diff --git a/common/Makefile.am b/common/Makefile.am index f3fb60f2d..d5ab038bf 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -1,235 +1,227 @@ # Makefile for common gnupg modules # Copyright (C) 2001, 2003, 2007, 2010 Free Software Foundation, Inc. # # This file is part of GnuPG. # # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . ## Process this file with automake to produce Makefile.in EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk ChangeLog-2011 \ audit-events.h status-codes.h ChangeLog.jnlib \ ChangeLog-2011.include w32info-rc.h.in gnupg.ico \ all-tests.scm noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a -if !HAVE_W32CE_SYSTEM noinst_LIBRARIES += libsimple-pwquery.a -endif noinst_PROGRAMS = $(module_tests) $(module_maint_tests) if DISABLE_TESTS TESTS = else TESTS = $(module_tests) endif BUILT_SOURCES = audit-events.h status-codes.h MAINTAINERCLEANFILES = audit-events.h status-codes.h AM_CPPFLAGS = AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS) include $(top_srcdir)/am/cmacros.am common_sources = \ common-defs.h \ util.h utilproto.h fwddecl.h i18n.c i18n.h \ types.h host2net.h dynload.h w32help.h \ mapstrings.c stringhelp.c stringhelp.h \ strlist.c strlist.h \ utf8conv.c utf8conv.h \ logging.h \ dotlock.c dotlock.h \ mischelp.c mischelp.h \ status.c status.h\ shareddefs.h \ openpgpdefs.h \ gc-opt-flags.h \ sexp-parse.h \ tlv.c tlv.h tlv-builder.c \ init.c init.h \ sexputil.c \ sysutils.c sysutils.h \ homedir.c \ gettime.c gettime.h \ yesno.c \ b64enc.c b64dec.c zb32.c zb32.h \ convert.c \ percent.c \ mbox-util.c mbox-util.h \ miscellaneous.c \ xasprintf.c \ xreadline.c \ membuf.c membuf.h \ ccparray.c ccparray.h \ iobuf.c iobuf.h \ ttyio.c ttyio.h \ asshelp.c asshelp2.c asshelp.h \ exechelp.h \ signal.c \ audit.c audit.h \ localename.c \ session-env.c session-env.h \ userids.c userids.h \ openpgp-oid.c openpgp-s2k.c \ ssh-utils.c ssh-utils.h \ agent-opt.c \ helpfile.c \ mkdir_p.c mkdir_p.h \ strlist.c strlist.h \ exectool.c exectool.h \ server-help.c server-help.h \ name-value.c name-value.h \ recsel.c recsel.h \ ksba-io-support.c ksba-io-support.h \ openpgp-fpr.c \ comopt.c comopt.h \ compliance.c compliance.h \ pkscreening.c pkscreening.h if HAVE_W32_SYSTEM common_sources += w32-reg.c w32-cmdline.c endif # To make the code easier to read we have split home some code into # separate source files. if HAVE_W32_SYSTEM -if HAVE_W32CE_SYSTEM -common_sources += exechelp-w32ce.c -else common_sources += exechelp-w32.c -endif else common_sources += exechelp-posix.c endif # Sources only useful without NPTH. without_npth_sources = \ get-passphrase.c get-passphrase.h # Sources only useful with NPTH. with_npth_sources = \ call-gpg.c call-gpg.h libcommon_a_SOURCES = $(common_sources) $(without_npth_sources) libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_NPTH=1 libcommonpth_a_SOURCES = $(common_sources) $(with_npth_sources) libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) -if !HAVE_W32CE_SYSTEM libsimple_pwquery_a_SOURCES = \ simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h libsimple_pwquery_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -endif libgpgrl_a_SOURCES = \ gpgrlhelp.c if MAINTAINER_MODE # Note: Due to the dependency on Makefile, the file will always be # rebuilt, so we allow this only in maintainer mode. # Create the audit-events.h include file from audit.h # Note: We create the target file in the source directory because it # is a distributed built source. If we would not do that we may end # up with two files and then it is not clear which version of the # files will be picked up. audit-events.h: Makefile.am mkstrtable.awk exaudit.awk audit.h $(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \ -v pkg_namespace=eventstr_ > $(srcdir)/audit-events.h # Create the status-codes.h include file from status.h status-codes.h: Makefile.am mkstrtable.awk exstatus.awk status.h $(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \ | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \ -v pkg_namespace=statusstr_ > $(srcdir)/status-codes.h endif # # Module tests # module_tests = t-stringhelp t-timestuff \ t-convert t-percent t-gettime t-sysutils t-sexputil \ t-session-env t-openpgp-oid t-ssh-utils \ t-mapstrings t-zb32 t-mbox-util t-iobuf t-strlist \ t-name-value t-ccparray t-recsel t-w32-cmdline if HAVE_W32_SYSTEM module_tests += t-w32-reg else module_tests += t-exechelp t-exectool endif if MAINTAINER_MODE module_maint_tests = t-helpfile t-b64 else module_maint_tests = endif t_extra_src = t-support.h t_common_cflags = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS) \ $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV) t_common_ldadd = libcommon.a \ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(LIBICONV) $(NETLIBS) # Common tests t_stringhelp_SOURCES = t-stringhelp.c $(t_extra_src) t_stringhelp_LDADD = $(t_common_ldadd) t_timestuff_SOURCES = t-timestuff.c $(t_extra_src) t_timestuff_LDADD = $(t_common_ldadd) t_convert_LDADD = $(t_common_ldadd) t_percent_LDADD = $(t_common_ldadd) t_gettime_LDADD = $(t_common_ldadd) t_sysutils_LDADD = $(t_common_ldadd) t_helpfile_LDADD = $(t_common_ldadd) t_sexputil_LDADD = $(t_common_ldadd) t_b64_LDADD = $(t_common_ldadd) t_exechelp_LDADD = $(t_common_ldadd) t_exectool_LDADD = $(t_common_ldadd) t_session_env_LDADD = $(t_common_ldadd) t_openpgp_oid_LDADD = $(t_common_ldadd) t_ssh_utils_LDADD = $(t_common_ldadd) t_mapstrings_LDADD = $(t_common_ldadd) t_zb32_SOURCES = t-zb32.c $(t_extra_src) t_zb32_LDADD = $(t_common_ldadd) t_mbox_util_LDADD = $(t_common_ldadd) t_iobuf_LDADD = $(t_common_ldadd) t_strlist_LDADD = $(t_common_ldadd) t_name_value_LDADD = $(t_common_ldadd) t_ccparray_LDADD = $(t_common_ldadd) t_recsel_LDADD = $(t_common_ldadd) t_w32_cmdline_SOURCES = t-w32-cmdline.c w32-cmdline.c $(t_extra_src) t_w32_cmdline_LDADD = $(t_common_ldadd) # System specific test if HAVE_W32_SYSTEM t_w32_reg_SOURCES = t-w32-reg.c $(t_extra_src) t_w32_reg_LDADD = $(t_common_ldadd) endif # All programs should depend on the created libs. $(PROGRAMS) : libcommon.a libcommonpth.a diff --git a/common/asshelp.c b/common/asshelp.c index 172c7d998..eb3e41bf5 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -1,753 +1,747 @@ /* asshelp.c - Helper functions for Assuan * Copyright (C) 2002, 2004, 2007, 2009, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify * it under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include #include #ifdef HAVE_LOCALE_H #include #endif #include "i18n.h" #include "util.h" #include "exechelp.h" #include "sysutils.h" #include "status.h" #include "membuf.h" #include "asshelp.h" /* The type we use for lock_agent_spawning. */ #ifdef HAVE_W32_SYSTEM # define lock_spawn_t HANDLE #else # define lock_spawn_t dotlock_t #endif /* The time we wait until the agent or the dirmngr are ready for operation after we started them before giving up. */ -#ifdef HAVE_W32CE_SYSTEM -# define SECS_TO_WAIT_FOR_AGENT 30 -# define SECS_TO_WAIT_FOR_KEYBOXD 30 -# define SECS_TO_WAIT_FOR_DIRMNGR 30 -#else -# define SECS_TO_WAIT_FOR_AGENT 5 -# define SECS_TO_WAIT_FOR_KEYBOXD 5 -# define SECS_TO_WAIT_FOR_DIRMNGR 5 -#endif +#define SECS_TO_WAIT_FOR_AGENT 5 +#define SECS_TO_WAIT_FOR_KEYBOXD 5 +#define SECS_TO_WAIT_FOR_DIRMNGR 5 /* A bitfield that specifies the assuan categories to log. This is identical to the default log handler of libassuan. We need to do it ourselves because we use a custom log handler and want to use the same assuan variables to select the categories to log. */ static int log_cats; #define TEST_LOG_CAT(x) (!! (log_cats & (1 << (x - 1)))) /* The assuan log monitor used to temporary inhibit log messages from * assuan. */ static int (*my_log_monitor) (assuan_context_t ctx, unsigned int cat, const char *msg); static int my_libassuan_log_handler (assuan_context_t ctx, void *hook, unsigned int cat, const char *msg) { unsigned int dbgval; if (! TEST_LOG_CAT (cat)) return 0; dbgval = hook? *(unsigned int*)hook : 0; if (!(dbgval & 1024)) return 0; /* Assuan debugging is not enabled. */ if (ctx && my_log_monitor && !my_log_monitor (ctx, cat, msg)) return 0; /* Temporary disabled. */ if (msg) log_string (GPGRT_LOGLVL_DEBUG, msg); return 1; } /* Setup libassuan to use our own logging functions. Should be used early at startup. */ void setup_libassuan_logging (unsigned int *debug_var_address, int (*log_monitor)(assuan_context_t ctx, unsigned int cat, const char *msg)) { char *flagstr; flagstr = getenv ("ASSUAN_DEBUG"); if (flagstr) log_cats = atoi (flagstr); else /* Default to log the control channel. */ log_cats = (1 << (ASSUAN_LOG_CONTROL - 1)); my_log_monitor = log_monitor; assuan_set_log_cb (my_libassuan_log_handler, debug_var_address); } /* Change the Libassuan log categories to those given by NEWCATS. NEWCATS is 0 the default category of ASSUAN_LOG_CONTROL is selected. Note, that setup_libassuan_logging overrides the values given here. */ void set_libassuan_log_cats (unsigned int newcats) { if (newcats) log_cats = newcats; else /* Default to log the control channel. */ log_cats = (1 << (ASSUAN_LOG_CONTROL - 1)); } static gpg_error_t send_one_option (assuan_context_t ctx, gpg_err_source_t errsource, const char *name, const char *value, int use_putenv) { gpg_error_t err; char *optstr; (void)errsource; if (!value || !*value) err = 0; /* Avoid sending empty strings. */ else if (asprintf (&optstr, "OPTION %s%s=%s", use_putenv? "putenv=":"", name, value) < 0) err = gpg_error_from_syserror (); else { err = assuan_transact (ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); } return err; } /* Send the assuan commands pertaining to the pinentry environment. The OPT_* arguments are optional and may be used to override the defaults taken from the current locale. */ gpg_error_t send_pinentry_environment (assuan_context_t ctx, gpg_err_source_t errsource, const char *opt_lc_ctype, const char *opt_lc_messages, session_env_t session_env) { gpg_error_t err = 0; #if defined(HAVE_SETLOCALE) char *old_lc = NULL; #endif char *dft_lc = NULL; const char *dft_ttyname; int iterator; const char *name, *assname, *value; int is_default; iterator = 0; while ((name = session_env_list_stdenvnames (&iterator, &assname))) { value = session_env_getenv_or_default (session_env, name, NULL); if (!value) continue; if (assname) err = send_one_option (ctx, errsource, assname, value, 0); else { err = send_one_option (ctx, errsource, name, value, 1); if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION) err = 0; /* Server too old; can't pass the new envvars. */ } if (err) return err; } dft_ttyname = session_env_getenv_or_default (session_env, "GPG_TTY", &is_default); if (dft_ttyname && !is_default) dft_ttyname = NULL; /* We need the default value. */ /* Send the value for LC_CTYPE. */ #if defined(HAVE_SETLOCALE) && defined(LC_CTYPE) old_lc = setlocale (LC_CTYPE, NULL); if (old_lc) { old_lc = xtrystrdup (old_lc); if (!old_lc) return gpg_error_from_syserror (); } dft_lc = setlocale (LC_CTYPE, ""); #endif if (opt_lc_ctype || (dft_ttyname && dft_lc)) { err = send_one_option (ctx, errsource, "lc-ctype", opt_lc_ctype ? opt_lc_ctype : dft_lc, 0); } #if defined(HAVE_SETLOCALE) && defined(LC_CTYPE) if (old_lc) { setlocale (LC_CTYPE, old_lc); xfree (old_lc); } #endif if (err) return err; /* Send the value for LC_MESSAGES. */ #if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) old_lc = setlocale (LC_MESSAGES, NULL); if (old_lc) { old_lc = xtrystrdup (old_lc); if (!old_lc) return gpg_error_from_syserror (); } dft_lc = setlocale (LC_MESSAGES, ""); #endif if (opt_lc_messages || (dft_ttyname && dft_lc)) { err = send_one_option (ctx, errsource, "lc-messages", opt_lc_messages ? opt_lc_messages : dft_lc, 0); } #if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) if (old_lc) { setlocale (LC_MESSAGES, old_lc); xfree (old_lc); } #endif if (err) return err; return 0; } /* Lock a spawning process. The caller needs to provide the address of a variable to store the lock information and the name or the process. */ static gpg_error_t lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name, int verbose) { char *fname; (void)verbose; *lock = NULL; fname = make_absfilename_try (homedir, !strcmp (name, "agent")? "gnupg_spawn_agent_sentinel": !strcmp (name, "dirmngr")? "gnupg_spawn_dirmngr_sentinel": !strcmp (name, "keyboxd")? "gnupg_spawn_keyboxd_sentinel": /* */ "gnupg_spawn_unknown_sentinel", NULL); if (!fname) return gpg_error_from_syserror (); *lock = dotlock_create (fname, 0); xfree (fname); if (!*lock) return gpg_error_from_syserror (); /* FIXME: We should use a timeout of 5000 here - however make_dotlock does not yet support values other than -1 and 0. */ if (dotlock_take (*lock, -1)) return gpg_error_from_syserror (); return 0; } /* Unlock the spawning process. */ static void unlock_spawning (lock_spawn_t *lock, const char *name) { if (*lock) { (void)name; dotlock_destroy (*lock); *lock = NULL; } } /* Helper to start a service. SECS gives the number of seconds to * wait. SOCKNAME is the name of the socket to connect. VERBOSE is * the usual verbose flag. CTX is the assuan context. CONNECT_FLAGS * are the assuan connect flags. DID_SUCCESS_MSG will be set to 1 if * a success messages has been printed. */ static gpg_error_t wait_for_sock (int secs, int module_name_id, const char *sockname, unsigned int connect_flags, int verbose, assuan_context_t ctx, int *did_success_msg) { gpg_error_t err = 0; int target_us = secs * 1000000; int elapsed_us = 0; /* * 977us * 1024 = just a little more than 1s. * so we will double this timeout 10 times in the first * second, and then switch over to 1s checkins. */ int next_sleep_us = 977; int lastalert = secs+1; int secsleft; while (elapsed_us < target_us) { if (verbose) { secsleft = (target_us - elapsed_us + 999999)/1000000; /* log_clock ("left=%d last=%d targ=%d elap=%d next=%d\n", */ /* secsleft, lastalert, target_us, elapsed_us, */ /* next_sleep_us); */ if (secsleft < lastalert) { log_info (module_name_id == GNUPG_MODULE_NAME_DIRMNGR? _("waiting for the dirmngr to come up ... (%ds)\n"): module_name_id == GNUPG_MODULE_NAME_KEYBOXD? _("waiting for the keyboxd to come up ... (%ds)\n"): _("waiting for the agent to come up ... (%ds)\n"), secsleft); lastalert = secsleft; } } gnupg_usleep (next_sleep_us); elapsed_us += next_sleep_us; err = assuan_socket_connect (ctx, sockname, 0, connect_flags); if (!err) { if (verbose) { log_info (module_name_id == GNUPG_MODULE_NAME_DIRMNGR? _("connection to the dirmngr established\n"): module_name_id == GNUPG_MODULE_NAME_KEYBOXD? _("connection to the keyboxd established\n"): _("connection to the agent established\n")); *did_success_msg = 1; } break; } next_sleep_us *= 2; if (next_sleep_us > 1000000) next_sleep_us = 1000000; } return err; } /* Try to connect to a new service via socket or start it if it is not * running and AUTOSTART is set. Handle the server's initial * greeting. Returns a new assuan context at R_CTX or an error code. * MODULE_NAME_ID is one of: * GNUPG_MODULE_NAME_AGENT * GNUPG_MODULE_NAME_DIRMNGR */ static gpg_error_t start_new_service (assuan_context_t *r_ctx, int module_name_id, gpg_err_source_t errsource, const char *program_name, const char *opt_lc_ctype, const char *opt_lc_messages, session_env_t session_env, int autostart, int verbose, int debug, gpg_error_t (*status_cb)(ctrl_t, int, ...), ctrl_t status_cb_arg) { gpg_error_t err; assuan_context_t ctx; int did_success_msg = 0; char *sockname; const char *printed_name; const char *lock_name; const char *status_start_line; int no_service_err; int seconds_to_wait; unsigned int connect_flags = 0; const char *argv[6]; *r_ctx = NULL; err = assuan_new (&ctx); if (err) { log_error ("error allocating assuan context: %s\n", gpg_strerror (err)); return err; } switch (module_name_id) { case GNUPG_MODULE_NAME_AGENT: sockname = make_filename (gnupg_socketdir (), GPG_AGENT_SOCK_NAME, NULL); lock_name = "agent"; printed_name = "gpg-agent"; status_start_line = "starting_agent ? 0 0"; no_service_err = GPG_ERR_NO_AGENT; seconds_to_wait = SECS_TO_WAIT_FOR_AGENT; break; case GNUPG_MODULE_NAME_DIRMNGR: sockname = make_filename (gnupg_socketdir (), DIRMNGR_SOCK_NAME, NULL); lock_name = "dirmngr"; printed_name = "dirmngr"; status_start_line = "starting_dirmngr ? 0 0"; no_service_err = GPG_ERR_NO_DIRMNGR; seconds_to_wait = SECS_TO_WAIT_FOR_DIRMNGR; break; case GNUPG_MODULE_NAME_KEYBOXD: sockname = make_filename (gnupg_socketdir (), KEYBOXD_SOCK_NAME, NULL); lock_name = "keyboxd"; printed_name = "keyboxd"; status_start_line = "starting_keyboxd ? 0 0"; no_service_err = GPG_ERR_NO_KEYBOXD; seconds_to_wait = SECS_TO_WAIT_FOR_KEYBOXD; connect_flags |= ASSUAN_SOCKET_CONNECT_FDPASSING; break; default: err = gpg_error (GPG_ERR_INV_ARG); assuan_release (ctx); return err; } err = assuan_socket_connect (ctx, sockname, 0, connect_flags); if (err && autostart) { char *abs_homedir; lock_spawn_t lock; char *program = NULL; const char *program_arg = NULL; char *p; const char *s; int i; /* With no success start a new server. */ if (!program_name || !*program_name) program_name = gnupg_module_name (module_name_id); else if ((s=strchr (program_name, '|')) && s[1] == '-' && s[2]=='-') { /* Hack to insert an additional option on the command line. */ program = xtrystrdup (program_name); if (!program) { gpg_error_t tmperr = gpg_err_make (errsource, gpg_err_code_from_syserror ()); xfree (sockname); assuan_release (ctx); return tmperr; } p = strchr (program, '|'); *p++ = 0; program_arg = p; } if (verbose) log_info (_("no running %s - starting '%s'\n"), printed_name, program_name); if (status_cb) status_cb (status_cb_arg, STATUS_PROGRESS, status_start_line, NULL); /* We better pass an absolute home directory to the service just * in case the service does not convert the passed name to an * absolute one (which it should do). */ abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); if (!abs_homedir) { gpg_error_t tmperr = gpg_err_make (errsource, gpg_err_code_from_syserror ()); log_error ("error building filename: %s\n", gpg_strerror (tmperr)); xfree (sockname); assuan_release (ctx); xfree (program); return tmperr; } if (fflush (NULL)) { gpg_error_t tmperr = gpg_err_make (errsource, gpg_err_code_from_syserror ()); log_error ("error flushing pending output: %s\n", strerror (errno)); xfree (sockname); assuan_release (ctx); xfree (abs_homedir); xfree (program); return tmperr; } i = 0; argv[i++] = "--homedir"; argv[i++] = abs_homedir; if (module_name_id == GNUPG_MODULE_NAME_AGENT) argv[i++] = "--use-standard-socket"; if (program_arg) argv[i++] = program_arg; argv[i++] = "--daemon"; argv[i++] = NULL; if (!