search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rename encode.c to encrypt.c.
[gnupg.git] / agent / gpg-agent.c
blob4493c7abd58fcca969fe8326f5fa29c4957254d7
1 /* gpg-agent.c - The GnuPG Agent
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006, 2007, 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <stddef.h>
26 #include <stdarg.h>
27 #include <string.h>
28 #include <errno.h>
29 #include <assert.h>
30 #include <time.h>
31 #include <fcntl.h>
32 #include <sys/stat.h>
33 #ifndef HAVE_W32_SYSTEM
34 # include <sys/socket.h>
35 # include <sys/un.h>
36 #endif /*!HAVE_W32_SYSTEM*/
37 #include <unistd.h>
38 #include <signal.h>
39 #include <pth.h>
40
41 #define JNLIB_NEED_LOG_LOGV
42 #define JNLIB_NEED_AFLOCAL
43 #include "agent.h"
44 #include <assuan.h> /* Malloc hooks and socket wrappers. */
45
46 #include "i18n.h"
47 #include "mkdtemp.h" /* Gnulib replacement. */
48 #include "sysutils.h"
49 #include "setenv.h"
50 #include "gc-opt-flags.h"
51 #include "exechelp.h"
52
53
54 enum cmd_and_opt_values
55 { aNull = 0,
56 oCsh = 'c',
57 oQuiet = 'q',
58 oSh = 's',
59 oVerbose = 'v',
60
61 oNoVerbose = 500,
62 aGPGConfList,
63 aGPGConfTest,
64 oOptions,
65 oDebug,
66 oDebugAll,
67 oDebugLevel,
68 oDebugWait,
69 oNoGreeting,
70 oNoOptions,
71 oHomedir,
72 oNoDetach,
73 oNoGrab,
74 oLogFile,
75 oServer,
76 oDaemon,
77 oBatch,
78
79 oPinentryProgram,
80 oPinentryTouchFile,
81 oDisplay,
82 oTTYname,
83 oTTYtype,
84 oLCctype,
85 oLCmessages,
86 oXauthority,
87 oScdaemonProgram,
88 oDefCacheTTL,
89 oDefCacheTTLSSH,
90 oMaxCacheTTL,
91 oMaxCacheTTLSSH,
92 oEnforcePassphraseConstraints,
93 oMinPassphraseLen,
94 oMinPassphraseNonalpha,
95 oCheckPassphrasePattern,
96 oMaxPassphraseDays,
97 oEnablePassphraseHistory,
98 oUseStandardSocket,
99 oNoUseStandardSocket,
100 oFakedSystemTime,
101
102 oIgnoreCacheForSigning,
103 oAllowMarkTrusted,
104 oAllowPresetPassphrase,
105 oKeepTTY,
106 oKeepDISPLAY,
107 oSSHSupport,
108 oDisableScdaemon,
109 oWriteEnvFile
110 };
111
112
113
114 static ARGPARSE_OPTS opts[] = {
115
116 { aGPGConfList, "gpgconf-list", 256, "@" },
117 { aGPGConfTest, "gpgconf-test", 256, "@" },
118
119 { 301, NULL, 0, N_("@Options:\n ") },
120
121 { oServer, "server", 0, N_("run in server mode (foreground)") },
122 { oDaemon, "daemon", 0, N_("run in daemon mode (background)") },
123 { oVerbose, "verbose", 0, N_("verbose") },
124 { oQuiet, "quiet", 0, N_("be somewhat more quiet") },
125 { oSh, "sh", 0, N_("sh-style command output") },
126 { oCsh, "csh", 0, N_("csh-style command output") },
127 { oOptions, "options" , 2, N_("|FILE|read options from FILE")},
128 { oDebug, "debug" ,4|16, "@"},
129 { oDebugAll, "debug-all" ,0, "@"},
130 { oDebugLevel, "debug-level" ,2, "@"},
131 { oDebugWait,"debug-wait",1, "@"},
132 { oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
133 { oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")},
134 { oLogFile, "log-file" ,2, N_("use a log file for the server")},
135 { oUseStandardSocket, "use-standard-socket", 0,
136 N_("use a standard location for the socket")},
137 { oNoUseStandardSocket, "no-use-standard-socket", 0, "@"},
138 { oPinentryProgram, "pinentry-program", 2 ,
139 N_("|PGM|use PGM as the PIN-Entry program") },
140 { oPinentryTouchFile, "pinentry-touch-file", 2 , "@" },
141 { oScdaemonProgram, "scdaemon-program", 2 ,
142 N_("|PGM|use PGM as the SCdaemon program") },
143 { oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") },
144 { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */
145
146 { oBatch, "batch", 0, "@" },
147 { oHomedir, "homedir", 2, "@"},
148
149 { oDisplay, "display", 2, "@" },
150 { oTTYname, "ttyname", 2, "@" },
151 { oTTYtype, "ttytype", 2, "@" },
152 { oLCctype, "lc-ctype", 2, "@" },
153 { oLCmessages, "lc-messages", 2, "@" },
154 { oXauthority, "xauthority", 2, "@" },
155 { oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")},
156 { oKeepDISPLAY, "keep-display",
157 0, N_("ignore requests to change the X display")},
158
159 { oDefCacheTTL, "default-cache-ttl", 4,
160 N_("|N|expire cached PINs after N seconds")},
161 { oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" },
162 { oMaxCacheTTL, "max-cache-ttl", 4, "@" },
163 { oMaxCacheTTLSSH, "max-cache-ttl-ssh", 4, "@" },
164
165 { oEnforcePassphraseConstraints, "enforce-passphrase-constraints", 0, "@"},
166 { oMinPassphraseLen, "min-passphrase-len", 4, "@" },
167 { oMinPassphraseNonalpha, "min-passphrase-nonalpha", 4, "@" },
168 { oCheckPassphrasePattern, "check-passphrase-pattern", 2, "@" },
169 { oMaxPassphraseDays, "max-passphrase-days", 4, "@" },
170 { oEnablePassphraseHistory, "enable-passphrase-history", 0, "@" },
171
172 { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
173 N_("do not use the PIN cache when signing")},
174 { oAllowMarkTrusted, "allow-mark-trusted", 0,
175 N_("allow clients to mark keys as \"trusted\"")},
176 { oAllowPresetPassphrase, "allow-preset-passphrase", 0,
177 N_("allow presetting passphrase")},
178 { oSSHSupport, "enable-ssh-support", 0, N_("enable ssh-agent emulation") },
179 { oWriteEnvFile, "write-env-file", 2|8,
180 N_("|FILE|write environment settings also to FILE")},
181 {0}
182 };
183
184
185 #define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */
186 #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */
187 #define MAX_CACHE_TTL (120*60) /* 2 hours */
188 #define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */
189 #define MIN_PASSPHRASE_LEN (8)
190 #define MIN_PASSPHRASE_NONALPHA (1)
191 #define MAX_PASSPHRASE_DAYS (0)
192
193 /* The timer tick used for housekeeping stuff. For Windows we use a
194 longer period as the SetWaitableTimer seems to signal earlier than
195 the 2 seconds. */
196 #ifdef HAVE_W32_SYSTEM
197 #define TIMERTICK_INTERVAL (4)
198 #else
199 #define TIMERTICK_INTERVAL (2) /* Seconds. */
200 #endif
201
202
203 /* The list of open file descriptors at startup. Note that this list
204 has been allocated using the standard malloc. */
205 static int *startup_fd_list;
206
207 /* The signal mask at startup and a flag telling whether it is valid. */
208 #ifdef HAVE_SIGPROCMASK
209 static sigset_t startup_signal_mask;
210 static int startup_signal_mask_valid;
211 #endif
212
213 /* Flag to indicate that a shutdown was requested. */
214 static int shutdown_pending;
215
216 /* Counter for the currently running own socket checks. */
217 static int check_own_socket_running;
218
219 /* True if we are listening on the standard socket. */
220 static int use_standard_socket;
221
222 /* It is possible that we are currently running under setuid permissions */
223 static int maybe_setuid = 1;
224
225 /* Name of the communication socket used for native gpg-agent requests. */
226 static char *socket_name;
227
228 /* Name of the communication socket used for ssh-agent-emulation. */
229 static char *socket_name_ssh;
230
231 /* We need to keep track of the server's nonces (these are dummies for
232 POSIX systems). */
233 static assuan_sock_nonce_t socket_nonce;
234 static assuan_sock_nonce_t socket_nonce_ssh;
235
236
237 /* Default values for options passed to the pinentry. */
238 static char *default_display;
239 static char *default_ttyname;
240 static char *default_ttytype;
241 static char *default_lc_ctype;
242 static char *default_lc_messages;
243 static char *default_xauthority;
244
245 /* Name of a config file, which will be reread on a HUP if it is not NULL. */
246 static char *config_filename;
247
248 /* Helper to implement --debug-level */
249 static const char *debug_level;
250
251 /* Keep track of the current log file so that we can avoid updating
252 the log file after a SIGHUP if it didn't changed. Malloced. */
253 static char *current_logfile;
254
255 /* The handle_tick() function may test whether a parent is still
256 running. We record the PID of the parent here or -1 if it should be
257 watched. */
258 static pid_t parent_pid = (pid_t)(-1);
