1 /* gpg-agent.c - The GnuPG Agent
2 * Copyright (C) 2000-2007, 2009-2010 Free Software Foundation, Inc.
3 * Copyright (C) 2000-2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
33 #ifdef HAVE_W32_SYSTEM
35 # define WINVER 0x0500 /* Same as in common/sysutils.c */
37 # ifdef HAVE_WINSOCK2_H
38 # include <winsock2.h>
42 #else /*!HAVE_W32_SYSTEM*/
43 # include <sys/socket.h>
45 #endif /*!HAVE_W32_SYSTEM*/
52 # include <sys/prctl.h>
55 #define GNUPG_COMMON_NEED_AFLOCAL
57 #include <assuan.h> /* Malloc hooks and socket wrappers. */
61 #include "gc-opt-flags.h"
64 #include "../common/init.h"
67 enum cmd_and_opt_values
98 oPinentryInvisibleChar,
111 oEnforcePassphraseConstraints,
113 oMinPassphraseNonalpha,
114 oCheckPassphrasePattern,
116 oEnablePassphraseHistory,
118 oNoUseStandardSocket,
123 oIgnoreCacheForSigning,
126 oAllowPresetPassphrase,
127 oAllowLoopbackPinentry,
128 oNoAllowLoopbackPinentry,
129 oNoAllowExternalCache,
136 oDisableCheckOwnSocket,
142 # define ENAMETOOLONG EINVAL
146 static ARGPARSE_OPTS opts[] = {
148 ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
149 ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
150 ARGPARSE_c (aUseStandardSocketP, "use-standard-socket-p", "@"),
152 ARGPARSE_group (301, N_("@Options:\n ")),
154 ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
155 ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")),
156 #ifndef HAVE_W32_SYSTEM
157 ARGPARSE_s_n (oSupervised, "supervised", N_("run in supervised mode")),
159 ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
160 ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
161 ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
162 ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
163 ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
165 ARGPARSE_s_s (oDebug, "debug", "@"),
166 ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
167 ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
168 ARGPARSE_s_i (oDebugWait," debug-wait", "@"),
169 ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"),
170 ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
172 ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
173 ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")),
174 ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")),
175 ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
176 /* */ N_("|PGM|use PGM as the PIN-Entry program")),
177 ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"),
178 ARGPARSE_s_s (oPinentryInvisibleChar, "pinentry-invisible-char", "@"),
179 ARGPARSE_s_u (oPinentryTimeout, "pinentry-timeout", "@"),
180 ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program",
181 /* */ N_("|PGM|use PGM as the SCdaemon program") ),
182 ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon",
183 /* */ N_("do not use the SCdaemon") ),
184 ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
186 ARGPARSE_s_s (oExtraSocket, "extra-socket",
187 /* */ N_("|NAME|accept some commands via NAME")),
189 ARGPARSE_s_s (oBrowserSocket, "browser-socket", "@"),
191 ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
193 ARGPARSE_s_n (oBatch, "batch", "@"),
194 ARGPARSE_s_s (oHomedir, "homedir", "@"),
196 ARGPARSE_s_s (oDisplay, "display", "@"),
197 ARGPARSE_s_s (oTTYname, "ttyname", "@"),
198 ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
199 ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
200 ARGPARSE_s_s (oLCmessages, "lc-messages", "@"),
201 ARGPARSE_s_s (oXauthority, "xauthority", "@"),
202 ARGPARSE_s_n (oKeepTTY, "keep-tty",
203 /* */ N_("ignore requests to change the TTY")),
204 ARGPARSE_s_n (oKeepDISPLAY, "keep-display",
205 /* */ N_("ignore requests to change the X display")),
207 ARGPARSE_s_u (oDefCacheTTL, "default-cache-ttl",
208 N_("|N|expire cached PINs after N seconds")),
209 ARGPARSE_s_u (oDefCacheTTLSSH, "default-cache-ttl-ssh", "@" ),
210 ARGPARSE_s_u (oMaxCacheTTL, "max-cache-ttl", "@" ),
211 ARGPARSE_s_u (oMaxCacheTTLSSH, "max-cache-ttl-ssh", "@" ),
213 ARGPARSE_s_n (oEnforcePassphraseConstraints, "enforce-passphrase-constraints",
215 ARGPARSE_s_u (oMinPassphraseLen, "min-passphrase-len", "@"),
216 ARGPARSE_s_u (oMinPassphraseNonalpha, "min-passphrase-nonalpha", "@"),
217 ARGPARSE_s_s (oCheckPassphrasePattern, "check-passphrase-pattern", "@"),
218 ARGPARSE_s_u (oMaxPassphraseDays, "max-passphrase-days", "@"),
219 ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history", "@"),
221 ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing",
222 /* */ N_("do not use the PIN cache when signing")),
223 ARGPARSE_s_n (oNoAllowExternalCache, "no-allow-external-cache",
224 /* */ N_("disallow the use of an external password cache")),
225 ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted",
226 /* */ N_("disallow clients to mark keys as \"trusted\"")),
227 ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"),
228 ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
229 /* */ N_("allow presetting passphrase")),
230 ARGPARSE_s_n (oNoAllowLoopbackPinentry, "no-allow-loopback-pinentry",
231 N_("disallow caller to override the pinentry")),
232 ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", "@"),
233 ARGPARSE_s_n (oAllowEmacsPinentry, "allow-emacs-pinentry",
234 /* */ N_("allow passphrase to be prompted through Emacs")),
236 ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")),
237 ARGPARSE_s_n (oPuttySupport, "enable-putty-support",
238 #ifdef HAVE_W32_SYSTEM
239 /* */ N_("enable putty support")
245 /* Dummy options for backward compatibility. */
246 ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
247 ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
248 ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),
250 {0} /* End of list */
254 /* The list of supported debug flags. */
255 static struct debug_flags_s debug_flags [] =
257 { DBG_MPI_VALUE , "mpi" },
258 { DBG_CRYPTO_VALUE , "crypto" },
259 { DBG_MEMORY_VALUE , "memory" },
260 { DBG_CACHE_VALUE , "cache" },
261 { DBG_MEMSTAT_VALUE, "memstat" },
262 { DBG_HASHING_VALUE, "hashing" },
263 { DBG_IPC_VALUE , "ipc" },
264 { 77, NULL } /* 77 := Do not exit on "help" or "?". */
269 #define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */
270 #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */
271 #define MAX_CACHE_TTL (120*60) /* 2 hours */
272 #define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */
273 #define MIN_PASSPHRASE_LEN (8)
274 #define MIN_PASSPHRASE_NONALPHA (1)
275 #define MAX_PASSPHRASE_DAYS (0)
277 /* The timer tick used for housekeeping stuff. For Windows we use a
278 longer period as the SetWaitableTimer seems to signal earlier than
279 the 2 seconds. CHECK_OWN_SOCKET_INTERVAL defines how often we
280 check our own socket in standard socket mode. If that value is 0
281 we don't check at all. All values are in seconds. */
282 #if defined(HAVE_W32CE_SYSTEM)
283 # define TIMERTICK_INTERVAL (60)
284 # define CHECK_OWN_SOCKET_INTERVAL (0) /* Never */
285 #elif defined(HAVE_W32_SYSTEM)
286 # define TIMERTICK_INTERVAL (4)
287 # define CHECK_OWN_SOCKET_INTERVAL (60)
289 # define TIMERTICK_INTERVAL (2)
290 # define CHECK_OWN_SOCKET_INTERVAL (60)
294 /* Flag indicating that the ssh-agent subsystem has been enabled. */
295 static int ssh_support;
297 #ifdef HAVE_W32_SYSTEM
298 /* Flag indicating that support for Putty has been enabled. */
299 static int putty_support;
300 /* A magic value used with WM_COPYDATA. */
301 #define PUTTY_IPC_MAGIC 0x804e50ba
302 /* To avoid surprises we limit the size of the mapped IPC file to this
303 value. Putty currently (0.62) uses 8k, thus 16k should be enough
304 for the foreseeable future. */
305 #define PUTTY_IPC_MAXLEN 16384
306 #endif /*HAVE_W32_SYSTEM*/
308 /* The list of open file descriptors at startup. Note that this list
309 * has been allocated using the standard malloc. */
310 #ifndef HAVE_W32_SYSTEM
311 static int *startup_fd_list;
314 /* The signal mask at startup and a flag telling whether it is valid. */
315 #ifdef HAVE_SIGPROCMASK
316 static sigset_t startup_signal_mask;
317 static int startup_signal_mask_valid;
320 /* Flag to indicate that a shutdown was requested. */
321 static int shutdown_pending;
323 /* Counter for the currently running own socket checks. */
324 static int check_own_socket_running;
326 /* Flags to indicate that check_own_socket shall not be called. */
327 static int disable_check_own_socket;
329 /* Flag indicating that we are in supervised mode. */
330 static int is_supervised;
332 /* Flag to inhibit socket removal in cleanup. */
333 static int inhibit_socket_removal;
335 /* It is possible that we are currently running under setuid permissions */
336 static int maybe_setuid = 1;
338 /* Name of the communication socket used for native gpg-agent
339 requests. The second variable is either NULL or a malloced string
340 with the real socket name in case it has been redirected. */
341 static char *socket_name;
342 static char *redir_socket_name;
344 /* Name of the optional extra socket used for native gpg-agent requests. */
345 static char *socket_name_extra;
346 static char *redir_socket_name_extra;
348 /* Name of the optional browser socket used for native gpg-agent requests. */
349 static char *socket_name_browser;
350 static char *redir_socket_name_browser;
352 /* Name of the communication socket used for ssh-agent protocol. */
353 static char *socket_name_ssh;
354 static char *redir_socket_name_ssh;
356 /* We need to keep track of the server's nonces (these are dummies for
358 static assuan_sock_nonce_t socket_nonce;
359 static assuan_sock_nonce_t socket_nonce_extra;
360 static assuan_sock_nonce_t socket_nonce_browser;
361 static assuan_sock_nonce_t socket_nonce_ssh;
364 /* Default values for options passed to the pinentry. */
365 static char *default_display;
366 static char *default_ttyname;
367 static char *default_ttytype;
368 static char *default_lc_ctype;
369 static char *default_lc_messages;
370 static char *default_xauthority;
372 /* Name of a config file, which will be reread on a HUP if it is not NULL. */
373 static char *config_filename;
375 /* Helper to implement --debug-level */
376 static const char *debug_level;
378 /* Keep track of the current log file so that we can avoid updating
379 the log file after a SIGHUP if it didn't changed. Malloced. */
380 static char *current_logfile;
382 /* The handle_tick() function may test whether a parent is still
383 running. We record the PID of the parent here or -1 if it should be
385 static pid_t parent_pid = (pid_t)(-1);
387 /* Record the pid of the main thread, for easier signalling */
388 static pid_t main_thread_pid = (pid_t)(-1);
390 /* Number of active connections. */
391 static int active_connections;
393 /* This object is used to dispatch progress messages from Libgcrypt to
394 * the right thread. Given that we will have at max only a few dozen
395 * connections at a time, using a linked list is the easiest way to
397 struct progress_dispatch_s
399 struct progress_dispatch_s *next;
400 /* The control object of the connection. If this is NULL no
401 * connection is associated with this item and it is free for reuse
402 * by new connections. */
405 /* The thread id of (npth_self) of the connection. */
408 /* The callback set by the connection. This is similar to the
409 * Libgcrypt callback but with the control object passed as the
411 void (*cb)(ctrl_t ctrl,
412 const char *what, int printchar,
413 int current, int total);
415 struct progress_dispatch_s *progress_dispatch_list;
424 static char *create_socket_name (char *standard_name, int with_homedir);
425 static gnupg_fd_t create_server_socket (char *name, int primary, int cygwin,
427 assuan_sock_nonce_t *nonce);
428 static void create_directories (void);
430 static void agent_libgcrypt_progress_cb (void *data, const char *what,
432 int current, int total);
433 static void agent_init_default_ctrl (ctrl_t ctrl);
434 static void agent_deinit_default_ctrl (ctrl_t ctrl);
436 static void handle_connections (gnupg_fd_t listen_fd,
437 gnupg_fd_t listen_fd_extra,
438 gnupg_fd_t listen_fd_browser,
439 gnupg_fd_t listen_fd_ssh);
440 static void check_own_socket (void);
441 static int check_for_running_agent (int silent);
443 /* Pth wrapper function definitions. */
444 ASSUAN_SYSTEM_NPTH_IMPL;
451 /* Allocate a string describing a library version by calling a GETFNC.
452 This function is expected to be called only once. GETFNC is
453 expected to have a semantic like gcry_check_version (). */
455 make_libversion (const char *libname, const char *(*getfnc)(const char*))
462 gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
466 result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
467 strcpy (stpcpy (stpcpy (result, libname), " "), s);
471 /* Return strings describing this program. The case values are
472 described in common/argparse.c:strusage. The values here override
473 the default values given by strusage. */
475 my_strusage (int level)
477 static char *ver_gcry;
482 case 11: p = "@GPG_AGENT@ (@GNUPG@)";
484 case 13: p = VERSION; break;
485 case 17: p = PRINTABLE_OS_NAME; break;
486 /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
487 reporting address. This is so that we can change the
488 reporting address without breaking the translations. */
489 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
493 ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
498 case 40: p = _("Usage: @GPG_AGENT@ [options] (-h for help)");
500 case 41: p = _("Syntax: @GPG_AGENT@ [options] [command [args]]\n"
501 "Secret key management for @GNUPG@\n");
511 /* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
512 only the active debug flags are propagated to the subsystems. With
513 DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
514 all flags already set. Note that we don't fail here, because it is
515 important to keep gpg-agent running even after re-reading the
516 options due to a SIGHUP. */
520 int numok = (debug_level && digitp (debug_level));
521 int numlvl = numok? atoi (debug_level) : 0;
525 else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
527 else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
528 opt.debug = DBG_IPC_VALUE;
529 else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
530 opt.debug = DBG_IPC_VALUE;
531 else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
532 opt.debug = (DBG_IPC_VALUE | DBG_CACHE_VALUE);
533 else if (!strcmp (debug_level, "guru") || numok)
536 /* Unless the "guru" string has been used we don't want to allow
537 hashing debugging. The rationale is that people tend to
538 select the highest debug value and would then clutter their
539 disk with debug files which may reveal confidential data. */
541 opt.debug &= ~(DBG_HASHING_VALUE);
545 log_error (_("invalid debug-level '%s' given\n"), debug_level);
546 opt.debug = 0; /* Reset debugging, so that prior debug
547 statements won't have an undesired effect. */
550 if (opt.debug && !opt.verbose)
552 if (opt.debug && opt.quiet)
555 if (opt.debug & DBG_MPI_VALUE)
556 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
557 if (opt.debug & DBG_CRYPTO_VALUE )
558 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
559 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
562 parse_debug_flag (NULL, &opt.debug, debug_flags);
566 /* Helper for cleanup to remove one socket with NAME. REDIR_NAME is
567 the corresponding real name if the socket has been redirected. */
569 remove_socket (char *name, char *redir_name)
582 /* Discover which inherited file descriptors correspond to which
583 * services/sockets offered by gpg-agent, using the LISTEN_FDS and
584 * LISTEN_FDNAMES convention. The understood labels are "ssh",
585 * "extra", and "browser". "std" or other labels will be interpreted
586 * as the standard socket.
588 * This function is designed to log errors when the expected file
589 * descriptors don't make sense, but to do its best to continue to
590 * work even in the face of minor misconfigurations.
592 * For more information on the LISTEN_FDS convention, see
593 * sd_listen_fds(3) on certain Linux distributions.
595 #ifndef HAVE_W32_SYSTEM
597 map_supervised_sockets (gnupg_fd_t *r_fd,
598 gnupg_fd_t *r_fd_extra,
599 gnupg_fd_t *r_fd_browser,
600 gnupg_fd_t *r_fd_ssh)
607 { "ssh", &r_fd_ssh, &socket_name_ssh },
608 { "browser", &r_fd_browser, &socket_name_browser },
609 { "extra", &r_fd_extra, &socket_name_extra },
610 { "std", &r_fd, &socket_name } /* (Must be the last item.) */
617 *r_fd = *r_fd_extra = *r_fd_browser = *r_fd_ssh = -1;
619 /* Print a warning if LISTEN_PID does not match outr pid. */
620 envvar = getenv ("LISTEN_PID");
622 log_error ("no LISTEN_PID environment variable found in "
623 "--supervised mode (ignoring)\n");
624 else if (strtoul (envvar, NULL, 10) != (unsigned long)getpid ())
625 log_error ("environment variable LISTEN_PID (%lu) does not match"
626 " our pid (%lu) in --supervised mode (ignoring)\n",
627 (unsigned long)strtoul (envvar, NULL, 10),
628 (unsigned long)getpid ());
630 /* Parse LISTEN_FDNAMES into the array FDNAMES. */
631 envvar = getenv ("LISTEN_FDNAMES");
634 fdnames = strtokenize (envvar, ":");
637 log_error ("strtokenize failed: %s\n",
638 gpg_strerror (gpg_error_from_syserror ()));
641 for (nfdnames=0; fdnames[nfdnames]; nfdnames++)
650 /* Parse LISTEN_FDS into fd_count or provide a replacement. */
651 envvar = getenv ("LISTEN_FDS");
653 fd_count = atoi (envvar);
656 log_error ("no LISTEN_FDS environment variable found in --supervised"
657 " mode (relying on LISTEN_FDNAMES instead)\n");
662 log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables "
663 "found in --supervised mode"
664 " (assuming 1 active descriptor)\n");
670 log_error ("--supervised mode expects at least one file descriptor"
671 " (was told %d, carrying on as though it were 1)\n",
676 /* Assign the descriptors to the return values. */
682 log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1"
683 " in --supervised mode."
684 " (ignoring all sockets but the first one)\n",
686 if (fstat (3, &statbuf) == -1 && errno ==EBADF)
687 log_fatal ("file descriptor 3 must be valid in --supervised mode"
688 " if LISTEN_FDNAMES is not set\n");
690 socket_name = gnupg_get_socket_name (3);
692 else if (fd_count != nfdnames)
694 log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match "
695 "LISTEN_FDS (%d) in --supervised mode\n",
703 for (i = 0; i < nfdnames; i++)
705 for (j = 0; j < DIM (tbl); j++)
707 if (!strcmp (fdnames[i], tbl[j].label) || j == DIM(tbl)-1)
710 if (**tbl[j].fdaddr == -1)
712 name = gnupg_get_socket_name (fd);
715 **tbl[j].fdaddr = fd;
716 *tbl[j].nameaddr = name;
717 log_info ("using fd %d for %s socket (%s)\n",
718 fd, tbl[j].label, name);
722 log_error ("cannot listen on fd %d for %s socket\n",
729 log_error ("cannot listen on more than one %s socket\n",
741 #endif /*!HAVE_W32_SYSTEM*/
744 /* Cleanup code for this program. This is either called has an atexit
745 handler or directly. */
754 deinitialize_module_cache ();
755 if (!is_supervised && !inhibit_socket_removal)
757 remove_socket (socket_name, redir_socket_name);
758 if (opt.extra_socket > 1)
759 remove_socket (socket_name_extra, redir_socket_name_extra);
760 if (opt.browser_socket > 1)
761 remove_socket (socket_name_browser, redir_socket_name_browser);
762 remove_socket (socket_name_ssh, redir_socket_name_ssh);
768 /* Handle options which are allowed to be reset after program start.
