diff options
| author | Werner Koch <[email protected]> | 2015-11-09 19:44:13 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-11-09 19:44:13 +0000 |
| commit | 288c9919dc45496b2380eeac487a8539692d6842 (patch) | |
| tree | fcb02fb3741d0fc819fa97b9541437e951bd90ea /dirmngr/dns-stuff.c | |
| parent | dirmngr: Improve detection of ADNS. (diff) | |
| download | gnupg-288c9919dc45496b2380eeac487a8539692d6842.tar.gz gnupg-288c9919dc45496b2380eeac487a8539692d6842.zip | |
dirmngr: Change to new ADNS Tor mode init scheme.
* dirmngr/dns-stuff.c (tor_credentials): New.
(enable_dns_tormode): Add arg new_circuit and update tor_credentials.
(my_adns_init): Rework to set Tor mode using a config file options and
always use credentials.
* dirmngr/server.c (cmd_dns_cert): Improve error message.
* dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
--
Note that the option --new-circuit in t-dns-stuff is not really useful
because a new circuit is also used for the first call to the function.
Todo: We need to find a policy when to requrest a new curcuit and we
also need to add credentials to the assuan_sock_connect calls.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | dirmngr/dns-stuff.c | 53 |
1 files changed, 46 insertions, 7 deletions
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index cae2c5737..6bf36a553 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -85,17 +85,32 @@ /* If set Tor mode shall be used. */ static int tor_mode; +/* A string to hold the credentials presented to Tor. */ +#ifdef USE_ADNS +static char tor_credentials[50]; +#endif + /* Sets the module in Tor mode. Returns 0 is this is possible or an error code. */ gpg_error_t -enable_dns_tormode (void) +enable_dns_tormode (int new_circuit) { #if defined(USE_DNS_CERT) && defined(USE_ADNS) # if HAVE_ADNS_IF_TORMODE + if (!*tor_credentials || new_circuit) + { + static unsigned int counter; + + gpgrt_snprintf (tor_credentials, sizeof tor_credentials, + "dirmngr-%lu:p%u", + (unsigned long)getpid (), counter); + counter++; + } tor_mode = 1; return 0; # endif #endif + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); } @@ -145,14 +160,35 @@ map_eai_to_gpg_error (int ec) static gpg_error_t my_adns_init (adns_state *r_state) { - gpg_error_t err; + gpg_error_t err = 0; + int ret; - if (tor_mode? adns_init_strcfg (r_state, - adns_if_noerrprint|adns_if_tormode, - NULL, "nameserver 8.8.8.8") - /* */: adns_init (r_state, adns_if_noerrprint, NULL)) + if (tor_mode) + { + char *cfgstr; + + cfgstr = xtryasprintf ("nameserver %s\n" + "options adns_tormode adns_sockscred:%s", + "8.8.8.8", tor_credentials); + if (!cfgstr) + err = gpg_error_from_syserror (); + else + { + ret = adns_init_strcfg (r_state, adns_if_noerrprint, NULL, cfgstr); + if (ret) + err = gpg_error_from_errno (ret); + xfree (cfgstr); + } + } + else + { + ret = adns_init (r_state, adns_if_noerrprint, NULL); + if (ret) + err = gpg_error_from_errno (ret); + } + + if (err) { - err = gpg_error_from_syserror (); log_error ("error initializing adns: %s\n", gpg_strerror (err)); return err; } @@ -176,6 +212,9 @@ resolve_name_adns (const char *name, unsigned short port, adns_answer *answer = NULL; int count; + (void)port; + (void)want_family; + *r_dai = NULL; if (r_canonname) *r_canonname = NULL; |