mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 18:19:42 +00:00
Code Issues Releases Wiki Activity

Add a answer-cookie named config option

Browse Source 
(cherry picked from commit 29305073575459a66f0a93b9becc4863fd1c0c6b)
This commit is contained in:
Mukund Sivaraman 2018-03-19 18:09:05 +05:30 committed by Evan Hunt
parent 5d0b48474f
commit 0ba997b4c2
6 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/named/config.c
View File

@ -47,7 +47,7 @@
/*% default configuration */ /*% default configuration */
static char defaultconf[] = "\ static char defaultconf[] = "\
options {\n\ options {\n\
# answer-cookie <obsolete>;\n\ answer-cookie true;\n\
automatic-interface-scan yes;\n\ automatic-interface-scan yes;\n\
bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\ bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
# blackhole {none;};\n" # blackhole {none;};\n"

5
bin/named/server.c
View File

@ -8791,6 +8791,11 @@ load_configuration(const char *filename, named_server_t *server,
server->flushonshutdown = ISC_FALSE; server->flushonshutdown = ISC_FALSE;
} }
obj = NULL;
result = named_config_get(maps, "answer-cookie", &obj);
INSIST(result == ISC_R_SUCCESS);
server->sctx->answercookie = cfg_obj_asboolean(obj);
obj = NULL; obj = NULL;
result = named_config_get(maps, "cookie-algorithm", &obj); result = named_config_get(maps, "cookie-algorithm", &obj);
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);

2
lib/isccfg/namedconf.c
View File

@ -1031,7 +1031,7 @@ static cfg_type_t cfg_type_fstrm_model = {
*/ */
static cfg_clausedef_t static cfg_clausedef_t
options_clauses[] = { options_clauses[] = {
{ "answer-cookie", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "answer-cookie", &cfg_type_boolean, 0 },
{ "automatic-interface-scan", &cfg_type_boolean, 0 }, { "automatic-interface-scan", &cfg_type_boolean, 0 },
{ "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },

4
lib/ns/client.c
View File

@ -1909,7 +1909,9 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
/* /*
* If we have already seen a cookie option skip this cookie option. * If we have already seen a cookie option skip this cookie option.
*/ */
if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) { if ((!client->sctx->answercookie) ||
(client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
{
isc_buffer_forward(buf, (unsigned int)optlen); isc_buffer_forward(buf, (unsigned int)optlen);
return; return;
} }

1
lib/ns/include/ns/server.h
View File

@ -76,6 +76,7 @@ struct ns_server {
unsigned char secret[32]; unsigned char secret[32];
ns_cookiealg_t cookiealg; ns_cookiealg_t cookiealg;
ns_altsecretlist_t altsecrets; ns_altsecretlist_t altsecrets;
isc_boolean_t answercookie;
/*% Quotas */ /*% Quotas */
isc_quota_t recursionquota; isc_quota_t recursionquota;

1
lib/ns/server.c
View File

@ -103,6 +103,7 @@ ns_server_create(isc_mem_t *mctx, ns_matchview_t matchingview,
sctx->gethostname = NULL; sctx->gethostname = NULL;
sctx->matchingview = matchingview; sctx->matchingview = matchingview;
sctx->answercookie = ISC_TRUE;
ISC_LIST_INIT(sctx->altsecrets); ISC_LIST_INIT(sctx->altsecrets);