mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
dirmngr,build: Remove support for ADNS.
* autogen.rc: Remove '--with-adns' argument. * configure.ac: Remove check for ADNS. * dirmngr/dns-stuff.c: Remove all code that uses ADNS. * dirmngr/server.c (cmd_getinfo): Update status line. * doc/dirmngr.texi: Do not mention ADNS. -- We used ADNS to support queries over Tor. However, our patch to ADNS that adds Tor support was never accepted upstream. Furthermore, there are other shortcomings that let us to consider alternatives. Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
parent
57aa42ce9b
commit
2e734a3ce1
@ -22,7 +22,6 @@ case "$myhost" in
|
|||||||
--with-zlib=@SYSROOT@
|
--with-zlib=@SYSROOT@
|
||||||
--with-regex=@SYSROOT@
|
--with-regex=@SYSROOT@
|
||||||
--with-npth-prefix=@SYSROOT@
|
--with-npth-prefix=@SYSROOT@
|
||||||
--with-adns=@SYSROOT@
|
|
||||||
--disable-g13
|
--disable-g13
|
||||||
"
|
"
|
||||||
;;
|
;;
|
||||||
|
42
configure.ac
42
configure.ac
@ -102,7 +102,6 @@ have_gnutls=no
|
|||||||
have_sqlite=no
|
have_sqlite=no
|
||||||
have_npth=no
|
have_npth=no
|
||||||
have_libusb=no
|
have_libusb=no
|
||||||
have_adns=no
|
|
||||||
have_system_resolver=no
|
have_system_resolver=no
|
||||||
gnupg_have_ldap="n/a"
|
gnupg_have_ldap="n/a"
|
||||||
|
|
||||||
@ -995,44 +994,6 @@ AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
|
|||||||
[NETLIBS="-lsocket $NETLIBS"]))
|
[NETLIBS="-lsocket $NETLIBS"]))
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# Check for ADNS.
|
|
||||||
#
|
|
||||||
_cppflags="${CPPFLAGS}"
|
|
||||||
_ldflags="${LDFLAGS}"
|
|
||||||
AC_ARG_WITH(adns,
|
|
||||||
AC_HELP_STRING([--with-adns=DIR],
|
|
||||||
[look for the adns library in DIR]),
|
|
||||||
[if test -d "$withval"; then
|
|
||||||
CPPFLAGS="${CPPFLAGS} -I$withval/include"
|
|
||||||
LDFLAGS="${LDFLAGS} -L$withval/lib"
|
|
||||||
fi])
|
|
||||||
if test "$with_adns" != "no"; then
|
|
||||||
AC_CHECK_HEADERS(adns.h,AC_CHECK_LIB(adns, adns_init_strcfg,[have_adns=yes]))
|
|
||||||
AC_CHECK_FUNCS(adns_free)
|
|
||||||
AC_MSG_CHECKING([if adns supports adns_if_tormode])
|
|
||||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
|
||||||
#include <adns.h>
|
|
||||||
adns_initflags flags = adns_if_tormode;
|
|
||||||
]],[])],[adns_if_tormode=yes],[adns_if_tormode=no])
|
|
||||||
AC_MSG_RESULT($adns_if_tormode)
|
|
||||||
if test x"$adns_if_tormode" = xyes; then
|
|
||||||
AC_DEFINE(HAVE_ADNS_IF_TORMODE,1,[define if adns_if_tormode is available])
|
|
||||||
if test "$show_tor_support" != "no"; then
|
|
||||||
show_tor_support=yes
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
CPPFLAGS=${_cppflags}
|
|
||||||
LDFLAGS=${_ldflags}
|
|
||||||
if test "$have_adns" = "yes"; then
|
|
||||||
DNSLIBS="-ladns"
|
|
||||||
AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
|
|
||||||
else
|
|
||||||
DNSLIBS=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Check standard resolver functions.
