peter b13db018fb Import Paul Vixie/ISC's bind-4.9.5-patch1 onto the vendor branch.
This has some (all?) of the DNSSEC key management/distribution mechanism
in place.  (The SIG and KEY RR's)

Obtained from: Paul Vixie / ISC / ftp.isc.org
1996-12-31 19:51:17 +00:00

164 lines
3.5 KiB
C

/**************************************************************************
* ns_ncache.c
* author: anant kumar
* last modification: March 17, 1993
*
* implements negative caching
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <syslog.h>
#include <errno.h>
#include <stdio.h>
#include <resolv.h>
#include "named.h"
#ifdef NCACHE
void
cache_n_resp(msg, msglen)
u_char *msg;
int msglen;
{
register struct databuf *dp;
HEADER *hp;
u_char *cp;
char dname[MAXDNAME];
int n;
int type, class;
#ifdef VALIDATE
int Vcode;
#endif
int flags;
nameserIncr(from_addr.sin_addr, nssRcvdNXD);
hp = (HEADER *)msg;
cp = msg+HFIXEDSZ;
n = dn_expand(msg, msg + msglen, cp, dname, sizeof dname);
if (n < 0) {
dprintf(1, (ddt, "Query expand name failed:cache_n_resp\n"));
hp->rcode = FORMERR;
return;
}
cp += n;
GETSHORT(type, cp);
GETSHORT(class, cp);
dprintf(1, (ddt,
"ncache: dname %s, type %d, class %d\n",
dname, type, class));
#ifdef VALIDATE
Vcode = validate(dname, dname, &from_addr, type, class, NULL, 0,
hp->rcode == NXDOMAIN ? NXDOMAIN : NOERROR_NODATA);
if (Vcode == INVALID || Vcode == VALID_NO_CACHE) {
/*Valid_no_cache should never occur but doesn't hurt to check*/
return;
}
#endif
#ifdef RETURNSOA
if (hp->nscount) {
u_int32_t ttl;
u_int16_t atype;
u_char *tp = cp;
u_char *cp1;
u_char data[BUFSIZ+MAXDNAME];
size_t len = sizeof data;
/* we store NXDOMAIN as T_SOA regardless of the query type */
if (hp->rcode == NXDOMAIN)
type = T_SOA;
/* store ther SOA record */
n = dn_skipname(tp, msg + msglen);
if (n < 0) {
dprintf(3, (ddt, "ncache: form error\n"));
return;
}
tp += n;
GETSHORT(atype, tp); /* type */
if (atype != T_SOA) {
dprintf(3, (ddt,
"ncache: type (%d) != T_SOA\n",atype));
goto no_soa;
}
tp += INT16SZ; /* class */
GETLONG(ttl, tp); /* ttl */
tp += INT16SZ; /* dlen */
/* origin */
n = dn_expand(msg, msg + msglen, tp, (char*)data, len);
if (n < 0) {
dprintf(3, (ddt, "ncache: form error 2\n"));
return;
}
tp += n;
n = strlen((char*)data) + 1;
cp1 = data + n;
len -= n;
/* mail */
n = dn_expand(msg, msg + msglen, tp, (char*)cp1, len);
if (n < 0) {
dprintf(3, (ddt, "ncache: form error 2\n"));
return;
}
tp += n;
n = strlen((char*)cp1) + 1;
cp1 += n;
len -= n;
bcopy(tp, cp1, n = 5 * INT32SZ);
/* serial, refresh, retry, expire, min */
cp1 += n;
len -= n;
/* store the zone of the soa record */
n = dn_expand(msg, msg + msglen, cp, (char*)cp1, len);
if (n < 0) {
dprintf(3, (ddt, "ncache: form error 2\n"));
return;
}
n = strlen((char*)cp1) + 1;
cp1 += n;
dp = savedata(class, type, MIN(ttl, NTTL) + tt.tv_sec, data,
cp1 - data);
} else {
no_soa:
#endif
dp = savedata(class, type, NTTL + tt.tv_sec, NULL, 0);
#ifdef RETURNSOA
}
#endif
dp->d_zone = DB_Z_CACHE;
dp->d_cred = hp->aa ? DB_C_AUTH : DB_C_ANSWER;
dp->d_clev = 0;
if(hp->rcode == NXDOMAIN) {
dp->d_rcode = NXDOMAIN;
flags = DB_NODATA|DB_NOTAUTH|DB_NOHINTS;
} else {
dp->d_rcode = NOERROR_NODATA;
flags = DB_NOTAUTH|DB_NOHINTS;
}
if ((n = db_update(dname, dp, dp, flags, hashtab)) != OK) {
dprintf(1, (ddt,
"db_update failed return value:%d, cache_n_resp()\n",
n));
db_free(dp);
return;
}
dprintf(4, (ddt,
"ncache succeeded: [%s %s %s] rcode:%d ttl:%ld\n",
dname, p_type(type), p_class(class),
dp->d_rcode, (long)(dp->d_ttl-tt.tv_sec)));
return;
}
#endif /*NCACHE*/