diff options
| author | Werner Koch <[email protected]> | 2015-10-19 11:12:24 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-10-19 11:17:58 +0000 |
| commit | 6983fd131f648ba4acd57b266de9868911874d14 (patch) | |
| tree | 0ae92d271eb2dfbaf5cb2e110f05e94b65bcdcf6 | |
| parent | dirmngr: Use Assuan socket wrappers for http.c (diff) | |
| download | gnupg-6983fd131f648ba4acd57b266de9868911874d14.tar.gz gnupg-6983fd131f648ba4acd57b266de9868911874d14.zip | |
dirmngr: Make --use-tor work - still leaks DNS.
* dirmngr/dirmngr.c (set_tor_mode): New.
(main, reread_configuration): Call it.
* dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
mode is enabled if the FORCE_TOR flag is given.
--
The patch for http.c is a sanity check because tor mode is anyway
global as long as the Assuan socket wrappers are used.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | dirmngr/dirmngr.c | 19 | ||||
| -rw-r--r-- | dirmngr/http.c | 18 | ||||
| -rw-r--r-- | doc/dirmngr.texi | 8 |
3 files changed, 36 insertions, 9 deletions
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index a32040e7b..744fb52b0 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -466,6 +466,20 @@ set_debug (void) static void +set_tor_mode (void) +{ + if (opt.use_tor) + { + if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1)) + { + log_error ("error enabling TOR mode: %s\n", strerror (errno)); + log_info ("(is your Libassuan recent enough?)\n"); + } + } +} + + +static void wrong_args (const char *text) { es_fprintf (es_stderr, _("usage: %s [options] "), DIRMNGR_NAME); @@ -985,11 +999,10 @@ main (int argc, char **argv) if (opt.use_tor) { log_info ("WARNING: ***************************************\n"); - log_info ("WARNING: TOR mode (--use-tor) DOES NOT YET WORK!\n"); + log_info ("WARNING: TOR mode (--use-tor) MAY NOT FULLY WORK!\n"); log_info ("WARNING: ***************************************\n"); } - /* Print a warning if an argument looks like an option. */ if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN)) { @@ -1018,6 +1031,7 @@ main (int argc, char **argv) } set_debug (); + set_tor_mode (); /* Get LDAP server list from file. */ #if USE_LDAP @@ -1783,6 +1797,7 @@ reread_configuration (void) fclose (fp); set_debug (); + set_tor_mode (); } diff --git a/dirmngr/http.c b/dirmngr/http.c index 6ba29873d..6f8bf3da0 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -751,8 +751,13 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port, if ((flags & HTTP_FLAG_FORCE_TOR)) { - log_error ("TOR support is not yet available\n"); - return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED); + int mode; + + if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode) + { + log_error ("TOR support is not available\n"); + return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED); + } } /* Create the handle. */ @@ -1466,8 +1471,13 @@ send_request (http_t hd, const char *httphost, const char *auth, if ((hd->flags & HTTP_FLAG_FORCE_TOR)) { - log_error ("TOR support is not yet available\n"); - return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED); + int mode; + + if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode) + { + log_error ("TOR support is not available\n"); + return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED); + } } server = *hd->uri->host ? hd->uri->host : "localhost"; diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 18e818975..d1d421194 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -238,9 +238,11 @@ useful for debugging. @item --use-tor @opindex use-tor -This options is not yet functional! It will eventually switch GnuPG -into a TOR mode to route all network access via TOR (an anonymity -network). +This option switches Dirmngr and thus GnuPG into ``TOR mode'' to route +all network access via TOR (an anonymity network). WARNING: As of now +this still leaks the DNS queries; e.g. to lookup the hosts in a +keyserver pool. Certain other features are disabled if this mode is +active. @item --keyserver @code{name} @opindex keyserver |