1 /* gpg-agent.c - The GnuPG Agent
2 * Copyright (C) 2000-2007, 2009-2010 Free Software Foundation, Inc.
3 * Copyright (C) 2000-2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
33 #ifdef HAVE_W32_SYSTEM
35 # define WINVER 0x0500 /* Same as in common/sysutils.c */
37 # ifdef HAVE_WINSOCK2_H
38 # include <winsock2.h>
42 #else /*!HAVE_W32_SYSTEM*/
43 # include <sys/socket.h>
45 #endif /*!HAVE_W32_SYSTEM*/
52 # include <sys/prctl.h>
55 #define GNUPG_COMMON_NEED_AFLOCAL
57 #include <assuan.h> /* Malloc hooks and socket wrappers. */
61 #include "gc-opt-flags.h"
64 #include "../common/init.h"
67 enum cmd_and_opt_values
98 oPinentryInvisibleChar,
111 oEnforcePassphraseConstraints,
113 oMinPassphraseNonalpha,
114 oCheckPassphrasePattern,
116 oEnablePassphraseHistory,
118 oNoUseStandardSocket,
123 oIgnoreCacheForSigning,
126 oAllowPresetPassphrase,
127 oAllowLoopbackPinentry,
128 oNoAllowLoopbackPinentry,
129 oNoAllowExternalCache,
136 oDisableCheckOwnSocket,
142 # define ENAMETOOLONG EINVAL
146 static ARGPARSE_OPTS opts[] = {
148 ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
149 ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
150 ARGPARSE_c (aUseStandardSocketP, "use-standard-socket-p", "@"),
152 ARGPARSE_group (301, N_("@Options:\n ")),
154 ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
155 ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")),
156 #ifndef HAVE_W32_SYSTEM
157 ARGPARSE_s_n (oSupervised, "supervised", N_("run in supervised mode")),
159 ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
160 ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
161 ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
162 ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
163 ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
165 ARGPARSE_s_s (oDebug, "debug", "@"),
166 ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
167 ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
168 ARGPARSE_s_i (oDebugWait," debug-wait", "@"),
169 ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"),
170 ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
172 ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
173 ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")),
174 ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")),
175 ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
176 /* */ N_("|PGM|use PGM as the PIN-Entry program")),
177 ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"),
178 ARGPARSE_s_s (oPinentryInvisibleChar, "pinentry-invisible-char", "@"),
179 ARGPARSE_s_u (oPinentryTimeout, "pinentry-timeout", "@"),
180 ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program",
181 /* */ N_("|PGM|use PGM as the SCdaemon program") ),
182 ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon",
183 /* */ N_("do not use the SCdaemon") ),
184 ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
186 ARGPARSE_s_s (oExtraSocket, "extra-socket",
187 /* */ N_("|NAME|accept some commands via NAME")),
189 ARGPARSE_s_s (oBrowserSocket, "browser-socket", "@"),
191 ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
193 ARGPARSE_s_n (oBatch, "batch", "@"),
194 ARGPARSE_s_s (oHomedir, "homedir", "@"),
196 ARGPARSE_s_s (oDisplay, "display", "@"),
197 ARGPARSE_s_s (oTTYname, "ttyname", "@"),
198 ARGPARSE_s_s (oTTYtype, "ttytype", "@"),
199 ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
200 ARGPARSE_s_s (oLCmessages, "lc-messages", "@"),
201 ARGPARSE_s_s (oXauthority, "xauthority", "@"),
202 ARGPARSE_s_n (oKeepTTY, "keep-tty",
203 /* */ N_("ignore requests to change the TTY")),
204 ARGPARSE_s_n (oKeepDISPLAY, "keep-display",
205 /* */ N_("ignore requests to change the X display")),
207 ARGPARSE_s_u (oDefCacheTTL, "default-cache-ttl",
208 N_("|N|expire cached PINs after N seconds")),
209 ARGPARSE_s_u (oDefCacheTTLSSH, "default-cache-ttl-ssh", "@" ),
210 ARGPARSE_s_u (oMaxCacheTTL, "max-cache-ttl", "@" ),
211 ARGPARSE_s_u (oMaxCacheTTLSSH, "max-cache-ttl-ssh", "@" ),
213 ARGPARSE_s_n (oEnforcePassphraseConstraints, "enforce-passphrase-constraints",
215 ARGPARSE_s_u (oMinPassphraseLen, "min-passphrase-len", "@"),
216 ARGPARSE_s_u (oMinPassphraseNonalpha, "min-passphrase-nonalpha", "@"),
217 ARGPARSE_s_s (oCheckPassphrasePattern, "check-passphrase-pattern", "@"),
218 ARGPARSE_s_u (oMaxPassphraseDays, "max-passphrase-days", "@"),
219 ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history", "@"),
221 ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing",
222 /* */ N_("do not use the PIN cache when signing")),
223 ARGPARSE_s_n (oNoAllowExternalCache, "no-allow-external-cache",
224 /* */ N_("disallow the use of an external password cache")),
225 ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted",
226 /* */ N_("disallow clients to mark keys as \"trusted\"")),
227 ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"),
228 ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
229 /* */ N_("allow presetting passphrase")),
230 ARGPARSE_s_n (oNoAllowLoopbackPinentry, "no-allow-loopback-pinentry",
231 N_("disallow caller to override the pinentry")),
232 ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", "@"),
233 ARGPARSE_s_n (oAllowEmacsPinentry, "allow-emacs-pinentry",
234 /* */ N_("allow passphrase to be prompted through Emacs")),
236 ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")),
237 ARGPARSE_s_n (oPuttySupport, "enable-putty-support",
238 #ifdef HAVE_W32_SYSTEM
239 /* */ N_("enable putty support")
245 /* Dummy options for backward compatibility. */
246 ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
247 ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
248 ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"),
250 {0} /* End of list */
254 /* The list of supported debug flags. */
255 static struct debug_flags_s debug_flags [] =
257 { DBG_MPI_VALUE , "mpi" },
258 { DBG_CRYPTO_VALUE , "crypto" },
259 { DBG_MEMORY_VALUE , "memory" },
260 { DBG_CACHE_VALUE , "cache" },
261 { DBG_MEMSTAT_VALUE, "memstat" },
262 { DBG_HASHING_VALUE, "hashing" },
263 { DBG_IPC_VALUE , "ipc" },
264 { 77, NULL } /* 77 := Do not exit on "help" or "?". */
269 #define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */
270 #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */
271 #define MAX_CACHE_TTL (120*60) /* 2 hours */
272 #define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */
273 #define MIN_PASSPHRASE_LEN (8)
274 #define MIN_PASSPHRASE_NONALPHA (1)
275 #define MAX_PASSPHRASE_DAYS (0)
277 /* The timer tick used for housekeeping stuff. For Windows we use a
278 longer period as the SetWaitableTimer seems to signal earlier than
279 the 2 seconds. CHECK_OWN_SOCKET_INTERVAL defines how often we
280 check our own socket in standard socket mode. If that value is 0
281 we don't check at all. All values are in seconds. */
282 #if defined(HAVE_W32CE_SYSTEM)
283 # define TIMERTICK_INTERVAL (60)
284 # define CHECK_OWN_SOCKET_INTERVAL (0) /* Never */
285 #elif defined(HAVE_W32_SYSTEM)
286 # define TIMERTICK_INTERVAL (4)
287 # define CHECK_OWN_SOCKET_INTERVAL (60)
289 # define TIMERTICK_INTERVAL (2)
290 # define CHECK_OWN_SOCKET_INTERVAL (60)
294 /* Flag indicating that the ssh-agent subsystem has been enabled. */
295 static int ssh_support;
297 #ifdef HAVE_W32_SYSTEM
298 /* Flag indicating that support for Putty has been enabled. */
299 static int putty_support;
300 /* A magic value used with WM_COPYDATA. */
301 #define PUTTY_IPC_MAGIC 0x804e50ba
302 /* To avoid surprises we limit the size of the mapped IPC file to this
303 value. Putty currently (0.62) uses 8k, thus 16k should be enough
304 for the foreseeable future. */
305 #define PUTTY_IPC_MAXLEN 16384
306 #endif /*HAVE_W32_SYSTEM*/
308 /* The list of open file descriptors at startup. Note that this list
309 has been allocated using the standard malloc. */
310 static int *startup_fd_list;
312 /* The signal mask at startup and a flag telling whether it is valid. */
313 #ifdef HAVE_SIGPROCMASK
314 static sigset_t startup_signal_mask;
315 static int startup_signal_mask_valid;
318 /* Flag to indicate that a shutdown was requested. */
319 static int shutdown_pending;
321 /* Counter for the currently running own socket checks. */
322 static int check_own_socket_running;
324 /* Flags to indicate that check_own_socket shall not be called. */
325 static int disable_check_own_socket;
327 /* Flag indicating that we are in supervised mode. */
328 static int is_supervised;
330 /* Flag to inhibit socket removal in cleanup. */
331 static int inhibit_socket_removal;
333 /* It is possible that we are currently running under setuid permissions */
334 static int maybe_setuid = 1;
336 /* Name of the communication socket used for native gpg-agent
337 requests. The second variable is either NULL or a malloced string
338 with the real socket name in case it has been redirected. */
339 static char *socket_name;
340 static char *redir_socket_name;
342 /* Name of the optional extra socket used for native gpg-agent requests. */
343 static char *socket_name_extra;
344 static char *redir_socket_name_extra;
346 /* Name of the optional browser socket used for native gpg-agent requests. */
347 static char *socket_name_browser;
348 static char *redir_socket_name_browser;
350 /* Name of the communication socket used for ssh-agent-emulation. */
351 static char *socket_name_ssh;
352 static char *redir_socket_name_ssh;
354 /* We need to keep track of the server's nonces (these are dummies for
356 static assuan_sock_nonce_t socket_nonce;
357 static assuan_sock_nonce_t socket_nonce_extra;
358 static assuan_sock_nonce_t socket_nonce_browser;
359 static assuan_sock_nonce_t socket_nonce_ssh;
362 /* Default values for options passed to the pinentry. */
363 static char *default_display;
364 static char *default_ttyname;
365 static char *default_ttytype;
366 static char *default_lc_ctype;
367 static char *default_lc_messages;
368 static char *default_xauthority;
370 /* Name of a config file, which will be reread on a HUP if it is not NULL. */
371 static char *config_filename;
373 /* Helper to implement --debug-level */
374 static const char *debug_level;
376 /* Keep track of the current log file so that we can avoid updating
377 the log file after a SIGHUP if it didn't changed. Malloced. */
378 static char *current_logfile;
380 /* The handle_tick() function may test whether a parent is still
381 running. We record the PID of the parent here or -1 if it should be
383 static pid_t parent_pid = (pid_t)(-1);
385 /* Record the pid of the main thread, for easier signalling */
386 static pid_t main_thread_pid = (pid_t)(-1);
388 /* Number of active connections. */
389 static int active_connections;
391 /* This object is used to dispatch progress messages from Libgcrypt to
392 * the right thread. Given that we will have at max only a few dozen
393 * connections at a time, using a linked list is the easiest way to
395 struct progress_dispatch_s
397 struct progress_dispatch_s *next;
398 /* The control object of the connection. If this is NULL no
399 * connection is associated with this item and it is free for reuse
400 * by new connections. */
403 /* The thread id of (npth_self) of the connection. */
406 /* The callback set by the connection. This is similar to the
407 * Libgcrypt callback but with the control object passed as the
409 void (*cb)(ctrl_t ctrl,
410 const char *what, int printchar,
411 int current, int total);
413 struct progress_dispatch_s *progress_dispatch_list;
422 static char *create_socket_name (char *standard_name, int with_homedir);
423 static gnupg_fd_t create_server_socket (char *name, int primary, int cygwin,
425 assuan_sock_nonce_t *nonce);
426 static void create_directories (void);
428 static void agent_libgcrypt_progress_cb (void *data, const char *what,
430 int current, int total);
431 static void agent_init_default_ctrl (ctrl_t ctrl);
432 static void agent_deinit_default_ctrl (ctrl_t ctrl);
434 static void handle_connections (gnupg_fd_t listen_fd,
435 gnupg_fd_t listen_fd_extra,
436 gnupg_fd_t listen_fd_browser,
437 gnupg_fd_t listen_fd_ssh);
438 static void check_own_socket (void);
439 static int check_for_running_agent (int silent);
441 /* Pth wrapper function definitions. */
442 ASSUAN_SYSTEM_NPTH_IMPL;
449 /* Allocate a string describing a library version by calling a GETFNC.
450 This function is expected to be called only once. GETFNC is
451 expected to have a semantic like gcry_check_version (). */
453 make_libversion (const char *libname, const char *(*getfnc)(const char*))
460 gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
464 result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
465 strcpy (stpcpy (stpcpy (result, libname), " "), s);
469 /* Return strings describing this program. The case values are
470 described in common/argparse.c:strusage. The values here override
471 the default values given by strusage. */
473 my_strusage (int level)
475 static char *ver_gcry;
480 case 11: p = "@GPG_AGENT@ (@GNUPG@)";
482 case 13: p = VERSION; break;
483 case 17: p = PRINTABLE_OS_NAME; break;
484 /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
485 reporting address. This is so that we can change the
486 reporting address without breaking the translations. */
487 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
491 ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
496 case 40: p = _("Usage: @GPG_AGENT@ [options] (-h for help)");
498 case 41: p = _("Syntax: @GPG_AGENT@ [options] [command [args]]\n"
499 "Secret key management for @GNUPG@\n");
509 /* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
510 only the active debug flags are propagated to the subsystems. With
511 DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
512 all flags already set. Note that we don't fail here, because it is
513 important to keep gpg-agent running even after re-reading the
514 options due to a SIGHUP. */
518 int numok = (debug_level && digitp (debug_level));
519 int numlvl = numok? atoi (debug_level) : 0;
523 else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
525 else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
526 opt.debug = DBG_IPC_VALUE;
527 else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
528 opt.debug = DBG_IPC_VALUE;
529 else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
530 opt.debug = (DBG_IPC_VALUE | DBG_CACHE_VALUE);
531 else if (!strcmp (debug_level, "guru") || numok)
534 /* Unless the "guru" string has been used we don't want to allow
535 hashing debugging. The rationale is that people tend to
536 select the highest debug value and would then clutter their
537 disk with debug files which may reveal confidential data. */
539 opt.debug &= ~(DBG_HASHING_VALUE);
543 log_error (_("invalid debug-level '%s' given\n"), debug_level);
544 opt.debug = 0; /* Reset debugging, so that prior debug
545 statements won't have an undesired effect. */
548 if (opt.debug && !opt.verbose)
550 if (opt.debug && opt.quiet)
553 if (opt.debug & DBG_MPI_VALUE)
554 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
555 if (opt.debug & DBG_CRYPTO_VALUE )
556 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
557 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
560 parse_debug_flag (NULL, &opt.debug, debug_flags);
564 /* Helper for cleanup to remove one socket with NAME. REDIR_NAME is
565 the corresponding real name if the socket has been redirected. */
567 remove_socket (char *name, char *redir_name)
580 /* Discover which inherited file descriptors correspond to which
581 * services/sockets offered by gpg-agent, using the LISTEN_FDS and
582 * LISTEN_FDNAMES convention. The understood labels are "ssh",
583 * "extra", and "browser". "std" or other labels will be interpreted
584 * as the standard socket.
586 * This function is designed to log errors when the expected file
587 * descriptors don't make sense, but to do its best to continue to
588 * work even in the face of minor misconfigurations.
590 * For more information on the LISTEN_FDS convention, see
591 * sd_listen_fds(3) on certain Linux distributions.
593 #ifndef HAVE_W32_SYSTEM
595 map_supervised_sockets (gnupg_fd_t *r_fd,
596 gnupg_fd_t *r_fd_extra,
597 gnupg_fd_t *r_fd_browser,
598 gnupg_fd_t *r_fd_ssh)
605 { "ssh", &r_fd_ssh, &socket_name_ssh },
606 { "browser", &r_fd_browser, &socket_name_browser },
607 { "extra", &r_fd_extra, &socket_name_extra },
608 { "std", &r_fd, &socket_name } /* (Must be the last item.) */
615 *r_fd = *r_fd_extra = *r_fd_browser = *r_fd_ssh = -1;
617 /* Print a warning if LISTEN_PID does not match outr pid. */
618 envvar = getenv ("LISTEN_PID");
620 log_error ("no LISTEN_PID environment variable found in "
621 "--supervised mode (ignoring)\n");
622 else if (strtoul (envvar, NULL, 10) != (unsigned long)getpid ())
623 log_error ("environment variable LISTEN_PID (%lu) does not match"
624 " our pid (%lu) in --supervised mode (ignoring)\n",
625 (unsigned long)strtoul (envvar, NULL, 10),
626 (unsigned long)getpid ());
628 /* Parse LISTEN_FDNAMES into the array FDNAMES. */
629 envvar = getenv ("LISTEN_FDNAMES");
632 fdnames = strtokenize (envvar, ":");
635 log_error ("strtokenize failed: %s\n",
636 gpg_strerror (gpg_error_from_syserror ()));
639 for (nfdnames=0; fdnames[nfdnames]; nfdnames++)
648 /* Parse LISTEN_FDS into fd_count or provide a replacement. */
649 envvar = getenv ("LISTEN_FDS");
651 fd_count = atoi (envvar);
654 log_error ("no LISTEN_FDS environment variable found in --supervised"
655 " mode (relying on LISTEN_FDNAMES instead)\n");
660 log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables "
661 "found in --supervised mode"
662 " (assuming 1 active descriptor)\n");
668 log_error ("--supervised mode expects at least one file descriptor"
669 " (was told %d, carrying on as though it were 1)\n",
674 /* Assign the descriptors to the return values. */
680 log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1"
681 " in --supervised mode."
682 " (ignoring all sockets but the first one)\n",
684 if (fstat (3, &statbuf) == -1 && errno ==EBADF)
685 log_fatal ("file descriptor 3 must be valid in --supervised mode"
686 " if LISTEN_FDNAMES is not set\n");
688 socket_name = gnupg_get_socket_name (3);
690 else if (fd_count != nfdnames)
692 log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match "
693 "LISTEN_FDS (%d) in --supervised mode\n",
701 for (i = 0; i < nfdnames; i++)
703 for (j = 0; j < DIM (tbl); j++)
705 if (!strcmp (fdnames[i], tbl[j].label) || j == DIM(tbl)-1)
708 if (**tbl[j].fdaddr == -1)
710 name = gnupg_get_socket_name (fd);
713 **tbl[j].fdaddr = fd;
714 *tbl[j].nameaddr = name;
715 log_info ("using fd %d for %s socket (%s)\n",
716 fd, tbl[j].label, name);
720 log_error ("cannot listen on fd %d for %s socket\n",
727 log_error ("cannot listen on more than one %s socket\n",
739 #endif /*!HAVE_W32_SYSTEM*/
742 /* Cleanup code for this program. This is either called has an atexit
743 handler or directly. */
752 deinitialize_module_cache ();
753 if (!is_supervised && !inhibit_socket_removal)
755 remove_socket (socket_name, redir_socket_name);
756 if (opt.extra_socket > 1)
757 remove_socket (socket_name_extra, redir_socket_name_extra);
758 if (opt.browser_socket > 1)
759 remove_socket (socket_name_browser, redir_socket_name_browser);
760 remove_socket (socket_name_ssh, redir_socket_name_ssh);
766 /* Handle options which are allowed to be reset after program start.
767 Return true when the current option in PARGS could be handled and
768 false if not. As a special feature, passing a value of NULL for
769 PARGS, resets the options to the default. REREAD should be set
770 true if it is not the initial option parsing. */
772 parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
780 opt.debug_pinentry = 0;
781 opt.pinentry_program = NULL;
782 opt.pinentry_touch_file = NULL;
783 xfree (opt.pinentry_invisible_char);
784 opt.pinentry_invisible_char = NULL;
785 opt.pinentry_timeout = 0;
786 opt.scdaemon_program = NULL;
787 opt.def_cache_ttl = DEFAULT_CACHE_TTL;
788 opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
789 opt.max_cache_ttl = MAX_CACHE_TTL;
790 opt.max_cache_ttl_ssh = MAX_CACHE_TTL_SSH;
791 opt.enforce_passphrase_constraints = 0;
792 opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
793 opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
794 opt.check_passphrase_pattern = NULL;
795 opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
796 opt.enable_passphrase_history = 0;
797 opt.ignore_cache_for_signing = 0;
798 opt.allow_mark_trusted = 1;
799 opt.allow_external_cache = 1;
800 opt.allow_loopback_pinentry = 1;
801 opt.allow_emacs_pinentry = 0;
802 opt.disable_scdaemon = 0;
803 disable_check_own_socket = 0;
807 switch (pargs->r_opt)
809 case oQuiet: opt.quiet = 1; break;
810 case oVerbose: opt.verbose++; break;
813 parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags);
815 case oDebugAll: opt.debug = ~0; break;
816 case oDebugLevel: debug_level = pargs->r.ret_str; break;
817 case oDebugPinentry: opt.debug_pinentry = 1; break;
821 return 0; /* not handeld */
822 if (!current_logfile || !pargs->r.ret_str
823 || strcmp (current_logfile, pargs->r.ret_str))
825 log_set_file (pargs->r.ret_str);
826 xfree (current_logfile);
827 current_logfile = xtrystrdup (pargs->r.ret_str);
831 case oNoGrab: opt.no_grab = 1; break;
833 case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
834 case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
835 case oPinentryInvisibleChar:
836 xfree (opt.pinentry_invisible_char);
837 opt.pinentry_invisible_char = xtrystrdup (pargs->r.ret_str); break;
839 case oPinentryTimeout: opt.pinentry_timeout = pargs->r.ret_ulong; break;
840 case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
841 case oDisableScdaemon: opt.disable_scdaemon = 1; break;
842 case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
844 case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
845 case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
846 case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
847 case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
849 case oEnforcePassphraseConstraints:
850 opt.enforce_passphrase_constraints=1;
852 case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break;
853 case oMinPassphraseNonalpha:
854 opt.min_passphrase_nonalpha = pargs->r.ret_ulong;
856 case oCheckPassphrasePattern:
857 opt.check_passphrase_pattern = pargs->r.ret_str;
859 case oMaxPassphraseDays:
860 opt.max_passphrase_days = pargs->r.ret_ulong;
862 case oEnablePassphraseHistory:
863 opt.enable_passphrase_history = 1;
866 case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
868 case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
869 case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
871 case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
873 case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break;
874 case oNoAllowLoopbackPinentry: opt.allow_loopback_pinentry = 0; break;
876 case oNoAllowExternalCache: opt.allow_external_cache = 0;
879 case oAllowEmacsPinentry: opt.allow_emacs_pinentry = 1;
883 return 0; /* not handled */
886 return 1; /* handled */
890 /* Fixup some options after all have been processed. */
892 finalize_rereadable_options (void)
898 thread_init_once (void)
900 static int npth_initialized = 0;
902 if (!npth_initialized)
907 gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
908 /* Now that we have set the syscall clamp we need to tell Libgcrypt
909 * that it should get them from libgpg-error. Note that Libgcrypt
910 * has already been initialized but at that point nPth was not
911 * initialized and thus Libgcrypt could not set its system call
913 #if GCRYPT_VERSION_NUMBER >= 0x010800 /* 1.8.0 */
914 gcry_control (GCRYCTL_REINIT_SYSCALL_CLAMP, 0, 0);
920 initialize_modules (void)
923 assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
924 initialize_module_cache ();
925 initialize_module_call_pinentry ();
926 initialize_module_call_scd ();
927 initialize_module_trustlist ();
931 /* The main entry point. */
933 main (int argc, char **argv )
938 FILE *configfp = NULL;
939 char *configname = NULL;
941 unsigned configlineno;
943 int default_config =1;
948 char *logfile = NULL;
950 int gpgconf_list = 0;
952 struct assuan_malloc_hooks malloc_hooks;
954 early_system_init ();
956 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
957 /* Disable ptrace on Linux without sgid bit */
958 prctl(PR_SET_DUMPABLE, 0);
961 /* Before we do anything else we save the list of currently open
962 file descriptors and the signal mask. This info is required to
963 do the exec call properly. */
964 startup_fd_list = get_all_open_fds ();
965 #ifdef HAVE_SIGPROCMASK
966 if (!sigprocmask (SIG_UNBLOCK, NULL, &startup_signal_mask))
967 startup_signal_mask_valid = 1;
968 #endif /*HAVE_SIGPROCMASK*/
970 /* Set program name etc. */
971 set_strusage (my_strusage);
972 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
973 /* Please note that we may running SUID(ROOT), so be very CAREFUL
974 when adding any stuff between here and the call to INIT_SECMEM()
975 somewhere after the option parsing */
976 log_set_prefix (GPG_AGENT_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_WITH_PID);
978 /* Make sure that our subsystems are ready. */
980 init_common_subsystems (&argc, &argv);
982 malloc_hooks.malloc = gcry_malloc;
983 malloc_hooks.realloc = gcry_realloc;
984 malloc_hooks.free = gcry_free;
985 assuan_set_malloc_hooks (&malloc_hooks);
986 assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
988 setup_libassuan_logging (&opt.debug, NULL);
990 setup_libgcrypt_logging ();
991 gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
992 gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
994 disable_core_dumps ();
996 /* Set default options. */
997 parse_rereadable_options (NULL, 0); /* Reset them to default values. */
999 shell = getenv ("SHELL");
1000 if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
1003 /* Record some of the original environment strings. */
1007 static const char *names[] =
1008 { "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL };
1011 opt.startup_env = session_env_new ();
1012 if (!opt.startup_env)
1013 err = gpg_error_from_syserror ();
1014 for (idx=0; !err && names[idx]; idx++)
1016 s = getenv (names[idx]);
1018 err = session_env_setenv (opt.startup_env, names[idx], s);
1022 s = gnupg_ttyname (0);
1024 err = session_env_setenv (opt.startup_env, "GPG_TTY", s);
1027 log_fatal ("error recording startup environment: %s\n",
1028 gpg_strerror (err));
1030 /* Fixme: Better use the locale function here. */
1031 opt.startup_lc_ctype = getenv ("LC_CTYPE");
1032 if (opt.startup_lc_ctype)
1033 opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype);
1034 opt.startup_lc_messages = getenv ("LC_MESSAGES");
1035 if (opt.startup_lc_messages)
1036 opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
1039 /* Check whether we have a config file on the commandline */
1044 pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
1045 while (arg_parse( &pargs, opts))
1047 if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
1049 else if (pargs.r_opt == oOptions)
1050 { /* yes there is one, so we do not try the default one, but
1051 read the option file when it is encountered at the
1055 else if (pargs.r_opt == oNoOptions)
1056 default_config = 0; /* --no-options */
1057 else if (pargs.r_opt == oHomedir)
1058 gnupg_set_homedir (pargs.r.ret_str);
1059 else if (pargs.r_opt == oDebugQuickRandom)
1061 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
1066 /* Initialize the secure memory. */
1067 gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0);
1071 Now we are now working under our real uid
1075 configname = make_filename (gnupg_homedir (),
1076 GPG_AGENT_NAME EXTSEP_S "conf", NULL);
1082 pargs.flags= 1; /* do not remove the args */
1087 configfp = fopen (configname, "r");
1093 log_info (_("Note: no default option file '%s'\n"),
1095 /* Save the default conf file name so that
1096 reread_configuration is able to test whether the
1097 config file has been created in the meantime. */
1098 xfree (config_filename);
1099 config_filename = configname;
1104 log_error (_("option file '%s': %s\n"),
1105 configname, strerror(errno) );
1111 if (parse_debug && configname )
1112 log_info (_("reading options from '%s'\n"), configname );
1116 while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
1118 if (parse_rereadable_options (&pargs, 0))
1119 continue; /* Already handled */
1120 switch (pargs.r_opt)
1122 case aGPGConfList: gpgconf_list = 1; break;
1123 case aGPGConfTest: gpgconf_list = 2; break;
1124 case aUseStandardSocketP: gpgconf_list = 3; break;
1125 case oBatch: opt.batch=1; break;
1127 case oDebugWait: debug_wait = pargs.r.ret_int; break;
1130 /* config files may not be nested (silently ignore them) */
1134 configname = xstrdup(pargs.r.ret_str);
1138 case oNoGreeting: /* Dummy option. */ break;
1139 case oNoVerbose: opt.verbose = 0; break;
1140 case oNoOptions: break; /* no-options */
1141 case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
1142 case oNoDetach: nodetach = 1; break;
1143 case oLogFile: logfile = pargs.r.ret_str; break;
1144 case oCsh: csh_style = 1; break;
1145 case oSh: csh_style = 0; break;
1146 case oServer: pipe_server = 1; break;
1147 case oDaemon: is_daemon = 1; break;
1148 case oSupervised: is_supervised = 1; break;
1150 case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
1151 case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
1152 case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
1153 case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
1154 case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
1156 case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
1159 case oUseStandardSocket:
1160 case oNoUseStandardSocket:
1161 obsolete_option (configname, configlineno, "use-standard-socket");
1164 case oFakedSystemTime:
1166 time_t faked_time = isotime2epoch (pargs.r.ret_str);
1167 if (faked_time == (time_t)(-1))
1168 faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
1169 gnupg_set_time (faked_time, 0);
1173 case oKeepTTY: opt.keep_tty = 1; break;
1174 case oKeepDISPLAY: opt.keep_display = 1; break;
1180 # ifdef HAVE_W32_SYSTEM
1186 opt.extra_socket = 1; /* (1 = points into argv) */
1187 socket_name_extra = pargs.r.ret_str;
1190 case oBrowserSocket:
1191 opt.browser_socket = 1; /* (1 = points into argv) */
