[git] GnuPG - branch, master, updated. gnupg-2.1.16-143-gc4e8a31
by Werner Koch
cvs at cvs.gnupg.org
Fri Dec 16 21:09:33 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via c4e8a3194d6b92f596a6483e486c645de7d2ddd1 (commit)
via ddb48086833f8b86f0f0d69b21a23f245090ea7a (commit)
via 59d3c3e4baffff52548fb5d1766ebf02dd8e1bec (commit)
from 41a426a1a01e2726c3c318786f29b4974bf1f689 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c4e8a3194d6b92f596a6483e486c645de7d2ddd1
Author: Werner Koch <wk at gnupg.org>
Date: Fri Dec 16 21:00:14 2016 +0100
dirmngr: Use one context for all libdns queries.
* dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
(enable_recursive_resolver): Set var.
(set_dns_nameserver): Ditto.
(libdns_init): Avoid double initialization.
(libdns_deinit): New.
(reload_dns_stuff): New.
(libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
* dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
memory.
* dirmngr/dirmngr.c (cleanup): Ditto.
(dirmngr_sighup_action): Call reload_dns_stuff to set
LIBDNS_REINIT_PENDING.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index a118327..ef30d2c 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1383,6 +1383,7 @@ cleanup (void)
{
crl_cache_deinit ();
cert_cache_deinit (1);
+ reload_dns_stuff (1);
#if USE_LDAP
ldapserver_list_free (opt.ldapservers);
@@ -1689,6 +1690,7 @@ dirmngr_sighup_action (void)
crl_cache_deinit ();
cert_cache_init ();
crl_cache_init ();
+ reload_dns_stuff (0);
}
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 0f1f0ed..63951e5 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -133,8 +133,13 @@ struct libdns_s
struct sockaddr_storage socks_host;
} libdns;
+
+/* If this flag is set, libdns shall be reinited for the next use. */
+static int libdns_reinit_pending;
+
#endif /*USE_LIBDNS*/
+
/* Calling this function with YES set to True forces the use of the
* standard resolver even if dirmngr has been built with support for
* an alternative resolver. */
@@ -159,6 +164,7 @@ void
enable_recursive_resolver (int yes)
{
recursive_resolver = yes;
+ libdns_reinit_pending = 1;
}
@@ -203,6 +209,7 @@ set_dns_nameserver (const char *ipaddr)
strncpy (tor_nameserver, ipaddr? ipaddr : DEFAULT_NAMESERVER,
sizeof tor_nameserver -1);
tor_nameserver[sizeof tor_nameserver -1] = 0;
+ libdns_reinit_pending = 1;
}
@@ -315,6 +322,9 @@ libdns_init (void)
const char *fname;
char *cfgstr = NULL;
+ if (libdns.resolv_conf)
+ return 0; /* Already initialized. */
+
memset (&ld, 0, sizeof ld);
ld.resolv_conf = dns_resconf_open (&derr);
@@ -410,6 +420,41 @@ libdns_init (void)
#ifdef USE_LIBDNS
+/* Deinitialize libdns. */
+static void
+libdns_deinit (void)
+{
+ struct libdns_s ld;
+
+ if (!libdns.resolv_conf)
+ return; /* Not initialized. */
+
+ ld = libdns;
+ memset (&libdns, 0, sizeof libdns);
+ dns_hints_close (ld.hints);
+ dns_hosts_close (ld.hosts);
+ dns_resconf_close (ld.resolv_conf);
+}
+#endif /*USE_LIBDNS*/
+
+/* SIGHUP action handler for this module. With FORCE set objects are
+ * all immediately released. */
+void
+reload_dns_stuff (int force)
+{
+ if (force)
+ {
+#ifdef USE_LIBDNS
+ libdns_deinit ();
+#endif
+ libdns_reinit_pending = 0;
+ }
+ else
+ libdns_reinit_pending = 1;
+}
+
+
+#ifdef USE_LIBDNS
/*
* Initialize libdns if needed and open a dns_resolver context.
