diff options
author | Stefan Metzmacher <metze@samba.org> | 2020-03-18 14:51:12 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2020-03-25 08:33:17 +0000 |
commit | e2d260c7b42e30eca20fc90c8dbb8de82820ee2a (patch) | |
tree | 2ee9faf7a770e75d6cb8e245509ff490f4492ce8 | |
parent | e09c2e118b31968f6618c21eb4a5f952735f19a0 (diff) | |
download | samba-e2d260c7b42e30eca20fc90c8dbb8de82820ee2a.tar.gz |
third_party: Update resolv_wrapper to version 1.1.6
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 25 08:33:17 UTC 2020 on sn-devel-184
-rw-r--r-- | buildtools/wafsamba/samba_third_party.py | 2 | ||||
-rw-r--r-- | third_party/resolv_wrapper/resolv_wrapper.c | 799 | ||||
-rw-r--r-- | third_party/resolv_wrapper/wscript | 14 |
3 files changed, 625 insertions, 190 deletions
diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py index e84e5d05be3..181d0b352a5 100644 --- a/buildtools/wafsamba/samba_third_party.py +++ b/buildtools/wafsamba/samba_third_party.py @@ -34,7 +34,7 @@ Build.BuildContext.CHECK_NSS_WRAPPER = CHECK_NSS_WRAPPER @conf def CHECK_RESOLV_WRAPPER(conf): - return conf.CHECK_BUNDLED_SYSTEM_PKG('resolv_wrapper', minversion='1.1.4') + return conf.CHECK_BUNDLED_SYSTEM_PKG('resolv_wrapper', minversion='1.1.6') Build.BuildContext.CHECK_RESOLV_WRAPPER = CHECK_RESOLV_WRAPPER @conf diff --git a/third_party/resolv_wrapper/resolv_wrapper.c b/third_party/resolv_wrapper/resolv_wrapper.c index 48018be8039..0d3f34ce591 100644 --- a/third_party/resolv_wrapper/resolv_wrapper.c +++ b/third_party/resolv_wrapper/resolv_wrapper.c @@ -1,6 +1,6 @@ /* - * Copyright (c) 2014 Andreas Schneider <asn@samba.org> - * Copyright (c) 2014 Jakub Hrozek <jakub.hrozek@posteo.se> + * Copyright (c) 2014-2018 Andreas Schneider <asn@samba.org> + * Copyright (c) 2014-2016 Jakub Hrozek <jakub.hrozek@posteo.se> * * All rights reserved. * @@ -52,6 +52,10 @@ #include <resolv.h> +#if defined(HAVE_RES_STATE_U_EXT_NSADDRS) || defined(HAVE_RES_SOCKADDR_UNION_SIN6) +#define HAVE_RESOLV_IPV6_NSADDRS 1 +#endif + /* GCC has printf type attribute check. */ #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b))) @@ -73,16 +77,28 @@ #define ns_name_compress dn_comp #endif +#define ns_t_uri 256 + enum rwrap_dbglvl_e { RWRAP_LOG_ERROR = 0, RWRAP_LOG_WARN, + RWRAP_LOG_NOTICE, RWRAP_LOG_DEBUG, RWRAP_LOG_TRACE }; -#ifdef NDEBUG -# define RWRAP_LOG(...) -#else /* NDEBUG */ +#ifndef HAVE_GETPROGNAME +static const char *getprogname(void) +{ +#if defined(HAVE_PROGRAM_INVOCATION_SHORT_NAME) + return program_invocation_short_name; +#elif defined(HAVE_GETEXECNAME) + return getexecname(); +#else + return NULL; +#endif /* HAVE_PROGRAM_INVOCATION_SHORT_NAME */ +} +#endif /* HAVE_GETPROGNAME */ static void rwrap_log(enum rwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4); # define RWRAP_LOG(dbglvl, ...) rwrap_log((dbglvl), __func__, __VA_ARGS__) @@ -95,43 +111,53 @@ static void rwrap_log(enum rwrap_dbglvl_e dbglvl, va_list va; const char *d; unsigned int lvl = 0; - int pid = getpid(); + const char *prefix = NULL; + const char *progname = NULL; d = getenv("RESOLV_WRAPPER_DEBUGLEVEL"); if (d != NULL) { lvl = atoi(d); } + if (lvl < dbglvl) { + return; + } + va_start(va, format); vsnprintf(buffer, sizeof(buffer), format, va); va_end(va); - if (lvl >= dbglvl) { - switch (dbglvl) { - case RWRAP_LOG_ERROR: - fprintf(stderr, - "RWRAP_ERROR(%d) - %s: %s\n", - pid, func, buffer); - break; - case RWRAP_LOG_WARN: - fprintf(stderr, - "RWRAP_WARN(%d) - %s: %s\n", - pid, func, buffer); - break; - case RWRAP_LOG_DEBUG: - fprintf(stderr, - "RWRAP_DEBUG(%d) - %s: %s\n", - pid, func, buffer); - break; - case RWRAP_LOG_TRACE: - fprintf(stderr, - "RWRAP_TRACE(%d) - %s: %s\n", - pid, func, buffer); - break; - } + switch (dbglvl) { + case RWRAP_LOG_ERROR: + prefix = "RWRAP_ERROR"; + break; + case RWRAP_LOG_WARN: + prefix = "RWRAP_WARN"; + break; + case RWRAP_LOG_NOTICE: + prefix = "RWRAP_NOTICE"; + break; + case RWRAP_LOG_DEBUG: + prefix = "RWRAP_DEBUG"; + break; + case RWRAP_LOG_TRACE: + prefix = "RWRAP_TRACE"; + break; + } + + progname = getprogname(); + if (progname == NULL) { + progname = "<unknown>"; } + + fprintf(stderr, + "%s[%s (%u)] - %s: %s\n", + prefix, + progname, + (unsigned int)getpid(), + func, + buffer); } -#endif /* NDEBUG RWRAP_LOG */ #ifndef SAFE_FREE #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0) @@ -149,13 +175,21 @@ static void rwrap_log(enum rwrap_dbglvl_e dbglvl, } \ } while(0); -#define RWRAP_MAX_RECURSION 5 +#define RWRAP_MAX_RECURSION 64 + +union rwrap_sockaddr { + struct sockaddr sa; + struct sockaddr_in in; + struct sockaddr_in6 in6; +}; /* Priority and weight can be omitted from the hosts file, but need to be part * of the output */ #define DFL_SRV_PRIO 1 #define DFL_SRV_WEIGHT 100 +#define DFL_URI_PRIO 1 +#define DFL_URI_WEIGHT 100 struct rwrap_srv_rrdata { uint16_t port; @@ -164,6 +198,12 @@ struct rwrap_srv_rrdata { char hostname[MAXDNAME]; }; +struct rwrap_uri_rrdata { + uint16_t prio; + uint16_t weight; + char uri[MAXDNAME]; +}; + struct rwrap_soa_rrdata { uint32_t serial; uint32_t refresh; @@ -179,8 +219,11 @@ struct rwrap_fake_rr { struct in_addr a_rec; struct in6_addr aaaa_rec; struct rwrap_srv_rrdata srv_rec; + struct rwrap_uri_rrdata uri_rec; struct rwrap_soa_rrdata soa_rec; char cname_rec[MAXDNAME]; + char ptr_rec[MAXDNAME]; + char txt_rec[MAXDNAME]; } rrdata; char key[MAXDNAME]; @@ -280,6 +323,53 @@ static int rwrap_create_fake_srv_rr(const char *key, return 0; } +static int rwrap_create_fake_uri_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + char *str_prio; + char *str_weight; + const char *uri; + + /* parse the value into priority, weight, and uri + * and check the validity */ + uri = value; + NEXT_KEY(uri, str_prio); + NEXT_KEY(str_prio, str_weight); + if (uri == NULL) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Malformed URI entry [<null>]\n"); + return -1; + } + + if (str_prio) { + rr->rrdata.uri_rec.prio = atoi(str_prio); + } else { + rr->rrdata.uri_rec.prio = DFL_URI_PRIO; + } + if (str_weight) { + rr->rrdata.uri_rec.weight = atoi(str_weight); + } else { + rr->rrdata.uri_rec.weight = DFL_URI_WEIGHT; + } + memcpy(rr->rrdata.uri_rec.uri, uri, strlen(uri) + 1); + + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_uri; + return 0; +} + +static int rwrap_create_fake_txt_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + memcpy(rr->rrdata.txt_rec, value, strlen(value) + 1); + + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_txt; + return 0; +} + static int rwrap_create_fake_soa_rr(const char *key, const char *value, struct rwrap_fake_rr *rr) @@ -334,33 +424,44 @@ static int rwrap_create_fake_cname_rr(const char *key, return 0; } +static int rwrap_create_fake_ptr_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + memcpy(rr->rrdata.ptr_rec , value, strlen(value) + 1); + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_ptr; + return 0; +} + /* Prepares a fake header with a single response. Advances header_blob */ static ssize_t rwrap_fake_header(uint8_t **header_blob, size_t remaining, size_t ancount, size_t arcount) { - uint8_t *hb; - HEADER *h; + union { + uint8_t *blob; + HEADER *header; + } h; if (remaining < NS_HFIXEDSZ) { RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n"); return -1; } - hb = *header_blob; - memset(hb, 0, NS_HFIXEDSZ); + h.blob = *header_blob; + memset(h.blob, 0, NS_HFIXEDSZ); - h = (HEADER *) hb; - h->id = res_randomid(); /* random query ID */ - h->qr = 1; /* response flag */ - h->rd = 1; /* recursion desired */ - h->ra = 1; /* recursion available */ + h.header->id = res_randomid(); /* random query ID */ + h.header->qr = 1; /* response flag */ + h.header->rd = 1; /* recursion desired */ + h.header->ra = 1; /* recursion available */ - h->qdcount = htons(1); /* no. of questions */ - h->ancount = htons(ancount); /* no. of answers */ - h->arcount = htons(arcount); /* no. of add'tl records */ + h.header->qdcount = htons(1); /* no. of questions */ + h.header->ancount = htons(ancount); /* no. of answers */ + h.header->arcount = htons(arcount); /* no. of add'tl records */ - hb += NS_HFIXEDSZ; /* move past the header */ - *header_blob = hb; + /* move past the header */ + *header_blob = h.blob += NS_HFIXEDSZ; return NS_HFIXEDSZ; } @@ -439,9 +540,8 @@ static ssize_t rwrap_fake_a(struct rwrap_fake_rr *rr, uint8_t *a = answer_ptr; ssize_t resp_size; - if (rr == NULL || rr->type != ns_t_a) { - RWRAP_LOG(RWRAP_LOG_ERROR, - "Malformed record, no or wrong value!\n"); + if (rr->type != ns_t_a) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); return -1; } RWRAP_LOG(RWRAP_LOG_TRACE, "Adding A RR"); @@ -464,9 +564,8 @@ static ssize_t rwrap_fake_aaaa(struct rwrap_fake_rr *rr, uint8_t *a = answer; ssize_t resp_size; - if (rr == NULL || rr->type != ns_t_aaaa) { - RWRAP_LOG(RWRAP_LOG_ERROR, - "Malformed record, no or wrong value!\n"); + if (rr->type != ns_t_aaaa) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); return -1; } RWRAP_LOG(RWRAP_LOG_TRACE, "Adding AAAA RR"); @@ -492,9 +591,8 @@ static ssize_t rwrap_fake_ns(struct rwrap_fake_rr *rr, unsigned char hostname_compressed[MAXDNAME]; ssize_t compressed_len; - if (rr == NULL || rr->type != ns_t_ns) { - RWRAP_LOG(RWRAP_LOG_ERROR, - "Malformed record, no or wrong value!\n"); + if (rr->type != ns_t_ns) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); return -1; } RWRAP_LOG(RWRAP_LOG_TRACE, "Adding NS RR"); @@ -533,9 +631,8 @@ static ssize_t rwrap_fake_srv(struct rwrap_fake_rr *rr, unsigned char hostname_compressed[MAXDNAME]; ssize_t compressed_len; - if (rr == NULL || rr->type != ns_t_srv) { - RWRAP_LOG(RWRAP_LOG_ERROR, - "Malformed record, no or wrong value!\n"); + if (rr->type != ns_t_srv) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); return -1; } RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SRV RR"); @@ -564,6 +661,65 @@ static ssize_t rwrap_fake_srv(struct rwrap_fake_rr *rr, return resp_size; } +static ssize_t rwrap_fake_uri(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size; + size_t rdata_size; + size_t uri_len; + + if (rr->type != ns_t_uri) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding URI RR"); + rdata_size = 3 * sizeof(uint16_t); + uri_len = strlen(rr->rrdata.uri_rec.uri) + 1; + rdata_size += uri_len; + + resp_size = rwrap_fake_rdata_common(ns_t_uri, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + NS_PUT16(rr->rrdata.uri_rec.prio, a); + NS_PUT16(rr->rrdata.uri_rec.weight, a); + memcpy(a, rr->rrdata.uri_rec.uri, uri_len); + + return resp_size; +} + +static ssize_t rwrap_fake_txt(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size; + size_t rdata_size; + size_t txt_len; + + if (rr->type != ns_t_txt) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding TXT RR"); + txt_len = strlen(rr->rrdata.txt_rec) + 1; + rdata_size = txt_len; + + resp_size = rwrap_fake_rdata_common(ns_t_txt, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, rr->rrdata.txt_rec, txt_len); + + return resp_size; +} + static ssize_t rwrap_fake_soa(struct rwrap_fake_rr *rr, uint8_t *answer, size_t anslen) @@ -576,9 +732,8 @@ static ssize_t rwrap_fake_soa(struct rwrap_fake_rr *rr, unsigned char mailbox_compressed[MAXDNAME]; ssize_t compressed_mb_len; - if (rr == NULL || rr->type != ns_t_soa) { - RWRAP_LOG(RWRAP_LOG_ERROR, - "Malformed record, no or wrong value!\n"); + if (rr->type != ns_t_soa) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); return -1; } RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SOA RR"); @@ -628,9 +783,8 @@ static ssize_t rwrap_fake_cname(struct rwrap_fake_rr *rr, unsigned char hostname_compressed[MAXDNAME]; ssize_t rdata_size; - if (rr == NULL || rr->type != ns_t_cname) { - RWRAP_LOG(RWRAP_LOG_ERROR, - "Malformed record, no or wrong value!\n"); + if (rr->type != ns_t_cname) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); return -1; } RWRAP_LOG(RWRAP_LOG_TRACE, "Adding CNAME RR"); @@ -654,6 +808,40 @@ static ssize_t rwrap_fake_cname(struct rwrap_fake_rr *rr, return resp_size; } +static ssize_t rwrap_fake_ptr(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t rdata_size; + ssize_t resp_size; + unsigned char hostname_compressed[MAXDNAME]; + + if (rr->type != ns_t_ptr) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding PTR RR"); + + /* Prepare the data to write */ + rdata_size = ns_name_compress(rr->rrdata.ptr_rec, + hostname_compressed, MAXDNAME, + NULL, NULL); + if (rdata_size < 0) { + return -1; + } + + resp_size = rwrap_fake_rdata_common(ns_t_ptr, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, hostname_compressed, rdata_size); + + return resp_size; +} + #define RESOLV_MATCH(line, name) \ (strncmp(line, name, sizeof(name) - 1) == 0 && \ (line[sizeof(name) - 1] == ' ' || \ @@ -669,6 +857,19 @@ static int rwrap_get_record(const char *hostfile, unsigned recursion, const char *query, int type, struct rwrap_fake_rr *rr); +static int rwrap_uri_recurse(const char *hostfile, unsigned recursion, + const char *query, struct rwrap_fake_rr *rr) +{ + int rc; + + rc = rwrap_get_record(hostfile, recursion, query, ns_t_uri, rr); + if (rc == ENOENT) { + rc = 0; + } + + return rc; +} + static int rwrap_srv_recurse(const char *hostfile, unsigned recursion, const char *query, struct rwrap_fake_rr *rr) { @@ -709,6 +910,7 @@ static int rwrap_get_record(const char *hostfile, unsigned recursion, char *key = NULL; char *value = NULL; int rc = ENOENT; + unsigned num_uris = 0; if (recursion >= RWRAP_MAX_RECURSION) { RWRAP_LOG(RWRAP_LOG_ERROR, "Recursed too deep!\n"); @@ -721,7 +923,7 @@ static int rwrap_get_record(const char *hostfile, unsigned recursion, fp = fopen(hostfile, "r"); if (fp == NULL) { - RWRAP_LOG(RWRAP_LOG_ERROR, + RWRAP_LOG(RWRAP_LOG_WARN, "Opening %s failed: %s", hostfile, strerror(errno)); return -1; @@ -750,6 +952,18 @@ static int rwrap_get_record(const char *hostfile, unsigned recursion, } q[0] = '\0'; + if (type == ns_t_uri && recursion > 0) { + /* Skip non-URI records. */ + if (!TYPE_MATCH(type, ns_t_uri, rec_type, "URI", key, query)) { + continue; + } + /* Skip previous records based on the recurse depth. */ + num_uris++; + if (num_uris <= recursion) { + continue; + } + } + if (TYPE_MATCH(type, ns_t_a, rec_type, "A", key, query)) { rc = rwrap_create_fake_a_rr(key, value, rr); break; @@ -770,6 +984,14 @@ static int rwrap_get_record(const char *hostfile, unsigned recursion, rr + 1); } break; + } else if (TYPE_MATCH(type, ns_t_uri, + rec_type, "URI", key, query)) { + rc = rwrap_create_fake_uri_rr(key, value, rr); + if (rc == 0) { + /* Recurse to collect multiple URI answers under a single key. */ + rc = rwrap_uri_recurse(hostfile, recursion + 1, key, rr + 1); + } + break; } else if (TYPE_MATCH(type, ns_t_soa, rec_type, "SOA", key, query)) { rc = rwrap_create_fake_soa_rr(key, value, rr); @@ -789,6 +1011,15 @@ static int rwrap_get_record(const char *hostfile, unsigned recursion, value, rr + 1); } break; + } else if (TYPE_MATCH(type, ns_t_ptr, + rec_type, "PTR", key, query)) { + rc = rwrap_create_fake_ptr_rr(key, value, rr); + break; + } + else if (TYPE_MATCH(type, ns_t_txt, + rec_type, "TXT", key, query)) { + rc = rwrap_create_fake_txt_rr(key, value, rr); + break; } } @@ -837,8 +1068,11 @@ static inline bool rwrap_known_type(int type) case ns_t_aaaa: case ns_t_ns: case ns_t_srv: + case ns_t_uri: case ns_t_soa: case ns_t_cname: + case ns_t_ptr: + case ns_t_txt: return true; } @@ -850,6 +1084,17 @@ static int rwrap_ancount(struct rwrap_fake_rr *rrs, int qtype) int i; int ancount = 0; + /* For URI return the number of URIs. */ + if (qtype == ns_t_uri) { + for (i = 0; i < RWRAP_MAX_RECURSION; i++) { + if (rwrap_known_type(rrs[i].type) && + rrs[i].type == qtype) { + ancount++; + } + } + return ancount; + } + /* Include all RRs in the stack until the sought type * in the answer section. This is the case i.e. when looking * up an A record but the name points to a CNAME @@ -888,6 +1133,11 @@ static ssize_t rwrap_add_rr(struct rwrap_fake_rr *rr, { ssize_t resp_data; + if (rr == NULL) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Internal error!\n"); + return -1; + } + switch (rr->type) { case ns_t_a: resp_data = rwrap_fake_a(rr, answer, anslen); @@ -901,12 +1151,21 @@ static ssize_t rwrap_add_rr(struct rwrap_fake_rr *rr, case ns_t_srv: resp_data = rwrap_fake_srv(rr, answer, anslen); break; + case ns_t_uri: + resp_data = rwrap_fake_uri(rr, answer, anslen); + break; case ns_t_soa: resp_data = rwrap_fake_soa(rr, answer, anslen); break; case ns_t_cname: resp_data = rwrap_fake_cname(rr, answer, anslen); break; + case ns_t_ptr: + resp_data = rwrap_fake_ptr(rr, answer, anslen); + break; + case ns_t_txt: + resp_data = rwrap_fake_txt(rr, answer, anslen); + break; default: return -1; } @@ -1016,8 +1275,9 @@ static int rwrap_res_fake_hosts(const char *hostfile, resp_size = rwrap_fake_empty(type, rrs->key, answer, anslen); break; default: - RWRAP_LOG(RWRAP_LOG_ERROR, - "Error searching for [%s]\n", query_name); + RWRAP_LOG(RWRAP_LOG_NOTICE, + "Searching for [%s] did not return any results\n", + query_name); free(query_name); return -1; } @@ -1115,7 +1375,6 @@ enum rwrap_lib { RWRAP_LIBRESOLV }; -#ifndef NDEBUG static const char *rwrap_str_lib(enum rwrap_lib lib) { switch (lib) { @@ -1128,7 +1387,6 @@ static const char *rwrap_str_lib(enum rwrap_lib lib) /* Compiler would warn us about unhandled enum value if we get here */ return "unknown"; } -#endif static void *rwrap_load_lib_handle(enum rwrap_lib lib) { @@ -1137,7 +1395,25 @@ static void *rwrap_load_lib_handle(enum rwrap_lib lib) int i; #ifdef RTLD_DEEPBIND - flags |= RTLD_DEEPBIND; + const char *env_preload = getenv("LD_PRELOAD"); + const char *env_deepbind = getenv("RESOLV_WRAPPER_DISABLE_DEEPBIND"); + bool enable_deepbind = true; + + /* Don't do a deepbind if we run with libasan */ + if (env_preload != NULL && strlen(env_preload) < 1024) { + const char *p = strstr(env_preload, "libasan.so"); + if (p != NULL) { + enable_deepbind = false; + } + } + + if (env_deepbind != NULL && strlen(env_deepbind) >= 1) { + enable_deepbind = false; + } + + if (enable_deepbind) { + flags |= RTLD_DEEPBIND; + } #endif switch (lib) { @@ -1244,21 +1520,13 @@ static void *_rwrap_bind_symbol(enum rwrap_lib lib, const char *fn_name) static int libc_res_ninit(struct __res_state *state) { #if !defined(res_ninit) && defined(HAVE_RES_NINIT) - -#if defined(HAVE_RES_NINIT_IN_LIBRESOLV) rwrap_bind_symbol_libresolv(res_ninit); return rwrap.libresolv.symbols._libc_res_ninit.f(state); -#else /* HAVE_RES_NINIT_IN_LIBRESOLV */ - rwrap_bind_symbol_libc(res_ninit); - - return rwrap.libc.symbols._libc_res_ninit.f(state); -#endif /* HAVE_RES_NINIT_IN_LIBRESOLV */ - #elif defined(HAVE___RES_NINIT) - rwrap_bind_symbol_libc(__res_ninit); + rwrap_bind_symbol_libresolv(__res_ninit); - return rwrap.libc.symbols._libc___res_ninit.f(state); + return rwrap.libresolv.symbols._libc___res_ninit.f(state); #else #error "No res_ninit function" #endif @@ -1267,23 +1535,14 @@ static int libc_res_ninit(struct __res_state *state) static void libc_res_nclose(struct __res_state *state) { #if !defined(res_close) && defined(HAVE_RES_NCLOSE) - -#if defined(HAVE_RES_NCLOSE_IN_LIBRESOLV) rwrap_bind_symbol_libresolv(res_nclose); rwrap.libresolv.symbols._libc_res_nclose.f(state); return; -#else /* HAVE_RES_NCLOSE_IN_LIBRESOLV */ - rwrap_bind_symbol_libc(res_nclose); - - rwrap.libc.symbols._libc_res_nclose.f(state); - return; -#endif /* HAVE_RES_NCLOSE_IN_LIBRESOLV */ - #elif defined(HAVE___RES_NCLOSE) - rwrap_bind_symbol_libc(__res_nclose); + rwrap_bind_symbol_libresolv(__res_nclose); - rwrap.libc.symbols._libc___res_nclose.f(state); + rwrap.libresolv.symbols._libc___res_nclose.f(state); #else #error "No res_nclose function" #endif @@ -1353,12 +1612,235 @@ static int libc_res_nsearch(struct __res_state *state, * RES_HELPER ***************************************************************************/ +static size_t rwrap_get_nameservers(struct __res_state *state, + size_t nserv, + union rwrap_sockaddr *nsaddrs) +{ +#ifdef HAVE_RES_SOCKADDR_UNION_SIN + union res_sockaddr_union set[MAXNS]; + size_t i; + int rc; + + memset(set, 0, sizeof(set)); + memset(nsaddrs, 0, sizeof(*nsaddrs) * nserv); + + if (nserv > MAXNS) { + nserv = MAXNS; + } + + rc = res_getservers(state, set, nserv); + if (rc <= 0) { + return 0; + } + if (rc < nserv) { + nserv = rc; + } + + for (i = 0; i < nserv; i++) { + switch (set[i].sin.sin_family) { + case AF_INET: + nsaddrs[i] = (union rwrap_sockaddr) { + .in = set[i].sin, + }; + break; +#ifdef HAVE_RES_SOCKADDR_UNION_SIN6 + case AF_INET6: + nsaddrs[i] = (union rwrap_sockaddr) { + .in6 = set[i].sin6, + }; + break; +#endif + } + } + + return nserv; +#else /* ! HAVE_RES_SOCKADDR_UNION_SIN */ + size_t i; + + memset(nsaddrs, 0, sizeof(*nsaddrs) * nserv); + + if (nserv > (size_t)state->nscount) { + nserv = (size_t)state->nscount; + } + + for (i = 0; i < nserv; i++) { +#ifdef HAVE_RES_STATE_U_EXT_NSADDRS + if (state->_u._ext.nsaddrs[i] != NULL) { + nsaddrs[i] = (union rwrap_sockaddr) { + .in6 = *state->_u._ext.nsaddrs[i], + }; + } else +#endif /* HAVE_RES_STATE_U_EXT_NSADDRS */ + { + nsaddrs[i] = (union rwrap_sockaddr) { + .in = state->nsaddr_list[i], + }; + } + } + + return nserv; +#endif /* ! HAVE_RES_SOCKADDR_UNION_SIN */ +} + +static void rwrap_log_nameservers(enum rwrap_dbglvl_e dbglvl, + const char *func, + struct __res_state *state) +{ + union rwrap_sockaddr nsaddrs[MAXNS]; + size_t nserv = MAXNS; + size_t i; + + memset(nsaddrs, 0, sizeof(nsaddrs)); + nserv = rwrap_get_nameservers(state, nserv, nsaddrs); + for (i = 0; i < nserv; i++) { + char ip[INET6_ADDRSTRLEN]; + + switch (nsaddrs[i].sa.sa_family) { + case AF_INET: + inet_ntop(AF_INET, &(nsaddrs[i].in.sin_addr), + ip, sizeof(ip)); + break; + case AF_INET6: + inet_ntop(AF_INET6, &(nsaddrs[i].in6.sin6_addr), + ip, sizeof(ip)); + break; + default: + snprintf(ip, sizeof(ip), "<unknown sa_family=%d", + nsaddrs[i].sa.sa_family); + break; + } + + rwrap_log(dbglvl, func, + " nameserver: %s", + ip); + } +} + +static void rwrap_reset_nameservers(struct __res_state *state) +{ +#ifdef HAVE_RES_SOCKADDR_UNION_SIN + res_setservers(state, NULL, 0); +#else /* ! HAVE_RES_SOCKADDR_UNION_SIN */ +#ifdef HAVE_RES_STATE_U_EXT_NSADDRS + size_t i; + + for (i = 0; i < (size_t)state->nscount; i++) { + if (state->_u._ext.nssocks[i] != -1) { + close(state->_u._ext.nssocks[i]); + state->_u._ext.nssocks[i] = -1; + } + SAFE_FREE(state->_u._ext.nsaddrs[i]); + } + memset(&state->_u._ext, 0, sizeof(state->_u._ext)); + for (i = 0; i < MAXNS; i++) { + state->_u._ext.nssocks[i] = -1; + state->_u._ext.nsmap[i] = MAXNS + 1; + } + state->ipv6_unavail = false; +#endif + memset(state->nsaddr_list, 0, sizeof(state->nsaddr_list)); + state->nscount = 0; +#endif /* ! HAVE_RES_SOCKADDR_UNION_SIN */ +} + +static int rwrap_set_nameservers(struct __res_state *state, + size_t nserv, + const union rwrap_sockaddr *nsaddrs) +{ +#ifdef HAVE_RES_SOCKADDR_UNION_SIN + union res_sockaddr_union set[MAXNS]; + size_t i; + + memset(set, 0, sizeof(set)); + + if (nserv > MAXNS) { + nserv = MAXNS; + } + + rwrap_reset_nameservers(state); + + for (i = 0; i < nserv; i++) { + switch (nsaddrs[i].sa.sa_family) { + case AF_INET: + set[i] = (union res_sockaddr_union) { + .sin = nsaddrs[i].in, + }; + break; +#ifdef HAVE_RES_SOCKADDR_UNION_SIN6 + case AF_INET6: + set[i] = (union res_sockaddr_union) { + .sin6 = nsaddrs[i].in6, + }; + break; +#endif + default: + RWRAP_LOG(RWRAP_LOG_ERROR, + "Internal error unhandled sa_family=%d", + nsaddrs[i].sa.sa_family); + errno = ENOSYS; + return -1; + } + } + + res_setservers(state, set, nserv); + return 0; +#else /* ! HAVE_RES_SOCKADDR_UNION_SIN */ + size_t i; + + if (nserv > MAXNS) { + nserv = MAXNS; + } + rwrap_reset_nameservers(state); + + for (i = 0; i < nserv; i++) { + switch (nsaddrs[i].sa.sa_family) { + case AF_INET: + state->nsaddr_list[i] = nsaddrs[i].in; + break; +#ifdef HAVE_RES_STATE_U_EXT_NSADDRS + case AF_INET6: + state->_u._ext.nsaddrs[i] = malloc(sizeof(nsaddrs[i].in6)); + if (state->_u._ext.nsaddrs[i] == NULL) { + rwrap_reset_nameservers(state); + errno = ENOMEM; + return -1; + } + *state->_u._ext.nsaddrs[i] = nsaddrs[i].in6; + state->_u._ext.nssocks[i] = -1; + state->_u._ext.nsmap[i] = MAXNS + 1; + state->_u._ext.nscount6++; + break; +#endif + default: + RWRAP_LOG(RWRAP_LOG_ERROR, + "Internal error unhandled sa_family=%d", + nsaddrs[i].sa.sa_family); + rwrap_reset_nameservers(state); + errno = ENOSYS; + return -1; + } + } + + /* + * note that state->_u._ext.nscount is left as 0, + * this matches glibc and allows resolv wrapper + * to work with most (maybe all) glibc versions. + */ + state->nscount = i; + + return 0; +#endif /* ! HAVE_RES_SOCKADDR_UNION_SIN */ +} + static int rwrap_parse_resolv_conf(struct __res_state *state, const char *resolv_conf) { FILE *fp; char buf[BUFSIZ]; - int nserv = 0; + size_t nserv = 0; + union rwrap_sockaddr nsaddrs[MAXNS]; + + memset(nsaddrs, 0, sizeof(nsaddrs)); fp = fopen(resolv_conf, "r"); if (fp == NULL) { @@ -1378,6 +1860,7 @@ static int rwrap_parse_resolv_conf(struct __res_state *state, if (RESOLV_MATCH(buf, "nameserver") && nserv < MAXNS) { struct in_addr a; + struct in6_addr a6; char *q; int ok; @@ -1396,57 +1879,42 @@ static int rwrap_parse_resolv_conf(struct __res_state *state, ok = inet_pton(AF_INET, p, &a); if (ok) { - state->nsaddr_list[state->nscount] = (struct sockaddr_in) { - .sin_family = AF_INET, - .sin_addr = a, - .sin_port = htons(53), - .sin_zero = { 0 }, + nsaddrs[nserv] = (union rwrap_sockaddr) { + .in = { + .sin_family = AF_INET, + .sin_addr = a, + .sin_port = htons(53), + .sin_zero = { 0 }, + }, }; - state->nscount++; nserv++; - } else { + continue; + } + + ok = inet_pton(AF_INET6, p, &a6); + if (ok) { #ifdef HAVE_RESOLV_IPV6_NSADDRS - /* IPv6 */ - struct in6_addr a6; - ok = inet_pton(AF_INET6, p, &a6); - if (ok) { - struct sockaddr_in6 *sa6; - - sa6 = malloc(sizeof(*sa6)); - if (sa6 == NULL) { - fclose(fp); - return -1; - } - - sa6->sin6_family = AF_INET6; - sa6->sin6_port = htons(53); - sa6->sin6_flowinfo = 0; - sa6->sin6_addr = a6; - - state->_u._ext.nsaddrs[state->_u._ext.nscount] = sa6; - state->_u._ext.nssocks[state->_u._ext.nscount] = -1; - state->_u._ext.nsmap[state->_u._ext.nscount] = MAXNS + 1; - - state->_u._ext.nscount++; - nserv++; - } else { - RWRAP_LOG(RWRAP_LOG_ERROR, - "Malformed DNS server"); - continue; - } + nsaddrs[nserv] = (union rwrap_sockaddr) { + .in6 = { + + .sin6_family = AF_INET6, + .sin6_port = htons(53), + .sin6_flowinfo = 0, + .sin6_addr = a6, + }, + }; + nserv++; + continue; #else /* !HAVE_RESOLV_IPV6_NSADDRS */ - /* - * BSD uses an opaque structure to store the - * IPv6 addresses. So we can not simply store - * these addresses the same way