oBatch,
oDisableHTTP,
oDisableLDAP,
+ oDisableIPv4,
oIgnoreLDAPDP,
oIgnoreHTTPDP,
oIgnoreOCSPSvcUrl,
oHTTPWrapperProgram,
oIgnoreCertExtension,
oUseTor,
+ oNoUseTor,
oKeyServer,
oNameServer,
oDisableCheckOwnSocket,
N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via Tor")),
+ ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
+
+ ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
/* Flags to indicate that we shall not watch our own socket. */
static int disable_check_own_socket;
+/* Flag to control the Tor mode. */
+static enum
+ { TOR_MODE_AUTO = 0, /* Switch to NO or YES */
+ TOR_MODE_NEVER, /* Never use Tor. */
+ TOR_MODE_NO, /* Do not use Tor */
+ TOR_MODE_YES, /* Use Tor */
+ TOR_MODE_FORCE /* Force using Tor */
+ } tor_mode;
+
+
/* Counter for the active connections. */
static int active_connections;
* thread to run background network tasks. */
static int network_activity_seen;
-/* The timer tick used for housekeeping stuff. */
-#define TIMERTICK_INTERVAL (60)
-
-/* How oft to run the housekeeping. */
-#define HOUSEKEEPING_INTERVAL (600)
-
-
/* This union is used to avoid compiler warnings in case a pointer is
64 bit and an int 32 bit. We store an integer in a pointer and get
it back later (npth_getspecific et al.). */
static void
set_tor_mode (void)
{
- if (opt.use_tor)
+ if (dirmngr_use_tor ())
{
/* Enable Tor mode and when called again force a new curcuit
* (e.g. on SIGHUP). */
log_info ("(is your Libassuan recent enough?)\n");
}
}
+ else
+ disable_dns_tormode ();
+}
+
+
+/* Return true if Tor shall be used. */
+int
+dirmngr_use_tor (void)
+{
+ if (tor_mode == TOR_MODE_AUTO)
+ {
+ /* FIXME: Figure out whether Tor is running. */
+ }
+
+ if (tor_mode == TOR_MODE_FORCE)
+ return 2; /* Use Tor (using 2 to indicate force mode) */
+ else if (tor_mode == TOR_MODE_YES)
+ return 1; /* Use Tor */
+ else
+ return 0; /* Do not use Tor. */
}
FREE_STRLIST (opt.ignored_cert_extensions);
http_register_tls_ca (NULL);
FREE_STRLIST (opt.keyserver);
- /* Note: We do not allow resetting of opt.use_tor at runtime. */
+ /* Note: We do not allow resetting of TOR_MODE_FORCE at runtime. */
+ if (tor_mode != TOR_MODE_FORCE)
+ tor_mode = TOR_MODE_AUTO;
disable_check_own_socket = 0;
enable_standard_resolver (0);
set_dns_timeout (0);
case oDisableHTTP: opt.disable_http = 1; break;
case oDisableLDAP: opt.disable_ldap = 1; break;
+ case oDisableIPv4: opt.disable_ipv4 = 1; break;
case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
break;
- case oUseTor: opt.use_tor = 1; break;
+ case oUseTor:
+ tor_mode = TOR_MODE_FORCE;
+ break;
+ case oNoUseTor:
+ if (tor_mode != TOR_MODE_FORCE)
+ tor_mode = TOR_MODE_NEVER;
+ break;
case oStandardResolver: enable_standard_resolver (1); break;
case oRecursiveResolver: enable_recursive_resolver (1); break;
set_dns_verbose (opt.verbose, !!DBG_DNS);
http_set_verbose (opt.verbose, !!DBG_NETWORK);
+ set_dns_disable_ipv4 (opt.disable_ipv4);
return 1; /* Handled. */
}
#endif /*!HAVE_W32_SYSTEM*/
-/* Thread to do the housekeeping. */
-static void *
-housekeeping_thread (void *arg)
-{
- static int sentinel;
- time_t curtime;
- struct server_control_s ctrlbuf;
-
- (void)arg;
-
- curtime = gnupg_get_time ();
- if (sentinel)
- {
- log_info ("housekeeping is already going on\n");
- return NULL;
- }
- sentinel++;
- if (opt.verbose > 1)
- log_info ("starting housekeeping\n");
-
- memset (&ctrlbuf, 0, sizeof ctrlbuf);
- dirmngr_init_default_ctrl (&ctrlbuf);
