embedaddon/dnsmasq/src/auth.c - diff

Return to auth.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src

Diff for /embedaddon/dnsmasq/src/auth.c between versions 1.1.1.2 and 1.1.1.4

version 1.1.1.2, 2014/06/15 16:31:38	version 1.1.1.4, 2021/03/17 00:56:46
Line 1	Line 1
/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley	/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley

This program is free software; you can redistribute it and/or modify	This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by	it under the terms of the GNU General Public License as published by
Line 18	Line 18

#ifdef HAVE_AUTH	#ifdef HAVE_AUTH

static struct addrlist find_subnet(struct auth_zone zone, int flag, struct all_addr *addr_u)	static struct addrlist find_addrlist(struct addrlist list, int flag, union all_addr *addr_u)
{	{
struct addrlist *subnet;	do {
	if (!(list->flags & ADDRLIST_IPV6))
	{
	struct in_addr netmask, addr = addr_u->addr4;

	if (!(flag & F_IPV4))
	continue;

	netmask.s_addr = htonl(~(in_addr_t)0 << (32 - list->prefixlen));

	if (is_same_net(addr, list->addr.addr4, netmask))
	return list;
	}
	else if (is_same_net6(&(addr_u->addr6), &list->addr.addr6, list->prefixlen))
	return list;

	} while ((list = list->next));

	return NULL;
	}

for (subnet = zone->subnet; subnet; subnet = subnet->next)	static struct addrlist find_subnet(struct auth_zone zone, int flag, union all_addr *addr_u)
{	{
if (!(subnet->flags & ADDRLIST_IPV6))	if (!zone->subnet)
{	return NULL;
struct in_addr netmask, addr = addr_u->addr.addr4;
	return find_addrlist(zone->subnet, flag, addr_u);
	}

if (!(flag & F_IPV4))	static struct addrlist find_exclude(struct auth_zone zone, int flag, union all_addr *addr_u)
continue;	{
	if (!zone->exclude)
netmask.s_addr = htonl(~((1 << (32 - subnet->prefixlen)) - 1));	return NULL;

if (is_same_net(addr, subnet->addr.addr.addr4, netmask))	return find_addrlist(zone->exclude, flag, addr_u);
return subnet;
}
#ifdef HAVE_IPV6
else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr.addr.addr6, subnet->prefixlen))
return subnet;
#endif

}
return NULL;
}	}

static int filter_zone(struct auth_zone zone, int flag, struct all_addr addr_u)	static int filter_zone(struct auth_zone zone, int flag, union all_addr addr_u)
{	{
/* No zones specified, no filter */	if (find_exclude(zone, flag, addr_u))
	return 0;

	/* No subnets specified, no filter */
if (!zone->subnet)	if (!zone->subnet)
return 1;	return 1;

Line 81 int in_zone(struct auth_zone zone, char name, char *	Line 96 int in_zone(struct auth_zone zone, char name, char *
}	}


size_t answer_auth(struct dns_header header, char limit, size_t qlen, time_t now, union mysockaddr *peer_addr, int local_query)	size_t answer_auth(struct dns_header header, char limit, size_t qlen, time_t now, union mysockaddr *peer_addr,
	int local_query, int do_bit, int have_pseudoheader)
{	{
char *name = daemon->namebuff;	char *name = daemon->namebuff;
unsigned char p, ansp;	unsigned char p, ansp;
int qtype, qclass;	int qtype, qclass, rc;
int nameoffset, axfroffset = 0;	int nameoffset, axfroffset = 0;
int q, anscount = 0, authcount = 0;	int q, anscount = 0, authcount = 0;
struct crec *crecp;	struct crec *crecp;
Line 97 size_t answer_auth(struct dns_header header, char li	Line 113 size_t answer_auth(struct dns_header header, char li
struct txt_record *txt;	struct txt_record *txt;
struct interface_name *intr;	struct interface_name *intr;
struct naptr *na;	struct naptr *na;
struct all_addr addr;	union all_addr addr;
struct cname *a;	struct cname a, candidate;
	unsigned int wclen;

if (ntohs(header->qdcount) == 0 \|\| OPCODE(header) != QUERY )	if (ntohs(header->qdcount) == 0 \|\| OPCODE(header) != QUERY )
return 0;	return 0;
Line 112 size_t answer_auth(struct dns_header header, char li	Line 129 size_t answer_auth(struct dns_header header, char li

for (q = ntohs(header->qdcount); q != 0; q--)	for (q = ntohs(header->qdcount); q != 0; q--)
{	{
unsigned short flag = 0;	unsigned int flag = 0;
int found = 0;	int found = 0;
	int cname_wildcard = 0;

/* save pointer to name for copying into answers */	/* save pointer to name for copying into answers */
nameoffset = p - (unsigned char *)header;	nameoffset = p - (unsigned char *)header;
Line 131 size_t answer_auth(struct dns_header header, char li	Line 149 size_t answer_auth(struct dns_header header, char li
continue;	continue;
}	}

if (qtype == T_PTR)	if ((qtype == T_PTR \|\| qtype == T_SOA \|\| qtype == T_NS) &&
	(flag = in_arpa_name_2_addr(name, &addr)) &&
	!local_query)
{	{
if (!(flag = in_arpa_name_2_addr(name, &addr)))	for (zone = daemon->auth_zones; zone; zone = zone->next)
continue;	if ((subnet = find_subnet(zone, flag, &addr)))
	break;
if (!local_query)
	if (!zone)
{	{
for (zone = daemon->auth_zones; zone; zone = zone->next)	auth = 0;
if ((subnet = find_subnet(zone, flag, &addr)))	continue;
break;

if (!zone)
{
auth = 0;
continue;
}
}	}
	else if (qtype == T_SOA)
	soa = 1, found = 1;
	else if (qtype == T_NS)
	ns = 1, found = 1;
	}

	if (qtype == T_PTR && flag)
	{
intr = NULL;	intr = NULL;

if (flag == F_IPV4)	if (flag == F_IPV4)
Line 157 size_t answer_auth(struct dns_header header, char li	Line 178 size_t answer_auth(struct dns_header header, char li
struct addrlist *addrlist;	struct addrlist *addrlist;

for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)	for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr)	if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr4.s_addr == addrlist->addr.addr4.s_addr)
break;	break;

if (addrlist)	if (addrlist)
Line 166 size_t answer_auth(struct dns_header header, char li	Line 187 size_t answer_auth(struct dns_header header, char li
while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)	while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
intr = intr->next;	intr = intr->next;
}	}
#ifdef HAVE_IPV6
else if (flag == F_IPV6)	else if (flag == F_IPV6)
for (intr = daemon->int_names; intr; intr = intr->next)	for (intr = daemon->int_names; intr; intr = intr->next)
{	{
struct addrlist *addrlist;	struct addrlist *addrlist;

for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)	for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6))	if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr6, &addrlist->addr.addr6))
break;	break;

if (addrlist)	if (addrlist)
Line 182 size_t answer_auth(struct dns_header header, char li	Line 202 size_t answer_auth(struct dns_header header, char li
while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)	while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
intr = intr->next;	intr = intr->next;
}	}
#endif

if (intr)	if (intr)
{	{
if (in_zone(zone, intr->name, NULL))	if (local_query \|\| in_zone(zone, intr->name, NULL))
{	{
found = 1;	found = 1;
log_query(flag \| F_REVERSE \| F_CONFIG, intr->name, &addr, NULL);	log_query(flag \| F_REVERSE \| F_CONFIG, intr->name, &addr, NULL);
Line 208 size_t answer_auth(struct dns_header header, char li	Line 227 size_t answer_auth(struct dns_header header, char li
p = 0; / must be bare name */	p = 0; / must be bare name */

/* add external domain */	/* add external domain */
strcat(name, ".");	if (zone)
strcat(name, zone->domain);	{
	strcat(name, ".");
	strcat(name, zone->domain);
	}
log_query(flag \| F_DHCP \| F_REVERSE, name, &addr, record_source(crecp->uid));	log_query(flag \| F_DHCP \| F_REVERSE, name, &addr, record_source(crecp->uid));
found = 1;	found = 1;
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,	if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
Line 217 size_t answer_auth(struct dns_header header, char li	Line 239 size_t answer_auth(struct dns_header header, char li
T_PTR, C_IN, "d", name))	T_PTR, C_IN, "d", name))
anscount++;	anscount++;
}	}
else if (crecp->flags & (F_DHCP \| F_HOSTS) && in_zone(zone, name, NULL))	else if (crecp->flags & (F_DHCP \| F_HOSTS) && (local_query \|\| in_zone(zone, name, NULL)))
{	{
log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));	log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
found = 1;	found = 1;
Line 240 size_t answer_auth(struct dns_header header, char li	Line 262 size_t answer_auth(struct dns_header header, char li
}	}

cname_restart:	cname_restart:
for (zone = daemon->auth_zones; zone; zone = zone->next)	if (found)
if (in_zone(zone, name, &cut))	/* NS and SOA .arpa requests have set found above. */
break;	cut = NULL;
	else
if (!zone)
{	{
auth = 0;	for (zone = daemon->auth_zones; zone; zone = zone->next)
continue;	if (in_zone(zone, name, &cut))
	break;

	if (!zone)
	{
	auth = 0;
	continue;
	}
}	}

for (rec = daemon->mxnames; rec; rec = rec->next)	for (rec = daemon->mxnames; rec; rec = rec->next)
if (!rec->issrv && hostname_isequal(name, rec->name))	if (!rec->issrv && (rc = hostname_issubdomain(name, rec->name)))
{	{
nxdomain = 0;	nxdomain = 0;

if (qtype == T_MX)	if (rc == 2 && qtype == T_MX)
{	{
found = 1;	found = 1;
log_query(F_CONFIG \| F_RRNAME, name, NULL, "<MX>");	log_query(F_CONFIG \| F_RRNAME, name, NULL, "<MX>");
Line 266 size_t answer_auth(struct dns_header header, char li	Line 294 size_t answer_auth(struct dns_header header, char li
}	}

for (move = NULL, up = &daemon->mxnames, rec = daemon->mxnames; rec; rec = rec->next)	for (move = NULL, up = &daemon->mxnames, rec = daemon->mxnames; rec; rec = rec->next)
if (rec->issrv && hostname_isequal(name, rec->name))	if (rec->issrv && (rc = hostname_issubdomain(name, rec->name)))
{	{
nxdomain = 0;	nxdomain = 0;

if (qtype == T_SRV)	if (rc == 2 && qtype == T_SRV)
{	{
found = 1;	found = 1;
log_query(F_CONFIG \| F_RRNAME, name, NULL, "<SRV>");	log_query(F_CONFIG \| F_RRNAME, name, NULL, "<SRV>");
Line 301 size_t answer_auth(struct dns_header header, char li	Line 329 size_t answer_auth(struct dns_header header, char li
}	}

for (txt = daemon->rr; txt; txt = txt->next)	for (txt = daemon->rr; txt; txt = txt->next)
if (hostname_isequal(name, txt->name))	if ((rc = hostname_issubdomain(name, txt->name)))
{	{
nxdomain = 0;	nxdomain = 0;
if (txt->class == qtype)	if (rc == 2 && txt->class == qtype)
{	{
found = 1;	found = 1;
log_query(F_CONFIG \| F_RRNAME, name, NULL, "<RR>");	log_query(F_CONFIG \| F_RRNAME, name, NULL, querystr(NULL, txt->class));
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,	if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
NULL, txt->class, C_IN, "t", txt->len, txt->txt))	NULL, txt->class, C_IN, "t", txt->len, txt->txt))
anscount++;	anscount++;
Line 315 size_t answer_auth(struct dns_header header, char li	Line 343 size_t answer_auth(struct dns_header header, char li
}	}

for (txt = daemon->txt; txt; txt = txt->next)	for (txt = daemon->txt; txt; txt = txt->next)
if (txt->class == C_IN && hostname_isequal(name, txt->name))	if (txt->class == C_IN && (rc = hostname_issubdomain(name, txt->name)))
{	{
nxdomain = 0;	nxdomain = 0;
if (qtype == T_TXT)	if (rc == 2 && qtype == T_TXT)
{	{
found = 1;	found = 1;
log_query(F_CONFIG \| F_RRNAME, name, NULL, "<TXT>");	log_query(F_CONFIG \| F_RRNAME, name, NULL, "<TXT>");
Line 329 size_t answer_auth(struct dns_header header, char li	Line 357 size_t answer_auth(struct dns_header header, char li
}	}

for (na = daemon->naptr; na; na = na->next)	for (na = daemon->naptr; na; na = na->next)
if (hostname_isequal(name, na->name))	if ((rc = hostname_issubdomain(name, na->name)))
{	{
nxdomain = 0;	nxdomain = 0;
if (qtype == T_NAPTR)	if (rc == 2 && qtype == T_NAPTR)
{	{
found = 1;	found = 1;
log_query(F_CONFIG \| F_RRNAME, name, NULL, "<NAPTR>");	log_query(F_CONFIG \| F_RRNAME, name, NULL, "<NAPTR>");
Line 346 size_t answer_auth(struct dns_header header, char li	Line 374 size_t answer_auth(struct dns_header header, char li
if (qtype == T_A)	if (qtype == T_A)
flag = F_IPV4;	flag = F_IPV4;

#ifdef HAVE_IPV6
if (qtype == T_AAAA)	if (qtype == T_AAAA)
flag = F_IPV6;	flag = F_IPV6;
#endif

for (intr = daemon->int_names; intr; intr = intr->next)	for (intr = daemon->int_names; intr; intr = intr->next)
if (hostname_isequal(name, intr->name))	if ((rc = hostname_issubdomain(name, intr->name)))
{	{
struct addrlist *addrlist;	struct addrlist *addrlist;

nxdomain = 0;	nxdomain = 0;

if (flag)	if (rc == 2 && flag)
for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)	for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype &&	if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype &&
(local_query \|\| filter_zone(zone, flag, &addrlist->addr)))	(local_query \|\| filter_zone(zone, flag, &addrlist->addr)))
{	{
	if (addrlist->flags & ADDRLIST_REVONLY)
	continue;

found = 1;	found = 1;
log_query(F_FORWARD \| F_CONFIG \| flag, name, &addrlist->addr, NULL);	log_query(F_FORWARD \| F_CONFIG \| flag, name, &addrlist->addr, NULL);
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,	if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
Line 372 size_t answer_auth(struct dns_header header, char li	Line 401 size_t answer_auth(struct dns_header header, char li
}	}
}	}

for (a = daemon->cnames; a; a = a->next)
if (hostname_isequal(name, a->alias) )
{
log_query(F_CONFIG \| F_CNAME, name, NULL, NULL);
strcpy(name, a->target);
if (!strchr(name, '.'))
{
strcat(name, ".");
strcat(name, zone->domain);
}
found = 1;
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
daemon->auth_ttl, &nameoffset,
T_CNAME, C_IN, "d", name))
anscount++;

goto cname_restart;
}

if (!cut)	if (!cut)
{	{
nxdomain = 0;	nxdomain = 0;
Line 407 size_t answer_auth(struct dns_header header, char li	Line 417 size_t answer_auth(struct dns_header header, char li

if (peer_addr->sa.sa_family == AF_INET)	if (peer_addr->sa.sa_family == AF_INET)
peer_addr->in.sin_port = 0;	peer_addr->in.sin_port = 0;
#ifdef HAVE_IPV6
else	else
peer_addr->in6.sin6_port = 0;	{
#endif	peer_addr->in6.sin6_port = 0;
	peer_addr->in6.sin6_scope_id = 0;
	}

for (peers = daemon->auth_peers; peers; peers = peers->next)	for (peers = daemon->auth_peers; peers; peers = peers->next)
if (sockaddr_isequal(peer_addr, &peers->addr))	if (sockaddr_isequal(peer_addr, &peers->addr))
break;	break;

