mirror of
https://github.com/pi-hole/dnsmasq.git
synced 2025-12-19 10:18:25 +00:00
Futher address union tidying.
Pass DNSKEY and DS data into cache_insert via the address argument, now these data types are included in struct all_addr.
This commit is contained in:
Simon Kelley
53
src/dnssec.c
53
src/dnssec.c
@@ -628,10 +628,10 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
|
||||
{
|
||||
/* iterate through all possible keys 4035 5.3.1 */
|
||||
for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
|
||||
if (crecp->addr.key.algo == algo &&
|
||||
crecp->addr.key.keytag == key_tag &&
|
||||
if (crecp->addr.addr.addr.key.algo == algo &&
|
||||
crecp->addr.addr.addr.key.keytag == key_tag &&
|
||||
crecp->uid == (unsigned int)class &&
|
||||
verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
|
||||
verify(crecp->addr.addr.addr.key.keydata, crecp->addr.addr.addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
|
||||
return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
|
||||
}
|
||||
}
|
||||
@@ -728,10 +728,10 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
|
||||
const struct nettle_hash *hash;
|
||||
int sigcnt, rrcnt;
|
||||
|
||||
if (recp1->addr.ds.algo == algo &&
|
||||
recp1->addr.ds.keytag == keytag &&
|
||||
if (recp1->addr.addr.addr.ds.algo == algo &&
|
||||
recp1->addr.addr.addr.ds.keytag == keytag &&
|
||||
recp1->uid == (unsigned int)class &&
|
||||
(hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
|
||||
(hash = hash_find(ds_digest_name(recp1->addr.addr.addr.ds.digest))) &&
|
||||
hash_init(hash, &ctx, &digest))
|
||||
|
||||
{
|
||||
@@ -746,9 +746,9 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
|
||||
from_wire(name);
|
||||
|
||||
if (!(recp1->flags & F_NEG) &&
|
||||
recp1->addr.ds.keylen == (int)hash->digest_size &&
|
||||
(ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
|
||||
memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
|
||||
recp1->addr.addr.addr.ds.keylen == (int)hash->digest_size &&
|
||||
(ds_digest = blockdata_retrieve(recp1->addr.addr.addr.ds.keydata, recp1->addr.addr.addr.ds.keylen, NULL)) &&
|
||||
memcmp(ds_digest, digest, recp1->addr.addr.addr.ds.keylen) == 0 &&
|
||||
explore_rrset(header, plen, class, T_DNSKEY, name, keyname, &sigcnt, &rrcnt) &&
|
||||
sigcnt != 0 && rrcnt != 0 &&
|
||||
validate_rrset(now, header, plen, class, T_DNSKEY, sigcnt, rrcnt, name, keyname,
|
||||
@@ -800,7 +800,13 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
|
||||
|
||||
if ((key = blockdata_alloc((char*)p, rdlen - 4)))
|
||||
{
|
||||
if (!(recp1 = cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
|
||||
a.addr.key.keylen = rdlen - 4;
|
||||
a.addr.key.keydata = key;
|
||||
a.addr.key.algo = algo;
|
||||
a.addr.key.keytag = keytag;
|
||||
a.addr.key.flags = flags;
|
||||
|
||||
if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))
|
||||
{
|
||||
blockdata_free(key);
|
||||
return STAT_BOGUS;
|
||||
@@ -813,12 +819,6 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
|
||||
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu");
|
||||
else
|
||||
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)");
|
||||
|
||||
recp1->addr.key.keylen = rdlen - 4;
|
||||
recp1->addr.key.keydata = key;
|
||||
recp1->addr.key.algo = algo;
|
||||
recp1->addr.key.keytag = keytag;
|
||||
recp1->addr.key.flags = flags;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -915,8 +915,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
|
||||
int algo, digest, keytag;
|
||||
unsigned char *psave = p;
|
||||
struct blockdata *key;
|
||||
struct crec *crecp;
|
||||
|
||||
|
||||
if (rdlen < 4)
|
||||
return STAT_BOGUS; /* bad packet */
|
||||
|
||||
@@ -926,7 +925,13 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
|
||||
|
||||
if ((key = blockdata_alloc((char*)p, rdlen - 4)))
|
||||
{
|
||||
if (!(crecp = cache_insert(name, NULL, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
|
||||
a.addr.ds.digest = digest;
|
||||
a.addr.ds.keydata = key;
|
||||
a.addr.ds.algo = algo;
|
||||
a.addr.ds.keytag = keytag;
|
||||
a.addr.ds.keylen = rdlen - 4;
|
||||
|
||||
if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))
|
||||
{
|
||||
blockdata_free(key);
|
||||
return STAT_BOGUS;
|
||||
@@ -940,12 +945,6 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
|
||||
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu");
|
||||
else
|
||||
log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)");
|
||||
|
||||
crecp->addr.ds.digest = digest;
|
||||
crecp->addr.ds.keydata = key;
|
||||
crecp->addr.ds.algo = algo;
|
||||
crecp->addr.ds.keytag = keytag;
|
||||
crecp->addr.ds.keylen = rdlen - 4;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1711,8 +1710,8 @@ static int zone_status(char *name, int class, char *keyname, time_t now)
|
||||
do
|
||||
{
|
||||
if (crecp->uid == (unsigned int)class &&
|
||||
ds_digest_name(crecp->addr.ds.digest) &&
|
||||
algo_digest_name(crecp->addr.ds.algo))
|
||||
ds_digest_name(crecp->addr.addr.addr.ds.digest) &&
|
||||
algo_digest_name(crecp->addr.addr.addr.ds.algo))
|
||||
break;
|
||||
}
|
||||
while ((crecp = cache_find_by_name(crecp, keyname, now, F_DS)));
|
||||
|
||||
Reference in New Issue
Block a user