1 /* gpg-agent.c - The GnuPG Agent
2 * Copyright (C) 2000-2007, 2009-2010 Free Software Foundation, Inc.
3 * Copyright (C) 2000-2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
33 #ifdef HAVE_W32_SYSTEM
35 # define WINVER 0x0500 /* Same as in common/sysutils.c */
37 # ifdef HAVE_WINSOCK2_H
38 # include <winsock2.h>
42 #else /*!HAVE_W32_SYSTEM*/
43 # include <sys/socket.h>
45 #endif /*!HAVE_W32_SYSTEM*/
52 # include <sys/prctl.h>
55 #define GNUPG_COMMON_NEED_AFLOCAL
57 #include <assuan.h> /* Malloc hooks and socket wrappers. */
61 #include "gc-opt-flags.h"
64 #include "../common/init.h"
67 enum cmd_and_opt_values
98 oPinentryInvisibleChar,
111 oEnforcePassphraseConstraints,
113 oMinPassphraseNonalpha,
114 oCheckPassphrasePattern,
116 oEnablePassphraseHistory,
118 oNoUseStandardSocket,
123 oIgnoreCacheForSigning,
126 oAllowPresetPassphrase,
127 oAllowLoopbackPinentry,
128 oNoAllowLoopbackPinentry,
129 oNoAllowExternalCache,
136 oDisableCheckOwnSocket,
142 # define ENAMETOOLONG EINVAL
146 static ARGPARSE_OPTS opts[] = {
148 ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
149 ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
150 ARGPARSE_c (aUseStandardSocketP, "use-standard-socket-p", "@"),
152 ARGPARSE_group (301, N_("@Options:\n ")),
154 ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
155 ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")),
156 #ifndef HAVE_W32_SYSTEM
157 ARGPARSE_s_n (oSupervised, "supervised", N_("run in supervised mode")),
159 ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
160 ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
161 ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
162 ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
163 ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
165 ARGPARSE_s_s (oDebug, "debug", "@"),
166 ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
167 ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
168 ARGPARSE_s_i (oDebugWait," debug-wait", "@"),
169 ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"),
170 ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
172 ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
173 ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")),
174 ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")),
175 ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
176 /* */ N_("|PGM|use PGM as the PIN-Entry program")),
177 ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"),
178 ARGPARSE_s_s (oPinentryInvisibleChar, "pinentry-invisible-char", "@"),
179 ARGPARSE_s_u (oPinentryTimeout, "pinentry-timeout", "@"),
180 ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program",
181 /* */ N_("|PGM|use PGM as the SCdaemon program") ),
182 ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon",
183 /* */ N_("do not use the SCdaemon") ),
184 ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
186 ARGPARSE_s_s (oExtraSocket, "extra-socket",
187 /* */ N_("|NAME|accept some commands via NAME")),
189 ARGPARSE_s_s (oBrowserSocket, "browser-socket", "@"),
191 ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
193 ARGPARSE_s_n (oBatch, "batch", "@"),
194 ARGPARSE_s_s (oHomedir, "homedir", "@"),
196 ARGPARSE_s_s (oDisplay, "display", "@"),
197 ARGPARSE_s_s (oTTYname, "ttyname", "@"),
198 ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
199 ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
200 ARGPARSE_s_s (oLCmessages, "lc-messages", "@"),
201 ARGPARSE_s_s (oXauthority, "xauthority", "@"),
202 ARGPARSE_s_n (oKeepTTY, "keep-tty",
203 /* */ N_("ignore requests to change the TTY")),
204 ARGPARSE_s_n (oKeepDISPLAY, "keep-display",
205 /* */ N_("ignore requests to change the X display")),
207 ARGPARSE_s_u (oDefCacheTTL, "default-cache-ttl",
208 N_("|N|expire cached PINs after N seconds")),
209 ARGPARSE_s_u (oDefCacheTTLSSH, "default-cache-ttl-ssh", "@" ),
210 ARGPARSE_s_u (oMaxCacheTTL, "max-cache-ttl", "@" ),
211 ARGPARSE_s_u (oMaxCacheTTLSSH, "max-cache-ttl-ssh", "@" ),
213 ARGPARSE_s_n (oEnforcePassphraseConstraints, "enforce-passphrase-constraints",
215 ARGPARSE_s_u (oMinPassphraseLen, "min-passphrase-len", "@"),
216 ARGPARSE_s_u (oMinPassphraseNonalpha, "min-passphrase-nonalpha", "@"),
217 ARGPARSE_s_s (oCheckPassphrasePattern, "check-passphrase-pattern", "@"),
218 ARGPARSE_s_u (oMaxPassphraseDays, "max-passphrase-days", "@"),
219 ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history", "@"),
221 ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing",
222 /* */ N_("do not use the PIN cache when signing")),
223 ARGPARSE_s_n (oNoAllowExternalCache, "no-allow-external-cache",
224 /* */ N_("disallow the use of an external password cache")),
225 ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted",
226 /* */ N_("disallow clients to mark keys as \"trusted\"")),
227 ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"),
228 ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
229 /* */ N_("allow presetting passphrase")),
230 ARGPARSE_s_n (oNoAllowLoopbackPinentry, "no-allow-loopback-pinentry",
231 N_("disallow caller to override the pinentry")),
232 ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", "@"),
233 ARGPARSE_s_n (oAllowEmacsPinentry, "allow-emacs-pinentry",
234 /* */ N_("allow passphrase to be prompted through Emacs")),
236 ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")),
237 ARGPARSE_s_n (oPuttySupport, "enable-putty-support",
238 #ifdef HAVE_W32_SYSTEM
239 /* */ N_("enable putty support")
245 /* Dummy options for backward compatibility. */
246 ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
247 ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
248 ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),
250 {0} /* End of list */
254 /* The list of supported debug flags. */
255 static struct debug_flags_s debug_flags [] =
257 { DBG_MPI_VALUE , "mpi" },
258 { DBG_CRYPTO_VALUE , "crypto" },
259 { DBG_MEMORY_VALUE , "memory" },
260 { DBG_CACHE_VALUE , "cache" },
261 { DBG_MEMSTAT_VALUE, "memstat" },
262 { DBG_HASHING_VALUE, "hashing" },
263 { DBG_IPC_VALUE , "ipc" },
264 { 77, NULL } /* 77 := Do not exit on "help" or "?". */
269 #define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */
270 #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */
271 #define MAX_CACHE_TTL (120*60) /* 2 hours */
272 #define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */
273 #define MIN_PASSPHRASE_LEN (8)
274 #define MIN_PASSPHRASE_NONALPHA (1)
275 #define MAX_PASSPHRASE_DAYS (0)
277 /* The timer tick used for housekeeping stuff. For Windows we use a
278 longer period as the SetWaitableTimer seems to signal earlier than
279 the 2 seconds. CHECK_OWN_SOCKET_INTERVAL defines how often we
280 check our own socket in standard socket mode. If that value is 0
281 we don't check at all. All values are in seconds. */
282 #if defined(HAVE_W32CE_SYSTEM)
283 # define TIMERTICK_INTERVAL (60)
284 # define CHECK_OWN_SOCKET_INTERVAL (0) /* Never */
285 #elif defined(HAVE_W32_SYSTEM)
286 # define TIMERTICK_INTERVAL (4)
287 # define CHECK_OWN_SOCKET_INTERVAL (60)
289 # define TIMERTICK_INTERVAL (2)
290 # define CHECK_OWN_SOCKET_INTERVAL (60)
294 /* Flag indicating that the ssh-agent subsystem has been enabled. */
295 static int ssh_support;
297 #ifdef HAVE_W32_SYSTEM
298 /* Flag indicating that support for Putty has been enabled. */
299 static int putty_support;
300 /* A magic value used with WM_COPYDATA. */
301 #define PUTTY_IPC_MAGIC 0x804e50ba
302 /* To avoid surprises we limit the size of the mapped IPC file to this
303 value. Putty currently (0.62) uses 8k, thus 16k should be enough
304 for the foreseeable future. */
305 #define PUTTY_IPC_MAXLEN 16384
306 #endif /*HAVE_W32_SYSTEM*/
308 /* The list of open file descriptors at startup. Note that this list
309 has been allocated using the standard malloc. */
310 static int *startup_fd_list;
312 /* The signal mask at startup and a flag telling whether it is valid. */
313 #ifdef HAVE_SIGPROCMASK
314 static sigset_t startup_signal_mask;
315 static int startup_signal_mask_valid;
318 /* Flag to indicate that a shutdown was requested. */
319 static int shutdown_pending;
321 /* Counter for the currently running own socket checks. */
322 static int check_own_socket_running;
324 /* Flags to indicate that check_own_socket shall not be called. */
325 static int disable_check_own_socket;
327 /* Flag indicating that we are in supervised mode. */
328 static int is_supervised;
330 /* Flag to inhibit socket removal in cleanup. */
331 static int inhibit_socket_removal;
333 /* It is possible that we are currently running under setuid permissions */
334 static int maybe_setuid = 1;
336 /* Name of the communication socket used for native gpg-agent
337 requests. The second variable is either NULL or a malloced string
338 with the real socket name in case it has been redirected. */
339 static char *socket_name;
340 static char *redir_socket_name;
342 /* Name of the optional extra socket used for native gpg-agent requests. */
343 static char *socket_name_extra;
344 static char *redir_socket_name_extra;
346 /* Name of the optional browser socket used for native gpg-agent requests. */
347 static char *socket_name_browser;
348 static char *redir_socket_name_browser;
350 /* Name of the communication socket used for ssh-agent-emulation. */
351 static char *socket_name_ssh;
352 static char *redir_socket_name_ssh;
354 /* We need to keep track of the server's nonces (these are dummies for
356 static assuan_sock_nonce_t socket_nonce;
357 static assuan_sock_nonce_t socket_nonce_extra;
358 static assuan_sock_nonce_t socket_nonce_browser;
359 static assuan_sock_nonce_t socket_nonce_ssh;
362 /* Default values for options passed to the pinentry. */
363 static char *default_display;
364 static char *default_ttyname;
365 static char *default_ttytype;
366 static char *default_lc_ctype;
367 static char *default_lc_messages;
368 static char *default_xauthority;
370 /* Name of a config file, which will be reread on a HUP if it is not NULL. */
371 static char *config_filename;
373 /* Helper to implement --debug-level */
374 static const char *debug_level;
376 /* Keep track of the current log file so that we can avoid updating
377 the log file after a SIGHUP if it didn't changed. Malloced. */
378 static char *current_logfile;
380 /* The handle_tick() function may test whether a parent is still
381 running. We record the PID of the parent here or -1 if it should be
383 static pid_t parent_pid = (pid_t)(-1);
385 /* Number of active connections. */
386 static int active_connections;
388 /* This object is used to dispatch progress messages from Libgcrypt to
389 * the right thread. Given that we will have at max only a few dozen
390 * connections at a time, using a linked list is the easiest way to
392 struct progress_dispatch_s
394 struct progress_dispatch_s *next;
395 /* The control object of the connection. If this is NULL no
396 * connection is associated with this item and it is free for reuse
397 * by new connections. */
400 /* The thread id of (npth_self) of the connection. */
403 /* The callback set by the connection. This is similar to the
404 * Libgcrypt callback but with the control object passed as the
406 void (*cb)(ctrl_t ctrl,
407 const char *what, int printchar,
408 int current, int total);
410 struct progress_dispatch_s *progress_dispatch_list;
419 static char *create_socket_name (char *standard_name, int with_homedir);
420 static gnupg_fd_t create_server_socket (char *name, int primary, int cygwin,
422 assuan_sock_nonce_t *nonce);
423 static void create_directories (void);
425 static void agent_libgcrypt_progress_cb (void *data, const char *what,
427 int current, int total);
428 static void agent_init_default_ctrl (ctrl_t ctrl);
429 static void agent_deinit_default_ctrl (ctrl_t ctrl);
431 static void handle_connections (gnupg_fd_t listen_fd,
432 gnupg_fd_t listen_fd_extra,
433 gnupg_fd_t listen_fd_browser,
434 gnupg_fd_t listen_fd_ssh);
435 static void check_own_socket (void);
436 static int check_for_running_agent (int silent);
438 /* Pth wrapper function definitions. */
439 ASSUAN_SYSTEM_NPTH_IMPL;
446 /* Allocate a string describing a library version by calling a GETFNC.
