565
571
/* The configuration file to which we write the changes. */
566
572
{ "gpgconf-scdaemon.conf", GC_OPT_FLAG_NONE, GC_LEVEL_INTERNAL,
567
NULL, NULL, GC_ARG_TYPE_PATHNAME, GC_BACKEND_SCDAEMON },
573
NULL, NULL, GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
570
576
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
571
577
"gnupg", N_("Options controlling the diagnostic output") },
572
{ "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
578
{ "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
573
579
"gnupg", "verbose",
574
580
GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
575
581
{ "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
584
590
"gnupg", N_("Options controlling the configuration") },
585
591
{ "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
586
592
"gnupg", "|FILE|read options from FILE",
587
GC_ARG_TYPE_PATHNAME, GC_BACKEND_SCDAEMON },
588
{ "reader-port", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
593
GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
594
{ "reader-port", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
589
595
"gnupg", "|N|connect to reader at port N",
590
596
GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
591
{ "ctapi-driver", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
597
{ "ctapi-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
592
598
"gnupg", "|NAME|use NAME as ct-API driver",
593
599
GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
594
{ "pcsc-driver", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
600
{ "pcsc-driver", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
595
601
"gnupg", "|NAME|use NAME as PC/SC driver",
596
602
GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
597
{ "disable-opensc", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
598
"gnupg", "do not use the OpenSC layer",
599
GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
600
{ "disable-ccid", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
603
{ "disable-ccid", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
601
604
"gnupg", "do not use the internal CCID driver",
602
605
GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
603
{ "disable-keypad", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
606
{ "disable-keypad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
604
607
"gnupg", "do not use a reader's keypad",
605
608
GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
609
{ "card-timeout", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
610
"gnupg", "|N|disconnect the card after N seconds of inactivity",
611
GC_ARG_TYPE_UINT32, GC_BACKEND_SCDAEMON },
608
614
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
609
615
"gnupg", N_("Options useful for debugging") },
610
{ "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED,
616
{ "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
611
617
"gnupg", "|LEVEL|set the debugging level to LEVEL",
612
618
GC_ARG_TYPE_STRING, GC_BACKEND_SCDAEMON },
613
{ "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
614
"gnupg", N_("|FILE|write server mode logs to FILE"),
615
GC_ARG_TYPE_PATHNAME, GC_BACKEND_SCDAEMON },
619
{ "log-file", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
620
"gnupg", N_("|FILE|write a log to FILE"),
621
GC_ARG_TYPE_FILENAME, GC_BACKEND_SCDAEMON },
618
624
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
619
625
"gnupg", N_("Options controlling the security") },
620
{ "allow-admin", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
621
"gnupg", "allow the use of admin card commands",
626
{ "deny-admin", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC,
627
"gnupg", "deny the use of admin card commands",
622
628
GC_ARG_TYPE_NONE, GC_BACKEND_SCDAEMON },
655
661
{ "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
656
662
"gnupg", N_("|NAME|encrypt to user ID NAME as well"),
657
663
GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
664
{ "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
665
"gnupg", N_("|SPEC|set up email aliases"),
666
GC_ARG_TYPE_ALIAS_LIST, GC_BACKEND_GPG },
658
667
{ "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
659
668
"gnupg", "|FILE|read options from FILE",
660
GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPG },
669
GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG },
663
672
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
1012
1027
/* Ignore any errors here. */
1013
1028
kill (pid, SIGHUP);
1031
const char *pgmname;
1032
const char *argv[2];
1035
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1036
argv[0] = "reloadagent";
1039
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1041
err = gnupg_wait_process (pgmname, pid, NULL);
1043
gc_error (0, 0, "error running `%s%s': %s",
1044
pgmname, " reloadagent", gpg_strerror (err));
1014
1045
#endif /*!HAVE_W32_SYSTEM*/
1050
scdaemon_runtime_change (void)
1053
const char *pgmname;
1054
const char *argv[6];
1057
/* We use "GETINFO app_running" to see whether the agent is already
1058
running and kill it only in this case. This avoids an explicit
1059
starting of the agent in case it is not yet running. There is
1060
obviously a race condition but that should not harm too much. */
1062
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
1064
argv[1] = "GETINFO scd_running";
1065
argv[2] = "/if ${! $?}";
1066
argv[3] = "scd killscd";
1070
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
1072
err = gnupg_wait_process (pgmname, pid, NULL);
1074
gc_error (0, 0, "error running `%s%s': %s",
1075
pgmname, " scd killscd", gpg_strerror (err));
1079
/* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
1081
gc_component_reload (int component)
1083
int runtime[GC_BACKEND_NR];
1084
gc_option_t *option;
1085
gc_backend_t backend;
1087
/* Set a flag for the backends to be reloaded. */
1088
for (backend = 0; backend < GC_BACKEND_NR; backend++)
1089
runtime[backend] = 0;
1091
if (component == -1)
1093
for (component = 0; component < GC_COMPONENT_NR; component++)
1095
option = gc_component[component].options;
1096
for (; option && option->name; option++)
1097
runtime[option->backend] = 1;
1102
assert (component < GC_COMPONENT_NR);
1103
option = gc_component[component].options;
1104
for (; option && option->name; option++)
1105
runtime[option->backend] = 1;
1108
/* Do the reload for all selected backends. */
1109
for (backend = 0; backend < GC_BACKEND_NR; backend++)
1111
if (runtime[backend] && gc_backend[backend].runtime_change)
1112
(*gc_backend[backend].runtime_change) ();
1018
1118
/* More or less Robust version of dgettext. It has the side effect of
1019
1119
switching the codeset to utf-8 because this is what we want to
1298
/* Check all components that are available. */
1300
gc_component_check_programs (FILE *out)
1417
/* Check the options of a single component. Returns 0 if everything
1420
gc_component_check_options (int component, FILE *out, const char *conf_file)
1302
1422
gpg_error_t err;
1303
gc_component_t component;
1304
1423
unsigned int result;
1305
1424
int backend_seen[GC_BACKEND_NR];
1306
1425
gc_backend_t backend;
1307
1426
gc_option_t *option;
1309
1427
const char *pgmname;
1310
const char *argv[2];
1428
const char *argv[4];
1313
1432
int filedes[2];
1314
error_line_t errlines, errptr;
1433
error_line_t errlines;
1316
1435
/* We use a temporary file to collect the error output. It would be
1317
1436
better to use a pipe here but as of now we have no suitable
1318
1437
fucntion to create a portable pipe outside of exechelp. Thus it
1319
1438
is easier to use the tempfile approach. */
1440
for (backend = 0; backend < GC_BACKEND_NR; backend++)
1441
backend_seen[backend] = 0;
1443
