Merge ~utkarsh/ubuntu/+source/keyutils:apply-default-ttl-to-records-impish into ubuntu/+source/keyutils:ubuntu/impish-devel
- Git
- lp:~utkarsh/ubuntu/+source/keyutils
- apply-default-ttl-to-records-impish
- Merge into ubuntu/impish-devel
Proposed by
Utkarsh Gupta
Status: | Needs review | ||||
---|---|---|---|---|---|
Proposed branch: | ~utkarsh/ubuntu/+source/keyutils:apply-default-ttl-to-records-impish | ||||
Merge into: | ubuntu/+source/keyutils:ubuntu/impish-devel | ||||
Diff against target: |
553 lines (+531/-0) 3 files modified
debian/changelog (+8/-0) debian/patches/apply-default-ttl-to-records.patch (+522/-0) debian/patches/series (+1/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Chris Newcomer | Pending | ||
Utkarsh Gupta | Pending | ||
git-ubuntu import | Pending | ||
Review via email: mp+416129@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Unmerged commits
- 7b0f7a2... by Utkarsh Gupta
-
Update d/ch for 1.6.1-2ubuntu2.1 release
- 3f83464... by Utkarsh Gupta
-
* d/p/apply-
default- ttl-to- records. patch: Add patch
to apply default TTL to records obtained from
getaddrinfo(). (LP: #1962453)
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/changelog b/debian/changelog | |||
2 | index 2b581f6..52c1765 100644 | |||
3 | --- a/debian/changelog | |||
4 | +++ b/debian/changelog | |||
5 | @@ -1,3 +1,11 @@ | |||
6 | 1 | keyutils (1.6.1-2ubuntu2.1) impish; urgency=medium | ||
7 | 2 | |||
8 | 3 | * d/p/apply-default-ttl-to-records.patch: Add patch | ||
9 | 4 | to apply default TTL to records obtained from | ||
10 | 5 | getaddrinfo(). (LP: #1962453) | ||
11 | 6 | |||
12 | 7 | -- Utkarsh Gupta <utkarsh.gupta@canonical.com> Mon, 28 Feb 2022 16:20:06 +0530 | ||
13 | 8 | |||
14 | 1 | keyutils (1.6.1-2ubuntu2) impish; urgency=medium | 9 | keyutils (1.6.1-2ubuntu2) impish; urgency=medium |
15 | 2 | 10 | ||
16 | 3 | * No-change rebuild to build packages with zstd compression. | 11 | * No-change rebuild to build packages with zstd compression. |
17 | diff --git a/debian/patches/apply-default-ttl-to-records.patch b/debian/patches/apply-default-ttl-to-records.patch | |||
18 | 4 | new file mode 100644 | 12 | new file mode 100644 |
19 | index 0000000..d0776ce | |||
20 | --- /dev/null | |||
21 | +++ b/debian/patches/apply-default-ttl-to-records.patch | |||
22 | @@ -0,0 +1,522 @@ | |||
23 | 1 | From 75e7568dc516db698093b33ea273e1b4a30b70be Mon Sep 17 00:00:00 2001 | ||
24 | 2 | From: David Howells <dhowells@redhat.com> | ||
25 | 3 | Date: Tue, 14 Apr 2020 16:07:26 +0100 | ||
26 | 4 | Subject: dns: Apply a default TTL to records obtained from getaddrinfo() | ||
27 | 5 | Address records obtained from getaddrinfo() don't come with any TTL | ||
28 | 6 | information, even if they're obtained from the DNS, with the result that | ||
29 | 7 | key.dns_resolver upcall program doesn't set an expiry time on dns_resolver | ||
30 | 8 | records unless they include a component obtained directly from the DNS, | ||
31 | 9 | such as an SRV or AFSDB record. | ||
32 | 10 | . | ||
33 | 11 | Fix this to apply a default TTL of 10mins in the event that we haven't got | ||
34 | 12 | one. This can be configured in /etc/keyutils/key.dns_resolver.conf by | ||
35 | 13 | adding the line: | ||
36 | 14 | . | ||
37 | 15 | default_ttl = <number-of-seconds> | ||
38 | 16 | . | ||
39 | 17 | to the file. | ||
40 | 18 | . | ||
41 | 19 | Signed-off-by: David Howells <dhowells@redhat.com> | ||
42 | 20 | Reviewed-by: Ben Boeckel <me@benboeckel.net> | ||
43 | 21 | Reviewed-by: Jeff Layton <jlayton@kernel.org> | ||
44 | 22 | Origin: upstream, https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=75e7568dc516db698093b33ea273e1b4a30b70be | ||
45 | 23 | Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453 | ||
46 | 24 | Last-Updated: 2022-02-28 | ||
47 | 25 | |||
48 | 26 | --- | ||
49 | 27 | Makefile | 1 + | ||
50 | 28 | dns.afsdb.c | 16 ++-- | ||
51 | 29 | key.dns.h | 4 + | ||
52 | 30 | key.dns_resolver.c | 208 +++++++++++++++++++++++++++++++++++++++++--- | ||
53 | 31 | man/key.dns_resolver.8 | 25 ++++-- | ||
54 | 32 | man/key.dns_resolver.conf.5 | 48 ++++++++++ | ||
55 | 33 | 6 files changed, 277 insertions(+), 25 deletions(-) | ||
56 | 34 | create mode 100644 man/key.dns_resolver.conf.5 | ||
57 | 35 | |||
58 | 36 | --- a/Makefile | ||
59 | 37 | +++ b/Makefile | ||
60 | 38 | @@ -204,6 +204,7 @@ | ||
61 | 39 | $(INSTALL) -D key.dns_resolver $(DESTDIR)$(SBINDIR)/key.dns_resolver | ||
62 | 40 | $(INSTALL) -D -m 0644 request-key.conf $(DESTDIR)$(ETCDIR)/request-key.conf | ||
63 | 41 | mkdir -p $(DESTDIR)$(ETCDIR)/request-key.d | ||
64 | 42 | + mkdir -p $(DESTDIR)$(ETCDIR)/keyutils | ||
65 | 43 | mkdir -p $(DESTDIR)$(MAN1) | ||
66 | 44 | $(INSTALL) -m 0644 $(wildcard man/*.1) $(DESTDIR)$(MAN1) | ||
67 | 45 | mkdir -p $(DESTDIR)$(MAN3) | ||
68 | 46 | --- a/dns.afsdb.c | ||
69 | 47 | +++ b/dns.afsdb.c | ||
70 | 48 | @@ -37,8 +37,6 @@ | ||
71 | 49 | */ | ||
72 | 50 | #include "key.dns.h" | ||
73 | 51 | |||
74 | 52 | -static unsigned long afs_ttl = ULONG_MAX; | ||
75 | 53 | - | ||
76 | 54 | /* | ||
77 | 55 | * | ||
78 | 56 | */ | ||
79 | 57 | @@ -114,8 +112,8 @@ | ||
80 | 58 | } | ||
81 | 59 | } | ||
82 | 60 | |||
83 | 61 | - afs_ttl = ttl; | ||
84 | 62 | - info("ttl: %u", ttl); | ||
85 | 63 | + key_expiry = ttl; | ||
86 | 64 | + info("ttl: %u", key_expiry); | ||
87 | 65 | } | ||
88 | 66 | |||
89 | 67 | /* | ||
90 | 68 | @@ -203,8 +201,8 @@ | ||
91 | 69 | } | ||
92 | 70 | } | ||
93 | 71 | |||
94 | 72 | - afs_ttl = ttl; | ||
95 | 73 | - info("ttl: %u", ttl); | ||
96 | 74 | + key_expiry = ttl; | ||
97 | 75 | + info("ttl: %u", key_expiry); | ||
98 | 76 | } | ||
99 | 77 | |||
100 | 78 | /* | ||
101 | 79 | @@ -240,7 +238,7 @@ | ||
102 | 80 | /* look up the hostnames we've obtained to get the actual addresses */ | ||
103 | 81 | afsdb_hosts_to_addrs(handle, ns_s_an); | ||
104 | 82 | |||
105 | 83 | - info("DNS query AFSDB RR results:%u ttl:%lu", payload_index, afs_ttl); | ||
106 | 84 | + info("DNS query AFSDB RR results:%u ttl:%u", payload_index, key_expiry); | ||
107 | 85 | return 0; | ||
108 | 86 | } | ||
109 | 87 | |||
110 | 88 | @@ -279,7 +277,7 @@ | ||
111 | 89 | /* look up the hostnames we've obtained to get the actual addresses */ | ||
112 | 90 | srv_hosts_to_addrs(handle, ns_s_an); | ||
113 | 91 | |||
