resolv: Introduce struct resolv_context [BZ #21668]

struct resolv_context objects provide a temporary resolver context
which does not change during a name lookup operation.  Only when the
outmost context is created, the stub resolver configuration is
verified to be current (at present, only against previous res_init
calls).  Subsequent attempts to obtain the context will reuse the
result of the initial verification operation.

struct resolv_context can also be extended in the future to store
data which needs to be deallocated during thread cancellation.

24 files changed, 1033 insertions, 371 deletions

diff --git a/ChangeLog b/ChangeLog
index 74dc23e987..edd0e69491 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,88 @@
+2017-06-30  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #21668]
+	Introduce temporary resolver contexts (struct resolv_conf).
+	* resolv/resolv-internal.h (__res_context_mkquery)
+	(__res_context_searchl __res_context_query, __res_context_send)
+	(__res_context_hostalias): Declare.
+	(__res_nopt): Switch to struct resolv_context.
+	* resolv/res_use_inet6.h: New file.
+	* resolv/resolv_context.h: Likewise.
+	* resolv/resolv_context.c: Likewise.
+	* resolv/compat-gethnamaddr.c (res_gethostbyname2_context):
+	Renamed from res_gethostbyname2.  Use struct resolv_context.
+	(res_gethostbyname2): New function.  Implement using
+	res_gethostbyname2_context.
+	(res_gethostbyaddr_context): Renamed from res_gethostbyaddr.  Use
+	struct resolv_context.
+	(res_gethostbyaddr): New function.  Implement using
+	res_gethostbyaddr_context.
+	* resolv/nss_dns/dns-canon.c (_nss_dns_getcanonname_r): Use struct
+	resolv_context.
+	* resolv/nss_dns/dns-host.c (gethostbyname3_context): Renamed from
+	_nss_dns_gethostbyname3_r.  Use struct resolv_context.
+	(_nss_dns_gethostbyname3_r): Implement using gethostbyname3_context.
+	(_nss_dns_gethostbyname_r, _nss_dns_gethostbyname4_r): Likewise.
+	(_nss_dns_gethostbyaddr2_r): Use struct resolv_context.
+	* resolv/nss_dns/dns-network.c (_nss_dns_getnetbyname_r)
+	(_nss_dns_getnetbyaddr_r): Likewise.
+	* resolv/res-close.c (res_thread_freeres): Call
+	__resolv_context_freeres.
+	* resolv/res_libc.c (__res_maybe_init): Remove function.  Moved to
+	maybe_init in resolv/resolv_context.c.
+	* resolv/res_mkquery.c (__res_context_mkquery): Rename from
+	res_nmkquery.  Use struct resolv_context.
+	(context_mkquery_common): New function.
+	(res_nmkquery, res_mkquery): Use it.
+	(res_nopt): Switch to struct resolv_context.
+	* resolv/res_query.c (__res_context_querydomain): Renamed from
+	__libc_res_nquerydomain.  Use struct resolv_context.
+	(__res_context_query): Renamed from __libc_res_nquery.  Use struct
+	resolv_context.
+	(context_query_common): New function.
+	(res_nquery, res_query): Use it.
+	(__res_context_search): Renamed from __libc_res_nsearch.  Use
+	struct resolv_context.
+	(context_search_common): New function.
+	(res_nsearch, res_search): Use it.
+	(__res_context_querydomain): Rename from __libc_res_nquerydomain.
+	Use struct resolv_context.
+	(context_querydomain_common): New function.
+	(res_nquerydomain, res_querydomain): Use it.
+	(__res_context_hostalias): Rename from res_hostalias.  Use struct
+	resolv_context.
+	(context_hostalias_common): New function.
+	(res_hostalias, hostalias): Use it.
+	* resolv/res_send.c (__res_context_send): Renamed from
+	__libc_res_nsend.  Use struct resolv_context.
+	(context_send_common): New function.
+	(res_nsend, res_send): Use it.
+	* resolv/Makefile (routines): Add resolv_context.
+	* resolv/Versions (libc): Export __resolv_context_get,
+	__resolv_context_get_preinit, __resolv_context_get_override,
+	__resolv_context_put.  Remove __res_maybe_init.
+	(libresolv): Export __res_context_query, __res_context_search,
+	__res_context_hostalias.  Remove __libc_res_nquery,
+	__libc_res_nsearch.
+	* include/resolv.h (__res_maybe_init, __libc_res_nquery)
+	(__libc_res_nsearch, __libc_res_nsend): Remove declaration.
+	(__hostalias, __res_nmkquery, __res_nquery, __res_nquerydomain)
+	(__res_hostalias, __res_nsearch, __res_nsend): Remove hidden
+	prototypes.
+	* nss/nsswitch.h (__nss_hostname_digits_dots_context): Declare.
+	* nss/digits_dots.c (__nss_hostname_digits_dots_context): Renamed
+	from __nss_hostname_digits_dots.  Use struct resolv_context.
+	(__nss_hostname_digits_dots): New function.
+	* nss/getXXbyYY.c [HANDLE_DIGITS_DOTS] (FUNCTION_NAME): Acquire
+	struct resolv_context object.  Call new function
+	__nss_hostname_digits_dots_context.
+	* nss/getXXbyYY_r.c (REENTRANT_NAME): Use struct resolv_context.
+	* nss/getnssent_r.c (__nss_setent): Likewise.
+	* nscd/aicache.c (addhstaiX): Use struct resolv_context,
+	__resolv_context_disable_inet6 and __resolv_context_enable_inet6
+	instead of direct _res manipulation.
+	* sysdeps/posix/getaddrinfo.c (gethosts, gaih_inet): Likewise.
+
 2017-07-03  Florian Weimer  <fweimer@redhat.com>
 
