Commit Diff
Diff:
8e2afa931b203ac13bbf155d0e8d6a9e6890eaa7
d2ab023e44d7e0e3775008d33abcd8eacd46ba38
Commit:
d2ab023e44d7e0e3775008d33abcd8eacd46ba38
Tree:
4f6f70e10de9bb66954d8fa691de5cf66bca9fc2
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Tue Mar 14 08:23:09 2017 UTC
Message:
remove SPF record support. This is due to SPF ala RFC 7208 section 3.1 has removed this. update CHANGES, and example files. tested delphinusdnsd, dd-convert untested.
blob - 3e8ec7f6540ec218513393b655609c89547c28a2
blob + 04ccbdb091fa93ba3da9e9304ca19f1a626d43ef
--- CHANGES
+++ CHANGES
@@ -1,3 +1,7 @@
+Changes in RELEASE_1_2 from RELEASE_1_1
+
+- remove SPF support (deprecated RFC 7208 section 3.1)
+
Changes in RELEASE_1_1 from RELEASE_1_0
- dd-convert.c written to replace dd-convert.rb. It now supports TLSA RR's as
blob - bab1d394a949dc4250d050609c5319b926108ba5
blob + a802b3c7bdcbf04d05af6fbfa55ffe8d7c22aebe
--- configure
+++ configure
@@ -1,7 +1,7 @@
#!/bin/sh
-VERSION="1.1.0"
+VERSION="1.1.0-current"
DD_VERSION="delphinusdnsd-$VERSION"
DD_VERSION_LEN=`echo -n $DD_VERSION | wc -c`
blob - c9bce2d28b4d27938ba7e139cf36b56cd8e54eb0
blob + 4105ad1b96d0e56598a5faf86bdf4f2541d80eae
--- dd-convert.c
+++ dd-convert.c
@@ -55,7 +55,6 @@ int sign_a(DB *, char *, char *, int, struct domain *
int sign_mx(DB *, char *, char *, int, struct domain *);
int sign_ns(DB *, char *, char *, int, struct domain *);
int sign_srv(DB *, char *, char *, int, struct domain *);
-int sign_spf(DB *, char *, char *, int, struct domain *);
int sign_cname(DB *, char *, char *, int, struct domain *);
int sign_soa(DB *, char *, char *, int, struct domain *);
int sign_txt(DB *, char *, char *, int, struct domain *);
@@ -1060,11 +1059,6 @@ calculate_rrsigs(DB *db, char *zonename, char *zsk_key
fprintf(stderr, "sign_nsec3param error\n");
return -1;
}
- if (sd->flags & DOMAIN_HAVE_SPF)
- if (sign_spf(db, zonename, zsk_key, expiry, sd) < 0) {
- fprintf(stderr, "sign_spf error\n");
- return -1;
- }
if (sd->flags & DOMAIN_HAVE_CNAME)
if (sign_cname(db, zonename, zsk_key, expiry, sd) < 0) {
fprintf(stderr, "sign_cname error\n");
@@ -2304,225 +2298,6 @@ sign_nsec3param(DB *db, char *zonename, char *zsk_key,
}
/*
- * create a RRSIG for an SPF record
- */
-
-int
-sign_spf(DB *db, char *zonename, char *zsk_key, int expiry, struct domain *sd)
-{
- struct domain_spf *sdspf;
-
- char tmp[4096];
- char signature[4096];
- char buf[512];
- char shabuf[64];
-
- SHA_CTX sha1;
- SHA256_CTX sha256;
- SHA512_CTX sha512;
-
- char *dnsname;
- char *p;
- char *key;
- char *zone;
-
- uint32_t ttl;
- uint16_t flags;
- uint8_t protocol;
- uint8_t algorithm;
-
- int labellen;
- int keyid;
- int fd, len;
- int keylen, siglen;
- int rsatype;
- int bufsize;
- int labels;
-
- RSA *rsa;
-
- char timebuf[32];
- struct tm tm;
- u_int32_t expiredon2, signedon2;
-
- memset(&shabuf, 0, sizeof(shabuf));
-
- key = malloc(10 * 4096);
- if (key == NULL) {
- dolog(LOG_INFO, "out of memory\n");
- return -1;
- }
-
- /* get the ZSK */
