|' describes the
416 argument, and the description follows the second '|'.
418 In general enclosing these description in N_() is not required
419 because the description should be identical to the one in the
420 help menu of the respective program. */
423 /* The following fields are only valid for options. */
425 /* The type of the option argument. */
426 gc_arg_type_t arg_type;
428 /* The backend that implements this option. */
429 gc_backend_t backend;
431 /* The following fields are set to NULL at startup (because all
432 option's are declared as static variables). They are at the end
433 of the list so that they can be omitted from the option
436 /* This is true if the option is supported by this version of the
440 /* The default value for this option. This is NULL if the option is
441 not present in the backend, the empty string if no default is
442 available, and otherwise a quoted string. */
445 /* The default argument is only valid if the "optional arg" flag is
446 set, and specifies the default argument (value) that is used if
447 the argument is omitted. */
450 /* The current value of this option. */
453 /* The new flags for this option. The only defined flag is actually
454 GC_OPT_FLAG_DEFAULT, and it means that the option should be
455 deleted. In this case, NEW_VALUE is NULL. */
456 unsigned long new_flags;
458 /* The new value of this option. */
461 typedef struct gc_option gc_option_t;
463 /* Use this macro to terminate an option list. */
464 #define GC_OPTION_NULL { NULL }
467 #ifndef BUILD_WITH_AGENT
468 #define gc_options_gpg_agent NULL
470 /* The options of the GC_COMPONENT_GPG_AGENT component. */
471 static gc_option_t gc_options_gpg_agent[] =
473 /* The configuration file to which we write the changes. */
474 { GPGCONF_NAME"-" GPG_AGENT_NAME ".conf",
475 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
476 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
479 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
480 "gnupg", N_("Options controlling the diagnostic output") },
481 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
483 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
484 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
485 "gnupg", "be somewhat more quiet",
486 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
487 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
489 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
492 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
493 "gnupg", N_("Options controlling the configuration") },
494 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
495 "gnupg", "|FILE|read options from FILE",
496 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
497 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
498 "gnupg", "do not use the SCdaemon",
499 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
500 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
501 "gnupg", "enable ssh support",
502 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
503 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
504 "gnupg", "enable putty support",
505 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
506 { "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE,
508 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
511 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
512 "gnupg", N_("Options useful for debugging") },
513 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
514 "gnupg", "|LEVEL|set the debugging level to LEVEL",
515 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
516 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
517 "gnupg", N_("|FILE|write server mode logs to FILE"),
518 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
519 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
521 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
524 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
525 "gnupg", N_("Options controlling the security") },
526 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
527 GC_LEVEL_BASIC, "gnupg",
528 "|N|expire cached PINs after N seconds",
529 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
530 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
531 GC_LEVEL_ADVANCED, "gnupg",
532 N_("|N|expire SSH keys after N seconds"),
533 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
534 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
535 GC_LEVEL_EXPERT, "gnupg",
536 N_("|N|set maximum PIN cache lifetime to N seconds"),
537 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
538 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
539 GC_LEVEL_EXPERT, "gnupg",
540 N_("|N|set maximum SSH key lifetime to N seconds"),
541 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
542 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
543 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
544 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
545 { "allow-emacs-pinentry", GC_OPT_FLAG_RUNTIME,
547 "gnupg", "allow passphrase to be prompted through Emacs",
548 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
549 { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
550 GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
551 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
552 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
553 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
554 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
555 { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
556 GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
557 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
558 { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
559 "gnupg", "do not grab keyboard and mouse",
560 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
562 { "Passphrase policy",
563 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
564 "gnupg", N_("Options enforcing a passphrase policy") },
565 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
566 GC_LEVEL_EXPERT, "gnupg",
567 N_("do not allow bypassing the passphrase policy"),
568 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
569 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
570 GC_LEVEL_ADVANCED, "gnupg",
571 N_("|N|set minimal required length for new passphrases to N"),
572 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
573 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
574 GC_LEVEL_EXPERT, "gnupg",
575 N_("|N|require at least N non-alpha characters for a new passphrase"),
576 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
577 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
579 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
580 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
581 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
582 GC_LEVEL_EXPERT, "gnupg",
583 N_("|N|expire the passphrase after N days"),
584 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
585 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
586 GC_LEVEL_EXPERT, "gnupg",
587 N_("do not allow the reuse of old passphrases"),
588 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
589 { "pinentry-timeout", GC_OPT_FLAG_RUNTIME,
590 GC_LEVEL_ADVANCED, "gnupg",
591 N_("|N|set the Pinentry timeout to N seconds"),
592 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
596 #endif /*BUILD_WITH_AGENT*/
599 #ifndef BUILD_WITH_SCDAEMON
600 #define gc_options_scdaemon NULL
602 /* The options of the GC_COMPONENT_SCDAEMON component. */
603 static gc_option_t gc_options_scdaemon[] =
605 /* The configuration file to which we write the changes. */
606 { GPGCONF_NAME"-"SCDAEMON_NAME".conf",
607 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
608 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
611 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
612 "gnupg", N_("Options controlling the diagnostic output") },
613 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
615 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
616 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
617 "gnupg", "be somewhat more quiet",
618 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
619 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
621 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
624 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
625 "gnupg", N_("Options controlling the configuration") },
626 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
627 "gnupg", "|FILE|read options from FILE",
628 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
629 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
630 "gnupg", "|N|connect to reader at port N",
631 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
632 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
633 "gnupg", "|NAME|use NAME as ct-API driver",
634 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
635 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
636 "gnupg", "|NAME|use NAME as PC/SC driver",
637 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
638 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
639 "gnupg", "do not use the internal CCID driver",
640 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
641 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
642 "gnupg", "do not use a reader's pinpad",
643 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
644 { "enable-pinpad-varlen",
645 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
646 "gnupg", "use variable length input for pinpad",
647 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
648 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
649 "gnupg", "|N|disconnect the card after N seconds of inactivity",
650 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
653 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
654 "gnupg", N_("Options useful for debugging") },
655 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
656 "gnupg", "|LEVEL|set the debugging level to LEVEL",
657 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
658 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
659 "gnupg", N_("|FILE|write a log to FILE"),
660 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
663 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
664 "gnupg", N_("Options controlling the security") },
665 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
666 "gnupg", "deny the use of admin card commands",
667 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
672 #endif /*BUILD_WITH_SCDAEMON*/
674 #ifndef BUILD_WITH_GPG
675 #define gc_options_gpg NULL
677 /* The options of the GC_COMPONENT_GPG component. */
678 static gc_option_t gc_options_gpg[] =
680 /* The configuration file to which we write the changes. */
681 { GPGCONF_NAME"-"GPG_NAME".conf",
682 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
683 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
686 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
687 "gnupg", N_("Options controlling the diagnostic output") },
688 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
690 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
691 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
692 "gnupg", "be somewhat more quiet",
693 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
694 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
696 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
699 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
700 "gnupg", N_("Options controlling the configuration") },
701 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
702 "gnupg", N_("|NAME|use NAME as default secret key"),
703 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
704 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
705 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
706 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
707 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
708 "gnupg", N_("|SPEC|set up email aliases"),
709 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
710 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
712 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
713 { "compliance", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
715 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
716 { "default-new-key-algo", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
718 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
719 { "default_pubkey_algo",
720 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
722 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
724 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
726 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
730 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
731 "gnupg", N_("Options useful for debugging") },
732 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
733 "gnupg", "|LEVEL|set the debugging level to LEVEL",
734 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
735 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
736 "gnupg", N_("|FILE|write server mode logs to FILE"),
737 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
738 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
740 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
743 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
744 "gnupg", N_("Configuration for Keyservers") },
745 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
746 "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
747 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
748 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
749 "gnupg", N_("allow PKA lookups (DNS requests)"),
750 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
751 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
752 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
753 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
754 { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
755 NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
760 #endif /*BUILD_WITH_GPG*/
763 #ifndef BUILD_WITH_GPGSM
764 #define gc_options_gpgsm NULL
766 /* The options of the GC_COMPONENT_GPGSM component. */
767 static gc_option_t gc_options_gpgsm[] =
769 /* The configuration file to which we write the changes. */
770 { GPGCONF_NAME"-"GPGSM_NAME".conf",
771 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
772 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
775 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
776 "gnupg", N_("Options controlling the diagnostic output") },
777 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
779 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
780 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
781 "gnupg", "be somewhat more quiet",
782 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
783 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
785 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
788 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
789 "gnupg", N_("Options controlling the configuration") },
790 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
791 "gnupg", N_("|NAME|use NAME as default secret key"),
792 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
793 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
794 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
795 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
796 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
797 "gnupg", "|FILE|read options from FILE",
798 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
799 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
800 "gnupg", "use system's dirmngr if available",
801 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
802 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
803 "gnupg", N_("disable all access to the dirmngr"),
804 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
805 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
806 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
807 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
808 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
809 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
810 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
811 { "default_pubkey_algo",
812 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
814 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
817 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
818 "gnupg", N_("Options useful for debugging") },
819 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
820 "gnupg", "|LEVEL|set the debugging level to LEVEL",
821 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
822 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
823 "gnupg", N_("|FILE|write server mode logs to FILE"),
824 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
825 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
827 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
830 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
831 "gnupg", N_("Options controlling the security") },
832 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
833 "gnupg", "never consult a CRL",
834 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
835 { "enable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
837 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
838 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
839 "gnupg", N_("do not check CRLs for root certificates"),
840 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
841 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
842 "gnupg", "check validity using OCSP",
843 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
844 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
845 "gnupg", "|N|number of certificates to include",
846 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
847 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
848 "gnupg", "do not check certificate policies",
849 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
850 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
851 "gnupg", "fetch missing issuer certificates",
852 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
853 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
854 "gnupg", "|NAME|use cipher algorithm NAME",
855 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
859 #endif /*BUILD_WITH_GPGSM*/
862 #ifndef BUILD_WITH_DIRMNGR
863 #define gc_options_dirmngr NULL
865 /* The options of the GC_COMPONENT_DIRMNGR component. */
866 static gc_option_t gc_options_dirmngr[] =
868 /* The configuration file to which we write the changes. */
869 { GPGCONF_NAME"-"DIRMNGR_NAME".conf",
870 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
871 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
874 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
875 "gnupg", N_("Options controlling the diagnostic output") },
876 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
877 "dirmngr", "verbose",
878 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
879 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
880 "dirmngr", "be somewhat more quiet",
881 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
882 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
884 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
887 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
888 "gnupg", N_("Options controlling the format of the output") },
889 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
890 "dirmngr", "sh-style command output",
891 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
892 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
893 "dirmngr", "csh-style command output",
894 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
897 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
898 "gnupg", N_("Options controlling the configuration") },
899 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
900 "dirmngr", "|FILE|read options from FILE",
901 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
902 { "resolver-timeout", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
904 GC_ARG_TYPE_INT32, GC_BACKEND_DIRMNGR },
905 { "nameserver", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
907 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
910 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
911 "gnupg", N_("Options useful for debugging") },
912 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
913 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
914 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
915 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
916 "dirmngr", "do not detach from the console",
917 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
918 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
919 "dirmngr", N_("|FILE|write server mode logs to FILE"),
920 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
921 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
923 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
924 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
926 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
929 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
930 "gnupg", N_("Options controlling the interactivity and enforcement") },
931 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
932 "dirmngr", "run without asking a user",
933 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
934 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
935 "dirmngr", "force loading of outdated CRLs",
936 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
937 { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
938 "dirmngr", "allow online software version check",
939 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
942 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
943 "gnupg", N_("Options controlling the use of Tor") },
944 { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
945 "dirmngr", "route all network traffic via TOR",
946 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
949 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
950 "gnupg", N_("Configuration for Keyservers") },
951 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
952 "gnupg", N_("|URL|use keyserver at URL"),
953 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
956 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
957 "gnupg", N_("Configuration for HTTP servers") },
958 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
959 "dirmngr", "inhibit the use of HTTP",
960 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
961 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
962 "dirmngr", "ignore HTTP CRL distribution points",
963 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
964 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
965 "dirmngr", "|URL|redirect all HTTP requests to URL",
966 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
967 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
968 "gnupg", N_("use system's HTTP proxy setting"),
969 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
972 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
973 "gnupg", N_("Configuration of LDAP servers to use") },
974 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
975 "dirmngr", "inhibit the use of LDAP",
976 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
977 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
978 "dirmngr", "ignore LDAP CRL distribution points",
979 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
980 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
981 "dirmngr", "|HOST|use HOST for LDAP queries",
982 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
983 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
984 "dirmngr", "do not use fallback hosts with --ldap-proxy",
985 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
986 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
987 "dirmngr", "add new servers discovered in CRL distribution points"
988 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
989 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
990 "dirmngr", "|N|set LDAP timeout to N seconds",
991 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
992 /* The following entry must not be removed, as it is required for
993 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
994 { "ldapserverlist-file",
995 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
996 "dirmngr", "|FILE|read LDAP server list from FILE",
997 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
998 /* This entry must come after at least one entry for
999 GC_BACKEND_DIRMNGR in this component, so that the entry for
1000 "ldapserverlist-file will be initialized before this one. */
1001 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
1002 "gnupg", N_("LDAP server list"),
1003 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
1004 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1005 "dirmngr", "|N|do not return more than N items in one query",
1006 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
1009 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
