search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Marcus Brinkmann <marcus@g10code.de>
[gnupg.git] / tools / gpgconf-comp.c
blob25d44150896f3daaf6b918e0f1ce2693bef827bd
1 /* gpgconf-comp.c - Configuration utility for GnuPG.
2 * Copyright (C) 2004, 2007, 2008 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with GnuPG; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #if HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23 #include <stdlib.h>
24 #include <stdio.h>
25 #include <string.h>
26 #include <fcntl.h>
27 #include <unistd.h>
28 #include <sys/types.h>
29 #include <assert.h>
30 #include <errno.h>
31 #include <time.h>
32 #include <stdarg.h>
33 #include <signal.h>
34 #include <ctype.h>
35 #ifdef HAVE_W32_SYSTEM
36 # define WIN32_LEAN_AND_MEAN 1
37 # include <windows.h>
38 #else
39 # include <pwd.h>
40 # include <grp.h>
41 #endif
42
43 /* For log_logv(), asctimestamp(), gnupg_get_time (). */
44 #define JNLIB_NEED_LOG_LOGV
45 #include "util.h"
46 #include "i18n.h"
47 #include "exechelp.h"
48
49 #include "gc-opt-flags.h"
50 #include "gpgconf.h"
51
52
53 /* There is a problem with gpg 1.4 under Windows: --gpgconf-list
54 returns a plain filename without escaping. As long as we have not
55 fixed that we need to use gpg2 - it might actually be better to use
56 gpg2 in any case. */
57 #ifdef HAVE_W32_SYSTEM
58 #define GPGNAME "gpg2"
59 #else
60 #define GPGNAME "gpg"
61 #endif
62
63 \f
64 /* TODO:
65 Components: Add more components and their options.
66 Robustness: Do more validation. Call programs to do validation for us.
67 Add options to change backend binary path.
68 Extract binary path for some backends from gpgsm/gpg config.
69 */
70
71 \f
72 #if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
73 void gc_error (int status, int errnum, const char *fmt, ...) \
74 __attribute__ ((format (printf, 3, 4)));
75 #endif
76
77 /* Output a diagnostic message. If ERRNUM is not 0, then the output
78 is followed by a colon, a white space, and the error string for the
79 error number ERRNUM. In any case the output is finished by a
80 newline. The message is prepended by the program name, a colon,
81 and a whitespace. The output may be further formatted or
82 redirected by the jnlib logging facility. */
83 void
84 gc_error (int status, int errnum, const char *fmt, ...)
85 {
86 va_list arg_ptr;
87
88 va_start (arg_ptr, fmt);
89 log_logv (JNLIB_LOG_ERROR, fmt, arg_ptr);
90 va_end (arg_ptr);
91
92 if (errnum)
93 log_printf (": %s\n", strerror (errnum));
94 else
95 log_printf ("\n");
96
97 if (status)
98 {
99 log_printf (NULL);
100 log_printf ("fatal error (exit status %i)\n", status);
101 exit (status);
102 }
103 }
104
105 \f
106 /* Forward declaration. */
107 void gpg_agent_runtime_change (void);
108
109 /* Backend configuration. Backends are used to decide how the default
110 and current value of an option can be determined, and how the
111 option can be changed. To every option in every component belongs
112 exactly one backend that controls and determines the option. Some
113 backends are programs from the GPG system. Others might be
114 implemented by GPGConf itself. If you change this enum, don't
115 forget to update GC_BACKEND below. */
116 typedef enum
117 {
118 /* Any backend, used for find_option (). */
119 GC_BACKEND_ANY,
120
121 /* The Gnu Privacy Guard. */
122 GC_BACKEND_GPG,
123
124 /* The Gnu Privacy Guard for S/MIME. */
125 GC_BACKEND_GPGSM,
126
127 /* The GPG Agent. */
128 GC_BACKEND_GPG_AGENT,
129
130 /* The GnuPG SCDaemon. */
131 GC_BACKEND_SCDAEMON,
132
133 /* The Aegypten directory manager. */
134 GC_BACKEND_DIRMNGR,
135
136 /* The LDAP server list file for the Aegypten director manager. */
137 GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST,
138
139 /* The number of the above entries. */
140 GC_BACKEND_NR
141 } gc_backend_t;
142
143
144 /* To be able to implement generic algorithms for the various
145 backends, we collect all information about them in this struct. */
146 static struct
147 {
148 /* The name of the backend. */
149 const char *name;
150
151 /* The name of the program that acts as the backend. Some backends
152 don't have an associated program, but are implemented directly by
153 GPGConf. In this case, PROGRAM is NULL. */
154 char *program;
155
156 /* The module name (GNUPG_MODULE_NAME_foo) as defined by
157 ../common/util.h. This value is used to get the actual installed
158 path of the program. 0 is used if no backedn program is
159 available. */
160 char module_name;
161
162 /* The runtime change callback. */
163 void (*runtime_change) (void);
164
165 /* The option name for the configuration filename of this backend.
166 This must be an absolute filename. It can be an option from a
167 different backend (but then ordering of the options might
168 matter). Note: This must be unique among all components. */
169 const char *option_config_filename;
170
171 /* If this is a file backend rather than a program backend, then
172 this is the name of the option associated with the file. */
173 const char *option_name;
174 } gc_backend[GC_BACKEND_NR] =
175 {
176 { NULL }, /* GC_BACKEND_ANY dummy entry. */
177 { "GnuPG", GPGNAME, GNUPG_MODULE_NAME_GPG,
178 NULL, "gpgconf-gpg.conf" },
179 { "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM,
180 NULL, "gpgconf-gpgsm.conf" },
181 { "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT,
182 gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" },
183 { "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON,
184 NULL, "gpgconf-scdaemon.conf" },
185 { "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR,
186 NULL, "gpgconf-dirmngr.conf" },
187 { "DirMngr LDAP Server List", NULL, 0,
188 NULL, "ldapserverlist-file", "LDAP Server" },
189 };
190
191 \f
192 /* Option configuration. */
193
194 /* An option might take an argument, or not. Argument types can be
195 basic or complex. Basic types are generic and easy to validate.
196 Complex types provide more specific information about the intended
197 use, but can be difficult to validate. If you add to this enum,
198 don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
199 NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
200 INTERFACE. */
201 typedef enum
202 {
203 /* Basic argument types. */
204
205 /* No argument. */
206 GC_ARG_TYPE_NONE = 0,
207
208 /* A String argument. */
209 GC_ARG_TYPE_STRING = 1,
210
211 /* A signed integer argument. */
212 GC_ARG_TYPE_INT32 = 2,
213
214 /* An unsigned integer argument. */
215 GC_ARG_TYPE_UINT32 = 3,
216
217 /* ADD NEW BASIC TYPE ENTRIES HERE. */
218
219 /* Complex argument types. */
220
221 /* A complete filename. */
222 GC_ARG_TYPE_FILENAME = 32,
223
224 /* An LDAP server in the format
225 HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
226 GC_ARG_TYPE_LDAP_SERVER = 33,
227
228 /* A 40 character fingerprint. */
229 GC_ARG_TYPE_KEY_FPR = 34,
230
231 /* A user ID or key ID or fingerprint for a certificate. */
232 GC_ARG_TYPE_PUB_KEY = 35,
233
234 /* A user ID or key ID or fingerprint for a certificate with a key. */
235 GC_ARG_TYPE_SEC_KEY = 36,
236
237 /* A alias list made up of a key, an equal sign and a space
238 separated list of values. */
239 GC_ARG_TYPE_ALIAS_LIST = 37,
240
241 /* ADD NEW COMPLEX TYPE ENTRIES HERE. */
242
243 /* The number of the above entries. */
244 GC_ARG_TYPE_NR
245 } gc_arg_type_t;
246
247
248 /* For every argument, we record some information about it in the
249 following struct. */
250 static struct
251 {
252 /* For every argument type exists a basic argument type that can be
253 used as a fallback for input and validation purposes. */
254 gc_arg_type_t fallback;
255
256 /* Human-readable name of the type. */
257 const char *name;
258 } gc_arg_type[GC_ARG_TYPE_NR] =
259 {
260 /* The basic argument types have their own types as fallback. */
261 { GC_ARG_TYPE_NONE, "none" },
262 { GC_ARG_TYPE_STRING, "string" },
263 { GC_ARG_TYPE_INT32, "int32" },
264 { GC_ARG_TYPE_UINT32, "uint32" },
265
266 /* Reserved basic type entries for future extension. */
267 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
268 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
269 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
270 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
271 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
272 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
273 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
274 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
275 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
276 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
277 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
278 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
279 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
280 { GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
281
282 /* The complex argument types have a basic type as fallback. */
283 { GC_ARG_TYPE_STRING, "filename" },
284 { GC_ARG_TYPE_STRING, "ldap server" },
285 { GC_ARG_TYPE_STRING, "key fpr" },
286 { GC_ARG_TYPE_STRING, "pub key" },
287 { GC_ARG_TYPE_STRING, "sec key" },
288 { GC_ARG_TYPE_STRING, "alias list" },
289 };
290
291
292 /* Every option has an associated expert level, than can be used to
293 hide advanced and expert options from beginners. If you add to
294 this list, don't forget to update GC_LEVEL below. YOU MUST NOT
295 CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
296 EXTERNAL INTERFACE. */
297 typedef enum
298 {
299 /* The basic options should always be displayed. */
300 GC_LEVEL_BASIC,
301
302 /* The advanced options may be hidden from beginners. */
303 GC_LEVEL_ADVANCED,
304
305 /* The expert options should only be displayed to experts. */
306 GC_LEVEL_EXPERT,
307
308 /* The invisible options should normally never be displayed. */
309 GC_LEVEL_INVISIBLE,
310
311 /* The internal options are never exported, they mark options that
312 are recorded for internal use only. */
313 GC_LEVEL_INTERNAL,
314
315 /* ADD NEW ENTRIES HERE. */
316
317 /* The number of the above entries. */
318 GC_LEVEL_NR
319 } gc_expert_level_t;
320
321 /* A description for each expert level. */
322 static struct
323 {
324 const char *name;
325 } gc_level[] =
326 {
327 { "basic" },
328 { "advanced" },
329 { "expert" },
330 { "invisible" },
331 { "internal" }
332 };
333
334
335 /* Option flags. The flags which are used by the backends are defined
336 by gc-opt-flags.h, included above.
337
338 YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
339 PART OF THE EXTERNAL INTERFACE. */
340
341 /* Some entries in the option list are not options, but mark the
342 beginning of a new group of options. These entries have the GROUP
343 flag set. */
344 #define GC_OPT_FLAG_GROUP (1UL << 0)
345 /* The ARG_OPT flag for an option indicates that the argument is
346 optional. This is never set for GC_ARG_TYPE_NONE options. */
347 #define GC_OPT_FLAG_ARG_OPT (1UL << 1)
348 /* The LIST flag for an option indicates that the option can occur
349 several times. A comma separated list of arguments is used as the
350 argument value. */
351 #define GC_OPT_FLAG_LIST (1UL << 2)
352 /* The NO_CHANGE flag for an option indicates that the user should not
353 be allowed to change this option using the standard gpgconf method.
354 Frontends using gpgconf should grey out such options, so that only
355 the current value is displayed. */
356 #define GC_OPT_FLAG_NO_CHANGE (1UL <<7)
357
358
359 /* A human-readable description for each flag. */
360 static struct
361 {
362 const char *name;
363 } gc_flag[] =
364 {
365 { "group" },
366 { "optional arg" },
367 { "list" },
368 { "runtime" },
369 { "default" },
370 { "default desc" },
371 { "no arg desc" },
372 { "no change" }
373 };
374
375
376 /* To each option, or group marker, the information in the GC_OPTION
377 struct is provided. If you change this, don't forget to update the
378 option list of each component. */
379 struct gc_option
380 {
381 /* If this is NULL, then this is a terminator in an array of unknown
382 length. Otherwise, if this entry is a group marker (see FLAGS),
383 then this is the name of the group described by this entry.
384 Otherwise it is the name of the option described by this
385 entry. The name must not contain a colon. */
386 const char *name;
387
388 /* The option flags. If the GROUP flag is set, then this entry is a
389 group marker, not an option, and only the fields LEVEL,
390 DESC_DOMAIN and DESC are valid. In all other cases, this entry
391 describes a new option and all fields are valid. */
392 unsigned long flags;
393
394 /* The expert level. This field is valid for options and groups. A
395 group has the expert level of the lowest-level option in the
396 group. */
397 gc_expert_level_t level;
398
399 /* A gettext domain in which the following description can be found.
400 If this is NULL, then DESC is not translated. Valid for groups
401 and options.
402
403 Note that we try to keep the description of groups within the
404 gnupg domain.
405
406 IMPORTANT: If you add a new domain please make sure to add a code
407 set switching call to the function my_dgettext further below. */
408 const char *desc_domain;
409
410 /* A gettext description for this group or option. If it starts
411 with a '|', then the string up to the next '|' describes the
412 argument, and the description follows the second '|'.