- snprintf(buf, sizeof(buf), "%s.key", zsk_key);
- if ((fd = open(buf, O_RDONLY, 0)) < 0) {
- dolog(LOG_INFO, "open %s: %s\n", buf, strerror(errno));
- return -1;
- }
-
- if ((zone = parse_keyfile(fd, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, &keyid)) == NULL) {
- dolog(LOG_INFO, "parse %s\n", buf);
- close (fd);
- return -1;
- }
-
- close(fd);
-
- /* check the keytag supplied */
- p = key;
- pack16(p, htons(flags));
- p += 2;
- pack8(p, protocol);
- p++;
- pack8(p, algorithm);
- p++;
- keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
- pack(p, signature, keylen);
- p += keylen;
- keylen = (p - key);
- if (keyid != keytag(key, keylen)) {
- dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
- return -1;
- }
-
- labels = label_count(sd->zone);
- if (labels < 0) {
- dolog(LOG_INFO, "label_count");
- return -1;
- }
-
- dnsname = dns_label(zonename, &labellen);
- if (dnsname == NULL)
- return -1;
-
- if (sd->flags & DOMAIN_HAVE_SPF) {
- if ((sdspf= (struct domain_spf *)find_substruct(sd, INTERNAL_TYPE_SPF)) == NULL) {
- dolog(LOG_INFO, "no SPF records but have flags!\n");
- return -1;
- }
- }
-
- p = key;
-
- pack16(p, htons(DNS_TYPE_SPF));
- p += 2;
- pack8(p, algorithm);
- p++;
- pack8(p, labels);
- p++;
- pack32(p, htonl(sd->ttl[INTERNAL_TYPE_SPF]));
- p += 4;
-
- snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
- strptime(timebuf, "%Y%m%d%H%M%S", &tm);
- expiredon2 = timegm(&tm);
- snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
- strptime(timebuf, "%Y%m%d%H%M%S", &tm);
- signedon2 = timegm(&tm);
-
- pack32(p, htonl(expiredon2));
- p += 4;
- pack32(p, htonl(signedon2));
- p += 4;
- pack16(p, htons(keyid));
- p += 2;
- pack(p, dnsname, labellen);
- p += labellen;
-
- /* no signature here */
- /* XXX this should probably be done on a canonical sorted records */
-
- pack(p, sd->zone, sd->zonelen);
- p += sd->zonelen;
- pack16(p, htons(DNS_TYPE_SPF));
- p += 2;
- pack16(p, htons(DNS_CLASS_IN));
- p += 2;
- pack32(p, htonl(sd->ttl[INTERNAL_TYPE_SPF]));
- p += 4;
- pack16(p, htons(1 + sdspf->spflen));
- p += 2;
- pack8(p, sdspf->spflen);
- p++;
- pack(p, sdspf->spf, sdspf->spflen);
- p += sdspf->spflen;
-
- keylen = (p - key);
-
-#if 0
- fd = open("bindump.bin", O_WRONLY | O_CREAT | O_TRUNC, 0600);
- for (i = 0; i < keylen; i++) {
- write(fd, (char *)&key[i], 1);
- }
- close(fd);
-
-#endif
-
- switch (algorithm) {
- case ALGORITHM_RSASHA1_NSEC3_SHA1:
- SHA1_Init(&sha1);
- SHA1_Update(&sha1, key, keylen);
- SHA1_Final((u_char *)shabuf, &sha1);
- bufsize = 20;
- break;
- case ALGORITHM_RSASHA256:
- SHA256_Init(&sha256);
- SHA256_Update(&sha256, key, keylen);
- SHA256_Final((u_char *)shabuf, &sha256);
- bufsize = 32;
-
-#if 0
- printf("keylen = %d\n", keylen);
- fd = open("bindump-sha256.bin", O_WRONLY | O_CREAT | O_TRUNC, 0600);
- for (i = 0; i < bufsize; i++) {
- write(fd, (char *)&shabuf[i], 1);
- }
- close(fd);
-#endif
-
- break;
- case ALGORITHM_RSASHA512:
- SHA512_Init(&sha512);
- SHA512_Update(&sha512, key, keylen);
- SHA512_Final((u_char *)shabuf, &sha512);
- bufsize = 64;
- break;
- default:
- return -1;
- }
-
- rsa = read_private_key(zonename, keyid, algorithm);
- if (rsa == NULL) {
- dolog(LOG_INFO, "reading private key failed\n");
- return -1;
- }
-
- rsatype = alg_to_rsa(algorithm);
- if (rsatype == -1) {
- dolog(LOG_INFO, "algorithm mismatch\n");
- return -1;
- }
-
- if (RSA_sign(rsatype, (u_char *)shabuf, bufsize, (u_char *)signature, &siglen, rsa) != 1) {
- dolog(LOG_INFO, "unable to sign with algorithm %d: %s\n", algorithm, ERR_error_string(ERR_get_error(), NULL));
- return -1;
- }
-
- RSA_free(rsa);
-
- len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
- tmp[len] = '\0';
-
- if (fill_rrsig(sd->zonename, "RRSIG", sd->ttl[INTERNAL_TYPE_SPF], "SPF", algorithm, labels, sd->ttl[INTERNAL_TYPE_SPF], expiredon, signedon, keyid, zonename, tmp) < 0) {
- dolog(LOG_INFO, "fill_rrsig\n");
- return -1;
- }
-
- return 0;
-}
-
-
-/*
* create a RRSIG for a CNAME record
*/
@@ -6246,9 +6021,6 @@ construct_nsec3(DB *db, char *zone, int iterations, ch
if (sd->flags & DOMAIN_HAVE_TLSA)
strlcat(bitmap, "TLSA ", sizeof(bitmap));
- if (sd->flags & DOMAIN_HAVE_SPF)
- strlcat(bitmap, "SPF ", sizeof(bitmap));
-
#if 0
printf("%s %s\n", buf, bitmap);
#endif
@@ -6414,7 +6186,6 @@ print_sd(FILE *of, struct domain *sdomain)
struct domain_cname *sdcname;
struct domain_ptr *sdptr;
struct domain_txt *sdtxt;
- struct domain_spf *sdspf;
struct domain_naptr *sdnaptr;
struct domain_srv *sdsrv;
struct domain_rrsig *sdrr;
@@ -6491,19 +6262,6 @@ print_sd(FILE *of, struct domain *sdomain)
sdomain->ttl[INTERNAL_TYPE_CNAME],
convert_name(sdcname->cname, sdcname->cnamelen));
}
- if (sdomain->flags & DOMAIN_HAVE_SPF) {
- if ((sdspf = (struct domain_spf *)find_substruct(sdomain, INTERNAL_TYPE_SPF)) == NULL) {
- dolog(LOG_INFO, "no dnskeys in zone!\n");
- return -1;
- }
- fprintf(of, " %s,spf,%d,\"",
- convert_name(sdomain->zone, sdomain->zonelen),
- sdomain->ttl[INTERNAL_TYPE_SPF]);
- for (i = 0; i < sdspf->spflen; i++) {
- fprintf(of, "%c", sdspf->spf[i]);
- }
- fprintf(of, "\"\n");
- }
if (sdomain->flags & DOMAIN_HAVE_NAPTR) {
if ((sdnaptr = (struct domain_naptr *)find_substruct(sdomain, INTERNAL_TYPE_NAPTR)) == NULL) {
dolog(LOG_INFO, "no dnskeys in zone!\n");
@@ -6894,25 +6652,6 @@ print_sd(FILE *of, struct domain *sdomain)
convert_name(rss->signers_name, rss->signame_len),
buf);
}
-
- if (sdomain->flags & DOMAIN_HAVE_SPF) {
- rss = (struct rrsig *)&sdrr->rrsig[INTERNAL_TYPE_SPF];
- len = mybase64_encode(rss->signature, rss->signature_len, buf, sizeof(buf));
- buf[len] = '\0';
-
- fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- convert_name(sdomain->zone, sdomain->zonelen),
- sdomain->ttl[INTERNAL_TYPE_RRSIG],
- get_dns_type(rss->type_covered, 0),
- rss->algorithm, rss->labels,
- rss->original_ttl,
- timethuman(rss->signature_expiration),
- timethuman(rss->signature_inception),
- rss->key_tag,
- convert_name(rss->signers_name, rss->signame_len),
- buf);
- }
-
