diff --git a/src/auth.c b/src/auth.c index 5ac6f21..e3d54cc 100644 --- a/src/auth.c +++ b/src/auth.c @@ -16,6 +16,7 @@ #include "dnsmasq.h" +#ifdef HAVE_AUTH static struct subnet *filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) { @@ -735,7 +736,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n return ansp - (unsigned char *)header; } - +#endif diff --git a/src/config.h b/src/config.h index 31fb1cc..cb31eb6 100644 --- a/src/config.h +++ b/src/config.h @@ -96,12 +96,18 @@ HAVE_CONNTRACK a build-dependency on libnetfilter_conntrack, but the resulting binary will still run happily on a kernel without conntrack support. +HAVE_AUTH + define this to include the facility to act as an authoritative DNS + server for one or more zones. + + NO_IPV6 NO_TFTP NO_DHCP NO_DHCP6 NO_SCRIPT NO_LARGEFILE +NO_AUTH these are avilable to explictly disable compile time options which would otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or which are enabled by default in the distributed source tree. Building dnsmasq @@ -123,6 +129,7 @@ RESOLVFILE #define HAVE_DHCP6 #define HAVE_TFTP #define HAVE_SCRIPT +#define HAVE_AUTH /* #define HAVE_LUASCRIPT */ /* #define HAVE_BROKEN_RTC */ /* #define HAVE_DBUS */ @@ -311,6 +318,9 @@ HAVE_SOCKADDR_SA_LEN #define HAVE_SCRIPT #endif +#ifdef NO_AUTH +#undef HAVE_AUTH +#endif /* Define a string indicating which options are in use. DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */ @@ -369,7 +379,11 @@ static char *compile_opts = #ifndef HAVE_CONNTRACK "no-" #endif -"conntrack"; +"conntrack " +#ifndef HAVE_AUTH +"no-" +#endif + "auth"; #endif diff --git a/src/dnsmasq.c b/src/dnsmasq.c index 6e3a7c2..9d90b4d 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c @@ -148,6 +148,11 @@ int main (int argc, char **argv) die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF); #endif +#ifndef HAVE_AUTH + if (daemon->authserver) + die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF); +#endif + rand_init(); now = dnsmasq_time(); diff --git a/src/dnsmasq.h b/src/dnsmasq.h index d3b9fb8..a2b0131 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -910,7 +910,9 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, int in_arpa_name_2_addr(char *namein, struct all_addr *addrp); /* auth.c */ +#ifdef HAVE_AUTH size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr); +#endif /* util.c */ void rand_init(void); diff --git a/src/forward.c b/src/forward.c index 95807f8..3454848 100644 --- a/src/forward.c +++ b/src/forward.c @@ -812,6 +812,7 @@ void receive_query(struct listener *listen, time_t now) #endif } +#ifdef HAVE_AUTH if (auth_dns) { m = answer_auth(header, ((char *) header) + PACKETSZ, (size_t)n, now, &source_addr); @@ -820,6 +821,7 @@ void receive_query(struct listener *listen, time_t now) (char *)header, m, &source_addr, &dst_addr, if_index); } else +#endif { m = answer_request(header, ((char *) header) + PACKETSZ, (size_t)n, dst_addr_4, netmask, now); @@ -903,9 +905,11 @@ unsigned char *tcp_request(int confd, time_t now, else dst_addr_4.s_addr = 0; +#ifdef HAVE_AUTH if (auth_dns) m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr); else +#endif { /* m > 0 if answered from cache */ m = answer_request(header, ((char *) header) + 65536, (size_t)size,