1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with GnuPG; if not, see <http://www.gnu.org/licenses/>.
28 #include <sys/types.h>
35 #ifdef HAVE_W32_SYSTEM
36 # define WIN32_LEAN_AND_MEAN 1
43 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
44 #define JNLIB_NEED_LOG_LOGV
49 #include "gc-opt-flags.h"
53 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
54 returns a plain filename without escaping. As long as we have not
55 fixed that we need to use gpg2 - it might actually be better to use
57 #ifdef HAVE_W32_SYSTEM
58 #define GPGNAME "gpg2"
65 Components: Add more components and their options.
66 Robustness: Do more validation. Call programs to do validation for us.
67 Add options to change backend binary path.
68 Extract binary path for some backends from gpgsm/gpg config.
72 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
73 void gc_error (int status, int errnum, const char *fmt, ...) \
74 __attribute__ ((format (printf, 3, 4)));
77 /* Output a diagnostic message. If ERRNUM is not 0, then the output
78 is followed by a colon, a white space, and the error string for the
79 error number ERRNUM. In any case the output is finished by a
80 newline. The message is prepended by the program name, a colon,
81 and a whitespace. The output may be further formatted or
82 redirected by the jnlib logging facility. */
84 gc_error (int status, int errnum, const char *fmt, ...)
88 va_start (arg_ptr, fmt);
89 log_logv (JNLIB_LOG_ERROR, fmt, arg_ptr);
93 log_printf (": %s\n", strerror (errnum));
100 log_printf ("fatal error (exit status %i)\n", status);
106 /* Forward declaration. */
107 static void gpg_agent_runtime_change (void);
108 static void scdaemon_runtime_change (void);
110 /* Backend configuration. Backends are used to decide how the default
111 and current value of an option can be determined, and how the
112 option can be changed. To every option in every component belongs
113 exactly one backend that controls and determines the option. Some
114 backends are programs from the GPG system. Others might be
115 implemented by GPGConf itself. If you change this enum, don't
116 forget to update GC_BACKEND below. */
119 /* Any backend, used for find_option (). */
122 /* The Gnu Privacy Guard. */
125 /* The Gnu Privacy Guard for S/MIME. */
129 GC_BACKEND_GPG_AGENT,
131 /* The GnuPG SCDaemon. */
134 /* The Aegypten directory manager. */
137 /* The LDAP server list file for the Aegypten director manager. */
138 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
140 /* The number of the above entries. */
145 /* To be able to implement generic algorithms for the various
146 backends, we collect all information about them in this struct. */
149 /* The name of the backend. */
152 /* The name of the program that acts as the backend. Some backends
153 don't have an associated program, but are implemented directly by
154 GPGConf. In this case, PROGRAM is NULL. */
157 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
158 ../common/util.h. This value is used to get the actual installed
159 path of the program. 0 is used if no backedn program is
163 /* The runtime change callback. */
164 void (*runtime_change) (void);
166 /* The option name for the configuration filename of this backend.
167 This must be an absolute filename. It can be an option from a
168 different backend (but then ordering of the options might
169 matter). Note: This must be unique among all components. */
170 const char *option_config_filename;
172 /* If this is a file backend rather than a program backend, then
173 this is the name of the option associated with the file. */
174 const char *option_name;
175 } gc_backend[GC_BACKEND_NR] =
177 { NULL }, /* GC_BACKEND_ANY dummy entry. */
178 { "GnuPG", GPGNAME, GNUPG_MODULE_NAME_GPG,
179 NULL, "gpgconf-gpg.conf" },
180 { "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM,
181 NULL, "gpgconf-gpgsm.conf" },
182 { "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT,
183 gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" },
184 { "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON,
185 scdaemon_runtime_change, "gpgconf-scdaemon.conf" },
186 { "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR,
187 NULL, "gpgconf-dirmngr.conf" },
188 { "DirMngr LDAP Server List", NULL, 0,
189 NULL, "ldapserverlist-file", "LDAP Server" },
193 /* Option configuration. */
195 /* An option might take an argument, or not. Argument types can be
196 basic or complex. Basic types are generic and easy to validate.
197 Complex types provide more specific information about the intended
198 use, but can be difficult to validate. If you add to this enum,
199 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
200 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
204 /* Basic argument types. */
207 GC_ARG_TYPE_NONE = 0,
209 /* A String argument. */
210 GC_ARG_TYPE_STRING = 1,
212 /* A signed integer argument. */
213 GC_ARG_TYPE_INT32 = 2,
215 /* An unsigned integer argument. */
216 GC_ARG_TYPE_UINT32 = 3,
218 /* ADD NEW BASIC TYPE ENTRIES HERE. */
220 /* Complex argument types. */
222 /* A complete filename. */
223 GC_ARG_TYPE_FILENAME = 32,
225 /* An LDAP server in the format
226 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
227 GC_ARG_TYPE_LDAP_SERVER = 33,
229 /* A 40 character fingerprint. */
230 GC_ARG_TYPE_KEY_FPR = 34,
232 /* A user ID or key ID or fingerprint for a certificate. */
233 GC_ARG_TYPE_PUB_KEY = 35,
235 /* A user ID or key ID or fingerprint for a certificate with a key. */
236 GC_ARG_TYPE_SEC_KEY = 36,
238 /* A alias list made up of a key, an equal sign and a space
239 separated list of values. */
240 GC_ARG_TYPE_ALIAS_LIST = 37,
242 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
244 /* The number of the above entries. */
249 /* For every argument, we record some information about it in the
253 /* For every argument type exists a basic argument type that can be
254 used as a fallback for input and validation purposes. */
255 gc_arg_type_t fallback;
257 /* Human-readable name of the type. */
259 } gc_arg_type[GC_ARG_TYPE_NR] =
261 /* The basic argument types have their own types as fallback. */
262 { GC_ARG_TYPE_NONE, "none" },
263 { GC_ARG_TYPE_STRING, "string" },
264 { GC_ARG_TYPE_INT32, "int32" },
265 { GC_ARG_TYPE_UINT32, "uint32" },
267 /* Reserved basic type entries for future extension. */
268 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
269 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
270 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
271 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
272 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
273 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
274 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
275 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 /* The complex argument types have a basic type as fallback. */
284 { GC_ARG_TYPE_STRING, "filename" },
285 { GC_ARG_TYPE_STRING, "ldap server" },
286 { GC_ARG_TYPE_STRING, "key fpr" },
287 { GC_ARG_TYPE_STRING, "pub key" },
288 { GC_ARG_TYPE_STRING, "sec key" },
289 { GC_ARG_TYPE_STRING, "alias list" },
293 /* Every option has an associated expert level, than can be used to
294 hide advanced and expert options from beginners. If you add to
295 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
296 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
297 EXTERNAL INTERFACE. */
300 /* The basic options should always be displayed. */
303 /* The advanced options may be hidden from beginners. */
306 /* The expert options should only be displayed to experts. */
309 /* The invisible options should normally never be displayed. */
312 /* The internal options are never exported, they mark options that
313 are recorded for internal use only. */
316 /* ADD NEW ENTRIES HERE. */
318 /* The number of the above entries. */
322 /* A description for each expert level. */
336 /* Option flags. The flags which are used by the backends are defined
337 by gc-opt-flags.h, included above.
339 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
340 PART OF THE EXTERNAL INTERFACE. */
342 /* Some entries in the option list are not options, but mark the
343 beginning of a new group of options. These entries have the GROUP
345 #define GC_OPT_FLAG_GROUP (1UL << 0)
346 /* The ARG_OPT flag for an option indicates that the argument is
347 optional. This is never set for GC_ARG_TYPE_NONE options. */
348 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
349 /* The LIST flag for an option indicates that the option can occur
350 several times. A comma separated list of arguments is used as the
352 #define GC_OPT_FLAG_LIST (1UL << 2)
353 /* The NO_CHANGE flag for an option indicates that the user should not
354 be allowed to change this option using the standard gpgconf method.
355 Frontends using gpgconf should grey out such options, so that only
356 the current value is displayed. */
357 #define GC_OPT_FLAG_NO_CHANGE (1UL <<7)
360 /* A human-readable description for each flag. */
377 /* To each option, or group marker, the information in the GC_OPTION
378 struct is provided. If you change this, don't forget to update the
379 option list of each component. */
382 /* If this is NULL, then this is a terminator in an array of unknown
383 length. Otherwise, if this entry is a group marker (see FLAGS),
384 then this is the name of the group described by this entry.
385 Otherwise it is the name of the option described by this
386 entry. The name must not contain a colon. */
389 /* The option flags. If the GROUP flag is set, then this entry is a
390 group marker, not an option, and only the fields LEVEL,
391 DESC_DOMAIN and DESC are valid. In all other cases, this entry
392 describes a new option and all fields are valid. */
395 /* The expert level. This field is valid for options and groups. A
396 group has the expert level of the lowest-level option in the
398 gc_expert_level_t level;
400 /* A gettext domain in which the following description can be found.
