Add constructor-noauth: keyword

921360ce · Simon Kelley · 429805db · 921360ce · 921360ce · 921360ce
Commit 921360ce authored May 31, 2013 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 2 deletions

man/dnsmasq.8 man/dnsmasq.8 +10 -2

src/auth.c src/auth.c +1 -0

src/dnsmasq.h src/dnsmasq.h +1 -0

src/option.c src/option.c +5 -0

No files found.
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -574,9 +574,11 @@ needed for a client to do validation itself.
 .TP
 .B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]]
 Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain
-will be served, except that A and AAAA records must be in one of the
+will be served. A and AAAA records must be in one of the
 specified subnets, or in a subnet corresponding to a constructed DHCP
-range. The subnet(s) are also used to define in-addr.arpa and
+range. (This can be overridden with 
+.B constructor-noauth:
+) The subnet(s) are also used to define in-addr.arpa and
 ipv6.arpa domains which are served for reverse-DNS queries. If not
 specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6.
 For IPv4 subnets, the prefix length should be have the value 8, 16 or 24
@@ -660,6 +662,12 @@ equal either the start or end address given in the dhcp-range. This is
 to prevent prefixes becoming perpetual if the interface 
 gains a SLAAC address for the prefix when it is advertised by dnsmasq.

+There is a variant of the constructor: syntax using the keyword
+.B constructor-noauth.
+See 
+.B --auth-zone
+for an explanation of this.
+
 The optional 
 .B set:<tag> 
 sets an alphanumeric label which marks this network so that

--- a/src/auth.c
+++ b/src/auth.c
@@ -54,6 +54,7 @@ static int filter_constructed_dhcp(struct auth_zone *zone, int flag, struct all_
  if (flag & F_IPV6)
    for (context = daemon->dhcp6; context; context = context->next)
      if ((context->flags & CONTEXT_CONSTRUCTED) &&
+	  !(context->flags & CONTEXT_NOAUTH) &&
 	  is_same_net6(&(addr_u->addr.addr6), &context->start6, context->prefix))
 	return 1;
 #endif

--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -731,6 +731,7 @@ struct dhcp_context {
 #define CONTEXT_RA          8192
 #define CONTEXT_CONF_USED  16384
 #define CONTEXT_USED       32768
+#define CONTEXT_NOAUTH     65536

 struct ping_result {
  struct in_addr addr;

--- a/src/option.c
+++ b/src/option.c
@@ -2409,6 +2409,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		    new->template_interface = opt_string_alloc(a[leasepos] + 12);
 		    new->flags |= CONTEXT_TEMPLATE;
 		  }
+		else if (strstr(a[leasepos], "constructor-noauth:") == a[leasepos])
+		  {
+		    new->template_interface = opt_string_alloc(a[leasepos] + 19);
+		    new->flags |= CONTEXT_TEMPLATE | CONTEXT_NOAUTH;
+		  }
 		else  
 		  break;
 	      }