Make authoritative stuff a compile-time option.

src/auth.c

@@ -16,6 +16,7 @@
 
 #include "dnsmasq.h"
 
+#ifdef HAVE_AUTH
 
 static struct subnet *filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
 {
@@ -735,7 +736,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
   return ansp - (unsigned char *)header;
 }
   
-  
+#endif  
   
 
 

src/config.h

@@ -96,12 +96,18 @@ HAVE_CONNTRACK
    a build-dependency on libnetfilter_conntrack, but the resulting binary will
    still run happily on a kernel without conntrack support.
 
+HAVE_AUTH
+   define this to include the facility to act as an authoritative DNS
+   server for one or more zones.
+
+
 NO_IPV6
 NO_TFTP
 NO_DHCP
 NO_DHCP6
 NO_SCRIPT
 NO_LARGEFILE
+NO_AUTH
    these are avilable to explictly disable compile time options which would 
    otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or 
    which are enabled  by default in the distributed source tree. Building dnsmasq
@@ -123,6 +129,7 @@ RESOLVFILE
 #define HAVE_DHCP6 
 #define HAVE_TFTP
 #define HAVE_SCRIPT
+#define HAVE_AUTH
 /* #define HAVE_LUASCRIPT */
 /* #define HAVE_BROKEN_RTC */
 /* #define HAVE_DBUS */
@@ -311,6 +318,9 @@ HAVE_SOCKADDR_SA_LEN
 #define HAVE_SCRIPT
 #endif
 
+#ifdef NO_AUTH
+#undef HAVE_AUTH
+#endif
 
 /* Define a string indicating which options are in use.
    DNSMASQP_COMPILE_OPTS is only defined in dnsmasq.c */
@@ -369,7 +379,11 @@ static char *compile_opts =
 #ifndef HAVE_CONNTRACK
 "no-"
 #endif
-"conntrack";
+"conntrack "
+#ifndef HAVE_AUTH
+"no-"
+#endif
+  "auth";
 
 #endif
 

src/dnsmasq.c

@@ -148,6 +148,11 @@ int main (int argc, char **argv)
     die(_("asychronous logging is not available under Android"), NULL, EC_BADCONF);
 #endif
 
+#ifndef HAVE_AUTH
+  if (daemon->authserver)
+    die(_("authoritative DNS not available: set HAVE_AUTH in src/config.h"), NULL, EC_BADCONF);
+#endif
+
   rand_init();
   
   now = dnsmasq_time();

src/dnsmasq.h

@@ -910,7 +910,9 @@ int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
 int in_arpa_name_2_addr(char *namein, struct all_addr *addrp);
 
 /* auth.c */
+#ifdef HAVE_AUTH
 size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr);
+#endif
 
 /* util.c */
 void rand_init(void);

src/forward.c

@@ -812,6 +812,7 @@ void receive_query(struct listener *listen, time_t now)
 #endif
     }
 
+#ifdef HAVE_AUTH
   if (auth_dns)
     {
       m = answer_auth(header, ((char *) header) + PACKETSZ, (size_t)n, now, &source_addr);
@@ -820,6 +821,7 @@ void receive_query(struct listener *listen, time_t now)
 		  (char *)header, m, &source_addr, &dst_addr, if_index);
     }
   else
+#endif
     {
       m = answer_request(header, ((char *) header) + PACKETSZ, (size_t)n, 
 			 dst_addr_4, netmask, now);
@@ -903,9 +905,11 @@ unsigned char *tcp_request(int confd, time_t now,
       else
 	dst_addr_4.s_addr = 0;
       
+#ifdef HAVE_AUTH
       if (auth_dns)
 	m = answer_auth(header, ((char *) header) + 65536, (size_t)size, now, &peer_addr);
       else
+#endif
 	{
 	  /* m > 0 if answered from cache */
 	  m = answer_request(header, ((char *) header) + 65536, (size_t)size,