1 /* homedir.c - Setup the home directory.
2 * Copyright (C) 2004, 2006, 2007, 2010 Free Software Foundation, Inc.
3 * Copyright (C) 2013, 2016 Werner Koch
5 * This file is part of GnuPG.
7 * This file is free software; you can redistribute it and/or modify
8 * it under the terms of either
10 * - the GNU Lesser General Public License as published by the Free
11 * Software Foundation; either version 3 of the License, or (at
12 * your option) any later version.
16 * - the GNU General Public License as published by the Free
17 * Software Foundation; either version 2 of the License, or (at
18 * your option) any later version.
20 * or both in parallel, as here.
22 * This file is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, see <https://www.gnu.org/licenses/>.
37 #ifdef HAVE_W32_SYSTEM
38 #include <winsock2.h> /* Due to the stupid mingw64 requirement to
39 include this header before windows.h which
40 is often implicitly included. */
43 #define CSIDL_APPDATA 0x001a
45 #ifndef CSIDL_LOCAL_APPDATA
46 #define CSIDL_LOCAL_APPDATA 0x001c
48 #ifndef CSIDL_COMMON_APPDATA
49 #define CSIDL_COMMON_APPDATA 0x0023
51 #ifndef CSIDL_FLAG_CREATE
52 #define CSIDL_FLAG_CREATE 0x8000
54 #endif /*HAVE_W32_SYSTEM*/
57 #include <sys/stat.h> /* for stat() */
66 /* The GnuPG homedir. This is only accessed by the functions
67 * gnupg_homedir and gnupg_set_homedir. Malloced. */
68 static char *the_gnupg_homedir;
70 /* Flag indicating that home directory is not the default one. */
71 static byte non_default_homedir;
74 #ifdef HAVE_W32_SYSTEM
75 /* A flag used to indicate that a control file for gpgconf has been
76 detected. Under Windows the presence of this file indicates a
77 portable installations and triggers several changes:
79 - The GNUGHOME directory is fixed relative to installation
80 directory. All other means to set the home directory are ignore.
82 - All registry variables will be ignored.
84 This flag is not used on Unix systems.
86 static byte w32_portable_app;
87 #endif /*HAVE_W32_SYSTEM*/
89 #ifdef HAVE_W32_SYSTEM
90 /* This flag is true if this process' binary has been installed under
91 bin and not in the root directory as often used before GnuPG 2.1. */
92 static byte w32_bin_is_bin;
93 #endif /*HAVE_W32_SYSTEM*/
96 #ifdef HAVE_W32_SYSTEM
97 static const char *w32_rootdir (void);
102 #ifdef HAVE_W32_SYSTEM
104 w32_try_mkdir (const char *dir)
106 #ifdef HAVE_W32CE_SYSTEM
107 wchar_t *wdir = utf8_to_wchar (dir);
110 CreateDirectory (wdir, NULL);
114 CreateDirectory (dir, NULL);
120 /* This is a helper function to load a Windows function from either of
122 #ifdef HAVE_W32_SYSTEM
124 w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
126 static int initialized;
127 static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPSTR);
131 static char *dllnames[] = { "shell32.dll", "shfolder.dll", NULL };
137 for (i=0, handle = NULL; !handle && dllnames[i]; i++)
139 handle = dlopen (dllnames[i], RTLD_LAZY);
142 func = dlsym (handle, "SHGetFolderPathA");
153 return func (a,b,c,d,e);
157 #endif /*HAVE_W32_SYSTEM*/
160 /* Check whether DIR is the default homedir. */
162 is_gnupg_default_homedir (const char *dir)
165 char *a = make_absfilename (dir, NULL);
166 char *b = make_absfilename (GNUPG_DEFAULT_HOMEDIR, NULL);
167 result = !compare_filenames (a, b);
174 /* Get the standard home directory. In general this function should
175 not be used as it does not consider a registry value (under W32) or
176 the GNUPGHOME environment variable. It is better to use
177 default_homedir(). */
