dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.

* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed. (reload_dns_stuff): Reset tor port. * dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS. (main): Remove warning that Tor mode may not fully work. * dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS initialization. * dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error checking for enable_dns_tormode. -- This patch also resets the port on SIGHUP so that after starting Tor SIGHUP is sufficient to use Tor. Without the SIGHUP and when not using the Tor browser Dirmngr would keep on trying the Tor browser port. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-03 12:03:28 +01:00 · 2017-01-03 12:03:28 +01:00 · 9695124016
parent 0004d52ba2
commit 9695124016
5 changed files with 14 additions and 37 deletions
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@ -481,6 +481,9 @@ set_tor_mode (void)
 {
  if (opt.use_tor)
    {
+      /* Enable Tor mode and when called again force a new curcuit
+       * (e.g. on SIGHUP).  */
+      enable_dns_tormode (1);
      if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
        {
          log_error ("error enabling Tor mode: %s\n", strerror (errno));
@ -919,13 +922,6 @@ main (int argc, char **argv)
  log_info ("NOTE: this is a development version!\n");
 #endif

-  if (opt.use_tor)
-    {
-      log_info ("WARNING: ***************************************\n");
-      log_info ("WARNING: Tor mode (--use-tor) MAY NOT FULLY WORK!\n");
-      log_info ("WARNING: ***************************************\n");
-    }
-
  /* Print a warning if an argument looks like an option.  */
  if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
    {
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@ -199,9 +199,9 @@ recursive_resolver_p (void)
 }


-/* Sets the module in Tor mode.  Returns 0 is this is possible or an
-   error code.  */
-gpg_error_t
+/* Puts this module eternally into Tor mode.  When called agained with
+ * NEW_CIRCUIT request a new TOR circuit for the next DNS query.  */
+void
 enable_dns_tormode (int new_circuit)
 {
  if (!*tor_socks_user || new_circuit)
@ -215,7 +215,6 @@ enable_dns_tormode (int new_circuit)
      counter++;
    }
  tor_mode = 1;
-  return 0;
 }


@ -548,7 +547,10 @@ reload_dns_stuff (int force)
      libdns_reinit_pending = 0;
    }
  else
-    libdns_reinit_pending = 1;
+    {
+      libdns_reinit_pending = 1;
+      libdns_tor_port = 0;  /* Start again with the default port.  */
+    }
 #else
  (void)force;
 #endif
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@ -113,9 +113,9 @@ void enable_recursive_resolver (int yes);
 /* Return true iff the recursive resolver is used.  */
 int recursive_resolver_p (void);

-/* Calling this function switches the DNS code into Tor mode if
-   possibe.  Return 0 on success.  */
-gpg_error_t enable_dns_tormode (int new_circuit);
+/* Put this module eternally into Tor mode.  When called agained with
+ * NEW_CIRCUIT request a new TOR circuit for the next DNS query.  */
+void enable_dns_tormode (int new_circuit);

 /* Change the default IP address of the nameserver to IPADDR.  The
   address needs to be a numerical IP address and will be used for the
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@ -709,13 +709,6 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
        }
    }

-  if (opt.use_tor && (err = enable_dns_tormode (0)))
-    {
-      /* Tor mode is requested but the DNS code can't enable it.  */
-      assuan_set_error (ctx, err, "error enabling Tor mode");
-      goto leave;
-    }
-
  if (pka_mode || dane_mode)
    {
      char *domain;     /* Points to mbox.  */
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@ -51,7 +51,6 @@ main (int argc, char **argv)
  gpg_error_t err;
  int any_options = 0;
  int opt_tor = 0;
-  int opt_new_circuit = 0;
  int opt_cert = 0;
  int opt_srv = 0;
  int opt_bracket = 0;
@ -103,11 +102,6 @@ main (int argc, char **argv)
          opt_tor = 1;
          argc--; argv++;
        }
-      else if (!strcmp (*argv, "--new-circuit"))
-        {
-          opt_new_circuit = 1;
-          argc--; argv++;
-        }
      else if (!strcmp (*argv, "--standard-resolver"))
        {
          enable_standard_resolver (1);
@ -171,15 +165,7 @@ main (int argc, char **argv)
  init_sockets ();

  if (opt_tor)
-    {
-      err = enable_dns_tormode (opt_new_circuit);
-      if (err)
-        {
-          fprintf (stderr, "error switching into Tor mode: %s\n",
-                   gpg_strerror (err));
-          exit (1);
-        }
-    }
+    enable_dns_tormode (0);

  if (opt_cert)
    {