mirror of
https://github.com/pi-hole/dnsmasq.git
synced 2025-12-19 18:28:25 +00:00
Don't filter by subnet when handling local queries for auth-zones.
This commit is contained in:
Simon Kelley
37
src/auth.c
37
src/auth.c
@@ -89,7 +89,7 @@ int in_zone(struct auth_zone *zone, char *name, char **cut)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr)
|
size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr, int local_query)
|
||||||
{
|
{
|
||||||
char *name = daemon->namebuff;
|
char *name = daemon->namebuff;
|
||||||
unsigned char *p, *ansp;
|
unsigned char *p, *ansp;
|
||||||
@@ -97,7 +97,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|||||||
int nameoffset, axfroffset = 0;
|
int nameoffset, axfroffset = 0;
|
||||||
int q, anscount = 0, authcount = 0;
|
int q, anscount = 0, authcount = 0;
|
||||||
struct crec *crecp;
|
struct crec *crecp;
|
||||||
int auth = 1, trunc = 0, nxdomain = 1, soa = 0, ns = 0, axfr = 0;
|
int auth = !local_query, trunc = 0, nxdomain = 1, soa = 0, ns = 0, axfr = 0;
|
||||||
struct auth_zone *zone = NULL;
|
struct auth_zone *zone = NULL;
|
||||||
struct subnet *subnet = NULL;
|
struct subnet *subnet = NULL;
|
||||||
char *cut;
|
char *cut;
|
||||||
@@ -144,14 +144,17 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|||||||
if (!(flag = in_arpa_name_2_addr(name, &addr)))
|
if (!(flag = in_arpa_name_2_addr(name, &addr)))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
for (zone = daemon->auth_zones; zone; zone = zone->next)
|
if (!local_query)
|
||||||
if ((subnet = filter_zone(zone, flag, &addr)))
|
|
||||||
break;
|
|
||||||
|
|
||||||
if (!zone)
|
|
||||||
{
|
{
|
||||||
auth = 0;
|
for (zone = daemon->auth_zones; zone; zone = zone->next)
|
||||||
continue;
|
if ((subnet = filter_zone(zone, flag, &addr)))
|
||||||
|
break;
|
||||||
|
|
||||||
|
if (!zone)
|
||||||
|
{
|
||||||
|
auth = 0;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
intr = NULL;
|
intr = NULL;
|
||||||
@@ -367,7 +370,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|||||||
nxdomain = 0;
|
nxdomain = 0;
|
||||||
|
|
||||||
for (; addrlist; addrlist = addrlist->next)
|
for (; addrlist; addrlist = addrlist->next)
|
||||||
if (filter_constructed_dhcp(zone, flag, &addrlist->addr))
|
if (local_query || filter_constructed_dhcp(zone, flag, &addrlist->addr))
|
||||||
{
|
{
|
||||||
found = 1;
|
found = 1;
|
||||||
log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
|
log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
|
||||||
@@ -462,7 +465,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|||||||
{
|
{
|
||||||
nxdomain = 0;
|
nxdomain = 0;
|
||||||
if ((crecp->flags & flag) &&
|
if ((crecp->flags & flag) &&
|
||||||
(filter_constructed_dhcp(zone, flag, &(crecp->addr.addr))))
|
(local_query || filter_constructed_dhcp(zone, flag, &(crecp->addr.addr))))
|
||||||
{
|
{
|
||||||
*cut = '.'; /* restore domain part */
|
*cut = '.'; /* restore domain part */
|
||||||
log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
|
log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
|
||||||
@@ -485,7 +488,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|||||||
do
|
do
|
||||||
{
|
{
|
||||||
nxdomain = 0;
|
nxdomain = 0;
|
||||||
if ((crecp->flags & flag) && filter_constructed_dhcp(zone, flag, &(crecp->addr.addr)))
|
if ((crecp->flags & flag) && (local_query || filter_constructed_dhcp(zone, flag, &(crecp->addr.addr))))
|
||||||
{
|
{
|
||||||
log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
|
log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
|
||||||
found = 1;
|
found = 1;
|
||||||
@@ -675,14 +678,14 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|||||||
*cut = 0;
|
*cut = 0;
|
||||||
|
|
||||||
for (addrlist = intr->addr4; addrlist; addrlist = addrlist->next)
|
for (addrlist = intr->addr4; addrlist; addrlist = addrlist->next)
|
||||||
if (filter_constructed_dhcp(zone, F_IPV4, &addrlist->addr) &&
|
if ((local_query || filter_constructed_dhcp(zone, F_IPV4, &addrlist->addr)) &&
|
||||||
add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
|
add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
|
||||||
daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr))
|
daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr))
|
||||||
anscount++;
|
anscount++;
|
||||||
|
|
||||||
#ifdef HAVE_IPV6
|
#ifdef HAVE_IPV6
|
||||||
for (addrlist = intr->addr6; addrlist; addrlist = addrlist->next)
|
for (addrlist = intr->addr6; addrlist; addrlist = addrlist->next)
|
||||||
if (filter_constructed_dhcp(zone, F_IPV6, &addrlist->addr) &&
|
if ((local_query || filter_constructed_dhcp(zone, F_IPV6, &addrlist->addr)) &&
|
||||||
add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
|
add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
|
||||||
daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr))
|
daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr))
|
||||||
anscount++;
|
anscount++;
|
||||||
@@ -722,7 +725,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|||||||
if ((crecp->flags & F_DHCP) && !option_bool(OPT_DHCP_FQDN))
|
if ((crecp->flags & F_DHCP) && !option_bool(OPT_DHCP_FQDN))
|
||||||
{
|
{
|
||||||
char *cache_name = cache_get_name(crecp);
|
char *cache_name = cache_get_name(crecp);
|
||||||
if (!strchr(cache_name, '.') && filter_constructed_dhcp(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))
|
if (!strchr(cache_name, '.') &&
|
||||||
|
(local_query || filter_constructed_dhcp(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))))
|
||||||
{
|
{
|
||||||
qtype = T_A;
|
qtype = T_A;
|
||||||
#ifdef HAVE_IPV6
|
#ifdef HAVE_IPV6
|
||||||
@@ -739,7 +743,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|||||||
if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))
|
if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))
|
||||||
{
|
{
|
||||||
strcpy(name, cache_get_name(crecp));
|
strcpy(name, cache_get_name(crecp));
|
||||||
if (in_zone(zone, name, &cut) && filter_constructed_dhcp(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr)))
|
if (in_zone(zone, name, &cut) &&
|
||||||
|
(local_query || filter_constructed_dhcp(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))))
|
||||||
{
|
{
|
||||||
qtype = T_A;
|
qtype = T_A;
|
||||||
#ifdef HAVE_IPV6
|
#ifdef HAVE_IPV6
|
||||||
|
|||||||
@@ -992,7 +992,8 @@ int private_net(struct in_addr addr, int ban_localhost);
|
|||||||
|
|
||||||
/* auth.c */
|
/* auth.c */
|
||||||
#ifdef HAVE_AUTH
|
#ifdef HAVE_AUTH
|
||||||
size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr);
|
size_t answer_auth(struct dns_header *header, char *limit, size_t qlen,
|
||||||
|
time_t now, union mysockaddr *peer_addr, int local_query);
|
||||||
int in_zone(struct auth_zone *zone, char *name, char **cut);
|
int in_zone(struct auth_zone *zone, char *name, char **cut);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@@ -676,7 +676,7 @@ void receive_query(struct listener *listen, time_t now)
|
|||||||
size_t m;
|
size_t m;
|
||||||
ssize_t n;
|
ssize_t n;
|
||||||
int if_index = 0;
|
int if_index = 0;
|
||||||
int auth_dns = 0;
|
int local_auth = 0, auth_dns = 0;
|
||||||
struct iovec iov[1];
|
struct iovec iov[1];
|
||||||
struct msghdr msg;
|
struct msghdr msg;
|
||||||
struct cmsghdr *cmptr;
|
struct cmsghdr *cmptr;
|
||||||
@@ -869,6 +869,7 @@ void receive_query(struct listener *listen, time_t now)
|
|||||||
if (in_zone(zone, daemon->namebuff, NULL))
|
if (in_zone(zone, daemon->namebuff, NULL))
|
||||||
{
|
{
|
||||||
auth_dns = 1;
|
auth_dns = 1;
|
||||||
|
local_auth = 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -877,7 +878,7 @@ void receive_query(struct listener *listen, time_t now)
|
|||||||
#ifdef HAVE_AUTH
|
#ifdef HAVE_AUTH
|
||||||
if (auth_dns)
|
if (auth_dns)
|
||||||
{
|
{
|
||||||
m = answer_auth(header, ((char *) header) + PACKETSZ, (size_t)n, now, &source_addr);
|
m = answer_auth(header, ((char *) header) + PACKETSZ, (size_t)n, now, &source_addr, local_auth);
|
||||||
if (m >= 1)
|
if (m >= 1)
|
||||||
{
|
{
|
||||||
send_from(listen->fd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND),
|
send_from(listen->fd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND),
|
||||||
@@ -914,6 +915,7 @@ unsigned char *tcp_request(int confd, time_t now,
|
|||||||
{
|
{
|
||||||
size_t size = 0;
|
size_t size = 0;
|
||||||
int norebind = 0;
|
int norebind = 0;
|
||||||
|
int local_auth = 0;
|
||||||
int checking_disabled, check_subnet;
|
int checking_disabled, check_subnet;
|
||||||
size_t m;
|
size_t m;
|
||||||
unsigned short qtype;
|
unsigned short qtype;
|
||||||
@@ -975,6 +977,7 @@ unsigned char *tcp_request(int confd, time_t now,
|
|||||||
if (in_zone(zone, daemon->namebuff, NULL))
|
if (in_zone(zone, daemon->namebuff, NULL))
|
||||||
{
|
{
|
||||||
auth_dns = 1;
|
auth_dns = 1;
|
||||||
|
local_auth = 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -987,7 +990,7 @@ unsigned char *tcp_request(int confd, time_t now,
|
|||||||
|
|
||||||
#ifdef HAVE_AUTH
|
#ifdef HAVE_AUTH
|
||||||
if (auth_dns)
|
if (auth_dns)
|
||||||
m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr);
|
m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr, local_auth);
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user