mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-24 11:25:08 -04:00
add functions to match rdataset types
- dns_rdataset_issigtype() returns true if the rdataset is of type RRSIG and covers a specified type - dns_rdataset_matchestype() returns true if the rdataset is of the specified type *or* the RRSIG covering it.
This commit is contained in:
Evan Hunt
Ondřej Surý
parent
51a4e00d1d
commit
7841de08af
2 changed files with 42 additions and 23 deletions
|
|
@ -673,3 +673,30 @@ dns_rdataset_equals(const dns_rdataset_t *rdataset1,
|
|||
* \li 'rdataset1' is a valid rdataset.
|
||||
* \li 'rdataset2' is a valid rdataset.
|
||||
*/
|
||||
|
||||
/*%
|
||||
* Returns true if the rdataset is of type 'type', or type RRSIG
|
||||
* and covers 'type'.
|
||||
*/
|
||||
static inline bool
|
||||
dns_rdataset_matchestype(const dns_rdataset_t *rdataset,
|
||||
const dns_rdatatype_t type) {
|
||||
REQUIRE(DNS_RDATASET_VALID(rdataset));
|
||||
|
||||
return rdataset->type == type ||
|
||||
(rdataset->type == dns_rdatatype_rrsig &&
|
||||
rdataset->covers == type);
|
||||
}
|
||||
|
||||
/*%
|
||||
* Returns true if the rdataset is of type 'type', or type RRSIG
|
||||
* and covers 'type'.
|
||||
*/
|
||||
static inline bool
|
||||
dns_rdataset_issigtype(const dns_rdataset_t *rdataset,
|
||||
const dns_rdatatype_t type) {
|
||||
REQUIRE(DNS_RDATASET_VALID(rdataset));
|
||||
|
||||
return rdataset->type == dns_rdatatype_rrsig &&
|
||||
rdataset->covers == type;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5473,13 +5473,14 @@ answer_response:
|
|||
}
|
||||
|
||||
ISC_LIST_FOREACH (name->list, s, link) {
|
||||
if (s->type == dns_rdatatype_rrsig &&
|
||||
s->covers == rdataset->type)
|
||||
if (dns_rdataset_issigtype(sigrdataset,
|
||||
rdataset->type))
|
||||
{
|
||||
sigrdataset = s;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (sigrdataset == NULL ||
|
||||
sigrdataset->trust != dns_trust_secure)
|
||||
{
|
||||
|
|
@ -5674,7 +5675,7 @@ findnoqname(fetchctx_t *fctx, dns_message_t *message, dns_name_t *name,
|
|||
* Find the SIG for this rdataset, if we have it.
|
||||
*/
|
||||
ISC_LIST_FOREACH (name->list, sig, link) {
|
||||
if (sig->type == dns_rdatatype_rrsig && sig->covers == type) {
|
||||
if (dns_rdataset_issigtype(sig, type)) {
|
||||
sigrdataset = sig;
|
||||
break;
|
||||
}
|
||||
|
|
@ -5751,9 +5752,7 @@ findnoqname(fetchctx_t *fctx, dns_message_t *message, dns_name_t *name,
|
|||
|
||||
if (noqname != NULL) {
|
||||
ISC_LIST_FOREACH (noqname->list, sig, link) {
|
||||
if (sig->type == dns_rdatatype_rrsig &&
|
||||
sig->covers == found)
|
||||
{
|
||||
if (dns_rdataset_issigtype(sig, found)) {
|
||||
*noqnamep = noqname;
|
||||
break;
|
||||
}
|
||||
|
|
@ -5896,9 +5895,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message,
|
|||
* Find the RRSIG for this rdataset, if we have it.
|
||||
*/
|
||||
ISC_LIST_FOREACH (name->list, sig, link) {
|
||||
if (sig->type == dns_rdatatype_rrsig &&
|
||||
sig->covers == rdataset->type)
|
||||
{
|
||||
if (dns_rdataset_issigtype(sig, rdataset->type)) {
|
||||
sigrdataset = sig;
|
||||
break;
|
||||
}
|
||||
|
|
@ -5927,14 +5924,13 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message,
|
|||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Ignore unrelated non-answer rdatasets that are
|
||||
* missing signatures.
|
||||
*/
|
||||
if (sigrdataset == NULL && need_validation &&
|
||||
!ANSWER(rdataset))
|
||||
{
|
||||
/*
|
||||
* Ignore unrelated non-answer
|
||||
* rdatasets that are missing
|
||||
* signatures.
|
||||
*/
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
@ -6124,9 +6120,8 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_message_t *message,
|
|||
}
|
||||
}
|
||||
if (rdataset->trust == dns_trust_glue &&
|
||||
(rdataset->type == dns_rdatatype_ns ||
|
||||
(rdataset->type == dns_rdatatype_rrsig &&
|
||||
rdataset->covers == dns_rdatatype_ns)))
|
||||
dns_rdataset_matchestype(rdataset,
|
||||
dns_rdatatype_ns))
|
||||
{
|
||||
/*
|
||||
* If the trust level is
|
||||
|
|
@ -8474,9 +8469,7 @@ rctx_answer_match(respctx_t *rctx) {
|
|||
return ISC_R_COMPLETE;
|
||||
}
|
||||
|
||||
if (sigrdataset->type != dns_rdatatype_rrsig ||
|
||||
sigrdataset->covers != rctx->type)
|
||||
{
|
||||
if (!dns_rdataset_issigtype(sigrdataset, rctx->type)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
@ -8622,9 +8615,8 @@ rctx_authority_positive(respctx_t *rctx) {
|
|||
* nothing else.
|
||||
*/
|
||||
ISC_LIST_FOREACH (name->list, rdataset, link) {
|
||||
if (rdataset->type == dns_rdatatype_ns ||
|
||||
(rdataset->type == dns_rdatatype_rrsig &&
|
||||
rdataset->covers == dns_rdatatype_ns))
|
||||
if (dns_rdataset_matchestype(rdataset,
|
||||
dns_rdatatype_ns))
|
||||
{
|
||||
name->attributes.cache = true;
|
||||
rdataset->attributes.cache = true;
|
||||
|
|
|
|||
Loading…
Reference in a new issue