1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2016 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GnuPG; if not, see <https://www.gnu.org/licenses/>.
29 #include <sys/types.h>
38 #ifdef HAVE_W32_SYSTEM
39 # define WIN32_LEAN_AND_MEAN 1
46 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
47 #include "../common/util.h"
48 #include "../common/i18n.h"
49 #include "../common/exechelp.h"
50 #include "../common/sysutils.h"
52 #include "../common/gc-opt-flags.h"
55 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
56 returns a plain filename without escaping. As long as we have not
57 fixed that we need to use gpg2. */
58 #if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
59 #define GPGNAME "gpg2"
61 #define GPGNAME GPG_NAME
66 Components: Add more components and their options.
67 Robustness: Do more validation. Call programs to do validation for us.
68 Add options to change backend binary path.
69 Extract binary path for some backends from gpgsm/gpg config.
73 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
74 void gc_error (int status, int errnum, const char *fmt, ...) \
75 __attribute__ ((format (printf, 3, 4)));
78 /* Output a diagnostic message. If ERRNUM is not 0, then the output
79 is followed by a colon, a white space, and the error string for the
80 error number ERRNUM. In any case the output is finished by a
81 newline. The message is prepended by the program name, a colon,
82 and a whitespace. The output may be further formatted or
83 redirected by the jnlib logging facility. */
85 gc_error (int status, int errnum, const char *fmt, ...)
89 va_start (arg_ptr, fmt);
90 log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
94 log_printf (": %s\n", strerror (errnum));
101 log_printf ("fatal error (exit status %i)\n", status);
107 /* Forward declaration. */
108 static void gpg_agent_runtime_change (int killflag);
109 static void scdaemon_runtime_change (int killflag);
110 static void dirmngr_runtime_change (int killflag);
112 /* Backend configuration. Backends are used to decide how the default
113 and current value of an option can be determined, and how the
114 option can be changed. To every option in every component belongs
115 exactly one backend that controls and determines the option. Some
116 backends are programs from the GPG system. Others might be
117 implemented by GPGConf itself. If you change this enum, don't
118 forget to update GC_BACKEND below. */
121 /* Any backend, used for find_option (). */
124 /* The Gnu Privacy Guard. */
127 /* The Gnu Privacy Guard for S/MIME. */
131 GC_BACKEND_GPG_AGENT,
133 /* The GnuPG SCDaemon. */
136 /* The GnuPG directory manager. */
139 /* The LDAP server list file for the director manager. */
140 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
142 /* The Pinentry (not a part of GnuPG, proper). */
145 /* The number of the above entries. */
150 /* To be able to implement generic algorithms for the various
151 backends, we collect all information about them in this struct. */
154 /* The name of the backend. */
157 /* The name of the program that acts as the backend. Some backends
158 don't have an associated program, but are implemented directly by
159 GPGConf. In this case, PROGRAM is NULL. */
162 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
163 ../common/util.h. This value is used to get the actual installed
164 path of the program. 0 is used if no backend program is
168 /* The runtime change callback. If KILLFLAG is true the component
169 is killed and not just reloaded. */
170 void (*runtime_change) (int killflag);
172 /* The option name for the configuration filename of this backend.
173 This must be an absolute filename. It can be an option from a
174 different backend (but then ordering of the options might
175 matter). Note: This must be unique among all components. */
176 const char *option_config_filename;
178 /* If this is a file backend rather than a program backend, then
179 this is the name of the option associated with the file. */
180 const char *option_name;
181 } gc_backend[GC_BACKEND_NR] =
183 { NULL }, /* GC_BACKEND_ANY dummy entry. */
184 { GPG_DISP_NAME, GPGNAME, GNUPG_MODULE_NAME_GPG,
185 NULL, GPGCONF_NAME "-" GPG_NAME ".conf" },
186 { GPGSM_DISP_NAME, GPGSM_NAME, GNUPG_MODULE_NAME_GPGSM,
187 NULL, GPGCONF_NAME "-" GPGSM_NAME ".conf" },
188 { GPG_AGENT_DISP_NAME, GPG_AGENT_NAME, GNUPG_MODULE_NAME_AGENT,
189 gpg_agent_runtime_change, GPGCONF_NAME"-" GPG_AGENT_NAME ".conf" },
190 { SCDAEMON_DISP_NAME, SCDAEMON_NAME, GNUPG_MODULE_NAME_SCDAEMON,
191 scdaemon_runtime_change, GPGCONF_NAME"-" SCDAEMON_NAME ".conf" },
192 { DIRMNGR_DISP_NAME, DIRMNGR_NAME, GNUPG_MODULE_NAME_DIRMNGR,
193 dirmngr_runtime_change, GPGCONF_NAME "-" DIRMNGR_NAME ".conf" },
194 { DIRMNGR_DISP_NAME " LDAP Server List", NULL, 0,
195 NULL, "ldapserverlist-file", "LDAP Server" },
196 { "Pinentry", "pinentry", GNUPG_MODULE_NAME_PINENTRY,
197 NULL, GPGCONF_NAME "-pinentry.conf" },
201 /* Option configuration. */
203 /* An option might take an argument, or not. Argument types can be
204 basic or complex. Basic types are generic and easy to validate.
205 Complex types provide more specific information about the intended
206 use, but can be difficult to validate. If you add to this enum,
207 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
208 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
212 /* Basic argument types. */
215 GC_ARG_TYPE_NONE = 0,
217 /* A String argument. */
218 GC_ARG_TYPE_STRING = 1,
220 /* A signed integer argument. */
221 GC_ARG_TYPE_INT32 = 2,
223 /* An unsigned integer argument. */
224 GC_ARG_TYPE_UINT32 = 3,
226 /* ADD NEW BASIC TYPE ENTRIES HERE. */
228 /* Complex argument types. */
230 /* A complete filename. */
231 GC_ARG_TYPE_FILENAME = 32,
233 /* An LDAP server in the format
234 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
235 GC_ARG_TYPE_LDAP_SERVER = 33,
237 /* A 40 character fingerprint. */
238 GC_ARG_TYPE_KEY_FPR = 34,
240 /* A user ID or key ID or fingerprint for a certificate. */
241 GC_ARG_TYPE_PUB_KEY = 35,
243 /* A user ID or key ID or fingerprint for a certificate with a key. */
244 GC_ARG_TYPE_SEC_KEY = 36,
246 /* A alias list made up of a key, an equal sign and a space
247 separated list of values. */
248 GC_ARG_TYPE_ALIAS_LIST = 37,
250 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
252 /* The number of the above entries. */
257 /* For every argument, we record some information about it in the
261 /* For every argument type exists a basic argument type that can be
262 used as a fallback for input and validation purposes. */
263 gc_arg_type_t fallback;
265 /* Human-readable name of the type. */
267 } gc_arg_type[GC_ARG_TYPE_NR] =
269 /* The basic argument types have their own types as fallback. */
270 { GC_ARG_TYPE_NONE, "none" },
271 { GC_ARG_TYPE_STRING, "string" },
272 { GC_ARG_TYPE_INT32, "int32" },
273 { GC_ARG_TYPE_UINT32, "uint32" },
275 /* Reserved basic type entries for future extension. */
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
282 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
283 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
284 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
285 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
286 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
287 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
288 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
289 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
291 /* The complex argument types have a basic type as fallback. */
292 { GC_ARG_TYPE_STRING, "filename" },
293 { GC_ARG_TYPE_STRING, "ldap server" },
294 { GC_ARG_TYPE_STRING, "key fpr" },
295 { GC_ARG_TYPE_STRING, "pub key" },
296 { GC_ARG_TYPE_STRING, "sec key" },
297 { GC_ARG_TYPE_STRING, "alias list" },
301 /* Every option has an associated expert level, than can be used to
302 hide advanced and expert options from beginners. If you add to
303 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
304 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
305 EXTERNAL INTERFACE. */
308 /* The basic options should always be displayed. */
311 /* The advanced options may be hidden from beginners. */
314 /* The expert options should only be displayed to experts. */
317 /* The invisible options should normally never be displayed. */
320 /* The internal options are never exported, they mark options that
321 are recorded for internal use only. */
324 /* ADD NEW ENTRIES HERE. */
326 /* The number of the above entries. */
330 /* A description for each expert level. */
344 /* Option flags. The flags which are used by the backends are defined
345 by gc-opt-flags.h, included above.
347 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
348 PART OF THE EXTERNAL INTERFACE. */
350 /* Some entries in the option list are not options, but mark the
351 beginning of a new group of options. These entries have the GROUP
353 #define GC_OPT_FLAG_GROUP (1UL << 0)
354 /* The ARG_OPT flag for an option indicates that the argument is
355 optional. This is never set for GC_ARG_TYPE_NONE options. */
356 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
357 /* The LIST flag for an option indicates that the option can occur
358 several times. A comma separated list of arguments is used as the
360 #define GC_OPT_FLAG_LIST (1UL << 2)
363 /* A human-readable description for each flag. */
380 /* To each option, or group marker, the information in the GC_OPTION
381 struct is provided. If you change this, don't forget to update the
382 option list of each component. */
385 /* If this is NULL, then this is a terminator in an array of unknown
386 length. Otherwise, if this entry is a group marker (see FLAGS),
387 then this is the name of the group described by this entry.
388 Otherwise it is the name of the option described by this
389 entry. The name must not contain a colon. */
392 /* The option flags. If the GROUP flag is set, then this entry is a
393 group marker, not an option, and only the fields LEVEL,
394 DESC_DOMAIN and DESC are valid. In all other cases, this entry
395 describes a new option and all fields are valid. */
398 /* The expert level. This field is valid for options and groups. A
399 group has the expert level of the lowest-level option in the
401 gc_expert_level_t level;
403 /* A gettext domain in which the following description can be found.
404 If this is NULL, then DESC is not translated. Valid for groups
407 Note that we try to keep the description of groups within the
410 IMPORTANT: If you add a new domain please make sure to add a code
411 set switching call to the function my_dgettext further below. */
412 const char *desc_domain;
414 /* A gettext description for this group or option. If it starts
415 with a '|', then the string up to the next '|' describes the
416 argument, and the description follows the second '|'.
418 In general enclosing these description in N_() is not required
419 because the description should be identical to the one in the
420 help menu of the respective program. */
423 /* The following fields are only valid for options. */
425 /* The type of the option argument. */
426 gc_arg_type_t arg_type;
428 /* The backend that implements this option. */
429 gc_backend_t backend;
431 /* The following fields are set to NULL at startup (because all
432 option's are declared as static variables). They are at the end
433 of the list so that they can be omitted from the option
436 /* This is true if the option is supported by this version of the
440 /* The default value for this option. This is NULL if the option is
441 not present in the backend, the empty string if no default is
442 available, and otherwise a quoted string. */
445 /* The default argument is only valid if the "optional arg" flag is
446 set, and specifies the default argument (value) that is used if
447 the argument is omitted. */
450 /* The current value of this option. */
453 /* The new flags for this option. The only defined flag is actually
454 GC_OPT_FLAG_DEFAULT, and it means that the option should be
455 deleted. In this case, NEW_VALUE is NULL. */
456 unsigned long new_flags;
458 /* The new value of this option. */
461 typedef struct gc_option gc_option_t;
463 /* Use this macro to terminate an option list. */
464 #define GC_OPTION_NULL { NULL }
467 #ifndef BUILD_WITH_AGENT
468 #define gc_options_gpg_agent NULL
470 /* The options of the GC_COMPONENT_GPG_AGENT component. */
471 static gc_option_t gc_options_gpg_agent[] =
473 /* The configuration file to which we write the changes. */
474 { GPGCONF_NAME"-" GPG_AGENT_NAME ".conf",
475 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
476 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
479 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
480 "gnupg", N_("Options controlling the diagnostic output") },
481 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
483 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
484 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
485 "gnupg", "be somewhat more quiet",
486 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
487 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
489 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
492 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
493 "gnupg", N_("Options controlling the configuration") },
494 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
495 "gnupg", "|FILE|read options from FILE",
496 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
497 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
498 "gnupg", "do not use the SCdaemon",
499 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
500 { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
501 "gnupg", "enable ssh support",
502 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
503 { "ssh-fingerprint-digest",
504 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
505 "gnupg", "|ALGO|use ALGO to show ssh fingerprints",
506 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
507 { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
508 "gnupg", "enable putty support",
509 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
510 { "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE,
512 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
515 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
516 "gnupg", N_("Options useful for debugging") },
517 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
518 "gnupg", "|LEVEL|set the debugging level to LEVEL",
519 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
520 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
521 "gnupg", N_("|FILE|write server mode logs to FILE"),
522 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
523 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
525 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
528 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
529 "gnupg", N_("Options controlling the security") },
530 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
531 GC_LEVEL_BASIC, "gnupg",
532 "|N|expire cached PINs after N seconds",
533 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
534 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
535 GC_LEVEL_ADVANCED, "gnupg",
536 N_("|N|expire SSH keys after N seconds"),
537 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
538 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
539 GC_LEVEL_EXPERT, "gnupg",
540 N_("|N|set maximum PIN cache lifetime to N seconds"),
541 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
542 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
543 GC_LEVEL_EXPERT, "gnupg",
544 N_("|N|set maximum SSH key lifetime to N seconds"),
545 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
546 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
547 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
548 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
549 { "allow-emacs-pinentry", GC_OPT_FLAG_RUNTIME,
551 "gnupg", "allow passphrase to be prompted through Emacs",
552 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
553 { "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
555 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
556 { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
557 GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
558 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
559 { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
560 GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
561 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
562 { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
563 GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
564 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
566 { "Passphrase policy",
567 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
568 "gnupg", N_("Options enforcing a passphrase policy") },
569 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
570 GC_LEVEL_EXPERT, "gnupg",
571 N_("do not allow bypassing the passphrase policy"),
572 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
573 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
574 GC_LEVEL_ADVANCED, "gnupg",
575 N_("|N|set minimal required length for new passphrases to N"),
576 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
577 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
578 GC_LEVEL_EXPERT, "gnupg",
579 N_("|N|require at least N non-alpha characters for a new passphrase"),
580 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
581 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
583 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
584 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
585 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
586 GC_LEVEL_EXPERT, "gnupg",
587 N_("|N|expire the passphrase after N days"),
588 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
589 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
590 GC_LEVEL_EXPERT, "gnupg",
591 N_("do not allow the reuse of old passphrases"),
592 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
593 { "pinentry-timeout", GC_OPT_FLAG_RUNTIME,
594 GC_LEVEL_ADVANCED, "gnupg",
595 N_("|N|set the Pinentry timeout to N seconds"),
596 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
600 #endif /*BUILD_WITH_AGENT*/
603 #ifndef BUILD_WITH_SCDAEMON
604 #define gc_options_scdaemon NULL
606 /* The options of the GC_COMPONENT_SCDAEMON component. */
607 static gc_option_t gc_options_scdaemon[] =
609 /* The configuration file to which we write the changes. */
610 { GPGCONF_NAME"-"SCDAEMON_NAME".conf",
611 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
612 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
615 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
616 "gnupg", N_("Options controlling the diagnostic output") },
617 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
619 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
620 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
621 "gnupg", "be somewhat more quiet",
622 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
623 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
625 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
628 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
629 "gnupg", N_("Options controlling the configuration") },
630 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
631 "gnupg", "|FILE|read options from FILE",
632 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
633 { "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
634 "gnupg", "|N|connect to reader at port N",
635 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
636 { "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
637 "gnupg", "|NAME|use NAME as ct-API driver",
638 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
639 { "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
640 "gnupg", "|NAME|use NAME as PC/SC driver",
641 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
642 { "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
643 "gnupg", "do not use the internal CCID driver",
644 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
645 { "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
646 "gnupg", "do not use a reader's pinpad",
647 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
648 { "enable-pinpad-varlen",
649 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
650 "gnupg", "use variable length input for pinpad",
651 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
652 { "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
653 "gnupg", "|N|disconnect the card after N seconds of inactivity",
654 GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
657 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
658 "gnupg", N_("Options useful for debugging") },
659 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
660 "gnupg", "|LEVEL|set the debugging level to LEVEL",
661 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
662 { "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
663 "gnupg", N_("|FILE|write a log to FILE"),
664 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
667 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
668 "gnupg", N_("Options controlling the security") },
669 { "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
670 "gnupg", "deny the use of admin card commands",
671 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
676 #endif /*BUILD_WITH_SCDAEMON*/
678 #ifndef BUILD_WITH_GPG
679 #define gc_options_gpg NULL
681 /* The options of the GC_COMPONENT_GPG component. */
682 static gc_option_t gc_options_gpg[] =
684 /* The configuration file to which we write the changes. */
685 { GPGCONF_NAME"-"GPG_NAME".conf",
686 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
687 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
690 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
691 "gnupg", N_("Options controlling the diagnostic output") },
692 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
694 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
695 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
696 "gnupg", "be somewhat more quiet",
697 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
698 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
700 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
703 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
704 "gnupg", N_("Options controlling the configuration") },
705 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
706 "gnupg", N_("|NAME|use NAME as default secret key"),
707 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
708 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
709 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
710 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
711 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
712 "gnupg", N_("|SPEC|set up email aliases"),
713 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
714 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
716 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
717 { "compliance", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
719 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
720 { "default-new-key-algo", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
722 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
723 { "default_pubkey_algo",
724 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
726 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
728 GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
730 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
734 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
735 "gnupg", N_("Options useful for debugging") },
736 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
737 "gnupg", "|LEVEL|set the debugging level to LEVEL",
738 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
739 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
740 "gnupg", N_("|FILE|write server mode logs to FILE"),
741 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
742 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
744 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
747 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
748 "gnupg", N_("Configuration for Keyservers") },
749 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
750 "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
751 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
752 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
753 "gnupg", N_("allow PKA lookups (DNS requests)"),
754 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
755 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
756 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
757 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
758 { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
759 NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
760 { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
761 NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
766 #endif /*BUILD_WITH_GPG*/
769 #ifndef BUILD_WITH_GPGSM
770 #define gc_options_gpgsm NULL
772 /* The options of the GC_COMPONENT_GPGSM component. */
773 static gc_option_t gc_options_gpgsm[] =
775 /* The configuration file to which we write the changes. */
776 { GPGCONF_NAME"-"GPGSM_NAME".conf",
777 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
778 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
781 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
782 "gnupg", N_("Options controlling the diagnostic output") },
783 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
785 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
786 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
787 "gnupg", "be somewhat more quiet",
788 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
789 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
791 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
794 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
795 "gnupg", N_("Options controlling the configuration") },
796 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
797 "gnupg", N_("|NAME|use NAME as default secret key"),
798 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
799 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
800 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
801 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
802 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
803 "gnupg", "|FILE|read options from FILE",
804 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
805 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
806 "gnupg", "use system's dirmngr if available",
807 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
808 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
809 "gnupg", N_("disable all access to the dirmngr"),
810 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
811 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
812 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
813 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
814 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
815 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
816 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_GPGSM },
817 { "default_pubkey_algo",
818 (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE,
820 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
823 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
824 "gnupg", N_("Options useful for debugging") },
825 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
826 "gnupg", "|LEVEL|set the debugging level to LEVEL",
827 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
828 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
829 "gnupg", N_("|FILE|write server mode logs to FILE"),
830 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
831 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
833 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
836 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
837 "gnupg", N_("Options controlling the security") },
838 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
839 "gnupg", "never consult a CRL",
840 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
841 { "enable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
843 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
844 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
845 "gnupg", N_("do not check CRLs for root certificates"),
846 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
847 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
848 "gnupg", "check validity using OCSP",
849 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
850 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
851 "gnupg", "|N|number of certificates to include",
852 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
853 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
854 "gnupg", "do not check certificate policies",
855 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
856 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
857 "gnupg", "fetch missing issuer certificates",
858 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
859 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
860 "gnupg", "|NAME|use cipher algorithm NAME",
861 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
865 #endif /*BUILD_WITH_GPGSM*/
868 #ifndef BUILD_WITH_DIRMNGR
869 #define gc_options_dirmngr NULL
871 /* The options of the GC_COMPONENT_DIRMNGR component. */
872 static gc_option_t gc_options_dirmngr[] =
874 /* The configuration file to which we write the changes. */
875 { GPGCONF_NAME"-"DIRMNGR_NAME".conf",
876 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
877 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
880 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
881 "gnupg", N_("Options controlling the diagnostic output") },
882 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
883 "dirmngr", "verbose",
884 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
885 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
886 "dirmngr", "be somewhat more quiet",
887 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
888 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
890 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
893 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
894 "gnupg", N_("Options controlling the format of the output") },
895 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
896 "dirmngr", "sh-style command output",
897 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
898 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
899 "dirmngr", "csh-style command output",
900 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
903 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
904 "gnupg", N_("Options controlling the configuration") },
905 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
906 "dirmngr", "|FILE|read options from FILE",
907 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
908 { "resolver-timeout", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
910 GC_ARG_TYPE_INT32, GC_BACKEND_DIRMNGR },
911 { "nameserver", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
913 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
916 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
917 "gnupg", N_("Options useful for debugging") },
918 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
919 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
920 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
921 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
922 "dirmngr", "do not detach from the console",
923 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
924 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
925 "dirmngr", N_("|FILE|write server mode logs to FILE"),
926 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
927 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
929 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
930 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
932 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
935 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
936 "gnupg", N_("Options controlling the interactivity and enforcement") },
937 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
938 "dirmngr", "run without asking a user",
939 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
940 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
941 "dirmngr", "force loading of outdated CRLs",
942 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
943 { "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
944 "dirmngr", "allow online software version check",
945 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
948 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
949 "gnupg", N_("Options controlling the use of Tor") },
950 { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
951 "dirmngr", "route all network traffic via TOR",
952 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
955 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
956 "gnupg", N_("Configuration for Keyservers") },
957 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
958 "gnupg", N_("|URL|use keyserver at URL"),
959 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
962 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
963 "gnupg", N_("Configuration for HTTP servers") },
964 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
965 "dirmngr", "inhibit the use of HTTP",
966 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
967 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
968 "dirmngr", "ignore HTTP CRL distribution points",
969 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
970 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
971 "dirmngr", "|URL|redirect all HTTP requests to URL",
972 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
973 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
974 "gnupg", N_("use system's HTTP proxy setting"),
975 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
978 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
979 "gnupg", N_("Configuration of LDAP servers to use") },
980 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
981 "dirmngr", "inhibit the use of LDAP",
982 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
983 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
984 "dirmngr", "ignore LDAP CRL distribution points",
985 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
986 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
987 "dirmngr", "|HOST|use HOST for LDAP queries",
988 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
989 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
990 "dirmngr", "do not use fallback hosts with --ldap-proxy",
991 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
992 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
993 "dirmngr", "add new servers discovered in CRL distribution points"
994 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
995 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
996 "dirmngr", "|N|set LDAP timeout to N seconds",
997 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
998 /* The following entry must not be removed, as it is required for
999 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
1000 { "ldapserverlist-file",
1001 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1002 "dirmngr", "|FILE|read LDAP server list from FILE",
1003 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
1004 /* This entry must come after at least one entry for
1005 GC_BACKEND_DIRMNGR in this component, so that the entry for
1006 "ldapserverlist-file will be initialized before this one. */
1007 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
1008 "gnupg", N_("LDAP server list"),
1009 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
1010 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1011 "dirmngr", "|N|do not return more than N items in one query",
1012 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
1015 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
1016 "gnupg", N_("Configuration for OCSP") },
1017 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
1018 "dirmngr", "allow sending OCSP requests",
1019 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1020 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1021 "dirmngr", "ignore certificate contained OCSP service URLs",
1022 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
1023 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1024 "dirmngr", "|URL|use OCSP responder at URL",
1025 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1026 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
1027 "dirmngr", "|FPR|OCSP response signed by FPR",
1028 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
1033 #endif /*BUILD_WITH_DIRMNGR*/
1036 /* The options of the GC_COMPONENT_PINENTRY component. */
1037 static gc_option_t gc_options_pinentry[] =
1039 /* A dummy option to allow gc_component_list_components to find the
1040 pinentry backend. Needs to be a conf file. */
1041 { GPGCONF_NAME"-pinentry.conf",
1042 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
1043 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_PINENTRY },
1050 /* Component system. Each component is a set of options that can be
1051 configured at the same time. If you change this, don't forget to
1052 update GC_COMPONENT below. */
1055 /* The classic GPG for OpenPGP. */
1058 /* The GPG Agent. */
1059 GC_COMPONENT_GPG_AGENT,
1061 /* The Smardcard Daemon. */
1062 GC_COMPONENT_SCDAEMON,
1064 /* GPG for S/MIME. */
1067 /* The LDAP Directory Manager for CRLs. */
1068 GC_COMPONENT_DIRMNGR,
1070 /* The external Pinentry. */
1071 GC_COMPONENT_PINENTRY,
1073 /* The number of components. */
1078 /* The information associated with each component. */
1081 /* The name of this component. Must not contain a colon (':')
1085 /* The gettext domain for the description DESC. If this is NULL,
1086 then the description is not translated. */
1087 const char *desc_domain;
1089 /* The description for this domain. */
1092 /* The list of options for this component, terminated by
1094 gc_option_t *options;
1097 { "gpg", "gnupg", N_("OpenPGP"), gc_options_gpg },
1098 { "gpg-agent","gnupg", N_("Private Keys"), gc_options_gpg_agent },
1099 { "scdaemon", "gnupg", N_("Smartcards"), gc_options_scdaemon },
1100 { "gpgsm", "gnupg", N_("S/MIME"), gc_options_gpgsm },
1101 { "dirmngr", "gnupg", N_("Network"), gc_options_dirmngr },
1102 { "pinentry", "gnupg", N_("Passphrase Entry"), gc_options_pinentry }
1107 /* Structure used to collect error output of the backend programs. */
1108 struct error_line_s;
1109 typedef struct error_line_s *error_line_t;
1112 error_line_t next; /* Link to next item. */
1113 const char *fname; /* Name of the config file (points into BUFFER). */
1114 unsigned int lineno; /* Line number of the config file. */
1115 const char *errtext; /* Text of the error message (points into BUFFER). */
1116 char buffer[1]; /* Helper buffer. */
1122 /* Initialization and finalization. */
1125 gc_option_free (gc_option_t *o)
1127 if (o == NULL || o->name == NULL)
1131 gc_option_free (o + 1);
1135 gc_components_free (void)
1138 for (i = 0; i < DIM (gc_component); i++)
1139 gc_option_free (gc_component[i].options);
1143 gc_components_init (void)
1145 atexit (gc_components_free);
1150 /* Engine specific support. */
1152 gpg_agent_runtime_change (int killflag)
1154 gpg_error_t err = 0;
1155 const char *pgmname;
1156 const char *argv[5];
1157 pid_t pid = (pid_t)(-1);
1158 char *abs_homedir = NULL;
1161 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1162 if (!gnupg_default_homedir_p ())
1164 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1166 err = gpg_error_from_syserror ();
1168 argv[i++] = "--homedir";
1169 argv[i++] = abs_homedir;
1171 argv[i++] = "--no-autostart";
1172 argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT";
1176 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1178 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1180 gc_error (0, 0, "error running '%s %s': %s",
1181 pgmname, argv[1], gpg_strerror (err));
