1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GnuPG; if not, see <https://www.gnu.org/licenses/>.
29 #include <sys/types.h>
38 #ifdef HAVE_W32_SYSTEM
39 # define WIN32_LEAN_AND_MEAN 1
46 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
51 #include "gc-opt-flags.h"
54 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
55 returns a plain filename without escaping. As long as we have not
56 fixed that we need to use gpg2. */
57 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
58 #define GPGNAME "gpg2"
60 #define GPGNAME GPG_NAME
65 Components: Add more components and their options.
66 Robustness: Do more validation. Call programs to do validation for us.
67 Add options to change backend binary path.
68 Extract binary path for some backends from gpgsm/gpg config.
72 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
73 void gc_error (int status, int errnum, const char *fmt, ...) \
74 __attribute__ ((format (printf, 3, 4)));
77 /* Output a diagnostic message. If ERRNUM is not 0, then the output
78 is followed by a colon, a white space, and the error string for the
79 error number ERRNUM. In any case the output is finished by a
80 newline. The message is prepended by the program name, a colon,
81 and a whitespace. The output may be further formatted or
82 redirected by the jnlib logging facility. */
84 gc_error (int status, int errnum, const char *fmt, ...)
88 va_start (arg_ptr, fmt);
89 log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
93 log_printf (": %s\n", strerror (errnum));
100 log_printf ("fatal error (exit status %i)\n", status);
106 /* Forward declaration. */
107 static void gpg_agent_runtime_change (int killflag);
108 static void scdaemon_runtime_change (int killflag);
109 static void dirmngr_runtime_change (int killflag);
111 /* Backend configuration. Backends are used to decide how the default
112 and current value of an option can be determined, and how the
113 option can be changed. To every option in every component belongs
114 exactly one backend that controls and determines the option. Some
115 backends are programs from the GPG system. Others might be
116 implemented by GPGConf itself. If you change this enum, don't
117 forget to update GC_BACKEND below. */
120 /* Any backend, used for find_option (). */
123 /* The Gnu Privacy Guard. */
126 /* The Gnu Privacy Guard for S/MIME. */
130 GC_BACKEND_GPG_AGENT,
132 /* The GnuPG SCDaemon. */
135 /* The GnuPG directory manager. */
138 /* The LDAP server list file for the director manager. */
139 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
141 /* The Pinentry (not a part of GnuPG, proper). */
144 /* The number of the above entries. */
149 /* To be able to implement generic algorithms for the various
150 backends, we collect all information about them in this struct. */
153 /* The name of the backend. */
156 /* The name of the program that acts as the backend. Some backends
157 don't have an associated program, but are implemented directly by
158 GPGConf. In this case, PROGRAM is NULL. */
161 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
162 ../common/util.h. This value is used to get the actual installed
163 path of the program. 0 is used if no backend program is
167 /* The runtime change callback. If KILLFLAG is true the component
168 is killed and not just reloaded. */
169 void (*runtime_change) (int killflag);
171 /* The option name for the configuration filename of this backend.
172 This must be an absolute filename. It can be an option from a
173 different backend (but then ordering of the options might
174 matter). Note: This must be unique among all components. */
175 const char *option_config_filename;
177 /* If this is a file backend rather than a program backend, then
178 this is the name of the option associated with the file. */
179 const char *option_name;
180 } gc_backend[GC_BACKEND_NR] =
182 { NULL }, /* GC_BACKEND_ANY dummy entry. */
183 { GPG_DISP_NAME, GPGNAME, GNUPG_MODULE_NAME_GPG,
184 NULL, GPGCONF_NAME "-" GPG_NAME ".conf" },
185 { GPGSM_DISP_NAME, GPGSM_NAME, GNUPG_MODULE_NAME_GPGSM,
186 NULL, GPGCONF_NAME "-" GPGSM_NAME ".conf" },
187 { GPG_AGENT_DISP_NAME, GPG_AGENT_NAME, GNUPG_MODULE_NAME_AGENT,
188 gpg_agent_runtime_change, GPGCONF_NAME"-" GPG_AGENT_NAME ".conf" },
189 { SCDAEMON_DISP_NAME, SCDAEMON_NAME, GNUPG_MODULE_NAME_SCDAEMON,
190 scdaemon_runtime_change, GPGCONF_NAME"-" SCDAEMON_NAME ".conf" },
191 { DIRMNGR_DISP_NAME, DIRMNGR_NAME, GNUPG_MODULE_NAME_DIRMNGR,
192 dirmngr_runtime_change, GPGCONF_NAME "-" DIRMNGR_NAME ".conf" },
193 { DIRMNGR_DISP_NAME " LDAP Server List", NULL, 0,
194 NULL, "ldapserverlist-file", "LDAP Server" },
195 { "Pinentry", "pinentry", GNUPG_MODULE_NAME_PINENTRY,
196 NULL, GPGCONF_NAME "-pinentry.conf" },
200 /* Option configuration. */
202 /* An option might take an argument, or not. Argument types can be
203 basic or complex. Basic types are generic and easy to validate.
204 Complex types provide more specific information about the intended
205 use, but can be difficult to validate. If you add to this enum,
206 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
207 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
211 /* Basic argument types. */
214 GC_ARG_TYPE_NONE = 0,
216 /* A String argument. */
217 GC_ARG_TYPE_STRING = 1,
219 /* A signed integer argument. */
220 GC_ARG_TYPE_INT32 = 2,
222 /* An unsigned integer argument. */
223 GC_ARG_TYPE_UINT32 = 3,
225 /* ADD NEW BASIC TYPE ENTRIES HERE. */
227 /* Complex argument types. */
229 /* A complete filename. */
230 GC_ARG_TYPE_FILENAME = 32,
232 /* An LDAP server in the format
233 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
234 GC_ARG_TYPE_LDAP_SERVER = 33,
236 /* A 40 character fingerprint. */
237 GC_ARG_TYPE_KEY_FPR = 34,
239 /* A user ID or key ID or fingerprint for a certificate. */
240 GC_ARG_TYPE_PUB_KEY = 35,
242 /* A user ID or key ID or fingerprint for a certificate with a key. */
243 GC_ARG_TYPE_SEC_KEY = 36,
245 /* A alias list made up of a key, an equal sign and a space
246 separated list of values. */
247 GC_ARG_TYPE_ALIAS_LIST = 37,
249 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
251 /* The number of the above entries. */
256 /* For every argument, we record some information about it in the
260 /* For every argument type exists a basic argument type that can be
261 used as a fallback for input and validation purposes. */
262 gc_arg_type_t fallback;
264 /* Human-readable name of the type. */
266 } gc_arg_type[GC_ARG_TYPE_NR] =
268 /* The basic argument types have their own types as fallback. */
269 { GC_ARG_TYPE_NONE, "none" },
270 { GC_ARG_TYPE_STRING, "string" },
271 { GC_ARG_TYPE_INT32, "int32" },
272 { GC_ARG_TYPE_UINT32, "uint32" },
274 /* Reserved basic type entries for future extension. */
275 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
282 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
284 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
285 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
286 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
287 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
288 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
290 /* The complex argument types have a basic type as fallback. */
291 { GC_ARG_TYPE_STRING, "filename" },
292 { GC_ARG_TYPE_STRING, "ldap server" },
293 { GC_ARG_TYPE_STRING, "key fpr" },
294 { GC_ARG_TYPE_STRING, "pub key" },
295 { GC_ARG_TYPE_STRING, "sec key" },
296 { GC_ARG_TYPE_STRING, "alias list" },
300 /* Every option has an associated expert level, than can be used to
301 hide advanced and expert options from beginners. If you add to
302 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
303 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
304 EXTERNAL INTERFACE. */
307 /* The basic options should always be displayed. */
310 /* The advanced options may be hidden from beginners. */
313 /* The expert options should only be displayed to experts. */
316 /* The invisible options should normally never be displayed. */
319 /* The internal options are never exported, they mark options that
320 are recorded for internal use only. */
323 /* ADD NEW ENTRIES HERE. */
325 /* The number of the above entries. */
329 /* A description for each expert level. */
343 /* Option flags. The flags which are used by the backends are defined
344 by gc-opt-flags.h, included above.
346 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
347 PART OF THE EXTERNAL INTERFACE. */
349 /* Some entries in the option list are not options, but mark the
350 beginning of a new group of options. These entries have the GROUP
352 #define GC_OPT_FLAG_GROUP (1UL << 0)
353 /* The ARG_OPT flag for an option indicates that the argument is
354 optional. This is never set for GC_ARG_TYPE_NONE options. */
355 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
356 /* The LIST flag for an option indicates that the option can occur
357 several times. A comma separated list of arguments is used as the
359 #define GC_OPT_FLAG_LIST (1UL << 2)
362 /* A human-readable description for each flag. */
379 /* To each option, or group marker, the information in the GC_OPTION
380 struct is provided. If you change this, don't forget to update the
381 option list of each component. */
384 /* If this is NULL, then this is a terminator in an array of unknown
385 length. Otherwise, if this entry is a group marker (see FLAGS),
386 then this is the name of the group described by this entry.
387 Otherwise it is the name of the option described by this
388 entry. The name must not contain a colon. */
391 /* The option flags. If the GROUP flag is set, then this entry is a
392 group marker, not an option, and only the fields LEVEL,
393 DESC_DOMAIN and DESC are valid. In all other cases, this entry
394 describes a new option and all fields are valid. */
397 /* The expert level. This field is valid for options and groups. A
398 group has the expert level of the lowest-level option in the
400 gc_expert_level_t level;
402 /* A gettext domain in which the following description can be found.
403 If this is NULL, then DESC is not translated. Valid for groups
406 Note that we try to keep the description of groups within the
409 IMPORTANT: If you add a new domain please make sure to add a code
410 set switching call to the function my_dgettext further below. */
411 const char *desc_domain;
413 /* A gettext description for this group or option. If it starts
414 with a '|', then the string up to the next '|' describes the
415 argument, and the description follows the second '|'.