 	* resolv/tst-resolv-res_init-skeleton.c
diff --git a/include/resolv.h b/include/resolv.h
index 2938506d75..634f5525fe 100644
--- a/include/resolv.h
+++ b/include/resolv.h
@@ -24,7 +24,6 @@ extern __thread struct __res_state *__resp attribute_tls_model_ie;
 
 /* Now define the internal interfaces.  */
 extern int __res_vinit (res_state, int) attribute_hidden;
-extern int __res_maybe_init (res_state, int);
 extern void _sethtent (int);
 extern struct hostent *_gethtent (void);
 extern struct hostent *_gethtbyname (const char *__name);
@@ -36,24 +35,11 @@ extern int res_ourserver_p (const res_state __statp,
 			    const struct sockaddr_in6 *__inp);
 extern void __res_iclose (res_state statp, bool free_addr);
 libc_hidden_proto (__res_ninit)
-libc_hidden_proto (__res_maybe_init)
 libc_hidden_proto (__res_nclose)
 libc_hidden_proto (__res_iclose)
 libc_hidden_proto (__res_randomid)
 libc_hidden_proto (__res_state)
 
-int __libc_res_nquery (res_state, const char *, int, int,
-		       unsigned char *, int, unsigned char **,
-		       unsigned char **, int *, int *, int *);
-int __libc_res_nsearch (res_state, const char *, int, int,
-			unsigned char *, int, unsigned char **,
-			unsigned char **, int *, int *, int *);
-int __libc_res_nsend (res_state, const unsigned char *, int,
-		      const unsigned char *, int, unsigned char *,
-		      int, unsigned char **, unsigned char **,
-		      int *, int *, int *)
-  attribute_hidden;
-
 libresolv_hidden_proto (_sethtent)
 libresolv_hidden_proto (_gethtent)
 libresolv_hidden_proto (_gethtbyaddr)
@@ -75,17 +61,8 @@ libresolv_hidden_proto (__p_type)
 libresolv_hidden_proto (__loc_ntoa)
 libresolv_hidden_proto (__fp_nquery)
 libresolv_hidden_proto (__fp_query)
-libresolv_hidden_proto (__hostalias)
-libresolv_hidden_proto (__res_nmkquery)
-libresolv_hidden_proto (__libc_res_nquery)
-libresolv_hidden_proto (__res_nquery)
-libresolv_hidden_proto (__res_nquerydomain)
-libresolv_hidden_proto (__res_hostalias)
-libresolv_hidden_proto (__libc_res_nsearch)
-libresolv_hidden_proto (__res_nsearch)
 libresolv_hidden_proto (__res_nameinquery)
 libresolv_hidden_proto (__res_queriesmatch)
-libresolv_hidden_proto (__res_nsend)
 libresolv_hidden_proto (__b64_ntop)
 libresolv_hidden_proto (__dn_count_labels)
 libresolv_hidden_proto (__p_secstodate)
diff --git a/nscd/aicache.c b/nscd/aicache.c
index f1f9284f6d..a3de792cc4 100644
--- a/nscd/aicache.c
+++ b/nscd/aicache.c
@@ -26,6 +26,8 @@
 #include <unistd.h>
 #include <sys/mman.h>
 #include <resolv/resolv-internal.h>
+#include <resolv/resolv_context.h>
+#include <resolv/res_use_inet6.h>
 
