Attachment #1301 for bug #1320




	]
)

# Check whether user wants to use ldns
LDNS_MSG="no"
AC_ARG_WITH(ldns,
	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
    [
        if test "x$withval" != "xno" ; then

			if test "x$withval" != "xyes" ; then
				CPPFLAGS="$CPPFLAGS -I${withval}/include"
				LDFLAGS="$LDFLAGS -L${withval}/lib"
			fi

            AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
            LIBS="-lldns $LIBS"
            LDNS_MSG="yes"

            AC_MSG_CHECKING([for ldns support])
            AC_LINK_IFELSE(
                [AC_LANG_SOURCE([[
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <ldns/ldns.h>
int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
                                ]])
                ],
				[AC_MSG_RESULT(yes)],
				[
					AC_MSG_RESULT(no)
					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
				])
        fi
    ]
)

# Check whether user wants libedit support
LIBEDIT_MSG="no"
AC_ARG_WITH(libedit,

Lines 18-24 Link Here

(-)openbsd-compat/Makefile.in (-1 / +1 lines)
18		18
19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o	19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
20		20
21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-getrrsetbyname.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o	23	PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
24		24




/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */

/*
 * Copyright (c) 2007 Simon Vallet / Genoscope <svallet@genoscope.cns.fr>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * Portions Copyright (c) 1999-2001 Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
 * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"

#if !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS)

#include <stdlib.h>
#include <string.h>

#include <ldns/ldns.h>

#include "getrrsetbyname.h"

/* We don't need multithread support here */
#ifdef _THREAD_PRIVATE
# undef _THREAD_PRIVATE
#endif
#define _THREAD_PRIVATE(a,b,c) (c)

int
getrrsetbyname(const char *hostname, unsigned int rdclass,
	       unsigned int rdtype, unsigned int flags,
	       struct rrsetinfo **res)
{
	int result; unsigned int i; unsigned int j;
	struct rrsetinfo *rrset = NULL;
  
	unsigned int index_ans; unsigned int  index_sig;
	struct rdatainfo *rdata;
  
	ldns_resolver * ldns_res;
	ldns_rdf * domain = NULL;  ldns_pkt * pkt;
	ldns_rr_list * rrsigs = NULL;
	ldns_rr_list * rrdata = NULL;
	ldns_status err;
	ldns_rr * rr;
  
	/* check for invalid class and type */
	if (rdclass > 0xffff || rdtype > 0xffff) {
		result = ERRSET_INVAL;
		goto fail;
	}
  
	/* don't allow queries of class or type ANY */
	if (rdclass == 0xff || rdtype == 0xff) {
		result = ERRSET_INVAL;
		goto fail;
	}
  
	/* don't allow flags yet, unimplemented */
	if (flags) {
		result = ERRSET_INVAL;
		goto fail;
	}
  
	/* Initialize resolver from resolv.conf */
	domain = ldns_dname_new_frm_str(hostname);
	if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \
	    LDNS_STATUS_OK) { 

		result = ERRSET_FAIL;
		goto fail;
	}

#ifdef DEBUG
	ldns_resolver_set_debug(ldns_res, true);
#endif /* DEBUG */

	ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */

	/* make query */
	pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD);
	
	/*** TODO: finer errcodes -- see original **/
	if (!pkt || ldns_pkt_ancount(pkt) < 1) {
		result = ERRSET_FAIL;
		goto fail;
	}
  
	/* initialize rrset */
	rrset = calloc(1, sizeof(struct rrsetinfo));
	if (rrset == NULL) {
		result = ERRSET_NOMEMORY;
		goto fail;
	}
  
	rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER);
	rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata);
	if (!rrset->rri_nrdatas) {
		result = ERRSET_NODATA;
		goto fail;
	}

	/* copy name from answer section */
	rrset->rri_name = strndup(
	    ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))),
	    ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))));

	if (rrset->rri_name == NULL) {
		result = ERRSET_NOMEMORY;
		goto fail;
	}

	rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0));
	rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0));
	rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0));
  
	debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas);
  