option = gc_component[component].options;
1444
for (; option && option->name; option++)
1446
if ((option->flags & GC_OPT_FLAG_GROUP))
1448
backend = option->backend;
1449
if (backend_seen[backend])
1451
backend_seen[backend] = 1;
1452
assert (backend != GC_BACKEND_ANY);
1453
if (!gc_backend[backend].program)
1455
if (!gc_backend[backend].module_name)
1460
if (! option || ! option->name)
1463
pgmname = gnupg_module_name (gc_backend[backend].module_name);
1467
argv[i++] = "--options";
1468
argv[i++] = conf_file;
1470
argv[i++] = "--gpgconf-test";
1473
err = gnupg_create_inbound_pipe (filedes);
1475
gc_error (1, 0, _("error creating a pipe: %s\n"),
1476
gpg_strerror (err));
1480
if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
1484
result |= 1; /* Program could not be run. */
1489
errlines = collect_error_output (filedes[0],
1490
gc_component[component].name);
1491
if (gnupg_wait_process (pgmname, pid, &exitcode))
1494
result |= 1; /* Program could not be run or it
1495
terminated abnormally. */
1496
result |= 2; /* Program returned an error. */
1500
/* If the program could not be run, we can't tell whether
1501
the config file is good. */
1508
error_line_t errptr;
1510
desc = gc_component[component].desc;
1511
desc = my_dgettext (gc_component[component].desc_domain, desc);
1512
fprintf (out, "%s:%s:",
1513
gc_component[component].name, gc_percent_escape (desc));
1514
fputs (gc_percent_escape (pgmname), out);
1515
fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1516
for (errptr = errlines; errptr; errptr = errptr->next)
1518
if (errptr != errlines)
1519
fputs ("\n:::::", out); /* Continuation line. */
1521
fputs (gc_percent_escape (errptr->fname), out);
1524
fprintf (out, "%u", errptr->lineno);
1526
fputs (gc_percent_escape (errptr->errtext), out);
1534
error_line_t tmp = errlines->next;
1543
/* Check all components that are available. */
1545
gc_check_programs (FILE *out)
1547
gc_component_t component;
1320
1549
for (component = 0; component < GC_COMPONENT_NR; component++)
1322
if (!gc_component[component].options)
1325
for (backend = 0; backend < GC_BACKEND_NR; backend++)
1326
backend_seen[backend] = 0;
1328
option = gc_component[component].options;
1329
for (; option && option->name; option++)
1331
if ((option->flags & GC_OPT_FLAG_GROUP))
1333
backend = option->backend;
1334
if (backend_seen[backend])
1336
backend_seen[backend] = 1;
1337
assert (backend != GC_BACKEND_ANY);
1338
if (!gc_backend[backend].program)
1340
if (!gc_backend[backend].module_name)
1343
pgmname = gnupg_module_name (gc_backend[backend].module_name);
1344
argv[0] = "--gpgconf-test";
1347
err = gnupg_create_inbound_pipe (filedes);
1349
gc_error (1, 0, _("error creating a pipe: %s\n"),
1350
gpg_strerror (err));
1354
if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
1358
result |= 1; /* Program could not be run. */
1363
errlines = collect_error_output (filedes[0],
1364
gc_component[component].name);
1365
if (gnupg_wait_process (pgmname, pid, &exitcode))
1368
result |= 1; /* Program could not be run or it
1369
terminated abnormally. */
1370
result |= 2; /* Program returned an error. */
1374
/* If the program could not be run, we can't tell whether
1375
the config file is good. */
1379
desc = gc_component[component].desc;
1380
desc = my_dgettext (gc_component[component].desc_domain, desc);
1381
fprintf (out, "%s:%s:",
1382
gc_component[component].name, my_percent_escape (desc));
1383
fputs (my_percent_escape (pgmname), out);
1384
fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
1385
for (errptr = errlines; errptr; errptr = errptr->next)
1387
if (errptr != errlines)
1388
fputs ("\n:::::", out); /* Continuation line. */
1390
fputs (my_percent_escape (errptr->fname), out);
1393
fprintf (out, "%u", errptr->lineno);
1395
fputs (my_percent_escape (errptr->errtext), out);
1402
error_line_t tmp = errlines->next;
1406