* Returns 0 on success and stores the new context at R_RES. On
@@ -424,6 +469,12 @@ libdns_res_open (struct dns_resolver **r_res)
*r_res = NULL;
+ if (libdns_reinit_pending)
+ {
+ libdns_reinit_pending = 0;
+ libdns_deinit ();
+ }
+
err = libdns_init ();
if (err)
return err;
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index 20a4b41..2be972a 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -116,6 +116,8 @@ gpg_error_t enable_dns_tormode (int new_circuit);
next DNS query. Note that this is only used in Tor mode. */
void set_dns_nameserver (const char *ipaddr);
+/* SIGHUP action handler for this module. */
+void reload_dns_stuff (int force);
void free_dns_addrinfo (dns_addrinfo_t ai);
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index 224e948..5315138 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -217,7 +217,6 @@ main (int argc, char **argv)
{
printf ("CNAME found: '%s'\n", cname);
}
-
xfree (cname);
}
else if (opt_srv)
@@ -291,6 +290,7 @@ main (int argc, char **argv)
free_dns_addrinfo (aibuf);
}
+ reload_dns_stuff (1); /* Release objects. */
return 0;
}
commit ddb48086833f8b86f0f0d69b21a23f245090ea7a
Author: Werner Koch <wk at gnupg.org>
Date: Fri Dec 16 20:25:02 2016 +0100
dirmngr: Pass Tor credentials to libdns.
* dirmngr/dns-stuff.c (tor_credentials): Replace by ...
(tor_socks_user, tor_socks_password): new vars.
(enable_dns_tormode): Set these new vars.
(libdns_res_open): Tell libdns the socks credentials.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index eec7112..0f1f0ed 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -118,8 +118,10 @@ static int tor_mode;
(40 should be sufficient for v6 but we add some extra for a scope.) */
static char tor_nameserver[40+20];
-/* A string to hold the credentials presented to Tor. */
-static char tor_credentials[50];
+/* Two strings to hold the credentials presented to Tor. */
+static char tor_socks_user[30];
+static char tor_socks_password[20];
+
#ifdef USE_LIBDNS
/* Libdns gobal data. */
@@ -177,15 +179,14 @@ recursive_resolver_p (void)
gpg_error_t
enable_dns_tormode (int new_circuit)
{
- /* XXX: dns.c doesn't support SOCKS credentials. */
-
- if (!*tor_credentials || new_circuit)
+ if (!*tor_socks_user || new_circuit)
{
static unsigned int counter;
- gpgrt_snprintf (tor_credentials, sizeof tor_credentials,
- "dirmngr-%lu:p%u",
- (unsigned long)getpid (), counter);
+ gpgrt_snprintf (tor_socks_user, sizeof tor_socks_user,
+ "dirmngr-%lu", (unsigned long)getpid ());
+ gpgrt_snprintf (tor_socks_password, sizeof tor_socks_password,
+ "p%u", counter);
counter++;
}
tor_mode = 1;
@@ -428,7 +429,10 @@ libdns_res_open (struct dns_resolver **r_res)
return err;
res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL,
- dns_opts (.socks_host=&libdns.socks_host), &derr);
+ dns_opts (.socks_host = &libdns.socks_host,
+ .socks_user = tor_socks_user,
+ .socks_password = tor_socks_password ),
+ &derr);
if (!res)
return libdns_error_to_gpg_error (derr);
commit 59d3c3e4baffff52548fb5d1766ebf02dd8e1bec
Author: Werner Koch <wk at gnupg.org>
Date: Fri Dec 16 20:09:27 2016 +0100
dirmngr: Factor common libdns code out.
* dirmngr/dns-stuff.c (libdns_res_open): New. Replace all libdns_init
and dns-res_open by a call to this func.
(libdns_res_submit): New wrapper. Replace all dns_res_sumbit calls.
(libdns_res_wait): New function.
(resolve_name_libdns): Replace loop by libdns_res_wait.
(get_dns_cert_libdns): Ditto.