1010 "gnupg", N_("Configuration for OCSP") },
1011 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1012 "dirmngr", "allow sending OCSP requests",
1013 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1014 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1015 "dirmngr", "ignore certificate contained OCSP service URLs",
1016 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1017 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1018 "dirmngr", "|URL|use OCSP responder at URL",
1019 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1020 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1021 "dirmngr", "|FPR|OCSP response signed by FPR",
1022 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1027 #endif /*BUILD_WITH_DIRMNGR*/
1030 /* The options of the GC_COMPONENT_PINENTRY component. */
1031 static gc_option_t gc_options_pinentry[] =
1033 /* A dummy option to allow gc_component_list_components to find the
1034 pinentry backend. Needs to be a conf file. */
1035 { GPGCONF_NAME"-pinentry.conf",
1036 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1037 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_PINENTRY },
1044 /* Component system. Each component is a set of options that can be
1045 configured at the same time. If you change this, don't forget to
1046 update GC_COMPONENT below. */
1049 /* The classic GPG for OpenPGP. */
1052 /* The GPG Agent. */
1053 GC_COMPONENT_GPG_AGENT,
1055 /* The Smardcard Daemon. */
1056 GC_COMPONENT_SCDAEMON,
1058 /* GPG for S/MIME. */
1061 /* The LDAP Directory Manager for CRLs. */
1062 GC_COMPONENT_DIRMNGR,
1064 /* The external Pinentry. */
1065 GC_COMPONENT_PINENTRY,
1067 /* The number of components. */
1072 /* The information associated with each component. */
1075 /* The name of this component. Must not contain a colon (':')
1079 /* The gettext domain for the description DESC. If this is NULL,
1080 then the description is not translated. */
1081 const char *desc_domain;
1083 /* The description for this domain. */
1086 /* The list of options for this component, terminated by
1088 gc_option_t *options;
1091 { "gpg", "gnupg", N_("OpenPGP"), gc_options_gpg },
1092 { "gpg-agent","gnupg", N_("Private Keys"), gc_options_gpg_agent },
1093 { "scdaemon", "gnupg", N_("Smartcards"), gc_options_scdaemon },
1094 { "gpgsm", "gnupg", N_("S/MIME"), gc_options_gpgsm },
1095 { "dirmngr", "gnupg", N_("Network"), gc_options_dirmngr },
1096 { "pinentry", "gnupg", N_("Passphrase Entry"), gc_options_pinentry }
1101 /* Structure used to collect error output of the backend programs. */
1102 struct error_line_s;
1103 typedef struct error_line_s *error_line_t;
1106 error_line_t next; /* Link to next item. */
1107 const char *fname; /* Name of the config file (points into BUFFER). */
1108 unsigned int lineno; /* Line number of the config file. */
1109 const char *errtext; /* Text of the error message (points into BUFFER). */
1110 char buffer[1]; /* Helper buffer. */
1116 /* Initialization and finalization. */
1119 gc_option_free (gc_option_t *o)
1121 if (o == NULL || o->name == NULL)
1125 gc_option_free (o + 1);
1129 gc_components_free (void)
1132 for (i = 0; i < DIM (gc_component); i++)
1133 gc_option_free (gc_component[i].options);
1137 gc_components_init (void)
1139 atexit (gc_components_free);
1144 /* Engine specific support. */
1146 gpg_agent_runtime_change (int killflag)
1148 gpg_error_t err = 0;
1149 const char *pgmname;
1150 const char *argv[5];
1151 pid_t pid = (pid_t)(-1);
1152 char *abs_homedir = NULL;
1155 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1156 if (!gnupg_default_homedir_p ())
1158 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1160 err = gpg_error_from_syserror ();
1162 argv[i++] = "--homedir";
1163 argv[i++] = abs_homedir;
1165 argv[i++] = "--no-autostart";
1166 argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT";
1170 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1172 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1174 gc_error (0, 0, "error running '%s %s': %s",
1175 pgmname, argv[1], gpg_strerror (err));
1176 gnupg_release_process (pid);
1177 xfree (abs_homedir);
1182 scdaemon_runtime_change (int killflag)
1184 gpg_error_t err = 0;
1185 const char *pgmname;
1186 const char *argv[9];
1187 pid_t pid = (pid_t)(-1);
1188 char *abs_homedir = NULL;
1191 (void)killflag; /* For scdaemon kill and reload are synonyms. */
1193 /* We use "GETINFO app_running" to see whether the agent is already
1194 running and kill it only in this case. This avoids an explicit
1195 starting of the agent in case it is not yet running. There is
1196 obviously a race condition but that should not harm too much. */
1198 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1199 if (!gnupg_default_homedir_p ())
1201 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1203 err = gpg_error_from_syserror ();
1205 argv[i++] = "--homedir";
1206 argv[i++] = abs_homedir;
1209 argv[i++] = "--no-autostart";
1210 argv[i++] = "GETINFO scd_running";
1211 argv[i++] = "/if ${! $?}";
1212 argv[i++] = "scd killscd";
1217 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1219 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1221 gc_error (0, 0, "error running '%s %s': %s",
1222 pgmname, argv[4], gpg_strerror (err));
1223 gnupg_release_process (pid);
1224 xfree (abs_homedir);
1229 dirmngr_runtime_change (int killflag)
1231 gpg_error_t err = 0;
1232 const char *pgmname;
1233 const char *argv[6];
1234 pid_t pid = (pid_t)(-1);
1235 char *abs_homedir = NULL;
1237 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1238 argv[0] = "--no-autostart";
1239 argv[1] = "--dirmngr";
1240 argv[2] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
1241 if (gnupg_default_homedir_p ())
1245 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1247 err = gpg_error_from_syserror ();
1249 argv[3] = "--homedir";
1250 argv[4] = abs_homedir;
1255 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1257 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1259 gc_error (0, 0, "error running '%s %s': %s",
1260 pgmname, argv[2], gpg_strerror (err));
1261 gnupg_release_process (pid);
1262 xfree (abs_homedir);
1266 /* Launch the gpg-agent or the dirmngr if not already running. */
1268 gc_component_launch (int component)
1271 const char *pgmname;
1272 const char *argv[3];
1278 err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
1280 err = gc_component_launch (GC_COMPONENT_DIRMNGR);
1284 if (!(component == GC_COMPONENT_GPG_AGENT
1285 || component == GC_COMPONENT_DIRMNGR))
1287 es_fputs (_("Component not suitable for launching"), es_stderr);
1288 es_putc ('\n', es_stderr);
1292 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1294 if (component == GC_COMPONENT_DIRMNGR)
1295 argv[i++] = "--dirmngr";
1299 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1301 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1303 gc_error (0, 0, "error running '%s%s%s': %s",
1305 component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
1307 gpg_strerror (err));
1308 gnupg_release_process (pid);
1313 /* Unconditionally restart COMPONENT. */
1315 gc_component_kill (int component)
1317 int runtime[GC_BACKEND_NR];
1318 gc_option_t *option;
1319 gc_backend_t backend;
1321 /* Set a flag for the backends to be reloaded. */
1322 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1323 runtime[backend] = 0;
1327 for (component = 0; component < GC_COMPONENT_NR; component++)
1329 option = gc_component[component].options;
1330 for (; option && option->name; option++)
1331 runtime[option->backend] = 1;
1336 assert (component < GC_COMPONENT_NR);
1337 option = gc_component[component].options;
1338 for (; option && option->name; option++)
1339 runtime[option->backend] = 1;
1342 /* Do the restart for the selected backends. */
1343 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1345 if (runtime[backend] && gc_backend[backend].runtime_change)
1346 (*gc_backend[backend].runtime_change) (1);
1351 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1353 gc_component_reload (int component)
1355 int runtime[GC_BACKEND_NR];
1356 gc_option_t *option;
1357 gc_backend_t backend;
1359 /* Set a flag for the backends to be reloaded. */
1360 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1361 runtime[backend] = 0;
1365 for (component = 0; component < GC_COMPONENT_NR; component++)
1367 option = gc_component[component].options;
1368 for (; option && option->name; option++)
1369 runtime[option->backend] = 1;
1374 assert (component < GC_COMPONENT_NR);
1375 option = gc_component[component].options;
1376 for (; option && option->name; option++)
1377 runtime[option->backend] = 1;
1380 /* Do the reload for all selected backends. */
1381 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1383 if (runtime[backend] && gc_backend[backend].runtime_change)
1384 (*gc_backend[backend].runtime_change) (0);
1390 /* More or less Robust version of dgettext. It has the side effect of
1391 switching the codeset to utf-8 because this is what we want to
1392 output. In theory it is posible to keep the original code set and
1393 switch back for regular disgnostic output (redefine "_(" for that)
1394 but given the natur of this tool, being something invoked from
1395 other pograms, it does not make much sense. */
1397 my_dgettext (const char *domain, const char *msgid)
1399 #ifdef USE_SIMPLE_GETTEXT
1402 static int switched_codeset;
1405 if (!switched_codeset)
1407 switched_codeset = 1;
1408 gettext_use_utf8 (1);
1411 if (!strcmp (domain, "gnupg"))
1412 domain = PACKAGE_GT;
1414 /* FIXME: we have no dgettext, thus we can't switch. */
1416 text = (char*)gettext (msgid);
1417 return text ? text : msgid;
1421 #elif defined(ENABLE_NLS)
1424 static int switched_codeset;
1427 if (!switched_codeset)
1429 switched_codeset = 1;
1430 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1432 bindtextdomain (DIRMNGR_NAME, LOCALEDIR);
1433 bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
1437 /* Note: This is a hack to actually use the gnupg2 domain as
1438 long we are in a transition phase where gnupg 1.x and 1.9 may
1440 if (!strcmp (domain, "gnupg"))
1441 domain = PACKAGE_GT;
1443 text = dgettext (domain, msgid);
1444 return text ? text : msgid;
1455 /* Percent-Escape special characters. The string is valid until the
1456 next invocation of the function. */
1458 gc_percent_escape (const char *src)
1460 static char *esc_str;
1461 static int esc_str_len;
1462 int new_len = 3 * strlen (src) + 1;
1465 if (esc_str_len < new_len)
1467 char *new_esc_str = realloc (esc_str, new_len);
1469 gc_error (1, errno, "can not escape string");
1470 esc_str = new_esc_str;
1471 esc_str_len = new_len;
1483 else if (*src == ':')
1485 /* The colon is used as field separator. */
1490 else if (*src == ',')
1492 /* The comma is used as list separator. */
1497 else if (*src == '\n')
1499 /* The newline is problematic in a line-based format. */
1514 /* Percent-Deescape special characters. The string is valid until the
1515 next invocation of the function. */
1517 percent_deescape (const char *src)
1521 int new_len = 3 * strlen (src) + 1;
1524 if (str_len < new_len)
1526 char *new_str = realloc (str, new_len);
1528 gc_error (1, errno, "can not deescape string");
1538 int val = hextobyte (src + 1);
1541 gc_error (1, 0, "malformed end of string %s", src);
1543 *(dst++) = (char) val;
1547 *(dst++) = *(src++);
1554 /* List all components that are available. */
1556 gc_component_list_components (estream_t out)
1558 gc_component_t component;
1559 gc_option_t *option;
1560 gc_backend_t backend;
1561 int backend_seen[GC_BACKEND_NR];
1563 const char *pgmname;
1565 for (component = 0; component < GC_COMPONENT_NR; component++)
1567 option = gc_component[component].options;
1570 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1571 backend_seen[backend] = 0;
1574 for (; option && option->name; option++)
1576 if ((option->flags & GC_OPT_FLAG_GROUP))
1578 backend = option->backend;
1579 if (backend_seen[backend])
1581 backend_seen[backend] = 1;
1582 assert (backend != GC_BACKEND_ANY);
1583 if (gc_backend[backend].program
1584 && !gc_backend[backend].module_name)
1586 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1590 desc = gc_component[component].desc;
1591 desc = my_dgettext (gc_component[component].desc_domain, desc);
1592 es_fprintf (out, "%s:%s:",
1593 gc_component[component].name, gc_percent_escape (desc));
1594 es_fprintf (out, "%s\n", gc_percent_escape (pgmname));
1602 all_digits_p (const char *p, size_t len)
1606 for (; len; len--, p++)
