diff --git a/CHANGES b/CHANGES index 48777ce..ea0ca73 100644 --- a/CHANGES +++ b/CHANGES @@ -74,6 +74,9 @@ Porting: to make them better portable to systems without /bin/bash Thanks to Maya Rashish for sending a patch + RES_AAONLY, RES_PRIMARY are deprecated. You can still enable them with + configure option --enable-res-deprecated. + Testing: test.sh: Show a warning when phase-1 (insecure phase) of a security test fails diff --git a/config.h.in b/config.h.in index 6b22502..64f8f83 100644 --- a/config.h.in +++ b/config.h.in @@ -630,6 +630,7 @@ #undef WITH_EXT2 #undef WITH_OPENSSL #undef WITH_OPENSSL_METHOD +#undef WITH_RES_DEPRECATED /* AAONLY,PRIMARY */ #define WITH_STREAMS 1 #undef WITH_FIPS #undef OPENSSL_FIPS diff --git a/configure.in b/configure.in index df8079a..fe37090 100644 --- a/configure.in +++ b/configure.in @@ -578,6 +578,14 @@ AC_ARG_ENABLE(openssl-method, [ --enable-openssl-method enable OpenSSL me [AC_MSG_RESULT(no)]) fi +AC_MSG_CHECKING(whether to include deprecated resolver option) +AC_ARG_ENABLE(res-deprecated, [ --enable-res-deprecated enable deprecated resolver options], + [case "$enableval" in + no) AC_MSG_RESULT(no);; + *) AC_DEFINE(WITH_RES_DEPRECATED) WITH_RES_DEPRECATED=1; AC_MSG_RESULT(yes);; + esac], + [AC_MSG_RESULT(no)]) + # check for fips support AC_MSG_CHECKING(whether to include openssl fips support) AC_ARG_ENABLE(fips, [ --enable-fips enable OpenSSL FIPS support], diff --git a/xio-ip.c b/xio-ip.c index 14d6284..a2252b2 100644 --- a/xio-ip.c +++ b/xio-ip.c @@ -74,11 +74,19 @@ const struct optdesc opt_ip_recvdstaddr = { "ip-recvdstaddr", "recvdstaddr",OPT_ const struct optdesc opt_ip_recvif = { "ip-recvif", "recvdstaddrif",OPT_IP_RECVIF, GROUP_SOCK_IP, PH_PASTSOCKET, TYPE_INT, OFUNC_SOCKOPT, SOL_IP, IP_RECVIF }; #endif +#if WITH_RES_DEPRECATED +# define WITH_RES_AAONLY 1 +# define WITH_RES_PRIMARY 1 +#endif /* WITH_RES_DEPRECATED */ #if HAVE_RESOLV_H const struct optdesc opt_res_debug = { "res-debug", NULL, OPT_RES_DEBUG, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_DEBUG }; +#if WITH_RES_AAONLY const struct optdesc opt_res_aaonly = { "res-aaonly", "aaonly", OPT_RES_AAONLY, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_AAONLY }; +#endif const struct optdesc opt_res_usevc = { "res-usevc", "usevc", OPT_RES_USEVC, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_USEVC }; +#if WITH_RES_PRIMARY const struct optdesc opt_res_primary = { "res-primary", "primary", OPT_RES_PRIMARY, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_PRIMARY }; +#endif const struct optdesc opt_res_igntc = { "res-igntc", "igntc", OPT_RES_IGNTC, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_IGNTC }; const struct optdesc opt_res_recurse = { "res-recurse", "recurse", OPT_RES_RECURSE, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_RECURSE }; const struct optdesc opt_res_defnames = { "res-defnames", "defnames", OPT_RES_DEFNAMES, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_DEFNAMES }; diff --git a/xioopts.c b/xioopts.c index 47ba047..56b46c4 100644 --- a/xioopts.c +++ b/xioopts.c @@ -144,9 +144,9 @@ static int applyopt_offset(struct single *xfd, struct opt *opt); binary search! */ /* NULL terminated */ const struct optname optionnames[] = { -#if HAVE_RESOLV_H +#if HAVE_RESOLV_H && WITH_RES_AAONLY IF_IP ("aaonly", &opt_res_aaonly) -#endif /* HAVE_RESOLV_H */ +#endif #ifdef TCP_ABORT_THRESHOLD /* HP_UX */ IF_TCP ("abort-threshold", &opt_tcp_abort_threshold) #endif @@ -1156,9 +1156,9 @@ const struct optname optionnames[] = { #endif /*IF_IPAPP("port", &opt_port)*/ IF_TUN ("portsel", &opt_iff_portsel) -#if HAVE_RESOLV_H +#if HAVE_RESOLV_H && WITH_RES_PRIMARY IF_IP ("primary", &opt_res_primary) -#endif /* HAVE_RESOLV_H */ +#endif #ifdef SO_PRIORITY IF_SOCKET ("priority", &opt_so_priority) #endif @@ -1253,12 +1253,16 @@ const struct optname optionnames[] = { IF_TERMIOS("reprint", &opt_vreprint) #endif #if HAVE_RESOLV_H +# if WITH_AA_ONLY IF_IP ("res-aaonly", &opt_res_aaonly) +# endif IF_IP ("res-debug", &opt_res_debug) IF_IP ("res-defnames", &opt_res_defnames) IF_IP ("res-dnsrch", &opt_res_dnsrch) IF_IP ("res-igntc", &opt_res_igntc) +# if WITH_RES_PRIMARY IF_IP ("res-primary", &opt_res_primary) +# endif IF_IP ("res-recurse", &opt_res_recurse) IF_IP ("res-stayopen", &opt_res_stayopen) IF_IP ("res-usevc", &opt_res_usevc)