413
414 In general enclosing these description in N_() is not required
415 because the description should be identical to the one in the
416 help menu of the respective program. */
417 const char *desc;
418
419 /* The following fields are only valid for options. */
420
421 /* The type of the option argument. */
422 gc_arg_type_t arg_type;
423
424 /* The backend that implements this option. */
425 gc_backend_t backend;
426
427 /* The following fields are set to NULL at startup (because all
428 option's are declared as static variables). They are at the end
429 of the list so that they can be omitted from the option
430 declarations. */
431
432 /* This is true if the option is supported by this version of the
433 backend. */
434 int active;
435
436 /* The default value for this option. This is NULL if the option is
437 not present in the backend, the empty string if no default is
438 available, and otherwise a quoted string. */
439 char *default_value;
440
441 /* The default argument is only valid if the "optional arg" flag is
442 set, and specifies the default argument (value) that is used if
443 the argument is omitted. */
444 char *default_arg;
445
446 /* The current value of this option. */
447 char *value;
448
449 /* The new flags for this option. The only defined flag is actually
450 GC_OPT_FLAG_DEFAULT, and it means that the option should be
451 deleted. In this case, NEW_VALUE is NULL. */
452 unsigned long new_flags;
453
454 /* The new value of this option. */
455 char *new_value;
456 };
457 typedef struct gc_option gc_option_t;
458
459 /* Use this macro to terminate an option list. */
460 #define GC_OPTION_NULL { NULL }
461
462 \f
463 /* The options of the GC_COMPONENT_GPG_AGENT component. */
464 static gc_option_t gc_options_gpg_agent[] =
465 {
466 /* The configuration file to which we write the changes. */
467 { "gpgconf-gpg-agent.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
468 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
469
470 { "Monitor",
471 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
472 "gnupg", N_("Options controlling the diagnostic output") },
473 { "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
474 "gnupg", "verbose",
475 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
476 { "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
477 "gnupg", "be somewhat more quiet",
478 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
479 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
480 NULL, NULL,
481 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
482
483 { "Configuration",
484 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
485 "gnupg", N_("Options controlling the configuration") },
486 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
487 "gnupg", "|FILE|read options from FILE",
488 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
489 { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
490 "gnupg", "do not use the SCdaemon",
491 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
492
493 { "Debug",
494 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
495 "gnupg", N_("Options useful for debugging") },
496 { "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
497 "gnupg", "|LEVEL|set the debugging level to LEVEL",
498 GC_ARG_TYPE_STRING, GC_BACKEND_GPG_AGENT },
499 { "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
500 "gnupg", N_("|FILE|write server mode logs to FILE"),
501 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
502 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
503 NULL, NULL,
504 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
505
506 { "Security",
507 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
508 "gnupg", N_("Options controlling the security") },
509 { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
510 GC_LEVEL_BASIC, "gnupg",
511 "|N|expire cached PINs after N seconds",
512 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
513 { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
514 GC_LEVEL_ADVANCED, "gnupg",
515 N_("|N|expire SSH keys after N seconds"),
516 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
517 { "max-cache-ttl", GC_OPT_FLAG_RUNTIME,
518 GC_LEVEL_EXPERT, "gnupg",
519 N_("|N|set maximum PIN cache lifetime to N seconds"),
520 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
521 { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
522 GC_LEVEL_EXPERT, "gnupg",
523 N_("|N|set maximum SSH key lifetime to N seconds"),
524 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
525 { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
526 GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
527 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
528 { "allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
529 GC_LEVEL_ADVANCED, "gnupg", "allow clients to mark keys as \"trusted\"",
530 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
531 { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
532 "gnupg", "do not grab keyboard and mouse",
533 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
534
535 { "Passphrase policy",
536 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
537 "gnupg", N_("Options enforcing a passphrase policy") },
538 { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
539 GC_LEVEL_EXPERT, "gnupg",
540 N_("do not allow to bypass the passphrase policy"),
541 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
542 { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
543 GC_LEVEL_ADVANCED, "gnupg",
544 N_("|N|set minimal required length for new passphrases to N"),
545 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
546 { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
547 GC_LEVEL_EXPERT, "gnupg",
548 N_("|N|require at least N non-alpha characters for a new passphrase"),
549 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
550 { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
551 GC_LEVEL_EXPERT,
552 "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
553 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
554 { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
555 GC_LEVEL_EXPERT, "gnupg",
556 N_("|N|expire the passphrase after N days"),
557 GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
558 { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
559 GC_LEVEL_EXPERT, "gnupg",
560 N_("do not allow the reuse of old passphrases"),
561 GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
562
563 GC_OPTION_NULL
564 };
565
566
567 /* The options of the GC_COMPONENT_SCDAEMON component. */
568 static gc_option_t gc_options_scdaemon[] =
569 {
570 /* The configuration file to which we write the changes. */
571 { "gpgconf-scdaemon.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
572 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
573
574 { "Monitor",
575 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
576 "gnupg", N_("Options controlling the diagnostic output") },
577 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
578 "gnupg", "verbose",
579 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
580 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
581 "gnupg", "be somewhat more quiet",
582 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
583 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
584 NULL, NULL,
585 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
586
587 { "Configuration",
588 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
589 "gnupg", N_("Options controlling the configuration") },
590 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
591 "gnupg", "|FILE|read options from FILE",
592 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
593 { "reader-port", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
594 "gnupg", "|N|connect to reader at port N",
595 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
596 { "ctapi-driver", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
597 "gnupg", "|NAME|use NAME as ct-API driver",
598 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
599 { "pcsc-driver", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
600 "gnupg", "|NAME|use NAME as PC/SC driver",
601 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
602 { "disable-opensc", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
603 "gnupg", "do not use the OpenSC layer",
604 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
605 { "disable-ccid", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
606 "gnupg", "do not use the internal CCID driver",
607 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
608 { "disable-keypad", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
609 "gnupg", "do not use a reader's keypad",
610 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
611
612 { "Debug",
613 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
614 "gnupg", N_("Options useful for debugging") },
615 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
616 "gnupg", "|LEVEL|set the debugging level to LEVEL",
617 GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
618 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
619 "gnupg", N_("|FILE|write server mode logs to FILE"),
620 GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
621
622 { "Security",
623 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
624 "gnupg", N_("Options controlling the security") },
625 { "allow-admin", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
626 "gnupg", "allow the use of admin card commands",
627 GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
628
629
630 GC_OPTION_NULL
631 };
632
633
634 /* The options of the GC_COMPONENT_GPG component. */
635 static gc_option_t gc_options_gpg[] =
636 {
637 /* The configuration file to which we write the changes. */
638 { "gpgconf-gpg.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
639 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
640
641 { "Monitor",
642 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
643 "gnupg", N_("Options controlling the diagnostic output") },
644 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
645 "gnupg", "verbose",
646 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
647 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
648 "gnupg", "be somewhat more quiet",
649 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
650 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
651 NULL, NULL,
652 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
653
654 { "Configuration",
655 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
656 "gnupg", N_("Options controlling the configuration") },
657 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
658 "gnupg", N_("|NAME|use NAME as default secret key"),
659 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
660 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
661 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
662 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
663 { "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
664 "gnupg", N_("|SPEC|set up email aliases"),
665 GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
666 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
667 "gnupg", "|FILE|read options from FILE",
668 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
669
670 { "Debug",
671 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
672 "gnupg", N_("Options useful for debugging") },
673 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
674 "gnupg", "|LEVEL|set the debugging level to LEVEL",
675 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
676 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
677 "gnupg", N_("|FILE|write server mode logs to FILE"),
678 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
679 /* { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE, */
680 /* NULL, NULL, */
681 /* GC_ARG_TYPE_UINT32, GC_BACKEND_GPG }, */
682
683 { "Keyserver",
684 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
685 "gnupg", N_("Configuration for Keyservers") },
686 { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
687 "gnupg", N_("|URL|use keyserver at URL"),
688 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
689 { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
690 "gnupg", N_("allow PKA lookups (DNS requests)"),
691 GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
692 { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
693 "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
694 GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
695
696
697 GC_OPTION_NULL
698 };
699
700
701
702 /* The options of the GC_COMPONENT_GPGSM component. */
703 static gc_option_t gc_options_gpgsm[] =
704 {
705 /* The configuration file to which we write the changes. */
706 { "gpgconf-gpgsm.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
707 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
708
709 { "Monitor",
710 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
711 "gnupg", N_("Options controlling the diagnostic output") },
712 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
713 "gnupg", "verbose",
714 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
715 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
716 "gnupg", "be somewhat more quiet",
717 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
718 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
719 NULL, NULL,
720 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
721
722 { "Configuration",
723 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
724 "gnupg", N_("Options controlling the configuration") },
725 { "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
726 "gnupg", N_("|NAME|use NAME as default secret key"),
727 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
728 { "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
729 "gnupg", N_("|NAME|encrypt to user ID NAME as well"),
730 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
731 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
732 "gnupg", "|FILE|read options from FILE",
733 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
734 { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
735 "gnupg", "use system's dirmngr if available",
736 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
737 { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
738 "gnupg", N_("disable all access to the dirmngr"),
739 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
740 { "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
741 "gnupg", N_("|NAME|use encoding NAME for PKCS#12 passphrases"),
742 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
743 { "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
744 "gnupg", N_("|SPEC|use this keyserver to lookup keys"),
745 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
746
747 { "Debug",
748 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
749 "gnupg", N_("Options useful for debugging") },
750 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
751 "gnupg", "|LEVEL|set the debugging level to LEVEL",
752 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
753 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
754 "gnupg", N_("|FILE|write server mode logs to FILE"),
755 GC_ARG_TYPE_FILENAME, GC_BACKEND_GPGSM },
756 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
757 NULL, NULL,
758 GC_ARG_TYPE_UINT32, GC_BACKEND_GPGSM },
759
760 { "Security",
761 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
762 "gnupg", N_("Options controlling the security") },
763 { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
764 "gnupg", "never consult a CRL",
765 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
766 { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
767 "gnupg", N_("do not check CRLs for root certificates"),
768 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
769 { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
770 "gnupg", "check validity using OCSP",
