From bd4048c533165fd82340354d7229fcc2220db5a5 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 25 Jul 2018 14:35:04 +0200 Subject: [PATCH] dirmngr: Print a WARNING status for DNS config problems. * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch --- dirmngr/Makefile.am | 4 +- dirmngr/dirmngr-status.h | 39 +++++++++++++++++++ dirmngr/dirmngr.h | 8 +--- dirmngr/dns-stuff.c | 78 ++++++++++++++++++++++---------------- dirmngr/dns-stuff.h | 14 ++++--- dirmngr/http.c | 36 ++++++++++-------- dirmngr/http.h | 6 +-- dirmngr/ks-engine-finger.c | 2 +- dirmngr/ks-engine-hkp.c | 31 +++++++-------- dirmngr/ks-engine-http.c | 2 +- dirmngr/ocsp.c | 2 +- dirmngr/server.c | 8 ++-- dirmngr/t-dns-stuff.c | 12 +++--- dirmngr/t-http.c | 2 +- dirmngr/t-support.c | 43 +++++++++++++++++++++ g10/call-dirmngr.c | 2 + 16 files changed, 196 insertions(+), 93 deletions(-) create mode 100644 dirmngr/dirmngr-status.h create mode 100644 dirmngr/t-support.c diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 43f59bd45..22b8c1a3a 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -62,7 +62,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ domaininfo.c \ workqueue.c \ loadswdb.c \ - cdb.h cdblib.c misc.c dirmngr-err.h \ + cdb.h cdblib.c misc.c dirmngr-err.h dirmngr-status.h \ ocsp.c ocsp.h validate.c validate.h \ dns-stuff.c dns-stuff.h \ http.c http.h http-common.c http-common.h http-ntbtls.c \ @@ -111,7 +111,7 @@ dirmngr_client_LDADD = $(libcommon) \ dirmngr_client_LDFLAGS = $(extra_bin_ldflags) -t_common_src = t-support.h +t_common_src = t-support.h t-support.c if USE_LIBDNS t_common_src += dns.c dns.h endif diff --git a/dirmngr/dirmngr-status.h b/dirmngr/dirmngr-status.h new file mode 100644 index 000000000..2c3fd78a3 --- /dev/null +++ b/dirmngr/dirmngr-status.h @@ -0,0 +1,39 @@ +/* dirmngr-status.h - Status code helper functions for dirmnmgr. + * Copyright (C) 2004, 2014, 2015, 2018 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + * + * SPDX-License-Identifier: GPL-3.0+ + */ + +/* We keep them separate so that we don't always need to include the + * entire dirmngr.h */ + +#ifndef DIRMNGR_STATUS_H +#define DIRMNGR_STATUS_H + + +/*-- server.c --*/ +gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...); +gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text); +gpg_error_t dirmngr_status_helpf (ctrl_t ctrl, const char *format, + ...) GPGRT_ATTR_PRINTF(2,3); +gpg_error_t dirmngr_status_printf (ctrl_t ctrl, const char *keyword, + const char *format, + ...) GPGRT_ATTR_PRINTF(3,4); + + +#endif /* DIRMNGR_STATUS_H */ diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 5189f93b1..edaf46394 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -36,6 +36,7 @@ #include "../common/sysutils.h" /* (gnupg_fd_t) */ #include "../common/asshelp.h" /* (assuan_context_t) */ #include "../common/i18n.h" +#include "dirmngr-status.h" #include "http.h" /* (parsed_uri_t) */ /* This objects keeps information about a particular LDAP server and @@ -229,13 +230,6 @@ gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr); int dirmngr_assuan_log_monitor (assuan_context_t ctx, unsigned int cat, const char *msg); void start_command_handler (gnupg_fd_t fd, unsigned int session_id); -gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...); -gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text); -gpg_error_t dirmngr_status_helpf (ctrl_t ctrl, const char *format, - ...) GPGRT_ATTR_PRINTF(2,3); -gpg_error_t dirmngr_status_printf (ctrl_t ctrl, const char *keyword, - const char *format, - ...) GPGRT_ATTR_PRINTF(3,4); gpg_error_t dirmngr_tick (ctrl_t ctrl); /*-- http-ntbtls.c --*/ diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index ffac816f9..09b17c0fb 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -73,6 +73,7 @@ #include "./dirmngr-err.h" #include "../common/util.h" #include "../common/host2net.h" +#include "dirmngr-status.h" #include "dns-stuff.h" #ifdef USE_NPTH @@ -433,12 +434,13 @@ resolv_conf_changed_p (void) /* Initialize libdns. Returns 0 on success; prints a diagnostic and * returns an error code on failure. */ static gpg_error_t -libdns_init (void) +libdns_init (ctrl_t ctrl) { gpg_error_t err; struct libdns_s ld; int derr; char *cfgstr = NULL; + const char *fname = NULL; if (libdns.resolv_conf) return 0; /* Already initialized. */ @@ -532,7 +534,6 @@ libdns_init (void) xfree (ninfo); #else /* Unix */ - const char *fname; fname = RESOLV_CONF_NAME; resolv_conf_changed_p (); /* Reset timestamp. */ @@ -622,6 +623,7 @@ libdns_init (void) { err = libdns_error_to_gpg_error (derr); log_error ("failed to load DNS hints: %s\n", gpg_strerror (err)); + fname = "[dns hints]"; goto leave; } @@ -632,6 +634,14 @@ libdns_init (void) log_debug ("dns: libdns initialized%s\n", tor_mode?" (tor mode)":""); leave: + if (!fname) + fname = cfgstr; + if (err && fname) + dirmngr_status_printf (ctrl, "WARNING", + "dns_config_problem %u" + " error accessing '%s': %s <%s>", + err, fname, gpg_strerror (err), gpg_strsource (err)); + xfree (cfgstr); return err; } @@ -686,7 +696,7 @@ reload_dns_stuff (int force) * failure an error code is returned and NULL stored at R_RES. */ static gpg_error_t -libdns_res_open (struct dns_resolver **r_res) +libdns_res_open (ctrl_t ctrl, struct dns_resolver **r_res) { gpg_error_t err; struct dns_resolver *res; @@ -708,7 +718,7 @@ libdns_res_open (struct dns_resolver **r_res) libdns_deinit (); } - err = libdns_init (); + err = libdns_init (ctrl); if (err) return err; @@ -790,7 +800,7 @@ libdns_res_wait (struct dns_resolver *res) #ifdef USE_LIBDNS static gpg_error_t -resolve_name_libdns (const char *name, unsigned short port, +resolve_name_libdns (ctrl_t ctrl, const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_dai, char **r_canonname) { @@ -823,7 +833,7 @@ resolve_name_libdns (const char *name, unsigned short port, portstr = portstr_; } - err = libdns_res_open (&res); + err = libdns_res_open (ctrl, &res); if (err) goto leave; @@ -935,7 +945,7 @@ resolve_name_libdns (const char *name, unsigned short port, /* Resolve a name using the standard system function. */ static gpg_error_t -resolve_name_standard (const char *name, unsigned short port, +resolve_name_standard (ctrl_t ctrl, const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_dai, char **r_canonname) { @@ -981,7 +991,7 @@ resolve_name_standard (const char *name, unsigned short port, CNAME redirection again. */ char *cname; - if (get_dns_cname (name, &cname)) + if (get_dns_cname (ctrl, name, &cname)) goto leave; /* Still no success. */ ret = getaddrinfo (cname, *portstr? portstr : NULL, &hints, &aibuf); @@ -1057,7 +1067,7 @@ resolve_name_standard (const char *name, unsigned short port, is stored there as a malloced string; if that name is not available NULL is stored. */ gpg_error_t -resolve_dns_name (const char *name, unsigned short port, +resolve_dns_name (ctrl_t ctrl, const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_ai, char **r_canonname) { @@ -1066,15 +1076,15 @@ resolve_dns_name (const char *name, unsigned short port, #ifdef USE_LIBDNS if (!standard_resolver) { - err = resolve_name_libdns (name, port, want_family, want_socktype, + err = resolve_name_libdns (ctrl, name, port, want_family, want_socktype, r_ai, r_canonname); if (err && libdns_switch_port_p (err)) - err = resolve_name_libdns (name, port, want_family, want_socktype, + err = resolve_name_libdns (ctrl, name, port, want_family, want_socktype, r_ai, r_canonname); } else #endif /*USE_LIBDNS*/ - err = resolve_name_standard (name, port, want_family, want_socktype, + err = resolve_name_standard (ctrl, name, port, want_family, want_socktype, r_ai, r_canonname); if (opt_debug) log_debug ("dns: resolve_dns_name(%s): %s\n", name, gpg_strerror (err)); @@ -1085,7 +1095,8 @@ resolve_dns_name (const char *name, unsigned short port, #ifdef USE_LIBDNS /* Resolve an