151 lines
4.1 KiB
Diff
151 lines
4.1 KiB
Diff
commit 0d71523ab58493e1b40e1c80d569ff8ebc5ea27d
|
|
Author: David Howells <dhowells@redhat.com>
|
|
Date: Wed, 9 May 2018 10:37:03 +0100
|
|
|
|
DNS: Support AFS SRV records and cell db config files
|
|
|
|
[dhowells: Cut down to only include generic changes as a prereq for the
|
|
next patch]
|
|
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
---
|
|
key.dns_resolver.c | 47 +++++++++++++++++++++++++++++++----------------
|
|
1 file changed, 31 insertions(+), 16 deletions(-)
|
|
|
|
|
|
diff --git a/key.dns_resolver.c b/key.dns_resolver.c
|
|
index 9c9d458..849c8fe 100644
|
|
--- a/key.dns_resolver.c
|
|
+++ b/key.dns_resolver.c
|
|
@@ -74,6 +74,7 @@ static int debug_mode;
|
|
#define INET_IP6_ONLY 0x2
|
|
#define INET_ALL 0xFF
|
|
#define ONE_ADDR_ONLY 0x100
|
|
+unsigned mask = INET_ALL;
|
|
|
|
/*
|
|
* segmental payload
|
|
@@ -164,14 +165,10 @@ static const int ns_errno_map[] = {
|
|
[NO_DATA] = ENODATA,
|
|
};
|
|
|
|
-static __attribute__((noreturn))
|
|
-void nsError(int err, const char *domain)
|
|
+void _nsError(int err, const char *domain)
|
|
{
|
|
- unsigned timeout = 1 * 60;
|
|
- int ret;
|
|
-
|
|
if (isatty(2))
|
|
- fprintf(stderr, "%s: %s.\n", domain, hstrerror(err));
|
|
+ fprintf(stderr, "NS:%s: %s.\n", domain, hstrerror(err));
|
|
else
|
|
syslog(LOG_INFO, "%s: %s", domain, hstrerror(err));
|
|
|
|
@@ -181,11 +178,28 @@ void nsError(int err, const char *domain)
|
|
err = ns_errno_map[err];
|
|
|
|
info("Reject the key with error %d", err);
|
|
+}
|
|
+
|
|
+static __attribute__((noreturn))
|
|
+void nsError(int err, const char *domain)
|
|
+{
|
|
+ unsigned timeout;
|
|
+ int ret;
|
|
+
|
|
+ _nsError(err, domain);
|
|
|
|
- if (err == EAGAIN)
|
|
+ switch (err) {
|
|
+ case TRY_AGAIN:
|
|
timeout = 1;
|
|
- else if (err == ECONNREFUSED)
|
|
+ break;
|
|
+ case 0:
|
|
+ case NO_RECOVERY:
|
|
timeout = 10;
|
|
+ break;
|
|
+ default:
|
|
+ timeout = 1 * 60;
|
|
+ break;
|
|
+ }
|
|
|
|
if (!debug_mode) {
|
|
ret = keyctl_reject(key, timeout, err, KEY_REQKEY_DEFL_DEFAULT);
|
|
@@ -296,10 +310,10 @@ static void dump_payload(void)
|
|
* string to the list of payload segments.
|
|
*/
|
|
static int
|
|
-dns_resolver(const char *server_name, unsigned mask)
|
|
+dns_resolver(const char *server_name, const char *port)
|
|
{
|
|
struct addrinfo hints, *addr, *ai;
|
|
- char buf[INET6_ADDRSTRLEN + 1];
|
|
+ char buf[INET6_ADDRSTRLEN + 8 + 1];
|
|
int ret, len;
|
|
void *sa;
|
|
|
|
@@ -320,8 +334,6 @@ dns_resolver(const char *server_name, unsigned mask)
|
|
return -1;
|
|
}
|
|
|
|
- debug("getaddrinfo = %d", ret);
|
|
-
|
|
for (ai = addr; ai; ai = ai->ai_next) {
|
|
debug("RR: %x,%x,%x,%x,%x,%s",
|
|
ai->ai_flags, ai->ai_family,
|
|
@@ -350,6 +362,8 @@ dns_resolver(const char *server_name, unsigned mask)
|
|
if (!inet_ntop(ai->ai_family, sa, buf, len))
|
|
error("%s: inet_ntop: %m", __func__);
|
|
|
|
+ if (port)
|
|
+ strcat(buf, port);
|
|
append_address_to_payload(buf);
|
|
if (mask & ONE_ADDR_ONLY)
|
|
break;
|
|
@@ -413,7 +427,7 @@ static void afsdb_hosts_to_addrs(ns_msg handle,
|
|
goto next_one;
|
|
|
|
/* Turn the hostname into IP addresses */
|
|
- ret = dns_resolver(vllist[vlsnum], mask);
|
|
+ ret = dns_resolver(vllist[vlsnum], NULL);
|
|
if (ret) {
|
|
debug("AFSDB RR can't resolve."
|
|
"subtype:%d, server name:%s, netmask:%u",
|
|
@@ -523,7 +537,6 @@ int dns_query_afsdb(const char *cell, char *options)
|
|
static __attribute__((noreturn))
|
|
int dns_query_a_or_aaaa(const char *hostname, char *options)
|
|
{
|
|
- unsigned mask;
|
|
int ret;
|
|
|
|
debug("Get A/AAAA RR for hostname:'%s', options:'%s'",
|
|
@@ -569,7 +582,7 @@ int dns_query_a_or_aaaa(const char *hostname, char *options)
|
|
}
|
|
|
|
/* Turn the hostname into IP addresses */
|
|
- ret = dns_resolver(hostname, mask);
|
|
+ ret = dns_resolver(hostname, NULL);
|
|
if (ret)
|
|
nsError(NO_DATA, hostname);
|
|
|
|
@@ -630,7 +643,7 @@ int main(int argc, char *argv[])
|
|
|
|
openlog(prog, 0, LOG_DAEMON);
|
|
|
|
- while ((ret = getopt_long(argc, argv, "vD", long_options, NULL)) != -1) {
|
|
+ while ((ret = getopt_long(argc, argv, "vDV", long_options, NULL)) != -1) {
|
|
switch (ret) {
|
|
case 'D':
|
|
debug_mode = 1;
|
|
@@ -713,6 +726,8 @@ int main(int argc, char *argv[])
|
|
qtlen = name - keyend;
|
|
name++;
|
|
|
|
+ info("Query type: '%*.*s'", qtlen, qtlen, keyend);
|
|
+
|
|
if ((qtlen == sizeof(a_query_type) - 1 &&
|
|
memcmp(keyend, a_query_type, sizeof(a_query_type) - 1) == 0) ||
|
|
(qtlen == sizeof(aaaa_query_type) - 1 &&
|