-
- ks_hkp_housekeeping (curtime);
- if (network_activity_seen)
- {
- network_activity_seen = 0;
- if (opt.use_tor || opt.allow_version_check)
- dirmngr_load_swdb (&ctrlbuf, 0);
- }
-
- dirmngr_deinit_default_ctrl (&ctrlbuf);
-
- if (opt.verbose > 1)
- log_info ("ready with housekeeping\n");
- sentinel--;
- return NULL;
-
-}
-
-
-#if GPGRT_GCC_HAVE_PUSH_PRAGMA
-# pragma GCC push_options
-# pragma GCC optimize ("no-strict-overflow")
-#endif
-static int
-time_for_housekeeping_p (time_t curtime)
-{
- static time_t last_housekeeping;
-
- if (!last_housekeeping)
- last_housekeeping = curtime;
-
- if (last_housekeeping + HOUSEKEEPING_INTERVAL <= curtime
- || last_housekeeping > curtime /*(be prepared for y2038)*/)
- {
- last_housekeeping = curtime;
- return 1;
- }
- return 0;
-}
-#if GPGRT_GCC_HAVE_PUSH_PRAGMA
-# pragma GCC pop_options
-#endif
-
-
-/* This is the worker for the ticker. It is called every few seconds
- and may only do fast operations. */
-static void
-handle_tick (void)
-{
- if (time_for_housekeeping_p (gnupg_get_time ()))
- {
- npth_t thread;
- npth_attr_t tattr;
- int err;
-
- err = npth_attr_init (&tattr);
- if (err)
- log_error ("error preparing housekeeping thread: %s\n", strerror (err));
- else
- {
- npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
- err = npth_create (&thread, &tattr, housekeeping_thread, NULL);
- if (err)
- log_error ("error spawning housekeeping thread: %s\n",
- strerror (err));
- npth_attr_destroy (&tattr);
- }
- }
-}
-
-
/* Check the nonce on a new connection. This is a NOP unless we are
using our Unix domain socket emulation under Windows. */
static int
gnupg_fd_t fd;
int nfd, ret;
fd_set fdset, read_fdset;
- struct timespec abstime;
- struct timespec curtime;
- struct timespec timeout;
int saved_errno;
int my_inotify_fd = -1;
#endif /*HAVE_INOTIFY_INIT*/
- /* Setup the fdset. It has only one member. This is because we use
- pth_select instead of pth_accept to properly sync timeouts with
- to full second. */
+ /* Setup the fdset. */
FD_ZERO (&fdset);
FD_SET (FD2INT (listen_fd), &fdset);
nfd = FD2INT (listen_fd);
nfd = my_inotify_fd;
}
- npth_clock_gettime (&abstime);
- abstime.tv_sec += TIMERTICK_INTERVAL;
-
/* Main loop. */
for (;;)
{
break; /* ready */
/* Do not accept new connections but keep on running the
- * loop to cope with the timer events.
+ * select loop to wait for signals (e.g. SIGCHLD).
*
* Note that we do not close the listening socket because a
* client trying to connect to that socket would instead
/* Take a copy of the fdset. */
read_fdset = fdset;
- npth_clock_gettime (&curtime);
- if (!(npth_timercmp (&curtime, &abstime, <)))
- {
- /* Timeout. */
- handle_tick ();
- npth_clock_gettime (&abstime);
- abstime.tv_sec += TIMERTICK_INTERVAL;
- }
- npth_timersub (&abstime, &curtime, &timeout);
-
#ifndef HAVE_W32_SYSTEM
- ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask());
+ ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, NULL, npth_sigev_sigmask());
saved_errno = errno;
while (npth_sigev_get_pending(&signo))
handle_signal (signo);
#else
- ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, NULL, NULL);
+ ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, NULL, NULL, NULL);
saved_errno = errno;
#endif
if (ret <= 0)
{
- /* Interrupt or timeout. Will be handled when calculating the
- next timeout. */
+ /* Interrupt. Will be handled at the top of the next loop. */
continue;
}