259
260 \f
261 /*
262 Local prototypes.
263 */
264
265 static char *create_socket_name (char *standard_name, char *template);
266 static gnupg_fd_t create_server_socket (char *name, int is_ssh,
267 assuan_sock_nonce_t *nonce);
268 static void create_directories (void);
269
270 static void agent_init_default_ctrl (ctrl_t ctrl);
271 static void agent_deinit_default_ctrl (ctrl_t ctrl);
272
273 static void handle_connections (gnupg_fd_t listen_fd,
274 gnupg_fd_t listen_fd_ssh);
275 static void check_own_socket (void);
276 static int check_for_running_agent (int silent, int mode);
277
278 /* Pth wrapper function definitions. */
279 GCRY_THREAD_OPTION_PTH_IMPL;
280 static int fixed_gcry_pth_init (void)
281 {
282 return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
283 }
284
285
286 #ifndef PTH_HAVE_PTH_THREAD_ID
287 static unsigned long pth_thread_id (void)
288 {
289 return (unsigned long)pth_self ();
290 }
291 #endif
292
293
294 \f
295 /*
296 Functions.
297 */
298
299 static char *
300 make_libversion (const char *libname, const char *(*getfnc)(const char*))
301 {
302 const char *s;
303 char *result;
304
305 if (maybe_setuid)
306 {
307 gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
308 maybe_setuid = 0;
309 }
310 s = getfnc (NULL);
311 result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
312 strcpy (stpcpy (stpcpy (result, libname), " "), s);
313 return result;
314 }
315
316
317 static const char *
318 my_strusage (int level)
319 {
320 static char *ver_gcry;
321 const char *p;
322
323 switch (level)
324 {
325 case 11: p = "gpg-agent (GnuPG)";
326 break;
327 case 13: p = VERSION; break;
328 case 17: p = PRINTABLE_OS_NAME; break;
329 /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
330 reporting address. This is so that we can change the
331 reporting address without breaking the translations. */
332 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
333
334 case 20:
335 if (!ver_gcry)
336 ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
337 p = ver_gcry;
338 break;
339
340 case 1:
341 case 40: p = _("Usage: gpg-agent [options] (-h for help)");
342 break;
343 case 41: p = _("Syntax: gpg-agent [options] [command [args]]\n"
344 "Secret key management for GnuPG\n");
345 break;
346
347 default: p = NULL;
348 }
349 return p;
350 }
351
352
353
354 /* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
355 only the active debug flags are propagated to the subsystems. With
356 DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
357 all flags already set. Note that we don't fail here, because it is
358 important to keep gpg-agent running even after re-reading the
359 options due to a SIGHUP. */
360 static void
361 set_debug (void)
362 {
363 if (!debug_level)
364 ;
365 else if (!strcmp (debug_level, "none"))
366 opt.debug = 0;
367 else if (!strcmp (debug_level, "basic"))
368 opt.debug = DBG_ASSUAN_VALUE;
369 else if (!strcmp (debug_level, "advanced"))
370 opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE;
371 else if (!strcmp (debug_level, "expert"))
372 opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE
373 |DBG_CACHE_VALUE);
374 else if (!strcmp (debug_level, "guru"))
375 opt.debug = ~0;
376 else
377 {
378 log_error (_("invalid debug-level `%s' given\n"), debug_level);
379 opt.debug = 0; /* Reset debugging, so that prior debug
380 statements won't have an undesired effect. */
381 }
382
383 if (opt.debug && !opt.verbose)
384 opt.verbose = 1;
385 if (opt.debug && opt.quiet)
386 opt.quiet = 0;
387
388 if (opt.debug & DBG_MPI_VALUE)
389 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
390 if (opt.debug & DBG_CRYPTO_VALUE )
391 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
392 gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
393 }
394
395
396 /* Helper for cleanup to remove one socket with NAME. */
397 static void
398 remove_socket (char *name)
399 {
400 if (name && *name)
401 {
402 char *p;
403
404 remove (name);
405 p = strrchr (name, '/');
406 if (p)
407 {
408 *p = 0;
409 rmdir (name);
410 *p = '/';
411 }
412 *name = 0;
413 }
414 }
415
416 static void
417 cleanup (void)
418 {
419 remove_socket (socket_name);
420 remove_socket (socket_name_ssh);
421 }
422
423
424
425 /* Handle options which are allowed to be reset after program start.
426 Return true when the current option in PARGS could be handled and
427 false if not. As a special feature, passing a value of NULL for
428 PARGS, resets the options to the default. REREAD should be set
429 true if it is not the initial option parsing. */
430 static int
431 parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
432 {
433 if (!pargs)
434 { /* reset mode */
435 opt.quiet = 0;
436 opt.verbose = 0;
437 opt.debug = 0;
438 opt.no_grab = 0;
439 opt.pinentry_program = NULL;
440 opt.pinentry_touch_file = NULL;
441 opt.scdaemon_program = NULL;
442 opt.def_cache_ttl = DEFAULT_CACHE_TTL;
443 opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH;
444 opt.max_cache_ttl = MAX_CACHE_TTL;
445 opt.max_cache_ttl_ssh = MAX_CACHE_TTL_SSH;
446 opt.enforce_passphrase_constraints = 0;
447 opt.min_passphrase_len = MIN_PASSPHRASE_LEN;
448 opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
449 opt.check_passphrase_pattern = NULL;
450 opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
451 opt.enable_passhrase_history = 0;
452 opt.ignore_cache_for_signing = 0;
453 opt.allow_mark_trusted = 0;
454 opt.disable_scdaemon = 0;
455 return 1;
456 }
457
458 switch (pargs->r_opt)
459 {
460 case oQuiet: opt.quiet = 1; break;
461 case oVerbose: opt.verbose++; break;
462
463 case oDebug: opt.debug |= pargs->r.ret_ulong; break;
464 case oDebugAll: opt.debug = ~0; break;
465 case oDebugLevel: debug_level = pargs->r.ret_str; break;
466
467 case oLogFile:
468 if (!reread)
469 return 0; /* not handeld */
470 if (!current_logfile || !pargs->r.ret_str
471 || strcmp (current_logfile, pargs->r.ret_str))
472 {
473 log_set_file (pargs->r.ret_str);
474 xfree (current_logfile);
475 current_logfile = xtrystrdup (pargs->r.ret_str);
476 }
477 break;
478
479 case oNoGrab: opt.no_grab = 1; break;
480
481 case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
482 case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
483 case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
484 case oDisableScdaemon: opt.disable_scdaemon = 1; break;
485
486 case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
487 case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
488 case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
489 case oMaxCacheTTLSSH: opt.max_cache_ttl_ssh = pargs->r.ret_ulong; break;
490
491 case oEnforcePassphraseConstraints:
492 opt.enforce_passphrase_constraints=1;
493 break;
494 case oMinPassphraseLen: opt.min_passphrase_len = pargs->r.ret_ulong; break;
495 case oMinPassphraseNonalpha:
496 opt.min_passphrase_nonalpha = pargs->r.ret_ulong;
497 break;
498 case oCheckPassphrasePattern:
499 opt.check_passphrase_pattern = pargs->r.ret_str;
500 break;
501 case oMaxPassphraseDays:
502 opt.max_passphrase_days = pargs->r.ret_ulong;
503 break;
504 case oEnablePassphraseHistory:
505 opt.enable_passhrase_history = 1;
506 break;
507
508 case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
509
510 case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
511
512 case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
513
514 default:
515 return 0; /* not handled */
516 }
517
518 return 1; /* handled */
519 }
520
521
522 /* The main entry point. */
523 int
524 main (int argc, char **argv )
525 {
526 ARGPARSE_ARGS pargs;
527 int orig_argc;
528 int may_coredump;
529 char **orig_argv;
530 FILE *configfp = NULL;
531 char *configname = NULL;
532 const char *shell;
533 unsigned configlineno;
534 int parse_debug = 0;
535 int default_config =1;
536 int greeting = 0;
537 int nogreeting = 0;
538 int pipe_server = 0;
539 int is_daemon = 0;
540 int nodetach = 0;
541 int csh_style = 0;
542 char *logfile = NULL;
543 int debug_wait = 0;
544 int gpgconf_list = 0;
545 gpg_error_t err;
546 const char *env_file_name = NULL;
547 struct assuan_malloc_hooks malloc_hooks;
548
549 /* Before we do anything else we save the list of currently open
550 file descriptors and the signal mask. This info is required to
551 do the exec call properly. */
552 startup_fd_list = get_all_open_fds ();
553 #ifdef HAVE_SIGPROCMASK
554 if (!sigprocmask (SIG_UNBLOCK, NULL, &startup_signal_mask))
555 startup_signal_mask_valid = 1;
556 #endif /*HAVE_SIGPROCMASK*/
557
558 /* Set program name etc. */
559 set_strusage (my_strusage);
560 gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
561 /* Please note that we may running SUID(ROOT), so be very CAREFUL
562 when adding any stuff between here and the call to INIT_SECMEM()
563 somewhere after the option parsing */
564 log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID);
565
566 /* Make sure that our subsystems are ready. */
567 i18n_init ();
568 init_common_subsystems ();
569
570
571 /* Libgcrypt requires us to register the threading model first.
