[Pkg-gnupg-commit] [gnupg2] 115/180: dirmngr: New configure option --disable-libdns.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Dec 24 22:29:16 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit d34a2bb410c7c770d26430d69ff77bd83fc407f1
Author: Werner Koch <wk at gnupg.org>
Date: Wed Dec 14 15:36:25 2016 +0100
dirmngr: New configure option --disable-libdns.
* configure.ac: Add option --disable-libdns
(USE_LIBDNS): New ac_subst and am_conditional.
(USE_C99_CFLAGS): Set only if libdns is used.
* dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
(dirmngr_SOURCES) [USE_LIBDNS0: here.
(t_common_src): Ditto.
* dirmngr/dirmngr.c (oRecursiveResolver): New constant.
(opts): New option "--recursive-resolver".
(parse_rereadable_options): Set option.
* dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
* dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
new variables.
* dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
Also build and call dnslib functions only if USE_DNSLIB is defined.
(recursive_resolver): New var.
(enable_recursive_resolver): New func.
(recursive_resolver_p): New func.
--
In case users run into problems building GnuPG, the configure option
allows to disable that support and continue w/o Tor support using the
system resolver.
--recursive-resolver was easy enough to implement and may be useful in
some situation. It does not fully work, though.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
README | 10 +++++++++
configure.ac | 26 +++++++++++++++++++----
dirmngr/Makefile.am | 10 +++++++--
dirmngr/dirmngr.c | 3 +++
dirmngr/dns-stuff.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++-----
dirmngr/dns-stuff.h | 7 +++++++
dirmngr/server.c | 6 ++++++
dirmngr/t-dns-stuff.c | 5 +++++
doc/dirmngr.texi | 4 ++++
9 files changed, 117 insertions(+), 11 deletions(-)
diff --git a/README b/README
index c8b166b..322d366 100644
--- a/README
+++ b/README
@@ -117,6 +117,16 @@
Add other options as needed.
+*** Systems without a full C99 compiler
+
+ If you run into problems with our compiler complaining about dns.c
+ you may use
+
+ ./configure --disable-libdns
+
+ Add other options as needed.
+
+
* MIGRATION from 1.4 or 2.0 to 2.1
The major change in 2.1 is gpg-agent taking care of the OpenPGP
diff --git a/configure.ac b/configure.ac
index ea0abbb..066e963 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,6 +110,7 @@ use_bzip2=yes
use_exec=yes
use_trust_models=yes
use_tofu=yes
+use_libdns=yes
card_support=yes
use_ccid_driver=auto
dirmngr_auto_start=yes
@@ -269,6 +270,16 @@ if test "$use_trust_models" = no && test "$use_tofu" = yes; then
AC_MSG_ERROR([both --disable-trust-models and --enable-tofu given])
fi
+AC_MSG_CHECKING([whether to enable libdns])
+AC_ARG_ENABLE(libdns,
+ AC_HELP_STRING([--disable-libdns],
+ [do not build with libdns support]),
+ use_libdns=$enableval, use_libdns=yes)
+AC_MSG_RESULT($use_libdns)
+if test x"$use_libdns" = xyes ; then
+ AC_DEFINE(USE_LIBDNS, 1, [Build with integrated libdns support])
+fi
+AM_CONDITIONAL(USE_LIBDNS, test "$use_libdns" = yes)