if (sdomain->flags & DOMAIN_HAVE_CNAME) {
rss = (struct rrsig *)&sdrr->rrsig[INTERNAL_TYPE_CNAME];
blob - d31a0d01a675ada17ce5d3e415ca607ba0429c5d
blob + 77d319010d2d59484289461a9823c0295c2940b0
--- ddd-db.h
+++ ddd-db.h
@@ -48,18 +48,17 @@
#define INTERNAL_TYPE_CNAME 5
#define INTERNAL_TYPE_PTR 6
#define INTERNAL_TYPE_TXT 7
-#define INTERNAL_TYPE_SPF 8
-#define INTERNAL_TYPE_SRV 9
-#define INTERNAL_TYPE_SSHFP 10
-#define INTERNAL_TYPE_NAPTR 11
-#define INTERNAL_TYPE_DNSKEY 12
-#define INTERNAL_TYPE_DS 13
-#define INTERNAL_TYPE_NSEC 14
-#define INTERNAL_TYPE_RRSIG 15
-#define INTERNAL_TYPE_NSEC3 16
-#define INTERNAL_TYPE_NSEC3PARAM 17
-#define INTERNAL_TYPE_TLSA 18
-#define INTERNAL_TYPE_MAX 19
+#define INTERNAL_TYPE_SRV 8
+#define INTERNAL_TYPE_SSHFP 9
+#define INTERNAL_TYPE_NAPTR 10
+#define INTERNAL_TYPE_DNSKEY 11
+#define INTERNAL_TYPE_DS 12
+#define INTERNAL_TYPE_NSEC 13
+#define INTERNAL_TYPE_RRSIG 14
+#define INTERNAL_TYPE_NSEC3 15
+#define INTERNAL_TYPE_NSEC3PARAM 16
+#define INTERNAL_TYPE_TLSA 17
+#define INTERNAL_TYPE_MAX 18
/* db stuff */
@@ -199,16 +198,15 @@ struct domain {
#define DOMAIN_HAVE_NS 0x40
#define DOMAIN_HAVE_TXT 0x80
#define DOMAIN_HAVE_SRV 0x100
-#define DOMAIN_HAVE_SPF 0x200
-#define DOMAIN_HAVE_SSHFP 0x400
-#define DOMAIN_HAVE_NAPTR 0x800
-#define DOMAIN_HAVE_DNSKEY 0x1000
-#define DOMAIN_HAVE_DS 0x2000
-#define DOMAIN_HAVE_NSEC 0x4000
-#define DOMAIN_HAVE_RRSIG 0x8000
-#define DOMAIN_HAVE_NSEC3 0x10000
-#define DOMAIN_HAVE_NSEC3PARAM 0x20000
-#define DOMAIN_HAVE_TLSA 0x40000
+#define DOMAIN_HAVE_SSHFP 0x200
+#define DOMAIN_HAVE_NAPTR 0x400
+#define DOMAIN_HAVE_DNSKEY 0x800
+#define DOMAIN_HAVE_DS 0x1000
+#define DOMAIN_HAVE_NSEC 0x2000
+#define DOMAIN_HAVE_RRSIG 0x4000
+#define DOMAIN_HAVE_NSEC3 0x8000
+#define DOMAIN_HAVE_NSEC3PARAM 0x10000
+#define DOMAIN_HAVE_TLSA 0x20000
u_int32_t ttl[INTERNAL_TYPE_MAX]; /* time to lives */
time_t created; /* time created, for dynamic zones */
} __attribute__((packed));
@@ -290,13 +288,6 @@ struct domain_txt {
u_int32_t len;
char txt[DNS_MAXNAME]; /* TXT string */
int txtlen; /* len of TXT */
-} __attribute__((packed));
-
-struct domain_spf {
- u_int16_t type;
- u_int32_t len;
- char spf[DNS_MAXNAME]; /* SPF string */
- int spflen; /* len of SPF */
} __attribute__((packed));
struct domain_srv {
blob - c54a1e0ab72222a099a8c0d4b2b20c6ad0c9670d
blob + 8c9ce6466f8963d15fe3c9d94572830fedc766a1
--- ddd-dns.h
+++ ddd-dns.h
@@ -178,8 +178,6 @@ struct dns_question_hdr {
#define DNS_TYPE_NSEC3PARAM 51 /* RFC 5155, section 4 */
#define DNS_TYPE_TLSA 52 /* RFC 6698, section 7.1 */
-#define DNS_TYPE_SPF 99 /* RFC 4408 */
-
#define DNS_TYPE_TSIG 250 /* RFC 2845, page 3 */
#define DNS_TYPE_IXFR 251 /* RFC 1995, page 2 */
#define DNS_TYPE_AXFR 252 /* RFC 5936, page 10 */
blob - f00618c29e34c3d63e16fc82fc9b905691d46e28
blob + 693e2406cb07a3672bd18c622f6cf2004c51ea3f
--- delphinusdns.conf.5
+++ delphinusdns.conf.5
@@ -96,8 +96,6 @@ zone "centroid.eu" {
centroid.eu,mx,3600,10,proteus.solarscale.de.
