resolv: Implement trust-ad option for /etc/resolv.conf [BZ #20358]

This introduces a concept of trusted name servers, for which the
AD bit is passed through to applications.  For untrusted name
servers (the default), the AD bit in responses are cleared, to
provide a safe default.

This approach is very similar to the one suggested by Pavel Šimerda
in <https://bugzilla.redhat.com/show_bug.cgi?id=1164339#c15>.

The DNS test framework in support/ is enhanced with support for
setting the AD bit in responses.

Tested on x86_64-linux-gnu.

Change-Id: Ibfe0f7c73ea221c35979842c5c3b6ed486495ccc

1 files changed, 21 insertions, 0 deletions

diff --git a/resolv/res_send.c b/resolv/res_send.c
index 47bfba6747..fce810031f 100644
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -332,6 +332,15 @@ nameserver_offset (struct __res_state *statp)
     }
 }
 
+/* Clear the AD bit unless the trust-ad option was specified in the
+   resolver configuration.  */
+static void
+mask_ad_bit (struct resolv_context *ctx, void *buf)
+{
+  if (!(ctx->resp->options & RES_TRUSTAD))
+    ((HEADER *) buf)->ad = 0;
+}
+
 /* int
  * res_queriesmatch(buf1, eom1, buf2, eom2)
  *	is there a 1:1 mapping of (name,type,class)
@@ -525,6 +534,18 @@ __res_context_send (struct resolv_context *ctx,
 
 		resplen = n;
 
+		/* Mask the AD bit in both responses unless it is
+		   marked trusted.  */
+		if (resplen > HFIXEDSZ)
+		  {
+		    if (ansp != NULL)
+		      mask_ad_bit (ctx, *ansp);
+		    else
+		      mask_ad_bit (ctx, ans);
+		  }
+		if (resplen2 != NULL && *resplen2 > HFIXEDSZ)
+		  mask_ad_bit (ctx, *ansp2);
+
 		/*
 		 * If we have temporarily opened a virtual circuit,
 		 * or if we haven't been asked to keep a socket open,