1182 gnupg_release_process (pid);
1183 xfree (abs_homedir);
1188 scdaemon_runtime_change (int killflag)
1190 gpg_error_t err = 0;
1191 const char *pgmname;
1192 const char *argv[9];
1193 pid_t pid = (pid_t)(-1);
1194 char *abs_homedir = NULL;
1197 (void)killflag; /* For scdaemon kill and reload are synonyms. */
1199 /* We use "GETINFO app_running" to see whether the agent is already
1200 running and kill it only in this case. This avoids an explicit
1201 starting of the agent in case it is not yet running. There is
1202 obviously a race condition but that should not harm too much. */
1204 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1205 if (!gnupg_default_homedir_p ())
1207 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1209 err = gpg_error_from_syserror ();
1211 argv[i++] = "--homedir";
1212 argv[i++] = abs_homedir;
1215 argv[i++] = "--no-autostart";
1216 argv[i++] = "GETINFO scd_running";
1217 argv[i++] = "/if ${! $?}";
1218 argv[i++] = "scd killscd";
1223 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1225 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1227 gc_error (0, 0, "error running '%s %s': %s",
1228 pgmname, argv[4], gpg_strerror (err));
1229 gnupg_release_process (pid);
1230 xfree (abs_homedir);
1235 dirmngr_runtime_change (int killflag)
1237 gpg_error_t err = 0;
1238 const char *pgmname;
1239 const char *argv[6];
1240 pid_t pid = (pid_t)(-1);
1241 char *abs_homedir = NULL;
1243 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1244 argv[0] = "--no-autostart";
1245 argv[1] = "--dirmngr";
1246 argv[2] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
1247 if (gnupg_default_homedir_p ())
1251 abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
1253 err = gpg_error_from_syserror ();
1255 argv[3] = "--homedir";
1256 argv[4] = abs_homedir;
1261 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1263 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1265 gc_error (0, 0, "error running '%s %s': %s",
1266 pgmname, argv[2], gpg_strerror (err));
1267 gnupg_release_process (pid);
1268 xfree (abs_homedir);
1272 /* Launch the gpg-agent or the dirmngr if not already running. */
1274 gc_component_launch (int component)
1277 const char *pgmname;
1278 const char *argv[3];
1284 err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
1286 err = gc_component_launch (GC_COMPONENT_DIRMNGR);
1290 if (!(component == GC_COMPONENT_GPG_AGENT
1291 || component == GC_COMPONENT_DIRMNGR))
1293 es_fputs (_("Component not suitable for launching"), es_stderr);
1294 es_putc ('\n', es_stderr);
1298 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1300 if (component == GC_COMPONENT_DIRMNGR)
1301 argv[i++] = "--dirmngr";
1305 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1307 err = gnupg_wait_process (pgmname, pid, 1, NULL);
1309 gc_error (0, 0, "error running '%s%s%s': %s",
1311 component == GC_COMPONENT_DIRMNGR? " --dirmngr":"",
1313 gpg_strerror (err));
1314 gnupg_release_process (pid);
1319 /* Unconditionally restart COMPONENT. */
1321 gc_component_kill (int component)
1323 int runtime[GC_BACKEND_NR];
1324 gc_option_t *option;
1325 gc_backend_t backend;
1327 /* Set a flag for the backends to be reloaded. */
1328 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1329 runtime[backend] = 0;
1333 for (component = 0; component < GC_COMPONENT_NR; component++)
1335 option = gc_component[component].options;
1336 for (; option && option->name; option++)
1337 runtime[option->backend] = 1;
1342 assert (component < GC_COMPONENT_NR);
1343 option = gc_component[component].options;
1344 for (; option && option->name; option++)
1345 runtime[option->backend] = 1;
1348 /* Do the restart for the selected backends. */
1349 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1351 if (runtime[backend] && gc_backend[backend].runtime_change)
1352 (*gc_backend[backend].runtime_change) (1);
1357 /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1359 gc_component_reload (int component)
1361 int runtime[GC_BACKEND_NR];
1362 gc_option_t *option;
1363 gc_backend_t backend;
1365 /* Set a flag for the backends to be reloaded. */
1366 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1367 runtime[backend] = 0;
1371 for (component = 0; component < GC_COMPONENT_NR; component++)
1373 option = gc_component[component].options;
1374 for (; option && option->name; option++)
1375 runtime[option->backend] = 1;
1380 assert (component < GC_COMPONENT_NR);
1381 option = gc_component[component].options;
1382 for (; option && option->name; option++)
1383 runtime[option->backend] = 1;
1386 /* Do the reload for all selected backends. */
1387 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1389 if (runtime[backend] && gc_backend[backend].runtime_change)
1390 (*gc_backend[backend].runtime_change) (0);
1396 /* More or less Robust version of dgettext. It has the side effect of
1397 switching the codeset to utf-8 because this is what we want to
1398 output. In theory it is possible to keep the original code set and
1399 switch back for regular disgnostic output (redefine "_(" for that)
1400 but given the natur of this tool, being something invoked from
1401 other pograms, it does not make much sense. */
1403 my_dgettext (const char *domain, const char *msgid)
1405 #ifdef USE_SIMPLE_GETTEXT
1408 static int switched_codeset;
1411 if (!switched_codeset)
1413 switched_codeset = 1;
1414 gettext_use_utf8 (1);
1417 if (!strcmp (domain, "gnupg"))
1418 domain = PACKAGE_GT;
1420 /* FIXME: we have no dgettext, thus we can't switch. */
1422 text = (char*)gettext (msgid);
1423 return text ? text : msgid;
1427 #elif defined(ENABLE_NLS)
1430 static int switched_codeset;
1433 if (!switched_codeset)
1435 switched_codeset = 1;
1436 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1438 bindtextdomain (DIRMNGR_NAME, LOCALEDIR);
1439 bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
1443 /* Note: This is a hack to actually use the gnupg2 domain as
1444 long we are in a transition phase where gnupg 1.x and 1.9 may
1446 if (!strcmp (domain, "gnupg"))
1447 domain = PACKAGE_GT;
1449 text = dgettext (domain, msgid);
1450 return text ? text : msgid;
1461 /* Percent-Escape special characters. The string is valid until the
1462 next invocation of the function. */
1464 gc_percent_escape (const char *src)
1466 static char *esc_str;
1467 static int esc_str_len;
1468 int new_len = 3 * strlen (src) + 1;
1471 if (esc_str_len < new_len)
1473 char *new_esc_str = realloc (esc_str, new_len);
1475 gc_error (1, errno, "can not escape string");
1476 esc_str = new_esc_str;
1477 esc_str_len = new_len;
1489 else if (*src == ':')
1491 /* The colon is used as field separator. */
1496 else if (*src == ',')
1498 /* The comma is used as list separator. */
1503 else if (*src == '\n')
1505 /* The newline is problematic in a line-based format. */
1520 /* Percent-Deescape special characters. The string is valid until the
1521 next invocation of the function. */
1523 percent_deescape (const char *src)
1527 int new_len = 3 * strlen (src) + 1;
1530 if (str_len < new_len)
1532 char *new_str = realloc (str, new_len);
1534 gc_error (1, errno, "can not deescape string");
1544 int val = hextobyte (src + 1);
1547 gc_error (1, 0, "malformed end of string %s", src);
1549 *(dst++) = (char) val;
1553 *(dst++) = *(src++);
1560 /* List all components that are available. */
1562 gc_component_list_components (estream_t out)
1564 gc_component_t component;
1565 gc_option_t *option;
1566 gc_backend_t backend;
1567 int backend_seen[GC_BACKEND_NR];
1569 const char *pgmname;
1571 for (component = 0; component < GC_COMPONENT_NR; component++)
1573 option = gc_component[component].options;
1576 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1577 backend_seen[backend] = 0;
1580 for (; option && option->name; option++)
1582 if ((option->flags & GC_OPT_FLAG_GROUP))
1584 backend = option->backend;
1585 if (backend_seen[backend])
1587 backend_seen[backend] = 1;
1588 assert (backend != GC_BACKEND_ANY);
1589 if (gc_backend[backend].program
1590 && !gc_backend[backend].module_name)
1592 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1596 desc = gc_component[component].desc;
1597 desc = my_dgettext (gc_component[component].desc_domain, desc);
1598 es_fprintf (out, "%s:%s:",
1599 gc_component[component].name, gc_percent_escape (desc));
1600 es_fprintf (out, "%s\n", gc_percent_escape (pgmname));
1608 all_digits_p (const char *p, size_t len)
1612 for (; len; len--, p++)
1613 if (!isascii (*p) || !isdigit (*p))
1615 return 1; /* Yes. */
1619 /* Collect all error lines from stream FP. Only lines prefixed with
1620 TAG are considered. Returns a list of error line items (which may
1621 be empty). There is no error return. */
1623 collect_error_output (estream_t fp, const char *tag)
1629 error_line_t eitem, errlines, *errlines_tail;
1630 size_t taglen = strlen (tag);
1633 errlines_tail = &errlines;
1636 while ((c=es_getc (fp)) != EOF)
1639 if (pos >= sizeof buffer - 5 || c == '\n')
1641 buffer[pos - (c == '\n')] = 0;
1643 ; /*Ignore continuations of previous line. */
1644 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1646 /* "gpgsm: foo:4: bla" */
1647 /* Yep, we are interested in this line. */
1648 p = buffer + taglen + 1;
1649 while (*p == ' ' || *p == '\t')
1651 trim_trailing_spaces (p); /* Get rid of extra CRs. */
1653 ; /* Empty lines are ignored. */
1654 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1655 && all_digits_p (p2+1, p3 - (p2+1)))
1657 /* Line in standard compiler format. */
1659 while (*p3 == ' ' || *p3 == '\t')
1661 eitem = xmalloc (sizeof *eitem + strlen (p));
1663 strcpy (eitem->buffer, p);
1664 eitem->fname = eitem->buffer;
1665 eitem->buffer[p2-p] = 0;
1666 eitem->errtext = eitem->buffer + (p3 - p);
1667 /* (we already checked that there are only ascii
1668 digits followed by a colon) */
1670 for (p2++; isdigit (*p2); p2++)
1671 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1672 *errlines_tail = eitem;
1673 errlines_tail = &eitem->next;
1677 /* Other error output. */
1678 eitem = xmalloc (sizeof *eitem + strlen (p));
1680 strcpy (eitem->buffer, p);
1681 eitem->fname = NULL;
1682 eitem->errtext = eitem->buffer;
1684 *errlines_tail = eitem;
1685 errlines_tail = &eitem->next;
1689 /* If this was not a complete line mark that we are in a
1691 cont_line = (c != '\n');
1695 /* We ignore error lines not terminated by a LF. */
1700 /* Check the options of a single component. Returns 0 if everything
1703 gc_component_check_options (int component, estream_t out, const char *conf_file)
1706 unsigned int result;
1707 int backend_seen[GC_BACKEND_NR];
1708 gc_backend_t backend;
1709 gc_option_t *option;
1710 const char *pgmname;
1711 const char *argv[4];
1716 error_line_t errlines;
1718 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1719 backend_seen[backend] = 0;
1721 option = gc_component[component].options;
1722 for (; option && option->name; option++)
1724 if ((option->flags & GC_OPT_FLAG_GROUP))
1726 backend = option->backend;
1727 if (backend_seen[backend])
1729 backend_seen[backend] = 1;
1730 assert (backend != GC_BACKEND_ANY);
1731 if (!gc_backend[backend].program)
1733 if (!gc_backend[backend].module_name)
1738 if (! option || ! option->name)
1741 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1745 argv[i++] = "--options";
1746 argv[i++] = conf_file;
1748 if (component == GC_COMPONENT_PINENTRY)
1749 argv[i++] = "--version";
1751 argv[i++] = "--gpgconf-test";
1756 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
1757 NULL, NULL, &errfp, &pid);
1759 result |= 1; /* Program could not be run. */
1762 errlines = collect_error_output (errfp,
1763 gc_component[component].name);
1764 if (gnupg_wait_process (pgmname, pid, 1, &exitcode))
1767 result |= 1; /* Program could not be run or it
1768 terminated abnormally. */
1769 result |= 2; /* Program returned an error. */
1771 gnupg_release_process (pid);
1775 /* If the program could not be run, we can't tell whether
1776 the config file is good. */
1783 error_line_t errptr;
1785 desc = gc_component[component].desc;
1786 desc = my_dgettext (gc_component[component].desc_domain, desc);
1787 es_fprintf (out, "%s:%s:",
1788 gc_component[component].name, gc_percent_escape (desc));
1789 es_fputs (gc_percent_escape (pgmname), out);
1790 es_fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1791 for (errptr = errlines; errptr; errptr = errptr->next)
1793 if (errptr != errlines)
1794 es_fputs ("\n:::::", out); /* Continuation line. */
1796 es_fputs (gc_percent_escape (errptr->fname), out);
1799 es_fprintf (out, "%u", errptr->lineno);
1801 es_fputs (gc_percent_escape (errptr->errtext), out);
1804 es_putc ('\n', out);
1809 error_line_t tmp = errlines->next;
1819 /* Check all components that are available. */
1821 gc_check_programs (estream_t out)
1823 gc_component_t component;
1825 for (component = 0; component < GC_COMPONENT_NR; component++)
1826 gc_component_check_options (component, out, NULL);
1831 /* Find the component with the name NAME. Returns -1 if not
1834 gc_component_find (const char *name)
1838 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1840 if (gc_component[idx].options
1841 && !strcmp (name, gc_component[idx].name))
1848 /* List the option OPTION. */
1850 list_one_option (const gc_option_t *option, estream_t out)
1852 const char *desc = NULL;
1853 char *arg_name = NULL;
1857 desc = my_dgettext (option->desc_domain, option->desc);
1861 const char *arg_tail = strchr (&desc[1], '|');
1865 int arg_len = arg_tail - &desc[1];
1866 arg_name = xmalloc (arg_len + 1);
1867 memcpy (arg_name, &desc[1], arg_len);
1868 arg_name[arg_len] = '\0';
1869 desc = arg_tail + 1;
1875 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1876 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1879 /* The name field. */
1880 es_fprintf (out, "%s", option->name);
1882 /* The flags field. */
1883 es_fprintf (out, ":%lu", option->flags);
1889 es_fprintf (out, "none");
1892 unsigned long flags = option->flags;
1893 unsigned long flag = 0;
1894 unsigned long first = 1;
1904 es_fprintf (out, "%s", gc_flag[flag].name);
1912 /* The level field. */
1913 es_fprintf (out, ":%u", option->level);
1915 es_fprintf (out, " %s", gc_level[option->level].name);
1917 /* The description field. */
1918 es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1920 /* The type field. */
1921 es_fprintf (out, ":%u", option->arg_type);
1923 es_fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1925 /* The alternate type field. */
1926 es_fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1928 es_fprintf (out, " %s",
1929 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1931 /* The argument name field. */
1932 es_fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1935 /* The default value field. */
