1 /* homedir.c - Setup the home directory.
2 * Copyright (C) 2004, 2006, 2007, 2010 Free Software Foundation, Inc.
3 * Copyright (C) 2013, 2016 Werner Koch
5 * This file is part of GnuPG.
7 * This file is free software; you can redistribute it and/or modify
8 * it under the terms of either
10 * - the GNU Lesser General Public License as published by the Free
11 * Software Foundation; either version 3 of the License, or (at
12 * your option) any later version.
16 * - the GNU General Public License as published by the Free
17 * Software Foundation; either version 2 of the License, or (at
18 * your option) any later version.
20 * or both in parallel, as here.
22 * This file is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, see <https://www.gnu.org/licenses/>.
37 #ifdef HAVE_W32_SYSTEM
38 #include <winsock2.h> /* Due to the stupid mingw64 requirement to
39 include this header before windows.h which
40 is often implicitly included. */
43 #define CSIDL_APPDATA 0x001a
45 #ifndef CSIDL_LOCAL_APPDATA
46 #define CSIDL_LOCAL_APPDATA 0x001c
48 #ifndef CSIDL_COMMON_APPDATA
49 #define CSIDL_COMMON_APPDATA 0x0023
51 #ifndef CSIDL_FLAG_CREATE
52 #define CSIDL_FLAG_CREATE 0x8000
54 #endif /*HAVE_W32_SYSTEM*/
57 #include <sys/stat.h> /* for stat() */
66 /* The GnuPG homedir. This is only accessed by the functions
67 * gnupg_homedir and gnupg_set_homedir. Malloced. */
68 static char *the_gnupg_homedir;
70 /* Flag indicating that home directory is not the default one. */
71 static byte non_default_homedir;
74 #ifdef HAVE_W32_SYSTEM
75 /* A flag used to indicate that a control file for gpgconf has been
76 detected. Under Windows the presence of this file indicates a
77 portable installations and triggers several changes:
79 - The GNUGHOME directory is fixed relative to installation
80 directory. All other means to set the home directory are ignore.
82 - All registry variables will be ignored.
84 This flag is not used on Unix systems.
86 static byte w32_portable_app;
87 #endif /*HAVE_W32_SYSTEM*/
89 #ifdef HAVE_W32_SYSTEM
90 /* This flag is true if this process' binary has been installed under
91 bin and not in the root directory as often used before GnuPG 2.1. */
92 static byte w32_bin_is_bin;
93 #endif /*HAVE_W32_SYSTEM*/
96 #ifdef HAVE_W32_SYSTEM
97 static const char *w32_rootdir (void);
102 #ifdef HAVE_W32_SYSTEM
104 w32_try_mkdir (const char *dir)
106 #ifdef HAVE_W32CE_SYSTEM
107 wchar_t *wdir = utf8_to_wchar (dir);
110 CreateDirectory (wdir, NULL);
114 CreateDirectory (dir, NULL);
120 /* This is a helper function to load a Windows function from either of
122 #ifdef HAVE_W32_SYSTEM
124 w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
126 static int initialized;
127 static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPSTR);
131 static char *dllnames[] = { "shell32.dll", "shfolder.dll", NULL };
137 for (i=0, handle = NULL; !handle && dllnames[i]; i++)
139 handle = dlopen (dllnames[i], RTLD_LAZY);
142 func = dlsym (handle, "SHGetFolderPathA");
153 return func (a,b,c,d,e);
157 #endif /*HAVE_W32_SYSTEM*/
160 /* Check whether DIR is the default homedir. */
162 is_gnupg_default_homedir (const char *dir)
165 char *a = make_absfilename (dir, NULL);
166 char *b = make_absfilename (GNUPG_DEFAULT_HOMEDIR, NULL);
167 result = !compare_filenames (a, b);
174 /* Get the standard home directory. In general this function should
175 not be used as it does not consider a registry value (under W32) or
176 the GNUPGHOME environment variable. It is better to use
177 default_homedir(). */
179 standard_homedir (void)
181 #ifdef HAVE_W32_SYSTEM
182 static const char *dir;
188 rdir = w32_rootdir ();
189 if (w32_portable_app)
191 dir = xstrconcat (rdir, DIRSEP_S "home", NULL);
197 /* It might be better to use LOCAL_APPDATA because this is
198 defined as "non roaming" and thus more likely to be kept
199 locally. For private keys this is desired. However,
200 given that many users copy private keys anyway forth and
201 back, using a system roaming services might be better
202 than to let them do it manually. A security conscious
203 user will anyway use the registry entry to have better
205 if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
208 char *tmp = xmalloc (strlen (path) + 6 +1);
209 strcpy (stpcpy (tmp, path), "\\gnupg");
212 /* Try to create the directory if it does not yet exists. */
213 if (access (dir, F_OK))
217 dir = GNUPG_DEFAULT_HOMEDIR;
221 #else/*!HAVE_W32_SYSTEM*/
222 return GNUPG_DEFAULT_HOMEDIR;
223 #endif /*!HAVE_W32_SYSTEM*/
226 /* Set up the default home directory. The usual --homedir option
227 should be parsed later. */
229 default_homedir (void)
233 #ifdef HAVE_W32_SYSTEM
234 /* For a portable application we only use the standard homedir. */
236 if (w32_portable_app)
237 return standard_homedir ();
238 #endif /*HAVE_W32_SYSTEM*/
240 dir = getenv ("GNUPGHOME");
241 #ifdef HAVE_W32_SYSTEM
244 static const char *saved_dir;
252 tmp = read_w32_registry_string (NULL,
265 saved_dir = standard_homedir ();
269 #endif /*HAVE_W32_SYSTEM*/
271 dir = GNUPG_DEFAULT_HOMEDIR;
272 else if (!is_gnupg_default_homedir (dir))
273 non_default_homedir = 1;
279 #ifdef HAVE_W32_SYSTEM
280 /* Check whether gpgconf is installed and if so read the gpgconf.ctl
283 check_portable_app (const char *dir)
287 fname = xstrconcat (dir, DIRSEP_S "gpgconf.exe", NULL);
288 if (!access (fname, F_OK))
290 strcpy (fname + strlen (fname) - 3, "ctl");
291 if (!access (fname, F_OK))
293 /* gpgconf.ctl file found. Record this fact. */
294 w32_portable_app = 1;
297 log_get_prefix (&flags);
298 log_set_prefix (NULL, (flags | GPGRT_LOG_NO_REGISTRY));
300 /* FIXME: We should read the file to detect special flags
301 and print a warning if we don't understand them */
308 /* Determine the root directory of the gnupg installation on Windows. */
313 static char dir[MAX_PATH+5];
319 wchar_t wdir [MAX_PATH+5];
321 rc = GetModuleFileNameW (NULL, wdir, MAX_PATH);
322 if (rc && WideCharToMultiByte (CP_UTF8, 0, wdir, -1, dir, MAX_PATH-4,
327 log_debug ("GetModuleFileName failed: %s\n", w32_strerror (-1));
331 p = strrchr (dir, DIRSEP_C);
336 check_portable_app (dir);
338 /* If we are installed below "bin" we strip that and use
339 the top directory instead. */
340 p = strrchr (dir, DIRSEP_C);
341 if (p && !strcmp (p+1, "bin"))
349 log_debug ("bad filename '%s' returned for this process\n", dir);
356 /* Fallback to the hardwired value. */
357 return GNUPG_LIBEXECDIR;
370 /* Make sure that w32_rootdir has been called so that we are
371 able to check the portable application flag. The common dir
372 is the identical to the rootdir. In that case there is also
373 no need to strdup its value. */
374 rdir = w32_rootdir ();
375 if (w32_portable_app)
378 if (w32_shgetfolderpath (NULL, CSIDL_COMMON_APPDATA,
381 char *tmp = xmalloc (strlen (path) + 4 +1);
382 strcpy (stpcpy (tmp, path), "\\GNU");
384 /* No auto create of the directory. Either the installer or
385 the admin has to create these directories. */
389 /* Ooops: Not defined - probably an old Windows version.
390 Use the installation directory instead. */
391 dir = xstrdup (rdir);
397 #endif /*HAVE_W32_SYSTEM*/
400 /* Change the homedir. Some care must be taken to set this early
401 * enough because previous calls to gnupg_homedir may else return a
402 * different string. */
404 gnupg_set_homedir (const char *newdir)
406 if (!newdir || !*newdir)
407 newdir = default_homedir ();
408 else if (!is_gnupg_default_homedir (newdir))
409 non_default_homedir = 1;
410 xfree (the_gnupg_homedir);
411 the_gnupg_homedir = make_absfilename (newdir, NULL);;
415 /* Return the homedir. The returned string is valid until another
416 * gnupg-set-homedir call. This is always an absolute directory name.
417 * The function replaces the former global var opt.homedir. */
421 /* If a homedir has not been set, set it to the default. */
422 if (!the_gnupg_homedir)
423 the_gnupg_homedir = make_absfilename (default_homedir (), NULL);
424 return the_gnupg_homedir;
428 /* Return whether the home dir is the default one. */
430 gnupg_default_homedir_p (void)
432 return !non_default_homedir;
436 /* Helper for gnupg-socketdir. This is a global function, so that
437 * gpgconf can use it for its --create-socketdir command. If
438 * SKIP_CHECKS is set permission checks etc. are not done. The
439 * function always returns a malloced directory name and stores these
440 * bit flags at R_INFO:
442 * 1 := Internal error, stat failed, out of core, etc.
443 * 2 := No /run/user directory.
444 * 4 := Directory not owned by the user, not a directory
445 * or wrong permissions.
446 * 8 := Same as 4 but for the subdir.
448 * 32 := Non default homedir; checking subdir.
449 * 64 := Subdir does not exist.
450 * 128 := Using homedir as fallback.
453 _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
455 #if defined(HAVE_W32_SYSTEM) || !defined(HAVE_STAT)
461 name = xstrdup (gnupg_homedir ());
463 #else /* Unix and stat(2) available. */
465 static const char * const bases[] = { "/run", "/var/run", NULL};
468 char prefix[13 + 1 + 20 + 6 + 1];
474 /* First make sure that non_default_homedir can be set. */
477 /* It has been suggested to first check XDG_RUNTIME_DIR envvar.
478 * However, the specs state that the lifetime of the directory MUST
479 * be bound to the user being logged in. Now GnuPG may also be run
480 * as a background process with no (desktop) user logged in. Thus
481 * we better don't do that. */
483 /* Check whether we have a /run/user dir. */
484 for (i=0; bases[i]; i++)
486 snprintf (prefix, sizeof prefix, "%s/user/%u",
487 bases[i], (unsigned int)getuid ());
488 if (!stat (prefix, &sb) && S_ISDIR(sb.st_mode))
493 *r_info |= 2; /* No /run/user directory. */
497 if (sb.st_uid != getuid ())
499 *r_info |= 4; /* Not owned by the user. */
504 if (strlen (prefix) + 7 >= sizeof prefix)
506 *r_info |= 1; /* Ooops: Buffer too short to append "/gnupg". */
509 strcat (prefix, "/gnupg");
511 /* Check whether the gnupg sub directory has proper permissions. */
512 if (stat (prefix, &sb))
516 *r_info |= 1; /* stat failed. */
520 /* Try to create the directory and check again. */
521 if (gnupg_mkdir (prefix, "-rwx"))
523 *r_info |= 16; /* mkdir failed. */
526 if (stat (prefix, &sb))
528 *r_info |= 1; /* stat failed. */
532 /* Check that it is a directory, owned by the user, and only the
533 * user has permissions to use it. */
534 if (!S_ISDIR(sb.st_mode)
535 || sb.st_uid != getuid ()
536 || (sb.st_mode & (S_IRWXG|S_IRWXO)))
538 *r_info |= 4; /* Bad permissions or not a directory. */
543 /* If a non default homedir is used, we check whether an
544 * corresponding sub directory below the socket dir is available
545 * and use that. We has the non default homedir to keep the new
546 * subdir short enough. */
547 if (non_default_homedir)
552 *r_info |= 32; /* Testing subdir. */
553 s = gnupg_homedir ();
554 gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, s, strlen (s));
555 suffix = zb32_encode (sha1buf, 8*15);
558 *r_info |= 1; /* Out of core etc. */
561 name = strconcat (prefix, "/d.", suffix, NULL);
565 *r_info |= 1; /* Out of core etc. */
569 /* Stat that directory and check constraints. Note that we
570 * do not auto create such a directory because we would not
571 * have a way to remove it. Thus the directory needs to be
572 * pre-created. The command
573 * gpgconf --create-socketdir
574 * can be used tocreate that directory. */
575 if (stat (name, &sb))
578 *r_info |= 1; /* stat failed. */
580 *r_info |= 64; /* Subdir does not exist. */
588 else if (!S_ISDIR(sb.st_mode)
589 || sb.st_uid != getuid ()
590 || (sb.st_mode & (S_IRWXG|S_IRWXO)))
592 *r_info |= 8; /* Bad permissions or subdir is not a directory. */
602 name = xstrdup (prefix);
605 /* If nothing works fall back to the homedir. */
608 *r_info |= 128; /* Fallback. */
609 name = xstrdup (gnupg_homedir ());
619 * Return the name of the socket dir. That is the directory used for
620 * the IPC local sockets. This is an absolute directory name.
623 gnupg_socketdir (void)
630 name = _gnupg_socketdir_internal (0, &dummy);
637 /* Return the name of the sysconfdir. This is a static string. This
638 function is required because under Windows we can't simply compile
641 gnupg_sysconfdir (void)
643 #ifdef HAVE_W32_SYSTEM
649 s1 = w32_commondir ();
650 s2 = DIRSEP_S "etc" DIRSEP_S "gnupg";
651 name = xmalloc (strlen (s1) + strlen (s2) + 1);
652 strcpy (stpcpy (name, s1), s2);
655 #else /*!HAVE_W32_SYSTEM*/
656 return GNUPG_SYSCONFDIR;
657 #endif /*!HAVE_W32_SYSTEM*/
664 #if defined (HAVE_W32CE_SYSTEM)
668 name = xstrconcat (w32_rootdir (), DIRSEP_S "bin", NULL);
670 #elif defined(HAVE_W32_SYSTEM)
673 rdir = w32_rootdir ();
679 name = xstrconcat (rdir, DIRSEP_S "bin", NULL);
684 #else /*!HAVE_W32_SYSTEM*/
686 #endif /*!HAVE_W32_SYSTEM*/
690 /* Return the name of the libexec directory. The name is allocated in
691 a static area on the first use. This function won't fail. */
693 gnupg_libexecdir (void)
695 #ifdef HAVE_W32_SYSTEM
696 return gnupg_bindir ();
697 #else /*!HAVE_W32_SYSTEM*/
698 return GNUPG_LIBEXECDIR;
699 #endif /*!HAVE_W32_SYSTEM*/
705 #ifdef HAVE_W32_SYSTEM
