v0.1: release first version

Author: Nhqml

Diff for: .gitignore

@@ -0,0 +1 @@
+build/

Diff for: LICENSE

@@ -0,0 +1,27 @@
+# libnss_docker
+*A NSS service for Docker containers resolving*
+
+:warning: *This is a **toy** project and has not been intensely tested! Use at your own risk*
+
+## Dependencies
+
+- `libcurl` (>= 7.80)
+- `libcjson` (>= 1.7.15)
+
+*Note that older versions of the dependencies may work, but they have not been tested*
+
+## Install
+
+Requires `meson` and `ninja`.
+
+```bash
+meson build && cd build && meson install
+```
+
+## Build
+
+Requires `meson` and `ninja`.
+
+```bash
+meson --buildtype=debug build && cd build && meson compile
+```

Diff for: README.md

@@ -0,0 +1,20 @@
+project(
+  'nss-docker', 'c',
+  version: '0.1',
+  license: 'GPL-3.0-or-later',
+  meson_version: '>=0.61.1',
+  default_options: [
+    'prefix=/usr',
+    'buildtype=release',
+    'warning_level=3',
+    'werror=true',
+    'b_lto=true',
+    'b_lto_mode=thin',
+    'b_ndebug=if-release',
+    'strip=true' # only strip on install
+  ],
+)
+
+subdir('src')
+
+install_man('nss-docker.8')

Diff for: meson.build

@@ -0,0 +1,43 @@
+.TH NSS-DOCKER 8 2022-02-11 "nss-docker 0.1"
+
+.SH NAME
+nss-docker, libnss_docker\&.so\&.2 - Hostname resolution for Docker containers
+
+.SH DESCRIPTION
+.PP
+\fBnss-docker\fP is a plug-in module for the GNU Name Service Switch (NSS) functionality of the glibc providing hostname resolution for the names and UUID of Docker containers.
+.PP
+To use this module, add "docker" to the line starting with "hosts:" in the file /etc/nssswitch.conf.
+
+.SH EXAMPLE
+.PP
+Here is an example of /etc/nssswitch.conf with "docker" enabled:
+.PP
+.RS 4
+.EX
+passwd: files systemd
+group: files [SUCCESS=merge] systemd
+shadow: files systemd
+gshadow: files systemd
+
+publickey: files
+
+hosts: mymachines mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname \fBdocker\fP dns
+networks: files
+
+protocols: files
+services: files
+ethers: files
+rpc: files
+
+netgroup: files
+.EE
+
+It is recommended to place "docker" at the end \fBbut before\fP "dns".
+
+.SH SEE ALSO
+.PP
+\fBnsswitch.conf\fP(5), \fBgetent\fP(1)
+
+.SH AUTHOR
+Kenji 'Nhqml' Gaillac

