1libval_shim(3) Programmer's Manual libval_shim(3)
2
6 The Validator Shim Library
7
9 The validator shim library (libval_shim.so) is a shared library
10 designed to be dynamically loaded using the 'LD_PRELOAD' mechanism
11 (ld.so(8)) supported on linux and various other unix-like platforms.
12 The shim library implements wrappers for a number of DNS related func‐
13 tions and in turn calls equivalent DNSSEC-aware validating functions
14 from libval(3), mapping the results to return codes recognized by the
15 original functions. In this way a wide variety of applications can be
16 made DNSSEC aware without code changes and recompilation.
17 The method of mapping return codes assumes that any 'untrusted' or
19 failure result from the libval(3) function is reflected as a failure to
20 the original calling function.
21 Usage:
23 To load the library set LD_PRELOAD variable within the environment of
25 the the target application prior to execution:
26 Validation Policy:
28 The validator shim library will create a policy context and cache it
30 for all subsequent libval(3) calls. A NULL policy label will be passed
31 to create the context. The policy is chosen according to rules defined
32 for libval(3).
33 See dnsval.conf(1) for information on policy labels and definition.
35 Logging:
37 Logging for the libval(3) functions may be enabled in the shim library
39 by setting an environment variable.
40 See validate(1) for specifics.
42
44 setuid/setgid programs
45 setuid and setgid root programs (e.g., ping(8)) do not honor the
47 LD_PRELOAD setting. These application may still use the LD_PRELOAD
48 mechanism when run directly from a root shell.
49
51 Copyright 2004-2011 SPARTA, Inc. All rights reserved. See the COPYING
52 file included with the dnssec-tools package for details.
53
55 G. S. Marzot
56
58 libsres(3), libval(3), dnsval.conf(1), gethostbyname(3)
59 gethostbyaddr(3), getnameinfo(3), getaddrinfo(3), res_query(3)
61perl v5.8.9 2011-06-28 libval_shim(3)