centroid.eu,aaaa,3600,2001:a60:f074::8
;
- centroid.eu,spf,3600,"v=spf1 ip4:200.46.208.61 ~all"
- ;
;
; NAPTR trial
centroid.eu,naptr,3600,10,10,"u","E2U+sip","!^.*$!sip:1234@sip.example.com!",centroid.eu
@@ -236,7 +234,7 @@ zonedata = { [hostname] [ "," dnstype] [ "," ttl ] [",
hostname = string
dnstype = ( "a" | "aaaa" | "cname" | "dnskey" | "ds" | "mx" | "naptr" |
"ns" | "nsec" | "nsec3" | "nsec3param" | "ptr" | "rrsig" |
- "soa" | "spf" | "srv" | "sshfp" | "tlsa" | "txt" |
+ "soa" | "srv" | "sshfp" | "tlsa" | "txt" |
"delegate" | "hint" )
ttl = number
blob - 5bbbf1e1af01252bb9cb65d4ffec576dc31c6adc
blob + ebf32d26911bf13fce62d4a2e99cbe54ae6062c6
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -72,7 +72,6 @@ extern int reply_naptr(struct sreply *, DB *);
extern int reply_ns(struct sreply *, DB *);
extern int reply_ptr(struct sreply *);
extern int reply_refused(struct sreply *);
-extern int reply_spf(struct sreply *);
extern int reply_srv(struct sreply *, DB *);
extern int reply_sshfp(struct sreply *);
extern int reply_tlsa(struct sreply *);
@@ -144,8 +143,8 @@ u_int32_t cachesize = 0;
char *bind_list[255];
char *interface_list[255];
#ifndef DD_VERSION
-char *versionstring = "delphinusdnsd -current";
-uint8_t vslen = 22;
+char *versionstring = "delphinusdnsd-current";
+uint8_t vslen = 21;
#else
char *versionstring = DD_VERSION;
uint8_t vslen = DD_VERSION_LEN;
@@ -170,7 +169,7 @@ static struct tcps {
} *tn1, *tnp, *tntmp;
-static const char rcsid[] = "$Id: delphinusdnsd.c,v 1.9 2017/01/11 10:14:35 pjp Exp $";
+static const char rcsid[] = "$Id: delphinusdnsd.c,v 1.10 2017/03/14 08:23:09 pjp Exp $";
/*
* MAIN - set up arguments, set up database, set up sockets, call mainloop
@@ -1273,7 +1272,6 @@ compress_label(u_char *buf, u_int16_t offset, int labe
p += 16; /* sizeof 4 * 32 bit */
break;
case DNS_TYPE_TXT:
- case DNS_TYPE_SPF:
p += *p;
p++;
break;
@@ -2287,18 +2285,6 @@ tcpnxdomain:
}
break;
- case DNS_TYPE_SPF:
- if (type0 == DNS_TYPE_SPF) {
-
- build_reply(&sreply, tnp->so, pbuf, len, question, from, \
- fromlen, sd0, NULL, tnp->region, istcp,
- 0, NULL, replybuf);
-
- slen = reply_spf(&sreply);
- }
- break;
-
-
default:
/*
@@ -2958,16 +2944,7 @@ udpnxdomain:
slen = reply_txt(&sreply);
}
break;
- case DNS_TYPE_SPF:
- if (type0 == DNS_TYPE_SPF) {
- build_reply(&sreply, so, buf, len, question, from, \
- fromlen, sd0, NULL, aregion, istcp, 0, \
- NULL, replybuf);
-
- slen = reply_spf(&sreply);
- }
- break;
default:
/*
@@ -3309,7 +3286,6 @@ lookup_type(int internal_type)
array[INTERNAL_TYPE_PTR] = DOMAIN_HAVE_PTR;
array[INTERNAL_TYPE_RRSIG] = -1;
array[INTERNAL_TYPE_SOA] = DOMAIN_HAVE_SOA;
- array[INTERNAL_TYPE_SPF] = DOMAIN_HAVE_SPF;
array[INTERNAL_TYPE_SRV] = DOMAIN_HAVE_SRV;
array[INTERNAL_TYPE_SSHFP] = DOMAIN_HAVE_SSHFP;
array[INTERNAL_TYPE_TLSA] = DOMAIN_HAVE_TLSA;
blob - 6cafe894f40b5a07cd86f0695887f2a67cf1e170
blob + dc31edf8530b0cf214fa0fe033283febea450086
--- examples/example8.conf
+++ examples/example8.conf
@@ -50,8 +50,6 @@ zone "centroid.eu" {
centroid.eu,mx,3600,10,proteus.solarscale.de.
centroid.eu,aaaa,3600,2001:a60:f074::8
;
- centroid.eu,spf,3600,"v=spf1 ip4:200.46.208.61 ~all"
- ;
;
; NAPTR trial
centroid.eu,naptr,3600,10,10,"u","E2U+sip","!^.*$!sip:1234@sip.example.com!",centroid.eu.
blob - 01015dccdc56c68b7c80f9ac9e2279f428c3de00
blob + 026f5e33ea22ade44674ec5d1bd9e3b870d75736
--- parse.y
+++ parse.y
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2015 Peter J. Philipp. All rights reserved.
+ * Copyright (c) 2014-2017 Peter J. Philipp. All rights reserved.