|
# Check standard resolver functions.
|
||||||
#
|
#
|
||||||
@ -1063,8 +1024,7 @@ if test "$build_dirmngr" = "yes"; then
|
|||||||
# Make sure that the BIND 4 resolver interface is workable before
|
# Make sure that the BIND 4 resolver interface is workable before
|
||||||
# enabling any code that calls it. At some point I'll rewrite the
|
# enabling any code that calls it. At some point I'll rewrite the
|
||||||
# code to use the BIND 8 resolver API.
|
# code to use the BIND 8 resolver API.
|
||||||
# We might also want to use adns instead. Problem with ADNS is that
|
# We might also want to use libdns instead.
|
||||||
# it does not support v6.
|
|
||||||
|
|
||||||
AC_MSG_CHECKING([whether the resolver is usable])
|
AC_MSG_CHECKING([whether the resolver is usable])
|
||||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
|
||||||
|
@ -45,13 +45,6 @@
|
|||||||
#endif
|
#endif
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#ifdef USE_ADNS
|
|
||||||
# include <adns.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if !defined(HAVE_GETADDRINFO) && !defined(USE_ADNS)
|
|
||||||
# error Either getaddrinfo or the ADNS library is required.
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */
|
#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */
|
||||||
# undef USE_NPTH
|
# undef USE_NPTH
|
||||||
@ -82,11 +75,6 @@
|
|||||||
# define AI_ADDRCONFIG 0
|
# define AI_ADDRCONFIG 0
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Provide a replacement function for older ADNS versions. */
|
|
||||||
#ifndef HAVE_ADNS_FREE
|
|
||||||
# define adns_free(a) free ((a))
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Not every installation has gotten around to supporting SRVs or
|
/* Not every installation has gotten around to supporting SRVs or
|
||||||
CERTs yet... */
|
CERTs yet... */
|
||||||
#ifndef T_SRV
|
#ifndef T_SRV
|
||||||
@ -96,11 +84,8 @@
|
|||||||
# define T_CERT 37
|
# define T_CERT 37
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* ADNS has no support for CERT yet. */
|
|
||||||
#define my_adns_r_cert 37
|
|
||||||
|
|
||||||
|
/* The default nameserver used in Tor mode. */
|
||||||
/* The default nameserver used with ADNS in Tor mode. */
|
|
||||||
#define DEFAULT_NAMESERVER "8.8.8.8"
|
#define DEFAULT_NAMESERVER "8.8.8.8"
|
||||||
|
|
||||||
/* If set force the use of the standard resolver. */
|
/* If set force the use of the standard resolver. */
|
||||||
@ -114,9 +99,7 @@ static int tor_mode;
|
|||||||
static char tor_nameserver[40+20];
|
static char tor_nameserver[40+20];
|
||||||
|
|
||||||
/* A string to hold the credentials presented to Tor. */
|
/* A string to hold the credentials presented to Tor. */
|
||||||
#ifdef USE_ADNS
|
|
||||||
static char tor_credentials[50];
|
static char tor_credentials[50];
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
/* Calling this function with YES set to True forces the use of the
|
/* Calling this function with YES set to True forces the use of the
|
||||||
@ -142,10 +125,6 @@ standard_resolver_p (void)
|
|||||||
gpg_error_t
|
gpg_error_t
|
||||||
enable_dns_tormode (int new_circuit)
|
enable_dns_tormode (int new_circuit)
|
||||||
{
|
{
|
||||||
(void) new_circuit;
|
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
