mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
dirmngr: Prefer ADNS over system resolver.
* configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define. (USE_DNS_CERT): Prefer ADNS over the system resolver. * dirmngr/dns-cert.c (tor_mode): New global var. (enable_dns_tormode): New func. (get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode. * dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.
This commit is contained in:
parent
c83b627174
commit
58ebe50bdf
40
configure.ac
40
configure.ac
@ -948,6 +948,16 @@ if test "$with_adns" != "no"; then
|
|||||||
[have_adns=yes],
|
[have_adns=yes],
|
||||||
[CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
|
[CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
|
||||||
[CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
|
[CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
|
||||||
|
|
||||||
|
AC_MSG_CHECKING([if adns supports adns_if_tormode])
|
||||||
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
||||||
|
#include <adns.h>
|
||||||
|
adns_initflags flags = adns_if_tormode;
|
||||||
|
]],[])],[adns_if_tormode=yes],[adns_if_tormode=no])
|
||||||
|
AC_MSG_RESULT($adns_if_tormode)
|
||||||
|
if test x"$adns_if_tormode" = xyes; then
|
||||||
|
AC_DEFINE(HAVE_ADNS_IF_TORMODE,1,[define if adns_if_tormode is available])
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
if test "$have_adns" = "yes"; then
|
if test "$have_adns" = "yes"; then
|
||||||
ADNSLIBS="-ladns"
|
ADNSLIBS="-ladns"
|
||||||
@ -970,6 +980,22 @@ AC_ARG_ENABLE(dns-cert,
|
|||||||
if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
|
if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
|
||||||
_dns_save_libs=$LIBS
|
_dns_save_libs=$LIBS
|
||||||
LIBS=""
|
LIBS=""
|
||||||
|
|
||||||
|
if test x"$have_adns" = xyes ; then
|
||||||
|
# We prefer ADNS.
|
||||||
|
DNSLIBS="$ADNSLIBS"
|
||||||
|
AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
|
||||||
|
|
||||||
|
if test x"$use_dns_srv" = xyes ; then
|
||||||
|
AC_DEFINE(USE_DNS_SRV,1)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test x"$use_dns_cert" = xyes ; then
|
||||||
|
AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# With no ADNS find the system resolver.
|
||||||
|
|
||||||
# the double underscore thing is a glibc-ism?
|
# the double underscore thing is a glibc-ism?
|
||||||
AC_SEARCH_LIBS(res_query,resolv bind,,
|
AC_SEARCH_LIBS(res_query,resolv bind,,
|
||||||
AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
|
AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
|
||||||
@ -1031,20 +1057,6 @@ if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
|
|||||||
if test x"$need_compat" = xyes ; then
|
if test x"$need_compat" = xyes ; then
|
||||||
AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
|
AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
|
||||||
fi
|
fi
|
||||||
else
|
|
||||||
# If we have no resolver library but ADNS (e.g. under W32) enable the
|
|
||||||
# code parts which can be used with ADNS.
|
|
||||||
if test x"$have_adns" = xyes ; then
|
|
||||||
DNSLIBS="$ADNSLIBS"
|
|
||||||
AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
|
|
||||||
|
|
||||||
if test x"$use_dns_srv" = xyes ; then
|
|
||||||
AC_DEFINE(USE_DNS_SRV,1)
|
|
||||||
fi
|
|
||||||
|
|
||||||
if test x"$use_dns_cert" = xyes ; then
|
|
||||||
AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
|
|
||||||
fi
|
|
||||||
else
|
else
|
||||||
use_dns_srv=no
|
use_dns_srv=no
|
||||||
use_dns_cert=no
|
use_dns_cert=no
|
||||||
|
@ -59,7 +59,22 @@
|
|||||||
/* ADNS has no support for CERT yet. */
|
/* ADNS has no support for CERT yet. */
|
||||||
#define my_adns_r_cert 37
|
#define my_adns_r_cert 37
|
||||||
|
|
||||||
|
/* If set Tor mode shall be used. */
|
||||||
|
static int tor_mode;
|
||||||
|
|
||||||
|
/* Sets the module in TOR mode. Returns 0 is this is possible or an
|
||||||
|
error code. */
|
||||||
|
gpg_error_t
|
||||||
|
enable_dns_tormode (void)
|
||||||
|
{
|
||||||
|
#if defined(USE_DNS_CERT) && defined(USE_ADNS)
|
||||||
|
# if HAVE_ADNS_IF_TORMODE
|
||||||
|
tor_mode = 1;
|
||||||
|
return 0;
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
||||||
|
}
|
||||||
|
|
||||||
/* Returns 0 on success or an error code. If a PGP CERT record was
|
/* Returns 0 on success or an error code. If a PGP CERT record was
|
||||||
found, the malloced data is returned at (R_KEY, R_KEYLEN) and
|
found, the malloced data is returned at (R_KEY, R_KEYLEN) and
|
||||||
@ -92,7 +107,9 @@ get_dns_cert (const char *name, int want_certtype,
|
|||||||
*r_fprlen = 0;
|
*r_fprlen = 0;
|
||||||
*r_url = NULL;
|
*r_url = NULL;
|
||||||
|
|
||||||
if (adns_init (&state, adns_if_noerrprint, NULL))
|
if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode,
|
||||||
|
NULL, "nameserver 8.8.8.8")
|
||||||
|
/* */: adns_init (&state, adns_if_noerrprint, NULL))
|
||||||
{
|
{
|
||||||
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
|
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
|
||||||
log_error ("error initializing adns: %s\n", strerror (errno));
|
log_error ("error initializing adns: %s\n", strerror (errno));
|
||||||
|
@ -47,6 +47,7 @@
|
|||||||
#define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants. */
|
#define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants. */
|
||||||
#define DNS_CERTTYPE_RR61 (DNS_CERTTYPE_RRBASE + 61)
|
#define DNS_CERTTYPE_RR61 (DNS_CERTTYPE_RRBASE + 61)
|
||||||
|
|
||||||
|
gpg_error_t enable_dns_tormode (void);
|
||||||
gpg_error_t get_dns_cert (const char *name, int want_certtype,
|
gpg_error_t get_dns_cert (const char *name, int want_certtype,
|
||||||
void **r_key, size_t *r_keylen,
|
void **r_key, size_t *r_keylen,
|
||||||
unsigned char **r_fpr, size_t *r_fprlen,
|
unsigned char **r_fpr, size_t *r_fprlen,
|
||||||
|
@ -713,8 +713,9 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt.use_tor)
|
if (opt.use_tor && enable_dns_tormode ())
|
||||||
{
|
{
|
||||||
|
/* TOR mode is requested but the DNS code can't enable it. */
|
||||||
err = gpg_error (GPG_ERR_FORBIDDEN);
|
err = gpg_error (GPG_ERR_FORBIDDEN);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user