417 In general enclosing these description in N_() is not required
418 because the description should be identical to the one in the
419 help menu of the respective program. */
422 /* The following fields are only valid for options. */
424 /* The type of the option argument. */
425 gc_arg_type_t arg_type;
427 /* The backend that implements this option. */
428 gc_backend_t backend;
430 /* The following fields are set to NULL at startup (because all
431 option's are declared as static variables). They are at the end
432 of the list so that they can be omitted from the option
435 /* This is true if the option is supported by this version of the
439 /* The default value for this option. This is NULL if the option is
440 not present in the backend, the empty string if no default is
441 available, and otherwise a quoted string. */
444 /* The default argument is only valid if the "optional arg" flag is
445 set, and specifies the default argument (value) that is used if
446 the argument is omitted. */
449 /* The current value of this option. */
452 /* The new flags for this option. The only defined flag is actually
453 GC_OPT_FLAG_DEFAULT, and it means that the option should be
454 deleted. In this case, NEW_VALUE is NULL. */
455 unsigned long new_flags;
457 /* The new value of this option. */
460 typedef struct gc_option gc_option_t;
462 /* Use this macro to terminate an option list. */
463 #define GC_OPTION_NULL { NULL }
466 #ifndef BUILD_WITH_AGENT
467 #define gc_options_gpg_agent NULL
469 /* The options of the GC_COMPONENT_GPG_AGENT component. */
470 static gc_option_t gc_options_gpg_agent[] =
472 /* The configuration file to which we write the changes. */
473 { GPGCONF_NAME"-" GPG_AGENT_NAME ".conf",
474 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
475 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
478 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
479 "gnupg", N_("Options controlling the diagnostic output") },
480 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
482 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
483 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
484 "gnupg", "be somewhat more quiet",
485 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
486 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
488 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
491 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
492 "gnupg", N_("Options controlling the configuration") },
493 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
494 "gnupg", "|FILE|read options from FILE",
495 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
496 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
497 "gnupg", "do not use the SCdaemon",
498 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
499 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
500 "gnupg", "enable ssh support",
501 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
502 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
503 "gnupg", "enable putty support",
504 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
507 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
508 "gnupg", N_("Options useful for debugging") },
509 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
510 "gnupg", "|LEVEL|set the debugging level to LEVEL",
511 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
512 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
513 "gnupg", N_("|FILE|write server mode logs to FILE"),
514 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
515 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
517 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
520 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
521 "gnupg", N_("Options controlling the security") },
522 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
523 GC_LEVEL_BASIC, "gnupg",
524 "|N|expire cached PINs after N seconds",
525 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
526 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
527 GC_LEVEL_ADVANCED, "gnupg",
528 N_("|N|expire SSH keys after N seconds"),
529 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
530 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
531 GC_LEVEL_EXPERT, "gnupg",
532 N_("|N|set maximum PIN cache lifetime to N seconds"),
533 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
534 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
535 GC_LEVEL_EXPERT, "gnupg",
536 N_("|N|set maximum SSH key lifetime to N seconds"),
537 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
538 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
539 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
540 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
541 { "allow-emacs-pinentry", GC_OPT_FLAG_RUNTIME,
543 "gnupg", "allow passphrase to be prompted through Emacs",
544 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
545 { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
546 GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
547 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
548 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
549 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
550 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
551 { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
552 GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
553 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
554 { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
555 "gnupg", "do not grab keyboard and mouse",
556 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
558 { "Passphrase policy",
559 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
560 "gnupg", N_("Options enforcing a passphrase policy") },
561 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
562 GC_LEVEL_EXPERT, "gnupg",
563 N_("do not allow bypassing the passphrase policy"),
564 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
565 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
566 GC_LEVEL_ADVANCED, "gnupg",
567 N_("|N|set minimal required length for new passphrases to N"),
568 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
569 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
570 GC_LEVEL_EXPERT, "gnupg",
571 N_("|N|require at least N non-alpha characters for a new passphrase"),
572 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
573 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
575 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
576 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
577 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
578 GC_LEVEL_EXPERT, "gnupg",
579 N_("|N|expire the passphrase after N days"),
580 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
581 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
582 GC_LEVEL_EXPERT, "gnupg",
583 N_("do not allow the reuse of old passphrases"),
584 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
585 { "pinentry-timeout", GC_OPT_FLAG_RUNTIME,
586 GC_LEVEL_ADVANCED, "gnupg",
587 N_("|N|set the Pinentry timeout to N seconds"),
588 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
592 #endif /*BUILD_WITH_AGENT*/
595 #ifndef BUILD_WITH_SCDAEMON
596 #define gc_options_scdaemon NULL
598 /* The options of the GC_COMPONENT_SCDAEMON component. */
599 static gc_option_t gc_options_scdaemon[] =
601 /* The configuration file to which we write the changes. */
602 { GPGCONF_NAME"-"SCDAEMON_NAME".conf",
603 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
604 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
607 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
608 "gnupg", N_("Options controlling the diagnostic output") },
609 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
611 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
612 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
613 "gnupg", "be somewhat more quiet",
614 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
615 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
617 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
620 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
621 "gnupg", N_("Options controlling the configuration") },
622 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
623 "gnupg", "|FILE|read options from FILE",
624 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
625 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
626 "gnupg", "|N|connect to reader at port N",
627 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
628 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
629 "gnupg", "|NAME|use NAME as ct-API driver",
630 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
631 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
632 "gnupg", "|NAME|use NAME as PC/SC driver",
633 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
634 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
635 "gnupg", "do not use the internal CCID driver",
636 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
637 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
638 "gnupg", "do not use a reader's pinpad",
639 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
640 { "enable-pinpad-varlen",
641 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
642 "gnupg", "use variable length input for pinpad",
643 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
644 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
645 "gnupg", "|N|disconnect the card after N seconds of inactivity",
646 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
649 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
650 "gnupg", N_("Options useful for debugging") },
651 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
652 "gnupg", "|LEVEL|set the debugging level to LEVEL",
653 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
654 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
655 "gnupg", N_("|FILE|write a log to FILE"),
656 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
659 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
660 "gnupg", N_("Options controlling the security") },
661 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
662 "gnupg", "deny the use of admin card commands",
663 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
668 #endif /*BUILD_WITH_SCDAEMON*/
670 #ifndef BUILD_WITH_GPG
671 #define gc_options_gpg NULL
673 /* The options of the GC_COMPONENT_GPG component. */
674 static gc_option_t gc_options_gpg[] =
676 /* The configuration file to which we write the changes. */
677 { GPGCONF_NAME"-"GPG_NAME".conf",
678 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
679 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
682 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
683 "gnupg", N_("Options controlling the diagnostic output") },
684 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
686 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
687 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
688 "gnupg", "be somewhat more quiet",
689 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
690 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
692 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
695 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
696 "gnupg", N_("Options controlling the configuration") },
697 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
698 "gnupg", N_("|NAME|use NAME as default secret key"),
699 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
700 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
701 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
702 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
703 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
704 "gnupg", N_("|SPEC|set up email aliases"),
705 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
706 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
708 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
709 { "compliance", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
711 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
712 { "default-new-key-algo", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
714 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
715 { "default_pubkey_algo",
716 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
718 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
720 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
722 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
726 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
727 "gnupg", N_("Options useful for debugging") },
728 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
729 "gnupg", "|LEVEL|set the debugging level to LEVEL",
730 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
731 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
732 "gnupg", N_("|FILE|write server mode logs to FILE"),
733 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
734 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
736 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
739 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
740 "gnupg", N_("Configuration for Keyservers") },
741 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
742 "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
