diff options
author | nectar <nectar@FreeBSD.org> | 2002-05-13 19:31:58 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2002-05-13 19:31:58 +0000 |
commit | d8cffe661c28e3bb884e152ac50e534f88ae46fd (patch) | |
tree | 8122194080cd713ef54baa64fce62ade7a63be7e /contrib/bind/bin/named | |
parent | 825bd47b27b5e67e7c938d70c4dde11e68fde1a5 (diff) | |
parent | e044c1fb924b46fc1bd38b298ebea9ff73ea93a8 (diff) | |
download | FreeBSD-src-d8cffe661c28e3bb884e152ac50e534f88ae46fd.zip FreeBSD-src-d8cffe661c28e3bb884e152ac50e534f88ae46fd.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r96536,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'contrib/bind/bin/named')
-rw-r--r-- | contrib/bind/bin/named/named.conf | 4 | ||||
-rw-r--r-- | contrib/bind/bin/named/named.h | 3 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_config.c | 17 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_defs.h | 20 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_forw.c | 20 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_func.h | 5 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_lexer.c | 8 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_main.c | 77 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_maint.c | 28 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_notify.c | 61 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_parser.y | 23 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_req.c | 95 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_resp.c | 19 | ||||
-rw-r--r-- | contrib/bind/bin/named/ns_xfr.c | 15 |
14 files changed, 257 insertions, 138 deletions
diff --git a/contrib/bind/bin/named/named.conf b/contrib/bind/bin/named/named.conf index 08ef27d..d0d2996 100644 --- a/contrib/bind/bin/named/named.conf +++ b/contrib/bind/bin/named/named.conf @@ -52,6 +52,8 @@ options { // notify on a zone-by-zone // basis in the "zone" statement // see (below) + // notify explicit; // only sent the notifies to the + // also-notify list serial-queries 4; // number of parallel SOA queries // we can have outstanding for master // zone change testing purposes @@ -193,6 +195,8 @@ zone "master.demo.zone" { // zone? The global option is used // if "notify" is not specified // here. + // notify explicit; // only sent the notifies to the + // also-notify list also-notify { }; // don't notify any nameservers other // than those on the NS list for this // zone diff --git a/contrib/bind/bin/named/named.h b/contrib/bind/bin/named/named.h index 023767c..a9d6088 100644 --- a/contrib/bind/bin/named/named.h +++ b/contrib/bind/bin/named/named.h @@ -16,10 +16,11 @@ */ /* - * $Id: named.h,v 8.31 2002/02/01 00:05:38 marka Exp $ + * $Id: named.h,v 8.32 2002/03/15 00:58:16 vixie Exp $ */ /* Options. Change them at your peril. */ +#undef NXDOMAIN_ON_DENIAL #define DEBUG #define ADDAUTH #define STUBS diff --git a/contrib/bind/bin/named/ns_config.c b/contrib/bind/bin/named/ns_config.c index 2d59a62..1680d91 100644 --- a/contrib/bind/bin/named/ns_config.c +++ b/contrib/bind/bin/named/ns_config.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_config.c,v 8.133 2002/02/01 00:05:39 marka Exp $"; +static const char rcsid[] = "$Id: ns_config.c,v 8.134 2002/04/25 05:27:04 marka Exp $"; #endif /* not lint */ /* @@ -317,7 +317,7 @@ validate_zone(struct zoneinfo *zp) { #ifdef BIND_NOTIFY /* Check notify */ - if (zp->z_notify != znotify_use_default) { + if (zp->z_notify != notify_use_default) { if (zp->z_type != z_master && zp->z_type != z_slave) { ns_error(ns_log_config, "'notify' given for non-master, non-slave zone '%s'", @@ -872,7 +872,7 @@ set_zone_dialup(zone_config zh, int value) { if (value) { zp->z_dialup = zdialup_yes; #ifdef BIND_NOTIFY - zp->z_notify = znotify_yes; + zp->z_notify = notify_yes; #endif } else zp->z_dialup = zdialup_no; @@ -881,17 +881,14 @@ set_zone_dialup(zone_config zh, int value) { } int -set_zone_notify(zone_config zh, int value) { +set_zone_notify(zone_config zh, enum notify value) { #ifdef BIND_NOTIFY struct zoneinfo *zp; zp = zh.opaque; INSIST(zp != NULL); - if (value) - zp->z_notify = znotify_yes; - else - zp->z_notify = znotify_no; + zp->z_notify = value; #endif return (1); } @@ -1150,6 +1147,9 @@ new_options() { op->max_log_size_ixfr = 0; op->minroots = MINROOTS; op->preferred_glue = 0; +#ifdef BIND_NOTIFY + op->notify = notify_yes; +#endif return (op); } @@ -1210,7 +1210,6 @@ set_boolean_option(u_int *op_flags, int bool_opt, int value) { case OPTION_NOFETCHGLUE: case OPTION_FORWARD_ONLY: case OPTION_FAKE_IQUERY: - case OPTION_NONOTIFY: case OPTION_SUPNOTIFY_INITIAL: case OPTION_NONAUTH_NXDOMAIN: case OPTION_MULTIPLE_CNAMES: diff --git a/contrib/bind/bin/named/ns_defs.h b/contrib/bind/bin/named/ns_defs.h index 86a81b6..3474550 100644 --- a/contrib/bind/bin/named/ns_defs.h +++ b/contrib/bind/bin/named/ns_defs.h @@ -1,6 +1,6 @@ /* * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_defs.h,v 8.115 2002/01/29 03:59:35 marka Exp $ + * $Id: ns_defs.h,v 8.118 2002/04/25 05:27:06 marka Exp $ */ /* @@ -170,10 +170,11 @@ typedef enum need { main_need_qrylog, /* toggle_qrylog() needed. */ main_need_debug, /* use_desired_debug() needed. */ main_need_restart, /* exec() needed. */ - main_need_reap, /* need to reap dead children */ - main_need_noexpired, /* ns_reconfig() needed w/ noexpired set */ + main_need_reap, /* need to reap dead children. */ + main_need_noexpired, /* ns_reconfig() needed w/ noexpired set. */ main_need_num, /* number of needs, used for array bound. */ - main_need_tick /* tick every second to poll for cleanup (NT)*/ + main_need_tick, /* tick every second to poll for cleanup (NT) */ + main_need_tryxfer /* attemt to start a zone transfer. */ } main_need; /* What global options are set? */ @@ -182,7 +183,7 @@ typedef enum need { #define OPTION_FORWARD_ONLY 0x00000004 /* Don't use NS RR's, just forward. */ #define OPTION_FAKE_IQUERY 0x00000008 /* Fake up bogus response to IQUERY. */ #ifdef BIND_NOTIFY -#define OPTION_NONOTIFY 0x00000010 /* Turn off notify */ +/* #define OPTION_NONOTIFY 0x00000010 */ /* Turn off notify */ #define OPTION_SUPNOTIFY_INITIAL 0x00000020 /* Supress initial notify */ #endif #define OPTION_NONAUTH_NXDOMAIN 0x00000040 /* Generate non-auth NXDOMAINs? */ @@ -272,7 +273,7 @@ typedef enum need { enum severity { ignore, warn, fail, not_set }; #ifdef BIND_NOTIFY -enum znotify { znotify_use_default=0, znotify_yes, znotify_no }; +enum notify { notify_use_default=0, notify_yes, notify_no, notify_explicit }; #endif enum zdialup { zdialup_use_default=0, zdialup_yes, zdialup_no }; @@ -368,7 +369,7 @@ struct zoneinfo { from us */ long z_max_transfer_time_in; /* max num seconds for AXFR */ #ifdef BIND_NOTIFY - enum znotify z_notify; /* Notify mode */ + enum notify z_notify; /* Notify mode */ struct in_addr *z_also_notify; /* More nameservers to notify */ int z_notify_count; #endif @@ -496,7 +497,7 @@ struct qinfo { u_int16_t q_class; /* class of query */ u_int16_t q_type; /* type of query */ #ifdef BIND_NOTIFY - int q_notifyzone; /* zone which needs another znotify() + int q_notifyzone; /* zone which needs another notify() * when the reply to this comes in. */ #endif @@ -610,6 +611,8 @@ struct qstream { ns_tcp_tsig_state *tsig_state; /* used by ns_sign_tcp */ int tsig_skip; /* skip calling ns_sign_tcp * during the next flush */ + int tsig_size; /* need to reserve this space + * for the tsig. */ struct qs_x_lev { /* decompose the recursion. */ enum {sxl_ns, sxl_all, sxl_sub} state; /* what's this level doing? */ @@ -790,6 +793,7 @@ typedef struct options { u_int lame_ttl; int minroots; u_int16_t preferred_glue; + enum notify notify; } *options; typedef struct key_list_element { diff --git a/contrib/bind/bin/named/ns_forw.c b/contrib/bind/bin/named/ns_forw.c index f62ba20..494a96a 100644 --- a/contrib/bind/bin/named/ns_forw.c +++ b/contrib/bind/bin/named/ns_forw.