Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
9840a076
Commit
9840a076
authored
May 06, 2005
by
Mark Andrews
Browse files
1853. [bug] Rework how DLV interacts with proveunsecure().
[RT #13605]
parent
6f92620e
Changes
2
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
9840a076
1853. [bug] Rework how DLV interacts with proveunsecure().
[RT #13605]
1852. [cleanup] Remove last vestiges of dnssec-signkey and
dnssec-makekeyset (removed from Makefile years ago).
...
...
lib/dns/validator.c
View file @
9840a076
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: validator.c,v 1.12
8
2005/0
4/27
0
4
:5
6:52 sr
a Exp $ */
/* $Id: validator.c,v 1.12
9
2005/0
5/06
0
1
:5
9:38 mark
a Exp $ */
/*! \file */
...
...
@@ -2355,9 +2355,10 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) {
val
->
event
->
name
,
dns_fixedname_name
(
&
secroot
));
/*
* If the name is not under a security root
, it must be insecure
.
* If the name is not under a security root
look for a dlv record
.
*/
if
(
val
->
view
->
dlv
!=
NULL
&&
!
DLVSEPTRIED
(
val
)
&&
if
(
result
==
ISC_R_NOTFOUND
&&
val
->
view
->
dlv
!=
NULL
&&
!
DLVSEPTRIED
(
val
)
&&
!
dns_name_issubdomain
(
val
->
event
->
name
,
val
->
view
->
dlv
))
{
tresult
=
finddlvsep
(
val
,
ISC_FALSE
);
if
(
tresult
!=
ISC_R_NOTFOUND
&&
tresult
!=
ISC_R_SUCCESS
)
{
...
...
@@ -2368,6 +2369,11 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) {
}
}
/*
* If there is no security root and a dlv record was not found we are
* done. If a dlv record was found use that as the secure entry point,
* if no security root was found.
*/
if
(
result
==
ISC_R_NOTFOUND
)
{
if
(
!
val
->
havedlvsep
)
{
validator_log
(
val
,
ISC_LOG_DEBUG
(
3
),
...
...
@@ -2438,7 +2444,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) {
if
(
result
==
DNS_R_NXRRSET
||
result
==
DNS_R_NCACHENXRRSET
)
{
/*
* There is no DS. If this is a delegation,
* we
'r
e done.
* we
mayb
e done.
*/
if
(
val
->
frdataset
.
trust
<
dns_trust_secure
)
{
/*
...
...
@@ -2451,6 +2457,25 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) {
goto
out
;
}
if
(
isdelegation
(
tname
,
&
val
->
frdataset
,
result
))
{
/*
* If we havn't looked for a dlvsep look for
* one now. If found restart the proof.
*/
if
(
val
->
view
->
dlv
!=
NULL
&&
!
DLVSEPTRIED
(
val
)
&&
!
dns_name_issubdomain
(
val
->
event
->
name
,
val
->
view
->
dlv
))
{
tresult
=
finddlvsep
(
val
,
ISC_FALSE
);
if
(
tresult
!=
ISC_R_NOTFOUND
&&
tresult
!=
ISC_R_SUCCESS
)
{
validator_log
(
val
,
ISC_LOG_DEBUG
(
3
),
"finddlvsep returned: %s"
,
dns_result_totext
(
tresult
));
return
(
tresult
);
}
return
(
proveunsecure
(
val
,
ISC_FALSE
));
}
if
(
val
->
mustbesecure
)
{
validator_log
(
val
,
ISC_LOG_WARNING
,
"must be secure failure"
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment