Attachment #1761 for bug #1320

Lines 206-211 OpenSSH contains no GPL code. Link Here

(-)LICENCE (+1 lines)
206	Sun Microsystems	206	Sun Microsystems
207	The SCO Group	207	The SCO Group
208	Daniel Walsh	208	Daniel Walsh
		209	Simon Vallet / Genoscope
209		210
210	* Redistribution and use in source and binary forms, with or without	211	* Redistribution and use in source and binary forms, with or without
211	* modification, are permitted provided that the following conditions	212	* modification, are permitted provided that the following conditions




	]
)

# Check whether user wants to use ldns
LDNS_MSG="no"
AC_ARG_WITH(ldns,
	[  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
    [
        if test "x$withval" != "xno" ; then

			if test "x$withval" != "xyes" ; then
				CPPFLAGS="$CPPFLAGS -I${withval}/include"
				LDFLAGS="$LDFLAGS -L${withval}/lib"
			fi

            AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
            LIBS="-lldns $LIBS"
            LDNS_MSG="yes"

            AC_MSG_CHECKING([for ldns support])
            AC_LINK_IFELSE(
                [AC_LANG_SOURCE([[
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <ldns/ldns.h>
int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
                                ]])
                ],
				[AC_MSG_RESULT(yes)],
				[
					AC_MSG_RESULT(no)
					AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
				])
        fi
    ]
)

# Check whether user wants libedit support
LIBEDIT_MSG="no"
AC_ARG_WITH(libedit,

Lines 18-24 LDFLAGS=-L. @LDFLAGS@ Link Here

(-)openbsd-compat/Makefile.in (-1 / +1 lines)
18		18
19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o	19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
20		20
21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-getrrsetbyname.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o	23	PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
24		24




/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */

/*
 * Copyright (c) 2007 Simon Vallet / Genoscope <svallet@genoscope.cns.fr>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * Portions Copyright (c) 1999-2001 Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
 * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"

#if !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS)

#include <stdlib.h>
#include <string.h>

#include <ldns/ldns.h>

#include "getrrsetbyname.h"
#include "log.h"

int
getrrsetbyname(const char *hostname, unsigned int rdclass,
	       unsigned int rdtype, unsigned int flags,
	       struct rrsetinfo **res)
{
	int result;
	unsigned int i, j, index_ans, index_sig;
	struct rrsetinfo *rrset = NULL;
	struct rdatainfo *rdata;
	size_t len;
	ldns_resolver *ldns_res;
	ldns_rdf *domain = NULL;
	ldns_pkt *pkt = NULL;
	ldns_rr_list *rrsigs = NULL, *rrdata = NULL;
	ldns_status err;
	ldns_rr *rr;

	/* check for invalid class and type */
	if (rdclass > 0xffff || rdtype > 0xffff) {
		result = ERRSET_INVAL;
		goto fail;
	}

	/* don't allow queries of class or type ANY */
	if (rdclass == 0xff || rdtype == 0xff) {
		result = ERRSET_INVAL;
		goto fail;
	}

	/* don't allow flags yet, unimplemented */
	if (flags) {
		result = ERRSET_INVAL;
		goto fail;
	}

	/* Initialize resolver from resolv.conf */
	domain = ldns_dname_new_frm_str(hostname);
	if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \
	    LDNS_STATUS_OK) {
		result = ERRSET_FAIL;
		goto fail;
	}

#ifdef LDNS_DEBUG
	ldns_resolver_set_debug(ldns_res, true);
#endif /* LDNS_DEBUG */

	ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */

	/* make query */
	pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD);

	/*** TODO: finer errcodes -- see original **/
	if (!pkt || ldns_pkt_ancount(pkt) < 1) {
		result = ERRSET_FAIL;
		goto fail;
	}

	/* initialize rrset */
	rrset = calloc(1, sizeof(struct rrsetinfo));
	if (rrset == NULL) {
		result = ERRSET_NOMEMORY;
		goto fail;
	}

	rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER);
	rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata);
	if (!rrset->rri_nrdatas) {
		result = ERRSET_NODATA;
		goto fail;
	}

	/* copy name from answer section */
	len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0)));
	if ((rrset->rri_name = malloc(len)) == NULL) {
		result = ERRSET_NOMEMORY;
		goto fail;
	}
	memcpy(rrset->rri_name,
	    ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len);

	rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0));
	rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0));
	rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0));

	debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas);

