Fixed messages when AXFR/OUT is unauthorized (reports).

4f8c21c6 · Marek Vavrusa · f187949c · 4f8c21c6 · 4f8c21c6
Commit 4f8c21c6 authored 13 years ago by Marek Vavrusa
--- a/src/knot/server/xfr-handler.c
+++ b/src/knot/server/xfr-handler.c
@@ -577,16 +577,18 @@ int xfr_master(dthread_t *thread)
 			if (ret != KNOTD_EOK) {
 				knot_ns_xfr_send_error(&xfr, rcode);
 				socket_close(xfr.session);
-			}			
+			} else {			

-			ret = knot_ns_answer_axfr(xfrh->ns, &xfr);
-			free(xfr.query->wireformat);
-			knot_packet_free(&xfr.query); /* Free query. */
-			debug_xfr("xfr_master: ns_answer_axfr() = %d.\n", ret);
-			if (ret != KNOTD_EOK) {
-				socket_close(xfr.session);
+				ret = knot_ns_answer_axfr(xfrh->ns, &xfr);
+				debug_xfr("xfr_master: ns_answer_axfr() = %d.\n", ret);
+				if (ret != KNOTD_EOK) {
+					socket_close(xfr.session);
+				}
 			}
 			
+			free(xfr.query->wireformat);
+			xfr.query->wireformat = 0;
+			knot_packet_free(&xfr.query); /* Free query. */
 			rcu_read_unlock();
 			break;
 		case XFR_TYPE_IOUT:
@@ -635,7 +637,7 @@ int xfr_master(dthread_t *thread)
 		}

 		/* Report. */
-		if (ret != KNOTD_EOK) {
+		if (ret != KNOTD_EOK && ret != KNOTD_EACCES) {
 			log_server_error("%s request failed: %s\n",
 					 req_type, knotd_strerror(ret));
 		}

--- a/src/knot/server/zones.c
+++ b/src/knot/server/zones.c
@@ -1302,10 +1302,16 @@ int zones_zonefile_sync(knot_zone_t *zone)

 int zones_xfr_check_zone(knot_ns_xfr_t *xfr, knot_rcode_t *rcode)
 {
-	if (xfr == NULL || xfr->zone == NULL || rcode == NULL) {
+	if (xfr == NULL || rcode == NULL) {
 		*rcode = KNOT_RCODE_SERVFAIL;
 		return KNOTD_EINVAL;
 	}
+
+	/* Check if the zone is found. */
+	if (xfr->zone == NULL) {
+		*rcode = KNOT_RCODE_REFUSED;
+		return KNOTD_EACCES;
+	}
 	
 	/* Check zone data. */
 	zonedata_t *zd = (zonedata_t *)xfr->zone->data;
@@ -1317,9 +1323,9 @@ int zones_xfr_check_zone(knot_ns_xfr_t *xfr, knot_rcode_t *rcode)

 	// Check xfr-out ACL
 	if (acl_match(zd->xfr_out, &xfr->addr) == ACL_DENY) {
-		debug_zones("Request for AXFR OUT is not authorized.\n");
+		log_answer_warning("Unauthorized request for AXFR/OUT.\n");
 		*rcode = KNOT_RCODE_REFUSED;
-		return KNOTD_ERROR;
+		return KNOTD_EACCES;
 	} else {
 		debug_zones("Authorized AXFR OUT request.\n");
 	}