1 /* gpg-agent.c - The GnuPG Agent
2 * Copyright (C) 2000-2007, 2009-2010 Free Software Foundation, Inc.
3 * Copyright (C) 2000-2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
33 #ifdef HAVE_W32_SYSTEM
35 # define WINVER 0x0500 /* Same as in common/sysutils.c */
37 # ifdef HAVE_WINSOCK2_H
38 # include <winsock2.h>
42 #else /*!HAVE_W32_SYSTEM*/
43 # include <sys/socket.h>
45 #endif /*!HAVE_W32_SYSTEM*/
52 # include <sys/prctl.h>
55 #define GNUPG_COMMON_NEED_AFLOCAL
57 #include <assuan.h> /* Malloc hooks and socket wrappers. */
61 #include "gc-opt-flags.h"
64 #include "../common/init.h"
67 enum cmd_and_opt_values
98 oPinentryInvisibleChar,
111 oEnforcePassphraseConstraints,
113 oMinPassphraseNonalpha,
114 oCheckPassphrasePattern,
116 oEnablePassphraseHistory,
118 oNoUseStandardSocket,
123 oIgnoreCacheForSigning,
126 oAllowPresetPassphrase,
127 oAllowLoopbackPinentry,
128 oNoAllowLoopbackPinentry,
129 oNoAllowExternalCache,
136 oDisableCheckOwnSocket,
142 # define ENAMETOOLONG EINVAL
146 static ARGPARSE_OPTS opts[] = {
148 ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
149 ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
150 ARGPARSE_c (aUseStandardSocketP, "use-standard-socket-p", "@"),
152 ARGPARSE_group (301, N_("@Options:\n ")),
154 ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
155 ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")),
156 #ifndef HAVE_W32_SYSTEM
157 ARGPARSE_s_n (oSupervised, "supervised", N_("run in supervised mode")),
159 ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
160 ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
161 ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
162 ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
163 ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
165 ARGPARSE_s_s (oDebug, "debug", "@"),
166 ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
167 ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
168 ARGPARSE_s_i (oDebugWait," debug-wait", "@"),
169 ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"),
170 ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
172 ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
173 ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")),
174 ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")),
175 ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
176 /* */ N_("|PGM|use PGM as the PIN-Entry program")),
177 ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"),
178 ARGPARSE_s_s (oPinentryInvisibleChar, "pinentry-invisible-char", "@"),
179 ARGPARSE_s_u (oPinentryTimeout, "pinentry-timeout", "@"),
180 ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program",
181 /* */ N_("|PGM|use PGM as the SCdaemon program") ),
182 ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon",
183 /* */ N_("do not use the SCdaemon") ),
184 ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
186 ARGPARSE_s_s (oExtraSocket, "extra-socket",
187 /* */ N_("|NAME|accept some commands via NAME")),
189 ARGPARSE_s_s (oBrowserSocket, "browser-socket", "@"),
191 ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
193 ARGPARSE_s_n (oBatch, "batch", "@"),
194 ARGPARSE_s_s (oHomedir, "homedir", "@"),
196 ARGPARSE_s_s (oDisplay, "display", "@"),
197 ARGPARSE_s_s (oTTYname, "ttyname", "@"),
198 ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
199 ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
200 ARGPARSE_s_s (oLCmessages, "lc-messages", "@"),
201 ARGPARSE_s_s (oXauthority, "xauthority", "@"),
202 ARGPARSE_s_n (oKeepTTY, "keep-tty",
203 /* */ N_("ignore requests to change the TTY")),
204 ARGPARSE_s_n (oKeepDISPLAY, "keep-display",
205 /* */ N_("ignore requests to change the X display")),
207 ARGPARSE_s_u (oDefCacheTTL, "default-cache-ttl",
208 N_("|N|expire cached PINs after N seconds")),
209 ARGPARSE_s_u (oDefCacheTTLSSH, "default-cache-ttl-ssh", "@" ),
210 ARGPARSE_s_u (oMaxCacheTTL, "max-cache-ttl", "@" ),
211 ARGPARSE_s_u (oMaxCacheTTLSSH, "max-cache-ttl-ssh", "@" ),
213 ARGPARSE_s_n (oEnforcePassphraseConstraints, "enforce-passphrase-constraints",
215 ARGPARSE_s_u (oMinPassphraseLen, "min-passphrase-len", "@"),
216 ARGPARSE_s_u (oMinPassphraseNonalpha, "min-passphrase-nonalpha", "@"),
217 ARGPARSE_s_s (oCheckPassphrasePattern, "check-passphrase-pattern", "@"),
218 ARGPARSE_s_u (oMaxPassphraseDays, "max-passphrase-days", "@"),
219 ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history", "@"),
221 ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing",
222 /* */ N_("do not use the PIN cache when signing")),
223 ARGPARSE_s_n (oNoAllowExternalCache, "no-allow-external-cache",
224 /* */ N_("disallow the use of an external password cache")),
225 ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted",
226 /* */ N_("disallow clients to mark keys as \"trusted\"")),
227 ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"),
228 ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
229 /* */ N_("allow presetting passphrase")),
230 ARGPARSE_s_n (oNoAllowLoopbackPinentry, "no-allow-loopback-pinentry",
231 N_("disallow caller to override the pinentry")),
232 ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", "@"),
233 ARGPARSE_s_n (oAllowEmacsPinentry, "allow-emacs-pinentry",
234 /* */ N_("allow passphrase to be prompted through Emacs")),
236 ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")),
237 ARGPARSE_s_n (oPuttySupport, "enable-putty-support",
238 #ifdef HAVE_W32_SYSTEM
239 /* */ N_("enable putty support")
245 /* Dummy options for backward compatibility. */
246 ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
247 ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
248 ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),
250 {0} /* End of list */
254 /* The list of supported debug flags. */
255 static struct debug_flags_s debug_flags [] =
257 { DBG_MPI_VALUE , "mpi" },
258 { DBG_CRYPTO_VALUE , "crypto" },
259 { DBG_MEMORY_VALUE , "memory" },
260 { DBG_CACHE_VALUE , "cache" },
261 { DBG_MEMSTAT_VALUE, "memstat" },
262 { DBG_HASHING_VALUE, "hashing" },
263 { DBG_IPC_VALUE , "ipc" },
264 { 77, NULL } /* 77 := Do not exit on "help" or "?". */
269 #define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */
270 #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */
271 #define MAX_CACHE_TTL (120*60) /* 2 hours */
272 #define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */
273 #define MIN_PASSPHRASE_LEN (8)
274 #define MIN_PASSPHRASE_NONALPHA (1)
275 #define MAX_PASSPHRASE_DAYS (0)
277 /* The timer tick used for housekeeping stuff. For Windows we use a
278 longer period as the SetWaitableTimer seems to signal earlier than
279 the 2 seconds. CHECK_OWN_SOCKET_INTERVAL defines how often we
280 check our own socket in standard socket mode. If that value is 0
281 we don't check at all. All values are in seconds. */
282 #if defined(HAVE_W32CE_SYSTEM)
283 # define TIMERTICK_INTERVAL (60)
284 # define CHECK_OWN_SOCKET_INTERVAL (0) /* Never */
285 #elif defined(HAVE_W32_SYSTEM)
286 # define TIMERTICK_INTERVAL (4)
287 # define CHECK_OWN_SOCKET_INTERVAL (60)
289 # define TIMERTICK_INTERVAL (2)
290 # define CHECK_OWN_SOCKET_INTERVAL (60)
294 /* Flag indicating that the ssh-agent subsystem has been enabled. */
295 static int ssh_support;
297 #ifdef HAVE_W32_SYSTEM
298 /* Flag indicating that support for Putty has been enabled. */
299 static int putty_support;
300 /* A magic value used with WM_COPYDATA. */
301 #define PUTTY_IPC_MAGIC 0x804e50ba
302 /* To avoid surprises we limit the size of the mapped IPC file to this
303 value. Putty currently (0.62) uses 8k, thus 16k should be enough
304 for the foreseeable future. */
305 #define PUTTY_IPC_MAXLEN 16384
306 #endif /*HAVE_W32_SYSTEM*/
308 /* The list of open file descriptors at startup. Note that this list
309 has been allocated using the standard malloc. */
310 static int *startup_fd_list;
312 /* The signal mask at startup and a flag telling whether it is valid. */
313 #ifdef HAVE_SIGPROCMASK
314 static sigset_t startup_signal_mask;
315 static int startup_signal_mask_valid;
318 /* Flag to indicate that a shutdown was requested. */
319 static int shutdown_pending;
321 /* Counter for the currently running own socket checks. */
322 static int check_own_socket_running;
324 /* Flags to indicate that check_own_socket shall not be called. */
325 static int disable_check_own_socket;
327 /* Flag indicating that we are in supervised mode. */
328 static int is_supervised;
330 /* Flag to inhibit socket removal in cleanup. */
331 static int inhibit_socket_removal;
333 /* It is possible that we are currently running under setuid permissions */
334 static int maybe_setuid = 1;
336 /* Name of the communication socket used for native gpg-agent
337 requests. The second variable is either NULL or a malloced string
338 with the real socket name in case it has been redirected. */
339 static char *socket_name;
340 static char *redir_socket_name;
342 /* Name of the optional extra socket used for native gpg-agent requests. */
343 static char *socket_name_extra;
344 static char *redir_socket_name_extra;
346 /* Name of the optional browser socket used for native gpg-agent requests. */
347 static char *socket_name_browser;
348 static char *redir_socket_name_browser;
350 /* Name of the communication socket used for ssh-agent-emulation. */
351 static char *socket_name_ssh;
352 static char *redir_socket_name_ssh;
354 /* We need to keep track of the server's nonces (these are dummies for
356 static assuan_sock_nonce_t socket_nonce;
357 static assuan_sock_nonce_t socket_nonce_extra;
358 static assuan_sock_nonce_t socket_nonce_browser;
359 static assuan_sock_nonce_t socket_nonce_ssh;
362 /* Default values for options passed to the pinentry. */
363 static char *default_display;
364 static char *default_ttyname;
365 static char *default_ttytype;
366 static char *default_lc_ctype;
367 static char *default_lc_messages;
368 static char *default_xauthority;
370 /* Name of a config file, which will be reread on a HUP if it is not NULL. */
371 static char *config_filename;
373 /* Helper to implement --debug-level */
374 static const char *debug_level;
376 /* Keep track of the current log file so that we can avoid updating
377 the log file after a SIGHUP if it didn't changed. Malloced. */
378 static char *current_logfile;
380 /* The handle_tick() function may test whether a parent is still
381 running. We record the PID of the parent here or -1 if it should be
383 static pid_t parent_pid = (pid_t)(-1);
385 /* Record the pid of the main thread, for easier signalling */
386 static pid_t main_thread_pid = (pid_t)(-1);
388 /* Number of active connections. */
389 static int active_connections;
391 /* This object is used to dispatch progress messages from Libgcrypt to
392 * the right thread. Given that we will have at max only a few dozen
393 * connections at a time, using a linked list is the easiest way to
395 struct progress_dispatch_s
397 struct progress_dispatch_s *next;
398 /* The control object of the connection. If this is NULL no
399 * connection is associated with this item and it is free for reuse
400 * by new connections. */
403 /* The thread id of (npth_self) of the connection. */
406 /* The callback set by the connection. This is similar to the
407 * Libgcrypt callback but with the control object passed as the
409 void (*cb)(ctrl_t ctrl,
410 const char *what, int printchar,
411 int current, int total);
413 struct progress_dispatch_s *progress_dispatch_list;
422 static char *create_socket_name (char *standard_name, int with_homedir);
423 static gnupg_fd_t create_server_socket (char *name, int primary, int cygwin,
425 assuan_sock_nonce_t *nonce);
426 static void create_directories (void);
428 static void agent_libgcrypt_progress_cb (void *data, const char *what,
430 int current, int total);
431 static void agent_init_default_ctrl (ctrl_t ctrl);
432 static void agent_deinit_default_ctrl (ctrl_t ctrl);
434 static void handle_connections (gnupg_fd_t listen_fd,
435 gnupg_fd_t listen_fd_extra,
436 gnupg_fd_t listen_fd_browser,
437 gnupg_fd_t listen_fd_ssh);
438 static void check_own_socket (void);
439 static int check_for_running_agent (int silent);
441 /* Pth wrapper function definitions. */
442 ASSUAN_SYSTEM_NPTH_IMPL;
449 /* Allocate a string describing a library version by calling a GETFNC.
450 This function is expected to be called only once. GETFNC is
451 expected to have a semantic like gcry_check_version (). */
453 make_libversion (const char *libname, const char *(*getfnc)(const char*))
460 gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
464 result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
465 strcpy (stpcpy (stpcpy (result, libname), " "), s);
469 /* Return strings describing this program. The case values are
470 described in common/argparse.c:strusage. The values here override
471 the default values given by strusage. */
473 my_strusage (int level)
475 static char *ver_gcry;
480 case 11: p = "@GPG_AGENT@ (@GNUPG@)";
482 case 13: p = VERSION; break;
483 case 17: p = PRINTABLE_OS_NAME; break;
484 /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
485 reporting address. This is so that we can change the
486 reporting address without breaking the translations. */
487 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
491 ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
496 case 40: p = _("Usage: @GPG_AGENT@ [options] (-h for help)");
498 case 41: p = _("Syntax: @GPG_AGENT@ [options] [command [args]]\n"
499 "Secret key management for @GNUPG@\n");
509 /* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
510 only the active debug flags are propagated to the subsystems. With
511 DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
512 all flags already set. Note that we don't fail here, because it is
513 important to keep gpg-agent running even after re-reading the
514 options due to a SIGHUP. */
518 int numok = (debug_level && digitp (debug_level));
519 int numlvl = numok? atoi (debug_level) : 0;
523 else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
525 else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
526 opt.debug = DBG_IPC_VALUE;
527 else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
528 opt.debug = DBG_IPC_VALUE;
529 else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
530 opt.debug = (DBG_IPC_VALUE | DBG_CACHE_VALUE);
531 else if (!strcmp (debug_level, "guru") || numok)
534 /* Unless the "guru" string has been used we don't want to allow
535 hashing debugging. The rationale is that people tend to
536 select the highest debug value and would then clutter their
537 disk with debug files which may reveal confidential data. */
539 opt.debug &= ~(DBG_HASHING_VALUE);
543 log_error (_("invalid debug-level '%s' given\n"), debug_level);
544 opt.debug = 0; /* Reset debugging, so that prior debug
545 statements won't have an undesired effect. */
548 if (opt.debug && !opt.verbose)
550 if (opt.debug && opt.quiet)
553 if (opt.debug & DBG_MPI_VALUE)
554 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
555 if (opt.debug & DBG_CRYPTO_VALUE )
556 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
557 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
560 parse_debug_flag (NULL, &opt.debug, debug_flags);
564 /* Helper for cleanup to remove one socket with NAME. REDIR_NAME is
565 the corresponding real name if the socket has been redirected. */
567 remove_socket (char *name, char *redir_name)
580 /* Discover which inherited file descriptors correspond to which
581 * services/sockets offered by gpg-agent, using the LISTEN_FDS and
582 * LISTEN_FDNAMES convention. The understood labels are "ssh",
583 * "extra", and "browser". "std" or other labels will be interpreted
584 * as the standard socket.
586 * This function is designed to log errors when the expected file
587 * descriptors don't make sense, but to do its best to continue to
588 * work even in the face of minor misconfigurations.
590 * For more information on the LISTEN_FDS convention, see
591 * sd_listen_fds(3) on certain Linux distributions.
593 #ifndef HAVE_W32_SYSTEM
595 map_supervised_sockets (gnupg_fd_t *r_fd,
596 gnupg_fd_t *r_fd_extra,
597 gnupg_fd_t *r_fd_browser,
598 gnupg_fd_t *r_fd_ssh)
605 { "ssh", &r_fd_ssh, &socket_name_ssh },
606 { "browser", &r_fd_browser, &socket_name_browser },
607 { "extra", &r_fd_extra, &socket_name_extra },
608 { "std", &r_fd, &socket_name } /* (Must be the last item.) */
615 *r_fd = *r_fd_extra = *r_fd_browser = *r_fd_ssh = -1;
617 /* Print a warning if LISTEN_PID does not match outr pid. */
618 envvar = getenv ("LISTEN_PID");
620 log_error ("no LISTEN_PID environment variable found in "
621 "--supervised mode (ignoring)\n");
622 else if (strtoul (envvar, NULL, 10) != (unsigned long)getpid ())
623 log_error ("environment variable LISTEN_PID (%lu) does not match"
624 " our pid (%lu) in --supervised mode (ignoring)\n",
625 (unsigned long)strtoul (envvar, NULL, 10),
626 (unsigned long)getpid ());
628 /* Parse LISTEN_FDNAMES into the array FDNAMES. */
629 envvar = getenv ("LISTEN_FDNAMES");
632 fdnames = strtokenize (envvar, ":");
635 log_error ("strtokenize failed: %s\n",
636 gpg_strerror (gpg_error_from_syserror ()));
639 for (nfdnames=0; fdnames[nfdnames]; nfdnames++)
648 /* Parse LISTEN_FDS into fd_count or provide a replacement. */
649 envvar = getenv ("LISTEN_FDS");
651 fd_count = atoi (envvar);
654 log_error ("no LISTEN_FDS environment variable found in --supervised"
655 " mode (relying on LISTEN_FDNAMES instead)\n");
660 log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables "
661 "found in --supervised mode"
662 " (assuming 1 active descriptor)\n");
668 log_error ("--supervised mode expects at least one file descriptor"
669 " (was told %d, carrying on as though it were 1)\n",
674 /* Assign the descriptors to the return values. */
680 log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1"
681 " in --supervised mode."
682 " (ignoring all sockets but the first one)\n",
684 if (fstat (3, &statbuf) == -1 && errno ==EBADF)
685 log_fatal ("file descriptor 3 must be valid in --supervised mode"
686 " if LISTEN_FDNAMES is not set\n");
688 socket_name = gnupg_get_socket_name (3);
690 else if (fd_count != nfdnames)
692 log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match "
693 "LISTEN_FDS (%d) in --supervised mode\n",
701 for (i = 0; i < nfdnames; i++)
703 for (j = 0; j < DIM (tbl); j++)
705 if (!strcmp (fdnames[i], tbl[j].label) || j == DIM(tbl)-1)
708 if (**tbl[j].fdaddr == -1)
710 name = gnupg_get_socket_name (fd);
713 **tbl[j].fdaddr = fd;
714 *tbl[j].nameaddr = name;
715 log_info ("using fd %d for %s socket (%s)\n",
716 fd, tbl[j].label, name);
720 log_error ("cannot listen on fd %d for %s socket\n",
727 log_error ("cannot listen on more than one %s socket\n",
739 #endif /*!HAVE_W32_SYSTEM*/
742 /* Cleanup code for this program. This is either called has an atexit
743 handler or directly. */
752 deinitialize_module_cache ();
753 if (!is_supervised && !inhibit_socket_removal)
755 remove_socket (socket_name, redir_socket_name);
756 if (opt.extra_socket > 1)
757 remove_socket (socket_name_extra, redir_socket_name_extra);
758 if (opt.browser_socket > 1)
759 remove_socket (socket_name_browser, redir_socket_name_browser);
760 remove_socket (socket_name_ssh, redir_socket_name_ssh);
766 /* Handle options which are allowed to be reset after program start.
767 Return true when the current option in PARGS could be handled and
768 false if not. As a special feature, passing a value of NULL for
769 PARGS, resets the options to the default. REREAD should be set
770 true if it is not the initial option parsing. */
772 parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
780 opt.debug_pinentry = 0;
781 opt.pinentry_program = NULL;
782 opt.pinentry_touch_file = NULL;
783 xfree (opt.pinentry_invisible_char);
784 opt.pinentry_invisible_char = NULL;
785 opt.pinentry_timeout = 0;
786 opt.scdaemon_program = NULL;
787 opt.def_cache_ttl = DEFAULT_CACHE_TTL;
788 opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
789 opt.max_cache_ttl = MAX_CACHE_TTL;
790 opt.max_cache_ttl_ssh = MAX_CACHE_TTL_SSH;
791 opt.enforce_passphrase_constraints = 0;
792 opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
793 opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
794 opt.check_passphrase_pattern = NULL;
795 opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
796 opt.enable_passphrase_history = 0;
797 opt.ignore_cache_for_signing = 0;
798 opt.allow_mark_trusted = 1;
799 opt.allow_external_cache = 1;
800 opt.allow_loopback_pinentry = 1;
801 opt.allow_emacs_pinentry = 0;
802 opt.disable_scdaemon = 0;
803 disable_check_own_socket = 0;
807 switch (pargs->r_opt)
809 case oQuiet: opt.quiet = 1; break;
810 case oVerbose: opt.verbose++; break;
813 parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags);
815 case oDebugAll: opt.debug = ~0; break;
816 case oDebugLevel: debug_level = pargs->r.ret_str; break;
817 case oDebugPinentry: opt.debug_pinentry = 1; break;
821 return 0; /* not handeld */
822 if (!current_logfile || !pargs->r.ret_str
823 || strcmp (current_logfile, pargs->r.ret_str))
825 log_set_file (pargs->r.ret_str);
826 xfree (current_logfile);
827 current_logfile = xtrystrdup (pargs->r.ret_str);
831 case oNoGrab: opt.no_grab = 1; break;
833 case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
834 case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
835 case oPinentryInvisibleChar:
836 xfree (opt.pinentry_invisible_char);
837 opt.pinentry_invisible_char = xtrystrdup (pargs->r.ret_str); break;
839 case oPinentryTimeout: opt.pinentry_timeout = pargs->r.ret_ulong; break;
840 case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
841 case oDisableScdaemon: opt.disable_scdaemon = 1; break;
842 case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
844 case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
845 case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
846 case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
847 case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
849 case oEnforcePassphraseConstraints:
850 opt.enforce_passphrase_constraints=1;
852 case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break;
853 case oMinPassphraseNonalpha:
854 opt.min_passphrase_nonalpha = pargs->r.ret_ulong;
856 case oCheckPassphrasePattern:
857 opt.check_passphrase_pattern = pargs->r.ret_str;
859 case oMaxPassphraseDays:
860 opt.max_passphrase_days = pargs->r.ret_ulong;
862 case oEnablePassphraseHistory:
863 opt.enable_passphrase_history = 1;
866 case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
868 case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
869 case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
871 case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
873 case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break;
874 case oNoAllowLoopbackPinentry: opt.allow_loopback_pinentry = 0; break;
876 case oNoAllowExternalCache: opt.allow_external_cache = 0;
879 case oAllowEmacsPinentry: opt.allow_emacs_pinentry = 1;
883 return 0; /* not handled */
886 return 1; /* handled */
890 /* Fixup some options after all have been processed. */
892 finalize_rereadable_options (void)
898 thread_init_once (void)
900 static int npth_initialized = 0;
902 if (!npth_initialized)
907 gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
908 /* Now that we have set the syscall clamp we need to tell Libgcrypt
909 * that it should get them from libgpg-error. Note that Libgcrypt
910 * has already been initialized but at that point nPth was not
911 * initialized and thus Libgcrypt could not set its system call
913 #if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
914 gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
920 initialize_modules (void)
923 assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
924 initialize_module_cache ();
925 initialize_module_call_pinentry ();
926 initialize_module_call_scd ();
927 initialize_module_trustlist ();
931 /* The main entry point. */
933 main (int argc, char **argv )
938 FILE *configfp = NULL;
939 char *configname = NULL;
941 unsigned configlineno;
943 int default_config =1;
948 char *logfile = NULL;
950 int gpgconf_list = 0;
952 struct assuan_malloc_hooks malloc_hooks;
954 early_system_init ();
956 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
957 /* Disable ptrace on Linux without sgid bit */
958 prctl(PR_SET_DUMPABLE, 0);
961 /* Before we do anything else we save the list of currently open
962 file descriptors and the signal mask. This info is required to
963 do the exec call properly. */
964 startup_fd_list = get_all_open_fds ();
965 #ifdef HAVE_SIGPROCMASK
966 if (!sigprocmask (SIG_UNBLOCK, NULL, &startup_signal_mask))
967 startup_signal_mask_valid = 1;
968 #endif /*HAVE_SIGPROCMASK*/
970 /* Set program name etc. */
971 set_strusage (my_strusage);
972 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
973 /* Please note that we may running SUID(ROOT), so be very CAREFUL
974 when adding any stuff between here and the call to INIT_SECMEM()
975 somewhere after the option parsing */
976 log_set_prefix (GPG_AGENT_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_WITH_PID);
978 /* Make sure that our subsystems are ready. */
980 init_common_subsystems (&argc, &argv);
982 malloc_hooks.malloc = gcry_malloc;
983 malloc_hooks.realloc = gcry_realloc;
984 malloc_hooks.free = gcry_free;
985 assuan_set_malloc_hooks (&malloc_hooks);
986 assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
988 setup_libassuan_logging (&opt.debug, NULL);
990 setup_libgcrypt_logging ();
991 gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
992 gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
994 disable_core_dumps ();
996 /* Set default options. */
997 parse_rereadable_options (NULL, 0); /* Reset them to default values. */
999 shell = getenv ("SHELL");
1000 if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
1003 /* Record some of the original environment strings. */
1007 static const char *names[] =
1008 { "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL };
1011 opt.startup_env = session_env_new ();
1012 if (!opt.startup_env)
1013 err = gpg_error_from_syserror ();
1014 for (idx=0; !err && names[idx]; idx++)
1016 s = getenv (names[idx]);
1018 err = session_env_setenv (opt.startup_env, names[idx], s);
1022 s = gnupg_ttyname (0);
1024 err = session_env_setenv (opt.startup_env, "GPG_TTY", s);
1027 log_fatal ("error recording startup environment: %s\n",
1028 gpg_strerror (err));
1030 /* Fixme: Better use the locale function here. */
1031 opt.startup_lc_ctype = getenv ("LC_CTYPE");
1032 if (opt.startup_lc_ctype)
1033 opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype);
1034 opt.startup_lc_messages = getenv ("LC_MESSAGES");
1035 if (opt.startup_lc_messages)
1036 opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
1039 /* Check whether we have a config file on the commandline */
1044 pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
1045 while (arg_parse( &pargs, opts))
1047 if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
1049 else if (pargs.r_opt == oOptions)
1050 { /* yes there is one, so we do not try the default one, but
1051 read the option file when it is encountered at the
1055 else if (pargs.r_opt == oNoOptions)
1056 default_config = 0; /* --no-options */
1057 else if (pargs.r_opt == oHomedir)
1058 gnupg_set_homedir (pargs.r.ret_str);
1059 else if (pargs.r_opt == oDebugQuickRandom)
1061 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
1066 /* Initialize the secure memory. */
1067 gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);
1071 Now we are now working under our real uid
1075 configname = make_filename (gnupg_homedir (),
1076 GPG_AGENT_NAME EXTSEP_S "conf", NULL);
1082 pargs.flags= 1; /* do not remove the args */
1087 configfp = fopen (configname, "r");
1093 log_info (_("Note: no default option file '%s'\n"),
1095 /* Save the default conf file name so that
1096 reread_configuration is able to test whether the
1097 config file has been created in the meantime. */
1098 xfree (config_filename);
1099 config_filename = configname;
1104 log_error (_("option file '%s': %s\n"),
1105 configname, strerror(errno) );
1111 if (parse_debug && configname )
1112 log_info (_("reading options from '%s'\n"), configname );
1116 while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
1118 if (parse_rereadable_options (&pargs, 0))
1119 continue; /* Already handled */
1120 switch (pargs.r_opt)
1122 case aGPGConfList: gpgconf_list = 1; break;
1123 case aGPGConfTest: gpgconf_list = 2; break;
1124 case aUseStandardSocketP: gpgconf_list = 3; break;
1125 case oBatch: opt.batch=1; break;
1127 case oDebugWait: debug_wait = pargs.r.ret_int; break;
1130 /* config files may not be nested (silently ignore them) */
1134 configname = xstrdup(pargs.r.ret_str);
1138 case oNoGreeting: /* Dummy option. */ break;
1139 case oNoVerbose: opt.verbose = 0; break;
1140 case oNoOptions: break; /* no-options */
1141 case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
1142 case oNoDetach: nodetach = 1; break;
1143 case oLogFile: logfile = pargs.r.ret_str; break;
1144 case oCsh: csh_style = 1; break;
1145 case oSh: csh_style = 0; break;
1146 case oServer: pipe_server = 1; break;
1147 case oDaemon: is_daemon = 1; break;
1148 case oSupervised: is_supervised = 1; break;
1150 case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
1151 case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
1152 case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
1153 case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
1154 case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
1156 case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
1159 case oUseStandardSocket:
1160 case oNoUseStandardSocket:
1161 obsolete_option (configname, configlineno, "use-standard-socket");
1164 case oFakedSystemTime:
1166 time_t faked_time = isotime2epoch (pargs.r.ret_str);
1167 if (faked_time == (time_t)(-1))
1168 faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
1169 gnupg_set_time (faked_time, 0);
1173 case oKeepTTY: opt.keep_tty = 1; break;
1174 case oKeepDISPLAY: opt.keep_display = 1; break;
1180 # ifdef HAVE_W32_SYSTEM
1186 opt.extra_socket = 1; /* (1 = points into argv) */
1187 socket_name_extra = pargs.r.ret_str;
1190 case oBrowserSocket:
1191 opt.browser_socket = 1; /* (1 = points into argv) */
1192 socket_name_browser = pargs.r.ret_str;
1195 case oDebugQuickRandom:
1196 /* Only used by the first stage command line parser. */
1200 obsolete_option (configname, configlineno, "write-env-file");
1203 default : pargs.err = configfp? 1:2; break;
1210 /* Keep a copy of the name so that it can be read on SIGHUP. */
1211 if (config_filename != configname)
1213 xfree (config_filename);
1214 config_filename = configname;
1222 if (log_get_errorcount(0))
1225 finalize_rereadable_options ();
1227 /* Print a warning if an argument looks like an option. */
1228 if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
1232 for (i=0; i < argc; i++)
1233 if (argv[i][0] == '-' && argv[i][1] == '-')
1234 log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
1238 /* gpg-agent usually does not output any messages because it runs in
1239 the background. For log files it is acceptable to have messages
1240 always encoded in utf-8. We switch here to utf-8, so that
1241 commands like --help still give native messages. It is far
1242 easier to switch only once instead of for every message and it
1243 actually helps when more then one thread is active (avoids an
1244 extra copy step). */
1245 bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
1248 if (!pipe_server && !is_daemon && !gpgconf_list && !is_supervised)
1250 /* We have been called without any command and thus we merely
1251 check whether an agent is already running. We do this right
1252 here so that we don't clobber a logfile with this check but
1253 print the status directly to stderr. */
1256 check_for_running_agent (0);
1262 else if (!opt.extra_socket)
1263 opt.extra_socket = 1;
1264 else if (socket_name_extra
1265 && (!strcmp (socket_name_extra, "none")
1266 || !strcmp (socket_name_extra, "/dev/null")))
1268 /* User requested not to create this socket. */
1269 opt.extra_socket = 0;
1270 socket_name_extra = NULL;
1275 else if (!opt.browser_socket)
1276 opt.browser_socket = 1;
1277 else if (socket_name_browser
1278 && (!strcmp (socket_name_browser, "none")
1279 || !strcmp (socket_name_browser, "/dev/null")))
1281 /* User requested not to create this socket. */
1282 opt.browser_socket = 0;
1283 socket_name_browser = NULL;
1288 if (atexit (cleanup))
1290 log_error ("atexit failed\n");
1295 /* Try to create missing directories. */
1296 create_directories ();
1298 if (debug_wait && pipe_server)
1300 thread_init_once ();
1301 log_debug ("waiting for debugger - my pid is %u .....\n",
1302 (unsigned int)getpid());
1303 gnupg_sleep (debug_wait);
1304 log_debug ("... okay\n");
1307 if (gpgconf_list == 3)
1309 /* We now use the standard socket always - return true for
1310 backward compatibility. */
1313 else if (gpgconf_list == 2)
1315 else if (gpgconf_list)
1320 /* List options and default values in the GPG Conf format. */
1321 filename = make_filename (gnupg_homedir (),
1322 GPG_AGENT_NAME EXTSEP_S "conf", NULL);
1323 filename_esc = percent_escape (filename, NULL);
1325 es_printf ("%s-%s.conf:%lu:\"%s\n",
1326 GPGCONF_NAME, GPG_AGENT_NAME,
1327 GC_OPT_FLAG_DEFAULT, filename_esc);
1329 xfree (filename_esc);
1331 es_printf ("verbose:%lu:\n"
1333 "debug-level:%lu:\"none:\n"
1335 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
1336 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
1337 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1338 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME );
1339 es_printf ("default-cache-ttl:%lu:%d:\n",
1340 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL );
1341 es_printf ("default-cache-ttl-ssh:%lu:%d:\n",
1342 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH );
1343 es_printf ("max-cache-ttl:%lu:%d:\n",
1344 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL );
1345 es_printf ("max-cache-ttl-ssh:%lu:%d:\n",
1346 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH );
1347 es_printf ("enforce-passphrase-constraints:%lu:\n",
1348 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1349 es_printf ("min-passphrase-len:%lu:%d:\n",
1350 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN );
1351 es_printf ("min-passphrase-nonalpha:%lu:%d:\n",
1352 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1353 MIN_PASSPHRASE_NONALPHA);
1354 es_printf ("check-passphrase-pattern:%lu:\n",
1355 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
1356 es_printf ("max-passphrase-days:%lu:%d:\n",
1357 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1358 MAX_PASSPHRASE_DAYS);
1359 es_printf ("enable-passphrase-history:%lu:\n",
1360 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1361 es_printf ("no-grab:%lu:\n",
1362 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1363 es_printf ("ignore-cache-for-signing:%lu:\n",
1364 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1365 es_printf ("no-allow-external-cache:%lu:\n",
1366 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1367 es_printf ("no-allow-mark-trusted:%lu:\n",
1368 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1369 es_printf ("disable-scdaemon:%lu:\n",
1370 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1371 es_printf ("enable-ssh-support:%lu:\n", GC_OPT_FLAG_NONE);
1372 #ifdef HAVE_W32_SYSTEM
1373 es_printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE);
1375 es_printf ("no-allow-loopback-pinentry:%lu:\n",
1376 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1377 es_printf ("allow-emacs-pinentry:%lu:\n",
1378 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1379 es_printf ("pinentry-timeout:%lu:0:\n",
1380 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
1385 /* Now start with logging to a file if this is desired. */
1388 log_set_file (logfile);
1389 log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
1390 | GPGRT_LOG_WITH_TIME
1391 | GPGRT_LOG_WITH_PID));
1392 current_logfile = xstrdup (logfile);
1395 /* Make sure that we have a default ttyname. */
1396 if (!default_ttyname && gnupg_ttyname (1))
1397 default_ttyname = xstrdup (gnupg_ttyname (1));
1398 if (!default_ttytype && getenv ("TERM"))
1399 default_ttytype = xstrdup (getenv ("TERM"));
1404 /* This is the simple pipe based server */
1407 initialize_modules ();
1409 ctrl = xtrycalloc (1, sizeof *ctrl);
1412 log_error ("error allocating connection control data: %s\n",
1416 ctrl->session_env = session_env_new ();
1417 if (!ctrl->session_env)
1419 log_error ("error allocating session environment block: %s\n",
1424 agent_init_default_ctrl (ctrl);
1425 start_command_handler (ctrl, GNUPG_INVALID_FD, GNUPG_INVALID_FD);
1426 agent_deinit_default_ctrl (ctrl);
1429 else if (is_supervised)
1431 #ifndef HAVE_W32_SYSTEM
1432 gnupg_fd_t fd, fd_extra, fd_browser, fd_ssh;
1434 initialize_modules ();
1436 /* when supervised and sending logs to stderr, the process
1437 supervisor should handle log entry metadata (pid, name,
1440 log_set_prefix (NULL, 0);
1442 log_info ("%s %s starting in supervised mode.\n",
1443 strusage(11), strusage(13) );
1445 /* See below in "regular server mode" on why we remove certain
1447 if (!opt.keep_display)
1448 gnupg_unsetenv ("DISPLAY");
1449 gnupg_unsetenv ("INSIDE_EMACS");
1451 /* Virtually create the sockets. Note that we use -1 here
1452 * because the whole thing works only on Unix. */
1453 map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh);
1455 log_fatal ("no standard socket provided\n");
1457 #ifdef HAVE_SIGPROCMASK
1458 if (startup_signal_mask_valid)
1460 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1461 log_error ("error restoring signal mask: %s\n",
1465 log_info ("no saved signal mask\n");
1466 #endif /*HAVE_SIGPROCMASK*/
1468 log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n",
1469 fd, fd_extra, fd_browser, fd_ssh);
1470 handle_connections (fd, fd_extra, fd_browser, fd_ssh);
1471 #endif /*!HAVE_W32_SYSTEM*/
1473 else if (!is_daemon)
1476 { /* Regular server mode */
1478 gnupg_fd_t fd_extra = GNUPG_INVALID_FD;
1479 gnupg_fd_t fd_browser = GNUPG_INVALID_FD;
1480 gnupg_fd_t fd_ssh = GNUPG_INVALID_FD;
1481 #ifndef HAVE_W32_SYSTEM
1485 /* Remove the DISPLAY variable so that a pinentry does not
1486 default to a specific display. There is still a default
1487 display when gpg-agent was started using --display or a
1488 client requested this using an OPTION command. Note, that we
1489 don't do this when running in reverse daemon mode (i.e. when
1490 exec the program given as arguments). */
1491 #ifndef HAVE_W32_SYSTEM
1492 if (!opt.keep_display && !argc)
1493 gnupg_unsetenv ("DISPLAY");
1496 /* Remove the INSIDE_EMACS variable so that a pinentry does not
1497 always try to interact with Emacs. The variable is set when
1498 a client requested this using an OPTION command. */
1499 gnupg_unsetenv ("INSIDE_EMACS");
1501 /* Create the sockets. */
1502 socket_name = create_socket_name (GPG_AGENT_SOCK_NAME, 1);
1503 fd = create_server_socket (socket_name, 1, 0,
1504 &redir_socket_name, &socket_nonce);
1506 if (opt.extra_socket)
1508 if (socket_name_extra)
1509 socket_name_extra = create_socket_name (socket_name_extra, 0);
1511 socket_name_extra = create_socket_name
1512 /**/ (GPG_AGENT_EXTRA_SOCK_NAME, 1);
1513 opt.extra_socket = 2; /* Indicate that it has been malloced. */
1514 fd_extra = create_server_socket (socket_name_extra, 0, 0,
1515 &redir_socket_name_extra,
1516 &socket_nonce_extra);
1519 if (opt.browser_socket)
1521 if (socket_name_browser)
1522 socket_name_browser = create_socket_name (socket_name_browser, 0);
1524 socket_name_browser= create_socket_name
1525 /**/ (GPG_AGENT_BROWSER_SOCK_NAME, 1);
1526 opt.browser_socket = 2; /* Indicate that it has been malloced. */
1527 fd_browser = create_server_socket (socket_name_browser, 0, 0,
1528 &redir_socket_name_browser,
1529 &socket_nonce_browser);
1532 socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
1533 fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
1534 &redir_socket_name_ssh,
1537 /* If we are going to exec a program in the parent, we record
1538 the PID, so that the child may check whether the program is
1541 parent_pid = getpid ();
1545 #ifdef HAVE_W32_SYSTEM
1549 initialize_modules ();
1551 #else /*!HAVE_W32_SYSTEM*/
1554 if (pid == (pid_t)-1)
1556 log_fatal ("fork failed: %s\n", strerror (errno) );
1560 { /* We are the parent */
1561 char *infostr_ssh_sock, *infostr_ssh_valid;
1563 /* Close the socket FD. */
1566 /* The signal mask might not be correct right now and thus
1567 we restore it. That is not strictly necessary but some
1568 programs falsely assume a cleared signal mask. */
1570 #ifdef HAVE_SIGPROCMASK
1571 if (startup_signal_mask_valid)
1573 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1574 log_error ("error restoring signal mask: %s\n",
1578 log_info ("no saved signal mask\n");
1579 #endif /*HAVE_SIGPROCMASK*/
1581 /* Create the SSH info string if enabled. */
1584 if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s",
1585 socket_name_ssh) < 0)
1587 log_error ("out of core\n");
1588 kill (pid, SIGTERM);
1591 if (asprintf (&infostr_ssh_valid, "gnupg_SSH_AUTH_SOCK_by=%lu",
1592 (unsigned long)getpid()) < 0)
1594 log_error ("out of core\n");
1595 kill (pid, SIGTERM);
1600 *socket_name = 0; /* Don't let cleanup() remove the socket -
1601 the child should do this from now on */
1602 if (opt.extra_socket)
1603 *socket_name_extra = 0;
1604 if (opt.browser_socket)
1605 *socket_name_browser = 0;
1606 *socket_name_ssh = 0;
1609 { /* Run the program given on the commandline. */
1610 if (ssh_support && (putenv (infostr_ssh_sock)
1611 || putenv (infostr_ssh_valid)))
1613 log_error ("failed to set environment: %s\n",
1615 kill (pid, SIGTERM );
1619 /* Close all the file descriptors except the standard
1620 ones and those open at startup. We explicitly don't
1621 close 0,1,2 in case something went wrong collecting
1623 close_all_fds (3, startup_fd_list);
1625 /* Run the command. */
1626 execvp (argv[0], argv);
1627 log_error ("failed to run the command: %s\n", strerror (errno));
1628 kill (pid, SIGTERM);
1633 /* Print the environment string, so that the caller can use
1634 shell's eval to set it */
1639 *strchr (infostr_ssh_sock, '=') = ' ';
1640 es_printf ("setenv %s;\n", infostr_ssh_sock);
1647 es_printf ("%s; export SSH_AUTH_SOCK;\n",
1653 xfree (infostr_ssh_sock);
1654 xfree (infostr_ssh_valid);
1665 initialize_modules ();
1667 /* Detach from tty and put process into a new session */
1671 unsigned int oldflags;
1673 /* Close stdin, stdout and stderr unless it is the log stream */
1674 for (i=0; i <= 2; i++)
1676 if (!log_test_fd (i) && i != fd )
1679 && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
1681 log_error ("failed to open '%s': %s\n",
1682 "/dev/null", strerror (errno));
1690 log_error ("setsid() failed: %s\n", strerror(errno) );
1695 log_get_prefix (&oldflags);
1696 log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
1697 opt.running_detached = 1;
1702 log_error ("chdir to / failed: %s\n", strerror (errno));
1707 struct sigaction sa;
1709 sa.sa_handler = SIG_IGN;
1710 sigemptyset (&sa.sa_mask);
1712 sigaction (SIGPIPE, &sa, NULL);
1714 #endif /*!HAVE_W32_SYSTEM*/
1716 log_info ("%s %s started\n", strusage(11), strusage(13) );
1717 handle_connections (fd, fd_extra, fd_browser, fd_ssh);
1718 assuan_sock_close (fd);
1725 /* Exit entry point. This function should be called instead of a
1730 /*FIXME: update_random_seed_file();*/
1732 /* We run our cleanup handler because that may close cipher contexts
1733 stored in secure memory and thus this needs to be done before we
1734 explicitly terminate secure memory. */
1738 /* at this time a bit annoying */
1739 if (opt.debug & DBG_MEMSTAT_VALUE)
1741 gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
1742 gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
1745 gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
1747 gcry_control (GCRYCTL_TERM_SECMEM );
1748 rc = rc? rc : log_get_errorcount(0)? 2 : 0;
1753 /* This is our callback function for gcrypt progress messages. It is
1754 set once at startup and dispatches progress messages to the
1755 corresponding threads of the agent. */
1757 agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
1758 int current, int total)
1760 struct progress_dispatch_s *dispatch;
1761 npth_t mytid = npth_self ();
1765 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1766 if (dispatch->ctrl && dispatch->tid == mytid)
1768 if (dispatch && dispatch->cb)
1769 dispatch->cb (dispatch->ctrl, what, printchar, current, total);
1771 /* Libgcrypt < 1.8 does not know about nPth and thus when it reads
1772 * from /dev/random this will block the process. To mitigate this
1773 * problem we take a short nap when Libgcrypt tells us that it needs
1774 * more entropy. This way other threads have chance to run. */
1775 #if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */
1776 if (what && !strcmp (what, "need_entropy"))
1777 npth_usleep (100000); /* 100ms */
1782 /* If a progress dispatcher callback has been associated with the
1783 * current connection unregister it. */
1785 unregister_progress_cb (void)
1787 struct progress_dispatch_s *dispatch;
1788 npth_t mytid = npth_self ();
1790 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1791 if (dispatch->ctrl && dispatch->tid == mytid)
1795 dispatch->ctrl = NULL;
1796 dispatch->cb = NULL;
1801 /* Setup a progress callback CB for the current connection. Using a
1802 * CB of NULL disables the callback. */
1804 agent_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what,
1805 int printchar, int current, int total),
1808 struct progress_dispatch_s *dispatch, *firstfree;
1809 npth_t mytid = npth_self ();
1812 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1814 if (dispatch->ctrl && dispatch->tid == mytid)
1816 if (!dispatch->ctrl && !firstfree)
1817 firstfree = dispatch;
1819 if (!dispatch) /* None allocated: Reuse or allocate a new one. */
1823 dispatch = firstfree;
1825 else if ((dispatch = xtrycalloc (1, sizeof *dispatch)))
1827 dispatch->next = progress_dispatch_list;
1828 progress_dispatch_list = dispatch;
1832 log_error ("error allocating new progress dispatcher slot: %s\n",
1833 gpg_strerror (gpg_error_from_syserror ()));
1836 dispatch->ctrl = ctrl;
1837 dispatch->tid = mytid;
1844 /* Each thread has its own local variables conveyed by a control
1845 structure usually identified by an argument named CTRL. This
1846 function is called immediately after allocating the control
1847 structure. Its purpose is to setup the default values for that
1848 structure. Note that some values may have already been set. */
1850 agent_init_default_ctrl (ctrl_t ctrl)
1852 assert (ctrl->session_env);
1854 /* Note we ignore malloc errors because we can't do much about it
1855 and the request will fail anyway shortly after this
1857 session_env_setenv (ctrl->session_env, "DISPLAY", default_display);
1858 session_env_setenv (ctrl->session_env, "GPG_TTY", default_ttyname);
1859 session_env_setenv (ctrl->session_env, "TERM", default_ttytype);
1860 session_env_setenv (ctrl->session_env, "XAUTHORITY", default_xauthority);
1861 session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", NULL);
1864 xfree (ctrl->lc_ctype);
1865 ctrl->lc_ctype = default_lc_ctype? xtrystrdup (default_lc_ctype) : NULL;
1867 if (ctrl->lc_messages)
1868 xfree (ctrl->lc_messages);
1869 ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages)
1871 ctrl->cache_ttl_opt_preset = CACHE_TTL_OPT_PRESET;
1875 /* Release all resources allocated by default in the control
1876 structure. This is the counterpart to agent_init_default_ctrl. */
1878 agent_deinit_default_ctrl (ctrl_t ctrl)
1880 unregister_progress_cb ();
1881 session_env_release (ctrl->session_env);
1884 xfree (ctrl->lc_ctype);
1885 if (ctrl->lc_messages)
1886 xfree (ctrl->lc_messages);
1890 /* Because the ssh protocol does not send us information about the
1891 current TTY setting, we use this function to use those from startup
1892 or those explicitly set. This is also used for the restricted mode
1893 where we ignore requests to change the environment. */
1895 agent_copy_startup_env (ctrl_t ctrl)
1897 static const char *names[] =
1898 {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
1899 gpg_error_t err = 0;
1903 for (idx=0; !err && names[idx]; idx++)
1904 if ((value = session_env_getenv (opt.startup_env, names[idx])))
1905 err = session_env_setenv (ctrl->session_env, names[idx], value);
1907 if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
1908 if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
1909 err = gpg_error_from_syserror ();
1911 if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
1912 if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
1913 err = gpg_error_from_syserror ();
1916 log_error ("error setting default session environment: %s\n",
1917 gpg_strerror (err));
1923 /* Reread parts of the configuration. Note, that this function is
1924 obviously not thread-safe and should only be called from the PTH
1927 Fixme: Due to the way the argument parsing works, we create a
1928 memory leak here for all string type arguments. There is currently
1929 no clean way to tell whether the memory for the argument has been
1930 allocated or points into the process' original arguments. Unless
1931 we have a mechanism to tell this, we need to live on with this. */
1933 reread_configuration (void)
1935 ARGPARSE_ARGS pargs;
1937 unsigned int configlineno = 0;
1940 if (!config_filename)
1941 return; /* No config file. */
1943 fp = fopen (config_filename, "r");
1946 log_info (_("option file '%s': %s\n"),
1947 config_filename, strerror(errno) );
1951 parse_rereadable_options (NULL, 1); /* Start from the default values. */
1953 memset (&pargs, 0, sizeof pargs);
1955 pargs.argc = &dummy;
1956 pargs.flags = 1; /* do not remove the args */
1957 while (optfile_parse (fp, config_filename, &configlineno, &pargs, opts) )
1959 if (pargs.r_opt < -1)
1960 pargs.err = 1; /* Print a warning. */
1961 else /* Try to parse this option - ignore unchangeable ones. */
1962 parse_rereadable_options (&pargs, 1);
1965 finalize_rereadable_options ();
1970 /* Return the file name of the socket we are using for native
1973 get_agent_socket_name (void)
1975 const char *s = socket_name;
1977 return (s && *s)? s : NULL;
1980 /* Return the file name of the socket we are using for SSH
1983 get_agent_ssh_socket_name (void)
1985 const char *s = socket_name_ssh;
1987 return (s && *s)? s : NULL;
1991 /* Return the number of active connections. */
1993 get_agent_active_connection_count (void)
1995 return active_connections;
1999 /* Under W32, this function returns the handle of the scdaemon
2000 notification event. Calling it the first time creates that
2002 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
2004 get_agent_scd_notify_event (void)
2006 static HANDLE the_event = INVALID_HANDLE_VALUE;
2008 if (the_event == INVALID_HANDLE_VALUE)
2011 SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
2013 /* We need to use a manual reset event object due to the way our
2014 w32-pth wait function works: If we would use an automatic
2015 reset event we are not able to figure out which handle has
2016 been signaled because at the time we single out the signaled
2017 handles using WFSO the event has already been reset due to
2019 h = CreateEvent (&sa, TRUE, FALSE, NULL);
2021 log_error ("can't create scd notify event: %s\n", w32_strerror (-1) );
2022 else if (!DuplicateHandle (GetCurrentProcess(), h,
2023 GetCurrentProcess(), &h2,
2024 EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0))
2026 log_error ("setting synchronize for scd notify event failed: %s\n",
2027 w32_strerror (-1) );
2039 #endif /*HAVE_W32_SYSTEM && !HAVE_W32CE_SYSTEM*/
2043 /* Create a name for the socket in the home directory as using
2044 STANDARD_NAME. We also check for valid characters as well as
2045 against a maximum allowed length for a unix domain socket is done.
2046 The function terminates the process in case of an error. Returns:
2047 Pointer to an allocated string with the absolute name of the socket
2050 create_socket_name (char *standard_name, int with_homedir)
2055 name = make_filename (gnupg_socketdir (), standard_name, NULL);
2057 name = make_filename (standard_name, NULL);
2058 if (strchr (name, PATHSEP_C))
2060 log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S);
2068 /* Create a Unix domain socket with NAME. Returns the file descriptor
2069 or terminates the process in case of an error. Note that this
2070 function needs to be used for the regular socket first (indicated
2071 by PRIMARY) and only then for the extra and the ssh sockets. If
2072 the socket has been redirected the name of the real socket is
2073 stored as a malloced string at R_REDIR_NAME. If CYGWIN is set a
2074 Cygwin compatible socket is created (Windows only). */
2076 create_server_socket (char *name, int primary, int cygwin,
2077 char **r_redir_name, assuan_sock_nonce_t *nonce)
2079 struct sockaddr *addr;
2080 struct sockaddr_un *unaddr;
2085 xfree (*r_redir_name);
2086 *r_redir_name = NULL;
2088 fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
2089 if (fd == ASSUAN_INVALID_FD)
2091 log_error (_("can't create socket: %s\n"), strerror (errno));
2092 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2097 assuan_sock_set_flag (fd, "cygwin", 1);
2099 unaddr = xmalloc (sizeof *unaddr);
2100 addr = (struct sockaddr*)unaddr;
2105 if (assuan_sock_set_sockaddr_un (name, addr, &redirected))
2107 if (errno == ENAMETOOLONG)
2108 log_error (_("socket name '%s' is too long\n"), name);
2110 log_error ("error preparing socket '%s': %s\n",
2111 name, gpg_strerror (gpg_error_from_syserror ()));
2112 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2117 *r_redir_name = xstrdup (unaddr->sun_path);
2119 log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name);
2123 len = SUN_LEN (unaddr);
2124 rc = assuan_sock_bind (fd, addr, len);
2126 /* Our error code mapping on W32CE returns EEXIST thus we also test
2129 && (errno == EADDRINUSE
2130 #ifdef HAVE_W32_SYSTEM
2135 /* Check whether a gpg-agent is already running. We do this
2136 test only if this is the primary socket. For secondary
2137 sockets we assume that a test for gpg-agent has already been
2138 done and reuse the requested socket. Testing the ssh-socket
2139 is not possible because at this point, though we know the new
2140 Assuan socket, the Assuan server and thus the ssh-agent
2141 server is not yet operational; this would lead to a hang. */
2142 if (primary && !check_for_running_agent (1))
2144 log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX);
2145 log_set_file (NULL);
2146 log_error (_("a gpg-agent is already running - "
2147 "not starting a new one\n"));
2148 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2149 assuan_sock_close (fd);
2152 gnupg_remove (unaddr->sun_path);
2153 rc = assuan_sock_bind (fd, addr, len);
2155 if (rc != -1 && (rc=assuan_sock_get_nonce (addr, len, nonce)))
2156 log_error (_("error getting nonce for the socket\n"));
2159 /* We use gpg_strerror here because it allows us to get strings
2160 for some W32 socket error codes. */
2161 log_error (_("error binding socket to '%s': %s\n"),
2163 gpg_strerror (gpg_error_from_syserror ()));
2165 assuan_sock_close (fd);
2166 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2170 if (gnupg_chmod (unaddr->sun_path, "-rwx"))
2171 log_error (_("can't set permissions of '%s': %s\n"),
2172 unaddr->sun_path, strerror (errno));
2174 if (listen (FD2INT(fd), 5 ) == -1)
2176 log_error (_("listen() failed: %s\n"), strerror (errno));
2177 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2178 assuan_sock_close (fd);
2183 log_info (_("listening on socket '%s'\n"), unaddr->sun_path);
2189 /* Check that the directory for storing the private keys exists and
2190 create it if not. This function won't fail as it is only a
2191 convenience function and not strictly necessary. */
2193 create_private_keys_directory (const char *home)
2196 struct stat statbuf;
2198 fname = make_filename (home, GNUPG_PRIVATE_KEYS_DIR, NULL);
2199 if (stat (fname, &statbuf) && errno == ENOENT)
2201 if (gnupg_mkdir (fname, "-rwx"))
2202 log_error (_("can't create directory '%s': %s\n"),
2203 fname, strerror (errno) );
2204 else if (!opt.quiet)
2205 log_info (_("directory '%s' created\n"), fname);
2207 if (gnupg_chmod (fname, "-rwx"))
2208 log_error (_("can't set permissions of '%s': %s\n"),
2209 fname, strerror (errno));
2214 /* Create the directory only if the supplied directory name is the
2215 same as the default one. This way we avoid to create arbitrary
2216 directories when a non-default home directory is used. To cope
2217 with HOME, we compare only the suffix if we see that the default
2218 homedir does start with a tilde. We don't stop here in case of
2219 problems because other functions will throw an error anyway.*/
2221 create_directories (void)
2223 struct stat statbuf;
2224 const char *defhome = standard_homedir ();
2227 home = make_filename (gnupg_homedir (), NULL);
2228 if ( stat (home, &statbuf) )
2230 if (errno == ENOENT)
2233 #ifdef HAVE_W32_SYSTEM
2234 ( !compare_filenames (home, defhome) )
2237 && (strlen (home) >= strlen (defhome+1)
2238 && !strcmp (home + strlen(home)
2239 - strlen (defhome+1), defhome+1)))
2240 || (*defhome != '~' && !strcmp (home, defhome) )
2244 if (gnupg_mkdir (home, "-rwx"))
2245 log_error (_("can't create directory '%s': %s\n"),
2246 home, strerror (errno) );
2250 log_info (_("directory '%s' created\n"), home);
2251 create_private_keys_directory (home);
2256 log_error (_("stat() failed for '%s': %s\n"), home, strerror (errno));
2258 else if ( !S_ISDIR(statbuf.st_mode))
2260 log_error (_("can't use '%s' as home directory\n"), home);
2262 else /* exists and is a directory. */
2264 create_private_keys_directory (home);
2271 /* This is the worker for the ticker. It is called every few seconds
2272 and may only do fast operations. */
2276 /* Check whether the scdaemon has died and cleanup in this case. */
2277 agent_scd_check_aliveness ();
2279 /* If we are running as a child of another process, check whether
2280 the parent is still alive and shutdown if not. */
2281 #ifndef HAVE_W32_SYSTEM
2282 if (parent_pid != (pid_t)(-1))
2284 if (kill (parent_pid, 0))
2286 shutdown_pending = 2;
2287 log_info ("parent process died - shutting down\n");
2288 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
2293 #endif /*HAVE_W32_SYSTEM*/
2297 /* A global function which allows us to call the reload stuff from
2298 other places too. This is only used when build for W32. */
2300 agent_sighup_action (void)
2302 log_info ("SIGHUP received - "
2303 "re-reading configuration and flushing cache\n");
2305 agent_flush_cache ();
2306 reread_configuration ();
2307 agent_reload_trustlist ();
2308 /* We flush the module name cache so that after installing a
2309 "pinentry" binary that one can be used in case the
2310 "pinentry-basic" fallback was in use. */
2311 gnupg_module_name_flush_some ();
2315 /* A helper function to handle SIGUSR2. */
2317 agent_sigusr2_action (void)
2320 log_info ("SIGUSR2 received - updating card event counter\n");
2321 /* Nothing to check right now. We only increment a counter. */
2322 bump_card_eventcounter ();
2326 #ifndef HAVE_W32_SYSTEM
2327 /* The signal handler for this program. It is expected to be run in
2328 its own trhead and not in the context of a signal handler. */
2330 handle_signal (int signo)
2334 #ifndef HAVE_W32_SYSTEM
2336 agent_sighup_action ();
2340 log_info ("SIGUSR1 received - printing internal information:\n");
2341 /* Fixme: We need to see how to integrate pth dumping into our
2343 /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */
2344 agent_query_dump_state ();
2345 agent_scd_dump_state ();
2349 agent_sigusr2_action ();
2352 /* nothing to do here, just take an extra cycle on the select loop */
2357 if (!shutdown_pending)
2358 log_info ("SIGTERM received - shutting down ...\n");
2360 log_info ("SIGTERM received - still %i open connections\n",
2361 active_connections);
2363 if (shutdown_pending > 2)
2365 log_info ("shutdown forced\n");
2366 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
2373 log_info ("SIGINT received - immediate shutdown\n");
2374 log_info( "%s %s stopped\n", strusage(11), strusage(13));
2380 log_info ("signal %d received - no action defined\n", signo);
2385 /* Check the nonce on a new connection. This is a NOP unless we we
2386 are using our Unix domain socket emulation under Windows. */
2388 check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
2390 if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))
2392 log_info (_("error reading nonce on fd %d: %s\n"),
2393 FD2INT(ctrl->thread_startup.fd), strerror (errno));
2394 assuan_sock_close (ctrl->thread_startup.fd);
2403 #ifdef HAVE_W32_SYSTEM
2404 /* The window message processing function for Putty. Warning: This
2405 code runs as a native Windows thread. Use of our own functions
2406 needs to be bracket with pth_leave/pth_enter. */
2407 static LRESULT CALLBACK
2408 putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
2412 COPYDATASTRUCT *cds;
2413 const char *mapfile;
2418 PSECURITY_DESCRIPTOR psd = NULL;
2421 if (msg != WM_COPYDATA)
2423 return DefWindowProc (hwnd, msg, wparam, lparam);
2426 cds = (COPYDATASTRUCT*)lparam;
2427 if (cds->dwData != PUTTY_IPC_MAGIC)
2428 return 0; /* Ignore data with the wrong magic. */
2429 mapfile = cds->lpData;
2430 if (!cds->cbData || mapfile[cds->cbData - 1])
2431 return 0; /* Ignore empty and non-properly terminated strings. */
2436 log_debug ("ssh map file '%s'", mapfile);
2440 maphd = OpenFileMapping (FILE_MAP_ALL_ACCESS, FALSE, mapfile);
2444 log_debug ("ssh map handle %p\n", maphd);
2448 if (!maphd || maphd == INVALID_HANDLE_VALUE)
2453 mysid = w32_get_user_sid ();
2456 log_error ("error getting my sid\n");
2460 w32rc = GetSecurityInfo (maphd, SE_KERNEL_OBJECT,
2461 OWNER_SECURITY_INFORMATION,
2462 &mapsid, NULL, NULL, NULL,
2466 log_error ("error getting sid of ssh map file: rc=%d", w32rc);
2474 if (!ConvertSidToStringSid (mysid, &sidstr))
2476 log_debug (" my sid: '%s'", sidstr? sidstr: "[error]");
2478 if (!ConvertSidToStringSid (mapsid, &sidstr))
2480 log_debug ("ssh map file sid: '%s'", sidstr? sidstr: "[error]");
2484 if (!EqualSid (mysid, mapsid))
2486 log_error ("ssh map file has a non-matching sid\n");
2490 data = MapViewOfFile (maphd, FILE_MAP_ALL_ACCESS, 0, 0, 0);
2492 log_debug ("ssh IPC buffer at %p\n", data);
2496 /* log_printhex ("request:", data, 20); */
2498 ctrl = xtrycalloc (1, sizeof *ctrl);
2501 log_error ("error allocating connection control data: %s\n",
2505 ctrl->session_env = session_env_new ();
2506 if (!ctrl->session_env)
2508 log_error ("error allocating session environment block: %s\n",
2513 agent_init_default_ctrl (ctrl);
2514 if (!serve_mmapped_ssh_request (ctrl, data, PUTTY_IPC_MAXLEN))
2515 ret = 1; /* Valid ssh message has been constructed. */
2516 agent_deinit_default_ctrl (ctrl);
2517 /* log_printhex (" reply:", data, 20); */
2522 UnmapViewOfFile (data);
2527 CloseHandle (maphd);
2533 #endif /*HAVE_W32_SYSTEM*/
2536 #ifdef HAVE_W32_SYSTEM
2537 /* The thread handling Putty's IPC requests. */
2539 putty_message_thread (void *arg)
2541 WNDCLASS wndwclass = {0, putty_message_proc, 0, 0,
2542 NULL, NULL, NULL, NULL, NULL, "Pageant"};
2549 log_info ("putty message loop thread started\n");
2551 /* The message loop runs as thread independent from our nPth system.
2552 This also means that we need to make sure that we switch back to
2553 our system before calling any no-windows function. */
2556 /* First create a window to make sure that a message queue exists
2558 if (!RegisterClass (&wndwclass))
2561 log_error ("error registering Pageant window class");
2564 hwnd = CreateWindowEx (0, "Pageant", "Pageant", 0,
2566 HWND_MESSAGE, /* hWndParent */
2567 NULL, /* hWndMenu */
2568 NULL, /* hInstance */
2573 log_error ("error creating Pageant window");
2577 while (GetMessage(&msg, NULL, 0, 0))
2579 TranslateMessage(&msg);
2580 DispatchMessage(&msg);
2587 log_info ("putty message loop thread stopped\n");
2590 #endif /*HAVE_W32_SYSTEM*/
2594 do_start_connection_thread (ctrl_t ctrl)
2596 active_connections++;
2597 agent_init_default_ctrl (ctrl);
2598 if (opt.verbose && !DBG_IPC)
2599 log_info (_("handler 0x%lx for fd %d started\n"),
2600 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2602 start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd);
2603 if (opt.verbose && !DBG_IPC)
2604 log_info (_("handler 0x%lx for fd %d terminated\n"),
2605 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2607 agent_deinit_default_ctrl (ctrl);
2609 active_connections--;
2614 /* This is the standard connection thread's main function. */
2616 start_connection_thread_std (void *arg)
2620 if (check_nonce (ctrl, &socket_nonce))
2622 log_error ("handler 0x%lx nonce check FAILED\n",
2623 (unsigned long) npth_self());
2627 return do_start_connection_thread (ctrl);
2631 /* This is the extra socket connection thread's main function. */
2633 start_connection_thread_extra (void *arg)
2637 if (check_nonce (ctrl, &socket_nonce_extra))
2639 log_error ("handler 0x%lx nonce check FAILED\n",
2640 (unsigned long) npth_self());
2644 ctrl->restricted = 1;
2645 return do_start_connection_thread (ctrl);
2649 /* This is the browser socket connection thread's main function. */
2651 start_connection_thread_browser (void *arg)
2655 if (check_nonce (ctrl, &socket_nonce_browser))
2657 log_error ("handler 0x%lx nonce check FAILED\n",
2658 (unsigned long) npth_self());
2662 ctrl->restricted = 2;
2663 return do_start_connection_thread (ctrl);
2667 /* This is the ssh connection thread's main function. */
2669 start_connection_thread_ssh (void *arg)
2673 if (check_nonce (ctrl, &socket_nonce_ssh))
2676 active_connections++;
2677 agent_init_default_ctrl (ctrl);
2679 log_info (_("ssh handler 0x%lx for fd %d started\n"),
2680 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2682 start_command_handler_ssh (ctrl, ctrl->thread_startup.fd);
2684 log_info (_("ssh handler 0x%lx for fd %d terminated\n"),
2685 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2687 agent_deinit_default_ctrl (ctrl);
2689 active_connections--;
2694 void interrupt_main_thread_loop (void)
2696 #ifndef HAVE_W32_SYSTEM
2697 kill (main_thread_pid, SIGCONT);
2701 /* helper function for readability: test whether a given struct
2702 timespec is set to all-zeros */
2704 tv_is_set (struct timespec tv)
2706 return tv.tv_sec || tv.tv_nsec;
2710 /* Connection handler loop. Wait for connection requests and spawn a
2711 thread after accepting a connection. */
2713 handle_connections (gnupg_fd_t listen_fd,
2714 gnupg_fd_t listen_fd_extra,
2715 gnupg_fd_t listen_fd_browser,
2716 gnupg_fd_t listen_fd_ssh)
2720 struct sockaddr_un paddr;
2722 fd_set fdset, read_fdset;
2728 struct timespec abstime;
2729 struct timespec curtime;
2730 struct timespec timeout;
2731 struct timespec *select_timeout;
2732 #ifdef HAVE_W32_SYSTEM
2734 unsigned int events_set;
2736 int my_inotify_fd = -1;
2739 void *(*func) (void *arg);
2742 { "std", start_connection_thread_std },
2743 { "extra", start_connection_thread_extra },
2744 { "browser", start_connection_thread_browser },
2745 { "ssh", start_connection_thread_ssh }
2748 struct timespec interval;
2749 void (*func) (void);
2750 struct timespec next;
2752 { { TIMERTICK_INTERVAL, 0 }, handle_tick },
2753 { { CHECK_OWN_SOCKET_INTERVAL, 0 }, check_own_socket }
2757 ret = npth_attr_init(&tattr);
2759 log_fatal ("error allocating thread attributes: %s\n",
2761 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
2763 #ifndef HAVE_W32_SYSTEM
2765 npth_sigev_add (SIGHUP);
2766 npth_sigev_add (SIGUSR1);
2767 npth_sigev_add (SIGUSR2);
2768 npth_sigev_add (SIGINT);
2769 npth_sigev_add (SIGCONT);
2770 npth_sigev_add (SIGTERM);
2772 main_thread_pid = getpid ();
2774 # ifdef HAVE_W32CE_SYSTEM
2775 /* Use a dummy event. */
2777 ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
2779 events[0] = get_agent_scd_notify_event ();
2780 events[1] = INVALID_HANDLE_VALUE;
2785 if (disable_check_own_socket)
2787 else if ((err = gnupg_inotify_watch_socket (&my_inotify_fd, socket_name)))
2789 if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
2790 log_info ("error enabling fast daemon termination: %s\n",
2791 gpg_strerror (err));
2794 /* On Windows we need to fire up a separate thread to listen for
2795 requests from Putty (an SSH client), so we can replace Putty's
2796 Pageant (its ssh-agent implementation). */
2797 #ifdef HAVE_W32_SYSTEM
2802 ret = npth_create (&thread, &tattr, putty_message_thread, NULL);
2805 log_error ("error spawning putty message loop: %s\n", strerror (ret));
2808 #endif /*HAVE_W32_SYSTEM*/
2810 /* Set a flag to tell call-scd.c that it may enable event
2812 opt.sigusr2_enabled = 1;
2815 FD_SET (FD2INT (listen_fd), &fdset);
2816 nfd = FD2INT (listen_fd);
2817 if (listen_fd_extra != GNUPG_INVALID_FD)
2819 FD_SET ( FD2INT(listen_fd_extra), &fdset);
2820 if (FD2INT (listen_fd_extra) > nfd)
2821 nfd = FD2INT (listen_fd_extra);
2823 if (listen_fd_browser != GNUPG_INVALID_FD)
2825 FD_SET ( FD2INT(listen_fd_browser), &fdset);
2826 if (FD2INT (listen_fd_browser) > nfd)
2827 nfd = FD2INT (listen_fd_browser);
2829 if (listen_fd_ssh != GNUPG_INVALID_FD)
2831 FD_SET ( FD2INT(listen_fd_ssh), &fdset);
2832 if (FD2INT (listen_fd_ssh) > nfd)
2833 nfd = FD2INT (listen_fd_ssh);
2835 if (my_inotify_fd != -1)
2837 FD_SET (my_inotify_fd, &fdset);
2838 if (my_inotify_fd > nfd)
2839 nfd = my_inotify_fd;
2842 listentbl[0].l_fd = listen_fd;
2843 listentbl[1].l_fd = listen_fd_extra;
2844 listentbl[2].l_fd = listen_fd_browser;
2845 listentbl[3].l_fd = listen_fd_ssh;
2849 /* Shutdown test. */
2850 if (shutdown_pending)
2852 if (active_connections == 0)
2855 /* Do not accept new connections but keep on running the
2856 * loop to cope with the timer events.
2858 * Note that we do not close the listening socket because a
2859 * client trying to connect to that socket would instead
2860 * restart a new dirmngr instance - which is unlikely the
2861 * intention of a shutdown. */
2864 if (my_inotify_fd != -1)
2866 FD_SET (my_inotify_fd, &fdset);
2867 nfd = my_inotify_fd;
2871 /* POSIX says that fd_set should be implemented as a structure,
2872 thus a simple assignment is fine to copy the entire set. */
2875 /* loop through all timers, fire any registered functions, and
2876 plan next timer to trigger */
2877 npth_clock_gettime (&curtime);
2878 abstime.tv_sec = abstime.tv_nsec = 0;
2879 for (idx=0; idx < DIM(timertbl); idx++)
2881 /* schedule any unscheduled timers */
2882 if ((!tv_is_set (timertbl[idx].next)) && tv_is_set (timertbl[idx].interval))
2883 npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next);
2884 /* if a timer is due, fire it ... */
2885 if (tv_is_set (timertbl[idx].next))
2887 if (!(npth_timercmp (&curtime, &timertbl[idx].next, <)))
2889 timertbl[idx].func ();
2890 npth_clock_gettime (&curtime);
2891 /* ...and reschedule it, if desired: */
2892 if (tv_is_set (timertbl[idx].interval))
2893 npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next);
2895 timertbl[idx].next.tv_sec = timertbl[idx].next.tv_nsec = 0;
2898 /* accumulate next timer to come due in abstime: */
2899 if (tv_is_set (timertbl[idx].next) &&
2900 ((!tv_is_set (abstime)) ||
2901 (npth_timercmp (&abstime, &timertbl[idx].next, >))))
2902 abstime = timertbl[idx].next;
2904 /* choose a timeout for the select loop: */
2905 if (tv_is_set (abstime))
2907 npth_timersub (&abstime, &curtime, &timeout);
2908 select_timeout = &timeout;
2911 select_timeout = NULL;
2914 #ifndef HAVE_W32_SYSTEM
2915 ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, select_timeout,
2916 npth_sigev_sigmask ());
2917 saved_errno = errno;
2921 while (npth_sigev_get_pending (&signo))
2922 handle_signal (signo);
2925 ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, select_timeout,
2926 events, &events_set);
2927 saved_errno = errno;
2929 /* This is valid even if npth_eselect returns an error. */
2931 agent_sigusr2_action ();
2934 if (ret == -1 && saved_errno != EINTR)
2936 log_error (_("npth_pselect failed: %s - waiting 1s\n"),
2937 strerror (saved_errno));
2942 /* Interrupt or timeout. Will be handled when calculating the
2946 if (!shutdown_pending)
2951 if (my_inotify_fd != -1
2952 && FD_ISSET (my_inotify_fd, &read_fdset)
2953 && gnupg_inotify_has_name (my_inotify_fd, GPG_AGENT_SOCK_NAME))
2955 shutdown_pending = 1;
2956 log_info ("socket file has been removed - shutting down\n");
2959 for (idx=0; idx < DIM(listentbl); idx++)
2961 if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
2963 if (!FD_ISSET (FD2INT (listentbl[idx].l_fd), &read_fdset))
2966 plen = sizeof paddr;
2967 fd = INT2FD (npth_accept (FD2INT(listentbl[idx].l_fd),
2968 (struct sockaddr *)&paddr, &plen));
2969 if (fd == GNUPG_INVALID_FD)
2971 log_error ("accept failed for %s: %s\n",
2972 listentbl[idx].name, strerror (errno));
2974 else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)))
2976 log_error ("error allocating connection data for %s: %s\n",
2977 listentbl[idx].name, strerror (errno) );
2978 assuan_sock_close (fd);
2980 else if ( !(ctrl->session_env = session_env_new ()))
2982 log_error ("error allocating session env block for %s: %s\n",
2983 listentbl[idx].name, strerror (errno) );
2985 assuan_sock_close (fd);
2989 ctrl->thread_startup.fd = fd;
2990 ret = npth_create (&thread, &tattr,
2991 listentbl[idx].func, ctrl);
2994 log_error ("error spawning connection handler for %s:"
2995 " %s\n", listentbl[idx].name, strerror (ret));
2996 assuan_sock_close (fd);
3000 fd = GNUPG_INVALID_FD;
3005 if (my_inotify_fd != -1)
3006 close (my_inotify_fd);
3008 log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
3009 npth_attr_destroy (&tattr);
3014 /* Helper for check_own_socket. */
3016 check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
3018 membuf_t *mb = opaque;
3019 put_membuf (mb, buffer, length);
3024 /* The thread running the actual check. We need to run this in a
3025 separate thread so that check_own_thread can be called from the
3028 check_own_socket_thread (void *arg)
3031 char *sockname = arg;
3032 assuan_context_t ctx = NULL;
3036 check_own_socket_running++;
3038 rc = assuan_new (&ctx);
3041 log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
3044 assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1);
3046 rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
3049 log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
3053 init_membuf (&mb, 100);
3054 rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb,
3055 NULL, NULL, NULL, NULL);
3056 put_membuf (&mb, "", 1);
3057 buffer = get_membuf (&mb, NULL);
3060 log_error ("sending command \"%s\" to my own socket failed: %s\n",
3061 "GETINFO pid", gpg_strerror (rc));
3064 else if ( (pid_t)strtoul (buffer, NULL, 10) != getpid ())
3066 log_error ("socket is now serviced by another server\n");
3069 else if (opt.verbose > 1)
3070 log_error ("socket is still served by this server\n");
3077 assuan_release (ctx);
3080 /* We may not remove the socket as it is now in use by another
3082 inhibit_socket_removal = 1;
3083 shutdown_pending = 2;
3084 log_info ("this process is useless - shutting down\n");
3086 check_own_socket_running--;
3091 /* Check whether we are still listening on our own socket. In case
3092 another gpg-agent process started after us has taken ownership of
3093 our socket, we would linger around without any real task. Thus we
3094 better check once in a while whether we are really needed. */
3096 check_own_socket (void)
3103 if (disable_check_own_socket)
3106 if (check_own_socket_running || shutdown_pending)
3107 return; /* Still running or already shutting down. */
3109 sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
3111 return; /* Out of memory. */
3113 err = npth_attr_init (&tattr);
3116 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
3117 err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
3119 log_error ("error spawning check_own_socket_thread: %s\n", strerror (err));
3120 npth_attr_destroy (&tattr);
3125 /* Figure out whether an agent is available and running. Prints an
3126 error if not. If SILENT is true, no messages are printed.
3127 Returns 0 if the agent is running. */
3129 check_for_running_agent (int silent)
3133 assuan_context_t ctx = NULL;
3135 sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
3137 return gpg_error_from_syserror ();
3139 err = assuan_new (&ctx);
3141 err = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
3146 log_error (_("no gpg-agent running in this session\n"));
3149 assuan_release (ctx);
3153 if (!opt.quiet && !silent)
3154 log_info ("gpg-agent running and available\n");
3156 assuan_release (ctx);