179 standard_homedir (void)
181 #ifdef HAVE_W32_SYSTEM
182 static const char *dir;
188 rdir = w32_rootdir ();
189 if (w32_portable_app)
191 dir = xstrconcat (rdir, DIRSEP_S "home", NULL);
197 /* It might be better to use LOCAL_APPDATA because this is
198 defined as "non roaming" and thus more likely to be kept
199 locally. For private keys this is desired. However,
200 given that many users copy private keys anyway forth and
201 back, using a system roaming services might be better
202 than to let them do it manually. A security conscious
203 user will anyway use the registry entry to have better
205 if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
208 char *tmp = xmalloc (strlen (path) + 6 +1);
209 strcpy (stpcpy (tmp, path), "\\gnupg");
212 /* Try to create the directory if it does not yet exists. */
213 if (access (dir, F_OK))
217 dir = GNUPG_DEFAULT_HOMEDIR;
221 #else/*!HAVE_W32_SYSTEM*/
222 return GNUPG_DEFAULT_HOMEDIR;
223 #endif /*!HAVE_W32_SYSTEM*/
226 /* Set up the default home directory. The usual --homedir option
227 should be parsed later. */
229 default_homedir (void)
233 #ifdef HAVE_W32_SYSTEM
234 /* For a portable application we only use the standard homedir. */
236 if (w32_portable_app)
237 return standard_homedir ();
238 #endif /*HAVE_W32_SYSTEM*/
240 dir = getenv ("GNUPGHOME");
241 #ifdef HAVE_W32_SYSTEM
244 static const char *saved_dir;
252 tmp = read_w32_registry_string (NULL,
265 saved_dir = standard_homedir ();
269 #endif /*HAVE_W32_SYSTEM*/
271 dir = GNUPG_DEFAULT_HOMEDIR;
272 else if (!is_gnupg_default_homedir (dir))
273 non_default_homedir = 1;
279 #ifdef HAVE_W32_SYSTEM
280 /* Check whether gpgconf is installed and if so read the gpgconf.ctl
283 check_portable_app (const char *dir)
287 fname = xstrconcat (dir, DIRSEP_S "gpgconf.exe", NULL);
288 if (!access (fname, F_OK))
290 strcpy (fname + strlen (fname) - 3, "ctl");
291 if (!access (fname, F_OK))
293 /* gpgconf.ctl file found. Record this fact. */
294 w32_portable_app = 1;
297 log_get_prefix (&flags);
298 log_set_prefix (NULL, (flags | GPGRT_LOG_NO_REGISTRY));
300 /* FIXME: We should read the file to detect special flags
301 and print a warning if we don't understand them */
308 /* Determine the root directory of the gnupg installation on Windows. */
313 static char dir[MAX_PATH+5];
319 wchar_t wdir [MAX_PATH+5];
321 rc = GetModuleFileNameW (NULL, wdir, MAX_PATH);
322 if (rc && WideCharToMultiByte (CP_UTF8, 0, wdir, -1, dir, MAX_PATH-4,
327 log_debug ("GetModuleFileName failed: %s\n", w32_strerror (-1));
331 p = strrchr (dir, DIRSEP_C);
336 check_portable_app (dir);
338 /* If we are installed below "bin" we strip that and use
339 the top directory instead. */
340 p = strrchr (dir, DIRSEP_C);
341 if (p && !strcmp (p+1, "bin"))
349 log_debug ("bad filename '%s' returned for this process\n", dir);
356 /* Fallback to the hardwired value. */
357 return GNUPG_LIBEXECDIR;
370 /* Make sure that w32_rootdir has been called so that we are
371 able to check the portable application flag. The common dir
372 is the identical to the rootdir. In that case there is also
373 no need to strdup its value. */
374 rdir = w32_rootdir ();
375 if (w32_portable_app)
378 if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA,
381 char *tmp = xmalloc (strlen (path) + 4 +1);
382 strcpy (stpcpy (tmp, path), "\\GNU");
384 /* No auto create of the directory. Either the installer or
385 the admin has to create these directories. */
389 /* Ooops: Not defined - probably an old Windows version.
