98
99
{ 301, NULL, 0, N_("@Options:\n ") },
100
101
{ oServer, "server", 0, N_("run in server mode (foreground)") },
102
{ oMultiServer, "multi-server", 0,
103
N_("run in multi server mode (foreground)") },
101
104
{ oDaemon, "daemon", 0, N_("run in daemon mode (background)") },
102
105
{ oVerbose, "verbose", 0, N_("verbose") },
103
106
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
108
111
{ oDebugAll, "debug-all" ,0, "@"},
109
112
{ oDebugLevel, "debug-level" ,2, "@"},
110
113
{ oDebugWait,"debug-wait",1, "@"},
111
{ oDebugSC, "debug-sc", 1, N_("|N|set OpenSC debug level to N")},
114
{ oDebugAllowCoreDump, "debug-allow-core-dump", 0, "@" },
115
{ oDebugCCIDDriver, "debug-ccid-driver", 0, "@"},
116
{ oDebugDisableTicker, "debug-disable-ticker", 0, "@"},
112
117
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
113
118
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
114
119
{ oReaderPort, "reader-port", 2, N_("|N|connect to reader at port N")},
123
128
/* end --disable-ccid */},
124
{ oDisableOpenSC, "disable-opensc", 0,
126
N_("do not use the OpenSC layer")
130
/* end --disable-opensc */},
131
129
{ oAllowAdmin, "allow-admin", 0, N_("allow the use of admin card commands")},
132
130
{ oDenyAdmin, "deny-admin", 0, "@" },
133
131
{ oDisableApplication, "disable-application", 2, "@"},
153
149
static int maybe_setuid = 1;
155
151
/* Name of the communication socket */
156
static char socket_name[128];
152
static char *socket_name;
155
/* Debug flag to disable the ticker. The ticker is in fact not
156
disabled but it won't perform any ticker specific actions. */
157
static int ticker_disabled;
161
static char *create_socket_name (int use_standard_socket,
162
char *standard_name, char *template);
163
static int create_server_socket (int is_standard_name, const char *name);
165
static void *start_connection_thread (void *arg);
166
static void handle_connections (int listen_fd);
161
168
/* Pth wrapper function definitions. */
162
169
GCRY_THREAD_OPTION_PTH_IMPL;
164
static void *ticker_thread (void *arg);
165
#endif /*USE_GNU_PTH*/
166
#endif /*!HAVE_OPENSC*/
168
173
static const char *
169
174
my_strusage (int level)
489
480
case oCsh: csh_style = 1; break;
490
481
case oSh: csh_style = 0; break;
491
482
case oServer: pipe_server = 1; break;
483
case oMultiServer: pipe_server = 1; multi_server = 1; break;
492
484
case oDaemon: is_daemon = 1; break;
494
486
case oReaderPort: opt.reader_port = pargs.r.ret_str; break;
495
487
case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break;
496
488
case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break;
497
489
case oDisableCCID: opt.disable_ccid = 1; break;
498
case oDisableOpenSC: opt.disable_opensc = 1; break;
490
case oDisableOpenSC: break;
500
492
case oAllowAdmin: opt.allow_admin = 1; break;
501
493
case oDenyAdmin: opt.allow_admin = 0; break;
609
598
log_set_prefix (NULL, 1|2|4);
614
{ /* This is the simple pipe based server */
603
/* This is the simple pipe based server */
617
604
pth_attr_t tattr;
610
sa.sa_handler = SIG_IGN;
611
sigemptyset (&sa.sa_mask);
613
sigaction (SIGPIPE, &sa, NULL);
616
/* If --debug-allow-core-dump has been given we also need to
617
switch the working directory to a place where we can actually
622
log_debug ("chdir to `/tmp' failed: %s\n", strerror (errno));
624
log_debug ("changed working directory to `/tmp'\n");
627
/* In multi server mode we need to listen on an additional
628
socket. Create that socket now before starting the handler
629
for the pipe connection. This allows that handler to send
630
back the name of that socket. */
633
socket_name = create_socket_name (0,
635
"/tmp/gpg-XXXXXX/S.scdaemon");
637
fd = create_server_socket (0, socket_name);
619
640
tattr = pth_attr_new();
620
641
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
621
642
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024);
622
pth_attr_set (tattr, PTH_ATTR_NAME, "ticker");
643
pth_attr_set (tattr, PTH_ATTR_NAME, "pipe-connection");
624
if (!pth_spawn (tattr, ticker_thread, NULL))
645
if (!pth_spawn (tattr, start_connection_thread, (void*)(-1)))
626
log_error ("error spawning ticker thread: %s\n", strerror (errno));
647
log_error ("error spawning pipe connection handler: %s\n",
629
#endif /*USE_GNU_PTH*/
630
#endif /*!HAVE_OPENSC*/
631
scd_command_handler (-1);
652
handle_connections (fd);
633
656
else if (!is_daemon)
636
659
" to run the program in the background\n"));
639
{ /* regular server mode */
662
{ /* Regular server mode */
644
struct sockaddr_un serv_addr;
647
/* fixme: if there is already a running gpg-agent we should
648
share the same directory - and vice versa */
650
snprintf (socket_name, DIM(socket_name)-1,
651
"/tmp/gpg-XXXXXX/S.scdaemon");
652
socket_name[DIM(socket_name)-1] = 0;
653
p = strrchr (socket_name, '/');
658
#ifndef HAVE_W32_SYSTEM
659
if (!mkdtemp(socket_name))
661
log_error ("can't create directory `%s': %s\n",
662
socket_name, strerror(errno) );
668
if (strchr (socket_name, ':') )
670
log_error ("colons are not allowed in the socket name\n");
673
if (strlen (socket_name)+1 >= sizeof serv_addr.sun_path )
675
log_error ("name of socket to long\n");
680
#ifdef HAVE_W32_SYSTEM
681
fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
683
fd = socket (AF_UNIX, SOCK_STREAM, 0);
687
log_error ("can't create socket: %s\n", strerror(errno) );
691
memset (&serv_addr, 0, sizeof serv_addr);
692
serv_addr.sun_family = AF_UNIX;
693
strcpy (serv_addr.sun_path, socket_name);
694
len = (offsetof (struct sockaddr_un, sun_path)
695
+ strlen(serv_addr.sun_path) + 1);
698
#ifdef HAVE_W32_SYSTEM
703
(fd, (struct sockaddr*)&serv_addr, len) == -1)
705
log_error ("error binding socket to `%s': %s\n",
706
serv_addr.sun_path, strerror (errno) );
711
if (listen (fd, 5 ) == -1)
713
log_error ("listen() failed: %s\n", strerror (errno));
719
log_info ("listening on socket `%s'\n", socket_name );
667
/* Create the socket. */
668
socket_name = create_socket_name (0,
670
"/tmp/gpg-XXXXXX/S.scdaemon");
672
fd = create_server_socket (0, socket_name);
799
struct sigaction oact, nact;
801
nact.sa_handler = cleanup_sh;
802
sigemptyset (&nact.sa_mask);
805
sigaction (SIGHUP, NULL, &oact);
806
if (oact.sa_handler != SIG_IGN)
807
sigaction (SIGHUP, &nact, NULL);
808
sigaction( SIGTERM, NULL, &oact );
809
if (oact.sa_handler != SIG_IGN)
810
sigaction (SIGTERM, &nact, NULL);
811
nact.sa_handler = SIG_IGN;
812
sigaction (SIGPIPE, &nact, NULL);
813
sigaction (SIGINT, &nact, NULL);
754
sa.sa_handler = SIG_IGN;
755
sigemptyset (&sa.sa_mask);
757
sigaction (SIGPIPE, &sa, NULL);
915
870
handle_tick (void)
917
scd_update_reader_status_file ();
872
if (!ticker_disabled)
873
scd_update_reader_status_file ();
877
/* Create a name for the socket. With USE_STANDARD_SOCKET given as
878
true using STANDARD_NAME in the home directory or if given has
879
false from the mkdir type name TEMPLATE. In the latter case a
880
unique name in a unique new directory will be created. In both
881
cases check for valid characters as well as against a maximum
882
allowed length for a unix domain socket is done. The function
883
terminates the process in case of an error. Retunrs: Pointer to an
884
allcoated string with the absolute name of the socket used. */
886
create_socket_name (int use_standard_socket,
887
char *standard_name, char *template)
891
if (use_standard_socket)
892
name = make_filename (opt.homedir, standard_name, NULL);
895
name = xstrdup (template);
896
p = strrchr (name, '/');
902
log_error (_("can't create directory `%s': %s\n"),
903
name, strerror (errno));
909
if (strchr (name, PATHSEP_C))
911
log_error (("`%s' are not allowed in the socket name\n"), PATHSEP_S);
914
if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) )
916
log_error (_("name of socket too long\n"));
924
/* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates
925
whether a non-random socket is used. Returns the file descriptor
926
or terminates the process in case of an error. */
928
create_server_socket (int is_standard_name, const char *name)
930
struct sockaddr_un *serv_addr;
935
#ifdef HAVE_W32_SYSTEM
936
fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
938
fd = socket (AF_UNIX, SOCK_STREAM, 0);
942
log_error (_("can't create socket: %s\n"), strerror (errno));
946
serv_addr = xmalloc (sizeof (*serv_addr));
947
memset (serv_addr, 0, sizeof *serv_addr);
948
serv_addr->sun_family = AF_UNIX;
949
assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));
950
strcpy (serv_addr->sun_path, name);
951
len = (offsetof (struct sockaddr_un, sun_path)
952
+ strlen (serv_addr->sun_path) + 1);
954
#ifdef HAVE_W32_SYSTEM
955
rc = _w32_sock_bind (fd, (struct sockaddr*) serv_addr, len);
956
if (is_standard_name && rc == -1 )
959
rc = bind (fd, (struct sockaddr*) serv_addr, len);
962
rc = bind (fd, (struct sockaddr*) serv_addr, len);
963
if (is_standard_name && rc == -1 && errno == EADDRINUSE)
966
rc = bind (fd, (struct sockaddr*) serv_addr, len);
971
log_error (_("error binding socket to `%s': %s\n"),
972
serv_addr->sun_path, strerror (errno));
977
if (listen (fd, 5 ) == -1)
979
log_error (_("listen() failed: %s\n"), strerror (errno));
985
log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
992
/* This is the standard connection thread's main function. */
921
ticker_thread (void *dummy_arg)
923
pth_event_t sigs_ev, time_ev = NULL;
994
start_connection_thread (void *arg)
999
log_info (_("handler for fd %d started\n"), fd);
1001
scd_command_handler (fd);
1004
log_info (_("handler for fd %d terminated\n"), fd);
1006
/* If this thread is the pipe connection thread, flag that a
1007
shutdown is required. With the next ticker event and given that
1008
no other connections are running the shutdown will then
1011
shutdown_pending = 1;
1017
/* Connection handler loop. Wait for connection requests and spawn a
1018
thread after accepting a connection. LISTEN_FD is allowed to be -1
1019
in which case this code will only do regular timeouts and handle
1022
handle_connections (int listen_fd)
1025
pth_event_t ev, time_ev;
1028
struct sockaddr_un paddr;
1030
fd_set fdset, read_fdset;
1034
tattr = pth_attr_new();
1035
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
1036
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 512*1024);
927
1038
#ifndef HAVE_W32_SYSTEM /* fixme */
928
1039
sigemptyset (&sigs );
931
1042
sigaddset (&sigs, SIGUSR2);
932
1043
sigaddset (&sigs, SIGINT);
933
1044
sigaddset (&sigs, SIGTERM);
934
sigs_ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
1045
pth_sigmask (SIG_UNBLOCK, &sigs, NULL);
1046
ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
1053
if (listen_fd != -1)
1054
FD_SET (listen_fd, &fdset);
1060
if (shutdown_pending)
1062
if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
1065
/* Do not accept anymore connections but wait for existing
1066
connections to terminate. We do this by clearing out all
1067
file descriptors to wait for, so that the select will be
1068
used to just wait on a signal or timeout event. */
1072
/* Create a timeout event if needed. */
1074
time_ev = pth_event (PTH_EVENT_TIME, pth_timeout (2, 0));
1076
/* POSIX says that fd_set should be implemented as a structure,
1077
thus a simple assignment is fine to copy the entire set. */
1081
pth_event_concat (ev, time_ev, NULL);
1082
ret = pth_select_ev (FD_SETSIZE, &read_fdset, NULL, NULL, NULL, ev);
1084
pth_event_isolate (time_ev);
1088
if (pth_event_occurred (ev)
1089
|| (time_ev && pth_event_occurred (time_ev)))
1091
if (pth_event_occurred (ev))
1092
handle_signal (signo);
1093
if (time_ev && pth_event_occurred (time_ev))
1095
pth_event_free (time_ev, PTH_FREE_ALL);
1101
log_error (_("pth_select failed: %s - waiting 1s\n"),
1107
if (pth_event_occurred (ev))
943
time_ev = pth_event (PTH_EVENT_TIME, pth_timeout (2, 0));
945
pth_event_concat (sigs_ev, time_ev, NULL);
1109
handle_signal (signo);
948
if (pth_wait (sigs_ev) < 1)
952
#ifdef PTH_STATUS_OCCURRED /* This is Pth 2 */
953
pth_event_status (sigs_ev) == PTH_STATUS_OCCURRED
955
pth_event_occurred (sigs_ev)
958
handle_signal (signo);
960
/* Always run the ticker. */
961
if (!shutdown_pending)
1112
if (time_ev && pth_event_occurred (time_ev))
963
pth_event_isolate (sigs_ev);
964
1114
pth_event_free (time_ev, PTH_FREE_ALL);
1119
/* We now might create new threads and because we don't want any
1120
signals - we are handling here - to be delivered to a new
1121
thread. Thus we need to block those signals. */
1122
pth_sigmask (SIG_BLOCK, &sigs, &oldsigs);
1124
if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset))
1126
plen = sizeof paddr;
1127
fd = pth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);
1130
log_error ("accept failed: %s\n", strerror (errno));
1134
char threadname[50];
1135
snprintf (threadname, sizeof threadname-1, "conn fd=%d", fd);
1136
threadname[sizeof threadname -1] = 0;
1137
pth_attr_set (tattr, PTH_ATTR_NAME, threadname);
1139
if (!pth_spawn (tattr, start_connection_thread, (void*)fd))
1141
log_error ("error spawning connection handler: %s\n",
1149
/* Restore the signal mask. */
1150
pth_sigmask (SIG_SETMASK, &oldsigs, NULL);
970
pth_event_free (sigs_ev, PTH_FREE_ALL);
1154
pth_event_free (ev, PTH_FREE_ALL);
1156
pth_event_free (time_ev, PTH_FREE_ALL);
1158
log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
972
#endif /*USE_GNU_PTH*/
973
#endif /*!HAVE_OPENSC*/