114 | 92 | - info("DNS query VL SRV RR results:%u ttl:%lu", payload_index, afs_ttl); | ||
115 | 93 | + info("DNS query VL SRV RR results:%u ttl:%u", payload_index, key_expiry); | ||
116 | 94 | return 0; | ||
117 | 95 | } | ||
118 | 96 | |||
119 | 97 | @@ -293,7 +291,7 @@ | ||
120 | 98 | |||
121 | 99 | /* set the key's expiry time from the minimum TTL encountered */ | ||
122 | 100 | if (!debug_mode) { | ||
123 | 101 | - ret = keyctl_set_timeout(key, afs_ttl); | ||
124 | 102 | + ret = keyctl_set_timeout(key, key_expiry); | ||
125 | 103 | if (ret == -1) | ||
126 | 104 | error("%s: keyctl_set_timeout: %m", __func__); | ||
127 | 105 | } | ||
128 | 106 | --- a/key.dns.h | ||
129 | 107 | +++ b/key.dns.h | ||
130 | 108 | @@ -29,6 +29,7 @@ | ||
131 | 109 | #include <stdlib.h> | ||
132 | 110 | #include <unistd.h> | ||
133 | 111 | #include <time.h> | ||
134 | 112 | +#include <ctype.h> | ||
135 | 113 | |||
136 | 114 | #define MAX_VLS 15 /* Max Volume Location Servers Per-Cell */ | ||
137 | 115 | #define INET_IP4_ONLY 0x1 | ||
138 | 116 | @@ -42,6 +43,7 @@ | ||
139 | 117 | extern key_serial_t key; | ||
140 | 118 | extern int debug_mode; | ||
141 | 119 | extern unsigned mask; | ||
142 | 120 | +extern unsigned int key_expiry; | ||
143 | 121 | |||
144 | 122 | #define N_PAYLOAD 256 | ||
145 | 123 | extern struct iovec payload[N_PAYLOAD]; | ||
146 | 124 | @@ -52,6 +54,8 @@ | ||
147 | 125 | extern __attribute__((format(printf, 1, 2))) | ||
148 | 126 | void _error(const char *fmt, ...); | ||
149 | 127 | extern __attribute__((format(printf, 1, 2))) | ||
150 | 128 | +void warning(const char *fmt, ...); | ||
151 | 129 | +extern __attribute__((format(printf, 1, 2))) | ||
152 | 130 | void info(const char *fmt, ...); | ||
153 | 131 | extern __attribute__((noreturn)) | ||
154 | 132 | void nsError(int err, const char *domain); | ||
155 | 133 | --- a/key.dns_resolver.c | ||
156 | 134 | +++ b/key.dns_resolver.c | ||
157 | 135 | @@ -46,10 +46,13 @@ | ||
158 | 136 | static const char a_query_type[] = "a"; | ||
159 | 137 | static const char aaaa_query_type[] = "aaaa"; | ||
160 | 138 | static const char afsdb_query_type[] = "afsdb"; | ||
161 | 139 | +static const char *config_file = "/etc/keyutils/key.dns_resolver.conf"; | ||
162 | 140 | +static bool config_specified = false; | ||
163 | 141 | key_serial_t key; | ||
164 | 142 | static int verbose; | ||
165 | 143 | int debug_mode; | ||
166 | 144 | unsigned mask = INET_ALL; | ||
167 | 145 | +unsigned int key_expiry = 5; | ||
168 | 146 | |||
169 | 147 | |||
170 | 148 | /* | ||
171 | 149 | @@ -106,6 +109,23 @@ | ||
172 | 150 | } | ||
173 | 151 | |||
174 | 152 | /* | ||
175 | 153 | + * Print a warning to stderr or the syslog | ||
176 | 154 | + */ | ||
177 | 155 | +void warning(const char *fmt, ...) | ||
178 | 156 | +{ | ||
179 | 157 | + va_list va; | ||
180 | 158 | + | ||
181 | 159 | + va_start(va, fmt); | ||
182 | 160 | + if (isatty(2)) { | ||
183 | 161 | + vfprintf(stderr, fmt, va); | ||
184 | 162 | + fputc('\n', stderr); | ||
185 | 163 | + } else { | ||
186 | 164 | + vsyslog(LOG_WARNING, fmt, va); | ||
187 | 165 | + } | ||
188 | 166 | + va_end(va); | ||
189 | 167 | +} | ||
190 | 168 | + | ||
191 | 169 | +/* | ||