as above. - */ RWRAP_LOG(RWRAP_LOG_WARN, "resolve_wrapper does not support " "IPv6 on this platform"); - continue; + continue; #endif } + + RWRAP_LOG(RWRAP_LOG_ERROR, "Malformed DNS server[%s]", p); continue; } /* TODO: match other keywords */ } @@ -1460,7 +1928,16 @@ static int rwrap_parse_resolv_conf(struct __res_state *state, } fclose(fp); - return 0; + + if (nserv == 0) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "No usable nameservers found in %s", + resolv_conf); + errno = ESRCH; + return -1; + } + + return rwrap_set_nameservers(state, nserv, nsaddrs); } /**************************************************************************** @@ -1476,21 +1953,6 @@ static int rwrap_res_ninit(struct __res_state *state) const char *resolv_conf = getenv("RESOLV_WRAPPER_CONF"); if (resolv_conf != NULL) { - uint16_t i; - - (void)i; /* maybe unused */ - - /* Delete name servers */ - state->nscount = 0; - memset(state->nsaddr_list, 0, sizeof(state->nsaddr_list)); - -#ifdef HAVE_RESOLV_IPV6_NSADDRS - state->_u._ext.nscount = 0; - for (i = 0; i < state->_u._ext.nscount; i++) { - SAFE_FREE(state->_u._ext.nsaddrs[i]); - } -#endif - rc = rwrap_parse_resolv_conf(state, resolv_conf); } } @@ -1537,19 +1999,8 @@ int __res_init(void) static void rwrap_res_nclose(struct __res_state *state) { -#ifdef HAVE_RESOLV_IPV6_NSADDRS - int i; -#endif - + rwrap_reset_nameservers(state); libc_res_nclose(state); - -#ifdef HAVE_RESOLV_IPV6_NSADDRS - if (state != NULL) { - for (i = 0; i < state->_u._ext.nscount; i++) { - SAFE_FREE(state->_u._ext.nsaddrs[i]); - } - } -#endif } #if !defined(res_nclose) && defined(HAVE_RES_NCLOSE) @@ -1592,23 +2043,11 @@ static int rwrap_res_nquery(struct __res_state *state, { int rc; const char *fake_hosts; -#ifndef NDEBUG - int i; -#endif RWRAP_LOG(RWRAP_LOG_TRACE, "Resolve the domain name [%s] - class=%d, type=%d", dname, class, type); -#ifndef NDEBUG - for (i = 0; i < state->nscount; i++) { - char ip[INET6_ADDRSTRLEN]; - - inet_ntop(AF_INET, &state->nsaddr_list[i].sin_addr, ip, sizeof(ip)); - RWRAP_LOG(RWRAP_LOG_TRACE, - " nameserver: %s", - ip); - } -#endif + rwrap_log_nameservers(RWRAP_LOG_TRACE, __func__, state); fake_hosts = getenv("RESOLV_WRAPPER_HOSTS"); if (fake_hosts != NULL) { @@ -1701,23 +2140,11 @@ static int rwrap_res_nsearch(struct __res_state *state, { int rc; const char *fake_hosts; -#ifndef NDEBUG - int i; -#endif RWRAP_LOG(RWRAP_LOG_TRACE, "Resolve the domain name [%s] - class=%d, type=%d", dname, class, type); -#ifndef NDEBUG - for (i = 0; i < state->nscount; i++) { - char ip[INET6_ADDRSTRLEN]; - - inet_ntop(AF_INET, &state->nsaddr_list[i].sin_addr, ip, sizeof(ip)); - RWRAP_LOG(RWRAP_LOG_TRACE, - " nameserver: %s", - ip); - } -#endif + rwrap_log_nameservers(RWRAP_LOG_TRACE, __func__, state); fake_hosts = getenv("RESOLV_WRAPPER_HOSTS"); if (fake_hosts != NULL) { diff --git a/third_party/resolv_wrapper/wscript b/third_party/resolv_wrapper/wscript index 6bd2d51db41..ea3df498a6e 100644 --- a/third_party/resolv_wrapper/wscript +++ b/third_party/resolv_wrapper/wscript @@ -2,7 +2,7 @@ import os -VERSION="1.1.4" +VERSION="1.1.6" def configure(conf): if conf.CHECK_RESOLV_WRAPPER(): @@ -30,8 +30,16 @@ def configure(conf): conf.CHECK_STRUCTURE_MEMBER('struct __res_state', '_u._ext.nsaddrs', - headers='resolv.h', - define='HAVE_RESOLV_IPV6_NSADDRS') + headers='sys/socket.h netinet/in.h resolv.h', + define='HAVE_RES_STATE_U_EXT_NSADDRS') + conf.CHECK_STRUCTURE_MEMBER('union res_sockaddr_union', + 'sin', + headers='sys/socket.h netinet/in.h resolv.h', + define='HAVE_RES_SOCKADDR_UNION_SIN') + conf.CHECK_STRUCTURE_MEMBER('union res_sockaddr_union', + 'sin6', + headers='sys/socket.h netinet/in.h resolv.h', + define='HAVE_RES_SOCKADDR_UNION_SIN6') conf.CHECK_FUNCS_IN('res_ninit', 'resolv') if conf.CONFIG_SET('HAVE_RES_NINIT'): |