[git] GnuPG - branch, master, updated. gnupg-2.1.9-121-g288c991
by Werner Koch
cvs at cvs.gnupg.org
Mon Nov 9 20:48:30 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 288c9919dc45496b2380eeac487a8539692d6842 (commit)
via f92e95175e90120362a7d6376fb32307e11267b5 (commit)
from bce0e3f71df0709a7d323a688ddf2690c1727a6c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 288c9919dc45496b2380eeac487a8539692d6842
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 9 20:44:13 2015 +0100
dirmngr: Change to new ADNS Tor mode init scheme.
* dirmngr/dns-stuff.c (tor_credentials): New.
(enable_dns_tormode): Add arg new_circuit and update tor_credentials.
(my_adns_init): Rework to set Tor mode using a config file options and
always use credentials.
* dirmngr/server.c (cmd_dns_cert): Improve error message.
* dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
--
Note that the option --new-circuit in t-dns-stuff is not really useful
because a new circuit is also used for the first call to the function.
Todo: We need to find a policy when to requrest a new curcuit and we
also need to add credentials to the assuan_sock_connect calls.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index cae2c57..6bf36a5 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -85,17 +85,32 @@
/* If set Tor mode shall be used. */
static int tor_mode;
+/* A string to hold the credentials presented to Tor. */
+#ifdef USE_ADNS
+static char tor_credentials[50];
+#endif
+
/* Sets the module in Tor mode. Returns 0 is this is possible or an
error code. */
gpg_error_t
-enable_dns_tormode (void)
+enable_dns_tormode (int new_circuit)
{
#if defined(USE_DNS_CERT) && defined(USE_ADNS)
# if HAVE_ADNS_IF_TORMODE
+ if (!*tor_credentials || new_circuit)
+ {
+ static unsigned int counter;
+
+ gpgrt_snprintf (tor_credentials, sizeof tor_credentials,
+ "dirmngr-%lu:p%u",
+ (unsigned long)getpid (), counter);
+ counter++;
+ }
tor_mode = 1;
return 0;
# endif
#endif
+
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
@@ -145,14 +160,35 @@ map_eai_to_gpg_error (int ec)
static gpg_error_t
my_adns_init (adns_state *r_state)
{
- gpg_error_t err;
+ gpg_error_t err = 0;
+ int ret;
- if (tor_mode? adns_init_strcfg (r_state,
- adns_if_noerrprint|adns_if_tormode,
- NULL, "nameserver 8.8.8.8")
- /* */: adns_init (r_state, adns_if_noerrprint, NULL))
+ if (tor_mode)
+ {
+ char *cfgstr;
+
+ cfgstr = xtryasprintf ("nameserver %s\n"
+ "options adns_tormode adns_sockscred:%s",
+ "8.8.8.8", tor_credentials);
+ if (!cfgstr)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ ret = adns_init_strcfg (r_state, adns_if_noerrprint, NULL, cfgstr);
+ if (ret)
+ err = gpg_error_from_errno (ret);
+ xfree (cfgstr);
+ }
+ }
+ else
+ {
+ ret = adns_init (r_state, adns_if_noerrprint, NULL);
+ if (ret)
+ err = gpg_error_from_errno (ret);
+ }
+
+ if (err)
{
- err = gpg_error_from_syserror ();
log_error ("error initializing adns: %s\n", gpg_strerror (err));
return err;
}
@@ -176,6 +212,9 @@ resolve_name_adns (const char *name, unsigned short port,
adns_answer *answer = NULL;
int count;
+ (void)port;
+ (void)want_family;
+
*r_dai = NULL;
if (r_canonname)
*r_canonname = NULL;
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index 515a859..69637d6 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -94,7 +94,7 @@ struct srventry
/* Calling this function switches the DNS code into Tor mode if
possibe. Return 0 on success. */
-gpg_error_t enable_dns_tormode (void);
+gpg_error_t enable_dns_tormode (int new_circuit);
void free_dns_addrinfo (dns_addrinfo_t ai);
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 74e00fb..ba37508 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -714,10 +714,10 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
}
}
- if (opt.use_tor && enable_dns_tormode ())
+ if (opt.use_tor && (err = enable_dns_tormode (0)))
{
/* Tor mode is requested but the DNS code can't enable it. */
- err = gpg_error (GPG_ERR_FORBIDDEN);
+ assuan_set_error (ctx, err, "error enabling Tor mode");
goto leave;
}
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index 191b581..3030277 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -41,6 +41,7 @@ main (int argc, char **argv)
gpg_error_t err;
int any_options = 0;
int opt_tor = 0;
+ int opt_new_circuit = 0;
int opt_cert = 0;
int opt_srv = 0;
int opt_bracket = 0;
@@ -66,6 +67,7 @@ main (int argc, char **argv)
" --verbose print timings etc.\n"
" --debug flyswatter\n"
" --use-tor use Tor\n"
+ " --new-circuit use a new Tor circuit\n"
" --bracket enclose v6 addresses in brackets\n"
" --cert lookup a CERT RR\n"
" --srv lookup a SRV RR\n"
@@ -89,6 +91,11 @@ main (int argc, char **argv)
opt_tor = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--new-circuit"))
+ {
+ opt_new_circuit = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--bracket"))
{
opt_bracket = 1;
@@ -131,7 +138,7 @@ main (int argc, char **argv)
if (opt_tor)
{
- err = enable_dns_tormode ();
+ err = enable_dns_tormode (opt_new_circuit);
if (err)
{
fprintf (stderr, "error switching into Tor mode: %s\n",
commit f92e95175e90120362a7d6376fb32307e11267b5
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 9 20:34:42 2015 +0100
dirmngr: Improve detection of ADNS.
* configure.ac (HAVE_ADNS_FREE): New ac_define.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/configure.ac b/configure.ac
index 22d1cfc..57bf85e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -943,12 +943,8 @@ AC_ARG_WITH(adns,
LDFLAGS="${LDFLAGS} -L$withval/lib"
fi])
if test "$with_adns" != "no"; then
- AC_CHECK_HEADERS(adns.h,
- AC_CHECK_LIB(adns, adns_free,
- [have_adns=yes],
- [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
- [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
-
+ AC_CHECK_HEADERS(adns.h,AC_CHECK_LIB(adns, adns_init_strcfg,[have_adns=yes]))
+ AC_CHECK_FUNCS(adns_free)
AC_MSG_CHECKING([if adns supports adns_if_tormode])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <adns.h>
@@ -959,6 +955,8 @@ if test "$with_adns" != "no"; then
AC_DEFINE(HAVE_ADNS_IF_TORMODE,1,[define if adns_if_tormode is available])
fi
fi
+CPPFLAGS=${_cppflags}
+LDFLAGS=${_ldflags}
if test "$have_adns" = "yes"; then
ADNSLIBS="-ladns"
fi
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 3220d76..cae2c57 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -65,6 +65,11 @@
# define AI_ADDRCONFIG 0
#endif
+/* Provide a replacement function for older ADNS versions. */
+#ifndef HAVE_ADNS_FREE
+# define adns_free(a) free ((a))
+#endif
+
/* Not every installation has gotten around to supporting SRVs or
CERTs yet... */
#ifndef T_SRV
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 10 ++++-----
dirmngr/dns-stuff.c | 58 ++++++++++++++++++++++++++++++++++++++++++++-------
dirmngr/dns-stuff.h | 2 +-
dirmngr/server.c | 4 ++--
dirmngr/t-dns-stuff.c | 9 +++++++-
5 files changed, 66 insertions(+), 17 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list