* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
iterate to other server, but return the error immediately.
--
Cherry picked from master commit:
1aacd12471
In the function libdns_switch_port_p in dns-stuff.c, this patch
allows to fallback using TOR_PORT2 correctly.
Fixes-commit: bcdbf8b8eb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
(dns_socket): Don't select ephemeral port in user space.
--
Cherry picked from master commit:
861f1da073
There is no good reason to bind local port aggressively. It might be
some reason to do so, then, a user can specify it in /etc/resolv.conf
by the second argument of "interface" directive.
At least, it causes a problem on Windows. Binding a specified port in
user space can trigger the Firewall dialog on Windows. Since it can
be considered valid question, it is better not to bind with an
ephemeral port which is selected in user space, by default.
GnuPG-bug-id: 3610
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c (dns_so_check): When EINVAL, release the association
by connect with AF_UNSPEC and try again. Also try again for
ECONNREFUSED.
(dns_res_exec): Try next nameserver when ECONNREFUSED.
--
Cherry pick from master commit:
bcdbf8b8eb
GnuPG-bug-id: T3374
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c (dns_resconf_pton): Clear SS.
(dns_resconf_setiface): Clear ->IFACE.
(dns_hints_root, send_query): Clear SS.
--
Cherry pick from master commit:
1c0b6681e4
POSIX requires clear the structure of struct sockaddr_in6. On macOS,
in some case like bind, it is better to clear even for struct
sockaddr_in.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.
--
Cherry pick from master commit:
5b40338f12
To reproduce an error, run:
./t-dns-stuff --debug --recursive-resolver www.gnupg.org
Then, it returns "No name" error. That's because there was only setup
for root servers, and no setup for recursive query in fact.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
(ldap_reaper_thread): Protect all list modification with a mutex. Use
a condition var to wake up the reaper thread.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--
Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows. Our long term use of the old Window CE wrapper
thing didn't fixed this either. The new code uses the portable
es_poll function and thus code which is tested at several other
places. It Should(tm) fix the Windows issues.
GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr_ldap.c: Remove assert.h.
(main): Replace assert by log_assert.
* dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
verbose options to dirmngr_ldap.
(start_cert_fetch_ldap): Ditto.
--
verbose is a pretty common option in dirmngr.conf and it would clutter
the logs with output from dirmngr_ldap. Now we require DBG_EXTPROG
or DBG_LOOKUP to make dirmngr_ldap more verbose.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
(INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
for development.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
* dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
--
For a description of the problem see the comment in
make_keyserver_item.
GnuPG-bug-id: 3755
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--
We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
(KS_HTTP_FETCH_TRUST_CFG): Ditto.
(KS_HTTP_FETCH_NO_CRL): Ditto.
(KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
and extra_http_trust_flags by a new flags arg. Allow redirectiong
from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
* dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
* dirmngr/ks-action.c (ks_action_get): Ditto.
(ks_action_fetch): Ditto.
* dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
* dirmngr/http.c (http_register_cfg_ca): New.
(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
* dirmngr/certcache.c (load_certs_from_dir): Call new function.
(cert_cache_deinit): Ditto.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
'send_no_cache' and 'extra_http_trust_flags'. Change all callers to
provide the default value.
* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
ks_http_fetch.
--
The old code simply did not use https for downloading of CRLS.
Instead it rewrote https to http under the assumption that the CRL
service was also available without encryption. Note that a CRL is
self-standing and thus it does not need to have extra authenticity as
provided by TLS. These days we should not use any unencrypted content
and thus this patch.
Be aware that cacert.org give a https CRL DP but that currently
redirects to to http! This is a downgrade attack which we detect and
don't allow. The outcome is that it is right now not possible to use
CAcert certificates.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
OCSP checkibng. Fallback to CRL if no default OCSP responder has been
configured.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
file in binary mode.
--
CRLs on Windows would have line ending entries converted. This
did not cause problems in a surprising amount of cases but
can lead to unexpected and random parse / read errors. Especially
with large CRLs like cacert.