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_forw.c 4.32 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_forw.c,v 8.89 2002/01/29 03:59:36 marka Exp $"; +static const char rcsid[] = "$Id: ns_forw.c,v 8.90 2002/02/22 05:12:35 marka Exp $"; #endif /* not lint */ /* @@ -467,6 +467,7 @@ nslookup(struct databuf *nsp[], struct qinfo *qp, const char *fname; int oldn, naddr, class, found_arr, potential_ns, lame_ns; time_t curtime; + int found_auth6; ns_debug(ns_log_default, 3, "nslookup(nsp=%p, qp=%p, \"%s\", d=%d)", nsp, qp, syslogdname, qp->q_distance); @@ -503,19 +504,17 @@ nslookup(struct databuf *nsp[], struct qinfo *qp, } } + found_arr = 0; + found_auth6 = 0; tmphtp = ((nsdp->d_flags & DB_F_HINT) ?fcachetab :hashtab); np = nlookup(dname, &tmphtp, &fname, 0); if (np == NULL) { ns_debug(ns_log_default, 3, "%s: not found %s %p", dname, fname, np); - found_arr = 0; goto need_sysquery; } - if (fname != dname) { - found_arr = 0; + if (fname != dname) goto need_sysquery; - } - found_arr = 0; oldn = n; /* look for name server addresses */ @@ -534,6 +533,13 @@ nslookup(struct databuf *nsp[], struct qinfo *qp, } if (dp->d_rcode == NXDOMAIN && dp->d_class == class) goto skipserver; + if (dp->d_class == class && + (dp->d_type == T_AAAA || dp->d_type == ns_t_a6) && + (zones[dp->d_zone].z_type == z_master || + zones[dp->d_zone].z_type == z_slave)) { + found_auth6++; + continue; + } if (dp->d_type != T_A || dp->d_class != class) continue; if (dp->d_rcode) { @@ -683,7 +689,7 @@ nslookup(struct databuf *nsp[], struct qinfo *qp, } ns_debug(ns_log_default, 8, "nslookup: %d ns addrs", n); need_sysquery: - if (found_arr == 0) { + if (found_arr == 0 && found_auth6 == 0) { potential_ns++; if (qp->q_distance < NS_MAX_DISTANCE) (void) sysquery(dname, class, T_A, NULL, NULL, diff --git a/contrib/bind/bin/named/ns_func.h b/contrib/bind/bin/named/ns_func.h index 501aa01..e035d93 100644 --- a/contrib/bind/bin/named/ns_func.h +++ b/contrib/bind/bin/named/ns_func.h @@ -90,7 +90,7 @@ /* ns_func.h - declarations for ns_*.c's externally visible functions * - * $Id: ns_func.h,v 8.115 2002/01/29 03:59:38 marka Exp $ + * $Id: ns_func.h,v 8.117 2002/04/25 05:27:07 marka Exp $ */ /* ++from ns_glue.c++ */ @@ -313,6 +313,7 @@ void qserial_answer(struct qinfo *); void printzoneinfo(int, int, int); #endif void endxfer(void); +void tryxfer(void); void addxfer(struct zoneinfo *); void ns_zreload(void); void ns_reload(void); @@ -421,7 +422,7 @@ int set_zone_type(zone_config, int); int set_zone_filename(zone_config, char *); int set_zone_checknames(zone_config, enum severity); #ifdef BIND_NOTIFY -int set_zone_notify(zone_config, int value); +int set_zone_notify(zone_config, enum notify value); #endif int set_zone_maintain_ixfr_base(zone_config, int value); int set_zone_update_acl(zone_config, ip_match_list); diff --git a/contrib/bind/bin/named/ns_lexer.c b/contrib/bind/bin/named/ns_lexer.c index 4a6f820..b10219a 100644 --- a/contrib/bind/bin/named/ns_lexer.c +++ b/contrib/bind/bin/named/ns_lexer.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_lexer.c,v 8.28 2001/12/28 04:07:47 marka Exp $"; +static const char rcsid[] = "$Id: ns_lexer.c,v 8.30 2002/04/25 05:27:08 marka Exp $"; #endif /* not lint */ /* @@ -57,7 +57,7 @@ typedef enum lexer_state { #define LEXER_MAX_PUSHBACK 2 typedef struct lexer_file_context { - const char * name; + char * name; FILE * stream; int line_number; LexerState state; @@ -251,6 +251,7 @@ static struct keyword keywords[] = { {"directory", T_DIRECTORY}, {"dump-file", T_DUMP_FILE}, {"dynamic", T_DYNAMIC}, + {"explicit", T_EXPLICIT}, {"fail", T_FAIL}, {"fake-iquery", T_FAKE_IQUERY}, {"false", T_FALSE}, @@ -400,7 +401,7 @@ lexer_begin_file(const char *filename, FILE *stream) { panic("memget failed in lexer_begin_file", NULL); INSIST(stream != NULL); lf->stream = stream; - lf->name = filename; /* note copy by reference */ + lf->name = savestr(filename, 1); lf->line_number = 1; lf->state = scan; lf->flags = 0; @@ -419,6 +420,7 @@ lexer_end_file(void) { lf = current_file; current_file = lf->next; fclose(lf->stream); + freestr(lf->name); memput(lf, sizeof *lf); } diff --git a/contrib/bind/bin/named/ns_main.c b/contrib/bind/bin/named/ns_main.c index 23cf249..d839387 100644 --- a/contrib/bind/bin/named/ns_main.c +++ b/contrib/bind/bin/named/ns_main.