743 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
744 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
745 "gnupg", N_("allow PKA lookups (DNS requests)"),
746 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
747 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
748 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
749 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
750 { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
751 NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
756 #endif /*BUILD_WITH_GPG*/
759 #ifndef BUILD_WITH_GPGSM
760 #define gc_options_gpgsm NULL
762 /* The options of the GC_COMPONENT_GPGSM component. */
763 static gc_option_t gc_options_gpgsm[] =
765 /* The configuration file to which we write the changes. */
766 { GPGCONF_NAME"-"GPGSM_NAME".conf",
767 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
768 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
771 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
772 "gnupg", N_("Options controlling the diagnostic output") },
773 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
775 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
776 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
777 "gnupg", "be somewhat more quiet",
778 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
779 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
781 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
784 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
785 "gnupg", N_("Options controlling the configuration") },
786 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
787 "gnupg", N_("|NAME|use NAME as default secret key"),
788 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
789 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
790 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
791 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
792 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
793 "gnupg", "|FILE|read options from FILE",
794 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
795 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
796 "gnupg", "use system's dirmngr if available",
797 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
798 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
799 "gnupg", N_("disable all access to the dirmngr"),
800 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
801 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
802 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
803 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
804 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
805 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
806 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
807 { "default_pubkey_algo",
808 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
810 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
813 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
814 "gnupg", N_("Options useful for debugging") },
815 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
816 "gnupg", "|LEVEL|set the debugging level to LEVEL",
817 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
818 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
819 "gnupg", N_("|FILE|write server mode logs to FILE"),
820 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
821 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
823 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
826 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
827 "gnupg", N_("Options controlling the security") },
828 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
829 "gnupg", "never consult a CRL",
830 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
831 { "enable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
833 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
834 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
835 "gnupg", N_("do not check CRLs for root certificates"),
836 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
837 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
838 "gnupg", "check validity using OCSP",
839 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
840 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
841 "gnupg", "|N|number of certificates to include",
842 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
843 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
844 "gnupg", "do not check certificate policies",
845 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
846 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
847 "gnupg", "fetch missing issuer certificates",
848 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
849 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
850 "gnupg", "|NAME|use cipher algorithm NAME",
851 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
855 #endif /*BUILD_WITH_GPGSM*/
858 #ifndef BUILD_WITH_DIRMNGR
859 #define gc_options_dirmngr NULL
861 /* The options of the GC_COMPONENT_DIRMNGR component. */
862 static gc_option_t gc_options_dirmngr[] =
864 /* The configuration file to which we write the changes. */
865 { GPGCONF_NAME"-"DIRMNGR_NAME".conf",
866 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
867 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
870 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
871 "gnupg", N_("Options controlling the diagnostic output") },
872 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
873 "dirmngr", "verbose",
874 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
875 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
876 "dirmngr", "be somewhat more quiet",
877 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
878 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
880 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
883 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
884 "gnupg", N_("Options controlling the format of the output") },
885 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
886 "dirmngr", "sh-style command output",
887 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
888 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
889 "dirmngr", "csh-style command output",
890 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
893 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
894 "gnupg", N_("Options controlling the configuration") },
895 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
896 "dirmngr", "|FILE|read options from FILE",
897 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
898 { "resolver-timeout", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
900 GC_ARG_TYPE_INT32, GC_BACKEND_DIRMNGR },
901 { "nameserver", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
903 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
906 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
907 "gnupg", N_("Options useful for debugging") },
908 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
909 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
910 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
911 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
912 "dirmngr", "do not detach from the console",
913 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
914 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
915 "dirmngr", N_("|FILE|write server mode logs to FILE"),
916 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
917 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
919 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
920 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
922 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
925 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
926 "gnupg", N_("Options controlling the interactivity and enforcement") },
927 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
928 "dirmngr", "run without asking a user",
929 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
930 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
931 "dirmngr", "force loading of outdated CRLs",
932 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
933 { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
934 "dirmngr", "allow online software version check",
935 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
938 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
939 "gnupg", N_("Options controlling the use of Tor") },
940 { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
941 "dirmngr", "route all network traffic via TOR",
942 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
945 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
946 "gnupg", N_("Configuration for Keyservers") },
947 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
948 "gnupg", N_("|URL|use keyserver at URL"),
949 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
952 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
953 "gnupg", N_("Configuration for HTTP servers") },
954 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
955 "dirmngr", "inhibit the use of HTTP",
956 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
957 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
958 "dirmngr", "ignore HTTP CRL distribution points",
959 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
960 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
961 "dirmngr", "|URL|redirect all HTTP requests to URL",
962 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
963 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
964 "gnupg", N_("use system's HTTP proxy setting"),
965 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
968 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
969 "gnupg", N_("Configuration of LDAP servers to use") },
970 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
971 "dirmngr", "inhibit the use of LDAP",
972 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
973 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
974 "dirmngr", "ignore LDAP CRL distribution points",
975 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
976 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
977 "dirmngr", "|HOST|use HOST for LDAP queries",
978 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
979 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
980 "dirmngr", "do not use fallback hosts with --ldap-proxy",
981 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
982 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
983 "dirmngr", "add new servers discovered in CRL distribution points"
984 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
985 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
986 "dirmngr", "|N|set LDAP timeout to N seconds",
987 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
988 /* The following entry must not be removed, as it is required for
989 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
990 { "ldapserverlist-file",
991 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
992 "dirmngr", "|FILE|read LDAP server list from FILE",
993 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
994 /* This entry must come after at least one entry for
995 GC_BACKEND_DIRMNGR in this component, so that the entry for
996 "ldapserverlist-file will be initialized before this one. */
997 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
998 "gnupg", N_("LDAP server list"),
999 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
1000 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1001 "dirmngr", "|N|do not return more than N items in one query",
1002 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
1005 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
1006 "gnupg", N_("Configuration for OCSP") },
1007 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1008 "dirmngr", "allow sending OCSP requests",
1009 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1010 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1011 "dirmngr", "ignore certificate contained OCSP service URLs",
1012 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1013 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1014 "dirmngr", "|URL|use OCSP responder at URL",
1015 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1016 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1017 "dirmngr", "|FPR|OCSP response signed by FPR",
1018 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1023 #endif /*BUILD_WITH_DIRMNGR*/
1026 /* The options of the GC_COMPONENT_PINENTRY component. */
1027 static gc_option_t gc_options_pinentry[] =
1029 /* A dummy option to allow gc_component_list_components to find the
1030 pinentry backend. Needs to be a conf file. */
1031 { GPGCONF_NAME"-pinentry.conf",
1032 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1033 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_PINENTRY },
1040 /* Component system. Each component is a set of options that can be
1041 configured at the same time. If you change this, don't forget to
1042 update GC_COMPONENT below. */
1045 /* The classic GPG for OpenPGP. */
1048 /* The GPG Agent. */
1049 GC_COMPONENT_GPG_AGENT,
1051 /* The Smardcard Daemon. */
1052 GC_COMPONENT_SCDAEMON,
1054 /* GPG for S/MIME. */
1057 /* The LDAP Directory Manager for CRLs. */
1058 GC_COMPONENT_DIRMNGR,