1607 if (!isascii (*p) || !isdigit (*p))
1609 return 1; /* Yes. */
1613 /* Collect all error lines from stream FP. Only lines prefixed with
1614 TAG are considered. Returns a list of error line items (which may
1615 be empty). There is no error return. */
1617 collect_error_output (estream_t fp, const char *tag)
1623 error_line_t eitem, errlines, *errlines_tail;
1624 size_t taglen = strlen (tag);
1627 errlines_tail = &errlines;
1630 while ((c=es_getc (fp)) != EOF)
1633 if (pos >= sizeof buffer - 5 || c == '\n')
1635 buffer[pos - (c == '\n')] = 0;
1637 ; /*Ignore continuations of previous line. */
1638 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1640 /* "gpgsm: foo:4: bla" */
1641 /* Yep, we are interested in this line. */
1642 p = buffer + taglen + 1;
1643 while (*p == ' ' || *p == '\t')
1645 trim_trailing_spaces (p); /* Get rid of extra CRs. */
1647 ; /* Empty lines are ignored. */
1648 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1649 && all_digits_p (p2+1, p3 - (p2+1)))
1651 /* Line in standard compiler format. */
1653 while (*p3 == ' ' || *p3 == '\t')
1655 eitem = xmalloc (sizeof *eitem + strlen (p));
1657 strcpy (eitem->buffer, p);
1658 eitem->fname = eitem->buffer;
1659 eitem->buffer[p2-p] = 0;
1660 eitem->errtext = eitem->buffer + (p3 - p);
1661 /* (we already checked that there are only ascii
1662 digits followed by a colon) */
1664 for (p2++; isdigit (*p2); p2++)
1665 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1666 *errlines_tail = eitem;
1667 errlines_tail = &eitem->next;
1671 /* Other error output. */
1672 eitem = xmalloc (sizeof *eitem + strlen (p));
1674 strcpy (eitem->buffer, p);
1675 eitem->fname = NULL;
1676 eitem->errtext = eitem->buffer;
1678 *errlines_tail = eitem;
1679 errlines_tail = &eitem->next;
1683 /* If this was not a complete line mark that we are in a
1685 cont_line = (c != '\n');
1689 /* We ignore error lines not terminated by a LF. */
1694 /* Check the options of a single component. Returns 0 if everything
1697 gc_component_check_options (int component, estream_t out, const char *conf_file)
1700 unsigned int result;
1701 int backend_seen[GC_BACKEND_NR];
1702 gc_backend_t backend;
1703 gc_option_t *option;
1704 const char *pgmname;
1705 const char *argv[4];
1710 error_line_t errlines;
1712 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1713 backend_seen[backend] = 0;
1715 option = gc_component[component].options;
1716 for (; option && option->name; option++)
1718 if ((option->flags & GC_OPT_FLAG_GROUP))
1720 backend = option->backend;
1721 if (backend_seen[backend])
1723 backend_seen[backend] = 1;
1724 assert (backend != GC_BACKEND_ANY);
1725 if (!gc_backend[backend].program)
1727 if (!gc_backend[backend].module_name)
1732 if (! option || ! option->name)
1735 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1739 argv[i++] = "--options";
1740 argv[i++] = conf_file;
1742 if (component == GC_COMPONENT_PINENTRY)
1743 argv[i++] = "--version";
1745 argv[i++] = "--gpgconf-test";
1750 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
1751 NULL, NULL, &errfp, &pid);
1753 result |= 1; /* Program could not be run. */
1756 errlines = collect_error_output (errfp,
1757 gc_component[component].name);
1758 if (gnupg_wait_process (pgmname, pid, 1, &exitcode))
1761 result |= 1; /* Program could not be run or it
1762 terminated abnormally. */
1763 result |= 2; /* Program returned an error. */
1765 gnupg_release_process (pid);
1769 /* If the program could not be run, we can't tell whether
1770 the config file is good. */
1777 error_line_t errptr;
1779 desc = gc_component[component].desc;
1780 desc = my_dgettext (gc_component[component].desc_domain, desc);
1781 es_fprintf (out, "%s:%s:",
1782 gc_component[component].name, gc_percent_escape (desc));
1783 es_fputs (gc_percent_escape (pgmname), out);
1784 es_fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1785 for (errptr = errlines; errptr; errptr = errptr->next)
1787 if (errptr != errlines)
1788 es_fputs ("\n:::::", out); /* Continuation line. */
1790 es_fputs (gc_percent_escape (errptr->fname), out);
1793 es_fprintf (out, "%u", errptr->lineno);
1795 es_fputs (gc_percent_escape (errptr->errtext), out);
1798 es_putc ('\n', out);
1803 error_line_t tmp = errlines->next;
1813 /* Check all components that are available. */
1815 gc_check_programs (estream_t out)
1817 gc_component_t component;
1819 for (component = 0; component < GC_COMPONENT_NR; component++)
1820 gc_component_check_options (component, out, NULL);
1825 /* Find the component with the name NAME. Returns -1 if not
1828 gc_component_find (const char *name)
1832 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1834 if (gc_component[idx].options
1835 && !strcmp (name, gc_component[idx].name))
1842 /* List the option OPTION. */
1844 list_one_option (const gc_option_t *option, estream_t out)
1846 const char *desc = NULL;
1847 char *arg_name = NULL;
1851 desc = my_dgettext (option->desc_domain, option->desc);
1855 const char *arg_tail = strchr (&desc[1], '|');
1859 int arg_len = arg_tail - &desc[1];
1860 arg_name = xmalloc (arg_len + 1);
1861 memcpy (arg_name, &desc[1], arg_len);
1862 arg_name[arg_len] = '\0';
1863 desc = arg_tail + 1;
1869 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1870 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1873 /* The name field. */
1874 es_fprintf (out, "%s", option->name);
1876 /* The flags field. */
1877 es_fprintf (out, ":%lu", option->flags);
1883 es_fprintf (out, "none");
1886 unsigned long flags = option->flags;
1887 unsigned long flag = 0;
1888 unsigned long first = 1;
1898 es_fprintf (out, "%s", gc_flag[flag].name);
1906 /* The level field. */
1907 es_fprintf (out, ":%u", option->level);
1909 es_fprintf (out, " %s", gc_level[option->level].name);
1911 /* The description field. */
1912 es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1914 /* The type field. */
1915 es_fprintf (out, ":%u", option->arg_type);
1917 es_fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1919 /* The alternate type field. */
1920 es_fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1922 es_fprintf (out, " %s",
1923 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1925 /* The argument name field. */
1926 es_fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1929 /* The default value field. */
1930 es_fprintf (out, ":%s", option->default_value ? option->default_value : "");
1932 /* The default argument field. */
1933 es_fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1935 /* The value field. */
1936 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1937 && (option->flags & GC_OPT_FLAG_LIST)
1939 /* The special format "1,1,1,1,...,1" is converted to a number
1941 es_fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1943 es_fprintf (out, ":%s", option->value ? option->value : "");
1945 /* ADD NEW FIELDS HERE. */
1947 es_putc ('\n', out);
1951 /* List all options of the component COMPONENT. */
1953 gc_component_list_options (int component, estream_t out)
1955 const gc_option_t *option = gc_component[component].options;
1957 while (option && option->name)
1959 /* Do not output unknown or internal options. */
1960 if (!(option->flags & GC_OPT_FLAG_GROUP)
1961 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1967 if (option->flags & GC_OPT_FLAG_GROUP)
1969 const gc_option_t *group_option = option + 1;
1970 gc_expert_level_t level = GC_LEVEL_NR;
1972 /* The manual states that the group level is always the
1973 minimum of the levels of all contained options. Due to
1974 different active options, and because it is hard to
1975 maintain manually, we calculate it here. The value in
1976 the global static table is ignored. */
1978 while (group_option->name)
1980 if (group_option->flags & GC_OPT_FLAG_GROUP)
1982 if (group_option->level < level)
1983 level = group_option->level;
1987 /* Check if group is empty. */
1988 if (level != GC_LEVEL_NR)
1990 gc_option_t opt_copy;
1992 /* Fix up the group level. */
1993 memcpy (&opt_copy, option, sizeof (opt_copy));
1994 opt_copy.level = level;
1995 list_one_option (&opt_copy, out);
1999 list_one_option (option, out);
2006 /* Find the option NAME in component COMPONENT, for the backend
2007 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
2008 static gc_option_t *
2009 find_option (gc_component_t component, const char *name,
2010 gc_backend_t backend)
2012 gc_option_t *option = gc_component[component].options;
2013 while (option->name)
2015 if (!(option->flags & GC_OPT_FLAG_GROUP)
2016 && !strcmp (option->name, name)
2017 && (backend == GC_BACKEND_ANY || option->backend == backend))
2021 return option->name ? option : NULL;
2025 /* Determine the configuration filename for the component COMPONENT
2026 and backend BACKEND. */
2028 get_config_filename (gc_component_t component, gc_backend_t backend)
2030 char *filename = NULL;
2031 gc_option_t *option = find_option
2032 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2034 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
2035 assert (!(option->flags & GC_OPT_FLAG_LIST));
2037 if (!option->active || !option->default_value)
2038 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
2039 gc_backend[backend].option_config_filename,
2040 gc_backend[backend].name);
2042 if (option->value && *option->value)
2043 filename = percent_deescape (&option->value[1]);
2044 else if (option->default_value && *option->default_value)
2045 filename = percent_deescape (&option->default_value[1]);
2049 #if HAVE_W32CE_SYSTEM
2050 if (!(filename[0] == '/' || filename[0] == '\\'))
2051 #elif defined(HAVE_DOSISH_SYSTEM)
2053 && filename[1] == ':'
2054 && (filename[2] == '/' || filename[2] == '\\')))
2056 if (filename[0] != '/')
2058 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
2059 gc_backend[backend].option_config_filename,
2060 gc_backend[backend].name);
2066 /* Retrieve the options for the component COMPONENT from backend
2067 BACKEND, which we already know is a program-type backend. */
2069 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
2072 const char *pgmname;
2073 const char *argv[2];
2078 size_t line_len = 0;
2081 char *config_filename;
2083 pgmname = (gc_backend[backend].module_name
2084 ? gnupg_module_name (gc_backend[backend].module_name)
2085 : gc_backend[backend].program );
2086 argv[0] = "--gpgconf-list";
2089 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
2090 NULL, &outfp, NULL, &pid);
2093 gc_error (1, 0, "could not gather active options from '%s': %s",
2094 pgmname, gpg_strerror (err));
2097 while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
2099 gc_option_t *option;
2101 unsigned long flags = 0;
2102 char *default_value = NULL;
2104 /* Strip newline and carriage return, if present. */
2106 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
2107 line[--length] = '\0';
2109 linep = strchr (line, ':');
2113 /* Extract additional flags. Default to none. */
2119 end = strchr (linep, ':');
2123 gpg_err_set_errno (0);
2124 flags = strtoul (linep, &tail, 0);
2126 gc_error (1, errno, "malformed flags in option %s from %s",
2128 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
2129 gc_error (1, 0, "garbage after flags in option %s from %s",
2135 /* Extract default value, if present. Default to empty if
2141 end = strchr (linep, ':');
2145 if (flags & GC_OPT_FLAG_DEFAULT)
2146 default_value = linep;
2151 /* Look up the option in the component and install the
2152 configuration data. */
2153 option = find_option (component, line, backend);
2157 gc_error (1, errno, "option %s returned twice from %s",
2161 option->flags |= flags;
2162 if (default_value && *default_value)
2163 option->default_value = xstrdup (default_value);
2166 if (length < 0 || es_ferror (outfp))
2167 gc_error (1, errno, "error reading from %s", pgmname);
2168 if (es_fclose (outfp))
2169 gc_error (1, errno, "error closing %s", pgmname);
2171 err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
2173 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
2174 pgmname, exitcode, gpg_strerror (err));
2175 gnupg_release_process (pid);
2178 /* At this point, we can parse the configuration file. */
2179 config_filename = get_config_filename (component, backend);
2181 config = es_fopen (config_filename, "r");
2184 if (errno != ENOENT)
2185 gc_error (0, errno, "warning: can not open config file %s",
2190 while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
2194 gc_option_t *option;
2197 while (*name == ' ' || *name == '\t')
2199 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
2203 while (*value && *value != ' ' && *value != '\t'
2204 && *value != '#' && *value != '\r' && *value != '\n')
2206 if (*value == ' ' || *value == '\t')
2211 while (*value == ' ' || *value == '\t')
2215 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2217 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
2224 /* Look up the option in the component and install the
2225 configuration data. */
2226 option = find_option (component, line, backend);
2231 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2235 "warning: ignoring argument %s for option %s",
2237 opt_value = xstrdup ("1");
2239 else if (gc_arg_type[option->arg_type].fallback
2240 == GC_ARG_TYPE_STRING)
2241 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
2244 /* FIXME: Verify that the number is sane. */
2245 opt_value = xstrdup (value);
2248 /* Now enter the option into the table. */
2249 if (!(option->flags & GC_OPT_FLAG_LIST))
2252 xfree (option->value);
2253 option->value = opt_value;
2258 option->value = opt_value;
2261 char *old = option->value;
2262 option->value = xasprintf ("%s,%s", old, opt_value);
2270 if (length < 0 || es_ferror (config))
2271 gc_error (1, errno, "error reading from %s", config_filename);
2272 if (es_fclose (config))
2273 gc_error (1, errno, "error closing %s", config_filename);
2280 /* Retrieve the options for the component COMPONENT from backend
2281 BACKEND, which we already know is of type file list. */
2283 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2285 gc_option_t *list_option;
2286 gc_option_t *config_option;
2287 char *list_filename;
2288 gpgrt_stream_t list_file;
2290 size_t line_len = 0;
2294 list_option = find_option (component,
2295 gc_backend[backend].option_name, GC_BACKEND_ANY);
2296 assert (list_option);
2297 assert (!list_option->active);
2299 list_filename = get_config_filename (component, backend);
2300 list_file = gpgrt_fopen (list_filename, "r");
2302 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2306 while ((length = gpgrt_read_line (list_file, &line, &line_len, NULL)) > 0)
2313 while (*start == ' ' || *start == '\t')
2315 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2319 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2321 /* Walk back to skip trailing white spaces. Looks evil, but
2322 works because of the conditions on START and END imposed
2323 at this point (END is at least START + 1, and START is
2324 not a whitespace character). */
2325 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2328 /* FIXME: Oh, no! This is so lame! Should use realloc and
2332 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2337 list = xasprintf ("\"%s", gc_percent_escape (start));
2339 if (length < 0 || gpgrt_ferror (list_file))
2340 gc_error (1, errno, "can not read list file %s", list_filename);
2343 list_option->active = 1;
2344 list_option->value = list;
2346 /* Fix up the read-only flag. */
2347 config_option = find_option
2348 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2349 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2350 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2352 if (list_file && gpgrt_fclose (list_file))
2353 gc_error (1, errno, "error closing %s", list_filename);
2358 /* Retrieve the currently active options and their defaults from all
2359 involved backends for this component. Using -1 for component will
2360 retrieve all options from all components. */
2362 gc_component_retrieve_options (int component)
2364 int process_all = 0;
2365 int backend_seen[GC_BACKEND_NR];
2366 gc_backend_t backend;
2367 gc_option_t *option;
2369 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2370 backend_seen[backend] = 0;
2372 if (component == -1)
2376 assert (component < GC_COMPONENT_NR);
2381 if (component == GC_COMPONENT_PINENTRY)
2382 continue; /* Skip this dummy component. */
2384 option = gc_component[component].options;
2386 while (option && option->name)
2388 if (!(option->flags & GC_OPT_FLAG_GROUP))
2390 backend = option->backend;
2392 if (backend_seen[backend])
2397 backend_seen[backend] = 1;
2399 assert (backend != GC_BACKEND_ANY);
2401 if (gc_backend[backend].program)
2402 retrieve_options_from_program (component, backend);
2404 retrieve_options_from_file (component, backend);
2409 while (process_all && ++component < GC_COMPONENT_NR);
2415 /* Perform a simple validity check based on the type. Return in
2416 * NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2417 * type GC_ARG_TYPE_NONE. If VERBATIM is set the profile parsing mode
2420 option_check_validity (gc_option_t *option, unsigned long flags,
2421 char *new_value, unsigned long *new_value_nr,
2426 if (!option->active)
2427 gc_error (1, 0, "option %s not supported by backend %s",
2428 option->name, gc_backend[option->backend].name);
2430 if (option->new_flags || option->new_value)
2431 gc_error (1, 0, "option %s already changed", option->name);
2433 if (flags & GC_OPT_FLAG_DEFAULT)
2436 gc_error (1, 0, "argument %s provided for deleted option %s",
2437 new_value, option->name);
2442 /* GC_ARG_TYPE_NONE options have special list treatment. */
2443 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2447 gpg_err_set_errno (0);
2448 *new_value_nr = strtoul (new_value, &tail, 0);
2451 gc_error (1, errno, "invalid argument for option %s",
2454 gc_error (1, 0, "garbage after argument for option %s",
2457 if (!(option->flags & GC_OPT_FLAG_LIST))
2459 if (*new_value_nr != 1)
2460 gc_error (1, 0, "argument for non-list option %s of type 0 "
2461 "(none) must be 1", option->name);
2465 if (*new_value_nr == 0)
2466 gc_error (1, 0, "argument for option %s of type 0 (none) "
2467 "must be positive", option->name);
2476 if (*arg == '\0' || (*arg == ',' && !verbatim))
2478 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2479 gc_error (1, 0, "argument required for option %s", option->name);
2481 if (*arg == ',' && !verbatim && !(option->flags & GC_OPT_FLAG_LIST))
2482 gc_error (1, 0, "list found for non-list option %s", option->name);
2484 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2486 if (*arg != '"' && !verbatim)
2487 gc_error (1, 0, "string argument for option %s must begin "
2488 "with a quote (\") character", option->name);
2490 /* FIXME: We do not allow empty string arguments for now, as
2491 we do not quote arguments in configuration files, and
2492 thus no argument is indistinguishable from the empty
2494 if (arg[1] == '\0' || (arg[1] == ',' && !verbatim))
2495 gc_error (1, 0, "empty string argument for option %s is "
2496 "currently not allowed. Please report this!",
2499 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2503 gpg_err_set_errno (0);
2504 res = strtol (arg, &arg, 0);
2508 gc_error (1, errno, "invalid argument for option %s",
2511 if (*arg != '\0' && (*arg != ',' || verbatim))
2512 gc_error (1, 0, "garbage after argument for option %s",
2515 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2519 gpg_err_set_errno (0);
2520 res = strtoul (arg, &arg, 0);
2524 gc_error (1, errno, "invalid argument for option %s",
2527 if (*arg != '\0' && (*arg != ',' || verbatim))
2528 gc_error (1, 0, "garbage after argument for option %s",
2531 arg = verbatim? strchr (arg, ',') : NULL;
2535 while (arg && *arg);
2538 #ifdef HAVE_W32_SYSTEM
2540 copy_file (const char *src_name, const char *dst_name)
2542 #define BUF_LEN 4096
2543 char buffer[BUF_LEN];
2548 src = gpgrt_fopen (src_name, "r");
2552 dst = gpgrt_fopen (dst_name, "w");
2555 int saved_err = errno;
2557 gpg_err_set_errno (saved_err);
2565 len = gpgrt_fread (buffer, 1, BUF_LEN, src);
2568 written = gpgrt_fwrite (buffer, 1, len, dst);
2572 while (! gpgrt_feof (src) && ! gpgrt_ferror (src) && ! gpgrt_ferror (dst));
2574 if (gpgrt_ferror (src) || gpgrt_ferror (dst) || ! gpgrt_feof (src))
2576 int saved_errno = errno;
2580 gpg_err_set_errno (saved_errno);
2584 if (gpgrt_fclose (dst))
2585 gc_error (1, errno, "error closing %s", dst_name);
2586 if (gpgrt_fclose (src))
2587 gc_error (1, errno, "error closing %s", src_name);
2591 #endif /* HAVE_W32_SYSTEM */
2594 /* Create and verify the new configuration file for the specified
2595 * backend and component. Returns 0 on success and -1 on error. This
2596 * function may store pointers to malloced strings in SRC_FILENAMEP,
2597 * DEST_FILENAMEP, and ORIG_FILENAMEP. Those must be freed by the
2598 * caller. The strings refer to three versions of the configuration
2601 * SRC_FILENAME: The updated configuration is written to this file.
2602 * DEST_FILENAME: Name of the configuration file read by the
2604 * ORIG_FILENAME: A backup of the previous configuration file.
2606 * To apply the configuration change, rename SRC_FILENAME to
2607 * DEST_FILENAME. To revert to the previous configuration, rename
2608 * ORIG_FILENAME to DEST_FILENAME. */
2610 change_options_file (gc_component_t component, gc_backend_t backend,
2611 char **src_filenamep, char **dest_filenamep,
2612 char **orig_filenamep)
2614 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2615 /* True if we are within the marker in the config file. */
2617 gc_option_t *option;
2623 gpgrt_stream_t src_file = NULL;
2624 gpgrt_stream_t dest_file = NULL;
2626 char *dest_filename;
2627 char *orig_filename;
2629 char *cur_arg = NULL;
2631 option = find_option (component,
2632 gc_backend[backend].option_name, GC_BACKEND_ANY);
2634 assert (option->active);
2635 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2637 /* FIXME. Throughout the function, do better error reporting. */
2638 /* Note that get_config_filename() calls percent_deescape(), so we
2639 call this before processing the arguments. */
2640 dest_filename = xstrdup (get_config_filename (component, backend));
2641 src_filename = xasprintf ("%s.%s.%i.new",
2642 dest_filename, GPGCONF_NAME, (int)getpid ());
2643 orig_filename = xasprintf ("%s.%s.%i.bak",
2644 dest_filename, GPGCONF_NAME, (int)getpid ());
2646 arg = option->new_value;
2647 if (arg && arg[0] == '\0')
2654 end = strchr (arg, ',');
2658 cur_arg = percent_deescape (arg);
2668 #ifdef HAVE_W32_SYSTEM
2669 res = copy_file (dest_filename, orig_filename);
2671 res = link (dest_filename, orig_filename);
2673 if (res < 0 && errno != ENOENT)
2675 xfree (dest_filename);
2676 xfree (src_filename);
2677 xfree (orig_filename);
2682 xfree (orig_filename);
2683 orig_filename = NULL;
2686 /* We now initialize the return strings, so the caller can do the
2688 *src_filenamep = src_filename;
2689 *dest_filenamep = dest_filename;
2690 *orig_filenamep = orig_filename;
2692 /* Use open() so that we can use O_EXCL. */
2693 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2696 src_file = gpgrt_fdopen (fd, "w");
2700 gpg_err_set_errno (res);
2704 /* Only if ORIG_FILENAME is not NULL did the configuration file
2705 exist already. In this case, we will copy its content into the
2706 new configuration file, changing it to our liking in the
2710 dest_file = gpgrt_fopen (dest_filename, "r");
2712 goto change_file_one_err;
2714 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
2719 if (!strncmp (marker, line, sizeof (marker) - 1))
2728 while (*start == ' ' || *start == '\t')
2730 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2739 /* Search for the end of the line. */
2740 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2743 if (*endp && *endp != ' ' && *endp != '\t'
2744 && *endp != '\r' && *endp != '\n' && *endp != '#')
2750 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2751 || !cur_arg || strcmp (start, cur_arg))
2755 /* Find next argument. */
2761 arg_end = strchr (arg, ',');
2765 cur_arg = percent_deescape (arg);
2785 gpgrt_fprintf (src_file,
2786 "# %s disabled this option here at %s\n",
2787 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2788 if (gpgrt_ferror (src_file))
2789 goto change_file_one_err;
2790 gpgrt_fprintf (src_file, "# %s", line);
2791 if (gpgrt_ferror (src_file))
2792 goto change_file_one_err;
2797 gpgrt_fprintf (src_file, "%s", line);
2798 if (gpgrt_ferror (src_file))
2799 goto change_file_one_err;
2802 if (length < 0 || gpgrt_ferror (dest_file))
2803 goto change_file_one_err;
2808 /* There was no marker. This is the first time we edit the
2809 file. We add our own marker at the end of the file and
2810 proceed. Note that we first write a newline, this guards us
2811 against files which lack the newline at the end of the last
2812 line, while it doesn't hurt us in all other cases. */
2813 gpgrt_fprintf (src_file, "\n%s\n", marker);
2814 if (gpgrt_ferror (src_file))
2815 goto change_file_one_err;
2818 /* At this point, we have copied everything up to the end marker
2819 into the new file, except for the arguments we are going to add.
