[Pkg-gnupg-commit] [gnupg2] 16/241: dirmngr: Make --use-tor work - still leaks DNS.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Dec 9 20:31:47 UTC 2015
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 6983fd131f648ba4acd57b266de9868911874d14
Author: Werner Koch <wk at gnupg.org>
Date: Mon Oct 19 13:12:24 2015 +0200
dirmngr: Make --use-tor work - still leaks DNS.
* dirmngr/dirmngr.c (set_tor_mode): New.
(main, reread_configuration): Call it.
* dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
mode is enabled if the FORCE_TOR flag is given.
--
The patch for http.c is a sanity check because tor mode is anyway
global as long as the Assuan socket wrappers are used.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
dirmngr/dirmngr.c | 19 +++++++++++++++++--
dirmngr/http.c | 18 ++++++++++++++----
doc/dirmngr.texi | 8 +++++---
3 files changed, 36 insertions(+), 9 deletions(-)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index a32040e..744fb52 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -466,6 +466,20 @@ set_debug (void)
static void
+set_tor_mode (void)
+{
+ if (opt.use_tor)
+ {
+ if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
+ {
+ log_error ("error enabling TOR mode: %s\n", strerror (errno));
+ log_info ("(is your Libassuan recent enough?)\n");
+ }
+ }
+}
+
+
+static void
wrong_args (const char *text)
{
es_fprintf (es_stderr, _("usage: %s [options] "), DIRMNGR_NAME);
@@ -985,11 +999,10 @@ main (int argc, char **argv)
if (opt.use_tor)
{
log_info ("WARNING: ***************************************\n");
- log_info ("WARNING: TOR mode (--use-tor) DOES NOT YET WORK!\n");
+ log_info ("WARNING: TOR mode (--use-tor) MAY NOT FULLY WORK!\n");
log_info ("WARNING: ***************************************\n");
}
-
/* Print a warning if an argument looks like an option. */
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
{
@@ -1018,6 +1031,7 @@ main (int argc, char **argv)
}
set_debug ();
+ set_tor_mode ();
/* Get LDAP server list from file. */
#if USE_LDAP
@@ -1783,6 +1797,7 @@ reread_configuration (void)
fclose (fp);
set_debug ();
+ set_tor_mode ();
}
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 6ba2987..6f8bf3d 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -751,8 +751,13 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
if ((flags & HTTP_FLAG_FORCE_TOR))
{
- log_error ("TOR support is not yet available\n");
- return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+ int mode;
+
+ if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+ {
+ log_error ("TOR support is not available\n");
+ return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+ }
}
/* Create the handle. */
@@ -1466,8 +1471,13 @@ send_request (http_t hd, const char *httphost, const char *auth,
if ((hd->flags & HTTP_FLAG_FORCE_TOR))
{
- log_error ("TOR support is not yet available\n");
- return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+ int mode;
+
+ if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+ {
+ log_error ("TOR support is not available\n");
+ return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+ }
}
server = *hd->uri->host ? hd->uri->host : "localhost";
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 18e8189..d1d4211 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -238,9 +238,11 @@ useful for debugging.
@item --use-tor
@opindex use-tor
-This options is not yet functional! It will eventually switch GnuPG
-into a TOR mode to route all network access via TOR (an anonymity
-network).
+This option switches Dirmngr and thus GnuPG into ``TOR mode'' to route
+all network access via TOR (an anonymity network). WARNING: As of now
+this still leaks the DNS queries; e.g. to lookup the hosts in a
+keyserver pool. Certain other features are disabled if this mode is
+active.
@item --keyserver @code{name}
@opindex keyserver
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list