aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libstrongswan/plugins/unbound/Makefile.am3
-rw-r--r--src/libstrongswan/plugins/unbound/unbound_resolver.c44
-rw-r--r--src/libstrongswan/plugins/unbound/unbound_resolver.h2
-rw-r--r--src/libstrongswan/plugins/unbound/unbound_response.c18
-rw-r--r--src/libstrongswan/resolver/resolver.h11
-rw-r--r--src/libstrongswan/resolver/resolver_manager.c15
6 files changed, 41 insertions, 52 deletions
diff --git a/src/libstrongswan/plugins/unbound/Makefile.am b/src/libstrongswan/plugins/unbound/Makefile.am
index 9ee51d91e..efb313407 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.am
+++ b/src/libstrongswan/plugins/unbound/Makefile.am
@@ -1,7 +1,8 @@
INCLUDES = -I$(top_srcdir)/src/libstrongswan
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"
+
if MONOLITHIC
noinst_LTLIBRARIES = libstrongswan-unbound.la
diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.c b/src/libstrongswan/plugins/unbound/unbound_resolver.c
index 8c6a7d141..44a2c764b 100644
--- a/src/libstrongswan/plugins/unbound/unbound_resolver.c
+++ b/src/libstrongswan/plugins/unbound/unbound_resolver.c
@@ -24,6 +24,10 @@
#include "unbound_resolver.h"
#include "unbound_response.h"
+/* DNS resolver configuration and DNSSEC trust anchors */
+#define RESOLV_CONF_FILE "/etc/resolv.conf"
+#define TRUST_ANCHOR_FILE IPSEC_CONFDIR "/ipsec.d/dnssec.keys"
+
typedef struct private_resolver_t private_resolver_t;
/**
@@ -64,11 +68,12 @@ METHOD(resolver_t, query, resolver_response_t*,
response = unbound_response_create_frm_libub_response(result);
if (!response)
{
- DBG1(DBG_LIB, "unbound_resolver: Could not create response.");
+ DBG1(DBG_LIB, "unbound resolver failed to create response");
ub_resolve_free(result);
return NULL;
}
ub_resolve_free(result);
+
return (resolver_response_t*)response;
}
@@ -85,10 +90,20 @@ METHOD(resolver_t, destroy, void,
/*
* Described in header.
*/
-resolver_t *unbound_resolver_create(char *resolv_conf, char *ta_file)
+resolver_t *unbound_resolver_create(void)
{
private_resolver_t *this;
int ub_retval = 0;
+ char *resolv_conf_file;
+ char *trust_anchor_file;
+
+ resolv_conf_file = lib->settings->get_str(lib->settings,
+ "libstrongswan.plugins.unbound.resolv_conf",
+ RESOLV_CONF_FILE);
+
+ trust_anchor_file = lib->settings->get_str(lib->settings,
+ "libstrongswan.plugins.unbound.trust_anchors",
+ TRUST_ANCHOR_FILE);
INIT(this,
.public = {
@@ -97,35 +112,32 @@ resolver_t *unbound_resolver_create(char *resolv_conf, char *ta_file)
},
);
- DBG1(DBG_LIB, "creating an unbound_resolver instance");
-
this->ctx = ub_ctx_create();
if (!this->ctx)
{
- DBG1(DBG_LIB, "failed to create an unbound resolver context");
- _destroy(this);
+ DBG1(DBG_LIB, "failed to create unbound resolver context");
+ destroy(this);
return NULL;
}
- ub_retval = ub_ctx_resolvconf(this->ctx, resolv_conf);
+ DBG1(DBG_CFG, "loading unbound resolver config from '%s'", resolv_conf_file);
+ ub_retval = ub_ctx_resolvconf(this->ctx, resolv_conf_file);
if (ub_retval)
{
- DBG1(DBG_LIB, "failed to read the resolver configuration file. "
- "Unbound error: %s. errno says: %s", ub_strerror(ub_retval),
- strerror(errno));
- _destroy(this);
+ DBG1(DBG_CFG, "failed to read the resolver config: %s (%s)",
+ ub_strerror(ub_retval), strerror(errno));
+ destroy(this);
return NULL;
}
- ub_retval = ub_ctx_add_ta_file(this->ctx, ta_file);
+ DBG1(DBG_CFG, "loading unbound trust anchors from '%s'", trust_anchor_file);
+ ub_retval = ub_ctx_add_ta_file(this->ctx, trust_anchor_file);
if (ub_retval)
{
- DBG1(DBG_LIB, "failed to load trusted anchors from file %s. "
- "Unbound error: %s. errno says: %s",
- ta_file, ub_strerror(ub_retval), strerror(errno));
+ DBG1(DBG_CFG, "failed to load trust anchors: %s (%s)",
+ ub_strerror(ub_retval), strerror(errno));
}
- DBG1(DBG_LIB, "unbound resolver instance created");
return &this->public;
}
diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.h b/src/libstrongswan/plugins/unbound/unbound_resolver.h
index 17ac6010d..818a717b8 100644
--- a/src/libstrongswan/plugins/unbound/unbound_resolver.h
+++ b/src/libstrongswan/plugins/unbound/unbound_resolver.h
@@ -24,6 +24,6 @@
/**
* Create a resolver_t instance.
