/[pkgs]/rpms/openssh/devel/openssh-5.2p1-edns.patch
ViewVC logotype

Contents of /rpms/openssh/devel/openssh-5.2p1-edns.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (show annotations) (download) (as text)
Thu Jul 30 08:29:00 2009 UTC (3 months, 3 weeks ago) by jfch2222
Branch: MAIN
CVS Tags: openssh-5_2p1-28_fc12, F-12-split, openssh-5_2p1-24_fc12, openssh-5_2p1-27_fc12, openssh-5_2p1-20_fc12, openssh-5_2p1-26_fc12, openssh-5_2p1-23_fc12, openssh-5_2p1-22_fc12, openssh-5_3p1-2_fc13, openssh-5_3p1-8_fc13, openssh-5_2p1-21_fc12, openssh-5_3p1-10_fc13, openssh-5_2p1-25_fc12, openssh-5_3p1-9_fc13, openssh-5_2p1-19_fc12, openssh-5_3p1-7_fc13, openssh-5_3p1-1_fc13, openssh-5_3p1-3_fc13, openssh-5_2p1-18_fc12, openssh-5_2p1-17_fc12, openssh-5_3p1-4_fc13, openssh-5_3p1-5_fc13, openssh-5_3p1-6_fc13, openssh-5_2p1-29_fc13, HEAD
File MIME type: text/x-patch 
Added dnssec support.
1 diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
2 --- openssh-5.2p1/dns.c.rh205842 2009-07-27 16:25:28.000000000 +0200
3 +++ openssh-5.2p1/dns.c 2009-07-27 16:40:59.000000000 +0200
4 @@ -176,6 +176,7 @@ verify_host_key_dns(const char *hostname
5 {
6 u_int counter;
7 int result;
8 + unsigned int rrset_flags = 0;
9 struct rrsetinfo *fingerprints = NULL;
10
11 u_int8_t hostkey_algorithm;
12 @@ -199,8 +200,19 @@ verify_host_key_dns(const char *hostname
13 return -1;
14 }
15
16 + /*
17 + * Original getrrsetbyname function, found on OpenBSD for example,
18 + * doesn't accept any flag and prerequisite for obtaining AD bit in
19 + * DNS response is set by "options edns0" in resolv.conf.
20 + *
21 + * Our version is more clever and use RRSET_FORCE_EDNS0 flag.
22 + */
23 +#ifndef HAVE_GETRRSETBYNAME
24 + rrset_flags |= RRSET_FORCE_EDNS0;
25 +#endif
26 result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
27 - DNS_RDATATYPE_SSHFP, 0, &fingerprints);
28 + DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints);
29 +
30 if (result) {
31 verbose("DNS lookup error: %s", dns_result_totext(result));
32 return -1;
33 diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.c
34 --- openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 2009-07-27 16:22:23.000000000 +0200
35 +++ openssh-5.2p1/openbsd-compat/getrrsetbyname.c 2009-07-27 16:41:55.000000000 +0200
36 @@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, uns
37 goto fail;
38 }
39
40 - /* don't allow flags yet, unimplemented */
41 - if (flags) {
42 + /* Allow RRSET_FORCE_EDNS0 flag only. */
43 + if ((flags & !RRSET_FORCE_EDNS0) != 0) {
44 result = ERRSET_INVAL;
45 goto fail;
46 }
47 @@ -226,9 +226,9 @@ getrrsetbyname(const char *hostname, uns
48 #endif /* DEBUG */
49
50 #ifdef RES_USE_DNSSEC
51 - /* turn on DNSSEC if EDNS0 is configured */
52 - if (_resp->options & RES_USE_EDNS0)
53 - _resp->options |= RES_USE_DNSSEC;
54 + /* turn on DNSSEC if required */
55 + if (flags & RRSET_FORCE_EDNS0)
56 + _resp->options |= (RES_USE_EDNS0|RES_USE_DNSSEC);
57 #endif /* RES_USE_DNSEC */
58
59 /* make query */
60 diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.h
61 --- openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842 2009-07-27 16:35:02.000000000 +0200
62 +++ openssh-5.2p1/openbsd-compat/getrrsetbyname.h 2009-07-27 16:36:09.000000000 +0200
63 @@ -72,6 +72,9 @@
64 #ifndef RRSET_VALIDATED
65 # define RRSET_VALIDATED 1
66 #endif
67 +#ifndef RRSET_FORCE_EDNS0
68 +# define RRSET_FORCE_EDNS0 0x0001
69 +#endif
70
71 /*
72 * Return codes for getrrsetbyname()
admin@fedoraproject.org
 ViewVC Help
Powered by ViewVC 1.1.2