From: W.C.A. Wijngaards Date: Fri, 23 Oct 2020 09:44:28 +0000 (+0200) Subject: unbound-control auth_zone_reload sets zone to nonexpired and X-Git-Tag: release-1.13.2rc1~269^2~30 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c72ca35f0817683698cbdd9e2e1e36c5cdfedaa7;p=thirdparty%2Funbound.git unbound-control auth_zone_reload sets zone to nonexpired and also updates the xfr soa values from the new zonefile contents. --- diff --git a/daemon/remote.c b/daemon/remote.c index 498eb2495..8a6ede426 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2510,8 +2510,8 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg) uint8_t* nm = NULL; struct auth_zones* az = worker->env.auth_zones; struct auth_zone* z = NULL; + struct auth_xfer* xfr = NULL; char* reason = NULL; - int oldexpired = 0; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return; if(az) { @@ -2520,22 +2520,52 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg) if(z) { lock_rw_wrlock(&z->lock); } + xfr = auth_xfer_find(az, nm, nmlen, LDNS_RR_CLASS_IN); + if(xfr) { + lock_basic_lock(&xfr->lock); + } lock_rw_unlock(&az->lock); } free(nm); if(!z) { + if(xfr) { + lock_basic_unlock(&xfr->lock); + } (void)ssl_printf(ssl, "error no auth-zone %s\n", arg); return; } if(!auth_zone_read_zonefile(z, worker->env.cfg)) { lock_rw_unlock(&z->lock); + if(xfr) { + lock_basic_unlock(&xfr->lock); + } (void)ssl_printf(ssl, "error failed to read %s\n", arg); return; } - oldexpired = z->zone_expired; + + z->zone_expired = 0; + if(xfr) { + xfr->zone_expired = 0; + if(!xfr_find_soa(z, xfr)) { + if(z->data.count == 0) { + lock_rw_unlock(&z->lock); + lock_basic_unlock(&xfr->lock); + (void)ssl_printf(ssl, "zone %s has no contents\n", arg); + return; + } + lock_rw_unlock(&z->lock); + lock_basic_unlock(&xfr->lock); + (void)ssl_printf(ssl, "error: no SOA in zone after read %s\n", arg); + return; + } + if(xfr->have_zone) + xfr->lease_time = *worker->env.now; + lock_basic_unlock(&xfr->lock); + } + auth_zone_verify_zonemd(z, &worker->env, &worker->env.mesh->mods, &reason, 0, 0); - if(reason && !oldexpired && z->zone_expired) { + if(reason && z->zone_expired) { (void)ssl_printf(ssl, "error zonemd for %s failed: %s\n", arg, reason); } else if(reason && strcmp(reason, "ZONEMD verification successful") diff --git a/services/authzone.c b/services/authzone.c index 470f490cf..d6931ce92 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1918,7 +1918,7 @@ auth_zone_get_serial(struct auth_zone* z, uint32_t* serial) } /** Find auth_zone SOA and populate the values in xfr(soa values). */ -static int +int xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr) { struct auth_data* apex; diff --git a/services/authzone.h b/services/authzone.h index 6f0791723..9452a3db2 100644 --- a/services/authzone.h +++ b/services/authzone.h @@ -633,6 +633,9 @@ int auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg); /** find serial number of zone or false if none (no SOA record) */ int auth_zone_get_serial(struct auth_zone* z, uint32_t* serial); +/** Find auth_zone SOA and populate the values in xfr(soa values). */ +int xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr); + /** compare auth_zones for sorted rbtree */ int auth_zone_cmp(const void* z1, const void* z2);