search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Dnsmasq v2.68 rc4
[tomato.git] / release / src / router / dnsmasq / src / auth.c
blobd31ed60bffa265d43bbefd7885975258d5e39fb6
1 /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16
17 #include "dnsmasq.h"
18
19 #ifdef HAVE_AUTH
20
21 static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u)
22 {
23 struct addrlist *subnet;
24
25 for (subnet = zone->subnet; subnet; subnet = subnet->next)
26 {
27 if (!(subnet->flags & ADDRLIST_IPV6))
28 {
29 struct in_addr netmask, addr = addr_u->addr.addr4;
30
31 if (!(flag & F_IPV4))
32 continue;
33
34 netmask.s_addr = htonl(~((1 << (32 - subnet->prefixlen)) - 1));
35
36 if (is_same_net(addr, subnet->addr.addr.addr4, netmask))
37 return subnet;
38 }
39 #ifdef HAVE_IPV6
40 else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr.addr.addr6, subnet->prefixlen))
41 return subnet;
42 #endif
43
44 }
45 return NULL;
46 }
47
48 static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
49 {
50 /* No zones specified, no filter */
51 if (!zone->subnet)
52 return 1;
53
54 return find_subnet(zone, flag, addr_u) != NULL;
55 }
56
57 int in_zone(struct auth_zone *zone, char *name, char **cut)
58 {
59 size_t namelen = strlen(name);
60 size_t domainlen = strlen(zone->domain);
61
62 if (cut)
63 *cut = NULL;
64
65 if (namelen >= domainlen &&
66 hostname_isequal(zone->domain, &name[namelen - domainlen]))
67 {
68
69 if (namelen == domainlen)
70 return 1;
71
72 if (name[namelen - domainlen - 1] == '.')
73 {
74 if (cut)
75 *cut = &name[namelen - domainlen - 1];
76 return 1;
77 }
78 }
79
80 return 0;
81 }
82
83
84 size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr, int local_query)
85 {
86 char *name = daemon->namebuff;
87 unsigned char *p, *ansp;
88 int qtype, qclass;
89 int nameoffset, axfroffset = 0;
90 int q, anscount = 0, authcount = 0;
91 struct crec *crecp;
92 int auth = !local_query, trunc = 0, nxdomain = 1, soa = 0, ns = 0, axfr = 0;
93 struct auth_zone *zone = NULL;
94 struct addrlist *subnet = NULL;
95 char *cut;
96 struct mx_srv_record *rec, *move, **up;
97 struct txt_record *txt;
98 struct interface_name *intr;
99 struct naptr *na;
100 struct all_addr addr;
101 struct cname *a;
102
103 if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
104 return 0;
105
106 /* determine end of question section (we put answers there) */
107 if (!(ansp = skip_questions(header, qlen)))
108 return 0; /* bad packet */
109
110 /* now process each question, answers go in RRs after the question */
111 p = (unsigned char *)(header+1);
112
113 for (q = ntohs(header->qdcount); q != 0; q--)
114 {
115 unsigned short flag = 0;
116 int found = 0;
117
118 /* save pointer to name for copying into answers */
119 nameoffset = p - (unsigned char *)header;
120
121 /* now extract name as .-concatenated string into name */
122 if (!extract_name(header, qlen, &p, name, 1, 4))
123 return 0; /* bad packet */
124
125 GETSHORT(qtype, p);
126 GETSHORT(qclass, p);
127
128 if (qclass != C_IN)
129 {
130 auth = 0;
131 continue;
132 }
133
134 if (qtype == T_PTR)
135 {
136 if (!(flag = in_arpa_name_2_addr(name, &addr)))
137 continue;
138
139 if (!local_query)
140 {
141 for (zone = daemon->auth_zones; zone; zone = zone->next)
142 if ((subnet = find_subnet(zone, flag, &addr)))
143 break;
144
145 if (!zone)
146 {
147 auth = 0;
148 continue;
149 }
150 }
151
152 intr = NULL;
153
154 if (flag == F_IPV4)
155 for (intr = daemon->int_names; intr; intr = intr->next)
156 {
157 struct addrlist *addrlist;
158
159 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
160 if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr)
161 break;
162
163 if (addrlist)
164 break;
165 else
166 while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
167 intr = intr->next;
168 }
169 #ifdef HAVE_IPV6
170 else if (flag == F_IPV6)
171 for (intr = daemon->int_names; intr; intr = intr->next)
172 {
173 struct addrlist *addrlist;
174
175 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
176 if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6))
177 break;
178
179 if (addrlist)
180 break;
181 else
182 while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
183 intr = intr->next;
184 }
185 #endif
186
187 if (intr)
188 {
189 if (in_zone(zone, intr->name, NULL))
190 {
191 found = 1;
192 log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
193 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
194 daemon->auth_ttl, NULL,
195 T_PTR, C_IN, "d", intr->name))
196 anscount++;
197 }
198 }
199
200 if ((crecp = cache_find_by_addr(NULL, &addr, now, flag)))
201 do {
202 strcpy(name, cache_get_name(crecp));
203
204 if (crecp->flags & F_DHCP && !option_bool(OPT_DHCP_FQDN))
205 {
206 char *p = strchr(name, '.');
207 if (p)
208 *p = 0; /* must be bare name */
209
210 /* add external domain */
211 strcat(name, ".");
212 strcat(name, zone->domain);
213 log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid));
214 found = 1;
215 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
216 daemon->auth_ttl, NULL,
217 T_PTR, C_IN, "d", name))
218 anscount++;
219 }
220 else if (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL))
221 {
222 log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
223 found = 1;
224 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
225 daemon->auth_ttl, NULL,
226 T_PTR, C_IN, "d", name))
227 anscount++;
228 }
229 else
230 continue;
231
232 } while ((crecp = cache_find_by_addr(crecp, &addr, now, flag)));
233
234 if (!found)
235 log_query(flag | F_NEG | F_NXDOMAIN | F_REVERSE | F_AUTH, NULL, &addr, NULL);
236
237 continue;
238 }
239
240 cname_restart:
241 for (zone = daemon->auth_zones; zone; zone = zone->next)
242 if (in_zone(zone, name, &cut))
243 break;
244
245 if (!zone)
246 {
247 auth = 0;
248 continue;
249 }
250
251 for (rec = daemon->mxnames; rec; rec = rec->next)
252 if (!rec->issrv && hostname_isequal(name, rec->name))
253 {
254 nxdomain = 0;
255
256 if (qtype == T_MX)
257 {
258 found = 1;
259 log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
260 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
261 NULL, T_MX, C_IN, "sd", rec->weight, rec->target))
262 anscount++;
263 }
264 }
265
266 for (move = NULL, up = &daemon->mxnames, rec = daemon->mxnames; rec; rec = rec->next)
267 if (rec->issrv && hostname_isequal(name, rec->name))
268 {
269 nxdomain = 0;
270
271 if (qtype == T_SRV)
272 {
273 found = 1;
274 log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>");
275 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
276 NULL, T_SRV, C_IN, "sssd",
277 rec->priority, rec->weight, rec->srvport, rec->target))
278
279 anscount++;
280 }
281
282 /* unlink first SRV record found */
283 if (!move)
284 {
285 move = rec;
286 *up = rec->next;
287 }
288 else
289 up = &rec->next;
290 }
291 else
292 up = &rec->next;
293
294 /* put first SRV record back at the end. */
295 if (move)
296 {
297 *up = move;
298 move->next = NULL;
299 }
300
301 for (txt = daemon->rr; txt; txt = txt->next)
302 if (hostname_isequal(name, txt->name))
303 {
304 nxdomain = 0;
305 if (txt->class == qtype)
306 {
307 found = 1;
308 log_query(F_CONFIG | F_RRNAME, name, NULL, "<RR>");
309 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
310 NULL, txt->class, C_IN, "t", txt->len, txt->txt))
311 anscount++;
312 }
313 }
314
315 for (txt = daemon->txt; txt; txt = txt->next)
316 if (txt->class == C_IN && hostname_isequal(name, txt->name))
317 {
318 nxdomain = 0;
319 if (qtype == T_TXT)
320 {
321 found = 1;
322 log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
323 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
324 NULL, T_TXT, C_IN, "t", txt->len, txt->txt))
325 anscount++;
326 }
327 }
328
329 for (na = daemon->naptr; na; na = na->next)
330 if (hostname_isequal(name, na->name))
331 {
332 nxdomain = 0;
333 if (qtype == T_NAPTR)
334 {
335 found = 1;
336 log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
337 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
338 NULL, T_NAPTR, C_IN, "sszzzd",
339 na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
340 anscount++;
341 }
342 }
343
344 if (qtype == T_A)
345 flag = F_IPV4;
346
347 #ifdef HAVE_IPV6
348 if (qtype == T_AAAA)
349 flag = F_IPV6;
350 #endif
351
352 for (intr = daemon->int_names; intr; intr = intr->next)
353 if (hostname_isequal(name, intr->name))
354 {
355 struct addrlist *addrlist;
356
357 nxdomain = 0;
358
359 if (flag)
360 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
361 if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype &&
362 (local_query || filter_zone(zone, flag, &addrlist->addr)))
363 {
364 found = 1;
365 log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
366 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
367 daemon->auth_ttl, NULL, qtype, C_IN,
368 qtype == T_A ? "4" : "6", &addrlist->addr))
369 anscount++;
370 }
371 }
372
373 for (a = daemon->cnames; a; a = a->next)
374 if (hostname_isequal(name, a->alias) )
375 {
376 log_query(F_CONFIG | F_CNAME, name, NULL, NULL);
377 strcpy(name, a->target);
378 if (!strchr(name, '.'))
379 {
380 strcat(name, ".");
381 strcat(name, zone->domain);
382 }
383 found = 1;
384 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
385 daemon->auth_ttl, &nameoffset,
386 T_CNAME, C_IN, "d", name))
387 anscount++;
388
389 goto cname_restart;
390 }
391
392 if (!cut)
393 {
394 nxdomain = 0;
395
396 if (qtype == T_SOA)
397 {
398 auth = soa = 1; /* inhibits auth section */
399 found = 1;
400 log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>");
401 }
402 else if (qtype == T_AXFR)
403 {
404 struct iname *peers;
405
406 if (peer_addr->sa.sa_family == AF_INET)
407 peer_addr->in.sin_port = 0;
408 #ifdef HAVE_IPV6
409 else
410 peer_addr->in6.sin6_port = 0;
411 #endif
412
413 for (peers = daemon->auth_peers; peers; peers = peers->next)
414 if (sockaddr_isequal(peer_addr, &peers->addr))
415 break;
416
417 /* Refuse all AXFR unless --auth-sec-servers is set */
418 if ((!peers && daemon->auth_peers) || !daemon->secondary_forward_server)
419 {
420 if (peer_addr->sa.sa_family == AF_INET)
421 inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN);
422 #ifdef HAVE_IPV6
423 else
424 inet_ntop(AF_INET6, &peer_addr->in6.sin6_addr, daemon->addrbuff, ADDRSTRLEN);
425 #endif
426
427 my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff);
428 return 0;
429 }
430
431 auth = 1;
432 soa = 1; /* inhibits auth section */
433 ns = 1; /* ensure we include NS records! */
434 axfr = 1;
435 found = 1;
436 axfroffset = nameoffset;
437 log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<AXFR>");
438 }
439 else if (qtype == T_NS)
440 {
441 auth = 1;
442 ns = 1; /* inhibits auth section */
443 found = 1;
444 log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<NS>");
445 }
446 }
447
448 if (!option_bool(OPT_DHCP_FQDN) && cut)
449 {
450 *cut = 0; /* remove domain part */
451
452 if (!strchr(name, '.') && (crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6)))
453 {
454 if (crecp->flags & F_DHCP)
455 do
456 {
457 nxdomain = 0;
458 if ((crecp->flags & flag) &&
459 (local_query || filter_zone(zone, flag, &(crecp->addr.addr))))
460 {
461 *cut = '.'; /* restore domain part */
462 log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
463 *cut = 0; /* remove domain part */
464 found = 1;
465 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
466 daemon->auth_ttl, NULL, qtype, C_IN,
467 qtype == T_A ? "4" : "6", &crecp->addr))
468 anscount++;
469 }
470 } while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4 | F_IPV6)));
471 }
472
473 *cut = '.'; /* restore domain part */
474 }
475
476 if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6)))
477 {
478 if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))
479 do
480 {
481 nxdomain = 0;
482 if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr.addr))))
483 {
484 log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
485 found = 1;
486 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
487 daemon->auth_ttl, NULL, qtype, C_IN,
488 qtype == T_A ? "4" : "6", &crecp->addr))
489 anscount++;
490 }
491 } while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4 | F_IPV6)));
492 }
493
494 if (!found)
495 log_query(flag | F_NEG | (nxdomain ? F_NXDOMAIN : 0) | F_FORWARD | F_AUTH, name, NULL, NULL);
496
497 }
498
499 /* Add auth section */
500 if (auth && zone)
501 {
502 char *authname;
503 int newoffset, offset = 0;
504
505 if (!subnet)
506 authname = zone->domain;
507 else
508 {
509 /* handle NS and SOA for PTR records */
510
511 authname = name;
512
513 if (!(subnet->flags & ADDRLIST_IPV6))
514 {
515 in_addr_t a = ntohl(subnet->addr.addr.addr4.s_addr) >> 8;
516 char *p = name;
517
518 if (subnet->prefixlen >= 24)
519 p += sprintf(p, "%d.", a & 0xff);
520 a = a >> 8;
521 if (subnet->prefixlen >= 16 )
522 p += sprintf(p, "%d.", a & 0xff);
523 a = a >> 8;
524 p += sprintf(p, "%d.in-addr.arpa", a & 0xff);
525
526 }
527 #ifdef HAVE_IPV6
528 else
529 {
530 char *p = name;
531 int i;
532
533 for (i = subnet->prefixlen-1; i >= 0; i -= 4)
534 {
535 int dig = ((unsigned char *)&subnet->addr.addr.addr6)[i>>3];
536 p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
