1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GnuPG; if not, see <http://www.gnu.org/licenses/>.
28 #include <sys/types.h>
35 #ifdef HAVE_W32_SYSTEM
36 # define WIN32_LEAN_AND_MEAN 1
43 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
44 #define JNLIB_NEED_LOG_LOGV
49 #include "gc-opt-flags.h"
53 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
54 returns a plain filename without escaping. As long as we have not
55 fixed that we need to use gpg2 - it might actually be better to use
57 #ifdef HAVE_W32_SYSTEM
58 #define GPGNAME "gpg2"
65 Components: Add more components and their options.
66 Robustness: Do more validation. Call programs to do validation for us.
67 Add options to change backend binary path.
68 Extract binary path for some backends from gpgsm/gpg config.
72 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
73 void gc_error (int status, int errnum, const char *fmt, ...) \
74 __attribute__ ((format (printf, 3, 4)));
77 /* Output a diagnostic message. If ERRNUM is not 0, then the output
78 is followed by a colon, a white space, and the error string for the
79 error number ERRNUM. In any case the output is finished by a
80 newline. The message is prepended by the program name, a colon,
81 and a whitespace. The output may be further formatted or
82 redirected by the jnlib logging facility. */
84 gc_error (int status, int errnum, const char *fmt, ...)
88 va_start (arg_ptr, fmt);
89 log_logv (JNLIB_LOG_ERROR, fmt, arg_ptr);
93 log_printf (": %s\n", strerror (errnum));
100 log_printf ("fatal error (exit status %i)\n", status);
106 /* Forward declaration. */
107 static void gpg_agent_runtime_change (void);
108 static void scdaemon_runtime_change (void);
110 /* Backend configuration. Backends are used to decide how the default
111 and current value of an option can be determined, and how the
112 option can be changed. To every option in every component belongs
113 exactly one backend that controls and determines the option. Some
114 backends are programs from the GPG system. Others might be
115 implemented by GPGConf itself. If you change this enum, don't
116 forget to update GC_BACKEND below. */
119 /* Any backend, used for find_option (). */
122 /* The Gnu Privacy Guard. */
125 /* The Gnu Privacy Guard for S/MIME. */
129 GC_BACKEND_GPG_AGENT,
131 /* The GnuPG SCDaemon. */
134 /* The Aegypten directory manager. */
137 /* The LDAP server list file for the Aegypten director manager. */
138 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
140 /* The number of the above entries. */
145 /* To be able to implement generic algorithms for the various
146 backends, we collect all information about them in this struct. */
149 /* The name of the backend. */
152 /* The name of the program that acts as the backend. Some backends
153 don't have an associated program, but are implemented directly by
154 GPGConf. In this case, PROGRAM is NULL. */
157 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
158 ../common/util.h. This value is used to get the actual installed
159 path of the program. 0 is used if no backedn program is
163 /* The runtime change callback. */
164 void (*runtime_change) (void);
166 /* The option name for the configuration filename of this backend.
167 This must be an absolute filename. It can be an option from a
168 different backend (but then ordering of the options might
169 matter). Note: This must be unique among all components. */
170 const char *option_config_filename;
172 /* If this is a file backend rather than a program backend, then
173 this is the name of the option associated with the file. */
174 const char *option_name;
175 } gc_backend[GC_BACKEND_NR] =
177 { NULL }, /* GC_BACKEND_ANY dummy entry. */
178 { "GnuPG", GPGNAME, GNUPG_MODULE_NAME_GPG,
179 NULL, "gpgconf-gpg.conf" },
180 { "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM,
181 NULL, "gpgconf-gpgsm.conf" },
182 { "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT,
183 gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" },
184 { "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON,
185 scdaemon_runtime_change, "gpgconf-scdaemon.conf" },
186 { "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR,
187 NULL, "gpgconf-dirmngr.conf" },
188 { "DirMngr LDAP Server List", NULL, 0,
189 NULL, "ldapserverlist-file", "LDAP Server" },
193 /* Option configuration. */
195 /* An option might take an argument, or not. Argument types can be
196 basic or complex. Basic types are generic and easy to validate.
197 Complex types provide more specific information about the intended
198 use, but can be difficult to validate. If you add to this enum,
199 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
200 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
204 /* Basic argument types. */
207 GC_ARG_TYPE_NONE = 0,
209 /* A String argument. */
210 GC_ARG_TYPE_STRING = 1,
212 /* A signed integer argument. */
213 GC_ARG_TYPE_INT32 = 2,
215 /* An unsigned integer argument. */
216 GC_ARG_TYPE_UINT32 = 3,
218 /* ADD NEW BASIC TYPE ENTRIES HERE. */
220 /* Complex argument types. */
222 /* A complete filename. */
223 GC_ARG_TYPE_FILENAME = 32,
225 /* An LDAP server in the format
226 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
227 GC_ARG_TYPE_LDAP_SERVER = 33,
229 /* A 40 character fingerprint. */
230 GC_ARG_TYPE_KEY_FPR = 34,
232 /* A user ID or key ID or fingerprint for a certificate. */
233 GC_ARG_TYPE_PUB_KEY = 35,
235 /* A user ID or key ID or fingerprint for a certificate with a key. */
236 GC_ARG_TYPE_SEC_KEY = 36,
238 /* A alias list made up of a key, an equal sign and a space
239 separated list of values. */
240 GC_ARG_TYPE_ALIAS_LIST = 37,
242 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
244 /* The number of the above entries. */
249 /* For every argument, we record some information about it in the
253 /* For every argument type exists a basic argument type that can be
254 used as a fallback for input and validation purposes. */
255 gc_arg_type_t fallback;
257 /* Human-readable name of the type. */
259 } gc_arg_type[GC_ARG_TYPE_NR] =
261 /* The basic argument types have their own types as fallback. */
262 { GC_ARG_TYPE_NONE, "none" },
263 { GC_ARG_TYPE_STRING, "string" },
264 { GC_ARG_TYPE_INT32, "int32" },
265 { GC_ARG_TYPE_UINT32, "uint32" },
267 /* Reserved basic type entries for future extension. */
268 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
269 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
270 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
271 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
272 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
273 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
274 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
275 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 /* The complex argument types have a basic type as fallback. */
284 { GC_ARG_TYPE_STRING, "filename" },
285 { GC_ARG_TYPE_STRING, "ldap server" },
286 { GC_ARG_TYPE_STRING, "key fpr" },
287 { GC_ARG_TYPE_STRING, "pub key" },
288 { GC_ARG_TYPE_STRING, "sec key" },
289 { GC_ARG_TYPE_STRING, "alias list" },
293 /* Every option has an associated expert level, than can be used to
294 hide advanced and expert options from beginners. If you add to
295 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
296 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
297 EXTERNAL INTERFACE. */
300 /* The basic options should always be displayed. */
303 /* The advanced options may be hidden from beginners. */
306 /* The expert options should only be displayed to experts. */
309 /* The invisible options should normally never be displayed. */
312 /* The internal options are never exported, they mark options that
313 are recorded for internal use only. */
316 /* ADD NEW ENTRIES HERE. */
318 /* The number of the above entries. */
322 /* A description for each expert level. */
336 /* Option flags. The flags which are used by the backends are defined
337 by gc-opt-flags.h, included above.
339 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
340 PART OF THE EXTERNAL INTERFACE. */
342 /* Some entries in the option list are not options, but mark the
343 beginning of a new group of options. These entries have the GROUP
345 #define GC_OPT_FLAG_GROUP (1UL << 0)
346 /* The ARG_OPT flag for an option indicates that the argument is
347 optional. This is never set for GC_ARG_TYPE_NONE options. */
348 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
349 /* The LIST flag for an option indicates that the option can occur
350 several times. A comma separated list of arguments is used as the
352 #define GC_OPT_FLAG_LIST (1UL << 2)
353 /* The NO_CHANGE flag for an option indicates that the user should not
354 be allowed to change this option using the standard gpgconf method.
355 Frontends using gpgconf should grey out such options, so that only
356 the current value is displayed. */
357 #define GC_OPT_FLAG_NO_CHANGE (1UL <<7)
360 /* A human-readable description for each flag. */
377 /* To each option, or group marker, the information in the GC_OPTION
378 struct is provided. If you change this, don't forget to update the
379 option list of each component. */
382 /* If this is NULL, then this is a terminator in an array of unknown
383 length. Otherwise, if this entry is a group marker (see FLAGS),
384 then this is the name of the group described by this entry.
385 Otherwise it is the name of the option described by this
386 entry. The name must not contain a colon. */
389 /* The option flags. If the GROUP flag is set, then this entry is a
390 group marker, not an option, and only the fields LEVEL,
391 DESC_DOMAIN and DESC are valid. In all other cases, this entry
392 describes a new option and all fields are valid. */
395 /* The expert level. This field is valid for options and groups. A
396 group has the expert level of the lowest-level option in the
398 gc_expert_level_t level;
400 /* A gettext domain in which the following description can be found.