390 Use the installation directory instead. */
391 dir = xstrdup (rdir);
397 #endif /*HAVE_W32_SYSTEM*/
400 /* Change the homedir. Some care must be taken to set this early
401 * enough because previous calls to gnupg_homedir may else return a
402 * different string. */
404 gnupg_set_homedir (const char *newdir)
406 if (!newdir || !*newdir)
407 newdir = default_homedir ();
408 else if (!is_gnupg_default_homedir (newdir))
409 non_default_homedir = 1;
410 xfree (the_gnupg_homedir);
411 the_gnupg_homedir = make_absfilename (newdir, NULL);;
415 /* Return the homedir. The returned string is valid until another
416 * gnupg-set-homedir call. This is always an absolute directory name.
417 * The function replaces the former global var opt.homedir. */
421 /* If a homedir has not been set, set it to the default. */
422 if (!the_gnupg_homedir)
423 the_gnupg_homedir = make_absfilename (default_homedir (), NULL);
424 return the_gnupg_homedir;
428 /* Return whether the home dir is the default one. */
430 gnupg_default_homedir_p (void)
432 return !non_default_homedir;
436 /* Helper for gnupg-socketdir. This is a global function, so that
437 * gpgconf can use it for its --create-socketdir command. If
438 * SKIP_CHECKS is set permission checks etc. are not done. The
439 * function always returns a malloced directory name and stores these
440 * bit flags at R_INFO:
442 * 1 := Internal error, stat failed, out of core, etc.
443 * 2 := No /run/user directory.
444 * 4 := Directory not owned by the user, not a directory
445 * or wrong permissions.
446 * 8 := Same as 4 but for the subdir.
448 * 32 := Non default homedir; checking subdir.
449 * 64 := Subdir does not exist.
450 * 128 := Using homedir as fallback.
453 _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
455 #if defined(HAVE_W32_SYSTEM) || !defined(HAVE_STAT)
461 name = xstrdup (gnupg_homedir ());
463 #else /* Unix and stat(2) available. */
465 static const char * const bases[] = { "/run", "/var/run", NULL};
468 char prefix[13 + 1 + 20 + 6 + 1];
474 /* First make sure that non_default_homedir can be set. */
477 /* It has been suggested to first check XDG_RUNTIME_DIR envvar.
478 * However, the specs state that the lifetime of the directory MUST
479 * be bound to the user being logged in. Now GnuPG may also be run
480 * as a background process with no (desktop) user logged in. Thus
481 * we better don't do that. */
483 /* Check whether we have a /run/user dir. */
484 for (i=0; bases[i]; i++)
486 snprintf (prefix, sizeof prefix, "%s/user/%u",
487 bases[i], (unsigned int)getuid ());
488 if (!stat (prefix, &sb) && S_ISDIR(sb.st_mode))
493 *r_info |= 2; /* No /run/user directory. */
497 if (sb.st_uid != getuid ())
499 *r_info |= 4; /* Not owned by the user. */
504 if (strlen (prefix) + 7 >= sizeof prefix)
506 *r_info |= 1; /* Ooops: Buffer too short to append "/gnupg". */
509 strcat (prefix, "/gnupg");
511 /* Check whether the gnupg sub directory has proper permissions. */
512 if (stat (prefix, &sb))
516 *r_info |= 1; /* stat failed. */
520 /* Try to create the directory and check again. */
521 if (gnupg_mkdir (prefix, "-rwx"))
523 *r_info |= 16; /* mkdir failed. */
526 if (stat (prefix, &sb))
528 *r_info |= 1; /* stat failed. */
532 /* Check that it is a directory, owned by the user, and only the
533 * user has permissions to use it. */
534 if (!S_ISDIR(sb.st_mode)
535 || sb.st_uid != getuid ()
536 || (sb.st_mode & (S_IRWXG|S_IRWXO)))
538 *r_info |= 4; /* Bad permissions or not a directory. */
543 /* If a non default homedir is used, we check whether an
544 * corresponding sub directory below the socket dir is available
545 * and use that. We hash the non default homedir to keep the new
546 * subdir short enough. */
547 if (non_default_homedir)
552 *r_info |= 32; /* Testing subdir. */
553 s = gnupg_homedir ();
554 gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, s, strlen (s));
555 suffix = zb32_encode (sha1buf, 8*15);
558 *r_info |= 1; /* Out of core etc. */
561 name = strconcat (prefix, "/d.", suffix, NULL);
565 *r_info |= 1; /* Out of core etc. */
569 /* Stat that directory and check constraints.
571 * gpgconf --remove-socketdir
572 * can be used to remove that directory. */
573 if (stat (name, &sb))
576 *r_info |= 1; /* stat failed. */
577 else if (!skip_checks)
579 /* Try to create the directory and check again. */
580 if (gnupg_mkdir (name, "-rwx"))
581 *r_info |= 16; /* mkdir failed. */
582 else if (stat (prefix, &sb))
585 *r_info |= 1; /* stat failed. */
587 *r_info |= 64; /* Subdir does not exist. */
590 goto leave; /* Success! */
593 *r_info |= 64; /* Subdir does not exist. */
601 else if (!S_ISDIR(sb.st_mode)
602 || sb.st_uid != getuid ()
603 || (sb.st_mode & (S_IRWXG|S_IRWXO)))
605 *r_info |= 8; /* Bad permissions or subdir is not a directory. */
615 name = xstrdup (prefix);
618 /* If nothing works fall back to the homedir. */
621 *r_info |= 128; /* Fallback. */
622 name = xstrdup (gnupg_homedir ());
632 * Return the name of the socket dir. That is the directory used for
633 * the IPC local sockets. This is an absolute directory name.
636 gnupg_socketdir (void)
643 name = _gnupg_socketdir_internal (0, &dummy);
650 /* Return the name of the sysconfdir. This is a static string. This
651 function is required because under Windows we can't simply compile
654 gnupg_sysconfdir (void)
656 #ifdef HAVE_W32_SYSTEM
662 s1 = w32_commondir ();
663 s2 = DIRSEP_S "etc" DIRSEP_S "gnupg";
664 name = xmalloc (strlen (s1) + strlen (s2) + 1);
665 strcpy (stpcpy (name, s1), s2);
668 #else /*!HAVE_W32_SYSTEM*/
669 return GNUPG_SYSCONFDIR;
670 #endif /*!HAVE_W32_SYSTEM*/
677 #if defined (HAVE_W32CE_SYSTEM)
681 name = xstrconcat (w32_rootdir (), DIRSEP_S "bin", NULL);
683 #elif defined(HAVE_W32_SYSTEM)
686 rdir = w32_rootdir ();
692 name = xstrconcat (rdir, DIRSEP_S "bin", NULL);
697 #else /*!HAVE_W32_SYSTEM*/
699 #endif /*!HAVE_W32_SYSTEM*/
703 /* Return the name of the libexec directory. The name is allocated in
704 a static area on the first use. This function won't fail. */
706 gnupg_libexecdir (void)
708 #ifdef HAVE_W32_SYSTEM
709 return gnupg_bindir ();
710 #else /*!HAVE_W32_SYSTEM*/
711 return GNUPG_LIBEXECDIR;
712 #endif /*!HAVE_W32_SYSTEM*/
718 #ifdef HAVE_W32_SYSTEM
722 name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL);
724 #else /*!HAVE_W32_SYSTEM*/
726 #endif /*!HAVE_W32_SYSTEM*/
732 #ifdef HAVE_W32_SYSTEM
736 name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL);
738 #else /*!HAVE_W32_SYSTEM*/
739 return GNUPG_DATADIR;
740 #endif /*!HAVE_W32_SYSTEM*/
745 gnupg_localedir (void)
747 #ifdef HAVE_W32_SYSTEM
751 name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "locale",
754 #else /*!HAVE_W32_SYSTEM*/
756 #endif /*!HAVE_W32_SYSTEM*/
760 /* Return the name of the cache directory. The name is allocated in a
761 static area on the first use. Windows only: If the directory does