447 This function is expected to be called only once. GETFNC is
448 expected to have a semantic like gcry_check_version (). */
450 make_libversion (const char *libname, const char *(*getfnc)(const char*))
457 gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
461 result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
462 strcpy (stpcpy (stpcpy (result, libname), " "), s);
466 /* Return strings describing this program. The case values are
467 described in common/argparse.c:strusage. The values here override
468 the default values given by strusage. */
470 my_strusage (int level)
472 static char *ver_gcry;
477 case 11: p = "@GPG_AGENT@ (@GNUPG@)";
479 case 13: p = VERSION; break;
480 case 17: p = PRINTABLE_OS_NAME; break;
481 /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
482 reporting address. This is so that we can change the
483 reporting address without breaking the translations. */
484 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
488 ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
493 case 40: p = _("Usage: @GPG_AGENT@ [options] (-h for help)");
495 case 41: p = _("Syntax: @GPG_AGENT@ [options] [command [args]]\n"
496 "Secret key management for @GNUPG@\n");
506 /* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
507 only the active debug flags are propagated to the subsystems. With
508 DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
509 all flags already set. Note that we don't fail here, because it is
510 important to keep gpg-agent running even after re-reading the
511 options due to a SIGHUP. */
515 int numok = (debug_level && digitp (debug_level));
516 int numlvl = numok? atoi (debug_level) : 0;
520 else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
522 else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
523 opt.debug = DBG_IPC_VALUE;
524 else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
525 opt.debug = DBG_IPC_VALUE;
526 else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
527 opt.debug = (DBG_IPC_VALUE | DBG_CACHE_VALUE);
528 else if (!strcmp (debug_level, "guru") || numok)
531 /* Unless the "guru" string has been used we don't want to allow
532 hashing debugging. The rationale is that people tend to
533 select the highest debug value and would then clutter their
534 disk with debug files which may reveal confidential data. */
536 opt.debug &= ~(DBG_HASHING_VALUE);
540 log_error (_("invalid debug-level '%s' given\n"), debug_level);
541 opt.debug = 0; /* Reset debugging, so that prior debug
542 statements won't have an undesired effect. */
545 if (opt.debug && !opt.verbose)
547 if (opt.debug && opt.quiet)
550 if (opt.debug & DBG_MPI_VALUE)
551 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
552 if (opt.debug & DBG_CRYPTO_VALUE )
553 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
554 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
557 parse_debug_flag (NULL, &opt.debug, debug_flags);
561 /* Helper for cleanup to remove one socket with NAME. REDIR_NAME is
562 the corresponding real name if the socket has been redirected. */
564 remove_socket (char *name, char *redir_name)
577 /* Discover which inherited file descriptors correspond to which
578 * services/sockets offered by gpg-agent, using the LISTEN_FDS and
579 * LISTEN_FDNAMES convention. The understood labels are "ssh",
580 * "extra", and "browser". "std" or other labels will be interpreted
581 * as the standard socket.
583 * This function is designed to log errors when the expected file
584 * descriptors don't make sense, but to do its best to continue to
585 * work even in the face of minor misconfigurations.
587 * For more information on the LISTEN_FDS convention, see
588 * sd_listen_fds(3) on certain Linux distributions.
590 #ifndef HAVE_W32_SYSTEM
592 map_supervised_sockets (gnupg_fd_t *r_fd,
593 gnupg_fd_t *r_fd_extra,
594 gnupg_fd_t *r_fd_browser,
595 gnupg_fd_t *r_fd_ssh)
602 { "ssh", &r_fd_ssh, &socket_name_ssh },
603 { "browser", &r_fd_browser, &socket_name_browser },
604 { "extra", &r_fd_extra, &socket_name_extra },
605 { "std", &r_fd, &socket_name } /* (Must be the last item.) */
612 *r_fd = *r_fd_extra = *r_fd_browser = *r_fd_ssh = -1;
614 /* Print a warning if LISTEN_PID does not match outr pid. */
615 envvar = getenv ("LISTEN_PID");
617 log_error ("no LISTEN_PID environment variable found in "
618 "--supervised mode (ignoring)\n");
619 else if (strtoul (envvar, NULL, 10) != (unsigned long)getpid ())
620 log_error ("environment variable LISTEN_PID (%lu) does not match"
621 " our pid (%lu) in --supervised mode (ignoring)\n",
622 (unsigned long)strtoul (envvar, NULL, 10),
623 (unsigned long)getpid ());
625 /* Parse LISTEN_FDNAMES into the array FDNAMES. */
626 envvar = getenv ("LISTEN_FDNAMES");
629 fdnames = strtokenize (envvar, ":");
632 log_error ("strtokenize failed: %s\n",
633 gpg_strerror (gpg_error_from_syserror ()));
636 for (nfdnames=0; fdnames[nfdnames]; nfdnames++)
645 /* Parse LISTEN_FDS into fd_count or provide a replacement. */
646 envvar = getenv ("LISTEN_FDS");
648 fd_count = atoi (envvar);
651 log_error ("no LISTEN_FDS environment variable found in --supervised"
652 " mode (relying on LISTEN_FDNAMES instead)\n");
657 log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables "
658 "found in --supervised mode"
659 " (assuming 1 active descriptor)\n");
665 log_error ("--supervised mode expects at least one file descriptor"
666 " (was told %d, carrying on as though it were 1)\n",
671 /* Assign the descriptors to the return values. */
677 log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1"
678 " in --supervised mode."
679 " (ignoring all sockets but the first one)\n",
681 if (fstat (3, &statbuf) == -1 && errno ==EBADF)
682 log_fatal ("file descriptor 3 must be valid in --supervised mode"
683 " if LISTEN_FDNAMES is not set\n");
685 socket_name = gnupg_get_socket_name (3);
687 else if (fd_count != nfdnames)
689 log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match "
690 "LISTEN_FDS (%d) in --supervised mode\n",
698 for (i = 0; i < nfdnames; i++)
700 for (j = 0; j < DIM (tbl); j++)
702 if (!strcmp (fdnames[i], tbl[j].label) || j == DIM(tbl)-1)
705 if (**tbl[j].fdaddr == -1)
707 name = gnupg_get_socket_name (fd);
710 **tbl[j].fdaddr = fd;
711 *tbl[j].nameaddr = name;
712 log_info ("using fd %d for %s socket (%s)\n",
713 fd, tbl[j].label, name);
717 log_error ("cannot listen on fd %d for %s socket\n",
724 log_error ("cannot listen on more than one %s socket\n",
736 #endif /*!HAVE_W32_SYSTEM*/
739 /* Cleanup code for this program. This is either called has an atexit
740 handler or directly. */
749 deinitialize_module_cache ();
750 if (!is_supervised && !inhibit_socket_removal)
752 remove_socket (socket_name, redir_socket_name);
753 if (opt.extra_socket > 1)
754 remove_socket (socket_name_extra, redir_socket_name_extra);
755 if (opt.browser_socket > 1)
756 remove_socket (socket_name_browser, redir_socket_name_browser);
757 remove_socket (socket_name_ssh, redir_socket_name_ssh);
763 /* Handle options which are allowed to be reset after program start.
