This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications. For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.
This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.
The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.
Tested on x86_64-linux-gnu.
Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc
This functionality was deprecated in glibc 2.25.
This commit only includes the core changes to remove the
functionality. It does not remove the RES_USE_INET6 handling in the
individual NSS service modules and the res_use_inet6 function.
These changes will happen in future commits.
The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).
This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).
To avoid sending the problematic query names over DNS, commit
6ca53a2453 ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.
This commit enhances the stub resolver to reload the configuration
in the per-thread _res object if the /etc/resolv.conf file has
changed. The resolver checks whether the application has modified
_res and will not overwrite the _res object in that case.
The struct resolv_context mechanism is used to check the
configuration file only once per name lookup.
This commit adds the remaining unchanging members (which are loaded
from /etc/resolv.conf) to struct resolv_conf.
The extended name server list is currently not used by the stub
resolver. The switch depends on a cleanup: The _u._ext.nssocks
array stores just a single socket, and needs to be replaced with
a single socket value.
(The compatibility gethostname implementation does not use the
extended addres sort list, either. Updating the compat code is
not worthwhile.)
This change uses the extended resolver state in struct resolv_conf to
store the search list. If applications have not patched the _res
object directly, this extended search list will be used by the stub
resolver during name resolution.
This change provides additional resolver configuration state which
is not exposed through the _res ABI. It reuses the existing
initstamp field in the supposedly-private part of _res. Some effort
is undertaken to avoid memory safety issues introduced by applications
which directly patch the _res object.
With this commit, only the initstamp field is moved into struct
resolv_conf. Additional members will be added later, eventually
migrating the entire resolver configuration.
Many callers of __res_maybe_init also call _res_hconf_init.
Additional calls to the latter do not hurt because the function
does its work only once. (/etc/hosts.conf is not reloaded or
even checked for changes.) This means that we can simplify the
code by calling _res_hconf_init directly from __res_vinit.
In ns_name_ntop, the NS_CMPRSFLGS check is no longer needed because
labellen (called earlier) already rejects everything which is not
a plain label (compression references and extended label types).
The number of currently defined nameservers is stored in ->nscount,
whereas ->_u._ext.nscount is set by __libc_res_nsend only after local
initializations.
Resetting defdname (default domain name) before use in __res_vinit
ensures that the default domain name is correctly set to a default
value when it is not set by the LOCALDOMAIN environment variable or
the "domain" or "search" parameters in resolv.conf
Tested using the steps from:
https://sourceware.org/bugzilla/show_bug.cgi?id=19369
This patch converts a few more function definitions in glibc from
old-style K&R to prototype style. This is sufficient to build and
test on x86_64 and x86 with -Wold-style-definition (I'll test on some
more architectures before proposing the actual addition of
-Wold-style-definition).
Tested for x86_64 and x86 with -Wold-style-definition in use
(testsuite - this patch affects files containing assertions).
* io/fts.c (fts_open): Convert to prototype-style function
definition.
* malloc/mcheck.c (mcheck): Likewise.
(mcheck_pedantic): Likewise.
* posix/regexec.c (re_search_2_stub): Likewise. Use
internal_function.
(re_search_internal): Likewise.
* resolv/res_init.c [RESOLVSORT] (net_mask): Convert to
prototype-style function definition.
* sunrpc/clnt_udp.c (clntudp_call): Likewise.
* sunrpc/pmap_rmt.c (clnt_broadcast): Likewise.
* sunrpc/rpcsvc/rusers.x (xdr_utmp): Likewise.
(xdr_utmpptr): Likewise.
(xdr_utmparr): Likewise.
(xdr_utmpidle): Likewise.
(xdr_utmpidleptr): Likewise.
(xdr_utmpidlearr): Likewise.
Remove use of ext.nsmap member of struct __res_state and always use
an identity mapping betwen the nsaddr_list array and the ext.nsaddrs
array. The fact that a nameserver has an IPv6 address is signalled by
setting nsaddr_list[].sin_family to zero.
The rotate option doesn't work correctly, and only send the query to the
same server (the second in the list). The rotation code in itself is not
broken, but the nsaddrs structure is reinitialized each time at the
beginning of __libc_res_nsend unless RES_STAYOPEN is enabled.
This is due to a call to __res_iclose from the end of __libc_res_nsend
when answers from the name server have been received. This function
closes all the sockets, but doesn't free the addresses (it can do that,
but in that case the second argument is false).
This patch change the code of __res_iclose to clear statp->_u._ext.nsinit
only when the addresses are actually freed.
* resolv/res_init.c (__res_iclose): Only clear nsinit if the
addresses have been freed.
The current comments concerning nserv and nservall are not really clear
and lead to confusion when reviewing an already complex code. Improve
them, there real meaning have been confirmed by a code analysis.
* resolv/res_init.c (__res_vinit): Improve comments about nserv
and nservall.
Parts of the resolver brought in by pthreads (at least) use inet_*
functions that aren't in the 1995/6 edition of POSIX that introduced
pthreads (or in one case, use __inet_aton which is then defined in the
same file as non-weak inet_addr). This patch fixes this by making the
affected functions into weak alias for __inet_* and using those names
in the problematic resolver code.
Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by the patch).
[BZ #17722]
* inet/inet_mkadr.c (inet_makeaddr): Rename to __inet_makeaddr and
define as weak alias of __inet_makeaddr.
* resolv/inet_addr.c (inet_addr): Rename to __inet_addr and define
as weak alias of __inet_addr.
* resolv/inet_pton.c (inet_pton): Rename to __inet_pton and define
as weak alias of __inet_pton. Use libc_hidden_weak.
* include/arpa/inet.h (__inet_pton): Declare. Use
libc_hidden_proto.