1192 socket_name_browser = pargs.r.ret_str;
1195 case oDebugQuickRandom:
1196 /* Only used by the first stage command line parser. */
1200 obsolete_option (configname, configlineno, "write-env-file");
1203 default : pargs.err = configfp? 1:2; break;
1210 /* Keep a copy of the name so that it can be read on SIGHUP. */
1211 if (config_filename != configname)
1213 xfree (config_filename);
1214 config_filename = configname;
1222 if (log_get_errorcount(0))
1225 finalize_rereadable_options ();
1227 /* Print a warning if an argument looks like an option. */
1228 if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
1232 for (i=0; i < argc; i++)
1233 if (argv[i][0] == '-' && argv[i][1] == '-')
1234 log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
1238 /* gpg-agent usually does not output any messages because it runs in
1239 the background. For log files it is acceptable to have messages
1240 always encoded in utf-8. We switch here to utf-8, so that
1241 commands like --help still give native messages. It is far
1242 easier to switch only once instead of for every message and it
1243 actually helps when more then one thread is active (avoids an
1244 extra copy step). */
1245 bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
1248 if (!pipe_server && !is_daemon && !gpgconf_list && !is_supervised)
1250 /* We have been called without any command and thus we merely
1251 check whether an agent is already running. We do this right
1252 here so that we don't clobber a logfile with this check but
1253 print the status directly to stderr. */
1256 check_for_running_agent (0);
1262 else if (!opt.extra_socket)
1263 opt.extra_socket = 1;
1264 else if (socket_name_extra
1265 && (!strcmp (socket_name_extra, "none")
1266 || !strcmp (socket_name_extra, "/dev/null")))
1268 /* User requested not to create this socket. */
1269 opt.extra_socket = 0;
1270 socket_name_extra = NULL;
1275 else if (!opt.browser_socket)
1276 opt.browser_socket = 1;
1277 else if (socket_name_browser
1278 && (!strcmp (socket_name_browser, "none")
1279 || !strcmp (socket_name_browser, "/dev/null")))
1281 /* User requested not to create this socket. */
1282 opt.browser_socket = 0;
1283 socket_name_browser = NULL;
1288 if (atexit (cleanup))
1290 log_error ("atexit failed\n");
1295 /* Try to create missing directories. */
1296 create_directories ();
1298 if (debug_wait && pipe_server)
1300 thread_init_once ();
1301 log_debug ("waiting for debugger - my pid is %u .....\n",
1302 (unsigned int)getpid());
1303 gnupg_sleep (debug_wait);
1304 log_debug ("... okay\n");
1307 if (gpgconf_list == 3)
1309 /* We now use the standard socket always - return true for
1310 backward compatibility. */
1313 else if (gpgconf_list == 2)
1315 else if (gpgconf_list)
1320 /* List options and default values in the GPG Conf format. */
1321 filename = make_filename (gnupg_homedir (),
1322 GPG_AGENT_NAME EXTSEP_S "conf", NULL);
1323 filename_esc = percent_escape (filename, NULL);
1325 es_printf ("%s-%s.conf:%lu:\"%s\n",
1326 GPGCONF_NAME, GPG_AGENT_NAME,
1327 GC_OPT_FLAG_DEFAULT, filename_esc);
1329 xfree (filename_esc);
1331 es_printf ("verbose:%lu:\n"
1333 "debug-level:%lu:\"none:\n"
1335 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
1336 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
1337 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1338 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME );
1339 es_printf ("default-cache-ttl:%lu:%d:\n",
1340 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL );
1341 es_printf ("default-cache-ttl-ssh:%lu:%d:\n",
1342 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH );
1343 es_printf ("max-cache-ttl:%lu:%d:\n",
1344 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL );
1345 es_printf ("max-cache-ttl-ssh:%lu:%d:\n",
1346 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH );
1347 es_printf ("enforce-passphrase-constraints:%lu:\n",
1348 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1349 es_printf ("min-passphrase-len:%lu:%d:\n",
1350 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN );
1351 es_printf ("min-passphrase-nonalpha:%lu:%d:\n",
1352 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1353 MIN_PASSPHRASE_NONALPHA);
1354 es_printf ("check-passphrase-pattern:%lu:\n",
1355 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
1356 es_printf ("max-passphrase-days:%lu:%d:\n",
1357 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
1358 MAX_PASSPHRASE_DAYS);
1359 es_printf ("enable-passphrase-history:%lu:\n",
1360 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1361 es_printf ("no-grab:%lu:\n",
1362 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1363 es_printf ("ignore-cache-for-signing:%lu:\n",
1364 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1365 es_printf ("no-allow-external-cache:%lu:\n",
1366 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1367 es_printf ("no-allow-mark-trusted:%lu:\n",
1368 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1369 es_printf ("disable-scdaemon:%lu:\n",
1370 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1371 es_printf ("enable-ssh-support:%lu:\n", GC_OPT_FLAG_NONE);
1372 #ifdef HAVE_W32_SYSTEM
1373 es_printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE);
1375 es_printf ("no-allow-loopback-pinentry:%lu:\n",
1376 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1377 es_printf ("allow-emacs-pinentry:%lu:\n",
1378 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
1379 es_printf ("pinentry-timeout:%lu:0:\n",
1380 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
1385 /* Now start with logging to a file if this is desired. */
1388 log_set_file (logfile);
1389 log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
1390 | GPGRT_LOG_WITH_TIME
1391 | GPGRT_LOG_WITH_PID));
1392 current_logfile = xstrdup (logfile);
1395 /* Make sure that we have a default ttyname. */
1396 if (!default_ttyname && gnupg_ttyname (1))
1397 default_ttyname = xstrdup (gnupg_ttyname (1));
1398 if (!default_ttytype && getenv ("TERM"))
1399 default_ttytype = xstrdup (getenv ("TERM"));
1404 /* This is the simple pipe based server */
1407 initialize_modules ();
1409 ctrl = xtrycalloc (1, sizeof *ctrl);
1412 log_error ("error allocating connection control data: %s\n",
1416 ctrl->session_env = session_env_new ();
1417 if (!ctrl->session_env)
1419 log_error ("error allocating session environment block: %s\n",
1424 agent_init_default_ctrl (ctrl);
1425 start_command_handler (ctrl, GNUPG_INVALID_FD, GNUPG_INVALID_FD);
1426 agent_deinit_default_ctrl (ctrl);
1429 else if (is_supervised)
1431 #ifndef HAVE_W32_SYSTEM
1432 gnupg_fd_t fd, fd_extra, fd_browser, fd_ssh;
1434 initialize_modules ();
1436 /* when supervised and sending logs to stderr, the process
1437 supervisor should handle log entry metadata (pid, name,
1440 log_set_prefix (NULL, 0);
1442 log_info ("%s %s starting in supervised mode.\n",
1443 strusage(11), strusage(13) );
1445 /* See below in "regular server mode" on why we remove certain
1447 if (!opt.keep_display)
1448 gnupg_unsetenv ("DISPLAY");
1449 gnupg_unsetenv ("INSIDE_EMACS");
1451 /* Virtually create the sockets. Note that we use -1 here
1452 * because the whole thing works only on Unix. */
1453 map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh);
1455 log_fatal ("no standard socket provided\n");
1457 #ifdef HAVE_SIGPROCMASK
1458 if (startup_signal_mask_valid)
1460 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1461 log_error ("error restoring signal mask: %s\n",
1465 log_info ("no saved signal mask\n");
1466 #endif /*HAVE_SIGPROCMASK*/
1468 log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n",
1469 fd, fd_extra, fd_browser, fd_ssh);
1470 handle_connections (fd, fd_extra, fd_browser, fd_ssh);
1471 #endif /*!HAVE_W32_SYSTEM*/
1473 else if (!is_daemon)
1476 { /* Regular server mode */
1478 gnupg_fd_t fd_extra = GNUPG_INVALID_FD;
1479 gnupg_fd_t fd_browser = GNUPG_INVALID_FD;
1480 gnupg_fd_t fd_ssh = GNUPG_INVALID_FD;
1481 #ifndef HAVE_W32_SYSTEM
1485 /* Remove the DISPLAY variable so that a pinentry does not
1486 default to a specific display. There is still a default
1487 display when gpg-agent was started using --display or a
1488 client requested this using an OPTION command. Note, that we
1489 don't do this when running in reverse daemon mode (i.e. when
1490 exec the program given as arguments). */
1491 #ifndef HAVE_W32_SYSTEM
1492 if (!opt.keep_display && !argc)
1493 gnupg_unsetenv ("DISPLAY");
1496 /* Remove the INSIDE_EMACS variable so that a pinentry does not
1497 always try to interact with Emacs. The variable is set when
1498 a client requested this using an OPTION command. */
1499 gnupg_unsetenv ("INSIDE_EMACS");
1501 /* Create the sockets. */
1502 socket_name = create_socket_name (GPG_AGENT_SOCK_NAME, 1);
1503 fd = create_server_socket (socket_name, 1, 0,
1504 &redir_socket_name, &socket_nonce);
1506 if (opt.extra_socket)
1508 if (socket_name_extra)
1509 socket_name_extra = create_socket_name (socket_name_extra, 0);
1511 socket_name_extra = create_socket_name
1512 /**/ (GPG_AGENT_EXTRA_SOCK_NAME, 1);
1513 opt.extra_socket = 2; /* Indicate that it has been malloced. */
1514 fd_extra = create_server_socket (socket_name_extra, 0, 0,
1515 &redir_socket_name_extra,
1516 &socket_nonce_extra);
1519 if (opt.browser_socket)
1521 if (socket_name_browser)
1522 socket_name_browser = create_socket_name (socket_name_browser, 0);
1524 socket_name_browser= create_socket_name
1525 /**/ (GPG_AGENT_BROWSER_SOCK_NAME, 1);
1526 opt.browser_socket = 2; /* Indicate that it has been malloced. */
1527 fd_browser = create_server_socket (socket_name_browser, 0, 0,
1528 &redir_socket_name_browser,
1529 &socket_nonce_browser);
1532 socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
1533 fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
1534 &redir_socket_name_ssh,
1537 /* If we are going to exec a program in the parent, we record
1538 the PID, so that the child may check whether the program is
1541 parent_pid = getpid ();
1545 #ifdef HAVE_W32_SYSTEM
1549 initialize_modules ();
1551 #else /*!HAVE_W32_SYSTEM*/
1554 if (pid == (pid_t)-1)
1556 log_fatal ("fork failed: %s\n", strerror (errno) );
1560 { /* We are the parent */
1561 char *infostr_ssh_sock, *infostr_ssh_valid;
1563 /* Close the socket FD. */
1566 /* The signal mask might not be correct right now and thus
1567 we restore it. That is not strictly necessary but some
1568 programs falsely assume a cleared signal mask. */
1570 #ifdef HAVE_SIGPROCMASK
1571 if (startup_signal_mask_valid)
1573 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1574 log_error ("error restoring signal mask: %s\n",
1578 log_info ("no saved signal mask\n");
1579 #endif /*HAVE_SIGPROCMASK*/
1581 /* Create the SSH info string if enabled. */
1584 if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s",
1585 socket_name_ssh) < 0)
1587 log_error ("out of core\n");
1588 kill (pid, SIGTERM);
1591 if (asprintf (&infostr_ssh_valid, "gnupg_SSH_AUTH_SOCK_by=%lu",
1592 (unsigned long)getpid()) < 0)
1594 log_error ("out of core\n");
1595 kill (pid, SIGTERM);
1600 *socket_name = 0; /* Don't let cleanup() remove the socket -
1601 the child should do this from now on */
1602 if (opt.extra_socket)
1603 *socket_name_extra = 0;
1604 if (opt.browser_socket)
1605 *socket_name_browser = 0;
1606 *socket_name_ssh = 0;
1609 { /* Run the program given on the commandline. */
1610 if (ssh_support && (putenv (infostr_ssh_sock)
1611 || putenv (infostr_ssh_valid)))
1613 log_error ("failed to set environment: %s\n",
1615 kill (pid, SIGTERM );
1619 /* Close all the file descriptors except the standard
1620 ones and those open at startup. We explicitly don't
1621 close 0,1,2 in case something went wrong collecting
1623 close_all_fds (3, startup_fd_list);
1625 /* Run the command. */
1626 execvp (argv[0], argv);
1627 log_error ("failed to run the command: %s\n", strerror (errno));
1628 kill (pid, SIGTERM);
1633 /* Print the environment string, so that the caller can use
1634 shell's eval to set it */
1639 *strchr (infostr_ssh_sock, '=') = ' ';
1640 es_printf ("setenv %s;\n", infostr_ssh_sock);
1647 es_printf ("%s; export SSH_AUTH_SOCK;\n",
1653 xfree (infostr_ssh_sock);
1654 xfree (infostr_ssh_valid);
1665 initialize_modules ();
1667 /* Detach from tty and put process into a new session */
1671 unsigned int oldflags;
1673 /* Close stdin, stdout and stderr unless it is the log stream */
1674 for (i=0; i <= 2; i++)
1676 if (!log_test_fd (i) && i != fd )
1679 && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
1681 log_error ("failed to open '%s': %s\n",
1682 "/dev/null", strerror (errno));
1690 log_error ("setsid() failed: %s\n", strerror(errno) );
1695 log_get_prefix (&oldflags);
1696 log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
1697 opt.running_detached = 1;
1702 log_error ("chdir to / failed: %s\n", strerror (errno));
1707 struct sigaction sa;
1709 sa.sa_handler = SIG_IGN;
1710 sigemptyset (&sa.sa_mask);
1712 sigaction (SIGPIPE, &sa, NULL);
1714 #endif /*!HAVE_W32_SYSTEM*/
1716 log_info ("%s %s started\n", strusage(11), strusage(13) );
1717 handle_connections (fd, fd_extra, fd_browser, fd_ssh);
1718 assuan_sock_close (fd);
1725 /* Exit entry point. This function should be called instead of a
1730 /*FIXME: update_random_seed_file();*/
1732 /* We run our cleanup handler because that may close cipher contexts
1733 stored in secure memory and thus this needs to be done before we
1734 explicitly terminate secure memory. */
1738 /* at this time a bit annoying */
1739 if (opt.debug & DBG_MEMSTAT_VALUE)
1741 gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
1742 gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
1745 gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
1747 gcry_control (GCRYCTL_TERM_SECMEM );
1748 rc = rc? rc : log_get_errorcount(0)? 2 : 0;
1753 /* This is our callback function for gcrypt progress messages. It is
1754 set once at startup and dispatches progress messages to the
1755 corresponding threads of the agent. */
1757 agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
1758 int current, int total)
1760 struct progress_dispatch_s *dispatch;
1761 npth_t mytid = npth_self ();
1765 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1766 if (dispatch->ctrl && dispatch->tid == mytid)
1768 if (dispatch && dispatch->cb)
1769 dispatch->cb (dispatch->ctrl, what, printchar, current, total);
1771 /* Libgcrypt < 1.8 does not know about nPth and thus when it reads
1772 * from /dev/random this will block the process. To mitigate this
1773 * problem we take a short nap when Libgcrypt tells us that it needs
1774 * more entropy. This way other threads have chance to run. */
1775 #if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */
1776 if (what && !strcmp (what, "need_entropy"))
1777 npth_usleep (100000); /* 100ms */
1782 /* If a progress dispatcher callback has been associated with the
1783 * current connection unregister it. */
1785 unregister_progress_cb (void)
1787 struct progress_dispatch_s *dispatch;
1788 npth_t mytid = npth_self ();
1790 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1791 if (dispatch->ctrl && dispatch->tid == mytid)
1795 dispatch->ctrl = NULL;
1796 dispatch->cb = NULL;
1801 /* Setup a progress callback CB for the current connection. Using a
1802 * CB of NULL disables the callback. */
1804 agent_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what,
1805 int printchar, int current, int total),
1808 struct progress_dispatch_s *dispatch, *firstfree;
1809 npth_t mytid = npth_self ();
1812 for (dispatch = progress_dispatch_list; dispatch; dispatch = dispatch->next)
1814 if (dispatch->ctrl && dispatch->tid == mytid)
1816 if (!dispatch->ctrl && !firstfree)
1817 firstfree = dispatch;
1819 if (!dispatch) /* None allocated: Reuse or allocate a new one. */
1823 dispatch = firstfree;
1825 else if ((dispatch = xtrycalloc (1, sizeof *dispatch)))
1827 dispatch->next = progress_dispatch_list;
1828 progress_dispatch_list = dispatch;
1832 log_error ("error allocating new progress dispatcher slot: %s\n",
1833 gpg_strerror (gpg_error_from_syserror ()));
1836 dispatch->ctrl = ctrl;
1837 dispatch->tid = mytid;
1844 /* Each thread has its own local variables conveyed by a control
1845 structure usually identified by an argument named CTRL. This
1846 function is called immediately after allocating the control
1847 structure. Its purpose is to setup the default values for that
1848 structure. Note that some values may have already been set. */
1850 agent_init_default_ctrl (ctrl_t ctrl)
1852 assert (ctrl->session_env);
1854 /* Note we ignore malloc errors because we can't do much about it
1855 and the request will fail anyway shortly after this
1857 session_env_setenv (ctrl->session_env, "DISPLAY", default_display);
1858 session_env_setenv (ctrl->session_env, "GPG_TTY", default_ttyname);
1859 session_env_setenv (ctrl->session_env, "TERM", default_ttytype);
1860 session_env_setenv (ctrl->session_env, "XAUTHORITY", default_xauthority);
1861 session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", NULL);
1864 xfree (ctrl->lc_ctype);
1865 ctrl->lc_ctype = default_lc_ctype? xtrystrdup (default_lc_ctype) : NULL;
1867 if (ctrl->lc_messages)
1868 xfree (ctrl->lc_messages);
1869 ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages)
1871 ctrl->cache_ttl_opt_preset = CACHE_TTL_OPT_PRESET;
1875 /* Release all resources allocated by default in the control
1876 structure. This is the counterpart to agent_init_default_ctrl. */
1878 agent_deinit_default_ctrl (ctrl_t ctrl)
1880 unregister_progress_cb ();
1881 session_env_release (ctrl->session_env);
1884 xfree (ctrl->lc_ctype);
1885 if (ctrl->lc_messages)
1886 xfree (ctrl->lc_messages);
1890 /* Because the ssh protocol does not send us information about the
1891 current TTY setting, we use this function to use those from startup
1892 or those explicitly set. This is also used for the restricted mode
1893 where we ignore requests to change the environment. */
1895 agent_copy_startup_env (ctrl_t ctrl)
1897 static const char *names[] =
1898 {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
1899 gpg_error_t err = 0;
1903 for (idx=0; !err && names[idx]; idx++)
1904 if ((value = session_env_getenv (opt.startup_env, names[idx])))
1905 err = session_env_setenv (ctrl->session_env, names[idx], value);
1907 if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
1908 if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
1909 err = gpg_error_from_syserror ();
1911 if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
1912 if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
1913 err = gpg_error_from_syserror ();
1916 log_error ("error setting default session environment: %s\n",
1917 gpg_strerror (err));
1923 /* Reread parts of the configuration. Note, that this function is
1924 obviously not thread-safe and should only be called from the PTH
1927 Fixme: Due to the way the argument parsing works, we create a
1928 memory leak here for all string type arguments. There is currently
1929 no clean way to tell whether the memory for the argument has been
1930 allocated or points into the process' original arguments. Unless
1931 we have a mechanism to tell this, we need to live on with this. */
1933 reread_configuration (void)
1935 ARGPARSE_ARGS pargs;
1937 unsigned int configlineno = 0;
1940 if (!config_filename)
1941 return; /* No config file. */
1943 fp = fopen (config_filename, "r");
1946 log_info (_("option file '%s': %s\n"),
1947 config_filename, strerror(errno) );
1951 parse_rereadable_options (NULL, 1); /* Start from the default values. */
1953 memset (&pargs, 0, sizeof pargs);
1955 pargs.argc = &dummy;
1956 pargs.flags = 1; /* do not remove the args */
1957 while (optfile_parse (fp, config_filename, &configlineno, &pargs, opts) )
1959 if (pargs.r_opt < -1)
1960 pargs.err = 1; /* Print a warning. */
1961 else /* Try to parse this option - ignore unchangeable ones. */
1962 parse_rereadable_options (&pargs, 1);
1965 finalize_rereadable_options ();
1970 /* Return the file name of the socket we are using for native
1973 get_agent_socket_name (void)
1975 const char *s = socket_name;
1977 return (s && *s)? s : NULL;
1980 /* Return the file name of the socket we are using for SSH
1983 get_agent_ssh_socket_name (void)
1985 const char *s = socket_name_ssh;
1987 return (s && *s)? s : NULL;
1991 /* Return the number of active connections. */
1993 get_agent_active_connection_count (void)
1995 return active_connections;
1998 /* Increment/decrement the number of active connections. */
2000 adjust_agent_active_connections (int delta)
2002 active_connections += delta;
2006 /* Under W32, this function returns the handle of the scdaemon
2007 notification event. Calling it the first time creates that
2009 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
2011 get_agent_scd_notify_event (void)
2013 static HANDLE the_event = INVALID_HANDLE_VALUE;
2015 if (the_event == INVALID_HANDLE_VALUE)
2018 SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
2020 /* We need to use a manual reset event object due to the way our
2021 w32-pth wait function works: If we would use an automatic
2022 reset event we are not able to figure out which handle has
2023 been signaled because at the time we single out the signaled
2024 handles using WFSO the event has already been reset due to
2026 h = CreateEvent (&sa, TRUE, FALSE, NULL);
2028 log_error ("can't create scd notify event: %s\n", w32_strerror (-1) );
2029 else if (!DuplicateHandle (GetCurrentProcess(), h,
2030 GetCurrentProcess(), &h2,
2031 EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0))
2033 log_error ("setting synchronize for scd notify event failed: %s\n",
2034 w32_strerror (-1) );
2046 #endif /*HAVE_W32_SYSTEM && !HAVE_W32CE_SYSTEM*/
2050 /* Create a name for the socket in the home directory as using
2051 STANDARD_NAME. We also check for valid characters as well as
2052 against a maximum allowed length for a unix domain socket is done.
2053 The function terminates the process in case of an error. Returns:
2054 Pointer to an allocated string with the absolute name of the socket
2057 create_socket_name (char *standard_name, int with_homedir)
2062 name = make_filename (gnupg_socketdir (), standard_name, NULL);
2064 name = make_filename (standard_name, NULL);
2065 if (strchr (name, PATHSEP_C))
2067 log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S);
2075 /* Create a Unix domain socket with NAME. Returns the file descriptor
2076 or terminates the process in case of an error. Note that this
2077 function needs to be used for the regular socket first (indicated
2078 by PRIMARY) and only then for the extra and the ssh sockets. If
2079 the socket has been redirected the name of the real socket is
2080 stored as a malloced string at R_REDIR_NAME. If CYGWIN is set a
2081 Cygwin compatible socket is created (Windows only). */
2083 create_server_socket (char *name, int primary, int cygwin,
2084 char **r_redir_name, assuan_sock_nonce_t *nonce)
2086 struct sockaddr *addr;
2087 struct sockaddr_un *unaddr;
2092 xfree (*r_redir_name);
2093 *r_redir_name = NULL;
2095 fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
2096 if (fd == ASSUAN_INVALID_FD)
2098 log_error (_("can't create socket: %s\n"), strerror (errno));
2099 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2104 assuan_sock_set_flag (fd, "cygwin", 1);
2106 unaddr = xmalloc (sizeof *unaddr);
2107 addr = (struct sockaddr*)unaddr;
2112 if (assuan_sock_set_sockaddr_un (name, addr, &redirected))
2114 if (errno == ENAMETOOLONG)
2115 log_error (_("socket name '%s' is too long\n"), name);
2117 log_error ("error preparing socket '%s': %s\n",
2118 name, gpg_strerror (gpg_error_from_syserror ()));
2119 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2124 *r_redir_name = xstrdup (unaddr->sun_path);
2126 log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name);
2130 len = SUN_LEN (unaddr);
2131 rc = assuan_sock_bind (fd, addr, len);
2133 /* Our error code mapping on W32CE returns EEXIST thus we also test
2136 && (errno == EADDRINUSE
2137 #ifdef HAVE_W32_SYSTEM
2142 /* Check whether a gpg-agent is already running. We do this
2143 test only if this is the primary socket. For secondary
2144 sockets we assume that a test for gpg-agent has already been
2145 done and reuse the requested socket. Testing the ssh-socket
2146 is not possible because at this point, though we know the new
2147 Assuan socket, the Assuan server and thus the ssh-agent
2148 server is not yet operational; this would lead to a hang. */
2149 if (primary && !check_for_running_agent (1))
2151 log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX);
2152 log_set_file (NULL);
2153 log_error (_("a gpg-agent is already running - "
2154 "not starting a new one\n"));
2155 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2156 assuan_sock_close (fd);
2159 gnupg_remove (unaddr->sun_path);
2160 rc = assuan_sock_bind (fd, addr, len);
2162 if (rc != -1 && (rc=assuan_sock_get_nonce (addr, len, nonce)))
2163 log_error (_("error getting nonce for the socket\n"));
2166 /* We use gpg_strerror here because it allows us to get strings
2167 for some W32 socket error codes. */
2168 log_error (_("error binding socket to '%s': %s\n"),
2170 gpg_strerror (gpg_error_from_syserror ()));
2172 assuan_sock_close (fd);
2173 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2177 if (gnupg_chmod (unaddr->sun_path, "-rwx"))
2178 log_error (_("can't set permissions of '%s': %s\n"),
2179 unaddr->sun_path, strerror (errno));
2181 if (listen (FD2INT(fd), 5 ) == -1)
2183 log_error (_("listen() failed: %s\n"), strerror (errno));
2184 *name = 0; /* Inhibit removal of the socket by cleanup(). */
2185 assuan_sock_close (fd);
2190 log_info (_("listening on socket '%s'\n"), unaddr->sun_path);
2196 /* Check that the directory for storing the private keys exists and
2197 create it if not. This function won't fail as it is only a
2198 convenience function and not strictly necessary. */
2200 create_private_keys_directory (const char *home)
2203 struct stat statbuf;
2205 fname = make_filename (home, GNUPG_PRIVATE_KEYS_DIR, NULL);
2206 if (stat (fname, &statbuf) && errno == ENOENT)
2208 if (gnupg_mkdir (fname, "-rwx"))
2209 log_error (_("can't create directory '%s': %s\n"),
2210 fname, strerror (errno) );
2211 else if (!opt.quiet)
2212 log_info (_("directory '%s' created\n"), fname);
2214 if (gnupg_chmod (fname, "-rwx"))
2215 log_error (_("can't set permissions of '%s': %s\n"),
2216 fname, strerror (errno));
2221 /* Create the directory only if the supplied directory name is the
2222 same as the default one. This way we avoid to create arbitrary
2223 directories when a non-default home directory is used. To cope
2224 with HOME, we compare only the suffix if we see that the default
2225 homedir does start with a tilde. We don't stop here in case of
2226 problems because other functions will throw an error anyway.*/
2228 create_directories (void)
2230 struct stat statbuf;
2231 const char *defhome = standard_homedir ();
2234 home = make_filename (gnupg_homedir (), NULL);
2235 if ( stat (home, &statbuf) )
2237 if (errno == ENOENT)
2240 #ifdef HAVE_W32_SYSTEM
2241 ( !compare_filenames (home, defhome) )
2244 && (strlen (home) >= strlen (defhome+1)
2245 && !strcmp (home + strlen(home)
2246 - strlen (defhome+1), defhome+1)))
2247 || (*defhome != '~' && !strcmp (home, defhome) )
2251 if (gnupg_mkdir (home, "-rwx"))
2252 log_error (_("can't create directory '%s': %s\n"),
2253 home, strerror (errno) );
2257 log_info (_("directory '%s' created\n"), home);
2258 create_private_keys_directory (home);
2263 log_error (_("stat() failed for '%s': %s\n"), home, strerror (errno));
2265 else if ( !S_ISDIR(statbuf.st_mode))
2267 log_error (_("can't use '%s' as home directory\n"), home);
2269 else /* exists and is a directory. */
2271 create_private_keys_directory (home);
2280 #ifdef HAVE_W32_SYSTEM
2281 /* We do not know how to interrupt the select loop on Windows, so we
2282 always need a short tick there. */
2285 /* if we were invoked like "gpg-agent cmd arg1 arg2" then we need to
2286 watch our parent. */
2287 if (parent_pid != (pid_t)(-1))
2289 /* if scdaemon is running, we need to check that it's alive */
2290 if (agent_scd_check_running ())
2292 /* otherwise, nothing fine-grained to do. */
2294 #endif /*HAVE_W32_SYSTEM*/
2298 /* This is the worker for the ticker. It is called every few seconds
2299 and may only do fast operations. */
2303 /* Check whether the scdaemon has died and cleanup in this case. */
2304 agent_scd_check_aliveness ();
2306 /* If we are running as a child of another process, check whether
2307 the parent is still alive and shutdown if not. */
2308 #ifndef HAVE_W32_SYSTEM
2309 if (parent_pid != (pid_t)(-1))
2311 if (kill (parent_pid, 0))
2313 shutdown_pending = 2;
2314 log_info ("parent process died - shutting down\n");
2315 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
2320 #endif /*HAVE_W32_SYSTEM*/
2324 /* A global function which allows us to call the reload stuff from
2325 other places too. This is only used when build for W32. */
2327 agent_sighup_action (void)
2329 log_info ("SIGHUP received - "
2330 "re-reading configuration and flushing cache\n");
2332 agent_flush_cache ();
2333 reread_configuration ();
2334 agent_reload_trustlist ();
2335 /* We flush the module name cache so that after installing a
2336 "pinentry" binary that one can be used in case the
2337 "pinentry-basic" fallback was in use. */
2338 gnupg_module_name_flush_some ();
2342 /* A helper function to handle SIGUSR2. */
2344 agent_sigusr2_action (void)
2347 log_info ("SIGUSR2 received - updating card event counter\n");
2348 /* Nothing to check right now. We only increment a counter. */
2349 bump_card_eventcounter ();
2353 #ifndef HAVE_W32_SYSTEM
2354 /* The signal handler for this program. It is expected to be run in
2355 its own thread and not in the context of a signal handler. */
2357 handle_signal (int signo)
2361 #ifndef HAVE_W32_SYSTEM
2363 agent_sighup_action ();
2367 log_info ("SIGUSR1 received - printing internal information:\n");
2368 /* Fixme: We need to see how to integrate pth dumping into our
2370 /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */
2371 agent_query_dump_state ();
2372 agent_scd_dump_state ();
2376 agent_sigusr2_action ();
2379 /* nothing to do here, just take an extra cycle on the select loop */
2384 if (!shutdown_pending)
2385 log_info ("SIGTERM received - shutting down ...\n");
2387 log_info ("SIGTERM received - still %i open connections\n",
2388 get_agent_active_connection_count());
2390 if (shutdown_pending > 2)
2392 log_info ("shutdown forced\n");
2393 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
2400 log_info ("SIGINT received - immediate shutdown\n");
2401 log_info( "%s %s stopped\n", strusage(11), strusage(13));
2407 log_info ("signal %d received - no action defined\n", signo);
2412 /* Check the nonce on a new connection. This is a NOP unless we we
2413 are using our Unix domain socket emulation under Windows. */
2415 check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
2417 if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))
2419 log_info (_("error reading nonce on fd %d: %s\n"),
2420 FD2INT(ctrl->thread_startup.fd), strerror (errno));
2421 assuan_sock_close (ctrl->thread_startup.fd);
2430 #ifdef HAVE_W32_SYSTEM
2431 /* The window message processing function for Putty. Warning: This
2432 code runs as a native Windows thread. Use of our own functions
2433 needs to be bracket with pth_leave/pth_enter. */
2434 static LRESULT CALLBACK
2435 putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
2439 COPYDATASTRUCT *cds;
2440 const char *mapfile;
2445 PSECURITY_DESCRIPTOR psd = NULL;
2448 if (msg != WM_COPYDATA)
2450 return DefWindowProc (hwnd, msg, wparam, lparam);
2453 cds = (COPYDATASTRUCT*)lparam;
2454 if (cds->dwData != PUTTY_IPC_MAGIC)
2455 return 0; /* Ignore data with the wrong magic. */
2456 mapfile = cds->lpData;
2457 if (!cds->cbData || mapfile[cds->cbData - 1])
2458 return 0; /* Ignore empty and non-properly terminated strings. */
2463 log_debug ("ssh map file '%s'", mapfile);
2467 maphd = OpenFileMapping (FILE_MAP_ALL_ACCESS, FALSE, mapfile);
2471 log_debug ("ssh map handle %p\n", maphd);
2475 if (!maphd || maphd == INVALID_HANDLE_VALUE)
2480 mysid = w32_get_user_sid ();
2483 log_error ("error getting my sid\n");
2487 w32rc = GetSecurityInfo (maphd, SE_KERNEL_OBJECT,
2488 OWNER_SECURITY_INFORMATION,
2489 &mapsid, NULL, NULL, NULL,
2493 log_error ("error getting sid of ssh map file: rc=%d", w32rc);
2501 if (!ConvertSidToStringSid (mysid, &sidstr))
2503 log_debug (" my sid: '%s'", sidstr? sidstr: "[error]");
2505 if (!ConvertSidToStringSid (mapsid, &sidstr))
2507 log_debug ("ssh map file sid: '%s'", sidstr? sidstr: "[error]");
2511 if (!EqualSid (mysid, mapsid))
2513 log_error ("ssh map file has a non-matching sid\n");
2517 data = MapViewOfFile (maphd, FILE_MAP_ALL_ACCESS, 0, 0, 0);
2519 log_debug ("ssh IPC buffer at %p\n", data);
2523 /* log_printhex ("request:", data, 20); */
2525 ctrl = xtrycalloc (1, sizeof *ctrl);
2528 log_error ("error allocating connection control data: %s\n",
2532 ctrl->session_env = session_env_new ();
2533 if (!ctrl->session_env)
2535 log_error ("error allocating session environment block: %s\n",
2540 agent_init_default_ctrl (ctrl);
2541 if (!serve_mmapped_ssh_request (ctrl, data, PUTTY_IPC_MAXLEN))
2542 ret = 1; /* Valid ssh message has been constructed. */
2543 agent_deinit_default_ctrl (ctrl);
2544 /* log_printhex (" reply:", data, 20); */
2549 UnmapViewOfFile (data);
2554 CloseHandle (maphd);
2560 #endif /*HAVE_W32_SYSTEM*/
2563 #ifdef HAVE_W32_SYSTEM
2564 /* The thread handling Putty's IPC requests. */
2566 putty_message_thread (void *arg)
2568 WNDCLASS wndwclass = {0, putty_message_proc, 0, 0,
2569 NULL, NULL, NULL, NULL, NULL, "Pageant"};
2576 log_info ("putty message loop thread started\n");
2578 /* The message loop runs as thread independent from our nPth system.
2579 This also means that we need to make sure that we switch back to
2580 our system before calling any no-windows function. */
2583 /* First create a window to make sure that a message queue exists
2585 if (!RegisterClass (&wndwclass))
2588 log_error ("error registering Pageant window class");
2591 hwnd = CreateWindowEx (0, "Pageant", "Pageant", 0,
2593 HWND_MESSAGE, /* hWndParent */
2594 NULL, /* hWndMenu */
2595 NULL, /* hInstance */
2600 log_error ("error creating Pageant window");
2604 while (GetMessage(&msg, NULL, 0, 0))
2606 TranslateMessage(&msg);
2607 DispatchMessage(&msg);
2614 log_info ("putty message loop thread stopped\n");
2617 #endif /*HAVE_W32_SYSTEM*/
2621 do_start_connection_thread (ctrl_t ctrl)
2623 adjust_agent_active_connections(+1);
2624 agent_init_default_ctrl (ctrl);
2625 if (opt.verbose && !DBG_IPC)
2626 log_info (_("handler 0x%lx for fd %d started\n"),
2627 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2629 start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd);
2630 if (opt.verbose && !DBG_IPC)
2631 log_info (_("handler 0x%lx for fd %d terminated\n"),
2632 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2634 agent_deinit_default_ctrl (ctrl);
2636 adjust_agent_active_connections(-1);
2641 /* This is the standard connection thread's main function. */
2643 start_connection_thread_std (void *arg)
2647 if (check_nonce (ctrl, &socket_nonce))
2649 log_error ("handler 0x%lx nonce check FAILED\n",
2650 (unsigned long) npth_self());
2654 return do_start_connection_thread (ctrl);
2658 /* This is the extra socket connection thread's main function. */
2660 start_connection_thread_extra (void *arg)
2664 if (check_nonce (ctrl, &socket_nonce_extra))
2666 log_error ("handler 0x%lx nonce check FAILED\n",
2667 (unsigned long) npth_self());
2671 ctrl->restricted = 1;
2672 return do_start_connection_thread (ctrl);
2676 /* This is the browser socket connection thread's main function. */
2678 start_connection_thread_browser (void *arg)
2682 if (check_nonce (ctrl, &socket_nonce_browser))
2684 log_error ("handler 0x%lx nonce check FAILED\n",
2685 (unsigned long) npth_self());
2689 ctrl->restricted = 2;
2690 return do_start_connection_thread (ctrl);
2694 /* This is the ssh connection thread's main function. */
2696 start_connection_thread_ssh (void *arg)
2700 if (check_nonce (ctrl, &socket_nonce_ssh))
2703 adjust_agent_active_connections(+1);
2704 agent_init_default_ctrl (ctrl);
2706 log_info (_("ssh handler 0x%lx for fd %d started\n"),
2707 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2709 start_command_handler_ssh (ctrl, ctrl->thread_startup.fd);
2711 log_info (_("ssh handler 0x%lx for fd %d terminated\n"),
2712 (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd));
2714 agent_deinit_default_ctrl (ctrl);
2716 adjust_agent_active_connections(-1);
2721 void interrupt_main_thread_loop (void)
2723 #ifndef HAVE_W32_SYSTEM
2724 kill (main_thread_pid, SIGCONT);
2728 /* helper function for readability: test whether a given struct
2729 timespec is set to all-zeros */
2731 tv_is_set (struct timespec tv)
2733 return tv.tv_sec || tv.tv_nsec;
2737 /* Connection handler loop. Wait for connection requests and spawn a
2738 thread after accepting a connection. */
2740 handle_connections (gnupg_fd_t listen_fd,
2741 gnupg_fd_t listen_fd_extra,
2742 gnupg_fd_t listen_fd_browser,
2743 gnupg_fd_t listen_fd_ssh)
2747 struct sockaddr_un paddr;
2749 fd_set fdset, read_fdset;
2755 struct timespec abstime;
2756 struct timespec curtime;
2757 struct timespec timeout;
2758 struct timespec *select_timeout;
2759 #ifdef HAVE_W32_SYSTEM
2761 unsigned int events_set;
2763 int my_inotify_fd = -1;
2766 void *(*func) (void *arg);
2769 { "std", start_connection_thread_std },
2770 { "extra", start_connection_thread_extra },
2771 { "browser", start_connection_thread_browser },
2772 { "ssh", start_connection_thread_ssh }
2775 struct timespec interval;
2776 void (*func) (void);
2777 struct timespec next;
2779 { { TIMERTICK_INTERVAL, 0 }, handle_tick },
2780 { { CHECK_OWN_SOCKET_INTERVAL, 0 }, check_own_socket }
2784 ret = npth_attr_init(&tattr);
2786 log_fatal ("error allocating thread attributes: %s\n",
2788 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
2790 #ifndef HAVE_W32_SYSTEM
2792 npth_sigev_add (SIGHUP);
2793 npth_sigev_add (SIGUSR1);
2794 npth_sigev_add (SIGUSR2);
2795 npth_sigev_add (SIGINT);
2796 npth_sigev_add (SIGCONT);
2797 npth_sigev_add (SIGTERM);
2799 main_thread_pid = getpid ();
2801 # ifdef HAVE_W32CE_SYSTEM
2802 /* Use a dummy event. */
2804 ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
2806 events[0] = get_agent_scd_notify_event ();
2807 events[1] = INVALID_HANDLE_VALUE;
2812 if (disable_check_own_socket)
2814 else if ((err = gnupg_inotify_watch_socket (&my_inotify_fd, socket_name)))
2816 if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
2817 log_info ("error enabling fast daemon termination: %s\n",
2818 gpg_strerror (err));
2821 /* On Windows we need to fire up a separate thread to listen for
2822 requests from Putty (an SSH client), so we can replace Putty's
2823 Pageant (its ssh-agent implementation). */
2824 #ifdef HAVE_W32_SYSTEM
2829 ret = npth_create (&thread, &tattr, putty_message_thread, NULL);
2832 log_error ("error spawning putty message loop: %s\n", strerror (ret));
2835 #endif /*HAVE_W32_SYSTEM*/
2837 /* Set a flag to tell call-scd.c that it may enable event
2839 opt.sigusr2_enabled = 1;
2842 FD_SET (FD2INT (listen_fd), &fdset);
2843 nfd = FD2INT (listen_fd);
2844 if (listen_fd_extra != GNUPG_INVALID_FD)
2846 FD_SET ( FD2INT(listen_fd_extra), &fdset);
2847 if (FD2INT (listen_fd_extra) > nfd)
2848 nfd = FD2INT (listen_fd_extra);
2850 if (listen_fd_browser != GNUPG_INVALID_FD)
2852 FD_SET ( FD2INT(listen_fd_browser), &fdset);
2853 if (FD2INT (listen_fd_browser) > nfd)
2854 nfd = FD2INT (listen_fd_browser);
2856 if (listen_fd_ssh != GNUPG_INVALID_FD)
2858 FD_SET ( FD2INT(listen_fd_ssh), &fdset);
2859 if (FD2INT (listen_fd_ssh) > nfd)
2860 nfd = FD2INT (listen_fd_ssh);
2862 if (my_inotify_fd != -1)
2864 FD_SET (my_inotify_fd, &fdset);
2865 if (my_inotify_fd > nfd)
2866 nfd = my_inotify_fd;
2869 listentbl[0].l_fd = listen_fd;
2870 listentbl[1].l_fd = listen_fd_extra;
2871 listentbl[2].l_fd = listen_fd_browser;
2872 listentbl[3].l_fd = listen_fd_ssh;
2876 /* Shutdown test. */
2877 if (shutdown_pending)
2879 if (get_agent_active_connection_count() == 0)
2882 /* Do not accept new connections but keep on running the
2883 * loop to cope with the timer events.
2885 * Note that we do not close the listening socket because a
2886 * client trying to connect to that socket would instead
2887 * restart a new dirmngr instance - which is unlikely the
2888 * intention of a shutdown. */
2891 if (my_inotify_fd != -1)
2893 FD_SET (my_inotify_fd, &fdset);
2894 nfd = my_inotify_fd;
2898 /* POSIX says that fd_set should be implemented as a structure,
2899 thus a simple assignment is fine to copy the entire set. */
2902 /* avoid a fine-grained timer if we don't need one: */
2903 timertbl[0].interval.tv_sec = need_tick () ? TIMERTICK_INTERVAL : 0;
2904 /* avoid waking up to check sockets if we can count on inotify */
2905 timertbl[1].interval.tv_sec = (my_inotify_fd == -1) ? CHECK_OWN_SOCKET_INTERVAL : 0;
2907 /* loop through all timers, fire any registered functions, and
2908 plan next timer to trigger */
2909 npth_clock_gettime (&curtime);
2910 abstime.tv_sec = abstime.tv_nsec = 0;
2911 for (idx=0; idx < DIM(timertbl); idx++)
2913 /* schedule any unscheduled timers */
2914 if ((!tv_is_set (timertbl[idx].next)) && tv_is_set (timertbl[idx].interval))
2915 npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next);
2916 /* if a timer is due, fire it ... */
2917 if (tv_is_set (timertbl[idx].next))
2919 if (!(npth_timercmp (&curtime, &timertbl[idx].next, <)))
2921 timertbl[idx].func ();
2922 npth_clock_gettime (&curtime);
2923 /* ...and reschedule it, if desired: */
2924 if (tv_is_set (timertbl[idx].interval))
2925 npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next);
2927 timertbl[idx].next.tv_sec = timertbl[idx].next.tv_nsec = 0;
2930 /* accumulate next timer to come due in abstime: */
2931 if (tv_is_set (timertbl[idx].next) &&
2932 ((!tv_is_set (abstime)) ||
2933 (npth_timercmp (&abstime, &timertbl[idx].next, >))))
2934 abstime = timertbl[idx].next;
2936 /* choose a timeout for the select loop: */
2937 if (tv_is_set (abstime))
2939 npth_timersub (&abstime, &curtime, &timeout);
2940 select_timeout = &timeout;
2943 select_timeout = NULL;
2946 #ifndef HAVE_W32_SYSTEM
2947 ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, select_timeout,
2948 npth_sigev_sigmask ());
2949 saved_errno = errno;
2953 while (npth_sigev_get_pending (&signo))
2954 handle_signal (signo);
2957 ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, select_timeout,
2958 events, &events_set);
2959 saved_errno = errno;
2961 /* This is valid even if npth_eselect returns an error. */
2963 agent_sigusr2_action ();
2966 if (ret == -1 && saved_errno != EINTR)
2968 log_error (_("npth_pselect failed: %s - waiting 1s\n"),
2969 strerror (saved_errno));
2974 /* Interrupt or timeout. Will be handled when calculating the
2978 if (!shutdown_pending)
2983 if (my_inotify_fd != -1
2984 && FD_ISSET (my_inotify_fd, &read_fdset)
2985 && gnupg_inotify_has_name (my_inotify_fd, GPG_AGENT_SOCK_NAME))
2987 shutdown_pending = 1;
2988 log_info ("socket file has been removed - shutting down\n");
2991 for (idx=0; idx < DIM(listentbl); idx++)
2993 if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
2995 if (!FD_ISSET (FD2INT (listentbl[idx].l_fd), &read_fdset))
2998 plen = sizeof paddr;
2999 fd = INT2FD (npth_accept (FD2INT(listentbl[idx].l_fd),
3000 (struct sockaddr *)&paddr, &plen));
3001 if (fd == GNUPG_INVALID_FD)
3003 log_error ("accept failed for %s: %s\n",
3004 listentbl[idx].name, strerror (errno));
3006 else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)))
3008 log_error ("error allocating connection data for %s: %s\n",
3009 listentbl[idx].name, strerror (errno) );
3010 assuan_sock_close (fd);
3012 else if ( !(ctrl->session_env = session_env_new ()))
3014 log_error ("error allocating session env block for %s: %s\n",
3015 listentbl[idx].name, strerror (errno) );
3017 assuan_sock_close (fd);
3021 ctrl->thread_startup.fd = fd;
3022 ret = npth_create (&thread, &tattr,
3023 listentbl[idx].func, ctrl);
3026 log_error ("error spawning connection handler for %s:"
3027 " %s\n", listentbl[idx].name, strerror (ret));
3028 assuan_sock_close (fd);
3032 fd = GNUPG_INVALID_FD;
3037 if (my_inotify_fd != -1)
3038 close (my_inotify_fd);
3040 log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
3041 npth_attr_destroy (&tattr);
3046 /* Helper for check_own_socket. */
3048 check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
3050 membuf_t *mb = opaque;
3051 put_membuf (mb, buffer, length);
3056 /* The thread running the actual check. We need to run this in a
3057 separate thread so that check_own_thread can be called from the
3060 check_own_socket_thread (void *arg)
3063 char *sockname = arg;
3064 assuan_context_t ctx = NULL;
3068 check_own_socket_running++;
3070 rc = assuan_new (&ctx);
3073 log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
3076 assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1);
3078 rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
3081 log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
3085 init_membuf (&mb, 100);
3086 rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb,
3087 NULL, NULL, NULL, NULL);
3088 put_membuf (&mb, "", 1);
3089 buffer = get_membuf (&mb, NULL);
3092 log_error ("sending command \"%s\" to my own socket failed: %s\n",
3093 "GETINFO pid", gpg_strerror (rc));
3096 else if ( (pid_t)strtoul (buffer, NULL, 10) != getpid ())
3098 log_error ("socket is now serviced by another server\n");
3101 else if (opt.verbose > 1)
3102 log_error ("socket is still served by this server\n");
3109 assuan_release (ctx);
3112 /* We may not remove the socket as it is now in use by another
3114 inhibit_socket_removal = 1;
3115 shutdown_pending = 2;
3116 log_info ("this process is useless - shutting down\n");
3118 check_own_socket_running--;
3123 /* Check whether we are still listening on our own socket. In case
3124 another gpg-agent process started after us has taken ownership of
3125 our socket, we would linger around without any real task. Thus we
3126 better check once in a while whether we are really needed. */
3128 check_own_socket (void)
3135 if (disable_check_own_socket)
3138 if (check_own_socket_running || shutdown_pending)
3139 return; /* Still running or already shutting down. */
3141 sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
3143 return; /* Out of memory. */
3145 err = npth_attr_init (&tattr);
3148 npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
3149 err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
3151 log_error ("error spawning check_own_socket_thread: %s\n", strerror (err));
3152 npth_attr_destroy (&tattr);
3157 /* Figure out whether an agent is available and running. Prints an
3158 error if not. If SILENT is true, no messages are printed.
3159 Returns 0 if the agent is running. */
3161 check_for_running_agent (int silent)
3165 assuan_context_t ctx = NULL;
3167 sockname = make_filename_try (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL);
3169 return gpg_error_from_syserror ();
3171 err = assuan_new (&ctx);
3173 err = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
3178 log_error (_("no gpg-agent running in this session\n"));
3181 assuan_release (ctx);
3185 if (!opt.quiet && !silent)
3186 log_info ("gpg-agent running and available\n");
3188 assuan_release (ctx);