diff options
Diffstat (limited to 'bin/named/client.c')
| -rw-r--r-- | bin/named/client.c | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/bin/named/client.c b/bin/named/client.c index b0ce793b98ea..6d4cc91a4e4c 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.176.2.13.4.31 2006/07/22 01:09:38 marka Exp $ */ +/* $Id: client.c,v 1.176.2.13.4.38 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> @@ -1149,7 +1149,7 @@ client_addopt(ns_client_t *client) { rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE); /* - * No ENDS options in the default case. + * No EDNS options in the default case. */ rdata->data = NULL; rdata->length = 0; @@ -1349,6 +1349,14 @@ client_request(isc_task_t *task, isc_event_t *event) { } /* + * Hash the incoming request here as it is after + * dns_dispatch_importrecv(). + */ + dns_dispatch_hash(&client->now, sizeof(client->now)); + dns_dispatch_hash(isc_buffer_base(buffer), + isc_buffer_usedlength(buffer)); + + /* * It's a request. Parse it. */ result = dns_message_parse(client->message, buffer, 0); @@ -1413,7 +1421,7 @@ client_request(isc_task_t *task, isc_event_t *event) { } /* - * Do we understand this version of ENDS? + * Do we understand this version of EDNS? * * XXXRTH need library support for this! */ @@ -1485,6 +1493,7 @@ client_request(isc_task_t *task, isc_event_t *event) { "failed to get request's " "destination: %s", isc_result_totext(result)); + ns_client_next(client, ISC_R_SUCCESS); goto cleanup; } } @@ -1573,21 +1582,29 @@ client_request(isc_task_t *task, isc_event_t *event) { char tsigrcode[64]; isc_buffer_t b; dns_name_t *name = NULL; + dns_rcode_t status; + isc_result_t tresult; - isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); - RUNTIME_CHECK(dns_tsigrcode_totext(client->message->tsigstatus, - &b) == ISC_R_SUCCESS); - tsigrcode[isc_buffer_usedlength(&b)] = '\0'; /* There is a signature, but it is bad. */ if (dns_message_gettsig(client->message, &name) != NULL) { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(name, namebuf, sizeof(namebuf)); + status = client->message->tsigstatus; + isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); + tresult = dns_tsigrcode_totext(status, &b); + INSIST(tresult == ISC_R_SUCCESS); + tsigrcode[isc_buffer_usedlength(&b)] = '\0'; ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_ERROR, "request has invalid signature: " "TSIG %s: %s (%s)", namebuf, isc_result_totext(result), tsigrcode); } else { + status = client->message->sig0status; + isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); + tresult = dns_tsigrcode_totext(status, &b); + INSIST(tresult == ISC_R_SUCCESS); + tsigrcode[isc_buffer_usedlength(&b)] = '\0'; ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_ERROR, "request has invalid signature: %s (%s)", |