diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/gns/Makefile.am | 4 | ||||
-rw-r--r-- | src/gns/gns.conf.in | 2 | ||||
-rw-r--r-- | src/gns/gnunet-gns-import.c | 8 | ||||
-rw-r--r-- | src/gns/gnunet-service-gns.c | 112 |
4 files changed, 93 insertions, 33 deletions
diff --git a/src/gns/Makefile.am b/src/gns/Makefile.am index 3db49ab1c..d4c65031e 100644 --- a/src/gns/Makefile.am +++ b/src/gns/Makefile.am | |||
@@ -103,7 +103,7 @@ libgnunet_plugin_rest_gns_la_LIBADD = \ | |||
103 | $(top_builddir)/src/identity/libgnunetidentity.la \ | 103 | $(top_builddir)/src/identity/libgnunetidentity.la \ |
104 | $(top_builddir)/src/rest/libgnunetrest.la \ | 104 | $(top_builddir)/src/rest/libgnunetrest.la \ |
105 | $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ | 105 | $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ |
106 | $(LTLIBINTL) -ljansson -lmicrohttpd | 106 | $(LTLIBINTL) -ljansson -lmicrohttpd |
107 | libgnunet_plugin_rest_gns_la_LDFLAGS = \ | 107 | libgnunet_plugin_rest_gns_la_LDFLAGS = \ |
108 | $(GN_PLUGIN_LDFLAGS) | 108 | $(GN_PLUGIN_LDFLAGS) |
109 | 109 | ||
@@ -198,6 +198,7 @@ gnunet_service_gns_SOURCES = \ | |||
198 | gnunet_service_gns_LDADD = \ | 198 | gnunet_service_gns_LDADD = \ |
199 | -lm \ | 199 | -lm \ |
200 | $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ | 200 | $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ |
201 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
201 | $(top_builddir)/src/revocation/libgnunetrevocation.la \ | 202 | $(top_builddir)/src/revocation/libgnunetrevocation.la \ |
202 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ | 203 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ |
203 | $(top_builddir)/src/util/libgnunetutil.la \ | 204 | $(top_builddir)/src/util/libgnunetutil.la \ |
@@ -261,4 +262,3 @@ if HAVE_SQLITE | |||
261 | TESTS = $(check_SCRIPTS) | 262 | TESTS = $(check_SCRIPTS) |
262 | endif | 263 | endif |
263 | endif | 264 | endif |
264 | |||
diff --git a/src/gns/gns.conf.in b/src/gns/gns.conf.in index 7fbd572ab..bf59cac15 100644 --- a/src/gns/gns.conf.in +++ b/src/gns/gns.conf.in | |||
@@ -25,8 +25,6 @@ ZONE_PUBLISH_TIME_WINDOW = 4 h | |||
25 | 25 | ||
26 | # PREFIX = valgrind --leak-check=full --track-origins=yes | 26 | # PREFIX = valgrind --leak-check=full --track-origins=yes |
27 | 27 | ||
28 | # Setting this option enables hijacking DNS queries using iptables. | ||
29 | # DNS_ROOT = KEY | ||
30 | 28 | ||
31 | [gns-proxy] | 29 | [gns-proxy] |
32 | BINARY = gnunet-gns-proxy | 30 | BINARY = gnunet-gns-proxy |
diff --git a/src/gns/gnunet-gns-import.c b/src/gns/gnunet-gns-import.c index bd3dfe15e..fb32263bc 100644 --- a/src/gns/gnunet-gns-import.c +++ b/src/gns/gnunet-gns-import.c | |||
@@ -265,6 +265,7 @@ zone_iterator (void *cls, | |||
265 | GNUNET_NAMESTORE_zone_iterator_next (list_it); | 265 | GNUNET_NAMESTORE_zone_iterator_next (list_it); |
266 | } | 266 | } |
267 | 267 | ||
268 | |||
268 | /** | 269 | /** |
269 | * Get master-zone, short-zone and private-zone keys. | 270 | * Get master-zone, short-zone and private-zone keys. |
270 | * | 271 | * |
@@ -435,7 +436,12 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
435 | 436 | ||
436 | if (0 != run_process_and_wait (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, NULL, NULL, &st, &code, | 437 | if (0 != run_process_and_wait (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, NULL, NULL, &st, &code, |
437 | "gnunet-identity", | 438 | "gnunet-identity", |
438 | "gnunet-identity", "-e", "short-zone", "-s", "gns-proxy", NULL)) | 439 | "gnunet-identity", "-e", "master-zone", "-s", "gns-proxy", NULL)) |
440 | return; | ||
441 | |||
442 | if (0 != run_process_and_wait (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, NULL, NULL, &st, &code, | ||
443 | "gnunet-identity", | ||