Diff for: nss-docker.8

@@ -0,0 +1,153 @@
+#include <errno.h>
+#include <error.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <cjson/cJSON.h>
+#include <curl/curl.h>
+
+#include "docker_api.h"
+#include "utils.h"
+
+size_t jsonify(void *data, size_t size, size_t nmemb, void *userdata)
+{
+    size_t realsize = size * nmemb;
+
+    struct cJSON *json = cJSON_Parse(data);
+    *(struct cJSON **)userdata = json;
+
+    return realsize;
+}
+
+char *_inspect_container_url(const char *name)
+{
+    char *url = xmalloc(_DOCKER_API_URL_BASE_SIZE + strlen(name) + 1);
+    sprintf(url, DOCKER_API_ENDPOINT DOCKER_API_VERSION DOCKER_API_URL_P1 "%s" DOCKER_API_URL_P2, name);
+
+    return url;
+}
+
+struct container *container_new(const char *name)
+{
+    struct container *container = xmalloc(sizeof(struct container));
+
+    size_t name_len = strlen(name);
+
+    container->name = xmalloc(name_len + 1);
+    strcpy(container->name, name);
+    container->short_uuid = xmalloc(DOCKER_SHORT_UUID_SIZE + 1);
+
+    container->addr_list = xcalloc(1, sizeof(char *));
+    container->n_addr = 0;
+
+    return container;
+}
+
+struct container *container_set_short_uuid(struct container *container, const char *uuid)
+{
+    strncpy(container->short_uuid, uuid, DOCKER_SHORT_UUID_SIZE);
+    container->short_uuid[DOCKER_SHORT_UUID_SIZE] = '\0';
+
+    return container;
+}
+
+struct container *container_add_addr(struct container *container, char *addr)
+{
+    if (addr != NULL)
+    {
+        ++container->n_addr;
+        container->addr_list = xreallocarray(container->addr_list, container->n_addr + 1, sizeof(char *));
+        container->addr_list[container->n_addr - 1] = addr;
+        container->addr_list[container->n_addr] = NULL;
+    }
+
+    return container;
+}
+
+void container_free(struct container *container)
+{
+    if (container != NULL)
+    {
+        free(container->name);
+        free(container->short_uuid);
+
+        for (char **addr = container->addr_list; *addr != NULL; ++addr)
+            free(*addr);
+        free(container->addr_list);
+
+        free(container);
+    }
+}
+
+struct container *inspect_container(const char *name, int af)
+{
+    CURL *curl = curl_easy_init();
+    if (curl == NULL)
+        error(1, errno, "failed when trying to retrieve containers");
+
+    struct curl_slist *headers = curl_slist_append(NULL, "Accept: application/json");
+    headers = curl_slist_append(headers, "Content-Type: application/json; charset=utf-8");
+
+    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
+    curl_easy_setopt(curl, CURLOPT_UNIX_SOCKET_PATH, DOCKER_API_SOCK);
+
+    char *docker_api_url = _inspect_container_url(name);
+    curl_easy_setopt(curl, CURLOPT_URL, docker_api_url);
+
+    struct cJSON *json;
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, jsonify);
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&json);
+
+    CURLcode res = curl_easy_perform(curl);
+    if (res != CURLE_OK)
+        error(1, 0, "failed when trying to retrieve containers: %s", curl_easy_strerror(res));
+
+    long http_code = 0;
+    curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
+
+    free(docker_api_url);
+    curl_easy_cleanup(curl);
+
+    if (http_code != 200)
+        return NULL;
+
+    struct container *container = NULL;
+
+    struct cJSON *container_name = cJSON_GetObjectItemCaseSensitive(json, "Name");
+    if (!cJSON_IsString(container_name))
+        return NULL;
+
+    container = container_new(container_name->valuestring + 1); // +1 to skip leading '/' in the name
+
+    struct cJSON *container_uuid = cJSON_GetObjectItemCaseSensitive(json, "Id");
+    if (cJSON_IsString(container_uuid))
+        container_set_short_uuid(container, container_uuid->valuestring);
+
+    struct cJSON *container_netsettings = cJSON_GetObjectItemCaseSensitive(json, "NetworkSettings");
+    if (container_netsettings != NULL)
+    {
+        struct cJSON *container_nets = cJSON_GetObjectItemCaseSensitive(container_netsettings, "Networks");
+
+        for (int i = 0; i < cJSON_GetArraySize(container_nets); ++i)
+        {
+            struct cJSON *container_net = cJSON_GetArrayItem(container_nets, i);
+            if (container_net != NULL)
+            {
+                char *container_addr = cJSON_GetStringValue(cJSON_GetObjectItemCaseSensitive(container_net, "IPAddress"));
+
+                if (container_addr != NULL && container_addr[0] != '\0')
+                    container_add_addr(container, parse_addr(container_addr, af));
+            }
+        }
+    }
+
+    cJSON_free(json);
+
+    if (container->n_addr == 0)
+    {
+        container_free(container);
+        container = NULL;
+    }
+
+    return container;
+}

Diff for: src/container.c

@@ -0,0 +1,25 @@
+#pragma once
+
+#define DOCKER_API_SOCK "/var/run/docker.sock"
+#define DOCKER_API_ENDPOINT "http://localhost/"
+#define DOCKER_API_VERSION "v1.41"
+
+#define DOCKER_API_URL_P1 "/containers/"
+#define DOCKER_API_URL_P2 "/json"
+
+#define _DOCKER_API_URL_BASE_SIZE 39
+
+#define DOCKER_UUID_SIZE 64
+#define DOCKER_SHORT_UUID_SIZE 12
+
+#define DOCKER_LOCAL_DOMAIN ".docker.local"
+
+struct container
+{
+    char *name;
+    char *short_uuid;
+    size_t n_addr;
+    char **addr_list;
+};
+
+struct container *inspect_container(const char *name, int af);