1060 /* The external Pinentry. */
1061 GC_COMPONENT_PINENTRY,
1063 /* The number of components. */
1068 /* The information associated with each component. */
1071 /* The name of this component. Must not contain a colon (':')
1075 /* The gettext domain for the description DESC. If this is NULL,
1076 then the description is not translated. */
1077 const char *desc_domain;
1079 /* The description for this domain. */
1082 /* The list of options for this component, terminated by
1084 gc_option_t *options;
1087 { "gpg", "gnupg", N_("OpenPGP"), gc_options_gpg },
1088 { "gpg-agent","gnupg", N_("Private Keys"), gc_options_gpg_agent },
1089 { "scdaemon", "gnupg", N_("Smartcards"), gc_options_scdaemon },
1090 { "gpgsm", "gnupg", N_("S/MIME"), gc_options_gpgsm },
1091 { "dirmngr", "gnupg", N_("Network"), gc_options_dirmngr },
1092 { "pinentry", "gnupg", N_("Passphrase Entry"), gc_options_pinentry }
1097 /* Structure used to collect error output of the backend programs. */
1098 struct error_line_s;
1099 typedef struct error_line_s *error_line_t;
1102 error_line_t next; /* Link to next item. */
1103 const char *fname; /* Name of the config file (points into BUFFER). */
1104 unsigned int lineno; /* Line number of the config file. */
1105 const char *errtext; /* Text of the error message (points into BUFFER). */
1106 char buffer[1]; /* Helper buffer. */
1112 /* Initialization and finalization. */
1115 gc_option_free (gc_option_t *o)
1117 if (o == NULL || o->name == NULL)
1121 gc_option_free (o + 1);
1125 gc_components_free (void)
1128 for (i = 0; i < DIM (gc_component); i++)
1129 gc_option_free (gc_component[i].options);
1133 gc_components_init (void)
1135 atexit (gc_components_free);
1140 /* Engine specific support. */
1142 gpg_agent_runtime_change (int killflag)
1144 gpg_error_t err = 0;
1145 const char *pgmname;
1146 const char *argv[5];
1147 pid_t pid = (pid_t)(-1);
1148 char *abs_homedir = NULL;
1151 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1152 if (!gnupg_default_homedir_p ())
1154 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1156 err = gpg_error_from_syserror ();
1158 argv[i++] = "--homedir";
1159 argv[i++] = abs_homedir;
1161 argv[i++] = "--no-autostart";
1162 argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT";
1166 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1168 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1170 gc_error (0, 0, "error running '%s %s': %s",
1171 pgmname, argv[1], gpg_strerror (err));
1172 gnupg_release_process (pid);
1173 xfree (abs_homedir);
1178 scdaemon_runtime_change (int killflag)
1180 gpg_error_t err = 0;
1181 const char *pgmname;
1182 const char *argv[9];
1183 pid_t pid = (pid_t)(-1);
1184 char *abs_homedir = NULL;
1187 (void)killflag; /* For scdaemon kill and reload are synonyms. */
1189 /* We use "GETINFO app_running" to see whether the agent is already
1190 running and kill it only in this case. This avoids an explicit
1191 starting of the agent in case it is not yet running. There is
1192 obviously a race condition but that should not harm too much. */
1194 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1195 if (!gnupg_default_homedir_p ())
1197 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1199 err = gpg_error_from_syserror ();
1201 argv[i++] = "--homedir";
1202 argv[i++] = abs_homedir;
1205 argv[i++] = "--no-autostart";
1206 argv[i++] = "GETINFO scd_running";
1207 argv[i++] = "/if ${! $?}";
1208 argv[i++] = "scd killscd";
1213 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1215 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1217 gc_error (0, 0, "error running '%s %s': %s",
1218 pgmname, argv[4], gpg_strerror (err));
1219 gnupg_release_process (pid);
1220 xfree (abs_homedir);
1225 dirmngr_runtime_change (int killflag)
1227 gpg_error_t err = 0;
1228 const char *pgmname;
1229 const char *argv[6];
1230 pid_t pid = (pid_t)(-1);
1231 char *abs_homedir = NULL;
1233 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1234 argv[0] = "--no-autostart";
1235 argv[1] = "--dirmngr";
1236 argv[2] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
1237 if (gnupg_default_homedir_p ())
1241 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1243 err = gpg_error_from_syserror ();
1245 argv[3] = "--homedir";
1246 argv[4] = abs_homedir;
1251 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1253 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1255 gc_error (0, 0, "error running '%s %s': %s",
1256 pgmname, argv[2], gpg_strerror (err));
1257 gnupg_release_process (pid);
1258 xfree (abs_homedir);
1262 /* Launch the gpg-agent or the dirmngr if not already running. */
1264 gc_component_launch (int component)
1267 const char *pgmname;
1268 const char *argv[3];
1274 err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
1276 err = gc_component_launch (GC_COMPONENT_DIRMNGR);
1280 if (!(component == GC_COMPONENT_GPG_AGENT
1281 || component == GC_COMPONENT_DIRMNGR))
1283 es_fputs (_("Component not suitable for launching"), es_stderr);
1284 es_putc ('\n', es_stderr);
1288 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1290 if (component == GC_COMPONENT_DIRMNGR)
1291 argv[i++] = "--dirmngr";
1295 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1297 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1299 gc_error (0, 0, "error running '%s%s%s': %s",
1301 component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
1303 gpg_strerror (err));
1304 gnupg_release_process (pid);
1309 /* Unconditionally restart COMPONENT. */
1311 gc_component_kill (int component)
1313 int runtime[GC_BACKEND_NR];
1314 gc_option_t *option;
1315 gc_backend_t backend;
1317 /* Set a flag for the backends to be reloaded. */
1318 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1319 runtime[backend] = 0;
1323 for (component = 0; component < GC_COMPONENT_NR; component++)
1325 option = gc_component[component].options;
1326 for (; option && option->name; option++)
1327 runtime[option->backend] = 1;
1332 assert (component < GC_COMPONENT_NR);
1333 option = gc_component[component].options;
1334 for (; option && option->name; option++)
1335 runtime[option->backend] = 1;
1338 /* Do the restart for the selected backends. */
1339 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1341 if (runtime[backend] && gc_backend[backend].runtime_change)
1342 (*gc_backend[backend].runtime_change) (1);
1347 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1349 gc_component_reload (int component)
1351 int runtime[GC_BACKEND_NR];
1352 gc_option_t *option;
1353 gc_backend_t backend;
1355 /* Set a flag for the backends to be reloaded. */
1356 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1357 runtime[backend] = 0;
1361 for (component = 0; component < GC_COMPONENT_NR; component++)
1363 option = gc_component[component].options;
1364 for (; option && option->name; option++)
1365 runtime[option->backend] = 1;
1370 assert (component < GC_COMPONENT_NR);
1371 option = gc_component[component].options;
1372 for (; option && option->name; option++)
1373 runtime[option->backend] = 1;
1376 /* Do the reload for all selected backends. */
1377 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1379 if (runtime[backend] && gc_backend[backend].runtime_change)
1380 (*gc_backend[backend].runtime_change) (0);
1386 /* More or less Robust version of dgettext. It has the side effect of
1387 switching the codeset to utf-8 because this is what we want to
1388 output. In theory it is posible to keep the original code set and
1389 switch back for regular disgnostic output (redefine "_(" for that)
1390 but given the natur of this tool, being something invoked from
1391 other pograms, it does not make much sense. */
1393 my_dgettext (const char *domain, const char *msgid)
1395 #ifdef USE_SIMPLE_GETTEXT
1398 static int switched_codeset;
1401 if (!switched_codeset)
1403 switched_codeset = 1;
1404 gettext_use_utf8 (1);
1407 if (!strcmp (domain, "gnupg"))
1408 domain = PACKAGE_GT;
1410 /* FIXME: we have no dgettext, thus we can't switch. */
1412 text = (char*)gettext (msgid);
1413 return text ? text : msgid;
1417 #elif defined(ENABLE_NLS)
1420 static int switched_codeset;
1423 if (!switched_codeset)
1425 switched_codeset = 1;
1426 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1428 bindtextdomain (DIRMNGR_NAME, LOCALEDIR);
1429 bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
1433 /* Note: This is a hack to actually use the gnupg2 domain as
1434 long we are in a transition phase where gnupg 1.x and 1.9 may
1436 if (!strcmp (domain, "gnupg"))
1437 domain = PACKAGE_GT;
1439 text = dgettext (domain, msgid);
1440 return text ? text : msgid;
1451 /* Percent-Escape special characters. The string is valid until the
1452 next invocation of the function. */
1454 gc_percent_escape (const char *src)
1456 static char *esc_str;
1457 static int esc_str_len;
1458 int new_len = 3 * strlen (src) + 1;
1461 if (esc_str_len < new_len)
1463 char *new_esc_str = realloc (esc_str, new_len);
1465 gc_error (1, errno, "can not escape string");
1466 esc_str = new_esc_str;
1467 esc_str_len = new_len;
1479 else if (*src == ':')
1481 /* The colon is used as field separator. */
1486 else if (*src == ',')
1488 /* The comma is used as list separator. */
1503 /* Percent-Deescape special characters. The string is valid until the
1504 next invocation of the function. */
1506 percent_deescape (const char *src)
1510 int new_len = 3 * strlen (src) + 1;
1513 if (str_len < new_len)
1515 char *new_str = realloc (str, new_len);
1517 gc_error (1, errno, "can not deescape string");
1527 int val = hextobyte (src + 1);
1530 gc_error (1, 0, "malformed end of string %s", src);
1532 *(dst++) = (char) val;
1536 *(dst++) = *(src++);
1543 /* List all components that are available. */
1545 gc_component_list_components (estream_t out)
1547 gc_component_t component;
1548 gc_option_t *option;
1549 gc_backend_t backend;
1550 int backend_seen[GC_BACKEND_NR];
1552 const char *pgmname;
1554 for (component = 0; component < GC_COMPONENT_NR; component++)
1556 option = gc_component[component].options;
1559 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1560 backend_seen[backend] = 0;
1563 for (; option && option->name; option++)
1565 if ((option->flags & GC_OPT_FLAG_GROUP))
1567 backend = option->backend;
1568 if (backend_seen[backend])
1570 backend_seen[backend] = 1;
1571 assert (backend != GC_BACKEND_ANY);
1572 if (gc_backend[backend].program
1573 && !gc_backend[backend].module_name)
1575 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1579 desc = gc_component[component].desc;
1580 desc = my_dgettext (gc_component[component].desc_domain, desc);
1581 es_fprintf (out, "%s:%s:",
1582 gc_component[component].name, gc_percent_escape (desc));
1583 es_fprintf (out, "%s\n", gc_percent_escape (pgmname));
1591 all_digits_p (const char *p, size_t len)
1595 for (; len; len--, p++)
1596 if (!isascii (*p) || !isdigit (*p))
1598 return 1; /* Yes. */
1602 /* Collect all error lines from stream FP. Only lines prefixed with
1603 TAG are considered. Returns a list of error line items (which may
1604 be empty). There is no error return. */
1606 collect_error_output (estream_t fp, const char *tag)
1612 error_line_t eitem, errlines, *errlines_tail;
1613 size_t taglen = strlen (tag);
1616 errlines_tail = &errlines;
1619 while ((c=es_getc (fp)) != EOF)
1622 if (pos >= sizeof buffer - 5 || c == '\n')
1624 buffer[pos - (c == '\n')] = 0;
1626 ; /*Ignore continuations of previous line. */
1627 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1629 /* "gpgsm: foo:4: bla" */
1630 /* Yep, we are interested in this line. */
1631 p = buffer + taglen + 1;
1632 while (*p == ' ' || *p == '\t')
1634 trim_trailing_spaces (p); /* Get rid of extra CRs. */
1636 ; /* Empty lines are ignored. */
1637 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1638 && all_digits_p (p2+1, p3 - (p2+1)))
1640 /* Line in standard compiler format. */
1642 while (*p3 == ' ' || *p3 == '\t')
1644 eitem = xmalloc (sizeof *eitem + strlen (p));
1646 strcpy (eitem->buffer, p);
1647 eitem->fname = eitem->buffer;
1648 eitem->buffer[p2-p] = 0;
1649 eitem->errtext = eitem->buffer + (p3 - p);
1650 /* (we already checked that there are only ascii
1651 digits followed by a colon) */
1653 for (p2++; isdigit (*p2); p2++)
1654 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1655 *errlines_tail = eitem;
1656 errlines_tail = &eitem->next;
1660 /* Other error output. */
1661 eitem = xmalloc (sizeof *eitem + strlen (p));
1663 strcpy (eitem->buffer, p);
1664 eitem->fname = NULL;
1665 eitem->errtext = eitem->buffer;
1667 *errlines_tail = eitem;
1668 errlines_tail = &eitem->next;
1672 /* If this was not a complete line mark that we are in a
1674 cont_line = (c != '\n');
1678 /* We ignore error lines not terminated by a LF. */
1683 /* Check the options of a single component. Returns 0 if everything
1686 gc_component_check_options (int component, estream_t out, const char *conf_file)
1689 unsigned int result;
1690 int backend_seen[GC_BACKEND_NR];
1691 gc_backend_t backend;
1692 gc_option_t *option;
1693 const char *pgmname;
1694 const char *argv[4];
1699 error_line_t errlines;
1701 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1702 backend_seen[backend] = 0;
1704 option = gc_component[component].options;