/* Refuse all AXFR unless --auth-sec-servers is set */	/* Refuse all AXFR unless --auth-sec-servers or auth-peers is set */
if ((!peers && daemon->auth_peers) \|\| !daemon->secondary_forward_server)	if ((!daemon->secondary_forward_server && !daemon->auth_peers) \|\|
	(daemon->auth_peers && !peers))
{	{
if (peer_addr->sa.sa_family == AF_INET)	if (peer_addr->sa.sa_family == AF_INET)
inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN);	inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN);
#ifdef HAVE_IPV6
else	else
inet_ntop(AF_INET6, &peer_addr->in6.sin6_addr, daemon->addrbuff, ADDRSTRLEN);	inet_ntop(AF_INET6, &peer_addr->in6.sin6_addr, daemon->addrbuff, ADDRSTRLEN);
#endif

my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff);	my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff);
return 0;	return 0;
Line 458 size_t answer_auth(struct dns_header header, char li	Line 468 size_t answer_auth(struct dns_header header, char li
{	{
nxdomain = 0;	nxdomain = 0;
if ((crecp->flags & flag) &&	if ((crecp->flags & flag) &&
(local_query \|\| filter_zone(zone, flag, &(crecp->addr.addr))))	(local_query \|\| filter_zone(zone, flag, &(crecp->addr))))
{	{
cut = '.'; / restore domain part */	cut = '.'; / restore domain part */
log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));	log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid));
cut = 0; / remove domain part */	cut = 0; / remove domain part */
found = 1;	found = 1;
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,	if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
Line 481 size_t answer_auth(struct dns_header header, char li	Line 491 size_t answer_auth(struct dns_header header, char li
do	do
{	{
nxdomain = 0;	nxdomain = 0;
if ((crecp->flags & flag) && (local_query \|\| filter_zone(zone, flag, &(crecp->addr.addr))))	if ((crecp->flags & flag) && (local_query \|\| filter_zone(zone, flag, &(crecp->addr))))
{	{
log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));	log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid));
found = 1;	found = 1;
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,	if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
daemon->auth_ttl, NULL, qtype, C_IN,	daemon->auth_ttl, NULL, qtype, C_IN,
Line 493 size_t answer_auth(struct dns_header header, char li	Line 503 size_t answer_auth(struct dns_header header, char li
} while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4 \| F_IPV6)));	} while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4 \| F_IPV6)));
}	}

if (!found)	/* Only supply CNAME if no record for any type is known. */
log_query(flag \| F_NEG \| (nxdomain ? F_NXDOMAIN : 0) \| F_FORWARD \| F_AUTH, name, NULL, NULL);	if (nxdomain)
	{
	/* Check for possible wildcard match against *.domain
	return length of match, to get longest.
	Note that if return length of wildcard section, so
	we match b.simon to _both_ *.simon and b.simon
	but return a longer (better) match to b.simon.
	*/
	for (wclen = 0, candidate = NULL, a = daemon->cnames; a; a = a->next)
	if (a->alias[0] == '*')
	{
	char *test = name;

	while ((test = strchr(test+1, '.')))
	{
	if (hostname_isequal(test, &(a->alias[1])))
	{
	if (strlen(test) > wclen && !cname_wildcard)
	{
	wclen = strlen(test);
	candidate = a;
	cname_wildcard = 1;
	}
	break;
	}
	}

	}
	else if (hostname_isequal(a->alias, name) && strlen(a->alias) > wclen)
	{
	/* Simple case, no wildcard */
	wclen = strlen(a->alias);
	candidate = a;
	}

	if (candidate)
	{
	log_query(F_CONFIG \| F_CNAME, name, NULL, NULL);
	strcpy(name, candidate->target);
	if (!strchr(name, '.'))
	{
	strcat(name, ".");
	strcat(name, zone->domain);
	}
	found = 1;
	if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
	daemon->auth_ttl, &nameoffset,
	T_CNAME, C_IN, "d", name))
	anscount++;

	goto cname_restart;
	}
	else if (cache_find_non_terminal(name, now))
	nxdomain = 0;

	log_query(flag \| F_NEG \| (nxdomain ? F_NXDOMAIN : 0) \| F_FORWARD \| F_AUTH, name, NULL, NULL);
	}

}	}

Line 514 size_t answer_auth(struct dns_header header, char li	Line 580 size_t answer_auth(struct dns_header header, char li

if (!(subnet->flags & ADDRLIST_IPV6))	if (!(subnet->flags & ADDRLIST_IPV6))
{	{
in_addr_t a = ntohl(subnet->addr.addr.addr4.s_addr) >> 8;	in_addr_t a = ntohl(subnet->addr.addr4.s_addr) >> 8;
char *p = name;	char *p = name;

if (subnet->prefixlen >= 24)	if (subnet->prefixlen >= 24)
p += sprintf(p, "%d.", a & 0xff);	p += sprintf(p, "%u.", a & 0xff);
a = a >> 8;	a = a >> 8;
if (subnet->prefixlen >= 16 )	if (subnet->prefixlen >= 16 )
p += sprintf(p, "%d.", a & 0xff);	p += sprintf(p, "%u.", a & 0xff);
a = a >> 8;	a = a >> 8;
p += sprintf(p, "%d.in-addr.arpa", a & 0xff);	p += sprintf(p, "%u.in-addr.arpa", a & 0xff);

}	}
#ifdef HAVE_IPV6
else	else
{	{
char *p = name;	char *p = name;
Line 534 size_t answer_auth(struct dns_header header, char li	Line 599 size_t answer_auth(struct dns_header header, char li

for (i = subnet->prefixlen-1; i >= 0; i -= 4)	for (i = subnet->prefixlen-1; i >= 0; i -= 4)
{	{
int dig = ((unsigned char *)&subnet->addr.addr.addr6)[i>>3];	int dig = ((unsigned char *)&subnet->addr.addr6)[i>>3];
p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);	p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
}	}
p += sprintf(p, "ip6.arpa");	p += sprintf(p, "ip6.arpa");

}	}
#endif
}	}

/* handle NS and SOA in auth section or for explicit queries */	/* handle NS and SOA in auth section or for explicit queries */
Line 564 size_t answer_auth(struct dns_header header, char li	Line 628 size_t answer_auth(struct dns_header header, char li
{	{
struct name_list *secondary;	struct name_list *secondary;

newoffset = ansp - (unsigned char *)header;	/* Only include the machine running dnsmasq if it's acting as an auth server */
if (add_resource_record(header, limit, &trunc, -offset, &ansp,	if (daemon->authinterface)
daemon->auth_ttl, NULL, T_NS, C_IN, "d", offset == 0 ? authname : NULL, daemon->authserver))
{	{
if (offset == 0)	newoffset = ansp - (unsigned char *)header;
offset = newoffset;	if (add_resource_record(header, limit, &trunc, -offset, &ansp,
if (ns)	daemon->auth_ttl, NULL, T_NS, C_IN, "d", offset == 0 ? authname : NULL, daemon->authserver))
anscount++;	{
else	if (offset == 0)
authcount++;	offset = newoffset;
	if (ns)
	anscount++;
	else
	authcount++;
	}
}	}

if (!subnet)	if (!subnet)
Line 677 size_t answer_auth(struct dns_header header, char li	Line 745 size_t answer_auth(struct dns_header header, char li
daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr))	daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr))
anscount++;	anscount++;

