update NSS plugin to hijack non-gnu/zkey tlds as well

author: Christian Grothoff <christian@grothoff.org> 2018-03-03 22:41:59 +0100
committer: Christian Grothoff <christian@grothoff.org> 2018-03-03 22:41:59 +0100
commit: bee1fc336bad21e456907eb9e6c35dc195b9a7e9 (patch)
tree: 00d3455808441b97a9a9a17befac8aaff0534b3a /src/gns/nss
parent: 92f24c2f42e84489160d7c8b94eeae9ec98207ed (diff)
download: gnunet-bee1fc336bad21e456907eb9e6c35dc195b9a7e9.tar.gz
gnunet-bee1fc336bad21e456907eb9e6c35dc195b9a7e9.zip
2 files changed, 28 insertions, 54 deletions
diff --git a/src/gns/nss/nss_gns.c b/src/gns/nss/nss_gns.c
index 31435cf95..03ac6e09c 100644
--- a/src/gns/nss/nss_gns.c
+++ b/src/gns/nss/nss_gns.c
@@ -42,35 +42,6 @@
 /**
- * function to check if name ends with a specific suffix
- *
- * @param name the name to check
- * @param suffix the suffix to check for
- * @return 1 if true
- */
-static int ends_with(const char *name, const char* suffix) {
-    size_t ln, ls;
-    assert(name);
-    assert(suffix);
-    if ((ls = strlen(suffix)) > (ln = strlen(name)))
-        return 0;
-    return strcasecmp(name+ln-ls, suffix) == 0;
-}
-/**
- * Check if name is inside .gnu or .zkey TLD
- *
- * @param name name to check
- * @return 1 if true
- */
-static int verify_name_allowed (const char *name) {
-  return ends_with(name, ".gnu") || ends_with(name, ".zkey");
-}
-/**
 * The gethostbyname hook executed by nsswitch
 *
 * @param name the name to resolve
@@ -82,7 +53,8 @@ static int verify_name_allowed (const char *name) {
 * @param h_errnop idk
 * @return a nss_status code
 */
-enum nss_status _nss_gns_gethostbyname2_r(
+enum nss_status
+_nss_gns_gethostbyname2_r(
    const char *name,
    int af,
    struct hostent * result,
@@ -95,7 +67,6 @@ enum nss_status _nss_gns_gethostbyname2_r(
    enum nss_status status = NSS_STATUS_UNAVAIL;
    int i;
    size_t address_length, l, idx, astart;
-    int name_allowed;
    if (af == AF_UNSPEC)
 #ifdef NSS_IPV6_ONLY
@@ -133,28 +104,25 @@ enum nss_status _nss_gns_gethostbyname2_r(
    u.count = 0;
    u.data_len = 0;
-    name_allowed = verify_name_allowed(name);
+    i = gns_resolve_name(af, name, &u);
+    if (-3 == i)
-    if (name_allowed) {
+      {
+        status = NSS_STATUS_NOTFOUND;
-        if (!gns_resolve_name(af, name, &u) == 0)
+        goto finish;
-        {
+      }
-          status = NSS_STATUS_NOTFOUND;
+    if (-2 == i)
-          goto finish;
+      {
-        }
+        status = NSS_STATUS_UNAVAIL;
-    }
+        goto finish;
-    else
+      }
-    {
+    if ( (-1 == i) ||
-      status = NSS_STATUS_UNAVAIL;
+         (u.count == 0) )
-      goto finish;
+      {
-    }
-    if (u.count == 0) {
        *errnop = ETIMEDOUT;
        *h_errnop = HOST_NOT_FOUND;
        status = NSS_STATUS_NOTFOUND;
        goto finish;
-    }
+      }
    /* Alias names */
@@ -212,7 +180,8 @@ finish:
 * @param h_errnop idk
 * @return a nss_status code
 */
-enum nss_status _nss_gns_gethostbyname_r (
+enum nss_status
+_nss_gns_gethostbyname_r (
    const char *name,
    struct hostent *result,
    char *buffer,
@@ -244,7 +213,8 @@ enum nss_status _nss_gns_gethostbyname_r (
