Import gnupg2_2.1.17-3.debian.tar.bz2

[gnupg2.git] / debian / patches / 0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch

From: Werner Koch <wk@gnupg.org>
Date: Tue, 3 Jan 2017 12:03:28 +0100
Subject: dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.

* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
(reload_dns_stuff): Reset tor port.
* dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
(main): Remove warning that Tor mode may not fully work.
* dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
initialization.
* dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
checking for enable_dns_tormode.
--

This patch also resets the port on SIGHUP so that after starting Tor
SIGHUP is sufficient to use Tor.  Without the SIGHUP and when not
using the Tor browser Dirmngr would keep on trying the Tor browser
port.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 969512401603639e4467ede7d892f1b02582c2c9)
---
 dirmngr/dirmngr.c     | 10 +++-------
 dirmngr/dns-stuff.c   | 12 +++++++-----
 dirmngr/dns-stuff.h   |  6 +++---
 dirmngr/server.c      |  7 -------
 dirmngr/t-dns-stuff.c | 16 +---------------
 5 files changed, 14 insertions(+), 37 deletions(-)

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 0b8bb02e6..5abfe78c6 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -474,6 +474,9 @@ set_tor_mode (void)
 {
   if (opt.use_tor)
     {
+      /* Enable Tor mode and when called again force a new curcuit
+       * (e.g. on SIGHUP).  */
+      enable_dns_tormode (1);
       if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
         {
           log_error ("error enabling Tor mode: %s\n", strerror (errno));
@@ -912,13 +915,6 @@ main (int argc, char **argv)
   log_info ("NOTE: this is a development version!\n");
 #endif
 
-  if (opt.use_tor)
-    {
-      log_info ("WARNING: ***************************************\n");
-      log_info ("WARNING: Tor mode (--use-tor) MAY NOT FULLY WORK!\n");
-      log_info ("WARNING: ***************************************\n");
-    }
-
   /* Print a warning if an argument looks like an option.  */
   if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
     {
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index cf8cefb2e..e32e1e3e1 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -199,9 +199,9 @@ recursive_resolver_p (void)
 }
 
 
-/* Sets the module in Tor mode.  Returns 0 is this is possible or an
-   error code.  */
-gpg_error_t
+/* Puts this module eternally into Tor mode.  When called agained with
+ * NEW_CIRCUIT request a new TOR circuit for the next DNS query.  */
+void
 enable_dns_tormode (int new_circuit)
 {
   if (!*tor_socks_user || new_circuit)
@@ -215,7 +215,6 @@ enable_dns_tormode (int new_circuit)
       counter++;
     }
   tor_mode = 1;
-  return 0;
 }
 
 
@@ -548,7 +547,10 @@ reload_dns_stuff (int force)
       libdns_reinit_pending = 0;
     }
   else
-    libdns_reinit_pending = 1;
+    {
+      libdns_reinit_pending = 1;
+      libdns_tor_port = 0;  /* Start again with the default port.  */
+    }
 #else
   (void)force;
 #endif
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index 0a4a4de2f..eb7fe7246 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -113,9 +113,9 @@ void enable_recursive_resolver (int yes);
 /* Return true iff the recursive resolver is used.  */
 int recursive_resolver_p (void);
 
-/* Calling this function switches the DNS code into Tor mode if
-   possibe.  Return 0 on success.  */
-gpg_error_t enable_dns_tormode (int new_circuit);
+/* Put this module eternally into Tor mode.  When called agained with
+ * NEW_CIRCUIT request a new TOR circuit for the next DNS query.  */
+void enable_dns_tormode (int new_circuit);
 
 /* Change the default IP address of the nameserver to IPADDR.  The
    address needs to be a numerical IP address and will be used for the
diff --git a/dirmngr/server.c b/dirmngr/server.c
index a785238dc..28c2cd428 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -709,13 +709,6 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
         }
     }
 
-  if (opt.use_tor && (err = enable_dns_tormode (0)))
-    {
-      /* Tor mode is requested but the DNS code can't enable it.  */
-      assuan_set_error (ctx, err, "error enabling Tor mode");
-      goto leave;
-    }
-
   if (pka_mode || dane_mode)
     {
       char *domain;     /* Points to mbox.  */
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index b087b5ead..bc4ca9a51 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -51,7 +51,6 @@ main (int argc, char **argv)
   gpg_error_t err;
   int any_options = 0;
   int opt_tor = 0;
-  int opt_new_circuit = 0;
   int opt_cert = 0;
   int opt_srv = 0;
   int opt_bracket = 0;
@@ -103,11 +102,6 @@ main (int argc, char **argv)
           opt_tor = 1;
           argc--; argv++;
         }
-      else if (!strcmp (*argv, "--new-circuit"))
-        {
-          opt_new_circuit = 1;
-          argc--; argv++;
-        }
       else if (!strcmp (*argv, "--standard-resolver"))
         {
           enable_standard_resolver (1);
@@ -171,15 +165,7 @@ main (int argc, char **argv)
   init_sockets ();
 
   if (opt_tor)
-    {
-      err = enable_dns_tormode (opt_new_circuit);
-      if (err)
-        {
-          fprintf (stderr, "error switching into Tor mode: %s\n",
-                   gpg_strerror (err));
-          exit (1);
-        }
-    }
+    enable_dns_tormode (0);
 
   if (opt_cert)
     {