764 Return true when the current option in PARGS could be handled and
765 false if not. As a special feature, passing a value of NULL for
766 PARGS, resets the options to the default. REREAD should be set
767 true if it is not the initial option parsing. */
769 parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
777 opt.debug_pinentry = 0;
778 opt.pinentry_program = NULL;
779 opt.pinentry_touch_file = NULL;
780 xfree (opt.pinentry_invisible_char);
781 opt.pinentry_invisible_char = NULL;
782 opt.pinentry_timeout = 0;
783 opt.scdaemon_program = NULL;
784 opt.def_cache_ttl = DEFAULT_CACHE_TTL;
785 opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
786 opt.max_cache_ttl = MAX_CACHE_TTL;
787 opt.max_cache_ttl_ssh = MAX_CACHE_TTL_SSH;
788 opt.enforce_passphrase_constraints = 0;
789 opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
790 opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
791 opt.check_passphrase_pattern = NULL;
792 opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
793 opt.enable_passphrase_history = 0;
794 opt.ignore_cache_for_signing = 0;
795 opt.allow_mark_trusted = 1;
796 opt.allow_external_cache = 1;
797 opt.allow_loopback_pinentry = 1;
798 opt.allow_emacs_pinentry = 0;
799 opt.disable_scdaemon = 0;
800 disable_check_own_socket = 0;
804 switch (pargs->r_opt)
806 case oQuiet: opt.quiet = 1; break;
807 case oVerbose: opt.verbose++; break;
810 parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags);
812 case oDebugAll: opt.debug = ~0; break;
813 case oDebugLevel: debug_level = pargs->r.ret_str; break;
814 case oDebugPinentry: opt.debug_pinentry = 1; break;
818 return 0; /* not handeld */
819 if (!current_logfile || !pargs->r.ret_str
820 || strcmp (current_logfile, pargs->r.ret_str))
822 log_set_file (pargs->r.ret_str);
823 xfree (current_logfile);
824 current_logfile = xtrystrdup (pargs->r.ret_str);
828 case oNoGrab: opt.no_grab = 1; break;
830 case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
831 case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
832 case oPinentryInvisibleChar:
833 xfree (opt.pinentry_invisible_char);
834 opt.pinentry_invisible_char = xtrystrdup (pargs->r.ret_str); break;
836 case oPinentryTimeout: opt.pinentry_timeout = pargs->r.ret_ulong; break;
837 case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
838 case oDisableScdaemon: opt.disable_scdaemon = 1; break;
839 case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
841 case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
842 case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
843 case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
844 case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
846 case oEnforcePassphraseConstraints:
847 opt.enforce_passphrase_constraints=1;
849 case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break;
850 case oMinPassphraseNonalpha:
851 opt.min_passphrase_nonalpha = pargs->r.ret_ulong;
853 case oCheckPassphrasePattern:
854 opt.check_passphrase_pattern = pargs->r.ret_str;
856 case oMaxPassphraseDays:
857 opt.max_passphrase_days = pargs->r.ret_ulong;
859 case oEnablePassphraseHistory:
860 opt.enable_passphrase_history = 1;
863 case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
865 case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
866 case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
868 case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
870 case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break;
871 case oNoAllowLoopbackPinentry: opt.allow_loopback_pinentry = 0; break;
873 case oNoAllowExternalCache: opt.allow_external_cache = 0;
876 case oAllowEmacsPinentry: opt.allow_emacs_pinentry = 1;
880 return 0; /* not handled */
883 return 1; /* handled */
887 /* Fixup some options after all have been processed. */
889 finalize_rereadable_options (void)
895 thread_init_once (void)
897 static int npth_initialized = 0;
899 if (!npth_initialized)
904 gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
905 /* Now that we have set the syscall clamp we need to tell Libgcrypt
906 * that it should get them from libgpg-error. Note that Libgcrypt
907 * has already been initialized but at that point nPth was not
908 * initialized and thus Libgcrypt could not set its system call
910 #if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
911 gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
917 initialize_modules (void)
920 assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
921 initialize_module_cache ();
922 initialize_module_call_pinentry ();
923 initialize_module_call_scd ();
924 initialize_module_trustlist ();
928 /* The main entry point. */
930 main (int argc, char **argv )
935 FILE *configfp = NULL;
936 char *configname = NULL;
938 unsigned configlineno;
940 int default_config =1;
945 char *logfile = NULL;
947 int gpgconf_list = 0;
949 struct assuan_malloc_hooks malloc_hooks;
951 early_system_init ();
953 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
954 /* Disable ptrace on Linux without sgid bit */
955 prctl(PR_SET_DUMPABLE, 0);
958 /* Before we do anything else we save the list of currently open
959 file descriptors and the signal mask. This info is required to
960 do the exec call properly. */
961 startup_fd_list = get_all_open_fds ();
962 #ifdef HAVE_SIGPROCMASK
963 if (!sigprocmask (SIG_UNBLOCK, NULL, &startup_signal_mask))
964 startup_signal_mask_valid = 1;
965 #endif /*HAVE_SIGPROCMASK*/
967 /* Set program name etc. */
968 set_strusage (my_strusage);
969 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
970 /* Please note that we may running SUID(ROOT), so be very CAREFUL
971 when adding any stuff between here and the call to INIT_SECMEM()
972 somewhere after the option parsing */
973 log_set_prefix (GPG_AGENT_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_WITH_PID);
975 /* Make sure that our subsystems are ready. */
977 init_common_subsystems (&argc, &argv);
979 malloc_hooks.malloc = gcry_malloc;
980 malloc_hooks.realloc = gcry_realloc;
981 malloc_hooks.free = gcry_free;
982 assuan_set_malloc_hooks (&malloc_hooks);
983 assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
985 setup_libassuan_logging (&opt.debug, NULL);
987 setup_libgcrypt_logging ();
988 gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
989 gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
991 disable_core_dumps ();
993 /* Set default options. */
994 parse_rereadable_options (NULL, 0); /* Reset them to default values. */
996 shell = getenv ("SHELL");
997 if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
1000 /* Record some of the original environment strings. */
1004 static const char *names[] =
1005 { "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL };
1008 opt.startup_env = session_env_new ();
1009 if (!opt.startup_env)
1010 err = gpg_error_from_syserror ();
1011 for (idx=0; !err && names[idx]; idx++)
1013 s = getenv (names[idx]);
1015 err = session_env_setenv (opt.startup_env, names[idx], s);
1019 s = gnupg_ttyname (0);
1021 err = session_env_setenv (opt.startup_env, "GPG_TTY", s);
1024 log_fatal ("error recording startup environment: %s\n",
1025 gpg_strerror (err));
1027 /* Fixme: Better use the locale function here. */
1028 opt.startup_lc_ctype = getenv ("LC_CTYPE");
1029 if (opt.startup_lc_ctype)
1030 opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype);
1031 opt.startup_lc_messages = getenv ("LC_MESSAGES");
1032 if (opt.startup_lc_messages)
1033 opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
1036 /* Check whether we have a config file on the commandline */
1041 pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
1042 while (arg_parse( &pargs, opts))
1044 if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
1046 else if (pargs.r_opt == oOptions)
1047 { /* yes there is one, so we do not try the default one, but
1048 read the option file when it is encountered at the
1052 else if (pargs.r_opt == oNoOptions)
1053 default_config = 0; /* --no-options */
1054 else if (pargs.r_opt == oHomedir)
1055 gnupg_set_homedir (pargs.r.ret_str);
1056 else if (pargs.r_opt == oDebugQuickRandom)
1058 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
1063 /* Initialize the secure memory. */
1064 gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);
1068 Now we are now working under our real uid
1072 configname = make_filename (gnupg_homedir (),
1073 GPG_AGENT_NAME EXTSEP_S "conf", NULL);
1079 pargs.flags= 1; /* do not remove the args */
1084 configfp = fopen (configname, "r");
1090 log_info (_("Note: no default option file '%s'\n"),
1092 /* Save the default conf file name so that
1093 reread_configuration is able to test whether the
1094 config file has been created in the meantime. */
1095 xfree (config_filename);
1096 config_filename = configname;
1101 log_error (_("option file '%s': %s\n"),
1102 configname, strerror(errno) );
1108 if (parse_debug && configname )
1109 log_info (_("reading options from '%s'\n"), configname );
1113 while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
1115 if (parse_rereadable_options (&pargs, 0))
1116 continue; /* Already handled */
1117 switch (pargs.r_opt)
1119 case aGPGConfList: gpgconf_list = 1; break;
1120 case aGPGConfTest: gpgconf_list = 2; break;
1121 case aUseStandardSocketP: gpgconf_list = 3; break;
1122 case oBatch: opt.batch=1; break;
1124 case oDebugWait: debug_wait = pargs.r.ret_int; break;