(getsrv_libdns): Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 1fbe2ea..eec7112 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -409,6 +409,73 @@ libdns_init (void)
#ifdef USE_LIBDNS
+/*
+ * Initialize libdns if needed and open a dns_resolver context.
+ * Returns 0 on success and stores the new context at R_RES. On
+ * failure an error code is returned and NULL stored at R_RES.
+ */
+static gpg_error_t
+libdns_res_open (struct dns_resolver **r_res)
+{
+ gpg_error_t err;
+ struct dns_resolver *res;
+ int derr;
+
+ *r_res = NULL;
+
+ err = libdns_init ();
+ if (err)
+ return err;
+
+ res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL,
+ dns_opts (.socks_host=&libdns.socks_host), &derr);
+ if (!res)
+ return libdns_error_to_gpg_error (derr);
+
+ *r_res = res;
+ return 0;
+}
+#endif /*USE_LIBDNS*/
+
+
+#ifdef USE_LIBDNS
+/* Wrapper around dns_res_submit. */
+static gpg_error_t
+libdns_res_submit (struct dns_resolver *res, const char *qname,
+ enum dns_type qtype, enum dns_class qclass)
+{
+ return libdns_error_to_gpg_error (dns_res_submit (res, qname, qtype, qclass));
+}
+#endif /*USE_LIBDNS*/
+
+
+#ifdef USE_LIBDNS
+/* Standard event handling loop. */
+gpg_error_t
+libdns_res_wait (struct dns_resolver *res)
+{
+ gpg_error_t err;
+
+ while ((err = libdns_error_to_gpg_error (dns_res_check (res)))
+ && gpg_err_code (err) == GPG_ERR_EAGAIN)
+ {
+ if (dns_res_elapsed (res) > 30)
+ {
+ err = gpg_error (GPG_ERR_DNS_TIMEOUT);
+ break;
+ }
+
+ my_unprotect ();
+ dns_res_poll (res, 1);
+ my_protect ();
+ }
+
+ return err;
+}
+#endif /*USE_LIBDNS*/
+
+
+#ifdef USE_LIBDNS
static gpg_error_t
resolve_name_libdns (const char *name, unsigned short port,
int want_family, int want_socktype,
@@ -429,10 +496,6 @@ resolve_name_libdns (const char *name, unsigned short port,
if (r_canonname)
*r_canonname = NULL;
- err = libdns_init ();
- if (err)
- goto leave;
-
memset (&hints, 0, sizeof hints);
hints.ai_family = want_family;
hints.ai_socktype = want_socktype;
@@ -446,13 +509,9 @@ resolve_name_libdns (const char *name, unsigned short port,
portstr = portstr_;
}
- res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL,
- dns_opts (.socks_host=&libdns.socks_host), &derr);
- if (!res)
- {
- err = libdns_error_to_gpg_error (derr);
- goto leave;
- }
+ err = libdns_res_open (&res);
+ if (err)
+ goto leave;
ai = dns_ai_open (name, portstr, 0, &hints, res, &derr);
if (!ai)
@@ -841,46 +900,24 @@ get_dns_cert_libdns (const char *name, int want_certtype,
: (want_certtype - DNS_CERTTYPE_RRBASE));
- err = libdns_init ();
+ err = libdns_res_open (&res);
if (err)
goto leave;
- res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL,
- dns_opts (.socks_host=&libdns.socks_host), &derr);
- if (!res)
- {
- err = libdns_error_to_gpg_error (derr);
- goto leave;
- }
-
if (dns_d_anchor (host, sizeof host, name, strlen (name)) >= sizeof host)
{
err = gpg_error (GPG_ERR_ENAMETOOLONG);
goto leave;
}
- err = libdns_error_to_gpg_error (dns_res_submit (res, name, qtype, DNS_C_IN));
+ err = libdns_res_submit (res, name, qtype, DNS_C_IN);
if (err)
goto leave;
- /* Loop until we found a record. */
- while ((err = libdns_error_to_gpg_error (dns_res_check (res))))
- {
- if (gpg_err_code (err) == GPG_ERR_EAGAIN)
- {
- if (dns_res_elapsed (res) > 30)
- {
- err = gpg_error (GPG_ERR_DNS_TIMEOUT);
- goto leave;
- }
+ err = libdns_res_wait (res);
+ if (err)
+ goto leave;
- my_unprotect ();
- dns_res_poll (res, 1);
- my_protect ();
- }
- else if (err)
- goto leave;
- }
ans = dns_res_fetch (res, &derr);
if (!ans)
{
@@ -1281,47 +1318,24 @@ getsrv_libdns (const char *name, struct srventry **list, int *r_count)
int derr;
int srvcount=0;
- err = libdns_init ();
+ err = libdns_res_open (&res);
if (err)
goto leave;
- res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL,
- dns_opts (.socks_host=&libdns.socks_host), &derr);
- if (!res)
- {
- err = libdns_error_to_gpg_error (derr);
- goto leave;
- }
-
if (dns_d_anchor (host, sizeof host, name, strlen (name)) >= sizeof host)
{
err = gpg_error (GPG_ERR_ENAMETOOLONG);
goto leave;
}
- err = libdns_error_to_gpg_error
- (dns_res_submit (res, name, DNS_T_SRV, DNS_C_IN));
+ err = libdns_res_submit (res, name, DNS_T_SRV, DNS_C_IN);
if (err)
goto leave;
- /* Loop until we found a record. */
- while ((err = libdns_error_to_gpg_error (dns_res_check (res))))
- {
- if (gpg_err_code (err) == GPG_ERR_EAGAIN)
- {
- if (dns_res_elapsed (res) > 30)
- {
- err = gpg_error (GPG_ERR_DNS_TIMEOUT);
- goto leave;
- }
+ err = libdns_res_wait (res);
+ if (err)
+ goto leave;
- my_unprotect ();
- dns_res_poll (res, 1);
- my_protect ();
- }
- else if (err)
- goto leave;
- }
ans = dns_res_fetch (res, &derr);
if (!ans)
{
@@ -1616,46 +1630,23 @@ gpg_error_t
get_dns_cname_libdns (const char *name, char **r_cname)
{
gpg_error_t err;
- struct dns_resolver *res = NULL;
+ struct dns_resolver *res;
struct dns_packet *ans = NULL;
struct dns_cname cname;
int derr;
- err = libdns_init ();
+ err = libdns_res_open (&res);
if (err)
goto leave;
- res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL,
- dns_opts (.socks_host=&libdns.socks_host), &derr);
- if (!res)
- {
- err = libdns_error_to_gpg_error (derr);
- goto leave;
- }
-
- err = libdns_error_to_gpg_error
- (dns_res_submit (res, name, DNS_T_CNAME, DNS_C_IN));
+ err = libdns_res_submit (res, name, DNS_T_CNAME, DNS_C_IN);
if (err)
goto leave;
- /* Loop until we found a record. */
- while ((err = libdns_error_to_gpg_error (dns_res_check (res))))
- {
- if (gpg_err_code (err) == GPG_ERR_EAGAIN)
- {
- if (dns_res_elapsed (res) > 30)
- {
- err = gpg_error (GPG_ERR_DNS_TIMEOUT);
- goto leave;
- }
+ err = libdns_res_wait (res);
+ if (err)
+ goto leave;
- my_unprotect ();
- dns_res_poll (res, 1);
- my_protect ();
- }
- else if (err)
- goto leave;
- }
ans = dns_res_fetch (res, &derr);
if (!ans)
{
-----------------------------------------------------------------------
Summary of changes:
dirmngr/dirmngr.c | 2 +
dirmngr/dns-stuff.c | 252 +++++++++++++++++++++++++++++---------------------
dirmngr/dns-stuff.h | 2 +
dirmngr/t-dns-stuff.c | 2 +-
4 files changed, 154 insertions(+), 104 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list