537 }
538 p += sprintf(p, "ip6.arpa");
539
540 }
541 #endif
542 }
543
544 /* handle NS and SOA in auth section or for explicit queries */
545 newoffset = ansp - (unsigned char *)header;
546 if (((anscount == 0 && !ns) || soa) &&
547 add_resource_record(header, limit, &trunc, 0, &ansp,
548 daemon->auth_ttl, NULL, T_SOA, C_IN, "ddlllll",
549 authname, daemon->authserver, daemon->hostmaster,
550 daemon->soa_sn, daemon->soa_refresh,
551 daemon->soa_retry, daemon->soa_expiry,
552 daemon->auth_ttl))
553 {
554 offset = newoffset;
555 if (soa)
556 anscount++;
557 else
558 authcount++;
559 }
560
561 if (anscount != 0 || ns)
562 {
563 struct name_list *secondary;
564
565 newoffset = ansp - (unsigned char *)header;
566 if (add_resource_record(header, limit, &trunc, -offset, &ansp,
567 daemon->auth_ttl, NULL, T_NS, C_IN, "d", offset == 0 ? authname : NULL, daemon->authserver))
568 {
569 if (offset == 0)
570 offset = newoffset;
571 if (ns)
572 anscount++;
573 else
574 authcount++;
575 }
576
577 if (!subnet)
578 for (secondary = daemon->secondary_forward_server; secondary; secondary = secondary->next)
579 if (add_resource_record(header, limit, &trunc, offset, &ansp,
580 daemon->auth_ttl, NULL, T_NS, C_IN, "d", secondary->name))
581 {
582 if (ns)
583 anscount++;
584 else
585 authcount++;
586 }
587 }
588
589 if (axfr)
590 {
591 for (rec = daemon->mxnames; rec; rec = rec->next)
592 if (in_zone(zone, rec->name, &cut))
593 {
594 if (cut)
595 *cut = 0;
596
597 if (rec->issrv)
598 {
599 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
600 NULL, T_SRV, C_IN, "sssd", cut ? rec->name : NULL,
601 rec->priority, rec->weight, rec->srvport, rec->target))
602
603 anscount++;
604 }
605 else
606 {
607 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
608 NULL, T_MX, C_IN, "sd", cut ? rec->name : NULL, rec->weight, rec->target))
609 anscount++;
610 }
611
612 /* restore config data */
613 if (cut)
614 *cut = '.';
615 }
616
617 for (txt = daemon->rr; txt; txt = txt->next)
618 if (in_zone(zone, txt->name, &cut))
619 {
620 if (cut)
621 *cut = 0;
622
623 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
624 NULL, txt->class, C_IN, "t", cut ? txt->name : NULL, txt->len, txt->txt))
625 anscount++;
626
627 /* restore config data */
628 if (cut)
629 *cut = '.';
630 }
631
632 for (txt = daemon->txt; txt; txt = txt->next)
633 if (txt->class == C_IN && in_zone(zone, txt->name, &cut))
634 {
635 if (cut)
636 *cut = 0;
637
638 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
639 NULL, T_TXT, C_IN, "t", cut ? txt->name : NULL, txt->len, txt->txt))
640 anscount++;
641
642 /* restore config data */
643 if (cut)
644 *cut = '.';
645 }
646
647 for (na = daemon->naptr; na; na = na->next)
648 if (in_zone(zone, na->name, &cut))
649 {
650 if (cut)
651 *cut = 0;
652
653 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
654 NULL, T_NAPTR, C_IN, "sszzzd", cut ? na->name : NULL,
655 na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
656 anscount++;
657
658 /* restore config data */
659 if (cut)
660 *cut = '.';
661 }
662
663 for (intr = daemon->int_names; intr; intr = intr->next)
664 if (in_zone(zone, intr->name, &cut))
665 {
666 struct addrlist *addrlist;
667
668 if (cut)
669 *cut = 0;
670
671 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
672 if (!(addrlist->flags & ADDRLIST_IPV6) &&
673 (local_query || filter_zone(zone, F_IPV4, &addrlist->addr)) &&
674 add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
675 daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr))
676 anscount++;
677
678 #ifdef HAVE_IPV6
679 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
680 if ((addrlist->flags & ADDRLIST_IPV6) &&
681 (local_query || filter_zone(zone, F_IPV6, &addrlist->addr)) &&
682 add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
683 daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr))
684 anscount++;
685 #endif
686
687 /* restore config data */
688 if (cut)
689 *cut = '.';
690 }
691
692 for (a = daemon->cnames; a; a = a->next)
693 if (in_zone(zone, a->alias, &cut))
694 {
695 strcpy(name, a->target);
696 if (!strchr(name, '.'))