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -103,7 +103,7 @@ typedef struct {
#define YYSTYPE_IS_DECLARED 1
#endif
-static const char rcsid[] = "$Id: parse.y,v 1.43 2017/01/02 18:18:27 pjp Exp $";
+static const char rcsid[] = "$Id: parse.y,v 1.44 2017/03/14 08:23:09 pjp Exp $";
static int version = 0;
static int state = 0;
static uint8_t region = 0;
@@ -131,7 +131,6 @@ int fill_mx(char *, char *, int, int, char *);
int fill_naptr(char *, char *, int, int, int, char *, char *, char *, char *);
int fill_ns(char *, char *, int, char *);
int fill_soa(char *, char *, int, char *, char *, int, int, int, int, int);
-int fill_spf(char *, char *, int, char *);
int fill_sshfp(char *, char *, int, int, int, char *);
int fill_srv(char *, char *, int, int, int, int, char *);
int fill_tlsa(char *, char *,int, uint8_t, uint8_t, uint8_t, char *);
@@ -184,7 +183,6 @@ struct rrtab {
{ "ptr", DNS_TYPE_PTR, INTERNAL_TYPE_PTR },
{ "rrsig", DNS_TYPE_RRSIG, -1 },
{ "soa", DNS_TYPE_SOA, INTERNAL_TYPE_SOA },
- { "spf", DNS_TYPE_SPF, INTERNAL_TYPE_SPF },
{ "srv", DNS_TYPE_SRV, INTERNAL_TYPE_SRV },
{ "sshfp", DNS_TYPE_SSHFP, INTERNAL_TYPE_SSHFP },
{ "tlsa", DNS_TYPE_TLSA, INTERNAL_TYPE_TLSA },
@@ -518,16 +516,9 @@ zonestatement:
if (debug)
printf(" %s TXT -> %s\n", $1, $7);
- } else if (strcasecmp($3, "spf") == 0) {
- if (fill_spf($1, $3, $5, $7) < 0) {
- return -1;
- }
-
- if (debug)
- printf(" %s SPF -> %s\n", $1, $7);
} else {
if (debug)
- printf("another txt/spf like record I don't know?\n");
+ printf("another txt like record I don't know?\n");
return (-1);
}
@@ -1858,88 +1849,6 @@ fill_ptr(char *name, char *type, int myttl, char *host
ssd->flags |= DOMAIN_HAVE_PTR;
set_record(ssd, rs, converted_name, converted_namelen);
-
- if (converted_name)
- free (converted_name);
-
- free (sdomain);
-
- return (0);
-
-}
-
-/* based on fill_txt */
-int
-fill_spf(char *name, char *type, int myttl, char *msg)
-{
- DB *db = mydb;
- void *sdomain, *tp;
- struct domain *ssd;
- struct domain_spf *ssd_spf;
- int converted_namelen;
- char *converted_name;
- int len, i, rs;
-
- for (i = 0; i < strlen(name); i++) {
- name[i] = tolower((int)name[i]);
- }
-
- if ((len = strlen(msg)) > 255) {
- dolog(LOG_ERR, "SPF record too long line %d\n", file->lineno);
- return (-1);
- }
-
- converted_name = check_rr(name, type, DNS_TYPE_SPF, &converted_namelen);
- if (converted_name == NULL) {
- return -1;
- }
-
- rs = get_record_size(db, converted_name, converted_namelen);
- if (rs < 0) {
- return (-1);
- }
-
- if ((sdomain = calloc(1, rs)) == NULL) {
- return -1;
- }
-
- ssd = (struct domain *)sdomain;
-
- if (get_record(ssd, converted_name, converted_namelen) < 0) {
- return (-1);
- }
-
-
- strlcpy((char *)ssd->zonename, (char *)name, DNS_MAXNAME + 1);
- memcpy(ssd->zone, converted_name, converted_namelen);
- ssd->zonelen = converted_namelen;
-
- ssd->ttl[INTERNAL_TYPE_SPF] = myttl;
-
- ssd_spf = (struct domain_spf *) find_substruct(ssd, INTERNAL_TYPE_SPF);
- if (ssd_spf == NULL) {
- rs += sizeof(struct domain_spf);
-#ifdef __OpenBSD__
- tp = reallocarray(sdomain, 1, rs);
-#else
- tp = realloc(sdomain, rs);
-#endif
- if (tp == NULL)
- return -1;
- sdomain = tp;
- ssd_spf = (sdomain + (rs - sizeof(struct domain_spf)));
- memset((char *)ssd_spf, 0, sizeof(struct domain_spf));
- ssd = (struct domain *)sdomain;
- ssd_spf->len = sizeof(struct domain_spf);
- ssd_spf->type = INTERNAL_TYPE_SPF;
- }
-
- memcpy(ssd_spf->spf, msg, len);
- ssd_spf->spflen = len;
-
- ssd->flags |= DOMAIN_HAVE_SPF;
-
- set_record(ssd, rs, converted_name, converted_namelen);
if (converted_name)
free (converted_name);
blob - d3757e91b5b30e488914809febdb23e6109a53f7
blob + 24f472933d2d14fdeef483bb386d5f2c53851181
--- reply.c
+++ reply.c
@@ -73,7 +73,6 @@ int reply_soa(struct sreply *);
int reply_ptr(struct sreply *);
int reply_txt(struct sreply *);
int reply_version(struct sreply *);
-int reply_spf(struct sreply *);
int reply_srv(struct sreply *, DB *);
int reply_naptr(struct sreply *, DB *);
int reply_sshfp(struct sreply *);
@@ -110,7 +109,7 @@ extern uint8_t vslen;
outlen = tmplen; \
} while (0);
-static const char rcsid[] = "$Id: reply.c,v 1.52 2017/01/09 14:26:50 pjp Exp $";
+static const char rcsid[] = "$Id: reply.c,v 1.53 2017/03/14 08:23:09 pjp Exp $";
/*
* REPLY_A() - replies a DNS question (*q) on socket (so)
@@ -1315,9 +1314,6 @@ reply_rrsig(struct sreply *sreply, DB *db)
if (sd->flags & DOMAIN_HAVE_SRV) {
RRSIG_ALIAS(INTERNAL_TYPE_SRV);
}
- if (sd->flags & DOMAIN_HAVE_SPF) {
- RRSIG_ALIAS(INTERNAL_TYPE_SPF);
- }
if (sd->flags & DOMAIN_HAVE_SSHFP) {
RRSIG_ALIAS(INTERNAL_TYPE_SSHFP);
}
@@ -2539,162 +2535,6 @@ out:
}
/*
- * REPLY_SPF() - replies a DNS question (*q) on socket (so)
- * based on reply_txt...