(inet_makeaddr): Don't use libc_hidden_proto.
(__inet_makeaddr): Declare. Use libc_hidden_proto.
* resolv/res_init.c (__res_vinit): Use __inet_pton instead of
inet_pton. Use __inet_makeaddr instead of inet_makeaddr.
* conform/Makefile (test-xfail-POSIX/pthread.h/linknamespace):
Remove variable.
(test-xfail-POSIX/sched.h/linknamespace): Likewise.
(test-xfail-POSIX/time.h/linknamespace): Likewise.
Resolver code, brought in by pthreads (at least), uses if_* interfaces
that weren't in POSIX before 2001, resulting in linknamespace
failures. This patch changes those interfaces to be weak aliases of
__if_* and makes the resolver use __if_* directly.
Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by this patch).
[BZ #17717]
* inet/if_index.c (if_nametoindex): Rename to __if_nametoindex and
define as weak alias of __if_nametoindex. Use libc_hidden_weak.
(if_indextoname): Rename to __if_indextoname and define as weak
alias of __if_indextoname. Use libc_hidden_weak.
(if_freenameindex): Rename to __if_freenameindex and define as
weak alias of __if_freenameindex.
(if_nameindex): Rename to __if_nameindex and define as weak alias
of __if_nameindex.
* sysdeps/mach/hurd/if_index.c (if_nametoindex): Rename to
__if_nametoindex and define as weak alias of __if_nametoindex.
Use libc_hidden_weak.
(if_freenameindex): Rename to __if_freenameindex and define as
weak alias of __if_freenameindex.
(if_nameindex): Rename to __if_nameindex and define as weak alias
of __if_nameindex.
(if_indextoname): Rename to __if_indextoname and define as weak
alias of __if_indextoname. Use libc_hidden_weak.
* sysdeps/unix/sysv/linux/if_index.c (if_nametoindex): Rename to
__if_nametoindex and define as weak alias of __if_nametoindex.
Use libc_hidden_weak.
(if_freenameindex): Rename to __if_freenameindex and define as
weak alias of __if_freenameindex. Use libc_hidden_weak.
(if_nameindex_netlink): Use __if_freenameindex instead of
if_freenameindex.
(if_nameindex): Rename to __if_nameindex and define as weak alias
of __if_nameindex. Use libc_hidden_weak.
(if_indextoname): Rename to __if_indextoname and define as weak
alias of __if_indextoname. Use libc_hidden_weak.
* include/net/if.h [!_ISOMAC] (__if_nametoindex): Declare and use
libc_hidden_proto.
[!_ISOMAC] (__if_freenameindex): Likewise.
* resolv/res_init.c (__res_vinit): Use __if_nametoindex instead of
if_nametoindex.
* conform/Makefile (test-xfail-XPG4/grp.h/linknamespace): Remove
variable.
(test-xfail-XPG4/pwd.h/linknamespace): Likewise.
(test-xfail-UNIX98/aio.h/linknamespace): Likewise.
(test-xfail-UNIX98/grp.h/linknamespace): Likewise.
(test-xfail-UNIX98/pthread.h/linknamespace): Likewise.
(test-xfail-UNIX98/pwd.h/linknamespace): Likewise.
(test-xfail-UNIX98/sched.h/linknamespace): Likewise.
(test-xfail-UNIX98/time.h/linknamespace): Likewise.
Various POSIX functions bring in res_init.o, res_hconf.o or
mntent_r.o, which use fgets_unlocked, which is not a POSIX function.
This patch arranges for them to use __fgets_unlocked instead. (The
IS_IN (libc) conditional in rec_hconf.c is needed because that file is
also used in nscd.)
Tested for x86_64 (testsuite, and that disassembly of installed shared
libraries is unchanged by the patch except for an assertion line
number). Note that most of the linknamespace tests that failed
because of fgets_unlocked from the resolver also fail because of other
symbols brought in by the resolver, so the number of XFAILs this
removes is limited. Also note that fgets_unlocked failures for
unistd.h for XPG3/XPG4 showed up that actually unistd.h is declaring
too much for XPG3/XPG4 (bug 17665) - there is no actual need to make
getusershell.c use __fgets_unlocked (at least as regards formal
standards are concerned; maybe it should still change for
namespace-cleanness of _DEFAULT_SOURCE) because the functions there
aren't actually in any of the supported standards; the correct fix for
those failures will be to stop the *usershell* functions appearing in
unistd.h for XPG3/XPG4.
[BZ #17664]
* misc/mntent_r.c (__getmntent_r): Use __fgets_unlocked instead of
fgets_unlocked.
* resolv/res_hconf.c [IS_IN (libc)] (fgets_unlocked): Define to
__fgets_unlocked.
* resolv/res_init.c (__res_vinit): Use __fgets_unlocked instead of
fgets_unlocked.
* conform/Makefile (test-xfail-XPG4/sys/statvfs.h/linknamespace):
Remove variable.
(test-xfail-POSIX/sys/mman.h/linknamespace): Likewise.
(test-xfail-UNIX98/sys/mman.h/linknamespace): Likewise.
(test-xfail-UNIX98/sys/statvfs.h/linknamespace): Likewise.
(test-xfail-XOPEN2K/sys/mman.h/linknamespace): Likewise.
(test-xfail-XOPEN2K/sys/statvfs.h/linknamespace): Likewise.
(test-xfail-POSIX2008/sys/mman.h/linknamespace): Likewise.
(test-xfail-POSIX2008/sys/statvfs.h/linknamespace): Likewise.
(test-xfail-XOPEN2K8/sys/mman.h/linknamespace): Likewise.
(test-xfail-XOPEN2K8/sys/statvfs.h/linknamespace): Likewise.