192 | 170 | * Print status information | ||
193 | 171 | */ | ||
194 | 172 | void info(const char *fmt, ...) | ||
195 | 173 | @@ -272,6 +292,7 @@ | ||
196 | 174 | } | ||
197 | 175 | |||
198 | 176 | info("The key instantiation data is '%s'", buf); | ||
199 | 177 | + info("The expiry time is %us", key_expiry); | ||
200 | 178 | free(buf); | ||
201 | 179 | } | ||
202 | 180 | |||
203 | 181 | @@ -412,6 +433,9 @@ | ||
204 | 182 | |||
205 | 183 | /* load the key with data key */ | ||
206 | 184 | if (!debug_mode) { | ||
207 | 185 | + ret = keyctl_set_timeout(key, key_expiry); | ||
208 | 186 | + if (ret == -1) | ||
209 | 187 | + error("%s: keyctl_set_timeout: %m", __func__); | ||
210 | 188 | ret = keyctl_instantiate_iov(key, payload, payload_index, 0); | ||
211 | 189 | if (ret == -1) | ||
212 | 190 | error("%s: keyctl_instantiate: %m", __func__); | ||
213 | 191 | @@ -421,6 +445,157 @@ | ||
214 | 192 | } | ||
215 | 193 | |||
216 | 194 | /* | ||
217 | 195 | + * Read the config file. | ||
218 | 196 | + */ | ||
219 | 197 | +static void read_config(void) | ||
220 | 198 | +{ | ||
221 | 199 | + FILE *f; | ||
222 | 200 | + char buf[4096], *b, *p, *k, *v; | ||
223 | 201 | + unsigned int line = 0, u; | ||
224 | 202 | + int n; | ||
225 | 203 | + | ||
226 | 204 | + info("READ CONFIG %s", config_file); | ||
227 | 205 | + | ||
228 | 206 | + f = fopen(config_file, "r"); | ||
229 | 207 | + if (!f) { | ||
230 | 208 | + if (errno == ENOENT && !config_specified) { | ||
231 | 209 | + debug("%s: %m", config_file); | ||
232 | 210 | + return; | ||
233 | 211 | + } | ||
234 | 212 | + error("%s: %m", config_file); | ||
235 | 213 | + } | ||
236 | 214 | + | ||
237 | 215 | + while (fgets(buf, sizeof(buf) - 1, f)) { | ||
238 | 216 | + line++; | ||
239 | 217 | + | ||
240 | 218 | + /* Trim off leading and trailing spaces and discard whole-line | ||
241 | 219 | + * comments. | ||
242 | 220 | + */ | ||
243 | 221 | + b = buf; | ||
244 | 222 | + while (isspace(*b)) | ||
245 | 223 | + b++; | ||
246 | 224 | + if (!*b || *b == '#') | ||
247 | 225 | + continue; | ||
248 | 226 | + p = strchr(b, '\n'); | ||
249 | 227 | + if (!p) | ||
250 | 228 | + error("%s:%u: line missing newline or too long", config_file, line); | ||
251 | 229 | + while (p > buf && isspace(p[-1])) | ||
252 | 230 | + p--; | ||
253 | 231 | + *p = 0; | ||
254 | 232 | + | ||
255 | 233 | + /* Split into key[=value] pairs and trim spaces. */ | ||
256 | 234 | + k = b; | ||
257 | 235 | + v = NULL; | ||
258 | 236 | + b = strchr(b, '='); | ||
259 | 237 | + if (b) { | ||
260 | 238 | + char quote = 0; | ||
261 | 239 | + bool esc = false; | ||
262 | 240 | + | ||
263 | 241 | + if (b == k) | ||
264 | 242 | + error("%s:%u: Unspecified key", | ||
265 | 243 | + config_file, line); | ||
266 | 244 | + | ||
267 | 245 | + /* NUL-terminate the key. */ | ||
268 | 246 | + for (p = b - 1; isspace(*p); p--) | ||
269 | 247 | + ; | ||
270 | 248 | + p[1] = 0; | ||
271 | 249 | + | ||
272 | 250 | + /* Strip leading spaces */ | ||
273 | 251 | + b++; | ||
274 | 252 | + while (isspace(*b)) | ||
275 | 253 | + b++; | ||
276 | 254 | + if (!*b) | ||
277 | 255 | + goto missing_value; | ||
278 | 256 | + | ||