|
||||||
# if HAVE_ADNS_IF_TORMODE
|
|
||||||
if (!*tor_credentials || new_circuit)
|
if (!*tor_credentials || new_circuit)
|
||||||
{
|
{
|
||||||
static unsigned int counter;
|
static unsigned int counter;
|
||||||
@ -157,10 +136,6 @@ enable_dns_tormode (int new_circuit)
|
|||||||
}
|
}
|
||||||
tor_mode = 1;
|
tor_mode = 1;
|
||||||
return 0;
|
return 0;
|
||||||
# endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -218,177 +193,6 @@ map_eai_to_gpg_error (int ec)
|
|||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
|
||||||
static gpg_error_t
|
|
||||||
map_adns_status_to_gpg_error (adns_status status)
|
|
||||||
{
|
|
||||||
gpg_err_code_t ec;
|
|
||||||
|
|
||||||
switch (status)
|
|
||||||
{
|
|
||||||
/* case adns_s_netunreach: ec = GPG_ERR_ENETUNREACH; break; */
|
|
||||||
default: ec = GPG_ERR_GENERAL; break;
|
|
||||||
}
|
|
||||||
return gpg_error (ec);
|
|
||||||
}
|
|
||||||
#endif /*USE_ADNS*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
|
||||||
/* Init ADNS and store the new state at R_STATE. Returns 0 on
|
|
||||||
success; prints an error message and returns an error code on
|
|
||||||
failure. */
|
|
||||||
static gpg_error_t
|
|
||||||
my_adns_init (adns_state *r_state)
|
|
||||||
{
|
|
||||||
gpg_error_t err = 0;
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
if (tor_mode)
|
|
||||||
{
|
|
||||||
char *cfgstr;
|
|
||||||
|
|
||||||
if (!*tor_nameserver)
|
|
||||||
set_dns_nameserver (NULL);
|
|
||||||
|
|
||||||
cfgstr = xtryasprintf ("nameserver %s\n"
|
|
||||||
"options adns_tormode adns_sockscred:%s",
|
|
||||||
tor_nameserver, tor_credentials);
|
|
||||||
if (!cfgstr)
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
else
|
|
||||||
{
|
|
||||||
ret = adns_init_strcfg (r_state, adns_if_debug /*adns_if_noerrprint*/, NULL, cfgstr);
|
|
||||||
if (ret)
|
|
||||||
err = gpg_error_from_errno (ret);
|
|
||||||
xfree (cfgstr);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
ret = adns_init (r_state, adns_if_noerrprint, NULL);
|
|
||||||
if (ret)
|
|
||||||
err = gpg_error_from_errno (ret);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (err)
|
|
||||||
{
|
|
||||||
log_error ("error initializing adns: %s\n", gpg_strerror (err));
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif /*USE_ADNS*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
|
||||||
/* Resolve a name using the ADNS library. See resolve_dns_name for
|
|
||||||
the description. */
|
|
||||||
static gpg_error_t
|
|
||||||
resolve_name_adns (const char *name, unsigned short port,
|
|
||||||
int want_family, int want_socktype,
|
|
||||||
dns_addrinfo_t *r_dai, char **r_canonname)
|
|
||||||
{
|
|
||||||
gpg_error_t err = 0;
|
|
||||||
int ret;
|
|
||||||
dns_addrinfo_t daihead = NULL;
|
|
||||||
dns_addrinfo_t dai;
|
|
||||||
adns_state state;
|
|
||||||
adns_answer *answer = NULL;
|
|
||||||
int count;
|
|
||||||
|
|
||||||
(void)want_family;
|
|
||||||
|
|
||||||
*r_dai = NULL;
|
|
||||||
if (r_canonname)
|
|
||||||
*r_canonname = NULL;
|
|
||||||
|
|
||||||
if (want_socktype != SOCK_STREAM && want_socktype != SOCK_DGRAM)
|
|
||||||
return gpg_error (GPG_ERR_ESOCKTNOSUPPORT);
|
|
||||||
|
|
||||||
err = my_adns_init (&state);
|
|
||||||
if (err)
|
|
||||||
return err;
|
|
||||||
|
|
||||||
my_unprotect ();
|
|
||||||
ret = adns_synchronous (state, name, adns_r_addr,
|
|
||||||
adns_qf_quoteok_query, &answer);
|
|
||||||
my_protect ();
|
|
||||||
if (ret)
|
|
||||||
{
|
|
||||||
err = gpg_error (gpg_err_code_from_errno (ret));
|
|
||||||
log_error ("DNS query failed: %s\n", gpg_strerror (err));
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
err = gpg_error (GPG_ERR_NOT_FOUND);
|
|
||||||
if (answer->status != adns_s_ok || answer->type != adns_r_addr)
|
|
||||||
{
|
|
||||||
err = map_adns_status_to_gpg_error (answer->status);
|
|
||||||
if (gpg_err_code (err) == GPG_ERR_GENERAL)
|
|
||||||
err = gpg_error (GPG_ERR_NOT_FOUND);
|
|
||||||
log_error ("DNS query returned an error: %s (%s)\n",
|
|
||||||
adns_strerror (answer->status),
|
|
||||||
adns_errabbrev (answer->status));
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (r_canonname && answer->cname)
|
|
||||||
{
|
|
||||||
*r_canonname = xtrystrdup (answer->cname);
|
|
||||||
if (!*r_canonname)
|
|
||||||
{
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for (count = 0; count < answer->nrrs; count++)
|
|
||||||
{
|
|
||||||
int len;
|
|
||||||
adns_rr_addr *addr;
|
|
||||||
|
|
||||||
len = answer->rrs.addr[count].len;
|
|
||||||
addr = &answer->rrs.addr[count];
|
|
||||||
if (addr->addr.sa.sa_family != AF_INET6
|
|
||||||
&& addr->addr.sa.sa_family != AF_INET)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
dai = xtrymalloc (sizeof *dai + len - 1);
|
|
||||||
if (!dai)
|
|
||||||
{
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
dai->family = addr->addr.sa.sa_family;
|
|
||||||
dai->socktype = want_socktype == SOCK_STREAM? SOCK_STREAM : SOCK_DGRAM;
|
|
||||||
dai->protocol = want_socktype == SOCK_STREAM? IPPROTO_TCP : IPPROTO_UDP;
|
|
||||||
dai->addrlen = len;
|
|
||||||
memcpy (dai->addr, &addr->addr.sa, len);
|
|
||||||
((struct sockaddr_in *) dai->addr)->sin_port = htons (port);
|
|
||||||
dai->next = daihead;
|
|
||||||
daihead = dai;
|
|
||||||
err = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
leave:
|
|
||||||
adns_free (answer);
|
|
||||||
adns_finish (state);
|
|
||||||
if (err)
|
|
||||||
{
|
|
||||||
if (r_canonname)
|
|
||||||
{
|
|
||||||
xfree (*r_canonname);
|
|
||||||
*r_canonname = NULL;
|
|
||||||
}
|
|
||||||
free_dns_addrinfo (daihead);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
*r_dai = daihead;
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
#endif /*USE_ADNS*/
|
|
||||||
|
|
||||||
|
|
||||||
/* Resolve a name using the standard system function. */
|
/* Resolve a name using the standard system function. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
@ -572,9 +376,9 @@ resolve_dns_name (const char *name, unsigned short port,
|
|||||||
int want_family, int want_socktype,
|
int want_family, int want_socktype,
|
||||||
dns_addrinfo_t *r_ai, char **r_canonname)
|
dns_addrinfo_t *r_ai, char **r_canonname)
|
||||||
{
|
{
|
||||||
#ifdef USE_ADNS
|
#ifdef NOTYET
|
||||||
if (!standard_resolver)
|
if (!standard_resolver)
|
||||||
return resolve_name_adns (name, port, want_family, want_socktype,
|
return resolve_name_libdns (name, port, want_family, want_socktype,
|
||||||
r_ai, r_canonname);
|
r_ai, r_canonname);
|
||||||
#endif
|
#endif
|
||||||