 * @param h_errnop idk
 * @return NSS_STATUS_UNAVAIL
 */
-enum nss_status _nss_gns_gethostbyaddr_r(
+enum nss_status
+_nss_gns_gethostbyaddr_r(
    const void* addr,
    int len,
    int af,
@@ -253,10 +223,9 @@ enum nss_status _nss_gns_gethostbyaddr_r(
    size_t buflen,
    int *errnop,
    int *h_errnop) {
-  
    *errnop = EINVAL;
    *h_errnop = NO_RECOVERY;
    //NOTE we allow to leak this into DNS so no NOTFOUND
    return NSS_STATUS_UNAVAIL;
 }
diff --git a/src/gns/nss/nss_gns_query.c b/src/gns/nss/nss_gns_query.c
index 273eaa619..4700100b5 100644
--- a/src/gns/nss/nss_gns_query.c
+++ b/src/gns/nss/nss_gns_query.c
@@ -44,6 +44,7 @@ gns_resolve_name (int af,
  FILE *p;
  char *cmd;
  char line[128];
+  int ret;
  if (AF_INET6 == af)
  {
@@ -101,8 +102,12 @@ gns_resolve_name (int af,
      }
    }
  }
-  pclose (p);
+  ret = pclose (p);
  free (cmd);
+  if (4 == ret)
+    return -2; /* not for GNS */
+  if (3 == ret)
+    return -3; /* timeout */
  return 0;
 }
 /* end of nss_gns_query.c */
author	Christian Grothoff <christian@grothoff.org>	2018-03-03 22:41:59 +0100
committer	Christian Grothoff <christian@grothoff.org>	2018-03-03 22:41:59 +0100
commit	bee1fc336bad21e456907eb9e6c35dc195b9a7e9 (patch)
tree	00d3455808441b97a9a9a17befac8aaff0534b3a /src/gns/nss
parent	92f24c2f42e84489160d7c8b94eeae9ec98207ed (diff)
download	gnunet-bee1fc336bad21e456907eb9e6c35dc195b9a7e9.tar.gz gnunet-bee1fc336bad21e456907eb9e6c35dc195b9a7e9.zip

diff --git a/src/gns/nss/nss_gns.c b/src/gns/nss/nss_gns.c index 31435cf95..03ac6e09c 100644 --- a/src/gns/nss/nss_gns.c +++ b/src/gns/nss/nss_gns.c
@@ -42,35 +42,6 @@
42		42
43		43
44	/**	44	/**
45	* function to check if name ends with a specific suffix
46	*
47	* @param name the name to check
48	* @param suffix the suffix to check for
49	* @return 1 if true
50	*/
51	static int ends_with(const char name, const char suffix) {
52	size_t ln, ls;
53	assert(name);
54	assert(suffix);
55
56	if ((ls = strlen(suffix)) > (ln = strlen(name)))
57	return 0;
58
59	return strcasecmp(name+ln-ls, suffix) == 0;
60	}
61
62
63	/**
64	* Check if name is inside .gnu or .zkey TLD
65	*
66	* @param name name to check
67	* @return 1 if true
68	*/
69	static int verify_name_allowed (const char *name) {
70	return ends_with(name, ".gnu") \|\| ends_with(name, ".zkey");
71	}
72
73	/**
74	* The gethostbyname hook executed by nsswitch	45	* The gethostbyname hook executed by nsswitch
75	*	46	*
76	* @param name the name to resolve	47	* @param name the name to resolve
@@ -82,7 +53,8 @@ static int verify_name_allowed (const char *name) {
82	* @param h_errnop idk	53	* @param h_errnop idk
83	* @return a nss_status code	54	* @return a nss_status code
84	*/	55	*/
85	enum nss_status _nss_gns_gethostbyname2_r(	56	enum nss_status
		57	_nss_gns_gethostbyname2_r(
86	const char *name,	58	const char *name,
87	int af,	59	int af,
88	struct hostent * result,	60	struct hostent * result,
@@ -95,7 +67,6 @@ enum nss_status _nss_gns_gethostbyname2_r(
95	enum nss_status status = NSS_STATUS_UNAVAIL;	67	enum nss_status status = NSS_STATUS_UNAVAIL;
96	int i;	68	int i;
97	size_t address_length, l, idx, astart;	69	size_t address_length, l, idx, astart;
