File: libval_shim.pod

package info (click to toggle)
dnssec-tools 1.13-1
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 16,064 kB
  • sloc: perl: 44,399; ansic: 31,547; cpp: 21,306; sh: 15,813; xml: 2,113; makefile: 1,390; pascal: 836; python: 290; csh: 11
file content (74 lines) | stat: -rw-r--r-- 2,066 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 

=pod

=head1 NAME

		      The Validator Shim Library

=head1 DESCRIPTION

The validator shim library (I<libval_shim.so>) is a shared library
designed to be dynamically loaded using the 'LD_PRELOAD' mechanism
(I<ld.so(8)>) supported on linux and various other unix-like
platforms. The shim library implements wrappers for a number of DNS
related functions and in turn calls equivalent DNSSEC-aware validating
functions from I<libval(3)>, mapping the results to return codes
recognized by the original functions. In this way a wide variety of
applications can be made DNSSEC aware without code changes and
recompilation.

The method of mapping return codes assumes that any 'untrusted' or
failure result from the I<libval(3)> function is reflected as a
failure to the original calling function.

=head2 I<Usage:>

To load the library set LD_PRELOAD variable within the environment of
the the target application prior to execution:

=over 4
   	export LD_PRELOAD=libval_shim.so
=back

=back

=head2 I<Validation Policy:>

The validator shim library will create a policy context and cache it
for all subsequent I<libval(3)> calls. A I<NULL> policy label will be
passed to create the context. The policy is chosen according to rules
defined for I<libval(3)>.

See I<dnsval.conf(1)> for information on policy labels and definition.

=head2 I<Logging:>

Logging for the I<libval(3)> functions may be enabled in the shim
library by setting an environment variable.

See I<dt-validate(1)> for specifics.

=head1 NOTES

=head2 setuid/setgid programs


setuid and setgid root programs (e.g., I<ping(8)>) do not honor the
LD_PRELOAD setting. These application may still use the LD_PRELOAD
mechanism when run directly from a root shell.

=head1 COPYRIGHT

Copyright 2004-2012 SPARTA, Inc.  All rights reserved.
See the COPYING file included with the dnssec-tools package for details.


=head1 AUTHORS

G. S. Marzot

=head1 SEE ALSO

I<libsres(3)>, I<libval(3)>, I<dnsval.conf(1)>, I<gethostbyname(3)>

I<gethostbyaddr(3)>, I<getnameinfo(3)>, I<getaddrinfo(3)>, I<res_query(3)>