diff --git a/agent/genkey.c b/agent/genkey.c
index fc6ce0a26..eb6791dca 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -1,633 +1,633 @@
/* genkey.c - Generate a keypair
* Copyright (C) 2002, 2003, 2004, 2007, 2010 Free Software Foundation, Inc.
* Copyright (C) 2015 g10 Code GmbH.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#include
#include
#include
#include
#include
#include
#include "agent.h"
#include "../common/i18n.h"
#include "../common/exechelp.h"
#include "../common/sysutils.h"
static int
store_key (gcry_sexp_t private, const char *passphrase, int force,
unsigned long s2k_count, time_t timestamp)
{
int rc;
unsigned char *buf;
size_t len;
unsigned char grip[20];
if ( !gcry_pk_get_keygrip (private, grip) )
{
log_error ("can't calculate keygrip\n");
return gpg_error (GPG_ERR_GENERAL);
}
len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, NULL, 0);
log_assert (len);
buf = gcry_malloc_secure (len);
if (!buf)
return out_of_core ();
len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, buf, len);
log_assert (len);
if (passphrase)
{
unsigned char *p;
rc = agent_protect (buf, passphrase, &p, &len, s2k_count, -1);
if (rc)
{
xfree (buf);
return rc;
}
xfree (buf);
buf = p;
}
rc = agent_write_private_key (grip, buf, len, force, NULL, NULL, timestamp);
xfree (buf);
return rc;
}
/* Count the number of non-alpha characters in S. Control characters
and non-ascii characters are not considered. */
static size_t
nonalpha_count (const char *s)
{
size_t n;
for (n=0; *s; s++)
if (isascii (*s) && ( isdigit (*s) || ispunct (*s) ))
n++;
return n;
}
/* Check PW against a list of pattern. Return 0 if PW does not match
these pattern. If CHECK_CONSTRAINTS_NEW_SYMKEY is set in flags and
--check-sym-passphrase-pattern has been configured, use the pattern
file from that option. */
static int
do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags)
{
gpg_error_t err = 0;
const char *pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CHECK_PATTERN);
estream_t stream_to_check_pattern = NULL;
const char *argv[10];
pid_t pid;
int result, i;
const char *pattern;
char *patternfname;
(void)ctrl;
pattern = opt.check_passphrase_pattern;
if ((flags & CHECK_CONSTRAINTS_NEW_SYMKEY)
&& opt.check_sym_passphrase_pattern)
pattern = opt.check_sym_passphrase_pattern;
if (!pattern)
return 1; /* Oops - Assume password should not be used */
if (strchr (pattern, '/') || strchr (pattern, '\\')
|| (*pattern == '~' && pattern[1] == '/'))
patternfname = make_absfilename_try (pattern, NULL);
else
patternfname = make_filename_try (gnupg_sysconfdir (), pattern, NULL);
if (!patternfname)
{
log_error ("error making filename from '%s': %s\n",
pattern, gpg_strerror (gpg_error_from_syserror ()));
return 1; /* Do not pass the check. */
}
/* Make debugging a broken config easier by printing a useful error
* message. */
if (gnupg_access (patternfname, F_OK))
{
log_error ("error accessing '%s': %s\n",
patternfname, gpg_strerror (gpg_error_from_syserror ()));
xfree (patternfname);
return 1; /* Do not pass the check. */
}
i = 0;
argv[i++] = "--null";
argv[i++] = "--",
argv[i++] = patternfname,
argv[i] = NULL;
log_assert (i < sizeof argv);
- if (gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
+ if (gnupg_spawn_process (pgmname, argv, NULL, 0,
&stream_to_check_pattern, NULL, NULL, &pid))
result = 1; /* Execute error - assume password should no be used. */
else
{
es_set_binary (stream_to_check_pattern);
if (es_fwrite (pw, strlen (pw), 1, stream_to_check_pattern) != 1)
{
err = gpg_error_from_syserror ();
log_error (_("error writing to pipe: %s\n"), gpg_strerror (err));
result = 1; /* Error - assume password should not be used. */
}
else
es_fflush (stream_to_check_pattern);
es_fclose (stream_to_check_pattern);
if (gnupg_wait_process (pgmname, pid, 1, NULL))
result = 1; /* Helper returned an error - probably a match. */
else
result = 0; /* Success; i.e. no match. */
gnupg_release_process (pid);
}
xfree (patternfname);
return result;
}
static int
take_this_one_anyway (ctrl_t ctrl, const char *desc, const char *anyway_btn)
{
return agent_get_confirmation (ctrl, desc,
anyway_btn, L_("Enter new passphrase"), 0);
}
/* Check whether the passphrase PW is suitable. Returns 0 if the
* passphrase is suitable and true if it is not and the user should be
* asked to provide a different one. If FAILED_CONSTRAINT is set, a
* message describing the problem is returned at FAILED_CONSTRAINT.
* The FLAGS are:
* CHECK_CONSTRAINTS_NOT_EMPTY
* Do not allow an empty passphrase
* CHECK_CONSTRAINTS_NEW_SYMKEY
* Hint that the passphrase is used for a new symmetric key.
*/
int
check_passphrase_constraints (ctrl_t ctrl, const char *pw, unsigned int flags,
char **failed_constraint)
{
gpg_error_t err = 0;
unsigned int minlen = opt.min_passphrase_len;
unsigned int minnonalpha = opt.min_passphrase_nonalpha;
char *msg1 = NULL;
char *msg2 = NULL;
char *msg3 = NULL;
int no_empty = !!(flags & CHECK_CONSTRAINTS_NOT_EMPTY);
if (ctrl && ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
return 0;
if (!pw)
pw = "";
/* The first check is to warn about an empty passphrase. */
if (!*pw)
{
const char *desc = (opt.enforce_passphrase_constraints || no_empty?
L_("You have not entered a passphrase!%0A"
"An empty passphrase is not allowed.") :
L_("You have not entered a passphrase - "
"this is in general a bad idea!%0A"
"Please confirm that you do not want to "
"have any protection on your key."));
err = 1;
if (failed_constraint)
{
if (opt.enforce_passphrase_constraints || no_empty)
*failed_constraint = xstrdup (desc);
else
err = take_this_one_anyway (ctrl, desc,
L_("Yes, protection is not needed"));
}
goto leave;
}
/* Now check the constraints and collect the error messages unless
in silent mode which returns immediately. */
if (utf8_charcount (pw, -1) < minlen )
{
if (!failed_constraint)
{
err = gpg_error (GPG_ERR_INV_PASSPHRASE);
goto leave;
}
msg1 = xtryasprintf
( ngettext ("A passphrase should be at least %u character long.",
"A passphrase should be at least %u characters long.",
minlen), minlen );
if (!msg1)
{
err = gpg_error_from_syserror ();
goto leave;
}
}
if (nonalpha_count (pw) < minnonalpha )
{
if (!failed_constraint)
{
err = gpg_error (GPG_ERR_INV_PASSPHRASE);
goto leave;
}
msg2 = xtryasprintf
( ngettext ("A passphrase should contain at least %u digit or%%0A"
"special character.",
"A passphrase should contain at least %u digits or%%0A"
"special characters.",
minnonalpha), minnonalpha );
if (!msg2)
{
err = gpg_error_from_syserror ();
goto leave;
}
}
/* If configured check the passphrase against a list of known words
and pattern. The actual test is done by an external program.
The warning message is generic to give the user no hint on how to
circumvent this list. */
if (*pw
&& (opt.check_passphrase_pattern || opt.check_sym_passphrase_pattern)
&& do_check_passphrase_pattern (ctrl, pw, flags))
{
if (!failed_constraint)
{
err = gpg_error (GPG_ERR_INV_PASSPHRASE);
goto leave;
}
msg3 = xtryasprintf
(L_("A passphrase may not be a known term or match%%0A"
"certain pattern."));
if (!msg3)
{
err = gpg_error_from_syserror ();
goto leave;
}
}
if (failed_constraint && (msg1 || msg2 || msg3))
{
char *msg;
size_t n;
msg = strconcat
(L_("Warning: You have entered an insecure passphrase."),
"%0A%0A",
msg1? msg1 : "", msg1? "%0A" : "",
msg2? msg2 : "", msg2? "%0A" : "",
msg3? msg3 : "", msg3? "%0A" : "",
NULL);
if (!msg)
{
err = gpg_error_from_syserror ();
goto leave;
}
/* Strip a trailing "%0A". */
n = strlen (msg);
if (n > 3 && !strcmp (msg + n - 3, "%0A"))
msg[n-3] = 0;
err = 1;
if (opt.enforce_passphrase_constraints)
*failed_constraint = msg;
else
{
err = take_this_one_anyway (ctrl, msg, L_("Take this one anyway"));
xfree (msg);
}
}
leave:
xfree (msg1);
xfree (msg2);
xfree (msg3);
return err;
}
/* Callback function to compare the first entered PIN with the one
currently being entered. */
static gpg_error_t
reenter_compare_cb (struct pin_entry_info_s *pi)
{
const char *pin1 = pi->check_cb_arg;
if (!strcmp (pin1, pi->pin))
return 0; /* okay */
return gpg_error (GPG_ERR_BAD_PASSPHRASE);
}
/* Ask the user for a new passphrase using PROMPT. On success the
function returns 0 and store the passphrase at R_PASSPHRASE; if the
user opted not to use a passphrase NULL will be stored there. The
user needs to free the returned string. In case of an error and
error code is returned and NULL stored at R_PASSPHRASE. */
gpg_error_t
agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
char **r_passphrase)
{
gpg_error_t err;
const char *text1 = prompt;
const char *text2 = L_("Please re-enter this passphrase");
char *initial_errtext = NULL;
struct pin_entry_info_s *pi, *pi2;
*r_passphrase = NULL;
if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
{
size_t size;
unsigned char *buffer;
err = pinentry_loopback (ctrl, "NEW_PASSPHRASE", &buffer, &size,
MAX_PASSPHRASE_LEN);
if (!err)
{
if (size)
{
buffer[size] = 0;
*r_passphrase = buffer;
}
else
*r_passphrase = NULL;
}
return err;
}
pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
if (!pi)
return gpg_error_from_syserror ();
pi2 = gcry_calloc_secure (1, sizeof (*pi2) + MAX_PASSPHRASE_LEN + 1);
if (!pi2)
{
err = gpg_error_from_syserror ();
xfree (pi);
return err;
}
pi->max_length = MAX_PASSPHRASE_LEN + 1;
pi->max_tries = 3;
pi->with_qualitybar = 0;
pi->with_repeat = 1;
pi2->max_length = MAX_PASSPHRASE_LEN + 1;
pi2->max_tries = 3;
pi2->check_cb = reenter_compare_cb;
pi2->check_cb_arg = pi->pin;
next_try:
err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0);
xfree (initial_errtext);
initial_errtext = NULL;
if (!err)
{
if (check_passphrase_constraints (ctrl, pi->pin, 0, &initial_errtext))
{
pi->failed_tries = 0;
pi2->failed_tries = 0;
goto next_try;
}
/* Unless the passphrase is empty or the pinentry told us that
it already did the repetition check, ask to confirm it. */
if (*pi->pin && !pi->repeat_okay)
{
err = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0);
if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
{ /* The re-entered one did not match and the user did not
hit cancel. */
initial_errtext = xtrystrdup (L_("does not match - try again"));
if (initial_errtext)
goto next_try;
err = gpg_error_from_syserror ();
}
}
}
if (!err && *pi->pin)
{
/* User wants a passphrase. */
*r_passphrase = xtrystrdup (pi->pin);
if (!*r_passphrase)
err = gpg_error_from_syserror ();
}
xfree (initial_errtext);
xfree (pi2);
xfree (pi);
return err;
}
/* Generate a new keypair according to the parameters given in
KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase
using the cache nonce. If NO_PROTECTION is true the key will not
be protected by a passphrase. If OVERRIDE_PASSPHRASE is true that
passphrase will be used for the new key. If TIMESTAMP is not zero
it will be recorded as creation date of the key (unless extended
format is disabled) . */
int
agent_genkey (ctrl_t ctrl, const char *cache_nonce, time_t timestamp,
const char *keyparam, size_t keyparamlen, int no_protection,
const char *override_passphrase, int preset, membuf_t *outbuf)
{
gcry_sexp_t s_keyparam, s_key, s_private, s_public;
char *passphrase_buffer = NULL;
const char *passphrase;
int rc;
size_t len;
char *buf;
rc = gcry_sexp_sscan (&s_keyparam, NULL, keyparam, keyparamlen);
if (rc)
{
log_error ("failed to convert keyparam: %s\n", gpg_strerror (rc));
return gpg_error (GPG_ERR_INV_DATA);
}
/* Get the passphrase now, cause key generation may take a while. */
if (override_passphrase)
passphrase = override_passphrase;
else if (no_protection || !cache_nonce)
passphrase = NULL;
else
{
passphrase_buffer = agent_get_cache (ctrl, cache_nonce, CACHE_MODE_NONCE);
passphrase = passphrase_buffer;
}
if (passphrase || no_protection)
;
else
{
rc = agent_ask_new_passphrase (ctrl,
L_("Please enter the passphrase to%0A"
"protect your new key"),
&passphrase_buffer);
if (rc)
{
gcry_sexp_release (s_keyparam);
return rc;
}
passphrase = passphrase_buffer;
}
rc = gcry_pk_genkey (&s_key, s_keyparam );
gcry_sexp_release (s_keyparam);
if (rc)
{
log_error ("key generation failed: %s\n", gpg_strerror (rc));
xfree (passphrase_buffer);
return rc;
}
/* break out the parts */
s_private = gcry_sexp_find_token (s_key, "private-key", 0);
if (!s_private)
{
log_error ("key generation failed: invalid return value\n");
gcry_sexp_release (s_key);
xfree (passphrase_buffer);
return gpg_error (GPG_ERR_INV_DATA);
}
s_public = gcry_sexp_find_token (s_key, "public-key", 0);
if (!s_public)
{
log_error ("key generation failed: invalid return value\n");
gcry_sexp_release (s_private);
gcry_sexp_release (s_key);
xfree (passphrase_buffer);
return gpg_error (GPG_ERR_INV_DATA);
}
gcry_sexp_release (s_key); s_key = NULL;
/* store the secret key */
if (DBG_CRYPTO)
log_debug ("storing private key\n");
rc = store_key (s_private, passphrase, 0, ctrl->s2k_count, timestamp);
if (!rc)
{
if (!cache_nonce)
{
char tmpbuf[12];
gcry_create_nonce (tmpbuf, 12);
cache_nonce = bin2hex (tmpbuf, 12, NULL);
}
if (cache_nonce
&& !no_protection
&& !agent_put_cache (ctrl, cache_nonce, CACHE_MODE_NONCE,
passphrase, ctrl->cache_ttl_opt_preset))
agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL);
if (preset && !no_protection)
{
unsigned char grip[20];
char hexgrip[40+1];
if (gcry_pk_get_keygrip (s_private, grip))
{
bin2hex(grip, 20, hexgrip);
rc = agent_put_cache (ctrl, hexgrip, CACHE_MODE_ANY, passphrase,
ctrl->cache_ttl_opt_preset);
}
}
}
xfree (passphrase_buffer);
passphrase_buffer = NULL;
passphrase = NULL;
gcry_sexp_release (s_private);
if (rc)
{
gcry_sexp_release (s_public);
return rc;
}
/* return the public key */
if (DBG_CRYPTO)
log_debug ("returning public key\n");
len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0);
log_assert (len);
buf = xtrymalloc (len);
if (!buf)
{
gpg_error_t tmperr = out_of_core ();
gcry_sexp_release (s_private);
gcry_sexp_release (s_public);
return tmperr;
}
len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len);
log_assert (len);
put_membuf (outbuf, buf, len);
gcry_sexp_release (s_public);
xfree (buf);
return 0;
}
/* Apply a new passphrase to the key S_SKEY and store it. If
PASSPHRASE_ADDR and *PASSPHRASE_ADDR are not NULL, use that
passphrase. If PASSPHRASE_ADDR is not NULL store a newly entered
passphrase at that address. */
gpg_error_t
agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey,
char **passphrase_addr)
{
gpg_error_t err;
if (passphrase_addr && *passphrase_addr)
{
/* Take an empty string as request not to protect the key. */
err = store_key (s_skey, **passphrase_addr? *passphrase_addr:NULL, 1,
ctrl->s2k_count, 0);
}
else
{
char *pass = NULL;
if (passphrase_addr)
{
xfree (*passphrase_addr);
*passphrase_addr = NULL;
}
err = agent_ask_new_passphrase (ctrl,
L_("Please enter the new passphrase"),
&pass);
if (!err)
err = store_key (s_skey, pass, 1, ctrl->s2k_count, 0);
if (!err && passphrase_addr)
*passphrase_addr = pass;
else
xfree (pass);
}
return err;
}
diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
index b4d10bf65..54fe7dbac 100644
--- a/common/exechelp-posix.c
+++ b/common/exechelp-posix.c
@@ -1,919 +1,917 @@
/* exechelp.c - Fork and exec helpers for POSIX
* Copyright (C) 2004, 2007-2009, 2010 Free Software Foundation, Inc.
* Copyright (C) 2004, 2006-2012, 2014-2017 g10 Code GmbH
*
* This file is part of GnuPG.
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+)
*/
#include
#if defined(HAVE_W32_SYSTEM) || defined (HAVE_W32CE_SYSTEM)
#error This code is only used on POSIX
#endif
#include
#include
#include
#include
#include
#include
#ifdef HAVE_SIGNAL_H
# include
#endif
#include
#include
#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */
#undef HAVE_NPTH
#undef USE_NPTH
#endif
#ifdef HAVE_NPTH
#include
#endif
#include
#ifdef HAVE_GETRLIMIT
#include
#include
#endif /*HAVE_GETRLIMIT*/
#ifdef HAVE_STAT
# include
#endif
#if __linux__
# include
# include
#endif /*__linux__ */
#include "util.h"
#include "i18n.h"
#include "sysutils.h"
#include "exechelp.h"
/* Helper */
static inline gpg_error_t
my_error_from_syserror (void)
{
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
static inline gpg_error_t
my_error (int errcode)
{
return gpg_err_make (default_errsource, errcode);
}
/* Return the maximum number of currently allowed open file
descriptors. Only useful on POSIX systems but returns a value on
other systems too. */
int
get_max_fds (void)
{
int max_fds = -1;
#ifdef HAVE_GETRLIMIT
struct rlimit rl;
/* Under Linux we can figure out the highest used file descriptor by
* reading /proc/PID/fd. This is in the common cases much fast than
* for example doing 4096 close calls where almost all of them will
* fail. On a system with a limit of 4096 files and only 8 files
* open with the highest number being 10, we speedup close_all_fds
* from 125ms to 0.4ms including readdir.
*
* Another option would be to close the file descriptors as returned
* from reading that directory - however then we need to snapshot
* that list before starting to close them. */
#ifdef __linux__
{
DIR *dir = NULL;
struct dirent *dir_entry;
const char *s;
int x;
dir = opendir ("/proc/self/fd");
if (dir)
{
while ((dir_entry = readdir (dir)))
{
s = dir_entry->d_name;
if ( *s < '0' || *s > '9')
continue;
x = atoi (s);
if (x > max_fds)
max_fds = x;
}
closedir (dir);
}
if (max_fds != -1)
return max_fds + 1;
}
#endif /* __linux__ */
# ifdef RLIMIT_NOFILE
if (!getrlimit (RLIMIT_NOFILE, &rl))
max_fds = rl.rlim_max;
# endif
# ifdef RLIMIT_OFILE
if (max_fds == -1 && !getrlimit (RLIMIT_OFILE, &rl))
max_fds = rl.rlim_max;
# endif
#endif /*HAVE_GETRLIMIT*/
#ifdef _SC_OPEN_MAX
if (max_fds == -1)
{
long int scres = sysconf (_SC_OPEN_MAX);
if (scres >= 0)
max_fds = scres;
}
#endif
#ifdef _POSIX_OPEN_MAX
if (max_fds == -1)
max_fds = _POSIX_OPEN_MAX;
#endif
#ifdef OPEN_MAX
if (max_fds == -1)
max_fds = OPEN_MAX;
#endif
if (max_fds == -1)
max_fds = 256; /* Arbitrary limit. */
/* AIX returns INT32_MAX instead of a proper value. We assume that
this is always an error and use an arbitrary limit. */
#ifdef INT32_MAX
if (max_fds == INT32_MAX)
max_fds = 256;
#endif
return max_fds;
}
/* Close all file descriptors starting with descriptor FIRST. If
EXCEPT is not NULL, it is expected to be a list of file descriptors
which shall not be closed. This list shall be sorted in ascending
order with the end marked by -1. */
void
close_all_fds (int first, int *except)
{
int max_fd = get_max_fds ();
int fd, i, except_start;
if (except)
{
except_start = 0;
for (fd=first; fd < max_fd; fd++)
{
for (i=except_start; except[i] != -1; i++)
{
if (except[i] == fd)
{
/* If we found the descriptor in the exception list
we can start the next compare run at the next
index because the exception list is ordered. */
except_start = i + 1;
break;
}
}
if (except[i] == -1)
close (fd);
}
}
else
{
for (fd=first; fd < max_fd; fd++)
close (fd);
}
gpg_err_set_errno (0);
}
/* Returns an array with all currently open file descriptors. The end
of the array is marked by -1. The caller needs to release this
array using the *standard free* and not with xfree. This allow the
use of this function right at startup even before libgcrypt has
been initialized. Returns NULL on error and sets ERRNO
accordingly. */
int *
get_all_open_fds (void)
{
int *array;
size_t narray;
int fd, max_fd, idx;
#ifndef HAVE_STAT
array = calloc (1, sizeof *array);
if (array)
array[0] = -1;
#else /*HAVE_STAT*/
struct stat statbuf;
max_fd = get_max_fds ();
narray = 32; /* If you change this change also t-exechelp.c. */
array = calloc (narray, sizeof *array);
if (!array)
return NULL;
/* Note: The list we return is ordered. */
for (idx=0, fd=0; fd < max_fd; fd++)
if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
{
if (idx+1 >= narray)
{
int *tmp;
narray += (narray < 256)? 32:256;
tmp = realloc (array, narray * sizeof *array);
if (!tmp)
{
free (array);
return NULL;
}
array = tmp;
}
array[idx++] = fd;
}
array[idx] = -1;
#endif /*HAVE_STAT*/
return array;
}
/* The exec core used right after the fork. This will never return. */
static void
do_exec (const char *pgmname, const char *argv[],
int fd_in, int fd_out, int fd_err,
- int *except, void (*preexec)(void), unsigned int flags)
+ int *except, unsigned int flags)
{
char **arg_list;
int i, j;
int fds[3];
int nodevnull[3];
fds[0] = fd_in;
fds[1] = fd_out;
fds[2] = fd_err;
nodevnull[0] = !!(flags & GNUPG_SPAWN_KEEP_STDIN);
nodevnull[1] = !!(flags & GNUPG_SPAWN_KEEP_STDOUT);
nodevnull[2] = !!(flags & GNUPG_SPAWN_KEEP_STDERR);
/* Create the command line argument array. */
i = 0;
if (argv)
while (argv[i])
i++;
arg_list = xcalloc (i+2, sizeof *arg_list);
arg_list[0] = strrchr (pgmname, '/');
if (arg_list[0])
arg_list[0]++;
else
arg_list[0] = xstrdup (pgmname);
if (argv)
for (i=0,j=1; argv[i]; i++, j++)
arg_list[j] = (char*)argv[i];
/* Assign /dev/null to unused FDs. */
for (i=0; i <= 2; i++)
{
if (nodevnull[i])
continue;
if (fds[i] == -1)
{
fds[i] = open ("/dev/null", i? O_WRONLY : O_RDONLY);
if (fds[i] == -1)
log_fatal ("failed to open '%s': %s\n",
"/dev/null", strerror (errno));
}
}
/* Connect the standard files. */
for (i=0; i <= 2; i++)
{
if (nodevnull[i])
continue;
if (fds[i] != i && dup2 (fds[i], i) == -1)
log_fatal ("dup2 std%s failed: %s\n",
i==0?"in":i==1?"out":"err", strerror (errno));
}
/* Close all other files. */
close_all_fds (3, except);
- if (preexec)
- preexec ();
execv (pgmname, arg_list);
/* No way to print anything, as we have closed all streams. */
_exit (127);
}
static gpg_error_t
do_create_pipe (int filedes[2])
{
gpg_error_t err = 0;
if (pipe (filedes) == -1)
{
err = my_error_from_syserror ();
filedes[0] = filedes[1] = -1;
}
return err;
}
static gpg_error_t
create_pipe_and_estream (int filedes[2], estream_t *r_fp,
int outbound, int nonblock)
{
gpg_error_t err;
if (pipe (filedes) == -1)
{
err = my_error_from_syserror ();
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
filedes[0] = filedes[1] = -1;
*r_fp = NULL;
return err;
}
if (!outbound)
*r_fp = es_fdopen (filedes[0], nonblock? "r,nonblock" : "r");
else
*r_fp = es_fdopen (filedes[1], nonblock? "w,nonblock" : "w");
if (!*r_fp)
{
err = my_error_from_syserror ();
log_error (_("error creating a stream for a pipe: %s\n"),
gpg_strerror (err));
close (filedes[0]);
close (filedes[1]);
filedes[0] = filedes[1] = -1;
return err;
}
return 0;
}
/* Portable function to create a pipe. Under Windows the write end is
inheritable. If R_FP is not NULL, an estream is created for the
read end and stored at R_FP. */
gpg_error_t
gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
{
if (r_fp)
return create_pipe_and_estream (filedes, r_fp, 0, nonblock);
else
return do_create_pipe (filedes);
}
/* Portable function to create a pipe. Under Windows the read end is
inheritable. If R_FP is not NULL, an estream is created for the
write end and stored at R_FP. */
gpg_error_t
gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
{
if (r_fp)
return create_pipe_and_estream (filedes, r_fp, 1, nonblock);
else
return do_create_pipe (filedes);
}
/* Portable function to create a pipe. Under Windows both ends are
inheritable. */
gpg_error_t
gnupg_create_pipe (int filedes[2])
{
return do_create_pipe (filedes);
}
/* Close the end of a pipe. */
void
gnupg_close_pipe (int fd)
{
if (fd != -1)
close (fd);
}
/* Fork and exec the PGMNAME, see exechelp.h for details. */
gpg_error_t
gnupg_spawn_process (const char *pgmname, const char *argv[],
- int *except, void (*preexec)(void), unsigned int flags,
+ int *except, unsigned int flags,
estream_t *r_infp,
estream_t *r_outfp,
estream_t *r_errfp,
pid_t *pid)
{
gpg_error_t err;
int inpipe[2] = {-1, -1};
int outpipe[2] = {-1, -1};
int errpipe[2] = {-1, -1};
estream_t infp = NULL;
estream_t outfp = NULL;
estream_t errfp = NULL;
int nonblock = !!(flags & GNUPG_SPAWN_NONBLOCK);
if (r_infp)
*r_infp = NULL;
if (r_outfp)
*r_outfp = NULL;
if (r_errfp)
*r_errfp = NULL;
*pid = (pid_t)(-1); /* Always required. */
if (r_infp)
{
err = create_pipe_and_estream (inpipe, &infp, 1, nonblock);
if (err)
return err;
}
if (r_outfp)
{
err = create_pipe_and_estream (outpipe, &outfp, 0, nonblock);
if (err)
{
if (infp)
es_fclose (infp);
else if (inpipe[1] != -1)
close (inpipe[1]);
if (inpipe[0] != -1)
close (inpipe[0]);
return err;
}
}
if (r_errfp)
{
err = create_pipe_and_estream (errpipe, &errfp, 0, nonblock);
if (err)
{
if (infp)
es_fclose (infp);
else if (inpipe[1] != -1)
close (inpipe[1]);
if (inpipe[0] != -1)
close (inpipe[0]);
if (outfp)
es_fclose (outfp);
else if (outpipe[0] != -1)
close (outpipe[0]);
if (outpipe[1] != -1)
close (outpipe[1]);
return err;
}
}
*pid = fork ();
if (*pid == (pid_t)(-1))
{
err = my_error_from_syserror ();
log_error (_("error forking process: %s\n"), gpg_strerror (err));
if (infp)
es_fclose (infp);
else if (inpipe[1] != -1)
close (inpipe[1]);
if (inpipe[0] != -1)
close (inpipe[0]);
if (outfp)
es_fclose (outfp);
else if (outpipe[0] != -1)
close (outpipe[0]);
if (outpipe[1] != -1)
close (outpipe[1]);
if (errfp)
es_fclose (errfp);
else if (errpipe[0] != -1)
close (errpipe[0]);
if (errpipe[1] != -1)
close (errpipe[1]);
return err;
}
if (!*pid)
{
/* This is the child. */
gcry_control (GCRYCTL_TERM_SECMEM);
es_fclose (infp);
es_fclose (outfp);
es_fclose (errfp);
do_exec (pgmname, argv, inpipe[0], outpipe[1], errpipe[1],
- except, preexec, flags);
+ except, flags);
/*NOTREACHED*/
}
/* This is the parent. */
if (inpipe[0] != -1)
close (inpipe[0]);
if (outpipe[1] != -1)
close (outpipe[1]);
if (errpipe[1] != -1)
close (errpipe[1]);
if (r_infp)
*r_infp = infp;
if (r_outfp)
*r_outfp = outfp;
if (r_errfp)
*r_errfp = errfp;
return 0;
}
/* Simplified version of gnupg_spawn_process. This function forks and
then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
and ERRFD to stderr (any of them may be -1 to connect them to
/dev/null). The arguments for the process are expected in the NULL
terminated array ARGV. The program name itself should not be
included there. Calling gnupg_wait_process is required.
Returns 0 on success or an error code. */
gpg_error_t
gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
int infd, int outfd, int errfd, pid_t *pid)
{
gpg_error_t err;
*pid = fork ();
if (*pid == (pid_t)(-1))
{
err = my_error_from_syserror ();
log_error (_("error forking process: %s\n"), strerror (errno));
return err;
}
if (!*pid)
{
gcry_control (GCRYCTL_TERM_SECMEM);
/* Run child. */
- do_exec (pgmname, argv, infd, outfd, errfd, NULL, NULL, 0);
+ do_exec (pgmname, argv, infd, outfd, errfd, NULL, 0);
/*NOTREACHED*/
}
return 0;
}
/* Waiting for child processes.
waitpid(2) may return information about terminated children that we
did not yet request, and there is no portable way to wait for a
specific set of children.
As a workaround, we store the results of children for later use.
XXX: This assumes that PIDs are not reused too quickly. */
struct terminated_child
{
pid_t pid;
int exitcode;
struct terminated_child *next;
};
struct terminated_child *terminated_children;
static gpg_error_t
store_result (pid_t pid, int exitcode)
{
struct terminated_child *c;
c = xtrymalloc (sizeof *c);
if (c == NULL)
return gpg_err_code_from_syserror ();
c->pid = pid;
c->exitcode = exitcode;
c->next = terminated_children;
terminated_children = c;
return 0;
}
static int
get_result (pid_t pid, int *r_exitcode)
{
struct terminated_child *c, **prevp;
for (prevp = &terminated_children, c = terminated_children;
c;
prevp = &c->next, c = c->next)
if (c->pid == pid)
{
*prevp = c->next;
*r_exitcode = c->exitcode;
xfree (c);
return 1;
}
return 0;
}
/* See exechelp.h for a description. */
gpg_error_t
gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode)
{
gpg_err_code_t ec;
int i, status;
if (r_exitcode)
*r_exitcode = -1;
if (pid == (pid_t)(-1))
return gpg_error (GPG_ERR_INV_VALUE);
#ifdef USE_NPTH
i = npth_waitpid (pid, &status, hang? 0:WNOHANG);
#else
while ((i=waitpid (pid, &status, hang? 0:WNOHANG)) == (pid_t)(-1)
&& errno == EINTR);
#endif
if (i == (pid_t)(-1))
{
ec = gpg_err_code_from_errno (errno);
log_error (_("waiting for process %d to terminate failed: %s\n"),
(int)pid, strerror (errno));
}
else if (!i)
{
ec = GPG_ERR_TIMEOUT; /* Still running. */
}
else if (WIFEXITED (status) && WEXITSTATUS (status) == 127)
{
log_error (_("error running '%s': probably not installed\n"), pgmname);
ec = GPG_ERR_CONFIGURATION;
}
else if (WIFEXITED (status) && WEXITSTATUS (status))
{
if (!r_exitcode)
log_error (_("error running '%s': exit status %d\n"), pgmname,
WEXITSTATUS (status));
else
*r_exitcode = WEXITSTATUS (status);
ec = GPG_ERR_GENERAL;
}
else if (!WIFEXITED (status))
{
log_error (_("error running '%s': terminated\n"), pgmname);
ec = GPG_ERR_GENERAL;
}
else
{
if (r_exitcode)
*r_exitcode = 0;
ec = 0;
}
return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
}
/* See exechelp.h for a description. */
gpg_error_t
gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
int hang, int *r_exitcodes)
{
gpg_err_code_t ec = 0;
size_t i, left;
int *dummy = NULL;
if (r_exitcodes == NULL)
{
dummy = r_exitcodes = xtrymalloc (sizeof *r_exitcodes * count);
if (dummy == NULL)
return gpg_err_code_from_syserror ();
}
for (i = 0, left = count; i < count; i++)
{
int status = -1;
/* Skip invalid PID. */
if (pids[i] == (pid_t)(-1))
{
r_exitcodes[i] = -1;
left -= 1;
continue;
}
/* See if there was a previously stored result for this pid. */
if (get_result (pids[i], &status))
left -= 1;
r_exitcodes[i] = status;
}
while (left > 0)
{
pid_t pid;
int status;
#ifdef USE_NPTH
pid = npth_waitpid (-1, &status, hang ? 0 : WNOHANG);
#else
while ((pid = waitpid (-1, &status, hang ? 0 : WNOHANG)) == (pid_t)(-1)
&& errno == EINTR);
#endif
if (pid == (pid_t)(-1))
{
ec = gpg_err_code_from_errno (errno);
log_error (_("waiting for processes to terminate failed: %s\n"),
strerror (errno));
break;
}
else if (!pid)
{
ec = GPG_ERR_TIMEOUT; /* Still running. */
break;
}
else
{
for (i = 0; i < count; i++)
if (pid == pids[i])
break;
if (i == count)
{
/* No match, store this result. */
ec = store_result (pid, status);
if (ec)
break;
continue;
}
/* Process PIDS[i] died. */
if (r_exitcodes[i] != (pid_t) -1)
{
log_error ("PID %d was reused", pid);
ec = GPG_ERR_GENERAL;
break;
}
left -= 1;
r_exitcodes[i] = status;
}
}
for (i = 0; i < count; i++)
{
if (r_exitcodes[i] == -1)
continue;
if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
{
log_error (_("error running '%s': probably not installed\n"),
pgmnames[i]);
ec = GPG_ERR_CONFIGURATION;
}
else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
{
if (dummy)
log_error (_("error running '%s': exit status %d\n"),
pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
else
r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
ec = GPG_ERR_GENERAL;
}
else if (!WIFEXITED (r_exitcodes[i]))
{
log_error (_("error running '%s': terminated\n"), pgmnames[i]);
ec = GPG_ERR_GENERAL;
}
}
xfree (dummy);
return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
}
void
gnupg_release_process (pid_t pid)
{
(void)pid;
}
/* Spawn a new process and immediately detach from it. The name of
the program to exec is PGMNAME and its arguments are in ARGV (the
programname is automatically passed as first argument).
Environment strings in ENVP are set. An error is returned if
pgmname is not executable; to make this work it is necessary to
provide an absolute file name. All standard file descriptors are
connected to /dev/null. */
gpg_error_t
gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
const char *envp[] )
{
gpg_err_code_t ec;
pid_t pid;
int i;
if (getuid() != geteuid())
return my_error (GPG_ERR_BUG);
if ((ec = gnupg_access (pgmname, X_OK)))
return gpg_err_make (default_errsource, ec);
pid = fork ();
if (pid == (pid_t)(-1))
{
log_error (_("error forking process: %s\n"), strerror (errno));
return my_error_from_syserror ();
}
if (!pid)
{
pid_t pid2;
gcry_control (GCRYCTL_TERM_SECMEM);
if (setsid() == -1 || chdir ("/"))
_exit (1);
pid2 = fork (); /* Double fork to let init take over the new child. */
if (pid2 == (pid_t)(-1))
_exit (1);
if (pid2)
_exit (0); /* Let the parent exit immediately. */
if (envp)
for (i=0; envp[i]; i++)
putenv (xstrdup (envp[i]));
- do_exec (pgmname, argv, -1, -1, -1, NULL, NULL, 0);
+ do_exec (pgmname, argv, -1, -1, -1, NULL, 0);
/*NOTREACHED*/
}
if (waitpid (pid, NULL, 0) == -1)
log_error ("waitpid failed in gnupg_spawn_process_detached: %s",
strerror (errno));
return 0;
}
/* Kill a process; that is send an appropriate signal to the process.
gnupg_wait_process must be called to actually remove the process
from the system. An invalid PID is ignored. */
void
gnupg_kill_process (pid_t pid)
{
if (pid != (pid_t)(-1))
{
kill (pid, SIGTERM);
}
}
diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index 19cf85c85..aeedbbf2d 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -1,1054 +1,1050 @@
/* exechelp-w32.c - Fork and exec helpers for W32.
* Copyright (C) 2004, 2007-2009, 2010 Free Software Foundation, Inc.
* Copyright (C) 2004, 2006-2012, 2014-2017 g10 Code GmbH
*
* This file is part of GnuPG.
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+)
*/
#include
#if !defined(HAVE_W32_SYSTEM) || defined (HAVE_W32CE_SYSTEM)
#error This code is only used on W32.
#endif
#include
#include
#include
#include
#include
#ifdef HAVE_SIGNAL_H
# include
#endif
#include
#include
#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */
#undef HAVE_NPTH
#undef USE_NPTH
#endif
#ifdef HAVE_NPTH
#include
#endif
#ifdef HAVE_STAT
# include
#endif
#include "util.h"
#include "i18n.h"
#include "sysutils.h"
#include "exechelp.h"
#include
/* Define to 1 do enable debugging. */
#define DEBUG_W32_SPAWN 0
/* It seems Vista doesn't grok X_OK and so fails access() tests.
Previous versions interpreted X_OK as F_OK anyway, so we'll just
use F_OK directly. */
#undef X_OK
#define X_OK F_OK
/* We assume that a HANDLE can be represented by an intptr_t which
should be true for all systems (HANDLE is defined as void *).