1127 /* config files may not be nested (silently ignore them) */
1131 configname = xstrdup(pargs.r.ret_str);
1135 case oNoGreeting: /* Dummy option. */ break;
1136 case oNoVerbose: opt.verbose = 0; break;
1137 case oNoOptions: break; /* no-options */
1138 case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
1139 case oNoDetach: nodetach = 1; break;
1140 case oLogFile: logfile = pargs.r.ret_str; break;
1141 case oCsh: csh_style = 1; break;
1142 case oSh: csh_style = 0; break;
1143 case oServer: pipe_server = 1; break;
1144 case oDaemon: is_daemon = 1; break;
1145 case oSupervised: is_supervised = 1; break;
1147 case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
1148 case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
1149 case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
1150 case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
1151 case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
1153 case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
1156 case oUseStandardSocket:
1157 case oNoUseStandardSocket:
1158 obsolete_option (configname, configlineno, "use-standard-socket");
1161 case oFakedSystemTime:
1163 time_t faked_time = isotime2epoch (pargs.r.ret_str);
1164 if (faked_time == (time_t)(-1))
1165 faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
1166 gnupg_set_time (faked_time, 0);
1170 case oKeepTTY: opt.keep_tty = 1; break;
1171 case oKeepDISPLAY: opt.keep_display = 1; break;
1177 # ifdef HAVE_W32_SYSTEM
1183 opt.extra_socket = 1; /* (1 = points into argv) */
1184 socket_name_extra = pargs.r.ret_str;
1187 case oBrowserSocket:
1188 opt.browser_socket = 1; /* (1 = points into argv) */
1189 socket_name_browser = pargs.r.ret_str;
1192 case oDebugQuickRandom:
1193 /* Only used by the first stage command line parser. */
1197 obsolete_option (configname, configlineno, "write-env-file");
1200 default : pargs.err = configfp? 1:2; break;
1207 /* Keep a copy of the name so that it can be read on SIGHUP. */
1208 if (config_filename != configname)
1210 xfree (config_filename);
1211 config_filename = configname;
1219 if (log_get_errorcount(0))
1222 finalize_rereadable_options ();
1224 /* Print a warning if an argument looks like an option. */
1225 if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
1229 for (i=0; i < argc; i++)
1230 if (argv[i][0] == '-' && argv[i][1] == '-')
1231 log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
1235 /* gpg-agent usually does not output any messages because it runs in
1236 the background. For log files it is acceptable to have messages
1237 always encoded in utf-8. We switch here to utf-8, so that
1238 commands like --help still give native messages. It is far
1239 easier to switch only once instead of for every message and it
1240 actually helps when more then one thread is active (avoids an
1241 extra copy step). */
1242 bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
1245 if (!pipe_server && !is_daemon && !gpgconf_list && !is_supervised)
1247 /* We have been called without any command and thus we merely
1248 check whether an agent is already running. We do this right
1249 here so that we don't clobber a logfile with this check but
1250 print the status directly to stderr. */
1253 check_for_running_agent (0);
1259 else if (!opt.extra_socket)
1260 opt.extra_socket = 1;
1261 else if (socket_name_extra
1262 && (!strcmp (socket_name_extra, "none")
1263 || !strcmp (socket_name_extra, "/dev/null")))
1265 /* User requested not to create this socket. */
1266 opt.extra_socket = 0;
1267 socket_name_extra = NULL;
1272 else if (!opt.browser_socket)
1273 opt.browser_socket = 1;
1274 else if (socket_name_browser
1275 && (!strcmp (socket_name_browser, "none")
1276 || !strcmp (socket_name_browser, "/dev/null")))
1278 /* User requested not to create this socket. */
1279 opt.browser_socket = 0;
1280 socket_name_browser = NULL;
1285 if (atexit (cleanup))
1287 log_error ("atexit failed\n");
1292 /* Try to create missing directories. */
1293 create_directories ();
1295 if (debug_wait && pipe_server)
1297 thread_init_once ();
1298 log_debug ("waiting for debugger - my pid is %u .....\n",
1299 (unsigned int)getpid());
1300 gnupg_sleep (debug_wait);
1301 log_debug ("... okay\n");
1304 if (gpgconf_list == 3)
1306 /* We now use the standard socket always - return true for
1307 backward compatibility. */
1310 else if (gpgconf_list == 2)
1312 else if (gpgconf_list)
1317 /* List options and default values in the GPG Conf format. */
1318 filename = make_filename (gnupg_homedir (),
1319 GPG_AGENT_NAME EXTSEP_S "conf", NULL);
1320 filename_esc = percent_escape (filename, NULL);
1322 es_printf ("%s-%s.conf:%lu:\"%s\n",
1323 GPGCONF_NAME, GPG_AGENT_NAME,
1324 GC_OPT_FLAG_DEFAULT, filename_esc);
1326 xfree (filename_esc);
1328 es_printf ("verbose:%lu:\n"
1330 "debug-level:%lu:\"none:\n"
1332 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
1333 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
1334 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1335 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME );
1336 es_printf ("default-cache-ttl:%lu:%d:\n",
1337 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL );
1338 es_printf ("default-cache-ttl-ssh:%lu:%d:\n",
1339 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH );
1340 es_printf ("max-cache-ttl:%lu:%d:\n",
1341 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL );
1342 es_printf ("max-cache-ttl-ssh:%lu:%d:\n",
1343 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH );
1344 es_printf ("enforce-passphrase-constraints:%lu:\n",
1345 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1346 es_printf ("min-passphrase-len:%lu:%d:\n",
1347 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN );
1348 es_printf ("min-passphrase-nonalpha:%lu:%d:\n",
1349 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1350 MIN_PASSPHRASE_NONALPHA);
1351 es_printf ("check-passphrase-pattern:%lu:\n",
1352 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
1353 es_printf ("max-passphrase-days:%lu:%d:\n",
1354 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1355 MAX_PASSPHRASE_DAYS);
1356 es_printf ("enable-passphrase-history:%lu:\n",
1357 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1358 es_printf ("no-grab:%lu:\n",
1359 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1360 es_printf ("ignore-cache-for-signing:%lu:\n",
1361 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1362 es_printf ("no-allow-external-cache:%lu:\n",
1363 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1364 es_printf ("no-allow-mark-trusted:%lu:\n",
1365 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1366 es_printf ("disable-scdaemon:%lu:\n",
1367 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1368 es_printf ("enable-ssh-support:%lu:\n", GC_OPT_FLAG_NONE);
1369 #ifdef HAVE_W32_SYSTEM
1370 es_printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE);
1372 es_printf ("no-allow-loopback-pinentry:%lu:\n",
1373 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1374 es_printf ("allow-emacs-pinentry:%lu:\n",
1375 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1376 es_printf ("pinentry-timeout:%lu:0:\n",
1377 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
1382 /* Now start with logging to a file if this is desired. */
1385 log_set_file (logfile);
1386 log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
1387 | GPGRT_LOG_WITH_TIME
1388 | GPGRT_LOG_WITH_PID));
1389 current_logfile = xstrdup (logfile);
1392 /* Make sure that we have a default ttyname. */
1393 if (!default_ttyname && gnupg_ttyname (1))
1394 default_ttyname = xstrdup (gnupg_ttyname (1));
1395 if (!default_ttytype && getenv ("TERM"))
1396 default_ttytype = xstrdup (getenv ("TERM"));
1401 /* This is the simple pipe based server */
1404 initialize_modules ();
1406 ctrl = xtrycalloc (1, sizeof *ctrl);
1409 log_error ("error allocating connection control data: %s\n",
1413 ctrl->session_env = session_env_new ();
1414 if (!ctrl->session_env)
1416 log_error ("error allocating session environment block: %s\n",
1421 agent_init_default_ctrl (ctrl);
1422 start_command_handler (ctrl, GNUPG_INVALID_FD, GNUPG_INVALID_FD);
1423 agent_deinit_default_ctrl (ctrl);
1426 else if (is_supervised)
1428 #ifndef HAVE_W32_SYSTEM
1429 gnupg_fd_t fd, fd_extra, fd_browser, fd_ssh;
1431 initialize_modules ();
1433 /* when supervised and sending logs to stderr, the process
1434 supervisor should handle log entry metadata (pid, name,
1437 log_set_prefix (NULL, 0);
1439 log_info ("%s %s starting in supervised mode.\n",
1440 strusage(11), strusage(13) );
1442 /* See below in "regular server mode" on why we remove certain
1444 if (!opt.keep_display)
1445 gnupg_unsetenv ("DISPLAY");
1446 gnupg_unsetenv ("INSIDE_EMACS");
1448 /* Virtually create the sockets. Note that we use -1 here
1449 * because the whole thing works only on Unix. */
1450 map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh);
1452 log_fatal ("no standard socket provided\n");
1454 #ifdef HAVE_SIGPROCMASK
1455 if (startup_signal_mask_valid)
1457 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1458 log_error ("error restoring signal mask: %s\n",
1462 log_info ("no saved signal mask\n");
1463 #endif /*HAVE_SIGPROCMASK*/
1465 log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n",
1466 fd, fd_extra, fd_browser, fd_ssh);
1467 handle_connections (fd, fd_extra, fd_browser, fd_ssh);