(err = lock_spawning (&lock, gnupg_homedir (), lock_name, verbose)) && assuan_socket_connect (ctx, sockname, 0, connect_flags)) { #ifdef HAVE_W32_SYSTEM err = gnupg_spawn_process_detached (program? program : program_name, argv, NULL); #else /*!W32*/ pid_t pid; err = gnupg_spawn_process_fd (program? program : program_name, argv, -1, -1, -1, &pid); if (!err) err = gnupg_wait_process (program? program : program_name, pid, 1, NULL); #endif /*!W32*/ if (err) log_error ("failed to start %s '%s': %s\n", printed_name, program? program : program_name, gpg_strerror (err)); else err = wait_for_sock (seconds_to_wait, module_name_id, sockname, connect_flags, verbose, ctx, &did_success_msg); } unlock_spawning (&lock, lock_name); xfree (abs_homedir); xfree (program); } xfree (sockname); if (err) { if (autostart || gpg_err_code (err) != GPG_ERR_ASS_CONNECT_FAILED) log_error ("can't connect to the %s: %s\n", printed_name, gpg_strerror (err)); assuan_release (ctx); return gpg_err_make (errsource, no_service_err); } if (debug && !did_success_msg) log_debug ("connection to the %s established\n", printed_name); if (module_name_id == GNUPG_MODULE_NAME_AGENT) err = assuan_transact (ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); if (!err && module_name_id == GNUPG_MODULE_NAME_AGENT) { err = send_pinentry_environment (ctx, errsource, opt_lc_ctype, opt_lc_messages, session_env); if (gpg_err_code (err) == GPG_ERR_FORBIDDEN && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT) { /* Check whether the agent is in restricted mode. */ if (!assuan_transact (ctx, "GETINFO restricted", NULL, NULL, NULL, NULL, NULL, NULL)) { if (verbose) log_info (_("connection to the agent is in restricted mode\n")); err = 0; } } } if (err) { assuan_release (ctx); return err; } *r_ctx = ctx; return 0; } /* Try to connect to the agent or start a new one. */ gpg_error_t start_new_gpg_agent (assuan_context_t *r_ctx, gpg_err_source_t errsource, const char *agent_program, const char *opt_lc_ctype, const char *opt_lc_messages, session_env_t session_env, int autostart, int verbose, int debug, gpg_error_t (*status_cb)(ctrl_t, int, ...), ctrl_t status_cb_arg) { return start_new_service (r_ctx, GNUPG_MODULE_NAME_AGENT, errsource, agent_program, opt_lc_ctype, opt_lc_messages, session_env, autostart, verbose, debug, status_cb, status_cb_arg); } /* Try to connect to the dirmngr via a socket. On platforms supporting it, start it up if needed and if AUTOSTART is true. Returns a new assuan context at R_CTX or an error code. */ gpg_error_t start_new_keyboxd (assuan_context_t *r_ctx, gpg_err_source_t errsource, const char *keyboxd_program, int autostart, int verbose, int debug, gpg_error_t (*status_cb)(ctrl_t, int, ...), ctrl_t status_cb_arg) { return start_new_service (r_ctx, GNUPG_MODULE_NAME_KEYBOXD, errsource, keyboxd_program, NULL, NULL, NULL, autostart, verbose, debug, status_cb, status_cb_arg); } /* Try to connect to the dirmngr via a socket. On platforms supporting it, start it up if needed and if AUTOSTART is true. Returns a new assuan context at R_CTX or an error code. */ gpg_error_t start_new_dirmngr (assuan_context_t *r_ctx, gpg_err_source_t errsource, const char *dirmngr_program, int autostart, int verbose, int debug, gpg_error_t (*status_cb)(ctrl_t, int, ...), ctrl_t status_cb_arg) { #ifndef USE_DIRMNGR_AUTO_START autostart = 0; #endif return start_new_service (r_ctx, GNUPG_MODULE_NAME_DIRMNGR, errsource, dirmngr_program, NULL, NULL, NULL, autostart, verbose, debug, status_cb, status_cb_arg); } /* Return the version of a server using "GETINFO version". On success 0 is returned and R_VERSION receives a malloced string with the version which must be freed by the caller. On error NULL is stored at R_VERSION and an error code returned. Mode is in general 0 but certain values may be used to modify the used version command: MODE == 0 = Use "GETINFO version" MODE == 2 - Use "SCD GETINFO version" */ gpg_error_t get_assuan_server_version (assuan_context_t ctx, int mode, char **r_version) { gpg_error_t err; membuf_t data; init_membuf (&data, 64); err = assuan_transact (ctx, mode == 2? "SCD GETINFO version" /**/ : "GETINFO version", put_membuf_cb, &data, NULL, NULL, NULL, NULL); if (err) { xfree (get_membuf (&data, NULL)); *r_version = NULL; } else { put_membuf (&data, "", 1); *r_version = get_membuf (&data, NULL); if (!*r_version) err = gpg_error_from_syserror (); } return err; } /* Print a warning if the server's version number is less than our * version number. Returns an error code on a connection problem. * CTX is the Assuan context, SERVERNAME is the name of teh server, * STATUS_FUNC and STATUS_FUNC_DATA is a callback to emit status * messages. If PRINT_HINTS is set additional hints are printed. For * MODE see get_assuan_server_version. */ gpg_error_t warn_server_version_mismatch (assuan_context_t ctx, const char *servername, int mode, gpg_error_t (*status_func)(ctrl_t ctrl, int status_no, ...), void *status_func_ctrl, int print_hints) { gpg_error_t err; char *serverversion; const char *myversion = gpgrt_strusage (13); err = get_assuan_server_version (ctx, mode, &serverversion); if (err) log_log (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED? GPGRT_LOGLVL_INFO : GPGRT_LOGLVL_ERROR, _("error getting version from '%s': %s\n"), servername, gpg_strerror (err)); else if (compare_version_strings (serverversion, myversion) < 0) { char *warn; warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"), servername, serverversion, myversion); if (!warn) err = gpg_error_from_syserror (); else { log_info (_("WARNING: %s\n"), warn); if (print_hints) { log_info (_("Note: Outdated servers may lack important" " security fixes.\n")); log_info (_("Note: Use the command \"%s\" to restart them.\n"), "gpgconf --kill all"); } if (status_func) status_func (status_func_ctrl, STATUS_WARNING, "server_version_mismatch 0", warn, NULL); xfree (warn); } } xfree (serverversion); return err; } diff --git a/common/common-defs.h b/common/common-defs.h index cad5405d0..ff3c65e21 100644 --- a/common/common-defs.h +++ b/common/common-defs.h @@ -1,55 +1,51 @@ /* common-defs.h - Private declarations for common/ * Copyright (C) 2006 Free Software Foundation, Inc. * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify * it under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #ifndef GNUPG_COMMON_COMMON_DEFS_H #define GNUPG_COMMON_COMMON_DEFS_H /* Dummy replacement for getenv. */ #ifndef HAVE_GETENV #define getenv(a) (NULL) #endif -#ifdef HAVE_W32CE_SYSTEM -#define getpid() GetCurrentProcessId () -#endif - /*-- ttyio.c --*/ void tty_private_set_rl_hooks (void (*init_stream) (FILE *), void (*set_completer) (rl_completion_func_t*), void (*inhibit_completion) (int), void (*cleanup_after_signal) (void), char *(*readline_fun) (const char*), void (*add_history_fun) (const char*), int (*rw_history_fun)(const char *, int, int)); #endif /*GNUPG_COMMON_COMMON_DEFS_H*/ diff --git a/common/dotlock.c b/common/dotlock.c index 80d80deec..ab0a5a6a3 100644 --- a/common/dotlock.c +++ b/common/dotlock.c @@ -1,1429 +1,1424 @@ /* dotlock.c - dotfile locking * Copyright (C) 1998, 2000, 2001, 2003, 2004, * 2005, 2006, 2008, 2010, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute and/or modify this * part of GnuPG under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * GnuPG is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copies of the GNU General Public License * and the GNU Lesser General Public License along with this program; * if not, see . * * ALTERNATIVELY, this file may be distributed under the terms of the * following license, in which case the provisions of this license are * required INSTEAD OF the GNU Lesser General License or the GNU * General Public License. If you wish to allow use of your version of * this file only under the terms of the GNU Lesser General License or * the GNU General Public License, and not to allow others to use your * version of this file under the terms of the following license, * indicate your decision by deleting this paragraph and the license * below. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ /* Overview: ========= This module implements advisory file locking in a portable way. Due to the problems with POSIX fcntl locking a separate lock file is used. It would be possible to use fcntl locking on this lock file and thus avoid the weird auto unlock bug of POSIX while still having an unproved better performance of fcntl locking. However there are still problems left, thus we resort to use a hardlink which has the well defined property that a link call will fail if the target file already exists. Given that hardlinks are also available on NTFS file systems since Windows XP; it will be possible to enhance this module to use hardlinks even on Windows and thus allow Windows and Posix clients to use locking on the same directory. This is not yet implemented; instead we use a lockfile on Windows along with W32 style file locking. On FAT file systems hardlinks are not supported. Thus this method does not work. Our solution is to use a O_EXCL locking instead. Querying the type of the file system is not easy to do in a portable way (e.g. Linux has a statfs, BSDs have a the same call but using different structures and constants). What we do instead is to check at runtime whether link(2) works for a specific lock file. How to use: =========== At program initialization time, the module should be explicitly initialized: dotlock_create (NULL, 0); This installs an atexit handler and may also initialize mutex etc. It is optional for non-threaded applications. Only the first call has an effect. This needs to be done before any extra threads are started. To create a lock file (which prepares it but does not take the lock) you do: dotlock_t h h = dotlock_create (fname, 0); if (!h) error ("error creating lock file: %s\n", strerror (errno)); It is important to handle the error. For example on a read-only file system a lock can't be created (but is usually not needed). FNAME is the file you want to lock; the actual lockfile is that name with the suffix ".lock" appended. On success a handle to be used with the other functions is returned or NULL on error. Note that the handle shall only be used by one thread at a time. This function creates a unique file temporary file (".#lk*") in the same directory as FNAME and returns a handle for further operations. The module keeps track of these unique files so that they will be unlinked using the atexit handler. If you don't need the lock file anymore, you may also explicitly remove it with a call to: dotlock_destroy (h); To actually lock the file, you use: if (dotlock_take (h, -1)) error ("error taking lock: %s\n", strerror (errno)); This function will wait until the lock is acquired. If an unexpected error occurs if will return non-zero and set ERRNO. If you pass (0) instead of (-1) the function does not wait in case the file is already locked but returns -1 and sets ERRNO to EACCES. Any other positive value for the second parameter is considered a timeout value in milliseconds. To release the lock you call: if (dotlock_release (h)) error ("error releasing lock: %s\n", strerror (errno)); or, if the lock file is not anymore needed, you may just call dotlock_destroy. However dotlock_release does some extra checks before releasing the lock and prints diagnostics to help detecting bugs. If you want to explicitly destroy all lock files you may call dotlock_remove_lockfiles (); which is the core of the installed atexit handler. In case your application wants to disable locking completely it may call disable_locking () before any locks are created. There are two convenience functions to store an integer (e.g. a file descriptor) value with the handle: void dotlock_set_fd (dotlock_t h, int fd); int dotlock_get_fd (dotlock_t h); If nothing has been stored dotlock_get_fd returns -1. How to build: ============= This module was originally developed for GnuPG but later changed to allow its use without any GnuPG dependency. If you want to use it with you application you may simply use it and it should figure out most things automagically. You may use the common config.h file to pass macros, but take care to pass -DHAVE_CONFIG_H to the compiler. Macros used by this module are: DOTLOCK_USE_PTHREAD - Define if POSIX threads are in use. DOTLOCK_GLIB_LOGGING - Define this to use Glib logging functions. DOTLOCK_EXT_SYM_PREFIX - Prefix all external symbols with the string to which this macro evaluates. GNUPG_MAJOR_VERSION - Defined when used by GnuPG. HAVE_DOSISH_SYSTEM - Defined for Windows etc. Will be automatically defined if a the target is Windows. HAVE_POSIX_SYSTEM - Internally defined to !HAVE_DOSISH_SYSTEM. HAVE_SIGNAL_H - Should be defined on Posix systems. If config.h is not used defaults to defined. DIRSEP_C - Separation character for file name parts. Usually not redefined. EXTSEP_S - Separation string for file name suffixes. Usually not redefined. - HAVE_W32CE_SYSTEM - Currently only used by GnuPG. - Note that there is a test program t-dotlock which has compile instructions at its end. At least for SMBFS and CIFS it is important that 64 bit versions of stat are used; most programming environments do this these days, just in case you want to compile it on the command line, remember to pass -D_FILE_OFFSET_BITS=64 Bugs: ===== On Windows this module is not yet thread-safe. Miscellaneous notes: ==================== On hardlinks: - Hardlinks are supported under Windows with NTFS since XP/Server2003. - In Linux 2.6.33 both SMBFS and CIFS seem to support hardlinks. - NFS supports hard links. But there are solvable problems. - FAT does not support links On the file locking API: - CIFS on Linux 2.6.33 supports several locking methods. SMBFS seems not to support locking. No closer checks done. - NFS supports Posix locks. flock is emulated in the server. However there are a couple of problems; see below. - FAT does not support locks. - An advantage of fcntl locking is that R/W locks can be implemented which is not easy with a straight lock file. On O_EXCL: - Does not work reliable on NFS - Should work on CIFS and SMBFS but how can we delete lockfiles? On NFS problems: - Locks vanish if the server crashes and reboots. - Client crashes keep the lock in the server until the client re-connects. - Communication problems may return unreliable error codes. The MUA Postfix's workaround is to compare the link count after seeing an error for link. However that gives a race. If using a unique file to link to a lockfile and using stat to check the link count instead of looking at the error return of link(2) is the best solution. - O_EXCL seems to have a race and may re-create a file anyway. */ #ifdef HAVE_CONFIG_H # include #endif /* Some quick replacements for stuff we usually expect to be defined in config.h. Define HAVE_POSIX_SYSTEM for better readability. */ #if !defined (HAVE_DOSISH_SYSTEM) && defined(_WIN32) # define HAVE_DOSISH_SYSTEM 1 #endif #if !defined (HAVE_DOSISH_SYSTEM) && !defined (HAVE_POSIX_SYSTEM) # define HAVE_POSIX_SYSTEM 1 #endif /* With no config.h assume that we have sitgnal.h. */ #if !defined (HAVE_CONFIG_H) && defined (HAVE_POSIX_SYSTEM) # define HAVE_SIGNAL_H 1 #endif /* Standard headers. */ #include #include #include #include #include #include #include #ifdef HAVE_DOSISH_SYSTEM # define WIN32_LEAN_AND_MEAN /* We only need the OS core stuff. */ # include #else # include # include # include #endif #include #include #include #include #ifdef HAVE_SIGNAL_H # include #endif #ifdef DOTLOCK_USE_PTHREAD # include #endif #ifdef DOTLOCK_GLIB_LOGGING # include #endif #ifdef GNUPG_MAJOR_VERSION # include "util.h" # include "common-defs.h" # include "stringhelp.h" /* For stpcpy and w32_strerror. */ #endif -#ifdef HAVE_W32CE_SYSTEM -# include "utf8conv.h" /* WindowsCE requires filename conversion. */ -#endif #include "dotlock.h" /* Define constants for file name construction. */ #if !defined(DIRSEP_C) && !defined(EXTSEP_S) # ifdef HAVE_DOSISH_SYSTEM # define DIRSEP_C '\\' # define EXTSEP_S "." #else # define DIRSEP_C '/' # define EXTSEP_S "." # endif #endif /* In GnuPG we use wrappers around the malloc functions. If they are not defined we assume that this code is used outside of GnuPG and fall back to the regular malloc functions. */ #ifndef xtrymalloc # define xtrymalloc(a) malloc ((a)) # define xtrycalloc(a,b) calloc ((a), (b)) # define xfree(a) free ((a)) #endif /* Wrapper to set ERRNO (required for W32CE). */ #ifdef GPG_ERROR_VERSION # define my_set_errno(e) gpg_err_set_errno ((e)) #else # define my_set_errno(e) do { errno = (e); } while (0) #endif /* Gettext macro replacement. */ #ifndef _ # define _(a) (a) #endif #ifdef GNUPG_MAJOR_VERSION # define my_info_0(a) log_info ((a)) # define my_info_1(a,b) log_info ((a), (b)) # define my_info_2(a,b,c) log_info ((a), (b), (c)) # define my_info_3(a,b,c,d) log_info ((a), (b), (c), (d)) # define my_error_0(a) log_error ((a)) # define my_error_1(a,b) log_error ((a), (b)) # define my_error_2(a,b,c) log_error ((a), (b), (c)) # define my_debug_1(a,b) log_debug ((a), (b)) # define my_fatal_0(a) log_fatal ((a)) #elif defined (DOTLOCK_GLIB_LOGGING) # define my_info_0(a) g_message ((a)) # define my_info_1(a,b) g_message ((a), (b)) # define my_info_2(a,b,c) g_message ((a), (b), (c)) # define my_info_3(a,b,c,d) g_message ((a), (b), (c), (d)) # define my_error_0(a) g_warning ((a)) # define my_error_1(a,b) g_warning ((a), (b)) # define my_error_2(a,b,c) g_warning ((a), (b), (c)) # define my_debug_1(a,b) g_debug ((a), (b)) # define my_fatal_0(a) g_error ((a)) #else # define my_info_0(a) fprintf (stderr, (a)) # define my_info_1(a,b) fprintf (stderr, (a), (b)) # define