279 | 257 | + if (*b == '"' || *b == '\'') { | ||
280 | 258 | + quote = *b; | ||
281 | 259 | + b++; | ||
282 | 260 | + } | ||
283 | 261 | + v = p = b; | ||
284 | 262 | + while (*b) { | ||
285 | 263 | + if (esc) { | ||
286 | 264 | + switch (*b) { | ||
287 | 265 | + case ' ': | ||
288 | 266 | + case '\t': | ||
289 | 267 | + case '"': | ||
290 | 268 | + case '\'': | ||
291 | 269 | + case '\\': | ||
292 | 270 | + break; | ||
293 | 271 | + default: | ||
294 | 272 | + goto invalid_escape_char; | ||
295 | 273 | + } | ||
296 | 274 | + esc = false; | ||
297 | 275 | + *p++ = *b++; | ||
298 | 276 | + continue; | ||
299 | 277 | + } | ||
300 | 278 | + if (*b == '\\') { | ||
301 | 279 | + esc = true; | ||
302 | 280 | + b++; | ||
303 | 281 | + continue; | ||
304 | 282 | + } | ||
305 | 283 | + if (*b == quote) { | ||
306 | 284 | + b++; | ||
307 | 285 | + if (*b) | ||
308 | 286 | + goto post_quote_data; | ||
309 | 287 | + quote = 0; | ||
310 | 288 | + break; | ||
311 | 289 | + } | ||
312 | 290 | + if (!quote && *b == '#') | ||
313 | 291 | + break; /* Terminal comment */ | ||
314 | 292 | + *p++ = *b++; | ||
315 | 293 | + } | ||
316 | 294 | + | ||
317 | 295 | + if (esc) | ||
318 | 296 | + error("%s:%u: Incomplete escape", config_file, line); | ||
319 | 297 | + if (quote) | ||
320 | 298 | + error("%s:%u: Unclosed quotes", config_file, line); | ||
321 | 299 | + *p = 0; | ||
322 | 300 | + } | ||
323 | 301 | + | ||
324 | 302 | + if (strcmp(k, "default_ttl") == 0) { | ||
325 | 303 | + if (!v) | ||
326 | 304 | + goto missing_value; | ||
327 | 305 | + if (sscanf(v, "%u%n", &u, &n) != 1) | ||
328 | 306 | + goto bad_value; | ||
329 | 307 | + if (v[n]) | ||
330 | 308 | + goto extra_data; | ||
331 | 309 | + if (u < 1 || u > INT_MAX) | ||
332 | 310 | + goto out_of_range; | ||
333 | 311 | + key_expiry = u; | ||
334 | 312 | + } else { | ||
335 | 313 | + warning("%s:%u: Unknown option '%s'", config_file, line, k); | ||
336 | 314 | + } | ||
337 | 315 | + } | ||
338 | 316 | + | ||
339 | 317 | + if (ferror(f) || fclose(f) == EOF) | ||
340 | 318 | + error("%s: %m", config_file); | ||
341 | 319 | + return; | ||
342 | 320 | + | ||
343 | 321 | +missing_value: | ||
344 | 322 | + error("%s:%u: %s: Missing value", config_file, line, k); | ||
345 | 323 | +invalid_escape_char: | ||
346 | 324 | + error("%s:%u: %s: Invalid char in escape", config_file, line, k); | ||
347 | 325 | +post_quote_data: | ||
348 | 326 | + error("%s:%u: %s: Data after closing quote", config_file, line, k); | ||
349 | 327 | +bad_value: | ||
350 | 328 | + error("%s:%u: %s: Bad value", config_file, line, k); | ||
351 | 329 | +extra_data: | ||
352 | 330 | + error("%s:%u: %s: Extra data supplied", config_file, line, k); | ||
353 | 331 | +out_of_range: | ||
354 | 332 | + error("%s:%u: %s: Value out of range", config_file, line, k); | ||
355 | 333 | +} | ||
356 | 334 | + | ||
357 | 335 | +/* | ||
358 | 336 | + * Dump the configuration after parsing the config file. | ||
359 | 337 | + */ | ||
360 | 338 | +static __attribute__((noreturn)) | ||
361 | 339 | +void config_dumper(void) | ||
362 | 340 | +{ | ||
363 | 341 | + printf("default_ttl = %u\n", key_expiry); | ||