1468 #endif /*!HAVE_W32_SYSTEM*/
1470 else if (!is_daemon)
1473 { /* Regular server mode */
1475 gnupg_fd_t fd_extra = GNUPG_INVALID_FD;
1476 gnupg_fd_t fd_browser = GNUPG_INVALID_FD;
1477 gnupg_fd_t fd_ssh = GNUPG_INVALID_FD;
1478 #ifndef HAVE_W32_SYSTEM
1482 /* Remove the DISPLAY variable so that a pinentry does not
1483 default to a specific display. There is still a default
1484 display when gpg-agent was started using --display or a
1485 client requested this using an OPTION command. Note, that we
1486 don't do this when running in reverse daemon mode (i.e. when
1487 exec the program given as arguments). */
1488 #ifndef HAVE_W32_SYSTEM
1489 if (!opt.keep_display && !argc)
1490 gnupg_unsetenv ("DISPLAY");
1493 /* Remove the INSIDE_EMACS variable so that a pinentry does not
1494 always try to interact with Emacs. The variable is set when
1495 a client requested this using an OPTION command. */
1496 gnupg_unsetenv ("INSIDE_EMACS");
1498 /* Create the sockets. */
1499 socket_name = create_socket_name (GPG_AGENT_SOCK_NAME, 1);
1500 fd = create_server_socket (socket_name, 1, 0,
1501 &redir_socket_name, &socket_nonce);
1503 if (opt.extra_socket)
1505 if (socket_name_extra)
1506 socket_name_extra = create_socket_name (socket_name_extra, 0);
1508 socket_name_extra = create_socket_name
1509 /**/ (GPG_AGENT_EXTRA_SOCK_NAME, 1);
1510 opt.extra_socket = 2; /* Indicate that it has been malloced. */
1511 fd_extra = create_server_socket (socket_name_extra, 0, 0,
1512 &redir_socket_name_extra,
1513 &socket_nonce_extra);
1516 if (opt.browser_socket)
1518 if (socket_name_browser)
1519 socket_name_browser = create_socket_name (socket_name_browser, 0);
1521 socket_name_browser= create_socket_name
1522 /**/ (GPG_AGENT_BROWSER_SOCK_NAME, 1);
1523 opt.browser_socket = 2; /* Indicate that it has been malloced. */
1524 fd_browser = create_server_socket (socket_name_browser, 0, 0,
1525 &redir_socket_name_browser,
1526 &socket_nonce_browser);
1529 socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
1530 fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
1531 &redir_socket_name_ssh,
1534 /* If we are going to exec a program in the parent, we record
1535 the PID, so that the child may check whether the program is
1538 parent_pid = getpid ();
1542 #ifdef HAVE_W32_SYSTEM
1546 initialize_modules ();
1548 #else /*!HAVE_W32_SYSTEM*/
1551 if (pid == (pid_t)-1)
1553 log_fatal ("fork failed: %s\n", strerror (errno) );
1557 { /* We are the parent */
1558 char *infostr_ssh_sock, *infostr_ssh_valid;
1560 /* Close the socket FD. */
1563 /* The signal mask might not be correct right now and thus
1564 we restore it. That is not strictly necessary but some
1565 programs falsely assume a cleared signal mask. */
1567 #ifdef HAVE_SIGPROCMASK
1568 if (startup_signal_mask_valid)
1570 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1571 log_error ("error restoring signal mask: %s\n",
1575 log_info ("no saved signal mask\n");
1576 #endif /*HAVE_SIGPROCMASK*/
1578 /* Create the SSH info string if enabled. */
1581 if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s",
1582 socket_name_ssh) < 0)
1584 log_error ("out of core\n");
1585 kill (pid, SIGTERM);
1588 if (asprintf (&infostr_ssh_valid, "gnupg_SSH_AUTH_SOCK_by=%lu",
1589 (unsigned long)getpid()) < 0)
1591 log_error ("out of core\n");
1592 kill (pid, SIGTERM);
1597 *socket_name = 0; /* Don't let cleanup() remove the socket -
1598 the child should do this from now on */
1599 if (opt.extra_socket)
1600 *socket_name_extra = 0;
1601 if (opt.browser_socket)
1602 *socket_name_browser = 0;
1603 *socket_name_ssh = 0;
1606 { /* Run the program given on the commandline. */
1607 if (ssh_support && (putenv (infostr_ssh_sock)
1608 || putenv (infostr_ssh_valid)))
1610 log_error ("failed to set environment: %s\n",
1612 kill (pid, SIGTERM );
1616 /* Close all the file descriptors except the standard
1617 ones and those open at startup. We explicitly don't
1618 close 0,1,2 in case something went wrong collecting
1620 close_all_fds (3, startup_fd_list);
1622 /* Run the command. */
1623 execvp (argv[0], argv);
1624 log_error ("failed to run the command: %s\n", strerror (errno));
1625 kill (pid, SIGTERM);
1630 /* Print the environment string, so that the caller can use
1631 shell's eval to set it */
1636 *strchr (infostr_ssh_sock, '=') = ' ';
1637 es_printf ("setenv %s;\n", infostr_ssh_sock);
1644 es_printf ("%s; export SSH_AUTH_SOCK;\n",
1650 xfree (infostr_ssh_sock);
1651 xfree (infostr_ssh_valid);
1662 initialize_modules ();
1664 /* Detach from tty and put process into a new session */
1668 unsigned int oldflags;
1670 /* Close stdin, stdout and stderr unless it is the log stream */
1671 for (i=0; i <= 2; i++)
1673 if (!log_test_fd (i) && i != fd )
1676 && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
1678 log_error ("failed to open '%s': %s\n",
1679 "/dev/null", strerror (errno));
1687 log_error ("setsid() failed: %s\n", strerror(errno) );
1692 log_get_prefix (&oldflags);
1693 log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
1694 opt.running_detached = 1;
1699 log_error ("chdir to / failed: %s\n", strerror (errno));
1704 struct sigaction sa;
1706 sa.sa_handler = SIG_IGN;
1707 sigemptyset (&sa.sa_mask);
1709 sigaction (SIGPIPE, &sa, NULL);
1711 #endif /*!HAVE_W32_SYSTEM*/
1713 log_info ("%s %s started\n", strusage(11), strusage(13) );
1714 handle_connections (fd, fd_extra, fd_browser, fd_ssh);
1715 assuan_sock_close (fd);
1722 /* Exit entry point. This function should be called instead of a
1727 /*FIXME: update_random_seed_file();*/
1729 /* We run our cleanup handler because that may close cipher contexts
1730 stored in secure memory and thus this needs to be done before we
1731 explicitly terminate secure memory. */
1735 /* at this time a bit annoying */
1736 if (opt.debug & DBG_MEMSTAT_VALUE)
1738 gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
1739 gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
1742 gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
1744 gcry_control (GCRYCTL_TERM_SECMEM );
1745 rc = rc? rc : log_get_errorcount(0)? 2 : 0;
1750 /* This is our callback function for gcrypt progress messages. It is
1751 set once at startup and dispatches progress messages to the
1752 corresponding threads of the agent. */
1754 agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
1755 int current, int total)
1757 struct progress_dispatch_s *dispatch;
1758 npth_t mytid = npth_self ();
1762 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1763 if (dispatch->ctrl && dispatch->tid == mytid)
1765 if (dispatch && dispatch->cb)
1766 dispatch->cb (dispatch->ctrl, what, printchar, current, total);
1768 /* Libgcrypt < 1.8 does not know about nPth and thus when it reads
1769 * from /dev/random this will block the process. To mitigate this
1770 * problem we take a short nap when Libgcrypt tells us that it needs
1771 * more entropy. This way other threads have chance to run. */
1772 #if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */
1773 if (what && !strcmp (what, "need_entropy"))
1774 npth_usleep (100000); /* 100ms */
1779 /* If a progress dispatcher callback has been associated with the
1780 * current connection unregister it. */
1782 unregister_progress_cb (void)
1784 struct progress_dispatch_s *dispatch;
1785 npth_t mytid = npth_self ();
1787 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1788 if (dispatch->ctrl && dispatch->tid == mytid)
1792 dispatch->ctrl = NULL;
1793 dispatch->cb = NULL;
1798 /* Setup a progress callback CB for the current connection. Using a
1799 * CB of NULL disables the callback. */
1801 agent_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what,
1802 int printchar, int current, int total),
1805 struct progress_dispatch_s *dispatch, *firstfree;
1806 npth_t mytid = npth_self ();
1809 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1811 if (dispatch->ctrl && dispatch->tid == mytid)
1813 if (!dispatch->ctrl && !firstfree)
1814 firstfree = dispatch;
1816 if (!dispatch) /* None allocated: Reuse or allocate a new one. */
1820 dispatch = firstfree;
1822 else if ((dispatch = xtrycalloc (1, sizeof *dispatch)))
1824 dispatch->next = progress_dispatch_list;
1825 progress_dispatch_list = dispatch;
1829 log_error ("error allocating new progress dispatcher slot: %s\n",
1830 gpg_strerror (gpg_error_from_syserror ()));
1833 dispatch->ctrl = ctrl;
1834 dispatch->tid = mytid;
1841 /* Each thread has its own local variables conveyed by a control
1842 structure usually identified by an argument named CTRL. This
1843 function is called immediately after allocating the control
1844 structure. Its purpose is to setup the default values for that
1845 structure. Note that some values may have already been set. */
1847 agent_init_default_ctrl (ctrl_t ctrl)
1849 assert (ctrl->session_env);
1851 /* Note we ignore malloc errors because we can't do much about it
1852 and the request will fail anyway shortly after this
1854 session_env_setenv (ctrl->session_env, "DISPLAY", default_display);
1855 session_env_setenv (ctrl->session_env, "GPG_TTY", default_ttyname);
1856 session_env_setenv (ctrl->session_env, "TERM", default_ttytype);
1857 session_env_setenv (ctrl->session_env, "XAUTHORITY", default_xauthority);
1858 session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", NULL);
1861 xfree (ctrl->lc_ctype);
1862 ctrl->lc_ctype = default_lc_ctype? xtrystrdup (default_lc_ctype) : NULL;
1864 if (ctrl->lc_messages)
1865 xfree (ctrl->lc_messages);
1866 ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages)
1868 ctrl->cache_ttl_opt_preset = CACHE_TTL_OPT_PRESET;
1872 /* Release all resources allocated by default in the control
1873 structure. This is the counterpart to agent_init_default_ctrl. */
1875 agent_deinit_default_ctrl (ctrl_t ctrl)
1877 unregister_progress_cb ();
1878 session_env_release (ctrl->session_env);
1881 xfree (ctrl->lc_ctype);
1882 if (ctrl->lc_messages)
1883 xfree (ctrl->lc_messages);
1887 /* Because the ssh protocol does not send us information about the
1888 current TTY setting, we use this function to use those from startup
1889 or those explicitly set. This is also used for the restricted mode
1890 where we ignore requests to change the environment. */
1892 agent_copy_startup_env (ctrl_t ctrl)
1894 static const char *names[] =
1895 {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
1896 gpg_error_t err = 0;
1900 for (idx=0; !err && names[idx]; idx++)
1901 if ((value = session_env_getenv (opt.startup_env, names[idx])))
1902 err = session_env_setenv (ctrl->session_env, names[idx], value);
1904 if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
1905 if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
1906 err = gpg_error_from_syserror ();
1908 if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
1909 if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
1910 err = gpg_error_from_syserror ();
1913 log_error ("error setting default session environment: %s\n",
1914 gpg_strerror (err));
1920 /* Reread parts of the configuration. Note, that this function is
1921 obviously not thread-safe and should only be called from the PTH
1924 Fixme: Due to the way the argument parsing works, we create a
1925 memory leak here for all string type arguments. There is currently
1926 no clean way to tell whether the memory for the argument has been
1927 allocated or points into the process' original arguments. Unless
1928 we have a mechanism to tell this, we need to live on with this. */
1930 reread_configuration (void)
1932 ARGPARSE_ARGS pargs;
1934 unsigned int configlineno = 0;
1937 if (!config_filename)
1938 return; /* No config file. */
1940 fp = fopen (config_filename, "r");
1943 log_info (_("option file '%s': %s\n"),
1944 config_filename, strerror(errno) );
1948 parse_rereadable_options (NULL, 1); /* Start from the default values. */
1950 memset (&pargs, 0, sizeof pargs);
1952 pargs.argc = &dummy;
1953 pargs.flags = 1; /* do not remove the args */
1954 while (optfile_parse (fp, config_filename, &configlineno, &pargs, opts) )
1956 if (pargs.r_opt < -1)
1957 pargs.err = 1; /* Print a warning. */
1958 else /* Try to parse this option - ignore unchangeable ones. */
1959 parse_rereadable_options (&pargs, 1);
1962 finalize_rereadable_options ();
1967 /* Return the file name of the socket we are using for native
1970 get_agent_socket_name (void)
1972 const char *s = socket_name;
1974 return (s && *s)? s : NULL;
1977 /* Return the file name of the socket we are using for SSH
1980 get_agent_ssh_socket_name (void)
1982 const char *s = socket_name_ssh;
1984 return (s && *s)? s : NULL;
1988 /* Return the number of active connections. */
1990 get_agent_active_connection_count (void)
1992 return active_connections;
1996 /* Under W32, this function returns the handle of the scdaemon
1997 notification event. Calling it the first time creates that
1999 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
2001 get_agent_scd_notify_event (void)
2003 static HANDLE the_event = INVALID_HANDLE_VALUE;
2005 if (the_event == INVALID_HANDLE_VALUE)
2008 SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
2010 /* We need to use a manual reset event object due to the way our
2011 w32-pth wait function works: If we would use an automatic
2012 reset event we are not able to figure out which handle has
2013 been signaled because at the time we single out the signaled
2014 handles using WFSO the event has already been reset due to
2016 h = CreateEvent (&sa, TRUE, FALSE, NULL);
2018 log_error ("can't create scd notify event: %s\n", w32_strerror (-1) );
2019 else if (!DuplicateHandle (GetCurrentProcess(), h,
2020 GetCurrentProcess(), &h2,
2021 EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0))
2023 log_error ("setting syncronize for scd notify event failed: %s\n",
2024 w32_strerror (-1) );
2036 #endif /*HAVE_W32_SYSTEM && !HAVE_W32CE_SYSTEM*/
2040 /* Create a name for the socket in the home directory as using
2041 STANDARD_NAME. We also check for valid characters as well as
2042 against a maximum allowed length for a unix domain socket is done.
2043 The function terminates the process in case of an error. Returns:
2044 Pointer to an allocated string with the absolute name of the socket
2047 create_socket_name (char *standard_name, int with_homedir)
2052 name = make_filename (gnupg_socketdir (), standard_name, NULL);
2054 name = make_filename (standard_name, NULL);
2055 if (strchr (name, PATHSEP_C))
2057 log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S);
2065 /* Create a Unix domain socket with NAME. Returns the file descriptor
2066 or terminates the process in case of an error. Note that this
2067 function needs to be used for the regular socket first (indicated
2068 by PRIMARY) and only then for the extra and the ssh sockets. If
2069 the socket has been redirected the name of the real socket is
2070 stored as a malloced string at R_REDIR_NAME. If CYGWIN is set a
2071 Cygwin compatible socket is created (Windows only). */
2073 create_server_socket (char *name, int primary, int cygwin,
2074 char **r_redir_name, assuan_sock_nonce_t *nonce)
2076 struct sockaddr *addr;
2077 struct sockaddr_un *unaddr;
2082 xfree (*r_redir_name);
2083 *r_redir_name = NULL;
2085 fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
2086 if (fd == ASSUAN_INVALID_FD)
2088 log_error (_("can't create socket: %s\n"), strerror (errno));
2089 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2094 assuan_sock_set_flag (fd, "cygwin", 1);
2096 unaddr = xmalloc (sizeof *unaddr);
2097 addr = (struct sockaddr*)unaddr;
2102 if (assuan_sock_set_sockaddr_un (name, addr, &redirected))
2104 if (errno == ENAMETOOLONG)
2105 log_error (_("socket name '%s' is too long\n"), name);
2107 log_error ("error preparing socket '%s': %s\n",
2108 name, gpg_strerror (gpg_error_from_syserror ()));
2109 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2114 *r_redir_name = xstrdup (unaddr->sun_path);
2116 log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name);
2120 len = SUN_LEN (unaddr);
2121 rc = assuan_sock_bind (fd, addr, len);
2123 /* Our error code mapping on W32CE returns EEXIST thus we also test
2126 && (errno == EADDRINUSE
2127 #ifdef HAVE_W32_SYSTEM
2132 /* Check whether a gpg-agent is already running. We do this
2133 test only if this is the primary socket. For secondary
2134 sockets we assume that a test for gpg-agent has already been
2135 done and reuse the requested socket. Testing the ssh-socket
2136 is not possible because at this point, though we know the new
2137 Assuan socket, the Assuan server and thus the ssh-agent
2138 server is not yet operational; this would lead to a hang. */
2139 if (primary && !check_for_running_agent (1))
2141 log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX);
2142 log_set_file (NULL);
2143 log_error (_("a gpg-agent is already running - "
2144 "not starting a new one\n"));
2145 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2146 assuan_sock_close (fd);
2149 gnupg_remove (unaddr->sun_path);
2150 rc = assuan_sock_bind (fd, addr, len);
2152 if (rc != -1 && (rc=assuan_sock_get_nonce (addr, len, nonce)))
2153 log_error (_("error getting nonce for the socket\n"));
2156 /* We use gpg_strerror here because it allows us to get strings
2157 for some W32 socket error codes. */
2158 log_error (_("error binding socket to '%s': %s\n"),
2160 gpg_strerror (gpg_error_from_syserror ()));
2162 assuan_sock_close (fd);
2163 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2167 if (gnupg_chmod (unaddr->sun_path, "-rwx"))
2168 log_error (_("can't set permissions of '%s': %s\n"),
2169 unaddr->sun_path, strerror (errno));
2171 if (listen (FD2INT(fd), 5 ) == -1)
2173 log_error (_("listen() failed: %s\n"), strerror (errno));
2174 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2175 assuan_sock_close (fd);
2180 log_info (_("listening on socket '%s'\n"), unaddr->sun_path);
2186 /* Check that the directory for storing the private keys exists and
2187 create it if not. This function won't fail as it is only a
2188 convenience function and not strictly necessary. */
2190 create_private_keys_directory (const char *home)
2193 struct stat statbuf;
2195 fname = make_filename (home, GNUPG_PRIVATE_KEYS_DIR, NULL);
2196 if (stat (fname, &statbuf) && errno == ENOENT)
2198 if (gnupg_mkdir (fname, "-rwx"))
2199 log_error (_("can't create directory '%s': %s\n"),
2200 fname, strerror (errno) );
2201 else if (!opt.quiet)
2202 log_info (_("directory '%s' created\n"), fname);
2204 if (gnupg_chmod (fname, "-rwx"))
2205 log_error (_("can't set permissions of '%s': %s\n"),
2206 fname, strerror (errno));
2211 /* Create the directory only if the supplied directory name is the
2212 same as the default one. This way we avoid to create arbitrary