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_main.c,v 8.155 2001/11/16 05:37:27 marka Exp $"; +static const char rcsid[] = "$Id: ns_main.c,v 8.157 2002/04/13 23:26:16 marka Exp $"; #endif /* not lint */ /* @@ -570,18 +570,46 @@ main(int argc, char *argv[]) { } static int +sq_closeone(void) { + struct qstream *sp, *nextsp; + struct qstream *candidate = NULL; + time_t lasttime, maxctime = 0; + int result = 0; + + gettime(&tt); + + for (sp = streamq; sp; sp = nextsp) { + nextsp = sp->s_next; + if (sp->s_refcnt) + continue; + lasttime = tt.tv_sec - sp->s_time; + if (lasttime >= VQEXPIRY) { + sq_remove(sp); + result = 1; + } else if (lasttime > maxctime) { + candidate = sp; + maxctime = lasttime; + } + } + if (candidate) { + sq_remove(candidate); + result = 1; + } + return (result); +} + +static int ns_socket(int domain, int type, int protocol) { - int fd; + int fd, tmp; + again: fd = socket(domain, type, protocol); - if (fd == -1) - return (-1); #ifdef F_DUPFD /* XXX */ /* * Leave a space for stdio to work in. */ if (fd >= 0 && fd <= 20) { - int new, tmp; + int new; if ((new = fcntl(fd, F_DUPFD, 20)) == -1) ns_notice(ns_log_default, "fcntl(fd, F_DUPFD, 20): %s", strerror(errno)); @@ -591,6 +619,11 @@ ns_socket(int domain, int type, int protocol) { fd = new; } #endif + tmp = errno; + if (errno == EMFILE) + if (sq_closeone()) + goto again; + errno = tmp; return (fd); } @@ -680,25 +713,7 @@ stream_accept(evContext lev, void *uap, int rfd, * eventlib which will call us right back. */ if (streamq) { - struct qstream *nextsp; - struct qstream *candidate = NULL; - time_t lasttime, maxctime = 0; - - for (sp = streamq; sp; sp = nextsp) { - nextsp = sp->s_next; - if (sp->s_refcnt) - continue; - gettime(&tt); - lasttime = tt.tv_sec - sp->s_time; - if (lasttime >= VQEXPIRY) - sq_remove(sp); - else if (lasttime > maxctime) { - candidate = sp; - maxctime = lasttime; - } - } - if (candidate) - sq_remove(candidate); + (void)sq_closeone(); return; } /* fall through */ @@ -808,19 +823,20 @@ tcp_send(struct qinfo *qp) { struct qstream *sp; struct sockaddr_in src; int on = 1, n; + int fd; ns_debug(ns_log_default, 1, "tcp_send"); - if ((sp = sq_add()) == NULL) { + if ((fd = ns_socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) == -1) return (SERVFAIL); - } - if ((sp->s_rfd = ns_socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) == -1) { - sq_remove(sp); + if (fd > evHighestFD(ev)) { + close(fd); return (SERVFAIL); } - if (sp->s_rfd > evHighestFD(ev)) { - sq_remove(sp); + if ((sp = sq_add()) == NULL) { + close(fd); return (SERVFAIL); } + sp->s_rfd = fd; if (setsockopt(sp->s_rfd, SOL_SOCKET, SO_REUSEADDR, (char*)&on, sizeof(on)) < 0) ns_info(ns_log_default, @@ -2837,6 +2853,7 @@ init_needs(void) { handlers[main_need_restart] = ns_restart; handlers[main_need_reap] = reapchild; handlers[main_need_noexpired] = ns_noexpired; + handlers[main_need_tryxfer] = tryxfer; } static void diff --git a/contrib/bind/bin/named/ns_maint.c b/contrib/bind/bin/named/ns_maint.c index 0408936..82df685 100644 --- a/contrib/bind/bin/named/ns_maint.c +++ b/contrib/bind/bin/named/ns_maint.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_maint.c 4.39 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: ns_maint.c,v 8.131 2001/11/12 04:49:32 marka Exp $"; +static const char rcsid[] = "$Id: ns_maint.c,v 8.135 2002/04/25 05:27:10 marka Exp $"; #endif /* not lint */ /* @@ -132,7 +132,6 @@ static int nxfers(struct zoneinfo *), static void startxfer(struct zoneinfo *), abortxfer(struct zoneinfo *), - tryxfer(void), purge_z_2(struct hashbuf *, int); static int purge_nonglue_2(const char *, struct hashbuf *, int, int, int); @@ -453,9 +452,10 @@ ns_heartbeat(evContext ctx, void *uap, struct timespec due, * Trigger a refresh query while the link is up by * sending a notify. */ - if (((zp->z_notify == znotify_yes) || - ((zp->z_notify == znotify_use_default) && - !NS_OPTION_P(OPTION_NONOTIFY))) && + if (((zp->z_notify == notify_yes) || + (zp->z_notify == notify_explicit) || + ((zp->z_notify == notify_use_default) && + server_options->notify != notify_no)) && (zt == z_master || zt == z_slave) && !loading && ((zp->z_flags & Z_AUTH) != 0)) ns_notify(zp->z_origin, zp->z_class, ns_t_soa); @@ -1199,6 +1199,22 @@ remove_zone(struct zoneinfo *zp, const char *verb) { xfers_deferred--; } ns_stopxfrs(zp); + if ((zp->z_flags & Z_XFER_RUNNING) != 0) { + int i; + /* Kill and abandon the current transfer. */ + for (i = 0; i < MAX_XFERS_RUNNING; i++) { + if (xferstatus[i].xfer_pid == zp->z_xferpid) { + xferstatus[i].xfer_pid = 0; + xferstatus[i].xfer_state = XFER_IDLE; + xfers_running--; + break; + } + } + (void)kill(zp->z_xferpid, SIGTERM); + zp->z_flags &= ~(Z_XFER_RUNNING|Z_XFER_ABORTED|Z_XFER_GONE); + zp->z_xferpid = 0; + ns_need(main_need_tryxfer); + } do_reload(zp->z_origin, zp->z_type, zp->z_class, 1); ns_notice(ns_log_config, "%s zone \"%s\" (%s) %s", zoneTypeString(zp->z_type), zp->z_origin, @@ -1692,7 +1708,7 @@ endxfer() { /* * Try to start some xfers - new "fair scheduler" by Bob Halley @DEC (1995) */ -static void +void tryxfer() { static struct zoneinfo *zp = NULL; static struct zoneinfo *lastzones = NULL; diff --git a/contrib/bind/bin/named/ns_notify.c b/contrib/bind/bin/named/ns_notify.c index cde636a..286b3eb 100644 --- a/contrib/bind/bin/named/ns_notify.c +++ b/contrib/bind/bin/named/ns_notify.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_notify.c,v 8.18 2001/11/12 04:49:33 marka Exp $"; +static const char rcsid[] = "$Id: ns_notify.c,v 8.20 2002/04/25 05:27:12 marka Exp $"; #endif /* not lint */ /* @@ -56,12 +56,12 @@ static const char rcsid[] = "$Id: ns_notify.c,v 8.18 2001/11/12 04:49:33 marka E /* Types. */ -struct notify { +struct pnotify { char * name; ns_class class; ns_type type; evTimerID timer; - LINK(struct notify) link; + LINK(struct pnotify) link; }; /* Forward. */ @@ -71,14 +71,14 @@ static void sysnotify_slaves(const char *, const char *, ns_class, ns_type, int, int *, int *); static void sysnotify_ns(const char *, const char *, ns_class, ns_type, int, int *, int *); -static void free_notify(struct notify *); +static void free_notify(struct pnotify *); static void notify_timer(evContext, void *, struct timespec, struct timespec); /* Local. */ -static LIST(struct notify) pending_notifies; -static LIST(struct notify) loading_notifies; +static LIST(struct pnotify) pending_notifies; +static LIST(struct pnotify) loading_notifies; /* Public. */ @@ -91,7 +91,7 @@ ns_notify(const char *dname, ns_class class, ns_type type) { static const char no_room[] = "%s failed, cannot notify for zone %s"; int delay, max_delay; struct zoneinfo *zp; - struct notify *ni; + struct pnotify *ni; zp = find_auth_zone(dname, class); if (zp == NULL) { @@ -162,7 +162,7 @@ ns_notify(const char *dname, ns_class class, ns_type type) { void notify_afterload() { - struct notify *ni; + struct pnotify *ni; INSIST(loading == 0); while ((ni = HEAD(loading_notifies)) != NULL) { @@ -180,7 +180,7 @@ notify_afterload() { void ns_unnotify(void) { while (!EMPTY(pending_notifies)) { - struct notify *ni = HEAD(pending_notifies); + struct pnotify *ni = HEAD(pending_notifies); INSIST(LINKED(ni, link)); UNLINK(pending_notifies, ni, link); @@ -194,7 +194,7 @@ ns_unnotify(void) { */ void ns_stopnotify(const char *dname, ns_class class) { - struct notify *ni; + struct pnotify *ni; ni = HEAD(pending_notifies); while (ni != NULL && @@ -235,9 +235,9 @@ sysnotify(const char *dname, ns_class class, ns_type type) { dname); return; } - if (zp->z_notify == znotify_no || - (zp->z_notify == znotify_use_default && - NS_OPTION_P(OPTION_NONOTIFY))) + if (zp->z_notify == notify_no || + (zp->z_notify == notify_use_default && + server_options->notify == notify_no)) return; if (zp->z_type != z_master && zp->z_type != z_slave) { ns_warning(ns_log_notify, "sysnotify: %s not master or slave", @@ -247,7 +247,11 @@ sysnotify(const char *dname, ns_class class, ns_type type) { zname = zp->z_origin; zserial = zp->z_serial; nns = na = 0; - sysnotify_slaves(dname, zname, class, type, zp - zones, &nns, &na); + if (zp->z_notify == notify_yes || + (zp->z_notify == notify_use_default && + server_options->notify == notify_yes)) + sysnotify_slaves(dname, zname, class, type, + zp - zones, &nns, &na); /* * Handle any global or zone-specific also-notify clauses @@ -351,18 +355,26 @@ sysnotify_ns(const char *dname, const char *aname, const char *fname; struct in_addr nss[NSMAX]; struct hashbuf *htp; - int is_us, nsc; + int is_us, nsc, auth6, neg; int cname = 0; htp = hashtab; anp = nlookup(aname, &htp, &fname, 0); nsc = 0; is_us = 0; + auth6 = 0; + neg = 0; if (anp != NULL) for (adp = anp->n_data; adp; adp = adp->d_next) { struct in_addr ina; - if (match(adp, class, T_CNAME)) { + if (adp->d_class != class) + continue; + if (adp->d_rcode == NXDOMAIN) { + neg = 1; + break; + } + if (adp->d_type == T_CNAME && adp->d_rcode == 0) { cname = 