364 | 342 | + exit(0); | ||
365 | 343 | +} | ||
366 | 344 | + | ||
367 | 345 | +/* | ||
368 | 346 | * Print usage details, | ||
369 | 347 | */ | ||
370 | 348 | static __attribute__((noreturn)) | ||
371 | 349 | @@ -428,22 +603,24 @@ | ||
372 | 350 | { | ||
373 | 351 | if (isatty(2)) { | ||
374 | 352 | fprintf(stderr, | ||
375 | 353 | - "Usage: %s [-vv] key_serial\n", | ||
376 | 354 | + "Usage: %s [-vv] [-c config] key_serial\n", | ||
377 | 355 | prog); | ||
378 | 356 | fprintf(stderr, | ||
379 | 357 | - "Usage: %s -D [-vv] <desc> <calloutinfo>\n", | ||
380 | 358 | + "Usage: %s -D [-vv] [-c config] <desc> <calloutinfo>\n", | ||
381 | 359 | prog); | ||
382 | 360 | } else { | ||
383 | 361 | - info("Usage: %s [-vv] key_serial", prog); | ||
384 | 362 | + info("Usage: %s [-vv] [-c config] key_serial", prog); | ||
385 | 363 | } | ||
386 | 364 | exit(2); | ||
387 | 365 | } | ||
388 | 366 | |||
389 | 367 | -const struct option long_options[] = { | ||
390 | 368 | - { "debug", 0, NULL, 'D' }, | ||
391 | 369 | - { "verbose", 0, NULL, 'v' }, | ||
392 | 370 | - { "version", 0, NULL, 'V' }, | ||
393 | 371 | - { NULL, 0, NULL, 0 } | ||
394 | 372 | +static const struct option long_options[] = { | ||
395 | 373 | + { "config", 0, NULL, 'c' }, | ||
396 | 374 | + { "debug", 0, NULL, 'D' }, | ||
397 | 375 | + { "dump-config", 0, NULL, 2 }, | ||
398 | 376 | + { "verbose", 0, NULL, 'v' }, | ||
399 | 377 | + { "version", 0, NULL, 'V' }, | ||
400 | 378 | + { NULL, 0, NULL, 0 } | ||
401 | 379 | }; | ||
402 | 380 | |||
403 | 381 | /* | ||
404 | 382 | @@ -455,11 +632,19 @@ | ||
405 | 383 | char *keyend, *p; | ||
406 | 384 | char *callout_info = NULL; | ||
407 | 385 | char *buf = NULL, *name; | ||
408 | 386 | + bool dump_config = false; | ||
409 | 387 | |||
410 | 388 | openlog(prog, 0, LOG_DAEMON); | ||
411 | 389 | |||
412 | 390 | - while ((ret = getopt_long(argc, argv, "vDV", long_options, NULL)) != -1) { | ||
413 | 391 | + while ((ret = getopt_long(argc, argv, "c:vDV", long_options, NULL)) != -1) { | ||
414 | 392 | switch (ret) { | ||
415 | 393 | + case 'c': | ||
416 | 394 | + config_file = optarg; | ||
417 | 395 | + config_specified = true; | ||
418 | 396 | + continue; | ||
419 | 397 | + case 2: | ||
420 | 398 | + dump_config = true; | ||
421 | 399 | + continue; | ||
422 | 400 | case 'D': | ||
423 | 401 | debug_mode = 1; | ||
424 | 402 | continue; | ||
425 | 403 | @@ -481,6 +666,9 @@ | ||
426 | 404 | |||
427 | 405 | argc -= optind; | ||
428 | 406 | argv += optind; | ||
429 | 407 | + read_config(); | ||
430 | 408 | + if (dump_config) | ||
431 | 409 | + config_dumper(); | ||
432 | 410 | |||
433 | 411 | if (!debug_mode) { | ||
434 | 412 | if (argc != 1) | ||
435 | 413 | @@ -542,7 +730,7 @@ | ||
436 | 414 | name++; | ||
437 | 415 | |||
438 | 416 | info("Query type: '%*.*s'", qtlen, qtlen, keyend); | ||
439 | 417 | - | ||
440 | 418 | + | ||
441 | 419 | if ((qtlen == sizeof(a_query_type) - 1 && | ||
442 | 420 | memcmp(keyend, a_query_type, sizeof(a_query_type) - 1) == 0) || | ||
443 | 421 | (qtlen == sizeof(aaaa_query_type) - 1 && | ||
444 | 422 | --- a/man/key.dns_resolver.8 | ||
445 | 423 | +++ b/man/key.dns_resolver.8 | ||