2213 directories when a non-default home directory is used. To cope
2214 with HOME, we compare only the suffix if we see that the default
2215 homedir does start with a tilde. We don't stop here in case of
2216 problems because other functions will throw an error anyway.*/
2218 create_directories (void)
2220 struct stat statbuf;
2221 const char *defhome = standard_homedir ();
2224 home = make_filename (gnupg_homedir (), NULL);
2225 if ( stat (home, &statbuf) )
2227 if (errno == ENOENT)
2230 #ifdef HAVE_W32_SYSTEM
2231 ( !compare_filenames (home, defhome) )
2234 && (strlen (home) >= strlen (defhome+1)
2235 && !strcmp (home + strlen(home)
2236 - strlen (defhome+1), defhome+1)))
2237 || (*defhome != '~' && !strcmp (home, defhome) )
2241 if (gnupg_mkdir (home, "-rwx"))
2242 log_error (_("can't create directory '%s': %s\n"),
2243 home, strerror (errno) );
2247 log_info (_("directory '%s' created\n"), home);
2248 create_private_keys_directory (home);
2253 log_error (_("stat() failed for '%s': %s\n"), home, strerror (errno));
2255 else if ( !S_ISDIR(statbuf.st_mode))
2257 log_error (_("can't use '%s' as home directory\n"), home);
2259 else /* exists and is a directory. */
2261 create_private_keys_directory (home);
2268 /* This is the worker for the ticker. It is called every few seconds
2269 and may only do fast operations. */
2273 static time_t last_minute;
2276 last_minute = time (NULL);
2278 /* Check whether the scdaemon has died and cleanup in this case. */
2279 agent_scd_check_aliveness ();
2281 /* If we are running as a child of another process, check whether
2282 the parent is still alive and shutdown if not. */
2283 #ifndef HAVE_W32_SYSTEM
2284 if (parent_pid != (pid_t)(-1))
2286 if (kill (parent_pid, 0))
2288 shutdown_pending = 2;
2289 log_info ("parent process died - shutting down\n");
2290 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
2295 #endif /*HAVE_W32_SYSTEM*/
2297 /* Code to be run from time to time. */
2298 #if CHECK_OWN_SOCKET_INTERVAL > 0
2299 if (last_minute + CHECK_OWN_SOCKET_INTERVAL <= time (NULL))
2301 check_own_socket ();
2302 last_minute = time (NULL);
2309 /* A global function which allows us to call the reload stuff from
2310 other places too. This is only used when build for W32. */
2312 agent_sighup_action (void)
2314 log_info ("SIGHUP received - "
2315 "re-reading configuration and flushing cache\n");
2317 agent_flush_cache ();
2318 reread_configuration ();
2319 agent_reload_trustlist ();
2320 /* We flush the module name cache so that after installing a
2321 "pinentry" binary that one can be used in case the
2322 "pinentry-basic" fallback was in use. */
2323 gnupg_module_name_flush_some ();
2327 /* A helper function to handle SIGUSR2. */
2329 agent_sigusr2_action (void)
2332 log_info ("SIGUSR2 received - updating card event counter\n");
2333 /* Nothing to check right now. We only increment a counter. */
2334 bump_card_eventcounter ();
2338 #ifndef HAVE_W32_SYSTEM
2339 /* The signal handler for this program. It is expected to be run in
2340 its own trhead and not in the context of a signal handler. */
2342 handle_signal (int signo)
2346 #ifndef HAVE_W32_SYSTEM
2348 agent_sighup_action ();
2352 log_info ("SIGUSR1 received - printing internal information:\n");
2353 /* Fixme: We need to see how to integrate pth dumping into our
2355 /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */
2356 agent_query_dump_state ();
2357 agent_scd_dump_state ();
2361 agent_sigusr2_action ();
2365 if (!shutdown_pending)
2366 log_info ("SIGTERM received - shutting down ...\n");
2368 log_info ("SIGTERM received - still %i open connections\n",
2369 active_connections);
2371 if (shutdown_pending > 2)
2373 log_info ("shutdown forced\n");
2374 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
2381 log_info ("SIGINT received - immediate shutdown\n");
2382 log_info( "%s %s stopped\n", strusage(11), strusage(13));
2388 log_info ("signal %d received - no action defined\n", signo);
2393 /* Check the nonce on a new connection. This is a NOP unless we we
2394 are using our Unix domain socket emulation under Windows. */
2396 check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
2398 if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))
2400 log_info (_("error reading nonce on fd %d: %s\n"),
2401 FD2INT(ctrl->thread_startup.fd), strerror (errno));
2402 assuan_sock_close (ctrl->thread_startup.fd);
2411 #ifdef HAVE_W32_SYSTEM
2412 /* The window message processing function for Putty. Warning: This
2413 code runs as a native Windows thread. Use of our own functions
2414 needs to be bracket with pth_leave/pth_enter. */
2415 static LRESULT CALLBACK
2416 putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
2420 COPYDATASTRUCT *cds;
2421 const char *mapfile;
2426 PSECURITY_DESCRIPTOR psd = NULL;
2429 if (msg != WM_COPYDATA)
2431 return DefWindowProc (hwnd, msg, wparam, lparam);
2434 cds = (COPYDATASTRUCT*)lparam;
2435 if (cds->dwData != PUTTY_IPC_MAGIC)
2436 return 0; /* Ignore data with the wrong magic. */
2437 mapfile = cds->lpData;
2438 if (!cds->cbData || mapfile[cds->cbData - 1])
2439 return 0; /* Ignore empty and non-properly terminated strings. */
2444 log_debug ("ssh map file '%s'", mapfile);
2448 maphd = OpenFileMapping (FILE_MAP_ALL_ACCESS, FALSE, mapfile);
2452 log_debug ("ssh map handle %p\n", maphd);
2456 if (!maphd || maphd == INVALID_HANDLE_VALUE)
2461 mysid = w32_get_user_sid ();
2464 log_error ("error getting my sid\n");
2468 w32rc = GetSecurityInfo (maphd, SE_KERNEL_OBJECT,
2469 OWNER_SECURITY_INFORMATION,
2470 &mapsid, NULL, NULL, NULL,
2474 log_error ("error getting sid of ssh map file: rc=%d", w32rc);
2482 if (!ConvertSidToStringSid (mysid, &sidstr))
2484 log_debug (" my sid: '%s'", sidstr? sidstr: "[error]");
2486 if (!ConvertSidToStringSid (mapsid, &sidstr))
2488 log_debug ("ssh map file sid: '%s'", sidstr? sidstr: "[error]");
2492 if (!EqualSid (mysid, mapsid))
2494 log_error ("ssh map file has a non-matching sid\n");
2498 data = MapViewOfFile (maphd, FILE_MAP_ALL_ACCESS, 0, 0, 0);
2500 log_debug ("ssh IPC buffer at %p\n", data);
2504 /* log_printhex ("request:", data, 20); */
2506 ctrl = xtrycalloc (1, sizeof *ctrl);
2509 log_error ("error allocating connection control data: %s\n",
2513 ctrl->session_env = session_env_new ();
2514 if (!ctrl->session_env)
2516 log_error ("error allocating session environment block: %s\n",
2521 agent_init_default_ctrl (ctrl);
2522 if (!serve_mmapped_ssh_request (ctrl, data, PUTTY_IPC_MAXLEN))
2523 ret = 1; /* Valid ssh message has been constructed. */
2524 agent_deinit_default_ctrl (ctrl);
2525 /* log_printhex (" reply:", data, 20); */
2530 UnmapViewOfFile (data);
2535 CloseHandle (maphd);
2541 #endif /*HAVE_W32_SYSTEM*/
2544 #ifdef HAVE_W32_SYSTEM
2545 /* The thread handling Putty's IPC requests. */
2547 putty_message_thread (void *arg)
2549 WNDCLASS wndwclass = {0, putty_message_proc, 0, 0,
2550 NULL, NULL, NULL, NULL, NULL, "Pageant"};
2557 log_info ("putty message loop thread started\n");
2559 /* The message loop runs as thread independent from our nPth system.
2560 This also means that we need to make sure that we switch back to
2561 our system before calling any no-windows function. */
2564 /* First create a window to make sure that a message queue exists
2566 if (!RegisterClass (&wndwclass))
2569 log_error ("error registering Pageant window class");
2572 hwnd = CreateWindowEx (0, "Pageant", "Pageant", 0,
2574 HWND_MESSAGE, /* hWndParent */
2575 NULL, /* hWndMenu */
2576 NULL, /* hInstance */
2581 log_error ("error creating Pageant window");
2585 while (GetMessage(&msg, NULL, 0, 0))
2587 TranslateMessage(&msg);
2588 DispatchMessage(&msg);
2595 log_info ("putty message loop thread stopped\n");
2598 #endif /*HAVE_W32_SYSTEM*/
2602 do_start_connection_thread (ctrl_t ctrl)
2604 active_connections++;
2605 agent_init_default_ctrl (ctrl);
2606 if (opt.verbose && !DBG_IPC)
2607 log_info (_("handler 0x%lx for fd %d started\n"),
2608 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2610 start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd);
2611 if (opt.verbose && !DBG_IPC)
2612 log_info (_("handler 0x%lx for fd %d terminated\n"),
2613 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2615 agent_deinit_default_ctrl (ctrl);
2617 active_connections--;
2622 /* This is the standard connection thread's main function. */
2624 start_connection_thread_std (void *arg)
2628 if (check_nonce (ctrl, &socket_nonce))
2630 log_error ("handler 0x%lx nonce check FAILED\n",
2631 (unsigned long) npth_self());
2635 return do_start_connection_thread (ctrl);
2639 /* This is the extra socket connection thread's main function. */
2641 start_connection_thread_extra (void *arg)
2645 if (check_nonce (ctrl, &socket_nonce_extra))
2647 log_error ("handler 0x%lx nonce check FAILED\n",
2648 (unsigned long) npth_self());
2652 ctrl->restricted = 1;
2653 return do_start_connection_thread (ctrl);
2657 /* This is the browser socket connection thread's main function. */
2659 start_connection_thread_browser (void *arg)
2663 if (check_nonce (ctrl, &socket_nonce_browser))
2665 log_error ("handler 0x%lx nonce check FAILED\n",
2666 (unsigned long) npth_self());
2670 ctrl->restricted = 2;
2671 return do_start_connection_thread (ctrl);
2675 /* This is the ssh connection thread's main function. */
2677 start_connection_thread_ssh (void *arg)
2681 if (check_nonce (ctrl, &socket_nonce_ssh))
