From 974a6d087a44c3f80831b607fb70a08746329ed1 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 23 Aug 2018 23:01:16 +0100
Subject: [PATCH] Add --caa-record

---
 CHANGELOG          |  2 ++
 man/dnsmasq.8      |  7 +++++--
 src/dns-protocol.h |  1 +
 src/option.c       | 36 +++++++++++++++++++++++++++++++++++-
 4 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 277719f..133090a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -51,6 +51,8 @@ version 2.80
 
 	Add --dhcp-name-match config option. 
 
+	Add --caa-record config option.
+	
 
 version 2.79
 	Fix parsing of CNAME arguments, which are confused by extra spaces.
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 7f53e9f..3e8ee18 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -593,6 +593,9 @@ Return a PTR DNS record.
 .B --naptr-record=<name>,<order>,<preference>,<flags>,<service>,<regexp>[,<replacement>]
 Return an NAPTR DNS record, as specified in RFC3403.
 .TP
+.B --caa-record=<name>,<flags>,<tag>,<value>
+Return a CAA DNS record, as specified in RFC6844.
+.TP
 .B --cname=<cname>,[<cname>,]<target>[,<TTL>]
 Return a CNAME record which indicates that <cname> is really
 <target>. There are significant limitations on the target; it must be a
@@ -2262,8 +2265,8 @@ secondary servers for reverse lookups.
 When dnsmasq is configured to act as an authoritative server, the
 following data is used to populate the authoritative zone.
 .PP
-.B --mx-host, --srv-host, --dns-rr, --txt-record, --naptr-record
-, as long as the record names are in the authoritative domain.
+.B --mx-host, --srv-host, --dns-rr, --txt-record, --naptr-record, --caa-record,
+as long as the record names are in the authoritative domain.
 .PP
 .B --cname
 as long as the record name is in  the authoritative domain. If the
diff --git a/src/dns-protocol.h b/src/dns-protocol.h
index 4958830..523763c 100644
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -76,6 +76,7 @@
 #define T_AXFR          252
 #define T_MAILB		253	
 #define T_ANY		255
+#define T_CAA           257
 
 #define EDNS0_OPTION_MAC            65001 /* dyndns.org temporary assignment */
 #define EDNS0_OPTION_CLIENT_SUBNET  8     /* IANA */
diff --git a/src/option.c b/src/option.c
index 8c818cc..a393ec1 100644
--- a/src/option.c
+++ b/src/option.c
@@ -165,6 +165,7 @@ struct myoption {
 #define LOPT_DUMPMASK      353
 #define LOPT_UBUS          354
 #define LOPT_NAME_MATCH    355
+#define LOPT_CAA           356
  
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -233,6 +234,7 @@ static const struct myoption opts[] =
     { "srv-host", 1, 0, 'W' },
     { "localise-queries", 0, 0, 'y' },
     { "txt-record", 1, 0, 'Y' },
+    { "caa-record", 1, 0 , LOPT_CAA },
     { "dns-rr", 1, 0, LOPT_RR },
     { "enable-dbus", 2, 0, '1' },
     { "enable-ubus", 0, 0, LOPT_UBUS },
@@ -481,6 +483,7 @@ static struct {
   { LOPT_RA, OPT_RA, NULL, gettext_noop("Send router-advertisements for interfaces doing DHCPv6"), NULL },
   { LOPT_DUID, ARG_ONE, "<enterprise>,<duid>", gettext_noop("Specify DUID_EN-type DHCPv6 server DUID"), NULL },
   { LOPT_HOST_REC, ARG_DUP, "<name>,<address>[,<ttl>]", gettext_noop("Specify host (A/AAAA and PTR) records"), NULL },
+  { LOPT_CAA, ARG_DUP, "<name>,<flags>,<tag>,<value>", gettext_noop("Specify certification authority authorization record"), NULL },  
   { LOPT_RR, ARG_DUP, "<name>,<RR-number>,[<data>]", gettext_noop("Specify arbitrary DNS resource record"), NULL },
   { LOPT_CLVERBIND, OPT_CLEVERBIND, NULL, gettext_noop("Bind to interfaces in use - check for new interfaces"), NULL },
   { LOPT_AUTHSERV, ARG_ONE, "<NS>,<interface>", gettext_noop("Export local names to global DNS"), NULL },
@@ -4002,7 +4005,7 @@ err:
 	
 	if (data)
 	  {
-	    new->txt=opt_malloc(len);
+	    new->txt = opt_malloc(len);
 	    new->len = len;
 	    memcpy(new->txt, data, len);
 	  }
@@ -4010,6 +4013,37 @@ err:
 	break;
       }
 
+    case LOPT_CAA: /* --caa-record */
+      {
+       	struct txt_record *new;
+	char *tag, *value;
+	int flags;
+	
+	comma = split(arg);
+	tag = split(comma);
+	value = split(tag);
+	
+	new = opt_malloc(sizeof(struct txt_record));
+	new->next = daemon->rr;
+	daemon->rr = new;
+
+	if (!atoi_check(comma, &flags) || !tag || !value || !(new->name = canonicalise_opt(arg)))
+	  ret_err(_("bad CAA record"));
+	
+	unhide_metas(tag);
+	unhide_metas(value);
+
+	new->len = strlen(tag) + strlen(value) + 2;
+	new->txt = opt_malloc(new->len);
+	new->txt[0] = flags;
+	new->txt[1] = strlen(tag);
+	memcpy(&new->txt[2], tag, strlen(tag));
+	memcpy(&new->txt[2 + strlen(tag)], value, strlen(value));
+	new->class = T_CAA;
+	
+	break;
+      }
+	
     case 'Y':  /* --txt-record */
       {
 	struct txt_record *new;