[git] ADNS-g10 - branch, master, updated. adns-1.4-g10-6-12-g95b256a
by Werner Koch
cvs at cvs.gnupg.org
Mon Nov 9 20:50:32 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "ADNS migrated to autotools/libtool".
The branch, master has been updated
via 95b256a42bfbe5df1f60440567e5db2cab438e1f (commit)
via 637132f9b042fd34a539971bf73a5da5ddf2e0a1 (commit)
via adfac89d2b7b759a303cb4515b120f3f791fb812 (commit)
via 88f7746879866596d783cf6dea403d9b9ae357da (commit)
via 92075c89ebcea44a4ba7199f26d51dd47289e38c (commit)
via 3eb42f2a33580056cd39de1ef5f0cc067a66fba3 (commit)
via dfddd7b35735cc2a6208b3a873a9c9727523fcb2 (commit)
via 1491daf4adbd0b868da6667395d188b4049664d3 (commit)
from e317a09c6f855e806efa035ecb97f27f6b6942fd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 95b256a42bfbe5df1f60440567e5db2cab438e1f
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 9 18:10:27 2015 +0100
Allow SOCKS5 authentication with username/password.
* src/event.c (socks_connect): Implemedn authentication method 2.
--
The credentials are given by the new config option adns_sockscred.
Changing the credentials is an indication to Tor to use a new circuit.
Tor ignore the actual values.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/event.c b/src/event.c
index 925617d..064fbd9 100644
--- a/src/event.c
+++ b/src/event.c
@@ -149,8 +149,10 @@ socks_connect (adns_state ads, int fd,
size_t proxyaddrlen;
struct sockaddr_in6 *addr_in6;
struct sockaddr_in *addr_in;
- unsigned char buffer[22];
+ unsigned char buffer[22+512]; /* The extra 512 bytes is used as
+ space for username:password. */
size_t buflen;
+ int method;
memset (&proxyaddr_in, 0, sizeof proxyaddr_in);
@@ -168,7 +170,11 @@ socks_connect (adns_state ads, int fd,
/* Negotiate method. */
buffer[0] = 5; /* RFC-1928 VER field. */
buffer[1] = 1; /* NMETHODS */
- buffer[2] = 0; /* Method: No authentication required. */
+ if (ads->sockscred)
+ method = 2; /* Method: username/password authentication. */
+ else
+ method = 0; /* Method: No authentication required. */
+ buffer[2] = method;
adns__sigpipe_protect(ads);
ret = adns__sock_write(fd, buffer, 3);
adns__sigpipe_unprotect(ads);
@@ -181,7 +187,7 @@ socks_connect (adns_state ads, int fd,
ret = adns__sock_read(fd, buffer, 2);
if (ret < 0)
return ret;
- if (ret != 2 || buffer[0] != 5 || buffer[1] != 0 )
+ if (ret != 2 || buffer[0] != 5 || buffer[1] != method )
{
/* Socks server returned wrong version or does not support our
requested method. */
@@ -189,6 +195,66 @@ socks_connect (adns_state ads, int fd,
return -1;
}
+ if (ads->sockscred)
+ {
+ /* Username/Password sub-negotiation. */
+ const char *password;
+ int ulen, plen;
+
+ password = strchr (ads->sockscred, ':');
+ if (!password)
+ {
+ errno = EINVAL; /* No password given. */
+ return -1;
+ }
+ ulen = password - ads->sockscred;
+ password++;
+ plen = strlen (password);
+ if (!ulen || ulen > 255 || !plen || plen > 255)
+ {
+ errno = EINVAL; /* Credentials too long or too short. */
+ return -1;
+ }
+
+ buffer[0] = 1; /* VER of the sub-negotiation. */
+ buffer[1] = ulen;
+ buflen = 2;
+ memcpy (buffer+buflen, ads->sockscred, ulen);
+ buflen += ulen;
+ buffer[buflen++] = plen;
+ memcpy (buffer+buflen, password, plen);
+ buflen += plen;
+ adns__sigpipe_protect(ads);
+ ret = adns__sock_write(fd, buffer, buflen);
+ adns__sigpipe_unprotect(ads);
+ WIPEMEMORY (buffer, buflen);
+ if (ret != buflen)
+ {
+ if (ret >= 0)
+ errno = EIO;
+ return -1;
+ }
+ ret = adns__sock_read(fd, buffer, 2);
+ if (ret != 2)
+ {
+ if (ret >= 0)
+ errno = EIO;
+ return -1;
+ }
+ if (buffer[0] != 1)
+ {
+ /* SOCKS server returned wrong version. */
+ errno = EPROTO;
+ return -1;
+ }
+ if (buffer[1])
+ {
+ /* SOCKS server denied access. */
+ errno = EACCES;
+ return -1;
+ }
+ }
+
/* Send request details (rfc-1928, 4). */
buffer[0] = 5; /* VER */
buffer[1] = 1; /* CMD = CONNECT */
commit 637132f9b042fd34a539971bf73a5da5ddf2e0a1
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 9 18:08:03 2015 +0100
Make handling of returned SOCKS bound address more robust.
* src/event.c (socks_connect): Allow proxy to return a v6 address
instead of the provided v4 and vice versa.
--
The specs say nothing about this but doing it this way is likely more
robust that assuming the same family will be returned.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/event.c b/src/event.c
index 8aae3af..925617d 100644
--- a/src/event.c
+++ b/src/event.c
@@ -220,7 +220,7 @@ socks_connect (adns_state ads, int fd,
errno = EIO;
return -1;
}
- ret = adns__sock_read(fd, buffer, buflen);
+ ret = adns__sock_read(fd, buffer, 10 /*(v4 length)*/);
if (ret < 0)
return ret;
if (ret != buflen || buffer[0] != 5 || buffer[2] != 0 )
@@ -258,9 +258,23 @@ socks_connect (adns_state ads, int fd,
case 0x07: /* Command not supported */
default:
errno = ENOTSUP; /* Fixme: Is there a better errno? */
+ break;
}
return -1;
}
+ if (buffer[3] == 4)
+ {
+ /* ATYP indicates a v6 address. We need to read the remaining
+ 12 bytes to finialize the SOCKS5 intro. */
+ ret = adns__sock_read(fd, buffer, 12 /*(v6-v4 length)*/);
+ if (ret != 12)
+ {
+ if (ret >= 0)
+ errno = EIO;
+ return -1;
+ }
+ }
+
/* FIXME: We have not way to store the actual address used by the
server. */
commit adfac89d2b7b759a303cb4515b120f3f791fb812
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 9 18:01:43 2015 +0100
Add macro to safely clear memory.
* src/internal.h (WIPEMEMORY): New.
--
This kind of platform neutral code has been in use by GnuPG and
Libgcrypt for ages. I am still waiting for some C committee f^D
experts to figure that this makes use of undefined behaviour for
volatile and they tell their optimizing-for-the-flat-world compiler
to remove such code and thereby unveil passwords in memory (which
actually happened for the standard memset).
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/internal.h b/src/internal.h
index dafb50b..271d000 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -760,6 +760,14 @@ static inline int errno_resources(int e) { return e==ENOMEM || e==ENOBUFS; }
)
+/* To avoid that a compiler optimizes certain memset calls away, this
+ macro may be used instead. */
+#define WIPEMEMORY(_ptr,_len) do { \
+ volatile char *_vptr=(volatile char *)(_ptr); \
+ size_t _vlen=(_len); \
+ while(_vlen) { *_vptr=0; _vptr++; _vlen--; } \
+ } while(0)
+
#endif
commit 88f7746879866596d783cf6dea403d9b9ae357da
Author: Werner Koch <wk at gnupg.org>
Date: Sun Nov 8 18:57:56 2015 +0100
Add config options adns_tormode and adns_sockscred.
* src/internal.h (struct adns__state): Add field "sockscred".
* src/setup.c (init_begin): Clear SOCKSCRED.
(init_finish): Free SOCKSCRED.
(ccf_options): Implement new options.
* src/adns.h: Describe options.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/adns.h b/src/adns.h
index 6ed9a97..9fe9a9a 100644
--- a/src/adns.h
+++ b/src/adns.h
@@ -515,6 +515,14 @@ int adns_init_logfn(adns_state *newstate_r, adns_initflags flags,
* setting of adns_if_check_entex, adns_if_check_freq, or neither,
* in the flags passed to adns_init.
*
+ * adns_tormode
+ * Forces the use of virtual circuits over a SOCKS5 proxy running at
+ * port 9050. No UDP based communication is done.
+ *
+ * adns_sockscred:username:password
+ * Use username and password for SOCKS5 authentication. Default is
+ * no authentication.