1705 for (; option && option->name; option++)
1707 if ((option->flags & GC_OPT_FLAG_GROUP))
1709 backend = option->backend;
1710 if (backend_seen[backend])
1712 backend_seen[backend] = 1;
1713 assert (backend != GC_BACKEND_ANY);
1714 if (!gc_backend[backend].program)
1716 if (!gc_backend[backend].module_name)
1721 if (! option || ! option->name)
1724 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1728 argv[i++] = "--options";
1729 argv[i++] = conf_file;
1731 if (component == GC_COMPONENT_PINENTRY)
1732 argv[i++] = "--version";
1734 argv[i++] = "--gpgconf-test";
1739 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
1740 NULL, NULL, &errfp, &pid);
1742 result |= 1; /* Program could not be run. */
1745 errlines = collect_error_output (errfp,
1746 gc_component[component].name);
1747 if (gnupg_wait_process (pgmname, pid, 1, &exitcode))
1750 result |= 1; /* Program could not be run or it
1751 terminated abnormally. */
1752 result |= 2; /* Program returned an error. */
1754 gnupg_release_process (pid);
1758 /* If the program could not be run, we can't tell whether
1759 the config file is good. */
1766 error_line_t errptr;
1768 desc = gc_component[component].desc;
1769 desc = my_dgettext (gc_component[component].desc_domain, desc);
1770 es_fprintf (out, "%s:%s:",
1771 gc_component[component].name, gc_percent_escape (desc));
1772 es_fputs (gc_percent_escape (pgmname), out);
1773 es_fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1774 for (errptr = errlines; errptr; errptr = errptr->next)
1776 if (errptr != errlines)
1777 es_fputs ("\n:::::", out); /* Continuation line. */
1779 es_fputs (gc_percent_escape (errptr->fname), out);
1782 es_fprintf (out, "%u", errptr->lineno);
1784 es_fputs (gc_percent_escape (errptr->errtext), out);
1787 es_putc ('\n', out);
1792 error_line_t tmp = errlines->next;
1802 /* Check all components that are available. */
1804 gc_check_programs (estream_t out)
1806 gc_component_t component;
1808 for (component = 0; component < GC_COMPONENT_NR; component++)
1809 gc_component_check_options (component, out, NULL);
1814 /* Find the component with the name NAME. Returns -1 if not
1817 gc_component_find (const char *name)
1821 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1823 if (gc_component[idx].options
1824 && !strcmp (name, gc_component[idx].name))
1831 /* List the option OPTION. */
1833 list_one_option (const gc_option_t *option, estream_t out)
1835 const char *desc = NULL;
1836 char *arg_name = NULL;
1840 desc = my_dgettext (option->desc_domain, option->desc);
1844 const char *arg_tail = strchr (&desc[1], '|');
1848 int arg_len = arg_tail - &desc[1];
1849 arg_name = xmalloc (arg_len + 1);
1850 memcpy (arg_name, &desc[1], arg_len);
1851 arg_name[arg_len] = '\0';
1852 desc = arg_tail + 1;
1858 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1859 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1862 /* The name field. */
1863 es_fprintf (out, "%s", option->name);
1865 /* The flags field. */
1866 es_fprintf (out, ":%lu", option->flags);
1872 es_fprintf (out, "none");
1875 unsigned long flags = option->flags;
1876 unsigned long flag = 0;
1877 unsigned long first = 1;
1887 es_fprintf (out, "%s", gc_flag[flag].name);
1895 /* The level field. */
1896 es_fprintf (out, ":%u", option->level);
1898 es_fprintf (out, " %s", gc_level[option->level].name);
1900 /* The description field. */
1901 es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1903 /* The type field. */
1904 es_fprintf (out, ":%u", option->arg_type);
1906 es_fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1908 /* The alternate type field. */
1909 es_fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1911 es_fprintf (out, " %s",
1912 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1914 /* The argument name field. */
1915 es_fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1918 /* The default value field. */
1919 es_fprintf (out, ":%s", option->default_value ? option->default_value : "");
1921 /* The default argument field. */
1922 es_fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1924 /* The value field. */
1925 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1926 && (option->flags & GC_OPT_FLAG_LIST)
1928 /* The special format "1,1,1,1,...,1" is converted to a number
1930 es_fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1932 es_fprintf (out, ":%s", option->value ? option->value : "");
1934 /* ADD NEW FIELDS HERE. */
1936 es_putc ('\n', out);
1940 /* List all options of the component COMPONENT. */
1942 gc_component_list_options (int component, estream_t out)
1944 const gc_option_t *option = gc_component[component].options;
1946 while (option && option->name)
1948 /* Do not output unknown or internal options. */
1949 if (!(option->flags & GC_OPT_FLAG_GROUP)
1950 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1956 if (option->flags & GC_OPT_FLAG_GROUP)
1958 const gc_option_t *group_option = option + 1;
1959 gc_expert_level_t level = GC_LEVEL_NR;
1961 /* The manual states that the group level is always the
1962 minimum of the levels of all contained options. Due to
1963 different active options, and because it is hard to
1964 maintain manually, we calculate it here. The value in
1965 the global static table is ignored. */
1967 while (group_option->name)
1969 if (group_option->flags & GC_OPT_FLAG_GROUP)
1971 if (group_option->level < level)
1972 level = group_option->level;
1976 /* Check if group is empty. */
1977 if (level != GC_LEVEL_NR)
1979 gc_option_t opt_copy;
1981 /* Fix up the group level. */
1982 memcpy (&opt_copy, option, sizeof (opt_copy));
1983 opt_copy.level = level;
1984 list_one_option (&opt_copy, out);
1988 list_one_option (option, out);
1995 /* Find the option NAME in component COMPONENT, for the backend
1996 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
1997 static gc_option_t *
1998 find_option (gc_component_t component, const char *name,
1999 gc_backend_t backend)
2001 gc_option_t *option = gc_component[component].options;
2002 while (option->name)
2004 if (!(option->flags & GC_OPT_FLAG_GROUP)
2005 && !strcmp (option->name, name)
2006 && (backend == GC_BACKEND_ANY || option->backend == backend))
2010 return option->name ? option : NULL;
2014 /* Determine the configuration filename for the component COMPONENT
2015 and backend BACKEND. */
2017 get_config_filename (gc_component_t component, gc_backend_t backend)
2019 char *filename = NULL;
2020 gc_option_t *option = find_option
2021 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2023 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
2024 assert (!(option->flags & GC_OPT_FLAG_LIST));
2026 if (!option->active || !option->default_value)
2027 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
2028 gc_backend[backend].option_config_filename,
2029 gc_backend[backend].name);
2031 if (option->value && *option->value)
2032 filename = percent_deescape (&option->value[1]);
2033 else if (option->default_value && *option->default_value)
2034 filename = percent_deescape (&option->default_value[1]);
2038 #if HAVE_W32CE_SYSTEM
2039 if (!(filename[0] == '/' || filename[0] == '\\'))
2040 #elif defined(HAVE_DOSISH_SYSTEM)
2042 && filename[1] == ':'
2043 && (filename[2] == '/' || filename[2] == '\\')))
2045 if (filename[0] != '/')
2047 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
2048 gc_backend[backend].option_config_filename,
2049 gc_backend[backend].name);
2055 /* Retrieve the options for the component COMPONENT from backend
2056 BACKEND, which we already know is a program-type backend. */
2058 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
2061 const char *pgmname;
2062 const char *argv[2];
2067 size_t line_len = 0;
2070 char *config_filename;
2072 pgmname = (gc_backend[backend].module_name
2073 ? gnupg_module_name (gc_backend[backend].module_name)
2074 : gc_backend[backend].program );
2075 argv[0] = "--gpgconf-list";
2078 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
2079 NULL, &outfp, NULL, &pid);
2082 gc_error (1, 0, "could not gather active options from '%s': %s",
2083 pgmname, gpg_strerror (err));
2086 while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
2088 gc_option_t *option;
2090 unsigned long flags = 0;
2091 char *default_value = NULL;
2093 /* Strip newline and carriage return, if present. */
2095 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
2096 line[--length] = '\0';
2098 linep = strchr (line, ':');
2102 /* Extract additional flags. Default to none. */
2108 end = strchr (linep, ':');
2112 gpg_err_set_errno (0);
2113 flags = strtoul (linep, &tail, 0);
2115 gc_error (1, errno, "malformed flags in option %s from %s",
2117 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
2118 gc_error (1, 0, "garbage after flags in option %s from %s",
2124 /* Extract default value, if present. Default to empty if
2130 end = strchr (linep, ':');
2134 if (flags & GC_OPT_FLAG_DEFAULT)
2135 default_value = linep;
2140 /* Look up the option in the component and install the
2141 configuration data. */
2142 option = find_option (component, line, backend);
2146 gc_error (1, errno, "option %s returned twice from %s",
2150 option->flags |= flags;
2151 if (default_value && *default_value)
2152 option->default_value = xstrdup (default_value);
2155 if (length < 0 || es_ferror (outfp))
2156 gc_error (1, errno, "error reading from %s", pgmname);
2157 if (es_fclose (outfp))
2158 gc_error (1, errno, "error closing %s", pgmname);
2160 err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
2162 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
2163 pgmname, exitcode, gpg_strerror (err));
2164 gnupg_release_process (pid);
2167 /* At this point, we can parse the configuration file. */
2168 config_filename = get_config_filename (component, backend);
2170 config = es_fopen (config_filename, "r");
2173 if (errno != ENOENT)
2174 gc_error (0, errno, "warning: can not open config file %s",
2179 while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
2183 gc_option_t *option;
2186 while (*name == ' ' || *name == '\t')
2188 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
2192 while (*value && *value != ' ' && *value != '\t'
2193 && *value != '#' && *value != '\r' && *value != '\n')
2195 if (*value == ' ' || *value == '\t')
2200 while (*value == ' ' || *value == '\t')
2204 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2206 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
2213 /* Look up the option in the component and install the
2214 configuration data. */
2215 option = find_option (component, line, backend);
2220 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2224 "warning: ignoring argument %s for option %s",
2226 opt_value = xstrdup ("1");
2228 else if (gc_arg_type[option->arg_type].fallback
2229 == GC_ARG_TYPE_STRING)
2230 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
2233 /* FIXME: Verify that the number is sane. */
2234 opt_value = xstrdup (value);
2237 /* Now enter the option into the table. */
2238 if (!(option->flags & GC_OPT_FLAG_LIST))
2241 xfree (option->value);
2242 option->value = opt_value;
2247 option->value = opt_value;
2250 char *old = option->value;
2251 option->value = xasprintf ("%s,%s", old, opt_value);
2259 if (length < 0 || es_ferror (config))
2260 gc_error (1, errno, "error reading from %s", config_filename);
2261 if (es_fclose (config))
2262 gc_error (1, errno, "error closing %s", config_filename);
2269 /* Retrieve the options for the component COMPONENT from backend
2270 BACKEND, which we already know is of type file list. */
2272 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2274 gc_option_t *list_option;
2275 gc_option_t *config_option;
2276 char *list_filename;
2279 size_t line_len = 0;
2283 list_option = find_option (component,
2284 gc_backend[backend].option_name, GC_BACKEND_ANY);
2285 assert (list_option);
2286 assert (!list_option->active);
2288 list_filename = get_config_filename (component, backend);
2289 list_file = fopen (list_filename, "r");
2291 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2295 while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
2302 while (*start == ' ' || *start == '\t')
2304 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2308 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2310 /* Walk back to skip trailing white spaces. Looks evil, but
2311 works because of the conditions on START and END imposed
2312 at this point (END is at least START + 1, and START is
2313 not a whitespace character). */
2314 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2317 /* FIXME: Oh, no! This is so lame! Should use realloc and
2321 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2326 list = xasprintf ("\"%s", gc_percent_escape (start));
2328 if (length < 0 || ferror (list_file))
2329 gc_error (1, errno, "can not read list file %s", list_filename);
2332 list_option->active = 1;
2333 list_option->value = list;
2335 /* Fix up the read-only flag. */
2336 config_option = find_option
2337 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2338 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2339 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2341 if (list_file && fclose (list_file))
2342 gc_error (1, errno, "error closing %s", list_filename);
2347 /* Retrieve the currently active options and their defaults from all
2348 involved backends for this component. Using -1 for component will
2349 retrieve all options from all components. */
2351 gc_component_retrieve_options (int component)
2353 int process_all = 0;
2354 int backend_seen[GC_BACKEND_NR];
2355 gc_backend_t backend;
2356 gc_option_t *option;
2358 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2359 backend_seen[backend] = 0;
2361 if (component == -1)
2365 assert (component < GC_COMPONENT_NR);
2370 if (component == GC_COMPONENT_PINENTRY)
2371 continue; /* Skip this dummy component. */
2373 option = gc_component[component].options;
2375 while (option && option->name)
2377 if (!(option->flags & GC_OPT_FLAG_GROUP))
2379 backend = option->backend;
2381 if (backend_seen[backend])
2386 backend_seen[backend] = 1;
2388 assert (backend != GC_BACKEND_ANY);
2390 if (gc_backend[backend].program)
2391 retrieve_options_from_program (component, backend);
2393 retrieve_options_from_file (component, backend);
2398 while (process_all && ++component < GC_COMPONENT_NR);
2404 /* Perform a simple validity check based on the type. Return in
2405 * NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2406 * type GC_ARG_TYPE_NONE. If VERBATIM is set the profile parsing mode
2409 option_check_validity (gc_option_t *option, unsigned long flags,
2410 char *new_value, unsigned long *new_value_nr,
2415 if (!option->active)
2416 gc_error (1, 0, "option %s not supported by backend %s",
2417 option->name, gc_backend[option->backend].name);
2419 if (option->new_flags || option->new_value)
2420 gc_error (1, 0, "option %s already changed", option->name);
2422 if (flags & GC_OPT_FLAG_DEFAULT)
2425 gc_error (1, 0, "argument %s provided for deleted option %s",
2426 new_value, option->name);
2431 /* GC_ARG_TYPE_NONE options have special list treatment. */
2432 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2436 gpg_err_set_errno (0);
2437 *new_value_nr = strtoul (new_value, &tail, 0);
2440 gc_error (1, errno, "invalid argument for option %s",
2443 gc_error (1, 0, "garbage after argument for option %s",
2446 if (!(option->flags & GC_OPT_FLAG_LIST))
2448 if (*new_value_nr != 1)
2449 gc_error (1, 0, "argument for non-list option %s of type 0 "
2450 "(none) must be 1", option->name);
2454 if (*new_value_nr == 0)
2455 gc_error (1, 0, "argument for option %s of type 0 (none) "
2456 "must be positive", option->name);
2465 if (*arg == '\0' || (*arg == ',' && !verbatim))
2467 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2468 gc_error (1, 0, "argument required for option %s", option->name);
2470 if (*arg == ',' && !verbatim && !(option->flags & GC_OPT_FLAG_LIST))
2471 gc_error (1, 0, "list found for non-list option %s", option->name);
2473 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2475 if (*arg != '"' && !verbatim)
2476 gc_error (1, 0, "string argument for option %s must begin "
2477 "with a quote (\") character", option->name);
2479 /* FIXME: We do not allow empty string arguments for now, as
2480 we do not quote arguments in configuration files, and
2481 thus no argument is indistinguishable from the empty
2483 if (arg[1] == '\0' || (arg[1] == ',' && !verbatim))
2484 gc_error (1, 0, "empty string argument for option %s is "
2485 "currently not allowed. Please report this!",
2488 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2492 gpg_err_set_errno (0);
2493 res = strtol (arg, &arg, 0);
2497 gc_error (1, errno, "invalid argument for option %s",
2500 if (*arg != '\0' && (*arg != ',' || verbatim))
2501 gc_error (1, 0, "garbage after argument for option %s",
2504 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2508 gpg_err_set_errno (0);
2509 res = strtoul (arg, &arg, 0);
2513 gc_error (1, errno, "invalid argument for option %s",
2516 if (*arg != '\0' && (*arg != ',' || verbatim))
2517 gc_error (1, 0, "garbage after argument for option %s",
2520 arg = verbatim? strchr (arg, ',') : NULL;
2524 while (arg && *arg);
2528 #ifdef HAVE_W32_SYSTEM
2530 copy_file (const char *src_name, const char *dst_name)
2532 #define BUF_LEN 4096
2533 char buffer[BUF_LEN];
2538 src = fopen (src_name, "r");
2542 dst = fopen (dst_name, "w");
2545 int saved_err = errno;
2547 gpg_err_set_errno (saved_err);
2555 len = fread (buffer, 1, BUF_LEN, src);
2558 written = fwrite (buffer, 1, len, dst);
2562 while (!feof (src) && !ferror (src) && !ferror (dst));
2564 if (ferror (src) || ferror (dst) || !feof (src))
2566 int saved_errno = errno;
2570 gpg_err_set_errno (saved_errno);
2575 gc_error (1, errno, "error closing %s", dst_name);
2577 gc_error (1, errno, "error closing %s", src_name);
2581 #endif /* HAVE_W32_SYSTEM */
2584 /* Create and verify the new configuration file for the specified
2585 backend and component. Returns 0 on success and -1 on error. */
2587 change_options_file (gc_component_t component, gc_backend_t backend,
2588 char **src_filenamep, char **dest_filenamep,
2589 char **orig_filenamep)
2591 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2592 /* True if we are within the marker in the config file. */
2594 gc_option_t *option;
2600 FILE *src_file = NULL;
2601 FILE *dest_file = NULL;
2603 char *dest_filename;
2604 char *orig_filename;
2606 char *cur_arg = NULL;
2608 option = find_option (component,
2609 gc_backend[backend].option_name, GC_BACKEND_ANY);
2611 assert (option->active);
2612 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2614 /* FIXME. Throughout the function, do better error reporting. */
2615 /* Note that get_config_filename() calls percent_deescape(), so we
2616 call this before processing the arguments. */
2617 dest_filename = xstrdup (get_config_filename (component, backend));
2618 src_filename = xasprintf ("%s.%s.%i.new",
2619 dest_filename, GPGCONF_NAME, (int)getpid ());
2620 orig_filename = xasprintf ("%s.%s.%i.bak",
2621 dest_filename, GPGCONF_NAME, (int)getpid ());
2623 arg = option->new_value;
2624 if (arg && arg[0] == '\0')
2631 end = strchr (arg, ',');
2635 cur_arg = percent_deescape (arg);
2645 #ifdef HAVE_W32_SYSTEM
2646 res = copy_file (dest_filename, orig_filename);
2648 res = link (dest_filename, orig_filename);
2650 if (res < 0 && errno != ENOENT)
2652 xfree (dest_filename);
2653 xfree (src_filename);
2654 xfree (orig_filename);
2659 xfree (orig_filename);
2660 orig_filename = NULL;
2663 /* We now initialize the return strings, so the caller can do the
2665 *src_filenamep = src_filename;
2666 *dest_filenamep = dest_filename;
2667 *orig_filenamep = orig_filename;
2669 /* Use open() so that we can use O_EXCL. */
2670 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2673 src_file = fdopen (fd, "w");
2677 gpg_err_set_errno (res);
2681 /* Only if ORIG_FILENAME is not NULL did the configuration file
2682 exist already. In this case, we will copy its content into the
2683 new configuration file, changing it to our liking in the
2687 dest_file = fopen (dest_filename, "r");
2689 goto change_file_one_err;
2691 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2696 if (!strncmp (marker, line, sizeof (marker) - 1))
2705 while (*start == ' ' || *start == '\t')
2707 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2716 /* Search for the end of the line. */
2717 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2720 if (*endp && *endp != ' ' && *endp != '\t'
2721 && *endp != '\r' && *endp != '\n' && *endp != '#')
2727 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2728 || !cur_arg || strcmp (start, cur_arg))
2732 /* Find next argument. */
2738 arg_end = strchr (arg, ',');
2742 cur_arg = percent_deescape (arg);
2763 "# %s disabled this option here at %s\n",
2764 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2765 if (ferror (src_file))
2766 goto change_file_one_err;
2767 fprintf (src_file, "# %s", line);
2768 if (ferror (src_file))
2769 goto change_file_one_err;
2774 fprintf (src_file, "%s", line);
2775 if (ferror (src_file))
2776 goto change_file_one_err;
2779 if (length < 0 || ferror (dest_file))
2780 goto change_file_one_err;
2785 /* There was no marker. This is the first time we edit the
2786 file. We add our own marker at the end of the file and
2787 proceed. Note that we first write a newline, this guards us
2788 against files which lack the newline at the end of the last
2789 line, while it doesn't hurt us in all other cases. */
2790 fprintf (src_file, "\n%s\n", marker);
2791 if (ferror (src_file))
2792 goto change_file_one_err;
2795 /* At this point, we have copied everything up to the end marker
2796 into the new file, except for the arguments we are going to add.
2797 Now, dump the new arguments and write the end marker, possibly
2798 followed by the rest of the original file. */
2801 fprintf (src_file, "%s\n", cur_arg);
2803 /* Find next argument. */
2809 end = strchr (arg, ',');
2813 cur_arg = percent_deescape (arg);
2826 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2827 if (ferror (src_file))
2828 goto change_file_one_err;
2832 fprintf (src_file, "# %s edited this configuration file.\n",
2834 if (ferror (src_file))
2835 goto change_file_one_err;
2836 fprintf (src_file, "# It will disable options before this marked "
2837 "block, but it will\n");
2838 if (ferror (src_file))
2839 goto change_file_one_err;
2840 fprintf (src_file, "# never change anything below these lines.\n");
2841 if (ferror (src_file))
2842 goto change_file_one_err;
2846 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2848 fprintf (src_file, "%s", line);
2849 if (ferror (src_file))
2850 goto change_file_one_err;
2852 if (length < 0 || ferror (dest_file))
2853 goto change_file_one_err;
2858 res = fclose (src_file);
2865 gpg_err_set_errno (res);
2871 res = fclose (dest_file);
2877 change_file_one_err:
2887 gpg_err_set_errno (res);
2892 /* Create and verify the new configuration file for the specified
2893 * backend and component. Returns 0 on success and -1 on error. If
2894 * VERBATIM is set the profile mode is used. */
2896 change_options_program (gc_component_t component, gc_backend_t backend,
2897 char **src_filenamep, char **dest_filenamep,
2898 char **orig_filenamep,
2901 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2902 /* True if we are within the marker in the config file. */
2904 gc_option_t *option;
2910 FILE *src_file = NULL;
2911 FILE *dest_file = NULL;
2913 char *dest_filename;
2914 char *orig_filename;
2915 /* Special hack for gpg, see below. */
2916 int utf8strings_seen = 0;
2918 /* FIXME. Throughout the function, do better error reporting. */
2919 dest_filename = xstrdup (get_config_filename (component, backend));
2920 src_filename = xasprintf ("%s.%s.%i.new",
2921 dest_filename, GPGCONF_NAME, (int)getpid ());
2922 orig_filename = xasprintf ("%s.%s.%i.bak",
2923 dest_filename, GPGCONF_NAME, (int)getpid ());
2925 #ifdef HAVE_W32_SYSTEM
2926 res = copy_file (dest_filename, orig_filename);
2928 res = link (dest_filename, orig_filename);
2930 if (res < 0 && errno != ENOENT)
2932 xfree (dest_filename);
2933 xfree (src_filename);
2934 xfree (orig_filename);
2939 xfree (orig_filename);
2940 orig_filename = NULL;
2943 /* We now initialize the return strings, so the caller can do the
2945 *src_filenamep = src_filename;
2946 *dest_filenamep = dest_filename;
2947 *orig_filenamep = orig_filename;
2949 /* Use open() so that we can use O_EXCL. */
2950 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2953 src_file = fdopen (fd, "w");
2957 gpg_err_set_errno (res);
2961 /* Only if ORIG_FILENAME is not NULL did the configuration file
2962 exist already. In this case, we will copy its content into the
2963 new configuration file, changing it to our liking in the
2967 dest_file = fopen (dest_filename, "r");
2969 goto change_one_err;
2971 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2976 if (!strncmp (marker, line, sizeof (marker) - 1))
2983 else if (backend == GC_BACKEND_GPG && in_marker
2984 && ! strcmp ("utf8-strings\n", line))
2986 /* Strip duplicated entries. */
2987 if (utf8strings_seen)
2990 utf8strings_seen = 1;
2994 while (*start == ' ' || *start == '\t')
2996 if (*start && *start != '\r' && *start != '\n' && *start != '#')
3002 while (*end && *end != ' ' && *end != '\t'
3003 && *end != '\r' && *end != '\n' && *end != '#')
3008 option = find_option (component, start, backend);
3010 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
3011 || option->new_value))
3019 "# %s disabled this option here at %s\n",
3020 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
3021 if (ferror (src_file))
3022 goto change_one_err;
3023 fprintf (src_file, "# %s", line);
3024 if (ferror (src_file))
3025 goto change_one_err;
3030 fprintf (src_file, "%s", line);
3031 if (ferror (src_file))
3032 goto change_one_err;
3035 if (length < 0 || ferror (dest_file))
3036 goto change_one_err;
3041 /* There was no marker. This is the first time we edit the
3042 file. We add our own marker at the end of the file and
3043 proceed. Note that we first write a newline, this guards us
3044 against files which lack the newline at the end of the last
3045 line, while it doesn't hurt us in all other cases. */
3046 fprintf (src_file, "\n%s\n", marker);
3047 if (ferror (src_file))
3048 goto change_one_err;
3050 /* At this point, we have copied everything up to the end marker
3051 into the new file, except for the options we are going to change.
