security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: Implement Tor mode for SRV RRs. 

* dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
(my_adns_init): new.
(getsrv)[USE_ADNS]: Use my_adns_init.
(getsrv)[!USE_ADNS]: Return an error if Tor mode is active.

* dirmngr/t-dns-stuff.c: Add option --use-tor.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-10-22 10:14:10 +02:00
parent e03a4a94bb
commit 8b06d7f41a
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 50 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
dirmngr/dns-stuff.c
View File

@ -219,6 +219,29 @@ resolve_dns_name (const char *name, unsigned short port,
}
#ifdef USE_ADNS
/* Init ADNS and store the new state at R_STATE. Returns 0 on
success; prints an error message and returns an error code on
failure. */
static gpg_error_t
my_adns_init (adns_state *r_state)
{
gpg_error_t err;
if (tor_mode? adns_init_strcfg (r_state,
adns_if_noerrprint|adns_if_tormode,
NULL, "nameserver 8.8.8.8")
/* */: adns_init (r_state, adns_if_noerrprint, NULL))
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
log_error ("error initializing adns: %s\n", gpg_strerror (err));
return err;
}
return 0;
}
#endif /*USE_ADNS*/
/* Returns 0 on success or an error code. If a PGP CERT record was
found, the malloced data is returned at (R_KEY, R_KEYLEN) and
the other return parameters are set to NULL/0. If an IPGP CERT
@ -250,14 +273,9 @@ get_dns_cert (const char *name, int want_certtype,
*r_fprlen = 0;
*r_url = NULL;
if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode,
NULL, "nameserver 8.8.8.8")
/* */: adns_init (&state, adns_if_noerrprint, NULL))
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
log_error ("error initializing adns: %s\n", strerror (errno));
return err;
}
err = my_adns_init (&state);
if (err)
return err;
if (adns_synchronous (state, name,
(adns_r_unknown
@ -620,12 +638,8 @@ getsrv (const char *name,struct srventry **list)
adns_state state;
adns_answer *answer = NULL;
rc = adns_init (&state, adns_if_noerrprint, NULL);
if (rc)
{
log_error ("error initializing adns: %s\n", strerror (errno));
return -1;
}
if (my_adns_init (&state))
return -1;
rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
&answer);
@ -682,6 +696,10 @@ getsrv (const char *name,struct srventry **list)
int r;
u16 dlen;
/* Do not allow a query using the standard resolver in Tor mode. */
if (tor_mode)
return -1;
r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
if (r < sizeof (HEADER) || r > sizeof answer)
return -1;

18
dirmngr/t-dns-stuff.c
View File

@ -42,6 +42,7 @@ main (int argc, char **argv)
int last_argc = -1;
gpg_error_t err;
int any_options = 0;
int opt_tor = 0;
int opt_cert = 0;
int opt_srv = 0;
char const *name = NULL;
@ -64,6 +65,7 @@ main (int argc, char **argv)
"Options:\n"
" --verbose print timings etc.\n"
" --debug flyswatter\n"
" --use-tor use Tor\n"
" --cert lookup a CERT RR\n"
" --srv lookup a SRV RR\n"
, stdout);
@ -80,6 +82,11 @@ main (int argc, char **argv)
debug++;
argc--; argv++;
}
else if (!strcmp (*argv, "--use-tor"))
{
opt_tor = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--cert"))
{
any_options = opt_cert = 1;
@ -110,6 +117,17 @@ main (int argc, char **argv)
exit (1);
}
if (opt_tor)
{
err = enable_dns_tormode ();
if (err)
{
fprintf (stderr, "error switching into Tor mode: %s\n",
gpg_strerror (err));
exit (1);
}
}
if (opt_cert)
{
unsigned char *fpr;