572 Note that this will also do the pth_init. */
573 gcry_threads_pth.init = fixed_gcry_pth_init;
574 err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
575 if (err)
576 {
577 log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
578 gpg_strerror (err));
579 }
580
581
582 /* Check that the libraries are suitable. Do it here because
583 the option parsing may need services of the library. */
584 if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
585 {
586 log_fatal( _("%s is too old (need %s, have %s)\n"), "libgcrypt",
587 NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
588 }
589
590 malloc_hooks.malloc = gcry_malloc;
591 malloc_hooks.realloc = gcry_realloc;
592 malloc_hooks.free = gcry_free;
593 assuan_set_malloc_hooks (&malloc_hooks);
594 assuan_set_assuan_log_prefix (log_get_prefix (NULL));
595 assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
596
597 setup_libgcrypt_logging ();
598 gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
599
600 may_coredump = disable_core_dumps ();
601
602 /* Set default options. */
603 parse_rereadable_options (NULL, 0); /* Reset them to default values. */
604 #ifdef HAVE_W32_SYSTEM
605 use_standard_socket = 1; /* Under Windows we always use a standard
606 socket. */
607 #endif
608
609 shell = getenv ("SHELL");
610 if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
611 csh_style = 1;
612
613 opt.homedir = default_homedir ();
614
615 /* Record some of the original environment strings. */
616 {
617 const char *s;
618 int idx;
619 static const char *names[] =
620 { "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL };
621
622 err = 0;
623 opt.startup_env = session_env_new ();
624 if (!opt.startup_env)
625 err = gpg_error_from_syserror ();
626 for (idx=0; !err && names[idx]; idx++)
627 {
628 s = getenv (names[idx]);
629 if (s)
630 err = session_env_setenv (opt.startup_env, names[idx], s);
631 }
632 if (!err)
633 {
634 s = ttyname (0);
635 if (s)
636 err = session_env_setenv (opt.startup_env, "GPG_TTY", s);
637 }
638 if (err)
639 log_fatal ("error recording startup environment: %s\n",
640 gpg_strerror (err));
641
642 /* Fixme: Better use the locale function here. */
643 opt.startup_lc_ctype = getenv ("LC_CTYPE");
644 if (opt.startup_lc_ctype)
645 opt.startup_lc_ctype = xstrdup (opt.startup_lc_ctype);
646 opt.startup_lc_messages = getenv ("LC_MESSAGES");
647 if (opt.startup_lc_messages)
648 opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
649 }
650
651 /* Check whether we have a config file on the commandline */
652 orig_argc = argc;
653 orig_argv = argv;
654 pargs.argc = &argc;
655 pargs.argv = &argv;
656 pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
657 while (arg_parse( &pargs, opts))
658 {
659 if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
660 parse_debug++;
661 else if (pargs.r_opt == oOptions)
662 { /* yes there is one, so we do not try the default one, but
663 read the option file when it is encountered at the
664 commandline */
665 default_config = 0;
666 }
667 else if (pargs.r_opt == oNoOptions)
668 default_config = 0; /* --no-options */
669 else if (pargs.r_opt == oHomedir)
670 opt.homedir = pargs.r.ret_str;
671 }
672
673 /* Initialize the secure memory. */
674 gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
675 maybe_setuid = 0;
676
677 /*
678 Now we are now working under our real uid
679 */
680
681 if (default_config)
682 configname = make_filename (opt.homedir, "gpg-agent.conf", NULL );
683
684 argc = orig_argc;
685 argv = orig_argv;
686 pargs.argc = &argc;
687 pargs.argv = &argv;
688 pargs.flags= 1; /* do not remove the args */
689 next_pass:
690 if (configname)
691 {
692 configlineno = 0;
693 configfp = fopen (configname, "r");
694 if (!configfp)
695 {
696 if (default_config)
697 {
698 if( parse_debug )
699 log_info (_("NOTE: no default option file `%s'\n"),
700 configname );
701 }
702 else
703 {
704 log_error (_("option file `%s': %s\n"),
705 configname, strerror(errno) );
706 exit(2);
707 }
708 xfree (configname);
709 configname = NULL;
710 }
711 if (parse_debug && configname )
712 log_info (_("reading options from `%s'\n"), configname );
713 default_config = 0;
714 }
715
716 while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
717 {
718 if (parse_rereadable_options (&pargs, 0))
719 continue; /* Already handled */
720 switch (pargs.r_opt)
721 {
722 case aGPGConfList: gpgconf_list = 1; break;
723 case aGPGConfTest: gpgconf_list = 2; break;
724 case oBatch: opt.batch=1; break;
725
726 case oDebugWait: debug_wait = pargs.r.ret_int; break;
727
728 case oOptions:
729 /* config files may not be nested (silently ignore them) */
730 if (!configfp)
731 {
732 xfree(configname);
733 configname = xstrdup(pargs.r.ret_str);
734 goto next_pass;
735 }
736 break;
737 case oNoGreeting: nogreeting = 1; break;
738 case oNoVerbose: opt.verbose = 0; break;
739 case oNoOptions: break; /* no-options */
740 case oHomedir: opt.homedir = pargs.r.ret_str; break;
741 case oNoDetach: nodetach = 1; break;
742 case oLogFile: logfile = pargs.r.ret_str; break;
743 case oCsh: csh_style = 1; break;
744 case oSh: csh_style = 0; break;
745 case oServer: pipe_server = 1; break;
746 case oDaemon: is_daemon = 1; break;
747
748 case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
749 case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
750 case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
751 case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
752 case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
753 case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
754 break;
755
756 case oUseStandardSocket: use_standard_socket = 1; break;
757 case oNoUseStandardSocket: use_standard_socket = 0; break;
758
759 case oFakedSystemTime:
760 {
761 time_t faked_time = isotime2epoch (pargs.r.ret_str);
762 if (faked_time == (time_t)(-1))
763 faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
764 gnupg_set_time (faked_time, 0);
765 }
766 break;
767
768 case oKeepTTY: opt.keep_tty = 1; break;
769 case oKeepDISPLAY: opt.keep_display = 1; break;
770
771 case oSSHSupport: opt.ssh_support = 1; break;
772 case oWriteEnvFile:
773 if (pargs.r_type)
774 env_file_name = pargs.r.ret_str;
775 else
776 env_file_name = make_filename ("~/.gpg-agent-info", NULL);
777 break;
778
779 default : pargs.err = configfp? 1:2; break;
780 }
781 }
782 if (configfp)
783 {
784 fclose( configfp );
785 configfp = NULL;
786 /* Keep a copy of the name so that it can be read on SIGHUP. */
787 config_filename = configname;
788 configname = NULL;
789 goto next_pass;
790 }
791 xfree (configname);
792 configname = NULL;
793 if (log_get_errorcount(0))
794 exit(2);
795 if (nogreeting )
796 greeting = 0;
797
798 if (greeting)
799 {
800 fprintf (stderr, "%s %s; %s\n",
801 strusage(11), strusage(13), strusage(14) );
802 fprintf (stderr, "%s\n", strusage(15) );
803 }
804 #ifdef IS_DEVELOPMENT_VERSION
805 /* We don't want to print it here because gpg-agent is useful of its
806 own and quite matured. */
807 /*log_info ("NOTE: this is a development version!\n");*/
808 #endif
809
810 set_debug ();
811
812 if (atexit (cleanup))
813 {
814 log_error ("atexit failed\n");
815 cleanup ();
816 exit (1);
817 }
818
819 initialize_module_call_pinentry ();
820 initialize_module_call_scd ();
821 initialize_module_trustlist ();
822
823 /* Try to create missing directories. */
824 create_directories ();
825
826 if (debug_wait && pipe_server)
827 {
828 log_debug ("waiting for debugger - my pid is %u .....\n",
829 (unsigned int)getpid());
830 gnupg_sleep (debug_wait);
831 log_debug ("... okay\n");
832 }
833
834 if (gpgconf_list == 2)
835 agent_exit (0);
836 if (gpgconf_list)
837 {
838 char *filename;
839 char *filename_esc;
840
841 /* List options and default values in the GPG Conf format. */
842 filename = make_filename (opt.homedir, "gpg-agent.conf", NULL );
843 filename_esc = percent_escape (filename, NULL);
844
845 printf ("gpgconf-gpg-agent.conf:%lu:\"%s\n",
846 GC_OPT_FLAG_DEFAULT, filename_esc);
847 xfree (filename);
848 xfree (filename_esc);
849
850 printf ("verbose:%lu:\n"
851 "quiet:%lu:\n"
852 "debug-level:%lu:\"none:\n"
853 "log-file:%lu:\n",
854 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
855 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME,
856 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
857 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME );
858 printf ("default-cache-ttl:%lu:%d:\n",
859 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL );
860 printf ("default-cache-ttl-ssh:%lu:%d:\n",
861 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH );
862 printf ("max-cache-ttl:%lu:%d:\n",
863 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL );
864 printf ("max-cache-ttl-ssh:%lu:%d:\n",
865 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH );
866 printf ("enforce-passphrase-constraints:%lu:\n",
867 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
868 printf ("min-passphrase-len:%lu:%d:\n",
869 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN );
870 printf ("min-passphrase-nonalpha:%lu:%d:\n",
871 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
872 MIN_PASSPHRASE_NONALPHA);
873 printf ("check-passphrase-pattern:%lu:\n",
874 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
875 printf ("max-passphrase-days:%lu:%d:\n",
876 GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME,
877 MAX_PASSPHRASE_DAYS);
878 printf ("enable-passphrase-history:%lu:\n",
879 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
880 printf ("no-grab:%lu:\n",
881 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
882 printf ("ignore-cache-for-signing:%lu:\n",
883 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
884 printf ("allow-mark-trusted:%lu:\n",
885 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
886 printf ("disable-scdaemon:%lu:\n",
887 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
888
889 agent_exit (0);
890 }
891
892 /* If this has been called without any options, we merely check
893 whether an agent is already running. We do this here so that we
894 don't clobber a logfile but print it directly to stderr. */
895 if (!pipe_server && !is_daemon)
896 {
897 log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX);
898 check_for_running_agent (0, 0);
899 agent_exit (0);
900 }
901
902 #ifdef ENABLE_NLS
903 /* gpg-agent usually does not output any messages because it runs in
904 the background. For log files it is acceptable to have messages
905 always encoded in utf-8. We switch here to utf-8, so that
906 commands like --help still give native messages. It is far
907 easier to switch only once instead of for every message and it
908 actually helps when more then one thread is active (avoids an
909 extra copy step). */
910 bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
911 #endif
912
913 /* Now start with logging to a file if this is desired. */
914 if (logfile)
915 {
916 log_set_file (logfile);
917 log_set_prefix (NULL, (JNLIB_LOG_WITH_PREFIX
918 |JNLIB_LOG_WITH_TIME
919 |JNLIB_LOG_WITH_PID));
920 current_logfile = xstrdup (logfile);
921 }
922
923 /* Make sure that we have a default ttyname. */
924 if (!default_ttyname && ttyname (1))
925 default_ttyname = xstrdup (ttyname (1));
926 if (!default_ttytype && getenv ("TERM"))
927 default_ttytype = xstrdup (getenv ("TERM"));
928
929
930 if (pipe_server)
931 {
932 /* This is the simple pipe based server */
933 ctrl_t ctrl;
934
935 ctrl = xtrycalloc (1, sizeof *ctrl);
936 if (!ctrl)
937 {
938 log_error ("error allocating connection control data: %s\n",
939 strerror (errno) );
940 agent_exit (1);
941 }
942 ctrl->session_env = session_env_new ();
943 if (!ctrl->session_env)
944 {
945 log_error ("error allocating session environment block: %s\n",
946 strerror (errno) );
947 xfree (ctrl);
948 agent_exit (1);
949 }
950 agent_init_default_ctrl (ctrl);
951 start_command_handler (ctrl, GNUPG_INVALID_FD, GNUPG_INVALID_FD);
952 agent_deinit_default_ctrl (ctrl);
953 xfree (ctrl);
954 }
955 else if (!is_daemon)
956 ; /* NOTREACHED */
957 else
958 { /* Regular server mode */
959 gnupg_fd_t fd;
960 gnupg_fd_t fd_ssh;
961 pid_t pid;
962
963 /* Remove the DISPLAY variable so that a pinentry does not
964 default to a specific display. There is still a default
965 display when gpg-agent was started using --display or a
966 client requested this using an OPTION command. Note, that we
967 don't do this when running in reverse daemon mode (i.e. when
968 exec the program given as arguments). */
969 #ifndef HAVE_W32_SYSTEM
970 if (!opt.keep_display && !argc)
971 unsetenv ("DISPLAY");
972 #endif
973
974
975 /* Create the sockets. */
976 socket_name = create_socket_name
977 ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent");
978 if (opt.ssh_support)
979 socket_name_ssh = create_socket_name
980 ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh");
981
982 fd = create_server_socket (socket_name, 0, &socket_nonce);
983 if (opt.ssh_support)
984 fd_ssh = create_server_socket (socket_name_ssh, 1, &socket_nonce_ssh);
985 else
986 fd_ssh = GNUPG_INVALID_FD;
987
988 /* If we are going to exec a program in the parent, we record
989 the PID, so that the child may check whether the program is
990 still alive. */
991 if (argc)
992 parent_pid = getpid ();
993
994 fflush (NULL);
995 #ifdef HAVE_W32_SYSTEM
996 pid = getpid ();
997 printf ("set GPG_AGENT_INFO=%s;%lu;1\n", socket_name, (ulong)pid);
998 #else /*!HAVE_W32_SYSTEM*/
999 pid = fork ();
1000 if (pid == (pid_t)-1)
1001 {
1002 log_fatal ("fork failed: %s\n", strerror (errno) );
1003 exit (1);
1004 }
1005 else if (pid)
1006 { /* We are the parent */
1007 char *infostr, *infostr_ssh_sock, *infostr_ssh_pid;
1008
1009 /* Close the socket FD. */
1010 close (fd);
1011
1012 /* Note that we used a standard fork so that Pth runs in
1013 both the parent and the child. The pth_fork would
1014 terminate Pth in the child but that is not the way we
1015 want it. Thus we use a plain fork and terminate Pth here
1016 in the parent. The pth_kill may or may not work reliable
1017 but it should not harm to call it. Because Pth fiddles
1018 with the signal mask the signal mask might not be correct
1019 right now and thus we restore it. That is not strictly
1020 necessary but some programs falsely assume a cleared
1021 signal mask. */
1022 if ( !pth_kill () )
1023 log_error ("pth_kill failed in forked process\n");
1024
1025 #ifdef HAVE_SIGPROCMASK
1026 if (startup_signal_mask_valid)
1027 {
1028 if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
1029 log_error ("error restoring signal mask: %s\n",
1030 strerror (errno));
1031 }
1032 else
1033 log_info ("no saved signal mask\n");
1034 #endif /*HAVE_SIGPROCMASK*/
1035
1036 /* Create the info string: <name>:<pid>:<protocol_version> */
1037 if (asprintf (&infostr, "GPG_AGENT_INFO=%s:%lu:1",
1038 socket_name, (ulong)pid ) < 0)
1039 {
1040 log_error ("out of core\n");
1041 kill (pid, SIGTERM);
1042 exit (1);
1043 }
1044 if (opt.ssh_support)
1045 {
1046 if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s",
1047 socket_name_ssh) < 0)
1048 {
1049 log_error ("out of core\n");
1050 kill (pid, SIGTERM);
1051 exit (1);
1052 }
1053 if (asprintf (&infostr_ssh_pid, "SSH_AGENT_PID=%u",
1054 pid) < 0)
1055 {
1056 log_error ("out of core\n");
1057 kill (pid, SIGTERM);
1058 exit (1);
1059 }
1060 }
1061
1062 *socket_name = 0; /* Don't let cleanup() remove the socket -
1063 the child should do this from now on */
1064 if (opt.ssh_support)
1065 *socket_name_ssh = 0;
1066
1067 if (env_file_name)
1068 {
1069 FILE *fp;
1070
1071 fp = fopen (env_file_name, "w");
1072 if (!fp)
1073 log_error (_("error creating `%s': %s\n"),
1074 env_file_name, strerror (errno));
1075 else
1076 {
1077 fputs (infostr, fp);
1078 putc ('\n', fp);
1079 if (opt.ssh_support)
1080 {
1081 fputs (infostr_ssh_sock, fp);
1082 putc ('\n', fp);
1083 fputs (infostr_ssh_pid, fp);
1084 putc ('\n', fp);
1085 }
1086 fclose (fp);
1087 }
1088 }
1089
1090
1091 if (argc)
1092 { /* Run the program given on the commandline. */
1093 if (putenv (infostr))
1094 {
1095 log_error ("failed to set environment: %s\n",
1096 strerror (errno) );
1097 kill (pid, SIGTERM );
1098 exit (1);
1099 }
1100 if (opt.ssh_support && putenv (infostr_ssh_sock))
1101 {
1102 log_error ("failed to set environment: %s\n",
1103 strerror (errno) );
1104 kill (pid, SIGTERM );
1105 exit (1);
1106 }
1107 if (opt.ssh_support && putenv (infostr_ssh_pid))
1108 {
1109 log_error ("failed to set environment: %s\n",
1110 strerror (errno) );
1111 kill (pid, SIGTERM );
1112 exit (1);
1113 }
1114
1115 /* Close all the file descriptors except the standard
1116 ones and those open at startup. We explicitly don't
1117 close 0,1,2 in case something went wrong collecting
1118 them at startup. */
1119 close_all_fds (3, startup_fd_list);
1120
1121 /* Run the command. */
1122 execvp (argv[0], argv);
1123 log_error ("failed to run the command: %s\n", strerror (errno));
1124 kill (pid, SIGTERM);
1125 exit (1);
1126 }
1127 else
1128 {
1129 /* Print the environment string, so that the caller can use
1130 shell's eval to set it */
1131 if (csh_style)
1132 {
1133 *strchr (infostr, '=') = ' ';
1134 printf ("setenv %s\n", infostr);
1135 if (opt.ssh_support)
1136 {
1137 *strchr (infostr_ssh_sock, '=') = ' ';
1138 printf ("setenv %s\n", infostr_ssh_sock);
1139 *strchr (infostr_ssh_pid, '=') = ' ';
1140 printf ("setenv %s\n", infostr_ssh_pid);
1141 }
1142 }
1143 else
1144 {
1145 printf ( "%s; export GPG_AGENT_INFO;\n", infostr);
1146 if (opt.ssh_support)
1147 {
1148 printf ("%s; export SSH_AUTH_SOCK;\n", infostr_ssh_sock);
1149 printf ("%s; export SSH_AGENT_PID;\n", infostr_ssh_pid);
1150 }
1151 }
1152 xfree (infostr);
1153 if (opt.ssh_support)
1154 {
1155 xfree (infostr_ssh_sock);
1156 xfree (infostr_ssh_pid);
1157 }
1158 exit (0);
1159 }
1160 /*NOTREACHED*/
1161 } /* End parent */
1162
1163 /*
1164 This is the child
1165 */
1166
1167 /* Detach from tty and put process into a new session */
1168 if (!nodetach )
1169 {
1170 int i;
1171 unsigned int oldflags;
1172
1173 /* Close stdin, stdout and stderr unless it is the log stream */
1174 for (i=0; i <= 2; i++)
1175 {
1176 if (!log_test_fd (i) && i != fd )
1177 {
1178 if ( ! close (i)
1179 && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1)
1180 {
1181 log_error ("failed to open `%s': %s\n",
1182 "/dev/null", strerror (errno));
1183 cleanup ();
1184 exit (1);
1185 }
1186 }
1187 }
1188 if (setsid() == -1)
1189 {
1190 log_error ("setsid() failed: %s\n", strerror(errno) );
1191 cleanup ();
1192 exit (1);
1193 }
1194
1195 log_get_prefix (&oldflags);
1196 log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED);
1197 opt.running_detached = 1;
1198 }
1199
1200 if (chdir("/"))
1201 {
1202 log_error ("chdir to / failed: %s\n", strerror (errno));
1203 exit (1);
1204 }
1205
1206 {
1207 struct sigaction sa;
1208
1209 sa.sa_handler = SIG_IGN;
1210 sigemptyset (&sa.sa_mask);
1211 sa.sa_flags = 0;
1212 sigaction (SIGPIPE, &sa, NULL);
1213 }
1214 #endif /*!HAVE_W32_SYSTEM*/
1215
1216 log_info ("%s %s started\n", strusage(11), strusage(13) );
1217 handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD);
1218 assuan_sock_close (fd);
1219 }
1220
1221 return 0;
1222 }
1223
1224
1225 void
1226 agent_exit (int rc)
1227 {
1228 /*FIXME: update_random_seed_file();*/
1229 #if 1
1230 /* at this time a bit annoying */
1231 if (opt.debug & DBG_MEMSTAT_VALUE)
1232 {
1233 gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
1234 gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
1235 }
1236 if (opt.debug)
1237 gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
1238 #endif
1239 gcry_control (GCRYCTL_TERM_SECMEM );
1240 rc = rc? rc : log_get_errorcount(0)? 2 : 0;
1241 exit (rc);
1242 }
1243
1244
1245 static void
1246 agent_init_default_ctrl (ctrl_t ctrl)
1247 {
1248 /* Note we ignore malloc errors because we can't do much about it
1249 and the request will fail anyway shortly after this
1250 initialization. */
1251 session_env_setenv (ctrl->session_env, "DISPLAY", default_display);
1252 session_env_setenv (ctrl->session_env, "GPG_TTY", default_ttyname);
1253 session_env_setenv (ctrl->session_env, "TERM", default_ttytype);
1254 session_env_setenv (ctrl->session_env, "XAUTHORITY", default_xauthority);
1255 session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", NULL);
1256
1257 if (ctrl->lc_ctype)
1258 xfree (ctrl->lc_ctype);
1259 ctrl->lc_ctype = default_lc_ctype? xtrystrdup (default_lc_ctype) : NULL;
1260
1261 if (ctrl->lc_messages)
1262 xfree (ctrl->lc_messages);
1263 ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages)
1264 /**/ : NULL;
1265
1266 }
1267
1268
1269 static void
1270 agent_deinit_default_ctrl (ctrl_t ctrl)
1271 {
1272 session_env_release (ctrl->session_env);
1273
1274 if (ctrl->lc_ctype)
1275 xfree (ctrl->lc_ctype);
1276 if (ctrl->lc_messages)
1277 xfree (ctrl->lc_messages);
1278 }
1279
1280
1281 /* Reread parts of the configuration. Note, that this function is
1282 obviously not thread-safe and should only be called from the PTH
1283 signal handler.
1284
1285 Fixme: Due to the way the argument parsing works, we create a
1286 memory leak here for all string type arguments. There is currently
1287 no clean way to tell whether the memory for the argument has been
1288 allocated or points into the process' original arguments. Unless
1289 we have a mechanism to tell this, we need to live on with this. */
1290 static void
1291 reread_configuration (void)
1292 {
1293 ARGPARSE_ARGS pargs;
1294 FILE *fp;
1295 unsigned int configlineno = 0;
1296 int dummy;
1297
1298 if (!config_filename)
1299 return; /* No config file. */
1300
1301 fp = fopen (config_filename, "r");
1302 if (!fp)
1303 {
1304 log_error (_("option file `%s': %s\n"),
1305 config_filename, strerror(errno) );
1306 return;
1307 }
1308
1309 parse_rereadable_options (NULL, 1); /* Start from the default values. */
1310
1311 memset (&pargs, 0, sizeof pargs);
1312 dummy = 0;
1313 pargs.argc = &dummy;
1314 pargs.flags = 1; /* do not remove the args */
1315 while (optfile_parse (fp, config_filename, &configlineno, &pargs, opts) )
1316 {
1317 if (pargs.r_opt < -1)
1318 pargs.err = 1; /* Print a warning. */
1319 else /* Try to parse this option - ignore unchangeable ones. */
1320 parse_rereadable_options (&pargs, 1);
1321 }
1322 fclose (fp);
1323 set_debug ();
1324 }
1325
1326
1327 /* Return the file name of the socket we are using for native
1328 requests. */
1329 const char *
1330 get_agent_socket_name (void)
1331 {
1332 const char *s = socket_name;
1333
1334 return (s && *s)? s : NULL;
1335 }
1336
1337 /* Return the file name of the socket we are using for SSH
1338 requests. */
1339 const char *
1340 get_agent_ssh_socket_name (void)
1341 {
1342 const char *s = socket_name_ssh;
1343
1344 return (s && *s)? s : NULL;
1345 }
1346
1347
1348 /* Under W32, this function returns the handle of the scdaemon
1349 notification event. Calling it the first time creates that
1350 event. */
1351 #ifdef HAVE_W32_SYSTEM
1352 void *
1353 get_agent_scd_notify_event (void)
1354 {
1355 static HANDLE the_event;
1356
1357 if (!the_event)
1358 {
1359 HANDLE h, h2;
1360 SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
1361
1362 /* We need to use manual reset evet object due to the way our
1363 w32-pth wait function works: If we would use an automatic
1364 reset event we are not able to figure out which handle has
1365 been signaled because at the time we single out the signaled
1366 handles using WFSO the event has already been reset due to
1367 the WFMO. */
1368 h = CreateEvent (&sa, TRUE, FALSE, NULL);
1369 if (!h)
1370 log_error ("can't create scd notify event: %s\n", w32_strerror (-1) );
1371 else if (!DuplicateHandle (GetCurrentProcess(), h,
1372 GetCurrentProcess(), &h2,
1373 EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0))
1374 {
1375 log_error ("setting syncronize for scd notify event failed: %s\n",
1376 w32_strerror (-1) );
1377 CloseHandle (h);
1378 }
1379 else
1380 {
1381 CloseHandle (h);
1382 the_event = h2;
1383 }
1384 }
1385
1386 log_debug ("returning notify handle %p\n", the_event);
1387 return the_event;
1388 }
1389 #endif /*HAVE_W32_SYSTEM*/
1390
1391
1392
1393 /* Create a name for the socket. With USE_STANDARD_SOCKET given as
1394 true using STANDARD_NAME in the home directory or if given as
1395 false from the mkdir type name TEMPLATE. In the latter case a
1396 unique name in a unique new directory will be created. In both
1397 cases check for valid characters as well as against a maximum
1398 allowed length for a unix domain socket is done. The function
1399 terminates the process in case of an error. Returns: Pointer to an
1400 allocated string with the absolute name of the socket used. */
1401 static char *
1402 create_socket_name (char *standard_name, char *template)
1403 {
1404 char *name, *p;
1405
1406 if (use_standard_socket)
1407 name = make_filename (opt.homedir, standard_name, NULL);
1408 else
1409 {
1410 name = xstrdup (template);
1411 p = strrchr (name, '/');
1412 if (!p)
1413 BUG ();
1414 *p = 0;
1415 if (!mkdtemp (name))
1416 {
1417 log_error (_("can't create directory `%s': %s\n"),
1418 name, strerror (errno));
1419 agent_exit (2);
1420 }
1421 *p = '/';
1422 }
1423
1424 if (strchr (name, PATHSEP_C))
1425 {
1426 log_error (("`%s' are not allowed in the socket name\n"), PATHSEP_S);
1427 agent_exit (2);
1428 }
1429 if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) )
1430 {
1431 log_error (_("name of socket too long\n"));
1432 agent_exit (2);
1433 }
1434 return name;
1435 }
1436
1437
1438
1439 /* Create a Unix domain socket with NAME. Returns the file descriptor
1440 or terminates the process in case of an error. Not that this
1441 function needs to be used for the regular socket first and only
1442 then for the ssh socket. */
1443 static gnupg_fd_t
1444 create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce)
1445 {
1446 struct sockaddr_un *serv_addr;
1447 socklen_t len;
1448 gnupg_fd_t fd;
1449 int rc;
1450
1451 fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
1452 if (fd == ASSUAN_INVALID_FD)
1453 {
1454 log_error (_("can't create socket: %s\n"), strerror (errno));
1455 agent_exit (2);
1456 }
1457
1458 serv_addr = xmalloc (sizeof (*serv_addr));
1459 memset (serv_addr, 0, sizeof *serv_addr);
1460 serv_addr->sun_family = AF_UNIX;
1461 if (strlen (name) + 1 >= sizeof (serv_addr->sun_path))
1462 {
1463 log_error (_("socket name `%s' is too long\n"), name);
1464 agent_exit (2);
1465 }
1466 strcpy (serv_addr->sun_path, name);
1467 len = SUN_LEN (serv_addr);
1468 rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
1469 if (use_standard_socket && rc == -1 && errno == EADDRINUSE)
1470 {
1471 /* Check whether a gpg-agent is already running on the standard
1472 socket. We do this test only if this is not the ssh socket.
1473 For ssh we assume that a test for gpg-agent has already been
1474 done and reuse the requested ssh socket. Testing the
1475 ssh-socket is not possible because at this point, though we
1476 know the new Assuan socket, the Assuan server and thus the
1477 ssh-agent server is not yet operational. This would lead to
1478 a hang. */
1479 if (!is_ssh && !check_for_running_agent (1, 1))
1480 {
1481 log_error (_("a gpg-agent is already running - "
1482 "not starting a new one\n"));
1483 *name = 0; /* Inhibit removal of the socket by cleanup(). */
1484 assuan_sock_close (fd);
1485 agent_exit (2);
1486 }
1487 remove (name);
1488 rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
1489 }
1490 if (rc != -1
1491 && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce)))
1492 log_error (_("error getting nonce for the socket\n"));
1493 if (rc == -1)
1494 {
1495 /* We use gpg_strerror here because it allows us to get strings
1496 for some W32 socket error codes. */
1497 log_error (_("error binding socket to `%s': %s\n"),
1498 serv_addr->sun_path,
1499 gpg_strerror (gpg_error_from_errno (errno)));
1500
1501 assuan_sock_close (fd);
1502 if (use_standard_socket)
1503 *name = 0; /* Inhibit removal of the socket by cleanup(). */
1504 agent_exit (2);
1505 }
1506
1507 if (listen (FD2INT(fd), 5 ) == -1)
1508 {
1509 log_error (_("listen() failed: %s\n"), strerror (errno));
1510 assuan_sock_close (fd);
1511 agent_exit (2);
1512 }
1513
1514 if (opt.verbose)
1515 log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
1516
1517 return fd;
1518 }
1519
1520
1521 /* Check that the directory for storing the private keys exists and
1522 create it if not. This function won't fail as it is only a
1523 convenience function and not strictly necessary. */
1524 static void
1525 create_private_keys_directory (const char *home)
1526 {
1527 char *fname;
1528 struct stat statbuf;
1529
1530 fname = make_filename (home, GNUPG_PRIVATE_KEYS_DIR, NULL);
1531 if (stat (fname, &statbuf) && errno == ENOENT)
1532 {
1533 #ifdef HAVE_W32_SYSTEM /*FIXME: Setup proper permissions. */
1534 if (!CreateDirectory (fname, NULL))
1535 log_error (_("can't create directory `%s': %s\n"),
1536 fname, w32_strerror (-1) );
1537 #else
1538 if (mkdir (fname, S_IRUSR|S_IWUSR|S_IXUSR ))
1539 log_error (_("can't create directory `%s': %s\n"),
1540 fname, strerror (errno) );
1541 #endif
1542 else if (!opt.quiet)
1543 log_info (_("directory `%s' created\n"), fname);
1544 }
1545 xfree (fname);
1546 }
1547
1548 /* Create the directory only if the supplied directory name is the
1549 same as the default one. This way we avoid to create arbitrary
1550 directories when a non-default home directory is used. To cope
1551 with HOME, we compare only the suffix if we see that the default
1552 homedir does start with a tilde. We don't stop here in case of
1553 problems because other functions will throw an error anyway.*/
1554 static void
1555 create_directories (void)
1556 {
1557 struct stat statbuf;
1558 const char *defhome = standard_homedir ();
1559 char *home;
1560
1561 home = make_filename (opt.homedir, NULL);
1562 if ( stat (home, &statbuf) )
1563 {
1564 if (errno == ENOENT)
1565 {
1566 if (
1567 #ifdef HAVE_W32_SYSTEM
1568 ( !compare_filenames (home, defhome) )
1569 #else
1570 (*defhome == '~'
1571 && (strlen (home) >= strlen (defhome+1)
1572 && !strcmp (home + strlen(home)
1573 - strlen (defhome+1), defhome+1)))
1574 || (*defhome != '~' && !strcmp (home, defhome) )
1575 #endif
1576 )
1577 {
1578 #ifdef HAVE_W32_SYSTEM
1579 if (!CreateDirectory (home, NULL))
1580 log_error (_("can't create directory `%s': %s\n"),
1581 home, w32_strerror (-1) );
1582 #else
1583 if (mkdir (home, S_IRUSR|S_IWUSR|S_IXUSR ))
1584 log_error (_("can't create directory `%s': %s\n"),
1585 home, strerror (errno) );
1586 #endif
1587 else
1588 {
1589 if (!opt.quiet)
1590 log_info (_("directory `%s' created\n"), home);
1591 create_private_keys_directory (home);
1592 }
1593 }
1594 }
1595 else
1596 log_error (_("stat() failed for `%s': %s\n"), home, strerror (errno));
1597 }
1598 else if ( !S_ISDIR(statbuf.st_mode))
1599 {
1600 log_error (_("can't use `%s' as home directory\n"), home);
1601 }
1602 else /* exists and is a directory. */
1603 {
1604 create_private_keys_directory (home);
1605 }
1606 xfree (home);
1607 }
1608
1609
1610
1611 /* This is the worker for the ticker. It is called every few seconds
1612 and may only do fast operations. */
1613 static void
1614 handle_tick (void)
1615 {
1616 static time_t last_minute;
1617
1618 if (!last_minute)
1619 last_minute = time (NULL);
1620
1621 /* Check whether the scdaemon has died and cleanup in this case. */
1622 agent_scd_check_aliveness ();
1623
1624 /* If we are running as a child of another process, check whether
1625 the parent is still alive and shutdown if not. */
1626 #ifndef HAVE_W32_SYSTEM
1627 if (parent_pid != (pid_t)(-1))
1628 {
1629 if (kill (parent_pid, 0))
1630 {
1631 shutdown_pending = 2;
1632 log_info ("parent process died - shutting down\n");
1633 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
1634 cleanup ();
1635 agent_exit (0);
1636 }
1637 }
1638 #endif /*HAVE_W32_SYSTEM*/
1639
1640 /* Code to be run every minute. */
1641 if (last_minute + 60 <= time (NULL))
1642 {
1643 check_own_socket ();
1644 last_minute = time (NULL);
1645 }
1646
1647 }
1648
1649
1650 /* A global function which allows us to call the reload stuff from
1651 other places too. This is only used when build for W32. */
1652 void
1653 agent_sighup_action (void)
1654 {
1655 log_info ("SIGHUP received - "
1656 "re-reading configuration and flushing cache\n");
1657 agent_flush_cache ();
1658 reread_configuration ();
1659 agent_reload_trustlist ();
1660 }
1661
1662
1663 static void
1664 agent_sigusr2_action (void)
1665 {
1666 if (opt.verbose)
1667 log_info ("SIGUSR2 received - updating card event counter\n");
1668 /* Nothing to check right now. We only increment a counter. */
1669 bump_card_eventcounter ();
1670 }
1671
1672
1673 static void
1674 handle_signal (int signo)
1675 {
1676 switch (signo)
1677 {
1678 #ifndef HAVE_W32_SYSTEM
1679 case SIGHUP:
1680 agent_sighup_action ();
1681 break;
1682
1683 case SIGUSR1:
1684 log_info ("SIGUSR1 received - printing internal information:\n");
1685 pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ());
1686 agent_query_dump_state ();
1687 agent_scd_dump_state ();
1688 break;
1689
1690 case SIGUSR2:
1691 agent_sigusr2_action ();
1692 break;
1693
1694 case SIGTERM:
1695 if (!shutdown_pending)
1696 log_info ("SIGTERM received - shutting down ...\n");
1697 else
1698 log_info ("SIGTERM received - still %ld running threads\n",
1699 pth_ctrl( PTH_CTRL_GETTHREADS ));
1700 shutdown_pending++;
1701 if (shutdown_pending > 2)
1702 {
1703 log_info ("shutdown forced\n");
1704 log_info ("%s %s stopped\n", strusage(11), strusage(13) );
1705 cleanup ();
1706 agent_exit (0);
1707 }
1708 break;
1709
1710 case SIGINT:
1711 log_info ("SIGINT received - immediate shutdown\n");
1712 log_info( "%s %s stopped\n", strusage(11), strusage(13));
1713 cleanup ();
1714 agent_exit (0);
1715 break;
1716 #endif
1717 default:
1718 log_info ("signal %d received - no action defined\n", signo);
1719 }
1720 }
1721
1722
1723 /* Check the nonce on a new connection. This is a NOP unless we we
