From 6983fd131f648ba4acd57b266de9868911874d14 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 19 Oct 2015 13:12:24 +0200
Subject: [PATCH] dirmngr: Make --use-tor work - still leaks DNS.

* dirmngr/dirmngr.c (set_tor_mode): New.
(main, reread_configuration): Call it.
* dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
mode is enabled if the FORCE_TOR flag is given.
--

The patch for http.c is a sanity check because tor mode is anyway
global as long as the Assuan socket wrappers are used.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/dirmngr.c | 19 +++++++++++++++++--
 dirmngr/http.c    | 18 ++++++++++++++----
 doc/dirmngr.texi  |  8 +++++---
 3 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index a32040e7b..744fb52b0 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -465,6 +465,20 @@ set_debug (void)
 }
 
 
+static void
+set_tor_mode (void)
+{
+  if (opt.use_tor)
+    {
+      if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
+        {
+          log_error ("error enabling TOR mode: %s\n", strerror (errno));
+          log_info ("(is your Libassuan recent enough?)\n");
+        }
+    }
+}
+
+
 static void
 wrong_args (const char *text)
 {
@@ -985,11 +999,10 @@ main (int argc, char **argv)
   if (opt.use_tor)
     {
       log_info ("WARNING: ***************************************\n");
-      log_info ("WARNING: TOR mode (--use-tor) DOES NOT YET WORK!\n");
+      log_info ("WARNING: TOR mode (--use-tor) MAY NOT FULLY WORK!\n");
       log_info ("WARNING: ***************************************\n");
     }
 
-
   /* Print a warning if an argument looks like an option.  */
   if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
     {
@@ -1018,6 +1031,7 @@ main (int argc, char **argv)
     }
 
   set_debug ();
+  set_tor_mode ();
 
   /* Get LDAP server list from file. */
 #if USE_LDAP
@@ -1783,6 +1797,7 @@ reread_configuration (void)
   fclose (fp);
 
   set_debug ();
+  set_tor_mode ();
 }
 
 
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 6ba29873d..6f8bf3da0 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -751,8 +751,13 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
 
   if ((flags & HTTP_FLAG_FORCE_TOR))
     {
-      log_error ("TOR support is not yet available\n");
-      return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+      int mode;
+
+      if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+        {
+          log_error ("TOR support is not available\n");
+          return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+        }
     }
 
   /* Create the handle. */
@@ -1466,8 +1471,13 @@ send_request (http_t hd, const char *httphost, const char *auth,
 
   if ((hd->flags & HTTP_FLAG_FORCE_TOR))
     {
-      log_error ("TOR support is not yet available\n");
-      return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+      int mode;
+
+      if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+        {
+          log_error ("TOR support is not available\n");
+          return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+        }
     }
 
   server = *hd->uri->host ? hd->uri->host : "localhost";
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 18e818975..d1d421194 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -238,9 +238,11 @@ useful for debugging.
 
 @item --use-tor
 @opindex use-tor
-This options is not yet functional!  It will eventually switch GnuPG
-into a TOR mode to route all network access via TOR (an anonymity
-network).
+This option switches Dirmngr and thus GnuPG into ``TOR mode'' to route
+all network access via TOR (an anonymity network).  WARNING: As of now
+this still leaks the DNS queries; e.g. to lookup the hosts in a
+keyserver pool.  Certain other features are disabled if this mode is
+active.
 
 @item --keyserver @code{name}
 @opindex keyserver