This bug has been around since 2004.
GnuPG-Bug-Id: T3923
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--
It is sometimes helpful to be able to inspect certain envvars in a
running agent. For example "http_proxy".
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
error codes.
--
Handle the two possible connect failures related to missing IPv6 support
gracefully by marking the host dead and retrying with another one.
If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
This makes it possible to use dual-stack hkp servers on hosts not having
IPv6 without random connection failures.
GnuPG-bug-id: 3331
--
The above description seems to be for Linux, so it is possible that
other systems might behave different. However, it is worth to try
this patch.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--
This fixes a potential overflow if LFs are passed to the status
string functions. This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing. In any case the functions need to be more robust and
comply to the promised interface. Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.
For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.
Reported-by: private_pers
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--
GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/domaininfo.c (insert_or_update): Copy the name.
* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
* dirmngr/server.c (set_error): Protect CTX.
(dirmngr_status): Protect against missing ASSUAN_CTX.
(dirmngr_status_help): Ditto.
(dirmngr_status_printf): Ditto.
(cmd_wkd_get): Factor code out to ...
(proc_wkd_get): new func. Support silent operation with no CTX.
(task_check_wkd_support): New.
--
This finalizes the feature to efficiently cache WKD checks. If a
standard WKD query returns no data, we queue a test to be run after
the end of the session (so that we do not delay the calling client).
This check tests whether the server responsible for the queried
address has WKD at all enabled. The test is done by checking whether
the "policy" file exists. We do not check the "submission-address"
file because that is not necessary for the web key operation. The
policy file is now required.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d4e2302d8f)
* dirmngr/workqueue.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
* dirmngr/server.c (server_local_s): New field session_id.
(cmd_wkd_get): Add a task.
(task_check_wkd_support): New stub function.
(cmd_getinfo): New sub-commands "session_id" and "workqueue".
(start_command_handler): Add arg session_id and store it in
SERVER_LOCAL.
(dirmngr_status_helpf): New.
* dirmngr/dirmngr.h (wqtask_t): New type.
* dirmngr/dirmngr.c (main): Pass 0 as session_id to
start_command_handler.
(start_connection_thread): Introduce a session_id and pass it to
start_command_handler. Run post session tasks.
(housekeeping_thread): Run global workqueue tasks.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96a4fbecd1)
* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
(insert_or_update): Limit the length of a bucket chain.
(domaininfo_print_stats): Print just one summary line.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 26f08343fb)
* dirmngr/domaininfo.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
known and tell domaininfo about the results.
--
This adds a registry for domain information to eventually avoid
useless queries for domains which do not support WKD. The missing
part is a background task to check whether a queried domain supports
WKD at all and to expire old entries.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 65038e6852)
* dirmngr/crlcache.c: Clearly document that this fucntions takes
ownership of MD.
(abort_sig_check): Allow NULL for MD.
(crl_parse_insert): Immediately set MD to NULL. Remove check for md
before a calling abort_sig_check.
--
GnuPG-bug-id: 3510
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
a https URI to a http URI.
--
GnuPG-bug-id: 3436
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* dirmngr/certcache.c (any_cert_of_class): New var.
(put_cert): Set it.
(cert_cache_deinit): Clear it.
(cert_cache_any_in_class): New func.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to
override empty list of HKP certs.
--
This patch carries the changes for GNUTLS from commit
7c1613d415 over to NTBTLS. NTBTLS works
quite different and thus we need to do it this way.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (have_homedir_inotify): New var.
(reliable_homedir_inotify): New var.
(main): Set reliable_homedir_inotify.
(handle_tick): Call stat on the homedir.
(handle_connections): Mark availibility of the inotify watch.
* dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
(TIMERTICK_INTERVAL_SHUTDOWN): New.
(handle_connections): Depend tick interval on the shutdown state.
