dirmngr: Add option --use-tor as a stub.

* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.

* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.  Also pass TOR flag to the
http module.

* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--

More work is required to actually make --use-tor useful.  For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.

Signed-off-by: Werner Koch <[email protected]>

1 files changed, 17 insertions, 1 deletions

diff --git a/dirmngr/server.c b/dirmngr/server.c
index 0f1d2623e..694a881cc 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -626,6 +626,12 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
       else if (!(ctrl->http_proxy = xtrystrdup (value)))
         err = gpg_error_from_syserror ();
     }
+  else if (!strcmp (key, "honor-keyserver-url-used"))
+    {
+      /* Return an error if we are running in TOR mode.  */
+      if (opt.use_tor)
+        err = gpg_error (GPG_ERR_FORBIDDEN);
+    }
   else
     err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
 
@@ -697,6 +703,12 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
         }
     }
 
+  if (opt.use_tor)
+    {
+      err = gpg_error (GPG_ERR_FORBIDDEN);
+      goto leave;
+    }
+
   if (pka_mode)
     {
       char *domain;  /* Points to mbox.  */
@@ -1970,7 +1982,7 @@ static const char hlp_getinfo[] =
   "\n"
   "version     - Return the version of the program.\n"
   "pid         - Return the process id of the server.\n"
-  "\n"
+  "tor         - Return OK if running in TOR mode\n"
   "socket_name - Return the name of the socket.\n";
 static gpg_error_t
 cmd_getinfo (assuan_context_t ctx, char *line)
@@ -2001,6 +2013,10 @@ cmd_getinfo (assuan_context_t ctx, char *line)
       else
         err = gpg_error (GPG_ERR_NO_DATA);
     }
+  else if (!strcmp (line, "tor"))
+    {
+      err = opt.use_tor? 0:set_error (GPG_ERR_GENERAL, "TOR mode not enabled");
+    }
   else
     err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");