2820 Now, dump the new arguments and write the end marker, possibly
2821 followed by the rest of the original file. */
2824 gpgrt_fprintf (src_file, "%s\n", cur_arg);
2826 /* Find next argument. */
2832 end = strchr (arg, ',');
2836 cur_arg = percent_deescape (arg);
2849 gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2850 if (gpgrt_ferror (src_file))
2851 goto change_file_one_err;
2855 gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
2857 if (gpgrt_ferror (src_file))
2858 goto change_file_one_err;
2859 gpgrt_fprintf (src_file, "# It will disable options before this marked "
2860 "block, but it will\n");
2861 if (gpgrt_ferror (src_file))
2862 goto change_file_one_err;
2863 gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
2864 if (gpgrt_ferror (src_file))
2865 goto change_file_one_err;
2869 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
2871 gpgrt_fprintf (src_file, "%s", line);
2872 if (gpgrt_ferror (src_file))
2873 goto change_file_one_err;
2875 if (length < 0 || gpgrt_ferror (dest_file))
2876 goto change_file_one_err;
2881 res = gpgrt_fclose (src_file);
2887 gpgrt_fclose (dest_file);
2888 gpg_err_set_errno (res);
2894 res = gpgrt_fclose (dest_file);
2900 change_file_one_err:
2905 gpgrt_fclose (src_file);
2909 gpgrt_fclose (dest_file);
2910 gpg_err_set_errno (res);
2915 /* Create and verify the new configuration file for the specified
2916 * backend and component. Returns 0 on success and -1 on error. If
2917 * VERBATIM is set the profile mode is used. This function may store
2918 * pointers to malloced strings in SRC_FILENAMEP, DEST_FILENAMEP, and
2919 * ORIG_FILENAMEP. Those must be freed by the caller. The strings
2920 * refer to three versions of the configuration file:
2922 * SRC_FILENAME: The updated configuration is written to this file.
2923 * DEST_FILENAME: Name of the configuration file read by the
2925 * ORIG_FILENAME: A backup of the previous configuration file.
2927 * To apply the configuration change, rename SRC_FILENAME to
2928 * DEST_FILENAME. To revert to the previous configuration, rename
2929 * ORIG_FILENAME to DEST_FILENAME. */
2931 change_options_program (gc_component_t component, gc_backend_t backend,
2932 char **src_filenamep, char **dest_filenamep,
2933 char **orig_filenamep,
2936 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2937 /* True if we are within the marker in the config file. */
2939 gc_option_t *option;
2945 gpgrt_stream_t src_file = NULL;
2946 gpgrt_stream_t dest_file = NULL;
2948 char *dest_filename;
2949 char *orig_filename;
2950 /* Special hack for gpg, see below. */
2951 int utf8strings_seen = 0;
2953 /* FIXME. Throughout the function, do better error reporting. */
2954 dest_filename = xstrdup (get_config_filename (component, backend));
2955 src_filename = xasprintf ("%s.%s.%i.new",
2956 dest_filename, GPGCONF_NAME, (int)getpid ());
2957 orig_filename = xasprintf ("%s.%s.%i.bak",
2958 dest_filename, GPGCONF_NAME, (int)getpid ());
2960 #ifdef HAVE_W32_SYSTEM
2961 res = copy_file (dest_filename, orig_filename);
2963 res = link (dest_filename, orig_filename);
2965 if (res < 0 && errno != ENOENT)
2967 xfree (dest_filename);
2968 xfree (src_filename);
2969 xfree (orig_filename);
2974 xfree (orig_filename);
2975 orig_filename = NULL;
2978 /* We now initialize the return strings, so the caller can do the
2980 *src_filenamep = src_filename;
2981 *dest_filenamep = dest_filename;
2982 *orig_filenamep = orig_filename;
2984 /* Use open() so that we can use O_EXCL. */
2985 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2988 src_file = gpgrt_fdopen (fd, "w");
2992 gpg_err_set_errno (res);
2996 /* Only if ORIG_FILENAME is not NULL did the configuration file
2997 exist already. In this case, we will copy its content into the
2998 new configuration file, changing it to our liking in the
3002 dest_file = gpgrt_fopen (dest_filename, "r");
3004 goto change_one_err;
3006 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
3011 if (!strncmp (marker, line, sizeof (marker) - 1))
3018 else if (backend == GC_BACKEND_GPG && in_marker
3019 && ! strcmp ("utf8-strings\n", line))
3021 /* Strip duplicated entries. */
3022 if (utf8strings_seen)
3025 utf8strings_seen = 1;
3029 while (*start == ' ' || *start == '\t')
3031 if (*start && *start != '\r' && *start != '\n' && *start != '#')
3037 while (*end && *end != ' ' && *end != '\t'
3038 && *end != '\r' && *end != '\n' && *end != '#')
3043 option = find_option (component, start, backend);
3045 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
3046 || option->new_value))
3053 gpgrt_fprintf (src_file,
3054 "# %s disabled this option here at %s\n",
3055 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
3056 if (gpgrt_ferror (src_file))
3057 goto change_one_err;
3058 gpgrt_fprintf (src_file, "# %s", line);
3059 if (gpgrt_ferror (src_file))
3060 goto change_one_err;
3065 gpgrt_fprintf (src_file, "%s", line);
3066 if (gpgrt_ferror (src_file))
3067 goto change_one_err;
3070 if (length < 0 || gpgrt_ferror (dest_file))
3071 goto change_one_err;
3076 /* There was no marker. This is the first time we edit the
3077 file. We add our own marker at the end of the file and
3078 proceed. Note that we first write a newline, this guards us
3079 against files which lack the newline at the end of the last
3080 line, while it doesn't hurt us in all other cases. */
3081 gpgrt_fprintf (src_file, "\n%s\n", marker);
3082 if (gpgrt_ferror (src_file))
3083 goto change_one_err;
3085 /* At this point, we have copied everything up to the end marker
3086 into the new file, except for the options we are going to change.