1936 es_fprintf (out, ":%s", option->default_value ? option->default_value : "");
1938 /* The default argument field. */
1939 es_fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1941 /* The value field. */
1942 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1943 && (option->flags & GC_OPT_FLAG_LIST)
1945 /* The special format "1,1,1,1,...,1" is converted to a number
1947 es_fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1949 es_fprintf (out, ":%s", option->value ? option->value : "");
1951 /* ADD NEW FIELDS HERE. */
1953 es_putc ('\n', out);
1957 /* List all options of the component COMPONENT. */
1959 gc_component_list_options (int component, estream_t out)
1961 const gc_option_t *option = gc_component[component].options;
1963 while (option && option->name)
1965 /* Do not output unknown or internal options. */
1966 if (!(option->flags & GC_OPT_FLAG_GROUP)
1967 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1973 if (option->flags & GC_OPT_FLAG_GROUP)
1975 const gc_option_t *group_option = option + 1;
1976 gc_expert_level_t level = GC_LEVEL_NR;
1978 /* The manual states that the group level is always the
1979 minimum of the levels of all contained options. Due to
1980 different active options, and because it is hard to
1981 maintain manually, we calculate it here. The value in
1982 the global static table is ignored. */
1984 while (group_option->name)
1986 if (group_option->flags & GC_OPT_FLAG_GROUP)
1988 if (group_option->level < level)
1989 level = group_option->level;
1993 /* Check if group is empty. */
1994 if (level != GC_LEVEL_NR)
1996 gc_option_t opt_copy;
1998 /* Fix up the group level. */
1999 memcpy (&opt_copy, option, sizeof (opt_copy));
2000 opt_copy.level = level;
2001 list_one_option (&opt_copy, out);
2005 list_one_option (option, out);
2012 /* Find the option NAME in component COMPONENT, for the backend
2013 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
2014 static gc_option_t *
2015 find_option (gc_component_t component, const char *name,
2016 gc_backend_t backend)
2018 gc_option_t *option = gc_component[component].options;
2019 while (option->name)
2021 if (!(option->flags & GC_OPT_FLAG_GROUP)
2022 && !strcmp (option->name, name)
2023 && (backend == GC_BACKEND_ANY || option->backend == backend))
2027 return option->name ? option : NULL;
2031 /* Determine the configuration filename for the component COMPONENT
2032 and backend BACKEND. */
2034 get_config_filename (gc_component_t component, gc_backend_t backend)
2036 char *filename = NULL;
2037 gc_option_t *option = find_option
2038 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2040 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
2041 assert (!(option->flags & GC_OPT_FLAG_LIST));
2043 if (!option->active || !option->default_value)
2044 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
2045 gc_backend[backend].option_config_filename,
2046 gc_backend[backend].name);
2048 if (option->value && *option->value)
2049 filename = percent_deescape (&option->value[1]);
2050 else if (option->default_value && *option->default_value)
2051 filename = percent_deescape (&option->default_value[1]);
2055 #if HAVE_W32CE_SYSTEM
2056 if (!(filename[0] == '/' || filename[0] == '\\'))
2057 #elif defined(HAVE_DOSISH_SYSTEM)
2059 && filename[1] == ':'
2060 && (filename[2] == '/' || filename[2] == '\\')))
2062 if (filename[0] != '/')
2064 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
2065 gc_backend[backend].option_config_filename,
2066 gc_backend[backend].name);
2072 /* Retrieve the options for the component COMPONENT from backend
2073 BACKEND, which we already know is a program-type backend. */
2075 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
2078 const char *pgmname;
2079 const char *argv[2];
2084 size_t line_len = 0;
2087 char *config_filename;
2089 pgmname = (gc_backend[backend].module_name
2090 ? gnupg_module_name (gc_backend[backend].module_name)
2091 : gc_backend[backend].program );
2092 argv[0] = "--gpgconf-list";
2095 err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
2096 NULL, &outfp, NULL, &pid);
2099 gc_error (1, 0, "could not gather active options from '%s': %s",
2100 pgmname, gpg_strerror (err));
2103 while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
2105 gc_option_t *option;
2107 unsigned long flags = 0;
2108 char *default_value = NULL;
2110 /* Strip newline and carriage return, if present. */
2112 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
2113 line[--length] = '\0';
2115 linep = strchr (line, ':');
2119 /* Extract additional flags. Default to none. */
2125 end = strchr (linep, ':');
2129 gpg_err_set_errno (0);
2130 flags = strtoul (linep, &tail, 0);
2132 gc_error (1, errno, "malformed flags in option %s from %s",
2134 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
2135 gc_error (1, 0, "garbage after flags in option %s from %s",
2141 /* Extract default value, if present. Default to empty if
2147 end = strchr (linep, ':');
2151 if (flags & GC_OPT_FLAG_DEFAULT)
2152 default_value = linep;
2157 /* Look up the option in the component and install the
2158 configuration data. */
2159 option = find_option (component, line, backend);
2163 gc_error (1, errno, "option %s returned twice from %s",
2167 option->flags |= flags;
2168 if (default_value && *default_value)
2169 option->default_value = xstrdup (default_value);
2172 if (length < 0 || es_ferror (outfp))
2173 gc_error (1, errno, "error reading from %s", pgmname);
2174 if (es_fclose (outfp))
2175 gc_error (1, errno, "error closing %s", pgmname);
2177 err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
2179 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
2180 pgmname, exitcode, gpg_strerror (err));
2181 gnupg_release_process (pid);
2184 /* At this point, we can parse the configuration file. */
2185 config_filename = get_config_filename (component, backend);
2187 config = es_fopen (config_filename, "r");
2190 if (errno != ENOENT)
2191 gc_error (0, errno, "warning: can not open config file %s",
2196 while ((length = es_read_line (config, &line, &line_len, NULL)) > 0)
2200 gc_option_t *option;
2203 while (*name == ' ' || *name == '\t')
2205 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
2209 while (*value && *value != ' ' && *value != '\t'
2210 && *value != '#' && *value != '\r' && *value != '\n')
2212 if (*value == ' ' || *value == '\t')
2217 while (*value == ' ' || *value == '\t')
2221 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2223 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
2230 /* Look up the option in the component and install the
2231 configuration data. */
2232 option = find_option (component, line, backend);
2237 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2241 "warning: ignoring argument %s for option %s",
2243 opt_value = xstrdup ("1");
2245 else if (gc_arg_type[option->arg_type].fallback
2246 == GC_ARG_TYPE_STRING)
2247 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
2250 /* FIXME: Verify that the number is sane. */
2251 opt_value = xstrdup (value);
2254 /* Now enter the option into the table. */
2255 if (!(option->flags & GC_OPT_FLAG_LIST))
2258 xfree (option->value);
2259 option->value = opt_value;
2264 option->value = opt_value;
2267 char *old = option->value;
2268 option->value = xasprintf ("%s,%s", old, opt_value);
2276 if (length < 0 || es_ferror (config))
2277 gc_error (1, errno, "error reading from %s", config_filename);
2278 if (es_fclose (config))
2279 gc_error (1, errno, "error closing %s", config_filename);
2286 /* Retrieve the options for the component COMPONENT from backend
2287 BACKEND, which we already know is of type file list. */
2289 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
2291 gc_option_t *list_option;
2292 gc_option_t *config_option;
2293 char *list_filename;
2294 gpgrt_stream_t list_file;
2296 size_t line_len = 0;
2300 list_option = find_option (component,
2301 gc_backend[backend].option_name, GC_BACKEND_ANY);
2302 assert (list_option);
2303 assert (!list_option->active);
2305 list_filename = get_config_filename (component, backend);
2306 list_file = gpgrt_fopen (list_filename, "r");
2308 gc_error (0, errno, "warning: can not open list file %s", list_filename);
2312 while ((length = gpgrt_read_line (list_file, &line, &line_len, NULL)) > 0)
2319 while (*start == ' ' || *start == '\t')
2321 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
2325 while (*end && *end != '#' && *end != '\r' && *end != '\n')
2327 /* Walk back to skip trailing white spaces. Looks evil, but
2328 works because of the conditions on START and END imposed
2329 at this point (END is at least START + 1, and START is
2330 not a whitespace character). */
2331 while (*(end - 1) == ' ' || *(end - 1) == '\t')
2334 /* FIXME: Oh, no! This is so lame! Should use realloc and
2338 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
2343 list = xasprintf ("\"%s", gc_percent_escape (start));
2345 if (length < 0 || gpgrt_ferror (list_file))
2346 gc_error (1, errno, "can not read list file %s", list_filename);
2349 list_option->active = 1;
2350 list_option->value = list;
2352 /* Fix up the read-only flag. */
2353 config_option = find_option
2354 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2355 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2356 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2358 if (list_file && gpgrt_fclose (list_file))
2359 gc_error (1, errno, "error closing %s", list_filename);
2364 /* Retrieve the currently active options and their defaults from all
2365 involved backends for this component. Using -1 for component will
2366 retrieve all options from all components. */
2368 gc_component_retrieve_options (int component)
2370 int process_all = 0;
2371 int backend_seen[GC_BACKEND_NR];
2372 gc_backend_t backend;
2373 gc_option_t *option;
2375 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2376 backend_seen[backend] = 0;
2378 if (component == -1)
2382 assert (component < GC_COMPONENT_NR);
2387 if (component == GC_COMPONENT_PINENTRY)
2388 continue; /* Skip this dummy component. */
2390 option = gc_component[component].options;
2392 while (option && option->name)
2394 if (!(option->flags & GC_OPT_FLAG_GROUP))
2396 backend = option->backend;
2398 if (backend_seen[backend])
2403 backend_seen[backend] = 1;
2405 assert (backend != GC_BACKEND_ANY);
2407 if (gc_backend[backend].program)
2408 retrieve_options_from_program (component, backend);
2410 retrieve_options_from_file (component, backend);
2415 while (process_all && ++component < GC_COMPONENT_NR);
2421 /* Perform a simple validity check based on the type. Return in
2422 * NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2423 * type GC_ARG_TYPE_NONE. If VERBATIM is set the profile parsing mode
2426 option_check_validity (gc_option_t *option, unsigned long flags,
2427 char *new_value, unsigned long *new_value_nr,
2432 if (!option->active)
2433 gc_error (1, 0, "option %s not supported by backend %s",
2434 option->name, gc_backend[option->backend].name);
2436 if (option->new_flags || option->new_value)
2437 gc_error (1, 0, "option %s already changed", option->name);
2439 if (flags & GC_OPT_FLAG_DEFAULT)
2442 gc_error (1, 0, "argument %s provided for deleted option %s",
2443 new_value, option->name);
2448 /* GC_ARG_TYPE_NONE options have special list treatment. */
2449 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2453 gpg_err_set_errno (0);
2454 *new_value_nr = strtoul (new_value, &tail, 0);
2457 gc_error (1, errno, "invalid argument for option %s",
2460 gc_error (1, 0, "garbage after argument for option %s",
2463 if (!(option->flags & GC_OPT_FLAG_LIST))
2465 if (*new_value_nr != 1)
2466 gc_error (1, 0, "argument for non-list option %s of type 0 "
2467 "(none) must be 1", option->name);
2471 if (*new_value_nr == 0)
2472 gc_error (1, 0, "argument for option %s of type 0 (none) "
2473 "must be positive", option->name);
2482 if (*arg == '\0' || (*arg == ',' && !verbatim))
2484 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2485 gc_error (1, 0, "argument required for option %s", option->name);
2487 if (*arg == ',' && !verbatim && !(option->flags & GC_OPT_FLAG_LIST))
2488 gc_error (1, 0, "list found for non-list option %s", option->name);
2490 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2492 if (*arg != '"' && !verbatim)
2493 gc_error (1, 0, "string argument for option %s must begin "
2494 "with a quote (\") character", option->name);
2496 /* FIXME: We do not allow empty string arguments for now, as
2497 we do not quote arguments in configuration files, and
2498 thus no argument is indistinguishable from the empty
2500 if (arg[1] == '\0' || (arg[1] == ',' && !verbatim))
2501 gc_error (1, 0, "empty string argument for option %s is "
2502 "currently not allowed. Please report this!",
2505 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2509 gpg_err_set_errno (0);
2510 res = strtol (arg, &arg, 0);
2514 gc_error (1, errno, "invalid argument for option %s",
2517 if (*arg != '\0' && (*arg != ',' || verbatim))
2518 gc_error (1, 0, "garbage after argument for option %s",
2521 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
2525 gpg_err_set_errno (0);
2526 res = strtoul (arg, &arg, 0);
2530 gc_error (1, errno, "invalid argument for option %s",
2533 if (*arg != '\0' && (*arg != ',' || verbatim))
2534 gc_error (1, 0, "garbage after argument for option %s",
2537 arg = verbatim? strchr (arg, ',') : NULL;
2541 while (arg && *arg);
2544 #ifdef HAVE_W32_SYSTEM
2546 copy_file (const char *src_name, const char *dst_name)
2548 #define BUF_LEN 4096
2549 char buffer[BUF_LEN];
2554 src = gpgrt_fopen (src_name, "r");
2558 dst = gpgrt_fopen (dst_name, "w");
2561 int saved_err = errno;
2563 gpg_err_set_errno (saved_err);
2571 len = gpgrt_fread (buffer, 1, BUF_LEN, src);
2574 written = gpgrt_fwrite (buffer, 1, len, dst);
2578 while (! gpgrt_feof (src) && ! gpgrt_ferror (src) && ! gpgrt_ferror (dst));
2580 if (gpgrt_ferror (src) || gpgrt_ferror (dst) || ! gpgrt_feof (src))
2582 int saved_errno = errno;
2586 gpg_err_set_errno (saved_errno);
2590 if (gpgrt_fclose (dst))
2591 gc_error (1, errno, "error closing %s", dst_name);
2592 if (gpgrt_fclose (src))
2593 gc_error (1, errno, "error closing %s", src_name);
2597 #endif /* HAVE_W32_SYSTEM */
2600 /* Create and verify the new configuration file for the specified
2601 * backend and component. Returns 0 on success and -1 on error. This
2602 * function may store pointers to malloced strings in SRC_FILENAMEP,
2603 * DEST_FILENAMEP, and ORIG_FILENAMEP. Those must be freed by the
2604 * caller. The strings refer to three versions of the configuration
2607 * SRC_FILENAME: The updated configuration is written to this file.
2608 * DEST_FILENAME: Name of the configuration file read by the
2610 * ORIG_FILENAME: A backup of the previous configuration file.
2612 * To apply the configuration change, rename SRC_FILENAME to
2613 * DEST_FILENAME. To revert to the previous configuration, rename
2614 * ORIG_FILENAME to DEST_FILENAME. */
2616 change_options_file (gc_component_t component, gc_backend_t backend,
2617 char **src_filenamep, char **dest_filenamep,
2618 char **orig_filenamep)
2620 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2621 /* True if we are within the marker in the config file. */
2623 gc_option_t *option;
2629 gpgrt_stream_t src_file = NULL;
2630 gpgrt_stream_t dest_file = NULL;
2632 char *dest_filename;
2633 char *orig_filename;
2635 char *cur_arg = NULL;
2637 option = find_option (component,
2638 gc_backend[backend].option_name, GC_BACKEND_ANY);
2640 assert (option->active);
2641 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2643 /* FIXME. Throughout the function, do better error reporting. */
2644 /* Note that get_config_filename() calls percent_deescape(), so we
2645 call this before processing the arguments. */
2646 dest_filename = xstrdup (get_config_filename (component, backend));
2647 src_filename = xasprintf ("%s.%s.%i.new",
2648 dest_filename, GPGCONF_NAME, (int)getpid ());
2649 orig_filename = xasprintf ("%s.%s.%i.bak",
2650 dest_filename, GPGCONF_NAME, (int)getpid ());
2652 arg = option->new_value;
2653 if (arg && arg[0] == '\0')
2660 end = strchr (arg, ',');
2664 cur_arg = percent_deescape (arg);
2674 #ifdef HAVE_W32_SYSTEM
2675 res = copy_file (dest_filename, orig_filename);
2677 res = link (dest_filename, orig_filename);
2679 if (res < 0 && errno != ENOENT)
2681 xfree (dest_filename);
2682 xfree (src_filename);
2683 xfree (orig_filename);
2688 xfree (orig_filename);
2689 orig_filename = NULL;
2692 /* We now initialize the return strings, so the caller can do the
2694 *src_filenamep = src_filename;
2695 *dest_filenamep = dest_filename;
2696 *orig_filenamep = orig_filename;
2698 /* Use open() so that we can use O_EXCL. */
2699 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2702 src_file = gpgrt_fdopen (fd, "w");
2706 gpg_err_set_errno (res);
2710 /* Only if ORIG_FILENAME is not NULL did the configuration file
2711 exist already. In this case, we will copy its content into the
2712 new configuration file, changing it to our liking in the
2716 dest_file = gpgrt_fopen (dest_filename, "r");
2718 goto change_file_one_err;
2720 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
2725 if (!strncmp (marker, line, sizeof (marker) - 1))
2734 while (*start == ' ' || *start == '\t')
2736 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2745 /* Search for the end of the line. */
2746 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2749 if (*endp && *endp != ' ' && *endp != '\t'
2750 && *endp != '\r' && *endp != '\n' && *endp != '#')
2756 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2757 || !cur_arg || strcmp (start, cur_arg))
2761 /* Find next argument. */
2767 arg_end = strchr (arg, ',');
2771 cur_arg = percent_deescape (arg);
2791 gpgrt_fprintf (src_file,
2792 "# %s disabled this option here at %s\n",
2793 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
2794 if (gpgrt_ferror (src_file))
2795 goto change_file_one_err;
2796 gpgrt_fprintf (src_file, "# %s", line);
2797 if (gpgrt_ferror (src_file))
2798 goto change_file_one_err;
2803 gpgrt_fprintf (src_file, "%s", line);
2804 if (gpgrt_ferror (src_file))
2805 goto change_file_one_err;
2808 if (length < 0 || gpgrt_ferror (dest_file))
2809 goto change_file_one_err;
2814 /* There was no marker. This is the first time we edit the
2815 file. We add our own marker at the end of the file and
2816 proceed. Note that we first write a newline, this guards us
2817 against files which lack the newline at the end of the last
2818 line, while it doesn't hurt us in all other cases. */
2819 gpgrt_fprintf (src_file, "\n%s\n", marker);
2820 if (gpgrt_ferror (src_file))
2821 goto change_file_one_err;
2824 /* At this point, we have copied everything up to the end marker
2825 into the new file, except for the arguments we are going to add.
2826 Now, dump the new arguments and write the end marker, possibly
2827 followed by the rest of the original file. */
2830 gpgrt_fprintf (src_file, "%s\n", cur_arg);
2832 /* Find next argument. */
2838 end = strchr (arg, ',');
2842 cur_arg = percent_deescape (arg);
2855 gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2856 if (gpgrt_ferror (src_file))
2857 goto change_file_one_err;
2861 gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
2863 if (gpgrt_ferror (src_file))
2864 goto change_file_one_err;
2865 gpgrt_fprintf (src_file, "# It will disable options before this marked "
2866 "block, but it will\n");
2867 if (gpgrt_ferror (src_file))
2868 goto change_file_one_err;
2869 gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
2870 if (gpgrt_ferror (src_file))
2871 goto change_file_one_err;
2875 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
2877 gpgrt_fprintf (src_file, "%s", line);
2878 if (gpgrt_ferror (src_file))
2879 goto change_file_one_err;
2881 if (length < 0 || gpgrt_ferror (dest_file))
2882 goto change_file_one_err;
2887 res = gpgrt_fclose (src_file);
2893 gpgrt_fclose (dest_file);
2894 gpg_err_set_errno (res);
2900 res = gpgrt_fclose (dest_file);
2906 change_file_one_err:
2911 gpgrt_fclose (src_file);
2915 gpgrt_fclose (dest_file);
2916 gpg_err_set_errno (res);
2921 /* Create and verify the new configuration file for the specified
2922 * backend and component. Returns 0 on success and -1 on error. If
2923 * VERBATIM is set the profile mode is used. This function may store
2924 * pointers to malloced strings in SRC_FILENAMEP, DEST_FILENAMEP, and
2925 * ORIG_FILENAMEP. Those must be freed by the caller. The strings
2926 * refer to three versions of the configuration file:
2928 * SRC_FILENAME: The updated configuration is written to this file.
2929 * DEST_FILENAME: Name of the configuration file read by the
2931 * ORIG_FILENAME: A backup of the previous configuration file.
2933 * To apply the configuration change, rename SRC_FILENAME to
2934 * DEST_FILENAME. To revert to the previous configuration, rename
2935 * ORIG_FILENAME to DEST_FILENAME. */
2937 change_options_program (gc_component_t component, gc_backend_t backend,
2938 char **src_filenamep, char **dest_filenamep,
2939 char **orig_filenamep,
2942 static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
2943 /* True if we are within the marker in the config file. */
2945 gc_option_t *option;
2951 gpgrt_stream_t src_file = NULL;
2952 gpgrt_stream_t dest_file = NULL;
2954 char *dest_filename;
2955 char *orig_filename;
2956 /* Special hack for gpg, see below. */
2957 int utf8strings_seen = 0;
2959 /* FIXME. Throughout the function, do better error reporting. */
2960 dest_filename = xstrdup (get_config_filename (component, backend));
2961 src_filename = xasprintf ("%s.%s.%i.new",
2962 dest_filename, GPGCONF_NAME, (int)getpid ());
2963 orig_filename = xasprintf ("%s.%s.%i.bak",
2964 dest_filename, GPGCONF_NAME, (int)getpid ());
2966 #ifdef HAVE_W32_SYSTEM
2967 res = copy_file (dest_filename, orig_filename);
2969 res = link (dest_filename, orig_filename);
2971 if (res < 0 && errno != ENOENT)
2973 xfree (dest_filename);
2974 xfree (src_filename);
2975 xfree (orig_filename);
2980 xfree (orig_filename);
2981 orig_filename = NULL;
2984 /* We now initialize the return strings, so the caller can do the
2986 *src_filenamep = src_filename;
2987 *dest_filenamep = dest_filename;
2988 *orig_filenamep = orig_filename;
2990 /* Use open() so that we can use O_EXCL. */
2991 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2994 src_file = gpgrt_fdopen (fd, "w");
2998 gpg_err_set_errno (res);
3002 /* Only if ORIG_FILENAME is not NULL did the configuration file
3003 exist already. In this case, we will copy its content into the
3004 new configuration file, changing it to our liking in the
3008 dest_file = gpgrt_fopen (dest_filename, "r");
3010 goto change_one_err;
3012 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
3017 if (!strncmp (marker, line, sizeof (marker) - 1))
3024 else if (backend == GC_BACKEND_GPG && in_marker
3025 && ! strcmp ("utf8-strings\n", line))
3027 /* Strip duplicated entries. */
3028 if (utf8strings_seen)
3031 utf8strings_seen = 1;
3035 while (*start == ' ' || *start == '\t')
3037 if (*start && *start != '\r' && *start != '\n' && *start != '#')
3043 while (*end && *end != ' ' && *end != '\t'
3044 && *end != '\r' && *end != '\n' && *end != '#')
3049 option = find_option (component, start, backend);
3051 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
3052 || option->new_value))
3059 gpgrt_fprintf (src_file,
3060 "# %s disabled this option here at %s\n",
3061 GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
3062 if (gpgrt_ferror (src_file))
3063 goto change_one_err;
3064 gpgrt_fprintf (src_file, "# %s", line);
3065 if (gpgrt_ferror (src_file))
3066 goto change_one_err;
3071 gpgrt_fprintf (src_file, "%s", line);
3072 if (gpgrt_ferror (src_file))
3073 goto change_one_err;
3076 if (length < 0 || gpgrt_ferror (dest_file))
3077 goto change_one_err;
3082 /* There was no marker. This is the first time we edit the
3083 file. We add our own marker at the end of the file and
3084 proceed. Note that we first write a newline, this guards us
3085 against files which lack the newline at the end of the last
3086 line, while it doesn't hurt us in all other cases. */
3087 gpgrt_fprintf (src_file, "\n%s\n", marker);
3088 if (gpgrt_ferror (src_file))
3089 goto change_one_err;
3091 /* At this point, we have copied everything up to the end marker
3092 into the new file, except for the options we are going to change.
