Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp3545731ybk; Tue, 19 May 2020 07:17:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwUh8MRkK6PpyeU3yQEr90poPL+PByPCTtVchiU/K+qmtqe62cJSyNMKduv8hrNo4VGM8yR X-Received: by 2002:a17:906:24d8:: with SMTP id f24mr19942447ejb.215.1589897851258; Tue, 19 May 2020 07:17:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589897851; cv=none; d=google.com; s=arc-20160816; b=yFUSKQmHPHe9BftXNMvewotJYmnmvLlvRbEsuWopGlYAkXSJJEMw1MtHL+izA4D0g6 u+V/NPIcmEyoXDMKy6LAFalSqu48PjhB/OkAfhjDnTwrty6vq61JFErDPBPKLjgKmG9o xny8eeHl0+QnO6o+2ocgYO9bn01a5z/5SmszjYe8mtWj5LLIZkgNb5k5/1aTTWxfmmgE 5IKQnwbct6ZjDKu4X8dCl6yiBiHKOcx769md866UnaukmWwKswYbDYVETj8bQbBRmq3Q 5iKkZJM50n/bd2rDJ/Ir4xs6S53VOqJnCILeCabGH3aLEWCXj1Vwxv3e0RSuuiwT5aQH jfVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date:dkim-signature:dkim-signature; bh=hYBcgBqOCeKWIWT6lyT3Fnq62Afy3RmHDbcoDL9n+Nc=; b=y79v5mOfrqYM8TysQaIb3a6LYecCKcmC72Uc43I8bgQCsXVc4WlSVMbiE2nWJs30d6 0Z43K66XFgcMrrLm7Rr6ILwsjW1BrFVfRwo4y63qBHEFmviF+Lpt4NfYP/2zVpVVjQNS 7KwoIzIMZd1e5Mg7qN5ZxDsqqzVPJn07UHrhVmX1HJwvroCVBWCU1bgbOOG/Hwu4mrHX FYcFcPOJmlWUwGtWxu4IB0UQDwPtxilzIXTgk8EhhU4zr3Cf+qTaKOzNoi1q8tuviPVf TI4hbHUItYkZrVwG8rPZcO3Hpqvl0aSRImbwtE9MMgfpuSo6qoaqrprnY6AUuctOppRv MrCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@benboeckel.net header.s=fm1 header.b=NZOP9fm7; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=WGcDY7gO; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id do22si2869176ejc.79.2020.05.19.07.16.56; Tue, 19 May 2020 07:17:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@benboeckel.net header.s=fm1 header.b=NZOP9fm7; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=WGcDY7gO; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728982AbgESOOh (ORCPT + 99 others); Tue, 19 May 2020 10:14:37 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:32787 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728633AbgESOOg (ORCPT ); Tue, 19 May 2020 10:14:36 -0400 Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 60BCF5C017F; Tue, 19 May 2020 10:14:34 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Tue, 19 May 2020 10:14:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benboeckel.net; h=date:from:to:cc:subject:message-id:reply-to:references :mime-version:content-type:in-reply-to; s=fm1; bh=hYBcgBqOCeKWIW T6lyT3Fnq62Afy3RmHDbcoDL9n+Nc=; b=NZOP9fm7wiMY+tKdhSUaB4Kp/QTlZR 3jsnrq5zaZ+AfRdsG6VrvZlrIK9Rw7JtFBKfhzvJnesTToavSJ6LnBB2yoCUsHkb yFKFJp/RPaMykXJzxZa/nVI+E87adFVxxHZqym6scwDnZ/Ho/mmPJer/2QPCDcwA qkqi0OLzg4RD/AV55rx9h6w4iEimNKkoHqixjvp8CwbGOId+s5ArcwqkF6ZDvRbj 9E+vImfeBC8UyavCARKSlo0AxMz8BwRXFHuoTtYGtrg04b/EvpNq1ivIM/291r2j ebynirC1kt5sbLw6bqNhYb36IuZywDGkfFMeR/B9FFDnAGR372YHtIZA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:reply-to:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=hYBcgBqOCeKWIWT6lyT3Fnq62Afy3RmHDbcoDL9n+Nc=; b=WGcDY7gO 1AR8xJVGffl+l77H0LAwf4O4IP810PmP8osqBe2rP531tyDvbdTIBw77uQRlMe3l 7m4SYZswyMS+ggjQ5yvcjTu43Nxa4KaB3W3GpmG5AfBpqfwbZ4PPtMfEBNlAeAT2 6DVVu77YudVgfiq3VJzk8n14nV20AR5j0/uacynN1/gn8kpnL+Lr5MI5Meezm/7A VCkr8dVOUXKof0cSz8F2zbsAHWys4bQOX/vVm26JjzGjPi5ie54Mx/1KgzhnSR+d qRRYvx4Up5oLb/OQ76iAqMj90JaKDTtgcVo2+rlya+XBvkkbThjjwcHi9Fv/VXmp 3qQoOcuph1O/xQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedruddtjedgjeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhrfhggtggujggfsehttdertddtreejnecuhfhrohhmpeeuvghn uceuohgvtghkvghluceomhgvsegsvghnsghovggtkhgvlhdrnhgvtheqnecuggftrfgrth htvghrnhepjedtvdffheetgfektdehvefgieelgeefheejvdehtdduieetgedtfedtleev vdffnecukfhppeeiledrvddtgedrudeikedrvdeffeenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmvgessggvnhgsohgvtghkvghlrdhnvght X-ME-Proxy: Received: from localhost (cpe-69-204-168-233.nycap.res.rr.com [69.204.168.233]) by mail.messagingengine.com (Postfix) with ESMTPA id A7E24328005D; Tue, 19 May 2020 10:14:33 -0400 (EDT) Date: Tue, 19 May 2020 10:14:32 -0400 From: Ben Boeckel To: David Howells Cc: linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, linux-afs@lists.infradead.org, ceph-devel@vger.kernel.org, keyrings@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, fweimer@redhat.com Subject: Re: [PATCH] dns: Apply a default TTL to records obtained from getaddrinfo() Message-ID: <20200519141432.GA2949457@erythro.dev.benboeckel.internal> Reply-To: me@benboeckel.net References: <20200518155148.GA2595638@erythro.dev.benboeckel.internal> <158981176590.872823.11683683537698750702.stgit@warthog.procyon.org.uk> <1080378.1589895580@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1080378.1589895580@warthog.procyon.org.uk> User-Agent: Mutt/1.13.3 (2020-01-12) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Tue, May 19, 2020 at 14:39:40 +0100, David Howells wrote: > Ben Boeckel wrote: > > Is there precedent for this config file format? > > Okay, I can change it to: > > default_ttl = > > and strip spaces all over the place. Thanks. This is at least a subset of other formats with specs that aren't bigger than XML :) . > > But no trailing whitespace is allowed? > > Yes... See a few lines above: > > while (p > buf && isspace(p[-1])) > p--; > *p = 0; Ah, I missed that. The `-1` should have clued me in. It's a pity there's not a `strrspn` or the like, but alas. > > The valid range should be mentioned in the docs (basically that 0 is not > > allowed and has no special meaning (it could mean leaving off the TTL as > > previously done)). > > I suppose - that's mainly to make sure I'm not passing an invalid value to the > syscall. Leaving 0 as invalid is fine, I'm more worried about documenting the semantics that are implemented. > > Forwards compatibility is hard with such behavior. Is there any reason > > this can't be a warning? > > I can downgrade it to a warning. I'm not sure that there's any problem here, > but I have met circumstances before where it is the wrong thing to ignore an > explicit option that you don't support rather than giving an error. It's hard to know for sure, true. However, as existing instances silently ignore this file missing as well, one cannot expect that a customization here is not being ignored today. I think it's mainly going to be distributions and/or "devops" folks tweaking this value. Hopefully they have policies in place for syncing their versions and configurations up. > > There's no mention of the leading whitespace support or comments here. > > Does the file deserve its own manpage? > > Um. I'm not sure. Quite possibly there should at least be a stub file with a > .so directive in it. That'd be sufficient. It'd show up in `apropos` then at least. I see you have a full manpage now though, so that's even better. > diff --git a/key.dns_resolver.c b/key.dns_resolver.c > index 4ac27d30..c241eda3 100644 > --- a/key.dns_resolver.c > +++ b/key.dns_resolver.c > @@ -46,10 +46,13 @@ static const char key_type[] = "dns_resolver"; > static const char a_query_type[] = "a"; > static const char aaaa_query_type[] = "aaaa"; > static const char afsdb_query_type[] = "afsdb"; > +static const char *config_file = "/etc/keyutils/key.dns_resolver.conf"; > +static bool config_specified = false; > key_serial_t key; > static int verbose; > int debug_mode; > unsigned mask = INET_ALL; > +unsigned int key_expiry = 10 * 60; > > > /* > @@ -105,6 +108,23 @@ void _error(const char *fmt, ...) > va_end(va); > } > > +/* > + * Pring a warning to stderr or the syslog Typo. `Print` > + */ > +void warning(const char *fmt, ...) > +{ > + va_list va; > + > + va_start(va, fmt); > + if (isatty(2)) { > + vfprintf(stderr, fmt, va); > + fputc('\n', stderr); > + } else { > + vsyslog(LOG_WARNING, fmt, va); > + } > + va_end(va); > +} > + > /* > * Print status information > */ > @@ -272,6 +292,7 @@ void dump_payload(void) > } > > info("The key instantiation data is '%s'", buf); > + info("The expiry time is %us", key_expiry); > free(buf); > } > > @@ -412,6 +433,9 @@ int dns_query_a_or_aaaa(const char *hostname, char *options) > > /* load the key with data key */ > if (!debug_mode) { > + ret = keyctl_set_timeout(key, key_expiry); > + if (ret == -1) > + error("%s: keyctl_set_timeout: %m", __func__); > ret = keyctl_instantiate_iov(key, payload, payload_index, 0); > if (ret == -1) > error("%s: keyctl_instantiate: %m", __func__); > @@ -420,6 +444,145 @@ int dns_query_a_or_aaaa(const char *hostname, char *options) > exit(0); > } > > +/* > + * Read the config file. > + */ > +static void read_config(void) > +{ > + FILE *f; > + char buf[4096], *b, *p, *k, *v; > + unsigned int line = 0, u; > + int n; > + > + printf("READ CONFIG %s\n", config_file); Thanks. This looks much more rigorous than before. > + while (*b) { > + if (esc) { > + esc = false; > + *p++ = *b++; This probably wants to verify that an escapable character is being escaped. Right now `\n` will be `n` rather than ASCII NL. > diff --git a/man/key.dns_resolver.conf.5 b/man/key.dns_resolver.conf.5 > new file mode 100644 > index 00000000..03d04049 > --- /dev/null > +++ b/man/key.dns_resolver.conf.5 > @@ -0,0 +1,48 @@ > +.\" -*- nroff -*- > +.\" Copyright (C) 2020 Red Hat, Inc. All Rights Reserved. > +.\" Written by David Howells (dhowells@redhat.com) > +.\" > +.\" This program is free software; you can redistribute it and/or > +.\" modify it under the terms of the GNU General Public License > +.\" as published by the Free Software Foundation; either version > +.\" 2 of the License, or (at your option) any later version. > +.\" > +.TH KEY.DNS_RESOLVER.CONF 5 "18 May 2020" Linux "Linux Key Management Utilities" > +.SH NAME > +key.dns_resolver.conf \- Kernel DNS resolver config > +.SH DESCRIPTION > +This file is used by the key.dns_resolver(5) program to set parameters. > +Unless otherwise overridden with the \fB\-c\fR flag, the program reads: > +.IP > +/etc/key.dns_resolver.conf > +.P > +Configuration options are given in \fBkey[=value]\fR form, where \fBvalue\fR is > +optional. If present, the value may be surrounded by a pair of single ('') or > +double quotes ("") which will be stripped off. The special characters in the > +value may be escaped with a backslash to turn them into ordinary characters. > +.P > +Lines beginning with a '#' are considered comments and ignored. A '#' symbol > +anywhere after the '=' makes the rest of the line into a comment unless the '#' > +is inside a quoted section or is escaped. > +.P > +Leading and trailing spaces and spaces around the '=' symbol will be stripped > +off. > +.P > +Available options include: > +.TP > +.B default_ttl= > +The number of seconds to set as the expiration on a cached record. This will > +be overridden if the program manages to retrieve TTL information along with > +the addresses (if, for example, it accesses the DNS directly). The default is > +600 seconds. The value must be in the range 1 to INT_MAX. > +.P > +The file can also include comments beginning with a '#' character unless > +otherwise suppressed by being inside a quoted value or being escaped with a > +backslash. > + > +.SH FILES > +.ul > +/etc/key.dns_resolver.conf > +.ul 0 > +.SH SEE ALSO > +\fBkey.dns_resolver\fR(8) This looks good enough docs to me. Thanks, --Ben