3052 Now, dump the changed options (except for those we are going to
3053 revert to their default), and write the end marker, possibly
3054 followed by the rest of the original file. */
3056 /* We have to turn on UTF8 strings for GnuPG. */
3057 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
3058 fprintf (src_file, "utf8-strings\n");
3060 option = gc_component[component].options;
3061 while (option->name)
3063 if (!(option->flags & GC_OPT_FLAG_GROUP)
3064 && option->backend == backend
3065 && option->new_value)
3067 char *arg = option->new_value;
3071 if (*arg == '\0' || *arg == ',')
3073 fprintf (src_file, "%s\n", option->name);
3074 if (ferror (src_file))
3075 goto change_one_err;
3077 else if (gc_arg_type[option->arg_type].fallback
3078 == GC_ARG_TYPE_NONE)
3080 assert (*arg == '1');
3081 fprintf (src_file, "%s\n", option->name);
3082 if (ferror (src_file))
3083 goto change_one_err;
3087 else if (gc_arg_type[option->arg_type].fallback
3088 == GC_ARG_TYPE_STRING)
3094 log_assert (*arg == '"');
3097 end = strchr (arg, ',');
3104 fprintf (src_file, "%s %s\n", option->name,
3105 verbatim? arg : percent_deescape (arg));
3106 if (ferror (src_file))
3107 goto change_one_err;
3117 end = strchr (arg, ',');
3121 fprintf (src_file, "%s %s\n", option->name, arg);
3122 if (ferror (src_file))
3123 goto change_one_err;
3130 assert (arg == NULL || *arg == '\0' || *arg == ',');
3131 if (arg && *arg == ',')
3134 while (arg && *arg);
3139 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
3140 if (ferror (src_file))
3141 goto change_one_err;
3145 fprintf (src_file, "# %s edited this configuration file.\n",
3147 if (ferror (src_file))
3148 goto change_one_err;
3149 fprintf (src_file, "# It will disable options before this marked "
3150 "block, but it will\n");
3151 if (ferror (src_file))
3152 goto change_one_err;
3153 fprintf (src_file, "# never change anything below these lines.\n");
3154 if (ferror (src_file))
3155 goto change_one_err;
3159 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
3161 fprintf (src_file, "%s", line);
3162 if (ferror (src_file))
3163 goto change_one_err;
3165 if (length < 0 || ferror (dest_file))
3166 goto change_one_err;
3171 res = fclose (src_file);
3178 gpg_err_set_errno (res);
3184 res = fclose (dest_file);
3200 gpg_err_set_errno (res);
3205 /* Common code for gc_component_change_options and
3206 * gc_process_gpgconf_conf. If VERBATIM is set the profile parsing
3209 change_one_value (gc_option_t *option, int *runtime,
3210 unsigned long flags, char *new_value, int verbatim)
3212 unsigned long new_value_nr = 0;
3214 option_check_validity (option, flags, new_value, &new_value_nr, verbatim);
3216 if (option->flags & GC_OPT_FLAG_RUNTIME)
3217 runtime[option->backend] = 1;
3219 option->new_flags = flags;
3220 if (!(flags & GC_OPT_FLAG_DEFAULT))
3222 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
3223 && (option->flags & GC_OPT_FLAG_LIST))
3227 /* We convert the number to a list of 1's for convenient
3229 assert (new_value_nr > 0);
3230 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
3231 str = option->new_value;
3233 while (--new_value_nr > 0)
3241 option->new_value = xstrdup (new_value);
3246 /* Read the modifications from IN and apply them. If IN is NULL the
3247 modifications are expected to already have been set to the global
3248 table. If VERBATIM is set the profile mode is used. */
3250 gc_component_change_options (int component, estream_t in, estream_t out,
3254 int runtime[GC_BACKEND_NR];
3255 char *src_filename[GC_BACKEND_NR];
3256 char *dest_filename[GC_BACKEND_NR];
3257 char *orig_filename[GC_BACKEND_NR];
3258 gc_backend_t backend;
3259 gc_option_t *option;
3261 size_t line_len = 0;
3264 if (component == GC_COMPONENT_PINENTRY)
3265 return; /* Dummy component for now. */
3267 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3269 runtime[backend] = 0;
3270 src_filename[backend] = NULL;
3271 dest_filename[backend] = NULL;
3272 orig_filename[backend] = NULL;
3277 /* Read options from the file IN. */
3278 while ((length = es_read_line (in, &line, &line_len, NULL)) > 0)
3281 unsigned long flags = 0;
3282 char *new_value = "";
3284 /* Strip newline and carriage return, if present. */
3286 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3287 line[--length] = '\0';
3289 linep = strchr (line, ':');
3293 /* Extract additional flags. Default to none. */
3299 end = strchr (linep, ':');
3303 gpg_err_set_errno (0);
3304 flags = strtoul (linep, &tail, 0);
3306 gc_error (1, errno, "malformed flags in option %s", line);
3307 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3308 gc_error (1, 0, "garbage after flags in option %s", line);
3313 /* Don't allow setting of the no change flag. */
3314 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3316 /* Extract default value, if present. Default to empty if not. */
3320 end = strchr (linep, ':');
3327 option = find_option (component, line, GC_BACKEND_ANY);
3329 gc_error (1, 0, "unknown option %s", line);
3331 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3333 gc_error (0, 0, "ignoring new value for option %s",
3338 change_one_value (option, runtime, flags, new_value, 0);
3340 if (length < 0 || gpgrt_ferror (in))
3341 gc_error (1, errno, "error reading stream 'in'");
3344 /* Now that we have collected and locally verified the changes,
3345 write them out to new configuration files, verify them
3346 externally, and then commit them. */
3347 option = gc_component[component].options;
3348 while (option && option->name)
3350 /* Go on if we have already seen this backend, or if there is
3352 if (src_filename[option->backend]
3353 || !(option->new_flags || option->new_value))
3359 if (gc_backend[option->backend].program)
3361 err = change_options_program (component, option->backend,
3362 &src_filename[option->backend],
3363 &dest_filename[option->backend],
3364 &orig_filename[option->backend],
3368 /* External verification. */
3369 err = gc_component_check_options (component, out,
3370 src_filename[option->backend]);
3374 _("External verification of component %s failed"),
3375 gc_component[component].name);
3376 gpg_err_set_errno (EINVAL);
3382 err = change_options_file (component, option->backend,
3383 &src_filename[option->backend],
3384 &dest_filename[option->backend],
3385 &orig_filename[option->backend]);
3393 if (! err && ! opt.dry_run)
3397 for (i = 0; i < GC_BACKEND_NR; i++)
3399 if (src_filename[i])
3401 /* FIXME: Make a verification here. */
3403 assert (dest_filename[i]);
3405 if (orig_filename[i])
3407 #ifdef HAVE_W32_SYSTEM
3408 /* There is no atomic update on W32. */
3409 err = unlink (dest_filename[i]);
3410 #endif /* HAVE_W32_SYSTEM */
3412 err = rename (src_filename[i], dest_filename[i]);
3416 #ifdef HAVE_W32_SYSTEM
3417 /* We skip the unlink if we expect the file not to
3419 err = rename (src_filename[i], dest_filename[i]);
3420 #else /* HAVE_W32_SYSTEM */
3421 /* This is a bit safer than rename() because we
3422 expect DEST_FILENAME not to be there. If it
3423 happens to be there, this will fail. */
3424 err = link (src_filename[i], dest_filename[i]);
3426 err = unlink (src_filename[i]);
3427 #endif /* !HAVE_W32_SYSTEM */
3431 xfree (src_filename[i]);
3432 src_filename[i] = NULL;
3437 if (err || opt.dry_run)
3440 int saved_errno = errno;
3442 /* An error occurred or a dry-run is requested. */
3443 for (i = 0; i < GC_BACKEND_NR; i++)
3445 if (src_filename[i])
3447 /* The change was not yet committed. */
3448 unlink (src_filename[i]);
3449 if (orig_filename[i])
3450 unlink (orig_filename[i]);
3454 /* The changes were already committed. FIXME: This is a
3455 tad dangerous, as we don't know if we don't overwrite
3456 a version of the file that is even newer than the one
3457 we just installed. */
3458 if (orig_filename[i])
3460 #ifdef HAVE_W32_SYSTEM
3461 /* There is no atomic update on W32. */
3462 unlink (dest_filename[i]);
3463 #endif /* HAVE_W32_SYSTEM */
3464 rename (orig_filename[i], dest_filename[i]);
3467 unlink (dest_filename[i]);
3471 gc_error (1, saved_errno, "could not commit changes");
3473 /* Fall-through for dry run. */
3477 /* If it all worked, notify the daemons of the changes. */
3479 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3481 if (runtime[backend] && gc_backend[backend].runtime_change)
3482 (*gc_backend[backend].runtime_change) (0);
3485 /* Move the per-process backup file into its place. */
3486 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3487 if (orig_filename[backend])
3489 char *backup_filename;
3491 assert (dest_filename[backend]);
3493 backup_filename = xasprintf ("%s.%s.bak",
3494 dest_filename[backend], GPGCONF_NAME);
3496 #ifdef HAVE_W32_SYSTEM
3497 /* There is no atomic update on W32. */
3498 unlink (backup_filename);
3499 #endif /* HAVE_W32_SYSTEM */
3500 rename (orig_filename[backend], backup_filename);
3501 xfree (backup_filename);
3506 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3508 xfree (src_filename[backend]);
3509 xfree (dest_filename[backend]);
3510 xfree (orig_filename[backend]);
3515 /* Check whether USER matches the current user of one of its group.