98	int name_allowed;
99		70
100	if (af == AF_UNSPEC)	71	if (af == AF_UNSPEC)
101	#ifdef NSS_IPV6_ONLY	72	#ifdef NSS_IPV6_ONLY
@@ -133,28 +104,25 @@ enum nss_status _nss_gns_gethostbyname2_r(
133	u.count = 0;	104	u.count = 0;
134	u.data_len = 0;	105	u.data_len = 0;
135		106
136	name_allowed = verify_name_allowed(name);	107	i = gns_resolve_name(af, name, &u);
137		108	if (-3 == i)
138	if (name_allowed) {	109	{
139		110	status = NSS_STATUS_NOTFOUND;
140	if (!gns_resolve_name(af, name, &u) == 0)	111	goto finish;
141	{	112	}
142	status = NSS_STATUS_NOTFOUND;	113	if (-2 == i)
143	goto finish;	114	{
144	}	115	status = NSS_STATUS_UNAVAIL;
145	}	116	goto finish;
146	else	117	}
147	{	118	if ( (-1 == i) \|\|
148	status = NSS_STATUS_UNAVAIL;	119	(u.count == 0) )
149	goto finish;	120	{
150	}
151
152	if (u.count == 0) {
153	*errnop = ETIMEDOUT;	121	*errnop = ETIMEDOUT;
154	*h_errnop = HOST_NOT_FOUND;	122	*h_errnop = HOST_NOT_FOUND;
155	status = NSS_STATUS_NOTFOUND;	123	status = NSS_STATUS_NOTFOUND;
156	goto finish;	124	goto finish;
157	}	125	}
158		126
159		127
160	/* Alias names */	128	/* Alias names */
@@ -212,7 +180,8 @@ finish:
212	* @param h_errnop idk	180	* @param h_errnop idk
213	* @return a nss_status code	181	* @return a nss_status code
214	*/	182	*/
215	enum nss_status _nss_gns_gethostbyname_r (	183	enum nss_status
		184	_nss_gns_gethostbyname_r (
216	const char *name,	185	const char *name,
217	struct hostent *result,	186	struct hostent *result,
218	char *buffer,	187	char *buffer,
@@ -244,7 +213,8 @@ enum nss_status _nss_gns_gethostbyname_r (
244	* @param h_errnop idk	213	* @param h_errnop idk
245	* @return NSS_STATUS_UNAVAIL	214	* @return NSS_STATUS_UNAVAIL
246	*/	215	*/
247	enum nss_status _nss_gns_gethostbyaddr_r(	216	enum nss_status
		217	_nss_gns_gethostbyaddr_r(
248	const void* addr,	218	const void* addr,
249	int len,	219	int len,
250	int af,	220	int af,
@@ -253,10 +223,9 @@ enum nss_status _nss_gns_gethostbyaddr_r(
253	size_t buflen,	223	size_t buflen,
254	int *errnop,	224	int *errnop,
255	int *h_errnop) {	225	int *h_errnop) {
256		226
257	*errnop = EINVAL;	227	*errnop = EINVAL;
258	*h_errnop = NO_RECOVERY;	228	*h_errnop = NO_RECOVERY;
259	//NOTE we allow to leak this into DNS so no NOTFOUND	229	//NOTE we allow to leak this into DNS so no NOTFOUND
260	return NSS_STATUS_UNAVAIL;	230	return NSS_STATUS_UNAVAIL;
261	}	231	}
262


diff --git a/src/gns/nss/nss_gns_query.c b/src/gns/nss/nss_gns_query.c index 273eaa619..4700100b5 100644 --- a/src/gns/nss/nss_gns_query.c +++ b/src/gns/nss/nss_gns_query.c
@@ -44,6 +44,7 @@ gns_resolve_name (int af,
44	FILE *p;	44	FILE *p;
45	char *cmd;	45	char *cmd;
46	char line[128];	46	char line[128];
		47	int ret;
47		48
48	if (AF_INET6 == af)	49	if (AF_INET6 == af)
49	{	50	{
@@ -101,8 +102,12 @@ gns_resolve_name (int af,
101	}	102	}
102	}	103	}
103	}	104	}
104	pclose (p);	105	ret = pclose (p);
105	free (cmd);	106	free (cmd);
		107	if (4 == ret)
		108	return -2; /* not for GNS */
		109	if (3 == ret)
		110	return -3; /* timeout */
106	return 0;	111	return 0;
107	}	112	}
108	/* end of nss_gns_query.c */	113	/* end of nss_gns_query.c */