--
The stat call is used on systems which do not support inotify and also
when we assume that the inotify does not work reliable.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--
Note that only dirmngr did not call the chdir with --no-detach. thus
we kept it this way.
Tested gpg-agent by checking the properties shown by procexp.
Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_wkd_get): Print a SOURCE status.
--
This status allows to see whether the the WKD requests has been
resolved from the standard address or from a SRV record derived one.
We return only host and port and not the .well-known suffix because
that is obvious. HTTP redirects are not taken in account because they
may chnage at any time due to load balancing etc and not relevant for
gpg which may use the URL to detect changes in the WKD results.
For example my current setup returns
S SOURCE https://wkd.gnupg.org
for wk@gnupg.org. Without a SRV record
S SOURCE https://gnupg.org
would have been returned.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2670
* dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD)
(DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined
to be expanded for expression evaluation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/http.c (send_request): If a http proxy is to be used, and we
want to use TLS, try to use the CONNECT method to get a connection to
the target server.
GnuPG-bug-id: 2940
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
write cookie, not from the URI.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
the target host to connect to the http proxy.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
* dirmngr/http.h (struct parsed_uri_s): New field 'original'.
* dirmngr/ks-action.c (ks_action_get): Properly handle http and https
URLs.
--
If a key has a http or https URL as preferred keyserver, fetch the key
from there. Previously, dirmngr unconditionally interpreted these
URLs as hkp servers.
GnuPG-bug-id: 2924
Signed-off-by: Justus Winter <justus@g10code.com>
--
This double license note was accidentally added while only wanting to
add another copyright line.
Fixes-commit: 3419a339d9
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (enum ks_protocol): New type.
(struct hostinfo_s): New flags indicating whether we already did a
A lookup, or a SRV lookup per protocol. Turn 'port' into an array.
(create_new_hostinfo): Initialize new fields.
(add_host): Update the port for the given protocol.
(map_host): Simplify hosttable lookup misses. Check the SRV records
for both protocols on demand, do the A lookup just once. Return the
correct port.
--
Previously, if a host had both a SRV record for hkp and hkps, the
wrong port was used for the protocol that was used second, because the
hostinfo did not store a port per protocol, and the hosttable does not
discriminate between hosts using the protocol.
Fix this by querying the SRV records on demand, storing a port per
protocol, and returning the right port.
GnuPG-bug-id: 3033
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): Add explicit length and
size fields.
(MAX_POOL_SIZE): New macro.
(create_new_hostinfo): Initialize new fields.
(host_in_pool_p): Adapt.
(select_random_host): Likewise.
(add_host): Likewise. Move the resizing logic here.
(hostinfo_sort_pool): New function.
(map_host): Simplify. Move the resizing logic away from here.
(ks_hkp_mark_host): Adapt.
(ks_hkp_print_hosttable): Likewise.
--
The current code assumes that the pool array is only filled when the
hostinfo object is created. This patch removes that limitation.
GnuPG-bug-id: 3033
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family
mismatch.
(enum dns_res_state): New states for querying over IPv6.
(dns_res_exec): Implement the new states by copying and modifying the
IPv4 variants. Branch to their respective counterparts if the current
list of resolvers using the current address family is exhausted.
--
This allows dirmngr to resolve names on systems where the nameservers
are only reachable via IPv6.
GnuPG-bug-id: 2990
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
enums.
(opts): New options --connect-timeout and --connect-quick-timeout.
(DEFAULT_CONNECT_TIMEOUT): New.
(DEFAULT_CONNECT_QUICK_TIMEOUT): New.
(parse_rereadable_options): Handle new options.
(post_option_parsing): New. Use instead of direct calls to
set_debug() and set_tor_mode ().
(main): Setup default timeouts.
(dirmngr_init_default_ctrl): Set standard connect timeout.
* dirmngr/dirmngr.h (opt): New fields connect_timeout and
connect_quick_timeout.
(server_control_s): New field timeout.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
http_raw_connect.
* dirmngr/ks-engine-hkp.c (send_request): Call
http_session_set_timeout.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
(cmd_ks_fetch): Implement --quick option.
--
The standard connect timeouts are way to long so we add a timeout to
the connect calls. Also implement the --quick option which is already
used by gpg for non-important requests (e.g. looking up a key for
verification).
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c: Include fcntl.h.
(http_session_s): Add field 'connect_timeout'.
(http_session_new): Clear that.
(http_session_set_timeout): New function.
(my_wsagetlasterror) [W32]: New.
(connect_with_timeout): New function.
(connect_server): Add arg 'timeout' and call connect_with_timeout.
(send_request): Add arg 'timeout' and pass it to connect_server.
(http_raw_connect): Add arg 'timeout'.
(http_open): Pass TIMEOUT from the session to connect_server.
--
Note that the non-blocking connect we implement is traditional a
pretty non-portable thing due to slighly different semantics. The
code uses the strategy W. Richard Stevens suggested in 1998.
Hopefully current OS versions got it all right.
The code has not been tested on Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c: Include sys/stat.h.
(RESOLV_CONF_NAME): New macro to replace a string.
(resolv_conf_changed_p): New.
(libdns_init): Call new function
(libdns_res_open): Ditto.
--
Don't panic. This is a simple change
Suggested-by: Stefan Bühler <stbuehler@web.de>
to avoid complicated if-up.d hooks to reload resolv.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
Summary:
* dirmngr/ldap-wrapper-ce.c (outstream_cookie_s): Add buffer_read_pos.
(buffer_get_data): Use seperate read pos.
--
Using a single buffer pos for reading and writing caused the read
to return 0 as it read from the end of the buffer. Now we use
a seperate reader position.
Differential: D427
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* dirmngr/http.c (read_server, write_server): Use assuan_fd_t.
(http_wait_response): Use FD2INT to get unsigned integer fd.
(read_server, write_server): Likewise.
(simple_cookie_read, simple_cookie_write): Use assuan_fd_t.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only
valid with HTTP_USE_NTBTLS.
(_my_socket_new): Simply cast to int since it's for debug.
(_my_socket_ref, _my_socket_unref): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns-stuff.c (T_CERT): Define our own.
--
T_CERT may be defined by another enum type even if the value is same.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns-stuff.c: Don't include arpa/nameser.h.
--
It is not needed at all. T_CERT may be defined by different type of
ns_type.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c (plus1_ns): New.
(dns_p_push): Use it.
--
On OpenBSD, htons and ntohs are expanded to GCC's statement
expressions where local variable is allowed. Consecutive use
of htons and ntohs causes problem of variable name.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a
missing /etc/hosts.
--
My last comment on this was flawed. Windows seems to always have its
version of /etc/hosts. Only the en passant fixed bad escaping led me
assume that this was the case. Thanks to Andre for complaining about
my comment remark.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (libdns_init): Do not bail out.
--
A standard Windows installation does not have a hosts file and thus we
can't bail out here. We should also not bail out on a Unix system
because /etc/hosts is just one method in nsswitch.conf.
Fixes-commit: 88f1505f06
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into
libdns.
--
Previously, connecting to key servers specified in /etc/hosts was not
possible because libdns' hosts structure was initialized, but not
filled with the content of the hosts file.
GnuPG-bug-id: 2977
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not
using ntbtls.
--
Without this patch, when building without ntbtls, we see the following
warnings during "make check":
t-http.c: In function ‘my_http_tls_verify_cb’:
t-http.c:141:16: warning: implicit declaration of function
‘ntbtls_x509_get_peer_cert’ [-Wimplicit-function-declaration]
(cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++)
^~~~~~~~~~~~~~~~~~~~~~~~~
t-http.c:141:14: warning: assignment makes pointer from integer
without a cast -Wint-conversion]
(cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++)
^
At top level:
t-http.c:123:1: warning: ‘my_http_tls_verify_cb’ defined but not
used [-Wunused-function]
my_http_tls_verify_cb (void *opaque,
^~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros.