771 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
772 { "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
773 "gnupg", "|N|number of certificates to include",
774 GC_ARG_TYPE_INT32, GC_BACKEND_GPGSM },
775 { "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
776 "gnupg", "do not check certificate policies",
777 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
778 { "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
779 "gnupg", "fetch missing issuer certificates",
780 GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
781 { "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
782 "gnupg", "|NAME|use cipher algorithm NAME",
783 GC_ARG_TYPE_STRING, GC_BACKEND_GPGSM },
784
785 GC_OPTION_NULL
786 };
787
788
789 /* The options of the GC_COMPONENT_DIRMNGR component. */
790 static gc_option_t gc_options_dirmngr[] =
791 {
792 /* The configuration file to which we write the changes. */
793 { "gpgconf-dirmngr.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
794 NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
795
796 { "Monitor",
797 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
798 "gnupg", N_("Options controlling the diagnostic output") },
799 { "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
800 "dirmngr", "verbose",
801 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
802 { "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
803 "dirmngr", "be somewhat more quiet",
804 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
805 { "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
806 NULL, NULL,
807 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
808
809 { "Format",
810 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
811 "gnupg", N_("Options controlling the format of the output") },
812 { "sh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
813 "dirmngr", "sh-style command output",
814 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
815 { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
816 "dirmngr", "csh-style command output",
817 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
818
819 { "Configuration",
820 GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
821 "gnupg", N_("Options controlling the configuration") },
822 { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
823 "dirmngr", "|FILE|read options from FILE",
824 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
825
826 { "Debug",
827 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
828 "gnupg", N_("Options useful for debugging") },
829 { "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
830 "dirmngr", "|LEVEL|set the debugging level to LEVEL",
831 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
832 { "no-detach", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
833 "dirmngr", "do not detach from the console",
834 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
835 { "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
836 "dirmngr", N_("|FILE|write server mode logs to FILE"),
837 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
838 { "debug-wait", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
839 NULL, NULL,
840 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
841 { "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
842 NULL, NULL,
843 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
844
845 { "Enforcement",
846 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
847 "gnupg", N_("Options controlling the interactivity and enforcement") },
848 { "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
849 "dirmngr", "run without asking a user",
850 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
851 { "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
852 "dirmngr", "force loading of outdated CRLs",
853 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
854
855 { "HTTP",
856 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
857 "gnupg", N_("Configuration for HTTP servers") },
858 { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
859 "dirmngr", "inhibit the use of HTTP",
860 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
861 { "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
862 "dirmngr", "ignore HTTP CRL distribution points",
863 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
864 { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
865 "dirmngr", "|URL|redirect all HTTP requests to URL",
866 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
867 { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
868 "gnupg", N_("use system's HTTP proxy setting"),
869 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
870
871 { "LDAP",
872 GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
873 "gnupg", N_("Configuration of LDAP servers to use") },
874 { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
875 "dirmngr", "inhibit the use of LDAP",
876 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
877 { "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
878 "dirmngr", "ignore LDAP CRL distribution points",
879 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
880 { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
881 "dirmngr", "|HOST|use HOST for LDAP queries",
882 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
883 { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
884 "dirmngr", "do not use fallback hosts with --ldap-proxy",
885 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
886 { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
887 "dirmngr", "add new servers discovered in CRL distribution points"
888 " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
889 { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
890 "dirmngr", "|N|set LDAP timeout to N seconds",
891 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
892 /* The following entry must not be removed, as it is required for
893 the GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST. */
894 { "ldapserverlist-file",
895 GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
896 "dirmngr", "|FILE|read LDAP server list from FILE",
897 GC_ARG_TYPE_FILENAME, GC_BACKEND_DIRMNGR },
898 /* This entry must come after at least one entry for
899 GC_BACKEND_DIRMNGR in this component, so that the entry for
900 "ldapserverlist-file will be initialized before this one. */
901 { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
902 "gnupg", N_("LDAP server list"),
903 GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST },
904 { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
905 "dirmngr", "|N|do not return more than N items in one query",
906 GC_ARG_TYPE_UINT32, GC_BACKEND_DIRMNGR },
907
908 { "OCSP",
909 GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
910 "gnupg", N_("Configuration for OCSP") },
911 { "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
912 "dirmngr", "allow sending OCSP requests",
913 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
914 { "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
915 "dirmngr", "ignore certificate contained OCSP service URLs",
916 GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
917 { "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
918 "dirmngr", "|URL|use OCSP responder at URL",
919 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
920 { "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
921 "dirmngr", "|FPR|OCSP response signed by FPR",
922 GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
923
924
925 GC_OPTION_NULL
926 };
927
928 \f
929 /* Component system. Each component is a set of options that can be
930 configured at the same time. If you change this, don't forget to
931 update GC_COMPONENT below. */
932 typedef enum
933 {
934 /* The classic GPG for OpenPGP. */
935 GC_COMPONENT_GPG,
936
937 /* The GPG Agent. */
938 GC_COMPONENT_GPG_AGENT,
939
940 /* The Smardcard Daemon. */
941 GC_COMPONENT_SCDAEMON,
942
943 /* GPG for S/MIME. */
944 GC_COMPONENT_GPGSM,
945
946 /* The LDAP Directory Manager for CRLs. */
947 GC_COMPONENT_DIRMNGR,
948
949 /* The number of components. */
950 GC_COMPONENT_NR
951 } gc_component_t;
952
953
954 /* The information associated with each component. */
955 static struct
956 {
957 /* The name of this component. Must not contain a colon (':')
958 character. */
959 const char *name;
960
961 /* The gettext domain for the description DESC. If this is NULL,
962 then the description is not translated. */
963 const char *desc_domain;
964
965 /* The description for this domain. */
966 const char *desc;
967
968 /* The list of options for this component, terminated by
969 GC_OPTION_NULL. */
970 gc_option_t *options;
971 } gc_component[] =
972 {
973 { "gpg", NULL, "GPG for OpenPGP", gc_options_gpg },
974 { "gpg-agent", NULL, "GPG Agent", gc_options_gpg_agent },
975 { "scdaemon", NULL, "Smartcard Daemon", gc_options_scdaemon },
976 { "gpgsm", NULL, "GPG for S/MIME", gc_options_gpgsm },
977 { "dirmngr", NULL, "Directory Manager", gc_options_dirmngr }
978 };
979
980
981
982 /* Structure used to collect error output of the backend programs. */
983 struct error_line_s;
984 typedef struct error_line_s *error_line_t;
985 struct error_line_s
986 {
987 error_line_t next; /* Link to next item. */
988 const char *fname; /* Name of the config file (points into BUFFER). */
989 unsigned int lineno; /* Line number of the config file. */
990 const char *errtext; /* Text of the error message (points into BUFFER). */
991 char buffer[1]; /* Helper buffer. */
992 };
993
994
995 \f
996 /* Engine specific support. */
997 void
998 gpg_agent_runtime_change (void)
999 {
1000 #ifndef HAVE_W32_SYSTEM
1001 char *agent = getenv ("GPG_AGENT_INFO");
1002 char *pid_str;
1003 unsigned long pid_long;
1004 char *tail;
1005 pid_t pid;
1006
1007 if (!agent)
1008 return;
1009
1010 pid_str = strchr (agent, ':');
1011 if (!pid_str)
1012 return;
1013
1014 pid_str++;
1015 errno = 0;
1016 pid_long = strtoul (pid_str, &tail, 0);
1017 if (errno || (*tail != ':' && *tail != '\0'))
1018 return;
1019
1020 pid = (pid_t) pid_long;
1021
1022 /* Check for overflow. */
1023 if (pid_long != (unsigned long) pid)
1024 return;
1025
1026 /* Ignore any errors here. */
1027 kill (pid, SIGHUP);
1028 #else
1029 gpg_error_t err;
1030 const char *pgmname;
1031 const char *argv[2];
1032 pid_t pid;
1033
1034 pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1035 argv[0] = "reloadagent";
1036 argv[1] = NULL;
1037
1038 err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1039 if (!err)
1040 err = gnupg_wait_process (pgmname, pid, NULL);
1041 if (err)
1042 gc_error (0, 0, "error running `%s%s': %s",
1043 pgmname, " reloadagent", gpg_strerror (err));
1044 #endif /*!HAVE_W32_SYSTEM*/
1045 }
1046
1047
1048 \f
1049 /* More or less Robust version of dgettext. It has the side effect of
1050 switching the codeset to utf-8 because this is what we want to
1051 output. In theory it is posible to keep the orginal code set and
1052 switch back for regular disgnostic output (redefine "_(" for that)
1053 but given the natur of this tool, being something invoked from
1054 other pograms, it does not make much sense. */
1055 static const char *
1056 my_dgettext (const char *domain, const char *msgid)
1057 {
1058 #ifdef USE_SIMPLE_GETTEXT
1059 if (domain)
1060 {
1061 static int switched_codeset;
1062 char *text;
1063
1064 if (!switched_codeset)
1065 {
1066 switched_codeset = 1;
1067 gettext_select_utf8 (1);
1068 }
1069
1070 if (!strcmp (domain, "gnupg"))
1071 domain = PACKAGE_GT;
1072
1073 /* FIXME: we have no dgettext, thus we can't switch. */
1074
1075 text = gettext (msgid);
1076 return text ? text : msgid;
1077 }
1078 #elif defined(ENABLE_NLS)
1079 if (domain)
1080 {
1081 static int switched_codeset;
1082 char *text;
1083
1084 if (!switched_codeset)
1085 {
1086 switched_codeset = 1;
1087 bind_textdomain_codeset (PACKAGE_GT, "utf-8");
1088
1089 bindtextdomain ("dirmngr", LOCALEDIR);
1090 bind_textdomain_codeset ("dirmngr", "utf-8");
1091
1092 }
1093
1094 /* Note: This is a hack to actually use the gnupg2 domain as
1095 long we are in a transition phase where gnupg 1.x and 1.9 may
1096 coexist. */
1097 if (!strcmp (domain, "gnupg"))
1098 domain = PACKAGE_GT;
1099
1100 text = dgettext (domain, msgid);
1101 return text ? text : msgid;
1102 }
1103 else
1104 #endif
1105 return msgid;
1106 }
1107
1108
1109 /* Percent-Escape special characters. The string is valid until the
1110 next invocation of the function. */
1111 char *
1112 gc_percent_escape (const char *src)
1113 {
1114 static char *esc_str;
1115 static int esc_str_len;
1116 int new_len = 3 * strlen (src) + 1;
1117 char *dst;
1118
1119 if (esc_str_len < new_len)
1120 {
1121 char *new_esc_str = realloc (esc_str, new_len);
1122 if (!new_esc_str)
1123 gc_error (1, errno, "can not escape string");
1124 esc_str = new_esc_str;
1125 esc_str_len = new_len;
1126 }
1127
1128 dst = esc_str;
1129 while (*src)
1130 {
1131 if (*src == '%')
1132 {
1133 *(dst++) = '%';
1134 *(dst++) = '2';
1135 *(dst++) = '5';
1136 }
1137 else if (*src == ':')
1138 {
1139 /* The colon is used as field separator. */
1140 *(dst++) = '%';
1141 *(dst++) = '3';
1142 *(dst++) = 'a';
1143 }
1144 else if (*src == ',')
1145 {
1146 /* The comma is used as list separator. */
1147 *(dst++) = '%';
1148 *(dst++) = '2';
1149 *(dst++) = 'c';
1150 }
1151 else
1152 *(dst++) = *(src);
1153 src++;
1154 }
1155 *dst = '\0';
1156 return esc_str;
1157 }
1158
1159
1160
1161 /* Percent-Deescape special characters. The string is valid until the
1162 next invocation of the function. */
1163 static char *
1164 percent_deescape (const char *src)
1165 {
1166 static char *str;
1167 static int str_len;
1168 int new_len = 3 * strlen (src) + 1;
1169 char *dst;
1170
1171 if (str_len < new_len)
1172 {
1173 char *new_str = realloc (str, new_len);
1174 if (!new_str)
1175 gc_error (1, errno, "can not deescape string");
1176 str = new_str;
1177 str_len = new_len;
1178 }
1179
1180 dst = str;
1181 while (*src)
1182 {
1183 if (*src == '%')
1184 {
1185 int val = hextobyte (src + 1);
1186
1187 if (val < 0)
1188 gc_error (1, 0, "malformed end of string %s", src);
1189
1190 *(dst++) = (char) val;
1191 src += 3;
1192 }
1193 else
1194 *(dst++) = *(src++);
1195 }
1196 *dst = '\0';
1197 return str;
1198 }
1199
1200 \f
1201 /* List all components that are available. */
1202 void
1203 gc_component_list_components (FILE *out)
1204 {
1205 gc_component_t component;
1206 gc_option_t *option;
1207 gc_backend_t backend;
1208 int backend_seen[GC_BACKEND_NR];
1209 const char *desc;
1210 const char *pgmname;
1211
1212 for (component = 0; component < GC_COMPONENT_NR; component++)
1213 {
1214 option = gc_component[component].options;
1215 if (option)
1216 {
1217 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1218 backend_seen[backend] = 0;
1219
1220 pgmname = "";
1221 for (; option && option->name; option++)
1222 {
1223 if ((option->flags & GC_OPT_FLAG_GROUP))
1224 continue;
1225 backend = option->backend;
1226 if (backend_seen[backend])
1227 continue;
1228 backend_seen[backend] = 1;
1229 assert (backend != GC_BACKEND_ANY);
1230 if (gc_backend[backend].program
1231 && !gc_backend[backend].module_name)
1232 continue;
1233 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1234 break;
1235 }
1236
1237 desc = gc_component[component].desc;
1238 desc = my_dgettext (gc_component[component].desc_domain, desc);
1239 fprintf (out, "%s:%s:",
1240 gc_component[component].name, gc_percent_escape (desc));
1241 fprintf (out, "%s\n", gc_percent_escape (pgmname));
1242 }
1243 }
1244 }
1245
1246
1247 \f
1248 static int
1249 all_digits_p (const char *p, size_t len)
1250 {
1251 if (!len)
1252 return 0; /* No. */
1253 for (; len; len--, p++)
1254 if (!isascii (*p) || !isdigit (*p))
1255 return 0; /* No. */
1256 return 1; /* Yes. */
1257 }
1258
1259
1260 /* Collect all error lines from file descriptor FD. Only lines
1261 prefixed with TAG are considered. Close that file descriptor
1262 then. Returns a list of error line items (which may be empty).
1263 There is no error return. */
1264 static error_line_t
1265 collect_error_output (int fd, const char *tag)
1266 {
1267 FILE *fp;
1268 char buffer[1024];
1269 char *p, *p2, *p3;
1270 int c, cont_line;
1271 unsigned int pos;
1272 error_line_t eitem, errlines, *errlines_tail;
1273 size_t taglen = strlen (tag);
1274
1275 fp = fdopen (fd, "r");
1276 if (!fp)
1277 gc_error (1, errno, "can't fdopen pipe for reading");
1278
1279 errlines = NULL;
1280 errlines_tail = &errlines;
1281 pos = 0;
1282 cont_line = 0;
1283 while ((c=getc (fp)) != EOF)
1284 {
1285 buffer[pos++] = c;
1286 if (pos >= sizeof buffer - 5 || c == '\n')
1287 {
1288 buffer[pos - (c == '\n')] = 0;
1289 if (cont_line)
1290 ; /*Ignore continuations of previous line. */
1291 else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
1292 {
1293 /* "gpgsm: foo:4: bla" */
1294 /* Yep, we are interested in this line. */
1295 p = buffer + taglen + 1;
1296 while (*p == ' ' || *p == '\t')
1297 p++;
1298 if (!*p)
1299 ; /* Empty lines are ignored. */
1300 else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
1301 && all_digits_p (p2+1, p3 - (p2+1)))
1302 {
1303 /* Line in standard compiler format. */
1304 p3++;
1305 while (*p3 == ' ' || *p3 == '\t')
1306 p3++;
1307 eitem = xmalloc (sizeof *eitem + strlen (p));
1308 eitem->next = NULL;
1309 strcpy (eitem->buffer, p);
1310 eitem->fname = eitem->buffer;
1311 eitem->buffer[p2-p] = 0;
1312 eitem->errtext = eitem->buffer + (p3 - p);
1313 /* (we already checked that there are only ascii
1314 digits followed by a colon) */
1315 eitem->lineno = 0;
1316 for (p2++; isdigit (*p2); p2++)
1317 eitem->lineno = eitem->lineno*10 + (*p2 - '0');
1318 *errlines_tail = eitem;
1319 errlines_tail = &eitem->next;
1320 }
1321 else
1322 {
1323 /* Other error output. */
1324 eitem = xmalloc (sizeof *eitem + strlen (p));
1325 eitem->next = NULL;
1326 strcpy (eitem->buffer, p);
1327 eitem->fname = NULL;
1328 eitem->errtext = eitem->buffer;
1329 eitem->lineno = 0;
1330 *errlines_tail = eitem;
1331 errlines_tail = &eitem->next;
1332 }
1333 }
1334 pos = 0;
1335 /* If this was not a complete line mark that we are in a
1336 continuation. */
1337 cont_line = (c != '\n');
1338 }
1339 }
1340
1341 /* We ignore error lines not terminated by a LF. */
1342
1343 fclose (fp);
1344 return errlines;
1345 }
1346
1347
1348 /* Check the options of a single component. Returns 0 if everything
1349 is OK. */
1350 int
1351 gc_component_check_options (int component, FILE *out, const char *conf_file)
1352 {
1353 gpg_error_t err;
1354 unsigned int result;
1355 int backend_seen[GC_BACKEND_NR];
1356 gc_backend_t backend;
1357 gc_option_t *option;
1358 const char *pgmname;
1359 const char *argv[4];
1360 int i;
1361 pid_t pid;
1362 int exitcode;
1363 int filedes[2];
1364 error_line_t errlines;
1365
1366 /* We use a temporary file to collect the error output. It would be
1367 better to use a pipe here but as of now we have no suitable
1368 fucntion to create a portable pipe outside of exechelp. Thus it
1369 is easier to use the tempfile approach. */
1370
1371 for (backend = 0; backend < GC_BACKEND_NR; backend++)
1372 backend_seen[backend] = 0;
1373
1374 option = gc_component[component].options;
1375 for (; option && option->name; option++)
1376 {
1377 if ((option->flags & GC_OPT_FLAG_GROUP))
1378 continue;
1379 backend = option->backend;
1380 if (backend_seen[backend])
1381 continue;
1382 backend_seen[backend] = 1;
1383 assert (backend != GC_BACKEND_ANY);
1384 if (!gc_backend[backend].program)
1385 continue;
1386 if (!gc_backend[backend].module_name)
1387 continue;
1388
1389 break;
1390 }
1391 if (! option || ! option->name)
1392 return 0;
1393
1394 pgmname = gnupg_module_name (gc_backend[backend].module_name);
1395 i = 0;
1396 if (conf_file)
1397 {
1398 argv[i++] = "--options";
1399 argv[i++] = conf_file;
1400 }
1401 argv[i++] = "--gpgconf-test";
1402 argv[i++] = NULL;
1403
1404 err = gnupg_create_inbound_pipe (filedes);
1405 if (err)
1406 gc_error (1, 0, _("error creating a pipe: %s\n"),
1407 gpg_strerror (err));
1408
1409 result = 0;
1410 errlines = NULL;
1411 if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
1412 {
1413 close (filedes[0]);
1414 close (filedes[1]);
1415 result |= 1; /* Program could not be run. */
1416 }
1417 else
1418 {
1419 close (filedes[1]);
1420 errlines = collect_error_output (filedes[0],
1421 gc_component[component].name);
1422 if (gnupg_wait_process (pgmname, pid, &exitcode))
1423 {
1424 if (exitcode == -1)
1425 result |= 1; /* Program could not be run or it
1426 terminated abnormally. */
1427 result |= 2; /* Program returned an error. */
1428 }
1429 }
1430
1431 /* If the program could not be run, we can't tell whether
1432 the config file is good. */
1433 if (result & 1)
1434 result |= 2;
1435
1436 if (out)
1437 {
1438 const char *desc;
1439 error_line_t errptr;
1440
1441 desc = gc_component[component].desc;
1442 desc = my_dgettext (gc_component[component].desc_domain, desc);
1443 fprintf (out, "%s:%s:",
1444 gc_component[component].name, gc_percent_escape (desc));
1445 fputs (gc_percent_escape (pgmname), out);
1446 fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1447 for (errptr = errlines; errptr; errptr = errptr->next)
1448 {
1449 if (errptr != errlines)
1450 fputs ("\n:::::", out); /* Continuation line. */
1451 if (errptr->fname)
1452 fputs (gc_percent_escape (errptr->fname), out);
1453 putc (':', out);
1454 if (errptr->fname)
1455 fprintf (out, "%u", errptr->lineno);
1456 putc (':', out);
1457 fputs (gc_percent_escape (errptr->errtext), out);
1458 putc (':', out);
1459 }
1460 putc ('\n', out);
1461 }
1462
1463 while (errlines)
1464 {
1465 error_line_t tmp = errlines->next;
1466 xfree (errlines);
1467 errlines = tmp;
1468 }
1469
1470 return result;
1471 }
1472
1473
1474 /* Check all components that are available. */
1475 void
1476 gc_check_programs (FILE *out)
1477 {
1478 gc_component_t component;
1479
1480 for (component = 0; component < GC_COMPONENT_NR; component++)
1481 gc_component_check_options (component, out, NULL);
1482 }
1483
1484
1485 \f
1486 /* Find the component with the name NAME. Returns -1 if not
1487 found. */
1488 int
1489 gc_component_find (const char *name)
1490 {
1491 gc_component_t idx;
1492
1493 for (idx = 0; idx < GC_COMPONENT_NR; idx++)
1494 {
1495 if (gc_component[idx].options
1496 && !strcmp (name, gc_component[idx].name))
1497 return idx;
1498 }
1499 return -1;
1500 }
1501
1502 \f
1503 /* List the option OPTION. */
1504 static void
1505 list_one_option (const gc_option_t *option, FILE *out)
1506 {
1507 const char *desc = NULL;
1508 char *arg_name = NULL;
1509
1510 if (option->desc)
1511 {
1512 desc = my_dgettext (option->desc_domain, option->desc);
1513
1514 if (*desc == '|')
1515 {
1516 const char *arg_tail = strchr (&desc[1], '|');
1517
1518 if (arg_tail)
1519 {
1520 int arg_len = arg_tail - &desc[1];
1521 arg_name = xmalloc (arg_len + 1);
1522 memcpy (arg_name, &desc[1], arg_len);
1523 arg_name[arg_len] = '\0';
1524 desc = arg_tail + 1;
1525 }
1526 }
1527 }
1528
1529
1530 /* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
1531 PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
1532 FIELDS. */
1533
1534 /* The name field. */
1535 fprintf (out, "%s", option->name);
1536
1537 /* The flags field. */
1538 fprintf (out, ":%lu", option->flags);
1539 if (opt.verbose)
1540 {
1541 putc (' ', out);
1542
1543 if (!option->flags)
1544 fprintf (out, "none");
1545 else
1546 {
1547 unsigned long flags = option->flags;
1548 unsigned long flag = 0;
1549 unsigned long first = 1;
1550
1551 while (flags)
1552 {
1553 if (flags & 1)
1554 {
1555 if (first)
1556 first = 0;
1557 else
1558 putc (',', out);
1559 fprintf (out, "%s", gc_flag[flag].name);
1560 }
1561 flags >>= 1;
1562 flag++;
1563 }
1564 }
1565 }
1566
1567 /* The level field. */
1568 fprintf (out, ":%u", option->level);
1569 if (opt.verbose)
1570 fprintf (out, " %s", gc_level[option->level].name);
1571
1572 /* The description field. */
1573 fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
1574
1575 /* The type field. */
1576 fprintf (out, ":%u", option->arg_type);
1577 if (opt.verbose)
1578 fprintf (out, " %s", gc_arg_type[option->arg_type].name);
1579
1580 /* The alternate type field. */
1581 fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
1582 if (opt.verbose)
1583 fprintf (out, " %s",
1584 gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
1585
1586 /* The argument name field. */
1587 fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
1588 if (arg_name)
1589 xfree (arg_name);
1590
1591 /* The default value field. */
1592 fprintf (out, ":%s", option->default_value ? option->default_value : "");
1593
1594 /* The default argument field. */
1595 fprintf (out, ":%s", option->default_arg ? option->default_arg : "");
1596
1597 /* The value field. */
1598 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
1599 && (option->flags & GC_OPT_FLAG_LIST)
1600 && option->value)
1601 /* The special format "1,1,1,1,...,1" is converted to a number
1602 here. */
1603 fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
1604 else
1605 fprintf (out, ":%s", option->value ? option->value : "");
1606
1607 /* ADD NEW FIELDS HERE. */
1608
1609 putc ('\n', out);
1610 }
1611
1612
1613 /* List all options of the component COMPONENT. */
1614 void
1615 gc_component_list_options (int component, FILE *out)
1616 {
1617 const gc_option_t *option = gc_component[component].options;
1618
1619 while (option && option->name)
1620 {
1621 /* Do not output unknown or internal options. */
1622 if (!(option->flags & GC_OPT_FLAG_GROUP)
1623 && (!option->active || option->level == GC_LEVEL_INTERNAL))
1624 {
1625 option++;
1626 continue;
1627 }
1628
1629 if (option->flags & GC_OPT_FLAG_GROUP)
1630 {
1631 const gc_option_t *group_option = option + 1;
1632 gc_expert_level_t level = GC_LEVEL_NR;
1633
1634 /* The manual states that the group level is always the
1635 minimum of the levels of all contained options. Due to
1636 different active options, and because it is hard to
1637 maintain manually, we calculate it here. The value in
1638 the global static table is ignored. */
1639
1640 while (group_option->name)
1641 {
1642 if (group_option->flags & GC_OPT_FLAG_GROUP)
1643 break;
1644 if (group_option->level < level)
1645 level = group_option->level;
1646 group_option++;
1647 }
1648
1649 /* Check if group is empty. */
1650 if (level != GC_LEVEL_NR)
1651 {
1652 gc_option_t opt_copy;
1653
1654 /* Fix up the group level. */
1655 memcpy (&opt_copy, option, sizeof (opt_copy));
1656 opt_copy.level = level;
1657 list_one_option (&opt_copy, out);
1658 }
1659 }
1660 else
1661 list_one_option (option, out);
1662
1663 option++;
1664 }
1665 }
1666
1667
1668 /* Find the option NAME in component COMPONENT, for the backend
1669 BACKEND. If BACKEND is GC_BACKEND_ANY, any backend will match. */
1670 static gc_option_t *
1671 find_option (gc_component_t component, const char *name,
1672 gc_backend_t backend)
1673 {
1674 gc_option_t *option = gc_component[component].options;
1675 while (option->name)
1676 {
1677 if (!(option->flags & GC_OPT_FLAG_GROUP)
1678 && !strcmp (option->name, name)
1679 && (backend == GC_BACKEND_ANY || option->backend == backend))
1680 break;
1681 option++;
1682 }
1683 return option->name ? option : NULL;
1684 }
1685
1686 \f
1687 /* Determine the configuration filename for the component COMPONENT
1688 and backend BACKEND. */
1689 static char *
1690 get_config_filename (gc_component_t component, gc_backend_t backend)
1691 {
1692 char *filename = NULL;
1693 gc_option_t *option = find_option
1694 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
1695 assert (option);
1696 assert (option->arg_type == GC_ARG_TYPE_FILENAME);
1697 assert (!(option->flags & GC_OPT_FLAG_LIST));
1698
1699 if (!option->active || !option->default_value)
1700 gc_error (1, 0, "Option %s, needed by backend %s, was not initialized",
1701 gc_backend[backend].option_config_filename,
1702 gc_backend[backend].name);
1703
1704 if (option->value && *option->value)
1705 filename = percent_deescape (&option->value[1]);
1706 else if (option->default_value && *option->default_value)
1707 filename = percent_deescape (&option->default_value[1]);
1708 else
1709 filename = "";
1710
1711 #ifdef HAVE_DOSISH_SYSTEM
1712 if (!(filename[0]
1713 && filename[1] == ':'
1714 && (filename[2] == '/' || filename[2] == '\\')))
1715 #else
1716 if (filename[0] != '/')
1717 #endif
1718 gc_error (1, 0, "Option %s, needed by backend %s, is not absolute",
1719 gc_backend[backend].option_config_filename,
1720 gc_backend[backend].name);
1721
1722 return filename;
1723 }
1724
1725 \f
1726 /* Retrieve the options for the component COMPONENT from backend
1727 BACKEND, which we already know is a program-type backend. */
1728 static void