697 {
698 strcat(name, ".");
699 strcat(name, zone->domain);
700 }
701
702 if (cut)
703 *cut = 0;
704
705 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
706 daemon->auth_ttl, NULL,
707 T_CNAME, C_IN, "d", cut ? a->alias : NULL, name))
708 anscount++;
709 }
710
711 cache_enumerate(1);
712 while ((crecp = cache_enumerate(0)))
713 {
714 if ((crecp->flags & (F_IPV4 | F_IPV6)) &&
715 !(crecp->flags & (F_NEG | F_NXDOMAIN)) &&
716 (crecp->flags & F_FORWARD))
717 {
718 if ((crecp->flags & F_DHCP) && !option_bool(OPT_DHCP_FQDN))
719 {
720 char *cache_name = cache_get_name(crecp);
721 if (!strchr(cache_name, '.') &&
722 (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))))
723 {
724 qtype = T_A;
725 #ifdef HAVE_IPV6
726 if (crecp->flags & F_IPV6)
727 qtype = T_AAAA;
728 #endif
729 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
730 daemon->auth_ttl, NULL, qtype, C_IN,
731 (crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr))
732 anscount++;
733 }
734 }
735
736 if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))
737 {
738 strcpy(name, cache_get_name(crecp));
739 if (in_zone(zone, name, &cut) &&
740 (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))))
741 {
742 qtype = T_A;
743 #ifdef HAVE_IPV6
744 if (crecp->flags & F_IPV6)
745 qtype = T_AAAA;
746 #endif
747 if (cut)
748 *cut = 0;
749
750 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
751 daemon->auth_ttl, NULL, qtype, C_IN,
752 (crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr))
753 anscount++;
754 }
755 }
756 }
757 }
758
759 /* repeat SOA as last record */
760 if (add_resource_record(header, limit, &trunc, axfroffset, &ansp,
761 daemon->auth_ttl, NULL, T_SOA, C_IN, "ddlllll",
762 daemon->authserver, daemon->hostmaster,
763 daemon->soa_sn, daemon->soa_refresh,
764 daemon->soa_retry, daemon->soa_expiry,
765 daemon->auth_ttl))
766 anscount++;
767
768 }
769
770 }
771
772 /* done all questions, set up header and return length of result */
773 /* clear authoritative and truncated flags, set QR flag */
774 header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
775
776 if (local_query)
777 {
778 /* set RA flag */
779 header->hb4 |= HB4_RA;
780 }
781 else
782 {
783 /* clear RA flag */
784 header->hb4 &= ~HB4_RA;
785 }
786
787 /* authoritive */
788 if (auth)
789 header->hb3 |= HB3_AA;
790
791 /* truncation */
792 if (trunc)
793 header->hb3 |= HB3_TC;
794
795 if ((auth || local_query) && nxdomain)
796 SET_RCODE(header, NXDOMAIN);
797 else
798 SET_RCODE(header, NOERROR); /* no error */
799 header->ancount = htons(anscount);
800 header->nscount = htons(authcount);
801 header->arcount = htons(0);
802 return ansp - (unsigned char *)header;
803 }
804
805 #endif
806
807
808
Tomato firmware and modifications.