769 Return true when the current option in PARGS could be handled and
770 false if not. As a special feature, passing a value of NULL for
771 PARGS, resets the options to the default. REREAD should be set
772 true if it is not the initial option parsing. */
774 parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
782 opt.debug_pinentry = 0;
783 opt.pinentry_program = NULL;
784 opt.pinentry_touch_file = NULL;
785 xfree (opt.pinentry_invisible_char);
786 opt.pinentry_invisible_char = NULL;
787 opt.pinentry_timeout = 0;
788 opt.scdaemon_program = NULL;
789 opt.def_cache_ttl = DEFAULT_CACHE_TTL;
790 opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
791 opt.max_cache_ttl = MAX_CACHE_TTL;
792 opt.max_cache_ttl_ssh = MAX_CACHE_TTL_SSH;
793 opt.enforce_passphrase_constraints = 0;
794 opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
795 opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
796 opt.check_passphrase_pattern = NULL;
797 opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
798 opt.enable_passphrase_history = 0;
799 opt.ignore_cache_for_signing = 0;
800 opt.allow_mark_trusted = 1;
801 opt.allow_external_cache = 1;
802 opt.allow_loopback_pinentry = 1;
803 opt.allow_emacs_pinentry = 0;
804 opt.disable_scdaemon = 0;
805 disable_check_own_socket = 0;
809 switch (pargs->r_opt)
811 case oQuiet: opt.quiet = 1; break;
812 case oVerbose: opt.verbose++; break;
815 parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags);
817 case oDebugAll: opt.debug = ~0; break;
818 case oDebugLevel: debug_level = pargs->r.ret_str; break;
819 case oDebugPinentry: opt.debug_pinentry = 1; break;
823 return 0; /* not handeld */
824 if (!current_logfile || !pargs->r.ret_str
825 || strcmp (current_logfile, pargs->r.ret_str))
827 log_set_file (pargs->r.ret_str);
828 xfree (current_logfile);
829 current_logfile = xtrystrdup (pargs->r.ret_str);
833 case oNoGrab: opt.no_grab = 1; break;
835 case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
836 case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
837 case oPinentryInvisibleChar:
838 xfree (opt.pinentry_invisible_char);
839 opt.pinentry_invisible_char = xtrystrdup (pargs->r.ret_str); break;
841 case oPinentryTimeout: opt.pinentry_timeout = pargs->r.ret_ulong; break;
842 case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
843 case oDisableScdaemon: opt.disable_scdaemon = 1; break;
844 case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
846 case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
847 case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
848 case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
849 case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
851 case oEnforcePassphraseConstraints:
852 opt.enforce_passphrase_constraints=1;
854 case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break;
855 case oMinPassphraseNonalpha:
856 opt.min_passphrase_nonalpha = pargs->r.ret_ulong;
858 case oCheckPassphrasePattern:
859 opt.check_passphrase_pattern = pargs->r.ret_str;
861 case oMaxPassphraseDays:
862 opt.max_passphrase_days = pargs->r.ret_ulong;
864 case oEnablePassphraseHistory:
865 opt.enable_passphrase_history = 1;
868 case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
870 case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
871 case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
873 case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
875 case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break;
876 case oNoAllowLoopbackPinentry: opt.allow_loopback_pinentry = 0; break;
878 case oNoAllowExternalCache: opt.allow_external_cache = 0;
881 case oAllowEmacsPinentry: opt.allow_emacs_pinentry = 1;
885 return 0; /* not handled */
888 return 1; /* handled */
892 /* Fixup some options after all have been processed. */
894 finalize_rereadable_options (void)
900 thread_init_once (void)
902 static int npth_initialized = 0;
904 if (!npth_initialized)
909 gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
910 /* Now that we have set the syscall clamp we need to tell Libgcrypt
911 * that it should get them from libgpg-error. Note that Libgcrypt
912 * has already been initialized but at that point nPth was not
913 * initialized and thus Libgcrypt could not set its system call
915 #if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
916 gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
922 initialize_modules (void)
925 assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
926 initialize_module_cache ();
927 initialize_module_call_pinentry ();
928 initialize_module_call_scd ();
929 initialize_module_trustlist ();
933 /* The main entry point. */
935 main (int argc, char **argv )
940 FILE *configfp = NULL;
941 char *configname = NULL;
943 unsigned configlineno;
945 int default_config =1;
950 char *logfile = NULL;
952 int gpgconf_list = 0;
954 struct assuan_malloc_hooks malloc_hooks;
956 early_system_init ();
958 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
959 /* Disable ptrace on Linux without sgid bit */
960 prctl(PR_SET_DUMPABLE, 0);
963 /* Before we do anything else we save the list of currently open
964 file descriptors and the signal mask. This info is required to
965 do the exec call properly. We don't need it on Windows. */
966 #ifndef HAVE_W32_SYSTEM
967 startup_fd_list = get_all_open_fds ();
968 #endif /*!HAVE_W32_SYSTEM*/
969 #ifdef HAVE_SIGPROCMASK
970 if (!sigprocmask (SIG_UNBLOCK, NULL, &startup_signal_mask))
971 startup_signal_mask_valid = 1;
972 #endif /*HAVE_SIGPROCMASK*/
974 /* Set program name etc. */
975 set_strusage (my_strusage);
976 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
977 /* Please note that we may running SUID(ROOT), so be very CAREFUL
978 when adding any stuff between here and the call to INIT_SECMEM()
979 somewhere after the option parsing */
980 log_set_prefix (GPG_AGENT_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_WITH_PID);
982 /* Make sure that our subsystems are ready. */
984 init_common_subsystems (&argc, &argv);
986 malloc_hooks.malloc = gcry_malloc;
987 malloc_hooks.realloc = gcry_realloc;
988 malloc_hooks.free = gcry_free;
989 assuan_set_malloc_hooks (&malloc_hooks);
990 assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
992 setup_libassuan_logging (&opt.debug, NULL);
994 setup_libgcrypt_logging ();
995 gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
996 gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
998 disable_core_dumps ();
1000 /* Set default options. */
1001 parse_rereadable_options (NULL, 0); /* Reset them to default values. */
1003 shell = getenv ("SHELL");
1004 if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
1007 /* Record some of the original environment strings. */
1011 static const char *names[] =
1012 { "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL };
1015 opt.startup_env = session_env_new ();
1016 if (!opt.startup_env)
1017 err = gpg_error_from_syserror ();
1018 for (idx=0; !err && names[idx]; idx++)
1020 s = getenv (names[idx]);
1022 err = session_env_setenv (opt.startup_env, names[idx], s);
1026 s = gnupg_ttyname (0);
1028 err = session_env_setenv (opt.startup_env, "GPG_TTY", s);
1031 log_fatal ("error recording startup environment: %s\n",
1032 gpg_strerror (err));
1034 /* Fixme: Better use the locale function here. */
1035 opt.startup_lc_ctype = getenv ("LC_CTYPE");
1036 if (opt.startup_lc_ctype)
1037 opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype);
1038 opt.startup_lc_messages = getenv ("LC_MESSAGES");
1039 if (opt.startup_lc_messages)
1040 opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
1043 /* Check whether we have a config file on the commandline */
1048 pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
1049 while (arg_parse( &pargs, opts))
1051 if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
1053 else if (pargs.r_opt == oOptions)
1054 { /* yes there is one, so we do not try the default one, but
1055 read the option file when it is encountered at the
1059 else if (pargs.r_opt == oNoOptions)
1060 default_config = 0; /* --no-options */
1061 else if (pargs.r_opt == oHomedir)
1062 gnupg_set_homedir (pargs.r.ret_str);
1063 else if (pargs.r_opt == oDebugQuickRandom)
1065 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
1070 /* Initialize the secure memory. */
1071 gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);
1075 Now we are now working under our real uid
1079 configname = make_filename (gnupg_homedir (),
1080 GPG_AGENT_NAME EXTSEP_S "conf", NULL);
1086 pargs.flags= 1; /* do not remove the args */
1091 configfp = fopen (configname, "r");
1097 log_info (_("Note: no default option file '%s'\n"),
1099 /* Save the default conf file name so that
1100 reread_configuration is able to test whether the
1101 config file has been created in the meantime. */
1102 xfree (config_filename);
1103 config_filename = configname;
1108 log_error (_("option file '%s': %s\n"),
1109 configname, strerror(errno) );
1115 if (parse_debug && configname )
1116 log_info (_("reading options from '%s'\n"), configname );
1120 while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
1122 if (parse_rereadable_options (&pargs, 0))
1123 continue; /* Already handled */
1124 switch (pargs.r_opt)
1126 case aGPGConfList: gpgconf_list = 1; break;
1127 case aGPGConfTest: gpgconf_list = 2; break;
1128 case aUseStandardSocketP: gpgconf_list = 3; break;
1129 case oBatch: opt.batch=1; break;
1131 case oDebugWait: debug_wait = pargs.r.ret_int; break;
1134 /* config files may not be nested (silently ignore them) */
1138 configname = xstrdup(pargs.r.ret_str);
1142 case oNoGreeting: /* Dummy option. */ break;
1143 case oNoVerbose: opt.verbose = 0; break;
1144 case oNoOptions: break; /* no-options */
1145 case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
1146 case oNoDetach: nodetach = 1; break;
1147 case oLogFile: logfile = pargs.r.ret_str; break;
1148 case oCsh: csh_style = 1; break;
1149 case oSh: csh_style = 0; break;
1150 case oServer: pipe_server = 1; break;
1151 case oDaemon: is_daemon = 1; break;
1152 case oSupervised: is_supervised = 1; break;
1154 case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
1155 case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
1156 case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
1157 case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
1158 case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
1160 case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
1163 case oUseStandardSocket:
1164 case oNoUseStandardSocket:
1165 obsolete_option (configname, configlineno, "use-standard-socket");
1168 case oFakedSystemTime:
1170 time_t faked_time = isotime2epoch (pargs.r.ret_str);
1171 if (faked_time == (time_t)(-1))
1172 faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
1173 gnupg_set_time (faked_time, 0);
1177 case oKeepTTY: opt.keep_tty = 1; break;
1178 case oKeepDISPLAY: opt.keep_display = 1; break;
1184 # ifdef HAVE_W32_SYSTEM
1190 opt.extra_socket = 1; /* (1 = points into argv) */
1191 socket_name_extra = pargs.r.ret_str;