#
@@ -1063,13 +1074,18 @@ if test "$build_dirmngr" = "yes"; then
if test x"$need_compat" = xyes ; then
AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
fi
+ if test "$use_libdns" = yes; then
+ show_tor_support=yes
+ fi
+ elif test "$use_libdns" = yes; then
+ show_tor_support=yes
else
AC_MSG_WARN([[
***
*** The system's DNS resolver is not usable.
*** Dirmngr functionality is limited.
***]])
- show_tor_support="${show_tor_support} (no system resolver)"
+ show_tor_support="${show_tor_support} (no system resolver)"
fi
LIBS=$_dns_save_libs
@@ -1510,6 +1526,7 @@ AC_SUBST(W32SOCKLIBS)
#
# Setup gcc specific options
#
+USE_C99_CFLAGS=
AC_MSG_NOTICE([checking for cc features])
if test "$GCC" = yes; then
mycflags=
@@ -1577,9 +1594,10 @@ if test "$GCC" = yes; then
fi
CFLAGS="$mycflags $mycflags_save"
- USE_C99_CFLAGS="-std=gnu99"
-else
- USE_C99_CFLAGS=
+ if test "$use_libdns" = yes; then
+ # dirmngr/dns.{c,h} require C99 and GNU extensions. */
+ USE_C99_CFLAGS="-std=gnu99"
+ fi
fi
AC_SUBST(USE_C99_CFLAGS)
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index f18786b..d3f89bc 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -60,12 +60,15 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
loadswdb.c \
cdb.h cdblib.c misc.c dirmngr-err.h \
ocsp.c ocsp.h validate.c validate.h \
- dns.c dns.h \
dns-stuff.c dns-stuff.h \
http.c http.h \
ks-action.c ks-action.h ks-engine.h \
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
+if USE_LIBDNS
+dirmngr_SOURCES += dns.c dns.h
+endif
+
if USE_LDAP
dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
@@ -104,7 +107,10 @@ dirmngr_client_LDADD = $(libcommon) \
dirmngr_client_LDFLAGS = $(extra_bin_ldflags)
-t_common_src = t-support.h dns.c dns.h
+t_common_src = t-support.h
+if USE_LIBDNS
+t_common_src += dns.c dns.h
+endif
t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
$(GPG_ERROR_LIBS) $(NETLIBS) \
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index c26a468..a118327 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -141,6 +141,7 @@ enum cmd_and_opt_values {
oNameServer,
oDisableCheckOwnSocket,
oStandardResolver,
+ oRecursiveResolver,
aTest
};
@@ -238,6 +239,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy", "@"),
ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"),
ARGPARSE_s_n (oStandardResolver, "standard-resolver", "@"),
+ ARGPARSE_s_n (oRecursiveResolver, "recursive-resolver", "@"),
ARGPARSE_group (302,N_("@\n(See the \"info\" manual for a complete listing "
"of all commands and options)\n")),
@@ -621,6 +623,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oUseTor: opt.use_tor = 1; break;
case oStandardResolver: enable_standard_resolver (1); break;
+ case oRecursiveResolver: enable_recursive_resolver (1); break;
case oKeyServer:
if (*pargs->r.ret_str)
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 0d069a3..8d5d168 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -47,7 +47,9 @@
#include <unistd.h>
/* William Ahern's DNS library, included as a source copy. */
-#include "dns.h"
+#ifdef USE_LIBDNS
+# include "dns.h"
+#endif
/* dns.c has a dns_p_free but it is not exported. We use our own
* wrapper here so that we do not accidentally use xfree which would
@@ -101,6 +103,9 @@
/* If set force the use of the standard resolver. */
static int standard_resolver;
+/* If set use recursive resolver when available. */
+static int recursive_resolver;
+
/* If set Tor mode shall be used. */
static int tor_mode;
@@ -111,6 +116,7 @@ static char tor_nameserver[40+20];
/* A string to hold the credentials presented to Tor. */
static char tor_credentials[50];
+#ifdef USE_LIBDNS
/* Libdns gobal data. */
struct
{
@@ -120,7 +126,7 @@ struct
struct sockaddr_storage socks_host;
} libdns;
-
+#endif /*USE_LIBDNS*/
/* Calling this function with YES set to True forces the use of the
* standard resolver even if dirmngr has been built with support for
@@ -140,6 +146,27 @@ standard_resolver_p (void)
}
+/* Calling this function with YES switches libdns into recursive mode.
+ * It has no effect on the standard resolver. */
+void
+enable_recursive_resolver (int yes)
+{
+ recursive_resolver = yes;
+}
+
+
+/* Return true iff the recursive resolver is used. */
+int
+recursive_resolver_p (void)
+{
+#if USE_LIBDNS
+ return !standard_resolver && recursive_resolver;
+#else
+ return 0;
+#endif
+}
+
+
/* Sets the module in Tor mode. Returns 0 is this is possible or an
error code. */
gpg_error_t
@@ -233,6 +260,7 @@ map_eai_to_gpg_error (int ec)
}
+#ifdef USE_LIBDNS
static gpg_error_t
libdns_error_to_gpg_error (int serr)
{
@@ -266,8 +294,10 @@ libdns_error_to_gpg_error (int serr)
}
return gpg_error (ec);
}
+#endif /*USE_LIBDNS*/
+#ifdef USE_LIBDNS
static gpg_error_t
libdns_init (void)
{
@@ -297,7 +327,9 @@ libdns_init (void)
goto leave;
/* dns_hints_local for stub mode, dns_hints_root for recursive. */
- libdns.hints = dns_hints_local (libdns.resolv_conf, &error);
+ libdns.hints = (recursive_resolver
+ ? dns_hints_root (libdns.resolv_conf, &error)
+ : dns_hints_local (libdns.resolv_conf, &error));
if (! libdns.hints)
goto leave;
@@ -305,8 +337,10 @@ libdns_init (void)
leave:
return libdns_error_to_gpg_error (error);
}
+#endif /*USE_LIBDNS*/
+#ifdef USE_LIBDNS
static gpg_error_t
resolve_name_libdns (const char *name, unsigned short port,
int want_family, int want_socktype,
@@ -431,6 +465,7 @@ resolve_name_libdns (const char *name, unsigned short port,
return err;
}
+#endif /*USE_LIBDNS*/
/* Resolve a name using the standard system function. */
@@ -615,9 +650,11 @@ resolve_dns_name (const char *name, unsigned short port,
int want_family, int want_socktype,
dns_addrinfo_t *r_ai, char **r_canonname)
{
+#ifdef USE_LIBDNS
if (!standard_resolver)
return resolve_name_libdns (name, port, want_family, want_socktype,
r_ai, r_canonname);
+#endif /*USE_LIBDNS*/
return resolve_name_standard (name, port, want_family, want_socktype,
r_ai, r_canonname);
@@ -714,6 +751,7 @@ is_onion_address (const char *name)
/* libdns version of get_dns_cert. */
+#ifdef USE_LIBDNS
static gpg_error_t
get_dns_cert_libdns (const char *name, int want_certtype,
void **r_key, size_t *r_keylen,
@@ -726,7 +764,6 @@ get_dns_cert_libdns (const char *name, int want_certtype,
struct dns_rr_i rri;
char host[DNS_D_MAXNAME + 1];
int derr;
- int srvcount = 0;
int qtype;
/* Gte the query type from WANT_CERTTYPE (which in general indicates
@@ -907,6 +944,7 @@ get_dns_cert_libdns (const char *name, int want_certtype,
dns_res_close (res);
return err;
}
+#endif /*USE_LIBDNS*/
/* Standard resolver version of get_dns_cert. */
@@ -1135,9 +1173,11 @@ get_dns_cert (const char *name, int want_certtype,
*r_fprlen = 0;
*r_url = NULL;
+#ifdef USE_LIBDNS
if (!standard_resolver)
return get_dns_cert_libdns (name, want_certtype, r_key, r_keylen,
r_fpr, r_fprlen, r_url);
+#endif /*USE_LIBDNS*/
return get_dns_cert_standard (name, want_certtype, r_key, r_keylen,
r_fpr, r_fprlen, r_url);
@@ -1160,6 +1200,7 @@ priosort(const void *a,const void *b)
/* Libdns based helper for getsrv. Note that it is expected that NULL
* is stored at the address of LIST and 0 is stored at the address of
* R_COUNT. */
+#ifdef USE_LIBDNS
static gpg_error_t
getsrv_libdns (const char *name, struct srventry **list, int *r_count)
{
@@ -1274,6 +1315,7 @@ getsrv_libdns (const char *name, struct srventry **list, int *r_count)
dns_res_close (res);
return err;
}
+#endif /*USE_LIBDNS*/
/* Standard resolver based helper for getsrv. Note that it is
@@ -1412,9 +1454,11 @@ getsrv (const char *name, struct srventry **list)
*list = NULL;
srvcount = 0;
+#ifdef USE_LIBDNS
if (!standard_resolver)
err = getsrv_libdns (name, list, &srvcount);
else
+#endif /*USE_LIBDNS*/
err = getsrv_standard (name, list, &srvcount);
if (err)
@@ -1498,6 +1542,7 @@ getsrv (const char *name, struct srventry **list)
+#ifdef USE_LIBDNS
/* libdns version of get_dns_cname. */
gpg_error_t
get_dns_cname_libdns (const char *name, char **r_cname)
@@ -1505,7 +1550,6 @@ get_dns_cname_libdns (const char *name, char **r_cname)
gpg_error_t err;
struct dns_resolver *res = NULL;
struct dns_packet *ans = NULL;
- struct dns_rr rr;
struct dns_cname cname;
int derr;
@@ -1582,6 +1626,7 @@ get_dns_cname_libdns (const char *name, char **r_cname)
dns_res_close (res);
return err;
}
+#endif /*USE_LIBDNS*/
/* Standard resolver version of get_dns_cname. */
@@ -1673,8 +1718,10 @@ get_dns_cname (const char *name, char **r_cname)
{
*r_cname = NULL;
+#ifdef USE_LIBDNS
if (!standard_resolver)
return get_dns_cname_libdns (name, r_cname);
+#endif /*USE_LIBDNS*/
return get_dns_cname_standard (name, r_cname);
}
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index c3c0946..20a4b41 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -100,6 +100,13 @@ void enable_standard_resolver (int yes);
/* Return true if the standard resolver is used. */
int standard_resolver_p (void);
+/* Calling this function with YES switches libdns into recursive mode.
+ * It has no effect on the standard resolver. */
+void enable_recursive_resolver (int yes);
+
+/* Return true iff the recursive resolver is used. */
+int recursive_resolver_p (void);
+
/* Calling this function switches the DNS code into Tor mode if
possibe. Return 0 on success. */
gpg_error_t enable_dns_tormode (int new_circuit);
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 3e66868..a785238 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2314,7 +2314,13 @@ cmd_getinfo (assuan_context_t ctx, char *line)
(ctx, "- Forced use of System resolver (w/o Tor support)");
else
{
+#ifdef USE_LIBDNS
+ assuan_set_okay_line (ctx, (recursive_resolver_p ()
+ ? "- Libdns recursive resolver"
+ : "- Libdns stub resolver"));
+#else
assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)");
+#endif
}
err = 0;
}
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index 8d2cba6..224e948 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -102,6 +102,11 @@ main (int argc, char **argv)
enable_standard_resolver (1);
argc--; argv++;
}
+ else if (!strcmp (*argv, "--recursive-resolver"))
+ {
+ enable_recursive_resolver (1);
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--bracket"))
{
opt_bracket = 1;
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 8f0cf54..94ef35d 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -251,6 +251,10 @@ This is mainly used for debugging. Note that on Windows a standard
resolver is not used and all DNS access will return the error ``Not
Implemented'' if this function is used.
+ at item --recursive-resolver
+ at opindex recursive-resolver
+When possible use a recursive resolver instead of a stub resolver.
+
@item --allow-version-check
@opindex allow-version-check
Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list