 #include "dbg_log.h"
 #include "nscd.h"
@@ -100,17 +102,15 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req,
     no_more = 0;
   nip = hosts_database;
 
-  /* Initialize configurations.  */
-  if (__res_maybe_init (&_res, 0) == -1)
+  /* Initialize configurations.  If we are looking for both IPv4 and
+     IPv6 address we don't want the lookup functions to automatically
+     promote IPv4 addresses to IPv6 addresses.  Therefore, use the
+     _no_inet6 variant.  */
+  struct resolv_context *ctx = __resolv_context_get ();
+  bool enable_inet6 = __resolv_context_disable_inet6 (ctx);
+  if (ctx == NULL)
     no_more = 1;
 
-  /* If we are looking for both IPv4 and IPv6 address we don't want
-     the lookup functions to automatically promote IPv4 addresses to
-     IPv6 addresses.  Currently this is decided by setting the
-     RES_USE_INET6 bit in _res.options.  */
-  int old_res_options = _res.options;
-  _res.options &= ~DEPRECATED_RES_USE_INET6;
-
   size_t tmpbuf6len = 1024;
   char *tmpbuf6 = alloca (tmpbuf6len);
   size_t tmpbuf4len = 0;
@@ -534,7 +534,8 @@ next_nip:
    }
 
  out:
-  _res.options |= old_res_options & DEPRECATED_RES_USE_INET6;
+  __resolv_context_enable_inet6 (ctx, enable_inet6);
+  __resolv_context_put (ctx);
 
   if (dataset != NULL && !alloca_used)
     {
diff --git a/nss/digits_dots.c b/nss/digits_dots.c
index 8dcbf9eb0a..0c1fa97e39 100644
--- a/nss/digits_dots.c
+++ b/nss/digits_dots.c
@@ -23,6 +23,7 @@
 #include <ctype.h>
 #include <wctype.h>
 #include <resolv/resolv-internal.h>
+#include <resolv/resolv_context.h>
 #include <netdb.h>
 #include <arpa/inet.h>
 #include "nsswitch.h"
@@ -38,11 +39,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 			    size_t buflen, struct hostent **result,
 			    enum nss_status *status, int af, int *h_errnop)
 {
-  int save;
-
   /* We have to test for the use of IPv6 which can only be done by
      examining `_res'.  */
-  if (__res_maybe_init (&_res, 0) == -1)
+  struct resolv_context *ctx = __resolv_context_get ();
+  if (ctx == NULL)
     {
       if (h_errnop)
 	*h_errnop = NETDB_INTERNAL;
@@ -52,6 +52,21 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf,
 	*result = NULL;
       return -1;
     }
+  int ret = __nss_hostname_digits_dots_context
+    (ctx, name, resbuf, buffer, buffer_size, buflen,
+     result, status, af, h_errnop);
+  __resolv_context_put (ctx);
+  return ret;
+}
+
+int
+__nss_hostname_digits_dots_context (struct resolv_context *ctx,
+				    const char *name, struct hostent *resbuf,
+				    char **buffer, size_t *buffer_size,
+				    size_t buflen, struct hostent **result,
+				    enum nss_status *status, int af, int *h_errnop)
+{
+  int save;
 
   /*
    * disallow names consisting only of digits/dots, unless
diff --git a/nss/getXXbyYY.c b/nss/getXXbyYY.c
index d027b14250..a439b816f7 100644
--- a/nss/getXXbyYY.c
+++ b/nss/getXXbyYY.c
@@ -47,6 +47,11 @@
 |*								   *|
 \*******************************************************************/
 
+
+#ifdef HANDLE_DIGITS_DOTS
+# include <resolv/resolv_context.h>
+#endif
+
 /* To make the real sources a bit prettier.  */
 #define REENTRANT_NAME APPEND_R (FUNCTION_NAME)
 #define APPEND_R(name) APPEND_R1 (name)
@@ -93,6 +98,19 @@ FUNCTION_NAME (ADD_PARAMS)
   int h_errno_tmp = 0;
 #endif
 
