Merge pull request #4474 from poettering/nsswitch

various nss module/resolved fixes
2016-10-25 08:13:07 +02:00 · 2016-10-25 08:13:07 +02:00 · f70ebf1ce3
parent 8d3eafa161 75555c2824
commit f70ebf1ce3
6 changed files with 18 additions and 14 deletions
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@ -110,7 +110,7 @@
 group:          compat mymachines systemd
 shadow:         compat

-hosts:          files mymachines resolve <command>myhostname</command>
+hosts:          files mymachines resolve [!UNAVAIL=return] dns <command>myhostname</command>
 networks:       files

 protocols:      db files
--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@ -86,7 +86,7 @@
 group:          compat <command>mymachines</command> systemd
 shadow:         compat

-hosts:          files <command>mymachines</command> resolve myhostname
+hosts:          files <command>mymachines</command> resolve [!UNAVAIL=return] dns myhostname
 networks:       files

 protocols:      db files
--- a/man/nss-resolve.xml
+++ b/man/nss-resolve.xml
@ -85,7 +85,7 @@
 group:          compat mymachines systemd
 shadow:         compat

-hosts:          files mymachines <command>resolve [!UNAVAIL=return]</command> dns
+hosts:          files mymachines <command>resolve [!UNAVAIL=return]</command> dns myhostname
 networks:       files

 protocols:      db files
--- a/man/nss-systemd.xml
+++ b/man/nss-systemd.xml
@ -83,7 +83,7 @@
 group:          compat mymachines <command>systemd</command>
 shadow:         compat

-hosts:          files mymachines resolve myhostname
+hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
 networks:       files

 protocols:      db files
--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@ -121,6 +121,7 @@ enum nss_status _nss_resolve_gethostbyname4_r(
        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL;
        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        enum nss_status ret = NSS_STATUS_UNAVAIL;
        const char *canonical = NULL;
        size_t l, ms, idx;
        char *r_name;
@ -167,6 +168,10 @@ enum nss_status _nss_resolve_gethostbyname4_r(
                if (bus_error_shall_fallback(&error))
                        goto fallback;

+                /* Treat all other error conditions as NOTFOUND, and fail. This includes DNSSEC errors and
+                   suchlike. (We don't use UNAVAIL in this case so that the nsswitch.conf configuration can distuingish
+                   such executed but negative replies from complete failure to talk to resolved. */
+                ret = NSS_STATUS_NOTFOUND;
                goto fail;
        }

@ -279,12 +284,9 @@ fallback:
        }

 fail:
-        /* When we arrive here, resolved runs and has answered (fallback to
-         * "dns" is handled earlier). So we have a definitive "no" answer and
-         * should not fall back to subsequent NSS modules via "UNAVAIL". */
        *errnop = -r;
        *h_errnop = NO_RECOVERY;
-        return NSS_STATUS_NOTFOUND;
+        return ret;
 }

 enum nss_status _nss_resolve_gethostbyname3_r(
@ -300,6 +302,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        char *r_name, *r_aliases, *r_addr, *r_addr_list;
        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        enum nss_status ret = NSS_STATUS_UNAVAIL;
        size_t l, idx, ms, alen;
        const char *canonical;
        int c, r, i = 0;
@ -353,6 +356,7 @@ enum nss_status _nss_resolve_gethostbyname3_r(
                if (bus_error_shall_fallback(&error))
                        goto fallback;

+                ret = NSS_STATUS_NOTFOUND;
                goto fail;
        }

@ -479,7 +483,7 @@ fallback:
 fail:
        *errnop = -r;
        *h_errnop = NO_RECOVERY;
-        return NSS_STATUS_NOTFOUND;
+        return ret;
 }

 enum nss_status _nss_resolve_gethostbyaddr2_r(
@ -494,6 +498,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        char *r_name, *r_aliases, *r_addr, *r_addr_list;
        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        enum nss_status ret = NSS_STATUS_UNAVAIL;
        unsigned c = 0, i = 0;
        size_t ms = 0, idx;
        const char *n;
@ -560,7 +565,7 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
                if (bus_error_shall_fallback(&error))
                        goto fallback;

-
+                ret = NSS_STATUS_NOTFOUND;
                goto fail;
        }

@ -669,7 +674,7 @@ fallback:
 fail:
        *errnop = -r;
        *h_errnop = NO_RECOVERY;
-        return NSS_STATUS_NOTFOUND;
+        return ret;
 }

 NSS_GETHOSTBYNAME_FALLBACKS(resolve);
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@ -575,8 +575,7 @@ void dns_server_warn_downgrade(DnsServer *server) {
        server->warned_downgrade = true;
 }

-bool dns_server_limited_domains(DnsServer *server)
-{
+bool dns_server_limited_domains(DnsServer *server) {
        DnsSearchDomain *domain;
        bool domain_restricted = false;

@ -589,7 +588,7 @@ bool dns_server_limited_domains(DnsServer *server)
                if (domain->route_only) {
                        domain_restricted = true;
                        /* ~. means "any domain", thus it is a global server */
-                        if (streq(DNS_SEARCH_DOMAIN_NAME(domain), "."))
+                        if (dns_name_is_root(DNS_SEARCH_DOMAIN_NAME(domain)))
                                return false;
                }