break; /* Loop over options of this component */
1550
gc_component_check_options (component, out, NULL);
1921
2064
really append. */
1924
new_list = xasprintf ("%s,\"%s", list, my_percent_escape (start));
2067
new_list = xasprintf ("%s,\"%s", list, gc_percent_escape (start));
1926
2069
list = new_list;
1929
list = xasprintf ("\"%s", my_percent_escape (start));
2072
list = xasprintf ("\"%s", gc_percent_escape (start));
1931
2074
if (length < 0 || ferror (list_file))
1932
gc_error (1, errno, "can not read list file %s", list_pathname);
2075
gc_error (1, errno, "can not read list file %s", list_filename);
1935
2078
list_option->active = 1;
1936
2079
list_option->value = list;
2081
/* Fix up the read-only flag. */
2082
config_option = find_option
2083
(component, gc_backend[backend].option_config_filename, GC_BACKEND_ANY);
2084
if (config_option->flags & GC_OPT_FLAG_NO_CHANGE)
2085
list_option->flags |= GC_OPT_FLAG_NO_CHANGE;
1938
2087
if (list_file && fclose (list_file) && ferror (list_file))
1939
gc_error (1, errno, "error closing %s", list_pathname);
2088
gc_error (1, errno, "error closing %s", list_filename);
2914
3063
if (gc_backend[option->backend].program)
2915
err = change_options_program (component, option->backend,
2916
&src_pathname[option->backend],
2917
&dest_pathname[option->backend],
2918
&orig_pathname[option->backend]);
3065
err = change_options_program (component, option->backend,
3066
&src_filename[option->backend],
3067
&dest_filename[option->backend],
3068
&orig_filename[option->backend]);
3071
/* External verification. */
3072
err = gc_component_check_options (component, out,
3073
src_filename[option->backend]);
3077
_("External verification of component %s failed"),
3078
gc_component[component].name);
2920
3085
err = change_options_file (component, option->backend,
2921
&src_pathname[option->backend],
2922
&dest_pathname[option->backend],
2923
&orig_pathname[option->backend]);
3086
&src_filename[option->backend],
3087
&dest_filename[option->backend],
3088
&orig_filename[option->backend]);
3096
if (! err && ! opt.dry_run)
2935
3100
for (i = 0; i < GC_BACKEND_NR; i++)
2937
if (src_pathname[i])
3102
if (src_filename[i])
2939
3104
/* FIXME: Make a verification here. */
2941
assert (dest_pathname[i]);
3106
assert (dest_filename[i]);
2943
if (orig_pathname[i])
3108
if (orig_filename[i])
2945
3110
#ifdef HAVE_W32_SYSTEM
2946
3111
/* There is no atomic update on W32. */
2947
err = unlink (dest_pathname[i]);
3112
err = unlink (dest_filename[i]);
2948
3113
#endif /* HAVE_W32_SYSTEM */
2950
err = rename (src_pathname[i], dest_pathname[i]);
3115
err = rename (src_filename[i], dest_filename[i]);
2954
3119
#ifdef HAVE_W32_SYSTEM
2955
3120
/* We skip the unlink if we expect the file not to
2957
err = rename (src_pathname[i], dest_pathname[i]);
3122
err = rename (src_filename[i], dest_filename[i]);
2958
3123
#else /* HAVE_W32_SYSTEM */
2959
3124
/* This is a bit safer than rename() because we
2960
expect DEST_PATHNAME not to be there. If it
3125
expect DEST_FILENAME not to be there. If it
2961
3126
happens to be there, this will fail. */
2962
err = link (src_pathname[i], dest_pathname[i]);
3127
err = link (src_filename[i], dest_filename[i]);
2964
err = unlink (src_pathname[i]);
3129
err = unlink (src_filename[i]);
2965
3130
#endif /* !HAVE_W32_SYSTEM */
2969
src_pathname[i] = NULL;
3134
src_filename[i] = NULL;
3139
if (err || opt.dry_run)
2977
3142
int saved_errno = errno;
2979
/* An error occured. */
3144
/* An error occured or a dry-run is requested. */
2980
3145
for (i = 0; i < GC_BACKEND_NR; i++)
2982
if (src_pathname[i])
3147
if (src_filename[i])
2984
3149
/* The change was not yet committed. */
2985
unlink (src_pathname[i]);
2986
if (orig_pathname[i])
2987
unlink (orig_pathname[i]);
3150
unlink (src_filename[i]);
3151
if (orig_filename[i])
3152
unlink (orig_filename[i]);