Import Paul Vixie/ISC's bind-4.9.5-patch1 onto the vendor branch.

This has some (all?) of the DNSSEC key management/distribution mechanism
in place.  (The SIG and KEY RR's)

Obtained from: Paul Vixie / ISC / ftp.isc.org

4 files changed, 183 insertions, 89 deletions

diff --git a/contrib/bind/include/arpa/Makefile b/contrib/bind/include/arpa/Makefile
index 491252d..2ebfe2c 100644
--- a/contrib/bind/include/arpa/Makefile
+++ b/contrib/bind/include/arpa/Makefile
@@ -61,7 +61,10 @@ all depend:
 clean:
 	rm -f *~ *.BAK *.CKP *.orig
 
-install:
+install: ${DESTDIR}${DESTINC}/arpa
 	set -x; for x in ${HFILES}; do \
 		${INSTALL} -c -m 444 $$x ${DESTDIR}${DESTINC}/arpa/$$x; \
 	done
+
+${DESTDIR}${DESTINC}/arpa:
+	mkdir $@
diff --git a/contrib/bind/include/arpa/inet.h b/contrib/bind/include/arpa/inet.h
index 3451a09..2a4460f 100644
--- a/contrib/bind/include/arpa/inet.h
+++ b/contrib/bind/include/arpa/inet.h
@@ -55,7 +55,7 @@
 
 /*
  *	@(#)inet.h	8.1 (Berkeley) 6/2/93
- *	$Id: inet.h,v 8.5 1996/05/22 04:56:29 vixie Exp $
+ *	$Id: inet.h,v 8.6 1996/08/08 06:54:29 vixie Exp $
  */
 
 #ifndef _INET_H_
@@ -76,13 +76,16 @@ unsigned long	 inet_addr __P((const char *));
 int		 inet_aton __P((const char *, struct in_addr *));
 unsigned long	 inet_lnaof __P((struct in_addr));
 struct in_addr	 inet_makeaddr __P((u_long , u_long));
+char *		 inet_neta __P((u_long, char *, size_t));
 unsigned long	 inet_netof __P((struct in_addr));
 unsigned long	 inet_network __P((const char *));
+char		*inet_net_ntop __P((int, const void *, int, char *, size_t));
+int		 inet_net_pton __P((int, const char *, void *, size_t));
 char		*inet_ntoa __P((struct in_addr));
-int		 inet_pton __P((int af, const char *src, void *dst));
-const char	*inet_ntop __P((int af, const void *src, char *dst, size_t s));
-u_int		 inet_nsap_addr __P((const char *, u_char *, int maxlen));
-char		*inet_nsap_ntoa __P((int, const u_char *, char *ascii));
+int		 inet_pton __P((int, const char *, void *));
+const char	*inet_ntop __P((int, const void *, char *, size_t));
+u_int		 inet_nsap_addr __P((const char *, u_char *, int));
+char		*inet_nsap_ntoa __P((int, const u_char *, char *));
 __END_DECLS
 
 #endif /* !_INET_H_ */
diff --git a/contrib/bind/include/arpa/nameser.h b/contrib/bind/include/arpa/nameser.h
index d99bf49..f029e64 100644
--- a/contrib/bind/include/arpa/nameser.h
+++ b/contrib/bind/include/arpa/nameser.h
@@ -50,12 +50,34 @@
  * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
  * SOFTWARE.
  * -
+ * Portions Copyright (c) 1995 by International Business Machines, Inc.
+ *
+ * International Business Machines, Inc. (hereinafter called IBM) grants
+ * permission under its copyrights to use, copy, modify, and distribute this
+ * Software with or without fee, provided that the above copyright notice and
+ * all paragraphs of this notice appear in all copies, and that the name of IBM
+ * not be used in connection with the marketing of any product incorporating
+ * the Software or modifications thereof, without specific, written prior
+ * permission.
+ *
+ * To the extent it has a right to do so, IBM grants an immunity from suit
+ * under its patents, if any, for the use, sale or manufacture of products to
+ * the extent that such products are used for performing Domain Name System
+ * dynamic updates in TCP/IP networks by means of the Software.  No immunity is
+ * granted for any product per se or for any other function of any product.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE.  IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
  * --Copyright--
  */
 
 /*
  *      @(#)nameser.h	8.1 (Berkeley) 6/2/93
- *	$Id: nameser.h,v 8.5 1996/08/05 08:31:28 vixie Exp $
+ *	$Id: nameser.h,v 8.11 1996/10/08 04:51:02 vixie Exp $
  */
 
 #ifndef _NAMESER_H_
@@ -70,10 +92,8 @@
 #include <sys/cdefs.h>
 
 #ifdef _AUX_SOURCE
-#include <sys/types.h>			/* ech for A/UX */
-#define res_send ucb_res_send		/* already def'd in libc */
-#define _res_close _ucb_res_close    /* removing res_send.o from the library */
-#endif				     /* gives an undefined symbol... */
+# include <sys/types.h>
+#endif
 
 /*
  * revision information.  this is the release date in YYYYMMDD format.
@@ -83,13 +103,13 @@
  * is new enough to contain a certain feature.
  */
 
-#define __BIND		19950621	/* interface version stamp */
+#define __BIND		19960801	/* interface version stamp */
 
 /*
  * Define constants based on rfc883
  */
 #define PACKETSZ	512		/* maximum packet size */
-#define MAXDNAME	256		/* maximum domain name */
+#define MAXDNAME	1025		/* maximum presentation domain name */
 #define MAXCDNAME	255		/* maximum compressed domain name */
 #define MAXLABEL	63		/* maximum length of domain label */
 #define HFIXEDSZ	12		/* #/bytes of fixed data in header */
@@ -113,17 +133,6 @@
 #define STATUS		0x2		/* nameserver status query */
 /*#define xxx		0x3*/		/* 0x3 reserved */
 #define NS_NOTIFY_OP	0x4		/* notify secondary of SOA change */
-#ifdef ALLOW_UPDATES
-	/* non standard - supports ALLOW_UPDATES stuff from Mike Schwartz */
-# define UPDATEA	0x9		/* add resource record */
-# define UPDATED	0xa		/* delete a specific resource record */
-# define UPDATEDA	0xb		/* delete all named resource record */
-# define UPDATEM	0xc		/* modify a specific resource record */
-# define UPDATEMA	0xd		/* modify all named resource record */
-# define ZONEINIT	0xe		/* initial zone transfer */
-# define ZONEREF	0xf		/* incremental zone referesh */
-#endif
-
 /*
  * Currently defined response codes
  */
@@ -133,10 +142,6 @@
 #define NXDOMAIN	3		/* non existent domain */
 #define NOTIMP		4		/* not implemented */
 #define REFUSED		5		/* query refused */
-#ifdef ALLOW_UPDATES
-	/* non standard */
-# define NOCHANGE	0xf		/* update failed to change db */
-#endif
 
 /*
  * Type values for resources and queries
@@ -170,12 +175,19 @@
 #define T_GPOS		27		/* geographical position (withdrawn) */
 #define T_AAAA		28		/* IP6 Address */
 #define T_LOC		29		/* Location Information */
+#define T_NXT		30		/* Next Valid Name in Zone */
+#define T_EID		31		/* Endpoint identifier */
+#define T_NIMLOC	32		/* Nimrod locator */
+#define T_SRV		33		/* Server selection */
+#define T_ATMA		34		/* ATM Address */
+#define T_NAPTR		35		/* Naming Authority PoinTeR */
 	/* non standard */
 #define T_UINFO		100		/* user (finger) information */
 #define T_UID		101		/* user ID */
 #define T_GID		102		/* group ID */
 #define T_UNSPEC	103		/* Unspecified format (binary data) */
 	/* Query type values which do not appear in resource records */
+#define	T_IXFR		251		/* incremental zone transfer */
 #define T_AXFR		252		/* transfer zone of authority */
 #define T_MAILB		253		/* transfer mailbox records */
 #define T_MAILA		254		/* transfer mail agent records */
@@ -192,6 +204,48 @@
 #define C_ANY		255		/* wildcard match */
 
