Skip to content

D
Dnsmasq
Commit 5f938534 authored by Simon Kelley's avatar Simon Kelley
Browse files
Options

Return configured DNSKEYs even though we don't have RRSIGS for them.

parent 8d718cbb
Hide whitespace changes
Inline Side-by-side
Showing with 68 additions and 66 deletions
src/blockdata.c
View file @ 5f938534
...@@ -73,8 +73,7 @@ struct blockdata *blockdata_alloc(char *data, size_t len) ...@@ -73,8 +73,7 @@ struct blockdata *blockdata_alloc(char *data, size_t len)
keyblock_free = block->next; keyblock_free = block->next;
blockdata_count++; blockdata_count++;
} }
else
if (!block)
{ {
/* failed to alloc, free partial chain */ /* failed to alloc, free partial chain */
blockdata_free(ret); blockdata_free(ret);
......
src/cache.c
View file @ 5f938534
...@@ -486,7 +486,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr, ...@@ -486,7 +486,7 @@ struct crec *cache_insert(char *name, struct all_addr *addr,
insert. Once in this state, all inserts will probably fail. */ insert. Once in this state, all inserts will probably fail. */
if (free_avail) if (free_avail)
{ {
static warned = 0; static int warned = 0;
if (!warned) if (!warned)
{ {
my_syslog(LOG_ERR, _("Internal error in cache.")); my_syslog(LOG_ERR, _("Internal error in cache."));
......
src/rfc1035.c
View file @ 5f938534
...@@ -1553,34 +1553,35 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ...@@ -1553,34 +1553,35 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && (qtype == T_DNSKEY || qtype == T_DS || qtype == T_RRSIG)) if (option_bool(OPT_DNSSEC_VALID) && (qtype == T_DNSKEY || qtype == T_DS || qtype == T_RRSIG))
{ {
int gotone = 0; int gotone = 0, have_rrsig = 0;
struct blockdata *keydata; struct blockdata *keydata;
/* Do we have RRSIG? Can't do DS or DNSKEY otherwise. */ /* Do we have RRSIG? Can't do DS or DNSKEY otherwise. */
crecp = NULL; crecp = NULL;
while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY | F_DS))) while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY | F_DS)))
if (crecp->uid == qclass && (qtype == T_RRSIG || crecp->addr.sig.type_covered == qtype)) if (crecp->uid == qclass && (qtype == T_RRSIG || crecp->addr.sig.type_covered == qtype))
break; {
have_rrsig = 1;
break;
}
if (crecp) if (qtype == T_RRSIG && have_rrsig)
{ {
if (qtype == T_RRSIG) ans = gotone = 1;
{ auth = 0;
ans = gotone = 1; }
auth = 0; else if (qtype == T_DS && have_rrsig)
} {
else if (qtype == T_DS) auth = 0;
{ crecp = NULL;
auth = 0; while ((crecp = cache_find_by_name(crecp, name, now, F_DS)))
crecp = NULL; if (crecp->uid == qclass)
while ((crecp = cache_find_by_name(crecp, name, now, F_DS))) {
if (crecp->uid == qclass) ans = gotone = 1;
{ if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.ds.keydata, crecp->addr.ds.keylen, NULL)))
ans = gotone = 1; {
if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.ds.keydata, crecp->addr.ds.keylen, NULL))) struct all_addr a;
{ a.addr.keytag = crecp->addr.ds.keytag;
struct all_addr a;
a.addr.keytag = crecp->addr.ds.keytag;
log_query(F_KEYTAG | (crecp->flags & F_CONFIG), name, &a, "DS keytag %u"); log_query(F_KEYTAG | (crecp->flags & F_CONFIG), name, &a, "DS keytag %u");
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
crec_ttl(crecp, now), &nameoffset, crec_ttl(crecp, now), &nameoffset,
...@@ -1588,54 +1589,56 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ...@@ -1588,54 +1589,56 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
crecp->addr.ds.keytag, crecp->addr.ds.algo, crecp->addr.ds.digest, crecp->addr.ds.keylen, keydata)) crecp->addr.ds.keytag, crecp->addr.ds.algo, crecp->addr.ds.digest, crecp->addr.ds.keylen, keydata))
anscount++; anscount++;
} }
} }
} }
else if (qtype == T_DNSKEY) else if (qtype == T_DNSKEY)
{
crecp = NULL;
while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY)))
if (crecp->uid == qclass)
{ {
crecp = NULL; if ((crecp->flags & F_CONFIG) || have_rrsig) /* Return configured keys without an RRISG */
while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY))) {
if (crecp->uid == qclass) if (!(crecp->flags & F_CONFIG))
{ auth = 0, gotone = 1;
if (!(crecp->flags & F_CONFIG)) ans = 1;
auth = 0; if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.key.keydata, crecp->addr.key.keylen, NULL)))
ans = gotone = 1; {
if (!dryrun && (keydata = blockdata_retrieve(crecp->addr.key.keydata, crecp->addr.key.keylen, NULL))) struct all_addr a;
{ a.addr.keytag = crecp->addr.key.keytag;
struct all_addr a; log_query(F_KEYTAG | (crecp->flags & F_CONFIG), name, &a, "DNSKEY keytag %u");
a.addr.keytag = crecp->addr.key.keytag; if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
log_query(F_KEYTAG | (crecp->flags & F_CONFIG), name, &a, "DNSKEY keytag %u"); crec_ttl(crecp, now), &nameoffset,
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, T_DNSKEY, qclass, "sbbt",
crec_ttl(crecp, now), &nameoffset, crecp->addr.key.flags, 3, crecp->addr.key.algo, crecp->addr.key.keylen, keydata))
T_DNSKEY, qclass, "sbbt", anscount++;
crecp->addr.key.flags, 3, crecp->addr.key.algo, crecp->addr.key.keylen, keydata)) }
anscount++; }
}
}
} }
}
/* Now do RRSIGs */ /* Now do RRSIGs */
if (gotone) if (gotone)
{ {
crecp = NULL; crecp = NULL;
while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY | F_DS))) while ((crecp = cache_find_by_name(crecp, name, now, F_DNSKEY | F_DS)))
if (crecp->uid == qclass && (qtype == T_RRSIG || (sec_reqd && crecp->addr.sig.type_covered == qtype)) && if (crecp->uid == qclass && (qtype == T_RRSIG || (sec_reqd && crecp->addr.sig.type_covered == qtype)) &&
!dryrun && !dryrun &&
(keydata = blockdata_retrieve(crecp->addr.sig.keydata, crecp->addr.sig.keylen, NULL))) (keydata = blockdata_retrieve(crecp->addr.sig.keydata, crecp->addr.sig.keylen, NULL)))
{
if (qtype == T_RRSIG)
{ {
if (qtype == T_RRSIG) char types[20];
{ querystr("rrsig", types, crecp->addr.sig.type_covered);
char types[20]; log_query(F_RRNAME, name, NULL, types);
querystr("rrsig", types, crecp->addr.sig.type_covered);
log_query(F_RRNAME, name, NULL, types);
}
if ((keydata = blockdata_retrieve(crecp->addr.sig.keydata, crecp->addr.sig.keylen, NULL)) &&
add_resource_record(header, limit, &trunc, nameoffset, &ansp,
crec_ttl(crecp, now), &nameoffset,
T_RRSIG, qclass, "t", crecp->addr.sig.keylen, keydata))
anscount++;
} }
} if ((keydata = blockdata_retrieve(crecp->addr.sig.keydata, crecp->addr.sig.keylen, NULL)) &&
add_resource_record(header, limit, &trunc, nameoffset, &ansp,
crec_ttl(crecp, now), &nameoffset,
T_RRSIG, qclass, "t", crecp->addr.sig.keylen, keydata))
anscount++;
}
} }
} }
#endif #endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment