Implement -T cookiealwaysvalid

When -T cookiealwaysvalid is passed to named, DNS cookie checks for
the incoming queries always pass, given they are structurally correct.

(cherry picked from commit 807ef8545d2e06c77826f3b2ac3f1cb7a7413dad)

diff --git a/bin/named/client.c b/bin/named/client.c
index 761d72a9b2a7d665de2a8937d8a04c2d59c942f5..f6986cf3425b918db33bfe67941072f7dbd45a29 100644 (file)
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -2185,6 +2185,9 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
         * Only accept COOKIE if we have talked to the client in the last hour.
         */
        isc_stdtime_get(&now);
+       if (ns_g_cookiealwaysvalid) {
+               now = when;
+       }
        if (isc_serial_gt(when, (now + 300)) ||         /* In the future. */
            isc_serial_lt(when, (now - 3600))) {        /* In the past. */
                isc_stats_increment(ns_g_server->nsstats,
@@ -2195,7 +2198,8 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
        isc_buffer_init(&db, dbuf, sizeof(dbuf));
        compute_cookie(client, when, nonce, ns_g_server->secret, &db);
 
-       if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
+       if (isc_safe_memequal(old, dbuf, COOKIE_SIZE) || ns_g_cookiealwaysvalid)
+       {
                isc_stats_increment(ns_g_server->nsstats,
                                    dns_nsstatscounter_cookiematch);
                client->attributes |= NS_CLIENTATTR_HAVECOOKIE;

diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
index 0d96a799756b539955928df807bff554cf1ffeaf..518d7506bff0798ae0a3e40a137d12e773a703a0 100644 (file)
--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@@ -163,6 +163,7 @@ EXTERN isc_time_t           ns_g_boottime;
 EXTERN isc_time_t              ns_g_configtime;
 EXTERN bool                    ns_g_memstatistics      INIT(false);
 EXTERN bool                    ns_g_clienttest         INIT(false);
+EXTERN bool                    ns_g_cookiealwaysvalid  INIT(false);
 EXTERN bool                    ns_g_dropedns           INIT(false);
 EXTERN bool                    ns_g_ednsformerr        INIT(false);
 EXTERN bool                    ns_g_ednsnotimp         INIT(false);

diff --git a/bin/named/main.c b/bin/named/main.c
index d9127cdb560a9a09f34620e7d6c671e03243f968..98ed3abe8e6b111ffd6070ac1d1aa679dbddfbc2 100644 (file)
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -596,6 +596,8 @@ parse_T_opt(char *option) {
         */
        if (!strcmp(option, "clienttest")) {
                ns_g_clienttest = true;
+       } else if (!strcmp(option, "cookiealwaysvalid")) {
+               ns_g_cookiealwaysvalid = true;
        } else if (!strncmp(option, "delay=", 6)) {
                ns_g_delay = atoi(option + 6);
        } else if (!strcmp(option, "dropedns")) {

diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl
index 7738fa310ff263b6bb352cfead9738a5a9cc33ad..a9cd098d8c3135d2487001ce9cb4b1a8856a87aa 100755 (executable)
--- a/bin/tests/system/start.pl
+++ b/bin/tests/system/start.pl
@@ -270,7 +270,8 @@ sub construct_ns_command {
 
                foreach my $t_option(
                        "dropedns", "ednsformerr", "ednsnotimp", "ednsrefused",
-                       "noaa", "noedns", "nosoa", "maxudp512", "maxudp1460",
+                       "cookiealwaysvalid", "noaa", "noedns", "nosoa",
+                       "maxudp512", "maxudp1460",
                    ) {
                        if (-e "$testdir/$server/named.$t_option") {
                                $command .= "-T $t_option "