])
])
+PDNS_ENABLE_IPCIPHER
+
PDNS_CHECK_RAGEL([pdns/dnslabeltext.cc], [www.powerdns.com])
PDNS_CHECK_CLOCK_GETTIME
--- /dev/null
+AC_DEFUN([PDNS_ENABLE_IPCIPHER], [
+ AC_MSG_CHECKING([whether to enable ipcipher support])
+ AC_ARG_ENABLE([ipcipher],
+ AS_HELP_STRING([--enable-ipcipher], [enable ipcipher support (requires libcrypto) @<:@default=yes@:>@]),
+ [enable_ipcipher=$enableval],
+ [enable_ipcipher=yes]
+ )
+ AC_MSG_RESULT([$enable_ipcipher])
+ AM_CONDITIONAL([IPCIPHER], [test "x$enable_ipcipher" != "xno"])
+
+ AM_COND_IF([IPCIPHER], [
+ AM_COND_IF([HAVE_LIBCRYPTO], [
+ AC_DEFINE([HAVE_IPCIPHER], [1], [Define to 1 if you enable ipcipher support])
+ ],[
+ AC_MSG_ERROR([ipcipher support requested but libcrypto is not available])
+ ])
+ ])
+])
{ "LuaFFIRule", true, "function", "Invoke a Lua FFI function that filters DNS questions" },
{ "LuaResponseAction", true, "function", "Invoke a Lua function that accepts a DNSResponse" },
{ "LuaRule", true, "function", "Invoke a Lua function that filters DNS questions" },
+#ifdef HAVE_IPCIPHER
{ "makeIPCipherKey", true, "password", "generates a 16-byte key that can be used to pseudonymize IP addresses with IP cipher" },
+#endif /* HAVE_IPCIPHER */
{ "makeKey", true, "", "generate a new server access key, emit configuration line ready for pasting" },
{ "makeRule", true, "rule", "Make a NetmaskGroupRule() or a SuffixMatchNodeRule(), depending on how it is called" } ,
{ "MaxQPSIPRule", true, "qps, [v4Mask=32 [, v6Mask=64 [, burst=qps [, expiration=300 [, cleanupDelay=60]]]]]", "matches traffic exceeding the qps limit per subnet" },
#include <boost/optional/optional_io.hpp>
-#ifdef HAVE_LIBCRYPTO
#include "ipcipher.hh"
-#endif /* HAVE_LIBCRYPTO */
class DropAction : public DNSAction
{
message.setServerIdentity(d_serverID);
}
-#if HAVE_LIBCRYPTO
+#if HAVE_IPCIPHER
if (!d_ipEncryptKey.empty())
{
message.setRequestor(encryptCA(*dq->remote, d_ipEncryptKey));
}
-#endif /* HAVE_LIBCRYPTO */
+#endif /* HAVE_IPCIPHER */
if (d_alterFunc) {
auto lock = g_lua.lock();
message.setServerIdentity(d_serverID);
}
-#if HAVE_LIBCRYPTO
+#if HAVE_IPCIPHER
if (!d_ipEncryptKey.empty())
{
message.setRequestor(encryptCA(*dr->remote, d_ipEncryptKey));
}
-#endif /* HAVE_LIBCRYPTO */
+#endif /* HAVE_IPCIPHER */
if (d_alterFunc) {
auto lock = g_lua.lock();
#ifdef HAVE_FSTRM
cout<<"fstrm ";
#endif
-#ifdef HAVE_LIBCRYPTO
+#ifdef HAVE_IPCIPHER
cout<<"ipcipher ";
#endif
#ifdef HAVE_LIBSODIUM
PDNS_CHECK_CDB
PDNS_CHECK_LMDB
+PDNS_ENABLE_IPCIPHER
AX_CXX_COMPILE_STDCXX_17([noext], [mandatory])
[AC_MSG_NOTICE([systemd: yes])],
[AC_MSG_NOTICE([systemd: no])]
)
-AS_IF([test "x$LIBCRYPTO_LIBS" != "x"],
+AS_IF([test "x$enable_ipcipher" != "xno"],
[AC_MSG_NOTICE([ipcipher: yes])],
[AC_MSG_NOTICE([ipcipher: no])]
)
#include "dnsdist-protobuf.hh"
#include "dnstap.hh"
#include "fstrm_logger.hh"
-#include "remote_logger.hh"
-
-#ifdef HAVE_LIBCRYPTO
#include "ipcipher.hh"
-#endif /* HAVE_LIBCRYPTO */