1729 retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
1730 {
1731 gpg_error_t err;
1732 int filedes[2];
1733 const char *pgmname;
1734 const char *argv[2];
1735 int exitcode;
1736 pid_t pid;
1737 char *line = NULL;
1738 size_t line_len = 0;
1739 ssize_t length;
1740 FILE *config;
1741 char *config_filename;
1742
1743 err = gnupg_create_inbound_pipe (filedes);
1744 if (err)
1745 gc_error (1, 0, _("error creating a pipe: %s\n"), gpg_strerror (err));
1746
1747 pgmname = (gc_backend[backend].module_name
1748 ? gnupg_module_name (gc_backend[backend].module_name)
1749 : gc_backend[backend].program );
1750 argv[0] = "--gpgconf-list";
1751 argv[1] = NULL;
1752
1753 err = gnupg_spawn_process_fd (pgmname, argv, -1, filedes[1], -1, &pid);
1754 if (err)
1755 {
1756 close (filedes[0]);
1757 close (filedes[1]);
1758 gc_error (1, 0, "could not gather active options from `%s': %s",
1759 pgmname, gpg_strerror (err));
1760 }
1761 close (filedes[1]);
1762 config = fdopen (filedes[0], "r");
1763 if (!config)
1764 gc_error (1, errno, "can't fdopen pipe for reading");
1765
1766 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
1767 {
1768 gc_option_t *option;
1769 char *linep;
1770 unsigned long flags = 0;
1771 char *default_value = NULL;
1772
1773 /* Strip newline and carriage return, if present. */
1774 while (length > 0
1775 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
1776 line[--length] = '\0';
1777
1778 linep = strchr (line, ':');
1779 if (linep)
1780 *(linep++) = '\0';
1781
1782 /* Extract additional flags. Default to none. */
1783 if (linep)
1784 {
1785 char *end;
1786 char *tail;
1787
1788 end = strchr (linep, ':');
1789 if (end)
1790 *(end++) = '\0';
1791
1792 errno = 0;
1793 flags = strtoul (linep, &tail, 0);
1794 if (errno)
1795 gc_error (1, errno, "malformed flags in option %s from %s",
1796 line, pgmname);
1797 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
1798 gc_error (1, 0, "garbage after flags in option %s from %s",
1799 line, pgmname);
1800
1801 linep = end;
1802 }
1803
1804 /* Extract default value, if present. Default to empty if
1805 not. */
1806 if (linep)
1807 {
1808 char *end;
1809
1810 end = strchr (linep, ':');
1811 if (end)
1812 *(end++) = '\0';
1813
1814 if (flags & GC_OPT_FLAG_DEFAULT)
1815 default_value = linep;
1816
1817 linep = end;
1818 }
1819
1820 /* Look up the option in the component and install the
1821 configuration data. */
1822 option = find_option (component, line, backend);
1823 if (option)
1824 {
1825 if (option->active)
1826 gc_error (1, errno, "option %s returned twice from %s",
1827 line, pgmname);
1828 option->active = 1;
1829
1830 option->flags |= flags;
1831 if (default_value && *default_value)
1832 option->default_value = xstrdup (default_value);
1833 }
1834 }
1835 if (length < 0 || ferror (config))
1836 gc_error (1, errno, "error reading from %s",pgmname);
1837 if (fclose (config) && ferror (config))
1838 gc_error (1, errno, "error closing %s", pgmname);
1839
1840 err = gnupg_wait_process (pgmname, pid, &exitcode);
1841 if (err)
1842 gc_error (1, 0, "running %s failed (exitcode=%d): %s",
1843 pgmname, exitcode, gpg_strerror (err));
1844
1845
1846 /* At this point, we can parse the configuration file. */
1847 config_filename = get_config_filename (component, backend);
1848
1849 config = fopen (config_filename, "r");
1850 if (!config)
1851 gc_error (0, errno, "warning: can not open config file %s",
1852 config_filename);
1853 else
1854 {
1855 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
1856 {
1857 char *name;
1858 char *value;
1859 gc_option_t *option;
1860
1861 name = line;
1862 while (*name == ' ' || *name == '\t')
1863 name++;
1864 if (!*name || *name == '#' || *name == '\r' || *name == '\n')
1865 continue;
1866
1867 value = name;
1868 while (*value && *value != ' ' && *value != '\t'
1869 && *value != '#' && *value != '\r' && *value != '\n')
1870 value++;
1871 if (*value == ' ' || *value == '\t')
1872 {
1873 char *end;
1874
1875 *(value++) = '\0';
1876 while (*value == ' ' || *value == '\t')
1877 value++;
1878
1879 end = value;
1880 while (*end && *end != '#' && *end != '\r' && *end != '\n')
1881 end++;
1882 while (end > value && (end[-1] == ' ' || end[-1] == '\t'))
1883 end--;
1884 *end = '\0';
1885 }
1886 else
1887 *value = '\0';
1888
1889 /* Look up the option in the component and install the
1890 configuration data. */
1891 option = find_option (component, line, backend);
1892 if (option)
1893 {
1894 char *opt_value;
1895
1896 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
1897 {
1898 if (*value)
1899 gc_error (0, 0,
1900 "warning: ignoring argument %s for option %s",
1901 value, name);
1902 opt_value = xstrdup ("1");
1903 }
1904 else if (gc_arg_type[option->arg_type].fallback
1905 == GC_ARG_TYPE_STRING)
1906 opt_value = xasprintf ("\"%s", gc_percent_escape (value));
1907 else
1908 {
1909 /* FIXME: Verify that the number is sane. */
1910 opt_value = xstrdup (value);
1911 }
1912
1913 /* Now enter the option into the table. */
1914 if (!(option->flags & GC_OPT_FLAG_LIST))
1915 {
1916 if (option->value)
1917 free (option->value);
1918 option->value = opt_value;
1919 }
1920 else
1921 {
1922 if (!option->value)
1923 option->value = opt_value;
1924 else
1925 {
1926 char *opt_val = opt_value;
1927
1928 option->value = xasprintf ("%s,%s", option->value,
1929 opt_val);
1930 xfree (opt_value);
1931 }
1932 }
1933 }
1934 }
1935
1936 if (length < 0 || ferror (config))
1937 gc_error (1, errno, "error reading from %s", config_filename);
1938 if (fclose (config) && ferror (config))
1939 gc_error (1, errno, "error closing %s", config_filename);
1940 }
1941
1942 xfree (line);
1943 }
1944
1945
1946 /* Retrieve the options for the component COMPONENT from backend
1947 BACKEND, which we already know is of type file list. */
1948 static void
1949 retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
1950 {
1951 gc_option_t *list_option;
1952 gc_option_t *config_option;
1953 char *list_filename;
1954 FILE *list_file;
1955 char *line = NULL;
1956 size_t line_len = 0;
1957 ssize_t length;
1958 char *list = NULL;
1959
1960 list_option = find_option (component,
1961 gc_backend[backend].option_name, GC_BACKEND_ANY);
1962 assert (list_option);
1963 assert (!list_option->active);
1964
1965 list_filename = get_config_filename (component, backend);
1966 list_file = fopen (list_filename, "r");
1967 if (!list_file)
1968 gc_error (0, errno, "warning: can not open list file %s", list_filename);
1969 else
1970 {
1971
1972 while ((length = read_line (list_file, &line, &line_len, NULL)) > 0)
1973 {
1974 char *start;
1975 char *end;
1976 char *new_list;
1977
1978 start = line;
1979 while (*start == ' ' || *start == '\t')
1980 start++;
1981 if (!*start || *start == '#' || *start == '\r' || *start == '\n')
1982 continue;
1983
1984 end = start;
1985 while (*end && *end != '#' && *end != '\r' && *end != '\n')
1986 end++;
1987 /* Walk back to skip trailing white spaces. Looks evil, but
1988 works because of the conditions on START and END imposed
1989 at this point (END is at least START + 1, and START is
1990 not a whitespace character). */
1991 while (*(end - 1) == ' ' || *(end - 1) == '\t')
1992 end--;
1993 *end = '\0';
1994 /* FIXME: Oh, no! This is so lame! Should use realloc and
1995 really append. */
1996 if (list)
1997 {
1998 new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
1999 xfree (list);
2000 list = new_list;
2001 }
2002 else
2003 list = xasprintf ("\"%s", gc_percent_escape (start));
2004 }
2005 if (length < 0 || ferror (list_file))
2006 gc_error (1, errno, "can not read list file %s", list_filename);
2007 }
2008
2009 list_option->active = 1;
2010 list_option->value = list;
2011
2012 /* Fix up the read-only flag. */
2013 config_option = find_option
2014 (component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2015 if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2016 list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
2017
2018 if (list_file && fclose (list_file) && ferror (list_file))
2019 gc_error (1, errno, "error closing %s", list_filename);
2020 xfree (line);
2021 }
2022
2023
2024 /* Retrieve the currently active options and their defaults from all
2025 involved backends for this component. Using -1 for component will
2026 retrieve all options from all components. */
2027 void
2028 gc_component_retrieve_options (int component)
2029 {
2030 int process_all = 0;
2031 int backend_seen[GC_BACKEND_NR];
2032 gc_backend_t backend;
2033 gc_option_t *option;
2034
2035 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2036 backend_seen[backend] = 0;
2037
2038 if (component == -1)
2039 {
2040 process_all = 1;
2041 component = 0;
2042 assert (component < GC_COMPONENT_NR);
2043 }
2044
2045 do
2046 {
2047 option = gc_component[component].options;
2048
2049 while (option && option->name)
2050 {
2051 if (!(option->flags & GC_OPT_FLAG_GROUP))
2052 {
2053 backend = option->backend;
2054
2055 if (backend_seen[backend])
2056 {
2057 option++;
2058 continue;
2059 }
2060 backend_seen[backend] = 1;
2061
2062 assert (backend != GC_BACKEND_ANY);
2063
2064 if (gc_backend[backend].program)
2065 retrieve_options_from_program (component, backend);
2066 else
2067 retrieve_options_from_file (component, backend);
2068 }
2069 option++;
2070 }
2071 }
2072 while (process_all && ++component < GC_COMPONENT_NR);
2073
2074 }
2075
2076
2077 \f
2078 /* Perform a simple validity check based on the type. Return in
2079 NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
2080 type GC_ARG_TYPE_NONE. */
2081 static void
2082 option_check_validity (gc_option_t *option, unsigned long flags,
2083 char *new_value, unsigned long *new_value_nr)
2084 {
2085 char *arg;
2086
2087 if (!option->active)
2088 gc_error (1, 0, "option %s not supported by backend %s",
2089 option->name, gc_backend[option->backend].name);
2090
2091 if (option->new_flags || option->new_value)
2092 gc_error (1, 0, "option %s already changed", option->name);
2093
2094 if (flags & GC_OPT_FLAG_DEFAULT)
2095 {
2096 if (*new_value)
2097 gc_error (1, 0, "argument %s provided for deleted option %s",
2098 new_value, option->name);
2099
2100 return;
2101 }
2102
2103 /* GC_ARG_TYPE_NONE options have special list treatment. */
2104 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
2105 {
2106 char *tail;
2107
2108 errno = 0;
2109 *new_value_nr = strtoul (new_value, &tail, 0);
2110
2111 if (errno)
2112 gc_error (1, errno, "invalid argument for option %s",
2113 option->name);
2114 if (*tail)
2115 gc_error (1, 0, "garbage after argument for option %s",
2116 option->name);
2117
2118 if (!(option->flags & GC_OPT_FLAG_LIST))
2119 {
2120 if (*new_value_nr != 1)
2121 gc_error (1, 0, "argument for non-list option %s of type 0 "
2122 "(none) must be 1", option->name);
2123 }
2124 else
2125 {
2126 if (*new_value_nr == 0)
2127 gc_error (1, 0, "argument for option %s of type 0 (none) "
2128 "must be positive", option->name);
2129 }
2130
2131 return;
2132 }
2133
2134 arg = new_value;
2135 do
2136 {
2137 if (*arg == '\0' || *arg == ',')
2138 {
2139 if (!(option->flags & GC_OPT_FLAG_ARG_OPT))
2140 gc_error (1, 0, "argument required for option %s", option->name);
2141
2142 if (*arg == ',' && !(option->flags & GC_OPT_FLAG_LIST))
2143 gc_error (1, 0, "list found for non-list option %s", option->name);
2144 }
2145 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
2146 {
2147 if (*arg != '"')
2148 gc_error (1, 0, "string argument for option %s must begin "
2149 "with a quote (\") character", option->name);
2150
2151 /* FIXME: We do not allow empty string arguments for now, as
2152 we do not quote arguments in configuration files, and
2153 thus no argument is indistinguishable from the empty
2154 string. */
2155 if (arg[1] == '\0' || arg[1] == ',')
2156 gc_error (1, 0, "empty string argument for option %s is "
2157 "currently not allowed. Please report this!",
2158 option->name);
2159 }
2160 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2161 {
2162 errno = 0;
2163 (void) strtol (arg, &arg, 0);
2164
2165 if (errno)
2166 gc_error (1, errno, "invalid argument for option %s",
2167 option->name);
2168
2169 if (*arg != '\0' && *arg != ',')
2170 gc_error (1, 0, "garbage after argument for option %s",
2171 option->name);
2172 }
2173 else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
2174 {
2175 errno = 0;
2176 (void) strtoul (arg, &arg, 0);
2177
2178 if (errno)
2179 gc_error (1, errno, "invalid argument for option %s",
2180 option->name);
2181
2182 if (*arg != '\0' && *arg != ',')
2183 gc_error (1, 0, "garbage after argument for option %s",
2184 option->name);
2185 }
2186 arg = strchr (arg, ',');
2187 if (arg)
2188 arg++;
2189 }
2190 while (arg && *arg);
2191 }
2192
2193 #ifdef HAVE_W32_SYSTEM
2194 int
2195 copy_file (const char *src_name, const char *dst_name)
2196 {
