Commit 5a9d102c authored by Lubos Slovak's avatar Lubos Slovak

Fixed missing log when AXFR is denied.

parent 7d2f14fa
......@@ -197,6 +197,8 @@ int axfr_query_process(knot_pkt_t *pkt, struct query_data *qdata)
int ret = KNOT_EOK;
struct timeval now = {0};
printf("axfr_query_process().\n");
/* If AXFR is disabled, respond with NOTIMPL. */
if (qdata->param->proc_flags & NS_QUERY_NO_AXFR) {
qdata->rcode = KNOT_RCODE_NOTIMPL;
......@@ -206,11 +208,26 @@ int axfr_query_process(knot_pkt_t *pkt, struct query_data *qdata)
/* Initialize on first call. */
if (qdata->ext == NULL) {
/* Check valid zone, transaction security and contents. */
NS_NEED_ZONE(qdata, KNOT_RCODE_NOTAUTH);
NS_NEED_AUTH(&qdata->zone->conf->acl.xfr_out, qdata);
/* Check valid zone. */
if ((qdata)->zone == NULL) {
qdata->rcode = KNOT_RCODE_NOTAUTH;
AXFROUT_LOG(LOG_ERR, "Failed to start (No such zone.).");
return NS_PROC_FAIL;
}
/* Check ACL. */
if (!process_query_acl_check(&qdata->zone->conf->acl.xfr_out, qdata)
|| (process_query_verify(qdata) != KNOT_EOK)) {
AXFROUT_LOG(LOG_ERR, "Failed to start (Not allowed.).");
return NS_PROC_FAIL;
}
/* Check expiration. */
NS_NEED_ZONE_CONTENTS(qdata, KNOT_RCODE_SERVFAIL);
if ((qdata)->zone->contents == NULL) {
qdata->rcode = KNOT_RCODE_SERVFAIL;
AXFROUT_LOG(LOG_ERR, "Failed to start (Zone expired.).");
return NS_PROC_FAIL;
}
ret = axfr_query_init(qdata);
if (ret != KNOT_EOK) {
......@@ -223,6 +240,8 @@ int axfr_query_process(knot_pkt_t *pkt, struct query_data *qdata)
}
}
printf("Continuing...\n");
/* Reserve space for TSIG. */
knot_pkt_reserve(pkt, tsig_wire_maxsize(qdata->sign.tsig_key));
......@@ -241,6 +260,7 @@ int axfr_query_process(knot_pkt_t *pkt, struct query_data *qdata)
return NS_PROC_DONE;
break;
default: /* Generic error. */
printf("Failed 2.\n");
AXFROUT_LOG(LOG_ERR, "Failed: %s", knot_strerror(ret));
return NS_PROC_FAIL;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment