diff --git a/autogen.rc b/autogen.rc index 8cb7eedcb..36948178f 100644 --- a/autogen.rc +++ b/autogen.rc @@ -22,7 +22,6 @@ case "$myhost" in --with-zlib=@SYSROOT@ --with-regex=@SYSROOT@ --with-npth-prefix=@SYSROOT@ - --with-adns=@SYSROOT@ --disable-g13 " ;; diff --git a/configure.ac b/configure.ac index f3576c7e0..f8c5b4f79 100644 --- a/configure.ac +++ b/configure.ac @@ -102,7 +102,6 @@ have_gnutls=no have_sqlite=no have_npth=no have_libusb=no -have_adns=no have_system_resolver=no gnupg_have_ldap="n/a" @@ -995,44 +994,6 @@ AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt, [NETLIBS="-lsocket $NETLIBS"])) -# -# Check for ADNS. -# -_cppflags="${CPPFLAGS}" -_ldflags="${LDFLAGS}" -AC_ARG_WITH(adns, - AC_HELP_STRING([--with-adns=DIR], - [look for the adns library in DIR]), - [if test -d "$withval"; then - CPPFLAGS="${CPPFLAGS} -I$withval/include" - LDFLAGS="${LDFLAGS} -L$withval/lib" - fi]) -if test "$with_adns" != "no"; then - AC_CHECK_HEADERS(adns.h,AC_CHECK_LIB(adns, adns_init_strcfg,[have_adns=yes])) - AC_CHECK_FUNCS(adns_free) - AC_MSG_CHECKING([if adns supports adns_if_tormode]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #include - adns_initflags flags = adns_if_tormode; - ]],[])],[adns_if_tormode=yes],[adns_if_tormode=no]) - AC_MSG_RESULT($adns_if_tormode) - if test x"$adns_if_tormode" = xyes; then - AC_DEFINE(HAVE_ADNS_IF_TORMODE,1,[define if adns_if_tormode is available]) - if test "$show_tor_support" != "no"; then - show_tor_support=yes - fi - fi -fi -CPPFLAGS=${_cppflags} -LDFLAGS=${_ldflags} -if test "$have_adns" = "yes"; then - DNSLIBS="-ladns" - AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.]) -else - DNSLIBS="" -fi - - # # Check standard resolver functions. # @@ -1063,8 +1024,7 @@ if test "$build_dirmngr" = "yes"; then # Make sure that the BIND 4 resolver interface is workable before # enabling any code that calls it. At some point I'll rewrite the # code to use the BIND 8 resolver API. - # We might also want to use adns instead. Problem with ADNS is that - # it does not support v6. + # We might also want to use libdns instead. AC_MSG_CHECKING([whether the resolver is usable]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 7924fd333..6ec440d38 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -45,13 +45,6 @@ #endif #include #include -#ifdef USE_ADNS -# include -#endif - -#if !defined(HAVE_GETADDRINFO) && !defined(USE_ADNS) -# error Either getaddrinfo or the ADNS library is required. -#endif #ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ # undef USE_NPTH @@ -82,11 +75,6 @@ # define AI_ADDRCONFIG 0 #endif -/* Provide a replacement function for older ADNS versions. */ -#ifndef HAVE_ADNS_FREE -# define adns_free(a) free ((a)) -#endif - /* Not every installation has gotten around to supporting SRVs or CERTs yet... */ #ifndef T_SRV @@ -96,11 +84,8 @@ # define T_CERT 37 #endif -/* ADNS has no support for CERT yet. */ -#define my_adns_r_cert 37 - -/* The default nameserver used with ADNS in Tor mode. */ +/* The default nameserver used in Tor mode. */ #define DEFAULT_NAMESERVER "8.8.8.8" /* If set force the use of the standard resolver. */ @@ -114,9 +99,7 @@ static int tor_mode; static char tor_nameserver[40+20]; /* A string to hold the credentials presented to Tor. */ -#ifdef USE_ADNS static char tor_credentials[50]; -#endif /* Calling this function with YES set to True forces the use of the @@ -142,25 +125,17 @@ standard_resolver_p (void) gpg_error_t enable_dns_tormode (int new_circuit) { - (void) new_circuit; + if (!*tor_credentials || new_circuit) + { + static unsigned int counter; -#ifdef USE_ADNS -# if HAVE_ADNS_IF_TORMODE - if (!*tor_credentials || new_circuit) - { - static unsigned int counter; - - gpgrt_snprintf (tor_credentials, sizeof tor_credentials, - "dirmngr-%lu:p%u", - (unsigned long)getpid (), counter); - counter++; - } - tor_mode = 1; - return 0; -# endif -#endif - - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + gpgrt_snprintf (tor_credentials, sizeof tor_credentials, + "dirmngr-%lu:p%u", + (unsigned long)getpid (), counter); + counter++; + } + tor_mode = 1; + return 0; } @@ -218,177 +193,6 @@ map_eai_to_gpg_error (int ec) return err; } -#ifdef USE_ADNS -static gpg_error_t -map_adns_status_to_gpg_error (adns_status status) -{ - gpg_err_code_t ec; - - switch (status) - { - /* case adns_s_netunreach: ec = GPG_ERR_ENETUNREACH; break; */ - default: ec = GPG_ERR_GENERAL; break; - } - return gpg_error (ec); -} -#endif /*USE_ADNS*/ - - -#ifdef USE_ADNS -/* Init ADNS and store the new state at R_STATE. Returns 0 on - success; prints an error message and returns an error code on - failure. */ -static gpg_error_t -my_adns_init (adns_state *r_state) -{ - gpg_error_t err = 0; - int ret; - - if (tor_mode) - { - char *cfgstr; - - if (!*tor_nameserver) - set_dns_nameserver (NULL); - - cfgstr = xtryasprintf ("nameserver %s\n" - "options adns_tormode adns_sockscred:%s", - tor_nameserver, tor_credentials); - if (!cfgstr) - err = gpg_error_from_syserror (); - else - { - ret = adns_init_strcfg (r_state, adns_if_debug /*adns_if_noerrprint*/, NULL, cfgstr); - if (ret) - err = gpg_error_from_errno (ret); - xfree (cfgstr); - } - } - else - { - ret = adns_init (r_state, adns_if_noerrprint, NULL); - if (ret) - err = gpg_error_from_errno (ret); - } - - if (err) - { - log_error ("error initializing adns: %s\n", gpg_strerror (err)); - return err; - } - return 0; -} -#endif /*USE_ADNS*/ - - -#ifdef USE_ADNS -/* Resolve a name using the ADNS library. See resolve_dns_name for - the description. */ -static gpg_error_t -resolve_name_adns (const char *name, unsigned short port, - int want_family, int want_socktype, - dns_addrinfo_t *r_dai, char **r_canonname) -{ - gpg_error_t err = 0; - int ret; - dns_addrinfo_t daihead = NULL; - dns_addrinfo_t dai; - adns_state state; - adns_answer *answer = NULL; - int count; - - (void)want_family; - - *r_dai = NULL; - if (r_canonname) - *r_canonname = NULL; - - if (want_socktype != SOCK_STREAM && want_socktype != SOCK_DGRAM) - return gpg_error (GPG_ERR_ESOCKTNOSUPPORT); - - err = my_adns_init (&state); - if (err) - return err; - - my_unprotect (); - ret = adns_synchronous (state, name, adns_r_addr, - adns_qf_quoteok_query, &answer); - my_protect (); - if (ret) - { - err = gpg_error (gpg_err_code_from_errno (ret)); - log_error ("DNS query failed: %s\n", gpg_strerror (err)); - goto leave; - } - - err = gpg_error (GPG_ERR_NOT_FOUND); - if (answer->status != adns_s_ok || answer->type != adns_r_addr) - { - err = map_adns_status_to_gpg_error (answer->status); - if (gpg_err_code (err) == GPG_ERR_GENERAL) - err = gpg_error (GPG_ERR_NOT_FOUND); - log_error ("DNS query returned an error: %s (%s)\n", - adns_strerror (answer->status), - adns_errabbrev (answer->status)); - goto leave; - } - - if (r_canonname && answer->cname) - { - *r_canonname = xtrystrdup (answer->cname); - if (!*r_canonname) - { - err = gpg_error_from_syserror (); - goto leave; - } - } - - for (count = 0; count < answer->nrrs; count++) - { - int len; - adns_rr_addr *addr; - - len = answer->rrs.addr[count].len; - addr = &answer->rrs.addr[count]; - if (addr->addr.sa.sa_family != AF_INET6 - && addr->addr.sa.sa_family != AF_INET) - continue; - - dai = xtrymalloc (sizeof *dai + len - 1); - if (!dai) - { - err = gpg_error_from_syserror (); - goto leave; - } - dai->family = addr->addr.sa.sa_family; - dai->socktype = want_socktype == SOCK_STREAM? SOCK_STREAM : SOCK_DGRAM; - dai->protocol = want_socktype == SOCK_STREAM? IPPROTO_TCP : IPPROTO_UDP; - dai->addrlen = len; - memcpy (dai->addr, &addr->addr.sa, len); - ((struct sockaddr_in *) dai->addr)->sin_port = htons (port); - dai->next = daihead; - daihead = dai; - err = 0; - } - - leave: - adns_free (answer); - adns_finish (state); - if (err) - { - if (r_canonname) - { - xfree (*r_canonname); - *r_canonname = NULL; - } - free_dns_addrinfo (daihead); - } - else - *r_dai = daihead; - return err; -} -#endif /*USE_ADNS*/ - /* Resolve a name using the standard system function. */ static gpg_error_t @@ -572,10 +376,10 @@ resolve_dns_name (const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_ai, char **r_canonname) { -#ifdef USE_ADNS +#ifdef NOTYET if (!standard_resolver) - return resolve_name_adns (name, port, want_family, want_socktype, - r_ai, r_canonname); + return resolve_name_libdns (name, port, want_family, want_socktype, + r_ai, r_canonname); #endif return resolve_name_standard (name, port, want_family, want_socktype, r_ai, r_canonname); @@ -671,150 +475,6 @@ is_onion_address (const char *name) } -#ifdef USE_ADNS -/* ADNS version of get_dns_cert. */ -static gpg_error_t -get_dns_cert_adns (const char *name, int want_certtype, - void **r_key, size_t *r_keylen, - unsigned char **r_fpr, size_t *r_fprlen, char **r_url) -{ - gpg_error_t err; - int ret; - adns_state state; - adns_answer *answer = NULL; - unsigned int ctype; - int count; - - err = my_adns_init (&state); - if (err) - return err; - - my_unprotect (); - ret = adns_synchronous (state, name, - (adns_r_unknown - | (want_certtype < DNS_CERTTYPE_RRBASE - ? my_adns_r_cert - : (want_certtype - DNS_CERTTYPE_RRBASE))), - adns_qf_quoteok_query, &answer); - my_protect (); - if (ret) - { - err = gpg_error (gpg_err_code_from_errno (ret)); - /* log_error ("DNS query failed: %s\n", gpg_strerror (err)); */ - adns_finish (state); - return err; - } - if (answer->status != adns_s_ok) - { - /* log_error ("DNS query returned an error: %s (%s)\n", */ - /* adns_strerror (answer->status), */ - /* adns_errabbrev (answer->status)); */ - err = map_adns_status_to_gpg_error (answer->status); - if (gpg_err_code (err) == GPG_ERR_GENERAL) - err = gpg_error (GPG_ERR_NOT_FOUND); - goto leave; - } - - err = gpg_error (GPG_ERR_NOT_FOUND); - for (count = 0; count < answer->nrrs; count++) - { - int datalen = answer->rrs.byteblock[count].len; - const unsigned char *data = answer->rrs.byteblock[count].data; - - /* First check for our generic RR hack. */ - if (datalen - && want_certtype >= DNS_CERTTYPE_RRBASE - && ((want_certtype - DNS_CERTTYPE_RRBASE) - == (answer->type & ~adns_r_unknown))) - { - /* Found the requested record - return it. */ - *r_key = xtrymalloc (datalen); - if (!*r_key) - err = gpg_error_from_syserror (); - else - { - memcpy (*r_key, data, datalen); - *r_keylen = datalen; - err = 0; - } - goto leave; - } - - if (datalen < 5) - continue; /* Truncated CERT record - skip. */ - - ctype = buf16_to_uint (data); - /* (key tag and algorithm fields are not required.) */ - data += 5; - datalen -= 5; - - if (want_certtype && want_certtype != ctype) - ; /* Not of the requested certtype. */ - else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11 && r_key && r_keylen) - { - /* CERT type is PGP. Gpg checks for a minimum length of 11, - thus we do the same. */ - *r_key = xtrymalloc (datalen); - if (!*r_key) - err = gpg_error_from_syserror (); - else - { - memcpy (*r_key, data, datalen); - *r_keylen = datalen; - err = 0; - } - goto leave; - } - else if (ctype == DNS_CERTTYPE_IPGP && datalen && datalen < 1023 - && datalen >= data[0] + 1 && r_fpr && r_fprlen && r_url) - { - /* CERT type is IPGP. We made sure that the data is - plausible and that the caller requested this - information. */ - *r_fprlen = data[0]; - if (*r_fprlen) - { - *r_fpr = xtrymalloc (*r_fprlen); - if (!*r_fpr) - { - err = gpg_error_from_syserror (); - goto leave; - } - memcpy (*r_fpr, data + 1, *r_fprlen); - } - else - *r_fpr = NULL; - - if (datalen > *r_fprlen + 1) - { - *r_url = xtrymalloc (datalen - (*r_fprlen + 1) + 1); - if (!*r_url) - { - err = gpg_error_from_syserror (); - xfree (*r_fpr); - *r_fpr = NULL; - goto leave; - } - memcpy (*r_url, - data + (*r_fprlen + 1), datalen - (*r_fprlen + 1)); - (*r_url)[datalen - (*r_fprlen + 1)] = '\0'; - } - else - *r_url = NULL; - - err = 0; - goto leave; - } - } - - leave: - adns_free (answer); - adns_finish (state); - return err; -} -#endif /*!USE_ADNS */ - - /* Standard resolver version of get_dns_cert. */ static gpg_error_t get_dns_cert_standard (const char *name, int want_certtype, @@ -1041,11 +701,11 @@ get_dns_cert (const char *name, int want_certtype, *r_fprlen = 0; *r_url = NULL; -#ifdef USE_ADNS +#ifdef NOTYET if (!standard_resolver) - return get_dns_cert_adns (name, want_certtype, r_key, r_keylen, - r_fpr, r_fprlen, r_url); -#endif /*!USE_ADNS */ + return get_dns_cert_libdns (name, want_certtype, r_key, r_keylen, + r_fpr, r_fprlen, r_url); +#endif return get_dns_cert_standard (name, want_certtype, r_key, r_keylen, r_fpr, r_fprlen, r_url); } @@ -1064,78 +724,6 @@ priosort(const void *a,const void *b) } -#ifdef USE_ADNS -/* ADNS based helper for getsrv. */ -static int -getsrv_adns (const char *name, struct srventry **list) -{ - int srvcount = 0; - u16 count; - int rc; - adns_state state; - adns_answer *answer = NULL; - - if (my_adns_init (&state)) - return -1; - - my_unprotect (); - rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query, - &answer); - my_protect (); - if (rc) - { - log_error ("DNS query failed: %s\n", strerror (rc)); - adns_finish (state); - return -1; - } - if (answer->status != adns_s_ok - || answer->type != adns_r_srv || !answer->nrrs) - { - log_error ("DNS query returned an error or no records: %s (%s)\n", - adns_strerror (answer->status), - adns_errabbrev (answer->status)); - adns_free (answer); - adns_finish (state); - return 0; - } - - for (count = 0; count < answer->nrrs; count++) - { - struct srventry *srv = NULL; - struct srventry *newlist; - - if (strlen (answer->rrs.srvha[count].ha.host) >= sizeof srv->target) - { - log_info ("hostname in SRV record too long - skipped\n"); - continue; - } - - newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry)); - if (!newlist) - { - xfree (*list); - *list = NULL; - return -1; - } - *list = newlist; - memset (&(*list)[srvcount], 0, sizeof(struct srventry)); - srv = &(*list)[srvcount]; - srvcount++; - - srv->priority = answer->rrs.srvha[count].priority; - srv->weight = answer->rrs.srvha[count].weight; - srv->port = answer->rrs.srvha[count].port; - strcpy (srv->target, answer->rrs.srvha[count].ha.host); - } - - adns_free (answer); - adns_finish (state); - - return srvcount; -} -#endif /*USE_ADNS*/ - - /* Standard resolver based helper for getsrv. */ static int getsrv_standard (const char *name, struct srventry **list) @@ -1264,10 +852,10 @@ getsrv (const char *name, struct srventry **list) if (0) ; -#ifdef USE_ADNS +#ifdef NOTYET else if (!standard_resolver) - srvcount = getsrv_adns (name, list); -#endif /*!USE_ADNS*/ + srvcount = getsrv_libdns (name, list); +#endif else srvcount = getsrv_standard (name, list); @@ -1351,54 +939,6 @@ getsrv (const char *name, struct srventry **list) } -#ifdef USE_ADNS -/* ADNS version of get_dns_cname. */ -gpg_error_t -get_dns_cname_adns (const char *name, char **r_cname) -{ - gpg_error_t err; - int rc; - adns_state state; - adns_answer *answer = NULL; - - if (my_adns_init (&state)) - return gpg_error (GPG_ERR_GENERAL); - - my_unprotect (); - rc = adns_synchronous (state, name, adns_r_cname, adns_qf_quoteok_query, - &answer); - my_protect (); - if (rc) - { - err = gpg_error (gpg_err_code_from_errno (rc)); - log_error ("DNS query failed: %s\n", gpg_strerror (err)); - adns_finish (state); - return err; - } - if (answer->status != adns_s_ok - || answer->type != adns_r_cname || answer->nrrs != 1) - { - err = map_adns_status_to_gpg_error (answer->status); - log_error ("DNS query returned an error or no records: %s (%s)\n", - adns_strerror (answer->status), - adns_errabbrev (answer->status)); - adns_free (answer); - adns_finish (state); - return err; - } - *r_cname = xtrystrdup (answer->rrs.str[0]); - if (!*r_cname) - err = gpg_error_from_syserror (); - else - err = 0; - - adns_free (answer); - adns_finish (state); - return err; -} -#endif /*USE_ADNS*/ - - /* Standard resolver version of get_dns_cname. */ gpg_error_t get_dns_cname_standard (const char *name, char **r_cname) @@ -1482,10 +1022,10 @@ get_dns_cname (const char *name, char **r_cname) { *r_cname = NULL; -#ifdef USE_ADNS +#ifdef NOTYET if (!standard_resolver) - return get_dns_cname_adns (name, r_cname); -#endif /*!USE_ADNS*/ + return get_dns_cname_libdns (name, r_cname); +#endif return get_dns_cname_standard (name, r_cname); } diff --git a/dirmngr/server.c b/dirmngr/server.c index f1d762d4f..3e66868e7 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2314,13 +2314,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) (ctx, "- Forced use of System resolver (w/o Tor support)"); else { -#if USE_ADNS && HAVE_ADNS_IF_TORMODE - assuan_set_okay_line (ctx, "- ADNS with Tor support"); -#elif USE_ADNS - assuan_set_okay_line (ctx, "- ADNS w/o Tor support"); -#else assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)"); -#endif } err = 0; } diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 62a41b674..8f0cf5494 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -293,8 +293,7 @@ In ``Tor mode'' Dirmngr uses a public resolver via Tor to resolve DNS names. If the default public resolver, which is @code{8.8.8.8}, shall not be used a different one can be given using this option. Note that a numerical IP address must be given (IPv6 or IPv4) and that no error -checking is done for @var{ipaddr}. DNS queries in Tor mode do only -work if GnuPG as been build with ADNS support. +checking is done for @var{ipaddr}. @item --disable-ldap @opindex disable-ldap