Further we assume that -1 denotes an invalid handle. */
# define fd_to_handle(a) ((HANDLE)(a))
# define handle_to_fd(a) ((intptr_t)(a))
# define pid_to_handle(a) ((HANDLE)(a))
# define handle_to_pid(a) ((int)(a))
/* Helper */
static inline gpg_error_t
my_error_from_syserror (void)
{
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
static inline gpg_error_t
my_error (int errcode)
{
return gpg_err_make (default_errsource, errcode);
}
/* Return the maximum number of currently allowed open file
descriptors. Only useful on POSIX systems but returns a value on
other systems too. */
int
get_max_fds (void)
{
int max_fds = -1;
#ifdef OPEN_MAX
if (max_fds == -1)
max_fds = OPEN_MAX;
#endif
if (max_fds == -1)
max_fds = 256; /* Arbitrary limit. */
return max_fds;
}
/* Under Windows this is a dummy function. */
void
close_all_fds (int first, int *except)
{
(void)first;
(void)except;
}
/* Returns an array with all currently open file descriptors. The end
* of the array is marked by -1. The caller needs to release this
* array using the *standard free* and not with xfree. This allow the
* use of this function right at startup even before libgcrypt has
* been initialized. Returns NULL on error and sets ERRNO
* accordingly. Note that fstat prints a warning to DebugView for all
* invalid fds which is a bit annoying. We actually do not need this
* function in real code (close_all_fds is a dummy anyway) but we keep
* it for use by t-exechelp.c. */
int *
get_all_open_fds (void)
{
int *array;
size_t narray;
int fd, max_fd, idx;
#ifndef HAVE_STAT
array = calloc (1, sizeof *array);
if (array)
array[0] = -1;
#else /*HAVE_STAT*/
struct stat statbuf;
max_fd = get_max_fds ();
narray = 32; /* If you change this change also t-exechelp.c. */
array = calloc (narray, sizeof *array);
if (!array)
return NULL;
/* Note: The list we return is ordered. */
for (idx=0, fd=0; fd < max_fd; fd++)
if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
{
if (idx+1 >= narray)
{
int *tmp;
narray += (narray < 256)? 32:256;
tmp = realloc (array, narray * sizeof *array);
if (!tmp)
{
free (array);
return NULL;
}
array = tmp;
}
array[idx++] = fd;
}
array[idx] = -1;
#endif /*HAVE_STAT*/
return array;
}
/* Helper function to build_w32_commandline. */
static char *
build_w32_commandline_copy (char *buffer, const char *string)
{
char *p = buffer;
const char *s;
if (!*string) /* Empty string. */
p = stpcpy (p, "\"\"");
else if (strpbrk (string, " \t\n\v\f\""))
{
/* Need to do some kind of quoting. */
p = stpcpy (p, "\"");
for (s=string; *s; s++)
{
*p++ = *s;
if (*s == '\"')
*p++ = *s;
}
*p++ = '\"';
*p = 0;
}
else
p = stpcpy (p, string);
return p;
}
/* Build a command line for use with W32's CreateProcess. On success
CMDLINE gets the address of a newly allocated string. */
static gpg_error_t
build_w32_commandline (const char *pgmname, const char * const *argv,
char **cmdline)
{
int i, n;
const char *s;
char *buf, *p;
*cmdline = NULL;
n = 0;
s = pgmname;
n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */
for (; *s; s++)
if (*s == '\"')
n++; /* Need to double inner quotes. */
for (i=0; (s=argv[i]); i++)
{
n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */
for (; *s; s++)
if (*s == '\"')
n++; /* Need to double inner quotes. */
}
n++;
buf = p = xtrymalloc (n);
if (!buf)
return my_error_from_syserror ();
p = build_w32_commandline_copy (p, pgmname);
for (i=0; argv[i]; i++)
{
*p++ = ' ';
p = build_w32_commandline_copy (p, argv[i]);
}
*cmdline= buf;
return 0;
}
#define INHERIT_READ 1
#define INHERIT_WRITE 2
#define INHERIT_BOTH (INHERIT_READ|INHERIT_WRITE)
/* Create pipe. FLAGS indicates which ends are inheritable. */
static int
create_inheritable_pipe (HANDLE filedes[2], int flags)
{
HANDLE r, w;
SECURITY_ATTRIBUTES sec_attr;
memset (&sec_attr, 0, sizeof sec_attr );
sec_attr.nLength = sizeof sec_attr;
sec_attr.bInheritHandle = TRUE;
if (!CreatePipe (&r, &w, &sec_attr, 0))
return -1;
if ((flags & INHERIT_READ) == 0)
if (! SetHandleInformation (r, HANDLE_FLAG_INHERIT, 0))
goto fail;
if ((flags & INHERIT_WRITE) == 0)
if (! SetHandleInformation (w, HANDLE_FLAG_INHERIT, 0))
goto fail;
filedes[0] = r;
filedes[1] = w;
return 0;
fail:
log_error ("SetHandleInformation failed: %s\n", w32_strerror (-1));
CloseHandle (r);
CloseHandle (w);
return -1;
}
static HANDLE
w32_open_null (int for_write)
{
HANDLE hfile;
hfile = CreateFileW (L"nul",
for_write? GENERIC_WRITE : GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, 0, NULL);
if (hfile == INVALID_HANDLE_VALUE)
log_debug ("can't open 'nul': %s\n", w32_strerror (-1));
return hfile;
}
static gpg_error_t
create_pipe_and_estream (int filedes[2], int flags,
estream_t *r_fp, int outbound, int nonblock)
{
gpg_error_t err = 0;
HANDLE fds[2];
es_syshd_t syshd;
filedes[0] = filedes[1] = -1;
err = my_error (GPG_ERR_GENERAL);
if (!create_inheritable_pipe (fds, flags))
{
filedes[0] = _open_osfhandle (handle_to_fd (fds[0]), O_RDONLY);
if (filedes[0] == -1)
{
log_error ("failed to translate osfhandle %p\n", fds[0]);
CloseHandle (fds[1]);
}
else
{
filedes[1] = _open_osfhandle (handle_to_fd (fds[1]), O_APPEND);
if (filedes[1] == -1)
{
log_error ("failed to translate osfhandle %p\n", fds[1]);
close (filedes[0]);
filedes[0] = -1;
CloseHandle (fds[1]);
}
else
err = 0;
}
}
if (! err && r_fp)
{
syshd.type = ES_SYSHD_HANDLE;
if (!outbound)
{
syshd.u.handle = fds[0];
*r_fp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
}
else
{
syshd.u.handle = fds[1];
*r_fp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w");
}
if (!*r_fp)
{
err = my_error_from_syserror ();
log_error (_("error creating a stream for a pipe: %s\n"),
gpg_strerror (err));
close (filedes[0]);
close (filedes[1]);
filedes[0] = filedes[1] = -1;
return err;
}
}
return err;
}
/* Portable function to create a pipe. Under Windows the write end is
inheritable. If R_FP is not NULL, an estream is created for the
read end and stored at R_FP. */
gpg_error_t
gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
{
return create_pipe_and_estream (filedes, INHERIT_WRITE,
r_fp, 0, nonblock);
}
/* Portable function to create a pipe. Under Windows the read end is
inheritable. If R_FP is not NULL, an estream is created for the
write end and stored at R_FP. */
gpg_error_t
gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
{
return create_pipe_and_estream (filedes, INHERIT_READ,
r_fp, 1, nonblock);
}
/* Portable function to create a pipe. Under Windows both ends are
inheritable. */
gpg_error_t
gnupg_create_pipe (int filedes[2])
{
return create_pipe_and_estream (filedes, INHERIT_BOTH,
NULL, 0, 0);
}
/* Close the end of a pipe. */
void
gnupg_close_pipe (int fd)
{
if (fd != -1)
close (fd);
}
/* Fork and exec the PGMNAME, see exechelp.h for details. */
gpg_error_t
gnupg_spawn_process (const char *pgmname, const char *argv[],
- int *except, void (*preexec)(void), unsigned int flags,
+ int *except, unsigned int flags,
estream_t *r_infp,
estream_t *r_outfp,
estream_t *r_errfp,
pid_t *pid)
{
gpg_error_t err;
SECURITY_ATTRIBUTES sec_attr;
PROCESS_INFORMATION pi =
{
NULL, /* Returns process handle. */
0, /* Returns primary thread handle. */
0, /* Returns pid. */
0 /* Returns tid. */
};
STARTUPINFOW si;
int cr_flags;
char *cmdline;
wchar_t *wcmdline = NULL;
wchar_t *wpgmname = NULL;
HANDLE inpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE};
HANDLE outpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE};
HANDLE errpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE};
estream_t infp = NULL;
estream_t outfp = NULL;
estream_t errfp = NULL;
HANDLE nullhd[3] = {INVALID_HANDLE_VALUE,
INVALID_HANDLE_VALUE,
INVALID_HANDLE_VALUE};
int i, rc;
es_syshd_t syshd;
gpg_err_source_t errsource = default_errsource;
int nonblock = !!(flags & GNUPG_SPAWN_NONBLOCK);
(void)except; /* Not yet used. */
if (r_infp)
*r_infp = NULL;
if (r_outfp)
*r_outfp = NULL;
if (r_errfp)
*r_errfp = NULL;
*pid = (pid_t)(-1); /* Always required. */
if (r_infp)
{
if (create_inheritable_pipe (inpipe, INHERIT_READ))
{
err = gpg_err_make (errsource, GPG_ERR_GENERAL);
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
return err;
}
syshd.type = ES_SYSHD_HANDLE;
syshd.u.handle = inpipe[1];
infp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w");
if (!infp)
{
err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
log_error (_("error creating a stream for a pipe: %s\n"),
gpg_strerror (err));
CloseHandle (inpipe[0]);
CloseHandle (inpipe[1]);
inpipe[0] = inpipe[1] = INVALID_HANDLE_VALUE;
return err;
}
}
if (r_outfp)
{
if (create_inheritable_pipe (outpipe, INHERIT_WRITE))
{
err = gpg_err_make (errsource, GPG_ERR_GENERAL);
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
return err;
}
syshd.type = ES_SYSHD_HANDLE;
syshd.u.handle = outpipe[0];
outfp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
if (!outfp)
{
err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
log_error (_("error creating a stream for a pipe: %s\n"),
gpg_strerror (err));
CloseHandle (outpipe[0]);
CloseHandle (outpipe[1]);
outpipe[0] = outpipe[1] = INVALID_HANDLE_VALUE;
if (infp)
es_fclose (infp);
else if (inpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (inpipe[1]);
if (inpipe[0] != INVALID_HANDLE_VALUE)
CloseHandle (inpipe[0]);
return err;
}
}
if (r_errfp)
{
if (create_inheritable_pipe (errpipe, INHERIT_WRITE))
{
err = gpg_err_make (errsource, GPG_ERR_GENERAL);
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
return err;
}
syshd.type = ES_SYSHD_HANDLE;
syshd.u.handle = errpipe[0];
errfp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
if (!errfp)
{
err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
log_error (_("error creating a stream for a pipe: %s\n"),
gpg_strerror (err));
CloseHandle (errpipe[0]);
CloseHandle (errpipe[1]);
errpipe[0] = errpipe[1] = INVALID_HANDLE_VALUE;
if (outfp)
es_fclose (outfp);
else if (outpipe[0] != INVALID_HANDLE_VALUE)
CloseHandle (outpipe[0]);
if (outpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (outpipe[1]);
if (infp)
es_fclose (infp);
else if (inpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (inpipe[1]);
if (inpipe[0] != INVALID_HANDLE_VALUE)
CloseHandle (inpipe[0]);
return err;
}
}
/* Prepare security attributes. */
memset (&sec_attr, 0, sizeof sec_attr );
sec_attr.nLength = sizeof sec_attr;
sec_attr.bInheritHandle = FALSE;
/* Build the command line. */
err = build_w32_commandline (pgmname, argv, &cmdline);
if (err)
return err;
if (inpipe[0] == INVALID_HANDLE_VALUE)
nullhd[0] = ((flags & GNUPG_SPAWN_KEEP_STDIN)?
GetStdHandle (STD_INPUT_HANDLE) : w32_open_null (0));
if (outpipe[1] == INVALID_HANDLE_VALUE)
nullhd[1] = ((flags & GNUPG_SPAWN_KEEP_STDOUT)?
GetStdHandle (STD_OUTPUT_HANDLE) : w32_open_null (1));
if (errpipe[1] == INVALID_HANDLE_VALUE)
nullhd[2] = ((flags & GNUPG_SPAWN_KEEP_STDOUT)?
GetStdHandle (STD_ERROR_HANDLE) : w32_open_null (1));
- /* Start the process. Note that we can't run the PREEXEC function
- because this might change our own environment. */
- (void)preexec;
-
memset (&si, 0, sizeof si);
si.cb = sizeof (si);
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_HIDE;
si.hStdInput = inpipe[0] == INVALID_HANDLE_VALUE? nullhd[0] : inpipe[0];
si.hStdOutput = outpipe[1] == INVALID_HANDLE_VALUE? nullhd[1] : outpipe[1];
si.hStdError = errpipe[1] == INVALID_HANDLE_VALUE? nullhd[2] : errpipe[1];
cr_flags = (CREATE_DEFAULT_ERROR_MODE
| ((flags & GNUPG_SPAWN_DETACHED)? DETACHED_PROCESS : 0)
| GetPriorityClass (GetCurrentProcess ())
| CREATE_SUSPENDED);
/* log_debug ("CreateProcess, path='%s' cmdline='%s'\n", */
/* pgmname, cmdline); */
/* Take care: CreateProcessW may modify wpgmname */
if (!(wpgmname = utf8_to_wchar (pgmname)))
rc = 0;
else if (!(wcmdline = utf8_to_wchar (cmdline)))
rc = 0;
else
rc = CreateProcessW (wpgmname, /* Program to start. */
wcmdline, /* Command line arguments. */
&sec_attr, /* Process security attributes. */
&sec_attr, /* Thread security attributes. */
TRUE, /* Inherit handles. */
cr_flags, /* Creation flags. */
NULL, /* Environment. */
NULL, /* Use current drive/directory. */
&si, /* Startup information. */
&pi /* Returns process information. */
);
if (!rc)
{
if (!wpgmname || !wcmdline)
log_error ("CreateProcess failed (utf8_to_wchar): %s\n",
strerror (errno));
else
log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
xfree (wpgmname);
xfree (wcmdline);
xfree (cmdline);
if (infp)
es_fclose (infp);
else if (inpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (outpipe[1]);
if (inpipe[0] != INVALID_HANDLE_VALUE)
CloseHandle (inpipe[0]);
if (outfp)
es_fclose (outfp);
else if (outpipe[0] != INVALID_HANDLE_VALUE)
CloseHandle (outpipe[0]);
if (outpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (outpipe[1]);
if (errfp)
es_fclose (errfp);
else if (errpipe[0] != INVALID_HANDLE_VALUE)
CloseHandle (errpipe[0]);
if (errpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (errpipe[1]);
return gpg_err_make (errsource, GPG_ERR_GENERAL);
}
xfree (wpgmname);
xfree (wcmdline);
xfree (cmdline);
cmdline = NULL;
/* Close the inherited handles to /dev/null. */
for (i=0; i < DIM (nullhd); i++)
if (nullhd[i] != INVALID_HANDLE_VALUE)
CloseHandle (nullhd[i]);
/* Close the inherited ends of the pipes. */
if (inpipe[0] != INVALID_HANDLE_VALUE)
CloseHandle (inpipe[0]);
if (outpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (outpipe[1]);
if (errpipe[1] != INVALID_HANDLE_VALUE)
CloseHandle (errpipe[1]);
/* log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
/* " dwProcessID=%d dwThreadId=%d\n", */
/* pi.hProcess, pi.hThread, */
/* (int) pi.dwProcessId, (int) pi.dwThreadId); */
/* log_debug (" outfp=%p errfp=%p\n", outfp, errfp); */
/* Fixme: For unknown reasons AllowSetForegroundWindow returns an
invalid argument error if we pass it the correct processID. As a
workaround we use -1 (ASFW_ANY). */
if ((flags & GNUPG_SPAWN_RUN_ASFW))
gnupg_allow_set_foregound_window ((pid_t)(-1)/*pi.dwProcessId*/);
/* Process has been created suspended; resume it now. */
ResumeThread (pi.hThread);
CloseHandle (pi.hThread);
if (r_infp)
*r_infp = infp;
if (r_outfp)
*r_outfp = outfp;
if (r_errfp)
*r_errfp = errfp;
*pid = handle_to_pid (pi.hProcess);
return 0;
}
/* Simplified version of gnupg_spawn_process. This function forks and
then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
and ERRFD to stderr (any of them may be -1 to connect them to
/dev/null). The arguments for the process are expected in the NULL
terminated array ARGV. The program name itself should not be
included there. Calling gnupg_wait_process is required.
Returns 0 on success or an error code. */
gpg_error_t
gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
int infd, int outfd, int errfd, pid_t *pid)
{
gpg_error_t err;
SECURITY_ATTRIBUTES sec_attr;
PROCESS_INFORMATION pi = { NULL, 0, 0, 0 };
STARTUPINFOW si;
char *cmdline;
wchar_t *wcmdline = NULL;
wchar_t *wpgmname = NULL;
int i, rc;
HANDLE stdhd[3];
/* Setup return values. */
*pid = (pid_t)(-1);
/* Prepare security attributes. */
memset (&sec_attr, 0, sizeof sec_attr );
sec_attr.nLength = sizeof sec_attr;
sec_attr.bInheritHandle = FALSE;
/* Build the command line. */
err = build_w32_commandline (pgmname, argv, &cmdline);
if (err)
return err;
memset (&si, 0, sizeof si);
si.cb = sizeof (si);
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
stdhd[0] = infd == -1? w32_open_null (0) : INVALID_HANDLE_VALUE;
stdhd[1] = outfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE;
stdhd[2] = errfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE;
si.hStdInput = infd == -1? stdhd[0] : (void*)_get_osfhandle (infd);
si.hStdOutput = outfd == -1? stdhd[1] : (void*)_get_osfhandle (outfd);
si.hStdError = errfd == -1? stdhd[2] : (void*)_get_osfhandle (errfd);
/* log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline); */
/* Take care: CreateProcessW may modify wpgmname */
if (!(wpgmname = utf8_to_wchar (pgmname)))
rc = 0;
else if (!(wcmdline = utf8_to_wchar (cmdline)))
rc = 0;
else
rc = CreateProcessW (wpgmname, /* Program to start. */
wcmdline, /* Command line arguments. */
&sec_attr, /* Process security attributes. */
&sec_attr, /* Thread security attributes. */
TRUE, /* Inherit handles. */
(CREATE_DEFAULT_ERROR_MODE
| GetPriorityClass (GetCurrentProcess ())
| CREATE_SUSPENDED | DETACHED_PROCESS),
NULL, /* Environment. */
NULL, /* Use current drive/directory. */
&si, /* Startup information. */
&pi /* Returns process information. */
);
if (!rc)
{
if (!wpgmname || !wcmdline)
log_error ("CreateProcess failed (utf8_to_wchar): %s\n",
strerror (errno));
else
log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
err = my_error (GPG_ERR_GENERAL);
}
else
err = 0;
xfree (wpgmname);
xfree (wcmdline);
xfree (cmdline);
for (i=0; i < 3; i++)
if (stdhd[i] != INVALID_HANDLE_VALUE)
CloseHandle (stdhd[i]);
if (err)
return err;
/* log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
/* " dwProcessID=%d dwThreadId=%d\n", */
/* pi.hProcess, pi.hThread, */
/* (int) pi.dwProcessId, (int) pi.dwThreadId); */
/* Process has been created suspended; resume it now. */
ResumeThread (pi.hThread);
CloseHandle (pi.hThread);
*pid = handle_to_pid (pi.hProcess);
return 0;
}
/* See exechelp.h for a description. */
gpg_error_t
gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode)
{
return gnupg_wait_processes (&pgmname, &pid, 1, hang, r_exitcode);
}
/* See exechelp.h for a description. */
gpg_error_t
gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
int hang, int *r_exitcodes)
{
gpg_err_code_t ec = 0;
size_t i;
HANDLE *procs;
int code;
procs = xtrycalloc (count, sizeof *procs);
if (procs == NULL)
return my_error_from_syserror ();
for (i = 0; i < count; i++)
{
if (r_exitcodes)
r_exitcodes[i] = -1;
if (pids[i] == (pid_t)(-1))
return my_error (GPG_ERR_INV_VALUE);
procs[i] = pid_to_handle (pids[i]);
}
/* FIXME: We should do a pth_waitpid here. However this has not yet
been implemented. A special W32 pth system call would even be
better. */
code = WaitForMultipleObjects (count, procs, TRUE, hang? INFINITE : 0);
switch (code)
{
case WAIT_TIMEOUT:
ec = GPG_ERR_TIMEOUT;
goto leave;
case WAIT_FAILED:
log_error (_("waiting for processes to terminate failed: %s\n"),
w32_strerror (-1));
ec = GPG_ERR_GENERAL;
goto leave;
case WAIT_OBJECT_0:
for (i = 0; i < count; i++)
{
DWORD exc;
if (! GetExitCodeProcess (procs[i], &exc))
{
log_error (_("error getting exit code of process %d: %s\n"),
(int) pids[i], w32_strerror (-1) );
ec = GPG_ERR_GENERAL;
}
else if (exc)
{
if (!r_exitcodes)
log_error (_("error running '%s': exit status %d\n"),
pgmnames[i], (int)exc);
else
r_exitcodes[i] = (int)exc;
ec = GPG_ERR_GENERAL;
}
else
{
if (r_exitcodes)
r_exitcodes[i] = 0;
}
}
break;
default:
log_error ("WaitForMultipleObjects returned unexpected "
"code %d\n", code);
ec = GPG_ERR_GENERAL;
break;
}
leave:
return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
}
void
gnupg_release_process (pid_t pid)
{
if (pid != (pid_t)INVALID_HANDLE_VALUE)
{
HANDLE process = (HANDLE)pid;
CloseHandle (process);
}
}
/* Spawn a new process and immediately detach from it. The name of
the program to exec is PGMNAME and its arguments are in ARGV (the
programname is automatically passed as first argument).
Environment strings in ENVP are set. An error is returned if
pgmname is not executable; to make this work it is necessary to
provide an absolute file name. All standard file descriptors are
connected to /dev/null. */
gpg_error_t
gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
const char *envp[] )
{
gpg_error_t err;
SECURITY_ATTRIBUTES sec_attr;
PROCESS_INFORMATION pi =
{
NULL, /* Returns process handle. */
0, /* Returns primary thread handle. */
0, /* Returns pid. */
0 /* Returns tid. */
};
STARTUPINFOW si;
int cr_flags;
char *cmdline;
wchar_t *wcmdline = NULL;
wchar_t *wpgmname = NULL;
BOOL in_job = FALSE;
gpg_err_code_t ec;
int rc;
int jobdebug;
/* We don't use ENVP. */
(void)envp;
cmdline = getenv ("GNUPG_EXEC_DEBUG_FLAGS");
jobdebug = (cmdline && (atoi (cmdline) & 1));
if ((ec = gnupg_access (pgmname, X_OK)))
return gpg_err_make (default_errsource, ec);
/* Prepare security attributes. */
memset (&sec_attr, 0, sizeof sec_attr );
sec_attr.nLength = sizeof sec_attr;
sec_attr.bInheritHandle = FALSE;
/* Build the command line. */
err = build_w32_commandline (pgmname, argv, &cmdline);
if (err)
return err;
/* Start the process. */
memset (&si, 0, sizeof si);
si.cb = sizeof (si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
cr_flags = (CREATE_DEFAULT_ERROR_MODE
| GetPriorityClass (GetCurrentProcess ())
| CREATE_NEW_PROCESS_GROUP
| DETACHED_PROCESS);
/* Check if we were spawned as part of a Job.
* In a job we need to add CREATE_BREAKAWAY_FROM_JOB
* to the cr_flags, otherwise our child processes
* are killed when we terminate. */
if (!IsProcessInJob (GetCurrentProcess(), NULL, &in_job))
{
log_error ("IsProcessInJob() failed: %s\n", w32_strerror (-1));
in_job = FALSE;
}
if (in_job)
{
/* Only try to break away from job if it is allowed, otherwise
* CreateProcess() would fail with an "Access is denied" error. */
JOBOBJECT_EXTENDED_LIMIT_INFORMATION info;
if (!QueryInformationJobObject (NULL, JobObjectExtendedLimitInformation,
&info, sizeof info, NULL))
{
log_error ("QueryInformationJobObject() failed: %s\n",
w32_strerror (-1));
}
else if ((info.BasicLimitInformation.LimitFlags &
JOB_OBJECT_LIMIT_BREAKAWAY_OK))
{
if (jobdebug)
log_debug ("Using CREATE_BREAKAWAY_FROM_JOB flag\n");
cr_flags |= CREATE_BREAKAWAY_FROM_JOB;
}
else if ((info.BasicLimitInformation.LimitFlags &
JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK))
{
/* The child process should automatically detach from the job. */
if (jobdebug)
log_debug ("Not using CREATE_BREAKAWAY_FROM_JOB flag; "
"JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK is set\n");
}
else
{
/* It seems that the child process must remain in the job.
* This is not necessarily an error, although it can cause premature
* termination of the child process when the job is closed. */
if (jobdebug)
log_debug ("Not using CREATE_BREAKAWAY_FROM_JOB flag\n");
}
}
else
{
if (jobdebug)
log_debug ("Process is not in a Job\n");
}
/* log_debug ("CreateProcess(detached), path='%s' cmdline='%s'\n", */
/* pgmname, cmdline); */
/* Take care: CreateProcessW may modify wpgmname */
if (!(wpgmname = utf8_to_wchar (pgmname)))
rc = 0;
else if (!(wcmdline = utf8_to_wchar (cmdline)))
rc = 0;
else
rc = CreateProcessW (wpgmname, /* Program to start. */
wcmdline, /* Command line arguments. */
&sec_attr, /* Process security attributes. */
&sec_attr, /* Thread security attributes. */
FALSE, /* Inherit handles. */
cr_flags, /* Creation flags. */
NULL, /* Environment. */
NULL, /* Use current drive/directory. */
&si, /* Startup information. */
&pi /* Returns process information. */
);
if (!rc)
{
if (!wpgmname || !wcmdline)
log_error ("CreateProcess failed (utf8_to_wchar): %s\n",
strerror (errno));
else
log_error ("CreateProcess(detached) failed: %s\n", w32_strerror (-1));
xfree (wpgmname);
xfree (wcmdline);
xfree (cmdline);
return my_error (GPG_ERR_GENERAL);
}
xfree (wpgmname);
xfree (wcmdline);
xfree (cmdline);
cmdline = NULL;
/* log_debug ("CreateProcess(detached) ready: hProcess=%p hThread=%p" */
/* " dwProcessID=%d dwThreadId=%d\n", */
/* pi.hProcess, pi.hThread, */
/* (int) pi.dwProcessId, (int) pi.dwThreadId); */
CloseHandle (pi.hThread);
CloseHandle (pi.hProcess);
return 0;
}
/* Kill a process; that is send an appropriate signal to the process.
gnupg_wait_process must be called to actually remove the process
from the system. An invalid PID is ignored. */
void
gnupg_kill_process (pid_t pid)
{
if (pid != (pid_t) INVALID_HANDLE_VALUE)
{
HANDLE process = (HANDLE) pid;
/* Arbitrary error code. */
TerminateProcess (process, 1);
}
}
diff --git a/common/exechelp.h b/common/exechelp.h
index 735ea4728..3343fe598 100644
--- a/common/exechelp.h
+++ b/common/exechelp.h
@@ -1,212 +1,212 @@
/* exechelp.h - Definitions for the fork and exec helpers
* Copyright (C) 2004, 2009, 2010 Free Software Foundation, Inc.
* Copyright (C) 2004, 2006-2012, 2014-2017 g10 Code GmbH
*
* This file is part of GnuPG.
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: (LGPL-3.0+ OR GPL-2.0+)
*/
#ifndef GNUPG_COMMON_EXECHELP_H
#define GNUPG_COMMON_EXECHELP_H
/* Return the maximum number of currently allowed file descriptors.
Only useful on POSIX systems. */
int get_max_fds (void);
/* Close all file descriptors starting with descriptor FIRST. If
EXCEPT is not NULL, it is expected to be a list of file descriptors
which are not to close. This list shall be sorted in ascending
order with its end marked by -1. */
void close_all_fds (int first, int *except);
/* Returns an array with all currently open file descriptors. The end
of the array is marked by -1. The caller needs to release this
array using the *standard free* and not with xfree. This allow the
use of this function right at startup even before libgcrypt has
been initialized. Returns NULL on error and sets ERRNO accordingly. */
int *get_all_open_fds (void);
/* Portable function to create a pipe. Under Windows the write end is
inheritable. If R_FP is not NULL, an estream is created for the
write end and stored at R_FP. */
gpg_error_t gnupg_create_inbound_pipe (int filedes[2],
estream_t *r_fp, int nonblock);
/* Portable function to create a pipe. Under Windows the read end is
inheritable. If R_FP is not NULL, an estream is created for the
write end and stored at R_FP. */
gpg_error_t gnupg_create_outbound_pipe (int filedes[2],
estream_t *r_fp, int nonblock);
/* Portable function to create a pipe. Under Windows both ends are
inheritable. */
gpg_error_t gnupg_create_pipe (int filedes[2]);
/* Close the end of a pipe. */
void gnupg_close_pipe (int fd);
#define GNUPG_SPAWN_NONBLOCK 16
#define GNUPG_SPAWN_RUN_ASFW 64
#define GNUPG_SPAWN_DETACHED 128
#define GNUPG_SPAWN_KEEP_STDIN 256
#define GNUPG_SPAWN_KEEP_STDOUT 512
#define GNUPG_SPAWN_KEEP_STDERR 1024
/* Fork and exec the program PGMNAME.
If R_INFP is NULL connect stdin of the new process to /dev/null; if
it is not NULL store the address of a pointer to a new estream
there. If R_OUTFP is NULL connect stdout of the new process to
/dev/null; if it is not NULL store the address of a pointer to a
new estream there. If R_ERRFP is NULL connect stderr of the new
process to /dev/null; if it is not NULL store the address of a
pointer to a new estream there. On success the pid of the new
process is stored at PID. On error -1 is stored at PID and if
R_OUTFP or R_ERRFP are not NULL, NULL is stored there.
The arguments for the process are expected in the NULL terminated
array ARGV. The program name itself should not be included there.
If PREEXEC is not NULL, the given function will be called right
before the exec.
IF EXCEPT is not NULL, it is expected to be an ordered list of file
descriptors, terminated by an entry with the value (-1). These
file descriptors won't be closed before spawning a new program.
Returns 0 on success or an error code. Calling gnupg_wait_process
and gnupg_release_process is required if the function succeeded.
FLAGS is a bit vector:
GNUPG_SPAWN_NONBLOCK
If set the two output streams are created in non-blocking
mode and the input stream is switched to non-blocking mode.
This is merely a convenience feature because the caller
could do the same with gpgrt_set_nonblock. Does not yet
work for Windows.
GNUPG_SPAWN_DETACHED
If set the process will be started as a background process.
This flag is only useful under W32 (but not W32CE) systems,
so that no new console is created and pops up a console
window when starting the server. Does not work on W32CE.
GNUPG_SPAWN_RUN_ASFW
On W32 (but not on W32CE) run AllowSetForegroundWindow for
the child. Note that due to unknown problems this actually
allows SetForegroundWindow for all children of this process.
GNUPG_SPAWN_KEEP_STDIN
GNUPG_SPAWN_KEEP_STDOUT
GNUPG_SPAWN_KEEP_STDERR
Do not assign /dev/null to a non-required standard file
descriptor.
*/
gpg_error_t
gnupg_spawn_process (const char *pgmname, const char *argv[],
- int *execpt, void (*preexec)(void), unsigned int flags,
+ int *execpt, unsigned int flags,
estream_t *r_infp,
estream_t *r_outfp,
estream_t *r_errfp,
pid_t *pid);
/* Simplified version of gnupg_spawn_process. This function forks and
then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
and ERRFD to stderr (any of them may be -1 to connect them to
/dev/null). The arguments for the process are expected in the NULL
terminated array ARGV. The program name itself should not be
included there. Calling gnupg_wait_process and
gnupg_release_process is required. Returns 0 on success or an
error code. */
gpg_error_t gnupg_spawn_process_fd (const char *pgmname,
const char *argv[],
int infd, int outfd, int errfd,
pid_t *pid);
/* If HANG is true, waits for the process identified by PID to exit;
if HANG is false, checks whether the process has terminated.
PGMNAME should be the same as supplied to the spawn function and is
only used for diagnostics. Return values:
0
The process exited successful. 0 is stored at R_EXITCODE.
GPG_ERR_GENERAL
The process exited without success. The exit code of process
is then stored at R_EXITCODE. An exit code of -1 indicates
that the process terminated abnormally (e.g. due to a signal).
GPG_ERR_TIMEOUT
The process is still running (returned only if HANG is false).
GPG_ERR_INV_VALUE
An invalid PID has been specified.
Other error codes may be returned as well. Unless otherwise noted,
-1 will be stored at R_EXITCODE. R_EXITCODE may be passed as NULL
if the exit code is not required (in that case an error message will
be printed). Note that under Windows PID is not the process id but
the handle of the process. */
gpg_error_t gnupg_wait_process (const char *pgmname, pid_t pid, int hang,
int *r_exitcode);
/* Like gnupg_wait_process, but for COUNT processes. */
gpg_error_t gnupg_wait_processes (const char **pgmnames, pid_t *pids,
size_t count, int hang, int *r_exitcodes);
/* Kill a process; that is send an appropriate signal to the process.
gnupg_wait_process must be called to actually remove the process
from the system. An invalid PID is ignored. */
void gnupg_kill_process (pid_t pid);
/* Release the process identified by PID. This function is actually
only required for Windows but it does not harm to always call it.
It is a nop if PID is invalid. */
void gnupg_release_process (pid_t pid);
/* Spawn a new process and immediately detach from it. The name of
the program to exec is PGMNAME and its arguments are in ARGV (the
programname is automatically passed as first argument).
Environment strings in ENVP are set. An error is returned if
pgmname is not executable; to make this work it is necessary to
provide an absolute file name. */
gpg_error_t gnupg_spawn_process_detached (const char *pgmname,
const char *argv[],
const char *envp[] );
#endif /*GNUPG_COMMON_EXECHELP_H*/
diff --git a/common/exectool.c b/common/exectool.c
index 8013ba1cc..aaf5898d0 100644
--- a/common/exectool.c
+++ b/common/exectool.c
@@ -1,661 +1,661 @@
/* exectool.c - Utility functions to execute a helper tool
* Copyright (C) 2015 Werner Koch
* Copyright (C) 2016 g10 Code GmbH
*
* This file is part of GnuPG.
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at
* your option) any later version.
*
* or
*
* - the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* or both in parallel, as here.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "i18n.h"
#include "logging.h"
#include "membuf.h"
#include "mischelp.h"
#include "exechelp.h"
#include "sysutils.h"
#include "util.h"
#include "exectool.h"
typedef struct
{
const char *pgmname;
exec_tool_status_cb_t status_cb;
void *status_cb_value;
int cont;
int quiet;
size_t used;
size_t buffer_size;
char *buffer;
} read_and_log_buffer_t;
static inline gpg_error_t
my_error_from_syserror (void)
{
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
static void
read_and_log_stderr (read_and_log_buffer_t *state, es_poll_t *fderr)
{
gpg_error_t err;
int c;
if (!fderr)
{
/* Flush internal buffer. */
if (state->used)
{
const char *pname;
int len;
state->buffer[state->used] = 0;
state->used = 0;
pname = strrchr (state->pgmname, '/');
if (pname && pname != state->pgmname && pname[1])
pname++;
else
pname = state->pgmname;
len = strlen (pname);
if (state->status_cb
&& !strncmp (state->buffer, "[GNUPG:] ", 9)
&& state->buffer[9] >= 'A' && state->buffer[9] <= 'Z')
{
char *rest;
rest = strchr (state->buffer + 9, ' ');
if (!rest)
{
/* Set REST to an empty string. */
rest = state->buffer + strlen (state->buffer);
}
else
{
*rest++ = 0;
trim_spaces (rest);
}
state->status_cb (state->status_cb_value,
state->buffer + 9, rest);
}
else if (state->quiet)
;
else if (!state->cont
&& !strncmp (state->buffer, pname, len)
&& strlen (state->buffer) > strlen (pname)
&& state->buffer[len] == ':' )
{
/* PGMNAME plus colon is identical to the start of
the output: print only the output. */
log_info ("%s\n", state->buffer);
}
else
log_info ("%s%c %s\n",
pname, state->cont? '+':':', state->buffer);
}
state->cont = 0;
return;
}
for (;;)
{
c = es_fgetc (fderr->stream);
if (c == EOF)
{
if (es_feof (fderr->stream))
{
fderr->ignore = 1; /* Not anymore needed. */
}
else if (es_ferror (fderr->stream))
{
err = my_error_from_syserror ();
log_error ("error reading stderr of '%s': %s\n",
state->pgmname, gpg_strerror (err));
fderr->ignore = 1; /* Disable. */
}
break;
}
else if (c == '\n')
{
read_and_log_stderr (state, NULL);
}
else
{
if (state->used >= state->buffer_size - 1)
{
if (state->status_cb)
{
/* A status callback requires that we have a full
* line. Thus we need to enlarget the buffer in
* this case. */
char *newbuffer;
size_t newsize = state->buffer_size + 256;
newbuffer = xtrymalloc (newsize);
if (!newbuffer)
{
log_error ("error allocating memory for status cb: %s\n",
gpg_strerror (my_error_from_syserror ()));
/* We better disable the status CB in this case. */
state->status_cb = NULL;
read_and_log_stderr (state, NULL);
state->cont = 1;
}
else
{
memcpy (newbuffer, state->buffer, state->used);
xfree (state->buffer);
state->buffer = newbuffer;
state->buffer_size = newsize;
}
}
else
{
read_and_log_stderr (state, NULL);
state->cont = 1;
}
}
state->buffer[state->used++] = c;
}
}
}
/* A buffer to copy from one stream to another. */
struct copy_buffer
{
char buffer[4096];
char *writep;
size_t nread;
};
/* Initialize a copy buffer. */
static void
copy_buffer_init (struct copy_buffer *c)
{
c->writep = c->buffer;
c->nread = 0;
}
/* Securely wipe a copy buffer. */
static void
copy_buffer_shred (struct copy_buffer *c)
{
if (c == NULL)
return;
wipememory (c->buffer, sizeof c->buffer);
c->writep = NULL;
c->nread = ~0U;
}
/* Copy data from SOURCE to SINK using copy buffer C. */
static gpg_error_t
copy_buffer_do_copy (struct copy_buffer *c, estream_t source, estream_t sink)
{
gpg_error_t err;
size_t nwritten = 0;
if (c->nread == 0)
{
c->writep = c->buffer;
if (es_read (source, c->buffer, sizeof c->buffer, &c->nread))
{
err = my_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_EAGAIN)
return 0; /* We will just retry next time. */
return err;
}
log_assert (c->nread <= sizeof c->buffer);
}
if (c->nread == 0)
return 0; /* Done copying. */
nwritten = 0;
if (sink && es_write (sink, c->writep, c->nread, &nwritten))
err = my_error_from_syserror ();
else
err = 0;
log_assert (nwritten <= c->nread);
c->writep += nwritten;
c->nread -= nwritten;
log_assert (c->writep - c->buffer <= sizeof c->buffer);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_EAGAIN)
return 0; /* We will just retry next time. */
return err;
}
if (sink && es_fflush (sink) && errno != EAGAIN)
err = my_error_from_syserror ();
return err;
}
/* Flush the remaining data to SINK. */
static gpg_error_t
copy_buffer_flush (struct copy_buffer *c, estream_t sink)
{
gpg_error_t err = 0;
size_t nwritten = 0;
if (es_write (sink, c->writep, c->nread, &nwritten))
err = my_error_from_syserror ();
log_assert (nwritten <= c->nread);
c->writep += nwritten;
c->nread -= nwritten;
log_assert (c->writep - c->buffer <= sizeof c->buffer);
if (err)
return err;
if (es_fflush (sink))
err = my_error_from_syserror ();
return err;
}
/* Run the program PGMNAME with the command line arguments given in
* the NULL terminates array ARGV. If INPUT is not NULL it will be
* fed to stdin of the process. stderr is logged using log_info and
* the process's stdout is written to OUTPUT. If OUTPUT is NULL the
* output is discarded. If INEXTRA is given, an additional input
* stream will be passed to the child; to tell the child about this
* ARGV is scanned and the first occurrence of an argument
* "-&@INEXTRA@" is replaced by the concatenation of "-&" and the
* child's file descriptor of the pipe created for the INEXTRA stream.
*
* On error a diagnostic is printed and an error code returned. */
gpg_error_t
gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
estream_t input, estream_t inextra,
estream_t output,
exec_tool_status_cb_t status_cb,
void *status_cb_value)
{
gpg_error_t err;
pid_t pid = (pid_t) -1;
estream_t infp = NULL;
estream_t extrafp = NULL;
estream_t outfp = NULL, errfp = NULL;
es_poll_t fds[4];
int exceptclose[2];
int extrapipe[2] = {-1, -1};
char extrafdbuf[20];
const char *argsave = NULL;
int argsaveidx;
int count;
read_and_log_buffer_t fderrstate;
struct copy_buffer *cpbuf_in = NULL, *cpbuf_out = NULL, *cpbuf_extra = NULL;
int quiet = 0;
int dummy_exitcode;
memset (fds, 0, sizeof fds);
memset (&fderrstate, 0, sizeof fderrstate);
/* If the first argument to the program is "--quiet" avoid all extra
* diagnostics. */
quiet = (argv && argv[0] && !strcmp (argv[0], "--quiet"));
cpbuf_in = xtrymalloc (sizeof *cpbuf_in);
if (cpbuf_in == NULL)
{
err = my_error_from_syserror ();
goto leave;
}
copy_buffer_init (cpbuf_in);
cpbuf_out = xtrymalloc (sizeof *cpbuf_out);
if (cpbuf_out == NULL)
{
err = my_error_from_syserror ();
goto leave;
}
copy_buffer_init (cpbuf_out);
cpbuf_extra = xtrymalloc (sizeof *cpbuf_extra);
if (cpbuf_extra == NULL)
{
err = my_error_from_syserror ();
goto leave;
}
copy_buffer_init (cpbuf_extra);
fderrstate.pgmname = pgmname;
fderrstate.quiet = quiet;
fderrstate.status_cb = status_cb;
fderrstate.status_cb_value = status_cb_value;
fderrstate.buffer_size = 256;
fderrstate.buffer = xtrymalloc (fderrstate.buffer_size);
if (!fderrstate.buffer)
{
err = my_error_from_syserror ();
goto leave;
}
if (inextra)
{
err = gnupg_create_outbound_pipe (extrapipe, &extrafp, 1);
if (err)
{
log_error ("error creating outbound pipe for extra fp: %s\n",
gpg_strerror (err));
goto leave;
}
exceptclose[0] = extrapipe[0]; /* Do not close in child. */
exceptclose[1] = -1;
/* Now find the argument marker and replace by the pipe's fd.
Yeah, that is an ugly non-thread safe hack but it safes us to
create a copy of the array. */
#ifdef HAVE_W32_SYSTEM
snprintf (extrafdbuf, sizeof extrafdbuf, "-&%lu",
(unsigned long)_get_osfhandle (extrapipe[0]));
#else
snprintf (extrafdbuf, sizeof extrafdbuf, "-&%d", extrapipe[0]);
#endif
for (argsaveidx=0; argv[argsaveidx]; argsaveidx++)
if (!strcmp (argv[argsaveidx], "-&@INEXTRA@"))
{
argsave = argv[argsaveidx];
argv[argsaveidx] = extrafdbuf;
break;
}
}
else
exceptclose[0] = -1;
err = gnupg_spawn_process (pgmname, argv,
- exceptclose, NULL, GNUPG_SPAWN_NONBLOCK,
+ exceptclose, GNUPG_SPAWN_NONBLOCK,
input? &infp : NULL,
&outfp, &errfp, &pid);
if (extrapipe[0] != -1)
close (extrapipe[0]);
if (argsave)
argv[argsaveidx] = argsave;
if (err)
{
if (!quiet)
log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err));
goto leave;
}
fds[0].stream = infp;
fds[0].want_write = 1;
if (!input)
fds[0].ignore = 1;
fds[1].stream = outfp;
fds[1].want_read = 1;
fds[2].stream = errfp;
fds[2].want_read = 1;
fds[3].stream = extrafp;
fds[3].want_write = 1;
if (!inextra)
fds[3].ignore = 1;
/* Now read as long as we have something to poll. We continue
reading even after EOF or error on stdout so that we get the
other error messages or remaining output. */
while (! (fds[1].ignore && fds[2].ignore))
{
count = es_poll (fds, DIM(fds), -1);
if (count == -1)
{
err = my_error_from_syserror ();
log_error ("error polling '%s': %s\n", pgmname, gpg_strerror (err));
goto leave;
}
if (!count)
{
log_debug ("unexpected timeout while polling '%s'\n", pgmname);
break;
}
if (fds[0].got_write)
{
err = copy_buffer_do_copy (cpbuf_in, input, fds[0].stream);
if (err)
{
log_error ("error feeding data to '%s': %s\n",
pgmname, gpg_strerror (err));
goto leave;
}
if (es_feof (input))
{
err = copy_buffer_flush (cpbuf_in, fds[0].stream);
if (gpg_err_code (err) == GPG_ERR_EAGAIN)
continue; /* Retry next time. */
if (err)
{
log_error ("error feeding data to '%s': %s\n",
pgmname, gpg_strerror (err));
goto leave;
}
fds[0].ignore = 1; /* ready. */
es_fclose (infp); infp = NULL;
}
}
if (fds[3].got_write)
{
log_assert (inextra);
err = copy_buffer_do_copy (cpbuf_extra, inextra, fds[3].stream);
if (err)
{
log_error ("error feeding data to '%s': %s\n",
pgmname, gpg_strerror (err));
goto leave;
}
if (es_feof (inextra))
{
err = copy_buffer_flush (cpbuf_extra, fds[3].stream);
if (gpg_err_code (err) == GPG_ERR_EAGAIN)
continue; /* Retry next time. */
if (err)
{
log_error ("error feeding data to '%s': %s\n",
pgmname, gpg_strerror (err));
goto leave;
}
fds[3].ignore = 1; /* ready. */
es_fclose (extrafp); extrafp = NULL;
}
}
if (fds[1].got_read)
{
err = copy_buffer_do_copy (cpbuf_out, fds[1].stream, output);
if (err)
{
log_error ("error reading data from '%s': %s\n",
pgmname, gpg_strerror (err));
goto leave;
}
if (es_feof (fds[1].stream))
{
err = copy_buffer_flush (cpbuf_out, output);
if (err)
{
log_error ("error reading data from '%s': %s\n",
pgmname, gpg_strerror (err));
goto leave;
}
fds[1].ignore = 1; /* ready. */
}
}
if (fds[2].got_read)
read_and_log_stderr (&fderrstate, fds + 2);
}
read_and_log_stderr (&fderrstate, NULL); /* Flush. */
es_fclose (infp); infp = NULL;
es_fclose (extrafp); extrafp = NULL;
es_fclose (outfp); outfp = NULL;
es_fclose (errfp); errfp = NULL;
err = gnupg_wait_process (pgmname, pid, 1, quiet? &dummy_exitcode : NULL);
pid = (pid_t)(-1);
leave:
if (err && pid != (pid_t) -1)
gnupg_kill_process (pid);
es_fclose (infp);
es_fclose (extrafp);
es_fclose (outfp);
es_fclose (errfp);
if (pid != (pid_t)(-1))
gnupg_wait_process (pgmname, pid, 1, quiet? &dummy_exitcode : NULL);
gnupg_release_process (pid);
copy_buffer_shred (cpbuf_in);
xfree (cpbuf_in);
copy_buffer_shred (cpbuf_out);
xfree (cpbuf_out);
copy_buffer_shred (cpbuf_extra);
xfree (cpbuf_extra);
xfree (fderrstate.buffer);
return err;
}
/* A dummy free function to pass to 'es_mopen'. */
static void
nop_free (void *ptr)
{
(void) ptr;
}
/* Run the program PGMNAME with the command line arguments given in
the NULL terminates array ARGV. If INPUT_STRING is not NULL it
will be fed to stdin of the process. stderr is logged using
log_info and the process's stdout is returned in a newly malloced
buffer RESULT with the length stored at RESULTLEN if not given as
NULL. A hidden Nul is appended to the output. On error NULL is
stored at RESULT, a diagnostic is printed, and an error code
returned. */
gpg_error_t
gnupg_exec_tool (const char *pgmname, const char *argv[],
const char *input_string,
char **result, size_t *resultlen)
{
gpg_error_t err;
estream_t input = NULL;
estream_t output;
size_t len;
size_t nread;
*result = NULL;
if (resultlen)
*resultlen = 0;
if (input_string)
{
len = strlen (input_string);
input = es_mopen ((char *) input_string, len, len,
0 /* don't grow */, NULL, nop_free, "rb");
if (! input)
return my_error_from_syserror ();
}
output = es_fopenmem (0, "wb");
if (! output)
{
err = my_error_from_syserror ();
goto leave;
}
err = gnupg_exec_tool_stream (pgmname, argv, input, NULL, output, NULL, NULL);
if (err)
goto leave;
len = es_ftello (output);
err = es_fseek (output, 0, SEEK_SET);
if (err)
goto leave;
*result = xtrymalloc (len + 1);
if (!*result)
{
err = my_error_from_syserror ();
goto leave;
}
if (len)
{
if (es_read (output, *result, len, &nread))
{
err = my_error_from_syserror ();
goto leave;
}
if (nread != len)
log_fatal ("%s: short read from memstream\n", __func__);
}
(*result)[len] = 0;
if (resultlen)
*resultlen = len;
leave:
es_fclose (input);
es_fclose (output);
if (err)
{
xfree (*result);
*result = NULL;
}
return err;
}
diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c
index ac29de973..23d514cf9 100644
--- a/dirmngr/ldap-wrapper.c
+++ b/dirmngr/ldap-wrapper.c
@@ -1,936 +1,936 @@
/* ldap-wrapper.c - LDAP access via a wrapper process
* Copyright (C) 2004, 2005, 2007, 2008, 2018 g10 Code GmbH
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
/*
* We can't use LDAP directly for these reasons:
*
* 1. The LDAP library is linked to separate crypto library like
* OpenSSL and even if it is linked to the library we use in dirmngr
* (ntbtls or gnutls) it is sometimes a different version of that
* library with all the surprising failures you may get due to this.