+#ifdef HANDLE_DIGITS_DOTS
+  /* Wrap both __nss_hostname_digits_dots and the actual lookup
+     function call in the same context.  */
+  struct resolv_context *res_ctx = __resolv_context_get ();
+  if (res_ctx == NULL)
+    {
+# if NEED_H_ERRNO
+      __set_h_errno (NETDB_INTERNAL);
+# endif
+      return NULL;
+    }
+#endif
+
   /* Get lock.  */
   __libc_lock_lock (lock);
 
@@ -105,9 +123,9 @@ FUNCTION_NAME (ADD_PARAMS)
 #ifdef HANDLE_DIGITS_DOTS
   if (buffer != NULL)
     {
-      if (__nss_hostname_digits_dots (name, &resbuf, &buffer,
-				      &buffer_size, 0, &result, NULL, AF_VAL,
-				      H_ERRNO_VAR_P))
+      if (__nss_hostname_digits_dots_context
+	  (res_ctx, name, &resbuf, &buffer, &buffer_size, 0, &result, NULL,
+	   AF_VAL, H_ERRNO_VAR_P))
 	goto done;
     }
 #endif
@@ -143,6 +161,10 @@ done:
   /* Release lock.  */
   __libc_lock_unlock (lock);
 
+#ifdef HANDLE_DIGITS_DOTS
+  __resolv_context_put (res_ctx);
+#endif
+
 #ifdef NEED_H_ERRNO
   if (h_errno_tmp != 0)
     __set_h_errno (h_errno_tmp);
diff --git a/nss/getXXbyYY_r.c b/nss/getXXbyYY_r.c
index 7cab825cf0..6c547ea1ca 100644
--- a/nss/getXXbyYY_r.c
+++ b/nss/getXXbyYY_r.c
@@ -26,7 +26,7 @@
 # include <nscd/nscd_proto.h>
 #endif
 #ifdef NEED__RES
-# include <resolv.h>
+# include <resolv/resolv_context.h>
 #endif
 /*******************************************************************\
 |* Here we assume several symbols to be defined:		   *|
@@ -53,8 +53,7 @@
 |* NEED_H_ERRNO  - an extra parameter will be passed to point to   *|
 |*		   the global `h_errno' variable.		   *|
 |*								   *|
-|* NEED__RES     - the global _res variable might be used so we	   *|
-|*		   will have to initialize it if necessary	   *|
+|* NEED__RES     - obtain a struct resolv_context resolver context *|
 |*								   *|
 |* PREPROCESS    - code run before anything else		   *|
 |*								   *|
@@ -213,6 +212,18 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, LOOKUP_TYPE *resbuf, char *buffer,
   bool any_service = false;
 #endif
 
+#ifdef NEED__RES
+  /* The HANDLE_DIGITS_DOTS case below already needs the resolver
+     configuration, so this has to happen early.  */
+  struct resolv_context *res_ctx = __resolv_context_get ();
+  if (res_ctx == NULL)
+    {
+      *h_errnop = NETDB_INTERNAL;
+      *result = NULL;
+      return errno;
+    }
+#endif /* NEED__RES */
+
 #ifdef PREPROCESS
   PREPROCESS;
 #endif
@@ -260,17 +271,6 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, LOOKUP_TYPE *resbuf, char *buffer,
 	}
       else
 	{
-#ifdef NEED__RES
-	  /* The resolver code will really be used so we have to
-	     initialize it.  */
-	  if (__res_maybe_init (&_res, 0) == -1)
-	    {
-	      *h_errnop = NETDB_INTERNAL;
-	      *result = NULL;
-	      return errno;
-	    }
-#endif /* need _res */
-
 	  void *tmp_ptr = fct.l;
 #ifdef PTR_MANGLE
 	  PTR_MANGLE (tmp_ptr);
@@ -399,6 +399,12 @@ done:
   POSTPROCESS;
 #endif
 
+#ifdef NEED__RES
+  /* This has to happen late because the POSTPROCESS stage above might
+     need the resolver context.  */
+  __resolv_context_put (res_ctx);
+#endif /* NEED__RES */
+
   int res;
   if (status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND)
     res = 0;
diff --git a/nss/getnssent_r.c b/nss/getnssent_r.c
index 5fdbf3be00..d85065b6cc 100644
--- a/nss/getnssent_r.c
+++ b/nss/getnssent_r.c
@@ -18,6 +18,7 @@
 #include <errno.h>
 #include <netdb.h>
 #include "nsswitch.h"
+#include <resolv/resolv_context.h>
 
