picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Ninjatrappeur's systemd working tree
23,906 Commits 2 Branches 0 Tags 166 MiB
C 87.3%
Python 6.2%
Shell 2%
C++ 1.4%
Meson 1.2%
Other 1.8%
Go to file
Lennart Poettering 56352fe92d resolved: refactor DNSSEC answer validation 
This changes answer validation to be more accepting to unordered RRs in
responses. The agorithm we now implement goes something like this:

  1. populate validated keys list for this transaction from DS RRs
  2. as long as the following changes the unvalidated answer list:
    2a. try to validate the first RRset we find in unvalidated answer
        list
    2b. if that worked: add to validated answer; if DNSKEY also add to
        validated keys list; remove from unvalidated answer.
    2c. continue at 2a, with the next RRset, or restart from the
        beginning when we hit the end
  3. as long as the following changes the unvalidated answer list:
    3a. try to validate the first RRset again. This will necessarily
        fail, but we learn the precise error
    3b. If this was a "primary" response to the question, fail the
        entire transaction. "Primary" in this context means that it is
        directly a response to the query, or a CNAME/DNAME for it.
    3c. Otherwise, remove the RRset from the unvalidated answer list.

Note that we the too loops in 2 + 3 are actually coded as a single one,
but the dnskeys_finalized bool indicates which loop we are currently
processing.

Note that loop 2 does not drop any invalidated RRsets yet, that's
something only loop 3 does. This is because loop 2 might still encounter
additional DNSKEYS which might validate more stuff, and if we'd already
have dropped those RRsets we couldn't validate those anymore. The first
loop is hence a "constructive" loop, the second loop a "destructive"
one: the first one validates whatever is possible, the second one then
deletes whatever still isn't.
 		2015-12-11 14:15:27 +01:00
catalog catalog: move danish catalog into the right place, and drop DOS line breaks 2015-11-13 13:52:00 +01:00
coccinelle coccinelle: additional errno.cocci hunk 2015-11-09 20:01:06 +01:00
docs docs: add .gitignore 2015-07-06 17:47:38 +02:00
factory/etc factory: remove broken pam_limits 2014-07-30 15:21:54 +02:00
hwdb hwdb: update 2015-11-14 09:54:17 +01:00
m4 build-sys: Check behavior of -Werror=shadow before deciding to use it 2015-09-22 09:54:33 -07:00
man importd: drop dkr support 2015-12-10 16:54:41 +01:00
network networkd: emit DNS/NTP/Timezone info via DHCP server by default 2015-08-27 16:47:26 +02:00
po Merge pull request #1983 from dmedri/master 2015-11-22 22:34:37 +01:00
rules rfkill: rework and make it listen on /dev/rfkill 2015-10-01 16:21:09 +02:00
shell-completion importd: drop dkr support 2015-12-10 16:54:41 +01:00
src resolved: refactor DNSSEC answer validation 2015-12-11 14:15:27 +01:00
sysctl.d sysctl: use %P instead of %p in core pattern 2015-11-17 17:32:49 +01:00
system-preset preset: enable machines.target by default 2014-12-29 17:36:57 +01:00
sysusers.d build: fix systemd-journal-upload installation 2015-12-09 03:48:56 +00:00
test Merge pull request #2056 from evverx/expose-soft-limits-on-the-bus 2015-12-10 11:20:03 +01:00
tmpfiles.d tmpfiles: set acls on system.journal explicitly 2015-11-29 23:38:09 -05:00
tools man: include the target name when linking to man pages in html output 2015-11-22 23:54:29 -05:00
units Set user@.service TasksMax=infinity 2015-11-22 23:05:23 +01:00
xorg login: support user-bus on dbus1 2015-08-31 18:12:37 +02:00
.dir-locals.el Keep emacs configuration in one configuration file. 2011-03-08 01:53:46 +01:00
.editorconfig add editorconfig configuration 2015-11-23 12:32:59 +01:00
.gitattributes git: indicate that tabs are never OK in the systemd tree 2013-10-30 02:25:38 +01:00
.gitignore Merge pull request #2115 from dvdhrm/rbtree 2015-12-08 17:31:09 +01:00
.mailmap NEWS: add more stuff, and reorder things a bit 2015-11-13 13:59:50 +01:00
.travis.yml remove gudev and gtk-doc 2015-06-03 00:22:53 +02:00
.vimrc vimrc: add warning about dangerous exrc mode 2015-11-23 19:31:00 +01:00
.ycm_extra_conf.py ycm: update flag blacklist 2014-06-04 15:41:10 -04:00
CODING_STYLE CODING_STYLE: elaborate on usage of C99 fixed size integer types 2015-11-10 17:31:30 +01:00
DISTRO_PORTING build-sys: warn if people don't change the default NTP servers when building systemd 2015-07-11 14:24:29 -03:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile-man.am tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
Makefile.am importd: drop dkr support 2015-12-10 16:54:41 +01:00
NEWS NEWS: add in missing NEWS entry for 228 feature RemainAfterElapse= 2015-11-18 17:04:04 +01:00
README README: Recommend kinvolk regarding engineering services 2015-12-10 11:57:08 +01:00
README.md README.md: add Coverity scan status badge 2015-06-08 13:26:54 +02:00
TODO Merge pull request #2096 from teg/resolved-cache 2015-12-10 20:48:42 +01:00
autogen.sh terminal: drop unfinished code 2015-07-27 20:15:34 +02:00
configure.ac importd: drop dkr support 2015-12-10 16:54:41 +01:00

README.md

systemd - System and Service Manager

Build Status
Coverity Scan Status

Details

  • General information about systemd can be found in the systemd Wiki
  • Information about build requirements are provided in the README file