dirmngr: Print a WARNING status for DNS config problems.

* dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2018-07-25 14:35:04 +02:00 · 2018-07-25 14:35:04 +02:00 · bd4048c533
commit bd4048c533
parent 9aa1b368ef
16 changed files with 196 additions and 93 deletions
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@ -73,6 +73,7 @@
 #include "./dirmngr-err.h"
 #include "../common/util.h"
 #include "../common/host2net.h"
+#include "dirmngr-status.h"
 #include "dns-stuff.h"

 #ifdef USE_NPTH
@ -433,12 +434,13 @@ resolv_conf_changed_p (void)
 /* Initialize libdns.  Returns 0 on success; prints a diagnostic and
 * returns an error code on failure.  */
 static gpg_error_t
-libdns_init (void)
+libdns_init (ctrl_t ctrl)
 {
  gpg_error_t err;
  struct libdns_s ld;
  int derr;
  char *cfgstr = NULL;
+  const char *fname = NULL;

  if (libdns.resolv_conf)
    return 0; /* Already initialized.  */
@ -532,7 +534,6 @@ libdns_init (void)
      xfree (ninfo);

 #else /* Unix */
-      const char *fname;

      fname = RESOLV_CONF_NAME;
      resolv_conf_changed_p (); /* Reset timestamp.  */
@ -622,6 +623,7 @@ libdns_init (void)
    {
      err = libdns_error_to_gpg_error (derr);
      log_error ("failed to load DNS hints: %s\n", gpg_strerror (err));
+      fname = "[dns hints]";
      goto leave;
    }

@ -632,6 +634,14 @@ libdns_init (void)
    log_debug ("dns: libdns initialized%s\n", tor_mode?" (tor mode)":"");

 leave:
+  if (!fname)
+    fname = cfgstr;
+  if (err && fname)
+    dirmngr_status_printf (ctrl, "WARNING",
+                           "dns_config_problem %u"
+                           " error accessing '%s': %s <%s>",
+                           err, fname, gpg_strerror (err), gpg_strsource (err));
+
  xfree (cfgstr);
  return err;
 }
@ -686,7 +696,7 @@ reload_dns_stuff (int force)
 * failure an error code is returned and NULL stored at R_RES.
 */
 static gpg_error_t
-libdns_res_open (struct dns_resolver **r_res)
+libdns_res_open (ctrl_t ctrl, struct dns_resolver **r_res)
 {
  gpg_error_t err;
  struct dns_resolver *res;
@ -708,7 +718,7 @@ libdns_res_open (struct dns_resolver **r_res)
      libdns_deinit ();
    }

-  err = libdns_init ();
+  err = libdns_init (ctrl);
  if (err)
    return err;

@ -790,7 +800,7 @@ libdns_res_wait (struct dns_resolver *res)

 #ifdef USE_LIBDNS
 static gpg_error_t
-resolve_name_libdns (const char *name, unsigned short port,
+resolve_name_libdns (ctrl_t ctrl, const char *name, unsigned short port,
                     int want_family, int want_socktype,
                     dns_addrinfo_t *r_dai, char **r_canonname)
 {
@ -823,7 +833,7 @@ resolve_name_libdns (const char *name, unsigned short port,
      portstr = portstr_;
    }

-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
  if (err)
    goto leave;

@ -935,7 +945,7 @@ resolve_name_libdns (const char *name, unsigned short port,

 /* Resolve a name using the standard system function.  */
 static gpg_error_t
-resolve_name_standard (const char *name, unsigned short port,
+resolve_name_standard (ctrl_t ctrl, const char *name, unsigned short port,
                       int want_family, int want_socktype,
                       dns_addrinfo_t *r_dai, char **r_canonname)
 {
@ -981,7 +991,7 @@ resolve_name_standard (const char *name, unsigned short port,
             CNAME redirection again.  */
          char *cname;

-          if (get_dns_cname (name, &cname))
+          if (get_dns_cname (ctrl, name, &cname))
            goto leave; /* Still no success.  */

          ret = getaddrinfo (cname, *portstr? portstr : NULL, &hints, &aibuf);
@ -1057,7 +1067,7 @@ resolve_name_standard (const char *name, unsigned short port,
   is stored there as a malloced string; if that name is not available
   NULL is stored.  */
 gpg_error_t
-resolve_dns_name (const char *name, unsigned short port,
+resolve_dns_name (ctrl_t ctrl, const char *name, unsigned short port,
                  int want_family, int want_socktype,
                  dns_addrinfo_t *r_ai, char **r_canonname)
 {
@ -1066,15 +1076,15 @@ resolve_dns_name (const char *name, unsigned short port,
 #ifdef USE_LIBDNS
  if (!standard_resolver)
    {
-      err = resolve_name_libdns (name, port, want_family, want_socktype,
+      err = resolve_name_libdns (ctrl, name, port, want_family, want_socktype,
                                  r_ai, r_canonname);
      if (err && libdns_switch_port_p (err))
-        err = resolve_name_libdns (name, port, want_family, want_socktype,
+        err = resolve_name_libdns (ctrl, name, port, want_family, want_socktype,
                                   r_ai, r_canonname);
    }
  else
 #endif /*USE_LIBDNS*/
-    err = resolve_name_standard (name, port, want_family, want_socktype,
+    err = resolve_name_standard (ctrl, name, port, want_family, want_socktype,
                                 r_ai, r_canonname);
  if (opt_debug)
    log_debug ("dns: resolve_dns_name(%s): %s\n", name, gpg_strerror (err));
@ -1085,7 +1095,8 @@ resolve_dns_name (const char *name, unsigned short port,
 #ifdef USE_LIBDNS
 /* Resolve an address using libdns.  */
 static gpg_error_t
-resolve_addr_libdns (const struct sockaddr_storage *addr, int addrlen,
+resolve_addr_libdns (ctrl_t ctrl,
+                     const struct sockaddr_storage *addr, int addrlen,
                     unsigned int flags, char **r_name)
 {
  gpg_error_t err;
@ -1117,7 +1128,7 @@ resolve_addr_libdns (const struct sockaddr_storage *addr, int addrlen,
    goto leave;


-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
  if (err)
    goto leave;

@ -1281,7 +1292,8 @@ resolve_addr_standard (const struct sockaddr_storage *addr, int addrlen,

 /* A wrapper around getnameinfo.  */
 gpg_error_t
-resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen,
+resolve_dns_addr (ctrl_t ctrl,
+                  const struct sockaddr_storage *addr, int addrlen,
                  unsigned int flags, char **r_name)
 {
  gpg_error_t err;
@ -1290,9 +1302,9 @@ resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen,
  /* Note that we divert to the standard resolver for NUMERICHOST.  */
  if (!standard_resolver && !(flags & DNS_NUMERICHOST))
    {
-      err = resolve_addr_libdns (addr, addrlen, flags, r_name);
+      err = resolve_addr_libdns (ctrl, addr, addrlen, flags, r_name);
      if (err && libdns_switch_port_p (err))
-        err = resolve_addr_libdns (addr, addrlen, flags, r_name);
+        err = resolve_addr_libdns (ctrl, addr, addrlen, flags, r_name);
    }
  else
 #endif /*USE_LIBDNS*/
@ -1390,7 +1402,7 @@ is_onion_address (const char *name)
 /* libdns version of get_dns_cert.  */
 #ifdef USE_LIBDNS
 static gpg_error_t
-get_dns_cert_libdns (const char *name, int want_certtype,
+get_dns_cert_libdns (ctrl_t ctrl, const char *name, int want_certtype,
                     void **r_key, size_t *r_keylen,
                     unsigned char **r_fpr, size_t *r_fprlen, char **r_url)
 {
@ -1410,7 +1422,7 @@ get_dns_cert_libdns (const char *name, int want_certtype,
           : (want_certtype - DNS_CERTTYPE_RRBASE));


-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
  if (err)
    goto leave;

