diff options
author | Werner Koch <wk@gnupg.org> | 2015-11-12 13:31:59 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2015-11-12 13:31:59 +0100 |
commit | a3b26d6c0839ec18d1dc226bb537d5067c86d574 (patch) | |
tree | 4a689d0ce643053ee28a157f7e7a8fcd45c91d7c | |
parent | dirmngr: New option --nameserver. (diff) | |
download | gnupg2-a3b26d6c0839ec18d1dc226bb537d5067c86d574.tar.xz gnupg2-a3b26d6c0839ec18d1dc226bb537d5067c86d574.zip |
dirmngr: Do not block during ADNS calls.
* dirmngr/dns-stuff.c: Include npth.h
(my_unprotect, my_protect): New wrapper.
(resolve_name_adns): Put unprotect/protect around adns calls.
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
-rw-r--r-- | dirmngr/Makefile.am | 1 | ||||
-rw-r--r-- | dirmngr/dns-stuff.c | 43 |
2 files changed, 36 insertions, 8 deletions
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 009802ad6..c3bce0d98 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -142,6 +142,7 @@ t_ldap_parse_uri_SOURCES = \ t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS) +t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1 t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c t_dns_stuff_LDADD = $(t_common_ldadd) $(DNSLIBS) diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 6f3ce3912..200e1e209 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -51,10 +51,25 @@ # error Either getaddrinfo or the ADNS libary is required. #endif +#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ +# undef USE_NPTH +#endif +#ifdef USE_NPTH +# include <npth.h> +#endif + #include "util.h" #include "host2net.h" #include "dns-stuff.h" +#ifdef USE_NPTH +# define my_unprotect() npth_unprotect () +# define my_protect() npth_protect () +#else +# define my_unprotect() do { } while(0) +# define my_protect() do { } while(0) +#endif + /* We allow the use of 0 instead of AF_UNSPEC - check this assumption. */ #if AF_UNSPEC != 0 # error AF_UNSPEC does not have the value 0 @@ -231,6 +246,7 @@ resolve_name_adns (const char *name, unsigned short port, dns_addrinfo_t *r_dai, char **r_canonname) { gpg_error_t err = 0; + int ret; dns_addrinfo_t daihead = NULL; dns_addrinfo_t dai; adns_state state; @@ -251,8 +267,11 @@ resolve_name_adns (const char *name, unsigned short port, if (err) return err; - if (adns_synchronous (state, name, adns_r_addr, - adns_qf_quoteok_query, &answer)) + my_unprotect (); + ret = adns_synchronous (state, name, adns_r_addr, + adns_qf_quoteok_query, &answer); + my_protect (); + if (ret) { err = gpg_error_from_syserror (); log_error ("DNS query failed: %s\n", gpg_strerror (err)); @@ -629,6 +648,7 @@ get_dns_cert (const char *name, int want_certtype, #ifdef USE_DNS_CERT #ifdef USE_ADNS gpg_error_t err; + int ret; adns_state state; adns_answer *answer = NULL; unsigned int ctype; @@ -646,12 +666,15 @@ get_dns_cert (const char *name, int want_certtype, if (err) return err; - if (adns_synchronous (state, name, - (adns_r_unknown - | (want_certtype < DNS_CERTTYPE_RRBASE - ? my_adns_r_cert - : (want_certtype - DNS_CERTTYPE_RRBASE))), - adns_qf_quoteok_query, &answer)) + my_unprotect (); + ret = adns_synchronous (state, name, + (adns_r_unknown + | (want_certtype < DNS_CERTTYPE_RRBASE + ? my_adns_r_cert + : (want_certtype - DNS_CERTTYPE_RRBASE))), + adns_qf_quoteok_query, &answer); + my_protect (); + if (ret) { err = gpg_error_from_syserror (); /* log_error ("DNS query failed: %s\n", strerror (errno)); */ @@ -1001,8 +1024,10 @@ getsrv (const char *name,struct srventry **list) if (my_adns_init (&state)) return -1; + my_unprotect (); rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query, &answer); + my_protect (); if (rc) { log_error ("DNS query failed: %s\n", strerror (errno)); @@ -1241,8 +1266,10 @@ get_dns_cname (const char *name, char **r_cname) if (my_adns_init (&state)) return gpg_error (GPG_ERR_GENERAL); + my_unprotect (); rc = adns_synchronous (state, name, adns_r_cname, adns_qf_quoteok_query, &answer); + my_protect (); if (rc) { err = gpg_error_from_syserror (); |