summaryrefslogtreecommitdiff
path: root/util/config_file.c
diff options
context:
space:
mode:
Diffstat (limited to 'util/config_file.c')
-rw-r--r--util/config_file.c60
1 files changed, 57 insertions, 3 deletions
diff --git a/util/config_file.c b/util/config_file.c
index ae3b6682ebf5..0784f055912d 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -108,6 +108,7 @@ config_create(void)
cfg->ssl_service_pem = NULL;
cfg->ssl_port = 853;
cfg->ssl_upstream = 0;
+ cfg->tls_cert_bundle = NULL;
cfg->use_syslog = 1;
cfg->log_identity = NULL; /* changed later with argv[0] */
cfg->log_time_ascii = 0;
@@ -177,6 +178,7 @@ config_create(void)
cfg->out_ifs = NULL;
cfg->stubs = NULL;
cfg->forwards = NULL;
+ cfg->auths = NULL;
#ifdef CLIENT_SUBNET
cfg->client_subnet = NULL;
cfg->client_subnet_zone = NULL;
@@ -219,6 +221,7 @@ config_create(void)
cfg->val_log_level = 0;
cfg->val_log_squelch = 0;
cfg->val_permissive_mode = 0;
+ cfg->aggressive_nsec = 0;
cfg->ignore_cd = 0;
cfg->serve_expired = 0;
cfg->add_holddown = 30*24*3600;
@@ -282,6 +285,7 @@ config_create(void)
cfg->dnscrypt_port = 0;
cfg->dnscrypt_provider = NULL;
cfg->dnscrypt_provider_cert = NULL;
+ cfg->dnscrypt_provider_cert_rotated = NULL;
cfg->dnscrypt_secret_key = NULL;
cfg->dnscrypt_shared_secret_cache_size = 4*1024*1024;
cfg->dnscrypt_shared_secret_cache_slabs = 4;
@@ -374,6 +378,10 @@ struct config_file* config_create_forlib(void)
/** put string into strlist */
#define S_STRLIST(str, var) if(strcmp(opt, str)==0) \
{ return cfg_strlist_insert(&cfg->var, strdup(val)); }
+/** put string into strlist if not present yet*/
+#define S_STRLIST_UNIQ(str, var) if(strcmp(opt, str)==0) \
+ { if(cfg_strlist_find(cfg->var, val)) { return 0;} \
+ return cfg_strlist_insert(&cfg->var, strdup(val)); }
int config_set_option(struct config_file* cfg, const char* opt,
const char* val)
@@ -437,6 +445,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_STR("ssl-service-key:", ssl_service_key)
else S_STR("ssl-service-pem:", ssl_service_pem)
else S_NUMBER_NONZERO("ssl-port:", ssl_port)
+ else S_STR("tls-cert-bundle:", tls_cert_bundle)
else S_YNO("interface-automatic:", if_automatic)
else S_YNO("use-systemd:", use_systemd)
else S_YNO("do-daemonize:", do_daemonize)
@@ -513,6 +522,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("log-queries:", log_queries)
else S_YNO("log-replies:", log_replies)
else S_YNO("val-permissive-mode:", val_permissive_mode)
+ else S_YNO("aggressive-nsec:", aggressive_nsec)
else S_YNO("ignore-cd-flag:", ignore_cd)
else S_YNO("serve-expired:", serve_expired)
else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations)
@@ -570,8 +580,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
else S_YNO("dnscrypt-enable:", dnscrypt)
else S_NUMBER_NONZERO("dnscrypt-port:", dnscrypt_port)
else S_STR("dnscrypt-provider:", dnscrypt_provider)
- else S_STRLIST("dnscrypt-provider-cert:", dnscrypt_provider_cert)
- else S_STRLIST("dnscrypt-secret-key:", dnscrypt_secret_key)
+ else S_STRLIST_UNIQ("dnscrypt-provider-cert:", dnscrypt_provider_cert)
+ else S_STRLIST("dnscrypt-provider-cert-rotated:", dnscrypt_provider_cert_rotated)
+ else S_STRLIST_UNIQ("dnscrypt-secret-key:", dnscrypt_secret_key)
else S_MEMSIZE("dnscrypt-shared-secret-cache-size:",