1194 case oBrowserSocket:
1195 opt.browser_socket = 1; /* (1 = points into argv) */
1196 socket_name_browser = pargs.r.ret_str;
1199 case oDebugQuickRandom:
1200 /* Only used by the first stage command line parser. */
1204 obsolete_option (configname, configlineno, "write-env-file");
1207 default : pargs.err = configfp? 1:2; break;
1214 /* Keep a copy of the name so that it can be read on SIGHUP. */
1215 if (config_filename != configname)
1217 xfree (config_filename);
1218 config_filename = configname;
1226 if (log_get_errorcount(0))
1229 finalize_rereadable_options ();
1231 /* Print a warning if an argument looks like an option. */
1232 if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
1236 for (i=0; i < argc; i++)
1237 if (argv[i][0] == '-' && argv[i][1] == '-')
1238 log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
1242 /* gpg-agent usually does not output any messages because it runs in
1243 the background. For log files it is acceptable to have messages
1244 always encoded in utf-8. We switch here to utf-8, so that
1245 commands like --help still give native messages. It is far
1246 easier to switch only once instead of for every message and it
1247 actually helps when more then one thread is active (avoids an
1248 extra copy step). */
1249 bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
1252 if (!pipe_server && !is_daemon && !gpgconf_list && !is_supervised)
1254 /* We have been called without any command and thus we merely
1255 check whether an agent is already running. We do this right
1256 here so that we don't clobber a logfile with this check but
1257 print the status directly to stderr. */
1260 check_for_running_agent (0);
1266 else if (!opt.extra_socket)
1267 opt.extra_socket = 1;
1268 else if (socket_name_extra
1269 && (!strcmp (socket_name_extra, "none")
1270 || !strcmp (socket_name_extra, "/dev/null")))
1272 /* User requested not to create this socket. */
1273 opt.extra_socket = 0;
1274 socket_name_extra = NULL;
1279 else if (!opt.browser_socket)
1280 opt.browser_socket = 1;
1281 else if (socket_name_browser
1282 && (!strcmp (socket_name_browser, "none")
1283 || !strcmp (socket_name_browser, "/dev/null")))
1285 /* User requested not to create this socket. */
1286 opt.browser_socket = 0;
1287 socket_name_browser = NULL;
1292 if (atexit (cleanup))
1294 log_error ("atexit failed\n");
1299 /* Try to create missing directories. */
1300 create_directories ();
1302 if (debug_wait && pipe_server)
1304 thread_init_once ();
1305 log_debug ("waiting for debugger - my pid is %u .....\n",
1306 (unsigned int)getpid());
1307 gnupg_sleep (debug_wait);
1308 log_debug ("... okay\n");
1311 if (gpgconf_list == 3)
1313 /* We now use the standard socket always - return true for
1314 backward compatibility. */
1317 else if (gpgconf_list == 2)
1319 else if (gpgconf_list)
1324 /* List options and default values in the GPG Conf format. */
1325 filename = make_filename (gnupg_homedir (),
1326 GPG_AGENT_NAME EXTSEP_S "conf", NULL);
1327 filename_esc = percent_escape (filename, NULL);
1329 es_printf ("%s-%s.conf:%lu:\"%s\n",
1330 GPGCONF_NAME, GPG_AGENT_NAME,
1331 GC_OPT_FLAG_DEFAULT, filename_esc);
1333 xfree (filename_esc);
1335 es_printf ("verbose:%lu:\n"
1337 "debug-level:%lu:\"none:\n"
1339 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
1340 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
1341 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1342 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME );
1343 es_printf ("default-cache-ttl:%lu:%d:\n",
1344 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL );
1345 es_printf ("default-cache-ttl-ssh:%lu:%d:\n",
1346 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH );
1347 es_printf ("max-cache-ttl:%lu:%d:\n",
1348 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL );
1349 es_printf ("max-cache-ttl-ssh:%lu:%d:\n",
1350 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH );
1351 es_printf ("enforce-passphrase-constraints:%lu:\n",
1352 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1353 es_printf ("min-passphrase-len:%lu:%d:\n",
1354 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN );
1355 es_printf ("min-passphrase-nonalpha:%lu:%d:\n",
1356 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1357 MIN_PASSPHRASE_NONALPHA);
1358 es_printf ("check-passphrase-pattern:%lu:\n",
1359 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
1360 es_printf ("max-passphrase-days:%lu:%d:\n",
1361 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1362 MAX_PASSPHRASE_DAYS);
1363 es_printf ("enable-passphrase-history:%lu:\n",
1364 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1365 es_printf ("no-grab:%lu:\n",
1366 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1367 es_printf ("ignore-cache-for-signing:%lu:\n",
1368 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1369 es_printf ("no-allow-external-cache:%lu:\n",
1370 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1371 es_printf ("no-allow-mark-trusted:%lu:\n",
1372 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1373 es_printf ("disable-scdaemon:%lu:\n",
1374 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1375 es_printf ("enable-ssh-support:%lu:\n", GC_OPT_FLAG_NONE);
1376 #ifdef HAVE_W32_SYSTEM
1377 es_printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE);
1379 es_printf ("no-allow-loopback-pinentry:%lu:\n",
1380 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1381 es_printf ("allow-emacs-pinentry:%lu:\n",
1382 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1383 es_printf ("pinentry-timeout:%lu:0:\n",
1384 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
1389 /* Now start with logging to a file if this is desired. */
1392 log_set_file (logfile);
1393 log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
1394 | GPGRT_LOG_WITH_TIME
1395 | GPGRT_LOG_WITH_PID));
1396 current_logfile = xstrdup (logfile);
1399 /* Make sure that we have a default ttyname. */
1400 if (!default_ttyname && gnupg_ttyname (1))
1401 default_ttyname = xstrdup (gnupg_ttyname (1));
1402 if (!default_ttytype && getenv ("TERM"))
1403 default_ttytype = xstrdup (getenv ("TERM"));
1408 /* This is the simple pipe based server */
1411 initialize_modules ();
1413 ctrl = xtrycalloc (1, sizeof *ctrl);
1416 log_error ("error allocating connection control data: %s\n",
1420 ctrl->session_env = session_env_new ();
1421 if (!ctrl->session_env)
1423 log_error ("error allocating session environment block: %s\n",
1428 agent_init_default_ctrl (ctrl);
1429 start_command_handler (ctrl, GNUPG_INVALID_FD, GNUPG_INVALID_FD);
1430 agent_deinit_default_ctrl (ctrl);
1433 else if (is_supervised)
1435 #ifndef HAVE_W32_SYSTEM
1436 gnupg_fd_t fd, fd_extra, fd_browser, fd_ssh;
1438 initialize_modules ();
1440 /* when supervised and sending logs to stderr, the process
1441 supervisor should handle log entry metadata (pid, name,
1444 log_set_prefix (NULL, 0);
1446 log_info ("%s %s starting in supervised mode.\n",
1447 strusage(11), strusage(13) );
1449 /* See below in "regular server mode" on why we remove certain
1451 if (!opt.keep_display)
1452 gnupg_unsetenv ("DISPLAY");
1453 gnupg_unsetenv ("INSIDE_EMACS");
1455 /* Virtually create the sockets. Note that we use -1 here
1456 * because the whole thing works only on Unix. */
1457 map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh);
1459 log_fatal ("no standard socket provided\n");
1461 #ifdef HAVE_SIGPROCMASK
1462 if (startup_signal_mask_valid)
1464 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1465 log_error ("error restoring signal mask: %s\n",
1469 log_info ("no saved signal mask\n");
1470 #endif /*HAVE_SIGPROCMASK*/
1472 log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n",
1473 fd, fd_extra, fd_browser, fd_ssh);
1474 handle_connections (fd, fd_extra, fd_browser, fd_ssh);
1475 #endif /*!HAVE_W32_SYSTEM*/
1477 else if (!is_daemon)
1480 { /* Regular server mode */
1482 gnupg_fd_t fd_extra = GNUPG_INVALID_FD;
1483 gnupg_fd_t fd_browser = GNUPG_INVALID_FD;
1484 gnupg_fd_t fd_ssh = GNUPG_INVALID_FD;
1485 #ifndef HAVE_W32_SYSTEM
1489 /* Remove the DISPLAY variable so that a pinentry does not
1490 default to a specific display. There is still a default
1491 display when gpg-agent was started using --display or a
1492 client requested this using an OPTION command. Note, that we
1493 don't do this when running in reverse daemon mode (i.e. when
1494 exec the program given as arguments). */
1495 #ifndef HAVE_W32_SYSTEM
1496 if (!opt.keep_display && !argc)
1497 gnupg_unsetenv ("DISPLAY");
1500 /* Remove the INSIDE_EMACS variable so that a pinentry does not
1501 always try to interact with Emacs. The variable is set when
1502 a client requested this using an OPTION command. */
1503 gnupg_unsetenv ("INSIDE_EMACS");
1505 /* Create the sockets. */
1506 socket_name = create_socket_name (GPG_AGENT_SOCK_NAME, 1);
1507 fd = create_server_socket (socket_name, 1, 0,
1508 &redir_socket_name, &socket_nonce);
1510 if (opt.extra_socket)
1512 if (socket_name_extra)
1513 socket_name_extra = create_socket_name (socket_name_extra, 0);
1515 socket_name_extra = create_socket_name
1516 /**/ (GPG_AGENT_EXTRA_SOCK_NAME, 1);
1517 opt.extra_socket = 2; /* Indicate that it has been malloced. */
1518 fd_extra = create_server_socket (socket_name_extra, 0, 0,
1519 &redir_socket_name_extra,
1520 &socket_nonce_extra);
1523 if (opt.browser_socket)
1525 if (socket_name_browser)
1526 socket_name_browser = create_socket_name (socket_name_browser, 0);
1528 socket_name_browser= create_socket_name
1529 /**/ (GPG_AGENT_BROWSER_SOCK_NAME, 1);
1530 opt.browser_socket = 2; /* Indicate that it has been malloced. */
1531 fd_browser = create_server_socket (socket_name_browser, 0, 0,
1532 &redir_socket_name_browser,
1533 &socket_nonce_browser);
1536 socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
1537 fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
1538 &redir_socket_name_ssh,
1541 /* If we are going to exec a program in the parent, we record
1542 the PID, so that the child may check whether the program is
1545 parent_pid = getpid ();
1549 #ifdef HAVE_W32_SYSTEM
1553 initialize_modules ();
1555 #else /*!HAVE_W32_SYSTEM*/
1558 if (pid == (pid_t)-1)
1560 log_fatal ("fork failed: %s\n", strerror (errno) );
1564 { /* We are the parent */
1565 char *infostr_ssh_sock, *infostr_ssh_valid;
1567 /* Close the socket FD. */
1570 /* The signal mask might not be correct right now and thus
1571 we restore it. That is not strictly necessary but some
1572 programs falsely assume a cleared signal mask. */
1574 #ifdef HAVE_SIGPROCMASK
1575 if (startup_signal_mask_valid)
1577 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1578 log_error ("error restoring signal mask: %s\n",
1582 log_info ("no saved signal mask\n");
1583 #endif /*HAVE_SIGPROCMASK*/
1585 /* Create the SSH info string if enabled. */
1588 if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s",
1589 socket_name_ssh) < 0)
1591 log_error ("out of core\n");
1592 kill (pid, SIGTERM);
