From: Werner Koch <wk@gnupg.org>
Date: Mon, 13 Feb 2017 19:09:26 +0000 (+0100)
Subject: dirmngr: Do a DNS lookup even if it is missing from nsswitch.conf.
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=d334ac27581e7ea269a278b95dfdcdffa4d292e8;p=gnupg2.git

dirmngr: Do a DNS lookup even if it is missing from nsswitch.conf.

* dirmngr/dns-stuff.c (libdns_init): Do not print error message for a
missing nsswitch.conf.  Make sure that tehre is a DNS entry.
--

GnuPG-bug-id: 2948
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit dee026d761ae3d7594c3dbc5b3fa842df53cc189)

Gbp-Pq: Name 0037-dirmngr-Do-a-DNS-lookup-even-if-it-is-missing-from-n.patch
---

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 52f011a..bc2e071 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -498,12 +498,10 @@ libdns_init (void)
         (dns_nssconf_loadpath (ld.resolv_conf, fname));
       if (err)
         {
-          log_error ("failed to load '%s': %s\n", fname, gpg_strerror (err));
-          /* not fatal, nsswitch.conf is not used on all systems; assume
-           * classic behavior instead.  Our dns library states "bf" which tries
-           * DNS then Files, which is not classic; FreeBSD
-           * /usr/src/lib/libc/net/gethostnamadr.c defines default_src[] which
-           * is Files then DNS, which is. */
+          /* This is not a fatal error: nsswitch.conf is not used on
+           * all systems; assume classic behavior instead.  */
+          if (gpg_err_code (err) != GPG_ERR_ENOENT)
+            log_error ("failed to load '%s': %s\n", fname, gpg_strerror (err));
           if (opt_debug)
             log_debug ("dns: fallback resolution order, files then DNS\n");
           ld.resolv_conf->lookup[0] = 'f';
@@ -511,6 +509,23 @@ libdns_init (void)
           ld.resolv_conf->lookup[2] = '\0';
           err = GPG_ERR_NO_ERROR;
         }
+      else if (!strchr (ld.resolv_conf->lookup, 'b'))
+        {
+          /* No DNS resulution type found in the list.  This might be
+           * due to systemd based systems which allow for custom
+           * keywords which are not known to us and thus we do not
+           * know whether DNS is wanted or not.  Becuase DNS is
+           * important for our infrastructure, we forcefully append
+           * DNS to the end of the list.  */
+          if (strlen (ld.resolv_conf->lookup)+2 < sizeof ld.resolv_conf->lookup)
+            {
+              if (opt_debug)
+                log_debug ("dns: appending DNS to resolution order\n");
+              strcat (ld.resolv_conf->lookup, "b");
+            }
+          else
+            log_error ("failed to append DNS to resolution order\n");
+        }
 
 #endif /* Unix */
     }