[Pkg-gnupg-commit] [gnupg2] 57/241: dirmngr: Implement Tor mode for SRV RRs.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Dec 9 20:31:53 UTC 2015
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 8b06d7f41aec6cb993445935dba7c60e033d026a
Author: Werner Koch <wk at gnupg.org>
Date: Thu Oct 22 10:14:10 2015 +0200
dirmngr: Implement Tor mode for SRV RRs.
* dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
(my_adns_init): new.
(getsrv)[USE_ADNS]: Use my_adns_init.
(getsrv)[!USE_ADNS]: Return an error if Tor mode is active.
* dirmngr/t-dns-stuff.c: Add option --use-tor.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
dirmngr/dns-stuff.c | 46 ++++++++++++++++++++++++++++++++--------------
dirmngr/t-dns-stuff.c | 18 ++++++++++++++++++
2 files changed, 50 insertions(+), 14 deletions(-)
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 639388f..300d086 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -219,6 +219,29 @@ resolve_dns_name (const char *name, unsigned short port,
}
+#ifdef USE_ADNS
+/* Init ADNS and store the new state at R_STATE. Returns 0 on
+ success; prints an error message and returns an error code on
+ failure. */
+static gpg_error_t
+my_adns_init (adns_state *r_state)
+{
+ gpg_error_t err;
+
+ if (tor_mode? adns_init_strcfg (r_state,
+ adns_if_noerrprint|adns_if_tormode,
+ NULL, "nameserver 8.8.8.8")
+ /* */: adns_init (r_state, adns_if_noerrprint, NULL))
+ {
+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+ log_error ("error initializing adns: %s\n", gpg_strerror (err));
+ return err;
+ }
+ return 0;
+}
+#endif /*USE_ADNS*/
+
+
/* Returns 0 on success or an error code. If a PGP CERT record was
found, the malloced data is returned at (R_KEY, R_KEYLEN) and
the other return parameters are set to NULL/0. If an IPGP CERT
@@ -250,14 +273,9 @@ get_dns_cert (const char *name, int want_certtype,
*r_fprlen = 0;
*r_url = NULL;
- if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode,
- NULL, "nameserver 8.8.8.8")
- /* */: adns_init (&state, adns_if_noerrprint, NULL))
- {
- err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
- log_error ("error initializing adns: %s\n", strerror (errno));
- return err;
- }
+ err = my_adns_init (&state);
+ if (err)
+ return err;
if (adns_synchronous (state, name,
(adns_r_unknown
@@ -620,12 +638,8 @@ getsrv (const char *name,struct srventry **list)
adns_state state;
adns_answer *answer = NULL;
- rc = adns_init (&state, adns_if_noerrprint, NULL);
- if (rc)
- {
- log_error ("error initializing adns: %s\n", strerror (errno));
- return -1;
- }
+ if (my_adns_init (&state))
+ return -1;
rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
&answer);
@@ -682,6 +696,10 @@ getsrv (const char *name,struct srventry **list)
int r;
u16 dlen;
+ /* Do not allow a query using the standard resolver in Tor mode. */
+ if (tor_mode)
+ return -1;
+
r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
if (r < sizeof (HEADER) || r > sizeof answer)
return -1;
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index d2ead8f..63d4cdd 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -42,6 +42,7 @@ main (int argc, char **argv)
int last_argc = -1;
gpg_error_t err;
int any_options = 0;
+ int opt_tor = 0;
int opt_cert = 0;
int opt_srv = 0;
char const *name = NULL;
@@ -64,6 +65,7 @@ main (int argc, char **argv)
"Options:\n"
" --verbose print timings etc.\n"
" --debug flyswatter\n"
+ " --use-tor use Tor\n"
" --cert lookup a CERT RR\n"
" --srv lookup a SRV RR\n"
, stdout);
@@ -80,6 +82,11 @@ main (int argc, char **argv)
debug++;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--use-tor"))
+ {
+ opt_tor = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--cert"))
{
any_options = opt_cert = 1;
@@ -110,6 +117,17 @@ main (int argc, char **argv)
exit (1);
}
+ if (opt_tor)
+ {
+ err = enable_dns_tormode ();
+ if (err)
+ {
+ fprintf (stderr, "error switching into Tor mode: %s\n",
+ gpg_strerror (err));
+ exit (1);
+ }
+ }
+
if (opt_cert)
{
unsigned char *fpr;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list