[git] GnuPG - branch, master, updated. gnupg-2.1.9-50-g9ffcb77
by Werner Koch
cvs at cvs.gnupg.org
Wed Oct 21 18:18:31 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 9ffcb77e2565651afdeda523374bcbb24b5bd735 (commit)
via afbe87fa2d259b665b2d67a038a8535cfcfee094 (commit)
via 8bccbf477878fd99baa96e11db9db99aaf1e8d91 (commit)
via ffe60eb3d2b8f7d6c506804ce4645d695c91f237 (commit)
from 9afeb4cca10c3632495fe71b23df99a4878bd3a5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9ffcb77e2565651afdeda523374bcbb24b5bd735
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 21 18:14:24 2015 +0200
Change capitalization of TOR to Tor.
--
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 0f34e27..7e814f5 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -292,8 +292,8 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
}
else if (opt.use_tor)
{
- /* For now we do not support LDAP over TOR. */
- log_error (_("CRL access not possible due to TOR mode\n"));
+ /* For now we do not support LDAP over Tor. */
+ log_error (_("CRL access not possible due to Tor mode\n"));
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
}
else
@@ -318,8 +318,8 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
{
if (opt.use_tor)
{
- /* For now we do not support LDAP over TOR. */
- log_error (_("CRL access not possible due to TOR mode\n"));
+ /* For now we do not support LDAP over Tor. */
+ log_error (_("CRL access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
if (opt.disable_ldap)
@@ -350,8 +350,8 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
{
if (opt.use_tor)
{
- /* For now we do not support LDAP over TOR. */
- log_error (_("CRL access not possible due to TOR mode\n"));
+ /* For now we do not support LDAP over Tor. */
+ log_error (_("CRL access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
if (opt.disable_ldap)
@@ -377,8 +377,8 @@ start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
{
if (opt.use_tor)
{
- /* For now we do not support LDAP over TOR. */
- log_error (_("CRL access not possible due to TOR mode\n"));
+ /* For now we do not support LDAP over Tor. */
+ log_error (_("CRL access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
if (opt.disable_ldap)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 9aa1ca3..d6c1670 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -218,7 +218,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
- ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via TOR")),
+ ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via Tor")),
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
@@ -474,7 +474,7 @@ set_tor_mode (void)
if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
#endif
{
- log_error ("error enabling TOR mode: %s\n", strerror (errno));
+ log_error ("error enabling Tor mode: %s\n", strerror (errno));
log_info ("(is your Libassuan recent enough?)\n");
}
}
@@ -1001,7 +1001,7 @@ main (int argc, char **argv)
if (opt.use_tor)
{
log_info ("WARNING: ***************************************\n");
- log_info ("WARNING: TOR mode (--use-tor) MAY NOT FULLY WORK!\n");
+ log_info ("WARNING: Tor mode (--use-tor) MAY NOT FULLY WORK!\n");
log_info ("WARNING: ***************************************\n");
}
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index dff902a..b2b14cc 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -93,7 +93,7 @@ struct
int system_service; /* We are running as W32 service (implies daemon). */
int system_daemon; /* We are running in system daemon mode. */
int running_detached; /* We are running in detached mode. */
- int use_tor; /* TOR mode has been enabled. */
+ int use_tor; /* Tor mode has been enabled. */
int force; /* Force loading outdated CRLs. */
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index ba4ab8f..00d2b3e 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -62,7 +62,7 @@
/* If set Tor mode shall be used. */
static int tor_mode;
-/* Sets the module in TOR mode. Returns 0 is this is possible or an
+/* Sets the module in Tor mode. Returns 0 is this is possible or an
error code. */
gpg_error_t
enable_dns_tormode (void)
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 1365ea1..90dfc08 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -757,7 +757,7 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
#endif
{
- log_error ("TOR support is not available\n");
+ log_error ("Tor support is not available\n");
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
}
}
@@ -1479,7 +1479,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
#endif
{
- log_error ("TOR support is not available\n");
+ log_error ("Tor support is not available\n");
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
}
}
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index c6fa5eb..77a2dd0 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -838,8 +838,8 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
if (opt.use_tor)
{
- /* For now we do not support LDAP over TOR. */
- log_error (_("LDAP access not possible due to TOR mode\n"));
+ /* For now we do not support LDAP over Tor. */
+ log_error (_("LDAP access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
@@ -1021,8 +1021,8 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
if (opt.use_tor)
{
- /* For now we do not support LDAP over TOR. */
- log_error (_("LDAP access not possible due to TOR mode\n"));
+ /* For now we do not support LDAP over Tor. */
+ log_error (_("LDAP access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
@@ -1897,8 +1897,8 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
if (opt.use_tor)
{
- /* For now we do not support LDAP over TOR. */
- log_error (_("LDAP access not possible due to TOR mode\n"));
+ /* For now we do not support LDAP over Tor. */
+ log_error (_("LDAP access not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index f81f335..392c02b 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -134,9 +134,9 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
if (opt.use_tor)
{
- /* For now we do not allow OCSP via TOR due to possible privacy
+ /* For now we do not allow OCSP via Tor due to possible privacy
concerns. Needs further research. */
- log_error (_("OCSP request not possible due to TOR mode\n"));
+ log_error (_("OCSP request not possible due to Tor mode\n"));
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 23ecdd8..a41d34f 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -628,7 +628,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
}
else if (!strcmp (key, "honor-keyserver-url-used"))
{
- /* Return an error if we are running in TOR mode. */
+ /* Return an error if we are running in Tor mode. */
if (opt.use_tor)
err = gpg_error (GPG_ERR_FORBIDDEN);
}
@@ -715,7 +715,7 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
if (opt.use_tor && enable_dns_tormode ())
{
- /* TOR mode is requested but the DNS code can't enable it. */
+ /* Tor mode is requested but the DNS code can't enable it. */
err = gpg_error (GPG_ERR_FORBIDDEN);
goto leave;
}
@@ -2087,7 +2087,7 @@ static const char hlp_getinfo[] =
"\n"
"version - Return the version of the program.\n"
"pid - Return the process id of the server.\n"
- "tor - Return OK if running in TOR mode\n"
+ "tor - Return OK if running in Tor mode\n"
"socket_name - Return the name of the socket.\n";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
@@ -2120,7 +2120,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
else if (!strcmp (line, "tor"))
{
- err = opt.use_tor? 0:set_error (GPG_ERR_GENERAL, "TOR mode not enabled");
+ err = opt.use_tor? 0:set_error (GPG_ERR_GENERAL, "Tor mode not enabled");
}
else
err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index d1d4211..073cbc2 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -238,8 +238,8 @@ useful for debugging.
@item --use-tor
@opindex use-tor
-This option switches Dirmngr and thus GnuPG into ``TOR mode'' to route
-all network access via TOR (an anonymity network). WARNING: As of now
+This option switches Dirmngr and thus GnuPG into ``Tor mode'' to route
+all network access via Tor (an anonymity network). WARNING: As of now
this still leaks the DNS queries; e.g. to lookup the hosts in a
keyserver pool. Certain other features are disabled if this mode is
active.
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 10dcb20..83af0be 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -183,13 +183,13 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL))
{
/* Tell the dirmngr that this possibly privacy invading
- option is in use. If Dirmngr is running in TOR mode, it
+ option is in use. If Dirmngr is running in Tor mode, it
will return an error. */
err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
NULL, NULL, NULL, NULL, NULL, NULL);
if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
log_error (_("keyserver option \"honor-keyserver-url\""
- " may not be used in TOR mode\n"));
+ " may not be used in Tor mode\n"));
else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
err = 0; /* Old dirmngr versions do not support this option. */
}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index e736162..b235e22 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -906,9 +906,9 @@ static gc_option_t gc_options_dirmngr[] =
"dirmngr", "force loading of outdated CRLs",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
- { "TOR",
+ { "Tor",
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
- "gnupg", N_("Options controlling the use of TOR") },
+ "gnupg", N_("Options controlling the use of Tor") },
{ "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
"dirmngr", "route all network traffic via TOR",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
commit afbe87fa2d259b665b2d67a038a8535cfcfee094
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 21 17:46:21 2015 +0200
dirmngr: Use the new DNS wrapper for the HKP engine.
* dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
dns_addrinfo_t.
(map_host): Replace getaddrinfo by resolve_dns_name.
--
Note that we still need to replace getnameinfo so that the PTR lookup
is either suppressed or also done via ADNS.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 411f108..444f305 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -38,6 +38,7 @@
#include "dirmngr.h"
#include "misc.h"
#include "userids.h"
+#include "dns-stuff.h"
#include "ks-engine.h"
/* Substitutes for missing Mingw macro. The EAI_SYSTEM mechanism
@@ -240,7 +241,7 @@ select_random_host (int *table)
0 on success or an EAI error code. True is stored at R_ISNUMERIC
if HOST has a numeric IP address. */
static int
-my_getnameinfo (struct addrinfo *ai, char *host, size_t hostlen,
+my_getnameinfo (dns_addrinfo_t ai, char *host, size_t hostlen,
int numeric, int *r_isnumeric)
{
int ec;
@@ -254,7 +255,7 @@ my_getnameinfo (struct addrinfo *ai, char *host, size_t hostlen,
if (numeric)
ec = EAI_NONAME;
else
- ec = getnameinfo (ai->ai_addr, ai->ai_addrlen,
+ ec = getnameinfo (ai->addr, ai->addrlen,
host, hostlen, NULL, 0, NI_NAMEREQD);
if (!ec && *host == '[')
@@ -262,14 +263,14 @@ my_getnameinfo (struct addrinfo *ai, char *host, size_t hostlen,
else if (ec == EAI_NONAME)
{
p = host;
- if (ai->ai_family == AF_INET6)
+ if (ai->family == AF_INET6)
{
*p++ = '[';
hostlen -= 2;
}
- ec = getnameinfo (ai->ai_addr, ai->ai_addrlen,
+ ec = getnameinfo (ai->addr, ai->addrlen,
p, hostlen, NULL, 0, NI_NUMERICHOST);
- if (!ec && ai->ai_family == AF_INET6)
+ if (!ec && ai->family == AF_INET6)
strcat (host, "]");
*r_isnumeric = 1;
@@ -347,11 +348,12 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
if (idx == -1)
{
/* We never saw this host. Allocate a new entry. */
- struct addrinfo hints, *aibuf, *ai;
+ dns_addrinfo_t aibuf, ai;
int *reftbl;
size_t reftblsize;
int refidx;
int is_pool = 0;
+ char *cname;
reftblsize = 100;
reftbl = xtrymalloc (reftblsize * sizeof *reftbl);
@@ -370,15 +372,13 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
/* Find all A records for this entry and put them into the pool
list - if any. */
- memset (&hints, 0, sizeof (hints));
- hints.ai_family = AF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = AI_CANONNAME;
- /* We can't use the the AI_IDN flag because that does the
- conversion using the current locale. However, GnuPG always
- used UTF-8. To support IDN we would need to make use of the
- libidn API. */
- if (!getaddrinfo (name, NULL, &hints, &aibuf))
+ err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname);
+ if (err)
+ {
+ log_error ("resolving '%s' failed: %s\n", name, gpg_strerror (err));
+ err = 0;
+ }
+ else
{
int n_v6, n_v4;
@@ -388,19 +388,22 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
with the IP addresses. If it is not a pool, we use the
specified name. */
n_v6 = n_v4 = 0;
- for (ai = aibuf; ai; ai = ai->ai_next)
+ for (ai = aibuf; ai; ai = ai->next)
{
- if (ai->ai_family != AF_INET6)
+ if (ai->family != AF_INET6)
n_v6++;
- else if (ai->ai_family != AF_INET)
+ else if (ai->family != AF_INET)
n_v4++;
}
if (n_v6 > 1 || n_v4 > 1)
is_pool = 1;
- if (is_pool && aibuf->ai_canonname)
- hi->cname = xtrystrdup (aibuf->ai_canonname);
+ if (is_pool && cname)
+ {
+ hi->cname = cname;
+ cname = NULL;
+ }
- for (ai = aibuf; ai; ai = ai->ai_next)
+ for (ai = aibuf; ai; ai = ai->next)
{
char tmphost[NI_MAXHOST + 2];
int tmpidx;
@@ -408,7 +411,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
int ec;
int i;
- if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ if (ai->family != AF_INET && ai->family != AF_INET6)
continue;
dirmngr_tick (ctrl);
@@ -474,13 +477,13 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
gai_strerror (ec));
}
- if (ai->ai_family == AF_INET6)
+ if (ai->family == AF_INET6)
{
hosttable[tmpidx]->v6 = 1;
xfree (hosttable[tmpidx]->v6addr);
hosttable[tmpidx]->v6addr = ipaddr;
}
- else if (ai->ai_family == AF_INET)
+ else if (ai->family == AF_INET)
{
hosttable[tmpidx]->v4 = 1;
xfree (hosttable[tmpidx]->v4addr);
@@ -497,9 +500,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
}
}
}
- freeaddrinfo (aibuf);
}
reftbl[refidx] = -1;
+ xfree (cname);
+ free_dns_addrinfo (aibuf);
+
if (refidx && is_pool)
{
assert (!hi->pool);
commit 8bccbf477878fd99baa96e11db9db99aaf1e8d91
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 21 17:55:56 2015 +0200
dirmngr: Implement a getaddrinfo wrapper.
* dirmngr/dns-stuff.h: Include some header files.
(dns_addinfo_t, dns_addrinfo_s): New.
* dirmngr/dns-stuff.c: Always include DNS related headers.
(free_dns_addrinfo): New.
(resolve_name_standard): New.
(resolve_dns_name): New.
* dirmngr/t-dns-stuff.c: Include netdb.h.
(main): Keep old default mode with no args but else print outout of
resolve_dns_name. Revamp option parser.
--
This wrapper allows us to switch to ADNS and thus Tor for standard
name resultion.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index c2d40c9..ba4ab8f 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -30,19 +30,18 @@
#include <config.h>
#include <sys/types.h>
-#ifdef USE_DNS_CERT
-# ifdef HAVE_W32_SYSTEM
-# ifdef HAVE_WINSOCK2_H
-# include <winsock2.h>
-# endif
-# include <windows.h>
-# else
-# include <netinet/in.h>
-# include <arpa/nameser.h>
-# include <resolv.h>
+#ifdef HAVE_W32_SYSTEM
+# ifdef HAVE_WINSOCK2_H
+# include <winsock2.h>
# endif
-# include <string.h>
+# include <windows.h>
+#else
+# include <netinet/in.h>
+# include <arpa/nameser.h>
+# include <resolv.h>
+# include <netdb.h>
#endif
+#include <string.h>
#ifdef USE_ADNS
# include <adns.h>
#endif
@@ -77,6 +76,142 @@ enable_dns_tormode (void)
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
+/* Free an addressinfo linked list as returned by resolve_dns_name. */
+void
+free_dns_addrinfo (dns_addrinfo_t ai)
+{
+ while (ai)
+ {
+ dns_addrinfo_t next = ai->next;
+ xfree (ai);
+ ai = next;
+ }
+}
+
+
+/* Resolve a name using the standard system function. */
+static gpg_error_t
+resolve_name_standard (const char *name, unsigned short port,
+ int want_family, int want_socktype,
+ dns_addrinfo_t *r_dai, char **r_canonname)
+{
+ gpg_error_t err = 0;
+ dns_addrinfo_t daihead = NULL;
+ dns_addrinfo_t dai;
+ struct addrinfo *aibuf = NULL;
+ struct addrinfo hints, *ai;
+ char portstr[21];
+ int ret;
+
+ *r_dai = NULL;
+ if (r_canonname)
+ *r_canonname = NULL;
+
+ memset (&hints, 0, sizeof hints);
+ hints.ai_family = want_family;
+ hints.ai_socktype = want_socktype;
+ if (r_canonname)
+ hints.ai_flags = AI_CANONNAME;
+
+ if (port)
+ snprintf (portstr, sizeof portstr, "%hu", port);
+ else
+ *portstr = 0;
+
+ /* We can't use the the AI_IDN flag because that does the conversion
+ using the current locale. However, GnuPG always used UTF-8. To
+ support IDN we would need to make use of the libidn API. */
+ ret = getaddrinfo (name, *portstr? portstr : NULL, &hints, &aibuf);
+ if (ret)
+ {
+ aibuf = NULL;
+ switch (ret)
+ {
+ case EAI_AGAIN: err = gpg_error (GPG_ERR_EAGAIN); break;
+ case EAI_BADFLAGS: err = gpg_error (GPG_ERR_INV_FLAG); break;
+ case EAI_FAIL: err = gpg_error (GPG_ERR_SERVER_FAILED); break;
+ case EAI_MEMORY: err = gpg_error (GPG_ERR_ENOMEM); break;
+ case EAI_NODATA: err = gpg_error (GPG_ERR_NO_DATA); break;
+ case EAI_NONAME: err = gpg_error (GPG_ERR_NO_NAME); break;
+ case EAI_SERVICE: err = gpg_error (GPG_ERR_NOT_SUPPORTED); break;
+ case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break;
+ case EAI_FAMILY: err = gpg_error (GPG_ERR_EAFNOSUPPORT); break;
+ case EAI_SOCKTYPE: err = gpg_error (GPG_ERR_ESOCKTNOSUPPORT); break;
+ case EAI_SYSTEM: err = gpg_error_from_syserror (); break;
+ default: err = gpg_error (GPG_ERR_UNKNOWN_ERRNO); break;
+ }
+ goto leave;
+ }
+
+ if (r_canonname && aibuf && aibuf->ai_canonname)
+ {
+ *r_canonname = xtrystrdup (aibuf->ai_canonname);
+ if (!*r_canonname)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
+
+ for (ai = aibuf; ai; ai = ai->ai_next)
+ {
+ if (ai->ai_family != AF_INET6 && ai->ai_family != AF_INET)
+ continue;
+
+ dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
+ dai->family = ai->ai_family;
+ dai->socktype = ai->ai_socktype;
+ dai->protocol = ai->ai_protocol;
+ dai->addrlen = ai->ai_addrlen;
+ memcpy (dai->addr, ai->ai_addr, ai->ai_addrlen);
+ dai->next = daihead;
+ daihead = dai;
+ }
+
+ leave:
+ if (aibuf)
+ freeaddrinfo (aibuf);
+ if (err)
+ {
+ if (r_canonname)
+ {
+ xfree (*r_canonname);
+ *r_canonname = NULL;
+ }
+ free_dns_addrinfo (daihead);
+ }
+ else
+ *r_dai = daihead;
+ return err;
+}
+
+
+/* This a wrapper around getaddrinfo with slighly different semantics.
+ NAME is the name to resolve.
+ PORT is the requested port or 0.
+ WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4.
+ WANT_SOCKETTYPE is either SOCK_STREAM or SOCK_DGRAM.
