nss-resolve: allow turning off validation via env var

author: Lennart Poettering <lennart@poettering.net> 2020-11-05 11:18:20 +0100
committer: Lennart Poettering <lennart@poettering.net> 2021-02-14 22:01:09 +0100
commit: aee9d18c8d909eb7aca2838e4bce5da018b6a112 (patch)
tree: 2d776df695c1139ca02bf546455438f6947a21db /src/nss-resolve
parent: Merge pull request #18565 from poettering/randomize-answers (diff)
download: systemd-aee9d18c8d909eb7aca2838e4bce5da018b6a112.tar.xz
systemd-aee9d18c8d909eb7aca2838e4bce5da018b6a112.zip
1 files changed, 22 insertions, 3 deletions
diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c
index fb1d61fea9..5fcd39ee0a 100644
--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@@ -8,6 +8,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include "env-util.h"
 #include "errno-util.h"
 #include "in-addr-util.h"
 #include "macro.h"
@@ -184,6 +185,21 @@ static const JsonDispatch address_parameters_dispatch_table[] = {
         {}
 };
 
+static uint64_t query_flags(void) {
+        uint64_t f = 0;
+        int r;
+
+        /* Allow callers to turn off validation, when we resolve via nss-resolve */
+
+        r = getenv_bool_secure("SYSTEMD_NSS_RESOLVE_VALIDATE");
+        if (r < 0 && r != -ENXIO)
+                log_debug_errno(r, "Failed to parse $SYSTEMD_NSS_RESOLVE_VALIDATE value, ignoring.");
+        else if (r == 0)
+                f |= SD_RESOLVED_NO_VALIDATE;
+
+        return f;
+}
+
 enum nss_status _nss_resolve_gethostbyname4_r(
                 const char *name,
                 struct gaih_addrtuple **pat,
@@ -215,7 +231,8 @@ enum nss_status _nss_resolve_gethostbyname4_r(
                 goto fail;
 
         r = json_build(&cparams, JSON_BUILD_OBJECT(
-                                       JSON_BUILD_PAIR("name", JSON_BUILD_STRING(name))));
+                                       JSON_BUILD_PAIR("name", JSON_BUILD_STRING(name)),
+                                       JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(query_flags()))));
         if (r < 0)
                 goto fail;
 
@@ -367,7 +384,8 @@ enum nss_status _nss_resolve_gethostbyname3_r(
                 goto fail;
 
         r = json_build(&cparams, JSON_BUILD_OBJECT(JSON_BUILD_PAIR("name", JSON_BUILD_STRING(name)),
-                                                   JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(af))));
+                                                   JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(af)),
+                                                   JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(query_flags()))));
         if (r < 0)
                 goto fail;
 
@@ -571,7 +589,8 @@ enum nss_status _nss_resolve_gethostbyaddr2_r(
                 goto fail;
 
         r = json_build(&cparams, JSON_BUILD_OBJECT(JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(addr, len)),
-                                                   JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(af))));
+                                                   JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(af)),
+                                                   JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(query_flags()))));
         if (r < 0)
                 goto fail;
author	Lennart Poettering <lennart@poettering.net>	2020-11-05 11:18:20 +0100
committer	Lennart Poettering <lennart@poettering.net>	2021-02-14 22:01:09 +0100
commit	aee9d18c8d909eb7aca2838e4bce5da018b6a112 (patch)
tree	2d776df695c1139ca02bf546455438f6947a21db /src/nss-resolve
parent	Merge pull request #18565 from poettering/randomize-answers (diff)
download	systemd-aee9d18c8d909eb7aca2838e4bce5da018b6a112.tar.xz systemd-aee9d18c8d909eb7aca2838e4bce5da018b6a112.zip