	/* Check for authenticated data */
	if (ldns_pkt_ad(pkt)) {
		rrset->rri_flags |= RRSET_VALIDATED;
	} else { /* AD is not set, try autonomous validation */
		ldns_rr_list * trusted_keys = ldns_rr_list_new();

		debug2("ldns: trying to validate RRset");
		/* Get eventual sigs */
		rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,
		    LDNS_SECTION_ANSWER);

		rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
		debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS",
		       rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);

		if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs,
		     trusted_keys)) == LDNS_STATUS_OK) {
			rrset->rri_flags |= RRSET_VALIDATED;
			debug2("ldns: RRset is signed with a valid key");
		} else {
			debug2("ldns: RRset validation failed: %s",
			    ldns_get_errorstr_by_id(err));
		}

		ldns_rr_list_deep_free(trusted_keys);
	}

	/* allocate memory for answers */
	rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
	   sizeof(struct rdatainfo));

	if (rrset->rri_rdatas == NULL) {
		result = ERRSET_NOMEMORY;
		goto fail;
	}

	/* allocate memory for signatures */
	if (rrset->rri_nsigs > 0) {
		rrset->rri_sigs = calloc(rrset->rri_nsigs,
		    sizeof(struct rdatainfo));

		if (rrset->rri_sigs == NULL) {
			result = ERRSET_NOMEMORY;
			goto fail;
		}
	}

	/* copy answers & signatures */
	for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) {
		rdata = NULL;
		rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i);

		if (ldns_rr_get_class(rr) == rrset->rri_rdclass &&
		    ldns_rr_get_type(rr) == rrset->rri_rdtype) {
			rdata = &rrset->rri_rdatas[index_ans++];
		}

		if (rr->_rr_class == rrset->rri_rdclass &&
		    rr->_rr_type == LDNS_RR_TYPE_RRSIG) {
			rdata = &rrset->rri_sigs[index_sig++];
		}

		if (rdata) {
			size_t rdata_offset = 0;

			rdata->rdi_length = 0;
			for (j=0; j< rr->_rd_count; j++) {
				rdata->rdi_length +=
				    ldns_rdf_size(ldns_rr_rdf(rr, j));
			}

			rdata->rdi_data = malloc(rdata->rdi_length);
			if (rdata->rdi_data == NULL) {
				result = ERRSET_NOMEMORY;
				goto fail;
			}

			/* Re-create the raw DNS RDATA */
			for (j=0; j< rr->_rd_count; j++) {
				len = ldns_rdf_size(ldns_rr_rdf(rr, j));
				memcpy(rdata->rdi_data + rdata_offset,
				       ldns_rdf_data(ldns_rr_rdf(rr, j)), len);
				rdata_offset += len;
			}
		}
	}

	*res = rrset;
	result = ERRSET_SUCCESS;

fail:
	/* freerrset(rrset); */
	ldns_rdf_deep_free(domain);
	ldns_pkt_free(pkt);
	ldns_rr_list_deep_free(rrsigs);
	ldns_rr_list_deep_free(rrdata);
	ldns_resolver_deep_free(ldns_res);

	return result;
}


void
freerrset(struct rrsetinfo *rrset)
{
	u_int16_t i;

	if (rrset == NULL)
		return;

	if (rrset->rri_rdatas) {
		for (i = 0; i < rrset->rri_nrdatas; i++) {
			if (rrset->rri_rdatas[i].rdi_data == NULL)
				break;
			free(rrset->rri_rdatas[i].rdi_data);
		}
		free(rrset->rri_rdatas);
	}

	if (rrset->rri_sigs) {
		for (i = 0; i < rrset->rri_nsigs; i++) {
			if (rrset->rri_sigs[i].rdi_data == NULL)
				break;
			free(rrset->rri_sigs[i].rdi_data);
		}
		free(rrset->rri_sigs);
	}

	if (rrset->rri_name)
		free(rrset->rri_name);
	free(rrset);
}


#endif /* !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) */

Lines 47-53 Link Here

(-)openbsd-compat/getrrsetbyname.c (-2 / +2 lines)
47		47
48	#include "includes.h"	48	#include "includes.h"
49		49
50	#ifndef HAVE_GETRRSETBYNAME	50	#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS)
51		51
52	#include <stdlib.h>	52	#include <stdlib.h>
53	#include <string.h>	53	#include <string.h>
Lines 607-610 count_dns_rr(struct dns_rr *p, u_int16_t Link Here
607	return (n);	607	return (n);
608	}	608	}
609		609
610	#endif /* !defined(HAVE_GETRRSETBYNAME) */	610	#endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */

Return to bug 1320

Lines 1240-1245 AC_ARG_WITH(tcp-wrappers, Link Here

(-)configure.ac (+35 lines)
1240	]	1240	]
1241	)	1241	)
1242		1242
		1243	# Check whether user wants to use ldns
		1244	LDNS_MSG="no"
		1245	AC_ARG_WITH(ldns,
		1246	[ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
		1247	[
		1248	if test "x$withval" != "xno" ; then
		1249
		1250	if test "x$withval" != "xyes" ; then
		1251	CPPFLAGS="$CPPFLAGS -I${withval}/include"
		1252	LDFLAGS="$LDFLAGS -L${withval}/lib"
		1253	fi
		1254
		1255	AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
		1256	LIBS="-lldns $LIBS"
		1257	LDNS_MSG="yes"
		1258
		1259	AC_MSG_CHECKING([for ldns support])
		1260	AC_LINK_IFELSE(
		1261	[AC_LANG_SOURCE([[
		1262	#include <stdio.h>
		1263	#include <stdlib.h>
		1264	#include <stdint.h>
		1265	#include <ldns/ldns.h>
		1266	int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
		1267	]])
		1268	],
		1269	[AC_MSG_RESULT(yes)],
		1270	[
		1271	AC_MSG_RESULT(no)
		1272	AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
		1273	])
		1274	fi
		1275	]
		1276	)
		1277
1243	# Check whether user wants libedit support	1278	# Check whether user wants libedit support
1244	LIBEDIT_MSG="no"	1279	LIBEDIT_MSG="no"
1245	AC_ARG_WITH(libedit,	1280	AC_ARG_WITH(libedit,