+
+ On success the result is stored in a linked list with the head
+ stored at the address R_AI; the caller must call gpg_addrinfo_free
+ on this. If R_CANONNAME is not NULL the official name of the host
+ is stored there as a malloced string; if that name is not available
+ NULL is stored. */
+gpg_error_t
+resolve_dns_name (const char *name, unsigned short port,
+ int want_family, int want_socktype,
+ dns_addrinfo_t *r_ai, char **r_canonname)
+{
+#ifdef USE_ADNS_disabled_for_now
+ return resolve_name_adns (name, port, want_family, want_socktype,
+ r_ai, r_canonname);
+#else
+ return resolve_name_standard (name, port, want_family, want_socktype,
+ r_ai, r_canonname);
+#endif
+}
+
+
/* Returns 0 on success or an error code. If a PGP CERT record was
found, the malloced data is returned at (R_KEY, R_KEYLEN) and
the other return parameters are set to NULL/0. If an IPGP CERT
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index aea0e69..090e79b 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -30,6 +30,16 @@
#ifndef GNUPG_DIRMNGR_DNS_STUFF_H
#define GNUPG_DIRMNGR_DNS_STUFF_H
+#ifdef HAVE_W32_SYSTEM
+# ifdef HAVE_WINSOCK2_H
+# include <winsock2.h>
+# endif
+# include <windows.h>
+#else
+# include <sys/types.h>
+# include <sys/socket.h>
+#endif
+
#define DNS_CERTTYPE_ANY 0 /* Internal catch all type. */
/* Certificate types according to RFC-4398: */
@@ -48,10 +58,31 @@
#define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants. */
#define DNS_CERTTYPE_RR61 (DNS_CERTTYPE_RRBASE + 61)
+struct dns_addrinfo_s;
+typedef struct dns_addrinfo_s *dns_addrinfo_t;
+struct dns_addrinfo_s
+{
+ dns_addrinfo_t next;
+ int family;
+ int socktype;
+ int protocol;
+ int addrlen;
+ struct sockaddr addr[1];
+};
+
+
+
/* Calling this function switches the DNS code into Tor mode if
possibe. Return 0 on success. */
gpg_error_t enable_dns_tormode (void);
+void free_dns_addrinfo (dns_addrinfo_t ai);
+
+/* Provide function similar to getaddrinfo. */
+gpg_error_t resolve_dns_name (const char *name, unsigned short port,
+ int want_family, int want_socktype,
+ dns_addrinfo_t *r_dai, char **r_canonname);
+
/* Return a CERT record or an arbitray RR. */
gpg_error_t get_dns_cert (const char *name, int want_certtype,
void **r_key, size_t *r_keylen,
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index e34f809..e8a74ea 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -22,73 +22,168 @@
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
+#ifndef HAVE_W32_SYSTEM
+# include <netdb.h>
+#endif
#include "util.h"
#include "dns-stuff.h"
+#define PGM "t-dns-stuff"
+
+static int verbose;
+static int debug;
+
+
int
main (int argc, char **argv)
{
+ int last_argc = -1;
gpg_error_t err;
- unsigned char *fpr;
- size_t fpr_len;
- char *url;
- void *key;
- size_t keylen;
+ int opt_cert = 0;
char const *name;
+ gpgrt_init ();
if (argc)
+ { argc--; argv++; }
+ while (argc && last_argc != argc )
{
- argc--;
- argv++;
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--help"))
+ {
+ fputs ("usage: " PGM " [HOST]\n"
+ "Options:\n"
+ " --verbose print timings etc.\n"
+ " --debug flyswatter\n"
+ " --cert lookup a CERT RR\n"
+ , stdout);
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ verbose++;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--debug"))
+ {
+ verbose += 2;
+ debug++;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--cert"))
+ {
+ opt_cert = 1;
+ argc--; argv++;
+ }
+ else if (!strncmp (*argv, "--", 2))
+ {
+ fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
+ exit (1);
+ }
}
if (!argc)
- name = "simon.josefsson.org";
+ {
+ opt_cert = 1;
+ name = "simon.josefsson.org";
+ }
else if (argc == 1)
name = *argv;
else
{
- fputs ("usage: t-dns-stuff [name]\n", stderr);
- return 1;
