remove unused variable from all copies of _asr_strdname()

... including those inlined into print_dname(). This also fixes
-Wunused-but-set-variable warnings warnings in smtpd and smtpctl.
The code

remove unused variable from all copies of _asr_strdname()

... including those inlined into print_dname(). This also fixes
-Wunused-but-set-variable warnings warnings in smtpd and smtpctl.
The code was imported with asr and then copied around.

ok deraadt@ guenther@

show more ...

Implement rfc6840 (AD flag processing) if using trusted name servers

libc can't do DNSSEC validation but it can ask a "security-aware"
resolver to do so. Let's send queries with the AD flag set whe

Implement rfc6840 (AD flag processing) if using trusted name servers

libc can't do DNSSEC validation but it can ask a "security-aware"
resolver to do so. Let's send queries with the AD flag set when
appropriate, and let applications look at the AD flag in responses in
a safe way, ie clear the AD flag if the resolvers aren't trusted.
By default we only trust resolvers if resolv.conf(5) only lists name
servers on localhost - the obvious candidates being unwind(8) and
unbound(8). For non-localhost resolvers, an admin who trusts *all the
name servers* listed in resolv.conf(5) *and the network path leading to
them* can annotate this with "options trust-ad".

AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch
SSHFP records in a secure manner, and tightens the situation for other
applications, eg those using RES_USE_DNSSEC for DANE. It should be
noted that postfix currently assumes trusted name servers by default and
forces RES_TRUSTAD if available.

RES_TRUSTAD and "options trust-ad" were first introduced in glibc by
Florian Weimer. Florian Obser (florian@) contributed various
improvements, fixed a bug and added automatic trust for name servers on
localhost.

ok florian@ phessler@

show more ...

Zap unused variables

OK martijn

Fix two issues related to thread private data in asr.
- setting up asr in single thread mode and then starting threads using asr
would lead to multiple threads sharing the same resolver.
- destruct

Fix two issues related to thread private data in asr.
- setting up asr in single thread mode and then starting threads using asr
would lead to multiple threads sharing the same resolver.
- destruction of a thread that has been using asr would leak data.
Problem originally reported by Alexey Sokolov and Uli Schlachter.
ok kettenis@

show more ...

Add support for timeconting in userland.

This diff exposes parts of clock_gettime(2) and gettimeofday(2) to
userland via libc eliberating processes from the need for a context
switch everytime they

Add support for timeconting in userland.

This diff exposes parts of clock_gettime(2) and gettimeofday(2) to
userland via libc eliberating processes from the need for a context
switch everytime they want to count the passage of time.

If a timecounter clock can be exposed to userland than it needs to set
its tc_user member to a non-zero value. Tested with one or multiple
counters per architecture.

The timing data is shared through a pointer found in the new ELF
auxiliary vector AUX_openbsd_timekeep containing timehands information
that is frequently updated by the kernel.

Timing differences between the last kernel update and the current time
are adjusted in userland by the tc_get_timecount() function inside the
MD usertc.c file.

This permits a much more responsive environment, quite visible in
browsers, office programs and gaming (apparently one is are able to fly
in Minecraft now).

Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others!

OK from at least kettenis@, cheloha@, naddy@, sthen@

show more ...

In the libc resolver function asr_run(), clear the result buffer everytime,
because there are callers who were inspecting unrelated fields.
discussion with eric, otto, solution from semarie
this is e

In the libc resolver function asr_run(), clear the result buffer everytime,
because there are callers who were inspecting unrelated fields.
discussion with eric, otto, solution from semarie
this is errata 6.6/031_asr and 6.7/009_asr

show more ...

Allow the caller of asr functions to create and use a specific context.
Diff from eric@ and florian@, commiting on their behalf since they are absent
and we want to ride the minor shlib bump.

More "explicitely" -> "explicitly" in various comments.

ok guenther@ tb@ deraadt@

To allow us to get rid of /etc/networks, make getnetby*(3)
wrappers around gethostby*_async(3). If you had anything of
importance in /etc/networks, specify it in /etc/hosts instead.
Feedback and OK

To allow us to get rid of /etc/networks, make getnetby*(3)
wrappers around gethostby*_async(3). If you had anything of
importance in /etc/networks, specify it in /etc/hosts instead.
Feedback and OK eric@, OK deraadt@

show more ...

Fix comments

ok eric@ a while ago

make sure that all error paths are correctly handled in asr_run_sync()
and that the result is always properly set when the functions returns.
fix issues spotted by claudio@.

ok claudio@

Put a common flags field in the query struct, rather than in some
elements of the union.

This field is for internal asr flags. The flags in "struct rrset" and
"struct ni" are different kinds of fla

Put a common flags field in the query struct, rather than in some
elements of the union.

This field is for internal asr flags. The flags in "struct rrset" and
"struct ni" are different kinds of flags.

ok eric@

show more ...

Put a common subq pointer in the query struct, rather than one in each
element of the union.

ok gilles@ millert@ krw@

Add EDNS0 support.

EDNS allows for various DNS extensions, among which UDP DNS packets size
bigger than 512 bytes. The default is still to not advertize anything.

ok eric@

Remove duplicated line.

OK eric@

typo fixes; Anthony Coulter

Calculate elapsed time in poll() and subtract that from the remaining time
when restarting poll() after receiving a signal.

The ruby runtime send signals to threads periodically, so without accounti

Calculate elapsed time in poll() and subtract that from the remaining time
when restarting poll() after receiving a signal.

The ruby runtime send signals to threads periodically, so without accounting
for elapsed time, the timeout would never expire if we didn't get a response
from a nameserver.

ok deraadt@ eric@

show more ...

Avoid a possible double-free if the "search" keyword is used multiple times.

ok jca@ gilles@

Remove support for HOSTALIASES from the resolver. This "open and parse
any file indicated by an environment variable" feature inside the
resolver is incompatible with what pledge "dns" is trying to

Remove support for HOSTALIASES from the resolver. This "open and parse
any file indicated by an environment variable" feature inside the
resolver is incompatible with what pledge "dns" is trying to be. It is
a misguided "feature" added way back in history which almost noone uses,
but everyone has to assume the risk from.
ok eric florian kettenis

show more ...

Remove support for "lookup yp" in /etc/resolv.conf. This historical
wart is incompatible with pledge, because suddenly a "dns" operation
needs "getpw" access to ypbind/ypserv, etc. file + dns acces

Remove support for "lookup yp" in /etc/resolv.conf. This historical
wart is incompatible with pledge, because suddenly a "dns" operation
needs "getpw" access to ypbind/ypserv, etc. file + dns access is
enough for everyone, sorry if you were using that old SunOS 4.x style
mechanism, but it is now gone.
ok semarie millert florian

show more ...

We are always using _PATH_RESCONF, so no need to remember the path on
the resolver.

ok millert@ deraadt@

Remove support for [addr]:port syntax from the "nameserver" line.
This extension never made it to other systems. (pledge is also happy
with this. The idea of DNS @ any port collides with pledge enc

Remove support for [addr]:port syntax from the "nameserver" line.
This extension never made it to other systems. (pledge is also happy
with this. The idea of DNS @ any port collides with pledge encouraring
differentiation between DNS and non-DNS sockets)
ok phessler jung sthen kettenis

show more ...

getaddrinfo_async() shouldn't unconditionally intialize the resolver
via _asr_use_resolver(). If the hint specifies for AI_NUMERICHOST,
create a transient lookup context which won't try to open /etc

getaddrinfo_async() shouldn't unconditionally intialize the resolver
via _asr_use_resolver(). If the hint specifies for AI_NUMERICHOST,
create a transient lookup context which won't try to open /etc/reslov.conf
ok eric guenther

show more ...

Initially eric developers asr as a side-load style library for async DNS.
When it was integrated as the main resolver, a bunch of strange initialization
code remained. Start whittling away at this,

Initially eric developers asr as a side-load style library for async DNS.
When it was integrated as the main resolver, a bunch of strange initialization
code remained. Start whittling away at this, piece by piece, to make it
more clear.
ok eric

show more ...

missing asr* -> _asr* symbol rename for building with debug code

ok jca@