401 If this is NULL, then DESC is not translated. Valid for groups
404 Note that we try to keep the description of groups within the
407 IMPORTANT: If you add a new domain please make sure to add a code
408 set switching call to the function my_dgettext further below. */
409 const char *desc_domain;
411 /* A gettext description for this group or option. If it starts
412 with a '|', then the string up to the next '|' describes the
413 argument, and the description follows the second '|'.
415 In general enclosing these description in N_() is not required
416 because the description should be identical to the one in the
417 help menu of the respective program. */
420 /* The following fields are only valid for options. */
422 /* The type of the option argument. */
423 gc_arg_type_t arg_type;
425 /* The backend that implements this option. */
426 gc_backend_t backend;
428 /* The following fields are set to NULL at startup (because all
429 option's are declared as static variables). They are at the end
430 of the list so that they can be omitted from the option
433 /* This is true if the option is supported by this version of the
437 /* The default value for this option. This is NULL if the option is
438 not present in the backend, the empty string if no default is
439 available, and otherwise a quoted string. */
442 /* The default argument is only valid if the "optional arg" flag is
443 set, and specifies the default argument (value) that is used if
444 the argument is omitted. */
447 /* The current value of this option. */
450 /* The new flags for this option. The only defined flag is actually
451 GC_OPT_FLAG_DEFAULT, and it means that the option should be
452 deleted. In this case, NEW_VALUE is NULL. */
453 unsigned long new_flags;
455 /* The new value of this option. */
458 typedef struct gc_option gc_option_t;
460 /* Use this macro to terminate an option list. */
461 #define GC_OPTION_NULL { NULL }
464 /* The options of the GC_COMPONENT_GPG_AGENT component. */
465 static gc_option_t gc_options_gpg_agent[] =
467 /* The configuration file to which we write the changes. */
468 { "gpgconf-gpg-agent.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
469 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
472 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
473 "gnupg", N_("Options controlling the diagnostic output") },
474 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
476 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
477 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
478 "gnupg", "be somewhat more quiet",
479 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
480 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
482 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
485 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
486 "gnupg", N_("Options controlling the configuration") },
487 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
488 "gnupg", "|FILE|read options from FILE",
489 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
490 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
491 "gnupg", "do not use the SCdaemon",
492 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
493 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
494 "gnupg", "enable ssh support",
495 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
496 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
497 "gnupg", "enable putty support",
498 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
501 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
502 "gnupg", N_("Options useful for debugging") },
503 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
504 "gnupg", "|LEVEL|set the debugging level to LEVEL",
505 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
506 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
507 "gnupg", N_("|FILE|write server mode logs to FILE"),
508 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
509 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
511 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
514 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
515 "gnupg", N_("Options controlling the security") },
516 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
517 GC_LEVEL_BASIC, "gnupg",
518 "|N|expire cached PINs after N seconds",
519 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
520 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
521 GC_LEVEL_ADVANCED, "gnupg",
522 N_("|N|expire SSH keys after N seconds"),
523 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
524 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
525 GC_LEVEL_EXPERT, "gnupg",
526 N_("|N|set maximum PIN cache lifetime to N seconds"),
527 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
528 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
529 GC_LEVEL_EXPERT, "gnupg",
530 N_("|N|set maximum SSH key lifetime to N seconds"),
531 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
532 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
533 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
534 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
535 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
536 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
537 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
538 { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
539 "gnupg", "do not grab keyboard and mouse",
540 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
542 { "Passphrase policy",
543 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
544 "gnupg", N_("Options enforcing a passphrase policy") },
545 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
546 GC_LEVEL_EXPERT, "gnupg",
547 N_("do not allow to bypass the passphrase policy"),
548 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
549 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
550 GC_LEVEL_ADVANCED, "gnupg",
551 N_("|N|set minimal required length for new passphrases to N"),
552 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
553 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
554 GC_LEVEL_EXPERT, "gnupg",
555 N_("|N|require at least N non-alpha characters for a new passphrase"),
556 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
557 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
559 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
560 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
561 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
562 GC_LEVEL_EXPERT, "gnupg",
563 N_("|N|expire the passphrase after N days"),
564 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
565 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
566 GC_LEVEL_EXPERT, "gnupg",
567 N_("do not allow the reuse of old passphrases"),
568 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
574 /* The options of the GC_COMPONENT_SCDAEMON component. */
575 static gc_option_t gc_options_scdaemon[] =
577 /* The configuration file to which we write the changes. */
578 { "gpgconf-scdaemon.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
579 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
582 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
583 "gnupg", N_("Options controlling the diagnostic output") },
584 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
586 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
587 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
588 "gnupg", "be somewhat more quiet",
589 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
590 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
592 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
595 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
596 "gnupg", N_("Options controlling the configuration") },
597 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
598 "gnupg", "|FILE|read options from FILE",
599 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
600 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
601 "gnupg", "|N|connect to reader at port N",
602 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
603 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
604 "gnupg", "|NAME|use NAME as ct-API driver",
605 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
606 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
607 "gnupg", "|NAME|use NAME as PC/SC driver",
608 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
609 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
610 "gnupg", "do not use the internal CCID driver",
611 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
612 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
613 "gnupg", "do not use a reader's pinpad",
614 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
615 { "enable-pinpad-varlen",
616 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
617 "gnupg", "use variable length input for pinpad",
618 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
619 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
620 "gnupg", "|N|disconnect the card after N seconds of inactivity",
621 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
624 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
625 "gnupg", N_("Options useful for debugging") },
626 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
627 "gnupg", "|LEVEL|set the debugging level to LEVEL",
628 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
629 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
630 "gnupg", N_("|FILE|write a log to FILE"),
631 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
634 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
635 "gnupg", N_("Options controlling the security") },
636 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
637 "gnupg", "deny the use of admin card commands",
638 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
645 /* The options of the GC_COMPONENT_GPG component. */
646 static gc_option_t gc_options_gpg[] =
648 /* The configuration file to which we write the changes. */
649 { "gpgconf-gpg.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
650 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
653 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
654 "gnupg", N_("Options controlling the diagnostic output") },
655 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
657 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
658 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
659 "gnupg", "be somewhat more quiet",
660 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
661 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
663 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
666 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
667 "gnupg", N_("Options controlling the configuration") },
668 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
669 "gnupg", N_("|NAME|use NAME as default secret key"),
670 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
671 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
672 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
673 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
674 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
675 "gnupg", N_("|SPEC|set up email aliases"),
676 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
677 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
678 "gnupg", "|FILE|read options from FILE",
679 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
682 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
683 "gnupg", N_("Options useful for debugging") },
684 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
685 "gnupg", "|LEVEL|set the debugging level to LEVEL",
686 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
687 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
688 "gnupg", N_("|FILE|write server mode logs to FILE"),
689 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
690 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
692 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
695 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
696 "gnupg", N_("Configuration for Keyservers") },
697 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
698 "gnupg", N_("|URL|use keyserver at URL"),
699 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
700 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
701 "gnupg", N_("allow PKA lookups (DNS requests)"),
702 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
703 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
704 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
705 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
713 /* The options of the GC_COMPONENT_GPGSM component. */
714 static gc_option_t gc_options_gpgsm[] =
716 /* The configuration file to which we write the changes. */
717 { "gpgconf-gpgsm.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
718 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
721 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
722 "gnupg", N_("Options controlling the diagnostic output") },
723 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
725 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
726 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
727 "gnupg", "be somewhat more quiet",
728 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
729 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
731 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
734 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
735 "gnupg", N_("Options controlling the configuration") },
736 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
737 "gnupg", N_("|NAME|use NAME as default secret key"),
738 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
739 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
740 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
741 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
742 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
743 "gnupg", "|FILE|read options from FILE",
744 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
745 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
746 "gnupg", "use system's dirmngr if available",
747 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
748 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
749 "gnupg", N_("disable all access to the dirmngr"),
750 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
751 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
752 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
753 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
754 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
755 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
756 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
759 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
760 "gnupg", N_("Options useful for debugging") },
761 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
762 "gnupg", "|LEVEL|set the debugging level to LEVEL",
763 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
764 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
765 "gnupg", N_("|FILE|write server mode logs to FILE"),
766 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
767 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
769 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
772 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
773 "gnupg", N_("Options controlling the security") },
774 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
775 "gnupg", "never consult a CRL",
776 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
777 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
778 "gnupg", N_("do not check CRLs for root certificates"),
779 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
780 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
781 "gnupg", "check validity using OCSP",
782 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
783 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
784 "gnupg", "|N|number of certificates to include",
785 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
786 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
787 "gnupg", "do not check certificate policies",
788 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
789 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
790 "gnupg", "fetch missing issuer certificates",
791 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
792 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
793 "gnupg", "|NAME|use cipher algorithm NAME",
794 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
800 /* The options of the GC_COMPONENT_DIRMNGR component. */
801 static gc_option_t gc_options_dirmngr[] =
803 /* The configuration file to which we write the changes. */
804 { "gpgconf-dirmngr.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
805 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
808 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
809 "gnupg", N_("Options controlling the diagnostic output") },
810 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
811 "dirmngr", "verbose",
812 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
813 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
814 "dirmngr", "be somewhat more quiet",
815 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
816 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
818 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
821 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
822 "gnupg", N_("Options controlling the format of the output") },
823 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
824 "dirmngr", "sh-style command output",
825 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
826 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
827 "dirmngr", "csh-style command output",
828 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
831 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
832 "gnupg", N_("Options controlling the configuration") },
833 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
834 "dirmngr", "|FILE|read options from FILE",
835 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
838 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
839 "gnupg", N_("Options useful for debugging") },
840 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
841 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
842 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
843 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
844 "dirmngr", "do not detach from the console",
845 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
846 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
847 "dirmngr", N_("|FILE|write server mode logs to FILE"),
848 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
849 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
851 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
852 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
854 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
857 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
858 "gnupg", N_("Options controlling the interactivity and enforcement") },
859 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
860 "dirmngr", "run without asking a user",
861 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
862 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
863 "dirmngr", "force loading of outdated CRLs",
864 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
867 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
868 "gnupg", N_("Configuration for HTTP servers") },
869 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
870 "dirmngr", "inhibit the use of HTTP",
871 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
872 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
873 "dirmngr", "ignore HTTP CRL distribution points",
874 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
875 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
876 "dirmngr", "|URL|redirect all HTTP requests to URL",
877 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
878 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
879 "gnupg", N_("use system's HTTP proxy setting"),
880 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
883 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
884 "gnupg", N_("Configuration of LDAP servers to use") },
885 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
886 "dirmngr", "inhibit the use of LDAP",
887 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
888 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
889 "dirmngr", "ignore LDAP CRL distribution points",
890 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
891 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
892 "dirmngr", "|HOST|use HOST for LDAP queries",
893 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
894 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
895 "dirmngr", "do not use fallback hosts with --ldap-proxy",
896 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
897 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
898 "dirmngr", "add new servers discovered in CRL distribution points"
899 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
900 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
901 "dirmngr", "|N|set LDAP timeout to N seconds",
902 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
903 /* The following entry must not be removed, as it is required for
904 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
905 { "ldapserverlist-file",
906 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
907 "dirmngr", "|FILE|read LDAP server list from FILE",
908 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
909 /* This entry must come after at least one entry for
910 GC_BACKEND_DIRMNGR in this component, so that the entry for
911 "ldapserverlist-file will be initialized before this one. */
912 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
913 "gnupg", N_("LDAP server list"),
914 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
915 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
916 "dirmngr", "|N|do not return more than N items in one query",
917 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
920 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
921 "gnupg", N_("Configuration for OCSP") },
922 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
923 "dirmngr", "allow sending OCSP requests",
924 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
925 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
926 "dirmngr", "ignore certificate contained OCSP service URLs",
927 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
928 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
929 "dirmngr", "|URL|use OCSP responder at URL",
930 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
931 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
932 "dirmngr", "|FPR|OCSP response signed by FPR",
933 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
940 /* Component system. Each component is a set of options that can be
941 configured at the same time. If you change this, don't forget to
942 update GC_COMPONENT below. */
945 /* The classic GPG for OpenPGP. */
949 GC_COMPONENT_GPG_AGENT,
951 /* The Smardcard Daemon. */
952 GC_COMPONENT_SCDAEMON,
954 /* GPG for S/MIME. */
957 /* The LDAP Directory Manager for CRLs. */
958 GC_COMPONENT_DIRMNGR,
960 /* The number of components. */
965 /* The information associated with each component. */
968 /* The name of this component. Must not contain a colon (':')
972 /* The gettext domain for the description DESC. If this is NULL,
973 then the description is not translated. */
974 const char *desc_domain;
976 /* The description for this domain. */
979 /* The list of options for this component, terminated by
981 gc_option_t *options;
984 { "gpg", NULL, "GPG for OpenPGP", gc_options_gpg },
985 { "gpg-agent", NULL, "GPG Agent", gc_options_gpg_agent },
986 { "scdaemon", NULL, "Smartcard Daemon", gc_options_scdaemon },
987 { "gpgsm", NULL, "GPG for S/MIME", gc_options_gpgsm },
988 { "dirmngr", NULL, "Directory Manager", gc_options_dirmngr }
993 /* Structure used to collect error output of the backend programs. */
995 typedef struct error_line_s *error_line_t;
998 error_line_t next; /* Link to next item. */
999 const char *fname; /* Name of the config file (points into BUFFER). */
1000 unsigned int lineno; /* Line number of the config file. */
1001 const char *errtext; /* Text of the error message (points into BUFFER). */
1002 char buffer[1]; /* Helper buffer. */
1007 /* Engine specific support. */
1009 gpg_agent_runtime_change (void)
1011 #ifndef HAVE_W32_SYSTEM
1012 char *agent = getenv ("GPG_AGENT_INFO");
1014 unsigned long pid_long;
1021 pid_str = strchr (agent, ':');
1027 pid_long = strtoul (pid_str, &tail, 0);
1028 if (errno || (*tail != ':' && *tail != '\0'))
1031 pid = (pid_t) pid_long;
1033 /* Check for overflow. */
1034 if (pid_long != (unsigned long) pid)
1037 /* Ignore any errors here. */
1041 const char *pgmname;
1042 const char *argv[2];
1045 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1046 argv[0] = "reloadagent";
1049 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1051 err = gnupg_wait_process (pgmname, pid, NULL);
1053 gc_error (0, 0, "error running `%s%s': %s",
1054 pgmname, " reloadagent", gpg_strerror (err));
1055 #endif /*!HAVE_W32_SYSTEM*/
1060 scdaemon_runtime_change (void)
1063 const char *pgmname;
1064 const char *argv[6];
1067 /* We use "GETINFO app_running" to see whether the agent is already
1068 running and kill it only in this case. This avoids an explicit
1069 starting of the agent in case it is not yet running. There is
1070 obviously a race condition but that should not harm too much. */
1072 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1074 argv[1] = "GETINFO scd_running";
1075 argv[2] = "/if ${! $?}";
1076 argv[3] = "scd killscd";
1080 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1082 err = gnupg_wait_process (pgmname, pid, NULL);
1084 gc_error (0, 0, "error running `%s%s': %s",
1085 pgmname, " scd killscd", gpg_strerror (err));
1089 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1091 gc_component_reload (int component)
1093 int runtime[GC_BACKEND_NR];
1094 gc_option_t *option;
1095 gc_backend_t backend;
1097 /* Set a flag for the backends to be reloaded. */
1098 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1099 runtime[backend] = 0;
1101 if (component == -1)
1103 for (component = 0; component < GC_COMPONENT_NR; component++)
1105 option = gc_component[component].options;
1106 for (; option && option->name; option++)
1107 runtime[option->backend] = 1;
1112 assert (component < GC_COMPONENT_NR);
1113 option = gc_component[component].options;
1114 for (; option && option->name; option++)
1115 runtime[option->backend] = 1;
1118 /* Do the reload for all selected backends. */
1119 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1121 if (runtime[backend] && gc_backend[backend].runtime_change)
1122 (*gc_backend[backend].runtime_change) ();
1128 /* More or less Robust version of dgettext. It has the side effect of
1129 switching the codeset to utf-8 because this is what we want to
1130 output. In theory it is posible to keep the orginal code set and
1131 switch back for regular disgnostic output (redefine "_(" for that)
1132 but given the natur of this tool, being something invoked from
1133 other pograms, it does not make much sense. */
1135 my_dgettext (const char *domain, const char *msgid)
1137 #ifdef USE_SIMPLE_GETTEXT
1140 static int switched_codeset;
1143 if (!switched_codeset)
1145 switched_codeset = 1;
1146 gettext_select_utf8 (1);
1149 if (!strcmp (domain, "gnupg"))
1150 domain = PACKAGE_GT;
1152 /* FIXME: we have no dgettext, thus we can't switch. */
1154 text = (char*)gettext (msgid);
1155 return text ? text : msgid;
1157 #elif defined(ENABLE_NLS)
1160 static int switched_codeset;
1163 if (!switched_codeset)
1165 switched_codeset = 1;
1166 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1168 bindtextdomain ("dirmngr", LOCALEDIR);
1169 bind_textdomain_codeset ("dirmngr", "utf-8");
1173 /* Note: This is a hack to actually use the gnupg2 domain as
1174 long we are in a transition phase where gnupg 1.x and 1.9 may
1176 if (!strcmp (domain, "gnupg"))
1177 domain = PACKAGE_GT;
1179 text = dgettext (domain, msgid);
1180 return text ? text : msgid;
1188 /* Percent-Escape special characters. The string is valid until the
1189 next invocation of the function. */
1191 gc_percent_escape (const char *src)
1193 static char *esc_str;
1194 static int esc_str_len;
1195 int new_len = 3 * strlen (src) + 1;
1198 if (esc_str_len < new_len)
1200 char *new_esc_str = realloc (esc_str, new_len);
1202 gc_error (1, errno, "can not escape string");
1203 esc_str = new_esc_str;
1204 esc_str_len = new_len;
1216 else if (*src == ':')
1218 /* The colon is used as field separator. */
1223 else if (*src == ',')
1225 /* The comma is used as list separator. */
1240 /* Percent-Deescape special characters. The string is valid until the
1241 next invocation of the function. */
1243 percent_deescape (const char *src)
1247 int new_len = 3 * strlen (src) + 1;
1250 if (str_len < new_len)
1252 char *new_str = realloc (str, new_len);
1254 gc_error (1, errno, "can not deescape string");
1264 int val = hextobyte (src + 1);
1267 gc_error (1, 0, "malformed end of string %s", src);
1269 *(dst++) = (char) val;
1273 *(dst++) = *(src++);
1280 /* List all components that are available. */
1282 gc_component_list_components (FILE *out)
1284 gc_component_t component;
1285 gc_option_t *option;
1286 gc_backend_t backend;
1287 int backend_seen[GC_BACKEND_NR];
1289 const char *pgmname;
1291 for (component = 0; component < GC_COMPONENT_NR; component++)
1293 option = gc_component[component].options;
1296 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1297 backend_seen[backend] = 0;
1300 for (; option && option->name; option++)
1302 if ((option->flags & GC_OPT_FLAG_GROUP))
1304 backend = option->backend;
1305 if (backend_seen[backend])
1307 backend_seen[backend] = 1;
1308 assert (backend != GC_BACKEND_ANY);
1309 if (gc_backend[backend].program
1310 && !gc_backend[backend].module_name)
1312 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1316 desc = gc_component[component].desc;
1317 desc = my_dgettext (gc_component[component].desc_domain, desc);
1318 fprintf (out, "%s:%s:",
1319 gc_component[component].name, gc_percent_escape (desc));
1320 fprintf (out, "%s\n", gc_percent_escape (pgmname));
1328 all_digits_p (const char *p, size_t len)
1332 for (; len; len--, p++)
1333 if (!isascii (*p) || !isdigit (*p))
1335 return 1; /* Yes. */
1339 /* Collect all error lines from file descriptor FD. Only lines
1340 prefixed with TAG are considered. Close that file descriptor
1341 then. Returns a list of error line items (which may be empty).
1342 There is no error return. */
1344 collect_error_output (int fd, const char *tag)
1351 error_line_t eitem, errlines, *errlines_tail;
1352 size_t taglen = strlen (tag);
1354 fp = fdopen (fd, "r");
1356 gc_error (1, errno, "can't fdopen pipe for reading");
1359 errlines_tail = &errlines;
1362 while ((c=getc (fp)) != EOF)
1365 if (pos >= sizeof buffer - 5 || c == '\n')
1367 buffer[pos - (c == '\n')] = 0;
1369 ; /*Ignore continuations of previous line. */
1370 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1372 /* "gpgsm: foo:4: bla" */
1373 /* Yep, we are interested in this line. */
1374 p = buffer + taglen + 1;
1375 while (*p == ' ' || *p == '\t')
1378 ; /* Empty lines are ignored. */
1379 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1380 && all_digits_p (p2+1, p3 - (p2+1)))
1382 /* Line in standard compiler format. */
1384 while (*p3 == ' ' || *p3 == '\t')
1386 eitem = xmalloc (sizeof *eitem + strlen (p));
1388 strcpy (eitem->buffer, p);
1389 eitem->fname = eitem->buffer;
1390 eitem->buffer[p2-p] = 0;
1391 eitem->errtext = eitem->buffer + (p3 - p);
1392 /* (we already checked that there are only ascii
1393 digits followed by a colon) */
1395 for (p2++; isdigit (*p2); p2++)
1396 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1397 *errlines_tail = eitem;
1398 errlines_tail = &eitem->next;
1402 /* Other error output. */
1403 eitem = xmalloc (sizeof *eitem + strlen (p));
1405 strcpy (eitem->buffer, p);
1406 eitem->fname = NULL;
1407 eitem->errtext = eitem->buffer;
1409 *errlines_tail = eitem;
1410 errlines_tail = &eitem->next;
1414 /* If this was not a complete line mark that we are in a
1416 cont_line = (c != '\n');
1420 /* We ignore error lines not terminated by a LF. */
1427 /* Check the options of a single component. Returns 0 if everything
1430 gc_component_check_options (int component, FILE *out, const char *conf_file)
1433 unsigned int result;
1434 int backend_seen[GC_BACKEND_NR];
1435 gc_backend_t backend;
1436 gc_option_t *option;
1437 const char *pgmname;
1438 const char *argv[4];
1443 error_line_t errlines;
1445 /* We use a temporary file to collect the error output. It would be
1446 better to use a pipe here but as of now we have no suitable
1447 fucntion to create a portable pipe outside of exechelp. Thus it
1448 is easier to use the tempfile approach. */
1450 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1451 backend_seen[backend] = 0;
1453 option = gc_component[component].options;
1454 for (; option && option->name; option++)
1456 if ((option->flags & GC_OPT_FLAG_GROUP))
1458 backend = option->backend;
1459 if (backend_seen[backend])
1461 backend_seen[backend] = 1;
1462 assert (backend != GC_BACKEND_ANY);
1463 if (!gc_backend[backend].program)
1465 if (!gc_backend[backend].module_name)
1470 if (! option || ! option->name)
1473 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1477 argv[i++] = "--options";
1478 argv[i++] = conf_file;
1480 argv[i++] = "--gpgconf-test";
1483 err = gnupg_create_inbound_pipe (filedes);
1485 gc_error (1, 0, _("error creating a pipe: %s\n"),
1486 gpg_strerror (err));
1490 if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
1494 result |= 1; /* Program could not be run. */
1499 errlines = collect_error_output (filedes[0],
1500 gc_component[component].name);
1501 if (gnupg_wait_process (pgmname, pid, &exitcode))
1504 result |= 1; /* Program could not be run or it
1505 terminated abnormally. */
1506 result |= 2; /* Program returned an error. */
1510 /* If the program could not be run, we can't tell whether
1511 the config file is good. */
1518 error_line_t errptr;
1520 desc = gc_component[component].desc;
1521 desc = my_dgettext (gc_component[component].desc_domain, desc);
1522 fprintf (out, "%s:%s:",
1523 gc_component[component].name, gc_percent_escape (desc));
1524 fputs (gc_percent_escape (pgmname), out);
1525 fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1526 for (errptr = errlines; errptr; errptr = errptr->next)
1528 if (errptr != errlines)
1529 fputs ("\n:::::", out); /* Continuation line. */
1531 fputs (gc_percent_escape (errptr->fname), out);
1534 fprintf (out, "%u", errptr->lineno);
1536 fputs (gc_percent_escape (errptr->errtext), out);
1544 error_line_t tmp = errlines->next;
1553 /* Check all components that are available. */
1555 gc_check_programs (FILE *out)
1557 gc_component_t component;
1559 for (component = 0; component < GC_COMPONENT_NR; component++)
1560 gc_component_check_options (component, out, NULL);
1565 /* Find the component with the name NAME. Returns -1 if not
1568 gc_component_find (const char *name)
1572 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1574 if (gc_component[idx].options
1575 && !strcmp (name, gc_component[idx].name))
1582 /* List the option OPTION. */
1584 list_one_option (const gc_option_t *option, FILE *out)
1586 const char *desc = NULL;
1587 char *arg_name = NULL;
1591 desc = my_dgettext (option->desc_domain, option->desc);
1595 const char *arg_tail = strchr (&desc[1], '|');
1599 int arg_len = arg_tail - &desc[1];
1600 arg_name = xmalloc (arg_len + 1);
1601 memcpy (arg_name, &desc[1], arg_len);
1602 arg_name[arg_len] = '\0';
1603 desc = arg_tail + 1;
1609 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1610 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1613 /* The name field. */
1614 fprintf (out, "%s", option->name);
1616 /* The flags field. */
1617 fprintf (out, ":%lu", option->flags);
1623 fprintf (out, "none");
1626 unsigned long flags = option->flags;
1627 unsigned long flag = 0;
1628 unsigned long first = 1;
1638 fprintf (out, "%s", gc_flag[flag].name);
1646 /* The level field. */
1647 fprintf (out, ":%u", option->level);
1649 fprintf (out, " %s", gc_level[option->level].name);
1651 /* The description field. */
1652 fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1654 /* The type field. */
1655 fprintf (out, ":%u", option->arg_type);
1657 fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1659 /* The alternate type field. */
1660 fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1662 fprintf (out, " %s",
1663 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1665 /* The argument name field. */
1666 fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1670 /* The default value field. */
1671 fprintf (out, ":%s", option->default_value ? option->default_value : "");
1673 /* The default argument field. */
1674 fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1676 /* The value field. */
1677 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1678 && (option->flags & GC_OPT_FLAG_LIST)
1680 /* The special format "1,1,1,1,...,1" is converted to a number
1682 fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1684 fprintf (out, ":%s", option->value ? option->value : "");
1686 /* ADD NEW FIELDS HERE. */
1692 /* List all options of the component COMPONENT. */
1694 gc_component_list_options (int component, FILE *out)
1696 const gc_option_t *option = gc_component[component].options;
1698 while (option && option->name)
1700 /* Do not output unknown or internal options. */
1701 if (!(option->flags & GC_OPT_FLAG_GROUP)
1702 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1708 if (option->flags & GC_OPT_FLAG_GROUP)
1710 const gc_option_t *group_option = option + 1;
1711 gc_expert_level_t level = GC_LEVEL_NR;
1713 /* The manual states that the group level is always the
1714 minimum of the levels of all contained options. Due to
1715 different active options, and because it is hard to
1716 maintain manually, we calculate it here. The value in
1717 the global static table is ignored. */
1719 while (group_option->name)
1721 if (group_option->flags & GC_OPT_FLAG_GROUP)
1723 if (group_option->level < level)
1724 level = group_option->level;
1728 /* Check if group is empty. */
1729 if (level != GC_LEVEL_NR)
1731 gc_option_t opt_copy;
1733 /* Fix up the group level. */
1734 memcpy (&opt_copy, option, sizeof (opt_copy));
1735 opt_copy.level = level;
1736 list_one_option (&opt_copy, out);
1740 list_one_option (option, out);
1747 /* Find the option NAME in component COMPONENT, for the backend
1748 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
1749 static gc_option_t *
1750 find_option (gc_component_t component, const char *name,
1751 gc_backend_t backend)
1753 gc_option_t *option = gc_component[component].options;
1754 while (option->name)
1756 if (!(option->flags & GC_OPT_FLAG_GROUP)
1757 && !strcmp (option->name, name)
1758 && (backend == GC_BACKEND_ANY || option->backend == backend))
1762 return option->name ? option : NULL;
1766 /* Determine the configuration filename for the component COMPONENT
1767 and backend BACKEND. */
1769 get_config_filename (gc_component_t component, gc_backend_t backend)
1771 char *filename = NULL;
1772 gc_option_t *option = find_option
1773 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
1775 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
1776 assert (!(option->flags & GC_OPT_FLAG_LIST));
1778 if (!option->active || !option->default_value)
1779 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
1780 gc_backend[backend].option_config_filename,
1781 gc_backend[backend].name);
1783 if (option->value && *option->value)
1784 filename = percent_deescape (&option->value[1]);
1785 else if (option->default_value && *option->default_value)
1786 filename = percent_deescape (&option->default_value[1]);
1790 #ifdef HAVE_DOSISH_SYSTEM
1792 && filename[1] == ':'
1793 && (filename[2] == '/' || filename[2] == '\\')))
1795 if (filename[0] != '/')
1797 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
1798 gc_backend[backend].option_config_filename,
1799 gc_backend[backend].name);
1805 /* Retrieve the options for the component COMPONENT from backend
1806 BACKEND, which we already know is a program-type backend. */
1808 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
1812 const char *pgmname;
1813 const char *argv[2];
1817 size_t line_len = 0;
1820 char *config_filename;
1822 err = gnupg_create_inbound_pipe (filedes);
1824 gc_error (1, 0, _("error creating a pipe: %s\n"), gpg_strerror (err));
1826 pgmname = (gc_backend[backend].module_name
1827 ? gnupg_module_name (gc_backend[backend].module_name)
1828 : gc_backend[backend].program );
1829 argv[0] = "--gpgconf-list";
1832 err = gnupg_spawn_process_fd (pgmname, argv, -1, filedes[1], -1, &pid);
1837 gc_error (1, 0, "could not gather active options from `%s': %s",
1838 pgmname, gpg_strerror (err));
1841 config = fdopen (filedes[0], "r");
1843 gc_error (1, errno, "can't fdopen pipe for reading");
1845 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
1847 gc_option_t *option;
1849 unsigned long flags = 0;
1850 char *default_value = NULL;
1852 /* Strip newline and carriage return, if present. */
1854 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
1855 line[--length] = '\0';
1857 linep = strchr (line, ':');
1861 /* Extract additional flags. Default to none. */
1867 end = strchr (linep, ':');
1872 flags = strtoul (linep, &tail, 0);
1874 gc_error (1, errno, "malformed flags in option %s from %s",
1876 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
1877 gc_error (1, 0, "garbage after flags in option %s from %s",
1883 /* Extract default value, if present. Default to empty if
1889 end = strchr (linep, ':');
1893 if (flags & GC_OPT_FLAG_DEFAULT)
1894 default_value = linep;
1899 /* Look up the option in the component and install the
1900 configuration data. */
1901 option = find_option (component, line, backend);
1905 gc_error (1, errno, "option %s returned twice from %s",
1909 option->flags |= flags;
1910 if (default_value && *default_value)
1911 option->default_value = xstrdup (default_value);
1914 if (length < 0 || ferror (config))
1915 gc_error (1, errno, "error reading from %s",pgmname);
1916 if (fclose (config))
1917 gc_error (1, errno, "error closing %s", pgmname);
1919 err = gnupg_wait_process (pgmname, pid, &exitcode);
1921 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
1922 pgmname, exitcode, gpg_strerror (err));
1925 /* At this point, we can parse the configuration file. */
1926 config_filename = get_config_filename (component, backend);
1928 config = fopen (config_filename, "r");
1930 gc_error (0, errno, "warning: can not open config file %s",
1934 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
1938 gc_option_t *option;
1941 while (*name == ' ' || *name == '\t')
1943 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
1947 while (*value && *value != ' ' && *value != '\t'
1948 && *value != '#' && *value != '\r' && *value != '\n')
1950 if (*value == ' ' || *value == '\t')
1955 while (*value == ' ' || *value == '\t')
1959 while (*end && *end != '#' && *end != '\r' && *end != '\n')
1961 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
1968 /* Look up the option in the component and install the
1969 configuration data. */
1970 option = find_option (component, line, backend);
1975 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
1979 "warning: ignoring argument %s for option %s",
1981 opt_value = xstrdup ("1");
1983 else if (gc_arg_type[option->arg_type].fallback
1984 == GC_ARG_TYPE_STRING)
1985 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
1988 /* FIXME: Verify that the number is sane. */
1989 opt_value = xstrdup (value);
1992 /* Now enter the option into the table. */
1993 if (!(option->flags & GC_OPT_FLAG_LIST))
1996 free (option->value);
1997 option->value = opt_value;
2002 option->value = opt_value;
2005 char *opt_val = opt_value;
2007 option->value = xasprintf ("%s,%s", option->value,
2015 if (length < 0 || ferror (config))
2016 gc_error (1, errno, "error reading from %s", config_filename);
2017 if (fclose (config))
2018 gc_error (1, errno, "error closing %s", config_filename);
2025 /* Retrieve the options for the component COMPONENT from backend
2026 BACKEND, which we already know is of type file list. */
2028 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2030 gc_option_t *list_option;
2031 gc_option_t *config_option;
2032 char *list_filename;
2035 size_t line_len = 0;
2039 list_option = find_option (component,
2040 gc_backend[backend].option_name, GC_BACKEND_ANY);
2041 assert (list_option);
2042 assert (!list_option->active);
2044 list_filename = get_config_filename (component, backend);
2045 list_file = fopen (list_filename, "r");
2047 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2051 while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
2058 while (*start == ' ' || *start == '\t')
2060 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2064 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2066 /* Walk back to skip trailing white spaces. Looks evil, but
2067 works because of the conditions on START and END imposed
2068 at this point (END is at least START + 1, and START is
2069 not a whitespace character). */
2070 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2073 /* FIXME: Oh, no! This is so lame! Should use realloc and
2077 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2082 list = xasprintf ("\"%s", gc_percent_escape (start));
2084 if (length < 0 || ferror (list_file))
2085 gc_error (1, errno, "can not read list file %s", list_filename);
2088 list_option->active = 1;
2089 list_option->value = list;
2091 /* Fix up the read-only flag. */
2092 config_option = find_option
2093 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2094 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2095 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2097 if (list_file && fclose (list_file))
2098 gc_error (1, errno, "error closing %s", list_filename);
2103 /* Retrieve the currently active options and their defaults from all
2104 involved backends for this component. Using -1 for component will
2105 retrieve all options from all components. */
2107 gc_component_retrieve_options (int component)
2109 int process_all = 0;
2110 int backend_seen[GC_BACKEND_NR];
2111 gc_backend_t backend;
2112 gc_option_t *option;
2114 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2115 backend_seen[backend] = 0;
2117 if (component == -1)
2121 assert (component < GC_COMPONENT_NR);
2126 option = gc_component[component].options;
2128 while (option && option->name)
2130 if (!(option->flags & GC_OPT_FLAG_GROUP))
2132 backend = option->backend;
2134 if (backend_seen[backend])
2139 backend_seen[backend] = 1;
2141 assert (backend != GC_BACKEND_ANY);
2143 if (gc_backend[backend].program)
2144 retrieve_options_from_program (component, backend);
2146 retrieve_options_from_file (component, backend);
2151 while (process_all && ++component < GC_COMPONENT_NR);
2157 /* Perform a simple validity check based on the type. Return in
2158 NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2159 type GC_ARG_TYPE_NONE. */
2161 option_check_validity (gc_option_t *option, unsigned long flags,
2162 char *new_value, unsigned long *new_value_nr)
2166 if (!option->active)
2167 gc_error (1, 0, "option %s not supported by backend %s",
2168 option->name, gc_backend[option->backend].name);
2170 if (option->new_flags || option->new_value)
2171 gc_error (1, 0, "option %s already changed", option->name);
2173 if (flags & GC_OPT_FLAG_DEFAULT)
2176 gc_error (1, 0, "argument %s provided for deleted option %s",
2177 new_value, option->name);
2182 /* GC_ARG_TYPE_NONE options have special list treatment. */
2183 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2188 *new_value_nr = strtoul (new_value, &tail, 0);
2191 gc_error (1, errno, "invalid argument for option %s",
2194 gc_error (1, 0, "garbage after argument for option %s",
2197 if (!(option->flags & GC_OPT_FLAG_LIST))
2199 if (*new_value_nr != 1)
2200 gc_error (1, 0, "argument for non-list option %s of type 0 "
2201 "(none) must be 1", option->name);
2205 if (*new_value_nr == 0)
2206 gc_error (1, 0, "argument for option %s of type 0 (none) "
2207 "must be positive", option->name);
2216 if (*arg == '\0' || *arg == ',')
2218 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2219 gc_error (1, 0, "argument required for option %s", option->name);
2221 if (*arg == ',' && !(option->flags & GC_OPT_FLAG_LIST))
2222 gc_error (1, 0, "list found for non-list option %s", option->name);
2224 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2227 gc_error (1, 0, "string argument for option %s must begin "
2228 "with a quote (\") character", option->name);
2230 /* FIXME: We do not allow empty string arguments for now, as
2231 we do not quote arguments in configuration files, and
2232 thus no argument is indistinguishable from the empty
2234 if (arg[1] == '\0' || arg[1] == ',')
2235 gc_error (1, 0, "empty string argument for option %s is "
2236 "currently not allowed. Please report this!",
2239 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2242 (void) strtol (arg, &arg, 0);
2245 gc_error (1, errno, "invalid argument for option %s",
2248 if (*arg != '\0' && *arg != ',')
2249 gc_error (1, 0, "garbage after argument for option %s",
2252 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2255 (void) strtoul (arg, &arg, 0);
2258 gc_error (1, errno, "invalid argument for option %s",
2261 if (*arg != '\0' && *arg != ',')
2262 gc_error (1, 0, "garbage after argument for option %s",
2265 arg = strchr (arg, ',');
2269 while (arg && *arg);
2272 #ifdef HAVE_W32_SYSTEM
2274 copy_file (const char *src_name, const char *dst_name)
2276 #define BUF_LEN 4096
2277 char buffer[BUF_LEN];
2282 src = fopen (src_name, "r");
2286 dst = fopen (dst_name, "w");
2289 int saved_err = errno;
2299 len = fread (buffer, 1, BUF_LEN, src);
2302 written = fwrite (buffer, 1, len, dst);
2306 while (!feof (src) && !ferror (src) && !ferror (dst));
2308 if (ferror (src) || ferror (dst) || !feof (src))
2310 int saved_errno = errno;
2314 errno = saved_errno;
2319 gc_error (1, errno, "error closing %s", dst_name);
2321 gc_error (1, errno, "error closing %s", src_name);
2325 #endif /* HAVE_W32_SYSTEM */
2328 /* Create and verify the new configuration file for the specified
2329 backend and component. Returns 0 on success and -1 on error. */
2331 change_options_file (gc_component_t component, gc_backend_t backend,
2332 char **src_filenamep, char **dest_filenamep,
2333 char **orig_filenamep)
2335 static const char marker[] = "###+++--- GPGConf ---+++###";
2336 /* True if we are within the marker in the config file. */
2338 gc_option_t *option;
2344 FILE *src_file = NULL;
2345 FILE *dest_file = NULL;
2347 char *dest_filename;
2348 char *orig_filename;
2350 char *cur_arg = NULL;
2352 option = find_option (component,
2353 gc_backend[backend].option_name, GC_BACKEND_ANY);
2355 assert (option->active);
2356 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2358 /* FIXME. Throughout the function, do better error reporting. */
2359 /* Note that get_config_filename() calls percent_deescape(), so we
2360 call this before processing the arguments. */
2361 dest_filename = xstrdup (get_config_filename (component, backend));
2362 src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
2363 orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
2365 arg = option->new_value;
2366 if (arg && arg[0] == '\0')
2373 end = strchr (arg, ',');
2377 cur_arg = percent_deescape (arg);
2387 #ifdef HAVE_W32_SYSTEM
2388 res = copy_file (dest_filename, orig_filename);
2390 res = link (dest_filename, orig_filename);
2392 if (res < 0 && errno != ENOENT)
2396 xfree (orig_filename);
2397 orig_filename = NULL;
2400 /* We now initialize the return strings, so the caller can do the
2402 *src_filenamep = src_filename;
2403 *dest_filenamep = dest_filename;
2404 *orig_filenamep = orig_filename;
2406 /* Use open() so that we can use O_EXCL. */
2407 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2410 src_file = fdopen (fd, "w");
2418 /* Only if ORIG_FILENAME is not NULL did the configuration file
2419 exist already. In this case, we will copy its content into the
2420 new configuration file, changing it to our liking in the
2424 dest_file = fopen (dest_filename, "r");
2426 goto change_file_one_err;
2428 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2433 if (!strncmp (marker, line, sizeof (marker) - 1))
2442 while (*start == ' ' || *start == '\t')
2444 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2453 /* Search for the end of the line. */
2454 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2457 if (*endp && *endp != ' ' && *endp != '\t'
2458 && *endp != '\r' && *endp != '\n' && *endp != '#')
2464 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2465 || !cur_arg || strcmp (start, cur_arg))
2469 /* Find next argument. */
2475 arg_end = strchr (arg, ',');
2479 cur_arg = percent_deescape (arg);
2500 "# GPGConf disabled this option here at %s\n",
2501 asctimestamp (gnupg_get_time ()));
2502 if (ferror (src_file))
2503 goto change_file_one_err;
2504 fprintf (src_file, "# %s", line);
2505 if (ferror (src_file))
2506 goto change_file_one_err;
2511 fprintf (src_file, "%s", line);
2512 if (ferror (src_file))
2513 goto change_file_one_err;
2516 if (length < 0 || ferror (dest_file))
2517 goto change_file_one_err;
2522 /* There was no marker. This is the first time we edit the
2523 file. We add our own marker at the end of the file and
2524 proceed. Note that we first write a newline, this guards us
2525 against files which lack the newline at the end of the last
2526 line, while it doesn't hurt us in all other cases. */
2527 fprintf (src_file, "\n%s\n", marker);
2528 if (ferror (src_file))
2529 goto change_file_one_err;
2532 /* At this point, we have copied everything up to the end marker
2533 into the new file, except for the arguments we are going to add.
2534 Now, dump the new arguments and write the end marker, possibly
2535 followed by the rest of the original file. */
2538 fprintf (src_file, "%s\n", cur_arg);
2540 /* Find next argument. */
2546 end = strchr (arg, ',');
2550 cur_arg = percent_deescape (arg);
2563 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2564 if (ferror (src_file))
2565 goto change_file_one_err;
2569 fprintf (src_file, "# GPGConf edited this configuration file.\n");
2570 if (ferror (src_file))
2571 goto change_file_one_err;
2572 fprintf (src_file, "# It will disable options before this marked "
2573 "block, but it will\n");
2574 if (ferror (src_file))
2575 goto change_file_one_err;
2576 fprintf (src_file, "# never change anything below these lines.\n");
2577 if (ferror (src_file))
2578 goto change_file_one_err;
2582 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2584 fprintf (src_file, "%s", line);
2585 if (ferror (src_file))
2586 goto change_file_one_err;
2588 if (length < 0 || ferror (dest_file))
2589 goto change_file_one_err;
2594 res = fclose (src_file);
2607 res = fclose (dest_file);
2613 change_file_one_err:
2628 /* Create and verify the new configuration file for the specified
2629 backend and component. Returns 0 on success and -1 on error. */
2631 change_options_program (gc_component_t component, gc_backend_t backend,
2632 char **src_filenamep, char **dest_filenamep,
2633 char **orig_filenamep)
2635 static const char marker[] = "###+++--- GPGConf ---+++###";
2636 /* True if we are within the marker in the config file. */
2638 gc_option_t *option;
2644 FILE *src_file = NULL;
2645 FILE *dest_file = NULL;
2647 char *dest_filename;
2648 char *orig_filename;
2649 /* Special hack for gpg, see below. */
2650 int utf8strings_seen = 0;
2652 /* FIXME. Throughout the function, do better error reporting. */
2653 dest_filename = xstrdup (get_config_filename (component, backend));
2654 src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
2655 orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
2657 #ifdef HAVE_W32_SYSTEM
2658 res = copy_file (dest_filename, orig_filename);
2660 res = link (dest_filename, orig_filename);
2662 if (res < 0 && errno != ENOENT)
2666 xfree (orig_filename);
2667 orig_filename = NULL;
2670 /* We now initialize the return strings, so the caller can do the
2672 *src_filenamep = src_filename;
2673 *dest_filenamep = dest_filename;
2674 *orig_filenamep = orig_filename;
2676 /* Use open() so that we can use O_EXCL. */
2677 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2680 src_file = fdopen (fd, "w");
2688 /* Only if ORIG_FILENAME is not NULL did the configuration file
2689 exist already. In this case, we will copy its content into the
2690 new configuration file, changing it to our liking in the
2694 dest_file = fopen (dest_filename, "r");
2696 goto change_one_err;
2698 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2703 if (!strncmp (marker, line, sizeof (marker) - 1))
2710 else if (backend == GC_BACKEND_GPG && in_marker
2711 && ! strcmp ("utf8-strings\n", line))
2713 /* Strip duplicated entries. */
2714 if (utf8strings_seen)
2717 utf8strings_seen = 1;
2721 while (*start == ' ' || *start == '\t')
2723 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2729 while (*end && *end != ' ' && *end != '\t'
2730 && *end != '\r' && *end != '\n' && *end != '#')
2735 option = find_option (component, start, backend);
2737 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2738 || option->new_value))
2746 "# GPGConf disabled this option here at %s\n",
2747 asctimestamp (gnupg_get_time ()));
2748 if (ferror (src_file))
2749 goto change_one_err;
2750 fprintf (src_file, "# %s", line);
2751 if (ferror (src_file))
2752 goto change_one_err;
2757 fprintf (src_file, "%s", line);
2758 if (ferror (src_file))
2759 goto change_one_err;
2762 if (length < 0 || ferror (dest_file))
2763 goto change_one_err;
2768 /* There was no marker. This is the first time we edit the
2769 file. We add our own marker at the end of the file and
2770 proceed. Note that we first write a newline, this guards us
2771 against files which lack the newline at the end of the last
2772 line, while it doesn't hurt us in all other cases. */
2773 fprintf (src_file, "\n%s\n", marker);
2774 if (ferror (src_file))
2775 goto change_one_err;
2777 /* At this point, we have copied everything up to the end marker
2778 into the new file, except for the options we are going to change.
2779 Now, dump the changed options (except for those we are going to
2780 revert to their default), and write the end marker, possibly
2781 followed by the rest of the original file. */
2783 /* We have to turn on UTF8 strings for GnuPG. */
2784 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
2785 fprintf (src_file, "utf8-strings\n");
2787 option = gc_component[component].options;
2788 while (option->name)
2790 if (!(option->flags & GC_OPT_FLAG_GROUP)
2791 && option->backend == backend
2792 && option->new_value)
2794 char *arg = option->new_value;
2798 if (*arg == '\0' || *arg == ',')
2800 fprintf (src_file, "%s\n", option->name);
2801 if (ferror (src_file))
2802 goto change_one_err;
2804 else if (gc_arg_type[option->arg_type].fallback
2805 == GC_ARG_TYPE_NONE)
2807 assert (*arg == '1');
2808 fprintf (src_file, "%s\n", option->name);
2809 if (ferror (src_file))
2810 goto change_one_err;
2814 else if (gc_arg_type[option->arg_type].fallback
2815 == GC_ARG_TYPE_STRING)
2819 assert (*arg == '"');
2822 end = strchr (arg, ',');
2826 fprintf (src_file, "%s %s\n", option->name,
2827 percent_deescape (arg));
2828 if (ferror (src_file))
2829 goto change_one_err;
2839 end = strchr (arg, ',');
2843 fprintf (src_file, "%s %s\n", option->name, arg);
2844 if (ferror (src_file))
2845 goto change_one_err;
2852 assert (arg == NULL || *arg == '\0' || *arg == ',');
2853 if (arg && *arg == ',')
2856 while (arg && *arg);
2861 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2862 if (ferror (src_file))
2863 goto change_one_err;
2867 fprintf (src_file, "# GPGConf edited this configuration file.\n");
2868 if (ferror (src_file))
2869 goto change_one_err;
2870 fprintf (src_file, "# It will disable options before this marked "
2871 "block, but it will\n");
2872 if (ferror (src_file))
2873 goto change_one_err;
2874 fprintf (src_file, "# never change anything below these lines.\n");
2875 if (ferror (src_file))
2876 goto change_one_err;
2880 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2882 fprintf (src_file, "%s", line);
2883 if (ferror (src_file))
2884 goto change_one_err;
2886 if (length < 0 || ferror (dest_file))
2887 goto change_one_err;
2892 res = fclose (src_file);
2905 res = fclose (dest_file);
2926 /* Common code for gc_component_change_options and
2927 gc_process_gpgconf_conf. */
2929 change_one_value (gc_option_t *option, int *runtime,
2930 unsigned long flags, char *new_value)
2932 unsigned long new_value_nr = 0;
2934 option_check_validity (option, flags, new_value, &new_value_nr);
2936 if (option->flags & GC_OPT_FLAG_RUNTIME)
2937 runtime[option->backend] = 1;
2939 option->new_flags = flags;
2940 if (!(flags & GC_OPT_FLAG_DEFAULT))
2942 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
2943 && (option->flags & GC_OPT_FLAG_LIST))
2947 /* We convert the number to a list of 1's for convenient
2949 assert (new_value_nr > 0);
2950 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
2951 str = option->new_value;
2953 while (--new_value_nr > 0)
2961 option->new_value = xstrdup (new_value);
2966 /* Read the modifications from IN and apply them. If IN is NULL the
2967 modifications are expected to already have been set to the global
2970 gc_component_change_options (int component, FILE *in, FILE *out)
2973 int runtime[GC_BACKEND_NR];
2974 char *src_filename[GC_BACKEND_NR];
2975 char *dest_filename[GC_BACKEND_NR];
2976 char *orig_filename[GC_BACKEND_NR];
2977 gc_backend_t backend;
2978 gc_option_t *option;
2980 size_t line_len = 0;
2983 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2985 runtime[backend] = 0;
2986 src_filename[backend] = NULL;
2987 dest_filename[backend] = NULL;
2988 orig_filename[backend] = NULL;
2993 /* Read options from the file IN. */
2994 while ((length = read_line (in, &line, &line_len, NULL)) > 0)
2997 unsigned long flags = 0;
2998 char *new_value = "";
3000 /* Strip newline and carriage return, if present. */
3002 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3003 line[--length] = '\0';
3005 linep = strchr (line, ':');
3009 /* Extract additional flags. Default to none. */
3015 end = strchr (linep, ':');
3020 flags = strtoul (linep, &tail, 0);
3022 gc_error (1, errno, "malformed flags in option %s", line);
3023 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3024 gc_error (1, 0, "garbage after flags in option %s", line);
3029 /* Don't allow setting of the no change flag. */
3030 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3032 /* Extract default value, if present. Default to empty if not. */
3036 end = strchr (linep, ':');
3043 option = find_option (component, line, GC_BACKEND_ANY);
3045 gc_error (1, 0, "unknown option %s", line);
3047 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3049 gc_error (0, 0, "ignoring new value for option %s",
3054 change_one_value (option, runtime, flags, new_value);
3058 /* Now that we have collected and locally verified the changes,
3059 write them out to new configuration files, verify them
3060 externally, and then commit them. */
3061 option = gc_component[component].options;
3062 while (option && option->name)
3064 /* Go on if we have already seen this backend, or if there is
3066 if (src_filename[option->backend]
3067 || !(option->new_flags || option->new_value))
3073 if (gc_backend[option->backend].program)
3075 err = change_options_program (component, option->backend,
3076 &src_filename[option->backend],
3077 &dest_filename[option->backend],
3078 &orig_filename[option->backend]);
3081 /* External verification. */
3082 err = gc_component_check_options (component, out,
3083 src_filename[option->backend]);
3087 _("External verification of component %s failed"),
3088 gc_component[component].name);
3095 err = change_options_file (component, option->backend,
3096 &src_filename[option->backend],
3097 &dest_filename[option->backend],
3098 &orig_filename[option->backend]);
3106 if (! err && ! opt.dry_run)
3110 for (i = 0; i < GC_BACKEND_NR; i++)
3112 if (src_filename[i])
3114 /* FIXME: Make a verification here. */
3116 assert (dest_filename[i]);
3118 if (orig_filename[i])
3120 #ifdef HAVE_W32_SYSTEM
3121 /* There is no atomic update on W32. */
3122 err = unlink (dest_filename[i]);
3123 #endif /* HAVE_W32_SYSTEM */
3125 err = rename (src_filename[i], dest_filename[i]);
3129 #ifdef HAVE_W32_SYSTEM
3130 /* We skip the unlink if we expect the file not to
3132 err = rename (src_filename[i], dest_filename[i]);
3133 #else /* HAVE_W32_SYSTEM */
3134 /* This is a bit safer than rename() because we
3135 expect DEST_FILENAME not to be there. If it
3136 happens to be there, this will fail. */
3137 err = link (src_filename[i], dest_filename[i]);
3139 err = unlink (src_filename[i]);
3140 #endif /* !HAVE_W32_SYSTEM */
3144 src_filename[i] = NULL;
3149 if (err || opt.dry_run)
3152 int saved_errno = errno;
3154 /* An error occured or a dry-run is requested. */
3155 for (i = 0; i < GC_BACKEND_NR; i++)
3157 if (src_filename[i])
3159 /* The change was not yet committed. */
3160 unlink (src_filename[i]);
3161 if (orig_filename[i])
3162 unlink (orig_filename[i]);
3166 /* The changes were already committed. FIXME: This is a
3167 tad dangerous, as we don't know if we don't overwrite
3168 a version of the file that is even newer than the one
3169 we just installed. */
3170 if (orig_filename[i])
3172 #ifdef HAVE_W32_SYSTEM
3173 /* There is no atomic update on W32. */
3174 unlink (dest_filename[i]);
3175 #endif /* HAVE_W32_SYSTEM */
3176 rename (orig_filename[i], dest_filename[i]);
3179 unlink (dest_filename[i]);
3183 gc_error (1, saved_errno, "could not commit changes");
3185 /* Fall-through for dry run. */
3189 /* If it all worked, notify the daemons of the changes. */
3191 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3193 if (runtime[backend] && gc_backend[backend].runtime_change)
3194 (*gc_backend[backend].runtime_change) ();
3197 /* Move the per-process backup file into its place. */
3198 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3199 if (orig_filename[backend])
3201 char *backup_filename;
3203 assert (dest_filename[backend]);
3205 backup_filename = xasprintf ("%s.gpgconf.bak", dest_filename[backend]);
3207 #ifdef HAVE_W32_SYSTEM
3208 /* There is no atomic update on W32. */
3209 unlink (backup_filename);
3210 #endif /* HAVE_W32_SYSTEM */
3211 rename (orig_filename[backend], backup_filename);
3219 /* Check whether USER matches the current user of one of its group.