1724 are using our Unix domain socket emulation under Windows. */
1725 static int
1726 check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
1727 {
1728 if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))
1729 {
1730 log_info (_("error reading nonce on fd %d: %s\n"),
1731 FD2INT(ctrl->thread_startup.fd), strerror (errno));
1732 assuan_sock_close (ctrl->thread_startup.fd);
1733 xfree (ctrl);
1734 return -1;
1735 }
1736 else
1737 return 0;
1738 }
1739
1740
1741 /* This is the standard connection thread's main function. */
1742 static void *
1743 start_connection_thread (void *arg)
1744 {
1745 ctrl_t ctrl = arg;
1746
1747 if (check_nonce (ctrl, &socket_nonce))
1748 return NULL;
1749
1750 agent_init_default_ctrl (ctrl);
1751 if (opt.verbose)
1752 log_info (_("handler 0x%lx for fd %d started\n"),
1753 pth_thread_id (), FD2INT(ctrl->thread_startup.fd));
1754
1755 start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd);
1756 if (opt.verbose)
1757 log_info (_("handler 0x%lx for fd %d terminated\n"),
1758 pth_thread_id (), FD2INT(ctrl->thread_startup.fd));
1759
1760 agent_deinit_default_ctrl (ctrl);
1761 xfree (ctrl);
1762 return NULL;
1763 }
1764
1765
1766 /* This is the ssh connection thread's main function. */
1767 static void *
1768 start_connection_thread_ssh (void *arg)
1769 {
1770 ctrl_t ctrl = arg;
1771
1772 if (check_nonce (ctrl, &socket_nonce_ssh))
1773 return NULL;
1774
1775 agent_init_default_ctrl (ctrl);
1776 if (opt.verbose)
1777 log_info (_("ssh handler 0x%lx for fd %d started\n"),
1778 pth_thread_id (), FD2INT(ctrl->thread_startup.fd));
1779
1780 start_command_handler_ssh (ctrl, ctrl->thread_startup.fd);
1781 if (opt.verbose)
1782 log_info (_("ssh handler 0x%lx for fd %d terminated\n"),
1783 pth_thread_id (), FD2INT(ctrl->thread_startup.fd));
1784
1785 agent_deinit_default_ctrl (ctrl);
1786 xfree (ctrl);
1787 return NULL;
1788 }
1789
1790
1791 /* Connection handler loop. Wait for connection requests and spawn a
1792 thread after accepting a connection. */
1793 static void
1794 handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)
1795 {
1796 pth_attr_t tattr;
1797 pth_event_t ev, time_ev;
1798 sigset_t sigs;
1799 int signo;
1800 struct sockaddr_un paddr;
1801 socklen_t plen;
1802 fd_set fdset, read_fdset;
1803 int ret;
1804 gnupg_fd_t fd;
1805 int nfd;
1806
1807 tattr = pth_attr_new();
1808 pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
1809 pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
1810
1811 #ifndef HAVE_W32_SYSTEM /* fixme */
1812 /* Make sure that the signals we are going to handle are not blocked
1813 and create an event object for them. We also set the default
1814 action to ignore because we use an Pth event to get notified
1815 about signals. This avoids that the default action is taken in
1816 case soemthing goes wrong within Pth. The problem might also be
1817 a Pth bug. */
1818 sigemptyset (&sigs );
1819 {
1820 static const int mysigs[] = { SIGHUP, SIGUSR1, SIGUSR2, SIGINT, SIGTERM };
1821 struct sigaction sa;
1822 int i;
1823
1824 for (i=0; i < DIM (mysigs); i++)
1825 {
1826 sigemptyset (&sa.sa_mask);
1827 sa.sa_handler = SIG_IGN;
1828 sa.sa_flags = 0;
1829 sigaction (mysigs[i], &sa, NULL);
1830
1831 sigaddset (&sigs, mysigs[i]);
1832 }
1833 }
1834
1835 pth_sigmask (SIG_UNBLOCK, &sigs, NULL);
1836 ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
1837 #else
1838 # ifdef PTH_EVENT_HANDLE
1839 sigs = 0;
1840 ev = pth_event (PTH_EVENT_HANDLE, get_agent_scd_notify_event ());
1841 signo = 0;
1842 # else
1843 /* Use a dummy event. */
1844 sigs = 0;
1845 ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
1846 # endif
1847 #endif
1848 time_ev = NULL;
1849
1850 FD_ZERO (&fdset);
1851 FD_SET (FD2INT (listen_fd), &fdset);
1852 nfd = FD2INT (listen_fd);
1853 if (listen_fd_ssh != GNUPG_INVALID_FD)
1854 {
1855 FD_SET ( FD2INT(listen_fd_ssh), &fdset);
1856 if (FD2INT (listen_fd_ssh) > nfd)
1857 nfd = FD2INT (listen_fd_ssh);
1858 }
1859
1860 for (;;)
1861 {
1862 /* Make sure that our signals are not blocked. */
1863 pth_sigmask (SIG_UNBLOCK, &sigs, NULL);
1864
1865 /* Shutdown test. */
1866 if (shutdown_pending)
1867 {
1868 if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)
1869 break; /* ready */
1870
1871 /* Do not accept new connections but keep on running the
1872 loop to cope with the timer events. */
1873 FD_ZERO (&fdset);
1874 }
1875
1876 /* Create a timeout event if needed. To help with power saving
1877 we syncronize the ticks to the next full second. */
1878 if (!time_ev)
1879 {
1880 pth_time_t nexttick;
1881
1882 nexttick = pth_timeout (TIMERTICK_INTERVAL, 0);
1883 if (nexttick.tv_usec > 10) /* Use a 10 usec threshhold. */
1884 {
1885 nexttick.tv_sec++;
1886 nexttick.tv_usec = 0;
1887 }
1888 time_ev = pth_event (PTH_EVENT_TIME, nexttick);
1889 }
1890
1891 /* POSIX says that fd_set should be implemented as a structure,
1892 thus a simple assignment is fine to copy the entire set. */
1893 read_fdset = fdset;
1894
1895 if (time_ev)
1896 pth_event_concat (ev, time_ev, NULL);
1897 ret = pth_select_ev (nfd+1, &read_fdset, NULL, NULL, NULL, ev);
1898 if (time_ev)
1899 pth_event_isolate (time_ev);
1900
1901 if (ret == -1)
1902 {
1903 if (pth_event_occurred (ev)
1904 || (time_ev && pth_event_occurred (time_ev)))
1905 {
1906 if (pth_event_occurred (ev))
1907 {
1908 #if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)
1909 agent_sigusr2_action ();
1910 #else
1911 handle_signal (signo);
1912 #endif
1913 }
1914 if (time_ev && pth_event_occurred (time_ev))
1915 {
1916 pth_event_free (time_ev, PTH_FREE_ALL);
1917 time_ev = NULL;
1918 handle_tick ();
1919 }
1920 continue;
1921 }
1922 log_error (_("pth_select failed: %s - waiting 1s\n"),
1923 strerror (errno));
1924 pth_sleep (1);
1925 continue;
1926 }
1927
1928 if (pth_event_occurred (ev))
1929 {
1930 #if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)
1931 agent_sigusr2_action ();
1932 #else
1933 handle_signal (signo);
1934 #endif
1935 }
1936
1937 if (time_ev && pth_event_occurred (time_ev))
1938 {
1939 pth_event_free (time_ev, PTH_FREE_ALL);
1940 time_ev = NULL;
1941 handle_tick ();
1942 }
1943
1944
1945 /* We now might create new threads and because we don't want any
1946 signals (as we are handling them here) to be delivered to a
1947 new thread. Thus we need to block those signals. */
1948 pth_sigmask (SIG_BLOCK, &sigs, NULL);
1949
1950 if (!shutdown_pending && FD_ISSET (FD2INT (listen_fd), &read_fdset))
1951 {
1952 ctrl_t ctrl;
1953
1954 plen = sizeof paddr;
1955 fd = INT2FD (pth_accept (FD2INT(listen_fd),
1956 (struct sockaddr *)&paddr, &plen));
1957 if (fd == GNUPG_INVALID_FD)
1958 {
1959 log_error ("accept failed: %s\n", strerror (errno));
1960 }
1961 else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
1962 {
1963 log_error ("error allocating connection control data: %s\n",
1964 strerror (errno) );
1965 assuan_sock_close (fd);
1966 }
1967 else if ( !(ctrl->session_env = session_env_new ()) )
1968 {
1969 log_error ("error allocating session environment block: %s\n",
1970 strerror (errno) );
1971 xfree (ctrl);
1972 assuan_sock_close (fd);
1973 }
1974 else
1975 {
1976 char threadname[50];
1977
1978 snprintf (threadname, sizeof threadname-1,
1979 "conn fd=%d (gpg)", FD2INT(fd));
1980 threadname[sizeof threadname -1] = 0;
1981 pth_attr_set (tattr, PTH_ATTR_NAME, threadname);
1982 ctrl->thread_startup.fd = fd;
1983 if (!pth_spawn (tattr, start_connection_thread, ctrl))
1984 {
1985 log_error ("error spawning connection handler: %s\n",
1986 strerror (errno) );
1987 assuan_sock_close (fd);
1988 xfree (ctrl);
1989 }
1990 }
1991 fd = GNUPG_INVALID_FD;
1992 }
1993
1994 if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD
1995 && FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset))
1996 {
1997 ctrl_t ctrl;
1998
1999 plen = sizeof paddr;
2000 fd = INT2FD(pth_accept (FD2INT(listen_fd_ssh),
2001 (struct sockaddr *)&paddr, &plen));
2002 if (fd == GNUPG_INVALID_FD)
2003 {
2004 log_error ("accept failed for ssh: %s\n", strerror (errno));
2005 }
2006 else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) )
2007 {
2008 log_error ("error allocating connection control data: %s\n",
2009 strerror (errno) );
2010 assuan_sock_close (fd);
2011 }
2012 else if ( !(ctrl->session_env = session_env_new ()) )
2013 {
2014 log_error ("error allocating session environment block: %s\n",
2015 strerror (errno) );
2016 xfree (ctrl);
2017 assuan_sock_close (fd);
2018 }
2019 else
2020 {
2021 char threadname[50];
2022
2023 agent_init_default_ctrl (ctrl);
2024 snprintf (threadname, sizeof threadname-1,
2025 "conn fd=%d (ssh)", FD2INT(fd));
2026 threadname[sizeof threadname -1] = 0;
2027 pth_attr_set (tattr, PTH_ATTR_NAME, threadname);
2028 ctrl->thread_startup.fd = fd;
2029 if (!pth_spawn (tattr, start_connection_thread_ssh, ctrl) )
2030 {
2031 log_error ("error spawning ssh connection handler: %s\n",
2032 strerror (errno) );
2033 assuan_sock_close (fd);
2034 xfree (ctrl);
2035 }
2036 }
2037 fd = GNUPG_INVALID_FD;
2038 }
2039 }
2040
2041 pth_event_free (ev, PTH_FREE_ALL);
2042 if (time_ev)
2043 pth_event_free (time_ev, PTH_FREE_ALL);
2044 cleanup ();
2045 log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
2046 }
2047
2048
2049
2050 /* Helper for check_own_socket. */
2051 static gpg_error_t
2052 check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
2053 {
2054 membuf_t *mb = opaque;
2055 put_membuf (mb, buffer, length);
2056 return 0;
2057 }
2058
2059
2060 /* The thread running the actual check. We need to run this in a
2061 separate thread so that check_own_thread can be called from the
2062 timer tick. */
2063 static void *
2064 check_own_socket_thread (void *arg)
2065 {
2066 int rc;
2067 char *sockname = arg;
2068 assuan_context_t ctx = NULL;
2069 membuf_t mb;
2070 char *buffer;
2071
2072 check_own_socket_running++;
2073
2074 rc = assuan_new (&ctx);
2075 xfree (sockname);
2076 if (rc)
2077 {
2078 log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
2079 goto leave;
2080 }
2081
2082 rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1));
2083 if (rc)
2084 {
2085 log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
2086 goto leave;
2087 }
2088
2089 init_membuf (&mb, 100);
2090 rc = assuan_transact (ctx, "GETINFO pid", check_own_socket_pid_cb, &mb,
2091 NULL, NULL, NULL, NULL);
2092 put_membuf (&mb, "", 1);
2093 buffer = get_membuf (&mb, NULL);
2094 if (rc || !buffer)
2095 {
2096 log_error ("sending command \"%s\" to my own socket failed: %s\n",
2097 "GETINFO pid", gpg_strerror (rc));
2098 rc = 1;
2099 }
2100 else if ( (pid_t)strtoul (buffer, NULL, 10) != getpid ())
2101 {
2102 log_error ("socket is now serviced by another server\n");
2103 rc = 1;
2104 }
2105 else if (opt.verbose > 1)
2106 log_error ("socket is still served by this server\n");
2107
2108 xfree (buffer);
2109
2110 leave:
2111 if (ctx)
2112 assuan_release (ctx);
2113 if (rc)
2114 {
2115 /* We may not remove the socket as it is now in use by another
2116 server. Setting the name to empty does this. */
2117 if (socket_name)
2118 *socket_name = 0;
2119 if (socket_name_ssh)
2120 *socket_name_ssh = 0;
2121 shutdown_pending = 2;
2122 log_info ("this process is useless - shutting down\n");
2123 }
2124 check_own_socket_running--;
2125 return NULL;
2126 }
2127
2128
2129 /* Check whether we are still listening on our own socket. In case
2130 another gpg-agent process started after us has taken ownership of
2131 our socket, we woul linger around without any real taks. Thus we
2132 better check once in a while whether we are really needed. */
2133 static void
2134 check_own_socket (void)
2135 {
2136 char *sockname;
2137 pth_attr_t tattr;
2138
2139 if (!use_standard_socket)
2140 return; /* This check makes only sense in standard socket mode. */
2141
2142 if (check_own_socket_running || shutdown_pending)
2143 return; /* Still running or already shutting down. */
2144
2145 sockname = make_filename (opt.homedir, "S.gpg-agent", NULL);
2146 if (!sockname)
2147 return; /* Out of memory. */
2148
2149 tattr = pth_attr_new();
2150 pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
2151 pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
2152 pth_attr_set (tattr, PTH_ATTR_NAME, "check-own-socket");
2153
2154 if (!pth_spawn (tattr, check_own_socket_thread, sockname))
2155 log_error ("error spawning check_own_socket_thread: %s\n",
2156 strerror (errno) );
2157 pth_attr_destroy (tattr);
2158 }
2159
2160
2161
2162 /* Figure out whether an agent is available and running. Prints an
2163 error if not. If SILENT is true, no messages are printed. Usually
2164 started with MODE 0. Returns 0 if the agent is running. */
2165 static int
2166 check_for_running_agent (int silent, int mode)
2167 {
2168 int rc;
2169 char *infostr, *p;
2170 assuan_context_t ctx = NULL;
2171 int prot, pid;
2172
2173 if (!mode)
2174 {
2175 infostr = getenv ("GPG_AGENT_INFO");
2176 if (!infostr || !*infostr)
2177 {
2178 if (!check_for_running_agent (silent, 1))
2179 return 0; /* Okay, its running on the standard socket. */
2180 if (!silent)
2181 log_error (_("no gpg-agent running in this session\n"));
2182 return -1;
2183 }
2184
2185 infostr = xstrdup (infostr);
2186 if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
2187 {
2188 xfree (infostr);
2189 if (!check_for_running_agent (silent, 1))
2190 return 0; /* Okay, its running on the standard socket. */
2191 if (!silent)
2192 log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
2193 return -1;
2194 }
2195
2196 *p++ = 0;
2197 pid = atoi (p);
2198 while (*p && *p != PATHSEP_C)
2199 p++;
2200 prot = *p? atoi (p+1) : 0;
2201 if (prot != 1)
2202 {
2203 xfree (infostr);
2204 if (!silent)
2205 log_error (_("gpg-agent protocol version %d is not supported\n"),
2206 prot);
2207 if (!check_for_running_agent (silent, 1))
2208 return 0; /* Okay, its running on the standard socket. */
2209 return -1;
2210 }
2211 }
2212 else /* MODE != 0 */
2213 {
2214 infostr = make_filename (opt.homedir, "S.gpg-agent", NULL);
2215 pid = (pid_t)(-1);
2216 }
2217
2218 rc = assuan_new (&ctx);
2219 if (! rc)
2220 rc = assuan_socket_connect (&ctx, infostr, pid);
2221 xfree (infostr);
2222 if (rc)
2223 {
2224 if (!mode && !check_for_running_agent (silent, 1))
2225 return 0; /* Okay, its running on the standard socket. */
2226
2227 if (!mode && !silent)
2228 log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
2229
2230 if (ctx)
2231 assuan_release (ctx);
2232 return -1;
2233 }
2234
2235 if (!opt.quiet && !silent)
2236 log_info ("gpg-agent running and available\n");
2237
2238 assuan_release (ctx);
2239 return 0;
2240 }
gnupg svn clone