[1/2] nss: Implement --no-addrconfig option for getent

  The ahosts, ahostsv4, ahostsv6 commands unconditionally pass
AI_ADDRCONFIG to getaddrinfo, which is not always desired.
---
 NEWS         |  5 ++++-
 nss/getent.c | 11 ++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)
  

On Tue, Sep 13, 2022 at 04:35:44PM +0200, Florian Weimer via Libc-alpha wrote:
> The ahosts, ahostsv4, ahostsv6 commands unconditionally pass
> AI_ADDRCONFIG to getaddrinfo, which is not always desired.

Looking forward to a v2.

> ---
>  NEWS         |  5 ++++-
>  nss/getent.c | 11 ++++++++++-
>  2 files changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/NEWS b/NEWS
> index ef274d1a42..d4739d93c6 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -9,7 +9,10 @@ Version 2.37
>  
>  Major new features:
>  
> -  [Add new features here]

Suggest:

* The getent tool now supports the --no-addrconfig option. The
  output of getent with --no-addrconfig may contain addresses
  of families not configured on the current host i.e. as-if you
  had not passed AI_ADDRCONFIG to getaddrinfo calls.  This flag
  is primarily intended for diagnostic purposes.

I think the use for diagnostics should be called out.

> +* The getent tool now supports the --no-addrconfig option.  When
> +  present, getent no longer passes AI_ADDRCONFIG to the getaddrinfo
> +  function, and the output may contain addresses of families not
> +  configured on the current host.
>  
>  Deprecated and removed features, and other changes affecting compatibility:
>  
> diff --git a/nss/getent.c b/nss/getent.c
> index 8178b4b470..39a42e707d 100644
> --- a/nss/getent.c
> +++ b/nss/getent.c
> @@ -58,6 +58,8 @@ static const struct argp_option args_options[] =
>    {
>      { "service", 's', N_("CONFIG"), 0, N_("Service configuration to be used") },
>      { "no-idn", 'i', NULL, 0, N_("disable IDN encoding") },
> +    { "no-addrconfig", 'A', NULL, 0,
> +      N_("disable AI_ADDRCONFIG (for ahosts*)") },

Suggest a more user-center textual description:

"disable filtering using host address configuration (for ahosts*)"

It's a bit of a mouthfull.

>      { NULL, 0, NULL, 0, NULL },
>    };
>  
> @@ -79,6 +81,9 @@ static struct argp argp =
>  /* Additional getaddrinfo flags for IDN encoding.  */
>  static int idn_flags = AI_IDN | AI_CANONIDN;
>  
> +/* Set to 0 by --no-addrconfig.  */
> +static int addrconfig_flags = AI_ADDRCONFIG;
> +

OK.

>  /* Print the version information.  */
>  static void
>  print_version (FILE *stream, struct argp_state *state)
> @@ -346,7 +351,7 @@ ahosts_keys_int (int af, int xflags, int number, char *key[])
>  
>    struct addrinfo hint;
>    memset (&hint, '\0', sizeof (hint));
> -  hint.ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG | AI_CANONNAME
> +  hint.ai_flags = (AI_V4MAPPED | addrconfig_flags | AI_CANONNAME
>  		   | idn_flags | xflags);

OK.

>    hint.ai_family = af;
>  
> @@ -905,6 +910,10 @@ parse_option (int key, char *arg, struct argp_state *state)
>        idn_flags = 0;
>        break;
>  
> +    case 'A':
> +      addrconfig_flags = 0;
> +      break;

OK.

> +
>      default:
>        return ARGP_ERR_UNKNOWN;
>      }
> -- 
> 2.37.2
> 
>
  

* Carlos O'Donell:

> On Tue, Sep 13, 2022 at 04:35:44PM +0200, Florian Weimer via Libc-alpha wrote:
>> The ahosts, ahostsv4, ahostsv6 commands unconditionally pass
>> AI_ADDRCONFIG to getaddrinfo, which is not always desired.
>
> Looking forward to a v2.
>
>> ---
>>  NEWS         |  5 ++++-
>>  nss/getent.c | 11 ++++++++++-
>>  2 files changed, 14 insertions(+), 2 deletions(-)
>> 
>> diff --git a/NEWS b/NEWS
>> index ef274d1a42..d4739d93c6 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -9,7 +9,10 @@ Version 2.37
>>  
>>  Major new features:
>>  
>> -  [Add new features here]
>
> Suggest:
>
> * The getent tool now supports the --no-addrconfig option. The
>   output of getent with --no-addrconfig may contain addresses
>   of families not configured on the current host i.e. as-if you
>   had not passed AI_ADDRCONFIG to getaddrinfo calls.  This flag
>   is primarily intended for diagnostic purposes.
>
> I think the use for diagnostics should be called out.

I think getent ahosts* is mostly intended for diagnostic purposes
anyway, so we don't have to spell this out again.  The output format is
certainly awkward for most purposes.  So I'll use your text without the
last sentence.

>> +* The getent tool now supports the --no-addrconfig option.  When
>> +  present, getent no longer passes AI_ADDRCONFIG to the getaddrinfo
>> +  function, and the output may contain addresses of families not
>> +  configured on the current host.
>>  
>>  Deprecated and removed features, and other changes affecting compatibility:
>>  
>> diff --git a/nss/getent.c b/nss/getent.c
>> index 8178b4b470..39a42e707d 100644
>> --- a/nss/getent.c
>> +++ b/nss/getent.c
>> @@ -58,6 +58,8 @@ static const struct argp_option args_options[] =
>>    {
>>      { "service", 's', N_("CONFIG"), 0, N_("Service configuration to be used") },
>>      { "no-idn", 'i', NULL, 0, N_("disable IDN encoding") },
>> +    { "no-addrconfig", 'A', NULL, 0,
>> +      N_("disable AI_ADDRCONFIG (for ahosts*)") },
>
> Suggest a more user-center textual description:
>
> "disable filtering using host address configuration (for ahosts*)"
>
> It's a bit of a mouthfull.

I'm going with this instead:

      N_("do not filter out unsupported IPv4/IPv6 addresses (with ahosts*)") },

Thanks,
Florian