+#include "remote_logger.hh"
#ifdef HAVE_FSTRM
static void parseFSTRMOptions(const boost::optional<std::unordered_map<std::string, unsigned int>>& params, std::unordered_map<string, unsigned int>& options)
void setupLuaBindingsProtoBuf(LuaContext& luaCtx, bool client, bool configCheck)
{
-#ifdef HAVE_LIBCRYPTO
+#ifdef HAVE_IPCIPHER
luaCtx.registerFunction<ComboAddress(ComboAddress::*)(const std::string& key)const>("ipencrypt", [](const ComboAddress& ca, const std::string& key) {
return encryptCA(ca, key);
});
luaCtx.writeFunction("makeIPCipherKey", [](const std::string& password) {
return makeIPCipherKey(password);
});
-#endif /* HAVE_LIBCRYPTO */
+#endif /* HAVE_IPCIPHER */
/* ProtobufMessage */
luaCtx.registerFunction<void(DNSDistProtoBufMessage::*)(std::string)>("setTag", [](DNSDistProtoBufMessage& message, const std::string& strValue) {
--- /dev/null
+../../../m4/pdns_enable_ipcipher.m4
\ No newline at end of file
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+
+#ifdef HAVE_IPCIPHER
#include "statbag.hh"
#include "dnspcap.hh"
#include "iputils.hh"
{
cerr<<"Fatal: "<<e.what()<<endl;
}
+
+#else
+int main()
+{
+ cerr<<"dnswasher requires ipcipher support, which is not available"<<endl;
+ exit(1);
+}
+#endif /* HAVE_IPCIPHER */
#include <openssl/aes.h>
#include <openssl/evp.h>
+#ifdef HAVE_IPCIPHER
/*
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
const unsigned char *salt, int saltlen, int iter,
throw std::runtime_error("ipcrypt can't decrypt non-IP addresses");
}
+
+#endif /* HAVE_IPCIPHER */
#pragma once
+#include "config.h"
+
#include "iputils.hh"
#include <string>
// see https://powerdns.org/ipcipher
+#ifdef HAVE_IPCIPHER
ComboAddress encryptCA(const ComboAddress& ca, const std::string& key);
ComboAddress decryptCA(const ComboAddress& ca, const std::string& key);
std::string makeIPCipherKey(const std::string& password);
+#endif /* HAVE_IPCIPHER */
return EXIT_SUCCESS;
}
+#ifdef HAVE_IPCIPHER
static int xcryptIP(const std::string& cmd, const std::string& ip, const std::string& rkey)
{
cout<<ret.toString()<<endl;
return EXIT_SUCCESS;
}
-
+#endif /* HAVE_IPCIPHER */
static int loadZone(const DNSName& zone, const string& fname) {
UeberBackend B;
cerr<<"Syntax: pdnsutil [ipencrypt|ipdecrypt] IP passphrase [key]"<<endl;
return 0;
}
+#ifdef HAVE_IPCIPHER
string key;
if(cmds.size()==4) {
if (B64Decode(cmds.at(2), key) < 0) {
key = makeIPCipherKey(cmds.at(2));
}
exit(xcryptIP(cmds.at(0), cmds.at(1), key));
+#else
+ cerr<<cmds.at(0)<<" requires ipcipher support which is not available"<<endl;
+ return 0;
+#endif /* HAVE_IPCIPHER */
}
if (cmds.at(0) == "test-algorithms") {
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+
+#ifdef HAVE_IPCIPHER
+
#include <boost/test/unit_test.hpp>
#include "ipcipher.hh"
#include "misc.hh"
BOOST_CHECK_EQUAL(ca.toString(), decrypted.toString());
}
-
BOOST_AUTO_TEST_SUITE_END()
+
+#endif /* HAVE_IPCIPHER */
projects / thirdparty / pdns.git / commitdiff