Added Link Here

(-)openbsd-compat/bsd-getrrsetbyname.c (+279 lines)
1	/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
2
3	/*
4	* Copyright (c) 2007 Simon Vallet / Genoscope <svallet@genoscope.cns.fr>
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27	*/
28
29	/*
30	* Portions Copyright (c) 1999-2001 Internet Software Consortium.
31	*
32	* Permission to use, copy, modify, and distribute this software for any
33	* purpose with or without fee is hereby granted, provided that the above
34	* copyright notice and this permission notice appear in all copies.
35	*
36	* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
37	* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
39	* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
40	* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
41	* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
42	* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
43	* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
44	*/
45
46	#include "includes.h"
47
48	#if !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS)
49
50	#include <stdlib.h>
51	#include <string.h>
52
53	#include <ldns/ldns.h>
54
55	#include "getrrsetbyname.h"
56	#include "log.h"
57
58	int
59	getrrsetbyname(const char *hostname, unsigned int rdclass,
60	unsigned int rdtype, unsigned int flags,
61	struct rrsetinfo **res)
62	{
63	int result;
64	unsigned int i, j, index_ans, index_sig;
65	struct rrsetinfo *rrset = NULL;
66	struct rdatainfo *rdata;
67	size_t len;
68	ldns_resolver *ldns_res;
69	ldns_rdf *domain = NULL;
70	ldns_pkt *pkt = NULL;
71	ldns_rr_list rrsigs = NULL, rrdata = NULL;
72	ldns_status err;
73	ldns_rr *rr;
74
75	/* check for invalid class and type */
76	if (rdclass > 0xffff \|\| rdtype > 0xffff) {
77	result = ERRSET_INVAL;
78	goto fail;
79	}
80
81	/* don't allow queries of class or type ANY */
82	if (rdclass == 0xff \|\| rdtype == 0xff) {
83	result = ERRSET_INVAL;
84	goto fail;
85	}
86
87	/* don't allow flags yet, unimplemented */
88	if (flags) {
89	result = ERRSET_INVAL;
90	goto fail;
91	}
92
93	/* Initialize resolver from resolv.conf */
94	domain = ldns_dname_new_frm_str(hostname);
95	if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \
96	LDNS_STATUS_OK) {
97	result = ERRSET_FAIL;
98	goto fail;
99	}
100
101	#ifdef LDNS_DEBUG
102	ldns_resolver_set_debug(ldns_res, true);
103	#endif /* LDNS_DEBUG */
104
105	ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */
106
107	/* make query */
108	pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD);
109
110	/* TODO: finer errcodes -- see original /
111	if (!pkt \|\| ldns_pkt_ancount(pkt) < 1) {
112	result = ERRSET_FAIL;
113	goto fail;
114	}
115
116	/* initialize rrset */
117	rrset = calloc(1, sizeof(struct rrsetinfo));
118	if (rrset == NULL) {
119	result = ERRSET_NOMEMORY;
120	goto fail;
121	}
122
123	rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER);
124	rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata);
125	if (!rrset->rri_nrdatas) {
126	result = ERRSET_NODATA;
127	goto fail;
128	}
129
130	/* copy name from answer section */
131	len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0)));
132	if ((rrset->rri_name = malloc(len)) == NULL) {
133	result = ERRSET_NOMEMORY;
134	goto fail;
135	}
136	memcpy(rrset->rri_name,
137	ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len);
138
139	rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0));
140	rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0));
141	rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0));
142
143	debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas);
144
145	/* Check for authenticated data */
146	if (ldns_pkt_ad(pkt)) {
147	rrset->rri_flags \|= RRSET_VALIDATED;
148	} else { /* AD is not set, try autonomous validation */
149	ldns_rr_list * trusted_keys = ldns_rr_list_new();
150
151	debug2("ldns: trying to validate RRset");
152	/* Get eventual sigs */
153	rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,
154	LDNS_SECTION_ANSWER);
155
156	rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
157	debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS",
158	rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);
159
160	if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs,
161	trusted_keys)) == LDNS_STATUS_OK) {
162	rrset->rri_flags \|= RRSET_VALIDATED;
163	debug2("ldns: RRset is signed with a valid key");
164	} else {
165	debug2("ldns: RRset validation failed: %s",
166	ldns_get_errorstr_by_id(err));
167	}
168
169	ldns_rr_list_deep_free(trusted_keys);
170	}
171
172	/* allocate memory for answers */
173	rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
174	sizeof(struct rdatainfo));
175
176	if (rrset->rri_rdatas == NULL) {
177	result = ERRSET_NOMEMORY;
178	goto fail;
179	}
180
181	/* allocate memory for signatures */
182	if (rrset->rri_nsigs > 0) {
183	rrset->rri_sigs = calloc(rrset->rri_nsigs,
184	sizeof(struct rdatainfo));
185
186	if (rrset->rri_sigs == NULL) {
187	result = ERRSET_NOMEMORY;
188	goto fail;
189	}
190	}
191
192	/* copy answers & signatures */
193	for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) {
194	rdata = NULL;
195	rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i);
196
197	if (ldns_rr_get_class(rr) == rrset->rri_rdclass &&
198	ldns_rr_get_type(rr) == rrset->rri_rdtype) {
199	rdata = &rrset->rri_rdatas[index_ans++];
200	}
201
202	if (rr->_rr_class == rrset->rri_rdclass &&
203	rr->_rr_type == LDNS_RR_TYPE_RRSIG) {
204	rdata = &rrset->rri_sigs[index_sig++];
205	}
206
207	if (rdata) {
208	size_t rdata_offset = 0;
209
210	rdata->rdi_length = 0;
211	for (j=0; j< rr->_rd_count; j++) {
212	rdata->rdi_length +=
213	ldns_rdf_size(ldns_rr_rdf(rr, j));
214	}
215
216	rdata->rdi_data = malloc(rdata->rdi_length);
217	if (rdata->rdi_data == NULL) {
218	result = ERRSET_NOMEMORY;
219	goto fail;
220	}
221
222	/* Re-create the raw DNS RDATA */
223	for (j=0; j< rr->_rd_count; j++) {
224	len = ldns_rdf_size(ldns_rr_rdf(rr, j));
225	memcpy(rdata->rdi_data + rdata_offset,
226	ldns_rdf_data(ldns_rr_rdf(rr, j)), len);
227	rdata_offset += len;
228	}
229	}
230	}
231
232	*res = rrset;
233	result = ERRSET_SUCCESS;
234
235	fail:
236	/* freerrset(rrset); */
237	ldns_rdf_deep_free(domain);
238	ldns_pkt_free(pkt);
239	ldns_rr_list_deep_free(rrsigs);
240	ldns_rr_list_deep_free(rrdata);
241	ldns_resolver_deep_free(ldns_res);
242
243	return result;
244	}
245
246
247	void
248	freerrset(struct rrsetinfo *rrset)
249	{
250	u_int16_t i;
251
252	if (rrset == NULL)
253	return;
254
255	if (rrset->rri_rdatas) {
256	for (i = 0; i < rrset->rri_nrdatas; i++) {
257	if (rrset->rri_rdatas[i].rdi_data == NULL)
258	break;
259	free(rrset->rri_rdatas[i].rdi_data);
260	}
261	free(rrset->rri_rdatas);
262	}
263
264	if (rrset->rri_sigs) {
265	for (i = 0; i < rrset->rri_nsigs; i++) {
266	if (rrset->rri_sigs[i].rdi_data == NULL)
267	break;
268	free(rrset->rri_sigs[i].rdi_data);
269	}
270	free(rrset->rri_sigs);
271	}
272
273	if (rrset->rri_name)
274	free(rrset->rri_name);
275	free(rrset);
276	}
277
278
279	#endif /* !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) */