1595 if (asprintf (&infostr_ssh_valid, "gnupg_SSH_AUTH_SOCK_by=%lu",
1596 (unsigned long)getpid()) < 0)
1598 log_error ("out of core\n");
1599 kill (pid, SIGTERM);
1604 *socket_name = 0; /* Don't let cleanup() remove the socket -
1605 the child should do this from now on */
1606 if (opt.extra_socket)
1607 *socket_name_extra = 0;
1608 if (opt.browser_socket)
1609 *socket_name_browser = 0;
1610 *socket_name_ssh = 0;
1613 { /* Run the program given on the commandline. */
1614 if (ssh_support && (putenv (infostr_ssh_sock)
1615 || putenv (infostr_ssh_valid)))
1617 log_error ("failed to set environment: %s\n",
1619 kill (pid, SIGTERM );
1623 /* Close all the file descriptors except the standard
1624 ones and those open at startup. We explicitly don't
1625 close 0,1,2 in case something went wrong collecting
1627 close_all_fds (3, startup_fd_list);
1629 /* Run the command. */
1630 execvp (argv[0], argv);
1631 log_error ("failed to run the command: %s\n", strerror (errno));
1632 kill (pid, SIGTERM);
1637 /* Print the environment string, so that the caller can use
1638 shell's eval to set it */
1643 *strchr (infostr_ssh_sock, '=') = ' ';
1644 es_printf ("setenv %s;\n", infostr_ssh_sock);
1651 es_printf ("%s; export SSH_AUTH_SOCK;\n",
1657 xfree (infostr_ssh_sock);
1658 xfree (infostr_ssh_valid);
1669 initialize_modules ();
1671 /* Detach from tty and put process into a new session */
1675 unsigned int oldflags;
1677 /* Close stdin, stdout and stderr unless it is the log stream */
1678 for (i=0; i <= 2; i++)
1680 if (!log_test_fd (i) && i != fd )
1683 && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
1685 log_error ("failed to open '%s': %s\n",
1686 "/dev/null", strerror (errno));
1694 log_error ("setsid() failed: %s\n", strerror(errno) );
1699 log_get_prefix (&oldflags);
1700 log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
1701 opt.running_detached = 1;
1706 log_error ("chdir to / failed: %s\n", strerror (errno));
1711 struct sigaction sa;
1713 sa.sa_handler = SIG_IGN;
1714 sigemptyset (&sa.sa_mask);
1716 sigaction (SIGPIPE, &sa, NULL);
1718 #endif /*!HAVE_W32_SYSTEM*/
1720 log_info ("%s %s started\n", strusage(11), strusage(13) );
1721 handle_connections (fd, fd_extra, fd_browser, fd_ssh);
1722 assuan_sock_close (fd);
1729 /* Exit entry point. This function should be called instead of a
1734 /*FIXME: update_random_seed_file();*/
1736 /* We run our cleanup handler because that may close cipher contexts
1737 stored in secure memory and thus this needs to be done before we
1738 explicitly terminate secure memory. */
1742 /* at this time a bit annoying */
1743 if (opt.debug & DBG_MEMSTAT_VALUE)
1745 gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
1746 gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
1749 gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
1751 gcry_control (GCRYCTL_TERM_SECMEM );
1752 rc = rc? rc : log_get_errorcount(0)? 2 : 0;
1757 /* This is our callback function for gcrypt progress messages. It is
1758 set once at startup and dispatches progress messages to the
1759 corresponding threads of the agent. */
1761 agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
1762 int current, int total)
1764 struct progress_dispatch_s *dispatch;
1765 npth_t mytid = npth_self ();
1769 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1770 if (dispatch->ctrl && dispatch->tid == mytid)
1772 if (dispatch && dispatch->cb)
1773 dispatch->cb (dispatch->ctrl, what, printchar, current, total);
1775 /* Libgcrypt < 1.8 does not know about nPth and thus when it reads
1776 * from /dev/random this will block the process. To mitigate this
1777 * problem we yield the thread when Libgcrypt tells us that it needs
1778 * more entropy. This way other threads have chance to run. */
1779 #if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */
1780 if (what && !strcmp (what, "need_entropy"))
1782 #if GPGRT_VERSION_NUMBER < 0x011900 /* 1.25 */
1783 /* In older gpg-error versions gpgrt_yield is buggy for use with
1784 * nPth and thus we need to resort to a sleep call. */
1785 npth_usleep (1000); /* 1ms */
1794 /* If a progress dispatcher callback has been associated with the
1795 * current connection unregister it. */
1797 unregister_progress_cb (void)
1799 struct progress_dispatch_s *dispatch;
1800 npth_t mytid = npth_self ();
1802 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1803 if (dispatch->ctrl && dispatch->tid == mytid)
1807 dispatch->ctrl = NULL;
1808 dispatch->cb = NULL;
1813 /* Setup a progress callback CB for the current connection. Using a
1814 * CB of NULL disables the callback. */
1816 agent_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what,
1817 int printchar, int current, int total),
1820 struct progress_dispatch_s *dispatch, *firstfree;
1821 npth_t mytid = npth_self ();
1824 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1826 if (dispatch->ctrl && dispatch->tid == mytid)
1828 if (!dispatch->ctrl && !firstfree)
1829 firstfree = dispatch;
1831 if (!dispatch) /* None allocated: Reuse or allocate a new one. */
1835 dispatch = firstfree;
1837 else if ((dispatch = xtrycalloc (1, sizeof *dispatch)))
1839 dispatch->next = progress_dispatch_list;
1840 progress_dispatch_list = dispatch;
1844 log_error ("error allocating new progress dispatcher slot: %s\n",
1845 gpg_strerror (gpg_error_from_syserror ()));
1848 dispatch->ctrl = ctrl;
1849 dispatch->tid = mytid;
1856 /* Each thread has its own local variables conveyed by a control
1857 structure usually identified by an argument named CTRL. This
1858 function is called immediately after allocating the control
1859 structure. Its purpose is to setup the default values for that
1860 structure. Note that some values may have already been set. */
1862 agent_init_default_ctrl (ctrl_t ctrl)
1864 assert (ctrl->session_env);
1866 /* Note we ignore malloc errors because we can't do much about it
1867 and the request will fail anyway shortly after this
1869 session_env_setenv (ctrl->session_env, "DISPLAY", default_display);
1870 session_env_setenv (ctrl->session_env, "GPG_TTY", default_ttyname);
1871 session_env_setenv (ctrl->session_env, "TERM", default_ttytype);
1872 session_env_setenv (ctrl->session_env, "XAUTHORITY", default_xauthority);
1873 session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", NULL);
1876 xfree (ctrl->lc_ctype);
1877 ctrl->lc_ctype = default_lc_ctype? xtrystrdup (default_lc_ctype) : NULL;
1879 if (ctrl->lc_messages)
1880 xfree (ctrl->lc_messages);
1881 ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages)
1883 ctrl->cache_ttl_opt_preset = CACHE_TTL_OPT_PRESET;
1887 /* Release all resources allocated by default in the control
1888 structure. This is the counterpart to agent_init_default_ctrl. */
1890 agent_deinit_default_ctrl (ctrl_t ctrl)
1892 unregister_progress_cb ();
1893 session_env_release (ctrl->session_env);
1896 xfree (ctrl->lc_ctype);
1897 if (ctrl->lc_messages)
1898 xfree (ctrl->lc_messages);
1902 /* Because the ssh protocol does not send us information about the
1903 current TTY setting, we use this function to use those from startup
1904 or those explicitly set. This is also used for the restricted mode
1905 where we ignore requests to change the environment. */
1907 agent_copy_startup_env (ctrl_t ctrl)
1909 static const char *names[] =
1910 {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
1911 gpg_error_t err = 0;
1915 for (idx=0; !err && names[idx]; idx++)
1916 if ((value = session_env_getenv (opt.startup_env, names[idx])))
1917 err = session_env_setenv (ctrl->session_env, names[idx], value);
1919 if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
1920 if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
1921 err = gpg_error_from_syserror ();
1923 if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
1924 if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
1925 err = gpg_error_from_syserror ();
1928 log_error ("error setting default session environment: %s\n",
1929 gpg_strerror (err));
1935 /* Reread parts of the configuration. Note, that this function is
1936 obviously not thread-safe and should only be called from the PTH
1939 Fixme: Due to the way the argument parsing works, we create a
1940 memory leak here for all string type arguments. There is currently
1941 no clean way to tell whether the memory for the argument has been
1942 allocated or points into the process' original arguments. Unless
1943 we have a mechanism to tell this, we need to live on with this. */
1945 reread_configuration (void)
1947 ARGPARSE_ARGS pargs;
1949 unsigned int configlineno = 0;
1952 if (!config_filename)
1953 return; /* No config file. */
1955 fp = fopen (config_filename, "r");
1958 log_info (_("option file '%s': %s\n"),
1959 config_filename, strerror(errno) );
1963 parse_rereadable_options (NULL, 1); /* Start from the default values. */
1965 memset (&pargs, 0, sizeof pargs);
1967 pargs.argc = &dummy;
1968 pargs.flags = 1; /* do not remove the args */
1969 while (optfile_parse (fp, config_filename, &configlineno, &pargs, opts) )
1971 if (pargs.r_opt < -1)
1972 pargs.err = 1; /* Print a warning. */
1973 else /* Try to parse this option - ignore unchangeable ones. */
1974 parse_rereadable_options (&pargs, 1);
1977 finalize_rereadable_options ();
1982 /* Return the file name of the socket we are using for native
1985 get_agent_socket_name (void)
1987 const char *s = socket_name;
1989 return (s && *s)? s : NULL;
1992 /* Return the file name of the socket we are using for SSH
1995 get_agent_ssh_socket_name (void)
1997 const char *s = socket_name_ssh;
1999 return (s && *s)? s : NULL;
2003 /* Return the number of active connections. */
2005 get_agent_active_connection_count (void)
2007 return active_connections;
2011 /* Under W32, this function returns the handle of the scdaemon
2012 notification event. Calling it the first time creates that
2014 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
2016 get_agent_scd_notify_event (void)
2018 static HANDLE the_event = INVALID_HANDLE_VALUE;
2020 if (the_event == INVALID_HANDLE_VALUE)
2023 SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
2025 /* We need to use a manual reset event object due to the way our
2026 w32-pth wait function works: If we would use an automatic
2027 reset event we are not able to figure out which handle has
2028 been signaled because at the time we single out the signaled
2029 handles using WFSO the event has already been reset due to
2031 h = CreateEvent (&sa, TRUE, FALSE, NULL);
2033 log_error ("can't create scd notify event: %s\n", w32_strerror (-1) );
2034 else if (!DuplicateHandle (GetCurrentProcess(), h,
2035 GetCurrentProcess(), &h2,
2036 EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0))
2038 log_error ("setting synchronize for scd notify event failed: %s\n",
2039 w32_strerror (-1) );
2051 #endif /*HAVE_W32_SYSTEM && !HAVE_W32CE_SYSTEM*/
2055 /* Create a name for the socket in the home directory as using
2056 STANDARD_NAME. We also check for valid characters as well as
2057 against a maximum allowed length for a unix domain socket is done.
2058 The function terminates the process in case of an error. Returns:
2059 Pointer to an allocated string with the absolute name of the socket
2062 create_socket_name (char *standard_name, int with_homedir)
2067 name = make_filename (gnupg_socketdir (), standard_name, NULL);
2069 name = make_filename (standard_name, NULL);
2070 if (strchr (name, PATHSEP_C))
2072 log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S);
2080 /* Create a Unix domain socket with NAME. Returns the file descriptor
2081 or terminates the process in case of an error. Note that this
2082 function needs to be used for the regular socket first (indicated
2083 by PRIMARY) and only then for the extra and the ssh sockets. If
2084 the socket has been redirected the name of the real socket is
2085 stored as a malloced string at R_REDIR_NAME. If CYGWIN is set a
2086 Cygwin compatible socket is created (Windows only). */
2088 create_server_socket (char *name, int primary, int cygwin,
2089 char **r_redir_name, assuan_sock_nonce_t *nonce)
2091 struct sockaddr *addr;
2092 struct sockaddr_un *unaddr;
2097 xfree (*r_redir_name);
2098 *r_redir_name = NULL;
2100 fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
2101 if (fd == ASSUAN_INVALID_FD)
2103 log_error (_("can't create socket: %s\n"), strerror (errno));
2104 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2109 assuan_sock_set_flag (fd, "cygwin", 1);
2111 unaddr = xmalloc (sizeof *unaddr);
2112 addr = (struct sockaddr*)unaddr;
2117 if (assuan_sock_set_sockaddr_un (name, addr, &redirected))
2119 if (errno == ENAMETOOLONG)
2120 log_error (_("socket name '%s' is too long\n"), name);
2122 log_error ("error preparing socket '%s': %s\n",
2123 name, gpg_strerror (gpg_error_from_syserror ()));
2124 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2129 *r_redir_name = xstrdup (unaddr->sun_path);
2131 log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name);
2135 len = SUN_LEN (unaddr);
2136 rc = assuan_sock_bind (fd, addr, len);
2138 /* Our error code mapping on W32CE returns EEXIST thus we also test
2141 && (errno == EADDRINUSE
2142 #ifdef HAVE_W32_SYSTEM
2147 /* Check whether a gpg-agent is already running. We do this
2148 test only if this is the primary socket. For secondary
2149 sockets we assume that a test for gpg-agent has already been
2150 done and reuse the requested socket. Testing the ssh-socket
2151 is not possible because at this point, though we know the new
2152 Assuan socket, the Assuan server and thus the ssh-agent
2153 server is not yet operational; this would lead to a hang. */
2154 if (primary && !check_for_running_agent (1))
2156 log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX);
2157 log_set_file (NULL);
2158 log_error (_("a gpg-agent is already running - "
2159 "not starting a new one\n"));
2160 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2161 assuan_sock_close (fd);
2164 gnupg_remove (unaddr->sun_path);
2165 rc = assuan_sock_bind (fd, addr, len);
2167 if (rc != -1 && (rc=assuan_sock_get_nonce (addr, len, nonce)))
2168 log_error (_("error getting nonce for the socket\n"));
2171 /* We use gpg_strerror here because it allows us to get strings
2172 for some W32 socket error codes. */
2173 log_error (_("error binding socket to '%s': %s\n"),
2175 gpg_strerror (gpg_error_from_syserror ()));
2177 assuan_sock_close (fd);
2178 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2182 if (gnupg_chmod (unaddr->sun_path, "-rwx"))
2183 log_error (_("can't set permissions of '%s': %s\n"),
2184 unaddr->sun_path, strerror (errno));
2186 if (listen (FD2INT(fd), 5 ) == -1)
2188 log_error (_("listen() failed: %s\n"), strerror (errno));
2189 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2190 assuan_sock_close (fd);
2195 log_info (_("listening on socket '%s'\n"), unaddr->sun_path);
2201 /* Check that the directory for storing the private keys exists and
2202 create it if not. This function won't fail as it is only a
2203 convenience function and not strictly necessary. */
2205 create_private_keys_directory (const char *home)
2208 struct stat statbuf;
2210 fname = make_filename (home, GNUPG_PRIVATE_KEYS_DIR, NULL);
2211 if (stat (fname, &statbuf) && errno == ENOENT)
2213 if (gnupg_mkdir (fname, "-rwx"))
2214 log_error (_("can't create directory '%s': %s\n"),
2215 fname, strerror (errno) );
2216 else if (!opt.quiet)
2217 log_info (_("directory '%s' created\n"), fname);
2219 if (gnupg_chmod (fname, "-rwx"))
2220 log_error (_("can't set permissions of '%s': %s\n"),
2221 fname, strerror (errno));
2226 /* Create the directory only if the supplied directory name is the
2227 same as the default one. This way we avoid to create arbitrary
2228 directories when a non-default home directory is used. To cope
2229 with HOME, we compare only the suffix if we see that the default
2230 homedir does start with a tilde. We don't stop here in case of
2231 problems because other functions will throw an error anyway.*/
2233 create_directories (void)
2235 struct stat statbuf;
2236 const char *defhome = standard_homedir ();
2239 home = make_filename (gnupg_homedir (), NULL);
2240 if ( stat (home, &statbuf) )
2242 if (errno == ENOENT)
2245 #ifdef HAVE_W32_SYSTEM
2246 ( !compare_filenames (home, defhome) )
2249 && (strlen (home) >= strlen (defhome+1)
2250 && !strcmp (home + strlen(home)
2251 - strlen (defhome+1), defhome+1)))
2252 || (*defhome != '~' && !strcmp (home, defhome) )
2256 if (gnupg_mkdir (home, "-rwx"))
2257 log_error (_("can't create directory '%s': %s\n"),
2258 home, strerror (errno) );
2262 log_info (_("directory '%s' created\n"), home);
2263 create_private_keys_directory (home);
2268 log_error (_("stat() failed for '%s': %s\n"), home, strerror (errno));
2270 else if ( !S_ISDIR(statbuf.st_mode))
2272 log_error (_("can't use '%s' as home directory\n"), home);
2274 else /* exists and is a directory. */
2276 create_private_keys_directory (home);
2285 #ifdef HAVE_W32_SYSTEM
2286 /* We do not know how to interrupt the select loop on Windows, so we
2287 always need a short tick there. */
2290 /* if we were invoked like "gpg-agent cmd arg1 arg2" then we need to
2291 watch our parent. */
2292 if (parent_pid != (pid_t)(-1))
2294 /* if scdaemon is running, we need to check that it's alive */
2295 if (agent_scd_check_running ())
2297 /* otherwise, nothing fine-grained to do. */
2299 #endif /*HAVE_W32_SYSTEM*/
2303 /* This is the worker for the ticker. It is called every few seconds
2304 and may only do fast operations. */
2308 /* Check whether the scdaemon has died and cleanup in this case. */
2309 agent_scd_check_aliveness ();
2311 /* If we are running as a child of another process, check whether
2312 the parent is still alive and shutdown if not. */
2313 #ifndef HAVE_W32_SYSTEM
2314 if (parent_pid != (pid_t)(-1))
2316 if (kill (parent_pid, 0))
2318 shutdown_pending = 2;
2319 log_info ("parent process died - shutting down\n");
2320 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
2325 #endif /*HAVE_W32_SYSTEM*/
2329 /* A global function which allows us to call the reload stuff from
2330 other places too. This is only used when build for W32. */
2332 agent_sighup_action (void)
2334 log_info ("SIGHUP received - "
2335 "re-reading configuration and flushing cache\n");
2337 agent_flush_cache ();
2338 reread_configuration ();
2339 agent_reload_trustlist ();
2340 /* We flush the module name cache so that after installing a
2341 "pinentry" binary that one can be used in case the
2342 "pinentry-basic" fallback was in use. */
2343 gnupg_module_name_flush_some ();
2347 /* A helper function to handle SIGUSR2. */
2349 agent_sigusr2_action (void)
2352 log_info ("SIGUSR2 received - updating card event counter\n");
2353 /* Nothing to check right now. We only increment a counter. */
2354 bump_card_eventcounter ();
2358 #ifndef HAVE_W32_SYSTEM
2359 /* The signal handler for this program. It is expected to be run in
2360 its own thread and not in the context of a signal handler. */
2362 handle_signal (int signo)
2366 #ifndef HAVE_W32_SYSTEM
2368 agent_sighup_action ();
2372 log_info ("SIGUSR1 received - printing internal information:\n");
2373 /* Fixme: We need to see how to integrate pth dumping into our
2375 /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */
2376 agent_query_dump_state ();
2377 agent_scd_dump_state ();
2381 agent_sigusr2_action ();
2384 /* nothing to do here, just take an extra cycle on the select loop */
2389 if (!shutdown_pending)
2390 log_info ("SIGTERM received - shutting down ...\n");
2392 log_info ("SIGTERM received - still %i open connections\n",
2393 active_connections);
2395 if (shutdown_pending > 2)
2397 log_info ("shutdown forced\n");
2398 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
2405 log_info ("SIGINT received - immediate shutdown\n");
2406 log_info( "%s %s stopped\n", strusage(11), strusage(13));
2412 log_info ("signal %d received - no action defined\n", signo);
2417 /* Check the nonce on a new connection. This is a NOP unless we we
2418 are using our Unix domain socket emulation under Windows. */
2420 check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
2422 if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))
2424 log_info (_("error reading nonce on fd %d: %s\n"),
2425 FD2INT(ctrl->thread_startup.fd), strerror (errno));
2426 assuan_sock_close (ctrl->thread_startup.fd);
2435 #ifdef HAVE_W32_SYSTEM
2436 /* The window message processing function for Putty. Warning: This
2437 code runs as a native Windows thread. Use of our own functions
2438 needs to be bracket with pth_leave/pth_enter. */
2439 static LRESULT CALLBACK
2440 putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
2444 COPYDATASTRUCT *cds;
2445 const char *mapfile;
2450 PSECURITY_DESCRIPTOR psd = NULL;
2453 if (msg != WM_COPYDATA)
2455 return DefWindowProc (hwnd, msg, wparam, lparam);
2458 cds = (COPYDATASTRUCT*)lparam;
2459 if (cds->dwData != PUTTY_IPC_MAGIC)
2460 return 0; /* Ignore data with the wrong magic. */
2461 mapfile = cds->lpData;
2462 if (!cds->cbData || mapfile[cds->cbData - 1])
2463 return 0; /* Ignore empty and non-properly terminated strings. */
2468 log_debug ("ssh map file '%s'", mapfile);
2472 maphd = OpenFileMapping (FILE_MAP_ALL_ACCESS, FALSE, mapfile);
2476 log_debug ("ssh map handle %p\n", maphd);
2480 if (!maphd || maphd == INVALID_HANDLE_VALUE)
2485 mysid = w32_get_user_sid ();
2488 log_error ("error getting my sid\n");
2492 w32rc = GetSecurityInfo (maphd, SE_KERNEL_OBJECT,
2493 OWNER_SECURITY_INFORMATION,
2494 &mapsid, NULL, NULL, NULL,
2498 log_error ("error getting sid of ssh map file: rc=%d", w32rc);
2506 if (!ConvertSidToStringSid (mysid, &sidstr))
2508 log_debug (" my sid: '%s'", sidstr? sidstr: "[error]");
2510 if (!ConvertSidToStringSid (mapsid, &sidstr))
2512 log_debug ("ssh map file sid: '%s'", sidstr? sidstr: "[error]");
2516 if (!EqualSid (mysid, mapsid))
2518 log_error ("ssh map file has a non-matching sid\n");
2522 data = MapViewOfFile (maphd, FILE_MAP_ALL_ACCESS, 0, 0, 0);
2524 log_debug ("ssh IPC buffer at %p\n", data);
2528 /* log_printhex ("request:", data, 20); */
2530 ctrl = xtrycalloc (1, sizeof *ctrl);
2533 log_error ("error allocating connection control data: %s\n",
2537 ctrl->session_env = session_env_new ();
2538 if (!ctrl->session_env)
2540 log_error ("error allocating session environment block: %s\n",
2545 agent_init_default_ctrl (ctrl);
2546 if (!serve_mmapped_ssh_request (ctrl, data, PUTTY_IPC_MAXLEN))
2547 ret = 1; /* Valid ssh message has been constructed. */
2548 agent_deinit_default_ctrl (ctrl);
2549 /* log_printhex (" reply:", data, 20); */
2554 UnmapViewOfFile (data);
2559 CloseHandle (maphd);
2565 #endif /*HAVE_W32_SYSTEM*/
2568 #ifdef HAVE_W32_SYSTEM
2569 /* The thread handling Putty's IPC requests. */
2571 putty_message_thread (void *arg)
2573 WNDCLASS wndwclass = {0, putty_message_proc, 0, 0,
2574 NULL, NULL, NULL, NULL, NULL, "Pageant"};
2581 log_info ("putty message loop thread started\n");
2583 /* The message loop runs as thread independent from our nPth system.
2584 This also means that we need to make sure that we switch back to
2585 our system before calling any no-windows function. */
2588 /* First create a window to make sure that a message queue exists
2590 if (!RegisterClass (&wndwclass))
2593 log_error ("error registering Pageant window class");
2596 hwnd = CreateWindowEx (0, "Pageant", "Pageant", 0,
2598 HWND_MESSAGE, /* hWndParent */
2599 NULL, /* hWndMenu */
2600 NULL, /* hInstance */
2605 log_error ("error creating Pageant window");
2609 while (GetMessage(&msg, NULL, 0, 0))
2611 TranslateMessage(&msg);
2612 DispatchMessage(&msg);
2619 log_info ("putty message loop thread stopped\n");
2622 #endif /*HAVE_W32_SYSTEM*/
2626 do_start_connection_thread (ctrl_t ctrl)
2628 active_connections++;
2629 agent_init_default_ctrl (ctrl);
2630 if (opt.verbose && !DBG_IPC)
2631 log_info (_("handler 0x%lx for fd %d started\n"),
2632 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2634 start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd);
2635 if (opt.verbose && !DBG_IPC)
2636 log_info (_("handler 0x%lx for fd %d terminated\n"),
2637 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2639 agent_deinit_default_ctrl (ctrl);
2641 if (--active_connections == 0)
2642 interrupt_main_thread_loop();
2647 /* This is the standard connection thread's main function. */
2649 start_connection_thread_std (void *arg)
2653 if (check_nonce (ctrl, &socket_nonce))
2655 log_error ("handler 0x%lx nonce check FAILED\n",
2656 (unsigned long) npth_self());
2660 return do_start_connection_thread (ctrl);
2664 /* This is the extra socket connection thread's main function. */
2666 start_connection_thread_extra (void *arg)
2670 if (check_nonce (ctrl, &socket_nonce_extra))
2672 log_error ("handler 0x%lx nonce check FAILED\n",
2673 (unsigned long) npth_self());
2677 ctrl->restricted = 1;
2678 return do_start_connection_thread (ctrl);
2682 /* This is the browser socket connection thread's main function. */
2684 start_connection_thread_browser (void *arg)
2688 if (check_nonce (ctrl, &socket_nonce_browser))
2690 log_error ("handler 0x%lx nonce check FAILED\n",
2691 (unsigned long) npth_self());
2695 ctrl->restricted = 2;
2696 return do_start_connection_thread (ctrl);
2700 /* This is the ssh connection thread's main function. */
2702 start_connection_thread_ssh (void *arg)
2706 if (check_nonce (ctrl, &socket_nonce_ssh))
2709 active_connections++;
2710 agent_init_default_ctrl (ctrl);
2712 log_info (_("ssh handler 0x%lx for fd %d started\n"),
2713 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2715 start_command_handler_ssh (ctrl, ctrl->thread_startup.fd);
2717 log_info (_("ssh handler 0x%lx for fd %d terminated\n"),
2718 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2720 agent_deinit_default_ctrl (ctrl);
2722 if (--active_connections == 0)
2723 interrupt_main_thread_loop();
2728 void interrupt_main_thread_loop (void)
2730 #ifndef HAVE_W32_SYSTEM
2731 kill (main_thread_pid, SIGCONT);
2735 /* helper function for readability: test whether a given struct
2736 timespec is set to all-zeros */
2738 tv_is_set (struct timespec tv)
2740 return tv.tv_sec || tv.tv_nsec;
2744 /* Connection handler loop. Wait for connection requests and spawn a
2745 thread after accepting a connection. */
2747 handle_connections (gnupg_fd_t listen_fd,
2748 gnupg_fd_t listen_fd_extra,
2749 gnupg_fd_t listen_fd_browser,
2750 gnupg_fd_t listen_fd_ssh)
2754 struct sockaddr_un paddr;
2756 fd_set fdset, read_fdset;
2762 struct timespec abstime;
2763 struct timespec curtime;
2764 struct timespec timeout;
2765 struct timespec *select_timeout;
2766 #ifdef HAVE_W32_SYSTEM
2768 unsigned int events_set;
2770 int my_inotify_fd = -1;
2773 void *(*func) (void *arg);
2776 { "std", start_connection_thread_std },
2777 { "extra", start_connection_thread_extra },
2778 { "browser", start_connection_thread_browser },
2779 { "ssh", start_connection_thread_ssh }
2782 struct timespec interval;
2783 void (*func) (void);
2784 struct timespec next;
2786 { { TIMERTICK_INTERVAL, 0 }, handle_tick },
2787 { { CHECK_OWN_SOCKET_INTERVAL, 0 }, check_own_socket }
2791 ret = npth_attr_init(&tattr);
2793 log_fatal ("error allocating thread attributes: %s\n",
2795 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
2797 #ifndef HAVE_W32_SYSTEM
2799 npth_sigev_add (SIGHUP);
2800 npth_sigev_add (SIGUSR1);
2801 npth_sigev_add (SIGUSR2);
2802 npth_sigev_add (SIGINT);
2803 npth_sigev_add (SIGCONT);
2804 npth_sigev_add (SIGTERM);
2806 main_thread_pid = getpid ();
2808 # ifdef HAVE_W32CE_SYSTEM
2809 /* Use a dummy event. */
2811 ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
2813 events[0] = get_agent_scd_notify_event ();
2814 events[1] = INVALID_HANDLE_VALUE;
2818 if (disable_check_own_socket)
2820 else if ((err = gnupg_inotify_watch_socket (&my_inotify_fd, socket_name)))
2822 if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
2823 log_info ("error enabling fast daemon termination: %s\n",
2824 gpg_strerror (err));
2827 /* On Windows we need to fire up a separate thread to listen for
2828 requests from Putty (an SSH client), so we can replace Putty's
2829 Pageant (its ssh-agent implementation). */
2830 #ifdef HAVE_W32_SYSTEM
2835 ret = npth_create (&thread, &tattr, putty_message_thread, NULL);
2838 log_error ("error spawning putty message loop: %s\n", strerror (ret));
2841 #endif /*HAVE_W32_SYSTEM*/
2843 /* Set a flag to tell call-scd.c that it may enable event
2845 opt.sigusr2_enabled = 1;
2848 FD_SET (FD2INT (listen_fd), &fdset);
2849 nfd = FD2INT (listen_fd);
2850 if (listen_fd_extra != GNUPG_INVALID_FD)
2852 FD_SET ( FD2INT(listen_fd_extra), &fdset);
2853 if (FD2INT (listen_fd_extra) > nfd)
2854 nfd = FD2INT (listen_fd_extra);
2856 if (listen_fd_browser != GNUPG_INVALID_FD)
2858 FD_SET ( FD2INT(listen_fd_browser), &fdset);
2859 if (FD2INT (listen_fd_browser) > nfd)
2860 nfd = FD2INT (listen_fd_browser);
2862 if (listen_fd_ssh != GNUPG_INVALID_FD)
2864 FD_SET ( FD2INT(listen_fd_ssh), &fdset);
2865 if (FD2INT (listen_fd_ssh) > nfd)
2866 nfd = FD2INT (listen_fd_ssh);
2868 if (my_inotify_fd != -1)
2870 FD_SET (my_inotify_fd, &fdset);
2871 if (my_inotify_fd > nfd)
2872 nfd = my_inotify_fd;
2875 listentbl[0].l_fd = listen_fd;
2876 listentbl[1].l_fd = listen_fd_extra;
2877 listentbl[2].l_fd = listen_fd_browser;
2878 listentbl[3].l_fd = listen_fd_ssh;
2882 /* Shutdown test. */
2883 if (shutdown_pending)
2885 if (active_connections == 0)
2888 /* Do not accept new connections but keep on running the
2889 * loop to cope with the timer events.