*
* 2. It is huge library in particular if TLS comes into play. So
* problems with unfreed memory might turn up and we don't want
* this in a long running daemon.
*
* 3. There is no easy way for timeouts. In particular the timeout
* value does not work for DNS lookups (well, this is usual) and it
* seems not to work while loading a large attribute like a
* CRL. Having a separate process allows us to either tell the
* process to commit suicide or have our own housekepping function
* kill it after some time. The latter also allows proper
* cancellation of a query at any point of time.
*
* 4. Given that we are going out to the network and usually get back
* a long response, the fork/exec overhead is acceptable.
*
* Note that under WindowsCE the number of processes is strongly
* limited (32 processes including the kernel processes) and thus we
* don't use the process approach but implement a different wrapper in
* ldap-wrapper-ce.c.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "dirmngr.h"
#include "../common/exechelp.h"
#include "misc.h"
#include "ldap-wrapper.h"
#ifdef HAVE_W32_SYSTEM
#define setenv(a,b,c) SetEnvironmentVariable ((a),(b))
#else
#define pth_close(fd) close(fd)
#endif
/* In case sysconf does not return a value we need to have a limit. */
#ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX
#else
#define MAX_OPEN_FDS 20
#endif
#define INACTIVITY_TIMEOUT (opt.ldaptimeout + 60*5) /* seconds */
#define TIMERTICK_INTERVAL 2
/* To keep track of the LDAP wrapper state we use this structure. */
struct wrapper_context_s
{
struct wrapper_context_s *next;
pid_t pid; /* The pid of the wrapper process. */
int printable_pid; /* Helper to print diagnostics after the process has
* been cleaned up. */
estream_t fp; /* Connected with stdout of the ldap wrapper. */
gpg_error_t fp_err; /* Set to the gpg_error of the last read error
* if any. */
estream_t log_fp; /* Connected with stderr of the ldap wrapper. */
ctrl_t ctrl; /* Connection data. */
int ready; /* Internally used to mark to be removed contexts. */
ksba_reader_t reader;/* The ksba reader object or NULL. */
char *line; /* Used to print the log lines (malloced). */
size_t linesize; /* Allocated size of LINE. */
size_t linelen; /* Use size of LINE. */
time_t stamp; /* The last time we noticed ativity. */
int reaper_idx; /* Private to ldap_wrapper_thread. */
};
/* We keep a global list of spawned wrapper process. A separate
* thread makes use of this list to log error messages and to watch
* out for finished processes. Access to list is protected by a
* mutex. The condition variable is used to wakeup the reaper
* thread. */
static struct wrapper_context_s *reaper_list;
static npth_mutex_t reaper_list_mutex = NPTH_MUTEX_INITIALIZER;
static npth_cond_t reaper_run_cond = NPTH_COND_INITIALIZER;
/* We need to know whether we are shutting down the process. */
static int shutting_down;
/* Close the estream fp and set it to NULL. */
#define SAFE_CLOSE(fp) \
do { estream_t _fp = fp; es_fclose (_fp); fp = NULL; } while (0)
static void
lock_reaper_list (void)
{
if (npth_mutex_lock (&reaper_list_mutex))
log_fatal ("%s: failed to acquire mutex: %s\n", __func__,
gpg_strerror (gpg_error_from_syserror ()));
}
static void
unlock_reaper_list (void)
{
if (npth_mutex_unlock (&reaper_list_mutex))
log_fatal ("%s: failed to release mutex: %s\n", __func__,
gpg_strerror (gpg_error_from_syserror ()));
}
/* Read a fixed amount of data from READER into BUFFER. */
static gpg_error_t
read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
{
gpg_error_t err;
size_t nread;
while (count)
{
err = ksba_reader_read (reader, buffer, count, &nread);
if (err)
return err;
buffer += nread;
count -= nread;
}
return 0;
}
/* Release the wrapper context and kill a running wrapper process. */
static void
destroy_wrapper (struct wrapper_context_s *ctx)
{
if (ctx->pid != (pid_t)(-1))
{
gnupg_kill_process (ctx->pid);
gnupg_release_process (ctx->pid);
}
ksba_reader_release (ctx->reader);
SAFE_CLOSE (ctx->fp);
SAFE_CLOSE (ctx->log_fp);
xfree (ctx->line);
xfree (ctx);
}
/* Print the content of LINE to the log stream but make sure to only
print complete lines. Using NULL for LINE will flush any pending
output. LINE may be modified by this function. */
static void
print_log_line (struct wrapper_context_s *ctx, char *line)
{
char *s;
size_t n;
if (!line)
{
if (ctx->line && ctx->linelen)
{
log_info ("%s\n", ctx->line);
ctx->linelen = 0;
}
return;
}
while ((s = strchr (line, '\n')))
{
*s = 0;
if (ctx->line && ctx->linelen)
{
log_info ("%s", ctx->line);
ctx->linelen = 0;
log_printf ("%s\n", line);
}
else
log_info ("%s\n", line);
line = s + 1;
}
n = strlen (line);
if (n)
{
if (ctx->linelen + n + 1 >= ctx->linesize)
{
char *tmp;
size_t newsize;
newsize = ctx->linesize + ((n + 255) & ~255) + 1;
tmp = (ctx->line ? xtryrealloc (ctx->line, newsize)
: xtrymalloc (newsize));
if (!tmp)
{
log_error (_("error printing log line: %s\n"), strerror (errno));
return;
}
ctx->line = tmp;
ctx->linesize = newsize;
}
memcpy (ctx->line + ctx->linelen, line, n);
ctx->linelen += n;
ctx->line[ctx->linelen] = 0;
}
}
/* Read data from the log stream. Returns true if the log stream
* indicated EOF or error. */
static int
read_log_data (struct wrapper_context_s *ctx)
{
int rc;
size_t n;
char line[256];
rc = es_read (ctx->log_fp, line, sizeof line - 1, &n);
if (rc || !n) /* Error or EOF. */
{
if (rc)
{
gpg_error_t err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_EAGAIN)
return 0;
log_error (_("error reading log from ldap wrapper %d: %s\n"),
(int)ctx->pid, gpg_strerror (err));
}
print_log_line (ctx, NULL); /* Flush. */
SAFE_CLOSE (ctx->log_fp);
return 1;
}
line[n] = 0;
print_log_line (ctx, line);
if (ctx->stamp != (time_t)(-1))
ctx->stamp = time (NULL);
return 0;
}
/* This function is run by a separate thread to maintain the list of
wrappers and to log error messages from these wrappers. */
void *
ldap_reaper_thread (void *dummy)
{
gpg_error_t err;
struct wrapper_context_s *ctx;
struct wrapper_context_s *ctx_prev;
struct timespec abstime;
struct timespec curtime;
struct timespec timeout;
int millisecs;
gpgrt_poll_t *fparray = NULL;
int fparraysize = 0;
int count, i;
int ret;
time_t exptime;
(void)dummy;
npth_clock_gettime (&abstime);
abstime.tv_sec += TIMERTICK_INTERVAL;
for (;;)
{
int any_action = 0;
/* Wait until we are needed and then setup the FPARRAY. */
/* Note: There is one unlock inside the block! */
lock_reaper_list ();
{
while (!reaper_list && !shutting_down)
{
if (npth_cond_wait (&reaper_run_cond, &reaper_list_mutex))
log_error ("ldap-reaper: waiting on condition failed: %s\n",
gpg_strerror (gpg_error_from_syserror ()));
}
for (count = 0, ctx = reaper_list; ctx; ctx = ctx->next)
if (ctx->log_fp)
count++;
if (count > fparraysize || !fparray)
{
/* Need to realloc the array. We simply discard it and
* replace it by a new one. */
xfree (fparray);
fparray = xtrycalloc (count? count : 1, sizeof *fparray);
if (!fparray)
{
err = gpg_error_from_syserror ();
log_error ("ldap-reaper can't allocate poll array: %s"
" - waiting 1s\n", gpg_strerror (err));
/* Note: Here we unlock and continue! */
unlock_reaper_list ();
gnupg_sleep (1);
continue;
}
fparraysize = count;
}
for (count = 0, ctx = reaper_list; ctx; ctx = ctx->next)
{
if (ctx->log_fp)
{
log_assert (count < fparraysize);
fparray[count].stream = ctx->log_fp;
fparray[count].want_read = 1;
fparray[count].ignore = 0;
ctx->reaper_idx = count;
count++;
}
else
{
ctx->reaper_idx = -1;
fparray[count].ignore = 1;
}
}
for (i=count; i < fparraysize; i++)
fparray[i].ignore = 1;
}
unlock_reaper_list (); /* Note the one unlock inside the block. */
/* Compute the next timeout. */
npth_clock_gettime (&curtime);
if (!(npth_timercmp (&curtime, &abstime, <)))
{
/* Inactivity is checked below. Nothing else to do. */
npth_clock_gettime (&abstime);
abstime.tv_sec += TIMERTICK_INTERVAL;
}
npth_timersub (&abstime, &curtime, &timeout);
millisecs = timeout.tv_sec * 1000;
millisecs += timeout.tv_nsec / 1000000;
if (millisecs < 0)
millisecs = 1;
if (DBG_EXTPROG)
{
log_debug ("ldap-reaper: next run (count=%d size=%d timeout=%d)\n",
count, fparraysize, millisecs);
for (count=0; count < fparraysize; count++)
if (!fparray[count].ignore)
log_debug ("ldap-reaper: fp[%d] stream=%p %s\n",
count, fparray[count].stream,
fparray[count].want_read? "want_read":"");
}
ret = es_poll (fparray, fparraysize, millisecs);
if (ret < 0)
{
err = gpg_error_from_syserror ();
log_error ("ldap-reaper failed to poll: %s"
" - waiting 1s\n", gpg_strerror (err));
/* In case the reason for the error is a too large array, we
* release it so that it will be allocated smaller in the
* next round. */
xfree (fparray);
fparray = NULL;
fparraysize = 0;
gnupg_sleep (1);
continue;
}
if (DBG_EXTPROG)
{
for (count=0; count < fparraysize; count++)
if (!fparray[count].ignore)
log_debug ("ldap-reaper: fp[%d] stream=%p rc=%d %c%c%c%c%c%c%c\n",
count, fparray[count].stream, ret,
fparray[count].got_read? 'r':'-',
fparray[count].got_write?'w':'-',
fparray[count].got_oob? 'o':'-',
fparray[count].got_rdhup?'H':'-',
fparray[count].got_err? 'e':'-',
fparray[count].got_hup? 'h':'-',
fparray[count].got_nval? 'n':'-');
}
/* All timestamps before exptime should be considered expired. */
exptime = time (NULL);
if (exptime > INACTIVITY_TIMEOUT)
exptime -= INACTIVITY_TIMEOUT;
lock_reaper_list ();
{
for (ctx = reaper_list; ctx; ctx = ctx->next)
{
/* Check whether there is any logging to be done. We need
* to check FPARRAYSIZE because it can be 0 in case
* es_poll returned a timeout. */
if (fparraysize && ctx->log_fp && ctx->reaper_idx >= 0)
{
log_assert (ctx->reaper_idx < fparraysize);
if (fparray[ctx->reaper_idx].got_read)
{
if (read_log_data (ctx))
{
SAFE_CLOSE (ctx->log_fp);
any_action = 1;
}
}
}
/* Check whether the process is still running. */
if (ctx->pid != (pid_t)(-1))
{
int status;
err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
&status);
if (!err)
{
if (DBG_EXTPROG)
log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
ctx->ready = 1;
gnupg_release_process (ctx->pid);
ctx->pid = (pid_t)(-1);
any_action = 1;
}
else if (gpg_err_code (err) == GPG_ERR_GENERAL)
{
if (status == 10)
log_info (_("ldap wrapper %d ready: timeout\n"),
(int)ctx->pid);
else
log_info (_("ldap wrapper %d ready: exitcode=%d\n"),
(int)ctx->pid, status);
ctx->ready = 1;
gnupg_release_process (ctx->pid);
ctx->pid = (pid_t)(-1);
any_action = 1;
}
else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
{
log_error (_("waiting for ldap wrapper %d failed: %s\n"),
(int)ctx->pid, gpg_strerror (err));
any_action = 1;
}
}
/* Check whether we should terminate the process. */
if (ctx->pid != (pid_t)(-1)
&& ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
{
gnupg_kill_process (ctx->pid);
ctx->stamp = (time_t)(-1);
log_info (_("ldap wrapper %d stalled - killing\n"),
(int)ctx->pid);
/* We need to close the log stream because the cleanup
* loop waits for it. */
SAFE_CLOSE (ctx->log_fp);
any_action = 1;
}
}
/* If something has been printed to the log file or we got an
* EOF from a wrapper, we now print the list of active
* wrappers. */
if (any_action && DBG_EXTPROG)
{
log_debug ("ldap worker states:\n");
for (ctx = reaper_list; ctx; ctx = ctx->next)
log_debug (" c=%p pid=%d/%d rdr=%p logfp=%p"
" ctrl=%p/%d la=%lu rdy=%d\n",
ctx,
(int)ctx->pid, (int)ctx->printable_pid,
ctx->reader, ctx->log_fp,
ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
(unsigned long)ctx->stamp, ctx->ready);
}
/* An extra loop to check whether ready marked wrappers may be
* removed. We may only do so if the ksba reader object is
* not anymore in use or we are in shutdown state. */
again:
for (ctx_prev=NULL, ctx=reaper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
{
if (ctx->ready
&& ((!ctx->log_fp && !ctx->reader) || shutting_down))
{
if (ctx_prev)
ctx_prev->next = ctx->next;
else
reaper_list = ctx->next;
destroy_wrapper (ctx);
goto again;
}
}
}
unlock_reaper_list ();
}
/*NOTREACHED*/
return NULL; /* Make the compiler happy. */
}
/* Start the reaper thread for the ldap wrapper. */
void
ldap_reaper_launch_thread (void)
{
static int done;
npth_attr_t tattr;
npth_t thread;
int err;
if (done)
return;
done = 1;
#ifdef HAVE_W32_SYSTEM
/* Static init does not yet work in W32 nPth. */
if (npth_cond_init (&reaper_run_cond, NULL))
log_fatal ("%s: failed to init condition variable: %s\n",
__func__, gpg_strerror (gpg_error_from_syserror ()));
#endif
npth_attr_init (&tattr);
npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
if (npth_create (&thread, &tattr, ldap_reaper_thread, NULL))
{
err = gpg_error_from_syserror ();
log_error ("error spawning ldap reaper reaper thread: %s\n",
gpg_strerror (err) );
dirmngr_exit (1);
}
npth_setname_np (thread, "ldap-reaper");
npth_attr_destroy (&tattr);
}
/* Wait until all ldap wrappers have terminated. We assume that the
kill has already been sent to all of them. */
void
ldap_wrapper_wait_connections (void)
{
lock_reaper_list ();
{
shutting_down = 1;
if (npth_cond_signal (&reaper_run_cond))
log_error ("%s: Ooops: signaling condition failed: %s\n",
__func__, gpg_strerror (gpg_error_from_syserror ()));
}
unlock_reaper_list ();
while (reaper_list)
gnupg_usleep (200);
}
/* This function is to be used to release a context associated with the
given reader object. */
void
ldap_wrapper_release_context (ksba_reader_t reader)
{
struct wrapper_context_s *ctx;
if (!reader )
return;
lock_reaper_list ();
{
for (ctx=reaper_list; ctx; ctx=ctx->next)
if (ctx->reader == reader)
{
if (DBG_EXTPROG)
log_debug ("releasing ldap worker c=%p pid=%d/%d rdr=%p"
" ctrl=%p/%d\n", ctx,
(int)ctx->pid, (int)ctx->printable_pid,
ctx->reader,
ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
ctx->reader = NULL;
SAFE_CLOSE (ctx->fp);
if (ctx->ctrl)
{
ctx->ctrl->refcount--;
ctx->ctrl = NULL;
}
if (ctx->fp_err)
log_info ("%s: reading from ldap wrapper %d failed: %s\n",
__func__, ctx->printable_pid, gpg_strerror (ctx->fp_err));
break;
}
}
unlock_reaper_list ();
}
/* Cleanup all resources held by the connection associated with
CTRL. This is used after a cancel to kill running wrappers. */
void
ldap_wrapper_connection_cleanup (ctrl_t ctrl)
{
struct wrapper_context_s *ctx;
lock_reaper_list ();
{
for (ctx=reaper_list; ctx; ctx=ctx->next)
if (ctx->ctrl && ctx->ctrl == ctrl)
{
ctx->ctrl->refcount--;
ctx->ctrl = NULL;
if (ctx->pid != (pid_t)(-1))
gnupg_kill_process (ctx->pid);
if (ctx->fp_err)
log_info ("%s: reading from ldap wrapper %d failed: %s\n",
__func__, ctx->printable_pid, gpg_strerror (ctx->fp_err));
}
}
unlock_reaper_list ();
}
/* This is the callback used by the ldap wrapper to feed the ksba
* reader with the wrapper's stdout. See the description of
* ksba_reader_set_cb for details. */
static int
reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread)
{
struct wrapper_context_s *ctx = cb_value;
size_t nleft = count;
struct timespec abstime;
struct timespec curtime;
struct timespec timeout;
int millisecs;
gpgrt_poll_t fparray[1];
int ret;
gpg_error_t err;
/* FIXME: We might want to add some internal buffering because the
ksba code does not do any buffering for itself (because a ksba
reader may be detached from another stream to read other data and
then it would be cumbersome to get back already buffered stuff). */
if (!buffer && !count && !nread)
return -1; /* Rewind is not supported. */
/* If we ever encountered a read error, don't continue (we don't want to
possibly overwrite the last error cause). Bail out also if the
file descriptor has been closed. */
if (ctx->fp_err || !ctx->fp)
{
*nread = 0;
return -1;
}
memset (fparray, 0, sizeof fparray);
fparray[0].stream = ctx->fp;
fparray[0].want_read = 1;
npth_clock_gettime (&abstime);
abstime.tv_sec += TIMERTICK_INTERVAL;
while (nleft > 0)
{
npth_clock_gettime (&curtime);
if (!(npth_timercmp (&curtime, &abstime, <)))
{
err = dirmngr_tick (ctx->ctrl);
if (err)
{
ctx->fp_err = err;
SAFE_CLOSE (ctx->fp);
return -1;
}
npth_clock_gettime (&abstime);
abstime.tv_sec += TIMERTICK_INTERVAL;
}
npth_timersub (&abstime, &curtime, &timeout);
millisecs = timeout.tv_sec * 1000;
millisecs += timeout.tv_nsec / 1000000;
if (millisecs < 0)
millisecs = 1;
if (DBG_EXTPROG)
{
log_debug ("%s: fp[0] stream=%p %s\n",
__func__, fparray[0].stream,
fparray[0].want_read?"want_read":"");
}
ret = es_poll (fparray, DIM (fparray), millisecs);
if (ret < 0)
{
ctx->fp_err = gpg_error_from_syserror ();
log_error ("error polling stdout of ldap wrapper %d: %s\n",
ctx->printable_pid, gpg_strerror (ctx->fp_err));
SAFE_CLOSE (ctx->fp);
return -1;
}
if (DBG_EXTPROG)
{
log_debug ("%s: fp[0] stream=%p rc=%d %c%c%c%c%c%c%c\n",
__func__, fparray[0].stream, ret,
fparray[0].got_read? 'r':'-',
fparray[0].got_write?'w':'-',
fparray[0].got_oob? 'o':'-',
fparray[0].got_rdhup?'H':'-',
fparray[0].got_err? 'e':'-',
fparray[0].got_hup? 'h':'-',
fparray[0].got_nval? 'n':'-');
}
if (!ret)
{
/* Timeout. Will be handled when calculating the next timeout. */
continue;
}
if (fparray[0].got_read)
{
size_t n;
if (es_read (ctx->fp, buffer, nleft, &n))
{
ctx->fp_err = gpg_error_from_syserror ();
if (gpg_err_code (ctx->fp_err) == GPG_ERR_EAGAIN)
ctx->fp_err = 0;
else
{
log_error ("%s: error reading: %s (%d)\n",
__func__, gpg_strerror (ctx->fp_err), ctx->fp_err);
SAFE_CLOSE (ctx->fp);
return -1;
}
}
else if (!n) /* EOF */
{
if (nleft == count)
return -1; /* EOF. */
break;
}
nleft -= n;
buffer += n;
if (n > 0 && ctx->stamp != (time_t)(-1))
ctx->stamp = time (NULL);
}
}
*nread = count - nleft;
return 0;
}
/* Fork and exec the LDAP wrapper and return a new libksba reader
object at READER. ARGV is a NULL terminated list of arguments for
the wrapper. The function returns 0 on success or an error code.
Special hack to avoid passing a password through the command line
which is globally visible: If the first element of ARGV is "--pass"
it will be removed and instead the environment variable
DIRMNGR_LDAP_PASS will be set to the next value of ARGV. On modern
OSes the environment is not visible to other users. For those old
systems where it can't be avoided, we don't want to go into the
hassle of passing the password via stdin; it's just too complicated
and an LDAP password used for public directory lookups should not
be that confidential. */
gpg_error_t
ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
{
gpg_error_t err;
pid_t pid;
struct wrapper_context_s *ctx;
int i;
int j;
const char **arg_list;
const char *pgmname;
estream_t outfp, errfp;
/* It would be too simple to connect stderr just to our logging
stream. The problem is that if we are running multi-threaded
everything gets intermixed. Clearly we don't want this. So the
only viable solutions are either to have another thread
responsible for logging the messages or to add an option to the
wrapper module to do the logging on its own. Given that we anyway
need a way to reap the child process and this is best done using a
general reaping thread, that thread can do the logging too. */
ldap_reaper_launch_thread ();
*reader = NULL;
/* Files: We need to prepare stdin and stdout. We get stderr from
the function. */
if (!opt.ldap_wrapper_program || !*opt.ldap_wrapper_program)
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR_LDAP);
else
pgmname = opt.ldap_wrapper_program;
/* Create command line argument array. */
for (i = 0; argv[i]; i++)
;
arg_list = xtrycalloc (i + 2, sizeof *arg_list);
if (!arg_list)
{
err = gpg_error_from_syserror ();
log_error (_("error allocating memory: %s\n"), strerror (errno));
return err;
}
for (i = j = 0; argv[i]; i++, j++)
if (!i && argv[i + 1] && !strcmp (*argv, "--pass"))
{
arg_list[j] = "--env-pass";
setenv ("DIRMNGR_LDAP_PASS", argv[1], 1);
i++;
}
else
arg_list[j] = (char*) argv[i];
ctx = xtrycalloc (1, sizeof *ctx);
if (!ctx)
{
err = gpg_error_from_syserror ();
log_error (_("error allocating memory: %s\n"), strerror (errno));
xfree (arg_list);
return err;
}
err = gnupg_spawn_process (pgmname, arg_list,
- NULL, NULL, GNUPG_SPAWN_NONBLOCK,
+ NULL, GNUPG_SPAWN_NONBLOCK,
NULL, &outfp, &errfp, &pid);
if (err)
{
xfree (arg_list);
xfree (ctx);
log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err));
return err;
}
ctx->pid = pid;
ctx->printable_pid = (int) pid;
ctx->fp = outfp;
ctx->log_fp = errfp;
ctx->ctrl = ctrl;
ctrl->refcount++;
ctx->stamp = time (NULL);
err = ksba_reader_new (reader);
if (!err)
err = ksba_reader_set_cb (*reader, reader_callback, ctx);
if (err)
{
xfree (arg_list);
log_error (_("error initializing reader object: %s\n"),
gpg_strerror (err));
destroy_wrapper (ctx);
ksba_reader_release (*reader);
*reader = NULL;
return err;
}
/* Hook the context into our list of running wrappers. */
lock_reaper_list ();
{
ctx->reader = *reader;
ctx->next = reaper_list;
reaper_list = ctx;
if (npth_cond_signal (&reaper_run_cond))
log_error ("ldap-wrapper: Ooops: signaling condition failed: %s (%d)\n",
gpg_strerror (gpg_error_from_syserror ()), errno);
}
unlock_reaper_list ();
if (DBG_EXTPROG)
{
log_debug ("ldap wrapper %d started (%p, %s)",
(int)ctx->pid, ctx->reader, pgmname);
for (i=0; arg_list[i]; i++)
log_printf (" [%s]", arg_list[i]);
log_printf ("\n");
}
xfree (arg_list);
/* Need to wait for the first byte so we are able to detect an empty
output and not let the consumer see an EOF without further error
indications. The CRL loading logic assumes that after return
from this function, a failed search (e.g. host not found ) is
indicated right away. */
{
unsigned char c;
err = read_buffer (*reader, &c, 1);
if (err)
{
ldap_wrapper_release_context (*reader);
ksba_reader_release (*reader);
*reader = NULL;
if (gpg_err_code (err) == GPG_ERR_EOF)
return gpg_error (GPG_ERR_NO_DATA);
else
return err;
}
ksba_reader_unread (*reader, &c, 1);
}
return 0;
}
diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c
index b9210c706..aefd7c385 100644
--- a/tests/gpgscm/ffi.c
+++ b/tests/gpgscm/ffi.c
@@ -1,1474 +1,1473 @@
/* FFI interface for TinySCHEME.
*
* Copyright (C) 2016 g10 code GmbH
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#if HAVE_LIBREADLINE
#define GNUPG_LIBREADLINE_H_INCLUDED
#include
#include
#endif
#include "../../common/util.h"
#include "../../common/exechelp.h"
#include "../../common/sysutils.h"
#ifdef HAVE_W32_SYSTEM
#include
#endif
#include "private.h"
#include "ffi.h"
#include "ffi-private.h"
/* For use in nice error messages. */
static const char *
ordinal_suffix (int n)
{
switch (n)
{
case 1: return "st";
case 2: return "nd";
case 3: return "rd";
default: return "th";
}
assert (! "reached");
}
int
ffi_bool_value (scheme *sc, pointer p)
{
return ! (p == sc->F);
}
static pointer
do_logand (scheme *sc, pointer args)
{
FFI_PROLOG ();
unsigned int v, acc = ~0;
while (args != sc->NIL)
{
FFI_ARG_OR_RETURN (sc, unsigned int, v, number, args);
acc &= v;
}
FFI_RETURN_INT (sc, acc);
}
static pointer
do_logior (scheme *sc, pointer args)
{
FFI_PROLOG ();
unsigned int v, acc = 0;
while (args != sc->NIL)
{
FFI_ARG_OR_RETURN (sc, unsigned int, v, number, args);
acc |= v;
}
FFI_RETURN_INT (sc, acc);
}
static pointer
do_logxor (scheme *sc, pointer args)
{
FFI_PROLOG ();
unsigned int v, acc = 0;
while (args != sc->NIL)
{
FFI_ARG_OR_RETURN (sc, unsigned int, v, number, args);
acc ^= v;
}
FFI_RETURN_INT (sc, acc);
}
static pointer
do_lognot (scheme *sc, pointer args)
{
FFI_PROLOG ();
unsigned int v;
FFI_ARG_OR_RETURN (sc, unsigned int, v, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_INT (sc, ~v);
}
/* User interface. */
static pointer
do_flush_stdio (scheme *sc, pointer args)
{
FFI_PROLOG ();
FFI_ARGS_DONE_OR_RETURN (sc, args);
fflush (stdout);
fflush (stderr);
FFI_RETURN (sc);
}
int use_libreadline;
/* Read a string, and return a pointer to it. Returns NULL on EOF. */
char *
rl_gets (const char *prompt)
{
static char *line = NULL;
char *p;
xfree (line);
#if HAVE_LIBREADLINE
{
line = readline (prompt);
if (line && *line)
add_history (line);
}
#else
{
size_t max_size = 0xff;
printf ("%s", prompt);
fflush (stdout);
line = xtrymalloc (max_size);
if (line != NULL)
fgets (line, max_size, stdin);
}
#endif
/* Strip trailing whitespace. */
if (line && strlen (line) > 0)
for (p = &line[strlen (line) - 1]; isspace (*p); p--)
*p = 0;
return line;
}
static pointer
do_prompt (scheme *sc, pointer args)
{
FFI_PROLOG ();
const char *prompt;
const char *line;
FFI_ARG_OR_RETURN (sc, const char *, prompt, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
line = rl_gets (prompt);
if (! line)
FFI_RETURN_POINTER (sc, sc->EOF_OBJ);
FFI_RETURN_STRING (sc, line);
}
static pointer
do_sleep (scheme *sc, pointer args)
{
FFI_PROLOG ();
unsigned int seconds;
FFI_ARG_OR_RETURN (sc, unsigned int, seconds, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
sleep (seconds);
FFI_RETURN (sc);
}
static pointer
do_usleep (scheme *sc, pointer args)
{
FFI_PROLOG ();
useconds_t microseconds;
FFI_ARG_OR_RETURN (sc, useconds_t, microseconds, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
usleep (microseconds);
FFI_RETURN (sc);
}
static pointer
do_chdir (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *name;
FFI_ARG_OR_RETURN (sc, char *, name, path, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (chdir (name))
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
FFI_RETURN (sc);
}
static pointer
do_strerror (scheme *sc, pointer args)
{
FFI_PROLOG ();
int error;
FFI_ARG_OR_RETURN (sc, int, error, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_STRING (sc, gpg_strerror (error));
}
static pointer
do_getenv (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *name;
char *value;
FFI_ARG_OR_RETURN (sc, char *, name, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
value = getenv (name);
FFI_RETURN_STRING (sc, value ? value : "");
}
static pointer
do_setenv (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *name;
char *value;
int overwrite;
FFI_ARG_OR_RETURN (sc, char *, name, string, args);
FFI_ARG_OR_RETURN (sc, char *, value, string, args);
FFI_ARG_OR_RETURN (sc, int, overwrite, bool, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (gnupg_setenv (name, value, overwrite))
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
FFI_RETURN (sc);
}
static pointer
do_exit (scheme *sc, pointer args)
{
FFI_PROLOG ();
int retcode;
FFI_ARG_OR_RETURN (sc, int, retcode, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
exit (retcode);
}
/* XXX: use gnupgs variant b/c mode as string */
static pointer
do_open (scheme *sc, pointer args)
{
FFI_PROLOG ();
int fd;
char *pathname;
int flags;
mode_t mode = 0;
FFI_ARG_OR_RETURN (sc, char *, pathname, path, args);
FFI_ARG_OR_RETURN (sc, int, flags, number, args);
if (args != sc->NIL)
FFI_ARG_OR_RETURN (sc, mode_t, mode, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
fd = open (pathname, flags, mode);
if (fd == -1)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
FFI_RETURN_INT (sc, fd);
}
static pointer
do_fdopen (scheme *sc, pointer args)
{
FFI_PROLOG ();
FILE *stream;
int fd;
char *mode;
int kind;
FFI_ARG_OR_RETURN (sc, int, fd, number, args);
FFI_ARG_OR_RETURN (sc, char *, mode, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
stream = fdopen (fd, mode);
if (stream == NULL)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
if (setvbuf (stream, NULL, _IONBF, 0) != 0)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
kind = 0;
if (strchr (mode, 'r'))
kind |= port_input;
if (strchr (mode, 'w'))
kind |= port_output;
FFI_RETURN_POINTER (sc, sc->vptr->mk_port_from_file (sc, stream, kind));
}
static pointer
do_close (scheme *sc, pointer args)
{
FFI_PROLOG ();
int fd;
FFI_ARG_OR_RETURN (sc, int, fd, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_ERR (sc, close (fd) == 0 ? 0 : gpg_error_from_syserror ());
}
static pointer
do_seek (scheme *sc, pointer args)
{
FFI_PROLOG ();
int fd;
off_t offset;
int whence;
FFI_ARG_OR_RETURN (sc, int, fd, number, args);
FFI_ARG_OR_RETURN (sc, off_t, offset, number, args);
FFI_ARG_OR_RETURN (sc, int, whence, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_ERR (sc, lseek (fd, offset, whence) == (off_t) -1
? gpg_error_from_syserror () : 0);
}
static pointer
do_get_temp_path (scheme *sc, pointer args)
{
FFI_PROLOG ();
#ifdef HAVE_W32_SYSTEM
char buffer[MAX_PATH+1];
#endif
FFI_ARGS_DONE_OR_RETURN (sc, args);
#ifdef HAVE_W32_SYSTEM
if (GetTempPath (MAX_PATH+1, buffer) == 0)
FFI_RETURN_STRING (sc, "/temp");
FFI_RETURN_STRING (sc, buffer);
#else
FFI_RETURN_STRING (sc, "/tmp");
#endif
}
static pointer
do_mkdtemp (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *template;
#ifdef PATH_MAX
char buffer[PATH_MAX];
#else
char buffer[1024];
#endif
char *name;
FFI_ARG_OR_RETURN (sc, char *, template, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (strlen (template) > sizeof buffer - 1)
FFI_RETURN_ERR (sc, EINVAL);
strncpy (buffer, template, sizeof buffer);
name = gnupg_mkdtemp (buffer);
if (name == NULL)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
FFI_RETURN_STRING (sc, name);
}
static pointer
do_unlink (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *name;
FFI_ARG_OR_RETURN (sc, char *, name, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (unlink (name) == -1)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
FFI_RETURN (sc);
}
static gpg_error_t
unlink_recursively (const char *name)
{
gpg_error_t err = 0;
struct stat st;
if (stat (name, &st) == -1)
return gpg_error_from_syserror ();
if (S_ISDIR (st.st_mode))
{
DIR *dir;
struct dirent *dent;
dir = opendir (name);
if (dir == NULL)
return gpg_error_from_syserror ();
while ((dent = readdir (dir)))
{
char *child;
if (strcmp (dent->d_name, ".") == 0
|| strcmp (dent->d_name, "..") == 0)
continue;
child = xtryasprintf ("%s/%s", name, dent->d_name);
if (child == NULL)
{
err = gpg_error_from_syserror ();
goto leave;
}
err = unlink_recursively (child);
xfree (child);
if (err == gpg_error_from_errno (ENOENT))
err = 0;
if (err)
goto leave;
}
leave:
closedir (dir);
if (! err)
rmdir (name);
return err;
}
else
if (unlink (name) == -1)
return gpg_error_from_syserror ();
return 0;
}
static pointer
do_unlink_recursively (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *name;
FFI_ARG_OR_RETURN (sc, char *, name, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = unlink_recursively (name);
FFI_RETURN (sc);
}
static pointer
do_rename (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *old;
char *new;
FFI_ARG_OR_RETURN (sc, char *, old, string, args);
FFI_ARG_OR_RETURN (sc, char *, new, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (rename (old, new) == -1)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
FFI_RETURN (sc);
}
static pointer
do_getcwd (scheme *sc, pointer args)
{
FFI_PROLOG ();
pointer result;
char *cwd;
FFI_ARGS_DONE_OR_RETURN (sc, args);
cwd = gnupg_getcwd ();
if (cwd == NULL)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
result = sc->vptr->mk_string (sc, cwd);
xfree (cwd);
FFI_RETURN_POINTER (sc, result);
}
static pointer
do_mkdir (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *name;
char *mode;
FFI_ARG_OR_RETURN (sc, char *, name, string, args);
FFI_ARG_OR_RETURN (sc, char *, mode, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (gnupg_mkdir (name, mode) == -1)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
FFI_RETURN (sc);
}
static pointer
do_rmdir (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *name;
FFI_ARG_OR_RETURN (sc, char *, name, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (rmdir (name) == -1)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
FFI_RETURN (sc);
}
static pointer
do_get_isotime (scheme *sc, pointer args)
{
FFI_PROLOG ();
gnupg_isotime_t timebuf;
FFI_ARGS_DONE_OR_RETURN (sc, args);
gnupg_get_isotime (timebuf);
FFI_RETURN_STRING (sc, timebuf);
}
static pointer
do_get_time (scheme *sc, pointer args)
{
FFI_PROLOG ();
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_INT (sc, gnupg_get_time ());
}
static pointer
do_getpid (scheme *sc, pointer args)
{
FFI_PROLOG ();
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_INT (sc, getpid ());
}
static pointer
do_srandom (scheme *sc, pointer args)
{
FFI_PROLOG ();
int seed;
FFI_ARG_OR_RETURN (sc, int, seed, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
srand (seed);
FFI_RETURN (sc);
}
static int
random_scaled (int scale)
{
int v;
#ifdef HAVE_RAND
v = rand ();
#else
v = random ();
#endif
#ifndef RAND_MAX /* for SunOS */
#define RAND_MAX 32767
#endif
return ((int) (1 + (int) ((float) scale * v / (RAND_MAX + 1.0))) - 1);
}
static pointer
do_random (scheme *sc, pointer args)
{
FFI_PROLOG ();
int scale;
FFI_ARG_OR_RETURN (sc, int, scale, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_INT (sc, random_scaled (scale));
}
static pointer
do_make_random_string (scheme *sc, pointer args)
{
FFI_PROLOG ();
int size;
pointer chunk;
char *p;
FFI_ARG_OR_RETURN (sc, int, size, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (size < 0)
return ffi_sprintf (sc, "size must be positive");
chunk = sc->vptr->mk_counted_string (sc, NULL, size);
if (sc->no_memory)
FFI_RETURN_ERR (sc, ENOMEM);
for (p = sc->vptr->string_value (chunk); size; p++, size--)
*p = (char) random_scaled (256);
FFI_RETURN_POINTER (sc, chunk);
}
/* estream functions. */
struct es_object_box
{
estream_t stream;
int closed;
};
static void
es_object_finalize (scheme *sc, void *data)
{
struct es_object_box *box = data;
(void) sc;
if (! box->closed)
es_fclose (box->stream);
xfree (box);
}
static void
es_object_to_string (scheme *sc, char *out, size_t size, void *data)
{
struct es_object_box *box = data;
(void) sc;
snprintf (out, size, "#estream %p", box->stream);
}
static struct foreign_object_vtable es_object_vtable =
{
es_object_finalize,
es_object_to_string,
};
static pointer
es_wrap (scheme *sc, estream_t stream)
{
struct es_object_box *box = xmalloc (sizeof *box);
if (box == NULL)
return sc->NIL;
box->stream = stream;
box->closed = 0;
return sc->vptr->mk_foreign_object (sc, &es_object_vtable, box);
}
static struct es_object_box *
es_unwrap (scheme *sc, pointer object)
{
(void) sc;
if (! is_foreign_object (object))
return NULL;
if (sc->vptr->get_foreign_object_vtable (object) != &es_object_vtable)
return NULL;
return sc->vptr->get_foreign_object_data (object);
}
#define CONVERSION_estream(SC, X) es_unwrap (SC, X)
#define IS_A_estream(SC, X) es_unwrap (SC, X)
static pointer
do_es_fclose (scheme *sc, pointer args)
{
FFI_PROLOG ();
struct es_object_box *box;
FFI_ARG_OR_RETURN (sc, struct es_object_box *, box, estream, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = es_fclose (box->stream);
if (! err)
box->closed = 1;
FFI_RETURN (sc);
}
static pointer
do_es_read (scheme *sc, pointer args)
{
FFI_PROLOG ();
struct es_object_box *box;
size_t bytes_to_read;
pointer result;
void *buffer;
size_t bytes_read;
FFI_ARG_OR_RETURN (sc, struct es_object_box *, box, estream, args);
FFI_ARG_OR_RETURN (sc, size_t, bytes_to_read, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
buffer = xtrymalloc (bytes_to_read);
if (buffer == NULL)
FFI_RETURN_ERR (sc, ENOMEM);
err = es_read (box->stream, buffer, bytes_to_read, &bytes_read);
if (err)
FFI_RETURN_ERR (sc, err);
result = sc->vptr->mk_counted_string (sc, buffer, bytes_read);
xfree (buffer);
FFI_RETURN_POINTER (sc, result);
}
static pointer
do_es_feof (scheme *sc, pointer args)
{
FFI_PROLOG ();
struct es_object_box *box;
FFI_ARG_OR_RETURN (sc, struct es_object_box *, box, estream, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_POINTER (sc, es_feof (box->stream) ? sc->T : sc->F);
}
static pointer
do_es_write (scheme *sc, pointer args)
{
FFI_PROLOG ();
struct es_object_box *box;
const char *buffer;
size_t bytes_to_write, bytes_written;
FFI_ARG_OR_RETURN (sc, struct es_object_box *, box, estream, args);
/* XXX how to get the length of the string buffer? scheme strings
may contain \0. */
FFI_ARG_OR_RETURN (sc, const char *, buffer, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
bytes_to_write = strlen (buffer);
while (bytes_to_write > 0)
{
err = es_write (box->stream, buffer, bytes_to_write, &bytes_written);
if (err)
break;
bytes_to_write -= bytes_written;
buffer += bytes_written;
}
FFI_RETURN (sc);
}
/* Process handling. */
static pointer
do_spawn_process (scheme *sc, pointer args)
{
FFI_PROLOG ();
pointer arguments;
char **argv;
size_t len;
unsigned int flags;
estream_t infp;
estream_t outfp;
estream_t errfp;
pid_t pid;
FFI_ARG_OR_RETURN (sc, pointer, arguments, list, args);
FFI_ARG_OR_RETURN (sc, unsigned int, flags, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = ffi_list2argv (sc, arguments, &argv, &len);
if (err == gpg_error (GPG_ERR_INV_VALUE))
return ffi_sprintf (sc, "%luth element of first argument is "
"neither string nor symbol",
(unsigned long) len);
if (err)
FFI_RETURN_ERR (sc, err);
if (verbose > 1)
{
char **p;
fprintf (stderr, "Executing:");
for (p = argv; *p; p++)
fprintf (stderr, " '%s'", *p);
fprintf (stderr, "\n");
}
err = gnupg_spawn_process (argv[0], (const char **) &argv[1],
- NULL,
NULL,
flags,
&infp, &outfp, &errfp, &pid);
xfree (argv);
#define IMC(A, B) \
_cons (sc, sc->vptr->mk_integer (sc, (unsigned long) (A)), (B), 1)
#define IMS(A, B) \
_cons (sc, es_wrap (sc, (A)), (B), 1)
FFI_RETURN_POINTER (sc, IMS (infp,
IMS (outfp,
IMS (errfp,
IMC (pid, sc->NIL)))));
#undef IMS
#undef IMC
}
static pointer
do_spawn_process_fd (scheme *sc, pointer args)
{
FFI_PROLOG ();
pointer arguments;
char **argv;
size_t len;
int infd, outfd, errfd;
pid_t pid;
FFI_ARG_OR_RETURN (sc, pointer, arguments, list, args);
FFI_ARG_OR_RETURN (sc, int, infd, number, args);
FFI_ARG_OR_RETURN (sc, int, outfd, number, args);
FFI_ARG_OR_RETURN (sc, int, errfd, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = ffi_list2argv (sc, arguments, &argv, &len);
if (err == gpg_error (GPG_ERR_INV_VALUE))
return ffi_sprintf (sc, "%luth element of first argument is "
"neither string nor symbol",
(unsigned long) len);
if (err)
FFI_RETURN_ERR (sc, err);
if (verbose > 1)
{
char **p;
fprintf (stderr, "Executing:");
for (p = argv; *p; p++)
fprintf (stderr, " '%s'", *p);
fprintf (stderr, "\n");
}
err = gnupg_spawn_process_fd (argv[0], (const char **) &argv[1],
infd, outfd, errfd, &pid);
xfree (argv);
FFI_RETURN_INT (sc, pid);
}
static pointer
do_wait_process (scheme *sc, pointer args)
{
FFI_PROLOG ();
const char *name;
pid_t pid;
int hang;
int retcode;
FFI_ARG_OR_RETURN (sc, const char *, name, string, args);
FFI_ARG_OR_RETURN (sc, pid_t, pid, number, args);
FFI_ARG_OR_RETURN (sc, int, hang, bool, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = gnupg_wait_process (name, pid, hang, &retcode);
if (err == GPG_ERR_GENERAL)
err = 0; /* Let the return code speak for itself. */
FFI_RETURN_INT (sc, retcode);
}
static pointer
do_wait_processes (scheme *sc, pointer args)
{
FFI_PROLOG ();
pointer list_names;
char **names;
pointer list_pids;
size_t i, count;
pid_t *pids;
int hang;
int *retcodes;
pointer retcodes_list = sc->NIL;
FFI_ARG_OR_RETURN (sc, pointer, list_names, list, args);
FFI_ARG_OR_RETURN (sc, pointer, list_pids, list, args);
FFI_ARG_OR_RETURN (sc, int, hang, bool, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
if (sc->vptr->list_length (sc, list_names)
!= sc->vptr->list_length (sc, list_pids))
return
sc->vptr->mk_string (sc, "length of first two arguments must match");
err = ffi_list2argv (sc, list_names, &names, &count);
if (err == gpg_error (GPG_ERR_INV_VALUE))
return ffi_sprintf (sc, "%lu%s element of first argument is "
"neither string nor symbol",
(unsigned long) count,
ordinal_suffix ((int) count));
if (err)
FFI_RETURN_ERR (sc, err);
err = ffi_list2intv (sc, list_pids, (int **) &pids, &count);
if (err == gpg_error (GPG_ERR_INV_VALUE))
return ffi_sprintf (sc, "%lu%s element of second argument is "
"not a number",
(unsigned long) count,
ordinal_suffix ((int) count));
if (err)
FFI_RETURN_ERR (sc, err);
retcodes = xtrycalloc (sizeof *retcodes, count);
if (retcodes == NULL)
{
xfree (names);
xfree (pids);
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
}
err = gnupg_wait_processes ((const char **) names, pids, count, hang,
retcodes);
if (err == GPG_ERR_GENERAL)
err = 0; /* Let the return codes speak. */
if (err == GPG_ERR_TIMEOUT)
err = 0; /* We may have got some results. */
for (i = 0; i < count; i++)
retcodes_list =
(sc->vptr->cons) (sc,
sc->vptr->mk_integer (sc,
(long) retcodes[count-1-i]),
retcodes_list);
xfree (names);
xfree (pids);
xfree (retcodes);
FFI_RETURN_POINTER (sc, retcodes_list);
}
static pointer
do_pipe (scheme *sc, pointer args)
{
FFI_PROLOG ();
int filedes[2];
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = gnupg_create_pipe (filedes);
#define IMC(A, B) \
_cons (sc, sc->vptr->mk_integer (sc, (unsigned long) (A)), (B), 1)
FFI_RETURN_POINTER (sc, IMC (filedes[0],
IMC (filedes[1], sc->NIL)));
#undef IMC
}
static pointer
do_inbound_pipe (scheme *sc, pointer args)
{
FFI_PROLOG ();
int filedes[2];
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = gnupg_create_inbound_pipe (filedes, NULL, 0);
#define IMC(A, B) \
_cons (sc, sc->vptr->mk_integer (sc, (unsigned long) (A)), (B), 1)
FFI_RETURN_POINTER (sc, IMC (filedes[0],
IMC (filedes[1], sc->NIL)));
#undef IMC
}
static pointer
do_outbound_pipe (scheme *sc, pointer args)
{
FFI_PROLOG ();
int filedes[2];
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = gnupg_create_outbound_pipe (filedes, NULL, 0);
#define IMC(A, B) \
_cons (sc, sc->vptr->mk_integer (sc, (unsigned long) (A)), (B), 1)
FFI_RETURN_POINTER (sc, IMC (filedes[0],
IMC (filedes[1], sc->NIL)));
#undef IMC
}
/* Test helper functions. */
static pointer
do_file_equal (scheme *sc, pointer args)
{
FFI_PROLOG ();
pointer result = sc->F;
char *a_name, *b_name;
int binary;
const char *mode;
FILE *a_stream = NULL, *b_stream = NULL;
struct stat a_stat, b_stat;
#define BUFFER_SIZE 1024
char a_buf[BUFFER_SIZE], b_buf[BUFFER_SIZE];
#undef BUFFER_SIZE
size_t chunk;
FFI_ARG_OR_RETURN (sc, char *, a_name, string, args);
FFI_ARG_OR_RETURN (sc, char *, b_name, string, args);
FFI_ARG_OR_RETURN (sc, int, binary, bool, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
mode = binary ? "rb" : "r";
a_stream = fopen (a_name, mode);
if (a_stream == NULL)
goto errout;
b_stream = fopen (b_name, mode);
if (b_stream == NULL)
goto errout;
if (fstat (fileno (a_stream), &a_stat) < 0)
goto errout;
if (fstat (fileno (b_stream), &b_stat) < 0)
goto errout;
if (binary && a_stat.st_size != b_stat.st_size)
{
if (verbose)
fprintf (stderr, "Files %s and %s differ in size %lu != %lu\n",
a_name, b_name, (unsigned long) a_stat.st_size,
(unsigned long) b_stat.st_size);
goto out;
}
while (! feof (a_stream))
{
chunk = sizeof a_buf;
chunk = fread (a_buf, 1, chunk, a_stream);
if (chunk == 0 && ferror (a_stream))
goto errout; /* some error */
if (fread (b_buf, 1, chunk, b_stream) < chunk)
{
if (feof (b_stream))
goto out; /* short read */
goto errout; /* some error */
}
if (chunk > 0 && memcmp (a_buf, b_buf, chunk) != 0)
goto out;
}
fread (b_buf, 1, 1, b_stream);
if (! feof (b_stream))
goto out; /* b is longer */
/* They match. */
result = sc->T;
out:
if (a_stream)
fclose (a_stream);
if (b_stream)
fclose (b_stream);
FFI_RETURN_POINTER (sc, result);
errout:
err = gpg_error_from_syserror ();
goto out;
}
static pointer
do_splice (scheme *sc, pointer args)
{
FFI_PROLOG ();
int source;
char buffer[1024];
ssize_t bytes_read;
pointer sinks, sink;
FFI_ARG_OR_RETURN (sc, int, source, number, args);
sinks = args;
if (sinks == sc->NIL)
return ffi_sprintf (sc, "need at least one sink");
for (sink = sinks; sink != sc->NIL; sink = pair_cdr (sink), ffi_arg_index++)
if (! sc->vptr->is_number (pair_car (sink)))
return ffi_sprintf (sc, "%d%s argument is not a number",
ffi_arg_index, ordinal_suffix (ffi_arg_index));
while (1)
{
bytes_read = read (source, buffer, sizeof buffer);
if (bytes_read == 0)
break;
if (bytes_read < 0)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
for (sink = sinks; sink != sc->NIL; sink = pair_cdr (sink))
{
int fd = sc->vptr->ivalue (pair_car (sink));
char *p = buffer;
ssize_t left = bytes_read;
while (left)
{
ssize_t written = write (fd, p, left);
if (written < 0)
FFI_RETURN_ERR (sc, gpg_error_from_syserror ());
assert (written <= left);
left -= written;
p += written;
}
}
}
FFI_RETURN (sc);
}
static pointer
do_string_index (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *haystack;
char needle;
ssize_t offset = 0;
char *position;
FFI_ARG_OR_RETURN (sc, char *, haystack, string, args);
FFI_ARG_OR_RETURN (sc, char, needle, character, args);
if (args != sc->NIL)
{
FFI_ARG_OR_RETURN (sc, ssize_t, offset, number, args);
if (offset < 0)
return ffi_sprintf (sc, "offset must be positive");
if (offset > strlen (haystack))
return ffi_sprintf (sc, "offset exceeds haystack");
}
FFI_ARGS_DONE_OR_RETURN (sc, args);
position = strchr (haystack+offset, needle);
if (position)
FFI_RETURN_INT (sc, position - haystack);
else
FFI_RETURN_POINTER (sc, sc->F);
}
static pointer
do_string_rindex (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *haystack;
char needle;
ssize_t offset = 0;
char *position;
FFI_ARG_OR_RETURN (sc, char *, haystack, string, args);
FFI_ARG_OR_RETURN (sc, char, needle, character, args);
if (args != sc->NIL)
{
FFI_ARG_OR_RETURN (sc, ssize_t, offset, number, args);
if (offset < 0)
return ffi_sprintf (sc, "offset must be positive");
if (offset > strlen (haystack))
return ffi_sprintf (sc, "offset exceeds haystack");
}
FFI_ARGS_DONE_OR_RETURN (sc, args);
position = strrchr (haystack+offset, needle);
if (position)
FFI_RETURN_INT (sc, position - haystack);
else
FFI_RETURN_POINTER (sc, sc->F);
}
static pointer
do_string_contains (scheme *sc, pointer args)
{
FFI_PROLOG ();
char *haystack;
char *needle;
FFI_ARG_OR_RETURN (sc, char *, haystack, string, args);
FFI_ARG_OR_RETURN (sc, char *, needle, string, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_POINTER (sc, strstr (haystack, needle) ? sc->T : sc->F);
}
static pointer
do_get_verbose (scheme *sc, pointer args)
{
FFI_PROLOG ();
FFI_ARGS_DONE_OR_RETURN (sc, args);
FFI_RETURN_INT (sc, verbose);
}
static pointer
do_set_verbose (scheme *sc, pointer args)
{
FFI_PROLOG ();
int new_verbosity, old;
FFI_ARG_OR_RETURN (sc, int, new_verbosity, number, args);
FFI_ARGS_DONE_OR_RETURN (sc, args);
old = verbose;
verbose = new_verbosity;
FFI_RETURN_INT (sc, old);
}
gpg_error_t
ffi_list2argv (scheme *sc, pointer list, char ***argv, size_t *len)
{
int i;
*len = sc->vptr->list_length (sc, list);
*argv = xtrycalloc (*len + 1, sizeof **argv);
if (*argv == NULL)
return gpg_error_from_syserror ();
for (i = 0; sc->vptr->is_pair (list); list = sc->vptr->pair_cdr (list))
{
if (sc->vptr->is_string (sc->vptr->pair_car (list)))
(*argv)[i++] = sc->vptr->string_value (sc->vptr->pair_car (list));
else if (sc->vptr->is_symbol (sc->vptr->pair_car (list)))
(*argv)[i++] = sc->vptr->symname (sc->vptr->pair_car (list));
else
{
xfree (*argv);
*argv = NULL;
*len = i;
return gpg_error (GPG_ERR_INV_VALUE);
}
}
(*argv)[i] = NULL;
return 0;
}
gpg_error_t
ffi_list2intv (scheme *sc, pointer list, int **intv, size_t *len)
{
int i;
*len = sc->vptr->list_length (sc, list);
*intv = xtrycalloc (*len, sizeof **intv);
if (*intv == NULL)
return gpg_error_from_syserror ();
for (i = 0; sc->vptr->is_pair (list); list = sc->vptr->pair_cdr (list))
{
if (sc->vptr->is_number (sc->vptr->pair_car (list)))
(*intv)[i++] = sc->vptr->ivalue (sc->vptr->pair_car (list));
else
{
xfree (*intv);
*intv = NULL;
*len = i;
return gpg_error (GPG_ERR_INV_VALUE);
}
}
return 0;
}
char *
ffi_schemify_name (const char *s, int macro)
{
/* Fixme: We should use xtrystrdup and return NULL. However, this
* requires a lot more changes. Simply returning S as done
* originally is not an option. */
char *n = xstrdup (s), *p;
/* if (n == NULL) */
/* return s; */
for (p = n; *p; p++)
{
*p = (char) tolower (*p);
/* We convert _ to - in identifiers. We allow, however, for
function names to start with a leading _. The functions in
this namespace are not yet finalized and might change or
vanish without warning. Use them with care. */
if (! macro
&& p != n
&& *p == '_')
*p = '-';
}
return n;
}
pointer
ffi_sprintf (scheme *sc, const char *format, ...)
{
pointer result;
va_list listp;
char *expression;
int size, written;
va_start (listp, format);
size = vsnprintf (NULL, 0, format, listp);
va_end (listp);
expression = xtrymalloc (size + 1);
if (expression == NULL)
return NULL;
va_start (listp, format);
written = vsnprintf (expression, size + 1, format, listp);
va_end (listp);
assert (size == written);
result = sc->vptr->mk_string (sc, expression);
xfree (expression);
return result;
}
void
ffi_scheme_eval (scheme *sc, const char *format, ...)
{
va_list listp;
char *expression;
int size, written;
va_start (listp, format);
size = vsnprintf (NULL, 0, format, listp);
va_end (listp);
expression = xtrymalloc (size + 1);
if (expression == NULL)
return;
va_start (listp, format);
written = vsnprintf (expression, size + 1, format, listp);
va_end (listp);
assert (size == written);
sc->vptr->load_string (sc, expression);
xfree (expression);
}
gpg_error_t
ffi_init (scheme *sc, const char *argv0, const char *scriptname,
int argc, const char **argv)
{
int i;
pointer args = sc->NIL;
/* bitwise arithmetic */
ffi_define_function (sc, logand);
ffi_define_function (sc, logior);
ffi_define_function (sc, logxor);
ffi_define_function (sc, lognot);
/* libc. */
ffi_define_constant (sc, O_RDONLY);
ffi_define_constant (sc, O_WRONLY);
ffi_define_constant (sc, O_RDWR);
ffi_define_constant (sc, O_CREAT);
ffi_define_constant (sc, O_APPEND);
#ifndef O_BINARY
# define O_BINARY 0
#endif
#ifndef O_TEXT
# define O_TEXT 0
#endif
ffi_define_constant (sc, O_BINARY);
ffi_define_constant (sc, O_TEXT);
ffi_define_constant (sc, STDIN_FILENO);
ffi_define_constant (sc, STDOUT_FILENO);
ffi_define_constant (sc, STDERR_FILENO);
ffi_define_constant (sc, SEEK_SET);
ffi_define_constant (sc, SEEK_CUR);
ffi_define_constant (sc, SEEK_END);
ffi_define_function (sc, sleep);
ffi_define_function (sc, usleep);
ffi_define_function (sc, chdir);
ffi_define_function (sc, strerror);
ffi_define_function (sc, getenv);
ffi_define_function (sc, setenv);
ffi_define_function_name (sc, "_exit", exit);
ffi_define_function (sc, open);
ffi_define_function (sc, fdopen);
ffi_define_function (sc, close);
ffi_define_function (sc, seek);
ffi_define_function (sc, get_temp_path);
ffi_define_function_name (sc, "_mkdtemp", mkdtemp);
ffi_define_function (sc, unlink);
ffi_define_function (sc, unlink_recursively);
ffi_define_function (sc, rename);
ffi_define_function (sc, getcwd);
ffi_define_function (sc, mkdir);
ffi_define_function (sc, rmdir);
ffi_define_function (sc, get_isotime);
ffi_define_function (sc, get_time);
ffi_define_function (sc, getpid);
/* Random numbers. */
ffi_define_function (sc, srandom);
ffi_define_function (sc, random);
ffi_define_function (sc, make_random_string);
/* Process management. */
ffi_define_function (sc, spawn_process);
ffi_define_function (sc, spawn_process_fd);
ffi_define_function (sc, wait_process);
ffi_define_function (sc, wait_processes);
ffi_define_function (sc, pipe);
ffi_define_function (sc, inbound_pipe);
ffi_define_function (sc, outbound_pipe);
/* estream functions. */
ffi_define_function_name (sc, "es-fclose", es_fclose);
ffi_define_function_name (sc, "es-read", es_read);
ffi_define_function_name (sc, "es-feof", es_feof);
ffi_define_function_name (sc, "es-write", es_write);
/* Test helper functions. */
ffi_define_function (sc, file_equal);
ffi_define_function (sc, splice);
ffi_define_function (sc, string_index);
ffi_define_function (sc, string_rindex);
ffi_define_function_name (sc, "string-contains?", string_contains);
/* User interface. */
ffi_define_function (sc, flush_stdio);
ffi_define_function (sc, prompt);
/* Configuration. */
ffi_define_function_name (sc, "*verbose*", get_verbose);
ffi_define_function_name (sc, "*set-verbose!*", set_verbose);
ffi_define (sc, "*argv0*", sc->vptr->mk_string (sc, argv0));
ffi_define (sc, "*scriptname*", sc->vptr->mk_string (sc, scriptname));
for (i = argc - 1; i >= 0; i--)
{
pointer value = sc->vptr->mk_string (sc, argv[i]);
args = (sc->vptr->cons) (sc, value, args);
}
ffi_define (sc, "*args*", args);
#if _WIN32
ffi_define (sc, "*pathsep*", sc->vptr->mk_character (sc, ';'));
#else
ffi_define (sc, "*pathsep*", sc->vptr->mk_character (sc, ':'));
#endif
ffi_define (sc, "*win32*",
#if _WIN32
sc->T
#else
sc->F
#endif
);
ffi_define (sc, "*maintainer-mode*",
#if MAINTAINER_MODE
sc->T
#else
sc->F
#endif
);
ffi_define (sc, "*run-all-tests*",
#if RUN_ALL_TESTS
sc->T
#else
sc->F
#endif
);
ffi_define (sc, "*stdin*",
sc->vptr->mk_port_from_file (sc, stdin, port_input));
ffi_define (sc, "*stdout*",
sc->vptr->mk_port_from_file (sc, stdout, port_output));
ffi_define (sc, "*stderr*",
sc->vptr->mk_port_from_file (sc, stderr, port_output));
return 0;
}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 7cd45c7e9..90f2f53d3 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -1,3607 +1,3607 @@
/* gpgconf-comp.c - Configuration utility for GnuPG.
* Copyright (C) 2004, 2007-2011 Free Software Foundation, Inc.
* Copyright (C) 2016 Werner Koch
* Copyright (C) 2020, 2021 g10 Code GmbH
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GnuPG; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#if HAVE_CONFIG_H
#include
#endif
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef HAVE_SIGNAL_H
# include
#endif
#include
#ifdef HAVE_W32_SYSTEM
# define WIN32_LEAN_AND_MEAN 1
# include
#else
# include
# include
#endif
#include "../common/util.h"
#include "../common/i18n.h"
#include "../common/exechelp.h"
#include "../common/sysutils.h"
#include "../common/status.h"
#include "../common/gc-opt-flags.h"
#include "gpgconf.h"
#if (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ))
void gc_error (int status, int errnum, const char *fmt, ...) \
__attribute__ ((format (printf, 3, 4)));
#endif
/* Output a diagnostic message. If ERRNUM is not 0, then the output
is followed by a colon, a white space, and the error string for the
error number ERRNUM. In any case the output is finished by a
newline. The message is prepended by the program name, a colon,
and a whitespace. The output may be further formatted or
redirected by the jnlib logging facility. */
void
gc_error (int status, int errnum, const char *fmt, ...)
{
va_list arg_ptr;
va_start (arg_ptr, fmt);
log_logv (GPGRT_LOGLVL_ERROR, fmt, arg_ptr);
va_end (arg_ptr);
if (errnum)
log_printf (": %s\n", strerror (errnum));
else
log_printf ("\n");
if (status)
{
log_printf (NULL);
log_printf ("fatal error (exit status %i)\n", status);
gpgconf_failure (gpg_error_from_errno (errnum));
}
}
/* Forward declaration. */
static void gpg_agent_runtime_change (int killflag);
static void scdaemon_runtime_change (int killflag);
#ifdef BUILD_WITH_TPM2D
static void tpm2daemon_runtime_change (int killflag);
#endif
static void dirmngr_runtime_change (int killflag);
static void keyboxd_runtime_change (int killflag);
/* STRING_ARRAY is a malloced array with malloced strings. It is used
* a space to store strings so that other objects may point to these
* strings. It shall never be shrinked or any items changes.
* STRING_ARRAY itself may be reallocated to increase the size of the
* table. STRING_ARRAY_USED is the number of items currently used,
* STRING_ARRAY_SIZE is the number of calloced slots. */
static char **string_array;
static size_t string_array_used;
static size_t string_array_size;
/* Option configuration. */
/* An option might take an argument, or not. Argument types can be
basic or complex. Basic types are generic and easy to validate.
Complex types provide more specific information about the intended
use, but can be difficult to validate. If you add to this enum,
don't forget to update GC_ARG_TYPE below. YOU MUST NOT CHANGE THE
NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE EXTERNAL
INTERFACE. */
typedef enum
{
/* Basic argument types. */
/* No argument. */
GC_ARG_TYPE_NONE = 0,
/* A String argument. */
GC_ARG_TYPE_STRING = 1,
/* A signed integer argument. */
GC_ARG_TYPE_INT32 = 2,
/* An unsigned integer argument. */
GC_ARG_TYPE_UINT32 = 3,
/* ADD NEW BASIC TYPE ENTRIES HERE. */
/* Complex argument types. */
/* A complete filename. */
GC_ARG_TYPE_FILENAME = 32,
/* An LDAP server in the format
HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN. */
GC_ARG_TYPE_LDAP_SERVER = 33,
/* A 40 character fingerprint. */
GC_ARG_TYPE_KEY_FPR = 34,
/* A user ID or key ID or fingerprint for a certificate. */
GC_ARG_TYPE_PUB_KEY = 35,
/* A user ID or key ID or fingerprint for a certificate with a key. */
GC_ARG_TYPE_SEC_KEY = 36,
/* A alias list made up of a key, an equal sign and a space
separated list of values. */
GC_ARG_TYPE_ALIAS_LIST = 37,
/* ADD NEW COMPLEX TYPE ENTRIES HERE. */
/* The number of the above entries. */
GC_ARG_TYPE_NR
} gc_arg_type_t;
/* For every argument, we record some information about it in the
following struct. */
static const struct
{
/* For every argument type exists a basic argument type that can be
used as a fallback for input and validation purposes. */
gc_arg_type_t fallback;
/* Human-readable name of the type. */
const char *name;
} gc_arg_type[GC_ARG_TYPE_NR] =
{
/* The basic argument types have their own types as fallback. */
{ GC_ARG_TYPE_NONE, "none" },
{ GC_ARG_TYPE_STRING, "string" },
{ GC_ARG_TYPE_INT32, "int32" },
{ GC_ARG_TYPE_UINT32, "uint32" },
/* Reserved basic type entries for future extension. */
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
{ GC_ARG_TYPE_NR, NULL }, { GC_ARG_TYPE_NR, NULL },
/* The complex argument types have a basic type as fallback. */
{ GC_ARG_TYPE_STRING, "filename" },
{ GC_ARG_TYPE_STRING, "ldap server" },
{ GC_ARG_TYPE_STRING, "key fpr" },
{ GC_ARG_TYPE_STRING, "pub key" },
{ GC_ARG_TYPE_STRING, "sec key" },
{ GC_ARG_TYPE_STRING, "alias list" },
};
/* Every option has an associated expert level, than can be used to
hide advanced and expert options from beginners. If you add to
this list, don't forget to update GC_LEVEL below. YOU MUST NOT
CHANGE THE NUMBERS OF THE EXISTING ENTRIES, AS THEY ARE PART OF THE
EXTERNAL INTERFACE. */
typedef enum
{
/* The basic options should always be displayed. */
GC_LEVEL_BASIC,
/* The advanced options may be hidden from beginners. */
GC_LEVEL_ADVANCED,
/* The expert options should only be displayed to experts. */
GC_LEVEL_EXPERT,
/* The invisible options should normally never be displayed. */
GC_LEVEL_INVISIBLE,
/* The internal options are never exported, they mark options that
are recorded for internal use only. */
GC_LEVEL_INTERNAL,
/* ADD NEW ENTRIES HERE. */
/* The number of the above entries. */
GC_LEVEL_NR
} gc_expert_level_t;
/* A description for each expert level. */
static const struct
{
const char *name;
} gc_level[] =
{
{ "basic" },
{ "advanced" },
{ "expert" },
{ "invisible" },
{ "internal" }
};
/* Option flags. The flags which are used by the components are defined
by gc-opt-flags.h, included above.
YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING FLAGS, AS THEY ARE
PART OF THE EXTERNAL INTERFACE. */
/* Some entries in the emitted option list are not options, but mark
the beginning of a new group of options. These entries have the
GROUP flag set. Note that this is internally also known as a
header line. */
#define GC_OPT_FLAG_GROUP (1UL << 0)
/* The ARG_OPT flag for an option indicates that the argument is
optional. This is never set for GC_ARG_TYPE_NONE options. */
#define GC_OPT_FLAG_ARG_OPT (1UL << 1)
/* The LIST flag for an option indicates that the option can occur
several times. A comma separated list of arguments is used as the
argument value. */
#define GC_OPT_FLAG_LIST (1UL << 2)
/* The RUNTIME flag for an option indicates that the option can be
changed at runtime. */
#define GC_OPT_FLAG_RUNTIME (1UL << 3)
/* A human-readable description for each flag. */
static const struct
{
const char *name;
} gc_flag[] =
{
{ "group" },
{ "optional arg" },
{ "list" },
{ "runtime" },
{ "default" },
{ "default desc" },
{ "no arg desc" },
{ "no change" }
};
/* Each option we want to support in gpgconf has the needed
* information in a static list per componenet. This struct describes
* the info for a single option. */
struct known_option_s
{
/* If this is NULL, then this is a terminator in an array of unknown
* length. Otherwise it is the name of the option described by this
* entry. The name must not contain a colon. */
const char *name;
/* The option flags. */
unsigned long flags;
/* The expert level. */
gc_expert_level_t level;
/* The complex type of the option argument; the default of 0 is used
* for a standard type as returned by --dump-option-table. */
gc_arg_type_t arg_type;
};
typedef struct known_option_s known_option_t;
/* The known options of the GC_COMPONENT_GPG_AGENT component. */
static known_option_t known_options_gpg_agent[] =
{
{ "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "quiet", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "ssh-fingerprint-digest", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "enable-extended-key-format", GC_OPT_FLAG_RUNTIME, GC_LEVEL_INVISIBLE },
{ "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED},
{ "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
/**/ GC_ARG_TYPE_FILENAME },
{ "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "default-cache-ttl", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ "max-cache-ttl", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "allow-emacs-pinentry", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "no-allow-external-cache", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "min-passphrase-len", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
/**/ GC_ARG_TYPE_FILENAME },
{ "check-sym-passphrase-pattern", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
/**/ GC_ARG_TYPE_FILENAME },
{ "max-passphrase-days", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "enable-passphrase-history", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "pinentry-timeout", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ NULL }
};
/* The known options of the GC_COMPONENT_SCDAEMON component. */
static known_option_t known_options_scdaemon[] =
{
{ "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "reader-port", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "ctapi-driver", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ "pcsc-driver", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ "disable-ccid", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT },
{ "disable-pinpad", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "enable-pinpad-varlen", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "card-timeout", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "application-priority", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED},
{ "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
GC_ARG_TYPE_FILENAME },
{ "deny-admin", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ NULL }
};
#ifdef BUILD_WITH_TPM2D
/* The known options of the GC_COMPONENT_TPM2DAEMON component. */
static known_option_t known_options_tpm2daemon[] =
{
{ "verbose", GC_OPT_FLAG_LIST|GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "debug-level", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED},
{ "log-file", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED,
GC_ARG_TYPE_FILENAME },
{ "deny-admin", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC },
{ "parent", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED },
{ NULL }
};
#endif
/* The known options of the GC_COMPONENT_GPG component. */
static known_option_t known_options_gpg[] =
{
{ "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
{ "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "group", GC_OPT_FLAG_LIST, GC_LEVEL_ADVANCED,
GC_ARG_TYPE_ALIAS_LIST},
{ "compliance", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
{ "default-new-key-algo", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "trust-model", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED },
{ "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
GC_ARG_TYPE_FILENAME },
{ "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "auto-key-import", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
{ "include-key-block", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
{ "max-cert-depth", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "completes-needed", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "marginals-needed", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
/* The next items are pseudo options which we read via --gpgconf-list.
* The meta information is taken from the table below. */
{ "default_pubkey_algo", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "compliance_de_vs", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "use_keyboxd", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ NULL }
};
static const char *known_pseudo_options_gpg[] =
{/* v-- ARGPARSE_TYPE_STRING */
"default_pubkey_algo:0:2:@:",
/* A basic compliance check for gpg. We use gpg here but the
* result is valid for all components.
* v-- ARGPARSE_TYPE_INT */
"compliance_de_vs:0:1:@:",
/* True is use_keyboxd is enabled. That option can be set in
* common.conf but is not direcly supported by gpgconf. Thus we
* only allow to read it out.
* v-- ARGPARSE_TYPE_INT */
"use_keyboxd:0:1:@:",
NULL
};
/* The known options of the GC_COMPONENT_GPGSM component. */
static known_option_t known_options_gpgsm[] =
{
{ "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
{ "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "default-key", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "encrypt-to", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
{ "p12-charset", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "keyserver", GC_OPT_FLAG_LIST, GC_LEVEL_INVISIBLE,
GC_ARG_TYPE_LDAP_SERVER },
{ "compliance", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
{ "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED },
{ "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
GC_ARG_TYPE_FILENAME },
{ "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "enable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "include-certs", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
{ "disable-policy-checks", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "auto-issuer-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "cipher-algo", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
/* Pseudo option follows. See also table below. */
{ "default_pubkey_algo", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ NULL }
};
static const char *known_pseudo_options_gpgsm[] =
{/* v-- ARGPARSE_TYPE_STRING */
"default_pubkey_algo:0:2:@:",
NULL
};
/* The known options of the GC_COMPONENT_DIRMNGR component. */
static known_option_t known_options_dirmngr[] =
{
{ "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
{ "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "no-greeting", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "resolver-timeout", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "nameserver", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "debug-level", GC_OPT_FLAG_ARG_OPT, GC_LEVEL_ADVANCED },
{ "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
GC_ARG_TYPE_FILENAME },
{ "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ "batch", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "force", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "ldapserver", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC,
GC_ARG_TYPE_LDAP_SERVER },
{ "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "ignore-http-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "ignore-ldap-dp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT },
{ "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "allow-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "ocsp-responder", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "ocsp-signer", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ "allow-version-check", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "ignore-ocsp-service-url", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED },
{ NULL }
};
/* The known options of the GC_COMPONENT_KEYBOXD component. */
static known_option_t known_options_keyboxd[] =
{
{ "verbose", GC_OPT_FLAG_LIST, GC_LEVEL_BASIC },
{ "quiet", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC },
{ "log-file", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
GC_ARG_TYPE_FILENAME },
{ "faked-system-time", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE },
{ NULL }
};
/* The known options of the GC_COMPONENT_PINENTRY component. */
static known_option_t known_options_pinentry[] =
{
{ NULL }
};
/* Our main option info object. We copy all required information from the
* gpgrt_opt_t items but convert the flags value to bit flags. */
struct gc_option_s
{
const char *name; /* The same as gpgrt_opt_t.long_opt. */
const char *desc; /* The same as gpgrt_opt_t.description. */
unsigned int is_header:1; /* This is a header item. */
unsigned int is_list:1; /* This is a list style option. */
unsigned int opt_arg:1; /* The option's argument is optional. */
unsigned int runtime:1; /* The option is runtime changeable. */
unsigned int gpgconf_list:1; /* Mentioned by --gpgconf-list. */
unsigned int has_default:1; /* The option has a default value. */
unsigned int def_in_desc:1; /* The default is in the descrition. */
unsigned int no_arg_desc:1; /* The argument has a default ???. */
unsigned int no_change:1; /* User shall not change the option. */
unsigned int attr_ignore:1; /* The ARGPARSE_ATTR_IGNORE. */
unsigned int attr_force:1; /* The ARGPARSE_ATTR_FORCE. */
/* The expert level - copied from known_options. */
gc_expert_level_t level;
/* The complex type - copied from known_options. */
gc_arg_type_t arg_type;
/* The default value for this option. This is NULL if the option is
not present in the component, the empty string if no default is
available, and otherwise a quoted string. This is currently
malloced.*/
char *default_value;
/* The current value of this option. */
char *value;
/* The new flags for this option. The only defined flag is actually
GC_OPT_FLAG_DEFAULT, and it means that the option should be
deleted. In this case, NEW_VALUE is NULL. */
unsigned long new_flags;
/* The new value of this option. */
char *new_value;
};
typedef struct gc_option_s gc_option_t;
/* The information associated with each component. */
static struct
{
/* The name of the component. Some components don't have an
* associated program, but are implemented directly by GPGConf. In
* this case, PROGRAM is NULL. */
char *program;
/* The displayed name of this component. Must not contain a colon
* (':') character. */
const char *name;
/* The gettext domain for the description DESC. If this is NULL,
then the description is not translated. */
const char *desc_domain;
/* The description of this component. */
const char *desc;
/* The module name (GNUPG_MODULE_NAME_foo) as defined by
* ../common/util.h. This value is used to get the actual installed
* path of the program. 0 is used if no program for the component
* is available. */
char module_name;
/* The name for the configuration filename of this component. */
const char *option_config_filename;
/* The static table of known options for this component. */
known_option_t *known_options;
/* The static table of known pseudo options for this component or NULL. */
const char **known_pseudo_options;
/* The runtime change callback. If KILLFLAG is true the component
is killed and not just reloaded. */
void (*runtime_change) (int killflag);
/* The table of known options as read from the component including
* header lines and such. This is suitable to be passed to
* gpgrt_argparser. Will be filled in by
* retrieve_options_from_program. */
gpgrt_opt_t *opt_table;
/* The full table including data from OPT_TABLE. The end of the
* table is marked by NULL entry for NAME. Will be filled in by
* retrieve_options_from_program. */
gc_option_t *options;
} gc_component[GC_COMPONENT_NR] =
{
/* Note: The order of the items must match the order given in the
* gc_component_id_t enumeration. The order is often used by
* frontends to display the backend options thus do not change the
* order without considering the user experience. */
{ NULL }, /* DUMMY for GC_COMPONENT_ANY */
{ GPG_NAME, GPG_DISP_NAME, "gnupg", N_("OpenPGP"),
GNUPG_MODULE_NAME_GPG, GPG_NAME ".conf",
known_options_gpg, known_pseudo_options_gpg },
{ GPGSM_NAME, GPGSM_DISP_NAME, "gnupg", N_("S/MIME"),
GNUPG_MODULE_NAME_GPGSM, GPGSM_NAME ".conf",
known_options_gpgsm, known_pseudo_options_gpgsm },
{ KEYBOXD_NAME, KEYBOXD_DISP_NAME, "gnupg", N_("Public Keys"),
GNUPG_MODULE_NAME_KEYBOXD, KEYBOXD_NAME ".conf",
known_options_keyboxd, NULL, keyboxd_runtime_change },
{ GPG_AGENT_NAME, GPG_AGENT_DISP_NAME, "gnupg", N_("Private Keys"),
GNUPG_MODULE_NAME_AGENT, GPG_AGENT_NAME ".conf",
known_options_gpg_agent, NULL, gpg_agent_runtime_change },
{ SCDAEMON_NAME, SCDAEMON_DISP_NAME, "gnupg", N_("Smartcards"),
GNUPG_MODULE_NAME_SCDAEMON, SCDAEMON_NAME ".conf",
known_options_scdaemon, NULL, scdaemon_runtime_change},
#ifdef BUILD_WITH_TPM2D
{ TPM2DAEMON_NAME, TPM2DAEMON_DISP_NAME, "gnupg", N_("TPM"),
GNUPG_MODULE_NAME_TPM2DAEMON, TPM2DAEMON_NAME ".conf",
known_options_tpm2daemon, NULL, tpm2daemon_runtime_change},
#else
{ NULL }, /* DUMMY to keep the table in-sync with enums */
#endif
{ DIRMNGR_NAME, DIRMNGR_DISP_NAME, "gnupg", N_("Network"),
GNUPG_MODULE_NAME_DIRMNGR, DIRMNGR_NAME ".conf",
known_options_dirmngr, NULL, dirmngr_runtime_change },
{ "pinentry", "Pinentry", "gnupg", N_("Passphrase Entry"),
GNUPG_MODULE_NAME_PINENTRY, NULL,
known_options_pinentry }
};
/* Structure used to collect error output of the component programs. */
struct error_line_s;
typedef struct error_line_s *error_line_t;
struct error_line_s
{
error_line_t next; /* Link to next item. */
const char *fname; /* Name of the config file (points into BUFFER). */
unsigned int lineno; /* Line number of the config file. */
const char *errtext; /* Text of the error message (points into BUFFER). */
char buffer[1]; /* Helper buffer. */
};
/* Initialization and finalization. */
static void
gc_option_free (gc_option_t *o)
{
if (o == NULL || o->name == NULL)
return;
xfree (o->value);
gc_option_free (o + 1);
}
static void
gc_components_free (void)
{
int i;
for (i = 0; i < DIM (gc_component); i++)
gc_option_free (gc_component[i].options);
}
void
gc_components_init (void)
{
atexit (gc_components_free);
}
/* Engine specific support. */
static void
gpg_agent_runtime_change (int killflag)
{
gpg_error_t err = 0;
const char *pgmname;
const char *argv[5];
pid_t pid = (pid_t)(-1);
int i = 0;
int cmdidx;
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
if (!gnupg_default_homedir_p ())
{
argv[i++] = "--homedir";
argv[i++] = gnupg_homedir ();
}
argv[i++] = "--no-autostart";
cmdidx = i;
argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT";
argv[i] = NULL;
log_assert (i < DIM(argv));
if (!err)
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err)
err = gnupg_wait_process (pgmname, pid, 1, NULL);
if (err)
gc_error (0, 0, "error running '%s %s': %s",
pgmname, argv[cmdidx], gpg_strerror (err));
gnupg_release_process (pid);
}
static void
scdaemon_runtime_change (int killflag)
{
gpg_error_t err = 0;
const char *pgmname;
const char *argv[9];
pid_t pid = (pid_t)(-1);
int i = 0;
int cmdidx;
(void)killflag; /* For scdaemon kill and reload are synonyms. */
/* We use "GETINFO app_running" to see whether the agent is already
running and kill it only in this case. This avoids an explicit
starting of the agent in case it is not yet running. There is
obviously a race condition but that should not harm too much. */
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
if (!gnupg_default_homedir_p ())
{
argv[i++] = "--homedir";
argv[i++] = gnupg_homedir ();
}
argv[i++] = "-s";
argv[i++] = "--no-autostart";
argv[i++] = "GETINFO scd_running";
argv[i++] = "/if ${! $?}";
cmdidx = i;
argv[i++] = "scd killscd";
argv[i++] = "/end";
argv[i] = NULL;
log_assert (i < DIM(argv));
if (!err)
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err)
err = gnupg_wait_process (pgmname, pid, 1, NULL);
if (err)
gc_error (0, 0, "error running '%s %s': %s",
pgmname, argv[cmdidx], gpg_strerror (err));
gnupg_release_process (pid);
}
#ifdef BUILD_WITH_TPM2D
static void
tpm2daemon_runtime_change (int killflag)
{
gpg_error_t err = 0;
const char *pgmname;
const char *argv[9];
pid_t pid = (pid_t)(-1);
int i = 0;
int cmdidx;
(void)killflag; /* For scdaemon kill and reload are synonyms. */
/* We use "GETINFO app_running" to see whether the agent is already
running and kill it only in this case. This avoids an explicit
starting of the agent in case it is not yet running. There is
obviously a race condition but that should not harm too much. */
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
if (!gnupg_default_homedir_p ())
{
argv[i++] = "--homedir";
argv[i++] = gnupg_homedir ();
}
argv[i++] = "-s";
argv[i++] = "--no-autostart";
argv[i++] = "GETINFO tpm2d_running";
argv[i++] = "/if ${! $?}";
cmdidx = i;
argv[i++] = "scd killtpm2cd";
argv[i++] = "/end";
argv[i] = NULL;
log_assert (i < DIM(argv));
if (!err)
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err)
err = gnupg_wait_process (pgmname, pid, 1, NULL);
if (err)
gc_error (0, 0, "error running '%s %s': %s",
pgmname, argv[cmdidx], gpg_strerror (err));
gnupg_release_process (pid);
}
#endif
static void
dirmngr_runtime_change (int killflag)
{
gpg_error_t err = 0;
const char *pgmname;
const char *argv[6];
pid_t pid = (pid_t)(-1);
int i = 0;
int cmdidx;
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
if (!gnupg_default_homedir_p ())
{
argv[i++] = "--homedir";
argv[i++] = gnupg_homedir ();
}
argv[i++] = "--no-autostart";
argv[i++] = "--dirmngr";
cmdidx = i;
argv[i++] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
argv[i] = NULL;
log_assert (i < DIM(argv));
if (!err)
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err)
err = gnupg_wait_process (pgmname, pid, 1, NULL);
if (err)
gc_error (0, 0, "error running '%s %s': %s",
pgmname, argv[cmdidx], gpg_strerror (err));
gnupg_release_process (pid);
}
static void
keyboxd_runtime_change (int killflag)
{
gpg_error_t err = 0;
const char *pgmname;
const char *argv[6];
pid_t pid = (pid_t)(-1);
int i = 0;
int cmdidx;
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
argv[i++] = "--no-autostart";
argv[i++] = "--keyboxd";
cmdidx = i;
argv[i++] = killflag? "KILLKEYBOXD" : "RELOADKEYBOXD";
if (!gnupg_default_homedir_p ())
{
argv[i++] = "--homedir";
argv[i++] = gnupg_homedir ();
}
argv[i] = NULL;
log_assert (i < DIM(argv));
if (!err)
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err)
err = gnupg_wait_process (pgmname, pid, 1, NULL);
if (err)
gc_error (0, 0, "error running '%s %s': %s",
pgmname, argv[cmdidx], gpg_strerror (err));
gnupg_release_process (pid);
}
/* Launch the gpg-agent or the dirmngr if not already running. */
gpg_error_t
gc_component_launch (int component)
{
gpg_error_t err;
const char *pgmname;
const char *argv[6];
int i;
pid_t pid;
if (component < 0)
{
err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
if (!err)
err = gc_component_launch (GC_COMPONENT_KEYBOXD);
if (!err)
err = gc_component_launch (GC_COMPONENT_DIRMNGR);
return err;
}
if (!(component == GC_COMPONENT_GPG_AGENT
|| component == GC_COMPONENT_KEYBOXD
|| component == GC_COMPONENT_DIRMNGR))
{
log_error ("%s\n", _("Component not suitable for launching"));
gpgconf_failure (0);
}
if (gc_component_check_options (component, NULL, NULL))
{
log_error (_("Configuration file of component %s is broken\n"),
gc_component[component].name);
if (!opt.quiet)
log_info (_("Note: Use the command \"%s%s\" to get details.\n"),
gc_component[component].program
? gc_component[component].program
: gc_component[component].name,
" --gpgconf-test");
gpgconf_failure (0);
}
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
i = 0;
if (!gnupg_default_homedir_p ())
{
argv[i++] = "--homedir";
argv[i++] = gnupg_homedir ();
}
if (component == GC_COMPONENT_DIRMNGR)
argv[i++] = "--dirmngr";
else if (component == GC_COMPONENT_KEYBOXD)
argv[i++] = "--keyboxd";
argv[i++] = "NOP";
argv[i] = NULL;
log_assert (i < DIM(argv));
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err)
err = gnupg_wait_process (pgmname, pid, 1, NULL);
if (err)
gc_error (0, 0, "error running '%s%s%s': %s",
pgmname,
component == GC_COMPONENT_DIRMNGR? " --dirmngr"
: component == GC_COMPONENT_KEYBOXD? " --keyboxd":"",
" NOP",
gpg_strerror (err));
gnupg_release_process (pid);
return err;
}
static void
do_runtime_change (int component, int killflag)
{
int runtime[GC_COMPONENT_NR] = { 0 };
if (component < 0)
{
for (component = 0; component < GC_COMPONENT_NR; component++)
runtime [component] = 1;
}
else
{
log_assert (component >= 0 && component < GC_COMPONENT_NR);
runtime [component] = 1;
}
/* Do the restart for the selected components. */
for (component = GC_COMPONENT_NR-1; component >= 0; component--)
{
if (runtime[component] && gc_component[component].runtime_change)
(*gc_component[component].runtime_change) (killflag);
}
}
/* Unconditionally restart COMPONENT. */
void
gc_component_kill (int component)
{
do_runtime_change (component, 1);
}
/* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */
void
gc_component_reload (int component)
{
do_runtime_change (component, 0);
}
/* More or less Robust version of dgettext. It has the side effect of
switching the codeset to utf-8 because this is what we want to
output. In theory it is possible to keep the original code set and
switch back for regular diagnostic output (redefine "_(" for that)
but given the nature of this tool, being something invoked from
other programs, it does not make much sense. */
static const char *
my_dgettext (const char *domain, const char *msgid)
{
if (!msgid || !*msgid)
return msgid; /* Shortcut form "" which has the PO files meta data. */
#ifdef USE_SIMPLE_GETTEXT
if (domain)
{
static int switched_codeset;
char *text;
if (!switched_codeset)
{
switched_codeset = 1;
gettext_use_utf8 (1);
}
if (!strcmp (domain, "gnupg"))
domain = PACKAGE_GT;
/* FIXME: we have no dgettext, thus we can't switch. */
text = (char*)gettext (msgid);
return text ? text : msgid;
}
else
return msgid;
#elif defined(ENABLE_NLS)
if (domain)
{
static int switched_codeset;
char *text;
if (!switched_codeset)
{
switched_codeset = 1;
bind_textdomain_codeset (PACKAGE_GT, "utf-8");
bindtextdomain (DIRMNGR_NAME, gnupg_localedir ());
bind_textdomain_codeset (DIRMNGR_NAME, "utf-8");
}
/* Note: This is a hack to actually use the gnupg2 domain as
long we are in a transition phase where gnupg 1.x and 1.9 may
coexist. */
if (!strcmp (domain, "gnupg"))
domain = PACKAGE_GT;
text = dgettext (domain, msgid);
return text ? text : msgid;
}
else
return msgid;
#else
(void)domain;
return msgid;
#endif
}
/* Percent-Escape special characters. The string is valid until the
next invocation of the function. */
char *
gc_percent_escape (const char *src)
{
static char *esc_str;
static int esc_str_len;
int new_len = 3 * strlen (src) + 1;
char *dst;
if (esc_str_len < new_len)
{
char *new_esc_str = xrealloc (esc_str, new_len);
esc_str = new_esc_str;
esc_str_len = new_len;
}
dst = esc_str;
while (*src)
{
if (*src == '%')
{
*(dst++) = '%';
*(dst++) = '2';
*(dst++) = '5';
}
else if (*src == ':')
{
/* The colon is used as field separator. */
*(dst++) = '%';
*(dst++) = '3';
*(dst++) = 'a';
}
else if (*src == ',')
{
/* The comma is used as list separator. */
*(dst++) = '%';
*(dst++) = '2';
*(dst++) = 'c';
}
else if (*src == '\n')
{
/* The newline is problematic in a line-based format. */
*(dst++) = '%';
*(dst++) = '0';
*(dst++) = 'a';
}
else
*(dst++) = *(src);
src++;
}
*dst = '\0';
return esc_str;
}
/* Percent-Deescape special characters. The string is valid until the
next invocation of the function. */
static char *
percent_deescape (const char *src)
{
static char *str;
static int str_len;
int new_len = 3 * strlen (src) + 1;
char *dst;
if (str_len < new_len)
{
char *new_str = xrealloc (str, new_len);
str = new_str;
str_len = new_len;
}
dst = str;
while (*src)
{
if (*src == '%')
{
int val = hextobyte (src + 1);
if (val < 0)
gc_error (1, 0, "malformed end of string %s", src);
*(dst++) = (char) val;
src += 3;
}
else
*(dst++) = *(src++);
}
*dst = '\0';
return str;
}
/* List all components that are available. */
void
gc_component_list_components (estream_t out)
{
gc_component_id_t component;
const char *desc;
const char *pgmname;
for (component = 0; component < GC_COMPONENT_NR; component++)
{
if (!gc_component[component].program)
continue;
if (gc_component[component].module_name)
pgmname = gnupg_module_name (gc_component[component].module_name);
else
pgmname = "";
desc = gc_component[component].desc;
desc = my_dgettext (gc_component[component].desc_domain, desc);
es_fprintf (out, "%s:%s:",
gc_component[component].program, gc_percent_escape (desc));
es_fprintf (out, "%s\n", gc_percent_escape (pgmname));
}
}
static int
all_digits_p (const char *p, size_t len)
{
if (!len)
return 0; /* No. */
for (; len; len--, p++)
if (!isascii (*p) || !isdigit (*p))
return 0; /* No. */
return 1; /* Yes. */
}
/* Collect all error lines from stream FP. Only lines prefixed with
TAG are considered. Returns a list of error line items (which may
be empty). There is no error return. */
static error_line_t
collect_error_output (estream_t fp, const char *tag)
{
char buffer[1024];
char *p, *p2, *p3;
int c, cont_line;
unsigned int pos;
error_line_t eitem, errlines, *errlines_tail;
size_t taglen = strlen (tag);
errlines = NULL;
errlines_tail = &errlines;
pos = 0;
cont_line = 0;
while ((c=es_getc (fp)) != EOF)
{
buffer[pos++] = c;
if (pos >= sizeof buffer - 5 || c == '\n')
{
buffer[pos - (c == '\n')] = 0;
if (cont_line)
; /*Ignore continuations of previous line. */
else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
{
/* "gpgsm: foo:4: bla" */
/* Yep, we are interested in this line. */
p = buffer + taglen + 1;
while (*p == ' ' || *p == '\t')
p++;
trim_trailing_spaces (p); /* Get rid of extra CRs. */
if (!*p)
; /* Empty lines are ignored. */
else if ( (p2 = strchr (p, ':')) && (p3 = strchr (p2+1, ':'))
&& all_digits_p (p2+1, p3 - (p2+1)))
{
/* Line in standard compiler format. */
p3++;
while (*p3 == ' ' || *p3 == '\t')
p3++;
eitem = xmalloc (sizeof *eitem + strlen (p));
eitem->next = NULL;
strcpy (eitem->buffer, p);
eitem->fname = eitem->buffer;
eitem->buffer[p2-p] = 0;
eitem->errtext = eitem->buffer + (p3 - p);
/* (we already checked that there are only ascii
digits followed by a colon) */
eitem->lineno = 0;
for (p2++; isdigit (*p2); p2++)
eitem->lineno = eitem->lineno*10 + (*p2 - '0');
*errlines_tail = eitem;
errlines_tail = &eitem->next;
}
else
{
/* Other error output. */
eitem = xmalloc (sizeof *eitem + strlen (p));
eitem->next = NULL;
strcpy (eitem->buffer, p);
eitem->fname = NULL;
eitem->errtext = eitem->buffer;
eitem->lineno = 0;
*errlines_tail = eitem;
errlines_tail = &eitem->next;
}
}
pos = 0;
/* If this was not a complete line mark that we are in a
continuation. */
cont_line = (c != '\n');
}
}
/* We ignore error lines not terminated by a LF. */
return errlines;
}
/* Check the options of a single component. If CONF_FILE is NULL the
* standard config file is used. If OUT is not NULL the output is
* written to that stream. Returns 0 if everything is OK. */
int
gc_component_check_options (int component, estream_t out, const char *conf_file)
{
gpg_error_t err;
unsigned int result;
const char *pgmname;
const char *argv[6];
int i;
pid_t pid;
int exitcode;
estream_t errfp;
error_line_t errlines;
log_assert (component >= 0 && component < GC_COMPONENT_NR);
if (!gc_component[component].program)
return 0;
if (!gc_component[component].module_name)
return 0;
pgmname = gnupg_module_name (gc_component[component].module_name);
i = 0;
if (!gnupg_default_homedir_p ()
&& component != GC_COMPONENT_PINENTRY)
{
argv[i++] = "--homedir";
argv[i++] = gnupg_homedir ();
}
if (conf_file)
{
argv[i++] = "--options";
argv[i++] = conf_file;
}
if (component == GC_COMPONENT_PINENTRY)
argv[i++] = "--version";
else
argv[i++] = "--gpgconf-test";
argv[i] = NULL;
log_assert (i < DIM(argv));
result = 0;
errlines = NULL;
- err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
+ err = gnupg_spawn_process (pgmname, argv, NULL, 0,
NULL, NULL, &errfp, &pid);
if (err)
result |= 1; /* Program could not be run. */
else
{
errlines = collect_error_output (errfp,
gc_component[component].name);
if (gnupg_wait_process (pgmname, pid, 1, &exitcode))
{
if (exitcode == -1)
result |= 1; /* Program could not be run or it
terminated abnormally. */
result |= 2; /* Program returned an error. */
}
gnupg_release_process (pid);
es_fclose (errfp);
}
/* If the program could not be run, we can't tell whether
the config file is good. */
if (result & 1)
result |= 2;
if (out)
{
const char *desc;
error_line_t errptr;
desc = gc_component[component].desc;
desc = my_dgettext (gc_component[component].desc_domain, desc);
es_fprintf (out, "%s:%s:",
gc_component[component].program, gc_percent_escape (desc));
es_fputs (gc_percent_escape (pgmname), out);
es_fprintf (out, ":%d:%d:", !(result & 1), !(result & 2));
for (errptr = errlines; errptr; errptr = errptr->next)
{
if (errptr != errlines)
es_fputs ("\n:::::", out); /* Continuation line. */
if (errptr->fname)
es_fputs (gc_percent_escape (errptr->fname), out);
es_putc (':', out);
if (errptr->fname)
es_fprintf (out, "%u", errptr->lineno);
es_putc (':', out);
es_fputs (gc_percent_escape (errptr->errtext), out);
es_putc (':', out);
}
es_putc ('\n', out);
}
while (errlines)
{
error_line_t tmp = errlines->next;
xfree (errlines);
errlines = tmp;
}
return result;
}
/* Check all components that are available. */
void
gc_check_programs (estream_t out)
{
gc_component_id_t component;
for (component = 0; component < GC_COMPONENT_NR; component++)
gc_component_check_options (component, out, NULL);
}
/* Find the component with the name NAME. Returns -1 if not
found. */
int
gc_component_find (const char *name)
{
gc_component_id_t idx;
for (idx = 0; idx < GC_COMPONENT_NR; idx++)
{
if (gc_component[idx].program
&& !strcmp (name, gc_component[idx].program))
return idx;
}
return -1;
}
/* List the option OPTION. */
static void
list_one_option (gc_component_id_t component,
const gc_option_t *option, estream_t out)
{
const char *desc = NULL;
char *arg_name = NULL;
unsigned long flags;
const char *desc_domain = gc_component[component].desc_domain;
/* Don't show options with the ignore attribute. */
if (option->attr_ignore && !option->attr_force)
return;
if (option->desc)
{
desc = my_dgettext (desc_domain, option->desc);
if (*desc == '|')
{
const char *arg_tail = strchr (&desc[1], '|');
if (arg_tail)
{
int arg_len = arg_tail - &desc[1];
arg_name = xmalloc (arg_len + 1);
memcpy (arg_name, &desc[1], arg_len);
arg_name[arg_len] = '\0';
desc = arg_tail + 1;
}
}
}
/* YOU MUST NOT REORDER THE FIELDS IN THIS OUTPUT, AS THEIR ORDER IS
PART OF THE EXTERNAL INTERFACE. YOU MUST NOT REMOVE ANY
FIELDS. */
/* The name field. */
es_fprintf (out, "%s", option->name);
/* The flags field. */
flags = 0;
if (option->is_header) flags |= GC_OPT_FLAG_GROUP;
if (option->is_list) flags |= GC_OPT_FLAG_LIST;
if (option->runtime) flags |= GC_OPT_FLAG_RUNTIME;
if (option->has_default) flags |= GC_OPT_FLAG_DEFAULT;
if (option->def_in_desc) flags |= GC_OPT_FLAG_DEF_DESC;
if (option->no_arg_desc) flags |= GC_OPT_FLAG_NO_ARG_DESC;
if (option->no_change) flags |= GC_OPT_FLAG_NO_CHANGE;
if (option->attr_force) flags |= GC_OPT_FLAG_NO_CHANGE;
es_fprintf (out, ":%lu", flags);
if (opt.verbose)
{
es_putc (' ', out);
if (!flags)
es_fprintf (out, "none");
else
{
unsigned long flag = 0;
unsigned long first = 1;
while (flags)
{
if (flags & 1)
{
if (first)
first = 0;
else
es_putc (',', out);
es_fprintf (out, "%s", gc_flag[flag].name);
}
flags >>= 1;
flag++;
}
}
}
/* The level field. */
es_fprintf (out, ":%u", option->level);
if (opt.verbose)
es_fprintf (out, " %s", gc_level[option->level].name);
/* The description field. */
es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
/* The type field. */
es_fprintf (out, ":%u", option->arg_type);
if (opt.verbose)
es_fprintf (out, " %s", gc_arg_type[option->arg_type].name);
/* The alternate type field. */
es_fprintf (out, ":%u", gc_arg_type[option->arg_type].fallback);
if (opt.verbose)
es_fprintf (out, " %s",
gc_arg_type[gc_arg_type[option->arg_type].fallback].name);
/* The argument name field. */
es_fprintf (out, ":%s", arg_name ? gc_percent_escape (arg_name) : "");
xfree (arg_name);
/* The default value field. */
es_fprintf (out, ":%s", option->default_value ? option->default_value : "");
/* The default argument field. This was never used and is thus empty. */
es_fprintf (out, ":");
/* The value field. */
if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
&& option->is_list && option->value)
{
/* The special format "1,1,1,1,...,1" is converted to a number
here. */
es_fprintf (out, ":%u", (unsigned int)((strlen (option->value) + 1) / 2));
}
else
es_fprintf (out, ":%s", option->value ? option->value : "");
/* ADD NEW FIELDS HERE. */
es_putc ('\n', out);
}
/* List all options of the component COMPONENT. */
void
gc_component_list_options (int component, estream_t out)
{
const gc_option_t *option = gc_component[component].options;
for ( ; option && option->name; option++)
{
/* Do not output unknown or internal options. */
if (!option->is_header
&& option->level == GC_LEVEL_INTERNAL)
continue;
if (option->is_header)
{
const gc_option_t *group_option = option + 1;
gc_expert_level_t level = GC_LEVEL_NR;
/* The manual states that the group level is always the
minimum of the levels of all contained options. Due to
different active options, and because it is hard to
maintain manually, we calculate it here. The value in
the global static table is ignored. */
for ( ; group_option->name; group_option++)
{
if (group_option->is_header)
break;
if (group_option->level < level)
level = group_option->level;
}
/* Check if group is empty. */
if (level != GC_LEVEL_NR)
{
gc_option_t opt_copy;
/* Fix up the group level. */
opt_copy = *option;
opt_copy.level = level;
list_one_option (component, &opt_copy, out);
}
}
else
list_one_option (component, option, out);
}
}
/* Return true if the option NAME is known and that we want it as
* gpgconf managed option. */
static known_option_t *
is_known_option (gc_component_id_t component, const char *name)
{
known_option_t *option = gc_component[component].known_options;
if (option)
{
for (; option->name; option++)
if (!strcmp (option->name, name))
break;
}
return (option && option->name)? option : NULL;
}
/* Find the option NAME in component COMPONENT. Returns pointer to
* the option descriptor or NULL if not found. */
static gc_option_t *
find_option (gc_component_id_t component, const char *name)
{
gc_option_t *option = gc_component[component].options;
if (option)
{
for (; option->name; option++)
{
if (!option->is_header
&& !strcmp (option->name, name))
return option;
}
}
return NULL;
}
struct read_line_wrapper_parm_s
{
const char *pgmname;
estream_t fp;
char *line;
size_t line_len;
const char **extra_lines;
int extra_lines_idx;
char *extra_line_buffer;
};
/* Helper for retrieve_options_from_program. */
static ssize_t
read_line_wrapper (struct read_line_wrapper_parm_s *parm)
{
ssize_t length;
const char *extra_line;
if (parm->fp)
{
length = es_read_line (parm->fp, &parm->line, &parm->line_len, NULL);
if (length > 0)
return length;
if (length < 0 || es_ferror (parm->fp))
gc_error (1, errno, "error reading from %s", parm->pgmname);
if (es_fclose (parm->fp))
gc_error (1, errno, "error closing %s", parm->pgmname);
/* EOF seen. */
parm->fp = NULL;
}
/* Return the made up lines. */
if (!parm->extra_lines
|| !(extra_line = parm->extra_lines[parm->extra_lines_idx]))
return -1; /* This is really the EOF. */
parm->extra_lines_idx++;
xfree (parm->extra_line_buffer);
parm->extra_line_buffer = xstrdup (extra_line);
return strlen (parm->extra_line_buffer);
}
/* Retrieve the options for the component COMPONENT. With
* ONLY_INSTALLED set components which are not installed are silently
* ignored. */
static void
retrieve_options_from_program (gc_component_id_t component, int only_installed)
{
gpg_error_t err;
const char *pgmname;
const char *argv[2];
estream_t outfp;
int exitcode;
pid_t pid;
known_option_t *known_option;
gc_option_t *option;
char *line = NULL;
size_t line_len;
ssize_t length;
const char *config_name;
gpgrt_argparse_t pargs;
int dummy_argc;
char *twopartconfig_name = NULL;
gpgrt_opt_t *opt_table = NULL; /* A malloced option table. */
size_t opt_table_used = 0; /* Its current length. */
size_t opt_table_size = 0; /* Its allocated length. */
gc_option_t *opt_info = NULL; /* A malloced options table. */
size_t opt_info_used = 0; /* Its current length. */
size_t opt_info_size = 0; /* Its allocated length. */
int i;
struct read_line_wrapper_parm_s read_line_parm;
int pseudo_count;
pgmname = (gc_component[component].module_name
? gnupg_module_name (gc_component[component].module_name)
: gc_component[component].program );
if (only_installed && gnupg_access (pgmname, X_OK))
{
return; /* The component is not installed. */
}
/* First we need to read the option table from the program. */
argv[0] = "--dump-option-table";
argv[1] = NULL;
- err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
+ err = gnupg_spawn_process (pgmname, argv, NULL, 0,
NULL, &outfp, NULL, &pid);
if (err)
{
gc_error (1, 0, "could not gather option table from '%s': %s",
pgmname, gpg_strerror (err));
}
read_line_parm.pgmname = pgmname;
read_line_parm.fp = outfp;
read_line_parm.line = line;
read_line_parm.line_len = line_len = 0;
read_line_parm.extra_line_buffer = NULL;
read_line_parm.extra_lines = gc_component[component].known_pseudo_options;
read_line_parm.extra_lines_idx = 0;
pseudo_count = 0;
while ((length = read_line_wrapper (&read_line_parm)) > 0)
{
const char *fields[4];
const char *optname, *optdesc;
unsigned int optflags;
int short_opt;
gc_arg_type_t arg_type;
int pseudo = 0;
if (read_line_parm.extra_line_buffer)
{
line = read_line_parm.extra_line_buffer;
pseudo = 1;
pseudo_count++;
}
else
line = read_line_parm.line;
/* Strip newline and carriage return, if present. */
while (length > 0
&& (line[length - 1] == '\n' || line[length - 1] == '\r'))
line[--length] = '\0';
if (split_fields_colon (line, fields, DIM (fields)) < 4)
{
gc_error (0,0, "WARNING: invalid line in option table of '%s'\n",
pgmname);
continue;
}
optname = fields[0];
short_opt = atoi (fields[1]);
if (short_opt < 1 && !pseudo)
{
gc_error (0,0, "WARNING: bad short option in option table of '%s'\n",
pgmname);
continue;
}
optflags = strtoul (fields[2], NULL, 10);
if ((optflags & ARGPARSE_OPT_HEADER))
known_option = NULL; /* We want all header-only options. */
else if ((known_option = is_known_option (component, optname)))
; /* Yes we want this one. */
else
continue; /* No need to store this option description. */
/* The +1 here is to make sure that we will have a zero item at
* the end of the table. */
if (opt_table_used + 1 >= opt_table_size)
{
/* Note that this also does the initial allocation. */
opt_table_size += 128;
opt_table = xreallocarray (opt_table,
opt_table_used,
opt_table_size,
sizeof *opt_table);
}
/* The +1 here is to make sure that we will have a zero item at
* the end of the table. */
if (opt_info_used + 1 >= opt_info_size)
{
/* Note that this also does the initial allocation. */
opt_info_size += 128;
opt_info = xreallocarray (opt_info,
opt_info_used,
opt_info_size,
sizeof *opt_info);
}
/* The +1 here accounts for the two items we are going to add to
* the global string table. */
if (string_array_used + 1 >= string_array_size)
{
string_array_size += 256;
string_array = xreallocarray (string_array,
string_array_used,
string_array_size,
sizeof *string_array);
}
optname = string_array[string_array_used++] = xstrdup (fields[0]);
optdesc = string_array[string_array_used++] = xstrdup (fields[3]);
/* Create an option table which can then be supplied to
* gpgrt_parser. Unfortunately there is no private pointer in
* the public option table struct so that we can't add extra
* data we need here. Thus we need to build up another table
* for such info and for ease of use we also copy the tehre the
* data from the option table. It is not possible to use the
* known_option_s for this because that one does not carry
* header lines and it might also be problematic to use such
* static tables for caching options and default values. */
if (!pseudo)
{
opt_table[opt_table_used].long_opt = optname;
opt_table[opt_table_used].short_opt = short_opt;
opt_table[opt_table_used].description = optdesc;
opt_table[opt_table_used].flags = optflags;
opt_table_used++;
}
/* Note that as per argparser specs the opt_table uses "@" to
* specifify an empty description. In the DESC script of
* options (opt_info_t) we want to have a real empty string. */
opt_info[opt_info_used].name = optname;
if (*optdesc == '@' && !optdesc[1])
opt_info[opt_info_used].desc = optdesc+1;
else
opt_info[opt_info_used].desc = optdesc;
/* Unfortunately we need to remap the types. */
switch ((optflags & ARGPARSE_TYPE_MASK))
{
case ARGPARSE_TYPE_INT: arg_type = GC_ARG_TYPE_INT32; break;
case ARGPARSE_TYPE_LONG: arg_type = GC_ARG_TYPE_INT32; break;
case ARGPARSE_TYPE_ULONG: arg_type = GC_ARG_TYPE_UINT32; break;
case ARGPARSE_TYPE_STRING: arg_type = GC_ARG_TYPE_STRING; break;
default: arg_type = GC_ARG_TYPE_NONE; break;
}
opt_info[opt_info_used].arg_type = arg_type;
if (pseudo) /* Pseudo options are always no_change. */
opt_info[opt_info_used].no_change = 1;
if ((optflags & ARGPARSE_OPT_HEADER))
opt_info[opt_info_used].is_header = 1;
if (known_option)
{
if ((known_option->flags & GC_OPT_FLAG_LIST))
opt_info[opt_info_used].is_list = 1;
/* FIXME: The next can also be taken from opt_table->flags.
* We need to check the code whether both specifications match. */
if ((known_option->flags & GC_OPT_FLAG_ARG_OPT))
opt_info[opt_info_used].opt_arg = 1;
if ((known_option->flags & GC_OPT_FLAG_RUNTIME))
opt_info[opt_info_used].runtime = 1;
opt_info[opt_info_used].level = known_option->level;
/* Override the received argtype by a complex type. */
if (known_option->arg_type)
opt_info[opt_info_used].arg_type = known_option->arg_type;
}
opt_info_used++;
}
xfree (read_line_parm.extra_line_buffer);
line = read_line_parm.line;
line_len = read_line_parm.line_len;
log_assert (opt_table_used + pseudo_count == opt_info_used);
err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
if (err)
gc_error (1, 0, "running %s failed (exitcode=%d): %s",
pgmname, exitcode, gpg_strerror (err));
gnupg_release_process (pid);
/* Make the gpgrt option table and the internal option table available. */
gc_component[component].opt_table = opt_table;
gc_component[component].options = opt_info;
/* Now read the default options. */
argv[0] = "--gpgconf-list";
argv[1] = NULL;
- err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
+ err = gnupg_spawn_process (pgmname, argv, NULL, 0,
NULL, &outfp, NULL, &pid);
if (err)
{
gc_error (1, 0, "could not gather active options from '%s': %s",
pgmname, gpg_strerror (err));
}
while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
{
char *linep;
unsigned long flags = 0;
char *default_value = NULL;
/* Strip newline and carriage return, if present. */
while (length > 0
&& (line[length - 1] == '\n' || line[length - 1] == '\r'))
line[--length] = '\0';
linep = strchr (line, ':');
if (linep)
*(linep++) = '\0';
/* Extract additional flags. Default to none. */
if (linep)
{
char *end;
char *tail;
end = strchr (linep, ':');
if (end)
*(end++) = '\0';
gpg_err_set_errno (0);
flags = strtoul (linep, &tail, 0);
if (errno)
gc_error (1, errno, "malformed flags in option %s from %s",
line, pgmname);
if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
gc_error (1, 0, "garbage after flags in option %s from %s",
line, pgmname);
linep = end;
}
/* Extract default value, if present. Default to empty if
not. */
if (linep)
{
char *end;
end = strchr (linep, ':');
if (end)
*(end++) = '\0';
if ((flags & GC_OPT_FLAG_DEFAULT))
default_value = linep;
linep = end;
}
/* Look up the option in the component and install the
configuration data. */
option = find_option (component, line);
if (option)
{
if (option->gpgconf_list)
gc_error (1, errno,
"option %s returned twice from \"%s --gpgconf-list\"",
line, pgmname);
option->gpgconf_list = 1;
if ((flags & GC_OPT_FLAG_DEFAULT))
option->has_default = 1;
if ((flags & GC_OPT_FLAG_DEF_DESC))
option->def_in_desc = 1;
if ((flags & GC_OPT_FLAG_NO_ARG_DESC))
option->no_arg_desc = 1;
if ((flags & GC_OPT_FLAG_NO_CHANGE))
option->no_change = 1;
if (default_value && *default_value)
option->default_value = xstrdup (default_value);
}
}
if (length < 0 || es_ferror (outfp))
gc_error (1, errno, "error reading from %s", pgmname);
if (es_fclose (outfp))
gc_error (1, errno, "error closing %s", pgmname);
err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
if (err)
gc_error (1, 0, "running %s failed (exitcode=%d): %s",
pgmname, exitcode, gpg_strerror (err));
gnupg_release_process (pid);
/* At this point, we can parse the configuration file. */
config_name = gc_component[component].option_config_filename;
if (!config_name)
gc_error (1, 0, "name of config file for %s is not known\n", pgmname);
if (!gnupg_default_homedir_p ())
{
/* This is not the default homedir. We need to take an absolute
* config name for the user config file; gpgrt_argparser
* fortunately supports this. */
char *tmp = make_filename (gnupg_homedir (), config_name, NULL);
twopartconfig_name = xstrconcat (config_name, PATHSEP_S, tmp, NULL);
xfree (tmp);
config_name = twopartconfig_name;
}
memset (&pargs, 0, sizeof pargs);
dummy_argc = 0;
pargs.argc = &dummy_argc;
pargs.flags = (ARGPARSE_FLAG_KEEP
| ARGPARSE_FLAG_SYS
| ARGPARSE_FLAG_USER
| ARGPARSE_FLAG_WITHATTR);
if (opt.verbose)
pargs.flags |= ARGPARSE_FLAG_VERBOSE;
while (gpgrt_argparser (&pargs, opt_table, config_name))
{
char *opt_value;
if (pargs.r_opt == ARGPARSE_CONFFILE)
{
/* log_debug ("current conffile='%s'\n", */
/* pargs.r_type? pargs.r.ret_str: "[cmdline]"); */
continue;
}
if ((pargs.r_type & ARGPARSE_OPT_IGNORE))
continue;
/* We only have the short option. Search in the option table
* for the long option name. */
for (i=0; opt_table[i].short_opt; i++)
if (opt_table[i].short_opt == pargs.r_opt)
break;
if (!opt_table[i].short_opt || !opt_table[i].long_opt)
continue; /* No or only a short option - ignore. */
/* Look up the option from the config file in our list of
* supported options. */
option= find_option (component, opt_table[i].long_opt);
if (!option)
continue; /* We don't want to handle this option. */
/* Set the force and ignore attributes. The idea is that there
* is no way to clear them again, thus we set them when first
* encountered. */
if ((pargs.r_type & ARGPARSE_ATTR_FORCE))
option->attr_force = 1;
if ((pargs.r_type & ARGPARSE_ATTR_IGNORE))
option->attr_ignore = 1;
/* If an option has been ignored, there is no need to return
* that option with gpgconf --list-options. */
if (option->attr_ignore)
continue;
switch ((pargs.r_type & ARGPARSE_TYPE_MASK))
{
case ARGPARSE_TYPE_INT:
opt_value = xasprintf ("%d", pargs.r.ret_int);
break;
case ARGPARSE_TYPE_LONG:
opt_value = xasprintf ("%ld", pargs.r.ret_long);
break;
case ARGPARSE_TYPE_ULONG:
opt_value = xasprintf ("%lu", pargs.r.ret_ulong);
break;
case ARGPARSE_TYPE_STRING:
if (!pargs.r.ret_str)
opt_value = xstrdup ("\"(none)"); /* We should not see this. */
else
opt_value = xasprintf ("\"%s", gc_percent_escape (pargs.r.ret_str));
break;
default: /* ARGPARSE_TYPE_NONE or any unknown type. */
opt_value = xstrdup ("1"); /* Make sure we have some value. */
break;
}
/* Now enter the value read from the config file into the table. */
if (!option->is_list)
{
xfree (option->value);
option->value = opt_value;
}
else if (!option->value) /* LIST but first item. */
option->value = opt_value;
else
{
char *old = option->value;
option->value = xstrconcat (old, ",", opt_value, NULL);
xfree (old);
xfree (opt_value);
}
}
xfree (line);
xfree (twopartconfig_name);
}
/* Retrieve the currently active options and their defaults for this
component. Using -1 for component will retrieve all options from
all installed components. */
void
gc_component_retrieve_options (int component)
{
int process_all = 0;
if (component == -1)
{
process_all = 1;
component = 0;
}
do
{
if (component == GC_COMPONENT_PINENTRY)
continue; /* Skip this dummy component. */
if (gc_component[component].program)
retrieve_options_from_program (component, process_all);
}
while (process_all && ++component < GC_COMPONENT_NR);
}
/* Perform a simple validity check based on the type. Return in
* NEW_VALUE_NR the value of the number in NEW_VALUE if OPTION is of
* type GC_ARG_TYPE_NONE. If VERBATIM is set the profile parsing mode
* is used. */
static void
option_check_validity (gc_component_id_t component,
gc_option_t *option, unsigned long flags,
char *new_value, unsigned long *new_value_nr,
int verbatim)
{
char *arg;
(void)component;
if (option->new_flags || option->new_value)
gc_error (1, 0, "option %s already changed", option->name);
if (flags & GC_OPT_FLAG_DEFAULT)
{
if (*new_value)
gc_error (1, 0, "argument %s provided for deleted option %s",
new_value, option->name);
return;
}
/* GC_ARG_TYPE_NONE options have special list treatment. */
if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE)
{
char *tail;
gpg_err_set_errno (0);
*new_value_nr = strtoul (new_value, &tail, 0);
if (errno)
gc_error (1, errno, "invalid argument for option %s",
option->name);
if (*tail)
gc_error (1, 0, "garbage after argument for option %s",
option->name);
if (!option->is_list)
{
if (*new_value_nr != 1)
gc_error (1, 0, "argument for non-list option %s of type 0 "
"(none) must be 1", option->name);
}
else
{
if (*new_value_nr == 0)
gc_error (1, 0, "argument for option %s of type 0 (none) "
"must be positive", option->name);
}
return;
}
arg = new_value;
do
{
if (*arg == '\0' || (*arg == ',' && !verbatim))
{
if (!option->opt_arg)
gc_error (1, 0, "argument required for option %s", option->name);
if (*arg == ',' && !verbatim && !option->is_list)
gc_error (1, 0, "list found for non-list option %s", option->name);
}
else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_STRING)
{
if (*arg != '"' && !verbatim)
gc_error (1, 0, "string argument for option %s must begin "
"with a quote (\") character", option->name);
/* FIXME: We do not allow empty string arguments for now, as
we do not quote arguments in configuration files, and
thus no argument is indistinguishable from the empty
string. */
if (arg[1] == '\0' || (arg[1] == ',' && !verbatim))
gc_error (1, 0, "empty string argument for option %s is "
"currently not allowed. Please report this!",
option->name);
}
else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_INT32)
{
long res;
gpg_err_set_errno (0);
res = strtol (arg, &arg, 0);
(void) res;
if (errno)
gc_error (1, errno, "invalid argument for option %s",
option->name);
if (*arg != '\0' && (*arg != ',' || verbatim))
gc_error (1, 0, "garbage after argument for option %s",
option->name);
}
else if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_UINT32)
{
unsigned long res;
gpg_err_set_errno (0);
res = strtoul (arg, &arg, 0);
(void) res;
if (errno)
gc_error (1, errno, "invalid argument for option %s",
option->name);
if (*arg != '\0' && (*arg != ',' || verbatim))
gc_error (1, 0, "garbage after argument for option %s",
option->name);
}
arg = verbatim? strchr (arg, ',') : NULL;
if (arg)
arg++;
}
while (arg && *arg);
}
#ifdef HAVE_W32_SYSTEM
int
copy_file (const char *src_name, const char *dst_name)
{
#define BUF_LEN 4096
char buffer[BUF_LEN];
int len;
gpgrt_stream_t src;
gpgrt_stream_t dst;
src = gpgrt_fopen (src_name, "r");
if (src == NULL)
return -1;
dst = gpgrt_fopen (dst_name, "w");
if (dst == NULL)
{
int saved_err = errno;
gpgrt_fclose (src);
gpg_err_set_errno (saved_err);
return -1;
}
do
{
int written;
len = gpgrt_fread (buffer, 1, BUF_LEN, src);
if (len == 0)
break;
written = gpgrt_fwrite (buffer, 1, len, dst);
if (written != len)
break;
}
while (! gpgrt_feof (src) && ! gpgrt_ferror (src) && ! gpgrt_ferror (dst));
if (gpgrt_ferror (src) || gpgrt_ferror (dst) || ! gpgrt_feof (src))
{
int saved_errno = errno;
gpgrt_fclose (src);
gpgrt_fclose (dst);
unlink (dst_name);
gpg_err_set_errno (saved_errno);
return -1;
}
if (gpgrt_fclose (dst))
gc_error (1, errno, "error closing %s", dst_name);
if (gpgrt_fclose (src))
gc_error (1, errno, "error closing %s", src_name);
return 0;
}
#endif /* HAVE_W32_SYSTEM */
/* Create and verify the new configuration file for the specified
* component. Returns 0 on success and -1 on error. If
* VERBATIM is set the profile mode is used. This function may store
* pointers to malloced strings in SRC_FILENAMEP, DEST_FILENAMEP, and
* ORIG_FILENAMEP. Those must be freed by the caller. The strings
* refer to three versions of the configuration file:
*
* SRC_FILENAME: The updated configuration is written to this file.
* DEST_FILENAME: Name of the configuration file read by the
* component.
* ORIG_FILENAME: A backup of the previous configuration file.
*
* To apply the configuration change, rename SRC_FILENAME to
* DEST_FILENAME. To revert to the previous configuration, rename
* ORIG_FILENAME to DEST_FILENAME. */
static int
change_options_program (gc_component_id_t component,
char **src_filenamep, char **dest_filenamep,
char **orig_filenamep,
int verbatim)
{
static const char marker[] = "###+++--- " GPGCONF_DISP_NAME " ---+++###";
/* True if we are within the marker in the config file. */
int in_marker = 0;
gc_option_t *option;
char *line = NULL;
size_t line_len;
ssize_t length;
int res;
int fd;
gpgrt_stream_t src_file = NULL;
gpgrt_stream_t dest_file = NULL;
char *src_filename;
char *dest_filename;
char *orig_filename;
/* Special hack for gpg, see below. */
int utf8strings_seen = 0;
/* FIXME. Throughout the function, do better error reporting. */
if (!gc_component[component].option_config_filename)
gc_error (1, 0, "name of config file for %s is not known\n",
gc_component[component].name);
dest_filename = make_absfilename
(gnupg_homedir (), gc_component[component].option_config_filename, NULL);
src_filename = xasprintf ("%s.%s.%i.new",
dest_filename, GPGCONF_NAME, (int)getpid ());
orig_filename = xasprintf ("%s.%s.%i.bak",
dest_filename, GPGCONF_NAME, (int)getpid ());
#ifdef HAVE_W32_SYSTEM
res = copy_file (dest_filename, orig_filename);
#else
res = link (dest_filename, orig_filename);
#endif
if (res < 0 && errno != ENOENT)
{
xfree (dest_filename);
xfree (src_filename);
xfree (orig_filename);
return -1;
}
if (res < 0)
{
xfree (orig_filename);
orig_filename = NULL;
}
/* We now initialize the return strings, so the caller can do the
cleanup for us. */
*src_filenamep = src_filename;
*dest_filenamep = dest_filename;
*orig_filenamep = orig_filename;
/* Use open() so that we can use O_EXCL.
* FIXME: gpgrt has an x flag for quite some time now - use that. */
fd = gnupg_open (src_filename, O_CREAT | O_EXCL | O_WRONLY, 0644);
if (fd < 0)
return -1;
src_file = gpgrt_fdopen (fd, "w");
res = errno;
if (!src_file)
{
gpg_err_set_errno (res);
return -1;
}
/* Only if ORIG_FILENAME is not NULL did the configuration file
exist already. In this case, we will copy its content into the
new configuration file, changing it to our liking in the
process. */
if (orig_filename)
{
dest_file = gpgrt_fopen (dest_filename, "r");
if (!dest_file)
goto change_one_err;
while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
int disable = 0;
char *start;
if (!strncmp (marker, line, sizeof (marker) - 1))
{
if (!in_marker)
in_marker = 1;
else
break;
}
else if (component == GC_COMPONENT_GPG && in_marker
&& ! strcmp ("utf8-strings\n", line))
{
/* Strip duplicated entries. */
if (utf8strings_seen)
disable = 1;
else
utf8strings_seen = 1;
}
start = line;
while (*start == ' ' || *start == '\t')
start++;
if (*start && *start != '\r' && *start != '\n' && *start != '#')
{
char *end;
char saved_end;
end = start;
while (*end && *end != ' ' && *end != '\t'
&& *end != '\r' && *end != '\n' && *end != '#')
end++;
saved_end = *end;
*end = '\0';
option = find_option (component, start);
*end = saved_end;
if (option && ((option->new_flags & GC_OPT_FLAG_DEFAULT)
|| option->new_value))
disable = 1;
}
if (disable)
{
if (!in_marker)
{
gpgrt_fprintf (src_file,
"# %s disabled this option here at %s\n",
GPGCONF_DISP_NAME, asctimestamp (gnupg_get_time ()));
if (gpgrt_ferror (src_file))
goto change_one_err;
gpgrt_fprintf (src_file, "# %s", line);
if (gpgrt_ferror (src_file))
goto change_one_err;
}
}
else
{
gpgrt_fprintf (src_file, "%s", line);
if (gpgrt_ferror (src_file))
goto change_one_err;
}
}
if (length < 0 || gpgrt_ferror (dest_file))
goto change_one_err;
}
if (!in_marker)
{
/* There was no marker. This is the first time we edit the
file. We add our own marker at the end of the file and
proceed. Note that we first write a newline, this guards us
against files which lack the newline at the end of the last
line, while it doesn't hurt us in all other cases. */
gpgrt_fprintf (src_file, "\n%s\n", marker);
if (gpgrt_ferror (src_file))
goto change_one_err;
}
/* At this point, we have copied everything up to the end marker
into the new file, except for the options we are going to change.
Now, dump the changed options (except for those we are going to
revert to their default), and write the end marker, possibly
followed by the rest of the original file. */
/* We have to turn on UTF8 strings for GnuPG. */
if (component == GC_COMPONENT_GPG && ! utf8strings_seen)
gpgrt_fprintf (src_file, "utf8-strings\n");
option = gc_component[component].options;
for ( ; option->name; option++)
{
if (!option->is_header && option->new_value)
{
char *arg = option->new_value;
do
{
if (*arg == '\0' || *arg == ',')
{
gpgrt_fprintf (src_file, "%s\n", option->name);
if (gpgrt_ferror (src_file))
goto change_one_err;
}
else if (gc_arg_type[option->arg_type].fallback
== GC_ARG_TYPE_NONE)
{
log_assert (*arg == '1');
gpgrt_fprintf (src_file, "%s\n", option->name);
if (gpgrt_ferror (src_file))
goto change_one_err;
arg++;
}
else if (gc_arg_type[option->arg_type].fallback
== GC_ARG_TYPE_STRING)
{
char *end;
if (!verbatim)
{
log_assert (*arg == '"');
arg++;
end = strchr (arg, ',');
if (end)
*end = '\0';
}
else
end = NULL;
gpgrt_fprintf (src_file, "%s %s\n", option->name,
verbatim? arg : percent_deescape (arg));
if (gpgrt_ferror (src_file))
goto change_one_err;
if (end)
*end = ',';
arg = end;
}
else
{
char *end;
end = strchr (arg, ',');
if (end)
*end = '\0';
gpgrt_fprintf (src_file, "%s %s\n", option->name, arg);
if (gpgrt_ferror (src_file))
goto change_one_err;
if (end)
*end = ',';
arg = end;
}
log_assert (arg == NULL || *arg == '\0' || *arg == ',');
if (arg && *arg == ',')
arg++;
}
while (arg && *arg);
}
}
gpgrt_fprintf (src_file, "%s %s\n", marker, asctimestamp (gnupg_get_time ()));
if (gpgrt_ferror (src_file))
goto change_one_err;
if (!in_marker)
{
gpgrt_fprintf (src_file, "# %s edited this configuration file.\n",
GPGCONF_DISP_NAME);
if (gpgrt_ferror (src_file))
goto change_one_err;
gpgrt_fprintf (src_file, "# It will disable options before this marked "
"block, but it will\n");
if (gpgrt_ferror (src_file))
goto change_one_err;
gpgrt_fprintf (src_file, "# never change anything below these lines.\n");
if (gpgrt_ferror (src_file))
goto change_one_err;
}
if (dest_file)
{
while ((length = gpgrt_read_line (dest_file, &line, &line_len, NULL)) > 0)
{
gpgrt_fprintf (src_file, "%s", line);
if (gpgrt_ferror (src_file))
goto change_one_err;
}
if (length < 0 || gpgrt_ferror (dest_file))
goto change_one_err;
}
xfree (line);
line = NULL;
res = gpgrt_fclose (src_file);
if (res)
{
res = errno;
close (fd);
if (dest_file)
gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
close (fd);
if (dest_file)
{
res = gpgrt_fclose (dest_file);
if (res)
return -1;
}
return 0;
change_one_err:
xfree (line);
res = errno;
if (src_file)
{
gpgrt_fclose (src_file);
close (fd);
}
if (dest_file)
gpgrt_fclose (dest_file);
gpg_err_set_errno (res);
return -1;
}
/* Common code for gc_component_change_options and
* gc_process_gpgconf_conf. If VERBATIM is set the profile parsing
* mode is used. */
static void
change_one_value (gc_component_id_t component,
gc_option_t *option, int *r_runtime,
unsigned long flags, char *new_value, int verbatim)
{
unsigned long new_value_nr = 0;
option_check_validity (component, option,
flags, new_value, &new_value_nr, verbatim);
if (option->runtime)
*r_runtime = 1;
option->new_flags = flags;
if (!(flags & GC_OPT_FLAG_DEFAULT))
{
if (gc_arg_type[option->arg_type].fallback == GC_ARG_TYPE_NONE
&& option->is_list)
{
char *str;
/* We convert the number to a list of 1's for convenient
list handling. */
log_assert (new_value_nr > 0);
option->new_value = xmalloc ((2 * (new_value_nr - 1) + 1) + 1);
str = option->new_value;
*(str++) = '1';
while (--new_value_nr > 0)
{
*(str++) = ',';
*(str++) = '1';
}
*(str++) = '\0';
}
else
option->new_value = xstrdup (new_value);
}
}
/* Read the modifications from IN and apply them. If IN is NULL the
modifications are expected to already have been set to the global
table. If VERBATIM is set the profile mode is used. */
void
gc_component_change_options (int component, estream_t in, estream_t out,
int verbatim)
{
int err = 0;
int block = 0;
int runtime = 0;
char *src_filename = NULL;
char *dest_filename = NULL;
char *orig_filename = NULL;
gc_option_t *option;
char *line = NULL;
size_t line_len = 0;
ssize_t length;
if (component == GC_COMPONENT_PINENTRY)
return; /* Dummy component for now. */
if (in)
{
/* Read options from the file IN. */
while ((length = es_read_line (in, &line, &line_len, NULL)) > 0)
{
char *linep;
unsigned long flags = 0;
char *new_value = "";
/* Strip newline and carriage return, if present. */
while (length > 0
&& (line[length - 1] == '\n' || line[length - 1] == '\r'))
line[--length] = '\0';
linep = strchr (line, ':');
if (linep)
*(linep++) = '\0';
/* Extract additional flags. Default to none. */
if (linep)
{
char *end;
char *tail;
end = strchr (linep, ':');
if (end)
*(end++) = '\0';
gpg_err_set_errno (0);
flags = strtoul (linep, &tail, 0);
if (errno)
gc_error (1, errno, "malformed flags in option %s", line);
if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
gc_error (1, 0, "garbage after flags in option %s", line);
linep = end;
}
/* Don't allow setting of the no change flag. */
flags &= ~GC_OPT_FLAG_NO_CHANGE;
/* Extract default value, if present. Default to empty if not. */
if (linep)
{
char *end;
end = strchr (linep, ':');
if (end)
*(end++) = '\0';
new_value = linep;
linep = end;
}
option = find_option (component, line);
if (!option)
gc_error (1, 0, "unknown option %s", line);
if (option->no_change)
{
gc_error (0, 0, "ignoring new value for option %s",
option->name);
continue;
}
change_one_value (component, option, &runtime, flags, new_value, 0);
}
if (length < 0 || gpgrt_ferror (in))
gc_error (1, errno, "error reading stream 'in'");
}
/* Now that we have collected and locally verified the changes,
write them out to new configuration files, verify them
externally, and then commit them. */
option = gc_component[component].options;
while (option && option->name)
{
/* Go on if there is nothing to do. */
if (src_filename || !(option->new_flags || option->new_value))
{
option++;
continue;
}
if (gc_component[component].program)
{
err = change_options_program (component,
&src_filename,
&dest_filename,
&orig_filename,
verbatim);
if (! err)
{
/* External verification. */
err = gc_component_check_options (component, out, src_filename);
if (err)
{
gc_error (0, 0,
_("External verification of component %s failed"),
gc_component[component].name);
gpg_err_set_errno (EINVAL);
}
}
}
if (err)
break;
option++;
}
/* We are trying to atomically commit all changes. Unfortunately,
we cannot rely on gnupg_rename_file to manage the signals for us,
doing so would require us to pass NULL as BLOCK to any subsequent
call to it. Instead, we just manage the signal handling
manually. */
block = 1;
gnupg_block_all_signals ();
if (!err && !opt.dry_run)
{
if (src_filename)
{
/* FIXME: Make a verification here. */
log_assert (dest_filename);
if (orig_filename)
err = gnupg_rename_file (src_filename, dest_filename, NULL);
else
{
#ifdef HAVE_W32_SYSTEM
/* We skip the unlink if we expect the file not to be
* there. */
err = gnupg_rename_file (src_filename, dest_filename, NULL);
#else /* HAVE_W32_SYSTEM */
/* This is a bit safer than rename() because we expect
* DEST_FILENAME not to be there. If it happens to be
* there, this will fail. */
err = link (src_filename, dest_filename);
if (!err)
err = unlink (src_filename);
#endif /* !HAVE_W32_SYSTEM */
}
if (!err)
{
xfree (src_filename);
src_filename = NULL;
}
}
}
if (err || opt.dry_run)
{
int saved_errno = errno;
/* An error occurred or a dry-run is requested. */
if (src_filename)
{
/* The change was not yet committed. */
unlink (src_filename);
if (orig_filename)
unlink (orig_filename);
}
else
{
/* The changes were already committed. FIXME: This is a tad
dangerous, as we don't know if we don't overwrite a
version of the file that is even newer than the one we
just installed. */
if (orig_filename)
gnupg_rename_file (orig_filename, dest_filename, NULL);
else
unlink (dest_filename);
}
if (err)
gc_error (1, saved_errno, "could not commit changes");
/* Fall-through for dry run. */
goto leave;
}
/* If it all worked, notify the daemons of the changes. */
if (opt.runtime)
do_runtime_change (component, 0);
/* Move the per-process backup file into its place. */
if (orig_filename)
{
char *backup_filename;
log_assert (dest_filename);
backup_filename = xasprintf ("%s.%s.bak",
dest_filename, GPGCONF_NAME);
gnupg_rename_file (orig_filename, backup_filename, NULL);
xfree (backup_filename);
}
leave:
if (block)
gnupg_unblock_all_signals ();
xfree (line);
xfree (src_filename);
xfree (dest_filename);
xfree (orig_filename);
}
/* Check whether USER matches the current user or one of its group.
This function may change USER. Returns true is there is a
match. */
static int
key_matches_user_or_group (char *user)
{
char *group;
if (*user == '*' && user[1] == 0)
return 1; /* A single asterisk matches all users. */
group = strchr (user, ':');
if (group)
*group++ = 0;
#ifdef HAVE_W32_SYSTEM
/* Under Windows we don't support groups. */
if (group && *group)
gc_error (0, 0, _("Note that group specifications are ignored\n"));
if (*user)
{
static char *my_name;
if (!my_name)
{
char tmp[1];
DWORD size = 1;
GetUserNameA (tmp, &size);
my_name = xmalloc (size);
if (!GetUserNameA (my_name, &size))
gc_error (1,0, "error getting current user name: %s",
w32_strerror (-1));
}
if (!strcmp (user, my_name))
return 1; /* Found. */
}
#else /*!HAVE_W32_SYSTEM*/
/* First check whether the user matches. */
if (*user)
{
static char *my_name;
if (!my_name)
{
struct passwd *pw = getpwuid ( getuid () );
if (!pw)
gc_error (1, errno, "getpwuid failed for current user");
my_name = xstrdup (pw->pw_name);
}
if (!strcmp (user, my_name))
return 1; /* Found. */
}
/* If that failed, check whether a group matches. */
if (group && *group)
{
static char *my_group;
static char **my_supgroups;
int n;
if (!my_group)
{
struct group *gr = getgrgid ( getgid () );
if (!gr)
gc_error (1, errno, "getgrgid failed for current user");
my_group = xstrdup (gr->gr_name);
}
if (!strcmp (group, my_group))
return 1; /* Found. */
if (!my_supgroups)
{
int ngids;
gid_t *gids;
ngids = getgroups (0, NULL);
gids = xcalloc (ngids+1, sizeof *gids);
ngids = getgroups (ngids, gids);
if (ngids < 0)
gc_error (1, errno, "getgroups failed for current user");
my_supgroups = xcalloc (ngids+1, sizeof *my_supgroups);
for (n=0; n < ngids; n++)
{
struct group *gr = getgrgid ( gids[n] );
if (!gr)
gc_error (1, errno, "getgrgid failed for supplementary group");
my_supgroups[n] = xstrdup (gr->gr_name);
}
xfree (gids);
}
for (n=0; my_supgroups[n]; n++)
if (!strcmp (group, my_supgroups[n]))
return 1; /* Found. */
}
#endif /*!HAVE_W32_SYSTEM*/
return 0; /* No match. */
}
/* Read and process the global configuration file for gpgconf. This
optional file is used to update our internal tables at runtime and
may also be used to set new default values. If FNAME is NULL the
default name will be used. With UPDATE set to true the internal
tables are actually updated; if not set, only a syntax check is
done. If DEFAULTS is true the global options are written to the
configuration files. If LISTFP is set, no changes are done but the
configuration file is printed to LISTFP in a colon separated format.
Returns 0 on success or if the config file is not present; -1 is
returned on error. */
int
gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
estream_t listfp)
{
int result = 0;
char *line = NULL;
size_t line_len = 0;
ssize_t length;
gpgrt_stream_t config;
int lineno = 0;
int in_rule = 0;
int got_match = 0;
int runtime[GC_COMPONENT_NR] = { 0 };
int component_id;
char *fname;
if (fname_arg)
fname = xstrdup (fname_arg);
else
fname = make_filename (gnupg_sysconfdir (), GPGCONF_NAME EXTSEP_S "conf",
NULL);
config = gpgrt_fopen (fname, "r");
if (!config)
{
/* Do not print an error if the file is not available, except
when running in syntax check mode. */
if (errno != ENOENT || !update)
{
gc_error (0, errno, "can't open global config file '%s'", fname);
result = -1;
}
xfree (fname);
return result;
}
while ((length = gpgrt_read_line (config, &line, &line_len, NULL)) > 0)
{
char *key, *compname, *option, *flags, *value;
char *empty;
gc_option_t *option_info = NULL;
char *p;
int is_continuation;
lineno++;
key = line;
while (*key == ' ' || *key == '\t')
key++;
if (!*key || *key == '#' || *key == '\r' || *key == '\n')
continue;
is_continuation = (key != line);
/* Parse the key field. */
if (!is_continuation && got_match)
break; /* Finish after the first match. */
else if (!is_continuation)
{
in_rule = 0;
for (p=key+1; *p && !strchr (" \t\r\n", *p); p++)
;
if (!*p)
{
gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
result = -1;
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"missing rule",
GPG_ERR_SYNTAX, fname, lineno);
continue;
}
*p++ = 0;
compname = p;
}
else if (!in_rule)
{
gc_error (0, 0, "continuation but no rule at '%s', line %d",
fname, lineno);
result = -1;
continue;
}
else
{
compname = key;
key = NULL;
}
in_rule = 1;
/* Parse the component. */
while (*compname == ' ' || *compname == '\t')
compname++;
for (p=compname; *p && !strchr (" \t\r\n", *p); p++)
;
if (p == compname)
{
gc_error (0, 0, "missing component at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
" missing component",
GPG_ERR_NO_NAME, fname, lineno);
result = -1;
continue;
}
empty = p;
*p++ = 0;
option = p;
component_id = gc_component_find (compname);
if (component_id < 0)
{
gc_error (0, 0, "unknown component at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"unknown component",
GPG_ERR_UNKNOWN_NAME, fname, lineno);
result = -1;
}
/* Parse the option name. */
while (*option == ' ' || *option == '\t')
option++;
for (p=option; *p && !strchr (" \t\r\n", *p); p++)
;
if (p == option)
{
gc_error (0, 0, "missing option at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"missing option",
GPG_ERR_INV_NAME, fname, lineno);
result = -1;
continue;
}
*p++ = 0;
flags = p;
if ( component_id != -1)
{
/* We need to make sure that we got the option list for the
* component. */
if (!gc_component[component_id].options)
gc_component_retrieve_options (component_id);
option_info = find_option (component_id, option);
if (!option_info)
{
gc_error (0, 0, "unknown option '%s' at '%s', line %d",
option, fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"unknown option",
GPG_ERR_UNKNOWN_OPTION, fname, lineno);
result = -1;
}
}
/* Parse the optional flags. */
while (*flags == ' ' || *flags == '\t')
flags++;
if (*flags == '[')
{
flags++;
p = strchr (flags, ']');
if (!p)
{
gc_error (0, 0, "syntax error in rule at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"syntax error in rule",
GPG_ERR_SYNTAX, fname, lineno);
result = -1;
continue;
}
*p++ = 0;
value = p;
}
else /* No flags given. */
{
value = flags;
flags = NULL;
}
/* Parse the optional value. */
while (*value == ' ' || *value == '\t')
value++;
for (p=value; *p && !strchr ("\r\n", *p); p++)
;
if (p == value)
value = empty; /* No value given; let it point to an empty string. */
else
{
/* Strip trailing white space. */
*p = 0;
for (p--; p > value && (*p == ' ' || *p == '\t'); p--)
*p = 0;
}
/* Check flag combinations. */
if (!flags)
;
else if (!strcmp (flags, "default"))
{
if (*value)
{
gc_error (0, 0, "flag \"default\" may not be combined "
"with a value at '%s', line %d",
fname, lineno);
result = -1;
}
}
else if (!strcmp (flags, "change"))
;
else if (!strcmp (flags, "no-change"))
;
else
{
gc_error (0, 0, "unknown flag at '%s', line %d",
fname, lineno);
result = -1;
}
/* In list mode we print out all records. */
if (listfp && !result)
{
/* If this is a new ruleset, print a key record. */
if (!is_continuation)
{
char *group = strchr (key, ':');
if (group)
{
*group++ = 0;
if ((p = strchr (group, ':')))
*p = 0; /* We better strip any extra stuff. */
}
es_fprintf (listfp, "k:%s:", gc_percent_escape (key));
es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
}
/* All other lines are rule records. */
es_fprintf (listfp, "r:::%s:%s:%s:",
gc_component[component_id].name,
option_info->name? option_info->name : "",
flags? flags : "");
if (value != empty)
es_fprintf (listfp, "\"%s", gc_percent_escape (value));
es_putc ('\n', listfp);
}
/* Check whether the key matches but do this only if we are not
running in syntax check mode. */
if ( update
&& !result && !listfp
&& (got_match || (key && key_matches_user_or_group (key))) )
{
int newflags = 0;
got_match = 1;
/* Apply the flags from gpgconf.conf. */
if (!flags)
;
else if (!strcmp (flags, "default"))
newflags |= GC_OPT_FLAG_DEFAULT;
else if (!strcmp (flags, "no-change"))
option_info->no_change = 1;
else if (!strcmp (flags, "change"))
option_info->no_change = 0;
if (defaults)
{
/* Here we explicitly allow updating the value again. */
if (newflags)
{
option_info->new_flags = 0;
}
if (*value)
{
xfree (option_info->new_value);
option_info->new_value = NULL;
}
change_one_value (component_id, option_info,
runtime, newflags, value, 0);
}
}
}
if (length < 0 || gpgrt_ferror (config))
{
gc_error (0, errno, "error reading from '%s'", fname);
result = -1;
}
if (gpgrt_fclose (config))
gc_error (0, errno, "error closing '%s'", fname);
xfree (line);
/* If it all worked, process the options. */
if (!result && update && defaults && !listfp)
{
/* We need to switch off the runtime update, so that we can do
it later all at once. */
int save_opt_runtime = opt.runtime;
opt.runtime = 0;
for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
{
gc_component_change_options (component_id, NULL, NULL, 0);
}
opt.runtime = save_opt_runtime;
if (opt.runtime)
{
for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
if (runtime[component_id]
&& gc_component[component_id].runtime_change)
(*gc_component[component_id].runtime_change) (0);
}
}
xfree (fname);
return result;
}
/*
* Apply the profile FNAME to all known configure files.
*/
gpg_error_t
gc_apply_profile (const char *fname)
{
gpg_error_t err;
char *fname_buffer = NULL;
char *line = NULL;
size_t line_len = 0;
ssize_t length;
estream_t fp;
int lineno = 0;
int runtime[GC_COMPONENT_NR] = { 0 };
int component_id = -1;
int skip_section = 0;
int error_count = 0;
int newflags;
if (!fname)
fname = "-";
if (!(!strcmp (fname, "-")
|| strchr (fname, '/')
#ifdef HAVE_W32_SYSTEM
|| strchr (fname, '\\')
#endif
|| strchr (fname, '.')))
{
/* FNAME looks like a standard profile name. Check whether one
* is installed and use that instead of the given file name. */
fname_buffer = xstrconcat (gnupg_datadir (), DIRSEP_S,
fname, ".prf", NULL);
if (!gnupg_access (fname_buffer, F_OK))
fname = fname_buffer;
}
fp = !strcmp (fname, "-")? es_stdin : es_fopen (fname, "r");
if (!fp)
{
err = gpg_error_from_syserror ();
log_error ("can't open '%s': %s\n", fname, gpg_strerror (err));
return err;
}
if (opt.verbose)
log_info ("applying profile '%s'\n", fname);
err = 0;
while ((length = es_read_line (fp, &line, &line_len, NULL)) > 0)
{
char *name, *flags, *value;
gc_option_t *option_info = NULL;
char *p;
lineno++;
name = line;
while (*name == ' ' || *name == '\t')
name++;
if (!*name || *name == '#' || *name == '\r' || *name == '\n')
continue;
trim_trailing_spaces (name);
/* Check whether this is a new section. */
if (*name == '[')
{
name++;
skip_section = 0;
/* New section: Get the name of the component. */
p = strchr (name, ']');
if (!p)
{
error_count++;
log_info ("%s:%d:%d: error: syntax error in section tag\n",
fname, lineno, (int)(name - line));
skip_section = 1;
continue;
}
*p++ = 0;
if (*p)
log_info ("%s:%d:%d: warning: garbage after section tag\n",
fname, lineno, (int)(p - line));
trim_spaces (name);
component_id = gc_component_find (name);
if (component_id < 0)
{
log_info ("%s:%d:%d: warning: skipping unknown section '%s'\n",
fname, lineno, (int)(name - line), name );
skip_section = 1;
}
continue;
}
if (skip_section)
continue;
if (component_id < 0)
{
error_count++;
log_info ("%s:%d:%d: error: not in a valid section\n",
fname, lineno, (int)(name - line));
skip_section = 1;
continue;
}
/* Parse the option name. */
for (p = name; *p && !spacep (p); p++)
;
*p++ = 0;
value = p;
option_info = find_option (component_id, name);
if (!option_info)
{
error_count++;
log_info ("%s:%d:%d: error: unknown option '%s' in section '%s'\n",
fname, lineno, (int)(name - line),
name, gc_component[component_id].name);
continue;
}
/* Parse the optional flags. */
trim_spaces (value);
flags = value;
if (*flags == '[')
{
flags++;
p = strchr (flags, ']');
if (!p)
{
log_info ("%s:%d:%d: warning: invalid flag specification\n",
fname, lineno, (int)(p - line));
continue;
}
*p++ = 0;
value = p;
trim_spaces (value);
}
else /* No flags given. */
flags = NULL;
/* Set required defaults. */
if (gc_arg_type[option_info->arg_type].fallback == GC_ARG_TYPE_NONE
&& !*value)
value = "1";
/* Check and save this option. */
newflags = 0;
if (flags && !strcmp (flags, "default"))
newflags |= GC_OPT_FLAG_DEFAULT;
if (newflags)
option_info->new_flags = 0;
if (*value)
{
xfree (option_info->new_value);
option_info->new_value = NULL;
}
change_one_value (component_id, option_info, runtime, newflags, value, 1);
}
if (length < 0 || es_ferror (fp))
{
err = gpg_error_from_syserror ();
error_count++;
log_error (_("%s:%u: read error: %s\n"),
fname, lineno, gpg_strerror (err));
}
if (es_fclose (fp))
log_error (_("error closing '%s'\n"), fname);
if (error_count)
log_error (_("error parsing '%s'\n"), fname);
xfree (line);
/* If it all worked, process the options. */
if (!err)
{
/* We need to switch off the runtime update, so that we can do
it later all at once. */
int save_opt_runtime = opt.runtime;
opt.runtime = 0;
for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
{
gc_component_change_options (component_id, NULL, NULL, 1);
}
opt.runtime = save_opt_runtime;
if (opt.runtime)
{
for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
if (runtime[component_id]
&& gc_component[component_id].runtime_change)
(*gc_component[component_id].runtime_change) (0);
}
}
xfree (fname_buffer);
return err;
}
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index 83ad947bb..4afc4e9fd 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -1,1662 +1,1662 @@
/* gpgconf.c - Configuration utility for GnuPG
* Copyright (C) 2003, 2007, 2009, 2011 Free Software Foundation, Inc.
* Copyright (C) 2016 g10 Code GmbH.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include
#include
#include
#include
#include
#include
#define INCLUDED_BY_MAIN_MODULE 1
#include "gpgconf.h"
#include "../common/i18n.h"
#include "../common/sysutils.h"
#include "../common/init.h"
#include "../common/status.h"
#include "../common/exechelp.h"
#ifdef HAVE_W32_SYSTEM
#include
#endif
/* Constants to identify the commands and options. */
enum cmd_and_opt_values
{
aNull = 0,
oDryRun = 'n',
oOutput = 'o',
oQuiet = 'q',
oVerbose = 'v',
oRuntime = 'r',
oComponent = 'c',
oNull = '0',
aListDirs = 'L',
aKill = 'K',
aReload = 'R',
aShowVersions = 'V',
aShowConfigs = 'X',
oNoVerbose = 500,
oHomedir,
oBuilddir,
oStatusFD,
oShowSocket,
oChUid,
aListComponents,
aCheckPrograms,
aListOptions,
aChangeOptions,
aCheckOptions,
aApplyDefaults,
aListConfig,
aCheckConfig,
aQuerySWDB,
aLaunch,
aCreateSocketDir,
aRemoveSocketDir,
aApplyProfile,
aShowCodepages
};
/* The list of commands and options. */
static gpgrt_opt_t opts[] =
{
{ 300, NULL, 0, N_("@Commands:\n ") },
{ aListComponents, "list-components", 256, N_("list all components") },
{ aCheckPrograms, "check-programs", 256, N_("check all programs") },
{ aListOptions, "list-options", 256, N_("|COMPONENT|list options") },
{ aChangeOptions, "change-options", 256, N_("|COMPONENT|change options") },
{ aCheckOptions, "check-options", 256, N_("|COMPONENT|check options") },
{ aApplyDefaults, "apply-defaults", 256,
N_("apply global default values") },
{ aApplyProfile, "apply-profile", 256,
N_("|FILE|update configuration files using FILE") },
{ aListDirs, "list-dirs", 256,
N_("get the configuration directories for @GPGCONF@") },
{ aListConfig, "list-config", 256,
N_("list global configuration file") },
{ aCheckConfig, "check-config", 256,
N_("check global configuration file") },
{ aQuerySWDB, "query-swdb", 256,
N_("query the software version database") },
{ aReload, "reload", 256, N_("reload all or a given component")},
{ aLaunch, "launch", 256, N_("launch a given component")},
{ aKill, "kill", 256, N_("kill a given component")},
{ aCreateSocketDir, "create-socketdir", 256, "@"},
{ aRemoveSocketDir, "remove-socketdir", 256, "@"},
ARGPARSE_c (aShowVersions, "show-versions", ""),
ARGPARSE_c (aShowConfigs, "show-configs", ""),
ARGPARSE_c (aShowCodepages, "show-codepages", "@"),
{ 301, NULL, 0, N_("@\nOptions:\n ") },
{ oOutput, "output", 2, N_("use as output file") },
{ oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("quiet") },
{ oDryRun, "dry-run", 0, N_("do not make any changes") },
{ oRuntime, "runtime", 0, N_("activate changes at runtime, if possible") },
ARGPARSE_s_i (oStatusFD, "status-fd",
N_("|FD|write status info to this FD")),
/* hidden options */
{ oHomedir, "homedir", 2, "@" },
{ oBuilddir, "build-prefix", 2, "@" },
{ oNull, "null", 0, "@" },
{ oNoVerbose, "no-verbose", 0, "@"},
ARGPARSE_s_n (oShowSocket, "show-socket", "@"),
ARGPARSE_s_s (oChUid, "chuid", "@"),
ARGPARSE_end(),
};
#define CUTLINE_FMT \
"--8<---------------cut here---------------%s------------->8---\n"
/* The stream to output the status information. Status Output is disabled if
* this is NULL. */
static estream_t statusfp;
static void show_versions (estream_t fp);
static void show_configs (estream_t fp);
/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
const char *p;
switch (level)
{
case 9: p = "GPL-3.0-or-later"; break;
case 11: p = "@GPGCONF@ (@GNUPG@)";
break;
case 13: p = VERSION; break;
case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
case 17: p = PRINTABLE_OS_NAME; break;
case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
case 1:
case 40: p = _("Usage: @GPGCONF@ [options] (-h for help)");
break;
case 41:
p = _("Syntax: @GPGCONF@ [options]\n"
"Manage configuration options for tools of the @GNUPG@ system\n");
break;
default: p = NULL; break;
}
return p;
}
/* Return the fp for the output. This is usually stdout unless
--output has been used. In the latter case this function opens
that file. */
static estream_t
get_outfp (estream_t *fp)
{
if (!*fp)
{
if (opt.outfile)
{
*fp = es_fopen (opt.outfile, "w");
if (!*fp)
gc_error (1, errno, "can not open '%s'", opt.outfile);
}
else
*fp = es_stdout;
}
return *fp;
}
/* Set the status FD. */
static void
set_status_fd (int fd)
{
static int last_fd = -1;
if (fd != -1 && last_fd == fd)
return;
if (statusfp && statusfp != es_stdout && statusfp != es_stderr)
es_fclose (statusfp);
statusfp = NULL;
if (fd == -1)
return;
if (fd == 1)
statusfp = es_stdout;
else if (fd == 2)
statusfp = es_stderr;
else
statusfp = es_fdopen (fd, "w");
if (!statusfp)
{
log_fatal ("can't open fd %d for status output: %s\n",
fd, gpg_strerror (gpg_error_from_syserror ()));
}
last_fd = fd;
}
/* Write a status line with code NO followed by the output of the
* printf style FORMAT. The caller needs to make sure that LFs and
* CRs are not printed. */
void
gpgconf_write_status (int no, const char *format, ...)
{
va_list arg_ptr;
if (!statusfp)
return; /* Not enabled. */
es_fputs ("[GNUPG:] ", statusfp);
es_fputs (get_status_string (no), statusfp);
if (format)
{
es_putc (' ', statusfp);
va_start (arg_ptr, format);
es_vfprintf (statusfp, format, arg_ptr);
va_end (arg_ptr);
}
es_putc ('\n', statusfp);
}
static void
list_dirs (estream_t fp, char **names, int special)
{
static struct {
const char *name;
const char *(*fnc)(void);
const char *extra;
} list[] = {
{ "sysconfdir", gnupg_sysconfdir, NULL },
{ "bindir", gnupg_bindir, NULL },
{ "libexecdir", gnupg_libexecdir, NULL },
{ "libdir", gnupg_libdir, NULL },
{ "datadir", gnupg_datadir, NULL },
{ "localedir", gnupg_localedir, NULL },
{ "socketdir", gnupg_socketdir, NULL },
{ "dirmngr-socket", dirmngr_socket_name, NULL,},
{ "keyboxd-socket", keyboxd_socket_name, NULL,},
{ "agent-ssh-socket", gnupg_socketdir, GPG_AGENT_SSH_SOCK_NAME },
{ "agent-extra-socket", gnupg_socketdir, GPG_AGENT_EXTRA_SOCK_NAME },
{ "agent-browser-socket",gnupg_socketdir, GPG_AGENT_BROWSER_SOCK_NAME },
{ "agent-socket", gnupg_socketdir, GPG_AGENT_SOCK_NAME },
{ "homedir", gnupg_homedir, NULL }
};
int idx, j;
char *tmp;
const char *s;
for (idx = 0; idx < DIM (list); idx++)
{
s = list[idx].fnc ();
if (list[idx].extra)
{
tmp = make_filename (s, list[idx].extra, NULL);
s = tmp;
}
else
tmp = NULL;
if (!names)
es_fprintf (fp, "%s:%s\n", list[idx].name, gc_percent_escape (s));
else
{
for (j=0; names[j]; j++)
if (!strcmp (names[j], list[idx].name))
{
es_fputs (s, fp);
es_putc (opt.null? '\0':'\n', fp);
}
}
xfree (tmp);
}
#ifdef HAVE_W32_SYSTEM
tmp = read_w32_registry_string (NULL,
GNUPG_REGISTRY_DIR,
"HomeDir");
if (tmp)
{
int hkcu = 0;
int hklm = 0;
xfree (tmp);
if ((tmp = read_w32_registry_string ("HKEY_CURRENT_USER",
GNUPG_REGISTRY_DIR,
"HomeDir")))
{
xfree (tmp);
hkcu = 1;
}
if ((tmp = read_w32_registry_string ("HKEY_LOCAL_MACHINE",
GNUPG_REGISTRY_DIR,
"HomeDir")))
{
xfree (tmp);
hklm = 1;
}
es_fflush (fp);
if (special)
es_fprintf (fp, "\n"
"### Note: homedir taken from registry key %s%s\\%s:%s\n"
"\n",
hkcu?"HKCU":"", hklm?"HKLM":"",
GNUPG_REGISTRY_DIR, "HomeDir");
else
log_info ("Warning: homedir taken from registry key (%s:%s) in%s%s\n",
GNUPG_REGISTRY_DIR, "HomeDir",
hkcu?" HKCU":"",
hklm?" HKLM":"");
}
else if ((tmp = read_w32_registry_string (NULL,
GNUPG_REGISTRY_DIR,
NULL)))
{
xfree (tmp);
es_fflush (fp);
if (special)
es_fprintf (fp, "\n"
"### Note: registry %s without value in HKCU or HKLM\n"
"\n", GNUPG_REGISTRY_DIR);
else
log_info ("Warning: registry key (%s) without value in HKCU or HKLM\n",
GNUPG_REGISTRY_DIR);
}
#else /*!HAVE_W32_SYSTEM*/
(void)special;
#endif /*!HAVE_W32_SYSTEM*/
}
/* Check whether NAME is valid argument for query_swdb(). Valid names
* start with a letter and contain only alphanumeric characters or an
* underscore. */
static int
valid_swdb_name_p (const char *name)
{
if (!name || !*name || !alphap (name))
return 0;
for (name++; *name; name++)
if (!alnump (name) && *name != '_')
return 0;
return 1;
}
/* Query the SWDB file. If necessary and possible this functions asks
* the dirmngr to load an updated version of that file. The caller
* needs to provide the NAME to query (e.g. "gnupg", "libgcrypt") and
* optional the currently installed version in CURRENT_VERSION. The
* output written to OUT is a colon delimited line with these fields:
*
* name :: The name of the package
* curvers:: The installed version if given.
* status :: This value tells the status of the software package
* '-' :: No information available
* (error or CURRENT_VERSION not given)
* '?' :: Unknown NAME
* 'u' :: Update available
* 'c' :: The version is Current
* 'n' :: The current version is already Newer than the
* available one.
* urgency :: If the value is greater than zero an urgent update is required.
* error :: 0 on success or an gpg_err_code_t
* Common codes seen:
* GPG_ERR_TOO_OLD :: The SWDB file is to old to be used.
* GPG_ERR_ENOENT :: The SWDB file is not available.
* GPG_ERR_BAD_SIGNATURE :: Corrupted SWDB file.
* filedate:: Date of the swdb file (yyyymmddThhmmss)
* verified:: Date we checked the validity of the file (yyyyymmddThhmmss)
* version :: The version string from the swdb.
* reldate :: Release date of that version (yyyymmddThhmmss)
* size :: Size of the package in bytes.
* hash :: SHA-2 hash of the package.