446 | 424 | @@ -7,28 +7,41 @@ | ||
447 | 425 | .\" as published by the Free Software Foundation; either version | ||
448 | 426 | .\" 2 of the License, or (at your option) any later version. | ||
449 | 427 | .\" | ||
450 | 428 | -.TH KEY.DNS_RESOLVER 8 "04 Mar 2011" Linux "Linux Key Management Utilities" | ||
451 | 429 | +.TH KEY.DNS_RESOLVER 8 "18 May 2020" Linux "Linux Key Management Utilities" | ||
452 | 430 | .SH NAME | ||
453 | 431 | key.dns_resolver \- upcall for request\-key to handle dns_resolver keys | ||
454 | 432 | .SH SYNOPSIS | ||
455 | 433 | \fB/sbin/key.dns_resolver \fR<key> | ||
456 | 434 | .br | ||
457 | 435 | -\fB/sbin/key.dns_resolver \fR\-D [\-v] [\-v] <keydesc> <calloutinfo> | ||
458 | 436 | +\fB/sbin/key.dns_resolver \fR--dump-config [\-c <configfile>] | ||
459 | 437 | +.br | ||
460 | 438 | +\fB/sbin/key.dns_resolver \fR\-D [\-v] [\-v] [\-c <configfile>] <desc> | ||
461 | 439 | +.br | ||
462 | 440 | +<calloutinfo> | ||
463 | 441 | .SH DESCRIPTION | ||
464 | 442 | This program is invoked by request\-key on behalf of the kernel when kernel | ||
465 | 443 | services (such as NFS, CIFS and AFS) want to perform a hostname lookup and the | ||
466 | 444 | kernel does not have the key cached. It is not ordinarily intended to be | ||
467 | 445 | called directly. | ||
468 | 446 | .P | ||
469 | 447 | -It can be called in debugging mode to test its functionality by passing a | ||
470 | 448 | -\fB\-D\fR flag on the command line. For this to work, the key description and | ||
471 | 449 | -the callout information must be supplied. Verbosity can be increased by | ||
472 | 450 | -supplying one or more \fB\-v\fR flags. | ||
473 | 451 | +There program has internal parameters that can be changed with a configuration | ||
474 | 452 | +file (see key.dns_resolver.conf(5) for more information). The default | ||
475 | 453 | +configuration file is in /etc, but this can be overridden with the \fB-c\fR | ||
476 | 454 | +flag. | ||
477 | 455 | +.P | ||
478 | 456 | +The program can be called in debugging mode to test its functionality by | ||
479 | 457 | +passing a \fB\-D\fR or \fB\--debug\fR flag on the command line. For this to | ||
480 | 458 | +work, the key description and the callout information must be supplied. | ||
481 | 459 | +Verbosity can be increased by supplying one or more \fB\-v\fR flags. | ||
482 | 460 | +.P | ||
483 | 461 | +The program may also be called with \fB--dump-config\fR to show the values that | ||
484 | 462 | +configurable parameters will have after parsing the config file. | ||
485 | 463 | .SH ERRORS | ||
486 | 464 | All errors will be logged to the syslog. | ||
487 | 465 | .SH SEE ALSO | ||
488 | 466 | .ad l | ||
489 | 467 | .nh | ||
490 | 468 | +.BR key.dns_resolver.conf (5), | ||
491 | 469 | .BR request\-key.conf (5), | ||
492 | 470 | .BR keyrings (7), | ||
493 | 471 | .BR request\-key (8) | ||
494 | 472 | --- /dev/null | ||
495 | 473 | +++ b/man/key.dns_resolver.conf.5 | ||
496 | 474 | @@ -0,0 +1,48 @@ | ||
497 | 475 | +.\" -*- nroff -*- | ||
498 | 476 | +.\" Copyright (C) 2020 Red Hat, Inc. All Rights Reserved. | ||
499 | 477 | +.\" Written by David Howells (dhowells@redhat.com) | ||