return resolve_name_standard (name, port, want_family, want_socktype,
|
return resolve_name_standard (name, port, want_family, want_socktype,
|
||||||
@ -671,150 +475,6 @@ is_onion_address (const char *name)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
|
||||||
/* ADNS version of get_dns_cert. */
|
|
||||||
static gpg_error_t
|
|
||||||
get_dns_cert_adns (const char *name, int want_certtype,
|
|
||||||
void **r_key, size_t *r_keylen,
|
|
||||||
unsigned char **r_fpr, size_t *r_fprlen, char **r_url)
|
|
||||||
{
|
|
||||||
gpg_error_t err;
|
|
||||||
int ret;
|
|
||||||
adns_state state;
|
|
||||||
adns_answer *answer = NULL;
|
|
||||||
unsigned int ctype;
|
|
||||||
int count;
|
|
||||||
|
|
||||||
err = my_adns_init (&state);
|
|
||||||
if (err)
|
|
||||||
return err;
|
|
||||||
|
|
||||||
my_unprotect ();
|
|
||||||
ret = adns_synchronous (state, name,
|
|
||||||
(adns_r_unknown
|
|
||||||
| (want_certtype < DNS_CERTTYPE_RRBASE
|
|
||||||
? my_adns_r_cert
|
|
||||||
: (want_certtype - DNS_CERTTYPE_RRBASE))),
|
|
||||||
adns_qf_quoteok_query, &answer);
|
|
||||||
my_protect ();
|
|
||||||
if (ret)
|
|
||||||
{
|
|
||||||
err = gpg_error (gpg_err_code_from_errno (ret));
|
|
||||||
/* log_error ("DNS query failed: %s\n", gpg_strerror (err)); */
|
|
||||||
adns_finish (state);
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
if (answer->status != adns_s_ok)
|
|
||||||
{
|
|
||||||
/* log_error ("DNS query returned an error: %s (%s)\n", */
|
|
||||||
/* adns_strerror (answer->status), */
|
|
||||||
/* adns_errabbrev (answer->status)); */
|
|
||||||
err = map_adns_status_to_gpg_error (answer->status);
|
|
||||||
if (gpg_err_code (err) == GPG_ERR_GENERAL)
|
|
||||||
err = gpg_error (GPG_ERR_NOT_FOUND);
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
err = gpg_error (GPG_ERR_NOT_FOUND);
|
|
||||||
for (count = 0; count < answer->nrrs; count++)
|
|
||||||
{
|
|
||||||
int datalen = answer->rrs.byteblock[count].len;
|
|
||||||
const unsigned char *data = answer->rrs.byteblock[count].data;
|
|
||||||
|
|
||||||
/* First check for our generic RR hack. */
|
|
||||||
if (datalen
|
|
||||||
&& want_certtype >= DNS_CERTTYPE_RRBASE
|
|
||||||
&& ((want_certtype - DNS_CERTTYPE_RRBASE)
|
|
||||||
== (answer->type & ~adns_r_unknown)))
|
|
||||||
{
|
|
||||||
/* Found the requested record - return it. */
|
|
||||||
*r_key = xtrymalloc (datalen);
|
|
||||||
if (!*r_key)
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
else
|
|
||||||
{
|
|
||||||
memcpy (*r_key, data, datalen);
|
|
||||||
*r_keylen = datalen;
|
|
||||||
err = 0;
|
|
||||||
}
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (datalen < 5)
|
|
||||||
continue; /* Truncated CERT record - skip. */
|
|
||||||
|
|
||||||
ctype = buf16_to_uint (data);
|
|
||||||
/* (key tag and algorithm fields are not required.) */
|
|
||||||
data += 5;
|
|
||||||
datalen -= 5;
|
|
||||||
|
|
||||||
if (want_certtype && want_certtype != ctype)
|
|
||||||
; /* Not of the requested certtype. */
|
|
||||||
else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11 && r_key && r_keylen)
|
|
||||||
{
|
|
||||||
/* CERT type is PGP. Gpg checks for a minimum length of 11,
|
|
||||||
thus we do the same. */
|
|
||||||
*r_key = xtrymalloc (datalen);
|
|
||||||