401 If this is NULL, then DESC is not translated. Valid for groups
404 Note that we try to keep the description of groups within the
407 IMPORTANT: If you add a new domain please make sure to add a code
408 set switching call to the function my_dgettext further below. */
409 const char *desc_domain;
411 /* A gettext description for this group or option. If it starts
412 with a '|', then the string up to the next '|' describes the
413 argument, and the description follows the second '|'.
415 In general enclosing these description in N_() is not required
416 because the description should be identical to the one in the
417 help menu of the respective program. */
420 /* The following fields are only valid for options. */
422 /* The type of the option argument. */
423 gc_arg_type_t arg_type;
425 /* The backend that implements this option. */
426 gc_backend_t backend;
428 /* The following fields are set to NULL at startup (because all
429 option's are declared as static variables). They are at the end
430 of the list so that they can be omitted from the option
433 /* This is true if the option is supported by this version of the
437 /* The default value for this option. This is NULL if the option is
438 not present in the backend, the empty string if no default is
439 available, and otherwise a quoted string. */
442 /* The default argument is only valid if the "optional arg" flag is
443 set, and specifies the default argument (value) that is used if
444 the argument is omitted. */
447 /* The current value of this option. */
450 /* The new flags for this option. The only defined flag is actually
451 GC_OPT_FLAG_DEFAULT, and it means that the option should be
452 deleted. In this case, NEW_VALUE is NULL. */
453 unsigned long new_flags;
455 /* The new value of this option. */
458 typedef struct gc_option gc_option_t;
460 /* Use this macro to terminate an option list. */
461 #define GC_OPTION_NULL { NULL }
464 /* The options of the GC_COMPONENT_GPG_AGENT component. */
465 static gc_option_t gc_options_gpg_agent[] =
467 /* The configuration file to which we write the changes. */
468 { "gpgconf-gpg-agent.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
469 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
472 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
473 "gnupg", N_("Options controlling the diagnostic output") },
474 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
476 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
477 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
478 "gnupg", "be somewhat more quiet",
479 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
480 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
482 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
485 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
486 "gnupg", N_("Options controlling the configuration") },
487 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
488 "gnupg", "|FILE|read options from FILE",
489 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
490 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
491 "gnupg", "do not use the SCdaemon",
492 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
493 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
494 "gnupg", "enable ssh support",
495 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
496 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
497 "gnupg", "enable putty support",
498 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
501 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
502 "gnupg", N_("Options useful for debugging") },
503 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
504 "gnupg", "|LEVEL|set the debugging level to LEVEL",
505 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
506 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
507 "gnupg", N_("|FILE|write server mode logs to FILE"),
508 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
509 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
511 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
514 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
515 "gnupg", N_("Options controlling the security") },
516 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
517 GC_LEVEL_BASIC, "gnupg",
518 "|N|expire cached PINs after N seconds",
519 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
520 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
521 GC_LEVEL_ADVANCED, "gnupg",
522 N_("|N|expire SSH keys after N seconds"),
523 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
524 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
525 GC_LEVEL_EXPERT, "gnupg",
526 N_("|N|set maximum PIN cache lifetime to N seconds"),
527 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
528 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
529 GC_LEVEL_EXPERT, "gnupg",
530 N_("|N|set maximum SSH key lifetime to N seconds"),
531 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
532 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
533 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
534 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
535 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
536 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
537 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
538 { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
539 "gnupg", "do not grab keyboard and mouse",
540 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
542 { "Passphrase policy",
543 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
544 "gnupg", N_("Options enforcing a passphrase policy") },
545 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
546 GC_LEVEL_EXPERT, "gnupg",
547 N_("do not allow to bypass the passphrase policy"),
548 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
549 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
550 GC_LEVEL_ADVANCED, "gnupg",
551 N_("|N|set minimal required length for new passphrases to N"),
552 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
553 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
554 GC_LEVEL_EXPERT, "gnupg",
555 N_("|N|require at least N non-alpha characters for a new passphrase"),
556 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
557 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
559 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
560 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
561 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
562 GC_LEVEL_EXPERT, "gnupg",
563 N_("|N|expire the passphrase after N days"),
564 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
565 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
566 GC_LEVEL_EXPERT, "gnupg",
567 N_("do not allow the reuse of old passphrases"),
568 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
574 /* The options of the GC_COMPONENT_SCDAEMON component. */
575 static gc_option_t gc_options_scdaemon[] =
577 /* The configuration file to which we write the changes. */
578 { "gpgconf-scdaemon.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
579 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
582 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
583 "gnupg", N_("Options controlling the diagnostic output") },
584 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
586 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
587 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
588 "gnupg", "be somewhat more quiet",
589 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
590 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
592 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
595 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
596 "gnupg", N_("Options controlling the configuration") },
597 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
598 "gnupg", "|FILE|read options from FILE",
599 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
600 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
601 "gnupg", "|N|connect to reader at port N",
602 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
603 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
604 "gnupg", "|NAME|use NAME as ct-API driver",
605 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
606 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
607 "gnupg", "|NAME|use NAME as PC/SC driver",
608 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
609 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
610 "gnupg", "do not use the internal CCID driver",
611 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
612 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
613 "gnupg", "do not use a reader's pinpad",
614 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
615 { "enable-pinpad-varlen",
616 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
617 "gnupg", "use variable length input for pinpad",
618 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
619 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
620 "gnupg", "|N|disconnect the card after N seconds of inactivity",
621 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
624 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
625 "gnupg", N_("Options useful for debugging") },
626 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
627 "gnupg", "|LEVEL|set the debugging level to LEVEL",
628 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
629 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
630 "gnupg", N_("|FILE|write a log to FILE"),
631 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
634 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
635 "gnupg", N_("Options controlling the security") },
636 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
637 "gnupg", "deny the use of admin card commands",
638 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
645 /* The options of the GC_COMPONENT_GPG component. */
646 static gc_option_t gc_options_gpg[] =
648 /* The configuration file to which we write the changes. */
649 { "gpgconf-gpg.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
650 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
653 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
654 "gnupg", N_("Options controlling the diagnostic output") },
655 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
657 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
658 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
659 "gnupg", "be somewhat more quiet",
660 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
661 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
663 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
666 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
667 "gnupg", N_("Options controlling the configuration") },
668 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
669 "gnupg", N_("|NAME|use NAME as default secret key"),
670 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
671 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
672 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
673 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
674 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
675 "gnupg", N_("|SPEC|set up email aliases"),
676 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
677 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
678 "gnupg", "|FILE|read options from FILE",
679 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
682 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
683 "gnupg", N_("Options useful for debugging") },
684 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
685 "gnupg", "|LEVEL|set the debugging level to LEVEL",
686 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
687 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
688 "gnupg", N_("|FILE|write server mode logs to FILE"),
689 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
690 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
692 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
695 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
696 "gnupg", N_("Configuration for Keyservers") },
697 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
698 "gnupg", N_("|URL|use keyserver at URL"),
699 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
700 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
701 "gnupg", N_("allow PKA lookups (DNS requests)"),
702 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
703 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
704 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
705 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
713 /* The options of the GC_COMPONENT_GPGSM component. */
714 static gc_option_t gc_options_gpgsm[] =
716 /* The configuration file to which we write the changes. */
717 { "gpgconf-gpgsm.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
718 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
721 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
722 "gnupg", N_("Options controlling the diagnostic output") },
723 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
725 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
726 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
727 "gnupg", "be somewhat more quiet",
728 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
729 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
731 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
734 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
735 "gnupg", N_("Options controlling the configuration") },
736 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
737 "gnupg", N_("|NAME|use NAME as default secret key"),
738 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
739 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
740 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
741 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
742 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
743 "gnupg", "|FILE|read options from FILE",
744 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
745 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
746 "gnupg", "use system's dirmngr if available",
747 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
748 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
749 "gnupg", N_("disable all access to the dirmngr"),
750 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
751 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
752 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
753 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
754 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
755 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
756 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
759 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
760 "gnupg", N_("Options useful for debugging") },
761 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
762 "gnupg", "|LEVEL|set the debugging level to LEVEL",
763 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
764 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
765 "gnupg", N_("|FILE|write server mode logs to FILE"),
766 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
767 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
769 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
772 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
773 "gnupg", N_("Options controlling the security") },
774 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
775 "gnupg", "never consult a CRL",
776 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
777 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
778 "gnupg", N_("do not check CRLs for root certificates"),
779 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
780 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
781 "gnupg", "check validity using OCSP",
782 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
783 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
784 "gnupg", "|N|number of certificates to include",
785 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
786 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
787 "gnupg", "do not check certificate policies",
788 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
789 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
790 "gnupg", "fetch missing issuer certificates",
791 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
792 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
793 "gnupg", "|NAME|use cipher algorithm NAME",
794 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
800 /* The options of the GC_COMPONENT_DIRMNGR component. */
801 static gc_option_t gc_options_dirmngr[] =
803 /* The configuration file to which we write the changes. */
804 { "gpgconf-dirmngr.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
805 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
808 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
809 "gnupg", N_("Options controlling the diagnostic output") },
810 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
811 "dirmngr", "verbose",
812 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
813 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
814 "dirmngr", "be somewhat more quiet",
815 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
816 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
818 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
821 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
822 "gnupg", N_("Options controlling the format of the output") },
823 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
824 "dirmngr", "sh-style command output",
825 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
826 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
827 "dirmngr", "csh-style command output",
828 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
831 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
832 "gnupg", N_("Options controlling the configuration") },
833 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
834 "dirmngr", "|FILE|read options from FILE",
835 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
838 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
839 "gnupg", N_("Options useful for debugging") },
840 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
841 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
842 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
843 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
844 "dirmngr", "do not detach from the console",
845 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
846 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
847 "dirmngr", N_("|FILE|write server mode logs to FILE"),
848 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
849 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
851 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
852 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
854 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
857 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
858 "gnupg", N_("Options controlling the interactivity and enforcement") },
859 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
860 "dirmngr", "run without asking a user",
861 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
862 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
863 "dirmngr", "force loading of outdated CRLs",
864 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
867 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
868 "gnupg", N_("Configuration for HTTP servers") },
869 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
870 "dirmngr", "inhibit the use of HTTP",
871 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
872 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
873 "dirmngr", "ignore HTTP CRL distribution points",
874 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
875 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
876 "dirmngr", "|URL|redirect all HTTP requests to URL",
877 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
878 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
879 "gnupg", N_("use system's HTTP proxy setting"),
880 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
883 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
884 "gnupg", N_("Configuration of LDAP servers to use") },
885 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
886 "dirmngr", "inhibit the use of LDAP",
887 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
888 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
889 "dirmngr", "ignore LDAP CRL distribution points",
890 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
891 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
892 "dirmngr", "|HOST|use HOST for LDAP queries",
893 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
894 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
895 "dirmngr", "do not use fallback hosts with --ldap-proxy",
896 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
897 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
898 "dirmngr", "add new servers discovered in CRL distribution points"
899 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
900 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
901 "dirmngr", "|N|set LDAP timeout to N seconds",
902 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
903 /* The following entry must not be removed, as it is required for
904 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
905 { "ldapserverlist-file",
906 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
907 "dirmngr", "|FILE|read LDAP server list from FILE",
908 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
909 /* This entry must come after at least one entry for
910 GC_BACKEND_DIRMNGR in this component, so that the entry for
911 "ldapserverlist-file will be initialized before this one. */
912 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
913 "gnupg", N_("LDAP server list"),
914 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
915 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
916 "dirmngr", "|N|do not return more than N items in one query",
917 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
920 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
921 "gnupg", N_("Configuration for OCSP") },
922 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
923 "dirmngr", "allow sending OCSP requests",
924 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
925 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
926 "dirmngr", "ignore certificate contained OCSP service URLs",
927 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
928 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
929 "dirmngr", "|URL|use OCSP responder at URL",
930 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
931 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
932 "dirmngr", "|FPR|OCSP response signed by FPR",
933 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
940 /* Component system. Each component is a set of options that can be
941 configured at the same time. If you change this, don't forget to
942 update GC_COMPONENT below. */
945 /* The classic GPG for OpenPGP. */
949 GC_COMPONENT_GPG_AGENT,
951 /* The Smardcard Daemon. */
952 GC_COMPONENT_SCDAEMON,
954 /* GPG for S/MIME. */
957 /* The LDAP Directory Manager for CRLs. */
958 GC_COMPONENT_DIRMNGR,
960 /* The number of components. */
965 /* The information associated with each component. */
968 /* The name of this component. Must not contain a colon (':')
972 /* The gettext domain for the description DESC. If this is NULL,
973 then the description is not translated. */
974 const char *desc_domain;
976 /* The description for this domain. */
979 /* The list of options for this component, terminated by
981 gc_option_t *options;
984 { "gpg", NULL, "GPG for OpenPGP", gc_options_gpg },
985 { "gpg-agent", NULL, "GPG Agent", gc_options_gpg_agent },
986 { "scdaemon", NULL, "Smartcard Daemon", gc_options_scdaemon },
987 { "gpgsm", NULL, "GPG for S/MIME", gc_options_gpgsm },
988 { "dirmngr", NULL, "Directory Manager", gc_options_dirmngr }
993 /* Structure used to collect error output of the backend programs. */
995 typedef struct error_line_s *error_line_t;
998 error_line_t next; /* Link to next item. */
999 const char *fname; /* Name of the config file (points into BUFFER). */
1000 unsigned int lineno; /* Line number of the config file. */
1001 const char *errtext; /* Text of the error message (points into BUFFER). */
1002 char buffer[1]; /* Helper buffer. */
1007 /* Engine specific support. */
1009 gpg_agent_runtime_change (void)
1011 #ifndef HAVE_W32_SYSTEM
1012 char *agent = getenv ("GPG_AGENT_INFO");
1014 unsigned long pid_long;
1021 pid_str = strchr (agent, ':');
1027 pid_long = strtoul (pid_str, &tail, 0);
1028 if (errno || (*tail != ':' && *tail != '\0'))
1031 pid = (pid_t) pid_long;
1033 /* Check for overflow. */
1034 if (pid_long != (unsigned long) pid)
1037 /* Ignore any errors here. */
1041 const char *pgmname;
1042 const char *argv[2];
1045 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1046 argv[0] = "reloadagent";
1049 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1051 err = gnupg_wait_process (pgmname, pid, NULL);
1053 gc_error (0, 0, "error running `%s%s': %s",
1054 pgmname, " reloadagent", gpg_strerror (err));
1055 #endif /*!HAVE_W32_SYSTEM*/
1060 scdaemon_runtime_change (void)
1063 const char *pgmname;
1064 const char *argv[6];
1067 /* We use "GETINFO app_running" to see whether the agent is already
1068 running and kill it only in this case. This avoids an explicit
1069 starting of the agent in case it is not yet running. There is
1070 obviously a race condition but that should not harm too much. */
1072 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1074 argv[1] = "GETINFO scd_running";
1075 argv[2] = "/if ${! $?}";
1076 argv[3] = "scd killscd";
1080 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1082 err = gnupg_wait_process (pgmname, pid, NULL);
1084 gc_error (0, 0, "error running `%s%s': %s",
1085 pgmname, " scd killscd", gpg_strerror (err));
1089 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1091 gc_component_reload (int component)
1093 int runtime[GC_BACKEND_NR];
1094 gc_option_t *option;
1095 gc_backend_t backend;
1097 /* Set a flag for the backends to be reloaded. */
1098 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1099 runtime[backend] = 0;
1101 if (component == -1)
1103 for (component = 0; component < GC_COMPONENT_NR; component++)
1105 option = gc_component[component].options;
1106 for (; option && option->name; option++)
1107 runtime[option->backend] = 1;
1112 assert (component < GC_COMPONENT_NR);
1113 option = gc_component[component].options;
1114 for (; option && option->name; option++)
1115 runtime[option->backend] = 1;
1118 /* Do the reload for all selected backends. */
1119 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1121 if (runtime[backend] && gc_backend[backend].runtime_change)
1122 (*gc_backend[backend].runtime_change) ();
1128 /* More or less Robust version of dgettext. It has the side effect of
1129 switching the codeset to utf-8 because this is what we want to
1130 output. In theory it is posible to keep the orginal code set and
1131 switch back for regular disgnostic output (redefine "_(" for that)
1132 but given the natur of this tool, being something invoked from
1133 other pograms, it does not make much sense. */
1135 my_dgettext (const char *domain, const char *msgid)
1137 #ifdef USE_SIMPLE_GETTEXT
1140 static int switched_codeset;
1143 if (!switched_codeset)
1145 switched_codeset = 1;
1146 gettext_select_utf8 (1);
1149 if (!strcmp (domain, "gnupg"))
1150 domain = PACKAGE_GT;
1152 /* FIXME: we have no dgettext, thus we can't switch. */
1154 text = (char*)gettext (msgid);
1155 return text ? text : msgid;
1157 #elif defined(ENABLE_NLS)
1160 static int switched_codeset;
1163 if (!switched_codeset)
1165 switched_codeset = 1;
1166 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1168 bindtextdomain ("dirmngr", LOCALEDIR);
1169 bind_textdomain_codeset ("dirmngr", "utf-8");
1173 /* Note: This is a hack to actually use the gnupg2 domain as
1174 long we are in a transition phase where gnupg 1.x and 1.9 may
1176 if (!strcmp (domain, "gnupg"))
1177 domain = PACKAGE_GT;
1179 text = dgettext (domain, msgid);
1180 return text ? text : msgid;
1188 /* Percent-Escape special characters. The string is valid until the
1189 next invocation of the function. */
1191 gc_percent_escape (const char *src)
1193 static char *esc_str;
1194 static int esc_str_len;
1195 int new_len = 3 * strlen (src) + 1;
1198 if (esc_str_len < new_len)
1200 char *new_esc_str = realloc (esc_str, new_len);
1202 gc_error (1, errno, "can not escape string");
1203 esc_str = new_esc_str;
1204 esc_str_len = new_len;
1216 else if (*src == ':')
1218 /* The colon is used as field separator. */
1223 else if (*src == ',')
1225 /* The comma is used as list separator. */
1240 /* Percent-Deescape special characters. The string is valid until the
1241 next invocation of the function. */
1243 percent_deescape (const char *src)
1247 int new_len = 3 * strlen (src) + 1;
1250 if (str_len < new_len)
1252 char *new_str = realloc (str, new_len);
1254 gc_error (1, errno, "can not deescape string");
1264 int val = hextobyte (src + 1);
1267 gc_error (1, 0, "malformed end of string %s", src);
1269 *(dst++) = (char) val;
1273 *(dst++) = *(src++);
1280 /* List all components that are available. */
1282 gc_component_list_components (FILE *out)
1284 gc_component_t component;
1285 gc_option_t *option;
1286 gc_backend_t backend;
1287 int backend_seen[GC_BACKEND_NR];
1289 const char *pgmname;
1291 for (component = 0; component < GC_COMPONENT_NR; component++)
1293 option = gc_component[component].options;
1296 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1297 backend_seen[backend] = 0;
1300 for (; option && option->name; option++)
1302 if ((option->flags & GC_OPT_FLAG_GROUP))
1304 backend = option->backend;
1305 if (backend_seen[backend])
1307 backend_seen[backend] = 1;
1308 assert (backend != GC_BACKEND_ANY);
1309 if (gc_backend[backend].program
1310 && !gc_backend[backend].module_name)
1312 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1316 desc = gc_component[component].desc;
1317 desc = my_dgettext (gc_component[component].desc_domain, desc);
1318 fprintf (out, "%s:%s:",
1319 gc_component[component].name, gc_percent_escape (desc));
1320 fprintf (out, "%s\n", gc_percent_escape (pgmname));
1328 all_digits_p (const char *p, size_t len)
1332 for (; len; len--, p++)
1333 if (!isascii (*p) || !isdigit (*p))
1335 return 1; /* Yes. */
1339 /* Collect all error lines from file descriptor FD. Only lines
1340 prefixed with TAG are considered. Close that file descriptor
1341 then. Returns a list of error line items (which may be empty).
1342 There is no error return. */
1344 collect_error_output (int fd, const char *tag)
1351 error_line_t eitem, errlines, *errlines_tail;
1352 size_t taglen = strlen (tag);
1354 fp = fdopen (fd, "r");
1356 gc_error (1, errno, "can't fdopen pipe for reading");
1359 errlines_tail = &errlines;
1362 while ((c=getc (fp)) != EOF)
1365 if (pos >= sizeof buffer - 5 || c == '\n')
1367 buffer[pos - (c == '\n')] = 0;
1369 ; /*Ignore continuations of previous line. */
1370 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1372 /* "gpgsm: foo:4: bla" */
1373 /* Yep, we are interested in this line. */
1374 p = buffer + taglen + 1;
1375 while (*p == ' ' || *p == '\t')
1378 ; /* Empty lines are ignored. */
1379 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1380 && all_digits_p (p2+1, p3 - (p2+1)))
1382 /* Line in standard compiler format. */
1384 while (*p3 == ' ' || *p3 == '\t')
1386 eitem = xmalloc (sizeof *eitem + strlen (p));
1388 strcpy (eitem->buffer, p);
1389 eitem->fname = eitem->buffer;
1390 eitem->buffer[p2-p] = 0;
1391 eitem->errtext = eitem->buffer + (p3 - p);
1392 /* (we already checked that there are only ascii
1393 digits followed by a colon) */
1395 for (p2++; isdigit (*p2); p2++)
1396 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1397 *errlines_tail = eitem;
1398 errlines_tail = &eitem->next;
1402 /* Other error output. */
1403 eitem = xmalloc (sizeof *eitem + strlen (p));
1405 strcpy (eitem->buffer, p);
1406 eitem->fname = NULL;
1407 eitem->errtext = eitem->buffer;
1409 *errlines_tail = eitem;
1410 errlines_tail = &eitem->next;
1414 /* If this was not a complete line mark that we are in a
1416 cont_line = (c != '\n');
1420 /* We ignore error lines not terminated by a LF. */
1427 /* Check the options of a single component. Returns 0 if everything
1430 gc_component_check_options (int component, FILE *out, const char *conf_file)
1433 unsigned int result;
1434 int backend_seen[GC_BACKEND_NR];
1435 gc_backend_t backend;
1436 gc_option_t *option;
1437 const char *pgmname;
1438 const char *argv[4];
1443 error_line_t errlines;
1445 /* We use a temporary file to collect the error output. It would be
1446 better to use a pipe here but as of now we have no suitable
1447 fucntion to create a portable pipe outside of exechelp. Thus it
1448 is easier to use the tempfile approach. */
1450 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1451 backend_seen[backend] = 0;
1453 option = gc_component[component].options;
1454 for (; option && option->name; option++)
1456 if ((option->flags & GC_OPT_FLAG_GROUP))
1458 backend = option->backend;
1459 if (backend_seen[backend])
1461 backend_seen[backend] = 1;
1462 assert (backend != GC_BACKEND_ANY);
1463 if (!gc_backend[backend].program)
1465 if (!gc_backend[backend].module_name)
1470 if (! option || ! option->name)
1473 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1477 argv[i++] = "--options";
1478 argv[i++] = conf_file;
1480 argv[i++] = "--gpgconf-test";
1483 err = gnupg_create_inbound_pipe (filedes);
1485 gc_error (1, 0, _("error creating a pipe: %s\n"),
1486 gpg_strerror (err));
1490 if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
1494 result |= 1; /* Program could not be run. */
1499 errlines = collect_error_output (filedes[0],
1500 gc_component[component].name);
1501 if (gnupg_wait_process (pgmname, pid, &exitcode))
1504 result |= 1; /* Program could not be run or it
1505 terminated abnormally. */
1506 result |= 2; /* Program returned an error. */
1510 /* If the program could not be run, we can't tell whether
1511 the config file is good. */
1518 error_line_t errptr;
1520 desc = gc_component[component].desc;
1521 desc = my_dgettext (gc_component[component].desc_domain, desc);
1522 fprintf (out, "%s:%s:",
1523 gc_component[component].name, gc_percent_escape (desc));
1524 fputs (gc_percent_escape (pgmname), out);
1525 fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1526 for (errptr = errlines; errptr; errptr = errptr->next)
1528 if (errptr != errlines)
1529 fputs ("\n:::::", out); /* Continuation line. */
1531 fputs (gc_percent_escape (errptr->fname), out);
1534 fprintf (out, "%u", errptr->lineno);
1536 fputs (gc_percent_escape (errptr->errtext), out);
1544 error_line_t tmp = errlines->next;
1553 /* Check all components that are available. */
1555 gc_check_programs (FILE *out)
1557 gc_component_t component;
1559 for (component = 0; component < GC_COMPONENT_NR; component++)
1560 gc_component_check_options (component, out, NULL);
1565 /* Find the component with the name NAME. Returns -1 if not
1568 gc_component_find (const char *name)
1572 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1574 if (gc_component[idx].options
1575 && !strcmp (name, gc_component[idx].name))
1582 /* List the option OPTION. */
1584 list_one_option (const gc_option_t *option, FILE *out)
1586 const char *desc = NULL;
1587 char *arg_name = NULL;
1591 desc = my_dgettext (option->desc_domain, option->desc);
1595 const char *arg_tail = strchr (&desc[1], '|');
1599 int arg_len = arg_tail - &desc[1];
1600 arg_name = xmalloc (arg_len + 1);
1601 memcpy (arg_name, &desc[1], arg_len);
1602 arg_name[arg_len] = '\0';
1603 desc = arg_tail + 1;
1609 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1610 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1613 /* The name field. */
1614 fprintf (out, "%s", option->name);
1616 /* The flags field. */
1617 fprintf (out, ":%lu", option->flags);
1623 fprintf (out, "none");
1626 unsigned long flags = option->flags;
1627 unsigned long flag = 0;
1628 unsigned long first = 1;
1638 fprintf (out, "%s", gc_flag[flag].name);
1646 /* The level field. */
1647 fprintf (out, ":%u", option->level);
1649 fprintf (out, " %s", gc_level[option->level].name);
1651 /* The description field. */
1652 fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1654 /* The type field. */
1655 fprintf (out, ":%u", option->arg_type);
1657 fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1659 /* The alternate type field. */
1660 fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1662 fprintf (out, " %s",
1663 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1665 /* The argument name field. */
1666 fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1670 /* The default value field. */
1671 fprintf (out, ":%s", option->default_value ? option->default_value : "");
1673 /* The default argument field. */
1674 fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1676 /* The value field. */
1677 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1678 && (option->flags & GC_OPT_FLAG_LIST)
1680 /* The special format "1,1,1,1,...,1" is converted to a number
1682 fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1684 fprintf (out, ":%s", option->value ? option->value : "");
1686 /* ADD NEW FIELDS HERE. */
1692 /* List all options of the component COMPONENT. */
1694 gc_component_list_options (int component, FILE *out)
1696 const gc_option_t *option = gc_component[component].options;
1698 while (option && option->name)
1700 /* Do not output unknown or internal options. */
1701 if (!(option->flags & GC_OPT_FLAG_GROUP)
1702 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1708 if (option->flags & GC_OPT_FLAG_GROUP)
1710 const gc_option_t *group_option = option + 1;
1711 gc_expert_level_t level = GC_LEVEL_NR;
1713 /* The manual states that the group level is always the
1714 minimum of the levels of all contained options. Due to
1715 different active options, and because it is hard to
1716 maintain manually, we calculate it here. The value in
1717 the global static table is ignored. */
1719 while (group_option->name)
1721 if (group_option->flags & GC_OPT_FLAG_GROUP)
1723 if (group_option->level < level)
1724 level = group_option->level;
1728 /* Check if group is empty. */
1729 if (level != GC_LEVEL_NR)
1731 gc_option_t opt_copy;
1733 /* Fix up the group level. */
1734 memcpy (&opt_copy, option, sizeof (opt_copy));
1735 opt_copy.level = level;
1736 list_one_option (&opt_copy, out);
1740 list_one_option (option, out);
1747 /* Find the option NAME in component COMPONENT, for the backend
1748 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
1749 static gc_option_t *
1750 find_option (gc_component_t component, const char *name,
1751 gc_backend_t backend)
1753 gc_option_t *option = gc_component[component].options;
1754 while (option->name)
1756 if (!(option->flags & GC_OPT_FLAG_GROUP)
1757 && !strcmp (option->name, name)
1758 && (backend == GC_BACKEND_ANY || option->backend == backend))
1762 return option->name ? option : NULL;
1766 /* Determine the configuration filename for the component COMPONENT
1767 and backend BACKEND. */
1769 get_config_filename (gc_component_t component, gc_backend_t backend)
1771 char *filename = NULL;
1772 gc_option_t *option = find_option
1773 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
1775 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
1776 assert (!(option->flags & GC_OPT_FLAG_LIST));
1778 if (!option->active || !option->default_value)
1779 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
1780 gc_backend[backend].option_config_filename,
1781 gc_backend[backend].name);
1783 if (option->value && *option->value)
1784 filename = percent_deescape (&option->value[1]);
1785 else if (option->default_value && *option->default_value)
1786 filename = percent_deescape (&option->default_value[1]);
1790 #ifdef HAVE_DOSISH_SYSTEM
1792 && filename[1] == ':'
1793 && (filename[2] == '/' || filename[2] == '\\')))
1795 if (filename[0] != '/')
1797 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
1798 gc_backend[backend].option_config_filename,
1799 gc_backend[backend].name);
1805 /* Retrieve the options for the component COMPONENT from backend
1806 BACKEND, which we already know is a program-type backend. */
1808 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
1812 const char *pgmname;
1813 const char *argv[2];
1817 size_t line_len = 0;
1820 char *config_filename;
1822 err = gnupg_create_inbound_pipe (filedes);
1824 gc_error (1, 0, _("error creating a pipe: %s\n"), gpg_strerror (err));
1826 pgmname = (gc_backend[backend].module_name
1827 ? gnupg_module_name (gc_backend[backend].module_name)
1828 : gc_backend[backend].program );
1829 argv[0] = "--gpgconf-list";
1832 err = gnupg_spawn_process_fd (pgmname, argv, -1, filedes[1], -1, &pid);
1837 gc_error (1, 0, "could not gather active options from `%s': %s",
1838 pgmname, gpg_strerror (err));
1841 config = fdopen (filedes[0], "r");
1843 gc_error (1, errno, "can't fdopen pipe for reading");
1845 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
1847 gc_option_t *option;
1849 unsigned long flags = 0;
1850 char *default_value = NULL;
1852 /* Strip newline and carriage return, if present. */
1854 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
1855 line[--length] = '\0';
1857 linep = strchr (line, ':');
1861 /* Extract additional flags. Default to none. */
1867 end = strchr (linep, ':');
1872 flags = strtoul (linep, &tail, 0);
1874 gc_error (1, errno, "malformed flags in option %s from %s",
1876 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
1877 gc_error (1, 0, "garbage after flags in option %s from %s",
1883 /* Extract default value, if present. Default to empty if
1889 end = strchr (linep, ':');
1893 if (flags & GC_OPT_FLAG_DEFAULT)
1894 default_value = linep;
1899 /* Look up the option in the component and install the
1900 configuration data. */
1901 option = find_option (component, line, backend);
1905 gc_error (1, errno, "option %s returned twice from %s",
1909 option->flags |= flags;
1910 if (default_value && *default_value)
1911 option->default_value = xstrdup (default_value);
1914 if (length < 0 || ferror (config))
1915 gc_error (1, errno, "error reading from %s",pgmname);
1916 if (fclose (config))
1917 gc_error (1, errno, "error closing %s", pgmname);
1919 err = gnupg_wait_process (pgmname, pid, &exitcode);
1921 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
1922 pgmname, exitcode, gpg_strerror (err));
1925 /* At this point, we can parse the configuration file. */
1926 config_filename = get_config_filename (component, backend);
1928 config = fopen (config_filename, "r");
1930 gc_error (0, errno, "warning: can not open config file %s",
1934 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
1938 gc_option_t *option;
1941 while (*name == ' ' || *name == '\t')
1943 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
1947 while (*value && *value != ' ' && *value != '\t'
1948 && *value != '#' && *value != '\r' && *value != '\n')
1950 if (*value == ' ' || *value == '\t')
1955 while (*value == ' ' || *value == '\t')
1959 while (*end && *end != '#' && *end != '\r' && *end != '\n')
1961 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
1968 /* Look up the option in the component and install the
1969 configuration data. */
1970 option = find_option (component, line, backend);
1975 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
1979 "warning: ignoring argument %s for option %s",
1981 opt_value = xstrdup ("1");
1983 else if (gc_arg_type[option->arg_type].fallback
1984 == GC_ARG_TYPE_STRING)
1985 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
1988 /* FIXME: Verify that the number is sane. */
1989 opt_value = xstrdup (value);
1992 /* Now enter the option into the table. */
1993 if (!(option->flags & GC_OPT_FLAG_LIST))
1996 free (option->value);
1997 option->value = opt_value;
2002 option->value = opt_value;
2005 char *opt_val = opt_value;
2007 option->value = xasprintf ("%s,%s", option->value,
2015 if (length < 0 || ferror (config))
2016 gc_error (1, errno, "error reading from %s", config_filename);
2017 if (fclose (config))
2018 gc_error (1, errno, "error closing %s", config_filename);
2025 /* Retrieve the options for the component COMPONENT from backend
2026 BACKEND, which we already know is of type file list. */
2028 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2030 gc_option_t *list_option;
2031 gc_option_t *config_option;
2032 char *list_filename;
2035 size_t line_len = 0;
2039 list_option = find_option (component,
2040 gc_backend[backend].option_name, GC_BACKEND_ANY);
2041 assert (list_option);
2042 assert (!list_option->active);
2044 list_filename = get_config_filename (component, backend);
2045 list_file = fopen (list_filename, "r");
2047 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2051 while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
2058 while (*start == ' ' || *start == '\t')
2060 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2064 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2066 /* Walk back to skip trailing white spaces. Looks evil, but
2067 works because of the conditions on START and END imposed
2068 at this point (END is at least START + 1, and START is
2069 not a whitespace character). */
2070 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2073 /* FIXME: Oh, no! This is so lame! Should use realloc and
2077 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2082 list = xasprintf ("\"%s", gc_percent_escape (start));
2084 if (length < 0 || ferror (list_file))
2085 gc_error (1, errno, "can not read list file %s", list_filename);
2088 list_option->active = 1;
2089 list_option->value = list;
2091 /* Fix up the read-only flag. */
2092 config_option = find_option
2093 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2094 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2095 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2097 if (list_file && fclose (list_file))
2098 gc_error (1, errno, "error closing %s", list_filename);
2103 /* Retrieve the currently active options and their defaults from all
2104 involved backends for this component. Using -1 for component will
2105 retrieve all options from all components. */
2107 gc_component_retrieve_options (int component)
2109 int process_all = 0;
2110 int backend_seen[GC_BACKEND_NR];
2111 gc_backend_t backend;
2112 gc_option_t *option;
2114 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2115 backend_seen[backend] = 0;
2117 if (component == -1)
2121 assert (component < GC_COMPONENT_NR);
2126 option = gc_component[component].options;
2128 while (option && option->name)
2130 if (!(option->flags & GC_OPT_FLAG_GROUP))
2132 backend = option->backend;
2134 if (backend_seen[backend])
2139 backend_seen[backend] = 1;
2141 assert (backend != GC_BACKEND_ANY);
2143 if (gc_backend[backend].program)
2144 retrieve_options_from_program (component, backend);
2146 retrieve_options_from_file (component, backend);
2151 while (process_all && ++component < GC_COMPONENT_NR);
2157 /* Perform a simple validity check based on the type. Return in
2158 NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2159 type GC_ARG_TYPE_NONE. */
2161 option_check_validity (gc_option_t *option, unsigned long flags,
2162 char *new_value, unsigned long *new_value_nr)
2166 if (!option->active)
2167 gc_error (1, 0, "option %s not supported by backend %s",
2168 option->name, gc_backend[option->backend].name);
2170 if (option->new_flags || option->new_value)
2171 gc_error (1, 0, "option %s already changed", option->name);
2173 if (flags & GC_OPT_FLAG_DEFAULT)
2176 gc_error (1, 0, "argument %s provided for deleted option %s",
2177 new_value, option->name);
2182 /* GC_ARG_TYPE_NONE options have special list treatment. */
2183 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2188 *new_value_nr = strtoul (new_value, &tail, 0);
2191 gc_error (1, errno, "invalid argument for option %s",
2194 gc_error (1, 0, "garbage after argument for option %s",
2197 if (!(option->flags & GC_OPT_FLAG_LIST))
2199 if (*new_value_nr != 1)
2200 gc_error (1, 0, "argument for non-list option %s of type 0 "
2201 "(none) must be 1", option->name);
2205 if (*new_value_nr == 0)
2206 gc_error (1, 0, "argument for option %s of type 0 (none) "
2207 "must be positive", option->name);
2216 if (*arg == '\0' || *arg == ',')
2218 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2219 gc_error (1, 0, "argument required for option %s", option->name);
2221 if (*arg == ',' && !(option->flags & GC_OPT_FLAG_LIST))
2222 gc_error (1, 0, "list found for non-list option %s", option->name);
2224 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2227 gc_error (1, 0, "string argument for option %s must begin "
2228 "with a quote (\") character", option->name);
2230 /* FIXME: We do not allow empty string arguments for now, as
2231 we do not quote arguments in configuration files, and
2232 thus no argument is indistinguishable from the empty
2234 if (arg[1] == '\0' || arg[1] == ',')
2235 gc_error (1, 0, "empty string argument for option %s is "
2236 "currently not allowed. Please report this!",
2239 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2242 (void) strtol (arg, &arg, 0);
2245 gc_error (1, errno, "invalid argument for option %s",
2248 if (*arg != '\0' && *arg != ',')
2249 gc_error (1, 0, "garbage after argument for option %s",
2252 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2255 (void) strtoul (arg, &arg, 0);
2258 gc_error (1, errno, "invalid argument for option %s",
2261 if (*arg != '\0' && *arg != ',')
2262 gc_error (1, 0, "garbage after argument for option %s",
2265 arg = strchr (arg, ',');
2269 while (arg && *arg);
2272 #ifdef HAVE_W32_SYSTEM
2274 copy_file (const char *src_name, const char *dst_name)
2276 #define BUF_LEN 4096
2277 char buffer[BUF_LEN];
2282 src = fopen (src_name, "r");
2286 dst = fopen (dst_name, "w");
2289 int saved_err = errno;
2299 len = fread (buffer, 1, BUF_LEN, src);
2302 written = fwrite (buffer, 1, len, dst);
2306 while (!feof (src) && !ferror (src) && !ferror (dst));
2308 if (ferror (src) || ferror (dst) || !feof (src))
2310 int saved_errno = errno;
2314 errno = saved_errno;
2319 gc_error (1, errno, "error closing %s", dst_name);
2321 gc_error (1, errno, "error closing %s", src_name);
2325 #endif /* HAVE_W32_SYSTEM */
2328 /* Create and verify the new configuration file for the specified
2329 backend and component. Returns 0 on success and -1 on error. */
2331 change_options_file (gc_component_t component, gc_backend_t backend,
2332 char **src_filenamep, char **dest_filenamep,
2333 char **orig_filenamep)
2335 static const char marker[] = "###+++--- GPGConf ---+++###";
2336 /* True if we are within the marker in the config file. */
2338 gc_option_t *option;
2344 FILE *src_file = NULL;
2345 FILE *dest_file = NULL;
2347 char *dest_filename;
2348 char *orig_filename;
2350 char *cur_arg = NULL;
2352 option = find_option (component,
2353 gc_backend[backend].option_name, GC_BACKEND_ANY);
2355 assert (option->active);
2356 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2358 /* FIXME. Throughout the function, do better error reporting. */
2359 /* Note that get_config_filename() calls percent_deescape(), so we
2360 call this before processing the arguments. */
2361 dest_filename = xstrdup (get_config_filename (component, backend));
2362 src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
2363 orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
2365 arg = option->new_value;
2366 if (arg && arg[0] == '\0')
2373 end = strchr (arg, ',');
2377 cur_arg = percent_deescape (arg);
2387 #ifdef HAVE_W32_SYSTEM
2388 res = copy_file (dest_filename, orig_filename);
2390 res = link (dest_filename, orig_filename);
2392 if (res < 0 && errno != ENOENT)
2394 xfree (dest_filename);
2399 xfree (orig_filename);
2400 orig_filename = NULL;
2403 /* We now initialize the return strings, so the caller can do the
2405 *src_filenamep = src_filename;
2406 *dest_filenamep = dest_filename;
2407 *orig_filenamep = orig_filename;
2409 /* Use open() so that we can use O_EXCL. */
2410 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2413 src_file = fdopen (fd, "w");
2421 /* Only if ORIG_FILENAME is not NULL did the configuration file
2422 exist already. In this case, we will copy its content into the
2423 new configuration file, changing it to our liking in the
2427 dest_file = fopen (dest_filename, "r");
2429 goto change_file_one_err;
2431 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2436 if (!strncmp (marker, line, sizeof (marker) - 1))
2445 while (*start == ' ' || *start == '\t')
2447 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2456 /* Search for the end of the line. */
2457 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2460 if (*endp && *endp != ' ' && *endp != '\t'
2461 && *endp != '\r' && *endp != '\n' && *endp != '#')
2467 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2468 || !cur_arg || strcmp (start, cur_arg))
2472 /* Find next argument. */
2478 arg_end = strchr (arg, ',');
2482 cur_arg = percent_deescape (arg);
2503 "# GPGConf disabled this option here at %s\n",
2504 asctimestamp (gnupg_get_time ()));
2505 if (ferror (src_file))
2506 goto change_file_one_err;
2507 fprintf (src_file, "# %s", line);
2508 if (ferror (src_file))
2509 goto change_file_one_err;
2514 fprintf (src_file, "%s", line);
2515 if (ferror (src_file))
2516 goto change_file_one_err;
2519 if (length < 0 || ferror (dest_file))
2520 goto change_file_one_err;
2525 /* There was no marker. This is the first time we edit the
2526 file. We add our own marker at the end of the file and
2527 proceed. Note that we first write a newline, this guards us
2528 against files which lack the newline at the end of the last
2529 line, while it doesn't hurt us in all other cases. */
2530 fprintf (src_file, "\n%s\n", marker);
2531 if (ferror (src_file))
2532 goto change_file_one_err;
2535 /* At this point, we have copied everything up to the end marker
2536 into the new file, except for the arguments we are going to add.
2537 Now, dump the new arguments and write the end marker, possibly
2538 followed by the rest of the original file. */
2541 fprintf (src_file, "%s\n", cur_arg);
2543 /* Find next argument. */
2549 end = strchr (arg, ',');
2553 cur_arg = percent_deescape (arg);
2566 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2567 if (ferror (src_file))
2568 goto change_file_one_err;
2572 fprintf (src_file, "# GPGConf edited this configuration file.\n");
2573 if (ferror (src_file))
2574 goto change_file_one_err;
2575 fprintf (src_file, "# It will disable options before this marked "
2576 "block, but it will\n");
2577 if (ferror (src_file))
2578 goto change_file_one_err;
2579 fprintf (src_file, "# never change anything below these lines.\n");
2580 if (ferror (src_file))
2581 goto change_file_one_err;
2585 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2587 fprintf (src_file, "%s", line);
2588 if (ferror (src_file))
2589 goto change_file_one_err;
2591 if (length < 0 || ferror (dest_file))
2592 goto change_file_one_err;
2597 res = fclose (src_file);
2610 res = fclose (dest_file);
2616 change_file_one_err:
2631 /* Create and verify the new configuration file for the specified
2632 backend and component. Returns 0 on success and -1 on error. */
2634 change_options_program (gc_component_t component, gc_backend_t backend,
2635 char **src_filenamep, char **dest_filenamep,
2636 char **orig_filenamep)
2638 static const char marker[] = "###+++--- GPGConf ---+++###";
2639 /* True if we are within the marker in the config file. */
2641 gc_option_t *option;
2647 FILE *src_file = NULL;
2648 FILE *dest_file = NULL;
2650 char *dest_filename;
2651 char *orig_filename;
2652 /* Special hack for gpg, see below. */
2653 int utf8strings_seen = 0;
2655 /* FIXME. Throughout the function, do better error reporting. */
2656 dest_filename = xstrdup (get_config_filename (component, backend));
2657 src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
2658 orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
2660 #ifdef HAVE_W32_SYSTEM
2661 res = copy_file (dest_filename, orig_filename);
2663 res = link (dest_filename, orig_filename);
2665 if (res < 0 && errno != ENOENT)
2669 xfree (orig_filename);
2670 orig_filename = NULL;
2673 /* We now initialize the return strings, so the caller can do the
2675 *src_filenamep = src_filename;
2676 *dest_filenamep = dest_filename;
2677 *orig_filenamep = orig_filename;
2679 /* Use open() so that we can use O_EXCL. */
2680 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2683 src_file = fdopen (fd, "w");
2691 /* Only if ORIG_FILENAME is not NULL did the configuration file
2692 exist already. In this case, we will copy its content into the
2693 new configuration file, changing it to our liking in the
2697 dest_file = fopen (dest_filename, "r");
2699 goto change_one_err;
2701 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2706 if (!strncmp (marker, line, sizeof (marker) - 1))
2713 else if (backend == GC_BACKEND_GPG && in_marker
2714 && ! strcmp ("utf8-strings\n", line))
2716 /* Strip duplicated entries. */
2717 if (utf8strings_seen)
2720 utf8strings_seen = 1;
2724 while (*start == ' ' || *start == '\t')
2726 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2732 while (*end && *end != ' ' && *end != '\t'
2733 && *end != '\r' && *end != '\n' && *end != '#')
2738 option = find_option (component, start, backend);
2740 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2741 || option->new_value))
2749 "# GPGConf disabled this option here at %s\n",
2750 asctimestamp (gnupg_get_time ()));
2751 if (ferror (src_file))
2752 goto change_one_err;
2753 fprintf (src_file, "# %s", line);
2754 if (ferror (src_file))
2755 goto change_one_err;
2760 fprintf (src_file, "%s", line);
2761 if (ferror (src_file))
2762 goto change_one_err;
2765 if (length < 0 || ferror (dest_file))
2766 goto change_one_err;
2771 /* There was no marker. This is the first time we edit the
2772 file. We add our own marker at the end of the file and
2773 proceed. Note that we first write a newline, this guards us
2774 against files which lack the newline at the end of the last
2775 line, while it doesn't hurt us in all other cases. */
2776 fprintf (src_file, "\n%s\n", marker);
2777 if (ferror (src_file))
2778 goto change_one_err;
2780 /* At this point, we have copied everything up to the end marker
2781 into the new file, except for the options we are going to change.
2782 Now, dump the changed options (except for those we are going to
2783 revert to their default), and write the end marker, possibly
2784 followed by the rest of the original file. */
2786 /* We have to turn on UTF8 strings for GnuPG. */
2787 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
2788 fprintf (src_file, "utf8-strings\n");
2790 option = gc_component[component].options;
2791 while (option->name)
2793 if (!(option->flags & GC_OPT_FLAG_GROUP)
2794 && option->backend == backend
2795 && option->new_value)
2797 char *arg = option->new_value;
2801 if (*arg == '\0' || *arg == ',')
2803 fprintf (src_file, "%s\n", option->name);
2804 if (ferror (src_file))
2805 goto change_one_err;
2807 else if (gc_arg_type[option->arg_type].fallback
2808 == GC_ARG_TYPE_NONE)
2810 assert (*arg == '1');
2811 fprintf (src_file, "%s\n", option->name);
2812 if (ferror (src_file))
2813 goto change_one_err;
2817 else if (gc_arg_type[option->arg_type].fallback
2818 == GC_ARG_TYPE_STRING)
2822 assert (*arg == '"');
2825 end = strchr (arg, ',');
2829 fprintf (src_file, "%s %s\n", option->name,
2830 percent_deescape (arg));
2831 if (ferror (src_file))
2832 goto change_one_err;
2842 end = strchr (arg, ',');
2846 fprintf (src_file, "%s %s\n", option->name, arg);
2847 if (ferror (src_file))
2848 goto change_one_err;
2855 assert (arg == NULL || *arg == '\0' || *arg == ',');
2856 if (arg && *arg == ',')
2859 while (arg && *arg);
2864 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2865 if (ferror (src_file))
2866 goto change_one_err;
2870 fprintf (src_file, "# GPGConf edited this configuration file.\n");
2871 if (ferror (src_file))
2872 goto change_one_err;
2873 fprintf (src_file, "# It will disable options before this marked "
2874 "block, but it will\n");
2875 if (ferror (src_file))
2876 goto change_one_err;
2877 fprintf (src_file, "# never change anything below these lines.\n");
2878 if (ferror (src_file))
2879 goto change_one_err;
2883 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2885 fprintf (src_file, "%s", line);
2886 if (ferror (src_file))
2887 goto change_one_err;
2889 if (length < 0 || ferror (dest_file))
2890 goto change_one_err;
2895 res = fclose (src_file);
2908 res = fclose (dest_file);
2929 /* Common code for gc_component_change_options and
2930 gc_process_gpgconf_conf. */
2932 change_one_value (gc_option_t *option, int *runtime,
2933 unsigned long flags, char *new_value)
2935 unsigned long new_value_nr = 0;
2937 option_check_validity (option, flags, new_value, &new_value_nr);
2939 if (option->flags & GC_OPT_FLAG_RUNTIME)
2940 runtime[option->backend] = 1;
2942 option->new_flags = flags;
2943 if (!(flags & GC_OPT_FLAG_DEFAULT))
2945 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
2946 && (option->flags & GC_OPT_FLAG_LIST))
2950 /* We convert the number to a list of 1's for convenient
2952 assert (new_value_nr > 0);
2953 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
2954 str = option->new_value;
2956 while (--new_value_nr > 0)
2964 option->new_value = xstrdup (new_value);
2969 /* Read the modifications from IN and apply them. If IN is NULL the
2970 modifications are expected to already have been set to the global
2973 gc_component_change_options (int component, FILE *in, FILE *out)
2976 int runtime[GC_BACKEND_NR];
2977 char *src_filename[GC_BACKEND_NR];
2978 char *dest_filename[GC_BACKEND_NR];
2979 char *orig_filename[GC_BACKEND_NR];
2980 gc_backend_t backend;
2981 gc_option_t *option;
2983 size_t line_len = 0;
2986 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2988 runtime[backend] = 0;
2989 src_filename[backend] = NULL;
2990 dest_filename[backend] = NULL;
2991 orig_filename[backend] = NULL;
2996 /* Read options from the file IN. */
2997 while ((length = read_line (in, &line, &line_len, NULL)) > 0)
3000 unsigned long flags = 0;
3001 char *new_value = "";
3003 /* Strip newline and carriage return, if present. */
3005 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3006 line[--length] = '\0';
3008 linep = strchr (line, ':');
3012 /* Extract additional flags. Default to none. */
3018 end = strchr (linep, ':');
3023 flags = strtoul (linep, &tail, 0);
3025 gc_error (1, errno, "malformed flags in option %s", line);
3026 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3027 gc_error (1, 0, "garbage after flags in option %s", line);
3032 /* Don't allow setting of the no change flag. */
3033 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3035 /* Extract default value, if present. Default to empty if not. */
3039 end = strchr (linep, ':');
3046 option = find_option (component, line, GC_BACKEND_ANY);
3048 gc_error (1, 0, "unknown option %s", line);
3050 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3052 gc_error (0, 0, "ignoring new value for option %s",
3057 change_one_value (option, runtime, flags, new_value);
3061 /* Now that we have collected and locally verified the changes,
3062 write them out to new configuration files, verify them
3063 externally, and then commit them. */
3064 option = gc_component[component].options;
3065 while (option && option->name)
3067 /* Go on if we have already seen this backend, or if there is
3069 if (src_filename[option->backend]
3070 || !(option->new_flags || option->new_value))
3076 if (gc_backend[option->backend].program)
3078 err = change_options_program (component, option->backend,
3079 &src_filename[option->backend],
3080 &dest_filename[option->backend],
3081 &orig_filename[option->backend]);
3084 /* External verification. */
3085 err = gc_component_check_options (component, out,
3086 src_filename[option->backend]);
3090 _("External verification of component %s failed"),
3091 gc_component[component].name);
3098 err = change_options_file (component, option->backend,
3099 &src_filename[option->backend],
3100 &dest_filename[option->backend],
3101 &orig_filename[option->backend]);
3109 if (! err && ! opt.dry_run)
3113 for (i = 0; i < GC_BACKEND_NR; i++)
3115 if (src_filename[i])
3117 /* FIXME: Make a verification here. */
3119 assert (dest_filename[i]);
3121 if (orig_filename[i])
3123 #ifdef HAVE_W32_SYSTEM
3124 /* There is no atomic update on W32. */
3125 err = unlink (dest_filename[i]);
3126 #endif /* HAVE_W32_SYSTEM */
3128 err = rename (src_filename[i], dest_filename[i]);
3132 #ifdef HAVE_W32_SYSTEM
3133 /* We skip the unlink if we expect the file not to
3135 err = rename (src_filename[i], dest_filename[i]);
3136 #else /* HAVE_W32_SYSTEM */
3137 /* This is a bit safer than rename() because we
3138 expect DEST_FILENAME not to be there. If it
3139 happens to be there, this will fail. */
3140 err = link (src_filename[i], dest_filename[i]);
3142 err = unlink (src_filename[i]);
3143 #endif /* !HAVE_W32_SYSTEM */
3147 src_filename[i] = NULL;
3152 if (err || opt.dry_run)
3155 int saved_errno = errno;
3157 /* An error occured or a dry-run is requested. */
3158 for (i = 0; i < GC_BACKEND_NR; i++)
3160 if (src_filename[i])
3162 /* The change was not yet committed. */
3163 unlink (src_filename[i]);
3164 if (orig_filename[i])
3165 unlink (orig_filename[i]);
3169 /* The changes were already committed. FIXME: This is a
3170 tad dangerous, as we don't know if we don't overwrite
3171 a version of the file that is even newer than the one
3172 we just installed. */
3173 if (orig_filename[i])
3175 #ifdef HAVE_W32_SYSTEM
3176 /* There is no atomic update on W32. */
3177 unlink (dest_filename[i]);
3178 #endif /* HAVE_W32_SYSTEM */
3179 rename (orig_filename[i], dest_filename[i]);
3182 unlink (dest_filename[i]);
3186 gc_error (1, saved_errno, "could not commit changes");
3188 /* Fall-through for dry run. */
3192 /* If it all worked, notify the daemons of the changes. */
3194 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3196 if (runtime[backend] && gc_backend[backend].runtime_change)
3197 (*gc_backend[backend].runtime_change) ();
3200 /* Move the per-process backup file into its place. */
3201 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3202 if (orig_filename[backend])
3204 char *backup_filename;
3206 assert (dest_filename[backend]);
3208 backup_filename = xasprintf ("%s.gpgconf.bak", dest_filename[backend]);
3210 #ifdef HAVE_W32_SYSTEM
3211 /* There is no atomic update on W32. */
3212 unlink (backup_filename);
3213 #endif /* HAVE_W32_SYSTEM */
3214 rename (orig_filename[backend], backup_filename);
3222 /* Check whether USER matches the current user of one of its group.
3223 This function may change USER. Returns true is there is a
3226 key_matches_user_or_group (char *user)
3230 if (*user == '*' && user[1] == 0)
3231 return 1; /* A single asterisk matches all users. */
3233 group = strchr (user, ':');
3237 #ifdef HAVE_W32_SYSTEM
3238 /* Under Windows we don't support groups. */
3239 if (group && *group)
3240 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3243 static char *my_name;
3250 GetUserNameA (tmp, &size);
3251 my_name = xmalloc (size);
3252 if (!GetUserNameA (my_name, &size))
3253 gc_error (1,0, "error getting current user name: %s",
3257 if (!strcmp (user, my_name))
3258 return 1; /* Found. */
3260 #else /*!HAVE_W32_SYSTEM*/
3261 /* First check whether the user matches. */
3264 static char *my_name;
3268 struct passwd *pw = getpwuid ( getuid () );
3270 gc_error (1, errno, "getpwuid failed for current user");
3271 my_name = xstrdup (pw->pw_name);
3273 if (!strcmp (user, my_name))
3274 return 1; /* Found. */
3277 /* If that failed, check whether a group matches. */
3278 if (group && *group)
3280 static char *my_group;
3281 static char **my_supgroups;
3286 struct group *gr = getgrgid ( getgid () );
3288 gc_error (1, errno, "getgrgid failed for current user");
3289 my_group = xstrdup (gr->gr_name);
3291 if (!strcmp (group, my_group))
3292 return 1; /* Found. */
3299 ngids = getgroups (0, NULL);
3300 gids = xcalloc (ngids+1, sizeof *gids);
3301 ngids = getgroups (ngids, gids);
3303 gc_error (1, errno, "getgroups failed for current user");
3304 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3305 for (n=0; n < ngids; n++)
3307 struct group *gr = getgrgid ( gids[n] );
3309 gc_error (1, errno, "getgrgid failed for supplementary group");
3310 my_supgroups[n] = xstrdup (gr->gr_name);
3315 for (n=0; my_supgroups[n]; n++)
3316 if (!strcmp (group, my_supgroups[n]))
3317 return 1; /* Found. */
3319 #endif /*!HAVE_W32_SYSTEM*/
3320 return 0; /* No match. */
3325 /* Read and process the global configuration file for gpgconf. This
3326 optional file is used to update our internal tables at runtime and
3327 may also be used to set new default values. If FNAME is NULL the
3328 default name will be used. With UPDATE set to true the internal
3329 tables are actually updated; if not set, only a syntax check is
3330 done. If DEFAULTS is true the global options are written to the
3331 configuration files. If LISTFP is set, no changes are done but the
3332 configuration file is printed to LISTFP in a colon separated format.
3334 Returns 0 on success or if the config file is not present; -1 is
3335 returned on error. */
3337 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3342 size_t line_len = 0;
3348 int runtime[GC_BACKEND_NR];
3349 int backend_id, component_id;
3353 fname = xstrdup (fname_arg);
3355 fname = make_filename (gnupg_sysconfdir (), "gpgconf.conf", NULL);
3357 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3358 runtime[backend_id] = 0;
3360 config = fopen (fname, "r");
3363 /* Do not print an error if the file is not available, except
3364 when running in syntax check mode. */
3365 if (errno != ENOENT || !update)
3367 gc_error (0, errno, "can not open global config file `%s'", fname);
3374 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
3376 char *key, *component, *option, *flags, *value;
3378 gc_option_t *option_info = NULL;
3380 int is_continuation;
3384 while (*key == ' ' || *key == '\t')
3386 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3389 is_continuation = (key != line);
3391 /* Parse the key field. */
3392 if (!is_continuation && got_match)
3393 break; /* Finish after the first match. */
3394 else if (!is_continuation)
3397 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3401 gc_error (0, 0, "missing rule at `%s', line %d", fname, lineno);
3410 gc_error (0, 0, "continuation but no rule at `%s', line %d",
3423 /* Parse the component. */
3424 while (*component == ' ' || *component == '\t')
3426 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3430 gc_error (0, 0, "missing component at `%s', line %d",
3438 component_id = gc_component_find (component);
3439 if (component_id < 0)
3441 gc_error (0, 0, "unknown component at `%s', line %d",
3446 /* Parse the option name. */
3447 while (*option == ' ' || *option == '\t')
3449 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3453 gc_error (0, 0, "missing option at `%s', line %d",
3460 if ( component_id != -1)
3462 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3465 gc_error (0, 0, "unknown option at `%s', line %d",
3472 /* Parse the optional flags. */
3473 while (*flags == ' ' || *flags == '\t')
3478 p = strchr (flags, ']');
3481 gc_error (0, 0, "syntax error in rule at `%s', line %d",
3489 else /* No flags given. */
3495 /* Parse the optional value. */
3496 while (*value == ' ' || *value == '\t')
3498 for (p=value; *p && !strchr ("\r\n", *p); p++)
3501 value = empty; /* No value given; let it point to an empty string. */
3504 /* Strip trailing white space. */
3506 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3510 /* Check flag combinations. */
3513 else if (!strcmp (flags, "default"))
3517 gc_error (0, 0, "flag \"default\" may not be combined "
3518 "with a value at `%s', line %d",
3523 else if (!strcmp (flags, "change"))
3525 else if (!strcmp (flags, "no-change"))
3529 gc_error (0, 0, "unknown flag at `%s', line %d",
3534 /* In list mode we print out all records. */
3535 if (listfp && !result)
3537 /* If this is a new ruleset, print a key record. */
3538 if (!is_continuation)
3540 char *group = strchr (key, ':');
3544 if ((p = strchr (group, ':')))
3545 *p = 0; /* We better strip any extra stuff. */
3548 fprintf (listfp, "k:%s:", gc_percent_escape (key));
3549 fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3552 /* All other lines are rule records. */
3553 fprintf (listfp, "r:::%s:%s:%s:",
3554 gc_component[component_id].name,
3555 option_info->name? option_info->name : "",
3558 fprintf (listfp, "\"%s", gc_percent_escape (value));
3560 putc ('\n', listfp);
3563 /* Check whether the key matches but do this only if we are not
3564 running in syntax check mode. */
3566 && !result && !listfp
3567 && (got_match || (key && key_matches_user_or_group (key))) )
3573 /* Apply the flags from gpgconf.conf. */
3576 else if (!strcmp (flags, "default"))
3577 newflags |= GC_OPT_FLAG_DEFAULT;
3578 else if (!strcmp (flags, "no-change"))
3579 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3580 else if (!strcmp (flags, "change"))
3581 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3585 assert (component_id >= 0 && component_id < GC_COMPONENT_NR);
3587 /* Here we explicitly allow to update the value again. */
3590 option_info->new_flags = 0;
3594 xfree (option_info->new_value);
3595 option_info->new_value = NULL;
3597 change_one_value (option_info, runtime, newflags, value);
3602 if (length < 0 || ferror (config))
3604 gc_error (0, errno, "error reading from `%s'", fname);
3607 if (fclose (config) && ferror (config))
3608 gc_error (0, errno, "error closing `%s'", fname);
3612 /* If it all worked, process the options. */
3613 if (!result && update && defaults && !listfp)
3615 /* We need to switch off the runtime update, so that we can do
3616 it later all at once. */
3617 int save_opt_runtime = opt.runtime;
3620 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3622 gc_component_change_options (component_id, NULL, NULL);
3624 opt.runtime = save_opt_runtime;
3628 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3629 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3630 (*gc_backend[backend_id].runtime_change) ();