dnscrypt_shared_secret_cache_size)
else S_POW2("dnscrypt-shared-secret-cache-slabs:",
@@ -628,7 +639,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
* interface, outgoing-interface, access-control,
* stub-zone, name, stub-addr, stub-host, stub-prime
* forward-first, stub-first, forward-ssl-upstream,
- * stub-ssl-upstream, forward-zone,
+ * stub-ssl-upstream, forward-zone, auth-zone
* name, forward-addr, forward-host,
* ratelimit-for-domain, ratelimit-below-domain,
* local-zone-tag, access-control-view,
@@ -844,6 +855,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_STR(opt, "ssl-service-key", ssl_service_key)
else O_STR(opt, "ssl-service-pem", ssl_service_pem)
else O_DEC(opt, "ssl-port", ssl_port)
+ else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
else O_YNO(opt, "use-systemd", use_systemd)
else O_YNO(opt, "do-daemonize", do_daemonize)
else O_STR(opt, "chroot", chrootdir)
@@ -876,6 +888,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_YNO(opt, "val-clean-additional", val_clean_additional)
else O_DEC(opt, "val-log-level", val_log_level)
else O_YNO(opt, "val-permissive-mode", val_permissive_mode)
+ else O_YNO(opt, "aggressive-nsec:", aggressive_nsec)
else O_YNO(opt, "ignore-cd-flag", ignore_cd)
else O_YNO(opt, "serve-expired", serve_expired)
else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations)
@@ -941,6 +954,7 @@ config_get_option(struct config_file* cfg, const char* opt,
else O_DEC(opt, "dnscrypt-port", dnscrypt_port)
else O_STR(opt, "dnscrypt-provider", dnscrypt_provider)
else O_LST(opt, "dnscrypt-provider-cert", dnscrypt_provider_cert)
+ else O_LST(opt, "dnscrypt-provider-cert-rotated", dnscrypt_provider_cert_rotated)
else O_LST(opt, "dnscrypt-secret-key", dnscrypt_secret_key)
else O_MEM(opt, "dnscrypt-shared-secret-cache-size",
dnscrypt_shared_secret_cache_size)
@@ -1158,6 +1172,28 @@ config_deltrplstrlist(struct config_str3list* p)
}
void
+config_delauth(struct config_auth* p)
+{
+ if(!p) return;
+ free(p->name);
+ config_delstrlist(p->masters);
+ config_delstrlist(p->urls);
+ free(p->zonefile);
+ free(p);
+}
+
+void
+config_delauths(struct config_auth* p)
+{
+ struct config_auth* np;
+ while(p) {
+ np = p->next;
+ config_delauth(p);
+ p = np;
+ }
+}
+
+void
config_delstub(struct config_stub* p)
{
if(!p) return;
@@ -1237,11 +1273,13 @@ config_delete(struct config_file* cfg)
free(cfg->target_fetch_policy);
free(cfg->ssl_service_key);
free(cfg->ssl_service_pem);
+ free(cfg->tls_cert_bundle);
free(cfg->log_identity);
config_del_strarray(cfg->ifs, cfg->num_ifs);
config_del_strarray(cfg->out_ifs, cfg->num_out_ifs);
config_delstubs(cfg->stubs);
config_delstubs(cfg->forwards);
+ config_delauths(cfg->auths);
config_delviews(cfg->views);
config_delstrlist(cfg->donotqueryaddrs);
config_delstrlist(cfg->root_hints);
@@ -1458,6 +1496,22 @@ cfg_region_strlist_insert(struct regional* region,
return 1;
}
+struct config_strlist*
+cfg_strlist_find(struct config_strlist* head, const char *item)
+{
+ struct config_strlist *s = head;
+ if(!head){
+ return NULL;
+ }
+ while(s) {
+ if(strcmp(s->str, item) == 0) {
+ return s;
+ }
+ s = s->next;
+ }
+ return NULL;
+}
+
int
cfg_strlist_insert(struct config_strlist** head, char* item)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-09 19:33:32 +0000