my_info_2(a,b,c) fprintf (stderr, (a), (b), (c)) # define my_info_3(a,b,c,d) fprintf (stderr, (a), (b), (c), (d)) # define my_error_0(a) fprintf (stderr, (a)) # define my_error_1(a,b) fprintf (stderr, (a), (b)) # define my_error_2(a,b,c) fprintf (stderr, (a), (b), (c)) # define my_debug_1(a,b) fprintf (stderr, (a), (b)) # define my_fatal_0(a) do { fprintf (stderr,(a)); fflush (stderr); \ abort (); } while (0) #endif /* The object describing a lock. */ struct dotlock_handle { struct dotlock_handle *next; char *lockname; /* Name of the actual lockfile. */ unsigned int locked:1; /* Lock status. */ unsigned int disable:1; /* If true, locking is disabled. */ unsigned int use_o_excl:1; /* Use open (O_EXCL) for locking. */ int extra_fd; /* A place for the caller to store an FD. */ #ifdef HAVE_DOSISH_SYSTEM HANDLE lockhd; /* The W32 handle of the lock file. */ #else /*!HAVE_DOSISH_SYSTEM */ char *tname; /* Name of the lockfile template. */ size_t nodename_off; /* Offset in TNAME of the nodename part. */ size_t nodename_len; /* Length of the nodename part. */ #endif /*!HAVE_DOSISH_SYSTEM */ }; /* A list of all lock handles. The volatile attribute might help if used in an atexit handler. Note that [UN]LOCK_all_lockfiles must not change ERRNO. */ static volatile dotlock_t all_lockfiles; #ifdef DOTLOCK_USE_PTHREAD static pthread_mutex_t all_lockfiles_mutex = PTHREAD_MUTEX_INITIALIZER; # define LOCK_all_lockfiles() do { \ if (pthread_mutex_lock (&all_lockfiles_mutex)) \ my_fatal_0 ("locking all_lockfiles_mutex failed\n"); \ } while (0) # define UNLOCK_all_lockfiles() do { \ if (pthread_mutex_unlock (&all_lockfiles_mutex)) \ my_fatal_0 ("unlocking all_lockfiles_mutex failed\n"); \ } while (0) #else /*!DOTLOCK_USE_PTHREAD*/ # define LOCK_all_lockfiles() do { } while (0) # define UNLOCK_all_lockfiles() do { } while (0) #endif /*!DOTLOCK_USE_PTHREAD*/ /* If this has the value true all locking is disabled. */ static int never_lock; #ifdef HAVE_DOSISH_SYSTEM /* FIXME: For use in GnuPG this can be replaced by * gnupg_w32_set_errno. */ static int map_w32_to_errno (DWORD w32_err) { switch (w32_err) { case 0: return 0; case ERROR_FILE_NOT_FOUND: return ENOENT; case ERROR_PATH_NOT_FOUND: return ENOENT; case ERROR_ACCESS_DENIED: return EPERM; case ERROR_INVALID_HANDLE: case ERROR_INVALID_BLOCK: return EINVAL; case ERROR_NOT_ENOUGH_MEMORY: return ENOMEM; case ERROR_NO_DATA: case ERROR_BROKEN_PIPE: return EPIPE; default: return EIO; } } #endif /*HAVE_DOSISH_SYSTEM*/ #ifdef HAVE_W32_SYSTEM static int any8bitchar (const char *string) { if (string) for ( ; *string; string++) if ((*string & 0x80)) return 1; return 0; } #endif /*HAVE_W32_SYSTEM*/ /* Entirely disable all locking. This function should be called before any locking is done. It may be called right at startup of the process as it only sets a global value. */ void dotlock_disable (void) { never_lock = 1; } #ifdef HAVE_POSIX_SYSTEM static int maybe_deadlock (dotlock_t h) { dotlock_t r; int res = 0; LOCK_all_lockfiles (); for (r=all_lockfiles; r; r = r->next) { if ( r != h && r->locked ) { res = 1; break; } } UNLOCK_all_lockfiles (); return res; } #endif /*HAVE_POSIX_SYSTEM*/ /* Read the lock file and return the pid, returns -1 on error. True will be stored in the integer at address SAME_NODE if the lock file has been created on the same node. */ #ifdef HAVE_POSIX_SYSTEM static int read_lockfile (dotlock_t h, int *same_node, int *r_fd) { char buffer_space[10+1+70+1]; /* 70 is just an estimated value; node names are usually shorter. */ int fd; int pid = -1; char *buffer, *p; size_t expected_len; int res, nread; *same_node = 0; expected_len = 10 + 1 + h->nodename_len + 1; if ( expected_len >= sizeof buffer_space) { buffer = xtrymalloc (expected_len); if (!buffer) return -1; } else buffer = buffer_space; if ( (fd = open (h->lockname, O_RDONLY)) == -1 ) { int e = errno; my_info_2 ("error opening lockfile '%s': %s\n", h->lockname, strerror(errno) ); if (buffer != buffer_space) xfree (buffer); my_set_errno (e); /* Need to return ERRNO here. */ return -1; } p = buffer; nread = 0; do { res = read (fd, p, expected_len - nread); if (res == -1 && errno == EINTR) continue; if (res < 0) { int e = errno; my_info_1 ("error reading lockfile '%s'\n", h->lockname ); close (fd); if (buffer != buffer_space) xfree (buffer); my_set_errno (e); return -1; } p += res; nread += res; } while (res && nread != expected_len); if (r_fd) *r_fd = fd; else close(fd); if (nread < 11) { my_info_1 ("invalid size of lockfile '%s'\n", h->lockname); if (buffer != buffer_space) xfree (buffer); my_set_errno (EINVAL); return -1; } if (buffer[10] != '\n' || (buffer[10] = 0, pid = atoi (buffer)) == -1 || !pid ) { my_error_2 ("invalid pid %d in lockfile '%s'\n", pid, h->lockname); if (buffer != buffer_space) xfree (buffer); my_set_errno (EINVAL); return -1; } if (nread == expected_len && !memcmp (h->tname+h->nodename_off, buffer+11, h->nodename_len) && buffer[11+h->nodename_len] == '\n') *same_node = 1; if (buffer != buffer_space) xfree (buffer); return pid; } #endif /*HAVE_POSIX_SYSTEM */ /* Check whether the file system which stores TNAME supports hardlinks. Instead of using the non-portable statsfs call which differs between various Unix versions, we do a runtime test. Returns: 0 supports hardlinks; 1 no hardlink support, -1 unknown (test error). */ #ifdef HAVE_POSIX_SYSTEM static int use_hardlinks_p (const char *tname) { char *lname; struct stat sb; unsigned int nlink; int res; if (stat (tname, &sb)) return -1; nlink = (unsigned int)sb.st_nlink; lname = xtrymalloc (strlen (tname) + 1 + 1); if (!lname) return -1; strcpy (lname, tname); strcat (lname, "x"); /* We ignore the return value of link() because it is unreliable. */ (void) link (tname, lname); if (stat (tname, &sb)) res = -1; /* Ooops. */ else if (sb.st_nlink == nlink + 1) res = 0; /* Yeah, hardlinks are supported. */ else res = 1; /* No hardlink support. */ unlink (lname); xfree (lname); return res; } #endif /*HAVE_POSIX_SYSTEM */ #ifdef HAVE_POSIX_SYSTEM /* Locking core for Unix. It used a temporary file and the link system call to make locking an atomic operation. */ static dotlock_t dotlock_create_unix (dotlock_t h, const char *file_to_lock) { int fd = -1; char pidstr[16]; const char *nodename; const char *dirpart; int dirpartlen; struct utsname utsbuf; size_t tnamelen; snprintf (pidstr, sizeof pidstr, "%10d\n", (int)getpid() ); /* Create a temporary file. */ if ( uname ( &utsbuf ) ) nodename = "unknown"; else nodename = utsbuf.nodename; if ( !(dirpart = strrchr (file_to_lock, DIRSEP_C)) ) { dirpart = EXTSEP_S; dirpartlen = 1; } else { dirpartlen = dirpart - file_to_lock; dirpart = file_to_lock; } LOCK_all_lockfiles (); h->next = all_lockfiles; all_lockfiles = h; tnamelen = dirpartlen + 6 + 30 + strlen(nodename) + 10 + 1; h->tname = xtrymalloc (tnamelen + 1); if (!h->tname) { all_lockfiles = h->next; UNLOCK_all_lockfiles (); xfree (h); return NULL; } h->nodename_len = strlen (nodename); snprintf (h->tname, tnamelen, "%.*s/.#lk%p.", dirpartlen, dirpart, h ); h->nodename_off = strlen (h->tname); snprintf (h->tname+h->nodename_off, tnamelen - h->nodename_off, "%s.%d", nodename, (int)getpid ()); do { my_set_errno (0); fd = open (h->tname, O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR ); } while (fd == -1 && errno == EINTR); if ( fd == -1 ) { int saveerrno = errno; all_lockfiles = h->next; UNLOCK_all_lockfiles (); my_error_2 (_("failed to create temporary file '%s': %s\n"), h->tname, strerror (errno)); xfree (h->tname); xfree (h); my_set_errno (saveerrno); return NULL; } if ( write (fd, pidstr, 11 ) != 11 ) goto write_failed; if ( write (fd, nodename, strlen (nodename) ) != strlen (nodename) ) goto write_failed; if ( write (fd, "\n", 1 ) != 1 ) goto write_failed; if ( close (fd) ) { if ( errno == EINTR ) fd = -1; goto write_failed; } fd = -1; /* Check whether we support hard links. */ switch (use_hardlinks_p (h->tname)) { case 0: /* Yes. */ break; case 1: /* No. */ unlink (h->tname); h->use_o_excl = 1; break; default: { int saveerrno = errno; my_error_2 ("can't check whether hardlinks are supported for '%s': %s\n" , h->tname, strerror (saveerrno)); my_set_errno (saveerrno); } goto write_failed; } h->lockname = xtrymalloc (strlen (file_to_lock) + 6 ); if (!h->lockname) { int saveerrno = errno; all_lockfiles = h->next; UNLOCK_all_lockfiles (); unlink (h->tname); xfree (h->tname); xfree (h); my_set_errno (saveerrno); return NULL; } strcpy (stpcpy (h->lockname, file_to_lock), EXTSEP_S "lock"); UNLOCK_all_lockfiles (); return h; write_failed: { int saveerrno = errno; all_lockfiles = h->next; UNLOCK_all_lockfiles (); my_error_2 (_("error writing to '%s': %s\n"), h->tname, strerror (errno)); if ( fd != -1 ) close (fd); unlink (h->tname); xfree (h->tname); xfree (h); my_set_errno (saveerrno); } return NULL; } #endif /*HAVE_POSIX_SYSTEM*/ #ifdef HAVE_DOSISH_SYSTEM /* Locking core for Windows. This version does not need a temporary file but uses the plain lock file along with record locking. We create this file here so that we later only need to do the file locking. For error reporting it is useful to keep the name of the file in the handle. */ static dotlock_t dotlock_create_w32 (dotlock_t h, const char *file_to_lock) { LOCK_all_lockfiles (); h->next = all_lockfiles; all_lockfiles = h; h->lockname = strconcat (file_to_lock, EXTSEP_S "lock", NULL); if (!h->lockname) { all_lockfiles = h->next; UNLOCK_all_lockfiles (); xfree (h); return NULL; } /* If would be nice if we would use the FILE_FLAG_DELETE_ON_CLOSE along with FILE_SHARE_DELETE but that does not work due to a race condition: Despite the OPEN_ALWAYS flag CreateFile may return an error and we can't reliable create/open the lock file unless we would wait here until it works - however there are other valid reasons why a lock file can't be created and thus the process would not stop as expected but spin until Windows crashes. Our solution is to keep the lock file open; that does not harm. */ if (any8bitchar (h->lockname)) { wchar_t *wname = utf8_to_wchar (h->lockname); if (wname) h->lockhd = CreateFileW (wname, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, 0, NULL); else h->lockhd = INVALID_HANDLE_VALUE; xfree (wname); } else h->lockhd = CreateFileA (h->lockname, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, 0, NULL); if (h->lockhd == INVALID_HANDLE_VALUE) { int saveerrno = map_w32_to_errno (GetLastError ()); all_lockfiles = h->next; UNLOCK_all_lockfiles (); my_error_2 (_("can't create '%s': %s\n"), h->lockname, w32_strerror (-1)); xfree (h->lockname); xfree (h); my_set_errno (saveerrno); return NULL; } return h; } #endif /*HAVE_DOSISH_SYSTEM*/ /* Create a lockfile for a file name FILE_TO_LOCK and returns an object of type dotlock_t which may be used later to actually acquire the lock. A cleanup routine gets installed to cleanup left over locks or other files used internally by the lock mechanism. Calling this function with NULL does only install the atexit handler and may thus be used to assure that the cleanup is called after all other atexit handlers. This function creates a lock file in the same directory as FILE_TO_LOCK using that name and a suffix of ".lock". Note that on POSIX systems a temporary file ".#lk..pid[.threadid] is used. FLAGS must be 0. The function returns an new handle which needs to be released using destroy_dotlock but gets also released at the termination of the process. On error NULL is returned. */ dotlock_t dotlock_create (const char *file_to_lock, unsigned int flags) { static int initialized; dotlock_t h; if ( !initialized ) { atexit (dotlock_remove_lockfiles); initialized = 1; } if ( !file_to_lock ) return NULL; /* Only initialization was requested. */ if (flags) { my_set_errno (EINVAL); return NULL; } h = xtrycalloc (1, sizeof *h); if (!h) return NULL; h->extra_fd = -1; if (never_lock) { h->disable = 1; LOCK_all_lockfiles (); h->next = all_lockfiles; all_lockfiles = h; UNLOCK_all_lockfiles (); return h; } #ifdef HAVE_DOSISH_SYSTEM return dotlock_create_w32 (h, file_to_lock); #else /*!HAVE_DOSISH_SYSTEM */ return dotlock_create_unix (h, file_to_lock); #endif /*!HAVE_DOSISH_SYSTEM*/ } /* Convenience function to store a file descriptor (or any other integer value) in the context of handle H. */ void dotlock_set_fd (dotlock_t h, int fd) { h->extra_fd = fd; } /* Convenience function to retrieve a file descriptor (or any other integer value) stored in the context of handle H. */ int dotlock_get_fd (dotlock_t h) { return h->extra_fd; } #ifdef HAVE_POSIX_SYSTEM /* Unix specific code of destroy_dotlock. */ static void dotlock_destroy_unix (dotlock_t h) { if (h->locked && h->lockname) unlink (h->lockname); if (h->tname && !h->use_o_excl) unlink (h->tname); xfree (h->tname); } #endif /*HAVE_POSIX_SYSTEM*/ #ifdef HAVE_DOSISH_SYSTEM /* Windows specific code of destroy_dotlock. */ static void dotlock_destroy_w32 (dotlock_t h) { if (h->locked) { OVERLAPPED ovl; memset (&ovl, 0, sizeof ovl); UnlockFileEx (h->lockhd, 0, 1, 0, &ovl); } CloseHandle (h->lockhd); } #endif /*HAVE_DOSISH_SYSTEM*/ /* Destroy the lock handle H and release the lock. */ void dotlock_destroy (dotlock_t h) { dotlock_t hprev, htmp; if ( !h ) return; /* First remove the handle from our global list of all locks. */ LOCK_all_lockfiles (); for (hprev=NULL, htmp=all_lockfiles; htmp; hprev=htmp, htmp=htmp->next) if (htmp == h) { if (hprev) hprev->next = htmp->next; else all_lockfiles = htmp->next; h->next = NULL; break; } UNLOCK_all_lockfiles (); /* Then destroy the lock. */ if (!h->disable) { #ifdef HAVE_DOSISH_SYSTEM dotlock_destroy_w32 (h); #else /* !HAVE_DOSISH_SYSTEM */ dotlock_destroy_unix (h); #endif /* HAVE_DOSISH_SYSTEM */ xfree (h->lockname); } xfree(h); } #ifdef HAVE_POSIX_SYSTEM /* Unix specific code of make_dotlock. Returns 0 on success and -1 on error. */ static int dotlock_take_unix (dotlock_t h, long timeout) { int wtime = 0; int sumtime = 0; int pid; int lastpid = -1; int ownerchanged; const char *maybe_dead=""; int same_node; int saveerrno; int fd; again: if (h->use_o_excl) { /* No hardlink support - use open(O_EXCL). */ do { my_set_errno (0); fd = open (h->lockname, O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR ); } while (fd == -1 && errno == EINTR); if (fd == -1 && errno == EEXIST) ; /* Lock held by another process. */ else if (fd == -1) { saveerrno = errno; my_error_2 ("lock not made: open(O_EXCL) of '%s' failed: %s\n", h->lockname, strerror (saveerrno)); my_set_errno (saveerrno); return -1; } else { char pidstr[16]; snprintf (pidstr, sizeof pidstr, "%10d\n", (int)getpid()); if (write (fd, pidstr, 11 ) == 11 && write (fd, h->tname + h->nodename_off,h->nodename_len) == h->nodename_len && write (fd, "\n", 1) == 1 && !close (fd)) { h->locked = 1; return 0; } /* Write error. */ saveerrno = errno; my_error_2 ("lock not made: writing to '%s' failed: %s\n", h->lockname, strerror (errno)); close (fd); unlink (h->lockname); my_set_errno (saveerrno); return -1; } } else /* Standard method: Use hardlinks. */ { struct stat sb; /* We ignore the return value of link() because it is unreliable. */ (void) link (h->tname, h->lockname); if (stat (h->tname, &sb)) { saveerrno = errno; my_error_1 ("lock not made: Oops: stat of tmp file failed: %s\n", strerror (errno)); /* In theory this might be a severe error: It is possible that link succeeded but stat failed due to changed permissions. We can't do anything about it, though. */ my_set_errno (saveerrno); return -1; } if (sb.st_nlink == 2) { h->locked = 1; return 0; /* Okay. */ } } /* Check for stale lock files. */ if ( (pid = read_lockfile (h, &same_node, &fd)) == -1 ) { if ( errno != ENOENT ) { saveerrno = errno; my_info_0 ("cannot read lockfile\n"); my_set_errno (saveerrno); return -1; } my_info_0 ("lockfile disappeared\n"); goto again; } else if ( (pid == getpid() && same_node) || (same_node && kill (pid, 0) && errno == ESRCH) ) /* Stale lockfile is detected. */ { struct stat sb; /* Check if it's unlocked during examining the lockfile. */ if (fstat (fd, &sb) || sb.st_nlink == 0) { /* It's gone already by another process. */ close (fd); goto again; } /* * Here, although it's quite _rare_, we have a race condition. * * When multiple processes race on a stale lockfile, detecting * AND removing should be done atomically. That is, to work * correctly, the file to be removed should be the one which is * examined for detection. * * But, when it's not atomic, consider the case for us where it * takes some time between the detection and the removal of the * lockfile. * * In this situation, it is possible that the file which was * detected as stale is already removed by another process and * then new lockfile is created (by that process or other one). * * And it is newly created valid lockfile which is going to be * removed by us. * * Consider this long comment as it expresses possible (long) * time between fstat above and unlink below; Meanwhile, the * lockfile in question may be removed and there may be new * valid one. * * In short, when you see the message of removing stale lockfile * when there are multiple processes for the work, there is * (very) little possibility something went wrong. */ unlink (h->lockname); my_info_1 (_("removing stale lockfile (created by %d)\n"), pid); close (fd); goto again; } close (fd); if (lastpid == -1) lastpid = pid; ownerchanged = (pid != lastpid); if (timeout) { struct timeval tv; /* Wait until lock has been released. We use increasing retry intervals of 50ms, 100ms, 200ms, 400ms, 800ms, 2s, 4s and 8s but reset it if the lock owner meanwhile changed. */ if (!wtime || ownerchanged) wtime = 50; else if (wtime < 800) wtime *= 2; else if (wtime == 800) wtime = 2000; else if (wtime < 8000) wtime *= 2; if (timeout > 0) { if (wtime > timeout) wtime = timeout; timeout -= wtime; } sumtime += wtime; if (sumtime >= 1500) { sumtime = 0; my_info_3 (_("waiting for lock (held by %d%s) %s...\n"), pid, maybe_dead, maybe_deadlock(h)? _("(deadlock?) "):""); } tv.tv_sec = wtime / 1000; tv.tv_usec = (wtime % 1000) * 1000; select (0, NULL, NULL, NULL, &tv); goto again; } my_set_errno (EACCES); return -1; } #endif /*HAVE_POSIX_SYSTEM*/ #ifdef HAVE_DOSISH_SYSTEM /* Windows specific code of make_dotlock. Returns 0 on success and -1 on error. */ static int dotlock_take_w32 (dotlock_t h, long timeout) { int wtime = 0; int w32err; OVERLAPPED ovl; again: /* Lock one byte at offset 0. The offset is given by OVL. */ memset (&ovl, 0, sizeof ovl); if (LockFileEx (h->lockhd, (LOCKFILE_EXCLUSIVE_LOCK | LOCKFILE_FAIL_IMMEDIATELY), 0, 1, 0, &ovl)) { h->locked = 1; return 0; /* okay */ } w32err = GetLastError (); if (w32err != ERROR_LOCK_VIOLATION) { my_error_2 (_("lock '%s' not made: %s\n"), h->lockname, w32_strerror (w32err)); my_set_errno (map_w32_to_errno (w32err)); return -1; } if (timeout) { /* Wait until lock has been released. We use retry intervals of 50ms, 100ms, 200ms, 400ms, 800ms, 2s, 4s and 8s. */ if (!wtime) wtime = 50; else if (wtime < 800) wtime *= 2; else if (wtime == 800) wtime = 2000; else if (wtime < 8000) wtime *= 2; if (timeout > 0) { if (wtime > timeout) wtime = timeout; timeout -= wtime; } if (wtime >= 800) my_info_1 (_("waiting for lock %s...\n"), h->lockname); Sleep (wtime); goto again; } my_set_errno (EACCES); return -1; } #endif /*HAVE_DOSISH_SYSTEM*/ /* Take a lock on H. A value of 0 for TIMEOUT returns immediately if the lock can't be taken, -1 waits forever (hopefully not), other values wait for TIMEOUT milliseconds. Returns: 0 on success */ int dotlock_take (dotlock_t h, long timeout) { int ret; if ( h->disable ) return 0; /* Locks are completely disabled. Return success. */ if ( h->locked ) { my_debug_1 ("Oops, '%s' is already locked\n", h->lockname); return 0; } #ifdef HAVE_DOSISH_SYSTEM ret = dotlock_take_w32 (h, timeout); #else /*!HAVE_DOSISH_SYSTEM*/ ret = dotlock_take_unix (h, timeout); #endif /*!HAVE_DOSISH_SYSTEM*/ return ret; } #ifdef HAVE_POSIX_SYSTEM /* Unix specific code of release_dotlock. */ static int dotlock_release_unix (dotlock_t h) { int pid, same_node; int saveerrno; pid = read_lockfile (h, &same_node, NULL); if ( pid == -1 ) { saveerrno = errno; my_error_0 ("release_dotlock: lockfile error\n"); my_set_errno (saveerrno); return -1; } if ( pid != getpid() || !same_node ) { my_error_1 ("release_dotlock: not our lock (pid=%d)\n", pid); my_set_errno (EACCES); return -1; } if ( unlink( h->lockname ) ) { saveerrno = errno; my_error_1 ("release_dotlock: error removing lockfile '%s'\n", h->lockname); my_set_errno (saveerrno); return -1; } /* Fixme: As an extra check we could check whether the link count is now really at 1. */ return 0; } #endif /*HAVE_POSIX_SYSTEM */ #ifdef HAVE_DOSISH_SYSTEM /* Windows specific code of release_dotlock. */ static int dotlock_release_w32 (dotlock_t h) { OVERLAPPED ovl; memset (&ovl, 0, sizeof ovl); if (!UnlockFileEx (h->lockhd, 0, 1, 0, &ovl)) { int saveerrno = map_w32_to_errno (GetLastError ()); my_error_2 ("release_dotlock: error removing lockfile '%s': %s\n", h->lockname, w32_strerror (-1)); my_set_errno (saveerrno); return -1; } return 0; } #endif /*HAVE_DOSISH_SYSTEM */ /* Release a lock. Returns 0 on success. */ int dotlock_release (dotlock_t h) { int ret; /* To avoid atexit race conditions we first check whether there are any locks left. It might happen that another atexit handler tries to release the lock while the atexit handler of this module already ran and thus H is undefined. */ LOCK_all_lockfiles (); ret = !all_lockfiles; UNLOCK_all_lockfiles (); if (ret) return 0; if ( h->disable ) return 0; if ( !h->locked ) { my_debug_1 ("Oops, '%s' is not locked\n", h->lockname); return 0; } #ifdef HAVE_DOSISH_SYSTEM ret = dotlock_release_w32 (h); #else ret = dotlock_release_unix (h); #endif if (!ret) h->locked = 0; return ret; } /* Remove all lockfiles. This is called by the atexit handler installed by this module but may also be called by other termination handlers. */ void dotlock_remove_lockfiles (void) { dotlock_t h, h2; /* First set the lockfiles list to NULL so that for example dotlock_release is aware that this function is currently running. */ LOCK_all_lockfiles (); h = all_lockfiles; all_lockfiles = NULL; UNLOCK_all_lockfiles (); while ( h ) { h2 = h->next; dotlock_destroy (h); h = h2; } } diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 54fe7dbac..fa613449d 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -1,917 +1,917 @@ /* exechelp.c - Fork and exec helpers for POSIX * Copyright (C) 2004, 2007-2009, 2010 Free Software Foundation, Inc. * Copyright (C) 2004, 2006-2012, 2014-2017 g10 Code GmbH * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify * it under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+) */ #include -#if defined(HAVE_W32_SYSTEM) || defined (HAVE_W32CE_SYSTEM) +#if defined(HAVE_W32_SYSTEM) #error This code is only used on POSIX #endif #include #include #include #include #include #include #ifdef HAVE_SIGNAL_H # include #endif #include #include #ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ #undef HAVE_NPTH #undef USE_NPTH #endif #ifdef HAVE_NPTH #include #endif #include #ifdef HAVE_GETRLIMIT #include #include #endif /*HAVE_GETRLIMIT*/ #ifdef HAVE_STAT # include #endif #if __linux__ # include # include #endif /*__linux__ */ #include "util.h" #include "i18n.h" #include "sysutils.h" #include "exechelp.h" /* Helper */ static inline gpg_error_t my_error_from_syserror (void) { return gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); } static inline gpg_error_t my_error (int errcode) { return gpg_err_make (default_errsource, errcode); } /* Return the maximum number of currently allowed open file descriptors. Only useful on POSIX systems but returns a value on other systems too. */ int get_max_fds (void) { int max_fds = -1; #ifdef HAVE_GETRLIMIT struct rlimit rl; /* Under Linux we can figure out the highest used file descriptor by * reading /proc/PID/fd. This is in the common cases much fast than * for example doing 4096 close calls where almost all of them will * fail. On a system with a limit of 4096 files and only 8 files * open with the highest number being 10, we speedup close_all_fds * from 125ms to 0.4ms including readdir. * * Another option would be to close the file descriptors as returned * from reading that directory - however then we need to snapshot * that list before starting to close them. */ #ifdef __linux__ { DIR *dir = NULL; struct dirent *dir_entry; const char *s; int x; dir = opendir ("/proc/self/fd"); if (dir) { while ((dir_entry = readdir (dir))) { s = dir_entry->d_name; if ( *s < '0' || *s > '9') continue; x = atoi (s); if (x > max_fds) max_fds = x; } closedir (dir); } if (max_fds != -1) return max_fds + 1; } #endif /* __linux__ */ # ifdef RLIMIT_NOFILE if (!getrlimit (RLIMIT_NOFILE, &rl)) max_fds = rl.rlim_max; # endif # ifdef RLIMIT_OFILE if (max_fds == -1 && !getrlimit (RLIMIT_OFILE, &rl)) max_fds = rl.rlim_max; # endif #endif /*HAVE_GETRLIMIT*/ #ifdef _SC_OPEN_MAX if (max_fds == -1) { long int scres = sysconf (_SC_OPEN_MAX); if (scres >= 0) max_fds = scres; } #endif #ifdef _POSIX_OPEN_MAX if (max_fds == -1) max_fds = _POSIX_OPEN_MAX; #endif #ifdef OPEN_MAX if (max_fds == -1) max_fds = OPEN_MAX; #endif if (max_fds == -1) max_fds = 256; /* Arbitrary limit. */ /* AIX returns INT32_MAX instead of a proper value. We assume that this is always an error and use an arbitrary limit. */ #ifdef INT32_MAX if (max_fds == INT32_MAX) max_fds = 256; #endif return max_fds; } /* Close all file descriptors starting with descriptor FIRST. If EXCEPT is not NULL, it is expected to be a list of file descriptors which shall not be closed. This list shall be sorted in ascending order with the end marked by -1. */ void close_all_fds (int first, int *except) { int max_fd = get_max_fds (); int fd, i, except_start; if (except) { except_start = 0; for (fd=first; fd < max_fd; fd++) { for (i=except_start; except[i] != -1; i++) { if (except[i] == fd) { /* If we found the descriptor in the exception list we can start the next compare run at the next index because the exception list is ordered. */ except_start = i + 1; break; } } if (except[i] == -1) close (fd); } } else { for (fd=first; fd < max_fd; fd++) close (fd); } gpg_err_set_errno (0); } /* Returns an array with all currently open file descriptors. The end of the array is marked by -1. The caller needs to release this array using the *standard free* and not with xfree. This allow the use of this function right at startup even before libgcrypt has been initialized. Returns NULL on error and sets ERRNO accordingly. */ int * get_all_open_fds (void) { int *array; size_t narray; int fd, max_fd, idx; #ifndef HAVE_STAT array = calloc (1, sizeof *array); if (array) array[0] = -1; #else /*HAVE_STAT*/ struct stat statbuf; max_fd = get_max_fds (); narray = 32; /* If you change this change also t-exechelp.c. */ array = calloc (narray, sizeof *array); if (!array) return NULL; /* Note: The list we return is ordered. */ for (idx=0, fd=0; fd < max_fd; fd++) if (!(fstat (fd, &statbuf) == -1 && errno == EBADF)) { if (idx+1 >= narray) { int *tmp; narray += (narray < 256)? 32:256; tmp = realloc (array, narray * sizeof *array); if (!tmp) { free (array); return NULL; } array = tmp; } array[idx++] = fd; } array[idx] = -1; #endif /*HAVE_STAT*/ return array; } /* The exec core used right after the fork. This will never return. */ static void do_exec (const char *pgmname, const char *argv[], int fd_in, int fd_out, int fd_err, int *except, unsigned int flags) { char **arg_list; int i, j; int fds[3]; int nodevnull[3]; fds[0] = fd_in; fds[1] = fd_out; fds[2] = fd_err; nodevnull[0] = !!(flags & GNUPG_SPAWN_KEEP_STDIN); nodevnull[1] = !!(flags & GNUPG_SPAWN_KEEP_STDOUT); nodevnull[2] = !!(flags & GNUPG_SPAWN_KEEP_STDERR); /* Create the command line argument array. */ i = 0; if (argv) while (argv[i]) i++; arg_list = xcalloc (i+2, sizeof *arg_list); arg_list[0] = strrchr (pgmname, '/'); if (arg_list[0]) arg_list[0]++; else arg_list[0] = xstrdup (pgmname); if (argv) for (i=0,j=1; argv[i]; i++, j++) arg_list[j] = (char*)argv[i]; /* Assign /dev/null to unused FDs. */ for (i=0; i <= 2; i++) { if (nodevnull[i]) continue; if (fds[i] == -1) { fds[i] = open ("/dev/null", i? O_WRONLY : O_RDONLY); if (fds[i] == -1) log_fatal ("failed to open '%s': %s\n", "/dev/null", strerror (errno)); } } /* Connect the standard files. */ for (i=0; i <= 2; i++) { if (nodevnull[i]) continue; if (fds[i] != i && dup2 (fds[i], i) == -1) log_fatal ("dup2 std%s failed: %s\n", i==0?"in":i==1?"out":"err", strerror (errno)); } /* Close all other files. */ close_all_fds (3, except); execv (pgmname, arg_list); /* No way to print anything, as we have closed all streams. */ _exit (127); } static gpg_error_t do_create_pipe (int filedes[2]) { gpg_error_t err = 0; if (pipe (filedes) == -1) { err = my_error_from_syserror (); filedes[0] = filedes[1] = -1; } return err; } static gpg_error_t create_pipe_and_estream (int filedes[2], estream_t *r_fp, int outbound, int nonblock) { gpg_error_t err; if (pipe (filedes) == -1) { err = my_error_from_syserror (); log_error (_("error creating a pipe: %s\n"), gpg_strerror (err)); filedes[0] = filedes[1] = -1; *r_fp = NULL; return err; } if (!outbound) *r_fp = es_fdopen (filedes[0], nonblock? "r,nonblock" : "r"); else *r_fp = es_fdopen (filedes[1], nonblock? "w,nonblock" : "w"); if (!*r_fp) { err = my_error_from_syserror (); log_error (_("error creating a stream for a pipe: %s\n"), gpg_strerror (err)); close (filedes[0]); close (filedes[1]); filedes[0] = filedes[1] = -1; return err; } return 0; } /* Portable function to create a pipe. Under Windows the write end is inheritable. If R_FP is not NULL, an estream is created for the read end and stored at R_FP. */ gpg_error_t gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock) { if (r_fp) return create_pipe_and_estream (filedes, r_fp, 0, nonblock); else return do_create_pipe (filedes); } /* Portable function to create a pipe. Under Windows the read end is inheritable. If R_FP is not NULL, an estream is created for the write end and stored at R_FP. */ gpg_error_t gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock) { if (r_fp) return create_pipe_and_estream (filedes, r_fp, 1, nonblock); else return do_create_pipe (filedes); } /* Portable function to create a pipe. Under Windows both ends are inheritable. */ gpg_error_t gnupg_create_pipe (int filedes[2]) { return do_create_pipe (filedes); } /* Close the end of a pipe. */ void gnupg_close_pipe (int fd) { if (fd != -1) close (fd); } /* Fork and exec the PGMNAME, see exechelp.h for details. */ gpg_error_t gnupg_spawn_process (const char *pgmname, const char *argv[], int *except, unsigned int flags, estream_t *r_infp, estream_t *r_outfp, estream_t *r_errfp, pid_t *pid) { gpg_error_t err; int inpipe[2] = {-1, -1}; int outpipe[2] = {-1, -1}; int errpipe[2] = {-1, -1}; estream_t infp = NULL; estream_t outfp = NULL; estream_t errfp = NULL; int nonblock = !!(flags & GNUPG_SPAWN_NONBLOCK); if (r_infp) *r_infp = NULL; if (r_outfp) *r_outfp = NULL; if (r_errfp) *r_errfp = NULL; *pid = (pid_t)(-1); /* Always required. */ if (r_infp) { err = create_pipe_and_estream (inpipe, &infp, 1, nonblock); if (err) return err; } if (r_outfp) { err = create_pipe_and_estream (outpipe, &outfp, 0, nonblock); if (err) { if (infp) es_fclose (infp); else if (inpipe[1] != -1) close (inpipe[1]); if (inpipe[0] != -1) close (inpipe[0]); return err; } } if (r_errfp) { err = create_pipe_and_estream (errpipe, &errfp, 0, nonblock); if (err) { if (infp) es_fclose (infp); else if (inpipe[1] != -1) close (inpipe[1]); if (inpipe[0] != -1) close (inpipe[0]); if (outfp) es_fclose (outfp); else if (outpipe[0] != -1) close (outpipe[0]); if (outpipe[1] != -1) close (outpipe[1]); return err; } } *pid = fork (); if (*pid == (pid_t)(-1)) { err = my_error_from_syserror (); log_error (_("error forking process: %s\n"), gpg_strerror (err)); if (infp) es_fclose (infp); else if (inpipe[1] != -1) close (inpipe[1]); if (inpipe[0] != -1) close (inpipe[0]); if (outfp) es_fclose (outfp); else if (outpipe[0] != -1) close (outpipe[0]); if (outpipe[1] != -1) close (outpipe[1]); if (errfp) es_fclose (errfp); else if (errpipe[0] != -1) close (errpipe[0]); if (errpipe[1] != -1) close (errpipe[1]); return err; } if (!*pid) { /* This is the child. */ gcry_control (GCRYCTL_TERM_SECMEM); es_fclose (infp); es_fclose (outfp); es_fclose (errfp); do_exec (pgmname, argv, inpipe[0], outpipe[1], errpipe[1], except, flags); /*NOTREACHED*/ } /* This is the parent. */ if (inpipe[0] != -1) close (inpipe[0]); if (outpipe[1] != -1) close (outpipe[1]); if (errpipe[1] != -1) close (errpipe[1]); if (r_infp) *r_infp = infp; if (r_outfp) *r_outfp = outfp; if (r_errfp) *r_errfp = errfp; return 0; } /* Simplified version of gnupg_spawn_process. This function forks and then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout and ERRFD to stderr (any of them may be -1 to connect them to /dev/null). The arguments for the process are expected in the NULL terminated array ARGV. The program name itself should not be included there. Calling gnupg_wait_process is required. Returns 0 on success or an error code. */ gpg_error_t gnupg_spawn_process_fd (const char *pgmname, const char *argv[], int infd, int outfd, int errfd, pid_t *pid) { gpg_error_t err; *pid = fork (); if (*pid == (pid_t)(-1)) { err = my_error_from_syserror (); log_error (_("error forking process: %s\n"), strerror (errno)); return err; } if (!*pid) { gcry_control (GCRYCTL_TERM_SECMEM); /* Run child. */ do_exec (pgmname, argv, infd, outfd, errfd, NULL, 0); /*NOTREACHED*/ } return 0; } /* Waiting for child processes. waitpid(2) may return information about terminated children that we did not yet request, and there is no portable way to wait for a specific set of children. As a workaround, we store the results of children for later use. XXX: This assumes that PIDs are not reused too quickly. */ struct terminated_child { pid_t pid; int exitcode; struct terminated_child *next; }; struct terminated_child *terminated_children; static gpg_error_t store_result (pid_t pid, int exitcode) { struct terminated_child *c; c = xtrymalloc (sizeof *c); if (c == NULL) return gpg_err_code_from_syserror (); c->pid = pid; c->exitcode = exitcode; c->next = terminated_children; terminated_children = c; return 0; } static int get_result (pid_t pid, int *r_exitcode) { struct terminated_child *c, **prevp; for (prevp = &terminated_children, c = terminated_children; c; prevp = &c->next, c = c->next) if (c->pid == pid) { *prevp = c->next; *r_exitcode = c->exitcode; xfree (c); return 1; } return 0; } /* See exechelp.h for a description. */ gpg_error_t gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode) { gpg_err_code_t ec; int i, status; if (r_exitcode) *r_exitcode = -1; if (pid == (pid_t)(-1)) return gpg_error (GPG_ERR_INV_VALUE); #ifdef USE_NPTH i = npth_waitpid (pid, &status, hang? 0:WNOHANG); #else while ((i=waitpid (pid, &status, hang? 0:WNOHANG)) == (pid_t)(-1) && errno == EINTR); #endif if (i == (pid_t)(-1)) { ec = gpg_err_code_from_errno (errno); log_error (_("waiting for process %d to terminate failed: %s\n"), (int)pid, strerror (errno)); } else if (!i) { ec = GPG_ERR_TIMEOUT; /* Still running. */ } else if (WIFEXITED (status) && WEXITSTATUS (status) == 127) { log_error (_("error running '%s': probably not installed\n"), pgmname); ec = GPG_ERR_CONFIGURATION; } else if (WIFEXITED (status) && WEXITSTATUS (status)) { if (!r_exitcode) log_error (_("error running '%s': exit status %d\n"), pgmname, WEXITSTATUS (status)); else *r_exitcode = WEXITSTATUS (status); ec = GPG_ERR_GENERAL; } else if (!WIFEXITED (status)) { log_error (_("error running '%s': terminated\n"), pgmname); ec = GPG_ERR_GENERAL; } else { if (r_exitcode) *r_exitcode = 0; ec = 0; } return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); } /* See exechelp.h for a description. */ gpg_error_t gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, int hang, int *r_exitcodes) { gpg_err_code_t ec = 0; size_t i, left; int *dummy = NULL; if (r_exitcodes == NULL) { dummy = r_exitcodes = xtrymalloc (sizeof *r_exitcodes * count); if (dummy == NULL) return gpg_err_code_from_syserror (); } for (i = 0, left = count; i < count; i++) { int status = -1; /* Skip invalid PID. */ if (pids[i] == (pid_t)(-1)) { r_exitcodes[i] = -1; left -= 1; continue; } /* See if there was a previously stored result for this pid. */ if (get_result (pids[i], &status)) left -= 1; r_exitcodes[i] = status; } while (left > 0) { pid_t pid; int status; #ifdef USE_NPTH pid = npth_waitpid (-1, &status, hang ? 0 : WNOHANG); #else while ((pid = waitpid (-1, &status, hang ? 0 : WNOHANG)) == (pid_t)(-1) && errno == EINTR); #endif if (pid == (pid_t)(-1)) { ec = gpg_err_code_from_errno (errno); log_error (_("waiting for processes to terminate failed: %s\n"), strerror (errno)); break; } else if (!pid) { ec = GPG_ERR_TIMEOUT; /* Still running. */ break; } else { for (i = 0; i < count; i++) if (pid == pids[i]) break; if (i == count) { /* No match, store this result. */ ec = store_result (pid, status); if (ec) break; continue; } /* Process PIDS[i] died. */ if (r_exitcodes[i] != (pid_t) -1) { log_error ("PID %d was reused", pid); ec = GPG_ERR_GENERAL; break; } left -= 1; r_exitcodes[i] = status; } } for (i = 0; i < count; i++) { if (r_exitcodes[i] == -1) continue; if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) { log_error (_("error running '%s': probably not installed\n"), pgmnames[i]); ec = GPG_ERR_CONFIGURATION; } else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) { if (dummy) log_error (_("error running '%s': exit status %d\n"), pgmnames[i], WEXITSTATUS (r_exitcodes[i])); else r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); ec = GPG_ERR_GENERAL; } else if (!WIFEXITED (r_exitcodes[i])) { log_error (_("error running '%s': terminated\n"), pgmnames[i]); ec = GPG_ERR_GENERAL; } } xfree (dummy); return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); } void gnupg_release_process (pid_t pid) { (void)pid; } /* Spawn a new process and immediately detach from it. The name of the program to exec is PGMNAME and its arguments are in ARGV (the programname is automatically passed as first argument). Environment strings in ENVP are set. An error is returned if pgmname is not executable; to make this work it is necessary to provide an absolute file name. All standard file descriptors are connected to /dev/null. */ gpg_error_t gnupg_spawn_process_detached (const char *pgmname, const char *argv[], const char *envp[] ) { gpg_err_code_t ec; pid_t pid; int i; if (getuid() != geteuid()) return my_error (GPG_ERR_BUG); if ((ec = gnupg_access (pgmname, X_OK))) return gpg_err_make (default_errsource, ec); pid = fork (); if (pid == (pid_t)(-1)) { log_error (_("error forking process: %s\n"), strerror (errno)); return my_error_from_syserror (); } if (!pid) { pid_t pid2; gcry_control (GCRYCTL_TERM_SECMEM); if (setsid() == -1 || chdir ("/")) _exit (1); pid2 = fork (); /* Double fork to let init take over the new child. */ if (pid2 == (pid_t)(-1)) _exit (1); if (pid2) _exit (0); /* Let the parent exit immediately. */ if (envp) for (i=0; envp[i]; i++) putenv (xstrdup (envp[i])); do_exec (pgmname, argv, -1, -1, -1, NULL, 0); /*NOTREACHED*/ } if (waitpid (pid, NULL, 0) == -1) log_error ("waitpid failed in gnupg_spawn_process_detached: %s", strerror (errno)); return 0; } /* Kill a process; that is send an appropriate signal to the process. gnupg_wait_process must be called to actually remove the process from the system. An invalid PID is ignored. */ void gnupg_kill_process (pid_t pid) { if (pid != (pid_t)(-1)) { kill (pid, SIGTERM); } } diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c index aeedbbf2d..0034e03f2 100644 --- a/common/exechelp-w32.c +++ b/common/exechelp-w32.c @@ -1,1050 +1,1050 @@ /* exechelp-w32.c - Fork and exec helpers for W32. * Copyright (C) 2004, 2007-2009, 2010 Free Software Foundation, Inc. * Copyright (C) 2004, 2006-2012, 2014-2017 g10 Code GmbH * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify * it under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+) */ #include -#if !defined(HAVE_W32_SYSTEM) || defined (HAVE_W32CE_SYSTEM) +#if !defined(HAVE_W32_SYSTEM) #error This code is only used on W32. #endif #include #include #include #include #include #ifdef HAVE_SIGNAL_H # include #endif #include #include #ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ #undef HAVE_NPTH #undef USE_NPTH #endif #ifdef HAVE_NPTH #include #endif #ifdef HAVE_STAT # include #endif #include "util.h" #include "i18n.h" #include "sysutils.h" #include "exechelp.h" #include /* Define to 1 do enable debugging. */ #define DEBUG_W32_SPAWN 0 /* It seems Vista doesn't grok X_OK and so fails access() tests. Previous versions interpreted X_OK as F_OK anyway, so we'll just use F_OK directly. */ #undef X_OK #define X_OK F_OK /* We assume that a HANDLE can be represented by an intptr_t which should be true for all systems (HANDLE is defined as void *). Further we assume that -1 denotes an invalid handle. */ # define fd_to_handle(a) ((HANDLE)(a)) # define handle_to_fd(a) ((intptr_t)(a)) # define pid_to_handle(a) ((HANDLE)(a)) # define handle_to_pid(a) ((int)(a)) /* Helper */ static inline gpg_error_t my_error_from_syserror (void) { return gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); } static inline gpg_error_t my_error (int errcode) { return gpg_err_make (default_errsource, errcode); } /* Return the maximum number of currently allowed open file descriptors. Only useful on POSIX systems but returns a value on other systems too. */ int get_max_fds (void) { int max_fds = -1; #ifdef OPEN_MAX if (max_fds == -1) max_fds = OPEN_MAX; #endif if (max_fds == -1) max_fds = 256; /* Arbitrary limit. */ return max_fds; } /* Under Windows this is a dummy function. */ void close_all_fds (int first, int *except) { (void)first; (void)except; } /* Returns an array with all currently open file descriptors. The end * of the array is marked by -1. The caller needs to release this * array using the *standard free* and not with xfree. This allow the * use of this function right at startup even before libgcrypt has * been initialized. Returns NULL on error and sets ERRNO * accordingly. Note that fstat prints a warning to DebugView for all * invalid fds which is a bit annoying. We actually do not need this * function in real code (close_all_fds is a dummy anyway) but we keep * it for use by t-exechelp.c. */ int * get_all_open_fds (void) { int *array; size_t narray; int fd, max_fd, idx; #ifndef HAVE_STAT array = calloc (1, sizeof *array); if (array) array[0] = -1; #else /*HAVE_STAT*/ struct stat statbuf; max_fd = get_max_fds (); narray = 32; /* If you change this change also t-exechelp.c. */ array = calloc (narray, sizeof *array); if (!array) return NULL; /* Note: The list we return is ordered. */ for (idx=0, fd=0; fd < max_fd; fd++) if (!(fstat (fd, &statbuf) == -1 && errno == EBADF)) { if (idx+1 >= narray) { int *tmp; narray += (narray < 256)? 32:256; tmp = realloc (array, narray * sizeof *array); if (!tmp) { free (array); return NULL; } array = tmp; } array[idx++] = fd; } array[idx] = -1; #endif /*HAVE_STAT*/ return array; } /* Helper function to build_w32_commandline. */ static char * build_w32_commandline_copy (char *buffer, const char *string) { char *p = buffer; const char *s; if (!*string) /* Empty string. */ p = stpcpy (p, "\"\""); else if (strpbrk (string, " \t\n\v\f\"")) { /* Need to do some kind of quoting. */ p = stpcpy (p, "\""); for (s=string; *s; s++) { *p++ = *s; if (*s == '\"') *p++ = *s; } *p++ = '\"'; *p = 0; } else p = stpcpy (p, string); return p; } /* Build a command line for use with W32's CreateProcess. On success CMDLINE gets the address of a newly allocated string. */ static gpg_error_t build_w32_commandline (const char *pgmname, const char * const *argv, char **cmdline) { int i, n; const char *s; char *buf, *p; *cmdline = NULL; n = 0; s = pgmname; n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */ for (; *s; s++) if (*s == '\"') n++; /* Need to double inner quotes. */ for (i=0; (s=argv[i]); i++) { n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */ for (; *s; s++) if (*s == '\"') n++; /* Need to double inner quotes. */ } n++; buf = p = xtrymalloc (n); if (!buf) return my_error_from_syserror (); p = build_w32_commandline_copy (p, pgmname); for (i=0; argv[i]; i++) { *p++ = ' '; p = build_w32_commandline_copy (p, argv[i]); } *cmdline= buf; return 0; } #define INHERIT_READ 1 #define INHERIT_WRITE 2 #define INHERIT_BOTH (INHERIT_READ|INHERIT_WRITE) /* Create pipe. FLAGS indicates which ends are inheritable. */ static int create_inheritable_pipe (HANDLE filedes[2], int flags) { HANDLE r, w; SECURITY_ATTRIBUTES sec_attr; memset (&sec_attr, 0, sizeof sec_attr ); sec_attr.nLength = sizeof sec_attr; sec_attr.bInheritHandle = TRUE; if (!CreatePipe (&r, &w, &sec_attr, 0)) return -1; if ((flags & INHERIT_READ) == 0) if (! SetHandleInformation (r, HANDLE_FLAG_INHERIT, 0)) goto fail; if ((flags & INHERIT_WRITE) == 0) if (! SetHandleInformation (w, HANDLE_FLAG_INHERIT, 0)) goto fail; filedes[0] = r; filedes[1] = w; return 0; fail: log_error ("SetHandleInformation failed: %s\n", w32_strerror (-1)); CloseHandle (r); CloseHandle (w); return -1; } static HANDLE w32_open_null (int for_write) { HANDLE hfile; hfile = CreateFileW (L"nul", for_write? GENERIC_WRITE : GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); if (hfile == INVALID_HANDLE_VALUE) log_debug ("can't open 'nul': %s\n", w32_strerror (-1)); return hfile; } static gpg_error_t create_pipe_and_estream (int filedes[2], int flags, estream_t *r_fp, int outbound, int nonblock) { gpg_error_t err = 0; HANDLE fds[2]; es_syshd_t syshd; filedes[0] = filedes[1] = -1; err = my_error (GPG_ERR_GENERAL); if (!create_inheritable_pipe (fds, flags)) { filedes[0] = _open_osfhandle (handle_to_fd (fds[0]), O_RDONLY); if (filedes[0] == -1) { log_error ("failed to translate osfhandle %p\n", fds[0]); CloseHandle (fds[1]); } else { filedes[1] = _open_osfhandle (handle_to_fd (fds[1]), O_APPEND); if (filedes[1] == -1) { log_error ("failed to translate osfhandle %p\n", fds[1]); close (filedes[0]); filedes[0] = -1; CloseHandle (fds[1]); } else err = 0; } } if (! err && r_fp) { syshd.type = ES_SYSHD_HANDLE; if (!outbound) { syshd.u.handle = fds[0]; *r_fp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r"); } else { syshd.u.handle = fds[1]; *r_fp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w"); } if (!*r_fp) { err = my_error_from_syserror (); log_error (_("error creating a stream for a pipe: %s\n"), gpg_strerror (err)); close (filedes[0]); close (filedes[1]); filedes[0] = filedes[1] = -1; return err; } } return err; } /* Portable function to create a pipe. Under Windows the write end is inheritable. If R_FP is not NULL, an estream is created for the read end and stored at R_FP. */ gpg_error_t gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock) { return create_pipe_and_estream (filedes, INHERIT_WRITE, r_fp, 0, nonblock); } /* Portable function to create a pipe. Under Windows the read end is inheritable. If R_FP is not NULL, an estream is created for the write end and stored at R_FP. */ gpg_error_t gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock) { return create_pipe_and_estream (filedes, INHERIT_READ, r_fp, 1, nonblock); } /* Portable function to create a pipe. Under Windows both ends are inheritable. */ gpg_error_t gnupg_create_pipe (int filedes[2]) { return create_pipe_and_estream (filedes, INHERIT_BOTH, NULL, 0, 0); } /* Close the end of a pipe. */ void gnupg_close_pipe (int fd) { if (fd != -1) close (fd); } /* Fork and exec the PGMNAME, see exechelp.h for details. */ gpg_error_t gnupg_spawn_process (const char *pgmname, const char *argv[], int *except, unsigned int flags, estream_t *r_infp, estream_t *r_outfp, estream_t *r_errfp, pid_t *pid) { gpg_error_t err; SECURITY_ATTRIBUTES sec_attr; PROCESS_INFORMATION pi = { NULL, /* Returns process handle. */ 0, /* Returns primary thread handle. */ 0, /* Returns pid. */ 0 /* Returns tid. */ }; STARTUPINFOW si; int cr_flags; char *cmdline; wchar_t *wcmdline = NULL; wchar_t *wpgmname = NULL; HANDLE inpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE}; HANDLE outpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE}; HANDLE errpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE}; estream_t infp = NULL; estream_t outfp = NULL; estream_t errfp = NULL; HANDLE nullhd[3] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE}; int i, rc; es_syshd_t syshd; gpg_err_source_t errsource = default_errsource; int nonblock = !!(flags & GNUPG_SPAWN_NONBLOCK); (void)except; /* Not yet used. */ if (r_infp) *r_infp = NULL; if (r_outfp) *r_outfp = NULL; if (r_errfp) *r_errfp = NULL; *pid = (pid_t)(-1); /* Always required. */ if (r_infp) { if (create_inheritable_pipe (inpipe, INHERIT_READ)) { err = gpg_err_make (errsource, GPG_ERR_GENERAL); log_error (_("error creating a pipe: %s\n"), gpg_strerror (err)); return err; } syshd.type = ES_SYSHD_HANDLE; syshd.u.handle = inpipe[1]; infp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w"); if (!infp) { err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); log_error (_("error creating a stream for a pipe: %s\n"), gpg_strerror (err)); CloseHandle (inpipe[0]); CloseHandle (inpipe[1]); inpipe[0] = inpipe[1] = INVALID_HANDLE_VALUE; return err; } } if (r_outfp) { if (create_inheritable_pipe (outpipe, INHERIT_WRITE)) { err = gpg_err_make (errsource, GPG_ERR_GENERAL); log_error (_("error creating a pipe: %s\n"), gpg_strerror (err)); return err; } syshd.type = ES_SYSHD_HANDLE; syshd.u.handle = outpipe[0]; outfp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r"); if (!outfp) { err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); log_error (_("error creating a stream for a pipe: %s\n"), gpg_strerror (err)); CloseHandle (outpipe[0]); CloseHandle (outpipe[1]); outpipe[0] = outpipe[1] = INVALID_HANDLE_VALUE; if (infp) es_fclose (infp); else if (inpipe[1] != INVALID_HANDLE_VALUE) CloseHandle (inpipe[1]); if (inpipe[0] != INVALID_HANDLE_VALUE) CloseHandle (inpipe[0]); return err; } } if (r_errfp) { if (create_inheritable_pipe (errpipe, INHERIT_WRITE)) { err = gpg_err_make (errsource, GPG_ERR_GENERAL); log_error (_("error creating a pipe: %s\n"), gpg_strerror (err)); return err; } syshd.type = ES_SYSHD_HANDLE; syshd.u.handle = errpipe[0]; errfp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r"); if (!errfp) { err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); log_error (_("error creating a stream for a pipe: %s\n"), gpg_strerror (err)); CloseHandle (errpipe[0]); CloseHandle (errpipe[1]); errpipe[0] = errpipe[1] = INVALID_HANDLE_VALUE; if (outfp) es_fclose (outfp); else if (outpipe[0] != INVALID_HANDLE_VALUE) CloseHandle (outpipe[0]); if (outpipe[1] != INVALID_HANDLE_VALUE) CloseHandle (outpipe[1]); if (infp) es_fclose (infp); else if (inpipe[1] != INVALID_HANDLE_VALUE) CloseHandle (inpipe[1]); if (inpipe[0] != INVALID_HANDLE_VALUE) CloseHandle (inpipe[0]); return err; } } /* Prepare security attributes. */ memset (&sec_attr, 0, sizeof sec_attr ); sec_attr.nLength = sizeof sec_attr; sec_attr.bInheritHandle = FALSE; /* Build the command line. */ err = build_w32_commandline (pgmname, argv, &cmdline); if (err) return err; if (inpipe[0] == INVALID_HANDLE_VALUE) nullhd[0] = ((flags & GNUPG_SPAWN_KEEP_STDIN)? GetStdHandle (STD_INPUT_HANDLE) : w32_open_null (0)); if (outpipe[1] == INVALID_HANDLE_VALUE) nullhd[1] = ((flags & GNUPG_SPAWN_KEEP_STDOUT)? GetStdHandle (STD_OUTPUT_HANDLE) : w32_open_null (1)); if (errpipe[1] == INVALID_HANDLE_VALUE) nullhd[2] = ((flags & GNUPG_SPAWN_KEEP_STDOUT)? GetStdHandle (STD_ERROR_HANDLE) : w32_open_null (1)); memset (&si, 0, sizeof si); si.cb = sizeof (si); si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_HIDE; si.hStdInput = inpipe[0] == INVALID_HANDLE_VALUE? nullhd[0] : inpipe[0]; si.hStdOutput = outpipe[1] == INVALID_HANDLE_VALUE? nullhd[1] : outpipe[1]; si.hStdError = errpipe[1] == INVALID_HANDLE_VALUE? nullhd[2] : errpipe[1]; cr_flags = (CREATE_DEFAULT_ERROR_MODE | ((flags & GNUPG_SPAWN_DETACHED)? DETACHED_PROCESS : 0) | GetPriorityClass (GetCurrentProcess ()) | CREATE_SUSPENDED); /* log_debug ("CreateProcess, path='%s' cmdline='%s'\n", */ /* pgmname, cmdline); */ /* Take care: CreateProcessW may modify wpgmname */ if (!(wpgmname = utf8_to_wchar (pgmname))) rc = 0; else if (!(wcmdline = utf8_to_wchar (cmdline))) rc = 0; else rc = CreateProcessW (wpgmname, /* Program to start. */ wcmdline, /* Command line arguments. */ &sec_attr, /* Process security attributes. */ &sec_attr, /* Thread security attributes. */ TRUE, /* Inherit handles. */ cr_flags, /* Creation flags. */ NULL, /* Environment. */ NULL, /* Use current drive/directory. */ &si, /* Startup information. */ &pi /* Returns process information. */ ); if (!rc) { if (!wpgmname || !wcmdline) log_error ("CreateProcess failed (utf8_to_wchar): %s\n", strerror (errno)); else log_error ("CreateProcess failed: %s\n", w32_strerror (-1)); xfree (wpgmname); xfree (wcmdline); xfree (cmdline); if (infp) es_fclose (infp); else if (inpipe[1] != INVALID_HANDLE_VALUE) CloseHandle (outpipe[1]); if (inpipe[0] != INVALID_HANDLE_VALUE) CloseHandle (inpipe[0]); if (outfp) es_fclose (outfp); else if (outpipe[0] != INVALID_HANDLE_VALUE) CloseHandle (outpipe[0]); if (outpipe[1] != INVALID_HANDLE_VALUE) CloseHandle (outpipe[1]); if (errfp) es_fclose (errfp); else if (errpipe[0] != INVALID_HANDLE_VALUE) CloseHandle (errpipe[0]); if (errpipe[1] != INVALID_HANDLE_VALUE) CloseHandle (errpipe[1]); return gpg_err_make (errsource, GPG_ERR_GENERAL); } xfree (wpgmname); xfree (wcmdline); xfree (cmdline); cmdline = NULL; /* Close the inherited handles to /dev/null. */ for (i=0; i < DIM (nullhd); i++) if (nullhd[i] != INVALID_HANDLE_VALUE) CloseHandle (nullhd[i]); /* Close the inherited ends of the pipes. */ if (inpipe[0] != INVALID_HANDLE_VALUE) CloseHandle (inpipe[0]); if (outpipe[1] != INVALID_HANDLE_VALUE) CloseHandle (outpipe[1]); if (errpipe[1] != INVALID_HANDLE_VALUE) CloseHandle (errpipe[1]); /* log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */ /* " dwProcessID=%d dwThreadId=%d\n", */ /* pi.hProcess, pi.hThread, */ /* (int) pi.dwProcessId, (int) pi.dwThreadId); */ /* log_debug (" outfp=%p errfp=%p\n", outfp, errfp); */ /* Fixme: For unknown reasons AllowSetForegroundWindow returns an invalid argument error if we pass it the correct processID. As a workaround we use -1 (ASFW_ANY). */ if ((flags & GNUPG_SPAWN_RUN_ASFW)) gnupg_allow_set_foregound_window ((pid_t)(-1)/*pi.dwProcessId*/); /* Process has been created suspended; resume it now. */ ResumeThread (pi.hThread); CloseHandle (pi.hThread); if (r_infp) *r_infp = infp; if (r_outfp) *r_outfp = outfp; if (r_errfp) *r_errfp = errfp; *pid = handle_to_pid (pi.hProcess); return 0; } /* Simplified version of gnupg_spawn_process. This function forks and then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout and ERRFD to stderr (any of them may be -1 to connect them to /dev/null). The arguments for the process are expected in the NULL terminated array ARGV. The program name itself should not be included there. Calling gnupg_wait_process is required. Returns 0 on success or an error code. */ gpg_error_t gnupg_spawn_process_fd (const char *pgmname, const char *argv[], int infd, int outfd, int errfd, pid_t *pid) { gpg_error_t err; SECURITY_ATTRIBUTES sec_attr; PROCESS_INFORMATION pi = { NULL, 0, 0, 0 }; STARTUPINFOW si; char *cmdline; wchar_t *wcmdline = NULL; wchar_t *wpgmname = NULL; int i, rc; HANDLE stdhd[3]; /* Setup return values. */ *pid = (pid_t)(-1); /* Prepare security attributes. */ memset (&sec_attr, 0, sizeof sec_attr ); sec_attr.nLength = sizeof sec_attr; sec_attr.bInheritHandle = FALSE; /* Build the command line. */ err = build_w32_commandline (pgmname, argv, &cmdline); if (err) return err; memset (&si, 0, sizeof si); si.cb = sizeof (si); si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE; stdhd[0] = infd == -1? w32_open_null (0) : INVALID_HANDLE_VALUE; stdhd[1] = outfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE; stdhd[2] = errfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE; si.hStdInput = infd == -1? stdhd[0] : (void*)_get_osfhandle (infd); si.hStdOutput = outfd == -1? stdhd[1] : (void*)_get_osfhandle (outfd); si.hStdError = errfd == -1? stdhd[2] : (void*)_get_osfhandle (errfd); /* log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline); */ /* Take care: CreateProcessW may modify wpgmname */ if (!(wpgmname = utf8_to_wchar (pgmname))) rc = 0; else if (!(wcmdline = utf8_to_wchar (cmdline))) rc = 0; else rc = CreateProcessW (wpgmname, /* Program to start. */ wcmdline, /* Command line arguments. */ &sec_attr, /* Process security attributes. */ &sec_attr, /* Thread security attributes. */ TRUE, /* Inherit handles. */ (CREATE_DEFAULT_ERROR_MODE | GetPriorityClass (GetCurrentProcess ()) | CREATE_SUSPENDED | DETACHED_PROCESS), NULL, /* Environment. */ NULL, /* Use current drive/directory. */ &si, /* Startup information. */ &pi /* Returns process information. */ ); if (!rc) { if (!wpgmname || !wcmdline) log_error ("CreateProcess failed (utf8_to_wchar): %s\n", strerror (errno)); else log_error ("CreateProcess failed: %s\n", w32_strerror (-1)); err = my_error (GPG_ERR_GENERAL); } else err = 0; xfree (wpgmname); xfree (wcmdline); xfree (cmdline); for (i=0; i < 3; i++) if (stdhd[i] != INVALID_HANDLE_VALUE) CloseHandle (stdhd[i]); if (err) return err; /* log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */ /* " dwProcessID=%d dwThreadId=%d\n", */ /* pi.hProcess, pi.hThread, */ /* (int) pi.dwProcessId, (int) pi.dwThreadId); */ /* Process has been created suspended; resume it now. */ ResumeThread (pi.hThread); CloseHandle (pi.hThread); *pid = handle_to_pid (pi.hProcess); return 0; } /* See exechelp.h for a description. */ gpg_error_t gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode) { return gnupg_wait_processes (&pgmname, &pid, 1, hang, r_exitcode); } /* See exechelp.h for a description. */ gpg_error_t gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, int hang, int *r_exitcodes) { gpg_err_code_t ec = 0; size_t i; HANDLE *procs; int code; procs = xtrycalloc (count, sizeof *procs); if (procs == NULL) return my_error_from_syserror (); for (i = 0; i < count; i++) { if (r_exitcodes) r_exitcodes[i] = -1; if (pids[i] == (pid_t)(-1)) return my_error (GPG_ERR_INV_VALUE); procs[i] = pid_to_handle (pids[i]); } /* FIXME: We should do a pth_waitpid here. However this has not yet been implemented. A special W32 pth system call would even be better. */ code = WaitForMultipleObjects (count, procs, TRUE, hang? INFINITE : 0); switch (code) { case WAIT_TIMEOUT: ec = GPG_ERR_TIMEOUT; goto leave; case WAIT_FAILED: log_error (_("waiting for processes to terminate failed: %s\n"), w32_strerror (-1)); ec = GPG_ERR_GENERAL; goto leave; case WAIT_OBJECT_0: for (i = 0; i < count; i++) { DWORD exc; if (! GetExitCodeProcess (procs[i], &exc)) { log_error (_("error getting exit code of process %d: %s\n"), (int) pids[i], w32_strerror (-1) ); ec = GPG_ERR_GENERAL; } else if (exc) { if (!r_exitcodes) log_error (_("error running '%s': exit status %d\n"), pgmnames[i], (int)exc); else r_exitcodes[i] = (int)exc; ec = GPG_ERR_GENERAL; } else { if (r_exitcodes) r_exitcodes[i] = 0; } } break; default: log_error ("WaitForMultipleObjects returned unexpected " "code %d\n", code); ec = GPG_ERR_GENERAL; break; } leave: return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); } void gnupg_release_process (pid_t pid) { if (pid != (pid_t)INVALID_HANDLE_VALUE) { HANDLE process = (HANDLE)pid; CloseHandle (process); } } /* Spawn a new process and immediately detach from it. The name of the program to exec is PGMNAME and its arguments are in ARGV (the programname is automatically passed as first argument). Environment strings in ENVP are set. An error is returned if pgmname is not executable; to make this work it is necessary to provide an absolute file name. All standard file descriptors are connected to /dev/null. */ gpg_error_t gnupg_spawn_process_detached (const char *pgmname, const char *argv[], const char *envp[] ) { gpg_error_t err; SECURITY_ATTRIBUTES sec_attr; PROCESS_INFORMATION pi = { NULL, /* Returns process handle. */ 0, /* Returns primary thread handle. */ 0, /* Returns pid. */ 0 /* Returns tid. */ }; STARTUPINFOW si; int cr_flags; char *cmdline; wchar_t *wcmdline = NULL; wchar_t *wpgmname = NULL; BOOL in_job = FALSE; gpg_err_code_t ec; int rc; int jobdebug; /* We don't use ENVP. */ (void)envp; cmdline = getenv ("GNUPG_EXEC_DEBUG_FLAGS"); jobdebug = (cmdline && (atoi (cmdline) & 1)); if ((ec = gnupg_access (pgmname, X_OK))) return gpg_err_make (default_errsource, ec); /* Prepare security attributes. */ memset (&sec_attr, 0, sizeof sec_attr ); sec_attr.nLength = sizeof sec_attr; sec_attr.bInheritHandle = FALSE; /* Build the command line. */ err = build_w32_commandline (pgmname, argv, &cmdline); if (err) return err; /* Start the process. */ memset (&si, 0, sizeof si); si.cb = sizeof (si); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE; cr_flags = (CREATE_DEFAULT_ERROR_MODE | GetPriorityClass (GetCurrentProcess ()) | CREATE_NEW_PROCESS_GROUP | DETACHED_PROCESS); /* Check if we were spawned as part of a Job. * In a job we need to add CREATE_BREAKAWAY_FROM_JOB * to the cr_flags, otherwise our child processes * are killed when we terminate. */ if (!IsProcessInJob (GetCurrentProcess(), NULL, &in_job)) { log_error ("IsProcessInJob() failed: %s\n", w32_strerror (-1)); in_job = FALSE; } if (in_job) { /* Only try to break away from job if it is allowed, otherwise * CreateProcess() would fail with an "Access is denied" error. */ JOBOBJECT_EXTENDED_LIMIT_INFORMATION info; if (!QueryInformationJobObject (NULL, JobObjectExtendedLimitInformation, &info, sizeof info, NULL)) { log_error ("QueryInformationJobObject() failed: %s\n", w32_strerror (-1)); } else if ((info.BasicLimitInformation.LimitFlags & JOB_OBJECT_LIMIT_BREAKAWAY_OK)) { if (jobdebug) log_debug ("Using CREATE_BREAKAWAY_FROM_JOB flag\n"); cr_flags |= CREATE_BREAKAWAY_FROM_JOB; } else if ((info.BasicLimitInformation.LimitFlags & JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK)) { /* The child process should automatically detach from the job. */ if (jobdebug) log_debug ("Not using CREATE_BREAKAWAY_FROM_JOB flag; " "JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK is set\n"); } else { /* It seems that the child process must remain in the job. * This is not necessarily an error, although it can cause premature * termination of the child process when the job is closed. */ if (jobdebug) log_debug ("Not using CREATE_BREAKAWAY_FROM_JOB flag\n"); } } else { if (jobdebug) log_debug ("Process is not in a Job\n"); } /* log_debug ("CreateProcess(detached), path='%s' cmdline='%s'\n", */ /* pgmname, cmdline); */ /* Take care: CreateProcessW may modify wpgmname */ if (!(wpgmname = utf8_to_wchar (pgmname))) rc = 0; else if (!(wcmdline = utf8_to_wchar (cmdline))) rc = 0; else rc = CreateProcessW (wpgmname, /* Program to start. */ wcmdline, /* Command line arguments. */ &sec_attr, /* Process security attributes. */ &sec_attr, /* Thread security attributes. */ FALSE, /* Inherit handles. */ cr_flags, /* Creation flags. */ NULL, /* Environment. */ NULL, /* Use current drive/directory. */ &si, /* Startup information. */ &pi /* Returns process information. */ ); if (!rc) { if (!wpgmname || !wcmdline) log_error ("CreateProcess failed (utf8_to_wchar): %s\n", strerror (errno)); else log_error ("CreateProcess(detached) failed: %s\n", w32_strerror (-1)); xfree (wpgmname); xfree (wcmdline); xfree (cmdline); return my_error (GPG_ERR_GENERAL); } xfree (wpgmname); xfree (wcmdline); xfree (cmdline); cmdline = NULL; /* log_debug ("CreateProcess(detached) ready: hProcess=%p hThread=%p" */ /* " dwProcessID=%d dwThreadId=%d\n", */ /* pi.hProcess, pi.hThread, */ /* (int) pi.dwProcessId, (int) pi.dwThreadId); */ CloseHandle (pi.hThread); CloseHandle (pi.hProcess); return 0; } /* Kill a process; that is send an appropriate signal to the process. gnupg_wait_process must be called to actually remove the process from the system. An invalid PID is ignored. */ void gnupg_kill_process (pid_t pid) { if (pid != (pid_t) INVALID_HANDLE_VALUE) { HANDLE process = (HANDLE) pid; /* Arbitrary error code. */ TerminateProcess (process, 1); } } diff --git a/common/exechelp-w32ce.c b/common/exechelp-w32ce.c deleted file mode 100644 index 3d68a01d1..000000000 --- a/common/exechelp-w32ce.c +++ /dev/null @@ -1,887 +0,0 @@ -/* exechelp-w32.c - Fork and exec helpers for W32CE. - * Copyright (C) 2004, 2007-2009, 2010 Free Software Foundation, Inc. - * Copyright (C) 2010-2012, 2014-2016 g10 Code GmbH - * - * This file is part of GnuPG. - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - * SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+) - */ - -#include - -#if !defined(HAVE_W32_SYSTEM) && !defined (HAVE_W32CE_SYSTEM) -#error This code is only used on W32CE. -#endif - -#include -#include -#include -#include -#include -#ifdef HAVE_SIGNAL_H -# include -#endif -#include -#include - -#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ -#undef HAVE_NPTH -#undef USE_NPTH -#endif - -#ifdef HAVE_NPTH -#include -#endif - -#ifdef HAVE_STAT -# include -#endif - -#include - -#include "util.h" -#include "i18n.h" -#include "sysutils.h" -#include "exechelp.h" - - -/* It seems Vista doesn't grok X_OK and so fails access() tests. - Previous versions interpreted X_OK as F_OK anyway, so we'll just - use F_OK directly. */ -#undef X_OK -#define X_OK F_OK - - -/* We assume that a HANDLE can be represented by an int which should - be true for all i386 systems (HANDLE is defined as void *) and - these are the only systems for which Windows is available. Further - we assume that -1 denotes an invalid handle. */ -#define fd_to_handle(a) ((HANDLE)(a)) -#define handle_to_fd(a) ((int)(a)) -#define pid_to_handle(a) ((HANDLE)(a)) -#define handle_to_pid(a) ((int)(a)) - - -#ifdef USE_NPTH -/* The data passed to the feeder_thread. */ -struct feeder_thread_parms -{ - estream_t stream; - volatile int stream_valid; - HANDLE hd; - int direction; -}; - - -/* The thread started by start_feede3. */ -static void * -feeder_thread (void *arg) -{ - struct feeder_thread_parms *parm = arg; - char buffer[4096]; - int rc; - - if (parm->direction) - { - size_t nread = 0; - DWORD nwritten; - - log_debug ("feeder_thread estream->pipe: stream=%p pipe=%p\n", - parm->stream, parm->hd); - while (parm->stream_valid - && !es_read (parm->stream, buffer, sizeof buffer, &nread)) - { - do - { - pth_enter (); - rc = WriteFile (parm->hd, buffer, nread, &nwritten, NULL); - pth_leave (); - if (!rc) - { - log_debug ("feeder(%p): WriteFile error: rc=%d\n", - parm->hd, (int)GetLastError ()); - goto leave; - } - nread -= nwritten; - } - while (nread); - } - if (!parm->stream_valid) - log_debug ("feeder(%p): closed by other thread\n", parm->hd); - else if (nread) - log_debug ("feeder(%p): es_read error: %s\n", - parm->hd, strerror (errno)); - } - else - { - DWORD nread = 0; - size_t nwritten; - - log_debug ("feeder_thread pipe->estream: stream=%p pipe=%p\n", - parm->stream, parm->hd); - while ( (pth_enter (), - (rc = ReadFile (parm->hd, buffer, sizeof buffer, &nread, NULL)), - pth_leave (), - rc) && nread) - { - log_debug ("feeder_thread pipe->estream: read %d bytes\n", - (int)nread); - do - { - if (parm->stream_valid - && es_write (parm->stream, buffer, nread, &nwritten)) - { - log_debug ("feeder(%p): es_write error: %s\n", - parm->hd, strerror (errno)); - goto leave; - } - log_debug ("feeder_thread pipe->estream: es_wrote %d bytes\n", - (int)nwritten); - nread -= nwritten; - } - while (nread && parm->stream_valid); - } - if (!parm->stream_valid) - log_debug ("feeder(%p): closed by other thread\n", parm->hd); - else if (nread) - log_debug ("feeder(%p): ReadFile error: rc=%d\n", - parm->hd, (int)GetLastError ()); - else - log_debug ("feeder(%p): eof\n", parm->hd); - } - -leave: - log_debug ("feeder(%p): waiting for es_fclose\n", parm->hd); - while (parm->stream_valid) - pth_yield (NULL); - log_debug ("feeder(%p): about to close the pipe handle\n", parm->hd); - CloseHandle (parm->hd); - log_debug ("feeder(%p): pipe handle closed\n", parm->hd); - xfree (parm); - return NULL; -} -#endif /*USE_NPTH*/ - -#ifdef USE_NPTH -static void -feeder_onclose_notification (estream_t stream, void *opaque) -{ - struct feeder_thread_parms *parm = opaque; - (void)stream; - log_debug ("feeder(%p): received onclose note\n", parm->hd); - parm->stream_valid = 0; -} -#endif /*USE_NPTH*/ - -/* Fire up a thread to copy data between STREAM and a pipe's - descriptor FD. With DIRECTION set to true the copy takes place - from the stream to the pipe, otherwise from the pipe to the - stream. */ -static gpg_error_t -start_feeder (estream_t stream, HANDLE hd, int direction) -{ -#ifdef USE_NPTH - gpg_error_t err; - struct feeder_thread_parms *parm; - pth_attr_t tattr; - - parm = xtrymalloc (sizeof *parm); - if (!parm) - return gpg_error_from_syserror (); - parm->stream = stream; - parm->stream_valid = 1; - parm->hd = hd; - parm->direction = direction; - - if (es_onclose (stream, 1, feeder_onclose_notification, parm)) - { - err = gpg_error_from_syserror (); - xfree (parm); - return err; - } - - tattr = pth_attr_new (); - pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); - pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 64*1024); - pth_attr_set (tattr, PTH_ATTR_NAME, "exec-feeder"); - - log_debug ("spawning new feeder(%p, %p, %d)\n", stream, hd, direction); - if(!pth_spawn (tattr, feeder_thread, parm)) - { - err = gpg_error_from_syserror (); - es_onclose (stream, 0, feeder_onclose_notification, parm); - xfree (parm); - } - else - err = 0; - pth_attr_destroy (tattr); - - return err; -#else - (void)stream; - (void)hd; - (void)direction; - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); /* No Pth. */ -#endif -} - - - -/* Return the maximum number of currently allowed open file - descriptors. Only useful on POSIX systems but returns a value on - other systems too. */ -int -get_max_fds (void) -{ - int max_fds = -1; - -#ifdef OPEN_MAX - if (max_fds == -1) - max_fds = OPEN_MAX; -#endif - - if (max_fds == -1) - max_fds = 256; /* Arbitrary limit. */ - - return max_fds; -} - - -/* Under Windows this is a dummy function. */ -void -close_all_fds (int first, int *except) -{ - (void)first; - (void)except; -} - - -/* Returns an array with all currently open file descriptors. The end - of the array is marked by -1. The caller needs to release this - array using the *standard free* and not with xfree. This allow the - use of this function right at startup even before libgcrypt has - been initialized. Returns NULL on error and sets ERRNO - accordingly. */ -int * -get_all_open_fds (void) -{ - int *array; - size_t narray; - int fd, max_fd, idx; -#ifndef HAVE_STAT - array = calloc (1, sizeof *array); - if (array) - array[0] = -1; -#else /*HAVE_STAT*/ - struct stat statbuf; - - max_fd = get_max_fds (); - narray = 32; /* If you change this change also t-exechelp.c. */ - array = calloc (narray, sizeof *array); - if (!array) - return NULL; - - /* Note: The list we return is ordered. */ - for (idx=0, fd=0; fd < max_fd; fd++) - if (!(fstat (fd, &statbuf) == -1 && errno == EBADF)) - { - if (idx+1 >= narray) - { - int *tmp; - - narray += (narray < 256)? 32:256; - tmp = realloc (array, narray * sizeof *array); - if (!tmp) - { - free (array); - return NULL; - } - array = tmp; - } - array[idx++] = fd; - } - array[idx] = -1; -#endif /*HAVE_STAT*/ - return array; -} - - - -static char * -copy_quoted (char *p, const char *string) -{ - const char *s; - - if (!*string) /* Empty string. */ - p = stpcpy (p, "\"\""); - else if (strpbrk (string, " \t\n\v\f\"")) /* Need quotes. */ - { - p = stpcpy (p, "\""); - for (s = string; *s; s++) - { - *p++ = *s; - if (*s == '\"') - *p++ = *s; - } - *p++ = '\"'; - *p = 0; - } - else /* Copy verbatim. */ - p = stpcpy (p, string); - - return p; -} - - -/* Build a command line for use with W32's CreateProcess. On success - CMDLINE gets the address of a newly allocated string. */ -static int -build_w32_commandline (const char * const *argv, - int rvid0, int rvid1, int rvid2, - char **cmdline) -{ - int i, n; - const char *s; - char *buf, *p; - char fdbuf[3*30]; - - p = fdbuf; - *p = 0; - - if (rvid0) - snprintf (p, 25, "-&S0=%d ", rvid0); - else - strcpy (p, "-&S0=null "); - p += strlen (p); - - if (rvid1) - snprintf (p, 25, "-&S1=%d ", rvid1); - else - strcpy (p, "-&S1=null "); - p += strlen (p); - - if (rvid2) - snprintf (p, 25, "-&S2=%d ", rvid2); - else - strcpy (p, "-&S2=null "); - p += strlen (p); - - *cmdline = NULL; - n = strlen (fdbuf); - for (i=0; (s = argv[i]); i++) - { - n += strlen (s) + 1 + 2; /* (1 space, 2 quoting) */ - for (; *s; s++) - if (*s == '\"') - n++; /* Need to double inner quotes. */ - } - n++; - - buf = p = xtrymalloc (n); - if (! buf) - return -1; - - p = stpcpy (p, fdbuf); - for (i = 0; argv[i]; i++) - { - *p++ = ' '; - p = copy_quoted (p, argv[i]); - } - - *cmdline = buf; - return 0; -} - - -/* Create pipe where one end is inheritable: With an INHERIT_IDX of 0 - the read end is inheritable, with 1 the write end is inheritable. - Note that the inheritable ends are rendezvous ids and no file - descriptors or handles. */ -static gpg_error_t -create_inheritable_pipe (int filedes[2], int inherit_idx) -{ - HANDLE hd; - int rvid; - - filedes[0] = filedes[1] = -1; - hd = _assuan_w32ce_prepare_pipe (&rvid, !inherit_idx); - if (hd == INVALID_HANDLE_VALUE) - { - log_error ("_assuan_w32ce_prepare_pipe failed: %s\n", w32_strerror (-1)); - gpg_err_set_errno (EIO); - return gpg_error_from_syserror (); - } - - if (inherit_idx) - { - filedes[0] = handle_to_fd (hd); - filedes[1] = rvid; - } - else - { - filedes[0] = rvid; - filedes[1] = handle_to_fd (hd); - } - return 0; -} - - -/* Portable function to create a pipe. Under Windows the write end is - inheritable (i.e. an rendezvous id). */ -gpg_error_t -gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock) -{ - if (r_fp) - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - else - return create_inheritable_pipe (filedes, 1); -} - - -/* Portable function to create a pipe. Under Windows the read end is - inheritable (i.e. an rendezvous id). */ -gpg_error_t -gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock) -{ - if (r_fp) - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - else - return create_inheritable_pipe (filedes, 0); -} - - -/* Portable function to create a pipe. Under Windows both ends are - inheritable. */ -gpg_error_t -gnupg_create_pipe (int filedes[2]) -{ - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); -} - - -static int -create_process (const char *pgmname, const char *cmdline, - PROCESS_INFORMATION *pi) -{ - int res; - wchar_t *wpgmname, *wcmdline; - - wpgmname = utf8_to_wchar (pgmname); - if (!wpgmname) - return 0; - wcmdline = utf8_to_wchar (cmdline); - if (!wcmdline) - { - xfree (wpgmname); - return 0; - } - res = CreateProcess (wpgmname, /* Program to start. */ - wcmdline, /* Command line arguments. */ - NULL, /* Process security attributes. */ - NULL, /* Thread security attributes. */ - FALSE, /* Inherit handles. */ - CREATE_SUSPENDED, /* Creation flags. */ - NULL, /* Environment. */ - NULL, /* Use current drive/directory. */ - NULL, /* Startup information. */ - pi); /* Returns process information. */ - xfree (wcmdline); - xfree (wpgmname); - return res; -} - - -/* Fork and exec the PGMNAME, see exechelp.h for details. */ -gpg_error_t -gnupg_spawn_process (const char *pgmname, const char *argv[], - int *except, void (*preexec)(void), unsigned int flags, - estream_t *r_infp, - estream_t *r_outfp, - estream_t *r_errfp, - pid_t *pid) -{ - gpg_error_t err; - PROCESS_INFORMATION pi = {NULL }; - char *cmdline; - es_syshd_t syshd; - struct { - HANDLE hd; - int rvid; - } inpipe = {INVALID_HANDLE_VALUE, 0}; - struct { - HANDLE hd; - int rvid; - } outpipe = {INVALID_HANDLE_VALUE, 0}; - struct { - HANDLE hd; - int rvid; - } errpipe = {INVALID_HANDLE_VALUE, 0}; - estream_t outfp = NULL; - estream_t errfp = NULL; - gpg_err_source_t errsource = default_errsource; - - (void)except; /* Not yet used. */ - (void)preexec; - (void)flags; - - /* Setup return values. */ - if (r_outfp) - *r_outfp = NULL; - if (r_errfp) - *r_errfp = NULL; - *pid = (pid_t)(-1); /* Always required. */ - - log_debug ("%s: enter\n", __func__); - if (infp) - { - es_fflush (infp); - es_rewind (infp); - - /* Create a pipe to copy our infile to the stdin of the child - process. On success inpipe.hd is owned by the feeder. */ - inpipe.hd = _assuan_w32ce_prepare_pipe (&inpipe.rvid, 1); - if (inpipe.hd == INVALID_HANDLE_VALUE) - { - log_error ("_assuan_w32ce_prepare_pipe failed: %s\n", - w32_strerror (-1)); - gpg_err_set_errno (EIO); - return gpg_error_from_syserror (); - } - log_debug ("%s: inpipe %p created; hd=%p rvid=%d\n", __func__, - infp, inpipe.hd, inpipe.rvid); - err = start_feeder (infp, inpipe.hd, 1); - if (err) - { - log_error ("error spawning feeder: %s\n", gpg_strerror (err)); - CloseHandle (inpipe.hd); - return err; - } - inpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the feeder. */ - log_debug ("%s: inpipe %p created; feeder started\n", __func__, - infp); - } - - if (r_outfp) - { - /* Create a pipe to make the stdout of the child process - available as a stream. */ - outpipe.hd = _assuan_w32ce_prepare_pipe (&outpipe.rvid, 0); - if (outpipe.hd == INVALID_HANDLE_VALUE) - { - log_error ("_assuan_w32ce_prepare_pipe failed: %s\n", - w32_strerror (-1)); - gpg_err_set_errno (EIO); - /* Fixme release other stuff/kill feeder. */ - return gpg_error_from_syserror (); - } - syshd.type = ES_SYSHD_HANDLE; - syshd.u.handle = outpipe.hd; - err = 0; - outfp = es_sysopen (&syshd, "r"); - if (!outfp) - { - err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); - log_error ("error opening pipe stream: %s\n", gpg_strerror (err)); - CloseHandle (outpipe.hd); - return err; - } - log_debug ("%s: outpipe %p created; hd=%p rvid=%d\n", __func__, - outfp, outpipe.hd, outpipe.rvid); - outpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the OUTFP. */ - } - - if (r_errfp) - { - /* Create a pipe to make the stderr of the child process - available as a stream. */ - errpipe.hd = _assuan_w32ce_prepare_pipe (&errpipe.rvid, 0); - if (errpipe.hd == INVALID_HANDLE_VALUE) - { - log_error ("_assuan_w32ce_prepare_pipe failed: %s\n", - w32_strerror (-1)); - gpg_err_set_errno (EIO); - /* Fixme release other stuff/kill feeder. */ - return gpg_error_from_syserror (); - } - syshd.type = ES_SYSHD_HANDLE; - syshd.u.handle = errpipe.hd; - err = 0; - errfp = es_sysopen (&syshd, "r"); - if (!errfp) - { - err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); - log_error ("error opening pipe stream: %s\n", gpg_strerror (err)); - CloseHandle (errpipe.hd); - return err; - } - log_debug ("%s: errpipe %p created; hd=%p rvid=%d\n", __func__, - errfp, errpipe.hd, errpipe.rvid); - errpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the ERRFP. */ - } - - - - /* Build the command line. */ - err = build_w32_commandline (argv, inpipe.rvid, outpipe.rvid, errpipe.rvid, - &cmdline); - if (err) - { - /* Fixme release other stuff/kill feeder. */ - CloseHandle (errpipe.hd); - return err; - } - - log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline); - if (!create_process (pgmname, cmdline, &pi)) - { - log_error ("CreateProcess failed: %s\n", w32_strerror (-1)); - xfree (cmdline); - /* Fixme release other stuff/kill feeder. */ - CloseHandle (errpipe.hd); - return gpg_error (GPG_ERR_GENERAL); - } - xfree (cmdline); - cmdline = NULL; - - /* Note: The other end of the pipe is a rendezvous id and thus there - is no need for a close. */ - - log_debug ("CreateProcess ready: hProcess=%p hThread=%p" - " dwProcessID=%d dwThreadId=%d\n", - pi.hProcess, pi.hThread, - (int) pi.dwProcessId, (int) pi.dwThreadId); - - - /* Process has been created suspended; resume it now. */ - ResumeThread (pi.hThread); - CloseHandle (pi.hThread); - - if (r_outfp) - *r_outfp = outfp; - if (r_errfp) - *r_errfp = errfp; - *pid = handle_to_pid (pi.hProcess); - return 0; -} - - - -/* Simplified version of gnupg_spawn_process. This function forks and - then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout - and ERRFD to stderr (any of them may be -1 to connect them to - /dev/null). The arguments for the process are expected in the NULL - terminated array ARGV. The program name itself should not be - included there. Calling gnupg_wait_process is required. - - Returns 0 on success or an error code. */ -gpg_error_t -gnupg_spawn_process_fd (const char *pgmname, const char *argv[], - int infd, int outfd, int errfd, pid_t *pid) -{ - gpg_error_t err; - PROCESS_INFORMATION pi = {NULL}; - char *cmdline; - - /* Setup return values. */ - *pid = (pid_t)(-1); - - if (infd != -1 || outfd != -1 || errfd != -1) - return gpg_error (GPG_ERR_NOT_SUPPORTED); - - /* Build the command line. */ - err = build_w32_commandline (argv, 0, 0, 0, &cmdline); - if (err) - return err; - - log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline); - if (!create_process (pgmname, cmdline, &pi)) - { - log_error ("CreateProcess(fd) failed: %s\n", w32_strerror (-1)); - xfree (cmdline); - return gpg_error (GPG_ERR_GENERAL); - } - xfree (cmdline); - cmdline = NULL; - - log_debug ("CreateProcess(fd) ready: hProcess=%p hThread=%p" - " dwProcessID=%d dwThreadId=%d\n", - pi.hProcess, pi.hThread, - (int) pi.dwProcessId, (int) pi.dwThreadId); - - /* Process has been created suspended; resume it now. */ - ResumeThread (pi.hThread); - CloseHandle (pi.hThread); - - *pid = handle_to_pid (pi.hProcess); - return 0; -} - - -/* See exechelp.h for a description. */ -gpg_error_t -gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *exitcode) -{ - gpg_err_code_t ec; - HANDLE proc = fd_to_handle (pid); - int code; - DWORD exc; - - if (exitcode) - *exitcode = -1; - - if (pid == (pid_t)(-1)) - return gpg_error (GPG_ERR_INV_VALUE); - - /* FIXME: We should do a pth_waitpid here. However this has not yet - been implemented. A special W32 pth system call would even be - better. */ - code = WaitForSingleObject (proc, hang? INFINITE : 0); - switch (code) - { - case WAIT_TIMEOUT: - ec = GPG_ERR_TIMEOUT; - break; - - case WAIT_FAILED: - log_error (_("waiting for process %d to terminate failed: %s\n"), - (int)pid, w32_strerror (-1)); - ec = GPG_ERR_GENERAL; - break; - - case WAIT_OBJECT_0: - if (!GetExitCodeProcess (proc, &exc)) - { - log_error (_("error getting exit code of process %d: %s\n"), - (int)pid, w32_strerror (-1) ); - ec = GPG_ERR_GENERAL; - } - else if (exc) - { - log_error (_("error running '%s': exit status %d\n"), - pgmname, (int)exc ); - if (exitcode) - *exitcode = (int)exc; - ec = GPG_ERR_GENERAL; - } - else - { - if (exitcode) - *exitcode = 0; - ec = 0; - } - break; - - default: - log_error ("WaitForSingleObject returned unexpected " - "code %d for pid %d\n", code, (int)pid ); - ec = GPG_ERR_GENERAL; - break; - } - - return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); -} - - -/* See exechelp.h for a description. */ -gpg_error_t -gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, - int hang, int *r_exitcodes) -{ - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); -} - - -void -gnupg_release_process (pid_t pid) -{ - if (pid != (pid_t)INVALID_HANDLE_VALUE) - { - HANDLE process = (HANDLE)pid; - - CloseHandle (process); - } -} - - -/* Spawn a new process and immediately detach from it. The name of - the program to exec is PGMNAME and its arguments are in ARGV (the - programname is automatically passed as first argument). - Environment strings in ENVP are set. An error is returned if - pgmname is not executable; to make this work it is necessary to - provide an absolute file name. All standard file descriptors are - connected to /dev/null. */ -gpg_error_t -gnupg_spawn_process_detached (const char *pgmname, const char *argv[], - const char *envp[] ) -{ - gpg_error_t err; - char *cmdline; - PROCESS_INFORMATION pi = {NULL }; - - (void)envp; - - /* Build the command line. */ - err = build_w32_commandline (argv, 0, 0, 0, &cmdline); - if (err) - return err; - - /* Note: There is no detached flag under CE. */ - log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline); - if (!create_process (pgmname, cmdline, &pi)) - { - log_error ("CreateProcess(detached) failed: %s\n", w32_strerror (-1)); - xfree (cmdline); - return gpg_error (GPG_ERR_GENERAL); - } - xfree (cmdline); - cmdline = NULL; - - log_debug ("CreateProcess(detached) ready: hProcess=%p hThread=%p" - " dwProcessID=%d dwThreadId=%d\n", - pi.hProcess, pi.hThread, - (int) pi.dwProcessId, (int) pi.dwThreadId); - - /* Process has been created suspended; resume it now. */ - ResumeThread (pi.hThread); - CloseHandle (pi.hThread); - - return 0; -} - - -/* Kill a process; that is send an appropriate signal to the process. - gnupg_wait_process must be called to actually remove the process - from the system. An invalid PID is ignored. */ -void -gnupg_kill_process (pid_t pid) -{ - if (pid != (pid_t) INVALID_HANDLE_VALUE) - { - HANDLE process = (HANDLE) pid; - - /* Arbitrary error code. */ - TerminateProcess (process, 1); - } -} diff --git a/common/gettime.c b/common/gettime.c index 20d8fa109..2a9b71779 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -1,1029 +1,1024 @@ /* gettime.c - Wrapper for time functions * Copyright (C) 1998, 2002, 2007, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify * it under the terms of either * * - the GNU Lesser General Public License as published by the Free * Software Foundation; either version 3 of the License, or (at * your option) any later version. * * or * * - the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at * your option) any later version. * * or both in parallel, as here. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #ifdef HAVE_LOCALE_H #include #endif #ifdef HAVE_LANGINFO_H #include #endif #include "util.h" #include "i18n.h" #include "gettime.h" #ifdef HAVE_W32_SYSTEM #include #endif #ifdef HAVE_UNSIGNED_TIME_T # define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1)) #else /* Error or 32 bit time_t and value after 2038-01-19. */ # define IS_INVALID_TIME_T(a) ((a) < 0) #endif static unsigned long timewarp; static enum { NORMAL = 0, FROZEN, FUTURE, PAST } timemode; /* Correction used to map to real Julian days. */ #define JD_DIFF 1721060L /* Wrapper for the time(3). We use this here so we can fake the time for tests */ time_t gnupg_get_time (void) { time_t current = time (NULL); if (current == (time_t)(-1)) log_fatal ("time() failed\n"); if (timemode == NORMAL) return current; else if (timemode == FROZEN) return timewarp; else if (timemode == FUTURE) return current + timewarp; else return current - timewarp; } /* Wrapper around gmtime_r. On systems without gmtime_r this implementation works within gnupg because we use only one thread a time. FIXME: An independent library may use gmtime in one of its own thread (or via npth_enter/npth_leave) - in this case we run into a problem. The solution would be to use a mutex here. */ struct tm * gnupg_gmtime (const time_t *timep, struct tm *result) { #ifdef HAVE_GMTIME_R return gmtime_r (timep, result); #else struct tm *tp; tp = gmtime (timep); if (tp) memcpy (result, tp, sizeof *result); return tp; #endif } /* Return the current time (possibly faked) in ISO format. */ void gnupg_get_isotime (gnupg_isotime_t timebuf) { time_t atime = gnupg_get_time (); struct tm *tp; struct tm tmbuf; tp = gnupg_gmtime (&atime, &tmbuf); if (!tp) *timebuf = 0; else snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d", 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec); } /* Set the time to NEWTIME so that gnupg_get_time returns a time starting with this one. With FREEZE set to 1 the returned time will never change. Just for completeness, a value of (time_t)-1 for NEWTIME gets you back to reality. Note that this is obviously not thread-safe but this is not required. */ void gnupg_set_time (time_t newtime, int freeze) { time_t current = time (NULL); if ( newtime == (time_t)-1 || current == newtime) { timemode = NORMAL; timewarp = 0; } else if (freeze) { timemode = FROZEN; timewarp = newtime == (time_t)-1 ? current : newtime; } else if (newtime > current) { timemode = FUTURE; timewarp = newtime - current; } else { timemode = PAST; timewarp = current - newtime; } } /* Returns true when we are in timewarp mode */ int gnupg_faked_time_p (void) { return timemode; } /* This function is used by gpg because OpenPGP defines the timestamp as an unsigned 32 bit value. */ u32 make_timestamp (void) { time_t t = gnupg_get_time (); return (u32)t; } /**************** * Scan a date string and return a timestamp. * The only supported format is "yyyy-mm-dd" * Returns 0 for an invalid date. */ u32 scan_isodatestr( const char *string ) { int year, month, day; struct tm tmbuf; time_t stamp; int i; if( strlen(string) != 10 || string[4] != '-' || string[7] != '-' ) return 0; for( i=0; i < 4; i++ ) if( !digitp (string+i) ) return 0; if( !digitp (string+5) || !digitp(string+6) ) return 0; if( !digitp(string+8) || !digitp(string+9) ) return 0; year = atoi(string); month = atoi(string+5); day = atoi(string+8); /* some basic checks */ if( year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 ) return 0; memset( &tmbuf, 0, sizeof tmbuf ); tmbuf.tm_mday = day; tmbuf.tm_mon = month-1; tmbuf.tm_year = year - 1900; tmbuf.tm_isdst = -1; stamp = mktime( &tmbuf ); if( stamp == (time_t)-1 ) return 0; return stamp; } int isotime_p (const char *string) { const char *s; int i; if (!*string) return 0; for (s=string, i=0; i < 8; i++, s++) if (!digitp (s)) return 0; if (*s != 'T') return 0; for (s++, i=9; i < 15; i++, s++) if (!digitp (s)) return 0; if (*s == 'Z') s++; if ( !(!*s || (isascii (*s) && isspace(*s)) || *s == ':' || *s == ',')) return 0; /* Wrong delimiter. */ return 1; } /* Scan a string and return true if the string represents the human readable format of an ISO time. This format is: yyyy-mm-dd[ hh[:mm[:ss]]] Scanning stops at the second space or at a comma. If DATE_ONLY is true the time part is not expected and the scanning stops at the first space or at a comma. */ int isotime_human_p (const char *string, int date_only) { const char *s; int i; if (!*string) return 0; for (s=string, i=0; i < 4; i++, s++) if (!digitp (s)) return 0; if (*s != '-') return 0; s++; if (!digitp (s) || !digitp (s+1) || s[2] != '-') return 0; i = atoi_2 (s); if (i < 1 || i > 12) return 0; s += 3; if (!digitp (s) || !digitp (s+1)) return 0; i = atoi_2 (s); if (i < 1 || i > 31) return 0; s += 2; if (!*s || *s == ',') return 1; /* Okay; only date given. */ if (!spacep (s)) return 0; if (date_only) return 1; /* Okay; only date was requested. */ s++; if (spacep (s)) return 1; /* Okay, second space stops scanning. */ if (!digitp (s) || !digitp (s+1)) return 0; i = atoi_2 (s); if (i < 0 || i > 23) return 0; s += 2; if (!*s || *s == ',') return 1; /* Okay; only date and hour given. */ if (*s != ':') return 0; s++; if (!digitp (s) || !digitp (s+1)) return 0; i = atoi_2 (s); if (i < 0 || i > 59) return 0; s += 2; if (!*s || *s == ',') return 1; /* Okay; only date, hour and minute given. */ if (*s != ':') return 0; s++; if (!digitp (s) || !digitp (s+1)) return 0; i = atoi_2 (s); if (i < 0 || i > 60) return 0; s += 2; if (!*s || *s == ',' || spacep (s)) return 1; /* Okay; date, hour and minute and second given. */ return 0; /* Unexpected delimiter. */ } /* Convert a standard isotime or a human readable variant into an isotime structure. The allowed formats are those described by isotime_p and isotime_human_p. The function returns 0 on failure or the length of the scanned string on success. */ size_t string2isotime (gnupg_isotime_t atime, const char *string) { gnupg_isotime_t dummyatime; if (!atime) atime = dummyatime; atime[0] = 0; if (isotime_p (string)) { memcpy (atime, string, 15); atime[15] = 0; return 15; } if (!isotime_human_p (string, 0)) return 0; atime[0] = string[0]; atime[1] = string[1]; atime[2] = string[2]; atime[3] = string[3]; atime[4] = string[5]; atime[5] = string[6]; atime[6] = string[8]; atime[7] = string[9]; atime[8] = 'T'; memset (atime+9, '0', 6); atime[15] = 0; if (!spacep (string+10)) return 10; if (spacep (string+11)) return 11; /* As per def, second space stops scanning. */ atime[9] = string[11]; atime[10] = string[12]; if (string[13] != ':') return 13; atime[11] = string[14]; atime[12] = string[15]; if (string[16] != ':') return 16; atime[13] = string[17]; atime[14] = string[18]; return 19; } /* Scan an ISO timestamp and return an Epoch based timestamp. The only supported format is "yyyymmddThhmmss[Z]" delimited by white space, nul, a colon or a comma. Returns (time_t)(-1) for an invalid string. */ time_t isotime2epoch (const char *string) { int year, month, day, hour, minu, sec; struct tm tmbuf; if (!isotime_p (string)) return (time_t)(-1); year = atoi_4 (string); month = atoi_2 (string + 4); day = atoi_2 (string + 6); hour = atoi_2 (string + 9); minu = atoi_2 (string + 11); sec = atoi_2 (string + 13); /* Basic checks. */ if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 || hour > 23 || minu > 59 || sec > 61 ) return (time_t)(-1); memset (&tmbuf, 0, sizeof tmbuf); tmbuf.tm_sec = sec; tmbuf.tm_min = minu; tmbuf.tm_hour = hour; tmbuf.tm_mday = day; tmbuf.tm_mon = month-1; tmbuf.tm_year = year - 1900; tmbuf.tm_isdst = -1; return timegm (&tmbuf); } /* Convert an Epoch time to an iso time stamp. */ void epoch2isotime (gnupg_isotime_t timebuf, time_t atime) { if (atime == (time_t)(-1)) *timebuf = 0; else { struct tm *tp; #ifdef HAVE_GMTIME_R struct tm tmbuf; tp = gmtime_r (&atime, &tmbuf); #else tp = gmtime (&atime); #endif snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d", 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec); } } /* Parse a short ISO date string (YYYY-MM-DD) into a TM structure. Returns 0 on success. */ int isodate_human_to_tm (const char *string, struct tm *t) { int year, month, day; if (!isotime_human_p (string, 1)) return -1; year = atoi_4 (string); month = atoi_2 (string + 5); day = atoi_2 (string + 8); /* Basic checks. */ if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31) return -1; memset (t, 0, sizeof *t); t->tm_sec = 0; t->tm_min = 0; t->tm_hour = 0; t->tm_mday = day; t->tm_mon = month-1; t->tm_year = year - 1900; t->tm_isdst = -1; return 0; } /* This function is a copy of gpgme/src/conversion.c:_gpgme_timegm. If you change it, then update the other one too. */ #ifdef HAVE_W32_SYSTEM static time_t _win32_timegm (struct tm *tm) { /* This one is thread safe. */ SYSTEMTIME st; FILETIME ft; unsigned long long cnsecs; st.wYear = tm->tm_year + 1900; st.wMonth = tm->tm_mon + 1; st.wDay = tm->tm_mday; st.wHour = tm->tm_hour; st.wMinute = tm->tm_min; st.wSecond = tm->tm_sec; st.wMilliseconds = 0; /* Not available. */ st.wDayOfWeek = 0; /* Ignored. */ /* System time is UTC thus the conversion is pretty easy. */ if (!SystemTimeToFileTime (&st, &ft)) { gpg_err_set_errno (EINVAL); return (time_t)(-1); } cnsecs = (((unsigned long long)ft.dwHighDateTime << 32) | ft.dwLowDateTime); cnsecs -= 116444736000000000ULL; /* The filetime epoch is 1601-01-01. */ return (time_t)(cnsecs / 10000000ULL); } #endif /* Parse the string TIMESTAMP into a time_t. The string may either be seconds since Epoch or in the ISO 8601 format like "20390815T143012". Returns 0 for an empty string or seconds since Epoch. Leading spaces are skipped. If ENDP is not NULL, it will point to the next non-parsed character in TIMESTRING. This function is a copy of gpgme/src/conversion.c:_gpgme_parse_timestamp. If you change it, then update the other one too. */ time_t parse_timestamp (const char *timestamp, char **endp) { /* Need to skip leading spaces, because that is what strtoul does but not our ISO 8601 checking code. */ while (*timestamp && *timestamp== ' ') timestamp++; if (!*timestamp) return 0; if (strlen (timestamp) >= 15 && timestamp[8] == 'T') { struct tm buf; int year; year = atoi_4 (timestamp); if (year < 1900) return (time_t)(-1); if (endp) *endp = (char*)(timestamp + 15); /* Fixme: We would better use a configure test to see whether mktime can handle dates beyond 2038. */ if (sizeof (time_t) <= 4 && year >= 2038) return (time_t)2145914603; /* 2037-12-31 23:23:23 */ memset (&buf, 0, sizeof buf); buf.tm_year = year - 1900; buf.tm_mon = atoi_2 (timestamp+4) - 1; buf.tm_mday = atoi_2 (timestamp+6); buf.tm_hour = atoi_2 (timestamp+9); buf.tm_min = atoi_2 (timestamp+11); buf.tm_sec = atoi_2 (timestamp+13); #ifdef HAVE_W32_SYSTEM return _win32_timegm (&buf); #else #ifdef HAVE_TIMEGM return timegm (&buf); #else { time_t tim; putenv ("TZ=UTC"); tim = mktime (&buf); #ifdef __GNUC__ #warning fixme: we must somehow reset TZ here. It is not threadsafe anyway. #endif return tim; } #endif /* !HAVE_TIMEGM */ #endif /* !HAVE_W32_SYSTEM */ } else return (time_t)strtoul (timestamp, endp, 10); } u32 add_days_to_timestamp( u32 stamp, u16 days ) { return stamp + days*86400L; } /**************** * Return a string with a time value in the form: x Y, n D, n H */ const char * strtimevalue( u32 value ) { static char buffer[30]; unsigned int years, days, hours, minutes; value /= 60; minutes = value % 60; value /= 60; hours = value % 24; value /= 24; days = value % 365; value /= 365; years = value; sprintf(buffer,"%uy%ud%uh%um", years, days, hours, minutes ); if( years ) return buffer; if( days ) return strchr( buffer, 'y' ) + 1; return strchr( buffer, 'd' ) + 1; } /* Return a malloced string with the time elapsed between NOW and SINCE. May return NULL on error. */ char * elapsed_time_string (time_t since, time_t now) { char *result; double diff; unsigned long value; unsigned int days, hours, minutes, seconds; if (!now) now = gnupg_get_time (); diff = difftime (now, since); if (diff < 0) return xtrystrdup ("time-warp"); seconds = (unsigned long)diff % 60; value = (unsigned long)(diff / 60); minutes = value % 60; value /= 60; hours = value % 24; value /= 24; days = value % 365; if (days) result = xtryasprintf ("%ud%uh%um%us", days, hours, minutes, seconds); else if (hours) result = xtryasprintf ("%uh%um%us", hours, minutes, seconds); else if (minutes) result = xtryasprintf ("%um%us", minutes, seconds); else result = xtryasprintf ("%us", seconds); return result; } /* * Note: this function returns GMT */ const char * strtimestamp (u32 stamp) { static char buffer[11+5]; struct tm *tp; time_t atime = stamp; if (IS_INVALID_TIME_T (atime)) { strcpy (buffer, "????" "-??" "-??"); } else { tp = gmtime( &atime ); snprintf (buffer, sizeof buffer, "%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); } return buffer; } /* * Note: this function returns GMT */ const char * isotimestamp (u32 stamp) { static char buffer[25+5]; struct tm *tp; time_t atime = stamp; if (IS_INVALID_TIME_T (atime)) { strcpy (buffer, "????" "-??" "-??" " " "??" ":" "??" ":" "??"); } else { tp = gmtime ( &atime ); snprintf (buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec); } return buffer; } /**************** * Note: this function returns local time */ const char * asctimestamp (u32 stamp) { static char buffer[80]; #if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO) static char fmt[80]; #endif struct tm *tp; time_t atime = stamp; if (IS_INVALID_TIME_T (atime)) { strcpy (buffer, "????" "-??" "-??"); return buffer; } tp = localtime( &atime ); #ifdef HAVE_STRFTIME # if defined(HAVE_NL_LANGINFO) mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 ); if (!strstr( fmt, "%Z" )) strcat( fmt, " %Z"); /* NOTE: gcc -Wformat-noliteral will complain here. I have found no way to suppress this warning. */ strftime (buffer, DIM(buffer)-1, fmt, tp); -# elif defined(HAVE_W32CE_SYSTEM) - /* tzset is not available but %Z nevertheless prints a default - nonsense timezone ("WILDABBR"). Thus we don't print the time - zone at all. */ - strftime (buffer, DIM(buffer)-1, "%c", tp); # else # if HAVE_W32_SYSTEM { static int done; if (!done) { /* The locale names as used by Windows are in the form * "German_Germany.1252" or "German_Austria.1252" with * alternate names similar to Unix, e.g. "de-DE". However * that is the theory. On current Windows and Mingw the * alternate names do not work. We would need a table to map * them from the short names as provided by gpgrt to the long * names and append some code page. For now we use "" and * take the locale from the user's system settings. Thus the * standard Unix envvars don't work for time and may mismatch * with the string translations. The new UCRT available since * 2018 has a lot of additional support but that will for sure * break other things. We should move to ISO strings to get * rid of such problems. */ setlocale (LC_TIME, ""); done = 1; /* log_debug ("LC_ALL now '%s'\n", setlocale (LC_ALL, NULL)); */ /* log_debug ("LC_TIME now '%s'\n", setlocale (LC_TIME, NULL)); */ } } # endif /* FIXME: we should check whether the locale appends a " %Z" These * locales from glibc don't put the " %Z": fi_FI hr_HR ja_JP lt_LT * lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN. */ strftime (buffer, DIM(buffer)-1, "%c %Z", tp); # endif buffer[DIM(buffer)-1] = 0; #else mem2str( buffer, asctime(tp), DIM(buffer) ); #endif return buffer; } /* Return the timestamp STAMP in RFC-2822 format. This is always done * in the C locale. We return the gmtime to avoid computing the * timezone. The caller must release the returned string. * * Example: "Mon, 27 Jun 2016 1:42:00 +0000". */ char * rfctimestamp (u32 stamp) { time_t atime = stamp; struct tm tmbuf, *tp; if (IS_INVALID_TIME_T (atime)) { gpg_err_set_errno (EINVAL); return NULL; } tp = gnupg_gmtime (&atime, &tmbuf); if (!tp) return NULL; return xtryasprintf ("%.3s, %02d %.3s %04d %02d:%02d:%02d +0000", &"SunMonTueWedThuFriSat"[(tp->tm_wday%7)*3], tp->tm_mday, &"JanFebMarAprMayJunJulAugSepOctNovDec" [(tp->tm_mon%12)*3], tp->tm_year + 1900, tp->tm_hour, tp->tm_min, tp->tm_sec); } static int days_per_year (int y) { int s ; s = !(y % 4); if ( !(y % 100)) if ((y%400)) s = 0; return s ? 366 : 365; } static int days_per_month (int y, int m) { int s; switch(m) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: return 31 ; case 2: s = !(y % 4); if (!(y % 100)) if ((y % 400)) s = 0; return s? 29 : 28 ; case 4: case 6: case 9: case 11: return 30; } BUG(); } /* Convert YEAR, MONTH and DAY into the Julian date. We assume that it is already noon. We do not support dates before 1582-10-15. */ static unsigned long date2jd (int year, int month, int day) { unsigned long jd; jd = 365L * year + 31 * (month-1) + day + JD_DIFF; if (month < 3) year-- ; else jd -= (4 * month + 23) / 10; jd += year / 4 - ((year / 100 + 1) *3) / 4; return jd ; } /* Convert a Julian date back to YEAR, MONTH and DAY. Return day of the year or 0 on error. This function uses some more or less arbitrary limits, most important is that days before 1582 are not supported. */ static int jd2date (unsigned long jd, int *year, int *month, int *day) { int y, m, d; long delta; if (!jd) return 0 ; if (jd < 1721425 || jd > 2843085) return 0; y = (jd - JD_DIFF) / 366; d = m = 1; while ((delta = jd - date2jd (y, m, d)) > days_per_year (y)) y++; m = (delta / 31) + 1; while( (delta = jd - date2jd (y, m, d)) > days_per_month (y,m)) if (++m > 12) { m = 1; y++; } d = delta + 1 ; if (d > days_per_month (y, m)) { d = 1; m++; } if (m > 12) { m = 1; y++; } if (year) *year = y; if (month) *month = m; if (day) *day = d ; return (jd - date2jd (y, 1, 1)) + 1; } /* Check that the 15 bytes in ATIME represent a valid ISO time. Note that this function does not expect a string but a plain 15 byte isotime buffer. */ gpg_error_t check_isotime (const gnupg_isotime_t atime) { int i; const char *s; if (!*atime) return gpg_error (GPG_ERR_NO_VALUE); for (s=atime, i=0; i < 8; i++, s++) if (!digitp (s)) return gpg_error (GPG_ERR_INV_TIME); if (*s != 'T') return gpg_error (GPG_ERR_INV_TIME); for (s++, i=9; i < 15; i++, s++) if (!digitp (s)) return gpg_error (GPG_ERR_INV_TIME); return 0; } /* Dump the ISO time T to the log stream without a LF. */ void dump_isotime (const gnupg_isotime_t t) { if (!t || !*t) log_printf ("%s", _("[none]")); else log_printf ("%.4s-%.2s-%.2s %.2s:%.2s:%s", t, t+4, t+6, t+9, t+11, t+13); } /* Copy one ISO date to another, this is inline so that we can do a minimal sanity check. A null date (empty string) is allowed. */ void gnupg_copy_time (gnupg_isotime_t d, const gnupg_isotime_t s) { if (*s) { if ((strlen (s) != 15 || s[8] != 'T')) BUG(); memcpy (d, s, 15); d[15] = 0; } else *d = 0; } /* Add SECONDS to ATIME. SECONDS may not be negative and is limited to about the equivalent of 62 years which should be more then enough for our purposes. */ gpg_error_t add_seconds_to_isotime (gnupg_isotime_t atime, int nseconds) { gpg_error_t err; int year, month, day, hour, minute, sec, ndays; unsigned long jd; err = check_isotime (atime); if (err) return err; if (nseconds < 0 || nseconds >= (0x7fffffff - 61) ) return gpg_error (GPG_ERR_INV_VALUE); year = atoi_4 (atime+0); month = atoi_2 (atime+4); day = atoi_2 (atime+6); hour = atoi_2 (atime+9); minute= atoi_2 (atime+11); sec = atoi_2 (atime+13); if (year <= 1582) /* The julian date functions don't support this. */ return gpg_error (GPG_ERR_INV_VALUE); sec += nseconds; minute += sec/60; sec %= 60; hour += minute/60; minute %= 60; ndays = hour/24; hour %= 24; jd = date2jd (year, month, day) + ndays; jd2date (jd, &year, &month, &day); if (year > 9999 || month > 12 || day > 31 || year < 0 || month < 1 || day < 1) return gpg_error (GPG_ERR_INV_VALUE); snprintf (atime, 16, "%04d%02d%02dT%02d%02d%02d", year, month, day, hour, minute, sec); return 0; } gpg_error_t add_days_to_isotime (gnupg_isotime_t atime, int ndays) { gpg_error_t err; int year, month, day, hour, minute, sec; unsigned long jd; err = check_isotime (atime); if (err) return err; if (ndays < 0 || ndays >= 9999*366 ) return gpg_error (GPG_ERR_INV_VALUE); year = atoi_4 (atime+0); month = atoi_2 (atime+4); day = atoi_2 (atime+6); hour = atoi_2 (atime+9); minute= atoi_2 (atime+11); sec = atoi_2 (atime+13); if (year <= 1582) /* The julian date functions don't support this. */ return gpg_error (GPG_ERR_INV_VALUE); jd = date2jd (year, month, day) + ndays; jd2date (jd, &year, &month, &day); if (year > 9999 || month > 12 || day > 31 || year < 0 || month < 1 || day < 1) return gpg_error (GPG_ERR_INV_VALUE); snprintf (atime, 16, "%04d%02d%02dT%02d%02d%02d", year, month, day, hour, minute, sec); return 0; } diff --git a/po/POTFILES.in b/po/POTFILES.in index 2658660e0..75154ea64 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -1,139 +1,138 @@ # List of files with translatable strings agent/call-pinentry.c agent/command.c agent/command-ssh.c agent/divert-scd.c agent/genkey.c agent/gpg-agent.c agent/preset-passphrase.c agent/protect-tool.c agent/trustlist.c agent/findkey.c agent/pksign.c agent/cvt-openpgp.c common/exechelp-posix.c common/exechelp-w32.c -common/exechelp-w32ce.c common/simple-pwquery.c common/sysutils.c common/yesno.c common/miscellaneous.c common/asshelp.c common/audit.c common/helpfile.c common/gettime.c common/ksba-io-support.c common/ttyio.c common/comopt.c common/utf8conv.c common/dotlock.c common/init.c common/homedir.c g10/armor.c g10/build-packet.c g10/call-agent.c g10/call-dirmngr.c g10/card-util.c g10/dearmor.c g10/decrypt.c g10/delkey.c g10/encrypt.c g10/decrypt-data.c g10/exec.c g10/export.c g10/getkey.c g10/gpg.c g10/gpgv.c g10/helptext.c g10/import.c g10/key-check.c g10/keydb.c g10/keyedit.c g10/keygen.c g10/keyid.c g10/keylist.c g10/keyring.c g10/keyserver.c g10/mainproc.c g10/misc.c g10/openfile.c g10/parse-packet.c g10/passphrase.c g10/photoid.c g10/pkclist.c g10/plaintext.c g10/pubkey-enc.c g10/revoke.c g10/seskey.c g10/sig-check.c g10/sign.c g10/skclist.c g10/tdbdump.c g10/tdbio.c g10/textfilter.c g10/tofu.c g10/trustdb.c g10/trust.c g10/verify.c g10/cipher-cfb.c g10/cipher-aead.c kbx/kbxutil.c scd/app-piv.c scd/app-p15.c scd/app-nks.c scd/app-openpgp.c scd/app-dinsig.c scd/scdaemon.c sm/call-agent.c sm/call-dirmngr.c sm/certchain.c sm/certcheck.c sm/certdump.c sm/certlist.c sm/certreqgen.c sm/certreqgen-ui.c sm/decrypt.c sm/delete.c sm/encrypt.c sm/export.c sm/gpgsm.c sm/import.c sm/keydb.c sm/keylist.c sm/misc.c sm/qualified.c sm/sign.c sm/verify.c dirmngr/certcache.c dirmngr/crlcache.c dirmngr/crlfetch.c dirmngr/dirmngr-client.c dirmngr/dirmngr.c dirmngr/dirmngr_ldap.c dirmngr/http.c dirmngr/ldap-wrapper.c dirmngr/ldap.c dirmngr/ldapserver.c dirmngr/misc.c dirmngr/ocsp.c dirmngr/server.c dirmngr/validate.c tools/gpg-connect-agent.c tools/gpgconf-comp.c tools/gpgconf.c tools/no-libgcrypt.c tools/gpg-check-pattern.c tools/gpg-card.c tools/card-misc.c tools/card-keys.c tools/card-yubikey.c tools/card-call-scd.c