709 name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL);
711 #else /*!HAVE_W32_SYSTEM*/
713 #endif /*!HAVE_W32_SYSTEM*/
719 #ifdef HAVE_W32_SYSTEM
723 name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL);
725 #else /*!HAVE_W32_SYSTEM*/
726 return GNUPG_DATADIR;
727 #endif /*!HAVE_W32_SYSTEM*/
732 gnupg_localedir (void)
734 #ifdef HAVE_W32_SYSTEM
738 name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "locale",
741 #else /*!HAVE_W32_SYSTEM*/
743 #endif /*!HAVE_W32_SYSTEM*/
747 /* Return the name of the cache directory. The name is allocated in a
748 static area on the first use. Windows only: If the directory does
749 not exist it is created. */
751 gnupg_cachedir (void)
753 #ifdef HAVE_W32_SYSTEM
754 static const char *dir;
760 rdir = w32_rootdir ();
761 if (w32_portable_app)
763 dir = xstrconcat (rdir,
766 DIRSEP_S, "gnupg", NULL);
771 const char *s1[] = { "GNU", "cache", "gnupg", NULL };
776 for (comp = s1; *comp; comp++)
777 s1_len += 1 + strlen (*comp);
779 if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
782 char *tmp = xmalloc (strlen (path) + s1_len + 1);
785 p = stpcpy (tmp, path);
786 for (comp = s1; *comp; comp++)
788 p = stpcpy (p, "\\");
789 p = stpcpy (p, *comp);
791 if (access (tmp, F_OK))
799 dir = "c:\\temp\\cache\\gnupg";
800 #ifdef HAVE_W32CE_SYSTEM
802 w32_try_mkdir ("\\temp\\cache");
803 w32_try_mkdir ("\\temp\\cache\\gnupg");
809 #else /*!HAVE_W32_SYSTEM*/
810 return GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME;
811 #endif /*!HAVE_W32_SYSTEM*/
815 /* Return the user socket name used by DirMngr. */
817 dirmngr_socket_name (void)
822 name = make_filename (gnupg_socketdir (), DIRMNGR_SOCK_NAME, NULL);
827 /* Return the default pinentry name. If RESET is true the internal
828 cache is first flushed. */
830 get_default_pinentry_name (int reset)
833 const char *(*rfnc)(void);
836 /* The first entry is what we return in case we found no
838 { gnupg_bindir, DIRSEP_S "pinentry" EXEEXT_S },
839 #ifdef HAVE_W32_SYSTEM
840 /* Try Gpg4win directory (with bin and without.) */
841 { w32_rootdir, "\\..\\Gpg4win\\bin\\pinentry.exe" },
842 { w32_rootdir, "\\..\\Gpg4win\\pinentry.exe" },
843 /* Try old Gpgwin directory. */
844 { w32_rootdir, "\\..\\GNU\\GnuPG\\pinentry.exe" },
845 /* Try a Pinentry from the common GNU dir. */
846 { w32_rootdir, "\\..\\GNU\\bin\\pinentry.exe" },
848 /* Last chance is a pinentry-basic (which comes with the
849 GnuPG 2.1 Windows installer). */
850 { gnupg_bindir, DIRSEP_S "pinentry-basic" EXEEXT_S }
864 for (i=0; i < DIM(names); i++)
868 name2 = xstrconcat (names[i].rfnc (), names[i].name, NULL);
869 if (!access (name2, F_OK))
871 /* Use that pinentry. */
876 if (!i) /* Store the first as fallback return. */
887 /* If set, 'gnupg_module_name' returns modules from that build
889 static char *gnupg_build_directory;
891 /* For sanity checks. */
892 static int gnupg_module_name_called;
895 /* Set NEWDIR as the new build directory. This will make
896 * 'gnupg_module_name' return modules from that build directory. Must
897 * be called before any invocation of 'gnupg_module_name', and must
898 * not be called twice. It can be used by test suites to make sure
899 * the components from the build directory are used instead of
900 * potentially outdated installed ones. */
902 gnupg_set_builddir (const char *newdir)
904 log_assert (! gnupg_module_name_called);
905 log_assert (! gnupg_build_directory);
906 gnupg_build_directory = xtrystrdup (newdir);
910 /* If no build directory has been configured, try to set it from the
911 * environment. We only do this in development builds to avoid
912 * increasing the set of influential environment variables and hence
913 * the attack surface of production builds. */
915 gnupg_set_builddir_from_env (void)
917 #ifdef IS_DEVELOPMENT_VERSION
918 if (gnupg_build_directory)
921 gnupg_build_directory = getenv ("GNUPG_BUILDDIR");
926 /* Return the file name of a helper tool. WHICH is one of the
927 GNUPG_MODULE_NAME_foo constants. */
929 gnupg_module_name (int which)
931 gnupg_set_builddir_from_env ();
932 gnupg_module_name_called = 1;
934 #define X(a,b,c) do { \
937 name = gnupg_build_directory \
938 ? xstrconcat (gnupg_build_directory, \
939 DIRSEP_S b DIRSEP_S c EXEEXT_S, NULL) \
940 : xstrconcat (gnupg_ ## a (), DIRSEP_S c EXEEXT_S, NULL); \
946 case GNUPG_MODULE_NAME_AGENT:
947 #ifdef GNUPG_DEFAULT_AGENT
948 return GNUPG_DEFAULT_AGENT;
950 X(bindir, "agent", "gpg-agent");
953 case GNUPG_MODULE_NAME_PINENTRY:
954 #ifdef GNUPG_DEFAULT_PINENTRY
955 return GNUPG_DEFAULT_PINENTRY; /* (Set by a configure option) */
957 return get_default_pinentry_name (0);
960 case GNUPG_MODULE_NAME_SCDAEMON:
961 #ifdef GNUPG_DEFAULT_SCDAEMON
962 return GNUPG_DEFAULT_SCDAEMON;
964 X(libexecdir, "scd", "scdaemon");
967 case GNUPG_MODULE_NAME_DIRMNGR:
968 #ifdef GNUPG_DEFAULT_DIRMNGR
969 return GNUPG_DEFAULT_DIRMNGR;
971 X(bindir, "dirmngr", DIRMNGR_NAME);
974 case GNUPG_MODULE_NAME_PROTECT_TOOL:
975 #ifdef GNUPG_DEFAULT_PROTECT_TOOL
976 return GNUPG_DEFAULT_PROTECT_TOOL;
978 X(libexecdir, "agent", "gpg-protect-tool");
981 case GNUPG_MODULE_NAME_DIRMNGR_LDAP:
982 #ifdef GNUPG_DEFAULT_DIRMNGR_LDAP
983 return GNUPG_DEFAULT_DIRMNGR_LDAP;
985 X(libexecdir, "dirmngr", "dirmngr_ldap");
988 case GNUPG_MODULE_NAME_CHECK_PATTERN:
989 X(libexecdir, "tools", "gpg-check-pattern");
991 case GNUPG_MODULE_NAME_GPGSM:
992 X(bindir, "sm", "gpgsm");
994 case GNUPG_MODULE_NAME_GPG:
996 if (! gnupg_build_directory)
997 X(bindir, "g10", GPG_NAME "2");
1000 X(bindir, "g10", GPG_NAME);
1002 case GNUPG_MODULE_NAME_GPGV:
1004 if (! gnupg_build_directory)
1005 X(bindir, "g10", GPG_NAME "v2");
1008 X(bindir, "g10", GPG_NAME "v");
1010 case GNUPG_MODULE_NAME_CONNECT_AGENT:
1011 X(bindir, "tools", "gpg-connect-agent");
1013 case GNUPG_MODULE_NAME_GPGCONF:
1014 X(bindir, "tools", "gpgconf");
1023 /* Flush some of the cached module names. This is for example used by
1024 gpg-agent to allow configuring a different pinentry. */
1026 gnupg_module_name_flush_some (void)
1028 (void)get_default_pinentry_name (1);