500 | 478 | +.\" | ||
501 | 479 | +.\" This program is free software; you can redistribute it and/or | ||
502 | 480 | +.\" modify it under the terms of the GNU General Public License | ||
503 | 481 | +.\" as published by the Free Software Foundation; either version | ||
504 | 482 | +.\" 2 of the License, or (at your option) any later version. | ||
505 | 483 | +.\" | ||
506 | 484 | +.TH KEY.DNS_RESOLVER.CONF 5 "18 May 2020" Linux "Linux Key Management Utilities" | ||
507 | 485 | +.SH NAME | ||
508 | 486 | +key.dns_resolver.conf \- Kernel DNS resolver config | ||
509 | 487 | +.SH DESCRIPTION | ||
510 | 488 | +This file is used by the key.dns_resolver(5) program to set parameters. | ||
511 | 489 | +Unless otherwise overridden with the \fB\-c\fR flag, the program reads: | ||
512 | 490 | +.IP | ||
513 | 491 | +/etc/key.dns_resolver.conf | ||
514 | 492 | +.P | ||
515 | 493 | +Configuration options are given in \fBkey[=value]\fR form, where \fBvalue\fR is | ||
516 | 494 | +optional. If present, the value may be surrounded by a pair of single ('') or | ||
517 | 495 | +double quotes ("") which will be stripped off. The special characters in the | ||
518 | 496 | +value may be escaped with a backslash to turn them into ordinary characters. | ||
519 | 497 | +.P | ||
520 | 498 | +Lines beginning with a '#' are considered comments and ignored. A '#' symbol | ||
521 | 499 | +anywhere after the '=' makes the rest of the line into a comment unless the '#' | ||
522 | 500 | +is inside a quoted section or is escaped. | ||
523 | 501 | +.P | ||
524 | 502 | +Leading and trailing spaces and spaces around the '=' symbol will be stripped | ||
525 | 503 | +off. | ||
526 | 504 | +.P | ||
527 | 505 | +Available options include: | ||
528 | 506 | +.TP | ||
529 | 507 | +.B default_ttl=<number> | ||
530 | 508 | +The number of seconds to set as the expiration on a cached record. This will | ||
531 | 509 | +be overridden if the program manages to retrieve TTL information along with | ||
532 | 510 | +the addresses (if, for example, it accesses the DNS directly). The default is | ||
533 | 511 | +5 seconds. The value must be in the range 1 to INT_MAX. | ||
534 | 512 | +.P | ||
535 | 513 | +The file can also include comments beginning with a '#' character unless | ||
536 | 514 | +otherwise suppressed by being inside a quoted value or being escaped with a | ||
537 | 515 | +backslash. | ||
538 | 516 | + | ||
539 | 517 | +.SH FILES | ||
540 | 518 | +.ul | ||
541 | 519 | +/etc/key.dns_resolver.conf | ||
542 | 520 | +.ul 0 | ||
543 | 521 | +.SH SEE ALSO | ||
544 | 522 | +\fBkey.dns_resolver\fR(8) | ||
545 | diff --git a/debian/patches/series b/debian/patches/series | |||
546 | index 5631eeb..5f4637c 100644 | |||
547 | --- a/debian/patches/series | |||
548 | +++ b/debian/patches/series | |||
549 | @@ -8,3 +8,4 @@ pkg-config-install-tweaks.patch | |||
550 | 8 | man-page-fixes.patch | 8 | man-page-fixes.patch |
551 | 9 | Tests-for-KEYCTL_MOVE-require-kernel-5.3-or-above.patch | 9 | Tests-for-KEYCTL_MOVE-require-kernel-5.3-or-above.patch |
552 | 10 | private-priv.patch | 10 | private-priv.patch |
553 | 11 | apply-default-ttl-to-records.patch |