From c091816b4a90d7eea6f8601ec1522a0a006794e8 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 18 Sep 2015 16:17:11 +0200 Subject: [PATCH] dirmngr: Add option --use-tor as a stub. * dirmngr/dirmngr.h (opt): Add field "use_tor". * dirmngr/dirmngr.c (oUseTor): New. (opts): Add --use-tor. (parse_rereadable_options): Set option. (main): Tell gpgconf about that option. * dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and return an error if LDAP is used in TOR mode. (ca_cert_fetch): Return an error in TOR mode. (start_cert_fetch): Ditto. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the http module. * dirmngr/ks-engine-hkp.c (send_request): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the http module. * dirmngr/server.c (option_handler): Add "honor-keyserver-url-used". (cmd_dns_cert): Return an error in TOR mode. (cmd_getinfo): Add subcommand "tor" * tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group. -- More work is required to actually make --use-tor useful. For now it returns an error for almost all network access but as soon as we have added the TOR feature to the http module some parts will start to work. Signed-off-by: Werner Koch --- dirmngr/crlfetch.c | 30 ++++++++++++++++++++++++++++-- dirmngr/dirmngr.c | 6 ++++++ dirmngr/dirmngr.h | 1 + dirmngr/ks-engine-finger.c | 3 ++- dirmngr/ks-engine-hkp.c | 4 +++- dirmngr/ks-engine-http.c | 3 ++- dirmngr/ks-engine-ldap.c | 21 +++++++++++++++++++++ dirmngr/ocsp.c | 11 ++++++++++- dirmngr/server.c | 18 +++++++++++++++++- tools/gpgconf-comp.c | 7 +++++++ 10 files changed, 97 insertions(+), 7 deletions(-) diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c index 3b3916a23..0f34e2794 100644 --- a/dirmngr/crlfetch.c +++ b/dirmngr/crlfetch.c @@ -196,8 +196,9 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader) } else err = http_open_document (&hd, url, NULL, - (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) - |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0), + ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) + |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0) + |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)), ctrl->http_proxy, NULL, NULL, NULL); switch ( err? 99999 : http_get_status_code (hd) ) @@ -289,6 +290,12 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader) "LDAP"); err = gpg_error (GPG_ERR_NOT_SUPPORTED); } + else if (opt.use_tor) + { + /* For now we do not support LDAP over TOR. */ + log_error (_("CRL access not possible due to TOR mode\n")); + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + } else { # if USE_LDAP @@ -309,12 +316,19 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader) gpg_error_t crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader) { + if (opt.use_tor) + { + /* For now we do not support LDAP over TOR. */ + log_error (_("CRL access not possible due to TOR mode\n")); + return gpg_error (GPG_ERR_NOT_SUPPORTED); + } if (opt.disable_ldap) { log_error (_("CRL access not possible due to disabled %s\n"), "LDAP"); return gpg_error (GPG_ERR_NOT_SUPPORTED); } + #if USE_LDAP return attr_fetch_ldap (ctrl, issuer, "certificateRevocationList", reader); @@ -334,6 +348,12 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader) gpg_error_t ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn) { + if (opt.use_tor) + { + /* For now we do not support LDAP over TOR. */ + log_error (_("CRL access not possible due to TOR mode\n")); + return gpg_error (GPG_ERR_NOT_SUPPORTED); + } if (opt.disable_ldap) { log_error (_("CRL access not possible due to disabled %s\n"), @@ -355,6 +375,12 @@ gpg_error_t start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, strlist_t patterns, const ldap_server_t server) { + if (opt.use_tor) + { + /* For now we do not support LDAP over TOR. */ + log_error (_("CRL access not possible due to TOR mode\n")); + return gpg_error (GPG_ERR_NOT_SUPPORTED); + } if (opt.disable_ldap) { log_error (_("certificate search not possible due to disabled %s\n"), diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 10cc45e00..fb9a70135 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -140,6 +140,7 @@ enum cmd_and_opt_values { oLDAPWrapperProgram, oHTTPWrapperProgram, oIgnoreCertExtension, + oUseTor, aTest }; @@ -215,6 +216,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oHkpCaCert, "hkp-cacert", N_("|FILE|use the CA certificates in FILE for HKP over TLS")), + ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via TOR")), ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */ @@ -518,6 +520,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) } FREE_STRLIST (opt.ignored_cert_extensions); http_register_tls_ca (NULL); + /* We do not allow resetting of opt.use_tor at runtime. */ return 1; } @@ -580,6 +583,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str); break; + case oUseTor: opt.use_tor = 1; break; + default: return 0; /* Not handled. */ } @@ -1405,6 +1410,7 @@ main (int argc, char **argv) /* Note: The next one is to fix a typo in gpgconf - should be removed eventually. */ es_printf ("ignore-ocsp-servic-url:%lu:\n", flags | GC_OPT_FLAG_NONE); + es_printf ("use-tor:%lu:\n", flags | GC_OPT_FLAG_NONE); } cleanup (); return !!rc; diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 4f037e714..a2db62755 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -93,6 +93,7 @@ struct int system_service; /* We are running as W32 service (implies daemon). */ int system_daemon; /* We are running in system daemon mode. */ int running_detached; /* We are running in detached mode. */ + int use_tor; /* TOR mode has been enabled. */ int