Attachment #2746 for bug #2119

View | Details | Raw Unified | Return to bug 2119
Collapse All | Expand All

Lines 5-15 piddir=@piddir@ Link Here

(-)a/openbsd-compat/Makefile.in (-1 / +3 lines)
5	srcdir=@srcdir@	5	srcdir=@srcdir@
6	top_srcdir=@top_srcdir@	6	top_srcdir=@top_srcdir@
7		7
		8	PATHS= -DSSHDIR=\"$(sysconfdir)\"
		9
8	VPATH=@srcdir@	10	VPATH=@srcdir@
9	CC=@CC@	11	CC=@CC@
10	LD=@LD@	12	LD=@LD@
11	CFLAGS=@CFLAGS@	13	CFLAGS=@CFLAGS@
12	CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@	14	CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ $(PATHS) @DEFS@
13	LIBS=@LIBS@	15	LIBS=@LIBS@
14	AR=@AR@	16	AR=@AR@
15	RANLIB=@RANLIB@	17	RANLIB=@RANLIB@





#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>

#include <ldns/ldns.h>


#define malloc(x)	(xmalloc(x))
#define calloc(x, y)	(xcalloc((x),(y)))

#ifdef __APPLE__

#include "pathnames.h"

/**
 * Adding trust anchor directly is only necessary on OSX as
 * configd will overwrite /etc/resolv.conf when the network
 * configuration changes (eg new DNS from DHCP), so the ldns
 * "anchor" keyword for the trusted-key in that file is lost.
 */
static void _add_ldns_trust_key(ldns_resolver *ldns_res,
				const char *filename)
{
	ldns_rr *new_rr;
	struct stat sbuf;

	/* check if file exists (avoid error in ldns_read_anchor_file) */
	debug2("ldns: attempt to load trust anchor from file %s", filename);
	if(stat(filename, &sbuf) != 0) {
		debug2("ldns: file not found");
		return;
	}

	/* read the RR from the file */
	if((new_rr = ldns_read_anchor_file(filename))) {
		/* check if RR already in resolver's anchors */
		ldns_rr_list *cur_anchors =
			ldns_resolver_dnssec_anchors(ldns_res);
		if(ldns_rr_list_contains_rr(cur_anchors, new_rr)) {
			debug2("ldns: anchor already in trust chain");
		}
		else {
			if(ldns_resolver_push_dnssec_anchor(ldns_res, new_rr)
			   == LDNS_STATUS_OK)
				debug2("ldns: new anchor added to trust chain");
			else
				debug2("ldns: failed to add anchor to trust chain (invalid type?)");
		}
	}
	ldns_rr_free(new_rr);
}

#endif

int
getrrsetbyname(const char *hostname, unsigned int rdclass,
	       unsigned int rdtype, unsigned int flags,

	} else { /* AD is not set, try autonomous validation */
		ldns_rr_list * trusted_keys = ldns_rr_list_new();

#ifdef __APPLE__
		/* look for the trusted-key.key in both global and
		   ssh-specific locations */
		_add_ldns_trust_key(ldns_res, ETCDIR "/trusted-key.key");
		_add_ldns_trust_key(ldns_res, SSHDIR "/trusted-key.key");
#endif

		debug2("ldns: trying to validate RRset");
		/* Get eventual sigs */
		rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,

Return to bug 2119

Lines 49-54 Link Here

(-)a/openbsd-compat/getrrsetbyname-ldns.c (+52 lines)
49		49
50	#include <stdlib.h>	50	#include <stdlib.h>
51	#include <string.h>	51	#include <string.h>
		52	#include <sys/stat.h>
52		53
53	#include <ldns/ldns.h>	54	#include <ldns/ldns.h>
54		55
Lines 59-64 Link Here
59	#define malloc(x) (xmalloc(x))	60	#define malloc(x) (xmalloc(x))
60	#define calloc(x, y) (xcalloc((x),(y)))	61	#define calloc(x, y) (xcalloc((x),(y)))
61		62
		63	#ifdef __APPLE__
		64
		65	#include "pathnames.h"
		66
		67	/**
		68	* Adding trust anchor directly is only necessary on OSX as
		69	* configd will overwrite /etc/resolv.conf when the network
		70	* configuration changes (eg new DNS from DHCP), so the ldns
		71	* "anchor" keyword for the trusted-key in that file is lost.
		72	*/
		73	static void _add_ldns_trust_key(ldns_resolver *ldns_res,
		74	const char *filename)
		75	{
		76	ldns_rr *new_rr;
		77	struct stat sbuf;
		78
		79	/* check if file exists (avoid error in ldns_read_anchor_file) */
		80	debug2("ldns: attempt to load trust anchor from file %s", filename);
		81	if(stat(filename, &sbuf) != 0) {
		82	debug2("ldns: file not found");
		83	return;
		84	}
		85
		86	/* read the RR from the file */
		87	if((new_rr = ldns_read_anchor_file(filename))) {
		88	/* check if RR already in resolver's anchors */
		89	ldns_rr_list *cur_anchors =
		90	ldns_resolver_dnssec_anchors(ldns_res);
		91	if(ldns_rr_list_contains_rr(cur_anchors, new_rr)) {
		92	debug2("ldns: anchor already in trust chain");
		93	}
		94	else {
		95	if(ldns_resolver_push_dnssec_anchor(ldns_res, new_rr)
		96	== LDNS_STATUS_OK)
		97	debug2("ldns: new anchor added to trust chain");
		98	else
		99	debug2("ldns: failed to add anchor to trust chain (invalid type?)");
		100	}
		101	}
		102	ldns_rr_free(new_rr);
		103	}
		104
		105	#endif
		106
62	int	107	int
63	getrrsetbyname(const char *hostname, unsigned int rdclass,	108	getrrsetbyname(const char *hostname, unsigned int rdclass,
64	unsigned int rdtype, unsigned int flags,	109	unsigned int rdtype, unsigned int flags,
Lines 152-157 getrrsetbyname(const char *hostname, unsigned int rdclass, Link Here
152	} else { /* AD is not set, try autonomous validation */	197	} else { /* AD is not set, try autonomous validation */
153	ldns_rr_list * trusted_keys = ldns_rr_list_new();	198	ldns_rr_list * trusted_keys = ldns_rr_list_new();
154		199
		200	#ifdef __APPLE__
		201	/* look for the trusted-key.key in both global and
		202	ssh-specific locations */
		203	_add_ldns_trust_key(ldns_res, ETCDIR "/trusted-key.key");
		204	_add_ldns_trust_key(ldns_res, SSHDIR "/trusted-key.key");
		205	#endif
		206
155	debug2("ldns: trying to validate RRset");	207	debug2("ldns: trying to validate RRset");
156	/* Get eventual sigs */	208	/* Get eventual sigs */
157	rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,	209	rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,