[Pkg-gnupg-commit] [gnupg2] 115/180: dirmngr: New configure option --disable-libdns.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Dec 24 22:29:16 UTC 2016


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit d34a2bb410c7c770d26430d69ff77bd83fc407f1
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Dec 14 15:36:25 2016 +0100

    dirmngr: New configure option --disable-libdns.
    
    * configure.ac: Add option --disable-libdns
    (USE_LIBDNS): New ac_subst and am_conditional.
    (USE_C99_CFLAGS): Set only if libdns is used.
    * dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
    (dirmngr_SOURCES) [USE_LIBDNS0: here.
    (t_common_src): Ditto.
    * dirmngr/dirmngr.c (oRecursiveResolver): New constant.
    (opts): New option "--recursive-resolver".
    (parse_rereadable_options): Set option.
    * dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
    * dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
    new variables.
    * dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
    Also build and call dnslib functions only if USE_DNSLIB is defined.
    (recursive_resolver): New var.
    (enable_recursive_resolver): New func.
    (recursive_resolver_p): New func.
    --
    
    In case users run into problems building GnuPG, the configure option
    allows to disable that support and continue w/o Tor support using the
    system resolver.
    
    --recursive-resolver was easy enough to implement and may be useful in
    some situation.  It does not fully work, though.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 README                | 10 +++++++++
 configure.ac          | 26 +++++++++++++++++++----
 dirmngr/Makefile.am   | 10 +++++++--
 dirmngr/dirmngr.c     |  3 +++
 dirmngr/dns-stuff.c   | 57 ++++++++++++++++++++++++++++++++++++++++++++++-----
 dirmngr/dns-stuff.h   |  7 +++++++
 dirmngr/server.c      |  6 ++++++
 dirmngr/t-dns-stuff.c |  5 +++++
 doc/dirmngr.texi      |  4 ++++
 9 files changed, 117 insertions(+), 11 deletions(-)

diff --git a/README b/README
index c8b166b..322d366 100644
--- a/README
+++ b/README
@@ -117,6 +117,16 @@
   Add other options as needed.
 
 
+*** Systems without a full C99 compiler
+
+  If you run into problems with our compiler complaining about dns.c
+  you may use
+
+    ./configure --disable-libdns
+
+  Add other options as needed.
+
+
 * MIGRATION from 1.4 or 2.0 to 2.1
 
   The major change in 2.1 is gpg-agent taking care of the OpenPGP
diff --git a/configure.ac b/configure.ac
index ea0abbb..066e963 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,6 +110,7 @@ use_bzip2=yes
 use_exec=yes
 use_trust_models=yes
 use_tofu=yes
+use_libdns=yes
 card_support=yes
 use_ccid_driver=auto
 dirmngr_auto_start=yes
@@ -269,6 +270,16 @@ if test "$use_trust_models" = no && test "$use_tofu" = yes; then
     AC_MSG_ERROR([both --disable-trust-models and --enable-tofu given])
 fi
 
+AC_MSG_CHECKING([whether to enable libdns])
+AC_ARG_ENABLE(libdns,
+                AC_HELP_STRING([--disable-libdns],
+                               [do not build with libdns support]),
+              use_libdns=$enableval, use_libdns=yes)
+AC_MSG_RESULT($use_libdns)
+if test x"$use_libdns" = xyes ; then
+    AC_DEFINE(USE_LIBDNS, 1, [Build with integrated libdns support])
+fi
+AM_CONDITIONAL(USE_LIBDNS, test "$use_libdns" = yes)
 
 
 #
@@ -1063,13 +1074,18 @@ if test "$build_dirmngr" = "yes"; then
     if test x"$need_compat" = xyes ; then
       AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
     fi
+    if test "$use_libdns" = yes; then
+     show_tor_support=yes
+    fi
+  elif test "$use_libdns" = yes; then
+    show_tor_support=yes
   else
     AC_MSG_WARN([[
 ***
 *** The system's DNS resolver is not usable.
 *** Dirmngr functionality is limited.
 ***]])
-   show_tor_support="${show_tor_support} (no system resolver)"
+    show_tor_support="${show_tor_support} (no system resolver)"
   fi
 
   LIBS=$_dns_save_libs
@@ -1510,6 +1526,7 @@ AC_SUBST(W32SOCKLIBS)
 #
 # Setup gcc specific options
 #
+USE_C99_CFLAGS=
 AC_MSG_NOTICE([checking for cc features])
 if test "$GCC" = yes; then
     mycflags=
@@ -1577,9 +1594,10 @@ if test "$GCC" = yes; then
     fi
 
     CFLAGS="$mycflags $mycflags_save"
-    USE_C99_CFLAGS="-std=gnu99"
-else
-    USE_C99_CFLAGS=
+    if test "$use_libdns" = yes; then
+       # dirmngr/dns.{c,h} require C99 and GNU extensions.  */
+       USE_C99_CFLAGS="-std=gnu99"
+    fi
 fi
 
 AC_SUBST(USE_C99_CFLAGS)
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index f18786b..d3f89bc 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -60,12 +60,15 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c	\
 	loadswdb.c \
 	cdb.h cdblib.c misc.c dirmngr-err.h  \
 	ocsp.c ocsp.h validate.c validate.h  \
-	dns.c dns.h \
 	dns-stuff.c dns-stuff.h \
 	http.c http.h \
 	ks-action.c ks-action.h ks-engine.h \
 	ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
 
+if USE_LIBDNS
+dirmngr_SOURCES += dns.c dns.h
+endif
+
 if USE_LDAP
 dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
                    ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
@@ -104,7 +107,10 @@ dirmngr_client_LDADD = $(libcommon) \
 dirmngr_client_LDFLAGS = $(extra_bin_ldflags)
 
 
-t_common_src = t-support.h dns.c dns.h
+t_common_src = t-support.h
+if USE_LIBDNS
+t_common_src += dns.c dns.h
+endif
 t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
                  $(GPG_ERROR_LIBS) $(NETLIBS) \
                  $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index c26a468..a118327 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -141,6 +141,7 @@ enum cmd_and_opt_values {
   oNameServer,
   oDisableCheckOwnSocket,
   oStandardResolver,
+  oRecursiveResolver,
   aTest
 };
 
@@ -238,6 +239,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy", "@"),
   ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"),
   ARGPARSE_s_n (oStandardResolver, "standard-resolver", "@"),
+  ARGPARSE_s_n (oRecursiveResolver, "recursive-resolver", "@"),
 
   ARGPARSE_group (302,N_("@\n(See the \"info\" manual for a complete listing "
                          "of all commands and options)\n")),
@@ -621,6 +623,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oUseTor: opt.use_tor = 1; break;
 
     case oStandardResolver: enable_standard_resolver (1); break;
+    case oRecursiveResolver: enable_recursive_resolver (1); break;
 
     case oKeyServer:
       if (*pargs->r.ret_str)
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 0d069a3..8d5d168 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -47,7 +47,9 @@
 #include <unistd.h>
 
 /* William Ahern's DNS library, included as a source copy.  */
-#include "dns.h"
+#ifdef USE_LIBDNS
+# include "dns.h"
+#endif
 
 /* dns.c has a dns_p_free but it is not exported.  We use our own
  * wrapper here so that we do not accidentally use xfree which would
@@ -101,6 +103,9 @@
 /* If set force the use of the standard resolver.  */
 static int standard_resolver;
 
+/* If set use recursive resolver when available. */
+static int recursive_resolver;
+
 /* If set Tor mode shall be used.  */
 static int tor_mode;
 
@@ -111,6 +116,7 @@ static char tor_nameserver[40+20];
 /* A string to hold the credentials presented to Tor.  */
 static char tor_credentials[50];
 
+#ifdef USE_LIBDNS
 /* Libdns gobal data.  */
 struct
 {
@@ -120,7 +126,7 @@ struct
 
   struct sockaddr_storage socks_host;
 } libdns;
-
+#endif /*USE_LIBDNS*/
 
 /* Calling this function with YES set to True forces the use of the
  * standard resolver even if dirmngr has been built with support for
@@ -140,6 +146,27 @@ standard_resolver_p (void)
 }
 
 
+/* Calling this function with YES switches libdns into recursive mode.
+ * It has no effect on the standard resolver.  */
+void
+enable_recursive_resolver (int yes)
+{
+  recursive_resolver = yes;
+}
+
+
+/* Return true iff the recursive resolver is used.  */
+int
+recursive_resolver_p (void)
+{
+#if USE_LIBDNS
+  return !standard_resolver && recursive_resolver;
+#else
+  return 0;
+#endif
+}
+
+
 /* Sets the module in Tor mode.  Returns 0 is this is possible or an
    error code.  */
 gpg_error_t
@@ -233,6 +260,7 @@ map_eai_to_gpg_error (int ec)
 }
 
 
+#ifdef USE_LIBDNS
 static gpg_error_t
 libdns_error_to_gpg_error (int serr)
 {
@@ -266,8 +294,10 @@ libdns_error_to_gpg_error (int serr)
     }
   return gpg_error (ec);
 }
+#endif /*USE_LIBDNS*/
 
 
+#ifdef USE_LIBDNS
 static gpg_error_t
 libdns_init (void)
 {
@@ -297,7 +327,9 @@ libdns_init (void)
     goto leave;
 
   /* dns_hints_local for stub mode, dns_hints_root for recursive.  */
-  libdns.hints = dns_hints_local (libdns.resolv_conf, &error);
+  libdns.hints = (recursive_resolver
+                  ? dns_hints_root  (libdns.resolv_conf, &error)
+                  : dns_hints_local (libdns.resolv_conf, &error));
   if (! libdns.hints)
     goto leave;
 
@@ -305,8 +337,10 @@ libdns_init (void)
  leave:
   return libdns_error_to_gpg_error (error);
 }
+#endif /*USE_LIBDNS*/
 
 
+#ifdef USE_LIBDNS
 static gpg_error_t
 resolve_name_libdns (const char *name, unsigned short port,
                      int want_family, int want_socktype,
@@ -431,6 +465,7 @@ resolve_name_libdns (const char *name, unsigned short port,
 
   return err;
 }
+#endif /*USE_LIBDNS*/
 
 
 /* Resolve a name using the standard system function.  */
@@ -615,9 +650,11 @@ resolve_dns_name (const char *name, unsigned short port,
                   int want_family, int want_socktype,
                   dns_addrinfo_t *r_ai, char **r_canonname)
 {
+#ifdef USE_LIBDNS
   if (!standard_resolver)
     return resolve_name_libdns (name, port, want_family, want_socktype,
                                 r_ai, r_canonname);
+#endif /*USE_LIBDNS*/
 
   return resolve_name_standard (name, port, want_family, want_socktype,
                                 r_ai, r_canonname);
@@ -714,6 +751,7 @@ is_onion_address (const char *name)
 
 
 /* libdns version of get_dns_cert.  */
+#ifdef USE_LIBDNS
 static gpg_error_t
 get_dns_cert_libdns (const char *name, int want_certtype,
                      void **r_key, size_t *r_keylen,
@@ -726,7 +764,6 @@ get_dns_cert_libdns (const char *name, int want_certtype,
   struct dns_rr_i rri;
   char host[DNS_D_MAXNAME + 1];
   int derr;
-  int srvcount = 0;
   int qtype;
 
   /* Gte the query type from WANT_CERTTYPE (which in general indicates
@@ -907,6 +944,7 @@ get_dns_cert_libdns (const char *name, int want_certtype,
   dns_res_close (res);
   return err;
 }
+#endif /*USE_LIBDNS*/
 
 
 /* Standard resolver version of get_dns_cert.  */
@@ -1135,9 +1173,11 @@ get_dns_cert (const char *name, int want_certtype,
   *r_fprlen = 0;
   *r_url = NULL;
 
+#ifdef USE_LIBDNS
   if (!standard_resolver)
     return get_dns_cert_libdns (name, want_certtype, r_key, r_keylen,
                                 r_fpr, r_fprlen, r_url);
+#endif /*USE_LIBDNS*/
 
   return get_dns_cert_standard (name, want_certtype, r_key, r_keylen,
                                 r_fpr, r_fprlen, r_url);
@@ -1160,6 +1200,7 @@ priosort(const void *a,const void *b)
 /* Libdns based helper for getsrv.  Note that it is expected that NULL
  * is stored at the address of LIST and 0 is stored at the address of
  * R_COUNT.  */
+#ifdef USE_LIBDNS
 static gpg_error_t
 getsrv_libdns (const char *name, struct srventry **list, int *r_count)
 {
@@ -1274,6 +1315,7 @@ getsrv_libdns (const char *name, struct srventry **list, int *r_count)
   dns_res_close (res);
   return err;
 }
+#endif /*USE_LIBDNS*/
 
 
 /* Standard resolver based helper for getsrv.  Note that it is
@@ -1412,9 +1454,11 @@ getsrv (const char *name, struct srventry **list)
 
   *list = NULL;
   srvcount = 0;
+#ifdef USE_LIBDNS
   if (!standard_resolver)
     err = getsrv_libdns (name, list, &srvcount);
   else
+#endif /*USE_LIBDNS*/
     err = getsrv_standard (name, list, &srvcount);
 
   if (err)
@@ -1498,6 +1542,7 @@ getsrv (const char *name, struct srventry **list)
 
 
 

+#ifdef USE_LIBDNS
 /* libdns version of get_dns_cname.  */
 gpg_error_t
 get_dns_cname_libdns (const char *name, char **r_cname)
@@ -1505,7 +1550,6 @@ get_dns_cname_libdns (const char *name, char **r_cname)
   gpg_error_t err;
   struct dns_resolver *res = NULL;
   struct dns_packet *ans = NULL;
-  struct dns_rr rr;
   struct dns_cname cname;
   int derr;
 
@@ -1582,6 +1626,7 @@ get_dns_cname_libdns (const char *name, char **r_cname)
   dns_res_close (res);
   return err;
 }
+#endif /*USE_LIBDNS*/
 
 
 /* Standard resolver version of get_dns_cname.  */
@@ -1673,8 +1718,10 @@ get_dns_cname (const char *name, char **r_cname)
 {
   *r_cname = NULL;
 
+#ifdef USE_LIBDNS
   if (!standard_resolver)
     return get_dns_cname_libdns (name, r_cname);
+#endif /*USE_LIBDNS*/
 
   return get_dns_cname_standard (name, r_cname);
 }
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index c3c0946..20a4b41 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -100,6 +100,13 @@ void enable_standard_resolver (int yes);
 /* Return true if the standard resolver is used.  */
 int standard_resolver_p (void);
 
+/* Calling this function with YES switches libdns into recursive mode.
+ * It has no effect on the standard resolver.  */
+void enable_recursive_resolver (int yes);
+
+/* Return true iff the recursive resolver is used.  */
+int recursive_resolver_p (void);
+
 /* Calling this function switches the DNS code into Tor mode if
    possibe.  Return 0 on success.  */
 gpg_error_t enable_dns_tormode (int new_circuit);
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 3e66868..a785238 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2314,7 +2314,13 @@ cmd_getinfo (assuan_context_t ctx, char *line)
           (ctx, "- Forced use of System resolver (w/o Tor support)");
       else
         {
+#ifdef USE_LIBDNS
+          assuan_set_okay_line (ctx, (recursive_resolver_p ()
+                                      ? "- Libdns recursive resolver"
+                                      : "- Libdns stub resolver"));
+#else
           assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)");
+#endif
         }
       err = 0;
     }
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index 8d2cba6..224e948 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -102,6 +102,11 @@ main (int argc, char **argv)
           enable_standard_resolver (1);
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--recursive-resolver"))
+        {
+          enable_recursive_resolver (1);
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--bracket"))
         {
           opt_bracket = 1;
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 8f0cf54..94ef35d 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -251,6 +251,10 @@ This is mainly used for debugging.  Note that on Windows a standard
 resolver is not used and all DNS access will return the error ``Not
 Implemented'' if this function is used.
 
+ at item --recursive-resolver
+ at opindex recursive-resolver
+When possible use a recursive resolver instead of a stub resolver.
+
 @item --allow-version-check
 @opindex allow-version-check
 Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git



More information about the Pkg-gnupg-commit mailing list