* dirmngr/dirmngr.c (debug_flags): Add flag "extprog".
(handle_connections): Use a macro instead of -1 for an invalid socket.
* dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove
(VALIDATE_FLAG_EXTRATRUST): Remove
(VALIDATE_FLAG_TRUST_SYSTEM): New.
(VALIDATE_FLAG_TRUST_CONFIG): New.
(VALIDATE_FLAG_TRUST_HKP): New.
(VALIDATE_FLAG_TRUST_HKPSPOOL): New.
(VALIDATE_FLAG_MASK_TRUST): New.
* dirmngr/validate.c (check_header_constants): New.
(validate_cert_chain): Call new function. Simplify call to
is_trusted_cert.
* dirmngr/crlcache.c (crl_parse_insert): Pass
VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain
* dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and
VALIDATE_FLAG_TRUST_CONFIG.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS
context. Set trustclass flags using the new VALIDATE_FLAG_TRUST
values.
* dirmngr/certcache.c (cert_cache_init): Load the standard pool
certificate prior to the --hkp-cacerts.
--
Note that this changes the way the standard cert is used: We require
that it is installed at /usr/share/gnupg and we do not allow to change
it. If this is not desired, the the standard cert can be removed or
replaced by a newer one.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (hkp_cacert_filenames): New var.
(parse_rereadable_options): Store filenames from --hkp-cacert in the
new var.
(main, dirmngr_sighup_action): Pass that var to cert_cache_init.
* dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load
those certs.
(load_certs_from_file): Use autodetect so that PEM and DER encodings
are possible.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/certcache.c (load_certs_from_file): Always build this
function. Add args 'trustclasses' and 'no_error'. Pass TRUSTCLASSES
to put_cert.
(load_certs_from_system): Pass CERTTRUST_CLASS_SYSTEM to
load_certs_from_file.
(cert_cache_init): Try to load "sks-keyservers.netCA.pem". Don't make
function fail in an out-of-core condition.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/certcache.h (CERTTRUST_CLASS_SYSTEM): New.
(CERTTRUST_CLASS_CONFIG): New.
(CERTTRUST_CLASS_HKP): New.
(CERTTRUST_CLASS_HKPSPOOL): New.
* dirmngr/certcache.c (MAX_EXTRA_CACHED_CERTS): Rename to ...
(MAX_NONPERM_CACHED_CERTS): this.
(total_extra_certificates): Rename to ...
(total_nonperm_certificates): this.
(total_config_certificates): Remove.
(total_trusted_certificates): Remove.
(total_system_trusted_certificates): Remove.
(cert_item_s): Remove field 'flags'. Add fields 'permanent' and
'trustclasses'.
(clean_cache_slot): Clear new fields.
(put_cert): Change for new cert_item_t structure.
(load_certs_from_dir): Rename arg 'are_trusted' to 'trustclass'
(load_certs_from_file): Use CERTTRUST_CLASS_ value for put_cert.
(load_certs_from_w32_store): Ditto.
(cert_cache_init): Ditto.
(cert_cache_print_stats): Rewrite.
(is_trusted_cert): Replace arg 'with_systrust' by 'trustclasses'.
Chnage the test.
* dirmngr/validate.c (allowed_ca): Pass CERTTRUST_CLASS_CONFIG to
is_trusted_cert.
(validate_cert_chain): Pass CERTTRUST_CLASS_ values to
is_trusted_cert.
--
These trust classes make it easier to select certain sets of root
certificates.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
* dirmngr/server.c (option_handler): New option "http-crl"
* dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
* dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (main): New option --no-crl.
--
This new option can be used to enable CRL checks on a per session
base. The default is not to use CRLs for https connections.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (HTTP_SESSION_MAGIC): New.
(http_session_s): New field 'magic'.
(HTTP_CONTEXT_MAGIC): New.
(http_context_s): New field 'magic'.
(my_ntbtls_verify_cb): Assert MAGIC.
(fp_onclose_notification): Ditto.
(session_unref): Ditto. Reset MAGIC.
(http_session_new): Set MAGIC.
(http_open): Ditto.
(http_raw_connect): Ditto.
(http_close): Assert MAGIC. Reset MAGIC.
* dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused.
--
We pass those handles through opaque pointers. The magic numbers will
help to detect wrong use.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http-ntbtls.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New.
(server_conrol_s): Add field 'magic',
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC.
(dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef.
* dirmngr/http.c (my_ntbtls_verify_cb): New.
(http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code.
(send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call
the verify callback after the handshake.
* dirmngr/ks-engine-hkp.c (send_request): Pass
gnupg_http_tls_verify_cb to http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (my_http_tls_verify_cb): New.
(main): Rename option --gnutls-debug to --tls-debug.
(main) [HTTP_USE_NTBTLS]: Create a session.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/certcache.h (certlist_s, certlist_t): New.
* dirmngr/certcache.c (read_certlist_from_stream): New.
(release_certlist): New.
* dirmngr/server.c (MAX_CERTLIST_LENGTH): New.
(cmd_validate): Add options --tls and --systrust. Implement them
using a kludge for now.
* dirmngr/validate.c (validate_cert_chain): Support systrust
checking. Add kludge to disable the CRL checking for tls mode.
--
This can now be used to test a list of certificates as returned by
TLS. Put the certs PEM encoded into a a file certlist.pem with the
target certificate being the first. Then run
gpg-connect-agent --dirmngr \
'/definqfile CERTLIST wiki-gnupg-chain.pem' \
'validate --systrust --tls' /bye
CRLS check has been disabled becuase we can't yet pass the systrust
flag to the CRL checking code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/validate.c (enum cert_usage_modes): New.
(cert_usage_p): Change type of arg MODE. Use enums instead of
hardwired values. Use a switch instead of tricky bit tests.
(cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust.
* dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage.
(cert_use_cert_p): Rename to check_cert_use_cert.
(cert_use_ocsp_p): Rename to check_cert_use_ocsp.
(cert_use_crl_p): Rename to check_cert_use_crl.
* dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New.
(VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New.
--
A function with a "_p" suffix return 0 for a True just looks weird.
We now use names which better indicate that an error code is returned.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/certcache.c (CERTOPENSYSTEMSTORE) [W32]: New type.
(CERTENUMCERTIFICATESINSTORE) [W32]: New type.
(CERTCLOSESTORE) [W32]: New type.
(load_certs_from_file) [W32]: Do not build.
(load_certs_from_w32_store) [W32]: New.
(load_certs_from_system) [W32]: Call new function.
--
GnuTLS loads the system certificates from the "ROOT" and "CA" store;
thus we do the same. On a Visa box you may for example see 21 from
"ROOT" and 6 from "CA".
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Add option --default-trust-store.
(DEFAULT_TRUST_STORE_FILE): New ac_define.
* dirmngr/certcache.c: Include ksba-io-support.h.
(total_trusted_certificates, total_system_trusted_certificates): New.
(put_cert): Manage the new counters.
(cert_cache_deinit): Reset them.
(cert_cache_print_stats): Print them.
(is_trusted_cert): Add arg WITH_SYSTRUST. Change all callers to pass
false.
(load_certs_from_file): New.
(load_certs_from_system): New.
(cert_cache_init): Load system certificates.
--
Note that this code does not yet allow to load the system certificates
on Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/certcache.c (cert_item_s): Rename 'flags.loaded' to
'flags.config'. Add 'flags.systrust'.
(total_loaded_certificates): Rename to total_config_certificates.
(put_cert): Rename args for clarity. Set SYSTRUST flag.
(load_certs_from_dir): Make sure put_cert does not set the SYSTRUST
flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_name_libdns): Work around an
incompatibility between the glibc resolver and libdns.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (hostinfo_s): Remove fields v4addr and
v5addr and add fields iporname and iporname_valid.
(create_new_hostinfo): Clear them.
(add_host): Remove the code to set the v4addr and v6addr fields.
(ks_hkp_print_hosttable): Remove printing of the fields. Compute the
iporname field and display it.
(ks_hkp_reload): Force re-computing of the iporname field in
ks_hkp_print_hosttable.
--
GnuPG-bug-id: 2928
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (libdns_init): Do not print error message for a
missing nsswitch.conf. Make sure that tehre is a DNS entry.
--
GnuPG-bug-id: 2948
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (disable_dns_tormode): New.
* dirmngr/dirmngr.c (oNoUseTor): New const.
(opts): New option --no-use-tor.
(tor_mode): New var.
(parse_rereadable_options): Change to use TOR_MODE.
(dirmngr_use_tor): New.
(set_tor_mode): Call disable_dns_tormode. Implement oNoUseTor.
* dirmngr/dirmngr.h (opt): Remove field 'use_tor'. Replace all
references by a call to dirmngr_use_tor().
* dirmngr/server.c (cmd_getinfo): Distinguish between default and
enforced TOR_MODE.
--
This patch replaces the global variable opt.use_tar by a function
testing a file local mode flag. This patch prepares for a
use-tor-if-available mode.
GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
(map_host): Call that to print a warning.
(handle_send_request_error): Ditto and avoid marking the host dead.
Also print a tor_config_problem warning. Add arg CTRL; adjust callers
to pass that new arg.
* g10/call-dirmngr.c (ks_status_cb): Detect and print the new
warnings.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (connect_server): Change to return an gpg_error_t
and to store socket at the passed address.
(http_raw_connect, send_request): Adjust accordingly.
--
This change removes cruft from the code and allows to return the error
code from the name lookup.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (do_logv): Remove extra parentheses in comparison.
* dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
dns_res_close is given a defined value in the error case.
* dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
format string char.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
* dirmngr/ks-engine-http.c (ks_http_help): Ditto.
* dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.
* scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
char.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
error case.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
* tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.c (dns_nssconf_loadfile): Skip negation terms in
nsswitch.conf parser.
--
This small patch was submitted along with this comment:
We've been having issues over at Arch Linux with the new libdns
code. Our /etc/nsswitch.conf contains the following line:
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
And it turns out dirmngr fails to parse the negation statement (the
bang in !UNAVAIL). This results in gnupg not being able to resolve
any name.
Looking at dirmngr/dns.c it was unclear to me how to properly handle
such negations. The dns_anyconf_scan calls used in
dns_nssconf_loadfile do not allow to store a negation bit easily...
In the meantime, I wrote the attached patch which ignores those
statements altogether. It makes libdns work as expected for us.
Commit log written by wk
* dirmngr/dns-stuff.c (libdns_init): Fallback to files,dns.
--
Signed-off-by: Phil Pennock <phil@pennock-tech.com>
ChangeLog entry by wk.
This fixed the problem:
Short version: macOS doesn't include /etc/nsswitch.conf and GnuPG's
dirmngr is hard-erroring when that file is missing, such that no DNS
operations succeed and --recv-key returns ENOENT type errors to the
caller.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
(resolve_addr_libdns): New.
(resolve_dns_addr): Divert to resolve_dns_addr.
--
In the old code reverse lookups where disabled in Tor mode. By
implementing the reverse lookups via libdns it is now possible to do
them also in Tor mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
for literal IP addresses.
(resolve_name_standard): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
the address family.
* dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
R_HTTPHOST because that is its purpose. Note that the former
behaviour of storing a NULL to indicate that it is not a pool has not
been used.
(make_host_part): Ditto.
(make_host_part): Make sure that literal v6 addresses are correclty
marked in the constructed URL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
--
This is the same replacement we use in Libassuan
(commit 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e) to make it work on
OpenBSD and may other BSD based OSes.
Signed-off-by: Werner Koch <wk@gnupg.org>