762 not exist it is created. */
764 gnupg_cachedir (void)
766 #ifdef HAVE_W32_SYSTEM
767 static const char *dir;
773 rdir = w32_rootdir ();
774 if (w32_portable_app)
776 dir = xstrconcat (rdir,
779 DIRSEP_S, "gnupg", NULL);
784 const char *s1[] = { "GNU", "cache", "gnupg", NULL };
789 for (comp = s1; *comp; comp++)
790 s1_len += 1 + strlen (*comp);
792 if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
795 char *tmp = xmalloc (strlen (path) + s1_len + 1);
798 p = stpcpy (tmp, path);
799 for (comp = s1; *comp; comp++)
801 p = stpcpy (p, "\\");
802 p = stpcpy (p, *comp);
804 if (access (tmp, F_OK))
812 dir = "c:\\temp\\cache\\gnupg";
813 #ifdef HAVE_W32CE_SYSTEM
815 w32_try_mkdir ("\\temp\\cache");
816 w32_try_mkdir ("\\temp\\cache\\gnupg");
822 #else /*!HAVE_W32_SYSTEM*/
823 return GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME;
824 #endif /*!HAVE_W32_SYSTEM*/
828 /* Return the user socket name used by DirMngr. */
830 dirmngr_socket_name (void)
835 name = make_filename (gnupg_socketdir (), DIRMNGR_SOCK_NAME, NULL);
840 /* Return the default pinentry name. If RESET is true the internal
841 cache is first flushed. */
843 get_default_pinentry_name (int reset)
846 const char *(*rfnc)(void);
849 /* The first entry is what we return in case we found no
851 { gnupg_bindir, DIRSEP_S "pinentry" EXEEXT_S },
852 #ifdef HAVE_W32_SYSTEM
853 /* Try Gpg4win directory (with bin and without.) */
854 { w32_rootdir, "\\..\\Gpg4win\\bin\\pinentry.exe" },
855 { w32_rootdir, "\\..\\Gpg4win\\pinentry.exe" },
856 /* Try old Gpgwin directory. */
857 { w32_rootdir, "\\..\\GNU\\GnuPG\\pinentry.exe" },
858 /* Try a Pinentry from the common GNU dir. */
859 { w32_rootdir, "\\..\\GNU\\bin\\pinentry.exe" },
861 /* Last chance is a pinentry-basic (which comes with the
862 GnuPG 2.1 Windows installer). */
863 { gnupg_bindir, DIRSEP_S "pinentry-basic" EXEEXT_S }
877 for (i=0; i < DIM(names); i++)
881 name2 = xstrconcat (names[i].rfnc (), names[i].name, NULL);
882 if (!access (name2, F_OK))
884 /* Use that pinentry. */
889 if (!i) /* Store the first as fallback return. */
900 /* If set, 'gnupg_module_name' returns modules from that build
902 static char *gnupg_build_directory;
904 /* For sanity checks. */
905 static int gnupg_module_name_called;
908 /* Set NEWDIR as the new build directory. This will make
909 * 'gnupg_module_name' return modules from that build directory. Must
910 * be called before any invocation of 'gnupg_module_name', and must
911 * not be called twice. It can be used by test suites to make sure
912 * the components from the build directory are used instead of
913 * potentially outdated installed ones. */
915 gnupg_set_builddir (const char *newdir)