3516 This function may change USER. Returns true is there is a
3519 key_matches_user_or_group (char *user)
3523 if (*user == '*' && user[1] == 0)
3524 return 1; /* A single asterisk matches all users. */
3526 group = strchr (user, ':');
3530 #ifdef HAVE_W32_SYSTEM
3531 /* Under Windows we don't support groups. */
3532 if (group && *group)
3533 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3534 #ifndef HAVE_W32CE_SYSTEM
3537 static char *my_name;
3544 GetUserNameA (tmp, &size);
3545 my_name = xmalloc (size);
3546 if (!GetUserNameA (my_name, &size))
3547 gc_error (1,0, "error getting current user name: %s",
3551 if (!strcmp (user, my_name))
3552 return 1; /* Found. */
3554 #endif /*HAVE_W32CE_SYSTEM*/
3555 #else /*!HAVE_W32_SYSTEM*/
3556 /* First check whether the user matches. */
3559 static char *my_name;
3563 struct passwd *pw = getpwuid ( getuid () );
3565 gc_error (1, errno, "getpwuid failed for current user");
3566 my_name = xstrdup (pw->pw_name);
3568 if (!strcmp (user, my_name))
3569 return 1; /* Found. */
3572 /* If that failed, check whether a group matches. */
3573 if (group && *group)
3575 static char *my_group;
3576 static char **my_supgroups;
3581 struct group *gr = getgrgid ( getgid () );
3583 gc_error (1, errno, "getgrgid failed for current user");
3584 my_group = xstrdup (gr->gr_name);
3586 if (!strcmp (group, my_group))
3587 return 1; /* Found. */
3594 ngids = getgroups (0, NULL);
3595 gids = xcalloc (ngids+1, sizeof *gids);
3596 ngids = getgroups (ngids, gids);
3598 gc_error (1, errno, "getgroups failed for current user");
3599 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3600 for (n=0; n < ngids; n++)
3602 struct group *gr = getgrgid ( gids[n] );
3604 gc_error (1, errno, "getgrgid failed for supplementary group");
3605 my_supgroups[n] = xstrdup (gr->gr_name);
3610 for (n=0; my_supgroups[n]; n++)
3611 if (!strcmp (group, my_supgroups[n]))
3612 return 1; /* Found. */
3614 #endif /*!HAVE_W32_SYSTEM*/
3615 return 0; /* No match. */
3620 /* Read and process the global configuration file for gpgconf. This
3621 optional file is used to update our internal tables at runtime and
3622 may also be used to set new default values. If FNAME is NULL the
3623 default name will be used. With UPDATE set to true the internal
3624 tables are actually updated; if not set, only a syntax check is
3625 done. If DEFAULTS is true the global options are written to the
3626 configuration files. If LISTFP is set, no changes are done but the
3627 configuration file is printed to LISTFP in a colon separated format.
3629 Returns 0 on success or if the config file is not present; -1 is
3630 returned on error. */
3632 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3637 size_t line_len = 0;
3643 int runtime[GC_BACKEND_NR];
3644 int backend_id, component_id;
3648 fname = xstrdup (fname_arg);
3650 fname = make_filename (gnupg_sysconfdir (), GPGCONF_NAME EXTSEP_S "conf",
3653 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3654 runtime[backend_id] = 0;
3656 config = fopen (fname, "r");
3659 /* Do not print an error if the file is not available, except
3660 when running in syntax check mode. */
3661 if (errno != ENOENT || !update)
3663 gc_error (0, errno, "can not open global config file '%s'", fname);
3670 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
3672 char *key, *component, *option, *flags, *value;
3674 gc_option_t *option_info = NULL;
3676 int is_continuation;
3680 while (*key == ' ' || *key == '\t')
3682 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3685 is_continuation = (key != line);
3687 /* Parse the key field. */
3688 if (!is_continuation && got_match)
3689 break; /* Finish after the first match. */
3690 else if (!is_continuation)
3693 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3697 gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
3706 gc_error (0, 0, "continuation but no rule at '%s', line %d",
3719 /* Parse the component. */
3720 while (*component == ' ' || *component == '\t')
3722 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3726 gc_error (0, 0, "missing component at '%s', line %d",
3734 component_id = gc_component_find (component);
3735 if (component_id < 0)
3737 gc_error (0, 0, "unknown component at '%s', line %d",
3742 /* Parse the option name. */
3743 while (*option == ' ' || *option == '\t')
3745 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3749 gc_error (0, 0, "missing option at '%s', line %d",
3756 if ( component_id != -1)
3758 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3761 gc_error (0, 0, "unknown option at '%s', line %d",
3768 /* Parse the optional flags. */
3769 while (*flags == ' ' || *flags == '\t')
3774 p = strchr (flags, ']');
3777 gc_error (0, 0, "syntax error in rule at '%s', line %d",
3785 else /* No flags given. */
3791 /* Parse the optional value. */
3792 while (*value == ' ' || *value == '\t')
3794 for (p=value; *p && !strchr ("\r\n", *p); p++)
3797 value = empty; /* No value given; let it point to an empty string. */
3800 /* Strip trailing white space. */
3802 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3806 /* Check flag combinations. */
3809 else if (!strcmp (flags, "default"))
3813 gc_error (0, 0, "flag \"default\" may not be combined "
3814 "with a value at '%s', line %d",
3819 else if (!strcmp (flags, "change"))
3821 else if (!strcmp (flags, "no-change"))
3825 gc_error (0, 0, "unknown flag at '%s', line %d",
3830 /* In list mode we print out all records. */
3831 if (listfp && !result)
3833 /* If this is a new ruleset, print a key record. */
3834 if (!is_continuation)
3836 char *group = strchr (key, ':');
3840 if ((p = strchr (group, ':')))
3841 *p = 0; /* We better strip any extra stuff. */
3844 es_fprintf (listfp, "k:%s:", gc_percent_escape (key));
3845 es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3848 /* All other lines are rule records. */
3849 es_fprintf (listfp, "r:::%s:%s:%s:",
3850 gc_component[component_id].name,
3851 option_info->name? option_info->name : "",
3854 es_fprintf (listfp, "\"%s", gc_percent_escape (value));
3856 es_putc ('\n', listfp);
3859 /* Check whether the key matches but do this only if we are not
3860 running in syntax check mode. */
3862 && !result && !listfp
3863 && (got_match || (key && key_matches_user_or_group (key))) )
3869 /* Apply the flags from gpgconf.conf. */
3872 else if (!strcmp (flags, "default"))
3873 newflags |= GC_OPT_FLAG_DEFAULT;
3874 else if (!strcmp (flags, "no-change"))
3875 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3876 else if (!strcmp (flags, "change"))
3877 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3881 /* Here we explicitly allow updating the value again. */
3884 option_info->new_flags = 0;
3888 xfree (option_info->new_value);
3889 option_info->new_value = NULL;
3891 change_one_value (option_info, runtime, newflags, value, 0);
3896 if (length < 0 || ferror (config))
3898 gc_error (0, errno, "error reading from '%s'", fname);
3901 if (fclose (config))
3902 gc_error (0, errno, "error closing '%s'", fname);
3906 /* If it all worked, process the options. */
3907 if (!result && update && defaults && !listfp)
3909 /* We need to switch off the runtime update, so that we can do
3910 it later all at once. */
3911 int save_opt_runtime = opt.runtime;
3914 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3916 gc_component_change_options (component_id, NULL, NULL, 0);
3918 opt.runtime = save_opt_runtime;
3922 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3923 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3924 (*gc_backend[backend_id].runtime_change) (0);
3934 * Apply the profile FNAME to all known configure files.
3937 gc_apply_profile (const char *fname)
3940 char *fname_buffer = NULL;
3942 size_t line_len = 0;
3946 int runtime[GC_BACKEND_NR];
3948 int component_id = -1;
3949 int skip_section = 0;
3950 int error_count = 0;
3956 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3957 runtime[backend_id] = 0;
3960 if (!(!strcmp (fname, "-")
3961 || strchr (fname, '/')
3962 #ifdef HAVE_W32_SYSTEM
3963 || strchr (fname, '\\')
3965 || strchr (fname, '.')))
3967 /* FNAME looks like a standard profile name. Check whether one
3968 * is installed and use that instead of the given file name. */
3969 fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S,
3970 fname, ".prf", NULL);
3971 if (!access (fname_buffer, F_OK))
3972 fname = fname_buffer;
3975 fp = !strcmp (fname, "-")? es_stdin : es_fopen (fname, "r");
3978 err = gpg_error_from_syserror ();
3979 log_error ("can't open '%s': %s\n", fname, gpg_strerror (err));
3984 log_info ("applying profile '%s'\n", fname);
3987 while ((length = es_read_line (fp, &line, &line_len, NULL)) > 0)
3989 char *name, *flags, *value;
3990 gc_option_t *option_info = NULL;
3995 while (*name == ' ' || *name == '\t')
3997 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
3999 trim_trailing_spaces (name);
4001 /* Check whether this is a new section. */
4006 /* New section: Get the name of the component. */
4007 p = strchr (name, ']');
4011 log_info ("%s:%d:%d: error: syntax error in section tag\n",
4012 fname, lineno, (int)(name - line));
4018 log_info ("%s:%d:%d: warning: garbage after section tag\n",
4019 fname, lineno, (int)(p - line));
4022 component_id = gc_component_find (name);
4023 if (component_id < 0)
4025 log_info ("%s:%d:%d: warning: skipping unknown section '%s'\n",
4026 fname, lineno, (int)(name - line), name );
4034 if (component_id < 0)
4037 log_info ("%s:%d:%d: error: not in a valid section\n",
4038 fname, lineno, (int)(name - line));
4043 /* Parse the option name. */
4044 for (p = name; *p && !spacep (p); p++)
4049 option_info = find_option (component_id, name, GC_BACKEND_ANY);
4053 log_info ("%s:%d:%d: error: unknown option '%s' in section '%s'\n",
4054 fname, lineno, (int)(name - line),
4055 name, gc_component[component_id].name);
4059 /* Parse the optional flags. */
4060 trim_spaces (value);
4065 p = strchr (flags, ']');
4068 log_info ("%s:%d:%d: warning: invalid flag specification\n",
4069 fname, lineno, (int)(p - line));
4074 trim_spaces (value);
4076 else /* No flags given. */
4079 /* Set required defaults. */
4080 if (gc_arg_type[option_info->arg_type].fallback == GC_ARG_TYPE_NONE
4084 /* Check and save this option. */
4086 if (flags && !strcmp (flags, "default"))
4087 newflags |= GC_OPT_FLAG_DEFAULT;
4090 option_info->new_flags = 0;
4093 xfree (option_info->new_value);
4094 option_info->new_value = NULL;
4096 change_one_value (option_info, runtime, newflags, value, 1);
4099 if (length < 0 || es_ferror (fp))
4101 err = gpg_error_from_syserror ();
4103 log_error (_("%s:%u: read error: %s\n"),
4104 fname, lineno, gpg_strerror (err));
4107 log_error (_("error closing '%s'\n"), fname);
4109 log_error (_("error parsing '%s'\n"), fname);
4113 /* If it all worked, process the options. */
4116 /* We need to switch off the runtime update, so that we can do
4117 it later all at once. */
4118 int save_opt_runtime = opt.runtime;
4121 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
4123 gc_component_change_options (component_id, NULL, NULL, 1);
4125 opt.runtime = save_opt_runtime;
4129 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
4130 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
4131 (*gc_backend[backend_id].runtime_change) (0);
4135 xfree (fname_buffer);