3087 Now, dump the changed options (except for those we are going to
3088 revert to their default), and write the end marker, possibly
3089 followed by the rest of the original file. */
3091 /* We have to turn on UTF8 strings for GnuPG. */
3092 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
3093 gpgrt_fprintf (src_file, "utf8-strings\n");
3095 option = gc_component[component].options;
3096 while (option->name)
3098 if (!(option->flags & GC_OPT_FLAG_GROUP)
3099 && option->backend == backend
3100 && option->new_value)
3102 char *arg = option->new_value;
3106 if (*arg == '\0' || *arg == ',')
3108 gpgrt_fprintf (src_file, "%s\n", option->name);
3109 if (gpgrt_ferror (src_file))
3110 goto change_one_err;
3112 else if (gc_arg_type[option->arg_type].fallback
3113 == GC_ARG_TYPE_NONE)
3115 assert (*arg == '1');
3116 gpgrt_fprintf (src_file, "%s\n", option->name);
3117 if (gpgrt_ferror (src_file))
3118 goto change_one_err;
3122 else if (gc_arg_type[option->arg_type].fallback
3123 == GC_ARG_TYPE_STRING)
3129 log_assert (*arg == '"');
3132 end = strchr (arg, ',');
3139 gpgrt_fprintf (src_file, "%s %s\n", option->name,
3140 verbatim? arg : percent_deescape (arg));
3141 if (gpgrt_ferror (src_file))
3142 goto change_one_err;
3152 end = strchr (arg, ',');
3156 gpgrt_fprintf (src_file, "%s %s\n", option->name, arg);
3157 if (gpgrt_ferror (src_file))
3158 goto change_one_err;
3165 assert (arg == NULL || *arg == '\0' || *arg == ',');
3166 if (arg && *arg == ',')
3169 while (arg && *arg);
3174 gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
3175 if (gpgrt_ferror (src_file))
3176 goto change_one_err;
3180 gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
3182 if (gpgrt_ferror (src_file))
3183 goto change_one_err;
3184 gpgrt_fprintf (src_file, "# It will disable options before this marked "
3185 "block, but it will\n");
3186 if (gpgrt_ferror (src_file))
3187 goto change_one_err;
3188 gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
3189 if (gpgrt_ferror (src_file))
3190 goto change_one_err;
3194 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
3196 gpgrt_fprintf (src_file, "%s", line);
3197 if (gpgrt_ferror (src_file))
3198 goto change_one_err;
3200 if (length < 0 || gpgrt_ferror (dest_file))
3201 goto change_one_err;
3206 res = gpgrt_fclose (src_file);
3212 gpgrt_fclose (dest_file);
3213 gpg_err_set_errno (res);
3219 res = gpgrt_fclose (dest_file);
3230 gpgrt_fclose (src_file);
3234 gpgrt_fclose (dest_file);
3235 gpg_err_set_errno (res);
3240 /* Common code for gc_component_change_options and
3241 * gc_process_gpgconf_conf. If VERBATIM is set the profile parsing
3244 change_one_value (gc_option_t *option, int *runtime,
3245 unsigned long flags, char *new_value, int verbatim)
3247 unsigned long new_value_nr = 0;
3249 option_check_validity (option, flags, new_value, &new_value_nr, verbatim);
3251 if (option->flags & GC_OPT_FLAG_RUNTIME)
3252 runtime[option->backend] = 1;
3254 option->new_flags = flags;
3255 if (!(flags & GC_OPT_FLAG_DEFAULT))
3257 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
3258 && (option->flags & GC_OPT_FLAG_LIST))
3262 /* We convert the number to a list of 1's for convenient
3264 assert (new_value_nr > 0);
3265 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
3266 str = option->new_value;
3268 while (--new_value_nr > 0)
3276 option->new_value = xstrdup (new_value);
3281 /* Read the modifications from IN and apply them. If IN is NULL the
3282 modifications are expected to already have been set to the global
3283 table. If VERBATIM is set the profile mode is used. */
3285 gc_component_change_options (int component, estream_t in, estream_t out,
3290 int runtime[GC_BACKEND_NR];
3291 char *src_filename[GC_BACKEND_NR];
3292 char *dest_filename[GC_BACKEND_NR];
3293 char *orig_filename[GC_BACKEND_NR];
3294 gc_backend_t backend;
3295 gc_option_t *option;
3297 size_t line_len = 0;
3300 if (component == GC_COMPONENT_PINENTRY)
3301 return; /* Dummy component for now. */
3303 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3305 runtime[backend] = 0;
3306 src_filename[backend] = NULL;
3307 dest_filename[backend] = NULL;
3308 orig_filename[backend] = NULL;
3313 /* Read options from the file IN. */
3314 while ((length = es_read_line (in, &line, &line_len, NULL)) > 0)
3317 unsigned long flags = 0;
3318 char *new_value = "";
3320 /* Strip newline and carriage return, if present. */
3322 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3323 line[--length] = '\0';
3325 linep = strchr (line, ':');
3329 /* Extract additional flags. Default to none. */
3335 end = strchr (linep, ':');
3339 gpg_err_set_errno (0);
3340 flags = strtoul (linep, &tail, 0);
3342 gc_error (1, errno, "malformed flags in option %s", line);
3343 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3344 gc_error (1, 0, "garbage after flags in option %s", line);
3349 /* Don't allow setting of the no change flag. */
3350 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3352 /* Extract default value, if present. Default to empty if not. */
3356 end = strchr (linep, ':');
3363 option = find_option (component, line, GC_BACKEND_ANY);
3365 gc_error (1, 0, "unknown option %s", line);
3367 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3369 gc_error (0, 0, "ignoring new value for option %s",
3374 change_one_value (option, runtime, flags, new_value, 0);
3376 if (length < 0 || gpgrt_ferror (in))
3377 gc_error (1, errno, "error reading stream 'in'");
3380 /* Now that we have collected and locally verified the changes,
3381 write them out to new configuration files, verify them
3382 externally, and then commit them. */
3383 option = gc_component[component].options;
3384 while (option && option->name)
3386 /* Go on if we have already seen this backend, or if there is
3388 if (src_filename[option->backend]
3389 || !(option->new_flags || option->new_value))
3395 if (gc_backend[option->backend].program)
3397 err = change_options_program (component, option->backend,
3398 &src_filename[option->backend],
3399 &dest_filename[option->backend],
3400 &orig_filename[option->backend],
3404 /* External verification. */
3405 err = gc_component_check_options (component, out,
3406 src_filename[option->backend]);
3410 _("External verification of component %s failed"),
3411 gc_component[component].name);
3412 gpg_err_set_errno (EINVAL);
3418 err = change_options_file (component, option->backend,
3419 &src_filename[option->backend],
3420 &dest_filename[option->backend],
3421 &orig_filename[option->backend]);
3429 /* We are trying to atomically commit all changes. Unfortunately,
3430 we cannot rely on gnupg_rename_file to manage the signals for us,
3431 doing so would require us to pass NULL as BLOCK to any subsequent
3432 call to it. Instead, we just manage the signal handling
3435 gnupg_block_all_signals ();
3437 if (! err && ! opt.dry_run)
3441 for (i = 0; i < GC_BACKEND_NR; i++)
3443 if (src_filename[i])
3445 /* FIXME: Make a verification here. */
3447 assert (dest_filename[i]);
3449 if (orig_filename[i])
3450 err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
3453 #ifdef HAVE_W32_SYSTEM
3454 /* We skip the unlink if we expect the file not to
3456 err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
3457 #else /* HAVE_W32_SYSTEM */
3458 /* This is a bit safer than rename() because we
3459 expect DEST_FILENAME not to be there. If it
3460 happens to be there, this will fail. */
3461 err = link (src_filename[i], dest_filename[i]);
3463 err = unlink (src_filename[i]);
3464 #endif /* !HAVE_W32_SYSTEM */
3468 xfree (src_filename[i]);
3469 src_filename[i] = NULL;
3474 if (err || opt.dry_run)
3477 int saved_errno = errno;
3479 /* An error occurred or a dry-run is requested. */
3480 for (i = 0; i < GC_BACKEND_NR; i++)
3482 if (src_filename[i])
3484 /* The change was not yet committed. */
3485 unlink (src_filename[i]);
3486 if (orig_filename[i])
3487 unlink (orig_filename[i]);
3491 /* The changes were already committed. FIXME: This is a
3492 tad dangerous, as we don't know if we don't overwrite
3493 a version of the file that is even newer than the one
3494 we just installed. */
3495 if (orig_filename[i])
3496 gnupg_rename_file (orig_filename[i], dest_filename[i], NULL);
3498 unlink (dest_filename[i]);
3502 gc_error (1, saved_errno, "could not commit changes");
3504 /* Fall-through for dry run. */
3508 /* If it all worked, notify the daemons of the changes. */
3510 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3512 if (runtime[backend] && gc_backend[backend].runtime_change)
3513 (*gc_backend[backend].runtime_change) (0);
3516 /* Move the per-process backup file into its place. */
3517 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3518 if (orig_filename[backend])
3520 char *backup_filename;
3522 assert (dest_filename[backend]);
3524 backup_filename = xasprintf ("%s.%s.bak",
3525 dest_filename[backend], GPGCONF_NAME);
3526 gnupg_rename_file (orig_filename[backend], backup_filename, NULL);
3527 xfree (backup_filename);
3532 gnupg_unblock_all_signals ();
3534 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3536 xfree (src_filename[backend]);
3537 xfree (dest_filename[backend]);
3538 xfree (orig_filename[backend]);
3543 /* Check whether USER matches the current user of one of its group.
3544 This function may change USER. Returns true is there is a
3547 key_matches_user_or_group (char *user)
3551 if (*user == '*' && user[1] == 0)
3552 return 1; /* A single asterisk matches all users. */
3554 group = strchr (user, ':');
3558 #ifdef HAVE_W32_SYSTEM
3559 /* Under Windows we don't support groups. */
3560 if (group && *group)
3561 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3562 #ifndef HAVE_W32CE_SYSTEM
3565 static char *my_name;
3572 GetUserNameA (tmp, &size);
3573 my_name = xmalloc (size);
3574 if (!GetUserNameA (my_name, &size))
3575 gc_error (1,0, "error getting current user name: %s",
3579 if (!strcmp (user, my_name))
3580 return 1; /* Found. */
3582 #endif /*HAVE_W32CE_SYSTEM*/
3583 #else /*!HAVE_W32_SYSTEM*/
3584 /* First check whether the user matches. */
3587 static char *my_name;
3591 struct passwd *pw = getpwuid ( getuid () );
3593 gc_error (1, errno, "getpwuid failed for current user");
3594 my_name = xstrdup (pw->pw_name);
3596 if (!strcmp (user, my_name))
3597 return 1; /* Found. */
3600 /* If that failed, check whether a group matches. */
3601 if (group && *group)
3603 static char *my_group;
3604 static char **my_supgroups;
3609 struct group *gr = getgrgid ( getgid () );
3611 gc_error (1, errno, "getgrgid failed for current user");
3612 my_group = xstrdup (gr->gr_name);
3614 if (!strcmp (group, my_group))
3615 return 1; /* Found. */
3622 ngids = getgroups (0, NULL);
3623 gids = xcalloc (ngids+1, sizeof *gids);
3624 ngids = getgroups (ngids, gids);
3626 gc_error (1, errno, "getgroups failed for current user");
3627 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3628 for (n=0; n < ngids; n++)
3630 struct group *gr = getgrgid ( gids[n] );
3632 gc_error (1, errno, "getgrgid failed for supplementary group");
3633 my_supgroups[n] = xstrdup (gr->gr_name);
3638 for (n=0; my_supgroups[n]; n++)
3639 if (!strcmp (group, my_supgroups[n]))
3640 return 1; /* Found. */
3642 #endif /*!HAVE_W32_SYSTEM*/
3643 return 0; /* No match. */
3648 /* Read and process the global configuration file for gpgconf. This
3649 optional file is used to update our internal tables at runtime and
3650 may also be used to set new default values. If FNAME is NULL the
3651 default name will be used. With UPDATE set to true the internal
3652 tables are actually updated; if not set, only a syntax check is
3653 done. If DEFAULTS is true the global options are written to the
3654 configuration files. If LISTFP is set, no changes are done but the
3655 configuration file is printed to LISTFP in a colon separated format.
