interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'devel/dnssec_meta_queries' into release/1.2.2

This commit is contained in:
Willem Toorop 2017-12-13 14:52:00 +01:00
parent 5f1a2f8659 090b076d96
commit 2c66487635
7 changed files with 121 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,4 +1,8 @@
* 2017-12-??: Version 1.2.2
* Bugfix #356: Do Zero configuration DNSSEC meta queries over on the
context configured upstreams.
* Report default extension settings with
getdns_context_get_api_information()
* Specify locations at which CA certificates for verification purposes
are located: getdns_context_set_CApath() getdns_context_set_CAfile()
* getdns_context_set_resolvconf() function to initialize a context

22
src/anchor.c
View File

@ -1517,7 +1517,6 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
char tas_hostname[256];
const char *verify_CA;
const char *verify_email;
getdns_context *sys_ctxt;
if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
@ -1558,19 +1557,13 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
DEBUG_ANCHOR("%s on the %ssynchronous loop\n", __FUNC__,
loop == &context->sync_eventloop.loop ? "" : "a");
if (!(sys_ctxt = _getdns_context_get_sys_ctxt(context, loop))) {
DEBUG_ANCHOR("Fatal error fetching trust anchor: "
"missing system context\n");
context->trust_anchors_source = GETDNS_TASRC_FAILED;
_getdns_ta_notify_dnsreqs(context);
return;
}
scheduled = 0;
#if 1
context->a.state = TAS_LOOKUP_ADDRESSES;
if ((r = _getdns_general_loop(sys_ctxt, loop,
tas_hostname, GETDNS_RRTYPE_A, NULL, context,
&context->a.req, NULL, _tas_hostname_lookup_cb))) {
if ((r = _getdns_general_loop(context, loop,
tas_hostname, GETDNS_RRTYPE_A,
no_dnssec_checking_disabled_opportunistic,
context, &context->a.req, NULL, _tas_hostname_lookup_cb))) {
DEBUG_ANCHOR("Error scheduling A lookup for %s: %s\n"
, tas_hostname, getdns_get_errorstr_by_id(r));
} else
@ -1579,9 +1572,10 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
#if 1
context->aaaa.state = TAS_LOOKUP_ADDRESSES;
if ((r = _getdns_general_loop(sys_ctxt, loop,
tas_hostname, GETDNS_RRTYPE_AAAA, NULL, context,
&context->aaaa.req, NULL, _tas_hostname_lookup_cb))) {
if ((r = _getdns_general_loop(context, loop,
tas_hostname, GETDNS_RRTYPE_AAAA,
no_dnssec_checking_disabled_opportunistic,
context, &context->aaaa.req, NULL, _tas_hostname_lookup_cb))) {
DEBUG_ANCHOR("Error scheduling AAAA lookup for %s: %s\n"
, tas_hostname, getdns_get_errorstr_by_id(r));
} else

57
src/context.c
View File

@ -3892,6 +3892,63 @@ _get_context_settings(getdns_context* context)
if (!getdns_context_get_CAfile(context, &str_value) && str_value)
(void) getdns_dict_util_set_string(result, "CAfile", str_value);
/* Default settings for extensions */
(void)getdns_dict_set_int(
result, "add_warning_for_bad_dns",
context->add_warning_for_bad_dns ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
(void)getdns_dict_set_int(
result, "dnssec_return_all_statuses",
context->dnssec_return_all_statuses ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
(void)getdns_dict_set_int(
result, "dnssec_return_full_validation_chain",
context->dnssec_return_full_validation_chain ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
(void)getdns_dict_set_int(
result, "dnssec_return_only_secure",
context->dnssec_return_only_secure ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
(void)getdns_dict_set_int(
result, "dnssec_return_status",
context->dnssec_return_status ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
(void)getdns_dict_set_int(
result, "dnssec_return_validation_chain",
context->dnssec_return_validation_chain ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
#if defined(DNSSEC_ROADBLOCK_AVOIDANCE) && defined(HAVE_LIBUNBOUND)
(void)getdns_dict_set_int(
result, "dnssec_roadblock_avoidance",
context->dnssec_roadblock_avoidance ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
#endif
#ifdef EDNS_COOKIES
(void)getdns_dict_set_int(
result, "edns_cookies",
context->edns_cookies ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
#endif
(void)getdns_dict_set_int(
result, "return_both_v4_and_v6",
context->return_both_v4_and_v6 ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
(void)getdns_dict_set_int(
result, "return_call_reporting",
context->return_call_reporting ? GETDNS_EXTENSION_TRUE
: GETDNS_EXTENSION_FALSE);
(void)getdns_dict_set_int(result, "specify_class",
(uint32_t)context->specify_class);
if (context->add_opt_parameters)
(void)getdns_dict_set_dict(
result, "add_opt_parameters", context->add_opt_parameters);
if (context->header)
(void)getdns_dict_set_dict(
result, "header", context->add_opt_parameters);
return result;
error:
getdns_dict_destroy(result);

20
src/dict.c
View File

@ -1082,7 +1082,25 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
strcmp(item->node.key, "follow_redirects") == 0 ||
strcmp(item->node.key, "transport") == 0 ||
strcmp(item->node.key, "resolution_type") == 0 ||
strcmp(item->node.key, "tls_authentication") == 0 ) &&
strcmp(item->node.key, "tls_authentication") == 0 ||
/* extensions */
strcmp(item->node.key, "add_warning_for_bad_dns") == 0 ||
strcmp(item->node.key, "dnssec_return_all_statuses") == 0 ||
strcmp(item->node.key, "dnssec_return_full_validation_chain") == 0 ||
strcmp(item->node.key, "dnssec_return_only_secure") == 0 ||
strcmp(item->node.key, "dnssec_return_status") == 0 ||
strcmp(item->node.key, "dnssec_return_validation_chain") == 0 ||
#if defined(DNSSEC_ROADBLOCK_AVOIDANCE) && defined(HAVE_LIBUNBOUND)
strcmp(item->node.key, "dnssec_roadblock_avoidance") == 0 ||
#endif
#ifdef EDNS_COOKIES
strcmp(item->node.key, "edns_cookies") == 0 ||
#endif
strcmp(item->node.key, "return_api_information") == 0 ||
strcmp(item->node.key, "return_both_v4_and_v6") == 0 ||
strcmp(item->node.key, "return_call_reporting") == 0
) &&
(strval =
_getdns_get_const_info(item->i.data.n)->name)) {
if (gldns_buffer_printf(buf, " %s", strval) < 0)