- */
-
-
-int
-reply_spf(struct sreply *sreply)
-{
- char *reply = sreply->replybuf;
- struct dns_header *odh;
- u_int16_t outlen;
- char *p;
-
- struct answer {
- char name[2];
- u_int16_t type;
- u_int16_t class;
- u_int32_t ttl;
- u_int16_t rdlength; /* 12 */
- char rdata;
- } __attribute__((packed));
-
- struct answer *answer;
-
- int so = sreply->so;
- char *buf = sreply->buf;
- int len = sreply->len;
- struct question *q = sreply->q;
- struct sockaddr *sa = sreply->sa;
- int salen = sreply->salen;
- struct domain *sd = sreply->sd1;
- struct domain_spf *sdspf = NULL;
- int istcp = sreply->istcp;
- int replysize = 512;
- int retlen = -1;
-
- if ((sdspf = find_substruct(sd, INTERNAL_TYPE_SPF)) == NULL)
- return -1;
-
- if (istcp) {
- replysize = 65535;
- }
-
- if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
-
- /* st */
-
- odh = (struct dns_header *)&reply[0];
- outlen = sizeof(struct dns_header);
-
- if (len > replysize) {
- return (retlen);
- }
-
- /* copy question to reply */
- memcpy(reply, buf, sizeof(struct dns_header) + q->hdr->namelen + 4);
- /* blank query */
- memset((char *)&odh->query, 0, sizeof(u_int16_t));
-
- outlen += (q->hdr->namelen + 4);
-
- SET_DNS_REPLY(odh);
- if (sreply->sr == NULL)
- SET_DNS_AUTHORITATIVE(odh);
- else
- SET_DNS_RECURSION_AVAIL(odh);
-
- HTONS(odh->query);
-
- odh->question = htons(1);
- odh->answer = htons(1);
- odh->nsrr = 0;
- odh->additional = 0;
-
- answer = (struct answer *)(&reply[0] + sizeof(struct dns_header) +
- q->hdr->namelen + 4);
-
- answer->name[0] = 0xc0;
- answer->name[1] = 0x0c;
- answer->type = q->hdr->qtype;
- answer->class = q->hdr->qclass;
- if (sreply->sr != NULL)
- answer->ttl = htonl(sd->ttl[INTERNAL_TYPE_SPF] - (time(NULL) - sd->created));
- else
- answer->ttl = htonl(sd->ttl[INTERNAL_TYPE_SPF]);
-
- outlen += 12; /* up to rdata length */
-
- p = (char *)&answer->rdata;
-
- *p = sdspf->spflen;
- memcpy((p + 1), sdspf->spf, sdspf->spflen);
- outlen += (sdspf->spflen + 1);
-
- answer->rdlength = htons(sdspf->spflen + 1);
-
- /* Add RRSIG reply_spf */
- if (dnssec && q->dnssecok) {
- int tmplen = 0;
- int origlen = outlen;
-
- tmplen = additional_rrsig(q->hdr->name, q->hdr->namelen, INTERNAL_TYPE_SPF, sd, reply, replysize, outlen, 0);
-
- if (tmplen == 0) {
- NTOHS(odh->query);
- SET_DNS_TRUNCATION(odh);
- HTONS(odh->query);
- goto out;
- }
-
- outlen = tmplen;
-
- if (outlen > origlen)
- odh->answer = htons(2);
-
- }
-
-out:
- if (q->edns0len) {
- /* tag on edns0 opt record */
- NTOHS(odh->additional);
- odh->additional++;
- HTONS(odh->additional);
-
- outlen = additional_opt(q, reply, replysize, outlen);
- }
-
-
- if (istcp) {
- char *tmpbuf;
- u_int16_t *plen;
-
- tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
- dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
- }
- plen = (u_int16_t *)tmpbuf;
- *plen = htons(outlen);
-
- memcpy(&tmpbuf[2], reply, outlen);
-
- if ((retlen = send(so, tmpbuf, outlen + 2, 0)) < 0) {
- dolog(LOG_INFO, "send: %s\n", strerror(errno));
- }
- free(tmpbuf);
- } else {
- if ((retlen = sendto(so, reply, outlen, 0, sa, salen)) < 0) {
- dolog(LOG_INFO, "sendto: %s\n", strerror(errno));
- }
- }
-
- return (retlen);
-}
-
-/*
* REPLY_TXT() - replies a DNS question (*q) on socket (so)
*
*/
@@ -4841,7 +4681,6 @@ create_anyreply(struct sreply *sreply, char *reply, in
struct domain_ptr *sdptr = NULL;
struct domain_ns *sdns = NULL;
struct domain_mx *sdmx = NULL;
- struct domain_spf *sdspf = NULL;
struct domain_sshfp *sdsshfp = NULL;
struct domain_nsec *sdnsec = NULL;
struct domain_rrsig *sdrrsig = NULL;
@@ -5520,46 +5359,6 @@ create_anyreply(struct sreply *sreply, char *reply, in
NTOHS(odh->answer);
odh->answer += mx_count;
HTONS(odh->answer);
-
- }
- if (sd->flags & DOMAIN_HAVE_SPF) {
- if ((sdspf = (struct domain_spf*)find_substruct(sd, INTERNAL_TYPE_SPF)) == NULL)
- return 0;
-
- NTOHS(odh->answer);
- odh->answer++;
- HTONS(odh->answer);
-
- if ((offset + q->hdr->namelen) > rlen) {
- goto truncate;
- }
-
- memcpy(&reply[offset], q->hdr->name, q->hdr->namelen);
- offset += q->hdr->namelen;
-
- if ((tmplen = compress_label((u_char*)reply, offset, q->hdr->namelen)) > 0) {
- offset = tmplen;
- }
-
- answer = (struct answer *)&reply[offset];
-
- answer->type = htons(DNS_TYPE_SPF);
- answer->class = htons(DNS_CLASS_IN);
- answer->ttl = htonl(sd->ttl[INTERNAL_TYPE_SPF]);
-
- offset += 10; /* up to rdata length */
-
-
-
- if (offset + sdspf->spflen + 1 > rlen)
- goto truncate;
-
- p = (char *)&answer->rdata;
- *p = sdspf->spflen;
- memcpy((p + 1), sdspf->spf, sdspf->spflen);
- offset += (sdspf->spflen + 1);
-
- answer->rdlength = htons(sdspf->spflen + 1);
}
if (sd->flags & DOMAIN_HAVE_TXT) {
blob - 7ae6b43d4e44f2fbd93cb16d7f45b2d5daba73d5
blob + 5bf3f65a19237334d9b38b9c5d760240ea4626a3
--- util.c
+++ util.c
@@ -66,7 +66,6 @@ struct typetable {
{ "AAAA", DNS_TYPE_AAAA},
{ "ANY", DNS_TYPE_ANY },
{ "SRV", DNS_TYPE_SRV },
- { "SPF", DNS_TYPE_SPF },
{ "SSHFP", DNS_TYPE_SSHFP },
{ "NAPTR", DNS_TYPE_NAPTR },
{ "RRSIG", DNS_TYPE_RRSIG },
@@ -260,10 +259,6 @@ find_substruct(struct domain *ssd, u_int16_t type)
if (! (ssd->flags & DOMAIN_HAVE_TXT))
return NULL;
break;
- case INTERNAL_TYPE_SPF:
- if (! (ssd->flags & DOMAIN_HAVE_SPF))
- return NULL;
- break;
case INTERNAL_TYPE_SRV:
if (! (ssd->flags & DOMAIN_HAVE_SRV))
return NULL;
@@ -600,14 +595,6 @@ check_qtype(struct domain *sd, u_int16_t type, int nxd
case DNS_TYPE_TXT:
if ((sd->flags & DOMAIN_HAVE_TXT) == DOMAIN_HAVE_TXT) {
returnval = DNS_TYPE_TXT;
- break;
- }
-
- *error = -1;
- return 0;
- case DNS_TYPE_SPF:
- if ((sd->flags & DOMAIN_HAVE_SPF) == DOMAIN_HAVE_SPF) {
- returnval = DNS_TYPE_SPF;
break;
}
repomaster@centroid.eu