dirmngr: New configure option --disable-libdns.

* configure.ac: Add option --disable-libdns (USE_LIBDNS): New ac_subst and am_conditional. (USE_C99_CFLAGS): Set only if libdns is used. * dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ... (dirmngr_SOURCES) [USE_LIBDNS0: here. (t_common_src): Ditto. * dirmngr/dirmngr.c (oRecursiveResolver): New constant. (opts): New option "--recursive-resolver". (parse_rereadable_options): Set option. * dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver. * dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the new variables. * dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined. Also build and call dnslib functions only if USE_DNSLIB is defined. (recursive_resolver): New var. (enable_recursive_resolver): New func. (recursive_resolver_p): New func. -- In case users run into problems building GnuPG, the configure option allows to disable that support and continue w/o Tor support using the system resolver. --recursive-resolver was easy enough to implement and may be useful in some situation. It does not fully work, though. Signed-off-by: Werner Koch <wk@gnupg.org>
2024-12-22 10:19:57 +01:00 · 2016-12-14 15:36:25 +01:00 · 2016-12-14 15:36:25 +01:00 · d34a2bb410
commit d34a2bb410
parent 3c2a7918ea
9 changed files with 117 additions and 11 deletions
--- a/10
+++ b/10
@ -117,6 +117,16 @@
  Add other options as needed.


+*** Systems without a full C99 compiler
+
+  If you run into problems with our compiler complaining about dns.c
+  you may use
+
+    ./configure --disable-libdns
+
+  Add other options as needed.
+
+
 * MIGRATION from 1.4 or 2.0 to 2.1

  The major change in 2.1 is gpg-agent taking care of the OpenPGP
--- a/configure.ac
+++ b/configure.ac
@ -110,6 +110,7 @@ use_bzip2=yes
 use_exec=yes
 use_trust_models=yes
 use_tofu=yes
+use_libdns=yes
 card_support=yes
 use_ccid_driver=auto
 dirmngr_auto_start=yes
@ -269,6 +270,16 @@ if test "$use_trust_models" = no && test "$use_tofu" = yes; then
    AC_MSG_ERROR([both --disable-trust-models and --enable-tofu given])
 fi

+AC_MSG_CHECKING([whether to enable libdns])
+AC_ARG_ENABLE(libdns,
+                AC_HELP_STRING([--disable-libdns],
+                               [do not build with libdns support]),
+              use_libdns=$enableval, use_libdns=yes)
+AC_MSG_RESULT($use_libdns)
+if test x"$use_libdns" = xyes ; then
+    AC_DEFINE(USE_LIBDNS, 1, [Build with integrated libdns support])
+fi
+AM_CONDITIONAL(USE_LIBDNS, test "$use_libdns" = yes)


 #
@ -1063,13 +1074,18 @@ if test "$build_dirmngr" = "yes"; then
    if test x"$need_compat" = xyes ; then
      AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
    fi
+    if test "$use_libdns" = yes; then
+     show_tor_support=yes
+    fi
+  elif test "$use_libdns" = yes; then
+    show_tor_support=yes
  else
    AC_MSG_WARN([[
 ***
 *** The system's DNS resolver is not usable.
 *** Dirmngr functionality is limited.
 ***]])
-   show_tor_support="${show_tor_support} (no system resolver)"
+    show_tor_support="${show_tor_support} (no system resolver)"
  fi

  LIBS=$_dns_save_libs
@ -1510,6 +1526,7 @@ AC_SUBST(W32SOCKLIBS)
 #
 # Setup gcc specific options
 #
+USE_C99_CFLAGS=
 AC_MSG_NOTICE([checking for cc features])
 if test "$GCC" = yes; then
    mycflags=
@ -1577,9 +1594,10 @@ if test "$GCC" = yes; then
    fi

    CFLAGS="$mycflags $mycflags_save"
-    USE_C99_CFLAGS="-std=gnu99"
-else
-    USE_C99_CFLAGS=
+    if test "$use_libdns" = yes; then
+       # dirmngr/dns.{c,h} require C99 and GNU extensions.  */
+       USE_C99_CFLAGS="-std=gnu99"
+    fi
 fi

 AC_SUBST(USE_C99_CFLAGS)
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@ -60,12 +60,15 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c	\
 	loadswdb.c \
 	cdb.h cdblib.c misc.c dirmngr-err.h  \
 	ocsp.c ocsp.h validate.c validate.h  \
-	dns.c dns.h \
 	dns-stuff.c dns-stuff.h \
 	http.c http.h \
 	ks-action.c ks-action.h ks-engine.h \
 	ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c

+if USE_LIBDNS
+dirmngr_SOURCES += dns.c dns.h
+endif
+
 if USE_LDAP
 dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
                   ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
@ -104,7 +107,10 @@ dirmngr_client_LDADD = $(libcommon) \
 dirmngr_client_LDFLAGS = $(extra_bin_ldflags)