force; /* Force loading outdated CRLs. */ diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c index 57dd340e8..96e092d24 100644 --- a/dirmngr/ks-engine-finger.c +++ b/dirmngr/ks-engine-finger.c @@ -82,7 +82,8 @@ ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp) } *server++ = 0; - err = http_raw_connect (&http, server, 79, 0, NULL); + err = http_raw_connect (&http, server, 79, + (opt.use_tor? HTTP_FLAG_FORCE_TOR : 0), NULL); if (err) { xfree (name); diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index a0104117d..18ad7317d 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -965,7 +965,9 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, request, httphost, /* fixme: AUTH */ NULL, - (httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)), + (httpflags + |(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) + |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)), ctrl->http_proxy, session, NULL, diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index 13e51c69e..ae128ee12 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -77,7 +77,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) url, /* httphost */ NULL, /* fixme: AUTH */ NULL, - (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0), + ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) + | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)), ctrl->http_proxy, session, NULL, diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 1b8ef031a..c6fa5ebc3 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -836,6 +836,13 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, (void) ctrl; + if (opt.use_tor) + { + /* For now we do not support LDAP over TOR. */ + log_error (_("LDAP access not possible due to TOR mode\n")); + return gpg_error (GPG_ERR_NOT_SUPPORTED); + } + /* Before connecting to the server, make sure we have a sane keyspec. If not, there is no need to establish a network connection. */ @@ -1012,6 +1019,13 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, (void) ctrl; + if (opt.use_tor) + { + /* For now we do not support LDAP over TOR. */ + log_error (_("LDAP access not possible due to TOR mode\n")); + return gpg_error (GPG_ERR_NOT_SUPPORTED); + } + /* Before connecting to the server, make sure we have a sane keyspec. If not, there is no need to establish a network connection. */ @@ -1881,6 +1895,13 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri, /* Elide a warning. */ (void) ctrl; + if (opt.use_tor) + { + /* For now we do not support LDAP over TOR. */ + log_error (_("LDAP access not possible due to TOR mode\n")); + return gpg_error (GPG_ERR_NOT_SUPPORTED); + } + ldap_err = my_ldap_connect (uri, &ldap_conn, &basedn, &pgpkeyattr, &real_ldap); if (ldap_err || !basedn) diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index 8971b9ffa..f81f3358e 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -132,6 +132,14 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, (void)ctrl; + if (opt.use_tor) + { + /* For now we do not allow OCSP via TOR due to possible privacy + concerns. Needs further research. */ + log_error (_("OCSP request not possible due to TOR mode\n")); + return gpg_error (GPG_ERR_NOT_SUPPORTED); + } + if (opt.disable_http) { log_error (_("OCSP request not possible due to disabled HTTP\n")); @@ -165,7 +173,8 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, once_more: err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL, - (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0), + ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) + | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)), ctrl->http_proxy, NULL, NULL, NULL); if (err) { diff --git a/dirmngr/server.c b/dirmngr/server.c index 0f1d2623e..694a881cc 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -626,6 +626,12 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) else if (!(ctrl->http_proxy = xtrystrdup (value))) err = gpg_error_from_syserror (); } + else if (!strcmp (key, "honor-keyserver-url-used")) + { + /* Return an error if we are running in TOR mode. */ + if (opt.use_tor) + err = gpg_error (GPG_ERR_FORBIDDEN); + } else err = gpg_error (GPG_ERR_UNKNOWN_OPTION); @@ -697,6 +703,12 @@ cmd_dns_cert (assuan_context_t ctx, char *line) } } + if (opt.use_tor) + { + err = gpg_error (GPG_ERR_FORBIDDEN); + goto leave; + } + if (pka_mode) { char *domain; /* Points to mbox. */ @@ -1970,7 +1982,7 @@ static const char hlp_getinfo[] = "\n" "version - Return the version of the program.\n" "pid - Return the process id of the server.\n" - "\n" + "tor - Return OK if running in TOR mode\n" "socket_name - Return the name of the socket.\n"; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) @@ -2001,6 +2013,10 @@ cmd_getinfo (assuan_context_t ctx, char *line) else err = gpg_error (GPG_ERR_NO_DATA); } + else if (!strcmp (line, "tor")) + { + err = opt.use_tor? 0:set_error (GPG_ERR_GENERAL, "TOR mode not enabled"); + } else err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index cb8308861..3f0d83ba5 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -908,6 +908,13 @@ static gc_option_t gc_options_dirmngr[] = "dirmngr", "force loading of outdated CRLs", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + { "TOR", + GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC, + "gnupg", N_("Options controlling the use of TOR") }, + { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, + "dirmngr", "route all network traffic via TOR", + GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + { "HTTP", GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, "gnupg", N_("Configuration for HTTP servers") },