Ticket #49007: add-ldns-trusted-anchor.patch

File add-ldns-trusted-anchor.patch, 3.9 KB (added by scott-macports@…, 8 years ago)

Updated patch to candidate for upstream

  • Portfile 

    diff --git a/Portfile b/Portfile
index cbfa397..253999b 100644
    a b PortSystem 1.0 
    55
    66name                openssh
    77version             7.1p1
    8 revision            0
     8revision            1
    99categories          net
    1010platforms           darwin
    1111maintainers         nomaintainer
    patch.args -p1 
    4848patchfiles          launchd.patch \
    4949                    pam.patch \
    5050                    patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
    51                     patch-sshd.c-apple-sandbox-named-external.diff
    52 
     51                    patch-sshd.c-apple-sandbox-named-external.diff \
     52                    patch-add-ldns-anchor.diff
    5353# We need a couple of patches
    5454# - pam.patch
    5555#   getpwnam(3) on OS X always returns "*********" in the pw_passwd field even

  • new file files/patch-add-ldns-anchor.diff 

    diff --git a/files/patch-add-ldns-anchor.diff b/files/patch-add-ldns-anchor.diff
new file mode 100644
index 0000000..932a49d
    - +  
     1diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
     2index 3c5e3b7..737a16f 100644
     3--- a/openbsd-compat/Makefile.in
     4+++ b/openbsd-compat/Makefile.in
     5@@ -5,11 +5,13 @@ piddir=@piddir@
     6 srcdir=@srcdir@
     7 top_srcdir=@top_srcdir@
     8 
     9+PATHS= -DSSHDIR=\"$(sysconfdir)\"
     10+
     11 VPATH=@srcdir@
     12 CC=@CC@
     13 LD=@LD@
     14 CFLAGS=@CFLAGS@
     15-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
     16+CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ $(PATHS) @DEFS@
     17 LIBS=@LIBS@
     18 AR=@AR@
     19 RANLIB=@RANLIB@
     20diff --git a/openbsd-compat/getrrsetbyname-ldns.c b/openbsd-compat/getrrsetbyname-ldns.c
     21index 4647b62..a388cbb 100644
     22--- a/openbsd-compat/getrrsetbyname-ldns.c
     23+++ b/openbsd-compat/getrrsetbyname-ldns.c
     24@@ -49,6 +49,7 @@
     25 
     26 #include <stdlib.h>
     27 #include <string.h>
     28+#include <sys/stat.h>
     29 
     30 #include <ldns/ldns.h>
     31 
     32@@ -59,6 +60,50 @@
     33 #define malloc(x)      (xmalloc(x))
     34 #define calloc(x, y)   (xcalloc((x),(y)))
     35 
     36+#ifdef __APPLE__
     37+
     38+#include "pathnames.h"
     39+
     40+/**
     41+ * Adding trust anchor directly is only necessary on OSX as
     42+ * configd will overwrite /etc/resolv.conf when the network
     43+ * configuration changes (eg new DNS from DHCP), so the ldns
     44+ * "anchor" keyword for the trusted-key in that file is lost.
     45+ */
     46+static void _add_ldns_trust_key(ldns_resolver *ldns_res,
     47+                               const char *filename)
     48+{
     49+       ldns_rr *new_rr;
     50+       struct stat sbuf;
     51+
     52+       /* check if file exists (avoid error in ldns_read_anchor_file) */
     53+       debug2("ldns: attempt to load trust anchor from file %s", filename);
     54+       if(stat(filename, &sbuf) != 0) {
     55+               debug2("ldns: file not found");
     56+               return;
     57+       }
     58+
     59+       /* read the RR from the file */
     60+       if((new_rr = ldns_read_anchor_file(filename))) {
     61+               /* check if RR already in resolver's anchors */
     62+               ldns_rr_list *cur_anchors =
     63+                       ldns_resolver_dnssec_anchors(ldns_res);
     64+               if(ldns_rr_list_contains_rr(cur_anchors, new_rr)) {
     65+                       debug2("ldns: anchor already in trust chain");
     66+               }
     67+               else {
     68+                       if(ldns_resolver_push_dnssec_anchor(ldns_res, new_rr)
     69+                          == LDNS_STATUS_OK)
     70+                               debug2("ldns: new anchor added to trust chain");
     71+                       else
     72+                               debug2("ldns: failed to add anchor to trust chain (invalid type?)");
     73+               }
     74+       }
     75+       ldns_rr_free(new_rr);
     76+}
     77+
     78+#endif
     79+
     80 int
     81 getrrsetbyname(const char *hostname, unsigned int rdclass,
     82               unsigned int rdtype, unsigned int flags,
     83@@ -152,6 +197,13 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
     84        } else { /* AD is not set, try autonomous validation */
     85                ldns_rr_list * trusted_keys = ldns_rr_list_new();
     86 
     87+#ifdef __APPLE__
     88+               /* look for the trusted-key.key in both global and
     89+                  ssh-specific locations */
     90+               _add_ldns_trust_key(ldns_res, ETCDIR "/trusted-key.key");
     91+               _add_ldns_trust_key(ldns_res, SSHDIR "/trusted-key.key");
     92+#endif
     93+
     94                debug2("ldns: trying to validate RRset");
     95                /* Get eventual sigs */
     96                rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,