@ -1776,7 +1788,7 @@ get_dns_cert_standard (const char *name, int want_certtype,
   supported certtypes only records with this certtype are considered
   and the first found is returned.  (R_KEY,R_KEYLEN) are optional. */
 gpg_error_t
-get_dns_cert (const char *name, int want_certtype,
+get_dns_cert (ctrl_t ctrl, const char *name, int want_certtype,
              void **r_key, size_t *r_keylen,
              unsigned char **r_fpr, size_t *r_fprlen, char **r_url)
 {
@ -1793,10 +1805,10 @@ get_dns_cert (const char *name, int want_certtype,
 #ifdef USE_LIBDNS
  if (!standard_resolver)
    {
-      err = get_dns_cert_libdns (name, want_certtype, r_key, r_keylen,
+      err = get_dns_cert_libdns (ctrl, name, want_certtype, r_key, r_keylen,
                                 r_fpr, r_fprlen, r_url);
      if (err && libdns_switch_port_p (err))
-        err = get_dns_cert_libdns (name, want_certtype, r_key, r_keylen,
+        err = get_dns_cert_libdns (ctrl, name, want_certtype, r_key, r_keylen,
                                   r_fpr, r_fprlen, r_url);
    }
  else
@ -1828,7 +1840,8 @@ priosort(const void *a,const void *b)
 * R_COUNT.  */
 #ifdef USE_LIBDNS
 static gpg_error_t
-getsrv_libdns (const char *name, struct srventry **list, unsigned int *r_count)
+getsrv_libdns (ctrl_t ctrl,
+               const char *name, struct srventry **list, unsigned int *r_count)
 {
  gpg_error_t err;
  struct dns_resolver *res = NULL;
@ -1839,7 +1852,7 @@ getsrv_libdns (const char *name, struct srventry **list, unsigned int *r_count)
  int derr;
  unsigned int srvcount = 0;

-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
  if (err)
    goto leave;

@ -2058,7 +2071,8 @@ getsrv_standard (const char *name,
 * we do not return NONAME but simply store 0 at R_COUNT.  On error an
 * error code is returned and 0 stored at R_COUNT.  */
 gpg_error_t
-get_dns_srv (const char *name, const char *service, const char *proto,
+get_dns_srv (ctrl_t ctrl,
+             const char *name, const char *service, const char *proto,
             struct srventry **list, unsigned int *r_count)
 {
  gpg_error_t err;
@ -2087,9 +2101,9 @@ get_dns_srv (const char *name, const char *service, const char *proto,
 #ifdef USE_LIBDNS
  if (!standard_resolver)
    {
-      err = getsrv_libdns (name, list, &srvcount);
+      err = getsrv_libdns (ctrl, name, list, &srvcount);
      if (err && libdns_switch_port_p (err))
-        err = getsrv_libdns (name, list, &srvcount);
+        err = getsrv_libdns (ctrl, name, list, &srvcount);
    }
  else
 #endif /*USE_LIBDNS*/
@ -2194,7 +2208,7 @@ get_dns_srv (const char *name, const char *service, const char *proto,
 #ifdef USE_LIBDNS
 /* libdns version of get_dns_cname.  */
 gpg_error_t
-get_dns_cname_libdns (const char *name, char **r_cname)
+get_dns_cname_libdns (ctrl_t ctrl, const char *name, char **r_cname)
 {
  gpg_error_t err;
  struct dns_resolver *res;
@ -2202,7 +2216,7 @@ get_dns_cname_libdns (const char *name, char **r_cname)
  struct dns_cname cname;
  int derr;

-  err = libdns_res_open (&res);
+  err = libdns_res_open (ctrl, &res);
  if (err)
    goto leave;

@ -2347,7 +2361,7 @@ get_dns_cname_standard (const char *name, char **r_cname)


 gpg_error_t
-get_dns_cname (const char *name, char **r_cname)
+get_dns_cname (ctrl_t ctrl, const char *name, char **r_cname)
 {
  gpg_error_t err;

@ -2356,9 +2370,9 @@ get_dns_cname (const char *name, char **r_cname)
 #ifdef USE_LIBDNS
  if (!standard_resolver)
    {
-      err = get_dns_cname_libdns (name, r_cname);
+      err = get_dns_cname_libdns (ctrl, name, r_cname);
      if (err && libdns_switch_port_p (err))
-        err = get_dns_cname_libdns (name, r_cname);
+        err = get_dns_cname_libdns (ctrl, name, r_cname);
      return err;
    }
 #endif /*USE_LIBDNS*/