3093 Now, dump the changed options (except for those we are going to
3094 revert to their default), and write the end marker, possibly
3095 followed by the rest of the original file. */
3097 /* We have to turn on UTF8 strings for GnuPG. */
3098 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
3099 gpgrt_fprintf (src_file, "utf8-strings\n");
3101 option = gc_component[component].options;
3102 while (option->name)
3104 if (!(option->flags & GC_OPT_FLAG_GROUP)
3105 && option->backend == backend
3106 && option->new_value)
3108 char *arg = option->new_value;
3112 if (*arg == '\0' || *arg == ',')
3114 gpgrt_fprintf (src_file, "%s\n", option->name);
3115 if (gpgrt_ferror (src_file))
3116 goto change_one_err;
3118 else if (gc_arg_type[option->arg_type].fallback
3119 == GC_ARG_TYPE_NONE)
3121 assert (*arg == '1');
3122 gpgrt_fprintf (src_file, "%s\n", option->name);
3123 if (gpgrt_ferror (src_file))
3124 goto change_one_err;
3128 else if (gc_arg_type[option->arg_type].fallback
3129 == GC_ARG_TYPE_STRING)
3135 log_assert (*arg == '"');
3138 end = strchr (arg, ',');
3145 gpgrt_fprintf (src_file, "%s %s\n", option->name,
3146 verbatim? arg : percent_deescape (arg));
3147 if (gpgrt_ferror (src_file))
3148 goto change_one_err;
3158 end = strchr (arg, ',');
3162 gpgrt_fprintf (src_file, "%s %s\n", option->name, arg);
3163 if (gpgrt_ferror (src_file))
3164 goto change_one_err;
3171 assert (arg == NULL || *arg == '\0' || *arg == ',');
3172 if (arg && *arg == ',')
3175 while (arg && *arg);
3180 gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
3181 if (gpgrt_ferror (src_file))
3182 goto change_one_err;
3186 gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
3188 if (gpgrt_ferror (src_file))
3189 goto change_one_err;
3190 gpgrt_fprintf (src_file, "# It will disable options before this marked "
3191 "block, but it will\n");
3192 if (gpgrt_ferror (src_file))
3193 goto change_one_err;
3194 gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
3195 if (gpgrt_ferror (src_file))
3196 goto change_one_err;
3200 while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
3202 gpgrt_fprintf (src_file, "%s", line);
3203 if (gpgrt_ferror (src_file))
3204 goto change_one_err;
3206 if (length < 0 || gpgrt_ferror (dest_file))
3207 goto change_one_err;
3212 res = gpgrt_fclose (src_file);
3218 gpgrt_fclose (dest_file);
3219 gpg_err_set_errno (res);
3225 res = gpgrt_fclose (dest_file);
3236 gpgrt_fclose (src_file);
3240 gpgrt_fclose (dest_file);
3241 gpg_err_set_errno (res);
3246 /* Common code for gc_component_change_options and
3247 * gc_process_gpgconf_conf. If VERBATIM is set the profile parsing
3250 change_one_value (gc_option_t *option, int *runtime,
3251 unsigned long flags, char *new_value, int verbatim)
3253 unsigned long new_value_nr = 0;
3255 option_check_validity (option, flags, new_value, &new_value_nr, verbatim);
3257 if (option->flags & GC_OPT_FLAG_RUNTIME)
3258 runtime[option->backend] = 1;
3260 option->new_flags = flags;
3261 if (!(flags & GC_OPT_FLAG_DEFAULT))
3263 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
3264 && (option->flags & GC_OPT_FLAG_LIST))
3268 /* We convert the number to a list of 1's for convenient
3270 assert (new_value_nr > 0);
3271 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
3272 str = option->new_value;
3274 while (--new_value_nr > 0)
3282 option->new_value = xstrdup (new_value);
3287 /* Read the modifications from IN and apply them. If IN is NULL the
3288 modifications are expected to already have been set to the global
3289 table. If VERBATIM is set the profile mode is used. */
3291 gc_component_change_options (int component, estream_t in, estream_t out,
3296 int runtime[GC_BACKEND_NR];
3297 char *src_filename[GC_BACKEND_NR];
3298 char *dest_filename[GC_BACKEND_NR];
3299 char *orig_filename[GC_BACKEND_NR];
3300 gc_backend_t backend;
3301 gc_option_t *option;
3303 size_t line_len = 0;
3306 if (component == GC_COMPONENT_PINENTRY)
3307 return; /* Dummy component for now. */
3309 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3311 runtime[backend] = 0;
3312 src_filename[backend] = NULL;
3313 dest_filename[backend] = NULL;
3314 orig_filename[backend] = NULL;
3319 /* Read options from the file IN. */
3320 while ((length = es_read_line (in, &line, &line_len, NULL)) > 0)
3323 unsigned long flags = 0;
3324 char *new_value = "";
3326 /* Strip newline and carriage return, if present. */
3328 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
3329 line[--length] = '\0';
3331 linep = strchr (line, ':');
3335 /* Extract additional flags. Default to none. */
3341 end = strchr (linep, ':');
3345 gpg_err_set_errno (0);
3346 flags = strtoul (linep, &tail, 0);
3348 gc_error (1, errno, "malformed flags in option %s", line);
3349 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
3350 gc_error (1, 0, "garbage after flags in option %s", line);
3355 /* Don't allow setting of the no change flag. */
3356 flags &= ~GC_OPT_FLAG_NO_CHANGE;
3358 /* Extract default value, if present. Default to empty if not. */
3362 end = strchr (linep, ':');
3369 option = find_option (component, line, GC_BACKEND_ANY);
3371 gc_error (1, 0, "unknown option %s", line);
3373 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
3375 gc_error (0, 0, "ignoring new value for option %s",
3380 change_one_value (option, runtime, flags, new_value, 0);
3382 if (length < 0 || gpgrt_ferror (in))
3383 gc_error (1, errno, "error reading stream 'in'");
3386 /* Now that we have collected and locally verified the changes,
3387 write them out to new configuration files, verify them
3388 externally, and then commit them. */
3389 option = gc_component[component].options;
3390 while (option && option->name)
3392 /* Go on if we have already seen this backend, or if there is
3394 if (src_filename[option->backend]
3395 || !(option->new_flags || option->new_value))
3401 if (gc_backend[option->backend].program)
3403 err = change_options_program (component, option->backend,
3404 &src_filename[option->backend],
3405 &dest_filename[option->backend],
3406 &orig_filename[option->backend],
3410 /* External verification. */
3411 err = gc_component_check_options (component, out,
3412 src_filename[option->backend]);
3416 _("External verification of component %s failed"),
3417 gc_component[component].name);
3418 gpg_err_set_errno (EINVAL);
3424 err = change_options_file (component, option->backend,
3425 &src_filename[option->backend],
3426 &dest_filename[option->backend],
3427 &orig_filename[option->backend]);
3435 /* We are trying to atomically commit all changes. Unfortunately,
3436 we cannot rely on gnupg_rename_file to manage the signals for us,
3437 doing so would require us to pass NULL as BLOCK to any subsequent
3438 call to it. Instead, we just manage the signal handling
3441 gnupg_block_all_signals ();
3443 if (! err && ! opt.dry_run)
3447 for (i = 0; i < GC_BACKEND_NR; i++)
3449 if (src_filename[i])
3451 /* FIXME: Make a verification here. */
3453 assert (dest_filename[i]);
3455 if (orig_filename[i])
3456 err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
3459 #ifdef HAVE_W32_SYSTEM
3460 /* We skip the unlink if we expect the file not to
3462 err = gnupg_rename_file (src_filename[i], dest_filename[i], NULL);
3463 #else /* HAVE_W32_SYSTEM */
3464 /* This is a bit safer than rename() because we
3465 expect DEST_FILENAME not to be there. If it
3466 happens to be there, this will fail. */
3467 err = link (src_filename[i], dest_filename[i]);
3469 err = unlink (src_filename[i]);
3470 #endif /* !HAVE_W32_SYSTEM */
3474 xfree (src_filename[i]);
3475 src_filename[i] = NULL;
3480 if (err || opt.dry_run)
3483 int saved_errno = errno;
3485 /* An error occurred or a dry-run is requested. */
3486 for (i = 0; i < GC_BACKEND_NR; i++)
3488 if (src_filename[i])
3490 /* The change was not yet committed. */
3491 unlink (src_filename[i]);
3492 if (orig_filename[i])
3493 unlink (orig_filename[i]);
3497 /* The changes were already committed. FIXME: This is a
3498 tad dangerous, as we don't know if we don't overwrite
3499 a version of the file that is even newer than the one
3500 we just installed. */
3501 if (orig_filename[i])
3502 gnupg_rename_file (orig_filename[i], dest_filename[i], NULL);
3504 unlink (dest_filename[i]);
3508 gc_error (1, saved_errno, "could not commit changes");
3510 /* Fall-through for dry run. */
3514 /* If it all worked, notify the daemons of the changes. */
3516 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3518 if (runtime[backend] && gc_backend[backend].runtime_change)
3519 (*gc_backend[backend].runtime_change) (0);
3522 /* Move the per-process backup file into its place. */
3523 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3524 if (orig_filename[backend])
3526 char *backup_filename;
3528 assert (dest_filename[backend]);
3530 backup_filename = xasprintf ("%s.%s.bak",
3531 dest_filename[backend], GPGCONF_NAME);
3532 gnupg_rename_file (orig_filename[backend], backup_filename, NULL);
3533 xfree (backup_filename);
3538 gnupg_unblock_all_signals ();
3540 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3542 xfree (src_filename[backend]);
3543 xfree (dest_filename[backend]);
3544 xfree (orig_filename[backend]);
3549 /* Check whether USER matches the current user of one of its group.