Diff for: src/container.h

@@ -0,0 +1,92 @@
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <nss.h>
+#include <string.h>
+
+#include "docker_api.h"
+#include "docker_nss.h"
+#include "utils.h"
+
+enum nss_status _nss_docker_gethostbyname_r(const char *name,
+                                            struct hostent *result,
+                                            char *buf, size_t buflen,
+                                            int *errnop, int *h_errnop)
+{
+    return _nss_docker_gethostbyname3_r(name, AF_INET, result, buf, buflen, errnop, h_errnop, NULL, NULL);
+}
+
+enum nss_status _nss_docker_gethostbyname2_r(const char *name, int af,
+                                             struct hostent *result,
+                                             char *buf, size_t buflen,
+                                             int *errnop, int *h_errnop)
+{
+    return _nss_docker_gethostbyname3_r(name, af, result, buf, buflen, errnop, h_errnop, NULL, NULL);
+}
+
+/**
+** \brief Returns the name without docker local domain
+*/
+char *strip_docker_local_domain(const char *name)
+{
+    if (name == NULL)
+        return NULL;
+
+    char *stripped_name = xstrdup(name);
+
+    for (char *c = stripped_name; *c != '\0'; ++c)
+    {
+        if (*c == '.')
+        {
+            if (strcmp(c, DOCKER_LOCAL_DOMAIN) == 0)
+            {
+                *c = '\0'; // Terminate the string here
+                break;
+            }
+        }
+    }
+
+    return stripped_name;
+}
+
+enum nss_status _nss_docker_gethostbyname3_r(const char *name, int af,
+                                             struct hostent *result,
+                                             char *buf, size_t buflen,
+                                             int *errnop, int *h_errnop,
+                                             int32_t *ttlp, char **canonp)
+{
+    /* I don't know for sure what ttlp is, my guess is that it's a pointer to
+    the TTL but since it's seems that no one uses it, neither am I... */
+    if (ttlp)
+        *ttlp = 0;
+
+    if (af == AF_UNSPEC)
+        af = AF_INET;
+
+    (void)buf;
+    (void)buflen;
+
+    char *stripped_name = strip_docker_local_domain(name);
+    struct container *container = inspect_container(stripped_name, af);
+    free(stripped_name);
+    if (container == NULL)
+        return NSS_STATUS_NOTFOUND;
+
+    char **r_aliases = xcalloc(2, sizeof(char *));
+    r_aliases[0] = container->short_uuid;
+
+    result->h_name = container->name;
+    result->h_aliases = r_aliases;
+    result->h_addrtype = af;
+    result->h_length = 4;
+    result->h_addr_list = container->addr_list;
+
+    *errnop = 0;
+    *h_errnop = 0;
+
+    /* I don't know for sure what canonp is, my guess is that it's a pointer to
+    a list of "canonical names" */
+    if (canonp)
+        *canonp = result->h_name;
+
+    return NSS_STATUS_SUCCESS;
+}

Diff for: src/docker_api.c

@@ -0,0 +1,30 @@
+#pragma once
+
+#define PUBLIC __attribute__((visibility("default")))
+
+#define MAX_NR_ALIASES 48
+#define MAX_NR_ADDRS 48
+
+#include <nss.h>
+
+enum nss_status
+    PUBLIC
+    _nss_docker_gethostbyname_r(const char *name,
+                                struct hostent *result,
+                                char *buf, size_t buflen,
+                                int *errnop, int *h_errnop);
+
+enum nss_status
+    PUBLIC
+    _nss_docker_gethostbyname2_r(const char *name, int af,
+                                 struct hostent *result,
+                                 char *buf, size_t buflen,
+                                 int *errnop, int *h_errnop);
+
+enum nss_status
+    PUBLIC
+    _nss_docker_gethostbyname3_r(const char *name, int af,
+                                 struct hostent *result,
+                                 char *buf, size_t buflen,
+                                 int *errnop, int *h_errnop,
+                                 int32_t *ttlp, char **canonp);