	/* Check for authenticated data */
	if (ldns_pkt_ad(pkt)) {
		rrset->rri_flags |= RRSET_VALIDATED;
	} else { /* AD is not set, try autonomous validation */

		ldns_rr_list * trusted_keys = ldns_rr_list_new();

		debug2("ldns: trying to validate RRset");
		/* Get eventual sigs */
		rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, 
						  LDNS_SECTION_ANSWER);
		
		rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
		debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS", 
		       rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);

		if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs, 
					       trusted_keys)) == LDNS_STATUS_OK) {

			rrset->rri_flags |= RRSET_VALIDATED;
			debug2("ldns: RRset is signed with a valid key");
		} else {
			debug2("ldns: RRset validation failed: %s", 
			       ldns_get_errorstr_by_id(err));
		}

		ldns_rr_list_deep_free(trusted_keys);
	}

	/* allocate memory for answers */
	rrset->rri_rdatas = calloc(rrset->rri_nrdatas, 
				   sizeof(struct rdatainfo));

	if (rrset->rri_rdatas == NULL) {
		result = ERRSET_NOMEMORY;
		goto fail;
	}

	/* allocate memory for signatures */
	if (rrset->rri_nsigs > 0) {
		rrset->rri_sigs = calloc(rrset->rri_nsigs, 
					 sizeof(struct rdatainfo));

		if (rrset->rri_sigs == NULL) {
			result = ERRSET_NOMEMORY;
			goto fail;
		}
	}

	/* copy answers & signatures */
	for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) {
	
		rdata = NULL;
		rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i);
	
		if (ldns_rr_get_class(rr) == rrset->rri_rdclass && 
		    ldns_rr_get_type(rr) == rrset->rri_rdtype) {

			rdata = &rrset->rri_rdatas[index_ans++];
		}
	
		if (rr->_rr_class == rrset->rri_rdclass && 
		    rr->_rr_type == LDNS_RR_TYPE_RRSIG) {

			rdata = &rrset->rri_sigs[index_sig++];
		}
	
		if (rdata) {
			size_t rdata_offset = 0;
	  
			rdata->rdi_length = 0;
			for (j=0; j< rr->_rd_count; j++) {
				rdata->rdi_length += \
				    ldns_rdf_size(ldns_rr_rdf(rr, j));
			}
	  
			rdata->rdi_data = malloc(rdata->rdi_length);
			if (rdata->rdi_data == NULL) {
				result = ERRSET_NOMEMORY;
				goto fail;
			}
	  
			/* Re-create the raw DNS RDATA */
			for (j=0; j< rr->_rd_count; j++) {
				memcpy(rdata->rdi_data + rdata_offset, 
				       ldns_rdf_data(ldns_rr_rdf(rr, j)), 
				       ldns_rdf_size(ldns_rr_rdf(rr, j)));

				rdata_offset += ldns_rdf_size(ldns_rr_rdf(rr, j));
			}
		}
	
	}
  
	*res = rrset;
	result = ERRSET_SUCCESS;

fail:
	/* freerrset(rrset); */
	ldns_rdf_deep_free(domain);
	ldns_pkt_free(pkt);
	ldns_rr_list_deep_free(rrsigs);
	ldns_rr_list_deep_free(rrdata);
	ldns_resolver_deep_free(ldns_res);

	return result;
}


void
freerrset(struct rrsetinfo *rrset)
{
	u_int16_t i;

	if (rrset == NULL)
		return;

	if (rrset->rri_rdatas) {
		for (i = 0; i < rrset->rri_nrdatas; i++) {
			if (rrset->rri_rdatas[i].rdi_data == NULL)
				break;
			free(rrset->rri_rdatas[i].rdi_data);
		}
		free(rrset->rri_rdatas);
	}

	if (rrset->rri_sigs) {
		for (i = 0; i < rrset->rri_nsigs; i++) {
			if (rrset->rri_sigs[i].rdi_data == NULL)
				break;
			free(rrset->rri_sigs[i].rdi_data);
		}
		free(rrset->rri_sigs);
	}

	if (rrset->rri_name)
		free(rrset->rri_name);
	free(rrset);
}


#endif /* !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) */

Lines 47-53 Link Here

(-)openbsd-compat/getrrsetbyname.c (-2 / +2 lines)
47		47
48	#include "includes.h"	48	#include "includes.h"
49		49
50	#ifndef HAVE_GETRRSETBYNAME	50	#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS)
51		51
52	#include <stdlib.h>	52	#include <stdlib.h>
53	#include <string.h>	53	#include <string.h>
Lines 607-610 Link Here
607	return (n);	607	return (n);
608	}	608	}
609		609
610	#endif /* !defined(HAVE_GETRRSETBYNAME) */	610	#endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */

Return to bug 1320

Lines 1145-1150 Link Here

(-)configure.ac (+35 lines)
1145	]	1145	]
1146	)	1146	)
1147		1147
		1148	# Check whether user wants to use ldns
		1149	LDNS_MSG="no"
		1150	AC_ARG_WITH(ldns,
		1151	[ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
		1152	[
		1153	if test "x$withval" != "xno" ; then
		1154
		1155	if test "x$withval" != "xyes" ; then
		1156	CPPFLAGS="$CPPFLAGS -I${withval}/include"
		1157	LDFLAGS="$LDFLAGS -L${withval}/lib"
		1158	fi
		1159
		1160	AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
		1161	LIBS="-lldns $LIBS"
		1162	LDNS_MSG="yes"
		1163
		1164	AC_MSG_CHECKING([for ldns support])
		1165	AC_LINK_IFELSE(
		1166	[AC_LANG_SOURCE([[
		1167	#include <stdio.h>
		1168	#include <stdlib.h>
		1169	#include <stdint.h>
		1170	#include <ldns/ldns.h>
		1171	int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
		1172	]])
		1173	],
		1174	[AC_MSG_RESULT(yes)],
		1175	[
		1176	AC_MSG_RESULT(no)
		1177	AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
		1178	])
		1179	fi
		1180	]
		1181	)
		1182
1148	# Check whether user wants libedit support	1183	# Check whether user wants libedit support
1149	LIBEDIT_MSG="no"	1184	LIBEDIT_MSG="no"
1150	AC_ARG_WITH(libedit,	1185	AC_ARG_WITH(libedit,

Added Link Here

(-)openbsd-compat/bsd-getrrsetbyname.c (+294 lines)
1	/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
2
3	/*
4	* Copyright (c) 2007 Simon Vallet / Genoscope <svallet@genoscope.cns.fr>
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27	*/
28
29	/*
30	* Portions Copyright (c) 1999-2001 Internet Software Consortium.
31	*
32	* Permission to use, copy, modify, and distribute this software for any
33	* purpose with or without fee is hereby granted, provided that the above
34	* copyright notice and this permission notice appear in all copies.
35	*
36	* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
37	* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
39	* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
40	* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
41	* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
42	* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
43	* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
44	*/
45
46	#include "includes.h"
47
48	#if !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS)
49
50	#include <stdlib.h>
51	#include <string.h>
52
53	#include <ldns/ldns.h>
54
55	#include "getrrsetbyname.h"
56
57	/* We don't need multithread support here */
58	#ifdef _THREAD_PRIVATE
59	# undef _THREAD_PRIVATE
60	#endif
61	#define _THREAD_PRIVATE(a,b,c) (c)
62
63	int
64	getrrsetbyname(const char *hostname, unsigned int rdclass,
65	unsigned int rdtype, unsigned int flags,
66	struct rrsetinfo **res)
67	{
68	int result; unsigned int i; unsigned int j;
69	struct rrsetinfo *rrset = NULL;
70
71	unsigned int index_ans; unsigned int index_sig;
72	struct rdatainfo *rdata;
73
74	ldns_resolver * ldns_res;
75	ldns_rdf * domain = NULL; ldns_pkt * pkt;
76	ldns_rr_list * rrsigs = NULL;
77	ldns_rr_list * rrdata = NULL;
78	ldns_status err;
79	ldns_rr * rr;
80
81	/* check for invalid class and type */
82	if (rdclass > 0xffff \|\| rdtype > 0xffff) {
83	result = ERRSET_INVAL;
84	goto fail;
85	}
86
87	/* don't allow queries of class or type ANY */
88	if (rdclass == 0xff \|\| rdtype == 0xff) {
89	result = ERRSET_INVAL;
90	goto fail;
91	}
92
93	/* don't allow flags yet, unimplemented */
94	if (flags) {
95	result = ERRSET_INVAL;
96	goto fail;
97	}
98
99	/* Initialize resolver from resolv.conf */
100	domain = ldns_dname_new_frm_str(hostname);
101	if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \
102	LDNS_STATUS_OK) {
103
104	result = ERRSET_FAIL;
105	goto fail;
106	}
107
108	#ifdef DEBUG
109	ldns_resolver_set_debug(ldns_res, true);
110	#endif /* DEBUG */
111
112	ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */
113
114	/* make query */
115	pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD);
116
117	/* TODO: finer errcodes -- see original /
118	if (!pkt \|\| ldns_pkt_ancount(pkt) < 1) {
119	result = ERRSET_FAIL;
120	goto fail;
121	}
122
123	/* initialize rrset */
124	rrset = calloc(1, sizeof(struct rrsetinfo));
125	if (rrset == NULL) {
126	result = ERRSET_NOMEMORY;
127	goto fail;
128	}
129
130	rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER);
131	rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata);
132	if (!rrset->rri_nrdatas) {
133	result = ERRSET_NODATA;
134	goto fail;
135	}
136
137	/* copy name from answer section */
138	rrset->rri_name = strndup(
139	ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))),
140	ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))));
141
142	if (rrset->rri_name == NULL) {
143	result = ERRSET_NOMEMORY;
144	goto fail;
145	}
146
147	rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0));
148	rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0));
149	rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0));
150
151	debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas);
152
153	/* Check for authenticated data */
154	if (ldns_pkt_ad(pkt)) {
155	rrset->rri_flags \|= RRSET_VALIDATED;
156	} else { /* AD is not set, try autonomous validation */
157
158	ldns_rr_list * trusted_keys = ldns_rr_list_new();
159
160	debug2("ldns: trying to validate RRset");
161	/* Get eventual sigs */
162	rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,
163	LDNS_SECTION_ANSWER);
164
165	rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
166	debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS",
167	rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);
168
169	if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs,
170	trusted_keys)) == LDNS_STATUS_OK) {
171
172	rrset->rri_flags \|= RRSET_VALIDATED;
173	debug2("ldns: RRset is signed with a valid key");
174	} else {
175	debug2("ldns: RRset validation failed: %s",
176	ldns_get_errorstr_by_id(err));
177	}
178
179	ldns_rr_list_deep_free(trusted_keys);
180	}
181
182	/* allocate memory for answers */
183	rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
184	sizeof(struct rdatainfo));
185
186	if (rrset->rri_rdatas == NULL) {
187	result = ERRSET_NOMEMORY;
188	goto fail;
189	}
190
191	/* allocate memory for signatures */
192	if (rrset->rri_nsigs > 0) {
193	rrset->rri_sigs = calloc(rrset->rri_nsigs,
194	sizeof(struct rdatainfo));
195
196	if (rrset->rri_sigs == NULL) {
197	result = ERRSET_NOMEMORY;
198	goto fail;
199	}
200	}
201
202	/* copy answers & signatures */
203	for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) {
204
205	rdata = NULL;
206	rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i);
207
208	if (ldns_rr_get_class(rr) == rrset->rri_rdclass &&
209	ldns_rr_get_type(rr) == rrset->rri_rdtype) {
210
211	rdata = &rrset->rri_rdatas[index_ans++];
212	}
213
214	if (rr->_rr_class == rrset->rri_rdclass &&
215	rr->_rr_type == LDNS_RR_TYPE_RRSIG) {
216
217	rdata = &rrset->rri_sigs[index_sig++];
218	}
219
220	if (rdata) {
221	size_t rdata_offset = 0;
222
223	rdata->rdi_length = 0;
224	for (j=0; j< rr->_rd_count; j++) {
225	rdata->rdi_length += \
226	ldns_rdf_size(ldns_rr_rdf(rr, j));
227	}
228
229	rdata->rdi_data = malloc(rdata->rdi_length);
230	if (rdata->rdi_data == NULL) {
231	result = ERRSET_NOMEMORY;
232	goto fail;
233	}
234
235	/* Re-create the raw DNS RDATA */
236	for (j=0; j< rr->_rd_count; j++) {
237	memcpy(rdata->rdi_data + rdata_offset,
238	ldns_rdf_data(ldns_rr_rdf(rr, j)),
239	ldns_rdf_size(ldns_rr_rdf(rr, j)));
240
241	rdata_offset += ldns_rdf_size(ldns_rr_rdf(rr, j));
242	}
243	}
244
245	}
246
247	*res = rrset;
248	result = ERRSET_SUCCESS;
249
250	fail:
251	/* freerrset(rrset); */
252	ldns_rdf_deep_free(domain);
253	ldns_pkt_free(pkt);
254	ldns_rr_list_deep_free(rrsigs);
255	ldns_rr_list_deep_free(rrdata);
256	ldns_resolver_deep_free(ldns_res);
257
258	return result;
259	}
260
261
262	void
263	freerrset(struct rrsetinfo *rrset)
264	{
265	u_int16_t i;
266
267	if (rrset == NULL)
268	return;
269
270	if (rrset->rri_rdatas) {
271	for (i = 0; i < rrset->rri_nrdatas; i++) {
272	if (rrset->rri_rdatas[i].rdi_data == NULL)
273	break;
274	free(rrset->rri_rdatas[i].rdi_data);
275	}
276	free(rrset->rri_rdatas);
277	}
278
279	if (rrset->rri_sigs) {
280	for (i = 0; i < rrset->rri_nsigs; i++) {
281	if (rrset->rri_sigs[i].rdi_data == NULL)
282	break;
283	free(rrset->rri_sigs[i].rdi_data);
284	}
285	free(rrset->rri_sigs);
286	}
287
288	if (rrset->rri_name)
289	free(rrset->rri_name);
290	free(rrset);
291	}
292
293
294	#endif /* !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) */