 /*
+ * Flags field of the KEY RR rdata
+ */
+#define	KEYFLAG_TYPEMASK	0xC000	/* Mask for "type" bits */
+#define	KEYFLAG_TYPE_AUTH_CONF	0x0000	/* Key usable for both */
+#define	KEYFLAG_TYPE_CONF_ONLY	0x8000	/* Key usable for confidentiality */
+#define	KEYFLAG_TYPE_AUTH_ONLY	0x4000	/* Key usable for authentication */
+#define	KEYFLAG_TYPE_NO_KEY	0xC000	/* No key usable for either; no key */
+/* The type bits can also be interpreted independently, as single bits: */
+#define	KEYFLAG_NO_AUTH		0x8000	/* Key not usable for authentication */
+#define	KEYFLAG_NO_CONF		0x4000	/* Key not usable for confidentiality */
+
+#define	KEYFLAG_EXPERIMENTAL	0x2000	/* Security is *mandatory* if bit=0 */
+#define	KEYFLAG_RESERVED3	0x1000  /* reserved - must be zero */
+#define	KEYFLAG_RESERVED4	0x0800  /* reserved - must be zero */
+#define	KEYFLAG_USERACCOUNT	0x0400	/* key is assoc. with a user acct */
+#define	KEYFLAG_ENTITY		0x0200	/* key is assoc. with entity eg host */
+#define	KEYFLAG_ZONEKEY		0x0100	/* key is zone key for the zone named */
+#define	KEYFLAG_IPSEC		0x0080  /* key is for IPSEC use (host or user)*/
+#define	KEYFLAG_EMAIL		0x0040  /* key is for email (MIME security) */
+#define	KEYFLAG_RESERVED10	0x0020  /* reserved - must be zero */
+#define	KEYFLAG_RESERVED11	0x0010  /* reserved - must be zero */
+#define	KEYFLAG_SIGNATORYMASK	0x000F	/* key can sign DNS RR's of same name */
+
+#define  KEYFLAG_RESERVED_BITMASK ( KEYFLAG_RESERVED3 | \
+				    KEYFLAG_RESERVED4 | \
+				    KEYFLAG_RESERVED10| KEYFLAG_RESERVED11) 
+
+/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
+#define	ALGORITHM_MD5RSA	1	/* MD5 with RSA */
+#define	ALGORITHM_EXPIRE_ONLY	253	/* No alg, no security */
+#define	ALGORITHM_PRIVATE_OID	254	/* Key begins with OID indicating alg */
+
+/* Signatures */
+					/* Size of a mod or exp in bits */
+#define	MIN_MD5RSA_KEY_PART_BITS	 512
+#define	MAX_MD5RSA_KEY_PART_BITS	2552
+					/* Total of binary mod and exp, bytes */
+#define	MAX_MD5RSA_KEY_BYTES		((MAX_MD5RSA_KEY_PART_BITS+7/8)*2+3)
+					/* Max length of text sig block */
+#define	MAX_KEY_BASE64			(((MAX_MD5RSA_KEY_BYTES+2)/3)*4)
+
+/*
  * Status return codes for T_UNSPEC conversion routines
  */
 #define CONV_SUCCESS	0
@@ -259,7 +313,9 @@ typedef struct {
 	unsigned	rd: 1;		/* recursion desired */
 			/* fields in fourth byte */
 	unsigned	ra: 1;		/* recursion available */
-	unsigned	unused :3;	/* unused bits (MBZ as of 4.9.3a3) */
+	unsigned	unused :1;	/* unused bits (MBZ as of 4.9.3a3) */
+	unsigned	ad: 1;		/* authentic data from named */
+	unsigned	cd: 1;		/* checking disabled by resolver */
 	unsigned	rcode :4;	/* response code */
 #endif
 #if BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN
@@ -271,7 +327,9 @@ typedef struct {
 	unsigned	qr :1;		/* response flag */
 			/* fields in fourth byte */
 	unsigned	rcode :4;	/* response code */
-	unsigned	unused :3;	/* unused bits (MBZ as of 4.9.3a3) */
+	unsigned	cd: 1;		/* checking disabled by resolver */
+	unsigned	ad: 1;		/* authentic data from named */
+	unsigned	unused :1;	/* unused bits (MBZ as of 4.9.3a3) */
 	unsigned	ra :1;		/* recursion available */
 #endif
 			/* remaining bytes */
@@ -286,18 +344,6 @@ typedef struct {
  */
 #define INDIR_MASK	0xc0
 
-/*
- * Structure for passing resource records around.
- */
-struct rrec {
-	int16_t		r_zone;			/* zone number */
-	int16_t		r_class;		/* class number */
-	int16_t		r_type;			/* type number */
-	u_int32_t	r_ttl;			/* time to live */
-	int		r_size;			/* size of data area */
-	char		*r_data;		/* pointer to data */
-};
-
 extern	u_int16_t	_getshort __P((const u_char *));
 extern	u_int32_t	_getlong __P((const u_char *));
 
diff --git a/contrib/bind/include/resolv.h b/contrib/bind/include/resolv.h
index c9c7bf3..52e115f 100644
--- a/contrib/bind/include/resolv.h
+++ b/contrib/bind/include/resolv.h
@@ -55,7 +55,7 @@
 
 /*
  *	@(#)resolv.h	8.1 (Berkeley) 6/2/93
- *	$Id: resolv.h,v 8.11 1996/06/02 08:20:38 vixie Exp $
+ *	$Id: resolv.h,v 8.17 1996/11/26 10:11:20 vixie Exp $
  */
 
 #ifndef _RESOLV_H_
@@ -71,14 +71,14 @@
 #include <stdio.h>
 
 /*
- * revision information.  this is the release date in YYYYMMDD format.
- * it can change every day so the right thing to do with it is use it
- * in preprocessor commands such as "#if (__RES > 19931104)".  do not
+ * Revision information.  This is the release date in YYYYMMDD format.
+ * It can change every day so the right thing to do with it is use it
+ * in preprocessor commands such as "#if (__RES > 19931104)".  Do not
  * compare for equality; rather, use it to determine whether your resolver
  * is new enough to contain a certain feature.
  */
 
-#define	__RES	19960229
+#define	__RES	19960801
 
 /*
  * Resolver configuration file.
@@ -110,9 +110,9 @@ struct __res_state {
 	struct sockaddr_in
 		nsaddr_list[MAXNS];	/* address of name server */
 #define	nsaddr	nsaddr_list[0]		/* for backward compatibility */
-	u_short	id;			/* current packet id */
+	u_short	id;			/* current message id */
 	char	*dnsrch[MAXDNSRCH+1];	/* components of domain to search */
-	char	defdname[MAXDNAME];	/* default domain */
+	char	defdname[256];		/* default domain (deprecated) */
 	u_long	pfcode;			/* RES_PRF_ flags - see below. */
 	unsigned ndots:4;		/* threshold for initial abs. query */
 	unsigned nsort:4;		/* number of elements in sort_list[] */
@@ -121,7 +121,7 @@ struct __res_state {
 		struct in_addr	addr;
 		u_int32_t	mask;
 	} sort_list[MAXRESOLVSORT];
-	char	pad[72];		/* On an i38this means 512b total. */
+	char	pad[72];		/* on an i386 this means 512b total */
 };
 
 /*
@@ -182,16 +182,30 @@ typedef res_sendhookact (*res_send_rhook)__P((const struct sockaddr_in *ns,
 					      int anssiz,
 					      int *resplen));
 
+struct res_sym {
+	int	number;		/* Identifying number, like T_MX */
+	char *	name;		/* Its symbolic name, like "MX" */
+	char *	humanname;	/* Its fun name, like "mail exchanger" */
+};
+
 extern struct __res_state _res;
+extern const struct res_sym __p_class_syms[];
+extern const struct res_sym __p_type_syms[];
 
 /* Private routines shared between libc/net, named, nslookup and others. */
 #define	res_hnok	__res_hnok
 #define	res_ownok	__res_ownok
 #define	res_mailok	__res_mailok
 #define	res_dnok	__res_dnok
+#define	sym_ston	__sym_ston
+#define	sym_ntos	__sym_ntos
+#define	sym_ntop	__sym_ntop
+#define b64_ntop	__b64_ntop
+#define	b64_pton	__b64_pton
 #define	loc_ntoa	__loc_ntoa
 #define	loc_aton	__loc_aton
 #define	dn_skipname	__dn_skipname
+#define	fp_resstat	__fp_resstat
 #define	fp_query	__fp_query
 #define	fp_nquery	__fp_nquery
 #define	hostalias	__hostalias
@@ -200,55 +214,83 @@ extern struct __res_state _res;
 #define p_class		__p_class
 #define p_time		__p_time
 #define p_type		__p_type
+#define	p_query		__p_query
 #define	p_cdnname	__p_cdnname
 #define	p_cdname	__p_cdname
+#define	p_fqnname	__p_fqnname
 #define	p_fqname	__p_fqname
 #define	p_rr		__p_rr
 #define	p_option	__p_option
+#define	p_secstodate	__p_secstodate
+#define	dn_count_labels	__dn_count_labels
+#define	dn_comp		__dn_comp
 #define	res_randomid	__res_randomid
+#define	res_send	__res_send
 #define	res_isourserver	__res_isourserver
 #define	res_nameinquery	__res_nameinquery
 #define	res_queriesmatch __res_queriesmatch
+#define	res_close	__res_close
+
+#ifdef BIND_RES_POSIX3
+#define	dn_expand	__dn_expand
+#define	res_init	__res_init
+#define	res_query	__res_query
+#define	res_search	__res_search
+#define	res_querydomain	__res_querydomain
+#define	res_mkquery	__res_mkquery
+#endif
+
 __BEGIN_DECLS
-int	 __res_hnok __P((const char *));
-int	 __res_ownok __P((const char *));
-int	 __res_mailok __P((const char *));
-int	 __res_dnok __P((const char *));
-int	 __loc_aton __P((const char *ascii, u_char *binary));
-char *	 __loc_ntoa __P((const u_char *binary, char *ascii));
-int	 __dn_skipname __P((const u_char *, const u_char *));
-void	 __fp_resstat __P((struct __res_state *, FILE *));
-void	 __fp_query __P((const u_char *, FILE *));
-void	 __fp_nquery __P((const u_char *, int, FILE *));
-char	*__hostalias __P((const char *));
-void	 __putlong __P((u_int32_t, u_char *));
-void	 __putshort __P((u_int16_t, u_char *));
-char	*__p_time __P((u_int32_t));
-void	 __p_query __P((const u_char *));
-const u_char *__p_cdnname __P((const u_char *, const u_char *, int, FILE *));
-const u_char *__p_cdname __P((const u_char *, const u_char *, FILE *));
-const u_char *__p_fqname __P((const u_char *, const u_char *, FILE *));
-const u_char *__p_rr __P((const u_char *, const u_char *, FILE *));
-const char *__p_type __P((int));
-const char *__p_class __P((int));
-const char *__p_option __P((u_long option));
-int	 dn_comp __P((const char *, u_char *, int, u_char **, u_char **));
-int	 dn_expand __P((const u_char *, const u_char *, const u_char *,
-			char *, int));
-int	 res_init __P((void));
-u_int16_t res_randomid __P((void));
-int	 res_query __P((const char *, int, int, u_char *, int));
-int	 res_search __P((const char *, int, int, u_char *, int));
-int	 res_querydomain __P((const char *, const char *, int, int,
-			      u_char *, int));
-int	 res_mkquery __P((int, const char *, int, int, const u_char *, int,
-			  const u_char *, u_char *, int));
-int	 res_send __P((const u_char *, int, u_char *, int));
-int	 res_isourserver __P((const struct sockaddr_in *));
-int	 res_nameinquery __P((const char *, int, int,
-			      const u_char *, const u_char *));
-int	 res_queriesmatch __P((const u_char *, const u_char *,
-			       const u_char *, const u_char *));
+int		res_hnok __P((const char *));
+int		res_ownok __P((const char *));
+int		res_mailok __P((const char *));
+int		res_dnok __P((const char *));
+int		sym_ston __P((const struct res_sym *, char *, int *));
+const char *	sym_ntos __P((const struct res_sym *, int, int *));
+const char *	sym_ntop __P((const struct res_sym *, int, int *));
+int		b64_ntop __P((u_char const *, size_t, char *, size_t));
+int		b64_pton __P((char const *, u_char *, size_t));
+int		loc_aton __P((const char *, u_char *));
+const char *	loc_ntoa __P((const u_char *, char *));
+int		dn_skipname __P((const u_char *, const u_char *));
+void		fp_resstat __P((struct __res_state *, FILE *));
+void		fp_query __P((const u_char *, FILE *));
+void		fp_nquery __P((const u_char *, int, FILE *));
+const char *	hostalias __P((const char *));
+void		putlong __P((u_int32_t, u_char *));
+void		putshort __P((u_int16_t, u_char *));
+const char *	p_class __P((int));
+const char *	p_time __P((u_int32_t));
+const char *	p_type __P((int));
+void		p_query __P((const u_char *));
+const u_char *	p_cdnname __P((const u_char *, const u_char *, int, FILE *));
+const u_char *	p_cdname __P((const u_char *, const u_char *, FILE *));
+const u_char *	p_fqnname __P((const u_char *cp, const u_char *msg,
+			       int, char *, int));
+const u_char *	p_fqname __P((const u_char *, const u_char *, FILE *));
+const u_char *	p_rr __P((const u_char *, const u_char *, FILE *));
+const char *	p_option __P((u_long option));
+char *		p_secstodate __P((u_long));
+int		dn_count_labels __P((char *));
+int		dn_comp __P((const char *, u_char *, int,
+			     u_char **, u_char **));
+int		dn_expand __P((const u_char *, const u_char *, const u_char *,
+			       char *, int));
+int		res_init __P((void));
+u_int		res_randomid __P((void));
+int		res_query __P((const char *, int, int, u_char *, int));
+int		res_search __P((const char *, int, int, u_char *, int));
+int		res_querydomain __P((const char *, const char *, int, int,
+				     u_char *, int));
+int		res_mkquery __P((int, const char *, int, int, const u_char *, int,
+				 const u_char *, u_char *, int));
+int		res_send __P((const u_char *, int, u_char *, int));
+int		res_isourserver __P((const struct sockaddr_in *));
+int		res_nameinquery __P((const char *, int, int,
+				     const u_char *, const u_char *));
+int		res_queriesmatch __P((const u_char *, const u_char *,
+				      const u_char *, const u_char *));
+void		res_close __P((void));
 __END_DECLS
 
 #endif /* !_RESOLV_H_ */