diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2018-03-29 19:44:36 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2018-03-29 19:44:36 +0000 |
| commit | 1b1964c6f5e29b3ca1029bc0c13ec38ef6e141d2 (patch) | |
| tree | fd2d75db1aaf6e6ae2e2fe65e23620bd8367dfa9 /usr.sbin/unbound/libunbound | |
| parent | b9208b783d9ed6c47ca4391b1fae9210d632c1db (diff) | |
update to unbound 1.7.0
testing tb, sthen
OK benno, sthen
Diffstat (limited to 'usr.sbin/unbound/libunbound')
| -rw-r--r-- | usr.sbin/unbound/libunbound/context.c | 3 | ||||
| -rw-r--r-- | usr.sbin/unbound/libunbound/libunbound.c | 13 | ||||
| -rw-r--r-- | usr.sbin/unbound/libunbound/libworker.c | 29 |
3 files changed, 44 insertions, 1 deletions
diff --git a/usr.sbin/unbound/libunbound/context.c b/usr.sbin/unbound/libunbound/context.c index e203111b70d..8bff713bca3 100644 --- a/usr.sbin/unbound/libunbound/context.c +++ b/usr.sbin/unbound/libunbound/context.c @@ -47,6 +47,7 @@ #include "services/localzone.h" #include "services/cache/rrset.h" #include "services/cache/infra.h" +#include "services/authzone.h" #include "util/data/msgreply.h" #include "util/storage/slabhash.h" #include "sldns/sbuffer.h" @@ -68,6 +69,8 @@ context_finalize(struct ub_ctx* ctx) return UB_NOMEM; if(!local_zones_apply_cfg(ctx->local_zones, cfg)) return UB_INITFAIL; + if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1)) + return UB_INITFAIL; if(!ctx->env->msg_cache || cfg->msg_cache_size != slabhash_get_size(ctx->env->msg_cache) || cfg->msg_cache_slabs != ctx->env->msg_cache->size) { diff --git a/usr.sbin/unbound/libunbound/libunbound.c b/usr.sbin/unbound/libunbound/libunbound.c index 9b4dcab1579..b4cd7fa0bcc 100644 --- a/usr.sbin/unbound/libunbound/libunbound.c +++ b/usr.sbin/unbound/libunbound/libunbound.c @@ -62,6 +62,7 @@ #include "services/localzone.h" #include "services/cache/infra.h" #include "services/cache/rrset.h" +#include "services/authzone.h" #include "sldns/sbuffer.h" #ifdef HAVE_PTHREAD #include <signal.h> @@ -88,6 +89,7 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) WSADATA wsa_data; #endif + checklock_start(); log_init(NULL, 0, NULL); /* logs to stderr */ log_ident_set("libunbound"); #ifdef USE_WINSOCK @@ -141,6 +143,16 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) errno = ENOMEM; return NULL; } + ctx->env->auth_zones = auth_zones_create(); + if(!ctx->env->auth_zones) { + edns_known_options_delete(ctx->env); + config_delete(ctx->env->cfg); + free(ctx->env); + ub_randfree(ctx->seed_rnd); + free(ctx); + errno = ENOMEM; + return NULL; + } ctx->env->alloc = &ctx->superalloc; ctx->env->worker = NULL; ctx->env->need_to_validate = 0; @@ -310,6 +322,7 @@ ub_ctx_delete(struct ub_ctx* ctx) infra_delete(ctx->env->infra_cache); config_delete(ctx->env->cfg); edns_known_options_delete(ctx->env); + auth_zones_delete(ctx->env->auth_zones); free(ctx->env); } ub_randfree(ctx->seed_rnd); diff --git a/usr.sbin/unbound/libunbound/libworker.c b/usr.sbin/unbound/libunbound/libworker.c index c991d5df3f4..2c7b2cf072a 100644 --- a/usr.sbin/unbound/libunbound/libworker.c +++ b/usr.sbin/unbound/libunbound/libworker.c @@ -55,6 +55,7 @@ #include "services/localzone.h" #include "services/cache/rrset.h" #include "services/outbound_list.h" +#include "services/authzone.h" #include "util/fptr_wlist.h" #include "util/module.h" #include "util/regional.h" @@ -158,7 +159,8 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) w->env->hints = NULL; } if(cfg->ssl_upstream) { - w->sslctx = connect_sslctx_create(NULL, NULL, NULL); + w->sslctx = connect_sslctx_create(NULL, NULL, + cfg->tls_cert_bundle); if(!w->sslctx) { /* to make the setup fail after unlock */ hints_delete(w->env->hints); @@ -604,6 +606,15 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q) free(qinfo.qname); return UB_NOERROR; } + if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones, + w->env, &qinfo, &edns, w->back->udp_buff, w->env->scratch)) { + regional_free_all(w->env->scratch); + libworker_fillup_fg(q, LDNS_RCODE_NOERROR, + w->back->udp_buff, sec_status_insecure, NULL); + libworker_delete(w); + free(qinfo.qname); + return UB_NOERROR; + } /* process new query */ if(!mesh_new_callback(w->env->mesh, &qinfo, qflags, &edns, w->back->udp_buff, qid, libworker_fg_done_cb, q)) { @@ -674,6 +685,14 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q, w->back->udp_buff, sec_status_insecure, NULL); return UB_NOERROR; } + if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones, + w->env, &qinfo, &edns, w->back->udp_buff, w->env->scratch)) { + regional_free_all(w->env->scratch); + free(qinfo.qname); + libworker_event_done_cb(q, LDNS_RCODE_NOERROR, + w->back->udp_buff, sec_status_insecure, NULL); + return UB_NOERROR; + } /* process new query */ if(async_id) *async_id = q->querynum; @@ -795,6 +814,14 @@ handle_newq(struct libworker* w, uint8_t* buf, uint32_t len) free(qinfo.qname); return; } + if(w->ctx->env->auth_zones && auth_zones_answer(w->ctx->env->auth_zones, + w->env, &qinfo, &edns, w->back->udp_buff, w->env->scratch)) { + regional_free_all(w->env->scratch); + q->msg_security = sec_status_insecure; + add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL); + free(qinfo.qname); + return; + } q->w = w; /* process new query */ if(!mesh_new_callback(w->env->mesh, &qinfo, qflags, &edns, |