3550 This function may change USER. Returns true is there is a
3553 key_matches_user_or_group (char *user)
3557 if (*user == '*' && user[1] == 0)
3558 return 1; /* A single asterisk matches all users. */
3560 group = strchr (user, ':');
3564 #ifdef HAVE_W32_SYSTEM
3565 /* Under Windows we don't support groups. */
3566 if (group && *group)
3567 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3568 #ifndef HAVE_W32CE_SYSTEM
3571 static char *my_name;
3578 GetUserNameA (tmp, &size);
3579 my_name = xmalloc (size);
3580 if (!GetUserNameA (my_name, &size))
3581 gc_error (1,0, "error getting current user name: %s",
3585 if (!strcmp (user, my_name))
3586 return 1; /* Found. */
3588 #endif /*HAVE_W32CE_SYSTEM*/
3589 #else /*!HAVE_W32_SYSTEM*/
3590 /* First check whether the user matches. */
3593 static char *my_name;
3597 struct passwd *pw = getpwuid ( getuid () );
3599 gc_error (1, errno, "getpwuid failed for current user");
3600 my_name = xstrdup (pw->pw_name);
3602 if (!strcmp (user, my_name))
3603 return 1; /* Found. */
3606 /* If that failed, check whether a group matches. */
3607 if (group && *group)
3609 static char *my_group;
3610 static char **my_supgroups;
3615 struct group *gr = getgrgid ( getgid () );
3617 gc_error (1, errno, "getgrgid failed for current user");
3618 my_group = xstrdup (gr->gr_name);
3620 if (!strcmp (group, my_group))
3621 return 1; /* Found. */
3628 ngids = getgroups (0, NULL);
3629 gids = xcalloc (ngids+1, sizeof *gids);
3630 ngids = getgroups (ngids, gids);
3632 gc_error (1, errno, "getgroups failed for current user");
3633 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3634 for (n=0; n < ngids; n++)
3636 struct group *gr = getgrgid ( gids[n] );
3638 gc_error (1, errno, "getgrgid failed for supplementary group");
3639 my_supgroups[n] = xstrdup (gr->gr_name);
3644 for (n=0; my_supgroups[n]; n++)
3645 if (!strcmp (group, my_supgroups[n]))
3646 return 1; /* Found. */
3648 #endif /*!HAVE_W32_SYSTEM*/
3649 return 0; /* No match. */
3654 /* Read and process the global configuration file for gpgconf. This
3655 optional file is used to update our internal tables at runtime and
3656 may also be used to set new default values. If FNAME is NULL the
3657 default name will be used. With UPDATE set to true the internal
3658 tables are actually updated; if not set, only a syntax check is
3659 done. If DEFAULTS is true the global options are written to the
3660 configuration files. If LISTFP is set, no changes are done but the
3661 configuration file is printed to LISTFP in a colon separated format.
3663 Returns 0 on success or if the config file is not present; -1 is
3664 returned on error. */
3666 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3671 size_t line_len = 0;
3673 gpgrt_stream_t config;
3677 int runtime[GC_BACKEND_NR];
3678 int backend_id, component_id;
3682 fname = xstrdup (fname_arg);
3684 fname = make_filename (gnupg_sysconfdir (), GPGCONF_NAME EXTSEP_S "conf",
3687 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3688 runtime[backend_id] = 0;
3690 config = gpgrt_fopen (fname, "r");
3693 /* Do not print an error if the file is not available, except
3694 when running in syntax check mode. */
3695 if (errno != ENOENT || !update)
3697 gc_error (0, errno, "can not open global config file '%s'", fname);
3704 while ((length = gpgrt_read_line (config, &line, &line_len, NULL)) > 0)
3706 char *key, *component, *option, *flags, *value;
3708 gc_option_t *option_info = NULL;
3710 int is_continuation;
3714 while (*key == ' ' || *key == '\t')
3716 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3719 is_continuation = (key != line);
3721 /* Parse the key field. */
3722 if (!is_continuation && got_match)
3723 break; /* Finish after the first match. */
3724 else if (!is_continuation)
3727 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3731 gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
3740 gc_error (0, 0, "continuation but no rule at '%s', line %d",
3753 /* Parse the component. */
3754 while (*component == ' ' || *component == '\t')
3756 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3760 gc_error (0, 0, "missing component at '%s', line %d",
3768 component_id = gc_component_find (component);
3769 if (component_id < 0)
3771 gc_error (0, 0, "unknown component at '%s', line %d",
3776 /* Parse the option name. */
3777 while (*option == ' ' || *option == '\t')
3779 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3783 gc_error (0, 0, "missing option at '%s', line %d",
3790 if ( component_id != -1)
3792 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3795 gc_error (0, 0, "unknown option at '%s', line %d",
3802 /* Parse the optional flags. */
3803 while (*flags == ' ' || *flags == '\t')
3808 p = strchr (flags, ']');
3811 gc_error (0, 0, "syntax error in rule at '%s', line %d",
3819 else /* No flags given. */
3825 /* Parse the optional value. */
3826 while (*value == ' ' || *value == '\t')
3828 for (p=value; *p && !strchr ("\r\n", *p); p++)
3831 value = empty; /* No value given; let it point to an empty string. */
3834 /* Strip trailing white space. */
3836 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3840 /* Check flag combinations. */
3843 else if (!strcmp (flags, "default"))
3847 gc_error (0, 0, "flag \"default\" may not be combined "
3848 "with a value at '%s', line %d",
3853 else if (!strcmp (flags, "change"))
3855 else if (!strcmp (flags, "no-change"))
3859 gc_error (0, 0, "unknown flag at '%s', line %d",
3864 /* In list mode we print out all records. */
3865 if (listfp && !result)
3867 /* If this is a new ruleset, print a key record. */
3868 if (!is_continuation)
3870 char *group = strchr (key, ':');
3874 if ((p = strchr (group, ':')))
3875 *p = 0; /* We better strip any extra stuff. */
3878 es_fprintf (listfp, "k:%s:", gc_percent_escape (key));
3879 es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3882 /* All other lines are rule records. */
3883 es_fprintf (listfp, "r:::%s:%s:%s:",
3884 gc_component[component_id].name,
3885 option_info->name? option_info->name : "",
3888 es_fprintf (listfp, "\"%s", gc_percent_escape (value));
3890 es_putc ('\n', listfp);
3893 /* Check whether the key matches but do this only if we are not
3894 running in syntax check mode. */
3896 && !result && !listfp
3897 && (got_match || (key && key_matches_user_or_group (key))) )
3903 /* Apply the flags from gpgconf.conf. */
3906 else if (!strcmp (flags, "default"))
3907 newflags |= GC_OPT_FLAG_DEFAULT;
3908 else if (!strcmp (flags, "no-change"))
3909 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3910 else if (!strcmp (flags, "change"))
3911 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3915 /* Here we explicitly allow updating the value again. */
3918 option_info->new_flags = 0;
3922 xfree (option_info->new_value);
3923 option_info->new_value = NULL;
3925 change_one_value (option_info, runtime, newflags, value, 0);
3930 if (length < 0 || gpgrt_ferror (config))
3932 gc_error (0, errno, "error reading from '%s'", fname);
3935 if (gpgrt_fclose (config))
3936 gc_error (0, errno, "error closing '%s'", fname);
3940 /* If it all worked, process the options. */
3941 if (!result && update && defaults && !listfp)
3943 /* We need to switch off the runtime update, so that we can do
3944 it later all at once. */
3945 int save_opt_runtime = opt.runtime;
3948 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3950 gc_component_change_options (component_id, NULL, NULL, 0);
3952 opt.runtime = save_opt_runtime;
3956 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3957 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3958 (*gc_backend[backend_id].runtime_change) (0);
3968 * Apply the profile FNAME to all known configure files.
3971 gc_apply_profile (const char *fname)
3974 char *fname_buffer = NULL;
3976 size_t line_len = 0;
3980 int runtime[GC_BACKEND_NR];
3982 int component_id = -1;
3983 int skip_section = 0;
3984 int error_count = 0;
3990 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3991 runtime[backend_id] = 0;
3994 if (!(!strcmp (fname, "-")
3995 || strchr (fname, '/')
3996 #ifdef HAVE_W32_SYSTEM
3997 || strchr (fname, '\\')
3999 || strchr (fname, '.')))
4001 /* FNAME looks like a standard profile name. Check whether one
4002 * is installed and use that instead of the given file name. */
4003 fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S,
4004 fname, ".prf", NULL);
4005 if (!access (fname_buffer, F_OK))
4006 fname = fname_buffer;
4009 fp = !strcmp (fname, "-")? es_stdin : es_fopen (fname, "r");
4012 err = gpg_error_from_syserror ();
4013 log_error ("can't open '%s': %s\n", fname, gpg_strerror (err));
4018 log_info ("applying profile '%s'\n", fname);
4021 while ((length = es_read_line (fp, &line, &line_len, NULL)) > 0)
4023 char *name, *flags, *value;
4024 gc_option_t *option_info = NULL;
4029 while (*name == ' ' || *name == '\t')
4031 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
4033 trim_trailing_spaces (name);
4035 /* Check whether this is a new section. */
4040 /* New section: Get the name of the component. */
4041 p = strchr (name, ']');
4045 log_info ("%s:%d:%d: error: syntax error in section tag\n",
4046 fname, lineno, (int)(name - line));
4052 log_info ("%s:%d:%d: warning: garbage after section tag\n",
4053 fname, lineno, (int)(p - line));
4056 component_id = gc_component_find (name);
4057 if (component_id < 0)
4059 log_info ("%s:%d:%d: warning: skipping unknown section '%s'\n",
4060 fname, lineno, (int)(name - line), name );
4068 if (component_id < 0)
4071 log_info ("%s:%d:%d: error: not in a valid section\n",
4072 fname, lineno, (int)(name - line));
4077 /* Parse the option name. */
4078 for (p = name; *p && !spacep (p); p++)
4083 option_info = find_option (component_id, name, GC_BACKEND_ANY);
4087 log_info ("%s:%d:%d: error: unknown option '%s' in section '%s'\n",
4088 fname, lineno, (int)(name - line),
4089 name, gc_component[component_id].name);
4093 /* Parse the optional flags. */
4094 trim_spaces (value);
4099 p = strchr (flags, ']');
4102 log_info ("%s:%d:%d: warning: invalid flag specification\n",
4103 fname, lineno, (int)(p - line));
4108 trim_spaces (value);
4110 else /* No flags given. */
4113 /* Set required defaults. */
4114 if (gc_arg_type[option_info->arg_type].fallback == GC_ARG_TYPE_NONE
projects / gnupg.git / blob