Commit 51fb5ee8 authored by Ľuboš Slovák's avatar Ľuboš Slovák

Merge branch 'axfr_denied_log' into 'master'

Axfr denied log

See merge request !248
parents 62e67d25 683be887
......@@ -103,10 +103,31 @@ static void axfr_query_cleanup(struct query_data *qdata)
rcu_read_unlock();
}
static int axfr_query_check(struct query_data *qdata)
{
/* Check valid zone, transaction security and contents. */
NS_NEED_ZONE(qdata, KNOT_RCODE_NOTAUTH);
NS_NEED_AUTH(&qdata->zone->conf->acl.xfr_out, qdata);
/* Check expiration. */
NS_NEED_ZONE_CONTENTS(qdata, KNOT_RCODE_SERVFAIL);
return NS_PROC_DONE;
}
static int axfr_query_init(struct query_data *qdata)
{
assert(qdata);
/* Check AXFR query validity. */
int state = axfr_query_check(qdata);
if (state == NS_PROC_FAIL) {
if (qdata->rcode == KNOT_RCODE_FORMERR) {
return KNOT_EMALF;
} else {
return KNOT_EDENIED;
}
}
/* Create transfer processing context. */
mm_ctx_t *mm = qdata->mm;
......@@ -197,8 +218,6 @@ int axfr_query_process(knot_pkt_t *pkt, struct query_data *qdata)
int ret = KNOT_EOK;
struct timeval now = {0};
printf("axfr_query_process().\n");
/* If AXFR is disabled, respond with NOTIMPL. */
if (qdata->param->proc_flags & NS_QUERY_NO_AXFR) {
qdata->rcode = KNOT_RCODE_NOTIMPL;
......@@ -208,27 +227,6 @@ int axfr_query_process(knot_pkt_t *pkt, struct query_data *qdata)
/* Initialize on first call. */
if (qdata->ext == NULL) {
/* Check valid zone. */
if ((qdata)->zone == NULL) {
qdata->rcode = KNOT_RCODE_NOTAUTH;
AXFROUT_LOG(LOG_ERR, "Failed to start (No such zone.).");
return NS_PROC_FAIL;
}
/* Check ACL. */
if (!process_query_acl_check(&qdata->zone->conf->acl.xfr_out, qdata)
|| (process_query_verify(qdata) != KNOT_EOK)) {
AXFROUT_LOG(LOG_ERR, "Failed to start (Not allowed.).");
return NS_PROC_FAIL;
}
/* Check expiration. */
if ((qdata)->zone->contents == NULL) {
qdata->rcode = KNOT_RCODE_SERVFAIL;
AXFROUT_LOG(LOG_ERR, "Failed to start (Zone expired.).");
return NS_PROC_FAIL;
}
ret = axfr_query_init(qdata);
if (ret != KNOT_EOK) {
AXFROUT_LOG(LOG_ERR, "Failed to start (%s).",
......@@ -240,8 +238,6 @@ int axfr_query_process(knot_pkt_t *pkt, struct query_data *qdata)
}
}
printf("Continuing...\n");
/* Reserve space for TSIG. */
knot_pkt_reserve(pkt, tsig_wire_maxsize(qdata->sign.tsig_key));
......@@ -260,8 +256,7 @@ int axfr_query_process(knot_pkt_t *pkt, struct query_data *qdata)
return NS_PROC_DONE;
break;
default: /* Generic error. */
printf("Failed 2.\n");
AXFROUT_LOG(LOG_ERR, "Failed: %s", knot_strerror(ret));
AXFROUT_LOG(LOG_ERR, "%s", knot_strerror(ret));
return NS_PROC_FAIL;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment