From d34a2bb410c7c770d26430d69ff77bd83fc407f1 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 14 Dec 2016 15:36:25 +0100 Subject: [PATCH] dirmngr: New configure option --disable-libdns. * configure.ac: Add option --disable-libdns (USE_LIBDNS): New ac_subst and am_conditional. (USE_C99_CFLAGS): Set only if libdns is used. * dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ... (dirmngr_SOURCES) [USE_LIBDNS0: here. (t_common_src): Ditto. * dirmngr/dirmngr.c (oRecursiveResolver): New constant. (opts): New option "--recursive-resolver". (parse_rereadable_options): Set option. * dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver. * dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the new variables. * dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined. Also build and call dnslib functions only if USE_DNSLIB is defined. (recursive_resolver): New var. (enable_recursive_resolver): New func. (recursive_resolver_p): New func. -- In case users run into problems building GnuPG, the configure option allows to disable that support and continue w/o Tor support using the system resolver. --recursive-resolver was easy enough to implement and may be useful in some situation. It does not fully work, though. Signed-off-by: Werner Koch --- README | 10 ++++++++ configure.ac | 26 +++++++++++++++++--- dirmngr/Makefile.am | 10 ++++++-- dirmngr/dirmngr.c | 3 +++ dirmngr/dns-stuff.c | 57 +++++++++++++++++++++++++++++++++++++++---- dirmngr/dns-stuff.h | 7 ++++++ dirmngr/server.c | 6 +++++ dirmngr/t-dns-stuff.c | 5 ++++ doc/dirmngr.texi | 4 +++ 9 files changed, 117 insertions(+), 11 deletions(-) diff --git a/README b/README index c8b166b27..322d36659 100644 --- a/README +++ b/README @@ -117,6 +117,16 @@ Add other options as needed. +*** Systems without a full C99 compiler + + If you run into problems with our compiler complaining about dns.c + you may use + + ./configure --disable-libdns + + Add other options as needed. + + * MIGRATION from 1.4 or 2.0 to 2.1 The major change in 2.1 is gpg-agent taking care of the OpenPGP diff --git a/configure.ac b/configure.ac index ea0abbb1d..066e9638c 100644 --- a/configure.ac +++ b/configure.ac @@ -110,6 +110,7 @@ use_bzip2=yes use_exec=yes use_trust_models=yes use_tofu=yes +use_libdns=yes card_support=yes use_ccid_driver=auto dirmngr_auto_start=yes @@ -269,6 +270,16 @@ if test "$use_trust_models" = no && test "$use_tofu" = yes; then AC_MSG_ERROR([both --disable-trust-models and --enable-tofu given]) fi +AC_MSG_CHECKING([whether to enable libdns]) +AC_ARG_ENABLE(libdns, + AC_HELP_STRING([--disable-libdns], + [do not build with libdns support]), + use_libdns=$enableval, use_libdns=yes) +AC_MSG_RESULT($use_libdns) +if test x"$use_libdns" = xyes ; then + AC_DEFINE(USE_LIBDNS, 1, [Build with integrated libdns support]) +fi +AM_CONDITIONAL(USE_LIBDNS, test "$use_libdns" = yes) # @@ -1063,13 +1074,18 @@ if test "$build_dirmngr" = "yes"; then if test x"$need_compat" = xyes ; then AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism]) fi + if test "$use_libdns" = yes; then + show_tor_support=yes + fi + elif test "$use_libdns" = yes; then + show_tor_support=yes else AC_MSG_WARN([[ *** *** The system's DNS resolver is not usable. *** Dirmngr functionality is limited. ***]]) - show_tor_support="${show_tor_support} (no system resolver)" + show_tor_support="${show_tor_support} (no system resolver)" fi LIBS=$_dns_save_libs @@ -1510,6 +1526,7 @@ AC_SUBST(W32SOCKLIBS) # # Setup gcc specific options # +USE_C99_CFLAGS= AC_MSG_NOTICE([checking for cc features]) if test "$GCC" = yes; then mycflags= @@ -1577,9 +1594,10 @@ if test "$GCC" = yes; then fi CFLAGS="$mycflags $mycflags_save" - USE_C99_CFLAGS="-std=gnu99" -else - USE_C99_CFLAGS= + if test "$use_libdns" = yes; then + # dirmngr/dns.{c,h} require C99 and GNU extensions. */ + USE_C99_CFLAGS="-std=gnu99" + fi fi AC_SUBST(USE_C99_CFLAGS) diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index f18786b8d..d3f89bcef 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -60,12 +60,15 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ loadswdb.c \ cdb.h cdblib.c misc.c dirmngr-err.h \ ocsp.c ocsp.h validate.c validate.h \ - dns.c dns.h \ dns-stuff.c dns-stuff.h \ http.c http.h \ ks-action.c ks-action.h ks-engine.h \ ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c +if USE_LIBDNS +dirmngr_SOURCES += dns.c dns.h +endif + if USE_LDAP dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \ ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \ @@ -104,7 +107,10 @@ dirmngr_client_LDADD = $(libcommon) \ dirmngr_client_LDFLAGS = $(extra_bin_ldflags) -t_common_src = t-support.h dns.c dns.h +t_common_src = t-support.h +if USE_LIBDNS +t_common_src += dns.c dns.h +endif t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \ $(GPG_ERROR_LIBS) $(NETLIBS) \ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \ diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index c26a46895..a11832746 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -141,6 +141,7 @@ enum cmd_and_opt_values { oNameServer, oDisableCheckOwnSocket, oStandardResolver, + oRecursiveResolver, aTest }; @@ -238,6 +239,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy", "@"), ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"), ARGPARSE_s_n (oStandardResolver, "standard-resolver", "@"), + ARGPARSE_s_n (oRecursiveResolver, "recursive-resolver", "@"), ARGPARSE_group (302,N_("@\n(See the \"info\" manual for a complete listing " "of all commands and options)\n")), @@ -621,6 +623,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oUseTor: opt.use_tor = 1; break; case oStandardResolver: enable_standard_resolver (1); break; + case oRecursiveResolver: enable_recursive_resolver (1); break; case oKeyServer: if (*pargs->r.ret_str) diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 0d069a365..8d5d1680b 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -47,7 +47,9 @@ #include /* William Ahern's DNS library, included as a source copy. */ -#include "dns.h" +#ifdef USE_LIBDNS +# include "dns.h" +#endif /* dns.c has a dns_p_free but it is not exported. We use our own * wrapper here so that we do not accidentally use xfree which would @@ -101,6 +103,9 @@ /* If set force the use of the standard resolver. */ static int standard_resolver; +/* If set use recursive resolver when available. */ +static int recursive_resolver; + /* If set Tor mode shall be used. */ static int tor_mode; @@ -111,6 +116,7 @@ static char tor_nameserver[40+20]; /* A string to hold the credentials presented to Tor. */ static char tor_credentials[50]; +#ifdef USE_LIBDNS /* Libdns gobal data. */ struct { @@ -120,7 +126,7 @@ struct struct sockaddr_storage socks_host; } libdns; - +#endif /*USE_LIBDNS*/ /* Calling this function with YES set to True forces the use of the * standard resolver even if dirmngr has been built with support for @@ -140,6 +146,27 @@ standard_resolver_p (void) } +/* Calling this function with YES switches libdns into recursive mode. + * It has no effect on the standard resolver. */ +void +enable_recursive_resolver (int yes) +{ + recursive_resolver = yes; +} + + +/* Return true iff the recursive resolver is used. */ +int +recursive_resolver_p (void) +{ +#if USE_LIBDNS + return !standard_resolver && recursive_resolver; +#else + return 0; +#endif +} + + /* Sets the module in Tor mode. Returns 0 is this is possible or an error code. */ gpg_error_t @@ -233,6 +260,7 @@ map_eai_to_gpg_error (int ec) } +#ifdef USE_LIBDNS static gpg_error_t libdns_error_to_gpg_error (int serr) { @@ -266,8 +294,10 @@ libdns_error_to_gpg_error (int serr) } return gpg_error (ec); } +#endif /*USE_LIBDNS*/ +#ifdef USE_LIBDNS static gpg_error_t libdns_init (void) { @@ -297,7 +327,9 @@ libdns_init (void) goto leave; /* dns_hints_local for stub mode, dns_hints_root for recursive. */ - libdns.hints = dns_hints_local (libdns.resolv_conf, &error); + libdns.hints = (recursive_resolver + ? dns_hints_root (libdns.resolv_conf, &error) + : dns_hints_local (libdns.resolv_conf, &error)); if (! libdns.hints) goto leave; @@ -305,8 +337,10 @@ libdns_init (void) leave: return libdns_error_to_gpg_error (error); } +#endif /*USE_LIBDNS*/ +#ifdef USE_LIBDNS static gpg_error_t resolve_name_libdns (const char *name, unsigned short port, int want_family, int want_socktype, @@ -431,6 +465,7 @@ resolve_name_libdns (const char *name, unsigned short port, return err; } +#endif /*USE_LIBDNS*/ /* Resolve a name using the standard system function. */ @@ -615,9 +650,11 @@ resolve_dns_name (const char *name, unsigned short port, int want_family, int want_socktype, dns_addrinfo_t *r_ai, char **r_canonname) { +#ifdef USE_LIBDNS if (!standard_resolver) return resolve_name_libdns (name, port, want_family, want_socktype, r_ai, r_canonname); +#endif /*USE_LIBDNS*/ return resolve_name_standard (name, port, want_family, want_socktype, r_ai, r_canonname); @@ -714,6 +751,7 @@ is_onion_address (const char *name) /* libdns version of get_dns_cert. */ +#ifdef USE_LIBDNS static gpg_error_t get_dns_cert_libdns (const char *name, int want_certtype, void **r_key, size_t *r_keylen, @@ -726,7 +764,6 @@ get_dns_cert_libdns (const char *name, int want_certtype, struct dns_rr_i rri; char host[DNS_D_MAXNAME + 1]; int derr; - int srvcount = 0; int qtype; /* Gte the query type from WANT_CERTTYPE (which in general indicates @@ -907,6 +944,7 @@ get_dns_cert_libdns (const char *name, int want_certtype, dns_res_close (res); return err; } +#endif /*USE_LIBDNS*/ /* Standard resolver version of get_dns_cert. */ @@ -1135,9 +1173,11 @@ get_dns_cert (const char *name, int want_certtype, *r_fprlen = 0; *r_url = NULL; +#ifdef USE_LIBDNS if (!standard_resolver) return get_dns_cert_libdns (name, want_certtype, r_key, r_keylen, r_fpr, r_fprlen, r_url); +#endif /*USE_LIBDNS*/ return get_dns_cert_standard (name, want_certtype, r_key, r_keylen, r_fpr, r_fprlen, r_url); @@ -1160,6 +1200,7 @@ priosort(const void *a,const void *b) /* Libdns based helper for getsrv. Note that it is expected that NULL * is stored at the address of LIST and 0 is stored at the address of * R_COUNT. */ +#ifdef USE_LIBDNS static gpg_error_t getsrv_libdns (const char *name, struct srventry **list, int *r_count) { @@ -1274,6 +1315,7 @@ getsrv_libdns (const char *name, struct srventry **list, int *r_count) dns_res_close (res); return err; } +#endif /*USE_LIBDNS*/ /* Standard resolver based helper for getsrv. Note that it is @@ -1412,9 +1454,11 @@ getsrv (const char *name, struct srventry **list) *list = NULL; srvcount = 0; +#ifdef USE_LIBDNS if (!standard_resolver) err = getsrv_libdns (name, list, &srvcount); else +#endif /*USE_LIBDNS*/ err = getsrv_standard (name, list, &srvcount); if (err) @@ -1498,6 +1542,7 @@ getsrv (const char *name, struct srventry **list) +#ifdef USE_LIBDNS /* libdns version of get_dns_cname. */ gpg_error_t get_dns_cname_libdns (const char *name, char **r_cname) @@ -1505,7 +1550,6 @@ get_dns_cname_libdns (const char *name, char **r_cname) gpg_error_t err; struct dns_resolver *res = NULL; struct dns_packet *ans = NULL; - struct dns_rr rr; struct dns_cname cname; int derr; @@ -1582,6 +1626,7 @@ get_dns_cname_libdns (const char *name, char **r_cname) dns_res_close (res); return err; } +#endif /*USE_LIBDNS*/ /* Standard resolver version of get_dns_cname. */ @@ -1673,8 +1718,10 @@ get_dns_cname (const char *name, char **r_cname) { *r_cname = NULL; +#ifdef USE_LIBDNS if (!standard_resolver) return get_dns_cname_libdns (name, r_cname); +#endif /*USE_LIBDNS*/ return get_dns_cname_standard (name, r_cname); } diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h index c3c094611..20a4b41ef 100644 --- a/dirmngr/dns-stuff.h +++ b/dirmngr/dns-stuff.h @@ -100,6 +100,13 @@ void enable_standard_resolver (int yes); /* Return true if the standard resolver is used. */ int standard_resolver_p (void); +/* Calling this function with YES switches libdns into recursive mode. + * It has no effect on the standard resolver. */ +void enable_recursive_resolver (int yes); + +/* Return true iff the recursive resolver is used. */ +int recursive_resolver_p (void); + /* Calling this function switches the DNS code into Tor mode if possibe. Return 0 on success. */ gpg_error_t enable_dns_tormode (int new_circuit); diff --git a/dirmngr/server.c b/dirmngr/server.c index 3e66868e7..a785238dc 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2314,7 +2314,13 @@ cmd_getinfo (assuan_context_t ctx, char *line) (ctx, "- Forced use of System resolver (w/o Tor support)"); else { +#ifdef USE_LIBDNS + assuan_set_okay_line (ctx, (recursive_resolver_p () + ? "- Libdns recursive resolver" + : "- Libdns stub resolver")); +#else assuan_set_okay_line (ctx, "- System resolver (w/o Tor support)"); +#endif } err = 0; } diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c index 8d2cba6f3..224e9484d 100644 --- a/dirmngr/t-dns-stuff.c +++ b/dirmngr/t-dns-stuff.c @@ -102,6 +102,11 @@ main (int argc, char **argv) enable_standard_resolver (1); argc--; argv++; } + else if (!strcmp (*argv, "--recursive-resolver")) + { + enable_recursive_resolver (1); + argc--; argv++; + } else if (!strcmp (*argv, "--bracket")) { opt_bracket = 1; diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 8f0cf5494..94ef35dd1 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -251,6 +251,10 @@ This is mainly used for debugging. Note that on Windows a standard resolver is not used and all DNS access will return the error ``Not Implemented'' if this function is used. +@item --recursive-resolver +@opindex recursive-resolver +When possible use a recursive resolver instead of a stub resolver. + @item --allow-version-check @opindex allow-version-check Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get