resolved: properly check per-link NTA list
We need to check for parent domains too. We did this correctly for the system-wide NTA list, but not for the per-link one. Let's fix that.
This commit is contained in:
parent
9c2c6692f3
commit
7e8a93b77c
|
@ -1887,7 +1887,7 @@ static int dns_transaction_negative_trust_anchor_lookup(DnsTransaction *t, const
|
||||||
if (!t->scope->link)
|
if (!t->scope->link)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return set_contains(t->scope->link->dnssec_negative_trust_anchors, name);
|
return link_negative_trust_anchor_lookup(t->scope->link, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int dns_transaction_has_unsigned_negative_answer(DnsTransaction *t) {
|
static int dns_transaction_has_unsigned_negative_answer(DnsTransaction *t) {
|
||||||
|
|
|
@ -1407,3 +1407,26 @@ void link_remove_user(Link *l) {
|
||||||
|
|
||||||
(void) unlink(l->state_file);
|
(void) unlink(l->state_file);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool link_negative_trust_anchor_lookup(Link *l, const char *name) {
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(l);
|
||||||
|
assert(name);
|
||||||
|
|
||||||
|
/* Checks whether the specified domain (or any of its parent domains) are listed as per-link NTA. */
|
||||||
|
|
||||||
|
for (;;) {
|
||||||
|
if (set_contains(l->dnssec_negative_trust_anchors, name))
|
||||||
|
return true;
|
||||||
|
|
||||||
|
/* And now, let's look at the parent, and check that too */
|
||||||
|
r = dns_name_parent(&name);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
if (r == 0)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
|
@ -108,4 +108,6 @@ int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m);
|
||||||
bool link_address_relevant(LinkAddress *l, bool local_multicast);
|
bool link_address_relevant(LinkAddress *l, bool local_multicast);
|
||||||
void link_address_add_rrs(LinkAddress *a, bool force_remove);
|
void link_address_add_rrs(LinkAddress *a, bool force_remove);
|
||||||
|
|
||||||
|
bool link_negative_trust_anchor_lookup(Link *l, const char *name);
|
||||||
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(Link*, link_free);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(Link*, link_free);
|
||||||
|
|
Loading…
Reference in New Issue