+ fprintf (stderr, PGM ": too many host names given\n");
+ exit (1);
}
- printf ("CERT lookup on '%s'\n", name);
-
- err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen,
- &fpr, &fpr_len, &url);
- if (err)
- printf ("get_dns_cert failed: %s <%s>\n",
- gpg_strerror (err), gpg_strsource (err));
- else if (key)
+ if (opt_cert)
{
- printf ("Key found (%u bytes)\n", (unsigned int)keylen);
+ unsigned char *fpr;
+ size_t fpr_len;
+ char *url;
+ void *key;
+ size_t keylen;
+
+ printf ("CERT lookup on '%s'\n", name);
+
+ err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen,
+ &fpr, &fpr_len, &url);
+ if (err)
+ printf ("get_dns_cert failed: %s <%s>\n",
+ gpg_strerror (err), gpg_strsource (err));
+ else if (key)
+ {
+ printf ("Key found (%u bytes)\n", (unsigned int)keylen);
+ }
+ else
+ {
+ if (fpr)
+ {
+ int i;
+
+ printf ("Fingerprint found (%d bytes): ", (int)fpr_len);
+ for (i = 0; i < fpr_len; i++)
+ printf ("%02X", fpr[i]);
+ putchar ('\n');
+ }
+ else
+ printf ("No fingerprint found\n");
+
+ if (url)
+ printf ("URL found: %s\n", url);
+ else
+ printf ("No URL found\n");
+
+ }
+
+ xfree (key);
+ xfree (fpr);
+ xfree (url);
}
- else
+ else /* Standard lookup. */
{
- if (fpr)
- {
- int i;
-
- printf ("Fingerprint found (%d bytes): ", (int)fpr_len);
- for (i = 0; i < fpr_len; i++)
- printf ("%02X", fpr[i]);
- putchar ('\n');
- }
- else
- printf ("No fingerprint found\n");
+ char *cname;
+ dns_addrinfo_t aibuf, ai;
+ int ret;
+ char hostbuf[1025];
- if (url)
- printf ("URL found: %s\n", url);
- else
- printf ("No URL found\n");
+ printf ("Lookup on '%s'\n", name);
+
+ err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname);
+ if (err)
+ {
+ fprintf (stderr, PGM": resolving '%s' failed: %s\n",
+ name, gpg_strerror (err));
+ exit (1);
+ }
+
+ if (cname)
+ printf ("cname: %s\n", cname);
+ for (ai = aibuf; ai; ai = ai->next)
+ {
+ printf ("%s %3d %3d ",
+ ai->family == AF_INET6? "inet6" :
+ ai->family == AF_INET? "inet4" : "? ",
+ ai->socktype, ai->protocol);
+ ret = getnameinfo (ai->addr, ai->addrlen,
+ hostbuf, sizeof hostbuf,
+ NULL, 0,
+ NI_NUMERICHOST);
+ if (ret)
+ printf ("[getnameinfo failed: %s]\n", gai_strerror (ret));
+ else
+ printf ("%s\n", hostbuf);
+ }
+ xfree (cname);
+ free_dns_addrinfo (aibuf);
}
- xfree (key);
- xfree (fpr);
- xfree (url);
return 0;
}
commit ffe60eb3d2b8f7d6c506804ce4645d695c91f237
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 21 17:38:33 2015 +0200
common: Add more replacement error codes.
* common/util.h (GPG_ERR_SERVER_FAILED): New.
(GPG_ERR_NO_KEY): New.
(GPG_ERR_NO_NAME): New.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/util.h b/common/util.h
index af1a319..06d5f87 100644
--- a/common/util.h
+++ b/common/util.h
@@ -126,6 +126,9 @@
# define GPG_ERR_LDAP_PROX_AUTH_DENIED 891
#endif /*GPG_ERROR_VERSION_NUMBER < 0x011300*/
#if GPG_ERROR_VERSION_NUMBER < 0x011500 /* 1.21 */
+# define GPG_ERR_SERVER_FAILED 219
+# define GPG_ERR_NO_KEY 220
+# define GPG_ERR_NO_NAME 221
# define GPG_ERR_TRUE 255
# define GPG_ERR_FALSE 256
#endif
-----------------------------------------------------------------------
Summary of changes:
common/util.h | 3 +
dirmngr/crlfetch.c | 16 ++---
dirmngr/dirmngr.c | 6 +-
dirmngr/dirmngr.h | 2 +-
dirmngr/dns-stuff.c | 159 +++++++++++++++++++++++++++++++++++++++----
dirmngr/dns-stuff.h | 31 +++++++++
dirmngr/http.c | 4 +-
dirmngr/ks-engine-hkp.c | 55 ++++++++-------
dirmngr/ks-engine-ldap.c | 12 ++--
dirmngr/ocsp.c | 4 +-
dirmngr/server.c | 8 +--
dirmngr/t-dns-stuff.c | 171 ++++++++++++++++++++++++++++++++++++-----------
doc/dirmngr.texi | 4 +-
g10/call-dirmngr.c | 4 +-
tools/gpgconf-comp.c | 4 +-
15 files changed, 376 insertions(+), 107 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list