#ifdef HAVE_IPV6
for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)	for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
if ((addrlist->flags & ADDRLIST_IPV6) &&	if ((addrlist->flags & ADDRLIST_IPV6) &&
(local_query \|\| filter_zone(zone, F_IPV6, &addrlist->addr)) &&	(local_query \|\| filter_zone(zone, F_IPV6, &addrlist->addr)) &&
add_resource_record(header, limit, &trunc, -axfroffset, &ansp,	add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr))	daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr))
anscount++;	anscount++;
#endif

/* restore config data */	/* restore config data */
if (cut)	if (cut)
Line 721 size_t answer_auth(struct dns_header header, char li	Line 787 size_t answer_auth(struct dns_header header, char li
{	{
char *cache_name = cache_get_name(crecp);	char *cache_name = cache_get_name(crecp);
if (!strchr(cache_name, '.') &&	if (!strchr(cache_name, '.') &&
(local_query \|\| filter_zone(zone, (crecp->flags & (F_IPV6 \| F_IPV4)), &(crecp->addr.addr))))	(local_query \|\| filter_zone(zone, (crecp->flags & (F_IPV6 \| F_IPV4)), &(crecp->addr))) &&
{	add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
qtype = T_A;	daemon->auth_ttl, NULL, (crecp->flags & F_IPV6) ? T_AAAA : T_A, C_IN,
#ifdef HAVE_IPV6	(crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr))
if (crecp->flags & F_IPV6)	anscount++;
qtype = T_AAAA;
#endif
if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
daemon->auth_ttl, NULL, qtype, C_IN,
(crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr))
anscount++;
}
}	}

if ((crecp->flags & F_HOSTS) \|\| (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))	if ((crecp->flags & F_HOSTS) \|\| (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))
{	{
strcpy(name, cache_get_name(crecp));	strcpy(name, cache_get_name(crecp));
if (in_zone(zone, name, &cut) &&	if (in_zone(zone, name, &cut) &&
(local_query \|\| filter_zone(zone, (crecp->flags & (F_IPV6 \| F_IPV4)), &(crecp->addr.addr))))	(local_query \|\| filter_zone(zone, (crecp->flags & (F_IPV6 \| F_IPV4)), &(crecp->addr))))
{	{
qtype = T_A;	if (cut)
#ifdef HAVE_IPV6	*cut = 0;
if (crecp->flags & F_IPV6)
qtype = T_AAAA;
#endif
if (cut)
*cut = 0;

if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,	if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
daemon->auth_ttl, NULL, qtype, C_IN,	daemon->auth_ttl, NULL, (crecp->flags & F_IPV6) ? T_AAAA : T_A, C_IN,
(crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr))	(crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr))
anscount++;	anscount++;
}	}
}	}
}	}
Line 786 size_t answer_auth(struct dns_header header, char li	Line 840 size_t answer_auth(struct dns_header header, char li
header->hb4 &= ~HB4_RA;	header->hb4 &= ~HB4_RA;
}	}

/* authoritive */	/* data is never DNSSEC signed. */
	header->hb4 &= ~HB4_AD;

	/* authoritative */
if (auth)	if (auth)
header->hb3 \|= HB3_AA;	header->hb3 \|= HB3_AA;

Line 801 size_t answer_auth(struct dns_header header, char li	Line 858 size_t answer_auth(struct dns_header header, char li
header->ancount = htons(anscount);	header->ancount = htons(anscount);
header->nscount = htons(authcount);	header->nscount = htons(authcount);
header->arcount = htons(0);	header->arcount = htons(0);

	/* Advertise our packet size limit in our reply */
	if (have_pseudoheader)
	return add_pseudoheader(header, ansp - (unsigned char )header, (unsigned char )limit, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);

return ansp - (unsigned char *)header;	return ansp - (unsigned char *)header;
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.2
changed lines
	Added in v.1.1.1.4