*
*/
static void
query_swdb (estream_t out, const char *name, const char *current_version)
{
gpg_error_t err;
const char *search_name;
char *fname = NULL;
estream_t fp = NULL;
char *line = NULL;
char *self_version = NULL;
size_t length_of_line = 0;
size_t maxlen;
ssize_t len;
const char *fields[2];
char *p;
gnupg_isotime_t filedate = {0};
gnupg_isotime_t verified = {0};
char *value_ver = NULL;
gnupg_isotime_t value_date = {0};
char *value_size = NULL;
char *value_sha2 = NULL;
unsigned long value_size_ul = 0;
int status, i;
if (!valid_swdb_name_p (name))
{
log_error ("error in package name '%s': %s\n",
name, gpg_strerror (GPG_ERR_INV_NAME));
goto leave;
}
if (!strcmp (name, "gnupg"))
search_name = GNUPG_SWDB_TAG;
else if (!strcmp (name, "gnupg1"))
search_name = "gnupg1";
else
search_name = name;
if (!current_version && !strcmp (name, "gnupg"))
{
/* Use our own version but string a possible beta string. */
self_version = xstrdup (PACKAGE_VERSION);
p = strchr (self_version, '-');
if (p)
*p = 0;
current_version = self_version;
}
if (current_version && (strchr (current_version, ':')
|| compare_version_strings (current_version, NULL)))
{
log_error ("error in version string '%s': %s\n",
current_version, gpg_strerror (GPG_ERR_INV_ARG));
goto leave;
}
fname = make_filename (gnupg_homedir (), "swdb.lst", NULL);
fp = es_fopen (fname, "r");
if (!fp)
{
err = gpg_error_from_syserror ();
es_fprintf (out, "%s:%s:-::%u:::::::\n",
name,
current_version? current_version : "",
gpg_err_code (err));
if (gpg_err_code (err) != GPG_ERR_ENOENT)
log_error (_("error opening '%s': %s\n"), fname, gpg_strerror (err));
goto leave;
}
/* Note that the parser uses the first occurrence of a matching
* values and ignores possible duplicated values. */
maxlen = 2048; /* Set limit. */
while ((len = es_read_line (fp, &line, &length_of_line, &maxlen)) > 0)
{
if (!maxlen)
{
err = gpg_error (GPG_ERR_LINE_TOO_LONG);
log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
goto leave;
}
/* Strip newline and carriage return, if present. */
while (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r'))
line[--len] = '\0';
if (split_fields (line, fields, DIM (fields)) < DIM(fields))
continue; /* Skip empty lines and names w/o a value. */
if (*fields[0] == '#')
continue; /* Skip comments. */
/* Record the meta data. */
if (!*filedate && !strcmp (fields[0], ".filedate"))
{
string2isotime (filedate, fields[1]);
continue;
}
if (!*verified && !strcmp (fields[0], ".verified"))
{
string2isotime (verified, fields[1]);
continue;
}
/* Tokenize the name. */
p = strrchr (fields[0], '_');
if (!p)
continue; /* Name w/o an underscore. */
*p++ = 0;
/* Wait for the requested name. */
if (!strcmp (fields[0], search_name))
{
if (!strcmp (p, "ver") && !value_ver)
value_ver = xstrdup (fields[1]);
else if (!strcmp (p, "date") && !*value_date)
string2isotime (value_date, fields[1]);
else if (!strcmp (p, "size") && !value_size)
value_size = xstrdup (fields[1]);
else if (!strcmp (p, "sha2") && !value_sha2)
value_sha2 = xstrdup (fields[1]);
}
}
if (len < 0 || es_ferror (fp))
{
err = gpg_error_from_syserror ();
log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
goto leave;
}
if (!*filedate || !*verified)
{
err = gpg_error (GPG_ERR_INV_TIME);
es_fprintf (out, "%s:%s:-::%u:::::::\n",
name,
current_version? current_version : "",
gpg_err_code (err));
goto leave;
}
if (!value_ver)
{
es_fprintf (out, "%s:%s:?:::::::::\n",
name,
current_version? current_version : "");
goto leave;
}
if (value_size)
{
gpg_err_set_errno (0);
value_size_ul = strtoul (value_size, &p, 10);
if (errno)
value_size_ul = 0;
else if (*p == 'k')
value_size_ul *= 1024;
}
err = 0;
status = '-';
if (compare_version_strings (value_ver, NULL))
err = gpg_error (GPG_ERR_INV_VALUE);
else if (!current_version)
;
else if (!(i = compare_version_strings (value_ver, current_version)))
status = 'c';
else if (i > 0)
status = 'u';
else
status = 'n';
es_fprintf (out, "%s:%s:%c::%d:%s:%s:%s:%s:%lu:%s:\n",
name,
current_version? current_version : "",
status,
err,
filedate,
verified,
value_ver,
value_date,
value_size_ul,
value_sha2? value_sha2 : "");
leave:
xfree (value_ver);
xfree (value_size);
xfree (value_sha2);
xfree (line);
es_fclose (fp);
xfree (fname);
xfree (self_version);
}
/* gpgconf main. */
int
main (int argc, char **argv)
{
gpg_error_t err;
gpgrt_argparse_t pargs;
const char *fname;
int no_more_options = 0;
enum cmd_and_opt_values cmd = 0;
estream_t outfp = NULL;
int show_socket = 0;
const char *changeuser = NULL;
early_system_init ();
gnupg_reopen_std (GPGCONF_NAME);
gpgrt_set_strusage (my_strusage);
log_set_prefix (GPGCONF_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_NO_REGISTRY);
/* Make sure that our subsystems are ready. */
i18n_init();
init_common_subsystems (&argc, &argv);
gc_components_init ();
/* Parse the command line. */
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags = ARGPARSE_FLAG_KEEP;
while (!no_more_options && gpgrt_argparse (NULL, &pargs, opts))
{
switch (pargs.r_opt)
{
case oOutput: opt.outfile = pargs.r.ret_str; break;
case oQuiet: opt.quiet = 1; break;
case oDryRun: opt.dry_run = 1; break;
case oRuntime: opt.runtime = 1; break;
case oVerbose: opt.verbose++; break;
case oNoVerbose: opt.verbose = 0; break;
case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
case oBuilddir: gnupg_set_builddir (pargs.r.ret_str); break;
case oNull: opt.null = 1; break;
case oStatusFD:
set_status_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
break;
case oShowSocket: show_socket = 1; break;
case oChUid: changeuser = pargs.r.ret_str; break;
case aListDirs:
case aListComponents:
case aCheckPrograms:
case aListOptions:
case aChangeOptions:
case aCheckOptions:
case aApplyDefaults:
case aApplyProfile:
case aListConfig:
case aCheckConfig:
case aQuerySWDB:
case aReload:
case aLaunch:
case aKill:
case aCreateSocketDir:
case aRemoveSocketDir:
case aShowVersions:
case aShowConfigs:
case aShowCodepages:
cmd = pargs.r_opt;
break;
default: pargs.err = 2; break;
}
}
gpgrt_argparse (NULL, &pargs, NULL); /* Release internal state. */
if (log_get_errorcount (0))
gpgconf_failure (GPG_ERR_USER_2);
/* Print a warning if an argument looks like an option. */
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
{
int i;
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
fname = argc ? *argv : NULL;
/* If requested switch to the requested user or die. */
if (changeuser && (err = gnupg_chuid (changeuser, 0)))
gpgconf_failure (err);
/* Set the configuraton directories for use by gpgrt_argparser. We
* don't have a configuration file for this program but we have code
* which reads the component's config files. */
gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
switch (cmd)
{
case aListComponents:
default:
/* List all components. */
gc_component_list_components (get_outfp (&outfp));
break;
case aCheckPrograms:
/* Check all programs. */
gc_check_programs (get_outfp (&outfp));
break;
case aListOptions:
case aChangeOptions:
case aCheckOptions:
if (!fname)
{
es_fprintf (es_stderr, _("usage: %s [options] "), GPGCONF_NAME);
es_putc ('\n', es_stderr);
es_fputs (_("Need one component argument"), es_stderr);
es_putc ('\n', es_stderr);
gpgconf_failure (GPG_ERR_USER_2);
}
else
{
int idx = gc_component_find (fname);
if (idx < 0)
{
es_fputs (_("Component not found"), es_stderr);
es_putc ('\n', es_stderr);
gpgconf_failure (0);
}
if (cmd == aCheckOptions)
gc_component_check_options (idx, get_outfp (&outfp), NULL);
else
{
gc_component_retrieve_options (idx);
if (gc_process_gpgconf_conf (NULL, 1, 0, NULL))
gpgconf_failure (0);
if (cmd == aListOptions)
gc_component_list_options (idx, get_outfp (&outfp));
else if (cmd == aChangeOptions)
gc_component_change_options (idx, es_stdin,
get_outfp (&outfp), 0);
}
}
break;
case aLaunch:
case aKill:
if (!fname)
{
es_fprintf (es_stderr, _("usage: %s [options] "), GPGCONF_NAME);
es_putc ('\n', es_stderr);
es_fputs (_("Need one component argument"), es_stderr);
es_putc ('\n', es_stderr);
gpgconf_failure (GPG_ERR_USER_2);
}
else if (!strcmp (fname, "all"))
{
if (cmd == aLaunch)
{
if (gc_component_launch (-1))
gpgconf_failure (0);
}
else
{
gc_component_kill (-1);
}
}
else
{
/* Launch/Kill a given component. */
int idx;
idx = gc_component_find (fname);
if (idx < 0)
{
es_fputs (_("Component not found"), es_stderr);
es_putc ('\n', es_stderr);
gpgconf_failure (0);
}
else if (cmd == aLaunch)
{
err = gc_component_launch (idx);
if (show_socket)
{
char *names[2];
if (idx == GC_COMPONENT_GPG_AGENT)
names[0] = "agent-socket";
else if (idx == GC_COMPONENT_DIRMNGR)
names[0] = "dirmngr-socket";
else if (idx == GC_COMPONENT_KEYBOXD)
names[0] = "keyboxd-socket";
else
names[0] = NULL;
names[1] = NULL;
get_outfp (&outfp);
list_dirs (outfp, names, 0);
}
if (err)
gpgconf_failure (0);
}
else
{
/* We don't error out if the kill failed because this
command should do nothing if the component is not
running. */
gc_component_kill (idx);
}
}
break;
case aReload:
if (!fname || !strcmp (fname, "all"))
{
/* Reload all. */
gc_component_reload (-1);
}
else
{
/* Reload given component. */
int idx;
idx = gc_component_find (fname);
if (idx < 0)
{
es_fputs (_("Component not found"), es_stderr);
es_putc ('\n', es_stderr);
gpgconf_failure (0);
}
else
{
gc_component_reload (idx);
}
}
break;
case aListConfig:
if (gc_process_gpgconf_conf (fname, 0, 0, get_outfp (&outfp)))
gpgconf_failure (0);
break;
case aCheckConfig:
if (gc_process_gpgconf_conf (fname, 0, 0, NULL))
gpgconf_failure (0);
break;
case aApplyDefaults:
if (fname)
{
es_fprintf (es_stderr, _("usage: %s [options] "), GPGCONF_NAME);
es_putc ('\n', es_stderr);
es_fputs (_("No argument allowed"), es_stderr);
es_putc ('\n', es_stderr);
gpgconf_failure (GPG_ERR_USER_2);
}
if (!opt.dry_run && gnupg_access (gnupg_homedir (), F_OK))
gnupg_maybe_make_homedir (gnupg_homedir (), opt.quiet);
gc_component_retrieve_options (-1);
if (gc_process_gpgconf_conf (NULL, 1, 1, NULL))
gpgconf_failure (0);
break;
case aApplyProfile:
if (!opt.dry_run && gnupg_access (gnupg_homedir (), F_OK))
gnupg_maybe_make_homedir (gnupg_homedir (), opt.quiet);
gc_component_retrieve_options (-1);
if (gc_apply_profile (fname))
gpgconf_failure (0);
break;
case aListDirs:
/* Show the system configuration directories for gpgconf. */
get_outfp (&outfp);
list_dirs (outfp, argc? argv : NULL, 0);
break;
case aQuerySWDB:
/* Query the software version database. */
if (!fname || argc > 2)
{
es_fprintf (es_stderr, "usage: %s --query-swdb NAME [VERSION]\n",
GPGCONF_NAME);
gpgconf_failure (GPG_ERR_USER_2);
}
get_outfp (&outfp);
query_swdb (outfp, fname, argc > 1? argv[1] : NULL);
break;
case aCreateSocketDir:
{
char *socketdir;
unsigned int flags;
/* Make sure that the top /run/user/UID/gnupg dir has been
* created. */
gnupg_socketdir ();
/* Check the /var/run dir. */
socketdir = _gnupg_socketdir_internal (1, &flags);
if ((flags & 64) && !opt.dry_run)
{
/* No sub dir - create it. */
if (gnupg_mkdir (socketdir, "-rwx"))
gc_error (1, errno, "error creating '%s'", socketdir);
/* Try again. */
xfree (socketdir);
socketdir = _gnupg_socketdir_internal (1, &flags);
}
/* Give some info. */
if ( (flags & ~32) || opt.verbose || opt.dry_run)
{
log_info ("socketdir is '%s'\n", socketdir);
if ((flags & 1)) log_info ("\tgeneral error\n");
if ((flags & 2)) log_info ("\tno /run/user dir\n");
if ((flags & 4)) log_info ("\tbad permissions\n");
if ((flags & 8)) log_info ("\tbad permissions (subdir)\n");
if ((flags & 16)) log_info ("\tmkdir failed\n");
if ((flags & 32)) log_info ("\tnon-default homedir\n");
if ((flags & 64)) log_info ("\tno such subdir\n");
if ((flags & 128)) log_info ("\tusing homedir as fallback\n");
}
if ((flags & ~32) && !opt.dry_run)
gc_error (1, 0, "error creating socket directory");
xfree (socketdir);
}
break;
case aRemoveSocketDir:
{
char *socketdir;
unsigned int flags;
/* Check the /var/run dir. */
socketdir = _gnupg_socketdir_internal (1, &flags);
if ((flags & 128))
log_info ("ignoring request to remove non /run/user socket dir\n");
else if (opt.dry_run)
;
else if (gnupg_rmdir (socketdir))
{
/* If the director is not empty we first try to delete
* socket files. */
err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_ENOTEMPTY
|| gpg_err_code (err) == GPG_ERR_EEXIST)
{
static const char * const names[] = {
GPG_AGENT_SOCK_NAME,
GPG_AGENT_EXTRA_SOCK_NAME,
GPG_AGENT_BROWSER_SOCK_NAME,
GPG_AGENT_SSH_SOCK_NAME,
SCDAEMON_SOCK_NAME,
KEYBOXD_SOCK_NAME,
DIRMNGR_SOCK_NAME
};
int i;
char *p;
for (i=0; i < DIM(names); i++)
{
p = strconcat (socketdir , "/", names[i], NULL);
if (p)
gnupg_remove (p);
xfree (p);
}
if (gnupg_rmdir (socketdir))
gc_error (1, 0, "error removing '%s': %s",
socketdir, gpg_strerror (err));
}
else if (gpg_err_code (err) == GPG_ERR_ENOENT)
gc_error (0, 0, "warning: removing '%s' failed: %s",
socketdir, gpg_strerror (err));
else
gc_error (1, 0, "error removing '%s': %s",
socketdir, gpg_strerror (err));
}
xfree (socketdir);
}
break;
case aShowVersions:
{
get_outfp (&outfp);
show_versions (outfp);
}
break;
case aShowConfigs:
{
get_outfp (&outfp);
show_configs (outfp);
}
break;
case aShowCodepages:
#ifdef HAVE_W32_SYSTEM
{
get_outfp (&outfp);
if (GetConsoleCP () != GetConsoleOutputCP ())
es_fprintf (outfp, "Console: CP%u/CP%u\n",
GetConsoleCP (), GetConsoleOutputCP ());
else
es_fprintf (outfp, "Console: CP%u\n", GetConsoleCP ());
es_fprintf (outfp, "ANSI: CP%u\n", GetACP ());
es_fprintf (outfp, "OEM: CP%u\n", GetOEMCP ());
}
#endif
break;
}
if (outfp != es_stdout)
if (es_fclose (outfp))
gc_error (1, errno, "error closing '%s'", opt.outfile);
if (log_get_errorcount (0))
gpgconf_failure (0);
else
gpgconf_write_status (STATUS_SUCCESS, NULL);
return 0;
}
void
gpgconf_failure (gpg_error_t err)
{
log_flush ();
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
gpgconf_write_status
(STATUS_FAILURE, "- %u",
gpg_err_code (err) == GPG_ERR_USER_2? GPG_ERR_EINVAL : err);
exit (gpg_err_code (err) == GPG_ERR_USER_2? 2 : 1);
}
/* Parse the revision part from the extended version blurb. */
static const char *
get_revision_from_blurb (const char *blurb, int *r_len)
{
const char *s = blurb? blurb : "";
int n;
for (; *s; s++)
if (*s == '\n' && s[1] == '(')
break;
if (s)
{
s += 2;
for (n=0; s[n] && s[n] != ' '; n++)
;
}
else
{
s = "?";
n = 1;
}
*r_len = n;
return s;
}
static void
show_version_gnupg (estream_t fp, const char *prefix)
{
char *fname, *p;
size_t n;
estream_t verfp;
char line[100];
es_fprintf (fp, "%s%sGnuPG %s (%s)\n%s%s\n", prefix, *prefix?"":"* ",
gpgrt_strusage (13), BUILD_REVISION, prefix, gpgrt_strusage (17));
/* Show the GnuPG VS-Desktop version in --show-configs mode */
if (prefix && *prefix == '#')
{
fname = make_filename (gnupg_bindir (), NULL);
n = strlen (fname);
if (n > 10 && (!ascii_strcasecmp (fname + n - 10, "/GnuPG/bin")
|| !ascii_strcasecmp (fname + n - 10, "\\GnuPG\\bin")))
{
/* Append VERSION to the ../../ direcory. Note that VERSION
* is only 7 bytes and thus fits. */
strcpy (fname + n - 9, "VERSION");
verfp = es_fopen (fname, "r");
if (!verfp)
es_fprintf (fp, "%s[VERSION file not found]\n", prefix);
else if (!es_fgets (line, sizeof line, verfp))
es_fprintf (fp, "%s[VERSION file is empty]\n", prefix);
else
{
trim_spaces (line);
for (p=line; *p; p++)
if (*p < ' ' || *p > '~' || *p == '[')
*p = '?';
es_fprintf (fp, "%s%s\n", prefix, line);
}
es_fclose (verfp);
}
xfree (fname);
}
#ifdef HAVE_W32_SYSTEM
{
OSVERSIONINFO osvi = { sizeof (osvi) };
GetVersionEx (&osvi);
es_fprintf (fp, "%sWindows %lu.%lu build %lu%s%s%s\n",
prefix,
(unsigned long)osvi.dwMajorVersion,
(unsigned long)osvi.dwMinorVersion,
(unsigned long)osvi.dwBuildNumber,
*osvi.szCSDVersion? " (":"",
osvi.szCSDVersion,
*osvi.szCSDVersion? ")":""
);
}
#endif /*HAVE_W32_SYSTEM*/
}
static void
show_version_libgcrypt (estream_t fp)
{
const char *s;
int n;
s = get_revision_from_blurb (gcry_check_version ("\x01\x01"), &n);
es_fprintf (fp, "* Libgcrypt %s (%.*s)\n",
gcry_check_version (NULL), n, s);
s = gcry_get_config (0, NULL);
if (s)
es_fputs (s, fp);
}
static void
show_version_gpgrt (estream_t fp)
{
const char *s;
int n;
s = get_revision_from_blurb (gpg_error_check_version ("\x01\x01"), &n);
es_fprintf (fp, "* GpgRT %s (%.*s)\n",
gpg_error_check_version (NULL), n, s);
}
/* Printing version information for other libraries is problematic
* because we don't want to link gpgconf to all these libraries. The
* best solution is delegating this to dirmngr which uses libassuan,
* libksba, libnpth and ntbtls anyway. */
static void
show_versions_via_dirmngr (estream_t fp)
{
gpg_error_t err;
const char *pgmname;
const char *argv[2];
estream_t outfp;
pid_t pid;
char *line = NULL;
size_t line_len = 0;
ssize_t length;
int exitcode;
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR);
argv[0] = "--gpgconf-versions";
argv[1] = NULL;
- err = gnupg_spawn_process (pgmname, argv, NULL, NULL, 0,
+ err = gnupg_spawn_process (pgmname, argv, NULL, 0,
NULL, &outfp, NULL, &pid);
if (err)
{
log_error ("error spawning %s: %s", pgmname, gpg_strerror (err));
es_fprintf (fp, "[error: can't get further info]\n");
return;
}
while ((length = es_read_line (outfp, &line, &line_len, NULL)) > 0)
{
/* Strip newline and carriage return, if present. */
while (length > 0
&& (line[length - 1] == '\n' || line[length - 1] == '\r'))
line[--length] = '\0';
es_fprintf (fp, "%s\n", line);
}
if (length < 0 || es_ferror (outfp))
{
err = gpg_error_from_syserror ();
log_error ("error reading from %s: %s\n", pgmname, gpg_strerror (err));
}
if (es_fclose (outfp))
{
err = gpg_error_from_syserror ();
log_error ("error closing output stream of %s: %s\n",
pgmname, gpg_strerror (err));
}
err = gnupg_wait_process (pgmname, pid, 1, &exitcode);
if (err)
{
log_error ("running %s failed (exitcode=%d): %s\n",
pgmname, exitcode, gpg_strerror (err));
es_fprintf (fp, "[error: can't get further info]\n");
}
gnupg_release_process (pid);
xfree (line);
}
/* Show all kind of version information. */
static void
show_versions (estream_t fp)
{
show_version_gnupg (fp, "");
es_fputc ('\n', fp);
show_version_libgcrypt (fp);
es_fputc ('\n', fp);
show_version_gpgrt (fp);
es_fputc ('\n', fp);
show_versions_via_dirmngr (fp);
}
/* Copy data from file SRC to DST. Returns 0 on success or an error
* code on failure. If LISTP is not NULL, that strlist is updated
* with the variabale or registry key names detected. Flag bit 0
* indicates a registry entry. */
static gpg_error_t
my_copy_file (estream_t src, estream_t dst, strlist_t *listp)
{
gpg_error_t err;
char *line = NULL;
size_t line_len = 0;
ssize_t length;
int written;
while ((length = es_read_line (src, &line, &line_len, NULL)) > 0)
{
/* Strip newline and carriage return, if present. */
written = gpgrt_fwrite (line, 1, length, dst);
if (written != length)
return gpg_error_from_syserror ();
trim_spaces (line);
if (*line == '[' && listp)
{
char **tokens;
char *p;
for (p=line+1; *p; p++)
if (*p != ' ' && *p != '\t')
break;
if (*p && p[strlen (p)-1] == ']')
p[strlen (p)-1] = 0;
tokens = strtokenize (p, " \t");
if (!tokens)
{
err = gpg_error_from_syserror ();
log_error ("strtokenize failed: %s\n", gpg_strerror (err));
return err;
}
/* Check whether we have a getreg or getenv statement and
* store the third token to later retrieval. */
if (tokens[0] && tokens[1] && tokens[2]
&& (!strcmp (tokens[0], "getreg")
|| !strcmp (tokens[0], "getenv")))
{
int isreg = (tokens[0][3] == 'r');
strlist_t sl = *listp;
for (sl = *listp; sl; sl = sl->next)
if (!strcmp (sl->d, tokens[2]) && (sl->flags & 1) == isreg)
break;
if (!sl) /* Not yet in the respective list. */
{
sl = add_to_strlist (listp, tokens[2]);
if (isreg)
sl->flags = 1;
}
}
xfree (tokens);
}
}
if (length < 0 || es_ferror (src))
return gpg_error_from_syserror ();
if (gpgrt_fflush (dst))
return gpg_error_from_syserror ();
return 0;
}
/* Helper for show_configs */
static void
show_configs_one_file (const char *fname, int global, estream_t outfp,
strlist_t *listp)
{
gpg_error_t err;
estream_t fp;
fp = es_fopen (fname, "r");
if (!fp)
{
err = gpg_error_from_syserror ();
es_fprintf (outfp, "###\n### %s config \"%s\": %s\n###\n",
global? "global":"local", fname,
(gpg_err_code (err) == GPG_ERR_ENOENT)?
"not installed" : gpg_strerror (err));
}
else
{
es_fprintf (outfp, "###\n### %s config \"%s\"\n###\n",
global? "global":"local", fname);
es_fprintf (outfp, CUTLINE_FMT, "start");
err = my_copy_file (fp, outfp, listp);
if (err)
log_error ("error copying file \"%s\": %s\n",
fname, gpg_strerror (err));
es_fprintf (outfp, CUTLINE_FMT, "end--");
es_fclose (fp);
}
}
#ifdef HAVE_W32_SYSTEM
/* Print registry entries relevant to the GnuPG system and related
* software. */
static void
show_other_registry_entries (estream_t outfp)
{
static struct {
int group;
const char *name;
} names[] =
{
{ 1, "HKLM\\Software\\Gpg4win:Install Directory" },
{ 1, "HKLM\\Software\\Gpg4win:Desktop-Version" },
{ 1, "HKLM\\Software\\Gpg4win:VS-Desktop-Version" },
{ 1, "\\" GNUPG_REGISTRY_DIR ":HomeDir" },
{ 1, "\\" GNUPG_REGISTRY_DIR ":DefaultLogFile" },
{ 2, "\\Software\\Microsoft\\Office\\Outlook\\Addins\\GNU.GpgOL"
":LoadBehavior" },
{ 2, "HKCU\\Software\\Microsoft\\Office\\16.0\\Outlook\\Options\\Mail:"
"ReadAsPlain" },
{ 2, "HKCU\\Software\\Policies\\Microsoft\\Office\\16.0\\Outlook\\"
"Options\\Mail:ReadAsPlain" },
{ 3, "logFile" },
{ 3, "enableDebug" },
{ 3, "searchSmimeServers" },
{ 3, "smimeInsecureReplyAllowed" },
{ 3, "enableSmime" },
{ 3, "preferSmime" },
{ 3, "encryptDefault" },
{ 3, "signDefault" },
{ 3, "inlinePGP" },
{ 3, "replyCrypt" },
{ 3, "autoresolve" },
{ 3, "autoretrieve" },
{ 3, "automation" },
{ 3, "autosecure" },
{ 3, "autotrust" },
{ 3, "autoencryptUntrusted" },
{ 3, "autoimport" },
{ 3, "splitBCCMails" },
{ 3, "combinedOpsEnabled" },
{ 3, "encryptSubject" },
{ 0, NULL }
};
int idx;
int group = 0;
char *namebuf = NULL;
const char *name;
int from_hklm;
for (idx=0; (name = names[idx].name); idx++)
{
char *value;
if (names[idx].group == 3)
{
xfree (namebuf);
namebuf = xstrconcat ("\\Software\\GNU\\GpgOL", ":",
names[idx].name, NULL);
name = namebuf;
}
value = read_w32_reg_string (name, &from_hklm);
if (!value)
continue;
if (names[idx].group != group)
{
group = names[idx].group;
es_fprintf (outfp, "###\n### %s related:\n",
group == 1 ? "GnuPG Desktop" :
group == 2 ? "Outlook" :
group == 3 ? "\\Software\\GNU\\GpgOL"
: "System" );
}
if (group == 3)
es_fprintf (outfp, "### %s=%s%s\n", names[idx].name, value,
from_hklm? " [hklm]":"");
else
es_fprintf (outfp, "### %s\n### ->%s<-%s\n", name, value,
from_hklm? " [hklm]":"");
xfree (value);
}
es_fprintf (outfp, "###\n");
xfree (namebuf);
}
/* Print registry entries take from a configuration file. */
static void
show_registry_entries_from_file (estream_t outfp)
{
gpg_error_t err;
char *fname;
estream_t fp;
char *line = NULL;
size_t length_of_line = 0;
size_t maxlen;
ssize_t len;
char *value = NULL;
int from_hklm;
int any = 0;
fname = make_filename (gnupg_datadir (), "gpgconf.rnames", NULL);
fp = es_fopen (fname, "r");
if (!fp)
{
err = gpg_error_from_syserror ();
if (gpg_err_code (err) != GPG_ERR_ENOENT)
log_error ("error opening '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
maxlen = 2048; /* Set limit. */
while ((len = es_read_line (fp, &line, &length_of_line, &maxlen)) > 0)
{
if (!maxlen)
{
err = gpg_error (GPG_ERR_LINE_TOO_LONG);
log_error ("error reading '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
trim_spaces (line);
if (*line == '#')
continue;
xfree (value);
value = read_w32_reg_string (line, &from_hklm);
if (!value)
continue;
if (!any)
{
any = 1;
es_fprintf (outfp, "### Taken from gpgconf.rnames:\n");
}
es_fprintf (outfp, "### %s\n### ->%s<-%s\n", line, value,
from_hklm? " [hklm]":"");
}
if (len < 0 || es_ferror (fp))
{
err = gpg_error_from_syserror ();
log_error ("error reading '%s': %s\n", fname, gpg_strerror (err));
}
leave:
if (any)
es_fprintf (outfp, "###\n");
xfree (value);
xfree (line);
es_fclose (fp);
xfree (fname);
}
#endif /*HAVE_W32_SYSTEM*/
/* Show all config files. */
static void
show_configs (estream_t outfp)
{
static const char *names[] = { "common.conf", "gpg-agent.conf",
"scdaemon.conf", "dirmngr.conf",
"gpg.conf", "gpgsm.conf" };
gpg_error_t err;
int idx;
char *fname;
gnupg_dir_t dir;
gnupg_dirent_t dir_entry;
size_t n;
int any;
strlist_t list = NULL;
strlist_t sl;
const char *s;
int got_gpgconfconf = 0;
es_fprintf (outfp, "### Dump of all standard config files\n");
show_version_gnupg (outfp, "### ");
es_fprintf (outfp, "### Libgcrypt %s\n", gcry_check_version (NULL));
es_fprintf (outfp, "### GpgRT %s\n", gpg_error_check_version (NULL));
#ifdef HAVE_W32_SYSTEM
es_fprintf (outfp, "### Codepages:");
if (GetConsoleCP () != GetConsoleOutputCP ())
es_fprintf (outfp, " %u/%u", GetConsoleCP (), GetConsoleOutputCP ());
else
es_fprintf (outfp, " %u", GetConsoleCP ());
es_fprintf (outfp, " %u", GetACP ());
es_fprintf (outfp, " %u\n", GetOEMCP ());
#endif
es_fprintf (outfp, "###\n\n");
list_dirs (outfp, NULL, 1);
es_fprintf (outfp, "\n");
fname = make_filename (gnupg_sysconfdir (), "gpgconf.conf", NULL);
if (!gnupg_access (fname, F_OK))
{
got_gpgconfconf = 1;
show_configs_one_file (fname, 1, outfp, &list);
es_fprintf (outfp, "\n");
}
xfree (fname);
for (idx = 0; idx < DIM (names); idx++)
{
fname = make_filename (gnupg_sysconfdir (), names[idx], NULL);
show_configs_one_file (fname, 1, outfp, &list);
xfree (fname);
fname = make_filename (gnupg_homedir (), names[idx], NULL);
show_configs_one_file (fname, 0, outfp, &list);
xfree (fname);
es_fprintf (outfp, "\n");
}
/* Print the encountered registry values and envvars. */
if (list)
{
any = 0;
for (sl = list; sl; sl = sl->next)
if (!(sl->flags & 1))
{
if (!any)
{
any = 1;
es_fprintf (outfp,
"###\n"
"### List of encountered environment variables:\n");
}
if ((s = getenv (sl->d)))
es_fprintf (outfp, "### %-12s ->%s<-\n", sl->d, s);
else
es_fprintf (outfp, "### %-12s [not set]\n", sl->d);
}
if (any)
es_fprintf (outfp, "###\n");
}
#ifdef HAVE_W32_SYSTEM
es_fprintf (outfp, "###\n### Registry entries:\n");
any = 0;
if (list)
{
for (sl = list; sl; sl = sl->next)
if ((sl->flags & 1))
{
char *p;
int from_hklm;
if (!any)
{
any = 1;
es_fprintf (outfp, "###\n### Encountered in config files:\n");
}
if ((p = read_w32_reg_string (sl->d, &from_hklm)))
es_fprintf (outfp, "### %s ->%s<-%s\n", sl->d, p,
from_hklm? " [hklm]":"");
else
es_fprintf (outfp, "### %s [not set]\n", sl->d);
xfree (p);
}
}
if (!any)
es_fprintf (outfp, "###\n");
show_other_registry_entries (outfp);
show_registry_entries_from_file (outfp);
#endif /*HAVE_W32_SYSTEM*/
free_strlist (list);
any = 0;
/* Additional warning. */
if (got_gpgconfconf)
{
es_fprintf (outfp,
"###\n"
"### Warning: legacy config file \"gpgconf.conf\" found\n");
any = 1;
}
/* Check for uncommon files in the home directory. */
dir = gnupg_opendir (gnupg_homedir ());
if (!dir)
{
err = gpg_error_from_syserror ();
log_error ("error reading directory \"%s\": %s\n",
gnupg_homedir (), gpg_strerror (err));
return;
}
while ((dir_entry = gnupg_readdir (dir)))
{
for (idx = 0; idx < DIM (names); idx++)
{
n = strlen (names[idx]);
if (!ascii_strncasecmp (dir_entry->d_name, names[idx], n)
&& dir_entry->d_name[n] == '-'
&& ascii_strncasecmp (dir_entry->d_name, "gpg.conf-1", 10))
{
if (!any)
{
any = 1;
es_fprintf (outfp,
"###\n"
"### Warning: suspicious files in \"%s\":\n",
gnupg_homedir ());
}
es_fprintf (outfp, "### %s\n", dir_entry->d_name);
}
}
}
if (any)
es_fprintf (outfp, "###\n");
gnupg_closedir (dir);
}
diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c
index 63d0e831b..3a7687d9f 100644
--- a/tools/gpgtar-create.c
+++ b/tools/gpgtar-create.c
@@ -1,1287 +1,1287 @@
/* gpgtar-create.c - Create a TAR archive
* Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
* Copyright (C) 2010, 2012, 2013 Werner Koch
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef HAVE_W32_SYSTEM
# define WIN32_LEAN_AND_MEAN
# include
#else /*!HAVE_W32_SYSTEM*/
# include
# include
#endif /*!HAVE_W32_SYSTEM*/
#include "../common/i18n.h"
#include
#include "../common/exechelp.h"
#include "../common/sysutils.h"
#include "../common/ccparray.h"
#include "../common/membuf.h"
#include "gpgtar.h"
#ifndef HAVE_LSTAT
#define lstat(a,b) gnupg_stat ((a), (b))
#endif
/* Count the number of written headers. Extended headers are not
* counted. */
static unsigned long global_header_count;
/* Object to control the file scanning. */
struct scanctrl_s;
typedef struct scanctrl_s *scanctrl_t;
struct scanctrl_s
{
tar_header_t flist;
tar_header_t *flist_tail;
int nestlevel;
};
/* On Windows convert name to UTF8 and return it; caller must release
* the result. On Unix or if ALREADY_UTF8 is set, this function is a
* mere xtrystrcopy. On failure NULL is returned and ERRNO set. */
static char *
name_to_utf8 (const char *name, int already_utf8)
{
#ifdef HAVE_W32_SYSTEM
wchar_t *wstring;
char *result;
if (already_utf8)
result = xtrystrdup (name);
else
{
wstring = native_to_wchar (name);
if (!wstring)
return NULL;
result = wchar_to_utf8 (wstring);
xfree (wstring);
}
return result;
#else /*!HAVE_W32_SYSTEM */
(void)already_utf8;
return xtrystrdup (name);
#endif /*!HAVE_W32_SYSTEM */
}
/* Given a fresh header object HDR with only the name field set, try
to gather all available info. This is the W32 version. */
#ifdef HAVE_W32_SYSTEM
static gpg_error_t
fillup_entry_w32 (tar_header_t hdr)
{
char *p;
wchar_t *wfname;
WIN32_FILE_ATTRIBUTE_DATA fad;
DWORD attr;
for (p=hdr->name; *p; p++)
if (*p == '/')
*p = '\\';
wfname = gpgrt_fname_to_wchar (hdr->name);
for (p=hdr->name; *p; p++)
if (*p == '\\')
*p = '/';
if (!wfname)
{
log_error ("error converting '%s': %s\n", hdr->name, w32_strerror (-1));
return gpg_error_from_syserror ();
}
if (!GetFileAttributesExW (wfname, GetFileExInfoStandard, &fad))
{
log_error ("error stat-ing '%s': %s\n", hdr->name, w32_strerror (-1));
xfree (wfname);
return gpg_error_from_syserror ();
}
xfree (wfname);
attr = fad.dwFileAttributes;
if ((attr & FILE_ATTRIBUTE_NORMAL))
hdr->typeflag = TF_REGULAR;
else if ((attr & FILE_ATTRIBUTE_DIRECTORY))
hdr->typeflag = TF_DIRECTORY;
else if ((attr & FILE_ATTRIBUTE_DEVICE))
hdr->typeflag = TF_NOTSUP;
else if ((attr & (FILE_ATTRIBUTE_OFFLINE | FILE_ATTRIBUTE_TEMPORARY)))
hdr->typeflag = TF_NOTSUP;
else
hdr->typeflag = TF_REGULAR;
/* Map some attributes to USTAR defined mode bits. */
hdr->mode = 0640; /* User may read and write, group only read. */
if ((attr & FILE_ATTRIBUTE_DIRECTORY))
hdr->mode |= 0110; /* Dirs are user and group executable. */
if ((attr & FILE_ATTRIBUTE_READONLY))
hdr->mode &= ~0200; /* Clear the user write bit. */
if ((attr & FILE_ATTRIBUTE_HIDDEN))
hdr->mode &= ~0707; /* Clear all user and other bits. */
if ((attr & FILE_ATTRIBUTE_SYSTEM))
hdr->mode |= 0004; /* Make it readable by other. */
/* Only set the size for a regular file. */
if (hdr->typeflag == TF_REGULAR)
hdr->size = (fad.nFileSizeHigh * ((unsigned long long)MAXDWORD+1)
+ fad.nFileSizeLow);
hdr->mtime = (((unsigned long long)fad.ftLastWriteTime.dwHighDateTime << 32)
| fad.ftLastWriteTime.dwLowDateTime);
if (!hdr->mtime)
hdr->mtime = (((unsigned long long)fad.ftCreationTime.dwHighDateTime << 32)
| fad.ftCreationTime.dwLowDateTime);
hdr->mtime -= 116444736000000000ULL; /* The filetime epoch is 1601-01-01. */
hdr->mtime /= 10000000; /* Convert from 0.1us to seconds. */
return 0;
}
#endif /*HAVE_W32_SYSTEM*/
/* Given a fresh header object HDR with only the name field set, try
to gather all available info. This is the POSIX version. */
#ifndef HAVE_W32_SYSTEM
static gpg_error_t
fillup_entry_posix (tar_header_t hdr)
{
gpg_error_t err;
struct stat sbuf;
if (lstat (hdr->name, &sbuf))
{
err = gpg_error_from_syserror ();
log_error ("error stat-ing '%s': %s\n", hdr->name, gpg_strerror (err));
return err;
}
if (S_ISREG (sbuf.st_mode))
hdr->typeflag = TF_REGULAR;
else if (S_ISDIR (sbuf.st_mode))
hdr->typeflag = TF_DIRECTORY;
else if (S_ISCHR (sbuf.st_mode))
hdr->typeflag = TF_CHARDEV;
else if (S_ISBLK (sbuf.st_mode))
hdr->typeflag = TF_BLOCKDEV;
else if (S_ISFIFO (sbuf.st_mode))
hdr->typeflag = TF_FIFO;
else if (S_ISLNK (sbuf.st_mode))
hdr->typeflag = TF_SYMLINK;
else
hdr->typeflag = TF_NOTSUP;
/* FIXME: Save DEV and INO? */
/* Set the USTAR defined mode bits using the system macros. */
if (sbuf.st_mode & S_IRUSR)
hdr->mode |= 0400;
if (sbuf.st_mode & S_IWUSR)
hdr->mode |= 0200;
if (sbuf.st_mode & S_IXUSR)
hdr->mode |= 0100;
if (sbuf.st_mode & S_IRGRP)
hdr->mode |= 0040;
if (sbuf.st_mode & S_IWGRP)
hdr->mode |= 0020;
if (sbuf.st_mode & S_IXGRP)
hdr->mode |= 0010;
if (sbuf.st_mode & S_IROTH)
hdr->mode |= 0004;
if (sbuf.st_mode & S_IWOTH)
hdr->mode |= 0002;
if (sbuf.st_mode & S_IXOTH)
hdr->mode |= 0001;
#ifdef S_IXUID
if (sbuf.st_mode & S_IXUID)
hdr->mode |= 04000;
#endif
#ifdef S_IXGID
if (sbuf.st_mode & S_IXGID)
hdr->mode |= 02000;
#endif
#ifdef S_ISVTX
if (sbuf.st_mode & S_ISVTX)
hdr->mode |= 01000;
#endif
hdr->nlink = sbuf.st_nlink;
hdr->uid = sbuf.st_uid;
hdr->gid = sbuf.st_gid;
/* Only set the size for a regular file. */
if (hdr->typeflag == TF_REGULAR)
hdr->size = sbuf.st_size;
hdr->mtime = sbuf.st_mtime;
return 0;
}
#endif /*!HAVE_W32_SYSTEM*/
/* Add a new entry. The name of a directory entry is ENTRYNAME; if
that is NULL, DNAME is the name of the directory itself. Under
Windows ENTRYNAME shall have backslashes replaced by standard
slashes. */
static gpg_error_t
add_entry (const char *dname, const char *entryname, scanctrl_t scanctrl)
{
gpg_error_t err;
tar_header_t hdr;
char *p;
size_t dnamelen = strlen (dname);
log_assert (dnamelen);
hdr = xtrycalloc (1, sizeof *hdr + dnamelen + 1
+ (entryname? strlen (entryname) : 0) + 1);
if (!hdr)
return gpg_error_from_syserror ();
p = stpcpy (hdr->name, dname);
if (entryname)
{
if (dname[dnamelen-1] != '/')
*p++ = '/';
strcpy (p, entryname);
}
else
{
if (hdr->name[dnamelen-1] == '/')
hdr->name[dnamelen-1] = 0;
}
#ifdef HAVE_DOSISH_SYSTEM
err = fillup_entry_w32 (hdr);
#else
err = fillup_entry_posix (hdr);
#endif
if (err)
xfree (hdr);
else
{
/* FIXME: We don't have the extended info yet available so we
* can't print them. */
if (opt.verbose)
gpgtar_print_header (hdr, NULL, log_get_stream ());
*scanctrl->flist_tail = hdr;
scanctrl->flist_tail = &hdr->next;
}
return 0;
}
static gpg_error_t
scan_directory (const char *dname, scanctrl_t scanctrl)
{
gpg_error_t err = 0;
#ifdef HAVE_W32_SYSTEM
/* Note that we introduced gnupg_opendir only after we had deployed
* this code and thus we don't change it for now. */
WIN32_FIND_DATAW fi;
HANDLE hd = INVALID_HANDLE_VALUE;
char *p;
if (!*dname)
return 0; /* An empty directory name has no entries. */
{
char *fname;
wchar_t *wfname;
fname = xtrymalloc (strlen (dname) + 2 + 2 + 1);
if (!fname)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (!strcmp (dname, "/"))
strcpy (fname, "/*"); /* Trailing slash is not allowed. */
else if (!strcmp (dname, "."))
strcpy (fname, "*");
else if (*dname && dname[strlen (dname)-1] == '/')
strcpy (stpcpy (fname, dname), "*");
else if (*dname && dname[strlen (dname)-1] != '*')
strcpy (stpcpy (fname, dname), "/*");
else
strcpy (fname, dname);
for (p=fname; *p; p++)
if (*p == '/')
*p = '\\';
wfname = gpgrt_fname_to_wchar (fname);
xfree (fname);
if (!wfname)
{
err = gpg_error_from_syserror ();
log_error (_("error reading directory '%s': %s\n"),
dname, gpg_strerror (err));
goto leave;
}
hd = FindFirstFileW (wfname, &fi);
if (hd == INVALID_HANDLE_VALUE)
{
err = gpg_error_from_syserror ();
log_error (_("error reading directory '%s': %s\n"),
dname, w32_strerror (-1));
xfree (wfname);
goto leave;
}
xfree (wfname);
}
do
{
char *fname = wchar_to_utf8 (fi.cFileName);
if (!fname)
{
err = gpg_error_from_syserror ();
log_error ("error converting filename: %s\n", w32_strerror (-1));
break;
}
for (p=fname; *p; p++)
if (*p == '\\')
*p = '/';
if (!strcmp (fname, "." ) || !strcmp (fname, ".."))
err = 0; /* Skip self and parent dir entry. */
else if (!strncmp (dname, "./", 2) && dname[2])
err = add_entry (dname+2, fname, scanctrl);
else
err = add_entry (dname, fname, scanctrl);
xfree (fname);
}
while (!err && FindNextFileW (hd, &fi));
if (err)
;
else if (GetLastError () == ERROR_NO_MORE_FILES)
err = 0;
else
{
err = gpg_error_from_syserror ();
log_error (_("error reading directory '%s': %s\n"),
dname, w32_strerror (-1));
}
leave:
if (hd != INVALID_HANDLE_VALUE)
FindClose (hd);
#else /*!HAVE_W32_SYSTEM*/
DIR *dir;
struct dirent *de;
if (!*dname)
return 0; /* An empty directory name has no entries. */
dir = opendir (dname);
if (!dir)
{
err = gpg_error_from_syserror ();
log_error (_("error reading directory '%s': %s\n"),
dname, gpg_strerror (err));
return err;
}
while ((de = readdir (dir)))
{
if (!strcmp (de->d_name, "." ) || !strcmp (de->d_name, ".."))
continue; /* Skip self and parent dir entry. */
err = add_entry (dname, de->d_name, scanctrl);
if (err)
goto leave;
}
leave:
closedir (dir);
#endif /*!HAVE_W32_SYSTEM*/
return err;
}
static gpg_error_t
scan_recursive (const char *dname, scanctrl_t scanctrl)
{
gpg_error_t err = 0;
tar_header_t hdr, *start_tail, *stop_tail;
if (scanctrl->nestlevel > 200)
{
log_error ("directories too deeply nested\n");
return gpg_error (GPG_ERR_RESOURCE_LIMIT);
}
scanctrl->nestlevel++;
log_assert (scanctrl->flist_tail);
start_tail = scanctrl->flist_tail;
scan_directory (dname, scanctrl);
stop_tail = scanctrl->flist_tail;
hdr = *start_tail;
for (; hdr && hdr != *stop_tail; hdr = hdr->next)
if (hdr->typeflag == TF_DIRECTORY)
{
if (opt.verbose > 1)
log_info ("scanning directory '%s'\n", hdr->name);
scan_recursive (hdr->name, scanctrl);
}
scanctrl->nestlevel--;
return err;
}
/* Returns true if PATTERN is acceptable. */
static int
pattern_valid_p (const char *pattern)
{
if (!*pattern)
return 0;
if (*pattern == '.' && pattern[1] == '.')
return 0;
if (*pattern == '/'
#ifdef HAVE_DOSISH_SYSTEM
|| *pattern == '\\'
#endif
)
return 0; /* Absolute filenames are not supported. */
#ifdef HAVE_DRIVE_LETTERS
if (((*pattern >= 'a' && *pattern <= 'z')
|| (*pattern >= 'A' && *pattern <= 'Z'))
&& pattern[1] == ':')
return 0; /* Drive letter are not allowed either. */
#endif /*HAVE_DRIVE_LETTERS*/
return 1; /* Okay. */
}
static void
store_xoctal (char *buffer, size_t length, unsigned long long value)
{
char *p, *pend;
size_t n;
unsigned long long v;
log_assert (length > 1);
v = value;
n = length;
p = pend = buffer + length;
*--p = 0; /* Nul byte. */
n--;
do
{
*--p = '0' + (v % 8);
v /= 8;
n--;
}
while (v && n);
if (!v)
{
/* Pad. */
for ( ; n; n--)
*--p = '0';
}
else /* Does not fit into the field. Store as binary number. */
{
v = value;
n = length;
p = pend = buffer + length;
do
{
*--p = v;
v /= 256;
n--;
}
while (v && n);
if (!v)
{
/* Pad. */
for ( ; n; n--)
*--p = 0;
if (*p & 0x80)
BUG ();
*p |= 0x80; /* Set binary flag. */
}
else
BUG ();
}
}
static void
store_uname (char *buffer, size_t length, unsigned long uid)
{
static int initialized;
static unsigned long lastuid;
static char lastuname[32];
if (!initialized || uid != lastuid)
{
#ifdef HAVE_W32_SYSTEM
mem2str (lastuname, uid? "user":"root", sizeof lastuname);
#else
struct passwd *pw = getpwuid (uid);
lastuid = uid;
initialized = 1;
if (pw)
mem2str (lastuname, pw->pw_name, sizeof lastuname);
else
{
log_info ("failed to get name for uid %lu\n", uid);
*lastuname = 0;
}
#endif
}
mem2str (buffer, lastuname, length);
}
static void
store_gname (char *buffer, size_t length, unsigned long gid)
{
static int initialized;
static unsigned long lastgid;
static char lastgname[32];
if (!initialized || gid != lastgid)
{
#ifdef HAVE_W32_SYSTEM
mem2str (lastgname, gid? "users":"root", sizeof lastgname);
#else
struct group *gr = getgrgid (gid);
lastgid = gid;
initialized = 1;
if (gr)
mem2str (lastgname, gr->gr_name, sizeof lastgname);
else
{
log_info ("failed to get name for gid %lu\n", gid);
*lastgname = 0;
}
#endif
}
mem2str (buffer, lastgname, length);
}
static void
compute_checksum (void *record)
{
struct ustar_raw_header *raw = record;
unsigned long chksum = 0;
unsigned char *p;
size_t n;
memset (raw->checksum, ' ', sizeof raw->checksum);
p = record;
for (n=0; n < RECORDSIZE; n++)
chksum += *p++;
store_xoctal (raw->checksum, sizeof raw->checksum - 1, chksum);
raw->checksum[7] = ' ';
}
/* Read a symlink without truncating it. Caller must release the
* returned buffer. Returns NULL on error. */
#ifndef HAVE_W32_SYSTEM
static char *
myreadlink (const char *name)
{
char *buffer;
size_t size;
int nread;
for (size = 1024; size <= 65536; size *= 2)
{
buffer = xtrymalloc (size);
if (!buffer)
return NULL;
nread = readlink (name, buffer, size - 1);
if (nread < 0)
{
xfree (buffer);
return NULL;
}
if (nread < size - 1)
{
buffer[nread] = 0;
return buffer; /* Got it. */
}
xfree (buffer);
}
gpg_err_set_errno (ERANGE);
return NULL;
}
#endif /*Unix*/
/* Build a header. If the filename or the link name ist too long
* allocate an exthdr and use a replacement file name in RECORD.
* Caller should always release R_EXTHDR; this function initializes it
* to point to NULL. */
static gpg_error_t
build_header (void *record, tar_header_t hdr, strlist_t *r_exthdr)
{
gpg_error_t err;
struct ustar_raw_header *raw = record;
size_t namelen, n;
strlist_t sl;
memset (record, 0, RECORDSIZE);
*r_exthdr = NULL;
/* Store name and prefix. */
namelen = strlen (hdr->name);
if (namelen < sizeof raw->name)
memcpy (raw->name, hdr->name, namelen);
else
{
n = (namelen < sizeof raw->prefix)? namelen : sizeof raw->prefix;
for (n--; n ; n--)
if (hdr->name[n] == '/')
break;
if (namelen - n < sizeof raw->name)
{
/* Note that the N is < sizeof prefix and that the
delimiting slash is not stored. */
memcpy (raw->prefix, hdr->name, n);
memcpy (raw->name, hdr->name+n+1, namelen - n);
}
else
{
/* Too long - prepare extended header. */
sl = add_to_strlist_try (r_exthdr, hdr->name);
if (!sl)
{
err = gpg_error_from_syserror ();
log_error ("error storing file '%s': %s\n",
hdr->name, gpg_strerror (err));
return err;
}
sl->flags = 1; /* Mark as path */
/* The name we use is not POSIX compliant but because we
* expect that (for security issues) a tarball will anyway
* be extracted to a unique new directory, a simple counter
* will do. To ease testing we also put in the PID. The
* count is bumped after the header has been written. */
snprintf (raw->name, sizeof raw->name-1, "_@paxheader.%u.%lu",
(unsigned int)getpid(), global_header_count + 1);
}
}
store_xoctal (raw->mode, sizeof raw->mode, hdr->mode);
store_xoctal (raw->uid, sizeof raw->uid, hdr->uid);
store_xoctal (raw->gid, sizeof raw->gid, hdr->gid);
store_xoctal (raw->size, sizeof raw->size, hdr->size);
store_xoctal (raw->mtime, sizeof raw->mtime, hdr->mtime);
switch (hdr->typeflag)
{
case TF_REGULAR: raw->typeflag[0] = '0'; break;
case TF_HARDLINK: raw->typeflag[0] = '1'; break;
case TF_SYMLINK: raw->typeflag[0] = '2'; break;
case TF_CHARDEV: raw->typeflag[0] = '3'; break;
case TF_BLOCKDEV: raw->typeflag[0] = '4'; break;
case TF_DIRECTORY: raw->typeflag[0] = '5'; break;
case TF_FIFO: raw->typeflag[0] = '6'; break;
default: return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
memcpy (raw->magic, "ustar", 6);
raw->version[0] = '0';
raw->version[1] = '0';
store_uname (raw->uname, sizeof raw->uname, hdr->uid);
store_gname (raw->gname, sizeof raw->gname, hdr->gid);
#ifndef HAVE_W32_SYSTEM
if (hdr->typeflag == TF_SYMLINK)
{
int nread;
char *p;
nread = readlink (hdr->name, raw->linkname, sizeof raw->linkname -1);
if (nread < 0)
{
err = gpg_error_from_syserror ();
log_error ("error reading symlink '%s': %s\n",
hdr->name, gpg_strerror (err));
return err;
}
raw->linkname[nread] = 0;
if (nread == sizeof raw->linkname -1)
{
/* Truncated - read again and store as extended header. */
p = myreadlink (hdr->name);
if (!p)
{
err = gpg_error_from_syserror ();
log_error ("error reading symlink '%s': %s\n",
hdr->name, gpg_strerror (err));
return err;
}
sl = add_to_strlist_try (r_exthdr, p);
xfree (p);
if (!sl)
{
err = gpg_error_from_syserror ();
log_error ("error storing syslink '%s': %s\n",
hdr->name, gpg_strerror (err));
return err;
}
sl->flags = 2; /* Mark as linkpath */
}
}
#endif /*!HAVE_W32_SYSTEM*/
compute_checksum (record);
return 0;
}
/* Add an extended header record (NAME,VALUE) to the buffer MB. */
static void
add_extended_header_record (membuf_t *mb, const char *name, const char *value)
{
size_t n, n0, n1;
char numbuf[35];
size_t valuelen;
/* To avoid looping in most cases, we guess the initial value. */
valuelen = strlen (value);
n1 = valuelen > 95? 3 : 2;
do
{
n0 = n1;
/* (3 for the space before name, the '=', and the LF.) */
n = n0 + strlen (name) + valuelen + 3;
snprintf (numbuf, sizeof numbuf, "%zu", n);
n1 = strlen (numbuf);
}
while (n0 != n1);
put_membuf_str (mb, numbuf);
put_membuf (mb, " ", 1);
put_membuf_str (mb, name);
put_membuf (mb, "=", 1);
put_membuf (mb, value, valuelen);
put_membuf (mb, "\n", 1);
}
/* Write the extended header specified by EXTHDR to STREAM. */
static gpg_error_t
write_extended_header (estream_t stream, const void *record, strlist_t exthdr)
{
gpg_error_t err = 0;
struct ustar_raw_header raw;
strlist_t sl;
membuf_t mb;
char *buffer, *p;
size_t buflen;
init_membuf (&mb, 2*RECORDSIZE);
for (sl=exthdr; sl; sl = sl->next)
{
if (sl->flags == 1)
add_extended_header_record (&mb, "path", sl->d);
else if (sl->flags == 2)
add_extended_header_record (&mb, "linkpath", sl->d);
}
buffer = get_membuf (&mb, &buflen);
if (!buffer)
{
err = gpg_error_from_syserror ();
log_error ("error building extended header: %s\n", gpg_strerror (err));
goto leave;
}
/* We copy the header from the standard header record, so that an
* extracted extended header (using a non-pax aware software) is
* written with the same properties as the original file. The real
* entry will overwrite it anyway. Of course we adjust the size and
* the type. */
memcpy (&raw, record, RECORDSIZE);
store_xoctal (raw.size, sizeof raw.size, buflen);
raw.typeflag[0] = 'x'; /* Mark as extended header. */
compute_checksum (&raw);
err = write_record (stream, &raw);
if (err)
goto leave;
for (p = buffer; buflen >= RECORDSIZE; p += RECORDSIZE, buflen -= RECORDSIZE)
{
err = write_record (stream, p);
if (err)
goto leave;
}
if (buflen)
{
/* Reuse RAW for builidng the last record. */
memcpy (&raw, p, buflen);
memset ((char*)&raw+buflen, 0, RECORDSIZE - buflen);
err = write_record (stream, &raw);
if (err)
goto leave;
}
leave:
xfree (buffer);
return err;
}
static gpg_error_t
write_file (estream_t stream, tar_header_t hdr)
{
gpg_error_t err;
char record[RECORDSIZE];
estream_t infp;
size_t nread, nbytes;
strlist_t exthdr = NULL;
int any;
err = build_header (record, hdr, &exthdr);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
{
log_info ("skipping unsupported file '%s'\n", hdr->name);
err = 0;
}
return err;
}
if (hdr->typeflag == TF_REGULAR)
{
infp = es_fopen (hdr->name, "rb,sysopen");
if (!infp)
{
err = gpg_error_from_syserror ();
log_error ("can't open '%s': %s - skipped\n",
hdr->name, gpg_strerror (err));
return err;
}
}
else
infp = NULL;
if (exthdr && (err = write_extended_header (stream, record, exthdr)))
goto leave;
err = write_record (stream, record);
if (err)
goto leave;
global_header_count++;
if (hdr->typeflag == TF_REGULAR)
{
hdr->nrecords = (hdr->size + RECORDSIZE-1)/RECORDSIZE;
any = 0;
while (hdr->nrecords--)
{
nbytes = hdr->nrecords? RECORDSIZE : (hdr->size % RECORDSIZE);
if (!nbytes)
nbytes = RECORDSIZE;
nread = es_fread (record, 1, nbytes, infp);
if (nread != nbytes)
{
err = gpg_error_from_syserror ();
log_error ("error reading file '%s': %s%s\n",
hdr->name, gpg_strerror (err),
any? " (file shrunk?)":"");
goto leave;
}
else if (nbytes < RECORDSIZE)
memset (record + nbytes, 0, RECORDSIZE - nbytes);
any = 1;
err = write_record (stream, record);
if (err)
goto leave;
}
nread = es_fread (record, 1, 1, infp);
if (nread)
log_info ("note: file '%s' has grown\n", hdr->name);
}
leave:
if (err)
es_fclose (infp);
else if ((err = es_fclose (infp)))
log_error ("error closing file '%s': %s\n", hdr->name, gpg_strerror (err));
free_strlist (exthdr);
return err;
}
static gpg_error_t
write_eof_mark (estream_t stream)
{
gpg_error_t err;
char record[RECORDSIZE];
memset (record, 0, sizeof record);
err = write_record (stream, record);
if (!err)
err = write_record (stream, record);
return err;
}
/* Create a new tarball using the names in the array INPATTERN. If
INPATTERN is NULL take the pattern as null terminated strings from
stdin or from the file specified by FILES_FROM. If NULL_NAMES is
set the filenames in such a file are delimited by a binary Nul and
not by a LF. */
gpg_error_t
gpgtar_create (char **inpattern, const char *files_from, int null_names,
int encrypt, int sign)
{
gpg_error_t err = 0;
struct scanctrl_s scanctrl_buffer;
scanctrl_t scanctrl = &scanctrl_buffer;
tar_header_t hdr, *start_tail;
estream_t files_from_stream = NULL;
estream_t outstream = NULL;
int eof_seen = 0;
pid_t pid = (pid_t)(-1);
memset (scanctrl, 0, sizeof *scanctrl);
scanctrl->flist_tail = &scanctrl->flist;
if (!inpattern)
{
if (!files_from || !strcmp (files_from, "-"))
{
files_from = "-";
files_from_stream = es_stdin;
if (null_names)
es_set_binary (es_stdin);
}
else if (!(files_from_stream=es_fopen (files_from, null_names? "rb":"r")))
{
err = gpg_error_from_syserror ();
log_error ("error opening '%s': %s\n",
files_from, gpg_strerror (err));
return err;
}
}
if (opt.directory && gnupg_chdir (opt.directory))
{
err = gpg_error_from_syserror ();
log_error ("chdir to '%s' failed: %s\n",
opt.directory, gpg_strerror (err));
return err;
}
while (!eof_seen)
{
char *pat, *p;
int skip_this = 0;
if (inpattern)
{
const char *pattern = *inpattern;
if (!pattern)
break; /* End of array. */
inpattern++;
if (!*pattern)
continue;
pat = name_to_utf8 (pattern, 0);
}
else /* Read Nul or LF delimited pattern from files_from_stream. */
{
int c;
char namebuf[4096];
size_t n = 0;
for (;;)
{
if ((c = es_getc (files_from_stream)) == EOF)
{
if (es_ferror (files_from_stream))
{
err = gpg_error_from_syserror ();
log_error ("error reading '%s': %s\n",
files_from, gpg_strerror (err));
goto leave;
}
c = null_names ? 0 : '\n';
eof_seen = 1;
}
if (n >= sizeof namebuf - 1)
{
if (!skip_this)
{
skip_this = 1;
log_error ("error reading '%s': %s\n",
files_from, "filename too long");
}
}
else
namebuf[n++] = c;
if (null_names)
{
if (!c)
{
namebuf[n] = 0;
break;
}
}
else /* Shall be LF delimited. */
{
if (!c)
{
if (!skip_this)
{
skip_this = 1;
log_error ("error reading '%s': %s\n",
files_from, "filename with embedded Nul");
}
}
else if ( c == '\n' )
{
namebuf[n] = 0;
ascii_trim_spaces (namebuf);
n = strlen (namebuf);
break;
}
}
}
if (skip_this || n < 2)
continue;
pat = name_to_utf8 (namebuf, opt.utf8strings);
}
if (!pat)
{
err = gpg_error_from_syserror ();
log_error ("memory allocation problem: %s\n", gpg_strerror (err));
goto leave;
}
for (p=pat; *p; p++)
if (*p == '\\')
*p = '/';
if (opt.verbose > 1)
log_info ("scanning '%s'\n", pat);
start_tail = scanctrl->flist_tail;
if (skip_this || !pattern_valid_p (pat))
log_error ("skipping invalid name '%s'\n", pat);
else if (!add_entry (pat, NULL, scanctrl)
&& *start_tail && ((*start_tail)->typeflag & TF_DIRECTORY))
scan_recursive (pat, scanctrl);
xfree (pat);
}
if (files_from_stream && files_from_stream != es_stdin)
es_fclose (files_from_stream);
if (encrypt || sign)
{
strlist_t arg;
ccparray_t ccp;
const char **argv;
/* '--encrypt' may be combined with '--symmetric', but 'encrypt'
* is set either way. Clear it if no recipients are specified.
*/
if (opt.symmetric && opt.recipients == NULL)
encrypt = 0;
ccparray_init (&ccp, 0);
if (opt.batch)
ccparray_put (&ccp, "--batch");
if (opt.answer_yes)
ccparray_put (&ccp, "--yes");
if (opt.answer_no)
ccparray_put (&ccp, "--no");
if (opt.require_compliance)
ccparray_put (&ccp, "--require-compliance");
if (opt.status_fd != -1)
{
static char tmpbuf[40];
snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
ccparray_put (&ccp, tmpbuf);
}
ccparray_put (&ccp, "--output");
ccparray_put (&ccp, opt.outfile? opt.outfile : "-");
if (encrypt)
ccparray_put (&ccp, "--encrypt");
if (sign)
ccparray_put (&ccp, "--sign");
if (opt.user)
{
ccparray_put (&ccp, "--local-user");
ccparray_put (&ccp, opt.user);
}
if (opt.symmetric)
ccparray_put (&ccp, "--symmetric");
for (arg = opt.recipients; arg; arg = arg->next)
{
ccparray_put (&ccp, "--recipient");
ccparray_put (&ccp, arg->d);
}
for (arg = opt.gpg_arguments; arg; arg = arg->next)
ccparray_put (&ccp, arg->d);
ccparray_put (&ccp, NULL);
argv = ccparray_get (&ccp, NULL);
if (!argv)
{
err = gpg_error_from_syserror ();
goto leave;
}
- err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
+ err = gnupg_spawn_process (opt.gpg_program, argv, NULL,
(GNUPG_SPAWN_KEEP_STDOUT
| GNUPG_SPAWN_KEEP_STDERR),
&outstream, NULL, NULL, &pid);
xfree (argv);
if (err)
goto leave;
es_set_binary (outstream);
}
else if (opt.outfile) /* No crypto */
{
if (!strcmp (opt.outfile, "-"))
outstream = es_stdout;
else
outstream = es_fopen (opt.outfile, "wb,sysopen");
if (!outstream)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (outstream == es_stdout)
es_set_binary (es_stdout);
}
else /* Also no crypto. */
{
outstream = es_stdout;
es_set_binary (outstream);
}
for (hdr = scanctrl->flist; hdr; hdr = hdr->next)
{
err = write_file (outstream, hdr);
if (err)
goto leave;
}
err = write_eof_mark (outstream);
if (err)
goto leave;
if (pid != (pid_t)(-1))
{
int exitcode;
err = es_fclose (outstream);
outstream = NULL;
if (err)
log_error ("error closing pipe: %s\n", gpg_strerror (err));
else
{
err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
if (err)
log_error ("running %s failed (exitcode=%d): %s",
opt.gpg_program, exitcode, gpg_strerror (err));
gnupg_release_process (pid);
pid = (pid_t)(-1);
}
}
leave:
if (!err)
{
gpg_error_t first_err;
if (outstream != es_stdout || pid != (pid_t)(-1))
first_err = es_fclose (outstream);
else
first_err = es_fflush (outstream);
outstream = NULL;
if (! err)
err = first_err;
}
if (err)
{
log_error ("creating tarball '%s' failed: %s\n",
opt.outfile ? opt.outfile : "-", gpg_strerror (err));
if (outstream && outstream != es_stdout)
es_fclose (outstream);
if (opt.outfile)
gnupg_remove (opt.outfile);
}
scanctrl->flist_tail = NULL;
while ( (hdr = scanctrl->flist) )
{
scanctrl->flist = hdr->next;
xfree (hdr);
}
return err;
}
diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c
index 832039b2c..f96887f40 100644
--- a/tools/gpgtar-extract.c
+++ b/tools/gpgtar-extract.c
@@ -1,485 +1,485 @@
/* gpgtar-extract.c - Extract from a TAR archive
* Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
* Copyright (C) 2010, 2012, 2013 Werner Koch
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include "../common/i18n.h"
#include
#include "../common/exechelp.h"
#include "../common/sysutils.h"
#include "../common/ccparray.h"
#include "gpgtar.h"
static gpg_error_t
check_suspicious_name (const char *name)
{
size_t n;
n = strlen (name);
#ifdef HAVE_DOSISH_SYSTEM
if (strchr (name, '\\'))
{
log_error ("filename '%s' contains a backslash - "
"can't extract on this system\n", name);
return gpg_error (GPG_ERR_INV_NAME);
}
#endif /*HAVE_DOSISH_SYSTEM*/
if (!n
|| strstr (name, "//")
|| strstr (name, "/../")
|| !strncmp (name, "../", 3)
|| (n >= 3 && !strcmp (name+n-3, "/.." )))
{
log_error ("filename '%s' has suspicious parts - not extracting\n",
name);
return gpg_error (GPG_ERR_INV_NAME);
}
return 0;
}
static gpg_error_t
extract_regular (estream_t stream, const char *dirname,
tarinfo_t info, tar_header_t hdr, strlist_t exthdr)
{
gpg_error_t err;
char record[RECORDSIZE];
size_t n, nbytes, nwritten;
char *fname_buffer = NULL;
const char *fname;
estream_t outfp = NULL;
strlist_t sl;
fname = hdr->name;
for (sl = exthdr; sl; sl = sl->next)
if (sl->flags == 1)
fname = sl->d;
err = check_suspicious_name (fname);
if (err)
goto leave;
fname_buffer = strconcat (dirname, "/", fname, NULL);
if (!fname_buffer)
{
err = gpg_error_from_syserror ();
log_error ("error creating filename: %s\n", gpg_strerror (err));
goto leave;
}
fname = fname_buffer;
if (opt.dry_run)
outfp = es_fopen ("/dev/null", "wb");
else
outfp = es_fopen (fname, "wb,sysopen");
if (!outfp)
{
err = gpg_error_from_syserror ();
log_error ("error creating '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
for (n=0; n < hdr->nrecords;)
{
err = read_record (stream, record);
if (err)
goto leave;
info->nblocks++;
n++;
if (n < hdr->nrecords || (hdr->size && !(hdr->size % RECORDSIZE)))
nbytes = RECORDSIZE;
else
nbytes = (hdr->size % RECORDSIZE);
nwritten = es_fwrite (record, 1, nbytes, outfp);
if (nwritten != nbytes)
{
err = gpg_error_from_syserror ();
log_error ("error writing '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
}
/* Fixme: Set permissions etc. */
leave:
if (!err && opt.verbose)
log_info ("extracted '%s'\n", fname);
es_fclose (outfp);
if (err && fname && outfp)
{
if (gnupg_remove (fname))
log_error ("error removing incomplete file '%s': %s\n",
fname, gpg_strerror (gpg_error_from_syserror ()));
}
xfree (fname_buffer);
return err;
}
static gpg_error_t
extract_directory (const char *dirname, tar_header_t hdr, strlist_t exthdr)
{
gpg_error_t err;
const char *name;
char *fname = NULL;
strlist_t sl;
name = hdr->name;
for (sl = exthdr; sl; sl = sl->next)
if (sl->flags == 1)
name = sl->d;
err = check_suspicious_name (name);
if (err)
goto leave;
fname = strconcat (dirname, "/", name, NULL);
if (!fname)
{
err = gpg_error_from_syserror ();
log_error ("error creating filename: %s\n", gpg_strerror (err));
goto leave;
}
/* Remove a possible trailing slash. */
if (fname[strlen (fname)-1] == '/')
fname[strlen (fname)-1] = 0;
if (! opt.dry_run && gnupg_mkdir (fname, "-rwx------"))
{
err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_EEXIST)
{
/* Ignore existing directories while extracting. */
err = 0;
}
if (gpg_err_code (err) == GPG_ERR_ENOENT)
{
/* Try to create the directory with parents but keep the
original error code in case of a failure. */
int rc = 0;
char *p;
size_t prefixlen;
/* (PREFIXLEN is the length of the new directory we use to
* extract the tarball.) */
prefixlen = strlen (dirname) + 1;
for (p = fname+prefixlen; (p = strchr (p, '/')); p++)
{
*p = 0;
rc = gnupg_mkdir (fname, "-rwx------");
*p = '/';
if (rc)
break;
}
if (!rc && !gnupg_mkdir (fname, "-rwx------"))
err = 0;
}
if (err)
log_error ("error creating directory '%s': %s\n",
fname, gpg_strerror (err));
}
leave:
if (!err && opt.verbose)
log_info ("created '%s/'\n", fname);
xfree (fname);
return err;
}
static gpg_error_t
extract (estream_t stream, const char *dirname, tarinfo_t info,
tar_header_t hdr, strlist_t exthdr)
{
gpg_error_t err;
size_t n;
if (hdr->typeflag == TF_REGULAR || hdr->typeflag == TF_UNKNOWN)
err = extract_regular (stream, dirname, info, hdr, exthdr);
else if (hdr->typeflag == TF_DIRECTORY)
err = extract_directory (dirname, hdr, exthdr);
else
{
char record[RECORDSIZE];
log_info ("unsupported file type %d for '%s' - skipped\n",
(int)hdr->typeflag, hdr->name);
for (err = 0, n=0; !err && n < hdr->nrecords; n++)
{
err = read_record (stream, record);
if (!err)
info->nblocks++;
}
}
return err;
}
/* Create a new directory to be used for extracting the tarball.
Returns the name of the directory which must be freed by the
caller. In case of an error a diagnostic is printed and NULL
returned. */
static char *
create_directory (const char *dirprefix)
{
gpg_error_t err = 0;
char *prefix_buffer = NULL;
char *dirname = NULL;
size_t n;
int idx;
/* Remove common suffixes. */
n = strlen (dirprefix);
if (n > 4 && (!compare_filenames (dirprefix + n - 4, EXTSEP_S GPGEXT_GPG)
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "pgp")
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "asc")
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "pem")
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "p7m")
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "p7e")))
{
prefix_buffer = xtrystrdup (dirprefix);
if (!prefix_buffer)
{
err = gpg_error_from_syserror ();
goto leave;
}
prefix_buffer[n-4] = 0;
dirprefix = prefix_buffer;
}
for (idx=1; idx < 5000; idx++)
{
xfree (dirname);
dirname = xtryasprintf ("%s_%d_", dirprefix, idx);
if (!dirname)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (!gnupg_mkdir (dirname, "-rwx------"))
goto leave; /* Ready. */
if (errno != EEXIST && errno != ENOTDIR)
{
err = gpg_error_from_syserror ();
goto leave;
}
}
err = gpg_error (GPG_ERR_LIMIT_REACHED);
leave:
if (err)
{
log_error ("error creating an extract directory: %s\n",
gpg_strerror (err));
xfree (dirname);
dirname = NULL;
}
xfree (prefix_buffer);
return dirname;
}
gpg_error_t
gpgtar_extract (const char *filename, int decrypt)
{
gpg_error_t err;
estream_t stream = NULL;
tar_header_t header = NULL;
strlist_t extheader = NULL;
const char *dirprefix = NULL;
char *dirname = NULL;
struct tarinfo_s tarinfo_buffer;
tarinfo_t tarinfo = &tarinfo_buffer;
pid_t pid = (pid_t)(-1);
char *logfilename = NULL;
memset (&tarinfo_buffer, 0, sizeof tarinfo_buffer);
if (opt.directory)
dirname = xtrystrdup (opt.directory);
else
{
if (opt.filename)
{
dirprefix = strrchr (opt.filename, '/');
if (dirprefix)
dirprefix++;
else
dirprefix = opt.filename;
}
else if (filename)
{
dirprefix = strrchr (filename, '/');
if (dirprefix)
dirprefix++;
else
dirprefix = filename;
}
if (!dirprefix || !*dirprefix)
dirprefix = "GPGARCH";
dirname = create_directory (dirprefix);
if (!dirname)
{
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
}
if (opt.verbose)
log_info ("extracting to '%s/'\n", dirname);
if (decrypt)
{
strlist_t arg;
ccparray_t ccp;
const char **argv;
ccparray_init (&ccp, 0);
if (opt.batch)
ccparray_put (&ccp, "--batch");
if (opt.require_compliance)
ccparray_put (&ccp, "--require-compliance");
if (opt.status_fd != -1)
{
static char tmpbuf[40];
snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
ccparray_put (&ccp, tmpbuf);
}
if (opt.with_log)
{
ccparray_put (&ccp, "--log-file");
logfilename = xstrconcat (dirname, ".log", NULL);
ccparray_put (&ccp, logfilename);
}
ccparray_put (&ccp, "--output");
ccparray_put (&ccp, "-");
ccparray_put (&ccp, "--decrypt");
for (arg = opt.gpg_arguments; arg; arg = arg->next)
ccparray_put (&ccp, arg->d);
if (filename)
{
ccparray_put (&ccp, "--");
ccparray_put (&ccp, filename);
}
ccparray_put (&ccp, NULL);
argv = ccparray_get (&ccp, NULL);
if (!argv)
{
err = gpg_error_from_syserror ();
goto leave;
}
- err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
+ err = gnupg_spawn_process (opt.gpg_program, argv, NULL,
((filename? 0 : GNUPG_SPAWN_KEEP_STDIN)
| GNUPG_SPAWN_KEEP_STDERR),
NULL, &stream, NULL, &pid);
xfree (argv);
if (err)
goto leave;
es_set_binary (stream);
}
else if (filename)
{
if (!strcmp (filename, "-"))
stream = es_stdin;
else
stream = es_fopen (filename, "rb,sysopen");
if (!stream)
{
err = gpg_error_from_syserror ();
log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
return err;
}
if (stream == es_stdin)
es_set_binary (es_stdin);
}
else
{
stream = es_stdin;
es_set_binary (es_stdin);
}
for (;;)
{
err = gpgtar_read_header (stream, tarinfo, &header, &extheader);
if (err || header == NULL)
goto leave;
err = extract (stream, dirname, tarinfo, header, extheader);
if (err)
goto leave;
free_strlist (extheader);
extheader = NULL;
xfree (header);
header = NULL;
}
if (pid != (pid_t)(-1))
{
int exitcode;
err = es_fclose (stream);
stream = NULL;
if (err)
log_error ("error closing pipe: %s\n", gpg_strerror (err));
else
{
err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
if (err)
log_error ("running %s failed (exitcode=%d): %s",
opt.gpg_program, exitcode, gpg_strerror (err));
gnupg_release_process (pid);
pid = (pid_t)(-1);
}
}
leave:
free_strlist (extheader);
xfree (header);
xfree (dirname);
xfree (logfilename);
if (stream != es_stdin)
es_fclose (stream);
return err;
}
diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c
index 08ab9672e..a536b05f2 100644
--- a/tools/gpgtar-list.c
+++ b/tools/gpgtar-list.c
@@ -1,590 +1,590 @@
/* gpgtar-list.c - List a TAR archive
* Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
* Copyright (C) 2010, 2012, 2013 Werner Koch
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include
#include
#include
#include
#include
#include "../common/i18n.h"
#include
#include "gpgtar.h"
#include "../common/exechelp.h"
#include "../common/sysutils.h"
#include "../common/ccparray.h"
static unsigned long long
parse_xoctal (const void *data, size_t length, const char *filename)
{
const unsigned char *p = data;
unsigned long long value;
if (!length)
value = 0;
else if ( (*p & 0x80))
{
/* Binary format. */
value = (*p++ & 0x7f);
while (--length)
{
value <<= 8;
value |= *p++;
}
}
else
{
/* Octal format */
value = 0;
/* Skip leading spaces and zeroes. */
for (; length && (*p == ' ' || *p == '0'); length--, p++)
;
for (; length && *p; length--, p++)
{
if (*p >= '0' && *p <= '7')
{
value <<= 3;
value += (*p - '0');
}
else
{
log_error ("%s: invalid octal number encountered - assuming 0\n",
filename);
value = 0;
break;
}
}
}
return value;
}
static tar_header_t
parse_header (const void *record, const char *filename, tarinfo_t info)
{
const struct ustar_raw_header *raw = record;
size_t n, namelen, prefixlen;
tar_header_t header;
int use_prefix;
int anyerror = 0;
info->headerblock = info->nblocks - 1;
use_prefix = (!memcmp (raw->magic, "ustar", 5)
&& (raw->magic[5] == ' ' || !raw->magic[5]));
for (namelen=0; namelen < sizeof raw->name && raw->name[namelen]; namelen++)
;
if (namelen == sizeof raw->name)
{
log_info ("%s: warning: name not terminated by a nul\n", filename);
anyerror = 1;
}
for (n=namelen+1; n < sizeof raw->name; n++)
if (raw->name[n])
{
log_info ("%s: warning: garbage after name\n", filename);
anyerror = 1;
break;
}
if (use_prefix && raw->prefix[0])
{
for (prefixlen=0; (prefixlen < sizeof raw->prefix
&& raw->prefix[prefixlen]); prefixlen++)
;
if (prefixlen == sizeof raw->prefix)
log_info ("%s: warning: prefix not terminated by a nul (block %llu)\n",
filename, info->headerblock);
for (n=prefixlen+1; n < sizeof raw->prefix; n++)
if (raw->prefix[n])
{
log_info ("%s: warning: garbage after prefix\n", filename);
anyerror = 1;
break;
}
}
else
prefixlen = 0;
header = xtrycalloc (1, sizeof *header + prefixlen + 1 + namelen);
if (!header)
{
log_error ("%s: error allocating header: %s\n",
filename, gpg_strerror (gpg_error_from_syserror ()));
return NULL;
}
if (prefixlen)
{
n = prefixlen;
memcpy (header->name, raw->prefix, n);
if (raw->prefix[n-1] != '/')
header->name[n++] = '/';
}
else
n = 0;
memcpy (header->name+n, raw->name, namelen);
header->name[n+namelen] = 0;
header->mode = parse_xoctal (raw->mode, sizeof raw->mode, filename);
header->uid = parse_xoctal (raw->uid, sizeof raw->uid, filename);
header->gid = parse_xoctal (raw->gid, sizeof raw->gid, filename);
header->size = parse_xoctal (raw->size, sizeof raw->size, filename);
header->mtime = parse_xoctal (raw->mtime, sizeof raw->mtime, filename);
/* checksum = */
switch (raw->typeflag[0])
{
case '0': header->typeflag = TF_REGULAR; break;
case '1': header->typeflag = TF_HARDLINK; break;
case '2': header->typeflag = TF_SYMLINK; break;
case '3': header->typeflag = TF_CHARDEV; break;
case '4': header->typeflag = TF_BLOCKDEV; break;
case '5': header->typeflag = TF_DIRECTORY; break;
case '6': header->typeflag = TF_FIFO; break;
case '7': header->typeflag = TF_RESERVED; break;
case 'g': header->typeflag = TF_GEXTHDR; break;
case 'x': header->typeflag = TF_EXTHDR; break;
default: header->typeflag = TF_UNKNOWN; break;
}
/* Compute the number of data records following this header. */
if (header->typeflag == TF_REGULAR
|| header->typeflag == TF_EXTHDR
|| header->typeflag == TF_UNKNOWN)
header->nrecords = (header->size + RECORDSIZE-1)/RECORDSIZE;
else
header->nrecords = 0;
if (anyerror)
{
log_info ("%s: header block %llu is corrupt"
" (size=%llu type=%d nrec=%llu)\n",
filename, info->headerblock,
header->size, header->typeflag, header->nrecords);
/* log_printhex (record, RECORDSIZE, " "); */
}
return header;
}
/* Parse the extended header. This funcion may modify BUFFER. */
static gpg_error_t
parse_extended_header (const char *fname,
char *buffer, size_t buflen, strlist_t *r_exthdr)
{
unsigned int reclen;
unsigned char *p, *record;
strlist_t sl;
while (buflen)
{
record = buffer; /* Remember begin of record. */
reclen = 0;
for (p = buffer; buflen && digitp (p); buflen--, p++)
{
reclen *= 10;
reclen += (*p - '0');
}
if (!buflen || *p != ' ')
{
log_error ("%s: malformed record length in extended header\n", fname);
return gpg_error (GPG_ERR_INV_RECORD);
}
p++; /* Skip space. */
buflen--;
if (buflen + (p-record) < reclen)
{
log_error ("%s: extended header record larger"
" than total extended header data\n", fname);
return gpg_error (GPG_ERR_INV_RECORD);
}
if (reclen < (p-record)+2 || record[reclen-1] != '\n')
{
log_error ("%s: malformed extended header record\n", fname);
return gpg_error (GPG_ERR_INV_RECORD);
}
record[reclen-1] = 0; /* For convenience change LF to a Nul. */
reclen -= (p-record);
/* P points to the begin of the keyword and RECLEN is the
* remaining length of the record excluding the LF. */
if (memchr (p, 0, reclen-1)
&& (!strncmp (p, "path=", 5) || !strncmp (p, "linkpath=", 9)))
{
log_error ("%s: extended header record has an embedded nul"
" - ignoring\n", fname);
}
else if (!strncmp (p, "path=", 5))
{
sl = add_to_strlist_try (r_exthdr, p+5);
if (!sl)
return gpg_error_from_syserror ();
sl->flags = 1; /* Mark as path */
}
else if (!strncmp (p, "linkpath=", 9))
{
sl = add_to_strlist_try (r_exthdr, p+9);
if (!sl)
return gpg_error_from_syserror ();
sl->flags = 2; /* Mark as linkpath */
}
buffer = p + reclen;
buflen -= reclen;
}
return 0;
}
/* Read the next block, assuming it is a tar header. Returns a header
* object on success in R_HEADER, or an error. If the stream is
* consumed (i.e. end-of-archive), R_HEADER is set to NULL. In case
* of an error an error message is printed. If the header is an
* extended header, a string list is allocated and stored at
* R_EXTHEADER; the caller should provide a pointer to NULL. Such an
* extended header is fully processed here and the returned R_HEADER
* has then the next regular header. */
static gpg_error_t
read_header (estream_t stream, tarinfo_t info,
tar_header_t *r_header, strlist_t *r_extheader)
{
gpg_error_t err;
char record[RECORDSIZE];
int i;
tar_header_t hdr;
char *buffer;
size_t buflen, nrec;
err = read_record (stream, record);
if (err)
return err;
info->nblocks++;
for (i=0; i < RECORDSIZE && !record[i]; i++)
;
if (i == RECORDSIZE)
{
/* All zero header - check whether it is the first part of an
end of archive mark. */
err = read_record (stream, record);
if (err)
return err;
info->nblocks++;
for (i=0; i < RECORDSIZE && !record[i]; i++)
;
if (i != RECORDSIZE)
log_info ("%s: warning: skipping empty header\n",
es_fname_get (stream));
else
{
/* End of archive - FIXME: we might want to check for garbage. */
*r_header = NULL;
return 0;
}
}
*r_header = parse_header (record, es_fname_get (stream), info);
if (!*r_header)
return gpg_error_from_syserror ();
hdr = *r_header;
if (hdr->typeflag != TF_EXTHDR || !r_extheader)
return 0;
/* Read the extended header. */
if (!hdr->nrecords)
{
/* More than 64k for an extedned header is surely too large. */
log_info ("%s: warning: empty extended header\n",
es_fname_get (stream));
return 0;
}
if (hdr->nrecords > 65536 / RECORDSIZE)
{
/* More than 64k for an extedned header is surely too large. */
log_error ("%s: extended header too large - skipping\n",
es_fname_get (stream));
return 0;
}
buffer = xtrymalloc (hdr->nrecords * RECORDSIZE);
if (!buffer)
{
err = gpg_error_from_syserror ();
log_error ("%s: error allocating space for extended header: %s\n",
es_fname_get (stream), gpg_strerror (err));
return err;
}
buflen = 0;
for (nrec=0; nrec < hdr->nrecords;)
{
err = read_record (stream, buffer + buflen);
if (err)
{
xfree (buffer);
return err;
}
info->nblocks++;
nrec++;
if (nrec < hdr->nrecords || (hdr->size && !(hdr->size % RECORDSIZE)))
buflen += RECORDSIZE;
else
buflen += (hdr->size % RECORDSIZE);
}
err = parse_extended_header (es_fname_get (stream),
buffer, buflen, r_extheader);
if (err)
{
free_strlist (*r_extheader);
*r_extheader = NULL;
}
xfree (buffer);
/* Now tha the extedned header has been read, we read the next
* header without allowing an extended header. */
return read_header (stream, info, r_header, NULL);
}
/* Skip the data records according to HEADER. Prints an error message
on error and return -1. */
static int
skip_data (estream_t stream, tarinfo_t info, tar_header_t header)
{
char record[RECORDSIZE];
unsigned long long n;
for (n=0; n < header->nrecords; n++)
{
if (read_record (stream, record))
return -1;
info->nblocks++;
}
return 0;
}
static void
print_header (tar_header_t header, strlist_t extheader, estream_t out)
{
unsigned long mask;
char modestr[10+1];
int i;
strlist_t sl;
const char *name, *linkname;
*modestr = '?';
switch (header->typeflag)
{
case TF_REGULAR: *modestr = '-'; break;
case TF_HARDLINK: *modestr = 'h'; break;
case TF_SYMLINK: *modestr = 'l'; break;
case TF_CHARDEV: *modestr = 'c'; break;
case TF_BLOCKDEV: *modestr = 'b'; break;
case TF_DIRECTORY:*modestr = 'd'; break;
case TF_FIFO: *modestr = 'f'; break;
case TF_RESERVED: *modestr = '='; break;
case TF_EXTHDR: break;
case TF_GEXTHDR: break;
case TF_UNKNOWN: break;
case TF_NOTSUP: break;
}
for (mask = 0400, i = 0; i < 9; i++, mask >>= 1)
modestr[1+i] = (header->mode & mask)? "rwxrwxrwx"[i]:'-';
if ((header->typeflag & 04000))
modestr[3] = modestr[3] == 'x'? 's':'S';
if ((header->typeflag & 02000))
modestr[6] = modestr[6] == 'x'? 's':'S';
if ((header->typeflag & 01000))
modestr[9] = modestr[9] == 'x'? 't':'T';
modestr[10] = 0;
/* FIXME: We do not parse the linkname unless its part of an
* extended header. */
name = header->name;
linkname = header->typeflag == TF_SYMLINK? "?" : NULL;
for (sl = extheader; sl; sl = sl->next)
{
if (sl->flags == 1)
name = sl->d;
else if (sl->flags == 2)
linkname = sl->d;
}
es_fprintf (out, "%s %lu %lu/%lu %12llu %s %s%s%s\n",
modestr, header->nlink, header->uid, header->gid, header->size,
isotimestamp (header->mtime),
name,
linkname? " -> " : "",
linkname? linkname : "");
}
/* List the tarball FILENAME or, if FILENAME is NULL, the tarball read
from stdin. */
gpg_error_t
gpgtar_list (const char *filename, int decrypt)
{
gpg_error_t err;
estream_t stream = NULL;
tar_header_t header = NULL;
strlist_t extheader = NULL;
struct tarinfo_s tarinfo_buffer;
tarinfo_t tarinfo = &tarinfo_buffer;
pid_t pid = (pid_t)(-1);
memset (&tarinfo_buffer, 0, sizeof tarinfo_buffer);
if (decrypt)
{
strlist_t arg;
ccparray_t ccp;
const char **argv;
ccparray_init (&ccp, 0);
if (opt.batch)
ccparray_put (&ccp, "--batch");
if (opt.require_compliance)
ccparray_put (&ccp, "--require-compliance");
if (opt.status_fd != -1)
{
static char tmpbuf[40];
snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
ccparray_put (&ccp, tmpbuf);
}
ccparray_put (&ccp, "--output");
ccparray_put (&ccp, "-");
ccparray_put (&ccp, "--decrypt");
for (arg = opt.gpg_arguments; arg; arg = arg->next)
ccparray_put (&ccp, arg->d);
if (filename)
{
ccparray_put (&ccp, "--");
ccparray_put (&ccp, filename);
}
ccparray_put (&ccp, NULL);
argv = ccparray_get (&ccp, NULL);
if (!argv)
{
err = gpg_error_from_syserror ();
goto leave;
}
- err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
+ err = gnupg_spawn_process (opt.gpg_program, argv, NULL,
((filename? 0 : GNUPG_SPAWN_KEEP_STDIN)
| GNUPG_SPAWN_KEEP_STDERR),
NULL, &stream, NULL, &pid);
xfree (argv);
if (err)
goto leave;
es_set_binary (stream);
}
else if (filename) /* No decryption requested. */
{
if (!strcmp (filename, "-"))
stream = es_stdin;
else
stream = es_fopen (filename, "rb,sysopen");
if (!stream)
{
err = gpg_error_from_syserror ();
log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
goto leave;
}
if (stream == es_stdin)
es_set_binary (es_stdin);
}
else
{
stream = es_stdin;
es_set_binary (es_stdin);
}
for (;;)
{
err = read_header (stream, tarinfo, &header, &extheader);
if (err || header == NULL)
goto leave;
print_header (header, extheader, es_stdout);
if (skip_data (stream, tarinfo, header))
goto leave;
free_strlist (extheader);
extheader = NULL;
xfree (header);
header = NULL;
}
if (pid != (pid_t)(-1))
{
int exitcode;
err = es_fclose (stream);
stream = NULL;
if (err)
log_error ("error closing pipe: %s\n", gpg_strerror (err));
else
{
err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
if (err)
log_error ("running %s failed (exitcode=%d): %s",
opt.gpg_program, exitcode, gpg_strerror (err));
gnupg_release_process (pid);
pid = (pid_t)(-1);
}
}
leave:
free_strlist (extheader);
xfree (header);
if (stream != es_stdin)
es_fclose (stream);
return err;
}
gpg_error_t
gpgtar_read_header (estream_t stream, tarinfo_t info,
tar_header_t *r_header, strlist_t *r_extheader)
{
return read_header (stream, info, r_header, r_extheader);
}
void
gpgtar_print_header (tar_header_t header, strlist_t extheader, estream_t out)
{
if (header && out)
print_header (header, extheader, out);
}