2684 active_connections++;
2685 agent_init_default_ctrl (ctrl);
2687 log_info (_("ssh handler 0x%lx for fd %d started\n"),
2688 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2690 start_command_handler_ssh (ctrl, ctrl->thread_startup.fd);
2692 log_info (_("ssh handler 0x%lx for fd %d terminated\n"),
2693 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2695 agent_deinit_default_ctrl (ctrl);
2697 active_connections--;
2702 /* Connection handler loop. Wait for connection requests and spawn a
2703 thread after accepting a connection. */
2705 handle_connections (gnupg_fd_t listen_fd,
2706 gnupg_fd_t listen_fd_extra,
2707 gnupg_fd_t listen_fd_browser,
2708 gnupg_fd_t listen_fd_ssh)
2712 struct sockaddr_un paddr;
2714 fd_set fdset, read_fdset;
2719 struct timespec abstime;
2720 struct timespec curtime;
2721 struct timespec timeout;
2722 #ifdef HAVE_W32_SYSTEM
2724 unsigned int events_set;
2726 int my_inotify_fd = -1;
2729 void *(*func) (void *arg);
2732 { "std", start_connection_thread_std },
2733 { "extra", start_connection_thread_extra },
2734 { "browser", start_connection_thread_browser },
2735 { "ssh", start_connection_thread_ssh }
2739 ret = npth_attr_init(&tattr);
2741 log_fatal ("error allocating thread attributes: %s\n",
2743 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
2745 #ifndef HAVE_W32_SYSTEM
2747 npth_sigev_add (SIGHUP);
2748 npth_sigev_add (SIGUSR1);
2749 npth_sigev_add (SIGUSR2);
2750 npth_sigev_add (SIGINT);
2751 npth_sigev_add (SIGTERM);
2754 # ifdef HAVE_W32CE_SYSTEM
2755 /* Use a dummy event. */
2757 ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
2759 events[0] = get_agent_scd_notify_event ();
2760 events[1] = INVALID_HANDLE_VALUE;
2764 if (disable_check_own_socket)
2766 else if ((err = gnupg_inotify_watch_socket (&my_inotify_fd, socket_name)))
2768 if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
2769 log_info ("error enabling fast daemon termination: %s\n",
2770 gpg_strerror (err));
2773 /* On Windows we need to fire up a separate thread to listen for
2774 requests from Putty (an SSH client), so we can replace Putty's
2775 Pageant (its ssh-agent implementation). */
2776 #ifdef HAVE_W32_SYSTEM
2781 ret = npth_create (&thread, &tattr, putty_message_thread, NULL);
2784 log_error ("error spawning putty message loop: %s\n", strerror (ret));
2787 #endif /*HAVE_W32_SYSTEM*/
2789 /* Set a flag to tell call-scd.c that it may enable event
2791 opt.sigusr2_enabled = 1;
2794 FD_SET (FD2INT (listen_fd), &fdset);
2795 nfd = FD2INT (listen_fd);
2796 if (listen_fd_extra != GNUPG_INVALID_FD)
2798 FD_SET ( FD2INT(listen_fd_extra), &fdset);
2799 if (FD2INT (listen_fd_extra) > nfd)
2800 nfd = FD2INT (listen_fd_extra);
2802 if (listen_fd_browser != GNUPG_INVALID_FD)
2804 FD_SET ( FD2INT(listen_fd_browser), &fdset);
2805 if (FD2INT (listen_fd_browser) > nfd)
2806 nfd = FD2INT (listen_fd_browser);
2808 if (listen_fd_ssh != GNUPG_INVALID_FD)
2810 FD_SET ( FD2INT(listen_fd_ssh), &fdset);
2811 if (FD2INT (listen_fd_ssh) > nfd)
2812 nfd = FD2INT (listen_fd_ssh);
2814 if (my_inotify_fd != -1)
2816 FD_SET (my_inotify_fd, &fdset);
2817 if (my_inotify_fd > nfd)
2818 nfd = my_inotify_fd;
2821 listentbl[0].l_fd = listen_fd;
2822 listentbl[1].l_fd = listen_fd_extra;
2823 listentbl[2].l_fd = listen_fd_browser;
2824 listentbl[3].l_fd = listen_fd_ssh;
2826 npth_clock_gettime (&abstime);
2827 abstime.tv_sec += TIMERTICK_INTERVAL;
2831 /* Shutdown test. */
2832 if (shutdown_pending)
2834 if (active_connections == 0)
2837 /* Do not accept new connections but keep on running the
2838 * loop to cope with the timer events.
2840 * Note that we do not close the listening socket because a
2841 * client trying to connect to that socket would instead
2842 * restart a new dirmngr instance - which is unlikely the
2843 * intention of a shutdown. */
2846 if (my_inotify_fd != -1)
2848 FD_SET (my_inotify_fd, &fdset);
2849 nfd = my_inotify_fd;
2853 /* POSIX says that fd_set should be implemented as a structure,
2854 thus a simple assignment is fine to copy the entire set. */
2857 npth_clock_gettime (&curtime);
2858 if (!(npth_timercmp (&curtime, &abstime, <)))
2862 npth_clock_gettime (&abstime);
2863 abstime.tv_sec += TIMERTICK_INTERVAL;
2865 npth_timersub (&abstime, &curtime, &timeout);
2867 #ifndef HAVE_W32_SYSTEM
2868 ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout,
2869 npth_sigev_sigmask ());
2870 saved_errno = errno;
2874 while (npth_sigev_get_pending (&signo))
2875 handle_signal (signo);
2878 ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout,
2879 events, &events_set);
2880 saved_errno = errno;
2882 /* This is valid even if npth_eselect returns an error. */
2884 agent_sigusr2_action ();
2887 if (ret == -1 && saved_errno != EINTR)
2889 log_error (_("npth_pselect failed: %s - waiting 1s\n"),
2890 strerror (saved_errno));
2895 /* Interrupt or timeout. Will be handled when calculating the
2899 if (!shutdown_pending)
2905 if (my_inotify_fd != -1
2906 && FD_ISSET (my_inotify_fd, &read_fdset)
2907 && gnupg_inotify_has_name (my_inotify_fd, GPG_AGENT_SOCK_NAME))
2909 shutdown_pending = 1;
2910 log_info ("socket file has been removed - shutting down\n");
2913 for (idx=0; idx < DIM(listentbl); idx++)
2915 if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
2917 if (!FD_ISSET (FD2INT (listentbl[idx].l_fd), &read_fdset))
2920 plen = sizeof paddr;
2921 fd = INT2FD (npth_accept (FD2INT(listentbl[idx].l_fd),
2922 (struct sockaddr *)&paddr, &plen));
2923 if (fd == GNUPG_INVALID_FD)
2925 log_error ("accept failed for %s: %s\n",
2926 listentbl[idx].name, strerror (errno));
2928 else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)))
2930 log_error ("error allocating connection data for %s: %s\n",
2931 listentbl[idx].name, strerror (errno) );
2932 assuan_sock_close (fd);
2934 else if ( !(ctrl->session_env = session_env_new ()))
2936 log_error ("error allocating session env block for %s: %s\n",
2937 listentbl[idx].name, strerror (errno) );
2939 assuan_sock_close (fd);
2943 ctrl->thread_startup.fd = fd;
2944 ret = npth_create (&thread, &tattr,
2945 listentbl[idx].func, ctrl);
2948 log_error ("error spawning connection handler for %s:"
2949 " %s\n", listentbl[idx].name, strerror (ret));
2950 assuan_sock_close (fd);
2954 fd = GNUPG_INVALID_FD;
2959 if (my_inotify_fd != -1)
2960 close (my_inotify_fd);
2962 log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
2963 npth_attr_destroy (&tattr);
2968 /* Helper for check_own_socket. */
2970 check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
2972 membuf_t *mb = opaque;
2973 put_membuf (mb, buffer, length);
2978 /* The thread running the actual check. We need to run this in a
2979 separate thread so that check_own_thread can be called from the
2982 check_own_socket_thread (void *arg)
2985 char *sockname = arg;
2986 assuan_context_t ctx = NULL;
2990 check_own_socket_running++;
2992 rc = assuan_new (&ctx);
2995 log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
2998 assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1);
3000 rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
3003 log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
3007 init_membuf (&mb, 100);
3008 rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb,
3009 NULL, NULL, NULL, NULL);
3010 put_membuf (&mb, "", 1);
3011 buffer = get_membuf (&mb, NULL);
3014 log_error ("sending command \"%s\" to my own socket failed: %s\n",
3015 "GETINFO pid", gpg_strerror (rc));
3018 else if ( (pid_t)strtoul (buffer, NULL, 10) != getpid ())
3020 log_error ("socket is now serviced by another server\n");
3023 else if (opt.verbose > 1)
3024 log_error ("socket is still served by this server\n");
3031 assuan_release (ctx);
3034 /* We may not remove the socket as it is now in use by another
3036 inhibit_socket_removal = 1;
3037 shutdown_pending = 2;
3038 log_info ("this process is useless - shutting down\n");
3040 check_own_socket_running--;
3045 /* Check whether we are still listening on our own socket. In case
3046 another gpg-agent process started after us has taken ownership of
3047 our socket, we would linger around without any real task. Thus we
3048 better check once in a while whether we are really needed. */
3050 check_own_socket (void)
3057 if (disable_check_own_socket)
3060 if (check_own_socket_running || shutdown_pending)
3061 return; /* Still running or already shutting down. */
3063 sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
3065 return; /* Out of memory. */
3067 err = npth_attr_init (&tattr);
3070 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
3071 err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
3073 log_error ("error spawning check_own_socket_thread: %s\n", strerror (err));
3074 npth_attr_destroy (&tattr);
3079 /* Figure out whether an agent is available and running. Prints an
3080 error if not. If SILENT is true, no messages are printed.
3081 Returns 0 if the agent is running. */
3083 check_for_running_agent (int silent)
3087 assuan_context_t ctx = NULL;
3089 sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
3091 return gpg_error_from_syserror ();
3093 err = assuan_new (&ctx);
3095 err = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
3100 log_error (_("no gpg-agent running in this session\n"));
3103 assuan_release (ctx);
3107 if (!opt.quiet && !silent)
3108 log_info ("gpg-agent running and available\n");
3110 assuan_release (ctx);