3657 Returns 0 on success or if the config file is not present; -1 is
3658 returned on error. */
3660 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3665 size_t line_len = 0;
3667 gpgrt_stream_t config;
3671 int runtime[GC_BACKEND_NR];
3672 int backend_id, component_id;
3676 fname = xstrdup (fname_arg);
3678 fname = make_filename (gnupg_sysconfdir (), GPGCONF_NAME EXTSEP_S "conf",
3681 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3682 runtime[backend_id] = 0;
3684 config = gpgrt_fopen (fname, "r");
3687 /* Do not print an error if the file is not available, except
3688 when running in syntax check mode. */
3689 if (errno != ENOENT || !update)
3691 gc_error (0, errno, "can not open global config file '%s'", fname);
3698 while ((length = gpgrt_read_line (config, &line, &line_len, NULL)) > 0)
3700 char *key, *component, *option, *flags, *value;
3702 gc_option_t *option_info = NULL;
3704 int is_continuation;
3708 while (*key == ' ' || *key == '\t')
3710 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3713 is_continuation = (key != line);
3715 /* Parse the key field. */
3716 if (!is_continuation && got_match)
3717 break; /* Finish after the first match. */
3718 else if (!is_continuation)
3721 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3725 gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
3734 gc_error (0, 0, "continuation but no rule at '%s', line %d",
3747 /* Parse the component. */
3748 while (*component == ' ' || *component == '\t')
3750 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3754 gc_error (0, 0, "missing component at '%s', line %d",
3762 component_id = gc_component_find (component);
3763 if (component_id < 0)
3765 gc_error (0, 0, "unknown component at '%s', line %d",
3770 /* Parse the option name. */
3771 while (*option == ' ' || *option == '\t')
3773 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3777 gc_error (0, 0, "missing option at '%s', line %d",
3784 if ( component_id != -1)
3786 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3789 gc_error (0, 0, "unknown option at '%s', line %d",
3796 /* Parse the optional flags. */
3797 while (*flags == ' ' || *flags == '\t')
3802 p = strchr (flags, ']');
3805 gc_error (0, 0, "syntax error in rule at '%s', line %d",
3813 else /* No flags given. */
3819 /* Parse the optional value. */
3820 while (*value == ' ' || *value == '\t')
3822 for (p=value; *p && !strchr ("\r\n", *p); p++)
3825 value = empty; /* No value given; let it point to an empty string. */
3828 /* Strip trailing white space. */
3830 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3834 /* Check flag combinations. */
3837 else if (!strcmp (flags, "default"))
3841 gc_error (0, 0, "flag \"default\" may not be combined "
3842 "with a value at '%s', line %d",
3847 else if (!strcmp (flags, "change"))
3849 else if (!strcmp (flags, "no-change"))
3853 gc_error (0, 0, "unknown flag at '%s', line %d",
3858 /* In list mode we print out all records. */
3859 if (listfp && !result)
3861 /* If this is a new ruleset, print a key record. */
3862 if (!is_continuation)
3864 char *group = strchr (key, ':');
3868 if ((p = strchr (group, ':')))
3869 *p = 0; /* We better strip any extra stuff. */
3872 es_fprintf (listfp, "k:%s:", gc_percent_escape (key));
3873 es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3876 /* All other lines are rule records. */
3877 es_fprintf (listfp, "r:::%s:%s:%s:",
3878 gc_component[component_id].name,
3879 option_info->name? option_info->name : "",
3882 es_fprintf (listfp, "\"%s", gc_percent_escape (value));
3884 es_putc ('\n', listfp);
3887 /* Check whether the key matches but do this only if we are not
3888 running in syntax check mode. */
3890 && !result && !listfp
3891 && (got_match || (key && key_matches_user_or_group (key))) )
3897 /* Apply the flags from gpgconf.conf. */
3900 else if (!strcmp (flags, "default"))
3901 newflags |= GC_OPT_FLAG_DEFAULT;
3902 else if (!strcmp (flags, "no-change"))
3903 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3904 else if (!strcmp (flags, "change"))
3905 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3909 /* Here we explicitly allow updating the value again. */
3912 option_info->new_flags = 0;
3916 xfree (option_info->new_value);
3917 option_info->new_value = NULL;
3919 change_one_value (option_info, runtime, newflags, value, 0);
3924 if (length < 0 || gpgrt_ferror (config))
3926 gc_error (0, errno, "error reading from '%s'", fname);
3929 if (gpgrt_fclose (config))
3930 gc_error (0, errno, "error closing '%s'", fname);
3934 /* If it all worked, process the options. */
3935 if (!result && update && defaults && !listfp)
3937 /* We need to switch off the runtime update, so that we can do
3938 it later all at once. */
3939 int save_opt_runtime = opt.runtime;
3942 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3944 gc_component_change_options (component_id, NULL, NULL, 0);
3946 opt.runtime = save_opt_runtime;
3950 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3951 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3952 (*gc_backend[backend_id].runtime_change) (0);
3962 * Apply the profile FNAME to all known configure files.
3965 gc_apply_profile (const char *fname)
3968 char *fname_buffer = NULL;
3970 size_t line_len = 0;
3974 int runtime[GC_BACKEND_NR];
3976 int component_id = -1;
3977 int skip_section = 0;
3978 int error_count = 0;
3984 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3985 runtime[backend_id] = 0;
3988 if (!(!strcmp (fname, "-")
3989 || strchr (fname, '/')
3990 #ifdef HAVE_W32_SYSTEM
3991 || strchr (fname, '\\')
3993 || strchr (fname, '.')))
3995 /* FNAME looks like a standard profile name. Check whether one
3996 * is installed and use that instead of the given file name. */
3997 fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S,
3998 fname, ".prf", NULL);
3999 if (!access (fname_buffer, F_OK))
4000 fname = fname_buffer;
4003 fp = !strcmp (fname, "-")? es_stdin : es_fopen (fname, "r");
4006 err = gpg_error_from_syserror ();
4007 log_error ("can't open '%s': %s\n", fname, gpg_strerror (err));
4012 log_info ("applying profile '%s'\n", fname);
4015 while ((length = es_read_line (fp, &line, &line_len, NULL)) > 0)
4017 char *name, *flags, *value;
4018 gc_option_t *option_info = NULL;
4023 while (*name == ' ' || *name == '\t')
4025 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
4027 trim_trailing_spaces (name);
4029 /* Check whether this is a new section. */
4034 /* New section: Get the name of the component. */
4035 p = strchr (name, ']');
4039 log_info ("%s:%d:%d: error: syntax error in section tag\n",
4040 fname, lineno, (int)(name - line));
4046 log_info ("%s:%d:%d: warning: garbage after section tag\n",
4047 fname, lineno, (int)(p - line));
4050 component_id = gc_component_find (name);
4051 if (component_id < 0)
4053 log_info ("%s:%d:%d: warning: skipping unknown section '%s'\n",
4054 fname, lineno, (int)(name - line), name );
4062 if (component_id < 0)
4065 log_info ("%s:%d:%d: error: not in a valid section\n",
4066 fname, lineno, (int)(name - line));
4071 /* Parse the option name. */
4072 for (p = name; *p && !spacep (p); p++)
4077 option_info = find_option (component_id, name, GC_BACKEND_ANY);
4081 log_info ("%s:%d:%d: error: unknown option '%s' in section '%s'\n",
4082 fname, lineno, (int)(name - line),
4083 name, gc_component[component_id].name);
4087 /* Parse the optional flags. */
4088 trim_spaces (value);
4093 p = strchr (flags, ']');
4096 log_info ("%s:%d:%d: warning: invalid flag specification\n",
4097 fname, lineno, (int)(p - line));
4102 trim_spaces (value);
4104 else /* No flags given. */
4107 /* Set required defaults. */
4108 if (gc_arg_type[option_info->arg_type].fallback == GC_ARG_TYPE_NONE
4112 /* Check and save this option. */
4114 if (flags && !strcmp (flags, "default"))
4115 newflags |= GC_OPT_FLAG_DEFAULT;
4118 option_info->new_flags = 0;
4121 xfree (option_info->new_value);
4122 option_info->new_value = NULL;
4124 change_one_value (option_info, runtime, newflags, value, 1);
4127 if (length < 0 || es_ferror (fp))
4129 err = gpg_error_from_syserror ();
4131 log_error (_("%s:%u: read error: %s\n"),
4132 fname, lineno, gpg_strerror (err));
4135 log_error (_("error closing '%s'\n"), fname);
4137 log_error (_("error parsing '%s'\n"), fname);
4141 /* If it all worked, process the options. */
4144 /* We need to switch off the runtime update, so that we can do
4145 it later all at once. */
4146 int save_opt_runtime = opt.runtime;
4149 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
4151 gc_component_change_options (component_id, NULL, NULL, 1);
4153 opt.runtime = save_opt_runtime;
4157 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
4158 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
4159 (*gc_backend[backend_id].runtime_change) (0);
4163 xfree (fname_buffer);