2197 #define BUF_LEN 4096
2198 char buffer[BUF_LEN];
2199 int len;
2200 FILE *src;
2201 FILE *dst;
2202
2203 src = fopen (src_name, "r");
2204 if (src == NULL)
2205 return -1;
2206
2207 dst = fopen (dst_name, "w");
2208 if (dst == NULL)
2209 {
2210 int saved_err = errno;
2211 fclose (src);
2212 errno = saved_err;
2213 return -1;
2214 }
2215
2216 do
2217 {
2218 int written;
2219
2220 len = fread (buffer, 1, BUF_LEN, src);
2221 if (len == 0)
2222 break;
2223 written = fwrite (buffer, 1, len, dst);
2224 if (written != len)
2225 break;
2226 }
2227 while (!feof (src) && !ferror (src) && !ferror (dst));
2228
2229 if (ferror (src) || ferror (dst) || !feof (src))
2230 {
2231 int saved_errno = errno;
2232 fclose (src);
2233 fclose (dst);
2234 unlink (dst_name);
2235 errno = saved_errno;
2236 return -1;
2237 }
2238
2239 if (fclose (dst) && ferror (dst))
2240 gc_error (1, errno, "error closing %s", dst_name);
2241 if (fclose (src) && ferror (src))
2242 gc_error (1, errno, "error closing %s", src_name);
2243
2244 return 0;
2245 }
2246 #endif /* HAVE_W32_SYSTEM */
2247
2248
2249 /* Create and verify the new configuration file for the specified
2250 backend and component. Returns 0 on success and -1 on error. */
2251 static int
2252 change_options_file (gc_component_t component, gc_backend_t backend,
2253 char **src_filenamep, char **dest_filenamep,
2254 char **orig_filenamep)
2255 {
2256 static const char marker[] = "###+++--- GPGConf ---+++###";
2257 /* True if we are within the marker in the config file. */
2258 int in_marker = 0;
2259 gc_option_t *option;
2260 char *line = NULL;
2261 size_t line_len;
2262 ssize_t length;
2263 int res;
2264 int fd;
2265 FILE *src_file = NULL;
2266 FILE *dest_file = NULL;
2267 char *src_filename;
2268 char *dest_filename;
2269 char *orig_filename;
2270 char *arg;
2271 char *cur_arg = NULL;
2272
2273 option = find_option (component,
2274 gc_backend[backend].option_name, GC_BACKEND_ANY);
2275 assert (option);
2276 assert (option->active);
2277 assert (gc_arg_type[option->arg_type].fallback != GC_ARG_TYPE_NONE);
2278
2279 /* FIXME. Throughout the function, do better error reporting. */
2280 /* Note that get_config_filename() calls percent_deescape(), so we
2281 call this before processing the arguments. */
2282 dest_filename = xstrdup (get_config_filename (component, backend));
2283 src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
2284 orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
2285
2286 arg = option->new_value;
2287 if (arg && arg[0] == '\0')
2288 arg = NULL;
2289 else if (arg)
2290 {
2291 char *end;
2292
2293 arg++;
2294 end = strchr (arg, ',');
2295 if (end)
2296 *end = '\0';
2297
2298 cur_arg = percent_deescape (arg);
2299 if (end)
2300 {
2301 *end = ',';
2302 arg = end + 1;
2303 }
2304 else
2305 arg = NULL;
2306 }
2307
2308 #ifdef HAVE_W32_SYSTEM
2309 res = copy_file (dest_filename, orig_filename);
2310 #else
2311 res = link (dest_filename, orig_filename);
2312 #endif
2313 if (res < 0 && errno != ENOENT)
2314 return -1;
2315 if (res < 0)
2316 {
2317 xfree (orig_filename);
2318 orig_filename = NULL;
2319 }
2320
2321 /* We now initialize the return strings, so the caller can do the
2322 cleanup for us. */
2323 *src_filenamep = src_filename;
2324 *dest_filenamep = dest_filename;
2325 *orig_filenamep = orig_filename;
2326
2327 /* Use open() so that we can use O_EXCL. */
2328 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2329 if (fd < 0)
2330 return -1;
2331 src_file = fdopen (fd, "w");
2332 res = errno;
2333 if (!src_file)
2334 {
2335 errno = res;
2336 return -1;
2337 }
2338
2339 /* Only if ORIG_FILENAME is not NULL did the configuration file
2340 exist already. In this case, we will copy its content into the
2341 new configuration file, changing it to our liking in the
2342 process. */
2343 if (orig_filename)
2344 {
2345 dest_file = fopen (dest_filename, "r");
2346 if (!dest_file)
2347 goto change_file_one_err;
2348
2349 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2350 {
2351 int disable = 0;
2352 char *start;
2353
2354 if (!strncmp (marker, line, sizeof (marker) - 1))
2355 {
2356 if (!in_marker)
2357 in_marker = 1;
2358 else
2359 break;
2360 }
2361
2362 start = line;
2363 while (*start == ' ' || *start == '\t')
2364 start++;
2365 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2366 {
2367 char *end;
2368 char *endp;
2369 char saved_end;
2370
2371 endp = start;
2372 end = endp;
2373
2374 /* Search for the end of the line. */
2375 while (*endp && *endp != '#' && *endp != '\r' && *endp != '\n')
2376 {
2377 endp++;
2378 if (*endp && *endp != ' ' && *endp != '\t'
2379 && *endp != '\r' && *endp != '\n' && *endp != '#')
2380 end = endp + 1;
2381 }
2382 saved_end = *end;
2383 *end = '\0';
2384
2385 if ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2386 || !cur_arg || strcmp (start, cur_arg))
2387 disable = 1;
2388 else
2389 {
2390 /* Find next argument. */
2391 if (arg)
2392 {
2393 char *arg_end;
2394
2395 arg++;
2396 arg_end = strchr (arg, ',');
2397 if (arg_end)
2398 *arg_end = '\0';
2399
2400 cur_arg = percent_deescape (arg);
2401 if (arg_end)
2402 {
2403 *arg_end = ',';
2404 arg = arg_end + 1;
2405 }
2406 else
2407 arg = NULL;
2408 }
2409 else
2410 cur_arg = NULL;
2411 }
2412
2413 *end = saved_end;
2414 }
2415
2416 if (disable)
2417 {
2418 if (!in_marker)
2419 {
2420 fprintf (src_file,
2421 "# GPGConf disabled this option here at %s\n",
2422 asctimestamp (gnupg_get_time ()));
2423 if (ferror (src_file))
2424 goto change_file_one_err;
2425 fprintf (src_file, "# %s", line);
2426 if (ferror (src_file))
2427 goto change_file_one_err;
2428 }
2429 }
2430 else
2431 {
2432 fprintf (src_file, "%s", line);
2433 if (ferror (src_file))
2434 goto change_file_one_err;
2435 }
2436 }
2437 if (length < 0 || ferror (dest_file))
2438 goto change_file_one_err;
2439 }
2440
2441 if (!in_marker)
2442 {
2443 /* There was no marker. This is the first time we edit the
2444 file. We add our own marker at the end of the file and
2445 proceed. Note that we first write a newline, this guards us
2446 against files which lack the newline at the end of the last
2447 line, while it doesn't hurt us in all other cases. */
2448 fprintf (src_file, "\n%s\n", marker);
2449 if (ferror (src_file))
2450 goto change_file_one_err;
2451 }
2452
2453 /* At this point, we have copied everything up to the end marker
2454 into the new file, except for the arguments we are going to add.
2455 Now, dump the new arguments and write the end marker, possibly
2456 followed by the rest of the original file. */
2457 while (cur_arg)
2458 {
2459 fprintf (src_file, "%s\n", cur_arg);
2460
2461 /* Find next argument. */
2462 if (arg)
2463 {
2464 char *end;
2465
2466 arg++;
2467 end = strchr (arg, ',');
2468 if (end)
2469 *end = '\0';
2470
2471 cur_arg = percent_deescape (arg);
2472 if (end)
2473 {
2474 *end = ',';
2475 arg = end + 1;
2476 }
2477 else
2478 arg = NULL;
2479 }
2480 else
2481 cur_arg = NULL;
2482 }
2483
2484 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2485 if (ferror (src_file))
2486 goto change_file_one_err;
2487
2488 if (!in_marker)
2489 {
2490 fprintf (src_file, "# GPGConf edited this configuration file.\n");
2491 if (ferror (src_file))
2492 goto change_file_one_err;
2493 fprintf (src_file, "# It will disable options before this marked "
2494 "block, but it will\n");
2495 if (ferror (src_file))
2496 goto change_file_one_err;
2497 fprintf (src_file, "# never change anything below these lines.\n");
2498 if (ferror (src_file))
2499 goto change_file_one_err;
2500 }
2501 if (dest_file)
2502 {
2503 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2504 {
2505 fprintf (src_file, "%s", line);
2506 if (ferror (src_file))
2507 goto change_file_one_err;
2508 }
2509 if (length < 0 || ferror (dest_file))
2510 goto change_file_one_err;
2511 }
2512 xfree (line);
2513 line = NULL;
2514
2515 res = fclose (src_file);
2516 if (res)
2517 {
2518 res = errno;
2519 close (fd);
2520 if (dest_file)
2521 fclose (dest_file);
2522 errno = res;
2523 return -1;
2524 }
2525 close (fd);
2526 if (dest_file)
2527 {
2528 res = fclose (dest_file);
2529 if (res)
2530 return -1;
2531 }
2532 return 0;
2533
2534 change_file_one_err:
2535 xfree (line);
2536 res = errno;
2537 if (src_file)
2538 {
2539 fclose (src_file);
2540 close (fd);
2541 }
2542 if (dest_file)
2543 fclose (dest_file);
2544 errno = res;
2545 return -1;
2546 }
2547
2548
2549 /* Create and verify the new configuration file for the specified
2550 backend and component. Returns 0 on success and -1 on error. */
2551 static int
2552 change_options_program (gc_component_t component, gc_backend_t backend,
2553 char **src_filenamep, char **dest_filenamep,
2554 char **orig_filenamep)
2555 {
2556 static const char marker[] = "###+++--- GPGConf ---+++###";
2557 /* True if we are within the marker in the config file. */
2558 int in_marker = 0;
2559 gc_option_t *option;
2560 char *line = NULL;
2561 size_t line_len;
2562 ssize_t length;
2563 int res;
2564 int fd;
2565 FILE *src_file = NULL;
2566 FILE *dest_file = NULL;
2567 char *src_filename;
2568 char *dest_filename;
2569 char *orig_filename;
2570 /* Special hack for gpg, see below. */
2571 int utf8strings_seen = 0;
2572
2573 /* FIXME. Throughout the function, do better error reporting. */
2574 dest_filename = xstrdup (get_config_filename (component, backend));
2575 src_filename = xasprintf ("%s.gpgconf.%i.new", dest_filename, getpid ());
2576 orig_filename = xasprintf ("%s.gpgconf.%i.bak", dest_filename, getpid ());
2577
2578 #ifdef HAVE_W32_SYSTEM
2579 res = copy_file (dest_filename, orig_filename);
2580 #else
2581 res = link (dest_filename, orig_filename);
2582 #endif
2583 if (res < 0 && errno != ENOENT)
2584 return -1;
2585 if (res < 0)
2586 {
2587 xfree (orig_filename);
2588 orig_filename = NULL;
2589 }
2590
2591 /* We now initialize the return strings, so the caller can do the
2592 cleanup for us. */
2593 *src_filenamep = src_filename;
2594 *dest_filenamep = dest_filename;
2595 *orig_filenamep = orig_filename;
2596
2597 /* Use open() so that we can use O_EXCL. */
2598 fd = open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
2599 if (fd < 0)
2600 return -1;
2601 src_file = fdopen (fd, "w");
2602 res = errno;
2603 if (!src_file)
2604 {
2605 errno = res;
2606 return -1;
2607 }
2608
2609 /* Only if ORIG_FILENAME is not NULL did the configuration file
2610 exist already. In this case, we will copy its content into the
2611 new configuration file, changing it to our liking in the
2612 process. */
2613 if (orig_filename)
2614 {
2615 dest_file = fopen (dest_filename, "r");
2616 if (!dest_file)
2617 goto change_one_err;
2618
2619 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2620 {
2621 int disable = 0;
2622 char *start;
2623
2624 if (!strncmp (marker, line, sizeof (marker) - 1))
2625 {
2626 if (!in_marker)
2627 in_marker = 1;
2628 else
2629 break;
2630 }
2631 else if (backend == GC_BACKEND_GPG && in_marker
2632 && ! strcmp ("utf8-strings\n", line))
2633 {
2634 /* Strip duplicated entries. */
2635 if (utf8strings_seen)
2636 disable = 1;
2637 else
2638 utf8strings_seen = 1;
2639 }
2640
2641 start = line;
2642 while (*start == ' ' || *start == '\t')
2643 start++;
2644 if (*start && *start != '\r' && *start != '\n' && *start != '#')
2645 {
2646 char *end;
2647 char saved_end;
2648
2649 end = start;
2650 while (*end && *end != ' ' && *end != '\t'
2651 && *end != '\r' && *end != '\n' && *end != '#')
2652 end++;
2653 saved_end = *end;
2654 *end = '\0';
2655
2656 option = find_option (component, start, backend);
2657 *end = saved_end;
2658 if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
2659 || option->new_value))
2660 disable = 1;
2661 }
2662 if (disable)
2663 {
2664 if (!in_marker)
2665 {
2666 fprintf (src_file,
2667 "# GPGConf disabled this option here at %s\n",
2668 asctimestamp (gnupg_get_time ()));
2669 if (ferror (src_file))
2670 goto change_one_err;
2671 fprintf (src_file, "# %s", line);
2672 if (ferror (src_file))
2673 goto change_one_err;
2674 }
2675 }
2676 else
2677 {
2678 fprintf (src_file, "%s", line);
2679 if (ferror (src_file))
2680 goto change_one_err;
2681 }
2682 }
2683 if (length < 0 || ferror (dest_file))
2684 goto change_one_err;
2685 }
2686
2687 if (!in_marker)
2688 {
2689 /* There was no marker. This is the first time we edit the
2690 file. We add our own marker at the end of the file and
2691 proceed. Note that we first write a newline, this guards us
2692 against files which lack the newline at the end of the last
2693 line, while it doesn't hurt us in all other cases. */
2694 fprintf (src_file, "\n%s\n", marker);
2695 if (ferror (src_file))
2696 goto change_one_err;
2697 }
2698 /* At this point, we have copied everything up to the end marker
2699 into the new file, except for the options we are going to change.
2700 Now, dump the changed options (except for those we are going to
2701 revert to their default), and write the end marker, possibly
2702 followed by the rest of the original file. */
2703
2704 /* We have to turn on UTF8 strings for GnuPG. */
2705 if (backend == GC_BACKEND_GPG && ! utf8strings_seen)
2706 fprintf (src_file, "utf8-strings\n");
2707
2708 option = gc_component[component].options;
2709 while (option->name)
2710 {
2711 if (!(option->flags & GC_OPT_FLAG_GROUP)
2712 && option->backend == backend
2713 && option->new_value)
2714 {
2715 char *arg = option->new_value;
2716
2717 do
2718 {
2719 if (*arg == '\0' || *arg == ',')
2720 {
2721 fprintf (src_file, "%s\n", option->name);
2722 if (ferror (src_file))
2723 goto change_one_err;
2724 }
2725 else if (gc_arg_type[option->arg_type].fallback
2726 == GC_ARG_TYPE_NONE)
2727 {
2728 assert (*arg == '1');
2729 fprintf (src_file, "%s\n", option->name);
2730 if (ferror (src_file))
2731 goto change_one_err;
2732
2733 arg++;
2734 }
2735 else if (gc_arg_type[option->arg_type].fallback
2736 == GC_ARG_TYPE_STRING)
2737 {
2738 char *end;
2739
2740 assert (*arg == '"');
2741 arg++;
2742
2743 end = strchr (arg, ',');
2744 if (end)
2745 *end = '\0';
2746
2747 fprintf (src_file, "%s %s\n", option->name,
2748 percent_deescape (arg));
2749 if (ferror (src_file))
2750 goto change_one_err;
2751
2752 if (end)
2753 *end = ',';
2754 arg = end;
2755 }
2756 else
2757 {
2758 char *end;
2759
2760 end = strchr (arg, ',');
2761 if (end)
2762 *end = '\0';
2763
2764 fprintf (src_file, "%s %s\n", option->name, arg);
2765 if (ferror (src_file))
2766 goto change_one_err;
2767
2768 if (end)
2769 *end = ',';
2770 arg = end;
2771 }
2772
2773 assert (arg == NULL || *arg == '\0' || *arg == ',');
2774 if (arg && *arg == ',')
2775 arg++;
2776 }
2777 while (arg && *arg);
2778 }
2779 option++;
2780 }
2781
2782 fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
2783 if (ferror (src_file))
2784 goto change_one_err;
2785
2786 if (!in_marker)
2787 {
2788 fprintf (src_file, "# GPGConf edited this configuration file.\n");
2789 if (ferror (src_file))
2790 goto change_one_err;
2791 fprintf (src_file, "# It will disable options before this marked "
2792 "block, but it will\n");
2793 if (ferror (src_file))
2794 goto change_one_err;
2795 fprintf (src_file, "# never change anything below these lines.\n");
2796 if (ferror (src_file))
2797 goto change_one_err;
2798 }
2799 if (dest_file)
2800 {
2801 while ((length = read_line (dest_file, &line, &line_len, NULL)) > 0)
2802 {
2803 fprintf (src_file, "%s", line);
2804 if (ferror (src_file))
2805 goto change_one_err;
2806 }
2807 if (length < 0 || ferror (dest_file))
2808 goto change_one_err;
2809 }
2810 xfree (line);
2811 line = NULL;
2812
2813 res = fclose (src_file);
2814 if (res)
2815 {
2816 res = errno;
2817 close (fd);
2818 if (dest_file)
2819 fclose (dest_file);
2820 errno = res;
2821 return -1;
2822 }
2823 close (fd);
2824 if (dest_file)
2825 {
2826 res = fclose (dest_file);
2827 if (res)
2828 return -1;
2829 }
2830 return 0;
2831
2832 change_one_err:
2833 xfree (line);
2834 res = errno;
2835 if (src_file)
2836 {
2837 fclose (src_file);
2838 close (fd);
2839 }
2840 if (dest_file)
2841 fclose (dest_file);
2842 errno = res;
2843 return -1;
2844 }
2845
2846
2847 /* Common code for gc_component_change_options and
2848 gc_process_gpgconf_conf. */
2849 static void
2850 change_one_value (gc_option_t *option, int *runtime,
2851 unsigned long flags, char *new_value)
2852 {
2853 unsigned long new_value_nr = 0;
2854
2855 option_check_validity (option, flags, new_value, &new_value_nr);
2856
2857 if (option->flags & GC_OPT_FLAG_RUNTIME)
2858 runtime[option->backend] = 1;
2859
2860 option->new_flags = flags;
2861 if (!(flags & GC_OPT_FLAG_DEFAULT))
2862 {
2863 if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
2864 && (option->flags & GC_OPT_FLAG_LIST))
2865 {
2866 char *str;
2867
2868 /* We convert the number to a list of 1's for convenient
2869 list handling. */
2870 assert (new_value_nr > 0);
2871 option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
2872 str = option->new_value;
2873 *(str++) = '1';
2874 while (--new_value_nr > 0)
2875 {
2876 *(str++) = ',';
2877 *(str++) = '1';
2878 }
2879 *(str++) = '\0';
2880 }
2881 else
2882 option->new_value = xstrdup (new_value);
2883 }
2884 }
2885
2886
2887 /* Read the modifications from IN and apply them. If IN is NULL the
2888 modifications are expected to already have been set to the global
2889 table. */
2890 void
2891 gc_component_change_options (int component, FILE *in, FILE *out)
2892 {
2893 int err = 0;
2894 int runtime[GC_BACKEND_NR];
2895 char *src_filename[GC_BACKEND_NR];
2896 char *dest_filename[GC_BACKEND_NR];
2897 char *orig_filename[GC_BACKEND_NR];
2898 gc_backend_t backend;
2899 gc_option_t *option;
2900 char *line = NULL;
2901 size_t line_len = 0;
2902 ssize_t length;
2903
2904 for (backend = 0; backend < GC_BACKEND_NR; backend++)
2905 {
2906 runtime[backend] = 0;
2907 src_filename[backend] = NULL;
2908 dest_filename[backend] = NULL;
2909 orig_filename[backend] = NULL;
2910 }
2911
2912 if (in)
2913 {
2914 /* Read options from the file IN. */
2915 while ((length = read_line (in, &line, &line_len, NULL)) > 0)
2916 {
2917 char *linep;
2918 unsigned long flags = 0;
2919 char *new_value = "";
2920
2921 /* Strip newline and carriage return, if present. */
2922 while (length > 0
2923 && (line[length - 1] == '\n' || line[length - 1] == '\r'))
2924 line[--length] = '\0';
2925
2926 linep = strchr (line, ':');
2927 if (linep)
2928 *(linep++) = '\0';
2929
2930 /* Extract additional flags. Default to none. */
2931 if (linep)
2932 {
2933 char *end;
2934 char *tail;
2935
2936 end = strchr (linep, ':');
2937 if (end)
2938 *(end++) = '\0';
2939
2940 errno = 0;
2941 flags = strtoul (linep, &tail, 0);
2942 if (errno)
2943 gc_error (1, errno, "malformed flags in option %s", line);
2944 if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
2945 gc_error (1, 0, "garbage after flags in option %s", line);
2946
2947 linep = end;
2948 }
2949
2950 /* Don't allow setting of the no change flag. */
2951 flags &= ~GC_OPT_FLAG_NO_CHANGE;
2952
2953 /* Extract default value, if present. Default to empty if not. */
2954 if (linep)
2955 {
2956 char *end;
2957 end = strchr (linep, ':');
2958 if (end)
2959 *(end++) = '\0';
2960 new_value = linep;
2961 linep = end;
2962 }
2963
2964 option = find_option (component, line, GC_BACKEND_ANY);
2965 if (!option)
2966 gc_error (1, 0, "unknown option %s", line);
2967
2968 if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
2969 {
2970 gc_error (0, 0, "ignoring new value for option %s",
2971 option->name);
2972 continue;
2973 }
2974
2975 change_one_value (option, runtime, flags, new_value);
2976 }
2977 }
2978
2979 /* Now that we have collected and locally verified the changes,
2980 write them out to new configuration files, verify them
2981 externally, and then commit them. */
2982 option = gc_component[component].options;
2983 while (option && option->name)
2984 {
2985 /* Go on if we have already seen this backend, or if there is
2986 nothing to do. */
2987 if (src_filename[option->backend]
2988 || !(option->new_flags || option->new_value))
2989 {
2990 option++;
2991 continue;
2992 }
2993
2994 if (gc_backend[option->backend].program)
2995 {
2996 err = change_options_program (component, option->backend,
2997 &src_filename[option->backend],
2998 &dest_filename[option->backend],
2999 &orig_filename[option->backend]);
3000 if (! err)
3001 {
3002 /* External verification. */
3003 err = gc_component_check_options (component, out,
3004 src_filename[option->backend]);
3005 if (err)
3006 {
3007 gc_error (0, 0,
3008 _("External verification of component %s failed"),
3009 gc_component[component].name);
3010 errno = EINVAL;
3011 }
3012 }
3013
3014 }
3015 else
3016 err = change_options_file (component, option->backend,
3017 &src_filename[option->backend],
3018 &dest_filename[option->backend],
3019 &orig_filename[option->backend]);
3020
3021 if (err)
3022 break;
3023
3024 option++;
3025 }
3026
3027 if (! err && ! opt.dry_run)
3028 {
3029 int i;
3030
3031 for (i = 0; i < GC_BACKEND_NR; i++)
3032 {
3033 if (src_filename[i])
3034 {
3035 /* FIXME: Make a verification here. */
3036
3037 assert (dest_filename[i]);
3038
3039 if (orig_filename[i])
3040 {
3041 #ifdef HAVE_W32_SYSTEM
3042 /* There is no atomic update on W32. */
3043 err = unlink (dest_filename[i]);
3044 #endif /* HAVE_W32_SYSTEM */
3045 if (!err)
3046 err = rename (src_filename[i], dest_filename[i]);
3047 }
3048 else
3049 {
3050 #ifdef HAVE_W32_SYSTEM
3051 /* We skip the unlink if we expect the file not to
3052 be there. */
3053 err = rename (src_filename[i], dest_filename[i]);
3054 #else /* HAVE_W32_SYSTEM */
3055 /* This is a bit safer than rename() because we
3056 expect DEST_FILENAME not to be there. If it
3057 happens to be there, this will fail. */
3058 err = link (src_filename[i], dest_filename[i]);
3059 if (!err)
3060 err = unlink (src_filename[i]);
3061 #endif /* !HAVE_W32_SYSTEM */
3062 }
3063 if (err)
3064 break;
3065 src_filename[i] = NULL;
3066 }
3067 }
3068 }
3069
3070 if (err || opt.dry_run)
3071 {
3072 int i;
3073 int saved_errno = errno;
3074
3075 /* An error occured or a dry-run is requested. */
3076 for (i = 0; i < GC_BACKEND_NR; i++)
3077 {
3078 if (src_filename[i])
3079 {
3080 /* The change was not yet committed. */
3081 unlink (src_filename[i]);
3082 if (orig_filename[i])
3083 unlink (orig_filename[i]);
3084 }
3085 else
3086 {
3087 /* The changes were already committed. FIXME: This is a
3088 tad dangerous, as we don't know if we don't overwrite
3089 a version of the file that is even newer than the one
3090 we just installed. */
3091 if (orig_filename[i])
3092 {
3093 #ifdef HAVE_W32_SYSTEM
3094 /* There is no atomic update on W32. */
3095 unlink (dest_filename[i]);
3096 #endif /* HAVE_W32_SYSTEM */
3097 rename (orig_filename[i], dest_filename[i]);
3098 }
3099 else
3100 unlink (dest_filename[i]);
3101 }
3102 }
3103 if (err)
3104 gc_error (1, saved_errno, "could not commit changes");
3105
3106 /* Fall-through for dry run. */
3107 goto leave;
3108 }
3109
3110 /* If it all worked, notify the daemons of the changes. */
3111 if (opt.runtime)
3112 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3113 {
3114 if (runtime[backend] && gc_backend[backend].runtime_change)
3115 (*gc_backend[backend].runtime_change) ();
3116 }
3117
3118 /* Move the per-process backup file into its place. */
3119 for (backend = 0; backend < GC_BACKEND_NR; backend++)
3120 if (orig_filename[backend])
3121 {
3122 char *backup_filename;
3123
3124 assert (dest_filename[backend]);
3125
3126 backup_filename = xasprintf ("%s.gpgconf.bak", dest_filename[backend]);
3127
3128 #ifdef HAVE_W32_SYSTEM
3129 /* There is no atomic update on W32. */
3130 unlink (backup_filename);
3131 #endif /* HAVE_W32_SYSTEM */
3132 rename (orig_filename[backend], backup_filename);
3133 }
3134
3135 leave:
3136 xfree (line);
3137 }
3138
3139
3140 /* Check whether USER matches the current user of one of its group.
3141 This function may change USER. Returns true is there is a
3142 match. */
3143 static int
3144 key_matches_user_or_group (char *user)
3145 {
3146 char *group;
3147
3148 if (*user == '*' && user[1] == 0)
3149 return 1; /* A single asterisk matches all users. */
3150
3151 group = strchr (user, ':');
3152 if (group)
3153 *group++ = 0;
3154
3155 #ifdef HAVE_W32_SYSTEM
3156 /* Under Windows we don't support groups. */
3157 if (group && *group)
3158 gc_error (0, 0, _("Note that group specifications are ignored\n"));
3159 if (*user)
3160 {
3161 static char *my_name;
3162
3163 if (!my_name)
3164 {
3165 char tmp[1];
3166 DWORD size = 1;
3167
3168 GetUserNameA (tmp, &size);
3169 my_name = xmalloc (size);
3170 if (!GetUserNameA (my_name, &size))
3171 gc_error (1,0, "error getting current user name: %s",
3172 w32_strerror (-1));
3173 }
3174
3175 if (!strcmp (user, my_name))
3176 return 1; /* Found. */
3177 }
3178 #else /*!HAVE_W32_SYSTEM*/
3179 /* First check whether the user matches. */
3180 if (*user)
3181 {
3182 static char *my_name;
3183
3184 if (!my_name)
3185 {
3186 struct passwd *pw = getpwuid ( getuid () );
3187 if (!pw)
3188 gc_error (1, errno, "getpwuid failed for current user");
3189 my_name = xstrdup (pw->pw_name);
3190 }
3191 if (!strcmp (user, my_name))
3192 return 1; /* Found. */
3193 }
3194
3195 /* If that failed, check whether a group matches. */
3196 if (group && *group)
3197 {
3198 static char *my_group;
3199 static char **my_supgroups;
3200 int n;
3201
3202 if (!my_group)
3203 {
3204 struct group *gr = getgrgid ( getgid () );
3205 if (!gr)
3206 gc_error (1, errno, "getgrgid failed for current user");
3207 my_group = xstrdup (gr->gr_name);
3208 }
3209 if (!strcmp (group, my_group))
3210 return 1; /* Found. */
3211
3212 if (!my_supgroups)
3213 {
3214 int ngids;
3215 gid_t *gids;
3216
3217 ngids = getgroups (0, NULL);
3218 gids = xcalloc (ngids+1, sizeof *gids);
3219 ngids = getgroups (ngids, gids);
3220 if (ngids < 0)
3221 gc_error (1, errno, "getgroups failed for current user");
3222 my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
3223 for (n=0; n < ngids; n++)
3224 {
3225 struct group *gr = getgrgid ( gids[n] );
3226 if (!gr)
3227 gc_error (1, errno, "getgrgid failed for supplementary group");
3228 my_supgroups[n] = xstrdup (gr->gr_name);
3229 }
3230 xfree (gids);
3231 }
3232
3233 for (n=0; my_supgroups[n]; n++)
3234 if (!strcmp (group, my_supgroups[n]))
3235 return 1; /* Found. */
3236 }
3237 #endif /*!HAVE_W32_SYSTEM*/
3238 return 0; /* No match. */
3239 }
3240
3241
3242
3243 /* Read and process the global configuration file for gpgconf. This
3244 optional file is used to update our internal tables at runtime and
3245 may also be used to set new default values. If FNAME is NULL the
3246 default name will be used. With UPDATE set to true the internal
3247 tables are actually updated; if not set, only a syntax check is
3248 done. If DEFAULTS is true the global options are written to the
3249 configuration files. If LISTFP is set, no changes are done but the
3250 configuration file is printed to LISTFP in a colon separated format.
3251
3252 Returns 0 on success or if the config file is not present; -1 is
3253 returned on error. */
3254 int
3255 gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
3256 FILE *listfp)
3257 {
3258 int result = 0;
3259 char *line = NULL;
3260 size_t line_len = 0;
3261 ssize_t length;
3262 FILE *config;
3263 int lineno = 0;
3264 int in_rule = 0;
3265 int got_match = 0;
3266 int runtime[GC_BACKEND_NR];
3267 int used_components[GC_COMPONENT_NR];
3268 int backend_id, component_id;
3269 char *fname;
3270
3271 if (fname_arg)
3272 fname = xstrdup (fname_arg);
3273 else
3274 fname = make_filename (gnupg_sysconfdir (), "gpgconf.conf", NULL);
3275
3276 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3277 runtime[backend_id] = 0;
3278 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3279 used_components[component_id] = 0;
3280
3281 config = fopen (fname, "r");
3282 if (!config)
3283 {
3284 /* Do not print an error if the file is not available, except
3285 when running in syntax check mode. */
3286 if (errno != ENOENT || !update)
3287 {
3288 gc_error (0, errno, "can not open global config file `%s'", fname);
3289 result = -1;
3290 }
3291 xfree (fname);
3292 return result;
3293 }
3294
3295 while ((length = read_line (config, &line, &line_len, NULL)) > 0)
3296 {
3297 char *key, *component, *option, *flags, *value;
3298 char *empty;
3299 gc_option_t *option_info = NULL;
3300 char *p;
3301 int is_continuation;
3302
3303 lineno++;
3304 key = line;
3305 while (*key == ' ' || *key == '\t')
3306 key++;
3307 if (!*key || *key == '#' || *key == '\r' || *key == '\n')
3308 continue;
3309
3310 is_continuation = (key != line);
3311
3312 /* Parse the key field. */
3313 if (!is_continuation && got_match)
3314 break; /* Finish after the first match. */
3315 else if (!is_continuation)
3316 {
3317 in_rule = 0;
3318 for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
3319 ;
3320 if (!*p)
3321 {
3322 gc_error (0, 0, "missing rule at `%s', line %d", fname, lineno);
3323 result = -1;
3324 continue;
3325 }
3326 *p++ = 0;
3327 component = p;
3328 }
3329 else if (!in_rule)
3330 {
3331 gc_error (0, 0, "continuation but no rule at `%s', line %d",
3332 fname, lineno);
3333 result = -1;
3334 continue;
3335 }
3336 else
3337 {
3338 component = key;
3339 key = NULL;
3340 }
3341
3342 in_rule = 1;
3343
3344 /* Parse the component. */
3345 while (*component == ' ' || *component == '\t')
3346 component++;
3347 for (p=component; *p && !strchr (" \t\r\n", *p); p++)
3348 ;
3349 if (p == component)
3350 {
3351 gc_error (0, 0, "missing component at `%s', line %d",
3352 fname, lineno);
3353 result = -1;
3354 continue;
3355 }
3356 empty = p;
3357 *p++ = 0;
3358 option = p;
3359 component_id = gc_component_find (component);
3360 if (component_id < 0)
3361 {
3362 gc_error (0, 0, "unknown component at `%s', line %d",
3363 fname, lineno);
3364 result = -1;
3365 }
3366
3367 /* Parse the option name. */
3368 while (*option == ' ' || *option == '\t')
3369 option++;
3370 for (p=option; *p && !strchr (" \t\r\n", *p); p++)
3371 ;
3372 if (p == option)
3373 {
3374 gc_error (0, 0, "missing option at `%s', line %d",
3375 fname, lineno);
3376 result = -1;
3377 continue;
3378 }
3379 *p++ = 0;
3380 flags = p;
3381 if ( component_id != -1)
3382 {
3383 option_info = find_option (component_id, option, GC_BACKEND_ANY);
3384 if (!option_info)
3385 {
3386 gc_error (0, 0, "unknown option at `%s', line %d",
3387 fname, lineno);
3388 result = -1;
3389 }
3390 }
3391
3392
3393 /* Parse the optional flags. */
3394 while (*flags == ' ' || *flags == '\t')
3395 flags++;
3396 if (*flags == '[')
3397 {
3398 flags++;
3399 p = strchr (flags, ']');
3400 if (!p)
3401 {
3402 gc_error (0, 0, "syntax error in rule at `%s', line %d",
3403 fname, lineno);
3404 result = -1;
3405 continue;
3406 }
3407 *p++ = 0;
3408 value = p;
3409 }
3410 else /* No flags given. */
3411 {
3412 value = flags;
3413 flags = NULL;
3414 }
3415
3416 /* Parse the optional value. */
3417 while (*value == ' ' || *value == '\t')
3418 value++;
3419 for (p=value; *p && !strchr ("\r\n", *p); p++)
3420 ;
3421 if (p == value)
3422 value = empty; /* No value given; let it point to an empty string. */
3423 else
3424 {
3425 /* Strip trailing white space. */
3426 *p = 0;
3427 for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
3428 *p = 0;
3429 }
3430
3431 /* Check flag combinations. */
3432 if (!flags)
3433 ;
3434 else if (!strcmp (flags, "default"))
3435 {
3436 if (*value)
3437 {
3438 gc_error (0, 0, "flag \"default\" may not be combined "
3439 "with a value at `%s', line %d",
3440 fname, lineno);
3441 result = -1;
3442 }
3443 }
3444 else if (!strcmp (flags, "change"))
3445 ;
3446 else if (!strcmp (flags, "no-change"))
3447 ;
3448 else
3449 {
3450 gc_error (0, 0, "unknown flag at `%s', line %d",
3451 fname, lineno);
3452 result = -1;
3453 }
3454
3455 /* In list mode we print out all records. */
3456 if (listfp && !result)
3457 {
3458 /* If this is a new ruleset, print a key record. */
3459 if (!is_continuation)
3460 {
3461 char *group = strchr (key, ':');
3462 if (group)
3463 {
3464 *group++ = 0;
3465 if ((p = strchr (group, ':')))
3466 *p = 0; /* We better strip any extra stuff. */
3467 }
3468
3469 fprintf (listfp, "k:%s:", gc_percent_escape (key));
3470 fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
3471 }
3472
3473 /* All other lines are rule records. */
3474 fprintf (listfp, "r:::%s:%s:%s:",
3475 gc_component[component_id].name,
3476 option_info->name? option_info->name : "",
3477 flags? flags : "");
3478 if (value != empty)
3479 fprintf (listfp, "\"%s", gc_percent_escape (value));
3480
3481 putc ('\n', listfp);
3482 }
3483
3484 /* Check whether the key matches but do this only if we are not
3485 running in syntax check mode. */
3486 if ( update
3487 && !result && !listfp
3488 && (got_match || (key && key_matches_user_or_group (key))) )
3489 {
3490 int newflags = 0;
3491
3492 got_match = 1;
3493
3494 /* Apply the flags from gpgconf.conf. */
3495 if (!flags)
3496 ;
3497 else if (!strcmp (flags, "default"))
3498 newflags |= GC_OPT_FLAG_DEFAULT;
3499 else if (!strcmp (flags, "no-change"))
3500 option_info->flags |= GC_OPT_FLAG_NO_CHANGE;
3501 else if (!strcmp (flags, "change"))
3502 option_info->flags &= ~GC_OPT_FLAG_NO_CHANGE;
3503
3504 if (defaults)
3505 {
3506 assert (component_id >= 0 && component_id < GC_COMPONENT_NR);
3507 used_components[component_id] = 1;
3508
3509 /* Here we explicitly allow to update the value again. */
3510 if (newflags)
3511 {
3512 option_info->new_flags = 0;
3513 }
3514 if (*value)
3515 {
3516 xfree (option_info->new_value);
3517 option_info->new_value = NULL;
3518 }
3519 change_one_value (option_info, runtime, newflags, value);
3520 }
3521 }
3522 }
3523
3524 if (length < 0 || ferror (config))
3525 {
3526 gc_error (0, errno, "error reading from `%s'", fname);
3527 result = -1;
3528 }
3529 if (fclose (config) && ferror (config))
3530 gc_error (0, errno, "error closing `%s'", fname);
3531
3532 xfree (line);
3533
3534 /* If it all worked, process the options. */
3535 if (!result && update && defaults && !listfp)
3536 {
3537 /* We need to switch off the runtime update, so that we can do
3538 it later all at once. */
3539 int save_opt_runtime = opt.runtime;
3540 opt.runtime = 0;
3541
3542 for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
3543 {
3544 gc_component_change_options (component_id, NULL, NULL);
3545 }
3546 opt.runtime = save_opt_runtime;
3547
3548 if (opt.runtime)
3549 {
3550 for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
3551 if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
3552 (*gc_backend[backend_id].runtime_change) ();
3553 }
3554 }
3555
3556 xfree (fname);
3557 return result;
3558 }
gnupg svn clone