]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f5ae506)
Add a answer-cookie named config option
authorMukund Sivaraman <muks@isc.org>
Mon, 19 Mar 2018 12:39:05 +0000 (18:09 +0530)
committerMark Andrews <marka@isc.org>
Fri, 8 Jun 2018 07:29:28 +0000 (17:29 +1000)
(cherry picked from commit 29305073575459a66f0a93b9becc4863fd1c0c6b)

bin/named/client.c patch | blob | blame | history
bin/named/config.c patch | blob | blame | history
bin/named/include/named/server.h patch | blob | blame | history
bin/named/server.c patch | blob | blame | history
lib/isccfg/namedconf.c patch | blob | blame | history

diff --git a/bin/named/client.c b/bin/named/client.c
index bd410784c68fbcc6dec652fa439eeba245a20ab2..feb4eb3e7901edcec6e9c0d95808f158fdc1c914 100644 (file)
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1912,7 +1912,9 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
        /*
         * If we have already seen a cookie option skip this cookie option.
         */
-       if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
+       if ((!ns_g_server->answercookie) ||
+           (client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
+       {
                isc_buffer_forward(buf, (unsigned int)optlen);
                return;
        }
diff --git a/bin/named/config.c b/bin/named/config.c
index c158b2acf6c30fe465b7bc80cca8855623fd7d38..54bc37fff739b52ba0c40f31eebcfe6bda300c17 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -47,6 +47,7 @@
 /*% default configuration */
 static char defaultconf[] = "\
 options {\n\
+       answer-cookie true;\n\
        automatic-interface-scan yes;\n\
        bindkeys-file \"" NS_SYSCONFDIR "/bind.keys\";\n\
 #      blackhole {none;};\n"
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index e60e96fe4b6e067c1f32707e0b473493a17284ae..d8179a60a0a62e90f478fafc37b4b7410887889b 100644 (file)
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -124,6 +124,7 @@ struct ns_server {
        unsigned char           secret[32];     /*%< Server Cookie Secret */
        ns_altsecretlist_t      altsecrets;
        ns_cookiealg_t          cookiealg;
+       isc_boolean_t           answercookie;
 
        dns_dtenv_t             *dtenv;         /*%< Dnstap environment */
 
diff --git a/bin/named/server.c b/bin/named/server.c
index 038e610e6b5ffbee11b82b30ff7c003ea5d3957c..777ece58665e95158ea646a6be63d37c2018e08b 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8327,6 +8327,11 @@ load_configuration(const char *filename, ns_server_t *server,
                server->flushonshutdown = ISC_FALSE;
        }
 
+       obj = NULL;
+       result = ns_config_get(maps, "answer-cookie", &obj);
+       INSIST(result == ISC_R_SUCCESS);
+       server->answercookie = cfg_obj_asboolean(obj);
+
        obj = NULL;
        result = ns_config_get(maps, "cookie-algorithm", &obj);
        INSIST(result == ISC_R_SUCCESS);
@@ -9033,6 +9038,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
        server->lockfile = NULL;
 
        server->dtenv = NULL;
+       server->answercookie = ISC_TRUE;
 
        server->magic = NS_SERVER_MAGIC;
        *serverp = server;
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index cabbba9d7dba2e43b65852876e3e436b6658b01b..ecd5920647901addddd5ef9fb6a2bb26ea2d4292 100644 (file)
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1024,6 +1024,7 @@ static cfg_type_t cfg_type_fstrm_model = {
  */
 static cfg_clausedef_t
 options_clauses[] = {
+       { "answer-cookie", &cfg_type_boolean, CFG_CLAUSEFLAG_DEPRECATED },
        { "automatic-interface-scan", &cfg_type_boolean, 0 },
        { "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
        { "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
Mirror of https://gitlab.isc.org/isc-projects/bind9.git