picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Ninjatrappeur's systemd working tree
23,874 Commits 2 Branches 0 Tags 166 MiB
C 87.3%
Python 6.2%
Shell 2%
C++ 1.4%
Meson 1.2%
Other 1.8%
Go to file
Lennart Poettering 547973dea7 resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled 
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.

With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:

1) Because a user asked for something to be resolved, i.e. requested by
   a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
   validation of its own response.

DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.

To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.

A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.

This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.

Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.

The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
 		2015-12-10 11:35:52 +01:00
catalog catalog: move danish catalog into the right place, and drop DOS line breaks 2015-11-13 13:52:00 +01:00
coccinelle coccinelle: additional errno.cocci hunk 2015-11-09 20:01:06 +01:00
docs docs: add .gitignore 2015-07-06 17:47:38 +02:00
factory/etc factory: remove broken pam_limits 2014-07-30 15:21:54 +02:00
hwdb hwdb: update 2015-11-14 09:54:17 +01:00
m4 build-sys: Check behavior of -Werror=shadow before deciding to use it 2015-09-22 09:54:33 -07:00
man tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
network networkd: emit DNS/NTP/Timezone info via DHCP server by default 2015-08-27 16:47:26 +02:00
po Merge pull request #1983 from dmedri/master 2015-11-22 22:34:37 +01:00
rules rfkill: rework and make it listen on /dev/rfkill 2015-10-01 16:21:09 +02:00
shell-completion bash-completion: list valid signal names 2015-11-24 16:05:42 +00:00
src resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled 2015-12-10 11:35:52 +01:00
sysctl.d sysctl: use %P instead of %p in core pattern 2015-11-17 17:32:49 +01:00
system-preset preset: enable machines.target by default 2014-12-29 17:36:57 +01:00
sysusers.d turn kdbus support into a runtime option 2015-06-17 18:01:49 +02:00
test Merge pull request #2056 from evverx/expose-soft-limits-on-the-bus 2015-12-10 11:20:03 +01:00
tmpfiles.d tmpfiles: set acls on system.journal explicitly 2015-11-29 23:38:09 -05:00
tools man: include the target name when linking to man pages in html output 2015-11-22 23:54:29 -05:00
units Set user@.service TasksMax=infinity 2015-11-22 23:05:23 +01:00
xorg login: support user-bus on dbus1 2015-08-31 18:12:37 +02:00
.dir-locals.el Keep emacs configuration in one configuration file. 2011-03-08 01:53:46 +01:00
.editorconfig add editorconfig configuration 2015-11-23 12:32:59 +01:00
.gitattributes git: indicate that tabs are never OK in the systemd tree 2013-10-30 02:25:38 +01:00
.gitignore Merge pull request #2115 from dvdhrm/rbtree 2015-12-08 17:31:09 +01:00
.mailmap NEWS: add more stuff, and reorder things a bit 2015-11-13 13:59:50 +01:00
.travis.yml remove gudev and gtk-doc 2015-06-03 00:22:53 +02:00
.vimrc vimrc: add warning about dangerous exrc mode 2015-11-23 19:31:00 +01:00
.ycm_extra_conf.py ycm: update flag blacklist 2014-06-04 15:41:10 -04:00
CODING_STYLE CODING_STYLE: elaborate on usage of C99 fixed size integer types 2015-11-10 17:31:30 +01:00
DISTRO_PORTING build-sys: warn if people don't change the default NTP servers when building systemd 2015-07-11 14:24:29 -03:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile-man.am tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
Makefile.am Merge pull request #2056 from evverx/expose-soft-limits-on-the-bus 2015-12-10 11:20:03 +01:00
NEWS NEWS: add in missing NEWS entry for 228 feature RemainAfterElapse= 2015-11-18 17:04:04 +01:00
README core: drop check for /etc/mtab 2015-11-02 10:05:20 -06:00
README.md README.md: add Coverity scan status badge 2015-06-08 13:26:54 +02:00
TODO update TODO 2015-11-27 00:46:51 +01:00
autogen.sh terminal: drop unfinished code 2015-07-27 20:15:34 +02:00
configure.ac build-sys: libgcrypt error messages make no sense without libgpg-error 2015-12-10 11:28:02 +01:00

README.md

systemd - System and Service Manager

Build Status
Coverity Scan Status

Details

  • General information about systemd can be found in the systemd Wiki
  • Information about build requirements are provided in the README file