-t_common_src = t-support.h dns.c dns.h
+t_common_src = t-support.h
+if USE_LIBDNS
+t_common_src += dns.c dns.h
+endif
 t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
                 $(GPG_ERROR_LIBS) $(NETLIBS) \
                 $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@ -141,6 +141,7 @@ enum cmd_and_opt_values {
  oNameServer,
  oDisableCheckOwnSocket,
  oStandardResolver,
+  oRecursiveResolver,
  aTest
 };

@ -238,6 +239,7 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy", "@"),
  ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"),
  ARGPARSE_s_n (oStandardResolver, "standard-resolver", "@"),
+  ARGPARSE_s_n (oRecursiveResolver, "recursive-resolver", "@"),

  ARGPARSE_group (302,N_("@\n(See the \"info\" manual for a complete listing "
                         "of all commands and options)\n")),
@ -621,6 +623,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
    case oUseTor: opt.use_tor = 1; break;

    case oStandardResolver: enable_standard_resolver (1); break;
+    case oRecursiveResolver: enable_recursive_resolver (1); break;

    case oKeyServer:
      if (*pargs->r.ret_str)
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@ -47,7 +47,9 @@
 #include <unistd.h>

 /* William Ahern's DNS library, included as a source copy.  */
-#include "dns.h"
+#ifdef USE_LIBDNS
+# include "dns.h"
+#endif

 /* dns.c has a dns_p_free but it is not exported.  We use our own
 * wrapper here so that we do not accidentally use xfree which would
@ -101,6 +103,9 @@
 /* If set force the use of the standard resolver.  */
 static int standard_resolver;

+/* If set use recursive resolver when available. */
+static int recursive_resolver;
+
 /* If set Tor mode shall be used.  */
 static int tor_mode;

@ -111,6 +116,7 @@ static char tor_nameserver[40+20];
 /* A string to hold the credentials presented to Tor.  */
 static char tor_credentials[50];

+#ifdef USE_LIBDNS
 /* Libdns gobal data.  */
 struct
 {
@ -120,7 +126,7 @@ struct

  struct sockaddr_storage socks_host;
 } libdns;
-
+#endif /*USE_LIBDNS*/

 /* Calling this function with YES set to True forces the use of the
 * standard resolver even if dirmngr has been built with support for
@ -140,6 +146,27 @@ standard_resolver_p (void)
 }


+/* Calling this function with YES switches libdns into recursive mode.
+ * It has no effect on the standard resolver.  */
+void
+enable_recursive_resolver (int yes)
+{
+  recursive_resolver = yes;
+}
+
+
+/* Return true iff the recursive resolver is used.  */
+int
+recursive_resolver_p (void)
+{
+#if USE_LIBDNS
+  return !standard_resolver && recursive_resolver;
+#else
+  return 0;
+#endif
+}
+
+
 /* Sets the module in Tor mode.  Returns 0 is this is possible or an
   error code.  */
 gpg_error_t
@ -233,6 +260,7 @@ map_eai_to_gpg_error (int ec)
 }


+#ifdef USE_LIBDNS
 static gpg_error_t
 libdns_error_to_gpg_error (int serr)
 {
@ -266,8 +294,10 @@ libdns_error_to_gpg_error (int serr)
    }
  return gpg_error (ec);
 }
+#endif /*USE_LIBDNS*/


+#ifdef USE_LIBDNS
 static gpg_error_t
 libdns_init (void)
 {
@ -297,7 +327,9 @@ libdns_init (void)
    goto leave;

  /* dns_hints_local for stub mode, dns_hints_root for recursive.  */
-  libdns.hints = dns_hints_local (libdns.resolv_conf, &error);
+  libdns.hints = (recursive_resolver
+                  ? dns_hints_root  (libdns.resolv_conf, &error)
+                  : dns_hints_local (libdns.resolv_conf, &error));
  if (! libdns.hints)
    goto leave;

@ -305,8 +337,10 @@ libdns_init (void)
 leave:
  return libdns_error_to_gpg_error (error);
 }
+#endif /*USE_LIBDNS*/


+#ifdef USE_LIBDNS
 static gpg_error_t
 resolve_name_libdns (const char *name, unsigned short port,
                     int want_family, int want_socktype,
@ -431,6 +465,7 @@ resolve_name_libdns (const char *name, unsigned short port,

  return err;
 }
+#endif /*USE_LIBDNS*/


 /* Resolve a name using the standard system function.  */
@ -615,9 +650,11 @@ resolve_dns_name (const char *name, unsigned short port,
                  int want_family, int want_socktype,
                  dns_addrinfo_t *r_ai, char **r_canonname)
 {
+#ifdef USE_LIBDNS
  if (!standard_resolver)
    return resolve_name_libdns (name, port, want_family, want_socktype,
                                r_ai, r_canonname);
+#endif /*USE_LIBDNS*/

  return resolve_name_standard (name, port, want_family, want_socktype,
                                r_ai, r_canonname);
@ -714,6 +751,7 @@ is_onion_address (const char *name)


 /* libdns version of get_dns_cert.  */
+#ifdef USE_LIBDNS
 static gpg_error_t
 get_dns_cert_libdns (const char *name, int want_certtype,
                     void **r_key, size_t *r_keylen,
@ -726,7 +764,6 @@ get_dns_cert_libdns (const char *name, int want_certtype,
  struct dns_rr_i rri;
  char host[DNS_D_MAXNAME + 1];
  int derr;
-  int srvcount = 0;
  int qtype;

  /* Gte the query type from WANT_CERTTYPE (which in general indicates
@ -907,6 +944,7 @@ get_dns_cert_libdns (const char *name, int want_certtype,
  dns_res_close (res);
  return err;
 }
+#endif /*USE_LIBDNS*/


 /* Standard resolver version of get_dns_cert.  */
@ -1135,9 +1173,11 @@ get_dns_cert (const char *name, int want_certtype,
  *r_fprlen = 0;
  *r_url = NULL;

+#ifdef USE_LIBDNS
  if (!standard_resolver)
    return get_dns_cert_libdns (name, want_certtype, r_key, r_keylen,
                                r_fpr, r_fprlen, r_url);
+#endif /*USE_LIBDNS*/

  return get_dns_cert_standard (name, want_certtype, r_key, r_keylen,
                                r_fpr, r_fprlen, r_url);
@ -1160,6 +1200,7 @@ priosort(const void *a,const void *b)
 /* Libdns based helper for getsrv.  Note that it is expected that NULL
 * is stored at the address of LIST and 0 is stored at the address of
 * R_COUNT.  */
+#ifdef USE_LIBDNS
 static gpg_error_t
 getsrv_libdns (const char *name, struct srventry **list, int *r_count)
 {
@ -1274,6 +1315,7 @@ getsrv_libdns (const char *name, struct srventry **list, int *r_count)
  dns_res_close (res);
  return err;
 }
+#endif /*USE_LIBDNS*/


 /* Standard resolver based helper for getsrv.  Note that it is
@ -1412,9 +1454,11 @@ getsrv (const char *name, struct srventry **list)

  *list = NULL;
  srvcount = 0;
+#ifdef USE_LIBDNS
  if (!standard_resolver)
    err = getsrv_libdns (name, list, &srvcount);
  else
+#endif /*USE_LIBDNS*/
    err = getsrv_standard (name, list, &srvcount);

  if (err)
@ -1498,6 +1542,7 @@ getsrv (const char *name, struct srventry **list)



+#ifdef USE_LIBDNS
 /* libdns version of get_dns_cname.  */
 gpg_error_t
 get_dns_cname_libdns (const char *name, char **r_cname)
@ -1505,7 +1550,6 @@ get_dns_cname_libdns (const char *name, char **r_cname)
  gpg_error_t err;
  struct dns_resolver *res = NULL;
  struct dns_packet *ans = NULL;
-  struct dns_rr rr;
  struct dns_cname cname;
  int derr;

@ -1582,6 +1626,7 @@ get_dns_cname_libdns (const char *name, char **r_cname)
  dns_res_close (res);
  return err;
 }
+#endif /*USE_LIBDNS*/


 /* Standard resolver version of get_dns_cname.  */
@ -1673,8 +1718,10 @@ get_dns_cname (const char *name, char **r_cname)
 {
  *r_cname = NULL;

+#ifdef USE_LIBDNS
  if (!standard_resolver)
    return get_dns_cname_libdns (name, r_cname);
+#endif /*USE_LIBDNS*/

  return get_dns_cname_standard (name, r_cname);
 }
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@ -100,6 +100,13 @@ void enable_standard_resolver (int yes);
 /* Return true if the standard resolver is used.  */
 int standard_resolver_p (void);

+/* Calling this function with YES switches libdns into recursive mode.
+ * It has no effect on the standard resolver.  */
+void enable_recursive_resolver (int yes);
+
+/* Return true iff the recursive resolver is used.  */
+int recursive_resolver_p (void);
+
 /* Calling this function switches the DNS code into Tor mode if
   possibe.  Return 0 on success.  */
 gpg_error_t enable_dns_tormode (int new_circuit);
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@ -2314,7 +2314,13 @@ cmd_getinfo (assuan_context_t ctx, char *line)
          (ctx, "- Forced use of System resolver (w/o Tor support)");
      else
        {
+#ifdef USE_LIBDNS
+          assuan_set_okay_line (ctx, (recursive_resolver_p ()
+                                      ? "- Libdns recursive resolver"
+                                      : "- Libdns stub resolver"));
+#else
          assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)");
+#endif
        }
      err = 0;
    }
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@ -102,6 +102,11 @@ main (int argc, char **argv)
          enable_standard_resolver (1);
          argc--; argv++;
        }
+      else if (!strcmp (*argv, "--recursive-resolver"))
+        {
+          enable_recursive_resolver (1);
+          argc--; argv++;
+        }
      else if (!strcmp (*argv, "--bracket"))
        {
          opt_bracket = 1;
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@ -251,6 +251,10 @@ This is mainly used for debugging.  Note that on Windows a standard
 resolver is not used and all DNS access will return the error ``Not
 Implemented'' if this function is used.

+@item --recursive-resolver
+@opindex recursive-resolver
+When possible use a recursive resolver instead of a stub resolver.
+
@item --allow-version-check
@opindex allow-version-check
 Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get