+ *
* There are a number of environment variables which can modify the
* behaviour of adns. They take effect only if adns_init is used, and
* the caller of adns_init can disable them using adns_if_noenv. In
diff --git a/src/internal.h b/src/internal.h
index c72a2ee..dafb50b 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -338,6 +338,7 @@ struct adns__state {
} sortlist[MAXSORTLIST];
char **searchlist;
unsigned short rand48xsubi[3];
+ char *sockscred; /* Malloced string with the SOCKS5 credentials or NULL. */
};
/* From setup.c: */
diff --git a/src/setup.c b/src/setup.c
index 6b0172c..c33e2c5 100644
--- a/src/setup.c
+++ b/src/setup.c
@@ -269,6 +269,21 @@ static void ccf_options(adns_state ads, const char *fn,
}
continue;
}
+ if (l==12 && !memcmp(word,"adns_tormode",12)) {
+ ads->iflags |= adns_if_tormode;
+ continue;
+ }
+ if (l>=15 && !memcmp(word,"adns_sockscred:",15)) {
+ l -= 15;
+ ads->sockscred = malloc (l + 1);
+ if (!ads->sockscred) {
+ saveerr(ads,errno);
+ continue;
+ }
+ memcpy (ads->sockscred, word+15, l);
+ ads->sockscred[l] = 0;
+ continue;
+ }
adns__diag(ads,-1,0,"%s:%d: unknown option `%.*s'", fn,lno, l,word);
}
}
@@ -557,6 +572,8 @@ static int init_begin(adns_state *ads_r, adns_initflags flags,
ads->rand48xsubi[1]= (unsigned long)pid >> 16;
ads->rand48xsubi[2]= pid ^ ((unsigned long)pid >> 16);
+ ads->sockscred = NULL;
+
*ads_r= ads;
return 0;
}
@@ -585,6 +602,8 @@ static int init_finish(adns_state ads) {
x_closeudp:
close(ads->udpsocket);
x_free:
+ if (ads->sockscred)
+ free (ads->sockscred);
free(ads);
return r;
}
commit 92075c89ebcea44a4ba7199f26d51dd47289e38c
Author: Mark Wooding <mdw at distorted.org.uk>
Date: Mon Jun 9 10:41:33 2014 +0100
src/types.c: Fix up the table-of-contents comments.
Cheesy but useful sed(1) rune:
sed -n '
/order of sections/,/\*\//d
/^ \* _/s///p
/^static \+[a-z0-9_]\+ \+\**\([0-9a-z_]\+\).*$/s// \1/p'
Signed-off-by: Mark Wooding <mdw at distorted.org.uk>
Resolved conflicts:
src/types.c - keep my own v6 parser.
diff --git a/src/types.c b/src/types.c
index c73fd22..8a0986f 100644
--- a/src/types.c
+++ b/src/types.c
@@ -49,22 +49,25 @@
* _intstr (mf,csp,cs)
* _manyistr (mf,cs)
* _txt (pa)
- * _inaddr (pa,dip,di)
- * _addr (pa,di,csp,cs)
- * _domain (pap)
+ * _inaddr (pa,dip,di,cs +search_sortlist)
+ * _addr (pa,di,div,csp,cs)
+ * _domain (pap,csp,cs)
+ * _dom_raw (pa)
* _host_raw (pa)
- * _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs +pap_findaddrs)
+ * _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs
+ * +pap_findaddrs, icb_hostaddr)
* _mx_raw (pa,di)
* _mx (pa,di)
* _inthostaddr (mf,cs)
+ * _inthost (cs)
* _ptr (pa)
- * _strpair (mf,cs)
- * _intstrpair (mf,cs)
+ * _strpair (mf)
+ * _intstrpair (mf)
* _hinfo (pa)
- * _mailbox (pap +pap_mailbox822)
- * _rp (pa)
+ * _mailbox (pap,csp +pap_mailbox822)
+ * _rp (pa,cs)
* _soa (pa,mf,cs)
- * _srv* (qdpl,(pap),pa,mf,di,(csp),cs,postsort)
+ * _srv* (qdpl,(pap),pa*2,mf*2,di,(csp),cs*2,postsort)
* _byteblock (mf)
* _opaque (pa,cs)
* _flat (mf)
@@ -241,7 +244,7 @@ static adns_status cs_hinfo(vbuf *vb, const void *datap) {
}
/*
- * _inaddr (pa,dip,di)
+ * _inaddr (pa,dip,di,cs +search_sortlist)
*/
static adns_status pa_inaddr(const parseinfo *pai, int cbyte,
@@ -365,7 +368,7 @@ static adns_status cs_in6addr(vbuf *vb, const void *datap) {
/*
- * _addr (pa,di,csp,cs)
+ * _addr (pa,di,div,csp,cs)
*/
static adns_status pa_addr(const parseinfo *pai, int cbyte,
@@ -484,7 +487,7 @@ static adns_status pa_host_raw(const parseinfo *pai, int cbyte,
}
/*
- * _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs +icb_hostaddr, pap_findaddrs)
+ * _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs +pap_findaddrs, icb_hostaddr)
*/
static adns_status pap_findaddrs(const parseinfo *pai, adns_rr_hostaddr *ha,
@@ -924,7 +927,7 @@ static adns_status pa_hinfo(const parseinfo *pai, int cbyte,
}
/*
- * _mailbox (pap,cs)
+ * _mailbox (pap,cs +pap_mailbox822)
*/
static adns_status pap_mailbox822(const parseinfo *pai,
@@ -1081,7 +1084,7 @@ static adns_status cs_soa(vbuf *vb, const void *datap) {
}
/*
- * _srv* (pa*2,di,cs*2,qdpl,postsort)
+ * _srv* (qdpl,(pap),pa*2,mf*2,di,(csp),cs*2,postsort)
*/
static adns_status qdpl_srv(adns_state ads,
commit 3eb42f2a33580056cd39de1ef5f0cc067a66fba3
Author: Mark Wooding <mdw at distorted.org.uk>
Date: Sun Jun 8 00:01:46 2014 +0100
client/adh-query.c: Surprising comma rather than semicolon.
This doesn't change the meaning of the code, but it's really surprising.
Signed-off-by: Mark Wooding <mdw at distorted.org.uk>
Resolved conflicts:
client/adh-query.c - white space
diff --git a/client/adh-query.c b/client/adh-query.c
index a2fb4f5..12021db 100644
--- a/client/adh-query.c
+++ b/client/adh-query.c
@@ -121,7 +121,7 @@ static void prep_query(struct query_node **qun_r, int *quflags_r) {
(ov_qc_query ? adns_qf_quoteok_query : 0) |
(ov_qc_anshost ? adns_qf_quoteok_anshost : 0) |
(ov_qc_cname ? 0 : adns_qf_quoteok_cname) |
- ov_cname,
+ ov_cname;
*qun_r= qun;
}
commit dfddd7b35735cc2a6208b3a873a9c9727523fcb2
Author: Mark Wooding <mdw at distorted.org.uk>
Date: Sat Jun 7 18:02:53 2014 +0100
src/internal.h: Delete decoy type `rr_align'.
The droid you were looking for is called `union maxalign'.
Signed-off-by: Mark Wooding <mdw at distorted.org.uk>
diff --git a/src/internal.h b/src/internal.h
index 6bc0702..c72a2ee 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -91,15 +91,6 @@ typedef enum {
/* Shared data structures */
-typedef union {
- adns_status status;
- char *cp;
- adns_rrtype type;
- int i;
- struct in_addr ia;
- unsigned long ul;
-} rr_align;
-
typedef struct {
int used, avail;
byte *buf;
commit 1491daf4adbd0b868da6667395d188b4049664d3
Author: Mark Wooding <mdw at distorted.org.uk>
Date: Sat May 31 15:05:17 2014 +0100
src/types.c: Remove some unused macros.
Signed-off-by: Mark Wooding <mdw at distorted.org.uk>
diff --git a/src/types.c b/src/types.c
index 07d16da..c73fd22 100644
--- a/src/types.c
+++ b/src/types.c
@@ -1321,9 +1321,6 @@ static void mf_flat(adns_query qu, void *data) { }
#define TYPESZ_M(member) (sizeof(*((adns_answer*)0)->rrs.member))
-#define DEEP_MEMB(memb) TYPESZ_M(memb), mf_##memb, cs_##memb
-#define FLAT_MEMB(memb) TYPESZ_M(memb), mf_flat, cs_##memb
-
#define DEEP_TYPE(code,rrt,fmt,memb,parser,comparer,printer) \
{ adns_r_##code, rrt,fmt,TYPESZ_M(memb), mf_##memb, \
printer,parser,comparer, adns__qdpl_normal,0 }
-----------------------------------------------------------------------
Summary of changes:
client/adh-query.c | 2 +-
src/adns.h | 8 +++++
src/event.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++---
src/internal.h | 18 +++++------
src/setup.c | 19 ++++++++++++
src/types.c | 34 ++++++++++-----------
6 files changed, 138 insertions(+), 31 deletions(-)
hooks/post-receive
--
ADNS migrated to autotools/libtool
http://git.gnupg.org
More information about the Gnupg-commits
mailing list