*/
-resolver_t *unbound_resolver_create(char *resolv_conf, char *ta_file);
+resolver_t *unbound_resolver_create(void);
#endif /** LIBunbound_RESOLVER_H_ @}*/
diff --git a/src/libstrongswan/plugins/unbound/unbound_response.c b/src/libstrongswan/plugins/unbound/unbound_response.c
index 63592618c..6f6c25e89 100644
--- a/src/libstrongswan/plugins/unbound/unbound_response.c
+++ b/src/libstrongswan/plugins/unbound/unbound_response.c
@@ -179,9 +179,8 @@ unbound_response_t *unbound_response_create_frm_libub_response(
if (status != LDNS_STATUS_OK)
{
- DBG1(DBG_LIB, "failed to create an unbound_response. "
- "Parsing of DNS packet failed.");
- _destroy(this);
+ DBG1(DBG_LIB, "failed to parse DNS packet");
+ destroy(this);
return NULL;
}
@@ -210,7 +209,7 @@ unbound_response_t *unbound_response_create_frm_libub_response(
}
else
{
- DBG1(DBG_LIB, "unbound_response: RR creation failed.");
+ DBG1(DBG_LIB, "failed to create RR");
}
}
@@ -219,8 +218,7 @@ unbound_response_t *unbound_response_create_frm_libub_response(
orig_rdf = ldns_rr_rrsig_typecovered(orig_rr);
if (!orig_rdf)
{
- DBG1(DBG_LIB, "failed to get the type which is covered by "
- "a RRSIG");
+ DBG1(DBG_LIB, "failed to get the type covered by an RRSIG");
}
else if (ldns_rdf2native_int16(orig_rdf) == libub_response->qtype)
{
@@ -239,15 +237,13 @@ unbound_response_t *unbound_response_create_frm_libub_response(
}
else
{
- DBG1(DBG_LIB, "unbound_response: RRSIG creation "
- "failed.");
+ DBG1(DBG_LIB, "failed to create RRSIG");
}
}
else
{
- DBG1(DBG_LIB, "Warning: Could not determine the type of "
- "Resource Records which is covered "
- "by a RRSIG RR");
+ DBG1(DBG_LIB, "failed to determine the RR type "
+ "covered by RRSIG RR");
}
}
}
diff --git a/src/libstrongswan/resolver/resolver.h b/src/libstrongswan/resolver/resolver.h
index 5cc81bbaf..5be52b8b1 100644
--- a/src/libstrongswan/resolver/resolver.h
+++ b/src/libstrongswan/resolver/resolver.h
@@ -24,16 +24,9 @@
typedef struct resolver_t resolver_t;
/**
- * Constructor function which creates resolver instances.
- *
- * Creates a new DNS resolver with settings from the file resolv_conf and
- * keys from the file ta_file as DNSSEC trust anchor.
- *
- * @param resolv_conf path to the file resolv.conf
- * @param ta_file path to a file with the DNSSEC trust anchors
- * @return resolver instance
+ * Constructor function which creates DNS resolver instances.
*/
-typedef resolver_t* (*resolver_constructor_t)(char *resolv_conf, char *ta_file);
+typedef resolver_t* (*resolver_constructor_t)(void);
#include <resolver/resolver_response.h>
#include <resolver/rr_set.h>
diff --git a/src/libstrongswan/resolver/resolver_manager.c b/src/libstrongswan/resolver/resolver_manager.c
index 6486909f6..8effe469a 100644
--- a/src/libstrongswan/resolver/resolver_manager.c
+++ b/src/libstrongswan/resolver/resolver_manager.c
@@ -56,20 +56,7 @@ METHOD(resolver_manager_t, remove_resolver, void,
METHOD(resolver_manager_t, create, resolver_t*,
private_resolver_manager_t *this)
{
- char *resolv_conf;
- char *trust_anchor_file;
-
- resolv_conf = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.resolver."
- "resolv_conf",
- "/etc/resolv.conf");
-
- trust_anchor_file = lib->settings->get_str(lib->settings,
- "libstrongswan.plugins.resolver."
- "trust_anchor",
- "/etc/trust.anchors");
-
- return this->constructor(resolv_conf, trust_anchor_file);
+ return this->constructor();
}
METHOD(resolver_manager_t, destroy, void,
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 22:23:08 +0000