1; ns_error(ns_log_notify, "NS '%s' for '%s/%s' is a CNAME", @@ -371,8 +383,18 @@ sysnotify_ns(const char *dname, const char *aname, p_class(class)); break; } + if ((adp->d_type == T_AAAA || adp->d_type == ns_t_a6) && + (zones[adp->d_class].z_type == z_master || + zones[adp->d_class].z_type == z_slave)) { + auth6 = 1; + continue; + } if (!match(adp, class, T_A)) continue; + if (adp->d_rcode) { + neg = 1; + continue; + } if (adp->d_type == ns_t_sig) continue; ina = ina_get(adp->d_data); @@ -384,7 +406,8 @@ sysnotify_ns(const char *dname, const char *aname, nss[nsc++] = ina; } /*next A*/ if (nsc == 0) { - if (!is_us && !cname && !NS_OPTION_P(OPTION_NOFETCHGLUE)) { + if (!is_us && !cname && !auth6 && !neg && + !NS_OPTION_P(OPTION_NOFETCHGLUE)) { struct qinfo *qp; qp = sysquery(aname, class, ns_t_a, NULL, NULL, 0, @@ -400,7 +423,7 @@ sysnotify_ns(const char *dname, const char *aname, } static void -free_notify(struct notify *ni) { +free_notify(struct pnotify *ni) { struct zoneinfo *zp; INSIST(!LINKED(ni, link)); @@ -422,7 +445,7 @@ notify_timer(evContext ctx, void *uap, struct timespec due, struct timespec inter) { - struct notify *ni = uap; + struct pnotify *ni = uap; UNUSED(ctx); UNUSED(due); diff --git a/contrib/bind/bin/named/ns_parser.y b/contrib/bind/bin/named/ns_parser.y index 0fe9dc7..8e62962 100644 --- a/contrib/bind/bin/named/ns_parser.y +++ b/contrib/bind/bin/named/ns_parser.y @@ -1,6 +1,6 @@ %{ #if !defined(lint) && !defined(SABER) -static char rcsid[] = "$Id: ns_parser.y,v 8.78 2001/12/28 04:07:48 marka Exp $"; +static char rcsid[] = "$Id: ns_parser.y,v 8.79 2002/04/25 05:27:13 marka Exp $"; #endif /* not lint */ /* @@ -150,7 +150,7 @@ int yyparse(); %token T_TRANSFER_FORMAT T_MAX_TRANSFER_TIME_IN %token T_SERIAL_QUERIES T_ONE_ANSWER T_MANY_ANSWERS %type <axfr_fmt> transfer_format -%token T_NOTIFY T_NOTIFY_INITIAL T_AUTH_NXDOMAIN +%token T_NOTIFY T_EXPLICIT T_NOTIFY_INITIAL T_AUTH_NXDOMAIN %token T_MULTIPLE_CNAMES T_USE_IXFR T_MAINTAIN_IXFR_BASE %token T_CLEAN_INTERVAL T_INTERFACE_INTERVAL T_STATS_INTERVAL %token T_MAX_LOG_SIZE_IXFR @@ -374,10 +374,16 @@ option: /* Empty */ set_global_boolean_option(current_options, OPTION_HITCOUNT, $2); } + | T_NOTIFY T_EXPLICIT + { + current_options->notify = notify_explicit; + } | T_NOTIFY yea_or_nay { - set_global_boolean_option(current_options, - OPTION_NONOTIFY, !$2); + if ($2) + current_options->notify = notify_yes; + else + current_options->notify = notify_no; } | T_NOTIFY_INITIAL yea_or_nay { @@ -1681,9 +1687,16 @@ zone_option: T_TYPE zone_type { set_zone_max_log_size_ixfr(current_zone, $2); } + | T_NOTIFY T_EXPLICIT + { + set_zone_notify(current_zone, notify_explicit); + } | T_NOTIFY yea_or_nay { - set_zone_notify(current_zone, $2); + if ($2) + set_zone_notify(current_zone, notify_yes); + else + set_zone_notify(current_zone, notify_no); } | T_MAINTAIN_IXFR_BASE yea_or_nay { diff --git a/contrib/bind/bin/named/ns_req.c b/contrib/bind/bin/named/ns_req.c index 6695881..1a1d756 100644 --- a/contrib/bind/bin/named/ns_req.c +++ b/contrib/bind/bin/named/ns_req.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_req.c 4.47 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_req.c,v 8.162 2002/02/01 00:05:36 marka Exp $"; +static const char rcsid[] = "$Id: ns_req.c,v 8.168 2002/04/30 03:43:52 marka Exp $"; #endif /* not lint */ /* @@ -231,24 +231,10 @@ ns_get_opt(u_char *msg, u_char *eom, version = *cp++; GETSHORT(flags, cp); GETSHORT(rdlen, cp); - /* ensure options are well formed */ + if (cp + rdlen > eom) + return (-1); options = cp; optsize = rdlen; - while (rdlen != 0) { - u_int16_t code; - u_int16_t len; - - if (rdlen < 4) - return (-1); - GETSHORT(code, cp); - GETSHORT(len, cp); - rdlen -= 4; - if (len > rdlen) - return (-1); - cp += len; - rdlen -= len; - } - /* Everything checks out. */ if (versionp != NULL) *versionp = version; if (rcodep != NULL) @@ -315,6 +301,7 @@ ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, u_int16_t rcode = ns_r_noerror; u_int16_t udpsize = 0; int drop; + int tsig_adjust = 0; #ifdef DEBUG if (debug > 3) { @@ -332,9 +319,18 @@ ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, has_tsig = 0; else { char buf[MAXDNAME]; + u_char tmp[NS_MAXCDNAME]; has_tsig = 