444 | "gnunet-identity", "-e", "master-zone", "-s", "gns-intercept", NULL)) | ||
439 | return; | 445 | return; |
440 | 446 | ||
441 | if (0 != run_process_and_wait (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, NULL, NULL, &st, &code, | 447 | if (0 != run_process_and_wait (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, NULL, NULL, &st, &code, |
diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c index 60c277561..4495bb6b7 100644 --- a/src/gns/gnunet-service-gns.c +++ b/src/gns/gnunet-service-gns.c | |||
@@ -30,6 +30,7 @@ | |||
30 | #include "gnunet_dht_service.h" | 30 | #include "gnunet_dht_service.h" |
31 | #include "gnunet_namecache_service.h" | 31 | #include "gnunet_namecache_service.h" |
32 | #include "gnunet_namestore_service.h" | 32 | #include "gnunet_namestore_service.h" |
33 | #include "gnunet_identity_service.h" | ||
33 | #include "gnunet_gns_service.h" | 34 | #include "gnunet_gns_service.h" |
34 | #include "gnunet_statistics_service.h" | 35 | #include "gnunet_statistics_service.h" |
35 | #include "gns.h" | 36 | #include "gns.h" |
@@ -149,6 +150,17 @@ static struct GNUNET_NAMESTORE_Handle *namestore_handle; | |||
149 | static struct GNUNET_NAMECACHE_Handle *namecache_handle; | 150 | static struct GNUNET_NAMECACHE_Handle *namecache_handle; |
150 | 151 | ||
151 | /** | 152 | /** |
153 | * Our handle to the identity service | ||
154 | */ | ||
155 | static struct GNUNET_IDENTITY_Handle *identity_handle; | ||
156 | |||
157 | /** | ||
158 | * Our handle to the identity operation to find the master zone | ||
159 | * for intercepted queries. | ||
160 | */ | ||
161 | static struct GNUNET_IDENTITY_Operation *identity_op; | ||
162 | |||
163 | /** | ||
152 | * Handle to iterate over our authoritative zone in namestore | 164 | * Handle to iterate over our authoritative zone in namestore |
153 | */ | 165 | */ |
154 | static struct GNUNET_NAMESTORE_ZoneIterator *namestore_iter; | 166 | static struct GNUNET_NAMESTORE_ZoneIterator *namestore_iter; |
@@ -266,6 +278,16 @@ shutdown_task (void *cls, | |||
266 | } | 278 | } |
267 | 279 | ||
268 | GNS_interceptor_done (); | 280 | GNS_interceptor_done (); |
281 | if (NULL != identity_op) | ||
282 | { | ||
283 | GNUNET_IDENTITY_cancel (identity_op); | ||
284 | identity_op = NULL; | ||
285 | } | ||
286 | if (NULL != identity_handle) | ||
287 | { | ||
288 | GNUNET_IDENTITY_disconnect (identity_handle); | ||
289 | identity_handle = NULL; | ||
290 | } | ||
269 | GNS_resolver_done (); | 291 | GNS_resolver_done (); |
270 | GNS_shorten_done (); | 292 | GNS_shorten_done (); |
271 | while (NULL != (ma = ma_head)) | 293 | while (NULL != (ma = ma_head)) |
@@ -836,6 +858,54 @@ monitor_sync_event (void *cls) | |||
836 | 858 | ||
837 | 859 | ||
838 | /** | 860 | /** |
861 | * Method called to inform about the ego to be used for the master zone | ||
862 | * for DNS interceptions. | ||
863 | * | ||
864 | * This function is only called ONCE, and 'NULL' being passed in | ||
865 | * @a ego does indicate that interception is not configured. | ||
866 | * If @a ego is non-NULL, we should start to intercept DNS queries | ||
867 | * and resolve ".gnu" queries using the given ego as the master zone. | ||
868 | * | ||
869 | * @param cls closure, our `const struct GNUNET_CONFIGURATION_Handle *c` | ||
870 | * @param ego ego handle | ||
871 | * @param ctx context for application to store data for this ego | ||
872 | * (during the lifetime of this process, initially NULL) | ||
873 | * @param name name assigned by the user for this ego, | ||
874 | * NULL if the user just deleted the ego and it | ||
875 | * must thus no longer be used | ||
876 | */ | ||
877 | static void | ||
878 | identity_intercept_cb (void *cls, | ||
879 | struct GNUNET_IDENTITY_Ego *ego, | ||
880 | void **ctx, | ||
881 | const char *name) | ||
882 | { | ||
883 | const struct GNUNET_CONFIGURATION_Handle *cfg = cls; | ||