917 log_assert (! gnupg_module_name_called);
918 log_assert (! gnupg_build_directory);
919 gnupg_build_directory = xtrystrdup (newdir);
923 /* If no build directory has been configured, try to set it from the
924 * environment. We only do this in development builds to avoid
925 * increasing the set of influential environment variables and hence
926 * the attack surface of production builds. */
928 gnupg_set_builddir_from_env (void)
930 #ifdef IS_DEVELOPMENT_VERSION
931 if (gnupg_build_directory)
934 gnupg_build_directory = getenv ("GNUPG_BUILDDIR");
939 /* Return the file name of a helper tool. WHICH is one of the
940 GNUPG_MODULE_NAME_foo constants. */
942 gnupg_module_name (int which)
944 gnupg_set_builddir_from_env ();
945 gnupg_module_name_called = 1;
947 #define X(a,b,c) do { \
950 name = gnupg_build_directory \
951 ? xstrconcat (gnupg_build_directory, \
952 DIRSEP_S b DIRSEP_S c EXEEXT_S, NULL) \
953 : xstrconcat (gnupg_ ## a (), DIRSEP_S c EXEEXT_S, NULL); \
959 case GNUPG_MODULE_NAME_AGENT:
960 #ifdef GNUPG_DEFAULT_AGENT
961 return GNUPG_DEFAULT_AGENT;
963 X(bindir, "agent", "gpg-agent");
966 case GNUPG_MODULE_NAME_PINENTRY:
967 #ifdef GNUPG_DEFAULT_PINENTRY
968 return GNUPG_DEFAULT_PINENTRY; /* (Set by a configure option) */
970 return get_default_pinentry_name (0);
973 case GNUPG_MODULE_NAME_SCDAEMON:
974 #ifdef GNUPG_DEFAULT_SCDAEMON
975 return GNUPG_DEFAULT_SCDAEMON;
977 X(libexecdir, "scd", "scdaemon");
980 case GNUPG_MODULE_NAME_DIRMNGR:
981 #ifdef GNUPG_DEFAULT_DIRMNGR
982 return GNUPG_DEFAULT_DIRMNGR;
984 X(bindir, "dirmngr", DIRMNGR_NAME);
987 case GNUPG_MODULE_NAME_PROTECT_TOOL:
988 #ifdef GNUPG_DEFAULT_PROTECT_TOOL
989 return GNUPG_DEFAULT_PROTECT_TOOL;
991 X(libexecdir, "agent", "gpg-protect-tool");
994 case GNUPG_MODULE_NAME_DIRMNGR_LDAP:
995 #ifdef GNUPG_DEFAULT_DIRMNGR_LDAP
996 return GNUPG_DEFAULT_DIRMNGR_LDAP;
998 X(libexecdir, "dirmngr", "dirmngr_ldap");
1001 case GNUPG_MODULE_NAME_CHECK_PATTERN:
1002 X(libexecdir, "tools", "gpg-check-pattern");
1004 case GNUPG_MODULE_NAME_GPGSM:
1005 X(bindir, "sm", "gpgsm");
1007 case GNUPG_MODULE_NAME_GPG:
1009 if (! gnupg_build_directory)
1010 X(bindir, "g10", GPG_NAME "2");
1013 X(bindir, "g10", GPG_NAME);
1015 case GNUPG_MODULE_NAME_GPGV:
1017 if (! gnupg_build_directory)
1018 X(bindir, "g10", GPG_NAME "v2");
1021 X(bindir, "g10", GPG_NAME "v");
1023 case GNUPG_MODULE_NAME_CONNECT_AGENT:
1024 X(bindir, "tools", "gpg-connect-agent");
1026 case GNUPG_MODULE_NAME_GPGCONF:
1027 X(bindir, "tools", "gpgconf");
1036 /* Flush some of the cached module names. This is for example used by
1037 gpg-agent to allow configuring a different pinentry. */
1039 gnupg_module_name_flush_some (void)
1041 (void)get_default_pinentry_name (1);