mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
dirmngr: New option --disable-ipv6
* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'. * dirmngr/dirmngr.c (oDisableIPv6): New const. (opts): New option --disable-ipv6. (parse_rereadable_options): Set that option. * dirmngr/dns-stuff.c (opt_disable_ipv6): New var. (set_dns_disable_ipv6): New. (resolve_name_standard): Make use of it. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of OPT.DISABLE_IPV6. * dirmngr/ks-engine-hkp.c (map_host): Ditto. (send_request): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
fce36d7ec8
commit
3533b85440
@ -201,6 +201,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
|
|||||||
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
|
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
|
||||||
|(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
|
|(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
|
||||||
|(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
|
|(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
|
||||||
|
|(opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6:0)
|
||||||
),
|
),
|
||||||
ctrl->http_proxy, NULL, NULL, NULL);
|
ctrl->http_proxy, NULL, NULL, NULL);
|
||||||
|
|
||||||
|
@ -113,6 +113,7 @@ enum cmd_and_opt_values {
|
|||||||
oDisableHTTP,
|
oDisableHTTP,
|
||||||
oDisableLDAP,
|
oDisableLDAP,
|
||||||
oDisableIPv4,
|
oDisableIPv4,
|
||||||
|
oDisableIPv6,
|
||||||
oIgnoreLDAPDP,
|
oIgnoreLDAPDP,
|
||||||
oIgnoreHTTPDP,
|
oIgnoreHTTPDP,
|
||||||
oIgnoreOCSPSvcUrl,
|
oIgnoreOCSPSvcUrl,
|
||||||
@ -229,6 +230,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
|
ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
|
||||||
|
|
||||||
ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
|
ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
|
||||||
|
ARGPARSE_s_n (oDisableIPv6, "disable-ipv6", "@"),
|
||||||
|
|
||||||
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
|
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
|
||||||
|
|
||||||
@ -638,6 +640,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
|||||||
case oDisableHTTP: opt.disable_http = 1; break;
|
case oDisableHTTP: opt.disable_http = 1; break;
|
||||||
case oDisableLDAP: opt.disable_ldap = 1; break;
|
case oDisableLDAP: opt.disable_ldap = 1; break;
|
||||||
case oDisableIPv4: opt.disable_ipv4 = 1; break;
|
case oDisableIPv4: opt.disable_ipv4 = 1; break;
|
||||||
|
case oDisableIPv6: opt.disable_ipv6 = 1; break;
|
||||||
case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
|
case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
|
||||||
case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
|
case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
|
||||||
case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
|
case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
|
||||||
@ -707,6 +710,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
|||||||
set_dns_verbose (opt.verbose, !!DBG_DNS);
|
set_dns_verbose (opt.verbose, !!DBG_DNS);
|
||||||
http_set_verbose (opt.verbose, !!DBG_NETWORK);
|
http_set_verbose (opt.verbose, !!DBG_NETWORK);
|
||||||
set_dns_disable_ipv4 (opt.disable_ipv4);
|
set_dns_disable_ipv4 (opt.disable_ipv4);
|
||||||
|
set_dns_disable_ipv6 (opt.disable_ipv6);
|
||||||
|
|
||||||
return 1; /* Handled. */
|
return 1; /* Handled. */
|
||||||
}
|
}
|
||||||
|
@ -97,7 +97,8 @@ struct
|
|||||||
|
|
||||||
int disable_http; /* Do not use HTTP at all. */
|
int disable_http; /* Do not use HTTP at all. */
|
||||||
int disable_ldap; /* Do not use LDAP at all. */
|
int disable_ldap; /* Do not use LDAP at all. */
|
||||||
int disable_ipv4; /* Do not use leagacy IP addresses. */
|
int disable_ipv4; /* Do not use legacy IP addresses. */
|
||||||
|
int disable_ipv6; /* Do not use standard IP addresses. */
|
||||||
int honor_http_proxy; /* Honor the http_proxy env variable. */
|
int honor_http_proxy; /* Honor the http_proxy env variable. */
|
||||||
const char *http_proxy; /* The default HTTP proxy. */
|
const char *http_proxy; /* The default HTTP proxy. */
|
||||||
const char *ldap_proxy; /* Use given LDAP proxy. */
|
const char *ldap_proxy; /* Use given LDAP proxy. */
|
||||||
|
@ -123,6 +123,10 @@ static int opt_timeout;
|
|||||||
* returned A records. */
|
* returned A records. */
|
||||||
static int opt_disable_ipv4;
|
static int opt_disable_ipv4;
|
||||||
|
|
||||||
|
/* The flag to disable IPv6 access - right now this only skips
|
||||||
|
* returned AAAA records. */
|
||||||
|
static int opt_disable_ipv6;
|
||||||
|
|
||||||
/* If set force the use of the standard resolver. */
|
/* If set force the use of the standard resolver. */
|
||||||
static int standard_resolver;
|
static int standard_resolver;
|
||||||
|
|
||||||
@ -248,6 +252,15 @@ set_dns_disable_ipv4 (int yes)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Set the Disable-IPv6 flag so that the name resolver does not return
|
||||||
|
* AAAA addresses. */
|
||||||
|
void
|
||||||
|
set_dns_disable_ipv6 (int yes)
|
||||||
|
{
|
||||||
|
opt_disable_ipv6 = !!yes;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Set the timeout for libdns requests to SECONDS. A value of 0 sets
|
/* Set the timeout for libdns requests to SECONDS. A value of 0 sets
|
||||||
* the default timeout and values are capped at 10 minutes. */
|
* the default timeout and values are capped at 10 minutes. */
|
||||||
void
|
void
|
||||||
@ -953,6 +966,8 @@ resolve_name_standard (const char *name, unsigned short port,
|
|||||||
continue;
|
continue;
|
||||||
if (opt_disable_ipv4 && ai->ai_family == AF_INET)
|
if (opt_disable_ipv4 && ai->ai_family == AF_INET)
|
||||||
continue;
|
continue;
|
||||||
|
if (opt_disable_ipv6 && ai->ai_family == AF_INET6)
|
||||||
|
continue;
|
||||||
|
|
||||||
dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
|
dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
|
||||||
dai->family = ai->ai_family;
|
dai->family = ai->ai_family;
|
||||||
|
@ -99,6 +99,10 @@ void set_dns_verbose (int verbose, int debug);
|
|||||||
* A addresses. */
|
* A addresses. */
|
||||||
void set_dns_disable_ipv4 (int yes);
|
void set_dns_disable_ipv4 (int yes);
|
||||||
|
|
||||||
|
/* Set the Disable-IPv6 flag so that the name resolver does not return
|
||||||
|
* AAAA addresses. */
|
||||||
|
void set_dns_disable_ipv6 (int yes);
|
||||||
|
|
||||||
/* Set the timeout for libdns requests to SECONDS. */
|
/* Set the timeout for libdns requests to SECONDS. */
|
||||||
void set_dns_timeout (int seconds);
|
void set_dns_timeout (int seconds);
|
||||||
|
|
||||||
|
@ -84,7 +84,8 @@ ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
|
|||||||
|
|
||||||
err = http_raw_connect (&http, server, 79,
|
err = http_raw_connect (&http, server, 79,
|
||||||
((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0)
|
((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0)
|
||||||
| (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
|
| (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
|
||||||
|
| (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
|
||||||
NULL);
|
NULL);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
|
@ -512,6 +512,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
|
|||||||
continue;
|
continue;
|
||||||
if (opt.disable_ipv4 && ai->family == AF_INET)
|
if (opt.disable_ipv4 && ai->family == AF_INET)
|
||||||
continue;
|
continue;
|
||||||
|
if (opt.disable_ipv6 && ai->family == AF_INET6)
|
||||||
|
continue;
|
||||||
dirmngr_tick (ctrl);
|
dirmngr_tick (ctrl);
|
||||||
|
|
||||||
add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
|
add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
|
||||||
@ -592,7 +594,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
|
|||||||
{
|
{
|
||||||
for (ai = aibuf; ai; ai = ai->next)
|
for (ai = aibuf; ai; ai = ai->next)
|
||||||
{
|
{
|
||||||
if (ai->family == AF_INET6
|
if ((!opt.disable_ipv6 && ai->family == AF_INET6)
|
||||||
|| (!opt.disable_ipv4 && ai->family == AF_INET))
|
|| (!opt.disable_ipv4 && ai->family == AF_INET))
|
||||||
{
|
{
|
||||||
err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
|
err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
|
||||||
@ -1140,7 +1142,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
|
|||||||
(httpflags
|
(httpflags
|
||||||
|(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|
|(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|
||||||
|(dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
|
|(dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
|
||||||
|(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
|
|(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
|
||||||
|
|(opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
|
||||||
ctrl->http_proxy,
|
ctrl->http_proxy,
|
||||||
session,
|
session,
|
||||||
NULL,
|
NULL,
|
||||||
|
@ -92,7 +92,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
|
|||||||
/* fixme: AUTH */ NULL,
|
/* fixme: AUTH */ NULL,
|
||||||
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|
||||||
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
|
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
|
||||||
| (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
|
| (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
|
||||||
|
| (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
|
||||||
ctrl->http_proxy,
|
ctrl->http_proxy,
|
||||||
session,
|
session,
|
||||||
NULL,
|
NULL,
|
||||||
|
@ -175,7 +175,8 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
|
|||||||
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
|
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
|
||||||
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|
||||||
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
|
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
|
||||||
| (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
|
| (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
|
||||||
|
| (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
|
||||||
ctrl->http_proxy, NULL, NULL, NULL);
|
ctrl->http_proxy, NULL, NULL, NULL);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
|
@ -314,9 +314,10 @@ a numerical IP address must be given (IPv6 or IPv4) and that no error
|
|||||||
checking is done for @var{ipaddr}.
|
checking is done for @var{ipaddr}.
|
||||||
|
|
||||||
@item --disable-ipv4
|
@item --disable-ipv4
|
||||||
|
@item --disable-ipv6
|
||||||
@opindex disable-ipv4
|
@opindex disable-ipv4
|
||||||
Disable the use of all IPv4 addresses. This option is mainly useful
|
@opindex disable-ipv6
|
||||||
for debugging.
|
Disable the use of all IPv4 or IPv6 addresses.
|
||||||
|
|
||||||
@item --disable-ldap
|
@item --disable-ldap
|
||||||
@opindex disable-ldap
|
@opindex disable-ldap
|
||||||
|
Loading…
x
Reference in New Issue
Block a user