3220 This function may change USER. Returns true is there is a
3223 key_matches_user_or_group (char *user)
3227 if (*user == '*' && user[1] == 0)
3228 return 1; /* A single asterisk matches all users. */
3230 group = strchr (user, ':');
3234 #ifdef HAVE_W32_SYSTEM
3235 /* Under Windows we don't support groups. */
3236 if (group && *group)
3237 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3240 static char *my_name;
3247 GetUserNameA (tmp, &size);
3248 my_name = xmalloc (size);
3249 if (!GetUserNameA (my_name, &size))
3250 gc_error (1,0, "error getting current user name: %s",
3254 if (!strcmp (user, my_name))
3255 return 1; /* Found. */
3257 #else /*!HAVE_W32_SYSTEM*/
3258 /* First check whether the user matches. */
3261 static char *my_name;
3265 struct passwd *pw = getpwuid ( getuid () );
3267 gc_error (1, errno, "getpwuid failed for current user");
3268 my_name = xstrdup (pw->pw_name);
3270 if (!strcmp (user, my_name))
3271 return 1; /* Found. */
3274 /* If that failed, check whether a group matches. */
3275 if (group && *group)
3277 static char *my_group;
3278 static char **my_supgroups;
3283 struct group *gr = getgrgid ( getgid () );
3285 gc_error (1, errno, "getgrgid failed for current user");
3286 my_group = xstrdup (gr->gr_name);
3288 if (!strcmp (group, my_group))
3289 return 1; /* Found. */
3296 ngids = getgroups (0, NULL);
3297 gids = xcalloc (ngids+1, sizeof *gids);
3298 ngids = getgroups (ngids, gids);
3300 gc_error (1, errno, "getgroups failed for current user");
3301 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3302 for (n=0; n < ngids; n++)
3304 struct group *gr = getgrgid ( gids[n] );
3306 gc_error (1, errno, "getgrgid failed for supplementary group");
3307 my_supgroups[n] = xstrdup (gr->gr_name);
3312 for (n=0; my_supgroups[n]; n++)
3313 if (!strcmp (group, my_supgroups[n]))
3314 return 1; /* Found. */
3316 #endif /*!HAVE_W32_SYSTEM*/
3317 return 0; /* No match. */
3322 /* Read and process the global configuration file for gpgconf. This
3323 optional file is used to update our internal tables at runtime and
3324 may also be used to set new default values. If FNAME is NULL the
3325 default name will be used. With UPDATE set to true the internal
3326 tables are actually updated; if not set, only a syntax check is
3327 done. If DEFAULTS is true the global options are written to the
3328 configuration files. If LISTFP is set, no changes are done but the
3329 configuration file is printed to LISTFP in a colon separated format.
3331 Returns 0 on success or if the config file is not present; -1 is
3332 returned on error. */
3334 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3339 size_t line_len = 0;
3345 int runtime[GC_BACKEND_NR];
3346 int backend_id, component_id;
3350 fname = xstrdup (fname_arg);
3352 fname = make_filename (gnupg_sysconfdir (), "gpgconf.conf", NULL);
3354 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3355 runtime[backend_id] = 0;
3357 config = fopen (fname, "r");
3360 /* Do not print an error if the file is not available, except
3361 when running in syntax check mode. */
3362 if (errno != ENOENT || !update)
3364 gc_error (0, errno, "can not open global config file `%s'", fname);
3371 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
3373 char *key, *component, *option, *flags, *value;
3375 gc_option_t *option_info = NULL;
3377 int is_continuation;
3381 while (*key == ' ' || *key == '\t')
3383 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3386 is_continuation = (key != line);
3388 /* Parse the key field. */
3389 if (!is_continuation && got_match)
3390 break; /* Finish after the first match. */
3391 else if (!is_continuation)
3394 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3398 gc_error (0, 0, "missing rule at `%s', line %d", fname, lineno);
3407 gc_error (0, 0, "continuation but no rule at `%s', line %d",
3420 /* Parse the component. */
3421 while (*component == ' ' || *component == '\t')
3423 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3427 gc_error (0, 0, "missing component at `%s', line %d",
3435 component_id = gc_component_find (component);
3436 if (component_id < 0)
3438 gc_error (0, 0, "unknown component at `%s', line %d",
3443 /* Parse the option name. */
3444 while (*option == ' ' || *option == '\t')
3446 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3450 gc_error (0, 0, "missing option at `%s', line %d",
3457 if ( component_id != -1)
3459 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3462 gc_error (0, 0, "unknown option at `%s', line %d",
3469 /* Parse the optional flags. */
3470 while (*flags == ' ' || *flags == '\t')
3475 p = strchr (flags, ']');
3478 gc_error (0, 0, "syntax error in rule at `%s', line %d",
3486 else /* No flags given. */
3492 /* Parse the optional value. */
3493 while (*value == ' ' || *value == '\t')
3495 for (p=value; *p && !strchr ("\r\n", *p); p++)
3498 value = empty; /* No value given; let it point to an empty string. */
3501 /* Strip trailing white space. */
3503 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3507 /* Check flag combinations. */
3510 else if (!strcmp (flags, "default"))
3514 gc_error (0, 0, "flag \"default\" may not be combined "
3515 "with a value at `%s', line %d",
3520 else if (!strcmp (flags, "change"))
3522 else if (!strcmp (flags, "no-change"))
3526 gc_error (0, 0, "unknown flag at `%s', line %d",
3531 /* In list mode we print out all records. */
3532 if (listfp && !result)
3534 /* If this is a new ruleset, print a key record. */
3535 if (!is_continuation)
3537 char *group = strchr (key, ':');
3541 if ((p = strchr (group, ':')))
3542 *p = 0; /* We better strip any extra stuff. */
3545 fprintf (listfp, "k:%s:", gc_percent_escape (key));
3546 fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3549 /* All other lines are rule records. */
3550 fprintf (listfp, "r:::%s:%s:%s:",
3551 gc_component[component_id].name,
3552 option_info->name? option_info->name : "",
3555 fprintf (listfp, "\"%s", gc_percent_escape (value));
3557 putc ('\n', listfp);
3560 /* Check whether the key matches but do this only if we are not
3561 running in syntax check mode. */
3563 && !result && !listfp
3564 && (got_match || (key && key_matches_user_or_group (key))) )
3570 /* Apply the flags from gpgconf.conf. */
3573 else if (!strcmp (flags, "default"))
3574 newflags |= GC_OPT_FLAG_DEFAULT;
3575 else if (!strcmp (flags, "no-change"))
3576 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3577 else if (!strcmp (flags, "change"))
3578 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3582 assert (component_id >= 0 && component_id < GC_COMPONENT_NR);
3584 /* Here we explicitly allow to update the value again. */
3587 option_info->new_flags = 0;
3591 xfree (option_info->new_value);
3592 option_info->new_value = NULL;
3594 change_one_value (option_info, runtime, newflags, value);
3599 if (length < 0 || ferror (config))
3601 gc_error (0, errno, "error reading from `%s'", fname);
3604 if (fclose (config) && ferror (config))
3605 gc_error (0, errno, "error closing `%s'", fname);
3609 /* If it all worked, process the options. */
3610 if (!result && update && defaults && !listfp)
3612 /* We need to switch off the runtime update, so that we can do
3613 it later all at once. */
3614 int save_opt_runtime = opt.runtime;
3617 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3619 gc_component_change_options (component_id, NULL, NULL);
3621 opt.runtime = save_opt_runtime;
3625 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3626 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3627 (*gc_backend[backend_id].runtime_change) ();