mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
dirmngr: Make --use-tor work - still leaks DNS.
* dirmngr/dirmngr.c (set_tor_mode): New. (main, reread_configuration): Call it. * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR mode is enabled if the FORCE_TOR flag is given. -- The patch for http.c is a sanity check because tor mode is anyway global as long as the Assuan socket wrappers are used. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
8c609eaf35
commit
6983fd131f
@ -465,6 +465,20 @@ set_debug (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
set_tor_mode (void)
|
||||||
|
{
|
||||||
|
if (opt.use_tor)
|
||||||
|
{
|
||||||
|
if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
|
||||||
|
{
|
||||||
|
log_error ("error enabling TOR mode: %s\n", strerror (errno));
|
||||||
|
log_info ("(is your Libassuan recent enough?)\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
wrong_args (const char *text)
|
wrong_args (const char *text)
|
||||||
{
|
{
|
||||||
@ -985,11 +999,10 @@ main (int argc, char **argv)
|
|||||||
if (opt.use_tor)
|
if (opt.use_tor)
|
||||||
{
|
{
|
||||||
log_info ("WARNING: ***************************************\n");
|
log_info ("WARNING: ***************************************\n");
|
||||||
log_info ("WARNING: TOR mode (--use-tor) DOES NOT YET WORK!\n");
|
log_info ("WARNING: TOR mode (--use-tor) MAY NOT FULLY WORK!\n");
|
||||||
log_info ("WARNING: ***************************************\n");
|
log_info ("WARNING: ***************************************\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Print a warning if an argument looks like an option. */
|
/* Print a warning if an argument looks like an option. */
|
||||||
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
|
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
|
||||||
{
|
{
|
||||||
@ -1018,6 +1031,7 @@ main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
set_debug ();
|
set_debug ();
|
||||||
|
set_tor_mode ();
|
||||||
|
|
||||||
/* Get LDAP server list from file. */
|
/* Get LDAP server list from file. */
|
||||||
#if USE_LDAP
|
#if USE_LDAP
|
||||||
@ -1783,6 +1797,7 @@ reread_configuration (void)
|
|||||||
fclose (fp);
|
fclose (fp);
|
||||||
|
|
||||||
set_debug ();
|
set_debug ();
|
||||||
|
set_tor_mode ();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -751,9 +751,14 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
|
|||||||
|
|
||||||
if ((flags & HTTP_FLAG_FORCE_TOR))
|
if ((flags & HTTP_FLAG_FORCE_TOR))
|
||||||
{
|
{
|
||||||
log_error ("TOR support is not yet available\n");
|
int mode;
|
||||||
|
|
||||||
|
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
|
||||||
|
{
|
||||||
|
log_error ("TOR support is not available\n");
|
||||||
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
|
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Create the handle. */
|
/* Create the handle. */
|
||||||
hd = xtrycalloc (1, sizeof *hd);
|
hd = xtrycalloc (1, sizeof *hd);
|
||||||
@ -1466,9 +1471,14 @@ send_request (http_t hd, const char *httphost, const char *auth,
|
|||||||
|
|
||||||
if ((hd->flags & HTTP_FLAG_FORCE_TOR))
|
if ((hd->flags & HTTP_FLAG_FORCE_TOR))
|
||||||
{
|
{
|
||||||
log_error ("TOR support is not yet available\n");
|
int mode;
|
||||||
|
|
||||||
|
if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
|
||||||
|
{
|
||||||
|
log_error ("TOR support is not available\n");
|
||||||
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
|
return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
server = *hd->uri->host ? hd->uri->host : "localhost";
|
server = *hd->uri->host ? hd->uri->host : "localhost";
|
||||||
port = hd->uri->port ? hd->uri->port : 80;
|
port = hd->uri->port ? hd->uri->port : 80;
|
||||||
|
@ -238,9 +238,11 @@ useful for debugging.
|
|||||||
|
|
||||||
@item --use-tor
|
@item --use-tor
|
||||||
@opindex use-tor
|
@opindex use-tor
|
||||||
This options is not yet functional! It will eventually switch GnuPG
|
This option switches Dirmngr and thus GnuPG into ``TOR mode'' to route
|
||||||
into a TOR mode to route all network access via TOR (an anonymity
|
all network access via TOR (an anonymity network). WARNING: As of now
|
||||||
network).
|
this still leaks the DNS queries; e.g. to lookup the hosts in a
|
||||||
|
keyserver pool. Certain other features are disabled if this mode is
|
||||||
|
active.
|
||||||
|
|
||||||
@item --keyserver @code{name}
|
@item --keyserver @code{name}
|
||||||
@opindex keyserver
|
@opindex keyserver
|
||||||
|
Loading…
x
Reference in New Issue
Block a user