From c0983e70f3bc61443d1acc8e369621d9aed04217 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 11 May 2026 17:03:14 +0000 Subject: [PATCH] main: Add a --secure flag instead of letting users choose the transport This sounds simpler than handling the more complicated logic. Signed-off-by: Michael Tremer --- main.c | 77 ++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 45 insertions(+), 32 deletions(-) diff --git a/main.c b/main.c index e9aa4d4..e96848d 100644 --- a/main.c +++ b/main.c @@ -48,6 +48,11 @@ typedef struct ctx { // Path const char* path; + // Flags + enum { + SECURE = (1 << 0), + } flags; + // Primary const char* primary; isc_sockaddr_t primary_address; @@ -56,10 +61,8 @@ typedef struct ctx { isc_sockaddr_t source_address; // Transport - dns_transport_type_t transport_type; dns_transport_list_t* transports; dns_transport_t* transport; - uint32_t port; // Zones const char** zones; @@ -98,7 +101,6 @@ static ctx_t ctx = { .log_level = LOG_INFO, .path = DEFAULT_PATH, .transport = DNS_TRANSPORT_NONE, - .port = 53, }; static dns_fixedname_t fixed = {}; @@ -271,7 +273,7 @@ static int do_transfer(dns_zone_t* zone, uint32_t serial) { dns_zone_setminxfrratein(zone, 10240, 300); dns_xfrin_create(zone, xfrtype, &ctx.primary_address, &ctx.source_address, NULL, - ctx.transport_type, ctx.transport, ctx.tlsctx_cache, ctx.memctx, &xfrin); + DNS_TRANSPORT_NONE, ctx.transport, ctx.tlsctx_cache, ctx.memctx, &xfrin); // Start the transfer return dns_xfrin_start(xfrin, transfer_done); @@ -311,6 +313,7 @@ ERROR: static void do_zone(const char* name) { dns_name_t* origin = NULL; dns_zone_t* zone = NULL; + char journal_path[PATH_MAX]; char path[PATH_MAX]; int r; @@ -331,6 +334,13 @@ static void do_zone(const char* name) { goto ERROR; } + // Compose the path of the journal + r = snprintf(journal_path, sizeof(journal_path), "%s.jnl", path); + if (r < 0) { + ERROR("Failed to make path for the journal: %m\n"); + goto ERROR; + } + // Create a new zone dns_zone_create(&zone, ctx.memctx, 0); @@ -361,6 +371,13 @@ static void do_zone(const char* name) { goto ERROR; } + // Set the path of the journal + r = dns_zone_setjournal(zone, path); + if (r) { + ERROR("Failed to set the zone's journal path: %s\n", isc_result_totext(r)); + goto ERROR; + } + // Attach view to the zone dns_zone_setview(zone, ctx.view); @@ -384,6 +401,7 @@ ERROR: } static int configure_transports(void) { + dns_transport_type_t type = DNS_TRANSPORT_TCP; dns_name_t* name = NULL; int r; @@ -395,14 +413,18 @@ static int configure_transports(void) { return r; } + // Enable TLS if secure transport is requested + if (ctx.flags & SECURE) + type = DNS_TRANSPORT_TLS; + // Allocate a new transport list ctx.transports = dns_transport_list_new(ctx.memctx); // Allocate a new transport - ctx.transport = dns_transport_new(name, ctx.transport_type, ctx.transports); + ctx.transport = dns_transport_new(name, type, ctx.transports); // Set the remote hostname (for TLS SNI) - switch (ctx.transport_type) { + switch (type) { case DNS_TRANSPORT_TLS: dns_transport_set_remote_hostname(ctx.transport, ctx.primary); dns_transport_set_tlsname(ctx.transport, ctx.primary); @@ -488,22 +510,23 @@ const char* argp_program_version = PACKAGE_VERSION; static const char* args_doc = "TODO"; enum { - OPT_DEBUG = 1, - OPT_PATH = 2, - OPT_PRIMARY = 3, - OPT_TRANSPORT = 4, + OPT_DEBUG = 1, + OPT_PATH = 2, + OPT_PRIMARY = 3, + OPT_SECURE = 4, }; static struct argp_option options[] = { - { "debug", OPT_DEBUG, NULL, 0, "Run in debug mode", 0 }, - { "path", OPT_PATH, "PATH", 1, "Path where to store the zones", 0 }, - { "primary", OPT_PRIMARY, "HOSTNAME", 1, "The hostname of the primary to fetch from", 0 }, - { "transport", OPT_TRANSPORT, "TRANSPORT", 1, "Choose the transport to use (TCP or TLS)", 0 }, + { "debug", OPT_DEBUG, NULL, 0, "Run in debug mode", 0 }, + { "path", OPT_PATH, "PATH", 1, "Path where to store the zones", 0 }, + { "primary", OPT_PRIMARY, "HOSTNAME", 1, "The hostname of the primary to fetch from", 0 }, + { "secure", OPT_SECURE , NULL, 0, "Use a secure transport to transfer the zone", 0 }, { NULL }, }; static int resolve_primary(void) { struct addrinfo* res = NULL; + uint32_t port = 53; int r; struct addrinfo hints = { @@ -511,6 +534,10 @@ static int resolve_primary(void) { .ai_socktype = SOCK_STREAM, }; + // Enable TLS? + if (ctx.flags & SECURE) + port = 853; + // Resolve r = getaddrinfo(ctx.primary, "53", &hints, &res); if (r) @@ -520,12 +547,12 @@ static int resolve_primary(void) { switch (res->ai_family) { case AF_INET6: isc_sockaddr_fromin6(&ctx.primary_address, - &((struct sockaddr_in6*)res->ai_addr)->sin6_addr, ctx.port); + &((struct sockaddr_in6*)res->ai_addr)->sin6_addr, port); break; case AF_INET: isc_sockaddr_fromin(&ctx.primary_address, - &((struct sockaddr_in*)res->ai_addr)->sin_addr, ctx.port); + &((struct sockaddr_in*)res->ai_addr)->sin_addr, port); break; default: @@ -556,22 +583,8 @@ static error_t parse(int key, char* arg, struct argp_state* state) { ctx.primary = arg; break; - case OPT_TRANSPORT: - // TCP - if (strcmp(arg, "TCP") == 0) { - ctx.transport_type = DNS_TRANSPORT_TCP; - ctx.port = 53; - - // TLS - } else if (strcmp(arg, "TLS") == 0) { - ctx.transport_type = DNS_TRANSPORT_TLS; - ctx.port = 853; - - // Fail on unknown transport - } else { - argp_failure(state, EXIT_FAILURE, 0, "Unknown transport: %s", arg); - } - + case OPT_SECURE: + ctx.flags |= SECURE; break; case ARGP_KEY_ARG: -- 2.47.3