2891 * Note that we do not close the listening socket because a
2892 * client trying to connect to that socket would instead
2893 * restart a new dirmngr instance - which is unlikely the
2894 * intention of a shutdown. */
2897 if (my_inotify_fd != -1)
2899 FD_SET (my_inotify_fd, &fdset);
2900 nfd = my_inotify_fd;
2904 /* POSIX says that fd_set should be implemented as a structure,
2905 thus a simple assignment is fine to copy the entire set. */
2908 /* avoid a fine-grained timer if we don't need one: */
2909 timertbl[0].interval.tv_sec = need_tick () ? TIMERTICK_INTERVAL : 0;
2910 /* avoid waking up to check sockets if we can count on inotify */
2911 timertbl[1].interval.tv_sec = (my_inotify_fd == -1) ? CHECK_OWN_SOCKET_INTERVAL : 0;
2913 /* loop through all timers, fire any registered functions, and
2914 plan next timer to trigger */
2915 npth_clock_gettime (&curtime);
2916 abstime.tv_sec = abstime.tv_nsec = 0;
2917 for (idx=0; idx < DIM(timertbl); idx++)
2919 /* schedule any unscheduled timers */
2920 if ((!tv_is_set (timertbl[idx].next)) && tv_is_set (timertbl[idx].interval))
2921 npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next);
2922 /* if a timer is due, fire it ... */
2923 if (tv_is_set (timertbl[idx].next))
2925 if (!(npth_timercmp (&curtime, &timertbl[idx].next, <)))
2927 timertbl[idx].func ();
2928 npth_clock_gettime (&curtime);
2929 /* ...and reschedule it, if desired: */
2930 if (tv_is_set (timertbl[idx].interval))
2931 npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next);
2933 timertbl[idx].next.tv_sec = timertbl[idx].next.tv_nsec = 0;
2936 /* accumulate next timer to come due in abstime: */
2937 if (tv_is_set (timertbl[idx].next) &&
2938 ((!tv_is_set (abstime)) ||
2939 (npth_timercmp (&abstime, &timertbl[idx].next, >))))
2940 abstime = timertbl[idx].next;
2942 /* choose a timeout for the select loop: */
2943 if (tv_is_set (abstime))
2945 npth_timersub (&abstime, &curtime, &timeout);
2946 select_timeout = &timeout;
2949 select_timeout = NULL;
2952 #ifndef HAVE_W32_SYSTEM
2953 ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, select_timeout,
2954 npth_sigev_sigmask ());
2955 saved_errno = errno;
2959 while (npth_sigev_get_pending (&signo))
2960 handle_signal (signo);
2963 ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, select_timeout,
2964 events, &events_set);
2965 saved_errno = errno;
2967 /* This is valid even if npth_eselect returns an error. */
2969 agent_sigusr2_action ();
2972 if (ret == -1 && saved_errno != EINTR)
2974 log_error (_("npth_pselect failed: %s - waiting 1s\n"),
2975 strerror (saved_errno));
2980 /* Interrupt or timeout. Will be handled when calculating the
2984 if (!shutdown_pending)
2989 if (my_inotify_fd != -1
2990 && FD_ISSET (my_inotify_fd, &read_fdset)
2991 && gnupg_inotify_has_name (my_inotify_fd, GPG_AGENT_SOCK_NAME))
2993 shutdown_pending = 1;
2994 log_info ("socket file has been removed - shutting down\n");
2997 for (idx=0; idx < DIM(listentbl); idx++)
2999 if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
3001 if (!FD_ISSET (FD2INT (listentbl[idx].l_fd), &read_fdset))
3004 plen = sizeof paddr;
3005 fd = INT2FD (npth_accept (FD2INT(listentbl[idx].l_fd),
3006 (struct sockaddr *)&paddr, &plen));
3007 if (fd == GNUPG_INVALID_FD)
3009 log_error ("accept failed for %s: %s\n",
3010 listentbl[idx].name, strerror (errno));
3012 else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)))
3014 log_error ("error allocating connection data for %s: %s\n",
3015 listentbl[idx].name, strerror (errno) );
3016 assuan_sock_close (fd);
3018 else if ( !(ctrl->session_env = session_env_new ()))
3020 log_error ("error allocating session env block for %s: %s\n",
3021 listentbl[idx].name, strerror (errno) );
3023 assuan_sock_close (fd);
3027 ctrl->thread_startup.fd = fd;
3028 ret = npth_create (&thread, &tattr,
3029 listentbl[idx].func, ctrl);
3032 log_error ("error spawning connection handler for %s:"
3033 " %s\n", listentbl[idx].name, strerror (ret));
3034 assuan_sock_close (fd);
3038 fd = GNUPG_INVALID_FD;
3043 if (my_inotify_fd != -1)
3044 close (my_inotify_fd);
3046 log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
3047 npth_attr_destroy (&tattr);
3052 /* Helper for check_own_socket. */
3054 check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
3056 membuf_t *mb = opaque;
3057 put_membuf (mb, buffer, length);
3062 /* The thread running the actual check. We need to run this in a
3063 separate thread so that check_own_thread can be called from the
3066 check_own_socket_thread (void *arg)
3069 char *sockname = arg;
3070 assuan_context_t ctx = NULL;
3074 check_own_socket_running++;
3076 rc = assuan_new (&ctx);
3079 log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
3082 assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1);
3084 rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
3087 log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
3091 init_membuf (&mb, 100);
3092 rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb,
3093 NULL, NULL, NULL, NULL);
3094 put_membuf (&mb, "", 1);
3095 buffer = get_membuf (&mb, NULL);
3098 log_error ("sending command \"%s\" to my own socket failed: %s\n",
3099 "GETINFO pid", gpg_strerror (rc));
3102 else if ( (pid_t)strtoul (buffer, NULL, 10) != getpid ())
3104 log_error ("socket is now serviced by another server\n");
3107 else if (opt.verbose > 1)
3108 log_error ("socket is still served by this server\n");
3115 assuan_release (ctx);
3118 /* We may not remove the socket as it is now in use by another
3120 inhibit_socket_removal = 1;
3121 shutdown_pending = 2;
3122 log_info ("this process is useless - shutting down\n");
3124 check_own_socket_running--;
3129 /* Check whether we are still listening on our own socket. In case
3130 another gpg-agent process started after us has taken ownership of
3131 our socket, we would linger around without any real task. Thus we
3132 better check once in a while whether we are really needed. */
3134 check_own_socket (void)
3141 if (disable_check_own_socket)
3144 if (check_own_socket_running || shutdown_pending)
3145 return; /* Still running or already shutting down. */
3147 sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
3149 return; /* Out of memory. */
3151 err = npth_attr_init (&tattr);
3154 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
3155 err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
3157 log_error ("error spawning check_own_socket_thread: %s\n", strerror (err));
3158 npth_attr_destroy (&tattr);
3163 /* Figure out whether an agent is available and running. Prints an
3164 error if not. If SILENT is true, no messages are printed.
3165 Returns 0 if the agent is running. */
3167 check_for_running_agent (int silent)
3171 assuan_context_t ctx = NULL;
3173 sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
3175 return gpg_error_from_syserror ();
3177 err = assuan_new (&ctx);
3179 err = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
3184 log_error (_("no gpg-agent running in this session\n"));
3187 assuan_release (ctx);
3191 if (!opt.quiet && !silent)
3192 log_info ("gpg-agent running and available\n");
3194 assuan_release (ctx);