Make authoritative stuff a compile-time option.

2025-12-19 10:18:25 +00:00 · 2012-12-18 18:30:30 +00:00
parent f8abe0c566
commit 4820dce97a
5 changed files with 28 additions and 2 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -16,6 +16,7 @@

 #include "dnsmasq.h"

+#ifdef HAVE_AUTH

 static struct subnet *filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
 {
@@ -735,7 +736,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
  return ansp - (unsigned char *)header;
 }
  
-  
+#endif  
  


--- a/src/config.h
+++ b/src/config.h
@@ -96,12 +96,18 @@ HAVE_CONNTRACK
   a build-dependency on libnetfilter_conntrack, but the resulting binary will
   still run happily on a kernel without conntrack support.

+HAVE_AUTH
+   define this to include the facility to act as an authoritative DNS
+   server for one or more zones.
+
+
 NO_IPV6
 NO_TFTP
 NO_DHCP
 NO_DHCP6
 NO_SCRIPT
 NO_LARGEFILE
+NO_AUTH
   these are avilable to explictly disable compile time options which would 
   otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or 
   which are enabled  by default in the distributed source tree. Building dnsmasq
@@ -123,6 +129,7 @@ RESOLVFILE
 #define HAVE_DHCP6 
 #define HAVE_TFTP
 #define HAVE_SCRIPT
+#define HAVE_AUTH
 /* #define HAVE_LUASCRIPT */
 /* #define HAVE_BROKEN_RTC */
 /* #define HAVE_DBUS */
@@ -311,6 +318,9 @@ HAVE_SOCKADDR_SA_LEN
 #define HAVE_SCRIPT
 #endif

+#ifdef NO_AUTH
+#undef HAVE_AUTH
+#endif

 /* Define a string indicating which options are in use.
   DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */
@@ -369,7 +379,11 @@ static char *compile_opts =
 #ifndef HAVE_CONNTRACK
 "no-"
 #endif
-"conntrack";
+"conntrack "
+#ifndef HAVE_AUTH
+"no-"
+#endif
+  "auth";

 #endif

--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -148,6 +148,11 @@ int main (int argc, char **argv)
    die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
 #endif

+#ifndef HAVE_AUTH
+  if (daemon->authserver)
+    die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
+#endif
+
  rand_init();
  
  now = dnsmasq_time();
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -910,7 +910,9 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
 int in_arpa_name_2_addr(char *namein, struct all_addr *addrp);

 /* auth.c */
+#ifdef HAVE_AUTH
 size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr);
+#endif

 /* util.c */
 void rand_init(void);
--- a/src/forward.c
+++ b/src/forward.c
@@ -812,6 +812,7 @@ void receive_query(struct listener *listen, time_t now)
 #endif
    }

+#ifdef HAVE_AUTH
  if (auth_dns)
    {
      m = answer_auth(header, ((char *) header) + PACKETSZ, (size_t)n, now, &source_addr);
@@ -820,6 +821,7 @@ void receive_query(struct listener *listen, time_t now)
 		  (char *)header, m, &source_addr, &dst_addr, if_index);
    }
  else
+#endif
    {
      m = answer_request(header, ((char *) header) + PACKETSZ, (size_t)n, 
 			 dst_addr_4, netmask, now);
@@ -903,9 +905,11 @@ unsigned char *tcp_request(int confd, time_t now,
      else
 	dst_addr_4.s_addr = 0;
      
+#ifdef HAVE_AUTH
      if (auth_dns)
 	m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr);
      else
+#endif
 	{
 	  /* m > 0 if answered from cache */
 	  m = answer_request(header, ((char *) header) + 65536, (size_t)size,