if (!*r_key)
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
else
|
|
||||||
{
|
|
||||||
memcpy (*r_key, data, datalen);
|
|
||||||
*r_keylen = datalen;
|
|
||||||
err = 0;
|
|
||||||
}
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
else if (ctype == DNS_CERTTYPE_IPGP && datalen && datalen < 1023
|
|
||||||
&& datalen >= data[0] + 1 && r_fpr && r_fprlen && r_url)
|
|
||||||
{
|
|
||||||
/* CERT type is IPGP. We made sure that the data is
|
|
||||||
plausible and that the caller requested this
|
|
||||||
information. */
|
|
||||||
*r_fprlen = data[0];
|
|
||||||
if (*r_fprlen)
|
|
||||||
{
|
|
||||||
*r_fpr = xtrymalloc (*r_fprlen);
|
|
||||||
if (!*r_fpr)
|
|
||||||
{
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
memcpy (*r_fpr, data + 1, *r_fprlen);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
*r_fpr = NULL;
|
|
||||||
|
|
||||||
if (datalen > *r_fprlen + 1)
|
|
||||||
{
|
|
||||||
*r_url = xtrymalloc (datalen - (*r_fprlen + 1) + 1);
|
|
||||||
if (!*r_url)
|
|
||||||
{
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
xfree (*r_fpr);
|
|
||||||
*r_fpr = NULL;
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
memcpy (*r_url,
|
|
||||||
data + (*r_fprlen + 1), datalen - (*r_fprlen + 1));
|
|
||||||
(*r_url)[datalen - (*r_fprlen + 1)] = '\0';
|
|
||||||
}
|
|
||||||
else
|
|
||||||
*r_url = NULL;
|
|
||||||
|
|
||||||
err = 0;
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
leave:
|
|
||||||
adns_free (answer);
|
|
||||||
adns_finish (state);
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
#endif /*!USE_ADNS */
|
|
||||||
|
|
||||||
|
|
||||||
/* Standard resolver version of get_dns_cert. */
|
/* Standard resolver version of get_dns_cert. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
get_dns_cert_standard (const char *name, int want_certtype,
|
get_dns_cert_standard (const char *name, int want_certtype,
|
||||||
@ -1041,11 +701,11 @@ get_dns_cert (const char *name, int want_certtype,
|
|||||||
*r_fprlen = 0;
|
*r_fprlen = 0;
|
||||||
*r_url = NULL;
|
*r_url = NULL;
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
#ifdef NOTYET
|
||||||
if (!standard_resolver)
|
if (!standard_resolver)
|
||||||
return get_dns_cert_adns (name, want_certtype, r_key, r_keylen,
|
return get_dns_cert_libdns (name, want_certtype, r_key, r_keylen,
|
||||||
r_fpr, r_fprlen, r_url);
|
r_fpr, r_fprlen, r_url);
|
||||||
#endif /*!USE_ADNS */
|
#endif
|
||||||
return get_dns_cert_standard (name, want_certtype, r_key, r_keylen,
|
return get_dns_cert_standard (name, want_certtype, r_key, r_keylen,
|
||||||
r_fpr, r_fprlen, r_url);
|
r_fpr, r_fprlen, r_url);
|
||||||
}
|
}
|
||||||
@ -1064,78 +724,6 @@ priosort(const void *a,const void *b)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
|
||||||
/* ADNS based helper for getsrv. */
|
|
||||||
static int
|
|
||||||
getsrv_adns (const char *name, struct srventry **list)
|
|
||||||
{
|
|
||||||
int srvcount = 0;
|
|
||||||
u16 count;
|
|
||||||
int rc;
|
|
||||||
adns_state state;
|
|
||||||
adns_answer *answer = NULL;
|
|
||||||
|
|
||||||
if (my_adns_init (&state))
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
my_unprotect ();
|
|
||||||
rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
|
|
||||||
&answer);
|
|
||||||
my_protect ();
|
|
||||||
if (rc)
|
|
||||||
{
|
|
||||||
log_error ("DNS query failed: %s\n", strerror (rc));
|
|
||||||
adns_finish (state);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (answer->status != adns_s_ok
|
|
||||||
|| answer->type != adns_r_srv || !answer->nrrs)
|
|
||||||
{
|
|
||||||
log_error ("DNS query returned an error or no records: %s (%s)\n",
|
|
||||||
adns_strerror (answer->status),
|
|
||||||
adns_errabbrev (answer->status));
|
|
||||||
adns_free (answer);
|
|
||||||
adns_finish (state);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (count = 0; count < answer->nrrs; count++)
|
|
||||||
{
|
|
||||||
struct srventry *srv = NULL;
|
|
||||||
struct srventry *newlist;
|
|
||||||
|
|
||||||
if (strlen (answer->rrs.srvha[count].ha.host) >= sizeof srv->target)
|
|
||||||
{
|
|
||||||
log_info ("hostname in SRV record too long - skipped\n");
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
|
|
||||||
if (!newlist)
|
|
||||||
{
|
|
||||||
xfree (*list);
|
|
||||||
*list = NULL;
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
*list = newlist;
|
|
||||||
memset (&(*list)[srvcount], 0, sizeof(struct srventry));
|
|
||||||
srv = &(*list)[srvcount];
|
|
||||||
srvcount++;
|
|
||||||
|
|
||||||
srv->priority = answer->rrs.srvha[count].priority;
|
|
||||||
srv->weight = answer->rrs.srvha[count].weight;
|
|
||||||
srv->port = answer->rrs.srvha[count].port;
|
|
||||||
strcpy (srv->target, answer->rrs.srvha[count].ha.host);
|
|
||||||
}
|
|
||||||
|
|
||||||
adns_free (answer);
|
|
||||||
adns_finish (state);
|
|
||||||
|
|
||||||
return srvcount;
|
|
||||||
}
|
|
||||||
#endif /*USE_ADNS*/
|
|
||||||
|
|
||||||
|
|
||||||
/* Standard resolver based helper for getsrv. */
|
/* Standard resolver based helper for getsrv. */
|
||||||
static int
|
static int
|
||||||
getsrv_standard (const char *name, struct srventry **list)
|
getsrv_standard (const char *name, struct srventry **list)
|
||||||
@ -1264,10 +852,10 @@ getsrv (const char *name, struct srventry **list)
|
|||||||
|
|
||||||
if (0)
|
if (0)
|
||||||
;
|
;
|
||||||
#ifdef USE_ADNS
|
#ifdef NOTYET
|
||||||
else if (!standard_resolver)
|
else if (!standard_resolver)
|
||||||
srvcount = getsrv_adns (name, list);
|
srvcount = getsrv_libdns (name, list);
|
||||||
#endif /*!USE_ADNS*/
|
#endif
|
||||||
else
|
else
|
||||||
srvcount = getsrv_standard (name, list);
|
srvcount = getsrv_standard (name, list);
|
||||||
|
|
||||||
@ -1351,54 +939,6 @@ getsrv (const char *name, struct srventry **list)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
|
||||||
/* ADNS version of get_dns_cname. */
|
|
||||||
gpg_error_t
|
|
||||||
get_dns_cname_adns (const char *name, char **r_cname)
|
|
||||||
{
|
|
||||||
gpg_error_t err;
|
|
||||||
int rc;
|
|
||||||
adns_state state;
|
|
||||||
adns_answer *answer = NULL;
|
|
||||||
|
|
||||||
if (my_adns_init (&state))
|
|
||||||
return gpg_error (GPG_ERR_GENERAL);
|
|
||||||
|
|
||||||
my_unprotect ();
|
|
||||||
rc = adns_synchronous (state, name, adns_r_cname, adns_qf_quoteok_query,
|
|
||||||
&answer);
|
|
||||||
my_protect ();
|
|
||||||
if (rc)
|
|
||||||
{
|
|
||||||
err = gpg_error (gpg_err_code_from_errno (rc));
|
|
||||||
log_error ("DNS query failed: %s\n", gpg_strerror (err));
|
|
||||||
adns_finish (state);
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
if (answer->status != adns_s_ok
|
|
||||||
|| answer->type != adns_r_cname || answer->nrrs != 1)
|
|
||||||
{
|
|
||||||
err = map_adns_status_to_gpg_error (answer->status);
|
|
||||||
log_error ("DNS query returned an error or no records: %s (%s)\n",
|
|
||||||
adns_strerror (answer->status),
|
|
||||||
adns_errabbrev (answer->status));
|
|
||||||
adns_free (answer);
|
|
||||||
adns_finish (state);
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
*r_cname = xtrystrdup (answer->rrs.str[0]);
|
|
||||||
if (!*r_cname)
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
else
|
|
||||||
err = 0;
|
|
||||||
|
|
||||||
adns_free (answer);
|
|
||||||
adns_finish (state);
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
#endif /*USE_ADNS*/
|
|
||||||
|
|
||||||
|
|
||||||
/* Standard resolver version of get_dns_cname. */
|
/* Standard resolver version of get_dns_cname. */
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
get_dns_cname_standard (const char *name, char **r_cname)
|
get_dns_cname_standard (const char *name, char **r_cname)
|
||||||
@ -1482,10 +1022,10 @@ get_dns_cname (const char *name, char **r_cname)
|
|||||||
{
|
{
|
||||||
*r_cname = NULL;
|
*r_cname = NULL;
|
||||||
|
|
||||||
#ifdef USE_ADNS
|
#ifdef NOTYET
|
||||||
if (!standard_resolver)
|
if (!standard_resolver)
|
||||||
return get_dns_cname_adns (name, r_cname);
|
return get_dns_cname_libdns (name, r_cname);
|
||||||
#endif /*!USE_ADNS*/
|
#endif
|
||||||
|
|
||||||
return get_dns_cname_standard (name, r_cname);
|
return get_dns_cname_standard (name, r_cname);
|
||||||
}
|
}
|
||||||
|
@ -2314,13 +2314,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
|
|||||||
(ctx, "- Forced use of System resolver (w/o Tor support)");
|
(ctx, "- Forced use of System resolver (w/o Tor support)");
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
#if USE_ADNS && HAVE_ADNS_IF_TORMODE
|
|
||||||
assuan_set_okay_line (ctx, "- ADNS with Tor support");
|
|
||||||
#elif USE_ADNS
|
|
||||||
assuan_set_okay_line (ctx, "- ADNS w/o Tor support");
|
|
||||||
#else
|
|
||||||
assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)");
|
assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)");
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
err = 0;
|
err = 0;
|
||||||
}
|
}
|
||||||
|
@ -293,8 +293,7 @@ In ``Tor mode'' Dirmngr uses a public resolver via Tor to resolve DNS
|
|||||||
names. If the default public resolver, which is @code{8.8.8.8}, shall
|
names. If the default public resolver, which is @code{8.8.8.8}, shall
|
||||||
not be used a different one can be given using this option. Note that
|
not be used a different one can be given using this option. Note that
|
||||||
a numerical IP address must be given (IPv6 or IPv4) and that no error
|
a numerical IP address must be given (IPv6 or IPv4) and that no error
|
||||||
checking is done for @var{ipaddr}. DNS queries in Tor mode do only
|
checking is done for @var{ipaddr}.
|
||||||
work if GnuPG as been build with ADNS support.
|
|
||||||
|
|
||||||
@item --disable-ldap
|
@item --disable-ldap
|
||||||
@opindex disable-ldap
|
@opindex disable-ldap
|
||||||
|
Loading…
x
Reference in New Issue
Block a user