 /* Set up NIP to run through the services.  If ALL is zero, use NIP's
    current location if it's not nil.  Return nonzero if there are no
@@ -59,10 +60,15 @@ __nss_setent (const char *func_name, db_lookup_function lookup_fct,
   } fct;
   int no_more;
 
-  if (res && __res_maybe_init (&_res, 0) == -1)
+  struct resolv_context *res_ctx = NULL;
+  if (res)
     {
-      __set_h_errno (NETDB_INTERNAL);
-      return;
+      res_ctx = __resolv_context_get ();
+      if (res_ctx == NULL)
+	{
+	  __set_h_errno (NETDB_INTERNAL);
+	  return;
+	}
     }
 
   /* Cycle through the services and run their `setXXent' functions until
@@ -95,6 +101,8 @@ __nss_setent (const char *func_name, db_lookup_function lookup_fct,
 	*last_nip = *nip;
     }
 
+  __resolv_context_put (res_ctx);
+
   if (stayopen_tmp)
     *stayopen_tmp = stayopen;
 }
@@ -112,10 +120,15 @@ __nss_endent (const char *func_name, db_lookup_function lookup_fct,
   } fct;
   int no_more;
 
-  if (res && __res_maybe_init (&_res, 0) == -1)
+  struct resolv_context *res_ctx = NULL;
+  if (res)
     {
-      __set_h_errno (NETDB_INTERNAL);
-      return;
+      res_ctx = __resolv_context_get ();
+      if (res_ctx == NULL)
+	{
+	  __set_h_errno (NETDB_INTERNAL);
+	  return;
+	}
     }
 
   /* Cycle through all the services and run their endXXent functions.  */
@@ -132,6 +145,8 @@ __nss_endent (const char *func_name, db_lookup_function lookup_fct,
       no_more = __nss_next2 (nip, func_name, NULL, &fct.ptr, 0, 1);
     }
   *last_nip = *nip = NULL;
+
+  __resolv_context_put (res_ctx);
 }
 
 
@@ -152,11 +167,16 @@ __nss_getent_r (const char *getent_func_name,
   int no_more;
   enum nss_status status;
 
-  if (res && __res_maybe_init (&_res, 0) == -1)
+  struct resolv_context *res_ctx = NULL;
+  if (res)
     {
-      *h_errnop = NETDB_INTERNAL;
-      *result = NULL;
-      return errno;
+      res_ctx = __resolv_context_get ();
+      if (res_ctx == NULL)
+	{
+	  *h_errnop = NETDB_INTERNAL;
+	  *result = NULL;
+	  return errno;
+	}
     }
 
   /* Initialize status to return if no more functions are found.  */
@@ -227,6 +247,8 @@ __nss_getent_r (const char *getent_func_name,
       while (! no_more && status != NSS_STATUS_SUCCESS);
     }
 
+  __resolv_context_put (res_ctx);
+
   *result = status == NSS_STATUS_SUCCESS ? resbuf : NULL;
   return (status == NSS_STATUS_SUCCESS ? 0
 	  : status != NSS_STATUS_TRYAGAIN ? ENOENT
diff --git a/nss/nsswitch.h b/nss/nsswitch.h
index f3e756b684..bd3fbcb082 100644
--- a/nss/nsswitch.h
+++ b/nss/nsswitch.h
@@ -197,7 +197,17 @@ extern int __nss_getent_r (const char *getent_func_name,
 extern void *__nss_getent (getent_r_function func,
 			   void **resbuf, char **buffer, size_t buflen,
 			   size_t *buffer_size, int *h_errnop);
+struct resolv_context;
 struct hostent;
+extern int __nss_hostname_digits_dots_context (struct resolv_context *,
+					       const char *name,
+					       struct hostent *resbuf,
+					       char **buffer,
+					       size_t *buffer_size,
+					       size_t buflen,
+					       struct hostent **result,
+					       enum nss_status *status, int af,
+					       int *h_errnop) attribute_hidden;
 extern int __nss_hostname_digits_dots (const char *name,
 				       struct hostent *resbuf, char **buffer,
 				       size_t *buffer_size, size_t buflen,
diff --git a/resolv/Makefile b/resolv/Makefile
index bab1ac24a6..126da0736a 100644
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -28,7 +28,8 @@ headers	:= resolv.h bits/types/res_state.h \
 	   sys/bitypes.h
 
 routines := herror inet_addr inet_ntop inet_pton nsap_addr res_init \
-