1; - n = dn_expand(msg, msg + msglen, tsigstart, buf, sizeof buf); + n = ns_name_unpack(msg, msg + msglen, tsigstart, + tmp, sizeof tmp); + if (n > 0) { + tsig_adjust = dn_skipname(tmp, tmp + sizeof(tmp)) - n; + if (ns_name_ntop(tmp, buf, sizeof buf) == -1) + n = -1; + else if (buf[0] == '.') + buf[0] = '\0'; + } if (n < 0) { ns_debug(ns_log_default, 1, "ns_req: bad TSIG key name"); @@ -395,7 +391,8 @@ ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, in_tsig->siglen = siglen; memcpy(in_tsig->sig, sig, siglen); tsig_size = msglen_orig - msglen; - in_tsig->tsig_size = tsig_size; + /* AXFR/IXFR need the uncompressed tsig size. */ + in_tsig->tsig_size = tsig_size + tsig_adjust; } else if (has_tsig) { action = Finish; in_tsig = memget(sizeof(struct tsig_record)); @@ -576,8 +573,9 @@ ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, sig2len = sizeof sig2; msglen = cp - msg; buflen = buflen_orig - msglen; - n = ns_sign(msg, &msglen, msglen + buflen, error, key, - sig, siglen, sig2, &sig2len, tsig_time); + n = ns_sign2(msg, &msglen, msglen + buflen, error, key, + sig, siglen, sig2, &sig2len, tsig_time, + dnptrs, dnptrs_end); if (n == NS_TSIG_ERROR_NO_SPACE && ntohs(hp->qdcount) != 0) { hp->qdcount = htons(0); @@ -609,12 +607,14 @@ ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, INSIST(n > 0); cp += n; buflen -= n; + msglen += n; } if (has_tsig > 0) { buflen += tsig_size; sig2len = sizeof sig2; - n = ns_sign(msg, &msglen, msglen + buflen, error, key, - sig, siglen, sig2, &sig2len, tsig_time); + n = ns_sign2(msg, &msglen, msglen + buflen, error, key, + sig, siglen, sig2, &sig2len, tsig_time, + dnptrs, dnptrs_end); if (n != 0) { INSIST(0); } @@ -1218,12 +1218,17 @@ req_query(HEADER *hp, u_char **cpp, u_char *eom, struct qstream *qsp, goto fetchns; } } +#ifdef NXDOMAIN_ON_DENIAL + hp->rcode = ns_r_nxdomain; + return (Finish); +#else ns_notice(ns_log_security, "denied query from %s for \"%s\" %s/%s", sin_ntoa(from), *dname ? dname : ".", p_type(type), p_class(class)); nameserIncr(from.sin_addr, nssRcvdUQ); return (Refuse); +#endif } } else { ip_match_list transfer_acl; @@ -2315,7 +2320,10 @@ doaddinfo(HEADER *hp, u_char *msg, int msglen) { cp = msg; loop: for (ap = addinfo, i = 0; i < addcount; ap++, i++) { - int foundany = 0, + int auth = 0, + founda = 0, + foundaaaa = 0, + founda6 = 0, foundcname = 0, save_count = count, save_msglen = msglen; @@ -2340,16 +2348,27 @@ loop: /* look for the data */ (void)delete_stale(np); for (dp = np->n_data; dp != NULL; dp = dp->d_next) { + if (dp->d_class != ap->a_class) + continue; if (dp->d_rcode == NXDOMAIN) { - if (dp->d_class == ap->a_class) - foundany++; + founda = founda6 = foundaaaa = 1; continue; } - if ((match(dp, (int)ap->a_class, T_CNAME) && - dp->d_type == T_CNAME)) { + switch (dp->d_type) { + case ns_t_a: founda = 1; break; + case ns_t_a6: founda6 = 1; break; + case ns_t_aaaa: foundaaaa = 1; break; + } + if (!dp->d_rcode && dp->d_type == T_CNAME) { foundcname++; break; } + if (auth == 0 && ap->a_type == T_A && + (dp->d_type == ns_t_a || dp->d_type == ns_t_a6 || + dp->d_type == ns_t_aaaa) && + (zones[dp->d_zone].z_type == z_master || + zones[dp->d_zone].z_type == z_slave)) + auth = 1; if (pass == 0 && ap->a_type == T_A && server_options->preferred_glue != 0 && !match(dp, (int)ap->a_class, @@ -2374,8 +2393,6 @@ loop: if (ap->a_type == T_SRV && !match(dp, (int)ap->a_class, T_SRV)) continue; - - foundany++; if (dp->d_rcode) continue; /* @@ -2417,12 +2434,20 @@ loop: } next_rr: if (!NS_OPTION_P(OPTION_NOFETCHGLUE) && - !foundcname && !foundany && - (ap->a_type == T_A || ap->a_type == T_AAAA)) { + !foundcname && ap->a_type == T_A) { /* ask a real server for this info */ - (void) sysquery(ap->a_dname, (int)ap->a_class, - ap->a_type, NULL, NULL, 0, ns_port, - QUERY, 0); + if (!founda && !auth) + (void) sysquery(ap->a_dname, (int)ap->a_class, + ns_t_a, NULL, NULL, 0, ns_port, + QUERY, 0); + if (!foundaaaa && !auth) + (void) sysquery(ap->a_dname, (int)ap->a_class, + ns_t_aaaa, NULL, NULL, 0, + ns_port, QUERY, 0); + if (!founda6 && !auth) + (void) sysquery(ap->a_dname, (int)ap->a_class, + ns_t_a6, NULL, NULL, 0, ns_port, + QUERY, 0); } if (foundcname) { if (!haveComplained(nhash(ap->a_dname), diff --git a/contrib/bind/bin/named/ns_resp.c b/contrib/bind/bin/named/ns_resp.c index ea62674..5be0038 100644 --- a/contrib/bind/bin/named/ns_resp.c +++ b/contrib/bind/bin/named/ns_resp.c @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static const char sccsid[] = "@(#)ns_resp.c 4.65 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_resp.c,v 8.172 2002/01/31 00:06:41 marka Exp $"; +static const char rcsid[] = "$Id: ns_resp.c,v 8.176 2002/04/17 07:10:10 marka Exp $"; #endif /* not lint */ /* @@ -182,7 +182,8 @@ static int rrsetcmp(char *, struct db_list *, struct hashbuf *), struct sockaddr_in, char **); static void mark_bad(struct qinfo *qp, struct sockaddr_in from); static void mark_lame(struct qinfo *qp, struct sockaddr_in from); -static int mark_noedns(struct qinfo *qp, struct sockaddr_in from); +static int mark_noedns(struct qinfo *qp, struct sockaddr_in from, + int cache); static void fast_retry(struct qinfo *qp, struct sockaddr_in from, int samehost); static void add_related_additional(char *); @@ -417,15 +418,15 @@ ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) switch (hp->rcode) { case SERVFAIL: nameserIncr(from.sin_addr, nssRcvdFail); - noedns = mark_noedns(qp, from); + noedns = mark_noedns(qp, from, 0); break; case FORMERR: nameserIncr(from.sin_addr, nssRcvdFErr); - noedns = mark_noedns(qp, from); + noedns = mark_noedns(qp, from, 1); break; case NOTIMP: nameserIncr(from.sin_addr, nssRcvdErr); - noedns = mark_noedns(qp, from); + noedns = mark_noedns(qp, from, 1); break; default: nameserIncr(from.sin_addr, nssRcvdErr); @@ -1059,6 +1060,7 @@ tcp_retry: /* Additional section. */ switch (type) { case T_A: + case ns_t_a6: case T_AAAA: case T_SRV: if (externalcname || @@ -1778,6 +1780,7 @@ rrextract(u_char *msg, int msglen, u_char *rrp, struct databuf **dpp, case T_LOC: case T_KEY: case ns_t_cert: + case ns_t_opt: cp1 = cp; n = dlen; cp += n; @@ -1859,6 +1862,8 @@ rrextract(u_char *msg, int msglen, u_char *rrp, struct databuf **dpp, } n = cp1 - data; cp1 = data; + if (tnamep != NULL && type == T_SOA) + *tnamep = savestr((char *)cp1, 1); break; case T_NAPTR: @@ -3933,14 +3938,14 @@ trunc_adjust(u_char *msg, int msglen, int outlen) { * mark the server "from" bad in the qp structure so it won't be retried. */ static int -mark_noedns(struct qinfo *qp, struct sockaddr_in from) { +mark_noedns(struct qinfo *qp, struct sockaddr_in from, int cache) { int i; for (i = 0; i < (int)qp->q_naddr; i++) if (ina_equal(qp->q_addr[i].ns_addr.sin_addr, from.sin_addr)) { if (qp->q_addr[i].noedns) return (1); - if (qp->q_addr[i].nsdata) + if (qp->q_addr[i].nsdata && cache) qp->q_addr[i].nsdata->d_noedns = 1; qp->q_addr[i].noedns = 1; break; diff --git a/contrib/bind/bin/named/ns_xfr.c b/contrib/bind/bin/named/ns_xfr.c index ab23b6b..d7a8505 100644 --- a/contrib/bind/bin/named/ns_xfr.c +++ b/contrib/bind/bin/named/ns_xfr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_xfr.c,v 8.67 2001/07/10 05:06:50 marka Exp $"; +static const char rcsid[] = "$Id: ns_xfr.c,v 8.68 2002/04/11 05:19:06 marka Exp $"; #endif /* not lint */ /* @@ -180,13 +180,15 @@ ns_xfr(struct qstream *qsp, struct namebuf *znp, qsp->xfr.transfer_format = si->transfer_format; else qsp->xfr.transfer_format = server_options->transfer_format; - if (in_tsig == NULL) + if (in_tsig == NULL) { qsp->xfr.tsig_state = NULL; - else { + qsp->xfr.tsig_size = 0; + } else { qsp->xfr.tsig_state = memget(sizeof(ns_tcp_tsig_state)); ns_sign_tcp_init(in_tsig->key, in_tsig->sig, in_tsig->siglen, qsp->xfr.tsig_state); qsp->xfr.tsig_skip = 0; + qsp->xfr.tsig_size = in_tsig->tsig_size; } if (type == ns_t_ixfr) { @@ -393,14 +395,15 @@ sx_addrr(struct qstream *qsp, const char *dname, struct databuf *dp) { } } - n = make_rr(dname, dp, qsp->xfr.cp, qsp->xfr.eom - qsp->xfr.cp, - 0, qsp->xfr.ptrs, edp, 0); + n = make_rr(dname, dp, qsp->xfr.cp, qsp->xfr.eom - qsp->xfr.cp - + qsp->xfr.tsig_size, 0, qsp->xfr.ptrs, edp, 0); if (n < 0) { if (sx_flush(qsp) < 0) return (-1); if (qsp->xfr.cp == NULL) sx_newmsg(qsp); - n = make_rr(dname, dp, qsp->xfr.cp, qsp->xfr.eom - qsp->xfr.cp, + n = make_rr(dname, dp, qsp->xfr.cp, qsp->xfr.eom - + qsp->xfr.cp - qsp->xfr.tsig_size, 0, qsp->xfr.ptrs, edp, 0); INSIST(n >= 0); } |