884 | struct GNUNET_CRYPTO_EcdsaPublicKey dns_root; | ||
885 | |||
886 | identity_op = NULL; | ||
887 | if (NULL == ego) | ||
888 | { | ||
889 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
890 | _("No ego configured for `%s`\n"), | ||
891 | "gns-intercept"); | ||
892 | return; | ||
893 | } | ||
894 | GNUNET_IDENTITY_ego_get_public_key (ego, | ||
895 | &dns_root); | ||
896 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
897 | "DNS hijacking enabled. Connecting to DNS service.\n"); | ||
898 | if (GNUNET_SYSERR == | ||
899 | GNS_interceptor_init (&dns_root, cfg)) | ||
900 | { | ||
901 | GNUNET_break (0); | ||
902 | GNUNET_SCHEDULER_add_now (&shutdown_task, NULL); | ||
903 | return; | ||
904 | } | ||
905 | } | ||
906 | |||
907 | |||
908 | /** | ||
839 | * Process GNS requests. | 909 | * Process GNS requests. |
840 | * | 910 | * |
841 | * @param cls closure | 911 | * @param cls closure |
@@ -843,16 +913,15 @@ monitor_sync_event (void *cls) | |||
843 | * @param c configuration to use | 913 | * @param c configuration to use |
844 | */ | 914 | */ |
845 | static void | 915 | static void |
846 | run (void *cls, struct GNUNET_SERVER_Handle *server, | 916 | run (void *cls, |
917 | struct GNUNET_SERVER_Handle *server, | ||
847 | const struct GNUNET_CONFIGURATION_Handle *c) | 918 | const struct GNUNET_CONFIGURATION_Handle *c) |
848 | { | 919 | { |
849 | static const struct GNUNET_SERVER_MessageHandler handlers[] = { | 920 | static const struct GNUNET_SERVER_MessageHandler handlers[] = { |
850 | { &handle_lookup, NULL, GNUNET_MESSAGE_TYPE_GNS_LOOKUP, 0}, | 921 | { &handle_lookup, NULL, GNUNET_MESSAGE_TYPE_GNS_LOOKUP, 0}, |
851 | {NULL, NULL, 0, 0} | 922 | {NULL, NULL, 0, 0} |
852 | }; | 923 | }; |
853 | struct GNUNET_CRYPTO_EcdsaPublicKey dns_root; | ||
854 | unsigned long long max_parallel_bg_queries = 0; | 924 | unsigned long long max_parallel_bg_queries = 0; |
855 | char *dns_root_name; | ||
856 | 925 | ||
857 | v6_enabled = GNUNET_NETWORK_test_pf (PF_INET6); | 926 | v6_enabled = GNUNET_NETWORK_test_pf (PF_INET6); |
858 | v4_enabled = GNUNET_NETWORK_test_pf (PF_INET); | 927 | v4_enabled = GNUNET_NETWORK_test_pf (PF_INET); |
@@ -907,33 +976,20 @@ run (void *cls, struct GNUNET_SERVER_Handle *server, | |||
907 | return; | 976 | return; |
908 | } | 977 | } |
909 | 978 | ||
910 | if (GNUNET_OK == | 979 | identity_handle = GNUNET_IDENTITY_connect (c, |
911 | GNUNET_CONFIGURATION_get_value_string (c, "gns", "DNS_ROOT", | 980 | NULL, |
912 | &dns_root_name)) | 981 | NULL); |
982 | if (NULL == identity_handle) | ||
913 | { | 983 | { |
914 | if (GNUNET_OK != | ||
915 | GNUNET_CRYPTO_ecdsa_public_key_from_string (dns_root_name, | ||
916 | strlen (dns_root_name), | ||
917 | &dns_root)) | ||
918 | { | ||
919 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, | ||
920 | "gns", | ||
921 | "DNS_ROOT", | ||
922 | _("valid public key required")); | ||
923 | GNUNET_SCHEDULER_add_now (&shutdown_task, NULL); | ||
924 | GNUNET_free (dns_root_name); | ||
925 | return; | ||
926 | } | ||
927 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 984 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
928 | "DNS hijacking with root `%s' enabled. Connecting to DNS service.\n", | 985 | "Could not connect to identity service!\n"); |
929 | dns_root_name); | 986 | } |
930 | GNUNET_free (dns_root_name); | 987 | else |
931 | if (GNUNET_SYSERR == | 988 | { |
932 | GNS_interceptor_init (&dns_root, c)) | 989 | identity_op = GNUNET_IDENTITY_get (identity_handle, |
933 | { | 990 | "gns-intercept", |
934 | GNUNET_SCHEDULER_add_now (&shutdown_task, NULL); | 991 | &identity_intercept_cb, |
935 | return; | 992 | (void *) c); |
936 | } | ||
937 | } | 993 | } |
938 | GNS_resolver_init (namecache_handle, | 994 | GNS_resolver_init (namecache_handle, |
939 | dht_handle, | 995 | dht_handle, |