40
src/request-internal.c
View File

@ -84,6 +84,12 @@ getdns_dict dnssec_ok_checking_disabled_avoid_roadblocks_spc = {
getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks
= &dnssec_ok_checking_disabled_avoid_roadblocks_spc;
getdns_dict no_dnssec_checking_disabled_opportunistic_spc = {
{ RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp },
{ NULL, {{ NULL, NULL, NULL }}}
};
getdns_dict *no_dnssec_checking_disabled_opportunistic
= &no_dnssec_checking_disabled_opportunistic_spc;
static int
is_extension_set(getdns_dict *extensions, const char *name, int default_value)
@ -94,7 +100,8 @@ is_extension_set(getdns_dict *extensions, const char *name, int default_value)
if ( ! extensions
|| extensions == dnssec_ok_checking_disabled
|| extensions == dnssec_ok_checking_disabled_roadblock_avoidance
|| extensions == dnssec_ok_checking_disabled_avoid_roadblocks)
|| extensions == dnssec_ok_checking_disabled_avoid_roadblocks
|| extensions == no_dnssec_checking_disabled_opportunistic)
return 0;
r = getdns_dict_get_int(extensions, name, &value);
@ -155,8 +162,8 @@ netreq_reset(getdns_network_req *net_req)
static int
network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
uint16_t request_type, int dnssec_extension_set, int with_opt,
int edns_maximum_udp_payload_size,
uint16_t request_type, int checking_disabled, int opportunistic,
int with_opt, int edns_maximum_udp_payload_size,
uint8_t edns_extended_rcode, uint8_t edns_version, int edns_do_bit,
uint16_t opt_options_size, size_t noptions, getdns_list *options,
size_t wire_data_sz, size_t max_query_sz, getdns_dict *extensions)
@ -186,6 +193,7 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
owner->context->tls_auth == GETDNS_AUTHENTICATION_REQUIRED
&& owner->context->dns_transport_count == 1
&& owner->context->dns_transports[0] == GETDNS_TRANSPORT_TLS
&& !opportunistic
? GETDNS_AUTHENTICATION_REQUIRED
: GETDNS_AUTHENTICATION_NONE;
@ -240,7 +248,7 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
_getdns_reply_dict2wire(owner->context->header, &gbuf, 1);
gldns_buffer_rewind(&gbuf);
_getdns_reply_dict2wire(extensions, &gbuf, 1);
if (dnssec_extension_set) /* We will do validation ourselves */
if (checking_disabled) /* We will do validation ourselves */
GLDNS_CD_SET(net_req->query);
if (with_opt) {
@ -762,8 +770,24 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
*/
size_t max_query_sz, max_response_sz, netreq_sz, dnsreq_base_sz;
uint8_t *region, *suffixes;
int checking_disabled = dnssec_extension_set;
int opportunistic = 0;
if (extensions == dnssec_ok_checking_disabled ||
if (extensions == no_dnssec_checking_disabled_opportunistic) {
dnssec_return_status = 0;
dnssec_return_only_secure = 0;
dnssec_return_all_statuses = 0;
dnssec_return_full_validation_chain = 0;
dnssec_return_validation_chain = 0;
dnssec_extension_set = 0;
#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
dnssec_roadblock_avoidance = 0;
avoid_dnssec_roadblocks = 0;
#endif
extensions = NULL;
checking_disabled = 1;
opportunistic = 1;
} else if (extensions == dnssec_ok_checking_disabled ||
extensions == dnssec_ok_checking_disabled_roadblock_avoidance ||
extensions == dnssec_ok_checking_disabled_avoid_roadblocks)
extensions = NULL;
@ -973,8 +997,8 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
result->chain = NULL;
network_req_init(result->netreqs[0], result,
request_type, dnssec_extension_set, with_opt,
edns_maximum_udp_payload_size,
request_type, checking_disabled, opportunistic,
with_opt, edns_maximum_udp_payload_size,
edns_extended_rcode, edns_version, edns_do_bit,
(uint16_t) opt_options_size, noptions, options,
netreq_sz - sizeof(getdns_network_req), max_query_sz,
@ -984,7 +1008,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
network_req_init(result->netreqs[1], result,
( request_type == GETDNS_RRTYPE_A
? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A ),
dnssec_extension_set, with_opt,
checking_disabled, opportunistic, with_opt,
edns_maximum_udp_payload_size,
edns_extended_rcode, edns_version, edns_do_bit,
(uint16_t) opt_options_size, noptions, options,

1
src/tools/getdns_query.c
View File

@ -1733,7 +1733,6 @@ main(int argc, char **argv)
if ((r = parse_args(argc, argv)) && r != CONTINUE)
goto done_destroy_context;
fprintf(stderr, "resolvconf: %s\n", resolvconf);
if (resolvconf) {
if ((r = getdns_context_set_resolvconf(context, resolvconf))) {
fprintf(stderr, "Problem initializing with resolvconf: %d\n", (int)r);

1
src/types-internal.h
View File

@ -425,6 +425,7 @@ typedef struct getdns_dns_req {
extern getdns_dict *dnssec_ok_checking_disabled;
extern getdns_dict *dnssec_ok_checking_disabled_roadblock_avoidance;
extern getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks;
extern getdns_dict *no_dnssec_checking_disabled_opportunistic;
/* dns request utils */
getdns_dns_req *_getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,