From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Mon, 8 Jan 2018 14:34:19 +0000 (+0100)
Subject: cache get_lowest_rank: cleaner code
X-Git-Tag: v2.0.0~6^2~33
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b41801b79900169049810237c4a9dd08bf4ceda4;p=thirdparty%2Fknot-resolver.git

cache get_lowest_rank: cleaner code
---

diff --git a/lib/cache.c b/lib/cache.c
index 1f8a091b2..7b7c5c15b 100644
--- a/lib/cache.c
+++ b/lib/cache.c
@@ -1049,28 +1049,27 @@ static knot_db_val_t closest_NS(kr_layer_t *ctx, struct key *k)
 
 static uint8_t get_lowest_rank(const struct kr_request *req, const struct kr_query *qry)
 {
-	const bool allow_unverified = knot_wire_get_cd(req->answer->wire)
-					|| qry->flags.STUB;
 	/* TODO: move rank handling into the iterator (DNSSEC_* flags)? */
-	uint8_t lowest_rank = KR_RANK_INITIAL | KR_RANK_AUTH;
+	const bool allow_unverified =
+		knot_wire_get_cd(req->answer->wire) || qry->flags.STUB;
+		/* in stub mode we don't trust RRs anyway ^^ */
 	if (qry->flags.NONAUTH) {
-		lowest_rank = KR_RANK_INITIAL;
+		return KR_RANK_INITIAL;
 		/* Note: there's little sense in validation status for non-auth records.
 		 * In case of using NONAUTH to get NS IPs, knowing that you ask correct
 		 * IP doesn't matter much for security; it matters whether you can
 		 * validate the answers from the NS.
 		 */
 	} else if (!allow_unverified) {
-				/* ^^ in stub mode we don't trust RRs anyway */
 		/* Records not present under any TA don't have their security
 		 * verified at all, so we also accept low ranks in that case. */
 		const bool ta_covers = kr_ta_covers_qry(req->ctx, qry->sname, qry->stype);
 		/* ^ TODO: performance?  TODO: stype - call sites */
 		if (ta_covers) {
-			kr_rank_set(&lowest_rank, KR_RANK_INSECURE);
-		}
+			return KR_RANK_INSECURE | KR_RANK_AUTH;
+		} /* else falltrhough */
 	}
-	return lowest_rank;
+	return KR_RANK_INITIAL | KR_RANK_AUTH;
 }