address using libdns. */ static gpg_error_t -resolve_addr_libdns (const struct sockaddr_storage *addr, int addrlen, +resolve_addr_libdns (ctrl_t ctrl, + const struct sockaddr_storage *addr, int addrlen, unsigned int flags, char **r_name) { gpg_error_t err; @@ -1117,7 +1128,7 @@ resolve_addr_libdns (const struct sockaddr_storage *addr, int addrlen, goto leave; - err = libdns_res_open (&res); + err = libdns_res_open (ctrl, &res); if (err) goto leave; @@ -1281,7 +1292,8 @@ resolve_addr_standard (const struct sockaddr_storage *addr, int addrlen, /* A wrapper around getnameinfo. */ gpg_error_t -resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen, +resolve_dns_addr (ctrl_t ctrl, + const struct sockaddr_storage *addr, int addrlen, unsigned int flags, char **r_name) { gpg_error_t err; @@ -1290,9 +1302,9 @@ resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen, /* Note that we divert to the standard resolver for NUMERICHOST. */ if (!standard_resolver && !(flags & DNS_NUMERICHOST)) { - err = resolve_addr_libdns (addr, addrlen, flags, r_name); + err = resolve_addr_libdns (ctrl, addr, addrlen, flags, r_name); if (err && libdns_switch_port_p (err)) - err = resolve_addr_libdns (addr, addrlen, flags, r_name); + err = resolve_addr_libdns (ctrl, addr, addrlen, flags, r_name); } else #endif /*USE_LIBDNS*/ @@ -1390,7 +1402,7 @@ is_onion_address (const char *name) /* libdns version of get_dns_cert. */ #ifdef USE_LIBDNS static gpg_error_t -get_dns_cert_libdns (const char *name, int want_certtype, +get_dns_cert_libdns (ctrl_t ctrl, const char *name, int want_certtype, void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, char **r_url) { @@ -1410,7 +1422,7 @@ get_dns_cert_libdns (const char *name, int want_certtype, : (want_certtype - DNS_CERTTYPE_RRBASE)); - err = libdns_res_open (&res); + err = libdns_res_open (ctrl, &res); if (err) goto leave; @@ -1776,7 +1788,7 @@ get_dns_cert_standard (const char *name, int want_certtype, supported certtypes only records with this certtype are considered and the first found is returned. (R_KEY,R_KEYLEN) are optional. */ gpg_error_t -get_dns_cert (const char *name, int want_certtype, +get_dns_cert (ctrl_t ctrl, const char *name, int want_certtype, void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, char **r_url) { @@ -1793,10 +1805,10 @@ get_dns_cert (const char *name, int want_certtype, #ifdef USE_LIBDNS if (!standard_resolver) { - err = get_dns_cert_libdns (name, want_certtype, r_key, r_keylen, + err = get_dns_cert_libdns (ctrl, name, want_certtype, r_key, r_keylen, r_fpr, r_fprlen, r_url); if (err && libdns_switch_port_p (err)) - err = get_dns_cert_libdns (name, want_certtype, r_key, r_keylen, + err = get_dns_cert_libdns (ctrl, name, want_certtype, r_key, r_keylen, r_fpr, r_fprlen, r_url); } else @@ -1828,7 +1840,8 @@ priosort(const void *a,const void *b) * R_COUNT. */ #ifdef USE_LIBDNS static gpg_error_t -getsrv_libdns (const char *name, struct srventry **list, unsigned int *r_count) +getsrv_libdns (ctrl_t ctrl, + const char *name, struct srventry **list, unsigned int *r_count) { gpg_error_t err; struct dns_resolver *res = NULL; @@ -1839,7 +1852,7 @@ getsrv_libdns (const char *name, struct srventry **list, unsigned int *r_count) int derr; unsigned int srvcount = 0; - err = libdns_res_open (&res); + err = libdns_res_open (ctrl, &res); if (err) goto leave; @@ -2058,7 +2071,8 @@ getsrv_standard (const char *name, * we do not return NONAME but simply store 0 at R_COUNT. On error an * error code is returned and 0 stored at R_COUNT. */ gpg_error_t -get_dns_srv (const char *name, const char *service, const char *proto, +get_dns_srv (ctrl_t ctrl, + const char *name, const char *service, const char *proto, struct srventry **list, unsigned int *r_count) { gpg_error_t err; @@ -2087,9 +2101,9 @@ get_dns_srv (const char *name, const char *service, const char *proto, #ifdef USE_LIBDNS if (!standard_resolver) { - err = getsrv_libdns (name, list, &srvcount); + err = getsrv_libdns (ctrl, name, list, &srvcount); if (err && libdns_switch_port_p (err)) - err = getsrv_libdns (name, list, &srvcount); + err = getsrv_libdns (ctrl, name, list, &srvcount); } else #endif /*USE_LIBDNS*/ @@ -2194,7 +2208,7 @@ get_dns_srv (const char *name, const char *service, const char *proto, #ifdef USE_LIBDNS /* libdns version of get_dns_cname. */ gpg_error_t -get_dns_cname_libdns (const char *name, char **r_cname) +get_dns_cname_libdns (ctrl_t ctrl, const char *name, char **r_cname) { gpg_error_t err; struct dns_resolver *res; @@ -2202,7 +2216,7 @@ get_dns_cname_libdns (const char *name, char **r_cname) struct dns_cname cname; int derr; - err = libdns_res_open (&res); + err = libdns_res_open (ctrl, &res); if (err) goto leave; @@ -2347,7 +2361,7 @@ get_dns_cname_standard (const char *name, char **r_cname) gpg_error_t -get_dns_cname (const char *name, char **r_cname) +get_dns_cname (ctrl_t ctrl, const char *name, char **r_cname) { gpg_error_t err; @@ -2356,9 +2370,9 @@ get_dns_cname (const char *name, char **r_cname) #ifdef USE_LIBDNS if (!standard_resolver) { - err = get_dns_cname_libdns (name, r_cname); + err = get_dns_cname_libdns (ctrl, name, r_cname); if (err && libdns_switch_port_p (err)) - err = get_dns_cname_libdns (name, r_cname); + err = get_dns_cname_libdns (ctrl, name, r_cname); return err; } #endif /*USE_LIBDNS*/ diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h index 612b2e5f5..06a43122a 100644 --- a/dirmngr/dns-stuff.h +++ b/dirmngr/dns-stuff.h @@ -137,12 +137,14 @@ void reload_dns_stuff (int force); void free_dns_addrinfo (dns_addrinfo_t ai); /* Function similar to getaddrinfo. */ -gpg_error_t resolve_dns_name (const char *name, unsigned short port, +gpg_error_t resolve_dns_name (ctrl_t ctrl, + const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_dai, char **r_canonname); /* Function similar to getnameinfo. */ -gpg_error_t resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen, +gpg_error_t resolve_dns_addr (ctrl_t ctrl, + const struct sockaddr_storage *addr, int addrlen, unsigned int flags, char **r_name); /* Return true if NAME is a numerical IP address. */ @@ -152,16 +154,18 @@ int is_ip_address (const char *name); int is_onion_address (const char *name); /* Get the canonical name for NAME. */ -gpg_error_t get_dns_cname (const char *name, char **r_cname); +gpg_error_t get_dns_cname (ctrl_t ctrl, const char *name, char **r_cname); /* Return a CERT record or an arbitrary RR. */ -gpg_error_t get_dns_cert (const char *name, int want_certtype, +gpg_error_t get_dns_cert (ctrl_t ctrl, + const char *name, int want_certtype, void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, char **r_url); /* Return an array of SRV records. */ -gpg_error_t get_dns_srv (const char *name, +gpg_error_t get_dns_srv (ctrl_t ctrl, + const char *name, const char *service, const char *proto, struct srventry **list, unsigned int *r_count); diff --git a/dirmngr/http.c b/dirmngr/http.c index 049aefc29..5fb7eed04 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -2,7 +2,7 @@ * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010, * 2011 Free Software Foundation, Inc. * Copyright (C) 2014 Werner Koch - * Copyright (C) 2015-2017 g10 Code GmbH + * Copyright (C) 2015-2018 g10 Code GmbH * * This file is part of GnuPG. * @@ -152,14 +152,15 @@ static int remove_escapes (char *string); static int insert_escapes (char *buffer, const char *string, const char *special); static uri_tuple_t parse_tuple (char *string); -static gpg_error_t send_request (http_t hd, const char *httphost, +static gpg_error_t send_request (ctrl_t ctrl, http_t hd, const char *httphost, const char *auth,const char *proxy, const char *srvtag, unsigned int timeout, strlist_t headers); static char *build_rel_path (parsed_uri_t uri); static gpg_error_t parse_response (http_t hd); -static gpg_error_t connect_server (const char *server, unsigned short port, +static gpg_error_t connect_server (ctrl_t ctrl, + const char *server, unsigned short port, unsigned int flags, const char *srvtag, unsigned int timeout, assuan_fd_t *r_sock); static gpgrt_ssize_t read_server (assuan_fd_t sock, void *buffer, size_t size); @@ -937,7 +938,7 @@ http_session_set_timeout (http_session_t sess, unsigned int timeout) If HTTPHOST is not NULL it is used for the Host header instead of a Host header derived from the URL. */ gpg_error_t -http_open (http_t *r_hd, http_req_t reqtype, const char *url, +http_open (ctrl_t ctrl, http_t *r_hd, http_req_t reqtype, const char *url, const char *httphost, const char *auth, unsigned int flags, const char *proxy, http_session_t session, const char *srvtag, strlist_t headers) @@ -961,7 +962,7 @@ http_open (http_t *r_hd, http_req_t reqtype, const char *url, err = parse_uri (&hd->uri, url, 0, !!(flags & HTTP_FLAG_FORCE_TLS)); if (!err) - err = send_request (hd, httphost, auth, proxy, srvtag, + err = send_request (ctrl, hd, httphost, auth, proxy, srvtag, hd->session? hd->session->connect_timeout : 0, headers); @@ -985,7 +986,8 @@ http_open (http_t *r_hd, http_req_t reqtype, const char *url, this http abstraction layer. This has the advantage of providing service tags and an estream interface. TIMEOUT is in milliseconds. */ gpg_error_t -http_raw_connect (http_t *r_hd, const char *server, unsigned short port, +http_raw_connect (ctrl_t ctrl, http_t *r_hd, + const char *server, unsigned short port, unsigned int flags, const char *srvtag, unsigned int timeout) { gpg_error_t err = 0; @@ -1021,7 +1023,8 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port, { assuan_fd_t sock; - err = connect_server (server, port, hd->flags, srvtag, timeout, &sock); + err = connect_server (ctrl, server, port, + hd->flags, srvtag, timeout, &sock); if (err) { xfree (hd); @@ -1174,14 +1177,14 @@ http_wait_response (http_t hd) be used as an HTTP proxy and any enabled $http_proxy gets ignored. */ gpg_error_t -http_open_document (http_t *r_hd, const char *document, +http_open_document (ctrl_t ctrl, http_t *r_hd, const char *document, const char *auth, unsigned int flags, const char *proxy, http_session_t session, const char *srvtag, strlist_t headers) { gpg_error_t err; - err = http_open (r_hd, HTTP_REQ_GET, document, NULL, auth, flags, + err = http_open (ctrl, r_hd, HTTP_REQ_GET, document, NULL, auth, flags, proxy, session, srvtag, headers); if (err) return err; @@ -1712,7 +1715,7 @@ is_hostname_port (const char *string) * Returns 0 if the request was successful */ static gpg_error_t -send_request (http_t hd, const char *httphost, const char *auth, +send_request (ctrl_t ctrl, http_t hd, const char *httphost, const char *auth, const char *proxy, const char *srvtag, unsigned int timeout, strlist_t headers) { @@ -1859,14 +1862,16 @@ send_request (http_t hd, const char *httphost, const char *auth, } } - err = connect_server (*uri->host ? uri->host : "localhost", + err = connect_server (ctrl, + *uri->host ? uri->host : "localhost", uri->port ? uri->port : 80, hd->flags, NULL, timeout, &sock); http_release_parsed_uri (uri); } else { - err = connect_server (server, port, hd->flags, srvtag, timeout, &sock); + err = connect_server (ctrl, + server, port, hd->flags, srvtag, timeout, &sock); } if (err) @@ -2870,7 +2875,7 @@ connect_with_timeout (assuan_fd_t sock, * function tries to connect to all known addresses and the timeout is * for each one. */ static gpg_error_t -connect_server (const char *server, unsigned short port, +connect_server (ctrl_t ctrl, const char *server, unsigned short port, unsigned int flags, const char *srvtag, unsigned int timeout, assuan_fd_t *r_sock) { @@ -2923,7 +2928,7 @@ connect_server (const char *server, unsigned short port, /* Do the SRV thing */ if (srvtag) { - err = get_dns_srv (server, srvtag, NULL, &serverlist, &srvcount); + err = get_dns_srv (ctrl, server, srvtag, NULL, &serverlist, &srvcount); if (err) log_info ("getting '%s' SRV for '%s' failed: %s\n", srvtag, server, gpg_strerror (err)); @@ -2953,7 +2958,8 @@ connect_server (const char *server, unsigned short port, if (opt_debug) log_debug ("http.c:connect_server: trying name='%s' port=%hu\n", serverlist[srv].target, port); - err = resolve_dns_name (serverlist[srv].target, port, 0, SOCK_STREAM, + err = resolve_dns_name (ctrl, + serverlist[srv].target, port, 0, SOCK_STREAM, &aibuf, NULL); if (err) { diff --git a/dirmngr/http.h b/dirmngr/http.h index 4cfb4c890..a86abbee7 100644 --- a/dirmngr/http.h +++ b/dirmngr/http.h @@ -135,12 +135,12 @@ gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri, void http_release_parsed_uri (parsed_uri_t uri); -gpg_error_t http_raw_connect (http_t *r_hd, +gpg_error_t http_raw_connect (ctrl_t ctrl, http_t *r_hd, const char *server, unsigned short port, unsigned int flags, const char *srvtag, unsigned int timeout); -gpg_error_t http_open (http_t *r_hd, http_req_t reqtype, +gpg_error_t http_open (ctrl_t ctrl, http_t *r_hd, http_req_t reqtype, const char *url, const char *httphost, const char *auth, @@ -156,7 +156,7 @@ gpg_error_t http_wait_response (http_t hd); void http_close (http_t hd, int keep_read_stream); -gpg_error_t http_open_document (http_t *r_hd, +gpg_error_t http_open_document (ctrl_t ctrl, http_t *r_hd, const char *document, const char *auth, unsigned int flags, diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c index e53a0ee78..30ede1573 100644 --- a/dirmngr/ks-engine-finger.c +++ b/dirmngr/ks-engine-finger.c @@ -82,7 +82,7 @@ ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp) } *server++ = 0; - err = http_raw_connect (&http, server, 79, + err = http_raw_connect (ctrl, &http, server, 79, ((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0) | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0) | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)), diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 32840e68e..630309991 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -304,7 +304,7 @@ tor_not_running_p (ctrl_t ctrl) PROTOCOL. If NAME specifies a pool (as indicated by IS_POOL), update the given reference table accordingly. */ static void -add_host (const char *name, int is_pool, +add_host (ctrl_t ctrl, const char *name, int is_pool, const dns_addrinfo_t ai, enum ks_protocol protocol, unsigned short port) { @@ -320,7 +320,7 @@ add_host (const char *name, int is_pool, if (is_pool) { /* For a pool immediately convert the address to a string. */ - tmperr = resolve_dns_addr (ai->addr, ai->addrlen, + tmperr = resolve_dns_addr (ctrl, ai->addr, ai->addrlen, (DNS_NUMERICHOST | DNS_WITHBRACKET), &tmphost); } else if (!is_ip_address (name)) @@ -337,7 +337,7 @@ add_host (const char *name, int is_pool, { /* Do a PTR lookup on AI. If a name was not found the function * returns the numeric address (with brackets). */ - tmperr = resolve_dns_addr (ai->addr, ai->addrlen, + tmperr = resolve_dns_addr (ctrl, ai->addr, ai->addrlen, DNS_WITHBRACKET, &tmphost); } @@ -498,7 +498,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, unsigned int srvscount; /* Check for SRV records. */ - err = get_dns_srv (name, srvtag, NULL, &srvs, &srvscount); + err = get_dns_srv (ctrl, name, srvtag, NULL, &srvs, &srvscount); if (err) { if (gpg_err_code (err) == GPG_ERR_ECONNREFUSED) @@ -514,13 +514,13 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, for (i = 0; i < srvscount; i++) { - err = resolve_dns_name (srvs[i].target, 0, + err = resolve_dns_name (ctrl, srvs[i].target, 0, AF_UNSPEC, SOCK_STREAM, &ai, &cname); if (err) continue; dirmngr_tick (ctrl); - add_host (name, is_pool, ai, protocol, srvs[i].port); + add_host (ctrl, name, is_pool, ai, protocol, srvs[i].port); new_hosts = 1; } @@ -535,7 +535,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, { /* Find all A records for this entry and put them into the pool list - if any. */ - err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname); + err = resolve_dns_name (ctrl, name, 0, 0, SOCK_STREAM, &aibuf, &cname); if (err) { log_error ("resolving '%s' failed: %s\n", name, gpg_strerror (err)); @@ -566,7 +566,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, continue; dirmngr_tick (ctrl); - add_host (name, is_pool, ai, 0, 0); + add_host (ctrl, name, is_pool, ai, 0, 0); new_hosts = 1; } @@ -624,7 +624,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, * hosttable. */ char *host; - err = resolve_dns_name (hi->name, 0, 0, SOCK_STREAM, &aibuf, NULL); + err = resolve_dns_name (ctrl, hi->name, 0, 0, SOCK_STREAM, &aibuf, NULL); if (!err) { for (ai = aibuf; ai; ai = ai->next) @@ -632,7 +632,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, if ((!opt.disable_ipv6 && ai->family == AF_INET6) || (!opt.disable_ipv4 && ai->family == AF_INET)) { - err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host); + err = resolve_dns_addr (ctrl, + ai->addr, ai->addrlen, 0, &host); if (!err) { /* Okay, we return the first found name. */ @@ -865,7 +866,7 @@ ks_hkp_print_hosttable (ctrl_t ctrl) /* Turn the numerical IP address string into an AI and * then do a DNS PTR lookup. */ - if (!resolve_dns_name (hi->name, 0, 0, + if (!resolve_dns_name (ctrl, hi->name, 0, 0, SOCK_STREAM, &aibuf, &canon)) { @@ -876,7 +877,7 @@ ks_hkp_print_hosttable (ctrl_t ctrl) } for (ai = aibuf; !canon && ai; ai = ai->next) { - resolve_dns_addr (ai->addr, ai->addrlen, + resolve_dns_addr (ctrl, ai->addr, ai->addrlen, DNS_WITHBRACKET, &canon); if (canon && is_ip_address (canon)) { @@ -896,14 +897,14 @@ ks_hkp_print_hosttable (ctrl_t ctrl) /* Get the IP address as a string from a name. Note * that resolve_dns_addr allocates CANON on success * and thus terminates the loop. */ - if (!resolve_dns_name (hi->name, 0, + if (!resolve_dns_name (ctrl, hi->name, 0, hi->v6? AF_INET6 : AF_INET, SOCK_STREAM, &aibuf, NULL)) { for (ai = aibuf; !canon && ai; ai = ai->next) { - resolve_dns_addr (ai->addr, ai->addrlen, + resolve_dns_addr (ctrl, ai->addr, ai->addrlen, DNS_NUMERICHOST|DNS_WITHBRACKET, &canon); } @@ -1182,7 +1183,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, http_session_set_timeout (session, ctrl->timeout); once_more: - err = http_open (&http, + err = http_open (ctrl, &http, post_cb? HTTP_REQ_POST : HTTP_REQ_GET, request, httphost, diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index 946c92769..9e6b9e1f5 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -103,7 +103,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags, http_session_set_timeout (session, ctrl->timeout); *r_fp = NULL; - err = http_open (&http, + err = http_open (ctrl, &http, HTTP_REQ_GET, url, /* httphost */ NULL, diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index 22391c32d..ca28960e4 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -172,7 +172,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, } once_more: - err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL, + err = http_open (ctrl, &http, HTTP_REQ_POST, url, NULL, NULL, ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0) | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0) diff --git a/dirmngr/server.c b/dirmngr/server.c index b7cdb24c9..33ce4cfe3 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -666,7 +666,7 @@ static const char hlp_dns_cert[] = static gpg_error_t cmd_dns_cert (assuan_context_t ctx, char *line) { - /* ctrl_t ctrl = assuan_get_pointer (ctx); */ + ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; int pka_mode, dane_mode; char *mbox = NULL; @@ -782,7 +782,7 @@ cmd_dns_cert (assuan_context_t ctx, char *line) else name = line; - err = get_dns_cert (name, certtype, &key, &keylen, &fpr, &fprlen, &url); + err = get_dns_cert (ctrl, name, certtype, &key, &keylen, &fpr, &fprlen, &url); if (err) goto leave; @@ -883,7 +883,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) size_t domainlen, targetlen; int i; - err = get_dns_srv (domain, "openpgpkey", NULL, &srvs, &srvscount); + err = get_dns_srv (ctrl, domain, "openpgpkey", NULL, &srvs, &srvscount); if (err) goto leave; @@ -2977,7 +2977,7 @@ dirmngr_status_printf (ctrl_t ctrl, const char *keyword, va_list arg_ptr; assuan_context_t ctx; - if (!ctrl->server_local || !(ctx = ctrl->server_local->assuan_ctx)) + if (!ctrl || !ctrl->server_local || !(ctx = ctrl->server_local->assuan_ctx)) return 0; va_start (arg_ptr, format); diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c index 5a3ede15b..6d52160bc 100644 --- a/dirmngr/t-dns-stuff.c +++ b/dirmngr/t-dns-stuff.c @@ -178,7 +178,7 @@ main (int argc, char **argv) if (verbose || any_options) printf ("CERT lookup on '%s'\n", name); - err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen, + err = get_dns_cert (NULL, name, DNS_CERTTYPE_ANY, &key, &keylen, &fpr, &fpr_len, &url); if (err) printf ("get_dns_cert failed: %s <%s>\n", @@ -218,7 +218,7 @@ main (int argc, char **argv) char *cname; printf ("CNAME lookup on '%s'\n", name); - err = get_dns_cname (name, &cname); + err = get_dns_cname (NULL, name, &cname); if (err) printf ("get_dns_cname failed: %s <%s>\n", gpg_strerror (err), gpg_strsource (err)); @@ -234,7 +234,7 @@ main (int argc, char **argv) unsigned int count; int i; - err = get_dns_srv (name? name : "_hkp._tcp.wwwkeys.pgp.net", + err = get_dns_srv (NULL, name? name : "_hkp._tcp.wwwkeys.pgp.net", NULL, NULL, &srv, &count); if (err) printf ("get_dns_srv failed: %s <%s>\n", @@ -261,7 +261,7 @@ main (int argc, char **argv) printf ("Lookup on '%s'\n", name); - err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname); + err = resolve_dns_name (NULL, name, 0, 0, SOCK_STREAM, &aibuf, &cname); if (err) { fprintf (stderr, PGM": resolving '%s' failed: %s\n", @@ -278,7 +278,7 @@ main (int argc, char **argv) ai->family == AF_INET? "inet4" : "? ", ai->socktype, ai->protocol); - err = resolve_dns_addr (ai->addr, ai->addrlen, + err = resolve_dns_addr (NULL, ai->addr, ai->addrlen, (DNS_NUMERICHOST | (opt_bracket? DNS_WITHBRACKET:0)), &host); @@ -290,7 +290,7 @@ main (int argc, char **argv) xfree (host); } - err = resolve_dns_addr (ai->addr, ai->addrlen, + err = resolve_dns_addr (NULL, ai->addr, ai->addrlen, (opt_bracket? DNS_WITHBRACKET:0), &host); if (err) diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c index 440633db4..2fc0a465c 100644 --- a/dirmngr/t-http.c +++ b/dirmngr/t-http.c @@ -438,7 +438,7 @@ main (int argc, char **argv) if (session) http_session_set_timeout (session, timeout); - rc = http_open_document (&hd, *argv, NULL, my_http_flags, + rc = http_open_document (NULL, &hd, *argv, NULL, my_http_flags, NULL, session, NULL, NULL); if (rc) { diff --git a/dirmngr/t-support.c b/dirmngr/t-support.c new file mode 100644 index 000000000..fc9546a7d --- /dev/null +++ b/dirmngr/t-support.c @@ -0,0 +1,43 @@ +/* t-support.c - Module test support (stubs etc). + * Copyright (C) 2018 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + * SPDX-License-Identifier: GPL-3.0+ + */ + +#include +#include +#include +#include + + +#include "../common/util.h" +#include "dirmngr-status.h" +#include "t-support.h" + + + +/* Stub for testing. See server.c for the real implementation. */ +gpg_error_t +dirmngr_status_printf (ctrl_t ctrl, const char *keyword, + const char *format, ...) +{ + (void)ctrl; + (void)keyword; + (void)format; + + return 0; +} diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 9bc90fb2d..d77b90dec 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -406,6 +406,8 @@ ks_status_cb (void *opaque, const char *line) warn = _("Tor is not running"); else if ((s2 = has_leading_keyword (s, "tor_config_problem"))) warn = _("Tor is not properly configured"); + else if ((s2 = has_leading_keyword (s, "dns_config_problem"))) + warn = _("DNS is not properly configured"); else warn = NULL;